-
Notifications
You must be signed in to change notification settings - Fork 0
operator 2032
Allan Roger Reid edited this page Dec 4, 2024
·
8 revisions
ssh -p 20694 [email protected] -o "ServerAliveInterval=5" -o "ServerAliveCountMax=100000" -o "StrictHostKeyChecking=off"
loginctl enable-linger ubuntu
sudo apt-get update -y && \
sudo apt-get upgrade -y && \
sudo apt-get install linux-generic -y && \
sudo apt-get dist-upgrade -y && \
sudo apt-get install linux-headers-generic -y && \
sudo touch /dev/kmsg
sudo ln -s /lib/modules/6.2.0-39-generic /lib/modules/6.2.0-35-generic
sudo touch /dev/kmsg
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -s - --snapshotter=fuse-overlayfs
sudo journalctl -f -u k3s.service
sudo systemctl status k3s
cat <<EOF >> ~/.bashrc
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
EOF
cat ~/.bashrc
source ~/.profile
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
sudo mv mc /usr/local/bin
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh
curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/operator-5.0.13.tgz
tar -xvf operator-5.0.13.tgz
helm install --namespace minio-operator --create-namespace minio-operator operator-5.0.13.tgz -f ./operator/values.yaml
kubectl -n tenant1 delete secret/my-existing-secret
cat <<EOF > my-existing-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
namespace: tenant1
name: my-existing-secret
stringData:
config.env: |-
export MINIO_ROOT_USER=ROOTUSERNAME
export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
EOF
kubectl create -f my-existing-secret.yaml
All tests imply modifications to values.yaml. i.e.
curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/tenant-5.0.13.tgz
tar -xvf tenant-5.0.13.tgz
helm uninstall -n tenant1 tenant1
helm install --namespace tenant1 --create-namespace tenant1 --debug ./tenant
kubectl patch tenant -n tenant1 myminio --type='merge' -p '{"spec":{"requestAutoCert": false}}'
kubectl patch service -n tenant1 myminio-console -p '{"spec":{"ports":[{"name": "http-console","port": 9090,"protocol": "TCP","nodePort":'31091'},{"name": "https-console","port": 9443,"protocol": "TCP","nodePort":'30091'}],"type": "NodePort"}}'
Then, attempt login with http://minio-operator-helm-local.minio.training:31091
secrets:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret:
name: enabled
tenant:
configuration:
name: my-existing-secret
Expected outcome:
- login permitted with ROOTUSERNAME/ROOTUSERPASSWORD since
.secrets.existingSecret.nameexists and.tenant.configuration.name=my-existing-secret - helm prints warning
Actual outcome:
HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
---
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test1 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test1` successfully.
secrets:
existingSecret:
name: enabled
tenant:
configuration:
name: my-existing-secret
Expected outcome:
- login permitted with ROOTUSERNAME/ROOTUSERPASSWORD since
.secrets.existingSecret.nameexists and.tenant.configuration.name=my-existing-secret - helm prints warning
Actual outcome:
HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
---
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test2 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test2` successfully.
secrets:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret:
name: enabled
tenant:
configuration:
name: myminio-env-configuration
Expected outcome:
- tenant does not start since there is no existing secret called
myminio-env-configuration - helm prints warning
Actual outcome:
HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
---
secrets:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
tenant:
configuration:
name: myminio-env-configuration
Expected outcome:
- login permitted with
minio/minio123since.secrets.existingSecret.namedoes not exist, therefore a new secret calledmyminio-env-configurationis created and.tenant.configuration.name=myminio-env-configuration - helm prints warning
Actual outcome:
HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test4 https://127.0.0.1:9000 minio minio123 --insecure
Added `test4` successfully.
secrets:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret:
name: enabled
tenant:
configuration:
name: my-existing-secret
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret: true
Expected outcome:
- helm install fails since fields
.secretsand.tenant.configSecretare mutually exclusive
Actual outcome:
Error: INSTALLATION FAILED: execution error at (tenant/templates/tenant-configuration.yaml:5:4): ERROR: '.secrets' and '.tenant.configSecret' are mutually exclusive. Please use 'tenant.configSecret' instead.
helm.go:84: [debug] execution error at (tenant/templates/tenant-configuration.yaml:5:4): ERROR: '.secrets' and '.tenant.configSecret' are mutually exclusive. Please use 'tenant.configSecret' instead.
tenant:
configuration:
name: my-existing-secret
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret: true
Expected outcome:
- login permitted with
ROOTUSERNAME/ROOTUSERPASSWORDsince.tenant.configSecret.existingSecret=trueand.tenant.configuration.name=my-existing-secret
Actual outcome:
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test6 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test6` successfully.
tenant:
configuration:
name: my-existing-secret
configSecret:
existingSecret: true
Expected outcome:
- login permitted with ROOTUSERNAME/ROOTUSERPASSWORD since
.tenant.configSecret.existingSecret=trueand.tenant.configuration.name=my-existing-secret
Actual outcome:
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test7 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test7` successfully.
tenant:
configuration:
name: my-existing-secret
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret: false
Expected outcome:
- login permitted with ROOTUSERNAME/ROOTUSERPASSWORD. Although
myminio-env-configurationwas created, the actual secret used to login ismy-existing-secret
Actual outcome:
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test8 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test8` successfully.
tenant:
configuration:
name: myminio-env-configuration
configSecret:
name: myminio-env-configuration
accessKey: minio
secretKey: minio123
existingSecret: false
Expected outcome:
- login permitted with
minio/minio123.myminio-env-configurationwas created and the actual secret used to login is alsomyminio-env-configuration
Actual outcome:
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test9 https://127.0.0.1:9000 minio minio123 --insecure
Added `test9` successfully.