Open pjuarezd opened 1 month ago
Okay, I've read and understood the instructions. I'll begin by creating a PR to explain the part I'm most familiar with, which is the MinIO Jobs feature. After that, I'll pass it to the team for review. We can add the rest of the requested documentation in separate PRs later on.
Related to https://github.com/minio/operator/pull/2141
This is a check list of breaking changes to remind document for following Operator release, we did something similar with version 5.0.0 here https://github.com/minio/operator/blob/master/docs/notes/v5.0.0.md
Introducing MinIO Job
Sidecar container
TLS refactors
operator-ca-tls
prefixed secrets behavior in operator namespaceOperator STS
v1alpha1
tov1beta1
Fields immutable
spec.pools.*.volumesPerServer
andspec.pools.*.servers
fields are immutable once created, this was introduced in https://github.com/minio/operator/pull/2070 on v5.0.15Field
spec.pools.*.name
is required starting v5.0.15name
Operator sets and how to update the existing tenants to include this field.name
is optional in Helm chart, but helm chart sets a default valueHeadless service port name is now renamed based on TLS settings
Headless service now changes port name from
http-minio
tohttps-minio
when TLS is enabled, this is introduced on https://github.com/minio/operator/pull/2135, be aware to configure Ingress or any other resources that reference this por name accordingly.details
When
.spec.requestAutocert
isfalse
and.spec. externalCertSecret
is empty, then no TLS encryption in transit is enabled for the tenant, and the 3 services created in the namespace have a prefixedhttp-
service port:{tenant-name}-console
exposes porthttp-console
example
```yaml apiVersion: v1 kind: Service metadata: labels: v1.min.io/console: tenant-1-console name: tenant-1-console namespace: tenant-1 spec: allocateLoadBalancerNodePorts: true clusterIP: 10.96.78.111 clusterIPs: - 10.96.78.111 internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: http-console nodePort: 30984 port: 9090 selector: v1.min.io/tenant: tenant-1 type: LoadBalancer ```the same,
minio
exposes porthttp-minio
and headless service{tenant-name}-hl
exposes porthttp-minio
.However, when TLS is enable (because of
.spec.requestAutocert
istrue
or.spec. externalCertSecret
is provided) then the port names for{tenant-name}-console
andminio
services were renamed to have prefixhttps-
.example
```yaml apiVersion: v1 kind: Service metadata: labels: v1.min.io/console: tenant-1-console name: tenant-1-console namespace: tenant-1 spec: allocateLoadBalancerNodePorts: true clusterIP: 10.96.78.111 clusterIPs: - 10.96.78.111 internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: https-console nodePort: 32368 port: 9443 selector: v1.min.io/tenant: tenant-1 type: LoadBalancer ```But headless service port was not renamed, it was kept as
http-minio
, starting this version the 3 services behave the same way and rename the port with ahttps-
prefix.