Minio

• Docs
• Arch wiki

Client

see ./client.md

Server

• Container Installation
• MinIO Object Storage for Kubernetes

Admin client usage

• Minio admin client docs
  • User managment

Permissions

• Login to admin console
• Create access key
• Grant access key admin:XYZ privileges, see Admin Policy Action Keys or admin:* (Beware !)

Show info (needs admin credentials configured):

mc admin info pinenas-pub-admin

Create a user:

mc admin user add pinenas-pub-admin newuser newusersecret

Add serviceaccount to varac's account:

mc admin user svcacct add pinenas-pub-varac varac \
  --name restic-zancas \
  --description "Restic backup on zancas"

Show information about accesskey including attached policy:

mc admin user svcacct info restic-zancas ACCESSKEY --policy

List all Serviceaccounts associated to an account:

mc admin user svcacct list pinenas-pub-admin varac

Dump readwrite (default) policy and write to file:

mc admin policy info pinenas-pub-admin readwrite | \
  jq .Policy > ~/projects/cloud/storage/minio/policy.readwrite.json

Restrict bucket access on Serviceaccount:

jq '.Statement[0].Resource = ["arn:aws:s3:::restic.zancas/*"]' \
  ~/projects/cloud/storage/minio/policy.readwrite.json > /tmp/policy-new.json
mc admin user svcacct edit --policy /tmp/policy-new.json \
  pinenas-pub-admin ACCESSKEY

Minio directpv

• Minio's CSI driver

Install directpv krew plugin

kubectl krew install directpv

Install CSI driver with helm chart

• Official helm chart got removed
  • Last chart version update 2023-12, but recent commits to templates/
  • No value templating, plain manifests
  • No Helm chart repository
  • No way to Configure replicas
  • Hardcoded Namespace
• nineinfra-charts/minio-directpv
  • Chart source
  • 4 commits, one relase, last update 2023-11

Install CSI driver manually

Only use this method for testing, the helm chart method should be preferred.

Install DirectPV in all Kubernetes nodes:

kubectl directpv install

This will install the following resources:

┌──────────────────────────────────────┬──────────────────────────┐
│ NAME                                 │ KIND                     │
├──────────────────────────────────────┼──────────────────────────┤
│ directpv                             │ Namespace                │
│ directpv-min-io                      │ ServiceAccount           │
│ directpv-min-io                      │ ClusterRole              │
│ directpv-min-io                      │ ClusterRoleBinding       │
│ directpv-min-io                      │ Role                     │
│ directpv-min-io                      │ RoleBinding              │
│ directpvdrives.directpv.min.io       │ CustomResourceDefinition │
│ directpvvolumes.directpv.min.io      │ CustomResourceDefinition │
│ directpvnodes.directpv.min.io        │ CustomResourceDefinition │
│ directpvinitrequests.directpv.min.io │ CustomResourceDefinition │
│ directpv-min-io                      │ CSIDriver                │
│ directpv-min-io                      │ StorageClass             │
│ node-server                          │ Daemonset                │
│ controller                           │ Deployment               │
└──────────────────────────────────────┴──────────────────────────┘