-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: minio service #297
base: releases/v18
Are you sure you want to change the base?
feat: minio service #297
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice start!
I added some comments for small stuff, did not try to deploy it yet.
Once the PR is close to merge, it would be nice if you can add the start of a documentation file at docs/object-store.md
.
For now it would only concern Minio, but it could include S3 docs for Bento at large in the future.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
another minor note: some files are missing terminal newlines to make them valid POSIX text files; these show up as the red circles with dashes through them on GitHub - it's not essential, but these would be good to add.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
left some notes on the changes themselves.
when I try to log into the minio console using root/my root password, it gives me an "invalid login" message. are there any additional steps I need to do here?
EDIT - nevermind, was using wrong username :)
also, we should fill out the v18 migration guide for how to set this up when you have a chance - maybe you can start by writing the steps needed to set up minio in the pull request description?
lib/minio/docker-compose.minio.yaml
Outdated
test: ["CMD", "mc", "ready", "local"] | ||
interval: 5s | ||
timeout: 5s | ||
retries: 5 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
use standard healthcheck settings for dependency-type services (see databases elsewhere in this repo for examples)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@davidlougheed I updated the healthcheck with standard settings, just tell me if everything is ok?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
API routing testing
Tried out the branch locally, managed to go in the console to create credentials and create a bucket with s3cmd. Did some diagnosis on HTTPS and routing issues.
s3cmd CLI tool
S3cmd is an helpful CLI tool to test API connections with an S3 endpoint.
For s3cmd you usually create a config file per endpoint, I made mine at ~/.s3cfg-minio
# Setup endpoint (get API IP with 'bentoctl logs minio')
host_base = 172.16.28.2:9000
host_bucket = 172.16.28.2:9000
use_https = False
# Setup access keys
access_key = <GET FROM YOUR LOCAL MINIO SERVER>
secret_key = <SAME>
Then, using this configuration file I was able to create and list buckets:
# create bucket
s3cmd -c ~/.s3cfg-minio mb s3://test
# list buckets at /
s3cmd -c ~/.s3cfg-minio ls s3://
In the current state of the PR I only managed to connect to the API with HTTP and the plain IP (more on why bellow).
Like keycloak, minio seems to be pretty capricious with TLS and hostnames, so here are some considerations:
- When I used
bentov2.local/api/minio
forhost_base
andhost_bucket
, with HTTPS enabled, there is a certificate validation error.- For TLS connections, Minio requires a certificate (docs).
- We can use the
minio.bentov2.local
subdomain to issue certificates, it will help avoid routing issues with the S3 API as well. - Self-signed certs can be generated and mounted to the container like we do with Keycloak using
./bentoctl.bash init-certs
More quirks from my s3cmd
experiments:
bentov2.local/api/minio
forhost_base
andhost_bucket
with HTTP breaks the routing, since the Bento gateway does a 301 permanent redirect from HTTP to HTTPS on all requests.- So using the IP on the Docker network with plain HTTP requests is the only way I found to connect to minio's API right now.
@v-rocheleau I started writing object-store.md and I only put the doc linked to minio but I will improve it once the drop-box + drs service has been modified. |
@davidlougheed all errors related to "missing terminal newlines" should be resolved. I had a problem with my Visual Studio Code which removed this terminal newline each time I saved a file (.yaml & .json), this should no longer happen! |
@davidlougheed I updated the v18 migrating guide with the steps to activate minio. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
consistent capitalization requests. otherwise, looks good to me!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm. @v-rocheleau look good to you?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Missed something
No description provided.