Dockerfile

@@ -0,0 +1,6 @@
+FROM debian:bullseye-slim
+
+COPY minio-operator /usr/local/bin/minio-operator
+COPY mc /usr/local/bin/mc
+
+ENTRYPOINT /usr/local/bin/minio-operator

build_docker_image.sh

@@ -0,0 +1,14 @@
+#!/bin/bash
+cargo build --release
+
+TEMP_DIR=$(mktemp -d)
+cp target/release/minio-operator "$TEMP_DIR"
+
+# Download mc
+wget -O "$TEMP_DIR/mc" https://dl.min.io/client/mc/release/linux-amd64/mc
+chmod +x "$TEMP_DIR/mc" 
+
+docker build -f Dockerfile "$TEMP_DIR" -t pierre42100/minio_operator
+
+rm -r $TEMP_DIR
+

test/second-bucket.yaml

@@ -6,4 +6,5 @@ metadata:
 spec:
   instance: my-minio-instance
   name: second-bucket
-  secret: second-bucket-secret
+  secret: second-bucket-secret
+  versioning: false

test/test-inside-cluster.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: minio-root
+type: Opaque
+data:
+  accessKey: bWluaW9hZG1pbg==
+  secretKey: bWluaW9hZG1pbg==
+---
+apiVersion: "communiquons.org/v1"
+kind: MinioInstance
+metadata:
+  name: my-minio-instance
+spec:
+  endpoint: http://192.168.2.103:9000/
+  credentials: minio-root
+---
+apiVersion: "communiquons.org/v1"
+kind: MinioBucket
+metadata:
+  name: first-bucket
+spec:
+  instance: my-minio-instance
+  name: first-bucket
+  secret: first-bucket-secret

yaml/deployment.yaml

@@ -0,0 +1,70 @@
+apiVersion: v1
+kind: ServiceAccount
+automountServiceAccountToken: true
+metadata:
+  name: minio-operator
+  namespace: default
+  labels:
+    app: minio-operator
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: minio-operator
+  namespace: default
+rules:
+- apiGroups: ["communiquons.org"]
+  resources: ["minioinstances", "miniobuckets"]
+  verbs: ["get", "list", "watch"]
+- apiGroups: [""]
+  resources: ["secrets"]
+  verbs: ["get", "create"]
+---
+kind: RoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: minio-operator
+  namespace: default
+subjects:
+- kind: ServiceAccount
+  name: minio-operator
+  namespace: default
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: minio-operator
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: minio-operator
+  labels:
+    app: minio-operator
+spec:
+  replicas: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: minio-operator
+  template:
+    metadata:
+      labels:
+        app: minio-operator
+    spec:
+      serviceAccountName: minio-operator
+      containers:
+        - name: minio-operator
+          image: pierre42100/minio_operator
+          resources:
+            limits:
+              memory: 300Mi
+              cpu: "0.1"
+            requests:
+              memory: 150Mi
+              cpu: "0.01"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL

yaml/service_account.yaml

@@ -1,33 +0,0 @@
-apiVersion: v1
-kind: ServiceAccount
-automountServiceAccountToken: true
-metadata:
-  name: minio-buckets
-  namespace: default
-  labels:
-    app: minio
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
-  name: minio-buckets
-  namespace: default
-rules:
-- apiGroups: ["communiquons.org"]
-  resources: ["minioinstances", "miniobuckets"]
-  verbs: ["get", "watch"]
----
-kind: RoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
-  name: minio-buckets
-  namespace: default
-subjects:
-- kind: ServiceAccount
-  name: minio-buckets
-  namespace: default
-roleRef:
-  apiGroup: rbac.authorization.k8s.io
-  kind: Role
-  name: minio-buckets
----