Document release notes

[pjuarezd]

This is a check list of breaking changes to remind document for following Operator release, we did something similar with version 5.0.0 here https://github.com/minio/operator/blob/master/docs/notes/v5.0.0.md

Introducing MinIO Job

• Explain what they do
• Examples

Sidecar container

• Why is needed
• Release cycle

TLS refactors

• explain operator-ca-tls prefixed secrets behavior in operator namespace

Operator STS

• Updated from v1alpha1 to v1beta1
• Explain STS is (will be) moved to it's own controller

Fields immutable

• spec.pools.*.volumesPerServer and spec.pools.*.servers fields are immutable once created, this was introduced in https://github.com/minio/operator/pull/2070 on v5.0.15
• Explain why are immutable after creation

Field spec.pools.*.name is required starting v5.0.15

• Explain how to get the default name Operator sets and how to update the existing tenants to include this field.
• [ ] Make sure field name is optional in Helm chart, but helm chart sets a default value

Headless service port name is now renamed based on TLS settings

Headless service now changes port name from http-minio to https-minio when TLS is enabled, this is introduced on https://github.com/minio/operator/pull/2135, be aware to configure Ingress or any other resources that reference this por name accordingly.

details

When .spec.requestAutocert is false and .spec. externalCertSecret is empty, then no TLS encryption in transit is enabled for the tenant, and the 3 services created in the namespace have a prefixed http- service port:

{tenant-name}-console exposes port http-console

example

```yaml apiVersion: v1 kind: Service metadata: labels: v1.min.io/console: tenant-1-console name: tenant-1-console namespace: tenant-1 spec: allocateLoadBalancerNodePorts: true clusterIP: 10.96.78.111 clusterIPs: - 10.96.78.111 internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: http-console nodePort: 30984 port: 9090 selector: v1.min.io/tenant: tenant-1 type: LoadBalancer ```

the same, minio exposes port http-minio and headless service {tenant-name}-hl exposes port http-minio.

However, when TLS is enable (because of .spec.requestAutocert is true or .spec. externalCertSecret is provided) then the port names for {tenant-name}-console and minio services were renamed to have prefix https-.

example

```yaml apiVersion: v1 kind: Service metadata: labels: v1.min.io/console: tenant-1-console name: tenant-1-console namespace: tenant-1 spec: allocateLoadBalancerNodePorts: true clusterIP: 10.96.78.111 clusterIPs: - 10.96.78.111 internalTrafficPolicy: Cluster ipFamilies: - IPv4 ipFamilyPolicy: SingleStack ports: - name: https-console nodePort: 32368 port: 9443 selector: v1.min.io/tenant: tenant-1 type: LoadBalancer ```

But headless service port was not renamed, it was kept as http-minio, starting this version the 3 services behave the same way and rename the port with a https- prefix.

[cniackz]

Okay, I've read and understood the instructions. I'll begin by creating a PR to explain the part I'm most familiar with, which is the MinIO Jobs feature. After that, I'll pass it to the team for review. We can add the rest of the requested documentation in separate PRs later on.

[cniackz]

Related to https://github.com/minio/operator/pull/2141