MinIO Operator KES Configuration [](https://slack.min.io)
April 17, 2024 ยท View on GitHub
This document explains how to enable KES with MinIO Operator.
Getting Started
Prerequisites
- MinIO Operator up and running as explained in the document here.
- KES requires a KMS backend in configuration. Currently KES supports AWS Secrets Manager and Hashicorp Vault as KMS backend for production.S Set up one of these as the KMS backend before setting up KES.
Create MinIO Tenant
We have an example Tenant with KES encryption available at examples/tenant-kes-encryption.
You can install the example like:
kubectl apply -k github.com/minio/operator/examples/kustomization/tenant-kes-encryption
KES Configuration
KES Configuration is a part of Tenant yaml file. Check the sample file available here. The config offers below options
KES Fields
| Field | Description |
|---|---|
| spec.kes | Defines the KES configuration. Refer this |
| spec.kes.replicas | Number of KES pods to be created. |
| spec.kes.image | Defines the KES image. |
| spec.kes.kesSecret | Secret to specify KES Configuration. This is a mandatory field. |
| spec.kes.metadata | This allows a way to map metadata to the KES pods. Internally metadata is a struct type as explained here. |
A complete list of values is available here in the API reference.