minio
diff --git a/‎.github/workflows/ui.yaml
+1-1 b/‎.github/workflows/ui.yaml
+1-1
diff --git a/‎README.md
+98-65 b/‎README.md
+98-65
diff --git a/‎api/tenants_test.go
+13-13 b/‎api/tenants_test.go
+13-13
diff --git a/‎docs/cert-manager.md
+10-5 b/‎docs/cert-manager.md
+10-5
diff --git a/‎docs/custom-name-templates.md
+11-6 b/‎docs/custom-name-templates.md
+11-6
diff --git a/‎docs/examples.md
+44-23 b/‎docs/examples.md
+44-23
@@ -368,7 +368,7 @@ jobs:
           curl -sLO "https://dl.k8s.io/release/v1.23.1/bin/linux/amd64/kubectl" -o kubectl
           chmod +x kubectl
           mv kubectl /usr/local/bin
-          "${GITHUB_WORKSPACE}/tests/deploy-tenant.sh"
+          "${GITHUB_WORKSPACE}/tests/start-tests-tenant.sh"
           echo "start ---> make test-operator-integration";
           make test-operator-integration;
 
 
@@ -1012,7 +1012,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				operatorClient: opClient,
 				httpCl:         httpClientM,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1037,7 +1037,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				operatorClient: opClient,
 				httpCl:         httpClientM,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1062,7 +1062,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				operatorClient: opClient,
 				httpCl:         httpClientM,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error) {
 					return nil, errors.New("error-get")
 				},
@@ -1073,7 +1073,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 					return &http.Response{}, nil
 				},
 				params: operator_api.UpdateTenantParams{
-					Tenant: "minio-tenant",
+					Tenant: "myminio",
 					Body: &models.UpdateTenantRequest{
 						Image: "minio/minio:RELEASE.2023-01-06T18-11-18Z",
 					},
@@ -1088,7 +1088,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				operatorClient: opClient,
 				httpCl:         httpClientM,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1102,7 +1102,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 					}, nil
 				},
 				params: operator_api.UpdateTenantParams{
-					Tenant: "minio-tenant",
+					Tenant: "myminio",
 					Body: &models.UpdateTenantRequest{
 						Image: "",
 					},
@@ -1117,7 +1117,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				operatorClient: opClient,
 				httpCl:         httpClientM,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1128,7 +1128,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 					return nil, errors.New("error")
 				},
 				params: operator_api.UpdateTenantParams{
-					Tenant: "minio-tenant",
+					Tenant: "myminio",
 					Body: &models.UpdateTenantRequest{
 						Image: "",
 					},
@@ -1143,7 +1143,7 @@ func Test_UpdateTenantAction(t *testing.T) {
 				operatorClient: opClient,
 				httpCl:         httpClientM,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantPatch: func(ctx context.Context, namespace string, tenantName string, pt types.PatchType, data []byte, options metav1.PatchOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1199,7 +1199,7 @@ func Test_UpdateDomainsResponse(t *testing.T) {
 				ctx:            context.Background(),
 				operatorClient: opClient,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1219,7 +1219,7 @@ func Test_UpdateDomainsResponse(t *testing.T) {
 				ctx:            context.Background(),
 				operatorClient: opClient,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1239,7 +1239,7 @@ func Test_UpdateDomainsResponse(t *testing.T) {
 				ctx:            context.Background(),
 				operatorClient: opClient,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
@@ -1273,7 +1273,7 @@ func Test_UpdateDomainsResponse(t *testing.T) {
 				ctx:            context.Background(),
 				operatorClient: opClient,
 				nameSpace:      "default",
-				tenantName:     "minio-tenant",
+				tenantName:     "myminio",
 				mockTenantUpdate: func(ctx context.Context, tenant *miniov2.Tenant, options metav1.UpdateOptions) (*miniov2.Tenant, error) {
 					return &miniov2.Tenant{}, nil
 				},
 
@@ -1,18 +1,23 @@
 # MinIO tenant with cert-manager [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
 
-This document explains how to deploy a MinIO tenant using certificates generated by [cert-manager](https://cert-manager.io/).
+This document explains how to deploy a MinIO tenant using certificates generated
+by [cert-manager](https://cert-manager.io/).
 
 ## Getting Started
 
 ### Prerequisites
 
-- Kubernetes version `+v1.19`. While cert-manager supports [earlier K8s versions](https://cert-manager.io/docs/installation/supported-releases/), the MinIO Operator requires 1.19 or later.
+- Kubernetes version `+v1.19`. While cert-manager
+  supports [earlier K8s versions](https://cert-manager.io/docs/installation/supported-releases/), the MinIO Operator
+  requires 1.19 or later.
 - MinIO Operator installed
 - `kubectl` access to your `k8s` cluster
 - [cert-manager](https://cert-manager.io/docs/installation/) 1.7.X or later installed
+
 ```bash
 kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.7.2/cert-manager.yaml
 ```
+
 - [kustomize](https://kustomize.io/) installed
 
 ### Deploy tenant
@@ -24,7 +29,6 @@ the operator project and run the following command.
 kustomize build examples/kustomization/tenant-certmanager | kubectl apply -f -
 ```
 
-
 This file request `cert-manager` to issue a new certificate based on the following internal domains.
 
 ```yaml
@@ -36,12 +40,13 @@ metadata:
 spec:
   dnsNames:
     - "*.tenant-certmanager.svc.cluster.local"
-    - "*.storage-certmanager.tenant-certmanager.svc.cluster.local"
-    - "*.storage-certmanager-hl.tenant-certmanager.svc.cluster.local"
+    - "*.myminio.tenant-certmanager.svc.cluster.local"
+    - "*.myminio-hl.tenant-certmanager.svc.cluster.local"
   secretName: tenant-certmanager-tls
   issuerRef:
     name: tenant-certmanager-issuer
 ```
+
 Then it creates a new tenant including the new `tenant-certmanager-tls` secret in the `externalCertSecret` field.
 
 ```yaml
 
@@ -1,17 +1,22 @@
 # Custom Hostname Discovery [![Slack](https://slack.min.io/slack?type=svg)](https://slack.min.io)
 
-This document explains how to control the names used for host discovery. This allows us to discover hosts using external name services, which is useful for serving with trusted certificates.
+This document explains how to control the names used for host discovery. This allows us to discover hosts using external
+name services, which is useful for serving with trusted certificates.
 
 ## Getting Started
 
-If MinIO Tenant is named `tenant1`, then the four servers will be called `tenant1-pool-0-0`, `tenant1-pool-0-1`, `tenant1-pool-0-2`, and `tenant1-pool-0-3`.  If all of your hosts are available at the domain `example.com` then you can use the `--hosts-template` flag in [MinIO Operator Deployment yaml](https://github.com/minio/operator/blob/master/minio-operator.yaml) to update discovery. This will generate the discovery string `tenant1-pool-0-{0...3}.example.com`.
+If MinIO Tenant is named `tenant1`, then the four servers will be
+called `myminio-pool-0-0`, `myminio-pool-0-1`, `myminio-pool-0-2`, and `myminio-pool-0-3`. If all of your hosts are
+available at the domain `example.com` then you can use the `--hosts-template` flag
+in [MinIO Operator Deployment yaml](https://github.com/minio/operator/blob/master/minio-operator.yaml) to update
+discovery. This will generate the discovery string `myminio-pool-0-{0...3}.example.com`.
 
 ```yaml
   containers:
-  - command:
-    - /operator
-    - --hosts-template
-    - '{{.StatefulSet}}-{{.Ellipsis}}.example.com'
+    - command:
+        - /operator
+        - --hosts-template
+        - '{{.StatefulSet}}-{{.Ellipsis}}.example.com'
 ```
 
 The following fields can be configured:
 
@@ -1,14 +1,17 @@
 # Tenant deployment examples with kustomize
 
-This document explains various yaml files listed in the [examples directory](https://github.com/minio/operator/tree/master/examples/kustomization) used to deploy a Tenant using MinIO Operator.
+This document explains various yaml files listed in
+the [examples directory](https://github.com/minio/operator/tree/master/examples/kustomization) used to deploy a Tenant
+using MinIO Operator.
 
 ### Prerequisites
 
 - kustomize/v4.3.0 https://kubectl.docs.kubernetes.io/installation/kustomize/
 
 ## MinIO Tenant with AutoCert TLS
 
-MinIO Operator can automatically generate TLS secrets and mount these secrets to the MinIO, Console, and/or KES pods (enabled by default). To disable this, set the `requestAutoCert` field to `false`.
+MinIO Operator can automatically generate TLS secrets and mount these secrets to the MinIO, Console, and/or KES pods (
+enabled by default). To disable this, set the `requestAutoCert` field to `false`.
 
