diff --git a/charts/s3-operator/Chart.yaml b/charts/s3-operator/Chart.yaml index e661f78..e23d9e2 100644 --- a/charts/s3-operator/Chart.yaml +++ b/charts/s3-operator/Chart.yaml @@ -13,7 +13,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.5 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. diff --git a/charts/s3-operator/templates/bucket-crd.yaml b/charts/s3-operator/templates/crd-bucket.yaml similarity index 82% rename from charts/s3-operator/templates/bucket-crd.yaml rename to charts/s3-operator/templates/crd-bucket.yaml index 5dce4fb..7c510f9 100644 --- a/charts/s3-operator/templates/bucket-crd.yaml +++ b/charts/s3-operator/templates/crd-bucket.yaml @@ -2,14 +2,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: buckets.s3.onyxia.sh annotations: {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep + helm.sh/resource-policy: keep {{- end }} - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 labels: {{- include "s3-operator.labels" . | nindent 4 }} + name: buckets.s3.onyxia.sh spec: group: s3.onyxia.sh names: @@ -61,23 +61,32 @@ spec: required: - default type: object + s3InstanceRef: + default: s3-operator/default + description: s3InstanceRef where create the bucket + maxLength: 127 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?(/[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)?$ + type: string + x-kubernetes-validations: + - message: s3InstanceRef is immutable + rule: self == oldSelf required: - name - quota + - s3InstanceRef type: object status: description: BucketStatus defines the observed state of Bucket properties: conditions: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: 'Status management using Conditions. See also : https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" @@ -91,8 +100,8 @@ spec: format: date-time type: string message: - description: message is a human readable message indicating details - about the transition. This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: @@ -106,11 +115,11 @@ spec: type: integer reason: description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers of - specific condition types may define expected values and meanings - for this field, and whether the values are considered a guaranteed - API. The value should be a CamelCase string. This field may - not be empty. + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -145,10 +154,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} \ No newline at end of file diff --git a/charts/s3-operator/templates/paths-crd.yaml b/charts/s3-operator/templates/crd-paths.yaml similarity index 92% rename from charts/s3-operator/templates/paths-crd.yaml rename to charts/s3-operator/templates/crd-paths.yaml index 82165c5..f2c6219 100644 --- a/charts/s3-operator/templates/paths-crd.yaml +++ b/charts/s3-operator/templates/crd-paths.yaml @@ -2,14 +2,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: paths.s3.onyxia.sh annotations: {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep + helm.sh/resource-policy: keep {{- end }} controller-gen.kubebuilder.io/version: v0.11.1 labels: {{- include "s3-operator.labels" . | nindent 4 }} + name: paths.s3.onyxia.sh spec: group: s3.onyxia.sh names: @@ -47,6 +47,16 @@ spec: items: type: string type: array + s3InstanceRef: + default: s3-operator/default + description: s3InstanceRef where create the Paths + maxLength: 127 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?(/[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)?$ + type: string + x-kubernetes-validations: + - message: s3InstanceRef is immutable + rule: self == oldSelf required: - bucketName type: object diff --git a/charts/s3-operator/templates/policy-crd.yaml b/charts/s3-operator/templates/crd-policies.yaml similarity index 81% rename from charts/s3-operator/templates/policy-crd.yaml rename to charts/s3-operator/templates/crd-policies.yaml index c06a976..dec5a83 100644 --- a/charts/s3-operator/templates/policy-crd.yaml +++ b/charts/s3-operator/templates/crd-policies.yaml @@ -2,14 +2,14 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: - name: policies.s3.onyxia.sh annotations: {{- if .Values.crds.keep }} - "helm.sh/resource-policy": keep + helm.sh/resource-policy: keep {{- end }} - controller-gen.kubebuilder.io/version: v0.10.0 + controller-gen.kubebuilder.io/version: v0.11.1 labels: {{- include "s3-operator.labels" . | nindent 4 }} + name: policies.s3.onyxia.sh spec: group: s3.onyxia.sh names: @@ -45,6 +45,16 @@ spec: policyContent: description: Content of the policy (IAM JSON format) type: string + s3InstanceRef: + default: s3-operator/default + description: s3InstanceRef where create the Policy + maxLength: 127 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?(/[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)?$ + type: string + x-kubernetes-validations: + - message: s3InstanceRef is immutable + rule: self == oldSelf required: - name - policyContent @@ -53,15 +63,13 @@ spec: description: PolicyStatus defines the observed state of Policy properties: conditions: - description: 'INSERT ADDITIONAL STATUS FIELD - define observed state - of cluster Important: Run "make" to regenerate code after modifying - this file' + description: 'Status management using Conditions. See also : https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' items: description: "Condition contains details for one aspect of the current state of this API Resource. --- This struct is intended for direct use as an array at the field path .status.conditions. For example, - \n type FooStatus struct{ // Represents the observations of a foo's - current state. // Known .status.conditions.type are: \"Available\", + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge // +listType=map // +listMapKey=type Conditions []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" @@ -75,8 +83,8 @@ spec: format: date-time type: string message: - description: message is a human readable message indicating details - about the transition. This may be an empty string. + description: message is a human readable message indicating + details about the transition. This may be an empty string. maxLength: 32768 type: string observedGeneration: @@ -90,11 +98,11 @@ spec: type: integer reason: description: reason contains a programmatic identifier indicating - the reason for the condition's last transition. Producers of - specific condition types may define expected values and meanings - for this field, and whether the values are considered a guaranteed - API. The value should be a CamelCase string. This field may - not be empty. + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. maxLength: 1024 minLength: 1 pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ @@ -129,10 +137,4 @@ spec: storage: true subresources: status: {} -status: - acceptedNames: - kind: "" - plural: "" - conditions: [] - storedVersions: [] {{- end }} \ No newline at end of file diff --git a/charts/s3-operator/templates/crd-s3instances.yaml b/charts/s3-operator/templates/crd-s3instances.yaml new file mode 100644 index 0000000..a2354bc --- /dev/null +++ b/charts/s3-operator/templates/crd-s3instances.yaml @@ -0,0 +1,180 @@ +{{- if .Values.crds.install }} +apiVersion: apiextensions.k8s.io/v1 +kind: CustomResourceDefinition +metadata: + annotations: + {{- if .Values.crds.keep }} + helm.sh/resource-policy: keep + {{- end }} + controller-gen.kubebuilder.io/version: v0.11.1 + labels: + {{- include "s3-operator.labels" . | nindent 4 }} + name: s3instances.s3.onyxia.sh +spec: + group: s3.onyxia.sh + names: + kind: S3Instance + listKind: S3InstanceList + plural: s3instances + singular: s3instance + scope: Namespaced + versions: + - name: v1alpha1 + schema: + openAPIV3Schema: + description: S3Instance is the Schema for the S3Instances API + properties: + apiVersion: + description: 'APIVersion defines the versioned schema of this representation + of an object. Servers should convert recognized schemas to the latest + internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + type: string + kind: + description: 'Kind is a string value representing the REST resource this + object represents. Servers may infer this from the endpoint the client + submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + type: string + metadata: + type: object + spec: + description: S3InstanceSpec defines the desired state of S3Instance + properties: + allowedNamespaces: + description: AllowedNamespaces to use this S3InstanceUrl if empty + only the namespace of this instance url is allowed to use it + items: + type: string + type: array + bucketDeletionEnabled: + default: false + description: BucketDeletionEnabled Trigger bucket deletion on the + S3 backend upon CR deletion. Will fail if bucket is not empty. + type: boolean + caCertSecretRef: + description: Secret containing key ca.crt with the certificate associated + to the S3InstanceUrl + type: string + pathDeletionEnabled: + default: false + description: PathDeletionEnabled Trigger path deletion on the S3 backend + upon CR deletion. Limited to deleting the `.keep` files used by + the operator. + type: boolean + policyDeletionEnabled: + default: false + description: PolicyDeletionEnabled Trigger policy deletion on the + S3 backend upon CR deletion. + type: boolean + region: + description: region associated to the S3Instance + type: string + s3Provider: + default: minio + description: type of the S3Instance + enum: + - minio + - mockedS3Provider + type: string + x-kubernetes-validations: + - message: S3Provider is immutable + rule: self == oldSelf + s3UserDeletionEnabled: + default: false + description: S3UserDeletionEnabled Trigger S3 deletion on the S3 backend + upon CR deletion. + type: boolean + secretRef: + description: Ref to Secret associated to the S3Instance containing + accessKey and secretKey + type: string + url: + description: url of the S3Instance + type: string + required: + - bucketDeletionEnabled + - pathDeletionEnabled + - policyDeletionEnabled + - s3Provider + - s3UserDeletionEnabled + - secretRef + - url + type: object + status: + description: S3InstanceStatus defines the observed state of S3Instance + properties: + conditions: + description: 'Status management using Conditions. See also : https://github.com/kubernetes/community/blob/master/contributors/devel/sig-architecture/api-conventions.md#typical-status-properties' + items: + description: "Condition contains details for one aspect of the current + state of this API Resource. --- This struct is intended for direct + use as an array at the field path .status.conditions. For example, + \n type FooStatus struct{ // Represents the observations of a + foo's current state. // Known .status.conditions.type are: \"Available\", + \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge + // +listType=map // +listMapKey=type Conditions []metav1.Condition + `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\" + protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }" + properties: + lastTransitionTime: + description: lastTransitionTime is the last time the condition + transitioned from one status to another. This should be when + the underlying condition changed. If that is not known, then + using the time when the API field changed is acceptable. + format: date-time + type: string + message: + description: message is a human readable message indicating + details about the transition. This may be an empty string. + maxLength: 32768 + type: string + observedGeneration: + description: observedGeneration represents the .metadata.generation + that the condition was set based upon. For instance, if .metadata.generation + is currently 12, but the .status.conditions[x].observedGeneration + is 9, the condition is out of date with respect to the current + state of the instance. + format: int64 + minimum: 0 + type: integer + reason: + description: reason contains a programmatic identifier indicating + the reason for the condition's last transition. Producers + of specific condition types may define expected values and + meanings for this field, and whether the values are considered + a guaranteed API. The value should be a CamelCase string. + This field may not be empty. + maxLength: 1024 + minLength: 1 + pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$ + type: string + status: + description: status of the condition, one of True, False, Unknown. + enum: + - "True" + - "False" + - Unknown + type: string + type: + description: type of condition in CamelCase or in foo.example.com/CamelCase. + --- Many .condition.type values are consistent across resources + like Available, but because arbitrary conditions can be useful + (see .node.status.conditions), the ability to deconflict is + important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt) + maxLength: 316 + pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$ + type: string + required: + - lastTransitionTime + - message + - reason + - status + - type + type: object + type: array + type: object + type: object + served: true + storage: true + subresources: + status: {} +{{- end }} \ No newline at end of file diff --git a/charts/s3-operator/templates/s3User-crd.yaml b/charts/s3-operator/templates/crd-s3users.yaml similarity index 91% rename from charts/s3-operator/templates/s3User-crd.yaml rename to charts/s3-operator/templates/crd-s3users.yaml index cb27022..7893652 100644 --- a/charts/s3-operator/templates/s3User-crd.yaml +++ b/charts/s3-operator/templates/crd-s3users.yaml @@ -3,8 +3,12 @@ apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: annotations: + {{- if .Values.crds.keep }} + helm.sh/resource-policy: keep + {{- end }} controller-gen.kubebuilder.io/version: v0.11.1 - creationTimestamp: null + labels: + {{- include "s3-operator.labels" . | nindent 4 }} name: s3users.s3.onyxia.sh spec: group: s3.onyxia.sh @@ -43,6 +47,16 @@ spec: items: type: string type: array + s3InstanceRef: + default: s3-operator/default + description: s3InstanceRef where create the user + maxLength: 127 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?