S3 Storage with MinIO
S3 Storage with MinIO
High-performance object storage for the Control Plane's file management
The file-manager component of the Control Plane uses MinIO as an S3-compatible storage backend for file operations.
Object storage for cloud-native applications
MinIO provides a high-performance, S3-compatible object storage system that allows the Control Plane to store and retrieve files efficiently while maintaining compatibility with cloud environments.
Overviewâ
MinIO is a high-performance, S3-compatible object storage system. The file-manager component implements storage interfaces that use the MinIO Go client library (minio-go/v7) to provide file upload and download capabilities.
Why MinIO?â
ð S3 Compatibility
Full compatibility with Amazon S3 API, ensuring portability across cloud environments.
⥠High Performance
Optimized for high throughput and low latency operations, even with large files.
ð Built-in Security
Support for TLS encryption, IAM policies, and encryption-at-rest.
ðŠķ Lightweight
Small footprint makes it ideal for containerized deployments in Kubernetes.
âïļ Cloud Native
Designed for modern cloud environments with distributed architecture.
ðĶ Scalability
Scales horizontally to accommodate growing storage needs.
Integration Architectureâ
Clean architecture
The layered approach ensures that the file-manager component can be easily extended to support other storage backends in the future by implementing the same interfaces.
Backend Interfaceâ
Interface-Driven Design
The file-manager uses a clean interface-driven design to:
- Abstract storage implementation details
- Enable multiple backend implementations
- Facilitate testing with mock implementations
- Enforce consistent behavior across backends
- Allow for future backend additions without API changes
Storage Interfaces
Key interfaces include:
- FileUploader: For file upload operations
- FileDownloader: For file retrieval operations
Interface segregation
Following the Interface Segregation Principle, the file-manager splits functionality into focused interfaces rather than a single monolithic one. This allows components to depend only on the functionality they need.
File Identifiersâ
Structured file IDs
The file-manager uses a structured approach for file identifiers that incorporates environment, group, team, and filename to ensure proper organization and access control.
File ID Structure Exampleâ
File ID Format
environment--group--team--filename
For example:
prod--finance--reporting--quarterly-results.xlsxdev--marketing--campaigns--summer-campaign.pdftest--engineering--platform--load-test-results.json
This structure allows for:
- Multi-tenancy through environment isolation
- Organizational hierarchy reflection
- Team-based access control
- Logical file organization
Checksum Validationâ
Data integrity
Checksum validation is critical for ensuring file integrity throughout the upload and download process. Always verify file checksums when handling user uploads.
Security Considerationsâ
ð Credentials Management
Access keys are managed securely through Kubernetes secrets and environment variables.
ð TLS Encryption
Communication with MinIO uses TLS encryption when useSSL is enabled.
ðĄïļ JWT Authentication
API endpoints require valid JWT tokens, ensuring only authorized users can access files.
ðĪ Access Control
File IDs include group and team information to enable fine-grained access control.
ð Audit Logging
All file operations are logged with user context for auditability.
âąïļ Temporary URLs
Support for time-limited presigned URLs for secure file sharing.
Configurationâ
The S3 backend is configured through environment variables or config files:
# Example configuration
s3:
endpoint: "s3.example.com"
accessKey: "${S3_ACCESS_KEY}"
secretKey: "${S3_SECRET_KEY}"
bucket: "file-manager"
useSSL: true
Kubernetes Configurationâ
Kubernetes integration
In a Kubernetes environment, the MinIO credentials are typically stored in a Secret and injected as environment variables.
Advanced Featuresâ
Object Lifecycle Management
The file-manager supports object lifecycle policies for:
- Automatic deletion of temporary files
- Moving older files to archive storage
- Setting retention policies by file type
- Version management of important documents
Multi-part Uploads
For large files, multi-part uploads provide:
- Better handling of network interruptions
- Parallel upload of file parts
- Progress tracking for large transfers
- Improved performance for large files
Related Resourcesâ
File Manager
Learn about the file manager component that uses MinIO for storage.
Go Language
Explore the foundational language used in the Control Plane.