SFTP Option should allow a separate file allowed to be configured from a secret.

[Jeremy-Boyle]

Is your feature request related to a problem? Please describe.
Currently the SFTP private key is not configurable and would like to provide my own private key. Currently the SFTP uses the same console tls for SFTP.

Describe the solution you'd like
A value in the CRD that allows you to change the the value from a secret key / path , should automatically change the deployment and mount the secret to the path that is expected when provided.

Helm chart should also be updated to allow easy configuration of the tenants.

Describe alternatives you've considered
Not using minio operator

Suggestion:

spec:
  features:
    enableSFTP: true
    sftp:
      secretName: secret-name
      secretKey: (Default if not provided private.key)

Open to suggestions / changes happy to do the PR to support this.

[Jeremy-Boyle]

See

operator/pkg/resources/statefulsets/minio-statefulset.go

Lines 313 to 322 in 64cb15e

	if t.Spec.Features != nil && t.Spec.Features.EnableSFTP != nil && *t.Spec.Features.EnableSFTP {
	pkFile := filepath.Join(miniov2.MinIOCertPath, certs.PrivateKeyFile)
	args = append(args, []string{
	"--sftp", fmt.Sprintf("address=:%d", miniov2.MinIOSFTPPort),
	"--sftp", "ssh-private-key=" + pkFile,
	}...)
	containerPorts = append(containerPorts, v1.ContainerPort{
	ContainerPort: miniov2.MinIOSFTPPort,
	})
	}

[harshavardhana]

This is a very low priority for us. Feel free to work on this and send a PR yourself.

[cniackz]

We are going to keep it open, but we are still waiting for a PR if you have time to invest and thank you ❤️

[george-zubrienko]

You can add a volume mount with the secret, won't that suffice?