minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-08-09 13:02:53 +03:00
Code Activity

Initial Commit (not yet MVP 1.0)

Browse Source
This commit is contained in:
ravindk89
2020-07-15 16:28:50 -04:00
commit aa832e1d2f
79 changed files with 11783 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

87
source/kubernetes/deploy-on-kubernetes.rst Normal file
View File

@@ -0,0 +1,87 @@
====================================
Deploy MinIO on a Kubernetes Cluster
====================================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
Overview
--------
This tutorial uses the MinIO Kubernetes Operator to deploy MinIO to your
Kubernetes cluster in a distributed configuration. Distributed MinIO deployments
are suitable for development, staging, and production environments. For
a tutorial on creating a more simple MinIO deployment for local development
and evaluation, see :doc:`/kubernetes/quickstart`.
By default, this tutorial creates a distributed MinIO deployment with the
following components:
- 4 MinIO server instances with TLS enabled.
- 4 x 1TB storage volumes per MinIO server instance.
- 1 MinIO KES key management instance.
- 1 MinIO Minio Console Service instance.
- 1 MinIO Operator instance.
This tutorial includes instructions for modifying the deployment configuration
for your specific requirements.
You should have basic familiarity with Kubernetes, its associated terminology,
and its command line tools prior to starting this tutorial. While the MinIO
documentation makes a best-effort to address Kubernetes-specific information,
you should review the official Kubernetes :kube-docs:`documentation <>` for more
complete coverage.
.. _minio-kubernetes-deploy-minio-prerequisites:
Prerequisites
-------------
This tutorial requires the following resources:
- The :minio-git:`minio-operator <minio-operator>` github repository.
- A Kubernetes cluster with *at least* **four**
:kube-docs:`node` per MinIO server instance. Each node must have *at least*
**four** persistent volumes.
- A host machine with ``kubectl`` installed. See
:kube-docs:`Install and Set Up kubectl <tasks/tools/install-kubectl/>`
The host machine should be configured such that ``kubectl`` can access the
Kubernetes cluster. See :kube-docs:`Access Applications in a Cluster
<tasks/access-application-cluster>` for more information.
Considerations
--------------
.. ToDo:
- Document recommended resource allocation (CPU, RAM, etc.)
- Document recommended number of MinIO pods to Nodes
- Document recommended ratio of PV to Physical Disk
Procedure
---------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````

113
source/kubernetes/enforce-security.rst Normal file
View File

@@ -0,0 +1,113 @@
========================================
Enforce Security for MinIO in Kubernetes
========================================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
Overview
--------
This page covers multiple procedures for configuring MinIO security features
using the MinIO Kubernetes Operator.
You should have basic familiarity with Kubernetes, its associated terminology,
and its command line tools prior to starting any of the documented procedures.
While the MinIO documentation makes a best-effort to address Kubernetes-specific
information, you should review the official Kubernetes :kube-docs:`documentation
<>` for more complete coverage.
.. _minio-kubernetes-enforce-security-prerequisites:
Prerequisites
-------------
This tutorial requires the following resources:
- The :minio-git:`minio-operator <minio-operator>` github repository.
- A Kubernetes cluster with *at least* **four**
:kube-docs:`node` per MinIO server instance. Each node must have *at least*
**four** persistent volumes.
- A host machine with ``kubectl`` installed. See
:kube-docs:`Install and Set Up kubectl <tasks/tools/install-kubectl/>`
The host machine should be configured such that ``kubectl`` can access the
Kubernetes cluster. See :kube-docs:`Access Applications in a Cluster
<tasks/access-application-cluster>` for more information.
Considerations
--------------
.. ToDo:
- Document recommended resource allocation (CPU, RAM, etc.)
- Document recommended number of MinIO pods to Nodes
- Document recommended ratio of PV to Physical Disk
Enable TLS
----------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
Configure Root Access to MinIO Servers
--------------------------------------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
Another Deployment-Level Security Feature
-----------------------------------------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````

77
source/kubernetes/manage-on-kubernetes.rst Normal file
View File

@@ -0,0 +1,77 @@
====================================
Expand MinIO in a Kubernetes Cluster
====================================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
Overview
--------
This tutorial uses the MinIO Kubernetes Operator to expand an existing
distributed MinIO deployment in your Kubernetes cluster. Specifically,
this tutorial covers:
- Adding additional MinIO server instances to the deployment, *and*
- Adding additional drives to a MinIO server instance.
This tutorial includes instructions for modifying the deployment configuration
for your specific requirements.
You should have basic familiarity with Kubernetes, its associated terminology,
and its command line tools prior to starting this tutorial. While the MinIO
documentation makes a best-effort to address Kubernetes-specific information,
you should review the official Kubernetes :kube-docs:`documentation <>` for more
complete coverage.
.. _minio-kubernetes-expand-minio-prerequisites:
Prerequisites
-------------
This tutorial requires the following resources:
- The :minio-git:`minio-operator <minio-operator>` github repository.
- An existing Kubernetes cluster with a distributed MinIO deployment.
- A host machine with ``kubectl`` installed. See
:kube-docs:`Install and Set Up kubectl <tasks/tools/install-kubectl/>`
The host machine should be configured such that ``kubectl`` can access the
Kubernetes cluster. See :kube-docs:`Access Applications in a Cluster
<tasks/access-application-cluster>` for more information.
Considerations
--------------
.. ToDo:
- Document recommended resource allocation (CPU, RAM, etc.)
- Document recommended number of MinIO pods to Nodes
- Document recommended ratio of PV to Physical Disk
Procedure
---------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````

41
source/kubernetes/minio-kubernetes.rst Normal file
View File

@@ -0,0 +1,41 @@
=====================
MinIO for Kuberenetes
=====================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
MinIO is a high performance distributed object storage server, designed for
large-scale private cloud infrastructure. MinIO is designed in a cloud-native
manner to scale sustainably in multi-tenant environments. Orchestration
platforms like Kubernetes provide perfect cloud-native environment to deploy and
scale MinIO. The :minio-git:`MinIO Kubernetes Operator </minio-operator>` brings
native MinIO support to Kubernetes.
.. image:: /images/Kubernetes-Minio.svg
:align: center
:width: 90%
:class: no-scaled-link
:alt: Kubernetes Orchestration with the MinIO Operator facilitates automated deployment of MinIO clusters.
.. versionchanged:: VERSION.VERSION
This feature was added in VERSION, upgrade to VERSION
.. toctree::
:titlesonly:
:hidden:
/kubernetes/quickstart
/kubernetes/deploy-on-kubernetes
/kubernetes/manage-on-kubernetes
/kubernetes/enforce-security
/kubernetes/operator-kes
/kubernetes/operator-mcs
/kubernetes/operator-reference

79
source/kubernetes/operator-kes.rst Normal file
View File

@@ -0,0 +1,79 @@
========================================
Deploy MinIO KES on a Kubernetes Cluster
========================================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
MinIO KES is a stateless and distributed key-management system for
high-performance applications. KES provides a bridge between applications
running in containerized deployments, like Kubernetes, and centralized Key
Mannagement Systems (KMS) like Hashicorp Vault or Amazon Web Services (AWS) KMS. This
tutorial covers the information necessary for using the MinIO Kubernetes
Operator (``minio-operator``) to deploy MinIO KES instances on a Kubernetes
Cluster.
You should have basic familiarity with the Kubernetes ecosystem and your
preferred KMS backend prior to starting this tutorial. Defer to the official
documentation for :kube-docs:`Kubernetes` and your preferred KMS backend for
more complete learning resource. While the MinIO docs make a best-effort
to cover third-party concepts and configurations, you should not depend on
this tutorial as the only source of information on third-party products.
For more complete documentation on MinIO KES, see <future page>.
Prerequisites
-------------
This tutorial requires the following resources:
Kubernetes Cluster
You should have access to a running Kubernetes cluster.
The Kubernetes cluster
- The Kubernetes cluster must have at least one running
:minio-git:`minio-operator <minio-operator>` instance. See
<future minio-operator deployment proc> for installation instructions.
The Kubernetes cluster should have *at least* **one** node with enough
resources to launch additional pods.
- The ``minio-operator`` has TLS configured and enabled. See
<future minio-operator security config docs> for configuration instructions.
- An x.509 Certificate and corresponding private key for MinIO KES to use
for mTLS authentication and authorization.
- A supported Key Management System backend. MinIO KES supports the following KMS providers:
- `Hashicorp Vault <https://www.vaultproject.io/?ref=minio>`__
- `Amazon Web Services KMS <https://aws.amazon.com/kms/?ref=minio>`__
- `Gemalto SafeNet KeySecure <https://www.netapp.com/us/products/storage-security-systems/key-management/keysecure-k460.aspx?ref=minio>`__
Procedure
---------
Procedure
---------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````

74
source/kubernetes/operator-mcs.rst Normal file
View File

@@ -0,0 +1,74 @@
===================================================
Deploy MinIO Console Server on a Kubernetes Cluster
===================================================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
MinIO Console Server (MCS) is a graphical user interface for administrating
MinIO servers. This tutorial covers the information necessary for using the
MinIO Kubernetes Operator (``minio-operator``) to deploy MinIO MCS instances on
a Kubernetes Cluster.
You should have basic familiarity with the Kubernetes ecosystem prior to
starting this tutorial. Defer to the official documentation for
:kube-docs:`Kubernetes` for more complete learning resources. While the MinIO
docs make a best-effort to cover third-party concepts and configurations, you
should not depend on this tutorial as the only source of information on
third-party products.
For more complete documentation on MinIO MCS, see <future page>.
Prerequisites
-------------
This tutorial requires the following resources:
Kubernetes Cluster
You should have access to a running Kubernetes cluster.
The Kubernetes cluster should have *at least* **one** node with enough
resources to launch additional pods.
MinIO Kubernetes Operator
The Kubernetes cluster must have at least one running
:minio-git:`minio-operator <minio-operator>` instance. See <future
minio-operator deployment proc> for installation instructions.
The MinIO operator *must* have TLS configured and enabled. See <future
security config docs> for configuration instructions.
MinIO Deployment
For a tutorial on deploying MinIO on Kubernetes, see
:doc:`/kubernetes/deploy-on-kubernetes`.
For a shorter tutorial for local development only, see
:doc:`/kubernetes/quickstart`.
The MinIO deployment must have at least one MinIO user with administrative
privileges for the MCS instance to use for authentication and authorization.
See <future security docs> for more information on configuring MinIO users.
Procedure
---------
1) First Step Header
~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````
2) Second Step Header
~~~~~~~~~~~~~~~~~~~~~
a) First Substep
````````````````
b) Second Substep
`````````````````

133
source/kubernetes/operator-reference.rst Normal file
View File

@@ -0,0 +1,133 @@
========================
MinIO Operator Reference
========================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 2
This document explains the various fields supported by MinIO Operator and its
CRD's and how to use these fields to deploy and access MinIO server clusters.
MinIO Operator creates native Kubernetes resources within the cluster. The
operator uses the name of the created MinIO Instance as a prefix for
all resources created by the operator. For example, if deploying a
MinIO instance named ``minioinstance``, the operator creates the following
resources with their associated names:
- Headless Service: ``minioinstance-hl-svc``
- StatefulSet: ``minioinstance``
- Secret: ``minioinstance-tls`` (If :kubeconf:`spec.requestAutoCert` is enabled)
- CertificateSigningRequest: ``minioinstance-csr`` (If :kubeconf:`spec.requestAutoCert` is enabled)
The MinIO Kubernetes Operator is under active development. The contents of
this page may change at any time.
Configuration File Overview
---------------------------
The following example shows all possible MinIO Kubernetes Operator configuration
options.
.. code-block:: yaml
:class: copyable
apiVerison: operator.min.io/v1
kind: "MinIOInstance"
metadata: <object>
scheduler: <string>
spec:
metadata: <object>
image: <string>
zones: <int>
volumesPerServer: <int>
imagePullSecret: <string>
credsSecret: <string>
replicas: <int>
podManagementPolicy: <string>
mountPath: <string>
subPath: <string>
volumeClaimTemplate: <object>
env: <object>
requestAutoCert: <bool>
certConfig: <object>
externalCertSecret: <object>
resources: <object>
liveness: <object>
nodeSelector: <object>
tolerations: <object>
securityContext: <object>
serviceAccountName: <string>
mcs:
image: <string>
replicas: <int>
mcsSecret: <string>
metadata: <object>
kes:
replicas: <int>
image: <string>
