Using MinIO as a Backup Target for Rancher Longhorn
Longhorn, an open-source container-native storage system developed by Rancher, simplifies persistent volume backups by supporting S3 and NFS storage systems as backup targets. In this guide, we’ll walk through how to configure MinIO as an S3-compatible backup target for Longhorn, enabling reliable volume backups.
This post assumes that Longhorn and MinIO are already installed—for installation guides, refer to the official Longhorn documentation and MinIO Quickstart Guide.
Environment Overview
- MinIO version: RELEASE.2021-08-17T20-53-08Z (deployed with Podman on SUSE SLES 15 SP2)
- Longhorn version: 1.1.1 (installed via Rancher’s Application Catalog on an RKE cluster running Kubernetes 1.20.9-rancher1-1)
Step 1: Configure MinIO for Longhorn Backups
First, we’ll set up MinIO storage by creating a dedicated bucket, folder, user, and policy for Longhorn backups. Use MinIO’s command-line tool, mc
, to manage these objects.
Set up the mc
Alias
mc alias set myminio https://miniolab.rancher.one miniorootuser miniorootuserpassword
Create a Bucket and Folder
mc mb myminio/rancherbackups
mc mb myminio/rancherbackups/longhorn
Add a User and Policy
Create a new user and define a backup-specific policy to grant access to the bucket.
mc admin user add myminio rancherbackupsuser mypassword
cat > /tmp/rancher-backups-policy.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:PutBucketPolicy",
"s3:GetBucketPolicy",
"s3:DeleteBucketPolicy",
"s3:ListAllMyBuckets",
"s3:ListBucket"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::rancherbackups"
]
},
{
"Action": [
"s3:AbortMultipartUpload",
"s3:DeleteObject",
"s3:GetObject",
"s3:ListMultipartUploadParts",
"s3:PutObject"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::rancherbackups/*"
]
}
]
}
EOF
mc admin policy add myminio rancher-backups-policy /tmp/rancher-backups-policy.json
mc admin policy set myminio rancher-backups-policy user=rancherbackupsuser
Step 2: Create a Secret for MinIO Credentials
Now, create a Kubernetes secret in the longhorn-system
namespace to store your MinIO credentials. We’ll use base64 encoding for the values.
echo -n https://miniolab.rancher.one:443 | base64 # aHR0cHM6Ly9taW5pb2xhYi5yYW5jaGVyLm9uZTo0NDM=
echo -n rancherbackupsuser | base64 # cmFuY2hlcmJhY2t1cHN1c2Vy
echo -n mypassword | base64 # bXlwYXNzd29yZA==
If your MinIO environment uses a custom CA certificate, encode the CA as well and include it in the secret.
apiVersion: v1
kind: Secret
metadata:
name: minio-secret
namespace: longhorn-system
type: Opaque
data:
AWS_ACCESS_KEY_ID: cmFuY2hlcmJhY2t1cHN1c2Vy
AWS_SECRET_ACCESS_KEY: bXlwYXNzd29yZA==
AWS_ENDPOINTS: aHR0cHM6Ly9taW5pb2xhYi5yYW5jaGVyLm9uZTo0NDM=
#AWS_CERT: <your base64 encoded custom CA certificate>
Step 3: Configure the Backup Target in Longhorn
The backup target URL follows the format:s3://<bucket_name>@<region>/<folder>
.
In our example, the backup target URL is:s3://rancherbackups@dummyregion/longhorn
.
Open the Longhorn UI and navigate to Settings → Backup Target. Enter the URL and secret name to configure the backup target.
Step 4: Enable Backups in Longhorn
Once the backup target is configured, backups will be available for Longhorn volumes. You can manage these backups directly from the Longhorn UI.
- Create Backup Schedules: Use the Volume menu to define backup schedules.
- Monitor Backup Status: View backup logs and status in the UI.
Troubleshooting Common Issues
If you encounter errors during setup, check the following:
- Base64 Encoding Issues: Ensure values are correctly encoded with
echo -n
to avoid trailing newlines. - Target URL Errors: Verify the backup target URL is formatted correctly.
- MinIO Configuration Issues: Use the MinIO web console or
mc
to troubleshoot access permissions. - SSL Issues: If using a reverse proxy (e.g., Nginx) for MinIO, ensure that
client_max_body_size
is configured to handle large file uploads.
Conclusion
Using MinIO as a backup target for Longhorn provides a reliable, scalable solution for managing volume snapshots and backups. With the steps outlined in this post, you can configure S3-compatible storage for seamless backups, monitor backup health, and troubleshoot common issues.
By following these practices, you’ll have confidence that your persistent volumes are backed up and recoverable in case of any failure.