MinIO and Pelorus Quickstart

The following is a walkthrough for deploying MinIO on OpenShift and then configuring Pelorus to consume it as a Long Term Storage solution.

Configure Namespace and Storage Security

To allow minio to run, add a security constraint context. Run the following command from within the root repository directory

oc create namespace minio
oc apply -f storage/minio-scc.yaml

Deploy MinIO from Helm Chart

To retain Pelorus dashboard data in the long-term, we'll deploy an instance of minio and create a bucket called thanos.

helm install --namespace minio --set "buckets[0].name=thanos" \
--set "buckets[0].policy=none" \
--set "buckets[0].purge=false" \
--set "configPathmc=/tmp/minio/mc" \
--set "DeploymentUpdate.type=\"Recreate\"" pelorus-minio stable/minio

• Recreate mode is used. RollingDeployments won't allow re-deployment while a pvc is in use
• Configuration and certificate path changed to work with openshift

Secure Minio Object Storage

Secure minio using a service serving certificate

helm upgrade --namespace minio --set "certsPath=/tmp/minio/certs" \
--set "tls.enabled=true" \
--set "tls.certSecret=pelorus-minio-tls" \
--set "tls.privateKey=tls.key,tls.publicCrt=tls.crt" \
--set "service.annotations.service\.beta\.openshift\.io/serving-cert-secret-name=pelorus-minio-tls" \
--set "DeploymentUpdate.type=\"Recreate\"" pelorus-minio stable/minio

Update Pelorus Configuration

To update our Pelorus stack, run the following script from within the root repository directory.

./runhelm.sh -n pelorus \
-s "bucket_access_point=pelorus-minio.minio.svc:9000" \
-s "bucket_access_key=AKIAIOSFODNN7EXAMPLE" \
-s "bucket_secret_access_key=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"