Minio Services

Minio is an object storage server that's compatible with the Amazon S3 cloud storage service. You can store photos, videos, VMs, containers, log files, or any blob of data as objects. The Minio service gateway creates a new Minio server instance running as a job in your cluster. Data you store on the Minio server is persisted by an APCFS (NFS) service. You can optionally create an instance of the Minio browser to manage your Minio server's buckets and files.

Creating Minio services

To create a Minio service you use the apc service create <service-name> command and specify minio as the --type parameter. You must also specify a persistence_provider parameter that specifies the APCFS (NFS) provider to use to create NFS services. The specified provider is used to create NFS services to persist data you upload to the Minio server, as well as persist Minio credentials and configuration data.

For example, the following creates a Minio service named photostore and creates a Minio browser:

apc service create photostore --type minio -- \ 
--persistence_provider provider::/apcera/providers::apcfs --minio_browser true
╭─────────────────────────────────────────────────────╮
│              Service Creation Settings              │
├───────────────┬─────────────────────────────────────┤
│      Service: │ service::/sandbox/admin::photostore │
│ Service Type: │ minio                               │
╰───────────────┴─────────────────────────────────────╯

Is this correct? [Y/n]: 
Creating service... done
Success!

The apc service list command displays three related services: the Minio service you created, as well as two supporting NFS services used to persist your app data, as well as configuration data for Minio service, respectively.

apc service list                               
Working in "/sandbox/admin"
╭───────────────────────────────────┬───────┬────────────────┬────────────────────────────────────┬─────────────╮
│ Name                              │ Type  │ Namespace      │ Provider                           │ Description │
├───────────────────────────────────┼───────┼────────────────┼────────────────────────────────────┼─────────────┤
│ photostore                        │ minio │ /sandbox/admin │                                    │             │
│ persistence_for_photostore_config │ nfs   │ /sandbox/admin │ provider::/apcera/providers::apcfs │             │
│ persistence_for_photostore_data   │ nfs   │ /sandbox/admin │ provider::/apcera/providers::apcfs │             │
╰───────────────────────────────────┴───────┴────────────────┴────────────────────────────────────┴─────────────╯

Note: The dependent NFS services are deleted if you delete the Minio service.

Binding a job to a Minio service

You use the apc service bind command to bind a Minio service to a job. The binding creates new environment variables on the bound job that contain the connection string for the Minio service. For example, the following binds a Minio service named photostore to a job named photo_app:

apc service bind photostore --job photo_app
╭─────────────────────────────╮
│    Service Bind Settings    │
├───────────┬─────────────────┤
│ App Name: │ minio_node_test │
│  Service: │ photostore      │
╰───────────┴─────────────────╯

Is this correct? [Y/n]: 
Binding service "photostore" to "minio_node_test"...
╭────────────────────────────────────────╮
│     Binding Environment Variables      │
├────────────────────────────────────────┤
│ "B057E90AA5D148D687C77918B0B30F87_URI" │
│ "PHOTOSTORE_URI"                       │
│ "S3_URI"                               │
╰────────────────────────────────────────╯
Success!

Each environment variable set on the job contains an s3:// connection string to access the Minio service in the following form, where <access-key> and <secret-key> are the Minio service keys.

s3://<access-key>:<secret-key>@<host-ip>:<port>

Your application can parse this string into its constituent parts (endpoint, access key, private key), or you can set environment variables on the app to extract the connection parts into environment variables. For example, the following environment variables, set on the bound job, extract the connection string for the bound Minio service (photostore) into the three environment variables.

  • MINIO_ACCESSKEY={{(binding_service "photostore").URI.User}}
  • MINIO_SECRETKEY={{(binding_service "photostore").URI.Password}}
  • MINIO_ENDPOINT={{(binding_service "photostore").URI.Host}}:{{(binding_service "photostore").URI.Port}}

For example:

apc app update myapp --env-set 'MINIO_ACCESSKEY={{(binding_service "photostore").URI.User}}'

At runtime, these environment variables would contain the following values:

MINIO_ENDPOINT=169.254.0.28:10000
MINIO_ACCESSKEY=LT3QTJCAW2HCGHBTQGM2
MINIO_SECRETKEY=2uLFal98DLN1wsdWStihoqBFJbWjVbuH6SIqgw2g

Enabling and using the Minio browser

If you include the --minio_browser true option when you create a Minio service, the service gateway creates a Minio browser that provides a basic UI for managing buckets and files in your Minio instance. The name of the Minio browser job is composed of the name of your Minio service prefixed by "minio/".

For example, if you create a Minio service named "photostore" with the --minio_browser true option then the corresponding Minio browser job is named "minio/photostore", as shown below.

apc job list
Working in "/sandbox/admin"
╭──────────────────┬──────┬────────────────┬─────────┬───────────╮
│ Name             │ Type │ Namespace      │ Status  │ Instances │
├──────────────────┼──────┼────────────────┼─────────┼───────────┤
│ minio/photostore │ job  │ /sandbox/admin │ started │ 1/1       │
╰──────────────────┴──────┴────────────────┴─────────┴───────────╯

Note: The Minio browser job is deleted if you delete the corresponding Minio service.

