From 8fdc1a5c45974f0b0ca7b60b6318e963aadf71a5 Mon Sep 17 00:00:00 2001 From: Fergus MacConnell Date: Thu, 14 Nov 2024 14:37:35 -0800 Subject: [PATCH] chore(ci): Update minio deployment. (#174) --- .github/workflows/.deploy.yml | 4 +- common/openshift.init.yml | 2 +- minio/Dockerfile | 11 +++ minio/minio-entrypoint.sh | 2 +- minio/openshift.deploy.old.yml | 139 +++++++++++++++++++++++++++++++++ minio/openshift.deploy.yml | 139 +++++++++++++++------------------ 6 files changed, 217 insertions(+), 80 deletions(-) create mode 100644 minio/openshift.deploy.old.yml diff --git a/.github/workflows/.deploy.yml b/.github/workflows/.deploy.yml index 5be73bd47..2e94cb015 100644 --- a/.github/workflows/.deploy.yml +++ b/.github/workflows/.deploy.yml @@ -70,8 +70,8 @@ jobs: parameters: -p NAME_SUFFIX=${{ inputs.target }} -p IMAGE_TAG=${{ inputs.tag }} - ${{ inputs.environment && '' || '-p MINIO_DATA_DIR=/tmp/data' }} - ${{ inputs.environment && '' || '-p DEST_PVC_SIZE=1Mi' }} + # ${{ inputs.environment && '' || '-p MINIO_DATA_DIR=/tmp/data' }} + # ${{ inputs.environment && '' || '-p DEST_PVC_SIZE=1Mi' }} database: name: Database diff --git a/common/openshift.init.yml b/common/openshift.init.yml index a414669a0..96b0e39ca 100644 --- a/common/openshift.init.yml +++ b/common/openshift.init.yml @@ -74,7 +74,7 @@ objects: - apiVersion: v1 kind: Secret metadata: - name: gwells-${NAME_SUFFIX}-minio + name: gwells-minio-${NAME_SUFFIX} labels: app: nr-gwells-${NAME_SUFFIX} creationTimestamp: diff --git a/minio/Dockerfile b/minio/Dockerfile index 3ff792f48..37dccb12e 100644 --- a/minio/Dockerfile +++ b/minio/Dockerfile @@ -1,4 +1,15 @@ FROM minio/minio:RELEASE.2020-11-25T22-36-25Z COPY ./minio-entrypoint.sh / + +RUN ["chmod", "+x", "/minio-entrypoint.sh"] + +USER 1001 + ENTRYPOINT ["/minio-entrypoint.sh"] + +# RUN mkdir -p $MINIO_DATA_DIR/aquifer-docs +# RUN mkdir -p $MINIO_DATA_DIR/driller-docs +# RUN mkdir -p $MINIO_DATA_DIR/gwells +# RUN mkdir -p $MINIO_DATA_DIR/well-docs +# RUN mkdir -p $MINIO_DATA_DIR/gwells-docs \ No newline at end of file diff --git a/minio/minio-entrypoint.sh b/minio/minio-entrypoint.sh index 7849f3588..aba70e09e 100755 --- a/minio/minio-entrypoint.sh +++ b/minio/minio-entrypoint.sh @@ -17,4 +17,4 @@ mkdir -p $MINIO_DATA_DIR/gwells mkdir -p $MINIO_DATA_DIR/well-docs mkdir -p $MINIO_DATA_DIR/gwells-docs -/usr/bin/docker-entrypoint.sh server $MINIO_DATA_DIR +/usr/bin/docker-entrypoint.sh $@ diff --git a/minio/openshift.deploy.old.yml b/minio/openshift.deploy.old.yml new file mode 100644 index 000000000..f2807f266 --- /dev/null +++ b/minio/openshift.deploy.old.yml @@ -0,0 +1,139 @@ +kind: Template +apiVersion: template.openshift.io/v1 +metadata: + annotations: + description: "Minio deployment" + labels: + app: "${NAME}" + template: "${NAME}-template" + name: "${NAME}" +parameters: + - name: "NAME" + displayName: "App to deploy" + value: "minio" + - name: "SRC_NAMESPACE" + displayName: "Namespace containing the deployment source" + value: "moe-gwells-tools" + - name: "SRC_IMAGE" + displayName: "Name of source image" + value: "minio" + - name: "DEST_PVC_SIZE" + displayName: "PVC size" + value: "1Gi" + - name: "DEST_PVC_ACCESS" + displayName: "PVC access mode" + value: "ReadWriteOnce" + - name: "IMAGE_TAG" + required: true + - name: "MINIO_DATA_DIR" + default: /opt/minio/s3/data + - name: "NAME_SUFFIX" + required: false +objects: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + finalizers: + - kubernetes.io/pvc-protection + name: "gwells-${NAME_SUFFIX}-minio-config-vol-v2" + labels: + app: nr-gwells-${NAME_SUFFIX} + spec: + accessModes: + - ${DEST_PVC_ACCESS} + resources: + requests: + storage: ${DEST_PVC_SIZE} + storageClassName: netapp-file-standard + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + finalizers: + - kubernetes.io/pvc-protection + name: "gwells-${NAME_SUFFIX}-minio-data-vol" + labels: + app: nr-gwells-${NAME_SUFFIX} + spec: + accessModes: + - ${DEST_PVC_ACCESS} + resources: + requests: + storage: ${DEST_PVC_SIZE} + storageClassName: netapp-file-standard + - apiVersion: apps/v1 + kind: Deployment + metadata: + labels: + app: nr-gwells-${NAME_SUFFIX} + name: "gwells-${NAME_SUFFIX}-minio" + spec: + replicas: 1 + selector: + matchLabels: + deployment: "gwells-${NAME_SUFFIX}-minio" + strategy: + activeDeadlineSeconds: 3000 + recreateParams: + timeoutSeconds: 600 + type: Recreate + template: + metadata: + labels: + name: "gwells-${NAME_SUFFIX}-minio" + deployment: "gwells-${NAME_SUFFIX}-minio" + spec: + containers: + - env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: gwells-${NAME_SUFFIX}-minio + key: MINIO_ACCESS_KEY + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: gwells-${NAME_SUFFIX}-minio + key: MINIO_SECRET_KEY + - name: MINIO_DATA_DIR + value: /opt/minio/s3/data + - name: MINIO_CONFIG_DIR + value: /opt/minio/s3/config + image: ghcr.io/bcgov/nr-gwells/minio:${IMAGE_TAG} + imagePullPolicy: Always + name: "gwells-${NAME_SUFFIX}-minio" + ports: + - containerPort: 9000 + protocol: TCP + resources: + limits: + cpu: 150m + requests: + cpu: 100m + terminationMessagePath: /dev/termination-log + terminationMessagePolicy: File + volumeMounts: + - mountPath: /opt/minio/s3/config + name: config-vol + - mountPath: /opt/minio/s3/data + name: data-vol + restartPolicy: Always + terminationGracePeriodSeconds: 30 + volumes: + - name: config-vol + persistentVolumeClaim: + claimName: "gwells-${NAME_SUFFIX}-minio-config-vol-v2" + - name: data-vol + persistentVolumeClaim: + claimName: "gwells-${NAME_SUFFIX}-minio-data-vol" + - kind: Service + apiVersion: v1 + metadata: + labels: + app: nr-gwells-${NAME_SUFFIX} + name: "gwells-${NAME_SUFFIX}-minio" + spec: + ports: + - name: 9000-tcp + port: 9000 + protocol: TCP + targetPort: 9000 diff --git a/minio/openshift.deploy.yml b/minio/openshift.deploy.yml index 426f199a7..6451e1205 100644 --- a/minio/openshift.deploy.yml +++ b/minio/openshift.deploy.yml @@ -1,76 +1,64 @@ -kind: Template apiVersion: template.openshift.io/v1 +kind: Template metadata: annotations: description: "Minio deployment" labels: - app: "${NAME}" - template: "${NAME}-template" - name: "${NAME}" + app: "gwells-${NAME_SUFFIX}" + template: "gwells-minio-template-${NAME_SUFFIX}" + name: "gwells-minio-${NAME_SUFFIX}" parameters: - - name: "NAME" - displayName: "App to deploy" - value: "minio" + - name: "NAME_SUFFIX" + required: true - name: "SRC_NAMESPACE" displayName: "Namespace containing the deployment source" - value: "moe-gwells-tools" + value: "26e83e-tools" - name: "SRC_IMAGE" displayName: "Name of source image" - value: "minio" + value: "gwells-minio" + - name: "SRC_TAG" + displayName: "Tag of source image" + value: "latest" - name: "DEST_PVC_SIZE" displayName: "PVC size" value: "1Gi" + - name: "DEST_PVC_CLASS" + displayName: "PVC class" + value: "netapp-file-standard" - name: "DEST_PVC_ACCESS" displayName: "PVC access mode" - value: "ReadWriteOnce" + value: "ReadWriteMany" - name: "IMAGE_TAG" required: true - - name: "MINIO_DATA_DIR" - default: /opt/minio/s3/data - - name: "NAME_SUFFIX" - required: false objects: - apiVersion: v1 kind: PersistentVolumeClaim metadata: finalizers: - kubernetes.io/pvc-protection - name: "gwells-${NAME_SUFFIX}-minio-config-vol-v2" - labels: - app: nr-gwells-${NAME_SUFFIX} - spec: - accessModes: - - ${DEST_PVC_ACCESS} - resources: - requests: - storage: ${DEST_PVC_SIZE} - storageClassName: netapp-file-standard - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - finalizers: - - kubernetes.io/pvc-protection - name: "gwells-${NAME_SUFFIX}-minio-data-vol" + name: "gwells-minio-${NAME_SUFFIX}" labels: - app: nr-gwells-${NAME_SUFFIX} + app: "nr-gwells-${NAME_SUFFIX}" + name: gwells-minio-${NAME_SUFFIX} spec: accessModes: - ${DEST_PVC_ACCESS} resources: requests: storage: ${DEST_PVC_SIZE} - storageClassName: netapp-file-standard + storageClassName: ${DEST_PVC_CLASS} - apiVersion: apps/v1 kind: Deployment metadata: labels: - app: nr-gwells-${NAME_SUFFIX} - name: "gwells-${NAME_SUFFIX}-minio" + app: "nr-gwells-${NAME_SUFFIX}" + name: "gwells-minio-${NAME_SUFFIX}" + name: "gwells-minio-${NAME_SUFFIX}" spec: replicas: 1 selector: matchLabels: - deployment: "gwells-${NAME_SUFFIX}-minio" + app: "nr-gwells-${NAME_SUFFIX}" strategy: activeDeadlineSeconds: 3000 recreateParams: @@ -79,81 +67,80 @@ objects: template: metadata: labels: - name: "gwells-${NAME_SUFFIX}-minio" - deployment: "gwells-${NAME_SUFFIX}-minio" + app: "nr-gwells-${NAME_SUFFIX}" + name: gwells-minio-${NAME_SUFFIX} + service: gwells-minio-${NAME_SUFFIX} spec: containers: - env: - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: - name: gwells-${NAME_SUFFIX}-minio + name: gwells-minio-${NAME_SUFFIX} key: MINIO_ACCESS_KEY - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: - name: gwells-${NAME_SUFFIX}-minio + name: gwells-minio-${NAME_SUFFIX} key: MINIO_SECRET_KEY - - name: S3_PUBLIC_ACCESS_KEY - valueFrom: - secretKeyRef: - name: gwells-${NAME_SUFFIX}-minio - key: S3_PUBLIC_ACCESS_KEY - - name: S3_PUBLIC_SECRET_KEY - valueFrom: - secretKeyRef: - name: gwells-${NAME_SUFFIX}-minio - key: S3_PUBLIC_SECRET_KEY - - name: S3_HOST - valueFrom: - secretKeyRef: - name: gwells-${NAME_SUFFIX}-minio - key: S3_HOST - - name: S3_ROOT_BUCKET - valueFrom: - secretKeyRef: - name: gwells-${NAME_SUFFIX}-minio - key: S3_ROOT_BUCKET - name: MINIO_DATA_DIR - value: ${MINIO_DATA_DIR} - - name: MINIO_CONFIG_DIR - value: /opt/minio/s3/config + value: /opt/minio/s3/data image: ghcr.io/bcgov/nr-gwells/minio:${IMAGE_TAG} - imagePullPolicy: Always - name: "gwells-${NAME_SUFFIX}-minio" + securityContext: + capabilities: + add: ["NET_BIND_SERVICE"] + # readinessProbe: + # httpGet: + # path: /minio/health + # port: 9000 + # scheme: HTTP + # initialDelaySeconds: 15 + # timeoutSeconds: 10 + # periodSeconds: 20 + # successThreshold: 1 + # failureThreshold: 30 + # imagePullPolicy: Always + name: "gwells-minio-${NAME_SUFFIX}" + command: + - '/bin/sh' + - '-c' + args: + - '/minio-entrypoint.sh server /opt/minio/s3/data' ports: - containerPort: 9000 protocol: TCP resources: limits: - cpu: 150m + cpu: 250m requests: cpu: 100m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - - mountPath: /opt/minio/s3/config - name: config-vol - mountPath: /opt/minio/s3/data - name: data-vol + name: minio-vol restartPolicy: Always terminationGracePeriodSeconds: 30 volumes: - - name: config-vol + - name: minio-vol persistentVolumeClaim: - claimName: "gwells-${NAME_SUFFIX}-minio-config-vol-v2" - - name: data-vol - persistentVolumeClaim: - claimName: "gwells-${NAME_SUFFIX}-minio-data-vol" - - kind: Service - apiVersion: v1 + claimName: "gwells-minio-${NAME_SUFFIX}" + - apiVersion: v1 + kind: Service metadata: labels: app: nr-gwells-${NAME_SUFFIX} - name: "gwells-${NAME_SUFFIX}-minio" + name: gwells-minio-${NAME_SUFFIX} + name: gwells-minio-${NAME_SUFFIX} spec: + selector: + app: nr-gwells-${NAME_SUFFIX} + name: gwells-minio-${NAME_SUFFIX} + service: gwells-minio-${NAME_SUFFIX} ports: - name: 9000-tcp port: 9000 protocol: TCP targetPort: 9000 + type: ClusterIP + \ No newline at end of file