From 786d9670b0f5a463a24163ac38f25633a93fc607 Mon Sep 17 00:00:00 2001 From: Ravind Kumar <ravind@min.io> Date: Wed, 31 Jan 2024 14:47:27 -0500 Subject: [PATCH 1/3] DOCS-1076: Operator v5.0.11 Release --- source/developers/sts-for-operator.rst | 10 +- source/includes/k8s/ext-tenant-crd.md | 16 ++- source/includes/k8s/operator-values.yaml | 21 ++-- source/includes/k8s/tenant-values.yaml | 10 +- source/index.rst | 1 + .../deploy-minio-tenant.rst | 2 +- source/reference/kubectl-minio-plugin.rst | 88 --------------- .../kubectl-minio-tenant-create.rst | 12 ++ .../kubectl-minio-tenant-delete.rst | 30 +++-- .../operator-environment-variables.rst | 106 ++++++++++++++++++ source/url-excludes.yaml | 4 + 11 files changed, 179 insertions(+), 121 deletions(-) create mode 100644 source/reference/operator-environment-variables.rst diff --git a/source/developers/sts-for-operator.rst b/source/developers/sts-for-operator.rst index a39ec114..f14dda95 100644 --- a/source/developers/sts-for-operator.rst +++ b/source/developers/sts-for-operator.rst @@ -29,7 +29,9 @@ Benefits of STS for MinIO Operator include: .. important:: - MinIO Operator launches with STS *disabled* by default. + Starting with Operator v5.0.11, STS is *enabled* by default. + + Previous versions of the Operator start with STS *disabled* by default. To use STS with the Operator, you must first explicitly enable it. The procedure on this page includes instructions to enable the STS API in the MinIO Operator. @@ -68,12 +70,16 @@ STS for the MinIO Operator requires the following: - MinIO Operator v5.0.0 or later. - The deployment **must** have :ref:`TLS configured <minio-tls>`. -- :envvar:`OPERATOR_STS_ENABLED` environment variable set to ``on``. +- (Required for Operator v5.0.0 - 5.0.10) :envvar:`OPERATOR_STS_ENABLED` environment variable set to ``on``. Procedure --------- 1. Enable STS functionality for the deployment + + .. note:: + + This step is optional starting with Operator 5.0.11 and later. .. code-block:: shell :class: copyable diff --git a/source/includes/k8s/ext-tenant-crd.md b/source/includes/k8s/ext-tenant-crd.md index 9210876b..242c5635 100644 --- a/source/includes/k8s/ext-tenant-crd.md +++ b/source/includes/k8s/ext-tenant-crd.md @@ -140,15 +140,6 @@ certificates manually added to the Operator.</p></td> </tbody> </table> -## CustomCertificateConfig - -CustomCertificateConfig (`customCertificateConfig`) provides attributes -associated of the TLS certificates manually added to the Operator as -part of tenant creation. These fields contain no data if there are no -custom TLS certificates. - -- [CustomCertificates](#customcertificates) - ## CustomCertificates CustomCertificates (`customCertificates`) provides groupings of the TLS @@ -775,6 +766,13 @@ If provided, each pod on the Statefulset will run with the specified RuntimeClassName, for more info <a href="https://kubernetes.io/docs/concepts/containers/runtime-class/">https://kubernetes.io/docs/concepts/containers/runtime-class/</a></p></td> </tr> +<tr class="odd"> +<td +style="text-align: left;"><p><strong><code>reclaimStorage</code></strong> +<em>boolean</em></p></td> +<td style="text-align: left;"><p><strong>Optional</strong><br /> +If true. Will delete the storage when tenant has been deleted.</p></td> +</tr> </tbody> </table> diff --git a/source/includes/k8s/operator-values.yaml b/source/includes/k8s/operator-values.yaml index d4de44ab..03f4850b 100644 --- a/source/includes/k8s/operator-values.yaml +++ b/source/includes/k8s/operator-values.yaml @@ -30,14 +30,14 @@ operator: ### # Specify the Operator container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.10 + # tag: v5.0.11 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -51,7 +51,7 @@ operator: # image: repository: quay.io/minio/operator - tag: v5.0.10 + tag: v5.0.11 pullPolicy: IfNotPresent ### # @@ -169,14 +169,14 @@ console: ### # Specify the Operator Console container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/operator - # tag: v5.0.10 + # tag: v5.0.11 # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -191,7 +191,7 @@ console: # The specified values should match that of ``operator.image`` to ensure