Skip to content

Instantly share code, notes, and snippets.

@kairen

kairen/minio.yaml

Last active November 14, 2025 08:04
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save kairen/9a62af5afe5ecd29bda2024bdd3034d6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save kairen/9a62af5afe5ecd29bda2024bdd3034d6 to your computer and use it in GitHub Desktop.
Download ZIP
Self-own MinIO in OpenShift
Raw
minio.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: minio-manage
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: minio-secrets
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: minio-manage
---
apiVersion: batch/v1
kind: Job
metadata:
name: create-minio-root-user
spec:
backoffLimit: 4
template:
spec:
serviceAccount: minio-manage
serviceAccountName: minio-manage
containers:
- name: create-minio-root-user
image: quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:4a76bdb700b15ef27f4040f6076521e986e8a67c79f3eac1b59e4833cb9d2d93
imagePullPolicy: IfNotPresent
command: ["/bin/bash"]
args:
- -ec
- |-
if [ -n "$(oc get secret minio-root-user -oname 2>/dev/null)" ]; then
echo "Secret already exists. Skipping." >&2
exit 0
fi
genpass() {
< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c"${1:-32}"
}
#id=$(genpass 16)
#secret=$(genpass)
# hard-code id and secret instead
id="minio"
secret="minio123"
cat << EOF | oc apply -f-
apiVersion: v1
kind: Secret
metadata:
name: minio-root-user
type: Opqaue
stringData:
MINIO_ROOT_USER: ${id}
MINIO_ROOT_PASSWORD: ${secret}
EOF
restartPolicy: Never
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio
labels:
app: minio
spec:
storageClassName: gp3-csi
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 200Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
labels:
app: minio
spec:
replicas: 1
selector:
matchLabels:
app: minio
strategy:
type: Recreate
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
args:
- minio server /data --console-address :9090
command:
- /bin/bash
- -c
image: quay.io/minio/minio:latest
envFrom:
- secretRef:
name: minio-root-user
ports:
- containerPort: 9000
protocol: TCP
name: api
- containerPort: 9090
protocol: TCP
name: console
resources:
requests:
cpu: 200m
memory: 1Gi
limits:
cpu: 2
memory: 2Gi
volumeMounts:
- mountPath: /data
name: minio
volumes:
- persistentVolumeClaim:
claimName: minio
name: minio
---
apiVersion: v1
kind: Service
metadata:
name: minio
labels:
app: minio
spec:
ports:
- name: api
port: 9000
targetPort: api
- name: console
port: 9090
targetPort: 9090
selector:
app: minio
sessionAffinity: None
type: ClusterIP
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: console
labels:
app: minio
spec:
port:
targetPort: console
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: minio
weight: 100
wildcardPolicy: None
---
apiVersion: route.openshift.io/v1
kind: Route
metadata:
name: s3
labels:
app: minio
spec:
port:
targetPort: api
tls:
insecureEdgeTerminationPolicy: Redirect
termination: edge
to:
kind: Service
name: minio
weight: 100
wildcardPolicy: None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment