MinIO作为高性能对象存储,是与Amazon S3云存储服务兼容的 API,使用 MinIO 为机器学习、分析和应用程序数据工作负载构建高性能基础架构。对于Kubernetes环境,使用MinIO Operator实现MinIO部署和租户的创建。
0. ENV
kubernetes v1.23.8;
MinIO-Operator v4.5.4;
minio RELEASE.2022-10-24T18-35-07Z。
部署环境:
| 序号 | 主机名 | 使用磁盘目录 |
| 1 | k8s3-master | /data/1(租户)、/data/log1(租户)、 /data/minio-tenant-1-log-0(审计数据)、 /data/minio-tenant-1-prometheus(监控数据) |
| 2 | k8s3-node1 | /data/1(租户)、/data/log1(租户) |
| 3 | k8s3-node2 | /data/1(租户)、/data/log1(租户) |
MinIO Kubernetes架构图
当前使用3节点kubernetes集群进行部署,生产环境使用本地磁盘作为租户数据存储,测试环境以目录作为模拟。
3节点部署,租户至少需要6块磁盘(目录),同时还需要两个磁盘(目录)作为审计日志(audit log)和prometheus监控数据存储,当前环境提供了8个目录,租户共6个,每个10G,审计日志、监控数据各1个,每个5G。
当前未使用Helm Chart、krew等部署MinIO,直接使用kubectl进行部署,官方使用kubectl部署目前不是很完善,官方默认创建审计日志和监控时会失败,文中已将其完善。
1. Kubernetes TLS Certificate API验证
MinIO Operator需要Kubernetes的kube-controller-manager配置文件包含如下配置:
--cluster-signing-key-file: 指定用于签名群集范围证书的PEM编码的RSA或ECDSA私钥。
--cluster-signing-cert-file: 指定用于颁发群集范围证书的PEM编码的x.509证书颁发机构证书。
验证是否包含cluster-signing-cert-file和cluster-signing-key-file参数:
kubectl get pod kube-controller-manager-$CLUSTERNAME-control-plane -n kube-system -o yaml,如:[root@k8s3-master ~]# kubectl get pod kube-controller-manager-k8s3-master -n kube-system -o yaml...spec:containers:- command:...- --cluster-name=kubernetes- --cluster-signing-cert-file=/etc/kubernetes/pki/ca.crt- --cluster-signing-key-file=/etc/kubernetes/pki/ca.key...
配置中包含两个参数,说明支持Kubernetes TLS Certificate API。
2. 部署MinIO Operator
2.1 手动方式安装MinIO Kubernetes Plugin
下载kubectl-minio_4.5.4_linux_amd64并移到指定目录,可安装到多台
Kubernetes node。
curl https://github.com/minio/operator/releases/download/v4.5.4/kubectl-minio_4.5.4_linux_amd64 -o kubectl-miniochmod +x kubectl-miniomv kubectl-minio usr/local/bin/
查看MinIO版本:
[root@k8s3-master ~]# kubectl minio versionv4.5.4
2.2 初始化MinIO Operator
执行初始化:
[root@k8s3-master ~]# kubectl minio initWarning: resource namespaces/minio-operator is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.namespace/minio-operator configuredserviceaccount/minio-operator createdclusterrole.rbac.authorization.k8s.io/minio-operator-role createdclusterrolebinding.rbac.authorization.k8s.io/minio-operator-binding createdcustomresourcedefinition.apiextensions.k8s.io/tenants.minio.min.io createdservice/operator createddeployment.apps/minio-operator createdserviceaccount/console-sa createdsecret/console-sa-secret createdclusterrole.rbac.authorization.k8s.io/console-sa-role createdclusterrolebinding.rbac.authorization.k8s.io/console-sa-binding createdconfigmap/console-env createdservice/console createddeployment.apps/console created-----------------To open Operator UI, start a port forward using this command:kubectl minio proxy -n minio-operator-----------------
说明:
operator默认部署到minio-operator命名空间中,如果需要指定命名空间,可使用kubectl minio init --namespace {YOUR-NAMESPACE}。
使用群集。在配置operator的DNS主机名时,将本地作为群集域。指定kubectl minio init --cluster域参数以设置不同的集群域值。
2.3 验证Operator安装
查看各项组件,pod状态均为Running状态,各服务运行正常。
[root@k8s3-master ~]# kubectl get all --namespace minio-operatorNAME READY STATUS RESTARTS AGEpod/console-68b898c6dc-tq9z2 1/1 Running 0 35spod/minio-operator-56c56459bd-dlz66 1/1 Running 0 35spod/minio-operator-56c56459bd-hs28d 1/1 Running 0 35sNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/console ClusterIP 10.105.211.255 <none> 9090/TCP,9443/TCP 35sservice/operator ClusterIP 10.100.6.186 <none> 4222/TCP,4221/TCP 35sNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/console 1/1 1 1 35sdeployment.apps/minio-operator 2/2 2 2 35sNAME DESIRED CURRENT READY AGEreplicaset.apps/console-68b898c6dc 1 1 1 35sreplicaset.apps/minio-operator-56c56459bd 2 2 2 35s
2.4 打开Operator Console
Operator Console可以web界面进行管理,打开Operator Console,并记录JWT值,作为后续登录使用。
[root@k8s3-master MinIO]# kubectl minio proxy -n minio-operatorStarting port forward of the Console UI.To connect open a browser and go to http://localhost:9090Current JWT to login: eyJhbGciOiJSUzI1NiIsImtpZCI6IjBTYnloYVlmbkVReXZ2SG1YaG5Ed0VZYWs2dnQ4T1dlekh3ZEIyUWxCeUkifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJtaW5pby1vcGVyYXRvciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJjb25zb2xlLXNhLXRva2VuLXRjeGdmIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImNvbnNvbGUtc2EiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIxZmU3ODYyOC0yYzA0LTQ3NWUtYWQ0ZC0xNjRjYzI0OGU4MDgiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6bWluaW8tb3BlcmF0b3I6Y29uc29sZS1zYSJ9.Ypeov7kBvCb0UpHVt0c6dKmszlDR1pda30hg_L7y08I2bw5sZYZcVjc0klkndJVgnOEX0Qw2cwod9rCWnSkR5XIkPeskmIhTomei6TcfwsKPNifw4jnUA4yz_CrTXApRkP13b2jq9s0ySAGxHkiv2MMI4RC501YTrS_jLWFcPOGszze-fheagv4uYQx_j3ZLXqGQtpZM_pZCO2YYy6F3BU6FdQkW_THXtJRMq3yH-Qzk_SoT36yjuDSCmNItCP38VgT-OBbhRlagFkaPu4mT2ME-ovax8AOn10-Eqw5xslxBNaBsPzlGpG_E4wDNXx6ebYK_M1tX7g1tMEIzBg5NTgForwarding from 0.0.0.0:9090 -> 9090
使用浏览器登录:
http://K8s-Node-IP:9000,输入上面JWT值登录:
登录后界面:
3. 配置租户所需的存储
MinIO自动为群集中的每个卷生成一个永久卷声明(PVC)。群集必须具有相同数量的永久卷(PV)。MinIO强烈建议使用本地连接的存储以最大化性能和吞吐量。
MinIO可以使用任何支持ReadWriteOnce访问模式的Kubernetes永久卷(PV)。MinIO的一致性保证需要ReadWriteOnce提供的独占存储访问。
MinIO operator为租户中的每个卷生成一个持久卷声明(PVC),再加上两个PVC,以支持收集租户度量和日志。群集必须具有足够的持久卷,以满足租户正确启动每个PVC的容量要求。例如,部署具有16个卷的Tenant需要18(16+2)个卷。如果每个PVC要求1TB容量,那么每个PV也必须提供至少1TB的容量。
以下步骤创建必要的StorageClass和本地永久卷(PV)资源,以便每个MinIO Pod及其关联的存储都位于同一节点的本地。
如果集群已经配置了本地PV资源和供MinIO租户使用的StorageClass,则可以跳过此步骤。
3.1 为MinIO本地卷创建StorageClass
以下YAML描述了一个StorageClass,其中包含用于本地PV的适当字段:
cat >> sc-minio.yaml <<-'EOF'apiVersion: storage.k8s.io/v1kind: StorageClassmetadata:name: minio-local-storage # SC-NAMEprovisioner: kubernetes.io/no-provisionervolumeBindingMode: WaitForFirstConsumerEOF
