Creates bucket, user, and policy in Minio.
Reflects CRD as Minio objects.
Create user
apiVersion: minio.k8s.reddec.net/v1alpha1
kind: User
metadata:
name: user-sample # user name in minio
spec:
secretName: my-user # optional, default to <CRD-name>-minioSecret contains:
AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY
Create bucket
apiVersion: minio.k8s.reddec.net/v1alpha1
kind: Bucket
metadata:
name: bucket-sample # bucket name in minio
spec:
retain: false # optional (default: false) - do not remove bucket after CRD removal
public: false # optional (default: false) - allow anonymous GetObject (download only)- even if
public: truedirectory listing is not allowed
Create policy
apiVersion: minio.k8s.reddec.net/v1alpha1
kind: Policy
metadata:
name: policy-sample
spec:
bucket: public # bucket name
user: my-user # username (key_id)
read: false # read permissions
write: true # write permissionsread: truewithwrite: trueis special case and means all operations are allowed.
It is namespaced operator, which requires independent installation for each namespace. Check example.
curl -L https://github.com/reddec/minio-ext-operator/releases/latest/download/minio-ext-operator.tar.gz | \
tar zxf -kustomization.yaml- namespacepatch_env.yaml- secrets and endpointssecrets.yaml- minio admin user and password
Feel free to adjust kustomize as much as you wish
- Create manifests
Copyright 2022 Aleksandr Baryshnikov.
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.