Operator Helm Charts
MinIO 发布了 Helm 图表 用于 Helm Operator 图表 和 Helm 租户图表。您可以使用这些图表通过 Helm 部署 MinIO Operator 和托管租户。
以下页面记录了 MinIO Operator 的 values.yaml
图表。有关 MinIO 租户图表的文档,请参阅 租户 Helm 图表
MinIO Operator 图表
- 操作符
- 环境
要传递给 Operator 部署的环境变量数组。传递空数组以使用默认值启动 Operator。
例如
env: - name: MINIO_OPERATOR_DEPLOYMENT_NAME valueFrom: fieldRef: fieldPath: metadata.labels['app.kubernetes.io/name'] - name: CLUSTER_DOMAIN value: "cluster.domain" - name: WATCHED_NAMESPACE value: "" - name: MINIO_OPERATOR_RUNTIME value: "OpenShift"
请参阅 Operator 环境变量 以获取所有支持值的列表。
- 镜像
指定要用于部署的 Operator 容器镜像。
image.tag
例如,以下内容将镜像设置为quay.io/minio/operator
存储库和 v6.0.3 标记。如果容器不存在,则会拉取镜像。image: repository: quay.io/minio/operator tag: v6.0.3 pullPolicy: IfNotPresent
该图表还支持根据摘要值指定镜像。
image: repository: quay.io/minio/operator@sha256 digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983 pullPolicy: IfNotPresent
- 边车镜像
指定要在租户 Pod 上为初始化容器和边车部署的边车容器镜像。仅当要使用与默认值不同的版本或要设置自定义注册表时,才需要更改此设置。
sidecarImage.tag
例如,以下内容将镜像设置为quay.io/minio/operator-sidecar
存储库和 v6.0.3 标记。如果容器不存在,则会拉取镜像。sidecarImage: repository: quay.io/minio/operator-sidecar tag: v6.0.3 pullPolicy: IfNotPresent
该图表还支持根据摘要值指定镜像。
sidecarImage: repository: quay.io/minio/operator-sidecar@sha256 digest: a11947a230b80fb1b0bffa97173147a505d4f1207958f722e348d11ab9e972c1 pullPolicy: IfNotPresent
- 镜像拉取密钥
要用于从私有
image.repository
拉取镜像的 Kubernetes 密钥数组。目前仅支持一个数组元素。- 运行时类名
要用于 Operator Pod 的自定义 容器运行时 的名称。
- 初始化容器
要在 Operator Pod 启动之前启动的 初始化容器 数组。请谨慎操作,因为
initContainer
失败会导致 Operator Pod 无法启动。传递空数组以正常启动 Operator。- 副本数量
要部署的 Operator Pod 数量。较高的值会在工作节点发生故障时提高可用性。
集群必须有足够数量的可用工作节点来满足请求。Operator Pod 默认情况下会部署带有 Pod 反亲和性,以防止 Kubernetes 将多个 Pod 调度到单个工作节点上。
- 安全上下文
要用于部署 Operator 资源的 Kubernetes 安全上下文。
您可能需要修改这些值以满足集群的安全和访问设置。
- 容器安全上下文
用于部署 Operator 容器的 Kubernetes 安全上下文。您可能需要修改这些值以满足集群的安全和访问设置。
- 卷
Operator 可以挂载到 Pod 的 卷 数组。
这些卷必须存在 *并且* 可被 Operator Pod 访问。
- 卷挂载
与每个 Operator 容器关联的卷挂载点数组。
按如下方式指定数组中的每个项目
volumeMounts: - name: volumename mountPath: /path/to/mount
name
字段必须对应于volumes
数组中的一个条目。- 节点选择器
要应用于 Operator Pod 的任何 节点选择器。
Kubernetes 调度程序使用这些选择器来确定它可以将 Operator Pod 部署到哪些工作节点上。
如果没有任何工作节点匹配指定的选择器,则 Operator 部署将失败。
- 优先级类名称
要分配给 Operator Pod 的 Pod 优先级。
- 亲和性
要应用于 Operator Pod 的 亲和性 或反亲和性设置。
这些设置确定 Pod 在工作节点上的分布,并有助于防止或允许将 Pod 放在同一个工作节点上。
- 容忍
要与 Operator Pod 关联的 容忍标签 数组。
这些设置确定 Pod 在工作节点上的分布。
- 拓扑传播约束
要与 Operator Pod 关联的 拓扑传播约束 数组。
这些设置确定 Pod 在工作节点上的分布。
- 资源
要与 Operator Pod 关联的资源的 请求或限制。
这些设置可以控制每个 Pod 请求的最小和最大资源。如果没有任何工作节点能够满足指定的请求,则 Operator 可能无法部署。
Operator Helm 图表的根密钥
###
# Root key for Operator Helm Chart
operator:
###
# An array of environment variables to pass to the Operator deployment.
# Pass an empty array to start Operator with defaults.
#
# For example:
#
# .. code-block:: yaml
#
# env:
# - name: MINIO_OPERATOR_DEPLOYMENT_NAME
# valueFrom:
# fieldRef:
# fieldPath: metadata.labels['app.kubernetes.io/name']
# - name: CLUSTER_DOMAIN
# value: "cluster.domain"
# - name: WATCHED_NAMESPACE
# value: ""
# - name: MINIO_OPERATOR_RUNTIME
# value: "OpenShift"
#
# See `Operator environment variables <https://github.com/minio/operator/blob/master/docs/env-variables.md>`__ for a list of all supported values.
