feat: add sidecar resource to Sidecar container (#1754)

* fix: #1543

---------

Co-authored-by: guozhi.li <guozhi.li@daocloud.io>

docs/tenant_crd.adoc

@@ -189,6 +189,10 @@ Features (`features`) - Object describing which MinIO features to enable/disable
 |*Optional* + 
  Specify a list of domains used to access MinIO and Console.
 
+|*`enableSFTP`* __boolean__ 
+|*Optional* + 
+ Starts minio server with SFTP support
+
 |===
 
 
@@ -261,11 +265,11 @@ KESConfig (`kes`) defines the configuration of the https://github.com/minio/kes[
 
 |*`gcpCredentialSecretName`* __string__ 
 |*Optional* + 
-  Specify the GCP default credentials to be used for KES to authenticate to GCP key store
+ Specify the GCP default credentials to be used for KES to authenticate to GCP key store
 
 |*`gcpWorkloadIdentityPool`* __string__ 
 |*Optional* + 
-  Specify the name of the workload identity pool (This is required for generating service account token)
+ Specify the name of the workload identity pool (This is required for generating service account token)
 
 |*`annotations`* __object (keys:string, values:string)__ 
 |*Optional* + 
@@ -550,6 +554,10 @@ SideCars (`sidecars`) defines a list of containers that the Operator attaches to
 |*Optional* + 
  List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes
 
+|*`resources`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#resourcerequirements-v1-core[$$ResourceRequirements$$]__ 
+|*Optional* + 
+ Sidecars Resource
+
 |===
 
 
@@ -708,7 +716,7 @@ TenantSpec (`spec`) defines the configuration of a MinIO Tenant object. +
 |*`externalClientCertSecrets`* __xref:{anchor_prefix}-github-com-minio-operator-pkg-apis-minio-min-io-v2-localcertificatereference[$$LocalCertificateReference$$] array__ 
 |*Optional* + 
  Provide support for mounting additional client certificate into MinIO Tenant pods Multiple client certificates will be mounted using the following folder structure: 
- 	certs 		| 		|			+ client.crt 		|			+ client.key 		|			+ client.crt 		|			+ client.key 		|			+ client.crt 		|			+ client.key 
+ certs | |			+ client.crt |			+ client.key |			+ client.crt |			+ client.key |			+ client.crt |			+ client.key 
  Specify a https://kubernetes.io/docs/concepts/configuration/secret/[Kubernetes TLS secrets]. The MinIO Operator copies the specified certificate to every MinIO server pod in the tenant that later can be referenced using environment variables. The secret *must* contain the following fields: + 
  * `name` - The name of the Kubernetes secret containing the TLS certificate. + 
  * `type` - Specify `kubernetes.io/tls` +
@@ -804,6 +812,10 @@ TenantSpec (`spec`) defines the configuration of a MinIO Tenant object. +
 |*Optional* + 
  Specify a secret that contains additional environment variable configurations to be used for the MinIO pools. The secret is expected to have a key named config.env containing all exported environment variables for MinIO+
 
+|*`initContainers`* __link:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#container-v1-core[$$Container$$] array__ 
+|*Optional* + 
+ Add customs initContainers to StatefulSet
+
 |===
 
 

helm/operator/templates/minio.min.io_tenants.yaml

@@ -3064,6 +3064,37 @@ spec:
                       - name
                       type: object
                     type: array
+                  resources:
+                    properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                    type: object
                   volumeClaimTemplates:
                     items:
                       properties:

pkg/apis/minio.min.io/v2/types.go

@@ -877,4 +877,9 @@ type SideCars struct {
 	// +patchMergeKey=name
 	// +patchStrategy=merge,retainKeys
 	Volumes []corev1.Volume `json:"volumes,omitempty" patchStrategy:"merge,retainKeys" patchMergeKey:"name" protobuf:"bytes,1,rep,name=volumes"`
+	// *Optional* +
+	//
+	// sidecar's Resource, initcontainer will use that if set.
+	// +optional
+	Resources *corev1.ResourceRequirements `json:"resources,omitempty"`
 }

pkg/resources/statefulsets/minio-statefulset.go

@@ -896,6 +896,10 @@ func getInitContainer(t *miniov2.Tenant, operatorImage string, pool *miniov2.Poo
 		},
 		SecurityContext: poolContainerSecurityContext(pool),
 	}
+	// That's ok to use the sidecar's resource
+	if t.Spec.SideCars != nil && t.Spec.SideCars.Resources != nil {
+		initContainer.Resources = *t.Spec.SideCars.Resources
+	}
 	if t.HasConfigurationSecret() {
 		initContainer.VolumeMounts = append(initContainer.VolumeMounts, TmpCfgVolumeMount)
 	}
@@ -924,6 +928,9 @@ func getSideCarContainer(t *miniov2.Tenant, operatorImage string, pool *miniov2.
 		},
 		SecurityContext: poolContainerSecurityContext(pool),
 	}
+	if t.Spec.SideCars != nil && t.Spec.SideCars.Resources != nil {
+		sidecarContainer.Resources = *t.Spec.SideCars.Resources
+	}
 	if t.HasConfigurationSecret() {
 		sidecarContainer.VolumeMounts = append(sidecarContainer.VolumeMounts, TmpCfgVolumeMount)
 	}

resources/base/crds/minio.min.io_tenants.yaml

@@ -3064,6 +3064,37 @@ spec:
                       - name
                       type: object
                     type: array
+                  resources:
+                    properties:
+                      claims:
+                        items:
+                          properties:
+                            name:
+                              type: string
+                          required:
+                          - name
+                          type: object
+                        type: array
+                        x-kubernetes-list-map-keys:
+                        - name
+                        x-kubernetes-list-type: map
+                      limits:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                      requests:
+                        additionalProperties:
+                          anyOf:
+                          - type: integer
+                          - type: string
+                          pattern: ^(\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))(([KMGTPE]i)|[numkMGTPE]|([eE](\+|-)?(([0-9]+(\.[0-9]*)?)|(\.[0-9]+))))?$
+                          x-kubernetes-int-or-string: true
+                        type: object
+                    type: object
                   volumeClaimTemplates:
                     items:
                       properties: