Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

No more operator tls #1515

Merged
merged 2 commits into from
Mar 21, 2023
Merged

No more operator tls #1515

merged 2 commits into from
Mar 21, 2023

Conversation

pjuarezd
Copy link
Member

@pjuarezd pjuarezd commented Mar 19, 2023
edited
Loading

Motivation

This is the continuation of Introduce Sidecar Args, Move Bucket DNS feature to Sidecar, remove Tenant V1:

Because of those changes, Tenants no longer need to communicate with Operator webservers over TLS to get startup arguments or create bucket DNS.
As well we deprecated support for tenant V1 CRD, as result of that the conversion webhook have been removed so neither k8s API need to talk to MinIO Operator over TLS.

But we had a few pending items to deprecate the use of a TLS for Operator webservers, those are addressed here:

  • No longer issue/verify the Operator Certficate on a Tenant sync loop
  • Remove need on sync operator-tls secret within tenant namespace
  • Remove MINIO_OPERATOR_TLS_ENABLE env variable

Note: Operator stills handles the TLS certificates creation for Tenants when autoCert is enabled, as well for console when MINIO_CONSOLE_TLS_ENABLE=on and for the STS service when OPERATOR_STS_ENABLED=on.
Operator stills reads certificates inside the operator-ca-tls secret and syncs this secret within the tenant namespace, as this is how we ensure we trust certificates with a private CA (Ie: when using cert-manager)

pjuarezd added 2 commits March 19, 2023 03:34
@pjuarezd
No more operator tls
aa9f982 
* No issue a certificate for Operator
* Remove need on `operator-tls` secret
* Remove MINIO_OPERATOR_TLS_ENABLE env variable
@pjuarezd
remove env variable from helm
89d4fab
@pjuarezd pjuarezd self-assigned this Mar 19, 2023
cniackz
cniackz approved these changes Mar 21, 2023
View reviewed changes
Copy link
Contributor

@cniackz cniackz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@dvaldivia dvaldivia merged commit d1abc0d into minio:master Mar 21, 2023
@pjuarezd pjuarezd deleted the remove-operator-tls branch March 21, 2023 00:50
@djwfyi djwfyi mentioned this pull request Mar 30, 2023
Closed
8 tasks
@cniackz cniackz mentioned this pull request Nov 2, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dvaldivia dvaldivia dvaldivia approved these changes

@cniackz cniackz cniackz approved these changes

@dilverse dilverse Awaiting requested review from dilverse

@allanrogerr allanrogerr Awaiting requested review from allanrogerr

@harshavardhana harshavardhana Awaiting requested review from harshavardhana

Assignees

@pjuarezd pjuarezd

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@pjuarezd @cniackz @dvaldivia