Skip to content

[installer]: allow the s3 connection to be insecure #13244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 26, 2022
Merged

[installer]: allow the s3 connection to be insecure #13244

merged 1 commit into from
Sep 26, 2022

Conversation

mrsimonemms
Copy link
Contributor

@mrsimonemms mrsimonemms commented Sep 23, 2022
edited
Loading

Description

We often tell people that, if they're unable to use the configuration of the in-cluster Minio that they should deploy their own to their cluster and connect to it over the Kubernetes core DNS. However, this isn't currently possible because the S3 connection expects for it to be over HTTPS. When using a local Kubernetes endpoint, this is likely to be over HTTP.

This allows for an S3 endpoint to use an insecure URL.

The default expectation of it being over HTTPS has not changed.

Fixes #6776
Fixes #9698
Fixes #12416

How to test

Deploy the KubeCon demo instance (run make on an Ubuntu machine). We need this for KubeCon as the default 8Gi PVC is not large enough, so need to configure a larger PVC.

Release Notes

[installer]: allow the s3 connection to be insecure

Documentation

Werft options:

  • /werft with-local-preview
    If enabled this will build install/preview
  • /werft with-preview
  • /werft with-integration-tests=all
    Valid options are all, workspace, webapp, ide

@mrsimonemms
Copy link
Contributor Author

mrsimonemms commented Sep 23, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run publish-to-kots

👍 started the job as gitpod-build-sje-demo.1
(with .werft/ from main)

@mrsimonemms
Copy link
Contributor Author

mrsimonemms commented Sep 23, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run publish-to-kots

👍 started the job as gitpod-build-sje-demo.3
(with .werft/ from main)

@mrsimonemms mrsimonemms marked this pull request as ready for review September 24, 2022 21:13
@mrsimonemms mrsimonemms requested a review from a team September 24, 2022 21:13
@github-actions github-actions bot added the team: delivery Issue belongs to the self-hosted team label Sep 24, 2022
@roboquat roboquat added size/S and removed size/XS labels Sep 25, 2022
@mrsimonemms
Copy link
Contributor Author

mrsimonemms commented Sep 25, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run

👍 started the job as gitpod-build-sje-demo.5
(with .werft/ from main)

@aledbf
Copy link
Member

aledbf commented Sep 25, 2022

@mrsimonemms why? we should not say yes to everything. Having SSL for S3 is not too much to ask.

@mrsimonemms
Copy link
Contributor Author

mrsimonemms commented Sep 26, 2022
edited
Loading

@aledbf it's so we can use a Minio instance that's deployed in the cluster, but not the in-cluster configuration that we provide. For the longest time, we've said that people are able to configure their own Minio instance and then talk to it locally, but this is not actually the case - the in-cluster Minio connects via HTTP and this allows a user to configure their own Minio on their machine and route through there.

One example is that this will allow users to configure S3 instances that don't use regions in the URL (eg, DigitalOcean/Storj.io) or where they want to use an in-cluster solution, but an 8Gi PVC isn't big enough (eg #9698 or #12416)

@nandajavarma
Copy link
Contributor

nandajavarma commented Sep 26, 2022
edited by werft-gitpod-dev-com bot
Loading

/werft run with-sh-preview=true

👍 started the job as gitpod-build-sje-demo.7
(with .werft/ from main)

@nandajavarma
Copy link
Contributor

Tests looked good! https://werft.gitpod-dev.com/job/gitpod-k3s-installer-tests-head.28

@roboquat roboquat merged commit 37ff91e into main Sep 26, 2022
@roboquat roboquat deleted the sje/demo branch September 26, 2022 09:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nandajavarma nandajavarma nandajavarma approved these changes

Assignees
No one assigned
Labels
release-note size/S team: delivery Issue belongs to the self-hosted team
Projects
None yet
Milestone
No milestone
4 participants
@mrsimonemms @aledbf @nandajavarma @roboquat