predictable operations. image: repository: quay.io/minio/operator - tag: v5.0.10 + tag: v5.0.11 pullPolicy: IfNotPresent ### # An array of environment variables to pass to the Operator Console deployment. @@ -291,7 +291,9 @@ console: # An array of `Volumes <https://kubernetes.io/docs/concepts/storage/volumes/>`__ which the Operator Console can mount to pods. # # The volumes must exist *and* be accessible to the Console pods. - volumes: [ ] + volumes: + - name: tmp + emptyDir: {} ### # An array of volume mount points associated to each Operator Console container. # @@ -304,4 +306,7 @@ console: # mountPath: /path/to/mount # # The ``name`` field must correspond to an entry in the ``volumes`` array. - volumeMounts: [ ] + volumeMounts: + - name: tmp + readOnly: false + mountPath: /tmp/certs/CAs diff --git a/source/includes/k8s/tenant-values.yaml b/source/includes/k8s/tenant-values.yaml index 0b7152e5..14a7e6de 100644 --- a/source/includes/k8s/tenant-values.yaml +++ b/source/includes/k8s/tenant-values.yaml @@ -45,14 +45,14 @@ tenant: ### # Specify the Operator container image to use for the deployment. # ``image.tag`` - # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag. + # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag. # The container pulls the image if not already present: # # .. code-block:: yaml # # image: # repository: quay.io/minio/minio - # tag: RELEASE.2023-10-07T15-07-38Z + # tag: RELEASE.2023-11-15T20-43-25Z # pullPolicy: IfNotPresent # # The chart also supports specifying an image based on digest value: @@ -67,7 +67,7 @@ tenant: # image: repository: quay.io/minio/minio - tag: RELEASE.2023-10-07T15-07-38Z + tag: RELEASE.2023-11-15T20-43-25Z pullPolicy: IfNotPresent ### # @@ -332,14 +332,14 @@ tenant: # # Image from tag (original behavior), for example: # # image: # # repository: quay.io/minio/kes - # # tag: 2023-10-03T00-48-37Z + # # tag: 2023-11-10T10-44-28Z # # Image from digest (added after original behavior), for example: # # image: # # repository: quay.io/minio/kes@sha256 # # digest: fb15af611149892f357a8a99d1bcd8bf5dae713bd64c15e6eb27fbdb88fc208b # image: # repository: quay.io/minio/kes - # tag: 2023-10-03T00-48-37Z + # tag: 2023-11-10T10-44-28Z # pullPolicy: IfNotPresent # env: [ ] # replicas: 2 diff --git a/source/index.rst b/source/index.rst index a71f10b6..9fe25ddd 100644 --- a/source/index.rst +++ b/source/index.rst @@ -213,6 +213,7 @@ For more about connecting to ``play``, see :ref:`MinIO Console play Login <minio /reference/kubectl-minio-plugin /reference/operator-crd /reference/operator-chart-values + /reference/operator-environment-variables .. toctree:: :titlesonly: diff --git a/source/operations/install-deploy-manage/deploy-minio-tenant.rst b/source/operations/install-deploy-manage/deploy-minio-tenant.rst index 571e299d..da329dc5 100644 --- a/source/operations/install-deploy-manage/deploy-minio-tenant.rst +++ b/source/operations/install-deploy-manage/deploy-minio-tenant.rst @@ -594,7 +594,7 @@ The :guilabel:`Security` section displays TLS certificate settings for the MinIO .. _create-tenant-encryption-section: -1) The :guilabel:`Encryption` Section +8) The :guilabel:`Encryption` Section ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The :guilabel:`Encryption` section displays the :ref:`Server-Side Encryption (SSE) <minio-sse>` settings for the MinIO Tenant. diff --git a/source/reference/kubectl-minio-plugin.rst b/source/reference/kubectl-minio-plugin.rst index 18bcbb1b..c48bd128 100644 --- a/source/reference/kubectl-minio-plugin.rst +++ b/source/reference/kubectl-minio-plugin.rst @@ -89,94 +89,6 @@ Subcommands - :mc:`~kubectl minio delete` - :mc:`~kubectl minio version` -Environment Variables ---------------------- - -The :ref:`MinIO Operator <minio-operator-installation>` uses the following environment variables during startup to set configuration settings. -Configure these variables in the ``minio-operator`` container. - -Setting Environment Variables in Kubernetes -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -To set these environment variables, modify the operator container's yaml at ``.spec.env`` or use the following ``kubectl`` command