Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Move Logsearchapi binary to Operator Container Image #998

Merged
merged 5 commits into from
Feb 1, 2022
Merged

Move Logsearchapi binary to Operator Container Image #998

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
3eb5eff
Move Logsearchapi binary to Operator Container Image
dvaldivia Feb 1, 2022
e4023c5
Add to goreleaser
dvaldivia Feb 1, 2022
b438ecf
goreleaser compat
dvaldivia Feb 1, 2022
fee88ae
logserach binary
dvaldivia Feb 1, 2022
4195356
remove mv
dvaldivia Feb 1, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
244 changes: 130 additions & 114 deletions .goreleaser.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,24 +3,23 @@
project_name: minio-operator

release:
name_template: "Version {{.Version}}"
github:
owner: minio
name: operator
extra_files:
- glob: "*.minisig"
- glob: "*.zip"
name_template: "Version {{.Version}}"
github:
owner: minio
name: operator
extra_files:
- glob: "*.minisig"
- glob: "*.zip"

before:
hooks:
- make clean
- go generate ./...
- go mod tidy
- go mod tidy -compat=1.17
- go mod download

builds:
-
goos:
- goos:
- linux
goarch:
- arm64
Expand All @@ -36,8 +35,7 @@ builds:
hooks:
post: ./package.sh {{ .Path }}

-
id: kubectl-minio
- id: kubectl-minio
dir: kubectl-minio
binary: kubectl-minio
goos:
Expand All @@ -61,110 +59,128 @@ builds:
hooks:
post: ./package.sh {{ .Path }}

- id: logsearchapi
dir: logsearchapi
binary: logsearchapi
goos:
- linux
goarch:
- arm64
- amd64
- ppc64le
- s390x
env:
- CGO_ENABLED=0
ldflags:
- -s -w -X main.version={{.Tag}}
flags:
- -trimpath
hooks:
post: ./package.sh {{ .Path }}

archives:
-
allow_different_binary_count: true
- allow_different_binary_count: true
format: binary

dockers:
- image_templates:
- "minio/operator:{{ .Tag }}-amd64"
use: buildx
goarch: amd64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-ppc64le"
use: buildx
dockerfile: Dockerfile
goarch: ppc64le
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/ppc64le"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-s390x"
use: buildx
goarch: s390x
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/s390x"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-arm64"
use: buildx
goarch: arm64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/arm64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-amd64"
use: buildx
goarch: amd64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-ppc64le"
use: buildx
dockerfile: Dockerfile
goarch: ppc64le
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/ppc64le"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-s390x"
use: buildx
goarch: s390x
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/s390x"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-arm64"
use: buildx
goarch: arm64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/arm64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-amd64"
use: buildx
goarch: amd64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-ppc64le"
use: buildx
dockerfile: Dockerfile
goarch: ppc64le
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/ppc64le"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-s390x"
use: buildx
goarch: s390x
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/s390x"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "minio/operator:{{ .Tag }}-arm64"
use: buildx
goarch: arm64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/arm64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-amd64"
use: buildx
goarch: amd64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/amd64"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-ppc64le"
use: buildx
dockerfile: Dockerfile
goarch: ppc64le
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/ppc64le"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-s390x"
use: buildx
goarch: s390x
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/s390x"
- "--build-arg=TAG={{ .Tag }}"
- image_templates:
- "quay.io/minio/operator:{{ .Tag }}-arm64"
use: buildx
goarch: arm64
dockerfile: Dockerfile
extra_files:
- LICENSE
- CREDITS
build_flag_templates:
- "--platform=linux/arm64"
- "--build-arg=TAG={{ .Tag }}"
docker_manifests:
- name_template: minio/operator:{{ .Tag }}
image_templates:
- minio/operator:{{ .Tag }}-amd64
- minio/operator:{{ .Tag }}-arm64
- minio/operator:{{ .Tag }}-ppc64le
- minio/operator:{{ .Tag }}-s390x
- name_template: quay.io/minio/operator:{{ .Tag }}
image_templates:
- quay.io/minio/operator:{{ .Tag }}-amd64
- quay.io/minio/operator:{{ .Tag }}-arm64
- quay.io/minio/operator:{{ .Tag }}-ppc64le
- quay.io/minio/operator:{{ .Tag }}-s390x
- name_template: minio/operator:{{ .Tag }}
image_templates:
- minio/operator:{{ .Tag }}-amd64
- minio/operator:{{ .Tag }}-arm64
- minio/operator:{{ .Tag }}-ppc64le
- minio/operator:{{ .Tag }}-s390x
- name_template: quay.io/minio/operator:{{ .Tag }}
image_templates:
- quay.io/minio/operator:{{ .Tag }}-amd64
- quay.io/minio/operator:{{ .Tag }}-arm64
- quay.io/minio/operator:{{ .Tag }}-ppc64le
- quay.io/minio/operator:{{ .Tag }}-s390x
1 change: 1 addition & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,5 +18,6 @@ RUN \
microdnf install curl ca-certificates shadow-utils --nodocs

COPY minio-operator /minio-operator
COPY logsearchapi /logsearchapi

CMD ["/minio-operator"]
7 changes: 3 additions & 4 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ PLUGIN_HOME=kubectl-minio
LOGSEARCHAPI=logsearchapi
LOGSEARCHAPI_TAG ?= "minio/logsearchapi:$(VERSION)"

all: build logsearchapi
all: build

getdeps:
@echo "Checking dependencies"
Expand All @@ -35,7 +35,7 @@ operator:
@CGO_ENABLED=0 GOOS=linux go build -trimpath --ldflags $(LDFLAGS) -o minio-operator
@docker build -t $(TAG) .

build: regen-crd verify plugin operator
build: regen-crd verify plugin logsearchapi operator

install: all

Expand Down Expand Up @@ -85,8 +85,7 @@ logsearchapi:
go test -race ./... && \
GO111MODULE=on ${GOPATH}/bin/golangci-lint cache clean && \
GO111MODULE=on ${GOPATH}/bin/golangci-lint run --timeout=5m --config ../.golangci.yml && \
CGO_ENABLED=0 GOOS=linux go build --ldflags "-s -w" -trimpath -o $(LOGSEARCHAPI)_amd64 && \
docker buildx build --output=type=docker --platform linux/amd64 -t $(LOGSEARCHAPI_TAG) .)
CGO_ENABLED=0 GOOS=linux go build --ldflags "-s -w" -trimpath -o logsearchapi )

getconsoleuiyaml:
@echo "Getting the latest Console UI"
Expand Down
20 changes: 17 additions & 3 deletions UPGRADE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,20 @@ Upgrades

In this document we will try to document relevant upgrade notes for the MinIO Operator.

v4.4.5
---

The Operator and Logsearch API container have been merged, no new `minio/logsearchapi` images will be built, if your
tenant has a specific MinIO Image specified in `.spec.log.image` you need to update it to use either the upstream `
minio/operator image or your private registry image.


v4.2.3 - v4.2.4
---
In this version we started running the MinIO pods as `non-root` to increase security in the MinIO deployment, however this has the implication that older tenants that were not sepcifying a [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) on a per-pool basis may suddenly stop starting due to file-ownership problems.
In this version we started running the MinIO pods as `non-root` to increase security in the MinIO deployment, however
this has the implication that older tenants that were not sepcifying
a [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) on a per-pool basis may
suddenly stop starting due to file-ownership problems.

This problem may be identified on the MinIO logs by seeing a log line like:

Expand All @@ -14,7 +25,8 @@ Unable to read 'format.json' from https://production-storage-pool-0-1.production
.local:9000/export3: file access denied
```

The solution for an existing tenant is to add a `securityContext` to each pool in the Tenant's `.spec.pools[*].securityContext` field with the following imlpicit default:
The solution for an existing tenant is to add a `securityContext` to each pool in the
Tenant's `.spec.pools[*].securityContext` field with the following imlpicit default:

```
securityContext:
Expand All @@ -24,5 +36,7 @@ securityContext:
runAsUser: 0
```

This scenario is automatically handled by the operator, however if the tenant is updated from a pre-stored source (i.e: a yaml file) which is missing the added `securityContext` this problem may arise again, so update your stored yamls respectively.
This scenario is automatically handled by the operator, however if the tenant is updated from a pre-stored source (i.e:
a yaml file) which is missing the added `securityContext` this problem may arise again, so update your stored yamls
respectively.

4 changes: 2 additions & 2 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,14 @@ require (
github.com/prometheus-operator/prometheus-operator/pkg/client v0.46.0
github.com/stretchr/testify v1.7.0
golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e
gopkg.in/yaml.v2 v2.4.0
k8s.io/api v0.20.2
k8s.io/apiextensions-apiserver v0.20.2
k8s.io/apimachinery v0.20.2
k8s.io/client-go v0.20.2
k8s.io/code-generator v0.20.2
k8s.io/klog/v2 v2.4.0
sigs.k8s.io/controller-runtime v0.8.0
sigs.k8s.io/yaml v1.2.0
)

require (
Expand Down Expand Up @@ -106,10 +106,10 @@ require (
gopkg.in/check.v1 v1.0.0-20200902074654-038fdea0a05b // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.57.0 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b // indirect
k8s.io/gengo v0.0.0-20201113003025-83324d819ded // indirect
k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd // indirect
k8s.io/utils v0.0.0-20201110183641-67b214c5f920 // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
sigs.k8s.io/yaml v1.2.0 // indirect
)
19 changes: 0 additions & 19 deletions logsearchapi/Dockerfile
View file
Open in desktop

This file was deleted.

Loading