minio/docs
1
0
Fork 0
mirror of https://github.com/minio/docs.git synced 2025-07-28 19:42:10 +03:00
Code Activity

SDK import, Nav cleanups, DOCS-417

Browse Source
This commit is contained in:
Ravind Kumar
2022-02-07 18:09:51 -05:00
parent 9b4824970a
commit ea01909527
20 changed files with 7529 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
source/concepts/feature-overview.rst
View File

@ -1,47 +0,0 @@
=====================
MinIO Server Features
=====================
MinIOs enterprise class features represent the standard in the object storage
space. From the AWS S3 API to S3 Select and our implementations of inline
erasure coding and security, our code is widely admired and frequently copied by
some of the biggest names in technology and business.
The following table lists MinIO features and their corresponding documentation:
.. list-table::
:header-rows: 1
:widths: 30 70
* - Feature
- Description
* - :doc:`Bucket Notifications </monitoring/bucket-notifications/bucket-notifications>`
- MinIO Bucket Notifications allows you to automatically publish
notifications to one or more configured notification targets when
specific events occur in a bucket.
* - :doc:`Bucket Versioning </concepts/bucket-versioning>`
- MinIO Bucket Versioning supports keeping multiple "versions" of an
object in a single bucket. Write operations which would normally
overwrite an existing object instead result in the creation of a new
versioned object.
* - :doc:`Erasure Coding </concepts/erasure-coding>`
- MinIO Erasure Coding is a data redundancy and availability feature that
allows MinIO deployments to automatically reconstruct objects on-the-fly
despite the loss of multiple drives or nodes on the cluster. Erasure
coding provides object-level healing with less overhead than adjacent
technologies such as RAID or replication.
* - :ref:`Server-Side Bucket Replication <minio-bucket-replication-serverside>`
- MinIO Server-Side Bucket Replication is an automatic bucket-level
configuration that synchronizes objects between MinIO clusters.
MinIO supports one-way "active-passive" and two-way "active-active"
configurations.
.. toctree::
:titlesonly:
:hidden:
/concepts/erasure-coding

9
source/index.rst
View File

@ -108,7 +108,7 @@ such as versioning and replication.
For early development and application, applications can authenticate
using the :guilabel:`RootUser` and :guilabel:`RootPass` credentials.
For long-term development and production, create dedicated users.
See :doc:`/security/security-overview` for more information.
See :doc:`/security/iam-overview` for more information.
You can also use the :mc:`mc` commandline tool to perform operations on the
MinIO server. Use :mc:`mc alias set` to update the ``myminio`` alias with
@ -157,15 +157,16 @@ without validating their usage do so at their own risk.
:hidden:
/introduction/minio-overview
/concepts/feature-overview
Object Retention </object-retention/minio-object-retention>
/installation/deployment-and-management
/security/iam-overview
/security/encryption-overview
Object Retention </object-retention/minio-object-retention>
/lifecycle-management/lifecycle-management-overview
/replication/replication-overview
/security/security-overview
/monitoring/monitoring-overview
/reference/minio-mc
/reference/minio-mc-admin
/reference/minio-server/minio-server
/reference/minio-server/minio-gateway
/console/minio-console
/sdk/minio-drivers

22
source/installation/deploy-minio-distributed.rst
View File

@ -46,12 +46,12 @@ Prerequisites
Networking and Firewalls
~~~~~~~~~~~~~~~~~~~~~~~~
Each node should have full bidirectional network access to every other
node in the deployment. For containerized or orchestrated infrastructures,
this may require specific configuration of networking and routing
components such as ingress or load balancers. Certain operating systems
may also require setting firewall rules. For example, the following command
explicitly opens the default MinIO server API port ``9000`` for servers running firewalld :
Each node should have full bidirectional network access to every other node in
the deployment. For containerized or orchestrated infrastructures, this may
require specific configuration of networking and routing components such as
ingress or load balancers. Certain operating systems may also require setting
firewall rules. For example, the following command explicitly opens the default
MinIO server API port ``9000`` for servers running firewalld :
.. code-block:: shell
:class: copyable
@ -59,6 +59,8 @@ explicitly opens the default MinIO server API port ``9000`` for servers running
firewall-cmd --permanent --zone=public --add-port=9000/tcp
firewall-cmd --reload
All MinIO servers in the deployment *must* use the same listen port.
If you set a static :ref:`MinIO Console <minio-console>` port (e.g. ``:9001``)
you must *also* grant access to that port to ensure connectivity from external
clients.
@ -242,7 +244,7 @@ MinIO *and* the ``minio.service`` file.
The following examples assumes that:
- The deployment has a single server pool consisting of four MinIO server hosts
with sequential hostnames:
with sequential hostnames.
.. code-block:: shell
@ -270,8 +272,10 @@ Modify the example to reflect your deployment topology:
#
# The following example covers four MinIO hosts
# with 4 drives each at the specified hostname and drive locations.
# The command includes the port that each MinIO server listens on
# (default 9000)
MINIO_VOLUMES="https://minio{1...4}.example.net/mnt/disk{1...4}/minio"
MINIO_VOLUMES="https://minio{1...4}.example.net:9000/mnt/disk{1...4}/minio"
# Set all MinIO server options
#
@ -300,7 +304,7 @@ Modify the example to reflect your deployment topology:
# This value *must* match across all MinIO servers. If you do
# not have a load balancer, set this value to to any *one* of the
# MinIO hosts in the deployment as a temporary measure.
MINIO_SERVER_URL="https://minio.example.net"
MINIO_SERVER_URL="https://minio.example.net:9000"
You may specify other :ref:`environment variables
<minio-server-environment-variables>` or server commandline options as required

9
source/installation/expand-minio-distributed.rst
View File

@ -53,6 +53,8 @@ MinIO server API port ``9000`` on servers using ``firewalld``:
firewall-cmd --permanent --zone=public --add-port=9000/tcp
firewall-cmd --reload
All MinIO servers in the deployment *must* use the same listen port.
If you set a static :ref:`MinIO Console <minio-console>` port (e.g. ``:9001``)
you must *also* grant access to that port to ensure connectivity from external
clients.
@ -311,8 +313,11 @@ Modify the example to reflect your deployment topology:
# The second set of hostnames and volumes is the newly added pool.
# The pool has sufficient stripe size to meet the existing erasure code
# parity of the deployment (2 x EC:4)
#
# The command includes the port on which the MinIO servers listen for each
# server pool.
MINIO_VOLUMES="https://minio{1...4}.example.net/mnt/disk{1...4}/minio https://minio{5...12}.example.net/mnt/disk{1...8}/minio"
MINIO_VOLUMES="https://minio{1...4}.example.net:9000/mnt/disk{1...4}/minio https://minio{5...12}.example.net:9000/mnt/disk{1...8}/minio"
# Set all MinIO server options
#
@ -341,7 +346,7 @@ Modify the example to reflect your deployment topology:
# This value *must* match across all MinIO servers. If you do
# not have a load balancer, set this value to to any *one* of the
# MinIO hosts in the deployment as a temporary measure.
MINIO_SERVER_URL="https://minio.example.net"
MINIO_SERVER_URL="https://minio.example.net:9000"
You may specify other :ref:`environment variables
<minio-server-environment-variables>` or server commandline options as required

27
source/introduction/minio-overview.rst
View File

@ -74,8 +74,10 @@ Deployment Architecture
:ref:`Server Pool <minio-intro-server-pool>`
A set of MinIO :mc-cmd:`minio server` nodes which pool their drives and
resources for supporting object storage/retrieval requests. The
:mc-cmd:`~minio server HOSTNAME` argument passed to the
resources for supporting object storage/retrieval requests. Server pools
support horizontal expansion for MinIO deployments.
The :mc-cmd:`~minio server HOSTNAME` argument passed to the
:mc-cmd:`minio server` command represents a Server Pool:
.. code-block:: shell
@ -127,11 +129,20 @@ Deployment Architecture
Deploying MinIO
---------------
Users deploying onto a Kubernetes cluster should start with our
:docs-k8s:`Kubernetes documentation <>`.
.. list-table::
:stub-columns: 1
:widths: 40 60
:width: 100%
For bare-metal environments, including private cloud services
or containerized environments, install and run the :mc:`minio server` on
each host in the MinIO deployment.
See :ref:`minio-installation` for more information.
* - Baremetal
- :ref:`deploy-minio-distributed`
:ref:`expand-minio-distributed`
* - Kubernetes
- :docs-k8s:`MinIO Kubernetes Operator <>`
.. toctree::
:titlesonly:
:hidden:
/concepts/erasure-coding

0
source/concepts/bucket-versioning.rst → source/object-retention/bucket-versioning.rst
View File

2
source/object-retention/minio-object-retention.rst
View File

@ -56,5 +56,5 @@ Both versioning and object locking features are available only with
:titlesonly:
:hidden:
Object Versioning </concepts/bucket-versioning>
Object Versioning </object-retention/bucket-versioning>
Object Locking </object-retention/minio-object-locking>

1437
source/sdk/dotnet/API.md Normal file
View File

File diff suppressed because it is too large Load Diff

10
source/sdk/dotnet/minio-dotnet.rst Normal file
View File

@ -0,0 +1,10 @@
.. _minio-dotnet:
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /sdk/dotnet/API.md
:parser: myst_parser.sphinx_

2112
source/sdk/go/API.md Normal file
View File

File diff suppressed because it is too large Load Diff

10
source/sdk/go/minio-go.rst Normal file
View File

@ -0,0 +1,10 @@
.. _minio-go:
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /sdk/go/API.md
:parser: myst_parser.sphinx_

1873
source/sdk/java/API.md Normal file
View File

File diff suppressed because it is too large Load Diff

10
source/sdk/java/minio-java.rst Normal file
View File

@ -0,0 +1,10 @@
.. _minio-java:
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /sdk/java/API.md
:parser: myst_parser.sphinx_

47
source/sdk/minio-drivers.rst Normal file
View File

@ -0,0 +1,47 @@
.. _minio-drivers:
===============================
Software Development Kits (SDK)
===============================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
MinIO publishes the following Software Development Kits (SDK):
.. list-table::
:header-rows: 1
:widths: 30 30 40
:width: 100%
* - Language
- Reference
- Download
* - Java (``minio-java``)
- :doc:`MinIO Java SDK Reference </sdk/java/minio-java>`
- ToDo
* - Python (``minio-py``)
- :doc:`MinIO Python SDK Reference </sdk/python/minio-py>`
- ToDo
* - Go (``minio-go``)
- :doc:`MinIO Go SDK Reference </sdk/go/minio-go>`
- ToDo
* - .NET (``minio-dotnet``)
- :doc:`MinIO .NET SDK Reference </sdk/dotnet/minio-dotnet>`
- ToDo
.. toctree::
:titlesonly:
:hidden:
Java SDK </sdk/java/minio-java>
Python SDK </sdk/python/minio-py>
Go SDK </sdk/go/minio-go>
.NET SDK </sdk/dotnet/minio-dotnet>

1853
source/sdk/python/API.md Normal file
View File

File diff suppressed because it is too large Load Diff

10
source/sdk/python/minio-py.rst Normal file
View File

@ -0,0 +1,10 @@
.. _minio-python:
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. include:: /sdk/python/API.md
:parser: myst_parser.sphinx_

83
source/security/encryption-overview.rst Normal file
View File

@ -0,0 +1,83 @@
===========================
Data and Network Encryption
===========================
.. default-domain:: minio
.. contents:: Table of Contents
:local:
:depth: 2
.. |EK| replace:: :abbr:`EK (External Key)`
.. |SSE| replace:: :abbr:`SSE (Server-Side Encryption)`
.. |KMS| replace:: :abbr:`KMS (Key Management System)`
MinIO supports end-to-end encryption of objects over-the-wire (network
encryption) and on read/write (at-rest).
Server-Side Object Encryption (SSE)
-----------------------------------
MinIO supports :ref:`Server-Side Object Encryption (SSE) <minio-sse>` of
objects, where MinIO uses a secret key to encrypt and store objects on disk
(encryption at-rest).
.. tab-set::
.. tab-item:: SSE-KMS (*Recommended*)
:sync: sse-kms
MinIO supports enabling automatic SSE-KMS encryption of all objects
written to a bucket using a specific External Key (EK) stored on the
external |KMS|. Clients can override the bucket-default |EK| by specifying
an explicit key as part of the write operation.
For buckets without automatic SSE-KMS encryption, clients can specify
an |EK| as part of the write operation instead.
SSE-KMS provides more granular and customizable encryption compared to
SSE-S3 and SSE-C and is recommended over the other supported encryption
methods.
.. tab-item:: SSE-S3
:sync: sse-s3
MinIO supports enabling automatic SSE-S3 encryption of all objects
written to a bucket using an |EK| stored on the external |KMS|. MinIO
SSE-S3 supports *one* |EK| for the entire deployment.
For buckets without automatic SSE-S3 encryption, clients can request
SSE encryption as part of the write operation instead.
.. tab-item:: SSE-C
:sync: sse-c
Clients specify an |EK| as part of the write operation for an object.
MinIO uses the specified |EK| to perform SSE-S3.
SSE-C does not support bucket-default encryption settings and requires
clients perform all key management operations.
MinIO SSE requires :ref:`minio-tls`.
Network Encryption
------------------
MinIO supports :ref:`Transport Layer Security (TLS) <minio-tls>` encryption of
incoming and outgoing traffic. MinIO recommends all
MinIO servers run with TLS enabled to ensure end-to-end security of
client-server or server-server transmissions.
TLS is the successor to Secure Socket Layer (SSL) encryption. SSL is fully
`deprecated <https://tools.ietf.org/html/rfc7568>`__ as of June 30th, 2018.
MinIO uses only supported (non-deprecated) TLS protocols (TLS 1.2 and later).
See :ref:`minio-tls` for more complete documentation.
.. toctree::
:titlesonly:
:hidden:
/security/server-side-encryption/minio-server-side-encryption.rst
/security/network-encryption/minio-tls.rst

85
source/security/security-overview.rst → source/security/iam-overview.rst
View File

@ -1,6 +1,8 @@
========
Security
========
.. _minio-authentication-and-identity-management:
==============================
Identity and Access Management
==============================
.. default-domain:: minio
@ -8,15 +10,6 @@ Security
:local:
:depth: 2
.. |EK| replace:: :abbr:`EK (External Key)`
.. |SSE| replace:: :abbr:`SSE (Server-Side Encryption)`
.. |KMS| replace:: :abbr:`KMS (Key Management System)`
.. _minio-authentication-and-identity-management:
Identity and Access Management
------------------------------
MinIO requires clients authenticate using :s3-api:`AWS Signature Version 4
protocol <sig-v4-authenticating-requests.html>` with support for the deprecated
Signature Version 2 protocol. Specifically, clients must *authenticate* by
@ -66,71 +59,6 @@ behavior and functionality. Consider deferring to the :iam-docs:`IAM
documentation <>` for more complete documentation on IAM, IAM policies, or IAM
JSON syntax.
Encryption
----------
MinIO supports end-to-end encryption of objects over-the-wire (network
encryption) and on read/write (at-rest).
Network Encryption
~~~~~~~~~~~~~~~~~~
MinIO supports :ref:`Transport Layer Security (TLS) <minio-tls>` encryption of
incoming and outgoing traffic. MinIO recommends all
MinIO servers run with TLS enabled to ensure end-to-end security of
client-server or server-server transmissions.
TLS is the successor to Secure Socket Layer (SSL) encryption. SSL is fully
`deprecated <https://tools.ietf.org/html/rfc7568>`__ as of June 30th, 2018.
MinIO uses only supported (non-deprecated) TLS protocols (TLS 1.2 and later).
See :ref:`minio-tls` for more complete documentation.
Server-Side Object Encryption (SSE)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MinIO supports :ref:`Server-Side Object Encryption (SSE) <minio-sse>` of
objects, where MinIO uses a secret key to encrypt and store objects on disk
(encryption at-rest).
.. tab-set::
.. tab-item:: SSE-KMS (*Recommended*)
:sync: sse-kms
MinIO supports enabling automatic SSE-KMS encryption of all objects
written to a bucket using a specific External Key (EK) stored on the
external |KMS|. Clients can override the bucket-default |EK| by specifying
an explicit key as part of the write operation.
For buckets without automatic SSE-KMS encryption, clients can specify
an |EK| as part of the write operation instead.
SSE-KMS provides more granular and customizable encryption compared to
SSE-S3 and SSE-C and is recommended over the other supported encryption
methods.
.. tab-item:: SSE-S3
:sync: sse-s3
MinIO supports enabling automatic SSE-S3 encryption of all objects
written to a bucket using an |EK| stored on the external |KMS|. MinIO
SSE-S3 supports *one* |EK| for the entire deployment.
For buckets without automatic SSE-S3 encryption, clients can request
SSE encryption as part of the write operation instead.
.. tab-item:: SSE-C
:sync: sse-c
Clients specify an |EK| as part of the write operation for an object.
MinIO uses the specified |EK| to perform SSE-S3.
SSE-C does not support bucket-default encryption settings and requires
clients perform all key management operations.
MinIO SSE requires :ref:`minio-tls`.
.. toctree::
:titlesonly:
:hidden:
@ -138,6 +66,3 @@ MinIO SSE requires :ref:`minio-tls`.
/security/minio-identity-management/basic-authentication-with-minio-identity-provider
/security/openid-external-identity-management/external-authentication-with-openid-identity-provider
/security/ad-ldap-external-identity-management/external-authentication-with-ad-ldap-identity-provider
/security/server-side-encryption/minio-server-side-encryption.rst
/security/network-encryption/minio-tls.rst