syntax: - -.. code-block:: shell - :class: copyable - - kubectl set env -n minio-operator deployment/minio-operator <ENV_VARIABLE>=<value> ... <ENV_VARIABLE2>=<value2> - -Replace: - -- ``minio-operator`` with the namespace for your Operator, if not using the default value. -- ``deployment/minio-operator`` with the deployment for your Operator, if not the default value. - (This is not common.) -- ``<ENV_VARIABLE>`` with the environment variable to set or modify. -- ``<value>`` with the value to use for the environment variable. - -You can set or modify multiple environment variables by separating each ``VARIABLE=value`` pair with a space. - -Available MinIO Operator Environment Variables -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. envvar:: MINIO_OPERATOR_CERTIFICATES_VERSION - - Specifies the certificate API version to use. - - Valid values are ``v1`` or ``v1beta1``. - - When not specified, the default is the API Kubernetes provides. - -.. envvar:: MINIO_OPERATOR_RUNTIME - - Specify the type of runtime to use. - - Valid values are ``EKS``, ``Rancher``, or ``OpenShift``. - Leave blank if none of the options apply. - - When set as ``EKS``, the :envvar:`MINIO_OPERATOR_CSR_SIGNER_NAME` must be ``beta.eks.amazonaws.com/app-serving``. - -.. envvar:: MINIO_OPERATOR_CSR_SIGNER_NAME - - Override the default signer for certificate signing requests (CSRs). - - When not specified, the default value is ``kubernetes.io/kubelet-serving``. - -.. envvar:: OPERATOR_CERT_PASSWD - - *Optional* - - The password Operator should use to decrypt the private key in the TLS certificate for Operator. - -.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME - - Specifies the namespace to create and use for Operator. - - When not specified, the default value is ``minio-operator``. - -.. envvar:: OPERATOR_STS_ENABLED - - Toggle STS Service ``on`` or ``off``. - - When not specified, the default value is ``off``. - -.. envvar:: MINIO_CONSOLE_DEPLOYMENT_NAME - - The name to use for the Operator Console. - - When not specified, the default value is ``operator``. - -.. envvar:: MINIO_CONSOLE_TLS_ENABLE - - Toggle Console TLS service ``on`` or ``off``. - - When not specified, the default value is ``off``. - -.. envvar:: WATCHED_NAMESPACE - - A comma-separated list of the namespace(s) Operator should watch for tenants. - - When not specified, the default value is ``""`` to watch all namespaces. - .. toctree:: :titlesonly: :hidden: diff --git a/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-create.rst b/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-create.rst index b8adcfa1..42c851ac 100644 --- a/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-create.rst +++ b/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-create.rst @@ -81,6 +81,7 @@ Syntax [--image] \ [--image-pull-secret] \ [--kes-config] \ + [--kes-image] \ [--namespace] \ [--output] \ [--pool] \ @@ -259,6 +260,17 @@ The command supports the following flags: For more, see the `Github documentation <https://github.com/minio/operator/blob/master/examples/kes-secret.yaml>`__. +.. mc-cmd:: --kes-image + :optional: + + .. versionadded:: v5.0.11 + + The KES image to use when deploying KES pods in the tenant. + + .. important:: + + You cannot downgrade KES images after deployment. + .. mc-cmd:: --namespace :optional: diff --git a/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-delete.rst b/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-delete.rst index c11e68a2..ec6318b7 100644 --- a/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-delete.rst +++ b/source/reference/kubectl-minio-plugin/kubectl-minio-tenant-delete.rst @@ -43,14 +43,16 @@ Syntax .. tab-item:: EXAMPLE - The following example creates a MinIO Tenant in the namespace ``minio-tenant-1`` consisting of 4 MinIO servers with 8 drives each and a total capacity of 32Ti. + The following example deletes a MinIO Tenant in the namespace ``minio-tenant-1``. + It keeps the namespace intact after deleting the tenant. .. code-block:: shell :class: copyable - kubectl minio tenant delete \ + kubectl minio tenant delete \ minio-tenant-1 \ - --namespace minio-tenant-1 + --namespace