Split Sidecar to it's own container (#2105)

Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Signed-off-by: pjuarezd <pjuarezd@users.noreply.github.com> Co-authored-by: Pedro Juarez <pjuarezd@users.noreply.github.com>
minio · May 21, 2024 · 56c1e35 · 56c1e35
1 parent 77bb482
commit 56c1e35
Show file tree

Hide file tree

Showing 23 changed files with 1,460 additions and 64 deletions.
diff --git a/.github/workflows/kubernetes-tests.yml b/.github/workflows/kubernetes-tests.yml
@@ -100,6 +100,83 @@ jobs:
       - name: Go Test
         run: |
           make gotest
+  lint-sidecar:
+    timeout-minutes: 30
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Lint
+        working-directory: ./sidecar
+        run: |
+          make lint
+  govet-sidecar:
+    timeout-minutes: 30
+    runs-on: ${{ matrix.os }}
+    strategy:
+      matrix:
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: govet
+        working-directory: ./sidecar
+        run: |
+          make govet
+  vulnerable-dependencies-checks-sidecar:
+    timeout-minutes: 30
+    name: "Check for vulnerable dependencies in sidecar"
+    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        go-version: [ 1.21.x ]
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+          cache: true
+          check-latest: true
+      - name: Get govulncheck
+        run: go install golang.org/x/vuln/cmd/govulncheck@latest
+        shell: bash
+      - name: Run govulncheck
+        working-directory: ./sidecar
+        run: govulncheck ./...
+        shell: bash
+  gotest-sidecar:
+    timeout-minutes: 30
+    runs-on: ${{ matrix.os }}
+    needs:
+      - lint-sidecar
+      - vulnerable-dependencies-checks-sidecar
+      - govet-sidecar
+    strategy:
+      matrix:
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - name: Go Test
+        working-directory: ./sidecar
+        run: |
+          make gotest
   operator:
     timeout-minutes: 30
     runs-on: ${{ matrix.os }}
@@ -127,11 +204,39 @@ jobs:
       - name: Operator Binary
         run: |
           make operator
+  sidecar:
+    timeout-minutes: 30
+    runs-on: ${{ matrix.os }}
+    needs:
+      - lint-sidecar
+      - vulnerable-dependencies-checks-sidecar
+      - govet-sidecar
+    strategy:
+      matrix:
+        go-version: [ 1.21.x ]
+        os: [ ubuntu-latest ]
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-go@v4
+        with:
+          go-version: ${{ matrix.go-version }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
+      - name: Operator Binary
+        working-directory: ./sidecar
+        run: |
+          make sidecar
   test-tenant:
     timeout-minutes: 30
     runs-on: ${{ matrix.os }}
     needs:
       - operator
+      - sidecar
     strategy:
       matrix:
         go-version: [ 1.21.x ]
@@ -148,6 +253,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       - name: Deploy Tenant
         run: |
           "${GITHUB_WORKSPACE}/testing/deploy-tenant.sh"
@@ -172,6 +283,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       - name: Tenant upgrade test on Kind
         run: |
           "${GITHUB_WORKSPACE}/testing/deploy-tenant-upgrade.sh"
@@ -196,6 +313,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       - name: Tenant KES
         run: |
           "${GITHUB_WORKSPACE}/testing/console-tenant+kes.sh"
@@ -219,6 +342,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       - name: Deploy Tenant with cert-manager
         run: |
           "${GITHUB_WORKSPACE}/testing/deploy-cert-manager-tenant.sh"
@@ -252,6 +381,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       - name: Test PolicyBinding CRD and sts call on kind
         run: |
           "${GITHUB_WORKSPACE}/testing/test-policy-binding.sh"
@@ -279,6 +414,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       # Runs a set of commands using the runners shell
       - name: Deploy a MinIO Tenant on Kind
         run: |
@@ -310,7 +451,12 @@ jobs:
           path: |
             ./minio-operator
           key: ${{ runner.os }}-binary-${{ github.run_id }}
-
+      - uses: actions/cache@v3
+        name: Operator Sidecar Binary Cache
+        with:
+          path: |
+            ./minio-operator-sidecar
+          key: ${{ runner.os }}-sidecar-binary-${{ github.run_id }}
       # Runs a set of commands using the runners shell
       - name: Deploy a MinIO Tenant on Kind
         env:

diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 operator
 minio-operator
+minio-operator-sidecar
 !minio-operator/
 !operator/
 !tenant/

