Some glue to make minio buckets working

Makefile.vars.mk

@@ -32,7 +32,7 @@ JSONNET_DOCKER  ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --entrypoint=json
 VALE_CMD  ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) --volume "$${PWD}"/docs/modules:/pages ghcr.io/vshn/vale:2.15.5
 VALE_ARGS ?= --minAlertLevel=error --config=/pages/ROOT/pages/.vale.ini /pages
 
-ANTORA_PREVIEW_CMD ?= $(DOCKER_CMD) run --rm --publish 35729:35729 --publish 2020:2020 $(antora_git_volume) --volume "${PWD}/docs":/preview/antora/docs ghcr.io/vshn/antora-preview:3.1.2.3 --style=syn --antora=docs
+ANTORA_PREVIEW_CMD ?= $(DOCKER_CMD) run --rm --publish 35729:35729 --publish 2020:2020 $(antora_git_volume) --volume "${PWD}/docs":/preview/antora/docs ghcr.io/vshn/antora-preview:3.1.4 --style=syn --antora=docs
 
 COMMODORE_CMD  ?= $(DOCKER_CMD) $(DOCKER_ARGS) $(root_volume) docker.io/projectsyn/commodore:latest
 COMPILE_CMD    ?= $(COMMODORE_CMD) component compile . $(commodore_args)

class/defaults.yml

@@ -39,7 +39,7 @@ parameters:
       appcat:
         registry: ghcr.io
         repository: vshn/appcat
-        tag: v4.25.0
+        tag: v4.27.0
       apiserver:
         registry: ghcr.io
         repository: vshn/appcat-apiserver
@@ -222,7 +222,8 @@ parameters:
           package: ${appcat:images:provider-minio:registry}/${appcat:images:provider-minio:repository}:${appcat:images:provider-minio:tag}
         controllerConfig:
           serviceAccountName: provider-minio
-        providerConfig: {}
+        providerConfigRefs: []
+        additionalProviderConfigs: []
 
     services:
       # Used for deploying jobs
@@ -325,7 +326,7 @@ parameters:
                 cpu: "1"
                 memory: "1Gi"
                 disk: 50Gi
-
+          instances: []
 
       # Config for exoscale composites
       exoscale:

component/appcat_sla_reporter.jsonnet

@@ -59,12 +59,7 @@ local ObjectStorage = kube._Object('appcat.vshn.io/v1', 'ObjectBucket', 'appcat-
   metadata: {
     namespace: slos_params.namespace,
     name: 'appcat-sla-reports',
-    annotations: {
-      // Our current ArgoCD configuration can't handle the claim -> composite
-      // relationship
-      'argocd.argoproj.io/compare-options': 'IgnoreExtraneous',
-      'argocd.argoproj.io/sync-options': 'Prune=false',
-    },
+    annotations: common.ArgoCDAnnotations(),
   },
   spec: {
     parameters: {

component/common.libsonnet

@@ -15,7 +15,7 @@ local exoscaleZones = [ 'de-fra-1', 'de-muc-1', 'at-vie-1', 'ch-gva-2', 'ch-dk-2
 local cloudscaleZones = [ 'lpg', 'rma' ];
 
 local strExoscaleZones = std.join(', ', exoscaleZones);
-local strCloudscaleZones = std.join('and', cloudscaleZones);
+local strCloudscaleZones = std.join(', ', cloudscaleZones);
 
 local syncOptions = {
   metadata+: {
@@ -32,7 +32,7 @@ local vshnMetaDBaaSExoscale(dbname) = {
       'metadata.appcat.vshn.io/displayname': 'Exoscale ' + dbname,
       'metadata.appcat.vshn.io/description': dbname + ' DBaaS instances by Exoscale',
       'metadata.appcat.vshn.io/end-user-docs-url': 'https://vs.hn/exo-' + std.asciiLower(dbname),
-      'metadata.appcat.vshn.io/zone': 'Exoscale zones: ' + strExoscaleZones,
+      'metadata.appcat.vshn.io/zone': strExoscaleZones,
       'metadata.appcat.vshn.io/product-description': 'https://products.docs.vshn.ch/products/appcat/exoscale_dbaas.html',
     },
     labels+: {
@@ -69,8 +69,8 @@ local vshnMetaVshnDBaas(dbname, flavor, offered, plans) = vshnMetaVshn(dbname, f
 
 local providerZones(provider) =
   if provider == 'Exoscale' then strExoscaleZones
-  else if provider == 'Cloudscale' then strCloudscaleZones
-  else if provider == 'Minio' then 'us-east-1';
+  else if provider == 'cloudscale.ch' then strCloudscaleZones
+  else 'default';
 
 local vshnMetaObjectStorage(provider) = {
   metadata+: {
@@ -159,6 +159,20 @@ local promRuleSLA(value, service) = kube._Object('monitoring.coreos.com/v1', 'Pr
   },
 };
 
+local removeField(obj, name) = {
+  // We don't want the name field in the actual providerConfig
+  [k]: obj[k]
+  for k in std.objectFieldsAll(obj)
+  if k != name
+};
+
+local argoCDAnnotations() = {
+  // Our current ArgoCD configuration can't handle the claim -> composite
+  // relationship
+  'argocd.argoproj.io/compare-options': 'IgnoreExtraneous',
+  'argocd.argoproj.io/sync-options': 'Prune=false',
+};
+
 {
   SyncOptions: syncOptions,
   VshnMetaDBaaSExoscale(dbname):
@@ -185,4 +199,8 @@ local promRuleSLA(value, service) = kube._Object('monitoring.coreos.com/v1', 'Pr
     getApiserverImageString(),
   PromRuleSLA(value, service):
     promRuleSLA(value, service),
+  RemoveField(obj, name):
+    removeField(obj, name),
+  ArgoCDAnnotations():
+    argoCDAnnotations(),
 }

component/objectstorage.jsonnet

@@ -241,13 +241,12 @@ local compositionExoscale =
     },
   };
 
-local compositionMinio =
-
+local minioComp(name) =
   local compParams = objStoParams.compositions.minio;
 
-  kube._Object('apiextensions.crossplane.io/v1', 'Composition', 'minio.objectbuckets.appcat.vshn.io') +
+  kube._Object('apiextensions.crossplane.io/v1', 'Composition', name + '.objectbuckets.appcat.vshn.io') +
   common.SyncOptions +
-  common.VshnMetaObjectStorage('Minio') +
+  common.VshnMetaObjectStorage('Minio-' + name) +
   {
     spec: {
       compositeTypeRef: comp.CompositeRef(xrd),
@@ -265,7 +264,7 @@ local compositionMinio =
                 name: 'xfn-config',
               },
               data: {
-                providerConfig: objStoParams.compositions.minio.providerConfig,
+                providerConfig: name,
               },
             },
             container: {
@@ -281,6 +280,21 @@ local compositionMinio =
     },
   };
 
+local compositionMinio =
+  local provider = params.providers.minio;
+  [
+    minioComp(config.name)
+    for config in provider.additionalProviderConfigs
+  ] + [
+    minioComp(configRef)
+    for configRef in provider.providerConfigRefs
+  ] + [
+    // Automagically add the defined instances as well
+    minioComp(instance.name)
+    for instance in params.services.vshn.minio.instances
+  ];
+
+
 if objStoParams.enabled then {
   '20_xrd_objectstorage': xrd,
   '20_rbac_objectstorage': xrds.CompositeClusterRoles(xrd),

component/provider.jsonnet

@@ -1,3 +1,4 @@
+local common = import 'common.libsonnet';
 local com = import 'lib/commodore.libjsonnet';
 local kap = import 'lib/kapitan.libjsonnet';
 local kube = import 'lib/kube.libjsonnet';
@@ -209,6 +210,11 @@ local controllerConfigRef(config) =
           resources: [ 'snapshots' ],
           verbs: [ 'get' ],
         },
+        {
+          apiGroups: [ 'minio.crossplane.io' ],
+          resources: [ 'providerconfigs' ],
+          verbs: [ 'get', 'list', 'watch', 'update', 'patch', 'create', 'delete' ],
+        },
       ],
     };
     local rolebinding = kube.ClusterRoleBinding('crossplane:provider:provider-kubernetes:system:custom') {
@@ -348,15 +354,18 @@ local controllerConfigRef(config) =
     controllerConf
     +
     [
-      crossplane.ProviderConfig('minio') {
+      crossplane.ProviderConfig(config.name) {
         apiVersion: 'minio.crossplane.io/v1',
         spec+: addCredentials(
-          provider.providerConfig,
+          common.RemoveField(config, 'name'),
           {
             source: 'InjectedIdentity',
           }
         ),
-      },
+      }
+      for config in provider.additionalProviderConfigs
+    ] +
+    [
       sa,
       role,
       rolebinding,

component/vshn_minio.jsonnet

@@ -17,8 +17,8 @@ local serviceNamespaceLabelKey = 'appcat.vshn.io/claim-namespace';
 
 local connectionSecretKeys = [
   'MINIO_URL',
-  'MINIO_USERNAME',
-  'MINIO_PASSWORD',
+  'AWS_SECRET_ACCESS_KEY',
+  'AWS_ACCESS_KEY_ID',
 ];
 
 local minioPlans = common.FilterDisabledParams(minioParams.plans);
@@ -33,7 +33,7 @@ local xrd = xrds.XRDFromCRD(
 local composition =
   kube._Object('apiextensions.crossplane.io/v1', 'Composition', 'vshnminio.vshn.appcat.vshn.io') +
   common.SyncOptions +
-  common.VshnMetaVshn('Minio', 'distributed', 'true', minioPlans) +
+  common.VshnMetaVshn('Minio', 'distributed', 'false', minioPlans) +
   {
     spec: {
       compositeTypeRef: comp.CompositeRef(xrd),
@@ -56,6 +56,7 @@ local composition =
                 minioChartVersion: params.charts.minio.version,
                 plans: std.toString(minioPlans),
                 defaultPlan: minioParams.defaultPlan,
+                providerEnabled: std.toString(params.providers.minio.enabled),
               },
             },
             container: {
@@ -71,8 +72,21 @@ local composition =
     },
   };
 
+
+local instances = [
+  kube._Object('vshn.appcat.vshn.io/v1', 'VSHNMinio', instance.name) + {
+    metadata+: {
+      namespace: instance.namespace,
+      annotations+: common.ArgoCDAnnotations(),
+    },
+    spec+: instance.spec,
+  }
+  for instance in minioParams.instances
+];
+
 if params.services.vshn.enabled && minioParams.enabled then {
   '20_xrd_vshn_minio': xrd,
   '20_rbac_vshn_minio': xrds.CompositeClusterRoles(xrd),
   '21_composition_vshn_minio': composition,
+  [if std.length(instances) != 0 then '22_minio_instances']: instances,
 } else {}

docs/modules/ROOT/pages/explanations/minio.adoc

@@ -0,0 +1,31 @@
+= Minio
+
+Installing Minio and generating the providerconfigs can be managed via the component.
+
+This setup has multiple parts to it:
+
+* provider
+* composition functions
+* deployments via composition function
+
+== Provider
+
+The provider section `appcat.provider.minio` can take multiple variations of provider configs:
+
+* By referencing an existing provider config by name
+* By creating additional configs through the `additionalProviderConfigs` field
+* Automatically injected configs from the `appcat.services.vshn.minio.instance`` field
+
+== Composition Function
+
+The composition here is very bare bones, the whole composition is via functions.
+The compositions are generated depending on how many provider configs there are.
+Each composition will handle exactly one provider config.
+This is the mechanism we can use so that a user can choose between different minio instances.
+We already use this mechanism to choose between different clouds for the `ObjectBuckets`.
+The default composition can easily be set.
+
+== Deployment
+
+Via `appcat.services.vshn.minio.instance` it's possible to deploy arbitrary amounts of minio instances to a cluster.
+As mentioned above, the provider configs will then be injected automatically and new compositions are generated accordingly.

