Minio是一个兼容亚马逊AWS S3协议的开源的OSS对象存储服务,参考阿里云的OSS对象服务,可以将Minio理解成为私有的OSS对象服务,现在企业内已经大量使用Minio作为OSS对象服务。
1.单机部署Minio(不推荐)
先创建namespace
kubectl create namespace minio
再创建minio的PVC,基于StorageClass进行资源的动态申请。
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: minio-pvc
namespace: minio
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 50Gi
storageClassName: nfs-storage
创建Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
namespace: minio
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
image: quay.io/minio/minio:latest
command:
- /bin/bash
- -c
args:
- minio server /data --console-address :9001
env:
- name: MINIO_ROOT_USER
value: "root"
- name: MINIO_ROOT_PASSWORD
value: "root"
ports:
- name: api
containerPort: 9000
- name: webui
containerPort: 9001
volumeMounts:
- name: storage
mountPath: /data
- name: host-name
mountPath: /etc/localtime
volumes:
- name: host-time
hostPath: /etc/localtime
type: ''
- name: storage
persistentVolumeClaim:
claimName: minio-pvc
单机部署Minio是不具备高可用的,Minio是支持进行集群部署的,我们可以基于StatefulSet去进行部署集群版本的Minio(为什么不用Deployment,因为集群部署是存在有状态的,比如PodA它需要知道PodB的IP地址进行服务发现,无法使用Deployment进行部署)。
在下面一部分,我们来介绍,通过StatefulSet进行集群版本的Minio的部署。
2. 基于StatefulSet实现集群部署Minio(推荐)
先确保namespace已经存在,不存在的话,先创建。
kubectl create namespace minio
创建如下的资源清单:
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: minio
namespace: minio
spec:
replicas: 3
selector:
matchLabels:
app: minio
serviceName: minio-service
template:
metadata:
labels:
app: minio
spec:
volumes:
- name: host-time
hostPath:
path: /etc/localtime
type: ''
containers:
- name: minio
image: quay.io/minio/minio:latest
args:
- server
- http://minio-0.minio-service.minio.svc.cluster.local/data
- http://minio-1.minio-service.minio.svc.cluster.local/data
- http://minio-2.minio-service.minio.svc.cluster.local/data
- --console-address
- :9001
env:
- name: MINIO_ROOT_USER
valueFrom:
secretKeyRef:
name: minio-username-password
key: MINIO_ROOT_USER
- name: MINIO_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: minio-username-password
key: MINIO_ROOT_PASSWORD
ports:
- name: api
containerPort: 9000
- name: console
containerPort: 9001
volumeMounts:
- name: minio-storage-pvc
mountPath: /data
- name: host-time
readOnly: true
mountPath: /etc/localtime
volumeClaimTemplates:
- kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: minio-storage-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: nfs-storage
resources:
requests:
storage: 20Gi
3. Minio的外网访问
创建Service,通过NodePort的方式暴露到外网,这里需要暴露9000和9001两个端口。
apiVersion: v1
kind: Service
metadata:
name: minio-service
namespace: minio
spec:
type: NodePort
ports:
- port: 9000
targetPort: 9000
nodePort: 31000
name: minio-api
- port: 9001
targetPort: 9001
nodePort: 31001
name: minio-webui
selector:
app: minio
创建Ingress对象,注意将域名和SSL的Secret更改成为自己的。
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: minio-nginx-ingress
namespace: minio
annotations:
spec:
ingressClassName: nginx
tls:
- hosts:
- <domain>
secretName: <ssl-secret>
rules:
- host: <domain>
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
service:
name: minio-service
port:
number: 9001