From d8032c10502b1782b497c4898b7ea0116e2a37d2 Mon Sep 17 00:00:00 2001 From: still Date: Tue, 19 Jan 2021 15:04:24 -0700 Subject: [PATCH 01/27] updating to new umbrella infrastructure --- README.md | 15 +- chart/Chart.yaml | 30 ++++ chart/templates/crd.yaml | 91 +++++++++++ chart/templates/deployment.yaml | 25 +++ chart/templates/namespace.yaml | 4 + chart/templates/rbac.yaml | 80 ++++++++++ chart/templates/service-account.yaml | 5 + chart/values.yaml | 223 +++++++++++++++++++++++++++ 8 files changed, 472 insertions(+), 1 deletion(-) create mode 100644 chart/Chart.yaml create mode 100644 chart/templates/crd.yaml create mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/namespace.yaml create mode 100644 chart/templates/rbac.yaml create mode 100644 chart/templates/service-account.yaml create mode 100644 chart/values.yaml diff --git a/README.md b/README.md index 4fa3c55..9b8b2ac 100644 --- a/README.md +++ b/README.md @@ -58,4 +58,17 @@ git add . git commit -m "Made a change for reasons" Push commits to upstream branch git push -u origin -Create a new merge request \ No newline at end of file +Create a new merge request + +# MINIO Operator + +Minio Operator on Kubernetes Operator chart. + + +## Deployment +``` +git clone https://repo1.dsop.io/platform-one/big-bang/apps/application-utilities/minio.git +cd minio +helm install minio chart +``` + diff --git a/chart/Chart.yaml b/chart/Chart.yaml new file mode 100644 index 0000000..151a883 --- /dev/null +++ b/chart/Chart.yaml @@ -0,0 +1,30 @@ +apiVersion: v2 + +name: minio-operator + +description: |- + A Helm chart for deploying the Minio operator: the official Kubernetes operator for deploying MINIO cluster. + +#home: https://github.com/elastic/cloud-on-k8s + +type: application + +version: 1.0.1 + +appVersion: 2.0.9 + +kubeVersion: ">=1.12.0-0" + +keywords: + - Minio + - Operator + +maintainers: + - name: me + email: + +dependencies: +# - name: eck-operator-crds +# version: 1.3.0 +# condition: installCRDs +# repository: "file://eck-operator-crds" diff --git a/chart/templates/crd.yaml b/chart/templates/crd.yaml new file mode 100644 index 0000000..c5254f0 --- /dev/null +++ b/chart/templates/crd.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: minioinstances.operator.min.io +spec: + group: operator.min.io + scope: Namespaced + names: + kind: MinIOInstance + singular: minioinstance + plural: minioinstances + versions: + - name: v1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more details + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + replicas: + type: integer + minimum: 1 + maximum: 32 + image: + type: string + serviceName: + type: string + volumesPerServer: + type: integer + mountPath: + type: string + podManagementPolicy: + type: string + enum: [Parallel,OrderedReady] + default: Parallel + requestAutoCert: + type: boolean + default: false + version: + type: string + mountpath: + type: string + subpath: + type: string + mcs: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + image: + type: string + replicas: + type: integer + default: 2 + mcsSecret: + type: object + properties: + name: + type: string + kes: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + image: + type: string + replicas: + type: integer + default: 2 + kesSecret: + type: object + properties: + name: + type: string + status: + type: object + properties: + currentState: + type: string + subresources: + # status enables the status subresource. + status: {} + additionalPrinterColumns: + - name: Current State + type: string + jsonPath: ".status.currentState" diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml new file mode 100644 index 0000000..48fe5c7 --- /dev/null +++ b/chart/templates/deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + name: minio-operator + template: + metadata: + labels: + name: minio-operator + spec: + serviceAccountName: minio-operator + containers: + - name: minio-operator + image: minio/k8s-operator:2.0.6 + imagePullPolicy: IfNotPresent + env: + - name: CLUSTER_DOMAIN + value: $(CLUSTER_DOMAIN) + - name: WATCHED_NAMESPACE + value: $(WATCHED_NAMESPACE) diff --git a/chart/templates/namespace.yaml b/chart/templates/namespace.yaml new file mode 100644 index 0000000..1002072 --- /dev/null +++ b/chart/templates/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio-operator diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml new file mode 100644 index 0000000..2de8bd2 --- /dev/null +++ b/chart/templates/rbac.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: minio-operator-role +rules: +- apiGroups: + - "" + resources: + - namespaces + - secrets + - pods + - services + - events + verbs: + - get + - watch + - create + - list + - delete +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - get + - create + - list + - patch + - watch + - update + - delete +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - create + - list + - patch + - watch + - update + - delete +- apiGroups: + - "certificates.k8s.io" + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: + - update + - create + - get + - delete +- apiGroups: + - operator.min.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - min.io + resources: + - "*" + verbs: + - "*" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: minio-operator-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: minio-operator-role +subjects: +- kind: ServiceAccount + name: minio-operator + namespace: default diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml new file mode 100644 index 0000000..04b7c1f --- /dev/null +++ b/chart/templates/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: minio-operator + namespace: default diff --git a/chart/values.yaml b/chart/values.yaml new file mode 100644 index 0000000..e690b5b --- /dev/null +++ b/chart/values.yaml @@ -0,0 +1,223 @@ +# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values. +nameOverride: "elastic-operator" + +# fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values. +fullnameOverride: "elastic-operator" + +# managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces. +managedNamespaces: [] + +# installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart. +# Note that CRDs are global resources and require cluster admin privileges to install. +# If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences. +# 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version. +# 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well. +installCRDs: true + +# replicaCount is the number of operator pods to run. +replicaCount: 1 + +image: + # repository is the container image prefixed by the registry name. + repository: docker.elastic.co/eck/eck-operator + # pullPolicy is the container image pull policy. + pullPolicy: IfNotPresent + # tag is the container image tag. If not defined, defaults to chart appVersion. + tag: null + +# imagePullSecrets defines the secrets to use when pulling the operator container image. +imagePullSecrets: [] + +# resources define the container resource limits for the operator. +resources: + limits: + cpu: 1 + memory: 512Mi + requests: + cpu: 100m + memory: 150Mi + +# podAnnotations define the annotations that should be added to the operator pod. +podAnnotations: {} + +# podSecurityContext