From b25b7aa2a50bc2a7fd10529a073bad56acf24f80 Mon Sep 17 00:00:00 2001 From: Pierre Hubert Date: Mon, 8 May 2023 18:04:11 +0200 Subject: [PATCH] Create docker image & test in docker --- Dockerfile | 6 +++ build_docker_image.sh | 14 +++++++ test/second-bucket.yaml | 3 +- test/test-inside-cluster.yaml | 25 +++++++++++++ yaml/deployment.yaml | 70 +++++++++++++++++++++++++++++++++++ yaml/service_account.yaml | 33 ----------------- 6 files changed, 117 insertions(+), 34 deletions(-) create mode 100644 Dockerfile create mode 100755 build_docker_image.sh create mode 100644 test/test-inside-cluster.yaml create mode 100644 yaml/deployment.yaml delete mode 100644 yaml/service_account.yaml diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..91ce89a --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM debian:bullseye-slim + +COPY minio-operator /usr/local/bin/minio-operator +COPY mc /usr/local/bin/mc + +ENTRYPOINT /usr/local/bin/minio-operator diff --git a/build_docker_image.sh b/build_docker_image.sh new file mode 100755 index 0000000..f87ea57 --- /dev/null +++ b/build_docker_image.sh @@ -0,0 +1,14 @@ +#!/bin/bash +cargo build --release + +TEMP_DIR=$(mktemp -d) +cp target/release/minio-operator "$TEMP_DIR" + +# Download mc +wget -O "$TEMP_DIR/mc" https://dl.min.io/client/mc/release/linux-amd64/mc +chmod +x "$TEMP_DIR/mc" + +docker build -f Dockerfile "$TEMP_DIR" -t pierre42100/minio_operator + +rm -r $TEMP_DIR + diff --git a/test/second-bucket.yaml b/test/second-bucket.yaml index e14d20f..2050437 100644 --- a/test/second-bucket.yaml +++ b/test/second-bucket.yaml @@ -6,4 +6,5 @@ metadata: spec: instance: my-minio-instance name: second-bucket - secret: second-bucket-secret \ No newline at end of file + secret: second-bucket-secret + versioning: false \ No newline at end of file diff --git a/test/test-inside-cluster.yaml b/test/test-inside-cluster.yaml new file mode 100644 index 0000000..9bb37ad --- /dev/null +++ b/test/test-inside-cluster.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +kind: Secret +metadata: + name: minio-root +type: Opaque +data: + accessKey: bWluaW9hZG1pbg== + secretKey: bWluaW9hZG1pbg== +--- +apiVersion: "communiquons.org/v1" +kind: MinioInstance +metadata: + name: my-minio-instance +spec: + endpoint: http://192.168.2.103:9000/ + credentials: minio-root +--- +apiVersion: "communiquons.org/v1" +kind: MinioBucket +metadata: + name: first-bucket +spec: + instance: my-minio-instance + name: first-bucket + secret: first-bucket-secret \ No newline at end of file diff --git a/yaml/deployment.yaml b/yaml/deployment.yaml new file mode 100644 index 0000000..5fee94a --- /dev/null +++ b/yaml/deployment.yaml @@ -0,0 +1,70 @@ +apiVersion: v1 +kind: ServiceAccount +automountServiceAccountToken: true +metadata: + name: minio-operator + namespace: default + labels: + app: minio-operator +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: minio-operator + namespace: default +rules: +- apiGroups: ["communiquons.org"] + resources: ["minioinstances", "miniobuckets"] + verbs: ["get", "list", "watch"] +- apiGroups: [""] + resources: ["secrets"] + verbs: ["get", "create"] +--- +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: minio-operator + namespace: default +subjects: +- kind: ServiceAccount + name: minio-operator + namespace: default +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: minio-operator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-operator + labels: + app: minio-operator +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app: minio-operator + template: + metadata: + labels: + app: minio-operator + spec: + serviceAccountName: minio-operator + containers: + - name: minio-operator + image: pierre42100/minio_operator + resources: + limits: + memory: 300Mi + cpu: "0.1" + requests: + memory: 150Mi + cpu: "0.01" + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL diff --git a/yaml/service_account.yaml b/yaml/service_account.yaml deleted file mode 100644 index 3d89363..0000000 --- a/yaml/service_account.yaml +++ /dev/null @@ -1,33 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -automountServiceAccountToken: true -metadata: - name: minio-buckets - namespace: default - labels: - app: minio ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: minio-buckets - namespace: default -rules: -- apiGroups: ["communiquons.org"] - resources: ["minioinstances", "miniobuckets"] - verbs: ["get", "watch"] ---- -kind: RoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: minio-buckets - namespace: default -subjects: -- kind: ServiceAccount - name: minio-buckets - namespace: default -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: minio-buckets ----