Version: Next

Microk8s + Local Minio


We are only providing this guide as a reference. Due to the complexity of different installations, we can only provide open source support for clusters running Ubuntu 20.04 or higher as host OS on a local cluster.

Please visit our Website and contact us for other bare metal installation options.

  • Make sure you have Microk8s installed before proceeding.
  • Enable storage with sudo microk8s enable storage
  • This process should be completed before you launch Onepanel.

Sometimes you don't want to use cloud storage and use your local machine instead. To achieve this, you can run MinIO locally.

Install MinIO

  1. Install krew

    Make sure to add it to your path

    export PATH="${PATH}:${HOME}/.krew/bin"
  2. Then run the following command to install the MinIO Operator and Plugin:

    microk8s kubectl krew update
    microk8s kubectl krew install minio
  3. Generate a yaml file so we can initialize the operator:

    microk8s kubectl minio init --output > minio_init.yaml
  4. Then, apply the generated yaml file to Microk8s

    microk8s kubectl apply -f minio_init.yaml

Create a New Tenant


The namespace used for MinIO tenants should be the same as the one you use for Onepanel. This is the application.defaultNamespace value in your params.yaml

  1. To create a tenant we must first create a namespace.

    microk8s kubectl create ns example
  2. Then create a file called minio-tenant.yaml and fill it with the content below.

    ## Secret to be used as MinIO Root Credentials
    apiVersion: v1
    kind: Secret
    namespace: example # your namespace here
    name: minio-autocert-no-encryption-minio-creds-secret
    type: Opaque
    ## Access Key for MinIO Tenant, base64 encoded (echo -n 'minio' | base64)
    accesskey: bWluaW8=
    ## Secret Key for MinIO Tenant, base64 encoded (echo -n 'minio123' | base64)
    secretkey: bWluaW8xMjM=
    ## Secret to be used for MinIO Console
    apiVersion: v1
    kind: Secret
    namespace: example # your namespace here
    name: minio-autocert-no-encryption-console-secret
    type: Opaque
    ## Passphrase to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
    ## Salt to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)
    ## MinIO User Access Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLEACCESS' | base64)
    ## MinIO User Secret Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLESECRET' | base64)
    ## MinIO Tenant Definition
    kind: Tenant
    namespace: example # your namespace here
    name: minio-autocert-no-encryption
    ## Optionally pass labels to be applied to the statefulset pods
    app: minio-autocert-no-encryption-minio
    ## Annotations for MinIO Tenant Pods
    annotations: /minio/v2/metrics/cluster "9000" "true"
    ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.
    ## If not specified, the Tenant pods will be dispatched by default scheduler.
    # scheduler:
    # name: my-custom-scheduler
    ## Registry location and Tag to download MinIO Server image
    image: minio/minio:RELEASE.2021-08-17T20-53-08Z
    imagePullPolicy: IfNotPresent
    ## Secret with credentials to be used by MinIO Tenant.
    ## Refers to the secret object created above.
    name: minio-autocert-no-encryption-minio-creds-secret
    ## Specification for MinIO Pool(s) in this Tenant.
    - servers: 1
    volumesPerServer: 4
    name: data
    - ReadWriteOnce
    storage: 10Gi # your storage here
    ## Mount path where PV will be mounted inside container(s).
    mountPath: /data
    ## Sub path inside Mount path where MinIO stores data.
    # subPath: /data
    ## Enable automatic Kubernetes based certificate generation and signing as explained in
    requestAutoCert: false
    ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName
    ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is
    ## not provided. DNS name format is *.minio.default.svc.cluster.local
    commonName: ""
    organizationName: []
    dnsNames: []
    ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"
    ## Refer
    ## for details.
    podManagementPolicy: Parallel
    ## Add environment variables to be set in MinIO container (
    # env:
    # - name: MINIO_BROWSER
    # value: "off" # to turn-off browser
    # value: "EC:2"
    ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.
    ## This is applied to MinIO pods only.
    ## Refer Kubernetes documentation for details
    # priorityClassName: high-priority

    In the above file, change the namespace to be your namespace. Also, make sure to set the storage value to however much space you want to give the tenant. Keep in mind it creates 4 volumes, so it's storage * 4.

    Apply the configuration:

    microk8s kubectl apply -f minio-tenant.yaml
  3. Make sure everything is running

    microk8s kubectl get pods -A

    The output should look similar to this:

    minio-operator minio-operator-c4cc8db47-mrpnc 1/1 Running 0 11m
    minio-operator console-5f978bcbdf-d2wmn 1/1 Running 0 11m
    example minio-autocert-no-encryption-ss-0-0 1/1 Running 0 29s
    example minio-autocert-no-encryption-console-7887db8b54-n8nvg 1/1 Running 0 2s
    example minio-autocert-no-encryption-console-7887db8b54-brvkq 1/1 Running 0 2s

Create a bucket


This example uses the following credentials:
Accesskey: minio
Secretkey: minio123

  1. Download MinIO client:

    chmod +x mc
    sudo mv ./mc /usr/local/bin/mc
  2. Get the endpoint for MinIO:

    microk8s kubectl get endpoints -A
    example minio 6m46s
  3. Create a MinIO client alias:

    mc alias set minio minio minio123
  4. You can then proceed to create the bucket by running:

    mc mb minio/mybucket
  5. Verify if bucket was successfully created by running:

    mc ls minio
    [2021-06-18 18:55:32 UTC] 0B mybucket/

Onepanel Configuration

  1. Set the --artifact-repository-provider flag to s3

    For example

    opctl init --provider microk8s \
    --enable-metallb \
    --artifact-repository-provider s3
  2. Params configuration

    In your params.yaml use the following for the artifactRepository configuration

    # S3 access key
    accessKey: 'minio'
    # Name of bucket, example: my-bucket
    bucket: 'mybucket' # Your bucket here
    endpoint: 'minio.example.svc.cluster.local' # replace `example` with your namespace
    publicEndpoint: # The IP address from minio
    # Change to true if endpoint does NOT support HTTPS
    insecure: true
    # Key Format for objects stored by Workflows. This can reference Workflow variables
    keyFormat: artifacts/{{workflow.namespace}}/{{}}/{{}}
    # Bucket region, this can be anything since it is running locally
    region: us-west-2
    # S3 secret key
    secretKey: 'minio123'