MinIO

By Bys on February 7, 2025

MLOps

MinIO

Install MinIO(Official)

values.yaml

consoleIngress:
  enabled: true
  ingressClassName: "alb"
  hosts:
    - minio.bys.asia
  path: "/"
  annotations: 
    alb.ingress.kubernetes.io/group.name: mlops
    alb.ingress.kubernetes.io/subnets: bys-dev-ue1-sbn-1a-extelb, bys-dev-ue1-sbn-1b-extelb, bys-dev-ue1-sbn-1c-extelb, bys-dev-ue1-sbn-1d-extelb, bys-dev-ue1-sbn-1f-extelb
    alb.ingress.kubernetes.io/scheme : internet-facing
    alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
    alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:558846430793:certificate/a5207b24-ae67-49ac-b34e-f34ed0088bca
    alb.ingress.kubernetes.io/security-groups: sg-07e6c272df0bed7ee
    alb.ingress.kubernetes.io/healthcheck-path: /
    alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
    alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
    alb.ingress.kubernetes.io/healthy-threshold-count: '2'
    alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
    alb.ingress.kubernetes.io/healthcheck-port: traffic-port
    alb.ingress.kubernetes.io/success-codes: 200,302
    alb.ingress.kubernetes.io/target-type: ip
    alb.ingress.kubernetes.io/tags: auto-delete=no
persistence:
  enabled: true
  storageClass: "ebs-sc-gp3"
  size: 30Gi
mode: standalone
rootUser: "admin"
rootPassword: "q1w2e3r4T%"
# oidc:
#   enabled: true
#   configUrl: "https://keycloak.bys.asia/realms/mlops/protocol/openid-connect/token"
#   clientId: "minio"
#   clientSecret: "ga3zkJlAUHhzTHHrKCjMvD1FAD9C2Ofx"
#   # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret``
#   claimName: "policy"
#   scopes: "openid,profile,email,minio-authorization"
#   redirectUri: "https://minio.bys.asia/oauth_callback"
#   displayName: "KeycloakSSO"

helm repo add minio https://charts.min.io/
helm repo update minio

helm upgrade -i minio minio/minio -n minio -f /Users/bys/workspace/kubernetes/mlops/minio/values.yaml
helm delete minio -n minio

# To get your credentials run:
export ROOT_USER=$(kubectl get secret --namespace minio minio -o jsonpath="{.data.root-user}" | base64 -d)
export ROOT_PASSWORD=$(kubectl get secret --namespace minio minio -o jsonpath="{.data.root-password}" | base64 -d)

# To connect to your MinIO&reg; server using a client:
- Run a MinIO&reg; Client pod and append the desired command (e.g. 'admin info'):
   kubectl run --namespace minio minio-client \
     --rm --tty -i --restart='Never' \
     --env MINIO_SERVER_ROOT_USER=$ROOT_USER \
     --env MINIO_SERVER_ROOT_PASSWORD=$ROOT_PASSWORD \
     --env MINIO_SERVER_HOST=minio \
     --image docker.io/bitnami/minio-client:2025.2.8-debian-12-r0 -- admin info minio

Integration Keycloak

https://keycloak.bys.asia/realms/mlops/account/

curl -d "client_id=minio" \
     -d "client_secret=ga3zkJlAUHhzTHHrKCjMvD1FAD9C2Ofx" \
     -d "grant_type=password" \
     -d "username=minio" \
     -d "password=minio" \
     https://keycloak.bys.asia/realms/mlops/protocol/openid-connect/token

{“access_token”:”eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItQ2RNNm80TjVEVkl0alpqZ1JRdjZ5eEFYVEZlc1EwNzhiSFRxSmhycFBvIn0.eyJleHAiOjE3NDAwNjUzNzYsImlhdCI6MTc0MDA1ODE3NiwianRpIjoiYTMyNjhhMjctMzBkMC00YjgyLTk3ZjUtNzAxNDIxNjkzMTgzIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5ieXMuYXNpYS9yZWFsbXMvbWxvcHMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNjZiNjIxZTEtMTE5My00OGE0LWJjYzAtZjM4NmRmMWQ0NWNjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWluaW8iLCJzaWQiOiJmZWU2ZDgwMS1hNTAwLTQxNjUtYWNkZC0yMTk3MGJkMjA5Y2YiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtbWxvcHMiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJtaW5pby1hdXRob3JpemF0aW9uIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJieXMga28iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJtaW5pbyIsImdpdmVuX25hbWUiOiJieXMiLCJmYW1pbHlfbmFtZSI6ImtvIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIiwicG9saWN5IjpbImNvbnNvbGVBZG1pbiJdfQ.ZB1JgFevVY_AEKtgo-FSn_TxWPbhF3W7_D5N36pGyxHag0jb6BWeZKul-jBorsyBhB3fJNYRlypGSGXfEio2AoyI-x9RwcPFMs9URtH3PxEc5h7IuGcBSjKUihtjrPTX2KdZH36BLgCAituuFiTFfldUT4fXjrhEoIL-E4LM0pRxxRLZ2uwIlstRBpi5ZnnMnIa8y8wqvupu4BLUtb5tRYOrXJj_EAXUqh5F-7l2ufAxP6OP2YkRiCwXXuKB4hm4IeZVYHuX2x9ybFcU8uVOw5UHw-xcZ2FL2Lmnq96HpHe2HEJ8SGtPWsa0d2QnYcvBKWkQ_MaYuyLuoyPJgE5YWQ”,”expires_in”:7200,”refresh_expires_in”:1800,”refresh_token”:”eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkZmE3Y2RmYi0zMTljLTRlZjMtODIyYi1kZjIwYmJkNWEwNjAifQ.eyJleHAiOjE3NDAwNTk5NzYsImlhdCI6MTc0MDA1ODE3NiwianRpIjoiNzljNzRlYzgtNzc4Yi00M2YyLTkwYmEtNzlkM2Q2Mzc4YzkzIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5ieXMuYXNpYS9yZWFsbXMvbWxvcHMiLCJhdWQiOiJodHRwczovL2tleWNsb2FrLmJ5cy5hc2lhL3JlYWxtcy9tbG9wcyIsInN1YiI6IjY2YjYyMWUxLTExOTMtNDhhNC1iY2MwLWYzODZkZjFkNDVjYyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJtaW5pbyIsInNpZCI6ImZlZTZkODAxLWE1MDAtNDE2NS1hY2RkLTIxOTcwYmQyMDljZiIsInNjb3BlIjoibWluaW8tYXV0aG9yaXphdGlvbiBiYXNpYyBhY3IgcHJvZmlsZSBlbWFpbCByb2xlcyB3ZWItb3JpZ2lucyJ9.lGOEEyAubp9i1zIQF1m8Ba3qnzXXSxITJSgTS-n52oi3OBYn00A1nDssW6-pMlDNrRb1qXGJqgxgr-ppIh82qw”,”token_type”:”Bearer”,”not-before-policy”:0,”session_state”:”fee6d801-a500-4165-acdd-21970bd209cf”,”scope”:”minio-authorization profile email”}

Tag: [ mlops minio ]