Fix config and support multiple backends

Author: CRThaze

charts/s3proxy/README.md.gotmpl

@@ -57,8 +57,10 @@ config:
     type: "aws-v4"
     identity: "myaccesskey"
     secret: "mysecretkey"
-  backend:
-    provider: "filesystem-nio2"
+  backends:
+    filesystem:
+      enabled: true
+      nio2: true
     filesystem:
       basedir: "/data/s3proxy"
 
@@ -151,8 +153,10 @@ persistence:
 config:
   auth:
     type: "none"
-  backend:
-    provider: "transient-nio2"  # In-memory storage
+  backends:
+    transient:
+      enabled: true
+      nio2: true  # In-memory storage
 
 persistence:
   enabled: false

charts/s3proxy/override-values.example.yaml

@@ -1,8 +1,23 @@
 # Example values for s3proxy Helm chart
 # This demonstrates a typical configuration using filesystem backend with authentication
 
+# Custom image configuration (optional)
+# image:
+#   repository: andrewgaul/s3proxy
+#   tag: "latest"
+#   pullPolicy: Always
+
+# Custom config merge container image configuration (optional)
+# configMergeImage:
+#   repository: busybox
+#   tag: "1.36"
+#   pullPolicy: IfNotPresent
+
 # S3Proxy configuration
 config:
+  # Log level for S3Proxy (DEBUG, INFO, WARN, ERROR)
+  logLevel: "INFO"
+
   auth:
     # Authentication type for clients connecting to S3Proxy
     # Options: none, aws-v2, aws-v4, aws-v2-or-v4
@@ -30,24 +45,67 @@ config:
     allowCredential: true
 
   # Storage backend configuration
-  backend:
-    # Use filesystem backend for local storage
-    provider: "filesystem-nio2"
+  # Multiple backends can be enabled simultaneously
+  # Properties files will be loaded in order: main properties first, then each backend's properties
+  # Later properties can override earlier ones if there are conflicts
+  backends:
+    # Filesystem backend for local storage
     filesystem:
+      enabled: true  # Set to true to use filesystem backend
+      nio2: true  # Set to true for NIO2 implementation (filesystem-nio2), false for standard (filesystem)
       basedir: "/data/s3proxy"
 
-    # Example: AWS S3 backend (uncomment to use)
-    # provider: "aws-s3"
-    # awsS3:
-    #   region: "us-west-2"
-    #   accessKeyId: "AKIAIOSFODNN7EXAMPLE"
-    #   secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
-
-    # Example: Azure Blob backend (uncomment to use)
-    # provider: "azureblob"
-    # azureblob:
-    #   account: "mystorageaccount"
-    #   key: "base64encodedkey=="
+    # Transient (in-memory) backend - useful for testing
+    transient:
+      enabled: false  # Set to true to use transient backend
+      nio2: true  # Set to true for NIO2 implementation (transient-nio2), false for standard (transient)
+
+    # S3 backend (AWS S3 or S3-compatible storage)
+    s3:
+      enabled: false  # Set to true to use S3 backend
+      aws: true  # Set to true for AWS S3 (aws-s3 provider), false for generic S3
+      region: "us-west-2"
+      # endpoint: "https://s3.amazonaws.com"  # Optional custom endpoint (e.g., MinIO, Ceph)
+      accessKeyId: "AKIAIOSFODNN7EXAMPLE"
+      secretAccessKey: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+
+    # Azure Blob Storage backend
+    azureblob:
+      enabled: false  # Set to true to use Azure Blob backend
+      provider: "azureblob"  # Can be "azureblob" or "azureblob-sdk"
+      account: "mystorageaccount"
+      key: "base64encodedkey=="
+      # endpoint: "https://mystorageaccount.blob.core.windows.net"  # Optional
+      # sasToken: ""  # Optional SAS token
+
+    # Google Cloud Storage backend
+    googleCloudStorage:
+      enabled: false  # Set to true to use GCS backend
+      projectId: "my-project"
+      privateKey: "-----BEGIN RSA PRIVATE KEY-----\n..."
+      clientEmail: "service-account@my-project.iam.gserviceaccount.com"
+
+    # Backblaze B2 backend
+    b2:
+      enabled: false  # Set to true to use B2 backend
+      account: "account-id"
+      applicationKey: "application-key"
+
+    # OpenStack Swift backend
+    openstackSwift:
+      enabled: false  # Set to true to use Swift backend
+      authUrl: "https://auth.cloud.com/v2.0"
+      tenantName: "my-tenant"
+      userName: "my-user"
+      password: "my-password"
+      region: "RegionOne"
+
+    # Rackspace Cloud Files backend
+    rackspaceCloudfiles:
+      enabled: false  # Set to true to use Rackspace Cloud Files backend
+      region: "us"  # Region: "us" or "uk"
+      userName: "my-user"
+      apiKey: "my-api-key"
 
 # Persistence settings for filesystem backend
 persistence:

charts/s3proxy/templates/NOTES.txt

@@ -22,7 +22,40 @@
 {{- end }}
 
 2. S3Proxy Configuration:
-   - Backend Provider: {{ .Values.config.backend.provider }}
+   - Backend Provider: 
+{{- if .Values.config.backends.filesystem.enabled }}
+  {{- if .Values.config.backends.filesystem.nio2 }}
+     filesystem (filesystem-nio2)
+  {{- else }}
+     filesystem (filesystem)
+  {{- end }}
+{{- else if .Values.config.backends.transient.enabled }}
+  {{- if .Values.config.backends.transient.nio2 }}
+     transient (transient-nio2)
+  {{- else }}
+     transient (transient)
+  {{- end }}
+{{- else if .Values.config.backends.s3.enabled }}
+  {{- if .Values.config.backends.s3.aws }}
+     AWS S3 (aws-s3)
+  {{- else }}
+     Generic S3 (s3)
+  {{- end }}
+{{- else if .Values.config.backends.azureblob.enabled }}
+     Azure Blob ({{ .Values.config.backends.azureblob.provider }})
+{{- else if .Values.config.backends.googleCloudStorage.enabled }}
+     Google Cloud Storage
+{{- else if .Values.config.backends.b2.enabled }}
+     Backblaze B2
+{{- else if .Values.config.backends.openstackSwift.enabled }}
+     OpenStack Swift
+{{- else if .Values.config.backends.rackspaceCloudfiles.enabled }}
+  {{- if eq .Values.config.backends.rackspaceCloudfiles.region "uk" }}
+     Rackspace Cloud Files UK
+  {{- else }}
+     Rackspace Cloud Files US
+  {{- end }}
+{{- end }}
    - Authorization: {{ .Values.config.auth.type }}
 {{- if .Values.config.cors.enabled }}
    - CORS: Enabled
@@ -70,12 +103,22 @@
    kubectl logs -n {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "s3proxy.name" . }},app.kubernetes.io/instance={{ .Release.Name }}"
 
 5. Important Notes:
-{{- if or (eq .Values.config.backend.provider "filesystem") (eq .Values.config.backend.provider "filesystem-nio2") }}
-   - Using filesystem backend at: {{ .Values.config.backend.filesystem.basedir }}
+{{- if .Values.config.backends.filesystem.enabled }}
+   - Using filesystem backend at: {{ .Values.config.backends.filesystem.basedir }}
 {{- end }}
 {{- if not .Values.config.auth.identity }}
    - WARNING: S3Proxy identity not configured. Remember to set config.auth.identity and config.auth.secret for authentication.
 {{- end }}
-{{- if and (ne .Values.config.backend.provider "filesystem") (ne .Values.config.backend.provider "filesystem-nio2") (ne .Values.config.backend.provider "transient") (ne .Values.config.backend.provider "transient-nio2") }}
-   - Make sure to configure backend credentials for {{ .Values.config.backend.provider }}
+{{- if .Values.config.backends.s3.enabled }}
+   - Make sure to configure S3 backend credentials
+{{- else if .Values.config.backends.azureblob.enabled }}
+   - Make sure to configure Azure Blob backend credentials
+{{- else if .Values.config.backends.googleCloudStorage.enabled }}
+   - Make sure to configure Google Cloud Storage backend credentials
+{{- else if .Values.config.backends.b2.enabled }}
+   - Make sure to configure Backblaze B2 backend credentials
+{{- else if .Values.config.backends.openstackSwift.enabled }}
+   - Make sure to configure OpenStack Swift backend credentials
+{{- else if .Values.config.backends.rackspaceCloudfiles.enabled }}
+   - Make sure to configure Rackspace Cloud Files backend credentials
 {{- end }}

charts/s3proxy/templates/configmap.yaml

@@ -1,11 +1,4 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: {{ include "s3proxy.fullname" . }}
-  labels:
-    {{- include "s3proxy.labels" . | nindent 4 }}
-data:
-  s3proxy.properties: |
+{{- define "s3proxy.main.config" -}}
     # S3Proxy configuration
     s3proxy.endpoint=http://0.0.0.0:{{ .Values.service.targetPort }}
     s3proxy.authorization={{ .Values.config.auth.type }}
@@ -14,9 +7,8 @@ data:
 {{- end }}
 
 {{- if ne .Values.config.auth.type "none" }}
-    # These will be overridden by environment variables from the secret
-    s3proxy.identity=${S3PROXY_IDENTITY}
-    s3proxy.credential=${S3PROXY_CREDENTIAL}
+    # Authentication credentials will be merged from the secret properties file
+    # s3proxy.identity and s3proxy.credential will be provided by the secret
 {{- end }}
 
 {{- if .Values.config.cors.enabled }}
@@ -68,57 +60,122 @@ data:
     # Large object mocking middleware
     s3proxy.large-object-mocking=true
 {{- end }}
+{{- end }}
+
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "s3proxy.fullname" . }}
+  labels:
+    {{- include "s3proxy.labels" . | nindent 4 }}
+data:
+{{- if .Values.config.backends.filesystem.enabled }}
+  backend-filesystem.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # Filesystem backend configuration
+  {{- if .Values.config.backends.filesystem.nio2 }}
+    jclouds.provider=filesystem-nio2
+  {{- else }}
+    jclouds.provider=filesystem
+  {{- end }}
+    jclouds.filesystem.basedir={{ .Values.config.backends.filesystem.basedir }}
+{{- end }}
 
-    # JClouds backend configuration
-    jclouds.provider={{ .Values.config.backend.provider }}
+{{- if .Values.config.backends.transient.enabled }}
+  backend-transient.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
 
