console
console copied to clipboard
minio
Ingress SubPath Not Working.
Hey Team,
I'm trying to upgrade from old version of MinIo to latest one and we found we had to make multiple changes,
spec:
containers:
- args:
- server
- /storage
- --console-address
- :9001
env:
- name: MINIO_ROOT_USER
value: minio
- name: MINIO_ROOT_PASSWORD
value: minio123
#- name: MINIO_BROWSER_REDIRECT_URL
# value: https://onprem-test.development.apty.io
image: minio/minio:latest
imagePullPolicy: IfNotPresent
name: minio
ports:
- containerPort: 9000
name: api-port
protocol: TCP
- containerPort: 9001
name: console-port
protocol: TCP
resources:
This is my svc definition
minio-api-service NodePort 10.96.1.117 <none> 9000:31822/TCP 29m
minio-service NodePort 10.96.0.155 <none> 9001:31823/TCP 38d
This is my ingress file
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
projectcontour.io/response-timeout: infinity
name: https-ingress
namespace: default
spec:
rules:
- host: onprem-test.development.apty.io
http:
paths:
- backend:
service:
name: minio-service
port:
number: 9001
path: /minio/
pathType: Prefix
tls:
- hosts:
- onprem-test.development.apty.io
secretName: apty-onprem
status:
loadBalancer: {}
When i try to hit
You need to tell MinIO where is your console hosted at, leaving out MINIO_BROWSER_REDIRECT_URL won't work.
It should be
value: https://onprem-test.development.apty.io/minio
Hey @harshavardhana,
I did try it as mentioned in here https://github.com/minio/minio#things-to-consider. But still no luck. PFB screenshot of my deployment file. Can you please let me know what i'm missing ?
Hey @harshavardhana,
I'm on latest version of MinIO, used the latest tag from both docker and quay.io, still same .. No Luck..
Also @harshavardhana,
With NodePort i'm able to access, just behind ingress getting this weird issue where favicon is loading, but the app is not. 😬
Thanks a lot @harshavardhana,
If possible, can you try to reproduce on Kubernetes and ingress ? Or with subpath on compose and Nginx.
Since, main domain will reach out to our app and /minio should reach minio. This used to work with 2021 July version, before the update to this UI version. Also, there's the same bug reported by someone else
https://github.com/minio/console/issues/1908
your nginx config is missing a rewrite_rule you need to add rewrite ^/minio/(.*) /$1 break; to the console location directive
location /minio {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
# This is necessary to pass the correct IP to be hashed
real_ip_header X-Real-IP;
proxy_connect_timeout 300;
# To support websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
chunked_transfer_encoding off;
rewrite ^/minio/(.*) /$1 break;
proxy_pass http://console;
}
Hey,
We aren't using Nginx, we are using contour ingress and I don't think Nginx ingress also has something like rewrite_rules
Have the same issue. Can't make MinIO ingress work on subpath. RELEASE.2022-05-23T18-45-11Z I've tried all these ENVs: - name: MINIO_BROWSER_REDIRECT_URL value: http://localhost:9001/minio - name: CONSOLE_SUBPATH value: /minio/ - name: MINIO_CONSOLE_SUBPATH value: /minio/
Also have tried rewrite rules. Couldn't get it to work =(
Could you please suggest how can I get this to work. Or suggest the version of Minio in which it works. Thank you.
One more question - does the MINIO_CONSOLE_SUBPATH variable no longer work? It seems that only MINIO_BROWSER_REDIRECT_URL works. But I do not want to specify a hostname, I want my ingress to listen to any hostname. Like:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
name: minio-console
spec:
rules:
- http:
paths:
- backend:
service:
name: minio-console
port:
number: 9001
path: /minio/(/|$)(.*)
pathType: Prefix
spec:
containers:
- args:
- server
- /data
- --console-address
- :9001
env:
- name: CONSOLE_SUBPATH
value: /minio
- name: MINIO_CONSOLE_SUBPATH
value: /minio
- name: MINIO_BROWSER
value: "on"
Thanks !
yes, we removed MINIO_CONSOLE_SUBPATH in favor of MINIO_BROWSER_REDIRECT_URL as it implies the subpath and the domain the console will be accessed through, this has the downside that we only allow a single domain, do you need to support multiple different domains @Subetov ?
@dvaldivia , yes. Sorry to hear that =( MINIO_CONSOLE_SUBPATH was very useful. A lot of people use it without a specific domain. In order to cover all possible domains with ingress. Or uses several domains at the same time.
