Skip to content

EOEPCA+ MinIO Deployment Guide⚓︎

MinIO is a high-performance object storage system that’s compatible with the Amazon S3 API. In the EOEPCA+ ecosystem, MinIO serves as the object storage backend for various services, including user workspaces and data storage needs.

This guide provides instructions to deploy MinIO in your Kubernetes cluster.


Table of Contents⚓︎

  1. Introduction
  2. Prerequisites
  3. Deployment Steps
  4. Validation
  5. Uninstallation
  6. Further Reading
  7. Feedback

Introduction⚓︎

MinIO provides a scalable and high-performance object storage solution that’s compatible with AWS S3 APIs. It’s used within the EOEPCA+ platform to store and manage data securely.


Prerequisites⚓︎

Before you begin, make sure you have the following:

Component Requirement Documentation Link
Kubernetes Cluster (tested on v1.28) Installation Guide
Helm Version 3.5 or newer Installation Guide
kubectl Configured for cluster access Installation Guide
Ingress Properly installed Ingress Controller Setup Guide
TLS Certificates Managed via cert-manager or manually TLS Certificate Management Guide

Clone the Deployment Guide Repository:

git clone -b 2.0-beta https://github.com/EOEPCA/deployment-guide
cd deployment-guide/scripts/minio

Validate your environment:

Run the validation script to ensure all prerequisites are met:

bash check-prerequisites.sh

Deployment Steps⚓︎

1. Configure MinIO⚓︎

Run the configuration script:

bash configure-minio.sh

During the script execution, you will be prompted for:

  • INGRESS_HOST: Base domain for ingress hosts.
  • Example: example.com
  • CLUSTER_ISSUER (if using cert-manager): Name of the ClusterIssuer.
  • Example: letsencrypt-prod
  • STORAGE_CLASS: Storage class for persistent volumes.
  • Example: default

Important Notes:

  • If you choose not to use cert-manager, you will need to create the TLS secrets manually before deploying.
  • The required TLS secret names are:
    • minio-tls
    • minio-console-tls
  • For instructions on creating TLS secrets manually, please refer to the Manual TLS Certificate Management section in the TLS Certificate Management Guide.

2. Deploy MinIO⚓︎

Install MinIO using Helm:

helm install minio minio \
  --version 5.2.0 \
  --values server/generated-values.yaml \
  --repo https://charts.min.io/ \
  --namespace minio \
  --create-namespace

3. Create Access Keys⚓︎

Access the MinIO Console to create access keys:

  1. Navigate to https://console.minio.<your-domain>/access-keys/new-account
  2. Log in using the MinIO User (user) and MinIO Password generated during the configuration step.
  3. Click Create to generate new access keys.
  4. Note down or download the Access Key and Secret Key.

Run the following script to save these keys to your EOEPCA+ state file:

bash ./apply-secrets.sh

By saving these keys to the EOEPCA+ state file, the credentials will be automatically set during the deployment of S3-integrated Building Blocks.

4. Deploy MinIO Bucket API⚓︎

The MinIO Bucket API allows other components to create buckets programmatically.

helm install minio-bucket-api rm-minio-bucket-api \
  --version 0.0.4 \
  --values api/generated-values.yaml \
  --repo https://eoepca.github.io/helm-charts \
  --namespace minio

Validation⚓︎

Automated Validation:

bash validation.sh

Manual Validation:

  1. Check Kubernetes Resources:
kubectl get all -n minio
  1. Access Dashboard:
https://console.minio.<your-domain>
  1. Log In:

Use the credentials generated during the configuration step:

  • Username: user
  • Password: (the password generated by the script)
  1. Verify Buckets:

Once logged in, you should see any existing buckets. If none are present, you can create a new bucket to test functionality.


Uninstallation⚓︎

To remove MinIO and associated resources:

  1. Uninstall MinIO:
helm uninstall minio
  1. Uninstall MinIO Bucket API:
helm uninstall minio-bucket-api
  1. Delete Secrets and PVCs:
kubectl delete secret minio-auth -n minio
kubectl delete pvc -n minio --all

Further Reading⚓︎


Feedback⚓︎

If you have any issues or suggestions, please open an issue on the EOEPCA+ Deployment Guide Repository.