毎度、ググっても出てこない小ネタを取り扱っております。
本記事は個人的な見解であり、筆者の所属するいかなる団体にも関係ございません。
0. はじめに
今年(2021年)、私はJetsonでK3Sな一年でした。
締めくくりとして、JetsonでK3Sを動かしてMinIOを動かすというのをやってみたいと思います。
(2021年中に終わらないかも) [終わりませんでしたw]
Standaloneで動かします。
その為、インストールしたホストが失われるとデータが消失します。
ご注意ください。
1. Jetsonのセットアップ
JetsonはSDカードにインストールするだけなのでスキップします。
利用したJetpackは、4.6です
2. K3Sをインストール
K3Sをインストールするには、k3supを使います。
なので、まずはk3supをインストールします。
$ curl -sLS https://get.k3sup.dev | sh
$ sudo install k3sup-arm64 /usr/local/bin/k3sup
公式には
sudo install k3sup /usr/local/bin/k3sup
となっていますが、armではk3sup-arm64がダウンロードされるので変更しています。
3. k3sをインストール
3-1. インストール
k3supをつかって、k3sをインストールします。
$ k3sup install --local --user=$USER --local-path ./kubeconfig
インストールログは以下の通りです。
k3supでk3sのインストールログ
k3sup install --local
Running: k3sup install
2021/12/31 18:33:48 127.0.0.1
Executing: curl -sfL https://get.k3s.io | INSTALL_K3S_EXEC='server --tls-san 127.0.0.1' INSTALL_K3S_CHANNEL='stable' sh -
[INFO] Finding release for channel stable
[INFO] Using v1.22.5+k3s1 as release
[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.22.5+k3s1/sha256sum-arm64.txt
[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.22.5+k3s1/k3s-arm64
[INFO] Verifying binary download
[INFO] Installing k3s to /usr/local/bin/k3s
[INFO] Skipping installation of SELinux RPM
[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists
[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists
[INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr
[INFO] Creating killall script /usr/local/bin/k3s-killall.sh
[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh
[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env
[INFO] systemd: Creating service file /etc/systemd/system/k3s.service
[INFO] systemd: Enabling k3s unit
Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.
[INFO] systemd: Starting k3s
stderr: "Created symlink /etc/systemd/system/multi-user.target.wants/k3s.service → /etc/systemd/system/k3s.service.\n"stdout: "[INFO] Finding release for channel stable\n[INFO] Using v1.22.5+k3s1 as release\n[INFO] Downloading hash https://github.com/k3s-io/k3s/releases/download/v1.22.5+k3s1/sha256sum-arm64.txt\n[INFO] Downloading binary https://github.com/k3s-io/k3s/releases/download/v1.22.5+k3s1/k3s-arm64\n[INFO] Verifying binary download\n[INFO] Installing k3s to /usr/local/bin/k3s\n[INFO] Skipping installation of SELinux RPM\n[INFO] Skipping /usr/local/bin/kubectl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/crictl symlink to k3s, already exists\n[INFO] Skipping /usr/local/bin/ctr symlink to k3s, command exists in PATH at /usr/bin/ctr\n[INFO] Creating killall script /usr/local/bin/k3s-killall.sh\n[INFO] Creating uninstall script /usr/local/bin/k3s-uninstall.sh\n[INFO] env: Creating environment file /etc/systemd/system/k3s.service.env\n[INFO] systemd: Creating service file /etc/systemd/system/k3s.service\n[INFO] systemd: Enabling k3s unit\n[INFO] systemd: Starting k3s\n"Saving file to: /home/hoge/kubeconfig
# Test your cluster with:
export KUBECONFIG=/home/hoge/kubeconfig
kubectl config set-context default
kubectl get node -o wide
3-2. テストする
インストールできているはずなので、接続テストしてみます。
export KUBECONFIG=/home/hoge/kubeconfig
kubectl config set-context default
kubectl get node -o wide
実行結果
$ export KUBECONFIG=/home/hoge/kubeconfig
$ kubectl config set-context default
Context "default" modified.
$ kubectl get node -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
desktop Ready control-plane,master 14d v1.22.5+k3s1 192.168.99.123 <none> Ubuntu 18.04.6 LTS 4.9.253-tegra containerd://1.5.8-k3s1
問題ないので先に進みます。
4. Kubernetesの各種アプリをインストールします。
kubectlとhelmコマンドをインストールしますが、バージョンアップを楽にするためにsnapでインストールします。
4-1. Kubectlのインストール
sudo snap install kubectl --classic
4-2. helmのインストール
sudo snap install helm --classic
5. MinIOをインストール
5-1. MinIOリポジトリをhelmで追加
helm repo add minio https://charts.min.io/
追加されたか確認
$ helm repo list
NAME URL
minio https://charts.min.io/
helm search repo minio -l
helm search repo 実行結果
$ helm search repo minio -l
NAME CHART VERSION APP VERSION DESCRIPTION
minio/minio 3.4.4 RELEASE.2021-12-29T06-49-06Z Multi-Cloud Object Storage
minio/minio 3.4.3 RELEASE.2021-12-20T22-07-16Z Multi-Cloud Object Storage
minio/minio 3.4.2 RELEASE.2021-12-20T22-07-16Z Multi-Cloud Object Storage
minio/minio 3.4.1 RELEASE.2021-12-10T23-03-39Z Multi-Cloud Object Storage
minio/minio 3.4.0 RELEASE.2021-12-18T04-42-33Z Multi-Cloud Object Storage
minio/minio 3.3.4 RELEASE.2021-12-10T23-03-39Z Multi-Cloud Object Storage
minio/minio 3.3.3 RELEASE.2021-12-10T23-03-39Z Multi-Cloud Object Storage
minio/minio 3.3.2 RELEASE.2021-12-10T23-03-39Z Multi-Cloud Object Storage
minio/minio 3.3.1 RELEASE.2021-11-24T23-19-33Z Multi-Cloud Object Storage
minio/minio 3.3.0 RELEASE.2021-11-24T23-19-33Z Multi-Cloud Object Storage
minio/minio 3.2.0 RELEASE.2021-10-13T00-23-17Z Multi-Cloud Object Storage
minio/minio 3.1.9 RELEASE.2021-10-10T16-53-30Z Multi-Cloud Object Storage
minio/minio 3.1.8 RELEASE.2021-10-06T23-36-31Z Multi-Cloud Object Storage
minio/minio 3.1.7 RELEASE.2021-10-02T16-31-05Z Multi-Cloud Object Storage
minio/minio 3.1.6 RELEASE.2021-09-18T18-09-59Z Multi-Cloud Object Storage
minio/minio 3.1.5 RELEASE.2021-09-18T18-09-59Z Multi-Cloud Object Storage
minio/minio 3.1.4 RELEASE.2021-09-18T18-09-59Z Multi-Cloud Object Storage
minio/minio 3.1.3 RELEASE.2021-09-09T21-37-07Z Multi-Cloud Object Storage
minio/minio 3.1.2 RELEASE.2021-09-09T21-37-07Z Multi-Cloud Object Storage
minio/minio 3.1.1 RELEASE.2021-09-09T21-37-07Z Multi-Cloud Object Storage
minio/minio 3.1.0 RELEASE.2021-09-09T21-37-07Z Multi-Cloud Object Storage
minio/minio 3.0.2 RELEASE.2021-09-03T03-56-13Z Multi-Cloud Object Storage
minio/minio 3.0.1 RELEASE.2021-08-31T05-46-54Z Multi-Cloud Object Storage
minio/minio 3.0.0 RELEASE.2021-08-31T05-46-54Z Multi-Cloud Object Storage
minio/minio 2.0.1 RELEASE.2021-08-31T05-46-54Z Multi-Cloud Object Storage
minio/minio 2.0.0 RELEASE.2021-08-25T00-41-18Z Multi-Cloud Object Storage
minio/minio 1.0.5 RELEASE.2021-08-25T00-41-18Z Multi-Cloud Object Storage
minio/minio 1.0.4 RELEASE.2021-08-25T00-41-18Z Multi-Cloud Object Storage
minio/minio 1.0.3 RELEASE.2021-08-20T18-32-01Z Multi-Cloud Object Storage
minio/minio 1.0.2 RELEASE.2021-08-20T18-32-01Z High Performance, Kubernetes Native Object Storage
minio/minio 1.0.1 RELEASE.2021-08-20T18-32-01Z High Performance, Kubernetes Native Object Storage
minio/minio 1.0.0 RELEASE.2021-08-17T20-53-08Z High Performance, Kubernetes Native Object Storage
現在、Helmでデプロイされているものを確認
$ export KUBECONFIG=/home/hoge/kubeconfig
$ helm list -A
NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
traefik kube-system 2 2021-12-31 09:34:39.667360093 +0000 UTC deployed traefik-10.3.001 2.5.0
traefik-crd kube-system 3 2021-12-31 09:34:36.982613767 +0000 UTC deployed traefik-crd-10.3.001
K3Sでは、デフォルトでtraefikがHelmインストールされています。
このtraefikは、K3Sで使われるIngressです
5-3. helmのvaluesを確認
helmで指定できる値を確認
helm show values minio/minio
helm のManifest
$ helm show values minio/minio
## Provide a name in place of minio for `app:` labels
##
nameOverride: ""
## Provide a name to substitute for the full names of resources
##
fullnameOverride: ""
## set kubernetes cluster domain where minio is running
##
clusterDomain: cluster.local
## Set default image, imageTag, and imagePullPolicy. mode is used to indicate the
##
image:
repository: quay.io/minio/minio
tag: RELEASE.2021-12-29T06-49-06Z
pullPolicy: IfNotPresent
imagePullSecrets: []
# - name: "image-pull-secret"
## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio
## client used to create a default bucket).
##
mcImage:
repository: quay.io/minio/mc
tag: RELEASE.2021-12-29T06-52-55Z
pullPolicy: IfNotPresent
## minio mode, i.e. standalone or distributed or gateway.
mode: distributed ## other supported values are "standalone", "gateway"
## Additional labels to include with deployment or statefulset
additionalLabels: []
## Additional annotations to include with deployment or statefulset
additionalAnnotations: []
## Additional arguments to pass to minio binary
extraArgs: []
## Port number for MinIO S3 API Access
minioAPIPort: "9000"
## Port number for MinIO Browser COnsole Access
minioConsolePort: "9001"
## Update strategy for Deployments
DeploymentUpdate:
type: RollingUpdate
maxUnavailable: 0
maxSurge: 100%
## Update strategy for StatefulSets
StatefulSetUpdate:
updateStrategy: RollingUpdate
## Pod priority settings
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
##
priorityClassName: ""
## Set default rootUser, rootPassword
## AccessKey and secretKey is generated when not set
## Distributed MinIO ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide
##
rootUser: ""
rootPassword: ""
## Use existing Secret that store following variables:
##
## | Chart var | .data.<key> in Secret |
## |:----------------------|:-------------------------|
## | rootUser | rootUser |
## | rootPassword | rootPassword |
##
## All mentioned variables will be ignored in values file.
## .data.rootUser and .data.rootPassword are mandatory,
## others depend on enabled status of corresponding sections.
existingSecret: ""
## Directory on the MinIO pof
certsPath: "/etc/minio/certs/"
configPathmc: "/etc/minio/mc/"
## Path where PV would be mounted on the MinIO Pod
mountPath: "/export"
## Override the root directory which the minio server should serve from.
## If left empty, it defaults to the value of {{ .Values.mountPath }}
## If defined, it must be a sub-directory of the path specified in {{ .Values.mountPath }}
##
bucketRoot: ""
# Number of drives attached to a node
drivesPerNode: 1
# Number of MinIO containers running
replicas: 16
# Number of expanded MinIO clusters
pools: 1
# Deploy if 'mode == gateway' - 4 replicas.
gateway:
type: "nas" # currently only "nas,gcs" are supported.
replicas: 4
gcs:
serviceAccountFile: "" # credential JSON file of service account key (not required if using existing secret)
projectId: "" # Google cloud project id required
## TLS Settings for MinIO
tls:
enabled: false
## Create a secret with private.key and public.crt files and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
certSecret: ""
publicCrt: public.crt
privateKey: private.key
## Trusted Certificates Settings for MinIO. Ref: https://docs.minio.io/docs/how-to-secure-access-to-minio-server-with-tls#install-certificates-from-third-party-cas
## Bundle multiple trusted certificates into one secret and pass that here. Ref: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret
## When using self-signed certificates, remember to include MinIO's own certificate in the bundle with key public.crt.
## If certSecret is left empty and tls is enabled, this chart installs the public certificate from .Values.tls.certSecret.
trustedCertsSecret: ""
## Enable persistence using Persistent Volume Claims
## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
##
persistence:
enabled: true
annotations: {}
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: ""
## minio data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
## Storage class of PV to bind. By default it looks for standard storage class.
## If the PV uses a different storage class, specify that here.
storageClass: ""
VolumeName: ""
accessMode: ReadWriteOnce
size: 500Gi
## If subPath is set mount a sub folder of a volume instead of the root of the volume.
## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
##
subPath: ""
## Expose the MinIO service to be accessed from outside the cluster (LoadBalancer service).
## or access it from within the cluster (ClusterIP service). Set the service type and the port to serve it.
## ref: http://kubernetes.io/docs/user-guide/services/
##
service:
type: ClusterIP
clusterIP: ~
## Make sure to match it to minioAPIPort
port: "9000"
nodePort: 32000
## Configure Ingress based on the documentation here: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
enabled: false
# ingressClassName: ""
labels: {}
# node-role.kubernetes.io/ingress: platform
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# kubernetes.io/ingress.allow-http: "false"
# kubernetes.io/ingress.global-static-ip-name: ""
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
path: /
hosts:
- minio-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
consoleService:
type: ClusterIP
clusterIP: ~
## Make sure to match it to minioConsolePort
port: "9001"
nodePort: 32001
consoleIngress:
enabled: false
# ingressClassName: ""
labels: {}
# node-role.kubernetes.io/ingress: platform
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# kubernetes.io/ingress.allow-http: "false"
# kubernetes.io/ingress.global-static-ip-name: ""
# nginx.ingress.kubernetes.io/secure-backends: "true"
# nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
# nginx.ingress.kubernetes.io/whitelist-source-range: 0.0.0.0/0
path: /
hosts:
- console.minio-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
## Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
tolerations: []
affinity: {}
## Add stateful containers to have security context, if enabled MinIO will run as this
## user and group NOTE: securityContext is only enabled if persistence.enabled=true
securityContext:
enabled: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
# Additational pod annotations
podAnnotations: {}
# Additional pod labels
podLabels: {}
## Configure resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
requests:
memory: 16Gi
## List of users to be created after minio install
##
users:
## Username, password and policy to be assigned to the user
## Default policies are [readonly|readwrite|writeonly|consoleAdmin|diagnostics]
## Add new policies as explained here https://docs.min.io/docs/minio-multi-user-quickstart-guide.html
## NOTE: this will fail if LDAP is enabled in your MinIO deployment
## make sure to disable this if you are using LDAP.
- accessKey: console
secretKey: console123
policy: consoleAdmin
## Additional Annotations for the Kubernetes Job makeUserJob
makeUserJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## List of buckets to be created after minio install
##
buckets:
# # Name of the bucket
# - name: bucket1
# # Policy to be set on the
# # bucket [none|download|upload|public]
# policy: none
# # Purge if bucket exists already
# purge: false
# # set versioning for
# # bucket [true|false]
# versioning: false
# - name: bucket2
# policy: none
# purge: false
# versioning: true
## Additional Annotations for the Kubernetes Job makeBucketJob
makeBucketJob:
podAnnotations:
annotations:
securityContext:
enabled: false
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
resources:
requests:
memory: 128Mi
nodeSelector: {}
tolerations: []
affinity: {}
## Use this field to add environment variables relevant to MinIO server. These fields will be passed on to MinIO container(s)
## when Chart is deployed
environment:
## Please refer for comprehensive list https://docs.min.io/minio/baremetal/reference/minio-server/minio-server.html
## MINIO_SUBNET_LICENSE: "License key obtained from https://subnet.min.io"
## MINIO_BROWSER: "off"
networkPolicy:
enabled: false
allowExternal: true
## PodDisruptionBudget settings
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
##
podDisruptionBudget:
enabled: false
maxUnavailable: 1
## Specify the service account to use for the MinIO pods. If 'create' is set to 'false'
## and 'name' is left unspecified, the account 'default' will be used.
serviceAccount:
create: true
## The name of the service account to use. If 'create' is 'true', a service account with that name
## will be created.
name: "minio-sa"
metrics:
serviceMonitor:
enabled: false
public: true
additionalLabels: {}
relabelConfigs: {}
# namespace: monitoring
# interval: 30s
# scrapeTimeout: 10s
## ETCD settings: https://github.com/minio/minio/blob/master/docs/sts/etcd.md
## Define endpoints to enable this section.
etcd:
endpoints: []
pathPrefix: ""
corednsPathPrefix: ""
clientCert: ""
clientCertKey: ""
5-2. MinIOをインストール
以下のコマンドでminioをインストールします。
注意点は以下の通りです。
- MinIOを1台で動かすスタンドアロンモードなので、
mode=standaloneにします。 -
rootUserとrootPasswordでrootユーザーのパスワードを指定します。 - Ingressを使うので
service.typeをClusterIPに設定します。 -
persistence.sizeはMinIOの上限データ容量です。 -
persistence.storageClassは、K3Sのデフォルトストレージクラスのlocal-pathにします。 -
resources.requests.memoryは、MinioのPodのメモリー容量です。 - サービスアクセスにIngressを使うので
ingress.enabledをtrueにします。 - サービスアクセスのIngressのhost名を
ingress.hosts[0]で指定します。 - コンソールアクセスにもIngressを使うので
consoleIngress.enabledをtrueにします。 - コンソールアクセスのIngressのHost名を
consoleIngress.hosts[0]で指定します。
StandaloneモードでDisk数が1個なので以下の機能を使うことができません。
- バージョニング
- オブジェクトロック
- バケットクオータ
パスワードには十分複雑な文字列を利用してください。
helm install minio \
--namespace minio --create-namespace \
--set rootUser=minio \
--set rootPassword=minio#123! \
--set mode=standalone \
--set service.type=ClusterIP \
--set persistence.size=50Gi \
--set persistence.storageClass=local-path \
--set resources.requests.memory=1Gi \
--set ingress.enabled=true \
--set ingress.hosts[0]=minio.192.168.99.123.sslip.io \
--set consoleIngress.enabled=true \
--set consoleIngress.hosts[0]=minio-console.192.168.99.123.sslip.io \
minio/minio
6. MinIOへ接続
6-1. MinIOコンソールへアクセス
コンソールへアクセスするには、https://minio-console.192.168.99.123.sslip.io/ へアクセスします。IPアドレスは、K3Sを動かしているJetsonのIPアドレスに変更してください。
UsernameとPasswordにrootUserとrootPasswordで指定した値を入力してログインします。
6-1-1. テスト用バケットの作成
テスト用のバケット(bucket-1)を作っておきます
「Buckets>「Create a Bucket」をクリックし、「Bucket Name」にbucket-1を指定して「Create Bucket」をクリックします。
bucket-1ができました。
7. MinioをCLIから使う
7-1. Minio Clientをインストール
CLIコンソールでMinIOのバケットへファイルを転送します。
その為に、Minio Client(mc)をダウンロードします。
JetsonはARMなのでArm64版のmcをダウンロードします。
wget https://dl.min.io/client/mc/release/linux-arm64/mc
chmod +x ./mc
その他のバイナリーについては以下からダウンロードしてください。
https://dl.min.io/client/mc/release/
- バージョン確認
$ ./mc --version
mc version RELEASE.2021-12-29T06-52-55Z
7-2. Minio Clientの設定
設定方法は2つありますが、.mc/config.jsonを利用します。
./mc alias set k3s-minio https://minio.192.168.99.123.sslip.io minio minio123 --insecure
SSL/TLSが自己証明書なので、--insecureを付けておきます。
mcコマンドがあるディレクトリで実行します。
設定された確認する
./mc ls k3s-minio --insecure
確認結果
./mc ls k3s-minio --insecure
[2022-01-01 17:40:39 JST] 0B bucket-1/
7-4. ファイルをアップロード
適当なファイルを生成して、ファイルをアップロードする
$ touch test.txt
$ ./mc cp ./test.txt k3s-minio/bucket-1/ --insecure
$ ./mc ls k3s-minio/bucket-1/ --insecure
[2022-01-02 19:42:53 JST] 0B test.txt
8. まとめ
Jetson NanoにK3Sをインストールして、MinIOをインストールし、Ingressでサーバーを公開してみました。