Minio (https://github.com/minio/minio)提供对象存储服务,兼容了 AWS S3 存储协议,用于非结构化的数据存。非结构化对象,比如图像,音、视频,日志文件,备份镜像…等等管理不方便,不定长,大小变化大、类型多,云端的访问复杂,minio就是来解决这种场景的。非结构化的文件从数KB到5TB都能很好的支持。开源并且用Go语言开发,有web操作界面,我们可以用它来搭建兼容S3协议的存储云服务。
对象存储呈现出来的是一个“桶”(bucket),你可以往“桶”里面放“对象(Object)”。这个对象包括三个部分:Key、Data、Metadata。
Key:可以理解文件名,是该对象的全局唯一标识符(UID)。Key是用于检索对象,服务器和用户不需要知道数据的物理地址,也能通过它找到对象。这种方法极大地简化了数据存储。
Data:也就是用户数据本体。这个不用解释了。
Metadata:Metadata叫做元数据,它是对象存储一个非常独特的概念。元数据有点类似数据的标签,标签的条目类型和数量是没有限制的,可以是对象的各种描述信息。在传统的文件存储里,这类信息属于文件本身,和文件一起封装存储。而对象存储中,元数据是独立出来的,并不在数据内部封装。元数据的好处非常明显,可以大大加快对象的排序,还有分类和查找。
以往像FAT32这种文件系统,是直接将一份文件的数据与metadata一起存储的,存储过程先将文件按照文件系统的最小块大小来打散(如4M的文件,假设文件系统要求一个块4K,那么就将文件打散成1000个小块),再写进硬盘里面,过程中没有区分数据/metadata的。而每个块最后会告知你下一个要读取的块的地址,然后一直这样顺序地按图索骥,最后完成整份文件的所有块的读取。
这种情况下读写速度很慢,因为就算你呦100个机械手臂在读写,但是由于你只有读取到第一块,才能知道下一个在哪里,其实相当于只能有一个机械手臂在实际工作。对象存储将元数据独立出来,控制节点叫元数据服务器(服务器 对象存储管理软件),里面主要负责存储对象的属性(主要是对象的数据被打散存放到了那几台分布式服务器中的信息),而其他负责存储数据的分布式服务器叫做OSD,主要负责存储文件的数据部分。当用户访问对象,会先访问元数据服务器,元数据服务器只负责反馈对象存储在那些OSD,假设反馈文件A存储在B、C、D三台OSD,那么用户就会再次直接访问3台OSD服务器去读取数据。这时候由于是3台OSD同时对外传输数据,所以传输的速度就加快了。当OSD服务器数量越多,这种读写速度的提升就越大,通过这种方式,实现了读写快的目的。
Minio使用纠删码erasure code和校验和checksum来保护数据免受硬件故障和无声数据损坏。即便您丢失一半数量(N/2)的硬盘,您仍然可以恢复数据。
什么是纠删码erasure code?纠删码是一种恢复丢失和损坏数据的数学算法, Minio采用Reed-Solomon code将对象拆分成N/2数据和N/2 奇偶校验块。这就意味着如果是12块盘,一个对象会被分成6个数据块、6个奇偶校验块,你可以丢失任意6块盘(不管其是存放的数据块还是奇偶校验块),你仍可以从剩下的盘中的数据进行恢复。
什么是位衰减bit rot保护?位衰减又被称为数据腐化Data Rot、无声数据损坏Silent Data Corruption,是目前硬盘数据的一种严重数据丢失问题。硬盘上的数据可能会神不知鬼不觉就损坏了,也没有什么错误日志。正所谓明枪易躲,暗箭难防,这种背地里犯的错比硬盘直接咔咔宕了还危险。不过不用怕,Minio纠删码采用了高速 HighwayHash 基于哈希的校验和来防范位衰减。
直接在docker上可以按照如下方法部署,但是数据会重启丢失。
代码语言:javascript复制docker run -p 9000:9000 --name my_minio
-e "MINIO_ACCESS_KEY=AKIAIOSFODNN7EXAMPLE"
-e "MINIO_SECRET_KEY=wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
-v ~/Downloads:/data
-v ~/Downloads:/root/.minio
minio/minio server /data
在k8s上如何部署呢?和部署redis mac 上学习k8s系列(10)PV PVC一样,我们采用挂载volume的方式,先声明pv
代码语言:javascript复制apiVersion: v1
kind: PersistentVolume
metadata:
labels:
app: minio
release: minio
name: minio
namespace: default
spec:
claimRef:
apiVersion: v1
kind: PersistentVolumeClaim
name: minio-pv-claim
namespace: default
accessModes:
- ReadWriteOnce
capacity:
storage: 2Gi
volumeMode: Filesystem
hostPath:
path: /Users/xiazemin/source/k8s_learn/minio/k8s/standalone/minio/
然后声明pvc
代码语言:javascript复制apiVersion: v1
kind: PersistentVolumeClaim
metadata:
# This name uniquely identifies the PVC. Will be used in deployment below.
name: minio-pv-claim
labels:
app: minio-storage-claim
spec:
# Read more about access modes here: https://kubernetes.io/docs/user-guide/persistent-volumes/#access-modes
accessModes:
- ReadWriteOnce
resources:
# This is the request for storage. Should be available in the cluster.
requests:
storage: 2Gi
# Uncomment and add storageClass specific to your requirements below. Read more https://kubernetes.io/docs/concepts/storage/persistent-volumes/#class-1
#storageClassName:
部署pod
代码语言:javascript复制apiVersion: apps/v1
kind: Deployment
metadata:
# This name uniquely identifies the Deployment
name: minio-deployment
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: minio
template:
metadata:
labels:
# Label is used as selector in the service.
app: minio
spec:
# Refer to the PVC created earlier
volumes:
- name: storage
persistentVolumeClaim:
# Name of the PVC created earlier
claimName: minio-pv-claim
containers:
- name: minio
# Pulls the default MinIO image from Docker Hub
image: minio/minio
args:
- server
- /storage
- --console-address
- ":9001"
env:
# MinIO access key and secret key
- name: MINIO_ACCESS_KEY
value: "admin123"
- name: MINIO_SECRET_KEY
value: "admin123"
ports:
- containerPort: 9000
name: api
- containerPort: 9001
name: console
# Mount the volume into the pod
volumeMounts:
- name: storage # must match the volume name, above
mountPath: "/storage"
部署service
代码语言:javascript复制apiVersion: v1
kind: Service
metadata:
name: minio-service
spec:
type: NodePort
ports:
- port: 9000
targetPort: 9000
nodePort: 30000
name: api
protocol: TCP
- port: 9001
name: console
targetPort: 9001
nodePort: 30001
protocol: TCP
selector:
app: minio
部署完毕,我们测试下
代码语言:javascript复制% curl -iv http://127.0.0.1:30000
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30000 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30000
> User-Agent: curl/7.64.1
> Accept: */*
>
< HTTP/1.1 403 Forbidden
HTTP/1.1 403 Forbidden
< Accept-Ranges: bytes
Accept-Ranges: bytes
< Content-Length: 226
Content-Length: 226
< Content-Security-Policy: block-all-mixed-content
Content-Security-Policy: block-all-mixed-content
< Content-Type: application/xml
Content-Type: application/xml
< Server: MinIO
Server: MinIO
< Strict-Transport-Security: max-age=31536000; includeSubDomains
Strict-Transport-Security: max-age=31536000; includeSubDomains
< Vary: Origin
Vary: Origin
< Vary: Accept-Encoding
Vary: Accept-Encoding
< X-Amz-Request-Id: 16A012A7AEDC24F7
X-Amz-Request-Id: 16A012A7AEDC24F7
< X-Content-Type-Options: nosniff
X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
X-Xss-Protection: 1; mode=block
< Date: Mon, 30 Aug 2021 11:39:36 GMT
Date: Mon, 30 Aug 2021 11:39:36 GMT
<
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host 127.0.0.1 left intact
<Error><Code>AccessDenied</Code><Message>Access Denied.</Message><Resource>/</Resource><RequestId>16A012A7AEDC24F7</RequestId><HostId>bd78d817-8f16-4589-a8fd-e7db8569033e</HostId></Error>* Closing connection 0
说明api端口是ok的,因为没事指定密码认证,说返回错误了
代码语言:javascript复制 % curl -iv http://127.0.0.1:30001
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 30001 (#0)
> GET / HTTP/1.1
> Host: 127.0.0.1:30001
> User-Agent: curl/7.64.1
> Accept: */*
>
* Empty reply from server
* Connection #0 to host 127.0.0.1 left intact
curl: (52) Empty reply from server
* Closing connection 0
测试下,发现console端口不ok,为啥呢?
我们对比docker单机版和k8s版本发现args少了两个参数,补充下面参数
代码语言:javascript复制 args:
- server
- /storage
- --console-address
- ":9001"
再测试下ok
访问下面连接,可以进入控制台,输入用户名,密码可以看到后台信息:
代码语言:javascript复制http://127.0.0.1:30001/dashboard
我我们用golang api连接下
代码语言:javascript复制package main
import (
"context"
"log"
"github.com/minio/minio-go/v7"
"github.com/minio/minio-go/v7/pkg/credentials"
)
func main() {
ctx := context.Background()
endpoint := "127.0.0.1:30000"
accessKeyID := "admin123"
secretAccessKey := "admin123"
/*
endpoint := "127.0.0.1:9000"
accessKeyID := "AKIAIOSFODNN7EXAMPLE"
secretAccessKey := "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
*/
useSSL := false
// Initialize minio client object.
minioClient, err := minio.New(endpoint, &minio.Options{
Creds: credentials.NewStaticV4(accessKeyID, secretAccessKey, ""),
Secure: useSSL,
})
if err != nil {
log.Fatalln(err)
}
// Make a new bucket called mymusic.
bucketName := "mymusic"
location := "us-east-1"
err = minioClient.MakeBucket(ctx, bucketName, minio.MakeBucketOptions{Region: location})
if err != nil {
// Check to see if we already own this bucket (which happens if you run this twice)
exists, errBucketExists := minioClient.BucketExists(ctx, bucketName)
if errBucketExists == nil && exists {
log.Printf("We already own %sn", bucketName)
} else {
log.Fatalln(err)
}
} else {
log.Printf("Successfully created %sn", bucketName)
}
// Upload the zip file
objectName := "test.tar"
filePath := "./test.tar"
contentType := "application/zip"
// Upload the zip file with FPutObject
info, err := minioClient.FPutObject(ctx, bucketName, objectName, filePath, minio.PutObjectOptions{ContentType: contentType})
if err != nil {
log.Fatalln(err)
}
log.Printf("Successfully uploaded %s of size %dn", objectName, info.Size)
if err := minioClient.FGetObject(context.Background(), bucketName, objectName, filePath, minio.GetObjectOptions{}); err != nil {
log.Fatalln(err)
}
log.Println("Successfully get", filePath)
}
发现成功了,在本地目录看下
代码语言:javascript复制 minio % tree
.
|____.minio.sys
| |____buckets
| | |____.usage-cache.bin
| | |____.minio.sys
| | | |____buckets
| | | | |____.usage-cache.bin
| | | | | |____fs.json
| | | | |____.bloomcycle.bin
| | | | | |____fs.json
| | | | |____mymusic
| | | | | |____.usage-cache.bin
| | | | | | |____fs.json
| | | | |____.usage.json
| | | | | |____fs.json
| | |____.bloomcycle.bin
| | |____mymusic
| | | |____.usage-cache.bin
| | | |____test.tar
| | | | |____fs.json
| | | |____.metadata.bin
| | |____.tracker.bin
| | |____.usage.json
| |____config
| | |____config.json
| | |____iam
| | | |____policydb
| | | | |____sts-users
| | | | | |____378MNUH1NQR65ZY5ZPLR.json
| | | |____format.json
| | | |____sts
| | | | |____378MNUH1NQR65ZY5ZPLR
| | | | | |____identity.json
| |____format.json
|____mymusic
| |____test.tar
至此,我们k8s搭建minio完毕。