Created
January 29, 2024 11:48
-
-
Save kairen/d562e05163ca3e1233498cb98ba747b5 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| apiVersion: v1 | |
| kind: ServiceAccount | |
| metadata: | |
| name: minio-setup | |
| --- | |
| apiVersion: rbac.authorization.k8s.io/v1 | |
| kind: RoleBinding | |
| metadata: | |
| name: minio-setup-edit | |
| roleRef: | |
| apiGroup: rbac.authorization.k8s.io | |
| kind: ClusterRole | |
| name: edit | |
| subjects: | |
| - kind: ServiceAccount | |
| name: minio-setup | |
| --- | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| labels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: minio | |
| spec: | |
| ports: | |
| - name: api | |
| port: 9000 | |
| targetPort: api | |
| - name: console | |
| port: 9090 | |
| targetPort: 9090 | |
| selector: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| sessionAffinity: None | |
| type: ClusterIP | |
| --- | |
| apiVersion: v1 | |
| kind: PersistentVolumeClaim | |
| metadata: | |
| labels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: minio | |
| spec: | |
| storageClassName: gp3-csi | |
| accessModes: | |
| - ReadWriteOnce | |
| resources: | |
| requests: | |
| storage: 75Gi | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| labels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: minio | |
| spec: | |
| replicas: 1 | |
| selector: | |
| matchLabels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| strategy: | |
| type: Recreate | |
| template: | |
| metadata: | |
| labels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| spec: | |
| containers: | |
| - args: | |
| - minio server /data --console-address :9090 | |
| command: | |
| - /bin/bash | |
| - -c | |
| envFrom: | |
| - secretRef: | |
| name: minio-root-user | |
| image: quay.io/minio/minio:latest | |
| name: minio | |
| ports: | |
| - containerPort: 9000 | |
| name: api | |
| protocol: TCP | |
| - containerPort: 9090 | |
| name: console | |
| protocol: TCP | |
| resources: | |
| limits: | |
| cpu: "1" | |
| memory: 1Gi | |
| requests: | |
| cpu: 250m | |
| memory: 512Mi | |
| volumeMounts: | |
| - mountPath: /data | |
| name: minio | |
| volumes: | |
| - name: minio | |
| persistentVolumeClaim: | |
| claimName: minio | |
| - emptyDir: {} | |
| name: empty | |
| --- | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| name: create-ds-connections | |
| spec: | |
| selector: {} | |
| template: | |
| spec: | |
| containers: | |
| - args: | |
| - -ec | |
| - |- | |
| echo -n 'Waiting for minio route' | |
| while ! oc get route minio-s3 2>/dev/null | grep -qF minio-s3; do | |
| echo -n . | |
| sleep 5 | |
| done; echo | |
| echo -n 'Waiting for minio root user secret' | |
| while ! oc get secret minio-root-user 2>/dev/null | grep -qF minio-root-user; do | |
| echo -n . | |
| sleep 5 | |
| done; echo | |
| MINIO_ROOT_USER=$(oc get secret minio-root-user -o template --template '{{.data.MINIO_ROOT_USER}}') | |
| MINIO_ROOT_PASSWORD=$(oc get secret minio-root-user -o template --template '{{.data.MINIO_ROOT_PASSWORD}}') | |
| MINIO_HOST=https://$(oc get route minio-s3 -o template --template '{{.spec.host}}') | |
| cat << EOF | oc apply -f- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| annotations: | |
| opendatahub.io/connection-type: s3 | |
| openshift.io/display-name: OAI Storage | |
| labels: | |
| opendatahub.io/dashboard: "true" | |
| opendatahub.io/managed: "true" | |
| name: aws-connection-oai-storage | |
| data: | |
| AWS_ACCESS_KEY_ID: ${MINIO_ROOT_USER} | |
| AWS_SECRET_ACCESS_KEY: ${MINIO_ROOT_PASSWORD} | |
| stringData: | |
| AWS_DEFAULT_REGION: ap-southeast-1 | |
| AWS_S3_BUCKET: oai-storage | |
| AWS_S3_ENDPOINT: ${MINIO_HOST} | |
| type: Opaque | |
| EOF | |
| cat << EOF | oc apply -f- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| annotations: | |
| opendatahub.io/connection-type: s3 | |
| openshift.io/display-name: Pipeline Artifacts | |
| labels: | |
| opendatahub.io/dashboard: "true" | |
| opendatahub.io/managed: "true" | |
| name: aws-connection-pipeline-artifacts | |
| data: | |
| AWS_ACCESS_KEY_ID: ${MINIO_ROOT_USER} | |
| AWS_SECRET_ACCESS_KEY: ${MINIO_ROOT_PASSWORD} | |
| stringData: | |
| AWS_DEFAULT_REGION: ap-southeast-1 | |
| AWS_S3_BUCKET: pipeline-artifacts | |
| AWS_S3_ENDPOINT: ${MINIO_HOST} | |
| type: Opaque | |
| EOF | |
| command: | |
| - /bin/bash | |
| image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest | |
| imagePullPolicy: IfNotPresent | |
| name: create-ds-connections | |
| restartPolicy: Never | |
| serviceAccount: minio-setup | |
| serviceAccountName: minio-setup | |
| --- | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: create-minio-buckets | |
| spec: | |
| selector: {} | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| spec: | |
| containers: | |
| - args: | |
| - -ec | |
| - |- | |
| oc get secret minio-root-user | |
| cat << 'EOF' | python3 | |
| import boto3, os | |
| s3 = boto3.client("s3", | |
| endpoint_url="http://minio:9000", | |
| aws_access_key_id=os.getenv("MINIO_ROOT_USER"), | |
| aws_secret_access_key=os.getenv("MINIO_ROOT_PASSWORD")) | |
| bucket = 'pipeline-artifacts' | |
| print('creating pipeline-artifacts bucket') | |
| if bucket not in [bu["Name"] for bu in s3.list_buckets()["Buckets"]]: | |
| s3.create_bucket(Bucket=bucket) | |
| bucket = 'oai-storage' | |
| print('creating oai-storage bucket') | |
| if bucket not in [bu["Name"] for bu in s3.list_buckets()["Buckets"]]: | |
| s3.create_bucket(Bucket=bucket) | |
| EOF | |
| command: | |
| - /bin/bash | |
| envFrom: | |
| - secretRef: | |
| name: minio-root-user | |
| image: image-registry.openshift-image-registry.svc:5000/redhat-ods-applications/tensorflow:2023.2 | |
| imagePullPolicy: IfNotPresent | |
| name: create-buckets | |
| initContainers: | |
| - args: | |
| - -ec | |
| - |- | |
| echo -n 'Waiting for minio root user secret' | |
| while ! oc get secret minio-root-user 2>/dev/null | grep -qF minio-root-user; do | |
| echo -n . | |
| sleep 5 | |
| done; echo | |
| echo -n 'Waiting for minio deployment' | |
| while ! oc get deployment minio 2>/dev/null | grep -qF minio; do | |
| echo -n . | |
| sleep 5 | |
| done; echo | |
| oc wait --for=condition=available --timeout=60s deployment/minio | |
| sleep 10 | |
| command: | |
| - /bin/bash | |
| image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest | |
| imagePullPolicy: IfNotPresent | |
| name: wait-for-minio | |
| restartPolicy: Never | |
| serviceAccount: minio-setup | |
| serviceAccountName: minio-setup | |
| --- | |
| apiVersion: batch/v1 | |
| kind: Job | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: create-minio-root-user | |
| spec: | |
| backoffLimit: 4 | |
| template: | |
| metadata: | |
| labels: | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| spec: | |
| containers: | |
| - args: | |
| - -ec | |
| - |- | |
| if [ -n "$(oc get secret minio-root-user -oname 2>/dev/null)" ]; then | |
| echo "Secret already exists. Skipping." >&2 | |
| exit 0 | |
| fi | |
| genpass() { | |
| < /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c"${1:-32}" | |
| } | |
| MINIO_ROOT_USER=${MINIO_ROOT_USER:-"admin"} | |
| MINIO_ROOT_PASSWORD=${MINIO_ROOT_PASSWORD:-$(genpass)} | |
| cat << EOF | oc apply -f- | |
| apiVersion: v1 | |
| kind: Secret | |
| metadata: | |
| name: minio-root-user | |
| type: Opaque | |
| stringData: | |
| MINIO_ROOT_USER: ${MINIO_ROOT_USER} | |
| MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD} | |
| EOF | |
| command: | |
| - /bin/bash | |
| env: | |
| - name: MINIO_ROOT_USER | |
| value: "" | |
| - name: MINIO_ROOT_PASSWORD | |
| value: "" | |
| image: image-registry.openshift-image-registry.svc:5000/openshift/tools:latest | |
| imagePullPolicy: IfNotPresent | |
| name: create-minio-root-user | |
| restartPolicy: Never | |
| serviceAccount: minio-setup | |
| serviceAccountName: minio-setup | |
| --- | |
| apiVersion: route.openshift.io/v1 | |
| kind: Route | |
| metadata: | |
| labels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: minio-console | |
| spec: | |
| port: | |
| targetPort: console | |
| tls: | |
| insecureEdgeTerminationPolicy: Redirect | |
| termination: edge | |
| to: | |
| kind: Service | |
| name: minio | |
| weight: 100 | |
| wildcardPolicy: None | |
| --- | |
| apiVersion: route.openshift.io/v1 | |
| kind: Route | |
| metadata: | |
| labels: | |
| app: minio | |
| app.kubernetes.io/component: minio | |
| app.kubernetes.io/instance: minio | |
| app.kubernetes.io/name: minio | |
| app.kubernetes.io/part-of: minio | |
| component: minio | |
| name: minio-s3 | |
| spec: | |
| port: | |
| targetPort: api | |
| tls: | |
| insecureEdgeTerminationPolicy: Redirect | |
| termination: edge | |
| to: | |
| kind: Service | |
| name: minio | |
| weight: 100 | |
| wildcardPolicy: None |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment