DOCS-1273: Operator 6.0.0 Deploy/Upgrade docs, removing Console references (#1284)

Addresses #1273 # Summary This pass does three things: 1. Updates all tutorials related to Operator/Tenant deployment for Kustomize and Helm 2. Removes references to Operator Console + updates to reference Kustomize/Helm wherever possible 3. Slightly tidies up old or dangling references This pass does not do these things: - Link out heavily to Kubernetes docs (for later) - Clean up organization (singleplat build handles this) - Addresses OpenShift, Rancher, etc. --------- Co-authored-by: Andrea Longo <feorlen@users.noreply.github.com> Co-authored-by: Allan Roger Reid <allanrogerreid@gmail.com> Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
2025-07-31 18:04:52 +03:00 · 2024-08-01 15:51:39 -04:00
parent 7722414e1b
commit 23253dd71c
20 changed files with 966 additions and 1383 deletions
--- a/source/includes/k8s/deploy-operator.rst
+++ b/source/includes/k8s/deploy-operator.rst
@ -31,16 +31,15 @@ While this documentation *may* provide guidance for configuring or deploying Kub
 MinIO Operator Components
 -------------------------

-The MinIO Operator exists in its own namespace.
-Within the Operator's namespace, the MinIO Operator utilizes two pods:
+The MinIO Operator exists in its own namespace in which it creates Kubernetes resources.
+Those resources includes pods, services, replicasets, and deployments.

- The Operator pod for the base Operator functions to deploy, manage, modify, and maintain tenants.
- Console pod for the Operator's Graphical User Interface, the Operator Console.
+The Operator pods monitor all namespaces by default for objects using the MinIO CRD and manages those resources automatically.

 When you use the Operator to create a tenant, the tenant *must* have its own namespace.
 Within that namespace, the Operator generates the pods required by the tenant configuration.

-Each pod runs three containers:
+Each Tenant pod runs three containers:

 - MinIO Container that runs all of the standard MinIO functions, equivalent to basic MinIO installation on baremetal.
  This container stores and retrieves objects in the provided mount points (persistent volumes). 
@ -51,32 +50,29 @@ Each pod runs three containers:
 - SideCar container that monitors configuration secrets for the tenant and updates them as they change.
  This container also monitors for root credentials and creates an error if it does not find root credentials. 

-Starting with v5.0.6, the MinIO Operator supports custom :kube-docs:`init containers <concepts/workloads/pods/init-containers>` for additional pod initialization that may be required for your environment.
-
 The tenant utilizes Persistent Volume Claims to talk to the Persistent Volumes that store the objects.

-.. image:: /images/k8s/OperatorsComponent-Diagram.png
-   :width: 600px
-   :alt: A diagram of the namespaces and pods used by or maintained by the MinIO Operator.
-   :align: center
+.. Image references Console pods, need to fix this up
+
+.. .. image:: /images/k8s/OperatorsComponent-Diagram.png
+..    :width: 600px
+..    :alt: A diagram of the namespaces and pods used by or maintained by the MinIO Operator.
+..    :align: center

 .. _minio-operator-prerequisites:

 Prerequisites
 -------------

-Kubernetes Version 1.21.0
-~~~~~~~~~~~~~~~~~~~~~~~~~
+Kubernetes Version |k8s-floor|
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

-.. important::
+MinIO tests |operator-version-stable| against a floor of Kubernetes API of |k8s-floor|.
+MinIO **strongly recommends** maintaining Kubernetes infrastructure using `actively maintained Kubernetes API versions <https://kubernetes.io/releases/>`__.

-   MinIO **strongly recommends** upgrading Production clusters running `End-Of-Life <https://kubernetes.io/releases/patch-releases/#non-active-branch-history>`__ Kubernetes APIs.

-Starting with v5.0.0, MinIO **requires** Kubernetes 1.21.0 or later for both the infrastructure and the ``kubectl`` CLI tool.
+MinIO **strongly recommends** upgrading Kubernetes clusters running with `End-Of-Life API versions <https://kubernetes.io/releases/patch-releases/#non-active-branch-history>`__

-.. versionadded:: Operator 5.0.6
-
-For Kubernetes 1.25.0 and later, MinIO supports deploying in environments with the :kube-docs:`Pod Security admission (PSA) <concepts/security/pod-security-admission>` ``restricted`` policy enabled.


 Kustomize and ``kubectl``
@ -100,7 +96,7 @@ Kubernetes TLS Certificate API
   The MinIO Operator manages TLS Certificate Signing Requests (CSR) using the Kubernetes ``certificates.k8s.io`` :kube-docs:`TLS certificate management API <tasks/tls/managing-tls-in-a-cluster/>` to create signed TLS certificates in the following circumstances:
   
   - When ``autoCert`` is enabled.
-   - For the MinIO Console when the :envvar:`MINIO_CONSOLE_TLS_ENABLE` environment variable is set to ``on``.
+   - For the MinIO Tenant Console when the :envvar:`MINIO_CONSOLE_TLS_ENABLE` environment variable is set to ``on``.
   - For :ref:`STS service <minio-security-token-service>` when :envvar:`OPERATOR_STS_ENABLED` environment variable is set to ``on``.
   - For retrieving the health of the cluster.
   
--- a/source/includes/k8s/steps-configure-keycloak-identity-management.rst
+++ b/source/includes/k8s/steps-configure-keycloak-identity-management.rst
@ -37,59 +37,11 @@ Set the value to any :ref:`policy <minio-policy>` on the MinIO deployment.

 MinIO supports multiple methods for configuring Keycloak authentication:

- Using the MinIO Operator Console
 - Using the MinIO Tenant Console
 - Using a terminal/shell and the :mc:`mc idp openid` command

 .. tab-set::

-   .. tab-item:: MinIO Operator Console
-
-      You can use the MinIO Operator Console to configure Keycloak as the External Identity Provider for the MinIO Tenant.
-      See :ref:`minio-operator-console-connect` for specific instructions.
-
-      Select :guilabel:`Identity Provider` from the left-hand navigation bar, then select :guilabel:`OpenID`.
-      Select :guilabel:`Create Configuration` to create a new configuration.
-
-      Enter the following information into the modal:
-
-      .. list-table::
-         :stub-columns: 1
-         :widths: 30 70
-         :width: 100%
-
-         * - :guilabel:`Name` 
-           - Enter a unique name for the Keycloak instance 
-         
-         * - :guilabel:`Config URL`
-           - Specify the address of the Keycloak OpenID configuration document (|KEYCLOAK_URL|)
-
-             Ensure the ``REALM`` matches the Keycloak realm you want to use for authenticating users to MinIO
-
-         * - :guilabel:`Client ID`
-           - Specify the name of the Keycloak client created in Step 1
-         
-         * - :guilabel:`Client Secret`
-           - Specify the secret credential value for the Keycloak client created in Step 1
-
-         * - :guilabel:`Display Name`
-           - Specify the user-facing name the MinIO Console should display as part of the Single-Sign On (SSO) workflow for the configured Keycloak service
-
-         * - :guilabel:`Scopes` 
-           - Specify the OpenID scopes to include in the JWT, such as ``preferred_username`` or ``email``
-         
-             You can reference these scopes using supported OpenID policy variables for the purpose of programmatic policy configurations
-
-         * - :guilabel:`Redirect URI Dynamic`
-           - Toggle to ``on``
-         
-             Substitutes the MinIO Console address used by the client as part of the Keycloak redirect URI.
-             Keycloak returns authenticated users to the Console using the provided URI.
-             
-             For MinIO Console deployments behind a reverse proxy, load balancer, or similar network control plane, you can instead use the :envvar:`MINIO_BROWSER_REDIRECT_URL` variable to set the redirect address for Keycloak to use.
-
-      Select :guilabel:`Save` to apply the configuration.
-
   .. tab-item:: MinIO Tenant Console

      You can use the MinIO Tenant Console to configure Keycloak as the External Identity Provider for the MinIO Tenant.