operator icon indicating copy to clipboard operation
operator copied to clipboard
verified publisher icon minio

Document release notes

Open pjuarezd opened this issue 1 year ago • 2 comments

This is a check list of breaking changes to remind document for following Operator release, we did something similar with version 5.0.0 here https://github.com/minio/operator/blob/master/docs/notes/v5.0.0.md

Introducing MinIO Job

  • Explain what they do
  • Examples

Sidecar container

  • Why is needed
  • Release cycle

TLS refactors

  • explain operator-ca-tls prefixed secrets behavior in operator namespace

Operator STS

  • Updated from v1alpha1 to v1beta1
  • Explain STS is (will be) moved to it's own controller

Fields immutable

  • spec.pools.*.volumesPerServer and spec.pools.*.servers fields are immutable once created, this was introduced in https://github.com/minio/operator/pull/2070 on v5.0.15
  • Explain why are immutable after creation

Field spec.pools.*.name is required starting v5.0.15

  • Explain how to get the default name Operator sets and how to update the existing tenants to include this field.
  • [ ] Make sure field name is optional in Helm chart, but helm chart sets a default value

Headless service port name is now renamed based on TLS settings

Headless service now changes port name from http-minio to https-minio when TLS is enabled, this is introduced on https://github.com/minio/operator/pull/2135, be aware to configure Ingress or any other resources that reference this por name accordingly.

details

When .spec.requestAutocert is false and .spec. externalCertSecret is empty, then no TLS encryption in transit is enabled for the tenant, and the 3 services created in the namespace have a prefixed http- service port:

{tenant-name}-console exposes port http-console

example 
apiVersion: v1
kind: Service
metadata:
  labels:
    v1.min.io/console: tenant-1-console
  name: tenant-1-console
  namespace: tenant-1
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 10.96.78.111
  clusterIPs:
  - 10.96.78.111
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http-console
    nodePort: 30984
    port: 9090
  selector:
    v1.min.io/tenant: tenant-1
  type: LoadBalancer

the same, minio exposes port http-minio and headless service {tenant-name}-hl exposes port http-minio.

However, when TLS is enable (because of .spec.requestAutocert is true or .spec. externalCertSecret is provided) then the port names for {tenant-name}-console and minio services were renamed to have prefix https-.

example 
apiVersion: v1
kind: Service
metadata:
  labels:
    v1.min.io/console: tenant-1-console
  name: tenant-1-console
  namespace: tenant-1
spec:
  allocateLoadBalancerNodePorts: true
  clusterIP: 10.96.78.111
  clusterIPs:
  - 10.96.78.111
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: https-console
    nodePort: 32368
    port: 9443
  selector:
    v1.min.io/tenant: tenant-1
  type: LoadBalancer

But headless service port was not renamed, it was kept as http-minio, starting this version the 3 services behave the same way and rename the port with a https- prefix.

pjuarezd avatar May 28 '24 19:05 pjuarezd

Okay, I've read and understood the instructions. I'll begin by creating a PR to explain the part I'm most familiar with, which is the MinIO Jobs feature. After that, I'll pass it to the team for review. We can add the rest of the requested documentation in separate PRs later on.

cniackz avatar Jun 03 '24 19:06 cniackz

Related to https://github.com/minio/operator/pull/2141

cniackz avatar Jun 03 '24 19:06 cniackz

v6.0.0 is already released, closing this as completed

pjuarezd avatar Aug 07 '24 08:08 pjuarezd

Fyi docs team working through Operator 6 doc updates with this issue: https://github.com/minio/docs/issues/1273

feorlen avatar Aug 07 '24 12:08 feorlen