Minio集成keycloak做权限管理

minio

单机安装

#!/bin/bash

docker stop minio
docker rm   minio

docker run -d  --name minio \
--network=host \
--restart=always \
-e "MINIO_ROOT_USER=minioadmin" \
-e "MINIO_ROOT_PASSWORD=minioadmin" \
quay.io/minio/minio server \
--address ":32001" \
--console-address ":32002" \
/data

docker logs minio -f

集群安装

#!/bin/bash

docker stop node1 node2 node3 node4
docker rm   node1 node2 node3 node4

for i in {1..4}; do
docker run -d  --name node${i} \
--network=host \
--restart=always \
-e "MINIO_ROOT_USER=minioadmin" \
-e "MINIO_ROOT_PASSWORD=minioadmin" \
-v $(pwd)/data/data${i}:/data \
quay.io/minio/minio server \
--address ":1001${i}" \
--console-address ":1002${i}" \
http://192.168.30.128:1001{1...4}/data
done

keycloak

#!/bin/bash

docker stop keycloak
docker rm   keycloak

docker run -d \
--name=keycloak \
--restart=always \
-e KEYCLOAK_USER=admin \
-e KEYCLOAK_PASSWORD=admin \
-p 3080:8080 \
-p 9990:9990 \
jboss/keycloak

docker logs keycloak -f 

配置keycloak

1.新增realm:minio

2.新增user: minio
credentials: 设置密码

4.新增Clients:minio
Root URL=http://192.168.30.128:3080/
Access Type=confidential
Authorization Enabled=true
Valid Redirect URIs=mino ui的地址: http://192.168.30.128:32002/*
新增mappers:
User Attribute=policy
Token Claim Name=policy
Claim JSON Type=string

5.新增group
attributes: policy=consoleAdmin

6.用户加入group
Available Groups: join

配置minio openid

Config URL: http://192.168.30.128:3080/auth/realms/${realm}/.well-known/openid-configuration
Client ID: minio
Secret ID: 在Clients->minio->Credentials->Secret

新增minio access

可以修改group policy
下面是正对bucket级别配置readonly权限

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::test1/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::test2/*"
            ]
        }
    ]
}

github参考:https://github.com/minio/minio/blob/master/docs/sts/keycloak.md

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值