chore(deps): update helm release minio to v5.4.0 (main) #15946
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
![renovate-approve[bot]](https://avatars.githubusercontent.com/in/7394?s=60&v=4){kind=small}
Helm Diff Output - SummarySingle Binary Scenariodefault, loki-release-minio, ConfigMap (v1) has changed:
# Source: loki/charts/minio/templates/configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: loki-release-minio
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
data:
initialize: |-
#!/bin/sh
set -e # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0
LIMIT=29 # Allow 30 attempts
set -e # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser)
SECRET=$(cat /config/rootPassword)
set +e # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT"
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET"
$MC_COMMAND
STATUS=$?
until [ $STATUS = 0 ]; do
ATTEMPTS=$(expr $ATTEMPTS + 1)
echo \"Failed attempts: $ATTEMPTS\"
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1
fi
sleep 2 # 1 second intervals between attempts
$MC_COMMAND
STATUS=$?
done
set -e # reset `e` as active
return 0
}
# checkBucketExists ($bucket)
# Check if the bucket exists, by using the exit code of `mc ls`
checkBucketExists() {
BUCKET=$1
CMD=$(${MC} stat myminio/$BUCKET >/dev/null 2>&1)
return $?
}
# createBucket ($bucket, $policy, $purge)
# Ensure bucket exists, purging if asked to
createBucket() {
BUCKET=$1
POLICY=$2
PURGE=$3
VERSIONING=$4
OBJECTLOCKING=$5
# Purge the bucket, if set & exists
# Since PURGE is user input, check explicitly for `true`
if [ $PURGE = true ]; then
if checkBucketExists $BUCKET; then
echo "Purging bucket '$BUCKET'."
set +e # don't exit if this fails
${MC} rm -r --force myminio/$BUCKET
set -e # reset `e` as active
else
echo "Bucket '$BUCKET' does not exist, skipping purge."
fi
fi
# Create the bucket if it does not exist and set objectlocking if enabled (NOTE: versioning will be not changed if OBJECTLOCKING is set because it enables versioning to the Buckets created)
if ! checkBucketExists $BUCKET; then
if [ ! -z $OBJECTLOCKING ]; then
if [ $OBJECTLOCKING = true ]; then
echo "Creating bucket with OBJECTLOCKING '$BUCKET'"
${MC} mb --with-lock myminio/$BUCKET
elif [ $OBJECTLOCKING = false ]; then
echo "Creating bucket '$BUCKET'"
${MC} mb myminio/$BUCKET
fi
elif [ -z $OBJECTLOCKING ]; then
echo "Creating bucket '$BUCKET'"
${MC} mb myminio/$BUCKET
else
echo "Bucket '$BUCKET' already exists."
fi
fi
# set versioning for bucket if objectlocking is disabled or not set
if [ $OBJECTLOCKING = false ]; then
if [ ! -z $VERSIONING ]; then
if [ $VERSIONING = true ]; then
echo "Enabling versioning for '$BUCKET'"
${MC} version enable myminio/$BUCKET
elif [ $VERSIONING = false ]; then
echo "Suspending versioning for '$BUCKET'"
${MC} version suspend myminio/$BUCKET
fi
fi
else
echo "Bucket '$BUCKET' versioning unchanged."
fi
# At this point, the bucket should exist, skip checking for existence
# Set policy on the bucket
echo "Setting policy of bucket '$BUCKET' to '$POLICY'."
${MC} anonymous set $POLICY myminio/$BUCKET
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
# Create the buckets
createBucket chunks "none" false false false
createBucket ruler "none" false false false
createBucket admin "none" false false false
add-user: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters.
# Special characters for example : ',",<,>,{,}
MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_tmp"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkUserExists ()
# Check if the user exists, by using the exit code of `mc admin user info`
checkUserExists() {
CMD=$(${MC} admin user info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1)
return $?
}
# createUser ($policy)
createUser() {
POLICY=$1
#check accessKey_and_secretKey_tmp file
if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then
echo "credentials file does not exist"
return 1
fi
if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then
echo "credentials file is invalid"
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
return 1
fi
USER=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP)
# Create the user if it does not exist
if ! checkUserExists ; then
echo "Creating user '$USER'"
cat $MINIO_ACCESSKEY_SECRETKEY_TMP | ${MC} admin user add myminio
else
echo "User '$USER' already exists."
fi
#clean up credentials files.
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
# set policy for user
if [ ! -z $POLICY -a $POLICY != " " ] ; then
echo "Adding policy '$POLICY' for '$USER'"
set +e ; # policy already attach errors out, allow it.
${MC} admin policy attach myminio $POLICY --user=$USER
set -e
else
echo "User '$USER' has no policy attached."
fi
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
# Create the users
echo logs-user > $MINIO_ACCESSKEY_SECRETKEY_TMP
echo supersecretpassword >> $MINIO_ACCESSKEY_SECRETKEY_TMP
createUser readwrite
add-policy: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkPolicyExists ($policy)
# Check if the policy exists, by using the exit code of `mc admin policy info`
checkPolicyExists() {
POLICY=$1
CMD=$(${MC} admin policy info myminio $POLICY > /dev/null 2>&1)
return $?
}
# createPolicy($name, $filename)
createPolicy () {
NAME=$1
FILENAME=$2
# Create the name if it does not exist
echo "Checking policy: $NAME (in /config/$FILENAME.json)"
if ! checkPolicyExists $NAME ; then
echo "Creating policy '$NAME'"
else
echo "Policy '$NAME' already exists."
fi
${MC} admin policy create myminio $NAME /config/$FILENAME.json
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
add-svcacct: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# AccessKey and secretkey credentials file are added to prevent shell execution errors caused by special characters.
# Special characters for example : ',",<,>,{,}
MINIO_ACCESSKEY_SECRETKEY_TMP="/tmp/accessKey_and_secretKey_svcacct_tmp"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 2 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# checkSvcacctExists ()
# Check if the svcacct exists, by using the exit code of `mc admin user svcacct info`
checkSvcacctExists() {
CMD=$(${MC} admin user svcacct info myminio $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) > /dev/null 2>&1)
return $?
}
# createSvcacct ($user)
createSvcacct () {
USER=$1
FILENAME=$2
#check accessKey_and_secretKey_tmp file
if [[ ! -f $MINIO_ACCESSKEY_SECRETKEY_TMP ]];then
echo "credentials file does not exist"
return 1
fi
if [[ $(cat $MINIO_ACCESSKEY_SECRETKEY_TMP|wc -l) -ne 2 ]];then
echo "credentials file is invalid"
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
return 1
fi
SVCACCT=$(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP)
# Create the svcacct if it does not exist
if ! checkSvcacctExists ; then
echo "Creating svcacct '$SVCACCT'"
# Check if policy file is define
if [ -z $FILENAME ]; then
${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) myminio $USER
else
${MC} admin user svcacct add --access-key $(head -1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --secret-key $(tail -n1 $MINIO_ACCESSKEY_SECRETKEY_TMP) --policy /config/$FILENAME.json myminio $USER
fi
else
echo "Svcacct '$SVCACCT' already exists."
fi
#clean up credentials files.
rm -f $MINIO_ACCESSKEY_SECRETKEY_TMP
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
custom-command: |-
#!/bin/sh
set -e ; # Have script exit in the event of a failed command.
MC_CONFIG_DIR="/etc/minio/mc/"
MC="/usr/bin/mc --insecure --config-dir ${MC_CONFIG_DIR}"
# connectToMinio
# Use a check-sleep-check loop to wait for MinIO service to be available
connectToMinio() {
SCHEME=$1
ATTEMPTS=0 ; LIMIT=29 ; # Allow 30 attempts
set -e ; # fail if we can't read the keys.
ACCESS=$(cat /config/rootUser) ; SECRET=$(cat /config/rootPassword) ;
set +e ; # The connections to minio are allowed to fail.
echo "Connecting to MinIO server: $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT" ;
MC_COMMAND="${MC} alias set myminio $SCHEME://$MINIO_ENDPOINT:$MINIO_PORT $ACCESS $SECRET" ;
$MC_COMMAND ;
STATUS=$? ;
until [ $STATUS = 0 ]
do
ATTEMPTS=`expr $ATTEMPTS + 1` ;
echo \"Failed attempts: $ATTEMPTS\" ;
if [ $ATTEMPTS -gt $LIMIT ]; then
exit 1 ;
fi ;
sleep 2 ; # 1 second intervals between attempts
$MC_COMMAND ;
STATUS=$? ;
done ;
set -e ; # reset `e` as active
return 0
}
# runCommand ($@)
# Run custom mc command
runCommand() {
${MC} "$@"
return $?
