From d13662c4db8abe61dc9ccaa845205acde1fd6e3a Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 09:19:07 -0700 Subject: [PATCH 1/7] initial commit --- examples/postgres-operator/zarf.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/postgres-operator/zarf.yaml b/examples/postgres-operator/zarf.yaml index 4fbf68fc28..a34e182145 100644 --- a/examples/postgres-operator/zarf.yaml +++ b/examples/postgres-operator/zarf.yaml @@ -16,6 +16,7 @@ local: - name: pgadmin4 url: https://helm.runix.net version: 1.7.2 + # add minio-operator and minio from big bang images: - registry.opensource.zalan.do/acid/postgres-operator:v1.7.0 From 08c5fbf832c7f25168e02f4f70d1efc764891cae Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 10:10:37 -0700 Subject: [PATCH 2/7] starting to add minio operator --- .../manifests/minio-operator.yaml | 26 +++++++++++++++++++ .../manifests/namespace.yaml | 4 --- .../manifests/namespaces.yaml | 9 +++++++ ...ator-ui.yaml => postgres-operator-ui.yaml} | 0 .../{operator.yaml => postgres-operator.yaml} | 0 examples/postgres-operator/zarf.yaml | 6 ++++- 6 files changed, 40 insertions(+), 5 deletions(-) create mode 100644 examples/postgres-operator/manifests/minio-operator.yaml delete mode 100644 examples/postgres-operator/manifests/namespace.yaml create mode 100644 examples/postgres-operator/manifests/namespaces.yaml rename examples/postgres-operator/manifests/{operator-ui.yaml => postgres-operator-ui.yaml} (100%) rename examples/postgres-operator/manifests/{operator.yaml => postgres-operator.yaml} (100%) diff --git a/examples/postgres-operator/manifests/minio-operator.yaml b/examples/postgres-operator/manifests/minio-operator.yaml new file mode 100644 index 0000000000..d5dbcfa2f1 --- /dev/null +++ b/examples/postgres-operator/manifests/minio-operator.yaml @@ -0,0 +1,26 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: minio-operator + namespace: minio-operator +spec: +chart: https://%{KUBERNETES_API}%/static/charts/minio-operator-2.0.9-bb.3.tgz + targetNamespace: minio-operator + # https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator/-/blob/2.0.9-bb.3/chart/values.yaml + valuesContent: |- + operator: + image: + repository: registry1.dso.mil/ironbank/opensource/minio/operator + tag: v4.2.3 + resources: + requests: + cpu: 200m + memory: 256Mi + ephemeral-storage: 500Mi + limits: + cpu: 200m + memory: 256Mi + console: + image: + repository: minio/console + tag: v0.6.3 diff --git a/examples/postgres-operator/manifests/namespace.yaml b/examples/postgres-operator/manifests/namespace.yaml deleted file mode 100644 index bfebd8ac2f..0000000000 --- a/examples/postgres-operator/manifests/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: postgres-operator diff --git a/examples/postgres-operator/manifests/namespaces.yaml b/examples/postgres-operator/manifests/namespaces.yaml new file mode 100644 index 0000000000..cfaefb1018 --- /dev/null +++ b/examples/postgres-operator/manifests/namespaces.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: postgres-operator +--- +apiVersion: v1 +kind: Namespace +metadata: + name: minio-operator diff --git a/examples/postgres-operator/manifests/operator-ui.yaml b/examples/postgres-operator/manifests/postgres-operator-ui.yaml similarity index 100% rename from examples/postgres-operator/manifests/operator-ui.yaml rename to examples/postgres-operator/manifests/postgres-operator-ui.yaml diff --git a/examples/postgres-operator/manifests/operator.yaml b/examples/postgres-operator/manifests/postgres-operator.yaml similarity index 100% rename from examples/postgres-operator/manifests/operator.yaml rename to examples/postgres-operator/manifests/postgres-operator.yaml diff --git a/examples/postgres-operator/zarf.yaml b/examples/postgres-operator/zarf.yaml index a34e182145..11707c4a25 100644 --- a/examples/postgres-operator/zarf.yaml +++ b/examples/postgres-operator/zarf.yaml @@ -16,7 +16,9 @@ local: - name: pgadmin4 url: https://helm.runix.net version: 1.7.2 - # add minio-operator and minio from big bang + - name: twistlock + url: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git + version: 4.2.3-bb.1 images: - registry.opensource.zalan.do/acid/postgres-operator:v1.7.0 @@ -25,3 +27,5 @@ local: - registry.opensource.zalan.do/acid/pgbouncer:master-18 - registry.opensource.zalan.do/acid/postgres-operator-ui:v1.7.0 - docker.io/dpage/pgadmin4:5.5 + - registry1.dso.mil/ironbank/opensource/minio/operator:v4.2.3 + - minio/console:v0.6.3 From 5f90df425f43a297514f1716bea928ce24b7d54b Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 10:10:59 -0700 Subject: [PATCH 3/7] fix typo --- examples/postgres-operator/zarf.