fchinembiri
/
geocrop-platform.
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
geocrop-platform./ops/00_minio_access.md

2.3 KiB
Raw Blame History

MinIO Access Method Verification

Chosen Access Method

Internal Cluster DNS: minio.geocrop.svc.cluster.local:9000

This is the recommended method for accessing MinIO from within the Kubernetes cluster as it:

  • Uses cluster-internal networking
  • Bypasses external load balancers
  • Provides lower latency
  • Works without external network connectivity

Credentials Obtained

Credentials were retrieved from the MinIO deployment environment variables:

kubectl -n geocrop get deployment minio -o jsonpath='{.spec.template.spec.containers[0].env}'
Variable Value
MINIO_ROOT_USER minioadmin
MINIO_ROOT_PASSWORD minioadmin123

Note: Credentials are stored in the deployment manifest (k8s/20-minio.yaml), not in Kubernetes secrets.

MinIO Client (mc) Status

NOT INSTALLED on this server.

The MinIO client (mc) is not available. To install it for testing:

# Option 1: Binary download
curl https://dl.min.io/client/mc/release/linux-amd64/mc -o /usr/local/bin/mc
chmod +x /usr/local/bin/mc

# Option 2: Via pip (less recommended)
pip install minio

Testing Access

To test MinIO access from within the cluster (requires mc to be installed):

# Set alias
mc alias set geocrop-minio http://minio.geocrop.svc.cluster.local:9000 minioadmin minioadmin123

# List buckets
mc ls geocrop-minio/

Current MinIO Service Configuration

From the cluster state:

Service Type Cluster IP Ports
minio ClusterIP 10.43.71.8 9000/TCP, 9001/TCP

Issues Encountered

  1. No mc installed: The MinIO client is not available on the current server. Installation required for direct CLI testing.

  2. Credentials in deployment: Unlike TLS certificates (stored in secrets), the root user credentials are defined directly in the deployment manifest. This is a security consideration for future hardening.

  3. No dedicated credentials secret: There is no minio-credentials secret in the namespace - only TLS secrets exist.

Recommendations

  1. Install mc for testing: curl https://dl.min.io/client/mc/release/linux-amd64/mc -o /usr/local/bin/mc
  2. Consider creating a Kubernetes secret for credentials (separate from deployment) in future hardening
  3. Use the console port (9001) for web-based management if needed