docs/modules/ROOT/pages/references/provider-minio.adoc

@@ -0,0 +1,44 @@
+= Provider Minio
+
+The parent key for all of the following parameters is `appcat.provider.minio`.
+
+== `enabled`
+[horizontal]
+type:: bool
+default:: `false`
+
+If the provider should be installed.
+
+== `providerConfigRefs`
+[horizontal]
+type:: array
+
+A list of names for already existing `ProviderConfigs`.
+
+== `additionalProviderConfigs`
+[horizontal]
+type:: array
+
+A list of additional `ProviderConfigs` that should be deployed via the component.
+Contains the `spec` of the `ProviderConfig` object.
+
+.Examples
+[source,yaml]
+----
+additionalProviderConfigs:
+  - name: minio
+    minioURL: http://minio-server.minio.svc:9000/
+    credentials:
+      apiSecretRef:
+        name: minio-secret
+        namespace: syn-crossplane
+----
+
+== `controllerConfig`
+[horizontal]
+type:: dict
+
+The `spec` of the `ControllerConfig`.
+If the component is deployed on OpenShift, it will automatically add the necessary security context changes to the config.
+
+Consult the https://doc.crds.dev/github.com/crossplane/crossplane/pkg.crossplane.io/ControllerConfig/v1alpha1[upstream documentation] for configuration options.

docs/modules/ROOT/pages/references/services-vshn.adoc

@@ -220,3 +220,34 @@ type:: string
 default:: `standard-1`
 
 The default plan used for Redis by VSHN, if the service user doesn't specify a plan.
+
+== minio
+[horizontal]
+type:: dict
+
+Configuration option for VSHN Minio.
+You have to option to enable or disable it through the `enabled` parameter and can set the `secretNamespace` and `providerSecretNamespace`.
+
+It's disabled by default and use the top level defined namespaces for `secretNamespace` and `providerSecretNamespace`.
+
+=== instances
+[horizontal]
+type:: array
+
+Array of minio instances to deploy to a given cluster.
+
+.Examples
+[source,yaml]
+----
+instances:
+  - name: my-minio
+    namespace: default
+    spec:
+      parameters:
+        service:
+          mode: standalone
+        size:
+          disk: 1Gi
+      writeConnectionSecretToRef:
+        name: my-minio-creds
+----

docs/modules/ROOT/partials/nav.adoc

@@ -6,6 +6,7 @@
 * xref:explanations/add-to-openshift-catalog.adoc[]
 * xref:explanations/exoscale-plans.adoc[]
 * xref:explanations/redisrestore.adoc[]
+* xref:explanations/minio.adoc[]
 
 .Tutorials
 * xref:tutorials/install-cloudscale.adoc[Install Cloudscale Stack]
@@ -21,6 +22,7 @@
 ** xref:references/provider-cloudscale.adoc[Provider Cloudscale]
 ** xref:references/provider-exoscale.adoc[Provider Exoscale]
 ** xref:references/provider-kubernetes.adoc[Provider Kubernetes]
+** xref:references/provider-minio.adoc[Provider Minio]
 
 * Service Parameters
 ** xref:references/services-exoscale.adoc[Exoscale Services]

tests/golden/cloudscale/appcat/appcat/10_provider_kubernetes.yaml

@@ -259,6 +259,18 @@ rules:
       - snapshots
     verbs:
       - get
+  - apiGroups:
+      - minio.crossplane.io
+    resources:
+      - providerconfigs
+    verbs:
+      - get
+      - list
+      - watch
+      - update
+      - patch
+      - create
+      - delete
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding