说明
loki 支持文件系统、对象存储、NoSQL,对象存储大多都要使用公有云,但所幸的是它支持了 aws s3 兼容的存储,那么这里就可以使用 ceph rgw 和 minio,本篇部署 minio
说明
对象存储在云环境下是一种基础设施,在大数据、AI领域可以将它作为基本的存储方式。Spark、TensorFlow 都可以使用对象存储,它也可以作为 HDFS 的代替者。
minio 出品自一个有着多年网络文件系统开发经验的团队,其初始创始团队都来自于原 Glusterfs 团队,该团队二次创业的产品 minio 的设计广泛吸取了 glusterfs 的经验和教训:
MinIO 是一个开源的对象存储解决方案,特点包括:
- 高性能: 作为高性能对象存储,在标准硬件条件下它能达到 55GB/s 的读、35GG/s 的写速率
- 可扩容: 不同 MinIO 集群可以组成联邦,并形成一个全局的命名空间,并跨越多个数据中心,可按 zone 扩展(原 zone 不受任何影响),支持单个对象最大 5TB;
- 云原生: 容器化、基于 K8S 的编排、多租户支持
- 兼容性: 兼容 S3 API 这一事实上的对象存储标准,最先支持 S3 Select
- 简单: 这一设计原则让 MinIO 不容易出错、更快启动。一个 single 二进制文件即是一切,还可支持各种平台。(托了 go 语言的福)
-
支持纠删码: MinIO 使用纠删码(不是副本机制)、Checksum 来防止硬件错误和静默数据污染(Bit Rot,在没有任何信号的情况下磁盘发生数据错误)。在最高冗余度配置下,即使丢失 1/2 的磁盘也能恢复数据。低冗余且磁盘损坏高容忍,标准且最高的数据冗余系数为 2(即存储一个 1M 的数据对象,实际占用磁盘空间为 2M)。但在任意 n/2 块 disk 损坏的情况下依然可以读出数据(n 为一个纠删码集合(Erasure Coding Set)中的 disk 数量)。并且这种损坏恢复是基于单个对象的,而不是基于整个存储卷的。
mini.png
安装
通过 minio-operator 安装:
注意:这里作为一个 kubectl 插件来使用了
下载包:
# wget https://github.com/minio/operator/releases/download/v3.0.28/kubectl-minio_3.0.28_linux_amd64
# mv kubectl-minio_3.0.28_linux_amd64 /usr/local/bin/kubectl-minio
# chmod +x /usr/local/bin/kubectl-minio
# kubectl plugin list
The following compatible plugins are available:
/usr/local/bin/kubectl-minio
查看帮助:
# kubectl minio
kubectl plugin to manage MinIO operator CRDs.
Usage:
minio [command]
Available Commands:
delete Delete MinIO Operator deployment
help Help about any command
init Initialize MinIO Operator deployment
tenant Manage MinIO tenant
Flags:
-h, --help help for minio
Use "minio [command] --help" for more information about a command.
安装 minio-operator
注意:可以使用 -o(不是 -o yaml)导出 minio-operator 的 yaml 进行手工修改部署(但是不全,缺少了 apiVersion、kind 等字段)
# kubectl create ns minio
# kubectl minio init --namespace minio --image harbor.sit.hupu.io/k8s/k8s-operator:v3.0.28
CustomResourceDefinition tenants.minio.min.io: created
ClusterRole minio-operator-role: created
ServiceAccount minio-operator: created
ClusterRoleBinding minio-operator-binding: created
MinIO Operator Deployment minio-operator: created
查看:
# kubectl get pod -n minio
NAME READY STATUS RESTARTS AGE
minio-operator-547f967794-tj54s 1/1 Running 0 48s
# kubectl logs -n minio deployment/minio-operator
I1103 05:51:59.656107 1 main.go:66] Starting MinIO Operator
I1103 05:51:59.658915 1 main-controller.go:236] Setting up event handlers
I1103 05:51:59.658983 1 main-controller.go:692] Starting Tenant controller
I1103 05:51:59.658994 1 main-controller.go:695] Waiting for informer caches to sync
I1103 05:51:59.859139 1 main-controller.go:700] Starting workers
minio 支持多种 server 启动模式
- standalone mode 单节点单盘
# minio server data
- standalone mode 单节点 4 盘纠删码
# minio server data1 data2 data3 data4
minio server 启动支持语法糖 - 省略号语法:
# minio server data{1...4}
- distributed mode 多节点纠删码(每节点 4 盘)
在 distributed mode 下,minio server 后面的远程的 endpoint 采用 http url 编码格式:
# export MINIO_ACCESS_KEY=<ACCESS_KEY>
# export MINIO_SECRET_KEY=<SECRET_KEY>
# minio server http://host{1...4}:9000/minio/data{1...4}
通过 tenants CR 资源创建 minio 集群:
注意:tenant 是由运营商创建和管理的 MinIO 集群。在创建 tenant 之前,请确保已安装必要的节点和驱动器,并且已创建相关的 PV 或默认的非跨可用区的 storageclass。
# kubectl get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
alicloud-disk-efficiency (default) diskplugin.csi.alibabacloud.com Delete Immediate true 59d
alicloud-disk-ssd diskplugin.csi.alibabacloud.com Delete Immediate true 59d
要求 MinIO-Operator 创建一个具有 4 节点,总计 16 个卷和 480Gi 总原始容量(每个节点有 4 个 30 Gi 的卷)的 minio 集群:
注意:分布式 Minio 至少需要 4 个节点,使用分布式 Minio 就自动引入了纠删码功能。
注意:这里会返回 Access Key 和 Secret Key
# kubectl minio tenant create --name tenant1 --servers 4 --volumes 16 --capacity 480Gi --namespace minio
MinIO Tenant tenant1 Created
Tenant
Access Key: 790f856e-8d49-4ae1-b37f-2668a16f6558
Secret Key: 85408dd4-84f4-4578-a8f1-e454ddaa7917
Version: minio/minio:RELEASE.2020-10-12T21-53-21Z
ClusterIP Service: tenant1-internal-service
MinIO Console
Access Key: b38a7893-7931-4e59-b3e5-82ebcaa4ccfa
Secret Key: 5883f678-3612-4920-890f-bd383b6a28b5
Version: minio/console:v0.3.14
ClusterIP Service: tenant1-console
查看日志:
注意:几个 error syncing 错误不影响
# kubectl logs -n minio deployment/minio-operator
I1103 06:23:51.386231 1 csr.go:73] Generating private key
I1103 06:23:51.386361 1 csr.go:86] Generating CSR with CN=*.tenant1-hl.minio.svc.cluster.local
I1103 06:23:51.410488 1 csr.go:217] Start polling for certificate of csr/tenant1-minio-csr, every 5s, timeout after 20m0s
I1103 06:23:56.413972 1 csr.go:243] Certificate successfully fetched, creating secret with Private key and Certificate
E1103 06:23:56.418970 1 main-controller.go:778] error syncing 'minio/tenant1': waiting for minio cert
I1103 06:24:01.339533 1 main-controller.go:970] Deploying zone zone-0
I1103 06:24:01.360977 1 csr.go:217] Start polling for certificate of csr/tenant1-console-minio-csr, every 5s, timeout after 20m0s
I1103 06:24:06.364020 1 csr.go:243] Certificate successfully fetched, creating secret with Private key and Certificate
E1103 06:24:06.370130 1 main-controller.go:778] error syncing 'minio/tenant1': waiting for console cert
I1103 06:25:01.356379 1 main-controller.go:970] Deploying zone zone-0
E1103 06:25:02.439244 1 main-controller.go:778] error syncing 'minio/tenant1': MinIO is not ready
E1103 06:26:01.389658 1 main-controller.go:778] error syncing 'minio/tenant1': MinIO is not ready
I1103 06:27:02.500331 1 main-controller.go:773] Successfully synced 'minio/tenant1'
I1103 06:27:07.555954 1 main-controller.go:773] Successfully synced 'minio/tenant1'
大约等待 100s 以后开始创建资源:
# kubectl get all -n minio
NAME READY STATUS RESTARTS AGE
pod/minio-operator-66b7f78db6-nvftv 1/1 Running 0 31m
pod/tenant1-console-5d6d56bbb5-lpf82 1/1 Running 0 16m
pod/tenant1-console-5d6d56bbb5-nqp84 1/1 Running 0 16m
pod/tenant1-zone-0-0 1/1 Running 0 18m
pod/tenant1-zone-0-1 1/1 Running 0 18m
pod/tenant1-zone-0-2 1/1 Running 0 18m
pod/tenant1-zone-0-3 1/1 Running 0 18m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/minio ClusterIP 10.96.16.81 <none> 443/TCP 19m
service/tenant1-console ClusterIP 10.96.239.89 <none> 9090/TCP,9443/TCP 16m
service/tenant1-hl ClusterIP None <none> 9000/TCP 19m
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/minio-operator 1/1 1 1 31m
deployment.apps/tenant1-console 2/2 2 2 16m
NAME DESIRED CURRENT READY AGE
replicaset.apps/minio-operator-66b7f78db6 1 1 1 31m
replicaset.apps/tenant1-console-5d6d56bbb5 2 2 2 16m
NAME READY AGE
statefulset.apps/tenant1-zone-0 4/4 18m
# kubectl minio tenant info --name tenant1 -n minio
+---------+------------------------------------------+--------------------+---------------------+---------+
| ZONE | SERVERS | VOLUMES PER SERVER | CAPACITY PER VOLUME | VERSION |
+---------+------------------------------------------+--------------------+---------------------+---------+
| 0 | 4 | 4 | 30Gi | |
+---------+------------------------------------------+--------------------+---------------------+---------+
| VERSION | MINIO/MINIO:RELEASE.2020-10-12T21-53-21Z | | | |
+---------+------------------------------------------+--------------------+---------------------+---------+
创建 Ingress
# cat > minio-ingress.yaml <<EOF
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: traefik
name: minio-web
namespace: minio
spec:
rules:
- host: minio-web.ingress.hupu.io
http:
paths:
- backend:
serviceName: minio
servicePort: 443
path: /
#tls:
#- hosts:
# - minio-web.ingress.hupu.io
# secretName: tenant1-tls
EOF
# kubectl apply -f minio-ingress.yaml
ingress.extensions/minio-web created
查看 secret:
# kubectl get secret -n minio
NAME TYPE DATA AGE
default-token-75f6m kubernetes.io/service-account-token 3 41m
minio-operator-token-t55q8 kubernetes.io/service-account-token 3 41m
operator-webhook-secret Opaque 3 29m
tenant1-console-secret Opaque 5 29m
tenant1-console-tls Opaque 2 28m
tenant1-creds-secret Opaque 2 29m
tenant1-tls Opaque 2 29m
查看 minio web 账号密码:
# kubectl get secret -n minio tenant1-creds-secret -o jsonpath='{.data}' |jq .
{
"accesskey": "NzkwZjg1NmUtOGQ0OS00YWUxLWIzN2YtMjY2OGExNmY2NTU4",
"secretkey": "ODU0MDhkZDQtODRmNC00NTc4LWE4ZjEtZTQ1NGRkYWE3OTE3"
}
# echo 'NzkwZjg1NmUtOGQ0OS00YWUxLWIzN2YtMjY2OGExNmY2NTU4' | base64 -d
790f856e-8d49-4ae1-b37f-2668a16f6558
# echo 'ODU0MDhkZDQtODRmNC00NTc4LWE4ZjEtZTQ1NGRkYWE3OTE3' | base64 -d
85408dd4-84f4-4578-a8f1-e454ddaa7917
访问 web:
http://minio-web.ingress.hupu.io/minio/login
accesskey:790f856e-8d49-4ae1-b37f-2668a16f6558
secretkey:85408dd4-84f4-4578-a8f1-e454ddaa7917
查看 minio console 账号密码:
# kubectl get secret -n minio tenant1-console-secret -o jsonpath='{.data}' |jq .
{
"CONSOLE_ACCESS_KEY": "YjM4YTc4OTMtNzkzMS00ZTU5LWIzZTUtODJlYmNhYTRjY2Zh",
"CONSOLE_HMAC_JWT_SECRET": "YTI5Nzk5YWUtNmFjOS00ODc4LTljMTgtMWU3Zjg4YmY5YzY5",
"CONSOLE_PBKDF_PASSPHRASE": "ZDM3OWNlZTQtYzdiNy00ZDUxLThhNTgtZGI5NDk4NGNhNGZk",
"CONSOLE_PBKDF_SALT": "Y2U0ZTIyZmItYTA1Mi00Yzk4LWI0NTQtOGZmYWZiNDBlZjll",
"CONSOLE_SECRET_KEY": "NTg4M2Y2NzgtMzYxMi00OTIwLTg5MGYtYmQzODNiNmEyOGI1"
}
查看 PVC:
# kubectl get pvc -n minio
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
0-tenant1-zone-0-0 Bound d-bp19p6vshix3yd7muyfa 30Gi RWO alicloud-disk-efficiency 27m
0-tenant1-zone-0-1 Bound d-bp10p2g1civqusscrpsg 30Gi RWO alicloud-disk-efficiency 27m
0-tenant1-zone-0-2 Bound d-bp15v2vdwv6sbr7a0k99 30Gi RWO alicloud-disk-efficiency 27m
0-tenant1-zone-0-3 Bound d-bp1bhe673f5os8zlesmt 30Gi RWO alicloud-disk-efficiency 27m
1-tenant1-zone-0-0 Bound d-bp1hx0enix3hi3g9i5ys 30Gi RWO alicloud-disk-efficiency 27m
1-tenant1-zone-0-1 Bound d-bp14p9y07ns6mus62u96 30Gi RWO alicloud-disk-efficiency 27m
1-tenant1-zone-0-2 Bound d-bp160her827qm6sn5xbx 30Gi RWO alicloud-disk-efficiency 27m
1-tenant1-zone-0-3 Bound d-bp10p2g1civqusscrpsh 30Gi RWO alicloud-disk-efficiency 27m
2-tenant1-zone-0-0 Bound d-bp13ffnpp8kyos9qe5n1 30Gi RWO alicloud-disk-efficiency 27m
2-tenant1-zone-0-1 Bound d-bp185opgs9oupi15cq4h 30Gi RWO alicloud-disk-efficiency 27m
2-tenant1-zone-0-2 Bound d-bp19p6vshix3yd7muyfe 30Gi RWO alicloud-disk-efficiency 27m
2-tenant1-zone-0-3 Bound d-bp1hf4qqoc03zvssy20q 30Gi RWO alicloud-disk-efficiency 27m
3-tenant1-zone-0-0 Bound d-bp18vj2il5rc2pkmhtyz 30Gi RWO alicloud-disk-efficiency 27m
3-tenant1-zone-0-1 Bound d-bp1cc5ecqwtqyeivvh4m 30Gi RWO alicloud-disk-efficiency 27m
3-tenant1-zone-0-2 Bound d-bp15w0d1f4lqq181cl06 30Gi RWO alicloud-disk-efficiency 27m
3-tenant1-zone-0-3 Bound d-bp1anc2b2vgc4d7v8fs5 30Gi RWO alicloud-disk-efficiency 27m
扩展 minio 集群
# kubectl minio tenant expand --name tenant1 --servers 8 --volumes 32 --capacity 32Ti -n minio
Adding new volumes to MinIO Tenant tenant1