minio-tenant-1 \ + --retain-namespace .. tab-item:: SYNTAX @@ -58,10 +60,11 @@ Syntax .. code-block:: shell - kubectl minio tenant delete \ - TENANT_NAME \ - --force \ - --namespace + kubectl minio tenant delete \ + TENANT_NAME \ + --force \ + --namespace \ + [--retain-namespace] \ Flags @@ -82,4 +85,15 @@ The command supports the following flags: .. mc-cmd:: --namespace :required: - The namespace scope to access. \ No newline at end of file + The namespace scope to access. + +.. mc-cmd:: --retain-namespace + :optional: + + Keeps the namespace after deleting the tenant. + + Omit to delete the namespace after deleting the tenant. + + .. warning:: + + Deleting a namespace deletes all resources associated to that namespace. \ No newline at end of file diff --git a/source/reference/operator-environment-variables.rst b/source/reference/operator-environment-variables.rst new file mode 100644 index 00000000..5df5847a --- /dev/null +++ b/source/reference/operator-environment-variables.rst @@ -0,0 +1,106 @@ +.. _minio-operator-envvars: + +==================================== +MinIO Operator Environment Variables +==================================== + +.. default-domain:: minio + +.. contents:: Table of Contents + +The :ref:`MinIO Operator <minio-operator-installation>` uses the following environment variables during startup to set configuration settings. +Configure these variables in the ``minio-operator`` container. + +Setting Environment Variables in Kubernetes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +To set these environment variables, modify the operator container's yaml at ``.spec.env`` or use the following ``kubectl`` command syntax: + +.. code-block:: shell + :class: copyable + + kubectl set env -n minio-operator deployment/minio-operator <ENV_VARIABLE>=<value> ... <ENV_VARIABLE2>=<value2> + +Replace: + +- ``minio-operator`` with the namespace for your Operator, if not using the default value. +- ``deployment/minio-operator`` with the deployment for your Operator, if not the default value. + (This is not common.) +- ``<ENV_VARIABLE>`` with the environment variable to set or modify. +- ``<value>`` with the value to use for the environment variable. + +You can set or modify multiple environment variables by separating each ``VARIABLE=value`` pair with a space. + +Available MinIO Operator Environment Variables +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +.. envvar:: MINIO_OPERATOR_CERTIFICATES_VERSION + + Specifies the certificate API version to use. + + Valid values are ``v1`` or ``v1beta1``. + + When not specified, the default is the API Kubernetes provides. + +.. envvar:: MINIO_OPERATOR_RUNTIME + + Specify the type of runtime to use. + + Valid values are ``EKS``, ``Rancher``, or ``OpenShift``. + Leave blank if none of the options apply. + + When set as ``EKS``, the :envvar:`MINIO_OPERATOR_CSR_SIGNER_NAME` must be ``beta.eks.amazonaws.com/app-serving``. + +.. envvar:: MINIO_OPERATOR_CSR_SIGNER_NAME + + Override the default signer for certificate signing requests (CSRs). + + When not specified, the default value is ``kubernetes.io/kubelet-serving``. + +.. envvar:: OPERATOR_CERT_PASSWD + + *Optional* + + The password Operator should use to decrypt the private key in the TLS certificate for Operator. + +.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME + + Specifies the namespace to create and use for Operator. + + When not specified, the default value is ``minio-operator``. + +.. envvar:: OPERATOR_STS_ENABLED + + Toggle STS Service ``on`` or ``off``. + + .. versionchanged:: v5.0.11 + + When not specified, the default value is ``on``. + + Prior to Operator 5.0.11, the default value is ``off``. + +.. envvar:: MINIO_CONSOLE_DEPLOYMENT_NAME + + The name to use for the Operator Console. + + When not specified, the default value is ``operator``. + +.. envvar:: MINIO_CONSOLE_TLS_ENABLE + + Toggle Console TLS service ``on`` or ``off``. + + When not specified, the default value is ``off``. + +.. envvar:: MINIO_OPERATOR_IMAGE + + .. versionadded:: v5.0.11 + + Specify the image of the MinIO instance sidecar container loaded by the Operator. + + Omit to use the Operator