Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Operator console changes to allow enabling of SFTP for tenant #1692

Merged
merged 4 commits into from
Jul 25, 2023
Merged

Operator console changes to allow enabling of SFTP for tenant #1692

merged 4 commits into from
Jul 25, 2023

Conversation

shtripat
Copy link
Contributor

@shtripat shtripat commented Jul 20, 2023
edited

Added console changes for enabling SFTP while tenant creation

How to verify the changes

Steps-1: Create a kind cluster with below details

$ cat kind-config.yaml
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
  - role: worker
  - role: worker
  - role: worker
  - role: worker

$ kind create cluster --config kind-config.yaml

Step-2: Build the operator image and load to the kind cluster

$ TAG=minio/operator:sftp make all
$ kind load docker-image docker.io/minio/operator:sftp

Step-3: Prepare the operator.yaml as below

$ kubectl kustomize . > operator-test.yaml

Step-4: Update the operator-test.yaml file and set the operator image names as docker.io/minio/operator:sftp

$ sed -i "s/minio\/operator:v5.0.6/docker.io\/minio\/operator:sftp/g" operator-test.yaml

Step-5: Deploy the operator

$ kubectl apply -f operator-test.yaml

Step-6: Port forward to operator and open operator console

$ kubectl minio proxy

Step-7: Create tenant as per below details
image

image

image

Step-8: You should be able to see <tenant-name>-hl service as below

$ kubectl get svc -A
NAMESPACE        NAME               TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                  AGE
default          kubernetes         ClusterIP      10.96.0.1       <none>        443/TCP                  2d2h
kube-system      kube-dns           ClusterIP      10.96.0.10      <none>        53/UDP,53/TCP,9153/TCP   2d2h
minio-operator   console            ClusterIP      10.96.209.137   <none>        9090/TCP,9443/TCP        5h38m
minio-operator   operator           ClusterIP      10.96.44.57     <none>        4221/TCP                 5h38m
minio-operator   sts                ClusterIP      10.96.155.144   <none>        4223/TCP                 5h38m
tenant-ns        minio              LoadBalancer   10.96.236.190   <pending>     443:30693/TCP            5h35m
tenant-ns        tenant-1-console   LoadBalancer   10.96.243.4     <pending>     9443:30643/TCP           5h35m
tenant-ns        tenant-1-hl        ClusterIP      None            <none>        9000/TCP,8022/TCP        5h35m

Step-9: Port forward to services as below to access through sftp

$ kubectl port-forward service/tenant-1-hl -n tenant-ns 8022
$ kubectl port-forward service/minio -n tenant-ns 9443:443

Step-10: Use sftp to access MinIO bucket/objects

$ kubectl get secrets/tenant-1-user-0 -n tenant-ns -oyaml | yq '.data."CONSOLE_ACCESS_KEY"' | base64 -d
WZaBqLMGYViJ0Sba

$ kubectl get secrets/tenant-1-user-0 -n tenant-ns -oyaml | yq '.data."CONSOLE_SECRET_KEY"' | base64 -d
XMPAlfUUM4rnaAnGTxPKzeYYcBiRlUVr

$ mc alias set m1 https://localhost:9443 WZaBqLMGYViJ0Sba XMPAlfUUM4rnaAnGTxPKzeYYcBiRlUVr --insecure
Added `m1` successfully.

$ mc mb m1/test-bucket --insecure
Bucket created successfully `m1/test-bucket`.

$ mc cp /etc/issue m1/test-bucket --insecure
/etc/issue:                     28 B / 28 B ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 1.00 KiB/s 0s

$ sftp -P 8022 WZaBqLMGYViJ0Sba@localhost
The authenticity of host '[localhost]:8022 ([::1]:8022)' can't be established.
ECDSA key fingerprint is SHA256:wvTkjD8weTabgPkcsl+z1V1WOiKhsHzdtkdtpm3s7Fw.
This key is not known by any other names
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[localhost]:8022' (ECDSA) to the list of known hosts.
WZaBqLMGYViJ0Sba@localhost's password: 
Connected to localhost.
sftp> ls test-bucket/
test-bucket/issue  
sftp> ls test-bucket/issue 
test-bucket/issue    
sftp>

@shtripat
Enable sftp for tenant from operator console
69b5f33 
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
@shtripat shtripat marked this pull request as ready for review July 20, 2023 17:37
jiuker

This comment was marked as off-topic.

Sign in to view

@shtripat

This comment was marked as off-topic.

Sign in to view
@shtripat shtripat changed the title Sftp console Operator console changes to allow enabling of SFTP for tenant Jul 21, 2023
@jiuker

This comment was marked as off-topic.

Sign in to view
@shtripat

This comment was marked as off-topic.

Sign in to view
@jiuker

This comment was marked as off-topic.

Sign in to view
@shtripat

This comment was marked as off-topic.

Sign in to view
jiuker
jiuker previously approved these changes Jul 21, 2023
View reviewed changes
Copy link
Contributor

@jiuker jiuker left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

anjalshireesh
anjalshireesh reviewed Jul 21, 2023
View reviewed changes
Copy link
Contributor

@anjalshireesh anjalshireesh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested, working as expected.

@shtripat
Enable setting of SFTP post tenant creation as well
7921b3d 
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
@shtripat
Fix CI failure
b59c8c0 
Signed-off-by: Shubhendu Ram Tripathi <shubhendu@minio.io>
@pjuarezd
Copy link
Member

Tested, working.

@pjuarezd pjuarezd merged commit ef09546 into minio:master Jul 25, 2023
31 checks passed
@djwfyi djwfyi mentioned this pull request Aug 9, 2023
Closed
6 tasks
@feorlen feorlen mentioned this pull request Sep 6, 2023
Merged
feorlen added a commit to minio/docs that referenced this pull request Sep 8, 2023
@feorlen
SFTP access for Operator Tenants (#993)
1aea92b 
Document SFTP access for Operator Tenants, from Operator v5.0.7.
minio/operator#1685
minio/operator#1692

The new Operator SFTP text and the not-Operator version it is based on
were converted to includes rather than have a mess of conditionals in a
single file.

Staged

http://192.241.195.202:9000/staging/DOCS-943-2/k8s/developers/file-transfer-protocol.html

http://192.241.195.202:9000/staging/DOCS-943-2/linux/developers/file-transfer-protocol.html

Partially addresses #943
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pjuarezd pjuarezd pjuarezd approved these changes

@jiuker jiuker jiuker approved these changes

@cniackz cniackz Awaiting requested review from cniackz

@dvaldivia dvaldivia Awaiting requested review from dvaldivia

@anjalshireesh anjalshireesh Awaiting requested review from anjalshireesh

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@shtripat @jiuker @pjuarezd @anjalshireesh