170 lines
3.9 KiB
YAML
170 lines
3.9 KiB
YAML
apiVersion: v1
|
||
kind: Namespace
|
||
metadata:
|
||
name: minio
|
||
---
|
||
apiVersion: v1
|
||
kind: PersistentVolumeClaim
|
||
metadata:
|
||
name: minio-data
|
||
namespace: minio
|
||
spec:
|
||
accessModes:
|
||
- ReadWriteOnce
|
||
resources:
|
||
requests:
|
||
storage: 50Gi
|
||
storageClassName: local-path
|
||
---
|
||
apiVersion: apps/v1
|
||
kind: Deployment
|
||
metadata:
|
||
name: minio
|
||
namespace: minio
|
||
spec:
|
||
replicas: 1
|
||
selector:
|
||
matchLabels:
|
||
app: minio
|
||
template:
|
||
metadata:
|
||
labels:
|
||
app: minio
|
||
spec:
|
||
containers:
|
||
- name: minio
|
||
image: minio/minio:latest
|
||
command:
|
||
- /bin/sh
|
||
- -c
|
||
- minio server /data --console-address ":9001"
|
||
ports:
|
||
- containerPort: 9000
|
||
name: api
|
||
- containerPort: 9001
|
||
name: console
|
||
env:
|
||
- name: MINIO_ROOT_USER
|
||
value: "admin"
|
||
- name: MINIO_ROOT_PASSWORD
|
||
value: "adminks.."
|
||
- name: MINIO_SERVER_URL
|
||
value: "https://s3.u6.net3w.com"
|
||
- name: MINIO_BROWSER_REDIRECT_URL
|
||
value: "https://console.s3.u6.net3w.com"
|
||
volumeMounts:
|
||
- name: data
|
||
mountPath: /data
|
||
livenessProbe:
|
||
httpGet:
|
||
path: /minio/health/live
|
||
port: 9000
|
||
initialDelaySeconds: 30
|
||
periodSeconds: 10
|
||
readinessProbe:
|
||
httpGet:
|
||
path: /minio/health/ready
|
||
port: 9000
|
||
initialDelaySeconds: 10
|
||
periodSeconds: 5
|
||
- name: policy-manager
|
||
image: alpine:latest
|
||
command:
|
||
- /bin/sh
|
||
- -c
|
||
- |
|
||
# 安装 MinIO Client
|
||
wget https://dl.min.io/client/mc/release/linux-arm64/mc -O /usr/local/bin/mc
|
||
chmod +x /usr/local/bin/mc
|
||
|
||
# 等待 MinIO 启动
|
||
sleep 10
|
||
|
||
# 配置 mc 客户端
|
||
mc alias set myminio http://localhost:9000 ${MINIO_ROOT_USER} ${MINIO_ROOT_PASSWORD}
|
||
|
||
echo "Policy manager started. Monitoring buckets..."
|
||
|
||
# 持续监控并设置新桶的策略
|
||
while true; do
|
||
# 获取所有存储桶
|
||
mc ls myminio 2>/dev/null | awk '{print $NF}' | sed 's/\///' | while read -r BUCKET; do
|
||
if [ -n "$BUCKET" ]; then
|
||
# 检查当前策略
|
||
POLICY_OUTPUT=$(mc anonymous get myminio/${BUCKET} 2>&1)
|
||
|
||
# 如果是私有的(包含 "Access permission for" 且不包含 "download")
|
||
if echo "$POLICY_OUTPUT" | grep -q "Access permission for" && ! echo "$POLICY_OUTPUT" | grep -q "download"; then
|
||
echo "Setting download policy for bucket: ${BUCKET}"
|
||
mc anonymous set download myminio/${BUCKET}
|
||
fi
|
||
fi
|
||
done
|
||
|
||
sleep 30
|
||
done
|
||
env:
|
||
- name: MINIO_ROOT_USER
|
||
value: "admin"
|
||
- name: MINIO_ROOT_PASSWORD
|
||
value: "adminks.."
|
||
volumes:
|
||
- name: data
|
||
persistentVolumeClaim:
|
||
claimName: minio-data
|
||
---
|
||
apiVersion: v1
|
||
kind: Service
|
||
metadata:
|
||
name: minio
|
||
namespace: minio
|
||
spec:
|
||
type: ClusterIP
|
||
ports:
|
||
- port: 9000
|
||
targetPort: 9000
|
||
name: api
|
||
- port: 9001
|
||
targetPort: 9001
|
||
name: console
|
||
selector:
|
||
app: minio
|
||
---
|
||
apiVersion: networking.k8s.io/v1
|
||
kind: Ingress
|
||
metadata:
|
||
name: minio-api
|
||
namespace: minio
|
||
spec:
|
||
ingressClassName: traefik
|
||
rules:
|
||
- host: s3.u6.net3w.com
|
||
http:
|
||
paths:
|
||
- path: /
|
||
pathType: Prefix
|
||
backend:
|
||
service:
|
||
name: minio
|
||
port:
|
||
number: 9000
|
||
---
|
||
apiVersion: networking.k8s.io/v1
|
||
kind: Ingress
|
||
metadata:
|
||
name: minio-console
|
||
namespace: minio
|
||
spec:
|
||
ingressClassName: traefik
|
||
rules:
|
||
- host: console.s3.u6.net3w.com
|
||
http:
|
||
paths:
|
||
- path: /
|
||
pathType: Prefix
|
||
backend:
|
||
service:
|
||
name: minio
|
||
port:
|
||
number: 9001
|