文档

Operator Helm Charts

MinIO 发布了 Helm 图表 用于 Helm Operator 图表Helm 租户图表。您可以使用这些图表通过 Helm 部署 MinIO Operator 和托管租户。

以下页面记录了 MinIO Operator 的 values.yaml 图表。有关 MinIO 租户图表的文档,请参阅 租户 Helm 图表

MinIO Operator 图表

操作符

Operator Helm 图表的根密钥

环境

要传递给 Operator 部署的环境变量数组。传递空数组以使用默认值启动 Operator。

例如

env:
- name: MINIO_OPERATOR_DEPLOYMENT_NAME
  valueFrom:
    fieldRef:
      fieldPath: metadata.labels['app.kubernetes.io/name']
- name: CLUSTER_DOMAIN
  value: "cluster.domain"
- name: WATCHED_NAMESPACE
  value: ""
- name: MINIO_OPERATOR_RUNTIME
  value: "OpenShift"

请参阅 Operator 环境变量 以获取所有支持值的列表。

镜像

指定要用于部署的 Operator 容器镜像。 image.tag 例如,以下内容将镜像设置为 quay.io/minio/operator 存储库和 v6.0.3 标记。如果容器不存在,则会拉取镜像。

image:
  repository: quay.io/minio/operator
  tag: v6.0.3
  pullPolicy: IfNotPresent

该图表还支持根据摘要值指定镜像。

image:
  repository: quay.io/minio/operator@sha256
  digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983
  pullPolicy: IfNotPresent
边车镜像

指定要在租户 Pod 上为初始化容器和边车部署的边车容器镜像。仅当要使用与默认值不同的版本或要设置自定义注册表时,才需要更改此设置。 sidecarImage.tag 例如,以下内容将镜像设置为 quay.io/minio/operator-sidecar 存储库和 v6.0.3 标记。如果容器不存在,则会拉取镜像。

sidecarImage:
  repository: quay.io/minio/operator-sidecar
  tag: v6.0.3
  pullPolicy: IfNotPresent

该图表还支持根据摘要值指定镜像。

sidecarImage:
  repository: quay.io/minio/operator-sidecar@sha256
  digest: a11947a230b80fb1b0bffa97173147a505d4f1207958f722e348d11ab9e972c1
  pullPolicy: IfNotPresent
镜像拉取密钥

要用于从私有 image.repository 拉取镜像的 Kubernetes 密钥数组。目前仅支持一个数组元素。

运行时类名

要用于 Operator Pod 的自定义 容器运行时 的名称。

初始化容器

要在 Operator Pod 启动之前启动的 初始化容器 数组。请谨慎操作,因为 initContainer 失败会导致 Operator Pod 无法启动。传递空数组以正常启动 Operator。

副本数量

要部署的 Operator Pod 数量。较高的值会在工作节点发生故障时提高可用性。

集群必须有足够数量的可用工作节点来满足请求。Operator Pod 默认情况下会部署带有 Pod 反亲和性,以防止 Kubernetes 将多个 Pod 调度到单个工作节点上。

