diff --git a/Makefile b/Makefile index 0513b41c..5c9017cb 100644 --- a/Makefile +++ b/Makefile @@ -236,6 +236,9 @@ sync-minio-version: sync-sdks: @(./sync-docs.sh) +sync-operator-crd: + @(./sync-minio-operator-crd.sh) + # Can probably safely remove this at some point sync-deps: # C++ and Rust repos do not have any releases yet. diff --git a/README.md b/README.md index 90c7bb10..42aa5e36 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ MinIO uses [Sphinx](https://www.sphinx-doc.org/en/master/index.html) to generate - Any GNU/Linux Operating System, or macOS 12.3 or later. - python 3.10.x and python-pip - python3.10-venv -- sphinx 4.3.2 +- sphinx 6.2.1 - nodejs 14.5.0 or later - npm 16.19.1 or later - `git` or a git-compatible client @@ -69,6 +69,27 @@ Does the following: 1. Check that the `build/GITDIR/linux` folder exists 2. Copies the contents of `build/GITDIR/linux/html/*` to `docs-staging/staging/GITDIR/linux` +# Syncing Operator CRD Docs + +For importing the Operator CRD Docs specifically, you must have: + +- pandoc (latest stable) +- asciidoc (latest stable) + +In addition to all other prerequisites. + +Run + +``` +make sync-operator-crd +``` + +This downloads and converts the `tenant-crd.adoc` from the MinIO Operator github repository. +It converts it to XML, then to markdown. +Finally, it does some `sed` find/replace to tidy up the file for Sphinx ingest. + +You can run this when we have a new Operator release being documented, assuming there are changes to the CRD as part of that release. + # License This project is licensed under a [Creative Commons Attribution 4.0 International License](https://creativecommons.org/licenses/by/4.0/legalcode). See [CONTRIBUTING.md](https://github.com/minio/docs/tree/master/CONTRIBUTING.md) guide for more information on contributing to the MinIO Documentation project. diff --git a/source/_static/scss/includes/_misc.scss b/source/_static/scss/includes/_misc.scss index b410bc1e..19d8fe86 100644 --- a/source/_static/scss/includes/_misc.scss +++ b/source/_static/scss/includes/_misc.scss @@ -370,4 +370,14 @@ figcaption { font-size: small; font-weight: bold; } +} + + +// --------------------------------------- +// Fixing table issues from asciidoc -> md +// --------------------------------------- + +table thead tr.header { + background-color: lightgray; + box-shadow: none; } \ No newline at end of file diff --git a/source/includes/k8s/ext-tenant-crd.md b/source/includes/k8s/ext-tenant-crd.md new file mode 100644 index 00000000..9210876b --- /dev/null +++ b/source/includes/k8s/ext-tenant-crd.md @@ -0,0 +1,1603 @@ + + +# Operator CRD v2 Reference + +Package v2 - This page provides a quick automatically generated +reference for the MinIO Operator `Operator CRD v2 Reference` CRD. For more +complete documentation on the MinIO Operator CRD, see [MinIO Kubernetes +Documentation](https://min.io/docs/minio/kubernetes/upstream/index.html). + +The `Operator CRD v2 Reference` API was released with the v4.0.0 MinIO Operator. +The MinIO Operator automatically converts existing tenants using the +`/v1` API to `/v2`. + +- [Tenant](#tenant) + +## Bucket + +Bucket describes the default created buckets + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

name +string

region +string

objectLock +boolean

+ +## CertificateConfig + +CertificateConfig (`certConfig`) defines controlling attributes +associated to any TLS certificate automatically generated by the +Operator as part of tenant creation. These fields have no effect if +`spec.autoCert: false`. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

commonName +string

Optional
+The CommonName or CN attribute to associate to +automatically generated TLS certificates.
+

organizationName +string array

Optional
+Specify one or more OrganizationName or O +attributes to associate to automatically generated TLS +certificates.
+

dnsNames +string array

Optional
+Specify one or more x.509 Subject Alternative Names (SAN) to associate +to automatically generated TLS certificates. MinIO Server pods use SNI +to determine which certificate to respond with based on the requested +hostname.

