Skip to content

Expose minio #548

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
hardbyte merged 7 commits into from
Apr 27, 2020
Merged

Expose minio #548

hardbyte merged 7 commits into from
Apr 27, 2020

Conversation

@hardbyte
Copy link
Collaborator

@hardbyte hardbyte commented Apr 22, 2020

This PR is mostly around the kubernetes deployment of minio it builds on #547 .

  • removes default minio credentials
  • provides info through the temp auth api about whether minio requires a secure connection
  • tweaks the temp auth api to return a 201 rather than 200 status code.
  • uses the external address of minio, if the user has configured an ingress
  • I updated the notes that are printed on deployment too.

Other than the e2e tests I've also drafted a branch of anonlink-client which uses a deployment of this expose-minio branch to fetch credentials and upload data directly to the object store.

@hardbyte hardbyte requested a review from wilko77 April 22, 2020 03:17
@hardbyte hardbyte marked this pull request as ready for review April 22, 2020 22:35
@hardbyte hardbyte mentioned this pull request Apr 26, 2020
Closed
wilko77
wilko77 approved these changes Apr 27, 2020
View reviewed changes
Copy link
Collaborator

@wilko77 wilko77 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks fine

backend/entityservice/object_store.py
config.UPLOAD_OBJECT_STORE_SERVER,
config.UPLOAD_OBJECT_STORE_ACCESS_KEY,
config.UPLOAD_OBJECT_STORE_SECRET_KEY,
region="us-east-1",
Copy link
Collaborator

@wilko77 wilko77 Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why is region hard-coded when everything else is configurable?

Copy link
Collaborator Author

@hardbyte hardbyte Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It could be configurable but we'd probably have to introduce another minio/boto client just to connect to us-east-1 for the granting the temporary credentials.

deployment/entity-service/values.yaml Outdated
Comment on lines 12 to 14
## Disable the feature providing client's with restricted upload access to the object store.
## By default we don't expose the Minio object store, however it needs to be exposed when
## enabling this feature. See section `minio.ingress`.
Copy link
Collaborator

@wilko77 wilko77 Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand this comment. So what do I have to set this to to enable client upload to our Minio object store?

Copy link
Collaborator Author

@hardbyte hardbyte Apr 27, 2020

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll clarify this

@hardbyte hardbyte merged commit e01a584 into develop Apr 27, 2020
@hardbyte hardbyte deleted the expose-minio branch April 27, 2020 21:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@wilko77 wilko77 wilko77 approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@hardbyte @wilko77