minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-31 18:04:52 +03:00
Code Activity

Kustomize deployment instructions (#1202)

Browse Source 
New page with Kustomize Operator deployment instructions, as a sibling
to the existing Helm page. Includes some matching updates to the Helm
page, for consistency.

Replacing the Krew instructions (numerous locations) will be a separate
PR.

Staged

http://192.241.195.202:9000/staging/DOCS-1125/k8s/operations/install-deploy-manage/deploy-operator-kustomize.html

See also: https://github.com/minio/operator/pull/1947

Fixes https://github.com/minio/docs/issues/1125
This commit is contained in:
Andrea Longo
2024-05-09 13:11:40 -06:00
committed by GitHub
parent 64923e3c1b
commit 7013fc3723
4 changed files with 234 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
source/includes/k8s/deploy-operator.rst
View File

@ -172,4 +172,5 @@ To install Operator using a Helm chart, see :ref:`Deploy Operator with Helm <min
:hidden: :hidden:
/operations/install-deploy-manage/deploy-operator-helm /operations/install-deploy-manage/deploy-operator-helm
/operations/install-deploy-manage/deploy-operator-kustomize

2
source/operations/install-deploy-manage/deploy-minio-tenant-helm.rst
View File

@ -90,7 +90,7 @@ You can modify the Operator deployment after installation.
Use the ``helm install`` command to deploy the Tenant Chart. Use the ``helm install`` command to deploy the Tenant Chart.
If you need to override values in the default :ref:`values <minio-operator-chart-tenant-values>` file, you can use the ``--set`` operation for any single key-value. If you need to override values in the default :ref:`values <minio-tenant-chart-values>` file, you can use the ``--set`` operation for any single key-value.
Alternatively, specify your own ``values.yaml`` using the ``--f`` parameter to override multiple values at once: Alternatively, specify your own ``values.yaml`` using the ``--f`` parameter to override multiple values at once:
.. code-block:: shell .. code-block:: shell

9
source/operations/install-deploy-manage/deploy-operator-helm.rst
View File

@ -45,8 +45,8 @@ You can modify the Operator deployment after installation.
.. important:: .. important::
Do not use ``kubectl krew`` or similar methods to update or manage the MinIO Operator installation.
If you use Helm charts to install the Operator, you must use Helm to manage that installation. If you use Helm charts to install the Operator, you must use Helm to manage that installation.
Do not use ``kubectl krew``, Kustomize, or similar methods to update or manage the MinIO Operator installation.
#. Add the MinIO Operator Repo to Helm #. Add the MinIO Operator Repo to Helm
@ -120,10 +120,13 @@ You can modify the Operator deployment after installation.
replicaset.apps/console-68d955874d 1 1 1 25h replicaset.apps/console-68d955874d 1 1 1 25h
replicaset.apps/minio-operator-699f797b8b 2 2 2 25h replicaset.apps/minio-operator-699f797b8b 2 2 2 25h
#. (Optional) Enable NodePort Access to the Console #. *(Optional)* Enable NodePort Access to the Console
The Operator Console service does not automatically bind or expose itself for external access on the Kubernetes cluster.
You must instead configure a network control plane component, such as a load balancer or ingress, to grant that external access.
You can enable :kube-docs:`Node Port <concepts/services-networking/service/#type-nodeport>` access to the ``service/console`` service to allow simplified access to the MinIO Operator. You can enable :kube-docs:`Node Port <concepts/services-networking/service/#type-nodeport>` access to the ``service/console`` service to allow simplified access to the MinIO Operator.
You can skip this step if you intend to configure the Operator Console service to use a Kubernetes Load Balancer, ingress, or similar control plane component that enables external access. You should skip this step if you intend to configure the Operator Console service to use a Kubernetes Load Balancer, ingress, or similar control plane component that enables external access.
Edit the ``service/console`` and set the ``spec.ports[0].nodePort`` and ``spec.type`` fields as follows: Edit the ``service/console`` and set the ``spec.ports[0].nodePort`` and ``spec.type`` fields as follows:

226
source/operations/install-deploy-manage/deploy-operator-kustomize.rst Normal file
View File

@ -0,0 +1,226 @@
.. _minio-k8s-deploy-operator-kustomize:
==============================
Deploy Operator With Kustomize
==============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
Overview
--------
`Kustomize <https://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization>`__ is a YAML-based templating tool that allows you to define Kubernetes resources in a declarative and repeatable fashion.
Kustomize is included with the :kube-docs:`kubectl <reference/kubectl>` command line tool.
The `default MinIO Operator Kustomize template <https://github.com/minio/operator/blob/master/kustomization.yaml>`__ provides a starting point for customizing configurations for your local environment.
You can modify the default Kustomization file or apply your own `patches <https://datatracker.ietf.org/doc/html/rfc6902>`__ to customize the Operator deployment for your Kubernetes cluster.
Prerequisites
-------------
Installing Operator with Kustomize requires the following prerequisites:
* An existing Kubernetes cluster, v1.21 or later.
* A local ``kubectl`` installation with the same version as the cluster.
* Access to run ``kubectl`` commands on the cluster from your local host.
For more about Operator installation requirements, including TLS certificates, see the :ref:`Operator deployment prerequisites <minio-operator-prerequisites>`.
This procedure assumes familiarity with the referenced Kubernetes concepts and utilities.
While this documentation may provide guidance for configuring or deploying Kubernetes-related resources on a best-effort basis, it is not a replacement for the official :kube-docs:`Kubernetes Documentation <>`.
.. _minio-k8s-deploy-operator-kustomize-repo:
Install the MinIO Operator using Kustomize
------------------------------------------
The following procedure uses ``kubectl -k`` to install the Operator from the MinIO Operator GitHub repository.
``kubectl -k`` and ``kubectl --kustomize`` are aliases that perform the same command.
.. important::
If you use Kustomize to install the Operator, you must use Kustomize to manage or update that installation.
Do not use ``kubectl krew``, a Helm chart, or similar methods to manage or update the MinIO Operator installation.
#. Install the latest version of Operator
.. code-block:: shell
:class: copyable
:substitutions:
kubectl apply -k github.com/minio/operator\?ref=v|operator-version-stable|
The output resembles the following:
.. code-block:: shell
namespace/minio-operator created
customresourcedefinition.apiextensions.k8s.io/miniojobs.job.min.io created
customresourcedefinition.apiextensions.k8s.io/policybindings.sts.min.io created
customresourcedefinition.apiextensions.k8s.io/tenants.minio.min.io created
serviceaccount/console-sa created
serviceaccount/minio-operator created
clusterrole.rbac.authorization.k8s.io/console-sa-role created
clusterrole.rbac.authorization.k8s.io/minio-operator-role created
clusterrolebinding.rbac.authorization.k8s.io/console-sa-binding created
clusterrolebinding.rbac.authorization.k8s.io/minio-operator-binding created
configmap/console-env created
secret/console-sa-secret created
service/console created
service/operator created
service/sts created
deployment.apps/console created
deployment.apps/minio-operator created
#. Verify the Operator pods are running:
.. code-block:: shell
:class: copyable
kubectl get pods -n minio-operator
The output resembles the following:
.. code-block:: shell
NAME READY STATUS RESTARTS AGE
console-6b6cf8946c-9cj25 1/1 Running 0 99s
minio-operator-69fd675557-lsrqg 1/1 Running 0 99s
In this example, the ``minio-operator`` pod is MinIO Operator and the ``console`` pod is the Operator Console.
You can modify your Operator deplyoment by applying kubectl patches.
You can find examples for common configurations in the `Operator GitHub repository <https://github.com/minio/operator/tree/master/examples/kustomization>`__.
#. *(Optional)* Configure access to the Operator Console service
The Operator Console service does not automatically bind or expose itself for external access on the Kubernetes cluster.
You must instead configure a network control plane component, such as a load balancer or ingress, to grant that external access.
For testing purposes or short-term access, expose the Operator Console service through a NodePort using the following patch:
.. code-block:: shell
:class: copyable
kubectl patch service -n minio-operator console -p '
{
"spec": {
"ports": [
{
"name": "http",
"port": 9090,
"protocol": "TCP",
"targetPort": 9090,
"nodePort": 30090
},
{
"name": "https",
"port": 9443,
"protocol": "TCP",
"targetPort": 9443,
"nodePort": 30433
}
],
"type": "NodePort"
}
}'
You can now access the service through port ``30433`` on any of your Kubernetes worker nodes.
#. Verify the Operator installation
Check the contents of the specified namespace (``minio-operator``) to ensure all pods and services have started successfully.
.. code-block:: shell
:class: copyable
kubectl get all -n minio-operator
The response should resemble the following:
.. code-block:: shell
NAME READY STATUS RESTARTS AGE
pod/console-68d955874d-vxlzm 1/1 Running 0 25h
pod/minio-operator-699f797b8b-th5bk 1/1 Running 0 25h
pod/minio-operator-699f797b8b-nkrn9 1/1 Running 0 25h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/console ClusterIP 10.43.195.224 <none> 9090/TCP,9443/TCP 25h
service/operator ClusterIP 10.43.44.204 <none> 4221/TCP 25h
service/sts ClusterIP 10.43.70.4 <none> 4223/TCP 25h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/console 1/1 1 1 25h
deployment.apps/minio-operator 2/2 2 2 25h
NAME DESIRED CURRENT READY AGE
replicaset.apps/console-68d955874d 1 1 1 25h
replicaset.apps/minio-operator-699f797b8b 2 2 2 25h
#. Retrieve the Operator Console JWT for login
.. code-block:: shell
:class: copyable
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: console-sa-secret
namespace: minio-operator
annotations:
kubernetes.io/service-account.name: console-sa
type: kubernetes.io/service-account-token
EOF
SA_TOKEN=$(kubectl -n minio-operator get secret console-sa-secret -o jsonpath="{.data.token}" | base64 --decode)
echo $SA_TOKEN
#. Log into the MinIO Operator Console
.. tab-set::
.. tab-item:: NodePort
:selected:
If you configured the service for access through a NodePort, specify the hostname of any worker node in the cluster with that port as ``HOSTNAME:NODEPORT`` to access the Console.
For example, a deployment configured with a NodePort of 30090 and the following ``InternalIP`` addresses can be accessed at ``http://172.18.0.5:30090``.
.. code-block:: shell
:class: copyable
$ kubectl get nodes -o custom-columns=IP:.status.addresses[:]
IP
map[address:172.18.0.5 type:InternalIP],map[address:k3d-MINIO-agent-3 type:Hostname]
map[address:172.18.0.6 type:InternalIP],map[address:k3d-MINIO-agent-2 type:Hostname]
map[address:172.18.0.2 type:InternalIP],map[address:k3d-MINIO-server-0 type:Hostname]
map[address:172.18.0.4 type:InternalIP],map[address:k3d-MINIO-agent-1 type:Hostname]
map[address:172.18.0.3 type:InternalIP],map[address:k3d-MINIO-agent-0 type:Hostname]
.. tab-item:: Ingress or Load Balancer
If you configured the ``svc/console`` service for access through ingress or a cluster load balancer, you can access the Console using the configured hostname and port.
.. tab-item:: Port Forwarding
You can use ``kubectl port forward`` to temporary forward ports for the Console:
.. code-block:: shell
:class: copyable
kubectl port-forward svc/console -n minio-operator 9090:9090
You can then use ``http://localhost:9090`` to access the MinIO Operator Console.
Once you access the Console, use the Console JWT to log in.
You can now :ref:`deploy and manage MinIO Tenants using the Operator Console <deploy-minio-distributed>`.