minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-30 07:03:26 +03:00
Code Activity

Catchup to 6.0.3 release

Browse Source
This commit is contained in:
Ravind Kumar
2024-09-09 13:19:58 -04:00
parent d87eb665c9
commit 2285c68f1e
3 changed files with 655 additions and 496 deletions
Download Patch File Download Diff File Expand all files Collapse all files

815
source/includes/k8s/ext-tenant-crd.md
View File

File diff suppressed because it is too large Load Diff

209
source/includes/k8s/operator-values.yaml
View File

@ -4,7 +4,7 @@ operator:
###
# An array of environment variables to pass to the Operator deployment.
# Pass an empty array to start Operator with defaults.
#
#
# For example:
#
# .. code-block:: yaml
@ -14,34 +14,36 @@ operator:
# valueFrom:
# fieldRef:
# fieldPath: metadata.labels['app.kubernetes.io/name']
# - name: MINIO_CONSOLE_TLS_ENABLE
# value: "off"
# - name: CLUSTER_DOMAIN
# value: "cluster.domain"
# - name: WATCHED_NAMESPACE
# value: ""
# - name: MINIO_OPERATOR_RUNTIME
# value: "OpenShift"
# value: "OpenShift"
#
# See `Operator environment variables <https://github.com/minio/operator/blob/master/docs/env-variables.md>`__ for a list of all supported values.
env:
- name: OPERATOR_STS_ENABLED
value: "on"
# An array of additional annotations to be applied to the operator service account
serviceAccountAnnotations: []
# additional labels to be applied to operator resources
additionalLabels: {}
###
# Specify the Operator container image to use for the deployment.
# ``image.tag``
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag.
# ``image.tag``
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.3 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
#
# image:
# repository: quay.io/minio/operator
# tag: v5.0.11
# tag: v6.0.3
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
#
#
# .. code-block:: yaml
#
# image:
@ -51,9 +53,33 @@ operator:
#
image:
repository: quay.io/minio/operator
tag: v5.0.11
tag: v6.0.3
pullPolicy: IfNotPresent
###
# Specify the sidecar container image to deploy on tenant pods for init container and sidecar.
# Only need to change this if want to use a different version that the default, or want to set a custom registry.
# ``sidecarImage.tag``
# For example, the following sets the image to the ``quay.io/minio/operator-sidecar`` repo and the v6.0.3 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
# sidecarImage:
# repository: quay.io/minio/operator-sidecar
# tag: v6.0.3
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
#
# .. code-block:: yaml
#
# sidecarImage:
# repository: quay.io/minio/operator-sidecar@sha256
# digest: a11947a230b80fb1b0bffa97173147a505d4f1207958f722e348d11ab9e972c1
# pullPolicy: IfNotPresent
#
sidecarImage: {}
###
#
# An array of Kubernetes secrets to use for pulling images from a private ``image.repository``.
# Only one array element is supported at this time.
@ -90,6 +116,12 @@ operator:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
###
# An array of `Volumes <https://kubernetes.io/docs/concepts/storage/volumes/>`__ which the Operator can mount to pods.
#
@ -97,7 +129,7 @@ operator:
volumes: [ ]
###
# An array of volume mount points associated to each Operator container.
#
#
# Specify each item in the array as follows:
#
# .. code-block:: yaml
@ -147,7 +179,7 @@ operator:
# These settings determine the distribution of pods across worker nodes.
topologySpreadConstraints: [ ]
###
#
#
# The `Requests or Limits <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>`__ for resources to associate to Operator pods.
#
# These settings can control the minimum and maximum resources requested for each pod.
@ -157,156 +189,3 @@ operator:
cpu: 200m
memory: 256Mi
ephemeral-storage: 500Mi
###
# Root key for Operator Console
console:
###
# Specify ``false`` to disable the Operator Console.
#
# If the Operator Console is disabled, all management of Operator Tenants must be done through the Kubernetes API.
enabled: true
###
# Specify the Operator Console container image to use for the deployment.
# ``image.tag``
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/operator
# tag: v5.0.11
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/operator@sha256
# digest: 28c80b379c75242c6fe793dfbf212f43c602140a0de5ebe3d9c2a3a7b9f9f983
# pullPolicy: IfNotPresent
#
# The specified values should match that of ``operator.image`` to ensure predictable operations.
image:
repository: quay.io/minio/operator
tag: v5.0.11
pullPolicy: IfNotPresent
###
# An array of environment variables to pass to the Operator Console deployment.
# Pass an empty array to start Operator Console with defaults.
env: [ ]
###
#
# An array of Kubernetes secrets to use for pulling images from a private ``image.repository``.
imagePullSecrets: [ ]
###
#
# The name of a custom `Container Runtime <https://kubernetes.io/docs/concepts/containers/runtime-class/>`__ to use for the Operator Console pods.
runtimeClassName: ~
###
# An array of `initContainers <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/>`__ to start up before the Operator Console pods.
# Exercise care as ``initContainer`` failures prevent Console pods from starting.
# Pass an empty array to start the Console normally.
initContainers: [ ]
###
# The number of Operator Console pods to deploy.
# Higher values increase availability in the event of worker node failures.
#
# The cluster must have sufficient number of available worker nodes to fulfill the request.
# Console pods deploy with pod anti-affinity by default, preventing Kubernetes from scheduling multiple pods onto a single Worker node.
replicaCount: 1
###
# Any `Node Selectors <https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/>`__ to apply to Operator Console pods.
#
# The Kubernetes scheduler uses these selectors to determine which worker nodes onto which it can deploy Console pods.
#
# If no worker nodes match the specified selectors, the Console deployment will fail.
nodeSelector: { }
###
#
# The `affinity <https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes-using-node-affinity/>`__ or anti-affinity settings to apply to Operator Console pods.
#
# These settings determine the distribution of pods across worker nodes and can help prevent or allow colocating pods onto the same worker nodes.
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- minio-operator
topologyKey: kubernetes.io/hostname
###
#
# An array of `Toleration labels <https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/>`__ to associate to Operator Console pods.
#
# These settings determine the distribution of pods across worker nodes.
tolerations: [ ]
###
#
# An array of `Topology Spread Constraints <https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/>`__ to associate to Operator Console pods.
#
# These settings determine the distribution of pods across worker nodes.
topologySpreadConstraints: [ ]
###
#
# The `Requests or Limits <https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/>`__ for resources to associate to Operator Console pods.
#
# These settings can control the minimum and maximum resources requested for each pod.
# If no worker nodes can meet the specified requests, the Console may fail to deploy.
resources:
requests:
cpu: 0.25
memory: 512Mi
###
# The Kubernetes `SecurityContext <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Operator Console resources.
#
# You may need to modify these values to meet your cluster's security and access settings.
securityContext:
runAsUser: 1000
runAsNonRoot: true
###
# The Kubernetes `SecurityContext <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/>`__ to use for deploying Operator Console containers.
# You may need to modify these values to meet your cluster's security and access settings.
containerSecurityContext:
runAsUser: 1000
runAsNonRoot: true
###
# Configures `Ingress <https://kubernetes.io/docs/concepts/services-networking/ingress/>`__ for the Operator Console.
#
# Set the keys to conform to the Ingress controller and configuration of your choice.
ingress:
enabled: false
ingressClassName: ""
labels: { }
annotations: { }
tls: [ ]
host: console.local
path: /
pathType: Prefix
###
# An array of `Volumes <https://kubernetes.io/docs/concepts/storage/volumes/>`__ which the Operator Console can mount to pods.
#
# The volumes must exist *and* be accessible to the Console pods.
volumes:
- name: tmp
emptyDir: {}
###
# An array of volume mount points associated to each Operator Console container.
#
# Specify each item in the array as follows:
#
# .. code-block:: yaml
#
# volumeMounts:
# - name: volumename
# mountPath: /path/to/mount
#
# The ``name`` field must correspond to an entry in the ``volumes`` array.
volumeMounts:
- name: tmp
readOnly: false
mountPath: /tmp/certs/CAs

127
source/includes/k8s/tenant-values.yaml
View File

@ -1,40 +1,3 @@
###
# Root key for dynamically creating a secret for use with configuring root MinIO User
# Specify the ``name`` and then a list of environment variables.
#
# .. important::
#
# Do not use this in production environments.
# This field is intended for use with rapid development or testing only.
#
# For example:
#
# .. code-block:: yaml
#
# name: myminio-env-configuration
# accessKey: minio
# secretKey: minio123
#
secrets:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
###
# The name of an existing Kubernetes secret to import to the MinIO Tenant
# The secret must contain a key ``config.env``.
# The values should be a series of export statements to set environment variables for the Tenant.
# For example:
#
# .. code-block:: shell
#
# stringData:
# config.env: | -
# export MINIO_ROOT_USER=ROOTUSERNAME
# export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
#
existingSecret:
name: myminio-env-configuration
###
# Root key for MinIO Tenant Chart
tenant:
###
@ -45,14 +8,14 @@ tenant:
###
# Specify the Operator container image to use for the deployment.
# ``image.tag``
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v5.0.11 tag.
# For example, the following sets the image to the ``quay.io/minio/operator`` repo and the v6.0.3 tag.
# The container pulls the image if not already present:
#
# .. code-block:: yaml
#
# image:
# repository: quay.io/minio/minio
# tag: RELEASE.2023-11-15T20-43-25Z
# tag: RELEASE.2024-08-17T01-24-54Z
# pullPolicy: IfNotPresent
#
# The chart also supports specifying an image based on digest value:
@ -67,7 +30,7 @@ tenant:
#
image:
repository: quay.io/minio/minio
tag: RELEASE.2023-11-15T20-43-25Z
tag: RELEASE.2024-08-17T01-24-54Z
pullPolicy: IfNotPresent
###
#
@ -85,6 +48,42 @@ tenant:
configuration:
name: myminio-env-configuration
###
# Root key for dynamically creating a secret for use with configuring root MinIO User
# Specify the ``name`` and then a list of environment variables.
#
# .. important::
#
# Do not use this in production environments.
# This field is intended for use with rapid development or testing only.
#
# For example:
#
# .. code-block:: yaml
#
# name: myminio-env-configuration
# accessKey: minio
# secretKey: minio123
#
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
###
# If this variable is set to true, then enable the usage of an existing Kubernetes secret to set environment variables for the Tenant.
# The existing Kubernetes secret name must be placed under .tenant.configuration.name e.g. existing-minio-env-configuration
# The secret must contain a key ``config.env``.
# The values should be a series of export statements to set environment variables for the Tenant.
# For example:
#
# .. code-block:: shell
#
# stringData:
# config.env: |-
# export MINIO_ROOT_USER=ROOTUSERNAME
# export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
#
# existingSecret: false
###
# Top level key for configuring MinIO Pool(s) in this Tenant.
#
# See `Operator CRD: Pools <https://min.io/docs/minio/kubernetes/upstream/reference/operator-crd.html#pool>`__ for more information on all subfields.
@ -109,7 +108,10 @@ tenant:
# If using Amazon Elastic Block Store (EBS) CSI driver
# Please make sure to set xfs for "csi.storage.k8s.io/fstype" parameter under StorageClass.parameters.
# Docs: https://github.com/kubernetes-sigs/aws-ebs-csi-driver/blob/master/docs/parameters.md
storageClassName: standard
# storageClassName: standard
###
# Specify `storageAnnotations <https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/>`__ to associate to PVCs.
storageAnnotations: { }
###
# Specify `annotations <https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/>`__ to associate to Tenant pods.
annotations: { }
@ -161,6 +163,12 @@ tenant:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
###
#
# An array of `Topology Spread Constraints <https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/>`__ to associate to Operator Console pods.
@ -220,6 +228,10 @@ tenant:
# Enable automatic Kubernetes based `certificate generation and signing <https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster>`__
requestAutoCert: true
###
# The minimum number of days to expiry before an alert for an expiring certificate is fired.
# In the below example, if a given certificate will expire in 7 days then expiration events will only be triggered 1 day before expiry
# certExpiryAlertThreshold: 1
###
# This field is used only when ``requestAutoCert: true``.
# Use this field to set CommonName for the auto-generated certificate.
# MinIO defaults to using the internal Kubernetes DNS name for the pod
@ -266,6 +278,9 @@ tenant:
# Refer
startup: { }
###
# The `Lifecycle hooks <https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/>`__ for container.
lifecycle: { }
###
# Directs the Operator to deploy the MinIO S3 API and Console services as LoadBalancer objects.
#
# If the Kubernetes cluster has a configured LoadBalancer, it can attempt to route traffic to those services automatically.
@ -332,20 +347,19 @@ tenant:
# # Image from tag (original behavior), for example:
# # image:
# # repository: quay.io/minio/kes
# # tag: 2023-11-10T10-44-28Z
# # tag: 2024-08-16T14-39-28Z
# # Image from digest (added after original behavior), for example:
# # image:
# # repository: quay.io/minio/kes@sha256
# # digest: fb15af611149892f357a8a99d1bcd8bf5dae713bd64c15e6eb27fbdb88fc208b
# image:
# repository: quay.io/minio/kes
# tag: 2023-11-10T10-44-28Z
# tag: 2024-08-16T14-39-28Z
# pullPolicy: IfNotPresent
# env: [ ]
# replicas: 2
# configuration: |-
# address: :7373
# root: _ # Effectively disabled since no root identity necessary.
# tls:
# key: /tmp/kes/server.key # Path to the TLS private key
# cert: /tmp/kes/server.crt # Path to the TLS certificate
@ -353,14 +367,8 @@ tenant:
# identities: []
# header:
# cert: X-Tls-Client-Cert
# policy:
# my-policy:
# paths:
# - /v1/key/create/*
# - /v1/key/generate/*
# - /v1/key/decrypt/*
# identities:
# - ${MINIO_KES_IDENTITY}
# admin:
# identity: ${MINIO_KES_IDENTITY}
# cache:
# expiry:
# any: 5m0s
@ -368,7 +376,7 @@ tenant:
# log:
# error: on
# audit: off
# keys:
# keystore:
# # KES configured with fs (File System mode) doesn't work in Kubernetes environments and is not recommended
# # use a real KMS
# # fs:
@ -419,6 +427,17 @@ tenant:
# runAsGroup: 1000
# runAsNonRoot: true
# fsGroup: 1000
# containerSecurityContext:
# runAsUser: 1000
# runAsGroup: 1000
# runAsNonRoot: true
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - ALL
# seccompProfile:
# type: RuntimeDefault
###
# Configures `Ingress <https://kubernetes.io/docs/concepts/services-networking/ingress/>`__ for the Tenant S3 API and Console.
#
@ -450,7 +469,7 @@ ingress:
# kind: Secret
# type: Opaque
# metadata:
# name: {{ dig "secrets" "existingSecret" "" (.Values | merge (dict)) }}
# name: {{ dig "tenant" "configSecret" "name" "" (.Values | merge (dict)) }}
# stringData:
# config.env: |-
# export MINIO_ROOT_USER='minio'