Add option to disable TLS on minio

kubectl-minio/cmd/resources/tenant.go

@@ -109,7 +109,7 @@ func storageClass(sc string) *string {
 
 // NewTenant will return a new Tenant for a MinIO Operator
 func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, error) {
-	autoCert := true
+	autoCert := !opts.DisableTLS
 	volumesPerServer := helpers.VolumesPerServer(opts.Volumes, opts.Servers)
 	capacityPerVolume, err := helpers.CapacityPerVolume(opts.Capacity, opts.Volumes)
 	if err != nil {
@@ -135,11 +135,6 @@ func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, err
 			},
 			Pools:           []miniov2.Pool{Pool(opts, volumesPerServer, *capacityPerVolume)},
 			RequestAutoCert: &autoCert,
-			CertConfig: &miniov2.CertificateConfig{
-				CommonName:       "",
-				OrganizationName: []string{},
-				DNSNames:         []string{},
-			},
 			Mountpath:       helpers.MinIOMountPath,
 			KES:             tenantKESConfig(opts.Name, opts.KmsSecret),
 			ImagePullSecret: v1.LocalObjectReference{Name: opts.ImagePullSecret},
@@ -150,6 +145,11 @@ func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, err
 			},
 		},
 	}
+
+	if autoCert {
+		t.Spec.CertConfig = getAutoCertConfig(opts)
+	}
+
 	if opts.EnableAuditLogs {
 		t.Spec.Log = getAuditLogConfig(opts)
 	}
@@ -162,6 +162,14 @@ func NewTenant(opts *TenantOptions, userSecret *v1.Secret) (*miniov2.Tenant, err
 	return t, t.Validate()
 }
 
+func getAutoCertConfig(opts *TenantOptions) *miniov2.CertificateConfig {
+	return &miniov2.CertificateConfig{
+		CommonName:       "",
+		OrganizationName: []string{},
+		DNSNames:         []string{},
+	}
+}
+
 func getAuditLogConfig(opts *TenantOptions) *miniov2.LogConfig {
 	diskSpace := int64(opts.AuditLogsDiskSpace) * humanize.GiByte
 	var logSearchStorageClass *string

kubectl-minio/cmd/tenant-create.go

@@ -59,6 +59,10 @@ func newTenantCreateCmd(out io.Writer, errOut io.Writer) *cobra.Command {
 		Long:    createDesc,
 		Example: createExample,
 		Args: func(cmd *cobra.Command, args []string) error {
+			// The disable-tls parameter default value is false, we cannot rely on the default value binded to the tenantOpts.DisableTLS variable
+			// to identify if the parameter --disable-tls was actually set on the command line.
+			// regardless of which value is being set to the flag, if the flag and ONLY if the flag is present, then we disable TLS
+			c.tenantOpts.DisableTLS = cmd.Flags().Lookup("disable-tls").Changed
 			return c.validate(args)
 		},
 		RunE: func(cmd *cobra.Command, args []string) error {
@@ -82,6 +86,7 @@ func newTenantCreateCmd(out io.Writer, errOut io.Writer) *cobra.Command {
 	f.BoolVar(&c.tenantOpts.DisableAntiAffinity, "enable-host-sharing", false, "[TESTING-ONLY] disable anti-affinity to allow pods to be co-located on a single node (unsupported in production environment)")
 	f.StringVar(&c.tenantOpts.KmsSecret, "kes-config", "", "name of secret for KES KMS setup, refer https://github.com/minio/operator/blob/master/examples/kes-secret.yaml")
 	f.BoolVar(&c.tenantOpts.EnableAuditLogs, "enable-audit-logs", true, "Enable/Disable audit logs")
+	f.BoolVar(&c.tenantOpts.DisableTLS, "disable-tls", false, "Disable TLS")
 	f.Int32Var(&c.tenantOpts.AuditLogsDiskSpace, "audit-logs-disk-space", 5, "(Only used when enable-audit-logs is on) Disk space for audit logs")
 	f.StringVar(&c.tenantOpts.AuditLogsImage, "audit-logs-image", "", "(Only used when enable-audit-logs is on) The Docker image to use for audit logs")
 	f.StringVar(&c.tenantOpts.AuditLogsPGImage, "audit-logs-pg-image", "", "(Only used when enable-audit-logs is on) The PostgreSQL Docker image to use for audit logs")