Created
January 29, 2024 11:48
-
-
Save kairen/d562e05163ca3e1233498cb98ba747b5 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
apiVersion: v1 | |
kind: ServiceAccount | |
metadata: | |
name: minio-setup | |
--- | |
apiVersion: rbac.authorization.k8s.io/v1 | |
kind: RoleBinding | |
metadata: | |
name: minio-setup-edit | |
roleRef: | |
apiGroup: rbac.authorization.k8s.io | |
kind: ClusterRole | |
name: edit | |
subjects: | |
- kind: ServiceAccount | |
name: minio-setup | |
--- | |
apiVersion: v1 | |
kind: Service | |
metadata: | |
labels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: minio | |
spec: | |
ports: | |
- name: api | |
port: 9000 | |
targetPort: api | |
- name: console | |
port: 9090 | |
targetPort: 9090 | |
selector: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
sessionAffinity: None | |
type: ClusterIP | |
--- | |
apiVersion: v1 | |
kind: PersistentVolumeClaim | |
metadata: | |
labels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: minio | |
spec: | |
storageClassName: gp3-csi | |
accessModes: | |
- ReadWriteOnce | |
resources: | |
requests: | |
storage: 75Gi | |
--- | |
apiVersion: apps/v1 | |
kind: Deployment | |
metadata: | |
labels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: minio | |
spec: | |
replicas: 1 | |
selector: | |
matchLabels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
strategy: | |
type: Recreate | |
template: | |
metadata: | |
labels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
spec: | |
containers: | |
- args: | |
- minio server /data --console-address :9090 | |
command: | |
- /bin/bash | |
- -c | |
envFrom: | |
- secretRef: | |
name: minio-root-user | |
image: quay.io/minio/minio:latest | |
name: minio | |
ports: | |
- containerPort: 9000 | |
name: api | |
protocol: TCP | |
- containerPort: 9090 | |
name: console | |
protocol: TCP | |
resources: | |
limits: | |
cpu: "1" | |
memory: 1Gi | |
requests: | |
cpu: 250m | |
memory: 512Mi | |
volumeMounts: | |
- mountPath: /data | |
name: minio | |
volumes: | |
- name: minio | |
persistentVolumeClaim: | |
claimName: minio | |
- emptyDir: {} | |
name: empty | |
--- | |
apiVersion: batch/v1 | |
kind: Job | |
metadata: | |
name: create-ds-connections | |
spec: | |
selector: {} | |
template: | |
spec: | |
containers: | |
- args: | |
- -ec | |
- |- | |
echo -n 'Waiting for minio route' | |
while ! oc get route minio-s3 2>/dev/null | grep -qF minio-s3; do | |
echo -n . | |
sleep 5 | |
done; echo | |
echo -n 'Waiting for minio root user secret' | |
while ! oc get secret minio-root-user 2>/dev/null | grep -qF minio-root-user; do | |
echo -n . | |
sleep 5 | |
done; echo | |
MINIO_ROOT_USER=$(oc get secret minio-root-user -o template --template '{{.data.MINIO_ROOT_USER}}') | |
MINIO_ROOT_PASSWORD=$(oc get secret minio-root-user -o template --template '{{.data.MINIO_ROOT_PASSWORD}}') | |
MINIO_HOST=https://$(oc get route minio-s3 -o template --template '{{.spec.host}}') | |
cat << EOF | oc apply -f- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
annotations: | |
opendatahub.io/connection-type: s3 | |
openshift.io/display-name: OAI Storage | |
labels: | |
opendatahub.io/dashboard: "true" | |
opendatahub.io/managed: "true" | |
name: aws-connection-oai-storage | |
data: | |
AWS_ACCESS_KEY_ID: ${MINIO_ROOT_USER} | |
AWS_SECRET_ACCESS_KEY: ${MINIO_ROOT_PASSWORD} | |
stringData: | |
AWS_DEFAULT_REGION: ap-southeast-1 | |
AWS_S3_BUCKET: oai-storage | |
AWS_S3_ENDPOINT: ${MINIO_HOST} | |
type: Opaque | |
EOF | |
cat << EOF | oc apply -f- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
annotations: | |
opendatahub.io/connection-type: s3 | |
openshift.io/display-name: Pipeline Artifacts | |
labels: | |
opendatahub.io/dashboard: "true" | |
opendatahub.io/managed: "true" | |
name: aws-connection-pipeline-artifacts | |
data: | |
AWS_ACCESS_KEY_ID: ${MINIO_ROOT_USER} | |
AWS_SECRET_ACCESS_KEY: ${MINIO_ROOT_PASSWORD} | |
stringData: | |
AWS_DEFAULT_REGION: ap-southeast-1 | |
AWS_S3_BUCKET: pipeline-artifacts | |
AWS_S3_ENDPOINT: ${MINIO_HOST} | |
type: Opaque | |
EOF | |
command: | |
- /bin/bash | |
image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest | |
imagePullPolicy: IfNotPresent | |
