Install MinIO on Amazon EKS in 15 Minutes or Less

Amazon Elastic Kubernetes Service (EKS) is a managed service that allows you to run Kubernetes on AWS without having to install and manage Kubernetes itself. MinIO, available in the AWS Marketplace, natively integrates with the Amazon EKS service to provide you with a straightforward, simplified and automated way to deploy and operate your own multi-tenant object storage as a service in 15 minutes or less.

MinIO was designed and built as a multi-tenant and multi-user object storage system that scales seamlessly from TBs to EBs and beyond. The tenants are fully isolated from each other in their own namespace. By following the Kubernetes plugin and operator paradigm, MinIO fits seamlessly into existing DevOps practices and toolchains.

Organizations typically run MinIO across multiple clouds - public, private, on-premise, collocated, edge - whatever it is MinIO runs there, allowing you to achieve consistency despite underlying variations in hardware and software. Developers know their code will run – while everyone claims S3 API compatibility, MinIO is the most widely tested and implemented S3 API compatible object storage on the planet. Sophisticated Multi-Site Active-Active Replication synchronizes data between multiple MinIO deployments for high-availability and geographic load-balancing.

MinIO was built from the ground up to integrate into existing platforms and DevOps toolchains. A rich set of integrations – ranging from external identity providers to key management systems to monitoring tools and more – streamlines deployment and ongoing operation. MinIO is also deeply integrated into the AWS ecosystem to leverage EKS and AWS management, security and reporting features. For example, you can track MinIO metrics and issue alerts using AWS Managed Prometheus, or load balance incoming requests with AWS Elastic Load Balancing.

One integration worthy of note is the ability to tier across AWS storage classes such as EBS, S3, S3 IA, and S3 Glacier. This provides enterprises with mechanisms to manage both the cost and performance of their storage infrastructure. MinIO automatically transitions aged objects from the hot EBS tier to cost-efficient warm and cold AWS S3 storage tiers. MinIO maintains a single object storage namespace as it, for example, relies on Data Lifecycle Management policy to treat EBS and the primary tier, S3 IA as the secondary tier and S3 Glacier as the tertiary/archival tier.

We built MinIO to be containerized and Kubernetes-native, and this means that you can run it on EKS without having to operate cloud-scale infrastructure. Read on to learn how to deploy a complete AWS S3 replacement in 15 minutes or less.

The following steps will guide you through setting up a dedicated EKS Cluster for MinIO. Please note that if you have an existing EKS cluster and would like to manage MinIO via Node Groups, then follow these instructions instead. The expected time to complete the deployment is less than fifteen minutes.

Pre-requisites

⚠️ You must create a subscription in the AWS Marketplace for MinIO or the automation from these instructions won't work due to a missing entitlement.

Additionally, please install:

• awscli
• kubectl
• eksctl

MinIO does not require the use of root privileges for deployment or operation.

0. Before you start

You will need three basic configuration parameters for your cluster:

Account Number can be obtained from the AWS Console or by running the following command:

export AWS_ACCOUNT_NUMBER=`aws sts get-caller-identity --query "Account" --output text`
echo $AWS_ACCOUNT_NUMBER

You will need to know in which region you are going to deploy, for example us-west-2.

You will also need to declare a Cluster Name, for example minio-cluster.

1. Set Up Cluster

1.1.1 New Cluster

Replace the <CLUSTER_NAME> as needed in the following command, then execute it:

eksctl create cluster \
--name <CLUSTER_NAME> \
--version 1.21 \
--node-type=c6i.24xlarge \
--nodes-min=4 \
--nodes=4 \
--nodes-max=4 --zones=us-west-2a,us-west-2b,us-west-2c

1.1.2 Existing Cluster

You can use any existing cluster as long as you install the AWS EBS CSI Driver.

1.2 Install the AWS EBS CSI Driver

The AWS EBS CSI Driver is needed to use the gp3 and sc1 types of storage inside EKS.

2. Set Up Required Roles, Policies and Connectors

All configurations below are scoped to the specific cluster called Cluster Name on region on the given account number, so it is critical that you update those values for your environment.

2.1 Create IAM Policy

Replace the <CLUSTER_NAME> and <AWS_ACCOUNT_NUMBER> in the iam-policy.json file:

aws iam create-policy \
--policy-name minio-eks-<CLUSTER_NAME> \
--policy-document file://iam-policy.json

2.2 Create an OIDC Provider

eksctl utils associate-iam-oidc-provider --region=us-west-2 --cluster=<CLUSTER_NAME> --approve

2.3 Create Trust, Role and Service Account

eksctl create iamserviceaccount \
   --name minio-operator \
   --namespace minio-operator \
   --cluster <CLUSTER_NAME> \
   --attach-policy-arn arn:aws:iam::<AWS_ACCOUNT_NUMBER>:policy/minio-eks-<CLUSTER_NAME> \
   --approve \
   --override-existing-serviceaccounts

Install the Service Account for the AWS EBS CSI Driver

eksctl create iamserviceaccount 
   --name ebs-csi-controller-sa 
   --namespace kube-system 
   --cluster <CLUSTER_NAME> 
   --attach-policy-arn arn:aws:iam::<AWS_ACCOUNT_NUMBER>:policy/minio-eks-<CLUSTER_NAME> 
   --approve 
   --override-existing-serviceaccounts

2.4 Install the AWS EBS CSI Driver

kubectl apply -k "github.com/kubernetes-sigs/aws-ebs-csi-driver/deploy/kubernetes/overlays/stable/?ref=release-1.5"

3. Install the MinIO Operator

kubectl apply -k github.com/miniohq/marketplace/eks/resources

3.1 Get the JWT to Log In to the Operator Console

kubectl -n minio-operator  get secret $(kubectl -n minio-operator get serviceaccount console-sa -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode

4. Port Forward to the Operator Console

kubectl -n minio-operator port-forward svc/console 9090

4.1  Open the Operator Console and Create a Tenant

Open a browser and go to http://localhost:9090. Enter the JWT from the previous step to login and then create your first tenant.

Now click on Create a Tenant

Fill in the desired size of the MinIO Tenant and the storage type

5. Sign Up for the MinIO Subscription Network

To receive support send us an email to subnet@min.io that includes your AWS Account Number to get started and receive 24/7 support.

Running MinIO on AWS EKS

This tutorial showed you how to install MinIO on Amazon EKS and create your first tenant in 15 minutes or less. From here, you can use Operator Console, mc, or the MinIO API to create buckets and further configure your deployment.

Amazon EKS gives you the opportunity to run MinIO, the world’s fastest object storage, in a managed Kubernetes cluster. You also gain access to the AWS ecosystem of infrastructure, management and security tools. It’s like getting all the benefits of Kubernetes, the cloud and software-defined object storage, but without the hassle.

In case you want to expose MinIO services outside of your EKS cluster, please see our related and detailed tutorial, Exposing MinIO Services in AWS EKS Using Elastic Load Balancers: Overview.

If you have any questions or comments, email us at hello@min.io or join our Slack community.