From 1d35e3632f47eed5043eb358796d7c3a463a9848 Mon Sep 17 00:00:00 2001 From: Alexander Rundberg Date: Sun, 29 Jun 2025 11:59:13 +0200 Subject: [PATCH] docs: update minio object store docs The MinIO Gateway is deprecated as of 2022-02-24: https://blog.min.io/deprecation-of-the-minio-gateway/ These updated docs explain how to use MinIO's S3-compatible object storage without the need for setting up a dedicated gateway. Signed-off-by: Alexander Rundberg --- web/docs/object_stores.md | 91 ++++++++------------------------------- 1 file changed, 17 insertions(+), 74 deletions(-) diff --git a/web/docs/object_stores.md b/web/docs/object_stores.md index c3179ad..d3e1238 100644 --- a/web/docs/object_stores.md +++ b/web/docs/object_stores.md @@ -384,87 +384,30 @@ write permissions to the bucket. --- -## MinIO Gateway +## MinIO Object Store -MinIO Gateway can proxy requests to cloud object storage providers like S3 or GCS. -For more information, refer to [MinIO official documentation](https://docs.min.io/). +For the lastest documentation on MinIO, please refer to the +[MinIO official documentation](https://docs.min.io/). -### Setup +MinIO Object Store's API is compatible with S3, the default configuration of the tenant +will create these services: +- `-console` on port 9090 (with autocert) or 9443 (without autocert) +- `-hl` on port 9000 -Create MinIO access credentials: +The `console` service is for managing the tenant, while the `hl` service exposes the S3 +compatible API. If your tenant is configured with `requestAutoCert` you will communicate +to these services over HTTPS, if not you will use HTTP. + +For authentication you can use your username and password, or create an access key. +Whichever method you choose, it has to be stored as a secret. ```sh kubectl create secret generic minio-creds \ - --from-literal=MINIO_ACCESS_KEY= \ - --from-literal=MINIO_SECRET_KEY= + --from-literal=MINIO_ACCESS_KEY= \ + --from-literal=MINIO_SECRET_KEY= ``` -:::note -Cloud Object Storage credentials will be used only by MinIO Gateway in this -case. -::: - -Expose MinIO Gateway via `ClusterIP`: - -```yaml -apiVersion: v1 -kind: Service -metadata: - name: minio-gateway-service -spec: - type: ClusterIP - ports: - - port: 9000 - targetPort: 9000 - protocol: TCP - selector: - app: minio -``` - -Here follows an excerpt of an example of deployment relaying to S3: - -```yaml -apiVersion: apps/v1 -kind: Deployment -[...] -spec: - containers: - - name: minio - image: minio/minio:RELEASE.2020-06-03T22-13-49Z - args: ["gateway", "s3"] - ports: - - containerPort: 9000 - env: - - name: MINIO_ACCESS_KEY - valueFrom: - secretKeyRef: - name: minio-creds - key: MINIO_ACCESS_KEY - - name: MINIO_SECRET_KEY - valueFrom: - secretKeyRef: - name: minio-creds - key: MINIO_SECRET_KEY - - name: AWS_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: aws-creds - key: ACCESS_KEY_ID - - name: AWS_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: aws-creds - key: ACCESS_SECRET_KEY -# Uncomment the below section if session token is required -# - name: AWS_SESSION_TOKEN -# valueFrom: -# secretKeyRef: -# name: aws-creds -# key: ACCESS_SESSION_TOKEN -``` - -Proceed by configuring MinIO Gateway service as the `endpointURL` in the -`ObjectStore` definition, then choose a bucket name to replace `BUCKET_NAME`: +Finally, create the Barman ObjectStore: ```yaml apiVersion: barmancloud.cnpg.io/v1 @@ -474,7 +417,7 @@ metadata: spec: configuration: destinationPath: s3://BUCKET_NAME/ - endpointURL: http://minio-gateway-service:9000 + endpointURL: http://-hl:9000 s3Credentials: accessKeyId: name: minio-creds