Skip to content

Commit

Permalink
Add support for admin ServerUpdate to update containers simultaneously
Browse files Browse the repository at this point in the history
  • Loading branch information
harshavardhana committed Jul 24, 2020
1 parent e5f7fd3 commit e7d0b0c
Show file tree
Hide file tree
Showing 9 changed files with 333 additions and 173 deletions.
3 changes: 2 additions & 1 deletion .gitignore
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
minio-operator
!minio-operator/
.idea/
dist/
dist/
*.test
5 changes: 2 additions & 3 deletions .golangci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ linters-settings:
locale: US

linters:
disable-all: true
enable:
- typecheck
- goimports
Expand All @@ -29,6 +28,6 @@ issues:
linters:
- golint
- deadcode

service:
golangci-lint-version: 1.20.0 # use the fixed version to not introduce new linters unexpectedly
golangci-lint-version: 1.27.0 # use the fixed version to not introduce new linters unexpectedly
8 changes: 3 additions & 5 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -3,13 +3,11 @@ module github.com/minio/minio-operator
go 1.13

require (
github.com/evanphx/json-patch v4.5.0+incompatible // indirect
github.com/golang/protobuf v1.3.3 // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/minio/minio v0.0.0-20200501124117-09571d03a531
github.com/StackExchange/wmi v0.0.0-20190523213315-cbe66965904d // indirect
github.com/go-ole/go-ole v1.2.4 // indirect
github.com/minio/minio v0.0.0-20200723003940-b9be841fd222
github.com/minio/minio-go/v7 v7.0.1
github.com/stretchr/testify v1.4.0
golang.org/x/net v0.0.0-20200505041828-1ed23360d12c // indirect
k8s.io/api v0.18.0
k8s.io/apimachinery v0.18.0
k8s.io/client-go v0.18.0
Expand Down
217 changes: 122 additions & 95 deletions go.sum

Large diffs are not rendered by default.

9 changes: 4 additions & 5 deletions pkg/apis/minio.min.io/v1/constants.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ package v1

import (
"crypto/elliptic"
"runtime"
"time"

appsv1 "k8s.io/api/apps/v1"
Expand Down Expand Up @@ -72,11 +73,9 @@ const MinIOVolumeSubPath = ""
// DefaultMinIOImage specifies the default MinIO Docker hub image
const DefaultMinIOImage = "minio/minio:RELEASE.2020-07-22T00-26-33Z"

// DefaultMinIOAccessKey specifies default access key for Tenant
const DefaultMinIOAccessKey = "AKIAIOSFODNN7EXAMPLE"

// DefaultMinIOSecretKey specifies default secret key for Tenant
const DefaultMinIOSecretKey = "wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY"
// DefaultMinIOUpdateURL specifies the default MinIO URL where binaries are
// pulled from during MinIO upgrades
const DefaultMinIOUpdateURL = "https://dl.min.io/server/minio/release/" + runtime.GOOS + "-" + runtime.GOARCH + "/archive/"

// MinIOHLSvcNameSuffix specifies the suffix added to Tenant name to create a headless service
const MinIOHLSvcNameSuffix = "-hl"
Expand Down
93 changes: 65 additions & 28 deletions pkg/apis/minio.min.io/v1/helper.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,10 @@ import (
"fmt"
"net"
"net/http"
"net/url"
"path"
"strconv"
"strings"
"text/template"
"time"

Expand All @@ -35,6 +37,7 @@ import (
"k8s.io/apimachinery/pkg/runtime/schema"
"k8s.io/klog"

"github.com/minio/minio-go/v7/pkg/credentials"
"github.com/minio/minio/pkg/bucket/policy"
"github.com/minio/minio/pkg/bucket/policy/condition"
iampolicy "github.com/minio/minio/pkg/iam/policy"
Expand Down Expand Up @@ -116,6 +119,24 @@ func (t *Tenant) KESReplicas() int32 {
return replicas
}

const (
minioReleaseTagTimeLayout = "2006-01-02T15-04-05Z"
releasePrefix = "RELEASE"
)

// ReleaseTagToReleaseTime - converts a 'RELEASE.2017-09-29T19-16-56Z.hotfix'
// into the build time
func ReleaseTagToReleaseTime(releaseTag string) (releaseTime time.Time, err error) {
fields := strings.Split(releaseTag, ".")
if len(fields) < 2 || len(fields) > 3 {
return releaseTime, fmt.Errorf("%s is not a valid release tag", releaseTag)
}
if fields[0] != releasePrefix {
return releaseTime, fmt.Errorf("%s is not a valid release tag", releaseTag)
}
return time.Parse(minioReleaseTagTimeLayout, fields[1])
}

// EnsureDefaults will ensure that if a user omits and fields in the
// spec that are required, we set some sensible defaults.
// For example a user can choose to omit the version
Expand Down Expand Up @@ -320,51 +341,71 @@ func (t *Tenant) HasKESMetadata() bool {
return t.Spec.KES != nil && t.Spec.KES.Metadata != nil
}

// CreateMCSUser function creates an admin user
func (t *Tenant) CreateMCSUser(minioSecret, mcsSecret map[string][]byte) error {

var accessKey, secretKey, mcsAccessKey, mcsSecretKey []byte
var ok bool
// UpdateURL returns the URL for the sha256sum location of the new binary
func (t *Tenant) UpdateURL(lrTime time.Time, overrideURL string) (string, error) {
if overrideURL == "" {
overrideURL = DefaultMinIOUpdateURL
}
u, err := url.Parse(overrideURL)
if err != nil {
return "", err
}
u.Path = path.Dir(u.Path) + "/minio." + releasePrefix + "." + lrTime.Format(minioReleaseTagTimeLayout) + ".sha256sum"
return u.String(), nil
}

// NewMinIOAdmin initializes a new madmin.Client for operator interaction
func (t *Tenant) NewMinIOAdmin(minioSecret map[string][]byte) (*madmin.AdminClient, error) {
host := net.JoinHostPort(t.MinIOCIServiceHost(), strconv.Itoa(MinIOPort))
if host == "" {
return errors.New("Console MINIO SERVER is empty")
}

accessKey, ok = minioSecret["accesskey"]
if !ok {
return errors.New("accesskey not provided")
return nil, errors.New("MinIO server host is empty")
}

secretKey, ok = minioSecret["secretkey"]
accessKey, ok := minioSecret["accesskey"]
if !ok {
return errors.New("secretkey not provided")
return nil, errors.New("MinIO server accesskey not set")
}

mcsAccessKey, ok = mcsSecret["MCS_ACCESS_KEY"]
secretKey, ok := minioSecret["secretkey"]
if !ok {
return errors.New("MCS_ACCESS_KEY not provided")
return nil, errors.New("MinIO server secretkey not set")
}

mcsSecretKey, ok = mcsSecret["MCS_SECRET_KEY"]
if !ok {
return errors.New("MCS_SECRET_KEY not provided")
opts := &madmin.Options{
Secure: Scheme == "https",
Creds: credentials.NewStaticV4(string(accessKey), string(secretKey), ""),
}

madmClnt, err := madmin.New(host, string(accessKey), string(secretKey), Scheme == "https")
madmClnt, err := madmin.NewWithOptions(host, opts)
if err != nil {
return err
return nil, err
}

if Scheme == "https" {
if opts.Secure {
// FIXME: add trusted CA
madmClnt = setUpInsecureTLS(madmClnt)
}

return madmClnt, nil
}

// CreateMCSUser function creates an admin user
func (t *Tenant) CreateMCSUser(madmClnt *madmin.AdminClient, mcsSecret map[string][]byte) error {
mcsAccessKey, ok := mcsSecret["MCS_ACCESS_KEY"]
if !ok {
return errors.New("MCS_ACCESS_KEY not provided")
}

mcsSecretKey, ok := mcsSecret["MCS_SECRET_KEY"]
if !ok {
return errors.New("MCS_SECRET_KEY not provided")
}

// add user with a 20 seconds timeout
ctx, cancel := context.WithTimeout(context.Background(), time.Second*20)
defer cancel()

if err = madmClnt.AddUser(ctx, string(mcsAccessKey), string(mcsSecretKey)); err != nil {
if err := madmClnt.AddUser(ctx, string(mcsAccessKey), string(mcsSecretKey)); err != nil {
return err
}

Expand All @@ -389,15 +430,11 @@ func (t *Tenant) CreateMCSUser(minioSecret, mcsSecret map[string][]byte) error {
},
}

if err = madmClnt.AddCannedPolicy(context.Background(), MCSAdminPolicyName, &p); err != nil {
if err := madmClnt.AddCannedPolicy(context.Background(), MCSAdminPolicyName, &p); err != nil {
return err
}

if err = madmClnt.SetPolicy(context.Background(), MCSAdminPolicyName, string(mcsAccessKey), false); err != nil {
return err
}

return nil
return madmClnt.SetPolicy(context.Background(), MCSAdminPolicyName, string(mcsAccessKey), false)
}

// Validate returns an error if any configuration of the MinIO instance is invalid
Expand Down
2 changes: 1 addition & 1 deletion pkg/controller/cluster/csr.go
Original file line number Diff line number Diff line change
Expand Up @@ -216,7 +216,7 @@ func (c *Controller) fetchCertificate(ctx context.Context, csrName string) ([]by
timeout := time.NewTimer(miniov1.DefaultQueryTimeout)
defer tick.Stop()

ch := make(chan os.Signal)
ch := make(chan os.Signal, 1) // should be always un-buffered SA1017
signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
defer signal.Stop(ch)

Expand Down

0 comments on commit e7d0b0c

Please sign in to comment.