Minio STS⚓︎
In this example, we will set up a MinIO Gateway S3 with STS (Security Token Service) using Docker Compose.
Prerequisites⚓︎
On desktop systems like Docker Desktop for Mac and Windows, Docker Compose is included as part of those desktop installs.
Services⚓︎
MinIO Server - S3 Gateway⚓︎
MinIO is a High Performance Object Storage released under Apache License v2.0. It is API compatible with Amazon S3 cloud storage service. Use MinIO to build high performance infrastructure for machine learning, analytics and application data workloads.
Etcd⚓︎
etcd is a distributed key-value store designed to securely store data across a cluster. etcd is widely used in production on account of its reliability, fault-tolerance and ease of use.
Keycloak⚓︎
Keycloak is an Open Source Identity and Access Management solution for modern Applications and Services.
Postgres - Keycloak Database⚓︎
PostgreSQL is a powerful, open source object-relational database.
MinIO Console - Optional⚓︎
A graphical user interface for MinIO.
Project setup⚓︎
Environment variables⚓︎
You need to set the following environment variables to use this Docker Compose.
.env
1 2 3 4 |
|
Docker Compose up⚓︎
To run all the required services, execute the following command:
1 |
|
MinIO Console is an optional service. To run the stack with it, execute the following command:
1 |
|
Keycloak configuration⚓︎
You need to make some changes to the Keycloak Realm in order to use MinIO.
- Navigate to the Keycloak UI: http://localhost:8080/auth/.
- In the left menu, click on Clients.
- Click on Edit for account client.
- Turn on Implicit Flow Enabled.
- Add "*" to the Valid Redirect URIs field.
- Click on Save.
- Also in the account client, click on Mappers.
- Click on Create.
- Fill in the Name field with "policy".
- Change the Mapper Type to "User Attribute".
- Fill in the User Attribute field with "policy".
- Fill in the Token Claim Name field with "policy".
- Click on Save.
- In the left menu, click on Users.
- Click on View all users.
- Click on Edit for user "admin".
- Go to Attributes tab.
- Fill in the Key field with "policy" and Value field with "readwrite".
- Click on Add and then Save.
Right now, you should be able to log in to MinIO using the policies that you created in Keycloak.
There's a lot more configuration that you can do. Please refer to the related links for more information.
Known issues⚓︎
- As Keycloak takes a long time to start up, you may need to restart the MinIO container after Keycloak is ready.
Related Links⚓︎
- MinIO | Learn how to deploy MinIO with Amazon S3
- MinIO | Learn how to configure MinIO for Security Token Service