defines the pod security context for the operator pod. +podSecurityContext: + runAsNonRoot: true + +# securityContext defines the security context of the operator container. +securityContext: {} + +# nodeSelector defines the node selector for the operator pod. +nodeSelector: {} + +# tolerations defines the node tolerations for the operator pod. +tolerations: [] + +# affinity defines the node affinity rules for the operator pod. +affinity: {} + +# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created. +createClusterScopedResources: true + +serviceAccount: + # create specifies whether a service account should be created for the operator. + create: true + # annotations to add to the service account + annotations: {} + # name of the service account to use. If not set and create is true, a name is generated using the fullname template. + name: "" + +tracing: + # enabled specifies whether APM tracing is enabled for the operator. + enabled: false + # config is a map of APM Server configuration variables that should be set in the environment. + config: + ELASTIC_APM_SERVER_URL: http://localhost:8200 + ELASTIC_APM_SERVER_TIMEOUT: 30s + +refs: + # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources. + enforceRBAC: false + +webhook: + # enabled determines whether the webhook is installed. + enabled: true + # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null. + caBundle: Cg== + # certManagerCert is the name of the cert-manager certificate to use with the webhook. + certManagerCert: null + # certsDir is the directory to mount the certificates. + certsDir: "/tmp/k8s-webhook-server/serving-certs" + # certsSecret is the name of the secret containing the webhook certificates. + certsSecret: elastic-webhook-server-cert + # failurePolicy of the webhook. + failurePolicy: Ignore + # manageCerts determines whether the operator manages the webhook certificates automatically. + manageCerts: true + # name of the webhook + name: elastic-webhook.k8s.elastic.co + # name of the service used to expose the webhook. + serviceName: elastic-webhook-server + +softMultiTenancy: + # enabled determines whether the operator is installed with soft multi-tenancy extensions. + # This requires network policies to be enabled on the Kubernetes cluster. + enabled: false + +# kubeAPIServerIP is required when softMultiTenancy is enabled. +kubeAPIServerIP: null + +telemetry: + # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume. + disabled: false + # distibutionChannel denotes which distribution channel was used to install the operator. + distributionChannel: "helm" + +# config values for the operator. +config: + # logVerbosity defines the logging level. Valid values are as follows: + # -2: Errors only + # -1: Errors and warnings + # 0: Errors, warnings, and information + # number greater than 0: Errors, warnings, information, and debug details. + logVerbosity: "0" + + # metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting. + metricsPort: "0" + + # containerRegistry to use for pulling Elasticsearch and other application container images. + containerRegistry: docker.elastic.co + + # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller. + maxConcurrentReconciles: "3" + + # caValidity defines the validity period of the CA certificates generated by the operator. + caValidity: 8760h + + # caRotateBefore defines when to rotate a CA certificate that is due to expire. + caRotateBefore: 24h + + # certificatesValidity defines the validity period of certificates generated by the operator. + certificatesValidity: 8760h + + # certificatesRotateBefore defines when to rotate a certificate that is due to expire. + certificatesRotateBefore: 24h + + # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator. + setDefaultSecurityContext: true + + # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator. + kubeClientTimeout: 60s + + # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator. + elasticsearchClientTimeout: 180s + + # validateStorageClass specifies whether storage classes volume expansion support should be verified. + # Can be disabled if cluster-wide storage class RBAC access is not available. + validateStorageClass: true + +# Internal use only +internal: + manifestGen: false + +###########################################################################3 + +# Configure number of MinIO Operator Deployment Replicas +replicas: + - name: minio-operator + count: 1 + +# Configure repo and tag of MinIO Operator Image +images: + - name: minio/k8s-operator + newName: minio/k8s-operator + newTag: 2.0.6 + +# Configure the Cluster Domain and NameSpace to Watch +configMapGenerator: + - name: operator-env + literals: + - CLUSTER_DOMAIN="cluster.local" + - WATCHED_NAMESPACE="default" + +# Configure the Namespace and ServiceAccount name +patchesJson6902: + - target: + version: v1 + kind: ServiceAccount + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + - target: + version: v1 + kind: Namespace + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + +vars: + - name: CLUSTER_DOMAIN + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.CLUSTER_DOMAIN + - name: WATCHED_NAMESPACE + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.WATCHED_NAMESPACE + +resources: + - namespace.yaml + - service-account.yaml + - crd.yaml + - rbac.yaml + - deployment.yaml -- GitLab From fabbbde640aa4fa55739f3cae334031c239285f2 Mon Sep 17 00:00:00 2001 From: still Date: Tue, 19 Jan 2021 15:55:00 -0700 Subject: [PATCH 02/27] Updated namespace --- chart/templates/deployment.yaml | 2 +- chart/templates/rbac.yaml | 2 +- chart/templates/service-account.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 48fe5c7..61f2f3e 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: minio-operator - namespace: default + namespace: minio-operator spec: replicas: 1 selector: diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml index 2de8bd2..a0d1eda 100644 --- a/chart/templates/rbac.yaml +++ b/chart/templates/rbac.yaml @@ -77,4 +77,4 @@ roleRef: subjects: - kind: ServiceAccount name: minio-operator - namespace: default + namespace: minio-operator diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml index 04b7c1f..535f7af 100644 --- a/chart/templates/service-account.yaml +++ b/chart/templates/service-account.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: minio-operator - namespace: default + namespace: minio-operator -- GitLab From 6bce5f43b470b6cf6009d61bb1601013fa6ab2de Mon Sep 17 00:00:00 2001 From: still Date: Thu, 21 Jan 2021 12:27:54 -0700 Subject: [PATCH 03/27] update, remove namespace --- chart/templates/namespace.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/chart/templates/namespace.yaml b/chart/templates/namespace.yaml index 1002072..48f06d8 100644 --- a/chart/templates/namespace.yaml +++ b/chart/templates/namespace.yaml @@ -1,4 +1,4 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: minio-operator +#apiVersion: v1 +#kind: Namespace +#metadata: +# name: minio-operator -- GitLab From 54bec6819b114d4528be71bb91a7184ac624f4ab Mon Sep 17 00:00:00 2001 From: still Date: Thu, 21 Jan 2021 13:02:46 -0700 Subject: [PATCH 04/27] paramterize namespace --- chart/templates/deployment.yaml | 2 +- chart/templates/rbac.yaml | 2 +- chart/templates/service-account.