Launching the Platform/Self-hosted: On-prem/Prerequisites
Storage
Setup and configure S3-compatible storage for your self-hosted platform
Overview
Purpose
- Platform assets storage
- Blockchain data persistence
- File management
- State storage
Key Features
- Built-in redundancy
- Automatic scaling
- Global availability
- Integrated monitoring
Deployment options
AWS S3 (Native)
Create S3 bucket
- Choose region
- Enable versioning
- Configure default encryption
Create IAM user
- Generate access key and secret
- Attach minimal required permissions
Digital Ocean Spaces
Setup Spaces
- Access Digital Ocean Console
- Create new Spaces bucket:
- Choose datacenter region
- Configure CDN (optional)
- Create Spaces access key
Azure Blob Storage
Create Storage Account
- Go to Azure Portal
- Create new Storage Account
- Select performance tier and redundancy
- Enable hierarchical namespace (recommended)
Create Container
- Navigate to Storage Account
- Create new container
- Set access level (private recommended)
Get Access Credentials
- Generate Shared Access Signature (SAS)
- Or use Storage Account access keys
- Note the connection string
Azure Blob Storage offers:
- Geo-redundant storage options
- Integration with Azure AD
- Built-in disaster recovery
- Pay-as-you-go pricing
Google Cloud Storage
Create Storage Bucket
- Go to Google Cloud Console
- Create new bucket
- Choose location type
- Set storage class
- Configure access control
Set up Service Account
- Create new service account
- Generate JSON key file
- Assign Storage Object Admin role
- Download credentials
GCP Storage benefits:
- Multi-regional deployment
- Object lifecycle management
- Strong consistency
- Integrated security controls
MinIO Installation
Install MinIO
helm upgrade --install minio oci://registry-1.docker.io/bitnamicharts/minio \
--namespace minio \
--version 13.8.4 \
--create-namespace \
--set defaultBuckets=platform-bucket \
--set auth.rootUser=admin \
--set auth.rootPassword=your-secure-password \
--set provisioning.enabled=true \
--set "provisioning.config[0].name=region" \
--set "provisioning.config[0].options.name=us-east-1"
Create Service Account
mc admin user svcacct add minio platform-user
For Production Use:
- Configure proper storage class
- Set up backup procedures
- Enable encryption
- Configure monitoring
State encryption
### Generate encryption key
bash openssl rand -base64 32
Store this encryption key securely - it's used to protect platform state data.
Information collection
Required values for platform installation
- S3 endpoint URL (e.g., s3.amazonaws.com)
- Bucket name
- Access key ID
- Secret access key
- Region (e.g., us-east-1)
- State encryption key
- Storage account name - [ ] Container name - [ ] Storage account key - [ ] State encryption key
- Project ID - [ ] Bucket name - [ ] Service account credentials (JSON) - [ ] State encryption key
- MinIO endpoint URL
- Bucket name
- Access key
- Secret key
- Region
- State encryption key
deploymentEngine:
state:
# AWS S3
connectionUrl: 's3://bucket-name?region=us-east-1&endpoint=s3.amazonaws.com'
# Azure Blob Storage
connectionUrl: 'azblob://<container-path>'
# Google Cloud Storage
connectionUrl: 'gs://bucket-name'
credentials:
encryptionKey: 'your-generated-key' # From openssl command
# AWS Credentials
aws:
accessKeyId: 'your-access-key'
secretAccessKey: 'your-secret-key'
region: 'us-east-1'
# Azure Credentials
azure:
storageAccount: 'storage-account-name'
storageKey: 'storage-account-key'
# GCP Credentials
google:
project: 'project-id'
credentials: |
{
"type": "service_account",
"project_id": "your-project",
"private_key_id": "key-id",
"private_key": "-----BEGIN PRIVATE KEY-----\n...\n-----END PRIVATE KEY-----\n",
"client_email": "[email protected]",
"client_id": "client-id",
"auth_uri": "https://accounts.google.com/o/oauth2/auth",
"token_uri": "https://oauth2.googleapis.com/token",
"auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
"client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/[email protected]"
}
Validation
Test AWS S3
aws s3 ls s3://your-bucket \
--endpoint-url your-endpoint \
--access-key your-access-key \
--secret-key your-secret-key
Test azure storage
az storage blob list \
--container-name your-container \
--account-name your-storage-account \
--account-key your-storage-key
Test google cloud storage
gsutil ls gs://your-bucket
Make sure you have installed and configured the respective CLI tools: - AWS
CLI: aws configure
- Azure CLI: az login
- Google Cloud CLI: gcloud auth login
Troubleshooting
Access Denied
AWS S3:
- Verify IAM credentials
- Check bucket policies
- Confirm IAM role permissions
- Validate endpoint URL format
Azure Blob Storage:
- Check storage account access keys
- Verify container access level
- Confirm SAS permissions
- Check firewall settings
Google Cloud Storage:
- Verify service account permissions
- Check IAM roles
- Validate JSON credentials
- Confirm project access
Connection Issues
AWS S3:
- Check endpoint accessibility
- Verify region setting
- Confirm VPC endpoints
- Check SSL/TLS requirements
Azure Blob Storage:
- Verify network access rules
- Check private endpoints
- Confirm account status
- Validate VNET settings
Google Cloud Storage:
- Check VPC Service Controls
- Verify network connectivity
- Confirm regional availability
- Check firewall rules
Performance Issues
AWS S3:
- Check transfer acceleration
- Review bucket region
- Monitor request rates
Azure Blob Storage:
- Verify account tier
- Check geo-replication
- Monitor bandwidth metrics
Storage Issues
Google Cloud Storage:
- Review storage class
- Check bucket location
- Monitor throughput metrics
Need help? Contact [email protected] if you encounter any issues.