Only have nodeport service

This commit is contained in:
Waqar Ahmed 2020-12-09 02:01:18 +05:00
parent 4917a6214a
commit ac0cfab7b7
5 changed files with 2 additions and 109 deletions

View File

@ -141,10 +141,6 @@ The following table lists the configurable parameters of the MinIO chart and the
| `certsPath` | Default certs path location | `/etc/minio/certs` |
| `mountPath` | Default mount location for persistent drive | `/export` |
| `bucketRoot` | Directory from where minio should serve buckets. | Value of `.mountPath` |
| `service.type` | Kubernetes service type | `ClusterIP` |
| `service.port` | Kubernetes port where service is exposed | `9000` |
| `service.externalIPs` | service external IP addresses | `nil` |
| `service.annotations` | Service annotations | `{}` |
| `persistence.enabled` | Use persistent volume to store data | `true` |
| `persistence.size` | Size of persistent volume claim | `500Gi` |
| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` |
@ -225,25 +221,6 @@ If a Persistent Volume Claim already exists, specify it during installation.
$ helm install --set persistence.existingClaim=PVC_NAME minio/minio
```
NetworkPolicy
-------------
To enable network policy for MinIO,
install [a networking plugin that implements the Kubernetes
NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
and set `networkPolicy.enabled` to `true`.
For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
With NetworkPolicy enabled, traffic will be limited to just port 9000.
For more precise policy, set `networkPolicy.allowExternal=true`. This will
only allow pods with the generated client label to connect to MinIO.
This label will be displayed in the output of a successful install.
Configure TLS
-------------

View File

@ -31,17 +31,6 @@ Create chart name and version as used by the chart label.
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for networkpolicy.
*/}}
{{- define "minio.networkPolicy.apiVersion" -}}
{{- if semverCompare ">=1.4-0, <1.7-0" .Capabilities.KubeVersion.Version -}}
{{- print "extensions/v1beta1" -}}
{{- else if semverCompare "^1.7-0" .Capabilities.KubeVersion.Version -}}
{{- print "networking.k8s.io/v1beta1" -}}
{{- end -}}
{{- end -}}
{{/*
Return the appropriate apiVersion for deployment.
*/}}

View File

@ -1,25 +0,0 @@
{{- if .Values.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ template "minio.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "minio.fullname" . }}
labels:
app: {{ template "minio.name" . }}
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
podSelector:
matchLabels:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}
ingress:
- ports:
- port: {{ .Values.service.port }}
{{- if not .Values.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels:
{{ template "minio.name" . }}-client: "true"
{{- end }}
{{- end }}

View File

@ -11,37 +11,14 @@ metadata:
chart: {{ template "minio.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
{{- if (or (eq .Values.service.type "ClusterIP" "") (empty .Values.service.type)) }}
type: ClusterIP
{{- if not (empty .Values.service.clusterIP) }}
clusterIP: {{ .Values.service.clusterIP }}
{{end}}
{{- else if eq .Values.service.type "LoadBalancer" }}
type: {{ .Values.service.type }}
loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }}
{{- else }}
type: {{ .Values.service.type }}
{{- end }}
type: "NodePort"
ports:
- name: {{ $scheme }}
port: {{ .Values.service.port }}
port: {{ .Values.service.nodePort }}
protocol: TCP
{{- if (and (eq .Values.service.type "NodePort") ( .Values.service.nodePort)) }}
nodePort: {{ .Values.service.nodePort }}
{{- else }}
targetPort: 9000
{{- end}}
{{- if .Values.service.externalIPs }}
externalIPs:
{{- range $i , $ip := .Values.service.externalIPs }}
- {{ $ip }}
{{- end }}
{{- end }}
selector:
app: {{ template "minio.name" . }}
release: {{ .Release.Name }}

View File

@ -93,33 +93,8 @@ persistence:
##
subPath: ""
## Expose the Minio service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
type: ClusterIP
clusterIP: ~
port: 9000
nodePort: 32000
## List of IP addresses at which the Prometheus server service is available
## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips
##
externalIPs: []
# - externalIp1
annotations: {}
# prometheus.io/scrape: 'true'
# prometheus.io/path: '/minio/prometheus/metrics'
# prometheus.io/port: '9000'
## Use this field to add environment variables relevant to Minio server. These fields will be passed on to Minio container(s)
## when Chart is deployed
environment:
## Please refer for comprehensive list https://docs.minio.io/docs/minio-server-configuration-guide.html
networkPolicy:
enabled: false
allowExternal: true