Package v2 - This page provides a quick automatically generated reference for the MinIO Operator minio.min.io/v2
CRD. For more complete documentation on the MinIO Operator CRD, see MinIO Kubernetes Documentation.
The minio.min.io/v2
API was released with the v4.0.0 MinIO Operator. The MinIO Operator automatically converts existing tenants using the /v1
API to /v2
.
Bucket describes the default created buckets
Field | Description |
---|---|
|
|
|
|
|
CertificateConfig (certConfig
) defines controlling attributes associated to any TLS certificate automatically generated by the Operator as part of tenant creation. These fields have no effect if spec.autoCert: false
.
Field | Description |
---|---|
|
Optional The |
|
Optional Specify one or more |
|
Optional Specify one or more x.509 Subject Alternative Names (SAN) to associate to automatically generated TLS certificates. MinIO Server pods use SNI to determine which certificate to respond with based on the requested hostname. |
CertificateStatus keeps track of all the certificates managed by the operator
Field | Description |
---|---|
|
AutoCertEnabled registers whether we know if the tenant has autocert enabled |
|
Provides the output of the |
CustomCertificateConfig (customCertificateConfig
) provides attributes associated of the TLS certificates manually added to the Operator as part of tenant creation. These fields contain no data if there are no custom TLS certificates.
Field | Description |
---|---|
|
Optional Output one or more |
|
Optional Output one or more |
|
Optional Output one or more |
|
Optional Output one or more |
|
Optional Output one or more |
CustomCertificates (customCertificates
) provides groupings of the TLS certificates manually added to the Operator as part of tenant creation. These fields contain no data if there are no custom TLS certificates.
Field | Description |
---|---|
|
Optional Client |
|
Optional Minio |
|
Optional Certificate Authorities |
ExposeServices (exposeServices
) defines the exposure of the MinIO object storage and Console services.
Field | Description |
---|---|
|
Optional Directs the Operator to expose the MinIO service. Defaults to |
|
Optional Directs the Operator to expose the MinIO Console service. Defaults to |
Features (features
) - Object describing which MinIO features to enable/disable in the MinIO Tenant.
Field | Description |
---|---|
|
Optional Specify |
|
Optional Specify a list of domains used to access MinIO and Console. |
|
Optional Starts minio server with SFTP support |
HealthStatus represents whether the tenant is healthy, with decreased service or offline
KESConfig (kes
) defines the configuration of the MinIO Key Encryption Service (KES) StatefulSet deployed as part of the MinIO Tenant. KES supports Server-Side Encryption of objects using an external Key Management Service (KMS).
Field | Description |
---|---|
|
Optional Specify the number of replica KES pods to deploy in the tenant. Defaults to |
|
Optional The Docker image to use for deploying MinIO KES. Defaults to minio/kes:2024-04-12T13-50-00Z. |
|
Optional The pull policy for the MinIO Docker image. Specify one of the following:
Refer to the Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
Optional The Kubernetes Service Account to use for running MinIO KES pods created as part of the Tenant. |
|
Required Specify a Kubernetes opaque secret which contains environment variables to use for setting up the MinIO KES service. See the MinIO Operator |
|
Optional Enables TLS with SNI support on each MinIO KES pod in the tenant. If Specify a Kubernetes TLS secret. The MinIO Operator copies the specified certificate to every MinIO pod in the tenant. When the MinIO pod/service responds to a TLS connection request, it uses SNI to select the certificate with matching Specify an object containing the following fields:
See the MinIO Operator CRD reference for examples and more complete documentation on configuring TLS for MinIO Tenants. |
|
Optional Specify a a Kubernetes TLS secret containing a custom root Certificate Authority and x.509 certificate to use for performing mTLS authentication with an external Key Management Service, such as Hashicorp Vault. Specify an object containing the following fields:
|
|
Optional Specify the GCP default credentials to be used for KES to authenticate to GCP key store |
|
Optional Specify the name of the workload identity pool (This is required for generating service account token) |
|
Optional If provided, use these annotations for KES Object Meta annotations |
|
Optional If provided, use these labels for KES Object Meta labels |
|
Optional Object specification for specifying CPU and memory resource allocations or limits in the MinIO tenant. |
|
Optional The filter for the Operator to apply when selecting which nodes on which to deploy MinIO KES pods. The Operator only selects those nodes whose labels match the specified selector. See the Kubernetes documentation on Assigning Pods to Nodes for more information. |
|
Optional Specify one or more Kubernetes tolerations to apply to MinIO KES pods. |
|
Optional Specify node affinity, pod affinity, and pod anti-affinity for the KES pods. |
|
Optional Specify one or more Kubernetes Topology Spread Constraints to apply to pods deployed in the MinIO pool. |
|
Optional If provided, use this as the name of the key that KES creates on the KMS backend |
|
Specify the Security Context of MinIO KES pods. The Operator supports only the following pod security fields:
|
|
Specify the Security Context of MinIO KES pods. |
|
Optional If provided, the MinIO Operator adds the specified environment variables when deploying the KES resource. |
LocalCertificateReference (externalCertSecret
, externalCaCertSecret
,clientCertSecret
) contains a Kubernetes secret containing TLS certificates or Certificate Authority files for use with enabling TLS in the MinIO Tenant.
Field | Description |
---|---|
|
Required The name of the Kubernetes secret containing the TLS certificate or Certificate Authority file. |
|
Required The type of Kubernetes secret. Specify |
Logging describes Logging for MinIO tenants.
Field | Description |
---|---|
|
|
|
|
|
Pool (pools
) defines a MinIO server pool on a Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant.
See the MinIO Operator CRD reference for the pools
object for examples and more complete documentation.
Field | Description |
---|---|
|
Required Specify the name of the pool. The Operator automatically generates the pool name if this field is omitted. |
|
Required The number of MinIO server pods to deploy in the pool. The minimum value is The MinIO Operator requires a minimum of |
|
Required The number of Persistent Volume Claims to generate for each MinIO server pod in the pool. The MinIO Operator requires a minimum of |
|
Required Specify the configuration options for the MinIO Operator to use when generating Persistent Volume Claims for the MinIO tenant. |
|
Optional Object specification for specifying CPU and memory resource allocations or limits in the MinIO tenant. |
|
Optional The filter for the Operator to apply when selecting which nodes on which to deploy pods in the pool. The Operator only selects those nodes whose labels match the specified selector. See the Kubernetes documentation on Assigning Pods to Nodes for more information. |
|
Optional Specify node affinity, pod affinity, and pod anti-affinity for pods in the MinIO pool. |
|
Optional Specify one or more Kubernetes tolerations to apply to pods deployed in the MinIO pool. |
|
Optional Specify one or more Kubernetes Topology Spread Constraints to apply to pods deployed in the MinIO pool. |
|
Optional Specify the Security Context of pods in the pool. The Operator supports only the following pod security fields:
|
|
Specify the Security Context of containers in the pool. The Operator supports only the following container security fields:
|
|
Optional Specify custom labels and annotations to append to the Pool.
Optional If provided, use these annotations for the Pool Objects Meta annotations (Statefulset and Pod template) |
|
Optional If provided, use these labels for the Pool Objects Meta annotations (Statefulset and Pod template) |
|
Optional If provided, each pod on the Statefulset will run with the specified RuntimeClassName, for more info https://kubernetes.io/docs/concepts/containers/runtime-class/ |
|
Optional If true. Will delete the storage when tenant has been deleted. |
PoolStatus keeps track of all the pools and their current state
Field | Description |
---|---|
|
|
|
|
|
LegacySecurityContext stands for Legacy SecurityContext. It represents that these pool was created before v4.2.3 when we introduced the default securityContext as non-root, thus we should keep running this Pool without a Security Context |
ServiceMetadata (serviceMetadata
) defines custom labels and annotations for the MinIO Object Storage service and/or MinIO Console service.
