MinIO 支持在 etcd 上存储加密的 IAM 资产和存储桶 DNS 记录。
注意,如果设置了 path_prefix,则 MinIO 将不会联合您的存储桶,命名空间的 IAM 资产被假定为独立的租户,只有存储桶被认为是全局唯一的,但是使用属于不同租户的存储桶执行查找将失败,这与 MinIO 将移植的联合设置不同 -相应地将请求转发并路由到相关集群。这是一个特殊功能,联合部署不需要设置 path_prefix。
KEY: etcd federate multiple clusters for IAM and Bucket DNS 为 IAM 和 Bucket DNS 联合多个集群 ARGS: endpoints* (csv) comma separated list of etcd endpoints e.g. "http://localhost:2379" etcd 端点的逗号分隔列表 path_prefix (path) namespace prefix to isolate tenants e.g. "customer1/" 命名空间前缀以隔离租户 coredns_path (path) shared bucket DNS records, default is "/skydns" 共享存储桶 DNS 记录,默认为“/skydns” client_cert (path) client cert for mTLS authentication 用于 mTLS 身份验证的客户端证书 client_cert_key (path) client cert key for mTLS authentication 用于 mTLS 身份验证的客户端证书密钥 comment (sentence) optionally add a comment to this setting
通过修改 .minio.sys/config/config.json 文件来实现,如下:
{
//...
"etcd": {
"_": [{
"key": "endpoints",
"value": ""
}, {
"key": "path_prefix",
"value": ""
}, {
"key": "coredns_path",
"value": "/skydns"
}, {
"key": "client_cert",
"value": ""
}, {
"key": "client_cert_key",
"value": ""
}
]
},
//...
}当然,也可以通过环境变量进行控制。如下:
KEY: etcd federate multiple clusters for IAM and Bucket DNS 为 IAM 和 Bucket DNS 联合多个集群 ARGS: MINIO_ETCD_ENDPOINTS* (csv) comma separated list of etcd endpoints e.g. "http://localhost:2379" MINIO_ETCD_PATH_PREFIX (path) namespace prefix to isolate tenants e.g. "customer1/" MINIO_ETCD_COREDNS_PATH (path) shared bucket DNS records, default is "/skydns" MINIO_ETCD_CLIENT_CERT (path) client cert for mTLS authentication MINIO_ETCD_CLIENT_CERT_KEY (path) client cert key for mTLS authentication MINIO_ETCD_COMMENT (sentence) optionally add a comment to this setting
