update to v0.7.4

Add Sync, Bandwidth and Health Check Period to replication set (#771 )
* Add Sync, Bandwidth and Health Check Period to replication set Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * Update Columns Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * Add Prefix and Tags Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> * Last fields Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com>
2021-05-27 16:32:21 -07:00 · 2021-05-27 16:25:00 -07:00 · 2021-05-26 10:54:27 -07:00 · 2021-05-25 16:16:15 -07:00 · 2021-05-24 14:10:12 -07:00 · 2021-05-24 11:53:05 -07:00
1197 changed files with 132547 additions and 41963 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,6 +1,7 @@
 node_modules/
 dist/
 target/
-mcs
-!mcs/
+console
+!console/
 portal-ui/node_modules/
+.git/
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,52 @@
+name: "Code scanning - action"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 19 * * 0'
+
+jobs:
+  CodeQL-Build:
+
+    # CodeQL runs on ubuntu-latest and windows-latest
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    # If this run was triggered by a pull request event, then checkout
+    # the head of the pull request instead of the merge commit.
+    - run: git checkout HEAD^2
+      if: ${{ github.event_name == 'pull_request' }}
+      
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      # Override language selection by uncommenting this and choosing your languages
+      # with:
+      #   languages: go, javascript, csharp, python, cpp, java
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1
--- a/.github/workflows/go.yml
+++ b/.github/workflows/go.yml
@@ -3,10 +3,10 @@ name: Go
 on:
  pull_request:
    branches:
-    - master
+      - master
  push:
    branches:
-    - master
+      - master

 jobs:
  build:
@@ -14,7 +14,7 @@ jobs:
    runs-on: ${{ matrix.os }}
    strategy:
      matrix:
-        go-version: [1.13.x, 1.14.x]
+        go-version: [1.16.x]
        os: [ubuntu-latest]
    steps:
      - name: Set up Go ${{ matrix.go-version }} on ${{ matrix.os }}
@@ -33,4 +33,5 @@ jobs:
        run: |
          make verifiers
          make test
-          make mcs
+          make crosscompile
+          make console
--- a/.github/workflows/react.yml
+++ b/.github/workflows/react.yml
@@ -0,0 +1,15 @@
+name: "React Tests"
+on:
+  push:
+  pull_request:
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v2
+      - name: Install modules
+        working-directory: ./portal-ui
+        run: yarn
+      - name: Run tests
+        working-directory: ./portal-ui
+        run: yarn test
--- a/.gitignore
+++ b/.gitignore
@@ -19,11 +19,15 @@ vendor/

 # Ignore executables
 target/
-mcs
-!mcs/
+console
+!console/

 dist/

+# Ignore node_modules
+
+portal-ui/node_modules/
+
 # Ignore tls cert and key
 private.key
 public.crt
@@ -31,4 +35,5 @@ public.crt
 # Ignore VsCode files
 .vscode/
 *.code-workspace
-*~
+*~
+.eslintcache
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -21,4 +21,8 @@ linters:
    - structcheck

 service:
-  golangci-lint-version: 1.21.0 # use the fixed version to not introduce new linters unexpectedly
+  golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
+
+run:
+  skip-dirs:
+    - pkg/clientgen
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -1,75 +1,140 @@
 # This is an example goreleaser.yaml file with some sane defaults.
 # Make sure to check the documentation at http://goreleaser.com
-project_name: mcs
+project_name: console
+
+release:
+   name_template: "Release version {{.Tag}}"
+   github:
+    owner: minio
+    name: console
+   extra_files:
+     - glob: "*.minisig"

 before:
  hooks:
    # you may remove this if you don't use vgo
    - go mod tidy
+
 builds:
  -
    goos:
-      - freebsd
-      - windows
      - linux
      - darwin
+      - windows
    goarch:
      - amd64
+      - ppc64le
+      - s390x
      - arm64
+    ignore:
+      - goos: darwin
+        goarch: arm
+      - goos: windows
+        goarch: arm64
+      - goos: windows
+        goarch: arm
+
    env:
      - CGO_ENABLED=0
-    main: ./cmd/mcs/
+
+    main: ./cmd/console/
+
    flags:
      - -trimpath
      - --tags=kqueue
+
    ldflags:
-      - -s -w -X github.com/minio/mcs/pkg.ReleaseTag={{.Tag}} -X github.com/minio/mcs/pkg.CommitID={{.FullCommit}} -X github.com/minio/mcs/pkg.Version={{.Version}} -X github.com/minio/mcs/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/mcs/pkg.ReleaseTime={{.Date}}
+      - -s -w -X github.com/minio/console/pkg.ReleaseTag={{.Tag}} -X github.com/minio/console/pkg.CommitID={{.FullCommit}} -X github.com/minio/console/pkg.Version={{.Version}} -X github.com/minio/console/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/console/pkg.ReleaseTime={{.Date}}
+
 archives:
  -
+    name_template: "{{ .ProjectName }}-{{ .Os }}-{{ .Arch }}"
+    format: binary
    replacements:
-      darwin: Darwin
-      linux: Linux
-      windows: Windows
-      freebsd: FreeBSD
-      amd64: x86_64
-    format_overrides:
-      - goos: windows
-        format: zip
-    files:
-      - README.md
-      - LICENSE
-checksum:
-  name_template: 'checksums.txt'
+      arm: arm
+
+signs:
+  -
+    signature: "${artifact}.minisig"
+    cmd: "sh"
+    args:
+      - '-c'
+      - 'minisign -s /media/${USER}/minio/minisign.key -Sm ${artifact} < /media/${USER}/minio/minisign-passphrase'
+    artifacts: all
+
 snapshot:
-  name_template: 'snapshot-{{ time "2006-01-02" }}'
+  name_template: v0.0.0@{{.ShortCommit}}
+
 changelog:
  sort: asc
-  filters:
-    exclude:
-      - '^docs:'
-      - '^test:'
+
 nfpms:
  -
-    vendor: MinIO Inc.
-    homepage: https://github.com/minio/mcs
-    maintainer: MinIO <minio@minio.io>
+    vendor: MinIO, Inc.
+    homepage: https://github.com/minio/console
+    maintainer: MinIO Development <dev@min.io>
    description: MinIO Console Server
    license: GNU Affero General Public License v3.0
    formats:
      - deb
      - rpm
-    replacements:
-      darwin: Darwin
-      linux: Linux
-      freebsd: FreeBSD
-      amd64: x86_64
+    contents:
+      # Basic file that applies to all packagers
+      - src: systemd/console.service
+        dst: /etc/systemd/system/minio-console.service
+
 dockers:
-  -
-    # GOOS of the built binary that should be used.
-    goos: linux
-    # GOARCH of the built binary that should be used.
-    goarch: amd64
-    dockerfile: Dockerfile.release
-    image_templates:
-      - "minio/mcs:{{ .Tag }}"
-      - "minio/mcs:latest"
+- image_templates:
+  - "minio/console:{{ .Tag }}-amd64"
+  use_buildx: true
+  goarch: amd64
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/amd64"
+- image_templates:
+  - "minio/console:{{ .Tag }}-ppc64le"
+  use_buildx: true
+  goarch: ppc64le
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/ppc64le"
+- image_templates:
+  - "minio/console:{{ .Tag }}-s390x"
+  use_buildx: true
+  goarch: s390x
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/s390x"
+- image_templates:
+  - "minio/console:{{ .Tag }}-arm64"
+  use_buildx: true
+  goarch: arm64
+  goos: linux
+  dockerfile: Dockerfile.release
+  extra_files:
+    - LICENSE
+    - CREDITS
+  build_flag_templates:
+  - "--platform=linux/arm64"
+docker_manifests:
+- name_template: minio/console:{{ .Tag }}
+  image_templates:
+  - minio/console:{{ .Tag }}-amd64
+  - minio/console:{{ .Tag }}-arm64
+  - minio/console:{{ .Tag }}-ppc64le
+  - minio/console:{{ .Tag }}-s390x
+- name_template: minio/console:latest
+  image_templates:
+  - minio/console:{{ .Tag }}-amd64
+  - minio/console:{{ .Tag }}-arm64
+  - minio/console:{{ .Tag }}-ppc64le
+  - minio/console:{{ .Tag }}-s390x
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -20,7 +20,7 @@ make swagger-gen

 This will update all the necessary code.

-`./restapi/configure_mcs.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.
+`./restapi/configure_console.go` is a file that contains the handlers to be used by the application, here is the only place where we need to update our code to support the new apis. This file is not affected when running the swagger generator and it is safe to edit.

 ## Unit Tests
 `./restapi/handlers_test.go` needs to be updated with the proper tests for the new api.
@@ -47,7 +47,7 @@ $ git push origin my-new-feature
 Pull requests can be created via GitHub. Refer to [this document](https://help.github.com/articles/creating-a-pull-request/) for detailed steps on how to create a pull request. After a Pull Request gets peer reviewed and approved, it will be merged.

 ## FAQs
-### How does ``mcs`` manages dependencies?
+### How does ``console`` manages dependencies?
 ``MinIO`` uses `go mod` to manage its dependencies.
 - Run `go get foo/bar` in the source folder to add the dependency to `go.mod` file.

@@ -55,5 +55,5 @@ To remove a dependency
 - Edit your code and remove the import reference.
 - Run `go mod tidy` in the source folder to remove dependency from `go.mod` file.

-### What are the coding guidelines for mcs?
-``mcs`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
+### What are the coding guidelines for console?
+``console`` is fully conformant with Golang style. Refer: [Effective Go](https://github.com/golang/go/wiki/CodeReviewComments) article from Golang project. If you observe offending code, please feel free to send a pull request or ping us on [Slack](https://slack.min.io).
--- a/6552
+++ b/6552
--- a/DEVELOPMENT.md
+++ b/DEVELOPMENT.md
@@ -1,4 +1,4 @@
-# LDAP authentication with MCS
+# LDAP authentication with Console

 ## Setup

@@ -11,44 +11,11 @@ $ docker run --rm -p 389:389 -p 636:636 --name my-openldap-container --detach os
 Run the `billy.ldif` file using `ldapadd` command to create a new user and assign it to a group.

 ```
-$ cat > billy.ldif << EOF
-# LDIF fragment to create group branch under root
-dn: uid=billy,dc=example,dc=org
-uid: billy
-cn: billy
-sn: 3
-objectClass: top
-objectClass: posixAccount
-objectClass: inetOrgPerson
-loginShell: /bin/bash
-homeDirectory: /home/billy
-uidNumber: 14583102
-gidNumber: 14564100
-userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
-mail: billy@example.org
-gecos: Billy User
-# Create base group
-dn: ou=groups,dc=example,dc=org
-objectclass:organizationalunit
-ou: groups
-description: generic groups branch
-# create mcsAdmin group (this already exists on minio and have a policy of s3::*)
-dn: cn=mcsAdmin,ou=groups,dc=example,dc=org
-objectClass: top
-objectClass: posixGroup
-gidNumber: 678
-# Assing group to new user
-dn: cn=mcsAdmin,ou=groups,dc=example,dc=org
-changetype: modify
-add: memberuid
-memberuid: billy
-EOF
-
-$ docker cp billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif
-$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost -ZZ
+$ docker cp console/docs/ldap/billy.ldif my-openldap-container:/container/service/slapd/assets/test/billy.ldif
+$ docker exec my-openldap-container ldapadd -x -D "cn=admin,dc=example,dc=org" -w admin -f /container/service/slapd/assets/test/billy.ldif -H ldap://localhost
 ```

-Query the ldap server to check the user billy was created correctly and got assigned to the mcsAdmin group, you should get a list 
+Query the ldap server to check the user billy was created correctly and got assigned to the consoleAdmin group, you should get a list 
 containing ldap users and groups.

 ```
@@ -73,9 +40,9 @@ Re-enter new password:
 Enter LDAP Password:
 ```

-### Add the mcsAdmin policy to user billy on MinIO
+### Add the consoleAdmin policy to user billy on MinIO
 ```
-$ cat > mcsAdmin.json << EOF
+$ cat > consoleAdmin.json << EOF
 {
  "Version": "2012-10-17",
  "Statement": [
@@ -99,8 +66,8 @@ $ cat > mcsAdmin.json << EOF
  ]
 }
 EOF
-$ mc admin policy add myminio mcsAdmin mcsAdmin.json
-$ mc admin policy set myminio mcsAdmin user=billy
+$ mc admin policy add myminio consoleAdmin consoleAdmin.json
+$ mc admin policy set myminio consoleAdmin user="uid=billy,dc=example,dc=org"
 ```

 ## Run MinIO
@@ -116,12 +83,9 @@ export MINIO_IDENTITY_LDAP_SERVER_INSECURE=on
 ./minio server ~/Data
 ```

-## Run MCS
+## Run Console

 ```
-export MCS_ACCESS_KEY=minio
-export MCS_SECRET_KEY=minio123
-...
-export MCS_LDAP_ENABLED=on
-./mcs server
+export CONSOLE_LDAP_ENABLED=on
+./console server
 ```
--- a/39
+++ b/39
@@ -1,25 +1,42 @@
-FROM golang:1.13
+FROM node:10 as uilayer

-ADD go.mod /go/src/github.com/minio/mcs/go.mod
-ADD go.sum /go/src/github.com/minio/mcs/go.sum
-WORKDIR /go/src/github.com/minio/mcs/
+WORKDIR /app
+
+COPY ./portal-ui/package.json ./
+COPY ./portal-ui/yarn.lock ./
+RUN yarn install
+
+COPY ./portal-ui .
+
+RUN yarn install && make build-static
+
+USER node
+
+FROM golang:1.16 as golayer
+
+RUN apt-get update -y && apt-get install -y ca-certificates
+
+ADD go.mod /go/src/github.com/minio/console/go.mod
+ADD go.sum /go/src/github.com/minio/console/go.sum
+WORKDIR /go/src/github.com/minio/console/

 # Get dependencies - will also be cached if we won't change mod/sum
 RUN go mod download

-ADD . /go/src/github.com/minio/mcs/
-WORKDIR /go/src/github.com/minio/mcs/
+ADD . /go/src/github.com/minio/console/
+WORKDIR /go/src/github.com/minio/console/

 ENV CGO_ENABLED=0

-RUN apt-get update -y && apt-get install -y ca-certificates
-RUN go build -ldflags "-w -s" -a -o mcs ./cmd/mcs
+COPY --from=uilayer /app/build /go/src/github.com/minio/console/portal-ui/build
+RUN go build -ldflags "-w -s" -a -o console ./cmd/console

 FROM scratch
 MAINTAINER MinIO Development "dev@min.io"
 EXPOSE 9090

-COPY --from=0 /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
-COPY --from=0 /go/src/github.com/minio/mcs/mcs .

-CMD ["/mcs"]
+COPY --from=golayer /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
+COPY --from=golayer /go/src/github.com/minio/console/console .
+
+ENTRYPOINT ["/console"]
--- a/Dockerfile.assets
+++ b/Dockerfile.assets
@@ -0,0 +1,13 @@
+FROM node:10 as uilayer
+
+WORKDIR /app
+
+COPY ./portal-ui/package.json ./
+COPY ./portal-ui/yarn.lock ./
+RUN yarn install
+
+COPY ./portal-ui .
+
+RUN yarn install && make build-static
+
+USER node
--- a/Dockerfile.release
+++ b/Dockerfile.release
@@ -1,6 +1,21 @@
-FROM scratch
-MAINTAINER MinIO Development "dev@min.io"
-EXPOSE 9090
-COPY mcs /mcs
+FROM registry.access.redhat.com/ubi8/ubi-minimal:8.3

-ENTRYPOINT ["/mcs"]
+COPY CREDITS /licenses/CREDITS
+COPY LICENSE /licenses/LICENSE
+
+LABEL name="MinIO" \
+      vendor="MinIO Inc <dev@min.io>" \
+      maintainer="MinIO Inc <dev@min.io>" \
+      version="v0.6.6" \
+      release="v0.6.6" \
+      summary="A graphical user interface for MinIO" \
+      description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads."
+
+RUN \
+     microdnf update --nodocs && \
+     microdnf install ca-certificates --nodocs
+
+EXPOSE 9090
+COPY console /console
+
+ENTRYPOINT ["/console"]
--- a/51
+++ b/51
@@ -1,12 +1,21 @@
 PWD := $(shell pwd)
 GOPATH := $(shell go env GOPATH)
+# Sets the build version based on the output of the following command, if we are building for a tag, that's the build else it uses the current git branch as the build
+BUILD_VERSION:=$(shell git describe --exact-match --tags $(git log -n1 --pretty='%h') 2>/dev/null || git rev-parse --abbrev-ref HEAD 2>/dev/null)
+BUILD_TIME:=$(shell date 2>/dev/null)
+TAG ?= "minio/console:$(BUILD_VERSION)-dev"

-default: mcs
+default: console

-.PHONY: mcs
-mcs:
-	@echo "Building mcs binary to './mcs'"
-	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o mcs ./cmd/mcs)
+.PHONY: console
+console:
+	@echo "Building Console binary to './console'"
+	@(GO111MODULE=on CGO_ENABLED=0 go build -trimpath --tags=kqueue --ldflags "-s -w" -o console ./cmd/console)
+
+k8sdev:
+	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
+	@kind load docker-image $(TAG)
+	@echo "Done, now restart your console deployment"

 getdeps:
 	@mkdir -p ${GOPATH}/bin
@@ -16,35 +25,45 @@ verifiers: getdeps fmt lint

 fmt:
 	@echo "Running $@ check"
-	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d restapi/
 	@GO111MODULE=on gofmt -d pkg/
+	@GO111MODULE=on gofmt -d cmd/
+	@GO111MODULE=on gofmt -d cluster/
+
+crosscompile:
+	@(env bash $(PWD)/cross-compile.sh)

 lint:
 	@echo "Running $@ check"
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean
 	@GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ./.golangci.yml

-install: mcs
-	@echo "Installing mcs binary to '$(GOPATH)/bin/mcs'"
-	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/mcs $(GOPATH)/bin/mcs
-	@echo "Installation successful. To learn more, try \"mcs --help\"."
+install: console
+	@echo "Installing console binary to '$(GOPATH)/bin/console'"
+	@mkdir -p $(GOPATH)/bin && cp -f $(PWD)/console $(GOPATH)/bin/console
+	@echo "Installation successful. To learn more, try \"console --help\"."

 swagger-gen:
 	@echo "Generating swagger server code from yaml"
-	@swagger generate server -A mcs --main-package=mcs --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE
+	@rm -rf models
+	@rm -rf restapi/operations
+	@swagger generate server -A console --main-package=console --exclude-main -P models.Principal -f ./swagger.yml -r NOTICE

 assets:
-	@(cd portal-ui; yarn install; make build-static; cd ..)
+	@(cd portal-ui; yarn install; make build-static; yarn prettier --write . --loglevel warn;  cd ..)

 test:
-	@(GO111MODULE=on go test -race -v github.com/minio/mcs/restapi/...)
-	@(GO111MODULE=on go test -race -v github.com/minio/mcs/pkg/...)
+	@(GO111MODULE=on go test -race -v github.com/minio/console/restapi/...)
+	@(GO111MODULE=on go test -race -v github.com/minio/console/pkg/...)

 coverage:
-	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/mcs/restapi/... && go tool cover -html=coverage.out && open coverage.html)
+	@(GO111MODULE=on go test -v -coverprofile=coverage.out github.com/minio/console/restapi/... && go tool cover -html=coverage.out && open coverage.html)

 clean:
 	@echo "Cleaning up all the generated files"
 	@find . -name '*.test' | xargs rm -fv
 	@find . -name '*~' | xargs rm -fv
-	@rm -vf mcs
+	@rm -vf console
+
+docker:
+	@docker build -t $(TAG) --build-arg build_version=$(BUILD_VERSION) --build-arg build_time='$(BUILD_TIME)' .
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 This file is part of MinIO Console Server
-Copyright (c) 2020 MinIO, Inc.
+Copyright (c) 2021 MinIO, Inc.

 This program is free software: you can redistribute it and/or modify
 it under the terms of the GNU Affero General Public License as published by
--- a/README.md
+++ b/README.md
@@ -1,28 +1,83 @@
-# Minio Console Server
+# MinIO Console
+
+![build](https://github.com/minio/console/workflows/Go/badge.svg) ![license](https://img.shields.io/badge/license-AGPL%20V3-blue)

 A graphical user interface for [MinIO](https://github.com/minio/minio)

+| Dashboard                     | Creating a bucket             |
+| -------------                 | -------------                 |
+| ![Dashboard](images/pic1.png) | ![Dashboard](images/pic2.png) |

-| Dashboard  | Adding A User |
-| ------------- | ------------- |
-| ![Dashboard](images/pic1.png)  | ![Dashboard](images/pic2.png) |
+<!-- markdown-toc start - Don't edit this section. Run M-x markdown-toc-refresh-toc -->
+**Table of Contents**
+
+- [MinIO Console](#minio-console)
+    - [Install](#install)
+        - [Binary Releases](#binary-releases)
+        - [Docker](#docker)
+        - [Build from source](#build-from-source)
+    - [Setup](#setup)
+        - [1. Create a user `console` using `mc`](#1-create-a-user-console-using-mc)
+        - [2. Create a policy for `console` with admin access to all resources (for testing)](#2-create-a-policy-for-console-with-admin-access-to-all-resources-for-testing)
+        - [3. Set the policy for the new `console` user](#3-set-the-policy-for-the-new-console-user)
+    - [Start Console service:](#start-console-service)
+    - [Start Console service with TLS:](#start-console-service-with-tls)
+    - [Connect Console to a Minio using TLS and a self-signed certificate](#connect-console-to-a-minio-using-tls-and-a-self-signed-certificate)
+- [Contribute to console Project](#contribute-to-console-project)
+
+<!-- markdown-toc end -->
+
+## Install
+
+### Binary Releases
+
+| OS      | ARCH    | Binary                                                                                               |
+|:-------:|:-------:|:----------------------------------------------------------------------------------------------------:|
+| Linux   | amd64   | [linux-amd64](https://github.com/minio/console/releases/latest/download/console-linux-amd64)         |
+| Linux   | arm64   | [linux-arm64](https://github.com/minio/console/releases/latest/download/console-linux-arm64)         |
+| Linux   | ppc64le | [linux-ppc64le](https://github.com/minio/console/releases/latest/download/console-linux-ppc64le)     |
+| Linux   | s390x   | [linux-s390x](https://github.com/minio/console/releases/latest/download/console-linux-s390x)         |
+| Apple   | amd64   | [darwin-amd64](https://github.com/minio/console/releases/latest/download/console-darwin-amd64)       |
+| Windows | amd64   | [windows-amd64](https://github.com/minio/console/releases/latest/download/console-windows-amd64.exe) |
+
+You can also verify the binary with [minisign](https://jedisct1.github.io/minisign/) by downloading the corresponding [`.minisig`](https://github.com/minio/console/releases/latest) signature file. Then run:
+```
+minisign -Vm console-<OS>-<ARCH> -P RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav
+```
+
+### Docker
+
+Pull the latest release via:
+```
+docker pull minio/console
+```
+
+### Build from source
+
+```
+GO111MODULE=on go install github.com/minio/console/cmd/console@latest
+```
+> You will need a working Go environment. Therefore, please follow [How to install Go](https://golang.org/doc/install).
+> Minimum version required is go1.16

 ## Setup

-All `mcs` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
+All `console` needs is a MinIO user with admin privileges and URL pointing to your MinIO deployment.
+
 > Note: We don't recommend using MinIO's Operator Credentials

-1. Create a user for `mcs` using `mc`. 
-```
-$ set +o history
-$ mc admin user add myminio mcs YOURMCSSECRET
-$ set -o history
+### 1. Create a user `console` using `mc`
+
+```bash
+mc admin user add myminio/
+Enter Access Key: console
+Enter Secret Key: xxxxxxxx
 ```

-2. Create a policy for `mcs` with access to everything (for testing and debugging)
+### 2. Create a policy for `console` with admin access to all resources (for testing)

-```
-$ cat > mcsAdmin.json << EOF
+```sh
+cat > admin.json << EOF
 {
 	"Version": "2012-10-17",
 	"Statement": [{
@@ -45,24 +100,26 @@ $ cat > mcsAdmin.json << EOF
 	]
 }
 EOF
-$ mc admin policy add myminio mcsAdmin mcsAdmin.json
 ```

-3. Set the policy for the new `mcs` user
-
-```
-$ mc admin policy set myminio mcsAdmin user=mcs
+```sh
+mc admin policy add myminio/ consoleAdmin admin.json
 ```

+### 3. Set the policy for the new `console` user

-### Note
-Additionally, you can create policies to limit the privileges for `mcs` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
+```sh
+mc admin policy set myminio consoleAdmin user=console
 ```
+
+> NOTE: Additionally, you can create policies to limit the privileges for other `console` users, for example, if you want the user to only have access to dashboard, buckets, notifications and watch page, the policy should look like this:
+
+```json
 {
 	"Version": "2012-10-17",
 	"Statement": [{
 			"Action": [
-				"admin:ServerInfo",
+				"admin:ServerInfo"
 			],
 			"Effect": "Allow",
 			"Sid": ""
@@ -97,34 +154,68 @@ Additionally, you can create policies to limit the privileges for `mcs` users, f
 }
 ```

-## Run MCS server
-To run the server:
+## Start Console service:

-```
-export MCS_HMAC_JWT_SECRET=YOURJWTSIGNINGSECRET
+Before running console service, following environment settings must be supplied
+```sh
+# Salt to encrypt JWT payload
+export CONSOLE_PBKDF_PASSPHRASE=SECRET

-#required to encrypt jwet payload
-export MCS_PBKDF_PASSPHRASE=SECRET
+# Required to encrypt JWT payload
+export CONSOLE_PBKDF_SALT=SECRET

-#required to encrypt jwet payload
-export MCS_PBKDF_SALT=SECRET
-
-export MCS_ACCESS_KEY=mcs
-export MCS_SECRET_KEY=YOURMCSSECRET
-export MCS_MINIO_SERVER=http://localhost:9000
-./mcs server
+# MinIO Endpoint
+export CONSOLE_MINIO_SERVER=http://localhost:9000
 ```

-## Connect MCS to a Minio using TLS and a self-signed certificate
+Now start the console service.
+```
+./console server
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at http://localhost:9090
+```
+
+By default `console` runs on port `9090` this can be changed with `--port` of your choice.
+
+## Start Console service with TLS:
+
+Copy your `public.crt` and `private.key` to `~/.console/certs`, then:
+
+```sh
+./console server
+2021-01-19 02:36:08.893735 I | 2021/01/19 02:36:08 server.go:129: Serving console at https://localhost:9090
+```
+
+For advanced users, `console` has support for multiple certificates to service clients through multiple domains.
+
+Following tree structure is expected for supporting multiple domains:
+```sh
+ certs/
+  │
+  ├─ public.crt
+  ├─ private.key
+  │
+  ├─ example.com/
+  │   │
+  │   ├─ public.crt
+  │   └─ private.key
+  └─ foobar.org/
+     │
+     ├─ public.crt
+     └─ private.key
+  ...

 ```
-...
-export MCS_MINIO_SERVER_TLS_SKIP_VERIFICATION=on
-export MCS_MINIO_SERVER=https://localhost:9000
-./mcs server
+
+## Connect Console to a Minio using TLS and a self-signed certificate
+
+Copy the MinIO `ca.crt` under `~/.console/certs/CAs`, then:
+
+```sh
+export CONSOLE_MINIO_SERVER=https://localhost:9000
+./console server
 ```

 You can verify that the apis work by doing the request on `localhost:9090/api/v1/...`

-# Contribute to mcs Project
-Please follow mcs [Contributor's Guide](https://github.com/minio/mcs/blob/master/CONTRIBUTING.md)
+# Contribute to console Project
+Please follow console [Contributor's Guide](https://github.com/minio/console/blob/master/CONTRIBUTING.md)
--- a/SECURITY.md
+++ b/SECURITY.md
@@ -2,12 +2,12 @@

 ## Supported Versions

-We always provide security updates for the [latest release](https://github.com/minio/mcs/releases/latest).
+We always provide security updates for the [latest release](https://github.com/minio/console/releases/latest).
 Whenever there is a security update you just need to upgrade to the latest version.

 ## Reporting a Vulnerability

-All security bugs in [minio/mcs](https://github,com/minio/mcs) (or other minio/* repositories)
+All security bugs in [minio/console](https://github,com/minio/console) (or other minio/* repositories)
 should be reported by email to security@min.io. Your email will be acknowledged within 48 hours,
 and you'll receive a more detailed response to your email within 72 hours indicating the next steps
 in handling your report.
@@ -18,13 +18,13 @@ you need access credentials for a successful exploit).

 If you have not received a reply to your email within 48 hours or you have not heard from the security team
 for the past five days please contact the security team directly:
-   - Primary security coordinator: lenin@min.io
-   - Secondary coordinator: daniel@min.io, cesar@min.io
-   - If you receive no response: dev@min.io
+  - Primary security coordinator: lenin@min.io
+  - Secondary coordinator: security@min.io
+  - If you receive no response: dev@min.io

 ### Disclosure Process

-MinIO uses the following disclosure process:
+MinIO Console uses the following disclosure process:

 1. Once the security report is received one member of the security team tries to verify and reproduce
   the issue and determines the impact it has.
@@ -33,8 +33,8 @@ MinIO uses the following disclosure process:
 3. Code is audited to find any potential similar problems.
 4. Fixes are prepared for the latest release.
 5. On the date that the fixes are applied a security advisory will be published on https://blog.min.io.
-   Please inform us in your report email whether MinIO should mention your contribution w.r.t. fixing
-   the security issue. By default MinIO will **not** publish this information to protect your privacy.
+   Please inform us in your report email whether MinIO Console should mention your contribution w.r.t. fixing
+   the security issue. By default MinIO Console will **not** publish this information to protect your privacy.

 This process can take some time, especially when coordination is required with maintainers of other projects.
 Every effort will be made to handle the bug in as timely a manner as possible, however it's important that we
--- a/VULNERABILITY_REPORT.md
+++ b/VULNERABILITY_REPORT.md
@@ -0,0 +1,38 @@
+## Vulnerability Management Policy
+
+This document formally describes the process of addressing and managing a
+reported vulnerability that has been found in the MinIO Console server code base,
+any directly connected ecosystem component or a direct / indirect dependency
+of the code base.
+
+### Scope
+
+The vulnerability management policy described in this document covers the
+process of investigating, assessing and resolving a vulnerability report
+opened by a MinIO Console employee or an external third party.
+
+Therefore, it lists pre-conditions and actions that should be performed to
+resolve and fix a reported vulnerability.
+
+### Vulnerability Management Process
+
+The vulnerability management process requires that the vulnerability report
+contains the following information:
+
+ - The project / component that contains the reported vulnerability.
+ - A description of the vulnerability. In particular, the type of the
+   reported vulnerability and how it might be exploited. Alternatively,
+   a well-established vulnerability identifier, e.g. CVE number, can be
+   used instead.
+
+Based on the description mentioned above, a MinIO Console engineer or security team
+member investigates:
+
+ - Whether the reported vulnerability exists.
+ - The conditions that are required such that the vulnerability can be exploited.
+ - The steps required to fix the vulnerability.
+
+In general, if the vulnerability exists in one of the MinIO Console code bases
+itself - not in a code dependency - then MinIO Console will, if possible, fix
+the vulnerability or implement reasonable countermeasures such that the
+vulnerability cannot be exploited anymore.
--- a/bindata_assetfs.go
+++ b/bindata_assetfs.go
--- a/cluster/cluster.go
+++ b/cluster/cluster.go
@@ -0,0 +1,71 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+import (
+	direct "github.com/minio/direct-csi/pkg/clientset"
+	operator "github.com/minio/operator/pkg/client/clientset/versioned"
+	"k8s.io/client-go/kubernetes"
+	"k8s.io/client-go/rest"
+	certutil "k8s.io/client-go/util/cert"
+)
+
+// getTLSClientConfig will return the right TLS configuration for the K8S client based on the configured TLS certificate
+func getTLSClientConfig() rest.TLSClientConfig {
+	var defaultRootCAFile = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+	var customRootCAFile = getK8sAPIServerTLSRootCA()
+	tlsClientConfig := rest.TLSClientConfig{}
+	// if console is running inside k8s by default he will have access to the CA Cert from the k8s local authority
+	if _, err := certutil.NewPool(defaultRootCAFile); err == nil {
+		tlsClientConfig.CAFile = defaultRootCAFile
+	}
+	// if the user explicitly define a custom CA certificate, instead, we will use that
+	if customRootCAFile != "" {
+		if _, err := certutil.NewPool(customRootCAFile); err == nil {
+			tlsClientConfig.CAFile = customRootCAFile
+		}
+	}
+	return tlsClientConfig
+}
+
+// This operation will run only once at console startup
+var tlsClientConfig = getTLSClientConfig()
+
+func GetK8sConfig(token string) *rest.Config {
+	config := &rest.Config{
+		Host:            GetK8sAPIServer(),
+		TLSClientConfig: tlsClientConfig,
+		APIPath:         "/",
+		BearerToken:     token,
+	}
+	return config
+}
+
+// OperatorClient returns an operator client using GetK8sConfig for its config
+func OperatorClient(token string) (*operator.Clientset, error) {
+	return operator.NewForConfig(GetK8sConfig(token))
+}
+
+// K8sClient returns kubernetes client using GetK8sConfig for its config
+func K8sClient(token string) (*kubernetes.Clientset, error) {
+	return kubernetes.NewForConfig(GetK8sConfig(token))
+}
+
+// DirectCSIClient returns Direct CSI client using GetK8sConfig for its config
+func DirectCSIClient(token string) (*direct.Clientset, error) {
+	return direct.NewForConfig(GetK8sConfig(token))
+}
--- a/cluster/config.go
+++ b/cluster/config.go
@@ -0,0 +1,121 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+import (
+	"errors"
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/minio/minio/pkg/env"
+)
+
+var (
+	errCantDetermineMinIOImage = errors.New("can't determine MinIO Image")
+)
+
+func GetK8sAPIServer() string {
+	// if console is running inside a k8s pod KUBERNETES_SERVICE_HOST and KUBERNETES_SERVICE_PORT will contain the k8s api server apiServerAddress
+	// if console is not running inside k8s by default will look for the k8s api server on localhost:8001 (kubectl proxy)
+	// NOTE: using kubectl proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
+	// more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
+	// you can override this using CONSOLE_K8S_API_SERVER, ie use the k8s cluster from `kubectl config view`
+	host, port := env.Get("KUBERNETES_SERVICE_HOST", ""), env.Get("KUBERNETES_SERVICE_PORT", "")
+	apiServerAddress := "http://localhost:8001"
+	if host != "" && port != "" {
+		apiServerAddress = "https://" + net.JoinHostPort(host, port)
+	}
+	return env.Get(ConsoleK8sAPIServer, apiServerAddress)
+}
+
+// If CONSOLE_K8S_API_SERVER_TLS_ROOT_CA is true console will load the certificate into the
+// http.client rootCAs pool, this is useful for testing an k8s ApiServer or when working with self-signed certificates
+func getK8sAPIServerTLSRootCA() string {
+	return strings.TrimSpace(env.Get(ConsoleK8SAPIServerTLSRootCA, ""))
+}
+
+// GetNsFromFile assumes console is running inside a k8s pod and extract the current namespace from the
+// /var/run/secrets/kubernetes.io/serviceaccount/namespace file
+func GetNsFromFile() string {
+	dat, err := ioutil.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
+	if err != nil {
+		return "default"
+	}
+	return string(dat)
+}
+
+// Namespace will run only once at console startup
+var Namespace = GetNsFromFile()
+
+// getLatestMinIOImage returns the latest docker image for MinIO if found on the internet
+func getLatestMinIOImage(client HTTPClientI) (*string, error) {
+	resp, err := client.Get("https://dl.min.io/server/minio/release/linux-amd64/")
+	if err != nil {
+		return nil, err
+	}
+	defer resp.Body.Close()
+
+	body, err := ioutil.ReadAll(resp.Body)
+	if err != nil {
+		return nil, err
+	}
+	var re = regexp.MustCompile(`(?m)\.\/minio\.(RELEASE.*?Z)"`)
+	// look for a single match
+	matches := re.FindAllStringSubmatch(string(body), 1)
+	for i := range matches {
+		release := matches[i][1]
+		dockerImage := fmt.Sprintf("minio/minio:%s", release)
+		return &dockerImage, nil
+	}
+	return nil, errCantDetermineMinIOImage
+}
+
+var latestMinIOImage, errLatestMinIOImage = getLatestMinIOImage(
+	&HTTPClient{
+		Client: &http.Client{
+			Timeout: 15 * time.Second,
+		},
+	})
+
+// GetMinioImage returns the image URL to be used when deploying a MinIO instance, if there is
+// a preferred image to be used (configured via ENVIRONMENT VARIABLES) GetMinioImage will return that
+// if not, GetMinioImage will try to obtain the image URL for the latest version of MinIO and return that
+func GetMinioImage() (*string, error) {
+	image := strings.TrimSpace(env.Get(ConsoleMinioImage, ""))
+	// if there is a preferred image configured by the user we'll always return that
+	if image != "" {
+		return &image, nil
+	}
+	if errLatestMinIOImage != nil {
+		return nil, errLatestMinIOImage
+	}
+	return latestMinIOImage, nil
+}
+
+// GetLatestMinioImage returns the latest image URL on minio repository
+func GetLatestMinioImage(client HTTPClientI) (*string, error) {
+	latestMinIOImage, err := getLatestMinIOImage(client)
+	if err != nil {
+		return nil, err
+	}
+	return latestMinIOImage, nil
+}
--- a/cluster/const.go
+++ b/cluster/const.go
@@ -0,0 +1,24 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+const (
+	ConsoleK8sAPIServer          = "CONSOLE_K8S_API_SERVER"
+	ConsoleK8SAPIServerTLSRootCA = "CONSOLE_K8S_API_SERVER_TLS_ROOT_CA"
+	ConsoleMinioImage            = "CONSOLE_MINIO_IMAGE"
+	ConsoleMCImage               = "CONSOLE_MC_IMAGE"
+)
--- a/cluster/http_client.go
+++ b/cluster/http_client.go
@@ -0,0 +1,53 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package cluster
+
+import (
+	"io"
+	"net/http"
+)
+
+// HTTPClientI interface with all functions to be implemented
+// by mock when testing, it should include all HttpClient respective api calls
+// that are used within this project.
+type HTTPClientI interface {
+	Get(url string) (resp *http.Response, err error)
+	Post(url, contentType string, body io.Reader) (resp *http.Response, err error)
+	Do(req *http.Request) (*http.Response, error)
+}
+
+// HTTPClient Interface implementation
+//
+// Define the structure of a http client and define the functions that are actually used
+type HTTPClient struct {
+	Client *http.Client
+}
+
+// Get implements http.Client.Get()
+func (c *HTTPClient) Get(url string) (resp *http.Response, err error) {
+	return c.Client.Get(url)
+}
+
+// Post implements http.Client.Post()
+func (c *HTTPClient) Post(url, contentType string, body io.Reader) (resp *http.Response, err error) {
+	return c.Client.Post(url, contentType, body)
+}
+
+// Do implements http.Client.Do()
+func (c *HTTPClient) Do(req *http.Request) (*http.Response, error) {
+	return c.Client.Do(req)
+}
--- a/cmd/console/main.go
+++ b/cmd/console/main.go
@@ -1,5 +1,5 @@
 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,7 +23,7 @@ import (
 	"sort"
 	"time"

-	"github.com/minio/mcs/pkg"
+	"github.com/minio/console/pkg"

 	"github.com/minio/minio/pkg/console"
 	"github.com/minio/minio/pkg/trie"
@@ -32,8 +32,8 @@ import (
 	"github.com/minio/cli"
 )

-// Help template for mcs.
-var mcsHelpTemplate = `NAME:
+// Help template for Console.
+var consoleHelpTemplate = `NAME:
  {{.Name}} - {{.Usage}}

 DESCRIPTION:
@@ -54,13 +54,14 @@ VERSION:

 var appCmds = []cli.Command{
 	serverCmd,
+	updateCmd,
 }

 func newApp(name string) *cli.App {
-	// Collection of mcs commands currently supported are.
+	// Collection of console commands currently supported are.
 	var commands []cli.Command

-	// Collection of mcs commands currently supported in a trie tree.
+	// Collection of console commands currently supported in a trie tree.
 	commandsTree := trie.NewTrie()

 	// registerCommand registers a cli command.
@@ -76,21 +77,19 @@ func newApp(name string) *cli.App {

 	findClosestCommands := func(command string) []string {
 		var closestCommands []string
-		for _, value := range commandsTree.PrefixMatch(command) {
-			closestCommands = append(closestCommands, value.(string))
-		}
+		closestCommands = append(closestCommands, commandsTree.PrefixMatch(command)...)

 		sort.Strings(closestCommands)
 		// Suggest other close commands - allow missed, wrongly added and
 		// even transposed characters
 		for _, value := range commandsTree.Walk(commandsTree.Root()) {
-			if sort.SearchStrings(closestCommands, value.(string)) < len(closestCommands) {
+			if sort.SearchStrings(closestCommands, value) < len(closestCommands) {
 				continue
 			}
 			// 2 is arbitrary and represents the max
 			// allowed number of typed errors
-			if words.DamerauLevenshteinDistance(command, value.(string)) < 2 {
-				closestCommands = append(closestCommands, value.(string))
+			if words.DamerauLevenshteinDistance(command, value) < 2 {
+				closestCommands = append(closestCommands, value)
 			}
 		}

@@ -108,13 +107,13 @@ func newApp(name string) *cli.App {
 	app.Author = "MinIO, Inc."
 	app.Usage = "MinIO Console Server"
 	app.Description = `MinIO Console Server`
-	app.Copyright = "(c) 2020 MinIO, Inc."
+	app.Copyright = "(c) 2021 MinIO, Inc."
 	app.Compiled, _ = time.Parse(time.RFC3339, pkg.ReleaseTime)
 	app.Commands = commands
 	app.HideHelpCommand = true // Hide `help, h` command, we already have `minio --help`.
-	app.CustomAppHelpTemplate = mcsHelpTemplate
+	app.CustomAppHelpTemplate = consoleHelpTemplate
 	app.CommandNotFound = func(ctx *cli.Context, command string) {
-		console.Printf("‘%s’ is not a mcs sub-command. See ‘mcs --help’.\n", command)
+		console.Printf("‘%s’ is not a console sub-command. See ‘console --help’.\n", command)
 		closestCommands := findClosestCommands(command)
 		if len(closestCommands) > 0 {
 			console.Println()
--- a/cmd/console/server.go
+++ b/cmd/console/server.go
@@ -0,0 +1,207 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"context"
+	"fmt"
+	"io/ioutil"
+	"log"
+	"os"
+	"path/filepath"
+	"time"
+
+	"github.com/minio/minio/cmd/config"
+
+	"github.com/go-openapi/loads"
+	"github.com/jessevdk/go-flags"
+	"github.com/minio/cli"
+	"github.com/minio/console/pkg/certs"
+	"github.com/minio/console/restapi"
+	"github.com/minio/console/restapi/operations"
+)
+
+// starts the server
+var serverCmd = cli.Command{
+	Name:    "server",
+	Aliases: []string{"srv"},
+	Usage:   "starts Console server",
+	Action:  startServer,
+	Flags: []cli.Flag{
+		cli.StringFlag{
+			Name:  "host",
+			Value: restapi.GetHostname(),
+			Usage: "HTTP server hostname",
+		},
+		cli.IntFlag{
+			Name:  "port",
+			Value: restapi.GetPort(),
+			Usage: "HTTP Server port",
+		},
+		cli.StringFlag{
+			Name:  "tls-host",
+			Value: restapi.GetTLSHostname(),
+			Usage: "HTTPS server hostname",
+		},
+		cli.IntFlag{
+			Name:  "tls-port",
+			Value: restapi.GetTLSPort(),
+			Usage: "HTTPS server port",
+		},
+		cli.StringFlag{
+			Name:  "tls-redirect",
+			Value: restapi.GetTLSRedirect(),
+			Usage: "HTTPS redirect by default",
+		},
+		cli.StringFlag{
+			Name:  "certs-dir",
+			Value: certs.GlobalCertsCADir.Get(),
+			Usage: "path to certs directory",
+		},
+		cli.StringFlag{
+			Name:  "tls-certificate",
+			Value: "",
+			Usage: "path tls certificate",
+		},
+		cli.StringFlag{
+			Name:  "tls-key",
+			Value: "",
+			Usage: "path tls key",
+		},
+		cli.StringFlag{
+			Name:  "tls-ca",
+			Value: "",
+			Usage: "path tls ca",
+		},
+	},
+}
+
+// starts the controller
+func startServer(ctx *cli.Context) error {
+	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
+	if err != nil {
+		log.Fatalln(err)
+	}
+
+	api := operations.NewConsoleAPI(swaggerSpec)
+	server := restapi.NewServer(api)
+	defer server.Shutdown()
+
+	parser := flags.NewParser(server, flags.Default)
+	parser.ShortDescription = "MinIO Console Server"
+	parser.LongDescription = swaggerSpec.Spec().Info.Description
+
+	server.ConfigureFlags()
+
+	for _, optsGroup := range api.CommandLineOptionsGroups {
+		_, err := parser.AddGroup(optsGroup.ShortDescription, optsGroup.LongDescription, optsGroup.Options)
+		if err != nil {
+			log.Fatalln(err)
+		}
+	}
+
+	if _, err := parser.Parse(); err != nil {
+		code := 1
+		if fe, ok := err.(*flags.Error); ok {
+			if fe.Type == flags.ErrHelp {
+				code = 0
+			}
+		}
+		os.Exit(code)
+	}
+
+	server.Host = ctx.String("host")
+	server.Port = ctx.Int("port")
+
+	restapi.Hostname = ctx.String("host")
+	restapi.Port = fmt.Sprintf("%v", ctx.Int("port"))
+
+	// Set all certs and CAs directories path
+	certs.GlobalCertsDir, _ = certs.NewConfigDirFromCtx(ctx, "certs-dir", certs.DefaultCertsDir.Get)
+	certs.GlobalCertsCADir = &certs.ConfigDir{Path: filepath.Join(certs.GlobalCertsDir.Get(), certs.CertsCADir)}
+
+	// check if certs and CAs directories exists or can be created
+	if err := certs.MkdirAllIgnorePerm(certs.GlobalCertsCADir.Get()); err != nil {
+		log.Println(fmt.Sprintf("Unable to create certs CA directory at %s", certs.GlobalCertsCADir.Get()))
+	}
+	// load the certificates and the CAs
+	restapi.GlobalRootCAs, restapi.GlobalPublicCerts, restapi.GlobalTLSCertsManager = certs.GetAllCertificatesAndCAs()
+
+	// TLS flags from swagger server, used to support older versions of minio-operator
+	swaggerServerCertificate := ctx.String("tls-certificate")
+	swaggerServerCertificateKey := ctx.String("tls-key")
+	SwaggerServerCACertificate := ctx.String("tls-ca")
+	// load tls cert and key from swagger server tls-certificate and tls-key flags
+	if swaggerServerCertificate != "" && swaggerServerCertificateKey != "" {
+		if errAddCert := certs.AddCertificate(context.Background(), restapi.GlobalTLSCertsManager, swaggerServerCertificate, swaggerServerCertificateKey); errAddCert != nil {
+			log.Println(errAddCert)
+		}
+		if x509Certs, errParseCert := config.ParsePublicCertFile(swaggerServerCertificate); errParseCert == nil {
