MinIO
是基于GNU AGPL v3开源的高性能对象存储,与Amazon S3云存储服务API兼容。
介绍
MinIO 是 Kubernetes 的原生产品,是唯一可用于公有云、私有云、Kubernetes 发行版和边缘的对象存储套件。
使用场景
一般作为高性能基础设施的场景,包括`
- 机器学习
- 分析
- 应用数据负载
- 测试环境
- 支持基于
Policy-Based Access Control (PBAC)
认证
特点
- 高可用,
N/2
硬盘在线数据就是安全的
- Minio 使用
纠删码(erasure code)
和 校验和(checksum)
来保护数据免受硬件故障
纠删码
是一种恢复丢失和损坏数据的数学算法,Minio采用 Reed-Solomon code
将对象拆分成 N/2
数据和 N/2
奇偶校验块
- 示例:如果有 12 块盘,一个对象会被分成 6 个数据块、6 个奇偶校验块,丢失任意 6 块盘(不管是数据块还是奇偶校验块)时仍可以从剩下的盘中将数据进行恢复
一致性
所有读写操作都严格遵守 read-after-write
一致性模型
安装部署
支持多种安装部署方式,参考` https://hub.docker.com/r/minio/minio
Docker
mkdir -p /data/minio
docker run -d \
--name minio \
--restart=always \
-p 9000:9000 \
-p 9001:9001 \
-e "MINIO_ROOT_USER=admin" \
-e "MINIO_ROOT_PASSWORD=minioadmin" \
-v /data/minio:/data \
minio/minio:RELEASE.2022-05-08T23-50-31Z.hotfix.d33e6d144 \
server /data --console-address ":9001"
说明`
- 默认用户名:密码
admin/minioadmin`,示例通过环境变量指定
- API Port:
9000
- Web Console Port:
9001
- 安装完成后,通过
http://<ip>:9001
访问
/identity/account/new-account
添加 Access Key
和 Secret Key
Docker Compose
version: '3.7'
services:
sidekick:
image: dalongrong/sidekick:v0.1.8
tty: true
ports:
- "80:80"
command: --health-path=/minio/health/ready --address :80 http://minio{1...4}:9000
gateway:
image: minio/minio:RELEASE.2020-04-04T05-39-31Z
command: gateway s3 http://sidekick
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
ports:
- "9000:9000"
minio1:
image: minio/minio:RELEASE.2020-04-04T05-39-31Z
volumes:
- data1-1:/data1
- data1-2:/data2
ports:
- "9001:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
MINIO_BROWSER: "off"
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio2:
image: minio/minio:RELEASE.2020-04-04T05-39-31Z
volumes:
- data2-1:/data1
- data2-2:/data2
ports:
- "9002:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
MINIO_BROWSER: "off"
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio3:
image: minio/minio:RELEASE.2020-04-04T05-39-31Z
volumes:
- data3-1:/data1
- data3-2:/data2
ports:
- "9003:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
MINIO_BROWSER: "off"
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
minio4:
image: minio/minio:RELEASE.2020-04-04T05-39-31Z
volumes:
- data4-1:/data1
- data4-2:/data2
ports:
- "9004:9000"
environment:
MINIO_ACCESS_KEY: minio
MINIO_SECRET_KEY: minio123
MINIO_BROWSER: "off"
command: server http://minio{1...4}/data{1...2}
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3
volumes:
data1-1:
data1-2:
data2-1:
data2-2:
data3-1:
data3-2:
data4-1:
data4-2:
启动:
docker-compose up -d
Minio Operator
参考
kubectl krew update
kubectl krew install minio
kubectl minio init
apiVersion: v1
kind: PersistentVolume
metadata:
name: local-disk-0
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage
local:
path: /data/minio/0
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node6
kubectl minio tenant create minio-tenant-1 \
--servers 1 \
--volumes 4 \
--capacity 40Gi \
--storage-class local-storage \
--namespace minio-tenant-1
集群扩容
- 水平扩容:增加节点数扩展系统容量,包括两种方式(不支持扩容单个节点)
- 对等扩容:要求增加的节点数和磁盘数均需与原集群保持对等
- 联邦扩容:通过引入 etcd,将多个 MinIO 分布式集群在逻辑上组成一个联邦,对外以一个整体提供服务,并提供统一的命名空间
- 垂直扩容:采用扩容节点磁盘空间,会为集群运行带来若干问题,官方并不推荐
使用
客户端 mc 安装
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
./mc --help
mc 客户端使用
# 查看 minio 服务端配置
mc config host ls
# 添加 minio 服务端配置
mc config host add minio http://minio.xiexianbin.cn xxx --api s3v4
# 查看 minio bucket
mc ls minio
# 创建 bucket
mc mb minio/backup
# 上传本地目录(文件不加r)
mc cp -r ingress minio/backup/
# 下载远程目录(文件不加r)
mc cp -r minio/backup .
# 将一个本地文件夹镜像到 minio (类似rsync)
mc mirror localdir/ minio/backup/
# 持续监听本地文件夹镜像到 minio(类似rsync)
mc mirror -w localdir/ minio/backup/
# 持续从 minio 存储桶中查找所有 jpg 图像,并复制到 minio "play/bucket" 存储桶
mc find minio/backup --name "*.jpg" --watch --exec "mc cp {} play/bucket"
# 删除目录
mc rm minio/backup/ingress --recursive --force
# 删除文件
mc rm minio/backup/xxx.yaml
# 删除所有未完整上传的对象
mc rm --incomplete --recursive --force minio/backup
# 删除 7 天前的对象
mc rm --force --older-than=7 minio/backup
# 将 MySQL 数据库 dump 文件输出到 minio
mysqldump -u root -p ******* db | mc pipe minio/backup/backup.sql
# MongoDB 备份
mongodump -h mongo-server1 -p 27017 -d blog-data --archive | mc pipe minio/backup/mongo-blog-data-`date +%Y-%m-%d`.archive
上传文件的 Content-Type
推荐:h2non/filetype 通过文件magic code判断文件类型,参考
text/html
HTML格式,浏览器直接打开
text/plain
纯文本格式
text/xml
XML格式
text/x-log
log格式
image/gif
gif图片格式
image/jpeg
jpg图片格式
image/png
png图片格式
application/json
JSON数据格式
application/xml
XML数据格式
application/xhtml+xml
XHTML格式
application/atom+xml
Atom XML聚合格式
application/pdf
pdf格式
application/msword
Word文档格式
application/octet-stream
二进制数据流下载
Python SDK
pip3 install minio
Golang SDK
package miniolib
import (
"context"
"io"
"log"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
)
var client = clientConnect()
var ctx, _ = context.WithCancel(context.Background())
// 初始化 minio 客户端连接对象
func clientConnect() *minio.Client {
endpoint := "127.0.0.1:9000"
accessKeyID := "xxx"
secretAccessKey := "xxxxxx"
useSSL := false
client, err := minio.New(endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
Secure: useSSL})
if err != nil {
log.Fatalln("minio err: ", err)
}
return client
}
// ListBuckets 获取所有 buckets
func ListBuckets(client *minio.Client) (names []string) {
buckets, _ := client.ListBuckets(ctx)
for _, bucket := range buckets {
names = append(names, bucket.Name)
}
return
}
// PutObject 上传 object
func PutObject(bucketName, objectName string, fp io.Reader, size int64, contentType string) (int64, error) {
object, err := client.PutObject(
ctx,
bucketName,
objectName,
fp,
size,
minio.PutObjectOptions{
ContentType: contentType,
},
)
if err != nil {
return 0, err
}
return object.Size, nil
}
Service Account Policy
MinIO 策略(policy)
文档使用与 AWS IAM Policy 文档相同的架构
IAM(Identity and Access Management)
Built-In Policies
Policy Document Structure
{
"Version" : "2012-10-17",
"Statement" : [
{
"Effect" : "Allow",
"Action" : [ "s3:<ActionName>", ... ],
"Resource" : "arn:aws:s3:::*",
"Condition" : { ... }
},
{
"Effect" : "Deny",
"Action" : [ "s3:<ActionName>", ... ],
"Resource" : "arn:aws:s3:::*",
"Condition" : { ... }
}
]
}
参数说明:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:DeleteObject",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::public"
]
}
]
}
- policy 可以和 minio 的用户或组关联,实现权限分配