doc(configuring-object-storage.md): add section on storing credentials & GCS #68
Conversation
…s & GCS also adds the database component to the list of things that needs S3
|
|
||
| As you may know Google Cloud Storage (GCS) can [interoperate with the S3 API](https://cloud.google.com/storage/docs/interoperability), and, if you choose to use Google Cloud Storage for object storage, you'll have to turn on this interoperability mode. | ||
|
|
||
| If you choose to use Google Cloud Storage, set your `DEIS_OUTSIDE_STORAGE_HOST` environment variable to `storage.googleapis.com`, and follow [these instructions](https://cloud.google.com/storage/docs/migrating?hl=en_US#keys) to generate an S3 compatible access key ID and access key secret. Store these credentials just as you would if they were AWS S3 or Minio credentials (see the "Storing Credentials" section above). |
There was a problem hiding this comment.
URL should be along with the scheme http or https
https://github.com/deis/builder/blob/master/pkg/gitreceive/storage/endpoint.go#L25
There was a problem hiding this comment.
@smothiki if the URL doesn't have a scheme, then that stripScheme func is a no-op, so it is ok to leave off the scheme.
There was a problem hiding this comment.
ok also https://github.com/deis/builder/blob/master/pkg/gitreceive/storage/endpoint.go#L13
its "DEIS_OUTSIDE_STORAGE" there is no HOST
|
Builder needs a separate config settings for any endpoint same instructions goes for aws S3 as well. |
|
Please don't merge this until documentation is complete. |
I think that can be specified elsewhere in another PR since this just addresses S3 credentials. |
|
Builder needs a separate configuration apart from other components in the platform. Also there is an error in the docs, need to set URL scheme as well |
I don't understand what you mean here. What is the separate config setting besides
Why will
Similar to my above comment, can you give more details on what the separate configuration is? IIRC, I've removed the |
|
if there is a git bucket already exists in GCS storage we cannot PUT or GET from the bucket if "git " bucket is not registered under user credentials |
|
Also the code defaults to MInio USER host and PORT . So if user has to set back-end to AWS . He has to do the similar config changes as GCS but it is not documented in this DOC |
…UTSIDE_STORAGE_PORT in favor of DEIS_OUTSIDE_STORAGE. also, include examples for outside storage URLs
…he BUCKET env var
|
@smothiki according to https://github.com/deis/builder/blob/master/pkg/gitreceive/storage/endpoint.go#L53-L62, the builder defaults to outside storage. Do my recent changes in arschles@1a0ba70 clearly specify that the |
|
I meant deis-builder-rc in deis-dev charts by default doesn't have DEIS_OUTSIDE_STORAGE variable set. So code defaults to Minio host and port. |
|
I think you have generalized this for every deis component. The setting are only valid for builder and its components not for other services. ping @bacongobbler for database , @kmala for registry. |
| @@ -15,10 +16,42 @@ Additionally, Deis ships with a [Minio](http://minio.io) [component](https://git | |||
|
|
|||
| # Telling Deis What to Use | |||
|
|
|||
| The Deis components determine what object storage system to use via environment variables that you set up: | |||
| The Deis components determine what object storage system to use via environment variables that you set up. The below list is the lookup order for all Deis components. | |||
There was a problem hiding this comment.
@arschles Im good with the PR if you can some how add a special column for builder storage settings. This heading says the below settings are for deis which is not true.
There was a problem hiding this comment.
yup, added sections in arschles@238a71f
…o multiple component-specific sections
|
@smothiki I've separated each component into its own section in arschles@238a71f, and left |
|
@smothiki also, I've clarified that |
|
@kmala @bacongobbler @smothiki I've removed both LGTMs, since after they were both on, there were a significant amount of comments changes. Can you all do another review? |
|
database documentation is a wee bit generic, but it's great that we have this in here so we can point users where to look. I can follow up with more in-depth documentation in the future. 👍 |
|
@bacongobbler thanks for the honesty (I suspected as much!) - think this is ok to merge, along with an issue to improve these docs? |
|
absolutely. This is a great starting point that we can build on top of. |
|
k, cool. thanks! |
|
closes #29 |
|
also closes #26 |
| The only currently known limitation is that [the Deis registry component](https://github.com/deis/registry) will not automatically look up the minio service, nor will it look for other storage env vars. That fix is being tracked in a [GitHub issue](https://github.com/deis/registry/issues/7) and is planned for our beta release. | ||
| Below is a list of known limitations of our components' ability to interact with object storage systems. | ||
|
|
||
| - [The Deis registry component](https://github.com/deis/registry) will not automatically look up the Kubernetes Minio service, nor will it look for other storage env vars. That fix is being tracked in a [GitHub issue](https://github.com/deis/registry/issues/7) and is planned for our beta release. |
There was a problem hiding this comment.
This is no more a limitation.fixed in deis/registry#27
There was a problem hiding this comment.
thanks @kmala. removed in arschles@7851b48
…tion that no longer exists
|
|
||
| ### Credentials | ||
|
|
||
| The registry reads the credential information from a `/var/run/secrets/deis/registry/creds/objectstorage-keyfile` file. See https://github.com/deis/charts/blob/master/deis-dev/tpl/deis-objectstorage-secret.yaml for an example of what that file should look like. |
There was a problem hiding this comment.
Can we write this way: The registry reads the credential information from a /var/run/secrets/deis/registry/creds/objectstorage-keyfile file. This is generated automatically during helm generate based on the configuration options given in the https://github.com/deis/charts/blob/master/deis-dev/tpl/objectstorage.toml.
…rate language to the DB credentials section
…rate logic to the registry credentials section
|
|
||
| ### Environment Variables | ||
|
|
||
| The builder looks for the below environment variables to determine where the object storage system is. The builder looks in-order for these variables. If it finds two, the one higher in the list will be used. |
There was a problem hiding this comment.
It might be easier to just explicitly state the preferred variable in the case of all of them being present. E.g.,
If it finds two, DEIS_OUTSIDE_STORAGE will take precedence and external object storage configuration will be applied.
There was a problem hiding this comment.
Good idea. Fixed in f575341
…cs less repetitive and more approachable
… generate in backticks
…var lookup order also split up paragraph about BUCKET - hopefully that makes it more readable
|
All amendments look good! |
|
thanks @kmala @smothiki @jackfrancis @bacongobbler for your reviews |
doc(configuring-object-storage.md): add section on storing credentials & GCS
also adds the database component to the list of things that needs S3
Fixes deis/builder#197
cc/ @smothiki