image. + +.. envvar:: WATCHED_NAMESPACE + + A comma-separated list of the namespace(s) Operator should watch for tenants. + + When not specified, the default value is ``""`` to watch all namespaces. \ No newline at end of file diff --git a/source/url-excludes.yaml b/source/url-excludes.yaml index 1776385d..f2c25e97 100644 --- a/source/url-excludes.yaml +++ b/source/url-excludes.yaml @@ -26,6 +26,7 @@ excludes: - 'reference/kubectl-minio-plugin/kubectl-minio-version.rst' - 'reference/operator-crd.rst' - 'reference/operator-chart-values.rst' +- 'reference/operator-environment-variables.rst' --- tag: macos excludes: @@ -48,6 +49,7 @@ excludes: - 'reference/deprecated/*' - 'reference/operator-crd.rst' - 'reference/operator-chart-values.rst' +- 'reference/operator-environment-variables.rst' - 'developers/*' - 'integrations/*' --- @@ -77,6 +79,7 @@ excludes: - 'reference/deprecated/*' - 'reference/operator-crd.rst' - 'reference/operator-chart-values.rst' +- 'reference/operator-environment-variables.rst' - 'developers/*' - 'integrations/*' --- @@ -102,6 +105,7 @@ excludes: - 'reference/deprecated/*' - 'reference/operator-crd.rst' - 'reference/operator-chart-values.rst' +- 'reference/operator-environment-variables.rst' - 'developers/*' - 'integrations/*' --- From b0b3bb0895e235bfc2778ab690669b4334efd838 Mon Sep 17 00:00:00 2001 From: Ravind Kumar <ravind@min.io> Date: Wed, 31 Jan 2024 18:23:23 -0500 Subject: [PATCH 2/3] Apply suggestions from code review Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com> --- source/developers/sts-for-operator.rst | 4 ++-- source/reference/operator-environment-variables.rst | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/source/developers/sts-for-operator.rst b/source/developers/sts-for-operator.rst index f14dda95..6d4da797 100644 --- a/source/developers/sts-for-operator.rst +++ b/source/developers/sts-for-operator.rst @@ -32,7 +32,7 @@ Benefits of STS for MinIO Operator include: Starting with Operator v5.0.11, STS is *enabled* by default. Previous versions of the Operator start with STS *disabled* by default. - To use STS with the Operator, you must first explicitly enable it. + To use STS with v5.0.10 or older versions of the Operator, you must first explicitly enable it. The procedure on this page includes instructions to enable the STS API in the MinIO Operator. @@ -79,7 +79,7 @@ Procedure .. note:: - This step is optional starting with Operator 5.0.11 and later. + This step is optional for Operator version 5.0.11 or later. .. code-block:: shell :class: copyable diff --git a/source/reference/operator-environment-variables.rst b/source/reference/operator-environment-variables.rst index 5df5847a..e19ed6c1 100644 --- a/source/reference/operator-environment-variables.rst +++ b/source/reference/operator-environment-variables.rst @@ -77,7 +77,7 @@ Available MinIO Operator Environment Variables When not specified, the default value is ``on``. - Prior to Operator 5.0.11, the default value is ``off``. + For versions prior to Operator 5.0.11, the default value was ``off``. .. envvar:: MINIO_CONSOLE_DEPLOYMENT_NAME From 79b150b40553c53143cf3f3939f610d23a5ba620 Mon Sep 17 00:00:00 2001 From: Ravind Kumar <ravind@min.io> Date: Wed, 31 Jan 2024 19:17:50 -0500 Subject: [PATCH 3/3] Update source/reference/operator-environment-variables.rst Co-authored-by: Andrea Longo <feorlen@users.noreply.github.com> --- source/reference/operator-environment-variables.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/source/reference/operator-environment-variables.rst b/source/reference/operator-environment-variables.rst index e19ed6c1..605e85a1 100644 --- a/source/reference/operator-environment-variables.rst +++ b/source/reference/operator-environment-variables.rst @@ -25,7 +25,7 @@ Replace: - ``minio-operator`` with the namespace for your Operator, if not using the default value. - ``deployment/minio-operator`` with the deployment for your Operator, if not the default value. - (This is not common.) + (Most deployments use the default value.) - ``<ENV_VARIABLE>`` with the environment variable to set or modify. - ``<value>`` with the value to use for the environment variable.