Skip to content

Commit 36018fb

Browse files
andrewazoresandrewazores
authored
fix(presign): remove storage baseUri configuration (#264)
* update readme
1 parent 89bffc5 commit 36018fb

File tree

6 files changed

+6
-13
lines changed

6 files changed

+6
-13
lines changed

charts/cryostat/README.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -184,7 +184,7 @@ certificate issuance and rotation.
184184
| `storage.image.tag` | Tag for the storage container image | `latest` |
185185
| `storage.storageSecretName` | Name of the secret containing the object storage secret access key. This secret must contain a STORAGE_ACCESS_KEY secret which is the object storage secret access key. It must not be updated across chart upgrades, or else the connection between Cryostat components and object storage will not be able to initialize. If using an external S3 provider requiring authentication then this **must** be provided. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable) | `""` |
186186
| `storage.provider.url` | URL to the S3 object storage provider instance. This can be an in-cluster self-hosted instance with a hostname like s3.storage.local, or it can be an external commercial service. This should include scheme, host, and port. User authenication information should be provided using a *Secret* and *storage.storageSecretName*. If this is not specified then a managed [cryostat-storage](https://github.com/cryostatio/cryostat-storage) instance will be automatically deployed and configured. If an unmanaged S3 instance is specified here then other storage configuration settings (such as at-rest encryption, Pod annotations, Service configurations) do not apply. Production installations of Cryostat should not rely on `cryostat-storage` | `""` |
187-
| `storage.provider.usePathStyleAccess` | whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility, but subdomain resolution generally offers better performance if it is available | `true` |
187+
| `storage.provider.usePathStyleAccess` | whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility for low-footprint storage container installations, but subdomain resolution generally offers better performance if it is available and may be required for use with commercial storage providers. | `true` |
188188
| `storage.provider.region` | S3 object storage provider region. This may be used by the storage provider to geolocate the physical storage in a particular region for regulatory, performance, or cost reasons | `""` |
189189
| `storage.provider.authentication.credentialsType` | configuration for how the S3 client will locate credentials for the S3 service. See: [Quarkus S3 client](https://docs.quarkiverse.io/quarkus-amazon-services/dev/amazon-s3.html#) | `default` |
190190
| `storage.provider.tls.trustAll` | enable this to disable TLS certificate verification on the S3 client | `false` |
@@ -196,7 +196,7 @@ certificate issuance and rotation.
196196
| `storage.buckets.names.threadDumps` | the name of the storage bucket containing archived Thread Dumps | `threaddumps` |
197197
| `storage.buckets.names.heapDumps` | the name of the storage bucket containing archived Heap Dumps | `heapdumps` |
198198
| `storage.buckets.names.metadata` | the name of the storage bucket containing files' metadata. Only used if storage.provider.metadata.storageMode is set to 'bucket'. | `metadata` |
199-
| `storage.encryption.enabled` | Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security | `true` |
199+
| `storage.encryption.enabled` | Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. This is only used for the managed cryostat-storage instance and will have no effect if an external, unmanaged storage provider is configured. | `true` |
200200
| `storage.podAnnotations` | Annotations to be applied to the Storage Pods | `{}` |
201201
| `storage.service.type` | Type of Service to create for the object storage | `ClusterIP` |
202202
| `storage.service.port` | Port number to expose on the Service | `8333` |

charts/cryostat/templates/cryostat_deployment.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -248,8 +248,6 @@ spec:
248248
value: localhost
249249
- name: QUARKUS_HTTP_PORT
250250
value: "8800"
251-
- name: CRYOSTAT_STORAGE_BASE_URI
252-
value: http://{{ $fullName }}-storage:{{ .Values.storage.service.port }}
253251
{{- with (.Values.datasource.config).extra.envVars }}
254252
{{- toYaml . | nindent 10 }}
255253
{{- end }}

charts/cryostat/templates/reports_deployment.yaml

Lines changed: 0 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -47,8 +47,6 @@ spec:
4747
value: "{{ .Values.reports.service.httpPort }}"
4848
- name: QUARKUS_LOG_LEVEL
4949
value: {{ .Values.reports.debug.log.level }}
50-
- name: CRYOSTAT_STORAGE_BASE_URI
51-
value: http://{{ $fullName }}-storage:{{ .Values.storage.service.port }}
5250
{{- with (.Values.reports.config).extra.envVars }}
5351
{{- toYaml . | nindent 10 }}
5452
{{- end }}

charts/cryostat/tests/cryostat_deployment_test.yaml

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -466,9 +466,6 @@ tests:
466466
- equal:
467467
path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].env[?(@.name=='QUARKUS_HTTP_PORT')].value
468468
value: "8800"
469-
- equal:
470-
path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].env[?(@.name=='CRYOSTAT_STORAGE_BASE_URI')].value
471-
value: http://RELEASE-NAME-cryostat-storage:8333
472469
- equal:
473470
path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].ports[0].containerPort
474471
value: 8800

charts/cryostat/values.schema.json

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -673,7 +673,7 @@
673673
},
674674
"usePathStyleAccess": {
675675
"type": "boolean",
676-
"description": "whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility, but subdomain resolution generally offers better performance if it is available",
676+
"description": "whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility for low-footprint storage container installations, but subdomain resolution generally offers better performance if it is available and may be required for use with commercial storage providers.",
677677
"default": true
678678
},
679679
"region": {
@@ -788,7 +788,7 @@
788788
"properties": {
789789
"enabled": {
790790
"type": "boolean",
791-
"description": "Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security",
791+
"description": "Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. This is only used for the managed cryostat-storage instance and will have no effect if an external, unmanaged storage provider is configured.",
792792
"default": true
793793
}
794794
}

charts/cryostat/values.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -277,7 +277,7 @@ storage:
277277
provider:
278278
## @param storage.provider.url URL to the S3 object storage provider instance. This can be an in-cluster self-hosted instance with a hostname like s3.storage.local, or it can be an external commercial service. This should include scheme, host, and port. User authenication information should be provided using a *Secret* and *storage.storageSecretName*. If this is not specified then a managed [cryostat-storage](https://github.com/cryostatio/cryostat-storage) instance will be automatically deployed and configured. If an unmanaged S3 instance is specified here then other storage configuration settings (such as at-rest encryption, Pod annotations, Service configurations) do not apply. Production installations of Cryostat should not rely on `cryostat-storage`
279279
url: ""
280-
## @param storage.provider.usePathStyleAccess whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility, but subdomain resolution generally offers better performance if it is available
280+
## @param storage.provider.usePathStyleAccess whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility for low-footprint storage container installations, but subdomain resolution generally offers better performance if it is available and may be required for use with commercial storage providers.
281281
usePathStyleAccess: true
282282
## @param storage.provider.region S3 object storage provider region. This may be used by the storage provider to geolocate the physical storage in a particular region for regulatory, performance, or cost reasons
283283
region: ''
@@ -307,7 +307,7 @@ storage:
307307
## @param storage.buckets.names.metadata the name of the storage bucket containing files' metadata. Only used if storage.provider.metadata.storageMode is set to 'bucket'.
308308
metadata: metadata
309309
encryption:
310-
## @param storage.encryption.enabled Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security
310+
## @param storage.encryption.enabled Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. This is only used for the managed cryostat-storage instance and will have no effect if an external, unmanaged storage provider is configured.
311311
enabled: true
312312
## @param storage.podAnnotations [object] Annotations to be applied to the Storage Pods
313313
podAnnotations: {}

0 commit comments

Comments
 (0)