minio/docs

mirror of https://github.com/minio/docs.git synced 2025-10-25 09:17:37 +03:00

Files

Ravind Kumar 571f188a4e Attempting to reduce docs to single platform (#1258 )

##

We are going to make the following changes to the Object Store docs as
part of a larger QC/Content pass:

### Left Navigation

We want to modify the left navigation flow to be a natural progression
from a basic setup to more advanced.

For example:

- Core Concepts
  - Deployment Architecture
  - Availability and Resiliency
  - Erasure Coding and Object Healing
  - Object Scanner
  - Site Replication and Failover
  - Thresholds and Limits
- Installation
  - Deployment Checklist
  - Deploy MinIO on Kubernetes
  - Deploy MinIO on Red Hat Linux
  - Deploy MinIO on Ubuntu Linux
  - Deploy MinIO for Development (MacOS, Windows, Container)
- Security and Encryption (Conceptual Overview)
  - Network Encryption (TLS) (Conceptual overview)
    - Enable Network Encryption using Single Domain
    - Enable Network Encryption using Multiple Domains
    - Enable Network Encryption using certmanager (Kubernetes only)
  - Data Encryption (SSE) (Conceptual overview)
    - Enable SSE using AIStor Key Management Server
    - Enable SSE using KES (Summary page + linkouts)
  - External Identity Management (Conceptual Overview)
    - Enable External Identity management using OpenID
    - Enable External Identity management using AD/LDAP
- Backup and Recovery
  - Create a Multi-Site Replication Configuration
  - Recovery after Hardware Failure
    - Recover after drive failure
    - Recover after node failure
    - Recover after site failure
- Monitoring and Alerts
  - Metrics and Alerting (v3 reference)
    - Monitoring and Alerting using Prometheus
    - Monitoring and Alerting using InfluxDB
    - Monitoring and Alerting using Grafana
    - Metrics V2 Reference
  - Publish Server and Audit Logs to External Services
  - MinIO Healthcheck API

The Administration, Developer, and Reference sections will remain as-is
for now.

http://192.241.195.202:9000/staging/singleplat/mindocs/index.html

# Goals

Maintaining multiple platforms is getting to be too much, and based on
analytics the actual number of users taking advantage of it is minimal.

Furthermore, the majority of traffic is to installation pages.

Therefore we're going to try to collapse back into a single MinIO Object
Storage product, and use simple navigation and on-page selectors to
handle Baremetal vs Kubernetes.

This may also help to eventually stage us to migrate to Hugo + Markdown

---------

Co-authored-by: Daryl White <53910321+djwfyi@users.noreply.github.com>
Co-authored-by: Rushan <rushenn@minio.io>
Co-authored-by: rushenn <rushenn123@gmail.com>

2025-07-30 12:33:02 -04:00

16 KiB

Raw Blame History

Deploy a MinIO Tenant with Helm Charts

minio

Table of Contents

Overview

Helm is a tool for automating the deployment of applications to Kubernetes clusters. A Helm chart is a set of YAML files, templates, and other files that define the deployment details. The following procedure uses a Helm Chart to deploy a Tenant managed by the MinIO Operator.

This procedure requires the Kubernetes cluster have a valid Operator <deploy-operator-kubernetes> deployment. You cannot use the MinIO Operator Tenant chart to deploy a Tenant independent of the Operator.

Important

The MinIO Operator Tenant Chart is distinct from the community-managed MinIO Chart <minio/tree/master/helm/minio>.

The Community Helm Chart is built, maintained, and supported by the community. MinIO does not guarantee support for any given bug, feature request, or update referencing that chart.

The Operator Tenant Chart <minio-tenant-chart-values> is officially maintained and supported by MinIO. MinIO strongly recommends the official Helm Chart for Operator <minio-operator-chart-values> and Tenants <minio-tenant-chart-values> for production environments.

Prerequisites

You must meet the following requirements to install a MinIO Tenant with Helm:

An existing Kubernetes cluster
The kubectl CLI tool on your local host with version matching the cluster.
Helm version 3.8 or greater.
yq version 4.18.1 or greater.
An existing MinIO Operator installation <deploy-operator-kubernetes>.

This procedure assumes your Kubernetes cluster access grants you broad administrative permissions.

For more about Tenant installation requirements, including supported Kubernetes versions and TLS certificates, see the Tenant deployment prerequisites <minio-hardware-checklist-storage>.

This procedure assumes familiarity the with referenced Kubernetes concepts and utilities. While this documentation may provide guidance for configuring or deploying Kubernetes-related resources on a best-effort basis, it is not a replacement for the official Kubernetes Documentation <>.

Namespace

The tenant must use its own namespace and cannot share a namespace with another tenant. In addition, MinIO strongly recommends using a dedicated namespace for the tenant with no other applications running in the namespace.

Deploy a MinIO Tenant using Helm Charts

The following procedure deploys a MinIO Tenant using the MinIO Operator Chart Repository. This method supports a simplified installation path compared to the local chart installation <deploy-tenant-helm-local>.

The following procedure uses Helm to deploy a MinIO Tenant using the official MinIO Tenant Chart.

Important

If you use Helm to deploy a MinIO Tenant, you must use Helm to manage or upgrade that deployment. Do not use kubectl krew, Kustomize, or similar methods to manage or upgrade the MinIO Tenant.

This procedure is not exhaustive of all possible configuration options available in the Tenant Chart <minio-tenant-chart-values>. It provides a baseline from which you can modify and tailor the Tenant to your requirements.

