attempt to remove plugin from docs (#1219)

The Kubernetes plugin is gone, this PR replaces the procedures that use `kubectl minio` in all its various forms. The plugin was referenced on many pages and for many purposes so there is _a lot_ of restructuring involved. Some procedures no longer have CLI instructions, which can be addressed in subsequent PRs. Everything should have at least one working method, even if it's to use Operator Console. - Remove references to plugin, except for pre-4.5.8 upgrade paths - Move pre-4.5.8 upgrade paths to new child page (currently hidden from TOC, linked in page) - Fill in with new Kustomize, kubectl, and/or Operator Console steps. A handful of old screen captures still to be updated Staged: - [Operator deploy](https://192.241.195.202:9000/staging/DOCS-1213-upstream/k8s/operations/installation.html) - [Operator upgrade](https://192.241.195.202:9000/staging/DOCS-1213-upstream/k8s/operations/install-deploy-manage/upgrade-minio-operator.html) - [Deploy and manage Tenants](https://192.241.195.202:9000/staging/DOCS-1213-upstream/k8s/operations/deploy-manage-tenants.html) Fixes #1213
minio · Jun 7, 2024 · d17c896 · d17c896
1 parent 52e6683
commit d17c896
Show file tree

Hide file tree

Showing 56 changed files with 812 additions and 2,578 deletions.
diff --git a/source/administration/server-side-encryption.rst b/source/administration/server-side-encryption.rst
@@ -46,7 +46,7 @@ MinIO SSE is feature and API compatible with :s3-docs:`AWS Server-Side Encryptio
  - :kes-docs:`Entrust KeyControl <integrations/entrust-keycontrol/>`
  - :kes-docs:`Fortanix SDKMS <integrations/fortanix-sdkms/>`
  - :kes-docs:`Google Cloud Secret Manager <integrations/google-cloud-secret-manager/>`
- - :kes-docs:`Hashicorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
+ - :kes-docs:`HashiCorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
  - :kes-docs:`Thales CipherTrust Manager (formerly Gemalto KeySecure) <integrations/thales-ciphertrust/>`
 
  .. tab-item:: SSE-S3
@@ -71,7 +71,7 @@ MinIO SSE is feature and API compatible with :s3-docs:`AWS Server-Side Encryptio
  - :kes-docs:`Entrust KeyControl <integrations/entrust-keycontrol/>`
  - :kes-docs:`Fortanix SDKMS <integrations/fortanix-sdkms/>`
  - :kes-docs:`Google Cloud Secret Manager <integrations/google-cloud-secret-manager/>`
- - :kes-docs:`Hashicorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
+ - :kes-docs:`HashiCorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
  - :kes-docs:`Thales CipherTrust Manager (formerly Gemalto KeySecure) <integrations/thales-ciphertrust/>`
 
  .. tab-item:: SSE-C

diff --git a/source/administration/server-side-encryption/server-side-encryption-sse-kms.rst b/source/administration/server-side-encryption/server-side-encryption-sse-kms.rst
@@ -56,7 +56,7 @@ MinIO SSE-KMS is functionally compatible with AWS S3 :s3-docs:`Server-Side Encry
 - :kes-docs:`Entrust KeyControl <integrations/entrust-keycontrol/>`
 - :kes-docs:`Fortanix SDKMS <integrations/fortanix-sdkms/>`
 - :kes-docs:`Google Cloud Secret Manager <integrations/google-cloud-secret-manager/>`
-- :kes-docs:`Hashicorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
+- :kes-docs:`HashiCorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
 - :kes-docs:`Thales CipherTrust Manager (formerly Gemalto KeySecure) <integrations/thales-ciphertrust/>`
 
 .. _minio-encryption-sse-kms-quickstart:
@@ -81,7 +81,7 @@ supported external Key Management Services (KMS):
 - :kes-docs:`Entrust KeyControl <integrations/entrust-keycontrol/>`
 - :kes-docs:`Fortanix SDKMS <integrations/fortanix-sdkms/>`
 - :kes-docs:`Google Cloud Secret Manager <integrations/google-cloud-secret-manager/>`
-- :kes-docs:`Hashicorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
+- :kes-docs:`HashiCorp Vault Keystore <integrations/hashicorp-vault-keystore/>`
 - :kes-docs:`Thales CipherTrust Manager (formerly Gemalto KeySecure) <integrations/thales-ciphertrust/>`
 
 .. include:: /includes/common/common-minio-kes.rst

diff --git a/source/administration/server-side-encryption/server-side-encryption-sse-s3.rst b/source/administration/server-side-encryption/server-side-encryption-sse-s3.rst
@@ -53,7 +53,7 @@ following KMS providers:
 - :ref:`AWS SecretsManager <minio-sse-aws>`
 - :ref:`Google Cloud SecretManager <minio-sse-gcp>`
 - :ref:`Azure Key Vault <minio-sse-azure>`
-- :ref:`Hashicorp KeyVault <minio-sse-vault>`
+- :ref:`HashiCorp KeyVault <minio-sse-vault>`
 - Thales CipherTrust (formerly Gemalto KeySecure)
 
 .. _minio-encryption-sse-s3-quickstart:
@@ -76,7 +76,7 @@ supported external Key Management Services (KMS):
 - :ref:`AWS SecretsManager <minio-sse-aws>`
 - :ref:`Google Cloud SecretManager <minio-sse-gcp>`
 - :ref:`Azure Key Vault <minio-sse-azure>`
-- :ref:`Hashicorp KeyVault <minio-sse-vault>`
+- :ref:`HashiCorp KeyVault <minio-sse-vault>`
 - Thales CipherTrust (formerly Gemalto KeySecure)
 
 .. include:: /includes/common/common-minio-kes.rst

diff --git a/source/includes/aks/deploy-minio-on-azure-kubernetes-service.rst b/source/includes/aks/deploy-minio-on-azure-kubernetes-service.rst
@@ -1,3 +1,4 @@
+
 .. _deploy-operator-gke:
 
 =================================================
@@ -20,11 +21,7 @@ The MinIO Kubernetes Operator supports deploying MinIO Tenants onto AKS infrastr
  MinIO maintains an `AKS Marketplace listing <https://azuremarketplace.microsoft.com/en-us/marketplace/apps/minio.minio-object-storage_v1dot1>`__ through which you can register your AKS cluster with |subnet|.
  Any MinIO tenant you deploy through Marketplace-connected clusters can take advantage of SUBNET registration, including 24/7 access to MinIO engineers.
 
-Using the MinIO ``kubectl`` Plugin
- MinIO provides a ``kubectl`` plugin for installing and managing the MinIO Operator and Tenants through a terminal or shell (CLI) environment.
- You can manually register these tenants with |subnet| at any time.
-
-This page documents deploying the MinIO Operator through the CLI using the ``kubectl minio`` plugin.
+This page documents deploying the MinIO Operator through the CLI using Kustomize.
 For instructions on deploying the MinIO Operator through the AKS Marketplace, see :minio-web:`Deploy MinIO through AKS <multicloud-azure-kubernetes-service/deploy>`
 
 This documentation assumes familiarity with all referenced Kubernetes and Azure Kubernetes Service concepts, utilities, and procedures. 
@@ -51,5 +48,6 @@ For guidance on connecting ``kubectl`` to AKS, see :aks-docs:`Install kubectl an
 Procedure
 ---------
 
-.. include:: /includes/common/common-install-operator-kubectl-plugin.rst
+The following steps deploy Operator using Kustomize and a ``kustomization.yaml`` file from the MinIO Operator GitHub repository.
 
