Helm/MinIO: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
Line 329: Line 329:
|-
|-
| valign="top" |
| valign="top" |
* [https://medium.com/picus-security-engineering/on-premises-s3-bucket-object-storage-with-minio-server-gateway-4c44fc321b1c MinIO » On-premises AWS S3 Object Storage]
* [https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html MinIO » Helm Charts » Operator]
* [https://min.io/docs/minio/kubernetes/upstream/operations/install-deploy-manage/deploy-operator-helm.html MinIO » Helm Charts » Operator]
* [https://github.com/bitnami/charts/tree/main/bitnami/minio/ MinIO » Bitnami » Helm Charts]
* [https://github.com/bitnami/charts/tree/main/bitnami/minio/ MinIO » Bitnami » Helm Charts]

Revision as of 03:25, 18 November 2024

helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo update && helm repo list
kubectl config get-contexts

Config

export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"

Install

kubectl get ns|grep minio
kubectl delete ns   minio
kubectl get ns|grep minio
kubectl create ns   minio

cat <<YML | helm -n minio install    minio bitnami/minio --version=14.7.1 -f -
---
global:
  defaultStorageClass: standard
mode: standalone
auth:
  rootUser: admin
  rootPassword: sadaqah!
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
  enabled: true
  hostname: minio.k8s.local
statefulset:
  drivesPerNode: 1
  replicaCount: 1
  zones: 1
YML
cat <<YML | helm -n minio install    minio bitnami/minio --version=14.7.1 -f -
---
global:
  defaultStorageClass: standard
mode: distributed
auth:
  rootUser: admin
  rootPassword: sadaqah!
defaultBuckets: "gitlab-artifacts, gitlab-backups, gitlab-ci-secure-files, gitlab-dependency-proxy, gitlab-lfs, gitlab-mr-diffs, gitlab-packages, gitlab-pages, gitlab-registry, gitlab-runner-cache, gitlab-tf-state, gitlab-tmp, gitlab-uploads"
ingress:
  enabled: true
  hostname: minio.k8s.local
statefulset:
  drivesPerNode: 4
  replicaCount: 1
  zones: 1
YML

xdg-open http://minio.k8s.local &>/dev/null &
gnome-open http://minio.k8s.local &>/dev/null &
x-www-browser http://minio.k8s.local &>/dev/null &
sensible-browser http://minio.k8s.local &>/dev/null &

Uninstall

helm uninstall -n minio  minio
kubectl delete namespace minio

Swiss Knife

kubectl -n minio run -i --tty --rm minio-cli --image=alpine --restart=Never -- sh
apk --update add minio-client inetutils-telnet

mcli alias set  k8s_gitlab_aa http://minio.minio:9000 Tnen3kCv71osfJKkhcIP rxMU6fWayQD6no1p1LO7orBmxNMtbKuyHITpflBJ
mcli admin info k8s_gitlab_aa

mcli alias set  k8s_gitlab_ab http://minio.minio:9000 FfG564tLdSlgaM2t0ig0 FEbThROKMZ06Feddr1SUMk85g4wRM5NZnVVrS24V
mcli admin info k8s_gitlab_ab

mcli alias set  s3_host_ab http://s3.host.k8s.local O2PLF0Pznp12HNbT9FbJ YIISq1Srxf9gv24fxkryN5ilQDg8P5wxJXt1qgle
mcli admin info s3_host_ab

mcli alias set  s3_host_aa http://s3.host.k8s.local 6zXMWye9rOjKgpka pHKjpqiXK4RLpvdyX7qYuwbIk5KAkKa6
mcli admin info s3_host_aa

mcli alias set  k8s_admin http://minio.minio:9000 admin sadaqah!
mcli admin info k8s_admin

EKS » EBS » PVC

cat << YML | kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: minio-pv
spec:
  accessModes:
  - ReadWriteOnce
  awsElasticBlockStore:
    fsType: ext4
    volumeID: aws://ap-southeast-1/vol-0bbbd80804f1ae62a
  capacity:
    storage: 10Gi
  persistentVolumeReclaimPolicy: Retain
  storageClassName: "gp2"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  labels:
    app.kubernetes.io/name: minio
  name: minio-pvc
  namespace: minio
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 10Gi
  storageClassName: "gp2"
  volumeName: minio-pv
YML

EKS » EBS » Patch

kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'

cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
  template:
    spec:
      nodeSelector:
        topology.kubernetes.io/zone: minikube
YML
cat <<YML | kubectl -n minio patch deploy/minio --patch-file=/dev/stdin
---
spec:
  template:
    spec:
      nodeSelector:
        topology.kubernetes.io/zone: ap-southeast-1a
YML

kubectl -n minio get deploy/minio -ojson|jq -r '.spec.template.spec.nodeSelector'
kubectl -n minio delete pods --all

EKS » Ingress » TLS

cat << YML | kubectl apply -n minio -f -
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: minio-domain
  namespace: minio
spec:
  dnsNames:
  - "minio.finology.group"
  issuerRef:
    kind: ClusterIssuer
    name: letsencrypt-http01
  secretName: minio-secret-tls 
YML

EKS » Ingress » Patch

cat <<YML | kubectl -n minio patch ing/minio --patch-file=/dev/stdin
---
metadata:
  annotations:
    nginx.ingress.kubernetes.io/proxy-body-size: 10m
    nginx.ingress.kubernetes.io/proxy-buffer-size: 128k
    nginx.ingress.kubernetes.io/proxy-buffers-number: '4'
    nginx.ingress.kubernetes.io/proxy-buffers-size: 256k
    nginx.ingress.kubernetes.io/proxy-ssl-server-name: 'on'
    nginx.ingress.kubernetes.io/proxy-ssl-verify: 'on'
    nginx.ingress.kubernetes.io/rewrite-target: /
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - minio.finology.group
      secretName: minio-secret-tls
YML

Playground

helm -n minio install    minio bitnami/minio --version=14.6.1
helm -n minio upgrade -i minio bitnami/minio --version=14.7.1
helm show values bitnami/minio --version=14.6.1|less

kubectl -n minio get secret minio -o json|jq -r '.data."root-password"'|base64 -d;echo
kubectl -n minio get secret minio -o json|jq -r '.data."root-user"'|base64 -d;echo
kubectl -n minio exec -it svc/minio -c minio -- bash

kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten

kubectl -n minio delete all --all
kubectl -n minio delete ing --all
kubectl -n minio delete sts --all
kubectl -n minio delete svc --all
kubectl -n minio delete pvc --all
kubectl -n minio delete pv  --all

kubectl -n minio rollout history deploy minio
kubectl -n minio rollout restart deploy minio
kubectl -n minio rollout status  deploy minio
kubectl -n minio exec -it svc/minio -c minio -- mc --help
kubectl -n minio exec -it svc/minio -c minio -- bash
kubectl -n minio logs -f  svc/minio -c minio

References