二进制部署Minio集群(多节点多驱动器)
0x01 准备Minio所需的硬盘
准备了4台机子,每个机子给minio4块盘(vdb、vdc、vdd、vde)
1、所有机器4块盘都格式化成xfs格式
sudo mkfs.xfs /dev/vdb
sudo mkfs.xfs /dev/vdc
sudo mkfs.xfs /dev/vdd
sudo mkfs.xfs /dev/vde
2、挂载磁盘
# 创建挂载目录
mkdir -p /minio/data1 && mkdir -p /minio/data2 && mkdir -p /minio/data3 && mkdir -p /minio/data4
# 获取vdb到vde的uuid 写入 /etc/fstab,以便开机自动挂载。
lsblk -no NAME,UUID,MOUNTPOINT /dev/vd[b-e] | awk '$2 != "" {print "UUID="$2" /minio/data"++i" xfs defaults,noatime 0 0"}' | sudo tee -a /etc/fstab
# 所有机器尝试挂载 重新看下有没有问题
mount -a
df -h |grep minio
reboot
0x02 二进制安装minio
1、安装minio
# 下载最新版本的minio amd64架构的 二进制包
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
sudo mv minio /usr/local/bin/
2、放行端口
# 9001是web控制台
firewall-cmd --permanent --zone=public --add-port=9000/tcp
firewall-cmd --permanent --zone=public --add-port=9001/tcp
firewall-cmd --reload
3、写入service
# 写入 /usr/lib/systemd/system/minio.service
sudo tee /usr/lib/systemd/system/minio.service > /dev/null <<'EOF'
[Unit]
Description=MinIO
Documentation=https://min.io/docs/minio/linux/index.html
Wants=network-online.target
After=network-online.target
AssertFileIsExecutable=/usr/local/bin/minio
[Service]
WorkingDirectory=/usr/local
User=minio-user
Group=minio-user
ProtectProc=invisible
EnvironmentFile=-/etc/default/minio
ExecStartPre=/bin/bash -c "if [ -z \"${MINIO_VOLUMES}\" ]; then echo \"Variable MINIO_VOLUMES not set in /etc/default/minio\"; exit 1; fi"
ExecStart=/usr/local/bin/minio server $MINIO_OPTS $MINIO_VOLUMES
Restart=always
LimitNOFILE=65536
TasksMax=infinity
TimeoutStopSec=infinity
SendSIGKILL=no
[Install]
WantedBy=multi-user.target
EOF
# 配置开机自启
systemctl enable minio
4、配置权限
默认情况下,minio.service文件以minio-user用户和组身份运行。
groupadd -r minio-user
useradd -M -r -g minio-user minio-user
chown minio-user:minio-user /minio/data1 /minio/data2 /minio/data3 /minio/data4
5、写入minio配置文件
# minio默认配置文件位于etc/default/minio
sudo tee /etc/default/minio > /dev/null <<'EOF'
MINIO_VOLUMES="http://192.168.5.{17...20}:9000/minio/data{1...4}"
MINIO_OPTS="--console-address :9001"
MINIO_ROOT_USER=admin
MINIO_ROOT_PASSWORD=admin123
#MINIO_SERVER_URL="https://minio.example.net:9000"
EOF
# 重启服务
systemctl daemon-reload
systemctl restart minio
6、开启SLL(使用http可以忽略)
如果要开启minio的ssl,只需要把配置文件里面的MINIO_VOLUMES改成https即可。如果是自签证书不仅需要私钥跟公钥,还需要把ca也放入。
# 把证书放入/home/minio-user/.minio/certs/后 需要改权限,如下:
sudo chown -R minio-user:minio-user /home/minio-user/.minio/certs/
sudo chmod 644 /home/minio-user/.minio/certs/CAs/ca.crt
sudo chmod 644 /home/minio-user/.minio/certs/public.crt
sudo chmod 600 /home/minio-user/.minio/certs/private.key
sudo systemctl restart minio
0x03 为MinIO服务器配置NGINX负载均衡
nginx配置参考如下:
upstream minio_s3 {
least_conn;
server 192.168.5.17:9000;
server 192.168.5.18:9000;
server 192.168.5.19:9000;
server 192.168.5.20:9000;
}
upstream minio_console {
least_conn;
server 192.168.5.17:9001;
server 192.168.5.18:9001;
server 192.168.5.19:9001;
server 192.168.5.20:9001;
}
server {
listen 80;
listen [::]:80;
server_name minio.itho.cn;
# Allow special characters in headers
ignore_invalid_headers off;
# Allow any size file to be uploaded.
# Set to a value such as 1000m; to restrict file size to a specific value
client_max_body_size 0;
# Disable buffering
proxy_buffering off;
proxy_request_buffering off;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 300;
# Default is HTTP/1, keepalive is only enabled in HTTP/1.1
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass https://minio_s3; # This uses the upstream directive definition to load balance
}
location /minio/ui/ {
rewrite ^/minio/ui/(.*) /$1 break;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websockets in MinIO versions released after January 2023
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Some environments may encounter CORS errors (Kubernetes + Nginx Ingress)
# Uncomment the following line to set the Origin request to an empty string
# proxy_set_header Origin \'\';
chunked_transfer_encoding off;
proxy_pass https://minio_console; # This uses the upstream directive definition to load balance
}
}
注意:S3 API签名计算算法不支持托管MinIO Server API(如example.net/s3/的代理方案。
您还必须为MinIO部署设置以下环境变量,默认路径为/etc/default/minio:
将MINIO_SERVER_URL设置为MinIO服务器的代理主机FQDN(https://minio.example.net)
将MINIO_BROWSER_REDIRECT_URL设置为MinIO控制台的代理主机FQDN(https://example.net/minio/ui)
0x04 在K8S上使用Endpoints访问Minio集群
Endpoints 的 name 必须与 Service 的 name 一致,这样 Kubernetes 才能正确关联它们。
apiVersion: v1
kind: Service
metadata:
name: minio-external
spec:
ports:
- name: http-api
port: 9000
protocol: TCP
- name: http-console
port: 9001
protocol: TCP
---
apiVersion: v1
kind: Endpoints
metadata:
name: minio-external
subsets:
- addresses:
- ip: 192.168.5.17
- ip: 192.168.5.18
- ip: 192.168.5.19
- ip: 192.168.5.20
ports:
- name: http-api
port: 9000
- name: http-console
port: 9001
0x99 其他
关于新版本的minio控制台无法创建aksk原因:
minio最新版也就是2025-05之后的版本,在页面的控制台中取消了administrator的管理菜单,user菜单,我们常用minio的方式是部署完之后,在User中创建Access Keys,在项目配置好之后,进行API的调用,但是现在新版之后没有了,无法通过手动创建。只能通过mc(minio client)连接minio后进行创建。
参考链接
EC容量计算器 https://min.io/product/erasure-code-calculator
Deploy MinIO: Multi-Node Multi-Drive https://min.io/docs/minio/linux/operations/install-deploy-manage/deploy-minio-multi-node-multi-drive.html#deploy-minio-distributed
Configure NGINX Proxy for MinIO Server https://min.io/docs/minio/linux/integrations/setup-nginx-proxy-with-minio.html#integrations-nginx-proxy
MINIO 最新版无法通过页面的控制台配置accesskey https://blog.csdn.net/liudongyang123/article/details/149109750