oc-deploy/ansible/Minio/README.md

# MinIO

## Deploy Minio 

This playbook installs MinIO on a Kubernetes cluster using Helm and retrieves necessary credentials and access information.

### Variables
| Variable | Description |
|----------|-------------|
| `user_prompt` | SSH user to execute commands |
| `host_name_prompt` | Hostname of the target machine |
| `memory_req` | Memory allocation for MinIO (`2Gi` by default) |
| `storage_req` | Storage allocation for MinIO (`20Gi` by default) |

### Steps Executed
1. Install necessary Python libraries.
2. Check if Helm is installed and install it if not present.
3. Add and update the MinIO Helm repository.
4. Deploy MinIO using Helm if it is not already running.
5. Retrieve the MinIO credentials (root user and password).
6. Retrieve the MinIO UI console external IP and API internal IP.
7. Display login credentials and connection details.

### Running the Playbook
```sh
ansible-playbook -i inventory deploy_minio.yml --extra-vars "user_prompt=your-user host_name_prompt=your-host"
```

## Setting up MinIO access

/!\ This part can be automated with this **[ansible playbook](https://github.com/pi-B/ansible-oc/blob/main/setup_minio_admiralty.yml)** which is designed to create ressources in a Argo-Workflows/Admiralty combo.

/!\ If you still want to setup the host manually **and** aim to use admiralty, give the ressources an **unique name** and be sure to make this uniqueness accessible (in an environment variable, in a conf file...)

- With the output of the last tasks, create a secret in argo namespace to give access to the minio API. We need to use the `create` verb because apply creates a non-functionning secret 

```bash
kubectl create secret -n <name of your argo namespace> generic argo-artifact-secret \
    --from-literal=access-key=<your access key> \
    --from-literal=secret-key=<your secret key>
```

- Create a ConfigMap, which will be used by argo to create the S3 artifact, the content must match the one from the previously created secret

```yaml
apiVersion: v1
kind: ConfigMap
metadata:
  # If you want to use this config map by default, name it "artifact-repositories".
  name: artifact-repositories
  # annotations:
  #   # v3.0 and after - if you want to use a specific key, put that key into this annotation.
  #   workflows.argoproj.io/default-artifact-repository: oc-s3-artifact-repository
data:
  oc-s3-artifact-repository: |
    s3:
      bucket: oc-bucket
      endpoint: [ retrieve cluster with kubectl get service argo-artifacts -o jsonpath="{.spec.clusterIP}" ]:9000
      insecure: true
      accessKeySecret: 
        name: argo-artifact-secret
        key: access-key
      secretKeySecret:
        name: argo-artifact-secret
        key: secret-key

```

## Ansible Playbook setup MinIO

### Purpose
This playbook sets up MinIO to work with Argo Workflows, including creating the required buckets and secrets.

### Variables
| Variable | Description |
|----------|-------------|
| `user_prompt` | SSH user to execute commands |
| `uuid_prompt` | Unique identifier for the Argo secret |
| `argo_namespace` | Kubernetes namespace for Argo (`argo` by default) |

### Steps Executed
1. Install necessary dependencies.
2. Download and configure MinIO Client (`mc`).
3. Retrieve MinIO credentials (root user and password).
4. Configure `mc` to connect to MinIO.
5. Create a new S3 bucket (`oc-bucket`).
6. Generate a new access key and secret key for MinIO.
7. Retrieve the MinIO API cluster IP.
8. Create a Kubernetes Secret to store MinIO credentials.
9. Create a Kubernetes ConfigMap for MinIO artifact repository configuration.

### Running the Playbook
```sh
ansible-playbook -i inventory setup_minio_resources.yml --extra-vars "user_prompt=your-user uuid_prompt=unique-id"
```

---

## Expected Output
Upon successful execution, you should see:
- MinIO deployed and accessible.
- MinIO UI console credentials displayed.
- MinIO bucket (`oc-bucket`) created.
- Secrets and ConfigMaps properly configured in Kubernetes.

