Skip to content
Documentation

MinIO on Management Kubernetes Cluster Installation

🟢 Management

MinIO is an S3-Compatible Object Storage Service.

MinIO will be installed on 🟢 Management Kubernetes Cluster for these Object Storage utilization.

  • Opstella: Storing Opstella Web Assets
  • GitLab
    • Backup Location
    • Cache for GitLab Runners
  • Harbor (Artifact Registry): Storing Artifacts (Container Images/Helm Charts/etc.)
  • Vault: Storing Unseal Key, Root Token after initialised
  • Mimir: Metrics Storage
  • Loki: Logs Storage
  • Tempo: Trace Storage
  • Velero: Kubernetes Cluster Backup Location

Kubernetes Cluster Prerequisites

Section titled “Kubernetes Cluster Prerequisites”
  • 🛡️TLS Certificate for MinIO (Management Cluster)
    • MinIO (Management Cluster) will be exposed through Web with HTTPS with Kubernetes Ingress configured with TLS Certificate located within Kubernetes Cluster.
  • 💿Persistence Storage Access for MinIO (Management Cluster)
    • On Kubernetes when requesting for a PVC, will request with Storage Class (StorageClass Kubernetes Resource) specified.

Installation Summary

Section titled “Installation Summary”
No.ToolDescriptionKubernetes NamespaceKubernetes Cluster
1.MinIOS3-Compatible Object Storage Serviceapps-supporting-services
🟢 Management

Complete Prerequisites

Section titled “Complete Prerequisites”

Kubernetes Clusters

Section titled “Kubernetes Clusters”

  1. Connect to 🟢 Management Kubernetes Cluster ; i.e w/ Kubeconfig File

    Ensure you have defined and loaded your Global Shell Variables as described in Shell Variables.

    Terminal window
    source $HOME/opstella-installation/shell-values/kubernetes/management_cluster.vars.sh
    Terminal window
    export KUBECONFIG="$HOME/opstella-installation/kubeconfigs/management_cluster.yaml"

  2. Create Kubernetes Namespace apps-supporting-services

    Terminal window
    kubectl create namespace apps-supporting-services

  3. Create Kubernetes Secret for TLS Certificate in Namespace apps-supporting-services. (If you not have it done.)

    Ensure K8S_INTERNAL_DOMAIN, K8S_INGRESSCLASS_NAME, K8S_STORAGECLASS_NAME, and K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME are defined as per the Shell Variables guide.

    Create one using from .crt and .key file.

    Terminal window
    kubectl create secret tls $K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME \
      --cert=/path/to/cert/file --key=/path/to/key/file \
      --namespace apps-supporting-services

  4. Prepare 🟢 Management Kubernetes Cluster Information

    Ensure K8S_INTERNAL_DOMAIN, K8S_INGRESSCLASS_NAME and K8S_STORAGECLASS_NAME are defined as per the Shell Variables guide.

Installation Preparations

Section titled “Installation Preparations”

MinIO Preparation

Section titled “MinIO Preparation”

  1. Create MinIO Initial Admin Credentials with Kubernetes Secret

    • Username: admin
    • Password: CHANGEME
    export MINIO_DSO_PASSWORD="CHANGEME"

    Create Kubernetes Secret

    You will be creating Kubernetes Secret named minio-credentials

    (DO NOT CHANGE, unless you understand what it is.)

    export MINIO_ADMIN_CREDENTIALS_EXISTING_SECRET_NAME="minio-credentials"
    Terminal window
    kubectl apply --namespace apps-supporting-services -f - <<EOF
    apiVersion: v1
    kind: Secret
    type: Opaque
    metadata:
      name: ${MINIO_ADMIN_CREDENTIALS_EXISTING_SECRET_NAME}
    stringData:
      root-user: admin
      root-password: ${MINIO_DSO_PASSWORD}
    

    EOF

  2. Create Helm Values Configuration: Fundamental Configuration

    Set MinIO on Management Entrypoint Domains

    export MINIO_CONSOLE_DOMAIN="minio.${BASE_DOMAIN}"
    export MINIO_API_DOMAIN="minio-api.${BASE_DOMAIN}"
    Terminal window
    cat <<EOF > $HOME/opstella-installation/helm-values/minio-mangement-full-values.yaml
    # Kubernetes: Fundamental configurations
    global:
      # Kubernetes/Application: Application Persistence
      storageClass: ${K8S_STORAGECLASS_NAME}
    clusterDomain: ${K8S_INTERNAL_DOMAIN}
    

