MINIO_CONSOLE_TLS_ENABLE - cniackz/public GitHub Wiki

MINIO_CONSOLE_TLS_ENABLE

MINIO_CONSOLE_TLS_ENABLE is the only variable that matters in Operator.

console.go

operator/pkg/controller/console.go

const (
    // ConsoleTLSEnv Env variable to turn on / off Console TLS.
    ConsoleTLSEnv = "MINIO_CONSOLE_TLS_ENABLE"
    // DefaultConsoleDeploymentName is the default name of the console deployment
    DefaultConsoleDeploymentName = "console"
    // OperatorConsoleTLSSecretName is the name of secret created with TLS certs for Operator console
    OperatorConsoleTLSSecretName = "console-tls"
)

// isOperatorConsoleTLS Internal func, reads MINIO_CONSOLE_TLS_ENABLE ENV to identify if Operator Console TLS is enabled, default "off"
func isOperatorConsoleTLS() bool {
    value, set := os.LookupEnv(ConsoleTLSEnv)
    // By default, Console TLS is NOT used.
    return set && value == "on"
}

main-controller.go

operator/pkg/controller/main-controller.go

    // 1) we need to make sure we have console TLS certificates (if enabled)
    if isOperatorConsoleTLS() {
        klog.Info("Waiting for Console TLS")
        go func() {
            if utils.GetOperatorRuntime() == common.OperatorRuntimeOpenshift {
                klog.Infof("Console TLS is enabled, skipping TLS certificate generation on Openshift deployment")
            } else {
                klog.Infof("Console TLS is enabled, starting console TLS certificate setup")

                err := c.recreateOperatorConsoleCertsIfRequired(ctx)
                if err != nil {
                    panic(err)
                }
                klog.Infof("Restarting Console pods")
                err = c.rolloutRestartDeployment(getConsoleDeploymentName())
                if err != nil {
                    klog.Errorf("Console deployment didn't restart: %s", err)
                }
            }
        }()
    } else {
        klog.Infof("Console TLS is not enabled")
    }