Configure bucket replication with Web UI#

Create TLS certificates that will be used by both MinIO deployments for replication:
```
openssl req -new -x509 -days 365 -nodes \
  -out fullchain.pem \
  -keyout privkey.pem \
  -subj "/CN=*<domain>" \
  -addext "subjectAltName=DNS:<FQDN MinIO source instance>,DNS:<FQDN MinIO destination instance>"
```
Note

Include all DNS names used to access MinIO in the certificate Subject Alternative Names (SAN). This can include Ingress hostnames, LoadBalancer addresses, or host FQDNs.

For more information about all the available configurations for exposing a MinIO instance, refer to the official MinIO documentation:
- Configure Load Balancing
- Enable Network Encryption
Create a secret on both clusters using the generated .pem files. Use the same secret name on both clusters.
```
kubectl create secret generic <secret name> --from-file=public.crt=fullchain.pem --from-file=private.key=privkey.pem -n minio-tenant
```
Note

The MinIO Operator expects the secret keys to be named public.crt and private.key keys, not the tls.crt and tls.key standards.
Deploy the MinIO Operator and MinIO Tenant on both clusters by following the Install MinIO and Velero guide.

Modify the MinIO Tenant values.yml file to include the TLS secret created earlier:

externalCertSecret:
  - name: myminio-external-tls
requestAutoCert: false

On both clusters, create a bucket in the MinIO Console and enable versioning.
In the source cluster MinIO Console, navigate to: Buckets → Select Bucket → Replication → Add Replication Rule.
Configure the replication rule with the following settings:
- Replication Mode: Asynchronous
- Bandwidth: 100
- Health Check Duration: 60
- Storage Class: STANDARD_IA,REDUCED_REDUNDANCY etc
To restore data back to the original cluster, create a replication rule from the destination bucket to the source bucket following the same steps described above.

Refer to the official MinIO documentation for more details on Bucket Replication.