+ +## CertificateStatus + +CertificateStatus keeps track of all the certificates managed by the +operator + +- [TenantStatus](#tenantstatus) + + ++++ + + + + + + + + + + + + + + + + +
FieldDescription

autoCertEnabled +boolean

AutoCertEnabled registers whether we +know if the tenant has autocert enabled

customCertificates +CustomCertificates

Provides the output of the +client, minio, and`minioCAs` custom TLS +certificates manually added to the Operator.

+ +## CustomCertificateConfig + +CustomCertificateConfig (`customCertificateConfig`) provides attributes +associated of the TLS certificates manually added to the Operator as +part of tenant creation. These fields contain no data if there are no +custom TLS certificates. + +- [CustomCertificates](#customcertificates) + +## CustomCertificates + +CustomCertificates (`customCertificates`) provides groupings of the TLS +certificates manually added to the Operator as part of tenant creation. +These fields contain no data if there are no custom TLS certificates. + +- [CertificateStatus](#certificatestatus) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

client +CustomCertificateConfig +array

Optional
+Client

minio +CustomCertificateConfig +array

Optional
+Minio

minioCAs +CustomCertificateConfig +array

Optional
+Certificate Authorities

+ +## ExposeServices + +ExposeServices (`exposeServices`) defines the exposure of the MinIO +object storage and Console services. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + +
FieldDescription

minio +boolean

Optional
+Directs the Operator to expose the MinIO service. Defaults to +true.
+

console +boolean

Optional
+Directs the Operator to expose the MinIO Console service. Defaults to +true.
+

+ +## Features + +Features (`features`) - Object describing which MinIO features to +enable/disable in the MinIO Tenant. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

bucketDNS +boolean

Optional
+Specify true to allow clients to access buckets using the +DNS path <bucket>.minio.default.svc.cluster.local. +Defaults to false.

domains +TenantDomains

Optional
+Specify a list of domains used to access MinIO and Console.

enableSFTP +boolean

Optional
+Starts minio server with SFTP support

+ +## HealthStatus (string) + +HealthStatus represents whether the tenant is healthy, with decreased +service or offline + +- [TenantStatus](#tenantstatus) + +## KESConfig + +KESConfig (`kes`) defines the configuration of the [MinIO Key Encryption +Service](https://github.com/minio/kes) (KES) StatefulSet deployed as +part of the MinIO Tenant. KES supports Server-Side Encryption of objects +using an external Key Management Service (KMS). + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

replicas +integer

Optional
+Specify the number of replica KES pods to deploy in the tenant. Defaults +to 2.

image +string

Optional
+

imagePullPolicy +PullPolicy

Optional
+The pull policy for the MinIO Docker image. Specify one of the +following:
+* Always
+* Never
+* IfNotPresent (Default)
+Refer to the Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images

serviceAccountName +string

Optional
+The Kubernetes +Service Account to use for running MinIO KES pods created as part of +the Tenant.
+

kesSecret +LocalObjectReference

Required
+Specify a Kubernetes +opaque secret which contains environment variables to use for +setting up the MinIO KES service.
+See the MinIO +Operator console-secret.yaml for an example.

externalCertSecret +LocalCertificateReference

Optional
+Enables TLS with SNI support on each MinIO KES pod in the tenant. If +externalCertSecret is omitted and +spec.requestAutoCert is set to false, MinIO +KES pods deploy without TLS enabled.
+Specify a Kubernetes +TLS secret. The MinIO Operator copies the specified certificate to +every MinIO pod in the tenant. When the MinIO pod/service responds to a +TLS connection request, it uses SNI to select the certificate with +matching subjectAlternativeName.
+Specify an object containing the following fields:
+* - name - The name of the Kubernetes secret containing the +TLS certificate.
+* - type - Specify kubernetes.io/tls
+See the MinIO +Operator CRD reference for examples and more complete documentation +on configuring TLS for MinIO Tenants.

clientCertSecret +LocalCertificateReference

Optional
+Specify a a Kubernetes +TLS secret containing a custom root Certificate Authority and x.509 +certificate to use for performing mTLS authentication with an external +Key Management Service, such as Hashicorp Vault.
+Specify an object containing the following fields:
+* - name - The name of the Kubernetes secret containing the +Certificate Authority and x.509 Certificate.
+* - type - Specify kubernetes.io/tls
+

gcpCredentialSecretName +string

Optional
+Specify the GCP default credentials to be used for KES to authenticate +to GCP key store

gcpWorkloadIdentityPool +string

Optional
+Specify the name of the workload identity pool (This is required for +generating service account token)

annotations +object (keys:string, values:string)

Optional
+If provided, use these annotations for KES Object Meta +annotations

labels +object (keys:string, values:string)

Optional
+If provided, use these labels for KES Object Meta labels

resources +ResourceRequirements

Optional
+Object specification for specifying CPU and memory resource +allocations or limits in the MinIO tenant.
+

nodeSelector +object (keys:string, values:string)

Optional
+The filter for the Operator to apply when selecting which nodes on which +to deploy MinIO KES pods. The Operator only selects those nodes whose +labels match the specified selector.
+See the Kubernetes documentation on Assigning +Pods to Nodes for more information.

tolerations +Toleration +array

Optional
+Specify one or more Kubernetes +tolerations to apply to MinIO KES pods.

affinity +Affinity

Optional
+Specify node affinity, pod affinity, and pod anti-affinity for the KES +pods.
+

topologySpreadConstraints +TopologySpreadConstraint +array

Optional
+Specify one or more Kubernetes +Topology Spread Constraints to apply to pods deployed in the MinIO +pool.

keyName +string

Optional
+If provided, use this as the name of the key that KES creates on the KMS +backend

securityContext +PodSecurityContext

Specify the Security +Context of MinIO KES pods. The Operator supports only the following +pod security fields:
+* fsGroup
+* fsGroupChangePolicy
+* runAsGroup
+* runAsNonRoot
+* runAsUser
+* seLinuxOptions
+

env +EnvVar +array

Optional
+If provided, the MinIO Operator adds the specified environment variables +when deploying the KES resource.

+ +## LocalCertificateReference + +LocalCertificateReference (`externalCertSecret`, +`externalCaCertSecret`,`clientCertSecret`) contains a Kubernetes secret +containing TLS certificates or Certificate Authority files for use with +enabling TLS in the MinIO Tenant. + +- [KESConfig](#kesconfig) + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + +
FieldDescription

name +string

Required
+The name of the Kubernetes secret containing the TLS certificate or +Certificate Authority file.
+

type +string

Required
+The type of Kubernetes secret. Specify +kubernetes.io/tls
+

+ +## Logging + +Logging describes Logging for MinIO tenants. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

json +boolean

anonymous +boolean

quiet +boolean

+ +## Pool + +Pool (`pools`) defines a MinIO server pool on a Tenant. Each pool +consists of a set of MinIO server pods which "pool" their storage +resources for supporting object storage and retrieval requests. Each +server pool is independent of all others and supports horizontal scaling +of available storage resources in the MinIO Tenant. +See the [MinIO Operator +CRD](https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-minio-tenant.html#procedure-command-line) +reference for the `pools` object for examples and more complete +documentation. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

name +string

Optional
+Specify the name of the pool. The Operator automatically generates the +pool name if this field is omitted.

