From 3fe6321241648faa86a69491881fa82e3ae5d520 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 15 Jul 2024 14:43:09 -0600 Subject: [PATCH 1/4] change operator-sidecar tag to 6.0.0 Signed-off-by: pjuarezd --- helm/operator/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index 80fdf57fd3a..ba697ac846b 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -59,14 +59,14 @@ operator: # Specify the sidecar container image to deploy on tenant pods for init container and sidecar. # Only need to change this if want to use a different version that the default, or want to set a custom registry. # ``sidecarImage.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator-sidecar`` repo and the v5.0.15 tag. + # For example, the following sets the image to the ``quay.io/minio/operator-sidecar`` repo and the v6.0.0 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # sidecarImage: # repository: quay.io/minio/operator-sidecar - # tag: v5.0.15 + # tag: v6.0.0 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: From 898ff32495ef5538e9344b1a499c4aedfd16682c Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 15 Jul 2024 14:46:55 -0600 Subject: [PATCH 2/4] instructions to release sidecar Signed-off-by: pjuarezd --- Makefile | 2 +- release.sh | 20 +++++++++++++++++++- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e34ae2fbbba..d26a05dc544 100644 --- a/Makefile +++ b/Makefile @@ -86,7 +86,7 @@ helm-reindex: @./helm-reindex.sh update-versions: - @./release.sh + @./release.sh --release-sidecar=$(RELEASE_SIDECAR) release: update-versions generate-code regen-crd regen-crd-docs @git add . diff --git a/release.sh b/release.sh index e97dfd4d687..f949108fc82 100755 --- a/release.sh +++ b/release.sh @@ -2,6 +2,19 @@ set -e +# Parse command line arguments +while [[ "$#" -gt 0 ]]; do + case $1 in + --release-sidecar) + RELEASE_SIDECAR="$2" + shift 2 + ;; + *) + ;; + esac + shift +done + get_latest_release() { curl --silent "https://api.github.com/repos/$1/releases/latest" | # Get latest release from GitHub api grep '"tag_name":' | # Get tag line @@ -36,7 +49,7 @@ files=( "testing/console-tenant+kes.sh" ) -CURRENT_RELEASE=$(get_latest_release minio/operator) +CURRENT_RELEASE="v5.0.15" CURRENT_RELEASE="${CURRENT_RELEASE:1}" echo "MinIO: $MINIO_RELEASE" @@ -68,6 +81,11 @@ done # Update annotation in kustomization yaml sed -i -e "s~operator.min.io/version: .*~operator.min.io/version: v${RELEASE}~g" "resources/kustomization.yaml" +if [ "${RELEASE_SIDECAR}" = "true" ]; then + + sed -i -e 's~quay.io/minio/operator-sidecar:.*\"~quay.io/minio/operator-sidecar:v'$RELEASE'\"~g' "pkg/resources/statefulsets/minio-sidecar.go" +fi + # Add all the generated files to git echo "clean -e files" From b1a3ef97d338fa735f4f570ba86da8554941cb81 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Mon, 15 Jul 2024 15:42:47 -0600 Subject: [PATCH 3/4] Release 6.0.0 ``` make update-versions RELEASE_SIDECAR=true RELEASE=6.0.0 ``` Signed-off-by: pjuarezd --- README.md | 2 +- docs/job_crd.adoc | 6 +- docs/policybinding_crd.adoc | 6 +- docs/templates/asciidoctor/gv_list.tpl | 6 +- docs/tenant_crd.adoc | 341 ++++++++++-------- examples/kustomization/base/tenant.yaml | 6 +- .../tenant-certmanager-kes/tenant.yaml | 2 +- .../tenant-kes-encryption/tenant.yaml | 2 +- helm/operator/Chart.yaml | 4 +- helm/operator/templates/job.min.io_jobs.yaml | 4 +- .../templates/minio.min.io_tenants.yaml | 2 +- .../templates/sts.min.io_policybindings.yaml | 2 +- helm/operator/values.yaml | 6 +- helm/tenant/Chart.yaml | 4 +- helm/tenant/values.yaml | 12 +- pkg/apis/job.min.io/v1alpha1/types.go | 4 +- pkg/apis/minio.min.io/v2/constants.go | 6 +- pkg/apis/minio.min.io/v2/types.go | 2 +- pkg/apis/sts.min.io/v1beta1/types.go | 2 +- pkg/resources/statefulsets/minio-sidecar.go | 2 +- resources/base/crds/job.min.io_miniojobs.yaml | 4 +- resources/base/crds/minio.min.io_tenants.yaml | 2 +- .../base/crds/sts.min.io_policybindings.yaml | 2 +- resources/base/deployment.yaml | 2 +- resources/kustomization.yaml | 2 +- testing/console-tenant+kes.sh | 2 +- 26 files changed, 229 insertions(+), 206 deletions(-) diff --git a/README.md b/README.md index fe9432560f6..509ca93081d 100644 --- a/README.md +++ b/README.md @@ -146,7 +146,7 @@ for [kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kusto use that to install MiniO Operator. ```sh -kubectl kustomize github.com/minio/operator\?ref=v5.0.15 +kubectl kustomize github.com/minio/operator\?ref=v6.0.0 ``` Run the following command to verify the status of the Operator: diff --git a/docs/job_crd.adoc b/docs/job_crd.adoc index aac259c3808..56489144b7e 100644 --- a/docs/job_crd.adoc +++ b/docs/job_crd.adoc @@ -4,9 +4,9 @@ [id="{p}-api-reference"] == API Reference -:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-05-01T01-11-10Z] -:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-04-12T13-50-00Z] -:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:latest] +:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-07-13T01-46-15Z] +:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-06-17T15-47-05Z] +:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:RELEASE.2024-07-11T18-01-28Z] [id="{anchor_prefix}-job-min-io-v1alpha1"] diff --git a/docs/policybinding_crd.adoc b/docs/policybinding_crd.adoc index 7ba6ea95741..887b449441a 100644 --- a/docs/policybinding_crd.adoc +++ b/docs/policybinding_crd.adoc @@ -4,9 +4,9 @@ [id="{p}-api-reference"] == API Reference -:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-05-01T01-11-10Z] -:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-04-12T13-50-00Z] -:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:latest] +:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-07-13T01-46-15Z] +:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-06-17T15-47-05Z] +:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:RELEASE.2024-07-11T18-01-28Z] [id="{anchor_prefix}-sts-min-io-v1beta1"] diff --git a/docs/templates/asciidoctor/gv_list.tpl b/docs/templates/asciidoctor/gv_list.tpl index e4c1953e54b..858fdc85761 100644 --- a/docs/templates/asciidoctor/gv_list.tpl +++ b/docs/templates/asciidoctor/gv_list.tpl @@ -7,9 +7,9 @@ [id="{p}-api-reference"] == API Reference -:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-05-01T01-11-10Z] -:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-04-12T13-50-00Z] -:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:latest] +:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-07-13T01-46-15Z] +:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-06-17T15-47-05Z] +:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:RELEASE.2024-07-11T18-01-28Z] {{ range $groupVersions }} {{ template "gvDetails" . }} diff --git a/docs/tenant_crd.adoc b/docs/tenant_crd.adoc index 55e4012ed70..fb170bf24d7 100644 --- a/docs/tenant_crd.adoc +++ b/docs/tenant_crd.adoc @@ -4,19 +4,18 @@ [id="{p}-api-reference"] == API Reference -:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-05-01T01-11-10Z] -:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-04-12T13-50-00Z] -:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:latest] +:minio-image: https://hub.docker.com/r/minio/minio/tags[minio/minio:RELEASE.2024-07-13T01-46-15Z] +:kes-image: https://hub.docker.com/r/minio/kes/tags[minio/kes:2024-06-17T15-47-05Z] +:mc-image: https://hub.docker.com/r/minio/mc/tags[minio/mc:RELEASE.2024-07-11T18-01-28Z] [id="{anchor_prefix}-minio-min-io-v2"] === minio.min.io/v2 -Package v2 - This page provides a quick automatically generated reference for the MinIO Operator `minio.min.io/v2` CRD. -For more complete documentation on the MinIO Operator CRD, see https://min.io/docs/minio/kubernetes/upstream/index.html[MinIO Kubernetes Documentation]. + +Package v2 - This page provides a quick automatically generated reference for the MinIO Operator `minio.min.io/v2` CRD. For more complete documentation on the MinIO Operator CRD, see https://min.io/docs/minio/kubernetes/upstream/index.html[MinIO Kubernetes Documentation]. + + +The `minio.min.io/v2` API was released with the v4.0.0 MinIO Operator. The MinIO Operator automatically converts existing tenants using the `/v1` API to `/v2`. + -The `minio.min.io/v2` API was released with the v4.0.0 MinIO Operator. -The MinIO Operator automatically converts existing tenants using the `/v1` API to `/v2`. + .Resource Types - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] @@ -35,49 +34,49 @@ Bucket describes the default created buckets - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`name`* __string__ +|*`name`* __string__ | -|*`region`* __string__ +|*`region`* __string__ | -|*`objectLock`* __boolean__ +|*`objectLock`* __boolean__ | |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig"] ==== CertificateConfig -CertificateConfig (`certConfig`) defines controlling attributes associated to any TLS certificate automatically generated by the Operator as part of tenant creation. -These fields have no effect if `spec.autoCert: false`. +CertificateConfig (`certConfig`) defines controlling attributes associated to any TLS certificate automatically generated by the Operator as part of tenant creation. These fields have no effect if `spec.autoCert: false`. .Appears In: **** - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`commonName`* __string__ +|*`commonName`* __string__ |*Optional* + The `CommonName` or `CN` attribute to associate to automatically generated TLS certificates. + -|*`organizationName`* __string array__ +|*`organizationName`* __string array__ |*Optional* + Specify one or more `OrganizationName` or `O` attributes to associate to automatically generated TLS certificates. + -|*`dnsNames`* __string array__ +|*`dnsNames`* __string array__ |*Optional* + @@ -85,6 +84,7 @@ Specify one or more x.509 Subject Alternative Names (SAN) to associate to automa |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-certificatestatus"] ==== CertificateStatus @@ -95,58 +95,58 @@ CertificateStatus keeps track of all the certificates managed by the operator - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`autoCertEnabled`* __boolean__ +|*`autoCertEnabled`* __boolean__ |AutoCertEnabled registers whether we know if the tenant has autocert enabled -|*`customCertificates`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificates[$$CustomCertificates$$]__ +|*`customCertificates`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificates[$$CustomCertificates$$]__ |Provides the output of the `client`, `minio`, and`minioCAs` custom TLS certificates manually added to the Operator. |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig"] ==== CustomCertificateConfig -CustomCertificateConfig (`customCertificateConfig`) provides attributes associated of the TLS certificates manually added to the Operator as part of tenant creation. -These fields contain no data if there are no custom TLS certificates. +CustomCertificateConfig (`customCertificateConfig`) provides attributes associated of the TLS certificates manually added to the Operator as part of tenant creation. These fields contain no data if there are no custom TLS certificates. .Appears In: **** - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificates[$$CustomCertificates$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`certName`* __string__ +|*`certName`* __string__ |*Optional* + Output one or more `CertName` attributes associated with the manually provided TLS certificates. + -|*`domains`* __string array__ +|*`domains`* __string array__ |*Optional* + Output one or more `Domains` attributes associated with the manually provided TLS certificates. + -|*`expiry`* __string__ +|*`expiry`* __string__ |*Optional* + Output one or more `Expiry` attributes associated with the manually provided TLS certificates. + -|*`expiresIn`* __string__ +|*`expiresIn`* __string__ |*Optional* + Output one or more `ExpiresIn` attributes associated with the manually provided TLS certificates. + -|*`serialNo`* __string__ +|*`serialNo`* __string__ |*Optional* + @@ -154,34 +154,34 @@ Output one or more `SerialNo` attributes associated with the manually provided T |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificates"] ==== CustomCertificates -CustomCertificates (`customCertificates`) provides groupings of the TLS certificates manually added to the Operator as part of tenant creation. -These fields contain no data if there are no custom TLS certificates. +CustomCertificates (`customCertificates`) provides groupings of the TLS certificates manually added to the Operator as part of tenant creation. These fields contain no data if there are no custom TLS certificates. .Appears In: **** - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-certificatestatus[$$CertificateStatus$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`client`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ +|*`client`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ |*Optional* + Client -|*`minio`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ +|*`minio`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ |*Optional* + Minio -|*`minioCAs`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ +|*`minioCAs`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig[$$CustomCertificateConfig$$] array__ |*Optional* + @@ -189,6 +189,7 @@ Certificate Authorities |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-exposeservices"] ==== ExposeServices @@ -199,17 +200,17 @@ ExposeServices (`exposeServices`) defines the exposure of the MinIO object stora - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`minio`* __boolean__ +|*`minio`* __boolean__ |*Optional* + Directs the Operator to expose the MinIO service. Defaults to `false`. + -|*`console`* __boolean__ +|*`console`* __boolean__ |*Optional* + @@ -217,6 +218,7 @@ Directs the Operator to expose the MinIO Console service. Defaults to `false`. + |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-features"] ==== Features @@ -227,23 +229,23 @@ Features (`features`) - Object describing which MinIO features to enable/disable - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`bucketDNS`* __boolean__ +|*`bucketDNS`* __boolean__ |*Optional* + Specify `true` to allow clients to access buckets using the DNS path `.minio.default.svc.cluster.local`. Defaults to `false`. -|*`domains`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains[$$TenantDomains$$]__ +|*`domains`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains[$$TenantDomains$$]__ |*Optional* + Specify a list of domains used to access MinIO and Console. -|*`enableSFTP`* __boolean__ +|*`enableSFTP`* __boolean__ |*Optional* + @@ -251,6 +253,7 @@ Starts minio server with SFTP support |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-healthstatus"] ==== HealthStatus (string) @@ -261,34 +264,35 @@ HealthStatus