Uploaded image for project: 'Mender'
  1. Mender
  2. MEN-5280

[deployments] provide a way to configure an internal and external URI to minio

    XMLWordPrintable

    Details

    • Type: Task
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
    • Backlog:
      yes
    • Days in progress:
      0

      Description

      Issue

      In the self-hosted kubernetes version of Mender, you provide a way to set up S3 storage on minio.

      Deployments only takes one variable for AWS_URI. This variable is used by Deployments itself to talk with minio and by IoT devices to fetch artifacts.

       

      With only one URI, it is not possible to use mTLS to validate incoming connections (or you have to rebuild the mender-deployments image to add a client certificate in it).

      Also, this requires connections between deployments and minio to be outbound of the cluster.

      Suggestion

      The simplest way would be to have two endpoints, AWS_URI and AWS_EXTERNAL_URI.

      AWS_URI: connection between the service deployment and S3 storage.
      AWS_EXTERNAL_URI: base URI for frontend and artifacts URIs sent to devices.

      Example:

      Parameter Description Example value Default
      global.s3.AWS_URI minio internal endpoint http://minio:9000  
      global.s3.AWS_EXTERNAL_URI minio external endpoint https://mender.webdomain.com {global.s3.AWS_URI}

      Our modifications

      We have made changes that allow us to use two endpoints to access the bucket.
      We are not GO experts but maybe this will help in your deployments:

       

        Attachments

          Activity

            People

            Assignee:
            btexier Benjamin
            Reporter:
            btexier Benjamin
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: