MinIO Server Documentation
Customer Login
Product
MinIO Enterprise Object Store
Overview Architecture
Features
MinIO for Public Cloud
AWS GCS Azure
MinIO for Private Cloud
OpenShift SUSE Rancher Tanzu
MinIO for Baremetal
Linux and Windows
Determine your raw and usable capacity Erasure Code Calculator MinIO's Recommended Hardware Configuration Reference Hardware
Solutions
AI Storage Object storage is powering the AI revolution. Learn how MinIO is leading the AI storage market through performance at scale. Modern Datalakes Modern, multi-engine datalakes depend on object stores that deliver performance at scale. Learn more about this core MinIO use case. Hybrid Cloud Effective multi-cloud storage strategies rely on utilizing architecture and tools that can function seamlessly across diverse environments. Equinix Repatriate your data onto the cloud you control with MinIO on Equinix to lower costs while maintaining public cloud adjacency. Splunk Find out how MinIO is delivering performance at scale for Splunk SmartStores. Snowflake Query and analyze multiple data sources, including streaming data, residing on MinIO with the Snowflake Data Cloud. No need to move the data, just query using SnowSQL. SQL Server Discover how to pair SQL Server 2022 with MinIO to run queries on your data on any cloud - without having to move it. HDFS Migration Modernize and simplify your big data storage infrastructure with high-performance, Kubernetes-native object storage from MinIO. VMware Discover how MinIO integrates with VMware across the portfolio from the Persistent Data platform to TKG and how we support their Kubernetes ambitions. Veeam Learn how MinIO and Veeam have partnered to drive performance and scalability for a variety of backup use cases. Commvault Learn how Commvault and MinIO are partnered to deliver performance at scale for mission critical backup and restore workloads. Integrations Browse our vast portfolio of integrations.
Community
GitHub Join our GitHub open source community: explore, experiment, ask questions, and contribute. Slack Channel The MinIO Community Slack provides an open forum for discussing topics related to MinIO. All support is provided on a best-effort basis.
Docs Blog Resources Training Partner Pricing Download

Documentation

MinIO Object Storage for Kubernetes

Modify a MinIO Tenant

The procedures on this page use the MinIO Operator Console for modifying an existing tenant.

MinIO Operator Tenant Console

Certificate Management

The Security section provides tools for adding and managing certificates for the tenant.

Review Certificate expiration

New in version Console: 0.23.1

A message displays under the certificate with the date of expiration and length of time until expiration.

The message adjusts depending on the length of time to expiration:

  • More than 30 days, the message text displays in gray.

  • Within 30 days, the message text changes to orange.

  • Within 10 days, the message text changes to red.

  • Within 24 hours, the message displays as an hour and minute countdown in red text.

  • After expiration, the message displays as EXPIRED.

Modify Tenant TLS Configuration

The MinIO Operator Console supports adding and removing TLS certificates from a MinIO Tenant.

From the Operator Console view, select the Tenant to open the summary view, then select Security. You can make the following modifications:

Enable or Disable TLS

Toggle the TLS switch to direct the Operator to either enable or disable TLS for the deployment. The MinIO Operator automatically generates the necessary TLS certificates using the Kubernetes TLS API. See Enabling TLS for more information.

Add Custom TLS Certificates

MinIO Tenants support Server Name Indication (SNI), where the MinIO server identifies which certificate to use based on the hostname specified by the connecting client. The MinIO Operator can attach additional TLS certificates to the Tenant to enable SNI-based TLS connectivity.

To customize the TLS certificates mounted on the MinIO Tenant, enable the Custom Certificates switch. Select the Add Certificate + button to add custom TLS certificates.

Add Trusted Certificate Authorities

The MinIO Tenant validates the TLS certificate presented by each connecting client against the host system’s trusted root certificate store. The MinIO Operator can attach additional third-party Certificate Authorities (CA) to the Tenant to allow validation of client TLS certificates signed by those CAs.

To customize the trusted CAs mounted to each Tenant MinIO pod, enable the Custom Certificates switch. Select the Add CA Certificate + button to add third party CA certificates.

If the MinIO Tenant cannot match an incoming client’s TLS certificate issuer against either the container OS’s trust store or an explicitly attached CA, MinIO rejects the connection as invalid.

Manage Tenant Pools

Specify Runtime Class

New in version Console: 0.23.1

When adding a new pool or modifying an existing pool for a tenant, you can specify the Runtime Class Name for pools to use.

Decommission a Tenant Server Pool

MinIO Operator 4.4.13 and later support decommissioning a server pool in a Tenant. Specifically, you can follow the Decommission a Server pool procedure to remove the pool from the tenant, then edit the tenant YAML to drop the pool from the StatefulSet. When removing the Tenant pool, ensure the spec.pools.[n].name fields have values for all remaining pools.

This work is licensed under a Creative Commons Attribution 4.0 International License. 2020-Present, MinIO, Inc. Creative Commons License