From d885515faaba977ec67f6fbfc89eff287ea11d89 Mon Sep 17 00:00:00 2001 From: Thomas Burton Date: Mon, 22 Jun 2020 15:40:47 -0400 Subject: [PATCH 1/3] initial add to Public --- README.md | 60 ++++++++++++++++ instance/instance.yaml | 114 ++++++++++++++++++++++++++++++ instance/kustomization.yaml | 5 ++ instance/namespace.yaml | 4 ++ operator/kustomization.yaml | 4 ++ operator/operator.yaml | 136 ++++++++++++++++++++++++++++++++++++ 6 files changed, 323 insertions(+) create mode 100644 README.md create mode 100644 instance/instance.yaml create mode 100644 instance/kustomization.yaml create mode 100644 instance/namespace.yaml create mode 100644 operator/kustomization.yaml create mode 100644 operator/operator.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..35b9f32 --- /dev/null +++ b/README.md @@ -0,0 +1,60 @@ +# Minio Operator + +Project [here](https://github.com/minio/minio-operator). + +MinIO is a high performance, distributed object storage system. It is software-defined, runs on industry standard hardware and is 100% open source under the Apache V2 license. + +App Version: Operator 1.0.7, instance 1.0.7 +Plugins: +Additional docs for using and its plugins can be found at $URL +The containers being used are maintained in the public/apps/minio registry. These containers ahve not been hardened, but have been retagged. When available hardened containers will be implemented. + +secrets=minio-creds-secret + +Usage + +Prerequisites + +Kubernetes cluster deployed +Kubernetes config installed in ~/.kube/config + + + + +Install kubectl +brew install kubectl +Install kustomize +brew install kustomize + +Deployment +Clone repository +git clone https://repo1.dsop.io/platform-one/apps/fluentd-elasticsearch.git +cd fluentd-elasticsearch +Apply kustomized manifest +kubectl -k ./ + +Operations +By default, this application will use an index prefix name of logstash. To verify and configure the +index, utilize Kibana Discover. +The Fluentd inputs and outputs are defined in the ConfigMap resource, which sources from the conf files. + +Container Environment Variables +These variables are patched in via kustomize and may require modifications depending on your +environment. + + + + + + +Contributing +Clone repository +git clone https://repo1.dsop.io/platform-one/apps/fluentd-elasticsearch.git +Create a feature branch +git checkout -b +Stage and commit changes +git add . +git commit -m "Made a change for reasons" +Push commits to upstream branch +git push -u origin +Create a new merge request \ No newline at end of file diff --git a/instance/instance.yaml b/instance/instance.yaml new file mode 100644 index 0000000..9fff99c --- /dev/null +++ b/instance/instance.yaml @@ -0,0 +1,114 @@ +apiVersion: v1 +kind: Secret +metadata: + name: minio-creds-secret +type: Opaque +data: + accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) + secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) +--- +apiVersion: miniocontroller.min.io/v1beta1 +kind: MinIOInstance +metadata: + name: minio +## If specified, MinIOInstance pods will be dispatched by specified scheduler. +## If not specified, the pod will be dispatched by default scheduler. +# scheduler: +# name: my-custom-scheduler +spec: + ## Add metadata to the pods created by the StatefulSet + metadata: + labels: + app: minio + annotations: + prometheus.io/path: /minio/prometheus/metrics + prometheus.io/port: "9000" + prometheus.io/scrape: "true" + ## Registry location and Tag to download MinIO Server image + image: minio/minio:RELEASE.2020-01-03T19-12-21Z + ## Secret with credentials to be used by MinIO instance. + credsSecret: + name: minio-creds-secret + ## Supply number of replicas. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more (should be even). + ## Note that the operator does not support upgrading from standalone to distributed mode. + replicas: 4 + ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. Defaults to "Parallel" + ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only + ## work if PodManagementPolicy is set to "Parallel". + podManagementPolicy: Parallel + ## Enable Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + requestAutoCert: false + ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. + ## Internal DNS name for the pod will be used if CommonName is not provided. + certConfig: + commonName: "" + organizationName: [] + dnsNames: [] + + ## Used to specify a toleration for a pod + # tolerations: + # - effect: NoSchedule + # key: dedicated + # operator: Equal + # value: storage + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: + - name: MINIO_BROWSER + value: "on" + # - name: MINIO_STORAGE_CLASS_RRS + # value: "EC:2" + ## Configure resource requests and limits for MinIO containers + resources: + requests: + memory: 512Mi + cpu: 250m + ## Liveness probe detects situations where MinIO server instance + ## is not working properly and needs restart. Kubernetes automatically + ## restarts the pods if liveness checks fail. + liveness: + httpGet: + path: /minio/health/live + port: 9000 + initialDelaySeconds: 120 + periodSeconds: 20 + ## Readiness probe detects situations when MinIO server instance + ## is not ready to accept traffic. Kubernetes doesn't forward + ## traffic to the pod while readiness checks fail. + ## Readiness check will only work if PodManagementPolicy is set to "Parallel". + ## Disable this check if you're setting PodManagementPolicy to "OrderedReady". + readiness: + httpGet: + path: /minio/health/ready + port: 9000 + initialDelaySeconds: 120 + periodSeconds: 20 + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + # nodeSelector: + # disktype: ssd + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + # affinity: + ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained + ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + # externalCertSecret: + # name: tls-ssl-minio + ## Mountpath where PV will be mounted inside container(s). Defaults to "/export". + # mountPath: /export + ## Subpath inside Mountpath where MinIO starts. Defaults to "". + # subPath: /data + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 10Gi diff --git a/instance/kustomization.yaml b/instance/kustomization.yaml new file mode 100644 index 0000000..f9b18ec --- /dev/null +++ b/instance/kustomization.yaml @@ -0,0 +1,5 @@ +namespace: minio + +resources: + - namespace.yaml + - instance.yaml diff --git a/instance/namespace.yaml b/instance/namespace.yaml new file mode 100644 index 0000000..7eb2613 --- /dev/null +++ b/instance/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio diff --git a/operator/kustomization.yaml b/operator/kustomization.yaml new file mode 100644 index 0000000..1647d37 --- /dev/null +++ b/operator/kustomization.yaml @@ -0,0 +1,4 @@ +namespace: minio-operator + +resources: + - operator.yaml diff --git a/operator/operator.yaml b/operator/operator.yaml new file mode 100644 index 0000000..3522018 --- /dev/null +++ b/operator/operator.yaml @@ -0,0 +1,136 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio-operator +--- +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: minioinstances.miniocontroller.min.io +spec: + group: miniocontroller.min.io + version: v1beta1 + scope: Namespaced + names: + kind: MinIOInstance + singular: minioinstance + plural: minioinstances + preserveUnknownFields: true + validation: + # openAPIV3Schema is the schema for validating custom objects. + # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more details + openAPIV3Schema: + type: object + properties: + spec: + type: object + properties: + replicas: + type: integer + minimum: 1 + maximum: 32 + version: + type: string + mountpath: + type: string + subpath: + type: string + additionalPrinterColumns: + - name: Replicas + type: integer + JSONPath: ".spec.replicas" +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: minio-operator-role +rules: +- apiGroups: + - "" + resources: + - namespaces + - secrets + - pods + - services + - events + verbs: + - get + - watch + - create + - list + - patch +- apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - create + - list + - patch + - watch + - update +- apiGroups: + - "certificates.k8s.io" + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: + - update + - create + - get +- apiGroups: + - miniocontroller.min.