From 101ad648dd18096a3793c1c4b1ab967f65cf7eb1 Mon Sep 17 00:00:00 2001 From: Daryl White <53910321+djwfyi@users.noreply.github.com> Date: Fri, 28 Apr 2023 16:39:41 -0500 Subject: [PATCH] Doc updates related to Operator v5.0.0 (#837) Updates docs for most changes through v5.0.4. Does not have changes related to sidecar containers. Partially addresses #791 Staged: http://192.241.195.202:9000/staging/operator-5.0.0/index.html --- .../deploy-minio-tenant.rst | 6 +- .../minio-operator-console.rst | 24 +- .../upgrade-minio-operator.rst | 513 ++++++++++++------ source/reference/kubectl-minio-plugin.rst | 65 +++ .../kubectl-minio-proxy.rst | 15 +- 5 files changed, 429 insertions(+), 194 deletions(-) diff --git a/source/operations/install-deploy-manage/deploy-minio-tenant.rst b/source/operations/install-deploy-manage/deploy-minio-tenant.rst index adf421b4..e4d874c2 100644 --- a/source/operations/install-deploy-manage/deploy-minio-tenant.rst +++ b/source/operations/install-deploy-manage/deploy-minio-tenant.rst @@ -567,7 +567,7 @@ The :guilabel:`Security` section displays TLS certificate settings for the MinIO .. _create-tenant-encryption-section: -1) The :guilabel:`Encryption` Section +8) The :guilabel:`Encryption` Section ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The :guilabel:`Encryption` section displays the :ref:`Server-Side Encryption (SSE) ` settings for the MinIO Tenant. @@ -607,7 +607,7 @@ Enabling SSE also creates :minio-git:`MinIO Key Encryption Service ` pods i :start-after: start-deprecate-audit-logs :end-before: end-deprecate-audit-logs -.. versionchanged:: Console 0.23.1 +.. versionchanged:: Console 0.23.1 and Operator 5.0.0 New tenants have Audit Logs :guilabel:`Disabled` by default. @@ -648,7 +648,7 @@ Enabling SSE also creates :minio-git:`MinIO Key Encryption Service ` pods i :start-after: start-deprecate-prometheus :end-before: end-deprecate-prometheus -.. versionchanged:: Console 0.23.1 +.. versionchanged:: Console 0.23.1 and Operator 5.0.0 New tenants have monitoring :guilabel:`Disabled` by default. diff --git a/source/operations/install-deploy-manage/minio-operator-console.rst b/source/operations/install-deploy-manage/minio-operator-console.rst index 74edc334..e8ca65ee 100644 --- a/source/operations/install-deploy-manage/minio-operator-console.rst +++ b/source/operations/install-deploy-manage/minio-operator-console.rst @@ -33,8 +33,7 @@ Connect to the Operator Console Tenant Management ----------------- -The MinIO Operator Console supports deploying, managing, and monitoring -MinIO Tenants on the Kubernetes cluster. +The MinIO Operator Console supports deploying, managing, and monitoring MinIO Tenants on the Kubernetes cluster. .. image:: /images/k8s/operator-dashboard.png :align: center @@ -42,22 +41,27 @@ MinIO Tenants on the Kubernetes cluster. :class: no-scaled-link :alt: MinIO Operator Console -You can :ref:`deploy a MinIO Tenant ` through the -Operator Console. +You can :ref:`deploy a MinIO Tenant ` through the Operator Console. -The Operator Console automatically detects any MinIO Tenants -deployed on the cluster, whether provisioned through the Operator Console -or through the :ref:`MinIO Kubernetes Plugin `. +The Operator Console automatically detects MinIO Tenants deployed on the cluster when provisioned through the Operator Console, the :ref:`MinIO Kubernetes Plugin `, Helm, or Kustomize. Select a listed tenant to open an in-browser view of that tenant's MinIO Console. You can use this view to directly manage, modify, expand, upgrade, and delete the tenant through the Operator UI. +.. versionadded:: Operator 5.0.0 + + You can download a Log Report for a tenant from the Pods summary screen. + + The report downloads as ``-report.zip``. + The ZIP archive contains status, events, and log information for each pool on the deployment. + The archive also includes a summary yaml file describing the deployment. + + |subnet| users can upload this file for analysis by MinIO Engineers. + Tenant Registration ------------------- -.. versionchanged:: 0.19.5 - - You can register your MinIO tenants with your |SUBNET| account using the Operator Console. +|subnet| users relying on the commercial license should register your MinIO tenants to your SUBNET account, which can be done through the Operator Console. .. image:: /images/k8s/operator-console-register.png :align: center diff --git a/source/operations/install-deploy-manage/upgrade-minio-operator.rst b/source/operations/install-deploy-manage/upgrade-minio-operator.rst index b58a9b50..7af441f0 100644 --- a/source/operations/install-deploy-manage/upgrade-minio-operator.rst +++ b/source/operations/install-deploy-manage/upgrade-minio-operator.rst @@ -25,8 +25,11 @@ The following table lists the upgrade paths from previous versions of the MinIO * - Current Version - Supported Upgrade Target - * - 4.2.3 and Later - - |operator-version-stable| + * - 4.5.8 or later + - |operator-version-stable| + + * - 4.2.3 to 4.5.7 + - 4.5.8 * - 4.0.0 through 4.2.2 - 4.2.3 @@ -36,7 +39,7 @@ The following table lists the upgrade paths from previous versions of the MinIO .. _minio-k8s-upgrade-minio-operator-procedure: -Upgrade MinIO Operator 4.2.3 and Later to |operator-version-stable| +Upgrade MinIO Operator 4.5.8 and Later to |operator-version-stable| ------------------------------------------------------------------- .. admonition:: Prerequisites @@ -44,282 +47,432 @@ Upgrade MinIO Operator 4.2.3 and Later to |operator-version-stable| This procedure requires the following: - - You have an existing MinIO Operator deployment running 4.2.3 or later + - You have an existing MinIO Operator deployment running 4.5.8 or later - Your Kubernetes cluster runs 1.19.0 or later - Your local host has ``kubectl`` installed and configured with access to the Kubernetes cluster +This procedure upgrades the MinIO Operator from any 4.5.8 or later release to |operator-version-stable|. + +Tenant Custom Resource Definition Changes +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +The following changes apply for Operator v5.0.0 or later: + +- The ``.spec.s3`` field is replaced by the ``.spec.features`` field. +- The ``.spec.credsSecret`` field is replaced by the ``.spec.configuration`` field. + + The ``.spec.credsSecret`` should hold all the environment variables for the MinIO deployment that contain sensitive information and should not show in ``.spec.env``. + This change impacts the Tenant :abbr:`CRD ` and only impacts users editing a tenant YAML directly, such as through Helm or Kustomize. +- Both the **Log Search API** (``.spec.log``) and **Prometheus** (``.spec.prometheus``) deployments have been removed. + However, existing deployments are left running as standalone deployments / statefulsets with no connection to the Tenant CR. + If the Tenant CRD is deleted, this does not cascade to the log or Prometheus deployments. + + .. important:: + + MinIO recommends that you create a yaml file to manage these deployments going forward. + +Log Search and Prometheus +~~~~~~~~~~~~~~~~~~~~~~~~~ + +The latest releases of Operator remove Log Search and Prometheus from included Operator tools. +The following steps back up the existing yaml files, perform some clean up, and provide steps to continue using either or both of these functions. + +1. Back up Prometheus and Log Search yaml files. + + .. code-block:: shell + :class: copyable + + export TENANT_NAME=myminio + export NAMESPACE=mynamespace + kubectl -n $NAMESPACE get secret $TENANT_NAME-log-secret -o yaml > $TENANT_NAME-log-secret.yaml + kubectl -n $NAMESPACE get cm $TENANT_NAME-prometheus-config-map -o yaml > $TENANT_NAME-prometheus-config-map.yaml + kubectl -n $NAMESPACE get sts $TENANT_NAME-prometheus -o yaml > $TENANT_NAME-prometheus.yaml + kubectl -n $NAMESPACE get sts $TENANT_NAME-log -o yaml > $TENANT_NAME-log.yaml + kubectl -n $NAMESPACE get deployment $TENANT_NAME-log-search-api -o yaml > $TENANT_NAME-log-search-api.yaml + kubectl -n $NAMESPACE get svc $TENANT_NAME-log-hl-svc -o yaml > $TENANT_NAME-log-hl-svc.yaml + kubectl -n $NAMESPACE get svc $TENANT_NAME-log-search-api -o yaml > $TENANT_NAME-log-search-api.yaml + kubectl -n $NAMESPACE get svc $TENANT_NAME-prometheus-hl-svc -o yaml > $TENANT_NAME-prometheus-hl-svc.yaml + + - Replace ``myminio`` with the name of the tenant on the operator deployment you are upgrading. + - Replace ``mynamespace`` with the namespace for the tenant on the operator deployment you are upgrading. + + Repeat for each tenant. + +2. Remove ``.metadata.ownerReferences`` for all backed up files for all tenants. + +3. *(Optional)* To continue using Log Search