mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add test to list the tenants in Operator UI (#1605)

Browse Source 
Co-authored-by: Alex <33497058+bexsoft@users.noreply.github.com>
This commit is contained in:
Cesar Celis Hernandez
2022-02-22 00:57:09 -05:00
committed by GitHub
parent 56c4311a6b
commit 844162a7ab
32 changed files with 765 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/operator.yaml vendored
View File

@@ -56,12 +56,12 @@ jobs:
run: |
make console
- name: Start Console, front-end app
# Runs a set of commands using the runners shell
- name: Start Kind for Operator UI
run: |
(./console operator) & (make initialize-operator)
"${GITHUB_WORKSPACE}/portal-ui/tests/scripts/operator.sh"
- name: Run TestCafe Tests
uses: DevExpress/testcafe-action@latest
with:
args: '"chrome:headless" portal-ui/tests/operator/ --skip-js-errors -c 3'

23
portal-ui/tests/operator/list-tenants.ts Normal file
View File

@@ -0,0 +1,23 @@
import { diagnosticsElement, supportElement } from "../utils/elements-menu";
import { Selector } from 'testcafe';
fixture("For user with default permissions").page("http://localhost:9090");
test("Create Tenant", async (t) => {
const osCount = Selector(`#root > div > main > div[class] > div > div > div > div:nth-child(1) > div > div > div`).count;
await t
.navigateTo("http://localhost:9090/login")
.typeText("#jwt","anyrandompasswordwillwork")
.click("button.MuiButton-root")
.click(Selector('button[tabindex="0"][type="button"]').withText('Create Tenant'))
.typeText("#tenant-name","thufeb1754epm")
.typeText("#namespace","default")
.wait(2000)
.click("button[tabindex=\"0\"]:nth-of-type(2)")
.click(Selector('button[tabindex="0"][type="button"]').withText('Done'))
.expect(osCount).eql(2);
});

9
portal-ui/tests/scripts/examples/kustomization/base/kustomization.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: minio-tenant
resources:
- namespace.yaml
- tenant-config.yaml
- tenant-minio-creds-secret_deprecated.yaml
- storage-user.yaml
- tenant.yaml

4
portal-ui/tests/scripts/examples/kustomization/base/namespace.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: minio-tenant

9
portal-ui/tests/scripts/examples/kustomization/base/storage-user.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
data:
CONSOLE_ACCESS_KEY: Y29uc29sZQ==
CONSOLE_SECRET_KEY: Y29uc29sZTEyMw==
kind: Secret
metadata:
name: storage-user
namespace: default
type: Opaque

13
portal-ui/tests/scripts/examples/kustomization/base/tenant-config.yaml Normal file
View File

@@ -0,0 +1,13 @@
apiVersion: v1
data:
## Tenant credentials, base64 encoded (cat config.env | base64)
## export MINIO_ROOT_USER="minio"
## export MINIO_ROOT_PASSWORD="minio123"
## export MINIO_STORAGE_CLASS_STANDARD="EC:2"
## export MINIO_BROWSER="on"
config.env: ZXhwb3J0IE1JTklPX1JPT1RfVVNFUj0ibWluaW8iCmV4cG9ydCBNSU5JT19ST09UX1BBU1NXT1JEPSJtaW5pbzEyMyIKZXhwb3J0IE1JTklPX1NUT1JBR0VfQ0xBU1NfU1RBTkRBUkQ9IkVDOjIiCmV4cG9ydCBNSU5JT19CUk9XU0VSPSJvbiI=
kind: Secret
metadata:
name: storage-configuration
namespace: minio-tenant
type: Opaque

9
portal-ui/tests/scripts/examples/kustomization/base/tenant-minio-creds-secret_deprecated.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
data:
accessKey: ""
secretKey: ""
kind: Secret
metadata:
name: storage-creds-secret
namespace: minio-tenant
type: Opaque

240
portal-ui/tests/scripts/examples/kustomization/base/tenant.yaml Normal file
View File

@@ -0,0 +1,240 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
## Optionally pass labels to be applied to the statefulset pods
labels:
app: minio
## Optionally pass annotations to be applied to the statefulset pods
annotations:
prometheus.io/path: /minio/v2/metrics/cluster
prometheus.io/port: "9000"
prometheus.io/scrape: "true"
## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.
## If not specified, the Tenant pods will be dispatched by default scheduler.
# scheduler:
# name: my-custom-scheduler
spec:
## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be
## accessible as DNS entries of form `<bucketname>.minio.namespace.svc.cluster.local`
s3:
## This feature is turned off by default
bucketDNS: false
## Create users in the Tenant using this field. Make sure to create secrets per user added here.
## Secret should follow the format used in `minio-creds-secret`.
users:
- name: storage-user
## Create buckets using the console user
# buckets:
# - name: "test-bucket1"
# region: "us-east-1"
# objectLock: true
# - name: "test-bucket2"
# region: "us-east-1"
# objectLock: true
## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName
## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is
## not provided. DNS name format is *.minio.default.svc.cluster.local
certConfig: { }
## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"
## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
## for details.
podManagementPolicy: Parallel
## Secret with credentials and configurations to be used by MinIO Tenant.
configuration:
name: storage-configuration
## DEPRECATED: Secret with credentials to be used by MinIO Tenant.
credsSecret:
name: storage-creds-secret
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env: [ ]
## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific
## services created by the operator.
serviceMetadata:
minioServiceLabels: { }
minioServiceAnnotations: { }
consoleServiceLabels: { }
consoleServiceAnnotations: { }
## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
## This is applied to MinIO pods only.
## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
priorityClassName: ""
## Use this field to provide one or more external CA certificates. This is used by MinIO
## to verify TLS connections with other applications.
## Certificate secret files will be mounted under /tmp/certs/CAs folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## externalCaCertSecret:
## - name: ca-certificate-1
## type: Opaque
## - name: ca-certificate-2
## type: Opaque
## - name: ca-certificate-3
## type: Opaque
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
externalCaCertSecret: [ ]
## Use this field to provide one or more Secrets with external certificates. This can be used to configure
## TLS for MinIO Tenant pods.
## Certificate secret files will be mounted under /tmp/certs folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## externalCertSecret:
## - name: domain-certificate-1
## type: kubernetes.io/tls
## - name: domain-certificate-2
## type: kubernetes.io/tls
## - name:domain-certificate-3
## type: kubernetes.io/tls
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
externalCertSecret: [ ]
## Use this field to provide client certificates for MinIO & KES. This can be used to configure
## mTLS for MinIO and your KES server. Files will be mounted under /tmp/certs folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
## ie:
##
## externalClientCertSecret:
## name: mtls-certificates-for-tenant
## type: Opaque
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
# externalClientCertSecret: {}
## Registry location and Tag to download MinIO Server image
image: quay.io/minio/minio:RELEASE.2022-01-07T01-53-23Z
imagePullSecret: { }
## Mount path where PV will be mounted inside container(s).
mountPath: /export
## Sub path inside Mount path where MinIO stores data.
subPath: ""
## Service account to be used for all the MinIO Pods
serviceAccountName: ""
## Specification for MinIO Pool(s) in this Tenant.
pools:
## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
## For standalone mode, supply 1. For distributed mode, supply 4 or more.
## Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 4
## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 4
## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
## eligible to run on a node, the node must have each of the
## indicated key-value pairs as labels.
## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: { }
## Used to specify a toleration for a pod
tolerations: [ ]
## Affinity settings for MinIO pods. Read more about affinity
## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
## Configure resource requests and limits for MinIO containers
resources: { }
## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
## Pool.
volumeClaimTemplate:
apiVersion: v1
kind: persistentvolumeclaims
metadata: { }
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Ti
storageClassName: standard
status: { }
## Configure security context
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
## Enable automatic Kubernetes based certificate generation and signing as explained in
## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
requestAutoCert: true
## Prometheus setup for MinIO Tenant.
prometheus:
image: "" # defaults to quay.io/prometheus/prometheus:latest
sidecarimage: "" # defaults to alpine
initimage: "" # defaults to busybox:1.33.1
diskCapacityGB: 10
storageClassName: standard
annotations: { }
labels: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
resources: { }
serviceAccountName: ""
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
## Prometheus Operator's Service Monitor for MinIO Tenant Pods.
# prometheusOperator:
# labels:
# app: minio-sm
## LogSearch API setup for MinIO Tenant.
log:
image: "" # defaults to minio/logsearchapi:v4.4.2
resources: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
tolerations: [ ]
annotations: { }
labels: { }
audit:
diskCapacityGB: 10
## Postgres setup for LogSearch API
db:
image: "" # defaults to library/postgres
initimage: "" # defaults to busybox:1.33.1
volumeClaimTemplate:
metadata: { }
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
resources: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
tolerations: [ ]
annotations: { }
labels: { }
serviceAccountName: ""
securityContext:
runAsUser: 999
runAsGroup: 999
runAsNonRoot: true
fsGroup: 999
serviceAccountName: ""
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000

14
portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-env-encrypted
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

10
portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenant.yaml Normal file
View File

@@ -0,0 +1,10 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
env:
## Encrypt data using local encryption key from env variables, not recommended for production environments
- name: MINIO_KMS_SECRET_KEY
value: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="

3
portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenantNamePatch.yaml Normal file
View File

@@ -0,0 +1,3 @@
- op: replace
path: /metadata/name
value: storage-env-encrypted

16
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/kustomization.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- openldap.yaml
namespace: tenant-external-idp-ldap
patchesStrategicMerge:
- tenant.yaml
- storage-user.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

89
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/openldap.yaml Normal file
View File

@@ -0,0 +1,89 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: billy-ldif
data:
billy.ldif: |
# LDIF fragment to create group branch under root
dn: uid=billy,dc=example,dc=org
uid: billy
cn: billy
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: billy123
mail: billy@example.org
gecos: Billy User
# Create base group
dn: ou=groups,dc=example,dc=org
objectclass:organizationalunit
ou: groups
description: generic groups branch
# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
objectClass: top
objectClass: posixGroup
gidNumber: 678
# Assing group to new user
dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
changetype: modify
add: memberuid
memberuid: billy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
volumes:
- name: billy-configuration
configMap:
name: billy-ldif
containers:
- name: openldap
image: osixia/openldap:1.3.0
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 389
name: tcp-ldap
- containerPort: 636
name: tcp-ldap2
volumeMounts:
- name: billy-configuration
mountPath: /tmp/billy.ldif
subPath: billy.ldif
---
apiVersion: v1
kind: Service
metadata:
name: openldap
labels:
name: openldap
spec:
ports:
- name: tcp-ldap
port: 389
targetPort: tcp-ldap
- name: tcp-ldap2
port: 636
targetPort: tcp-ldap2
selector:
app: openldap

9
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/storage-user.yaml Normal file
View File

@@ -0,0 +1,9 @@
apiVersion: v1
data:
CONSOLE_ACCESS_KEY: dWlkPWJpbGx5LGRjPWV4YW1wbGUsZGM9b3Jn # "uid=billy,dc=example,dc=org"
CONSOLE_SECRET_KEY: ""
kind: Secret
metadata:
name: storage-user
namespace: default
type: Opaque

20
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenant.yaml Normal file
View File

@@ -0,0 +1,20 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
users:
- name: storage-user
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env:
- name: MINIO_IDENTITY_LDAP_SERVER_ADDR
value: "openldap.tenant-external-idp-ldap.svc.cluster.local:389"
- name: MINIO_IDENTITY_LDAP_USERNAME_FORMAT
value: "uid=%s,dc=example,dc=org"
- name: MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER
value: "(|(objectclass=posixAccount)(uid=%s))"
- name: MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY
value: "on"
- name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
value: "on"

3
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenantNamePatch.yaml Normal file
View File

@@ -0,0 +1,3 @@
- op: replace
path: /metadata/name
value: storage-external-idp-ldap

14
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-external-idp-oidc
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

18
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenant.yaml Normal file
View File

@@ -0,0 +1,18 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env:
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
value: "https://your-extenal-idp.com/.well-known/openid-configuration" # Your external identity provide configuration
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: "OPENID CLIENT ID"
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
value: "OPENID CLIENT SECRET"
- name: MINIO_IDENTITY_OPENID_SCOPES
value: "openid,profile,email"
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: "https://min.io/policy"

3
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenantNamePatch.yaml Normal file
View File

@@ -0,0 +1,3 @@
- op: replace
path: /metadata/name
value: storage-external-idp-oidc

62
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml Normal file
View File

@@ -0,0 +1,62 @@
apiVersion: v1
kind: Secret
metadata:
name: kes-configuration
type: Opaque
stringData:
server-config.yaml: |-
address: :7373
root: _ # Effectively disabled since no root identity necessary.
tls:
key: /tmp/kes/server.key # Path to the TLS private key
cert: /tmp/kes/server.crt # Path to the TLS certificate
proxy:
identities: []
header:
cert: X-Tls-Client-Cert
policy:
my-policy:
paths:
- /v1/key/create/*
- /v1/key/generate/*
- /v1/key/decrypt/*
identities:
- ${MINIO_KES_IDENTITY}
cache:
expiry:
any: 5m0s
unused: 20s
log:
error: on
audit: off
keys:
## KES configured with fs (File System mode) doesnt work in Kubernetes environments and it's not recommended
## use a real KMS
# fs:
# path: "./keys" # Path to directory. Keys will be stored as files. Not Recommended for Production.
vault:
endpoint: "http://vault.default.svc.cluster.local:8200" # The Vault endpoint
namespace: "" # An optional Vault namespace. See: https://www.vaultproject.io/docs/enterprise/namespaces/index.html
prefix: "my-minio" # An optional K/V prefix. The server will store keys under this prefix.
approle: # AppRole credentials. See: https://www.vaultproject.io/docs/auth/approle.html
id: "<YOUR APPROLE ID HERE>" # Your AppRole Role ID
secret: "<YOUR APPROLE SECRET ID HERE>" # Your AppRole Secret ID
retry: 15s # Duration until the server tries to re-authenticate after connection loss.
tls: # The Vault client TLS configuration for mTLS authentication and certificate verification
key: "" # Path to the TLS client private key for mTLS authentication to Vault
cert: "" # Path to the TLS client certificate for mTLS authentication to Vault
ca: "" # Path to one or multiple PEM root CA certificates
status: # Vault status configuration. The server will periodically reach out to Vault to check its status.
ping: 10s # Duration until the server checks Vault's status again.
# aws:
# # The AWS SecretsManager key store. The server will store
# # secret keys at the AWS SecretsManager encrypted with
# # AWS-KMS. See: https://aws.amazon.com/secrets-manager
# secretsmanager:
# endpoint: "" # The AWS SecretsManager endpoint - e.g.: secretsmanager.us-east-2.amazonaws.com
# region: "" # The AWS region of the SecretsManager - e.g.: us-east-2
# kmskey: "" # The AWS-KMS key ID used to en/decrypt secrets at the SecretsManager. By default (if not set) the default AWS-KMS key will be used.
# credentials: # The AWS credentials for accessing secrets at the AWS SecretsManager.
# accesskey: "" # Your AWS Access Key
# secretkey: "" # Your AWS Secret Key
# token: "" # Your AWS session token (usually optional)

15
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kustomization.yaml Normal file
View File

@@ -0,0 +1,15 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- kes-configuration-secret.yaml
namespace: tenant-kms-encrypted
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

57
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenant.yaml Normal file
View File

@@ -0,0 +1,57 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Define configuration for KES (stateless and distributed key-management system)
## Refer https://github.com/minio/kes
kes:
image: "" # minio/kes:v0.17.6
replicas: 2
kesSecret:
name: kes-configuration
imagePullPolicy: "IfNotPresent"
## Use this field to provide external certificates for the KES server. TLS for KES pods will be configured
## by mounting a Kubernetes secret under /tmp/kes folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## externalCertSecret:
## name: tls-certificates-for-kes
## type: kubernetes.io/tls
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
externalCertSecret: null
## Use this field to provide client certificates for KES. This can be used to configure
## mTLS for KES and your KMS. Files will be mounted under /tmp/kes folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## clientCertSecret:
## name: mtls-certificates-for-kms
## type: Opaque
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
clientCertSecret: null
## Key name to be created on the KMS, default is "my-minio-key"
keyName: ""
resources: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
tolerations: [ ]
annotations: { }
labels: { }
serviceAccountName: ""
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000

3
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenantNamePatch.yaml Normal file
View File

@@ -0,0 +1,3 @@
- op: replace
path: /metadata/name
value: storage-kms-encrypted

0
portal-ui/tests/scripts/tenant-lite/kustomization.yaml → portal-ui/tests/scripts/examples/kustomization/tenant-lite/kustomization.yaml
View File

2
portal-ui/tests/scripts/tenant-lite/tenant.yaml → portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenant.yaml
View File

@@ -21,4 +21,4 @@ spec:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
storage: 10Gi

0
portal-ui/tests/scripts/tenant-lite/tenantNamePatch.yaml → portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenantNamePatch.yaml
View File

14
portal-ui/tests/scripts/examples/kustomization/tenant-tiny/kustomization.yaml Normal file
View File

@@ -0,0 +1,14 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-tiny
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

25
portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenant.yaml Normal file
View File

@@ -0,0 +1,25 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Specification for MinIO Pool(s) in this Tenant.
pools:
## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
## For standalone mode, supply 1. For distributed mode, supply 4 or more.
## Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 1
## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 4
## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
## Pool.
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

3
portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenantNamePatch.yaml Normal file
View File

@@ -0,0 +1,3 @@
- op: replace
path: /metadata/name
value: storage-tiny

51
portal-ui/tests/scripts/examples/vault/deployment.yaml Normal file
View File

@@ -0,0 +1,51 @@
---
apiVersion: v1
kind: Service
metadata:
name: vault
namespace: default
labels:
name: vault
spec:
ports:
- port: 8200
name: http
selector:
app: vault
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: vault
template:
metadata:
labels:
app: vault
spec:
containers:
- name: vault
image: vault:latest
imagePullPolicy: "IfNotPresent"
env:
- name: SECRET_SHARES
value: "5"
- name: SECRET_THRESHOLD
value: "3"
- name: SELF_SIGNED_CERT
value: "true"
- name: TOTAL_INIT_RETRIES
value: "5"
ports:
- containerPort: 8200
name: http
securityContext:
capabilities:
add:
- IPC_LOCK

3
portal-ui/tests/scripts/examples/vault/kes-policy.hcl Normal file
View File

@@ -0,0 +1,3 @@
path "kv/my-minio/*" {
capabilities = [ "create", "read", "delete" ]
}

56
portal-ui/tests/scripts/operator.sh Normal file → Executable file
View File

@@ -137,21 +137,12 @@ function check_tenant_status() {
# Install tenant function is being used by deploy-tenant and check-prometheus
function install_tenant() {
echo "Check if helm will install the Tenant"
if [ "$1" = "helm" ]; then
namespace=default
key=app
value=minio
helm install --namespace tenant-ns \
--create-namespace tenant minio/tenant
else
namespace=tenant-lite
key=v1.min.io/tenant
value=storage-lite
echo "Installing lite tenant"
namespace=tenant-lite
key=v1.min.io/tenant
value=storage-lite
echo "Installing lite tenant"
try kubectl apply -k "${SCRIPT_DIR}/../examples/kustomization/tenant-lite"
fi
try kubectl apply -k "${SCRIPT_DIR}/examples/kustomization/tenant-lite"
echo "Waiting for the tenant statefulset, this indicates the tenant is being fulfilled"
echo $namespace
@@ -170,25 +161,22 @@ function install_tenant() {
}
__init__() {
export TIMESTAMP=$(date "+%s")
echo $TIMESTAMP > portal-ui/tests/constants/timestamp.txt
export GOPATH=/tmp/gopath
export PATH=${PATH}:${GOPATH}/bin
destroy_kind
setup_kind
install_operator
install_tenant
kubectl proxy
export TIMESTAMP=$(date "+%s")
echo $TIMESTAMP > portal-ui/tests/constants/timestamp.txt
export GOPATH=/tmp/gopath
export PATH=${PATH}:${GOPATH}/bin
destroy_kind
setup_kind
install_operator
install_tenant
echo "kubectl proxy"
kubectl proxy &
echo "yarn start"
yarn start &
echo "console operator"
./console operator &
echo "DONE with kind, yarn and console, next is testcafe"
exit 0
}
main() {
(yarn start &> /dev/null) & (./console operator &> /dev/null) & (testcafe "chrome:headless" portal-ui/tests/operator/ -q --skip-js-errors -c 3)
}
( __init__ "$@" && main "$@" )
( __init__ "$@")