minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-09 13:02:53 +03:00
Code Activity

DOCS-1273: Operator 6.0.0 Deploy/Upgrade docs, removing Console references (#1284)

Browse Source 
Addresses #1273 

# Summary

This pass does three things:

1. Updates all tutorials related to Operator/Tenant deployment for
Kustomize and Helm
2. Removes references to Operator Console + updates to reference
Kustomize/Helm wherever possible
3. Slightly tidies up old or dangling references

This pass does not do these things:

- Link out heavily to Kubernetes docs (for later)
- Clean up organization (singleplat build handles this)
- Addresses OpenShift, Rancher, etc.

---------

Co-authored-by: Andrea Longo <feorlen@users.noreply.github.com>
Co-authored-by: Allan Roger Reid <allanrogerreid@gmail.com>
Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
This commit is contained in:
Ravind Kumar
2024-08-01 15:51:39 -04:00
committed by GitHub
parent 7722414e1b
commit 23253dd71c
20 changed files with 966 additions and 1383 deletions
Download Patch File Download Diff File Expand all files Collapse all files

325
source/operations/install-deploy-manage/deploy-minio-tenant-helm.rst
View File

@@ -22,7 +22,6 @@ You cannot use the MinIO Operator Tenant chart to deploy a Tenant independent of
.. important::
The MinIO Operator Tenant Chart is *distinct* from the community-managed :minio-git:`MinIO Chart <minio/tree/master/helm/minio>`.
The Community Helm Chart is built, maintained, and supported by the community.
@@ -56,111 +55,192 @@ Deploy a MinIO Tenant using Helm Charts
The following procedure deploys a MinIO Tenant using the MinIO Operator Chart Repository.
This method supports a simplified installation path compared to the :ref:`local chart installation <deploy-tenant-helm-local>`.
You can modify the Operator deployment after installation.
The following procedure uses Helm to deploy a MinIO Tenant using the official MinIO Tenant Chart.
.. important::
Do not use the ``kubectl krew`` or similar methods to update or manage the MinIO Tenant installation.
If you use Helm charts to deploy the Tenant, you must use Helm to manage that deployment.
If you use Helm to deploy a MinIO Tenant, you must use Helm to manage or upgrade that deployment.
Do not use ``kubectl krew``, Kustomize, or similar methods to manage or upgrade the MinIO Tenant.
#. Validate the Operator Repository Contents
This procedure is not exhaustive of all possible configuration options available in the :ref:`Tenant Chart <minio-tenant-chart-values>`.
It provides a baseline from which you can modify and tailor the Tenant to your requirements.
Use ``helm search`` to check the latest available chart version in the Operator Repo:
.. container:: procedure
.. code-block:: shell
:class: copyable
#. Verify your MinIO Operator Repo Configuration
helm search repo minio-operator
MinIO maintains a Helm-compatible repository at https://operator.min.io.
If the repository does not already exist in your local Helm configuration, add it before continuing:
The response should resemble the following:
.. code-block:: shell
:class: copyable
.. code-block:: shell
:class: copyable
helm repo add minio-operator https://operator.min.io
NAME CHART VERSION APP VERSION DESCRIPTION
minio-operator/minio-operator 4.3.7 v4.3.7 A Helm chart for MinIO Operator
minio-operator/operator 5.0.10 v5.0.10 A Helm chart for MinIO Operator
minio-operator/tenant 5.0.10 v5.0.10 A Helm chart for MinIO Operator
You can validate the repo contents using ``helm search``:
The ``minio-operator/minio-operator`` is a legacy chart and should **not** be installed under normal circumstances.
.. code-block:: shell
:class: copyable
If your ``minio-operator/operator`` version is behind the latest available chart, upgrade the operator *first*.
helm search repo minio-operator
#. Deploy the Helm Chart
The response should resemble the following:
Use the ``helm install`` command to deploy the Tenant Chart.
.. code-block:: shell
:class: copyable
:substitutions:
If you need to override values in the default :ref:`values <minio-tenant-chart-values>` file, you can use the ``--set`` operation for any single key-value.
Alternatively, specify your own ``values.yaml`` using the ``--f`` parameter to override multiple values at once:
