mirror of https://github.com/minio/minio.git
Add steps to run GCS gateway on Kubernetes via YAML files (#4819)
This commit is contained in:
parent
34e780e690
commit
2bca51ab2c
|
@ -19,6 +19,14 @@
|
|||
- [Update existing Minio StatefulSet](#update-existing-minio-statefulset)
|
||||
- [Resource cleanup](#distributed-resource-cleanup)
|
||||
|
||||
- [Minio GCS Gateway Deployment](#minio-gcs-gateway-deployment)
|
||||
- [GCS Gateway Quickstart](#gcs-gateway-quickstart)
|
||||
- [Create GCS Credentials Secret](#create-gcs-credentials-secret)
|
||||
- [Create Minio GCS Gateway Deployment](#create-minio-gcs-gateway-deployment)
|
||||
- [Create Minio LoadBalancer Service](#create-minio-loadbalancer-service)
|
||||
- [Update Existing Minio GCS Deployment](#update-existing-minio-gcs-deployment)
|
||||
- [Resource cleanup](#gcs-gateway-resource-cleanup)
|
||||
|
||||
## Prerequisites
|
||||
|
||||
To run this example, you need Kubernetes version >=1.4 cluster installed and running, and that you have installed the [`kubectl`](https://kubernetes.io/docs/tasks/kubectl/install/) command line tool in your path. Please see the
|
||||
|
@ -372,3 +380,168 @@ kubectl delete statefulset minio \
|
|||
&& kubectl delete svc minio \
|
||||
&& kubectl delete svc minio-service
|
||||
```
|
||||
|
||||
## Minio GCS Gateway Deployment
|
||||
|
||||
The following section describes the process to deploy [Minio](https://minio.io/) GCS Gateway on Kubernetes. The deployment uses the [official Minio Docker image](https://hub.docker.com/r/minio/minio/~/dockerfile/) from Docker Hub.
|
||||
|
||||
This section uses following core components of Kubernetes:
|
||||
|
||||
- [_Secrets_](https://kubernetes.io/docs/concepts/configuration/secret/)
|
||||
- [_Services_](https://kubernetes.io/docs/user-guide/services/)
|
||||
- [_Deployments_](https://kubernetes.io/docs/user-guide/deployments/)
|
||||
|
||||
### GCS Gateway Quickstart
|
||||
|
||||
Create the Google Cloud Service credentials file using the steps mentioned [here](https://github.com/minio/minio/blob/master/docs/gateway/gcs.md#create-service-account-key-for-gcs-and-get-the-credentials-file).
|
||||
|
||||
Use the path of file generated above to create a Kubernetes `secret`.
|
||||
|
||||
```sh
|
||||
kubectl create secret generic gcs-credentials --from-file=/path/to/gcloud/credentials/application_default_credentials.json
|
||||
```
|
||||
|
||||
Then download the `minio-gcs-gateway-deployment.yaml` file
|
||||
|
||||
```sh
|
||||
wget https://github.com/minio/minio/blob/master/docs/orchestration/kubernetes-yaml/minio-gcs-gateway-deployment.yaml?raw=true
|
||||
```
|
||||
|
||||
Update the section `gcp_project_id` with your GCS project ID. Then run
|
||||
|
||||
```sh
|
||||
kubectl create -f minio-gcs-gateway-deployment.yaml
|
||||
kubectl create -f https://github.com/minio/minio/blob/master/docs/orchestration/kubernetes-yaml/minio-gcs-gateway-service.yaml?raw=true
|
||||
```
|
||||
|
||||
### Create GCS Credentials Secret
|
||||
|
||||
A `secret` is intended to hold sensitive information, such as passwords, OAuth tokens, and ssh keys. Putting this information in a secret is safer and more flexible than putting it verbatim in a pod definition or in a docker image.
|
||||
|
||||
Create the Google Cloud Service credentials file using the steps mentioned [here](https://github.com/minio/minio/blob/master/docs/gateway/gcs.md#create-service-account-key-for-gcs-and-get-the-credentials-file).
|
||||
|
||||
Use the path of file generated above to create a Kubernetes `secret`.
|
||||
|
||||
```sh
|
||||
kubectl create secret generic gcs-credentials --from-file=/path/to/gcloud/credentials/application_default_credentials.json
|
||||
```
|
||||
|
||||
### Create Minio GCS Gateway Deployment
|
||||
|
||||
A deployment encapsulates replica sets and pods — so, if a pod goes down, replication controller makes sure another pod comes up automatically. This way you won’t need to bother about pod failures and will have a stable Minio service available.
|
||||
|
||||
Minio Gateway uses GCS as its storage backend and need to use a GCP `projectid` to identify your credentials. Update the section `gcp_project_id` with your
|
||||
GCS project ID. This is the deployment description.
|
||||
|
||||
```sh
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
# This name uniquely identifies the Deployment
|
||||
name: minio-deployment
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
# Label is used as selector in the service.
|
||||
app: minio
|
||||
spec:
|
||||
# Refer to the secret created earlier
|
||||
volumes:
|
||||
- name: gcs-credentials
|
||||
secret:
|
||||
# Name of the Secret created earlier
|
||||
secretName: gcs-credentials
|
||||
containers:
|
||||
- name: minio
|
||||
# Pulls the default Minio image from Docker Hub
|
||||
image: minio/minio:RELEASE.2017-08-05T00-00-53Z
|
||||
args:
|
||||
- gateway
|
||||
- gcs
|
||||
- gcp_project_id
|
||||
env:
|
||||
# Minio access key and secret key
|
||||
- name: MINIO_ACCESS_KEY
|
||||
value: "minio"
|
||||
- name: MINIO_SECRET_KEY
|
||||
value: "minio123"
|
||||
# Google Cloud Service uses this variable
|
||||
- name: GOOGLE_APPLICATION_CREDENTIALS
|
||||
value: "/etc/credentials/application_default_credentials.json"
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
hostPort: 9000
|
||||
# Mount the volume into the pod
|
||||
volumeMounts:
|
||||
- name: gcs-credentials
|
||||
mountPath: "/etc/credentials"
|
||||
readOnly: true
|
||||
```
|
||||
|
||||
Create the Deployment
|
||||
|
||||
```sh
|
||||
kubectl create -f https://github.com/minio/minio/blob/master/docs/orchestration/kubernetes-yaml/minio-gcs-gateway-deployment.yaml?raw=true
|
||||
deployment "minio-deployment" created
|
||||
```
|
||||
|
||||
### Create Minio LoadBalancer Service
|
||||
|
||||
Now that you have a Minio deployment running, you may either want to access it internally (within the cluster) or expose it as a Service onto an external (outside of your cluster, maybe public internet) IP address, depending on your use case. You can achieve this using Services. There are 3 major service types — default type is ClusterIP, which exposes a service to connection from inside the cluster. NodePort and LoadBalancer are two types that expose services to external traffic.
|
||||
|
||||
In this example, we expose the Minio Deployment by creating a LoadBalancer service. This is the service description.
|
||||
|
||||
```sh
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: minio-service
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 9000
|
||||
targetPort: 9000
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: minio
|
||||
```
|
||||
Create the Minio service
|
||||
|
||||
```sh
|
||||
kubectl create -f https://github.com/minio/minio/blob/master/docs/orchestration/kubernetes-yaml/minio-gcs-gateway-service.yaml?raw=true
|
||||
service "minio-service" created
|
||||
```
|
||||
|
||||
The `LoadBalancer` service takes couple of minutes to launch. To check if the service was created successfully, run the command
|
||||
|
||||
```sh
|
||||
kubectl get svc minio-service
|
||||
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
|
||||
minio-service 10.55.248.23 104.199.249.165 9000:31852/TCP 1m
|
||||
```
|
||||
|
||||
### Update Existing Minio GCS Deployment
|
||||
|
||||
You can update an existing Minio deployment to use a newer Minio release. To do this, use the `kubectl set image` command:
|
||||
|
||||
```sh
|
||||
kubectl set image deployment/minio-deployment minio=<replace-with-new-minio-image>
|
||||
```
|
||||
|
||||
Kubernetes will restart the deployment to update the image. You will get a message as shown below, on successful update:
|
||||
|
||||
```
|
||||
deployment "minio-deployment" image updated
|
||||
```
|
||||
|
||||
### GCS Gateway Resource Cleanup
|
||||
|
||||
You can cleanup the cluster using
|
||||
|
||||
```sh
|
||||
kubectl delete deployment minio-deployment \
|
||||
&& kubectl delete secret gcs-credentials
|
||||
```
|
|
@ -0,0 +1,45 @@
|
|||
apiVersion: extensions/v1beta1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
# This name uniquely identifies the Deployment
|
||||
name: minio-deployment
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
# Label is used as selector in the service.
|
||||
app: minio
|
||||
spec:
|
||||
# Refer to the secret created earlier
|
||||
volumes:
|
||||
- name: gcs-credentials
|
||||
secret:
|
||||
# Name of the Secret created earlier
|
||||
secretName: gcs-credentials
|
||||
containers:
|
||||
- name: minio
|
||||
# Pulls the default Minio image from Docker Hub
|
||||
image: minio/minio:RELEASE.2017-08-05T00-00-53Z
|
||||
args:
|
||||
- gateway
|
||||
- gcs
|
||||
- gcp_project_id
|
||||
env:
|
||||
# Minio access key and secret key
|
||||
- name: MINIO_ACCESS_KEY
|
||||
value: "minio"
|
||||
- name: MINIO_SECRET_KEY
|
||||
value: "minio123"
|
||||
# Google Cloud Service uses this variable
|
||||
- name: GOOGLE_APPLICATION_CREDENTIALS
|
||||
value: "/etc/credentials/application_default_credentials.json"
|
||||
ports:
|
||||
- containerPort: 9000
|
||||
hostPort: 9000
|
||||
# Mount the volume into the pod
|
||||
volumeMounts:
|
||||
- name: gcs-credentials
|
||||
mountPath: "/etc/credentials"
|
||||
readOnly: true
|
|
@ -0,0 +1,12 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: minio-service
|
||||
spec:
|
||||
type: LoadBalancer
|
||||
ports:
|
||||
- port: 9000
|
||||
targetPort: 9000
|
||||
protocol: TCP
|
||||
selector:
|
||||
app: minio
|
Loading…
Reference in New Issue