Merge branch 'master' into master

.github/workflows/goreleaser.yml

@@ -31,4 +31,4 @@ jobs:
         uses: goreleaser/goreleaser-action@v5
         with:
           version: latest
-          args: release --skip-publish --clean --snapshot
+          args: release --skip=publish --clean --snapshot

.github/workflows/kubernetes-tests.yml

@@ -255,7 +255,6 @@ jobs:
       - name: Test PolicyBinding CRD and sts call on kind
         run: |
           "${GITHUB_WORKSPACE}/testing/test-policy-binding.sh"
-
   helm:
     timeout-minutes: 30
     # The type of runner that the job will run on
@@ -321,3 +320,4 @@ jobs:
           chmod +x kubectl
           mv kubectl /usr/local/bin
           "${GITHUB_WORKSPACE}/testing/check-helm.sh"
+

.gitignore

@@ -5,10 +5,8 @@ minio-operator
 !tenant/
 .idea/
 dist/
-kubectl-minio/kubectl-minio
 *.minisig
 *.zip
-kubectl-minio/crds
 *.log
 .vscode
 minio.yaml

.goreleaser.yml

@@ -15,7 +15,7 @@ before:
   hooks:
     - make clean
     - make swagger-gen
-    - go mod tidy -compat=1.19
+    - go mod tidy -compat=1.21.8
     - go mod download
 
 builds:
@@ -33,32 +33,6 @@ builds:
       - -s -w -X github.com/minio/operator/pkg.ReleaseTag={{.Tag}} -X github.com/minio/operator/pkg.CommitID={{.FullCommit}} -X github.com/minio/operator/pkg.Version={{.Version}} -X github.com/minio/operator/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/operator/pkg.ReleaseTime={{.Date}}
     flags:
       - -trimpath
-    hooks:
-      post: ./package.sh {{ .Path }}
-
-  - id: kubectl-minio
-    dir: kubectl-minio
-    binary: kubectl-minio
-    goos:
-      - linux
-      - darwin
-      - windows
-    goarch:
-      - amd64
-      - arm64
-      - ppc64le
-      - s390x
-    ignore:
-      - goos: windows
-        goarch: arm64
-    env:
-      - CGO_ENABLED=0
-    ldflags:
-      - -s -w -X github.com/minio/kubectl-minio/cmd.version={{.Tag}}
-    flags:
-      - -trimpath
-    hooks:
-      post: ./package.sh {{ .Path }}
 
 archives:
   - allow_different_binary_count: true

Dockerfile

@@ -1,8 +1,8 @@
-FROM registry.access.redhat.com/ubi9/ubi-minimal:9.2 as build
+FROM registry.access.redhat.com/ubi9/ubi-minimal:latest as build
 
 RUN microdnf update -y --nodocs && microdnf install ca-certificates -y --nodocs
 
-FROM registry.access.redhat.com/ubi9/ubi-micro:9.2
+FROM registry.access.redhat.com/ubi9/ubi-micro:latest
 
 ARG TAG
 

Makefile

@@ -18,7 +18,6 @@ HELM_TEMPLATES=$(HELM_HOME)/templates
 KUSTOMIZE_HOME=resources
 KUSTOMIZE_CRDS=$(KUSTOMIZE_HOME)/base/crds/
 
-PLUGIN_HOME=kubectl-minio
 
 all: build
 
@@ -28,19 +27,21 @@ getdeps:
 	@echo "Installing golangci-lint" && \
 		go install github.com/golangci/golangci-lint/cmd/[email protected] && \
 		echo "Installing govulncheck" && \
-		go install golang.org/x/vuln/cmd/govulncheck@latest
+		go install golang.org/x/vuln/cmd/govulncheck@latest &&\
+		echo "installng gopls" && \
+		go install golang.org/x/tools/gopls@latest
 
 verify: getdeps govet lint
 
 binary:
 	@CGO_ENABLED=0 GOOS=linux go build -trimpath --ldflags $(LDFLAGS) -o minio-operator ./cmd/operator
 
-operator: assets binary
+operator: binary
 
 docker: operator
-	@docker build --no-cache -t $(TAG) .
+	@docker buildx build --no-cache --load --platform linux/$(GOARCH) -t $(TAG) .
 
