Support reading environment from secret/configmap

docs/tenant_crd.adoc

@@ -108,6 +108,35 @@ CertificateStatus keeps track of all the certificates managed by the operator
 |===
 
 
+[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-configmapkeyselector"]
+==== ConfigMapKeySelector 
+
+Selects a key from a ConfigMap.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvarsource[$$EnvVarSource$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+
+|*`name`* __string__ 
+|Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+TODO: Add other useful fields. apiVersion, kind, uid?
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+|*`key`* __string__ 
+|The key to select.
+
+|===
+
+
 [id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-customcertificateconfig"]
 ==== CustomCertificateConfig 
 
@@ -190,6 +219,63 @@ Certificate Authorities
 |===
 
 
+[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvar"]
+==== EnvVar 
+
+EnvVar represents an environment variable present in a Container.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-tenantspec[$$TenantSpec$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+
+|*`name`* __string__ 
+|Name of the environment variable. Must be a C_IDENTIFIER.
+
+|*`value`* __string__ 
+|Variable references $(VAR_NAME) are expanded
+using the previously defined environment variables in the container and
+any service environment variables. If a variable cannot be resolved,
+the reference in the input string will be unchanged. Double $$ are reduced
+to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+"$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+Escaped references will never be expanded, regardless of whether the variable
+exists or not.
+Defaults to "".
+
+|*`valueFrom`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvarsource[$$EnvVarSource$$]__ 
+|Source for the environment variable's value. Cannot be used if value is not empty.
+
+|===
+
+
+[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvarsource"]
+==== EnvVarSource 
+
+EnvVarSource represents a source for the value of an EnvVar.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvar[$$EnvVar$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+
+|*`configMapKeyRef`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-configmapkeyselector[$$ConfigMapKeySelector$$]__ 
+|Selects a key of a ConfigMap.
+
+|*`secretKeyRef`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-secretkeyselector[$$SecretKeySelector$$]__ 
+|Selects a key of a secret in the pod's namespace
+
+|===
+
+
 [id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-exposeservices"]
 ==== ExposeServices 
 
@@ -689,6 +775,35 @@ Security Context
 |===
 
 
+[id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-secretkeyselector"]
+==== SecretKeySelector 
+
+SecretKeySelector selects a key of a Secret.
+
+.Appears In:
+****
+- xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvarsource[$$EnvVarSource$$]
+****
+
+[cols="25a,75a", options="header"]
+|===
+| Field | Description
+
+|*`name`* __string__ 
+|Name of the referent.
+This field is effectively required, but due to backwards compatibility is
+allowed to be empty. Instances of this type with an empty value here are
+almost certainly wrong.
+TODO: Add other useful fields. apiVersion, kind, uid?
+More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
+TODO: Drop `kubebuilder:default` when controller-gen doesn't need it https://github.com/kubernetes-sigs/kubebuilder/issues/3896.
+
+|*`key`* __string__ 
+|The key of the secret to select from. Must be a valid secret key.
+
+|===
+
+
 [id="{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-servicemetadata"]
 ==== ServiceMetadata 
 
@@ -915,7 +1030,7 @@ Specify the secret key to use for pulling images from a private Docker repositor
 
 Pod Management Policy for pod created by StatefulSet
 
-|*`env`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#envvar-v1-core[$$EnvVar$$] array__ 
+|*`env`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-envvar[$$EnvVar$$] array__ 
 |*Optional* +
 
 

helm/operator/templates/minio.min.io_tenants.yaml

@@ -901,47 +901,17 @@ spec:
  name:
  default: ""
  type: string
- optional:
- type: boolean
  required:
  - key
  type: object
  x-kubernetes-map-type: atomic
- fieldRef:
- properties:
- apiVersion:
- type: string
- fieldPath:
- type: string
- required:
- - fieldPath
- type: object
- x-kubernetes-map-type: atomic
- resourceFieldRef:
- properties:
- containerName:
- type: string
- divisor:
- anyOf:
- - type: integer
- - type: string
- pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
- x-kubernetes-int-or-string: true
- resource:
- type: string
- required:
- - resource
- type: object
- x-kubernetes-map-type: atomic
  secretKeyRef:
  properties:
  key:
  type: string
  name:
  default: ""
  type: string
- optional:
- type: boolean
  required:
  - key
  type: object

pkg/apis/minio.min.io/v2/helper.go

@@ -128,7 +128,7 @@ func GetPrivateKeyFilePath(serviceName string) string {
 func GetNSFromFile() string {
  namespace, err := os.ReadFile("/var/run/secrets/kubernetes.io/serviceaccount/namespace")
  if err != nil {
- return "minio-operator"
+ return os.Getenv("DEV_NAMESPACE")
  }
  return string(namespace)
 }
@@ -523,7 +523,7 @@ func (t *Tenant) HasPrometheusOperatorEnabled() bool {
 }
 
 // GetEnvVars returns the environment variables for tenant deployment.
-func (t *Tenant) GetEnvVars() (env []corev1.EnvVar) {
+func (t *Tenant) GetEnvVars() (env []EnvVar) {
  return t.Spec.Env
 }
 

pkg/apis/minio.min.io/v2/helper_test.go

@@ -395,7 +395,7 @@ func TestTenant_HasEnv(t1 *testing.T) {
  name: "Contains env",
  fields: fields{
  Spec: TenantSpec{
- Env: []corev1.EnvVar{
+ Env: []EnvVar{
  {
  Name: "ENV1",
  Value: "whatever",
@@ -412,7 +412,7 @@ func TestTenant_HasEnv(t1 *testing.T) {
  name: "Does not Contains env",
  fields: fields{
  Spec: TenantSpec{
- Env: []corev1.EnvVar{
+ Env: []EnvVar{
  {
  Name: "ENV1",
  Value: "whatever",

pkg/apis/minio.min.io/v2/types.go

@@ -128,7 +128,7 @@ type TenantSpec struct {
  //
  // If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource.
  // +optional
- Env []corev1.EnvVar `json:"env,omitempty"`
+ Env []EnvVar `json:"env,omitempty"`
 
  // *Optional* +
  //
@@ -910,3 +910,54 @@ type SideCars struct {
  // +optional
  Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
 }
+
+// EnvVar represents an environment variable present in a Container.
+type EnvVar struct {
+ // Name of the environment variable. Must be a C_IDENTIFIER.
+ Name string `json:"name" protobuf:"bytes,1,opt,name=name"`
+
+ // Optional: no more than one of the following may be specified.
+
+ // Variable references $(VAR_NAME) are expanded
+ // using the previously defined environment variables in the container and
+ // any service environment variables. If a variable cannot be resolved,
+ // the reference in the input string will be unchanged. Double $$ are reduced
+ // to a single $, which allows for escaping the $(VAR_NAME) syntax: i.e.
+ // "$$(VAR_NAME)" will produce the string literal "$(VAR_NAME)".
+ // Escaped references will never be expanded, regardless of whether the variable
+ // exists or not.
+ // Defaults to "".
+ // +optional
+ Value string `json:"value,omitempty" protobuf:"bytes,2,opt,name=value"`
+ // Source for the environment variable's value. Cannot be used if value is not empty.
+ // +optional
+ ValueFrom *EnvVarSource `json:"valueFrom,omitempty" protobuf:"bytes,3,opt,name=valueFrom"`
+}
+
+// EnvVarSource represents a source for the value of an EnvVar.
+type EnvVarSource struct {
+ // Selects a key of a ConfigMap.
+ // +optional
+ ConfigMapKeyRef *ConfigMapKeySelector `json:"configMapKeyRef,omitempty" protobuf:"bytes,3,opt,name=configMapKeyRef"`
+ // Selects a key of a secret in the pod's namespace
+ // +optional
+ SecretKeyRef *SecretKeySelector `json:"secretKeyRef,omitempty" protobuf:"bytes,4,opt,name=secretKeyRef"`
+}
+
+// ConfigMapKeySelector selects a key from a ConfigMap.
+// +structType=atomic
+type ConfigMapKeySelector struct {
+ // The ConfigMap to select from.
+ corev1.LocalObjectReference `json:",inline" protobuf:"bytes,1,opt,name=localObjectReference"`
+ // The key to select.
+ Key string `json:"key" protobuf:"bytes,2,opt,name=key"`
+}
+
+// SecretKeySelector selects a key of a Secret.
+// +structType=atomic
+type SecretKeySelector struct {
+ // The name of the secret in the pod's namespace to select from.
+ corev1.LocalObjectReference `json:",inline" protobuf:"bytes,1,opt,name=localObjectReference"`
+ // The key of the secret to select from. Must be a valid secret key.
+ Key string `json:"key" protobuf:"bytes,2,opt,name=key"`
+}