servers +integer

Required The number of +MinIO server pods to deploy in the pool. The minimum value is +2. The MinIO Operator requires a minimum of 4 +volumes per pool. Specifically, the result of +pools.servers X pools.volumesPerServer must be greater than +4.
+

volumesPerServer +integer

Required
+The number of Persistent Volume Claims to generate for each MinIO server +pod in the pool.
+The MinIO Operator requires a minimum of 4 volumes per +pool. Specifically, the result of +pools.servers X pools.volumesPerServer must be greater than +4.
+

volumeClaimTemplate +PersistentVolumeClaim

Required
+Specify the configuration options for the MinIO Operator to use when +generating Persistent Volume Claims for the MinIO tenant.
+

resources +ResourceRequirements

Optional
+Object specification for specifying CPU and memory resource +allocations or limits in the MinIO tenant.
+

nodeSelector +object (keys:string, values:string)

Optional
+The filter for the Operator to apply when selecting which nodes on which +to deploy pods in the pool. The Operator only selects those nodes whose +labels match the specified selector.
+See the Kubernetes documentation on Assigning +Pods to Nodes for more information.

affinity +Affinity

Optional
+Specify node affinity, pod affinity, and pod anti-affinity for pods in +the MinIO pool.
+

tolerations +Toleration +array

Optional
+Specify one or more Kubernetes +tolerations to apply to pods deployed in the MinIO pool.

topologySpreadConstraints +TopologySpreadConstraint +array

Optional
+Specify one or more Kubernetes +Topology Spread Constraints to apply to pods deployed in the MinIO +pool.

securityContext +PodSecurityContext

Optional
+Specify the Security +Context of pods in the pool. The Operator supports only the +following pod security fields:
+* fsGroup
+* fsGroupChangePolicy
+* runAsGroup
+* runAsNonRoot
+* runAsUser
+

containerSecurityContext +SecurityContext

Specify the Security +Context of containers in the pool. The Operator supports only the +following container security fields:
+* runAsGroup
+* runAsNonRoot
+* runAsUser
+

annotations +object (keys:string, values:string)

Optional
+Specify custom labels and annotations to append to the Pool. +Optional
+If provided, use these annotations for the Pool Objects Meta annotations +(Statefulset and Pod template)

labels +object (keys:string, values:string)

Optional
+If provided, use these labels for the Pool Objects Meta annotations +(Statefulset and Pod template)

runtimeClassName +string

Optional
+If provided, each pod on the Statefulset will run with the specified +RuntimeClassName, for more info https://kubernetes.io/docs/concepts/containers/runtime-class/

+ +## PoolState (string) + +PoolState represents the state of a pool + +- [PoolStatus](#poolstatus) + +## PoolStatus + +PoolStatus keeps track of all the pools and their current state + +- [TenantStatus](#tenantstatus) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

ssName +string

state +PoolState

legacySecurityContext +boolean

LegacySecurityContext stands for Legacy +SecurityContext. It represents that these pool was created before v4.2.3 +when we introduced the default securityContext as non-root, thus we +should keep running this Pool without a Security Context

+ +## ServiceMetadata + +ServiceMetadata (`serviceMetadata`) defines custom labels and +annotations for the MinIO Object Storage service and/or MinIO Console +service. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

minioServiceLabels +object (keys:string, values:string)

Optional
+If provided, append these labels to the MinIO service

minioServiceAnnotations +object (keys:string, values:string)

Optional
+If provided, append these annotations to the MinIO service

consoleServiceLabels +object (keys:string, values:string)

Optional
+If provided, append these labels to the Console service

consoleServiceAnnotations +object (keys:string, values:string)

Optional
+If provided, append these annotations to the Console service

+ +## SideCars + +SideCars (`sidecars`) defines a list of containers that the Operator +attaches to each MinIO server pods in the `pool`. + +- [TenantSpec](#tenantspec) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

containers +Container +array

Optional
+List of containers to run inside the Pod

volumeClaimTemplates +PersistentVolumeClaim +array

Optional
+volumeClaimTemplates is a list of claims that pods are allowed to +reference. The StatefulSet controller is responsible for mapping network +identities to claims in a way that maintains the identity of a pod. +Every claim in this list must have at least one matching (by name) +volumeMount in one container in the template. A claim in this list takes +precedence over any volumes in the template, with the same +name.

volumes +Volume +array

Optional
+List of volumes that can be mounted by containers belonging to the pod. +More info: https://kubernetes.io/docs/concepts/storage/volumes

resources +ResourceRequirements

Optional
+sidecar’s Resource, initcontainer will use that if set.

