Helm/MinIO: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
(11 intermediate revisions by the same user not shown)
Line 1: Line 1:
  helm repo add bitnami https://charts.bitnami.com/bitnami
  helm repo add bitnami https://charts.bitnami.com/bitnami
  helm repo update && helm repo list
  helm repo update && helm repo list
kubectl config get-contexts


==Config==
==Config==
Line 37: Line 38:
   rootUser: admin
   rootUser: admin
   rootPassword: sadaqah!
   rootPassword: sadaqah!
defaultBuckets: "git-lfs, gitlab-artifacts, gitlab-backups, gitlab-packages, gitlab-uploads, gitlab-terraform-state, gitlab-tmp"
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
ingress:
   enabled: true
   enabled: true
Line 58: Line 59:
   rootUser: admin
   rootUser: admin
   rootPassword: sadaqah!
   rootPassword: sadaqah!
defaultBuckets: "git-lfs, gitlab-artifacts, gitlab-backups, gitlab-packages, gitlab-uploads, gitlab-terraform-state, gitlab-tmp"
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
ingress:
   enabled: true
   enabled: true
Line 98: Line 99:
apk --update add minio-client inetutils-telnet
apk --update add minio-client inetutils-telnet


echo -n password: ;\
mcli alias set  k8s_gitlab_aa http://minio.minio:9000 Tnen3kCv71osfJKkhcIP rxMU6fWayQD6no1p1LO7orBmxNMtbKuyHITpflBJ
read -s MINIO_SERVER_ROOT_PASSWORD;\
mcli admin info k8s_gitlab_aa
export  MINIO_SERVER_ROOT_PASSWORD;\
export  MINIO_SERVER_ROOT_USER=admin;\
export  MINIO_SERVER_HOST=minio.k8s.local;echo


telnet minio 9000
mcli alias set  k8s_gitlab_ab http://minio.minio:9000 FfG564tLdSlgaM2t0ig0 FEbThROKMZ06Feddr1SUMk85g4wRM5NZnVVrS24V
telnet minio 9001
mcli admin info k8s_gitlab_ab


ping minio.k8s.local
mcli alias set  s3_host_ab http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle
ping host.minikube.internal
mcli admin info s3_host_ab


mcli ping --count 5 minio
mcli alias set  s3_host_aa http://s3.host.k8s.local 6zXMWye9rOjKgpka pHKjpqiXK4RLpvdyX7qYuwbIk5KAkKa6
mcli ping --error-count 5 minio
mcli admin info s3_host_aa


telnet host.minikube.internal 9800
mcli alias set  k8s_admin http://minio.minio:9000 admin sadaqah!
telnet host.minikube.internal 9801
mcli admin info k8s_admin
</syntaxhighlight>
 
==EKS » EBS » PVC==
<syntaxhighlight lang="yaml">
cat << YML | kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-pv
spec:
  accessModes:
  - ReadWriteOnce
  awsElasticBlockStore:
    fsType: ext4
    volumeID: aws://ap-southeast-1/vol-0bbbd80804f1ae62a
  capacity:
    storage: 10Gi
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "gp2"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/name: minio
  name: minio-pvc
  namespace: minio
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: "gp2"
  volumeName: minio-pv
YML
</syntaxhighlight>
 
==EKS » EBS » Patch==
{|
|colspan="2"|
<syntaxhighlight lang="yaml">
kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'
</syntaxhighlight>
 
|-
|colspan="2"|
----
|-
|valign="top"|
<syntaxhighlight lang="yaml">
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
  template:
    spec:
      nodeSelector:
        topology.kubernetes.io/zone: minikube
YML
</syntaxhighlight>


telnet minio.minio.svc.cluster.local 9000
|valign="top"|
telnet minio.minio.svc.cluster.local 9001
<syntaxhighlight lang="yaml">
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
  template:
    spec:
      nodeSelector:
        topology.kubernetes.io/zone: ap-southeast-1a
YML
</syntaxhighlight>
 
|-
|colspan="2"|
----
|-
|colspan="2"|
<syntaxhighlight lang="yaml">
kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'
kubectl -n minio delete pods --all
</syntaxhighlight>
 
|}
 
==EKS » Ingress » TLS==
<syntaxhighlight lang="yaml">
cat << YML | kubectl apply -n minio -f -
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: minio-domain
  namespace: minio
spec:
  dnsNames:
  - "minio.finology.group"
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-http01
  secretName: minio-secret-tls
YML
</syntaxhighlight>
 
==EKS » Ingress » Patch==
<syntaxhighlight lang="yaml">
cat <<YML | kubectl -n minio patch ing/minio --patch-file=/dev/stdin
---
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
    nginx.ingress.kubernetes.io/proxy-buffers-size: 256k
    nginx.ingress.kubernetes.io/proxy-ssl-server-name: 'on'
    nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on'
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - minio.finology.group
      secretName: minio-secret-tls
YML
</syntaxhighlight>
</syntaxhighlight>


Line 195: Line 316:
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]]
* [[Helm/Cert Manager|Helm » Cert Manager]]
* [[Helm/Cert Manager|Helm » Cert Manager]]
* [[Helm/GitLab|Helm » GitLab]]
* [https://artifacthub.io/packages/helm/bitnami/minio Helm » MinIO]
* [https://artifacthub.io/packages/helm/bitnami/minio Helm » MinIO]
* [[Helm]]
* [[Helm]]
Line 207: Line 329:
|-
|-
| valign="top" |
| valign="top" |
* [https://medium.com/picus-security-engineering/on-premises-s3-bucket-object-storage-with-minio-server-gateway-4c44fc321b1c MinIO » On-premises AWS S3 Object Storage]
* [https://min.io/docs/minio/kubernetes/upstream/administration/object-management/transition-objects-to-s3.html MinIO » Transition Objects to AWS S3]
* [https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html MinIO » Helm Charts » Operator]
* [https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html MinIO » Helm Charts » Operator]
* [https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html MinIO » Configure NGINX Proxy]
* [https://github.com/bitnami/charts/tree/main/bitnami/minio/ MinIO » Bitnami » Helm Charts]
* [https://github.com/bitnami/charts/tree/main/bitnami/minio/ MinIO » Bitnami » Helm Charts]
* [https://bitnami.com/stack/minio/helm MinIO » Bitnami » Package]
* [https://bitnami.com/stack/minio/helm MinIO » Bitnami » Package]
Line 238: Line 363:
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]]
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]]
* [[K8s/Ingress|K8s » Ingress]]
* [[K8s/Ingress|K8s » Ingress]]
* [[K8s/Service|K8s » Service]]
* [[CIDR]]
* [[CIDR]]
* [[UFW]]
* [[UFW]]

Revision as of 20:16, 18 November 2024

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update && helm repo list
kubectl config get-contexts

Config

export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"

Install

kubectl get ns|grep minio
kubectl delete ns   minio
kubectl get ns|grep minio
kubectl create ns   minio

cat <<YML | helm -n minio install    minio bitnami/minio --version=14.7.1 -f -
---
global:
  defaultStorageClass: standard
mode: standalone
auth:
  rootUser: admin
  rootPassword: sadaqah!
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
  enabled: true
  hostname: minio.k8s.local
statefulset:
  drivesPerNode: 1
  replicaCount: 1
  zones: 1
YML
cat <<YML | helm -n minio install    minio bitnami/minio --version=14.7.1 -f -
---
global:
  defaultStorageClass: standard
mode: distributed
auth:
  rootUser: admin
  rootPassword: sadaqah!
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
  enabled: true
  hostname: minio.k8s.local
statefulset:
  drivesPerNode: 4
  replicaCount: 1
  zones: 1
YML

xdg-open http://minio.k8s.local &>/dev/null &
gnome-open http://minio.k8s.local &>/dev/null &
x-www-browser http://minio.k8s.local &>/dev/null &
sensible-browser http://minio.k8s.local &>/dev/null &

Uninstall

helm uninstall -n minio  minio
kubectl delete namespace minio

Swiss Knife

kubectl -n minio run -i --tty --rm minio-cli --image=alpine --restart=Never -- sh
apk --update add minio-client inetutils-telnet

mcli alias set  k8s_gitlab_aa http://minio.minio:9000 Tnen3kCv71osfJKkhcIP rxMU6fWayQD6no1p1LO7orBmxNMtbKuyHITpflBJ
mcli admin info k8s_gitlab_aa

mcli alias set  k8s_gitlab_ab http://minio.minio:9000 FfG564tLdSlgaM2t0ig0 FEbThROKMZ06Feddr1SUMk85g4wRM5NZnVVrS24V
mcli admin info k8s_gitlab_ab

mcli alias set  s3_host_ab http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle
mcli admin info s3_host_ab

mcli alias set  s3_host_aa http://s3.host.k8s.local 6zXMWye9rOjKgpka pHKjpqiXK4RLpvdyX7qYuwbIk5KAkKa6
mcli admin info s3_host_aa

mcli alias set  k8s_admin http://minio.minio:9000 admin sadaqah!
mcli admin info k8s_admin

EKS » EBS » PVC

cat << YML | kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-pv
spec:
  accessModes:
  - ReadWriteOnce
  awsElasticBlockStore:
    fsType: ext4
    volumeID: aws://ap-southeast-1/vol-0bbbd80804f1ae62a
  capacity:
    storage: 10Gi
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "gp2"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/name: minio
  name: minio-pvc
  namespace: minio
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: "gp2"
  volumeName: minio-pv
YML

EKS » EBS » Patch

kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'

cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
  template:
    spec:
      nodeSelector:
        topology.kubernetes.io/zone: minikube
YML
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
  template:
    spec:
      nodeSelector:
        topology.kubernetes.io/zone: ap-southeast-1a
YML

kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'
kubectl -n minio delete pods --all

EKS » Ingress » TLS

cat << YML | kubectl apply -n minio -f -
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: minio-domain
  namespace: minio
spec:
  dnsNames:
  - "minio.finology.group"
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-http01
  secretName: minio-secret-tls 
YML

EKS » Ingress » Patch

cat <<YML | kubectl -n minio patch ing/minio --patch-file=/dev/stdin
---
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
    nginx.ingress.kubernetes.io/proxy-buffers-size: 256k
    nginx.ingress.kubernetes.io/proxy-ssl-server-name: 'on'
    nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on'
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - minio.finology.group
      secretName: minio-secret-tls
YML

Playground

helm -n minio install    minio bitnami/minio --version=14.6.1
helm -n minio upgrade -i minio bitnami/minio --version=14.7.1
helm show values bitnami/minio --version=14.6.1|less

kubectl -n minio get secret minio -o json|jq -r '.data."root-password"'|base64 -d;echo
kubectl -n minio get secret minio -o json|jq -r '.data."root-user"'|base64 -d;echo
kubectl -n minio exec -it svc/minio -c minio -- bash

kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten

kubectl -n minio delete all --all
kubectl -n minio delete ing --all
kubectl -n minio delete sts --all
kubectl -n minio delete svc --all
kubectl -n minio delete pvc --all
kubectl -n minio delete pv  --all

kubectl -n minio rollout history deploy minio
kubectl -n minio rollout restart deploy minio
kubectl -n minio rollout status  deploy minio
kubectl -n minio exec -it svc/minio -c minio -- mc --help
kubectl -n minio exec -it svc/minio -c minio -- bash
kubectl -n minio logs -f  svc/minio -c minio

References