Deploy MinIO

MinIO as a Microservice on Kubernetes

Overview

Steps

1

Enable the MinIO release

File: ./backbone-services/backboneservices-helmfile.yaml

Add/ensure the MinIO release entry is installed:

releases:
  - name: minio
    installed: true

If your Helmfile already contains a minio release block, just set installed: true.

2

Configure persistence values

File: ./environments/pgr-sdc-prd.yaml

Update the MinIO persistence settings (adjust size and storageClass as needed):

minio:
  persistence:
    storageClass: <storage_class>     # provide a valid StorageClass name
    accessMode: ReadWriteOnce
    size: 20Gi                        # update as per need
  environment:
    MINIO_BROWSER_REDIRECT_URL: ""    # leave empty if domain/ingress not ready; otherwise remove environment key entirely

Note: Ensure the chosen storageClass supports ReadWriteOnce (RWO) for StatefulSet volumes on the selected node pool.

3

Set console credentials (secrets)

File: ./environments/pgr-sdc-prd-secrets.yaml

Provide the admin console credentials for MinIO:

secrets:
  minio:
    username: root          # admin username
    password: minio@123     # admin password

Security: Use strong credentials and manage this file securely (e.g., SOPS + Git‑crypt). Do not commit raw secrets to public VCS.

4

Deploy with Helmfile

cd devops/deploy-as-code

Ensure your KUBECONFIG points to the Kubernetes cluster:
export KUBECONFIG=~/kubeconfigs/pgr-sdc.yaml

# (Optional) preview the manifests/plan if supported
helmfile -f digit-helmfile.yaml -e pgr-sdc-prd plan

# Apply
helmfile -f digit-helmfile.yaml -e pgr-sdc-prd apply

If your repo organises Helmfiles differently, adjust the -f path accordingly.

kubectl get svc -n backbone | grep minio
5

Access the MinIO Console

Once the release is healthy and your Ingress/DNS is configured, open:

https://<domain>/minio/login

Log in using the credentials set in your pgr-sdc-prd-secrets.yaml:

  • Username: root

  • Password: minio@123

Note:- If you don’t yet have Ingress/DNS configured, you can temporarily port‑forward:

kubectl -n backbone port-forward svc/minio-console 9001:9001

Then visit http://localhost:9001 to access the MinIO console

6

First‑use: Create a Bucket & Access Keys

A) Create a bucket

  1. In the MinIO Console, go to Buckets.

  2. Click Create Bucket.

  3. Enter a bucket name (e.g., digit-dev-bucket) and keep the default settings unless you have specific requirements.

B) Create Access Keys (Programmatic Access)

  1. In the Console, go to Access Keys.

  2. Click Create Access Key.

  3. Keep default settings (auto‑generated Access Key and Secret Key) or set a description/policy if desired.

  4. Copy/securely store the generated Access Key and Secret Key, as this is shown only once.

7

Integrate egov-filestore with MinIO

Update your environment files so egov-filestore talks to the MinIO S3 endpoint and bucket you created.

File: ./environments/pgr-sdc-prd.yaml

egov-filestore:
  minio-enabled: true    # enable connecting to MinIO service
  fixed-bucketname: <filestore_s3_bucket> # set to your provisioned bucket name
  # other configurations remain the same

File: ./environments/pgr-sdc-prd-secrets.yaml

secrets:
  egov-filestore:
    aws-key: AKIAVCXXXXXXXXXXXXXX          # Access Key generated in MinIO Console
    aws-secret-key: JLc9M5bYiK/QghQ4Lvns... # Secret Key generated in MinIO Console
8

Load static assets with MinIO

A) Create a bucket & upload assets

  1. In the MinIO Console, go to Buckets.

  2. Click Create Bucket.

  3. Enter bucket name static-assets and keep the default settings.

  4. Allow anonymous read access to the bucket.

  5. Buckets → static-assets → Anonymous

  6. Click Add Access Rule, with prefix “*” & access as readonly.

  7. Update configurations such as stateTenantId, localeRegion, localeDefault as needed in globalConfigsPGR.js and upload it into the static-assets bucket.

B) Update the digit-ui configuration

Update your environment files so that digit-ui can load globalConfig script.

File: ./environments/pgr-sdc-prd.yaml

digit-ui:
  custom-js-injection: |
    sub_filter.conf: "
      sub_filter  '<head>' '<head>
      <script src=https://<domain>/static-assets/globalConfigsPGR.js type=text/javascript></script>
      ';"

Deploy the changes using Helmfile:

helmfile -f digit-helmfile.yaml -e pgr-sdc-prd apply

Troubleshooting Tips

  • PVC Pending: Check storageClass name and cluster storage provider; verify worker nodes have capacity.

  • Ingress/404: Ensure the MinIO console path (/minio/) and service/port mapping are correct in ingress rules.

  • 401/Forbidden: Re‑check admin credentials in pgr-sdc-prd-secrets.yaml and ensure that the secrets were rendered/applied to the release.

  • Bucket/Key creation UI differs: MinIO Console UI can vary by version. Look under Buckets, Access Keys, or Identity sections accordingly.

PreviousDeploy NFS ServerNextDeploy CRS

Last updated

Was this helpful?