-build: regen-crd verify plugin operator docker
+build: regen-crd verify operator docker
 
 install: all
 
@@ -65,35 +66,31 @@ clean:
 	@rm -rf dist/
 
 regen-crd:
-	@go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.11.1
+	@go install sigs.k8s.io/controller-tools/cmd/controller-gen@v0.14.0
 	@${GOPATH}/bin/controller-gen crd:maxDescLen=0,generateEmbeddedObjectMeta=true paths="./..." output:crd:artifacts:config=$(KUSTOMIZE_CRDS)
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/minio.min.io_tenants.yaml > $(HELM_TEMPLATES)/minio.min.io_tenants.yaml
 	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/sts.min.io_policybindings.yaml > $(HELM_TEMPLATES)/sts.min.io_policybindings.yaml
+	@sed 's#namespace: minio-operator#namespace: {{ .Release.Namespace }}#g' resources/base/crds/job.min.io_miniojobs.yaml > $(HELM_TEMPLATES)/job.min.io_jobs.yaml
 
 regen-crd-docs:
 	@echo "Installing crd-ref-docs" && GO111MODULE=on go install -v github.com/elastic/crd-ref-docs@latest
 	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/minio.min.io/v2  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/tenant_crd.adoc --templates-dir=docs/templates/asciidoctor/
 	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/sts.min.io/v1alpha1  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/policybinding_crd.adoc --templates-dir=docs/templates/asciidoctor/
-
-plugin: regen-crd
-	@echo "Building 'kubectl-minio' binary"
-	@(cd $(PLUGIN_HOME); \
-		go vet ./... && \
-		go test -race ./... && \
-		GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean && \
-		GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ../.golangci.yml)
-
-plugin-binary: plugin
-	@(cd $(PLUGIN_HOME) && CGO_ENABLED=0 go build -trimpath --ldflags $(LDFLAGS) -o kubectl-minio .)
+	@${GOPATH}/bin/crd-ref-docs --source-path=./pkg/apis/job.min.io/v1alpha1  --config=docs/templates/config.yaml --renderer=asciidoctor --output-path=docs/job_crd.adoc --templates-dir=docs/templates/asciidoctor/
 
 generate-code:
 	@./k8s/update-codegen.sh
 
 generate-openshift-manifests:
 	@./olm.sh
 
-release: assets generate-openshift-manifests
+helm-reindex:
+	@echo "Re-indexing helm chart release"
+	@./helm-reindex.sh
+
+release: assets
 	@./release.sh
+	@./olm.sh
 
 apply-gofmt:
 	@echo "Applying gofmt to all generated an existing files"

README.md

@@ -47,15 +47,6 @@ status.
 For more complete documentation on using the MinIO Console, see the
 [MinIO Console Github Repository](https://github.com/minio/console).
 
-## MinIO Operator and `kubectl` Plugin
-
-The MinIO Operator extends the Kubernetes API to support deploying MinIO-specific
-resources as a Tenant in a Kubernetes cluster.
-
-The MinIO `kubectl minio` plugin wraps the Operator to provide a simplified interface
-for deploying and managing MinIO Tenants in a Kubernetes cluster through the
-`kubectl` command line tool.
-
 # Deploy the MinIO Operator and Create a Tenant
 
 This procedure installs the MinIO Operator and creates a 4-node MinIO Tenant for supporting object storage operations in
@@ -65,10 +56,12 @@ a Kubernetes cluster.
 
 ### Kubernetes 1.21 or Later
 
-Starting with Operator v5.0.0, MinIO requires Kubernetes version 1.21.0 or later. You must upgrade your Kubernetes cluster to 1.21.0 or later to use Operator
+Starting with Operator v5.0.0, MinIO requires Kubernetes version 1.21.0 or later. You must upgrade your Kubernetes
+cluster to 1.21.0 or later to use Operator
 v5.0.0+.
 
-Starting with Operator v4.0.0, MinIO requires Kubernetes version 1.19.0 or later.  Previous versions of the Operator supported Kubernetes 1.17.0 or later. You must upgrade your Kubernetes cluster to 1.19.0 or later to use Operator
+Starting with Operator v4.0.0, MinIO requires Kubernetes version 1.19.0 or later. Previous versions of the Operator
+supported Kubernetes 1.17.0 or later. You must upgrade your Kubernetes cluster to 1.19.0 or later to use Operator
 v4.0.0+.
 
