From d9ee220a360479b34b408712a2d3a8b9c1ebb5c1 Mon Sep 17 00:00:00 2001 From: ravindk89 Date: Mon, 8 Feb 2021 20:48:12 -0500 Subject: [PATCH] GA Fixups GA Preperations --- source/_static/css/main.css | 3 + source/_static/css/main.min.css | 2 +- source/_static/data/nav.json | 19 +- source/_static/scss/includes/_base.scss | 4 + source/_templates/layout.html | 3 +- .../bare-metal/minio-baremetal-overview.rst | 363 ----- .../bucket-notifications.md | 0 .../bucket-versioning.rst | 0 .../erasure-coding.rst | 66 +- .../feature-overview.rst} | 17 +- source/conf.py | 4 +- source/index.rst | 13 +- source/introduction/minio-overview.rst | 71 +- .../kubernetes/minio-kubernetes-overview.rst | 880 ------------ .../kubernetes/minio-operator-reference.rst | 1221 ----------------- .../minio-cli/minio-mc-admin.rst | 32 +- .../minio-mc-admin/mc-admin-bucket-quota.rst | 0 .../minio-mc-admin/mc-admin-bucket-remote.rst | 0 .../minio-mc-admin/mc-admin-console.rst | 0 .../minio-mc-admin/mc-admin-group.rst | 0 .../minio-mc-admin/mc-admin-heal.rst | 0 .../minio-mc-admin/mc-admin-info.rst | 0 .../minio-mc-admin/mc-admin-kms-key.rst | 0 .../minio-cli/minio-mc-admin/mc-admin-obd.rst | 0 .../minio-mc-admin/mc-admin-policy.rst | 0 .../minio-mc-admin/mc-admin-profile.rst | 0 .../minio-mc-admin/mc-admin-prometheus.rst | 0 .../minio-mc-admin/mc-admin-service.rst | 0 .../minio-cli/minio-mc-admin/mc-admin-top.rst | 0 .../minio-mc-admin/mc-admin-trace.rst | 0 .../minio-mc-admin/mc-admin-update.rst | 0 .../minio-mc-admin/mc-admin-user.rst | 0 .../minio-mc-admin/mc-admin.config.rst | 0 source/{ => reference}/minio-cli/minio-mc.rst | 54 +- .../minio-cli/minio-mc/mc-alias.rst | 0 .../minio-cli/minio-mc/mc-cat.rst | 0 .../minio-cli/minio-mc/mc-cp.rst | 0 .../minio-cli/minio-mc/mc-diff.rst | 0 .../minio-cli/minio-mc/mc-encrypt.rst | 0 .../minio-cli/minio-mc/mc-event.rst | 8 +- .../minio-cli/minio-mc/mc-find.rst | 0 .../minio-cli/minio-mc/mc-head.rst | 0 .../minio-cli/minio-mc/mc-ilm.rst | 0 .../minio-cli/minio-mc/mc-legalhold.rst | 0 .../minio-cli/minio-mc/mc-lock.rst | 0 .../minio-cli/minio-mc/mc-ls.rst | 0 .../minio-cli/minio-mc/mc-mb.rst | 0 .../minio-cli/minio-mc/mc-mirror.rst | 0 .../minio-cli/minio-mc/mc-mv.rst | 0 .../minio-cli/minio-mc/mc-policy.rst | 0 .../minio-cli/minio-mc/mc-rb.rst | 0 .../minio-cli/minio-mc/mc-replicate.rst | 0 .../minio-cli/minio-mc/mc-retention.rst | 0 .../minio-cli/minio-mc/mc-rm.rst | 0 .../minio-cli/minio-mc/mc-share.rst | 0 .../minio-cli/minio-mc/mc-sql.rst | 0 .../minio-cli/minio-mc/mc-stat.rst | 0 .../minio-cli/minio-mc/mc-tag.rst | 0 .../minio-cli/minio-mc/mc-tree.rst | 0 .../minio-cli/minio-mc/mc-update.rst | 0 .../minio-cli/minio-mc/mc-version.rst | 0 .../minio-cli/minio-mc/mc-watch.rst | 0 .../minio-server/minio-server.rst | 11 +- source/security/IAM/iam-providers.rst | 11 - .../IAM/iam-security-token-service.rst | 9 + .../IAM/identity-access-management.rst | 20 +- .../encryption/encryption-key-management.rst | 11 +- source/security/encryption/minio-kes.rst | 84 -- .../encryption/server-side-encryption.rst | 16 +- source/security/encryption/sse-s3-thales.rst | 57 - .../encryption/transport-layer-security.rst | 11 +- source/tutorials/minio-installation.rst | 346 +++++ 72 files changed, 557 insertions(+), 2779 deletions(-) delete mode 100644 source/bare-metal/minio-baremetal-overview.rst rename source/{minio-features => concepts}/bucket-notifications.md (100%) rename source/{minio-features => concepts}/bucket-versioning.rst (100%) rename source/{minio-features => concepts}/erasure-coding.rst (89%) rename source/{minio-features/overview.rst => concepts/feature-overview.rst} (61%) delete mode 100644 source/kubernetes/minio-kubernetes-overview.rst delete mode 100644 source/kubernetes/minio-operator-reference.rst rename source/{ => reference}/minio-cli/minio-mc-admin.rst (77%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-console.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-group.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-heal.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-info.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-kms-key.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-obd.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-policy.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-profile.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-prometheus.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-service.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-top.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-trace.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-update.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin-user.rst (100%) rename source/{ => reference}/minio-cli/minio-mc-admin/mc-admin.config.rst (100%) rename source/{ => reference}/minio-cli/minio-mc.rst (84%) rename source/{ => reference}/minio-cli/minio-mc/mc-alias.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-cat.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-cp.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-diff.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-encrypt.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-event.rst (96%) rename source/{ => reference}/minio-cli/minio-mc/mc-find.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-head.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-ilm.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-legalhold.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-lock.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-ls.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-mb.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-mirror.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-mv.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-policy.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-rb.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-replicate.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-retention.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-rm.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-share.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-sql.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-stat.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-tag.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-tree.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-update.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-version.rst (100%) rename source/{ => reference}/minio-cli/minio-mc/mc-watch.rst (100%) rename source/{ => reference}/minio-server/minio-server.rst (97%) delete mode 100644 source/security/IAM/iam-providers.rst delete mode 100644 source/security/encryption/minio-kes.rst delete mode 100644 source/security/encryption/sse-s3-thales.rst create mode 100644 source/tutorials/minio-installation.rst diff --git a/source/_static/css/main.css b/source/_static/css/main.css index 578602ab..c5c0d09a 100644 --- a/source/_static/css/main.css +++ b/source/_static/css/main.css @@ -227,6 +227,9 @@ div.admonition { border: none; border-left: 4px solid #2592EF; } +dl { + margin: 10px 0 10px 0; } + dl.minio { margin: 10px 0 10px 0; } diff --git a/source/_static/css/main.min.css b/source/_static/css/main.min.css index 1b4bb39e..6a89edca 100644 --- a/source/_static/css/main.min.css +++ b/source/_static/css/main.min.css @@ -1 +1 @@ -@font-face{font-family:Mark;src:url(../fonts/Mark-Regular.woff2) format("woff2"),url(../fonts/Mark-Regular.woff) format("woff");font-weight:400;font-style:normal}@font-face{font-family:Mark;src:url(../fonts/Mark-Medium.woff2) format("woff2"),url(../fonts/Mark-Medium.woff) format("woff");font-weight:500;font-style:normal}html{line-height:1.35;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:.9em}a{background-color:transparent;text-decoration:none}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:700}code,kbd,samp{font-family:monospace,monospace;font-size:.9em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button[disabled]{cursor:default}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{-webkit-box-sizing:border-box;box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}template{display:none}[hidden]{display:none}address{font-style:normal;color:inherit;margin:0}*{-webkit-box-sizing:border-box;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}:active,:focus{outline:0}html{font-size:16px}body{all:unset;font-family:Mark,sans-serif;font-size:1rem;line-height:1.5;color:#4b4b4b;background-color:#f9f9f9;font-weight:400;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}a{color:#0045ec;text-decoration:none}a:hover{color:#0036b9;text-decoration:none}h1,h2,h3,h4,h5{color:#1c1c1c}h1>a.toc-backref,h2>a.toc-backref,h3>a.toc-backref,h4>a.toc-backref,h5>a.toc-backref{color:#1c1c1c}div.admonition{margin-top:0}div.admonition>p.admonition-title{font-weight:700;font-family:Mark,sans-serif;font-size:1.2rem}div.admonition.warning{background-color:#fff2f2;border:none;border-left:4px solid #e54253}div.admonition.important{background-color:#fff9e6;border:none;border-left:4px solid #edbc39}div.admonition.note{background-color:#edf9ff;border:none;border-left:4px solid #2592ef}dl.minio{margin:10px 0 10px 0}div.footer{width:auto;margin:0}.align-default{text-align:left}table.docutils{border:none;box-shadow:none;-webkit-box-shadow:none;-moz-box-shadow:none}table.docutils>tbody tr th.stub{border:none;border-bottom:1px solid #e6e6e6;color:#c72c48}table.docutils>thead tr th{border:none;border-bottom:1px solid #e6e6e6;font-size:1rem;color:#c72c48}table.docutils>tbody tr td{border:none;border-bottom:1px solid #e6e6e6}table.docutils>tbody tr td>p{font-size:.9rem}.xref{color:#c72c48}.content__main img{-webkit-box-shadow:0 0 5px #d3d3d3;box-shadow:0 0 5px #d3d3d3}@media (min-width:1200px){.content,.header{padding:0 4rem}}@media (max-width:1199px){.content,.header{padding:0 2rem}}.content{overflow:auto;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:nowrap;flex-wrap:nowrap;height:calc(100vh - 5rem)}.content__main{-webkit-box-flex:1;-ms-flex:1;flex:1;min-width:0;background-color:#fff;-ms-flex-item-align:start;align-self:flex-start}@media (min-width:1200px){.content__main{padding:4rem}}@media (max-width:1199px){.content__main{padding:2rem}}.content__right{-ms-flex-negative:0;flex-shrink:0;position:sticky;top:0;max-width:200px}.header{height:5rem;background-color:#fff;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-shadow:0 0 .75rem rgba(0,0,0,.1);box-shadow:0 0 .75rem rgba(0,0,0,.1);width:100%;z-index:10;-ms-flex-negative:0;flex-shrink:0;display:flex;align-items:center}@media (min-width:992px){.header .toggle-icon{display:none}}.header .toggle-icon--menu{margin-left:auto}.logo{-ms-flex-negative:0;flex-shrink:0;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}@media (max-width:991px){.logo{margin-left:1rem}}.logo>img{height:1.05rem;-webkit-box-shadow:none;box-shadow:none}.nav{margin-left:auto}@media (max-width:991px){.nav{position:fixed;height:100vh;width:18rem;top:0;right:0;-webkit-transform:translate3d(18rem,0,0);transform:translate3d(18rem,0,0);opacity:0;-webkit-box-shadow:0 0 .8rem rgba(0,0,0,.1);box-shadow:0 0 .8rem rgba(0,0,0,.1);background-color:rgba(255,255,255,.9925);pointer-events:none;-webkit-transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,transform .3s;transition:opacity .4s,transform .3s,-webkit-transform .3s;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding:1rem 2rem 2rem;height:100%;overflow-y:auto}}.nav>.toggle-icon{position:absolute;top:.7rem;right:.7rem;z-index:1}.nav-toggled .nav{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;pointer-events:all}.nav__item{position:relative;font-size:.95rem;line-height:100%;border-radius:.2rem;cursor:pointer}.nav__item,.nav__item:hover{color:#4b4b4b}@media (min-width:992px){.nav__item{padding:.4rem 1.2rem .55rem}.nav__item:hover .nav__dropdown{opacity:1;pointer-events:all}}@media (max-width:991px){.nav__item{padding:.85rem 0}}.nav__item:last-child{border:1px solid #c72c48;-webkit-transition:background-color .3s,color .3s;transition:background-color .3s,color .3s;text-align:center}.nav__item:last-child:hover{background-color:#c72c48;color:#fff}@media (max-width:991px){.nav__item:last-child{margin-top:1rem}}a.nav__item:not(:last-child)>span{position:relative;cursor:pointer}a.nav__item:not(:last-child)>span:after{left:0;bottom:-7px;height:1px;width:100%;position:absolute;content:"";opacity:0;-webkit-transform:translateY(5px);transform:translateY(5px);-webkit-transition:opacity 250ms,-webkit-transform 250ms;transition:opacity 250ms,-webkit-transform 250ms;transition:opacity 250ms,transform 250ms;transition:opacity 250ms,transform 250ms,-webkit-transform 250ms;background-color:#4b4b4b}a.nav__item:not(:last-child).active>span::after,a.nav__item:not(:last-child):hover>span::after{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}@media (min-width:992px){span.nav__item:after{left:50%;margin-left:-12px;content:"";width:0;height:0;border-style:solid;border-width:0 12px 10px;border-color:transparent transparent #fff transparent;position:absolute;bottom:-3px;opacity:0;-webkit-transition:opacity .2s;transition:opacity .2s}span.nav__item:hover:after{opacity:1}}@media (min-width:992px){.nav__dropdown{background-color:#fff;padding:1.25rem;border-radius:.4rem;-webkit-box-shadow:0 -1px 1.25rem rgba(0,0,0,.13);box-shadow:0 -1px 1.25rem rgba(0,0,0,.13);margin-top:.3rem;width:24rem;-webkit-transform:translateX(calc(-50% + 2.8rem));transform:translateX(calc(-50% + 2.8rem));position:absolute;left:0;top:86%;opacity:0;-webkit-transition:opacity .2s;transition:opacity .2s;pointer-events:none;max-height:calc(100vh - 5rem);overflow-y:auto}}@media (max-width:991px){.nav__dropdown{margin:1rem -2rem -.8rem;padding:.5rem 2rem;background-color:#f9f9f9}}.nav__sub{display:block;text-align:left;font-size:1rem;color:#000;position:relative}@media (min-width:992px){.nav__sub{padding:1rem;border-radius:.4rem;-webkit-transition:background-color .3s;transition:background-color .3s}.nav__sub:hover{background-color:#f8f8f8;color:#000}}@media (max-width:991px){.nav__sub{padding:.75rem 0}}.nav__sub>small{display:block;font-size:.8rem;color:#7f7f7f;margin-top:.7rem;line-height:1.4}.nav__close{position:absolute;top:1.25rem;left:-2.7rem}.toggle-icon{width:2.5rem;height:2.5rem;cursor:pointer;border-radius:.2rem;-webkit-transition:background-color .3s;transition:background-color .3s;-ms-flex-negative:0;flex-shrink:0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;flex-shrink:0;background-repeat:no-repeat;background-position:center}.toggle-icon:hover{background-color:rgba(199,44,72,.075)}.toggle-icon--docs{background-image:url(../img/icons/docs.svg)}.toggle-icon--close{background-image:url(../img/icons/close-circle.svg)}.toggle-icon--menu{background-image:url(../img/icons/menu.svg)}.toggle-icon--toc{background-image:url(../img/icons/toc.svg)}.sidebar{width:18rem;position:sticky;position:-webkit-sticky;top:0;background-color:#f9f9f9;-webkit-transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,transform .3s;transition:opacity .4s,transform .3s,-webkit-transform .3s;padding:2rem 2rem 2rem 0}@media (max-width:991px){.sidebar{position:fixed;left:0;-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);height:100%;-webkit-box-shadow:0 0 1.5rem rgba(0,0,0,.15);box-shadow:0 0 1.5rem rgba(0,0,0,.15);opacity:0;z-index:11;pointer-events:none;height:100%;overflow-y:auto;padding-left:2rem}}.sidebar>.toggle-icon{position:absolute;top:.7rem;right:.7rem}@media (min-width:992px){.sidebar>.toggle-icon{display:none}}.sidebar__title{margin:0 0 1.5rem;line-height:100%}.sidebar__title>a{line-height:100%;color:#1c1c1c;font-size:.9rem;text-transform:uppercase;font-weight:500}.sidebar__title>a:hover{color:#1c1c1c}.sidebar-toggled .sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;pointer-events:all}.search{margin-bottom:.8rem}@media (max-width:991px){.search{margin-right:-1rem;margin-left:-1rem}}.search__text{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:1px solid #f0f0f0;height:2.65rem;background-color:#fff;color:#555;font-size:.85rem;width:100%;padding:0 1rem .1rem 2.6rem;background:url(../img/icons/search.svg) no-repeat center left 1rem;background-color:#fff}@media (min-width:992px){.search__text{border-radius:.2rem}}.search__text:focus{border-color:#cacaca}.docs ul{list-style:none;padding:0;font-size:.95rem}.docs ul>li>a,.docs ul>li>a>code{all:unset}.docs ul>li>a:hover{border:0;cursor:pointer}.docs>ul{margin:0}.docs>ul>li>a{color:#1c1c1c;padding:.5rem 0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.docs>ul>li>a:hover{color:#000}.docs>ul>li.current>a{color:#c72c48;font-weight:500}.docs>ul>li>ul{margin:0 0 .5rem}.docs>ul>li>ul>li>a{font-size:.85rem;color:#494949;display:block;padding:.4rem 0}.docs>ul>li>ul>li>a:hover{color:#000}.docs>ul>li>ul>li>a.current{color:#000;font-weight:500}div#localtoc{font-size:13px;margin-left:20px}#table-of-contents{background:0 0;border-style:none}#table-of-contents ul{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li>p a.reference{text-decoration:none;border-bottom:none;color:#1c1c1c}#table-of-contents ul>li>ul{margin:10px 0 10px 10px} \ No newline at end of file +@font-face{font-family:Mark;src:url(../fonts/Mark-Regular.woff2) format("woff2"),url(../fonts/Mark-Regular.woff) format("woff");font-weight:400;font-style:normal}@font-face{font-family:Mark;src:url(../fonts/Mark-Medium.woff2) format("woff2"),url(../fonts/Mark-Medium.woff) format("woff");font-weight:500;font-style:normal}html{line-height:1.35;-webkit-text-size-adjust:100%}body{margin:0}main{display:block}h1{font-size:2em;margin:.67em 0}hr{-webkit-box-sizing:content-box;box-sizing:content-box;height:0;overflow:visible}pre{font-family:monospace,monospace;font-size:.9em}a{background-color:transparent;text-decoration:none}abbr[title]{border-bottom:none;text-decoration:underline;-webkit-text-decoration:underline dotted;text-decoration:underline dotted}b,strong{font-weight:700}code,kbd,samp{font-family:monospace,monospace;font-size:.9em}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sub{bottom:-.25em}sup{top:-.5em}img{border-style:none}button,input,optgroup,select,textarea{font-family:inherit;font-size:100%;line-height:1.15;margin:0}button,input{overflow:visible}button,select{text-transform:none}button[disabled]{cursor:default}[type=button],[type=reset],[type=submit],button{-webkit-appearance:button}[type=button]::-moz-focus-inner,[type=reset]::-moz-focus-inner,[type=submit]::-moz-focus-inner,button::-moz-focus-inner{border-style:none;padding:0}[type=button]:-moz-focusring,[type=reset]:-moz-focusring,[type=submit]:-moz-focusring,button:-moz-focusring{outline:1px dotted ButtonText}fieldset{padding:.35em .75em .625em}legend{-webkit-box-sizing:border-box;box-sizing:border-box;color:inherit;display:table;max-width:100%;padding:0;white-space:normal}progress{vertical-align:baseline}textarea{overflow:auto}[type=checkbox],[type=radio]{-webkit-box-sizing:border-box;box-sizing:border-box;padding:0}[type=number]::-webkit-inner-spin-button,[type=number]::-webkit-outer-spin-button{height:auto}[type=search]{-webkit-appearance:textfield;outline-offset:-2px}[type=search]::-webkit-search-decoration{-webkit-appearance:none}::-webkit-file-upload-button{-webkit-appearance:button;font:inherit}details{display:block}summary{display:list-item}template{display:none}[hidden]{display:none}address{font-style:normal;color:inherit;margin:0}*{-webkit-box-sizing:border-box;box-sizing:border-box;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}:active,:focus{outline:0}html{font-size:16px}body{all:unset;font-family:Mark,sans-serif;font-size:1rem;line-height:1.5;color:#4b4b4b;background-color:#f9f9f9;font-weight:400;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column}a{color:#0045ec;text-decoration:none}a:hover{color:#0036b9;text-decoration:none}h1,h2,h3,h4,h5{color:#1c1c1c}h1>a.toc-backref,h2>a.toc-backref,h3>a.toc-backref,h4>a.toc-backref,h5>a.toc-backref{color:#1c1c1c}div.admonition{margin-top:0}div.admonition>p.admonition-title{font-weight:700;font-family:Mark,sans-serif;font-size:1.2rem}div.admonition.warning{background-color:#fff2f2;border:none;border-left:4px solid #e54253}div.admonition.important{background-color:#fff9e6;border:none;border-left:4px solid #edbc39}div.admonition.note{background-color:#edf9ff;border:none;border-left:4px solid #2592ef}dl{margin:10px 0 10px 0}dl.minio{margin:10px 0 10px 0}div.footer{width:auto;margin:0}.align-default{text-align:left}table.docutils{border:none;box-shadow:none;-webkit-box-shadow:none;-moz-box-shadow:none}table.docutils>tbody tr th.stub{border:none;border-bottom:1px solid #e6e6e6;color:#c72c48}table.docutils>thead tr th{border:none;border-bottom:1px solid #e6e6e6;font-size:1rem;color:#c72c48}table.docutils>tbody tr td{border:none;border-bottom:1px solid #e6e6e6}table.docutils>tbody tr td>p{font-size:.9rem}.xref{color:#c72c48}.content__main img{-webkit-box-shadow:0 0 5px #d3d3d3;box-shadow:0 0 5px #d3d3d3}@media (min-width:1200px){.content,.header{padding:0 4rem}}@media (max-width:1199px){.content,.header{padding:0 2rem}}.content{overflow:auto;display:-webkit-box;display:-ms-flexbox;display:flex;-ms-flex-wrap:nowrap;flex-wrap:nowrap;height:calc(100vh - 5rem)}.content__main{-webkit-box-flex:1;-ms-flex:1;flex:1;min-width:0;background-color:#fff;-ms-flex-item-align:start;align-self:flex-start}@media (min-width:1200px){.content__main{padding:4rem}}@media (max-width:1199px){.content__main{padding:2rem}}.content__right{-ms-flex-negative:0;flex-shrink:0;position:sticky;top:0;max-width:200px}.header{height:5rem;background-color:#fff;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-shadow:0 0 .75rem rgba(0,0,0,.1);box-shadow:0 0 .75rem rgba(0,0,0,.1);width:100%;z-index:10;-ms-flex-negative:0;flex-shrink:0;display:flex;align-items:center}@media (min-width:992px){.header .toggle-icon{display:none}}.header .toggle-icon--menu{margin-left:auto}.logo{-ms-flex-negative:0;flex-shrink:0;display:-webkit-inline-box;display:-ms-inline-flexbox;display:inline-flex}@media (max-width:991px){.logo{margin-left:1rem}}.logo>img{height:1.05rem;-webkit-box-shadow:none;box-shadow:none}.nav{margin-left:auto}@media (max-width:991px){.nav{position:fixed;height:100vh;width:18rem;top:0;right:0;-webkit-transform:translate3d(18rem,0,0);transform:translate3d(18rem,0,0);opacity:0;-webkit-box-shadow:0 0 .8rem rgba(0,0,0,.1);box-shadow:0 0 .8rem rgba(0,0,0,.1);background-color:rgba(255,255,255,.9925);pointer-events:none;-webkit-transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,transform .3s;transition:opacity .4s,transform .3s,-webkit-transform .3s;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-orient:vertical;-webkit-box-direction:normal;-ms-flex-direction:column;flex-direction:column;padding:1rem 2rem 2rem;height:100%;overflow-y:auto}}.nav>.toggle-icon{position:absolute;top:.7rem;right:.7rem;z-index:1}.nav-toggled .nav{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;pointer-events:all}.nav__item{position:relative;font-size:.95rem;line-height:100%;border-radius:.2rem;cursor:pointer}.nav__item,.nav__item:hover{color:#4b4b4b}@media (min-width:992px){.nav__item{padding:.4rem 1.2rem .55rem}.nav__item:hover .nav__dropdown{opacity:1;pointer-events:all}}@media (max-width:991px){.nav__item{padding:.85rem 0}}.nav__item:last-child{border:1px solid #c72c48;-webkit-transition:background-color .3s,color .3s;transition:background-color .3s,color .3s;text-align:center}.nav__item:last-child:hover{background-color:#c72c48;color:#fff}@media (max-width:991px){.nav__item:last-child{margin-top:1rem}}a.nav__item:not(:last-child)>span{position:relative;cursor:pointer}a.nav__item:not(:last-child)>span:after{left:0;bottom:-7px;height:1px;width:100%;position:absolute;content:"";opacity:0;-webkit-transform:translateY(5px);transform:translateY(5px);-webkit-transition:opacity 250ms,-webkit-transform 250ms;transition:opacity 250ms,-webkit-transform 250ms;transition:opacity 250ms,transform 250ms;transition:opacity 250ms,transform 250ms,-webkit-transform 250ms;background-color:#4b4b4b}a.nav__item:not(:last-child).active>span::after,a.nav__item:not(:last-child):hover>span::after{-webkit-transform:translateY(0);transform:translateY(0);opacity:1}@media (min-width:992px){span.nav__item:after{left:50%;margin-left:-12px;content:"";width:0;height:0;border-style:solid;border-width:0 12px 10px;border-color:transparent transparent #fff transparent;position:absolute;bottom:-3px;opacity:0;-webkit-transition:opacity .2s;transition:opacity .2s}span.nav__item:hover:after{opacity:1}}@media (min-width:992px){.nav__dropdown{background-color:#fff;padding:1.25rem;border-radius:.4rem;-webkit-box-shadow:0 -1px 1.25rem rgba(0,0,0,.13);box-shadow:0 -1px 1.25rem rgba(0,0,0,.13);margin-top:.3rem;width:24rem;-webkit-transform:translateX(calc(-50% + 2.8rem));transform:translateX(calc(-50% + 2.8rem));position:absolute;left:0;top:86%;opacity:0;-webkit-transition:opacity .2s;transition:opacity .2s;pointer-events:none;max-height:calc(100vh - 5rem);overflow-y:auto}}@media (max-width:991px){.nav__dropdown{margin:1rem -2rem -.8rem;padding:.5rem 2rem;background-color:#f9f9f9}}.nav__sub{display:block;text-align:left;font-size:1rem;color:#000;position:relative}@media (min-width:992px){.nav__sub{padding:1rem;border-radius:.4rem;-webkit-transition:background-color .3s;transition:background-color .3s}.nav__sub:hover{background-color:#f8f8f8;color:#000}}@media (max-width:991px){.nav__sub{padding:.75rem 0}}.nav__sub>small{display:block;font-size:.8rem;color:#7f7f7f;margin-top:.7rem;line-height:1.4}.nav__close{position:absolute;top:1.25rem;left:-2.7rem}.toggle-icon{width:2.5rem;height:2.5rem;cursor:pointer;border-radius:.2rem;-webkit-transition:background-color .3s;transition:background-color .3s;-ms-flex-negative:0;flex-shrink:0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center;-webkit-box-pack:center;-ms-flex-pack:center;justify-content:center;flex-shrink:0;background-repeat:no-repeat;background-position:center}.toggle-icon:hover{background-color:rgba(199,44,72,.075)}.toggle-icon--docs{background-image:url(../img/icons/docs.svg)}.toggle-icon--close{background-image:url(../img/icons/close-circle.svg)}.toggle-icon--menu{background-image:url(../img/icons/menu.svg)}.toggle-icon--toc{background-image:url(../img/icons/toc.svg)}.sidebar{width:18rem;position:sticky;position:-webkit-sticky;top:0;background-color:#f9f9f9;-webkit-transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,-webkit-transform .3s;transition:opacity .4s,transform .3s;transition:opacity .4s,transform .3s,-webkit-transform .3s;padding:2rem 2rem 2rem 0}@media (max-width:991px){.sidebar{position:fixed;left:0;-webkit-transform:translate3d(-100%,0,0);transform:translate3d(-100%,0,0);height:100%;-webkit-box-shadow:0 0 1.5rem rgba(0,0,0,.15);box-shadow:0 0 1.5rem rgba(0,0,0,.15);opacity:0;z-index:11;pointer-events:none;height:100%;overflow-y:auto;padding-left:2rem}}.sidebar>.toggle-icon{position:absolute;top:.7rem;right:.7rem}@media (min-width:992px){.sidebar>.toggle-icon{display:none}}.sidebar__title{margin:0 0 1.5rem;line-height:100%}.sidebar__title>a{line-height:100%;color:#1c1c1c;font-size:.9rem;text-transform:uppercase;font-weight:500}.sidebar__title>a:hover{color:#1c1c1c}.sidebar-toggled .sidebar{-webkit-transform:translate3d(0,0,0);transform:translate3d(0,0,0);opacity:1;pointer-events:all}.search{margin-bottom:.8rem}@media (max-width:991px){.search{margin-right:-1rem;margin-left:-1rem}}.search__text{-webkit-appearance:none;-moz-appearance:none;appearance:none;border:1px solid #f0f0f0;height:2.65rem;background-color:#fff;color:#555;font-size:.85rem;width:100%;padding:0 1rem .1rem 2.6rem;background:url(../img/icons/search.svg) no-repeat center left 1rem;background-color:#fff}@media (min-width:992px){.search__text{border-radius:.2rem}}.search__text:focus{border-color:#cacaca}.docs ul{list-style:none;padding:0;font-size:.95rem}.docs ul>li>a,.docs ul>li>a>code{all:unset}.docs ul>li>a:hover{border:0;cursor:pointer}.docs>ul{margin:0}.docs>ul>li>a{color:#1c1c1c;padding:.5rem 0;display:-webkit-box;display:-ms-flexbox;display:flex;-webkit-box-align:center;-ms-flex-align:center;align-items:center}.docs>ul>li>a:hover{color:#000}.docs>ul>li.current>a{color:#c72c48;font-weight:500}.docs>ul>li>ul{margin:0 0 .5rem}.docs>ul>li>ul>li>a{font-size:.85rem;color:#494949;display:block;padding:.4rem 0}.docs>ul>li>ul>li>a:hover{color:#000}.docs>ul>li>ul>li>a.current{color:#000;font-weight:500}div#localtoc{font-size:13px;margin-left:20px}#table-of-contents{background:0 0;border-style:none}#table-of-contents ul{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li{list-style:none;margin:10px 0 10px 0}#table-of-contents ul>li>p a.reference{text-decoration:none;border-bottom:none;color:#1c1c1c}#table-of-contents ul>li>ul{margin:10px 0 10px 10px} \ No newline at end of file diff --git a/source/_static/data/nav.json b/source/_static/data/nav.json index 3240dc48..2945e0d1 100644 --- a/source/_static/data/nav.json +++ b/source/_static/data/nav.json @@ -13,7 +13,24 @@ "link": "https://min.io/product/reference-hardware" } }, - "Docs": "https://docs.min.io/", + "Docs": { + "MinIO Baremetal" : { + "description": "MinIO Object Storage for Baremetal Infrastructure", + "link": "https://docs.min.io/minio/baremetal" + }, + "MinIO Hybrid Cloud" : { + "description" : "MinIO Object Storage for Kubernetes-Managed Private and Public Cloud Infrastructure", + "link" : "https://docs.min.io/minio/k8s" + }, + "MinIO for VMware Cloud Foundation" : { + "description" : "MinIO Object Storage for VMware Cloud Foundation 4.2", + "link" : "https://docs.min.io/minio/vsphere" + }, + "MinIO Legacy Documentation" : { + "description" : "MinIO Object Storage Legacy Documentation", + "link" : "https://docs.min.io" + } + }, "Solutions": { "VMware": { "description": "Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKGI and how we support their Kubernetes ambitions.", diff --git a/source/_static/scss/includes/_base.scss b/source/_static/scss/includes/_base.scss index c1d7e79a..a899a6ab 100644 --- a/source/_static/scss/includes/_base.scss +++ b/source/_static/scss/includes/_base.scss @@ -70,6 +70,10 @@ div.admonition { } } +dl { + margin: 10px 0 10px 0; +} + dl.minio { margin: 10px 0 10px 0; } diff --git a/source/_templates/layout.html b/source/_templates/layout.html index 47268c7e..013e82ba 100644 --- a/source/_templates/layout.html +++ b/source/_templates/layout.html @@ -107,7 +107,8 @@

Welcome to the upcoming version of the MinIO Documentation! - The content of these pages may change at any time. + The content on this page is under active development and + may change at any time. If you can't find what you're looking for, check our legacy documentation. Thank you for your patience. diff --git a/source/bare-metal/minio-baremetal-overview.rst b/source/bare-metal/minio-baremetal-overview.rst deleted file mode 100644 index 191fb295..00000000 --- a/source/bare-metal/minio-baremetal-overview.rst +++ /dev/null @@ -1,363 +0,0 @@ -.. _minio-baremetal: - -==================== -MinIO for Bare Metal -==================== - -.. default-domain:: minio - -.. contents:: Table of Contents - :local: - :depth: 2 - -MinIO is a high performance distributed object storage server, designed for -large-scale private cloud infrastructure. MinIO fully supports deployment onto -bare-metal hardware with or without containerization for process management. - -Standalone Installation ------------------------ - -Standalone MinIO deployments consist of a single ``minio`` server process with -one or more disks. Standalone deployments are best suited for local development -environments. - -1) Install the ``minio`` Server -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Install the :program:`minio` server onto the host machine. Select the tab that -corresponds to the host machine operating system or environment: - -.. include:: /includes/minio-server-installation.rst - -2) Add TLS/SSL Certificates (Optional) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Enable TLS/SSL connectivity to the MinIO server by specifying a private key -(``.key``) and public certificate (``.crt``) to the MinIO ``certs`` directory: - -- For Linux/MacOS: ``${HOME}/.minio/certs`` - -- For Windows: ``%%USERPROFILE%%\.minio\certs`` - -The MinIO server automatically enables TLS/SSL connectivity if it detects -the required certificates in the ``certs`` directory. - -.. note:: - - The MinIO documentation makes a best-effort to provide generally applicable - and accurate information on TLS/SSL connectivity in the context of MinIO - products and services, and is not intended as a complete guide to the larger - topic of TLS/SSL certificate creation and management. - -3) Run the ``minio`` Server -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Issue the following command to start the :program:`minio` server. The following -example assumes the host machine has *at least* four disks, which is the minimum -required number of disks to enable :ref:`erasure coding `: - -.. code-block:: shell - :class: copyable - - export MINIO_ACCESS_KEY=minio-admin - export MINIO_SECRET_KEY=minio-secret-key-CHANGE-ME - minio server /mnt/disk{1...4}/data - -The example command breaks down as follows: - -.. list-table:: - :widths: 40 60 - :width: 100% - - * - :envvar:`MINIO_ACCESS_KEY` - - The access key for the :ref:`root ` user. - - Replace this value with a unique, random, and long string. - - * - :envvar:`MINIO_SECRET_KEY` - - The corresponding secret key to use for the - :ref:`root ` user. - - Replace this value with a unique, random, and long string. - - * - ``/mnt/disk{1...4}/data`` - - The path to each disk on the host machine. - - ``/data`` is an optional folder in which the ``minio`` server stores - all information related to the deployment. - - See :mc-cmd:`minio server DIRECTORIES` for more information on - configuring the backing storage for the :mc:`minio server` process. - -The command uses MinIO expansion notation ``{x...y}`` to denote a sequential -series. Specifically, ``/mnt/disk{1...4}/data`` expands to: - -- ``/mnt/disk1/data`` -- ``/mnt/disk2/data`` -- ``/mnt/disk3/data`` -- ``/mnt/disk4/data`` - -4) Connect to the Server -~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the :mc-cmd:`mc alias set` command from a machine with connectivity to -the host running the ``minio`` server. See :ref:`mc-install` for documentation -on installing :program:`mc`. - -.. code-block:: shell - :class: copyable - - mc alias set mylocalminio 192.0.2.10:9000 minioadmin minio-secret-key-CHANGE-ME - -Replace the IP address and port with one of the ``minio`` servers endpoints. - -See :ref:`minio-mc-commands` for a list of commands you can run on the -MinIO server. - -Distributed Installation ------------------------- - -Distributed MinIO deployments consist of multiple ``minio`` servers with -one or more disks each. Distributed deployments are best suited for -staging and production environments. - -MinIO *requires* using sequentially-numbered hostnames to represent each -``minio`` server in the deployment. For example, the following hostnames support -a 4-node distributed deployment: - -- ``minio1.example.com`` -- ``minio2.example.com`` -- ``minio3.example.com`` -- ``minio4.example.com`` - -Create the necessary DNS hostname mappings *prior* to starting this -procedure. - -1) Install the ``minio`` Server -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Install the :program:`minio` server onto each host machine in the deployment. -Select the tab that corresponds to the host machine operating system or -environment: - -.. include:: /includes/minio-server-installation.rst - -2) Add TLS/SSL Certificates (Optional) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Enable TLS/SSL connectivity to the MinIO server by specifying a private key -(``.key``) and public certificate (``.crt``) to the MinIO ``certs`` directory: - -- For Linux/MacOS: ``${HOME}/.minio/certs`` - -- For Windows: ``%%USERPROFILE%%\.minio\certs`` - -The MinIO server automatically enables TLS/SSL connectivity if it detects -the required certificates in the ``certs`` directory. - -.. note:: - - The MinIO documentation makes a best-effort to provide generally applicable - and accurate information on TLS/SSL connectivity in the context of MinIO - products and services, and is not intended as a complete guide to the larger - topic of TLS/SSL certificate creation and management. - -3) Run the ``minio`` Server -~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Issue the following command on each host machine in the deployment. The -following example assumes that: - -- The deployment has four host machines with sequential hostnames - (i.e. ``minio1.example.com``, ``minio2.example.com``). - -- Each host machine has *at least* four disks mounted at ``/data``. 4 disks is - the minimum required for :ref:`erasure coding - `. - -.. code-block:: shell - :class: copyable - - export MINIO_ACCESS_KEY=minio-admin - export MINIO_SECRET_KEY=minio-secret-key-CHANGE-ME - minio server https://minio{1...4}.example.com/mnt/disk{1...4}/data - -The example command breaks down as follows: - -.. list-table:: - :widths: 40 60 - :width: 100% - - * - :envvar:`MINIO_ACCESS_KEY` - - The access key for the :ref:`root ` user. - - Replace this value with a unique, random, and long string. - - * - :envvar:`MINIO_SECRET_KEY` - - The corresponding secret key to use for the - :ref:`root ` user. - - Replace this value with a unique, random, and long string. - - * - ``https://minio{1...4}.example.com/`` - - The DNS hostname of each server in the distributed deployment. - - * - ``/mnt/disk{1...4}/data`` - - The path to each disk on the host machine. - - ``/data`` is an optional folder in which the ``minio`` server stores - all information related to the deployment. - - See :mc-cmd:`minio server DIRECTORIES` for more information on - configuring the backing storage for the :mc:`minio server` process. - -The command uses MinIO expansion notation ``{x...y}`` to denote a sequential -series. Specifically: - -- The hostname ``https://minio{1...4}.example.com`` expands to: - - - ``https://minio1.example.com`` - - ``https://minio2.example.com`` - - ``https://minio3.example.com`` - - ``https://minio4.example.com`` - -- ``/mnt/disk{1...4}/data`` expands to - - - ``/mnt/disk1/data`` - - ``/mnt/disk2/data`` - - ``/mnt/disk3/data`` - - ``/mnt/disk4/data`` - -4) Connect to the Server -~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the :mc-cmd:`mc alias set` command from a machine with connectivity to any -hostname running the ``minio`` server. See :ref:`mc-install` for documentation -on installing :program:`mc`. - -.. code-block:: shell - :class: copyable - - mc alias set mylocalminio minio1.example.net minioadmin minio-secret-key-CHANGE-ME - -See :ref:`minio-mc-commands` for a list of commands you can run on the -MinIO server. - -Docker Installation -------------------- - -Stable MinIO -~~~~~~~~~~~~ - -The following ``docker`` command creates a container running the latest stable -version of the ``minio`` server process: - -.. code-block:: shell - :class: copyable - - docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=ROOT_ACCESS_KEY" \ - -e "MINIO_SECRET_KEY=SECRET_ACCESS_KEY_CHANGE_ME" \ - -v /mnt/disk1:/disk1 \ - -v /mnt/disk2:/disk2 \ - -v /mnt/disk3:/disk3 \ - -v /mnt/disk4:/disk4 \ - minio/minio server /disk{1...4} - -The command uses the following options: - -- ``-e MINIO_ACCESS_KEY`` and ``-e MINIO_SECRET_KEY`` for configuring the - :ref:`root ` user credentials. - -- ``-v /mnt/disk:/disk`` for configuring each disk the ``minio`` - server uses. - -Bleeding Edge MinIO -~~~~~~~~~~~~~~~~~~~ - -*Do not use bleeding-edge deployments of MinIO in production environments* - -The following ``docker`` command creates a container running the latest -bleeding-edge version of the ``minio`` server process: - -.. code-block:: shell - :class: copyable - - docker run -p 9000:9000 \ - -e "MINIO_ACCESS_KEY=ROOT_ACCESS_KEY" \ - -e "MINIO_SECRET_KEY=SECRET_ACCESS_KEY_CHANGE_ME" \ - -v /mnt/disk1:/disk1 \ - -v /mnt/disk2:/disk2 \ - -v /mnt/disk3:/disk3 \ - -v /mnt/disk4:/disk4 \ - minio/minio:edge server /disk{1...4} - -The command uses the following options: - -- ``MINIO_ACCESS_KEY`` and ``MINIO_SECRET_KEY`` for configuring the - :ref:`root ` user credentials. - -- ``-v /mnt/disk:/disk`` for configuring each disk the ``minio`` - server uses. - -Deployment Recommendations --------------------------- - -Minimum Nodes per Deployment -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -For all production deployments, MinIO recommends a *minimum* of 4 nodes per -cluster. MinIO deployments with *at least* 4 nodes can tolerate the loss of up -to half the nodes *or* half the disks in the deployment while maintaining -read and write availability. - -For example, assuming a 4-node deployment with 4 drives per node, the -cluster can tolerate the loss of: - -- Any two nodes, *or* -- Any 8 drives. - -The minimum recommendation reflects MinIO's experience with assisting enterprise -customers in deploying on a variety of IT infrastructures while -maintaining the desired SLA/SLO. While MinIO may run on less than the -minimum recommended topology, any potential cost savings come at the risk of -decreased reliability. - -Recommended Hardware -~~~~~~~~~~~~~~~~~~~~ - -For MinIO's recommended hardware, please see -`MinIO Reference Hardware `__. - -Bare Metal Infrastructure -~~~~~~~~~~~~~~~~~~~~~~~~~ - -A distributed MinIO deployment can only provide as much availability as the -bare metal infrastructure on which it is deployed. In particular, consider the -following potential failure points which could result in cluster downtime -when configuring your bare metal infrastructure: - -- Shared networking resources (switches, routers, ISP). -- Shared power resources. -- Shared physical location (rack, datacenter, region). - -MinIO deployments using virtual machines or containerized environments should -also consider the following: - -- Shared physical hardware (CPU, Memory, Storage) -- Shared orchestration management layer (Kubernetes, Docker Swarm) - -FreeBSD -------- - -MinIO does not provide an official FreeBSD binary. FreeBSD maintains an -`upstream release `__ you can -install using `pkg `__: - -.. code-block:: shell - :class: copyable - - pkg install minio - sysrc minio_enable=yes - sysrc minio_disks=/path/to/disks - service minio start \ No newline at end of file diff --git a/source/minio-features/bucket-notifications.md b/source/concepts/bucket-notifications.md similarity index 100% rename from source/minio-features/bucket-notifications.md rename to source/concepts/bucket-notifications.md diff --git a/source/minio-features/bucket-versioning.rst b/source/concepts/bucket-versioning.rst similarity index 100% rename from source/minio-features/bucket-versioning.rst rename to source/concepts/bucket-versioning.rst diff --git a/source/minio-features/erasure-coding.rst b/source/concepts/erasure-coding.rst similarity index 89% rename from source/minio-features/erasure-coding.rst rename to source/concepts/erasure-coding.rst index 09047bdd..7cff7b77 100644 --- a/source/minio-features/erasure-coding.rst +++ b/source/concepts/erasure-coding.rst @@ -12,7 +12,7 @@ Erasure Coding MinIO Erasure Coding is a data redundancy and availability feature that allows MinIO deployments to automatically reconstruct objects on-the-fly despite the -loss of multiple drives or nodes in the cluster.Erasure Coding provides +loss of multiple drives or nodes in the cluster. Erasure Coding provides object-level healing with less overhead than adjacent technologies such as RAID or replication. @@ -24,19 +24,15 @@ number of nodes, and number of drives per node in the Erasure Set, MinIO can tolerate the loss of up to half (``N/2``) of drives and still retrieve stored objects. -For example, consider the following small-scale MinIO deployment consisting of a -single :ref:`Server Set ` with 4 :mc:`minio server` +For example, consider a small-scale MinIO deployment consisting of a +single :ref:`Server Pool ` with 4 :mc:`minio server` nodes. Each node in the deployment has 4 locally attached ``1Ti`` drives for -a total of 16 drives: - - +a total of 16 drives. MinIO creates :ref:`Erasure Sets ` by dividing the total number of drives in the deployment into sets consisting of between 4 and 16 drives each. In the example deployment, the largest possible Erasure Set size -that evenly divides into the total number of drives is ``16``: - - +that evenly divides into the total number of drives is ``16``. MinIO uses a Reed-Solomon algorithm to split objects into data and parity blocks based on the size of the Erasure Set. MinIO then uniformly distributes the @@ -45,8 +41,6 @@ in the set contains no more than one block per object. MinIO uses the ``EC:N`` notation to refer to the number of parity blocks (``N``) in the Erasure Set. - - The number of parity blocks in a deployment controls the deployment's relative data redundancy. Higher levels of parity allow for higher tolerance of drive loss at the cost of total available storage. For example, using EC:4 in our @@ -92,9 +86,6 @@ deployment: - For more information on selecting Erasure Code Parity, see :ref:`minio-ec-parity` -- For more information on Erasure Code Object Healing, see - :ref:`minio-ec-object-healing`. - .. _minio-ec-erasure-set: Erasure Sets @@ -105,34 +96,34 @@ Erasure Coding. MinIO evenly distributes object data and parity blocks among the drives in the Erasure Set. MinIO calculates the number and size of *Erasure Sets* by dividing the total -number of drives in the :ref:`Server Set ` into sets +number of drives in the :ref:`Server Pool ` into sets consisting of between 4 and 16 drives each. MinIO considers two factors when selecting the Erasure Set size: - The Greatest Common Divisor (GCD) of the total drives. -- The number of :mc:`minio server` nodes in the Server Set. +- The number of :mc:`minio server` nodes in the Server Pool. For an even number of nodes, MinIO uses the GCD to calculate the Erasure Set size and ensure the minimum number of Erasure Sets possible. For an odd number of nodes, MinIO selects a common denominator that results in an odd number of Erasure Sets to facilitate more uniform distribution of erasure set drives -among nodes in the Server Set. +among nodes in the Server Pool. -For example, consider a Server Set consisting of 4 nodes with 8 drives each +For example, consider a Server Pool consisting of 4 nodes with 8 drives each for a total of 32 drives. The GCD of 16 produces 2 Erasure Sets of 16 drives each with uniform distribution of erasure set drives across all 4 nodes. -Now consider a Server Set consisting of 5 nodes with 8 drives each for a total +Now consider a Server Pool consisting of 5 nodes with 8 drives each for a total of 40 drives. Using the GCD, MinIO would create 4 erasure sets with 10 drives each. However, this distribution would result in uneven distribution with one node contributing more drives to the Erasure Sets than the others. MinIO instead creates 5 erasure sets with 8 drives each to ensure uniform distribution of Erasure Set drives per Nodes. -MinIO generally recommends maintaining an even number of nodes in a Server Set +MinIO generally recommends maintaining an even number of nodes in a Server Pool to facilitate simplified human calculation of the number and size of -Erasure Sets in the Server Set. +Erasure Sets in the Server Pool. .. _minio-ec-parity: @@ -179,7 +170,7 @@ Write Quorum to serve write operations. MinIO requires enough available drives to eliminate the risk of split-brain scenarios. - MinIO Write Quorum is ``DRIVES - (EC:N-1)``. + MinIO Write Quorum is ``(DRIVES - (EC:N)) + 1``. Storage Classes ~~~~~~~~~~~~~~~ @@ -204,8 +195,26 @@ MinIO provides the following two storage classes: - The :mc:`mc admin config` command to modify the ``storage_class.standard`` configuration setting. - Starting with , MinIO defaults ``STANDARD`` storage class to - ``EC:4``. + Starting with :minio-git:`RELEASE.2021-01-30T00-20-58Z + `, MinIO defaults + ``STANDARD`` storage class based on the number of volumes in the Erasure Set: + + .. list-table:: + :header-rows: 1 + :widths: 30 70 + :width: 100% + + * - Erasure Set Size + - Default Parity (EC:N) + + * - 5 or Fewer + - EC:2 + + * - 6 - 7 + - EC:3 + + * - 8 or more + - EC:4 The maximum value is half of the total drives in the :ref:`Erasure Set `. @@ -252,19 +261,12 @@ interfacing with the MinIO server. created. -.. _minio-ec-object-healing: - -Object Healing --------------- - -TODO - .. _minio-ec-bitrot-protection: BitRot Protection ----------------- -TODO- ReWrite w/ more detail. +.. TODO- ReWrite w/ more detail. Silent data corruption or bitrot is a serious problem faced by disk drives resulting in data getting corrupted without the user’s knowledge. The reasons diff --git a/source/minio-features/overview.rst b/source/concepts/feature-overview.rst similarity index 61% rename from source/minio-features/overview.rst rename to source/concepts/feature-overview.rst index ca2c6def..0b86cd7a 100644 --- a/source/minio-features/overview.rst +++ b/source/concepts/feature-overview.rst @@ -16,21 +16,28 @@ The following table lists MinIO features and their corresponding documentation: * - Feature - Description - * - :doc:`Bucket Notifications ` + * - :doc:`Bucket Notifications ` - MinIO Bucket Notifications allows you to automatically publish notifications to one or more configured notification targets when specific events occur in a bucket. - * - :doc:`Bucket Versioning ` + * - :doc:`Bucket Versioning ` - MinIO Bucket Versioning supports keeping multiple "versions" of an object in a single bucket. Write operations which would normally overwrite an existing object instead result in the creation of a new versioned object. + * - :doc:`Erasure Coding ` + - MinIO Erasure Coding is a data redundancy and availability feature that + allows MinIO deployments to automatically reconstruct objects on-the-fly + despite the loss of multiple drives or nodes on the cluster. Erasure + coding provides object-level healing with less overhead than adjacent + technologies such as RAID ro replication. + .. toctree:: :titlesonly: :hidden: - /minio-features/bucket-notifications - /minio-features/bucket-versioning - /minio-features/erasure-coding \ No newline at end of file + /concepts/bucket-notifications + /concepts/bucket-versioning + /concepts/erasure-coding \ No newline at end of file diff --git a/source/conf.py b/source/conf.py index 478ef1fe..aa4c4a7c 100644 --- a/source/conf.py +++ b/source/conf.py @@ -62,6 +62,8 @@ extlinks = { 'iam-docs' : ('https://docs.aws.amazon.com/IAM/latest/UserGuide/%s',''), 'release' : ('https://github.com/minio/mc/releases/tag/%s',''), 'legacy' : ('https://docs.min.io/docs/%s',''), + 'docs-k8s' : ('https://docs.min.io/minio/k8s/%s',''), + } # Add any paths that contain templates here, relative to this directory. @@ -97,7 +99,7 @@ html_theme_options = { 'show_relbars': 'false' } -html_short_title = "MinIO Hybrid Cloud" +html_short_title = "MinIO Object Storage for Baremetal Infrastructure" # Add any paths that contain custom static files (such as style sheets) here, # relative to this directory. They are copied after the builtin static files, diff --git a/source/index.rst b/source/index.rst index 490d4fc1..8cc634d0 100644 --- a/source/index.rst +++ b/source/index.rst @@ -12,17 +12,16 @@ First-time users of MinIO *or* object storage services should start with our :doc:`Introduction `. Users deploying onto a Kubernetes cluster should start with our -:doc:`Kubernetes documentation `. +:docs-k8s:`Kubernetes documentation <>`. .. toctree:: :titlesonly: :hidden: /introduction/minio-overview - /minio-features/overview - /bare-metal/minio-baremetal-overview - /kubernetes/minio-kubernetes-overview + /concepts/feature-overview + /tutorials/minio-installation /security/security-overview - /minio-cli/minio-mc - /minio-cli/minio-mc-admin - /minio-server/minio-server + /reference/minio-cli/minio-mc + /reference/minio-cli/minio-mc-admin + /reference/minio-server/minio-server diff --git a/source/introduction/minio-overview.rst b/source/introduction/minio-overview.rst index 148e25bc..5932d64a 100644 --- a/source/introduction/minio-overview.rst +++ b/source/introduction/minio-overview.rst @@ -31,29 +31,30 @@ needs to store a variety of blobs, including rich multimedia like videos and images. The structure of objects on the MinIO server might look similar to the following: -.. code-block:: shell +.. code-block:: text / #root /images/ - 2020-01-02-blog-title.png - 2020-01-03-blog-title.png + 2020-01-02-MinIO-Diagram.png + 2020-01-03-MinIO-Advanced-Deployment.png + MinIO-Logo.png /videos/ - 2020-01-03-blog-cool-video.mp4 - /blogs/ - 2020-01-02-blog.md - 2020-01-03-blog.md - /comments/ - 2020-01-02-blog-comments.json - 2020-01-02-blog-comments.json + 2020-01-04-MinIO-Interview.mp4 + /articles/ + /john.doe/ + 2020-01-02-MinIO-Object-Storage.md + 2020-01-02-MinIO-Object-Storage-comments.json + /jane.doe/ + 2020-01-03-MinIO-Advanced-Deployment.png + 2020-01-02-MinIO-Advanced-Deployment-comments.json + 2020-01-04-MinIO-Interview.md + +MinIO supports multiple levels of nested directories and objects to support +even the most dynamic object storage workloads. Deployment Architecture ----------------------- -The following diagram describes the individual components in a MinIO -deployment: - - ServerSet -> Cluster > - :ref:`Erasure Set ` A set of disks that supports MinIO :ref:`Erasure Coding `. Erasure Coding provides high availability, @@ -66,66 +67,68 @@ deployment: impact despite the loss of up to half (``N/2``) of the total drives in the deployment. -.. _minio-intro-server-set: +.. _minio-intro-server-pool: -:ref:`Server Set ` +:ref:`Server Pool ` A set of MinIO :mc-cmd:`minio server` nodes which pool their drives and resources for supporting object storage/retrieval requests. The :mc-cmd:`~minio server HOSTNAME` argument passed to the - :mc-cmd:`minio server` command represents a Server Set: + :mc-cmd:`minio server` command represents a Server Pool: .. code-block:: shell minio server https://minio{1...4}.example.net/mnt/disk{1...4} - | Server Set | + | Server Pool | - The above example describes a single Server Set with + The above example describes a single Server Pool with 4 :mc:`minio server` nodes and 4 drives each for a total of 16 drives. MinIO requires starting each :mc:`minio server` in the set with the same startup command to enable awareness of all set peers. See :mc-cmd:`minio server` for complete syntax and usage. - MinIO calculates the size and number of Erasure Sets in the Server Set based + MinIO calculates the size and number of Erasure Sets in the Server Pool based on the total number of drives in the set *and* the number of :mc:`minio` servers in the set. See :ref:`minio-ec-erasure-set` for more information. .. _minio-intro-cluster: :ref:`Cluster ` - The whole MinIO deployment consisting of one or more Server Sets. Each + The whole MinIO deployment consisting of one or more Server Pools. Each :mc-cmd:`~minio server HOSTNAME` argument passed to the - :mc-cmd:`minio server` command represents one Server Set: + :mc-cmd:`minio server` command represents one Server Pool: .. code-block:: shell minio server https://minio{1...4}.example.net/mnt/disk{1...4} \ https://minio{5...8}.example.net/mnt/disk{1...4} - | Server Set | + | Server Pool | - The above example describes two Server Sets, each consisting of 4 - :mc:`minio server` nodes with 4 drives each for a total of 32 drives. + The above example describes two Server Pools, each consisting of 4 + :mc:`minio server` nodes with 4 drives each for a total of 32 drives. MinIO + always stores each unique object and all versions of that object on the + same Server Pool. - Server Set expansion is a function of Horizontal Scaling, where each new set - expands the cluster storage and compute resources. Server Set expansion + Server Pool expansion is a function of Horizontal Scaling, where each new set + expands the cluster storage and compute resources. Server Pool expansion is not intended to support migrating existing sets to newer hardware. - MinIO Standalone clusters consist of a single Server Set with a single + MinIO Standalone clusters consist of a single Server Pool with a single :mc:`minio server` node. Standalone clusters are best suited for initial development and evaluation. MinIO strongly recommends production clusters consist of a *minimum* of 4 :mc:`minio server` nodes in a - Server Set. + Server Pool. Deploying MinIO --------------- -For Kubernetes clusters, use the MinIO Kubernetes Operator. -See :ref:`minio-kubernetes` for more information. +Users deploying onto a Kubernetes cluster should start with our +:docs-k8s:`Kubernetes documentation <>`. For bare-metal environments, including private cloud services or containerized environments, install and run the :mc:`minio server` on -each host in the MinIO deployment. See :ref:`minio-baremetal` for more -information. +each host in the MinIO deployment. +See :ref:`minio-installation` for more information. diff --git a/source/kubernetes/minio-kubernetes-overview.rst b/source/kubernetes/minio-kubernetes-overview.rst deleted file mode 100644 index f3756dda..00000000 --- a/source/kubernetes/minio-kubernetes-overview.rst +++ /dev/null @@ -1,880 +0,0 @@ -.. _minio-kubernetes: - -======================= -MinIO Kubernetes Plugin -======================= - -.. default-domain:: minio - -.. contents:: Table of Contents - :local: - :depth: 2 - -Overview --------- - -MinIO is a high performance distributed object storage server, designed for -large-scale private cloud infrastructure. Orchestration platforms like -Kubernetes provide perfect cloud-native environment to deploy and scale MinIO. -The :minio-git:`MinIO Kubernetes Operator ` brings native MinIO -support to Kubernetes. - -The :mc:`kubectl minio` plugin brings native support for deploying MinIO -tenants to Kubernetes clusters using the ``kubectl`` CLI. You can use -:mc:`kubectl minio` to deploy a MinIO tenant with little to no interaction -with ``YAML`` configuration files. - -.. image:: /images/Kubernetes-Minio.svg - :align: center - :width: 90% - :class: no-scaled-link - :alt: Kubernetes Orchestration with the MinIO Operator facilitates automated deployment of MinIO clusters. - -:mc:`kubectl minio` builds its interface on top of the -MinIO Kubernetes Operator. Visit the -:minio-git:`MinIO Operator ` Github repository to follow -ongoing development on the Operator and Plugin. - -Installation ------------- - -**Prerequisite** - -Install the `krew `__ ``kubectl`` -plugin manager using the `documented installation procedure -`__. - -Install Using ``krew`` -~~~~~~~~~~~~~~~~~~~~~~ - -Run the following command to install :mc:`kubectl minio` using ``krew``: - -.. code-block:: shell - :class: copyable - - kubectl krew update - kubectl krew install minio - -Update Using ``krew`` -~~~~~~~~~~~~~~~~~~~~~ - -Run the following command to update :mc:`kubectl minio`: - -.. code-block:: shell - :class: copyable - - kubectl krew upgrade - -Deploy a MinIO Tenant ---------------------- - -The following procedure creates a MinIO tenant using the -:mc:`kubectl minio` plugin. - -1) Initialize the MinIO Operator -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:mc:`kubectl minio` requires the MinIO Operator. Use the -:mc-cmd:`kubectl minio init` command to initialize the MinIO Operator: - -.. code-block:: shell - :class: copyable - - kubectl minio init - -The example command deploys the MinIO operator to the ``default`` namespace. -Include the :mc-cmd-option:`~kubectl minio init namespace` option to -specify the namespace you want to deploy the MinIO operator into. - -2) Configure the Persistent Volumes -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Create a :kube-docs:`Persistent Volume (PV) ` -for each drive on each node. - -MinIO recommends using :kube-docs:`local ` PVs -to ensure best performance and operations: - -a. Create a ``StorageClass`` for the MinIO ``local`` Volumes -```````````````````````````````````````````````````````````` - -.. container:: indent - - The following YAML describes a - :kube-docs:`StorageClass ` with the - appropriate fields for use with the ``local`` PV: - - .. code-block:: yaml - :class: copyable - - apiVersion: storage.k8s.io/v1 - kind: StorageClass - metadata: - name: local-storage - provisioner: kubernetes.io/no-provisioner - volumeBindingMode: WaitForFirstConsumer - - The ``StorageClass`` **must** have ``volumeBindingMode`` set to - ``WaitForFirstConsumer`` to ensure correct binding of each pod's - :kube-docs:`Persistent Volume Claims (PVC) - ` to the - Node ``PV``. - -b. Create the Required Persistent Volumes -````````````````````````````````````````` - -.. container:: indent - - The following YAML describes a ``PV`` ``local`` volume: - - .. code-block:: yaml - :class: copyable - :emphasize-lines: 4, 12, 14, 22 - - apiVersion: v1 - kind: PersistentVolume - metadata: - name: PV-NAME - spec: - capacity: - storage: 100Gi - volumeMode: Filesystem - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - storageClassName: local-storage - local: - path: /mnt/disks/ssd1 - nodeAffinity: - required: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - NODE-NAME - - .. list-table:: - :header-rows: 1 - :widths: 20 80 - :width: 100% - - * - Field - - Description - - * - .. code-block:: yaml - - metadata: - name: - - - Set to a name that supports easy visual identification of the - ``PV`` and its associated physical host. For example, for a ``PV`` on - host ``minio-1``, consider specifying ``minio-1-pv-1``. - - * - .. code-block:: yaml - - nodeAfinnity: - required: - nodeSelectorTerms: - - key: - values: - - - Set to the name of the node on which the physical disk is - installed. - - * - .. code-block:: yaml - - spec: - storageClassName: - - - Set to the ``StorageClass`` created for supporting the - MinIO ``local`` volumes. - - * - .. code-block:: yaml - - spec: - local: - path: - - - Set to the full file path of the locally-attached disk. You - can specify a directory on the disk to isolate MinIO-specific data. - The specified disk or directory **must** be empty for MinIO to start. - - Create one ``PV`` for each volume in the MinIO tenant. For example, given a - Kubernetes cluster with 4 Nodes with 4 locally attached drives each, create a - total of 16 ``local`` ``PVs``. - -c. Validate the Created PV -`````````````````````````` - -.. container:: indent - - Issue the ``kubectl get PV`` command to validate the created PVs: - - .. code-block:: shell - :class: copyable - - kubectl get PV - -3) Create a Namespace for the MinIO Tenant -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the ``kubectl create namespace`` command to create a namespace for -the MinIO Tenant: - -.. code-block:: shell - :class: copyable - - kubectl create namespace minio-tenant-1 - -4) Create the MinIO Tenant -~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Use the :mc-cmd:`kubectl minio tenant create` command to create the MinIO -Tenant. - -The following example creates a 4-node MinIO deployment with a -total capacity of 16Ti across 16 drives. - -.. code-block:: shell - :class: copyable - - kubectl minio tenant create \ - --name minio-tenant-1 \ - --servers 4 \ - --volumes 16 \ - --capacity 16Ti \ - --storageClassName local-storage \ - --namespace minio-tenant-1 - -The following table explains each argument specified to the command: - -.. list-table:: - :header-rows: 1 - :widths: 30 70 - :width: 100% - - * - Argument - - Description - - * - :mc-cmd-option:`~kubectl minio tenant create name` - - The name of the MinIO Tenant which the command creates. - - * - :mc-cmd-option:`~kubectl minio tenant create servers` - - The number of :mc:`minio` servers to deploy across the Kubernetes - cluster. - - * - :mc-cmd-option:`~kubectl minio tenant create volumes` - - The number of volumes in the cluster. :mc:`kubectl minio` determines the - number of volumes per server by dividing ``volumes`` by ``servers``. - - * - :mc-cmd-option:`~kubectl minio tenant create capacity` - - The total capacity of the cluster. :mc:`kubectl minio` determines the - capacity of each volume by dividing ``capacity`` by ``volumes``. - - * - :mc-cmd-option:`~kubectl minio tenant create namespace` - - The Kubernetes namespace in which to deploy the MinIO Tenant. - - * - :mc-cmd-option:`~kubectl minio tenant create storageClassName` - - The Kubernetes ``StorageClass`` to use when creating each PVC. - -If :mc-cmd:`kubectl minio tenant create` succeeds in creating the MinIO Tenant, -the command outputs connection information to the terminal. The output includes -the credentials for the :mc:`minio` :ref:`root ` user and -the MinIO Console Service. - -.. code-block:: shell - :emphasize-lines: 1-3, 7-9 - - Tenant - Access Key: 999466bb-8bd6-4d73-8115-61df1b0311f4 - Secret Key: f8e5ecc3-7657-493b-b967-aaf350daeec9 - Version: minio/minio:RELEASE.2020-09-26T03-44-56Z - ClusterIP Service: minio-tenant-1-internal-service - - MinIO Console - Access Key: e9ae0f3f-18e5-44c6-a2aa-dc2e95497734 - Secret Key: 498ae13a-2f70-4adf-a38e-730d24327426 - Version: minio/console:v0.3.14 - ClusterIP Service: minio-tenant-1-console - -:mc-cmd:`kubectl minio` stores all credentials using Kubernetes Secrets, where -each secret is prefixed with the tenant -:mc-cmd:`name `: - -.. code-block:: shell - - > kubectl get secrets --namespace minio-tenant-1 - - NAME TYPE DATA AGE - - minio-tenant-1-console-secret Opaque 5 123d4h - minio-tenant-1-console-tls Opaque 2 123d4h - minio-tenant-1-creds-secret Opaque 2 123d4h - minio-tenant-1-tls Opaque 2 123d4h - -Kubernetes administrators with the correct permissions can view the secret -contents and extract the access and secret key: - -.. code-block:: shell - - kubectl get secrets minio-tenant-1-creds-secret -o yaml - -The access key and secret key are ``base64`` encoded. You must decode the -values prior to specifying them to :mc:`mc` or other S3-compatible tools. - -5) Configure Access to the Service -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -:mc:`kubectl minio` creates a service for the MinIO Tenant. -Use ``kubectl get svc`` to retrieve the service name: - -.. code-block:: shell - :class: copyable - - kubectl get svc --namespace minio-tenant-1 - -The command returns output similar to the following: - -.. code-block:: shell - - NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE - minio ClusterIP 10.109.88.X 443/TCP 137m - minio-tenant-1-console ClusterIP 10.97.87.X 9090/TCP,9443/TCP 129m - minio-tenant-1-hl ClusterIP None 9000/TCP 137m - -The created services are visible only within the Kubernetes cluster. External -access to Kubernetes cluster resources requires creating an -:kube-docs:`Ingress object ` that routes -traffic from an externally-accessible IP address or hostname to the ``minio`` -service. Configuring Ingress also requires creating an -:kube-docs:`Ingress Controller -` in the cluster. -Defer to the :kube-docs:`Kubernetes Documentation -` for guidance on creating and configuring the -required resources for external access to cluster resources. - -The following example Ingress object depends on the -`NGINX Ingress Controller for Kubernetes -`__. -The example is intended as a *demonstration* for creating an Ingress object and -may not reflect the configuration and topology of your Kubernetes cluster and -MinIO tenant. You may need to add or remove listed fields to suit your -Kubernetes cluster. **Do not** use this example as-is or without modification. - -.. code-block:: yaml - - apiVersion: networking.k8s.io/v1 - kind: Ingress - metadata: - name: minio-ingress - annotations: - kubernetes.io/tls-acme: "true" - kubernetes.io/ingress.class: "nginx" - nginx.ingress.kubernetes.io/proxy-body-size: 1024m - spec: - tls: - - hosts: - - minio.example.com - secretName: minio-ingress-tls - rules: - - host: minio.example.com - http: - paths: - - path: / - backend: - serviceName: minio - servicePort: http - -MinIO Kubernetes Plugin Syntax ------------------------------- - -.. mc:: kubectl minio - -Create the MinIO Operator -~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. mc-cmd:: init - :fullpath: - - Initializes the MinIO Operator. :mc:`kubectl minio` requires the operator for - core functionality. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio init [FLAGS] - - The command supports the following arguments: - - .. mc-cmd:: image - :option: - - The image to use for deploying the operator. - Defaults to the :minio-git:`latest release of the operator - `: - - ``minio/k8s-operator:latest`` - - .. mc-cmd:: namespace - :option: - - The namespace into which to deploy the operator. - - Defaults to ``minio-operator``. - - .. mc-cmd:: cluster-domain - :option: - - The domain name to use when configuring the DNS hostname of the - operator. Defaults to ``cluster.local``. - - .. mc-cmd:: namespace-to-watch - :option: - - The namespace which the operator watches for MinIO tenants. - - Defaults to ``""`` or *all namespaces*. - - .. mc-cmd:: image-pull-secret - :option: - - Secret key for use with pulling the - :mc-cmd-option:`~kubectl minio init image`. - - The MinIO-hosted ``minio/k8s-operator`` image is *not* password protected. - This option is only required for non-MinIO image sources which are - password protected. - - .. mc-cmd:: output - :option: - - Performs a dry run and outputs the generated YAML to ``STDOUT``. Use - this option to customize the YAML and apply it manually using - ``kubectl apply -f ``. - -Delete the MinIO Operator -~~~~~~~~~~~~~~~~~~~~~~~~~ - -.. mc-cmd:: delete - :fullpath: - - Deletes the MinIO Operator along with all associated resources, - including all MinIO Tenant instances in the - :mc-cmd:`watched namespace `. - - .. warning:: - - If the underlying Persistent Volumes (``PV``) were created with - a reclaim policy of ``recycle`` or ``delete``, deleting the MinIO - Tenant results in complete loss of all objects stored on the tenant. - - Ensure you have performed all due diligence in confirming the safety of - any data on the MinIO Tenant prior to deletion. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio delete [FLAGS] - - The command accepts the following arguments: - - .. mc-cmd:: namespace - :option: - - The namespace of the MinIO operator to delete. - - Defaults to ``minio-operator``. - -Create a MinIO Tenant -~~~~~~~~~~~~~~~~~~~~~ - -.. include:: /includes/facts-kubectl-plugin.rst - :start-after: start-kubectl-minio-requires-operator-desc - :end-before: end-kubectl-minio-requires-operator-desc - - -.. mc-cmd:: tenant create - :fullpath: - - Creates a MinIO Tenant using the - :minio-git:`latest release ` of :mc:`minio`: - - ``minio/minio:latest`` - - The command creates the following resources in the Kubernetes cluster. - - - The MinIO Tenant. - - - Persistent Volume Claims (``PVC``) for each - :mc-cmd:`volume ` in the tenant. - - - Pods for each - :mc-cmd:`server ` in the tenant. - - - Kubernetes secrets for storing access keys and secret keys. Each - secret is prefixed with the Tenant name. - - - The MinIO Console Service (MCS). See the :minio-git:`console ` - Github repository for more information on MCS. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio tenant create \ - --names NAME \ - --servers SERVERS \ - --volumes VOLUMES \ - --capacity CAPACITY \ - --storageClassName STORAGECLASS \ - [OPTIONAL_FLAGS] - - The command supports the following arguments: - - .. mc-cmd:: name - :option: - - *Required* - - The name of the MinIO tenant which the command creates. The - name *must* be unique in the - :mc-cmd:`~kubectl minio tenant create namespace`. - - .. mc-cmd:: servers - :option: - - *Required* - - The number of :mc:`minio` servers to deploy on the Kubernetes cluster. - - Ensure that the specified number of - :mc-cmd-option:`~kubectl minio tenant create servers` does *not* - exceed the number of nodes in the Kubernetes cluster. MinIO strongly - recommends sizing the cluster to have one node per MinIO server. - - .. mc-cmd:: volumes - :option: - - *Required* - - The number of volumes in the MinIO tenant. :mc:`kubectl minio` - generates one Persistent Volume Claim (``PVC``) for each volume. - :mc:`kubectl minio` divides the - :mc-cmd-option:`~kubectl minio tenant create capacity` by the number of - volumes to determine the amount of ``resources.requests.storage`` to - set for each ``PVC``. - - :mc:`kubectl minio` determines - the number of ``PVC`` to associate to each :mc:`minio` server by dividing - :mc-cmd-option:`~kubectl minio tenant create volumes` by - :mc-cmd-option:`~kubectl minio tenant create servers`. - - :mc:`kubectl minio` also configures each ``PVC`` with node-aware - selectors, such that the :mc:`minio` server process uses a ``PVC`` - which correspond to a ``local`` Persistent Volume (``PV``) on the - same node running that process. This ensures that each process - uses local disks for optimal performance. - - If the specified number of volumes exceeds the number of - ``PV`` available on the cluster, :mc:`kubectl minio tenant create` - hangs and waits until the required ``PV`` exist. - - .. mc-cmd:: capacity - :option: - - *Required* - - The total capacity of the MinIO tenant. :mc:`kubectl minio` divides - the capacity by the number of - :mc-cmd-option:`~kubectl minio tenant create volumes` to determine the - amount of ``resources.requests.storage`` to set for each - Persistent Volume Claim (``PVC``). - - If the existing Persistent Volumes (``PV``) in the cluster cannot - satisfy the requested storage, :mc:`kubectl minio tenant create` - hangs and waits until the required storage exists. - - .. mc-cmd:: storageClassName - :option: - - *Required* - - The name of the Kubernetes - :kube-docs:`Storage Class ` to use - when creating Persistent Volume Claims (``PVC``) for the - MinIO Tenant. The specified - :mc-cmd-option:`~kubectl minio tenant create storageClassName` - *must* match the ``StorageClassName`` of the Persistent Volumes (``PVs``) - to which the ``PVCs`` should bind. - - .. mc-cmd:: namespace - :option: - - The namespace in which to create the MinIO Tenant. - - Defaults to ``minio``. - - .. mc-cmd:: kes-config - :option: - - The name of the Kubernetes Secret which contains the - MinIO Key Encryption Service (KES) configuration. - - .. mc-cmd:: output - :option: - - Outputs the generated ``YAML`` objects to ``STDOUT`` for further - customization. - - :mc-cmd-option:`~kubectl minio tenant create output` does - **not** create the MinIO Tenant. Use ``kubectl apply -f `` to - manually create the MinIO tenant using the generated file. - -Expand a MinIO Tenant -~~~~~~~~~~~~~~~~~~~~~ - -.. include:: /includes/facts-kubectl-plugin.rst - :start-after: start-kubectl-minio-requires-operator-desc - :end-before: end-kubectl-minio-requires-operator-desc - -.. mc-cmd:: tenant expand - :fullpath: - - Adds a new zone to an existing MinIO Tenant. - - The command creates the new zone using the - :minio-git:`latest release ` of :mc:`minio`: - - ``minio/minio:latest`` - - Consider using :mc-cmd:`kubectl minio tenant upgrade` to upgrade the - MinIO tenant *before* adding the new zone to ensure consistency across the - entire tenant. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio tenant expand \ - --names NAME \ - --servers SERVERS \ - --volumes VOLUMES \ - --capacity CAPACITY \ - [OPTIONAL_FLAGS] - - The command supports the following arguments: - - .. mc-cmd:: name - :option: - - *Required* - - The name of the MinIO Tenant which the command expands. - - .. mc-cmd:: servers - :option: - - *Required* - - The number of :mc:`minio` servers to deploy in the new MinIO Tenant zone. - - Ensure that the specified number of - :mc-cmd-option:`~kubectl minio tenant expand servers` does *not* exceed - the number of unused nodes in the Kubernetes cluster. MinIO strongly - recommends sizing the cluster to have one node per MinIO server in the new - zone. - - .. mc-cmd:: volumes - :option: - - *Required* - - The number of volumes in the new MinIO Tenant zone. - :mc:`kubectl minio` generates one Persistent Volume Claim (``PVC``) for - each volume. :mc:`kubectl minio` divides the - :mc-cmd-option:`~kubectl minio tenant expand capacity` by the number of - volumes to determine the amount of ``resources.requests.storage`` to set - for each ``PVC``. - - :mc:`kubectl minio` determines - the number of ``PVC`` to associate to each :mc:`minio` server by dividing - :mc-cmd-option:`~kubectl minio tenant expand volumes` by - :mc-cmd-option:`~kubectl minio tenant expand servers`. - - :mc:`kubectl minio` also configures each ``PVC`` with node-aware - selectors, such that the :mc:`minio` server process uses a ``PVC`` - which correspond to a ``local`` Persistent Volume (``PV``) on the - same node running that process. This ensures that each process - uses local disks for optimal performance. - - If the specified number of volumes exceeds the number of - ``PV`` available on the cluster, :mc:`kubectl minio tenant expand` - hangs and waits until the required ``PV`` exist. - - .. mc-cmd:: capacity - :option: - - *Required* - - The total capacity of the new MinIO Tenant zone. :mc:`kubectl minio` - divides the capacity by the number of - :mc-cmd-option:`~kubectl minio tenant expand volumes` to determine the - amount of ``resources.requests.storage`` to set for each - Persistent Volume Claim (``PVC``). - - If the existing Persistent Volumes (``PV``) in the cluster cannot - satisfy the requested storage, :mc:`kubectl minio tenant expand` - hangs and waits until the required storage exists. - - .. mc-cmd:: namespace - :option: - - The namespace in which to create the new MinIO Tenant zone. The namespace - *must* match that of the MinIO Tenant being extended. - - Defaults to ``minio``. - - .. mc-cmd:: output - :option: - - Outputs the generated ``YAML`` objects to ``STDOUT`` for further - customization. - - :mc-cmd-option:`~kubectl minio tenant expand output` does **not** create - the new MinIO Tenant zone. Use ``kubectl apply -f `` to manually - create the MinIO tenant using the generated file. - -Get MinIO Tenant Zones -~~~~~~~~~~~~~~~~~~~~~~ - -.. include:: /includes/facts-kubectl-plugin.rst - :start-after: start-kubectl-minio-requires-operator-desc - :end-before: end-kubectl-minio-requires-operator-desc - -.. mc-cmd:: tenant info - :fullpath: - - Lists all existing MinIO zones in a MinIO Tenant. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio tenant info --names NAME [OPTIONAL_FLAGS] - - The command supports the following arguments: - - .. mc-cmd:: name - :option: - - *Required* - - The name of the MinIO Tenant for which the command returns the - existing zones. - - .. mc-cmd:: namespace - :option: - - The namespace in which to look for the MinIO Tenant. - - Defaults to ``minio``. - -Upgrade MinIO Tenant -~~~~~~~~~~~~~~~~~~~~ - -.. include:: /includes/facts-kubectl-plugin.rst - :start-after: start-kubectl-minio-requires-operator-desc - :end-before: end-kubectl-minio-requires-operator-desc - -.. mc-cmd:: tenant upgrade - :fullpath: - - Upgrades the :mc:`minio` server Docker image used by the MinIO Tenant. - - .. important:: - - MinIO upgrades *all* :mc:`minio` server processes at once. This may - result in a brief period of downtime if a majority (``n/2-1``) of - servers are offline at the same time. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio tenant upgrade --names NAME [OPTIONAL_FLAGS] - - The command supports the following arguments: - - .. mc-cmd:: name - :option: - - *Required* - - The name of the MinIO Tenant which the command updates. - - .. mc-cmd:: namespace - :option: - - The namespace in which to look for the MinIO Tenant. - - Defaults to ``minio``. - -Delete a MinIO Tenant -~~~~~~~~~~~~~~~~~~~~~ - -.. include:: /includes/facts-kubectl-plugin.rst - :start-after: start-kubectl-minio-requires-operator-desc - :end-before: end-kubectl-minio-requires-operator-desc - -.. mc-cmd:: tenant delete - :fullpath: - - Deletes the MinIO Tenant and its associated resources. - - Kubernetes only deletes the Minio Tenant Persistent Volume Claims (``PVC``) - if the underlying Persistent Volumes (``PV``) were created with a - reclaim policy of ``recycle`` or ``delete``. ``PV`` with a reclaim policy of - ``retain`` require manual deletion of their associated ``PVC``. - - Deletion of the underlying ``PV``, whether automatic or manual, results in - the loss of any objects stored on the MinIO Tenant. Perform all due - diligence in ensuring the safety of stored data *prior* to deleting the - tenant. - - The command has the following syntax: - - .. code-block:: shell - :class: copyable - - kubectl minio tenant delete --names NAME [OPTIONAL_FLAGS] - - The command supports the following arguments: - - .. mc-cmd:: name - :option: - - *Required* - - The name of the MinIO Tenant to delete. - - .. mc-cmd:: namespace - :option: - - The namespace in which to look for the MinIO Tenant. - - Defaults to ``minio``. - -.. toctree:: - :hidden: - :titlesonly: - - /kubernetes/minio-operator-reference \ No newline at end of file diff --git a/source/kubernetes/minio-operator-reference.rst b/source/kubernetes/minio-operator-reference.rst deleted file mode 100644 index 9bdfd27d..00000000 --- a/source/kubernetes/minio-operator-reference.rst +++ /dev/null @@ -1,1221 +0,0 @@ -.. _minio-operator: - -========================= -MinIO Kubernetes Operator -========================= - -.. default-domain:: minio - -.. contents:: Table of Contents - :local: - :depth: 2 - -Overview --------- - -The MinIO Kubernetes Operator ("MinIO Operator") brings native support for -deploying and managing MinIO deployments ("MinIO Tenant") on a Kubernetes -cluster. - -The MinIO Operator requires familiarity with interacting with a Kubernetes -cluster, including but not limited to using the ``kubectl`` command line tool -and interacting with Kubernetes ``YAML`` objects. Users who would prefer a more -simplified experience should use the :ref:`minio-kubernetes` for deploying -and managing MinIO Tenants. - - -Deploying the MinIO Operator ----------------------------- - -The following operations deploy the MinIO operator using ``kustomize`` -templates. Users who would prefer a more simplified deployment experience -that does *not* require familiarity with ``kustomize`` should use the -:ref:`minio-kubernetes` for deploying and managing MinIO Tenants. - -.. tabs:: - - .. tab:: ``kubectl`` - - Use the following command to deploy the MinIO Operator using - ``kubectl`` and ``kustomize`` templates: - - .. code-block:: - :class: copyable - :substitutions: - - kubectl apply -k github.com/minio/operator/\?ref\=|minio-operator-latest-version| - - .. tab:: ``kustomize`` - - - Use :github:`kustomize ` to deploy the - MinIO Operator using ``kustomize`` templates: - - .. code-block:: - :class: copyable - :substitutions: - - kustomize build github.com/minio/operator/\?ref\=|minio-operator-latest-version| \ - > minio-operator-|minio-operator-latest-version|.yaml - - - -MinIO Tenant Object -------------------- - -The following example Kubernetes object describes a MinIO Tenant with the -following resources: - -- 4 :mc:`minio` server processes. -- 4 Volumes per server. -- 2 MinIO Console Service (MCS) processes. - -.. ToDo : - 2 MinIO Key Encryption Service (KES) processes. - -.. code-block:: yaml - :class: copyable - - apiVersion: minio.min.io/v1 - kind: Tenant - metadata: - creationTimestamp: null - name: minio-tenant-1 - namespace: minio-tenant-1 - scheduler: - name: "" - spec: - certConfig: {} - console: - consoleSecret: - name: minio-tenant-1-console-secret - image: minio/console:v0.3.14 - metadata: - creationTimestamp: null - name: minio-tenant-1 - replicas: 2 - resources: {} - credsSecret: - name: minio-tenant-1-creds-secret - image: minio/minio:RELEASE.2020-09-26T03-44-56Z - imagePullSecret: {} - liveness: - initialDelaySeconds: 10 - periodSeconds: 1 - timeoutSeconds: 1 - mountPath: /export - requestAutoCert: true - serviceName: minio-tenant-1-internal-service - zones: - - resources: {} - servers: 4 - volumeClaimTemplate: - apiVersion: v1 - kind: persistentvolumeclaims - metadata: - creationTimestamp: null - spec: - accessModes: - - ReadWriteOnce - storageClassName: local-storage - resources: - requests: - storage: 10Gi - status: {} - volumesPerServer: 4 - - -MinIO Operator ``YAML`` Reference ---------------------------------- - -The MinIO Operator adds a -:kube-api:`CustomResourceDefinition -<#customresourcedefinition-v1-apiextensions-k8s-io>` that extends the -Kubernetes Object API to support creating MinIO ``Tenant`` objects. - -.. tabs:: - - .. tab:: All Top-Level Fields - - The following ``YAML`` block describes a MinIO Tenant object and its - top-level fields. - - .. parsed-literal:: - - :kubeconf:`apiVersion`: minio.min.io/v1 - :kubeconf:`kind`: Tenant - :kubeconf:`metadata`: - :kubeconf:`~metadata.name`: minio - :kubeconf:`~metadata.namespace`: - :kubeconf:`~metadata.labels`: - app: minio - :kubeconf:`~metadata.annotations`: - prometheus.io/path: - prometheus.io/port: "" - prometheus.io/scrape: "" - :kubeconf:`spec`: - :kubeconf:`~spec.certConfig`: - :kubeconf:`~spec.console`: - :kubeconf:`~spec.credsSecret`: - :kubeconf:`~spec.env`: - :kubeconf:`~spec.externalCertSecret`: - :kubeconf:`~spec.externalClientCertSecret`: - :kubeconf:`~spec.image`: minio/minio:latest - :kubeconf:`~spec.imagePullPolicy`: IfNotPresent - :kubeconf:`~spec.kes`: - :kubeconf:`~spec.mountPath`: - :kubeconf:`~spec.podManagementPolicy`: - :kubeconf:`~spec.priorityClassName`: - :kubeconf:`~spec.requestAutoCert`: - :kubeconf:`~spec.s3`: - :kubeconf:`~spec.securityContext`: - :kubeconf:`~spec.serverSet`: - :kubeconf:`~spec.serviceAccountName`: - :kubeconf:`~spec.subPath`: - :kubeconf:`~spec.serverSet`: - - .. tab:: Minimum Required Fields - - - Minimum Required Fields - - .. parsed-literal:: - - :kubeconf:`apiVersion`: minio.min.io/v1 - :kubeconf:`kind`: Tenant - :kubeconf:`metadata`: - :kubeconf:`~metadata.name`: minio - :kubeconf:`~metadata.labels`: - app: minio - :kubeconf:`spec`: - :kubeconf:`~spec.serverSet` : - - :kubeconf:`~spec.serverSet.servers` : - :kubeconf:`~spec.serverSet.volumeClaimTemplate`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.accessModes`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.resources`: - requests: - storage: - :kubeconf:`~spec.serverSet.volumesPerServer`: - - -Core Fields -~~~~~~~~~~~ - -The following fields describe the core settings used to deploy a MinIO Tenant. - -.. parsed-literal:: - - :kubeconf:`apiVersion`: minio.min.io/v1 - :kubeconf:`kind`: Tenant - :kubeconf:`metadata`: - :kubeconf:`~metadata.name`: - :kubeconf:`~metadata.namespace`: - :kubeconf:`~metadata.labels`: - app: minio - :kubeconf:`~metadata.annotations`: - - prometheus.io/path: - - prometheus.io/port: - - prometheus.io/scrape: - :kubeconf:`spec`: - :kubeconf:`~spec.credsSecret`: - :kubeconf:`~spec.env`: - - :kubeconf:`~spec.serverSet`: - - :kubeconf:`~spec.serverSet.affinity`: - :kubeconf:`~spec.serverSet.name`: - :kubeconf:`~spec.serverSet.nodeSelector`: - :kubeconf:`~spec.serverSet.resources`: - :kubeconf:`~spec.serverSet.servers`: - :kubeconf:`~spec.serverSet.tolerations`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate`: - :kubeconf:`~spec.serverSet.volumesPerServer`: - -.. kubeconf:: apiVersion - - *Required* - - The API Version of the MinIO Tenant Object. - - Specify ``minio.min.io/v1``. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-customresourcedefinition - :end-before: end-kubeapi-customresourcedefinition - -.. kubeconf:: kind - - *Required* - - The REST resource the object represents. Specify ``Tenant``. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-customresourcedefinition - :end-before: end-kubeapi-customresourcedefinition - -.. kubeconf:: metadata - - The root field for describing metadata related to the Tenant object. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-objectmeta - :end-before: end-kubeapi-objectmeta - -.. kubeconf:: metadata.name - - *Required* - - The name of the Tenant resource. The name *must* be unique within the - target namespace. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-objectmeta - :end-before: end-kubeapi-objectmeta - -.. kubeconf:: metadata.namespace - - *Required* - - The namespace in which Kubernetes deploys the Tenant resource. - Omit to use the "Default" namespace. MinIO recommends creating a namespace - for each MinIO Tenant deployed in the Kubernetes cluster. - -.. kubeconf:: metadata.labels - - The Kubernetes :kube-docs:`labels - ` to apply to the - MinIO Tenant Object. - - Specify *at minimum* the following key-value pair: - - .. code-block:: yaml - :class: copyable - - metadata: - labels: - app: minio - -.. kubeconf:: metadata.annotations - - One or more Kubernetes :kube-docs:`annotations ` to - associate with the MinIO Tenant Object. - - MinIO Tenants support the following annotations: - - - ``prometheus.io/path: `` - - - ``prometheus.io/port: `` - - - ``prometheus.io/scrape: `` - -.. kubeconf:: spec - - The root field for the MinIO Tenant Specification. - -.. kubeconf:: spec.credsSecret - - The Kubernetes secret containing values to use for setting the MinIO access - key (:envvar:`MINIO_ACCESS_KEY`) and secret key (:envvar:`MINIO_SECRET_KEY`). - The MinIO Operator automatically generates the secret along with values for - the access and secret key if this field is omitted. - - Specify an object where the ``name`` field contains the name of the - Kubernetes secret to use: - - .. code-block:: yaml - - spec: - credsSecret: - name: minio-secret - - The Kubernetes secret should contain the following values: - - - ``data.accesskey`` - the Access Key for each :mc:`minio` server in the - Tenant. - - - ``data.secretkey`` - the Secret Key for each :mc:`minio` server in the - Tenant. - -.. kubeconf:: spec.env - - The environment variables available for use by the MinIO Tenant. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-envvar - :end-before: end-kubeapi-envvar - - -.. kubeconf:: spec.mountPath - - *Optional* - - The mount path for Persistent Volumes bound to :mc:`minio` pods in the - MinIO Tenant. - - Defaults to ``/export``. - - - -.. kubeconf:: spec.s3 - - *Optional* - - The S3-related features enabled on the MinIO Tenant. - - Specify any of the following supported features as part of the - :kubeconf:`~spec.s3` object: - - - ``bucketDNS: `` - specify ``true`` to enable DNS lookup of - buckets on the MinIO Tenant. - - - -.. kubeconf:: spec.subPath - - *Optional* - - The sub path appended to the :kubeconf:`spec.mountPath`. The resulting - full path is the directory in which MinIO stores data. - - For example, given a :kubeconf:`~spec.mountPath` of ``export`` and - a :kubeconf:`~spec.subPath` of ``minio``, the full mount path is - ``export/minio``. - - Defaults to empty (``""``). - -.. kubeconf:: spec.serverSet - - *Required* - - The configuration for each MinIO Server Set deployed in the MinIO Tenant. A - Server Set consists of one or more :mc:`minio` servers. - - Each element in the :kubeconf:`~spec.serverSet` array is an object that *must* - contain the following fields: - - - :kubeconf:`~spec.serverSet.servers` - - :kubeconf:`~spec.serverSet.volumeClaimTemplate` - - :kubeconf:`~spec.serverSet.volumesPerServer` - - :kubeconf:`~spec.serverSet` must have *at least* one element in the array. - -.. kubeconf:: spec.serverSet.affinity - - *Optional* - - The configuration for node affinity, pod affinity, and pod anti-affinity - applied to each pod in the Server Set. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-affinity - :end-before: end-kubeapi-affinity - -.. kubeconf:: spec.serverSet.name - - *Optional* - - The name of the MinIO Server Set object. - - The MinIO Operator automatically generates the Server Set - name if this field is omitted. - -.. kubeconf:: spec.serverSet.nodeSelector - - *Optional* - - The filter to apply when selecting which node or nodes on which to - deploy each pod in the Server Set. See the Kubernetes documentation on - :kube-docs:`Assigning Pods to Nodes - ` for more information. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-nodeselector - :end-before: end-kubeapi-nodeselector - -.. kubeconf:: spec.serverSet.resources - - *Optional* - - The :kube-docs:`resources - ` each pod in the - Server Set requests. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-resources - :end-before: end-kubeapi-resources - -.. kubeconf:: spec.serverSet.servers - - *Required* - - The number of :mc:`minio` pods to deploy in the Zone. - - The minimum number of servers is ``2``. MinIO recommends - a minimum of ``4`` servers for optimal availability and - distribution of data in the Server Set. - -.. kubeconf:: spec.serverSet.tolerations - - *Optional* - - The :kube-docs:`Tolerations - ` applied to pods - deployed in the Server Set. - -.. kubeconf:: spec.serverSet.volumeClaimTemplate - :noindex: - - *Required* - - The configuration template to apply to each Persistent Volume Claim (``PVC``) - created as part of the Server Set. - - See :kubeconf:`spec.serverSet.volumeClaimTemplate` for more complete - documentation on the full specification of the ``volumeClaimTemplate`` - object. - - The MinIO Operator calculates the number of ``PVC`` to generate by - multiplying :kubeconf:`spec.serverSet.volumesPerServer` by - :kubeconf:`spec.serverSet.servers`. - -.. kubeconf:: spec.serverSet.volumesPerServer - - *Required* - - The number of Persistent Volume Claims (``PVC``) to create for each - :kubeconf:`server ` in the Server Set. - - The total number of volumes in the Server Set *must* be greater than - 4. Specifically: - - .. parsed-literal:: - - :kubeconf:`~spec.serverSet.servers` X :kubeconf:`~spec.serverSet.volumesPerServer` > 4 - - The MinIO Operator calculates the number of ``PVC`` to generate by - multiplying :kubeconf:`spec.serverSet.volumesPerServer` by - :kubeconf:`spec.serverSet.servers`. - -Volume Claim Template -~~~~~~~~~~~~~~~~~~~~~ - -The following fields describe the template used to generate Persistent Volume -Claims (``PVC``) for use in the MinIO Tenant. - -.. parsed-literal:: - - spec: - serverSet: - - :kubeconf:`~spec.serverSet.volumeClaimTemplate` - :kubeconf:`~spec.serverSet.volumeClaimTemplate.apiVersion`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.kind`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.metadata`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.accessModes`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.dataSource`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.resources`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.selector`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.storageClassName`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.volumeMode`: - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.volumeName`: - status: - -.. kubeconf:: spec.serverSet.volumeClaimTemplate - - *Required* - - The configuration template to apply to each Persistent Volume Claim (``PVC``) - created as part of a :kubeconf:`Server Set `. The - :kubeconf:`~spec.serverSet.volumeClaimTemplate` dictates which Persistent Volumes - (``PV``) the generated ``PVC`` can bind to. - - The :kubeconf:`~spec.serverSet.volumeClaimTemplate` *requires* at minimum - the following fields: - - - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.resources` - - :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.accessModes` - - The MinIO Operator calculates the number of ``PVC`` to generate by - multiplying :kubeconf:`spec.serverSet.volumesPerServer` by - :kubeconf:`spec.serverSet.servers`. - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.apiVersion - - *Optional* - - The API Version of the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - Specify ``minio.min.io/v1``. - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.kind - - *Optional* - - The REST resource the object represents. - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.metadata - - *Optional* - - The metadata for the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-objectmeta - :end-before: end-kubeapi-objectmeta - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec - - The specification applied to each Persistent Volume Claim (``PVC``) created - using the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.accessModes - - *Required* - - The desired :kube-docs:`access mode - ` for each Persistent - Volume Claim (``PVC``) created using the - :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.dataSource - - *Optional* - - The data source to use for each Persistent Volume Claim (``PVC``) - created using the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.resources - - *Required* - - The resources requested by each Persistent Volume Claim (``PVC``) created - using the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - The :kubeconf:`~spec.serverSet.volumeClaimTemplate.spec.resources` object - *must* include a ``requests.storage`` object: - - .. code-block:: yaml - - spec: - serverSet: - - name: minio-server-set-1 - volumeClaimTemplate: - spec: - resources: - requests: - storage: - - The following table lists the supported units for the ``storage`` capacity. - - .. list-table:: - :header-rows: 1 - :widths: 20 80 - :width: 100% - - * - Suffix - - Unit Size - - * - ``k`` - - KB (Kilobyte, 1000 Bytes) - - * - ``m`` - - MB (Megabyte, 1000 Kilobytes) - - * - ``g`` - - GB (Gigabyte, 1000 Megabytes) - - * - ``t`` - - TB (Terrabyte, 1000 Gigabytes) - - * - ``ki`` - - KiB (Kibibyte, 1024 Bites) - - * - ``mi`` - - MiB (Mebibyte, 1024 Kibibytes) - - * - ``gi`` - - GiB (Gibibyte, 1024 Mebibytes) - - * - ``ti`` - - TiB (Tebibyte, 1024 Gibibytes) - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.selector - - *Optional* - - The selector logic to apply when querying available Persistent Volumes - (``PV``) for binding to the Persistent Volume Claim (``PVC``). - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.storageClassName - - *Optional* - - The storage class to apply to each Persistent Volume Claim (``PVC``) - created using the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.volumeMode - - *Optional* - - The type of Persistent Volume (``PV``) required by the claim. - Defaults to ``Filesystem`` if omitted. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-persistentvolumeclaimspec - :end-before: end-kubeapi-persistentvolumeclaimspec - -.. kubeconf:: spec.serverSet.volumeClaimTemplate.spec.volumeName - - *Optional* - - The name to apply to each Persistent Volume Claim (``PVC``) created - using the :kubeconf:`~spec.serverSet.volumeClaimTemplate`. - -MinIO Docker Image -~~~~~~~~~~~~~~~~~~ - -The following fields describe the Docker settings used by the -MinIO Tenant. - -.. parsed-literal:: - - spec: - :kubeconf:`~spec.image`: - :kubeconf:`~spec.imagePullPolicy`: - :kubeconf:`~spec.imagePullSecret`: - -.. kubeconf:: spec.image - - The Docker image to use for the :mc:`minio` server process. - - Defaults to the latest stable release of ``minio:minio`` if omitted. - -.. kubeconf:: spec.imagePullPolicy - - The Docker pull policy to use for the specified :kubeconf:`spec.image`. - - Specify one of the following values: - - - ``Always`` - Always pull the image. - - - ``Never`` - Never pull the image. - - - ``IfNotPresent`` - Pull the image if not already present. - - Defaults to ``IfNotPresent`` if omitted. - -.. kubeconf:: spec.imagePullSecret - - The secret to use for pulling images from private Docker repositories. - - -Transport Layer Encryption (TLS) -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following fields describe the Transport Layer Encryption (TLS) settings -of a MinIO Tenant, including automatic TLS certificate generation. - -.. parsed-literal:: - - spec: - :kubeconf:`~spec.requestAutoCert`: - :kubeconf:`~spec.certConfig`: - :kubeconf:`~spec.certConfig.commonName`: - :kubeconf:`~spec.certConfig.dnsNames`: - :kubeconf:`~spec.certConfig.organizationName`: - :kubeconf:`~spec.externalCertSecret`: - - name: - type: kubernetes.io/tls - :kubeconf:`~spec.externalClientCertSecret`: - name: - type: kubernetes.io/tls - -.. kubeconf:: spec.requestAutoCert - - *Optional* - - Specify ``true`` to enable automatic TLS certificate generation and - signing using the Kubernetes ``certificates.k8s.io`` API. The MinIO Operator - generates *self-signed* x.509 certificates. - - See the Kubernetes documentation on - :kube-docs:`Manage TLS Certificates in a Cluster - ` for more information. - - This field is **mutually exclusive** with - :kubeconf:`spec.externalCertSecret`. - -.. kubeconf:: spec.certConfig - - *Optional* - - The configuration settings to use when auto-generating x.509 certificates for - TLS encryption. - - Omit to allow the MinIO Operator to generate required fields in - each auto-generate x.509 certificates. - - If :kubeconf:`spec.requestAutoCert` is ``false`` or omitted, this field has - no effect. - -.. kubeconf:: spec.certConfig.commonName - - *Optional* - - The x.509 Common Name to use when generating x.509 certificates for TLS - encryption. Use wildcard patterns when constructing the ``commonName`` - to ensure the generated certificates match the Kubernetes-generated - DNS names of Tenant resources. See the Kubernetes documentation on - :kube-docs:`DNS for Services and Pods - ` for more information on - Kubernetes DNS. - - If :kubeconf:`spec.requestAutoCert` is ``false`` or omitted, this field has - no effect. - -.. kubeconf:: spec.certConfig.dnsNames - - *Optional* - - The DNS names to use when generating x.509 certificates for TLS encryption. - - If :kubeconf:`spec.requestAutoCert` is ``false`` or omitted, this field has - no effect. - -.. kubeconf:: spec.certConfig.organizationName - - *Optional* - - The x.509 Organization Name to use when generating x.509 certificates for - TLS encryption. - - If :kubeconf:`spec.requestAutoCert` is ``false`` or omitted, this field has - no effect. - -.. kubeconf:: spec.externalCertSecret - - *Optional* - - One or more Kubernetes secrets that contain custom TLS certificate and - private key pairs. Use this field for specifying certificates signed by - a Certificate Authority (CA) of your choice. - - Each item in the array contains an object where: - - - ``names`` specifies the name of the Kubernetes secret, and - - ``types`` specifies ``kubernetes.io/tls`` - - Use wildcard patterns when constructing the DNS-related fields - to ensure the generated certificates match the Kubernetes-generated - DNS names of Tenant resources. See the Kubernetes documentation on - :kube-docs:`DNS for Services and Pods - ` for more information on - Kubernetes DNS. - - .. code-block:: yaml - - spec: - externalCertSecret: - - name: tenant-external-cert-secret-name - type: kubernetes.io/tls - - This field is **mutually exclusive** with :kubeconf:`spec.requestAutoCert`. - -.. kubeconf:: spec.externalClientCertSecret - - *Optional* - - The Kubernetes secret that contains the custom Certificate Authority - certificate and private key used to sign x.509 certificates used by clients - connecting to the MinIO Tenant. - - Specify an object where: - - - ``names`` specifies the name of the Kubernetes secret, and - - ``types`` specifies ``kubernetes.io/tls`` - - .. code-block:: yaml - - spec: - externalClientCertSecret: - name: tenant-external-client-cert-secret-name - type: kubernetes.io/tls - - - - -MinIO Console Service -~~~~~~~~~~~~~~~~~~~~~ - -The following fields describe the settings for deploying the MinIO Console -in the MinIO Tenant. - -.. parsed-literal:: - - spec: - :kubeconf:`~spec.console`: - :kubeconf:`~spec.console.annotations`: - :kubeconf:`~spec.console.consoleSecret`: - name: - :kubeconf:`~spec.console.env`: - :kubeconf:`~spec.console.externalCertSecret`: - name: - type: kubernetes.io/tls - :kubeconf:`~spec.console.image`: - :kubeconf:`~spec.console.imagePullPolicy`: - :kubeconf:`~spec.console.labels`: - :kubeconf:`~spec.console.nodeSelector`: - :kubeconf:`~spec.console.replicas`: - :kubeconf:`~spec.console.resources`: - :kubeconf:`~spec.console.serviceAccountName`: - - -.. kubeconf:: spec.console - - *Optional* - - The root field for describing MinIO Console-related configuration - information. - - Omit to deploy the MinIO Tenant without an attached Console service. - -.. kubeconf:: spec.console.consoleSecret - - *Required if specifying* :kubeconf:`spec.console`. - - The Kubernetes Secret object that contains all environment variables required - by the MinIO Console. Specify the name of the secret as a subfield: - - .. code-block:: yaml - - spec: - console: - consoleSecret: - name: console-secret-name - -.. kubeconf:: spec.console.annotations - - *Optional* - - One or more Kubernetes :kube-docs:`annotations ` to - associate with the MinIO Console object. - -.. kubeconf:: spec.console.env - - *Optional* - - The environment variables available for use by the MinIO Console. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-envvar - :end-before: end-kubeapi-envvar - -.. kubeconf:: spec.console.externalCertSecret - - *Optional* - - The name of the Kubernetes secret containing the custom Certificate - Authority certificate and private key to use for configuring TLS on the - Console object. Specify an object where ``names`` specifies the name - of the secret and ``types`` specifies ``kubernetes.io/tls``: - - .. code-block:: yaml - - spec: - console: - externalCertSecret: - name: console-external-secret-cert-name - type: kubernetes.io/tls - -.. kubeconf:: spec.console.image - - *Optional* - - The name of the Docker image to use for deploying the MinIO Console. - - Defaults to the latest release of MinIO Console. - -.. kubeconf:: spec.console.imagePullPolicy - - *Optional* - - The pull policy for the Docker image. Defaults to ``IfNotPresent``. - -.. kubeconf:: spec.console.labels - - *Optional* - - The Kubernetes :kube-docs:`labels - ` to apply to the - MinIO Console object. - -.. kubeconf:: spec.console.nodeSelector - - *Optional* - - The filter to apply when selecting which node or nodes on which to - deploy the MinIO Console. See the Kubernetes documentation on - :kube-docs:`Assigning Pods to Nodes - ` for more information. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-nodeselector - :end-before: end-kubeapi-nodeselector - -.. kubeconf:: spec.console.replicas - - *Optional* - - The number of MinIO Console pods to create in the cluster. - -.. kubeconf:: spec.console.resources - - *Optional* - - The :kube-docs:`resources - ` each MinIO Console - object requests. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-resources - :end-before: end-kubeapi-resources - -.. kubeconf:: spec.console.serviceAccountName - - *Optional* - - The name of the - :kube-docs:`Service Account - ` used to run all - MinIO Console pods created as part of the Tenant. - - -MinIO Key Encryption Service -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following fields describe the settings for deploying the MinIO -Key Encryption Service (KES) in the MinIO Tenant. - -.. parsed-literal:: - - spec: - kes: - annotations: - labels: - clientCertSecret: - name: - type: kubernetes.io/tls - externalCertSecret: - name: - type: kubernetes.io/tls - image: - imagePullPolicy: - kesSecret: - nodeSelector: - replicas: - serviceAccountName: - -.. kubeconf:: spec.kes - - *Optional* - - The root field for describing MinIO Key Encryption Service-related - configuration information. - - Omit to deploy the MinIO Tenant without an attached KES service. - -.. kubeconf:: spec.kes.kesSecret - - *Required if specifying* :kubeconf:`spec.kes`. - - The Kubernetes Secret object that contains all environment variables required - by the MinIO KES. Specify the name of the secret as a subfield: - - .. code-block:: yaml - - spec: - kes: - kesSecret: - name: kes-secret-name - -.. kubeconf:: spec.kes.annotations - - *Optional* - - One or more Kubernetes :kube-docs:`annotations ` to - associate with the MinIO KES object. - -.. kubeconf:: spec.kes.env - - *Optional* - - The environment variables available for use by the MinIO KES. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-envvar - :end-before: end-kubeapi-envvar - -.. kubeconf:: spec.kes.externalCertSecret - - *Optional* - - The name of the Kubernetes secret containing the custom Certificate - Authority certificate and private key to use for configuring TLS on the - KES object. Specify an object where ``names`` specifies the name - of the secret and ``types`` specifies ``kubernetes.io/tls``: - - .. code-block:: yaml - - spec: - kes: - externalCertSecret: - name: kes-external-secret-cert-name - type: kubernetes.io/tls - -.. kubeconf:: spec.kes.image - - *Optional* - - The name of the Docker image to use for deploying MinIO KES. - - Defaults to the latest release of MinIO KES. - -.. kubeconf:: spec.kes.imagePullPolicy - - *Optional* - - The pull policy for the Docker image. Defaults to ``IfNotPresent``. - -.. kubeconf:: spec.kes.labels - - *Optional* - - The Kubernetes :kube-docs:`labels - ` to apply to the - MinIO KES object. - -.. kubeconf:: spec.kes.nodeSelector - - *Optional* - - The filter to apply when selecting which node or nodes on which to - deploy MinIO KES. See the Kubernetes documentation on - :kube-docs:`Assigning Pods to Nodes - ` for more information. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-nodeselector - :end-before: end-kubeapi-nodeselector - -.. kubeconf:: spec.kes.replicas - - *Optional* - - The number of MinIO Console pods to create in the cluster. - -.. kubeconf:: spec.kes.serviceAccountName - - *Optional* - - The name of the - :kube-docs:`Service Account - ` used to run all - MinIO KES pods created as part of the Tenant. - - -Pod Security, Scheduling, and Management -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -The following fields describe the settings for Pod Security, Pod Scheduling, -and Pod Management in the MinIO Tenant. - -.. parsed-literal:: - - spec: - :kubeconf:`~spec.securityContext`: - :kubeconf:`~spec.serviceAccountName`: - :kubeconf:`~spec.podManagementPolicy`: - :kubeconf:`~spec.priorityClassName`: - -.. kubeconf:: spec.securityContext - - *Optional* - - Root field for configuring the - :kube-docs:`Security Context - ` of pods created as part of - the MinIO Tenant. - - The MinIO Operator supports the following - :kube-api:`PodSecurityContext <#podsecuritycontext-v1-core>` fields: - - - ``fsGroup`` - - ``fsGroupChangePolicy`` - - ``runAsGroup`` - - ``runAsNonRoot`` - - ``runAsUser`` - - ``seLinuxOptions`` - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-securitycontext - :end-before: end-kubeapi-securitycontext - -.. kubeconf:: spec.serviceAccountName - - *Optional* - - The name of the - :kube-docs:`Service Account - ` used to run all - MinIO server :mc:`minio` pods created as part of the Tenant. - -.. kubeconf:: spec.podManagementPolicy - - *Optional* - - The :kube-docs:`Pod Management Policy - ` used - for pods created as part of the MinIO Tenant. - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-podmanagementpolicy - :end-before: end-kubeapi-podmanagementpolicy - -.. kubeconf:: spec.priorityClassName - - *Optional* - - The Pod :kube-docs:`Priority Class - ` to apply - to pods created as part of the MinIO Tenant. - - - .. include:: /includes/common-minio-kubernetes.rst - :start-after: start-kubeapi-priorityclassname - :end-before: end-kubeapi-priorityclassname - - - diff --git a/source/minio-cli/minio-mc-admin.rst b/source/reference/minio-cli/minio-mc-admin.rst similarity index 77% rename from source/minio-cli/minio-mc-admin.rst rename to source/reference/minio-cli/minio-mc-admin.rst index 3bd2f1fe..1d438f6b 100644 --- a/source/minio-cli/minio-mc-admin.rst +++ b/source/reference/minio-cli/minio-mc-admin.rst @@ -36,77 +36,77 @@ The following table lists :mc-cmd:`mc admin` commands: - Description * - :mc:`mc admin bucket remote` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst :start-after: start-mc-admin-bucket-remote-desc :end-before: end-mc-admin-bucket-remote-desc * - :mc:`mc admin bucket quota` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst :start-after: start-mc-admin-bucket-quota-desc :end-before: end-mc-admin-bucket-quota-desc * - :mc:`mc admin group` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-group.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-group.rst :start-after: start-mc-admin-group-desc :end-before: end-mc-admin-group-desc * - :mc:`mc admin heal` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-heal.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-heal.rst :start-after: start-mc-admin-heal-desc :end-before: end-mc-admin-heal-desc * - :mc:`mc admin info` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-info.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-info.rst :start-after: start-mc-admin-info-desc :end-before: end-mc-admin-info-desc * - :mc:`mc admin kms key` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-kms-key.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-kms-key.rst :start-after: start-mc-admin-kms-key-desc :end-before: end-mc-admin-kms-key-desc * - :mc:`mc admin obd` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-obd.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-obd.rst :start-after: start-mc-admin-obd-desc :end-before: end-mc-admin-obd-desc * - :mc:`mc admin policy` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-policy.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-policy.rst :start-after: start-mc-admin-policy-desc :end-before: end-mc-admin-policy-desc * - :mc:`mc admin profile` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-profile.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-profile.rst :start-after: start-mc-admin-profile-desc :end-before: end-mc-admin-profile-desc * - :mc:`mc admin prometheus` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-prometheus.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-prometheus.rst :start-after: start-mc-admin-prometheus-desc :end-before: end-mc-admin-prometheus-desc * - :mc:`mc admin service` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-service.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-service.rst :start-after: start-mc-admin-service-desc :end-before: end-mc-admin-service-desc * - :mc:`mc admin top` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-top.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-top.rst :start-after: start-mc-admin-top-desc :end-before: end-mc-admin-top-desc * - :mc:`mc admin trace` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-trace.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-trace.rst :start-after: start-mc-admin-trace-desc :end-before: end-mc-admin-trace-desc * - :mc:`mc admin update` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-update.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-update.rst :start-after: start-mc-admin-update-desc :end-before: end-mc-admin-update-desc * - :mc:`mc admin user` - - .. include:: /minio-cli/minio-mc-admin/mc-admin-user.rst + - .. include:: /reference/minio-cli/minio-mc-admin/mc-admin-user.rst :start-after: start-mc-admin-user-desc :end-before: end-mc-admin-user-desc @@ -164,4 +164,4 @@ Global Options :hidden: :glob: - /minio-cli/minio-mc-admin/* + /reference/minio-cli/minio-mc-admin/* diff --git a/source/minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-bucket-quota.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-bucket-remote.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-console.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-console.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-console.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-console.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-group.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-group.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-group.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-group.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-heal.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-heal.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-heal.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-heal.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-info.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-info.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-info.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-info.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-kms-key.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-kms-key.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-kms-key.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-kms-key.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-obd.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-obd.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-obd.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-obd.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-policy.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-policy.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-policy.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-policy.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-profile.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-profile.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-profile.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-profile.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-prometheus.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-prometheus.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-prometheus.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-prometheus.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-service.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-service.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-service.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-service.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-top.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-top.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-top.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-top.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-trace.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-trace.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-trace.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-trace.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-update.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-update.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-update.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-update.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin-user.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin-user.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin-user.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin-user.rst diff --git a/source/minio-cli/minio-mc-admin/mc-admin.config.rst b/source/reference/minio-cli/minio-mc-admin/mc-admin.config.rst similarity index 100% rename from source/minio-cli/minio-mc-admin/mc-admin.config.rst rename to source/reference/minio-cli/minio-mc-admin/mc-admin.config.rst diff --git a/source/minio-cli/minio-mc.rst b/source/reference/minio-cli/minio-mc.rst similarity index 84% rename from source/minio-cli/minio-mc.rst rename to source/reference/minio-cli/minio-mc.rst index ab511fc6..ec191729 100644 --- a/source/minio-cli/minio-mc.rst +++ b/source/reference/minio-cli/minio-mc.rst @@ -134,52 +134,52 @@ The following table lists :mc-cmd:`mc` commands: - Description * - :mc:`mc alias` - - .. include:: /minio-cli/minio-mc/mc-alias.rst + - .. include:: /reference/minio-cli/minio-mc/mc-alias.rst :start-after: start-mc-alias-desc :end-before: end-mc-alias-desc * - :mc:`mc cat` - - .. include:: /minio-cli/minio-mc/mc-cat.rst + - .. include:: /reference/minio-cli/minio-mc/mc-cat.rst :start-after: start-mc-cat-desc :end-before: end-mc-cat-desc * - :mc:`mc cp` - - .. include:: /minio-cli/minio-mc/mc-cp.rst + - .. include:: /reference/minio-cli/minio-mc/mc-cp.rst :start-after: start-mc-cp-desc :end-before: end-mc-cp-desc * - :mc:`mc diff` - - .. include:: /minio-cli/minio-mc/mc-diff.rst + - .. include:: /reference/minio-cli/minio-mc/mc-diff.rst :start-after: start-mc-diff-desc :end-before: end-mc-diff-desc * - :mc:`mc encrypt` - - .. include:: /minio-cli/minio-mc/mc-encrypt.rst + - .. include:: /reference/minio-cli/minio-mc/mc-encrypt.rst :start-after: start-mc-encrypt-desc :end-before: end-mc-encrypt-desc * - :mc:`mc event` - - .. include:: /minio-cli/minio-mc/mc-event.rst + - .. include:: /reference/minio-cli/minio-mc/mc-event.rst :start-after: start-mc-event-desc :end-before: end-mc-event-desc * - :mc:`mc find` - - .. include:: /minio-cli/minio-mc/mc-find.rst + - .. include:: /reference/minio-cli/minio-mc/mc-find.rst :start-after: start-mc-find-desc :end-before: end-mc-find-desc * - :mc:`mc head` - - .. include:: /minio-cli/minio-mc/mc-head.rst + - .. include:: /reference/minio-cli/minio-mc/mc-head.rst :start-after: start-mc-head-desc :end-before: end-mc-head-desc * - :mc:`mc ilm` - - .. include:: /minio-cli/minio-mc/mc-ilm.rst + - .. include:: /reference/minio-cli/minio-mc/mc-ilm.rst :start-after: start-mc-ilm-desc :end-before: end-mc-ilm-desc * - :mc:`mc legalhold` - - .. include:: /minio-cli/minio-mc/mc-legalhold.rst + - .. include:: /reference/minio-cli/minio-mc/mc-legalhold.rst :start-after: start-mc-legalhold-desc :end-before: end-mc-legalhold-desc @@ -188,82 +188,82 @@ The following table lists :mc-cmd:`mc` commands: :release:`RELEASE.2020-09-18T00-13-21Z`. Use :mc:`mc retention`. * - :mc:`mc ls` - - .. include:: /minio-cli/minio-mc/mc-ls.rst + - .. include:: /reference/minio-cli/minio-mc/mc-ls.rst :start-after: start-mc-ls-desc :end-before: end-mc-ls-desc * - :mc:`mc mb` - - .. include:: /minio-cli/minio-mc/mc-mb.rst + - .. include:: /reference/minio-cli/minio-mc/mc-mb.rst :start-after: start-mc-mb-desc :end-before: end-mc-mb-desc * - :mc:`mc mirror` - - .. include:: /minio-cli/minio-mc/mc-mirror.rst + - .. include:: /reference/minio-cli/minio-mc/mc-mirror.rst :start-after: start-mc-mirror-desc :end-before: end-mc-mirror-desc * - :mc:`mc mv` - - .. include:: /minio-cli/minio-mc/mc-mv.rst + - .. include:: /reference/minio-cli/minio-mc/mc-mv.rst :start-after: start-mc-mv-desc :end-before: end-mc-mv-desc * - :mc:`mc policy` - - .. include:: /minio-cli/minio-mc/mc-policy.rst + - .. include:: /reference/minio-cli/minio-mc/mc-policy.rst :start-after: start-mc-policy-desc :end-before: end-mc-policy-desc * - :mc:`mc rb` - - .. include:: /minio-cli/minio-mc/mc-rb.rst + - .. include:: /reference/minio-cli/minio-mc/mc-rb.rst :start-after: start-mc-rb-desc :end-before: end-mc-rb-desc * - :mc:`mc retention` - - .. include:: /minio-cli/minio-mc/mc-retention.rst + - .. include:: /reference/minio-cli/minio-mc/mc-retention.rst :start-after: start-mc-retention-desc :end-before: end-mc-retention-desc * - :mc:`mc rm` - - .. include:: /minio-cli/minio-mc/mc-rm.rst + - .. include:: /reference/minio-cli/minio-mc/mc-rm.rst :start-after: start-mc-rm-desc :end-before: end-mc-rm-desc * - :mc:`mc share` - - .. include:: /minio-cli/minio-mc/mc-share.rst + - .. include:: /reference/minio-cli/minio-mc/mc-share.rst :start-after: start-mc-share-desc :end-before: end-mc-share-desc * - :mc:`mc sql` - - .. include:: /minio-cli/minio-mc/mc-sql.rst + - .. include:: /reference/minio-cli/minio-mc/mc-sql.rst :start-after: start-mc-sql-desc :end-before: end-mc-sql-desc * - :mc:`mc stat` - - .. include:: /minio-cli/minio-mc/mc-stat.rst + - .. include:: /reference/minio-cli/minio-mc/mc-stat.rst :start-after: start-mc-stat-desc :end-before: end-mc-stat-desc * - :mc:`mc tag` - - .. include:: /minio-cli/minio-mc/mc-tag.rst + - .. include:: /reference/minio-cli/minio-mc/mc-tag.rst :start-after: start-mc-tag-desc :end-before: end-mc-tag-desc * - :mc:`mc tree` - - .. include:: /minio-cli/minio-mc/mc-tree.rst + - .. include:: /reference/minio-cli/minio-mc/mc-tree.rst :start-after: start-mc-tree-desc :end-before: end-mc-tree-desc * - :mc:`mc update` - - .. include:: /minio-cli/minio-mc/mc-update.rst + - .. include:: /reference/minio-cli/minio-mc/mc-update.rst :start-after: start-mc-update-desc :end-before: end-mc-update-desc * - :mc:`mc version` - - .. include:: /minio-cli/minio-mc/mc-version.rst + - .. include:: /reference/minio-cli/minio-mc/mc-version.rst :start-after: start-mc-version-desc :end-before: end-mc-version-desc * - :mc:`mc watch` - - .. include:: /minio-cli/minio-mc/mc-watch.rst + - .. include:: /reference/minio-cli/minio-mc/mc-watch.rst :start-after: start-mc-watch-desc :end-before: end-mc-watch-desc @@ -359,7 +359,7 @@ All :ref:`commands ` support the following global options: :hidden: :glob: - /minio-cli/minio-mc/* + /reference/minio-cli/minio-mc/* diff --git a/source/minio-cli/minio-mc/mc-alias.rst b/source/reference/minio-cli/minio-mc/mc-alias.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-alias.rst rename to source/reference/minio-cli/minio-mc/mc-alias.rst diff --git a/source/minio-cli/minio-mc/mc-cat.rst b/source/reference/minio-cli/minio-mc/mc-cat.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-cat.rst rename to source/reference/minio-cli/minio-mc/mc-cat.rst diff --git a/source/minio-cli/minio-mc/mc-cp.rst b/source/reference/minio-cli/minio-mc/mc-cp.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-cp.rst rename to source/reference/minio-cli/minio-mc/mc-cp.rst diff --git a/source/minio-cli/minio-mc/mc-diff.rst b/source/reference/minio-cli/minio-mc/mc-diff.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-diff.rst rename to source/reference/minio-cli/minio-mc/mc-diff.rst diff --git a/source/minio-cli/minio-mc/mc-encrypt.rst b/source/reference/minio-cli/minio-mc/mc-encrypt.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-encrypt.rst rename to source/reference/minio-cli/minio-mc/mc-encrypt.rst diff --git a/source/minio-cli/minio-mc/mc-event.rst b/source/reference/minio-cli/minio-mc/mc-event.rst similarity index 96% rename from source/minio-cli/minio-mc/mc-event.rst rename to source/reference/minio-cli/minio-mc/mc-event.rst index a12e8390..77929449 100644 --- a/source/minio-cli/minio-mc/mc-event.rst +++ b/source/reference/minio-cli/minio-mc/mc-event.rst @@ -21,7 +21,7 @@ the bucket event notifications. MinIO automatically sends triggered events to the configured notification targets. MinIO supports notification targets like AMQP, Redis, ElasticSearch, NATS and PostgreSQL. See -:doc:`MinIO Bucket Notifications ` +:doc:`MinIO Bucket Notifications ` for more information. .. end-mc-event-desc @@ -171,7 +171,7 @@ Syntax The MinIO server outputs an ARN for each configured notification target at server startup. See - :doc:`/minio-features/bucket-notifications` for more + :doc:`/concepts/bucket-notifications` for more information. .. mc-cmd:: event @@ -232,7 +232,7 @@ Syntax The MinIO server outputs an ARN for each configured notification target at server startup. See - :doc:`/minio-features/bucket-notifications` for more information. + :doc:`/concepts/bucket-notifications` for more information. .. mc-cmd:: force :option: @@ -302,7 +302,7 @@ Syntax The MinIO server outputs an ARN for each configured notification target at server startup. See - :doc:`/minio-features/bucket-notifications` for more information. + :doc:`/concepts/bucket-notifications` for more information. diff --git a/source/minio-cli/minio-mc/mc-find.rst b/source/reference/minio-cli/minio-mc/mc-find.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-find.rst rename to source/reference/minio-cli/minio-mc/mc-find.rst diff --git a/source/minio-cli/minio-mc/mc-head.rst b/source/reference/minio-cli/minio-mc/mc-head.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-head.rst rename to source/reference/minio-cli/minio-mc/mc-head.rst diff --git a/source/minio-cli/minio-mc/mc-ilm.rst b/source/reference/minio-cli/minio-mc/mc-ilm.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-ilm.rst rename to source/reference/minio-cli/minio-mc/mc-ilm.rst diff --git a/source/minio-cli/minio-mc/mc-legalhold.rst b/source/reference/minio-cli/minio-mc/mc-legalhold.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-legalhold.rst rename to source/reference/minio-cli/minio-mc/mc-legalhold.rst diff --git a/source/minio-cli/minio-mc/mc-lock.rst b/source/reference/minio-cli/minio-mc/mc-lock.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-lock.rst rename to source/reference/minio-cli/minio-mc/mc-lock.rst diff --git a/source/minio-cli/minio-mc/mc-ls.rst b/source/reference/minio-cli/minio-mc/mc-ls.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-ls.rst rename to source/reference/minio-cli/minio-mc/mc-ls.rst diff --git a/source/minio-cli/minio-mc/mc-mb.rst b/source/reference/minio-cli/minio-mc/mc-mb.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-mb.rst rename to source/reference/minio-cli/minio-mc/mc-mb.rst diff --git a/source/minio-cli/minio-mc/mc-mirror.rst b/source/reference/minio-cli/minio-mc/mc-mirror.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-mirror.rst rename to source/reference/minio-cli/minio-mc/mc-mirror.rst diff --git a/source/minio-cli/minio-mc/mc-mv.rst b/source/reference/minio-cli/minio-mc/mc-mv.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-mv.rst rename to source/reference/minio-cli/minio-mc/mc-mv.rst diff --git a/source/minio-cli/minio-mc/mc-policy.rst b/source/reference/minio-cli/minio-mc/mc-policy.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-policy.rst rename to source/reference/minio-cli/minio-mc/mc-policy.rst diff --git a/source/minio-cli/minio-mc/mc-rb.rst b/source/reference/minio-cli/minio-mc/mc-rb.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-rb.rst rename to source/reference/minio-cli/minio-mc/mc-rb.rst diff --git a/source/minio-cli/minio-mc/mc-replicate.rst b/source/reference/minio-cli/minio-mc/mc-replicate.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-replicate.rst rename to source/reference/minio-cli/minio-mc/mc-replicate.rst diff --git a/source/minio-cli/minio-mc/mc-retention.rst b/source/reference/minio-cli/minio-mc/mc-retention.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-retention.rst rename to source/reference/minio-cli/minio-mc/mc-retention.rst diff --git a/source/minio-cli/minio-mc/mc-rm.rst b/source/reference/minio-cli/minio-mc/mc-rm.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-rm.rst rename to source/reference/minio-cli/minio-mc/mc-rm.rst diff --git a/source/minio-cli/minio-mc/mc-share.rst b/source/reference/minio-cli/minio-mc/mc-share.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-share.rst rename to source/reference/minio-cli/minio-mc/mc-share.rst diff --git a/source/minio-cli/minio-mc/mc-sql.rst b/source/reference/minio-cli/minio-mc/mc-sql.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-sql.rst rename to source/reference/minio-cli/minio-mc/mc-sql.rst diff --git a/source/minio-cli/minio-mc/mc-stat.rst b/source/reference/minio-cli/minio-mc/mc-stat.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-stat.rst rename to source/reference/minio-cli/minio-mc/mc-stat.rst diff --git a/source/minio-cli/minio-mc/mc-tag.rst b/source/reference/minio-cli/minio-mc/mc-tag.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-tag.rst rename to source/reference/minio-cli/minio-mc/mc-tag.rst diff --git a/source/minio-cli/minio-mc/mc-tree.rst b/source/reference/minio-cli/minio-mc/mc-tree.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-tree.rst rename to source/reference/minio-cli/minio-mc/mc-tree.rst diff --git a/source/minio-cli/minio-mc/mc-update.rst b/source/reference/minio-cli/minio-mc/mc-update.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-update.rst rename to source/reference/minio-cli/minio-mc/mc-update.rst diff --git a/source/minio-cli/minio-mc/mc-version.rst b/source/reference/minio-cli/minio-mc/mc-version.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-version.rst rename to source/reference/minio-cli/minio-mc/mc-version.rst diff --git a/source/minio-cli/minio-mc/mc-watch.rst b/source/reference/minio-cli/minio-mc/mc-watch.rst similarity index 100% rename from source/minio-cli/minio-mc/mc-watch.rst rename to source/reference/minio-cli/minio-mc/mc-watch.rst diff --git a/source/minio-server/minio-server.rst b/source/reference/minio-server/minio-server.rst similarity index 97% rename from source/minio-server/minio-server.rst rename to source/reference/minio-server/minio-server.rst index 030fe7cb..2ab50571 100644 --- a/source/minio-server/minio-server.rst +++ b/source/reference/minio-server/minio-server.rst @@ -24,10 +24,11 @@ The :mc:`minio server` command starts the MinIO server process: minio server /mnt/disk{1...4} For examples of deploying :mc:`minio server` on a bare metal environment, -see :ref:`minio-baremetal`. +see :ref:`minio-installation`. For examples of deploying :mc:`minio server` on a Kubernetes environment, -see :ref:`minio-kubernetes`. +see :docs-k8s:`Kubernetes documentation <>`. + Configuration Settings ~~~~~~~~~~~~~~~~~~~~~~ @@ -63,7 +64,7 @@ The command accepts the following arguments: For distributed deployments, specify the hostname of each :mc:`minio server` in the deployment. The group of :mc:`minio server` processes represent a - single :ref:`Server Set `. + single :ref:`Server Pool `. :mc-cmd:`~minio server HOSTNAME` supports MinIO expansion notation ``{x...y}`` to denote a sequential series of hostnames. MinIO *requires* @@ -79,11 +80,11 @@ The command accepts the following arguments: You must run the :mc:`minio server` command with the *same* combination of :mc-cmd:`~minio server HOSTNAME` and :mc-cmd:`~minio server DIRECTORIES` on - each host in the Server Set. + each host in the Server Pool. Each additional ``HOSTNAME/DIRECTORIES`` pair denotes an additional Server Set for the purpose of horizontal expansion of the MinIO deployment. For more - information on Server Sets, see :ref:`Server Set `. + information on Server Pools, see :ref:`Server Pool `. .. mc-cmd:: DIRECTORIES diff --git a/source/security/IAM/iam-providers.rst b/source/security/IAM/iam-providers.rst deleted file mode 100644 index b5586243..00000000 --- a/source/security/IAM/iam-providers.rst +++ /dev/null @@ -1,11 +0,0 @@ -========= -Providers -========= - -.. default-domain:: minio - -.. contents:: Table of Contents - :local: - :depth: 1 - -Stub - might duplicate STS page? \ No newline at end of file diff --git a/source/security/IAM/iam-security-token-service.rst b/source/security/IAM/iam-security-token-service.rst index 23d1a4b3..88233421 100644 --- a/source/security/IAM/iam-security-token-service.rst +++ b/source/security/IAM/iam-security-token-service.rst @@ -1,5 +1,7 @@ .. _minio-sts: +:orphan: + ====================== Security Token Service ====================== @@ -10,6 +12,13 @@ Security Token Service :local: :depth: 2 +.. important:: + + This page is under active development and isn't ready for prime-time. + If you've found this page, consider checking out our legacy documentation on + :legacy:`MinIO STS Quickstart Guide ` + for more information. + Overview -------- diff --git a/source/security/IAM/identity-access-management.rst b/source/security/IAM/identity-access-management.rst index ed3eca90..e95d5de2 100644 --- a/source/security/IAM/identity-access-management.rst +++ b/source/security/IAM/identity-access-management.rst @@ -61,10 +61,9 @@ For complete documentation on creating MinIO users and groups, see :ref:`minio-users` and :ref:`minio-groups`. MinIO *also* supports federating identity management to supported third-party -services through the :ref:`Secure Token Service `. Supported -identity providers include Okta, Facebook, Google, and Active Directory/LDAP. -For more complete documentation on MinIO STS configuration, see -:ref:`minio-sts`. +services through the :legacy:`Secure Token Service +`. Supported identity providers include Okta, +Facebook, Google, and Active Directory/LDAP. Policies -------- @@ -85,12 +84,19 @@ policy building tools. For more complete documentation on MinIO policies, see To assign policies to users or groups, use the :mc-cmd:`mc admin policy set` command from the :program:`mc` command line tool. +Security Token Service +---------------------- + +The MinIO Security Token Service (STS) is an endpoint service that +enables clients to request temporary credentials for MinIO resources. + +See :legacy:`MinIO STS Quickstart Guide ` +for more information. + .. toctree:: :hidden: :titlesonly: /security/IAM/iam-users /security/IAM/iam-groups - /security/IAM/iam-policies - /security/IAM/iam-providers - /security/IAM/iam-security-token-service \ No newline at end of file + /security/IAM/iam-policies \ No newline at end of file diff --git a/source/security/encryption/encryption-key-management.rst b/source/security/encryption/encryption-key-management.rst index 0d4ad838..d64c425b 100644 --- a/source/security/encryption/encryption-key-management.rst +++ b/source/security/encryption/encryption-key-management.rst @@ -19,10 +19,8 @@ objects, where MinIO uses a secret key to encrypt and store objects on disk. Only clients with access to the correct secret key can decrypt and read the object. - - -See :ref:`Server-Side Object Encryption (SSE) ` for more complete -instructions on configuring MinIO for object encryption. +See the legacy documentation on :legacy:`MinIO Security Overview +` for more information. Transport Layer Security (TLS) ------------------------------ @@ -30,8 +28,6 @@ Transport Layer Security (TLS) MinIO supports :ref:`Transport Layer Security (TLS) ` encryption of incoming and outgoing traffic. - - TLS is the successor to Secure Socket Layer (SSL) encryption. SSL is fully `deprecated `__ as of June 30th, 2018. MinIO uses only supported (non-deprecated) TLS protocols (TLS 1.2 and later). @@ -43,7 +39,4 @@ for more complete instructions on configuring MinIO for TLS. :titlesonly: :hidden: - /security/encryption/server-side-encryption /security/encryption/transport-layer-security - /security/encryption/minio-kes - /security/encryption/sse-s3-thales diff --git a/source/security/encryption/minio-kes.rst b/source/security/encryption/minio-kes.rst deleted file mode 100644 index ab44066c..00000000 --- a/source/security/encryption/minio-kes.rst +++ /dev/null @@ -1,84 +0,0 @@ -.. _minio-kes: - -============================ -MinIO Key Encryption Service -============================ - -.. default-domain:: minio - -.. contents:: Table of Contents - :local: - :depth: 2 - -Overview --------- - -The MinIO Key Encryption Service (KES) is a stateless and distributed -key-management system for high-performance applications. KES provides -a bridge between applications running in bare-metal or orchestrated -environments to centralised KMS solutions. - - - -KES is designed for simplicity, scalability, and security. It requires -minimal configuration to enable full functionality and requires only -basic familiarity with cryptography or key-management concepts. - -MinIO servers require KES for performing Server-Side Encryption (SSE) of objects -using Key Management Services (KMS). - -KES Server Process ------------------- - -.. mc:: kes server - -:mc:`kes server` command starts the KES server. The :mc:`kes server` process -handles requests for creating and retrieving cryptography keys from a supported -Key Management System (KMS). - -The command has the following syntax: - -.. code-block:: shell - :class: copyable - - kes server --cert CERTIFICATE --key PRIVATEKEY --root ROOT_IDENTITY [OPTIONAL_FLAGS] - -:mc:`kes server` supports the following arguments: - -.. mc-cmd:: cert - :option: - - The location of the public certificate ``.crt`` to use for - enabling :abbr:`TLS (Transport Layer Encryption)`. - -.. mc-cmd:: config - :option: - - The path to the KES configuration file. See :ref:`minio-kes-config` for - more information on the configuration file format and contents. - -.. mc-cmd:: key - :option: - - The location of the private key ``.key`` to use for enabling - :abbr:`TLS (Transport Layer Encryption`). - -.. mc-cmd:: root - :option: - - ToDo: Description - -.. mc-cmd:: port - :option: - - The port on which the :mc:`kes server` listens. - - Defaults to ``7373``. - -.. _minio-kes-config: - -KES Configuration File ----------------------- - -ToDo: Import https://github.com/minio/kes/wiki/Configuration , need to -include instructions on how to set the config file (directory, cli option etc.) \ No newline at end of file diff --git a/source/security/encryption/server-side-encryption.rst b/source/security/encryption/server-side-encryption.rst index 091c158f..f98806f5 100644 --- a/source/security/encryption/server-side-encryption.rst +++ b/source/security/encryption/server-side-encryption.rst @@ -1,3 +1,4 @@ +:orphan: .. _minio-sse: ============================= @@ -10,6 +11,13 @@ Server-Side Object Encryption :local: :depth: 1 +.. important:: + + This page is under active development and isn't ready for prime-time. + If you've found this page, consider checking out our legacy documentation on + :legacy:`MinIO Security Overview ` while + we work on cleaning this page up. + Overview -------- @@ -27,7 +35,7 @@ SSE-C SSE-S3 The server uses a secret key managed by a Key Management System (KMS) to perform encryption and decryption. SSE-S3 requires using - :ref:`MinIO KES ` and a supported KMS. + :minio-git:`MinIO KES ` and a supported KMS. Encryption Process Overview --------------------------- @@ -109,8 +117,8 @@ the KMS provide the following services: the data key and return the plain data key. Enabling SSE-S3 requires deploying one or more -:ref:`MinIO Key Encryption Servers (KES) ` and configuring the -:mc:`minio` server for access to KES. The KES handles processing +:minio-git:`MinIO Key Encryption Service (KES) instances ` and +configuring the :mc:`minio` server for access to KES. The KES handles processing cryptographic key requests to the KMS service. With SSE-S3, the MinIO server requests a new data key for each uploaded object @@ -129,8 +137,6 @@ requests a new data key from the KMS using the master key ID of the current MinIO KMS configuration and re-wraps the OEK with a new KEK derived from the new data key / EK. - - Only the root MinIO user can perform an SSE-S3 key rotation using the Admin-API via the ``mc`` client. Refer to the ``mc admin guide`` diff --git a/source/security/encryption/sse-s3-thales.rst b/source/security/encryption/sse-s3-thales.rst deleted file mode 100644 index 02312da9..00000000 --- a/source/security/encryption/sse-s3-thales.rst +++ /dev/null @@ -1,57 +0,0 @@ -============================================== -Server-Side Encryption with Thales CipherTrust -============================================== - -.. default-domain:: minio - -.. contents:: Table of Contents - :local: - :depth: 2 - -Overview --------- - -Paragraph summarizing SSE-S3 and Thales CipherTrust as a KMS. - -Note that Gemalto KeySecure is now Thales CipherTrust. - -Prerequisites -------------- - -Thales CipherTrust Deployment -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -High-Level description of CipherTrust requirements: - -- What access will the user need? -- What versions do we support? - -MinIO Key Encryption Service -~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -High-level description of KES requirements: - -- A host for deploying at least one KES server -- For Kubernetes, at least one node with enough resources to run the server - -MinIO Server -~~~~~~~~~~~~ - -High-level description of MinIO server requirements: - -- ? - -Procedure ---------- - -1) Configure CipherTrust Manager for MinIO Access -~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - -Substeps: - -1. Foo - -2. Bar - -2) Configure KES... -~~~~~~~~~~~~~~~~~~~ diff --git a/source/security/encryption/transport-layer-security.rst b/source/security/encryption/transport-layer-security.rst index 4b84a96e..3c909336 100644 --- a/source/security/encryption/transport-layer-security.rst +++ b/source/security/encryption/transport-layer-security.rst @@ -30,11 +30,6 @@ You can customize the certificate directory by passing the ``--certs-dir`` option to ``minio server``. The ``certs`` directory must also include any intermediate certificates required to establish a chain of trust to the root CA. -Creating a Certificate for a MinIO Server ------------------------------------------ - -This section includes guidance for creating a private key and public -certificate for a MinIO Server instance. - -For MinIO deployments on Kubernetes, see the -tutorial for more specific instructions. +For more information, see +:minio-git:`How to secure access to MinIO server with TLS +`. \ No newline at end of file diff --git a/source/tutorials/minio-installation.rst b/source/tutorials/minio-installation.rst new file mode 100644 index 00000000..8d006512 --- /dev/null +++ b/source/tutorials/minio-installation.rst @@ -0,0 +1,346 @@ +.. _minio-installation: + +============ +Installation +============ + +.. default-domain:: minio + +.. contents:: Table of Contents + :local: + :depth: 2 + +MinIO is a high performance distributed object storage server, designed for +large-scale private cloud infrastructure. MinIO fully supports deployment onto +bare-metal hardware with or without containerization for process management. + +Distributed Installation +------------------------ + +Distributed MinIO deployments consist of multiple ``minio`` servers with +one or more disks each. Distributed deployments are best suited for +staging and production environments. + +MinIO *requires* using sequentially-numbered hostnames to represent each +``minio`` server in the deployment. For example, the following hostnames support +a 4-node distributed deployment: + +- ``minio1.example.com`` +- ``minio2.example.com`` +- ``minio3.example.com`` +- ``minio4.example.com`` + +Create the necessary DNS hostname mappings *prior* to starting this +procedure. + +1\) Install the ``minio`` Server + Install the :program:`minio` server onto each host machine in the deployment. + Select the tab that corresponds to the host machine operating system or + environment: + + .. include:: /includes/minio-server-installation.rst + +2\) Add TLS/SSL Certificates (Optional) + Enable TLS/SSL connectivity to the MinIO server by specifying a private key + (``.key``) and public certificate (``.crt``) to the MinIO ``certs`` directory: + + - For Linux/MacOS: ``${HOME}/.minio/certs`` + + - For Windows: ``%%USERPROFILE%%\.minio\certs`` + + The MinIO server automatically enables TLS/SSL connectivity if it detects + the required certificates in the ``certs`` directory. + + .. note:: + + The MinIO documentation makes a best-effort to provide generally applicable + and accurate information on TLS/SSL connectivity in the context of MinIO + products and services, and is not intended as a complete guide to the larger + topic of TLS/SSL certificate creation and management. + +3\) Run the ``minio`` Server + Issue the following command on each host machine in the deployment. The + following example assumes that: + + - The deployment has four host machines with sequential hostnames (i.e. + ``minio1.example.com``, ``minio2.example.com``). + + - Each host machine has *at least* four disks mounted at ``/data``. 4 disks + is the minimum required for :ref:`erasure coding `. + + .. code-block:: shell + :class: copyable + + export MINIO_ACCESS_KEY=minio-admin + export MINIO_SECRET_KEY=minio-secret-key-CHANGE-ME + minio server https://minio{1...4}.example.com/mnt/disk{1...4}/data + + The example command breaks down as follows: + + .. list-table:: + :widths: 40 60 + :width: 100% + + * - :envvar:`MINIO_ACCESS_KEY` + - The access key for the :ref:`root ` user. + + Replace this value with a unique, random, and long string. + + * - :envvar:`MINIO_SECRET_KEY` + - The corresponding secret key to use for the + :ref:`root ` user. + + Replace this value with a unique, random, and long string. + + * - ``https://minio{1...4}.example.com/`` + - The DNS hostname of each server in the distributed deployment. + + * - ``/mnt/disk{1...4}/data`` + - The path to each disk on the host machine. + + ``/data`` is an optional folder in which the ``minio`` server stores + all information related to the deployment. + + See :mc-cmd:`minio server DIRECTORIES` for more information on + configuring the backing storage for the :mc:`minio server` process. + + The command uses MinIO expansion notation ``{x...y}`` to denote a sequential + series. Specifically: + + - The hostname ``https://minio{1...4}.example.com`` expands to: + + - ``https://minio1.example.com`` + - ``https://minio2.example.com`` + - ``https://minio3.example.com`` + - ``https://minio4.example.com`` + + - ``/mnt/disk{1...4}/data`` expands to + + - ``/mnt/disk1/data`` + - ``/mnt/disk2/data`` + - ``/mnt/disk3/data`` + - ``/mnt/disk4/data`` + +4\) Connect to the Server + Use the :mc-cmd:`mc alias set` command from a machine with connectivity to any + hostname running the ``minio`` server. See :ref:`mc-install` for documentation + on installing :program:`mc`. + + .. code-block:: shell + :class: copyable + + mc alias set mylocalminio minio1.example.net minioadmin minio-secret-key-CHANGE-ME + + See :ref:`minio-mc-commands` for a list of commands you can run on the + MinIO server. + +Docker Installation +------------------- + +Stable MinIO +~~~~~~~~~~~~ + +The following ``docker`` command creates a container running the latest stable +version of the ``minio`` server process: + +.. code-block:: shell + :class: copyable + + docker run -p 9000:9000 \ + -e "MINIO_ACCESS_KEY=ROOT_ACCESS_KEY" \ + -e "MINIO_SECRET_KEY=SECRET_ACCESS_KEY_CHANGE_ME" \ + -v /mnt/disk1:/disk1 \ + -v /mnt/disk2:/disk2 \ + -v /mnt/disk3:/disk3 \ + -v /mnt/disk4:/disk4 \ + minio/minio server /disk{1...4} + +The command uses the following options: + +- ``-e MINIO_ACCESS_KEY`` and ``-e MINIO_SECRET_KEY`` for configuring the + :ref:`root ` user credentials. + +- ``-v /mnt/disk:/disk`` for configuring each disk the ``minio`` + server uses. + +Bleeding Edge MinIO +~~~~~~~~~~~~~~~~~~~ + +*Do not use bleeding-edge deployments of MinIO in production environments* + +The following ``docker`` command creates a container running the latest +bleeding-edge version of the ``minio`` server process: + +.. code-block:: shell + :class: copyable + + docker run -p 9000:9000 \ + -e "MINIO_ACCESS_KEY=ROOT_ACCESS_KEY" \ + -e "MINIO_SECRET_KEY=SECRET_ACCESS_KEY_CHANGE_ME" \ + -v /mnt/disk1:/disk1 \ + -v /mnt/disk2:/disk2 \ + -v /mnt/disk3:/disk3 \ + -v /mnt/disk4:/disk4 \ + minio/minio:edge server /disk{1...4} + +The command uses the following options: + +- ``MINIO_ACCESS_KEY`` and ``MINIO_SECRET_KEY`` for configuring the + :ref:`root ` user credentials. + +- ``-v /mnt/disk:/disk`` for configuring each disk the ``minio`` + server uses. + +Standalone Installation +----------------------- + +Standalone MinIO deployments consist of a single ``minio`` server process with +one or more disks. Standalone deployments are best suited for local development +environments. + +1\) Install the ``minio`` Server + Install the :program:`minio` server onto the host machine. Select the tab that + corresponds to the host machine operating system or environment: + + .. include:: /includes/minio-server-installation.rst + +2\) Add TLS/SSL Certificates (Optional) + Enable TLS/SSL connectivity to the MinIO server by specifying a private key + (``.key``) and public certificate (``.crt``) to the MinIO ``certs`` directory: + + - For Linux/MacOS: ``${HOME}/.minio/certs`` + + - For Windows: ``%%USERPROFILE%%\.minio\certs`` + + The MinIO server automatically enables TLS/SSL connectivity if it detects + the required certificates in the ``certs`` directory. + + .. note:: + + The MinIO documentation makes a best-effort to provide generally applicable + and accurate information on TLS/SSL connectivity in the context of MinIO + products and services, and is not intended as a complete guide to the larger + topic of TLS/SSL certificate creation and management. + +3\) Run the ``minio`` Server + Issue the following command to start the :program:`minio` server. The following + example assumes the host machine has *at least* four disks, which is the minimum + required number of disks to enable :ref:`erasure coding `: + + .. code-block:: shell + :class: copyable + + export MINIO_ACCESS_KEY=minio-admin + export MINIO_SECRET_KEY=minio-secret-key-CHANGE-ME + minio server /mnt/disk{1...4}/data + + The example command breaks down as follows: + + .. list-table:: + :widths: 40 60 + :width: 100% + + * - :envvar:`MINIO_ACCESS_KEY` + - The access key for the :ref:`root ` user. + + Replace this value with a unique, random, and long string. + + * - :envvar:`MINIO_SECRET_KEY` + - The corresponding secret key to use for the + :ref:`root ` user. + + Replace this value with a unique, random, and long string. + + * - ``/mnt/disk{1...4}/data`` + - The path to each disk on the host machine. + + ``/data`` is an optional folder in which the ``minio`` server stores + all information related to the deployment. + + See :mc-cmd:`minio server DIRECTORIES` for more information on + configuring the backing storage for the :mc:`minio server` process. + + The command uses MinIO expansion notation ``{x...y}`` to denote a sequential + series. Specifically, ``/mnt/disk{1...4}/data`` expands to: + + - ``/mnt/disk1/data`` + - ``/mnt/disk2/data`` + - ``/mnt/disk3/data`` + - ``/mnt/disk4/data`` + +4\) Connect to the Server + Use the :mc-cmd:`mc alias set` command from a machine with connectivity to + the host running the ``minio`` server. See :ref:`mc-install` for documentation + on installing :program:`mc`. + + .. code-block:: shell + :class: copyable + + mc alias set mylocalminio 192.0.2.10:9000 minioadmin minio-secret-key-CHANGE-ME + + Replace the IP address and port with one of the ``minio`` servers endpoints. + + See :ref:`minio-mc-commands` for a list of commands you can run on the + MinIO server. + +Deployment Recommendations +-------------------------- + +Minimum Nodes per Deployment +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +For all production deployments, MinIO recommends a *minimum* of 4 nodes per +cluster. MinIO deployments with *at least* 4 nodes can tolerate the loss of up +to half the nodes *or* half the disks in the deployment while maintaining +read and write availability. + +For example, assuming a 4-node deployment with 4 drives per node, the +cluster can tolerate the loss of: + +- Any two nodes, *or* +- Any 8 drives. + +The minimum recommendation reflects MinIO's experience with assisting enterprise +customers in deploying on a variety of IT infrastructures while +maintaining the desired SLA/SLO. While MinIO may run on less than the +minimum recommended topology, any potential cost savings come at the risk of +decreased reliability. + +Recommended Hardware +~~~~~~~~~~~~~~~~~~~~ + +For MinIO's recommended hardware, please see +`MinIO Reference Hardware `__. + +Bare Metal Infrastructure +~~~~~~~~~~~~~~~~~~~~~~~~~ + +A distributed MinIO deployment can only provide as much availability as the +bare metal infrastructure on which it is deployed. In particular, consider the +following potential failure points which could result in cluster downtime +when configuring your bare metal infrastructure: + +- Shared networking resources (switches, routers, ISP). +- Shared power resources. +- Shared physical location (rack, datacenter, region). + +MinIO deployments using virtual machines or containerized environments should +also consider the following: + +- Shared physical hardware (CPU, Memory, Storage) +- Shared orchestration management layer (Kubernetes, Docker Swarm) + +FreeBSD +------- + +MinIO does not provide an official FreeBSD binary. FreeBSD maintains an +`upstream release `__ you can +install using `pkg `__: + +.. code-block:: shell + :class: copyable + + pkg install minio + sysrc minio_enable=yes + sysrc minio_disks=/path/to/disks + service minio start \ No newline at end of file