diff --git a/README.md b/README.md index fd7ff4a..380d709 100644 --- a/README.md +++ b/README.md @@ -1,24 +1,6 @@ # MinioK8sBuckets +[![Build Status](https://drone.communiquons.org/api/badges/pierre/MinioK8sBuckets/status.svg)](https://drone.communiquons.org/pierre/MinioK8sBuckets) Automatically create Minio buckets based on K8S Custom Resources. -## Installation -1. Run the following commands: -```bash -kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/crd.yaml -kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/deployment.yaml -``` - -2. Deploy Minio -3. Create a MinioInstance & a MinioBucket (like in [our test](test/test-inside-cluster.yaml)) -4. That's it! - - -## Development -Apply all K8s config files manually: - -```bash -cat yaml/*.yaml | kubectl apply -f - -``` - -Note : [mc tool](https://min.io/download) is required \ No newline at end of file +See the [docs](docs) to learn more. \ No newline at end of file diff --git a/docs/README.md b/docs/README.md new file mode 100644 index 0000000..118dc34 --- /dev/null +++ b/docs/README.md @@ -0,0 +1,116 @@ +# Minio K8S bucket + +An operator to automatically create and update S3 buckets on Minio, with their accounts. + +One deployed, this tool will allow you to automatically create Minio accounts associated with buckets. + + +## Pre-requisites +You will need: + +* `kubectl` access to the target cluster +* A running Minio instance, and especially: + * The URL where the API of the instance can be reached + * The root credentials + + +## Installation +The operator can be installed using the following commands: + +```bash +kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/crd.yaml +kubectl apply -f https://raw.githubusercontent.com/pierre42100/MinioK8sBuckets/master/yaml/deployment.yaml +``` + +!!! warning "Known limitation" + The operator install a deployment on the `default` namespace. Currently, only this namespace is supported! + +## Configure instance +In order to create buckets, the operator needs to know how to reach the Minio instance. + +You first need to secret similar to that one: + +```yaml +apiVersion: v1 +kind: Secret +metadata: + name: minio-root +type: Opaque +dyringData: + accessKey: + secretKey: +``` + +Replace `` and `` with the appropriate values. + + + +You can then declare a Minio instance simiarl to that one: + +```yaml +apiVersion: "communiquons.org/v1" +kind: MinioInstance +metadata: + name: my-minio-instance +spec: + endpoint: https://minio.example.com/ + credentials: minio-root +``` + +!!! note + Minio itself can be located outside of the Kubernetes cluster. + + +## Create a bucket +You are not ready to create your first bucket! + +Here is a basic bucket example: + +```yaml +apiVersion: "communiquons.org/v1" +kind: MinioBucket +metadata: + name: first-bucket +spec: + # The name of the minio instance + instance: my-minio-instance + # The name of the bucket to create + name: first-bucket + # The name of the secret that will be created + # by the operator which contains credentials to + # use to access the bucket + secret: first-bucket-secret +``` + +## More complete example +Here is a more complete example that makes use of all the available options: + +```yaml +apiVersion: "communiquons.org/v1" +kind: MinioBucket +metadata: + name: my-bucket +spec: + instance: my-minio-instance + name: my-bucket + secret: my-bucket-secret + # This must be set to true to allow unauthenticated + # access to the bucket resources. Use this to host a + # static website for example + anonymous_read_access: true + # Enable versioning on the bucket => keep old versions + # of uploaded files + versioning: true + # If specified, a quota will be applied to the bucket, in bytes + quota: 1000000000 + # Prevent files from being removed from the bucket. This parameter + # can not be changed, once the bucket has been created + lock: true + # Data retention policy. Versioning must be enabled to allow this + retention: + # The number of days data shall be kept + validity: 100 + # compliance => nobody can bypass the policy + # governance => users with privileges might bypass policy restrictions + mode: compliance +``` \ No newline at end of file