{{- if eq .Values.mode "standalone" }} {{ $scheme := "http" }} {{- if .Values.tls.enabled }} {{ $scheme = "https" }} {{ end }} {{ $bucketRoot := or ($.Values.bucketRoot) ($.Values.mountPath) }} apiVersion: {{ template "minio.deployment.apiVersion" . }} kind: Deployment metadata: name: {{ template "minio.fullname" . }} labels: app: {{ template "minio.name" . }} chart: {{ template "minio.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} {{- if .Values.additionalLabels }} {{ toYaml .Values.additionalLabels | trimSuffix "\n" | indent 4 }} {{- end }} {{- if .Values.additionalAnnotations }} annotations: {{ toYaml .Values.additionalAnnotations | trimSuffix "\n" | indent 4 }} {{- end }} spec: strategy: type: {{ .Values.DeploymentUpdate.type }} {{- if eq .Values.DeploymentUpdate.type "RollingUpdate" }} rollingUpdate: maxSurge: {{ .Values.DeploymentUpdate.maxSurge }} maxUnavailable: {{ .Values.DeploymentUpdate.maxUnavailable }} {{- end}} {{- if .Values.nasgateway.enabled }} replicas: {{ .Values.nasgateway.replicas }} {{- end }} {{- if .Values.s3gateway.enabled }} replicas: {{ .Values.s3gateway.replicas }} {{- end }} {{- if .Values.azuregateway.enabled }} replicas: {{ .Values.azuregateway.replicas }} {{- end }} {{- if .Values.gcsgateway.enabled }} replicas: {{ .Values.gcsgateway.replicas }} {{- end }} selector: matchLabels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} template: metadata: name: {{ template "minio.fullname" . }} labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} {{- if .Values.podLabels }} {{ toYaml .Values.podLabels | indent 8 }} {{- end }} annotations: checksum/secrets: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | trimSuffix "\n" | indent 8 }} {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} serviceAccountName: {{ include "minio.serviceAccountName" . | quote }} {{- if and .Values.securityContext.enabled .Values.persistence.enabled }} securityContext: runAsUser: {{ .Values.securityContext.runAsUser }} runAsGroup: {{ .Values.securityContext.runAsGroup }} fsGroup: {{ .Values.securityContext.fsGroup }} {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.s3gateway.enabled }} command: - "/bin/sh" - "-ce" - "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway s3 {{ .Values.s3gateway.serviceEndpoint }} {{- template "minio.extraArgs" . }}" {{- else }} {{- if .Values.azuregateway.enabled }} command: - "/bin/sh" - "-ce" - "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway azure {{- template "minio.extraArgs" . }}" {{- else }} {{- if .Values.gcsgateway.enabled }} command: - "/bin/sh" - "-ce" - "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway gcs {{ .Values.gcsgateway.projectId }} {{- template "minio.extraArgs" . }}" {{- else }} {{- if .Values.nasgateway.enabled }} command: - "/bin/sh" - "-ce" - "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} gateway nas {{ $bucketRoot }} {{- template "minio.extraArgs" . }}" {{- else }} command: - "/bin/sh" - "-ce" - "/usr/bin/docker-entrypoint.sh minio -S {{ .Values.certsPath }} server {{ $bucketRoot }} {{- template "minio.extraArgs" . }}" {{- end }} {{- end }} {{- end }} {{- end }} volumeMounts: {{- if and .Values.persistence.enabled (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) }} - name: export mountPath: {{ .Values.mountPath }} {{- if .Values.persistence.subPath }} subPath: "{{ .Values.persistence.subPath }}" {{- end }} {{- end }} {{- if or .Values.gcsgateway.enabled .Values.etcd.clientCert .Values.etcd.clientCertKey }} - name: minio-user mountPath: "/etc/credentials" readOnly: true {{- end }} {{- include "minio.tlsKeysVolumeMount" . | indent 12 }} ports: - name: {{ $scheme }} containerPort: 9000 {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: path: /minio/health/live port: {{ $scheme }} scheme: {{ $scheme | upper }} initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} {{- end }} {{- if .Values.readinessProbe.enabled }} readinessProbe: tcpSocket: port: {{ $scheme }} initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} {{- if .Values.startupProbe.enabled }} startupProbe: tcpSocket: port: {{ $scheme }} initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} periodSeconds: {{ .Values.startupProbe.periodSeconds }} timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} successThreshold: {{ .Values.startupProbe.successThreshold }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} {{- end }} env: - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: name: {{ template "minio.secretName" . }} key: accesskey - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: name: {{ template "minio.secretName" . }} key: secretkey {{- if and .Values.gcsgateway.enabled .Values.gcsgateway.gcsKeyJson }} - name: GOOGLE_APPLICATION_CREDENTIALS value: "/etc/credentials/gcs_key.json" {{- end }} {{- if .Values.etcd.endpoints }} - name: MINIO_ETCD_ENDPOINTS value: {{ join "," .Values.etcd.endpoints | quote }} {{- if .Values.etcd.clientCert }} - name: MINIO_ETCD_CLIENT_CERT value: "/etc/credentials/etcd_client_cert.pem" {{- end }} {{- if .Values.etcd.clientCertKey }} - name: MINIO_ETCD_CLIENT_CERT_KEY value: "/etc/credentials/etcd_client_cert_key.pem" {{- end }} {{- if .Values.etcd.pathPrefix }} - name: MINIO_ETCD_PATH_PREFIX value: {{ .Values.etcd.pathPrefix }} {{- end }} {{- if .Values.etcd.corednsPathPrefix }} - name: MINIO_ETCD_COREDNS_PATH value: {{ .Values.etcd.corednsPathPrefix }} {{- end }} {{- end }} {{- if .Values.s3gateway.enabled -}} {{- if or .Values.s3gateway.accessKey .Values.existingSecret }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ template "minio.secretName" . }} key: awsAccessKeyId {{- end }} {{- if or .Values.s3gateway.secretKey .Values.existingSecret }} - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ template "minio.secretName" . }} key: awsSecretAccessKey {{- end }} {{- end }} {{- range $key, $val := .Values.environment }} - name: {{ $key }} value: {{ $val | quote }} {{- end}} resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- include "minio.imagePullSecrets" . | indent 6 }} {{- with .Values.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} volumes: {{- if and (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) }} - name: export {{- if .Values.persistence.enabled }} persistentVolumeClaim: claimName: {{ .Values.persistence.existingClaim | default (include "minio.fullname" .) }} {{- else }} emptyDir: {} {{- end }} {{- end }} - name: minio-user secret: secretName: {{ template "minio.secretName" . }} {{- include "minio.tlsKeysVolume" . | indent 8 }} {{- end }}