mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Annotations, Labels and NodeSelector fields (#285)

Browse Source 
For Console/Encryption objects in the  CreateTenant Api
This commit is contained in:
Lenin Alevski
2020-09-22 15:50:37 -07:00
committed by GitHub
parent e5f7870f5e
commit 86426e95f7
11 changed files with 653 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
restapi/admin_tenants.go
View File

@@ -514,7 +514,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
CredsSecret: &corev1.LocalObjectReference{
Name: secretName,
},
Env: envrionmentVariables,
Env: envrionmentVariables,
KES: &operator.KESConfig{},
Console: &operator.ConsoleConfiguration{},
},
}
idpEnabled := false
@@ -569,16 +571,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
}
isEncryptionAvailable := false
isEncryptionEnabled := false
if tenantReq.EnableTLS != nil && *tenantReq.EnableTLS {
// If user request autoCert, Operator will generate certificate keypair for MinIO (server), Console (server) and KES (server and app mTLS)
isEncryptionAvailable = true
isEncryptionEnabled = true
minInst.Spec.RequestAutoCert = *tenantReq.EnableTLS
}
if !minInst.Spec.RequestAutoCert && tenantReq.TLS != nil && tenantReq.TLS.Minio != nil {
// User provided TLS certificates for MinIO
isEncryptionAvailable = true
isEncryptionEnabled = true
// disable autoCert
minInst.Spec.RequestAutoCert = false
// Certificates used by the MinIO instance
@@ -590,7 +592,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
minInst.Spec.ExternalCertSecret = externalCertSecret
}
if tenantReq.Encryption != nil && isEncryptionAvailable {
if tenantReq.Encryption != nil && isEncryptionEnabled {
// Enable auto encryption
minInst.Spec.Env = append(minInst.Spec.Env, corev1.EnvVar{
Name: "MINIO_KMS_AUTO_ENCRYPTION",
@@ -611,6 +613,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
}
// Set Labels, Annotations and Node Selector for KES
if isEncryptionEnabled && tenantReq.Encryption != nil {
minInst.Spec.KES.Labels = tenantReq.Encryption.Labels
minInst.Spec.KES.Annotations = tenantReq.Encryption.Annotations
minInst.Spec.KES.NodeSelector = tenantReq.Encryption.NodeSelector
}
// optionals are set below
var consoleAccess string
var consoleSecret string
@@ -689,6 +698,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
}
minInst.Spec.Console.ExternalCertSecret = externalCertSecret
}
// Set Labels, Annotations and Node Selector for Console
if tenantReq.Console != nil {
minInst.Spec.Console.Annotations = tenantReq.Console.Annotations
minInst.Spec.Console.Labels = tenantReq.Console.Labels
minInst.Spec.Console.NodeSelector = tenantReq.Console.NodeSelector
}
}
// set the service name if provided

1
restapi/admin_tenants_helper.go
View File

@@ -195,7 +195,6 @@ func getKESConfiguration(ctx context.Context, clientSet K8sClientI, ns string, e
kesConfiguration = &operator.KESConfig{
Image: "minio/kes:v0.11.0",
Replicas: 1,
Metadata: nil,
}
// Using custom image for KES
if encryptionCfg.Image != "" {

190
restapi/embedded_spec.go
View File

@@ -2213,6 +2213,21 @@ func init() {
}
}
},
"consoleConfiguration": {
"allOf": [
{
"$ref": "#/definitions/metadataFields"
},
{
"type": "object",
"properties": {
"image": {
"type": "string"
}
}
}
]
},
"createTenantRequest": {
"type": "object",
"required": [
@@ -2230,6 +2245,10 @@ func init() {
"type": "string"
}
},
"console": {
"type": "object",
"$ref": "#/definitions/consoleConfiguration"
},
"console_image": {
"type": "string"
},
@@ -2330,32 +2349,39 @@ func init() {
}
},
"encryptionConfiguration": {
"type": "object",
"properties": {
"aws": {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
"allOf": [
{
"$ref": "#/definitions/metadataFields"
},
"client": {
{
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"gemalto": {
"type": "object",
"$ref": "#/definitions/gemaltoConfiguration"
},
"image": {
"type": "string"
},
"server": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"vault": {
"type": "object",
"$ref": "#/definitions/vaultConfiguration"
"properties": {
"aws": {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
},
"client": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"gemalto": {
"type": "object",
"$ref": "#/definitions/gemaltoConfiguration"
},
"image": {
"type": "string"
},
"server": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"vault": {
"type": "object",
"$ref": "#/definitions/vaultConfiguration"
}
}
}
}
]
},
"error": {
"type": "object",
@@ -2731,6 +2757,29 @@ func init() {
}
}
},
"metadataFields": {
"type": "object",
"properties": {
"annotations": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"node_selector": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
}
},
"nodeSelectorTerm": {
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"type": "object",
@@ -6432,6 +6481,21 @@ func init() {
}
}
},
"consoleConfiguration": {
"allOf": [
{
"$ref": "#/definitions/metadataFields"
},
{
"type": "object",
"properties": {
"image": {
"type": "string"
}
}
}
]
},
"createTenantRequest": {
"type": "object",
"required": [
@@ -6449,6 +6513,10 @@ func init() {
"type": "string"
}
},
"console": {
"type": "object",
"$ref": "#/definitions/consoleConfiguration"
},
"console_image": {
"type": "string"
},
@@ -6549,32 +6617,39 @@ func init() {
}
},
"encryptionConfiguration": {
"type": "object",
"properties": {
"aws": {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
"allOf": [
{
"$ref": "#/definitions/metadataFields"
},
"client": {
{
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"gemalto": {
"type": "object",
"$ref": "#/definitions/gemaltoConfiguration"
},
"image": {
"type": "string"
},
"server": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"vault": {
"type": "object",
"$ref": "#/definitions/vaultConfiguration"
"properties": {
"aws": {
"type": "object",
"$ref": "#/definitions/awsConfiguration"
},
"client": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"gemalto": {
"type": "object",
"$ref": "#/definitions/gemaltoConfiguration"
},
"image": {
"type": "string"
},
"server": {
"type": "object",
"$ref": "#/definitions/keyPairConfiguration"
},
"vault": {
"type": "object",
"$ref": "#/definitions/vaultConfiguration"
}
}
}
}
]
},
"error": {
"type": "object",
@@ -6950,6 +7025,29 @@ func init() {
}
}
},
"metadataFields": {
"type": "object",
"properties": {
"annotations": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"labels": {
"type": "object",
"additionalProperties": {
"type": "string"
}
},
"node_selector": {
"type": "object",
"additionalProperties": {
"type": "string"
}
}
}
},
"nodeSelectorTerm": {
"description": "A null or empty node selector term matches no objects. The requirements of them are ANDed. The TopologySelectorTerm type implements a subset of the NodeSelectorTerm.",
"type": "object",