Compare commits

...

7 Commits

Author SHA1 Message Date
Minio Trusted
b2aa1349f8 update to v0.3.17 2020-08-24 15:27:12 -07:00
Lenin Alevski
8b62aec7fb Added support for prometheus addnotations #293 (#256) 2020-08-24 15:07:36 -07:00
Minio Trusted
83fe33b499 update to v0.3.16 2020-08-20 23:09:02 -07:00
Daniel Valdivia
54d0a1d342 Support for labels at pvc level (#254) 2020-08-20 22:46:07 -07:00
Minio Trusted
c59737a71d update v0.3.15 2020-08-20 21:02:34 -07:00
Lenin Alevski
7c2ba707eb add labels to tenant secrets for easy deletion (#252)
Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>
2020-08-20 19:09:13 -07:00
Cesar N
545a890c45 Delete secrets on tenant deletion (#253) 2020-08-20 18:57:34 -07:00
9 changed files with 104 additions and 18 deletions

View File

@@ -15,7 +15,7 @@ spec:
serviceAccountName: console-sa
containers:
- name: console
image: minio/console:v0.3.14
image: minio/console:v0.3.17
imagePullPolicy: "IfNotPresent"
args:
- server

View File

@@ -14,6 +14,7 @@ rules:
- list
- patch
- update
- deletecollection
- apiGroups:
- ""
resources:
@@ -22,6 +23,7 @@ rules:
- services
- events
- resourcequotas
- nodes
verbs:
- get
- watch
@@ -34,6 +36,8 @@ rules:
- persistentvolumeclaims
verbs:
- deletecollection
- list
- get
- apiGroups:
- "storage.k8s.io"
resources:

View File

@@ -15,7 +15,7 @@ spec:
serviceAccountName: console-sa
containers:
- name: console
image: minio/console:v0.3.14
image: minio/console:v0.3.17
imagePullPolicy: "IfNotPresent"
env:
- name: CONSOLE_OPERATOR_MODE

View File

@@ -48,6 +48,9 @@ type CreateTenantRequest struct {
// enable console
EnableConsole *bool `json:"enable_console,omitempty"`
// enable prometheus
EnablePrometheus *bool `json:"enable_prometheus,omitempty"`
// enable tls
EnableTLS *bool `json:"enable_tls,omitempty"`

View File

@@ -207,6 +207,9 @@ func (m *Zone) UnmarshalBinary(b []byte) error {
// swagger:model ZoneVolumeConfiguration
type ZoneVolumeConfiguration struct {
// labels
Labels map[string]string `json:"labels,omitempty"`
// size
// Required: true
Size *int64 `json:"size"`

View File

@@ -189,7 +189,12 @@ func deleteTenantAction(
opts := metav1.ListOptions{
LabelSelector: fmt.Sprintf("%s=%s", operator.TenantLabel, tenantName),
}
return clientset.PersistentVolumeClaims(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
err = clientset.PersistentVolumeClaims(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
if err != nil {
return err
}
// delete all tenant's secrets only if deletePvcs = true
return clientset.Secrets(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
}
return nil
}
@@ -393,12 +398,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
secretKey = tenantReq.SecretKey
}
secretName := fmt.Sprintf("%s-secret", *tenantReq.Name)
tenantName := *tenantReq.Name
secretName := fmt.Sprintf("%s-secret", tenantName)
imm := true
instanceSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: secretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Immutable: &imm,
Data: map[string][]byte{
@@ -427,7 +436,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
//Construct a MinIO Instance with everything we are getting from parameters
minInst := operator.Tenant{
ObjectMeta: metav1.ObjectMeta{
Name: *tenantReq.Name,
Name: tenantName,
},
Spec: operator.TenantSpec{
Image: minioImage,
@@ -517,6 +526,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
externalTLSCertificateSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: externalTLSCertificateSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Type: corev1.SecretTypeTLS,
Immutable: &imm,
@@ -544,13 +556,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
})
// KES client mTLSCertificates used by MinIO instance, only if autoCert is not enabled
if !minInst.Spec.RequestAutoCert {
minInst.Spec.ExternalClientCertSecret, err = getTenantExternalClientCertificates(ctx, clientset, ns, tenantReq.Encryption, secretName)
minInst.Spec.ExternalClientCertSecret, err = getTenantExternalClientCertificates(ctx, clientset, ns, tenantReq.Encryption, secretName, tenantName)
if err != nil {
return nil, err
}
}
// KES configuration for Tenant instance
minInst.Spec.KES, err = getKESConfiguration(ctx, clientset, ns, tenantReq.Encryption, secretName, minInst.Spec.RequestAutoCert)
minInst.Spec.KES, err = getKESConfiguration(ctx, clientset, ns, tenantReq.Encryption, secretName, tenantName, minInst.Spec.RequestAutoCert)
if err != nil {
return nil, err
}
@@ -566,7 +578,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
if enableConsole {
consoleSelector := fmt.Sprintf("%s-console", *tenantReq.Name)
consoleSelector := fmt.Sprintf("%s-console", tenantName)
consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
consoleAccess = RandomCharString(16)
consoleSecret = RandomCharString(32)
@@ -574,6 +586,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
instanceSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: consoleSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Immutable: &imm,
Data: map[string][]byte{
@@ -611,7 +626,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
return nil, err
}
const consoleVersion = "minio/console:v0.3.14"
const consoleVersion = "minio/console:v0.3.17"
minInst.Spec.Console = &operator.ConsoleConfiguration{
Replicas: 1,
Image: consoleVersion,
@@ -636,6 +651,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
consoleExternalTLSCertificateSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: consoleExternalTLSCertificateSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Type: corev1.SecretTypeTLS,
Immutable: &imm,
@@ -663,10 +681,12 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
// add annotations
var annotations map[string]string
if len(tenantReq.Annotations) > 0 {
if minInst.Spec.Metadata == nil {
minInst.Spec.Metadata = &metav1.ObjectMeta{}
if minInst.Spec.Metadata == nil {
minInst.Spec.Metadata = &metav1.ObjectMeta{
Annotations: map[string]string{},
}
}
if len(tenantReq.Annotations) > 0 {
annotations = tenantReq.Annotations
minInst.Spec.Metadata.Annotations = annotations
}
@@ -689,7 +709,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
if tenantReq.ImagePullSecret != "" {
imagePullSecret = tenantReq.ImagePullSecret
} else if imagePullSecret, err = setImageRegistry(ctx, *tenantReq.Name, tenantReq.ImageRegistry, clientset.CoreV1(), ns); err != nil {
} else if imagePullSecret, err = setImageRegistry(ctx, tenantName, tenantReq.ImageRegistry, clientset.CoreV1(), ns); err != nil {
log.Println("error setting image registry secret:", err)
return nil, err
}
@@ -700,6 +720,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
}
// prometheus annotations support
if tenantReq.EnablePrometheus != nil && *tenantReq.EnablePrometheus && minInst.Spec.Metadata != nil && minInst.Spec.Metadata.Annotations != nil {
minInst.Spec.Metadata.Annotations["prometheus.io/path"] = "/minio/prometheus/metrics"
minInst.Spec.Metadata.Annotations["prometheus.io/port"] = fmt.Sprint(operator.MinIOPort)
minInst.Spec.Metadata.Annotations["prometheus.io/scrape"] = "true"
}
// set console image if provided
if tenantReq.ConsoleImage != "" {
minInst.Spec.Console.Image = tenantReq.ConsoleImage
@@ -717,7 +744,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
// Integratrions
if os.Getenv("GKE_INTEGRATION") != "" {
err := gkeIntegration(clientset, *tenantReq.Name, ns, session.SessionToken)
err := gkeIntegration(clientset, tenantName, ns, session.SessionToken)
if err != nil {
return nil, err
}
@@ -766,6 +793,9 @@ func setImageRegistry(ctx context.Context, tenantName string, req *models.ImageR
instanceSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: pullSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Data: map[string][]byte{
corev1.DockerConfigJsonKey: []byte(string(imRegistryJSON)),
@@ -1120,7 +1150,8 @@ func parseTenantZoneRequest(zoneParams *models.Zone, annotations map[string]stri
// Pass annotations to the volume
vct := &corev1.PersistentVolumeClaim{
ObjectMeta: metav1.ObjectMeta{
Name: "data",
Name: "data",
Labels: zoneParams.VolumeConfiguration.Labels,
},
Spec: volTemp,
}
@@ -1383,7 +1414,7 @@ func parseNodeSelectorTerm(term *corev1.NodeSelectorTerm) *models.NodeSelectorTe
return &t
}
func getTenantExternalClientCertificates(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName string) (clientCertificates *operator.LocalCertificateReference, err error) {
func getTenantExternalClientCertificates(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName, tenantName string) (clientCertificates *operator.LocalCertificateReference, err error) {
instanceExternalClientCertificateSecretName := fmt.Sprintf("%s-instance-external-client-mtls-certificates", secretName)
// If there's an error during this process we delete all KES configuration secrets
defer func() {
@@ -1408,6 +1439,9 @@ func getTenantExternalClientCertificates(ctx context.Context, clientSet *kuberne
instanceExternalClientCertificateSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: instanceExternalClientCertificateSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Type: corev1.SecretTypeTLS,
Immutable: &imm,
@@ -1428,7 +1462,7 @@ func getTenantExternalClientCertificates(ctx context.Context, clientSet *kuberne
return clientCertificates, nil
}
func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName string, autoCert bool) (kesConfiguration *operator.KESConfig, err error) {
func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName, tenantName string, autoCert bool) (kesConfiguration *operator.KESConfig, err error) {
// secrets used by the KES configuration
instanceExternalClientCertificateSecretName := fmt.Sprintf("%s-instance-external-client-mtls-certificates", secretName)
kesExternalCertificateSecretName := fmt.Sprintf("%s-kes-external-mtls-certificates", secretName)
@@ -1484,6 +1518,9 @@ func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, n
kesExternalCertificateSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: kesExternalCertificateSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Type: corev1.SecretTypeTLS,
Immutable: &imm,
@@ -1669,6 +1706,9 @@ func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, n
kesClientCertSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: kesClientCertSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Immutable: &imm,
Data: mTLSCertificates,
@@ -1692,6 +1732,9 @@ func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, n
kesConfigurationSecret := corev1.Secret{
ObjectMeta: metav1.ObjectMeta{
Name: kesConfigurationSecretName,
Labels: map[string]string{
operator.TenantLabel: tenantName,
},
},
Immutable: &imm,
Data: map[string][]byte{