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 61f2f3e..1a107b5 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -2,7 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: minio-operator - namespace: minio-operator + namespace: {{ .Release.Namespace }} spec: replicas: 1 selector: diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml index a0d1eda..19d6cf2 100644 --- a/chart/templates/rbac.yaml +++ b/chart/templates/rbac.yaml @@ -77,4 +77,4 @@ roleRef: subjects: - kind: ServiceAccount name: minio-operator - namespace: minio-operator + namespace: {{ .Release.Namespace }} diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml index 535f7af..0369e36 100644 --- a/chart/templates/service-account.yaml +++ b/chart/templates/service-account.yaml @@ -2,4 +2,4 @@ apiVersion: v1 kind: ServiceAccount metadata: name: minio-operator - namespace: minio-operator + namespace: {{ .Release.Namespace }} -- GitLab From 10124010364056baefbc3bcf2a3669b691cdfecb Mon Sep 17 00:00:00 2001 From: still Date: Thu, 21 Jan 2021 13:52:53 -0700 Subject: [PATCH 05/27] Update to use helm values --- chart/templates/deployment.yaml | 10 +- chart/values.yaml | 188 ++------------------------------ 2 files changed, 16 insertions(+), 182 deletions(-) diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml index 1a107b5..449d9a2 100644 --- a/chart/templates/deployment.yaml +++ b/chart/templates/deployment.yaml @@ -4,7 +4,7 @@ metadata: name: minio-operator namespace: {{ .Release.Namespace }} spec: - replicas: 1 + replicas: {{ .Values.replicas.count }} selector: matchLabels: name: minio-operator @@ -16,10 +16,10 @@ spec: serviceAccountName: minio-operator containers: - name: minio-operator - image: minio/k8s-operator:2.0.6 - imagePullPolicy: IfNotPresent + image: {{ .Values.image.name }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.imagePullPolicy }} env: - name: CLUSTER_DOMAIN - value: $(CLUSTER_DOMAIN) + value: {{ .Values.clusterDomain }} - name: WATCHED_NAMESPACE - value: $(WATCHED_NAMESPACE) + value: {{ .Values.watchedNamespace }} diff --git a/chart/values.yaml b/chart/values.yaml index e690b5b..05ec01f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -1,177 +1,18 @@ -# nameOverride is the short name for the deployment. Leave empty to let Helm generate a name using chart values. -nameOverride: "elastic-operator" - -# fullnameOverride is the full name for the deployment. Leave empty to let Helm generate a name using chart values. -fullnameOverride: "elastic-operator" - -# managedNamespaces is the set of namespaces that the operator manages. Leave empty to manage all namespaces. -managedNamespaces: [] - -# installCRDs determines whether Custom Resource Definitions (CRD) are installed by the chart. -# Note that CRDs are global resources and require cluster admin privileges to install. -# If you are sharing a cluster with other users who may want to install ECK on their own namespaces, setting this to true can have unintended consequences. -# 1. Upgrades will overwrite the global CRDs and could disrupt the other users of ECK who may be running a different version. -# 2. Uninstalling the chart will delete the CRDs and potentially cause Elastic resources deployed by other users to be removed as well. -installCRDs: true - -# replicaCount is the number of operator pods to run. -replicaCount: 1 - -image: - # repository is the container image prefixed by the registry name. - repository: docker.elastic.co/eck/eck-operator - # pullPolicy is the container image pull policy. - pullPolicy: IfNotPresent - # tag is the container image tag. If not defined, defaults to chart appVersion. - tag: null - -# imagePullSecrets defines the secrets to use when pulling the operator container image. -imagePullSecrets: [] - -# resources define the container resource limits for the operator. -resources: - limits: - cpu: 1 - memory: 512Mi - requests: - cpu: 100m - memory: 150Mi - -# podAnnotations define the annotations that should be added to the operator pod. -podAnnotations: {} - -# podSecurityContext defines the pod security context for the operator pod. -podSecurityContext: - runAsNonRoot: true - -# securityContext defines the security context of the operator container. -securityContext: {} - -# nodeSelector defines the node selector for the operator pod. -nodeSelector: {} - -# tolerations defines the node tolerations for the operator pod. -tolerations: [] - -# affinity defines the node affinity rules for the operator pod. -affinity: {} - -# createClusterScopedResources determines whether cluster-scoped resources (ClusterRoles, ClusterRoleBindings) should be created. -createClusterScopedResources: true - -serviceAccount: - # create specifies whether a service account should be created for the operator. - create: true - # annotations to add to the service account - annotations: {} - # name of the service account to use. If not set and create is true, a name is generated using the fullname template. - name: "" - -tracing: - # enabled specifies whether APM tracing is enabled for the operator. - enabled: false - # config is a map of APM Server configuration variables that should be set in the environment. - config: - ELASTIC_APM_SERVER_URL: http://localhost:8200 - ELASTIC_APM_SERVER_TIMEOUT: 30s - -refs: - # enforceRBAC specifies whether RBAC should be enforced for cross-namespace associations between resources. - enforceRBAC: false - -webhook: - # enabled determines whether the webhook is installed. - enabled: true - # caBundle is the PEM-encoded CA trust bundle for the webhook certificate. Only required if manageCerts is false and certManagerCert is null. - caBundle: Cg== - # certManagerCert is the name of the cert-manager certificate to use with the webhook. - certManagerCert: null - # certsDir is the directory to mount the certificates. - certsDir: "/tmp/k8s-webhook-server/serving-certs" - # certsSecret is the name of the secret containing the webhook certificates. - certsSecret: elastic-webhook-server-cert - # failurePolicy of the webhook. - failurePolicy: Ignore - # manageCerts determines whether the operator manages the webhook certificates automatically. - manageCerts: true - # name of the webhook - name: elastic-webhook.k8s.elastic.co - # name of the service used to expose the webhook. - serviceName: elastic-webhook-server - -softMultiTenancy: - # enabled determines whether the operator is installed with soft multi-tenancy extensions. - # This requires network policies to be enabled on the Kubernetes cluster. - enabled: false - -# kubeAPIServerIP is required when softMultiTenancy is enabled. -kubeAPIServerIP: null - -telemetry: - # disabled determines whether the operator periodically updates ECK telemetry data for Kibana to consume. - disabled: false - # distibutionChannel denotes which distribution channel was used to install the operator. - distributionChannel: "helm" - -# config values for the operator. -config: - # logVerbosity defines the logging level. Valid values are as follows: - # -2: Errors only - # -1: Errors and warnings - # 0: Errors, warnings, and information - # number greater than 0: Errors, warnings, information, and debug details. - logVerbosity: "0" - - # metricsPort defines the port to expose operator metrics. Set to 0 to disable metrics reporting. - metricsPort: "0" - - # containerRegistry to use for pulling Elasticsearch and other application container images. - containerRegistry: docker.elastic.co - - # maxConcurrentReconciles is the number of concurrent reconciliation operations to perform per controller. - maxConcurrentReconciles: "3" - - # caValidity defines the validity period of the CA certificates generated by the operator. - caValidity: 8760h - - # caRotateBefore defines when to rotate a CA certificate that is due to expire. - caRotateBefore: 24h - - # certificatesValidity defines the validity period of certificates generated by the operator. - certificatesValidity: 8760h - - # certificatesRotateBefore defines when to rotate a certificate that is due to expire. - certificatesRotateBefore: 24h - - # setDefaultSecurityContext determines whether a default security context is set on application containers created by the operator. - setDefaultSecurityContext: true - - # kubeClientTimeout sets the request timeout for Kubernetes API calls made by the operator. - kubeClientTimeout: 60s - - # elasticsearchClientTimeout sets the request timeout for Elasticsearch API calls made by the operator. - elasticsearchClientTimeout: 180s - - # validateStorageClass specifies whether storage classes volume expansion support should be verified. - # Can be disabled if cluster-wide storage class RBAC access is not available. - validateStorageClass: true - -# Internal use only -internal: - manifestGen: false - -###########################################################################3 - # Configure number of MinIO Operator Deployment Replicas replicas: - - name: minio-operator - count: 1 + count: 1 # Configure repo and tag of MinIO Operator Image -images: - - name: minio/k8s-operator - newName: minio/k8s-operator - newTag: 2.0.6 +image: + name: registry.dsop.io/platform-one/apps/minio/operator-ib + tag: 2.0.9-ib + imagePullPolicy: IfNotPresent + +## set kubernetes cluster domain where minio is running +## +clusterDomain: cluster.local +watchedNamespace: default + # Configure the Cluster Domain and NameSpace to Watch configMapGenerator: @@ -214,10 +55,3 @@ vars: apiVersion: v1 fieldref: fieldpath: data.WATCHED_NAMESPACE - -resources: - - namespace.yaml - - service-account.yaml - - crd.yaml - - rbac.yaml - - deployment.yaml -- GitLab From 146a611b7598bde93c1c8ecaa781bb5bd5be0b1a Mon Sep 17 00:00:00 2001 From: still Date: Thu, 21 Jan 2021 13:57:25 -0700 Subject: [PATCH 06/27] Update to use helm values --- chart/values.yaml | 43 ------------------------------------------- 1 file changed, 43 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 05ec01f..3f3cbe1 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -12,46 +12,3 @@ image: ## clusterDomain: cluster.local watchedNamespace: default - - -# Configure the Cluster Domain and NameSpace to Watch -configMapGenerator: - - name: operator-env - literals: - - CLUSTER_DOMAIN="cluster.local" - - WATCHED_NAMESPACE="default" - -# Configure the Namespace and ServiceAccount name -patchesJson6902: - - target: - version: v1 - kind: ServiceAccount - name: minio-operator - patch: |- - - op: replace - path: /metadata/name - value: "minio-operator" - - target: - version: v1 - kind: Namespace - name: minio-operator - patch: |- - - op: replace - path: /metadata/name - value: "minio-operator" - -vars: - - name: CLUSTER_DOMAIN - objref: - kind: ConfigMap - name: operator-env - apiVersion: v1 - fieldref: - fieldpath: data.CLUSTER_DOMAIN - - name: WATCHED_NAMESPACE - objref: - kind: ConfigMap - name: operator-env - apiVersion: v1 - fieldref: - fieldpath: data.WATCHED_NAMESPACE -- GitLab From 9b7d6dd58881843afc071862eb1ca55f256d0deb Mon Sep 17 00:00:00 2001 From: still Date: Fri, 22 Jan 2021 10:20:06 -0700 Subject: [PATCH 07/27] convert to instance deployment using operator --- chart/templates/crd.yaml | 91 ------------------- chart/templates/deployment.yaml | 25 ------ chart/templates/minioinstance.yaml | 125 +++++++++++++++++++++++++++ chart/templates/namespace.yaml | 4 - chart/templates/rbac.yaml | 80 ----------------- chart/templates/service-account.yaml | 5 -- chart/values.yaml | 63 +++++++++++++- 7 files changed, 186 insertions(+), 207 deletions(-) delete mode 100644 chart/templates/crd.yaml delete mode 100644 chart/templates/deployment.yaml create mode 100644 chart/templates/minioinstance.yaml delete mode 100644 chart/templates/namespace.yaml delete mode 100644 chart/templates/rbac.yaml delete mode 100644 chart/templates/service-account.yaml diff --git a/chart/templates/crd.yaml b/chart/templates/crd.yaml deleted file mode 100644 index c5254f0..0000000 --- a/chart/templates/crd.yaml +++ /dev/null @@ -1,91 +0,0 @@ -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - name: minioinstances.operator.min.io -spec: - group: operator.min.io - scope: Namespaced - names: - kind: MinIOInstance - singular: minioinstance - plural: minioinstances - versions: - - name: v1 - served: true - storage: true - schema: - # openAPIV3Schema is the schema for validating custom objects. - # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema - # for more details - openAPIV3Schema: - type: object - properties: - spec: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - replicas: - type: integer - minimum: 1 - maximum: 32 - image: - type: string - serviceName: - type: string - volumesPerServer: - type: integer - mountPath: - type: string - podManagementPolicy: - type: string - enum: [Parallel,OrderedReady] - default: Parallel - requestAutoCert: - type: boolean - default: false - version: - type: string - mountpath: - type: string - subpath: - type: string - mcs: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - image: - type: string - replicas: - type: integer - default: 2 - mcsSecret: - type: object - properties: - name: - type: string - kes: - type: object - x-kubernetes-preserve-unknown-fields: true - properties: - image: - type: string - replicas: - type: integer - default: 2 - kesSecret: - type: object - properties: - name: - type: string - status: - type: object - properties: - currentState: - type: string - subresources: - # status enables the status subresource. - status: {} - additionalPrinterColumns: - - name: Current State - type: string - jsonPath: ".status.currentState" diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml deleted file mode 100644 index 449d9a2..0000000 --- a/chart/templates/deployment.yaml +++ /dev/null @@ -1,25 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: minio-operator - namespace: {{ .Release.Namespace }} -spec: - replicas: {{ .Values.replicas.count }} - selector: - matchLabels: - name: minio-operator - template: - metadata: - labels: - name: minio-operator - spec: - serviceAccountName: minio-operator - containers: - - name: minio-operator - image: {{ .Values.image.name }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.imagePullPolicy }} - env: - - name: CLUSTER_DOMAIN - value: {{ .Values.clusterDomain }} - - name: WATCHED_NAMESPACE - value: {{ .Values.watchedNamespace }} diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml new file mode 100644 index 0000000..a2f203e --- /dev/null +++ b/chart/templates/minioinstance.yaml @@ -0,0 +1,125 @@ +apiVersion: v1 +kind: Secret +metadata: + name: minio-creds-secret +type: Opaque +data: + accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) + secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) +--- +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + # Optional field + # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767) + # nodePort: 30007 + selector: + app: minio +--- +apiVersion: operator.min.io/v1 +kind: MinIOInstance +metadata: + name: minio +## If specified, MinIOInstance pods will be dispatched by specified scheduler. +## If not specified, the pod will be dispatched by default scheduler. +# scheduler: +# name: my-custom-scheduler +spec: + ## Add metadata to the all pods created by the StatefulSet + metadata: + ## Optionally pass labels to be applied to the statefulset pods + labels: + app: minio + annotations: + prometheus.io/path: /minio/prometheus/metrics + prometheus.io/port: "9000" + prometheus.io/scrape: "true" + ## Registry location and Tag to download MinIO Server image + image: {{ .Values.image.name }}:{{ .Values.image.tag }} + ## A ClusterIP Service will be created with the given name + serviceName: minio-internal-service + zones: + - name: "zone-0" + ## Number of MinIO servers/pods in this zone. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + servers: {{ .Values.zones.servers }} + ## Supply number of volumes to be mounted per MinIO server instance. + ## 2 is minimum volumes with 3 servers + volumesPerServer: {{ .Values.volumesPerServer }} + ## Mount path where PV will be mounted inside container(s). Defaults to "/export". + mountPath: /export + ## Sub path inside Mount path where MinIO starts. Defaults to "". + # subPath: /data + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO cluster. + ## Please do not change the volumeClaimTemplate field while expanding the cluster, this may + ## lead to unbound PVCs and missing data + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - {{ .Values.volumeClaimTemplate.accessModes}} + resources: + requests: + storage: {{ .Values.volumeClaimTemplate.storage}} + ## Secret with credentials to be used by MinIO instance. + credsSecret: + name: minio-creds-secret + ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. Defaults to "Parallel" + podManagementPolicy: Parallel + ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained + ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + # externalCertSecret: + # name: tls-ssl-minio + ## Enable Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + requestAutoCert: false + ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. + ## Internal DNS name for the pod will be used if CommonName is not provided. + ## DNS name format is minio-{0...3}.minio.default.svc.cluster.local + certConfig: + commonName: "" + organizationName: [] + dnsNames: [] + ## Used to specify a toleration for a pod + # tolerations: + # - effect: NoSchedule + # key: dedicated + # operator: Equal + # value: storage + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + # env: + # - name: MINIO_BROWSER + # value: "off" # to turn-off browser + # - name: MINIO_STORAGE_CLASS_STANDARD + # value: "EC:2" + ## Configure resource requests and limits for MinIO containers + # resources: + # requests: + # memory: 20Gi + ## Liveness probe detects situations where MinIO server instance + ## is not working properly and needs restart. Kubernetes automatically + ## restarts the pods if liveness checks fail. + liveness: + initialDelaySeconds: 10 + periodSeconds: 1 + timeoutSeconds: 1 + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + # nodeSelector: + # disktype: ssd + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + # affinity: diff --git a/chart/templates/namespace.yaml b/chart/templates/namespace.yaml deleted file mode 100644 index 48f06d8..0000000 --- a/chart/templates/namespace.yaml +++ /dev/null @@ -1,4 +0,0 @@ -#apiVersion: v1 -#kind: Namespace -#metadata: -# name: minio-operator diff --git a/chart/templates/rbac.yaml b/chart/templates/rbac.yaml deleted file mode 100644 index 19d6cf2..0000000 --- a/chart/templates/rbac.yaml +++ /dev/null @@ -1,80 +0,0 @@ -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - name: minio-operator-role -rules: -- apiGroups: - - "" - resources: - - namespaces - - secrets - - pods - - services - - events - verbs: - - get - - watch - - create - - list - - delete -- apiGroups: - - apps - resources: - - statefulsets - - deployments - verbs: - - get - - create - - list - - patch - - watch - - update - - delete -- apiGroups: - - batch - resources: - - jobs - verbs: - - get - - create - - list - - patch - - watch - - update - - delete -- apiGroups: - - "certificates.k8s.io" - resources: - - "certificatesigningrequests" - - "certificatesigningrequests/approval" - - "certificatesigningrequests/status" - verbs: - - update - - create - - get - - delete -- apiGroups: - - operator.min.io - resources: - - "*" - verbs: - - "*" -- apiGroups: - - min.io - resources: - - "*" - verbs: - - "*" ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: minio-operator-binding -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: minio-operator-role -subjects: -- kind: ServiceAccount - name: minio-operator - namespace: {{ .Release.Namespace }} diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml deleted file mode 100644 index 0369e36..0000000 --- a/chart/templates/service-account.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: minio-operator - namespace: {{ .Release.Namespace }} diff --git a/chart/values.yaml b/chart/values.yaml index 3f3cbe1..d6d857b 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -4,11 +4,70 @@ replicas: # Configure repo and tag of MinIO Operator Image image: - name: registry.dsop.io/platform-one/apps/minio/operator-ib - tag: 2.0.9-ib + name: registry.dsop.io/platform-one/apps/minio/instance-ib + tag: RELEASE.2020-07-02T00-15-09Z-ib imagePullPolicy: IfNotPresent +zones: + # refer to documentation for number of servers versus volumes per server + # https://docs.min.io/docs/minio-server-limits-per-tenant.html + servers: 3 # scale to 3 for dev + +volumesPerServer: 2 # 2 is minimum volumes with 3 servers + +volumeClaimTemplate: + accessModes: ReadWriteOnce + storage: 1Gi # scale down for dev + ## set kubernetes cluster domain where minio is running ## clusterDomain: cluster.local watchedNamespace: default + + +###### New values below ##### +# +# +#apiVersion: operator.min.io/v1 +#kind: MinIOInstance +#metadata: +# name: minio +#spec: +# # use IronBank hardened image +# image: +# # could not get imagePullSecret to work +# # https://github.com/minio/operator/blob/2.0.9/docs/operator-fields.md +# # image: registry1.dsop.io/ironbank/opensource/minio/minio:RELEASE.2020-07-02T00-15-09Z +# # imagePullSecret: registry1-read-creds +# zones: +# - name: "zone-0" +# # refer to documentation for number of servers versus volumes per server +# # https://docs.min.io/docs/minio-server-limits-per-tenant.html +# servers: 3 # scale to 3 for dev +# volumesPerServer: 2 # 2 is minimum volumes with 3 servers +# volumeClaimTemplate: +# spec: +# accessModes: +# - ReadWriteOnce +# resources: +# requests: +# storage: 1Gi # scale down