Allow MinIO to load configurations from env file (#12706)

docker-entrypoint.sh will load configuration values from 'config.env' file, this is useful when MinIO is deployed in Kubernetes environments and want to avoid reading secrets from environment variables Signed-off-by: Lenin Alevski <alevsk.8772@gmail.com>
2021-07-14 16:55:59 -07:00 · 2021-07-14 16:55:59 -07:00 · 92ffe5e5ef
parent e8cbfa7af2
commit 92ffe5e5ef
3 changed files with 27 additions and 5 deletions
--- a/Dockerfile.release
+++ b/Dockerfile.release
@ -17,7 +17,8 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
    MINIO_ROOT_USER_FILE=access_key \
    MINIO_ROOT_PASSWORD_FILE=secret_key \
    MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
-    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
+    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
+    MINIO_CONFIG_ENV_FILE=config.env

 COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
 COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
--- a/Dockerfile.release.fips
+++ b/Dockerfile.release.fips
@ -17,7 +17,8 @@ ENV MINIO_ACCESS_KEY_FILE=access_key \
    MINIO_ROOT_USER_FILE=access_key \
    MINIO_ROOT_PASSWORD_FILE=secret_key \
    MINIO_KMS_SECRET_KEY_FILE=kms_master_key \
-    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
+    MINIO_UPDATE_MINISIGN_PUBKEY="RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav" \
+    MINIO_CONFIG_ENV_FILE=config.env

 COPY dockerscripts/verify-minio.sh /usr/bin/verify-minio.sh
 COPY dockerscripts/docker-entrypoint.sh /usr/bin/docker-entrypoint.sh
--- a/dockerscripts/docker-entrypoint.sh
+++ b/dockerscripts/docker-entrypoint.sh
@ -8,6 +8,20 @@ if [ "${1}" != "minio" ]; then
    fi
 fi

+## look for specific a `config.env` file to load all the
+## minio settings from
+docker_minio_env() {
+    if [ -f "$MINIO_CONFIG_ENV_FILE" ]; then
+        config_env_file="${MINIO_CONFIG_ENV_FILE}"
+    else
+        config_env_file="/run/secrets/${MINIO_CONFIG_ENV_FILE}"
+    fi
+    if [ -f "$config_env_file" ]; then
+        # shellcheck source=/dev/null
+        . "${config_env_file}"
+    fi
+}
+
 ## Look for docker secrets at given absolute path or in default documented location.
 docker_secrets_env_old() {
    if [ -f "$MINIO_ACCESS_KEY_FILE" ]; then
@ -73,15 +87,16 @@ docker_kms_secret_encryption_env() {

 # su-exec to requested user, if service cannot run exec will fail.
 docker_switch_user() {
-    if [ ! -z "${MINIO_USERNAME}" ] && [ ! -z "${MINIO_GROUPNAME}" ]; then
-        if [ ! -z "${MINIO_UID}" ] && [ ! -z "${MINIO_GID}" ]; then
+    if [ -n "${MINIO_USERNAME}" ] && [ -n "${MINIO_GROUPNAME}" ]; then
+        if [ -n "${MINIO_UID}" ] && [ -n "${MINIO_GID}" ]; then
            groupadd -g "$MINIO_GID" "$MINIO_GROUPNAME" && \
                useradd -u "$MINIO_UID" -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
        else
            groupadd "$MINIO_GROUPNAME" && \
                useradd -g "$MINIO_GROUPNAME" "$MINIO_USERNAME"
        fi
-        exec setpriv --reuid="${MINIO_USERNAME}" --regid="${MINIO_GROUPNAME}" --keep-groups "$@"
+        exec setpriv --reuid="${MINIO_USERNAME}" \
+             --regid="${MINIO_GROUPNAME}" --keep-groups "$@"
    else
        exec "$@"
    fi
@ -96,5 +111,10 @@ docker_secrets_env
 ## Set kms encryption from secrets if necessary. Override
 docker_kms_secret_encryption_env

+## Set all config environment variables from 'config.env' if necessary.
+## Overrides all previous settings and also overrides all
+## environment values passed from 'podman run -e ENV=value'
+docker_minio_env
+
 ## Switch to user if applicable.
 docker_switch_user "$@"