represents whether the tenant is healthy, with decreased service or - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] **** + + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-kesconfig"] ==== KESConfig -KESConfig (`kes`) defines the configuration of the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) StatefulSet deployed as part of the MinIO Tenant. -KES supports Server-Side Encryption of objects using an external Key Management Service (KMS). + +KESConfig (`kes`) defines the configuration of the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) StatefulSet deployed as part of the MinIO Tenant. KES supports Server-Side Encryption of objects using an external Key Management Service (KMS). + .Appears In: **** - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`replicas`* __integer__ +|*`replicas`* __integer__ |*Optional* + Specify the number of replica KES pods to deploy in the tenant. Defaults to `2`. -|*`image`* __string__ +|*`image`* __string__ |*Optional* + The Docker image to use for deploying MinIO KES. Defaults to {kes-image}. + -|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#pullpolicy-v1-core[$$PullPolicy$$]__ +|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#pullpolicy-v1-core[$$PullPolicy$$]__ |*Optional* + @@ -306,13 +310,13 @@ The pull policy for the MinIO Docker image. Specify one of the following: + Refer to the Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images -|*`serviceAccountName`* __string__ +|*`serviceAccountName`* __string__ |*Optional* + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO KES pods created as part of the Tenant. + -|*`kesSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*`kesSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ |*Required* + @@ -321,7 +325,7 @@ Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes o See the https://github.com/minio/operator/blob/master/examples/kes-secret.yaml[MinIO Operator `console-secret.yaml`] for an example. -|*`externalCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ +|*`externalCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ |*Optional* + @@ -342,7 +346,7 @@ Specify an object containing the following fields: + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#procedure-command-line[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. -|*`clientCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ +|*`clientCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ |*Optional* + @@ -357,37 +361,37 @@ Specify an object containing the following fields: + * - `type` - Specify `kubernetes.io/tls` + -|*`gcpCredentialSecretName`* __string__ +|*`gcpCredentialSecretName`* __string__ |*Optional* + Specify the GCP default credentials to be used for KES to authenticate to GCP key store -|*`gcpWorkloadIdentityPool`* __string__ +|*`gcpWorkloadIdentityPool`* __string__ |*Optional* + Specify the name of the workload identity pool (This is required for generating service account token) -|*`annotations`* __object (keys:string, values:string)__ +|*`annotations`* __object (keys:string, values:string)__ |*Optional* + If provided, use these annotations for KES Object Meta annotations -|*`labels`* __object (keys:string, values:string)__ +|*`labels`* __object (keys:string, values:string)__ |*Optional* + If provided, use these labels for KES Object Meta labels -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ |*Optional* + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + -|*`nodeSelector`* __object (keys:string, values:string)__ +|*`nodeSelector`* __object (keys:string, values:string)__ |*Optional* + @@ -396,31 +400,31 @@ The filter for the Operator to apply when selecting which nodes on which to depl See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. -|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#toleration-v1-core[$$Toleration$$] array__ +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#toleration-v1-core[$$Toleration$$] array__ |*Optional* + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to MinIO KES pods. -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#affinity-v1-core[$$Affinity$$]__ +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#affinity-v1-core[$$Affinity$$]__ |*Optional* + Specify node affinity, pod affinity, and pod anti-affinity for the KES pods. + -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ |*Optional* + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. -|*`keyName`* __string__ +|*`keyName`* __string__ |*Optional* + If provided, use this as the name of the key that KES creates on the KMS backend -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ |Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of MinIO KES pods. The Operator supports only the following pod security fields: + @@ -441,10 +445,10 @@ If provided, use this as the name of the key that KES creates on the KMS backend * `seLinuxOptions` + -|*`containerSecurityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core[$$SecurityContext$$]__ +|*`containerSecurityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core[$$SecurityContext$$]__ |Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of MinIO KES pods. -|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#envvar-v1-core[$$EnvVar$$] array__ +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#envvar-v1-core[$$EnvVar$$] array__ |*Optional* + @@ -452,6 +456,7 @@ If provided, the MinIO Operator adds the specified environment variables when de |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference"] ==== LocalCertificateReference @@ -463,17 +468,17 @@ LocalCertificateReference (`externalCertSecret`, `externalCaCertSecret`,`clientC - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`name`* __string__ +|*`name`* __string__ |*Required* + The name of the Kubernetes secret containing the TLS certificate or Certificate Authority file. + -|*`type`* __string__ +|*`type`* __string__ |*Required* + @@ -481,6 +486,7 @@ The type of Kubernetes secret. Specify `kubernetes.io/tls` + |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-logging"] ==== Logging @@ -491,27 +497,27 @@ Logging describes Logging for MinIO tenants. - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`json`* __boolean__ +|*`json`* __boolean__ | -|*`anonymous`* __boolean__ +|*`anonymous`* __boolean__ | -|*`quiet`* __boolean__ +|*`quiet`* __boolean__ | |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-pool"] ==== Pool -Pool (`pools`) defines a MinIO server pool on a Tenant. -Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. -Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. + +Pool (`pools`) defines a MinIO server pool on a Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. + + See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#procedure-command-line[MinIO Operator CRD] reference for the `pools` object for examples and more complete documentation. + @@ -520,15 +526,15 @@ See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy- - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`name`* __string__ +|*`name`* __string__ |*Required* Specify the name of the pool. The Operator automatically generates the pool name if this field is omitted. -|*`servers`* __integer__ +|*`servers`* __integer__ |*Required* @@ -537,7 +543,7 @@ The number of MinIO server pods to deploy in the pool. The minimum value is `2`. The MinIO Operator requires a minimum of `4` volumes per pool. Specifically, the result of `pools.servers X pools.volumesPerServer` must be greater than `4`. + -|*`volumesPerServer`* __integer__ +|*`volumesPerServer`* __integer__ |*Required* + @@ -546,19 +552,19 @@ The number of Persistent Volume Claims to generate for each MinIO server pod in The MinIO Operator requires a minimum of `4` volumes per pool. Specifically, the result of `pools.servers X pools.volumesPerServer` must be greater than `4`. + -|*`volumeClaimTemplate`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$]__ +|*`volumeClaimTemplate`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$]__ |*Required* + Specify the configuration options for the MinIO Operator to use when generating Persistent Volume Claims for the MinIO tenant. + -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ |*Optional* + Object specification for specifying CPU and memory https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/[resource allocations] or limits in the MinIO tenant. + -|*`nodeSelector`* __object (keys:string, values:string)__ +|*`nodeSelector`* __object (keys:string, values:string)__ |*Optional* + @@ -567,25 +573,25 @@ The filter for the Operator to apply when selecting which nodes on which to depl See the Kubernetes documentation on https://kubernetes.io/docs/concepts/configuration/assign-pod-node/[Assigning Pods to Nodes] for more information. -|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#affinity-v1-core[$$Affinity$$]__ +|*`affinity`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#affinity-v1-core[$$Affinity$$]__ |*Optional* + Specify node affinity, pod affinity, and pod anti-affinity for pods in the MinIO pool. + -|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#toleration-v1-core[$$Toleration$$] array__ +|*`tolerations`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#toleration-v1-core[$$Toleration$$] array__ |*Optional* + Specify one or more https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/[Kubernetes tolerations] to apply to pods deployed in the MinIO pool. -|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ +|*`topologySpreadConstraints`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#topologyspreadconstraint-v1-core[$$TopologySpreadConstraint$$] array__ |*Optional* + Specify one or more https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/[Kubernetes Topology Spread Constraints] to apply to pods deployed in the MinIO pool. -|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ +|*`securityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core[$$PodSecurityContext$$]__ |*Optional* + @@ -606,7 +612,7 @@ Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-co * `runAsUser` + -|*`containerSecurityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core[$$SecurityContext$$]__ +|*`containerSecurityContext`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core[$$SecurityContext$$]__ |Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-context/[Security Context] of containers in the pool. The Operator supports only the following container security fields: + @@ -618,7 +624,7 @@ Specify the https://kubernetes.io/docs/tasks/configure-pod-container/security-co * `runAsUser` + -|*`annotations`* __object (keys:string, values:string)__ +|*`annotations`* __object (keys:string, values:string)__ |*Optional* + @@ -628,13 +634,13 @@ Specify custom labels and annotations to append to the Pool. If provided, use these annotations for the Pool Objects Meta annotations (Statefulset and Pod template) -|*`labels`* __object (keys:string, values:string)__ +|*`labels`* __object (keys:string, values:string)__ |*Optional* + If provided, use these labels for the Pool Objects Meta annotations (Statefulset and Pod template) -|*`runtimeClassName`* __string__ +|*`runtimeClassName`* __string__ |*Optional* + @@ -642,6 +648,7 @@ If provided, each pod on the Statefulset will run with the specified RuntimeClas |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-poolstate"] ==== PoolState (string) @@ -652,6 +659,8 @@ PoolState represents the state of a pool - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-poolstatus[$$PoolStatus$$] **** + + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-poolstatus"] ==== PoolStatus @@ -662,23 +671,24 @@ PoolStatus keeps track of all the pools and their current state - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`ssName`* __string__ +|*`ssName`* __string__ | -|*`state`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-poolstate[$$PoolState$$]__ +|*`state`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-poolstate[$$PoolState$$]__ | -|*`legacySecurityContext`* __boolean__ +|*`legacySecurityContext`* __boolean__ |LegacySecurityContext stands for Legacy SecurityContext. It represents that these pool was created before v4.2.3 when we introduced the default securityContext as non-root, thus we should keep running this Pool without a Security Context |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata"] ==== ServiceMetadata @@ -689,29 +699,29 @@ ServiceMetadata (`serviceMetadata`) defines custom labels and annotations for th - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`minioServiceLabels`* __object (keys:string, values:string)__ +|*`minioServiceLabels`* __object (keys:string, values:string)__ |*Optional* + If provided, append these labels to the MinIO service -|*`minioServiceAnnotations`* __object (keys:string, values:string)__ +|*`minioServiceAnnotations`* __object (keys:string, values:string)__ |*Optional* + If provided, append these annotations to the MinIO service -|*`consoleServiceLabels`* __object (keys:string, values:string)__ +|*`consoleServiceLabels`* __object (keys:string, values:string)__ |*Optional* + If provided, append these labels to the Console service -|*`consoleServiceAnnotations`* __object (keys:string, values:string)__ +|*`consoleServiceAnnotations`* __object (keys:string, values:string)__ |*Optional* + @@ -719,6 +729,7 @@ If provided, append these annotations to the Console service |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-sidecars"] ==== SideCars @@ -729,17 +740,17 @@ SideCars (`sidecars`) defines a list of containers that the Operator attaches to - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`containers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#container-v1-core[$$Container$$] array__ +|*`containers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#container-v1-core[$$Container$$] array__ |*Optional* + List of containers to run inside the Pod -|*`volumeClaimTemplates`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$] array__ +|*`volumeClaimTemplates`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#persistentvolumeclaim-v1-core[$$PersistentVolumeClaim$$] array__ |*Optional* + @@ -750,14 +761,14 @@ this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. -|*`volumes`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#volume-v1-core[$$Volume$$] array__ +|*`volumes`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#volume-v1-core[$$Volume$$] array__ |*Optional* + List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes -|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ +|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ |*Optional* + @@ -765,6 +776,7 @@ sidecar's Resource, initcontainer will use that if set. |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenant"] ==== Tenant @@ -775,24 +787,24 @@ Tenant is a https://kubernetes.io/docs/concepts/overview/working-with-objects/ku - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantlist[$$TenantList$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`apiVersion`* __string__ +|*`apiVersion`* __string__ |`minio.min.io/v2` -|*`kind`* __string__ +|*`kind`* __string__ |`Tenant` -|*`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta[$$ObjectMeta$$]__ +|*`metadata`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#objectmeta-v1-meta[$$ObjectMeta$$]__ |Refer to Kubernetes API documentation for fields of `metadata`. -|*`scheduler`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler[$$TenantScheduler$$]__ +|*`scheduler`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler[$$TenantScheduler$$]__ | -|*`spec`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$]__ +|*`spec`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$]__ |*Required* + @@ -800,6 +812,7 @@ The root field for the MinIO Tenant object. |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantdomains"] ==== TenantDomains @@ -812,20 +825,23 @@ The listed domains should include schema and port if any is used, i.e. https://m - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`minio`* __string array__ +|*`minio`* __string array__ |List of Domains used by MinIO. This will enable DNS style access to the object store where the bucket name is inferred from a subdomain in the domain. -|*`console`* __string__ +|*`console`* __string__ |Domain used to expose the MinIO Console, this will configure the redirect on MinIO when visiting from the browser If Console is exposed via a subpath, the domain should include it, i.e. https://console.domain.com:8123/subpath/ |=== + + + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantscheduler"] ==== TenantScheduler @@ -836,11 +852,11 @@ TenantScheduler (`scheduler`) - Object describing Kubernetes Scheduler to use fo - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`name`* __string__ +|*`name`* __string__ |*Optional* + @@ -848,13 +864,16 @@ Specify the name of the https://kubernetes.io/docs/concepts/scheduling-eviction/ |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantspec"] ==== TenantSpec TenantSpec (`spec`) defines the configuration of a MinIO Tenant object. + + The following parameters are specific to the `minio.min.io/v2` MinIO CRD API `spec` definition added as part of the MinIO Operator v4.0.0. + + For more complete documentation on this object, see the https://min.io/docs/minio/kubernetes/upstream/operations/installation.html[MinIO Kubernetes Documentation]. + .Appears In: @@ -862,11 +881,11 @@ For more complete documentation on this object, see the https://min.io/docs/mini - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenant[$$Tenant$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`pools`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-pool[$$Pool$$] array__ +|*`pools`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-pool[$$Pool$$] array__ |*Required* + @@ -878,25 +897,25 @@ The MinIO Tenant `spec` *must have* at least *one* element in the `pools` array. See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html[MinIO Operator CRD] reference for the `pools` object for examples and more complete documentation. -|*`image`* __string__ +|*`image`* __string__ |*Optional* + The Docker image to use when deploying `minio` server pods. Defaults to {minio-image}. + -|*`imagePullSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*`imagePullSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ |*Optional* + Specify the secret key to use for pulling images from a private Docker repository. + -|*`podManagementPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podmanagementpolicytype-v1-apps[$$PodManagementPolicyType$$]__ +|*`podManagementPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podmanagementpolicytype-v1-apps[$$PodManagementPolicyType$$]__ |*Optional* + Pod Management Policy for pod created by StatefulSet -|*`credsSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*`credsSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ |*optional* + @@ -908,13 +927,13 @@ Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes o * `data.secretkey` - The secret key for the root credentials + -|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#envvar-v1-core[$$EnvVar$$] array__ +|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#envvar-v1-core[$$EnvVar$$] array__ |*Optional* + If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource. -|*`externalCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ +|*`externalCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ |*Optional* + @@ -935,7 +954,7 @@ Each element in the `externalCertSecret` array is an object containing the follo See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. -|*`externalCaCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ +|*`externalCaCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ |*Optional* + @@ -956,7 +975,7 @@ Each element in the `externalCertSecret` array is an object containing the follo See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. -|*`externalClientCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ +|*`externalClientCertSecret`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$]__ |*Optional* + @@ -980,7 +999,7 @@ If deploying KES with the MinIO Operator, include the hash of the certificate as See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. -|*`externalClientCertSecrets`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ +|*`externalClientCertSecrets`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ |*Optional* + @@ -1026,19 +1045,19 @@ Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes T * `type` - Specify `kubernetes.io/tls` + -|*`mountPath`* __string__ +|*`mountPath`* __string__ |*Optional* + Mount path for MinIO volume (PV). Defaults to `/export` -|*`subPath`* __string__ +|*`subPath`* __string__ |*Optional* + Subpath inside mount path. This is the directory where MinIO stores data. Default to `""`` (empty) -|*`requestAutoCert`* __boolean__ +|*`requestAutoCert`* __boolean__ |*Optional* + @@ -1056,34 +1075,34 @@ If `requestAutoCert` is set to `false` *and* `externalCertSecret` is omitted, th See the https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#create-tenant-security-section[MinIO Operator CRD] reference for examples and more complete documentation on configuring TLS for MinIO Tenants. -|*`liveness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#probe-v1-core[$$Probe$$]__ +|*`liveness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#probe-v1-core[$$Probe$$]__ |Liveness Probe for container liveness. Container will be restarted if the probe fails. -|*`readiness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#probe-v1-core[$$Probe$$]__ +|*`readiness`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#probe-v1-core[$$Probe$$]__ |Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. -|*`startup`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#probe-v1-core[$$Probe$$]__ +|*`startup`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#probe-v1-core[$$Probe$$]__ |Startup Probe allows to configure a max grace period for a pod to start before getting traffic routed to it. -|*`lifecycle`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#lifecycle-v1-core[$$Lifecycle$$]__ +|*`lifecycle`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#lifecycle-v1-core[$$Lifecycle$$]__ |Lifecycle hooks for container. -|*`features`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$]__ +|*`features`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-features[$$Features$$]__ |S3 related features can be disabled or enabled such as `bucketDNS` etc. -|*`certConfig`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig[$$CertificateConfig$$]__ +|*`certConfig`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-certificateconfig[$$CertificateConfig$$]__ |*Optional* + Enables setting the `CommonName`, `Organization`, and `dnsName` attributes for all TLS certificates automatically generated by the Operator. Configuring this object has no effect if `requestAutoCert` is `false`. + -|*`kes`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-kesconfig[$$KESConfig$$]__ +|*`kes`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-kesconfig[$$KESConfig$$]__ |*Optional* + Directs the MinIO Operator to deploy the https://github.com/minio/kes[MinIO Key Encryption Service] (KES) using the specified configuration. The MinIO KES supports performing server-side encryption of objects on the MiNIO Tenant. + -|*`prometheusOperator`* __boolean__ +|*`prometheusOperator`* __boolean__ |*Optional* + @@ -1092,13 +1111,13 @@ Directs the MinIO Operator to use prometheus operator. + Tenant scrape configuration will be added to prometheus managed by the prometheus-operator. -|*`serviceAccountName`* __string__ +|*`serviceAccountName`* __string__ |*Optional* + The https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/[Kubernetes Service Account] to use for running MinIO pods created as part of the Tenant. + -|*`priorityClassName`* __string__ +|*`priorityClassName`* __string__ |*Optional* + @@ -1108,7 +1127,7 @@ This is applied to MinIO pods only. + Refer Kubernetes https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass[Priority Class documentation] for more complete documentation. -|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#pullpolicy-v1-core[$$PullPolicy$$]__ +|*`imagePullPolicy`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#pullpolicy-v1-core[$$PullPolicy$$]__ |*Optional* + @@ -1126,25 +1145,25 @@ The pull policy for the MinIO Docker image. Specify one of the following: + Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images -|*`sideCars`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-sidecars[$$SideCars$$]__ +|*`sideCars`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-sidecars[$$SideCars$$]__ |*Optional* + A list of containers to run as sidecars along every MinIO Pod deployed in the tenant. -|*`exposeServices`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-exposeservices[$$ExposeServices$$]__ +|*`exposeServices`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-exposeservices[$$ExposeServices$$]__ |*Optional* + Directs the Operator to expose the MinIO and/or Console services. + -|*`serviceMetadata`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata[$$ServiceMetadata$$]__ +|*`serviceMetadata`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata[$$ServiceMetadata$$]__ |*Optional* + Specify custom labels and annotations to append to the MinIO service and/or Console service. -|*`users`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$] array__ +|*`users`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$] array__ |*Optional* + @@ -1165,38 +1184,38 @@ Each referenced Kubernetes secret must include the following fields: + The Operator creates each user with the `consoleAdmin` policy by default. You can change the assigned policy after the Tenant starts. + -|*`buckets`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-bucket[$$Bucket$$] array__ +|*`buckets`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-bucket[$$Bucket$$] array__ |*Optional* + Create buckets when creating a new tenant. Skip if bucket with given name already exists -|*`logging`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-logging[$$Logging$$]__ +|*`logging`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-logging[$$Logging$$]__ |*Optional* + Enable JSON, Anonymous logging for MinIO tenants. -|*`configuration`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ +|*`configuration`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ |*Optional* + Specify a secret that contains additional environment variable configurations to be used for the MinIO pools. The secret is expected to have a key named config.env containing all exported environment variables for MinIO+ -|*`initContainers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#container-v1-core[$$Container$$] array__ +|*`initContainers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#container-v1-core[$$Container$$] array__ |*Optional* + Add custom initContainers to StatefulSet -|*`additionalVolumes`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#volume-v1-core[$$Volume$$] array__ +|*`additionalVolumes`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#volume-v1-core[$$Volume$$] array__ |*Optional* + If provided, statefulset will add these volumes. You should set the rules for the corresponding volumes and volume mounts. We will not test this rule, k8s will show the result. -|*`additionalVolumeMounts`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#volumemount-v1-core[$$VolumeMount$$] array__ +|*`additionalVolumeMounts`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#volumemount-v1-core[$$VolumeMount$$] array__ |*Optional* + @@ -1204,6 +1223,9 @@ If provided, statefulset will add these volumes. You should set the rules for th |=== + + + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantusage"] ==== TenantUsage @@ -1214,27 +1236,28 @@ TenantUsage are metrics regarding the usage and capacity of the tenant - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantstatus[$$TenantStatus$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`capacity`* __integer__ +|*`capacity`* __integer__ |Capacity the usage capacity of this tenant in bytes. -|*`rawCapacity`* __integer__ +|*`rawCapacity`* __integer__ |Capacity the raw capacity of this tenant in bytes. -|*`usage`* __integer__ +|*`usage`* __integer__ |Usage is how much data is managed by MinIO in bytes. -|*`rawUsage`* __integer__ +|*`rawUsage`* __integer__ |Usage is the raw usage on disks in bytes. -|*`tiers`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tierusage[$$TierUsage$$] array__ +|*`tiers`* __xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tierusage[$$TierUsage$$] array__ |Tiers includes the usage of individual tiers in the tenant |=== + [id="{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tierusage"] ==== TierUsage @@ -1245,17 +1268,17 @@ TierUsage represents the usage from a tier setup by the tenant - xref:{anchor_prefix}-jackfan.us.kg-minio-operator-pkg-apis-minio-min-io-v2-tenantusage[$$TenantUsage$$] **** -[cols="25a,75a",options="header"] +[cols="25a,75a", options="header"] |=== | Field | Description -|*`Name`* __string__ +|*`Name`* __string__ |Name of the tier -|*`Type`* __string__ +|*`Type`* __string__ |type of the tier -|*`totalSize`* __integer__ +|*`totalSize`* __integer__ |TotalSize usage of the tier |=== diff --git a/examples/kustomization/base/tenant.yaml b/examples/kustomization/base/tenant.yaml index bf3195a353c..da46bb048ff 100644 --- a/examples/kustomization/base/tenant.yaml +++ b/examples/kustomization/base/tenant.yaml @@ -144,7 +144,7 @@ spec: ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret externalClientCertSecrets: [ ] ## Registry location and Tag to download MinIO Server image - image: quay.io/minio/minio:RELEASE.2024-05-01T01-11-10Z + image: quay.io/minio/minio:RELEASE.2024-07-13T01-46-15Z imagePullSecret: { } ## Mount path where PV will be mounted inside container(s). mountPath: /export @@ -226,7 +226,7 @@ spec: requestAutoCert: true ## Prometheus setup for MinIO Tenant. # prometheus: - # image: "" # defaults to quay.io/prometheus/prometheus:latest + # image: "" # defaults to quay.io/prometheus/prometheus:RELEASE.2024-07-11T18-01-28Z # env: [ ] # sidecarimage: "" # defaults to alpine # initimage: "" # defaults to busybox:1.33.1 @@ -253,7 +253,7 @@ spec: ## Audit Logs will be deprecated soon, commenting out for now!. ## LogSearch API setup for MinIO Tenant. # log: - # image: "" # defaults to minio/operator:v5.0.15 + # image: "" # defaults to minio/operator:v6.0.0 # env: [ ] # resources: { } # nodeSelector: { } diff --git a/examples/kustomization/tenant-certmanager-kes/tenant.yaml b/examples/kustomization/tenant-certmanager-kes/tenant.yaml index 2d03e229481..245c362d4c9 100644 --- a/examples/kustomization/tenant-certmanager-kes/tenant.yaml +++ b/examples/kustomization/tenant-certmanager-kes/tenant.yaml @@ -14,7 +14,7 @@ spec: externalCertSecret: name: tenant-certmanager-2-tls type: cert-manager.io/v1 - image: minio/kes:2024-04-12T13-50-00Z + image: minio/kes:2024-06-17T15-47-05Z imagePullPolicy: IfNotPresent kesSecret: name: kes-configuration diff --git a/examples/kustomization/tenant-kes-encryption/tenant.yaml b/examples/kustomization/tenant-kes-encryption/tenant.yaml index 870402844db..93aa5fdac98 100644 --- a/examples/kustomization/tenant-kes-encryption/tenant.yaml +++ b/examples/kustomization/tenant-kes-encryption/tenant.yaml @@ -7,7 +7,7 @@ spec: ## Define configuration for KES (stateless and distributed key-management system) ## Refer https://github.com/minio/kes kes: - image: "" # minio/kes:2024-04-12T13-50-00Z + image: "" # minio/kes:2024-06-17T15-47-05Z env: [ ] replicas: 2 kesSecret: diff --git a/helm/operator/Chart.yaml b/helm/operator/Chart.yaml index 70764f45a72..a90cbf34bef 100644 --- a/helm/operator/Chart.yaml +++ b/helm/operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 5.0.15 -appVersion: v5.0.15 +version: 6.0.0 +appVersion: v6.0.0 keywords: - storage - object-storage diff --git a/helm/operator/templates/job.min.io_jobs.yaml b/helm/operator/templates/job.min.io_jobs.yaml index fcbff8679e3..f3ede94a243 100644 --- a/helm/operator/templates/job.min.io_jobs.yaml +++ b/helm/operator/templates/job.min.io_jobs.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 name: miniojobs.job.min.io spec: group: job.min.io @@ -1080,7 +1080,7 @@ spec: x-kubernetes-map-type: atomic type: array mcImage: - default: quay.io/minio/mc:latest + default: quay.io/minio/mc:RELEASE.2024-07-11T18-01-28Z type: string securityContext: properties: diff --git a/helm/operator/templates/minio.min.io_tenants.yaml b/helm/operator/templates/minio.min.io_tenants.yaml index 557c8b3fff9..c82bc8f535d 100644 --- a/helm/operator/templates/minio.min.io_tenants.yaml +++ b/helm/operator/templates/minio.min.io_tenants.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 name: tenants.minio.min.io spec: group: minio.min.io diff --git a/helm/operator/templates/sts.min.io_policybindings.yaml b/helm/operator/templates/sts.min.io_policybindings.yaml index 2ef71786929..27238e7b5a6 100644 --- a/helm/operator/templates/sts.min.io_policybindings.yaml +++ b/helm/operator/templates/sts.min.io_policybindings.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 name: policybindings.sts.min.io spec: group: sts.min.io diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index ba697ac846b..4c305b6363b 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -32,14 +32,14 @@ operator: ### # Specify the Operator container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.15 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.0 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.15 + # tag: v6.0.0 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -53,7 +53,7 @@ operator: # image: repository: quay.io/minio/operator - tag: v5.0.15 + tag: v6.0.0 pullPolicy: IfNotPresent ### # Specify the sidecar container image to deploy on tenant pods for init container and sidecar. diff --git a/helm/tenant/Chart.yaml b/helm/tenant/Chart.yaml index 31885cb5894..e71e247ab16 100644 --- a/helm/tenant/Chart.yaml +++ b/helm/tenant/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: tenant -version: 5.0.15 -appVersion: v5.0.15 +version: 6.0.0 +appVersion: v6.0.0 keywords: - storage - object-storage diff --git a/helm/tenant/values.yaml b/helm/tenant/values.yaml index d95cdd1a90c..2843338cc46 100644 --- a/helm/tenant/values.yaml +++ b/helm/tenant/values.yaml @@ -1,5 +1,5 @@ ### -# WARNING: '.secrets' is deprecated since v5.0.15 and will be removed in next minor release (i.e. v5.1.0). +# WARNING: '.secrets' is deprecated since v6.0.0 and will be removed in next minor release (i.e. v5.1.0). # WARNING: Please use '.tenant.configSecret' instead. # Root key for dynamically creating a secret for use with configuring root MinIO User # Specify the ``name`` and then a list of environment variables. @@ -48,14 +48,14 @@ tenant: ### # Specify the Operator container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.15 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.0 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/minio - # tag: RELEASE.2024-05-01T01-11-10Z + # tag: RELEASE.2024-07-13T01-46-15Z # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -70,7 +70,7 @@ tenant: # image: repository: quay.io/minio/minio - tag: RELEASE.2024-05-01T01-11-10Z + tag: RELEASE.2024-07-13T01-46-15Z pullPolicy: IfNotPresent ### # @@ -383,14 +383,14 @@ tenant: # # Image from tag (original behavior), for example: # # image: # # repository: quay.io/minio/kes - # # tag: 2024-04-12T13-50-00Z + # # tag: 2024-06-17T15-47-05Z # # Image from digest (added after original behavior), for example: # # image: # # repository: quay.io/minio/kes@sha256 # # digest: fb15af611149892f357a8a99d1bcd8bf5dae713bd64c15e6eb27fbdb88fc208b # image: # repository: quay.io/minio/kes - # tag: 2024-04-12T13-50-00Z + # tag: 2024-06-17T15-47-05Z # pullPolicy: IfNotPresent # env: [ ] # replicas: 2 diff --git a/pkg/apis/job.min.io/v1alpha1/types.go b/pkg/apis/job.min.io/v1alpha1/types.go index 6629ece35a5..c90e13a1711 100644 --- a/pkg/apis/job.min.io/v1alpha1/types.go +++ b/pkg/apis/job.min.io/v1alpha1/types.go @@ -35,7 +35,7 @@ const ( // +kubebuilder:resource:scope=Namespaced,shortName=miniojob,singular=miniojob // +kubebuilder:printcolumn:name="Tenant",type=string,JSONPath=`.spec.tenant.name` // +kubebuilder:printcolumn:name="Phase",type=string,JSONPath=`.spec.status.phase` -// +kubebuilder:metadata:annotations=operator.min.io/version=v5.0.15 +// +kubebuilder:metadata:annotations=operator.min.io/version=v6.0.0 // MinIOJob is a top-level type. A client is created for it type MinIOJob struct { @@ -96,7 +96,7 @@ type MinIOJobSpec struct { // The Docker image to use when deploying `mc` pods. Defaults to {mc-image}. + // +optional - // +kubebuilder:default="quay.io/minio/mc:latest" + // +kubebuilder:default="quay.io/minio/mc:RELEASE.2024-07-11T18-01-28Z" MCImage string `json:"mcImage,omitempty"` // *Optional* + diff --git a/pkg/apis/minio.min.io/v2/constants.go b/pkg/apis/minio.min.io/v2/constants.go index f23ae4d4cd7..abe0c347615 100644 --- a/pkg/apis/minio.min.io/v2/constants.go +++ b/pkg/apis/minio.min.io/v2/constants.go @@ -97,7 +97,7 @@ const MinIOVolumeMountPath = "/export" const MinIOVolumeSubPath = "" // DefaultMinIOImage specifies the default MinIO Docker hub image -const DefaultMinIOImage = "minio/minio:RELEASE.2024-05-01T01-11-10Z" +const DefaultMinIOImage = "minio/minio:RELEASE.2024-07-13T01-46-15Z" // DefaultMinIOUpdateURL specifies the default MinIO URL where binaries are // pulled from during MinIO upgrades @@ -134,8 +134,8 @@ const ConsoleAdminPolicyName = "consoleAdmin" // KES Related Constants -// DefaultKESImage specifies the latest KES Docker hub image -const DefaultKESImage = "minio/kes:2024-04-12T13-50-00Z" +// DefaultKESImage specifies the RELEASE.2024-07-11T18-01-28Z KES Docker hub image +const DefaultKESImage = "minio/kes:2024-06-17T15-47-05Z" // KESInstanceLabel is applied to the KES pods of a Tenant cluster const KESInstanceLabel = "v1.min.io/kes" diff --git a/pkg/apis/minio.min.io/v2/types.go b/pkg/apis/minio.min.io/v2/types.go index 2e7c449b2a9..1911341632f 100644 --- a/pkg/apis/minio.min.io/v2/types.go +++ b/pkg/apis/minio.min.io/v2/types.go @@ -31,7 +31,7 @@ import ( // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.currentState" // +kubebuilder:printcolumn:name="Health",type="string",JSONPath=".status.healthStatus" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:metadata:annotations=operator.min.io/version=v5.0.15 +// +kubebuilder:metadata:annotations=operator.min.io/version=v6.0.0 // +kubebuilder:storageversion type Tenant struct { metav1.TypeMeta `json:",inline"` diff --git a/pkg/apis/sts.min.io/v1beta1/types.go b/pkg/apis/sts.min.io/v1beta1/types.go index d239e56d089..314c9eeb12e 100644 --- a/pkg/apis/sts.min.io/v1beta1/types.go +++ b/pkg/apis/sts.min.io/v1beta1/types.go @@ -26,7 +26,7 @@ import ( // +kubebuilder:resource:scope=Namespaced,shortName=policybinding,singular=policybinding // +kubebuilder:printcolumn:name="State",type="string",JSONPath=".status.currentState" // +kubebuilder:printcolumn:name="Age",type="date",JSONPath=".metadata.creationTimestamp" -// +kubebuilder:metadata:annotations=operator.min.io/version=v5.0.15 +// +kubebuilder:metadata:annotations=operator.min.io/version=v6.0.0 // +kubebuilder:storageversion // +groupName=policybinding.sts.min.io // +versionName=v1beta1 diff --git a/pkg/resources/statefulsets/minio-sidecar.go b/pkg/resources/statefulsets/minio-sidecar.go index 58166dbfa58..b4645b5c8a9 100644 --- a/pkg/resources/statefulsets/minio-sidecar.go +++ b/pkg/resources/statefulsets/minio-sidecar.go @@ -23,7 +23,7 @@ import ( const ( // DefaultSidecarImage is the sidecar image to use for tenants - DefaultSidecarImage = "quay.io/minio/operator-sidecar:latest" + DefaultSidecarImage = "quay.io/minio/operator-sidecar:v6.0.0" ) var ( diff --git a/resources/base/crds/job.min.io_miniojobs.yaml b/resources/base/crds/job.min.io_miniojobs.yaml index fcbff8679e3..f3ede94a243 100644 --- a/resources/base/crds/job.min.io_miniojobs.yaml +++ b/resources/base/crds/job.min.io_miniojobs.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 name: miniojobs.job.min.io spec: group: job.min.io @@ -1080,7 +1080,7 @@ spec: x-kubernetes-map-type: atomic type: array mcImage: - default: quay.io/minio/mc:latest + default: quay.io/minio/mc:RELEASE.2024-07-11T18-01-28Z type: string securityContext: properties: diff --git a/resources/base/crds/minio.min.io_tenants.yaml b/resources/base/crds/minio.min.io_tenants.yaml index 557c8b3fff9..c82bc8f535d 100644 --- a/resources/base/crds/minio.min.io_tenants.yaml +++ b/resources/base/crds/minio.min.io_tenants.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 name: tenants.minio.min.io spec: group: minio.min.io diff --git a/resources/base/crds/sts.min.io_policybindings.yaml b/resources/base/crds/sts.min.io_policybindings.yaml index 2ef71786929..27238e7b5a6 100644 --- a/resources/base/crds/sts.min.io_policybindings.yaml +++ b/resources/base/crds/sts.min.io_policybindings.yaml @@ -4,7 +4,7 @@ kind: CustomResourceDefinition metadata: annotations: controller-gen.kubebuilder.io/version: v0.15.0 - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 name: policybindings.sts.min.io spec: group: sts.min.io diff --git a/resources/base/deployment.yaml b/resources/base/deployment.yaml index 16789a2d32a..8b22092765f 100644 --- a/resources/base/deployment.yaml +++ b/resources/base/deployment.yaml @@ -23,7 +23,7 @@ spec: serviceAccountName: minio-operator containers: - name: minio-operator - image: minio/operator:v5.0.15 + image: minio/operator:v6.0.0 imagePullPolicy: IfNotPresent args: - controller diff --git a/resources/kustomization.yaml b/resources/kustomization.yaml index 9a14e0b2d29..2f01a8d5b22 100644 --- a/resources/kustomization.yaml +++ b/resources/kustomization.yaml @@ -5,7 +5,7 @@ commonAnnotations: operator.min.io/authors: "MinIO, Inc." operator.min.io/license: "AGPLv3" operator.min.io/support: "https://subnet.min.io" - operator.min.io/version: v5.0.15 + operator.min.io/version: v6.0.0 commonLabels: app.kubernetes.io/name: operator resources: diff --git a/testing/console-tenant+kes.sh b/testing/console-tenant+kes.sh index 7f6c2ed8e8f..4144744d551 100755 --- a/testing/console-tenant+kes.sh +++ b/testing/console-tenant+kes.sh @@ -97,7 +97,7 @@ function test_kes_tenant() { sed -i -e 's/ROLE_ID/'"$ROLE_ID"'/g' "${SCRIPT_DIR}/kes-config.yaml" sed -i -e 's/SECRET_ID/'"$SECRET_ID"'/g' "${SCRIPT_DIR}/kes-config.yaml" cp "${SCRIPT_DIR}/kes-config.yaml" "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml" - yq e -i '.spec.kes.image = "minio/kes:2024-04-12T13-50-00Z"' "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption/tenant.yaml" + yq e -i '.spec.kes.image = "minio/kes:2024-06-17T15-47-05Z"' "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption/tenant.yaml" kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/tenant-kes-encryption" echo "Check Tenant Status in tenant-kms-encrypted namespace for myminio:" From c0e998a2db04f66810894269466d78ebd6b10907 Mon Sep 17 00:00:00 2001 From: pjuarezd Date: Tue, 16 Jul 2024 11:27:39 -0600 Subject: [PATCH 4/4] sync generated code Signed-off-by: pjuarezd --- docs/tenant_crd.adoc | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/docs/tenant_crd.adoc b/docs/tenant_crd.adoc index fb170bf24d7..8f30ef0e8c8 100644 --- a/docs/tenant_crd.adoc +++ b/docs/tenant_crd.adoc @@ -915,18 +915,6 @@ Specify the secret key to use for pulling images from a private Docker repositor Pod Management Policy for pod created by StatefulSet -|*`credsSecret`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#localobjectreference-v1-core[$$LocalObjectReference$$]__ -|*optional* + - - -Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] to use for setting the MinIO root access key and secret key. Specify the secret as `name: `. The Kubernetes secret must contain the following fields: + - - -* `data.accesskey` - The access key for the root credentials + - - -* `data.secretkey` - The secret key for the root credentials + - |*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#envvar-v1-core[$$EnvVar$$] array__ |*Optional* +