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/postgres-operator/zarf.yaml b/examples/postgres-operator/zarf.yaml index 11707c4a25..8412a62452 100644 --- a/examples/postgres-operator/zarf.yaml +++ b/examples/postgres-operator/zarf.yaml @@ -16,7 +16,7 @@ local: - name: pgadmin4 url: https://helm.runix.net version: 1.7.2 - - name: twistlock + - name: minio-operator url: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git version: 4.2.3-bb.1 From 4ab42f7ab99c2a4bb45c5c32c51c8e17a19e7297 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 10:58:42 -0700 Subject: [PATCH 4/7] more work on deploying minio --- examples/Makefile | 10 +- .../manifests/minio-operator.yaml | 2 +- .../postgres-operator/manifests/minio.yaml | 63 +++++ examples/postgres-operator/zarf.yaml | 7 +- values.yaml | 247 ++++++++++++++++++ 5 files changed, 322 insertions(+), 7 deletions(-) create mode 100644 examples/postgres-operator/manifests/minio.yaml create mode 100644 values.yaml diff --git a/examples/Makefile b/examples/Makefile index fa11dc218f..db637b4a10 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -15,9 +15,9 @@ ifneq ($(UNAME_S),Linux) endif package-examples: - cd appliance && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build - cd data-injection && $(ZARF_BIN) package create --confirm && mv zarf*.tar ../../build - cd game && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build - cd single-big-bang-package && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build - cd tiny-kafka && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build +# cd appliance && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build +# cd data-injection && $(ZARF_BIN) package create --confirm && mv zarf*.tar ../../build +# cd game && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build +# cd single-big-bang-package && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build +# cd tiny-kafka && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build cd postgres-operator && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build diff --git a/examples/postgres-operator/manifests/minio-operator.yaml b/examples/postgres-operator/manifests/minio-operator.yaml index d5dbcfa2f1..d01b7a2924 100644 --- a/examples/postgres-operator/manifests/minio-operator.yaml +++ b/examples/postgres-operator/manifests/minio-operator.yaml @@ -4,7 +4,7 @@ metadata: name: minio-operator namespace: minio-operator spec: -chart: https://%{KUBERNETES_API}%/static/charts/minio-operator-2.0.9-bb.3.tgz + chart: https://%{KUBERNETES_API}%/static/charts/minio-operator-4.2.3-bb.1.tgz targetNamespace: minio-operator # https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator/-/blob/2.0.9-bb.3/chart/values.yaml valuesContent: |- diff --git a/examples/postgres-operator/manifests/minio.yaml b/examples/postgres-operator/manifests/minio.yaml new file mode 100644 index 0000000000..d2c1889253 --- /dev/null +++ b/examples/postgres-operator/manifests/minio.yaml @@ -0,0 +1,63 @@ +apiVersion: helm.cattle.io/v1 +kind: HelmChart +metadata: + name: minio + namespace: minio-operator +spec: + chart: https://%{KUBERNETES_API}%/static/charts/minio-instance-4.2.3-bb.1.tgz + targetNamespace: minio-operator + # https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/blob/4.2.3-bb.1/chart/values.yaml + valuesContent: |- + hostname: minio.localhost + tenants: + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 1 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 4 + ## size specifies the capacity per volume + size: 1Gi + ## storageClass specifies the storage class name to be used for this pool + storageClassName: local-path + ## Used to specify a toleration for a pod + tolerations: {} + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: {} + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: {} + ## Configure resource requests and limits for MinIO containers + resources: + requests: + cpu: "250m" + memory: "1Gi" + limits: + cpu: "500m" + memory: "1Gi" + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + console: + enabled: true + image: + repository: minio/console + tag: v0.7.4 + pullPolicy: IfNotPresent + replicaCount: 1 + secrets: + enabled: true + name: console-secret + passphrase: SECRET + salt: SECRET + accessKey: YOURCONSOLEACCESS + secretKey: YOURCONSOLESECRET + + diff --git a/examples/postgres-operator/zarf.yaml b/examples/postgres-operator/zarf.yaml index 8412a62452..6d7a48a393 100644 --- a/examples/postgres-operator/zarf.yaml +++ b/examples/postgres-operator/zarf.yaml @@ -2,6 +2,7 @@ kind: ZarfPackageConfig metadata: name: postgres-operator-demo description: "Demo of prod-like Postgres database(s) on an edge cluster" +# uncompressed: true local: manifests: manifests @@ -19,6 +20,9 @@ local: - name: minio-operator url: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git version: 4.2.3-bb.1 + - name: minio-instance + url: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git + version: 4.2.3-bb.1 images: - registry.opensource.zalan.do/acid/postgres-operator:v1.7.0 @@ -28,4 +32,5 @@ local: - registry.opensource.zalan.do/acid/postgres-operator-ui:v1.7.0 - docker.io/dpage/pgadmin4:5.5 - registry1.dso.mil/ironbank/opensource/minio/operator:v4.2.3 - - minio/console:v0.6.3 + - minio/console:v0.7.4 + - registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2021-08-31T05-46-54Z diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000000..ff844642b6 --- /dev/null +++ b/values.yaml @@ -0,0 +1,247 @@ +## Default values for minio instance creation. +## Note: to enable upgrade of minio instance, then values file has a number of values that will be +## deprecated in the future. Deprecation candidates will have an annotation in comments regarding the timeframe for deprecation. + +hostname: bigbang.dev + +# When true, upgradeTenants enables use of the V4.* Minio Operator CRD for creation of tenants is enabled. +# The default will be made TRUE in a future release. +upgradeTenants: + enabled: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# This is maintained for compatible upgrade with the 2.0.9 release. The following service itens will be removed ina future release +# because the operator handles the service deployment in 4.x and beyond. +service: + # Internal service name for minio instance. This is the full name of the service used to connect to Minio from within the cluster. + # If not specified, the service name will be the default full name of the minio instance. + nameOverride: "" + type: ClusterIP + port: 9090 + +# Removed ina future release +podAnnotations: {} + +istio: + enabled: false + virtualService: + enabled: true + annotations: {} + labels: {} + gateways: + - istio-system/main + hosts: + - minio.{{ .Values.hostname }} + service: "" + port: "" + +monitoring: + enabled: false + namespace: monitoring + +networkPolicies: + enabled: false + controlPlaneCidr: 0.0.0.0/0 + ingressLabels: + app: istio-ingressgateway + istio: ingressgateway + +# This is maintained for compatible upgrade with the 2.0.9 release. The following service itens will be removed ina future release +# once all upgrades are complete. +image: + name: registry1.dso.mil/ironbank/opensource/minio/minio + tag: RELEASE.2021-08-31T05-46-54Z + pullPolicy: "IfNotPresent" + +# This is maintained for compatible upgrade with the 2.0.9 release. The following service itens will be removed ina future release +# once all upgrades are complete. +zones: + # refer to documentation for number of servers versus volumes per server + # https://docs.min.io/docs/minio-server-limits-per-tenant.html + servers: 3 # scale to 3 for dev + +# This is maintained for compatible upgrade with the 2.0.9 release. The following service itens will be removed ina future release +# once all upgrades are complete. +volumesPerServer: 2 # 2 is minimum volumes with 3 servers + +# This is maintained for compatible upgrade with the 2.0.9 release. The following service itens will be removed ina future release +# once all upgrades are complete. +volumeClaimTemplate: + accessModes: ReadWriteOnce + storage: 1Gi # scale down for dev + +# This is maintained for compatible upgrade with the 2.0.9 release. The following service itens will be removed ina future release +# once all upgrades are complete. +minioRootCreds: default-minio-creds-secret + +## MinIO Tenant Definition +tenants: + # Tenant name + name: minio + ## Registry location and Tag to download MinIO Server image + # Configure repo and tag of MinIO Operator Image + image: + repository: registry1.dso.mil/ironbank/opensource/minio/minio + tag: RELEASE.2021-08-31T05-46-54Z + pullPolicy: "IfNotPresent" + ## Customize namespace for tenant deployment + #namespace: default + imagePullSecret: + name: private-registry + ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. + ## If not specified, the Tenant pods will be dispatched by default scheduler. + ##scheduler: + ## name: + scheduler: {} + + ## Used to specify a toleration for a pod + #tolerations: {} + + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + #nodeSelector: {} + + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + #affinity: {} + + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + #securityContext: + # runAsUser: 1001 + # runAsGroup: 1001 + # fsGroup: 1001 + + ## Specification for MinIO Pool(s) in this Tenant. + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 4 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 4 + ## size specifies the capacity per volume + size: 1Gi + ## storageClass specifies the storage class name to be used for this pool + storageClassName: local-path + ## Used to specify a toleration for a pod + tolerations: {} + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: {} + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: {} + ## Configure resource requests and limits for MinIO containers + resources: + requests: + cpu: 250m + memory: 2Gi + limits: + cpu: 250m + memory: 2Gi + + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + ## Mount path where PV will be mounted inside container(s). + mountPath: /export + + ## Sub path inside Mount path where MinIO stores data. + subPath: /data + + # pool secrets + secrets: + enabled: true + name: minio-creds-secret + accessKey: minio + secretKey: minio123 + + # pool metrics to be read by Prometheus + metrics: + enabled: false + port: 9000 + + certificate: + ## Use this field to provide one or more external CA certificates. This is used by MinIO + ## to verify TLS connections with other applications: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCaCertSecret: {} + ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure + ## TLS for MinIO Tenant pods. Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCertSecret: {} + ## Enable automatic Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + ## false = disabled TLS endpoints at the tenants + requestAutoCert: false + ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName + ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is + ## not provided. DNS name format is *.minio.default.svc.cluster.local + ##certConfig: + ## commonName: "" + ## organizationName: [] + ## dnsNames: [] + certConfig: {} + ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be + ## accessible as DNS entries of form `.minio.default.svc.cluster.local` + s3: + ## This feature is turned off by default + bucketDNS: false + ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. + podManagementPolicy: Parallel + ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + ## services created by the operator. + ##serviceMetadata: {} + serviceMetadata: + minioServiceLabels: + label: minio-svc + minioServiceAnnotations: + v2.min.io: minio-svc + # consoleServiceLabels: + # label: console-svc + # consoleServiceAnnotations: + # v2.min.io: console-svc + + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: {} + ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + ## This is applied to MinIO pods only. + ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + # e.g., priorityClassName: high-priority + priorityClassName : "" + ## Define configuration for Console (Graphical user interface for MinIO) + ## Refer https://github.com/minio/console + console: + enabled: false + image: + repository: minio/console + tag: v0.7.4 + pullPolicy: IfNotPresent + replicaCount: 1 + secrets: + enabled: true + name: console-secret + passphrase: SECRET + salt: SECRET + accessKey: YOURCONSOLEACCESS + secretKey: YOURCONSOLESECRET + +openshift: false From 4f0379c0d69dc5d713454b7703a110a1f92e56e6 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 14:50:45 -0700 Subject: [PATCH 5/7] done? --- examples/postgres-operator/README.md | 5 +++ .../{minio.yaml => minio-instance.yaml} | 31 +++++++++--------- .../manifests/minio-operator.yaml | 5 +-- .../{cluster.yaml => postgres-cluster.yaml} | 2 ++ .../manifests/postgres-operator-ui.yaml | 13 ++++++++ .../manifests/postgres-operator.yaml | 32 ++++++++++++++++--- examples/postgres-operator/zarf.yaml | 1 - 7 files changed, 64 insertions(+), 25 deletions(-) rename examples/postgres-operator/manifests/{minio.yaml => minio-instance.yaml} (86%) rename