DOCS-1273: Operator 6.0.0 Deploy/Upgrade docs, removing Console references

[ravindk89]

Addresses #1273

Summary

This pass does three things:

1. Updates all tutorials related to Operator/Tenant deployment for Kustomize and Helm
2. Removes references to Operator Console + updates to reference Kustomize/Helm wherever possible
3. Slightly tidies up old or dangling references

This pass does not do these things:

• Link out heavily to Kubernetes docs (for later)
• Clean up organization (singleplat build handles this)
• Addresses OpenShift, Rancher, etc.

[feorlen]

Staged: http://192.241.195.202:9000/staging/DOCS-1273/k8s/index.html

[feorlen]

Which release pushed the minimum required k8s to 1.28? Or was 1.21 incorrect already for 5.0.x?

[ravindk89]

1.21 is EOL and has been for a while. I think we just never got around to updating this.

1.28 will be EOL this year, but is at least still in-support (for now).

[djwfyi]

Yes, but EOL is different than our code requiring something that's in a specific version of K8s, as was the case with 5.0.0 and K8s 1.21. You cannot run Operator 5.0.0 on something older than 1.21. It doesn't work.

Does 6.0.0 require 1.28 because of something that's only in 1.28 and newer? Or is it just the "please don't use unsupported, old versions of software?"

[ravindk89]

From internal convos it sounds like even if we do technically support older K8s, we want to push users to always stay on latest stable.

I'm going to leave this for now and then see whether there is a way for us to pull this out of the code if we really want to keep a backstop in place.

[feorlen]

are the accepted values here true or false?

Suggested change

	* - ``tenant.certificate.requestAutoCert``
	- Enables or disables MinIO :ref:`automatic TLS certificate generation <minio-tls>`
	* - ``tenant.certificate.requestAutoCert``
	- Enable or disable MinIO :ref:`automatic TLS certificate generation <minio-tls>`

[allanrogerr]

Yes @feorlen

[allanrogerr]

@ravindk89 @feorlen Are we using the imperative mood or simply describing the field (indicative mood)? It's not clear what the standard is.

[ravindk89]

My intent was to be imperative (I think), but not necessarily because it's our standard - it's just how I learned to write these sort of things.

In which case i think we'd leave this as-is. Maybe for docs to discuss.

[djwfyi]

The step (numbered line at ln144) is imperative. These are all descriptions, so should be indicative. I'd leave 156 as is to match the other field descriptions. Or you'll need to change all of the following descriptions as well.

[ravindk89]

I changed everything and lets see how we feel about it.

[feorlen]

"Controls" is a bit vague, is it worth mentioning the type of accepted values here? There is more info in the CRD, which is reasonable to presume the reader is looking at.

[allanrogerr]

Also spec.requestAutoCert can be true, false, or simply not present. It is not a required field.

[ravindk89]

@allanrogerr iirc if `requestAutoCertisfalse`` then changes to this field do nothing, right?

Indeed omitting requestAutoCert defaults to true behavior so I could reverse this

Suggested change

	* - ``tenant.certificate.certConfig``
	- Controls the settings for :ref:`automatic TLS <minio-tls>`.
	Requires ``spec.requestAutoCert: true``
	* - ``tenant.certificate.certConfig``
	- Controls the settings for :ref:`automatic TLS <minio-tls>`.
	Only has affect if ``spec.requestAutoCert`` is not false.

[djwfyi]

Can we say

Suggested change

	* - ``tenant.certificate.certConfig``
	- Controls the settings for :ref:`automatic TLS <minio-tls>`.
	Requires ``spec.requestAutoCert: true``
	* - ``tenant.certificate.certConfig``
	- Controls the settings for :ref:`automatic TLS <minio-tls>`.
	Only has an effect if ``spec.requestAutoCert`` is set to ``true``.

Say that it must be "not false" sounds really awkward.

[ravindk89]

The easiest path here is to just state 'controls he settings...if enabled` and let the user infer that disabling one thing disables the othe.r

[feorlen]

Is this link still needed if we are now actually discussing the contents of values.yaml here?

[ravindk89]

I think so - values.yaml has a lot more gritty detail, this tutorial (for now) is very high level.

[djwfyi]

I'd suggest keeping the separate chart file to cover all of the options. Then the tutorials can focus on just the basics of getting something up and running.

[feorlen]

Is there a good link for the DIY option?

[ravindk89]

Yeah, will do that in this pass

[allanrogerr]

Suggested change

	watch kubectl get all -n minio-tenant
	watch kubectl get all -n minio-tenant-1

[allanrogerr]

Not sure if you want to use MINIO_TENANT_NAMESPACE and MINIO_TENANT_NAME nomenclature, but we should be consistent.

[allanrogerr]

Not sure if you want to use MINIO_TENANT_NAMESPACE and MINIO_TENANT_NAME nomenclature, but we should be consistent.

[ravindk89]

Hm. Yeah we kind of go back and forth on this. I'll migrate to the var-replace style.

[djwfyi]

Do you have to be on 5.0.15 to upgrade to Operator 6.0.x?
The upgrade docs make that a little unclear.

Lots of suggestions here and there for clarity and whatnot, but otherwise what a lift to get this done! Nice work.

[djwfyi]

Yes, but EOL is different than our code requiring something that's in a specific version of K8s, as was the case with 5.0.0 and K8s 1.21. You cannot run Operator 5.0.0 on something older than 1.21. It doesn't work.

Does 6.0.0 require 1.28 because of something that's only in 1.28 and newer? Or is it just the "please don't use unsupported, old versions of software?"

[djwfyi]

We should drop krew here, right?

[ravindk89]

I think keep it because it was around at one point. We want to emphasize that even if someone was using or heard of or read of using krew, its no longer recommended.

[djwfyi]

Why specify the version number here and not use the variable?

[djwfyi]

Is it upgrading from 4.5.8 to 6.0.1? The heading says to 5.0.15 on ln 38.

[ravindk89]

typo!

[ravindk89]

I feel dumb having done this. @rushenn @kaankabalak can we make this cleaner? for some reason it cascades down w/o this.

[rushenn]

Sure @ravindk89, I can take a look

[ravindk89]

I tested upgrading from 5.0.15 to 6.0.1 with Helm 3.15.3, to see how the CRD would change.

I can see the change in CRD and the diff shows that it does appear to update. But online docs and internal discussion indicate that Helm does not deal with CRD updates cleanly, so I'm not sure what's going on here or how to validate Helm upgrades working as expected.

That said we can still push this forward to at least get the docs out, possibly leaving a note on Helm Operator install docs stating that Helm does not handle CRD upgrades cleanly and that additional work may be required - though I still do not know what work.

cc @cniackz @pjuarezd @dvaldivia @ramondeklein for clarity on the above

[pjuarezd]

I tested upgrading from 5.0.15 to 6.0.1 with Helm 3.15.3, to see how the CRD would change.

I can see the change in CRD and the diff shows that it does appear to update. But online docs and internal discussion indicate that Helm does not deal with CRD updates cleanly, so I'm not sure what's going on here or how to validate Helm upgrades working as expected.

That said we can still push this forward to at least get the docs out, possibly leaving a note on Helm Operator install docs stating that Helm does not handle CRD upgrades cleanly and that additional work may be required - though I still do not know what work.

cc @cniackz @pjuarezd @dvaldivia @ramondeklein for clarity on the above

CRD's are allways updated on the Operator helm chart update @ravindk89, we don't store them in the /crd directory, preciselly to ensure are always updated, otherwise what you mention as Helm does not handle CRD upgrades cleanly would happen, instead we store CRD's in the /templates and allways update it, as a regular helm chart resource.

At some point even the plan of provide a separated helm chart only for the CRDS was proposed, but got no traction (Helm does not handle CRD upgrades cleanly)

For now I think we only need to mention we allways update CRD's and are not stored in the /crd directory.

[ravindk89]

Thanks @pjuarezd

From https://helm.sh/docs/chart_best_practices/custom_resource_definitions/

Another important point to consider in the discussion around CRD support is how the rendering of templates is handled. One of the distinct disadvantages of the crd-install method used in Helm 2 was the inability to properly validate charts due to changing API availability (a CRD is actually adding another available API to your Kubernetes cluster). If a chart installed a CRD, helm no longer had a valid set of API versions to work against. This is also the reason behind removing templating support from CRDs. With the new crds method of CRD installation, we now ensure that helm has completely valid information about the current state of the cluster.

It sounds like we're OK as long as we are building the charts with Helm 2, but Helm 3 removes the templating hook/approach we are currently using.

Is there any issue for the end user here to consider w.r.t. Helm 3, or can we safely assume that it's only baking the charts where it matters?

[djwfyi]

We need to clarify the upgrade path.
I think you have to get to 5.0.15 before upgrading to 6.0.1, but a few places seem to suggest that you can upgrade from 4.5.8 straight to 6.0.1.

Otherwise, another lot of minor fixes and nits I noted. And, in general, LGTM. I don't feel the need to see it again.

[djwfyi]

Tenant CRD text is linked to the Operator CRD. Should be ref to the tenant CRD, correct?

[ravindk89]

Errr they're basically the same. the Operator CRD page includes the entire Tenant CRD definition.

there are other CRDs so technically at some point we should deal with that, but its not being done yet.

[djwfyi]

Four.
They'll also need to manually delete the decommissioned storage. See operator/PR#2203.

[djwfyi]

Why are we keeping this tab?

[djwfyi]

Maybe call it kubectl instead of Operator Console?

[ravindk89]

Good question actually.

[ravindk89]

Oh the intent was to guide users away from it for existing installs, but that's handled in the upgrade docs.

[djwfyi]

The single quote marks look odd. I'd swap them for " or just drop the emphasis altogether.

[djwfyi]

Elsewhere, it seems like you can upgrade to 6.0.1 from 4.5.8.
However, lines 15 and 16 seem to imply that you have to be on 5.0.15 before upgrading to 6.0.1.

Which is it?

Also, line 19 should be 4.5.7 or earlier.

[ravindk89]

AFAIK we want users on 5.0.15 first before jumping. Changed this up.

[ravindk89]

@allanrogerr @cesnietor @pjuarezd final thoughts before I push tihs out? Staging updated

[allanrogerr]

Spelling

[allanrogerr]

PTAL

[allanrogerr]

LGTM