StorageClass必须将volumeBindingMode设置为WaitForFirstConsumer,以确保每个pod的持久卷声明(PVC)正确绑定到节点的本地PV。
创建StorageClass:
[root@k8s3-master MinIO]# kubectl apply -f sc-minio.yamlstorageclass.storage.k8s.io/minio-local-storage created
3.2 创建所需的永久卷
以下YAML使用了PV本地容,当前共3个K8s节点k8s3-master、k8s3-node1、k8s3-node2,每个节点两个目录/data/1、/data/log1,分别创建1个PV,3个节点共6个PV。
同时还需要创建审计日志、prometheus监控数据存放,这两处目前官方早期版本不需要,当前版本未提供参考,可使用文中方法实现。
磁盘驱动器(目录)规划:
| 序号 | 路径 | 容量 | 说明 | 所在节点 |
| 1 | /data/1 | 10G | 租户使用 | 3个节点各1个 |
| 2 | /data/log1 | 10G | 租户使用 | 3个节点各1个 |
| 3 | /data/minio-tenant-1-log-0 | 5G | 审计日志 | k8s3-master |
| 4 | /data/minio-tenant-1-prometheus | 5G | 监控数据 | k8s3-master |
租户容量共60G,审计日志5G,监控数据5G。
1) 目录准备
在3个节点创建租户目录,可自定义,下面是我的目录参考,每个节点至少两个volume:
mkdir -p data/1 data/log1
在K8s3-master创建审计日志目录、监控目录:
mkdir -p data/minio-tenant-1-log-0 data/minio-tenant-1-prometheus
2) 配置PV、PVC,共8个PV/PVC,以供后续使用
为MinIO租户中的每个卷创建一个PV。例如,假设一个Kubernetes集群有3个节点,每个节点有2个本地连接的驱动器,那么总共创建6个本地PV。
名称、容量大小、目录等可根据个人环境进行配置:
cat >> pv-tenant.yaml <<-'EOF'apiVersion: v1kind: PersistentVolumemetadata:name: minio-k8s3-master-data1 # PV-NAMEspec:capacity:storage: 10Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/1 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-master # NODE-NAME---apiVersion: v1kind: PersistentVolumemetadata:name: minio-k8s3-master-log1 # PV-NAMEspec:capacity:storage: 10Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/log1 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-master # NODE-NAME---apiVersion: v1kind: PersistentVolumemetadata:name: minio-k8s3-node1-data1 # PV-NAMEspec:capacity:storage: 10Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/1 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-node1 # NODE-NAME---apiVersion: v1kind: PersistentVolumemetadata:name: minio-k8s3-node1-log1 # PV-NAMEspec:capacity:storage: 10Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/log1 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-node1 # NODE-NAME---apiVersion: v1kind: PersistentVolumemetadata:name: minio-k8s3-node2-data1 # PV-NAMEspec:capacity:storage: 10Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/1 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-node2 # NODE-NAME---apiVersion: v1kind: PersistentVolumemetadata:name: minio-k8s3-node2-log1 # PV-NAMEspec:capacity:storage: 10Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/log1 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-node2 # NODE-NAMEEOF
创建审计日志PV、PVC配置文件(后续备用):
cat >> pv-pvc-minio-tenant-1-log-0.yaml <<-'EOF'apiVersion: v1kind: PersistentVolumemetadata:name: minio-tenant-1-log # PV-NAMEnamespace: minio-tenant-1spec:capacity:storage: 5Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/minio-tenant-1-log-0 # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-master # NODE-NAME---apiVersion: v1kind: PersistentVolumeClaimmetadata:labels:v1.min.io/log-pg: minio-tenant-1-logname: minio-tenant-1-log-minio-tenant-1-log-0namespace: minio-tenant-1spec:accessModes:- ReadWriteOnceresources:requests:storage: "5368709120"storageClassName: minio-local-storagevolumeMode: FilesystemvolumeName: minio-tenant-1-logEOF
创建租户监控prometheus使用的PV、PVC配置文件(后续备用):
cat >> pv-pvc-minio-tenant-prometheus.yaml <<-'EOF'apiVersion: v1kind: PersistentVolumemetadata:name: minio-tenant-1-prometheus # PV-NAMEnamespace: minio-tenant-1spec:capacity:storage: 5Gi # capacityvolumeMode: FilesystemaccessModes:- ReadWriteOnce # default ReadWriteOncepersistentVolumeReclaimPolicy: RetainstorageClassName: minio-local-storage # SC-NAMElocal:path: /data/minio-tenant-1-prometheus # SC local-pathnodeAffinity:required:nodeSelectorTerms:- matchExpressions:- key: kubernetes.io/hostnameoperator: Invalues:- k8s3-master # NODE-NAME---apiVersion: v1kind: PersistentVolumeClaimmetadata:labels:v1.min.io/prometheus: minio-tenant-1-prometheusname: minio-tenant-1-prometheus-minio-tenant-1-prometheus-0namespace: minio-tenant-1spec:accessModes:- ReadWriteOnceresources:requests:storage: 5GistorageClassName: minio-local-storagevolumeMode: FilesystemvolumeName: minio-tenant-1-prometheusEOF
创建租户PV:
[root@k8s3-master MinIO]# kubectl apply -f pv-tenant.yamlpersistentvolume/minio-k8s3-master-data1 createdpersistentvolume/minio-k8s3-master-log1 createdpersistentvolume/minio-k8s3-node1-data1 createdpersistentvolume/minio-k8s3-node1-log1 createdpersistentvolume/minio-k8s3-node2-data1 createdpersistentvolume/minio-k8s3-node2-log1 created
当前只创建租户PV,审计日志和监控数据暂不创建,后续备用。
3) 查看创建的PV
当前已创建6个PV
[root@k8s3-master MinIO]# kubectl get pv | grep miniominio-k8s3-master-data1 10Gi RWX Retain Available minio-local-storage 13mminio-k8s3-master-log1 10Gi RWX Retain Available minio-local-storage 13mminio-k8s3-node1-data1 10Gi RWX Retain Available minio-local-storage 13mminio-k8s3-node1-log1 10Gi RWX Retain Available minio-local-storage 13mminio-k8s3-node2-data1 10Gi RWX Retain Available minio-local-storage 13mminio-k8s3-node2-log1 10Gi RWX Retain Available minio-local-storage 13mminio-tenant-1-log 10Gi RWX Retain Available minio-local-storage 13m
4. 部署MinIO租户(Tenants)
4.1 为MinIO Tenant创建命名空间
[root@k8s3-master ~]# kubectl create namespace minio-tenant-1namespace/minio-tenant-1 created
4.2 创建MinIO Tenant租户
使用kubectl minio租户创建命令创建minio租户。该命令始终使用MinIO服务器和MinIO控制台的最新稳定Docker映像。
以下示例创建了一个3节点MinIO部署,6个驱动器的总容量为60Gi。此时会同时创建审计日志、prometheus监控相关pod。
kubectl minio tenant create minio-tenant-1 \--servers 3 \--volumes 6 \--capacity 60Gi \--storage-class minio-local-storage \--namespace minio-tenant-1
如:
[root@k8s3-master MinIO]# kubectl minio tenant create minio-tenant-1 \> --servers 3 \> --volumes 6 \> --capacity 60Gi \> --storage-class minio-local-storage \> --namespace minio-tenant-1Tenant 'minio-tenant-1' created in 'minio-tenant-1' NamespaceUsername: W175STC2EU3QG0KXEEUNPassword: BhbYGhIZamMlYQXjYOZaD8TZzJno9zNwXa0VUmrqNote: Copy the credentials to a secure location. MinIO will not display these again.APPLICATION SERVICE NAME NAMESPACE SERVICE TYPE SERVICE PORTMinIO minio minio-tenant-1 ClusterIP 443Console minio-tenant-1-console minio-tenant-1 ClusterIP 9443
4.3 状态查看
1) 租户状态查看
当前状态在初始化过程中,等待Log Search就绪:
[root@k8s3-master MinIO]# kubectl get tenants -n minio-tenant-1NAME STATE AGEminio-tenant-1 Waiting for Log Search Pods to be ready 6m12s
租户成功后,状态会显示Initialized:
[root@k8s3-master MinIO]# kubectl -n minio-tenant-1 get tenantNAME STATE AGEminio-tenant-1 Initialized 100m
2) 各pod、服务等对象成功状态
Pod均为Running状态;
deployment、replicaset、statefulset均达到READY值。
[root@k8s3-master MinIO]# kubectl -n minio-tenant-1 get allNAME READY STATUS RESTARTS AGEpod/minio-tenant-1-log-0 1/1 Running 0 98mpod/minio-tenant-1-log-search-api-5c88766db8-ckqjb 1/1 Running 0 62mpod/minio-tenant-1-prometheus-0 2/2 Running 0 97mpod/minio-tenant-1-ss-0-0 1/1 Running 0 98mpod/minio-tenant-1-ss-0-1 1/1 Running 0 98mpod/minio-tenant-1-ss-0-2 1/1 Running 0 98mNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEservice/minio ClusterIP 10.109.219.112 <none> 443/TCP 99mservice/minio-tenant-1-console ClusterIP 10.106.69.239 <none> 9443/TCP 99mservice/minio-tenant-1-hl ClusterIP None <none> 9000/TCP 99mservice/minio-tenant-1-log-hl-svc ClusterIP None <none> 5432/TCP 98mservice/minio-tenant-1-log-search-api ClusterIP 10.108.254.178 <none> 8080/TCP 98mservice/minio-tenant-1-prometheus-hl-svc ClusterIP None <none> 9090/TCP 97mNAME READY UP-TO-DATE AVAILABLE AGEdeployment.apps/minio-tenant-1-log-search-api 1/1 1 1 98mNAME DESIRED CURRENT READY AGEreplicaset.apps/minio-tenant-1-log-search-api-5c88766db8 1 1 1 98mNAME READY AGEstatefulset.apps/minio-tenant-1-log 1/1 98mstatefulset.apps/minio-tenant-1-prometheus 1/1 97mstatefulset.apps/minio-tenant-1-ss-0 3/3 98m
4.4 问题处理
在MinIO-Operator v4.x早期版本中,只创建租户对应的pod,而没有审计日志和prometheus监控。
随之产品逐步完善,增加了这两个对象,而官方并完善底层PV创建的资料,从而导致pod/minio-tenant-1-log-0、minio-tenant-1-log-search-api-xxxxx、minio-tenant-1-prometheus-0这部分对象异常,下面就对问题进行临时处理,非最佳方案。
1) 问题现象
租户初始化后,查看pod未正常
[root@k8s3-master ~]# kubectl get pod -n minio-tenant-1 -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESminio-tenant-1-log-0 0/1 Pending 0 2m16s <none> <none> <none> <none>minio-tenant-1-log-search-api-5c88766db8-mcccf 0/1 CrashLoopBackOff 4 (38s ago) 2m14s 10.244.203.239 k8s3-node1 <none> <none>minio-tenant-1-prometheus-0 0/2 Pending 0 76s <none> <none> <none> <none>minio-tenant-1-ss-0-0 1/1 Running 0 2m16s 10.244.203.209 k8s3-node1 <none> <none>minio-tenant-1-ss-0-1 1/1 Running 0 2m16s 10.244.219.188 k8s3-master <none> <none>minio-tenant-1-ss-0-2 1/1 Running 0 2m16s 10.244.41.5 k8s3-node2 <none> <none>
审计日志、日志搜索、prometheus的pod均为Running
2) 问题原因
查看租户命名空间minio-tenant-1下的pvc,状态为pengding,因PVC未就绪,导致pod不能启动。
[root@k8s3-node1 data]# kubectl get pvc -n minio-tenant-1NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE0-minio-tenant-1-ss-0-0 Bound minio-k8s3-node1-data1 10Gi RWO minio-local-storage 86s0-minio-tenant-1-ss-0-1 Bound minio-k8s3-master-data1 10Gi RWO minio-local-storage 86s0-minio-tenant-1-ss-0-2 Bound minio-k8s3-node2-data1 10Gi RWO minio-local-storage 86s1-minio-tenant-1-ss-0-0 Bound minio-k8s3-node1-log1 10Gi RWO minio-local-storage 86s1-minio-tenant-1-ss-0-1 Bound minio-k8s3-master-log1 10Gi RWO minio-local-storage 86s1-minio-tenant-1-ss-0-2 Bound minio-k8s3-node2-log1 10Gi RWO minio-local-storage 86sminio-tenant-1-log-minio-tenant-1-log-0 Pending 86sminio-tenant-1-prometheus-minio-tenant-1-prometheus-0 Pending 26s
3) 解决方法
创建审计日志、prometheus监控需要的PV和PVC,使用前面章节预留的yaml文件创建。
#1 删除Pengding的两个PVC
[root@k8s3-master MinIO]# kubectl -n minio-tenant-1 delete pvc minio-tenant-1-log-minio-tenant-1-log-0persistentvolumeclaim "minio-tenant-1-log-minio-tenant-1-log-0" deleted[root@k8s3-master MinIO]# kubectl -n minio-tenant-1 delete pvc minio-tenant-1-prometheus-minio-tenant-1-prometheus-0persistentvolumeclaim "minio-tenant-1-prometheus-minio-tenant-1-prometheus-0" deleted
#2 使用预留的yaml重建两个PVC
[root@k8s3-master MinIO]# kubectl apply -f pv-pvc-minio-tenant-1-log-0.yamlpersistentvolume/minio-tenant-1-log createdpersistentvolumeclaim/minio-tenant-1-log-minio-tenant-1-log-0 created[root@k8s3-master MinIO]# kubectl apply -f pv-pvc-minio-tenant-prometheus.yamlpersistentvolume/minio-tenant-1-prometheus createdpersistentvolumeclaim/minio-tenant-1-prometheus-minio-tenant-1-prometheus-0 created
#3 查看重建的PVC,状态均为Bound
[root@k8s3-master MinIO]# k -n minio-tenant-1 get pvcNAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE0-minio-tenant-1-ss-0-0 Bound minio-k8s3-node1-data1 10Gi RWO minio-local-storage 19m0-minio-tenant-1-ss-0-1 Bound minio-k8s3-master-data1 10Gi RWO minio-local-storage 19m0-minio-tenant-1-ss-0-2 Bound minio-k8s3-node2-data1 10Gi RWO minio-local-storage 19m1-minio-tenant-1-ss-0-0 Bound minio-k8s3-node1-log1 10Gi RWO minio-local-storage 19m1-minio-tenant-1-ss-0-1 Bound minio-k8s3-master-log1 10Gi RWO minio-local-storage 19m1-minio-tenant-1-ss-0-2 Bound minio-k8s3-node2-log1 10Gi RWO minio-local-storage 19mminio-tenant-1-log-minio-tenant-1-log-0 Bound minio-tenant-1-log 5Gi RWO minio-local-storage 2m39sminio-tenant-1-prometheus-minio-tenant-1-prometheus-0 Bound minio-tenant-1-prometheus 5Gi RWO minio-local-storage 14s
