Introduction

MinIO® is a popular open source object storage server, specifically designed for deployment on Kubernetes. It offers high performance and high scalability and is compliant with the Amazon S3 API. It also supports active-active replication, bucket and object versioning, encryption and monitoring.

For enterprises looking for a high-performance object store, the easiest way to deploy MinIO® on Kubernetes is with the Bitnami Object Storage Helm chart based on MinIO®. This Helm chart packages the secure and up-to-date Bitnami Object Storage container based on MinIO® and deploys it on Kubernetes in conformance with current best practices. The chart also supports Ingress resources, facilitates the creation of TLS secrets and exports metrics for use with Prometheus.

One of the most interesting features of the Bitnami Object Storage Helm chart based on MinIO® is that it can be configured as a gateway for other other storage systems. This offers both security and administrative benefits:

It improves security by working as an intermediate layer between storage consumers and connected cloud storage accounts. For example, if you wanted to configure Google Cloud Storage (or any other cloud storage service) as a CDN for WordPress, you would typically need to provide your storage account credentials to WordPress. But, if using the Bitnami Object Storage Helm chart based on MinIO® as a gateway, you would only need to provide the Helm chart credentials to WordPress. This provides an additional layer of protection for your connected storage account credentials.
It allows access to data stored in cloud storage accounts through an interface and application which is entirely under your control, whil still benefiting from services offered by the cloud provider, such as automated data backup, disaster recovery, geographical redundancy, API access and more.

Currently, the Bitnami Object Storage Helm chart based on MinIO® supports usage as a gateway for Azure Blob Storage, Google Cloud Storage, Amazon S3 and Network Attached Storage. This article walks you through the process, using Google Cloud Storage as an example.

Assumptions and prerequisites

This article assumes that:

You have a Google Cloud account. Register for a Google Cloud account.
You have a Kubernetes cluster running with Helm v3.x and kubectl installed. Learn more about getting started with Kubernetes and Helm using different cloud providers.

Step 1: Create a Google Cloud service account with storage privileges

If you already have a Google Cloud service account with the storage.admin role and JSON credentials,you can use that instead and skip to Step 2.

MinIO® uses a service account to access data on the cloud storage provider. Therefore, the first step is to log in to the Google Cloud Console and create a Google Cloud service account, as described in the Google Cloud documentation.

Once your service account is created, perform the following steps:

Select the project you wish to use.
Navigate to the "IAM & Admin -> IAM" page of the Google Cloud Console.
Search for and select the new service account in the list of available accounts.
Assign the storage.admin role to the new service account. Learn more about IAM roles. Save the changes.
Navigate to the "IAM & Admin -> Service Accounts" page of the Google Cloud Console.
Search for and select the new service account in the list of available accounts.
On the service account detail page, select the "Keys" tab.
Select the "Add Key -> Create new key" menu item and select "JSON" as the key type.

Download the JSON key file when prompted.

Step 2: Deploy the Bitnami Object Storage Helm Chart based on MinIO(R) on Kubernetes

The next step is to deploy the Bitnami Object Storage Helm chart based on MinIO® on Kubernetes. Follow the steps below:

Add the Bitnami chart repository to Helm:

helm repo add bitnami https://charts.bitnami.com/bitnami

Create the following values.yml file holding the values that will be supplied to the Helm chart. Replace the GOOGLE-CLOUD-PROJECT-ID placeholder with the ID of the Google Cloud project and the JSON-DATA placeholder with the contents of the JSON key file obtained in Step 1. Replace the ACCESS-KEY and SECRET-KEY placeholders with your choice of access key (minimum 3 characters) and secret (minimum 8 characters); these two values will be required to access the MinIO® Web interface.
```
service:
  type: LoadBalancer
gateway:
  type: gcs
  enabled: true
  auth:
    gcs:
      projectID: GOOGLE-CLOUD-PROJECT-ID
      accessKey: ACCESS-KEY
      secretKey: SECRET-KEY
      keyJSON: |
        JSON-DATA
```
TipThe configuration shown above will deploy the Bitnami Object Storage Helm chart based on MinIO® with a public load balancer IP address. If you prefer to have a cluster IP address instead, modify the service type accordingly.
Execute the following command to deploy the Bitnami Object Storage Helm chart based on MinIO® on Kubernetes:
```
helm install minio bitnami/minio -f values.yml
```
Wait for a few minutes until the chart is deployed.
Tip
See the complete list of parameters supported by the Bitnami Object Storage Helm chart based on MinIO®.

Obtain the IP address of the service:

kubectl get svc --namespace default minio --template "{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"

Browse to http://IP-ADDRESS:9000/minio, replacing the IP address placeholder with the service IP address, and you will see the MinIO® Web interface, as shown below:

Step 3: Log in and start using the gateway

You can now begin using the Bitnami Object Storage Helm chart based on MinIO® as a gateway to Google Cloud Storage.

Log in to the application using the values defined in the ACCESS-KEY and SECRET-KEY placeholders. You will see the file browser, as shown below:

Create a new bucket by clicking the "+ -> Create bucket" icon at the bottom right corner of the page. Enter a name for the new bucket.

The new bucket is created and appears in the bucket list on the left navigation bar.

Select the new bucket in the left navigation bar. Click the triple-dot menu next to the bucket name and select the "Edit policy" menu item.

Set the bucket policy to "Write Only" and click "Add".

Select the new bucket again in the left navigation bar. Click the "+ -> Upload file" icon at the bottom right corner of the page. Select a local file.

The new file is uploaded and appears in the bucket contents, as shown below:

The Bitnami Object Storage Helm chart based on MinIO® is now configured and working as a gateway to Google Cloud Storage. In a similar way, it can be configured as a gateway to other cloud storage services, including Amazon S3 and Azure Blob Storage. Refer to the Helm chart gateway parameters for more information on each of these options.

Useful links

To learn more about the topics discussed in this guide, use the links below:

Disclaimer

All software products, projects and company names are trademark(TM) or registered(R) trademarks of their respective holders, and use of them does not imply any affiliation or endorsement. This software is licensed to you subject to one or more open source licenses and VMware provides the software on an AS-IS basis. MinIO(R) is a registered trademark of the MinIO, Inc in the US and other countries. Bitnami is not affiliated, associated, authorized, endorsed by, or in any way officially connected with MinIO Inc.

In this tutorial

Introduction
Assumptions and prerequisites
Step 1: Create a Google Cloud service account with storage privileges
Step 2: Deploy the Bitnami Object Storage Helm Chart based on MinIO(R) on Kubernetes
Step 3: Log in and start using the gateway
Useful links
Disclaimer

Deploy the Bitnami Object Storage Helm chart based on MinIO(R) as a Google Cloud Storage Gateway