Turns out the domain doesn't really matter if you're using something like traefik. I set mine to MINIO_BROWSER_REDIRECT_URL: "http://openc3.com/minio" and then in my traefik.yaml rule I created a router to push files to that service:
http:
middlewares:
# Removes the first part of the url before passing onto the service
removeFirst:
replacePathRegex:
regex: "^/([^/]*)/(.*)"
replacement: "/$2"
routers:
minio-console:
rule: PathPrefix(`/minio`)
middlewares:
# remove /minio from the beginning
- "removeFirst"
service: service-minio-console
services:
# The Minio S3 console
service-minio-console:
loadBalancer:
passHostHeader: false
servers:
- url: "http://openc3-minio:9001"
I'm also setting the console address in my compose.yaml with the following minio command:
command: server --address ":9000" --console-address ":9001" /data
Assuming I want to use a subpath for the operator (or tenant) console and I dont rewrite the path before hitting the console.
What are the provisioning steps when installing minio-operator via helm (minio-operator chart 4.4.28) which uses console 0.19.4. I see the support subpath in console code base is in console v0.19.2 but I am not sure what steps I should take defining ENVs with the subpath I wish to use on the ingress.
Do I need to set MINIO_CONSOLE_SUBPATH? (I have tried setting MINIO_BROWSER_REDIRECT_URL)
console:
image:
repository: minio/console
tag: v0.19.4
pullPolicy: IfNotPresent
imagePullSecrets: [ ]
initcontainers: [ ]
replicaCount: 1
nodeSelector: { }
affinity: { }
tolerations: [ ]
topologySpreadConstraints: [ ]
resources: { }
env:
- name: MINIO_CONSOLE_SUBPATH
value: "/minio/operator/"
securityContext:
runAsUser: 1000
runAsNonRoot: true
ingress:
enabled: true
ingressClassName: ""
labels: { }
annotations: { }
tls: [ ]
host: localhost
path: /minio/operator/
pathType: Prefix
volumes: [ ]
volumeMounts: [ ]
I can reach the operator console fine via kubectl proxy but I would like to reach it via http://localhost/minio/operator and then similarly the console for tenant-1, http://localhost/minio/tenant-1/.
In both instances, I can read the operator console but it is not using a subpath and attempts to load most of the page from non-existing "root" subpath location.
(I've also just tried: https://github.com/minio/console/issues/1908#issuecomment-1113587869 using nginx rewrite and this didn't work for me. So I feel like this is a moving target based on how many Issues are raised about this problem!?)
Appreciate any help, I've spent way too many hours trying to follow old documentation with new charts & releases. :/
Setup Context: KinD Cluster with 3 nodes and an NGINX Ingress on MacOS. Various ingress paths with subpaths to other opensource projects works as expected.
Subpath works for me except for download links, which ignores it.
I use the latest docker image (minio/minio:latest) Environment :
MINIO_BROWSER_REDIRECT_URL: 'http://localhost:8080/minio/'
Reverse proxy rewrite :
"proxy-rewrite": {
"regex_uri": [
"^/minio/(.*)",
"/$1"
]
}
Console URL : http://localhost:8080/minio/ => works fine Generated download link example : http://localhost:8080/api/v1/buckets/orgo/objects/download?prefix=ZmlsZXMvU3ludGglQzMlODMlQzIlQThzZSUyMGRlJTIwR2FyYW50aWVzLTIucGRm&version_id=null => doesn't work : subpath is missing
I appreciate any help
@vmire that sounds a like a simple bug to fix, can you file a separate issue for that?
we also need subpath rather than MINIO_BROWSER_REDIRECT_URL, this environment parameter is very inflexible !
I am running into the same issue configuring an ingress subpath. Though I have MINIO_BROWSER_REDIRECT_URL configured, the console is still serving resources at / and so I get the same loading errors that @Sam-Sundar-Apty showed in the original post. This is with minio image RELEASE.2022-10-29T06-21-33Z and the minio helm chart 5.0.0.
I also have the same issue configuring Ingress console access with this helm chart.
consoleIngress:
enabled: true
annotations:
cert-manager.io/cluster-issuer: app-clusterissuer
nginx.ingress.kubernetes.io/rewrite-target: /$2
path: /minio(/|$)(.*)
hosts:
- my.application.com
tls:
- secretName: app-certificate-secret
hosts:
- my.application.com
I tried my own ingress.yml without luck but found similar issues where the base path should be specified as well. I tried setting the MINIO_BROWSER_REDIRECT_URL environment variable to "https://my.application.com/minio" but I got the following error:
ERROR Invalid MINIO_BROWSER_REDIRECT_URL value is environment variable: URL contains unexpected resources, expected URL to be of http(s)://minio.example.com format: https://my.application.com/minio