 This procedure assumes the host machine has [`kubectl`](https://kubernetes.io/docs/tasks/tools) installed and configured
@@ -80,7 +73,7 @@ MinIO supports no more than *one* MinIO Tenant per Namespace. The following `kub
 for the MinIO Tenant.
 
 ```sh
-kubectl create namespace minio-tenant-1
+kubectl create namespace minio-tenant
 ```
 
 The MinIO Operator Console supports creating a namespace as part of the Tenant Creation procedure.
@@ -165,47 +158,14 @@ performance:
 
 ## Procedure
 
-### 1) Install the MinIO Operator
-
-Run the following commands to install the MinIO Operator and Plugin using the Kubernetes ``krew`` plugin manager:
-
-```sh
-kubectl krew update
-kubectl krew install minio
-```
-
-See the ``krew`` [installation documentation](https://krew.sigs.k8s.io/docs/user-guide/setup/install/) for instructions
-on installing ``krew``.
+### 1) Install the MinIO Operator via Kustomization
 
-Run the following command to verify installation of the plugin:
+The standard `kubectl` tool ships with support
+for [kustomize](https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/) out of the box, so you can
+use that to install MiniO Operator.
 
 ```sh
-kubectl minio version
-```
-
-As an alternative to `krew`, you can download the `kubectl-minio` plugin from
-the [Operator Releases Page](https://github.com/minio/operator/releases). Download the `kubectl-minio` package
-appropriate for your operating system and extract the contents as `kubectl-minio`. Set the `kubectl-minio` binary to be
-executable (e.g. `chmod +x`) and place it in your system `PATH`.
-
-For example, the following code downloads the latest stable version of the MinIO Kubernetes Plugin and installs it to
-the system ``$PATH``. The example assumes a Linux operating system:
-
-```sh
-wget -qO- https://github.com/minio/operator/releases/latest/download/kubectl-minio_linux_amd64_v1.zip | sudo bsdtar -xvf- -C /usr/local/bin
-sudo chmod +x /usr/local/bin/kubectl-minio
-```
-
-Run the following command to verify installation of the plugin:
-
-```sh
-kubectl minio version
-```
-
-Run the following command to initialize the Operator:
-
-```sh
-kubectl minio init
+kubectl kustomize github.com/minio/operator\?ref=v5.0.14
 ```
 
 Run the following command to verify the status of the Operator:
@@ -227,24 +187,46 @@ interface for creating and managing MinIO Tenants.
 
 The `minio-operator-*` pod runs the MinIO Operator itself.
 
-### 2) Access the Operator Console
+### 2) Access the Operator Console via NodePort
 
-Run the following command to create a local proxy to the MinIO Operator
-Console:
+Get the token:
 
 ```sh
-kubectl minio proxy -n minio-operator
+kubectl apply -f - <<EOF
+apiVersion: v1
+kind: Secret
+metadata:
+  name: console-sa-secret
+  namespace: minio-operator
+  annotations:
+    kubernetes.io/service-account.name: console-sa
+type: kubernetes.io/service-account-token
+EOF
+SA_TOKEN=$(kubectl -n minio-operator  get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode)
+echo $SA_TOKEN
 ```
 
-The output resembles the following:
-
-```sh
-kubectl minio proxy
-Starting port forward of the Console UI.
+Change the console service to use NodePort:
 
-To connect open a browser and go to http://localhost:9090
-
-Current JWT to login: TOKENSTRING
+```yaml
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 9090
+      targetPort: 9090
+      nodePort: 30080 <--------------- Using this port in the node
+    - name: https
+      protocol: TCP
+      port: 9443
+      targetPort: 9443
+      nodePort: 30869
+  selector:
+    app: console
+  clusterIP: 10.96.69.150
+  clusterIPs:
+    - 10.96.69.150
+  type: NodePort <-------------------- Using NodePort
 ```
 
 Open your browser to the provided address and use the JWT token to log in

api/admin_client_mock.go

@@ -21,7 +21,7 @@ import (
 	"io"
 	"time"
 
-	"github.com/minio/madmin-go/v2"
+	"github.com/minio/madmin-go/v3"
 	iampolicy "github.com/minio/pkg/iam/policy"
 )
 

api/admin_info.go

@@ -42,24 +42,9 @@ func GetAdminInfo(ctx context.Context, client MinioAdmin) (*UsageInfo, error) {
 	// we are trimming uint64 to int64 this will report an incorrect measurement for numbers greater than
 	// 9,223,372,036,854,775,807
 
-	var backendType string
-	var rrSCParity float64
-	var standardSCParity float64
-
-	if v, success := serverInfo.Backend.(map[string]interface{}); success {
-		bt, ok := v["backendType"]
-		if ok {
-			backendType = bt.(string)
-		}
-		rp, ok := v["rrSCParity"]
-		if ok {
-			rrSCParity = rp.(float64)
-		}
-		sp, ok := v["standardSCParity"]
-		if ok {
-			standardSCParity = sp.(float64)
-		}
-	}
+	backendType := string(serverInfo.Backend.Type)
+	rrSCParity := serverInfo.Backend.RRSCParity
+	standardSCParity := serverInfo.Backend.StandardSCParity
 
 	var usedSpace int64
 	// serverArray contains the serverProperties which describe the servers in the network

api/client-admin.go

@@ -26,7 +26,7 @@ import (
 	"net/url"
 	"time"
 
-	"github.com/minio/madmin-go/v2"
+	"github.com/minio/madmin-go/v3"
 	mcCmd "github.com/minio/mc/cmd"
 	"github.com/minio/mc/pkg/probe"
 	"github.com/minio/operator/pkg"
@@ -397,7 +397,7 @@ func (ac AdminClient) addRemoteBucket(ctx context.Context, bucket string, target
 
 // serverHealthInfo implements mc.ServerHealthInfo - Connect to a minio server and call Health Info Management API
 func (ac AdminClient) serverHealthInfo(ctx context.Context, healthDataTypes []madmin.HealthDataType, deadline time.Duration) (interface{}, string, error) {
-	resp, version, err := ac.Client.ServerHealthInfo(ctx, healthDataTypes, deadline)
+	resp, version, err := ac.Client.ServerHealthInfo(ctx, healthDataTypes, deadline, "")
 	if err != nil {
 		return nil, version, err
 	}
@@ -506,7 +506,7 @@ func (ac AdminClient) getSiteReplicationInfo(ctx context.Context) (*madmin.SiteR
 }
 
 func (ac AdminClient) addSiteReplicationInfo(ctx context.Context, sites []madmin.PeerSite) (*madmin.ReplicateAddStatus, error) {
-	res, err := ac.Client.SiteReplicationAdd(ctx, sites)
+	res, err := ac.Client.SiteReplicationAdd(ctx, sites, madmin.SRAddOptions{})
 	if err != nil {
 		return nil, err
 	}
@@ -520,7 +520,7 @@ func (ac AdminClient) addSiteReplicationInfo(ctx context.Context, sites []madmin
 }
 
 func (ac AdminClient) editSiteReplicationInfo(ctx context.Context, site madmin.PeerInfo) (*madmin.ReplicateEditStatus, error) {
-	res, err := ac.Client.SiteReplicationEdit(ctx, site)
+	res, err := ac.Client.SiteReplicationEdit(ctx, site, madmin.SREditOptions{})
 	if err != nil {
 		return nil, err
 	}

api/configure_operator.go

@@ -181,10 +181,8 @@ func setupGlobalMiddleware(handler http.Handler) http.Handler {
 		BrowserXssFilter:                GetSecureBrowserXSSFilter(),
 		ContentSecurityPolicy:           GetSecureContentSecurityPolicy(),
 		ContentSecurityPolicyReportOnly: GetSecureContentSecurityPolicyReportOnly(),
-		PublicKey:                       GetSecurePublicKey(),
 		ReferrerPolicy:                  GetSecureReferrerPolicy(),
 		FeaturePolicy:                   GetSecureFeaturePolicy(),
-		ExpectCTHeader:                  GetSecureExpectCTHeader(),
 		IsDevelopment:                   false,
 	}
 	secureMiddleware := secure.New(secureOptions)