2.5 KiB
Modify a MinIO Tenant
minio
Table of Contents
The procedures on this page use the MinIO Operator Console <minio-operator-console>
for modifying an existing tenant.
Modify Tenant TLS Configuration
The MinIO Operator Console supports adding and removing TLS certificates from a MinIO Tenant.
From the Operator Console view, select the Tenant to open the summary
view, then select Security. You can make the following
modifications:
- Enable or Disable TLS
-
Toggle the
TLSswitch to direct the Operator to either enable or disable TLS for the deployment. The MinIO Operator automatically generates the necessary TLS certificates using the Kubernetes TLS API. Seeminio-tls-user-generatedfor more information. - Add Custom TLS Certificates
-
MinIO Tenants support Server Name Indication (SNI), where the MinIO server identifies which certificate to use based on the hostname specified by the connecting client. The MinIO Operator can attach additional TLS certificates to the Tenant to enable SNI-based TLS connectivity.
To customize the TLS certificates mounted on the MinIO Tenant, enable the
Custom Certificatesswitch. Select theAdd Certificate +button to add custom TLS certificates. - Add Trusted Certificate Authorities
-
The MinIO Tenant validates the TLS certificate presented by each connecting client against the host system's trusted root certificate store. The MinIO Operator can attach additional third-party Certificate Authorities (CA) to the Tenant to allow validation of client TLS certificates signed by those CAs.
To customize the trusted CAs mounted to each Tenant MinIO pod, enable the
Custom Certificatesswitch. Select theAdd CA Certificate +button to add third party CA certificates.If the MinIO Tenant cannot match an incoming client's TLS certificate issuer against either the container OS's trust store or an explicitly attached CA, MinIO rejects the connection as invalid.
Decommission a Tenant Server Pool
STUB: ToDo