MinIO

This page provides information on MinIO's use and configuration in Cortex Fabric.

How MinIO is Used in Fabric

MinIO offers a drop-in S3 compatible API for object storage across cloud providers. It can be configured in two ways, as a:

• Server mode with local file based storage (i.e. persistent volumes).
• Gateway mode to connect to a cloud provider’s native storage solution (S3, GCS, Azure Blob, etc.).

Additionally, MinIO offers a consistent API for connecting to cloud storage, that is:

• Part of the Cloud Provider's native storage solution
• Hosted in a separate VM.

GCP Installation Best Practices

The Cortex Helm chart (values.yaml) is packaged with a standard configuration for MinIO as a server and is suitable for development purposes.

It is recommended that Minio be installed and managed externally for production purposes.

The following instructions utilize the Bitnami Minio Helm chart (version 10.1.4) to deploy Minio as a Google Cloud Storage Gateway. In addition to the different Helm charts available, Minio also offers other installation options such as an Operator based install and Marketplace offerings from cloud providers

• AWS
• GCP
• Azure)

To configure MinIO as a gateway additional fields must be added via the values.yaml override file.

1. Get the cloud platform’s native storage credentials/service account with correct permissions

• a. Create a service account
• b. Assign storage.admin role to the service account
• c. Create a private key for the service account and copy it in JSON format

2. Put your service account JSON key in keyJSON into a yaml override file for the Minio Helm chart installation

GCP EXAMPLE

gateway:
  type: gcs
  enabled: true
  auth:
    gcs:
      projectID: myProject
      keyJSON: |
      {
       "type": "service_account",
       "project_id": "myProject",
       "private_key_id": "",
       "private_key": "",
       "client_email": "g",
       "client_id": "",
       "auth_uri": "https://accounts.google.com/o/oauth2/auth",
       "token_uri": "https://oauth2.googleapis.com/token",
       "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
       "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/gcs-minio-gateway%40myProject.iam.gserviceaccount.com"
     }

3. Add the Bitnami Helm Repository

helm repo add bitnami https://charts.bitnami.com/bitnami

4. Create a namespace to install Minio in

kubectl create namespace minio

5. Install the Minio Helm chart

helm upgrade --install minio bitnami/minio -f value.yaml -n minio --version 10.1.4

6. Copy the access and secret key credentials generated by the Minio installation and include them in the values override used for the Fabric Helm chart installation

cortex:
  managedContent:
    S3_ENDPOINT: http://minio.minio.svc.cluster.local:9000
    accesskey: ""
    secretkey: ""

MinIO in GCS

Cortex Fabric uses a technology called DeltaLake for its Profile of One storage. DeltaLake typically sits on a cloud storage technology like S3 or BlobStore, however currently GCS support is experimental and not supported. Minio provides a supported abstraction layer that allows DeltaLake to access Kubernetes mounted storage as an interim solution until GCS is fully supported by DeltaLake.

That being said a licensed version of MinIO is not required. However, if you chose to use MinIO for storage you must download the MinIO chart and install MinIO separately from the general Fabric Installation.

MinIO and HA

To configure MinIO for HA, simply set the replica count to 3 to ensure high availability (single instance is allocated for each Kubernetes node).