API and Prometheus, add the following variables to the tenant's yaml specification file under ``.spec.env`` + + Use the following command to edit a tenant: + + .. code-block:: shell + :class: copyable + + kubectl edit tenants -n + + - Replace ```` with the name of the tenant to modify. + - Replace ```` with the namespace of the tenant you are modifying. + + Add the following values under ``.spec.env`` in the file: + + .. code-block:: yaml + :class: copyable + + - name: MINIO_LOG_QUERY_AUTH_TOKEN + valueFrom: + secretKeyRef: + key: MINIO_LOG_QUERY_AUTH_TOKEN + name: -log-secret + - name: MINIO_LOG_QUERY_URL + value: http://-log-search-api:8080 + - name: MINIO_PROMETHEUS_JOB_ID + value: minio-job + - name: MINIO_PROMETHEUS_URL + value: http://-prometheus-hl-svc:9090 + + - Replace ```` in the ``name`` or ``value`` lines with the name of your tenant. + +Upgrade Operator to |operator-version-stable| +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +1. *(Optional)* Update each MinIO Tenant to the latest stable MinIO Version. + + Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. + Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. + See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. + +2. Verify the existing Operator installation. + Use ``kubectl get all -n minio-operator`` to verify the health and status of all Operator pods and services. + + If you installed the Operator to a custom namespace, specify that namespace as ``-n ``. + + You can verify the currently installed Operator version by retrieving the object specification for an operator pod in the namespace. + The following example uses the ``jq`` tool to filter the necessary information from ``kubectl``: + + .. code-block:: shell + :class: copyable + + kubectl get pod -l 'name=minio-operator' -n minio-operator -o json | jq '.items[0].spec.containers' + + The output resembles the following: + + .. code-block:: json + :emphasize-lines: 8-10 + + { + "env": [ + { + "name": "CLUSTER_DOMAIN", + "value": "cluster.local" + } + ], + "image": "minio/operator:v4.5.8", + "imagePullPolicy": "IfNotPresent", + "name": "minio-operator" + } + +3. Download the Latest Stable Version of the MinIO Kubernetes Plugin + + .. include:: /includes/k8s/install-minio-kubectl-plugin.rst + +4. Run the initialization command to upgrade the Operator + + Use the :mc-cmd:`kubectl minio init` command to upgrade the existing MinIO Operator installation + + .. code-block:: shell + :class: copyable + + kubectl minio init + +5. Validate the Operator upgrade + + You can check the Operator version by reviewing the object specification for an Operator Pod using a previous step. + .. include:: /includes/common/common-k8s-connect-operator-console.rst + +Upgrade MinIO Operator 4.2.3 through 4.5.7 to 4.5.8 +--------------------------------------------------- + +Prerequisites +~~~~~~~~~~~~~ + +This procedure requires the following: + +- You have an existing MinIO Operator deployment running 4.2.3 through 4.5.7 +- Your Kubernetes cluster runs 1.19.0 or later +- Your local host has ``kubectl`` installed and configured with access to the Kubernetes cluster + +Procedure +~~~~~~~~~ + This procedure upgrades the MinIO Operator from any 4.2.3 or later release to |operator-version-stable|. -.. container:: procedure +1. *(Optional)* Update each MinIO Tenant to the latest stable MinIO Version. - 1. *(Optional)* Update each MinIO Tenant to the latest stable MinIO Version. + Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. - Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. + Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. - Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. + See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. - See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. +#. Verify the existing Operator installation. - #. Verify the existing Operator installation. + Use ``kubectl get all -n minio-operator`` to verify the health and status of all Operator pods and services. + + If you installed the Operator to a custom namespace, specify that namespace as ``-n ``. - Use ``kubectl get all -n minio-operator`` to verify the health and status of all Operator pods and services. - - If you installed the Operator to a custom namespace, specify that namespace as ``-n ``. + You can verify the