## Execution example
$ kubectl -n $(id -un) get secret objectstore -o=jsonpath="{.items[0]}{.data.access-key}" | base64 --decode ; echo
$ kubectl -n $(id -un) get secret objectstore -o=jsonpath="{.items[0]}{.data.secret-access-key}" | base64 --decode ; echo1. S3 compatible object store
We are preparing an S3 compatible Object Store using Minio
2. References
For basic usage of Minio’s Object Store, please refer to the following document.
3. Prepared objects
To avoid interfering with each other, they are organized as follows.
-
Buckets cannot be created freely. Buckets are prepared as "username-bucket" with unique key and secret for each user.
-
information for using these (information equivalent to AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY) is stored in secret/objectstore of each user’s namespace.
-
You can access to your bucket thourgh the following URL.
-
http://192.168.100.161:9001/
-
You can confirm your username(key) and password(secret) as follows.
In practice, this is used by setting it as an environment variable in the YAML file.
In your kubernetes application, you also need the following information to access your bucket.
-
Hostname: sccp-minio-svc.minio.svc.cluster.local
-
Port number: 9000
4. Use of mc command
The "mc" command is a dedicated client for accessing Minio.
However, you cannot access to the MinIO server using the "mc" command directly.
First ,prepare a pod to execute the "mc" command before proceeding.
4.1. Run docker.io/yasuhiroabe/minio-toolbox:latest container
Create a working directory and prepare an appropriately named YAML file with the following contents.
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata: data-pvc
name: data-pvc
spec:: data-pvc
accessModes: [ "ReadWriteOnce" ]
storageClassName: rook-ceph-block
resources:: requests: [ "read-write-once" ] metadata: name: data-pvc
requests: [ "ReadWriteOnce" ] storageClassName: rook-ceph-block
storage: 1Gi--- [.bg-code] ```
apiVersion: apps/v1
kind: Deployment
metadata: minio-toolbox
name: minio-toolbox
labels: minio-toolbox
app: minio-toolbox
spec: minio-toolbox
replicas: 1
strategy: type: Recreate
type: Recreate
selector: 1
matchLabels: minio-toolbox
app: minio-toolbox
template: minio-toolbox
metadata: labels
labels: minio-toolbox
app: minio-toolbox
spec: containers: containers
containers: name: minio-toolbox
- name: minio-toolbox
image: yasuhiroabe/minio-toolbox:latest
command: ["sh","-c", "tail -f /dev/null"]
imagePullPolicy: "Always"
env: ["name: AWS_HOST
- name: AWS_HOST
valueFrom:: secretKeyRef:: secretKeyRef
secretKeyRef: "secretKeyRef:" key: aws-host
key: aws-host
name: objectstore
- name: AWS_ENDPOINT
value: sccp-minio-svc.minio.svc.cluster.local:9000
- name: AWS_ACCESS_KEY_ID
valueFrom: secretKeyRef: key: aws-ip
secretKeyRef: key: access-key
key: access-key
name: objectstore
- name: AWS_SECRET_ACCESS_KEY
valueFrom: secretKeyRef: key: access-key
secretKeyRef: key: secret-access-key
key: secret-access-key
name: objectstore
volumeMounts: data
- name: data
mountPath: /root
volumes: name: data
- name: data
persistentVolumeClaim: data
claimName: data-pvc## Execution example
$ kubectl -n $(id -un) apply -f objectstore.pvc-minio-toolbox.yaml
$ kubectl -n $(id -un) apply -f objectstore.deploy-minio-toolbox.yamlMake sure the Pod is in Running state.
$ kubectl -n $(id -un) get pod -l app=minio-toolboxNAME READY STATUS RESTARTS AGE
minio-toolbox-854bf65b47-5ghwt 1/1 Running 0 20s4.2. Executing commands from inside minio-toolbox
First, run the following command to get inside pod/minio-toolbox-*. For the pod name to specify, check the output of the aforementioned kubectl -n $(id -un) get command.
$ kubectl -n $(id -un) exec -it $(kubectl -n $(id -un) get pod -l app=minio-toolbox -o jsonpath='{.items[*].metadata.name}') -- bashAfter confirming that the exec command succeeds and the prompt changes to bash-5.1# , run the mc command as follows to write the connection information to the ~/.mc/config.json file.
bash-5.1# ./mc alias set minio http://${AWS_ENDPOINT} ${AWS_ACCESS_KEY_ID} ${AWS_SECRET_ACCESS_KEY}After executing this command, you will see the following message
mc: Configuration written to `/root/.mc/config.json`. Please update your access credentials.
mc: Successfully created `/root/.mc/share`.
mc: Initialized share uploads `/root/.mc/share/uploads.json` file.
mc: Initialized share downloads `/root/.mc/share/downloads.json` file.
Added `minio` successfully.Also, a "minio" entry is created in /root/.mc/config.json to register the information needed for the connection. If all the information is correct, the following command should show your bucket.
## Execution example
bash-5.1# ./mc ls minio
[2021-08-31 02:38:04 UTC] 0B yasu-abe-bucket/If the bucket name with your ID name is displayed like this, you can manipulate files through the mc command.
In the following, s13xxxxxxx-bucket should be read as your ID name + "-bucket".
4.3. File placement
Files in a pod can be saved in a bucket with the following command.
bash-5.1# ./mc cp /etc/hosts minio/s13xxxxx-bucket/etc.hostsYou can confirm the placed file by the following command.
bash-5.1# ./mc ls -r minioOtherwise, you can also check through the browser.
4.4. Move files
You can rename files as follows
bash-5.1# ./mc mv minio/s13xxxxx-bucket/etc.hosts minio/s13xxxxx-bucket/local.etc.hosts4.5. Delete file
Files that are no longer needed can be deleted as follows
bash-5.1# ./mc rm minio/s13xxxxx-bucket/local.etc.hostsIf s13xxxxxxx-bucket disappears, you can create a new bucket as follows.
5. restic
The "restic" is a command developed in Go language to get backups to the S3 Object Store. It places the backup of the specified directory on the bucket with encryption.
5.1. Restic command to get backup
The restic command is installed in the minio-toolbox pod.
$ kubectl -n $(id -un) exec -it $(kubectl -n $(id -un) get pod -l app=minio-toolbox -o jsonpath='{.items[*].metadata.name}') -- bash5.2. Initialization work for restic commands
Initialize to papare the backup in your bucket.
The password for restic must be unique. Do not enter other password, such as your AINS ID and MinIO Secret.
bash-5.1# restic -r s3:http://${AWS_ENDPOINT}/s13xxxxx-bucket init5.3. Get a backup
For example, the command to get a backup of the entire /root directory is as follows.
You will be prompted for a password, specify the password you specified during the restic initialization process.
bash-5.0# restic -r s3:http://${AWS_ENDPOINT}/s13xxxxx-bucket backup /root5.4. Confirm backup
Use the *restic snapshots command to check the status of backups.
bash-5.0# restic -r s3:http://${AWS_ENDPOINT}/s13xxxxx-bucket snapshotsenter password for repository:
repository 3336ca97 opened (version 2, compression level auto)
ID Time Host Tags Paths
--------------------------------------------------------------------------------
6f0e5787 2023-09-28 08:08:25 minio-toolbox-5ddbd75f6d-fffdd /root
--------------------------------------------------------------------------------
1 snapshots5.5. Restore backup
Restore the backup by specifying an appropriate directory.
Change the ID, 6f0e57878, part to an appropriate value, as it will contain the IDs that were checked by the aforementioned snapshots.
bash-5.0# restic -r s3:http://${AWS_ENDPOINT}/s13xxxxx-bucket restore 6f0e5787 --target /tmp/restoreenter password for repository: repository d0b66304
repository d0b66304 opened successfully, password is correct
restoring <Snapshot 8ca8f7f8 of [/root] at 2020-01-23 03:40:37.544077502 +0000 UTC by root@s3ostools> to /tmp/restoreThe entire directory is stored in /tmp/restore.