Microk8s + Local Minio
important
We are only providing this guide as a reference. Due to the complexity of different installations, we can only provide open source support for clusters running Ubuntu 20.04 or higher as host OS on a local cluster.
Please visit our Website and contact us for other bare metal installation options.
note
- Make sure you have Microk8s installed before proceeding.
- Enable storage with
sudo microk8s enable storage
- This process should be completed before you launch Onepanel.
Sometimes you don't want to use cloud storage and use your local machine instead. To achieve this, you can run MinIO locally.
Install MinIO
Install krew
Make sure to add it to your path
export PATH="${PATH}:${HOME}/.krew/bin"Then run the following command to install the MinIO Operator and Plugin:
microk8s kubectl krew updatemicrok8s kubectl krew install minioGenerate a yaml file so we can initialize the operator:
microk8s kubectl minio init --output > minio_init.yamlThen, apply the generated yaml file to Microk8s
microk8s kubectl apply -f minio_init.yaml
Create a New Tenant
note
The namespace used for MinIO tenants should be the same as the one you use for Onepanel.
This is the application.defaultNamespace
value in your params.yaml
To create a tenant we must first create a namespace.
microk8s kubectl create ns exampleThen create a file called
minio-tenant.yaml
and fill it with the content below.## Secret to be used as MinIO Root CredentialsapiVersion: v1kind: Secretmetadata:namespace: example # your namespace herename: minio-autocert-no-encryption-minio-creds-secrettype: Opaquedata:## Access Key for MinIO Tenant, base64 encoded (echo -n 'minio' | base64)accesskey: bWluaW8=## Secret Key for MinIO Tenant, base64 encoded (echo -n 'minio123' | base64)secretkey: bWluaW8xMjM=---## Secret to be used for MinIO ConsoleapiVersion: v1kind: Secretmetadata:namespace: example # your namespace herename: minio-autocert-no-encryption-console-secrettype: Opaquedata:## Passphrase to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)CONSOLE_PBKDF_PASSPHRASE: U0VDUkVU## Salt to encrypt jwt payload, base64 encoded (echo -n 'SECRET' | base64)CONSOLE_PBKDF_SALT: U0VDUkVU## MinIO User Access Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLEACCESS' | base64)CONSOLE_ACCESS_KEY: WU9VUkNPTlNPTEVBQ0NFU1M=## MinIO User Secret Key (used for Console Login), base64 encoded (echo -n 'YOURCONSOLESECRET' | base64)CONSOLE_SECRET_KEY: WU9VUkNPTlNPTEVTRUNSRVQ=---## MinIO Tenant DefinitionapiVersion: minio.min.io/v2kind: Tenantmetadata:namespace: example # your namespace herename: minio-autocert-no-encryption## Optionally pass labels to be applied to the statefulset podslabels:app: minio-autocert-no-encryption-minio## Annotations for MinIO Tenant Podsannotations:prometheus.io/path: /minio/v2/metrics/clusterprometheus.io/port: "9000"prometheus.io/scrape: "true"## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler.## If not specified, the Tenant pods will be dispatched by default scheduler.# scheduler:# name: my-custom-schedulerspec:## Registry location and Tag to download MinIO Server imageimage: minio/minio:RELEASE.2021-08-17T20-53-08ZimagePullPolicy: IfNotPresent## Secret with credentials to be used by MinIO Tenant.## Refers to the secret object created above.credsSecret:name: minio-autocert-no-encryption-minio-creds-secret## Specification for MinIO Pool(s) in this Tenant.pools:- servers: 1volumesPerServer: 4volumeClaimTemplate:metadata:name: dataspec:accessModes:- ReadWriteOnceresources:requests:storage: 10Gi # your storage here## Mount path where PV will be mounted inside container(s).mountPath: /data## Sub path inside Mount path where MinIO stores data.# subPath: /data## Enable automatic Kubernetes based certificate generation and signing as explained in## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-clusterrequestAutoCert: false## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is## not provided. DNS name format is *.minio.default.svc.cluster.localcertConfig:commonName: ""organizationName: []dnsNames: []## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel"## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy## for details.podManagementPolicy: Parallel## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config)# env:# - name: MINIO_BROWSER# value: "off" # to turn-off browser# - name: MINIO_STORAGE_CLASS_STANDARD# value: "EC:2"## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods.## This is applied to MinIO pods only.## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/# priorityClassName: high-priorityIn the above file, change the
namespace
to be your namespace. Also, make sure to set thestorage
value to however much space you want to give the tenant. Keep in mind it creates 4 volumes, so it's storage * 4.Apply the configuration:
microk8s kubectl apply -f minio-tenant.yamlMake sure everything is running
microk8s kubectl get pods -AThe output should look similar to this:
minio-operator minio-operator-c4cc8db47-mrpnc 1/1 Running 0 11mminio-operator console-5f978bcbdf-d2wmn 1/1 Running 0 11mexample minio-autocert-no-encryption-ss-0-0 1/1 Running 0 29sexample minio-autocert-no-encryption-console-7887db8b54-n8nvg 1/1 Running 0 2sexample minio-autocert-no-encryption-console-7887db8b54-brvkq 1/1 Running 0 2s
Create a bucket
note
This example uses the following credentials:
Accesskey: minio
Secretkey: minio123
Download MinIO client:
wget https://dl.min.io/client/mc/release/linux-amd64/mcchmod +x mcsudo mv ./mc /usr/local/bin/mcGet the endpoint for MinIO:
microk8s kubectl get endpoints -ANAMESPACE NAME ENDPOINTS AGEexample minio 10.1.131.146:9000 6m46sCreate a MinIO client alias:
mc alias set minio http://10.1.131.146:9000 minio minio123You can then proceed to create the bucket by running:
mc mb minio/mybucketVerify if bucket was successfully created by running:
mc ls miniooutput:[2021-06-18 18:55:32 UTC] 0B mybucket/
Onepanel Configuration
Set the
--artifact-repository-provider
flag tos3
For example
opctl init --provider microk8s \--enable-metallb \--artifact-repository-provider s3Params configuration
In your
params.yaml
use the following for theartifactRepository
configurationartifactRepository:s3:# S3 access keyaccessKey: 'minio'# Name of bucket, example: my-bucketbucket: 'mybucket' # Your bucket hereendpoint: 'minio.example.svc.cluster.local' # replace `example` with your namespacepublicEndpoint: 10.1.131.146:9000 # The IP address from minio# Change to true if endpoint does NOT support HTTPSinsecure: true# Key Format for objects stored by Workflows. This can reference Workflow variableskeyFormat: artifacts/{{workflow.namespace}}/{{workflow.name}}/{{pod.name}}# Bucket region, this can be anything since it is running locallyregion: us-west-2# S3 secret keysecretKey: 'minio123'