diff --git a/kubectl-minio/cmd/resources/tenant.go b/kubectl-minio/cmd/resources/tenant.go index 24bd303b4df..442a6b9b669 100644 --- a/kubectl-minio/cmd/resources/tenant.go +++ b/kubectl-minio/cmd/resources/tenant.go @@ -109,7 +109,7 @@ func storageClass(sc string) *string { // NewTenant will return a new Tenant for a MinIO Operator func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, error) { - autoCert := true + autoCert := !opts.DisableTLS volumesPerServer := helpers.VolumesPerServer(opts.Volumes, opts.Servers) capacityPerVolume, err := helpers.CapacityPerVolume(opts.Capacity, opts.Volumes) if err != nil { @@ -135,11 +135,6 @@ func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, err }, Pools: []miniov2.Pool{Pool(opts, volumesPerServer, *capacityPerVolume)}, RequestAutoCert: &autoCert, - CertConfig: &miniov2.CertificateConfig{ - CommonName: "", - OrganizationName: []string{}, - DNSNames: []string{}, - }, Mountpath: helpers.MinIOMountPath, KES: tenantKESConfig(opts.Name, opts.KmsSecret), ImagePullSecret: v1.LocalObjectReference{Name: opts.ImagePullSecret}, @@ -150,6 +145,11 @@ func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, err }, }, } + + if autoCert { + t.Spec.CertConfig = getAutoCertConfig(opts) + } + if opts.EnableAuditLogs { t.Spec.Log = getAuditLogConfig(opts) } @@ -162,6 +162,14 @@ func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, err return t, t.Validate() } +func getAutoCertConfig(opts *TenantOptions) *miniov2.CertificateConfig { + return &miniov2.CertificateConfig{ + CommonName: "", + OrganizationName: []string{}, + DNSNames: []string{}, + } +} + func getAuditLogConfig(opts *TenantOptions) *miniov2.LogConfig { diskSpace := int64(opts.AuditLogsDiskSpace) * humanize.GiByte var logSearchStorageClass *string diff --git a/kubectl-minio/cmd/tenant-create.go b/kubectl-minio/cmd/tenant-create.go index 6337ddb05bf..86b5cca0d0e 100644 --- a/kubectl-minio/cmd/tenant-create.go +++ b/kubectl-minio/cmd/tenant-create.go @@ -59,6 +59,10 @@ func newTenantCreateCmd(out io.Writer, errOut io.Writer) *cobra.Command { Long: createDesc, Example: createExample, Args: func(cmd *cobra.Command, args []string) error { + // The disable-tls parameter default value is false, we cannot rely on the default value binded to the tenantOpts.DisableTLS variable + // to identify if the parameter --disable-tls was actually set on the command line. + // regardless of which value is being set to the flag, if the flag and ONLY if the flag is present, then we disable TLS + c.tenantOpts.DisableTLS = cmd.Flags().Lookup("disable-tls").Changed return c.validate(args) }, RunE: func(cmd *cobra.Command, args []string) error { @@ -82,6 +86,7 @@ func newTenantCreateCmd(out io.Writer, errOut io.Writer) *cobra.Command { f.BoolVar(&c.tenantOpts.DisableAntiAffinity, "enable-host-sharing", false, "[TESTING-ONLY] disable anti-affinity to allow pods to be co-located on a single node (unsupported in production environment)") f.StringVar(&c.tenantOpts.KmsSecret, "kes-config", "", "name of secret for KES KMS setup, refer https://github.com/minio/operator/blob/master/examples/kes-secret.yaml") f.BoolVar(&c.tenantOpts.EnableAuditLogs, "enable-audit-logs", true, "Enable/Disable audit logs") + f.BoolVar(&c.tenantOpts.DisableTLS, "disable-tls", false, "Disable TLS") f.Int32Var(&c.tenantOpts.AuditLogsDiskSpace, "audit-logs-disk-space", 5, "(Only used when enable-audit-logs is on) Disk space for audit logs") f.StringVar(&c.tenantOpts.AuditLogsImage, "audit-logs-image", "", "(Only used when enable-audit-logs is on) The Docker image to use for audit logs") f.StringVar(&c.tenantOpts.AuditLogsPGImage, "audit-logs-pg-image", "", "(Only used when enable-audit-logs is on) The PostgreSQL Docker image to use for audit logs")