From 9c0009f1340ec94a3f98540bc923c204fea92cf9 Mon Sep 17 00:00:00 2001 From: Nitish Tiwari Date: Tue, 9 Jun 2020 23:39:08 +0530 Subject: [PATCH] Add Support for Kustomize based scripts to setup Operator (#141) --- README.md | 13 ++-- kustomization.yaml | 4 -- operator-deployment/crd.yaml | 91 ++++++++++++++++++++++++ operator-deployment/deployment.yaml | 25 +++++++ operator-deployment/kustomization.yaml | 63 ++++++++++++++++ operator-deployment/namespace.yaml | 4 ++ operator-deployment/rbac.yaml | 80 +++++++++++++++++++++ operator-deployment/service-account.yaml | 5 ++ 8 files changed, 275 insertions(+), 10 deletions(-) delete mode 100644 kustomization.yaml create mode 100644 operator-deployment/crd.yaml create mode 100644 operator-deployment/deployment.yaml create mode 100644 operator-deployment/kustomization.yaml create mode 100644 operator-deployment/namespace.yaml create mode 100644 operator-deployment/rbac.yaml create mode 100644 operator-deployment/service-account.yaml diff --git a/README.md b/README.md index 7c7a3ca305b..4c965ac2869 100644 --- a/README.md +++ b/README.md @@ -21,20 +21,21 @@ MinIO-Operator brings native MinIO, [MCS](https://github.com/minio/mcs), and [KE - Kubernetes version v1.17.0 and above for compatibility. MinIO Operator uses `k8s/client-go` v0.18.0. - `kubectl` configured to refer to a Kubernetes cluster. - Create the required PVs as [explained here](https://github.com/minio/minio-operator/blob/master/docs/creating-pv-manually.md). +- Optional: `kustomize` installed as [explained here](https://github.com/kubernetes-sigs/kustomize/blob/master/docs/INSTALL.md#installation). -### Create Operator and related resources +### Create Operator Deployment -To start MinIO-Operator, use the `minio-operator.yaml` file. +To start MinIO-Operator with default configuration, use the `minio-operator.yaml` file. ```bash kubectl apply -f https://raw.githubusercontent.com/minio/minio-operator/master/minio-operator.yaml ``` -This will create all relevant resources required for the Operator to work. - -You could install the MinIO Operator a custom namespace by customizing the `minio-operator.yaml` file or using [kustomize](https://github.com/kubernetes-sigs/kustomize) +Advanced users can leverage [kustomize](https://github.com/kubernetes-sigs/kustomize) to customize operator configuration ```bash +git clone https://github.com/minio/minio-operator +cd operator-deployment kustomize build | kubectl apply -f - ``` @@ -50,7 +51,7 @@ kubectl apply -f https://raw.githubusercontent.com/minio/minio-operator/master/e Add an [external service](https://kubernetes.io/docs/concepts/services-networking/service/) in MinIOInstance definition to enable Service based access to the MinIOInstance pods. Refer [the example here](https://github.com/minio/minio-operator/blob/master/examples/minioinstance.yaml?raw=true) for details on how to setup service based access for MinIOInstance pods. -### Expose MinIO via Istio +### Advanced: Expose MinIO via Istio Istio >= 1.4 has support for headless Services, so instead of creating an explicit `Service` for the created MinIO instance, you can also directly target the headless Service that is created by the operator. diff --git a/kustomization.yaml b/kustomization.yaml deleted file mode 100644 index 65fff6680fc..00000000000 --- a/kustomization.yaml +++ /dev/null @@ -1,4 +0,0 @@ -namespace: minio-operator-ns - -resources: - - minio-operator.yaml diff --git a/operator-deployment/crd.yaml b/operator-deployment/crd.yaml new file mode 100644 index 00000000000..c5254f01a5b --- /dev/null +++ b/operator-deployment/crd.yaml @@ -0,0 +1,91 @@ +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + name: minioinstances.operator.min.io +spec: + group: operator.min.io + scope: Namespaced + names: + kind: MinIOInstance + singular: minioinstance + plural: minioinstances + versions: + - name: v1 + served: true + storage: true + schema: + # openAPIV3Schema is the schema for validating custom objects. + # Refer https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/#specifying-a-structural-schema + # for more details + openAPIV3Schema: + type: object + properties: + spec: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + replicas: + type: integer + minimum: 1 + maximum: 32 + image: + type: string + serviceName: + type: string + volumesPerServer: + type: integer + mountPath: + type: string + podManagementPolicy: + type: string + enum: [Parallel,OrderedReady] + default: Parallel + requestAutoCert: + type: boolean + default: false + version: + type: string + mountpath: + type: string + subpath: + type: string + mcs: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + image: + type: string + replicas: + type: integer + default: 2 + mcsSecret: + type: object + properties: + name: + type: string + kes: + type: object + x-kubernetes-preserve-unknown-fields: true + properties: + image: + type: string + replicas: + type: integer + default: 2 + kesSecret: + type: object + properties: + name: + type: string + status: + type: object + properties: + currentState: + type: string + subresources: + # status enables the status subresource. + status: {} + additionalPrinterColumns: + - name: Current State + type: string + jsonPath: ".status.currentState" diff --git a/operator-deployment/deployment.yaml b/operator-deployment/deployment.yaml new file mode 100644 index 00000000000..f2d520697f8 --- /dev/null +++ b/operator-deployment/deployment.yaml @@ -0,0 +1,25 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: minio-operator + namespace: default +spec: + replicas: 1 + selector: + matchLabels: + name: minio-operator + template: + metadata: + labels: + name: minio-operator + spec: + serviceAccountName: minio-operator + containers: + - name: minio-operator + image: minio/k8s-operator:2.0.5 + imagePullPolicy: IfNotPresent + env: + - name: CLUSTER_DOMAIN + value: $(CLUSTER_DOMAIN) + - name: WATCHED_NAMESPACE + value: $(WATCHED_NAMESPACE) diff --git a/operator-deployment/kustomization.yaml b/operator-deployment/kustomization.yaml new file mode 100644 index 00000000000..cbdc2ddd320 --- /dev/null +++ b/operator-deployment/kustomization.yaml @@ -0,0 +1,63 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: minio-operator + +# Configure number of MinIO Operator Deployment Replicas +replicas: + - name: minio-operator + count: 1 + +# Configure repo and tag of MinIO Operator Image +images: + - name: minio/k8s-operator + newName: minio/k8s-operator + newTag: 2.0.5 + +# Configure the Cluster Domain and NameSpace to Watch +configMapGenerator: + - name: operator-env + literals: + - CLUSTER_DOMAIN="cluster.local" + - WATCHED_NAMESPACE="default" + +# Configure the Namespace and ServiceAccount name +patchesJson6902: + - target: + version: v1 + kind: ServiceAccount + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + - target: + version: v1 + kind: Namespace + name: minio-operator + patch: |- + - op: replace + path: /metadata/name + value: "minio-operator" + +vars: + - name: CLUSTER_DOMAIN + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.CLUSTER_DOMAIN + - name: WATCHED_NAMESPACE + objref: + kind: ConfigMap + name: operator-env + apiVersion: v1 + fieldref: + fieldpath: data.WATCHED_NAMESPACE + +resources: + - namespace.yaml + - service-account.yaml + - crd.yaml + - rbac.yaml + - deployment.yaml diff --git a/operator-deployment/namespace.yaml b/operator-deployment/namespace.yaml new file mode 100644 index 00000000000..1002072f374 --- /dev/null +++ b/operator-deployment/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: minio-operator diff --git a/operator-deployment/rbac.yaml b/operator-deployment/rbac.yaml new file mode 100644 index 00000000000..ea3a7961cdc --- /dev/null +++ b/operator-deployment/rbac.yaml @@ -0,0 +1,80 @@ +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: minio-operator-role +rules: +- apiGroups: + - "" + resources: + - namespaces + - secrets + - pods + - services + - events + verbs: + - get + - watch + - create + - list + - delete +- apiGroups: + - apps + resources: + - statefulsets + - deployments + verbs: + - get + - create + - list + - patch + - watch + - update + - delete +- apiGroups: + - batch + resources: + - jobs + verbs: + - get + - create + - list + - patch + - watch + - update + - delete +- apiGroups: + - "certificates.k8s.io" + resources: + - "certificatesigningrequests" + - "certificatesigningrequests/approval" + - "certificatesigningrequests/status" + verbs: + - update + - create + - get + - delete +- apiGroups: + - operator.min.io + resources: + - "*" + verbs: + - "*" +- apiGroups: + - min.io + resources: + - "*" + verbs: + - "*" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1beta1 +metadata: + name: minio-operator-binding +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: minio-operator-role +subjects: +- kind: ServiceAccount + name: minio-operator + namespace: default diff --git a/operator-deployment/service-account.yaml b/operator-deployment/service-account.yaml new file mode 100644 index 00000000000..04b7c1f0592 --- /dev/null +++ b/operator-deployment/service-account.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: minio-operator + namespace: default