name: create-ds-connections | |
restartPolicy: Never | |
serviceAccount: minio-setup | |
serviceAccountName: minio-setup | |
--- | |
apiVersion: batch/v1 | |
kind: Job | |
metadata: | |
labels: | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: create-minio-buckets | |
spec: | |
selector: {} | |
template: | |
metadata: | |
labels: | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
spec: | |
containers: | |
- args: | |
- -ec | |
- |- | |
oc get secret minio-root-user | |
cat << 'EOF' | python3 | |
import boto3, os | |
s3 = boto3.client("s3", | |
endpoint_url="http://minio:9000", | |
aws_access_key_id=os.getenv("MINIO_ROOT_USER"), | |
aws_secret_access_key=os.getenv("MINIO_ROOT_PASSWORD")) | |
bucket = 'pipeline-artifacts' | |
print('creating pipeline-artifacts bucket') | |
if bucket not in [bu["Name"] for bu in s3.list_buckets()["Buckets"]]: | |
s3.create_bucket(Bucket=bucket) | |
bucket = 'oai-storage' | |
print('creating oai-storage bucket') | |
if bucket not in [bu["Name"] for bu in s3.list_buckets()["Buckets"]]: | |
s3.create_bucket(Bucket=bucket) | |
EOF | |
command: | |
- /bin/bash | |
envFrom: | |
- secretRef: | |
name: minio-root-user | |
image: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/tensorflow:2023.2 | |
imagePullPolicy: IfNotPresent | |
name: create-buckets | |
initContainers: | |
- args: | |
- -ec | |
- |- | |
echo -n 'Waiting for minio root user secret' | |
while ! oc get secret minio-root-user 2>/dev/null | grep -qF minio-root-user; do | |
echo -n . | |
sleep 5 | |
done; echo | |
echo -n 'Waiting for minio deployment' | |
while ! oc get deployment minio 2>/dev/null | grep -qF minio; do | |
echo -n . | |
sleep 5 | |
done; echo | |
oc wait --for=condition=available --timeout=60s deployment/minio | |
sleep 10 | |
command: | |
- /bin/bash | |
image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest | |
imagePullPolicy: IfNotPresent | |
name: wait-for-minio | |
restartPolicy: Never | |
serviceAccount: minio-setup | |
serviceAccountName: minio-setup | |
--- | |
apiVersion: batch/v1 | |
kind: Job | |
metadata: | |
labels: | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: create-minio-root-user | |
spec: | |
backoffLimit: 4 | |
template: | |
metadata: | |
labels: | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
spec: | |
containers: | |
- args: | |
- -ec | |
- |- | |
if [ -n "$(oc get secret minio-root-user -oname 2>/dev/null)" ]; then | |
echo "Secret already exists. Skipping." >&2 | |
exit 0 | |
fi | |
genpass() { | |
< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c"${1:-32}" | |
} | |
MINIO_ROOT_USER=${MINIO_ROOT_USER:-"admin"} | |
MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-$(genpass)} | |
cat << EOF | oc apply -f- | |
apiVersion: v1 | |
kind: Secret | |
metadata: | |
name: minio-root-user | |
type: Opaque | |
stringData: | |
MINIO_ROOT_USER: ${MINIO_ROOT_USER} | |
MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} | |
EOF | |
command: | |
- /bin/bash | |
env: | |
- name: MINIO_ROOT_USER | |
value: "" | |
- name: MINIO_ROOT_PASSWORD | |
value: "" | |
image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest | |
imagePullPolicy: IfNotPresent | |
name: create-minio-root-user | |
restartPolicy: Never | |
serviceAccount: minio-setup | |
serviceAccountName: minio-setup | |
--- | |
apiVersion: route.openshift.io/v1 | |
kind: Route | |
metadata: | |
labels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: minio-console | |
spec: | |
port: | |
targetPort: console | |
tls: | |
insecureEdgeTerminationPolicy: Redirect | |
termination: edge | |
to: | |
kind: Service | |
name: minio | |
weight: 100 | |
wildcardPolicy: None | |
--- | |
apiVersion: route.openshift.io/v1 | |
kind: Route | |
metadata: | |
labels: | |
app: minio | |
app.kubernetes.io/component: minio | |
app.kubernetes.io/instance: minio | |
app.kubernetes.io/name: minio | |
app.kubernetes.io/part-of: minio | |
component: minio | |
name: minio-s3 | |
spec: | |
port: | |
targetPort: api | |
tls: | |
insecureEdgeTerminationPolicy: Redirect | |
termination: edge | |
to: | |
kind: Service | |
name: minio | |
weight: 100 | |
wildcardPolicy: None |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment