Understanding the MinIO Kubernetes Operator
As IT professionals, we’ve witnessed the rapid rise of object storage and its pivotal role in enabling emerging applications on the public cloud. However, this has also created significant challenges for IT teams, who have struggled to provision multi-tenant object storage as a service within their own infrastructures. The primary driver for developers turning to the public cloud was simple — IT lacked the expertise to create, deploy, tune, scale, and manage modern, application-oriented object storage using Kubernetes.
Enter the MinIO Kubernetes Operator, a game-changing solution that simplifies the deployment and management of MinIO, a high-performance object store with an S3-compatible API. Designed from the ground up to leverage the power of Kubernetes, the MinIO Operator provides IT teams with the tools they need to deliver object storage as a service, without sacrificing the granularity and control that developers demand.
The MinIO Operator extends Kubernetes’s familiar declarative API model through the use of custom resource definitions (CRDs), enabling IT professionals to perform common operations like resource orchestration, non-disruptive upgrades, cluster expansion, and high-availability maintenance — tasks that were previously handled using a Helm chart.
But the MinIO Operator is just one part of the equation. The MinIO team has also introduced the Operator Console, a straightforward graphical user interface that makes it easier than ever to create, deploy, and manage Kubernetes-native object storage. With the Operator Console, even those without deep Kubernetes expertise can provision multi-tenant object storage as a service across hybrid cloud environments.
Deploying the MinIO Operator
To get started with the MinIO Operator, we’ll need to ensure our Kubernetes cluster meets the necessary prerequisites. Beginning with Operator version 6.0.0, MinIO requires Kubernetes version 1.28.0 or later, so we’ll need to verify our cluster is running a compatible version.
We’ll also need to ensure the Kubernetes kube-controller-manager configuration includes the necessary settings for handling certificate signing requests (CSRs). Specifically, we’ll need to confirm the presence of the following configuration parameters:
--cluster-signing-key-file
--cluster-signing-cert-file
These settings are required for the MinIO Operator to manage the TLS certificates used by the deployed MinIO tenants.
With the prerequisites in place, we can proceed with the installation of the MinIO Operator. For this, we’ll be using the Kustomize tool, which is included with the kubectl command-line utility.
First, let’s create a new namespace for the MinIO Operator:
bash
kubectl create namespace minio-operator
Next, we’ll use Kustomize to install the latest stable version of the MinIO Operator:
bash
kubectl -k https://github.com/minio/operator/deploy/kustomize
This command will apply the necessary Kubernetes resources to deploy the MinIO Operator in the minio-operator namespace. We can verify the installation by checking the status of the Operator pods:
bash
kubectl get pods -n minio-operator
The output should resemble the following:
NAME READY STATUS RESTARTS AGE
minio-operator-6d984c87d-5m7zx 2/2 Running 0 2m
In this example, the minio-operator pod is the MinIO Operator, and the console pod is the Operator Console.
Creating a MinIO Tenant
With the MinIO Operator installed, we can now create a MinIO tenant within our Kubernetes cluster. The primary unit of management for MinIO on Kubernetes is the tenant, which can be thought of as an isolated MinIO cluster within a specific Kubernetes namespace.
To create a new MinIO tenant, we’ll use the MinIO CRD (custom resource definition) and Kustomize. MinIO provides a variety of example configurations in the Operator GitHub repository, which we can use as a starting point.
Let’s create a 4-node MinIO tenant with 4 volumes per node:
bash
kubectl -k https://github.com/minio/operator/examples/tenant
This command will apply the necessary Kubernetes resources to deploy the 4-node MinIO tenant in a new namespace.
We can verify the status of the tenant by listing the services created by the MinIO Operator:
bash
kubectl get services -n minio-tenant-1
The output should resemble the following:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
minio ClusterIP 10.96.231.126 <none> 9000/TCP 2m
minio-tenant-1-console ClusterIP 10.96.35.154 <none> 9090/TCP 2m
The minio service provides the S3-compatible API for applications within the Kubernetes cluster to interact with the MinIO tenant. The minio-tenant-1-console service is used by administrators to access the MinIO Console and manage the tenant, such as provisioning users, groups, and policies.
Connecting to the MinIO Tenant
By default, the MinIO Operator deploys the tenant with TLS encryption enabled, using the Kubernetes Certificate Authority (CA) to sign the required x.509 certificates. This means that clients external to the Kubernetes cluster must trust the Kubernetes cluster CA to connect to the MinIO Operator or MinIO tenants.
For applications within the Kubernetes cluster, you can use the minio service to interact with the MinIO tenant’s S3-compatible API. For administrators managing the tenant, you can use the minio-tenant-1-console service to access the MinIO Console.
If you need to access the MinIO tenant from outside the Kubernetes cluster, you’ll need to configure Ingress or a Load Balancer to expose the MinIO services. Alternatively, you can use the kubectl port-forward command to temporarily forward traffic from your local machine to the MinIO tenant.
bash
kubectl port-forward -n minio-tenant-1 svc/minio 9000:9000
kubectl port-forward -n minio-tenant-1 svc/minio-tenant-1-console 9090:9090
These commands will forward the minio and minio-tenant-1-console services to your local machine, allowing you to access the MinIO S3 API and Console at http://127.0.0.1:9000 and http://127.0.0.1:9090, respectively.
Managing MinIO Tenants with the Operator Console
While the MinIO Operator provides a command-line interface for managing MinIO tenants, the Operator Console offers a more user-friendly, graphical approach. The Operator Console is a browser-based interface that simplifies the creation, deployment, and management of Kubernetes-native object storage, even for IT professionals without deep Kubernetes expertise.
With the Operator Console, you can perform a wide range of tasks, including:
- Tenant Management: Create, delete, and modify MinIO tenants within your Kubernetes cluster.
- User and Policy Management: Provision users, groups, and access policies for the MinIO tenants.
- Monitoring and Alerting: Monitor the health, performance, and usage of your MinIO tenants, and set up alerts for critical events.
- Versioning and Upgrades: Upgrade MinIO tenants to the latest version with a single click, ensuring your object storage infrastructure is always up-to-date.
- Backup and Restore: Easily back up and restore your MinIO tenants, safeguarding your data against accidental deletion or other data loss scenarios.
To access the Operator Console, you can use the minio-tenant-1-console service that was created as part of the MinIO tenant deployment. Alternatively, you can configure Ingress or a Load Balancer to expose the Operator Console to external users.
Conclusion
The MinIO Kubernetes Operator and Operator Console represent a significant advancement in the world of object storage, empowering IT professionals to deliver multi-tenant object storage as a service within their own infrastructures. By leveraging the power of Kubernetes, the MinIO Operator simplifies the deployment and management of MinIO, a high-performance, S3-compatible object store, while the Operator Console provides a user-friendly interface for even the most Kubernetes-averse IT teams.
With the MinIO Operator, IT can regain control over object storage provisioning, ensuring security, compliance, and budget alignment, while still providing developers with the flexibility and self-service capabilities they demand. Whether you’re managing a small-scale object storage deployment or a large-scale, multi-tenant environment, the MinIO Operator and Operator Console are powerful tools that can help you deliver object storage as a service within your Kubernetes-based infrastructure.
To get started with the MinIO Operator, visit the MinIO Operator GitHub repository and follow the installation instructions. For more information on the Operator Console and other MinIO features, be sure to check out the MinIO documentation.