For any issues, check Ansible logs and validate configurations manually using:
```sh
kubectl get pods -n default
kubectl get secrets -n argo
kubectl get configmaps -n argo
```
All the Ansible playbooks used to deploy k3s, argo server, admiralty and minio 2025-09-26 14:12:01 +02:00			`# MinIO`

			`## Deploy Minio`

			`This playbook installs MinIO on a Kubernetes cluster using Helm and retrieves necessary credentials and access information.`

			`### Variables`
			`\| Variable \| Description \|`
			`\|----------\|-------------\|`
			\| `user_prompt` \| SSH user to execute commands \|
			\| `host_name_prompt` \| Hostname of the target machine \|
			\| `memory_req` \| Memory allocation for MinIO (`2Gi` by default) \|
			\| `storage_req` \| Storage allocation for MinIO (`20Gi` by default) \|

			`### Steps Executed`
			`1. Install necessary Python libraries.`
			`2. Check if Helm is installed and install it if not present.`
			`3. Add and update the MinIO Helm repository.`
			`4. Deploy MinIO using Helm if it is not already running.`
			`5. Retrieve the MinIO credentials (root user and password).`
			`6. Retrieve the MinIO UI console external IP and API internal IP.`
			`7. Display login credentials and connection details.`

			`### Running the Playbook`
			```sh
			`ansible-playbook -i inventory deploy_minio.yml --extra-vars "user_prompt=your-user host_name_prompt=your-host"`
			```

			`## Setting up MinIO access`

			`/!\ This part can be automated with this [ansible playbook](https://github.com/pi-B/ansible-oc/blob/main/setup_minio_admiralty.yml) which is designed to create ressources in a Argo-Workflows/Admiralty combo.`

			`/!\ If you still want to setup the host manually and aim to use admiralty, give the ressources an unique name and be sure to make this uniqueness accessible (in an environment variable, in a conf file...)`

			- With the output of the last tasks, create a secret in argo namespace to give access to the minio API. We need to use the `create` verb because apply creates a non-functionning secret

			```bash
			`kubectl create secret -n <name of your argo namespace> generic argo-artifact-secret \`
			`--from-literal=access-key=<your access key> \`
			`--from-literal=secret-key=<your secret key>`
			```

			`- Create a ConfigMap, which will be used by argo to create the S3 artifact, the content must match the one from the previously created secret`

			```yaml
			`apiVersion: v1`
			`kind: ConfigMap`
			`metadata:`
			`# If you want to use this config map by default, name it "artifact-repositories".`
			`name: artifact-repositories`
			`# annotations:`
			`# # v3.0 and after - if you want to use a specific key, put that key into this annotation.`
			`# workflows.argoproj.io/default-artifact-repository: oc-s3-artifact-repository`
			`data:`
			`oc-s3-artifact-repository: \|`
			`s3:`
			`bucket: oc-bucket`
			`endpoint: [ retrieve cluster with kubectl get service argo-artifacts -o jsonpath="{.spec.clusterIP}" ]:9000`
			`insecure: true`
			`accessKeySecret:`
			`name: argo-artifact-secret`
			`key: access-key`
			`secretKeySecret:`
			`name: argo-artifact-secret`
			`key: secret-key`

			```

			`## Ansible Playbook setup MinIO`

			`### Purpose`
			`This playbook sets up MinIO to work with Argo Workflows, including creating the required buckets and secrets.`

			`### Variables`
			`\| Variable \| Description \|`
			`\|----------\|-------------\|`
			\| `user_prompt` \| SSH user to execute commands \|
			\| `uuid_prompt` \| Unique identifier for the Argo secret \|
			\| `argo_namespace` \| Kubernetes namespace for Argo (`argo` by default) \|

			`### Steps Executed`
			`1. Install necessary dependencies.`
			2. Download and configure MinIO Client (`mc`).
			`3. Retrieve MinIO credentials (root user and password).`
			4. Configure `mc` to connect to MinIO.
			5. Create a new S3 bucket (`oc-bucket`).
			`6. Generate a new access key and secret key for MinIO.`
			`7. Retrieve the MinIO API cluster IP.`
			`8. Create a Kubernetes Secret to store MinIO credentials.`
			`9. Create a Kubernetes ConfigMap for MinIO artifact repository configuration.`

			`### Running the Playbook`
			```sh
			`ansible-playbook -i inventory setup_minio_resources.yml --extra-vars "user_prompt=your-user uuid_prompt=unique-id"`
			```

			`---`

			`## Expected Output`
			`Upon successful execution, you should see:`
			`- MinIO deployed and accessible.`
			`- MinIO UI console credentials displayed.`
			- MinIO bucket (`oc-bucket`) created.
			`- Secrets and ConfigMaps properly configured in Kubernetes.`

			`For any issues, check Ansible logs and validate configurations manually using:`
			```sh
			`kubectl get pods -n default`
			`kubectl get secrets -n argo`
			`kubectl get configmaps -n argo`
			```