currently installed Operator version by retrieving the object specification for an operator pod in the namespace. + The following example uses the ``jq`` tool to filter the necessary information from ``kubectl``: - You can verify the currently installed Operator version by retrieving the object specification for an operator pod in the namespace. - The following example uses the ``jq`` tool to filter the necessary information from ``kubectl``: + .. code-block:: shell + :class: copyable - .. code-block:: shell - :class: copyable + kubectl get pod -l 'name=minio-operator' -n minio-operator -o json | jq '.items[0].spec.containers' - kubectl get pod -l 'name=minio-operator' -n minio-operator -o json | jq '.items[0].spec.containers' + The output resembles the following: - The output resembles the following: + .. code-block:: json + :emphasize-lines: 8-10 - .. code-block:: json - :emphasize-lines: 8-10 + { + "env": [ + { + "name": "CLUSTER_DOMAIN", + "value": "cluster.local" + } + ], + "image": "minio/operator:v4.5.1", + "imagePullPolicy": "IfNotPresent", + "name": "minio-operator" + } - { - "env": [ - { - "name": "CLUSTER_DOMAIN", - "value": "cluster.local" - } - ], - "image": "minio/operator:v4.5.1", - "imagePullPolicy": "IfNotPresent", - "name": "minio-operator" - } +#. Download the Latest Stable Version of the MinIO Kubernetes Plugin - #. Download the Latest Stable Version of the MinIO Kubernetes Plugin + .. include:: /includes/k8s/install-minio-kubectl-plugin.rst - .. include:: /includes/k8s/install-minio-kubectl-plugin.rst +#. Run the initialization command to upgrade the Operator - #. Run the initialization command to upgrade the Operator + Use the :mc-cmd:`kubectl minio init` command to upgrade the existing MinIO Operator installation - Use the :mc-cmd:`kubectl minio init` command to upgrade the existing MinIO Operator installation + .. code-block:: shell + :class: copyable - .. code-block:: shell - :class: copyable + kubectl minio init - kubectl minio init +#. Validate the Operator upgrade - #. Validate the Operator upgrade + You can check the Operator version by reviewing the object specification for an Operator Pod using a previous step. - You can check the Operator version by reviewing the object specification for an Operator Pod using a previous step. - - .. include:: /includes/common/common-k8s-connect-operator-console.rst + .. include:: /includes/common/common-k8s-connect-operator-console.rst .. _minio-k8s-upgrade-minio-operator-4.2.2-procedure: Upgrade MinIO Operator 4.0.0 through 4.2.2 to 4.2.3 --------------------------------------------------- -.. admonition:: Prerequisites - :class: note +Prerequisites +~~~~~~~~~~~~~ - This procedure assumes that: +This procedure assumes that: - - You have an existing MinIO Operator deployment running any release from 4.0.0 through 4.2.2 - - Your Kubernetes cluster runs 1.19.0 or later - - Your local host has ``kubectl`` installed and configured with access to the Kubernetes cluster +- You have an existing MinIO Operator deployment running any release from 4.0.0 through 4.2.2 +- Your Kubernetes cluster runs 1.19.0 or later +- Your local host has ``kubectl`` installed and configured with access to the Kubernetes cluster + +Procedure +~~~~~~~~~ This procedure covers the necessary steps to upgrade a MinIO Operator deployment running any release from 4.0.0 through 4.2.2 to 4.2.3. You can then perform :ref:`minio-k8s-upgrade-minio-operator-procedure` to complete the upgrade to |operator-version-stable|. There is no direct upgrade path for 4.0.0 - 4.2.2 installations to |operator-version-stable|. -.. container:: procedure +1. *(Optional)* Update each MinIO Tenant to the latest stable MinIO Version. - 1. *(Optional)* Update each MinIO Tenant to the latest stable MinIO Version. + Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. + Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. - Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. + See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. - Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. +#. Check the Security Context for each Tenant Pool - See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. + Use the following command to validate the specification for each managed MinIO Tenant: - #. Check the Security Context for each Tenant Pool + .. code-block:: shell + :class: copyable - Use the following command to validate the specification for each managed MinIO Tenant: + kubectl get tenants -n -o yaml + + If the ``spec.pools.securityContext`` field does not exist for a Tenant, the tenant pods likely run as root. + + As part of the 4.2.3 and later series, pods run with a limited permission set enforced as part of the Operator upgrade. + However, Tenants running pods as root may fail to start due to the security context mismatch. + You can set an explicit Security Context that allows pods to run as root for those Tenants: - .. code-block:: shell - :class: copyable + .. code-block:: yaml + :class: copyable - kubectl get tenants -n -o yaml - - If the ``spec.pools.securityContext`` field does not exist for a Tenant, the tenant pods likely run as root. - - As part of the 4.2.3 and later series, pods run with a limited permission set enforced as part of the Operator upgrade. - However, Tenants running pods as root may fail to start due to the security context mismatch. - You can set an explicit Security Context that allows pods to run as root for those Tenants: + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + fsGroup: 0 - .. code-block:: shell - :class: copyable + You can use the following command to edit the tenant and apply the changes: - securityContext: - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - fsGroup: 0 + .. code-block:: shell - You can use the following command to edit the tenant and apply the changes: + kubectl edit tenants -n + # Modify the securityContext as needed - .. code-block:: shell + See :kube-docs:`Pod Security Standards ` for more information on Kubernetes Security Contexts. - kubectl edit tenants -n - # Modify the securityContext as needed +#. Upgrade to Operator 4.2.3 - See :kube-docs:`Pod Security Standards ` for more information on Kubernetes Security Contexts. + Download the MinIO Kubernetes Plugin 4.2.3 and use it to upgrade the Operator. + Open https://github.com/minio/operator/releases/tag/v4.2.3 in a browser and download the binary that corresponds to your local host OS. - #. Upgrade to Operator 4.2.3 + For example, Linux hosts running an Intel or AMD processor can run the following commands: - Download the MinIO Kubernetes Plugin 4.2.3 and use it to upgrade the Operator. - Open https://github.com/minio/operator/releases/tag/v4.2.3 in a browser and download the binary that corresponds to your local host OS. - For example, Linux hosts running an Intel or AMD processor can run the following commands: + .. code-block:: shell + :class: copyable - .. code-block:: shell - :class: copyable + wget https://github.com/minio/operator/releases/download/v4.2.3/kubectl-minio_4.2.3_linux_amd64 -o kubectl-minio_4.2.3 + chmod +x kubectl-minio_4.2.3 + ./kubectl-minio_4.2.3 init - wget https://github.com/minio/operator/releases/download/v4.2.3/kubectl-minio_4.2.3_linux_amd64 -o kubectl-minio_4.2.3 - chmod +x kubectl-minio_4.2.3 +#. Validate all Tenants and Operator pods - ./kubectl-minio_4.2.3 init + Check the Operator and MinIO Tenant namespaces to ensure all pods and services started successfully. - #. Validate all Tenants and Operator pods + For example: - Check the Operator and MinIO Tenant namespaces to ensure all pods and services started successfully. + .. code-block:: shell + :class: copyable - For example: + kubectl get all -n minio-operator + kubectl get pods -l "v1.min.io/tenant" --all-namespaces - .. code-block:: shell - :class: copyable +#. Upgrade to |operator-version-stable| - kubectl get all -n minio-operator - - kubectl get pods -l "v1.min.io/tenant" --all-namespaces - - #. Upgrade to |operator-version-stable| - - Follow the :ref:`minio-k8s-upgrade-minio-operator-procedure` procedure to upgrade to the latest stable Operator version. + Follow the :ref:`minio-k8s-upgrade-minio-operator-procedure` procedure to upgrade to the latest stable Operator version. Upgrade MinIO Operator 3.0.0 through 3.0.29 to 4.2.2 ---------------------------------------------------- -.. admonition:: Prerequisites - :class: note +Prerequisites +~~~~~~~~~~~~~ - This procedure assumes that: +This procedure assumes that: - - You have an existing MinIO Operator deployment running 3.X.X - - Your Kubernetes cluster runs 1.19.0 or later - - Your local host has ``kubectl`` installed and configured with access to the Kubernetes cluster +- You have an existing MinIO Operator deployment running 3.X.X +- Your Kubernetes cluster runs 1.19.0 or later +- Your local host has ``kubectl`` installed and configured with access to the Kubernetes cluster + +Procedure +~~~~~~~~~ This procedure covers the necessary steps to upgrade a MinIO Operator deployment running any release from 3.0.0 through 3.2.9 to 4.2.2. You can then perform :ref:`minio-k8s-upgrade-minio-operator-4.2.2-procedure`, followed by :ref:`minio-k8s-upgrade-minio-operator-procedure`. There is no direct upgrade path from a 3.X.X series installation to |operator-version-stable|. -.. container:: procedure +1. (Optional) Update each MinIO Tenant to the latest stable MinIO Version. - 1. (Optional) Update each MinIO Tenant to the latest stable MinIO Version. + Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. - Upgrading MinIO regularly ensures your Tenants have the latest features and performance improvements. + Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. - Test upgrades in a lower environment such as a Dev or QA Tenant, before applying to your production Tenants. + See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. - See :ref:`minio-k8s-upgrade-minio-tenant` for a procedure on upgrading MinIO Tenants. +#. Validate the Tenant ``tenant.spec.zones`` values - #. Validate the Tenant ``tenant.spec.zones`` values + Use the following command to validate the specification for each managed MinIO Tenant: - Use the following command to validate the specification for each managed MinIO Tenant: + .. code-block:: shell + :class: copyable - .. code-block:: shell - :class: copyable + kubectl get tenants -n -o yaml - kubectl get tenants -n -o yaml + - Ensure each ``tenant.spec.zones`` element has a ``name`` field set to the name for that zone. + Each zone must have a unique name for that Tenant, such as ``zone-0`` and ``zone-1`` for the first and second zones respectively. - - Ensure each ``tenant.spec.zones`` element has a ``name`` field set to the name for that zone. - Each zone must have a unique name for that Tenant, such as ``zone-0`` and ``zone-1`` for the first and second zones respectively. + - Ensure each ``tenant.spec.zones`` has an explicit ``securityContext`` describing the permission set with which pods run in the cluster. - - Ensure each ``tenant.spec.zones`` has an explicit ``securityContext`` describing the permission set with which pods run in the cluster. + The following example tenant YAML fragment sets the specified fields: - The following example tenant YAML fragment sets the specified fields: + .. code-block:: yaml + + image: "minio/minio:$(LATEST-VERSION)" + ... + zones: + - servers: 4 + name: "zone-0" + volumesPerServer: 4 + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Ti + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + fsGroup: 0 + - servers: 4 + name: "zone-1" + volumesPerServer: 4 + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Ti + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + fsGroup: 0 - .. code-block:: yaml + You can use the following command to edit the tenant and apply the changes: - image: "minio/minio:$(LATEST-VERSION)" - ... - zones: - - servers: 4 - name: "zone-0" - volumesPerServer: 4 - volumeClaimTemplate: - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Ti - securityContext: - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - fsGroup: 0 - - servers: 4 - name: "zone-1" - volumesPerServer: 4 - volumeClaimTemplate: - metadata: - name: data - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Ti - securityContext: - runAsUser: 0 - runAsGroup: 0 - runAsNonRoot: false - fsGroup: 0 + .. code-block:: shell - You can use the following command to edit the tenant and apply the changes: + kubectl edit tenants -n - .. code-block:: shell +#. Upgrade to Operator 4.2.2 - kubectl edit tenants -n + Download the MinIO Kubernetes Plugin 4.2.2 and use it to upgrade the Operator. + Open https://github.com/minio/operator/releases/tag/v4.2.2 in a browser and download the binary that corresponds to your local host OS. + For example, Linux hosts running an Intel or AMD processor can run the following commands: - #. Upgrade to Operator 4.2.2 + .. code-block:: shell + :class: copyable - Download the MinIO Kubernetes Plugin 4.2.2 and use it to upgrade the Operator. - Open https://github.com/minio/operator/releases/tag/v4.2.2 in a browser and download the binary that corresponds to your local host OS. - For example, Linux hosts running an Intel or AMD processor can run the following commands: + wget https://github.com/minio/operator/releases/download/v4.2.3/kubectl-minio_4.2.2_linux_amd64 -o kubectl-minio_4.2.2 + chmod +x kubectl-minio_4.2.2 - .. code-block:: shell - :class: copyable + ./kubectl-minio_4.2.2 init - wget https://github.com/minio/operator/releases/download/v4.2.3/kubectl-minio_4.2.2_linux_amd64 -o kubectl-minio_4.2.2 - chmod +x kubectl-minio_4.2.2 +#. Validate all Tenants and Operator pods - ./kubectl-minio_4.2.2 init + Check the Operator and MinIO Tenant namespaces to ensure all pods and services started successfully. - #. Validate all Tenants and Operator pods + For example: - Check the Operator and MinIO Tenant namespaces to ensure all pods and services started successfully. + .. code-block:: shell + :class: copyable - For example: + kubectl get all -n minio-operator - .. code-block:: shell - :class: copyable + kubectl get pods -l "v1.min.io/tenant" --all-namespaces - kubectl get all -n minio-operator +#. Upgrade to 4.2.3 - kubectl get pods -l "v1.min.io/tenant" --all-namespaces - - #. Upgrade to 4.2.3 - - Follow the :ref:`minio-k8s-upgrade-minio-operator-4.2.2-procedure` procedure to upgrade to Operator 4.2.3. - You can then upgrade to |operator-version-stable|. + Follow the :ref:`minio-k8s-upgrade-minio-operator-4.2.2-procedure` procedure to upgrade to Operator 4.2.3. + You can then upgrade to |operator-version-stable|. diff --git a/source/reference/kubectl-minio-plugin.rst b/source/reference/kubectl-minio-plugin.rst index c48bd128..b3c7e1af 100644 --- a/source/reference/kubectl-minio-plugin.rst +++ b/source/reference/kubectl-minio-plugin.rst @@ -89,6 +89,71 @@ Subcommands - :mc:`~kubectl minio delete` - :mc:`~kubectl minio version` +Environment Variables +--------------------- + +The :ref:`MinIO Operator ` uses the following environment variables during startup to set configuration settings. +Configure these variables on the machine running the kubectl plugin. + +.. envvar:: MINIO_OPERATOR_CERTIFICATES_VERSION + + Specifies the certificate API version to use. + + Valid values are ``v1`` or ``v1beta1``. + + When not specified, the default is the API Kubernetes provides. + +.. envvar:: MINIO_OPERATOR_RUNTIME + + Specify the type of runtime to use. + + Valid values are ``EKS``, ``Rancher``, or ``OpenShift``. + Leave blank if none of the options apply. + + When set as ``EKS``, the :envvar:`MINIO_OPERATOR_CSR_SIGNER_NAME` must be ``beta.eks.amazonaws.com/app-serving``. + +.. envvar:: MINIO_OPERATOR_CSR_SIGNER_NAME + + Override the default signer for certificate signing requests (CSRs). + + When not specified, the default value is ``kubernetes.io/kubelet-serving``. + +.. envvar:: OPERATOR_CERT_PASSWD + + *Optional* + + The password Operator should use to decrypt the private key in the TLS certificate for Operator. + +.. envvar:: MINIO_OPERATOR_DEPLOYMENT_NAME + + Specifies the namespace to create and use for Operator + + When not specified, the default value is ``minio-operator``. + +.. envvar:: OPERATOR_STS_ENABLED + + Toggle STS Service ``on`` or ``off``. + + When not specified, the default value is ``off``. + +.. envvar:: MINIO_CONSOLE_DEPLOYMENT_NAME + + The name to use for the Operator Console. + + When not specified, the default value is ``operator``. + +.. envvar:: OPERATOR_CONSOLE_TLS_ENABLE + + Toggle Console TLS service ``on`` or ``off``. + + When not specified, the default value is ``off``. + +.. envvar:: WATCHED_NAMESPACE + + A comma-separated list of the namespace(s) Operator should watch for tenants. + + When not specified, the default value is ``""`` to watch all namespaces. + .. toctree:: :titlesonly: :hidden: diff --git a/source/reference/kubectl-minio-plugin/kubectl-minio-proxy.rst b/source/reference/kubectl-minio-plugin/kubectl-minio-proxy.rst index d5bd6d1d..28cef8d2 100644 --- a/source/reference/kubectl-minio-plugin/kubectl-minio-proxy.rst +++ b/source/reference/kubectl-minio-plugin/kubectl-minio-proxy.rst @@ -29,6 +29,12 @@ This command is an alternative to configuring `Ingress