{{- if eq .Values.mode "standalone" }} {{ $scheme := .Values.tls.enabled | ternary "https" "http" }} {{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} apiVersion: {{ template "minio.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ template "minio.fullname" . }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.additionalLabels }} {{- toYaml .Values.additionalLabels | nindent 4 }} {{- end }} {{- if .Values.additionalAnnotations }} annotations: {{- toYaml .Values.additionalAnnotations | nindent 4 }} {{- end }} spec: strategy: type: {{ .Values.deploymentUpdate.type }} {{- if eq .Values.deploymentUpdate.type "RollingUpdate" }} rollingUpdate: maxSurge: {{ .Values.deploymentUpdate.maxSurge }} maxUnavailable: {{ .Values.deploymentUpdate.maxUnavailable }} {{- end }} replicas: 1 selector: matchLabels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} template: metadata: name: {{ template "minio.fullname" . }} labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} {{- if .Values.podLabels }} {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} annotations: {{- if not .Values.ignoreChartChecksums }} checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- end }} {{- if .Values.podAnnotations }} {{- toYaml .Values.podAnnotations | trimSuffix "\n" | nindent 8 }} {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} {{- if .Values.runtimeClassName }} runtimeClassName: "{{ .Values.runtimeClassName }}" {{- end }} {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: {{ omit .Values.securityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{ if .Values.serviceAccount.create }} serviceAccountName: {{ .Values.serviceAccount.name }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} command: - "/bin/sh" - "-ce" - "/usr/bin/docker-entrypoint.sh minio server {{ $bucketRoot }} -S {{ .Values.certsPath }} --address :{{ .Values.minioAPIPort }} --console-address :{{ .Values.minioConsolePort }} {{- template "minio.extraArgs" . }}" volumeMounts: - name: minio-user mountPath: "/tmp/credentials" readOnly: true - name: export mountPath: {{ .Values.mountPath }} {{- if and .Values.persistence.enabled .Values.persistence.subPath }} subPath: "{{ .Values.persistence.subPath }}" {{- end }} {{- if .Values.extraSecret }} - name: extra-secret mountPath: "/tmp/minio-config-env" {{- end }} {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} ports: - name: {{ $scheme }} containerPort: {{ .Values.minioAPIPort }} - name: {{ $scheme }}-console containerPort: {{ .Values.minioConsolePort }} env: - name: MINIO_ROOT_USER valueFrom: secretKeyRef: name: {{ template "minio.secretName" . }} key: rootUser - name: MINIO_ROOT_PASSWORD valueFrom: secretKeyRef: name: {{ template "minio.secretName" . }} key: rootPassword {{- if .Values.extraSecret }} - name: MINIO_CONFIG_ENV_FILE value: "/tmp/minio-config-env/config.env" {{- end }} {{- if .Values.metrics.serviceMonitor.public }} - name: MINIO_PROMETHEUS_AUTH_TYPE value: "public" {{- end }} {{- if .Values.oidc.enabled }} - name: MINIO_IDENTITY_OPENID_CONFIG_URL value: {{ .Values.oidc.configUrl }} - name: MINIO_IDENTITY_OPENID_CLIENT_ID {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientIdKey }} valueFrom: secretKeyRef: name: {{ .Values.oidc.existingClientSecretName }} key: {{ .Values.oidc.existingClientIdKey }} {{- else }} value: {{ .Values.oidc.clientId }} {{- end }} - name: MINIO_IDENTITY_OPENID_CLIENT_SECRET {{- if and .Values.oidc.existingClientSecretName .Values.oidc.existingClientSecretKey }} valueFrom: secretKeyRef: name: {{ .Values.oidc.existingClientSecretName }} key: {{ .Values.oidc.existingClientSecretKey }} {{- else }} value: {{ .Values.oidc.clientSecret }} {{- end }} - name: MINIO_IDENTITY_OPENID_CLAIM_NAME value: {{ .Values.oidc.claimName }} - name: MINIO_IDENTITY_OPENID_CLAIM_PREFIX value: {{ .Values.oidc.claimPrefix }} - name: MINIO_IDENTITY_OPENID_SCOPES value: {{ .Values.oidc.scopes }} - name: MINIO_IDENTITY_OPENID_COMMENT value: {{ .Values.oidc.comment }} - name: MINIO_IDENTITY_OPENID_REDIRECT_URI value: {{ .Values.oidc.redirectUri }} - name: MINIO_IDENTITY_OPENID_DISPLAY_NAME value: {{ .Values.oidc.displayName }} {{- end }} {{- if .Values.etcd.endpoints }} - name: MINIO_ETCD_ENDPOINTS value: {{ join "," .Values.etcd.endpoints | quote }} {{- if .Values.etcd.clientCert }} - name: MINIO_ETCD_CLIENT_CERT value: "/tmp/credentials/etcd_client_cert.pem" {{- end }} {{- if .Values.etcd.clientCertKey }} - name: MINIO_ETCD_CLIENT_CERT_KEY value: "/tmp/credentials/etcd_client_cert_key.pem" {{- end }} {{- if .Values.etcd.pathPrefix }} - name: MINIO_ETCD_PATH_PREFIX value: {{ .Values.etcd.pathPrefix }} {{- end }} {{- if .Values.etcd.corednsPathPrefix }} - name: MINIO_ETCD_COREDNS_PATH value: {{ .Values.etcd.corednsPathPrefix }} {{- end }} {{- end }} {{- range $key, $val := .Values.environment }} - name: {{ $key }} value: {{ tpl $val $ | quote }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} {{- with .Values.containerSecurityContext }} securityContext: {{ toYaml . | nindent 12}} {{- end }} {{- end }} {{- with .Values.extraContainers }} {{- if eq (typeOf .) "string" }} {{- tpl . $ | nindent 8 }} {{- else }} {{- toYaml . | nindent 8 }} {{- end }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- include "minio.imagePullSecrets" . | indent 6 }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} volumes: - name: export {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} {{- else }} emptyDir: {} {{- end }} {{- if .Values.extraSecret }} - name: extra-secret secret: secretName: {{ .Values.extraSecret }} {{- end }} - name: minio-user secret: secretName: {{ template "minio.secretName" . }} {{- include "minio.tlsKeysVolume" . | indent 8 }} {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | nindent 8 }} {{- end }} {{- end }}