-{{- if or (eq .Values.config.backend.provider "filesystem") (eq .Values.config.backend.provider "filesystem-nio2") }}
-    # Filesystem backend
-    jclouds.filesystem.basedir={{ .Values.config.backend.filesystem.basedir }}
-{{- else if or (eq .Values.config.backend.provider "aws-s3") (eq .Values.config.backend.provider "s3") }}
-    # AWS S3 backend
-  {{- if .Values.config.backend.awsS3.region }}
-    jclouds.region={{ .Values.config.backend.awsS3.region }}
+    # Transient backend configuration
+  {{- if .Values.config.backends.transient.nio2 }}
+    jclouds.provider=transient-nio2
+  {{- else }}
+    jclouds.provider=transient
   {{- end }}
-  {{- if .Values.config.backend.awsS3.endpoint }}
-    jclouds.endpoint={{ .Values.config.backend.awsS3.endpoint }}
+{{- end }}
+
+{{- if .Values.config.backends.s3.enabled }}
+  backend-s3.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # S3 backend configuration
+  {{- if .Values.config.backends.s3.aws }}
+    jclouds.provider=aws-s3
+  {{- else }}
+    jclouds.provider=s3
   {{- end }}
-    # Credentials will be set via environment variables
-    jclouds.identity=${JCLOUDS_IDENTITY}
-    jclouds.credential=${JCLOUDS_CREDENTIAL}
-    {{- else if or (eq .Values.config.backend.provider "azureblob") (eq .Values.config.backend.provider "azureblob-sdk") }}
-    # Azure Blob backend
-  {{- if .Values.config.backend.azureblob.endpoint }}
-    jclouds.azureblob.endpoint={{ .Values.config.backend.azureblob.endpoint }}
+  {{- if .Values.config.backends.s3.region }}
+    jclouds.region={{ .Values.config.backends.s3.region }}
   {{- end }}
-    # Credentials will be set via environment variables
-    jclouds.identity=${JCLOUDS_IDENTITY}
-    jclouds.credential=${JCLOUDS_CREDENTIAL}
-  {{- if .Values.config.backend.azureblob.sasToken }}
-    jclouds.azureblob.sas=${JCLOUDS_AZURE_SAS}
+  {{- if .Values.config.backends.s3.endpoint }}
+    jclouds.endpoint={{ .Values.config.backends.s3.endpoint }}
   {{- end }}
-{{- else if eq .Values.config.backend.provider "google-cloud-storage" }}
-    # Google Cloud Storage backend
-  {{- if .Values.config.backend.googleCloudStorage.projectId }}
-    jclouds.project-id={{ .Values.config.backend.googleCloudStorage.projectId }}
+    # Credentials will be merged from the secret properties file
+    # jclouds.identity and jclouds.credential will be provided by the secret
+{{- end }}
+
+{{- if .Values.config.backends.azureblob.enabled }}
+  backend-azureblob.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # Azure Blob backend configuration
+    jclouds.provider={{ .Values.config.backends.azureblob.provider }}
+  {{- if .Values.config.backends.azureblob.endpoint }}
+    jclouds.azureblob.endpoint={{ .Values.config.backends.azureblob.endpoint }}
   {{- end }}
-    # Credentials will be set via environment variables
-    jclouds.identity=${JCLOUDS_IDENTITY}
-    jclouds.credential=${JCLOUDS_CREDENTIAL}
-{{- else if eq .Values.config.backend.provider "b2" }}
-    # Backblaze B2 backend
-    # Credentials will be set via environment variables
-    jclouds.identity=${JCLOUDS_IDENTITY}
-    jclouds.credential=${JCLOUDS_CREDENTIAL}
-{{- else if eq .Values.config.backend.provider "openstack-swift" }}
-    # OpenStack Swift backend
-  {{- if .Values.config.backend.swift.authUrl }}
-    jclouds.keystone.auth-url={{ .Values.config.backend.swift.authUrl }}
+    # Credentials will be merged from the secret properties file
+    # jclouds.identity, jclouds.credential, and jclouds.azureblob.sas will be provided by the secret
+{{- end }}
+
+{{- if .Values.config.backends.googleCloudStorage.enabled }}
+  backend-google-cloud-storage.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # Google Cloud Storage backend configuration
+    jclouds.provider=google-cloud-storage
+  {{- if .Values.config.backends.googleCloudStorage.projectId }}
+    jclouds.project-id={{ .Values.config.backends.googleCloudStorage.projectId }}
   {{- end }}
-  {{- if .Values.config.backend.swift.region }}
-    jclouds.region={{ .Values.config.backend.swift.region }}
+    # Credentials will be merged from the secret properties file
+    # jclouds.identity and jclouds.credential will be provided by the secret
+{{- end }}
+
+{{- if .Values.config.backends.b2.enabled }}
+  backend-b2.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # Backblaze B2 backend configuration
+    jclouds.provider=b2
+    # Credentials will be merged from the secret properties file
+    # jclouds.identity and jclouds.credential will be provided by the secret
+{{- end }}
+
+{{- if .Values.config.backends.openstackSwift.enabled }}
+  backend-openstack-swift.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # OpenStack Swift backend configuration
+    jclouds.provider=openstack-swift
+  {{- if .Values.config.backends.openstackSwift.authUrl }}
+    jclouds.keystone.auth-url={{ .Values.config.backends.openstackSwift.authUrl }}
   {{- end }}
-    # Credentials will be set via environment variables
-    jclouds.identity=${JCLOUDS_IDENTITY}
-    jclouds.credential=${JCLOUDS_CREDENTIAL}
+  {{- if .Values.config.backends.openstackSwift.region }}
+    jclouds.region={{ .Values.config.backends.openstackSwift.region }}
+  {{- end }}
+    # Credentials will be merged from the secret properties file
+    # jclouds.identity and jclouds.credential will be provided by the secret
 {{- end }}
+
+{{- if .Values.config.backends.rackspaceCloudfiles.enabled }}
+  backend-rackspace-cloudfiles.properties: |
+{{- include "s3proxy.main.config" . | nindent 4 }}
+
+    # Rackspace Cloud Files backend configuration
+  {{- if eq .Values.config.backends.rackspaceCloudfiles.region "uk" }}
+    jclouds.provider=rackspace-cloudfiles-uk
+  {{- else }}
+    jclouds.provider=rackspace-cloudfiles-us
+  {{- end }}
+    # Credentials will be merged from the secret properties file
+    # jclouds.identity and jclouds.credential will be provided by the secret
+{{- end }}