env:
- name: OPERATOR_STS_ENABLED
value: "on"
# An array of additional annotations to be applied to the operator service account
serviceAccountAnnotations: []
# additional labels to be applied to operator resources
additionalLabels: {}
###
# Specify the Operator container image to use for the deployment.
# ``image.tag``
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.3 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/operator
# tag: v6.0.3
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/operator@sha256
# digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983
# pullPolicy: IfNotPresent
#
image:
repository: quay.io/minio/operator
tag: v6.0.3
pullPolicy: IfNotPresent
###
# Specify the sidecar container image to deploy on tenant pods for init container and sidecar.
# Only need to change this if want to use a different version that the default, or want to set a custom registry.
# ``sidecarImage.tag``
# For example, the following sets the image to the ``quay.io/minio/operator-sidecar`` repo and the v6.0.3 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
# sidecarImage:
# repository: quay.io/minio/operator-sidecar
# tag: v6.0.3
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
#
# .. code-block:: yaml
#
# sidecarImage:
# repository: quay.io/minio/operator-sidecar@sha256
# digest: a11947a230b80fb1b0bffa97173147a505d4f1207958f722e348d11ab9e972c1
# pullPolicy: IfNotPresent
#
sidecarImage: {}
###
#
# An array of Kubernetes secrets to use for pulling images from a private ``image.repository``.
# Only one array element is supported at this time.
imagePullSecrets: [ ]
###
#
# The name of a custom `Container Runtime <http://kubernetes.ac.cn/docs/concepts/containers/runtime-class/>`__ to use for the Operator pods.
runtimeClassName: ~
###
# An array of `initContainers <http://kubernetes.ac.cn/docs/concepts/workloads/pods/init-containers/>`__ to start up before the Operator pods.
# Exercise care as ``initContainer`` failures prevent Operator pods from starting.
# Pass an empty array to start the Operator normally.
initContainers: [ ]
###
# The number of Operator pods to deploy.
# Higher values increase availability in the event of worker node failures.
#
# The cluster must have sufficient number of available worker nodes to fulfill the request.
# Operator pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node.
replicaCount: 2
###
# The Kubernetes `SecurityContext <http://kubernetes.ac.cn/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Operator resources.
#
# You may need to modify these values to meet your cluster's security and access settings.
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
###
# The Kubernetes `SecurityContext <http://kubernetes.ac.cn/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Operator containers.
# You may need to modify these values to meet your cluster's security and access settings.
containerSecurityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
###
# An array of `Volumes <http://kubernetes.ac.cn/docs/concepts/storage/volumes/>`__ which the Operator can mount to pods.
#
# The volumes must exist *and* be accessible to the Operator pods.
volumes: [ ]
###
# An array of volume mount points associated to each Operator container.
#
# Specify each item in the array as follows:
#
# .. code-block:: yaml
#
# volumeMounts:
# - name: volumename
# mountPath: /path/to/mount
#
# The ``name`` field must correspond to an entry in the ``volumes`` array.
volumeMounts: [ ]
###
# Any `Node Selectors <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/assign-pod-node/>`__ to apply to Operator pods.
#
# The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Operator pods.
#
# If no worker nodes match the specified selectors, the Operator deployment will fail.
nodeSelector: { }
###
#
# The `Pod Priority <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/pod-priority-preemption/>`__ to assign to Operator pods.
priorityClassName: ""
###
#
# The `affinity <http://kubernetes.ac.cn/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/>`__ or anti-affinity settings to apply to Operator pods.
#
# These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes.
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- minio-operator
topologyKey: kubernetes.io/hostname
###
#
# An array of `Toleration labels <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/taint-and-toleration/>`__ to associate to Operator pods.
#
# These settings determine the distribution of pods across worker nodes.
tolerations: [ ]
###
#
# An array of `Topology Spread Constraints <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/topology-spread-constraints/>`__ to associate to Operator pods.
#
# These settings determine the distribution of pods across worker nodes.
topologySpreadConstraints: [ ]
###
#
# The `Requests or Limits <http://kubernetes.ac.cn/docs/concepts/configuration/manage-resources-containers/>`__ for resources to associate to Operator pods.
#
# These settings can control the minimum and maximum resources requested for each pod.
# If no worker nodes can meet the specified requests, the Operator may fail to deploy.
resources:
requests:
cpu: 200m
memory: 256Mi
ephemeral-storage: 500Mi