安全上下文

要用于部署 Operator 资源的 Kubernetes 安全上下文

您可能需要修改这些值以满足集群的安全和访问设置。

容器安全上下文

用于部署 Operator 容器的 Kubernetes 安全上下文。您可能需要修改这些值以满足集群的安全和访问设置。

Operator 可以挂载到 Pod 的 数组。

这些卷必须存在 *并且* 可被 Operator Pod 访问。

卷挂载

与每个 Operator 容器关联的卷挂载点数组。

按如下方式指定数组中的每个项目

volumeMounts:
- name: volumename
  mountPath: /path/to/mount

name 字段必须对应于 volumes 数组中的一个条目。

节点选择器

要应用于 Operator Pod 的任何 节点选择器

Kubernetes 调度程序使用这些选择器来确定它可以将 Operator Pod 部署到哪些工作节点上。

如果没有任何工作节点匹配指定的选择器,则 Operator 部署将失败。

优先级类名称

要分配给 Operator Pod 的 Pod 优先级

亲和性

要应用于 Operator Pod 的 亲和性 或反亲和性设置。

这些设置确定 Pod 在工作节点上的分布,并有助于防止或允许将 Pod 放在同一个工作节点上。

容忍

要与 Operator Pod 关联的 容忍标签 数组。

这些设置确定 Pod 在工作节点上的分布。

拓扑传播约束

要与 Operator Pod 关联的 拓扑传播约束 数组。

这些设置确定 Pod 在工作节点上的分布。

资源

要与 Operator Pod 关联的资源的 请求或限制

这些设置可以控制每个 Pod 请求的最小和最大资源。如果没有任何工作节点能够满足指定的请求,则 Operator 可能无法部署。

###
# Root key for Operator Helm Chart
operator:
  ###
  # An array of environment variables to pass to the Operator deployment.
  # Pass an empty array to start Operator with defaults.
  #
  # For example:
  #
  # .. code-block:: yaml
  #
  #    env:
  #    - name: MINIO_OPERATOR_DEPLOYMENT_NAME
  #      valueFrom:
  #        fieldRef:
  #          fieldPath: metadata.labels['app.kubernetes.io/name']
  #    - name: CLUSTER_DOMAIN
  #      value: "cluster.domain"
  #    - name: WATCHED_NAMESPACE
  #      value: ""
  #    - name: MINIO_OPERATOR_RUNTIME
  #      value: "OpenShift"
  #
  # See `Operator environment variables <https://github.com/minio/operator/blob/master/docs/env-variables.md>`__ for a list of all supported values.
  env:
    - name: OPERATOR_STS_ENABLED
      value: "on"
  # An array of additional annotations to be applied to the operator service account
  serviceAccountAnnotations: []
  # additional labels to be applied to operator resources
  additionalLabels: {}
  ###
  # Specify the Operator container image to use for the deployment.
  # ``image.tag``
  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.3 tag.
  # The container pulls the image if not already present:
  #
  # .. code-block:: yaml
  #
  #    image:
  #      repository: quay.io/minio/operator
  #      tag: v6.0.3
  #      pullPolicy: IfNotPresent
  #
  # The chart also supports specifying an image based on digest value:
  #
  # .. code-block:: yaml
  #
  #    image:
  #      repository: quay.io/minio/operator@sha256
  #      digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983
  #      pullPolicy: IfNotPresent
  #
  image:
    repository: quay.io/minio/operator
    tag: v6.0.3
    pullPolicy: IfNotPresent
  ###
  # Specify the sidecar container image to deploy on tenant pods for init container and sidecar.
  # Only need to change this if want to use a different version that the default, or want to set a custom registry.
  # ``sidecarImage.tag``
  # For example, the following sets the image to the ``quay.io/minio/operator-sidecar`` repo and the v6.0.3 tag.
  # The container pulls the image if not already present:
  #
  # .. code-block:: yaml
  #
  #    sidecarImage:
  #      repository: quay.io/minio/operator-sidecar
  #      tag: v6.0.3
  #      pullPolicy: IfNotPresent
  #
  # The chart also supports specifying an image based on digest value:
  #
  # .. code-block:: yaml
  #
  #    sidecarImage:
  #      repository: quay.io/minio/operator-sidecar@sha256
  #      digest: a11947a230b80fb1b0bffa97173147a505d4f1207958f722e348d11ab9e972c1
  #      pullPolicy: IfNotPresent
  #
  sidecarImage: {}
  ###
  #
  # An array of Kubernetes secrets to use for pulling images from a private ``image.repository``.
  # Only one array element is supported at this time.
  imagePullSecrets: [ ]
  ###
  #
  # The name of a custom `Container Runtime <http://kubernetes.ac.cn/docs/concepts/containers/runtime-class/>`__ to use for the Operator pods.
  runtimeClassName: ~
  ###
  # An array of `initContainers <http://kubernetes.ac.cn/docs/concepts/workloads/pods/init-containers/>`__ to start up before the Operator pods.
  # Exercise care as ``initContainer`` failures prevent Operator pods from starting.
  # Pass an empty array to start the Operator normally.
  initContainers: [ ]
  ###
  # The number of Operator pods to deploy.
  # Higher values increase availability in the event of worker node failures.
  #
  # The cluster must have sufficient number of available worker nodes to fulfill the request.
  # Operator pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node.
  replicaCount: 2
  ###
  # The Kubernetes `SecurityContext <http://kubernetes.ac.cn/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Operator resources.
  #
  # You may need to modify these values to meet your cluster's security and access settings.
  securityContext:
    runAsUser: 1000
    runAsGroup: 1000
    runAsNonRoot: true
    fsGroup: 1000
  ###
  # The Kubernetes `SecurityContext <http://kubernetes.ac.cn/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Operator containers.
  # You may need to modify these values to meet your cluster's security and access settings.
  containerSecurityContext:
    runAsUser: 1000
    runAsGroup: 1000
    runAsNonRoot: true
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - ALL
    seccompProfile:
      type: RuntimeDefault
  ###
  # An array of `Volumes <http://kubernetes.ac.cn/docs/concepts/storage/volumes/>`__ which the Operator can mount to pods.
  #
  # The volumes must exist *and* be accessible to the Operator pods.
  volumes: [ ]
  ###
  # An array of volume mount points associated to each Operator container.
  #
  # Specify each item in the array as follows:
  #
  # .. code-block:: yaml
  #
  #    volumeMounts:
  #    - name: volumename
  #      mountPath: /path/to/mount
  #
  # The ``name`` field must correspond to an entry in the ``volumes`` array.
  volumeMounts: [ ]
  ###
  # Any `Node Selectors <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/assign-pod-node/>`__ to apply to Operator pods.
  #
  # The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Operator pods.
  #
  # If no worker nodes match the specified selectors, the Operator deployment will fail.
  nodeSelector: { }
  ###
  #
  # The `Pod Priority <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/pod-priority-preemption/>`__ to assign to Operator pods.
  priorityClassName: ""
  ###
  #
  # The `affinity <http://kubernetes.ac.cn/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/>`__ or anti-affinity settings to apply to Operator pods.
  #
  # These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes.
  affinity:
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchExpressions:
              - key: name
                operator: In
                values:
                  - minio-operator
          topologyKey: kubernetes.io/hostname
  ###
  #
  # An array of `Toleration labels <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/taint-and-toleration/>`__ to associate to Operator pods.
  #
  # These settings determine the distribution of pods across worker nodes.
  tolerations: [ ]
  ###
  #
  # An array of `Topology Spread Constraints <http://kubernetes.ac.cn/docs/concepts/scheduling-eviction/topology-spread-constraints/>`__ to associate to Operator pods.
  #
  # These settings determine the distribution of pods across worker nodes.
  topologySpreadConstraints: [ ]
  ###
  #
  # The `Requests or Limits <http://kubernetes.ac.cn/docs/concepts/configuration/manage-resources-containers/>`__ for resources to associate to Operator pods.
  #
  # These settings can control the minimum and maximum resources requested for each pod.
  # If no worker nodes can meet the specified requests, the Operator may fail to deploy.
  resources:
    requests:
      cpu: 200m
      memory: 256Mi
      ephemeral-storage: 500Mi