Configuring Minio during IBM Cloud Private installation
Configure Minio when you install your IBM® Cloud Private cluster.
Complete these steps to configure Minio:
-
Enable Minio storage. Set
storage-minio: enabled
under the management services list in the/<installation_directory>/cluster/config.yaml
file.management_services: istio: disabled vulnerability-advisor: disabled storage-glusterfs: disabled storage-minio: enabled
-
Add the following piece of code to the
config.yaml
file:
storage-minio:
mode: standalone
accessKey: "admin"
secretKey: "admin1234"
minioAccessSecret: "minio-secret"
configPath: "/minio/.minio/"
mountPath: "/export"
replica: 4
persistence:
enabled: false
useDynamicProvisioning: false
storageClass: standard
accessMode: ReadWriteOnce
size: 10Gi
service:
type: ClusterIP
loadBalancerIP: None
port: 9000
nodePort: 31311
prometheusEnable: false
prometheusPath: '/minio/prometheus/metrics'
prometheusPort: '9000'
ingress:
enabled: false
annotations: {}
path: /
hosts: ""
tls: []
tls:
enabled: false
type: "cert-manager-generated"
minioTlsSecret: ""
issuerRef:
name: "icp-ca-issuer"
kind: "ClusterIssuer"
clusterDomain: "cluster.local"
nodeSelector: ""
tolerations: ""
Following are the descriptions of the parameters that are required for a simple configuration. For an advanced configuration, see the complete list of available parameters: Minio .
mode
is the Minio server mode. Valid options arestandalone
ordistributed
.accessKey
is the access key of the Minio server. The key must be 5 - 20 characters.secretKey
is the secret key of the Minio server. The key must be 8 - 40 characters.minioAccessSecret
is the name of the Kubernetes secret object.
Note: You can configure this parameter only if you are configuring Minio after IBM Cloud Private is installed.configPath
is the location of the default configuration file.mountPath
is the default mount path for the persistent drive.replica
is the number of Minio nodes. This parameter is applicable only to the Minio distributed mode. The value must be4 - 32
nodes.persistence.enabled
is to set whether persistent volume is used to store data.persistence.useDynamicProvisioning
is to set whether the persistent volume claim (PVC) uses a storage class to bind the volume.persistence.storageClass
is the name of the storage Class to bind the PVC. Specify a storage class name if you set thepersistence.useDynamicProvisioning
totrue
.persistence.accessMode
sets the access mode. Valid options areReadWriteOnce
orReadOnly
.persistence.size
is the size of the PVC to be created by using a storage class.service.type
is the Kubernetes service type. Allowed values areClusterIP
,LoadBalancer
, orNodePort
.service.clusterIP
is the Kubernetes service cluster IP address. The default cluster IP address is used if you setservice:type
parameter toClusterIP
. You can specify another IP address, if required.service.loadBalancerIP
is the Kubernetes service load balancer IP address. The default load balancer IP address is used if you setservice.type
parameter toloadBalancer
. You can specify another IP address, if required.service.port
is the Kubernetes port on which the service is exposed. Default value is9000
.service.nodePort
exposes the service on the IP address of the node at a static port. Default value is31311
.service.prometheusEnable
enables Prometheus scrape. Default value isfalse
.service.prometheusPath
is the metrics path. Default value is/minio/prometheus/metrics
.service.prometheusPort
is the port for scraping metrics. Default value is9000
.ingress.enabled
enables ingress controller.ingress.annotations
are annotation for ingress. For example,{kubernetes.io/ingress.class: nginx, kubernetes.io/tls-acme: "true"}
.ingress.path
is the path of the ingress controller. Default value is/
.ingress.hosts
are host names that are accepted by the ingress controller. For example,["chart-example1.local", "chart-example2.local"]
.ingress.tls
is the TLS configuration of the ingress controller. For example,[{"secretName": "chart-example-tls", "hosts": ["chart-example.local", "chart-example.local"]}]
.tls.enabled
enables Minio server with TLS certificates when set totrue
. Default value isfalse
.tls.type
is for specifying whether a chart must autogenerate a TLS certificate by using cert-manager issuer or use the one that you provide. The valid values areprovided
andcert-manager-generated
. If you are providing the certificate, you must create a secret that contains a private key, TLS certificate, and a certificate authority (CA) certificate. You provide the secret name in thetls.minioTlsSecret
parameter.tls.minioTlsSecret
is the secret that you create and contains a private key (key private.key), TLS certificate (key public.crt), and a CA certificate (key ca.crt) to configure the Minio server with TLS certificates. You must create and specify the secret in the same namespace where you are deploying the chart. Use this parameter if you settls.type
toprovided
.tls.issuerRef.name
is the name of ClusterIssuer or Issuer from whom the signed x509 certificate is obtained. You must specify this value if you specified the value oftls.type
ascert-manager-generated
.tls.issuerRef.kind
is the kind of CA from whom the signed x509 certificate is obtained. Valid values areClusterIssuer
andIssuer
. You must specify this value if you specified the value oftls.type
ascert-manager-generated
.tls.clusterDomain
is the cluster domain name that is used to generate a certificate by using cert-manager. Specify your cluster domain name here. This parameter is applicable whentls.type
is set ascert-manager-generated
.nodeSelector
is adding node labels for pod assignment. Add labels as {"key":"value"} pair. For example, {"role": "minio-node"}.tolerations
are toleration labels for pod assignment. Add labels as {"key":"value"} pair. For example, [{"operator":"Equal"}, {"effect":"NoSchedule"}].
Configuration of Minio is complete. Proceed with the IBM Cloud Private installation.