bea/infra-prod
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add minio operator

Browse Source
This commit is contained in:
Beatrice Dellacà
2025-04-06 19:56:09 +02:00
parent e20674bd1d
commit 38e230a9a5
11 changed files with 6209 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
deploy/minio-operator/base/cluster-role-binding.yaml Normal file
View File

@@ -0,0 +1,12 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: minio-operator-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: minio-operator-role
subjects:
- kind: ServiceAccount
name: minio-operator
namespace: default

178
deploy/minio-operator/base/cluster-role.yaml Normal file
View File

@@ -0,0 +1,178 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: minio-operator-role
rules:
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
verbs:
- get
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- update
- list
- apiGroups:
- ""
resources:
- namespaces
- nodes
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- pods
- services
- events
- configmaps
verbs:
- get
- watch
- create
- list
- delete
- deletecollection
- update
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- create
- update
- list
- delete
- deletecollection
- apiGroups:
- ""
resources:
- serviceaccounts
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- rbac.authorization.k8s.io
resources:
- roles
- rolebindings
verbs:
- create
- delete
- get
- list
- patch
- update
- watch
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- deployments/finalizers
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- "certificates.k8s.io"
resources:
- "certificatesigningrequests"
- "certificatesigningrequests/approval"
- "certificatesigningrequests/status"
verbs:
- update
- create
- get
- delete
- list
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/legacy-unknown
- kubernetes.io/kube-apiserver-client
- kubernetes.io/kubelet-serving
- beta.eks.amazonaws.com/app-serving
resources:
- signers
verbs:
- approve
- sign
- apiGroups:
- authentication.k8s.io
resources:
- tokenreviews
verbs:
- create
- apiGroups:
- minio.min.io
- sts.min.io
- job.min.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- min.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- monitoring.coreos.com
resources:
- prometheuses
verbs:
- '*'
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- update
- create
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- create
- delete
- get
- list
- patch
- update
- deletecollection

5
deploy/minio-operator/base/crds/kustomization.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- minio.min.io_tenants.yaml
- sts.min.io_policybindings.yaml

5749
deploy/minio-operator/base/crds/minio.min.io_tenants.yaml Normal file
View File

File diff suppressed because it is too large Load Diff

133
deploy/minio-operator/base/crds/sts.min.io_policybindings.yaml Normal file
View File

@@ -0,0 +1,133 @@
---
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
controller-gen.kubebuilder.io/version: v0.17.2
operator.min.io/version: v7.0.1
name: policybindings.sts.min.io
spec:
group: sts.min.io
names:
kind: PolicyBinding
listKind: PolicyBindingList
plural: policybindings
shortNames:
- policybinding
singular: policybinding
scope: Namespaced
versions:
- additionalPrinterColumns:
- jsonPath: .status.currentState
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1alpha1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
application:
properties:
namespace:
type: string
serviceaccount:
type: string
required:
- namespace
- serviceaccount
type: object
policies:
items:
type: string
type: array
required:
- application
- policies
type: object
status:
properties:
currentState:
type: string
usage:
nullable: true
properties:
authotizations:
format: int64
type: integer
type: object
required:
- currentState
- usage
type: object
type: object
served: true
storage: false
subresources:
status: {}
- additionalPrinterColumns:
- jsonPath: .status.currentState
name: State
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
name: v1beta1
schema:
openAPIV3Schema:
properties:
apiVersion:
type: string
kind:
type: string
metadata:
type: object
spec:
properties:
application:
properties:
namespace:
type: string
serviceaccount:
type: string
required:
- namespace
- serviceaccount
type: object
policies:
items:
type: string
type: array
required:
- application
- policies
type: object
status:
properties:
currentState:
type: string
usage:
nullable: true
properties:
authotizations:
format: int64
type: integer
type: object
required:
- currentState
- usage
type: object
type: object
served: true
storage: true
subresources:
status: {}

59
deploy/minio-operator/base/deployment.yaml Normal file
View File

@@ -0,0 +1,59 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio-operator
namespace: minio-operator
labels:
app.kubernetes.io/instance: minio-operator
app.kubernetes.io/name: operator
spec:
replicas: 2
selector:
matchLabels:
name: minio-operator
strategy:
type: Recreate
template:
metadata:
labels:
name: minio-operator
app.kubernetes.io/instance: minio-operator
app.kubernetes.io/name: operator
spec:
serviceAccountName: minio-operator
containers:
- name: minio-operator
image: minio/operator:v7.0.1
imagePullPolicy: IfNotPresent
args:
- controller
resources:
requests:
cpu: 200m
memory: 256Mi
ephemeral-storage: 500Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
env:
- name: MINIO_CONSOLE_TLS_ENABLE
value: "off"
- name: OPERATOR_STS_ENABLED
value: "on"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- minio-operator
topologyKey: kubernetes.io/hostname

6
deploy/minio-operator/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,6 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds/

11
deploy/minio-operator/base/namespace.yaml Normal file
View File

@@ -0,0 +1,11 @@
apiVersion: v1
kind: Namespace
metadata:
name: minio-operator
labels:
pod-security.kubernetes.io/enforce: restricted
pod-security.kubernetes.io/enforce-version: latest
pod-security.kubernetes.io/audit: restricted
pod-security.kubernetes.io/audit-version: latest
pod-security.kubernetes.io/warn: restricted
pod-security.kubernetes.io/warn-version: latest

5
deploy/minio-operator/base/service-account.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: minio-operator
namespace: default

33
deploy/minio-operator/base/service.yaml Normal file
View File

@@ -0,0 +1,33 @@
apiVersion: v1
kind: Service
metadata:
name: operator # Please do not change this value
labels:
name: minio-operator
app.kubernetes.io/instance: minio-operator
app.kubernetes.io/name: operator
namespace: minio-operator
spec:
type: ClusterIP
ports:
- port: 4221
name: http
selector:
name: minio-operator
operator: leader
---
apiVersion: v1
kind: Service
metadata:
name: sts # Please do not change this value
labels:
name: minio-operator
namespace: minio-operator
spec:
type: ClusterIP
ports:
- port: 4223
targetPort: 4223
name: https
selector:
name: minio-operator

18
deploy/minio-operator/kustomization.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: minio-operator
commonAnnotations:
operator.min.io/authors: "MinIO, Inc."
operator.min.io/license: "AGPLv3"
operator.min.io/support: "https://subnet.min.io"
operator.min.io/version: v7.0.1
commonLabels:
app.kubernetes.io/name: operator
resources:
- base/namespace.yaml
- base/service-account.yaml
- base/cluster-role.yaml
- base/cluster-role-binding.yaml
- base/crds/
- base/service.yaml
- base/deployment.yaml