NAME CHART VERSION APP VERSION DESCRIPTION
minio-operator/minio-operator 4.3.7 v4.3.7 A Helm chart for MinIO Operator
minio-operator/operator |operator-version-stable| v|operator-version-stable| A Helm chart for MinIO Operator
minio-operator/tenant |operator-version-stable| v|operator-version-stable| A Helm chart for MinIO Operator
.. code-block:: shell
:class: copyable
#. Create a local copy of the Helm ``values.yaml`` for modification
helm install \
--namespace MINIO_TENANT_NAMESPACE \
--create-namespace \
MINIO_TENANT_NAME minio-operator/tenant
.. code-block:: shell
:class: copyable
For details on the options available in the MinIO Tenant ``values.yaml``, see :ref:`minio-tenant-chart-values`.
curl -sLo values.yaml https://raw.githubusercontent.com/minio/operator/master/helm/tenant/values.yaml
Open the ``values.yaml`` object in your preferred text editor.
#. Validate the Tenant installation
Check the contents of the specified namespace to ensure all pods and services have started successfully.
.. code-block:: shell
:class: copyable
kubectl get all -n MINIO_TENANT_NAMESPACE
All pods and services should have a READY state before proceeding.
#. Expose the Tenant Console port
Use ``kubectl port-forward`` to temporarily forward traffic from the MinIO pod to your local machine:
.. code-block:: shell
:class: copyable
kubectl --namespace MINIO_TENANT_NAMESPACE port-forward svc/MINIO_TENANT_NAME-console 9443:9443
.. note::
#. Configure the Tenant topology
To configure long term access to the pod, configure :kube-docs:`Ingress <concepts/services-networking/ingress/>` or similar network control components within Kubernetes to route traffic to and from the pod.
Configuring Ingress is out of the scope for this documentation.
The following fields share the ``tenant.pools[0]`` prefix and control the number of servers, volumes per server, and storage class of all pods deployed in the Tenant:
.. list-table::
:header-rows: 1
:widths: 30 70
#. Login to the MinIO Console
* - Field
- Description
Access the Tenant's :ref:`minio-console` by navigating to ``http://localhost:9443`` in a browser.
Log in to the Console with the default credentials ``myminio | minio123``.
If you modified these credentials in the ``values.yaml`` specify those values instead.
* - ``servers``
- The number of MinIO pods to deploy in the Server Pool.
* - ``volumesPerServer``
- The number of persistent volumes to attach to each MinIO pod (``servers``).
The Operator generates ``volumesPerServer x servers`` Persistant Volume Claims for the Tenant.
* - ``storageClassName``
- The Kubernetes storage class to associate with the generated Persistent Volume Claims.
#. Expose the Tenant MinIO S3 API port
If no storage class exists matching the specified value *or* if the specified storage class cannot meet the requested number of PVCs or storage capacity, the Tenant may fail to start.
To test the MinIO Client :mc:`mc` from your local machine, forward the MinIO port and create an alias.
* - ``size``
- The amount of storage to request for each generated PVC.
* Forward the Tenant's MinIO port:
#. Configure Tenant Affinity or Anti-Affinity
.. code-block:: shell
:class: copyable
The Tenant Chart supports the following Kubernetes Selector, Affinity and Anti-Affinity configurations:
kubectl port-forward svc/MINIO_TENANT_NAME-hl 9000 -n MINIO_TENANT_NAMESPACE
- Node Selector (``tenant.nodeSelector``)
- Node/Pod Affinity or Anti-Affinity (``spec.pools[n].affinity``)
* Create an alias for the Tenant service:
MinIO recommends configuring Tenants with Pod Anti-Affinity to ensure that the Kubernetes schedule does not schedule multiple pods on the same worker node.
.. code-block:: shell
:class: copyable
If you have specific worker nodes on which you want to deploy the tenant, pass those node labels or filters to the ``nodeSelector`` or ``affinity`` field to constrain the scheduler to place pods on those nodes.
mc alias set myminio https://localhost:9000 minio minio123 --insecure
#. Configure Network Encryption
You can use :mc:`mc mb` to create a bucket on the Tenant:
.. code-block:: shell
:class: copyable
The MinIO Tenant CRD provides the following fields with which you can configure tenant TLS network encryption:
mc mb myminio/mybucket --insecure
.. list-table::
:header-rows: 1
:widths: 30 70
