mirrors/object-browser
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Get Operator files for testing (#1613)

Browse Source
This commit is contained in:
Cesar Celis Hernandez
2022-02-22 13:53:39 -05:00
committed by GitHub
parent 4bc90588fb
commit b130c89297
45 changed files with 8 additions and 9599 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
.github/workflows/operator.yaml vendored
View File

@@ -27,6 +27,11 @@ jobs:
node-version: '17'
- name: Check out code into the Go module directory
uses: actions/checkout@v2
- name: Check out operator as a nested repository
uses: actions/checkout@v2
with:
repository: minio/operator
path: operator
- uses: actions/cache@v2
with:
path: |

9
portal-ui/tests/scripts/examples/kustomization/base/kustomization.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: minio-tenant
resources:
- namespace.yaml
- tenant-config.yaml
- tenant-minio-creds-secret_deprecated.yaml
- storage-user.yaml
- tenant.yaml

4
portal-ui/tests/scripts/examples/kustomization/base/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: minio-tenant

9
portal-ui/tests/scripts/examples/kustomization/base/storage-user.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: v1
data:
CONSOLE_ACCESS_KEY: Y29uc29sZQ==
CONSOLE_SECRET_KEY: Y29uc29sZTEyMw==
kind: Secret
metadata:
name: storage-user
namespace: default
type: Opaque

13
portal-ui/tests/scripts/examples/kustomization/base/tenant-config.yaml
View File

@@ -1,13 +0,0 @@
apiVersion: v1
data:
## Tenant credentials, base64 encoded (cat config.env | base64)
## export MINIO_ROOT_USER="minio"
## export MINIO_ROOT_PASSWORD="minio123"
## export MINIO_STORAGE_CLASS_STANDARD="EC:2"
## export MINIO_BROWSER="on"
config.env: ZXhwb3J0IE1JTklPX1JPT1RfVVNFUj0ibWluaW8iCmV4cG9ydCBNSU5JT19ST09UX1BBU1NXT1JEPSJtaW5pbzEyMyIKZXhwb3J0IE1JTklPX1NUT1JBR0VfQ0xBU1NfU1RBTkRBUkQ9IkVDOjIiCmV4cG9ydCBNSU5JT19CUk9XU0VSPSJvbiI=
kind: Secret
metadata:
name: storage-configuration
namespace: minio-tenant
type: Opaque

9
portal-ui/tests/scripts/examples/kustomization/base/tenant-minio-creds-secret_deprecated.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: v1
data:
accessKey: ""
secretKey: ""
kind: Secret
metadata:
name: storage-creds-secret
namespace: minio-tenant
type: Opaque

240
portal-ui/tests/scripts/examples/kustomization/base/tenant.yaml
View File

@@ -1,240 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
## Optionally pass labels to be applied to the statefulset pods
labels:
app: minio
## Optionally pass annotations to be applied to the statefulset pods
annotations:
prometheus.io/path: /minio/v2/metrics/cluster
prometheus.io/port: "9000"
prometheus.io/scrape: "true"
## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.
## If not specified, the Tenant pods will be dispatched by default scheduler.
# scheduler:
# name: my-custom-scheduler
spec:
## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be
## accessible as DNS entries of form `<bucketname>.minio.namespace.svc.cluster.local`
s3:
## This feature is turned off by default
bucketDNS: false
## Create users in the Tenant using this field. Make sure to create secrets per user added here.
## Secret should follow the format used in `minio-creds-secret`.
users:
- name: storage-user
## Create buckets using the console user
# buckets:
# - name: "test-bucket1"
# region: "us-east-1"
# objectLock: true
# - name: "test-bucket2"
# region: "us-east-1"
# objectLock: true
## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName
## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is
## not provided. DNS name format is *.minio.default.svc.cluster.local
certConfig: { }
## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"
## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
## for details.
podManagementPolicy: Parallel
## Secret with credentials and configurations to be used by MinIO Tenant.
configuration:
name: storage-configuration
## DEPRECATED: Secret with credentials to be used by MinIO Tenant.
credsSecret:
name: storage-creds-secret
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env: [ ]
## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific
## services created by the operator.
serviceMetadata:
minioServiceLabels: { }
minioServiceAnnotations: { }
consoleServiceLabels: { }
consoleServiceAnnotations: { }
## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
## This is applied to MinIO pods only.
## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/
priorityClassName: ""
## Use this field to provide one or more external CA certificates. This is used by MinIO
## to verify TLS connections with other applications.
## Certificate secret files will be mounted under /tmp/certs/CAs folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## externalCaCertSecret:
## - name: ca-certificate-1
## type: Opaque
## - name: ca-certificate-2
## type: Opaque
## - name: ca-certificate-3
## type: Opaque
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
externalCaCertSecret: [ ]
## Use this field to provide one or more Secrets with external certificates. This can be used to configure
## TLS for MinIO Tenant pods.
## Certificate secret files will be mounted under /tmp/certs folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## externalCertSecret:
## - name: domain-certificate-1
## type: kubernetes.io/tls
## - name: domain-certificate-2
## type: kubernetes.io/tls
## - name:domain-certificate-3
## type: kubernetes.io/tls
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
externalCertSecret: [ ]
## Use this field to provide client certificates for MinIO & KES. This can be used to configure
## mTLS for MinIO and your KES server. Files will be mounted under /tmp/certs folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
## ie:
##
## externalClientCertSecret:
## name: mtls-certificates-for-tenant
## type: Opaque
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
# externalClientCertSecret: {}
## Registry location and Tag to download MinIO Server image
image: quay.io/minio/minio:RELEASE.2022-01-07T01-53-23Z
imagePullSecret: { }
## Mount path where PV will be mounted inside container(s).
mountPath: /export
## Sub path inside Mount path where MinIO stores data.
subPath: ""
## Service account to be used for all the MinIO Pods
serviceAccountName: ""
## Specification for MinIO Pool(s) in this Tenant.
pools:
## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
## For standalone mode, supply 1. For distributed mode, supply 4 or more.
## Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 4
## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 4
## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be
## eligible to run on a node, the node must have each of the
## indicated key-value pairs as labels.
## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
nodeSelector: { }
## Used to specify a toleration for a pod
tolerations: [ ]
## Affinity settings for MinIO pods. Read more about affinity
## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity.
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
## Configure resource requests and limits for MinIO containers
resources: { }
## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
## Pool.
volumeClaimTemplate:
apiVersion: v1
kind: persistentvolumeclaims
metadata: { }
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Ti
storageClassName: standard
status: { }
## Configure security context
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
## Enable automatic Kubernetes based certificate generation and signing as explained in
## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster
requestAutoCert: true
## Prometheus setup for MinIO Tenant.
prometheus:
image: "" # defaults to quay.io/prometheus/prometheus:latest
sidecarimage: "" # defaults to alpine
initimage: "" # defaults to busybox:1.33.1
diskCapacityGB: 10
storageClassName: standard
annotations: { }
labels: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
resources: { }
serviceAccountName: ""
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000
## Prometheus Operator's Service Monitor for MinIO Tenant Pods.
# prometheusOperator:
# labels:
# app: minio-sm
## LogSearch API setup for MinIO Tenant.
log:
image: "" # defaults to minio/logsearchapi:v4.4.2
resources: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
tolerations: [ ]
annotations: { }
labels: { }
audit:
diskCapacityGB: 10
## Postgres setup for LogSearch API
db:
image: "" # defaults to library/postgres
initimage: "" # defaults to busybox:1.33.1
volumeClaimTemplate:
metadata: { }
spec:
storageClassName: standard
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
resources: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
tolerations: [ ]
annotations: { }
labels: { }
serviceAccountName: ""
securityContext:
runAsUser: 999
runAsGroup: 999
runAsNonRoot: true
fsGroup: 999
serviceAccountName: ""
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000

14
portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/kustomization.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-env-encrypted
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

10
portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenant.yaml
View File

@@ -1,10 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
env:
## Encrypt data using local encryption key from env variables, not recommended for production environments
- name: MINIO_KMS_SECRET_KEY
value: "my-minio-key:OSMM+vkKUTCvQs9YL/CVMIMt43HFhkUpqJxTmGl6rYw="

3
portal-ui/tests/scripts/examples/kustomization/tenant-env-encryption/tenantNamePatch.yaml
View File

@@ -1,3 +0,0 @@
- op: replace
path: /metadata/name
value: storage-env-encrypted

16
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/kustomization.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- openldap.yaml
namespace: tenant-external-idp-ldap
patchesStrategicMerge:
- tenant.yaml
- storage-user.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

89
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/openldap.yaml
View File

@@ -1,89 +0,0 @@
---
apiVersion: v1
kind: ConfigMap
metadata:
name: billy-ldif
data:
billy.ldif: |
# LDIF fragment to create group branch under root
dn: uid=billy,dc=example,dc=org
uid: billy
cn: billy
sn: 3
objectClass: top
objectClass: posixAccount
objectClass: inetOrgPerson
loginShell: /bin/bash
homeDirectory: /home/billy
uidNumber: 14583102
gidNumber: 14564100
userPassword: billy123
mail: billy@example.org
gecos: Billy User
# Create base group
dn: ou=groups,dc=example,dc=org
objectclass:organizationalunit
ou: groups
description: generic groups branch
# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
objectClass: top
objectClass: posixGroup
gidNumber: 678
# Assing group to new user
dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
changetype: modify
add: memberuid
memberuid: billy
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: openldap
spec:
replicas: 1
selector:
matchLabels:
app: openldap
template:
metadata:
labels:
app: openldap
spec:
volumes:
- name: billy-configuration
configMap:
name: billy-ldif
containers:
- name: openldap
image: osixia/openldap:1.3.0
imagePullPolicy: "IfNotPresent"
ports:
- containerPort: 389
name: tcp-ldap
- containerPort: 636
name: tcp-ldap2
volumeMounts:
- name: billy-configuration
mountPath: /tmp/billy.ldif
subPath: billy.ldif
---
apiVersion: v1
kind: Service
metadata:
name: openldap
labels:
name: openldap
spec:
ports:
- name: tcp-ldap
port: 389
targetPort: tcp-ldap
- name: tcp-ldap2
port: 636
targetPort: tcp-ldap2
selector:
app: openldap

9
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/storage-user.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: v1
data:
CONSOLE_ACCESS_KEY: dWlkPWJpbGx5LGRjPWV4YW1wbGUsZGM9b3Jn # "uid=billy,dc=example,dc=org"
CONSOLE_SECRET_KEY: ""
kind: Secret
metadata:
name: storage-user
namespace: default
type: Opaque

20
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenant.yaml
View File

@@ -1,20 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
users:
- name: storage-user
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env:
- name: MINIO_IDENTITY_LDAP_SERVER_ADDR
value: "openldap.tenant-external-idp-ldap.svc.cluster.local:389"
- name: MINIO_IDENTITY_LDAP_USERNAME_FORMAT
value: "uid=%s,dc=example,dc=org"
- name: MINIO_IDENTITY_LDAP_USERNAME_SEARCH_FILTER
value: "(|(objectclass=posixAccount)(uid=%s))"
- name: MINIO_IDENTITY_LDAP_TLS_SKIP_VERIFY
value: "on"
- name: MINIO_IDENTITY_LDAP_SERVER_INSECURE
value: "on"

3
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-ldap/tenantNamePatch.yaml
View File

@@ -1,3 +0,0 @@
- op: replace
path: /metadata/name
value: storage-external-idp-ldap

14
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/kustomization.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-external-idp-oidc
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

18
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenant.yaml
View File

@@ -1,18 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)
env:
- name: MINIO_IDENTITY_OPENID_CONFIG_URL
value: "https://your-extenal-idp.com/.well-known/openid-configuration" # Your external identity provide configuration
- name: MINIO_IDENTITY_OPENID_CLIENT_ID
value: "OPENID CLIENT ID"
- name: MINIO_IDENTITY_OPENID_CLIENT_SECRET
value: "OPENID CLIENT SECRET"
- name: MINIO_IDENTITY_OPENID_SCOPES
value: "openid,profile,email"
- name: MINIO_IDENTITY_OPENID_CLAIM_NAME
value: "https://min.io/policy"

3
portal-ui/tests/scripts/examples/kustomization/tenant-external-idp-oidc/tenantNamePatch.yaml
View File

@@ -1,3 +0,0 @@
- op: replace
path: /metadata/name
value: storage-external-idp-oidc

62
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml
View File

@@ -1,62 +0,0 @@
apiVersion: v1
kind: Secret
metadata:
name: kes-configuration
type: Opaque
stringData:
server-config.yaml: |-
address: :7373
root: _ # Effectively disabled since no root identity necessary.
tls:
key: /tmp/kes/server.key # Path to the TLS private key
cert: /tmp/kes/server.crt # Path to the TLS certificate
proxy:
identities: []
header:
cert: X-Tls-Client-Cert
policy:
my-policy:
paths:
- /v1/key/create/*
- /v1/key/generate/*
- /v1/key/decrypt/*
identities:
- ${MINIO_KES_IDENTITY}
cache:
expiry:
any: 5m0s
unused: 20s
log:
error: on
audit: off
keys:
## KES configured with fs (File System mode) doesnt work in Kubernetes environments and it's not recommended
## use a real KMS
# fs:
# path: "./keys" # Path to directory. Keys will be stored as files. Not Recommended for Production.
vault:
endpoint: "http://vault.default.svc.cluster.local:8200" # The Vault endpoint
namespace: "" # An optional Vault namespace. See: https://www.vaultproject.io/docs/enterprise/namespaces/index.html
prefix: "my-minio" # An optional K/V prefix. The server will store keys under this prefix.
approle: # AppRole credentials. See: https://www.vaultproject.io/docs/auth/approle.html
id: "<YOUR APPROLE ID HERE>" # Your AppRole Role ID
secret: "<YOUR APPROLE SECRET ID HERE>" # Your AppRole Secret ID
retry: 15s # Duration until the server tries to re-authenticate after connection loss.
tls: # The Vault client TLS configuration for mTLS authentication and certificate verification
key: "" # Path to the TLS client private key for mTLS authentication to Vault
cert: "" # Path to the TLS client certificate for mTLS authentication to Vault
ca: "" # Path to one or multiple PEM root CA certificates
status: # Vault status configuration. The server will periodically reach out to Vault to check its status.
ping: 10s # Duration until the server checks Vault's status again.
# aws:
# # The AWS SecretsManager key store. The server will store
# # secret keys at the AWS SecretsManager encrypted with
# # AWS-KMS. See: https://aws.amazon.com/secrets-manager
# secretsmanager:
# endpoint: "" # The AWS SecretsManager endpoint - e.g.: secretsmanager.us-east-2.amazonaws.com
# region: "" # The AWS region of the SecretsManager - e.g.: us-east-2
# kmskey: "" # The AWS-KMS key ID used to en/decrypt secrets at the SecretsManager. By default (if not set) the default AWS-KMS key will be used.
# credentials: # The AWS credentials for accessing secrets at the AWS SecretsManager.
# accesskey: "" # Your AWS Access Key
# secretkey: "" # Your AWS Secret Key
# token: "" # Your AWS session token (usually optional)

15
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/kustomization.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
- kes-configuration-secret.yaml
namespace: tenant-kms-encrypted
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

57
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenant.yaml
View File

@@ -1,57 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Define configuration for KES (stateless and distributed key-management system)
## Refer https://github.com/minio/kes
kes:
image: "" # minio/kes:v0.17.6
replicas: 2
kesSecret:
name: kes-configuration
imagePullPolicy: "IfNotPresent"
## Use this field to provide external certificates for the KES server. TLS for KES pods will be configured
## by mounting a Kubernetes secret under /tmp/kes folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## externalCertSecret:
## name: tls-certificates-for-kes
## type: kubernetes.io/tls
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
externalCertSecret: null
## Use this field to provide client certificates for KES. This can be used to configure
## mTLS for KES and your KMS. Files will be mounted under /tmp/kes folder, supported types:
## Opaque | kubernetes.io/tls | cert-manager.io/v1alpha2 | cert-manager.io/v1
##
## ie:
##
## clientCertSecret:
## name: mtls-certificates-for-kms
## type: Opaque
##
## Create secrets as explained here:
## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
clientCertSecret: null
## Key name to be created on the KMS, default is "my-minio-key"
keyName: ""
resources: { }
nodeSelector: { }
affinity:
nodeAffinity: { }
podAffinity: { }
podAntiAffinity: { }
tolerations: [ ]
annotations: { }
labels: { }
serviceAccountName: ""
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
fsGroup: 1000

3
portal-ui/tests/scripts/examples/kustomization/tenant-kes-encryption/tenantNamePatch.yaml
View File

@@ -1,3 +0,0 @@
- op: replace
path: /metadata/name
value: storage-kms-encrypted

14
portal-ui/tests/scripts/examples/kustomization/tenant-lite/kustomization.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-lite
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

24
portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenant.yaml
View File

@@ -1,24 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Specification for MinIO Pool(s) in this Tenant.
pools:
## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
## For standalone mode, supply 1. For distributed mode, supply 4 or more.
## Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 4
## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 2
## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this Pool.
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

3
portal-ui/tests/scripts/examples/kustomization/tenant-lite/tenantNamePatch.yaml
View File

@@ -1,3 +0,0 @@
- op: replace
path: /metadata/name
value: storage-lite

14
portal-ui/tests/scripts/examples/kustomization/tenant-tiny/kustomization.yaml
View File

@@ -1,14 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
namespace: tenant-tiny
patchesStrategicMerge:
- tenant.yaml
patchesJson6902:
- target:
group: minio.min.io
version: v2
kind: Tenant
name: storage
path: tenantNamePatch.yaml

25
portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenant.yaml
View File

@@ -1,25 +0,0 @@
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Specification for MinIO Pool(s) in this Tenant.
pools:
## Servers specifies the number of MinIO Tenant Pods / Servers in this pool.
## For standalone mode, supply 1. For distributed mode, supply 4 or more.
## Note that the operator does not support upgrading from standalone to distributed mode.
- servers: 1
## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server.
volumesPerServer: 4
## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this
## Pool.
volumeClaimTemplate:
metadata:
name: data
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi

3
portal-ui/tests/scripts/examples/kustomization/tenant-tiny/tenantNamePatch.yaml
View File

@@ -1,3 +0,0 @@
- op: replace
path: /metadata/name
value: storage-tiny

51
portal-ui/tests/scripts/examples/vault/deployment.yaml
View File

@@ -1,51 +0,0 @@
---
apiVersion: v1
kind: Service
metadata:
name: vault
namespace: default
labels:
name: vault
spec:
ports:
- port: 8200
name: http
selector:
app: vault
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: vault
namespace: default
spec:
replicas: 1
selector:
matchLabels:
app: vault
template:
metadata:
labels:
app: vault
spec:
containers:
- name: vault
image: vault:latest
imagePullPolicy: "IfNotPresent"
env:
- name: SECRET_SHARES
value: "5"
- name: SECRET_THRESHOLD
value: "3"
- name: SELF_SIGNED_CERT
value: "true"
- name: TOTAL_INIT_RETRIES
value: "5"
ports:
- containerPort: 8200
name: http
securityContext:
capabilities:
add:
- IPC_LOCK

3
portal-ui/tests/scripts/examples/vault/kes-policy.hcl
View File

@@ -1,3 +0,0 @@
path "kv/my-minio/*" {
capabilities = [ "create", "read", "delete" ]
}

9
portal-ui/tests/scripts/kind-config.yaml
View File

@@ -1,9 +0,0 @@
# four node (two workers) cluster config
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
- role: worker
- role: worker
- role: worker

6
portal-ui/tests/scripts/operator.sh
View File

@@ -36,7 +36,7 @@ die() {
try() { "$@" || die "cannot $*"; }
function setup_kind() {
try kind create cluster --config "${SCRIPT_DIR}/kind-config.yaml"
try kind create cluster --config "${SCRIPT_DIR}/../../../operator/testing/kind-config.yaml"
echo "Kind is ready"
try kubectl get nodes
}
@@ -44,7 +44,7 @@ function setup_kind() {
function install_operator() {
echo "Installing Current Operator"
try kubectl apply -k "${SCRIPT_DIR}/resources"
try kubectl apply -k "${SCRIPT_DIR}/../../../operator/resources"
echo "key, value for pod selector in kustomize test"
key=name
@@ -142,7 +142,7 @@ function install_tenant() {
value=storage-lite
echo "Installing lite tenant"
try kubectl apply -k "${SCRIPT_DIR}/examples/kustomization/tenant-lite"
try kubectl apply -k "${SCRIPT_DIR}/../../../operator/examples/kustomization/tenant-lite"
echo "Waiting for the tenant statefulset, this indicates the tenant is being fulfilled"
echo $namespace

27
portal-ui/tests/scripts/resources/assets.go
View File

@@ -1,27 +0,0 @@
// This file is part of MinIO Console Server
// Copyright (c) 2021 MinIO, Inc.
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
package resources
import "embed"
//go:embed *
var fs embed.FS
// GetStaticResources returns the fs with the embedded assets
func GetStaticResources() embed.FS {
return fs
}

12
portal-ui/tests/scripts/resources/base/cluster-role-binding.yaml
View File

@@ -1,12 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: minio-operator-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: minio-operator-role
subjects:
- kind: ServiceAccount
name: minio-operator
namespace: default

130
portal-ui/tests/scripts/resources/base/cluster-role.yaml
View File

@@ -1,130 +0,0 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: minio-operator-role
rules:
- apiGroups:
- "apiextensions.k8s.io"
resources:
- customresourcedefinitions
verbs:
- get
- update
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- update
- list
- apiGroups:
- ""
resources:
- namespaces
verbs:
- get
- watch
- list
- apiGroups:
- ""
resources:
- pods
- services
- events
- configmaps
verbs:
- get
- watch
- create
- list
- delete
- deletecollection
- update
- patch
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- create
- update
- list
- delete
- deletecollection
- apiGroups:
- apps
resources:
- statefulsets
- deployments
- deployments/finalizers
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- "certificates.k8s.io"
resources:
- "certificatesigningrequests"
- "certificatesigningrequests/approval"
- "certificatesigningrequests/status"
verbs:
- update
- create
- get
- delete
- apiGroups:
- certificates.k8s.io
resourceNames:
- kubernetes.io/legacy-unknown
- kubernetes.io/kube-apiserver-client
- kubernetes.io/kubelet-serving
resources:
- signers
verbs:
- approve
- sign
- apiGroups:
- minio.min.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- min.io
resources:
- "*"
verbs:
- "*"
- apiGroups:
- monitoring.coreos.com
resources:
- prometheuses
verbs:
- '*'
- apiGroups:
- "coordination.k8s.io"
resources:
- leases
verbs:
- get
- update
- create

310
portal-ui/tests/scripts/resources/base/console-ui.yaml
View File

@@ -1,310 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: console-sa
namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: console-sa-role
rules:
- apiGroups:
- ""
resources:
- secrets
verbs:
- get
- watch
- create
- list
- patch
- update
- deletecollection
- apiGroups:
- ""
resources:
- namespaces
- services
- events
- resourcequotas
- nodes
verbs:
- get
- watch
- create
- list
- patch
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- watch
- create
- list
- patch
- delete
- deletecollection
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- deletecollection
- list
- get
- watch
- update
- apiGroups:
- storage.k8s.io
resources:
- storageclasses
verbs:
- get
- watch
- create
- list
- patch
- apiGroups:
- apps
resources:
- statefulsets
- deployments
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- batch
resources:
- jobs
verbs:
- get
- create
- list
- patch
- watch
- update
- delete
- apiGroups:
- certificates.k8s.io
resources:
- certificatesigningrequests
- certificatesigningrequests/approval
- certificatesigningrequests/status
verbs:
- update
- create
- get
- apiGroups:
- minio.min.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- min.io
resources:
- '*'
verbs:
- '*'
- apiGroups:
- ""
resources:
- persistentvolumes
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ""
resources:
- persistentvolumeclaims
verbs:
- get
- list
- watch
- update
- apiGroups:
- ""
resources:
- events
verbs:
- create
- list
- watch
- update
- patch
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshots
verbs:
- get
- list
- apiGroups:
- snapshot.storage.k8s.io
resources:
- volumesnapshotcontents
verbs:
- get
- list
- apiGroups:
- storage.k8s.io
resources:
- csinodes
verbs:
- get
- list
- watch
- apiGroups:
- storage.k8s.io
resources:
- volumeattachments
verbs:
- get
- list
- watch
- apiGroups:
- ""
resources:
- endpoints
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- coordination.k8s.io
resources:
- leases
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- direct.csi.min.io
resources:
- volumes
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- apiextensions.k8s.io
resources:
- customresourcedefinitions
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- direct.csi.min.io
resources:
- directcsidrives
- directcsivolumes
verbs:
- get
- list
- watch
- create
- update
- delete
- apiGroups:
- ""
resources:
- pod
- pods/log
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: console-sa-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: console-sa-role
subjects:
- kind: ServiceAccount
name: console-sa
namespace: default
---
apiVersion: v1
data:
CONSOLE_PORT: "9090"
CONSOLE_TLS_PORT: "9443"
kind: ConfigMap
metadata:
name: console-env
---
apiVersion: v1
kind: Service
metadata:
labels:
name: console
name: console
spec:
ports:
- name: http
port: 9090
- name: https
port: 9443
selector:
app: console
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: console
spec:
replicas: 1
selector:
matchLabels:
app: console
template:
metadata:
labels:
app: console
spec:
containers:
- args:
- server
env:
- name: CONSOLE_OPERATOR_MODE
value: "on"
image: minio/console:v0.14.2
imagePullPolicy: IfNotPresent
name: console
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
ports:
- containerPort: 9090
name: http
- containerPort: 9433
name: https
serviceAccountName: console-sa

8240
portal-ui/tests/scripts/resources/base/crds/minio.min.io_tenants.yaml
View File

File diff suppressed because it is too large Load Diff

39
portal-ui/tests/scripts/resources/base/deployment.yaml
View File

@@ -1,39 +0,0 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio-operator
namespace: minio-operator
spec:
replicas: 2
selector:
matchLabels:
name: minio-operator
template:
metadata:
labels:
name: minio-operator
spec:
serviceAccountName: minio-operator
containers:
- name: minio-operator
image: minio/operator:v4.4.6
imagePullPolicy: IfNotPresent
resources:
requests:
cpu: 200m
memory: 256Mi
ephemeral-storage: 500Mi
securityContext:
runAsUser: 1000
runAsGroup: 1000
runAsNonRoot: true
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: name
operator: In
values:
- minio-operator
topologyKey: kubernetes.io/hostname

6
portal-ui/tests/scripts/resources/base/kustomization.yaml
View File

@@ -1,6 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- crds/minio.min.io_tenants.yaml

4
portal-ui/tests/scripts/resources/base/namespace.yaml
View File

@@ -1,4 +0,0 @@
apiVersion: v1
kind: Namespace
metadata:
name: minio-operator

5
portal-ui/tests/scripts/resources/base/service-account.yaml
View File

@@ -1,5 +0,0 @@
apiVersion: v1
kind: ServiceAccount
metadata:
name: minio-operator
namespace: default

15
portal-ui/tests/scripts/resources/base/service.yaml
View File

@@ -1,15 +0,0 @@
apiVersion: v1
kind: Service
metadata:
name: operator # Please do not change this value
labels:
name: minio-operator
namespace: minio-operator
spec:
type: ClusterIP
ports:
- port: 4222
name: https
selector:
name: minio-operator
operator: leader

17
portal-ui/tests/scripts/resources/kustomization.yaml
View File

@@ -1,17 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
namespace: minio-operator
commonAnnotations:
operator.min.io/authors: "MinIO, Inc."
operator.min.io/license: "AGPLv3"
operator.min.io/support: "https://subnet.min.io"
resources:
- base/namespace.yaml
- base/service-account.yaml
- base/cluster-role.yaml
- base/cluster-role-binding.yaml
- base/crds/minio.min.io_tenants.yaml
- base/service.yaml
- base/deployment.yaml
- base/console-ui.yaml

16
portal-ui/tests/scripts/resources/patch-crd/crd-conversion.yaml
View File

@@ -1,16 +0,0 @@
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: tenants.minio.min.io
spec:
preserveUnknownFields: false
conversion:
strategy: Webhook
webhook:
conversionReviewVersions: [ "v1", "v2" ]
clientConfig:
service:
name: operator
namespace: minio-operator
port: 4222
path: /webhook/v1/crd-conversion

9
portal-ui/tests/scripts/resources/patch-crd/kustomization.yaml
View File

@@ -1,9 +0,0 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../base
patchesStrategicMerge:
- crd-conversion.yaml