From 37bdf18ae27ee0d49b11baa52e8cec1848a3a395 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Tue, 10 Sep 2024 16:30:47 +0100 Subject: [PATCH 01/14] feat(minio): add MinIO support alongside AWS S3 - Updated Chart.yaml to include MinIO as a conditional dependency - Modified api-deployment.yaml to dynamically set environment variables based on the chosen provider (AWS S3 or MinIO) - Adjusted values.yaml to include configuration options for MinIO, while keeping existing AWS S3 settings --- Chart.yaml | 4 ++ templates/api-deployment.yaml | 75 ++++++++++++++++++++++++----------- values.yaml | 25 ++++++++---- 3 files changed, 72 insertions(+), 32 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 800dd0f..89573d7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -12,3 +12,7 @@ dependencies: version: '18.2.1' repository: https://charts.bitnami.com/bitnami condition: redis.enabled + - name: minio + version: '5.2.0' + repository: https://charts.min.io/ + condition: s3.provider == "minio" and s3.enabled == true \ No newline at end of file diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 199cc55..85b205e 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -128,32 +128,59 @@ spec: name: {{ .Release.Name }}-secrets key: license {{ end }} + {{ if .Values.global.s3.enabled }} - - name: LAGO_USE_AWS_S3 - value: "true" - {{ if .Values.global.s3.aws.endpoint }} - - name: LAGO_AWS_S3_ENDPOINT - value: {{ .Values.global.s3.aws.endpoint | quote }} - {{ end }} - {{ if or .Values.global.s3.aws.accessKeyId .Values.global.existingSecret }} - - name: LAGO_AWS_S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: awsS3AccessKeyId - {{ end }} - {{ if or .Values.global.s3.aws.secretAccessKey .Values.global.existingSecret }} - - name: LAGO_AWS_S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: awsS3SecretAccessKey - {{ end }} - - name: LAGO_AWS_S3_BUCKET - value: {{ .Values.global.s3.aws.bucket | quote }} - - name: LAGO_AWS_S3_REGION - value: {{ .Values.global.s3.aws.region | quote }} + - name: LAGO_USE_AWS_S3 + value: "true" + + {{ if .Values.global.s3.aws.endpoint or .Values.global.s3.minio.endpoint }} + - name: LAGO_AWS_S3_ENDPOINT + value: {{ if eq .Values.global.s3.provider "minio" }} + {{ .Values.global.s3.minio.endpoint | quote }} + {{ else }} + {{ .Values.global.s3.aws.endpoint | quote }} + {{ end }} + {{ end }} + + {{ if or .Values.global.s3.aws.accessKeyId .Values.global.s3.minio.accessKeyId .Values.global.existingSecret }} + - name: LAGO_AWS_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: {{ if eq .Values.global.s3.provider "minio" }} + minioAccessKeyId + {{ else }} + awsS3AccessKeyId + {{ end }} + {{ end }} + + {{ if or .Values.global.s3.aws.secretAccessKey .Values.global.s3.minio.secretAccessKey .Values.global.existingSecret }} + - name: LAGO_AWS_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: {{ if eq .Values.global.s3.provider "minio" }} + minioSecretAccessKey + {{ else }} + awsS3SecretAccessKey + {{ end }} + {{ end }} + + - name: LAGO_AWS_S3_BUCKET + value: {{ if eq .Values.global.s3.provider "minio" }} + {{ .Values.global.s3.minio.bucket | quote }} + {{ else }} + {{ .Values.global.s3.aws.bucket | quote }} + {{ end }} + + - name: LAGO_AWS_S3_REGION + value: {{ if eq .Values.global.s3.provider "minio" }} + {{ .Values.global.s3.minio.region | quote }} + {{ else }} + {{ .Values.global.s3.aws.region | quote }} + {{ end }} {{ end }} + {{ if .Values.global.smtp.enabled }} - name: LAGO_FROM_EMAIL value: {{ .Values.global.smtp.fromEmail }} diff --git a/values.yaml b/values.yaml index be20941..63f9d0d 100644 --- a/values.yaml +++ b/values.yaml @@ -53,14 +53,23 @@ global: segment: enabled: true s3: - enabled: false - # accessKeyId and secretAccessKey are not required here if using existingSecret - # aws: - # accessKeyId: - # secretAccessKey: - # bucket: - # region: - # endpoint: + enabled: true + provider: aws # or 'minio' to switch between S3 and MinIO + #aws: + # accessKeyId and secretAccessKey are not required here if using existingSecret + # accessKeyId: "" + # secretAccessKey: "" + # bucket: "" + # region: "" + # endpoint: "https://s3..amazonaws.com" # Leave empty for default AWS S3 endpoint + #minio: + # enabled: false # Enable this to switch to MinIO + # accessKeyId: "" # Can be stored in a Kubernetes secret + # secretAccessKey: "" # Can be stored in a Kubernetes secret + # bucket: "" + # region: "us-east-1" # You can keep this default + # endpoint: "http://minio-service.minio-namespace.svc.cluster.local:9000" # Internal