Skip to content

operator 2032

Allan Roger Reid edited this page Mar 20, 2024 · 8 revisions

Set linger and reboot

ssh -p 20694 [email protected] -o "ServerAliveInterval=5" -o "ServerAliveCountMax=100000" -o "StrictHostKeyChecking=off"
loginctl enable-linger ubuntu

Install and verify k3s

sudo apt-get update -y && \
sudo apt-get upgrade -y && \
sudo apt-get install linux-generic -y && \
sudo apt-get dist-upgrade -y && \
sudo apt-get install linux-headers-generic -y && \
sudo touch /dev/kmsg
sudo ln -s /lib/modules/6.2.0-39-generic /lib/modules/6.2.0-35-generic

sudo touch /dev/kmsg
curl -sfL https://get.k3s.io | K3S_KUBECONFIG_MODE="644" sh -s - --snapshotter=fuse-overlayfs
sudo journalctl -f -u k3s.service
sudo systemctl status k3s
cat <<EOF >> ~/.bashrc 
export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
EOF
cat ~/.bashrc 
source ~/.profile

Install mc

wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
sudo mv mc /usr/local/bin

Install helm

curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
chmod 700 get_helm.sh
./get_helm.sh

Install minio operator

curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/operator-5.0.13.tgz
tar -xvf operator-5.0.13.tgz
helm install --namespace minio-operator --create-namespace minio-operator operator-5.0.13.tgz -f ./operator/values.yaml

Create existing secret

kubectl -n tenant1 delete secret/my-existing-secret
cat <<EOF > my-existing-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
  namespace: tenant1
  name: my-existing-secret
stringData:
  config.env: |-
    export MINIO_ROOT_USER=ROOTUSERNAME
    export MINIO_ROOT_PASSWORD=ROOTUSERPASSWORD
EOF
kubectl create -f my-existing-secret.yaml

All tests imply modifications to values.yaml. i.e.

curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/tenant-5.0.13.tgz
tar -xvf tenant-5.0.13.tgz

helm uninstall -n tenant1 tenant1
helm install --namespace tenant1 --create-namespace tenant1 --debug ./tenant
kubectl patch tenant -n tenant1 myminio --type='merge' -p '{"spec":{"requestAutoCert": false}}'
kubectl patch service -n tenant1 myminio-console -p '{"spec":{"ports":[{"name": "http-console","port": 9090,"protocol": "TCP","nodePort":'31091'},{"name": "https-console","port": 9443,"protocol": "TCP","nodePort":'30091'}],"type": "NodePort"}}'

Then, attempt login with http://minio-operator-helm-local.minio.training:31091

Regression tests

Test 1

secrets:
  name: myminio-env-configuration
  accessKey: minio 
  secretKey: minio123
  existingSecret:
    name: enabled
tenant:
  configuration:
    name: my-existing-secret

Expected outcome:

  • login permitted with ROOTUSERNAME/ROOTUSERPASSWORD
  • helm prints warning

Actual outcome

HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
---
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test1 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test1` successfully.

Test 2

secrets:
  existingSecret:
    name: enabled
tenant:
  configuration:
    name: my-existing-secret

Expected outcome:

  • login permitted with ROOTUSERNAME/ROOTUSERPASSWORD
  • helm prints warning

Actual outcome

HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
---
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test2 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test2` successfully.

Test 3

secrets:
  name: myminio-env-configuration
  accessKey: minio 
  secretKey: minio123
  existingSecret:
    name: enabled
tenant:
  configuration:
    name: myminio-env-configuration

Expected outcome:

  • tenant does not start since there is no existing secret called myminio-env-configuration
  • helm prints warning

Actual outcome

HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
---

Test 4

secrets:
  name: myminio-env-configuration
  accessKey: minio 
  secretKey: minio123
tenant:
  configuration:
    name: myminio-env-configuration

Expected outcome:

  • login permitted with minio/minio123
  • helm prints warning

Actual outcome

HOOKS:
MANIFEST:
---
# Source: tenant/templates/tenant-configuration.yaml
# WARNING: 'secrets' is deprecated and will be removed in next minor release (i.e. v5.1.0). Please use 'tenant.configSecret' instead.
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test4 https://127.0.0.1:9000 minio minio123 --insecure
Added `test4` successfully.

Integration tests

Test 5

secrets:
  name: myminio-env-configuration
  accessKey: minio 
  secretKey: minio123
  existingSecret:
    name: enabled
tenant:
  configuration:
    name: my-existing-secret
  configSecret:
    name: myminio-env-configuration
    accessKey: minio
    secretKey: minio123
    existingSecret: true

Expected outcome:

  • helm install fails since fields secrets and tenant.configSecret are mutually exclusive Actual outcome
Error: INSTALLATION FAILED: execution error at (tenant/templates/tenant-configuration.yaml:5:4): ERROR: '.secrets' and '.tenant.configSecret' are mutually exclusive. Please use 'tenant.configSecret' instead.
helm.go:84: [debug] execution error at (tenant/templates/tenant-configuration.yaml:5:4): ERROR: '.secrets' and '.tenant.configSecret' are mutually exclusive. Please use 'tenant.configSecret' instead.

Test 6

tenant:
  configuration:
    name: my-existing-secret
  configSecret:
    name: myminio-env-configuration
    accessKey: minio
    secretKey: minio123
    existingSecret: true

Expected outcome:

  • login permitted with ROOTUSERNAME/ROOTUSERPASSWORD Actual outcome
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test6 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test6` successfully.

Test 7

tenant:
  configuration:
    name: my-existing-secret
  configSecret:
    existingSecret: true

Expected outcome:

  • login permitted with ROOTUSERNAME/ROOTUSERPASSWORD Actual outcome
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test7 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test7` successfully.

Test 8

tenant:
  configuration:
    name: my-existing-secret
  configSecret:
    name: myminio-env-configuration
    accessKey: minio
    secretKey: minio123
    existingSecret: false

Expected outcome:

  • login permitted with ROOTUSERNAME/ROOTUSERPASSWORD Actual outcome
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test8 https://127.0.0.1:9000 ROOTUSERNAME ROOTUSERPASSWORD --insecure
Added `test8` successfully.

Test 9

tenant:
  configuration:
    name: myminio-env-configuration
  configSecret:
    name: myminio-env-configuration
    accessKey: minio
    secretKey: minio123
    existingSecret: false

Expected outcome:

  • login permitted with minio/minio123 Actual outcome
kubectl --namespace tenant1 port-forward svc/myminio-hl 9000:9000 &
mc alias set test9 https://127.0.0.1:9000 minio minio123 --insecure
Added `test9` successfully.
Clone this wiki locally