minio
单机安装
#!/bin/bash
docker stop minio
docker rm minio
docker run -d --name minio \
--network=host \
--restart=always \
-e "MINIO_ROOT_USER=minioadmin" \
-e "MINIO_ROOT_PASSWORD=minioadmin" \
quay.io/minio/minio server \
--address ":32001" \
--console-address ":32002" \
/data
docker logs minio -f
集群安装
#!/bin/bash
docker stop node1 node2 node3 node4
docker rm node1 node2 node3 node4
for i in {1..4}; do
docker run -d --name node${i} \
--network=host \
--restart=always \
-e "MINIO_ROOT_USER=minioadmin" \
-e "MINIO_ROOT_PASSWORD=minioadmin" \
-v $(pwd)/data/data${i}:/data \
quay.io/minio/minio server \
--address ":1001${i}" \
--console-address ":1002${i}" \
http://192.168.30.128:1001{1...4}/data
done
keycloak
#!/bin/bash
docker stop keycloak
docker rm keycloak
docker run -d \
--name=keycloak \
--restart=always \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
-p 3080:8080 \
-p 9990:9990 \
jboss/keycloak
docker logs keycloak -f
配置keycloak
1.新增realm:minio
2.新增user: minio
credentials: 设置密码
4.新增Clients:minio
Root URL=http://192.168.30.128:3080/
Access Type=confidential
Authorization Enabled=true
Valid Redirect URIs=mino ui的地址: http://192.168.30.128:32002/*
新增mappers:
User Attribute=policy
Token Claim Name=policy
Claim JSON Type=string
5.新增group
attributes: policy=consoleAdmin
6.用户加入group
Available Groups: join
配置minio openid
Config URL: http://192.168.30.128:3080/auth/realms/${realm}/.well-known/openid-configuration
Client ID: minio
Secret ID: 在Clients->minio->Credentials->Secret
新增minio access
可以修改group policy
下面是正对bucket级别配置readonly权限
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::test1/*"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::test2/*"
]
}
]
}
github参考:https://github.com/minio/minio/blob/master/docs/sts/keycloak.md