URL to access MinIO within your cluster + smtp: # username and password are not required here if using existingSecret enabled: false From 43bd285699601be80e450a27f317617e6e5856c3 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Tue, 10 Sep 2024 18:12:36 +0100 Subject: [PATCH 02/14] feat(minio): integrate dynamic MinIO configuration - Updated templates/minio.yaml to apply release-specific secrets for MINIO_ROOT_USER and MINIO_ROOT_PASSWORD - Modified values.yaml to configure MinIO as the S3 provider and to allow for dynamic resource naming using fullnameOverride --- templates/minio.yaml | 27 +++++++++++++++++++++++++++ templates/secrets.yaml | 10 +++++++++- values.yaml | 3 +++ 3 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 templates/minio.yaml diff --git a/templates/minio.yaml b/templates/minio.yaml new file mode 100644 index 0000000..22c8e3b --- /dev/null +++ b/templates/minio.yaml @@ -0,0 +1,27 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio + namespace: {{ .Release.Namespace }} +spec: + selector: + matchLabels: + app: minio + template: + metadata: + labels: + app: minio + spec: + containers: + - name: minio + env: + - name: MINIO_ROOT_USER + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: minioAccessKeyId + - name: MINIO_ROOT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-secrets + key: minioSecretAccessKey diff --git a/templates/secrets.yaml b/templates/secrets.yaml index a06656e..05d6ae3 100644 --- a/templates/secrets.yaml +++ b/templates/secrets.yaml @@ -59,6 +59,14 @@ data: {{ if .Values.global.s3.aws.secretAccessKey }} awsS3SecretAccessKey: {{ .Values.global.s3.aws.secretAccessKey | b64enc }} {{ end }} + {{ if eq .Values.global.s3.provider "minio" }} + {{ if .Values.global.s3.minio.accessKeyId }} + minioAccessKeyId: {{ .Values.global.s3.minio.accessKeyId | b64enc }} + {{ end }} + {{ if .Values.global.s3.minio.secretAccessKey }} + minioSecretAccessKey: {{ .Values.global.s3.minio.secretAccessKey | b64enc }} + {{ end }} + {{ end }} {{ end }} {{- end }} @@ -71,4 +79,4 @@ data: {{ if .Values.global.newRelic.enabled }} newRelicKey: {{ .Values.global.newRelic.key | b64enc }} - {{ end }} \ No newline at end of file + {{ end }} diff --git a/values.yaml b/values.yaml index 63f9d0d..3929341 100644 --- a/values.yaml +++ b/values.yaml @@ -192,3 +192,6 @@ job: podAnnotations: {} podLabels: {} resources: {} + +minio: + fullnameOverride: "{{ .Release.Name }}-minio" From bf4cde1966bacb02c13fdf8c4ced0155779aa737 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Wed, 11 Sep 2024 11:14:54 +0100 Subject: [PATCH 03/14] feat: add MinIO integration and clean up redundant files - Added MinIO support as an alternative to AWS S3 in - Modified to reflect new MinIO settings outside the S3 configuration - Updated with MinIO as a conditional dependency - Removed as it is no longer required - Ensured proper environment variables for MinIO and AWS S3 are set dynamically --- Chart.yaml | 2 +- templates/api-deployment.yaml | 99 ++++++++++++++++++++--------------- templates/minio.yaml | 27 ---------- values.yaml | 30 +++++------ 4 files changed, 71 insertions(+), 87 deletions(-) delete mode 100644 templates/minio.yaml diff --git a/Chart.yaml b/Chart.yaml index 89573d7..5440331 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,4 +15,4 @@ dependencies: - name: minio version: '5.2.0' repository: https://charts.min.io/ - condition: s3.provider == "minio" and s3.enabled == true \ No newline at end of file + condition: minio.enabled == true \ No newline at end of file diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 85b205e..1c3e7c9 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -41,6 +41,26 @@ spec: - pod/{{ .Release.Name }}-redis-master-0 - --for=condition=ready - --timeout=180s + {{ end }} + {{ if .Values.minio.enabled }} + - name: wait-for-minio + image: busybox + command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-minio 9000; do sleep 5; done'] + + - name: create-minio-bucket + image: minio/mc + command: ["sh", "-c", "mc alias set myminio http://{{ .Release.Name }}-minio:9000 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && mc mb myminio/{{ .Values.minio.bucket }} || echo 'Bucket already exists'"] + env: + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-credentials + key: rootUser + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: minio-credentials + key: rootPassword {{ end }} - name: wait-for-migrations image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" @@ -129,58 +149,53 @@ spec: key: license {{ end }} - {{ if .Values.global.s3.enabled }} - - name: LAGO_USE_AWS_S3 - value: "true" - {{ if .Values.global.s3.aws.endpoint or .Values.global.s3.minio.endpoint }} - - name: LAGO_AWS_S3_ENDPOINT - value: {{ if eq .Values.global.s3.provider "minio" }} - {{ .Values.global.s3.minio.endpoint | quote }} - {{ else }} - {{ .Values.global.s3.aws.endpoint | quote }} - {{ end }} - {{ end }} + {{ if or .Values.global.s3.enabled .Values.minio.enabled }} + - name: LAGO_USE_AWS_S3 + value: "true" # Toujours "true" même pour MinIO - {{ if or .Values.global.s3.aws.accessKeyId .Values.global.s3.minio.accessKeyId .Values.global.existingSecret }} - - name: LAGO_AWS_S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: {{ if eq .Values.global.s3.provider "minio" }} - minioAccessKeyId - {{ else }} - awsS3AccessKeyId - {{ end }} - {{ end }} - - {{ if or .Values.global.s3.aws.secretAccessKey .Values.global.s3.minio.secretAccessKey .Values.global.existingSecret }} - - name: LAGO_AWS_S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ include "secret-path" . }} - key: {{ if eq .Values.global.s3.provider "minio" }} - minioSecretAccessKey - {{ else }} - awsS3SecretAccessKey - {{ end }} - {{ end }} + {{ if or .Values.global.s3.aws.endpoint .Values.minio.endpoint }} + - name: LAGO_AWS_S3_ENDPOINT + value: {{ if .Values.minio.enabled }} + {{ .Values.minio.endpoint | quote }} + {{ else }} + {{ .Values.global.s3.aws.endpoint | quote }} + {{ end }} + {{ end }} - - name: LAGO_AWS_S3_BUCKET - value: {{ if eq .Values.global.s3.provider "minio" }} - {{ .Values.global.s3.minio.bucket | quote }} + {{ if or .Values.global.s3.aws.accessKeyId .Values.minio.accessKeyId .Values.global.existingSecret }} + - name: LAGO_AWS_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: {{ if .Values.minio.enabled }} + minioAccessKeyId {{ else }} - {{ .Values.global.s3.aws.bucket | quote }} + awsS3AccessKeyId {{ end }} + {{ end }} - - name: LAGO_AWS_S3_REGION - value: {{ if eq .Values.global.s3.provider "minio" }} - {{ .Values.global.s3.minio.region | quote }} + {{ if or .Values.global.s3.aws.secretAccessKey .Values.minio.secretAccessKey .Values.global.existingSecret }} + - name: LAGO_AWS_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ include "secret-path" . }} + key: {{ if .Values.minio.enabled }} + minioSecretAccessKey {{ else }} - {{ .Values.global.s3.aws.region | quote }} + awsS3SecretAccessKey {{ end }} {{ end }} + - name: LAGO_AWS_S3_BUCKET + value: {{ if .Values.minio.enabled }} + {{ .Values.minio.bucket | quote }} + {{ else }} + {{ .Values.global.s3.aws.bucket | quote }} + {{ end }} + {{ end }} + + {{ if .Values.global.smtp.enabled }} - name: LAGO_FROM_EMAIL value: {{ .Values.global.smtp.fromEmail }} diff --git a/templates/minio.yaml b/templates/minio.yaml deleted file mode 100644 index 22c8e3b..0000000 --- a/templates/minio.yaml +++ /dev/null @@ -1,27 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio - namespace: {{ .Release.Namespace }} -spec: - selector: - matchLabels: - app: minio - template: - metadata: - labels: - app: minio - spec: - containers: - - name: minio - env: - - name: MINIO_ROOT_USER - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: minioAccessKeyId - - name: MINIO_ROOT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-secrets - key: minioSecretAccessKey diff --git a/values.yaml b/values.yaml index 3929341..7db8194 100644 --- a/values.yaml +++ b/values.yaml @@ -53,22 +53,13 @@ global: segment: enabled: true s3: - enabled: true - provider: aws # or 'minio' to switch between S3 and MinIO - #aws: - # accessKeyId and secretAccessKey are not required here if using existingSecret - # accessKeyId: "" - # secretAccessKey: "" - # bucket: "" - # region: "" - # endpoint: "https://s3..amazonaws.com" # Leave empty for default AWS S3 endpoint - #minio: - # enabled: false # Enable this to switch to MinIO - # accessKeyId: "" # Can be stored in a Kubernetes secret - # secretAccessKey: "" # Can be stored in a Kubernetes secret - # bucket: "" - # region: "us-east-1" # You can keep this default - # endpoint: "http://minio-service.minio-namespace.svc.cluster.local:9000" # Internal URL to access MinIO within your cluster + enabled: false + # accessKeyId and secretAccessKey are not required here if using existingSecret + #accessKeyId: "" + #secretAccessKey: "" + #bucket: "" + #region: "" + #endpoint: "https://s3..amazonaws.com" # Leave empty for default AWS S3 endpoint smtp: # username and password are not required here if using existingSecret @@ -194,4 +185,9 @@ job: resources: {} minio: - fullnameOverride: "{{ .Release.Name }}-minio" + enable: false + #fullnameOverride: "{{ .Release.Name }}-minio" + #rootUser: "your-minio-access-key" + #rootPassword: "your-minio-secret-key" + #persistence: + # size: 10Gi \ No newline at end of file From 794c4bd98d7310267c2f40d2981e9697757d6796 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Wed, 11 Sep 2024 11:18:02 +0100 Subject: [PATCH 04/14] chore: align wait-for-minio with kubectl wait methodology --- templates/api-deployment.yaml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 1c3e7c9..49b4280 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -44,8 +44,12 @@ spec: {{ end }} {{ if .Values.minio.enabled }} - name: wait-for-minio - image: busybox - command: ['sh', '-c', 'until nc -z {{ .Release.Name }}-minio 9000; do sleep 5; done'] + image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" + args: + - wait + - pod/{{ .Release.Name }}-minio-0 + - --for=condition=ready + - --timeout=180s - name: create-minio-bucket image: minio/mc From 9bea4e891a72605c8ff4900f6d54894ddc3eed88 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Wed, 11 Sep 2024 11:22:07 +0100 Subject: [PATCH 05/14] chore: align wait-for-minio with kubectl wait methodology --- templates/api-deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 49b4280..e629a7f 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -156,7 +156,7 @@ spec: {{ if or .Values.global.s3.enabled .Values.minio.enabled }} - name: LAGO_USE_AWS_S3 - value: "true" # Toujours "true" même pour MinIO + value: "true" {{ if or .Values.global.s3.aws.endpoint .Values.minio.endpoint }} - name: LAGO_AWS_S3_ENDPOINT From a0ff5b008e7c0ea186f2cbfa3d89ac6e935a3142 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Thu, 12 Sep 2024 09:02:22 +0100 Subject: [PATCH 06/14] feat(minio): update deployment to include MinIO configuration, service account, and secret management for MinIO integration --- Chart.yaml | 2 +- templates/api-deployment.yaml | 18 +++++++++--------- templates/secrets.yaml | 2 +- templates/serviceaccount.yml | 3 +++ values.yaml | 4 +--- 5 files changed, 15 insertions(+), 14 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 5440331..6102311 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,4 +15,4 @@ dependencies: - name: minio version: '5.2.0' repository: https://charts.min.io/ - condition: minio.enabled == true \ No newline at end of file + condition: minio.enabled \ No newline at end of file diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index e629a7f..31a8625 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -58,12 +58,12 @@ spec: - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: - name: minio-credentials + name: {{ .Release.Name }}-minio key: rootUser - name: MINIO_SECRET_KEY valueFrom: secretKeyRef: - name: minio-credentials + name: {{ .Release.Name }}-minio key: rootPassword {{ end }} - name: wait-for-migrations @@ -158,34 +158,34 @@ spec: - name: LAGO_USE_AWS_S3 value: "true" - {{ if or .Values.global.s3.aws.endpoint .Values.minio.endpoint }} + {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} - name: LAGO_AWS_S3_ENDPOINT value: {{ if .Values.minio.enabled }} {{ .Values.minio.endpoint | quote }} {{ else }} - {{ .Values.global.s3.aws.endpoint | quote }} + {{ .Values.global.s3.endpoint | quote }} {{ end }} {{ end }} - {{ if or .Values.global.s3.aws.accessKeyId .Values.minio.accessKeyId .Values.global.existingSecret }} + {{ if or .Values.global.s3.accessKeyId .Values.minio.accessKeyId .Values.global.existingSecret }} - name: LAGO_AWS_S3_ACCESS_KEY_ID valueFrom: secretKeyRef: name: {{ include "secret-path" . }} key: {{ if .Values.minio.enabled }} - minioAccessKeyId + rootUser {{ else }} awsS3AccessKeyId {{ end }} {{ end }} - {{ if or .Values.global.s3.aws.secretAccessKey .Values.minio.secretAccessKey .Values.global.existingSecret }} + {{ if or .Values.global.s3.secretAccessKey .Values.minio.secretAccessKey .Values.global.existingSecret }} - name: LAGO_AWS_S3_SECRET_ACCESS_KEY valueFrom: secretKeyRef: name: {{ include "secret-path" . }} key: {{ if .Values.minio.enabled }} - minioSecretAccessKey + rootPassword {{ else }} awsS3SecretAccessKey {{ end }} @@ -195,7 +195,7 @@ spec: value: {{ if .Values.minio.enabled }} {{ .Values.minio.bucket | quote }} {{ else }} - {{ .Values.global.s3.aws.bucket | quote }} + {{ .Values.global.s3.bucket | quote }} {{ end }} {{ end }} diff --git a/templates/secrets.yaml b/templates/secrets.yaml index 05d6ae3..79803e2 100644 --- a/templates/secrets.yaml +++ b/templates/secrets.yaml @@ -61,7 +61,7 @@ data: {{ end }} {{ if eq .Values.global.s3.provider "minio" }} {{ if .Values.global.s3.minio.accessKeyId }} - minioAccessKeyId: {{ .Values.global.s3.minio.accessKeyId | b64enc }} + rootUser: {{ .Values.global.s3.minio.accessKeyId | b64enc }} {{ end }} {{ if .Values.global.s3.minio.secretAccessKey }} minioSecretAccessKey: {{ .Values.global.s3.minio.secretAccessKey | b64enc }} diff --git a/templates/serviceaccount.yml b/templates/serviceaccount.yml index 05e0212..a54df71 100644 --- a/templates/serviceaccount.yml +++ b/templates/serviceaccount.yml @@ -26,6 +26,9 @@ rules: {{ if .Values.redis.enabled }} - {{ .Release.Name }}-redis-master-0 {{ end}} + {{ if .Values.minio.enabled }} + - {{ .Release.Name }}-minio-0 + {{ end}} - {{ include "migrateJobName" . }} verbs: - get diff --git a/values.yaml b/values.yaml index 7db8194..95f5cec 100644 --- a/values.yaml +++ b/values.yaml @@ -186,8 +186,6 @@ job: minio: enable: false - #fullnameOverride: "{{ .Release.Name }}-minio" - #rootUser: "your-minio-access-key" - #rootPassword: "your-minio-secret-key" + fullnameOverride: "{{ .Release.Name }}-minio" #persistence: # size: 10Gi \ No newline at end of file From 043d49c1b9aed76f4f3e0504e3e395dd0dcd00a5 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Thu, 12 Sep 2024 16:55:37 +0100 Subject: [PATCH 07/14] fix(minio): update secret reference in api-deployment.yaml to handle MinIO-specific secrets correctly --- templates/api-deployment.yaml | 32 +++++++++++++++++++++++--------- 1 file changed, 23 insertions(+), 9 deletions(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 31a8625..a2ec2bf 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -167,39 +167,53 @@ spec: {{ end }} {{ end }} - {{ if or .Values.global.s3.accessKeyId .Values.minio.accessKeyId .Values.global.existingSecret }} + {{ if or .Values.global.s3.accessKeyId .Values.minio.enabled .Values.global.existingSecret }} - name: LAGO_AWS_S3_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: {{ include "secret-path" . }} + name: {{ if .Values.minio.enabled }} + {{ .Release.Name }}-minio # Utiliser le secret spécifique à MinIO si minio.enabled + {{ else }} + {{ include "secret-path" . }} # Utiliser le secret standard pour AWS S3 + {{ end }} key: {{ if .Values.minio.enabled }} - rootUser + rootUser # Utiliser rootUser pour MinIO {{ else }} - awsS3AccessKeyId + awsS3AccessKeyId # Utiliser awsS3AccessKeyId pour AWS S3 {{ end }} {{ end }} - {{ if or .Values.global.s3.secretAccessKey .Values.minio.secretAccessKey .Values.global.existingSecret }} + {{ if or .Values.global.s3.secretAccessKey .Values.minio.enabled .Values.global.existingSecret }} - name: LAGO_AWS_S3_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ include "secret-path" . }} + name: {{ if .Values.minio.enabled }} + {{ .Release.Name }}-minio # Utiliser le secret spécifique à MinIO si minio.enabled + {{ else }} + {{ include "secret-path" . }} # Utiliser le secret standard pour AWS S3 + {{ end }} key: {{ if .Values.minio.enabled }} - rootPassword + rootPassword # Utiliser rootPassword pour MinIO {{ else }} - awsS3SecretAccessKey + awsS3SecretAccessKey # Utiliser awsS3SecretAccessKey pour AWS S3 {{ end }} {{ end }} + - name: LAGO_AWS_S3_BUCKET value: {{ if .Values.minio.enabled }} {{ .Values.minio.bucket | quote }} {{ else }} {{ .Values.global.s3.bucket | quote }} {{ end }} + - name: LAGO_AWS_S3_REGION + value: {{ if .Values.global.s3.enabled }} + {{ .Values.global.s3.aws.region | quote }} + {{ else if .Values.minio.enabled }} + {{ default "us-east-1" .Values.minio.region | quote }} + {{ end }} {{ end }} - {{ if .Values.global.smtp.enabled }} - name: LAGO_FROM_EMAIL value: {{ .Values.global.smtp.fromEmail }} From bde693209ccd4409a8144f189422b9b3e9b070b2 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Mon, 16 Sep 2024 15:05:07 +0200 Subject: [PATCH 08/14] chore: forcing S3_PATH_STYLE to be true for minio --- templates/api-deployment.yaml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index a2ec2bf..a672448 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -157,7 +157,10 @@ spec: {{ if or .Values.global.s3.enabled .Values.minio.enabled }} - name: LAGO_USE_AWS_S3 value: "true" - + {{ if .Values.minio.enabled }} + - name: LAGO_AWS_S3_PATH_STYLE + value: "true" + {{ end }} {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} - name: LAGO_AWS_S3_ENDPOINT value: {{ if .Values.minio.enabled }} From b6b35fe3b8ea44f222c90dba6342a2efa5e14de1 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Mon, 16 Sep 2024 18:31:56 +0200 Subject: [PATCH 09/14] chore: adding ingress for minio & adding PATH STYLE correct way --- templates/api-deployment.yaml | 4 ++-- templates/ingress.yaml | 11 +++++++++++ 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index a672448..0265531 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -157,10 +157,10 @@ spec: {{ if or .Values.global.s3.enabled .Values.minio.enabled }} - name: LAGO_USE_AWS_S3 value: "true" - {{ if .Values.minio.enabled }} + {{- if .Values.minio.enabled }} - name: LAGO_AWS_S3_PATH_STYLE value: "true" - {{ end }} + {{- end }} {{ if or .Values.global.s3.endpoint .Values.minio.endpoint }} - name: LAGO_AWS_S3_ENDPOINT value: {{ if .Values.minio.enabled }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 790133d..770c197 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -15,6 +15,7 @@ spec: - hosts: - {{ .Values.global.ingress.frontHostname }} - {{ .Values.global.ingress.apiHostname }} + - {{ .Values.global.ingress.minioHostname }} secretName: {{ .Release.Name }}-ingress-secret rules: - host: {{ .Values.global.ingress.frontHostname }} @@ -35,4 +36,14 @@ spec: name: {{ .Release.Name }}-api-svc port: number: {{ .Values.api.service.port }} + - host: {{ .Values.global.ingress.minioHostname }} + http: + paths: + - path: / + pathType: ImplementationSpecific + backend: + service: + name: {{ .Values.minio.service.name }} + port: + number: {{ .Values.minio.service.port }} {{ end }} From dd22962b43e0badd06d0a4c4dcd008161fbfc0eb Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Thu, 19 Sep 2024 17:25:10 +0200 Subject: [PATCH 10/14] chore: removing minio to lago ingress its having his own --- templates/ingress.yaml | 11 ----------- 1 file changed, 11 deletions(-) diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 770c197..790133d 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -15,7 +15,6 @@ spec: - hosts: - {{ .Values.global.ingress.frontHostname }} - {{ .Values.global.ingress.apiHostname }} - - {{ .Values.global.ingress.minioHostname }} secretName: {{ .Release.Name }}-ingress-secret rules: - host: {{ .Values.global.ingress.frontHostname }} @@ -36,14 +35,4 @@ spec: name: {{ .Release.Name }}-api-svc port: number: {{ .Values.api.service.port }} - - host: {{ .Values.global.ingress.minioHostname }} - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: - service: - name: {{ .Values.minio.service.name }} - port: - number: {{ .Values.minio.service.port }} {{ end }} From 7d9a780e1bc16726337ff7d82495262faf2e4cd0 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Thu, 19 Sep 2024 17:41:35 +0200 Subject: [PATCH 11/14] feat(minio): use the built-in bucket creation mechanism of the MinIO chart - Remove the `create-minio-bucket` init container since the MinIO chart now handles bucket creation via the `buckets` configuration. - Update the `LAGO_AWS_S3_BUCKET` environment variable to use the name of the first bucket defined in `minio.buckets`. - Enable MinIO in `values.yaml` by setting `enabled: true`. - Add the (commented) bucket configuration in `values.yaml` with a note indicating that only the first bucket will be used. This change simplifies deployment by leveraging the MinIO chart's built-in mechanism for bucket creation, eliminating the need for a custom script. --- templates/api-deployment.yaml | 17 +---------------- values.yaml | 34 ++++++++++++++++++++++++++++++---- 2 files changed, 31 insertions(+), 20 deletions(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 0265531..a237eb1 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -50,21 +50,6 @@ spec: - pod/{{ .Release.Name }}-minio-0 - --for=condition=ready - --timeout=180s - - - name: create-minio-bucket - image: minio/mc - command: ["sh", "-c", "mc alias set myminio http://{{ .Release.Name }}-minio:9000 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY && mc mb myminio/{{ .Values.minio.bucket }} || echo 'Bucket already exists'"] - env: - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-minio - key: rootUser - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-minio - key: rootPassword {{ end }} - name: wait-for-migrations image: "docker.io/bitnami/kubectl:{{ include "kubectlVersion" . }}" @@ -205,7 +190,7 @@ spec: - name: LAGO_AWS_S3_BUCKET value: {{ if .Values.minio.enabled }} - {{ .Values.minio.bucket | quote }} + {{ (index .Values.minio.buckets 0).name | quote }} {{ else }} {{ .Values.global.s3.bucket | quote }} {{ end }} diff --git a/values.yaml b/values.yaml index 95f5cec..3801830 100644 --- a/values.yaml +++ b/values.yaml @@ -185,7 +185,33 @@ job: resources: {} minio: - enable: false - fullnameOverride: "{{ .Release.Name }}-minio" - #persistence: - # size: 10Gi \ No newline at end of file + enabled: true + # replicas: 2 + # fullnameOverride: "my-lago-minio" + # endpoint: "http://minio.lago.dev" + # nameOverride: "minio" + # resources: + # requests: + # memory: "512Mi" + # cpu: "500m" + # limits: + # memory: "1Gi" + # cpu: "1" + # persistence: + # size: 10Gi + # ingress: + # enabled: true + # ingressClassName: nginx + # labels: {} + # annotations: {} + # path: / + # hosts: + # - minio.lago.dev + # tls: [] + # Note : only the first one will be used + # buckets: + # - name: my-lago-minio + # policy: none + # purge: false + # versioning: false + # objectlocking: false \ No newline at end of file From ac4579b68f897029c6eb5b783b76c1079e010ddd Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Thu, 19 Sep 2024 17:43:39 +0200 Subject: [PATCH 12/14] chore: remove french comment --- templates/api-deployment.yaml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index a237eb1..c0774ab 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -160,14 +160,14 @@ spec: valueFrom: secretKeyRef: name: {{ if .Values.minio.enabled }} - {{ .Release.Name }}-minio # Utiliser le secret spécifique à MinIO si minio.enabled + {{ .Release.Name }}-minio {{ else }} - {{ include "secret-path" . }} # Utiliser le secret standard pour AWS S3 + {{ include "secret-path" . }} {{ end }} key: {{ if .Values.minio.enabled }} - rootUser # Utiliser rootUser pour MinIO + rootUser {{ else }} - awsS3AccessKeyId # Utiliser awsS3AccessKeyId pour AWS S3 + awsS3AccessKeyId {{ end }} {{ end }} @@ -176,14 +176,14 @@ spec: valueFrom: secretKeyRef: name: {{ if .Values.minio.enabled }} - {{ .Release.Name }}-minio # Utiliser le secret spécifique à MinIO si minio.enabled + {{ .Release.Name }}-minio {{ else }} - {{ include "secret-path" . }} # Utiliser le secret standard pour AWS S3 + {{ include "secret-path" . }} {{ end }} key: {{ if .Values.minio.enabled }} - rootPassword # Utiliser rootPassword pour MinIO + rootPassword {{ else }} - awsS3SecretAccessKey # Utiliser awsS3SecretAccessKey pour AWS S3 + awsS3SecretAccessKey {{ end }} {{ end }} From 828ecc32dc214f8a5c7dfe661f3dc94a4ee9fe28 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Thu, 19 Sep 2024 18:02:29 +0200 Subject: [PATCH 13/14] feat(docs): Add complete README.md for Lago Helm chart with MinIO bucket configuration --- README.md | 118 ++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 114 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index f1ed218..928b48f 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,119 @@ # Lago Helm Chart -Version: 1.10.0 -Lago Version : v1.10.0 +This Helm chart deploys the Lago billing system with various optional dependencies such as Redis, PostgreSQL, and MinIO. Below are details about configuring the chart for different environments. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.5+ +- Persistent storage provisioner enabled in the cluster +- Optionally: A managed Redis, Minio and PostgreSQL service for production environments + +## Installation + +To install the chart with the release name `my-lago-release`: + +helm install my-lago-release . + +You can customize the installation by overriding values in `values.yaml` with your own. The full list of configurable parameters can be found in the following sections. + +### Sample Command + +helm install my-lago-release . \ + --set apiUrl=mydomain.dev \ + --set frontUrl=mydomain.dev ## Configuration -You can start with a very small configuration. -The only fields required are `frontUrl` and `apiUrl`, since no ingress is managed with this version right now, you have to define the URL your application will be deployed to. +### Global Parameters + +| Parameter | Description | Default | +|----------------------------|-----------------------------------------------------------------------------------------------------|---------------| +| `global.license` | Lago Premium License key | `""` | +| `global.databaseUrl` | PostgreSQL connection string, should follow this format: postgresql://USER:PASSWORD@HOST:PORT/DB | `""` | +| `global.redisUrl` | Redis connection string, should follow this format: redis://... or redis+sentinel://... | `""` | +| `global.existingSecret` | Name of the secret containing sensitive values (database URL, Redis URL, AWS keys, SMTP credentials) | `""` | +| `global.s3.enabled` | Enable S3 storage for file uploads | `false` | +| `global.s3.accessKeyId` | AWS S3 access key ID (not required if using existing secret) | `""` | +| `global.s3.secretAccessKey` | AWS S3 secret access key (not required if using existing secret) | `""` | +| `global.s3.bucket` | AWS S3 bucket name | `""` | +| `global.smtp.enabled` | Enable SMTP configuration for email sending | `false` | +| `global.signup.enabled` | Enable or disable Lago's signup feature | `true` | +| `global.ingress.enabled` | Enable ingress resources for the application | `false` | + +### Redis Configuration + +| Parameter | Description | Default | +|---------------------------------|-----------------------------------------------------|-----------| +| `redis.enabled` | Enable Redis as a dependency | `true` | +| `redis.image.tag` | Redis image tag | `6.2.14` | +| `redis.replica.replicaCount` | Number of Redis replicas | `0` | +| `redis.auth.enabled` | Enable Redis authentication | `false` | +| `redis.master.service.ports` | Redis service port | `6379` | + +### PostgreSQL Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `postgresql.enabled` | Enable PostgreSQL as a dependency | `true` | +| `global.postgresql.auth.username` | PostgreSQL database username | `lago` | +| `global.postgresql.auth.password` | PostgreSQL database password | `lago` | +| `global.postgresql.auth.database` | PostgreSQL database name | `lago` | +| `global.postgresql.service.ports` | PostgreSQL service port | `5432` | + +### Frontend Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `front.replicas` | Number of frontend replicas | `1` | +| `front.service.port` | Frontend service port | `80` | +| `front.resources.requests.memory` | Memory request for the frontend | `512Mi` | +| `front.resources.requests.cpu` | CPU request for the frontend | `200m` | + +### API Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `api.replicas` | Number of API replicas | `1` | +| `api.service.port` | API service port | `3000` | +| `api.rails.maxThreads` | Maximum number of threads for the Rails app | `10` | +| `api.rails.webConcurrency` | Web concurrency setting for Rails | `4` | +| `api.rails.env` | Rails environment | `production` | +| `api.resources.requests.memory` | Memory request for the API | `1Gi` | +| `api.resources.requests.cpu` | CPU request for the API | `1000m` | + +### Worker Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `worker.replicas` | Number of worker replicas | `1` | +| `worker.rails.sidekiqConcurrency` | Sidekiq concurrency | `100` | +| `worker.rails.env` | Worker environment | `production` | +| `worker.resources.requests.memory` | Memory request for the worker | `1Gi` | +| `worker.resources.requests.cpu` | CPU request for the worker | `1000m` | + +### MinIO Configuration + +| Parameter | Description | Default | +|-------------------------------------|----------------------------------------------------|-----------| +| `minio.enabled` | Enable MinIO for object storage | `true` | +| `minio.replicas` | Number of MinIO replicas | `2` | +| `minio.persistence.size` | Persistent volume size for MinIO | `10Gi` | +| `minio.ingress.enabled` | Enable ingress for MinIO | `true` | +| `minio.ingress.hosts` | Hostnames for MinIO ingress | `minio.lago.dev` | +| `minio.buckets` | List of S3 buckets to create on MinIO | `[]` | +| `minio.buckets[].name` | Name of the bucket | `my-lago-minio` | +| `minio.buckets[].policy` | Access policy for the bucket (none, readonly, writeonly, readwrite) | `none` | +| `minio.buckets[].purge` | If true, purges the bucket upon deletion | `false` | +| `minio.buckets[].versioning` | Enable versioning for the bucket | `false` | +| `minio.buckets[].objectlocking` | Enable object locking for the bucket | `false` | + + + +For additional customization, refer to the comments in `values.yaml`. + +## Uninstall + +To uninstall/delete the `my-lago-release`: + +helm delete my-lago-release From a6c0b96f4353db8f3dda510edd8149f1cdf0a353 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste DONNETTE Date: Fri, 20 Sep 2024 11:47:54 +0200 Subject: [PATCH 14/14] chore: disable minio by default --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 3801830..194b40d 100644 --- a/values.yaml +++ b/values.yaml @@ -185,7 +185,7 @@ job: resources: {} minio: - enabled: true + enabled: false # replicas: 2 # fullnameOverride: "my-lago-minio" # endpoint: "http://minio.lago.dev"