diff --git a/.goreleaser.yml b/.goreleaser.yml
@@ -29,10 +29,29 @@ builds:
     env:
       - CGO_ENABLED=0
     main: ./cmd/operator/
+    dir: .
+    id: minio-operator
     ldflags:
       - -s -w -X github.com/minio/operator/pkg.ReleaseTag={{.Tag}} -X github.com/minio/operator/pkg.CommitID={{.FullCommit}} -X github.com/minio/operator/pkg.Version={{.Version}} -X github.com/minio/operator/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/operator/pkg.ReleaseTime={{.Date}}
     flags:
       - -trimpath
+  - goos:
+      - linux
+    goarch:
+      - arm64
+      - amd64
+      - ppc64le
+      - s390x
+    env:
+      - CGO_ENABLED=0
+    id: minio-operator-sidecar
+    dir: sidecar/
+    binary: minio-operator-sidecar
+    main: ./cmd/sidecar/
+    ldflags:
+      - -s -w -X github.com/minio/operator/pkg.ReleaseTag={{.Tag}} -X github.com/minio/operator/pkg.CommitID={{.FullCommit}} -X github.com/minio/operator/sidecar/pkg.Version={{.Version}} -X github.com/minio/operator/sidecar/pkg.ShortCommitID={{.ShortCommit}} -X github.com/minio/operator/pkg.ReleaseTime={{.Date}}
+    flags:
+      - -trimpath
 
 archives:
   - allow_different_binary_count: true
@@ -127,6 +146,94 @@ dockers:
     build_flag_templates:
       - "--platform=linux/arm64"
       - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "minio/operator-sidecar:{{ .Tag }}-amd64"
+    use: buildx
+    goarch: amd64
+    dockerfile: sidecar/Dockerfile
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "minio/operator-sidecar:{{ .Tag }}-ppc64le"
+    use: buildx
+    dockerfile: sidecar/Dockerfile
+    goarch: ppc64le
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/ppc64le"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "minio/operator-sidecar:{{ .Tag }}-s390x"
+    use: buildx
+    goarch: s390x
+    dockerfile: sidecar/Dockerfile
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/s390x"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "minio/operator-sidecar:{{ .Tag }}-arm64"
+    use: buildx
+    goarch: arm64
+    dockerfile: sidecar/Dockerfile
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/arm64"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "quay.io/minio/operator-sidecar:{{ .Tag }}-amd64"
+    use: buildx
+    goarch: amd64
+    dockerfile: sidecar/Dockerfile
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/amd64"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "quay.io/minio/operator-sidecar:{{ .Tag }}-ppc64le"
+    use: buildx
+    dockerfile: sidecar/Dockerfile
+    goarch: ppc64le
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/ppc64le"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "quay.io/minio/operator-sidecar:{{ .Tag }}-s390x"
+    use: buildx
+    goarch: s390x
+    dockerfile: sidecar/Dockerfile
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/s390x"
+      - "--build-arg=TAG={{ .Tag }}"
+  - image_templates:
+      - "quay.io/minio/operator-sidecar:{{ .Tag }}-arm64"
+    use: buildx
+    goarch: arm64
+    dockerfile: sidecar/Dockerfile
+    extra_files:
+      - LICENSE
+      - CREDITS
+    build_flag_templates:
+      - "--platform=linux/arm64"
+      - "--build-arg=TAG={{ .Tag }}"
 docker_manifests:
   - name_template: minio/operator:{{ .Tag }}
     image_templates:
@@ -140,3 +247,15 @@ docker_manifests:
       - quay.io/minio/operator:{{ .Tag }}-arm64
       - quay.io/minio/operator:{{ .Tag }}-ppc64le
       - quay.io/minio/operator:{{ .Tag }}-s390x
+  - name_template: minio/operator-sidecar:{{ .Tag }}
+    image_templates:
+      - minio/operator-sidecar:{{ .Tag }}-amd64
+      - minio/operator-sidecar:{{ .Tag }}-arm64
+      - minio/operator-sidecar:{{ .Tag }}-ppc64le
+      - minio/operator-sidecar:{{ .Tag }}-s390x
+  - name_template: quay.io/minio/operator-sidecar:{{ .Tag }}
+    image_templates:
+      - quay.io/minio/operator-sidecar:{{ .Tag }}-amd64
+      - quay.io/minio/operator-sidecar:{{ .Tag }}-arm64
+      - quay.io/minio/operator-sidecar:{{ .Tag }}-ppc64le
+      - quay.io/minio/operator-sidecar:{{ .Tag }}-s390x
diff --git a/cmd/operator/app_commands.go b/cmd/operator/app_commands.go
@@ -20,7 +20,5 @@ import (
 
 var appCmds = []cli.Command{
 	controllerCmd,
-	sidecarCmd,
-	validateCmd,
 	uiCmd,
 }