Hybrid Cloud Object Storage
Baremetal
Erasure Code Calculator
Reference Hardware
MinIO Console
Table of Contents
The MinIO Console is a rich graphical user interface that provides similar
functionality to the mc command line tool.
You can use the MinIO Console for administration tasks like Identity and Access Management, Metrics and Log Monitoring, or Server Configuration.
The MinIO Console is embedded as part of the MinIO Server binary starting with RELEASE.2021-07-08T01-15-01Z. You can also deploy a standalone MinIO Console using the instructions in the github repository.
You can explore the Console using https://play.min.io:9443. Log in with the following credentials:
Access Key:
Q3AM3UQ867SPQQA43P2FSecret Key:
zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG
The Play Console connects to the MinIO Play deployment at https://play.min.io.
You can also access this deployment using mc and using the play
alias.
This page documents the high level configuration settings and features of the MinIO Console.
Configuration
The MinIO Console inherits the majority of its configuration settings from the MinIO Server. The following environment variables enable specific behavior in the MinIO Console:
Environment Variable |
Description |
|---|---|
The URL for a Prometheus server configured to scrape metrics from the MinIO deployment. The MinIO Console uses this server for populating the metrics dashboard. See Collect MinIO Metrics Using Prometheus for a tutorial on configuring Prometheus to collect metrics from MinIO. |
|
The URL hostname the MinIO Console uses for connecting to the MinIO Server. The hostname must be resolveable and reachable for the Console to function correctly. The MinIO Console connects to the MinIO Server using an IP
address by default. For example, when the MinIO Server starts up,
the server logs include a line
The MinIO Console may require setting this variable in the following scenarios:
|
|
The externally resolvable hostname for the MinIO Console used by the configured external identity manager for returning the authentication response. This variable is typically necessary when using a reverse proxy, load balancer, or similar system to expose the MinIO Console to the public internet. Specify an externally reachable hostname that resolves to the MinIO Console. |
Static vs Dynamic Port Assignment
MinIO by default selects a random port for the MinIO Console on each server startup. Browser clients accessing the MinIO Server are automatically redirected to the MinIO Console on its dynamically selected port. This behavior emulates the legacy web browser behavior while reducing the the risk of a port collision on systems which were running MinIO before the embedded Console update.
You can select an explicit static port by passing the
minio server --console-address commandline option when starting
each MinIO Server in the deployment.
For example, the following command starts a distributed MinIO deployment using
a static port assignment of 9001 for the MinIO Console. This deployment
would respond to S3 API operations on the default MinIO server port :9000
and browser access on the MinIO Console port :9001.
minio server https://minio-{1...4}.example.net/mnt/disk-{1...4} \
--console-address ":9001"
Deployments behind network routing components which require static ports for routing rules may require setting a static MinIO Console port. For example, load balancers, reverse proxies, or Kubernetes ingress may by default block or exhibit unexpected behavior with the the dynamic redirection behavior.
Dashboard
The Console Dashboard section displays metrics for the MinIO deployment. This view requires configuring a Prometheus service to scrape the deployment metrics. See Collect MinIO Metrics Using Prometheus for complete instructions.
User: Object Browser
The Console Object Browser section displays all buckets and objects to which the authenticated user has access.
Use the Search bar to search for specific buckets or objects. Select the row for the bucket or object to browse.
Selecting an object provides information on that object, including the option to download or delete that object.
Selecting a bucket provides the option to upload new objects to the bucket.
You can create a new bucket from the All Buckets view by selecting + Create Bucket.
User: Service Accounts
The Accounts section displays all Service Accounts associated to the authenticated user. Service accounts support providing applications authentication credentials which inherit permissions from the “parent” user.
You can create new service accounts by seelcting + Create Service Account. You can specify an inline policy to further restrict the permissions of the new service account.
The Console only displays the service account credentials once. You cannot change or retrieve the credentials later. To rotate credentials for an application, create a new service account and delete the old one once the application updates to using the new credentials.
Admin: Buckets
The Buckets section displays all buckets to which the authenticated user has access.
You can create new buckets by selecting + Create Bucket.
You can select a bucket to view more specific details for that bucket:
The Summary tab displays a summary of the bucket configuration.
The Events tab supports configuring notification events using a configured notification target.
The Replication tab supports creating and managing Server Side Bucket Replication Rules. See Enable One-Way Server-Side Bucket Replication for more information on the requirements and process for enabling server-side bucket replication.
You can activate a similar modal by selecting + Set Replication from the Buckets view with a bucket checkbox activated.
The Lifecycle tab supports creating and managing Object Lifecycle Management Rules for the bucket.
The Access Audit tab provides a view of all policies and users with access to that bucket.
Admin: Users
The Users section displays all MinIO-managed users on the deployment. This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
Select + Create User to create a new MinIO user. You can assign groups to the user during creation.
Select a user’s row to view details for that user.
The Groups tab displays all groups in which the user has membership. You can add or remove assigned groups from this tab.
The Service Accounts tab displays all service accounts for the user.
The Policies tab displays all policies attached to the user. You can add or remove assigned policies from this tab.
Admin: Groups
The Groups section displays all groups on the MinIO deployment. This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
Select + Create Group to create a new MinIO Group. You can assign new users to the group during creation.
Select a group’s row to view the user assignment for that group.
Changing a user’s group membership modifies the policies that user inherits. See Access Management for more information.
Admin: IAM Policies
The IAM Policies section displays all policies on the MinIO deployment. This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
Select + Create Policy to create a new MinIO Policy.
Select a policy’s row to view the details for that policy, including user and group assignments:
The Details tab displays the JSON document of the policy.
The Users tab displays all users assigned the policy.
The Groups tab displays all groups assigned the policy.
Admin: Settings
The Settings displays configuration settings for all MinIO Servers in the deployment. This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
The Lambda Notifications tab displays all configured bucket notification targets for the deployment. These targets support configuring bucket notification events.
The Tiers tab displays all configured remote tiers on the deployment. These tiers support transition lifecycle management rules.
Tools: Watch
The Watch section displays S3 events as they occur on the selected
bucket. This section provides similar functionality to mc watch.
This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
Tools: Trace
The Trace section provides HTTP trace functionality for a bucket
or buckets on the deployment. This section provides similar functionality to
mc admin trace.
This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
Tools: Heal
The Heal section displays the healing status for a bucket. MinIO automatically heals objects and drives when it detects problems, such as drive-level corruption or a replacement drive.
MinIO does not recommend performing manual healing unless explicitly directed by support.
This tab or its contents may not be visible if the authenticated user does not have the required administrative permissions
Tools: Diagnostics
The Diagnostic section provides an interface for generating a diagnostic report for supporting MinIO SUBNET support tickets.
The Diagnostic file contains configuration information about the deployment and may therefore include private or confidential information about your infrastructure. Do not share this information outside of MinIO SUBNET.
This work is licensed under a Creative Commons Attribution 4.0 International License.
©2020-Present, MinIO, Inc.