4) 查看Pod状态均已Running
[root@k8s3-master ~]# k get pod -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESminio-tenant-1-log-0 1/1 Running 0 23m 10.244.219.189 k8s3-master <none> <none>minio-tenant-1-log-search-api-5c88766db8-mcccf 1/1 Running 9 (7m23s ago) 23m 10.244.203.239 k8s3-node1 <none> <none>minio-tenant-1-prometheus-0 2/2 Running 0 22m 10.244.219.190 k8s3-master <none> <none>minio-tenant-1-ss-0-0 1/1 Running 0 23m 10.244.203.209 k8s3-node1 <none> <none>minio-tenant-1-ss-0-1 1/1 Running 0 23m 10.244.219.188 k8s3-master <none> <none>minio-tenant-1-ss-0-2 1/1 Running 0 23m 10.244.41.5 k8s3-node2 <none> <none>
5. 配置访问服务
kubectl minio为minio租户和minio控制台创建了一个服务。kubectl minio租户创建的输出包括两个服务的详细信息。您还可以使用kubectl get-svc来检索服务名称:
[root@k8s3-master ~]# kubectl get svc -n minio-tenant-1NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEminio ClusterIP 10.109.219.112 <none> 443/TCP 173mminio-tenant-1-console ClusterIP 10.106.69.239 <none> 9443/TCP 173mminio-tenant-1-hl ClusterIP None <none> 9000/TCP 173mminio-tenant-1-log-hl-svc ClusterIP None <none> 5432/TCP 172mminio-tenant-1-log-search-api ClusterIP 10.108.254.178 <none> 8080/TCP 172mminio-tenant-1-prometheus-hl-svc ClusterIP None <none> 9090/TCP 171m
minio服务对应于minio租户服务,应用程序应使用此服务对MinIO租户执行操作。
*-console服务对应于MinIO控制台,管理员应使用此服务访问MinIO控制台并对MinIO租户执行管理操作。
其余服务支持租户操作,不供用户或管理员使用。
默认情况下,每个服务仅在Kubernetes集群中可见,部署在集群内的应用程序可以使用cluster-IP访问服务。
Kubernetes集群外部的应用程序可以使用external-IP访问服务,该值仅为为Ingress或类似网络访问服务配置的Kubernetes集群填充。Kubernetes提供了多种配置服务外部访问的选项。
有关配置对服务的外部访问的更多完整信息,请参阅Kubernetes关于Publishing Services(ServiceTypes)和Ingress的文档。
6. 端口转发
可以使用kubectl端口转发程序临时公开每个服务。运行以下示例将流量从运行kubectl的主机转发到Kubernetes集群内运行的服务。
租户端口转发
[root@k8s3-master ~]# kubectl port-forward service/minio 443:443 -n minio-tenant-1Forwarding from 127.0.0.1:443 -> 9000Forwarding from [::1]:443 -> 9000
控制台端口转发
[root@k8s3-master ~]# kubectl port-forward service/minio-tenant-1-console 9443:9443 -n minio-tenant-1Forwarding from 127.0.0.1:9443 -> 9443Forwarding from [::1]:9443 -> 9443
7. 参考
http://docs.minio.org.cn/docs/http://docs.minio.org.cn/docs/master/deploy-minio-on-kuberneteshttps://min.io/docs/minio/kubernetes/upstream/operations/installation.htmlhttps://github.com/minio/operator/blob/master/README.mdhttp://blog.minio.org.cn/index/news/newsdetails.html?nid=154http://docs.minio.org.cn/minio/k8s/deployment/deploy-minio-operator.htmlhttps://krew.sigs.k8s.io/docs/user-guide/setup/install/
-- 完 --
更多精彩,敬请期待
不足之处,还望抛转。
作者:王坤,微信公众号:rundba,欢迎转载,转载请注明出处。
如需公众号转发,请联系wx:landnow。
往期推荐
文章转载自rundba,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
