DOCS-1076: Operator v5.0.11 Release

source/developers/sts-for-operator.rst

@@ -29,8 +29,10 @@ Benefits of STS for MinIO Operator include:
 
 .. important:: 
 
-   MinIO Operator launches with STS *disabled* by default.
-   To use STS with the Operator, you must first explicitly enable it.
+   Starting with Operator v5.0.11, STS is *enabled* by default.
+
+   Previous versions of the Operator start with STS *disabled* by default.
+   To use STS with v5.0.10 or older versions of the Operator, you must first explicitly enable it.
 
    The procedure on this page includes instructions to enable the STS API in the MinIO Operator.
 
@@ -68,12 +70,16 @@ STS for the MinIO Operator requires the following:
 
 - MinIO Operator v5.0.0 or later.
 - The deployment **must** have :ref:`TLS configured <minio-tls>`.
-- :envvar:`OPERATOR_STS_ENABLED` environment variable set to ``on``.
+- (Required for Operator v5.0.0 - 5.0.10) :envvar:`OPERATOR_STS_ENABLED` environment variable set to ``on``.
 
 Procedure
 ---------
 
 1. Enable STS functionality for the deployment
+
+   .. note::
+
+      This step is optional for Operator version 5.0.11 or later.
 
    .. code-block:: shell
       :class: copyable

source/includes/k8s/ext-tenant-crd.md

@@ -140,15 +140,6 @@ certificates manually added to the Operator.</p></td>
 </tbody>
 </table>
 
-## CustomCertificateConfig
-
-CustomCertificateConfig (`customCertificateConfig`) provides attributes
-associated of the TLS certificates manually added to the Operator as
-part of tenant creation. These fields contain no data if there are no
-custom TLS certificates.
-
--   [CustomCertificates](#customcertificates)
-
 ## CustomCertificates
 
 CustomCertificates (`customCertificates`) provides groupings of the TLS
@@ -775,6 +766,13 @@ If provided, each pod on the Statefulset will run with the specified
 RuntimeClassName, for more info <a
 href="https://kubernetes.io/docs/concepts/containers/runtime-class/">https://kubernetes.io/docs/concepts/containers/runtime-class/</a></p></td>
 </tr>
+<tr class="odd">
+<td
+style="text-align: left;"><p><strong><code>reclaimStorage</code></strong>
+<em>boolean</em></p></td>
+<td style="text-align: left;"><p><strong>Optional</strong><br />
+If true. Will delete the storage when tenant has been deleted.</p></td>
+</tr>
 </tbody>
 </table>
 

source/includes/k8s/operator-values.yaml

@@ -30,14 +30,14 @@ operator:
   ###
   # Specify the Operator container image to use for the deployment.
   # ``image.tag`` 
-  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag.
+  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag.
   # The container pulls the image if not already present:
   #
   # .. code-block:: yaml
   # 
   #    image:
   #      repository: quay.io/minio/operator
-  #      tag: v5.0.10
+  #      tag: v5.0.11
   #      pullPolicy: IfNotPresent
   #
   # The chart also supports specifying an image based on digest value:
@@ -51,7 +51,7 @@ operator:
   #
   image:
     repository: quay.io/minio/operator
-    tag: v5.0.10
+    tag: v5.0.11
     pullPolicy: IfNotPresent
   ###
   #
@@ -169,14 +169,14 @@ console:
   ###
   # Specify the Operator Console container image to use for the deployment.
   # ``image.tag`` 
-  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag.
+  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag.
   # The container pulls the image if not already present:
   #
   # .. code-block:: yaml
   # 
   #    image:
   #      repository: quay.io/minio/operator
-  #      tag: v5.0.10
+  #      tag: v5.0.11
   #      pullPolicy: IfNotPresent
   #
   # The chart also supports specifying an image based on digest value:
@@ -191,7 +191,7 @@ console:
   # The specified values should match that of ``operator.image`` to ensure predictable operations.
   image:
     repository: quay.io/minio/operator
-    tag: v5.0.10
+    tag: v5.0.11
     pullPolicy: IfNotPresent
   ###
   # An array of environment variables to pass to the Operator Console deployment.
@@ -291,7 +291,9 @@ console:
   # An array of `Volumes <https://kubernetes.io/docs/concepts/storage/volumes/>`__ which the Operator Console can mount to pods.
   #
   # The volumes must exist *and* be accessible to the Console pods.
-  volumes: [ ]
+  volumes:
+    - name: tmp
+      emptyDir: {}
   ###
   # An array of volume mount points associated to each Operator Console container.
   # 
@@ -304,4 +306,7 @@ console:
   #      mountPath: /path/to/mount
   #
   # The ``name`` field must correspond to an entry in the ``volumes`` array.
-  volumeMounts: [ ]
+  volumeMounts:
+    - name: tmp
+      readOnly: false
+      mountPath: /tmp/certs/CAs