+.. include:: /includes/common/common-install-operator-kustomize.rst
diff --git a/source/includes/common/common-install-operator-kubectl-plugin.rst b/source/includes/common/common-install-operator-kubectl-plugin.rst
diff --git a/...ploy-manage/deploy-operator-kustomize.rst → ...mon/common-install-operator-kustomize.rst b/...ploy-manage/deploy-operator-kustomize.rst → ...mon/common-install-operator-kustomize.rst
@@ -1,52 +1,17 @@
-.. _minio-k8s-deploy-operator-kustomize:
-
-==============================
-Deploy Operator With Kustomize
-==============================
-
-.. default-domain:: minio
-
-.. contents:: Table of Contents
- :local:
- :depth: 2
-
-
-Overview
---------
-
-`Kustomize <https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization>`__ is a YAML-based templating tool that allows you to define Kubernetes resources in a declarative and repeatable fashion.
-Kustomize is included with the :kube-docs:`kubectl <reference/kubectl>` command line tool.
-
-The `default MinIO Operator Kustomize template <https://github.com/minio/operator/blob/master/kustomization.yaml>`__ provides a starting point for customizing configurations for your local environment.
-You can modify the default Kustomization file or apply your own `patches <https://datatracker.ietf.org/doc/html/rfc6902>`__ to customize the Operator deployment for your Kubernetes cluster.
-
-
-Prerequisites
--------------
-
-Installing Operator with Kustomize requires the following prerequisites:
-
-* An existing Kubernetes cluster, v1.21 or later.
-* A local ``kubectl`` installation with the same version as the cluster.
-* Access to run ``kubectl`` commands on the cluster from your local host.
-
-For more about Operator installation requirements, including TLS certificates, see the :ref:`Operator deployment prerequisites <minio-operator-prerequisites>`.
-
-This procedure assumes familiarity with the referenced Kubernetes concepts and utilities.
-While this documentation may provide guidance for configuring or deploying Kubernetes-related resources on a best-effort basis, it is not a replacement for the official :kube-docs:`Kubernetes Documentation <>`.
-
-.. _minio-k8s-deploy-operator-kustomize-repo:
+.. _minio-k8s-deploy-operator-kustomize-repo-2:
 
 Install the MinIO Operator using Kustomize
-------------------------------------------
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 The following procedure uses ``kubectl -k`` to install the Operator from the MinIO Operator GitHub repository.
 ``kubectl -k`` and ``kubectl --kustomize`` are aliases that perform the same command.
 
 .. important::
 
- If you use Kustomize to install the Operator, you must use Kustomize to manage or update that installation.
- Do not use ``kubectl krew``, a Helm chart, or similar methods to manage or update the MinIO Operator installation.
+ If you use Kustomize to install the Operator, you must use Kustomize to manage or upgrade that installation.
+ Do not use ``kubectl krew``, a Helm chart, or similar methods to manage or upgrade a MinIO Operator installation deployed with Kustomize.
+
+ You can, however, use Kustomize to upgrade a previous version of Operator (5.0.14 or earlier) installed with the MinIO Kubernetes Plugin.
 
 #. Install the latest version of Operator
 
@@ -89,15 +54,18 @@ The following procedure uses ``kubectl -k`` to install the Operator from the Min
 
  .. code-block:: shell
 
- NAME READY STATUS RESTARTS AGE
- console-6b6cf8946c-9cj25 1/1 Running 0 99s
- minio-operator-69fd675557-lsrqg 1/1 Running 0 99s
+ NAME READY STATUS RESTARTS AGE
+ console-56c7d8bd89-485qh 1/1 Running 0 2m42s
+ minio-operator-6c758b8c45-nkhlx 1/1 Running 0 2m42s
+ minio-operator-6c758b8c45-dgd8n 1/1 Running 0 2m42s
 
  In this example, the ``minio-operator`` pod is MinIO Operator and the ``console`` pod is the Operator Console.
 
- You can modify your Operator deplyoment by applying kubectl patches.
+ You can modify your Operator deployment by applying kubectl patches.
  You can find examples for common configurations in the `Operator GitHub repository <https://github.com/minio/operator/tree/master/examples/kustomization>`__.
 
+ .. _minio-k8s-deploy-operator-access-console:
+
 #. *(Optional)* Configure access to the Operator Console service
 
  The Operator Console service does not automatically bind or expose itself for external access on the Kubernetes cluster.
@@ -131,7 +99,8 @@ The following procedure uses ``kubectl -k`` to install the Operator from the Min
  }
  }'
 
- You can now access the service through port ``30433`` on any of your Kubernetes worker nodes.
+ The patch command should output ``service/console patched``.
+ You can now access the service through ports ``30433`` (HTTPS) or ``30090`` (HTTP) on any of your Kubernetes worker nodes.
 
 #. Verify the Operator installation
 
@@ -147,23 +116,22 @@ The following procedure uses ``kubectl -k`` to install the Operator from the Min
  .. code-block:: shell
 
  NAME READY STATUS RESTARTS AGE
- pod/console-68d955874d-vxlzm 1/1 Running 0 25h
- pod/minio-operator-699f797b8b-th5bk 1/1 Running 0 25h
- pod/minio-operator-699f797b8b-nkrn9 1/1 Running 0 25h
+ pod/console-56c7d8bd89-485qh 1/1 Running 0 5m20s
+ pod/minio-operator-6c758b8c45-nkhlx 1/1 Running 0 5m20s
+ pod/minio-operator-6c758b8c45-dgd8n 1/1 Running 0 5m20s
 
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/console  ClusterIP 10.43.195.224 <none> 9090/TCP,9443/TCP 25h
- service/operator ClusterIP 10.43.44.204  <none> 4221/TCP 25h
- service/sts ClusterIP 10.43.70.4  <none> 4223/TCP  25h
+ NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S)  AGE
+ service/operator ClusterIP 10.43.135.241 <none> 4221/TCP  5m20s
+ service/sts  ClusterIP 10.43.117.251 <none> 4223/TCP  5m20s
+ service/console NodePort 10.43.235.38 <none> 9090:30090/TCP,9443:30433/TCP 5m20s
 
  NAME READY UP-TO-DATE AVAILABLE AGE
- deployment.apps/console 1/1 1 1 25h
- deployment.apps/minio-operator 2/2 2 2 25h
+ deployment.apps/console 1/1 1 1 5m20s
+ deployment.apps/minio-operator 2/2 2 2 5m20s
 
  NAME DESIRED CURRENT READY AGE
- replicaset.apps/console-68d955874d 1 1 1 25h
- replicaset.apps/minio-operator-699f797b8b 2 2 2 25h
-
+ replicaset.apps/console-56c7d8bd89 1 1 1 5m20s
+ replicaset.apps/minio-operator-6c758b8c45 2 2 2 5m20s
 
 #. Retrieve the Operator Console JWT for login
 
@@ -183,6 +151,7 @@ The following procedure uses ``kubectl -k`` to install the Operator from the Min
  SA_TOKEN=$(kubectl -n minio-operator get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode)
  echo $SA_TOKEN
 
+ The output of this command is the JSON Web Token (JWT) login credential for Operator Console.
 
 #. Log into the MinIO Operator Console
 
@@ -199,7 +168,7 @@ The following procedure uses ``kubectl -k`` to install the Operator from the Min
  .. code-block:: shell
  :class: copyable
 
- $ kubectl get nodes -o custom-columns=IP:.status.addresses[:]
+ kubectl get nodes -o custom-columns=IP:.status.addresses[:]
  IP
  map[address:172.18.0.5 type:InternalIP],map[address:k3d-MINIO-agent-3 type:Hostname]
  map[address:172.18.0.6 type:InternalIP],map[address:k3d-MINIO-agent-2 type:Hostname]

diff --git a/source/includes/common/common-k8s-connect-operator-console-no-plugin.rst b/source/includes/common/common-k8s-connect-operator-console-no-plugin.rst
@@ -0,0 +1,37 @@
+The Operator Console service does not automatically bind or expose itself for external access on the Kubernetes cluster.
+Instead, you must configure a network control plane component, such as a load balancer or ingress, to grant external access.
+
+.. cond:: k8s
+
+For testing purposes or short-term access, expose the Operator Console service through a NodePort using the following patch:
+
+.. code-block:: shell
+ :class: copyable
+
+ kubectl patch service -n minio-operator console -p '
+ {
+ "spec": {
+ "ports": [
+ {
+ "name": "http",
+ "port": 9090,
+ "protocol": "TCP",
+ "targetPort": 9090,
+ "nodePort": 30090
+ },
+ {
+ "name": "https",
+ "port": 9443,
+ "protocol": "TCP",
+ "targetPort": 9443,
+ "nodePort": 30433
+ }
+ ],
+ "type": "NodePort"
+ }
+ }'
+
+After applying the path, you can access the service through port ``30433`` on any of the Kubernetes worker nodes.
+
+Append the ``nodePort`` value to the externally-accessible IP address of a worker node in your Kubernetes cluster.
+Use the appropriate ``http`` or ``https`` port depending on whether you deployed Operator Console with TLS.