fix disable tenant TLS regression (#1223)

Signed-off-by: Lenin Alevski <[email protected]>
minio · Jul 29, 2022 · 625b873 · 625b873
1 parent 7aaea41
commit 625b873
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 21 deletions.
diff --git a/pkg/apis/minio.min.io/v2/helper.go b/pkg/apis/minio.min.io/v2/helper.go
@@ -65,6 +65,13 @@ const (
 	WebhookMinIOArgs   = "MINIO_ARGS"
 	WebhookMinIOBucket = "MINIO_DNS_WEBHOOK_ENDPOINT"
 
+	MinIOServerURL          = "MINIO_SERVER_URL"
+	MinIODomain             = "MINIO_DOMAIN"
+	MinIOBrowserRedirectURL = "MINIO_BROWSER_REDIRECT_URL"
+
+	MinIORootUser     = "MINIO_ROOT_USER"
+	MinIORootPassword = "MINIO_ROOT_PASSWORD"
+
 	defaultPrometheusJWTExpiry = 100 * 365 * 24 * time.Hour
 )
 

diff --git a/pkg/controller/cluster/pools.go b/pkg/controller/cluster/pools.go
@@ -20,7 +20,6 @@ import (
 	"context"
 	"fmt"
 	"reflect"
-	"strings"
 
 	corev1 "k8s.io/api/core/v1"
 
@@ -111,25 +110,21 @@ func poolSSMatchesSpec(tenant *miniov2.Tenant, pool *miniov2.Pool, ss *appsv1.St
 	}
 	// Try to detect changes in Env Vars
 	// Merge the statefulset env with incoming tenant envs and compare with statefulset envs.
-	new := miniov2.MergeMaps(miniov2.ToMap(ss.Spec.Template.Spec.Containers[0].Env), miniov2.ToMap(tenant.GetEnvVars()))
-	current := miniov2.ToMap(ss.Spec.Template.Spec.Containers[0].Env)
-	if miniov2.IsEnvUpdated(current, new) {
+	expectedEnvVars := miniov2.MergeMaps(miniov2.ToMap(ss.Spec.Template.Spec.Containers[0].Env), miniov2.ToMap(tenant.GetEnvVars()))
+	currentEnvVars := miniov2.ToMap(ss.Spec.Template.Spec.Containers[0].Env)
+	if miniov2.IsEnvUpdated(currentEnvVars, expectedEnvVars) {
 		poolMatchesSS = false
 	}
 	// Check if endpoints protocol changed because of TLS configuration and pods need to be restarted
-	if new["MINIO_ENDPOINTS"] != "" {
-		if tenant.TLS() && !strings.HasPrefix(new["MINIO_ENDPOINTS"], "https") {
-			poolMatchesSS = false
-		} else if !tenant.TLS() && strings.HasPrefix(new["MINIO_ENDPOINTS"], "http") {
+	if currentMinIOServerURL, ok := currentEnvVars[miniov2.MinIOServerURL]; ok {
+		if tenant.GetTenantServiceURL() != currentMinIOServerURL {
 			poolMatchesSS = false
 		}
 	}
-
 	// Check for topology spread constraints changes
 	if !reflect.DeepEqual(pool.TopologySpreadConstraints, ss.Spec.Template.Spec.TopologySpreadConstraints) {
 		poolMatchesSS = false
 	}
-
 	return poolMatchesSS, nil
 }
 

diff --git a/pkg/resources/statefulsets/minio-statefulset.go b/pkg/resources/statefulsets/minio-statefulset.go
@@ -121,8 +121,8 @@ func minioEnvironmentVars(t *miniov2.Tenant, skipEnvVars map[string][]byte, opVe
 	}
 	// tell MinIO about all the domains meant to hit it if they are not passed manually via .spec.env
 	if len(domains) > 0 {
-		envVarsMap["MINIO_DOMAIN"] = corev1.EnvVar{
-			Name:  "MINIO_DOMAIN",
+		envVarsMap[miniov2.MinIODomain] = corev1.EnvVar{
+			Name:  miniov2.MinIODomain,
 			Value: strings.Join(domains, ","),
 		}
 	}
@@ -132,8 +132,8 @@ func minioEnvironmentVars(t *miniov2.Tenant, skipEnvVars map[string][]byte, opVe
 	if t.HasMinIODomains() {
 		serverURL = t.Spec.Features.Domains.Minio[0]
 	}
-	envVarsMap["MINIO_SERVER_URL"] = corev1.EnvVar{
-		Name:  "MINIO_SERVER_URL",
+	envVarsMap[miniov2.MinIOServerURL] = corev1.EnvVar{
+		Name:  miniov2.MinIOServerURL,
 		Value: serverURL,
 	}
 
@@ -147,17 +147,17 @@ func minioEnvironmentVars(t *miniov2.Tenant, skipEnvVars map[string][]byte, opVe
 			}
 			consoleDomain = fmt.Sprintf("%s://%s", useSchema, t.Spec.Features.Domains.Console)
 		}
-		envVarsMap["MINIO_BROWSER_REDIRECT_URL"] = corev1.EnvVar{
-			Name:  "MINIO_BROWSER_REDIRECT_URL",
+		envVarsMap[miniov2.MinIOBrowserRedirectURL] = corev1.EnvVar{
+			Name:  miniov2.MinIOBrowserRedirectURL,
 			Value: consoleDomain,
 		}
 	}
 
 	// add env variables from tenant.Spec.CredsSecret.Name is deprecated and will be removed in the future
 	if t.HasCredsSecret() {
 		secretName := t.Spec.CredsSecret.Name
-		envVarsMap["MINIO_ROOT_USER"] = corev1.EnvVar{
-			Name: "MINIO_ROOT_USER",
+		envVarsMap[miniov2.MinIORootUser] = corev1.EnvVar{
+			Name: miniov2.MinIORootUser,
 			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
 					LocalObjectReference: corev1.LocalObjectReference{
@@ -167,8 +167,8 @@ func minioEnvironmentVars(t *miniov2.Tenant, skipEnvVars map[string][]byte, opVe
 				},
 			},
 		}
-		envVarsMap["MINIO_ROOT_PASSWORD"] = corev1.EnvVar{
-			Name: "MINIO_ROOT_PASSWORD",
+		envVarsMap[miniov2.MinIORootPassword] = corev1.EnvVar{
+			Name: miniov2.MinIORootPassword,
 			ValueFrom: &corev1.EnvVarSource{
 				SecretKeyRef: &corev1.SecretKeySelector{
 					LocalObjectReference: corev1.LocalObjectReference{
@@ -310,7 +310,7 @@ func volumeMounts(t *miniov2.Tenant, pool *miniov2.Pool, operatorTLS bool, certV
 		}
 	}
 
-	// CertPath (/tmp/certs) will always be mounted even if the tenant doesnt have any TLS certificate
+	// CertPath (/tmp/certs) will always be mounted even if the tenant doesn't have any TLS certificate
 	// operator will still mount the operator public cert under /tmp/certs/CAs/operator.crt
 	if operatorTLS || len(certVolumeSources) > 0 {
 		mounts = append(mounts, corev1.VolumeMount{