public/geek-cookbook
1
0
Fork 0
mirror of https://github.com/funkypenguin/geek-cookbook/ synced 2025-12-13 09:46:23 +00:00
Code Issues Releases Wiki Activity

Bring Minio up-to-date, add traefikv2 labels (#201)

Browse Source
This commit is contained in:
David Young
2021-10-25 15:36:36 +13:00
committed by GitHub
parent 22293fa93d
commit f5b1facdd2
7 changed files with 69 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
_snippets/common-links.md
View File

@@ -1,6 +1,6 @@
[archivebox]: /recipes/archivebox/
[autopirate]: /recipes/autopirate/
[authelia]: /ha-docker-swarm/authelia/
[autopirate]: /recipes/autopirate/
[bazarr]: /recipes/autopirate/bazarr/
[calibre-web]: /recipes/calibre-web/
[cyberchef]: /recipes/cyberchef/
@@ -17,6 +17,7 @@
[linx]: /recipes/linx/
[mealie]: /recipes/mealie/
[miniflux]: /recipes/miniflux/
[minio]: /recipes/minio/
[mylar]: /recipes/autopirate/mylar/
[nightscout]: /recipes/nightscout/
[nzbget]: /recipes/autopirate/nzbget/
@@ -25,7 +26,7 @@
[openldap]: /recipes/openldap/
[oscarr]: /recipes/autopirate/oscarr/
[paperless-ng]: /recipes/paperless-ng/
[patreon]: https://www.patreon.com/bePatron?u=6982506
[patreon]: https://www.patreon.com/bePatron?u=6982506
[photoprism]: /recipes/photoprism/
[plex]: /recipes/plex/
[portainer]: /recipes/portainer/

1
manuscript/CHANGELOG.md
View File

@@ -18,6 +18,7 @@ Recipe | Description
Recipe | Description | Date
----------------------------|---------------------------------------------------------------------------------|--------------
[Minio][minio] | Major update to Minio recipe, for new Console UI and Traefik v2 | _22 Oct 2021_
[Traefik Forward Auth][tfa] | Major update for Traefik v2, included instructions for Dex, Google, KeyCloak | _29 Jan 2021_
[Autopirate][autopirate] | Updated all components for Traefik v2 labels | _29 Jan 2021_
[Portainer][portainer] | Bump to version 2, bringing "expert simplicity" to your Docker stack management | _25 Jan 2021_

BIN
manuscript/images/buymeacoffee-cover-page.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 785 KiB

BIN
manuscript/images/minio.png
View File

Binary file not shown.
Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 140 KiB

After

Width:  |  Height:  |  Size: 161 KiB

8
manuscript/premix.md
View File

@@ -16,7 +16,7 @@ Here's a sample of the directory structure:
??? "What will I find in the pre-mix?"
```bash
.
.
├── README.md
├── ansible
│   ├── README.md
@@ -154,7 +154,7 @@ Here's a sample of the directory structure:
│   │   │   └── funkycore-1.0.0.tgz
│   │   ├── templates
│   │   │   ├── NOTES.txt
   │   │   ├──_helpers.tpl
   │   │   ├──_helpers.tpl
│   │   │   ├── apps
│   │   │   │   ├── bazarr
│   │   │   │   │   ├── config-pvc.yaml
@@ -228,7 +228,7 @@ Here's a sample of the directory structure:
│   │   │   └── postgresql-8.3.0.tgz
│   │   ├── myvalues.yaml
│   │   ├── templates
   │   │   ├──_helpers.tpl
   │   │   ├──_helpers.tpl
│   │   │   ├── deployment.yaml
│   │   │   ├── ingress
│   │   │   │   ├── kube.yaml
@@ -496,7 +496,7 @@ Here's a sample of the directory structure:
│   │   ├── Chart.yaml
│   │   ├── templates
│   │   │   ├── NOTES.TXT
   │   │   ├──_helpers.tpl
   │   │   ├──_helpers.tpl
│   │   │   ├── deployment.yaml
│   │   │   ├── ingress
│   │   │   │   ├── kube.yaml

74
manuscript/recipes/minio.md
View File

@@ -25,23 +25,27 @@ Possible use-cases:
### Setup data locations
We'll need a directory to hold our minio file store, as well as our minio client config, so create a structure at /var/data/minio:
We'll need a directory to hold our minio file store. You can create a blank directory wherever you like (*I used `/var/data/minio`*), or point the `/data` volume to a pre-existing folder structure.
```bash
mkdir /var/data/minio
cd /var/data/minio
mkdir -p {mc,data}
```
### Prepare environment
Create minio.env, and populate with the following variables
Create `minio.env`, and populate with the variables below.
```bash
MINIO_ACCESS_KEY=<some random, complex string>
MINIO_SECRET_KEY=<another random, complex string>
MINIO_ROOT_USER=hackme
MINIO_ROOT_PASSWORD=becauseiforgottochangethepassword
MINIO_BROWSER_REDIRECT_URL=https://minio-console.example.com
MINIO_SERVER_URL=https://minio.example.com
```
!!! note "If minio redirects you to :9001"
`MINIO_BROWSER_REDIRECT_URL` is especially important since recent versions of Minio will redirect web browsers to this URL when they hit the API directly. (*If you find yourself redirected to `http://your-minio-url:9001`, then you've not set this value correctly!*)
### Setup Docker Swarm
Create a docker swarm config file in docker-compose syntax (v3), something like this:
@@ -56,18 +60,50 @@ services:
image: minio/minio
env_file: /var/data/config/minio/minio.env
volumes:
- /var/data/minio/data:/data
- /var/data/minio:/data
networks:
- traefik_public
deploy:
labels:
# traefik
- traefik.enable=true
- traefik.docker.network=traefik_public
# traefikv1
- traefik.frontend.rule=Host:minio.example.com
- traefik.port=9000
command: minio server /data
- traefik.port=9000
- traefik.console.frontend.rule=Host:minio-console.example.com
- traefik.console.port=9001
# traefikv2 (death-by-labels, much?)
- traefik.http.middlewares.redirect-https.redirectScheme.scheme=https
- traefik.http.middlewares.redirect-https.redirectScheme.permanent=true
- traefik.http.routers.minio-https.rule=Host(`minio.example.com`)
- traefik.http.routers.minio-https.entrypoints=https
- traefik.http.routers.minio-https.service=minio
- traefik.http.routers.minio-http.rule=Host(`minio.example.com`)
- traefik.http.routers.minio-http.entrypoints=http
- traefik.http.routers.minio-http.middlewares=redirect-https
- traefik.http.routers.minio-http.service=minio
- traefik.http.services.minio.loadbalancer.server.port=9000
- traefik.http.routers.minio-console-https.rule=Host(`minio-console.example.com`)
- traefik.http.routers.minio-console-https.entrypoints=https
- traefik.http.routers.minio-console-https.service=minio-console
- traefik.http.routers.minio-console-http.rule=Host(`minio-console.example.com`)
- traefik.http.routers.minio-console-http.entrypoints=http
- traefik.http.routers.minio-console-http.middlewares=redirect-https
- traefik.http.routers.minio-console-http.service=minio-console
- traefik.http.services.minio-console.loadbalancer.server.port=9001
command: minio server /data --console-address ":9001"
networks:
traefik_public:
external: true
```
## Serving
@@ -76,25 +112,21 @@ networks:
Launch the Minio stack by running ```docker stack deploy minio -c <path -to-docker-compose.yml>```
Log into your new instance at https://**YOUR-FQDN**, with the access key and secret key you specified in minio.env.
Log into your new instance at https://minio-console.**YOUR-FQDN**, with the root user and password you specified in `minio.env`.
If you created ```/var/data/minio```, you'll see nothing. If you referenced existing data, you should see all subdirectories in your existing folder represented as buckets.
If you created ```/var/data/minio```, you'll see nothing. If you mapped `/data` to existing data, you should see all subdirectories in your existing folder represented as buckets.
If all you need is single-user access to your data, you're done! 🎉
Use the Minio console to create a user, or (*ill-advisedly*) continue using the root user/password!
If all you need is single-user access to your data, you're done! 🎉
If, however, you want to expose data to multiple users, at different privilege levels, you'll need the minio client to create some users and (_potentially_) policies...
## Minio Trickz :clown:
### Setup minio client
To administer the Minio server, we need the Minio client. While it's possible to download the minio client and run it locally, it's just as easy to do it within a small (5Mb) container.
I created an alias on my docker nodes, allowing me to run mc quickly:
```bash
alias mc='docker run -it -v /docker/minio/mc/:/root/.mc/ --network traefik_public minio/mc'
```
Now I use the alias to launch the client shell, and connect to my minio instance (_I could also use the external, traefik-provided URL_)
While it's possible to fully administer Minio using the console, it's also possible using the `mc` CLI client, as illustrated below
```bash
root@ds1:~# mc config host add minio http://app:9000 admin iambatman

12
manuscript/support.md
View File

@@ -44,10 +44,6 @@ Found a bug in your soup? Tell the chef by either:
## Tip the chef
### Buy my book 📖
I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanpub.com/geeks-cookbook>).
### [Sponsor][7] / [Patreonize][8] me 💰
The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [Patron][10] (_Patreon_). Sponsors get:
@@ -61,6 +57,14 @@ The best way to support this work is to become a [Sponsor][11] (_GitHub_) or a [
Impulsively **[click here (NOW quick do it!)][11]** to sponsor me, or instead thoughtfully and analytically review my GitHub profile **[here][12]** and make up your own mind.
### Buy my book 📖
I'm also writing the Geek Cookbook as a formal eBook, on Leanpub (<https://leanpub.com/geeks-cookbook>). Buying it supports me once-off, and you continue to have access to the book as future recipes are added.
### Buy me a coffee ☕️
Want to hit me with an (anonymous) thank-you? [Buy me a coffee](https://www.buymeacoffee.com/funkypenguin)!
### Engage me 🏢
Need some Cloud / Microservices / DevOps / Infrastructure design work done? I'm a full-time [AWS Certified Solution Architect (Professional)][aws_cert], a [CNCF-Certified Kubernetes Administrator](https://www.youracclaim.com/badges/cd307d51-544b-4bc6-97b0-9015e40df40d/public_url) and [Application Developer](https://www.youracclaim.com/badges/9ed9280a-fb92-46ca-b307-8f74a2cccf1d/public_url) - this stuff is my bread and butter! :bread: :fork_and_knife: [Get in touch][contact], and let's talk business!