Helm/MinIO: Difference between revisions
Jump to navigation
Jump to search
(14 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
helm repo add bitnami https://charts.bitnami.com/bitnami | helm repo add bitnami https://charts.bitnami.com/bitnami | ||
helm repo update && helm repo list | helm repo update && helm repo list | ||
kubectl config get-contexts | |||
==Config== | ==Config== | ||
Line 37: | Line 38: | ||
rootUser: admin | rootUser: admin | ||
rootPassword: sadaqah! | rootPassword: sadaqah! | ||
defaultBuckets: " | defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads" | ||
ingress: | ingress: | ||
enabled: true | enabled: true | ||
Line 58: | Line 59: | ||
rootUser: admin | rootUser: admin | ||
rootPassword: sadaqah! | rootPassword: sadaqah! | ||
defaultBuckets: " | defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads" | ||
ingress: | ingress: | ||
enabled: true | enabled: true | ||
Line 98: | Line 99: | ||
apk --update add minio-client inetutils-telnet | apk --update add minio-client inetutils-telnet | ||
mcli alias set k8s_gitlab_aa http://minio.minio:9000 Tnen3kCv71osfJKkhcIP rxMU6fWayQD6no1p1LO7orBmxNMtbKuyHITpflBJ | |||
mcli admin info k8s_gitlab_aa | |||
mcli alias set k8s_gitlab_ab http://minio.minio:9000 FfG564tLdSlgaM2t0ig0 FEbThROKMZ06Feddr1SUMk85g4wRM5NZnVVrS24V | |||
mcli admin info k8s_gitlab_ab | |||
mcli alias set s3_host_ab http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle | |||
mcli admin info s3_host_ab | |||
mcli | mcli alias set s3_host_aa http://s3.host.k8s.local 6zXMWye9rOjKgpka pHKjpqiXK4RLpvdyX7qYuwbIk5KAkKa6 | ||
mcli | mcli admin info s3_host_aa | ||
mcli alias set k8s_admin http://minio.minio:9000 admin sadaqah! | |||
mcli admin info k8s_admin | |||
</syntaxhighlight> | |||
==EKS » EBS » PVC== | |||
<syntaxhighlight lang="yaml"> | |||
cat << YML | kubectl apply -f - | |||
--- | |||
apiVersion: v1 | |||
kind: PersistentVolume | |||
metadata: | |||
name: minio-pv | |||
spec: | |||
accessModes: | |||
- ReadWriteOnce | |||
awsElasticBlockStore: | |||
fsType: ext4 | |||
volumeID: aws://ap-southeast-1/vol-0bbbd80804f1ae62a | |||
capacity: | |||
storage: 10Gi | |||
persistentVolumeReclaimPolicy: Retain | |||
storageClassName: "gp2" | |||
--- | |||
apiVersion: v1 | |||
kind: PersistentVolumeClaim | |||
metadata: | |||
labels: | |||
app.kubernetes.io/name: minio | |||
name: minio-pvc | |||
namespace: minio | |||
spec: | |||
accessModes: | |||
- ReadWriteOnce | |||
resources: | |||
requests: | |||
storage: 10Gi | |||
storageClassName: "gp2" | |||
volumeName: minio-pv | |||
YML | |||
</syntaxhighlight> | |||
==EKS » EBS » Patch== | |||
{| | |||
|colspan="2"| | |||
<syntaxhighlight lang="yaml"> | |||
kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector' | |||
</syntaxhighlight> | |||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|valign="top"| | |||
<syntaxhighlight lang="yaml"> | |||
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin | |||
--- | |||
spec: | |||
template: | |||
spec: | |||
nodeSelector: | |||
topology.kubernetes.io/zone: minikube | |||
YML | |||
</syntaxhighlight> | |||
|valign="top"| | |||
<syntaxhighlight lang="yaml"> | |||
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin | |||
--- | |||
spec: | |||
template: | |||
spec: | |||
nodeSelector: | |||
topology.kubernetes.io/zone: ap-southeast-1a | |||
YML | |||
</syntaxhighlight> | |||
|- | |||
|colspan="2"| | |||
---- | |||
|- | |||
|colspan="2"| | |||
<syntaxhighlight lang="yaml"> | |||
kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector' | |||
kubectl -n minio delete pods --all | |||
</syntaxhighlight> | |||
|} | |||
==EKS » Ingress » TLS== | |||
<syntaxhighlight lang="yaml"> | |||
cat << YML | kubectl apply -n minio -f - | |||
--- | |||
apiVersion: cert-manager.io/v1 | |||
kind: Certificate | |||
metadata: | |||
name: minio-domain | |||
namespace: minio | |||
spec: | |||
dnsNames: | |||
- "minio.finology.group" | |||
issuerRef: | |||
kind: ClusterIssuer | |||
name: letsencrypt-http01 | |||
secretName: minio-secret-tls | |||
YML | |||
</syntaxhighlight> | |||
==EKS » Ingress » Patch== | |||
<syntaxhighlight lang="yaml"> | |||
cat <<YML | kubectl -n minio patch ing/minio --patch-file=/dev/stdin | |||
--- | |||
metadata: | |||
annotations: | |||
nginx.ingress.kubernetes.io/proxy-body-size: 10m | |||
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k | |||
nginx.ingress.kubernetes.io/proxy-buffers-number: '4' | |||
nginx.ingress.kubernetes.io/proxy-buffers-size: 256k | |||
nginx.ingress.kubernetes.io/proxy-ssl-server-name: 'on' | |||
nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on' | |||
nginx.ingress.kubernetes.io/rewrite-target: / | |||
nginx.ingress.kubernetes.io/ssl-redirect: 'true' | |||
spec: | |||
ingressClassName: nginx | |||
tls: | |||
- hosts: | |||
- minio.finology.group | |||
secretName: minio-secret-tls | |||
YML | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Line 195: | Line 316: | ||
* [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | * [[Helm/Prometheus Stack|Helm » Prometheus Stack]] | ||
* [[Helm/Cert Manager|Helm » Cert Manager]] | * [[Helm/Cert Manager|Helm » Cert Manager]] | ||
* [[Helm/Nexus HA|Helm » Nexus HA]] | |||
* [[Helm/Fission|Helm » Fission]] | |||
* [[Helm/GitLab|Helm » GitLab]] | |||
* [[Helm/Nexus|Helm » Nexus]] | |||
* [https://artifacthub.io/packages/helm/bitnami/minio Helm » MinIO] | * [https://artifacthub.io/packages/helm/bitnami/minio Helm » MinIO] | ||
* [[Helm]] | * [[Helm]] | ||
Line 207: | Line 332: | ||
|- | |- | ||
| valign="top" | | | valign="top" | | ||
* [https://medium.com/picus-security-engineering/on-premises-s3-bucket-object-storage-with-minio-server-gateway-4c44fc321b1c MinIO » On-premises AWS S3 Object Storage] | |||
* [https://min.io/docs/minio/kubernetes/upstream/administration/object-management/transition-objects-to-s3.html MinIO » Transition Objects to AWS S3] | |||
* [https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html MinIO » Helm Charts » Operator] | * [https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html MinIO » Helm Charts » Operator] | ||
* [https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html MinIO » Configure NGINX Proxy] | |||
* [https://github.com/bitnami/charts/tree/main/bitnami/minio/ MinIO » Bitnami » Helm Charts] | * [https://github.com/bitnami/charts/tree/main/bitnami/minio/ MinIO » Bitnami » Helm Charts] | ||
* [https://bitnami.com/stack/minio/helm MinIO » Bitnami » Package] | * [https://bitnami.com/stack/minio/helm MinIO » Bitnami » Package] | ||
Line 238: | Line 366: | ||
* [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | * [[K8s/CSI Hostpath Driver|K8s » CSI Hostpath Driver]] | ||
* [[K8s/Ingress|K8s » Ingress]] | * [[K8s/Ingress|K8s » Ingress]] | ||
* [[K8s/Service|K8s » Service]] | |||
* [[CIDR]] | * [[CIDR]] | ||
* [[UFW]] | * [[UFW]] |
Latest revision as of 10:35, 21 November 2024
helm repo add bitnami https://charts.bitnami.com/bitnami helm repo update && helm repo list kubectl config get-contexts
Config
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
Install
kubectl get ns|grep minio
kubectl delete ns minio
|
kubectl get ns|grep minio
kubectl create ns minio
|
| |
cat <<YML | helm -n minio install minio bitnami/minio --version=14.7.1 -f -
---
global:
defaultStorageClass: standard
mode: standalone
auth:
rootUser: admin
rootPassword: sadaqah!
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
enabled: true
hostname: minio.k8s.local
statefulset:
drivesPerNode: 1
replicaCount: 1
zones: 1
YML
|
cat <<YML | helm -n minio install minio bitnami/minio --version=14.7.1 -f -
---
global:
defaultStorageClass: standard
mode: distributed
auth:
rootUser: admin
rootPassword: sadaqah!
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
enabled: true
hostname: minio.k8s.local
statefulset:
drivesPerNode: 4
replicaCount: 1
zones: 1
YML
|
| |
xdg-open http://minio.k8s.local &>/dev/null &
gnome-open http://minio.k8s.local &>/dev/null &
|
x-www-browser http://minio.k8s.local &>/dev/null &
sensible-browser http://minio.k8s.local &>/dev/null &
|
Uninstall
helm uninstall -n minio minio
kubectl delete namespace minio
Swiss Knife
kubectl -n minio run -i --tty --rm minio-cli --image=alpine --restart=Never -- sh
apk --update add minio-client inetutils-telnet
mcli alias set k8s_gitlab_aa http://minio.minio:9000 Tnen3kCv71osfJKkhcIP rxMU6fWayQD6no1p1LO7orBmxNMtbKuyHITpflBJ
mcli admin info k8s_gitlab_aa
mcli alias set k8s_gitlab_ab http://minio.minio:9000 FfG564tLdSlgaM2t0ig0 FEbThROKMZ06Feddr1SUMk85g4wRM5NZnVVrS24V
mcli admin info k8s_gitlab_ab
mcli alias set s3_host_ab http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle
mcli admin info s3_host_ab
mcli alias set s3_host_aa http://s3.host.k8s.local 6zXMWye9rOjKgpka pHKjpqiXK4RLpvdyX7qYuwbIk5KAkKa6
mcli admin info s3_host_aa
mcli alias set k8s_admin http://minio.minio:9000 admin sadaqah!
mcli admin info k8s_admin
EKS » EBS » PVC
cat << YML | kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: minio-pv
spec:
accessModes:
- ReadWriteOnce
awsElasticBlockStore:
fsType: ext4
volumeID: aws://ap-southeast-1/vol-0bbbd80804f1ae62a
capacity:
storage: 10Gi
persistentVolumeReclaimPolicy: Retain
storageClassName: "gp2"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/name: minio
name: minio-pvc
namespace: minio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 10Gi
storageClassName: "gp2"
volumeName: minio-pv
YML
EKS » EBS » Patch
kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'
| |
| |
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
template:
spec:
nodeSelector:
topology.kubernetes.io/zone: minikube
YML
|
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
template:
spec:
nodeSelector:
topology.kubernetes.io/zone: ap-southeast-1a
YML
|
| |
kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'
kubectl -n minio delete pods --all
|
EKS » Ingress » TLS
cat << YML | kubectl apply -n minio -f -
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: minio-domain
namespace: minio
spec:
dnsNames:
- "minio.finology.group"
issuerRef:
kind: ClusterIssuer
name: letsencrypt-http01
secretName: minio-secret-tls
YML
EKS » Ingress » Patch
cat <<YML | kubectl -n minio patch ing/minio --patch-file=/dev/stdin
---
metadata:
annotations:
nginx.ingress.kubernetes.io/proxy-body-size: 10m
nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
nginx.ingress.kubernetes.io/proxy-buffers-size: 256k
nginx.ingress.kubernetes.io/proxy-ssl-server-name: 'on'
nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on'
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
ingressClassName: nginx
tls:
- hosts:
- minio.finology.group
secretName: minio-secret-tls
YML
Playground
helm -n minio install minio bitnami/minio --version=14.6.1
helm -n minio upgrade -i minio bitnami/minio --version=14.7.1
helm show values bitnami/minio --version=14.6.1|less
| |
| |
kubectl -n minio get secret minio -o json|jq -r '.data."root-password"'|base64 -d;echo
kubectl -n minio get secret minio -o json|jq -r '.data."root-user"'|base64 -d;echo
kubectl -n minio exec -it svc/minio -c minio -- bash
| |
| |
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
| |
| |
kubectl -n minio delete all --all
kubectl -n minio delete ing --all
kubectl -n minio delete sts --all
|
kubectl -n minio delete svc --all
kubectl -n minio delete pvc --all
kubectl -n minio delete pv --all
|
| |
kubectl -n minio rollout history deploy minio
kubectl -n minio rollout restart deploy minio
kubectl -n minio rollout status deploy minio
|
kubectl -n minio exec -it svc/minio -c minio -- mc --help
kubectl -n minio exec -it svc/minio -c minio -- bash
kubectl -n minio logs -f svc/minio -c minio
|
References
| ||
| ||