Skip to content

Commit

Permalink
Updates related to Operator 6.0.0 release
Browse files Browse the repository at this point in the history
Partially addresses #1273.
  • Loading branch information
djwfyi committed Jul 31, 2024
1 parent cb65826 commit 4275338
Show file tree
Hide file tree
Showing 3 changed files with 10 additions and 6 deletions.
12 changes: 9 additions & 3 deletions source/includes/k8s/deploy-operator.rst
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,13 @@ Each pod runs three containers:
- InitContainer that only exists during the launch of the pod to manage configuration secrets during startup.
Once startup completes, this container terminates.

- SideCar container that monitors configuration secrets for the tenant and updates them as they change.
This container also monitors for root credentials and creates an error if it does not find root credentials.
- Sidecar container used to initialize the MinIO tenant.
The sidecar retrieves and validates the configuration for each tenant and creates the necessary local resources in the pod.

.. versionchanged:: Operator 6.0.0

The Sidecar has its own image and release cycle separate from the rest of the MinIO Operator.
The MinIO Operator stores the tenant's environment variables in the sidecar, allowing the Operator to update the variables without requiring a rolling restart.

Starting with v5.0.6, the MinIO Operator supports custom :kube-docs:`init containers <concepts/workloads/pods/init-containers>` for additional pod initialization that may be required for your environment.

Expand Down Expand Up @@ -104,7 +109,8 @@ Kubernetes TLS Certificate API
- For :ref:`STS service <minio-security-token-service>` when :envvar:`OPERATOR_STS_ENABLED` environment variable is set to ``on``.
- For retrieving the health of the cluster.

The MinIO Operator reads certificates inside the ``operator-ca-tls`` secret and syncs this secret within the tenant namespace to trust private certificate authorities, such as when using cert-manager.
Beginning with Operator 6.0.0, the MinIO Operator reads certificates inside the ``operator-ca-tls`` secret to trust private certificate authorities throughout the Kubernetes cluster, such as when using cert-manager.
Previous versions of the Operator sync the ``operator-ca-tls`` certificates to each tenant.

For any of these circumstances, the MinIO Operator *requires* that the Kubernetes ``kube-controller-manager`` configuration include the following :kube-docs:`configuration settings <reference/command-line-tools-reference/kube-controller-manager/#options>`:

Expand Down
2 changes: 0 additions & 2 deletions source/includes/k8s/file-transfer-protocol-k8s.rst
Original file line number Diff line number Diff line change
Expand Up @@ -102,8 +102,6 @@ Procedure
spec:
configuration:
name: my-tenant-env-configuration
credsSecret:
name: my-tenant-secret
exposeServices:
console: true
minio: true
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -42,7 +42,7 @@ The following changes apply for Operator v5.0.0 or later:
- The ``.spec.s3`` field is replaced by the ``.spec.features`` field.
- The ``.spec.credsSecret`` field is replaced by the ``.spec.configuration`` field.

The ``.spec.credsSecret`` should hold all the environment variables for the MinIO deployment that contain sensitive information and should not show in ``.spec.env``.
The ``.spec.configuration`` secret should hold all the environment variables for the MinIO deployment that contain sensitive information and should not show in ``.spec.env``.
This change impacts the Tenant :abbr:`CRD (CustomResourceDefinition)` and only impacts users editing a tenant YAML directly, such as through Helm or Kustomize.
- Both the **Log Search API** (``.spec.log``) and **Prometheus** (``.spec.prometheus``) deployments have been removed.
However, existing deployments are left running as standalone deployments / statefulsets with no connection to the Tenant CR.
Expand Down

0 comments on commit 4275338

Please sign in to comment.