Perform MinIO Configurations
This content is not available in your language yet.
Create a Dedicated Access Key/Secret for a Service to Access S3 on MinIO
Section titled “Create a Dedicated Access Key/Secret for a Service to Access S3 on MinIO”-
Login to MinIO with Administrator
adminCredentials -
Go to
User>Access Keys
-
Create access key by Clicking on
Create access key +Create Access Key/Secret according to your needs
- Set Access Key/Secret Key (or Use the randomized by MinIO (Recommended))
- Set the
NameandDescriptionfor Key Information
Set Policy
- Allow to only a
<YOUR-BUCKET-NAME>bucket access with User Policy
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:*"],"Resource": ["arn:aws:s3:::<YOUR-BUCKET-NAME>/*"]}]}
For this instance, an Access Key/Secret Key for using with Grafana Loki
- Optionally Set Access Key
grafana-loki - Optionally Set Secret Key
P@ssw0rd- You can leave the default generated (Recommended) or change it to be on your own control
- Policy: Allow Everything to buckets used by Grafana Mimir
grafana-loki-tsdb,grafana-loki-rulerwith User Policy - Set the
NameandDescriptionfor Key Information- Name: grafana-loki
- Description: Access for Grafana Loki
- Set Expiry to not expired (Long-live Token)
{"Version": "2012-10-17","Statement": [{"Effect": "Allow","Action": ["s3:*"],"Resource": ["arn:aws:s3:::grafana-loki-chunks/*","arn:aws:s3:::grafana-loki-ruler/*"]}]}
Create Access Keys List
Section titled “Create Access Keys List”Use the previous guide to create Access Keys for services by the following.
9 Access Keys
| Service | Policy | Buckets | Long-live Token |
|---|---|---|---|
| Vault | Allow all S3 operations: s3:* | vault | ✅ |
| Harbor | Allow all S3 operations: s3:* | harbor | ✅ |
| Opstella | Allow all S3 operations: s3:* | opstella-web | ✅ |
| GitLab CI | Allow all S3 operations: s3:* | gitlab-ci-caches | ✅ |
| GitLab Backup | Allow all S3 operations: s3:* | gitlab-backups | ✅ |
| Velero | Allow all S3 operations: s3:* | k8s-velero-backups | ✅ |
| Grafana Mimir | Allow all S3 operations: s3:* | grafana-mimir-tsdb grafana-mimir-alertmanager grafana-mimir-ruler | ✅ |
| Grafana Loki | Allow all S3 operations: s3:* | grafana-loki-chunks grafana-loki-ruler | ✅ |
| Grafana Tempo | Allow all S3 operations: s3:* | grafana-tempo-tsdb | ✅ |
Access Key/Secret Key Testing
Section titled “Access Key/Secret Key Testing”You can test your credential with mc, MinIO CLI
-
Set Alias with Credential
export MINIO_DSO_ACCESS_KEY="CHANGEME"export MINIO_DSO_ACCESS_SECRET="CHANGEME"Terminal window mc alias set minio https://minio-api.${BASE_DOMAIN} \${MINIO_DSO_ACCESS_KEY} ${MINIO_DSO_ACCESS_SECRET}Added `minio` successfully. -
List out of accessable buckets
Terminal window mc ls minio... (deducted)[XXXX-XX-XX YY:YY:YY +ZZ] 0B opstella-web/[XXXX-XX-XX YY:YY:YY +ZZ] 0B vault/ -
Try to write a file, it should writable
Terminal window echo "Test MinIO" > test.txtmc cp test.txt minio/opstella-webrm test.txt...XXXX/test.txt: 0 B / ? ┃░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░░▓┃ -
Try browsing the bucket, it should be appeared in the bucket
If success, you may remove the test file.
Finished?
Use the below navigation to proceed