If you deployed your MinIO Tenant using TLS certificates minted by a trusted Certificate Authority (CA) you can omit the ``--insecure`` flag.
* - Field
- Description
* - ``tenant.certificate.requestAutoCert``
- Enable or disable MinIO :ref:`automatic TLS certificate generation <minio-tls>`.
Defaults to ``true`` or enabled if omitted.
* - ``tenant.certificate.certConfig``
- Customize the behavior of :ref:`automatic TLS <minio-tls>`, if enabled.
* - ``tenant.certificate.externalCertSecret``
- Enable TLS for multiple hostnames via Server Name Indication (SNI).
Specify one or more Kubernetes secrets of type ``kubernetes.io/tls`` or ``cert-manager``.
* - ``tenant.certificate.externalCACertSecret``
- Enable validation of client TLS certificates signed by unknown, third-party, or internal Certificate Authorities (CA).
Specify one or more Kubernetes secrets of type ``kubernetes.io/tls`` containing the full chain of CA certificates for a given authority.
#. Configure MinIO Environment Variables
You can set MinIO Server environment variables using the ``tenant.configuration`` field.
.. list-table::
:header-rows: 1
:widths: 30 70
* - Field
- Description
* - ``tenant.configuration``
- Specify a Kubernetes opaque secret whose data payload ``config.env`` contains each MinIO environment variable you want to set.
The ``config.env`` data payload **must** be a base64-encoded string.
You can create a local file, set your environment variables, and then use ``cat LOCALFILE | base64`` to create the payload.
The YAML includes an object ``kind: Secret`` with ``metadata.name: storage-configuration`` that sets the root username, password, erasure parity settings, and enables Tenant Console.
Modify this as needed to reflect your Tenant requirements.
#. Deploy the Tenant
Use ``helm`` to install the Tenant Chart using your ``values.yaml`` as an override:
.. code-block:: shell
:class: copyable
helm install \
--namespace TENANT-NAMESPACE \
--create-namespace \
--values values.yaml \
TENANT-NAME minio-operator/tenant
You can monitor the progress using the following command:
.. code-block:: shell
:class: copyable
watch kubectl get all -n TENANT-NAMESPACE
#. Expose the Tenant MinIO S3 API port
To test the MinIO Client :mc:`mc` from your local machine, forward the MinIO port and create an alias.
* Forward the Tenant's MinIO port:
.. code-block:: shell
:class: copyable
kubectl port-forward svc/TENANT-NAME-hl 9000 -n TENANT-NAMESPACE
* Create an alias for the Tenant service:
.. code-block:: shell
:class: copyable
mc alias set myminio https://localhost:9000 minio minio123 --insecure
You can use :mc:`mc mb` to create a bucket on the Tenant:
.. code-block:: shell
:class: copyable
mc mb myminio/mybucket --insecure
If you deployed your MinIO Tenant using TLS certificates minted by a trusted Certificate Authority (CA) you can omit the ``--insecure`` flag.
See :ref:`create-tenant-connect-tenant` for additional documentation on external connectivity to the Tenant.
.. _deploy-tenant-helm-local:
@@ -182,8 +262,78 @@ This method may support easier pre-configuration of the Tenant compared to the :
Each chart contains a ``values.yaml`` file you can customize to suit your needs.
For details on the options available in the MinIO Tenant ``values.yaml``, see :ref:`minio-tenant-chart-values`.
For example, you may wish to change the MinIO root user credentials or the Tenant name.
For more about customizations, see `Helm Charts <https://helm.sh/docs/topics/charts/>`__.
Open the ``values.yaml`` object in your preferred text editor.
#. Configure the Tenant topology
The following fields share the ``tenant.pools[0]`` prefix and control the number of servers, volumes per server, and storage class of all pods deployed in the Tenant:
.. list-table::
:header-rows: 1
:widths: 30 70
* - Field
- Description
* - ``servers``
- The number of MinIO pods to deploy in the Server Pool.
* - ``volumesPerServer``
- The number of persistent volumes to attach to each MinIO pod (``servers``).
The Operator generates ``volumesPerServer x servers`` Persistant Volume Claims for the Tenant.
* - ``storageClassName``
- The Kubernetes storage class to associate with the generated Persistent Volume Claims.
If no storage class exists matching the specified value *or* if the specified storage class cannot meet the requested number of PVCs or storage capacity, the Tenant may fail to start.
* - ``size``
- The amount of storage to request for each generated PVC.
#. Configure Tenant Affinity or Anti-Affinity
The Tenant Chart supports the following Kubernetes Selector, Affinity and Anti-Affinity configurations:
- Node Selector (``tenant.nodeSelector``)
- Node/Pod Affinity or Anti-Affinity (``spec.pools[n].affinity``)
MinIO recommends configuring Tenants with Pod Anti-Affinity to ensure that the Kubernetes schedule does not schedule multiple pods on the same worker node.
If you have specific worker nodes on which you want to deploy the tenant, pass those node labels or filters to the ``nodeSelector`` or ``affinity`` field to constrain the scheduler to place pods on those nodes.
#. Configure Network Encryption
The MinIO Tenant CRD provides the following fields from which you can configure tenant TLS network encryption:
.. list-table::
:header-rows: 1
:widths: 30 70
* - Field
- Description
* - ``tenant.certificate.requestAutoCert``
- Enables or disables MinIO :ref:`automatic TLS certificate generation <minio-tls>`
* - ``tenant.certificate.certConfig``
- Controls the settings for :ref:`automatic TLS <minio-tls>`.
Requires ``spec.requestAutoCert: true``
* - ``tenant.certificate.externalCertSecret``
- Specify one or more Kubernetes secrets of type ``kubernetes.io/tls`` or ``cert-manager``.
MinIO uses these certificates for performing TLS handshakes based on hostname (Server Name Indication).
* - ``tenant.certificate.externalCACertSecret``
- Specify one or more Kubernetes secrets of type ``kubernetes.io/tls`` with the Certificate Authority (CA) chains which the Tenant must trust for allowing client TLS connections.
#. Configure MinIO Environment Variables
You can set MinIO Server environment variables using the ``tenant.configuration`` field.
The field must specify a Kubernetes opaque secret whose data payload ``config.env`` contains each MinIO environment variable you want to set.
The YAML includes an object ``kind: Secret`` with ``metadata.name: storage-configuration`` that sets the root username, password, erasure parity settings, and enables Tenant Console.
Modify this as needed to reflect your Tenant requirements.
#. The following Helm command creates a MinIO Tenant using the standard chart:
@@ -192,32 +342,13 @@ This method may support easier pre-configuration of the Tenant compared to the :
:substitutions:
helm install \
--namespace MINIO_TENANT_NAMESPACE \
--namespace TENANT-NAMESPACE \
--create-namespace \
MINIO_TENANT_NAME tenant-|operator-version-stable|.tgz
TENANT-NAME tenant-|operator-version-stable|.tgz
To deploy more than one Tenant, create a Helm chart with the details of the new Tenant and repeat the deployment steps.
Redeploying the same chart updates the previously deployed Tenant.
#. Expose the Tenant Console port
Use ``kubectl port-forward`` to temporarily forward traffic from the MinIO pod to your local machine:
.. code-block:: shell
:class: copyable
kubectl --namespace MINIO_TENANT_NAMESPACE port-forward svc/myminio-console 9443:9443
.. note::
To configure long term access to the pod, configure :kube-docs:`Ingress <concepts/services-networking/ingress/>` or similar network control components within Kubernetes to route traffic to and from the pod.
Configuring Ingress is out of the scope for this documentation.
#. Login to the MinIO Console
Access the Tenant's :ref:`minio-console` by navigating to ``http://localhost:9443`` in a browser.
Log in to the Console with the default credentials ``myminio | minio123``.
#. Expose the Tenant MinIO port
To test the MinIO Client :mc:`mc` from your local machine, forward the MinIO port and create an alias.
@@ -227,7 +358,7 @@ This method may support easier pre-configuration of the Tenant compared to the :
.. code-block:: shell
:class: copyable
kubectl port-forward svc/MINIO_TENANT_NAME-hl 9000 -n MINIO_TENANT_NAMESPACE
kubectl port-forward svc/TENANT-NAME-hl 9000 -n TENANT-NAMESPACE
* Create an alias for the Tenant service:
@@ -246,3 +377,5 @@ This method may support easier pre-configuration of the Tenant compared to the :
:class: copyable
mc mb myminio/mybucket --insecure
See :ref:`create-tenant-connect-tenant` for additional documentation on external connectivity to the Tenant.