How to install MinIO Tenant using cert manager in OpenShift - cniackz/public GitHub Wiki
Objective:
Install MinIO Tenant using cert-manager in OpenShift
Steps:
- Create cluster:
crc stop
crc delete
crc setup
crc start
- Install Operator:
oc login -u kubeadmin https://api.crc.testing:6443
oc apply -k github.com/minio/operator/
oc adm policy add-scc-to-user privileged -n minio-operator -z minio-operator
oc adm policy add-scc-to-user privileged -n minio-operator -z console-sa
oc adm policy add-scc-to-user privileged -n minio-operator -z default
oc adm policy add-scc-to-user privileged -n minio-operator -z builder
oc adm policy add-scc-to-user privileged -n minio-operator -z deployer
oc login -u kubeadmin https://api.crc.testing:6443
oc port-forward svc/console 9090 -n minio-operator
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: cluster-role-cesar-5
rules:
- apiGroups: [""]
resources:
- namespaces
- resourcequotas
- deletecollection
- persistentvolumeclaims
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: role-binding-cesar-5
namespace: openshift-operators
subjects:
- kind: ServiceAccount
name: minio-operator
namespace: openshift-operators
roleRef:
kind: ClusterRole
name: cluster-role-cesar-5
apiGroup: rbac.authorization.k8s.io
oc login -u kubeadmin https://api.crc.testing:6443
oc apply -f ~/permissions.yaml
- Install cert-manager:
oc apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml
- Install Tenant:
- File: /home/ccelis/operator/examples/kustomization/tenant-certmanager/tenant.yaml
apiVersion: minio.min.io/v2
kind: Tenant
metadata:
name: storage
namespace: minio-tenant
spec:
## Disable default tls certificates.
requestAutoCert: false
## Use certificates generated by cert-manager.
externalCertSecret:
- name: tenant-certmanager-tls
type: cert-manager.io/v1
pools:
- name: pool-0
servers: 1
volumeClaimTemplate:
apiVersion: v1
kind: persistentvolumeclaims
metadata:
creationTimestamp: null
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: crc-csi-hostpath-provisioner
volumesPerServer: 1
sleep 120 # wait 2 minutes
rm -rf ~/operator
cd ~/
git clone https://github.com/minio/operator.git
oc apply -k ~/operator/examples/kustomization/tenant-certmanager
oc create serviceaccount minio-operator -n tenant-certmanager
oc adm policy add-scc-to-user privileged -n tenant-certmanager -z minio-operator
oc adm policy add-scc-to-user privileged -n tenant-certmanager -z builder
oc adm policy add-scc-to-user privileged -n tenant-certmanager -z deployer
oc adm policy add-scc-to-user privileged -n tenant-certmanager -z default
- Tenant is running with TLS provided by cert-manager:
MinIO Object Storage Server
Copyright: 2015-2023 MinIO, Inc.
License: GNU AGPLv3 <https://www.gnu.org/licenses/agpl-3.0.html>
Version: RELEASE.2023-01-12T02-06-16Z (go1.19.4 linux/amd64)
Status: 1 Online, 0 Offline.
API: https://minio.tenant-certmanager.svc.cluster.local
Console: https://10.217.0.85:9443 https://127.0.0.1:9443
Documentation: https://min.io/docs/minio/linux/index.html
Warning: The standard parity is set to 0. This can lead to data loss.
You are running an older version of MinIO released 1 week ago
Update: Run `mc admin update`