+			if len(x509Certs) > 0 {
+				restapi.GlobalPublicCerts = append(restapi.GlobalPublicCerts, x509Certs[0])
+			}
+		}
+	}
+	// load ca cert from swagger server tls-ca flag
+	if SwaggerServerCACertificate != "" {
+		caCert, caCertErr := ioutil.ReadFile(SwaggerServerCACertificate)
+		if caCertErr == nil {
+			restapi.GlobalRootCAs.AppendCertsFromPEM(caCert)
+		}
+	}
+
+	if len(restapi.GlobalPublicCerts) > 0 {
+		// If TLS certificates are provided enforce the HTTPS schema, meaning console will redirect
+		// plain HTTP connections to HTTPS server
+		server.EnabledListeners = []string{"http", "https"}
+		server.TLSPort = ctx.Int("tls-port")
+		server.TLSHost = ctx.String("tls-host")
+		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
+		restapi.TLSPort = fmt.Sprintf("%v", ctx.Int("tls-port"))
+		restapi.TLSHostname = ctx.String("tls-host")
+		restapi.TLSRedirect = ctx.String("tls-redirect")
+	}
+
+	server.ConfigureAPI()
+
+	// subnet license refresh process
+	go func() {
+		failedAttempts := 0
+		for {
+			if err := restapi.RefreshLicense(); err != nil {
+				log.Println(err)
+				failedAttempts++
+				// end license refresh after 3 consecutive failed attempts
+				if failedAttempts >= 3 {
+					return
+				}
+				// wait 5 minutes and retry again
+				time.Sleep(time.Minute * 5)
+				continue
+			}
+			// if license refreshed successfully reset the counter
+			failedAttempts = 0
+			// try to refresh license every 24 hrs
+			time.Sleep(time.Hour * 24)
+		}
+	}()
+
+	if err := server.Serve(); err != nil {
+		log.Fatalln(err)
+	}
+	return nil
+}
--- a/cmd/console/update.go
+++ b/cmd/console/update.go
@@ -0,0 +1,154 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+package main
+
+import (
+	"encoding/json"
+	"errors"
+	"fmt"
+	"io"
+	"net"
+	"net/http"
+	"os"
+	"runtime"
+	"strings"
+	"time"
+
+	"github.com/blang/semver/v4"
+	"github.com/cheggaaa/pb/v3"
+	"github.com/minio/cli"
+	"github.com/minio/console/pkg"
+	"github.com/minio/selfupdate"
+)
+
+func getUpdateTransport(timeout time.Duration) http.RoundTripper {
+	var updateTransport http.RoundTripper = &http.Transport{
+		Proxy: http.ProxyFromEnvironment,
+		DialContext: (&net.Dialer{
+			Timeout:   timeout,
+			KeepAlive: timeout,
+			DualStack: true,
+		}).DialContext,
+		IdleConnTimeout:       timeout,
+		TLSHandshakeTimeout:   timeout,
+		ExpectContinueTimeout: timeout,
+		DisableCompression:    true,
+	}
+	return updateTransport
+}
+
+func getUpdateReaderFromURL(u string, transport http.RoundTripper) (io.ReadCloser, int64, error) {
+	clnt := &http.Client{
+		Transport: transport,
+	}
+	req, err := http.NewRequest(http.MethodGet, u, nil)
+	if err != nil {
+		return nil, -1, err
+	}
+
+	resp, err := clnt.Do(req)
+	if err != nil {
+		return nil, -1, err
+	}
+	return resp.Body, resp.ContentLength, nil
+}
+
+const defaultPubKey = "RWTx5Zr1tiHQLwG9keckT0c45M3AGeHD6IvimQHpyRywVWGbP1aVSGav"
+
+func getLatestRelease(tr http.RoundTripper) (string, error) {
+	releaseURL := "https://api.github.com/repos/minio/console/releases/latest"
+
+	body, _, err := getUpdateReaderFromURL(releaseURL, tr)
+	if err != nil {
+		return "", fmt.Errorf("unable to access github release URL %w", err)
+	}
+	defer body.Close()
+
+	lm := make(map[string]interface{})
+	if err = json.NewDecoder(body).Decode(&lm); err != nil {
+		return "", err
+	}
+	rel, ok := lm["tag_name"].(string)
+	if !ok {
+		return "", errors.New("unable to find latest release tag")
+	}
+	return rel, nil
+}
+
+// update console in-place
+var updateCmd = cli.Command{
+	Name:   "update",
+	Usage:  "update console to latest release",
+	Action: updateInplace,
+}
+
+func updateInplace(ctx *cli.Context) error {
+	transport := getUpdateTransport(30 * time.Second)
+	rel, err := getLatestRelease(transport)
+	if err != nil {
+		return err
+	}
+
+	latest, err := semver.Make(strings.TrimPrefix(rel, "v"))
+	if err != nil {
+		return err
+	}
+
+	current, err := semver.Make(pkg.Version)
+	if err != nil {
+		return err
+	}
+
+	if current.GTE(latest) {
+		fmt.Printf("You are already running the latest version v%v.\n", pkg.Version)
+		return nil
+	}
+
+	consoleBin := fmt.Sprintf("https://github.com/minio/console/releases/download/%s/console-%s-%s", rel, runtime.GOOS, runtime.GOARCH)
+	reader, length, err := getUpdateReaderFromURL(consoleBin, transport)
+	if err != nil {
+		return fmt.Errorf("unable to fetch binary from %s: %w", consoleBin, err)
+	}
+
+	minisignPubkey := os.Getenv("CONSOLE_MINISIGN_PUBKEY")
+	if minisignPubkey == "" {
+		minisignPubkey = defaultPubKey
+	}
+
+	v := selfupdate.NewVerifier()
+	if err = v.LoadFromURL(consoleBin+".minisig", minisignPubkey, transport); err != nil {
+		return fmt.Errorf("unable to fetch binary signature for %s: %w", consoleBin, err)
+	}
+	opts := selfupdate.Options{
+		Verifier: v,
+	}
+
+	tmpl := `{{ red "Downloading:" }} {{bar . (red "[") (green "=") (red "]")}} {{speed . | rndcolor }}`
+	bar := pb.ProgressBarTemplate(tmpl).Start64(length)
+	barReader := bar.NewProxyReader(reader)
+	if err = selfupdate.Apply(barReader, opts); err != nil {
+		bar.Finish()
+		if rerr := selfupdate.RollbackError(err); rerr != nil {
+			return rerr
+		}
+		return err
+	}
+
+	bar.Finish()
+	fmt.Printf("Updated 'console' to latest release %s\n", rel)
+	return nil
+}
--- a/cmd/mcs/server.go
+++ b/cmd/mcs/server.go
@@ -1,132 +0,0 @@
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-package main
-
-import (
-	"fmt"
-	"log"
-	"os"
-
-	"github.com/go-openapi/loads"
-	"github.com/jessevdk/go-flags"
-	"github.com/minio/cli"
-	"github.com/minio/mcs/restapi"
-	"github.com/minio/mcs/restapi/operations"
-)
-
-// starts the server
-var serverCmd = cli.Command{
-	Name:    "server",
-	Aliases: []string{"srv"},
-	Usage:   "starts mcs server",
-	Action:  startServer,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "host",
-			Value: restapi.GetHostname(),
-			Usage: "HTTP server hostname",
-		},
-		cli.IntFlag{
-			Name:  "port",
-			Value: restapi.GetPort(),
-			Usage: "HTTP Server port",
-		},
-		cli.StringFlag{
-			Name:  "tls-host",
-			Value: restapi.GetSSLHostname(),
-			Usage: "HTTPS server hostname",
-		},
-		cli.IntFlag{
-			Name:  "tls-port",
-			Value: restapi.GetSSLPort(),
-			Usage: "HTTPS server port",
-		},
-		cli.StringFlag{
-			Name:  "tls-certificate",
-			Value: "",
-			Usage: "filename of public cert",
-		},
-		cli.StringFlag{
-			Name:  "tls-key",
-			Value: "",
-			Usage: "filename of private key",
-		},
-	},
-}
-
-// starts the controller
-func startServer(ctx *cli.Context) error {
-	swaggerSpec, err := loads.Embedded(restapi.SwaggerJSON, restapi.FlatSwaggerJSON)
-	if err != nil {
-		log.Fatalln(err)
-	}
-
-	api := operations.NewMcsAPI(swaggerSpec)
-	server := restapi.NewServer(api)
-	defer server.Shutdown()
-
-	parser := flags.NewParser(server, flags.Default)
-	parser.ShortDescription = "MinIO Console Server"
-	parser.LongDescription = swaggerSpec.Spec().Info.Description
-	server.ConfigureFlags()
-	for _, optsGroup := range api.CommandLineOptionsGroups {
-		_, err := parser.AddGroup(optsGroup.ShortDescription, optsGroup.LongDescription, optsGroup.Options)
-		if err != nil {
-			log.Fatalln(err)
-		}
-	}
-
-	if _, err := parser.Parse(); err != nil {
-		code := 1
-		if fe, ok := err.(*flags.Error); ok {
-			if fe.Type == flags.ErrHelp {
-				code = 0
-			}
-		}
-		os.Exit(code)
-	}
-
-	server.Host = ctx.String("host")
-	server.Port = ctx.Int("port")
-
-	restapi.Hostname = ctx.String("host")
-	restapi.Port = fmt.Sprintf("%v", ctx.Int("port"))
-
-	tlsCertificatePath := ctx.String("tls-certificate")
-	tlsCertificateKeyPath := ctx.String("tls-key")
-
-	if tlsCertificatePath != "" && tlsCertificateKeyPath != "" {
-		server.TLSCertificate = flags.Filename(tlsCertificatePath)
-		server.TLSCertificateKey = flags.Filename(tlsCertificateKeyPath)
-		// If TLS certificates are provided enforce the HTTPS schema, meaning mcs will redirect
-		// plain HTTP connections to HTTPS server
-		server.EnabledListeners = []string{"http", "https"}
-		server.TLSPort = ctx.Int("tls-port")
-		server.TLSHost = ctx.String("tls-host")
-		// Need to store tls-port, tls-host un config variables so secure.middleware can read from there
-		restapi.TLSPort = fmt.Sprintf("%v", ctx.Int("tls-port"))
-		restapi.TLSHostname = ctx.String("tls-host")
-		restapi.TLSRedirect = "on"
-	}
-
-	server.ConfigureAPI()
-
-	if err := server.Serve(); err != nil {
-		log.Fatalln(err)
-	}
-	return nil
-}
--- a/compose/.env
+++ b/compose/.env
@@ -0,0 +1,61 @@
+## PostgreSQL related variables
+
+# Postgres Docker image
+POSTGRES_IMAGE=library/postgres
+
+# Postgres user
+POSTGRES_USER=postgres
+
+# Postgres password
+POSTGRES_PASSWORD=magical_password
+
+# Postgres port number
+POSTGRES_PORT=5432
+
+# Postgres data directory
+PGDATA=/data/postgres
+
+
+## Logsearch related variables
+
+# Logsearch Docker image
+LOGSEARCH_IMAGE=minio/logsearchapi:v4.0.2
+
+# Logsearch storage max
+LOGSEARCH_DISK_CAPACITY_GB=5
+
+# Logsearch port number
+LOGSEARCH_PORT=8080
+
+# Log retention duration
+LOGSEARCH_MAX_RETENTION_MONTHS=1
+
+# Logsearch audit authentication token
+LOGSEARCH_AUDIT_AUTH_TOKEN=c6rkqjZ03ElEUKQ7MtSeYBJ8q_p3GDFPBQAQJlcbBLA=
+
+# Logsearch query authentication token
+LOGSEARCH_QUERY_AUTH_TOKEN=c6rkqjZ03ElEUKQ7MtSeYBJ8q_p3GDFPBQAQJlcbBLA=
+
+
+## Console related variables
+
+# Console Docker image
+CONSOLE_IMAGE=minio/console:v0.6.2
+
+# Salt to encrypt JWT payload
+CONSOLE_PBKDF_PASSPHRASE=top_secret
+
+# Required to encrypt JWT payload
+CONSOLE_PBKDF_SALT=top_secret1
+
+# MinIO Server URL
+CONSOLE_MINIO_SERVER=http://localhost:9000
+
+
+## Prometheus related variables
+
+# Prometheus Docker image
+PROMETHEUS_IMAGE=prom/prometheus:latest
+
+# Prometheus port number
+PROMETHEUS_PORT=9999
--- a/compose/README.md
+++ b/compose/README.md
@@ -0,0 +1,64 @@
+
+## Console Docker Compose
+
+This compose file allows users to quickly deploy MinIO Console, LogSearch & Prometheus in a baremetal (non Kubernetes) environment.
+
+### Pre-requisites
+
+1. [MinIO](https://docs.minio.io/docs/distributed-minio-quickstart-guide.html) cluster up and running.
+2. [mc](https://docs.minio.io/docs/minio-client-quickstart-guide.html) configured for this MinIO cluster.
+3. [Docker-Compose](https://docs.docker.com/compose/) installed on the server.
+
+### Getting Started
+
+- Download the contents of `compose` directory on your machine.
+
+- Edit the `prometheus.yaml` file and fill in the correct target (MinIO Endpoint). Optionally setup the `bearer_token` as explained [here](https://github.com/minio/minio/tree/master/docs/metrics/prometheus#31-authenticated-prometheus-config).
+
+- Setup a console admin policy.
+
+```sh
+cat > admin.json << EOF
+{
+	"Version": "2012-10-17",
+	"Statement": [{
+			"Action": [
+				"admin:*"
+			],
+			"Effect": "Allow",
+			"Sid": ""
+		},
+		{
+			"Action": [
+                "s3:*"
+			],
+			"Effect": "Allow",
+			"Resource": [
+				"arn:aws:s3:::*"
+			],
+			"Sid": ""
+		}
+	]
+}
+EOF
+```
+
+Then create this policy on MinIO server: `mc admin policy add myminio consoleAdmin admin.json`.
+
+- Setup user and policy for Console
+
+```
+mc admin user add myminio console console123
+mc admin policy set myminio consoleAdmin user=console
+```
+
+- Configure Webhook target on the MinIO server. Remember to change the `token` value in below URL to the actual token value as set in the `.env` file.
+
+```
+mc admin config set myminio audit_webhook:1 endpoint=http://localhost:8080/api/ingest?token=c6rkqjZ03ElEUKQ7MtSeYBJ8q_p3GDFPBQAQJlcbBLA=
+mc admin service restart myminio
+```
+
+### Configuration
+
+To configure the Console Compose file to custom setup, please take a look at the [`.env`](./.env) file.
--- a/compose/docker-compose.yaml
+++ b/compose/docker-compose.yaml
@@ -0,0 +1,62 @@
+version: '3.4'
+services:
+  pg_database:
+    image: ${POSTGRES_IMAGE}
+    network_mode: host
+    environment:
+      - POSTGRES_USER=${POSTGRES_USER}
+      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
+      - PGDATA=${PGDATA}
+      - POSTGRES_DB=minio_logs
+    volumes:
+      - database:${PGDATA}
+    ports:
+      - ${POSTGRES_PORT}:${POSTGRES_PORT}
+
+  log_search:
+    image: ${LOGSEARCH_IMAGE}
+    network_mode: host
+    environment:
+      - LOGSEARCH_AUDIT_AUTH_TOKEN=${LOGSEARCH_AUDIT_AUTH_TOKEN}
+      - LOGSEARCH_QUERY_AUTH_TOKEN=${LOGSEARCH_QUERY_AUTH_TOKEN}
+      - LOGSEARCH_DISK_CAPACITY_GB=${LOGSEARCH_DISK_CAPACITY_GB}
+      - LOGSEARCH_MAX_RETENTION_MONTHS=${LOGSEARCH_MAX_RETENTION_MONTHS}
+      - LOGSEARCH_PG_CONN_STR=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@localhost:${POSTGRES_PORT}/minio_logs?sslmode=disable
+    ports:
+      - ${LOGSEARCH_PORT}:${LOGSEARCH_PORT}
+    command: ["/usr/bin/wait-for-it.sh", "localhost:${POSTGRES_PORT}", "--", "/logsearchapi"]
+    volumes:
+      - ./wait-for-it.sh:/usr/bin/wait-for-it.sh
+    depends_on:
+      - pg_database
+
+  console:
+    image: ${CONSOLE_IMAGE}
+    network_mode: host
+    environment:
+      - CONSOLE_PBKDF_PASSPHRASE=${CONSOLE_PBKDF_PASSPHRASE}
+      - CONSOLE_PBKDF_SALT=${CONSOLE_PBKDF_SALT}
+      - LOGSEARCH_QUERY_AUTH_TOKEN=${LOGSEARCH_QUERY_AUTH_TOKEN}
+      - CONSOLE_MINIO_SERVER=${CONSOLE_MINIO_SERVER}
+      - CONSOLE_LOG_QUERY_URL=http://localhost:${LOGSEARCH_PORT}
+      - CONSOLE_PROMETHEUS_URL=http://localhost:${PROMETHEUS_PORT}
+    ports:
+      - "9090:9090"
+    command: server
+    depends_on:
+      - log_search
+      - prometheus
+
+  prometheus:
+    image: ${PROMETHEUS_IMAGE}
+    network_mode: host
+    ports:
+      - ${PROMETHEUS_PORT}:${PROMETHEUS_PORT}
+    command:
+      - --config.file=/etc/prometheus/prometheus.yml 
+      - --web.listen-address=:${PROMETHEUS_PORT}
+    volumes:
+      - ./prometheus.yml:/etc/prometheus/prometheus.yml:ro
+
+volumes:
+  database:
--- a/compose/prometheus.yml
+++ b/compose/prometheus.yml
@@ -0,0 +1,15 @@
+global:
+  scrape_interval:     10s # Set the scrape interval to every 15 seconds. Default is every 1 minute.
+  evaluation_interval: 30s # Evaluate rules every 15 seconds. The default is every 1 minute.
+  # scrape_timeout is set to the global default (10s).
+
+# A scrape configuration containing exactly one endpoint to scrape:
+# Here it's Prometheus itself.
+scrape_configs:
+    # The job name is added as a label `job=<job_name>` to any timeseries scraped from this config.
+  - job_name: minio-node1
+    metrics_path: /minio/v2/metrics/cluster
+    scheme: http
+    static_configs:
+    - targets: 
+      - 'localhost:9000'
--- a/compose/wait-for-it.sh
+++ b/compose/wait-for-it.sh
@@ -0,0 +1,182 @@
+#!/usr/bin/env bash
+# Use this script to test if a given TCP host/port are available
+
+WAITFORIT_cmdname=${0##*/}
+
+echoerr() { if [[ $WAITFORIT_QUIET -ne 1 ]]; then echo "$@" 1>&2; fi }
+
+usage()
+{
+    cat << USAGE >&2
+Usage:
+    $WAITFORIT_cmdname host:port [-s] [-t timeout] [-- command args]
+    -h HOST | --host=HOST       Host or IP under test
+    -p PORT | --port=PORT       TCP port under test
+                                Alternatively, you specify the host and port as host:port
+    -s | --strict               Only execute subcommand if the test succeeds
+    -q | --quiet                Don't output any status messages
+    -t TIMEOUT | --timeout=TIMEOUT
+                                Timeout in seconds, zero for no timeout
+    -- COMMAND ARGS             Execute command with args after the test finishes
+USAGE
+    exit 1
+}
+
+wait_for()
+{
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    else
+        echoerr "$WAITFORIT_cmdname: waiting for $WAITFORIT_HOST:$WAITFORIT_PORT without a timeout"
+    fi
+    WAITFORIT_start_ts=$(date +%s)
+    while :
+    do
+        if [[ $WAITFORIT_ISBUSY -eq 1 ]]; then
+            nc -z $WAITFORIT_HOST $WAITFORIT_PORT
+            WAITFORIT_result=$?
+        else
+            (echo -n > /dev/tcp/$WAITFORIT_HOST/$WAITFORIT_PORT) >/dev/null 2>&1
+            WAITFORIT_result=$?
+        fi
+        if [[ $WAITFORIT_result -eq 0 ]]; then
+            WAITFORIT_end_ts=$(date +%s)
+            echoerr "$WAITFORIT_cmdname: $WAITFORIT_HOST:$WAITFORIT_PORT is available after $((WAITFORIT_end_ts - WAITFORIT_start_ts)) seconds"
+            break
+        fi
+        sleep 1
+    done
+    return $WAITFORIT_result
+}
+
+wait_for_wrapper()
+{
+    # In order to support SIGINT during timeout: http://unix.stackexchange.com/a/57692
+    if [[ $WAITFORIT_QUIET -eq 1 ]]; then
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --quiet --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    else
+        timeout $WAITFORIT_BUSYTIMEFLAG $WAITFORIT_TIMEOUT $0 --child --host=$WAITFORIT_HOST --port=$WAITFORIT_PORT --timeout=$WAITFORIT_TIMEOUT &
+    fi
+    WAITFORIT_PID=$!
+    trap "kill -INT -$WAITFORIT_PID" INT
+    wait $WAITFORIT_PID
+    WAITFORIT_RESULT=$?
+    if [[ $WAITFORIT_RESULT -ne 0 ]]; then
+        echoerr "$WAITFORIT_cmdname: timeout occurred after waiting $WAITFORIT_TIMEOUT seconds for $WAITFORIT_HOST:$WAITFORIT_PORT"
+    fi
+    return $WAITFORIT_RESULT
+}
+
+# process arguments
+while [[ $# -gt 0 ]]
+do
+    case "$1" in
+        *:* )
+        WAITFORIT_hostport=(${1//:/ })
+        WAITFORIT_HOST=${WAITFORIT_hostport[0]}
+        WAITFORIT_PORT=${WAITFORIT_hostport[1]}
+        shift 1
+        ;;
+        --child)
+        WAITFORIT_CHILD=1
+        shift 1
+        ;;
+        -q | --quiet)
+        WAITFORIT_QUIET=1
+        shift 1
+        ;;
+        -s | --strict)
+        WAITFORIT_STRICT=1
+        shift 1
+        ;;
+        -h)
+        WAITFORIT_HOST="$2"
+        if [[ $WAITFORIT_HOST == "" ]]; then break; fi
+        shift 2
+        ;;
+        --host=*)
+        WAITFORIT_HOST="${1#*=}"
+        shift 1
+        ;;
+        -p)
+        WAITFORIT_PORT="$2"
+        if [[ $WAITFORIT_PORT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --port=*)
+        WAITFORIT_PORT="${1#*=}"
+        shift 1
+        ;;
+        -t)
+        WAITFORIT_TIMEOUT="$2"
+        if [[ $WAITFORIT_TIMEOUT == "" ]]; then break; fi
+        shift 2
+        ;;
+        --timeout=*)
+        WAITFORIT_TIMEOUT="${1#*=}"
+        shift 1
+        ;;
+        --)
+        shift
+        WAITFORIT_CLI=("$@")
+        break
+        ;;
+        --help)
+        usage
+        ;;
+        *)
+        echoerr "Unknown argument: $1"
+        usage
+        ;;
+    esac
+done
+
+if [[ "$WAITFORIT_HOST" == "" || "$WAITFORIT_PORT" == "" ]]; then
+    echoerr "Error: you need to provide a host and port to test."
+    usage
+fi
+
+WAITFORIT_TIMEOUT=${WAITFORIT_TIMEOUT:-15}
+WAITFORIT_STRICT=${WAITFORIT_STRICT:-0}
+WAITFORIT_CHILD=${WAITFORIT_CHILD:-0}
+WAITFORIT_QUIET=${WAITFORIT_QUIET:-0}
+
+# Check to see if timeout is from busybox?
+WAITFORIT_TIMEOUT_PATH=$(type -p timeout)
+WAITFORIT_TIMEOUT_PATH=$(realpath $WAITFORIT_TIMEOUT_PATH 2>/dev/null || readlink -f $WAITFORIT_TIMEOUT_PATH)
+
+WAITFORIT_BUSYTIMEFLAG=""
+if [[ $WAITFORIT_TIMEOUT_PATH =~ "busybox" ]]; then
+    WAITFORIT_ISBUSY=1
+    # Check if busybox timeout uses -t flag
+    # (recent Alpine versions don't support -t anymore)
+    if timeout &>/dev/stdout | grep -q -e '-t '; then
+        WAITFORIT_BUSYTIMEFLAG="-t"
+    fi
+else
+    WAITFORIT_ISBUSY=0
+fi
+
+if [[ $WAITFORIT_CHILD -gt 0 ]]; then
+    wait_for
+    WAITFORIT_RESULT=$?
+    exit $WAITFORIT_RESULT
+else
+    if [[ $WAITFORIT_TIMEOUT -gt 0 ]]; then
+        wait_for_wrapper
+        WAITFORIT_RESULT=$?
+    else
+        wait_for
+        WAITFORIT_RESULT=$?
+    fi
+fi
+
+if [[ $WAITFORIT_CLI != "" ]]; then
+    if [[ $WAITFORIT_RESULT -ne 0 && $WAITFORIT_STRICT -eq 1 ]]; then
+        echoerr "$WAITFORIT_cmdname: strict mode, refusing to execute subprocess"
+        exit $WAITFORIT_RESULT
+    fi
+    exec "${WAITFORIT_CLI[@]}"
+else
+    exit $WAITFORIT_RESULT
+fi
--- a/cross-compile.sh
+++ b/cross-compile.sh
@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+# Enable tracing if set.
+[ -n "$BASH_XTRACEFD" ] && set -x
+
+_init() {
+    ## All binaries are static make sure to disable CGO.
+    export CGO_ENABLED=0
+
+    ## List of architectures and OS to test coss compilation.
+    SUPPORTED_OSARCH="linux/ppc64le linux/mips64 linux/arm64 linux/s390x darwin/amd64 freebsd/amd64 windows/amd64 linux/arm linux/386 netbsd/amd64"
+}
+
+_build() {
+    local osarch=$1
+    IFS=/ read -r -a arr <<<"$osarch"
+    os="${arr[0]}"
+    arch="${arr[1]}"
+    package=$(go list -f '{{.ImportPath}}' ./cmd/console)
+    printf -- "--> %15s:%s\n" "${osarch}" "${package}"
+
+    # go build -trimpath to build the binary.
+    GOOS=$os GOARCH=$arch GO111MODULE=on go build -trimpath --tags=kqueue --ldflags "-s -w" -o /dev/null ./cmd/console
+}
+
+main() {
+    echo "Testing builds for OS/Arch: ${SUPPORTED_OSARCH}"
+    for each_osarch in ${SUPPORTED_OSARCH}; do
+        _build "${each_osarch}"
+    done
+}
+
+_init && main "$@"
--- a/docs/console_operator_mode.md
+++ b/docs/console_operator_mode.md
@@ -0,0 +1,39 @@
+# Running Console in Operator mode
+
+`Console` will authenticate against `Kubernetes`using bearer tokens via HTTP `Authorization` header. The user will provide this token once
+in the login form, Console will validate it against Kubernetes (list apis) and if valid will generate and return a new Console sessions 
+with encrypted claims (the user Service account token will be inside the session encrypted token
+
+# Kubernetes
+
+The provided `JWT token` corresponds to the `Kubernetes service account` that `Console` will use to run tasks on behalf of the
+user, ie: list, create, edit, delete tenants, storage class, etc.
+
+
+# Development
+
+If console is running inside a k8s pod `KUBERNETES_SERVICE_HOST` and `KUBERNETES_SERVICE_PORT` will contain the k8s api server apiServerAddress
+if console is not running inside k8s by default will look for the k8s api server on `localhost:8001` (kubectl proxy)
+
+If you are running console in your local environment and wish to make request to `Kubernetes` you can set `CONSOLE_K8S_API_SERVER`, if
+the environment variable is not present by default `Console` will use `"http://localhost:8001"`, additionally you will need to set the
+`CONSOLE_OPERATOR_MODE=on` variable to make Console display the Operator UI.
+
+NOTE: using `kubectl` proxy is for local development only, since every request send to localhost:8001 will bypass service account authentication
+more info here: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#directly-accessing-the-rest-api
+you can override this using `CONSOLE_K8S_API_SERVER`, ie use the k8s cluster from `kubectl config view`
+
+## Extract the Service account token and use it with Console
+
+For local development you can use the jwt associated to the `console-sa` service account, you can get the token running
+the following command in your terminal:
+
+```
+kubectl get secret $(kubectl get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
+```
+
+Then run the Console server
+
+```
+CONSOLE_OPERATOR_MODE=on ./console server
+```
--- a/docs/ldap/billy.ldif
+++ b/docs/ldap/billy.ldif
@@ -0,0 +1,35 @@
+# LDIF fragment to create group branch under root
+dn: uid=billy,dc=example,dc=org
+uid: billy
+cn: billy
+sn: 3
+objectClass: top
+objectClass: posixAccount
+objectClass: inetOrgPerson
+loginShell: /bin/bash
+homeDirectory: /home/billy
+uidNumber: 14583102
+gidNumber: 14564100
+userPassword: {SSHA}j3lBh1Seqe4rqF1+NuWmjhvtAni1JC5A
+mail: billy@example.org
+gecos: Billy User
+
+# Create base group
+dn: ou=groups,dc=example,dc=org
+objectclass:organizationalunit
+ou: groups
+description: generic groups branch
+
+# create consoleAdmin group (this already exists on minio and have a policy of s3::*)
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+objectClass: top
+objectClass: posixGroup
+gidNumber: 678
+
+# Assing group to new user
+dn: cn=consoleAdmin,ou=groups,dc=example,dc=org
+changetype: modify
+add: memberuid
+memberuid: billy
+
+
--- a/go.mod
+++ b/go.mod
@@ -1,30 +1,40 @@
-module github.com/minio/mcs
+module github.com/minio/console

-go 1.13
+go 1.16

 require (
+	github.com/blang/semver/v4 v4.0.0
+	github.com/cheggaaa/pb/v3 v3.0.6
 	github.com/coreos/go-oidc v2.2.1+incompatible
-	github.com/dgrijalva/jwt-go v3.2.0+incompatible
-	github.com/elazarl/go-bindata-assetfs v1.0.0
-	github.com/go-openapi/errors v0.19.4
+	github.com/go-openapi/errors v0.19.6
 	github.com/go-openapi/loads v0.19.5
-	github.com/go-openapi/runtime v0.19.12
-	github.com/go-openapi/spec v0.19.7
+	github.com/go-openapi/runtime v0.19.19
+	github.com/go-openapi/spec v0.19.8
 	github.com/go-openapi/strfmt v0.19.5
-	github.com/go-openapi/swag v0.19.8
-	github.com/go-openapi/validate v0.19.7
+	github.com/go-openapi/swag v0.19.9
+	github.com/go-openapi/validate v0.19.10
 	github.com/gorilla/websocket v1.4.2
 	github.com/jessevdk/go-flags v1.4.0
-	github.com/json-iterator/go v1.1.9
 	github.com/minio/cli v1.22.0
-	github.com/minio/mc v0.0.0-20200515235434-3b479cf92ed6
-	github.com/minio/minio v0.0.0-20200516011754-9cac385aecdb
-	github.com/minio/minio-go/v6 v6.0.56-0.20200502013257-a81c8c13cc3f
+	github.com/minio/direct-csi v1.2.8
+	github.com/minio/kes v0.11.0
+	github.com/minio/mc v0.0.0-20210422171734-4eae7ec7ed25
+	github.com/minio/minio v0.0.0-20210423185853-cbfdf97abf9f
+	github.com/minio/minio-go/v7 v7.0.11-0.20210407221404-ba867dba7ee1
+	github.com/minio/operator v0.0.0-20210419212754-93a9239fd18b
+	github.com/minio/operator/logsearchapi v0.0.0-20210201110528-753019b838b4
+	github.com/minio/selfupdate v0.3.1
+	github.com/mitchellh/go-homedir v1.1.0
 	github.com/pquerna/cachecontrol v0.0.0-20180517163645-1555304b9b35 // indirect
-	github.com/satori/go.uuid v1.2.0
-	github.com/stretchr/testify v1.5.1
+	github.com/rs/xid v1.2.1
+	github.com/secure-io/sio-go v0.3.1
+	github.com/stretchr/testify v1.6.1
 	github.com/unrolled/secure v1.0.7
-	golang.org/x/crypto v0.0.0-20200214034016-1d94cc7ab1c6
-	golang.org/x/net v0.0.0-20200324143707-d3edc9973b7e
-	golang.org/x/oauth2 v0.0.0-20190402181905-9f3314589c9a
+	golang.org/x/crypto v0.0.0-20210415154028-4f45737414dc
+	golang.org/x/net v0.0.0-20210226172049-e18ecbb05110
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d
+	gopkg.in/yaml.v2 v2.3.0
+	k8s.io/api v0.20.2
+	k8s.io/apimachinery v0.20.2
+	k8s.io/client-go v0.20.2
 )
--- a/go.sum
+++ b/go.sum
--- a/hack/update-codegen.sh
+++ b/hack/update-codegen.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+#
+# Copyright 2020 Google LLC
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     https://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname ${BASH_SOURCE})/..
+
+go get -d k8s.io/code-generator/...
+
+# Checkout code-generator to compatible version
+#(cd $GOPATH/src/k8s.io/code-generator && git checkout origin/release-1.14 -B release-1.14)
+
+REPOSITORY=github.com/minio/console
+$GOPATH/src/k8s.io/code-generator/generate-groups.sh all \
+  $REPOSITORY/pkg/clientgen $REPOSITORY/pkg/apis networking.gke.io:v1beta2 \
+  --go-header-file $SCRIPT_ROOT/hack/header.go.txt
--- a/images/pic1.png
+++ b/images/pic1.png
--- a/images/pic2.png
+++ b/images/pic2.png
--- a/k8s/boilerplate.go.txt
+++ b/k8s/boilerplate.go.txt
@@ -0,0 +1,15 @@
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
--- a/k8s/console/base/console-cluster-role-binding.yaml
+++ b/k8s/console/base/console-cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-sa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: console-sa-role
+subjects:
+  - kind: ServiceAccount
+    name: console-sa
+    namespace: default
--- a/k8s/console/base/console-cluster-role.yaml
+++ b/k8s/console/base/console-cluster-role.yaml
@@ -0,0 +1,222 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: console-sa-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - update
+      - deletecollection
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - events
+      - resourcequotas
+      - nodes
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - deletecollection
+      - list
+      - get
+      - watch
+      - update
+  - apiGroups:
+      - "storage.k8s.io"
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+      - deployments
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - "certificates.k8s.io"
+    resources:
+      - "certificatesigningrequests"
+      - "certificatesigningrequests/approval"
+      - "certificatesigningrequests/status"
+    verbs:
+      - update
+      - create
+      - get
+  - apiGroups:
+      - minio.min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+      - min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumeclaims
+    verbs:
+    - get
+    - list
+    - watch
+    - update
+  - apiGroups:
+    - ""
+    resources:
+    - events
+    verbs:
+    - create
+    - list
+    - watch
+    - update
+    - patch
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshots
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshotcontents
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - csinodes
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - volumeattachments
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - volumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - apiextensions.k8s.io
+    resources:
+    - customresourcedefinitions
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - directcsidrives
+    - directcsivolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - pod
+    verbs:
+    - get
+    - list
+    - watch
--- a/k8s/console/base/console-configmap.yaml
+++ b/k8s/console/base/console-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: console-env
+data:
+  CONSOLE_PORT: "9090"
+  CONSOLE_TLS_PORT: "9443"
--- a/k8s/console/base/console-deployment.yaml
+++ b/k8s/console/base/console-deployment.yaml
@@ -0,0 +1,26 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: console
+  template:
+    metadata:
+      labels:
+        app: console
+    spec:
+      serviceAccountName: console-sa
+      containers:
+        - name: console
+          image: minio/console:v0.7.4
+          imagePullPolicy: "IfNotPresent"
+          args:
+            - server
+          ports:
+            - containerPort: 9090
+              name: http
+            - containerPort: 9433
+              name: https
--- a/k8s/console/base/console-service-account.yaml
+++ b/k8s/console/base/console-service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-sa
+  namespace: default
--- a/k8s/console/base/console-service.yaml
+++ b/k8s/console/base/console-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console
+  labels:
+    name: console
+spec:
+  ports:
+    - port: 9090
+      name: http
+    - port: 9443
+      name: https
+  selector:
+    app: console
--- a/k8s/console/base/kustomization.yaml
+++ b/k8s/console/base/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# beginning of customizations
+resources:
+  - console-service-account.yaml
+  - console-cluster-role.yaml
+  - console-cluster-role-binding.yaml
+  - console-configmap.yaml
+  - console-service.yaml
+  - console-deployment.yaml
+  - https://github.com/minio/operator/?ref=v3.0.10
--- a/k8s/create-kind.sh
+++ b/k8s/create-kind.sh
@@ -0,0 +1,44 @@
+#!/bin/bash
+
+# setup environment variables based on flags to see if we should build the docker containers again
+CONSOLE_DOCKER="true"
+
+# evaluate flags
+# `-m` for console
+
+
+while getopts ":m:" opt; do
+  case $opt in
+    m)
+	  CONSOLE_DOCKER="$OPTARG"
+      ;;
+    \?)
+      echo "Invalid option: -$OPTARG" >&2
+      exit 1
+      ;;
+    :)
+      echo "Option -$OPTARG requires an argument." >&2
+      exit 1
+      ;;
+  esac
+done
+
+echo "Provisioning Kind"
+kind create cluster  --config kind-cluster.yaml
+echo "Remove Master Taint"
+kubectl taint nodes --all node-role.kubernetes.io/master-
+echo "Install Contour"
+kubectl apply -f https://projectcontour.io/quickstart/contour.yaml
+kubectl patch daemonsets -n projectcontour envoy -p '{"spec":{"template":{"spec":{"nodeSelector":{"ingress-ready":"true"},"tolerations":[{"key":"node-role.kubernetes.io/master","operator":"Equal","effect":"NoSchedule"}]}}}}'
+echo "install metrics server"
+kubectl apply -f metrics-dev.yaml
+
+# Whether or not to build the m3 container and load it to kind or just load it
+if [[ $CONSOLE_DOCKER == "true" ]]; then
+	# Build mkube
+  make --directory=".." k8sdev TAG=minio/console:latest
+else
+	kind load docker-image minio/console:latest
+fi
+
+echo "done"
--- a/k8s/kind-cluster.yaml
+++ b/k8s/kind-cluster.yaml
@@ -0,0 +1,22 @@
+# three node (two workers) cluster config
+kind: Cluster
+apiVersion: kind.x-k8s.io/v1alpha4
+nodes:
+- role: control-plane
+  kubeadmConfigPatches:
+  - |
+    kind: InitConfiguration
+    nodeRegistration:
+      kubeletExtraArgs:
+        node-labels: "ingress-ready=true"
+  extraPortMappings:
+    - containerPort: 80
+      hostPort: 8844
+      protocol: TCP
+    - containerPort: 443
+      hostPort: 8843
+      protocol: TCP
+#- role: worker
+#- role: worker
+#- role: worker
+#- role: worker
--- a/k8s/metrics-dev.yaml
+++ b/k8s/metrics-dev.yaml
@@ -0,0 +1,153 @@
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:aggregated-metrics-reader
+  labels:
+    rbac.authorization.k8s.io/aggregate-to-view: "true"
+    rbac.authorization.k8s.io/aggregate-to-edit: "true"
+    rbac.authorization.k8s.io/aggregate-to-admin: "true"
+rules:
+  - apiGroups: ["metrics.k8s.io"]
+    resources: ["pods", "nodes"]
+    verbs: ["get", "list", "watch"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: metrics-server:system:auth-delegator
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:auth-delegator
+subjects:
+  - kind: ServiceAccount
+    name: metrics-server
+    namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: metrics-server-auth-reader
+  namespace: kube-system
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: extension-apiserver-authentication-reader
+subjects:
+  - kind: ServiceAccount
+    name: metrics-server
+    namespace: kube-system
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: system:metrics-server
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - nodes
+      - nodes/stats
+      - namespaces
+      - configmaps
+    verbs:
+      - get
+      - list
+      - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+  name: system:metrics-server
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: system:metrics-server
+subjects:
+  - kind: ServiceAccount
+    name: metrics-server
+    namespace: kube-system
+---
+apiVersion: apiregistration.k8s.io/v1beta1
+kind: APIService
+metadata:
+  name: v1beta1.metrics.k8s.io
+spec:
+  service:
+    name: metrics-server
+    namespace: kube-system
+  group: metrics.k8s.io
+  version: v1beta1
+  insecureSkipTLSVerify: true
+  groupPriorityMinimum: 100
+  versionPriority: 100
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: metrics-server
+  namespace: kube-system
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    kubernetes.io/name: "Metrics-server"
+    kubernetes.io/cluster-service: "true"
+spec:
+  selector:
+    k8s-app: metrics-server
+  ports:
+    - port: 443
+      protocol: TCP
+      targetPort: main-port
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: metrics-server
+  namespace: kube-system
+  labels:
+    k8s-app: metrics-server
+spec:
+  selector:
+    matchLabels:
+      k8s-app: metrics-server
+  template:
+    metadata:
+      name: metrics-server
+      labels:
+        k8s-app: metrics-server
+    spec:
+      serviceAccountName: metrics-server
+      volumes:
+        # mount in tmp so we can safely use from-scratch images and/or read-only containers
+        - name: tmp-dir
+          emptyDir: {}
+      containers:
+        - name: metrics-server
+          image: k8s.gcr.io/metrics-server-amd64:v0.3.6
+          args:
+            - --cert-dir=/tmp
+            - --secure-port=4443
+            - --kubelet-insecure-tls
+            - --kubelet-preferred-address-types=InternalIP
+          ports:
+            - name: main-port
+              containerPort: 4443
+              protocol: TCP
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            runAsUser: 1000
+          imagePullPolicy: Always
+          volumeMounts:
+            - name: tmp-dir
+              mountPath: /tmp
+      nodeSelector:
+        beta.kubernetes.io/os: linux
+        kubernetes.io/arch: "amd64"
--- a/k8s/operator-console/base/console-cluster-role-binding.yaml
+++ b/k8s/operator-console/base/console-cluster-role-binding.yaml
@@ -0,0 +1,12 @@
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: console-sa-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: console-sa-role
+subjects:
+  - kind: ServiceAccount
+    name: console-sa
+    namespace: default
--- a/k8s/operator-console/base/console-cluster-role.yaml
+++ b/k8s/operator-console/base/console-cluster-role.yaml
@@ -0,0 +1,222 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+  name: console-sa-role
+rules:
+  - apiGroups:
+      - ""
+    resources:
+      - secrets
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+      - update
+      - deletecollection
+  - apiGroups:
+      - ""
+    resources:
+      - namespaces
+      - pods
+      - services
+      - events
+      - resourcequotas
+      - nodes
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - ""
+    resources:
+      - persistentvolumeclaims
+    verbs:
+      - deletecollection
+      - list
+      - get
+      - watch
+      - update
+  - apiGroups:
+      - "storage.k8s.io"
+    resources:
+      - storageclasses
+    verbs:
+      - get
+      - watch
+      - create
+      - list
+      - patch
+  - apiGroups:
+      - apps
+    resources:
+      - statefulsets
+      - deployments
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - batch
+    resources:
+      - jobs
+    verbs:
+      - get
+      - create
+      - list
+      - patch
+      - watch
+      - update
+      - delete
+  - apiGroups:
+      - "certificates.k8s.io"
+    resources:
+      - "certificatesigningrequests"
+      - "certificatesigningrequests/approval"
+      - "certificatesigningrequests/status"
+    verbs:
+      - update
+      - create
+      - get
+  - apiGroups:
+      - minio.min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+      - min.io
+    resources:
+      - "*"
+    verbs:
+      - "*"
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - persistentvolumeclaims
+    verbs:
+    - get
+    - list
+    - watch
+    - update
+  - apiGroups:
+    - ""
+    resources:
+    - events
+    verbs:
+    - create
+    - list
+    - watch
+    - update
+    - patch
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshots
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - snapshot.storage.k8s.io
+    resources:
+    - volumesnapshotcontents
+    verbs:
+    - get
+    - list
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - csinodes
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - storage.k8s.io
+    resources:
+    - volumeattachments
+    verbs:
+    - get
+    - list
+    - watch
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - coordination.k8s.io
+    resources:
+    - leases
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - volumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - apiextensions.k8s.io
+    resources:
+    - customresourcedefinitions
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - direct.csi.min.io
+    resources:
+    - directcsidrives
+    - directcsivolumes
+    verbs:
+    - get
+    - list
+    - watch
+    - create
+    - update
+    - delete
+  - apiGroups:
+    - ""
+    resources:
+    - pod
+    verbs:
+    - get
+    - list
+    - watch
--- a/k8s/operator-console/base/console-configmap.yaml
+++ b/k8s/operator-console/base/console-configmap.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: console-env
+data:
+  CONSOLE_PORT: "9090"
+  CONSOLE_TLS_PORT: "9443"
--- a/k8s/operator-console/base/console-deployment.yaml
+++ b/k8s/operator-console/base/console-deployment.yaml
@@ -0,0 +1,29 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: console
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: console
+  template:
+    metadata:
+      labels:
+        app: console
+    spec:
+      serviceAccountName: console-sa
+      containers:
+        - name: console
+          image: minio/console:v0.7.4
+          imagePullPolicy: "IfNotPresent"
+          env:
+            - name: CONSOLE_OPERATOR_MODE
+              value: "on"
+          args:
+            - server
+          ports:
+            - containerPort: 9090
+              name: http
+            - containerPort: 9433
+              name: https
--- a/k8s/operator-console/base/console-service-account.yaml
+++ b/k8s/operator-console/base/console-service-account.yaml
@@ -0,0 +1,5 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: console-sa
+  namespace: default
--- a/k8s/operator-console/base/console-service.yaml
+++ b/k8s/operator-console/base/console-service.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: console
+  labels:
+    name: console
+spec:
+  ports:
+    - port: 9090
+      name: http
+    - port: 9443
+      name: https
+  selector:
+    app: console
--- a/k8s/operator-console/base/kustomization.yaml
+++ b/k8s/operator-console/base/kustomization.yaml
@@ -0,0 +1,10 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# beginning of customizations
+resources:
+  - console-service-account.yaml
+  - console-cluster-role.yaml
+  - console-cluster-role-binding.yaml
+  - console-configmap.yaml
+  - console-service.yaml
+  - console-deployment.yaml
--- a/k8s/operator-console/operator/kustomization.yaml
+++ b/k8s/operator-console/operator/kustomization.yaml
@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+# beginning of customizations
+#namespace: min-ns
+
+resources:
+  - ../base
+  - https://github.com/minio/operator/?ref=v3.0.29
+
--- a/k8s/tools.go
+++ b/k8s/tools.go
@@ -0,0 +1,20 @@
+// This file is part of MinIO Kubernetes Cloud
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+// This package imports things required by build scripts, to force `go mod` to see them as dependencies
+package k8s
+
+//import _ "k8s.io/code-generator"
--- a/k8s/update-codegen.sh
+++ b/k8s/update-codegen.sh
@@ -0,0 +1,35 @@
+#!/usr/bin/env bash
+
+# Copyright 2017 The Kubernetes Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -o errexit
+set -o nounset
+set -o pipefail
+
+SCRIPT_ROOT=$(dirname "${BASH_SOURCE[0]}")/..
+CODEGEN_PKG=${CODEGEN_PKG:-$(cd "${SCRIPT_ROOT}"; ls -d -1 ./vendor/k8s.io/code-generator 2>/dev/null || echo ../code-generator)}
+
+# generate the code with:
+# --output-base    because this script should also be able to run inside the vendor dir of
+#                  k8s.io/kubernetes. The output-base is needed for the generators to output into the vendor dir
+#                  instead of the $GOPATH directly. For normal projects this can be dropped.
+bash "${CODEGEN_PKG}"/generate-groups.sh "all" \
+  github.com/minio/console/pkg/generated \
+  github.com/minio/console/pkg/apis \
+  mkube:v1 \
+  --go-header-file "${SCRIPT_ROOT}"/k8s/boilerplate.go.txt
+
+# To use your own boilerplate text append:
+#   --go-header-file "${SCRIPT_ROOT}"/hack/custom-boilerplate.go.txt
--- a/models/account_change_password_request.go
+++ b/models/account_change_password_request.go
@@ -0,0 +1,98 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AccountChangePasswordRequest account change password request
+//
+// swagger:model accountChangePasswordRequest
+type AccountChangePasswordRequest struct {
+
+	// current secret key
+	// Required: true
+	CurrentSecretKey *string `json:"current_secret_key"`
+
+	// new secret key
+	// Required: true
+	NewSecretKey *string `json:"new_secret_key"`
+}
+
+// Validate validates this account change password request
+func (m *AccountChangePasswordRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCurrentSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateNewSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AccountChangePasswordRequest) validateCurrentSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("current_secret_key", "body", m.CurrentSecretKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AccountChangePasswordRequest) validateNewSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("new_secret_key", "body", m.NewSecretKey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AccountChangePasswordRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AccountChangePasswordRequest) UnmarshalBinary(b []byte) error {
+	var res AccountChangePasswordRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/add_bucket_lifecycle.go
+++ b/models/add_bucket_lifecycle.go
@@ -0,0 +1,93 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AddBucketLifecycle add bucket lifecycle
+//
+// swagger:model addBucketLifecycle
+type AddBucketLifecycle struct {
+
+	// Non required, toggle to disable or enable rule
+	Disable bool `json:"disable,omitempty"`
+
+	// Non required, toggle to disable or enable rule
+	ExpiredObjectDeleteMarker bool `json:"expired_object_delete_marker,omitempty"`
+
+	// Required in case of expiry_days or transition fields are not set. it defines an expiry date for ILM
+	ExpiryDate string `json:"expiry_date,omitempty"`
+
+	// Required in case of expiry_date or transition fields are not set. it defines an expiry days for ILM
+	ExpiryDays int32 `json:"expiry_days,omitempty"`
+
+	// Non required, can be set in case of expiration is enabled
+	NoncurrentversionExpirationDays int32 `json:"noncurrentversion_expiration_days,omitempty"`
+
+	// Non required, can be set in case of transition is enabled
+	NoncurrentversionTransitionDays int32 `json:"noncurrentversion_transition_days,omitempty"`
+
+	// Non required, can be set in case of transition is enabled
+	NoncurrentversionTransitionStorageClass string `json:"noncurrentversion_transition_storage_class,omitempty"`
+
+	// Non required field, it matches a prefix to perform ILM operations on it
+	Prefix string `json:"prefix,omitempty"`
+
+	// Required only in case of transition is set. it refers to a tier
+	StorageClass string `json:"storage_class,omitempty"`
+
+	// Non required field, tags to match ILM files
+	Tags string `json:"tags,omitempty"`
+
+	// Required in case of transition_days or expiry fields are not set. it defines a transition date for ILM
+	TransitionDate string `json:"transition_date,omitempty"`
+
+	// Required in case of transition_date or expiry fields are not set. it defines a transition days for ILM
+	TransitionDays int32 `json:"transition_days,omitempty"`
+}
+
+// Validate validates this add bucket lifecycle
+func (m *AddBucketLifecycle) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AddBucketLifecycle) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AddBucketLifecycle) UnmarshalBinary(b []byte) error {
+	var res AddBucketLifecycle
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/add_bucket_replication.go
+++ b/models/add_bucket_replication.go
@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// AddBucketReplication add bucket replication
+//
+// swagger:model addBucketReplication
+type AddBucketReplication struct {
+
+	// arn
+	Arn string `json:"arn,omitempty"`
+
+	// destination bucket
+	DestinationBucket string `json:"destination_bucket,omitempty"`
+}
+
+// Validate validates this add bucket replication
+func (m *AddBucketReplication) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AddBucketReplication) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AddBucketReplication) UnmarshalBinary(b []byte) error {
+	var res AddBucketReplication
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/add_group_request.go
+++ b/models/add_group_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/add_notification_endpoint.go
+++ b/models/add_notification_endpoint.go
@@ -1,147 +0,0 @@
-// Code generated by go-swagger; DO NOT EDIT.
-
-// This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
-//
-// This program is free software: you can redistribute it and/or modify
-// it under the terms of the GNU Affero General Public License as published by
-// the Free Software Foundation, either version 3 of the License, or
-// (at your option) any later version.
-//
-// This program is distributed in the hope that it will be useful,
-// but WITHOUT ANY WARRANTY; without even the implied warranty of
-// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-// GNU Affero General Public License for more details.
-//
-// You should have received a copy of the GNU Affero General Public License
-// along with this program.  If not, see <http://www.gnu.org/licenses/>.
-//
-
-package models
-
-// This file was generated by the swagger tool.
-// Editing this file might prove futile when you re-run the swagger generate command
-
-import (
-	"encoding/json"
-
-	"github.com/go-openapi/errors"
-	"github.com/go-openapi/strfmt"
-	"github.com/go-openapi/swag"
-	"github.com/go-openapi/validate"
-)
-
-// AddNotificationEndpoint add notification endpoint
-//
-// swagger:model addNotificationEndpoint
-type AddNotificationEndpoint struct {
-
-	// account
-	Account string `json:"account,omitempty"`
-
-	// properties
-	Properties map[string]string `json:"properties,omitempty"`
-
-	// service
-	// Enum: [webhook amqp kafka mqtt nats nsq mysql postgres elasticsearch redis]
-	Service string `json:"service,omitempty"`
-}
-
-// Validate validates this add notification endpoint
-func (m *AddNotificationEndpoint) Validate(formats strfmt.Registry) error {
-	var res []error
-
-	if err := m.validateService(formats); err != nil {
-		res = append(res, err)
-	}
-
-	if len(res) > 0 {
-		return errors.CompositeValidationError(res...)
-	}
-	return nil
-}
-
-var addNotificationEndpointTypeServicePropEnum []interface{}
-
-func init() {
-	var res []string
-	if err := json.Unmarshal([]byte(`["webhook","amqp","kafka","mqtt","nats","nsq","mysql","postgres","elasticsearch","redis"]`), &res); err != nil {
-		panic(err)
-	}
-	for _, v := range res {
-		addNotificationEndpointTypeServicePropEnum = append(addNotificationEndpointTypeServicePropEnum, v)
-	}
-}
-
-const (
-
-	// AddNotificationEndpointServiceWebhook captures enum value "webhook"
-	AddNotificationEndpointServiceWebhook string = "webhook"
-
-	// AddNotificationEndpointServiceAmqp captures enum value "amqp"
-	AddNotificationEndpointServiceAmqp string = "amqp"
-
-	// AddNotificationEndpointServiceKafka captures enum value "kafka"
-	AddNotificationEndpointServiceKafka string = "kafka"
-
-	// AddNotificationEndpointServiceMqtt captures enum value "mqtt"
-	AddNotificationEndpointServiceMqtt string = "mqtt"
-
-	// AddNotificationEndpointServiceNats captures enum value "nats"
-	AddNotificationEndpointServiceNats string = "nats"
-
-	// AddNotificationEndpointServiceNsq captures enum value "nsq"
-	AddNotificationEndpointServiceNsq string = "nsq"
-
-	// AddNotificationEndpointServiceMysql captures enum value "mysql"
-	AddNotificationEndpointServiceMysql string = "mysql"
-
-	// AddNotificationEndpointServicePostgres captures enum value "postgres"
-	AddNotificationEndpointServicePostgres string = "postgres"
-
-	// AddNotificationEndpointServiceElasticsearch captures enum value "elasticsearch"
-	AddNotificationEndpointServiceElasticsearch string = "elasticsearch"
-
-	// AddNotificationEndpointServiceRedis captures enum value "redis"
-	AddNotificationEndpointServiceRedis string = "redis"
-)
-
-// prop value enum
-func (m *AddNotificationEndpoint) validateServiceEnum(path, location string, value string) error {
-	if err := validate.Enum(path, location, value, addNotificationEndpointTypeServicePropEnum); err != nil {
-		return err
-	}
-	return nil
-}
-
-func (m *AddNotificationEndpoint) validateService(formats strfmt.Registry) error {
-
-	if swag.IsZero(m.Service) { // not required
-		return nil
-	}
-
-	// value enum
-	if err := m.validateServiceEnum("service", "body", m.Service); err != nil {
-		return err
-	}
-
-	return nil
-}
-
-// MarshalBinary interface implementation
-func (m *AddNotificationEndpoint) MarshalBinary() ([]byte, error) {
-	if m == nil {
-		return nil, nil
-	}
-	return swag.WriteJSON(m)
-}
-
-// UnmarshalBinary interface implementation
-func (m *AddNotificationEndpoint) UnmarshalBinary(b []byte) error {
-	var res AddNotificationEndpoint
-	if err := swag.ReadJSON(b, &res); err != nil {
-		return err
-	}
-	*m = res
-	return nil
-}
--- a/models/add_policy_request.go
+++ b/models/add_policy_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/add_user_request.go
+++ b/models/add_user_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/admin_info_response.go
+++ b/models/admin_info_response.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -23,6 +23,9 @@ package models
 // Editing this file might prove futile when you re-run the swagger generate command

 import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
 	"github.com/go-openapi/strfmt"
 	"github.com/go-openapi/swag"
 )
@@ -40,10 +43,47 @@ type AdminInfoResponse struct {

 	// usage
 	Usage int64 `json:"usage,omitempty"`
+
+	// widgets
+	Widgets []*Widget `json:"widgets"`
 }

 // Validate validates this admin info response
 func (m *AdminInfoResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateWidgets(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AdminInfoResponse) validateWidgets(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Widgets) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Widgets); i++ {
+		if swag.IsZero(m.Widgets[i]) { // not required
+			continue
+		}
+
+		if m.Widgets[i] != nil {
+			if err := m.Widgets[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("widgets" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
 	return nil
 }

--- a/models/arns_response.go
+++ b/models/arns_response.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/aws_configuration.go
+++ b/models/aws_configuration.go
@@ -0,0 +1,258 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// AwsConfiguration aws configuration
+//
+// swagger:model awsConfiguration
+type AwsConfiguration struct {
+
+	// secretsmanager
+	// Required: true
+	Secretsmanager *AwsConfigurationSecretsmanager `json:"secretsmanager"`
+}
+
+// Validate validates this aws configuration
+func (m *AwsConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateSecretsmanager(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfiguration) validateSecretsmanager(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager", "body", m.Secretsmanager); err != nil {
+		return err
+	}
+
+	if m.Secretsmanager != nil {
+		if err := m.Secretsmanager.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfiguration) UnmarshalBinary(b []byte) error {
+	var res AwsConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanager aws configuration secretsmanager
+//
+// swagger:model AwsConfigurationSecretsmanager
+type AwsConfigurationSecretsmanager struct {
+
+	// credentials
+	// Required: true
+	Credentials *AwsConfigurationSecretsmanagerCredentials `json:"credentials"`
+
+	// endpoint
+	// Required: true
+	Endpoint *string `json:"endpoint"`
+
+	// kmskey
+	Kmskey string `json:"kmskey,omitempty"`
+
+	// region
+	// Required: true
+	Region *string `json:"region"`
+}
+
+// Validate validates this aws configuration secretsmanager
+func (m *AwsConfigurationSecretsmanager) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateCredentials(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEndpoint(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateRegion(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateCredentials(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials", "body", m.Credentials); err != nil {
+		return err
+	}
+
+	if m.Credentials != nil {
+		if err := m.Credentials.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("secretsmanager" + "." + "credentials")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateEndpoint(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"endpoint", "body", m.Endpoint); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanager) validateRegion(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"region", "body", m.Region); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanager) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanager
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
+
+// AwsConfigurationSecretsmanagerCredentials aws configuration secretsmanager credentials
+//
+// swagger:model AwsConfigurationSecretsmanagerCredentials
+type AwsConfigurationSecretsmanagerCredentials struct {
+
+	// accesskey
+	// Required: true
+	Accesskey *string `json:"accesskey"`
+
+	// secretkey
+	// Required: true
+	Secretkey *string `json:"secretkey"`
+
+	// token
+	Token string `json:"token,omitempty"`
+}
+
+// Validate validates this aws configuration secretsmanager credentials
+func (m *AwsConfigurationSecretsmanagerCredentials) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccesskey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretkey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateAccesskey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"accesskey", "body", m.Accesskey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *AwsConfigurationSecretsmanagerCredentials) validateSecretkey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretsmanager"+"."+"credentials"+"."+"secretkey", "body", m.Secretkey); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *AwsConfigurationSecretsmanagerCredentials) UnmarshalBinary(b []byte) error {
+	var res AwsConfigurationSecretsmanagerCredentials
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket.go
+++ b/models/bucket.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/bucket_access.go
+++ b/models/bucket_access.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -61,7 +61,7 @@ func init() {
 }

 func (m BucketAccess) validateBucketAccessEnum(path, location string, value BucketAccess) error {
-	if err := validate.Enum(path, location, value, bucketAccessEnum); err != nil {
+	if err := validate.EnumCase(path, location, value, bucketAccessEnum, true); err != nil {
 		return err
 	}
 	return nil
--- a/models/bucket_encryption_info.go
+++ b/models/bucket_encryption_info.go
@@ -0,0 +1,63 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketEncryptionInfo bucket encryption info
+//
+// swagger:model bucketEncryptionInfo
+type BucketEncryptionInfo struct {
+
+	// algorithm
+	Algorithm string `json:"algorithm,omitempty"`
+
+	// kms master key ID
+	KmsMasterKeyID string `json:"kmsMasterKeyID,omitempty"`
+}
+
+// Validate validates this bucket encryption info
+func (m *BucketEncryptionInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketEncryptionInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketEncryptionInfo) UnmarshalBinary(b []byte) error {
+	var res BucketEncryptionInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_encryption_request.go
+++ b/models/bucket_encryption_request.go
@@ -0,0 +1,89 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketEncryptionRequest bucket encryption request
+//
+// swagger:model bucketEncryptionRequest
+type BucketEncryptionRequest struct {
+
+	// enc type
+	EncType BucketEncryptionType `json:"encType,omitempty"`
+
+	// kms key ID
+	KmsKeyID string `json:"kmsKeyID,omitempty"`
+}
+
+// Validate validates this bucket encryption request
+func (m *BucketEncryptionRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateEncType(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketEncryptionRequest) validateEncType(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.EncType) { // not required
+		return nil
+	}
+
+	if err := m.EncType.Validate(formats); err != nil {
+		if ve, ok := err.(*errors.Validation); ok {
+			return ve.ValidateName("encType")
+		}
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketEncryptionRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketEncryptionRequest) UnmarshalBinary(b []byte) error {
+	var res BucketEncryptionRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_encryption_type.go
+++ b/models/bucket_encryption_type.go
@@ -0,0 +1,80 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/validate"
+)
+
+// BucketEncryptionType bucket encryption type
+//
+// swagger:model bucketEncryptionType
+type BucketEncryptionType string
+
+const (
+
+	// BucketEncryptionTypeSseS3 captures enum value "sse-s3"
+	BucketEncryptionTypeSseS3 BucketEncryptionType = "sse-s3"
+
+	// BucketEncryptionTypeSseKms captures enum value "sse-kms"
+	BucketEncryptionTypeSseKms BucketEncryptionType = "sse-kms"
+)
+
+// for schema
+var bucketEncryptionTypeEnum []interface{}
+
+func init() {
+	var res []BucketEncryptionType
+	if err := json.Unmarshal([]byte(`["sse-s3","sse-kms"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketEncryptionTypeEnum = append(bucketEncryptionTypeEnum, v)
+	}
+}
+
+func (m BucketEncryptionType) validateBucketEncryptionTypeEnum(path, location string, value BucketEncryptionType) error {
+	if err := validate.EnumCase(path, location, value, bucketEncryptionTypeEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+// Validate validates this bucket encryption type
+func (m BucketEncryptionType) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// value enum
+	if err := m.validateBucketEncryptionTypeEnum("", "body", m); err != nil {
+		return err
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
--- a/models/bucket_event_request.go
+++ b/models/bucket_event_request.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/bucket_lifecycle_response.go
+++ b/models/bucket_lifecycle_response.go
@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketLifecycleResponse bucket lifecycle response
+//
+// swagger:model bucketLifecycleResponse
+type BucketLifecycleResponse struct {
+
+	// lifecycle
+	Lifecycle []*ObjectBucketLifecycle `json:"lifecycle"`
+}
+
+// Validate validates this bucket lifecycle response
+func (m *BucketLifecycleResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateLifecycle(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketLifecycleResponse) validateLifecycle(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Lifecycle) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Lifecycle); i++ {
+		if swag.IsZero(m.Lifecycle[i]) { // not required
+			continue
+		}
+
+		if m.Lifecycle[i] != nil {
+			if err := m.Lifecycle[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("lifecycle" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketLifecycleResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketLifecycleResponse) UnmarshalBinary(b []byte) error {
+	var res BucketLifecycleResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_ob_locking_response.go
+++ b/models/bucket_ob_locking_response.go
@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketObLockingResponse bucket ob locking response
+//
+// swagger:model bucketObLockingResponse
+type BucketObLockingResponse struct {
+
+	// object locking enabled
+	ObjectLockingEnabled bool `json:"object_locking_enabled,omitempty"`
+}
+
+// Validate validates this bucket ob locking response
+func (m *BucketObLockingResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketObLockingResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketObLockingResponse) UnmarshalBinary(b []byte) error {
+	var res BucketObLockingResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_object.go
+++ b/models/bucket_object.go
@@ -0,0 +1,99 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketObject bucket object
+//
+// swagger:model bucketObject
+type BucketObject struct {
+
+	// content type
+	ContentType string `json:"content_type,omitempty"`
+
+	// expiration
+	Expiration string `json:"expiration,omitempty"`
+
+	// expiration rule id
+	ExpirationRuleID string `json:"expiration_rule_id,omitempty"`
+
+	// is delete marker
+	IsDeleteMarker bool `json:"is_delete_marker,omitempty"`
+
+	// is latest
+	IsLatest bool `json:"is_latest,omitempty"`
+
+	// last modified
+	LastModified string `json:"last_modified,omitempty"`
+
+	// legal hold status
+	LegalHoldStatus string `json:"legal_hold_status,omitempty"`
+
+	// name
+	Name string `json:"name,omitempty"`
+
+	// retention mode
+	RetentionMode string `json:"retention_mode,omitempty"`
+
+	// retention until date
+	RetentionUntilDate string `json:"retention_until_date,omitempty"`
+
+	// size
+	Size int64 `json:"size,omitempty"`
+
+	// tags
+	Tags map[string]string `json:"tags,omitempty"`
+
+	// user tags
+	UserTags map[string]string `json:"user_tags,omitempty"`
+
+	// version id
+	VersionID string `json:"version_id,omitempty"`
+}
+
+// Validate validates this bucket object
+func (m *BucketObject) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketObject) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketObject) UnmarshalBinary(b []byte) error {
+	var res BucketObject
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_replication_destination.go
+++ b/models/bucket_replication_destination.go
@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketReplicationDestination bucket replication destination
+//
+// swagger:model bucketReplicationDestination
+type BucketReplicationDestination struct {
+
+	// bucket
+	Bucket string `json:"bucket,omitempty"`
+}
+
+// Validate validates this bucket replication destination
+func (m *BucketReplicationDestination) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationDestination) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationDestination) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationDestination
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_replication_response.go
+++ b/models/bucket_replication_response.go
@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketReplicationResponse bucket replication response
+//
+// swagger:model bucketReplicationResponse
+type BucketReplicationResponse struct {
+
+	// rules
+	Rules []*BucketReplicationRule `json:"rules"`
+}
+
+// Validate validates this bucket replication response
+func (m *BucketReplicationResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateRules(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationResponse) validateRules(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Rules) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Rules); i++ {
+		if swag.IsZero(m.Rules[i]) { // not required
+			continue
+		}
+
+		if m.Rules[i] != nil {
+			if err := m.Rules[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("rules" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationResponse) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_replication_rule.go
+++ b/models/bucket_replication_rule.go
@@ -0,0 +1,220 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// BucketReplicationRule bucket replication rule
+//
+// swagger:model bucketReplicationRule
+type BucketReplicationRule struct {
+
+	// bandwidth
+	Bandwidth string `json:"bandwidth,omitempty"`
+
+	// delete marker replication
+	DeleteMarkerReplication bool `json:"delete_marker_replication,omitempty"`
+
+	// deletes replication
+	DeletesReplication bool `json:"deletes_replication,omitempty"`
+
+	// destination
+	Destination *BucketReplicationDestination `json:"destination,omitempty"`
+
+	// health check period
+	HealthCheckPeriod int64 `json:"healthCheckPeriod,omitempty"`
+
+	// id
+	ID string `json:"id,omitempty"`
+
+	// metadata replication
+	MetadataReplication bool `json:"metadata_replication,omitempty"`
+
+	// prefix
+	Prefix string `json:"prefix,omitempty"`
+
+	// priority
+	Priority int32 `json:"priority,omitempty"`
+
+	// status
+	// Enum: [Enabled Disabled]
+	Status string `json:"status,omitempty"`
+
+	// sync mode
+	// Enum: [async sync]
+	SyncMode *string `json:"syncMode,omitempty"`
+
+	// tags
+	Tags string `json:"tags,omitempty"`
+}
+
+// Validate validates this bucket replication rule
+func (m *BucketReplicationRule) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDestination(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateStatus(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSyncMode(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateDestination(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Destination) { // not required
+		return nil
+	}
+
+	if m.Destination != nil {
+		if err := m.Destination.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("destination")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+var bucketReplicationRuleTypeStatusPropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["Enabled","Disabled"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketReplicationRuleTypeStatusPropEnum = append(bucketReplicationRuleTypeStatusPropEnum, v)
+	}
+}
+
+const (
+
+	// BucketReplicationRuleStatusEnabled captures enum value "Enabled"
+	BucketReplicationRuleStatusEnabled string = "Enabled"
+
+	// BucketReplicationRuleStatusDisabled captures enum value "Disabled"
+	BucketReplicationRuleStatusDisabled string = "Disabled"
+)
+
+// prop value enum
+func (m *BucketReplicationRule) validateStatusEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketReplicationRuleTypeStatusPropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateStatus(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Status) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateStatusEnum("status", "body", m.Status); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+var bucketReplicationRuleTypeSyncModePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["async","sync"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		bucketReplicationRuleTypeSyncModePropEnum = append(bucketReplicationRuleTypeSyncModePropEnum, v)
+	}
+}
+
+const (
+
+	// BucketReplicationRuleSyncModeAsync captures enum value "async"
+	BucketReplicationRuleSyncModeAsync string = "async"
+
+	// BucketReplicationRuleSyncModeSync captures enum value "sync"
+	BucketReplicationRuleSyncModeSync string = "sync"
+)
+
+// prop value enum
+func (m *BucketReplicationRule) validateSyncModeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, bucketReplicationRuleTypeSyncModePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *BucketReplicationRule) validateSyncMode(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.SyncMode) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateSyncModeEnum("syncMode", "body", *m.SyncMode); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketReplicationRule) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketReplicationRule) UnmarshalBinary(b []byte) error {
+	var res BucketReplicationRule
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bucket_versioning_response.go
+++ b/models/bucket_versioning_response.go
@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// BucketVersioningResponse bucket versioning response
+//
+// swagger:model bucketVersioningResponse
+type BucketVersioningResponse struct {
+
+	// is versioned
+	IsVersioned bool `json:"is_versioned,omitempty"`
+}
+
+// Validate validates this bucket versioning response
+func (m *BucketVersioningResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *BucketVersioningResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *BucketVersioningResponse) UnmarshalBinary(b []byte) error {
+	var res BucketVersioningResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/bulk_user_groups.go
+++ b/models/bulk_user_groups.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/config_description.go
+++ b/models/config_description.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/configuration.go
+++ b/models/configuration.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/configuration_k_v.go
+++ b/models/configuration_k_v.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
--- a/models/console_configuration.go
+++ b/models/console_configuration.go
@@ -0,0 +1,117 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ConsoleConfiguration console configuration
+//
+// swagger:model consoleConfiguration
+type ConsoleConfiguration struct {
+	MetadataFields
+
+	// image
+	Image string `json:"image,omitempty"`
+}
+
+// UnmarshalJSON unmarshals this object from a JSON structure
+func (m *ConsoleConfiguration) UnmarshalJSON(raw []byte) error {
+	// AO0
+	var aO0 MetadataFields
+	if err := swag.ReadJSON(raw, &aO0); err != nil {
+		return err
+	}
+	m.MetadataFields = aO0
+
+	// AO1
+	var dataAO1 struct {
+		Image string `json:"image,omitempty"`
+	}
+	if err := swag.ReadJSON(raw, &dataAO1); err != nil {
+		return err
+	}
+
+	m.Image = dataAO1.Image
+
+	return nil
+}
+
+// MarshalJSON marshals this object to a JSON structure
+func (m ConsoleConfiguration) MarshalJSON() ([]byte, error) {
+	_parts := make([][]byte, 0, 2)
+
+	aO0, err := swag.WriteJSON(m.MetadataFields)
+	if err != nil {
+		return nil, err
+	}
+	_parts = append(_parts, aO0)
+	var dataAO1 struct {
+		Image string `json:"image,omitempty"`
+	}
+
+	dataAO1.Image = m.Image
+
+	jsonDataAO1, errAO1 := swag.WriteJSON(dataAO1)
+	if errAO1 != nil {
+		return nil, errAO1
+	}
+	_parts = append(_parts, jsonDataAO1)
+	return swag.ConcatJSON(_parts...), nil
+}
+
+// Validate validates this console configuration
+func (m *ConsoleConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// validation for a type composition with MetadataFields
+	if err := m.MetadataFields.Validate(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ConsoleConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ConsoleConfiguration) UnmarshalBinary(b []byte) error {
+	var res ConsoleConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/create_remote_bucket.go
+++ b/models/create_remote_bucket.go
@@ -0,0 +1,221 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"encoding/json"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// CreateRemoteBucket create remote bucket
+//
+// swagger:model createRemoteBucket
+type CreateRemoteBucket struct {
+
+	// access key
+	// Required: true
+	// Min Length: 3
+	AccessKey *string `json:"accessKey"`
+
+	// bandwidth
+	Bandwidth int64 `json:"bandwidth,omitempty"`
+
+	// health check period
+	HealthCheckPeriod int32 `json:"healthCheckPeriod,omitempty"`
+
+	// region
+	Region string `json:"region,omitempty"`
+
+	// secret key
+	// Required: true
+	// Min Length: 8
+	SecretKey *string `json:"secretKey"`
+
+	// source bucket
+	// Required: true
+	SourceBucket *string `json:"sourceBucket"`
+
+	// sync mode
+	// Enum: [async sync]
+	SyncMode *string `json:"syncMode,omitempty"`
+
+	// target bucket
+	// Required: true
+	TargetBucket *string `json:"targetBucket"`
+
+	// target URL
+	// Required: true
+	TargetURL *string `json:"targetURL"`
+}
+
+// Validate validates this create remote bucket
+func (m *CreateRemoteBucket) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateAccessKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSecretKey(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSourceBucket(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateSyncMode(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargetBucket(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTargetURL(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateAccessKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("accessKey", "body", m.AccessKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("accessKey", "body", string(*m.AccessKey), 3); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateSecretKey(formats strfmt.Registry) error {
+
+	if err := validate.Required("secretKey", "body", m.SecretKey); err != nil {
+		return err
+	}
+
+	if err := validate.MinLength("secretKey", "body", string(*m.SecretKey), 8); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateSourceBucket(formats strfmt.Registry) error {
+
+	if err := validate.Required("sourceBucket", "body", m.SourceBucket); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+var createRemoteBucketTypeSyncModePropEnum []interface{}
+
+func init() {
+	var res []string
+	if err := json.Unmarshal([]byte(`["async","sync"]`), &res); err != nil {
+		panic(err)
+	}
+	for _, v := range res {
+		createRemoteBucketTypeSyncModePropEnum = append(createRemoteBucketTypeSyncModePropEnum, v)
+	}
+}
+
+const (
+
+	// CreateRemoteBucketSyncModeAsync captures enum value "async"
+	CreateRemoteBucketSyncModeAsync string = "async"
+
+	// CreateRemoteBucketSyncModeSync captures enum value "sync"
+	CreateRemoteBucketSyncModeSync string = "sync"
+)
+
+// prop value enum
+func (m *CreateRemoteBucket) validateSyncModeEnum(path, location string, value string) error {
+	if err := validate.EnumCase(path, location, value, createRemoteBucketTypeSyncModePropEnum, true); err != nil {
+		return err
+	}
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateSyncMode(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.SyncMode) { // not required
+		return nil
+	}
+
+	// value enum
+	if err := m.validateSyncModeEnum("syncMode", "body", *m.SyncMode); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateTargetBucket(formats strfmt.Registry) error {
+
+	if err := validate.Required("targetBucket", "body", m.TargetBucket); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateRemoteBucket) validateTargetURL(formats strfmt.Registry) error {
+
+	if err := validate.Required("targetURL", "body", m.TargetURL); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateRemoteBucket) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateRemoteBucket) UnmarshalBinary(b []byte) error {
+	var res CreateRemoteBucket
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/create_tenant_request.go
+++ b/models/create_tenant_request.go
@@ -0,0 +1,355 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// CreateTenantRequest create tenant request
+//
+// swagger:model createTenantRequest
+type CreateTenantRequest struct {
+
+	// access key
+	AccessKey string `json:"access_key,omitempty"`
+
+	// annotations
+	Annotations map[string]string `json:"annotations,omitempty"`
+
+	// console
+	Console *ConsoleConfiguration `json:"console,omitempty"`
+
+	// console image
+	ConsoleImage string `json:"console_image,omitempty"`
+
+	// enable console
+	EnableConsole *bool `json:"enable_console,omitempty"`
+
+	// enable prometheus
+	EnablePrometheus *bool `json:"enable_prometheus,omitempty"`
+
+	// enable tls
+	EnableTLS *bool `json:"enable_tls,omitempty"`
+
+	// encryption
+	Encryption *EncryptionConfiguration `json:"encryption,omitempty"`
+
+	// erasure coding parity
+	ErasureCodingParity int64 `json:"erasureCodingParity,omitempty"`
+
+	// expose console
+	ExposeConsole bool `json:"expose_console,omitempty"`
+
+	// expose minio
+	ExposeMinio bool `json:"expose_minio,omitempty"`
+
+	// idp
+	Idp *IdpConfiguration `json:"idp,omitempty"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// image pull secret
+	ImagePullSecret string `json:"image_pull_secret,omitempty"`
+
+	// image registry
+	ImageRegistry *ImageRegistry `json:"image_registry,omitempty"`
+
+	// labels
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// log search configuration
+	LogSearchConfiguration *LogSearchConfiguration `json:"logSearchConfiguration,omitempty"`
+
+	// mounth path
+	MounthPath string `json:"mounth_path,omitempty"`
+
+	// name
+	// Required: true
+	// Pattern: ^[a-z0-9-]{3,63}$
+	Name *string `json:"name"`
+
+	// namespace
+	// Required: true
+	Namespace *string `json:"namespace"`
+
+	// pools
+	// Required: true
+	Pools []*Pool `json:"pools"`
+
+	// prometheus configuration
+	PrometheusConfiguration *PrometheusConfiguration `json:"prometheusConfiguration,omitempty"`
+
+	// secret key
+	SecretKey string `json:"secret_key,omitempty"`
+
+	// tls
+	TLS *TLSConfiguration `json:"tls,omitempty"`
+}
+
+// Validate validates this create tenant request
+func (m *CreateTenantRequest) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateEncryption(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateIdp(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateImageRegistry(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateLogSearchConfiguration(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateName(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateNamespace(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validatePools(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validatePrometheusConfiguration(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateTLS(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateTenantRequest) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	if m.Console != nil {
+		if err := m.Console.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("console")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateEncryption(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Encryption) { // not required
+		return nil
+	}
+
+	if m.Encryption != nil {
+		if err := m.Encryption.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("encryption")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateIdp(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Idp) { // not required
+		return nil
+	}
+
+	if m.Idp != nil {
+		if err := m.Idp.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("idp")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateImageRegistry(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.ImageRegistry) { // not required
+		return nil
+	}
+
+	if m.ImageRegistry != nil {
+		if err := m.ImageRegistry.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("image_registry")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateLogSearchConfiguration(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.LogSearchConfiguration) { // not required
+		return nil
+	}
+
+	if m.LogSearchConfiguration != nil {
+		if err := m.LogSearchConfiguration.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("logSearchConfiguration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateName(formats strfmt.Registry) error {
+
+	if err := validate.Required("name", "body", m.Name); err != nil {
+		return err
+	}
+
+	if err := validate.Pattern("name", "body", string(*m.Name), `^[a-z0-9-]{3,63}$`); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateNamespace(formats strfmt.Registry) error {
+
+	if err := validate.Required("namespace", "body", m.Namespace); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validatePools(formats strfmt.Registry) error {
+
+	if err := validate.Required("pools", "body", m.Pools); err != nil {
+		return err
+	}
+
+	for i := 0; i < len(m.Pools); i++ {
+		if swag.IsZero(m.Pools[i]) { // not required
+			continue
+		}
+
+		if m.Pools[i] != nil {
+			if err := m.Pools[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("pools" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validatePrometheusConfiguration(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.PrometheusConfiguration) { // not required
+		return nil
+	}
+
+	if m.PrometheusConfiguration != nil {
+		if err := m.PrometheusConfiguration.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("prometheusConfiguration")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *CreateTenantRequest) validateTLS(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.TLS) { // not required
+		return nil
+	}
+
+	if m.TLS != nil {
+		if err := m.TLS.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("tls")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantRequest) UnmarshalBinary(b []byte) error {
+	var res CreateTenantRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/create_tenant_response.go
+++ b/models/create_tenant_response.go
@@ -0,0 +1,97 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"strconv"
+
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CreateTenantResponse create tenant response
+//
+// swagger:model createTenantResponse
+type CreateTenantResponse struct {
+
+	// console
+	Console []*TenantResponseItem `json:"console"`
+}
+
+// Validate validates this create tenant response
+func (m *CreateTenantResponse) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateConsole(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *CreateTenantResponse) validateConsole(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Console) { // not required
+		return nil
+	}
+
+	for i := 0; i < len(m.Console); i++ {
+		if swag.IsZero(m.Console[i]) { // not required
+			continue
+		}
+
+		if m.Console[i] != nil {
+			if err := m.Console[i].Validate(formats); err != nil {
+				if ve, ok := err.(*errors.Validation); ok {
+					return ve.ValidateName("console" + "." + strconv.Itoa(i))
+				}
+				return err
+			}
+		}
+
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CreateTenantResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CreateTenantResponse) UnmarshalBinary(b []byte) error {
+	var res CreateTenantResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/csi_format_error_response.go
+++ b/models/csi_format_error_response.go
@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// CsiFormatErrorResponse csi format error response
+//
+// swagger:model csiFormatErrorResponse
+type CsiFormatErrorResponse struct {
+
+	// drive
+	Drive string `json:"drive,omitempty"`
+
+	// error
+	Error string `json:"error,omitempty"`
+
+	// node
+	Node string `json:"node,omitempty"`
+}
+
+// Validate validates this csi format error response
+func (m *CsiFormatErrorResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *CsiFormatErrorResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *CsiFormatErrorResponse) UnmarshalBinary(b []byte) error {
+	var res CsiFormatErrorResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/delete_tenant_request.go
+++ b/models/delete_tenant_request.go
@@ -0,0 +1,60 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DeleteTenantRequest delete tenant request
+//
+// swagger:model deleteTenantRequest
+type DeleteTenantRequest struct {
+
+	// delete pvcs
+	DeletePvcs bool `json:"delete_pvcs,omitempty"`
+}
+
+// Validate validates this delete tenant request
+func (m *DeleteTenantRequest) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DeleteTenantRequest) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DeleteTenantRequest) UnmarshalBinary(b []byte) error {
+	var res DeleteTenantRequest
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/direct_c_s_i_drive_info.go
+++ b/models/direct_c_s_i_drive_info.go
@@ -0,0 +1,78 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DirectCSIDriveInfo direct c s i drive info
+//
+// swagger:model directCSIDriveInfo
+type DirectCSIDriveInfo struct {
+
+	// allocated
+	Allocated int64 `json:"allocated,omitempty"`
+
+	// capacity
+	Capacity int64 `json:"capacity,omitempty"`
+
+	// drive
+	Drive string `json:"drive,omitempty"`
+
+	// message
+	Message string `json:"message,omitempty"`
+
+	// node
+	Node string `json:"node,omitempty"`
+
+	// status
+	Status string `json:"status,omitempty"`
+
+	// volumes
+	Volumes int64 `json:"volumes,omitempty"`
+}
+
+// Validate validates this direct c s i drive info
+func (m *DirectCSIDriveInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DirectCSIDriveInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DirectCSIDriveInfo) UnmarshalBinary(b []byte) error {
+	var res DirectCSIDriveInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/direct_c_s_i_volume_info.go
+++ b/models/direct_c_s_i_volume_info.go
@@ -0,0 +1,69 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// DirectCSIVolumeInfo direct c s i volume info
+//
+// swagger:model directCSIVolumeInfo
+type DirectCSIVolumeInfo struct {
+
+	// capacity
+	Capacity int64 `json:"capacity,omitempty"`
+
+	// drive
+	Drive string `json:"drive,omitempty"`
+
+	// node
+	Node string `json:"node,omitempty"`
+
+	// volume
+	Volume string `json:"volume,omitempty"`
+}
+
+// Validate validates this direct c s i volume info
+func (m *DirectCSIVolumeInfo) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *DirectCSIVolumeInfo) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *DirectCSIVolumeInfo) UnmarshalBinary(b []byte) error {
+	var res DirectCSIVolumeInfo
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/encryption_configuration.go
+++ b/models/encryption_configuration.go
@@ -0,0 +1,326 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// EncryptionConfiguration encryption configuration
+//
+// swagger:model encryptionConfiguration
+type EncryptionConfiguration struct {
+	MetadataFields
+
+	// aws
+	Aws *AwsConfiguration `json:"aws,omitempty"`
+
+	// client
+	Client *KeyPairConfiguration `json:"client,omitempty"`
+
+	// gcp
+	Gcp *GcpConfiguration `json:"gcp,omitempty"`
+
+	// gemalto
+	Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+	// image
+	Image string `json:"image,omitempty"`
+
+	// replicas
+	Replicas string `json:"replicas,omitempty"`
+
+	// server
+	Server *KeyPairConfiguration `json:"server,omitempty"`
+
+	// vault
+	Vault *VaultConfiguration `json:"vault,omitempty"`
+}
+
+// UnmarshalJSON unmarshals this object from a JSON structure
+func (m *EncryptionConfiguration) UnmarshalJSON(raw []byte) error {
+	// AO0
+	var aO0 MetadataFields
+	if err := swag.ReadJSON(raw, &aO0); err != nil {
+		return err
+	}
+	m.MetadataFields = aO0
+
+	// AO1
+	var dataAO1 struct {
+		Aws *AwsConfiguration `json:"aws,omitempty"`
+
+		Client *KeyPairConfiguration `json:"client,omitempty"`
+
+		Gcp *GcpConfiguration `json:"gcp,omitempty"`
+
+		Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+		Image string `json:"image,omitempty"`
+
+		Replicas string `json:"replicas,omitempty"`
+
+		Server *KeyPairConfiguration `json:"server,omitempty"`
+
+		Vault *VaultConfiguration `json:"vault,omitempty"`
+	}
+	if err := swag.ReadJSON(raw, &dataAO1); err != nil {
+		return err
+	}
+
+	m.Aws = dataAO1.Aws
+
+	m.Client = dataAO1.Client
+
+	m.Gcp = dataAO1.Gcp
+
+	m.Gemalto = dataAO1.Gemalto
+
+	m.Image = dataAO1.Image
+
+	m.Replicas = dataAO1.Replicas
+
+	m.Server = dataAO1.Server
+
+	m.Vault = dataAO1.Vault
+
+	return nil
+}
+
+// MarshalJSON marshals this object to a JSON structure
+func (m EncryptionConfiguration) MarshalJSON() ([]byte, error) {
+	_parts := make([][]byte, 0, 2)
+
+	aO0, err := swag.WriteJSON(m.MetadataFields)
+	if err != nil {
+		return nil, err
+	}
+	_parts = append(_parts, aO0)
+	var dataAO1 struct {
+		Aws *AwsConfiguration `json:"aws,omitempty"`
+
+		Client *KeyPairConfiguration `json:"client,omitempty"`
+
+		Gcp *GcpConfiguration `json:"gcp,omitempty"`
+
+		Gemalto *GemaltoConfiguration `json:"gemalto,omitempty"`
+
+		Image string `json:"image,omitempty"`
+
+		Replicas string `json:"replicas,omitempty"`
+
+		Server *KeyPairConfiguration `json:"server,omitempty"`
+
+		Vault *VaultConfiguration `json:"vault,omitempty"`
+	}
+
+	dataAO1.Aws = m.Aws
+
+	dataAO1.Client = m.Client
+
+	dataAO1.Gcp = m.Gcp
+
+	dataAO1.Gemalto = m.Gemalto
+
+	dataAO1.Image = m.Image
+
+	dataAO1.Replicas = m.Replicas
+
+	dataAO1.Server = m.Server
+
+	dataAO1.Vault = m.Vault
+
+	jsonDataAO1, errAO1 := swag.WriteJSON(dataAO1)
+	if errAO1 != nil {
+		return nil, errAO1
+	}
+	_parts = append(_parts, jsonDataAO1)
+	return swag.ConcatJSON(_parts...), nil
+}
+
+// Validate validates this encryption configuration
+func (m *EncryptionConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	// validation for a type composition with MetadataFields
+	if err := m.MetadataFields.Validate(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateAws(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateClient(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateGcp(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateGemalto(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateServer(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateVault(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateAws(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Aws) { // not required
+		return nil
+	}
+
+	if m.Aws != nil {
+		if err := m.Aws.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("aws")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateClient(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Client) { // not required
+		return nil
+	}
+
+	if m.Client != nil {
+		if err := m.Client.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("client")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateGcp(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Gcp) { // not required
+		return nil
+	}
+
+	if m.Gcp != nil {
+		if err := m.Gcp.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("gcp")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateGemalto(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Gemalto) { // not required
+		return nil
+	}
+
+	if m.Gemalto != nil {
+		if err := m.Gemalto.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("gemalto")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateServer(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Server) { // not required
+		return nil
+	}
+
+	if m.Server != nil {
+		if err := m.Server.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("server")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+func (m *EncryptionConfiguration) validateVault(formats strfmt.Registry) error {
+
+	if swag.IsZero(m.Vault) { // not required
+		return nil
+	}
+
+	if m.Vault != nil {
+		if err := m.Vault.Validate(formats); err != nil {
+			if ve, ok := err.(*errors.Validation); ok {
+				return ve.ValidateName("vault")
+			}
+			return err
+		}
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *EncryptionConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *EncryptionConfiguration) UnmarshalBinary(b []byte) error {
+	var res EncryptionConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/error.go
+++ b/models/error.go
@@ -1,7 +1,7 @@
 // Code generated by go-swagger; DO NOT EDIT.

 // This file is part of MinIO Console Server
-// Copyright (c) 2020 MinIO, Inc.
+// Copyright (c) 2021 MinIO, Inc.
 //
 // This program is free software: you can redistribute it and/or modify
 // it under the terms of the GNU Affero General Public License as published by
@@ -35,7 +35,7 @@ import (
 type Error struct {

 	// code
-	Code int64 `json:"code,omitempty"`
+	Code int32 `json:"code,omitempty"`

 	// message
 	// Required: true
--- a/models/expiration_response.go
+++ b/models/expiration_response.go
@@ -0,0 +1,66 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+)
+
+// ExpirationResponse expiration response
+//
+// swagger:model expirationResponse
+type ExpirationResponse struct {
+
+	// date
+	Date string `json:"date,omitempty"`
+
+	// days
+	Days int64 `json:"days,omitempty"`
+
+	// delete marker
+	DeleteMarker bool `json:"delete_marker,omitempty"`
+}
+
+// Validate validates this expiration response
+func (m *ExpirationResponse) Validate(formats strfmt.Registry) error {
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *ExpirationResponse) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *ExpirationResponse) UnmarshalBinary(b []byte) error {
+	var res ExpirationResponse
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/models/format_configuration.go
+++ b/models/format_configuration.go
@@ -0,0 +1,99 @@
+// Code generated by go-swagger; DO NOT EDIT.
+
+// This file is part of MinIO Console Server
+// Copyright (c) 2021 MinIO, Inc.
+//
+// This program is free software: you can redistribute it and/or modify
+// it under the terms of the GNU Affero General Public License as published by
+// the Free Software Foundation, either version 3 of the License, or
+// (at your option) any later version.
+//
+// This program is distributed in the hope that it will be useful,
+// but WITHOUT ANY WARRANTY; without even the implied warranty of
+// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+// GNU Affero General Public License for more details.
+//
+// You should have received a copy of the GNU Affero General Public License
+// along with this program.  If not, see <http://www.gnu.org/licenses/>.
+//
+
+package models
+
+// This file was generated by the swagger tool.
+// Editing this file might prove futile when you re-run the swagger generate command
+
+import (
+	"github.com/go-openapi/errors"
+	"github.com/go-openapi/strfmt"
+	"github.com/go-openapi/swag"
+	"github.com/go-openapi/validate"
+)
+
+// FormatConfiguration format configuration
+//
+// swagger:model formatConfiguration
+type FormatConfiguration struct {
+
+	// drives
+	// Required: true
+	// Min Length: 1
+	Drives []string `json:"drives"`
+
+	// force
+	// Required: true
+	Force *bool `json:"force"`
+}
+
+// Validate validates this format configuration
+func (m *FormatConfiguration) Validate(formats strfmt.Registry) error {
+	var res []error
+
+	if err := m.validateDrives(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if err := m.validateForce(formats); err != nil {
+		res = append(res, err)
+	}
+
+	if len(res) > 0 {
+		return errors.CompositeValidationError(res...)
+	}
+	return nil
+}
+
+func (m *FormatConfiguration) validateDrives(formats strfmt.Registry) error {
+
+	if err := validate.Required("drives", "body", m.Drives); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+func (m *FormatConfiguration) validateForce(formats strfmt.Registry) error {
+
+	if err := validate.Required("force", "body", m.Force); err != nil {
+		return err
+	}
+
+	return nil
+}
+
+// MarshalBinary interface implementation
+func (m *FormatConfiguration) MarshalBinary() ([]byte, error) {
+	if m == nil {
+		return nil, nil
+	}
+	return swag.WriteJSON(m)
+}
+
+// UnmarshalBinary interface implementation
+func (m *FormatConfiguration) UnmarshalBinary(b []byte) error {
+	var res FormatConfiguration
+	if err := swag.ReadJSON(b, &res); err != nil {
+		return err
+	}
+	*m = res
+	return nil
+}
--- a/Show More
+++ b/Show More