MinIO
By Bys on February 7, 2025
MLOps
MinIO
Install MinIO(Official)
values.yaml
consoleIngress:
enabled: true
ingressClassName: "alb"
hosts:
- minio.bys.asia
path: "/"
annotations:
alb.ingress.kubernetes.io/group.name: mlops
alb.ingress.kubernetes.io/subnets: bys-dev-ue1-sbn-1a-extelb, bys-dev-ue1-sbn-1b-extelb, bys-dev-ue1-sbn-1c-extelb, bys-dev-ue1-sbn-1d-extelb, bys-dev-ue1-sbn-1f-extelb
alb.ingress.kubernetes.io/scheme : internet-facing
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:us-east-1:558846430793:certificate/a5207b24-ae67-49ac-b34e-f34ed0088bca
alb.ingress.kubernetes.io/security-groups: sg-07e6c272df0bed7ee
alb.ingress.kubernetes.io/healthcheck-path: /
alb.ingress.kubernetes.io/healthcheck-interval-seconds: '15'
alb.ingress.kubernetes.io/healthcheck-timeout-seconds: '10'
alb.ingress.kubernetes.io/healthy-threshold-count: '2'
alb.ingress.kubernetes.io/unhealthy-threshold-count: '4'
alb.ingress.kubernetes.io/healthcheck-port: traffic-port
alb.ingress.kubernetes.io/success-codes: 200,302
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/tags: auto-delete=no
persistence:
enabled: true
storageClass: "ebs-sc-gp3"
size: 30Gi
mode: standalone
rootUser: "admin"
rootPassword: "q1w2e3r4T%"
# oidc:
# enabled: true
# configUrl: "https://keycloak.bys.asia/realms/mlops/protocol/openid-connect/token"
# clientId: "minio"
# clientSecret: "ga3zkJlAUHhzTHHrKCjMvD1FAD9C2Ofx"
# # Provide existing client secret from the Kubernetes Secret resource, existing secret will have priority over `clientId` and/or `clientSecret``
# claimName: "policy"
# scopes: "openid,profile,email,minio-authorization"
# redirectUri: "https://minio.bys.asia/oauth_callback"
# displayName: "KeycloakSSO"
helm repo add minio https://charts.min.io/
helm repo update minio
helm upgrade -i minio minio/minio -n minio -f /Users/bys/workspace/kubernetes/mlops/minio/values.yaml
helm delete minio -n minio
# To get your credentials run:
export ROOT_USER=$(kubectl get secret --namespace minio minio -o jsonpath="{.data.root-user}" | base64 -d)
export ROOT_PASSWORD=$(kubectl get secret --namespace minio minio -o jsonpath="{.data.root-password}" | base64 -d)
# To connect to your MinIO® server using a client:
- Run a MinIO® Client pod and append the desired command (e.g. 'admin info'):
kubectl run --namespace minio minio-client \
--rm --tty -i --restart='Never' \
--env MINIO_SERVER_ROOT_USER=$ROOT_USER \
--env MINIO_SERVER_ROOT_PASSWORD=$ROOT_PASSWORD \
--env MINIO_SERVER_HOST=minio \
--image docker.io/bitnami/minio-client:2025.2.8-debian-12-r0 -- admin info minio
Integration Keycloak
https://keycloak.bys.asia/realms/mlops/account/
curl -d "client_id=minio" \
-d "client_secret=ga3zkJlAUHhzTHHrKCjMvD1FAD9C2Ofx" \
-d "grant_type=password" \
-d "username=minio" \
-d "password=minio" \
https://keycloak.bys.asia/realms/mlops/protocol/openid-connect/token
{“access_token”:”eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICItQ2RNNm80TjVEVkl0alpqZ1JRdjZ5eEFYVEZlc1EwNzhiSFRxSmhycFBvIn0.eyJleHAiOjE3NDAwNjUzNzYsImlhdCI6MTc0MDA1ODE3NiwianRpIjoiYTMyNjhhMjctMzBkMC00YjgyLTk3ZjUtNzAxNDIxNjkzMTgzIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5ieXMuYXNpYS9yZWFsbXMvbWxvcHMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiNjZiNjIxZTEtMTE5My00OGE0LWJjYzAtZjM4NmRmMWQ0NWNjIiwidHlwIjoiQmVhcmVyIiwiYXpwIjoibWluaW8iLCJzaWQiOiJmZWU2ZDgwMS1hNTAwLTQxNjUtYWNkZC0yMTk3MGJkMjA5Y2YiLCJhY3IiOiIxIiwicmVhbG1fYWNjZXNzIjp7InJvbGVzIjpbImRlZmF1bHQtcm9sZXMtbWxvcHMiLCJvZmZsaW5lX2FjY2VzcyIsInVtYV9hdXRob3JpemF0aW9uIl19LCJyZXNvdXJjZV9hY2Nlc3MiOnsiYWNjb3VudCI6eyJyb2xlcyI6WyJtYW5hZ2UtYWNjb3VudCIsIm1hbmFnZS1hY2NvdW50LWxpbmtzIiwidmlldy1wcm9maWxlIl19fSwic2NvcGUiOiJtaW5pby1hdXRob3JpemF0aW9uIHByb2ZpbGUgZW1haWwiLCJlbWFpbF92ZXJpZmllZCI6ZmFsc2UsIm5hbWUiOiJieXMga28iLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJtaW5pbyIsImdpdmVuX25hbWUiOiJieXMiLCJmYW1pbHlfbmFtZSI6ImtvIiwiZW1haWwiOiJ0ZXN0QHRlc3QuY29tIiwicG9saWN5IjpbImNvbnNvbGVBZG1pbiJdfQ.ZB1JgFevVY_AEKtgo-FSn_TxWPbhF3W7_D5N36pGyxHag0jb6BWeZKul-jBorsyBhB3fJNYRlypGSGXfEio2AoyI-x9RwcPFMs9URtH3PxEc5h7IuGcBSjKUihtjrPTX2KdZH36BLgCAituuFiTFfldUT4fXjrhEoIL-E4LM0pRxxRLZ2uwIlstRBpi5ZnnMnIa8y8wqvupu4BLUtb5tRYOrXJj_EAXUqh5F-7l2ufAxP6OP2YkRiCwXXuKB4hm4IeZVYHuX2x9ybFcU8uVOw5UHw-xcZ2FL2Lmnq96HpHe2HEJ8SGtPWsa0d2QnYcvBKWkQ_MaYuyLuoyPJgE5YWQ”,”expires_in”:7200,”refresh_expires_in”:1800,”refresh_token”:”eyJhbGciOiJIUzUxMiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJkZmE3Y2RmYi0zMTljLTRlZjMtODIyYi1kZjIwYmJkNWEwNjAifQ.eyJleHAiOjE3NDAwNTk5NzYsImlhdCI6MTc0MDA1ODE3NiwianRpIjoiNzljNzRlYzgtNzc4Yi00M2YyLTkwYmEtNzlkM2Q2Mzc4YzkzIiwiaXNzIjoiaHR0cHM6Ly9rZXljbG9hay5ieXMuYXNpYS9yZWFsbXMvbWxvcHMiLCJhdWQiOiJodHRwczovL2tleWNsb2FrLmJ5cy5hc2lhL3JlYWxtcy9tbG9wcyIsInN1YiI6IjY2YjYyMWUxLTExOTMtNDhhNC1iY2MwLWYzODZkZjFkNDVjYyIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJtaW5pbyIsInNpZCI6ImZlZTZkODAxLWE1MDAtNDE2NS1hY2RkLTIxOTcwYmQyMDljZiIsInNjb3BlIjoibWluaW8tYXV0aG9yaXphdGlvbiBiYXNpYyBhY3IgcHJvZmlsZSBlbWFpbCByb2xlcyB3ZWItb3JpZ2lucyJ9.lGOEEyAubp9i1zIQF1m8Ba3qnzXXSxITJSgTS-n52oi3OBYn00A1nDssW6-pMlDNrRb1qXGJqgxgr-ppIh82qw”,”token_type”:”Bearer”,”not-before-policy”:0,”session_state”:”fee6d801-a500-4165-acdd-21970bd209cf”,”scope”:”minio-authorization profile email”}
mlops
minio
]