Loki 日志系統(tǒng)分布式部署實踐四 minio

說明

loki 支持文件系統(tǒng)、對象存儲、NoSQL,對象存儲大多都要使用公有云,但所幸的是它支持了 aws s3 兼容的存儲,那么這里就可以使用 ceph rgw 和 minio,本篇部署 minio

說明

對象存儲在云環(huán)境下是一種基礎(chǔ)設(shè)施,在大數(shù)據(jù)、AI領(lǐng)域可以將它作為基本的存儲方式。Spark、TensorFlow 都可以使用對象存儲,它也可以作為 HDFS 的代替者。
minio 出品自一個有著多年網(wǎng)絡(luò)文件系統(tǒng)開發(fā)經(jīng)驗的團(tuán)隊,其初始創(chuàng)始團(tuán)隊都來自于原 Glusterfs 團(tuán)隊,該團(tuán)隊二次創(chuàng)業(yè)的產(chǎn)品 minio 的設(shè)計廣泛吸取了 glusterfs 的經(jīng)驗和教訓(xùn):

MinIO 是一個開源的對象存儲解決方案,特點包括:

  1. 高性能: 作為高性能對象存儲,在標(biāo)準(zhǔn)硬件條件下它能達(dá)到 55GB/s 的讀、35GG/s 的寫速率
  2. 可擴容: 不同 MinIO 集群可以組成聯(lián)邦,并形成一個全局的命名空間,并跨越多個數(shù)據(jù)中心,可按 zone 擴展(原 zone 不受任何影響),支持單個對象最大 5TB;
  3. 云原生: 容器化、基于 K8S 的編排、多租戶支持
  4. 兼容性: 兼容 S3 API 這一事實上的對象存儲標(biāo)準(zhǔn),最先支持 S3 Select
  5. 簡單: 這一設(shè)計原則讓 MinIO 不容易出錯、更快啟動。一個 single 二進(jìn)制文件即是一切,還可支持各種平臺。(托了 go 語言的福)

  6. 支持糾刪碼: MinIO 使用糾刪碼(不是副本機制)、Checksum 來防止硬件錯誤和靜默數(shù)據(jù)污染(Bit Rot,在沒有任何信號的情況下磁盤發(fā)生數(shù)據(jù)錯誤)。在最高冗余度配置下,即使丟失 1/2 的磁盤也能恢復(fù)數(shù)據(jù)。低冗余且磁盤損壞高容忍,標(biāo)準(zhǔn)且最高的數(shù)據(jù)冗余系數(shù)為 2(即存儲一個 1M 的數(shù)據(jù)對象,實際占用磁盤空間為 2M)。但在任意 n/2 塊 disk 損壞的情況下依然可以讀出數(shù)據(jù)(n 為一個糾刪碼集合(Erasure Coding Set)中的 disk 數(shù)量)。并且這種損壞恢復(fù)是基于單個對象的,而不是基于整個存儲卷的。


    mini.png

安裝

通過 minio-operator 安裝:
注意:這里作為一個 kubectl 插件來使用了
下載包:

# wget https://github.com/minio/operator/releases/download/v3.0.28/kubectl-minio_3.0.28_linux_amd64
# mv kubectl-minio_3.0.28_linux_amd64 /usr/local/bin/kubectl-minio
# chmod +x /usr/local/bin/kubectl-minio
# kubectl plugin list
The following compatible plugins are available:

/usr/local/bin/kubectl-minio

查看幫助:

# kubectl minio

kubectl plugin to manage MinIO operator CRDs.

Usage:
  minio [command]

Available Commands:
  delete      Delete MinIO Operator deployment
  help        Help about any command
  init        Initialize MinIO Operator deployment
  tenant      Manage MinIO tenant

Flags:
  -h, --help   help for minio

Use "minio [command] --help" for more information about a command.

安裝 minio-operator

注意:可以使用 -o(不是 -o yaml)導(dǎo)出 minio-operator 的 yaml 進(jìn)行手工修改部署(但是不全,缺少了 apiVersion、kind 等字段)

# kubectl create ns minio
# kubectl minio init --namespace minio --image harbor.sit.hupu.io/k8s/k8s-operator:v3.0.28
CustomResourceDefinition tenants.minio.min.io: created
ClusterRole minio-operator-role: created
ServiceAccount minio-operator: created
ClusterRoleBinding minio-operator-binding: created
MinIO Operator Deployment minio-operator: created

查看:

# kubectl get pod -n minio 
NAME                              READY   STATUS    RESTARTS   AGE
minio-operator-547f967794-tj54s   1/1     Running   0          48s

# kubectl logs -n minio deployment/minio-operator
I1103 05:51:59.656107       1 main.go:66] Starting MinIO Operator
I1103 05:51:59.658915       1 main-controller.go:236] Setting up event handlers
I1103 05:51:59.658983       1 main-controller.go:692] Starting Tenant controller
I1103 05:51:59.658994       1 main-controller.go:695] Waiting for informer caches to sync
I1103 05:51:59.859139       1 main-controller.go:700] Starting workers

minio 支持多種 server 啟動模式

  1. standalone mode 單節(jié)點單盤
# minio server data
  1. standalone mode 單節(jié)點 4 盤糾刪碼
# minio server data1 data2 data3 data4

minio server 啟動支持語法糖 - 省略號語法:

# minio server data{1...4}
  1. distributed mode 多節(jié)點糾刪碼(每節(jié)點 4 盤)
    在 distributed mode 下,minio server 后面的遠(yuǎn)程的 endpoint 采用 http url 編碼格式:
# export MINIO_ACCESS_KEY=<ACCESS_KEY>
# export MINIO_SECRET_KEY=<SECRET_KEY>
# minio server http://host{1...4}:9000/minio/data{1...4}

通過 tenants CR 資源創(chuàng)建 minio 集群:

注意:tenant 是由運營商創(chuàng)建和管理的 MinIO 集群。在創(chuàng)建 tenant 之前,請確保已安裝必要的節(jié)點和驅(qū)動器,并且已創(chuàng)建相關(guān)的 PV 或默認(rèn)的非跨可用區(qū)的 storageclass。

# kubectl get sc
NAME                                 PROVISIONER                       RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
alicloud-disk-efficiency (default)   diskplugin.csi.alibabacloud.com   Delete          Immediate           true                   59d
alicloud-disk-ssd                    diskplugin.csi.alibabacloud.com   Delete          Immediate           true                   59d

要求 MinIO-Operator 創(chuàng)建一個具有 4 節(jié)點,總計 16 個卷和 480Gi 總原始容量(每個節(jié)點有 4 個 30 Gi 的卷)的 minio 集群:
注意:分布式 Minio 至少需要 4 個節(jié)點,使用分布式 Minio 就自動引入了糾刪碼功能。
注意:這里會返回 Access Key 和 Secret Key

# kubectl minio tenant create --name tenant1 --servers 4 --volumes 16 --capacity 480Gi --namespace minio
MinIO Tenant tenant1 Created

Tenant
Access Key: 790f856e-8d49-4ae1-b37f-2668a16f6558
Secret Key: 85408dd4-84f4-4578-a8f1-e454ddaa7917
Version: minio/minio:RELEASE.2020-10-12T21-53-21Z
ClusterIP Service: tenant1-internal-service

MinIO Console
Access Key: b38a7893-7931-4e59-b3e5-82ebcaa4ccfa
Secret Key: 5883f678-3612-4920-890f-bd383b6a28b5
Version: minio/console:v0.3.14
ClusterIP Service: tenant1-console

查看日志:
注意:幾個 error syncing 錯誤不影響

# kubectl logs -n minio deployment/minio-operator
I1103 06:23:51.386231       1 csr.go:73] Generating private key
I1103 06:23:51.386361       1 csr.go:86] Generating CSR with CN=*.tenant1-hl.minio.svc.cluster.local
I1103 06:23:51.410488       1 csr.go:217] Start polling for certificate of csr/tenant1-minio-csr, every 5s, timeout after 20m0s
I1103 06:23:56.413972       1 csr.go:243] Certificate successfully fetched, creating secret with Private key and Certificate
E1103 06:23:56.418970       1 main-controller.go:778] error syncing 'minio/tenant1': waiting for minio cert
I1103 06:24:01.339533       1 main-controller.go:970] Deploying zone zone-0
I1103 06:24:01.360977       1 csr.go:217] Start polling for certificate of csr/tenant1-console-minio-csr, every 5s, timeout after 20m0s
I1103 06:24:06.364020       1 csr.go:243] Certificate successfully fetched, creating secret with Private key and Certificate
E1103 06:24:06.370130       1 main-controller.go:778] error syncing 'minio/tenant1': waiting for console cert
I1103 06:25:01.356379       1 main-controller.go:970] Deploying zone zone-0
E1103 06:25:02.439244       1 main-controller.go:778] error syncing 'minio/tenant1': MinIO is not ready
E1103 06:26:01.389658       1 main-controller.go:778] error syncing 'minio/tenant1': MinIO is not ready
I1103 06:27:02.500331       1 main-controller.go:773] Successfully synced 'minio/tenant1'
I1103 06:27:07.555954       1 main-controller.go:773] Successfully synced 'minio/tenant1'

大約等待 100s 以后開始創(chuàng)建資源:

# kubectl get all -n minio
NAME                                   READY   STATUS    RESTARTS   AGE
pod/minio-operator-66b7f78db6-nvftv    1/1     Running   0          31m
pod/tenant1-console-5d6d56bbb5-lpf82   1/1     Running   0          16m
pod/tenant1-console-5d6d56bbb5-nqp84   1/1     Running   0          16m
pod/tenant1-zone-0-0                   1/1     Running   0          18m
pod/tenant1-zone-0-1                   1/1     Running   0          18m
pod/tenant1-zone-0-2                   1/1     Running   0          18m
pod/tenant1-zone-0-3                   1/1     Running   0          18m

NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
service/minio             ClusterIP   10.96.16.81    <none>        443/TCP             19m
service/tenant1-console   ClusterIP   10.96.239.89   <none>        9090/TCP,9443/TCP   16m
service/tenant1-hl        ClusterIP   None           <none>        9000/TCP            19m

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/minio-operator    1/1     1            1           31m
deployment.apps/tenant1-console   2/2     2            2           16m

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/minio-operator-66b7f78db6    1         1         1       31m
replicaset.apps/tenant1-console-5d6d56bbb5   2         2         2       16m

NAME                              READY   AGE
statefulset.apps/tenant1-zone-0   4/4     18m

# kubectl minio tenant info --name tenant1 -n minio 
+---------+------------------------------------------+--------------------+---------------------+---------+
|    ZONE |                                  SERVERS | VOLUMES PER SERVER | CAPACITY PER VOLUME | VERSION |
+---------+------------------------------------------+--------------------+---------------------+---------+
|       0 |                                        4 |                  4 |                30Gi |         |
+---------+------------------------------------------+--------------------+---------------------+---------+
| VERSION | MINIO/MINIO:RELEASE.2020-10-12T21-53-21Z |                    |                     |         |
+---------+------------------------------------------+--------------------+---------------------+---------+

創(chuàng)建 Ingress

# cat > minio-ingress.yaml <<EOF
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
  name: minio-web
  namespace: minio
spec:
  rules:
  - host: minio-web.ingress.hupu.io
    http:
      paths:
      - backend:
          serviceName: minio
          servicePort: 443
        path: /
  #tls:
  #- hosts:
  #  - minio-web.ingress.hupu.io
  #  secretName: tenant1-tls
EOF

# kubectl apply -f minio-ingress.yaml
ingress.extensions/minio-web created

查看 secret:

# kubectl get secret -n minio    
NAME                         TYPE                                  DATA   AGE
default-token-75f6m          kubernetes.io/service-account-token   3      41m
minio-operator-token-t55q8   kubernetes.io/service-account-token   3      41m
operator-webhook-secret      Opaque                                3      29m
tenant1-console-secret       Opaque                                5      29m
tenant1-console-tls          Opaque                                2      28m
tenant1-creds-secret         Opaque                                2      29m
tenant1-tls                  Opaque                                2      29m

查看 minio web 賬號密碼:

# kubectl get secret -n minio tenant1-creds-secret -o jsonpath='{.data}' |jq .            
{
  "accesskey": "NzkwZjg1NmUtOGQ0OS00YWUxLWIzN2YtMjY2OGExNmY2NTU4",
  "secretkey": "ODU0MDhkZDQtODRmNC00NTc4LWE4ZjEtZTQ1NGRkYWE3OTE3"
}

# echo 'NzkwZjg1NmUtOGQ0OS00YWUxLWIzN2YtMjY2OGExNmY2NTU4' | base64 -d
790f856e-8d49-4ae1-b37f-2668a16f6558

# echo 'ODU0MDhkZDQtODRmNC00NTc4LWE4ZjEtZTQ1NGRkYWE3OTE3' | base64 -d
85408dd4-84f4-4578-a8f1-e454ddaa7917

訪問 web:
http://minio-web.ingress.hupu.io/minio/login
accesskey:790f856e-8d49-4ae1-b37f-2668a16f6558
secretkey:85408dd4-84f4-4578-a8f1-e454ddaa7917

查看 minio console 賬號密碼:

# kubectl get secret -n minio tenant1-console-secret -o jsonpath='{.data}' |jq .
{
  "CONSOLE_ACCESS_KEY": "YjM4YTc4OTMtNzkzMS00ZTU5LWIzZTUtODJlYmNhYTRjY2Zh",
  "CONSOLE_HMAC_JWT_SECRET": "YTI5Nzk5YWUtNmFjOS00ODc4LTljMTgtMWU3Zjg4YmY5YzY5",
  "CONSOLE_PBKDF_PASSPHRASE": "ZDM3OWNlZTQtYzdiNy00ZDUxLThhNTgtZGI5NDk4NGNhNGZk",
  "CONSOLE_PBKDF_SALT": "Y2U0ZTIyZmItYTA1Mi00Yzk4LWI0NTQtOGZmYWZiNDBlZjll",
  "CONSOLE_SECRET_KEY": "NTg4M2Y2NzgtMzYxMi00OTIwLTg5MGYtYmQzODNiNmEyOGI1"
}

查看 PVC:

# kubectl get pvc -n minio 
NAME                 STATUS   VOLUME                   CAPACITY   ACCESS MODES   STORAGECLASS               AGE
0-tenant1-zone-0-0   Bound    d-bp19p6vshix3yd7muyfa   30Gi       RWO            alicloud-disk-efficiency   27m
0-tenant1-zone-0-1   Bound    d-bp10p2g1civqusscrpsg   30Gi       RWO            alicloud-disk-efficiency   27m
0-tenant1-zone-0-2   Bound    d-bp15v2vdwv6sbr7a0k99   30Gi       RWO            alicloud-disk-efficiency   27m
0-tenant1-zone-0-3   Bound    d-bp1bhe673f5os8zlesmt   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-0   Bound    d-bp1hx0enix3hi3g9i5ys   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-1   Bound    d-bp14p9y07ns6mus62u96   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-2   Bound    d-bp160her827qm6sn5xbx   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-3   Bound    d-bp10p2g1civqusscrpsh   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-0   Bound    d-bp13ffnpp8kyos9qe5n1   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-1   Bound    d-bp185opgs9oupi15cq4h   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-2   Bound    d-bp19p6vshix3yd7muyfe   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-3   Bound    d-bp1hf4qqoc03zvssy20q   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-0   Bound    d-bp18vj2il5rc2pkmhtyz   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-1   Bound    d-bp1cc5ecqwtqyeivvh4m   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-2   Bound    d-bp15w0d1f4lqq181cl06   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-3   Bound    d-bp1anc2b2vgc4d7v8fs5   30Gi       RWO            alicloud-disk-efficiency   27m

擴展 minio 集群

# kubectl minio tenant expand --name tenant1 --servers 8 --volumes 32 --capacity 32Ti -n minio 
Adding new volumes to MinIO Tenant tenant1

minio 支持三種客戶端

  1. mc 參考:https://docs.min.io/docs/minio-client-quickstart-guide
  2. aws-cli 參考:https://docs.min.io/docs/aws-cli-with-minio
  3. s3cmd 參考:https://docs.min.io/docs/s3cmd-with-minio
?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者
【社區(qū)內(nèi)容提示】社區(qū)部分內(nèi)容疑似由AI輔助生成,瀏覽時請結(jié)合常識與多方信息審慎甄別。
平臺聲明:文章內(nèi)容(如有圖片或視頻亦包括在內(nèi))由作者上傳并發(fā)布,文章內(nèi)容僅代表作者本人觀點,簡書系信息發(fā)布平臺,僅提供信息存儲服務(wù)。

相關(guān)閱讀更多精彩內(nèi)容

友情鏈接更多精彩內(nèi)容