Skip to content
Zachary Seguin edited this page Dec 4, 2020 · 5 revisions

New MinIO instance

The follow describes the process for adding a new MinIO instance to the DAaaS environment.

  1. Deploy the instance in the minio-operator repo

  2. Setup the Vault MinIO secret engine in the terraform repository

    a. secret_minio_*.tf (defines the secret engine which will allow issuance of MinIO keys)
    b. (grant access to boathouse)
    c. (grant access to the goofys injector)
    e. (grant access to the profile configurator to setup roles)
    f. .github/workflow (add new secrets)

    The variables come from two Kubernetes resources:

    # _ENDPOINT ($HOST without https://)
    kubectl -n $INSTANCE_NAMESPACE get ing
    kubectl -n $INSTANCE_NAMESPACE get secret $INSTANCE-minio -o yaml
    # _ACCESS_KEY = data.accesskey (base64 decode)
    # _SECRET_KEY = data.secretkey (base64 decode)
  3. Update the kubeflow-controller

    This is a configuration-only update. There is a GitHub secret on the repository called MINIO_INSTANCES, which refers to the name of the secret engine in Vault (example: minio_minimal_tenant1).

    This is a comma-separated list: minio_minimal_tenant1,minio_pachyderm_tenant1,minio_premium_tenant1

    Once updated, trigger a re-deployment of the kubeflow-controller by re-running the last action run.

  4. Update MinIO credential injector

    Add additional patches:

  5. Update Goofys Injector

    Add additional patches:

Clone this wiki locally