Adding OpenShift Platform (#577)

# Summary This pull adds back the OpenShift docs as a full dedicated platform The main changes are: - Adding the conditionals for OpenShift - Modifying the Makefile for the new platform - Adding the tutorials back in - Fixing up the navigation headers This was not too much trouble, which bodes well for the future.
2025-07-28 19:42:10 +03:00 · 2022-09-29 10:37:08 -04:00
parent 51da56df3c
commit 32366b2a15
20 changed files with 851 additions and 323 deletions
--- a/10
+++ b/10
@ -73,6 +73,14 @@ k8s:
 	@npm run build
 	@$(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)/$@" $(SPHINXOPTS) $(O) -t $@
 openshift:
 	@cp source/default-conf.py source/conf.py
 	@make sync-operator-version
 	@make sync-minio-version
 	@make sync-kes-version
 	@npm run build
 	@$(SPHINXBUILD) -M html "$(SOURCEDIR)" "$(BUILDDIR)/$(GITDIR)/$@" $(SPHINXOPTS) $(O) -t $@ -t k8s
 container:
 	@cp source/default-conf.py source/conf.py
 	@make sync-minio-version
@ -152,6 +160,6 @@ sync-deps:
 # "make mode" option.  $(O) is meant as a shortcut for $(SPHINXOPTS).
 %: Makefile
 	@echo -e "Specify one of the following supported build outputs"
-	@echo -e "- make linux\n- make macos\n- make windows\n- make k8s\n- make container"
+	@echo -e "- make linux\n- make macos\n- make windows\n- make k8s\n- make openshift\n- make container"
 	@echo -e "Clean targets with 'make clean-<target>'"
 	@echo -e "Clean all targets with `make clean`"
--- a/build-docs.sh
+++ b/build-docs.sh
@ -10,13 +10,17 @@ nvm use stable
 export PATH=${PATH}:${HOME}/.local/bin
 make clean
-SYNC_SDK=TRUE make linux
+make SYNC_SDK=TRUE linux
-make windows macos container k8s
+make windows macos container k8s openshift
 sudo rm -rf /var/www/docs/minio/kubernetes/upstream
 sudo mkdir -p /var/www/docs/minio/kubernetes/upstream
 sudo cp -vr build/${branch}/k8s/html/* /var/www/docs/minio/kubernetes/upstream/
 sudo rm -rf /var/www/docs/minio/kubernetes/openshift
 sudo mkdir -p /var/www/docs/minio/kubernetes/openshift
 sudo cp -vr build/${branch}/openshift/html/* /var/www/docs/minio/kubernetes/openshift/
 sudo rm -rf /var/ww/docs/minio/container
 sudo mkdir -p /var/www/docs/minio/container
 sudo cp -vr build/${branch}/container/html/* /var/www/docs/minio/container/
--- a/source/_templates/platform-navigation.html
+++ b/source/_templates/platform-navigation.html
@ -37,7 +37,16 @@
            </button>
        </nav>
    </div>
-    
+
    <div class="content__nav__dropdown">
      <div class="container">
         <nav id="cn-kubernetes" class="{{ 'active' if doc_platform == 'kubernetes' or doc_platform == 'openshift' }}">
            <a href="" class="{{ 'active' if doc_platform == 'kubernetes' }}">Upstream</a>
            <a href="" class="{{ 'active' if doc_platform == 'openshift' }}">Redhat Openshift</a>
          </nav>
      </div>
    </div>
    <!-- 
    <div class="platform-nav__dropdown">
        <div class="container">
--- a/source/default-conf.py
+++ b/source/default-conf.py
@ -26,9 +26,10 @@ sys.path.append(os.path.abspath('../sphinxext'))
 platform = list(tags.tags.keys())[0]
-if (platform =="k8s"):
+if (platform == "k8s"):
    platform = "Kubernetes"
 project = 'MinIO Documentation for ' + platform
 copyright = '2020-Present, MinIO, Inc. '
 author = 'MinIO Documentation Team'
@ -77,6 +78,7 @@ extlinks = {
    'podman-docs'     : ('https://docs.podman.io/en/latest/%s',''),
    'podman-git'      : ('https://github.com/containers/podman/%s',''),
    'docker-docs'     : ('https://docs.docker.com/%s', ''),
    'openshift-docs'  : ('https://docs.openshift.com/container-platform/4.11/%s', ''),
 }
@ -231,8 +233,6 @@ html_theme_options = {
    'show_relbars': 'false'
 }
 html_short_title = "MinIO Object Storage for " + ("MacOS" if platform == "macos" else platform.capitalize())
 # Add any paths that contain custom static files (such as style sheets) here,
 # relative to this directory. They are copied after the builtin static files,
 # so a file named "default.css" will overwrite the builtin "default.css".
@ -248,7 +248,17 @@ html_js_files = [
 # Add https://www.min.io/robots.txt to html_extra_path list once available.
 html_extra_path = [ 'extra']
-html_title = 'MinIO Object Storage for ' + ("MacOS" if platform == "macos" else platform.capitalize())
+platform_fmt = ""
 if platform == "macos":
   platform_fmt = "MacOS"
 elif platform == "openshift":
   platform_fmt = "OpenShift"
 else:
   platform_fmt = platform.capitalize()
 html_title = 'MinIO Object Storage for ' + platform_fmt
 html_short_title = 'MinIO Object Storage for ' + platform_fmt
 html_permalinks_icon = ''
--- a/source/images/openshift/minio-openshift-create-tenant.png
+++ b/source/images/openshift/minio-openshift-create-tenant.png
--- a/source/images/openshift/minio-openshift-marketplace-my-software.png
+++ b/source/images/openshift/minio-openshift-marketplace-my-software.png
--- a/source/images/openshift/minio-openshift-operator-installation-progress.png
+++ b/source/images/openshift/minio-openshift-operator-installation-progress.png
--- a/source/images/openshift/minio-openshift-operator-installation.png
+++ b/source/images/openshift/minio-openshift-operator-installation.png
--- a/source/images/openshift/minio-openshift-operator-start-install.png
+++ b/source/images/openshift/minio-openshift-operator-start-install.png
--- a/source/images/openshift/minio-openshift-select-minio.png
+++ b/source/images/openshift/minio-openshift-select-minio.png
--- a/source/images/openshift/minio-openshift-tenant-create-ui.png
+++ b/source/images/openshift/minio-openshift-tenant-create-ui.png
--- a/source/images/openshift/minio-openshift-tenant-create-yaml.png
+++ b/source/images/openshift/minio-openshift-tenant-create-yaml.png
--- a/source/includes/k8s/steps-deploy-tenant-cli.rst
+++ b/source/includes/k8s/steps-deploy-tenant-cli.rst
@ -0,0 +1,280 @@
 .. _minio-k8s-deploy-minio-tenant-commandline:
 Deploy a MinIO Tenant using the Command Line
 --------------------------------------------
 The :mc:`kubectl minio tenant create` command supports creating a MinIO Tenant in your Kubernetes cluster.
 The command *requires* that the cluster have a functional MinIO Operator installation.
 To deploy a tenant from the command line, complete the following steps:
 :ref:`create-tenant-cli-determine-settings-required-options`
 :ref:`create-tenant-cli-determine-additional-options`
 :ref:`create-tenant-cli-enter-command`
 :ref:`create-tenant-cli-record-access-info`
 :ref:`create-tenant-cli-access-tenant-console`
 :ref:`create-tenant-cli-forward-ports`
 .. _create-tenant-cli-determine-settings-required-options:
 1) Determine Values for Required Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The :mc:`kubectl minio tenant create` command requires several configuration settings.
 Determine the values for all required settings.
 .. tab-set::
   .. tab-item:: Required Settings
      The command requires values for each of the items in this table.
      .. list-table::
         :header-rows: 1
         :widths: 25 75
         :width: 100%
         * - Setting
           - Description
         * - :mc:`~kubectl minio tenant create TENANT_NAME`
           - The name to use for the new tenant.
         * - :mc:`~kubectl minio tenant create --capacity`
           - The total raw storage size for the Tenant across all volumes. 
             Specify both the total storage size *and* the :guilabel:`Unit` of that storage. 
             All storage units are in SI values, e.g. :math:`Gi = GiB = 1024^3` bytes.
             For example, 16 Ti for 16 Tebibytes.
         * - :mc:`~kubectl minio tenant create --servers`
           - The total number of MinIO server pods to deploy in the Tenant.
             The Operator by default uses pod anti-affinity, such that the Kubernetes cluster *must* have at least one worker node per MinIO server pod.
         * - :mc:`~kubectl minio tenant create --volumes`
           - The total number of storage volumes (Persistent Volume Claims).
             The Operator generates an equal number of PVC *plus one* for supporting logging. 
             The total number of persistent volume claims (``PVC``) per server is determined by dividing the number of volumes by the number of servers.
             The storage available for each ``PVC`` is determined by dividing the capacity by the number of volumes. 
             The generated claims have pod selectors so that claims are only made for volumes attached to node running the pod.
             If the number of volumes exceeds the numnber of persistent volumes available on the cluster, ``MinIO`` hangs until the number of persistent volumes are available.
         * - :mc:`~kubectl minio tenant create --namespace`
           - Each MinIO tenant requires its own ``namespace``.
             Specify a namespace with the :mc:`~kubectl minio tenant create --namespace` flag.
             If not specified, the MinIO Operator to uses ``minio``.
             The namespace must already exist in the Kubernetes cluster.
             Run ``kubectl create ns <new_namespace>`` to add one.
         * - :mc:`~kubectl minio tenant create --storage-class`
           - Specify the storage class to use.
             New MinIO tenants use the ``default`` storage class.
             To specify a different storage class, add the :mc:`~kubectl minio tenant create --storage-class` flag.
             The specified :mc-cmd:`~kubectl minio tenant create --storage-class` *must* match the ``storage-class`` of the Persistent Volumes (``PVs``) to which the ``PVCs`` should bind.
             MinIO strongly recommends creating a Storage Class that corresponds to locally-attached volumes on the host machines on which the Tenant deploys. 
             This ensures each pod can use locally-attached storage for maximum performance and throughput. 
   .. tab-item:: Example
      For example, the following command creates a new tenant with the following settings:
      Name
        ``miniotenant``
      Capacity
        16 Tebibytes
      Servers
        4
      Volumes
        16
      Namespace
        ``minio``
      Storage Class
        ``warm``
      .. code-block:: shell
         :class: copyable
         kubectl minio tenant create miniotenant          \
                                     --capacity 16Ti      \
                                     --servers 4          \
                                     --volumes 16         \
                                     --namespace minio    \
                                     --storage-class warm
 .. _create-tenant-cli-determine-additional-options:
 2) Determine Values for Optional Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 You can further customize your tenant by including any or all of the following *optional* flags when running the :mc:`kubectl minio tenant create` command:
 .. list-table:: 
   :header-rows: 1
   :widths: 25 75
   :width: 100%
   * - Setting
     - Description
   * - :mc:`~kubectl minio tenant create --image`
     - Customize the ``minio`` image to use.
       By default, the Operator uses the release image available at the time of the Operator's release.
       To specify a different MinIO version for the tenant, such as the latest available, use the :mc:`~kubectl minio tenant create --image` flag.
       See the `MinIO Quay <https://quay.io/repository/minio/minio>`__ or the `MinIO DockerHub <https://hub.docker.com/r/minio/minio/tags>`__ repositories for a list of valid tags.
   * - :mc:`~kubectl minio tenant create --image-pull-secret`
     - If using a custom container registry, specify the secret to use when pulling the ``minio`` image.
       Use :mc:`~kubectl minio tenant create --image-pull-secret` to specify the secret.
   * - :mc:`~kubectl minio tenant create --kes-config`
     - Configure a :minio-git:`Key Encrption Service (KES) <kes>`
       Use the :mc:`~kubectl minio tenant create --kes-config` flag to specify the name of the secret to use for KES Key Management Service (KMS) setup.
       Enabling Server Side Encryption (SSE) also deploys a MinIO :minio-git:`KES <kes>` service in the Tenant to faciliate SSE operations.
       For more, see the `Github documentation <https://github.com/minio/kes/wiki>`__.
 .. note:: Generate a YAML File for Further Customizations
   The MinIO Operator installs a `Custom Resource Definition (CRD) <https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/>`__ to describe tenants.
   Advanced users can generate a YAML file from the command line and customize the tenant based on the CRD.
   Do a dry run of a tenant creation process to generate a YAML file using the :mc:`~kubectl minio tenant create --output` flag.
   When using this flag, the operator does **not** create the tenant.
   Modify the generated YAML file as desired, then use ``kubectl apply -f <FILE>`` to manually create the MinIO tenant using the file.
 .. _create-tenant-cli-enter-command:
 3) Run the Command with Required and Optional Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 At the command line, enter the full command with all *Required* and any *Optional* flags.
 Consider a tenant we want to create:
 Tenant Name
  ``minio1``
 Capacity
  16 Tebibytes
 Servers
  4
 Volumes
  16 (four per node)
 Namespace
  ``miniotenantspace``
 MinIO Image
  Latest version, |minio-latest|
 Key ecnryption file
  ``minio-secret``
 Storage class
  ``warm``
 .. code-block:: shell
   :substitutions:
   kubectl minio tenant create                                \
                        minio1                                \
                        --capacity 16Ti                       \
                        --servers 4                           \
                        --volumes 16                          \
                        --namespace miniotenantspace          \
                        --image |minio-latest|  \
                        --kes-config minio-kes-secret         \
                        --storage-class warm
 .. _create-tenant-cli-record-access-info:
 4) Record the Access Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 When generating the tenant, the MinIO Operator displays the access credentials to use for the tenant.
 .. important::
   This is the only time the credentials display.
   Copy the credentials to a secure location.
   MinIO does not show these credentials again.
 In addition to access credentials, the output shows the service name and service ports to use for accessing the tenant.
 .. _create-tenant-cli-access-tenant-console:
 5) Access the Tenant's MinIO Console
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 To access the :ref:`MinIO Console <minio-console>` for the tenant, forward the tenant's port.
 - If necessary, run ``kubectl get svc -n <namespace>`` to retrieve the tenant's port number.
 - Run the following to forward the tenant's port and access it from a browser:
  .. code-block:: shell
     :class: copyable
     kubectl port-forward svc/<tenant-name>-console -n <tenant-namespace> <localport>:<tenantport>
  - Replace ``<tenant-name>`` with the name of your tenant.
  - Replace ``<tenant-namespace>`` with the namespace the tenant exists in.
  - Replace ``<localport>`` with the port number to use on your local machine to access the tenant's MinIO Console.
  - Replace ``<tenantport>`` with the port number the MinIO Operator assigned to the tenant.
 - Go to ``https://127.0.0.1:<localport>`` to Access the tenant's MinIO Console.
  Replace ``<localport>`` with the port number you used when forwarding the tenant's port.
 - Login with the username and password shown in the tenant creation output and recorded in step 4 above.
 .. _create-tenant-cli-forward-ports:
 6) Forward Ports
 ~~~~~~~~~~~~~~~~
 You can temporarily expose each service using the ``kubectl port-forward`` utility. 
 Run the following examples to forward traffic from the local host running ``kubectl`` to the services running inside the Kubernetes cluster.
 .. tab-set::
   .. tab-item:: MinIO Tenant
      .. code-block:: shell
         :class: copyable
         kubectl port-forward service/minio 443:443
   .. tab-item:: MinIO Console
      .. code-block:: shell
         :class: copyable
         kubectl port-forward service/minio-tenant-1-console 9443:9443
--- a/source/includes/openshift/deploy-minio-on-openshift.rst
+++ b/source/includes/openshift/deploy-minio-on-openshift.rst
@ -0,0 +1,196 @@
 .. _deploy-operator-openshift:
 =========================================
 Deploy MinIO Operator on RedHat OpenShift
 =========================================
 .. default-domain:: minio
 .. contents:: Table of Contents
   :local:
   :depth: 1
 Overview
 --------
 Red Hat® OpenShift® is an enterprise-ready Kubernetes container platform with full-stack automated operations to manage hybrid cloud, multi-cloud, and edge deployments. 
 OpenShift includes an enterprise-grade Linux operating system, container runtime, networking, monitoring, registry, and authentication and authorization solutions. 
 You can deploy the MinIO Kubernetes Operator through the :openshift-docs:`Red Hat® OpenShift® Container Platform 4.7+ <welcome/index.html>`. 
 You can deploy and manage MinIO Tenants through OpenShift after deploying the MinIO Operator. 
 This procedure includes instructions for the following deployment paths:
 - Purchase and Deploy MinIO through the `RedHat Marketplace <https://marketplace.redhat.com/en-us/products/minio-hybrid-cloud-object-storage>`__.
 - Deploy MinIO through the OpenShift `OperatorHub <https://operatorhub.io/operator/minio-operator>`__
 After deploying the MinIO Operator into your OpenShift cluster, you can create and manage MinIO Tenants through the :openshift-docs:`OperatorHub <operators/understanding/olm-understanding-operatorhub.html>` user interface.
 This documentation assumes familiarity with all referenced Kubernetes and OpenShift concepts, utilities, and procedures. 
 While this documentation *may* provide guidance for configuring or deploying Kubernetes-related or OpenShift-related resources on a best-effort basis, it is not a replacement for the official :kube-docs:`Kubernetes Documentation <>` and :openshift-docs:`OpenShift Container Platform 4.7+ Documentation <welcome/index.html>`.
 Prerequisites
 -------------
 RedHat OpenShift 4.7+
 ~~~~~~~~~~~~~~~~~~~~~
 The MinIO Kubernetes Operator is available starting with `OpenShift 4.7+ <https://docs.openshift.com/container-platform/4.7/welcome/index.html>`__.
 Red Hat Marketplace installation requires registration of the OpenShift cluster with the Marketplace for the necessary namespaces.
 See `Register OpenShift cluster with Red Hat Marketplace <https://marketplace.redhat.com/en-us/documentation/clusters>`__ for complete instructions.
 For older versions of OpenShift, use the generic :ref:`deploy-operator-kubernetes` procedure.
 Administrator Access
 ~~~~~~~~~~~~~~~~~~~~
 Installation of operators through the Red Hat Marketplace and the Operator Hub is restricted to OpenShift cluster administrators (``cluster-admin`` privileges). 
 This procedure requires logging into the Marketplace and/or OpenShift with an account that has those privileges.
 OpenShift ``oc`` CLI
 ~~~~~~~~~~~~~~~~~~~~
 :openshift-docs:`Download and Install <cli_reference/openshift_cli/getting-started-cli.html>` the OpenShift :abbr:`CLI (command-line interface)` ``oc`` for use in this procedure.
 MinIO ``kubectl`` Plugin
 ~~~~~~~~~~~~~~~~~~~~~~~~
 The MinIO Kubernetes Plugin provides a command line interface for the MinIO Operator.
 This procedure uses the ``oc minio`` plugin as part of the installation.
 .. include:: /includes/openshift/install-minio-kubectl-plugin.rst
 Procedure
 ---------
 1) Access the MinIO Operator Installation
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Select the tab that corresponds to your preferred installation method:
 .. tab-set::
   .. tab-item:: Red Hat Marketplace
      Open the `MinIO Red Hat Marketplace listing <https://marketplace.redhat.com/en-us/products/minio-hybrid-cloud-object-storage>`__ in your browser. 
      Click :guilabel:`Login` to log in with your Red Hat Marketplace account.
      After logging in, click :guilabel:`Purchase` to purchase the MinIO Operator for your account. 
      After completing the purchase, click :guilabel:`Workplace` from the top navigation and select :guilabel:`My Software`. 
      .. image:: /images/openshift/minio-openshift-marketplace-my-software.png
         :align: center
         :width: 90%
         :class: no-scaled-link
         :alt: From the Red Hat Marketplace, select Workplace, then My Software
      Click :guilabel:`MinIO Hybrid Cloud Object Storage` and select :guilabel:`Install Operator` to start the Operator Installation procedure in OpenShift.
   .. tab-item:: Red Hat OperatorHub
      Log into the OpenShift Web Console as a user with ``cluster-admin`` privileges. 
      From the :guilabel:`Administrator` panel, select :guilabel:`Operators`, then :guilabel:`OperatorHub`.
      From the :guilabel:`OperatorHub` page, type "MinIO" into the :guilabel:`Filter` text entry. Select the :guilabel:`MinIO Operator` tile from the search list.
      .. image:: /images/openshift/minio-openshift-select-minio.png
         :align: center
         :width: 90%
         :class: no-scaled-link
         :alt: From the OperatorHub, search for MinIO, then select the MinIO Tile.
      Select the :guilabel:`MinIO Operator` tile, then click 
      :guilabel:`Install` to begin the installation.
 2) Configure and Deploy the Operator
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The :guilabel:`Install Operator` page provides a walkthrough for configuring the MinIO Operator installation. 
 .. image:: /images/openshift/minio-openshift-operator-installation.png
   :align: center
   :width: 90%
   :class: no-scaled-link
   :alt: Complete the Operator Installation Walkthrough
 - For :guilabel:`Update channel`, select any of the available options.
 - For :guilabel:`Installation Mode`, select :guilabel:`All namespaces on the cluster`
 - For :guilabel:`Installed Namespace`, select :guilabel:`openshift-operators`
 - For :guilabel:`Approval Strategy`, select the approval strategy of your choice.
 See the :openshift-docs:`Operator Installation Documentation <operators/admin/olm-adding-operators-to-cluster.html#olm-installing-from-operatorhub-using-web-console_olm-adding-operators-to-a-cluster>` :guilabel:`Step 5` for complete descriptions of each displayed option.
 Click :guilabel:`Install` to start the installation procedure. 
 The web console displays a widget for tracking the installation progress.
 .. image:: /images/openshift/minio-openshift-operator-installation-progress.png
   :align: center
   :width: 70%
   :class: no-scaled-link
   :alt: Wait for Installation to Complete.
 Once installation completes, click :guilabel:`View Operator` to view the MinIO Operator page. 
 3) Open the MinIO Operator Interface
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 You can find the MinIO Operator Interface from the :guilabel:`Operators` left-hand navigation header.
 1. Go to :guilabel:`Operators`, then :guilabel:`Installed Operators`. 
 2. For the :guilabel:`Project` dropdown, select :guilabel:`openshift-operators`.
 3. Select :guilabel:`MinIO Operators` from the list of installed operators. 
   The :guilabel:`Status` column must read :guilabel:`Success` to access the Operator interface.
 4) Access the Operator Console
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The MinIO Operator includes the Operator Console, a browser-based management interface for managed MinIO tenants.
 You can temporarily port-forward the Operator Console to your local host machine using the ``oc minio port-forward`` command:
 .. code-block:: shell
   :class: copyable
   oc minio port-forward
 The command returns a JWT token and a URL you can open in your browser.
 .. image:: /images/k8s/operator-dashboard.png
   :align: center
   :width: 70%
   :class: no-scaled-link
   :alt: Operator Dashboard
 You can create a permanent routing rule by creating a :openshift-docs:`Route or Ingress <networking/understanding-networking.html#nw-ne-comparing-ingress-route_understanding-networking>` to allow access from external clients, such as your local computer browser. 
 The following steps provides a summary of actions necessary to create a Route.
 #. From :guilabel:`Networking`, go to :guilabel:`Routes`
 #. Create a new Route in the MinIO Operator project.
   Select a recognizable route name, such as ``operator-console-route``.
 #. Set the :guilabel:`Hostname` as per your organizations networking and hostname topology.
   Omit the hostname to allow OpenShift to generate it automatically
 #. Set the :guilabel:`Service` to :guilabel:`console`
 #. Set the :Guilabel:`Target Port` to  ``9090`` 
 You can then access the Operator Console using the configured Route. 
 The Operator Console still requires using the generated JWT token for access, which you can generate at any time using ``oc minio port-forward``.
 6) Next Steps
 ~~~~~~~~~~~~~
 After deploying the MinIO Operator, you can create a new MinIO Tenant.
 To deploy a MinIO Tenant using OpenShift, see :ref:`deploy-minio-tenant-redhat-openshift`.
 .. toctree::
   :titlesonly:
   :hidden:
   /operations/install-deploy-manage/upgrade-minio-operator
--- a/source/includes/openshift/install-minio-kubectl-plugin.rst
+++ b/source/includes/openshift/install-minio-kubectl-plugin.rst
@ -0,0 +1,53 @@
 You can install the MinIO Kubernetes plugin by downloading and installing the plugin binary to your local host:
 .. tab-set::
   .. tab-item:: Linux, MacOS
      You can download the MinIO ``kubectl`` plugin to your local system path.
      The ``oc`` CLI automatically discovers and runs compatible plugins.
      The following code downloads the latest stable version |operator-version-stable| of the MinIO Kubernetes plugin and installs it to the system path:
      .. code-block:: shell
         :substitutions:
         :class: copyable
         curl https://github.com/minio/operator/releases/download/v|operator-version-stable|/kubectl-minio_|operator-version-stable|_linux_amd64 -o kubectl-minio
         chmod +x kubectl-minio
         mv kubectl-minio /usr/local/bin/
      The ``mv`` command above may require ``sudo`` escalation depending on the permissions of the authenticated user.
      Run the following command to verify installation of the plugin:
      .. code-block:: shell
         :class: copyable
         oc minio version
      The output should display the Operator version as |operator-version-stable|.
   .. tab-item:: Windows
      You can download the MinIO ``kubectl`` plugin to your local system path.
      The ``oc`` CLI automatically discovers and runs compatible plugins.
      The following PowerShell command downloads the latest stable version |operator-version-stable| of the MinIO Kubernetes plugin and installs it to the system path:
      .. code-block:: powershell
         :substitutions:
         :class: copyable
         Invoke-WebRequest -Uri "https://github.com/minio/operator/releases/download/v|operator-version-stable|/kubectl-minio_|operator-version-stable|_windows_amd64.exe" -OutFile "C:\kubectl-plugins\kubectl-minio.exe"
      Ensure the path to the plugin folder is included in the Windows PATH.
      Run the following command to verify installation of the plugin:
      .. code-block:: shell
         :class: copyable
         oc minio version
      The output should display the Operator version as |operator-version-stable|.
--- a/source/includes/openshift/steps-deploy-minio-tenant.rst
+++ b/source/includes/openshift/steps-deploy-minio-tenant.rst
@ -0,0 +1,117 @@
 .. _deploy-minio-tenant-redhat-openshift:
 Deploy a Tenant using the OpenShift Web Console
 -----------------------------------------------
 1) Access the MinIO Operator Interface
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 You can find the MinIO Operator Interface from the :guilabel:`Operators` left-hand navigation header.
 1. Go to :guilabel:`Operators`, then :guilabel:`Installed Operators`. 
 2. For the :guilabel:`Project` dropdown, select :guilabel:`openshift-operators`.
 3. Select :guilabel:`MinIO Operators` from the list of installed operators.
 Click :guilabel:`Create Tenant` to begin the Tenant Creation process.
 2) Create the Tenant
 ~~~~~~~~~~~~~~~~~~~~
 The :guilabel:`Form View` provides a user interface for configuring the new MinIO Tenant.
 .. image:: /images/openshift/minio-openshift-tenant-create-ui.png
   :align: center
   :width: 90%
   :class: no-scaled-link
   :alt: OpenShift Tenant Creation UI View
 - Ensure the :guilabel:`Tenant Secret -> Name` is set to the name of the MinIO Root User Kubernetes Secret created as part of the prerequisites. 
 - Ensure the :guilabel:`Console -> Console Secret -> Name` is set to the name of the MinIO Console Kubernetes Secret created as part of the prerequisites.
 You can also use the YAML view to perform more granular configuration of the MinIO Tenant. 
 Refer to the :minio-git:`MinIO Custom Resource Definition Documentation <operator/blob/master/docs/crd.adoc>` for guidance on setting specific fields. 
 MinIO also publishes examples for additional guidance in creating custom Tenant YAML objects. 
 Note that the OperatorHub YAML view supports creating only the MinIO Tenant object. 
 Do not specify any other objects as part of the YAML input.
 .. image:: /images/openshift/minio-openshift-tenant-create-yaml.png
   :align: center
   :width: 90%
   :class: no-scaled-link
   :alt: OpenShift Tenant Creation UI View
 Changes to one view are reflected in the other. 
 For example, you can make modifications in the :guilabel:`YAML View` and see those changes in the :guilabel:`Form View`.
 .. admonition:: Security Context Configuration
   :class: note
   If your OpenShift cluster Security Context Configuration restricts the supported pod security contexts, open the YAML View and locate the ``spec.pools[n].securityContext`` and ``spec.console.securityContext`` objects. 
   Modify the ``securityContext`` settings to use a supported UID based on the SCC of your OpenShift Cluster.
 Click :guilabel:`Create` to create the MinIO Tenant using the specified configuration. 
 Use the credentials specified as part of the MinIO Root User secret to access the MinIO Server.
 3) Connect to the Tenant
 ~~~~~~~~~~~~~~~~~~~~~~~~
 The MinIO Operator creates services for the MinIO Tenant. 
 Use the ``oc get svc -n NAMESPACE`` command to review the deployed services:
 .. code-block:: shell
   :class: copyable
   oc get svc -n minio-tenant-1
 .. code-block:: shell
   NAME                               TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)          AGE
   minio                              LoadBalancer   10.97.114.60     <pending>     443:30979/TCP    2d3h
   minio-tenant-1-console             LoadBalancer   10.106.103.247   <pending>     9443:32095/TCP   2d3h
   minio-tenant-1-hl                  ClusterIP      None             <none>        9000/TCP         2d3h
   minio-tenant-1-log-hl-svc          ClusterIP      None             <none>        5432/TCP         2d3h
   minio-tenant-1-log-search-api      ClusterIP      10.103.5.235     <none>        8080/TCP         2d3h
   minio-tenant-1-prometheus-hl-svc   ClusterIP      None             <none>        9090/TCP         7h39m
 - The ``minio`` service corresponds to the MinIO Tenant service. 
  Applications should use this service for performing operations against the MinIO Tenant.
 - The ``*-console`` service corresponds to the :minio-git:`MinIO Console <console>`. 
  Administrators should use this service for accessing the MinIO Console and performing administrative operations on the MinIO Tenant.
 The remaining services support Tenant operations and are not intended for consumption by users or administrators.
 By default each service is visible only within the Kubernetes cluster. 
 Applications deployed inside the cluster can access the services using the ``CLUSTER-IP``. 
 Applications external to the Kubernetes cluster can access the services using the ``EXTERNAL-IP``. 
 This value is only populated for Kubernetes clusters configured for Ingress or a similar network access service. 
 Kubernetes provides multiple options for configuring external access to services. 
 See the Kubernetes documentation on 
 :kube-docs:`Publishing Services (ServiceTypes) <concepts/services-networking/service/#publishing-services-service-types>` 
 and :kube-docs:`Ingress <concepts/services-networking/ingress/>` 
 for more complete information on configuring external access to services.
 4) Forward Ports
 ~~~~~~~~~~~~~~~~
 You can temporarily expose each service using the ``oc port-forward`` utility. 
 Run the following examples to forward traffic from the local host running ``oc`` to the services running inside the Kubernetes cluster.
 .. tab-set::
   .. tab-item:: MinIO Tenant
      .. code-block:: shell
         :class: copyable
         oc port-forward service/minio 443:443
   .. tab-item:: MinIO Console
      .. code-block:: shell
         :class: copyable
         oc port-forward service/minio-tenant-1-console 9443:9443
--- a/source/index.rst
+++ b/source/index.rst
@ -24,10 +24,14 @@ MinIO is built to deploy anywhere - public or private cloud, baremetal infrastru
   This site documents Operations, Administration, and Development of MinIO deployments on Mac OSX platforms.
-.. cond:: k8s
+.. cond:: k8s and not openshift
   This site documents Operations, Administration, and Development of MinIO deployments on Kubernetes platform.
 .. cond:: openshift
   This site documents Operations, Administration, and Development of MinIO deployments on OpenShift 4.7+ through the :openshift-docs:`Red Hat® OpenShift® Container Platform 4.7+ <welcome/index.html>`.
 .. cond:: container
   This site documents Operations, Administration, and Development of MinIO deployments on Containers.
--- a/source/operations/install-deploy-manage/deploy-minio-tenant.rst
+++ b/source/operations/install-deploy-manage/deploy-minio-tenant.rst
@ -19,7 +19,13 @@ Deploy a MinIO Tenant
   :local:
   :depth: 1
-This procedure documents deploying a MinIO Tenant using the MinIO Operator Console.
+.. cond:: openshift
   This procedure documents deploying a MinIO Tenant through OpenShift 4.7+ using the OpenShift Web Console and the MinIO Kubernetes Operator.
 .. cond:: k8s and not openshift
   This procedure documents deploying a MinIO Tenant onto a stock Kubernetes cluster using the MinIO Operator Console.
 .. image:: /images/k8s/operator-dashboard.png
   :align: center
@ -51,18 +57,72 @@ and Plugin version |operator-version-stable|.
 See :ref:`deploy-operator-kubernetes` for complete documentation on deploying the MinIO Operator.
-.. include:: /includes/k8s/install-minio-kubectl-plugin.rst
+.. cond:: k8s and not openshift
-Kubernetes Version 1.19.0
+   .. include:: /includes/k8s/install-minio-kubectl-plugin.rst
 ~~~~~~~~~~~~~~~~~~~~~~~~~
-Starting with v4.0.0, the MinIO Operator requires Kubernetes 1.19.0 and later.
+.. cond:: openshift
 The Kubernetes infrastructure *and* the ``kubectl`` CLI tool must have the same
 version of 1.19.0+.
-This procedure assumes the host machine has ``kubectl`` installed and 
+   .. include:: /includes/openshift/install-minio-kubectl-plugin.rst
-configured with access to the target Kubernetes cluster. The host machine 
+
-*must* have access to a web browser application.
+.. cond:: k8s and not openshift
   Kubernetes Version 1.19.0
   ~~~~~~~~~~~~~~~~~~~~~~~~~
   Starting with v4.0.0, the MinIO Operator requires Kubernetes 1.19.0 and later.
   The Kubernetes infrastructure *and* the ``kubectl`` CLI tool must have the same version of 1.19.0+.
   This procedure assumes the host machine has ``kubectl`` installed and configured with access to the target Kubernetes cluster. 
   The host machine *must* have access to a web browser application.
 .. cond:: openshift
   OpenShift 4.7+ and ``oc`` CLI Tool
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   This procedure assumes installation of the MinIO Operator using the OpenShift 4.7+ and the OpenShift OperatorHub.
   This procedure assumes your local machine has the OpenShift ``oc`` CLI tool installed and configured for access to the OpenShift Cluster.
   :openshift-docs:`Download and Install <cli_reference/openshift_cli/getting-started-cli.html>` the OpenShift :abbr:`CLI (command-line interface)` ``oc`` for use in this procedure.
   See :ref:`deploy-operator-openshift` for more complete instructions.
 .. cond:: openshift
   Check Security Context Constraints
   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   The MinIO Operator deploys pods using the following default :kube-docs:`Security Context <tasks/configure-pod-container/security-context/>` per pod:
   .. code-block:: yaml
      :class: copyable
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        fsGroup: 1000
   Certain OpenShift :openshift-docs:`Security Context Constraints </authentication/managing-security-context-constraints.html>` limit the allowed UID or GID for a pod such that MinIO cannot deploy the Tenant successfully. 
   Ensure that the Project in which the Operator deploys the Tenant has sufficient SCC settings that allow the default pod security context. 
   You can alternatively modify the tenant security context settings during deployment.
   The following command returns the optimal value for the securityContext: 
   .. code-block:: shell
      :class: copyable
      oc get namespace <namespace> \
      -o=jsonpath='{.metadata.annotations.openshift\.io/sa\.scc\.supplemental-groups}{"\n"}'
   The command returns output similar to the following:
   .. code-block:: shell
      1056560000/10000
   Take note of this value before the slash for use in this procedure.
 Locally Attached Drives
 ~~~~~~~~~~~~~~~~~~~~~~~
@ -119,8 +179,8 @@ volume and a supporting
      Ensure all Persistent Volumes provisioned to support the MinIO Tenant 
      use this storage class.
-Procedure (MinIO Operator Console)
+Deploy a Tenant using the MinIO Operator Console
----------------------------------
+------------------------------------------------
 To deploy a tenant from the MinIO Operator Console, complete the following steps in order:
@ -151,12 +211,23 @@ To deploy a tenant from the MinIO Operator Console, complete the following steps
 1) Access the MinIO Operator Console
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-Use the :mc-cmd:`kubectl minio proxy` command to temporarily forward traffic between the local host machine and the MinIO Operator Console:
+.. cond:: k8s and not openshift
-.. code-block:: shell
+   Use the :mc-cmd:`kubectl minio proxy` command to temporarily forward traffic between the local host machine and the MinIO Operator Console:
   :class: copyable
-   kubectl minio proxy
+   .. code-block:: shell
      :class: copyable
      kubectl minio proxy
 .. cond:: openshift
   Use the :mc-cmd:`oc minio proxy <kubectl minio proxy>` command to temporarily forward traffic between the local host machine and the MinIO Operator Console:
   .. code-block:: shell
      :class: copyable
      oc minio proxy
 The command returns output similar to the following:
@ -282,6 +353,12 @@ The :guilabel:`Configure` section displays optional configuration settings for t
       You can modify the Security Context to direct MinIO to run using a different User, Group, or FsGroup ID. 
       You can also direct MinIO to not run as the Root user.
       .. cond:: openshift
          .. important::
             If your OpenShift cluster enforces :openshift-docs:`Security Context Constraints </authentication/managing-security-context-constraints.html>` , ensure you set the Tenant constraints appropriately such that pods can start and run normally.
   * - :guilabel:`Override Log Search Defaults`
     - The MinIO Operator deploys a Log Search service (SQL Database and Log Search API) to support Audit Log search in the MinIO Tenant Console.
@ -487,12 +564,24 @@ Each tab provides additional details or configuration options for the MinIO Tena
 ~~~~~~~~~~~~~~~~~~~~~~~~~
 The MinIO Operator creates services for the MinIO Tenant. 
 Use the ``kubectl get svc -n NAMESPACE`` command to review the deployed services:
-.. code-block:: shell
+.. cond:: openshift
   :class: copyable
-   kubectl get svc -n minio-tenant-1
+   Use the ``oc get svc -n TENANT-PROJECT`` command to review the deployed services:
   .. code-block:: shell
      :class: copyable
      oc get svc -n minio-tenant-1
 .. cond:: k8s and not openshift 
   Use the ``kubectl get svc -n NAMESPACE`` command to review the deployed services:
   .. code-block:: shell
      :class: copyable
      kubectl get svc -n minio-tenant-1
 .. code-block:: shell
@ -518,312 +607,66 @@ Applications deployed inside the cluster can access the services using the ``CLU
 Applications external to the Kubernetes cluster can access the services using the ``EXTERNAL-IP``. 
 This value is only populated for Kubernetes clusters configured for Ingress or a similar network access service. 
 Kubernetes provides multiple options for configuring external access to services. 
-See the Kubernetes documentation on 
+
-:kube-docs:`Publishing Services (ServiceTypes) <concepts/services-networking/service/#publishing-services-service-types>` 
+.. cond:: k8s and not openshift
-and :kube-docs:`Ingress <concepts/services-networking/ingress/>` 
+
-for more complete information on configuring external access to services.
+   See the Kubernetes documentation on :kube-docs:`Publishing Services (ServiceTypes) <concepts/services-networking/service/#publishing-services-service-types>` and :kube-docs:`Ingress <concepts/services-networking/ingress/>` for more complete information on configuring external access to services.
 .. cond:: openshift
   See the OpenShift documentation on :openshift-docs:`Route or Ingress <networking/understanding-networking.html#nw-ne-comparing-ingress-route_understanding-networking>` for more complete information on configuring external access to services.
 .. _create-tenant-operator-forward-ports:
 11) Forward Ports
 ~~~~~~~~~~~~~~~~~
-You can temporarily expose each service using the ``kubectl port-forward`` utility. 
+.. cond:: k8s and not openshift
 Run the following examples to forward traffic from the local host running ``kubectl`` to the services running inside the Kubernetes cluster.
-.. tab-set::
+   You can temporarily expose each service using the ``kubectl port-forward`` utility.
   Run the following examples to forward traffic from the local host running ``kubectl`` to the services running inside the Kubernetes cluster.
-   .. tab-item:: MinIO Tenant
+   .. tab-set::
-      .. code-block:: shell
+      .. tab-item:: MinIO Tenant
         :class: copyable
-         kubectl port-forward service/minio 443:443
+         .. code-block:: shell
            :class: copyable
-   .. tab-item:: MinIO Console
+            kubectl port-forward service/minio 443:443
      .. code-block:: shell
         :class: copyable
-         kubectl port-forward service/minio-tenant-1-console 9443:9443
+      .. tab-item:: MinIO Console
 .. _minio-k8s-deploy-minio-tenant-commandline:
 Procedure (Command Line)
 ------------------------
 The :mc:`kubectl minio tenant create` command supports creating a MinIO Tenant in your Kubernetes cluster.
 The command *requires* that the cluster have a functional MinIO Operator installation.
 To deploy a tenant from the command line, complete the following steps:
 :ref:`create-tenant-cli-determine-settings-required-options`
 :ref:`create-tenant-cli-determine-additional-options`
 :ref:`create-tenant-cli-enter-command`
 :ref:`create-tenant-cli-record-access-info`
 :ref:`create-tenant-cli-access-tenant-console`
 :ref:`create-tenant-cli-forward-ports`
 .. _create-tenant-cli-determine-settings-required-options:
 1) Determine Values for Required Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 The :mc:`kubectl minio tenant create` command requires several configuration settings.
 Determine the values for all required settings.
 .. tab-set::
   .. tab-item:: Required Settings
      The command requires values for each of the items in this table.
      .. list-table::
         :header-rows: 1
         :widths: 25 75
         :width: 100%
         * - Setting
           - Description
         * - :mc:`~kubectl minio tenant create TENANT_NAME`
           - The name to use for the new tenant.
         * - :mc:`~kubectl minio tenant create --capacity`
           - The total raw storage size for the Tenant across all volumes. 
             Specify both the total storage size *and* the :guilabel:`Unit` of that storage. 
             All storage units are in SI values, e.g. :math:`Gi = GiB = 1024^3` bytes.
             For example, 16 Ti for 16 Tebibytes.
         * - :mc:`~kubectl minio tenant create --servers`
           - The total number of MinIO server pods to deploy in the Tenant.
             The Operator by default uses pod anti-affinity, such that the Kubernetes cluster *must* have at least one worker node per MinIO server pod.
         * - :mc:`~kubectl minio tenant create --volumes`
           - The total number of storage volumes (Persistent Volume Claims).
             The Operator generates an equal number of PVC *plus one* for supporting logging. 
             The total number of persistent volume claims (``PVC``) per server is determined by dividing the number of volumes by the number of servers.
             The storage available for each ``PVC`` is determined by dividing the capacity by the number of volumes. 
             The generated claims have pod selectors so that claims are only made for volumes attached to node running the pod.
             If the number of volumes exceeds the numnber of persistent volumes available on the cluster, ``MinIO`` hangs until the number of persistent volumes are available.
         * - :mc:`~kubectl minio tenant create --namespace`
           - Each MinIO tenant requires its own ``namespace``.
             Specify a namespace with the :mc:`~kubectl minio tenant create --namespace` flag.
             If not specified, the MinIO Operator to uses ``minio``.
             The namespace must already exist in the Kubernetes cluster.
             Run ``kubectl create ns <new_namespace>`` to add one.
         * - :mc:`~kubectl minio tenant create --storage-class`
           - Specify the storage class to use.
             New MinIO tenants use the ``default`` storage class.
             To specify a different storage class, add the :mc:`~kubectl minio tenant create --storage-class` flag.
             The specified :mc-cmd:`~kubectl minio tenant create --storage-class` *must* match the ``storage-class`` of the Persistent Volumes (``PVs``) to which the ``PVCs`` should bind.
             MinIO strongly recommends creating a Storage Class that corresponds to locally-attached volumes on the host machines on which the Tenant deploys. 
             This ensures each pod can use locally-attached storage for maximum performance and throughput. 
   .. tab-item:: Example
      For example, the following command creates a new tenant with the following settings:
      Name
        ``miniotenant``
-      Capacity
+         .. code-block:: shell
-        16 Tebibytes
+            :class: copyable
            kubectl port-forward service/minio-tenant-1-console 9443:9443
 .. cond:: openshift
   You can temporarily expose each service using the ``oc port-forward`` utility.
   Run the following examples to forward traffic from the local host running ``oc`` to the services running inside the Kubernetes cluster.
   .. tab-set::
      .. tab-item:: MinIO Tenant
         .. code-block:: shell
            :class: copyable
            oc port-forward service/minio 443:443
      .. tab-item:: MinIO Console
-      Servers
+         .. code-block:: shell
-        4
+            :class: copyable
-      Volumes
+            oc port-forward service/minio-tenant-1-console 9443:9443
        16
-      Namespace
+.. cond:: openshift
        ``minio``
-      Storage Class
+   .. include:: /includes/openshift/steps-deploy-minio-tenant.rst
        ``warm``
      .. code-block:: shell
         :class: copyable
-         kubectl minio tenant create miniotenant          \
+.. cond:: k8s and not openshift
                                     --capacity 16Ti      \
                                     --servers 4          \
                                     --volumes 16         \
                                     --namespace minio    \
                                     --storage-class warm
-
+   .. include:: /includes/k8s/steps-deploy-tenant-cli.rst
 .. _create-tenant-cli-determine-additional-options:
 2) Determine Values for Optional Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 You can further customize your tenant by including any or all of the following *optional* flags when running the :mc:`kubectl minio tenant create` command:
 .. list-table:: 
   :header-rows: 1
   :widths: 25 75
   :width: 100%
   * - Setting
     - Description
   * - :mc:`~kubectl minio tenant create --image`
     - Customize the ``minio`` image to use.
       By default, the Operator uses the release image available at the time of the Operator's release.
       To specify a different MinIO version for the tenant, such as the latest available, use the :mc:`~kubectl minio tenant create --image` flag.
       See the `MinIO Quay <https://quay.io/repository/minio/minio>`__ or the `MinIO DockerHub <https://hub.docker.com/r/minio/minio/tags>`__ repositories for a list of valid tags.
   * - :mc:`~kubectl minio tenant create --image-pull-secret`
     - If using a custom container registry, specify the secret to use when pulling the ``minio`` image.
       Use :mc:`~kubectl minio tenant create --image-pull-secret` to specify the secret.
   * - :mc:`~kubectl minio tenant create --kes-config`
     - Configure a :minio-git:`Key Encrption Service (KES) <kes>`
       Use the :mc:`~kubectl minio tenant create --kes-config` flag to specify the name of the secret to use for KES Key Management Service (KMS) setup.
       Enabling Server Side Encryption (SSE) also deploys a MinIO :minio-git:`KES <kes>` service in the Tenant to faciliate SSE operations.
       For more, see the `Github documentation <https://github.com/minio/kes/wiki>`__.
 .. note:: Generate a YAML File for Further Customizations
   The MinIO Operator installs a `Custom Resource Definition (CRD) <https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/>`__ to describe tenants.
   Advanced users can generate a YAML file from the command line and customize the tenant based on the CRD.
   Do a dry run of a tenant creation process to generate a YAML file using the :mc:`~kubectl minio tenant create --output` flag.
   When using this flag, the operator does **not** create the tenant.
   Modify the generated YAML file as desired, then use ``kubectl apply -f <FILE>`` to manually create the MinIO tenant using the file.
 .. _create-tenant-cli-enter-command:
 3) Run the Command with Required and Optional Settings
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 At the command line, enter the full command with all *Required* and any *Optional* flags.
 Consider a tenant we want to create:
 Tenant Name
  ``minio1``
 Capacity
  16 Tebibytes
 Servers
  4
 Volumes
  16 (four per node)
 Namespace
  ``miniotenantspace``
 MinIO Image
  Latest version, |minio-latest|
 Key ecnryption file
  ``minio-secret``
 Storage class
  ``warm``
 .. code-block:: shell
   :substitutions:
   kubectl minio tenant create                                \
                        minio1                                \
                        --capacity 16Ti                       \
                        --servers 4                           \
                        --volumes 16                          \
                        --namespace miniotenantspace          \
                        --image |minio-latest|  \
                        --kes-config minio-kes-secret         \
                        --storage-class warm
 .. _create-tenant-cli-record-access-info:
 4) Record the Access Credentials
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 When generating the tenant, the MinIO Operator displays the access credentials to use for the tenant.
 .. important::
   This is the only time the credentials display.
   Copy the credentials to a secure location.
   MinIO does not show these credentials again.
 In addition to access credentials, the output shows the service name and service ports to use for accessing the tenant.
 .. _create-tenant-cli-access-tenant-console:
 5) Access the Tenant's MinIO Console
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 To access the :ref:`MinIO Console <minio-console>` for the tenant, forward the tenant's port.
 - If necessary, run ``kubectl get svc -n <namespace>`` to retrieve the tenant's port number.
 - Run the following to forward the tenant's port and access it from a browser:
  .. code-block:: shell
     :class: copyable
     kubectl port-forward svc/<tenant-name>-console -n <tenant-namespace> <localport>:<tenantport>
  - Replace ``<tenant-name>`` with the name of your tenant.
  - Replace ``<tenant-namespace>`` with the namespace the tenant exists in.
  - Replace ``<localport>`` with the port number to use on your local machine to access the tenant's MinIO Console.
  - Replace ``<tenantport>`` with the port number the MinIO Operator assigned to the tenant.
 - Go to ``https://127.0.0.1:<localport>`` to Access the tenant's MinIO Console.
  Replace ``<localport>`` with the port number you used when forwarding the tenant's port.
 - Login with the username and password shown in the tenant creation output and recorded in step 4 above.
 .. _create-tenant-cli-forward-ports:
 6) Forward Ports
 ~~~~~~~~~~~~~~~~
 You can temporarily expose each service using the ``kubectl port-forward`` utility. 
 Run the following examples to forward traffic from the local host running ``kubectl`` to the services running inside the Kubernetes cluster.
 .. tab-set::
   .. tab-item:: MinIO Tenant
      .. code-block:: shell
         :class: copyable
         kubectl port-forward service/minio 443:443
   .. tab-item:: MinIO Console
      .. code-block:: shell
         :class: copyable
         kubectl port-forward service/minio-tenant-1-console 9443:9443
--- a/source/operations/install-deploy-manage/multi-site-replication.rst
+++ b/source/operations/install-deploy-manage/multi-site-replication.rst
@ -53,14 +53,14 @@ After enabling site replication, identity and access management (IAM) settings s
         Service accounts for ``root`` do not sync.
      #. Policy mapping for synced user accounts
-      #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`__
+      #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`
   .. tab-item:: OIDC
      #. Policies
      #. Service accounts associated to OIDC accounts with a valid :ref:`MinIO Policy <minio-policy>`. ``root`` service accounts do not sync.
      #. Policy mapping for synced user accounts
-      #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`__
+      #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`
   .. tab-item:: LDAP
@ -68,7 +68,7 @@ After enabling site replication, identity and access management (IAM) settings s
      #. Groups
      #. Service accounts associated to LDAP accounts with a valid :ref:`MinIO Policy <minio-policy>`. ``root`` service accounts do not sync.
      #. Policy mapping for synced user accounts
-      #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`__
+      #. Policy mapping for :ref:`Security Token Service (STS) users <minio-security-token-service>`
 After the initial synchronization of data across peer sites, MinIO continually replicates and synchronizes :ref:`replicable data <minio-site-replication-what-replicates>` among all sites as they occur on any site.
--- a/source/operations/installation.rst
+++ b/source/operations/installation.rst
@ -6,6 +6,10 @@
   .. include:: /includes/container/installation.rst
-.. cond:: k8s
+.. cond:: openshift
   .. include:: /includes/openshift/deploy-minio-on-openshift.rst
 .. cond:: k8s and not openshift
   .. include:: /includes/k8s/deploy-operator.rst