for dev +# +# +#apiVersion: v1 +#kind: Namespace +#metadata: +# name: minio +# labels: +# istio-injection: enabled +# +#apiVersion: operator.min.io/v1 +#kind: MinIOInstance +#metadata: +# name: minio +#spec: +# env: +# - name: MINIO_BROWSER +# value: "on" +# - name: MINIO_PROMETHEUS_AUTH_TYPE +# value: "public" -- GitLab From 5f982a461bde5492ce0fd661e2c015db6e26c590 Mon Sep 17 00:00:00 2001 From: still Date: Mon, 25 Jan 2021 14:45:49 -0700 Subject: [PATCH 08/27] split files --- chart/templates/minioinstance.yaml | 16 ---------------- chart/templates/service.yaml | 15 +++++++++++++++ chart/values.yaml | 4 ++-- 3 files changed, 17 insertions(+), 18 deletions(-) create mode 100644 chart/templates/service.yaml diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml index a2f203e..ddbc45f 100644 --- a/chart/templates/minioinstance.yaml +++ b/chart/templates/minioinstance.yaml @@ -7,22 +7,6 @@ data: accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) --- -apiVersion: v1 -kind: Service -metadata: - name: minio-service -spec: - type: ClusterIP - ports: - - port: 9000 - targetPort: 9000 - protocol: TCP - # Optional field - # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767) - # nodePort: 30007 - selector: - app: minio ---- apiVersion: operator.min.io/v1 kind: MinIOInstance metadata: diff --git a/chart/templates/service.yaml b/chart/templates/service.yaml new file mode 100644 index 0000000..e2cd82e --- /dev/null +++ b/chart/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + type: ClusterIP + ports: + - port: 9000 + targetPort: 9000 + protocol: TCP + # Optional field + # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767) + # nodePort: 30007 + selector: + app: minio diff --git a/chart/values.yaml b/chart/values.yaml index d6d857b..900c6c3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -21,8 +21,8 @@ volumeClaimTemplate: ## set kubernetes cluster domain where minio is running ## -clusterDomain: cluster.local -watchedNamespace: default +#clusterDomain: cluster.local +#watchedNamespace: ###### New values below ##### -- GitLab From 1fa24a96a87ba205aedef0361ff0513adfe549cc Mon Sep 17 00:00:00 2001 From: still Date: Fri, 29 Jan 2021 13:44:05 -0700 Subject: [PATCH 09/27] Update files to use helm chart deployment --- chart/Chart.yaml | 4 +-- chart/templates/minioinstance.yaml | 9 ------ chart/values.yaml | 52 ------------------------------ docs/README.md | 3 ++ 4 files changed, 5 insertions(+), 63 deletions(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 151a883..3c16c54 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -9,7 +9,7 @@ description: |- type: application -version: 1.0.1 +version: 1.0.0 appVersion: 2.0.9 @@ -17,7 +17,7 @@ kubeVersion: ">=1.12.0-0" keywords: - Minio - - Operator + - Instance maintainers: - name: me diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml index ddbc45f..079be18 100644 --- a/chart/templates/minioinstance.yaml +++ b/chart/templates/minioinstance.yaml @@ -1,12 +1,3 @@ -apiVersion: v1 -kind: Secret -metadata: - name: minio-creds-secret -type: Opaque -data: - accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) - secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) ---- apiVersion: operator.min.io/v1 kind: MinIOInstance metadata: diff --git a/chart/values.yaml b/chart/values.yaml index 900c6c3..6d3a0e3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -19,55 +19,3 @@ volumeClaimTemplate: accessModes: ReadWriteOnce storage: 1Gi # scale down for dev -## set kubernetes cluster domain where minio is running -## -#clusterDomain: cluster.local -#watchedNamespace: - - -###### New values below ##### -# -# -#apiVersion: operator.min.io/v1 -#kind: MinIOInstance -#metadata: -# name: minio -#spec: -# # use IronBank hardened image -# image: -# # could not get imagePullSecret to work -# # https://github.com/minio/operator/blob/2.0.9/docs/operator-fields.md -# # image: registry1.dsop.io/ironbank/opensource/minio/minio:RELEASE.2020-07-02T00-15-09Z -# # imagePullSecret: registry1-read-creds -# zones: -# - name: "zone-0" -# # refer to documentation for number of servers versus volumes per server -# # https://docs.min.io/docs/minio-server-limits-per-tenant.html -# servers: 3 # scale to 3 for dev -# volumesPerServer: 2 # 2 is minimum volumes with 3 servers -# volumeClaimTemplate: -# spec: -# accessModes: -# - ReadWriteOnce -# resources: -# requests: -# storage: 1Gi # scale down for dev -# -# -#apiVersion: v1 -#kind: Namespace -#metadata: -# name: minio -# labels: -# istio-injection: enabled -# -#apiVersion: operator.min.io/v1 -#kind: MinIOInstance -#metadata: -# name: minio -#spec: -# env: -# - name: MINIO_BROWSER -# value: "on" -# - name: MINIO_PROMETHEUS_AUTH_TYPE -# value: "public" diff --git a/docs/README.md b/docs/README.md index 3116a21..44c854f 100644 --- a/docs/README.md +++ b/docs/README.md @@ -1,3 +1,6 @@ + + + # Minio Operator Project [here](https://github.com/minio/minio-operator). -- GitLab From 93582b4b3812a010fbf25697df3e3f6abf3a7b60 Mon Sep 17 00:00:00 2001 From: still Date: Fri, 29 Jan 2021 13:46:43 -0700 Subject: [PATCH 10/27] adding pipeline --- .gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 .gitlab-ci.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..6e9f482 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,4 @@ +include: + - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' + ref: master + file: '/templates/package-tests.yml' -- GitLab From a2436c4b77b046dc1f8ded767c4d88dd3523e3c7 Mon Sep 17 00:00:00 2001 From: still Date: Fri, 29 Jan 2021 14:45:25 -0700 Subject: [PATCH 11/27] Adding operator dependency --- .gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6e9f482..3c178e9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,3 +2,7 @@ include: - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' ref: master file: '/templates/package-tests.yml' +dependencyname: + git: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git" + branch: "bb-1233" + namespace: "minio-operator" -- GitLab From d76b688ec3ff6e07f03eb307a3ecf8f3f5c00e6a Mon Sep 17 00:00:00 2001 From: still Date: Fri, 29 Jan 2021 14:54:02 -0700 Subject: [PATCH 12/27] adding dependencies --- .gitlab-ci.yml | 4 ---- tests/dependencies.yaml | 4 ++++ 2 files changed, 4 insertions(+), 4 deletions(-) create mode 100644 tests/dependencies.yaml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3c178e9..6e9f482 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,7 +2,3 @@ include: - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' ref: master file: '/templates/package-tests.yml' -dependencyname: - git: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git" - branch: "bb-1233" - namespace: "minio-operator" diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml new file mode 100644 index 0000000..b2707b7 --- /dev/null +++ b/tests/dependencies.yaml @@ -0,0 +1,4 @@ +dependencyname: + git: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git" + branch: "bb-1233" + namespace: "minio-operator" -- GitLab From 26d4145bde5a118843a963a05b880ef64f0931fc Mon Sep 17 00:00:00 2001 From: still Date: Fri, 29 Jan 2021 15:40:09 -0700 Subject: [PATCH 13/27] adding test values --- tests/test-values.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) create mode 100644 tests/test-values.yaml diff --git a/tests/test-values.yaml b/tests/test-values.yaml new file mode 100644 index 0000000..e58051f --- /dev/null +++ b/tests/test-values.yaml @@ -0,0 +1,22 @@ +# Configure number of MinIO Operator Deployment Replicas +replicas: + count: 1 + +# Configure repo and tag of MinIO Operator Image +image: + name: registry.dsop.io/platform-one/apps/minio/instance-ib + tag: RELEASE.2020-07-02T00-15-09Z-ib + imagePullPolicy: IfNotPresent + +zones: + # refer to documentation for number of servers versus volumes per server + # https://docs.min.io/docs/minio-server-limits-per-tenant.html + servers: 3 # scale to 3 for dev + +volumesPerServer: 2 # 2 is minimum volumes with 3 servers + +volumeClaimTemplate: + accessModes: ReadWriteOnce + storage: 1Gi # scale down for dev + +git st \ No newline at end of file -- GitLab From ebd9fe24043086d81c3cfe471e3ec66ac3e51db2 Mon Sep 17 00:00:00 2001 From: still Date: Fri, 29 Jan 2021 16:28:01 -0700 Subject: [PATCH 14/27] Update test values --- README.md | 2 +- tests/test-values.yaml | 22 ---------------------- 2 files changed, 1 insertion(+), 23 deletions(-) delete mode 100644 tests/test-values.yaml diff --git a/README.md b/README.md index 9b8b2ac..5299eee 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,4 @@ -# Minio Operator +# Minio Instances Project [here](https://github.com/minio/minio-operator). diff --git a/tests/test-values.yaml b/tests/test-values.yaml deleted file mode 100644 index e58051f..0000000 --- a/tests/test-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -# Configure number of MinIO Operator Deployment Replicas -replicas: - count: 1 - -# Configure repo and tag of MinIO Operator Image -image: - name: registry.dsop.io/platform-one/apps/minio/instance-ib - tag: RELEASE.2020-07-02T00-15-09Z-ib - imagePullPolicy: IfNotPresent - -zones: - # refer to documentation for number of servers versus volumes per server - # https://docs.min.io/docs/minio-server-limits-per-tenant.html - servers: 3 # scale to 3 for dev - -volumesPerServer: 2 # 2 is minimum volumes with 3 servers - -volumeClaimTemplate: - accessModes: ReadWriteOnce - storage: 1Gi # scale down for dev - -git st \ No newline at end of file -- GitLab From 66accd938e3d15d0ca366319b74c900aaa804137 Mon Sep 17 00:00:00 2001 From: still Date: Mon, 1 Feb 2021 14:35:46 -0700 Subject: [PATCH 15/27] update code owners --- CODEOWNERS.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CODEOWNERS.txt b/CODEOWNERS.txt index 3d0f655..727de5d 100644 --- a/CODEOWNERS.txt +++ b/CODEOWNERS.txt @@ -1 +1 @@ -* @big-bang +* @big-bang @LynnStill -- GitLab From 70a05335f23803d121c62552fb90544dfb4b617e Mon Sep 17 00:00:00 2001 From: still Date: Tue, 2 Feb 2021 15:41:15 -0700 Subject: [PATCH 16/27] update images --- chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 6d3a0e3..90cf2a4 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -4,8 +4,8 @@ replicas: # Configure repo and tag of MinIO Operator Image image: - name: registry.dsop.io/platform-one/apps/minio/instance-ib - tag: RELEASE.2020-07-02T00-15-09Z-ib + name: registry1.dso.mil/ironbank/opensource/minio/minio + tag: RELEASE.2020-07-02T00-15-09Z imagePullPolicy: IfNotPresent zones: -- GitLab From 27f9f288b3a8f079373791632ce3dcefcbc21142 Mon Sep 17 00:00:00 2001 From: still Date: Tue, 2 Feb 2021 16:05:54 -0700 Subject: [PATCH 17/27] add test values --- tests/test-values.yml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 tests/test-values.yml diff --git a/tests/test-values.yml b/tests/test-values.yml new file mode 100644 index 0000000..c5ff133 --- /dev/null +++ b/tests/test-values.yml @@ -0,0 +1,20 @@ +# Configure number of MinIO Operator Deployment Replicas +replicas: + count: 1 + +# Configure repo and tag of MinIO Operator Image +image: + name: registry1.dso.mil/ironbank/opensource/minio/minio + tag: RELEASE.2020-07-02T00-15-09Z + imagePullPolicy: IfNotPresent + +zones: + # refer to documentation for number of servers versus volumes per server + # https://docs.min.io/docs/minio-server-limits-per-tenant.html + servers: 3 # scale to 3 for dev + +volumesPerServer: 2 # 2 is minimum volumes with 3 servers + +volumeClaimTemplate: + accessModes: ReadWriteOnce + storage: 1Gi # scale down for dev -- GitLab From f5f08aeb2c7f094855297e288a2adbed9d9bcf25 Mon Sep 17 00:00:00 2001 From: still Date: Wed, 3 Feb 2021 13:55:55 -0700 Subject: [PATCH 18/27] update with secret --- chart/templates/default-secret.yaml | 9 +++++++++ chart/templates/minioinstance.yaml | 2 +- chart/values.yaml | 1 + tests/test-values.yml | 2 ++ 4 files changed, 13 insertions(+), 1 deletion(-) create mode 100644 chart/templates/default-secret.yaml diff --git a/chart/templates/default-secret.yaml b/chart/templates/default-secret.yaml new file mode 100644 index 0000000..4534d12 --- /dev/null +++ b/chart/templates/default-secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: default-minio-creds-secret +type: Opaque +data: + accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) + secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) +--- diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml index 079be18..6bc6440 100644 --- a/chart/templates/minioinstance.yaml +++ b/chart/templates/minioinstance.yaml @@ -47,7 +47,7 @@ spec: storage: {{ .Values.volumeClaimTemplate.storage}} ## Secret with credentials to be used by MinIO instance. credsSecret: - name: minio-creds-secret + name: {{ .Values.minioUICreds }} ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy ## for details. Defaults to "Parallel" diff --git a/chart/values.yaml b/chart/values.yaml index 90cf2a4..3220222 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -19,3 +19,4 @@ volumeClaimTemplate: accessModes: ReadWriteOnce storage: 1Gi # scale down for dev +minioUICreds: default-minio-creds-secret diff --git a/tests/test-values.yml b/tests/test-values.yml index c5ff133..50eec8c 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -18,3 +18,5 @@ volumesPerServer: 2 # 2 is minimum volumes with 3 servers volumeClaimTemplate: accessModes: ReadWriteOnce storage: 1Gi # scale down for dev + +minioUICreds: default-minio-creds-secret \ No newline at end of file -- GitLab From 0c3f4665b6fb0743f2db505ae263ef3f159b2ff9 Mon Sep 17 00:00:00 2001 From: still Date: Wed, 3 Feb 2021 16:31:40 -0700 Subject: [PATCH 19/27] Update version --- chart/Chart.yaml | 4 ++-- tests/dependencies.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 3c16c54..1faeae4 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -name: minio-operator +name: minio-instance description: |- - A Helm chart for deploying the Minio operator: the official Kubernetes operator for deploying MINIO cluster. + A Helm chart for deploying the Minio instances based on use of the Minio operator #home: https://github.com/elastic/cloud-on-k8s diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml index b2707b7..2f46730 100644 --- a/tests/dependencies.yaml +++ b/tests/dependencies.yaml @@ -1,4 +1,4 @@ dependencyname: git: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git" - branch: "bb-1233" + tag: "2.0.9-bb.1" namespace: "minio-operator" -- GitLab From 9cb524d3e7b10795ed8c3154702612873ccbbb9f Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 10:36:17 -0700 Subject: [PATCH 20/27] debugging pipeline --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6e9f482..8a2b2ef 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ include: - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' - ref: master + ref: still-dbg1 file: '/templates/package-tests.yml' -- GitLab From 0459faf7b56880eac6ab033b36399adc0af07cd0 Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 11:39:13 -0700 Subject: [PATCH 21/27] adding image pull --- chart/templates/minioinstance.yaml | 5 +++++ chart/values.yaml | 2 ++ tests/test-values.yml | 6 +++++- 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml index 6bc6440..38bd7a3 100644 --- a/chart/templates/minioinstance.yaml +++ b/chart/templates/minioinstance.yaml @@ -18,6 +18,11 @@ spec: prometheus.io/scrape: "true" ## Registry location and Tag to download MinIO Server image image: {{ .Values.image.name }}:{{ .Values.image.tag }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 4}} + {{- end }} + ## A ClusterIP Service will be created with the given name serviceName: minio-internal-service zones: diff --git a/chart/values.yaml b/chart/values.yaml index 3220222..693b34f 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -20,3 +20,5 @@ volumeClaimTemplate: storage: 1Gi # scale down for dev minioUICreds: default-minio-creds-secret + +imagePullSecrets: [ ] \ No newline at end of file diff --git a/tests/test-values.yml b/tests/test-values.yml index 50eec8c..28516b0 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -19,4 +19,8 @@ volumeClaimTemplate: accessModes: ReadWriteOnce storage: 1Gi # scale down for dev -minioUICreds: default-minio-creds-secret \ No newline at end of file +minioUICreds: default-minio-creds-secret + +imagePullSecrets: + - name: private-registry-mil + -- GitLab From e23e018601f7b7c6efc9aa217a43d97dc28a7416 Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 14:14:54 -0700 Subject: [PATCH 22/27] add service account --- chart/templates/default-secret.yaml | 1 + chart/templates/service-account.yaml | 7 +++++++ 2 files changed, 8 insertions(+) create mode 100644 chart/templates/service-account.yaml diff --git a/chart/templates/default-secret.yaml b/chart/templates/default-secret.yaml index 4534d12..c79e87d 100644 --- a/chart/templates/default-secret.yaml +++ b/chart/templates/default-secret.yaml @@ -2,6 +2,7 @@ apiVersion: v1 kind: Secret metadata: name: default-minio-creds-secret + namespace: {{ .Release.Namespace }} type: Opaque data: accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml new file mode 100644 index 0000000..9bff713 --- /dev/null +++ b/chart/templates/service-account.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: minioServiceAccount + namespace: {{ .Release.Namespace }} +imagePullSecrets: + {{ toYaml .Values.imagePullSecrets | indent 2 }} -- GitLab From ac0fdd5eba1cd0c0435e894817b34e20778a69c1 Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 14:18:18 -0700 Subject: [PATCH 23/27] add service account --- chart/templates/service-account.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml index 9bff713..9a98cb2 100644 --- a/chart/templates/service-account.yaml +++ b/chart/templates/service-account.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: minioServiceAccount + name: minio-service-account namespace: {{ .Release.Namespace }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} -- GitLab From 17875b98df449d255a9ca145030668ab19ecaabf Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 17:47:03 -0700 Subject: [PATCH 24/27] update --- chart/templates/minioinstance.yaml | 2 +- tests/test-values.yml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml index 38bd7a3..5a41adb 100644 --- a/chart/templates/minioinstance.yaml +++ b/chart/templates/minioinstance.yaml @@ -22,7 +22,7 @@ spec: imagePullSecrets: {{- toYaml . | nindent 4}} {{- end }} - + serviceAccountName: minio-service-account ## A ClusterIP Service will be created with the given name serviceName: minio-internal-service zones: diff --git a/tests/test-values.yml b/tests/test-values.yml index 28516b0..7640ac2 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -22,5 +22,4 @@ volumeClaimTemplate: minioUICreds: default-minio-creds-secret imagePullSecrets: - - name: private-registry-mil - + - name: private-registry-mil \ No newline at end of file -- GitLab From c7114f1675a671a8a15f3f640343456a379103da Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 18:07:30 -0700 Subject: [PATCH 25/27] Updates values and names --- chart/templates/minioinstance.yaml | 6 +----- chart/templates/service-account.yaml | 2 +- chart/values.yaml | 4 +++- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/chart/templates/minioinstance.yaml b/chart/templates/minioinstance.yaml index 5a41adb..c5637d7 100644 --- a/chart/templates/minioinstance.yaml +++ b/chart/templates/minioinstance.yaml @@ -18,11 +18,7 @@ spec: prometheus.io/scrape: "true" ## Registry location and Tag to download MinIO Server image image: {{ .Values.image.name }}:{{ .Values.image.tag }} - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 4}} - {{- end }} - serviceAccountName: minio-service-account + serviceAccountName: {{ .Values.serviceAccountName }} ## A ClusterIP Service will be created with the given name serviceName: minio-internal-service zones: diff --git a/chart/templates/service-account.yaml b/chart/templates/service-account.yaml index 9a98cb2..cb910dc 100644 --- a/chart/templates/service-account.yaml +++ b/chart/templates/service-account.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: minio-service-account + name: {{ .Values.serviceAccountName }} namespace: {{ .Release.Namespace }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} diff --git a/chart/values.yaml b/chart/values.yaml index 693b34f..2f2c57e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -21,4 +21,6 @@ volumeClaimTemplate: minioUICreds: default-minio-creds-secret -imagePullSecrets: [ ] \ No newline at end of file +imagePullSecrets: [ ] + +serviceAccountName: minio-service-account \ No newline at end of file -- GitLab From dcccd5f766919e35f1e710a728d912d391793904 Mon Sep 17 00:00:00 2001 From: still Date: Thu, 4 Feb 2021 18:11:17 -0700 Subject: [PATCH 26/27] remove debugging --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8a2b2ef..6e9f482 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ include: - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' - ref: still-dbg1 + ref: master file: '/templates/package-tests.yml' -- GitLab From 60111c7fc5f8ece878ed48de6bff070526da8826 Mon Sep 17 00:00:00 2001 From: still Date: Mon, 8 Feb 2021 15:22:51 -0700 Subject: [PATCH 27/27] Update doc --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5299eee..e558b7e 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,8 @@ Project [here](https://github.com/minio/minio-operator). MinIO is a high performance, distributed object storage system. It is software-defined, runs on industry standard hardware and is 100% open source under the Apache V2 license. -App Version: Operator 2.0.9, instance 2.0.9 +Operator version based on: 2.0.9 +Instance deployment version: 2.0.9 Plugins: Additional docs for using and its plugins can be found at $URL -- GitLab