baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(minio): customize storage size

Browse Source
This commit is contained in:
Masaki Yatsu
2025-09-18 11:54:37 +09:00
parent e3eb50cbc0
commit a12601e652
3 changed files with 29 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
minio/justfile
View File

@@ -3,6 +3,7 @@ set fallback := true
export MINIO_NAMESPACE := env("MINIO_NAMESPACE", "minio") export MINIO_NAMESPACE := env("MINIO_NAMESPACE", "minio")
export MINIO_CHART_VERSION := env("MINIO_CHART_VERSION", "5.4.0") export MINIO_CHART_VERSION := env("MINIO_CHART_VERSION", "5.4.0")
export MINIO_OIDC_CLIENT_ID := env("MINIO_OIDC_CLIENT_ID", "minio") export MINIO_OIDC_CLIENT_ID := env("MINIO_OIDC_CLIENT_ID", "minio")
export MINIO_STORAGE_SIZE := env("MINIO_STORAGE_SIZE", "50Gi")
export KEYCLOAK_REALM := env("KEYCLOAK_REALM", "buunstack") export KEYCLOAK_REALM := env("KEYCLOAK_REALM", "buunstack")
export K8S_VAULT_NAMESPACE := env("K8S_VAULT_NAMESPACE", "vault") export K8S_VAULT_NAMESPACE := env("K8S_VAULT_NAMESPACE", "vault")
export EXTERNAL_SECRETS_NAMESPACE := env("EXTERNAL_SECRETS_NAMESPACE", "external-secrets") export EXTERNAL_SECRETS_NAMESPACE := env("EXTERNAL_SECRETS_NAMESPACE", "external-secrets")
@@ -64,11 +65,18 @@ create-root-credentials:
# Add Keycloak policy and mapper # Add Keycloak policy and mapper
add-keycloak-minio-policy: add-keycloak-minio-policy:
KEYCLOAK_ADMIN_USER=$(just keycloak::admin-username) \ #!/bin/bash
KEYCLOAK_ADMIN_PASSWORD=$(just keycloak::admin-password) \ set -euo pipefail
KEYCLOAK_REALM=${KEYCLOAK_REALM} \ POLICY_VALUE="${MINIO_POLICY:-readwrite}"
MINIO_OIDC_CLIENT_ID=${MINIO_OIDC_CLIENT_ID} \ echo "Setting MinIO policy attribute with default value: ${POLICY_VALUE}"
dotenvx run -f ../.env.local -- tsx ./scripts/add-minio-policy.ts just keycloak::add-attribute-mapper \
"${MINIO_OIDC_CLIENT_ID}" \
"minioPolicy" \
"MinIO Policy" \
"minioPolicy" \
"readwrite,readonly,writeonly" \
"${POLICY_VALUE}" \
"MinIO Policy"
# Install MinIO # Install MinIO
install: install:
@@ -140,6 +148,21 @@ create-bucket bucket='':
bash -c "mc alias set local http://localhost:9000 ${ROOT_USER} ${ROOT_PASSWORD} && \ bash -c "mc alias set local http://localhost:9000 ${ROOT_USER} ${ROOT_PASSWORD} && \
mc mb --ignore-existing local/${bucket}" mc mb --ignore-existing local/${bucket}"
# Check if a bucket exists (returns exit code 0 if exists, 1 if not)
[no-exit-message]
bucket-exists bucket:
#!/bin/bash
set -euo pipefail
ROOT_USER=$(just root-username)
ROOT_PASSWORD=$(just root-password)
if kubectl -n ${MINIO_NAMESPACE} exec -it deploy/minio -- \
bash -c "mc alias set local http://localhost:9000 ${ROOT_USER} ${ROOT_PASSWORD} >/dev/null 2>&1 && \
mc ls local/{{ bucket }} >/dev/null 2>&1"; then
exit 0 # Bucket exists
else
exit 1 # Bucket does not exist
fi
# Create MinIO user # Create MinIO user
create-user user='' bucket='': create-user user='' bucket='':
#!/bin/bash #!/bin/bash
@@ -247,18 +270,3 @@ grant-policy user='' policy='readwrite':
mc admin policy attach local ${POLICY} --user=${USER}" mc admin policy attach local ${POLICY} --user=${USER}"
echo "✅ Policy ${POLICY} granted to user ${USER}" echo "✅ Policy ${POLICY} granted to user ${USER}"
# Check if a bucket exists (returns exit code 0 if exists, 1 if not)
[no-exit-message]
bucket-exists bucket:
#!/bin/bash
set -euo pipefail
ROOT_USER=$(just root-username)
ROOT_PASSWORD=$(just root-password)
if kubectl -n ${MINIO_NAMESPACE} exec -it deploy/minio -- \
bash -c "mc alias set local http://localhost:9000 ${ROOT_USER} ${ROOT_PASSWORD} >/dev/null 2>&1 && \
mc ls local/{{ bucket }} >/dev/null 2>&1"; then
exit 0 # Bucket exists
else
exit 1 # Bucket does not exist
fi

2
minio/minio-values.gomplate.yaml
View File

@@ -15,7 +15,7 @@ oidc:
displayName: "Login with Keycloak" displayName: "Login with Keycloak"
persistence: persistence:
size: 50Gi size: {{ .Env.MINIO_STORAGE_SIZE }}
ingress: ingress:
enabled: true enabled: true

46
minio/scripts/add-minio-policy.ts
View File

@@ -1,46 +0,0 @@
#!/usr/bin/env node
// This script is a wrapper for add-attribute-mapper.ts specifically for MinIO policy configuration
// It sets the appropriate environment variables and calls the generic script
import { spawn } from "node:child_process";
import invariant from "tiny-invariant";
const main = async () => {
// Validate MinIO-specific environment variables
const minioClientId = process.env.MINIO_OIDC_CLIENT_ID;
invariant(minioClientId, "MINIO_OIDC_CLIENT_ID environment variable is required");
const policyValue = process.env.MINIO_POLICY || "readwrite";
console.log(`Setting MinIO policy attribute with default value: ${policyValue}`);
// Set up environment variables for the generic script
const env = {
...process.env,
CLIENT_ID: minioClientId,
ATTRIBUTE_NAME: "minioPolicy",
ATTRIBUTE_DISPLAY_NAME: "MinIO Policy",
ATTRIBUTE_CLAIM_NAME: "minioPolicy",
ATTRIBUTE_OPTIONS: "readwrite,readonly,writeonly",
ATTRIBUTE_DEFAULT_VALUE: policyValue,
MAPPER_NAME: "MinIO Policy",
};
// Call the generic add-attribute-mapper script
const child = spawn("npx", ["tsx", "../../keycloak/scripts/add-attribute-mapper.ts"], {
cwd: __dirname,
env,
stdio: "inherit",
});
child.on("error", (error) => {
console.error("Failed to execute add-attribute-mapper.ts:", error);
process.exit(1);
});
child.on("exit", (code) => {
process.exit(code || 0);
});
};
main();