    # Application: Authentication
    auth:
      existingSecret: ${MINIO_ADMIN_CREDENTIALS_EXISTING_SECRET_NAME}
    

    # Application: Enable MinIO Web UI
    disableWebUI: false
    

    # Kubernetes: Expose MinIO/MinIO API via Ingress
    ingress:
      enabled: true
      ingressClassName: ${K8S_INGRESSCLASS_NAME}
      hostname: ${MINIO_CONSOLE_DOMAIN}
      annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
        ingress.kubernetes.io/proxy-body-size: "0"
      tls: true
      extraTls:
        - hosts:
            - ${MINIO_CONSOLE_DOMAIN}
          secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}
      selfSigned: false
    apiIngress:
      enabled: true
      ingressClassName: ${K8S_INGRESSCLASS_NAME}
      hostname: ${MINIO_API_DOMAIN}
      annotations:
        nginx.ingress.kubernetes.io/proxy-body-size: "0"
        ingress.kubernetes.io/proxy-body-size: "0"
      tls: true
      extraTls:
        - hosts:
            - ${MINIO_API_DOMAIN}
          secretName: ${K8S_INGRESS_TLS_CERTIFICATE_SECRET_NAME}
      selfSigned: false
    

    EOF

  3. Create Helm Values Configuration: Specify Resource Requests/Limits Preset Configuration

    For MinIO to be able to handle big files and multiple connections, resourcesPreset must be set; This is only provided by Bitnami Helm Chart.

    For starter, it is recommended to use large but can be larger (See Default Helm Values for larger preset/valid preset name)

    Terminal window
    cat <<EOF > $HOME/opstella-installation/helm-values/minio-mangement-full-values.yaml
    # Application: Give a default Resources Preset
    resourcesPreset: large
    

    EOF

  4. Create Helm Values Configuration: Specify MinIO Operation Mode (Choose One that fits to your Environment)

    Difference MinIO Operation Mode will affect the way to pre-provisioning Buckets.

    • standalone is without High Availability, fit for PoC-ing or Minimal Persistence Storage Performance
    Terminal window
    cat <<EOF > $HOME/opstella-installation/helm-values/minio-mangement-full-values.yaml
    mode: standalone
    defaultBuckets: "
      opstella-web:public;
      harbor;
      vault;
      k8s-velero-backups;
      gitlab-backups;
      gitlab-ci-caches;
      grafana-loki-chunks;
      grafana-loki-ruler;
      grafana-mimir-tsdb;
      grafana-mimir-ruler;
      grafana-mimir-alertmanager;
      grafana-tempo-tsdb;
      "
    EOF
    • distributed is with High Availability but requires High Persistence Storage Performance ; Recommended
    Terminal window
    cat <<EOF > $HOME/opstella-installation/helm-values/minio-mangement-full-values.yaml
    mode: distributed
    provisioning:
      enabled: true
      ## OPSTELLA_CUSTOMIZE: Using `buckets` value often cause exhaustion to MinIO, Give it a pause (sleep) to alleviate
      buckets: []
      extraCommands:
        - "mc mb provisioning/vault --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/harbor --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/opstella-web --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/k8s-velero-backups --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/gitlab-backups --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/gitlab-ci-caches --ignore-existing"
        - "sleep 5"
        - "mc anonymous set public provisioning/opstella-web"
        - "sleep 5"
        - "mc mb provisioning/grafana-loki-chunks --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/grafana-loki-ruler --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/grafana-mimir-tsdb --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/grafana-mimir-alertmanager --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/grafana-mimir-ruler --ignore-existing"
        - "sleep 5"
        - "mc mb provisioning/grafana-tempo-tsdb --ignore-existing"
        - "sleep 5"
    

    EOF

Installation

Section titled “Installation”

  1. Install MinIO Helm Release on 🟢 Management Kubernetes Cluster

    • Install a Helm Release with specific Helm Chart Version --version 15.0.7 (App Version: 2025.3.12)
    Terminal window
    helm install minio oci://registry-1.docker.io/bitnamicharts/minio --version 15.0.7 \
      --namespace apps-supporting-services \
      -f $HOME/opstella-installation/helm-values/minio-mangement-full-values.yaml

Post-Installation

Section titled “Post-Installation”

MinIO Testing

Section titled “MinIO Testing”

  1. Get Pod Status - MinIO

    Terminal window
    kubectl get pods -n apps-supporting-services

    MinIO should be Running (shown is in distributed mode)

    NAME                 READY   STATUS    RESTARTS   AGE
    ... (deducted)
    minio-0              1/1     Running   0          XdXh
    minio-1              1/1     Running   0          XdXh
    minio-2              1/1     Running   0          XdXh
    minio-3              1/1     Running   0          XdXh

  2. Visit https://minio.${BASE_DOMAIN}

    • It should be accessible.
    • TLS Certificate should be valid and coresponding to your TLS Certificate Installed

  3. Login with Users

    • Try to login with Initial Admin Credentials (admin/$MINIO_DSO_PASSWORD)

    • Should be able to get into bucket management interface

  4. MinIO API Testing

    • Try to access to https://minio.${BASE_DOMAIN}/vault URL
    • Should return an XML-style message
      • Accessing either existing or non-existing bucket ; just expecting a systematic result in XML.
      • Testing Read/Write Operations will be done in Configuration section.

Finished?

Use the below navigation to proceed