MinIO
欢迎来到 MinIO 知识库!
🐧 MinIO 简介
MinIO 是一个高性能的分布式对象存储服务,完全兼容 AWS S3 API。作为开源软件,MinIO 可以部署在私有云、公有云或混合云环境中,是私有化部署对象存储的首选方案。
🎯 MinIO 特点
✅ 核心优势
- S3 兼容 - 完全兼容 AWS S3 API,无需修改代码
- 高性能 - 读写速度可达 10GB/s+
- 开源免费 - Apache License 2.0
- 轻量级 - 单个二进制文件,部署简单
- 云原生 - 容器友好,支持 Kubernetes
- 企业级 - 支持纠删码、版本控制、加密等
- 多租户 - 支持多用户和权限管理
🆚 MinIO vs AWS S3
| 特性 | MinIO | AWS S3 |
|---|---|---|
| 部署 | 私有部署 | 公有云 |
| 成本 | 硬件成本 | 按量付费 |
| 性能 | 局域网速度 | 网络延迟 |
| 数据主权 | 完全掌控 | 存储在 AWS |
| API | S3 兼容 | 原生 S3 |
| 功能 | 核心功能 | 功能最全 |
🚀 快速开始
1. 单机部署
bash
# 下载 MinIO
wget https://dl.min.io/server/minio/release/linux-amd64/minio
chmod +x minio
# 启动 MinIO
export MINIO_ROOT_USER=minioadmin
export MINIO_ROOT_PASSWORD=minioadmin
./minio server /data --console-address ":9001"
# 访问
# API: http://localhost:9000
# Console: http://localhost:90012. Docker 部署
bash
# 运行 MinIO
docker run -d \
-p 9000:9000 \
-p 9001:9001 \
--name minio \
-e "MINIO_ROOT_USER=minioadmin" \
-e "MINIO_ROOT_PASSWORD=minioadmin" \
-v ~/minio/data:/data \
minio/minio server /data --console-address ":9001"
# 查看日志
docker logs -f minio3. Docker Compose 部署
yaml
# docker-compose.yml
version: '3.8'
services:
minio:
image: minio/minio:latest
container_name: minio
ports:
- "9000:9000"
- "9001:9001"
environment:
MINIO_ROOT_USER: minioadmin
MINIO_ROOT_PASSWORD: minioadmin
volumes:
- ./data:/data
command: server /data --console-address ":9001"
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"]
interval: 30s
timeout: 20s
retries: 3bash
docker-compose up -d4. Kubernetes 部署
yaml
# minio-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: minio
spec:
replicas: 1
selector:
matchLabels:
app: minio
template:
metadata:
labels:
app: minio
spec:
containers:
- name: minio
image: minio/minio:latest
args:
- server
- /data
- --console-address
- ":9001"
env:
- name: MINIO_ROOT_USER
value: "minioadmin"
- name: MINIO_ROOT_PASSWORD
value: "minioadmin"
ports:
- containerPort: 9000
- containerPort: 9001
volumeMounts:
- name: data
mountPath: /data
volumes:
- name: data
persistentVolumeClaim:
claimName: minio-pvc
---
apiVersion: v1
kind: Service
metadata:
name: minio
spec:
type: LoadBalancer
ports:
- port: 9000
targetPort: 9000
name: api
- port: 9001
targetPort: 9001
name: console
selector:
app: minio💻 SDK 使用
Node.js
bash
npm install miniojavascript
const Minio = require('minio');
// 创建客户端
const minioClient = new Minio.Client({
endPoint: 'localhost',
port: 9000,
useSSL: false,
accessKey: 'minioadmin',
secretKey: 'minioadmin'
});
// 检查 Bucket 是否存在
const bucketExists = async (bucketName) => {
try {
return await minioClient.bucketExists(bucketName);
} catch (err) {
console.error(err);
return false;
}
};
// 创建 Bucket
const makeBucket = async (bucketName) => {
try {
await minioClient.makeBucket(bucketName, 'us-east-1');
console.log(`Bucket ${bucketName} created`);
} catch (err) {
console.error(err);
}
};
// 上传文件
const uploadFile = async (bucketName, objectName, filePath) => {
try {
const metaData = {
'Content-Type': 'application/octet-stream'
};
await minioClient.fPutObject(bucketName, objectName, filePath, metaData);
console.log(`File ${objectName} uploaded`);
} catch (err) {
console.error(err);
}
};
// 上传 Buffer/Stream
const uploadBuffer = async (bucketName, objectName, buffer) => {
try {
await minioClient.putObject(bucketName, objectName, buffer);
console.log(`Object ${objectName} uploaded`);
} catch (err) {
console.error(err);
}
};
// 下载文件
const downloadFile = async (bucketName, objectName, filePath) => {
try {
await minioClient.fGetObject(bucketName, objectName, filePath);
console.log(`File downloaded to ${filePath}`);
} catch (err) {
console.error(err);
}
};
// 获取对象 Stream
const getObject = async (bucketName, objectName) => {
try {
const dataStream = await minioClient.getObject(bucketName, objectName);
return dataStream;
} catch (err) {
console.error(err);
}
};
// 列出对象
const listObjects = async (bucketName, prefix = '', recursive = false) => {
const stream = minioClient.listObjects(bucketName, prefix, recursive);
const objects = [];
return new Promise((resolve, reject) => {
stream.on('data', obj => objects.push(obj));
stream.on('error', reject);
stream.on('end', () => resolve(objects));
});
};
// 删除对象
const removeObject = async (bucketName, objectName) => {
try {
await minioClient.removeObject(bucketName, objectName);
console.log(`Object ${objectName} deleted`);
} catch (err) {
console.error(err);
}
};
// 批量删除
const removeObjects = async (bucketName, objectsList) => {
try {
await minioClient.removeObjects(bucketName, objectsList);
console.log('Objects deleted');
} catch (err) {
console.error(err);
}
};
// 生成预签名 URL (GET)
const presignedGetUrl = async (bucketName, objectName, expiry = 3600) => {
try {
return await minioClient.presignedGetObject(bucketName, objectName, expiry);
} catch (err) {
console.error(err);
}
};
// 生成预签名 URL (PUT)
const presignedPutUrl = async (bucketName, objectName, expiry = 3600) => {
try {
return await minioClient.presignedPutObject(bucketName, objectName, expiry);
} catch (err) {
console.error(err);
}
};
// 使用示例
(async () => {
const bucketName = 'my-bucket';
// 确保 bucket 存在
if (!await bucketExists(bucketName)) {
await makeBucket(bucketName);
}
// 上传文件
await uploadFile(bucketName, 'test.txt', './test.txt');
// 生成下载链接
const url = await presignedGetUrl(bucketName, 'test.txt');
console.log('Download URL:', url);
// 列出对象
const objects = await listObjects(bucketName);
console.log('Objects:', objects);
})();Python
bash
pip install miniopython
from minio import Minio
from minio.error import S3Error
# 创建客户端
client = Minio(
"localhost:9000",
access_key="minioadmin",
secret_key="minioadmin",
secure=False
)
# 创建 Bucket
def make_bucket(bucket_name):
try:
if not client.bucket_exists(bucket_name):
client.make_bucket(bucket_name)
print(f"Bucket {bucket_name} created")
except S3Error as err:
print(err)
# 上传文件
def upload_file(bucket_name, object_name, file_path):
try:
client.fput_object(bucket_name, object_name, file_path)
print(f"File {object_name} uploaded")
except S3Error as err:
print(err)
# 下载文件
def download_file(bucket_name, object_name, file_path):
try:
client.fget_object(bucket_name, object_name, file_path)
print(f"File downloaded to {file_path}")
except S3Error as err:
print(err)
# 生成预签名 URL
def get_presigned_url(bucket_name, object_name):
try:
from datetime import timedelta
url = client.presigned_get_object(
bucket_name,
object_name,
expires=timedelta(hours=1)
)
return url
except S3Error as err:
print(err)🔐 权限管理
1. 创建用户
bash
# 使用 mc (MinIO Client)
mc alias set myminio http://localhost:9000 minioadmin minioadmin
# 创建用户
mc admin user add myminio newuser newpassword
# 创建策略
cat > readonly.json <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::my-bucket/*"]
}
]
}
EOF
mc admin policy add myminio readonly readonly.json
# 分配策略
mc admin policy set myminio readonly user=newuser2. Bucket Policy
javascript
// Node.js 设置 Bucket Policy
const setBucketPolicy = async (bucketName) => {
const policy = {
Version: '2012-10-17',
Statement: [
{
Effect: 'Allow',
Principal: { AWS: ['*'] },
Action: ['s3:GetObject'],
Resource: [`arn:aws:s3:::${bucketName}/*`]
}
]
};
await minioClient.setBucketPolicy(bucketName, JSON.stringify(policy));
};🎯 集群部署
分布式模式 (至少 4 个节点)
bash
# 节点 1
export MINIO_ROOT_USER=minioadmin
export MINIO_ROOT_PASSWORD=minioadmin
minio server \
http://node1/data1 http://node2/data1 \
http://node3/data1 http://node4/data1
# 节点 2
minio server \
http://node1/data1 http://node2/data1 \
http://node3/data1 http://node4/data1
# 节点 3
minio server \
http://node1/data1 http://node2/data1 \
http://node3/data1 http://node4/data1
# 节点 4
minio server \
http://node1/data1 http://node2/data1 \
http://node3/data1 http://node4/data1使用 Nginx 负载均衡
nginx
upstream minio_cluster {
server node1:9000;
server node2:9000;
server node3:9000;
server node4:9000;
}
server {
listen 80;
server_name minio.example.com;
location / {
proxy_pass http://minio_cluster;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# 大文件上传
client_max_body_size 10G;
proxy_request_buffering off;
}
}💡 最佳实践
1. 生产环境部署
bash
# 使用系统服务
cat > /etc/systemd/system/minio.service <<EOF
[Unit]
Description=MinIO
After=network.target
[Service]
Type=notify
User=minio-user
Group=minio-user
Environment="MINIO_ROOT_USER=minioadmin"
Environment="MINIO_ROOT_PASSWORD=minioadmin"
ExecStart=/usr/local/bin/minio server /data
Restart=always
LimitNOFILE=65536
[Install]
WantedBy=multi-user.target
EOF
systemctl enable minio
systemctl start minio2. 配置 HTTPS
bash
# 生成证书(或使用 Let's Encrypt)
mkdir -p ~/.minio/certs
openssl req -new -x509 -days 365 -nodes \
-out ~/.minio/certs/public.crt \
-keyout ~/.minio/certs/private.key
# MinIO 会自动检测证书并启用 HTTPS3. 监控
bash
# Prometheus 监控
# MinIO 提供 Prometheus 指标
curl http://localhost:9000/minio/v2/metrics/cluster
# 使用 mc 命令监控
mc admin prometheus generate myminio📖 学习资源
官方资源
MinIO Client (mc)
bash
# 安装 mc
brew install minio/stable/mc # macOS
# 或
wget https://dl.min.io/client/mc/release/linux-amd64/mc
chmod +x mc
# 配置别名
mc alias set myminio http://localhost:9000 minioadmin minioadmin
# 常用命令
mc ls myminio # 列出 buckets
mc mb myminio/my-bucket # 创建 bucket
mc cp file.txt myminio/my-bucket # 上传文件
mc cat myminio/my-bucket/file.txt # 查看文件
mc rm myminio/my-bucket/file.txt # 删除文件准备好了吗?开始使用 MinIO 构建你的私有对象存储!