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - min.io + resources: + - "*" + verbs: + - "*" +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: minio-operator-sa + namespace: minio-operator +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: minio-operator-binding + namespace: minio-operator +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: minio-operator-role +subjects: +- kind: ServiceAccount + name: minio-operator-sa + namespace: minio-operator +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-operator + namespace: minio-operator +spec: + replicas: 1 + selector: + matchLabels: + name: minio-operator + template: + metadata: + labels: + name: minio-operator + spec: + serviceAccountName: minio-operator-sa + containers: + - name: minio-operator + image: minio/k8s-operator:1.0.7 + imagePullPolicy: IfNotPresent -- GitLab From ee8156bf84635403f0660e161c4b5294b2b016fa Mon Sep 17 00:00:00 2001 From: Thomas Burton Date: Mon, 22 Jun 2020 16:20:31 -0400 Subject: [PATCH 2/3] modified image registry --- instance/instance.yaml | 4 +++- operator/operator.yaml | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/instance/instance.yaml b/instance/instance.yaml index 9fff99c..7da851a 100644 --- a/instance/instance.yaml +++ b/instance/instance.yaml @@ -3,6 +3,7 @@ kind: Secret metadata: name: minio-creds-secret type: Opaque +# srtm: IA-5(1)(c) cryptographically stored authenticator data: accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) @@ -25,7 +26,8 @@ spec: prometheus.io/port: "9000" prometheus.io/scrape: "true" ## Registry location and Tag to download MinIO Server image - image: minio/minio:RELEASE.2020-01-03T19-12-21Z + image: registry.dsop.io/platform-one/apps/minio/instance:RELEASE.2020-01-03T19-12-21Z + # Commented to pull from P1 reg - image: minio/minio:RELEASE.2020-01-03T19-12-21Z ## Secret with credentials to be used by MinIO instance. credsSecret: name: minio-creds-secret diff --git a/operator/operator.yaml b/operator/operator.yaml index 3522018..496c805 100644 --- a/operator/operator.yaml +++ b/operator/operator.yaml @@ -132,5 +132,6 @@ spec: serviceAccountName: minio-operator-sa containers: - name: minio-operator - image: minio/k8s-operator:1.0.7 + image: registry.dsop.io/platform-one/apps/minio/operator:1.0.7 + # Modified to pull from P1 reg. image: minio/k8s-operator:1.0.7 imagePullPolicy: IfNotPresent -- GitLab From 2391d585f016708a925ef27dffe9e5ff7d3449eb Mon Sep 17 00:00:00 2001 From: Thomas Burton Date: Mon, 22 Jun 2020 16:23:31 -0400 Subject: [PATCH 3/3] modified image registry --- CHANGELOG.md | 5 +++++ CODEOWNERS.txt | 1 + CONTRIBUTING.md | 22 ++++++++++++++++++++++ 3 files changed, 28 insertions(+) create mode 100644 CHANGELOG.md create mode 100644 CODEOWNERS.txt create mode 100644 CONTRIBUTING.md diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 0000000..52561e9 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,5 @@ +#minio + +0.1.1 (06//2020) +Manifests for deploying minio 1.0.7 + diff --git a/CODEOWNERS.txt b/CODEOWNERS.txt new file mode 100644 index 0000000..3d0f655 --- /dev/null +++ b/CODEOWNERS.txt @@ -0,0 +1 @@ +* @big-bang diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 0000000..0907891 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,22 @@ +# Contributing + +Thanks for contributing to this repository! + +This repository follows the following conventions: + +* [Semantic Versioning](https://semver.org/) +* [Keep a Changelog](https://keepachangelog.com/) +* [Conventional Commits](https://www.conventionalcommits.org/) + +Development requires the Kubernetes CLI tool as well as a local Kubernetes cluster. [KIND](https://github.com/kubernetes-sigs/kind) is recommended as a lightweight local option for standing up Kubernetes clusters. + +To contribute a change: + +1. Create a branch on the cloned repository with a descriptive name, prefixed with your name. For example, `gd/add-ingress` is an appropriate branch name. +2. Make the changes in code. +3. Write tests using [KUTTL](https://kuttl.dev) and [Conftest](https://conftest.dev) +4. Make commits using the [Conventional Commits](https://www.conventionalcommits.org/) format. This helps with automation for changelog. Update `CHANGELOG.md` in the same commit using the [Keep a Changelog](https://keepachangelog.com). Depending on tooling maturity, this step may be automated. +5. Open a merge request using one of the provided templates. If this merge request is solving a preexisting issue, add the issue reference into the description of the MR. +6. During this time, ensure that all new commits are rebased into your branch so that it remains up to date with the `development` branch. +7. Wait for a maintainer of the repository (see CODEOWNERS) to approve. +8. If you have permissions to merge, you are responsible for merging. Otherwise, a CODEOWNER will merge the commit. -- GitLab