(/[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])?)?$ + type: string + x-kubernetes-validations: + - message: s3InstanceRef is immutable + rule: self == oldSelf secretName: description: SecretName associated to the S3User type: string @@ -127,4 +141,4 @@ spec: storage: true subresources: status: {} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/s3-operator/templates/default-s3instance.yaml b/charts/s3-operator/templates/default-s3instance.yaml new file mode 100644 index 0000000..26a10ca --- /dev/null +++ b/charts/s3-operator/templates/default-s3instance.yaml @@ -0,0 +1,69 @@ +{{- if .Values.s3.default.enabled -}} +apiVersion: s3.onyxia.sh/v1alpha1 +kind: S3Instance +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: s3-operator + app.kubernetes.io/part-of: s3-operator + control-plane: controller-manager + {{- include "s3-operator.labels" . | nindent 4 }} + name: default +spec: + s3Provider: {{ .Values.s3.default.s3Provider }} + url: {{ .Values.s3.default.url }} + {{- if .Values.s3.default.secretRef }} + secretRef: {{ .Values.s3.default.secretRef }} + {{- else }} + secretRef: default-s3instance-credentials + {{- end }} + {{- if .Values.s3.default.caCertSecretRef }} + caCertSecretRef: {{ .Values.s3.default.caCertSecretRef }} + {{- else }} + caCertSecretRef: default-s3instance-certificates + {{- end }} + {{- if .Values.s3.default.allowedNamespaces }} + allowedNamespaces: {{ .Values.s3.default.allowedNamespaces }} + {{- end }} + {{- if .Values.s3.default.region }} + region: {{ .Values.s3.default.region }} + {{- end }} + s3UserDeletionEnabled: {{ .Values.s3.default.deletion.s3user }} + pathDeletionEnabled: {{ .Values.s3.default.deletion.path }} + policyDeletionEnabled: {{ .Values.s3.default.deletion.policy }} + bucketDeletionEnabled: {{ .Values.s3.default.deletion.bucket }} + +{{- if not .Values.s3.default.secretRef }} +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: s3-operator + app.kubernetes.io/part-of: s3-operator + control-plane: controller-manager + {{- include "s3-operator.labels" . | nindent 4 }} + name: default-s3instance-credentials +type: Opaque +data: + S3_ACCESS_KEY: {{- .Values.s3.default.accessKey }} + S3_SECRET_KEY: {{- .Values.s3.default.secretKey }} +{{- end }} +{{- if not .Values.s3.default.caCertSecretRef }} +--- +apiVersion: v1 +kind: Secret +metadata: + labels: + app.kubernetes.io/component: manager + app.kubernetes.io/created-by: s3-operator + app.kubernetes.io/part-of: s3-operator + control-plane: controller-manager + {{- include "s3-operator.labels" . | nindent 4 }} + name: default-s3instance-certificates +type: Opaque +data: + ca.crt: {{- .Values.s3.default.caCertificatesBase64 }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/charts/s3-operator/templates/deployment.yaml b/charts/s3-operator/templates/deployment.yaml index 137c524..714c9f8 100644 --- a/charts/s3-operator/templates/deployment.yaml +++ b/charts/s3-operator/templates/deployment.yaml @@ -1,13 +1,3 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "s3-operator.fullname" . }}-controller-manager - labels: - app.kubernetes.io/component: rbac - app.kubernetes.io/created-by: s3-operator - app.kubernetes.io/part-of: s3-operator - {{- include "s3-operator.labels" . | nindent 4 }} ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -41,18 +31,7 @@ spec: - --health-probe-bind-address=:8081 - --metrics-bind-address=127.0.0.1:8080 - --leader-elect - - --s3-endpoint-url={{ .Values.s3.endpointUrl }} - - --bucket-deletion={{ .Values.s3.deletion.bucket }} - - --path-deletion={{ .Values.s3.deletion.path }} - - --policy-deletion={{ .Values.s3.deletion.policy }} - - --s3user-deletion={{ .Values.s3.deletion.s3user }} - - --override-existing-secret={{ .Values.s3.s3user.overrideExistingSecret }} - {{- if .Values.s3.caCertificateBundlePath }} - - --s3-ca-certificate-bundle-path={{ .Values.s3.caCertificateBundlePath }} - {{- end }} - {{- range .Values.s3.caCertificatesBase64 }} - - --s3-ca-certificate-base64={{ . }} - {{- end }} + - --override-existing-secret={{ .Values.kubernetes.overrideExistingSecret }} {{- if .Values.controllerManager.manager.extraArgs }} {{- toYaml .Values.controllerManager.manager.extraArgs | nindent 8 }} {{- end }} @@ -60,25 +39,11 @@ spec: - /manager env: - name: KUBERNETES_CLUSTER_DOMAIN - value: {{ quote .Values.kubernetesClusterDomain }} - - name: S3_ACCESS_KEY - {{- if .Values.s3.existingSecret }} - valueFrom: - secretKeyRef: - name: {{ .Values.s3.existingSecret }} - key: S3_ACCESS_KEY - {{- else }} - value: {{ .Values.s3.accessKey }} - {{- end }} - - name: S3_SECRET_KEY - {{- if .Values.s3.existingSecret }} + value: {{ quote .Values.kubernetes.clusterDomain }} + - name: POD_NAMESPACE valueFrom: - secretKeyRef: - name: {{ .Values.s3.existingSecret }} - key: S3_SECRET_KEY - {{- else }} - value: {{ .Values.s3.secretKey }} - {{- end }} + fieldRef: + fieldPath: metadata.namespace {{- range $k, $v := .Values.controllerManager.manager.extraEnv }} - name: {{ $k }} value: {{ $v | quote }} diff --git a/charts/s3-operator/templates/manager-rbac.yaml b/charts/s3-operator/templates/manager-rbac.yaml index e328844..6349b24 100644 --- a/charts/s3-operator/templates/manager-rbac.yaml +++ b/charts/s3-operator/templates/manager-rbac.yaml @@ -5,6 +5,32 @@ metadata: labels: {{- include "s3-operator.labels" . | nindent 4 }} rules: +rules: +- apiGroups: + - "" + resources: + - secrets + verbs: + - create + - delete + - get + - list + - update + - watch +- apiGroups: + - "" + resources: + - secrets/finalizers + verbs: + - update +- apiGroups: + - "" + resources: + - secrets/status + verbs: + - get + - patch + - update - apiGroups: - s3.onyxia.sh resources: @@ -31,6 +57,32 @@ rules: - get - patch - update +- apiGroups: + - s3.onyxia.sh + resources: + - paths + verbs: + - create + - delete + - get + - list + - patch + - update + - watch +- apiGroups: + - s3.onyxia.sh + resources: + - paths/finalizers + verbs: + - update +- apiGroups: + - s3.onyxia.sh + resources: + - paths/status + verbs: + - get + - patch + - update - apiGroups: - s3.onyxia.sh resources: @@ -60,7 +112,7 @@ rules: - apiGroups: - s3.onyxia.sh resources: - - paths + - s3instances verbs: - create - delete @@ -72,13 +124,13 @@ rules: - apiGroups: - s3.onyxia.sh resources: - - paths/finalizers + - s3instances/finalizers verbs: - update - apiGroups: - s3.onyxia.sh resources: - - paths/status + - s3instances/status verbs: - get - patch @@ -108,11 +160,7 @@ rules: verbs: - get - patch - - update -- apiGroups: [""] - resources: [ "secrets" ] - verbs: ["list", "create" , "patch" , "update" ,"delete", "watch", "get"] - + - update --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding diff --git a/charts/s3-operator/templates/serviceaccount.yaml b/charts/s3-operator/templates/serviceaccount.yaml new file mode 100644 index 0000000..78f981e --- /dev/null +++ b/charts/s3-operator/templates/serviceaccount.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "s3-operator.fullname" . }}-controller-manager + labels: + app.kubernetes.io/component: rbac + app.kubernetes.io/created-by: s3-operator + app.kubernetes.io/part-of: s3-operator + {{- include "s3-operator.labels" . | nindent 4 }} diff --git a/charts/s3-operator/values.yaml b/charts/s3-operator/values.yaml index 0c451a4..c8109cd 100644 --- a/charts/s3-operator/values.yaml +++ b/charts/s3-operator/values.yaml @@ -26,35 +26,26 @@ controllerManager: extraArgs: [] extraEnv: {} replicas: 1 -kubernetesClusterDomain: cluster.local -s3: - endpointUrl: "localhost:9000" - - # To manage access/secret keys, two options : - # - (Poor) Directly set them using the accessKey/secretKey parameters below. - # This makes them directly visible to anyone with enough rights on your k8s. - # - (Better) Use the existingSecret parameter to reference a k8s secret, which - # needs to contain at least two environment variables : S3_ACCESS_KEY and S3_SECRET_KEY. - # This in turn allows you to use another mechanism to further protect these, - # eg sealed secrets. - existingSecret: "my-s3-operator-auth-secret" - # accessKey: "" - # secretKey: "" - - # If both "caCertificate" parameters are present, only - # caCertificatesBase64 is used. +kubernetes: + clusterDomain: cluster.local + overrideExistingSecret: false - # caCertificateBundlePath: /path/to/ca-bundle.crt - # caCertificatesBase64: - # - base64encodedPEMFormatCACertificate - - # Should the operator try to delete the resource from the S3 backend upon CR deletion ? - deletion: - bucket: false - path: false - policy: false - s3user: false - - s3user: - overrideExistingSecret: false \ No newline at end of file +s3: + default: + enabled: false + s3Provider: minio + url: "https://localhost:9000" + accessKey: "accessKey" + secretKey: "secretKey" + caCertificatesBase64: base64encodedPEMFormatCACertificate + region: us-east-1 + # secretRef: "my-s3-operator-auth-secret" + # caCertSecretRef: "my-s3-operator-cert-secret" + # allowedNamespaces: "" + # Should the operator try to delete the resource from the S3 backend upon CR deletion ? + deletion: + bucket: false + path: false + policy: false + s3user: false