remove credsSecret

minio · Jul 16, 2024 · c47cb8c · c47cb8c
1 parent ccbdd2c
commit c47cb8c
Show file tree

Hide file tree

Showing 10 changed files with 3 additions and 111 deletions.
diff --git a/docs/operator-fields.md b/docs/operator-fields.md
@@ -18,7 +18,6 @@ MinIO Operator creates native Kubernetes resources within the cluster. If the Te
 | scheduler                        | Set custom scheduler for pods created by MinIO Operator.                                                                                                                                                                                                                                                                                                                                  |
 | spec                             | Defines the configuration of a MinIO Tenant object                                                                                                                                                                                                                                                                                                                                        |
 | spec.certConfig                  | When `spec.requestAutoCert` is enabled, use this field to pass additional parameters for certificate creation.                                                                                                                                                                                                                                                                            |
-| spec.credsSecret                 | Use this secret to assign custom credentials (access key and secret key) to the Tenant.                                                                                                                                                                                                                                                                                                   |
 | spec.env                         | Add MinIO specific environment variables to enable certain features.                                                                                                                                                                                                                                                                                                                      |
 | spec.externalCertSecret          | Set a list of external secrets with private key and certificate to be used to enable TLS on Tenant pods. Note that only `spec.requestAutoCert` or `spec.externalCertSecret` should be enabled at a time. Follow [the document here](https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret) to create the secret to be passed in this section.         |
 | spec.image                       | Set the container registry and image tag for MinIO server to be used in the Tenant.                                                                                                                                                                                                                                                                                                       |

diff --git a/helm/operator/templates/minio.min.io_tenants.yaml b/helm/operator/templates/minio.min.io_tenants.yaml
@@ -882,13 +882,6 @@ spec:
                     type: string
                 type: object
                 x-kubernetes-map-type: atomic
-              credsSecret:
-                properties:
-                  name:
-                    default: ""
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
               env:
                 items:
                   properties:

diff --git a/pkg/apis/minio.min.io/v2/helper.go b/pkg/apis/minio.min.io/v2/helper.go
@@ -138,12 +138,6 @@ func genEllipsis(start, end int) string {
 	return "{" + strconv.Itoa(start) + "..." + strconv.Itoa(end) + "}"
 }
 
-// HasCredsSecret returns true if the user has provided a secret
-// for a Tenant else false
-func (t *Tenant) HasCredsSecret() bool {
-	return t.Spec.CredsSecret != nil && t.Spec.CredsSecret.Name != ""
-}
-
 // HasConfigurationSecret returns true if the user has provided a configuration
 // for a Tenant else false
 func (t *Tenant) HasConfigurationSecret() bool {
@@ -824,7 +818,7 @@ func (t *Tenant) Validate() error {
 		return errors.New("pools must be configured")
 	}
 
-	if !t.HasConfigurationSecret() && !t.HasCredsSecret() {
+	if !t.HasConfigurationSecret() {
 		return errors.New("please set 'configuration' secret with credentials for Tenant")
 	}
 

diff --git a/pkg/apis/minio.min.io/v2/types.go b/pkg/apis/minio.min.io/v2/types.go
@@ -124,17 +124,6 @@ type TenantSpec struct {
 	// Pod Management Policy for pod created by StatefulSet
 	// +optional
 	PodManagementPolicy appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"`
-	// *optional* +
-	//
-	// Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] to use for setting the MinIO root access key and secret key. Specify the secret as `name: <secret>`. The Kubernetes secret must contain the following fields: +
-	//
-	// * `data.accesskey` - The access key for the root credentials +
-	//
-	// * `data.secretkey` - The secret key for the root credentials +
-	//
-	//
-	// +optional
-	CredsSecret *corev1.LocalObjectReference `json:"credsSecret,omitempty"`
 	// *Optional* +
 	//
 	// If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource.

diff --git a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go
diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go
diff --git a/pkg/controller/main-controller.go b/pkg/controller/main-controller.go
@@ -812,7 +812,7 @@ func (c *Controller) syncHandler(key string) (Result, error) {
 	// Set any required default values and init Global variables
 	nsName := types.NamespacedName{Namespace: namespace, Name: tenantName}
 
-	// get combined configurations (tenant.env, tenant.credsSecret and tenant.Configuration) for tenant
+	// get combined configurations (tenant.env and tenant.Configuration) for tenant
 	tenantConfiguration, err := c.getTenantCredentials(ctx, tenant)
 	if err != nil {
 		if errors.Is(err, ErrEmptyRootCredentials) {

diff --git a/pkg/controller/tenants.go b/pkg/controller/tenants.go
@@ -45,7 +45,7 @@ func (c *Controller) getTenantConfiguration(ctx context.Context, tenant *miniov2
 	return tenantConfiguration, nil
 }
 
-// getTenantCredentials returns a combination of env, credsSecret and Configuration tenant credentials
+// getTenantCredentials returns a combination of env and Configuration tenant credentials
 func (c *Controller) getTenantCredentials(ctx context.Context, tenant *miniov2.Tenant) (map[string][]byte, error) {
 	// Configuration for tenant can be passed using 2 different sources, tenant.spec.env and config.env secret
 	// If the user provides duplicated configuration the override order will be:

diff --git a/pkg/controller/upgrades.go b/pkg/controller/upgrades.go
@@ -21,7 +21,6 @@ import (
 	"fmt"
 
 	"github.com/minio/operator/pkg/controller/legacy"
-	corev1 "k8s.io/api/core/v1"
 	"k8s.io/apimachinery/pkg/types"
 
 	"github.com/blang/semver/v4"
@@ -62,7 +61,6 @@ func (c *Controller) checkForUpgrades(ctx context.Context, tenant *miniov2.Tenan
 		version424: c.upgrade424,
 		version429: c.upgrade429,
 		version430: c.upgrade430,
-		version45:  c.upgrade45,
 		version500: c.upgrade500,
 		version600: c.upgrade600,
 	}
@@ -265,67 +263,7 @@ func (c *Controller) upgrade430(ctx context.Context, tenant *miniov2.Tenant) (*m
 	return c.updateTenantSyncVersion(ctx, tenant, version430)
 }
 
-// Upgrades the sync version to v4.5
-// in this version we finally deprecated tenant.spec.credsSecret field.
-func (c *Controller) upgrade45(ctx context.Context, tenant *miniov2.Tenant) (*miniov2.Tenant, error) {
-	if tenant.HasConfigurationSecret() {
-		return c.updateTenantSyncVersion(ctx, tenant, version45)
-	}
-	if !tenant.HasCredsSecret() {
-		return tenant, fmt.Errorf("'%s/%s' error migrating tenant credsSecret, credsSecret does not exist", tenant.Namespace, tenant.Name)
-	}
-	// Create new configuration secret based on the existing credsSecret
-	credsSecret, err := c.kubeClientSet.CoreV1().Secrets(tenant.Namespace).Get(ctx, tenant.Spec.CredsSecret.Name, metav1.GetOptions{})
-	if err != nil && !k8serrors.IsNotFound(err) {
-		return tenant, err
-	}
-	var accessKey string
-	var secretKey string
-	if _, ok := credsSecret.Data["accesskey"]; ok {
-		accessKey = string(credsSecret.Data["accesskey"])
-	}
-	if _, ok := credsSecret.Data["secretkey"]; ok {
-		secretKey = string(credsSecret.Data["secretkey"])
-	}
-	if accessKey == "" || secretKey == "" {
-		return tenant, fmt.Errorf("accessKey/secretKey are empty - '%s/%s' error in migrating tenant credsSecret to newer configuration", tenant.Namespace, tenant.Name)
-	}
-	tenantConfiguration := map[string]string{}
-	tenantConfiguration["MINIO_ROOT_USER"] = accessKey
-	tenantConfiguration["MINIO_ROOT_PASSWORD"] = secretKey
-	configurationSecret := &corev1.Secret{
-		ObjectMeta: metav1.ObjectMeta{
-			Name:      tenant.ConfigurationSecretName(),
-			Namespace: tenant.Namespace,
-		},
-		TypeMeta: metav1.TypeMeta{
-			Kind:       "Secret",
-			APIVersion: corev1.SchemeGroupVersion.Version,
-		},
-		Data: map[string][]byte{
-			"config.env": []byte(miniov2.GenerateTenantConfigurationFile(tenantConfiguration)),
-		},
-	}
-	_, err = c.kubeClientSet.CoreV1().Secrets(tenant.Namespace).Create(ctx, configurationSecret, metav1.CreateOptions{})
-	if err != nil {
-		return tenant, err
-	}
-	// Update tenant fields
-	tenantCopy := tenant.DeepCopy()
-	tenantCopy.EnsureDefaults()
-	tenantCopy.Spec.Configuration = &corev1.LocalObjectReference{
-		Name: tenantCopy.ConfigurationSecretName(),
-	}
-	tenantCopy.Spec.CredsSecret = nil
-	_, err = c.minioClientSet.MinioV2().Tenants(tenant.Namespace).Update(ctx, tenantCopy, metav1.UpdateOptions{})
-	if err != nil {
-		return tenant, fmt.Errorf("error updating tenant '%s/%s', could not update tenant.spec.configuration field: %v", tenant.Namespace, tenant.Name, err)
-	}
-	return c.updateTenantSyncVersion(ctx, tenant, version45)
-}
-
 // Upgrades the sync version to v5.0.0
-// in this version we finally deprecated tenant.spec.credsSecret field.
 func (c *Controller) upgrade500(ctx context.Context, tenant *miniov2.Tenant) (*miniov2.Tenant, error) {
 	// log search deployment
 	logSearchDeployment, err := c.deploymentLister.Deployments(tenant.Namespace).Get(legacy.LogSearchAPIDeploymentName(tenant))

diff --git a/resources/base/crds/minio.min.io_tenants.yaml b/resources/base/crds/minio.min.io_tenants.yaml
@@ -882,13 +882,6 @@ spec:
                     type: string
                 type: object
                 x-kubernetes-map-type: atomic
-              credsSecret:
-                properties:
-                  name:
-                    default: ""
-                    type: string
-                type: object
-                x-kubernetes-map-type: atomic
               env:
                 items:
                   properties: