update v0.3.15

Co-authored-by: Daniel Valdivia <hola@danielvaldivia.com>

k8s/console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:v0.3.14
+          image: minio/console:v0.3.15
           imagePullPolicy: "IfNotPresent"
           args:
             - server

k8s/operator-console/base/console-cluster-role.yaml

@@ -14,6 +14,7 @@ rules:
       - list
       - patch
       - update
+      - deletecollection
   - apiGroups:
       - ""
     resources:
@@ -22,6 +23,7 @@ rules:
       - services
       - events
       - resourcequotas
+      - nodes
     verbs:
       - get
       - watch
@@ -34,6 +36,8 @@ rules:
       - persistentvolumeclaims
     verbs:
       - deletecollection
+      - list
+      - get
   - apiGroups:
       - "storage.k8s.io"
     resources:

k8s/operator-console/base/console-deployment.yaml

@@ -15,7 +15,7 @@ spec:
       serviceAccountName: console-sa
       containers:
         - name: console
-          image: minio/console:v0.3.14
+          image: minio/console:v0.3.15
           imagePullPolicy: "IfNotPresent"
           env:
             - name: CONSOLE_OPERATOR_MODE

restapi/admin_tenants.go

@@ -189,7 +189,12 @@ func deleteTenantAction(
 		opts := metav1.ListOptions{
 			LabelSelector: fmt.Sprintf("%s=%s", operator.TenantLabel, tenantName),
 		}
-		return clientset.PersistentVolumeClaims(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
+		err = clientset.PersistentVolumeClaims(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
+		if err != nil {
+			return err
+		}
+		// delete all tenant's secrets only if deletePvcs = true
+		return clientset.Secrets(namespace).DeleteCollection(ctx, metav1.DeleteOptions{}, opts)
 	}
 	return nil
 }
@@ -393,12 +398,16 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		secretKey = tenantReq.SecretKey
 	}
 
-	secretName := fmt.Sprintf("%s-secret", *tenantReq.Name)
+	tenantName := *tenantReq.Name
+	secretName := fmt.Sprintf("%s-secret", tenantName)
 	imm := true
 
 	instanceSecret := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: secretName,
+			Labels: map[string]string{
+				operator.TenantLabel: tenantName,
+			},
 		},
 		Immutable: &imm,
 		Data: map[string][]byte{
@@ -427,7 +436,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	//Construct a MinIO Instance with everything we are getting from parameters
 	minInst := operator.Tenant{
 		ObjectMeta: metav1.ObjectMeta{
-			Name: *tenantReq.Name,
+			Name: tenantName,
 		},
 		Spec: operator.TenantSpec{
 			Image:     minioImage,
@@ -517,6 +526,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		externalTLSCertificateSecret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: externalTLSCertificateSecretName,
+				Labels: map[string]string{
+					operator.TenantLabel: tenantName,
+				},
 			},
 			Type:      corev1.SecretTypeTLS,
 			Immutable: &imm,
@@ -544,13 +556,13 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		})
 		// KES client mTLSCertificates used by MinIO instance, only if autoCert is not enabled
 		if !minInst.Spec.RequestAutoCert {
-			minInst.Spec.ExternalClientCertSecret, err = getTenantExternalClientCertificates(ctx, clientset, ns, tenantReq.Encryption, secretName)
+			minInst.Spec.ExternalClientCertSecret, err = getTenantExternalClientCertificates(ctx, clientset, ns, tenantReq.Encryption, secretName, tenantName)
 			if err != nil {
 				return nil, err
 			}
 		}
 		// KES configuration for Tenant instance
-		minInst.Spec.KES, err = getKESConfiguration(ctx, clientset, ns, tenantReq.Encryption, secretName, minInst.Spec.RequestAutoCert)
+		minInst.Spec.KES, err = getKESConfiguration(ctx, clientset, ns, tenantReq.Encryption, secretName, tenantName, minInst.Spec.RequestAutoCert)
 		if err != nil {
 			return nil, err
 		}
@@ -566,7 +578,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 	}
 
 	if enableConsole {
-		consoleSelector := fmt.Sprintf("%s-console", *tenantReq.Name)
+		consoleSelector := fmt.Sprintf("%s-console", tenantName)
 		consoleSecretName := fmt.Sprintf("%s-secret", consoleSelector)
 		consoleAccess = RandomCharString(16)
 		consoleSecret = RandomCharString(32)
@@ -574,6 +586,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 		instanceSecret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: consoleSecretName,
+				Labels: map[string]string{
+					operator.TenantLabel: tenantName,
+				},
 			},
 			Immutable: &imm,
 			Data: map[string][]byte{
@@ -611,7 +626,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			return nil, err
 		}
 
-		const consoleVersion = "minio/console:v0.3.14"
+		const consoleVersion = "minio/console:v0.3.15"
 		minInst.Spec.Console = &operator.ConsoleConfiguration{
 			Replicas:      1,
 			Image:         consoleVersion,
@@ -636,6 +651,9 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 			consoleExternalTLSCertificateSecret := corev1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
 					Name: consoleExternalTLSCertificateSecretName,
+					Labels: map[string]string{
+						operator.TenantLabel: tenantName,
+					},
 				},
 				Type:      corev1.SecretTypeTLS,
 				Immutable: &imm,
@@ -689,7 +707,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 
 	if tenantReq.ImagePullSecret != "" {
 		imagePullSecret = tenantReq.ImagePullSecret
-	} else if imagePullSecret, err = setImageRegistry(ctx, *tenantReq.Name, tenantReq.ImageRegistry, clientset.CoreV1(), ns); err != nil {
+	} else if imagePullSecret, err = setImageRegistry(ctx, tenantName, tenantReq.ImageRegistry, clientset.CoreV1(), ns); err != nil {
 		log.Println("error setting image registry secret:", err)
 		return nil, err
 	}
@@ -717,7 +735,7 @@ func getTenantCreatedResponse(session *models.Principal, params admin_api.Create
 
 	// Integratrions
 	if os.Getenv("GKE_INTEGRATION") != "" {
-		err := gkeIntegration(clientset, *tenantReq.Name, ns, session.SessionToken)
+		err := gkeIntegration(clientset, tenantName, ns, session.SessionToken)
 		if err != nil {
 			return nil, err
 		}
@@ -766,6 +784,9 @@ func setImageRegistry(ctx context.Context, tenantName string, req *models.ImageR
 	instanceSecret := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: pullSecretName,
+			Labels: map[string]string{
+				operator.TenantLabel: tenantName,
+			},
 		},
 		Data: map[string][]byte{
 			corev1.DockerConfigJsonKey: []byte(string(imRegistryJSON)),
@@ -1383,7 +1404,7 @@ func parseNodeSelectorTerm(term *corev1.NodeSelectorTerm) *models.NodeSelectorTe
 	return &t
 }
 
-func getTenantExternalClientCertificates(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName string) (clientCertificates *operator.LocalCertificateReference, err error) {
+func getTenantExternalClientCertificates(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName, tenantName string) (clientCertificates *operator.LocalCertificateReference, err error) {
 	instanceExternalClientCertificateSecretName := fmt.Sprintf("%s-instance-external-client-mtls-certificates", secretName)
 	// If there's an error during this process we delete all KES configuration secrets
 	defer func() {
@@ -1408,6 +1429,9 @@ func getTenantExternalClientCertificates(ctx context.Context, clientSet *kuberne
 	instanceExternalClientCertificateSecret := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: instanceExternalClientCertificateSecretName,
+			Labels: map[string]string{
+				operator.TenantLabel: tenantName,
+			},
 		},
 		Type:      corev1.SecretTypeTLS,
 		Immutable: &imm,
@@ -1428,7 +1452,7 @@ func getTenantExternalClientCertificates(ctx context.Context, clientSet *kuberne
 	return clientCertificates, nil
 }
 
-func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName string, autoCert bool) (kesConfiguration *operator.KESConfig, err error) {
+func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, ns string, encryptionCfg *models.EncryptionConfiguration, secretName, tenantName string, autoCert bool) (kesConfiguration *operator.KESConfig, err error) {
 	// secrets used by the KES configuration
 	instanceExternalClientCertificateSecretName := fmt.Sprintf("%s-instance-external-client-mtls-certificates", secretName)
 	kesExternalCertificateSecretName := fmt.Sprintf("%s-kes-external-mtls-certificates", secretName)
@@ -1484,6 +1508,9 @@ func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, n
 		kesExternalCertificateSecret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: kesExternalCertificateSecretName,
+				Labels: map[string]string{
+					operator.TenantLabel: tenantName,
+				},
 			},
 			Type:      corev1.SecretTypeTLS,
 			Immutable: &imm,
@@ -1669,6 +1696,9 @@ func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, n
 		kesClientCertSecret := corev1.Secret{
 			ObjectMeta: metav1.ObjectMeta{
 				Name: kesClientCertSecretName,
+				Labels: map[string]string{
+					operator.TenantLabel: tenantName,
+				},
 			},
 			Immutable: &imm,
 			Data:      mTLSCertificates,
@@ -1692,6 +1722,9 @@ func getKESConfiguration(ctx context.Context, clientSet *kubernetes.Clientset, n
 	kesConfigurationSecret := corev1.Secret{
 		ObjectMeta: metav1.ObjectMeta{
 			Name: kesConfigurationSecretName,
+			Labels: map[string]string{
+				operator.TenantLabel: tenantName,
+			},
 		},
 		Immutable: &imm,
 		Data: map[string][]byte{

restapi/admin_tenants_test.go

@@ -871,7 +871,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				},
 				params: admin_api.UpdateTenantParams{
 					Body: &models.UpdateTenantRequest{
-						ConsoleImage: "minio/console:v0.3.14",
+						ConsoleImage: "minio/console:v0.3.15",
 					},
 				},
 			},