+ +## Tenant + +Tenant is a [Kubernetes +object](https://kubernetes.io/docs/concepts/overview/working-with-objects/kubernetes-objects/) +describing a MinIO Tenant. + +- [TenantList](#tenantlist) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

apiVersion +string

Operator CRD v2 Reference

kind +string

Tenant

metadata +ObjectMeta

Refer to Kubernetes API documentation +for fields of metadata.

scheduler +TenantScheduler

spec +TenantSpec

Required
+The root field for the MinIO Tenant object.

+ +## TenantDomains + +TenantDomains (`domains`) - List of domains used to access the tenant +from outside the kubernetes clusters. this will only configure MinIO for +the domains listed, but external DNS configuration is still needed. The +listed domains should include schema and port if any is used, i.e. + + +- [Features](#features) + + ++++ + + + + + + + + + + + + + + + + +
FieldDescription

minio +string array

List of Domains used by MinIO. This +will enable DNS style access to the object store where the bucket name +is inferred from a subdomain in the domain.

console +string

Domain used to expose the MinIO +Console, this will configure the redirect on MinIO when visiting from +the browser If Console is exposed via a subpath, the domain should +include it, i.e. https://console.domain.com:8123/subpath/

+ +## TenantScheduler + +TenantScheduler (`scheduler`) - Object describing Kubernetes Scheduler +to use for deploying the MinIO Tenant. + +- [Tenant](#tenant) + + ++++ + + + + + + + + + + + + +
FieldDescription

name +string

Optional
+Specify the name of the Kubernetes +scheduler to be used to schedule Tenant pods

+ +## TenantSpec + +TenantSpec (`spec`) defines the configuration of a MinIO Tenant +object. +The following parameters are specific to the `Operator CRD v2 Reference` MinIO CRD +API `spec` definition added as part of the MinIO Operator v4.0.0. +For more complete documentation on this object, see the [MinIO +Kubernetes +Documentation](https://min.io/docs/minio/kubernetes/upstream/operations/installation.html). + +- [Tenant](#tenant) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

pools +Pool +array

Required
+An array of objects describing each MinIO server pool deployed in the +MinIO Tenant. Each pool consists of a set of MinIO server pods which +"pool" their storage resources for supporting object storage and +retrieval requests. Each server pool is independent of all others and +supports horizontal scaling of available storage resources in the MinIO +Tenant.
+The MinIO Tenant spec must have at least +one element in the pools array.
+See the MinIO +Operator CRD reference for the pools object for +examples and more complete documentation.

image +string

Optional
+

imagePullSecret +LocalObjectReference

Optional
+Specify the secret key to use for pulling images from a private Docker +repository.
+

podManagementPolicy +PodManagementPolicyType

Optional
+Pod Management Policy for pod created by StatefulSet

credsSecret +LocalObjectReference

optional
+Specify a Kubernetes +opaque secret to use for setting the MinIO root access key and +secret key. Specify the secret as name: <secret>. The +Kubernetes secret must contain the following fields:
+* data.accesskey - The access key for the root +credentials
+* data.secretkey - The secret key for the root +credentials
+

env +EnvVar +array

Optional
+If provided, the MinIO Operator adds the specified environment variables +when deploying the Tenant resource.

externalCertSecret +LocalCertificateReference +array

Optional
+Enables TLS with SNI support on each MinIO pod in the tenant. If +externalCertSecret is omitted and +requestAutoCert is set to false, the MinIO +Tenant deploys without TLS enabled.
+Specify an array of Kubernetes +TLS secrets. The MinIO Operator copies the specified certificates to +every MinIO server pod in the tenant. When the MinIO pod/service +responds to a TLS connection request, it uses SNI to select the +certificate with matching subjectAlternativeName.
+Each element in the externalCertSecret array is an object +containing the following fields:
+* - name - The name of the Kubernetes secret containing the +TLS certificate.
+* - type - Specify kubernetes.io/tls
+See the MinIO +Operator CRD reference for examples and more complete documentation +on configuring TLS for MinIO Tenants.

externalCaCertSecret +LocalCertificateReference +array

Optional
+Allows MinIO server pods to verify client TLS certificates signed by a +Certificate Authority not in the pod’s trust store.
+Specify an array of Kubernetes +TLS secrets. The MinIO Operator copies the specified certificates to +every MinIO server pod in the tenant.
+Each element in the externalCertSecret array is an object +containing the following fields:
+* - name - The name of the Kubernetes secret containing the +Certificate Authority.
+* - type - Specify kubernetes.io/tls.
+See the MinIO +Operator CRD reference for examples and more complete documentation +on configuring TLS for MinIO Tenants.

externalClientCertSecret +LocalCertificateReference

Optional
+Enables mTLS authentication between the MinIO Tenant pods and MinIO KES. +Required for enabling connectivity between the MinIO +Tenant and MinIO KES.
+Specify a Kubernetes +TLS secrets. The MinIO Operator copies the specified certificate to +every MinIO server pod in the tenant. The secret must +contain the following fields:
+* name - The name of the Kubernetes secret containing the +TLS certificate.
+* type - Specify kubernetes.io/tls
+The specified certificate must correspond to an +identity on the KES server. See the KES +Wiki for more information on KES identities.
+If deploying KES with the MinIO Operator, include the hash of the +certificate as part of the kes +object specification.
+See the MinIO +Operator CRD reference for examples and more complete documentation +on configuring TLS for MinIO Tenants.

externalClientCertSecrets +LocalCertificateReference +array

Optional
+Provide support for mounting additional client certificate into MinIO +Tenant pods Multiple client certificates will be mounted using the +following folder structure:
+* certs
+* * client-0
+* * * client.crt
+* * * client.key
+* * client-1
+* * * client.crt
+* * * client.key
+* * * client-2
+* * client.crt
+* * * client.key
+Specify a Kubernetes +TLS secrets. The MinIO Operator copies the specified certificate to +every MinIO server pod in the tenant that later can be referenced using +environment variables. The secret must contain the +following fields:
+* name - The name of the Kubernetes secret containing the +TLS certificate.
+* type - Specify kubernetes.io/tls
+

mountPath +string

Optional
+Mount path for MinIO volume (PV). Defaults to +/export

subPath +string

Optional
+Subpath inside mount path. This is the directory where MinIO stores +data. Default to ""` (empty)

requestAutoCert +boolean

Optional
+Enables using Kubernetes-based +TLS certificate generation and signing for pods and services in the +MinIO Tenant.
+* Specify true to explicitly enable automatic certificate +generate (Default).
+* Specify false to disable automatic certificate +generation.
+If requestAutoCert is set to false +and externalCertSecret is omitted, the +MinIO Tenant deploys without TLS enabled. See the MinIO +Operator CRD reference for examples and more complete documentation +on configuring TLS for MinIO Tenants.

liveness +Probe

Liveness Probe for container liveness. +Container will be restarted if the probe fails.

readiness +Probe

Readiness Probe for container +readiness. Container will be removed from service endpoints if the probe +fails.

startup +Probe

Startup Probe allows to configure a max +grace period for a pod to start before getting traffic routed to +it.

features +Features

S3 related features can be disabled or +enabled such as bucketDNS etc.

certConfig +CertificateConfig

Optional
+Enables setting the CommonName, Organization, +and dnsName attributes for all TLS certificates +automatically generated by the Operator. Configuring this object has no +effect if requestAutoCert is false.
+

kes +KESConfig

Optional
+Directs the MinIO Operator to deploy the MinIO Key Encryption Service +(KES) using the specified configuration. The MinIO KES supports +performing server-side encryption of objects on the MiNIO Tenant.
+

prometheusOperator +boolean

Optional
+Directs the MinIO Operator to use prometheus operator.
+Tenant scrape configuration will be added to prometheus managed by the +prometheus-operator.

serviceAccountName +string

Optional
+The Kubernetes +Service Account to use for running MinIO pods created as part of the +Tenant.
+

priorityClassName +string

Optional
+Indicates the Pod priority and therefore importance of a Pod relative to +other Pods in the cluster. This is applied to MinIO pods only.
+Refer Kubernetes Priority +Class documentation for more complete documentation.

imagePullPolicy +PullPolicy

Optional
+The pull policy for the MinIO Docker image. Specify one of the +following:
+* Always
+* Never
+* IfNotPresent (Default)
+Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images

sideCars +SideCars

Optional
+A list of containers to run as sidecars along every MinIO Pod deployed +in the tenant.

exposeServices +ExposeServices

Optional
+Directs the Operator to expose the MinIO and/or Console services.
+

serviceMetadata +ServiceMetadata

Optional
+Specify custom labels and annotations to append to the MinIO service +and/or Console service.

users +LocalObjectReference +array

Optional
+An array of Kubernetes +opaque secrets to use for generating MinIO users during tenant +provisioning.
+Each element in the array is an object consisting of a key-value pair +name: <string>, where the <string> +references an opaque Kubernetes secret.
+Each referenced Kubernetes secret must include the following +fields:
+* CONSOLE_ACCESS_KEY - The "Username" for the MinIO +user
+* CONSOLE_SECRET_KEY - The "Password" for the MinIO +user
+The Operator creates each user with the consoleAdmin policy +by default. You can change the assigned policy after the Tenant +starts.
+

buckets +Bucket +array

Optional
+Create buckets when creating a new tenant. Skip if bucket with given +name already exists

logging +Logging

Optional
+Enable JSON, Anonymous logging for MinIO tenants.

configuration +LocalObjectReference

Optional
+Specify a secret that contains additional environment variable +configurations to be used for the MinIO pools. The secret is expected to +have a key named config.env containing all exported environment +variables for MinIO+

initContainers +Container +array

Optional
+Add custom initContainers to StatefulSet

additionalVolumes +Volume +array

Optional
+If provided, statefulset will add these volumes. You should set the +rules for the corresponding volumes and volume mounts. We will not test +this rule, k8s will show the result.

additionalVolumeMounts +VolumeMount +array

Optional
+If provided, statefulset will add these volumes. You should set the +rules for the corresponding volumes and volume mounts. We will not test +this rule, k8s will show the result.

+ +## TenantUsage + +TenantUsage are metrics regarding the usage and capacity of the tenant + +- [TenantStatus](#tenantstatus) + + ++++ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldDescription

capacity +integer

Capacity the usage capacity of this +tenant in bytes.

rawCapacity +integer

Capacity the raw capacity of this +tenant in bytes.

usage +integer

Usage is how much data is managed by +MinIO in bytes.

rawUsage +integer

Usage is the raw usage on disks in +bytes.

tiers +TierUsage +array

Tiers includes the usage of individual +tiers in the tenant

+ +## TierUsage + +TierUsage represents the usage from a tier setup by the tenant + +- [TenantUsage](#tenantusage) + + ++++ + + + + + + + + + + + + + + + + + + + + +
FieldDescription

Name +string

Name of the tier

Type +string

type of the tier

totalSize +integer

TotalSize usage of the tier

diff --git a/source/index.rst b/source/index.rst index ef54f66d..a8907e3a 100644 --- a/source/index.rst +++ b/source/index.rst @@ -209,6 +209,7 @@ Any file uploaded to ``play`` should be considered public and non-protected. MinIO Admin Client Integrations /reference/kubectl-minio-plugin + /reference/operator-crd .. toctree:: :titlesonly: diff --git a/source/reference/operator-crd.rst b/source/reference/operator-crd.rst new file mode 100644 index 00000000..8c80bdd4 --- /dev/null +++ b/source/reference/operator-crd.rst @@ -0,0 +1,21 @@ +.. _minio-operator-crd: + +================================ +MinIO Custom Resource Definition +================================ + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + + +The MinIO Operator installs a :kube-docs:`Custom Resource Definition (CRD) ` that describes a MinIO Tenant object. +The Operator uses this CRD for provisioning and managing Tenant resources within a Kubernetes cluster. + +This page documents the CRD reference for use in customizing Operator-deployed Tenants. +This documentation assumes familiarity with all referenced Kubernetes concepts, utilities, and procedures. + +.. include:: /includes/k8s/ext-tenant-crd.md + :parser: myst_parser.sphinx_ \ No newline at end of file diff --git a/source/url-excludes.yaml b/source/url-excludes.yaml index 7efe7756..65470b85 100644 --- a/source/url-excludes.yaml +++ b/source/url-excludes.yaml @@ -23,6 +23,7 @@ excludes: - 'reference/kubectl-minio-plugin/kubectl-minio-tenant-upgrade.rst' - 'reference/kubectl-minio-plugin/kubectl-minio-tenant.rst' - 'reference/kubectl-minio-plugin/kubectl-minio-version.rst' +- 'reference/operator-crd.rst' --- tag: macos excludes: @@ -39,6 +40,7 @@ excludes: - 'reference/minio-server*' - 'reference/minio-mc*' - 'reference/deprecated/*' +- 'reference/operator-crd.rst' - 'developers/*' - 'integrations/*' --- @@ -67,6 +69,7 @@ excludes: - 'reference/minio-server*' - 'reference/minio-mc*' - 'reference/deprecated/*' +- 'reference/operator-crd.rst' - 'developers/*' - 'integrations/*' --- @@ -89,6 +92,7 @@ excludes: - 'reference/minio-server*' - 'reference/minio-mc*' - 'reference/deprecated/*' +- 'reference/operator-crd.rst' - 'developers/*' - 'integrations/*' --- diff --git a/sync-minio-operator-crd.sh b/sync-minio-operator-crd.sh new file mode 100755 index 00000000..ee03a4c0 --- /dev/null +++ b/sync-minio-operator-crd.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +set -e + +function main() { + OPERATOR=$(curl --retry 10 -Ls -o /dev/null -w "%{url_effective}" https://github.com/minio/operator/releases/latest | sed "s/https:\/\/github.com\/minio\/operator\/releases\/tag\///" | sed "s/v//"); + + curl --retry 10 -Ls https://raw.githubusercontent.com/minio/operator/v${OPERATOR}/docs/tenant_crd.adoc | asciidoc -b docbook - | pandoc -f docbook -t markdown_strict - -o source/includes/k8s/ext-tenant-crd.md + + # To make the include nicer, this strips out the top H1 and reorders all headers thereafter + + KNAME=$(uname -s) + case "${KNAME}" in + "Darwin") + sed -i '' 's%# API Reference%%g' source/includes/k8s/ext-tenant-crd.md + sed -i '' 's%minio.min.io/v2%Operator CRD v2 Reference%g' source/includes/k8s/ext-tenant-crd.md + sed -i '' 's%k8s-api-github-com-minio-operator-pkg-apis-minio-min-io-v2-%%g' source/includes/k8s/ext-tenant-crd.md + sed -i '' 's%# % %g' source/includes/k8s/ext-tenant-crd.md;; + *) + sed -i 's%# API Reference%%g' source/includes/k8s/ext-tenant-crd.md + sed -i 's%minio.min.io/v2%Operator CRD v2 Reference%g' source/includes/k8s/ext-tenant-crd.md + sed -i 's%k8s-api-github-com-minio-operator-pkg-apis-minio-min-io-v2-%%g' source/includes/k8s/ext-tenant-crd.md + sed -i 's%# % %g' source/includes/k8s/ext-tenant-crd.md;; + esac +} + +main \ No newline at end of file