Add basic documentation
Some checks reported errors
continuous-integration/drone/push Build was killed

This commit is contained in:
Pierre HUBERT 2023-05-09 18:45:59 +02:00
parent 921c70a785
commit 19ffc11f00
2 changed files with 118 additions and 20 deletions

View File

@ -1,24 +1,6 @@
# MinioK8sBuckets
[![Build Status](https://drone.communiquons.org/api/badges/pierre/MinioK8sBuckets/status.svg)](https://drone.communiquons.org/pierre/MinioK8sBuckets)
Automatically create Minio buckets based on K8S Custom Resources.
## Installation
1. Run the following commands:
```bash
kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/crd.yaml
kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/deployment.yaml
```
2. Deploy Minio
3. Create a MinioInstance & a MinioBucket (like in [our test](test/test-inside-cluster.yaml))
4. That's it!
## Development
Apply all K8s config files manually:
```bash
cat yaml/*.yaml | kubectl apply -f -
```
Note : [mc tool](https://min.io/download) is required
See the [docs](docs) to learn more.

116
docs/README.md Normal file
View File

@ -0,0 +1,116 @@
# Minio K8S bucket
An operator to automatically create and update S3 buckets on Minio, with their accounts.
One deployed, this tool will allow you to automatically create Minio accounts associated with buckets.
## Pre-requisites
You will need:
* `kubectl` access to the target cluster
* A running Minio instance, and especially:
* The URL where the API of the instance can be reached
* The root credentials
## Installation
The operator can be installed using the following commands:
```bash
kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/crd.yaml
kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/deployment.yaml
```
!!! warning "Known limitation"
The operator install a deployment on the `default` namespace. Currently, only this namespace is supported!
## Configure instance
In order to create buckets, the operator needs to know how to reach the Minio instance.
You first need to secret similar to that one:
```yaml
apiVersion: v1
kind: Secret
metadata:
name: minio-root
type: Opaque
dyringData:
accessKey: <MINIO_ROOT_ACCESS_KEY>
secretKey: <MINIO_ROOT_SECRET_KEY>
```
Replace `<MINIO_ROOT_ACCESS_KEY>` and `<MINIO_ROOT_SECRET_KEY>` with the appropriate values.
You can then declare a Minio instance simiarl to that one:
```yaml
apiVersion: "communiquons.org/v1"
kind: MinioInstance
metadata:
name: my-minio-instance
spec:
endpoint: https://minio.example.com/
credentials: minio-root
```
!!! note
Minio itself can be located outside of the Kubernetes cluster.
## Create a bucket
You are not ready to create your first bucket!
Here is a basic bucket example:
```yaml
apiVersion: "communiquons.org/v1"
kind: MinioBucket
metadata:
name: first-bucket
spec:
# The name of the minio instance
instance: my-minio-instance
# The name of the bucket to create
name: first-bucket
# The name of the secret that will be created
# by the operator which contains credentials to
# use to access the bucket
secret: first-bucket-secret
```
## More complete example
Here is a more complete example that makes use of all the available options:
```yaml
apiVersion: "communiquons.org/v1"
kind: MinioBucket
metadata:
name: my-bucket
spec:
instance: my-minio-instance
name: my-bucket
secret: my-bucket-secret
# This must be set to true to allow unauthenticated
# access to the bucket resources. Use this to host a
# static website for example
anonymous_read_access: true
# Enable versioning on the bucket => keep old versions
# of uploaded files
versioning: true
# If specified, a quota will be applied to the bucket, in bytes
quota: 1000000000
# Prevent files from being removed from the bucket. This parameter
# can not be changed, once the bucket has been created
lock: true
# Data retention policy. Versioning must be enabled to allow this
retention:
# The number of days data shall be kept
validity: 100
# compliance => nobody can bypass the policy
# governance => users with privileges might bypass policy restrictions
mode: compliance
```