Minio

Server

Client

Github
Golang
MinIO Client docs
Comes with pre-configured sandbox play store (mc ls play)

Install

Install with brew: brew install minio/stable/mc

Arch:

sudo pacman -S minio-client
alias mc=/usr/bin/mcli

Binary download:

wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
mv mc /usr/local/bin/

Autocompletion

Doesn't work well.

Setup autocompletion (updates i.e. ~/.zshrc):

mc --autocompletion

Config

Setup new store with credentials:

Config incl. configured aliases: ~/.mc/config.json

Varac's store:

mc alias set pinenas-pub-varac $URL $ACCESSKEY $SECRETKEY

Show all configured aliases:

mc alias ls

Usage

Create bucket:

mc mb varac/test

List buckets:

mc ls varac/test

Copy a file:

mc cp minicom.log varac/test

Find all files in bucket/prefix:

mc find varac/test

Stats / disk usage

Overall stats:

mc stat varac/

Bucket stats:

mc stat varac/test

Disk usage per dir:

mc du varac/test

Admin client usage

Minio admin client docs
- User managment

Permissions

Login to admin console
Create access key
Grant access key admin:XYZ privileges, see Admin Policy Action Keys or admin:* (Beware !)

Show info (needs admin credentials configured):

mc admin info pinenas-pub-admin

Create a user:

mc admin user add pinenas-pub-admin newuser newusersecret

Add serviceaccount to varac's account:

mc admin user svcacct add pinenas-pub-varac varac \
  --name restic-zancas \
  --description "Restic backup on zancas"

Show information about accesskey including attached policy:

mc admin user svcacct info restic-zancas ACCESSKEY --policy

List all Serviceaccounts associated to an account:

mc admin user svcacct list pinenas-pub-admin varac

Dump readwrite (default) policy and write to file:

mc admin policy info pinenas-pub-admin readwrite | \
  jq .Policy > ~/projects/cloud/storage/minio/policy.readwrite.json

Restrict bucket access on Serviceaccount:

jq '.Statement[0].Resource = ["arn:aws:s3:::restic.zancas/*"]' \
  ~/projects/cloud/storage/minio/policy.readwrite.json > /tmp/policy-new.json
mc admin user svcacct edit --policy /tmp/policy-new.json \
  pinenas-pub-admin ACCESSKEY

Minio directpv

Minio's CSI driver

Install directpv krew plugin

kubectl krew install directpv

Install CSI driver with helm chart

Official helm chart
- Last chart version update 2023-12, but recent commits to templates/
- No value templating, plain manifests
- No Helm chart repository
- No way to Configure replicas
- Hardcoded Namespace
nineinfra-charts/minio-directpv
- Chart source
- 4 commits, one relase, last update 2023-11

Install CSI driver manually

Only use this method for testing, the helm chart method should be preferred.

Install DirectPV in all Kubernetes nodes:

kubectl directpv install

This will install the following resources:

┌──────────────────────────────────────┬──────────────────────────┐
│ NAME                                 │ KIND                     │
├──────────────────────────────────────┼──────────────────────────┤
│ directpv                             │ Namespace                │
│ directpv-min-io                      │ ServiceAccount           │
│ directpv-min-io                      │ ClusterRole              │
│ directpv-min-io                      │ ClusterRoleBinding       │
│ directpv-min-io                      │ Role                     │
│ directpv-min-io                      │ RoleBinding              │
│ directpvdrives.directpv.min.io       │ CustomResourceDefinition │
│ directpvvolumes.directpv.min.io      │ CustomResourceDefinition │
│ directpvnodes.directpv.min.io        │ CustomResourceDefinition │
│ directpvinitrequests.directpv.min.io │ CustomResourceDefinition │
│ directpv-min-io                      │ CSIDriver                │
│ directpv-min-io                      │ StorageClass             │
│ node-server                          │ Daemonset                │
│ controller                           │ Deployment               │
└──────────────────────────────────────┴──────────────────────────┘