Offends/Kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

修改Minio文档

Browse Source
This commit is contained in:
offends
2025-12-25 15:19:16 +08:00
parent c33e9109e0
commit d975566e4b
4 changed files with 126 additions and 82 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
File/Conf/minio-nginx-default-old.conf Normal file
View File

@@ -0,0 +1,16 @@
server {
listen 9000 ssl;
server_name localhost; # 这里替换自己的域名
client_max_body_size 1024m; # 限制上传文件大小
ssl_certificate /etc/nginx/conf.d/cert/tls.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/tls.key;
location / {
proxy_set_header X-FORWARDED-FOR $remote_addr;
proxy_set_header X-FORWARDED-PROTO $scheme;
proxy_set_header Host $http_host;
proxy_pass http://minio:9000;
}
}

51
File/Conf/minio-nginx-default.conf Normal file
View File

@@ -0,0 +1,51 @@
server {
listen 9000 ssl;
server_name localhost;
# SSL配置
ssl_certificate /etc/nginx/conf.d/cert/tls.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/tls.key;
# 文件大小限制
client_max_body_size 1024m;
# 基础安全设置 - 不会影响正常访问
client_body_timeout 10s;
client_header_timeout 10s;
# 只允许必要的HTTP方法GET用于查看图片
if ($request_method !~ ^(GET|HEAD|POST|PUT|DELETE|OPTIONS)$) {
return 405;
}
# 阻止明显的恶意请求(不影响正常用户)
if ($http_user_agent ~* (nikto|sqlmap|nmap|masscan|metasploit|nessus|openvas)) {
return 403;
}
location / {
# 连接超时设置
proxy_connect_timeout 30s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;
# 代理设置
proxy_set_header X-FORWARDED-FOR $remote_addr;
proxy_set_header X-FORWARDED-PROTO $scheme;
proxy_set_header Host $http_host;
# 代理到MinIO
proxy_pass http://minio:9000;
# 启用缓冲,提高图片加载性能
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
# 禁用代理缓冲中的最大临时文件大小限制
proxy_max_temp_file_size 0;
}
# 错误日志配置
error_log /var/log/nginx/minio_error.log;
}

51
File/Yaml/minio-gateway.yaml Normal file
View File

@@ -0,0 +1,51 @@
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: minio
name: minio-gateway
labels:
app: minio-gateway
spec:
selector:
matchLabels:
app: minio-gateway
template:
metadata:
labels:
app: minio-gateway
spec:
hostNetwork: true
hostAliases:
- ip: "" #填入 Minio SVC IP
hostnames:
- "minio"
containers:
- name: minio-gateway
image: minio-gateway:v1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9000
protocol: TCP
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
tcpSocket:
port: 9000
timeoutSeconds: 10
resources:
requests: # 必须定义,供 HPA 计算使用率
cpu: 100m # 例如0.1 个 CPU 核心
memory: 1024Mi
limits: # 限制是可选的,但建议设置
cpu: 500m
memory: 2048Mi
volumeMounts:
- name: ssl
mountPath: "/etc/nginx/conf.d/cert/"
volumes:
- name: ssl
secret:
secretName: minio-ssl

90
Helm/Helm部署Minio.md
View File

@@ -87,47 +87,22 @@
helm install --namespace minio minio minio/minio -f minio-values.yaml helm install --namespace minio minio minio/minio -f minio-values.yaml
``` ```
6. 部署 Nginx 代理 6. 下载 Nginx 配置文件
```bash ```bash
vi default.conf wget https://gitee.com/offends/Kubernetes/raw/main/File/Conf/minio-nginx-default.conf
```
内容如下
```nginx
server {
listen 9000 ssl;
server_name localhost; # 这里替换自己的域名
client_max_body_size 1024m; # 限制上传文件大小
ssl_certificate /etc/nginx/conf.d/cert/tls.crt;
ssl_certificate_key /etc/nginx/conf.d/cert/tls.key;
location / {
proxy_set_header X-FORWARDED-FOR $remote_addr;
proxy_set_header X-FORWARDED-PROTO $scheme;
proxy_set_header Host $http_host;
proxy_pass http://minio:9000;
}
}
``` ```
7. 编辑 Dockerfile 7. 编辑 Dockerfile
```bash
vi Dockerfile
```
内容如下
```dockerfile ```dockerfile
cat > Dockerfile <<EOF
FROM nginx:alpine-slim FROM nginx:alpine-slim
COPY ./default.conf /etc/nginx/conf.d/default.conf COPY ./minio-nginx-default.conf /etc/nginx/conf.d/default.conf
EXPOSE 9000 EXPOSE 9000
EOF
``` ```
8. 构建镜像 8. 构建镜像
@@ -142,62 +117,13 @@
kubectl get svc -n minio | grep 9000 | awk '{print $3}' kubectl get svc -n minio | grep 9000 | awk '{print $3}'
``` ```
10. 编辑 Yaml 10. 下载 Yaml
```bash ```bash
vi minio-gateway.yaml wget https://gitee.com/offends/Kubernetes/raw/main/File/Yaml/minio-gateway.yaml
``` ```
内容如下 **修改** `hostAliases` 参数
```yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: minio
name: minio-gateway
labels:
app: minio-gateway
spec:
selector:
matchLabels:
app: minio-gateway
template:
metadata:
labels:
app: minio-gateway
spec:
hostNetwork: true
hostAliases:
- ip: "" #填入 Minio SVC IP
hostnames:
- "minio"
containers:
- name: minio-gateway
image: minio-gateway:v1.0
imagePullPolicy: IfNotPresent
ports:
- containerPort: 9000
protocol: TCP
readinessProbe:
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 3
successThreshold: 1
tcpSocket:
port: 9000
timeoutSeconds: 10
resources:
limits:
memory: 128Mi
volumeMounts:
- name: ssl
mountPath: "/etc/nginx/conf.d/cert/"
volumes:
- name: ssl
secret:
secretName: minio-ssl
```
11. 部署 11. 部署