From 4249de2a10dd244a0b9d728e26ac8af08cf4c379 Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Thu, 30 Jul 2020 21:21:39 -0600 Subject: [PATCH 1/9] update to 2.0.8 --- README.md | 2 +- deployment/manifests/README.md | 6 + .../manifests/instance/kustomization.yaml | 2 +- .../{instance.yaml => minioinstance.yaml} | 114 ++++++++------- deployment/manifests/operator/crd.yaml | 91 ++++++++++++ deployment/manifests/operator/deployment.yaml | 25 ++++ .../manifests/operator/kustomization.yaml | 61 +++++++- deployment/manifests/operator/namespace.yaml | 4 + deployment/manifests/operator/operator.yaml | 136 ------------------ deployment/manifests/operator/rbac.yaml | 80 +++++++++++ .../manifests/operator/service-account.yaml | 5 + 11 files changed, 334 insertions(+), 192 deletions(-) create mode 100644 deployment/manifests/README.md rename deployment/manifests/instance/{instance.yaml => minioinstance.yaml} (62%) create mode 100644 deployment/manifests/operator/crd.yaml create mode 100644 deployment/manifests/operator/deployment.yaml create mode 100644 deployment/manifests/operator/namespace.yaml delete mode 100644 deployment/manifests/operator/operator.yaml create mode 100644 deployment/manifests/operator/rbac.yaml create mode 100644 deployment/manifests/operator/service-account.yaml diff --git a/README.md b/README.md index 35b9f32..514f7ec 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Project [here](https://github.com/minio/minio-operator). MinIO is a high performance, distributed object storage system. It is software-defined, runs on industry standard hardware and is 100% open source under the Apache V2 license. -App Version: Operator 1.0.7, instance 1.0.7 +App Version: Operator 2.0.8, instance 2.0.8 Plugins: Additional docs for using and its plugins can be found at $URL The containers being used are maintained in the public/apps/minio registry. These containers ahve not been hardened, but have been retagged. When available hardened containers will be implemented. diff --git a/deployment/manifests/README.md b/deployment/manifests/README.md new file mode 100644 index 0000000..e8b0775 --- /dev/null +++ b/deployment/manifests/README.md @@ -0,0 +1,6 @@ +# NOTES +This is unmodified manifest code version 2.0.9 from +https://github.com/minio/operator/tree/2.0.9 +Any needed changes are made in kustomize overlays. + +This is an older version but it must match the latest IronBank hardened image version as close as possible. \ No newline at end of file diff --git a/deployment/manifests/instance/kustomization.yaml b/deployment/manifests/instance/kustomization.yaml index f9b18ec..bd5ad49 100644 --- a/deployment/manifests/instance/kustomization.yaml +++ b/deployment/manifests/instance/kustomization.yaml @@ -2,4 +2,4 @@ namespace: minio resources: - namespace.yaml - - instance.yaml + - minioinstance.yaml diff --git a/deployment/manifests/instance/instance.yaml b/deployment/manifests/instance/minioinstance.yaml similarity index 62% rename from deployment/manifests/instance/instance.yaml rename to deployment/manifests/instance/minioinstance.yaml index 7da851a..2cf1d6f 100644 --- a/deployment/manifests/instance/instance.yaml +++ b/deployment/manifests/instance/minioinstance.yaml @@ -3,12 +3,27 @@ kind: Secret metadata: name: minio-creds-secret type: Opaque -# srtm: IA-5(1)(c) cryptographically stored authenticator data: accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) --- -apiVersion: miniocontroller.min.io/v1beta1 +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + # Optional field + # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767) + # nodePort: 30007 + selector: + app: minio +--- +apiVersion: operator.min.io/v1 kind: MinIOInstance metadata: name: minio @@ -17,8 +32,9 @@ metadata: # scheduler: # name: my-custom-scheduler spec: - ## Add metadata to the pods created by the StatefulSet + ## Add metadata to the all pods created by the StatefulSet metadata: + ## Optionally pass labels to be applied to the statefulset pods labels: app: minio annotations: @@ -26,31 +42,54 @@ spec: prometheus.io/port: "9000" prometheus.io/scrape: "true" ## Registry location and Tag to download MinIO Server image - image: registry.dsop.io/platform-one/apps/minio/instance:RELEASE.2020-01-03T19-12-21Z - # Commented to pull from P1 reg - image: minio/minio:RELEASE.2020-01-03T19-12-21Z + image: minio/minio:RELEASE.2020-06-18T02-23-35Z + ## A ClusterIP Service will be created with the given name + serviceName: minio-internal-service + zones: + - name: "zone-0" + ## Number of MinIO servers/pods in this zone. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + servers: 4 + ## Supply number of volumes to be mounted per MinIO server instance. + volumesPerServer: 4 + ## Mount path where PV will be mounted inside container(s). Defaults to "/export". + mountPath: /export + ## Sub path inside Mount path where MinIO starts. Defaults to "". + # subPath: /data + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO cluster. + ## Please do not change the volumeClaimTemplate field while expanding the cluster, this may + ## lead to unbound PVCs and missing data + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Ti ## Secret with credentials to be used by MinIO instance. credsSecret: name: minio-creds-secret - ## Supply number of replicas. - ## For standalone mode, supply 1. For distributed mode, supply 4 or more (should be even). - ## Note that the operator does not support upgrading from standalone to distributed mode. - replicas: 4 ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. Defaults to "Parallel" - ## If set to "OrderedReady", then disable Readiness checks below. Readiness check will only - ## work if PodManagementPolicy is set to "Parallel". podManagementPolicy: Parallel + ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained + ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + # externalCertSecret: + # name: tls-ssl-minio ## Enable Kubernetes based certificate generation and signing as explained in ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster requestAutoCert: false ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. ## Internal DNS name for the pod will be used if CommonName is not provided. + ## DNS name format is minio-{0...3}.minio.default.svc.cluster.local certConfig: commonName: "" organizationName: [] dnsNames: [] - ## Used to specify a toleration for a pod # tolerations: # - effect: NoSchedule @@ -58,36 +97,22 @@ spec: # operator: Equal # value: storage ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) - env: - - name: MINIO_BROWSER - value: "on" - # - name: MINIO_STORAGE_CLASS_RRS + # env: + # - name: MINIO_BROWSER + # value: "off" # to turn-off browser + # - name: MINIO_STORAGE_CLASS_STANDARD # value: "EC:2" ## Configure resource requests and limits for MinIO containers - resources: - requests: - memory: 512Mi - cpu: 250m + # resources: + # requests: + # memory: 20Gi ## Liveness probe detects situations where MinIO server instance ## is not working properly and needs restart. Kubernetes automatically ## restarts the pods if liveness checks fail. liveness: - httpGet: - path: /minio/health/live - port: 9000 - initialDelaySeconds: 120 - periodSeconds: 20 - ## Readiness probe detects situations when MinIO server instance - ## is not ready to accept traffic. Kubernetes doesn't forward - ## traffic to the pod while readiness checks fail. - ## Readiness check will only work if PodManagementPolicy is set to "Parallel". - ## Disable this check if you're setting PodManagementPolicy to "OrderedReady". - readiness: - httpGet: - path: /minio/health/ready - port: 9000 - initialDelaySeconds: 120 - periodSeconds: 20 + initialDelaySeconds: 10 + periodSeconds: 1 + timeoutSeconds: 1 ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be ## eligible to run on a node, the node must have each of the ## indicated key-value pairs as labels. @@ -97,20 +122,3 @@ spec: ## Affinity settings for MinIO pods. Read more about affinity ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. # affinity: - ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained - ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - # externalCertSecret: - # name: tls-ssl-minio - ## Mountpath where PV will be mounted inside container(s). Defaults to "/export". - # mountPath: /export - ## Subpath inside Mountpath where MinIO starts. Defaults to "". - # subPath: /data - volumeClaimTemplate: - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 10Gi diff --git a/deployment/manifests/operator/crd.yaml b/deployment/manifests/operator/crd.yaml new file mode 100644 index 0000000..c5254f0 --- /dev/null +++ b/deployment/manifests/operator/crd.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: minioinstances.operator.min.io +spec: + group: operator.min.io + scope: Namespaced + names: + kind: MinIOInstance + singular: minioinstance + plural: minioinstances + versions: + - name: v1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more details + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + replicas: + type: integer + minimum: 1 + maximum: 32 + image: + type: string + serviceName: + type: string + volumesPerServer: + type: integer + mountPath: + type: string + podManagementPolicy: + type: string + enum: [Parallel,OrderedReady] + default: Parallel + requestAutoCert: + type: boolean + default: false + version: + type: string + mountpath: + type: string + subpath: + type: string + mcs: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + image: + type: string + replicas: + type: integer + default: 2 + mcsSecret: + type: object + properties: + name: + type: string + kes: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + image: + type: string + replicas: + type: integer + default: 2 + kesSecret: + type: object + properties: + name: + type: string + status: + type: object + properties: + currentState: + type: string + subresources: + # status enables the status subresource. + status: {} + additionalPrinterColumns: + - name: Current State + type: string + jsonPath: ".status.currentState" diff --git a/deployment/manifests/operator/deployment.yaml b/deployment/manifests/operator/deployment.yaml new file mode 100644 index 0000000..48fe5c7 --- /dev/null +++ b/deployment/manifests/operator/deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + name: minio-operator + template: + metadata: + labels: + name: minio-operator + spec: + serviceAccountName: minio-operator + containers: + - name: minio-operator + image: minio/k8s-operator:2.0.6 + imagePullPolicy: IfNotPresent + env: + - name: CLUSTER_DOMAIN + value: $(CLUSTER_DOMAIN) + - name: WATCHED_NAMESPACE + value: $(WATCHED_NAMESPACE) diff --git a/deployment/manifests/operator/kustomization.yaml b/deployment/manifests/operator/kustomization.yaml index 1647d37..d0c15a9 100644 --- a/deployment/manifests/operator/kustomization.yaml +++ b/deployment/manifests/operator/kustomization.yaml @@ -1,4 +1,63 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization namespace: minio-operator +# Configure number of MinIO Operator Deployment Replicas +replicas: + - name: minio-operator + count: 1 + +# Configure repo and tag of MinIO Operator Image +images: + - name: minio/k8s-operator + newName: minio/k8s-operator + newTag: 2.0.6 + +# Configure the Cluster Domain and NameSpace to Watch +configMapGenerator: + - name: operator-env + literals: + - CLUSTER_DOMAIN="cluster.local" + - WATCHED_NAMESPACE="default" + +# Configure the Namespace and ServiceAccount name +patchesJson6902: + - target: + version: v1 + kind: ServiceAccount + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + - target: + version: v1 + kind: Namespace + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + +vars: + - name: CLUSTER_DOMAIN + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.CLUSTER_DOMAIN + - name: WATCHED_NAMESPACE + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.WATCHED_NAMESPACE + resources: - - operator.yaml + - namespace.yaml + - service-account.yaml + - crd.yaml + - rbac.yaml + - deployment.yaml diff --git a/deployment/manifests/operator/namespace.yaml b/deployment/manifests/operator/namespace.yaml new file mode 100644 index 0000000..1002072 --- /dev/null +++ b/deployment/manifests/operator/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio-operator diff --git a/deployment/manifests/operator/operator.yaml b/deployment/manifests/operator/operator.yaml deleted file mode 100644 index 694d3d0..0000000 --- a/deployment/manifests/operator/operator.yaml +++ /dev/null @@ -1,136 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: minio-operator ---- -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: minioinstances.miniocontroller.min.io -spec: - group: miniocontroller.min.io - version: v1beta1 - scope: Namespaced - names: - kind: MinIOInstance - singular: minioinstance - plural: minioinstances - preserveUnknownFields: true - validation: - # openAPIV3Schema is the schema for validating custom objects. - # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema - # for more details - openAPIV3Schema: - type: object - properties: - spec: - type: object - properties: - replicas: - type: integer - minimum: 1 - maximum: 32 - version: - type: string - mountpath: - type: string - subpath: - type: string - additionalPrinterColumns: - - name: Replicas - type: integer - JSONPath: ".spec.replicas" ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: minio-operator-role -rules: -- apiGroups: - - "" - resources: - - namespaces - - secrets - - pods - - services - - events - verbs: - - get - - watch - - create - - list - - patch -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - create - - list - - patch - - watch - - update -- apiGroups: - - "certificates.k8s.io" - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: - - update - - create - - get -- apiGroups: - - miniocontroller.min.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - min.io - resources: - - "*" - verbs: - - "*" ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: minio-operator-sa - namespace: minio-operator ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: minio-operator-binding - namespace: minio-operator -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: minio-operator-role -subjects: -- kind: ServiceAccount - name: minio-operator-sa - namespace: minio-operator ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio-operator - namespace: minio-operator -spec: - replicas: 1 - selector: - matchLabels: - name: minio-operator - template: - metadata: - labels: - name: minio-operator - spec: - serviceAccountName: minio-operator-sa - containers: - - name: minio-operator - image: registry.dsop.io/platform-one/apps/minio/operator:1.0.7 - imagePullPolicy: IfNotPresent diff --git a/deployment/manifests/operator/rbac.yaml b/deployment/manifests/operator/rbac.yaml new file mode 100644 index 0000000..ea3a796 --- /dev/null +++ b/deployment/manifests/operator/rbac.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: minio-operator-role +rules: +- apiGroups: + - "" + resources: + - namespaces + - secrets + - pods + - services + - events + verbs: + - get + - watch + - create + - list + - delete +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - get + - create + - list + - patch + - watch + - update + - delete +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - create + - list + - patch + - watch + - update + - delete +- apiGroups: + - "certificates.k8s.io" + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: + - update + - create + - get + - delete +- apiGroups: + - operator.min.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - min.io + resources: + - "*" + verbs: + - "*" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: minio-operator-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: minio-operator-role +subjects: +- kind: ServiceAccount + name: minio-operator + namespace: default diff --git a/deployment/manifests/operator/service-account.yaml b/deployment/manifests/operator/service-account.yaml new file mode 100644 index 0000000..04b7c1f --- /dev/null +++ b/deployment/manifests/operator/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: minio-operator + namespace: default -- GitLab From 447ce963d455dc23d944fe026e6d5445004fdedc Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Wed, 5 Aug 2020 11:11:58 -0600 Subject: [PATCH 2/9] re-organize directories --- .../kustomization.yaml | 2 +- .../namespace.yaml | 0 .../vendor-code}/minioinstance.yaml | 2 +- .../minio-operator/kustomization.yaml | 63 +++++++++++++++++++ .../vendor-code}/crd.yaml | 0 .../vendor-code}/deployment.yaml | 0 .../vendor-code}/kustomization.yaml | 0 .../vendor-code}/namespace.yaml | 0 .../vendor-code}/rbac.yaml | 0 .../vendor-code}/service-account.yaml | 0 10 files changed, 65 insertions(+), 2 deletions(-) rename deployment/manifests/{instance => minio-instance}/kustomization.yaml (57%) rename deployment/manifests/{instance => minio-instance}/namespace.yaml (100%) rename deployment/manifests/{instance => minio-instance/vendor-code}/minioinstance.yaml (98%) create mode 100644 deployment/manifests/minio-operator/kustomization.yaml rename deployment/manifests/{operator => minio-operator/vendor-code}/crd.yaml (100%) rename deployment/manifests/{operator => minio-operator/vendor-code}/deployment.yaml (100%) rename deployment/manifests/{operator => minio-operator/vendor-code}/kustomization.yaml (100%) rename deployment/manifests/{operator => minio-operator/vendor-code}/namespace.yaml (100%) rename deployment/manifests/{operator => minio-operator/vendor-code}/rbac.yaml (100%) rename deployment/manifests/{operator => minio-operator/vendor-code}/service-account.yaml (100%) diff --git a/deployment/manifests/instance/kustomization.yaml b/deployment/manifests/minio-instance/kustomization.yaml similarity index 57% rename from deployment/manifests/instance/kustomization.yaml rename to deployment/manifests/minio-instance/kustomization.yaml index bd5ad49..01d4de4 100644 --- a/deployment/manifests/instance/kustomization.yaml +++ b/deployment/manifests/minio-instance/kustomization.yaml @@ -2,4 +2,4 @@ namespace: minio resources: - namespace.yaml - - minioinstance.yaml + - vendor-code/minioinstance.yaml diff --git a/deployment/manifests/instance/namespace.yaml b/deployment/manifests/minio-instance/namespace.yaml similarity index 100% rename from deployment/manifests/instance/namespace.yaml rename to deployment/manifests/minio-instance/namespace.yaml diff --git a/deployment/manifests/instance/minioinstance.yaml b/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml similarity index 98% rename from deployment/manifests/instance/minioinstance.yaml rename to deployment/manifests/minio-instance/vendor-code/minioinstance.yaml index 2cf1d6f..6f909d7 100644 --- a/deployment/manifests/instance/minioinstance.yaml +++ b/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml @@ -42,7 +42,7 @@ spec: prometheus.io/port: "9000" prometheus.io/scrape: "true" ## Registry location and Tag to download MinIO Server image - image: minio/minio:RELEASE.2020-06-18T02-23-35Z + image: image: minio/minio:RELEASE.2020-07-13T18-09-56Z ## A ClusterIP Service will be created with the given name serviceName: minio-internal-service zones: diff --git a/deployment/manifests/minio-operator/kustomization.yaml b/deployment/manifests/minio-operator/kustomization.yaml new file mode 100644 index 0000000..c9200c0 --- /dev/null +++ b/deployment/manifests/minio-operator/kustomization.yaml @@ -0,0 +1,63 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio-operator + +# Configure number of MinIO Operator Deployment Replicas +replicas: + - name: minio-operator + count: 1 + +# Configure repo and tag of MinIO Operator Image +images: + - name: minio/k8s-operator + newName: minio/k8s-operator + newTag: 2.0.6 + +# Configure the Cluster Domain and NameSpace to Watch +configMapGenerator: + - name: operator-env + literals: + - CLUSTER_DOMAIN="cluster.local" + - WATCHED_NAMESPACE="minio" + +# Configure the Namespace and ServiceAccount name +patchesJson6902: + - target: + version: v1 + kind: ServiceAccount + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + - target: + version: v1 + kind: Namespace + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + +vars: + - name: CLUSTER_DOMAIN + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.CLUSTER_DOMAIN + - name: WATCHED_NAMESPACE + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.WATCHED_NAMESPACE + +resources: + - vendor-code/namespace.yaml + - vendor-code/service-account.yaml + - vendor-code/crd.yaml + - vendor-code/rbac.yaml + - vendor-code/deployment.yaml diff --git a/deployment/manifests/operator/crd.yaml b/deployment/manifests/minio-operator/vendor-code/crd.yaml similarity index 100% rename from deployment/manifests/operator/crd.yaml rename to deployment/manifests/minio-operator/vendor-code/crd.yaml diff --git a/deployment/manifests/operator/deployment.yaml b/deployment/manifests/minio-operator/vendor-code/deployment.yaml similarity index 100% rename from deployment/manifests/operator/deployment.yaml rename to deployment/manifests/minio-operator/vendor-code/deployment.yaml diff --git a/deployment/manifests/operator/kustomization.yaml b/deployment/manifests/minio-operator/vendor-code/kustomization.yaml similarity index 100% rename from deployment/manifests/operator/kustomization.yaml rename to deployment/manifests/minio-operator/vendor-code/kustomization.yaml diff --git a/deployment/manifests/operator/namespace.yaml b/deployment/manifests/minio-operator/vendor-code/namespace.yaml similarity index 100% rename from deployment/manifests/operator/namespace.yaml rename to deployment/manifests/minio-operator/vendor-code/namespace.yaml diff --git a/deployment/manifests/operator/rbac.yaml b/deployment/manifests/minio-operator/vendor-code/rbac.yaml similarity index 100% rename from deployment/manifests/operator/rbac.yaml rename to deployment/manifests/minio-operator/vendor-code/rbac.yaml diff --git a/deployment/manifests/operator/service-account.yaml b/deployment/manifests/minio-operator/vendor-code/service-account.yaml similarity index 100% rename from deployment/manifests/operator/service-account.yaml rename to deployment/manifests/minio-operator/vendor-code/service-account.yaml -- GitLab From 252982101a58704ea537a41eec1da2bc89b4ae38 Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Wed, 5 Aug 2020 12:02:06 -0600 Subject: [PATCH 3/9] fix vendor code --- .../manifests/minio-instance/vendor-code/minioinstance.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml b/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml index 6f909d7..136cf00 100644 --- a/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml +++ b/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml @@ -42,7 +42,7 @@ spec: prometheus.io/port: "9000" prometheus.io/scrape: "true" ## Registry location and Tag to download MinIO Server image - image: image: minio/minio:RELEASE.2020-07-13T18-09-56Z + image: minio/minio:RELEASE.2020-07-13T18-09-56Z ## A ClusterIP Service will be created with the given name serviceName: minio-internal-service zones: -- GitLab From b08221e99271999b586583cc85b9bc2b93ff1451 Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Wed, 5 Aug 2020 15:36:51 -0600 Subject: [PATCH 4/9] hardened image --- deployment/manifests/minio-instance/kustomization.yaml | 4 ++++ .../manifests/minio-instance/patches/image-patch.yaml | 7 +++++++ deployment/manifests/minio-operator/kustomization.yaml | 6 +++--- 3 files changed, 14 insertions(+), 3 deletions(-) create mode 100644 deployment/manifests/minio-instance/patches/image-patch.yaml diff --git a/deployment/manifests/minio-instance/kustomization.yaml b/deployment/manifests/minio-instance/kustomization.yaml index 01d4de4..9eb6397 100644 --- a/deployment/manifests/minio-instance/kustomization.yaml +++ b/deployment/manifests/minio-instance/kustomization.yaml @@ -3,3 +3,7 @@ namespace: minio resources: - namespace.yaml - vendor-code/minioinstance.yaml + +patchesStrategicMerge: + # use IronBank hardened image + - patches/image-patch.yaml diff --git a/deployment/manifests/minio-instance/patches/image-patch.yaml b/deployment/manifests/minio-instance/patches/image-patch.yaml new file mode 100644 index 0000000..6b70b6f --- /dev/null +++ b/deployment/manifests/minio-instance/patches/image-patch.yaml @@ -0,0 +1,7 @@ +apiVersion: operator.min.io/v1 +kind: MinIOInstance +metadata: + name: minio +spec: + # use IronBank hardened image + image: registry.dsop.io/platform-one/apps/minio/instance:RELEASE.2020-07-02T00-15-09Z diff --git a/deployment/manifests/minio-operator/kustomization.yaml b/deployment/manifests/minio-operator/kustomization.yaml index c9200c0..7a56ffe 100644 --- a/deployment/manifests/minio-operator/kustomization.yaml +++ b/deployment/manifests/minio-operator/kustomization.yaml @@ -7,11 +7,11 @@ replicas: - name: minio-operator count: 1 -# Configure repo and tag of MinIO Operator Image +# use IronBank hardened image images: - name: minio/k8s-operator - newName: minio/k8s-operator - newTag: 2.0.6 + newName: registry.dsop.io/platform-one/apps/minio/operator + newTag: 2.0.9 # Configure the Cluster Domain and NameSpace to Watch configMapGenerator: -- GitLab From 3fee56b3bfe5bdf125073f67d16e2a3e93e65e5d Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Fri, 7 Aug 2020 06:49:37 -0600 Subject: [PATCH 5/9] rename directory --- deployment/manifests/minio-instance/kustomization.yaml | 2 +- .../{vendor-code => upstream}/minioinstance.yaml | 0 deployment/manifests/minio-operator/kustomization.yaml | 10 +++++----- .../minio-operator/{vendor-code => upstream}/crd.yaml | 0 .../{vendor-code => upstream}/deployment.yaml | 0 .../{vendor-code => upstream}/kustomization.yaml | 0 .../{vendor-code => upstream}/namespace.yaml | 0 .../minio-operator/{vendor-code => upstream}/rbac.yaml | 0 .../{vendor-code => upstream}/service-account.yaml | 0 9 files changed, 6 insertions(+), 6 deletions(-) rename deployment/manifests/minio-instance/{vendor-code => upstream}/minioinstance.yaml (100%) rename deployment/manifests/minio-operator/{vendor-code => upstream}/crd.yaml (100%) rename deployment/manifests/minio-operator/{vendor-code => upstream}/deployment.yaml (100%) rename deployment/manifests/minio-operator/{vendor-code => upstream}/kustomization.yaml (100%) rename deployment/manifests/minio-operator/{vendor-code => upstream}/namespace.yaml (100%) rename deployment/manifests/minio-operator/{vendor-code => upstream}/rbac.yaml (100%) rename deployment/manifests/minio-operator/{vendor-code => upstream}/service-account.yaml (100%) diff --git a/deployment/manifests/minio-instance/kustomization.yaml b/deployment/manifests/minio-instance/kustomization.yaml index 9eb6397..4bbb186 100644 --- a/deployment/manifests/minio-instance/kustomization.yaml +++ b/deployment/manifests/minio-instance/kustomization.yaml @@ -2,7 +2,7 @@ namespace: minio resources: - namespace.yaml - - vendor-code/minioinstance.yaml + - upstream/minioinstance.yaml patchesStrategicMerge: # use IronBank hardened image diff --git a/deployment/manifests/minio-instance/vendor-code/minioinstance.yaml b/deployment/manifests/minio-instance/upstream/minioinstance.yaml similarity index 100% rename from deployment/manifests/minio-instance/vendor-code/minioinstance.yaml rename to deployment/manifests/minio-instance/upstream/minioinstance.yaml diff --git a/deployment/manifests/minio-operator/kustomization.yaml b/deployment/manifests/minio-operator/kustomization.yaml index 7a56ffe..c64cbeb 100644 --- a/deployment/manifests/minio-operator/kustomization.yaml +++ b/deployment/manifests/minio-operator/kustomization.yaml @@ -56,8 +56,8 @@ vars: fieldpath: data.WATCHED_NAMESPACE resources: - - vendor-code/namespace.yaml - - vendor-code/service-account.yaml - - vendor-code/crd.yaml - - vendor-code/rbac.yaml - - vendor-code/deployment.yaml + - upstream/namespace.yaml + - upstream/service-account.yaml + - upstream/crd.yaml + - upstream/rbac.yaml + - upstream/deployment.yaml diff --git a/deployment/manifests/minio-operator/vendor-code/crd.yaml b/deployment/manifests/minio-operator/upstream/crd.yaml similarity index 100% rename from deployment/manifests/minio-operator/vendor-code/crd.yaml rename to deployment/manifests/minio-operator/upstream/crd.yaml diff --git a/deployment/manifests/minio-operator/vendor-code/deployment.yaml b/deployment/manifests/minio-operator/upstream/deployment.yaml similarity index 100% rename from deployment/manifests/minio-operator/vendor-code/deployment.yaml rename to deployment/manifests/minio-operator/upstream/deployment.yaml diff --git a/deployment/manifests/minio-operator/vendor-code/kustomization.yaml b/deployment/manifests/minio-operator/upstream/kustomization.yaml similarity index 100% rename from deployment/manifests/minio-operator/vendor-code/kustomization.yaml rename to deployment/manifests/minio-operator/upstream/kustomization.yaml diff --git a/deployment/manifests/minio-operator/vendor-code/namespace.yaml b/deployment/manifests/minio-operator/upstream/namespace.yaml similarity index 100% rename from deployment/manifests/minio-operator/vendor-code/namespace.yaml rename to deployment/manifests/minio-operator/upstream/namespace.yaml diff --git a/deployment/manifests/minio-operator/vendor-code/rbac.yaml b/deployment/manifests/minio-operator/upstream/rbac.yaml similarity index 100% rename from deployment/manifests/minio-operator/vendor-code/rbac.yaml rename to deployment/manifests/minio-operator/upstream/rbac.yaml diff --git a/deployment/manifests/minio-operator/vendor-code/service-account.yaml b/deployment/manifests/minio-operator/upstream/service-account.yaml similarity index 100% rename from deployment/manifests/minio-operator/vendor-code/service-account.yaml rename to deployment/manifests/minio-operator/upstream/service-account.yaml -- GitLab From 85a8a0f6b4b969f2a74b4d3d2ecc86c52519bbeb Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Mon, 10 Aug 2020 07:40:22 -0600 Subject: [PATCH 6/9] update readme --- deployment/manifests/README.md | 30 +++++++++++++++++++++++++++++- 1 file changed, 29 insertions(+), 1 deletion(-) diff --git a/deployment/manifests/README.md b/deployment/manifests/README.md index e8b0775..e1f6f16 100644 --- a/deployment/manifests/README.md +++ b/deployment/manifests/README.md @@ -3,4 +3,32 @@ This is unmodified manifest code version 2.0.9 from https://github.com/minio/operator/tree/2.0.9 Any needed changes are made in kustomize overlays. -This is an older version but it must match the latest IronBank hardened image version as close as possible. \ No newline at end of file +This is an older version but it must match the latest IronBank hardened image version as close as possible. + +Minio is working with IronBank hardened images. + +## Important deployment note +The MinIO documentation does not clearly tell you that for distributed mode, the number of volumes per server must match to total number of servers. If you have 3 servers there must be 3 volumes per server. + +## Quick Minio test +https://docs.min.io/docs/minio-client-quickstart-guide +These instructions are for Linux but the link also has instructions for Mac. + +as root install minio client +``` +cd /usr/local/bin/ +wget https://dl.min.io/client/mc/release/linux-amd64/mc +chmod +x mc +./mc --help +``` +as regular user port-forward the headless minio service from the cluster +``` +kubectl port-forward svc/minio-hl-svc 9000:9000 -n minio +``` +as regular user +``` + mc alias set minio http://127.0.0.1:9000 minio minio123 + mc ls minio + mc mb minio/mybucket + mc ls minio +``` -- GitLab From 5e2b721c17b793745597f1c2ee3671f992711bd9 Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Mon, 10 Aug 2020 07:42:56 -0600 Subject: [PATCH 7/9] update readme --- deployment/manifests/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deployment/manifests/README.md b/deployment/manifests/README.md index e1f6f16..0c4aafc 100644 --- a/deployment/manifests/README.md +++ b/deployment/manifests/README.md @@ -8,7 +8,7 @@ This is an older version but it must match the latest IronBank hardened image ve Minio is working with IronBank hardened images. ## Important deployment note -The MinIO documentation does not clearly tell you that for distributed mode, the number of volumes per server must match to total number of servers. If you have 3 servers there must be 3 volumes per server. +The MinIO documentation does not clearly tell you that for distributed mode, the number of volumes per server must match the total number of servers. If you have 3 servers there must be 3 volumes per server. ## Quick Minio test https://docs.min.io/docs/minio-client-quickstart-guide -- GitLab From e3f6e030724e8a3a543b64e15ed83230b679682f Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Mon, 10 Aug 2020 07:49:05 -0600 Subject: [PATCH 8/9] update readme --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 514f7ec..4fa3c55 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,8 @@ Project [here](https://github.com/minio/minio-operator). MinIO is a high performance, distributed object storage system. It is software-defined, runs on industry standard hardware and is 100% open source under the Apache V2 license. -App Version: Operator 2.0.8, instance 2.0.8 +App Version: Operator 2.0.9, instance 2.0.9 + Plugins: Additional docs for using and its plugins can be found at $URL The containers being used are maintained in the public/apps/minio registry. These containers ahve not been hardened, but have been retagged. When available hardened containers will be implemented. -- GitLab From 630b13228de3099d2f068b7c3cb5695cde3fce6a Mon Sep 17 00:00:00 2001 From: Kevin Wilder Date: Mon, 10 Aug 2020 15:39:13 -0600 Subject: [PATCH 9/9] update readme --- deployment/manifests/README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deployment/manifests/README.md b/deployment/manifests/README.md index 0c4aafc..8afcc65 100644 --- a/deployment/manifests/README.md +++ b/deployment/manifests/README.md @@ -8,7 +8,8 @@ This is an older version but it must match the latest IronBank hardened image ve Minio is working with IronBank hardened images. ## Important deployment note -The MinIO documentation does not clearly tell you that for distributed mode, the number of volumes per server must match the total number of servers. If you have 3 servers there must be 3 volumes per server. +Refer to documentation for the minimum number of volumes per servers versus number of servers. +https://docs.min.io/docs/minio-server-limits-per-tenant.html ## Quick Minio test https://docs.min.io/docs/minio-client-quickstart-guide -- GitLab