2024-08-25 14:01:24 +00:00
|
|
|
{{- if .Values.mcJob.enabled }}
|
|
|
|
|
apiVersion: batch/v1
|
|
|
|
|
kind: Job
|
|
|
|
|
metadata:
|
|
|
|
|
name: yonote-minio-mc-job
|
|
|
|
|
labels:
|
|
|
|
|
app: yonote-minio
|
|
|
|
|
spec:
|
|
|
|
|
template:
|
|
|
|
|
metadata:
|
|
|
|
|
labels:
|
|
|
|
|
app: yonote-minio
|
|
|
|
|
spec:
|
|
|
|
|
containers:
|
|
|
|
|
- name: mc-client
|
|
|
|
|
image: "docker.io/bitnami/minio-client:2024.8.13-debian-12-r0"
|
|
|
|
|
command: ["/bin/sh", "-c"]
|
|
|
|
|
args:
|
|
|
|
|
- |
|
|
|
|
|
until mc alias set myminio http://yonote-minio:9000 {{ .Values.minio.auth.rootUser }} {{ .Values.minio.auth.rootPassword }}; do
|
|
|
|
|
echo "Waiting for MinIO to be ready..."
|
|
|
|
|
sleep 5
|
|
|
|
|
done
|
2024-08-29 22:07:06 +00:00
|
|
|
echo "MinIO is ready and alias is set."
|
|
|
|
|
|
|
|
|
|
# Создание пользователя
|
|
|
|
|
if ! mc admin user add myminio {{ .Values.minio.customUser }} {{ .Values.minio.customAccessKey }}; then
|
|
|
|
|
echo "User {{ .Values.minio.customUser }} already exists or failed to create."
|
|
|
|
|
else
|
|
|
|
|
echo "User {{ .Values.minio.customUser }} created successfully."
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
# Назначение политики для нового пользователя
|
|
|
|
|
cat <<EOF > /tmp/minio-user-policy.json
|
|
|
|
|
{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Sid": "VisualEditor",
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Action": [
|
|
|
|
|
"s3:DeleteObject",
|
|
|
|
|
"s3:GetObject",
|
|
|
|
|
"s3:PutObject"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::yonote-bucket/*"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
|
|
|
|
echo "User policy JSON file created."
|
|
|
|
|
|
|
|
|
|
mc admin policy create myminio yonote-policy /tmp/minio-user-policy.json
|
|
|
|
|
echo "User policy created and applied."
|
|
|
|
|
|
|
|
|
|
# Создание бакета
|
2024-08-25 14:01:24 +00:00
|
|
|
if ! mc ls myminio/yonote-bucket; then
|
|
|
|
|
mc mb myminio/yonote-bucket
|
2024-08-29 22:07:06 +00:00
|
|
|
echo "Bucket yonote-bucket created successfully."
|
2024-08-25 14:01:24 +00:00
|
|
|
else
|
|
|
|
|
echo "Bucket yonote-bucket already exists."
|
|
|
|
|
fi
|
2024-08-29 22:07:06 +00:00
|
|
|
|
|
|
|
|
# Установка политик для бакета
|
|
|
|
|
cat <<EOF > /tmp/minio-bucket-policy.json
|
|
|
|
|
{
|
|
|
|
|
"Version": "2012-10-17",
|
|
|
|
|
"Statement": [
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Principal": {
|
|
|
|
|
"AWS": [
|
|
|
|
|
"*"
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
"Action": [
|
|
|
|
|
"s3:GetBucketLocation"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::yonote-bucket"
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
"Effect": "Allow",
|
|
|
|
|
"Principal": {
|
|
|
|
|
"AWS": [
|
|
|
|
|
"*"
|
|
|
|
|
]
|
|
|
|
|
},
|
|
|
|
|
"Action": [
|
|
|
|
|
"s3:GetObject"
|
|
|
|
|
],
|
|
|
|
|
"Resource": [
|
|
|
|
|
"arn:aws:s3:::yonote-bucket/*"
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
]
|
|
|
|
|
}
|
|
|
|
|
EOF
|
|
|
|
|
echo "Bucket policy JSON file created."
|
|
|
|
|
|
|
|
|
|
mc anonymous set-json /tmp/minio-bucket-policy.json myminio/yonote-bucket
|
|
|
|
|
echo "Bucket policy applied."
|
|
|
|
|
|
|
|
|
|
mc admin policy attach myminio yonote-policy --user={{ .Values.minio.customUser }}
|
|
|
|
|
echo "Policy attached to user {{ .Values.minio.customUser }}."
|
|
|
|
|
|
2024-08-25 14:01:24 +00:00
|
|
|
resources:
|
|
|
|
|
requests:
|
|
|
|
|
memory: "128Mi"
|
|
|
|
|
cpu: "100m"
|
|
|
|
|
limits:
|
|
|
|
|
memory: "256Mi"
|
|
|
|
|
cpu: "200m"
|
|
|
|
|
restartPolicy: OnFailure
|
|
|
|
|
backoffLimit: 5
|
2024-08-29 22:07:06 +00:00
|
|
|
ttlSecondsAfterFinished: 180
|
2024-08-25 14:01:24 +00:00
|
|
|
{{- end }}
|