source/includes/k8s/tenant-values.yaml

@@ -45,14 +45,14 @@ tenant:
   ###
   # Specify the Operator container image to use for the deployment.
   # ``image.tag`` 
-  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.10 tag.
+  # For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag.
   # The container pulls the image if not already present:
   #
   # .. code-block:: yaml
   # 
   #    image:
   #       repository: quay.io/minio/minio
-  #       tag: RELEASE.2023-10-07T15-07-38Z
+  #       tag: RELEASE.2023-11-15T20-43-25Z
   #       pullPolicy: IfNotPresent
   #
   # The chart also supports specifying an image based on digest value:
@@ -67,7 +67,7 @@ tenant:
   #
   image:
     repository: quay.io/minio/minio
-    tag: RELEASE.2023-10-07T15-07-38Z
+    tag: RELEASE.2023-11-15T20-43-25Z
     pullPolicy: IfNotPresent
   ###
   #
@@ -332,14 +332,14 @@ tenant:
   #  # Image from tag (original behavior), for example:
   #  # image:
   #  #   repository: quay.io/minio/kes
-  #  #   tag: 2023-10-03T00-48-37Z
+  #  #   tag: 2023-11-10T10-44-28Z
   #  # Image from digest (added after original behavior), for example:
   #  # image:
   #  #   repository: quay.io/minio/kes@sha256
   #  #   digest: fb15af611149892f357a8a99d1bcd8bf5dae713bd64c15e6eb27fbdb88fc208b
   #  image:
   #    repository: quay.io/minio/kes
-  #    tag: 2023-10-03T00-48-37Z
+  #    tag: 2023-11-10T10-44-28Z
   #    pullPolicy: IfNotPresent
   #  env: [ ]
   #  replicas: 2

source/index.rst

@@ -213,6 +213,7 @@ For more about connecting to ``play``, see :ref:`MinIO Console play Login <minio
       /reference/kubectl-minio-plugin
       /reference/operator-crd
       /reference/operator-chart-values
+      /reference/operator-environment-variables
 
 .. toctree::
    :titlesonly:

source/operations/install-deploy-manage/deploy-minio-tenant.rst

@@ -594,7 +594,7 @@ The :guilabel:`Security` section displays TLS certificate settings for the MinIO
 
 .. _create-tenant-encryption-section:
 
-1) The :guilabel:`Encryption` Section
+8) The :guilabel:`Encryption` Section
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The :guilabel:`Encryption` section displays the :ref:`Server-Side Encryption (SSE) <minio-sse>` settings for the MinIO Tenant. 

source/reference/kubectl-minio-plugin.rst

@@ -89,94 +89,6 @@ Subcommands
 - :mc:`~kubectl minio delete`
 - :mc:`~kubectl minio version`
 