 You can deploy the pre-configured example by running the following command:
 
@@ -35,14 +38,16 @@ This example will deploy a MinIO tenant with Server Side Encryption using KES an
 - Enable role auth: `vault auth enable approle`
 - Enable secrets k/v: `vault secrets enable kv`
 - Create a new `KES` policy: `vault policy write kes-policy examples/vault/kes-policy.hcl`
-- Create a new `KES` role based on the `KES` policy: `vault write auth/approle/role/kes-role token_num_uses=0 secret_id_num_uses=0 period=5m policies=kes-policy`
+- Create a new `KES` role based on the `KES`
+  policy: `vault write auth/approle/role/kes-role token_num_uses=0 secret_id_num_uses=0 period=5m policies=kes-policy`
 - Get the `app-role-id` and write it down: `vault read auth/approle/role/kes-role/role-id`
 - Get the `app-role-secret-id` and write it down: `vault write -f auth/approle/role/kes-role/secret-id`
 
 ### Getting Started
 
 - Open `examples/kustomization/tenant-kes-encryption/kes-configuration-secret.yaml`
-- In the  `Vault` configuration replace `<YOUR APPROLE ID HERE>` for your `app-role-id`, `<YOUR APPROLE SECRET ID HERE>` for your `app-role-secret-id`.
+- In the  `Vault` configuration replace `<YOUR APPROLE ID HERE>` for your `app-role-id`, `<YOUR APPROLE SECRET ID HERE>`
+  for your `app-role-secret-id`.
 
 You can deploy a preconfigured example by running the following command:
 
@@ -67,24 +72,27 @@ This example will deploy a MinIO tenant with TLS using certificates provided by
 
 ### Prerequisites
 
-- You can generate certificates using `Vault CA`, `Openssl` or `Mkcert`, for this example we will use https://github.com/FiloSottile/mkcert
-- Assuming your Tenant name is `storage` and your namespace is `minio-tenant` you should generate the following certificate keypairs:
+- You can generate certificates using `Vault CA`, `Openssl` or `Mkcert`, for this example we will
+  use https://github.com/FiloSottile/mkcert
+- Assuming your Tenant name is `myminio` and your namespace is `minio-tenant` you should generate the following
+  certificate keypairs:
 
   ```sh
     mkcert "*.minio-tenant.svc.cluster.local"
-    mkcert "*.storage.minio-tenant.svc.cluster.local"
-    mkcert "*.storage-hl.minio-tenant.svc.cluster.local"
+    mkcert "*.myminio.minio-tenant.svc.cluster.local"
+    mkcert "*.myminio-hl.minio-tenant.svc.cluster.local"
   ```
-  
-`MinIO` will use `*.minio-tenant.svc.cluster.local`, `*.storage.minio-tenant.svc.cluster.local` and `*.storage-hl.minio-tenant.svc.cluster.local` certificates for
+
+`MinIO` will use `*.minio-tenant.svc.cluster.local`, `*.myminio.minio-tenant.svc.cluster.local`
+and `*.myminio-hl.minio-tenant.svc.cluster.local` certificates for
 inter-node communication.
 
 Create `kubernetes secrets`  based on the previous certificates
 
 ```$xslt
 kubectl create secret tls minio-tls-cert --key="_wildcard.minio-tenant.svc.cluster.local-key.pem" --cert="_wildcard.minio-tenant.svc.cluster.local.pem" -n minio-tenant
-kubectl create secret tls minio-buckets-cert --key="_wildcard.storage.minio-tenant.svc.cluster.local-key.pem" --cert="_wildcard.storage.minio-tenant.svc.cluster.local.pem" -n minio-tenant
-kubectl create secret tls minio-hl-cert --key="_wildcard.storage-hl.minio-tenant.svc.cluster.local-key.pem" --cert="_wildcard.storage-hl.minio-tenant.svc.cluster.local.pem" -n minio-tenant
+kubectl create secret tls minio-buckets-cert --key="_wildcard.myminio.minio-tenant.svc.cluster.local-key.pem" --cert="_wildcard.myminio.minio-tenant.svc.cluster.local.pem" -n minio-tenant
+kubectl create secret tls minio-hl-cert --key="_wildcard.myminio-hl.minio-tenant.svc.cluster.local-key.pem" --cert="_wildcard.myminio-hl.minio-tenant.svc.cluster.local.pem" -n minio-tenant
 ```
 
 You need to provide those `kubernetes secrets` in your Tenant `YAML` overlay using the `externalCertSecret` fields, ie:
@@ -104,25 +112,32 @@ You can deploy a preconfigured example by running the following command:
 ```$xslt
 kustomize build examples/kustomization/base | kubectl apply -f -
 ```
-You can include all the certificates that you want in your Tenant and `MinIO` will serve them to its client via [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication) 
+
+You can include all the certificates that you want in your Tenant and `MinIO` will serve them to its client
+via [SNI](https://en.wikipedia.org/wiki/Server_Name_Indication)
 
 ## MinIO Tenant with TLS via customer provided certificates and Encryption enabled via Vault KMS
 
-This example will deploy a minio tenant using mTLS certificates (authentication between `MinIO` and `KES`) provided by the user, the data will be encrypted at rest
+This example will deploy a minio tenant using mTLS certificates (authentication between `MinIO` and `KES`) provided by
+the user, the data will be encrypted at rest
 
 ### Prerequisites
 
 - Configure `Vault` the same way as in the first example
 - Set the `app-role-id`, the `app-role-secret-id` and `key-prefix` in your KES configuration `YAML` file
-- Assuming your Tenant name is `storage-kms-encrypted` and namespace is `tenant-kms-encrypted` create all the certificates and secrets as in the previous step
-- Generate new `KES` identity keypair (https://github.com/minio/kes), this is needed it for the authentication, `mTLS` between `MinIO` and `KES`:
+- Assuming your Tenant name is `myminio` and namespace is `tenant-kms-encrypted` create all the certificates and
+  secrets as in the previous step
+- Generate new `KES` identity keypair (https://github.com/minio/kes), this is needed it for the authentication, `mTLS`
+  between `MinIO` and `KES`:
 
   ```sh
     kes tool identity new --key="./app.key" --cert="app.cert" app
   ```
 
-- Using the generated `app.key` and `app.cert` create a new kubernetes secret: `kubectl create secret tls minio-kes-mtls --key="app.key" --cert="app.cert"` -n tenant-kms-encrypted
-  and provide that secret in the `externalClientCertSecret` field of your tenant `YAML` overlay (if the field doesn't exist add it)
+- Using the generated `app.key` and `app.cert` create a new kubernetes
+  secret: `kubectl create secret tls minio-kes-mtls --key="app.key" --cert="app.cert"` -n tenant-kms-encrypted
+  and provide that secret in the `externalClientCertSecret` field of your tenant `YAML` overlay (if the field doesn't
+  exist add it)
 
   ```$xslt
   spec:
@@ -133,7 +148,8 @@ This example will deploy a minio tenant using mTLS certificates (authentication
   ```
 
 - Calculate the `app.cert` identity using `KES`: `kes tool identity of app.cert`, copy the resulting hash and open your
-  KES configuration `YAML` (`kes-configuration-secret.yaml`) file and replace `${MINIO_KES_IDENTITY}` for the `bda5d8b6531d2f3bcd64e5ec73841bcb23ecb57b19c5f814e491ea2b2088995c` string, you can
+  KES configuration `YAML` (`kes-configuration-secret.yaml`) file and replace `${MINIO_KES_IDENTITY}` for
+  the `bda5d8b6531d2f3bcd64e5ec73841bcb23ecb57b19c5f814e491ea2b2088995c` string, you can
   add additional identities using this array, ie:
 
   ```$xslt
@@ -146,7 +162,7 @@ This example will deploy a minio tenant using mTLS certificates (authentication
         identities:
         - bda5d8b6531d2f3bcd64e5ec73841bcb23ecb57b19c5f814e491ea2b2088995c
   ```
-  
+
 ### Getting Started
 
 You can deploy a pre-configured example by running the following command:
@@ -158,13 +174,18 @@ kustomize build examples/kustomization/tenant-kes-encryption | kubectl apply -f
 ## MinIO Tenant with Services expose through NodePort
 
 MinIO Operator can automatically generate `LoadBalancer` and `ClusterIP` type services when deploying tenants, however
-there is one more way to expose your services in case you don't want to deal with `load balancers` or `ingress` configurations and
-that is `NodePort`. NodePort type services will be accessible by opening a port on each Kubernetes cluster node, read more about [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).
+there is one more way to expose your services in case you don't want to deal with `load balancers` or `ingress`
+configurations and
+that is `NodePort`. NodePort type services will be accessible by opening a port on each Kubernetes cluster node, read
+more about [NodePort](https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport).
 
 ```$xslt
 kustomize build examples/kustomization/tenant-nodeport  | kubectl apply -f -
 ```
 
 ### Additional Examples
 
-For additional examples on how to deploy a tenant with [LDAP](https://min.io/docs/minio/kubernetes/upstream/operations/external-iam/configure-ad-ldap-external-identity-management.html) or [OIDC](https://min.io/docs/minio/kubernetes/upstream/operations/external-iam/configure-openid-external-identity-management.html) you can look at the [examples directory](https://github.com/minio/operator/tree/master/examples/kustomization)
+For additional examples on how to deploy a tenant
+with [LDAP](https://min.io/docs/minio/kubernetes/upstream/operations/external-iam/configure-ad-ldap-external-identity-management.html)
+or [OIDC](https://min.io/docs/minio/kubernetes/upstream/operations/external-iam/configure-openid-external-identity-management.html)
+you can look at the [examples directory](https://github.com/minio/operator/tree/master/examples/kustomization)