loki文件系统相关

Loki 日志系统分布式部署实践四 minio

2020-12-04  本文已影响0人  kong62

说明

loki 支持文件系统、对象存储、NoSQL,对象存储大多都要使用公有云,但所幸的是它支持了 aws s3 兼容的存储,那么这里就可以使用 ceph rgw 和 minio,本篇部署 minio

说明

对象存储在云环境下是一种基础设施,在大数据、AI领域可以将它作为基本的存储方式。Spark、TensorFlow 都可以使用对象存储,它也可以作为 HDFS 的代替者。
minio 出品自一个有着多年网络文件系统开发经验的团队,其初始创始团队都来自于原 Glusterfs 团队,该团队二次创业的产品 minio 的设计广泛吸取了 glusterfs 的经验和教训:

MinIO 是一个开源的对象存储解决方案,特点包括:

  1. 高性能: 作为高性能对象存储,在标准硬件条件下它能达到 55GB/s 的读、35GG/s 的写速率
  2. 可扩容: 不同 MinIO 集群可以组成联邦,并形成一个全局的命名空间,并跨越多个数据中心,可按 zone 扩展(原 zone 不受任何影响),支持单个对象最大 5TB;
  3. 云原生: 容器化、基于 K8S 的编排、多租户支持
  4. 兼容性: 兼容 S3 API 这一事实上的对象存储标准,最先支持 S3 Select
  5. 简单: 这一设计原则让 MinIO 不容易出错、更快启动。一个 single 二进制文件即是一切,还可支持各种平台。(托了 go 语言的福)
  6. 支持纠删码: MinIO 使用纠删码(不是副本机制)、Checksum 来防止硬件错误和静默数据污染(Bit Rot,在没有任何信号的情况下磁盘发生数据错误)。在最高冗余度配置下,即使丢失 1/2 的磁盘也能恢复数据。低冗余且磁盘损坏高容忍,标准且最高的数据冗余系数为 2(即存储一个 1M 的数据对象,实际占用磁盘空间为 2M)。但在任意 n/2 块 disk 损坏的情况下依然可以读出数据(n 为一个纠删码集合(Erasure Coding Set)中的 disk 数量)。并且这种损坏恢复是基于单个对象的,而不是基于整个存储卷的。


    mini.png

安装

通过 minio-operator 安装:
注意:这里作为一个 kubectl 插件来使用了
下载包:

# wget https://github.com/minio/operator/releases/download/v3.0.28/kubectl-minio_3.0.28_linux_amd64
# mv kubectl-minio_3.0.28_linux_amd64 /usr/local/bin/kubectl-minio
# chmod +x /usr/local/bin/kubectl-minio
# kubectl plugin list
The following compatible plugins are available:

/usr/local/bin/kubectl-minio

查看帮助:

# kubectl minio

kubectl plugin to manage MinIO operator CRDs.

Usage:
  minio [command]

Available Commands:
  delete      Delete MinIO Operator deployment
  help        Help about any command
  init        Initialize MinIO Operator deployment
  tenant      Manage MinIO tenant

Flags:
  -h, --help   help for minio

Use "minio [command] --help" for more information about a command.

安装 minio-operator

注意:可以使用 -o(不是 -o yaml)导出 minio-operator 的 yaml 进行手工修改部署(但是不全,缺少了 apiVersion、kind 等字段)

# kubectl create ns minio
# kubectl minio init --namespace minio --image harbor.sit.hupu.io/k8s/k8s-operator:v3.0.28
CustomResourceDefinition tenants.minio.min.io: created
ClusterRole minio-operator-role: created
ServiceAccount minio-operator: created
ClusterRoleBinding minio-operator-binding: created
MinIO Operator Deployment minio-operator: created

查看:

# kubectl get pod -n minio 
NAME                              READY   STATUS    RESTARTS   AGE
minio-operator-547f967794-tj54s   1/1     Running   0          48s

# kubectl logs -n minio deployment/minio-operator
I1103 05:51:59.656107       1 main.go:66] Starting MinIO Operator
I1103 05:51:59.658915       1 main-controller.go:236] Setting up event handlers
I1103 05:51:59.658983       1 main-controller.go:692] Starting Tenant controller
I1103 05:51:59.658994       1 main-controller.go:695] Waiting for informer caches to sync
I1103 05:51:59.859139       1 main-controller.go:700] Starting workers

minio 支持多种 server 启动模式

  1. standalone mode 单节点单盘
# minio server data
  1. standalone mode 单节点 4 盘纠删码
# minio server data1 data2 data3 data4

minio server 启动支持语法糖 - 省略号语法:

# minio server data{1...4}
  1. distributed mode 多节点纠删码(每节点 4 盘)
    在 distributed mode 下,minio server 后面的远程的 endpoint 采用 http url 编码格式:
# export MINIO_ACCESS_KEY=<ACCESS_KEY>
# export MINIO_SECRET_KEY=<SECRET_KEY>
# minio server http://host{1...4}:9000/minio/data{1...4}

通过 tenants CR 资源创建 minio 集群:

注意:tenant 是由运营商创建和管理的 MinIO 集群。在创建 tenant 之前,请确保已安装必要的节点和驱动器,并且已创建相关的 PV 或默认的非跨可用区的 storageclass。

# kubectl get sc
NAME                                 PROVISIONER                       RECLAIMPOLICY   VOLUMEBINDINGMODE   ALLOWVOLUMEEXPANSION   AGE
alicloud-disk-efficiency (default)   diskplugin.csi.alibabacloud.com   Delete          Immediate           true                   59d
alicloud-disk-ssd                    diskplugin.csi.alibabacloud.com   Delete          Immediate           true                   59d

要求 MinIO-Operator 创建一个具有 4 节点,总计 16 个卷和 480Gi 总原始容量(每个节点有 4 个 30 Gi 的卷)的 minio 集群:
注意:分布式 Minio 至少需要 4 个节点,使用分布式 Minio 就自动引入了纠删码功能。
注意:这里会返回 Access Key 和 Secret Key

# kubectl minio tenant create --name tenant1 --servers 4 --volumes 16 --capacity 480Gi --namespace minio
MinIO Tenant tenant1 Created

Tenant
Access Key: 790f856e-8d49-4ae1-b37f-2668a16f6558
Secret Key: 85408dd4-84f4-4578-a8f1-e454ddaa7917
Version: minio/minio:RELEASE.2020-10-12T21-53-21Z
ClusterIP Service: tenant1-internal-service

MinIO Console
Access Key: b38a7893-7931-4e59-b3e5-82ebcaa4ccfa
Secret Key: 5883f678-3612-4920-890f-bd383b6a28b5
Version: minio/console:v0.3.14
ClusterIP Service: tenant1-console

查看日志:
注意:几个 error syncing 错误不影响

# kubectl logs -n minio deployment/minio-operator
I1103 06:23:51.386231       1 csr.go:73] Generating private key
I1103 06:23:51.386361       1 csr.go:86] Generating CSR with CN=*.tenant1-hl.minio.svc.cluster.local
I1103 06:23:51.410488       1 csr.go:217] Start polling for certificate of csr/tenant1-minio-csr, every 5s, timeout after 20m0s
I1103 06:23:56.413972       1 csr.go:243] Certificate successfully fetched, creating secret with Private key and Certificate
E1103 06:23:56.418970       1 main-controller.go:778] error syncing 'minio/tenant1': waiting for minio cert
I1103 06:24:01.339533       1 main-controller.go:970] Deploying zone zone-0
I1103 06:24:01.360977       1 csr.go:217] Start polling for certificate of csr/tenant1-console-minio-csr, every 5s, timeout after 20m0s
I1103 06:24:06.364020       1 csr.go:243] Certificate successfully fetched, creating secret with Private key and Certificate
E1103 06:24:06.370130       1 main-controller.go:778] error syncing 'minio/tenant1': waiting for console cert
I1103 06:25:01.356379       1 main-controller.go:970] Deploying zone zone-0
E1103 06:25:02.439244       1 main-controller.go:778] error syncing 'minio/tenant1': MinIO is not ready
E1103 06:26:01.389658       1 main-controller.go:778] error syncing 'minio/tenant1': MinIO is not ready
I1103 06:27:02.500331       1 main-controller.go:773] Successfully synced 'minio/tenant1'
I1103 06:27:07.555954       1 main-controller.go:773] Successfully synced 'minio/tenant1'

大约等待 100s 以后开始创建资源:

# kubectl get all -n minio
NAME                                   READY   STATUS    RESTARTS   AGE
pod/minio-operator-66b7f78db6-nvftv    1/1     Running   0          31m
pod/tenant1-console-5d6d56bbb5-lpf82   1/1     Running   0          16m
pod/tenant1-console-5d6d56bbb5-nqp84   1/1     Running   0          16m
pod/tenant1-zone-0-0                   1/1     Running   0          18m
pod/tenant1-zone-0-1                   1/1     Running   0          18m
pod/tenant1-zone-0-2                   1/1     Running   0          18m
pod/tenant1-zone-0-3                   1/1     Running   0          18m

NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)             AGE
service/minio             ClusterIP   10.96.16.81    <none>        443/TCP             19m
service/tenant1-console   ClusterIP   10.96.239.89   <none>        9090/TCP,9443/TCP   16m
service/tenant1-hl        ClusterIP   None           <none>        9000/TCP            19m

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/minio-operator    1/1     1            1           31m
deployment.apps/tenant1-console   2/2     2            2           16m

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/minio-operator-66b7f78db6    1         1         1       31m
replicaset.apps/tenant1-console-5d6d56bbb5   2         2         2       16m

NAME                              READY   AGE
statefulset.apps/tenant1-zone-0   4/4     18m

# kubectl minio tenant info --name tenant1 -n minio 
+---------+------------------------------------------+--------------------+---------------------+---------+
|    ZONE |                                  SERVERS | VOLUMES PER SERVER | CAPACITY PER VOLUME | VERSION |
+---------+------------------------------------------+--------------------+---------------------+---------+
|       0 |                                        4 |                  4 |                30Gi |         |
+---------+------------------------------------------+--------------------+---------------------+---------+
| VERSION | MINIO/MINIO:RELEASE.2020-10-12T21-53-21Z |                    |                     |         |
+---------+------------------------------------------+--------------------+---------------------+---------+

创建 Ingress

# cat > minio-ingress.yaml <<EOF
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik
  name: minio-web
  namespace: minio
spec:
  rules:
  - host: minio-web.ingress.hupu.io
    http:
      paths:
      - backend:
          serviceName: minio
          servicePort: 443
        path: /
  #tls:
  #- hosts:
  #  - minio-web.ingress.hupu.io
  #  secretName: tenant1-tls
EOF

# kubectl apply -f minio-ingress.yaml
ingress.extensions/minio-web created

查看 secret:

# kubectl get secret -n minio    
NAME                         TYPE                                  DATA   AGE
default-token-75f6m          kubernetes.io/service-account-token   3      41m
minio-operator-token-t55q8   kubernetes.io/service-account-token   3      41m
operator-webhook-secret      Opaque                                3      29m
tenant1-console-secret       Opaque                                5      29m
tenant1-console-tls          Opaque                                2      28m
tenant1-creds-secret         Opaque                                2      29m
tenant1-tls                  Opaque                                2      29m

查看 minio web 账号密码:

# kubectl get secret -n minio tenant1-creds-secret -o jsonpath='{.data}' |jq .            
{
  "accesskey": "NzkwZjg1NmUtOGQ0OS00YWUxLWIzN2YtMjY2OGExNmY2NTU4",
  "secretkey": "ODU0MDhkZDQtODRmNC00NTc4LWE4ZjEtZTQ1NGRkYWE3OTE3"
}

# echo 'NzkwZjg1NmUtOGQ0OS00YWUxLWIzN2YtMjY2OGExNmY2NTU4' | base64 -d
790f856e-8d49-4ae1-b37f-2668a16f6558

# echo 'ODU0MDhkZDQtODRmNC00NTc4LWE4ZjEtZTQ1NGRkYWE3OTE3' | base64 -d
85408dd4-84f4-4578-a8f1-e454ddaa7917

访问 web:
http://minio-web.ingress.hupu.io/minio/login
accesskey:790f856e-8d49-4ae1-b37f-2668a16f6558
secretkey:85408dd4-84f4-4578-a8f1-e454ddaa7917

查看 minio console 账号密码:

# kubectl get secret -n minio tenant1-console-secret -o jsonpath='{.data}' |jq .
{
  "CONSOLE_ACCESS_KEY": "YjM4YTc4OTMtNzkzMS00ZTU5LWIzZTUtODJlYmNhYTRjY2Zh",
  "CONSOLE_HMAC_JWT_SECRET": "YTI5Nzk5YWUtNmFjOS00ODc4LTljMTgtMWU3Zjg4YmY5YzY5",
  "CONSOLE_PBKDF_PASSPHRASE": "ZDM3OWNlZTQtYzdiNy00ZDUxLThhNTgtZGI5NDk4NGNhNGZk",
  "CONSOLE_PBKDF_SALT": "Y2U0ZTIyZmItYTA1Mi00Yzk4LWI0NTQtOGZmYWZiNDBlZjll",
  "CONSOLE_SECRET_KEY": "NTg4M2Y2NzgtMzYxMi00OTIwLTg5MGYtYmQzODNiNmEyOGI1"
}

查看 PVC:

# kubectl get pvc -n minio 
NAME                 STATUS   VOLUME                   CAPACITY   ACCESS MODES   STORAGECLASS               AGE
0-tenant1-zone-0-0   Bound    d-bp19p6vshix3yd7muyfa   30Gi       RWO            alicloud-disk-efficiency   27m
0-tenant1-zone-0-1   Bound    d-bp10p2g1civqusscrpsg   30Gi       RWO            alicloud-disk-efficiency   27m
0-tenant1-zone-0-2   Bound    d-bp15v2vdwv6sbr7a0k99   30Gi       RWO            alicloud-disk-efficiency   27m
0-tenant1-zone-0-3   Bound    d-bp1bhe673f5os8zlesmt   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-0   Bound    d-bp1hx0enix3hi3g9i5ys   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-1   Bound    d-bp14p9y07ns6mus62u96   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-2   Bound    d-bp160her827qm6sn5xbx   30Gi       RWO            alicloud-disk-efficiency   27m
1-tenant1-zone-0-3   Bound    d-bp10p2g1civqusscrpsh   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-0   Bound    d-bp13ffnpp8kyos9qe5n1   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-1   Bound    d-bp185opgs9oupi15cq4h   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-2   Bound    d-bp19p6vshix3yd7muyfe   30Gi       RWO            alicloud-disk-efficiency   27m
2-tenant1-zone-0-3   Bound    d-bp1hf4qqoc03zvssy20q   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-0   Bound    d-bp18vj2il5rc2pkmhtyz   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-1   Bound    d-bp1cc5ecqwtqyeivvh4m   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-2   Bound    d-bp15w0d1f4lqq181cl06   30Gi       RWO            alicloud-disk-efficiency   27m
3-tenant1-zone-0-3   Bound    d-bp1anc2b2vgc4d7v8fs5   30Gi       RWO            alicloud-disk-efficiency   27m

扩展 minio 集群

# kubectl minio tenant expand --name tenant1 --servers 8 --volumes 32 --capacity 32Ti -n minio 
Adding new volumes to MinIO Tenant tenant1

minio 支持三种客户端

  1. mc 参考:https://docs.min.io/docs/minio-client-quickstart-guide
  2. aws-cli 参考:https://docs.min.io/docs/aws-cli-with-minio
  3. s3cmd 参考:https://docs.min.io/docs/s3cmd-with-minio
上一篇下一篇

猜你喜欢

热点阅读