View File

@@ -871,7 +871,7 @@ func Test_UpdateTenantAction(t *testing.T) {
},
params: admin_api.UpdateTenantParams{
Body: &models.UpdateTenantRequest{
ConsoleImage: "minio/console:v0.3.14",
ConsoleImage: "minio/console:v0.3.17",
},
},
},

View File

@@ -2038,6 +2038,10 @@ func init() {
"type": "boolean",
"default": true
},
"enable_prometheus": {
"type": "boolean",
"default": false
},
"enable_tls": {
"type": "boolean",
"default": true
@@ -3250,6 +3254,12 @@ func init() {
"size"
],
"properties": {
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"size": {
"type": "integer"
},
@@ -5721,6 +5731,12 @@ func init() {
"size"
],
"properties": {
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"size": {
"type": "integer"
},
@@ -5980,6 +5996,10 @@ func init() {
"type": "boolean",
"default": true
},
"enable_prometheus": {
"type": "boolean",
"default": false
},
"enable_tls": {
"type": "boolean",
"default": true
@@ -7126,6 +7146,12 @@ func init() {
"size"
],
"properties": {
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"size": {
"type": "integer"
},

View File

@@ -1837,6 +1837,9 @@ definitions:
enable_tls:
type: boolean
default: true
enable_prometheus:
type: boolean
default: false
namespace:
type: string
erasureCodingParity:
@@ -2088,6 +2091,10 @@ definitions:
type: integer
storage_class_name:
type: string
labels:
type: object
additionalProperties:
type: string
resources:
$ref: "#/definitions/zoneResources"
node_selector: