Minio Services
Minio is an object storage server that's compatible with the Amazon S3 cloud storage service. You can store photos, videos, VMs, containers, log files, or any blob of data as objects. The Minio service gateway creates a new Minio server instance running as a job in your cluster. Data you store on the Minio server is persisted by an APCFS (NFS) service. You can optionally create an instance of the Minio browser to manage your Minio server's buckets and files.
- Creating Minio services
- Binding a job to a Minio service
- Enabling and using the Minio browser
- Service gateway
- Policy
Creating Minio services
To create a Minio service you use the apc service create <service-name>
command and specify minio
as the --type
parameter. You must also specify a persistence_provider
parameter that specifies the APCFS (NFS) provider to use to create NFS services. The specified provider is used to create NFS services to persist data you upload to the Minio server, as well as persist Minio credentials and configuration data.
For example, the following creates a Minio service named photostore
and creates a Minio browser:
apc service create photostore --type minio -- \
--persistence_provider provider::/apcera/providers::apcfs --minio_browser true
╭─────────────────────────────────────────────────────╮
│ Service Creation Settings │
├───────────────┬─────────────────────────────────────┤
│ Service: │ service::/sandbox/admin::photostore │
│ Service Type: │ minio │
╰───────────────┴─────────────────────────────────────╯
Is this correct? [Y/n]:
Creating service... done
Success!
The apc service list
command displays three related services: the Minio service you created, as well as two supporting NFS services used to persist your app data, as well as configuration data for Minio service, respectively.
apc service list
Working in "/sandbox/admin"
╭───────────────────────────────────┬───────┬────────────────┬────────────────────────────────────┬─────────────╮
│ Name │ Type │ Namespace │ Provider │ Description │
├───────────────────────────────────┼───────┼────────────────┼────────────────────────────────────┼─────────────┤
│ photostore │ minio │ /sandbox/admin │ │ │
│ persistence_for_photostore_config │ nfs │ /sandbox/admin │ provider::/apcera/providers::apcfs │ │
│ persistence_for_photostore_data │ nfs │ /sandbox/admin │ provider::/apcera/providers::apcfs │ │
╰───────────────────────────────────┴───────┴────────────────┴────────────────────────────────────┴─────────────╯
Note: The dependent NFS services are deleted if you delete the Minio service.
Binding a job to a Minio service
You use the apc service bind
command to bind a Minio service to a job. The binding creates new environment variables on the bound job that contain the connection string for the Minio service. For example, the following binds a Minio service named photostore
to a job named photo_app
:
apc service bind photostore --job photo_app
╭─────────────────────────────╮
│ Service Bind Settings │
├───────────┬─────────────────┤
│ App Name: │ minio_node_test │
│ Service: │ photostore │
╰───────────┴─────────────────╯
Is this correct? [Y/n]:
Binding service "photostore" to "minio_node_test"...
╭────────────────────────────────────────╮
│ Binding Environment Variables │
├────────────────────────────────────────┤
│ "B057E90AA5D148D687C77918B0B30F87_URI" │
│ "PHOTOSTORE_URI" │
│ "S3_URI" │
╰────────────────────────────────────────╯
Success!
Each environment variable set on the job contains an s3://
connection string to access the Minio service in the following form, where <access-key>
and <secret-key
> are the Minio service keys.
s3://<access-key>:<secret-key>@<host-ip>:<port>
Your application can parse this string into its constituent parts (endpoint, access key, private key), or you can set environment variables on the app to extract the connection parts into environment variables. For example, the following environment variables, set on the bound job, extract the connection string for the bound Minio service (photostore
) into the three environment variables.
MINIO_ACCESSKEY={{(binding_service "photostore").URI.User}}
MINIO_SECRETKEY={{(binding_service "photostore").URI.Password}}
MINIO_ENDPOINT={{(binding_service "photostore").URI.Host}}:{{(binding_service "photostore").URI.Port}}
For example:
apc app update myapp --env-set 'MINIO_ACCESSKEY={{(binding_service "photostore").URI.User}}'
At runtime, these environment variables would contain the following values:
MINIO_ENDPOINT=169.254.0.28:10000
MINIO_ACCESSKEY=LT3QTJCAW2HCGHBTQGM2
MINIO_SECRETKEY=2uLFal98DLN1wsdWStihoqBFJbWjVbuH6SIqgw2g
Enabling and using the Minio browser
If you include the --minio_browser true
option when you create a Minio service, the service gateway creates a Minio browser that provides a basic UI for managing buckets and files in your Minio instance. The name of the Minio browser job is composed of the name of your Minio service prefixed by "minio/".
For example, if you create a Minio service named "photostore" with the --minio_browser true
option then the corresponding Minio browser job is named "minio/photostore", as shown below.
apc job list
Working in "/sandbox/admin"
╭──────────────────┬──────┬────────────────┬─────────┬───────────╮
│ Name │ Type │ Namespace │ Status │ Instances │
├──────────────────┼──────┼────────────────┼─────────┼───────────┤
│ minio/photostore │ job │ /sandbox/admin │ started │ 1/1 │
╰──────────────────┴──────┴────────────────┴─────────┴───────────╯
Note: The Minio browser job is deleted if you delete the corresponding Minio service.
To get the the route assigned to the Minio browser app, you can use the apc route list
command:
apc route list -l
Working in "/sandbox/admin"
╭──────┬─────────────────────────────────────────┬────────┬───────────────────────────────────────┬──────────────────────────────────────╮
│ Type │ Endpoint │ Weight │ Job FQN │ Job UUID │
├──────┼─────────────────────────────────────────┼────────┼───────────────────────────────────────┼──────────────────────────────────────┤
│ http │ minio-e376td.example.apcera-platform.io │ auto │ job::/sandbox/admin::minio/photostore │ dd5663d4-a033-464b-9a3d-8126f23334b9 │
╰──────┴─────────────────────────────────────────┴────────┴───────────────────────────────────────┴──────────────────────────────────────╯
To log in to your Minio browser you need the access key and secret generated by the service gateway. This information is only available as an environment variable on the job that was bound to the Minio service. For example, as explained in this brief tutorial you can SSH to the bound application to view the credentials.
Tutorial: Accessing the Minio browser
In this tutorial you create a capsule and bind it to a Minio service. You then SSH into the capsule to view the content of the environment variable that contains the credentials you can use to log in to the Minio browser.
Steps:
-
Create a new capsule:
apc capsule create minio_testapp --image linux
-
Create a Minio service:
apc service create minio_service --type minio -- \ --persistence_provider /apcera/providers::apcfs --minio_browser true
-
Bind the serviceto the capsule:
apc service bind minio_service --job minio_testapp
-
Connect to the capsule:
apc capsule connect minio_testapp
-
Run
env | grep 'MINIO_SERVICE_URI'
to view the connection string for the Minio service, e.g.:env | grep 'MINIO_SERVICE_URI' MINIO_SERVICE_URI=s3://XN3JHR29LLPK2N0K23S9:xJfhDkJEm2QYU3MORENk13IxqYOYpPyHsq3szIMZ@169.254.0.6:10000
Note the access key and secret (
XN3JHR29LLPK2N0K23S9
andxJfhDkJEm2QYU3MORENk13IxqYOYpPyHsq3szIMZ
, in this case). - Find the route to your Minio browser (as explained above) and open it in a web browser.
-
Enter your credentials to login.
You can use the Minio browser to create buckets and upload files to your Minio instance.
Service gateway
To create Minio services the minio
service gateway is required. To verify that you have this gateway run the following command and look for the minio
service type, for example:
apc gateway list -ns /
Working in "/"
╭──────────┬──────────┬──────────────────────────┬─────────┬───────────╮
│ Name │ Type │ Namespace │ Status │ Instances │
├──────────┼──────────┼──────────────────────────┼─────────┼───────────┤
│ generic │ generic │ /apcera/service-gateways │ started │ 1/1 │
│ gnatsd │ gnatsd │ /apcera/service-gateways │ started │ 1/1 │
│ http │ http │ /apcera/service-gateways │ started │ 1/1 │
│ ipm │ ipm │ /apcera/service-gateways │ started │ 1/1 │
│ memcache │ memcache │ /apcera/service-gateways │ started │ 1/1 │
│ minio │ minio │ /apcera/service-gateways │ started │ 1/1 │
│ mongodb │ mongodb │ /apcera/service-gateways │ started │ 1/1 │
│ mysql │ mysql │ /apcera/service-gateways │ started │ 1/1 │
│ network │ network │ /apcera/service-gateways │ started │ 1/1 │
│ nfs │ nfs │ /apcera/service-gateways │ started │ 1/1 │
│ postgres │ postgres │ /apcera/service-gateways │ started │ 1/1 │
│ rabbitmq │ rabbitmq │ /apcera/service-gateways │ started │ 1/1 │
│ redis │ redis │ /apcera/service-gateways │ started │ 1/1 │
│ s3 │ s3 │ /apcera/service-gateways │ started │ 1/1 │
│ smb │ smb │ /apcera/service-gateways │ started │ 1/1 │
╰──────────┴──────────┴──────────────────────────┴─────────┴───────────╯
Policy
Policy is required to use the minio
service gateway to create services and to view that the persistence_provider
or minio_browser
options are enabled.
The following claims are supported:
on gateway::/apcera/service-gateways::minio {
{ permit use }
{ serviceParam persistence_provider, minio_browser }
}
The permit use
claim on the minio
gateway lets you create Minio services. The serviceParam persistence_provider, minio_browser
claim lets you view those service parameters in APC or Web Console.
For example, with both the --persistence_provider
and minio_browser
options enabled on a Minio service and the serviceParam persistence_provider, minio_browser
policy claims in place, apc service show
provides the following information:
apc service show photostore
╭───────────────────────┬─────────────────────────────────────────╮
│ Service: │ photostore │
├───────────────────────┼─────────────────────────────────────────┤
│ FQN: │ service::/sandbox/admin::photostore │
│ UUID: │ ab50ef04-5b1b-432e-8538-790fed8d5877 │
│ Type: │ minio │
│ persistence_provider: │ provider::/apcera/providers::apcfs │
│ minio_browser: │ true │
│ Completion Status: │ created │
│ │ │
│ Created by: │ admin@apcera.me │
│ Created at: │ 2016-10-03 23:32:45.894088176 +0000 UTC │
╰───────────────────────┴─────────────────────────────────────────╯
Lastly, to consume Minio services, both the service and the job must have permit bind
policy claims. See service policy examples.