diff --git a/.goreleaser.yml b/.goreleaser.yml index 347426cea62..c238c236a08 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -3,24 +3,23 @@ project_name: minio-operator release: - name_template: "Version {{.Version}}" - github: - owner: minio - name: operator - extra_files: - - glob: "*.minisig" - - glob: "*.zip" + name_template: "Version {{.Version}}" + github: + owner: minio + name: operator + extra_files: + - glob: "*.minisig" + - glob: "*.zip" before: hooks: - make clean - go generate ./... - - go mod tidy + - go mod tidy -compat=1.17 - go mod download builds: - - - goos: + - goos: - linux goarch: - arm64 @@ -36,8 +35,7 @@ builds: hooks: post: ./package.sh {{ .Path }} - - - id: kubectl-minio + - id: kubectl-minio dir: kubectl-minio binary: kubectl-minio goos: @@ -61,110 +59,128 @@ builds: hooks: post: ./package.sh {{ .Path }} + - id: logsearchapi + dir: logsearchapi + binary: logsearchapi + goos: + - linux + goarch: + - arm64 + - amd64 + - ppc64le + - s390x + env: + - CGO_ENABLED=0 + ldflags: + - -s -w -X main.version={{.Tag}} + flags: + - -trimpath + hooks: + post: ./package.sh {{ .Path }} + archives: - - - allow_different_binary_count: true + - allow_different_binary_count: true format: binary dockers: -- image_templates: - - "minio/operator:{{ .Tag }}-amd64" - use: buildx - goarch: amd64 - dockerfile: Dockerfile - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/amd64" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "minio/operator:{{ .Tag }}-ppc64le" - use: buildx - dockerfile: Dockerfile - goarch: ppc64le - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/ppc64le" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "minio/operator:{{ .Tag }}-s390x" - use: buildx - goarch: s390x - dockerfile: Dockerfile - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/s390x" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "minio/operator:{{ .Tag }}-arm64" - use: buildx - goarch: arm64 - dockerfile: Dockerfile - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/arm64" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "quay.io/minio/operator:{{ .Tag }}-amd64" - use: buildx - goarch: amd64 - dockerfile: Dockerfile - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/amd64" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "quay.io/minio/operator:{{ .Tag }}-ppc64le" - use: buildx - dockerfile: Dockerfile - goarch: ppc64le - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/ppc64le" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "quay.io/minio/operator:{{ .Tag }}-s390x" - use: buildx - goarch: s390x - dockerfile: Dockerfile - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/s390x" - - "--build-arg=TAG={{ .Tag }}" -- image_templates: - - "quay.io/minio/operator:{{ .Tag }}-arm64" - use: buildx - goarch: arm64 - dockerfile: Dockerfile - extra_files: - - LICENSE - - CREDITS - build_flag_templates: - - "--platform=linux/arm64" - - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "minio/operator:{{ .Tag }}-amd64" + use: buildx + goarch: amd64 + dockerfile: Dockerfile + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/amd64" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "minio/operator:{{ .Tag }}-ppc64le" + use: buildx + dockerfile: Dockerfile + goarch: ppc64le + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/ppc64le" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "minio/operator:{{ .Tag }}-s390x" + use: buildx + goarch: s390x + dockerfile: Dockerfile + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/s390x" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "minio/operator:{{ .Tag }}-arm64" + use: buildx + goarch: arm64 + dockerfile: Dockerfile + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/arm64" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "quay.io/minio/operator:{{ .Tag }}-amd64" + use: buildx + goarch: amd64 + dockerfile: Dockerfile + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/amd64" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "quay.io/minio/operator:{{ .Tag }}-ppc64le" + use: buildx + dockerfile: Dockerfile + goarch: ppc64le + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/ppc64le" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "quay.io/minio/operator:{{ .Tag }}-s390x" + use: buildx + goarch: s390x + dockerfile: Dockerfile + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/s390x" + - "--build-arg=TAG={{ .Tag }}" + - image_templates: + - "quay.io/minio/operator:{{ .Tag }}-arm64" + use: buildx + goarch: arm64 + dockerfile: Dockerfile + extra_files: + - LICENSE + - CREDITS + build_flag_templates: + - "--platform=linux/arm64" + - "--build-arg=TAG={{ .Tag }}" docker_manifests: -- name_template: minio/operator:{{ .Tag }} - image_templates: - - minio/operator:{{ .Tag }}-amd64 - - minio/operator:{{ .Tag }}-arm64 - - minio/operator:{{ .Tag }}-ppc64le - - minio/operator:{{ .Tag }}-s390x -- name_template: quay.io/minio/operator:{{ .Tag }} - image_templates: - - quay.io/minio/operator:{{ .Tag }}-amd64 - - quay.io/minio/operator:{{ .Tag }}-arm64 - - quay.io/minio/operator:{{ .Tag }}-ppc64le - - quay.io/minio/operator:{{ .Tag }}-s390x + - name_template: minio/operator:{{ .Tag }} + image_templates: + - minio/operator:{{ .Tag }}-amd64 + - minio/operator:{{ .Tag }}-arm64 + - minio/operator:{{ .Tag }}-ppc64le + - minio/operator:{{ .Tag }}-s390x + - name_template: quay.io/minio/operator:{{ .Tag }} + image_templates: + - quay.io/minio/operator:{{ .Tag }}-amd64 + - quay.io/minio/operator:{{ .Tag }}-arm64 + - quay.io/minio/operator:{{ .Tag }}-ppc64le + - quay.io/minio/operator:{{ .Tag }}-s390x diff --git a/Dockerfile b/Dockerfile index b93ad5956a1..89b1f508cad 100644 --- a/Dockerfile +++ b/Dockerfile @@ -18,5 +18,6 @@ RUN \ microdnf install curl ca-certificates shadow-utils --nodocs COPY minio-operator /minio-operator +COPY logsearchapi /logsearchapi CMD ["/minio-operator"] diff --git a/Makefile b/Makefile index 21c876b8d9c..f69c6d7a08e 100644 --- a/Makefile +++ b/Makefile @@ -22,7 +22,7 @@ PLUGIN_HOME=kubectl-minio LOGSEARCHAPI=logsearchapi LOGSEARCHAPI_TAG ?= "minio/logsearchapi:$(VERSION)" -all: build logsearchapi +all: build getdeps: @echo "Checking dependencies" @@ -35,7 +35,7 @@ operator: @CGO_ENABLED=0 GOOS=linux go build -trimpath --ldflags $(LDFLAGS) -o minio-operator @docker build -t $(TAG) . -build: regen-crd verify plugin operator +build: regen-crd verify plugin logsearchapi operator install: all @@ -85,8 +85,7 @@ logsearchapi: go test -race ./... && \ GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean && \ GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ../.golangci.yml && \ - CGO_ENABLED=0 GOOS=linux go build --ldflags "-s -w" -trimpath -o $(LOGSEARCHAPI)_amd64 && \ - docker buildx build --output=type=docker --platform linux/amd64 -t $(LOGSEARCHAPI_TAG) .) + CGO_ENABLED=0 GOOS=linux go build --ldflags "-s -w" -trimpath -o logsearchapi ) getconsoleuiyaml: @echo "Getting the latest Console UI" diff --git a/UPGRADE.md b/UPGRADE.md index 67edcc622b1..33717fc8b9a 100644 --- a/UPGRADE.md +++ b/UPGRADE.md @@ -3,9 +3,20 @@ Upgrades In this document we will try to document relevant upgrade notes for the MinIO Operator. +v4.4.5 +--- + +The Operator and Logsearch API container have been merged, no new `minio/logsearchapi` images will be built, if your +tenant has a specific MinIO Image specified in `.spec.log.image` you need to update it to use either the upstream ` +minio/operator image or your private registry image. + + v4.2.3 - v4.2.4 --- -In this version we started running the MinIO pods as `non-root` to increase security in the MinIO deployment, however this has the implication that older tenants that were not sepcifying a [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) on a per-pool basis may suddenly stop starting due to file-ownership problems. +In this version we started running the MinIO pods as `non-root` to increase security in the MinIO deployment, however +this has the implication that older tenants that were not sepcifying +a [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) on a per-pool basis may +suddenly stop starting due to file-ownership problems. This problem may be identified on the MinIO logs by seeing a log line like: @@ -14,7 +25,8 @@ Unable to read 'format.json' from https://production-storage-pool-0-1.production .local:9000/export3: file access denied ``` -The solution for an existing tenant is to add a `securityContext` to each pool in the Tenant's `.spec.pools[*].securityContext` field with the following imlpicit default: +The solution for an existing tenant is to add a `securityContext` to each pool in the +Tenant's `.spec.pools[*].securityContext` field with the following imlpicit default: ``` securityContext: @@ -24,5 +36,7 @@ securityContext: runAsUser: 0 ``` -This scenario is automatically handled by the operator, however if the tenant is updated from a pre-stored source (i.e: a yaml file) which is missing the added `securityContext` this problem may arise again, so update your stored yamls respectively. +This scenario is automatically handled by the operator, however if the tenant is updated from a pre-stored source (i.e: +a yaml file) which is missing the added `securityContext` this problem may arise again, so update your stored yamls +respectively. diff --git a/go.mod b/go.mod index 858ba8ca552..31efd59a10d 100644 --- a/go.mod +++ b/go.mod @@ -15,6 +15,7 @@ require ( github.com/prometheus-operator/prometheus-operator/pkg/client v0.46.0 github.com/stretchr/testify v1.7.0 golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e + gopkg.in/yaml.v2 v2.4.0 k8s.io/api v0.20.2 k8s.io/apiextensions-apiserver v0.20.2 k8s.io/apimachinery v0.20.2 @@ -22,7 +23,6 @@ require ( k8s.io/code-generator v0.20.2 k8s.io/klog/v2 v2.4.0 sigs.k8s.io/controller-runtime v0.8.0 - sigs.k8s.io/yaml v1.2.0 ) require ( @@ -106,10 +106,10 @@ require ( gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.57.0 // indirect - gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect k8s.io/gengo v0.0.0-20201113003025-83324d819ded // indirect k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd // indirect k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect + sigs.k8s.io/yaml v1.2.0 // indirect ) diff --git a/logsearchapi/Dockerfile b/logsearchapi/Dockerfile deleted file mode 100644 index 33d4a0d5ea3..00000000000 --- a/logsearchapi/Dockerfile +++ /dev/null @@ -1,19 +0,0 @@ -FROM registry.access.redhat.com/ubi8/ubi-minimal:8.4 - -ARG TARGETARCH -ARG TAG - -LABEL name="MinIO" \ - vendor="MinIO Inc " \ - maintainer="MinIO Inc " \ - version="${TAG}" \ - release="${TAG}" \ - summary="MinIO Operator brings native support for MinIO, Console, and Encryption to Kubernetes." \ - description="MinIO object storage is fundamentally different. Designed for performance and the S3 API, it is 100% open-source. MinIO is ideal for large, private cloud environments with stringent security requirements and delivers mission-critical availability across a diverse range of workloads." - -COPY CREDITS /licenses/CREDITS -COPY LICENSE /licenses/LICENSE - -COPY logsearchapi_${TARGETARCH} /logsearchapi - -CMD ["/logsearchapi"] diff --git a/logsearchapi/docker-buildx.sh b/logsearchapi/docker-buildx.sh deleted file mode 100755 index 75a575d364d..00000000000 --- a/logsearchapi/docker-buildx.sh +++ /dev/null @@ -1,53 +0,0 @@ -#!/bin/bash - -function _init() { - ## All binaries are static make sure to disable CGO. - export CGO_ENABLED=0 - - ## List of architectures and OS to test coss compilation. - SUPPORTED_OSARCH="linux/ppc64le linux/arm64 linux/s390x linux/amd64" -} - -function _build() { - local osarch=$1 - IFS=/ read -r -a arr <<<"$osarch" - os="${arr[0]}" - arch="${arr[1]}" - package=$(go list -f '{{.ImportPath}}') - printf -- "--> %15s:%s\n" "${osarch}" "${package}" - - # go build -trimpath to build the binary. - export GOOS=$os - export GOARCH=$arch - export GO111MODULE=on - go build --ldflags "-s -w" -trimpath -tags kqueue -o "logsearchapi_${arch}" -} - -function main() { - echo "Testing builds for OS/Arch: ${SUPPORTED_OSARCH}" - for each_osarch in ${SUPPORTED_OSARCH}; do - _build "${each_osarch}" - done - - sudo sysctl net.ipv6.conf.wlp59s0.disable_ipv6=1 - - release=$(git describe --abbrev=0 --tags) - - docker buildx build --push --no-cache -t "minio/logsearchapi:${release}" \ - --build-arg TAG="${release}" \ - --platform=linux/arm64,linux/amd64,linux/ppc64le,linux/s390x \ - -f Dockerfile . - - docker buildx prune -f - - docker buildx build --push --no-cache -t "quay.io/minio/logsearchapi:${release}" \ - --build-arg TAG="${release}" \ - --platform=linux/arm64,linux/amd64,linux/ppc64le,linux/s390x \ - -f Dockerfile . - - docker buildx prune -f - - sudo sysctl net.ipv6.conf.wlp59s0.disable_ipv6=0 -} - -_init && main "$@" diff --git a/pkg/apis/minio.min.io/v2/constants.go b/pkg/apis/minio.min.io/v2/constants.go index 6c1aefc536e..96989255269 100644 --- a/pkg/apis/minio.min.io/v2/constants.go +++ b/pkg/apis/minio.min.io/v2/constants.go @@ -147,7 +147,7 @@ const PrometheusHLSvcNameSuffix = "-prometheus-hl-svc" // Log related constants // DefaultLogSearchAPIImage specifies the latest logsearchapi container image -const DefaultLogSearchAPIImage = "minio/logsearchapi:v4.4.4" +const DefaultLogSearchAPIImage = "minio/operator:v4.4.4" // LogPgImage specifies the latest Postgres container image const LogPgImage = "library/postgres:13" diff --git a/pkg/resources/deployments/log-search-api.go b/pkg/resources/deployments/log-search-api.go index 6525fef11ae..e6fa3f5d2cd 100644 --- a/pkg/resources/deployments/log-search-api.go +++ b/pkg/resources/deployments/log-search-api.go @@ -78,6 +78,9 @@ func logSearchAPIContainer(t *miniov2.Tenant) corev1.Container { container := corev1.Container{ Name: miniov2.LogSearchAPIContainerName, Image: logSearchAPIImage, + Command: []string{ + "/logsearchapi", + }, Ports: []corev1.ContainerPort{ { ContainerPort: miniov2.LogSearchAPIPort,