diff --git a/docs/operator-fields.md b/docs/operator-fields.md index 9bca5b20a80..5d4eb6cc85e 100644 --- a/docs/operator-fields.md +++ b/docs/operator-fields.md @@ -18,7 +18,6 @@ MinIO Operator creates native Kubernetes resources within the cluster. If the Te | scheduler | Set custom scheduler for pods created by MinIO Operator. | | spec | Defines the configuration of a MinIO Tenant object | | spec.certConfig | When `spec.requestAutoCert` is enabled, use this field to pass additional parameters for certificate creation. | -| spec.credsSecret | Use this secret to assign custom credentials (access key and secret key) to the Tenant. | | spec.env | Add MinIO specific environment variables to enable certain features. | | spec.externalCertSecret | Set a list of external secrets with private key and certificate to be used to enable TLS on Tenant pods. Note that only `spec.requestAutoCert` or `spec.externalCertSecret` should be enabled at a time. Follow [the document here](https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret) to create the secret to be passed in this section. | | spec.image | Set the container registry and image tag for MinIO server to be used in the Tenant. | diff --git a/helm/operator/templates/minio.min.io_tenants.yaml b/helm/operator/templates/minio.min.io_tenants.yaml index ddfbc03cbaa..557c8b3fff9 100644 --- a/helm/operator/templates/minio.min.io_tenants.yaml +++ b/helm/operator/templates/minio.min.io_tenants.yaml @@ -882,13 +882,6 @@ spec: type: string type: object x-kubernetes-map-type: atomic - credsSecret: - properties: - name: - default: "" - type: string - type: object - x-kubernetes-map-type: atomic env: items: properties: diff --git a/pkg/apis/minio.min.io/v2/helper.go b/pkg/apis/minio.min.io/v2/helper.go index 6a09a5b1297..cfd3ef3330a 100644 --- a/pkg/apis/minio.min.io/v2/helper.go +++ b/pkg/apis/minio.min.io/v2/helper.go @@ -138,12 +138,6 @@ func genEllipsis(start, end int) string { return "{" + strconv.Itoa(start) + "..." + strconv.Itoa(end) + "}" } -// HasCredsSecret returns true if the user has provided a secret -// for a Tenant else false -func (t *Tenant) HasCredsSecret() bool { - return t.Spec.CredsSecret != nil && t.Spec.CredsSecret.Name != "" -} - // HasConfigurationSecret returns true if the user has provided a configuration // for a Tenant else false func (t *Tenant) HasConfigurationSecret() bool { @@ -824,7 +818,7 @@ func (t *Tenant) Validate() error { return errors.New("pools must be configured") } - if !t.HasConfigurationSecret() && !t.HasCredsSecret() { + if !t.HasConfigurationSecret() { return errors.New("please set 'configuration' secret with credentials for Tenant") } diff --git a/pkg/apis/minio.min.io/v2/types.go b/pkg/apis/minio.min.io/v2/types.go index 67c3c1b1d43..2e7c449b2a9 100644 --- a/pkg/apis/minio.min.io/v2/types.go +++ b/pkg/apis/minio.min.io/v2/types.go @@ -124,17 +124,6 @@ type TenantSpec struct { // Pod Management Policy for pod created by StatefulSet // +optional PodManagementPolicy appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"` - // *optional* + - // - // Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes opaque secret] to use for setting the MinIO root access key and secret key. Specify the secret as `name: `. The Kubernetes secret must contain the following fields: + - // - // * `data.accesskey` - The access key for the root credentials + - // - // * `data.secretkey` - The secret key for the root credentials + - // - // - // +optional - CredsSecret *corev1.LocalObjectReference `json:"credsSecret,omitempty"` // *Optional* + // // If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource. diff --git a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go index 9a85880a640..e0594920f0d 100644 --- a/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go +++ b/pkg/apis/minio.min.io/v2/zz_generated.deepcopy.go @@ -637,11 +637,6 @@ func (in *TenantSpec) DeepCopyInto(out *TenantSpec) { } } out.ImagePullSecret = in.ImagePullSecret - if in.CredsSecret != nil { - in, out := &in.CredsSecret, &out.CredsSecret - *out = new(v1.LocalObjectReference) - **out = **in - } if in.Env != nil { in, out := &in.Env, &out.Env *out = make([]v1.EnvVar, len(*in)) diff --git a/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go b/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go index c28efcb4fcf..de533712c4c 100644 --- a/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go +++ b/pkg/client/applyconfiguration/minio.min.io/v2/tenantspec.go @@ -31,7 +31,6 @@ type TenantSpecApplyConfiguration struct { Image *string `json:"image,omitempty"` ImagePullSecret *v1.LocalObjectReference `json:"imagePullSecret,omitempty"` PodManagementPolicy *appsv1.PodManagementPolicyType `json:"podManagementPolicy,omitempty"` - CredsSecret *v1.LocalObjectReference `json:"credsSecret,omitempty"` Env []v1.EnvVar `json:"env,omitempty"` ExternalCertSecret []*miniominiov2.LocalCertificateReference `json:"externalCertSecret,omitempty"` ExternalCaCertSecret []*miniominiov2.LocalCertificateReference `json:"externalCaCertSecret,omitempty"` @@ -106,14 +105,6 @@ func (b *TenantSpecApplyConfiguration) WithPodManagementPolicy(value appsv1.PodM return b } -// WithCredsSecret sets the CredsSecret field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the CredsSecret field is set to the value of the last call. -func (b *TenantSpecApplyConfiguration) WithCredsSecret(value v1.LocalObjectReference) *TenantSpecApplyConfiguration { - b.CredsSecret = &value - return b -} - // WithEnv adds the given value to the Env field in the declarative configuration // and returns the receiver, so that objects can be build by chaining "With" function invocations. // If called multiple times, values provided by each call will be appended to the Env field. diff --git a/pkg/controller/main-controller.go b/pkg/controller/main-controller.go index 40549a4b938..092eb9cfc43 100644 --- a/pkg/controller/main-controller.go +++ b/pkg/controller/main-controller.go @@ -812,7 +812,7 @@ func (c *Controller) syncHandler(key string) (Result, error) { // Set any required default values and init Global variables nsName := types.NamespacedName{Namespace: namespace, Name: tenantName} - // get combined configurations (tenant.env, tenant.credsSecret and tenant.Configuration) for tenant + // get combined configurations (tenant.env and tenant.Configuration) for tenant tenantConfiguration, err := c.getTenantCredentials(ctx, tenant) if err != nil { if errors.Is(err, ErrEmptyRootCredentials) { diff --git a/pkg/controller/tenants.go b/pkg/controller/tenants.go index 5f7d553e282..e7e1e170a44 100644 --- a/pkg/controller/tenants.go +++ b/pkg/controller/tenants.go @@ -45,7 +45,7 @@ func (c *Controller) getTenantConfiguration(ctx context.Context, tenant *miniov2 return tenantConfiguration, nil } -// getTenantCredentials returns a combination of env, credsSecret and Configuration tenant credentials +// getTenantCredentials returns a combination of env and Configuration tenant credentials func (c *Controller) getTenantCredentials(ctx context.Context, tenant *miniov2.Tenant) (map[string][]byte, error) { // Configuration for tenant can be passed using 2 different sources, tenant.spec.env and config.env secret // If the user provides duplicated configuration the override order will be: diff --git a/pkg/controller/upgrades.go b/pkg/controller/upgrades.go index 5913ad6c71f..8ab4f0ed9c3 100644 --- a/pkg/controller/upgrades.go +++ b/pkg/controller/upgrades.go @@ -21,7 +21,6 @@ import ( "fmt" "github.com/minio/operator/pkg/controller/legacy" - corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "github.com/blang/semver/v4" @@ -62,7 +61,6 @@ func (c *Controller) checkForUpgrades(ctx context.Context, tenant *miniov2.Tenan version424: c.upgrade424, version429: c.upgrade429, version430: c.upgrade430, - version45: c.upgrade45, version500: c.upgrade500, version600: c.upgrade600, } @@ -265,67 +263,7 @@ func (c *Controller) upgrade430(ctx context.Context, tenant *miniov2.Tenant) (*m return c.updateTenantSyncVersion(ctx, tenant, version430) } -// Upgrades the sync version to v4.5 -// in this version we finally deprecated tenant.spec.credsSecret field. -func (c *Controller) upgrade45(ctx context.Context, tenant *miniov2.Tenant) (*miniov2.Tenant, error) { - if tenant.HasConfigurationSecret() { - return c.updateTenantSyncVersion(ctx, tenant, version45) - } - if !tenant.HasCredsSecret() { - return tenant, fmt.Errorf("'%s/%s' error migrating tenant credsSecret, credsSecret does not exist", tenant.Namespace, tenant.Name) - } - // Create new configuration secret based on the existing credsSecret - credsSecret, err := c.kubeClientSet.CoreV1().Secrets(tenant.Namespace).Get(ctx, tenant.Spec.CredsSecret.Name, metav1.GetOptions{}) - if err != nil && !k8serrors.IsNotFound(err) { - return tenant, err - } - var accessKey string - var secretKey string - if _, ok := credsSecret.Data["accesskey"]; ok { - accessKey = string(credsSecret.Data["accesskey"]) - } - if _, ok := credsSecret.Data["secretkey"]; ok { - secretKey = string(credsSecret.Data["secretkey"]) - } - if accessKey == "" || secretKey == "" { - return tenant, fmt.Errorf("accessKey/secretKey are empty - '%s/%s' error in migrating tenant credsSecret to newer configuration", tenant.Namespace, tenant.Name) - } - tenantConfiguration := map[string]string{} - tenantConfiguration["MINIO_ROOT_USER"] = accessKey - tenantConfiguration["MINIO_ROOT_PASSWORD"] = secretKey - configurationSecret := &corev1.Secret{ - ObjectMeta: metav1.ObjectMeta{ - Name: tenant.ConfigurationSecretName(), - Namespace: tenant.Namespace, - }, - TypeMeta: metav1.TypeMeta{ - Kind: "Secret", - APIVersion: corev1.SchemeGroupVersion.Version, - }, - Data: map[string][]byte{ - "config.env": []byte(miniov2.GenerateTenantConfigurationFile(tenantConfiguration)), - }, - } - _, err = c.kubeClientSet.CoreV1().Secrets(tenant.Namespace).Create(ctx, configurationSecret, metav1.CreateOptions{}) - if err != nil { - return tenant, err - } - // Update tenant fields - tenantCopy := tenant.DeepCopy() - tenantCopy.EnsureDefaults() - tenantCopy.Spec.Configuration = &corev1.LocalObjectReference{ - Name: tenantCopy.ConfigurationSecretName(), - } - tenantCopy.Spec.CredsSecret = nil - _, err = c.minioClientSet.MinioV2().Tenants(tenant.Namespace).Update(ctx, tenantCopy, metav1.UpdateOptions{}) - if err != nil { - return tenant, fmt.Errorf("error updating tenant '%s/%s', could not update tenant.spec.configuration field: %v", tenant.Namespace, tenant.Name, err) - } - return c.updateTenantSyncVersion(ctx, tenant, version45) -} - // Upgrades the sync version to v5.0.0 -// in this version we finally deprecated tenant.spec.credsSecret field. func (c *Controller) upgrade500(ctx context.Context, tenant *miniov2.Tenant) (*miniov2.Tenant, error) { // log search deployment logSearchDeployment, err := c.deploymentLister.Deployments(tenant.Namespace).Get(legacy.LogSearchAPIDeploymentName(tenant)) diff --git a/resources/base/crds/minio.min.io_tenants.yaml b/resources/base/crds/minio.min.io_tenants.yaml index ddfbc03cbaa..557c8b3fff9 100644 --- a/resources/base/crds/minio.min.io_tenants.yaml +++ b/resources/base/crds/minio.min.io_tenants.yaml @@ -882,13 +882,6 @@ spec: type: string type: object x-kubernetes-map-type: atomic - credsSecret: - properties: - name: - default: "" - type: string - type: object - x-kubernetes-map-type: atomic env: items: properties: