Using MinIO as an object store backend for Zercurity on Kubernetes

Prerequisites

  • Kubernetes 1.19 and higher configured with at least 4 nodes.
  • Kubernetes certificate API.
kubectl -n kube-system get po | grep kube-controller-manager
kubectl get pod kube-controller-manager-prod-control-plane-xyz \
-n kube-system -o yaml
--cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt
--cluster-signing-key-file=/etc/kubernetes/pki/ca.key
wget https://github.com/minio/operator/releases/download/v4.4.4/kubectl-minio_4.4.4_linux_amd64 -O kubectl-minio
chmod +x kubectl-minio
mv kubectl-minio /usr/local/bin/
kubectl minio version

Deploying MinIO

With MinIO installed, you can now deploy the MinIO operator. This will deploy the Operator into the default minio-operator namespace. You can specify the kubectl minio init -namespace minio argument to deploy the operator into a different namespace.

kubectl minio init
kubectl get all --namespace minio-operator
kubectl minio proxy
Copy the provided JWT token into the Operator Login pane.

Creating our Tenant

In the very top right you’ll see a button to create a new Tenant. A Tenant will be used to create the S3-alike service. This will be your Bucket. Once created you’ll automatically be generated an AWS-alike IAM access key and token.

Configuring MinIO’s storage class for the Zercurity namespace
MinIO IAM keys
MinIO Tenants
MinIO Tenant status

Configuring Zercurity

To configure Zercurity you’ll need to provide these additional environment variables into either your production.env or Kubernetes configuration file:

AWS_ENDPOINT_URL=https://10.72.32.16
AWS_ACCESS_KEY_ID=
AWS_SECRET_ACCESS_KEY=
AWS_S3_BUCKET=zercurity
kubectl -n zercurity apply -f config.yml

Migrating the existing data

If you’ve been using Zercurity via docker-compose you can synchronize your existing files with the aws sync command. First edit or create the file: nano ~/.aws/credentials . The brackets specify the profile name.

[zercurity]
aws_access_key_id=Drdyg7kKlyQmKkgl
aws_secret_access_key=8TDrdyg7kKlyQmKkglDrdyg7kKlyQmKkgl
aws --profile zercurity --endpoint-url https://10.72.32.16 --no-verify-ssl s3 sync /var/lib/zercurity/data/ s3://zercurity/

Its all over!

We hope you found this helpful. Please feel free to get in touch if you have any questions.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Zercurity

Zercurity

Real-time security and compliance delivered.