-Environment Variables
----------------------
-
-The :ref:`MinIO Operator <minio-operator-installation>` uses the following environment variables during startup to set configuration settings.
-Configure these variables in the ``minio-operator`` container.
-
-Setting Environment Variables in Kubernetes
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To set these environment variables, modify the operator container's yaml at ``.spec.env`` or use the following ``kubectl`` command syntax:
-
-.. code-block:: shell
-   :class: copyable
-
-   kubectl set env -n minio-operator deployment/minio-operator <ENV_VARIABLE>=<value> ... <ENV_VARIABLE2>=<value2>
-
-Replace:
-
-- ``minio-operator`` with the namespace for your Operator, if not using the default value.
-- ``deployment/minio-operator`` with the deployment for your Operator, if not the default value.
-  (This is not common.)
-- ``<ENV_VARIABLE>`` with the environment variable to set or modify.
-- ``<value>`` with the value to use for the environment variable.
-
-You can set or modify multiple environment variables by separating each ``VARIABLE=value`` pair with a space.
-
-Available MinIO Operator Environment Variables
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-.. envvar:: MINIO_OPERATOR_CERTIFICATES_VERSION
-
-   Specifies the certificate API version to use.
-
-   Valid values are ``v1`` or ``v1beta1``.
-
-   When not specified, the default is the API Kubernetes provides.
-
-.. envvar:: MINIO_OPERATOR_RUNTIME
-
-   Specify the type of runtime to use.
-
-   Valid values are ``EKS``, ``Rancher``, or ``OpenShift``.
-   Leave blank if none of the options apply.
-
-   When set as ``EKS``, the :envvar:`MINIO_OPERATOR_CSR_SIGNER_NAME` must be ``beta.eks.amazonaws.com/app-serving``.
-
-.. envvar:: MINIO_OPERATOR_CSR_SIGNER_NAME
-
-   Override the default signer for certificate signing requests (CSRs).
-
-   When not specified, the default value is ``kubernetes.io/kubelet-serving``.
-
-.. envvar:: OPERATOR_CERT_PASSWD
-
-   *Optional*
-
-   The password Operator should use to decrypt the private key in the TLS certificate for Operator.
-
-.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME
-
-   Specifies the namespace to create and use for Operator.
-
-   When not specified, the default value is ``minio-operator``.
-
-.. envvar:: OPERATOR_STS_ENABLED
-
-   Toggle STS Service ``on`` or ``off``.
-
-   When not specified, the default value is ``off``.
-
-.. envvar:: MINIO_CONSOLE_DEPLOYMENT_NAME
-
-   The name to use for the Operator Console.
-
-   When not specified, the default value is ``operator``.
-
-.. envvar:: MINIO_CONSOLE_TLS_ENABLE
-
-   Toggle Console TLS service ``on`` or ``off``.
-
-   When not specified, the default value is ``off``.
-
-.. envvar:: WATCHED_NAMESPACE
-
-   A comma-separated list of the namespace(s) Operator should watch for tenants.
-
-   When not specified, the default value is ``""`` to watch all namespaces.
-
 .. toctree::
    :titlesonly:
    :hidden:

source/reference/kubectl-minio-plugin/kubectl-minio-tenant-create.rst

@@ -81,6 +81,7 @@ Syntax
                               [--image]                   \
                               [--image-pull-secret]       \
                               [--kes-config]              \
+                              [--kes-image]               \
                               [--namespace]               \
                               [--output]                  \
                               [--pool]                    \
@@ -259,6 +260,17 @@ The command supports the following flags:
 
    For more, see the `Github documentation <https://github.com/minio/operator/blob/master/examples/kes-secret.yaml>`__. 
 
+.. mc-cmd:: --kes-image
+   :optional:
+
+   .. versionadded:: v5.0.11
+
+   The KES image to use when deploying KES pods in the tenant.
+
+   .. important::
+
+      You cannot downgrade KES images after deployment.
+
 .. mc-cmd:: --namespace
    :optional:
 

source/reference/kubectl-minio-plugin/kubectl-minio-tenant-delete.rst

@@ -43,25 +43,28 @@ Syntax
 
    .. tab-item:: EXAMPLE
 
-      The following example creates a MinIO Tenant in the namespace ``minio-tenant-1`` consisting of 4 MinIO servers with 8 drives each and a total capacity of 32Ti.
+      The following example deletes a MinIO Tenant in the namespace ``minio-tenant-1``.
+      It keeps the namespace intact after deleting the tenant.
 
       .. code-block:: shell
          :class: copyable
 
-         kubectl minio tenant delete                       \
+         kubectl minio tenant delete                        \
                                 minio-tenant-1              \
-                                --namespace minio-tenant-1
+                                --namespace minio-tenant-1  \
+                                --retain-namespace
 
    .. tab-item:: SYNTAX
 
       The command has the following syntax:
 
       .. code-block:: shell
 
-         kubectl minio tenant delete        \
-                                TENANT_NAME \
-                                --force     \
-                                --namespace
+         kubectl minio tenant delete                 \
+                                TENANT_NAME          \
+                                --force              \
+                                --namespace          \
+                                [--retain-namespace] \
 
 
 Flags
@@ -82,4 +85,15 @@ The command supports the following flags:
 .. mc-cmd:: --namespace
    :required:
 
-   The namespace scope to access.
+   The namespace scope to access.
+
+.. mc-cmd:: --retain-namespace
+   :optional:
+
+   Keeps the namespace after deleting the tenant.
+
+   Omit to delete the namespace after deleting the tenant.
+
+   .. warning::
+
+      Deleting a namespace deletes all resources associated to that namespace.