Verify your MinIO Operator Repo Configuration

MinIO maintains a Helm-compatible repository at https://operator.min.io. If the repository does not already exist in your local Helm configuration, add it before continuing:

helm repo add minio-operator https://operator.min.io

You can validate the repo contents using helm search:

helm search repo minio-operator

The response should resemble the following:

NAME                            CHART VERSION   APP VERSION     DESCRIPTION                    
minio-operator/minio-operator   4.3.7           v4.3.7          A Helm chart for MinIO Operator
minio-operator/operator         |operator-version-stable|           v|operator-version-stable|          A Helm chart for MinIO Operator
minio-operator/tenant           |operator-version-stable|           v|operator-version-stable|          A Helm chart for MinIO Operator

Create a local copy of the Helm values.yaml for modification
```
curl -sLo values.yaml https://raw.githubusercontent.com/minio/operator/master/helm/tenant/values.yaml
```
Open the values.yaml object in your preferred text editor.

Configure the Tenant topology

The following fields share the tenant.pools[0] prefix and control the number of servers, volumes per server, and storage class of all pods deployed in the Tenant:

Field	Description
`servers`	The number of MinIO pods to deploy in the Server Pool.
`volumesPerServer`	The number of persistent volumes to attach to each MinIO pod (`servers`). The Operator generates `volumesPerServer x servers` Persistant Volume Claims for the Tenant.
`storageClassName`	The Kubernetes storage class to associate with the generated Persistent Volume Claims. If no storage class exists matching the specified value or if the specified storage class cannot meet the requested number of PVCs or storage capacity, the Tenant may fail to start.
`size`	The amount of storage to request for each generated PVC.

Configure Tenant Affinity or Anti-Affinity

The Tenant Chart supports the following Kubernetes Selector, Affinity and Anti-Affinity configurations:
- Node Selector (tenant.nodeSelector)
- Node/Pod Affinity or Anti-Affinity (spec.pools[n].affinity)
MinIO recommends configuring Tenants with Pod Anti-Affinity to ensure that the Kubernetes schedule does not schedule multiple pods on the same worker node.

If you have specific worker nodes on which you want to deploy the tenant, pass those node labels or filters to the nodeSelector or affinity field to constrain the scheduler to place pods on those nodes.

Configure Network Encryption

The MinIO Tenant CRD provides the following fields with which you can configure tenant TLS network encryption:

Field	Description
`tenant.certificate.requestAutoCert`	Enable or disable MinIO `automatic TLS certificate generation <minio-tls>`. Defaults to `true` or enabled if omitted.
`tenant.certificate.certConfig`	Customize the behavior of `automatic TLS <minio-tls>`, if enabled.
`tenant.certificate.externalCertSecret`	Enable TLS for multiple hostnames via Server Name Indication (SNI). Specify one or more Kubernetes secrets of type `kubernetes.io/tls` or `cert-manager`.
`tenant.certificate.externalCACertSecret`	Enable validation of client TLS certificates signed by unknown, third-party, or internal Certificate Authorities (CA). Specify one or more Kubernetes secrets of type `kubernetes.io/tls` containing the full chain of CA certificates for a given authority.

Configure MinIO Environment Variables

You can set MinIO Server environment variables using the tenant.configuration field.

Field Description

Field	Description
`tenant.configuration`	Specify a Kubernetes opaque secret whose data payload `config.env` contains each MinIO environment variable you want to set. The `config.env` data payload must be a base64-encoded string. You can create a local file, set your environment variables, and then use `cat LOCALFILE \| base64` to create the payload.

tenant.configuration

Specify a Kubernetes opaque secret whose data payload config.env contains each MinIO environment variable you want to set.

The config.env data payload must be a base64-encoded string. You can create a local file, set your environment variables, and then use cat LOCALFILE | base64 to create the payload.

The YAML includes an object kind: Secret with metadata.name: storage-configuration that sets the root username, password, erasure parity settings, and enables Tenant Console.

Modify this as needed to reflect your Tenant requirements.

Deploy the Tenant

Use helm to install the Tenant Chart using your values.yaml as an override:

helm install \
--namespace TENANT-NAMESPACE \
--create-namespace \
--values values.yaml \
TENANT-NAME minio-operator/tenant

You can monitor the progress using the following command:

watch kubectl get all -n TENANT-NAMESPACE

Expose the Tenant MinIO S3 API port

To test the MinIO Client mc from your local machine, forward the MinIO port and create an alias.
- Forward the Tenant's MinIO port:
```
kubectl port-forward svc/TENANT-NAME-hl 9000 -n TENANT-NAMESPACE
```
- Create an alias for the Tenant service:
```
mc alias set myminio https://localhost:9000 minio minio123 --insecure
```
You can use mc mb to create a bucket on the Tenant:
```
mc mb myminio/mybucket --insecure
```
If you deployed your MinIO Tenant using TLS certificates minted by a trusted Certificate Authority (CA) you can omit the --insecure flag.

See create-tenant-connect-tenant for additional documentation on external connectivity to the Tenant.

Deploy a Tenant using a Local Helm Chart

The following procedure deploys a Tenant using a local copy of the Helm Charts. This method may support easier pre-configuration of the Tenant compared to the repo-based installation <deploy-tenant-helm-repo>.

Download the Helm charts

On your local host, download the Tenant Helm charts to a convenient directory:
```
curl -O https://raw.githubusercontent.com/minio/operator/master/helm-releases/tenant-|operator-version-stable|.tgz
```
Each chart contains a values.yaml file you can customize to suit your needs. For details on the options available in the MinIO Tenant values.yaml, see minio-tenant-chart-values.

Open the values.yaml object in your preferred text editor.