Field | Description |
---|---|
|
Optional If provided, append these labels to the MinIO service |
|
Optional If provided, append these annotations to the MinIO service |
|
Optional If provided, append these labels to the Console service |
|
Optional If provided, append these annotations to the Console service |
SideCars (sidecars
) defines a list of containers that the Operator attaches to each MinIO server pods in the pool
.
Field | Description |
---|---|
|
Optional List of containers to run inside the Pod |
|
Optional volumeClaimTemplates is a list of claims that pods are allowed to reference. The StatefulSet controller is responsible for mapping network identities to claims in a way that maintains the identity of a pod. Every claim in this list must have at least one matching (by name) volumeMount in one container in the template. A claim in this list takes precedence over any volumes in the template, with the same name. |
|
Optional List of volumes that can be mounted by containers belonging to the pod. More info: https://kubernetes.io/docs/concepts/storage/volumes |
|
Optional sidecar’s Resource, initcontainer will use that if set. |
Tenant is a Kubernetes object describing a MinIO Tenant.
Field | Description |
---|---|
|
|
|
|
|
Refer to Kubernetes API documentation for fields of |
|
|
|
Required The root field for the MinIO Tenant object. |
TenantDomains (domains
) - List of domains used to access the tenant from outside the kubernetes clusters.
this will only configure MinIO for the domains listed, but external DNS configuration is still needed.
The listed domains should include schema and port if any is used, i.e. https://minio.domain.com:8123
Field | Description |
---|---|
|
List of Domains used by MinIO. This will enable DNS style access to the object store where the bucket name is inferred from a subdomain in the domain. |
|
Domain used to expose the MinIO Console, this will configure the redirect on MinIO when visiting from the browser If Console is exposed via a subpath, the domain should include it, i.e. https://console.domain.com:8123/subpath/ |
TenantScheduler (scheduler
) - Object describing Kubernetes Scheduler to use for deploying the MinIO Tenant.
Field | Description |
---|---|
|
Optional Specify the name of the Kubernetes scheduler to be used to schedule Tenant pods |
TenantSpec (spec
) defines the configuration of a MinIO Tenant object.
The following parameters are specific to the minio.min.io/v2
MinIO CRD API spec
definition added as part of the MinIO Operator v4.0.0.
For more complete documentation on this object, see the MinIO Kubernetes Documentation.
Field | Description |
---|---|
|
Required An array of objects describing each MinIO server pool deployed in the MinIO Tenant. Each pool consists of a set of MinIO server pods which "pool" their storage resources for supporting object storage and retrieval requests. Each server pool is independent of all others and supports horizontal scaling of available storage resources in the MinIO Tenant. The MinIO Tenant See the MinIO Operator CRD reference for the |
|
Optional The Docker image to use when deploying |
|
Optional Specify the secret key to use for pulling images from a private Docker repository. |
|
Optional Pod Management Policy for pod created by StatefulSet |
|
optional Specify a Kubernetes opaque secret to use for setting the MinIO root access key and secret key. Specify the secret as
|
|
Optional If provided, the MinIO Operator adds the specified environment variables when deploying the Tenant resource. |
|
Optional Enables TLS with SNI support on each MinIO pod in the tenant. If Specify an array of Kubernetes TLS secrets. The MinIO Operator copies the specified certificates to every MinIO server pod in the tenant. When the MinIO pod/service responds to a TLS connection request, it uses SNI to select the certificate with matching Each element in the
See the MinIO Operator CRD reference for examples and more complete documentation on configuring TLS for MinIO Tenants. |
|
Optional Allows MinIO server pods to verify client TLS certificates signed by a Certificate Authority not in the pod’s trust store. Specify an array of Kubernetes TLS secrets. The MinIO Operator copies the specified certificates to every MinIO server pod in the tenant. Each element in the
See the MinIO Operator CRD reference for examples and more complete documentation on configuring TLS for MinIO Tenants. |
|
Optional Enables mTLS authentication between the MinIO Tenant pods and MinIO KES. Required for enabling connectivity between the MinIO Tenant and MinIO KES. Specify a Kubernetes TLS secrets. The MinIO Operator copies the specified certificate to every MinIO server pod in the tenant. The secret must contain the following fields:
The specified certificate must correspond to an identity on the KES server. See the KES Wiki for more information on KES identities. If deploying KES with the MinIO Operator, include the hash of the certificate as part of the See the MinIO Operator CRD reference for examples and more complete documentation on configuring TLS for MinIO Tenants. |
|
Optional Provide support for mounting additional client certificate into MinIO Tenant pods
Multiple client certificates will be mounted using the following folder structure:
Specify a Kubernetes TLS secrets. The MinIO Operator copies the specified certificate to every MinIO server pod in the tenant that later can be referenced using environment variables. The secret must contain the following fields:
|
|
Optional Mount path for MinIO volume (PV). Defaults to |
|
Optional Subpath inside mount path. This is the directory where MinIO stores data. Default to |
|
Optional Enables using Kubernetes-based TLS certificate generation and signing for pods and services in the MinIO Tenant.
If See the MinIO Operator CRD reference for examples and more complete documentation on configuring TLS for MinIO Tenants. |
|
Liveness Probe for container liveness. Container will be restarted if the probe fails. |
|
Readiness Probe for container readiness. Container will be removed from service endpoints if the probe fails. |
|
Startup Probe allows to configure a max grace period for a pod to start before getting traffic routed to it. |
|
Lifecycle hooks for container. |
|
S3 related features can be disabled or enabled such as |
|
Optional Enables setting the |
|
Optional Directs the MinIO Operator to deploy the MinIO Key Encryption Service (KES) using the specified configuration. The MinIO KES supports performing server-side encryption of objects on the MiNIO Tenant. |
|
Optional Directs the MinIO Operator to use prometheus operator. Tenant scrape configuration will be added to prometheus managed by the prometheus-operator. |
|
Optional The Kubernetes Service Account to use for running MinIO pods created as part of the Tenant. |
|
Optional Indicates the Pod priority and therefore importance of a Pod relative to other Pods in the cluster.
This is applied to MinIO pods only. Refer Kubernetes Priority Class documentation for more complete documentation. |
|
Optional The pull policy for the MinIO Docker image. Specify one of the following:
Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/containers/images#updating-images |
|
Optional A list of containers to run as sidecars along every MinIO Pod deployed in the tenant. |
|
Optional Directs the Operator to expose the MinIO and/or Console services. |
|
Optional Specify custom labels and annotations to append to the MinIO service and/or Console service. |
|
Optional An array of Kubernetes opaque secrets to use for generating MinIO users during tenant provisioning. Each element in the array is an object consisting of a key-value pair Each referenced Kubernetes secret must include the following fields:
The Operator creates each user with the |
|
Optional Create buckets when creating a new tenant. Skip if bucket with given name already exists |
|
Optional Enable JSON, Anonymous logging for MinIO tenants. |
|
Optional Specify a secret that contains additional environment variable configurations to be used for the MinIO pools. The secret is expected to have a key named config.env containing all exported environment variables for MinIO+ |
|
Optional Add custom initContainers to StatefulSet |
|
Optional If provided, statefulset will add these volumes. You should set the rules for the corresponding volumes and volume mounts. We will not test this rule, k8s will show the result. |
|
Optional If provided, statefulset will add these volumes. You should set the rules for the corresponding volumes and volume mounts. We will not test this rule, k8s will show the result. |
TenantUsage are metrics regarding the usage and capacity of the tenant
Field | Description |
---|---|
|
Capacity the usage capacity of this tenant in bytes. |
|
Capacity the raw capacity of this tenant in bytes. |
|
Usage is how much data is managed by MinIO in bytes. |
|
Usage is the raw usage on disks in bytes. |
|
Tiers includes the usage of individual tiers in the tenant |
TierUsage represents the usage from a tier setup by the tenant
Field | Description |
---|---|
|
Name of the tier |
|
type of the tier |
|
TotalSize usage of the tier |