oyd
/
minio
6
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7838 Commits
1 Branch
0 Tags
89 MiB
 
 
 
 
 
 
Tag: Branch: Tree: 8e8a792d9d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8e8a792d9d'
${ noResults }
minio/docs/sts/etcd.md

3.3 KiB
Raw Blame History

etcd V3 Quickstart Guide Slack

etcd is a distributed key value store that provides a reliable way to store data across a cluster of machines.

Get started

1. Prerequisites

2. Start etcd

etcd uses gcr.io/etcd-development/etcd as a primary container registry.

rm -rf /tmp/etcd-data.tmp && mkdir -p /tmp/etcd-data.tmp && \
  docker rmi gcr.io/etcd-development/etcd:v3.3.9 || true && \
  docker run \
  -p 2379:2379 \
  -p 2380:2380 \
  --mount type=bind,source=/tmp/etcd-data.tmp,destination=/etcd-data \
  --name etcd-gcr-v3.3.9 \
  gcr.io/etcd-development/etcd:v3.3.9 \
  /usr/local/bin/etcd \
  --name s1 \
  --data-dir /etcd-data \
  --listen-client-urls http://0.0.0.0:2379 \
  --advertise-client-urls http://0.0.0.0:2379 \
  --listen-peer-urls http://0.0.0.0:2380 \
  --initial-advertise-peer-urls http://0.0.0.0:2380 \
  --initial-cluster s1=http://0.0.0.0:2380 \
  --initial-cluster-token tkn \
  --initial-cluster-state new

You may also setup etcd with TLS following this documentation here

3. Setup MinIO with etcd

MinIO server expects environment variable for etcd as MINIO_ETCD_ENDPOINTS, this environment variable takes many comma separated entries.

export MINIO_ETCD_ENDPOINTS=http://localhost:2379
minio server /data

NOTE: If etcd is configured with Client-to-server authentication with HTTPS client certificates then you need to use additional envs such as MINIO_ETCD_CLIENT_CERT pointing to path to etcd-client.crt and MINIO_ETCD_CLIENT_CERT_KEY path to etcd-client.key .

4. Test with MinIO STS API

Assuming that you have configured MinIO server to support STS API by following the doc MinIO STS Quickstart Guide and once you have obtained the JWT from KeyCloak as mentioned in KeyCloak Configuration Guide.

go run client-grants.go -cid PoEgXP6uVO45IsENRngDXj5Au5Ya -csec eKsw6z8CtOJVBtrOWvhRWL4TUCga

##### Credentials
{
	"accessKey": "IRBLVDGN5QGMDCMO1X8V",
	"secretKey": "KzS3UZKE7xqNdtRbKyfcWgxBS6P1G4kwZn4DXKuY",
	"expiration": "2018-08-21T15:49:38-07:00",
	"sessionToken": "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJJUkJMVkRHTjVRR01EQ01PMVg4ViIsImF1ZCI6IlBvRWdYUDZ1Vk80NUlzRU5SbmdEWGo1QXU1WWEiLCJhenAiOiJQb0VnWFA2dVZPNDVJc0VOUm5nRFhqNUF1NVlhIiwiZXhwIjoxNTM0ODkxNzc4LCJpYXQiOjE1MzQ4ODgxNzgsImlzcyI6Imh0dHBzOi8vbG9jYWxob3N0Ojk0NDMvb2F1dGgyL3Rva2VuIiwianRpIjoiMTg0NDMyOWMtZDY1YS00OGEzLTgyMjgtOWRmNzNmZTgzZDU2In0.4rKsZ8VkZnIS_ALzfTJ9UbEKPFlQVvIyuHw6AWTJcDFDVgQA2ooQHmH9wUDnhXBi1M7o8yWJ47DXP-TLPhwCgQ"
}

These credentials can now be used to perform MinIO API operations, these credentials automatically expire in 1hr. To understand more about credential expiry duration and client grants STS API read further here.

Explore Further