From b5a455648dc342f7a9c58ab2ddb0652fefbb1a26 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oliver=20B=C3=A4hler?= <oliverbaehler@hotmail.com>
Date: Wed, 31 Mar 2021 22:01:02 +0200
Subject: [PATCH] Save Progress
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Oliver Bähler <oliverbaehler@hotmail.com>
---
 charts/argo/Chart.lock  |  10 +-
 charts/argo/Chart.yaml  |   9 ++
 charts/argo/test.yaml   |  14 +++
 charts/argo/values.yaml | 227 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 258 insertions(+), 2 deletions(-)
 create mode 100644 charts/argo/test.yaml

diff --git a/charts/argo/Chart.lock b/charts/argo/Chart.lock
index 4b57ae05..d88a8c14 100644
--- a/charts/argo/Chart.lock
+++ b/charts/argo/Chart.lock
@@ -2,5 +2,11 @@ dependencies:
 - name: minio
   repository: https://helm.min.io/
   version: 8.0.9
-digest: sha256:0f43ad0a4b4e9af47615ef3da85054712eb28f154418d96b7b974a095cc19260
-generated: "2021-01-13T15:31:40.823086-08:00"
+- name: minio-operator
+  repository: https://operator.min.io/
+  version: 4.0.3
+- name: raw
+  repository: https://bedag.github.io/helm-charts/
+  version: 1.1.0
+digest: sha256:1eb53999d4d102849fd5599ce4d78627a2e1405c2226b8bd5ec1f781436aa220
+generated: "2021-03-31T21:50:26.349679125+02:00"
diff --git a/charts/argo/Chart.yaml b/charts/argo/Chart.yaml
index 1ce323cc..b078d2a7 100644
--- a/charts/argo/Chart.yaml
+++ b/charts/argo/Chart.yaml
@@ -15,3 +15,12 @@ dependencies:
   version: 8.0.9
   repository: https://helm.min.io/
   condition: minio.install
+- name: minio-operator
+  version: 4.0.3
+  repository: https://operator.min.io/
+  condition: minio-operator.install
+- name: raw
+  version: 1.1.0
+  repository: https://bedag.github.io/helm-charts/
+  condition: raw.enabled
+
diff --git a/charts/argo/test.yaml b/charts/argo/test.yaml
new file mode 100644
index 00000000..2d6a3f3f
--- /dev/null
+++ b/charts/argo/test.yaml
@@ -0,0 +1,14 @@
+minio:
+  # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
+  install: false
+  defaultBucket:
+    enabled: true
+    name: argo-artifacts
+
+# Minio Operator: https://github.com/minio/operator/tree/master/helm/minio-operator
+# This deploys the minio operator with argo as dependency. This might not be suitable for production environments, since the minio-operator might already be deployed and managed by another helm release. In this case you should provision a new minio tenants with the extraResources key.
+minio-operator:
+  install: true 
+
+raw:
+  enabled: true
diff --git a/charts/argo/values.yaml b/charts/argo/values.yaml
index 0a5be36d..3a269764 100644
--- a/charts/argo/values.yaml
+++ b/charts/argo/values.yaml
@@ -322,9 +322,236 @@ artifactRepository:
 
 
 # NOTE: These are setting attributes for the `minio` optional dependency
+# According to Minio, deploying Minio with this dependency chart is no longer supported. Therefor we recommend using the minio-operator chart or provision minio tenants as standalone manifests (raw Chart).
+# More information: https://helm.min.io/
+# This dependency might be removed in the future 
 minio:
   # If set to true then chart installs minio and generate according artifactRepository section in workflow controller config map
   install: false
   defaultBucket:
     enabled: true
     name: argo-artifacts
+
+# Minio Operator: https://github.com/minio/operator/tree/master/helm/minio-operator
+# This deploys the minio operator with argo as dependency. This might not be suitable for production environments, since the minio-operator might already be deployed and managed by another helm release. In this case you should provision a new minio tenants with the extraResources key.
+minio-operator:
+  install: false 
+
+# Raw Chart: https://artifacthub.io/packages/helm/main/raw
+# Allows to add standalone kubernetes manifests into a helm release.
+raw:
+  enabled: false 
+
+  # Converted Example Minio Tenant Example
+  # Reference: https://github.com/minio/operator/blob/master/examples/tenant.yaml
+  resources:
+
+  ## Secret to be used as MinIO Root Credentials
+  - |
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: minio-creds-secret
+    type: Opaque
+    data:
+      ## Access Key for MinIO Tenant, base64 encoded (echo -n 'minio' | base64)
+      accesskey: bWluaW8=
+      ## Secret Key for MinIO Tenant, base64 encoded (echo -n 'minio123' | base64)
+      secretkey: bWluaW8xMjM=
+
+  ## Secret to be used for MinIO Console
+  - | 
+    apiVersion: v1
+    kind: Secret
+    metadata:
+      name: console-secret
+    type: Opaque
+    data:
+      ## Passphrase to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
+      CONSOLE_PBKDF_PASSPHRASE: U0VDUkVU
+      ## Salt to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
+      CONSOLE_PBKDF_SALT: U0VDUkVU
+      ## MinIO User Access Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLEACCESS' | base64)
+      CONSOLE_ACCESS_KEY: WU9VUkNPTlNPTEVBQ0NFU1M=
+      ## MinIO User Secret Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLESECRET' | base64)
+      CONSOLE_SECRET_KEY: WU9VUkNPTlNPTEVTRUNSRVQ=
+    
+  ## MinIO Tenant Definition  
+  - |     
+    apiVersion: minio.min.io/v2
+    kind: Tenant
+    metadata:
+      name: minio
+      ## Optionally pass labels to be applied to the statefulset pods
+      labels:
+        app: minio
+      ## Annotations for MinIO Tenant Pods
+      annotations:
+        prometheus.io/path: /minio/prometheus/metrics
+        prometheus.io/port: "9000"
+        prometheus.io/scrape: "true"
+    
+    ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.
+    ## If not specified, the Tenant pods will be dispatched by default scheduler.
+    # scheduler:
+    #  name: my-custom-scheduler
+    
+    spec:
+      ## Registry location and Tag to download MinIO Server image
+      image: minio/minio:RELEASE.2021-03-01T04-20-55Z
+      imagePullPolicy: IfNotPresent
+    
+      ## Secret with credentials to be used by MinIO Tenant.
+      ## Refers to the secret object created above.
+      credsSecret:
+        name: minio-creds-secret
+    
+      ## Specification for MinIO Pool(s) in this Tenant.
+      pools:
+          ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
+          ## For standalone mode, supply 1. For distributed mode, supply 4 or more.
+          ## Note that the operator does not support upgrading from standalone to distributed mode.
+        - servers: 4
+    
+          ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
+          volumesPerServer: 4
+    
+          ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
+          ## Pool.
+          volumeClaimTemplate:
+            metadata:
+              name: data
+            spec:
+              accessModes:
+                - ReadWriteOnce
+              resources:
+                requests:
+                  storage: 1Ti
+    
+          ## Used to specify a toleration for a pod
+          # tolerations:
+          #  - effect: NoSchedule
+          #    key: dedicated
+          #    operator: Equal
+          #    value: storage
+    
+          ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
+          ## eligible to run on a node, the node must have each of the
+          ## indicated key-value pairs as labels.
+          ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
+          # nodeSelector:
+          #   disktype: ssd
+    
+          ## Affinity settings for MinIO pods. Read more about affinity
+          ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
+          # affinity:
+          #   nodeAffinity:
+          #     requiredDuringSchedulingIgnoredDuringExecution:
+          #       nodeSelectorTerms:
+          #       - matchExpressions:
+          #         - key: kubernetes.io/hostname
+          #           operator: In
+          #           values:
+          #           - hostname1
+          #           - hostname2
+          #   podAntiAffinity:
+          #     requiredDuringSchedulingIgnoredDuringExecution:
+          #     - labelSelector:
+          #         matchExpressions:
+          #         - key: app
+          #           operator: In
+          #           values:
+          #           - store
+          #       topologyKey: "kubernetes.io/hostname" 
+    
+          ## Configure resource requests and limits for MinIO containers
+          # resources:
+          #   requests:
+          #     cpu: 250m
+          #     memory: 16Gi
+          #   limits:
+          #     cpu: 500m
+          #      memory: 16Gi
+    
+          ## Configure security context 
+          securityContext:
+            runAsUser: 1000
+            runAsGroup: 1000
+            runAsNonRoot: true
+    
+      ## Mount path where PV will be mounted inside container(s).
+      mountPath: /export
+      ## Sub path inside Mount path where MinIO stores data.
+      # subPath: /data
+    
+      ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure
+      ## TLS for MinIO Tenant pods. Create secrets as explained here:
+      ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
+      # externalCertSecret:
+      #   - name: tls-ssl-minio
+      #     type: kubernetes.io/tls
+    
+      ## Enable automatic Kubernetes based certificate generation and signing as explained in
+      ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
+      requestAutoCert: true
+    
+      ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be
+      ## accessible as DNS entries of form `<bucketname>.minio.default.svc.cluster.local`
+      s3:
+        ## This feature is turned off by default
+        bucketDNS: false
+    
+      ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName
+      ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is
+      ## not provided. DNS name format is *.minio.default.svc.cluster.local
+      certConfig:
+        commonName: ""
+        organizationName: []
+        dnsNames: []
+    
+      ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"
+      ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
+      ## for details.
+      podManagementPolicy: Parallel
+    
+      ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific 
+      ## services created by the operator.
+      serviceMetadata:
+        minioServiceLabels:
+          label: minio-svc
+        minioServiceAnnotations:
+          v2.min.io: minio-svc
+        consoleServiceLabels:
+          label: console-svc
+        consoleServiceAnnotations:
+          v2.min.io: console-svc
+    
+      ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
+      # env:
+      # - name: MINIO_BROWSER
+      #   value: "off" # to turn-off browser
+      # - name: MINIO_STORAGE_CLASS_STANDARD
+      #   value: "EC:2"
+    
+      ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
+      ## This is applied to MinIO pods only.
+      ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
+      # priorityClassName: high-priority
+    
+      ## Define configuration for Console (Graphical user interface for MinIO)
+      ## Refer https://github.com/minio/console
+      console:
+        image: minio/console:v0.6.3
+        replicas: 2
+        consoleSecret:
+          name: console-secret
+        securityContext:
+          runAsUser: 1000
+          runAsGroup: 2000
+          runAsNonRoot: true
+    
+    
+    
+    
+    
+