examples/postgres-operator/manifests/{cluster.yaml => postgres-cluster.yaml} (86%) diff --git a/examples/postgres-operator/README.md b/examples/postgres-operator/README.md index f8a625c8b8..83b0731568 100644 --- a/examples/postgres-operator/README.md +++ b/examples/postgres-operator/README.md @@ -20,6 +20,11 @@ After looking at several alternatives, Zalando's postgres operator felt like the - Connection // Username: `zarf` - Connection // Password: (run the command in the table below) - SSL // SSL mode: `Require` +5. Create the backups bucket in MinIO (TODO: Figure out how to create the bucket automatically) + 1. Navigate to [https://minio-console.localhost:8443](https://minio-console.localhost:8443) + 2. Log in - Username: `minio` - Password: `minio123` + 3. Buckets -> Create Bucket + - Bucket Name: `postgres-operator-backups` ## Logins diff --git a/examples/postgres-operator/manifests/minio.yaml b/examples/postgres-operator/manifests/minio-instance.yaml similarity index 86% rename from examples/postgres-operator/manifests/minio.yaml rename to examples/postgres-operator/manifests/minio-instance.yaml index d2c1889253..d161b5cb86 100644 --- a/examples/postgres-operator/manifests/minio.yaml +++ b/examples/postgres-operator/manifests/minio-instance.yaml @@ -1,7 +1,7 @@ apiVersion: helm.cattle.io/v1 kind: HelmChart metadata: - name: minio + name: minio-instance namespace: minio-operator spec: chart: https://%{KUBERNETES_API}%/static/charts/minio-instance-4.2.3-bb.1.tgz @@ -47,17 +47,18 @@ spec: fsGroup: 1001 console: enabled: true - image: - repository: minio/console - tag: v0.7.4 - pullPolicy: IfNotPresent - replicaCount: 1 - secrets: - enabled: true - name: console-secret - passphrase: SECRET - salt: SECRET - accessKey: YOURCONSOLEACCESS - secretKey: YOURCONSOLESECRET - - +--- +apiVersion: traefik.containo.us/v1alpha1 +kind: IngressRoute +metadata: + name: minio-console-ingressroute + namespace: minio-operator +spec: + entryPoints: + - websecure + routes: + - match: Host(`minio-console.localhost`) + kind: Rule + services: + - name: minio-instance-console + port: 9090 diff --git a/examples/postgres-operator/manifests/minio-operator.yaml b/examples/postgres-operator/manifests/minio-operator.yaml index d01b7a2924..e8e39d4f77 100644 --- a/examples/postgres-operator/manifests/minio-operator.yaml +++ b/examples/postgres-operator/manifests/minio-operator.yaml @@ -20,7 +20,4 @@ spec: limits: cpu: 200m memory: 256Mi - console: - image: - repository: minio/console - tag: v0.6.3 + diff --git a/examples/postgres-operator/manifests/cluster.yaml b/examples/postgres-operator/manifests/postgres-cluster.yaml similarity index 86% rename from examples/postgres-operator/manifests/cluster.yaml rename to examples/postgres-operator/manifests/postgres-cluster.yaml index d295dc86b1..fef361acf6 100644 --- a/examples/postgres-operator/manifests/cluster.yaml +++ b/examples/postgres-operator/manifests/postgres-cluster.yaml @@ -17,6 +17,8 @@ spec: zarf: [] databases: zarf: zarf + enableLogicalBackup: true + logicalBackupSchedule: "*/2 * * * *" resources: requests: cpu: 100m diff --git a/examples/postgres-operator/manifests/postgres-operator-ui.yaml b/examples/postgres-operator/manifests/postgres-operator-ui.yaml index 5b68e58738..48406b42f5 100644 --- a/examples/postgres-operator/manifests/postgres-operator-ui.yaml +++ b/examples/postgres-operator/manifests/postgres-operator-ui.yaml @@ -28,6 +28,19 @@ spec: targetNamespace: "postgres-operator" teams: - "acid" + extraEnvs: + - name: WALE_S3_ENDPOINT + value: "http+path://minio.minio-operator.svc.cluster.local:80" + - name: AWS_ENDPOINT + value: "http://minio.minio-operator.svc.cluster.local" + - name: SPILO_S3_BACKUP_PREFIX + value: "spilo/" + - name: AWS_ACCESS_KEY_ID + value: "minio" + - name: AWS_SECRET_ACCESS_KEY + value: "minio123" + - name: SPILO_S3_BACKUP_BUCKET + value: "postgres-operator-backups" # We are defining our own Ingress manifest ingress: enabled: false diff --git a/examples/postgres-operator/manifests/postgres-operator.yaml b/examples/postgres-operator/manifests/postgres-operator.yaml index 95e7775158..0926a34ea1 100644 --- a/examples/postgres-operator/manifests/postgres-operator.yaml +++ b/examples/postgres-operator/manifests/postgres-operator.yaml @@ -22,12 +22,18 @@ spec: default_memory_limit: "500Mi" min_cpu_limit: "250m" min_memory_limit: "250Mi" - # configLogicalBackup: + configAwsOrGcp: + wal_s3_bucket: "postgres-operator-backups" + configLogicalBackup: # logical_backup_docker_image: "registry1.dso.mil/.../logical-backup:v1.7.0" - # logical_backup_s3_endpoint: "" - # logical_backup_s3_access_key_id: "" - # logical_backup_s3_secret_access_key : "" - # logical_backup_schedule: "30 00 * * *" + logical_backup_s3_endpoint: "http://minio.minio-operator.svc.cluster.local" + logical_backup_s3_access_key_id: "minio" + logical_backup_s3_bucket: "postgres-operator-backups" + logical_backup_s3_secret_access_key : "minio123" + logical_backup_s3_sse: "" + logical_backup_schedule: "*/2 * * * *" + configKubernetes: + pod_environment_configmap: "postgres-operator/postgres-pod-config" configConnectionPooler: # connection_pooler_image: "registry1.dso.mil/.../pgbouncer:master-18" connection_pooler_default_cpu_request: "100m" @@ -46,3 +52,19 @@ spec: runAsNonRoot: true readOnlyRootFilesystem: true allowPrivilegeEscalation: false +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: postgres-pod-config + namespace: postgres-operator +data: + AWS_ENDPOINT: http://minio.minio-operator.svc.cluster.local + AWS_ACCESS_KEY_ID: minio + AWS_SECRET_ACCESS_KEY: minio123 + BACKUP_NUM_TO_RETAIN: "3" + BACKUP_SCHEDULE: "*/2 * * * *" + USE_WALG_BACKUP: "true" + WALG_DISABLE_S3_SSE: "true" + USE_WALG_RESTORE: "false" + AWS_S3_FORCE_PATH_STYLE: "true" diff --git a/examples/postgres-operator/zarf.yaml b/examples/postgres-operator/zarf.yaml index 6d7a48a393..f8b726bab8 100644 --- a/examples/postgres-operator/zarf.yaml +++ b/examples/postgres-operator/zarf.yaml @@ -32,5 +32,4 @@ local: - registry.opensource.zalan.do/acid/postgres-operator-ui:v1.7.0 - docker.io/dpage/pgadmin4:5.5 - registry1.dso.mil/ironbank/opensource/minio/operator:v4.2.3 - - minio/console:v0.7.4 - registry1.dso.mil/ironbank/opensource/minio/minio:RELEASE.2021-08-31T05-46-54Z From 0ba2b27a976d7301645f43f53c3e3acda61485b1 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 14:51:04 -0700 Subject: [PATCH 6/7] revert testing changes --- examples/Makefile | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/examples/Makefile b/examples/Makefile index db637b4a10..fa11dc218f 100644 --- a/examples/Makefile +++ b/examples/Makefile @@ -15,9 +15,9 @@ ifneq ($(UNAME_S),Linux) endif package-examples: -# cd appliance && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build -# cd data-injection && $(ZARF_BIN) package create --confirm && mv zarf*.tar ../../build -# cd game && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build -# cd single-big-bang-package && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build -# cd tiny-kafka && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build + cd appliance && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build + cd data-injection && $(ZARF_BIN) package create --confirm && mv zarf*.tar ../../build + cd game && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build + cd single-big-bang-package && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build + cd tiny-kafka && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build cd postgres-operator && $(ZARF_BIN) package create --confirm && mv zarf*.tar.zst ../../build From 9831f41424002b148c60b416b4eb2b4387ba9418 Mon Sep 17 00:00:00 2001 From: Andrew Roth Date: Fri, 17 Sep 2021 14:54:29 -0700 Subject: [PATCH 7/7] Add Minio Console to the logins table --- examples/postgres-operator/README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/postgres-operator/README.md b/examples/postgres-operator/README.md index 83b0731568..3458ffe72f 100644 --- a/examples/postgres-operator/README.md +++ b/examples/postgres-operator/README.md @@ -33,6 +33,7 @@ After looking at several alternatives, Zalando's postgres operator felt like the | Postgres Operator UI | [https://postgres-operator-ui.localhost:8443](https://postgres-operator-ui.localhost:8443) | N/A | N/A | | PGAdmin | [https://pgadmin.localhost:8443](https://pgadmin.localhost:8443) | `zarf@example.local` | Run: `zarf tools get-admin-password` | | Example Postgres Database | `acid-zarf-test.postgres-operator.svc.cluster.local` | `zarf` | Run: `echo $(kubectl get secret zarf.acid-zarf-test.credentials.postgresql.acid.zalan.do -n postgres-operator --template={{.data.password}} \| base64 -d)` | +| Minio Console | [https://minio-console.localhost:8443](https://minio-console.localhost:8443) | `minio` | `minio123` | ## References - https://blog.flant.com/comparing-kubernetes-operators-for-postgresql/