configSecret: <string>
metadata: <object>
Configuration Options
---------------------
.. kubeconf:: kind
*Type*: String
Specify ``MinIOInstance``.
.. kubeconf:: metadata
*Type*: Object
Metadata related to the ``MinIOInstance``. For example, the
following sets the ``label`` for the ``MinIOInstance`` object:
.. code-block:: yaml
metadata:
labels: minio
See :kube-api:`#objectmeta-v1-meta` for more complete documentation on
supported metadata options.
.. kubeconf:: spec
*Type*: Object
The specifications used by the MinIO Operator to deploy the MinIO
server cluster.
Options marked as **Required** must be included in the configuration
document.
.. kubeconf:: spec.metadata
*Type* : Object
Metadata related to all pods launched by the MinIO operator. For example, the
following sets the ``label`` for all pods launched by the MinIO instance
.. code-block:: yaml
metadata:
labels: minio
See :kube-api:`metadata reference documentation <#objectmeta-v1-meta>` for
more complete documentation on supported metadata options.
.. kubeconf:: spec.requestAutoCert
*Type*: Boolean
*Defaults*: ``false``
Specify ``true`` to enable automatic TLS certificate generation for each
resource created by the MinIO Operator. The operator uses the root
Certificate Authority (CA) configured for the Kubernetes cluster to generate
the required Certificate Signing Requests (CSR).

229
source/kubernetes/quickstart.rst Normal file
View File

@@ -0,0 +1,229 @@
============================================
Quickstart: Deploy a Standalone MinIO Server
============================================
.. default-domain:: minio
.. contents:: On This Page
:local:
:depth: 1
Overview
--------
This tutorial uses the MinIO Operator to create a standalone MinIO server on a
local Kubernetes cluster. Standalone MinIO deployments are best suited for local
development of applications using MinIO for object storage. For a tutorial on
creating a production-grade MinIO deployment on a Kubernetes cluster, see
:doc:`/kubernetes/deploy-on-kubernetes`.
By default, this tutorial creates a standalone MinIO deployment with the
following components:
- 1 MinIO server instance with TLS enabled.
- 4 x 100MB storage volumes
- 1 MinIO Minio Console Service instance.
- 1 MinIO Operator instance.
You should have basic familiarity with Kubernetes, its associated terminology,
and its command line tools prior to starting this tutorial. While the MinIO
documentation makes a best-effort to address Kubernetes-specific information,
you should review the official Kubernetes :kube-docs:`documentation <>` for more
complete coverage.
.. _minio-kubernetes-quickstart-prerequisites:
Prerequisites
-------------
This tutorial requires the following resources:
- The :minio-git:`minio-operator <minio-operator>` github repository.
- The `kind <https://kind.sigs.k8s.io/>`__ Kubernetes cluster deployment tool.
Defer to the ``kind``
`Quick Start <https://kind.sigs.k8s.io/docs/user/quick-start/>`__ for
installation instructions and related dependencies.
- A host machine where you have rights to install and run software. The
host machine **must** have *at least* the following available resources:
- 10GB of free storage space.
- 2GB of free system memory (RAM)
- 2 or more physical CPUs.
Procedure
---------
1) Download and Configure Prerequisites
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
a\) Clone the ``minio-operator`` github repository
Issue the following command in a terminal or shell on the host machine
to clone the :minio-git:`minio-operator <minio-operator>` github repository.
.. include:: /includes/minio-kubernetes-operator.rst
The github repository contains the MinIO Kubernetes Operator and the example
configuration files used as part of this tutorial.
b\) Install and configure ``kind``
Follow the instructions on the ``kind``
`Quick Start <https://kind.sigs.k8s.io/docs/user/quick-start/>`__ guide.
Once installed, use the following ``kind`` cluster configuration file to
create a Kubernetes cluster that can support a standalone MinIO server:
.. code-block:: yaml
:class: copyable
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
- role: control-plane
- role: worker
Issue the following command in a terminal or shell on the host machine to
create the local Kubernetes cluster:
.. code-block:: shell
:class: copyable
kind create cluster --name minio-local --config.yaml
To confirm the cluster is available, run the following command:
.. code-block:: shell
:class: copyable
kubectl --cluster-info --context kind-minio-local
Take note of the hostnames assigned to each component in the Kubernetes
cluster.
2) Start the MinIO Kubernetes Operator
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue the following command in a terminal or shell on the host machine to
start the MinIO Kubernetes Operator.
.. code-block:: shell
:class: copyable
kubectl apply -f ~/minio-kubernetes/git/minio-operator/minio-operator.yaml
The ``minio-operator.yaml`` configuration file creates a
``minio-operator`` deployment in the Kubernetes cluster.
3) Configure the Storage Layer
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The example MinIO server configuration used in this tutorial requires four
:kube-docs:`persistent volumes <storage/persistent-volumes/>` to start
successfully. This configuration enables features such as :ref:`erasure coding
<minio-erasure-coding>`.
Create four Kubernetes persistent volumes for use by the MinIO server instance.
MinIO recommends creating :kube-docs:`local <storage/volumes/#local>` persistent
volumes. The following template provides all required fields for creating the
required persistent volumes:
.. code-block:: yaml
:class: copyable
apiVersion: v1
kind: PersistentVolume
metadata:
name: minioexample-pv1
spec:
capacity:
storage: 10Gi # specify the maximum size of the storage device
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage-class
local:
path: /var/export1 # specify path to local volume on host
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- minio-local-worker #specify hostname prefix of preferred node
Change the following configuration options as appropriate for the host
machine configuration:
- ``spec.capacity.storage`` ( :kube-docs:`reference <concepts/storage/persistent-volumes/#capacity>`)
- ``spec.local.path`` ( :kube-api:`reference <#localvolumesource-v1-core>`)
- ``spec.nodeAffinity.required.matchExpressions.key.values`` (:kube-api:`reference <#nodeselectorrequirement-v1-core>`)
Issue the following command against each persistent volume configuration file
to create the associated resources. Replace ``<pv-filename>`` with the name
of each persistent volume configuration file.
.. code-block:: shell
kubectl apply -f ~/minio-kubernetes/<pv-filename>.yaml
Issue the following command to check the state of the persistent volumes:
.. code-block:: shell
:class: copyable
kubectl get pv
The output should include the four created persistent volumes.
4) Create the MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~
Issue the following command in a terminal or shell to create the MinIO
standalone instance using the MinIO Kubernetes Operator:
.. code-block:: shell
kubectl apply -f ~/minio-kubernetes/minio-operator/examples/minioinstance-standalone.yaml
Issue the following command to check the state of the minio instance:
.. code-block:: shell
kubectl get pods
The output should include a pod running the MinIO server.
5) Connect to the MinIO Server
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``minioinstance-standalone.yaml`` configuration file also creates a
Kubernetes Service to manage communications to and from pods running the MinIO
service. Issue the following command to get the IP address of the service:
.. code-block:: shell
kubectl get services
The default access key is ``minio-admin`` and the default secret key is
``minio-admin``.
You must use the IP address of the ``minio-service`` to access the MinIO
server. For example, if the IP address is ``192.51.100.21``, enter the URL
``http://192.51.100.21:9000`` into your browser to access the MinIO server.
To connect using the ``mc`` client, issue the following command on in a
terminal or shell:
.. code-block:: shell
mc config host add minio http://192.51.100.21 minio-admin minio-admin
Next Steps
~~~~~~~~~~
- Perform CRUD operations on a MinIO Server (ToDo)
-