Comments (6)
I understand.
Then I have to make a workaround where my application somehow updates the ConfigMap for s3-proxy when it creates a new bucket.
About the sidecar
I don't think that the sidecar is necessary. When I update the ConfigMap called s3-proxy-config
your application picks up the changes and reconfigures itself. (No restart needed! thank you for that! 🙏).
Reference: Because mounted ConfigMaps are updated automatically
from s3-proxy.
Hello,
Thanks for that but I won't go in that direction (like described) for many reasons.
Here are some of them:
- That implies to rework the cache of S3 clients to avoid using it (which was an optimization)
- Having the same credentials for all your buckets, it is your choice but it's not the same for everyone. Same for region, ...
- That allow people to test URLs to check what exists, what is allowed, on what the service account is limited, ... (security point)
I'm thinking about a Kubernetes Operator or Hot Reload configuration sidecar (like kiwigrid/k8s-sidecar) for many months. Maybe it is time to think more about it ;) .
Regards,
EDIT: Chart must be changed to support that kind of usage. For the moment, the chart only support sidecard without sharing any volumes or anything.
from s3-proxy.
That's another possibility. And yes configuration is hot-reloaded ;). Happy that this will help you.
from s3-proxy.
I just merged a new chart that can have sidecars using same volumes, a new version of the application that can be started without any configuration. I think you have everything to create a sidecar that generate multiple configurations files for example or just gives your configmap and avoid using the chart one ;) .
S3-proxy version 4.2.0 and chart 2.8.0
from s3-proxy.
Hello again!
Thank you for the new helm chart.
I noticed that I have to create the configuration file in the init container. Because s3-proxy won't use files created after it has started.
Sidecar example that modifies the configuration file dynamically. Uses helm chart version 2.8.0:
# helm chart version 2.8.0
# ...
# Sidecars
# The full container definition is available here.
sidecars:
- name: sidecar-container
# application that modifies the configuration file dynamically based on data in a database
image: martonsz/s3-proxy-configurator
volumeMounts:
- name: sidecar-volume
mountPath: /proxy/conf
# ....
volumeMountPaths:
configurations: /proxy/conf-original # Move this mount somewhere else because we won't use it
# ...
# ...
# This can be used to declare extra volumes.
extraVolumes:
- name: sidecar-volume
emptyDir: {}
# ...
# This is for extra mounts in the s3-proxy containers only.
# Sidecars or init containers have their own declarations.
extraVolumesMounts:
- name: sidecar-volume
mountPath: "/proxy/conf"
# Init containers declarations.
initContainers:
- name: init-container
image: martonsz/busybox-nonroot-1000
# Create a simple configuration file that can be modified later by the sidecar-container
command: ["sh","-c",'echo -e "log:\n level: debug\n format: text" > /proxy/conf/config.yml']
volumeMounts:
- name: sidecar-volume
mountPath: /proxy/conf
from s3-proxy.
Hello !
Thanks for trying this new version.
Yes you are right. I never thought about that sorry...
The application will watch only existing files detected at startup and not files created after. I will check if I can change this to add a watch directory for the configuration. For the moment, the init container is the best solution for that situation.
Regards,
Oxyno-zeta
from s3-proxy.
Related Issues (20)
- Add support for filesystem as a target HOT 1
- Proxy pre-compressed data as-is HOT 13
- Provide a way to disable folder listing HOT 9
- Support PASETO authentication HOT 4
- OIDC: no resource declared message when it is HOT 8
- Signed URL for PUT requests HOT 10
- Assume role failing via WebIdentity HOT 4
- Uploading large objects using multipart HOT 2
- [oidc] JWT auth failures respond with HTTP 500 instead of 401 HOT 2
- How to integrate with an SPA using a bearer token HOT 2
- Update project to resolve dependabot and renovate suggestions HOT 2
- Can't set a context-path for the server config HOT 1
- Handling method for storing audit log to somewhere HOT 4
- does this support Azure active directory for authentication and authorization ? HOT 9
- Potential memory leak HOT 11
- Receiving `500 Internal Server Error` instead of `403 Forbidden` HOT 5
- Docs for Key rewrite show invalid example with bucket prefix HOT 4
- Better troubleshooting support HOT 2
- Does multi-part upload work? HOT 1
- help in configuration HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from s3-proxy.