minio argo nats face
diff --git a/minio/configure-nats.yaml b/minio/configure-nats.yaml
new file mode 100644
index 0000000..eb5bb9c
--- /dev/null
+++ b/minio/configure-nats.yaml
@@ -0,0 +1,23 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: configure-nats
+ labels:
+ app: configure-nats
+spec:
+ volumes:
+ - name: minio-secrets
+ secret:
+ secretName: minio-creds-secret
+ containers:
+ - name: mc
+ image: minio/mc:RELEASE.2020-04-04T05-28-55Z
+ imagePullPolicy: IfNotPresent
+ volumeMounts:
+ - name: minio-secrets
+ readOnly: true
+ mountPath: "/etc/minio-secrets"
+ command: ["/bin/sh", "-c"]
+ args: ["mc config host add mio http://minio-hl-svc:9000 $(cat /etc/minio-secrets/accesskey) $(cat /etc/minio-secrets/secretkey) && mc mb mio/input && mc admin config set mio notify_nats:input streaming_max_pub_acks_in_flight=\"10\" subject=\"input-objects\" address=\"nats.svc:4222\" ping_interval=\"0\" queue_limit=\"1000\" tls=\"off\" streaming_async=\"on\" queue_dir=\"/data/events\" streaming_cluster_id=\"nats-streaming\" && mc admin service restart mio && mc event add mio/input arn:minio:sqs::input:nats"]
+ restartPolicy: Never
+
diff --git a/minio/deployment.yaml b/minio/deployment.yaml
new file mode 100644
index 0000000..a480be2
--- /dev/null
+++ b/minio/deployment.yaml
@@ -0,0 +1,108 @@
+apiVersion: miniocontroller.min.io/v1beta1
+kind: MinIOInstance
+metadata:
+ name: minio
+## If specified, MinIOInstance pods will be dispatched by specified scheduler.
+## If not specified, the pod will be dispatched by default scheduler.
+# scheduler:
+# name: my-custom-scheduler
+spec:
+ selector:
+ matchLabels:
+ app: minio # Should match spec.metadata.labels
+ ## Add metadata to the all pods created by the StatefulSet
+ metadata:
+ labels:
+ app: minio # Should match spec.selector.matchLabels
+ annotations:
+ prometheus.io/path: /minio/prometheus/metrics
+ prometheus.io/port: "9000"
+ prometheus.io/scrape: "true"
+ ## Registry location and Tag to download MinIO Server image
+ image: minio/minio:RELEASE.2020-01-03T19-12-21Z
+ ## Secret with credentials to be used by MinIO instance.
+ credsSecret:
+ name: minio-creds-secret
+ ## Supply number of replicas.
+ ## For standalone mode, supply 1. For distributed mode, supply 4 or more (should be even).
+ ## Note that the operator does not support upgrading from standalone to distributed mode.
+ replicas: 1
+ ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel"
+ ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
+ ## for details. Defaults to "Parallel"
+ ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only
+ ## work if PodManagementPolicy is set to "Parallel".
+ podManagementPolicy: Parallel
+ ## Enable Kubernetes based certificate generation and signing as explained in
+ ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
+ requestAutoCert: false
+ ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate.
+ ## Internal DNS name for the pod will be used if CommonName is not provided.
+ certConfig:
+ commonName: ""
+ organizationName: []
+ dnsNames: []
+
+ ## Used to specify a toleration for a pod
+ # tolerations:
+ # - effect: NoSchedule
+ # key: dedicated
+ # operator: Equal
+ # value: storage
+ ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
+ env:
+ - name: MINIO_BROWSER
+ value: "on"
+ # - name: MINIO_STORAGE_CLASS_RRS
+ # value: "EC:2"
+ ## Configure resource requests and limits for MinIO containers
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 250m
+ ## Liveness probe detects situations where MinIO server instance
+ ## is not working properly and needs restart. Kubernetes automatically
+ ## restarts the pods if liveness checks fail.
+ liveness:
+ httpGet:
+ path: /minio/health/live
+ port: 9000
+ initialDelaySeconds: 120
+ periodSeconds: 20
+ ## Readiness probe detects situations when MinIO server instance
+ ## is not ready to accept traffic. Kubernetes doesn't forward
+ ## traffic to the pod while readiness checks fail.
+ ## Readiness check will only work if PodManagementPolicy is set to "Parallel".
+ ## Disable this check if you're setting PodManagementPolicy to "OrderedReady".
+ readiness:
+ httpGet:
+ path: /minio/health/ready
+ port: 9000
+ initialDelaySeconds: 120
+ periodSeconds: 20
+ ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
+ ## eligible to run on a node, the node must have each of the
+ ## indicated key-value pairs as labels.
+ ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+ # nodeSelector:
+ # disktype: ssd
+ ## Affinity settings for MinIO pods. Read more about affinity
+ ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
+ # affinity:
+ ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained
+ ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
+ # externalCertSecret:
+ # name: tls-ssl-minio
+ ## Mountpath where PV will be mounted inside container(s). Defaults to "/export".
+ # mountPath: /export
+ ## Subpath inside Mountpath where MinIO starts. Defaults to "".
+ # subPath: /data
+ volumeClaimTemplate:
+ metadata:
+ name: data
+ spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 10Gi
\ No newline at end of file
diff --git a/minio/operator.yaml b/minio/operator.yaml
new file mode 100644
index 0000000..3b9910e
--- /dev/null
+++ b/minio/operator.yaml
@@ -0,0 +1,136 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: minio-operator-ns
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+ name: minioinstances.miniocontroller.min.io
+spec:
+ group: miniocontroller.min.io
+ version: v1beta1
+ scope: Namespaced
+ names:
+ kind: MinIOInstance
+ singular: minioinstance
+ plural: minioinstances
+ preserveUnknownFields: true
+ validation:
+ # openAPIV3Schema is the schema for validating custom objects.
+ # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema
+ # for more details
+ openAPIV3Schema:
+ type: object
+ properties:
+ spec:
+ type: object
+ properties:
+ replicas:
+ type: integer
+ minimum: 1
+ maximum: 32
+ version:
+ type: string
+ mountpath:
+ type: string
+ subpath:
+ type: string
+ additionalPrinterColumns:
+ - name: Replicas
+ type: integer
+ JSONPath: ".spec.replicas"
+---
+apiVersion: rbac.authorization.k8s.io/v1beta1
+kind: ClusterRole
+metadata:
+ name: minio-operator-role
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - namespaces
+ - secrets
+ - pods
+ - services
+ - events
+ verbs:
+ - get
+ - watch
+ - create
+ - list
+ - patch
+- apiGroups:
+ - apps
+ resources:
+ - statefulsets
+ verbs:
+ - get
+ - create
+ - list
+ - patch
+ - watch
+ - update
+- apiGroups:
+ - "certificates.k8s.io"
+ resources:
+ - "certificatesigningrequests"
+ - "certificatesigningrequests/approval"
+ - "certificatesigningrequests/status"
+ verbs:
+ - update
+ - create
+ - get
+- apiGroups:
+ - miniocontroller.min.io
+ resources:
+ - "*"
+ verbs:
+ - "*"
+- apiGroups:
+ - min.io
+ resources:
+ - "*"
+ verbs:
+ - "*"
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: minio-operator-sa
+ namespace: minio-operator-ns
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1beta1
+metadata:
+ name: minio-operator-binding
+ namespace: minio-operator-ns
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: minio-operator-role
+subjects:
+- kind: ServiceAccount
+ name: minio-operator-sa
+ namespace: minio-operator-ns
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: minio-operator
+ namespace: minio-operator-ns
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ name: minio-operator
+ template:
+ metadata:
+ labels:
+ name: minio-operator
+ spec:
+ serviceAccountName: minio-operator-sa
+ containers:
+ - name: minio-operator
+ image: minio/k8s-operator:1.0.7
+ imagePullPolicy: IfNotPresent
\ No newline at end of file
diff --git a/minio/secrets.yaml b/minio/secrets.yaml
new file mode 100644
index 0000000..8672768
--- /dev/null
+++ b/minio/secrets.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: minio-creds-secret
+type: Opaque
+data:
+ accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64)
+ secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64)
diff --git a/minio/setup.sh b/minio/setup.sh
new file mode 100644
index 0000000..447d9cd
--- /dev/null
+++ b/minio/setup.sh
@@ -0,0 +1,6 @@
+#!/bin/sh
+
+kubectl create -f operator.yaml
+kubectl create namespace minio
+kubectl create -n minio -f secrets.yaml
+kubectl create -n minio -f deployment.yaml