}
# Try connecting to MinIO instance
scheme=http
connectToMinio $scheme
default, loki-release-minio, Secret (v1) has changed:
# Source: loki/charts/minio/templates/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
heritage: Helm
release: loki-release
name: loki-release-minio
data:
rootPassword: 'REDACTED # (19 bytes)'
rootUser: 'REDACTED # (9 bytes)'
type: Opaque
default, loki-release-minio, Service (v1) has changed:
# Source: loki/charts/minio/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-release-minio
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
monitoring: "true"
spec:
type: ClusterIP
ports:
- name: http
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: minio
release: loki-release
default, loki-release-minio, StatefulSet (apps) has changed:
# Source: loki/charts/minio/templates/statefulset.yaml
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: loki-release-minio
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
spec:
updateStrategy:
type: RollingUpdate
podManagementPolicy: "Parallel"
serviceName: loki-release-minio-svc
replicas: 1
selector:
matchLabels:
app: minio
release: loki-release
template:
metadata:
name: loki-release-minio
labels:
app: minio
release: loki-release
annotations:
- checksum/secrets: 16571eb39ff756fb0bff3f375543d10d85c265fa64d5607ab3f4ce5ff711ecb9
- checksum/config: 04fbedc80c3e09ca79e0fd27207574c80fda612b301de3c4f6a52997205fb398
+ checksum/secrets: 83e00c080f13dd0c967e16625b3c5ce88fe138fb6e903ac49c54cd16f5f5b659
+ checksum/config: 9e7d1b7d05afafdf1f4dd11b625c985b7bbaceea2255647f6c3c2dde5e257978
spec:
securityContext:
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1000
runAsUser: 1000
serviceAccountName: minio-sa
containers:
- name: minio
- image: quay.io/minio/minio:RELEASE.2024-04-18T19-09-19Z
+ image: quay.io/minio/minio:RELEASE.2024-12-18T13-15-44Z
imagePullPolicy: IfNotPresent
command: [
"/bin/sh",
"-ce",
"/usr/bin/docker-entrypoint.sh minio server http://loki-release-minio-{0...0}.loki-release-minio-svc.default.svc/export-{0...1} -S /etc/minio/certs/ --address :9000 --console-address :9001"
]
volumeMounts:
- name: export-0
mountPath: /export-0
- name: export-1
mountPath: /export-1
ports:
- name: http
containerPort: 9000
- name: http-console
containerPort: 9001
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: loki-release-minio
key: rootUser
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: loki-release-minio
key: rootPassword
- name: MINIO_PROMETHEUS_AUTH_TYPE
value: "public"
resources:
requests:
cpu: 100m
memory: 128Mi
securityContext:
readOnlyRootFilesystem: false
volumes:
- name: minio-user
secret:
secretName: loki-release-minio
volumeClaimTemplates:
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: export-0
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi
- apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: export-1
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 5Gi
default, loki-release-minio-console, Service (v1) has changed:
# Source: loki/charts/minio/templates/console-service.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-release-minio-console
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
spec:
type: ClusterIP
ports:
- name: http
port: 9001
protocol: TCP
targetPort: 9001
selector:
app: minio
release: loki-release
default, loki-release-minio-post-job, Job (batch) has changed:
# Source: loki/charts/minio/templates/post-job.yaml
apiVersion: batch/v1
kind: Job
metadata:
name: loki-release-minio-post-job
labels:
app: minio-post-job
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
annotations:
"helm.sh/hook": post-install,post-upgrade
"helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
spec:
template:
metadata:
labels:
app: minio-job
release: loki-release
spec:
restartPolicy: OnFailure
volumes:
- name: etc-path
emptyDir: {}
- name: tmp
emptyDir: {}
- name: minio-configuration
projected:
sources:
- configMap:
name: loki-release-minio
- secret:
name: loki-release-minio
serviceAccountName: minio-sa
containers:
- name: minio-make-bucket
- image: "quay.io/minio/mc:RELEASE.2024-04-18T16-45-29Z"
+ image: "quay.io/minio/mc:RELEASE.2024-11-21T17-21-54Z"
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "/config/initialize" ]
env:
- name: MINIO_ENDPOINT
value: loki-release-minio
- name: MINIO_PORT
value: "9000"
volumeMounts:
- name: etc-path
mountPath: /etc/minio/mc
- name: tmp
mountPath: /tmp
- name: minio-configuration
mountPath: /config
resources:
requests:
memory: 128Mi
- name: minio-make-user
- image: "quay.io/minio/mc:RELEASE.2024-04-18T16-45-29Z"
+ image: "quay.io/minio/mc:RELEASE.2024-11-21T17-21-54Z"
imagePullPolicy: IfNotPresent
command: [ "/bin/sh", "/config/add-user" ]
env:
- name: MINIO_ENDPOINT
value: loki-release-minio
- name: MINIO_PORT
value: "9000"
volumeMounts:
- name: etc-path
mountPath: /etc/minio/mc
- name: tmp
mountPath: /tmp
- name: minio-configuration
mountPath: /config
resources:
requests:
memory: 128Mi
default, loki-release-minio-svc, Service (v1) has changed:
# Source: loki/charts/minio/templates/statefulset.yaml
apiVersion: v1
kind: Service
metadata:
name: loki-release-minio-svc
labels:
app: minio
- chart: minio-5.3.0
+ chart: minio-5.4.0
release: loki-release
heritage: Helm
spec:
publishNotReadyAddresses: true
clusterIP: None
ports:
- name: http
port: 9000
protocol: TCP
targetPort: 9000
selector:
app: minio
release: loki-releaseDefault Values ScenarioIngress Values ScenarioLegacy Monitoring ScenarioSimple Scalable AWS Kube IRSA Scenario |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
5.3.0->5.4.0Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.