To get the the route assigned to the Minio browser app, you can use the apc route list command:

apc route list -l
Working in "/sandbox/admin"
╭──────┬─────────────────────────────────────────┬────────┬───────────────────────────────────────┬──────────────────────────────────────╮
│ Type │ Endpoint                                │ Weight │ Job FQN                               │ Job UUID                             │
├──────┼─────────────────────────────────────────┼────────┼───────────────────────────────────────┼──────────────────────────────────────┤
│ http │ minio-e376td.example.apcera-platform.io │ auto   │ job::/sandbox/admin::minio/photostore │ dd5663d4-a033-464b-9a3d-8126f23334b9 │
╰──────┴─────────────────────────────────────────┴────────┴───────────────────────────────────────┴──────────────────────────────────────╯

To log in to your Minio browser you need the access key and secret generated by the service gateway. This information is only available as an environment variable on the job that was bound to the Minio service. For example, as explained in this brief tutorial you can SSH to the bound application to view the credentials.

Tutorial: Accessing the Minio browser

In this tutorial you create a capsule and bind it to a Minio service. You then SSH into the capsule to view the content of the environment variable that contains the credentials you can use to log in to the Minio browser.

Steps:

  1. Create a new capsule:

     apc capsule create minio_testapp --image linux
    
  2. Create a Minio service:

     apc service create minio_service --type minio -- \
     --persistence_provider /apcera/providers::apcfs --minio_browser true
    
  3. Bind the serviceto the capsule:

     apc service bind minio_service --job minio_testapp
    
  4. Connect to the capsule:

     apc capsule connect minio_testapp
    
  5. Run env | grep 'MINIO_SERVICE_URI' to view the connection string for the Minio service, e.g.:

     env | grep 'MINIO_SERVICE_URI'
     MINIO_SERVICE_URI=s3://XN3JHR29LLPK2N0K23S9:xJfhDkJEm2QYU3MORENk13IxqYOYpPyHsq3szIMZ@169.254.0.6:10000
    

    Note the access key and secret (XN3JHR29LLPK2N0K23S9 and xJfhDkJEm2QYU3MORENk13IxqYOYpPyHsq3szIMZ, in this case).

  6. Find the route to your Minio browser (as explained above) and open it in a web browser.
  7. Enter your credentials to login.

    Alt text

    You can use the Minio browser to create buckets and upload files to your Minio instance.

    Alt text

Service gateway

To create Minio services the minio service gateway is required. To verify that you have this gateway run the following command and look for the minio service type, for example:

apc gateway list -ns /
Working in "/"
╭──────────┬──────────┬──────────────────────────┬─────────┬───────────╮
│ Name     │ Type     │ Namespace                │ Status  │ Instances │
├──────────┼──────────┼──────────────────────────┼─────────┼───────────┤
│ generic  │ generic  │ /apcera/service-gateways │ started │ 1/1       │
│ gnatsd   │ gnatsd   │ /apcera/service-gateways │ started │ 1/1       │
│ http     │ http     │ /apcera/service-gateways │ started │ 1/1       │
│ ipm      │ ipm      │ /apcera/service-gateways │ started │ 1/1       │
│ memcache │ memcache │ /apcera/service-gateways │ started │ 1/1       │
│ minio    │ minio    │ /apcera/service-gateways │ started │ 1/1       │
│ mongodb  │ mongodb  │ /apcera/service-gateways │ started │ 1/1       │
│ mysql    │ mysql    │ /apcera/service-gateways │ started │ 1/1       │
│ network  │ network  │ /apcera/service-gateways │ started │ 1/1       │
│ nfs      │ nfs      │ /apcera/service-gateways │ started │ 1/1       │
│ postgres │ postgres │ /apcera/service-gateways │ started │ 1/1       │
│ rabbitmq │ rabbitmq │ /apcera/service-gateways │ started │ 1/1       │
│ redis    │ redis    │ /apcera/service-gateways │ started │ 1/1       │
│ s3       │ s3       │ /apcera/service-gateways │ started │ 1/1       │
│ smb      │ smb      │ /apcera/service-gateways │ started │ 1/1       │
╰──────────┴──────────┴──────────────────────────┴─────────┴───────────╯

Policy

Policy is required to use the minio service gateway to create services and to view that the persistence_provider or minio_browser options are enabled.

The following claims are supported:

on gateway::/apcera/service-gateways::minio {
  { permit use }
  { serviceParam persistence_provider, minio_browser }
}

The permit use claim on the minio gateway lets you create Minio services. The serviceParam persistence_provider, minio_browser claim lets you view those service parameters in APC or Web Console.

For example, with both the --persistence_provider and minio_browser options enabled on a Minio service and the serviceParam persistence_provider, minio_browser policy claims in place, apc service show provides the following information:

apc service show photostore
╭───────────────────────┬─────────────────────────────────────────╮
│ Service:              │ photostore                              │
├───────────────────────┼─────────────────────────────────────────┤
│ FQN:                  │ service::/sandbox/admin::photostore     │
│ UUID:                 │ ab50ef04-5b1b-432e-8538-790fed8d5877    │
│ Type:                 │ minio                                   │
│ persistence_provider: │ provider::/apcera/providers::apcfs      │
│ minio_browser:        │ true                                    │
│ Completion Status:    │ created                                 │
│                       │                                         │
│ Created by:           │ admin@apcera.me                         │
│ Created at:           │ 2016-10-03 23:32:45.894088176 +0000 UTC │
╰───────────────────────┴─────────────────────────────────────────╯

Lastly, to consume Minio services, both the service and the job must have permit bind policy claims. See service policy examples.