Skip to content

fix(presign): remove storage baseUri configuration #264

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
andrewazores merged 2 commits into from
Oct 9, 2025
Merged

fix(presign): remove storage baseUri configuration #264

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
fd6e4d4
fix(presign): remove storage baseUri configuration
andrewazores Sep 30, 2025
38caaa0
update readme
andrewazores Oct 2, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions charts/cryostat/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ certificate issuance and rotation.
| `storage.image.tag` | Tag for the storage container image | `latest` |
| `storage.storageSecretName` | Name of the secret containing the object storage secret access key. This secret must contain a STORAGE_ACCESS_KEY secret which is the object storage secret access key. It must not be updated across chart upgrades, or else the connection between Cryostat components and object storage will not be able to initialize. If using an external S3 provider requiring authentication then this **must** be provided. It is recommended that the secret should be marked as immutable to avoid accidental changes to secret's data. More details: [Kubernetes Secrets](https://kubernetes.io/docs/concepts/configuration/secret/#secret-immutable) | `""` |
| `storage.provider.url` | URL to the S3 object storage provider instance. This can be an in-cluster self-hosted instance with a hostname like s3.storage.local, or it can be an external commercial service. This should include scheme, host, and port. User authenication information should be provided using a *Secret* and *storage.storageSecretName*. If this is not specified then a managed [cryostat-storage](https://github.com/cryostatio/cryostat-storage) instance will be automatically deployed and configured. If an unmanaged S3 instance is specified here then other storage configuration settings (such as at-rest encryption, Pod annotations, Service configurations) do not apply. Production installations of Cryostat should not rely on `cryostat-storage` | `""` |
| `storage.provider.usePathStyleAccess` | whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility, but subdomain resolution generally offers better performance if it is available | `true` |
| `storage.provider.usePathStyleAccess` | whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility for low-footprint storage container installations, but subdomain resolution generally offers better performance if it is available and may be required for use with commercial storage providers. | `true` |
| `storage.provider.region` | S3 object storage provider region. This may be used by the storage provider to geolocate the physical storage in a particular region for regulatory, performance, or cost reasons | `""` |
| `storage.provider.authentication.credentialsType` | configuration for how the S3 client will locate credentials for the S3 service. See: [Quarkus S3 client](https://docs.quarkiverse.io/quarkus-amazon-services/dev/amazon-s3.html#) | `default` |
| `storage.provider.tls.trustAll` | enable this to disable TLS certificate verification on the S3 client | `false` |
Expand All @@ -196,7 +196,7 @@ certificate issuance and rotation.
| `storage.buckets.names.threadDumps` | the name of the storage bucket containing archived Thread Dumps | `threaddumps` |
| `storage.buckets.names.heapDumps` | the name of the storage bucket containing archived Heap Dumps | `heapdumps` |
| `storage.buckets.names.metadata` | the name of the storage bucket containing files' metadata. Only used if storage.provider.metadata.storageMode is set to 'bucket'. | `metadata` |
| `storage.encryption.enabled` | Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security | `true` |
| `storage.encryption.enabled` | Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. This is only used for the managed cryostat-storage instance and will have no effect if an external, unmanaged storage provider is configured. | `true` |
| `storage.podAnnotations` | Annotations to be applied to the Storage Pods | `{}` |
| `storage.service.type` | Type of Service to create for the object storage | `ClusterIP` |
| `storage.service.port` | Port number to expose on the Service | `8333` |
Expand Down
2 changes: 0 additions & 2 deletions charts/cryostat/templates/cryostat_deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -248,8 +248,6 @@ spec:
value: localhost
- name: QUARKUS_HTTP_PORT
value: "8800"
- name: CRYOSTAT_STORAGE_BASE_URI
value: http://{{ $fullName }}-storage:{{ .Values.storage.service.port }}
{{- with (.Values.datasource.config).extra.envVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
Expand Down
2 changes: 0 additions & 2 deletions charts/cryostat/templates/reports_deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,8 +47,6 @@ spec:
value: "{{ .Values.reports.service.httpPort }}"
- name: QUARKUS_LOG_LEVEL
value: {{ .Values.reports.debug.log.level }}
- name: CRYOSTAT_STORAGE_BASE_URI
value: http://{{ $fullName }}-storage:{{ .Values.storage.service.port }}
{{- with (.Values.reports.config).extra.envVars }}
{{- toYaml . | nindent 10 }}
{{- end }}
Expand Down
3 changes: 0 additions & 3 deletions charts/cryostat/tests/cryostat_deployment_test.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -466,9 +466,6 @@ tests:
- equal:
path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].env[?(@.name=='QUARKUS_HTTP_PORT')].value
value: "8800"
- equal:
path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].env[?(@.name=='CRYOSTAT_STORAGE_BASE_URI')].value
value: http://RELEASE-NAME-cryostat-storage:8333
- equal:
path: spec.template.spec.containers[?(@.name=='cryostat-jfr-datasource')].ports[0].containerPort
value: 8800
Expand Down
4 changes: 2 additions & 2 deletions charts/cryostat/values.schema.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -673,7 +673,7 @@
},
"usePathStyleAccess": {
"type": "boolean",
"description": "whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility, but subdomain resolution generally offers better performance if it is available",
"description": "whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility for low-footprint storage container installations, but subdomain resolution generally offers better performance if it is available and may be required for use with commercial storage providers.",
"default": true
},
"region": {
Expand Down Expand Up @@ -788,7 +788,7 @@
"properties": {
"enabled": {
"type": "boolean",
"description": "Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security",
"description": "Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. This is only used for the managed cryostat-storage instance and will have no effect if an external, unmanaged storage provider is configured.",
"default": true
}
}
Expand Down
4 changes: 2 additions & 2 deletions charts/cryostat/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -277,7 +277,7 @@ storage:
provider:
## @param storage.provider.url URL to the S3 object storage provider instance. This can be an in-cluster self-hosted instance with a hostname like s3.storage.local, or it can be an external commercial service. This should include scheme, host, and port. User authenication information should be provided using a *Secret* and *storage.storageSecretName*. If this is not specified then a managed [cryostat-storage](https://github.com/cryostatio/cryostat-storage) instance will be automatically deployed and configured. If an unmanaged S3 instance is specified here then other storage configuration settings (such as at-rest encryption, Pod annotations, Service configurations) do not apply. Production installations of Cryostat should not rely on `cryostat-storage`
url: ""
## @param storage.provider.usePathStyleAccess whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility, but subdomain resolution generally offers better performance if it is available
## @param storage.provider.usePathStyleAccess whether path-style accesses are used for ex. object buckets. If path style access is not used then DNS subdomain resolution will be used. This is *true* by default for broader compatibility for low-footprint storage container installations, but subdomain resolution generally offers better performance if it is available and may be required for use with commercial storage providers.
usePathStyleAccess: true
## @param storage.provider.region S3 object storage provider region. This may be used by the storage provider to geolocate the physical storage in a particular region for regulatory, performance, or cost reasons
region: ''
Expand Down Expand Up @@ -307,7 +307,7 @@ storage:
## @param storage.buckets.names.metadata the name of the storage bucket containing files' metadata. Only used if storage.provider.metadata.storageMode is set to 'bucket'.
metadata: metadata
encryption:
## @param storage.encryption.enabled Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security
## @param storage.encryption.enabled Enable at-rest encryption of stored objects. The storage container will generate a secret key for each stored object and use this key to encrypt and decrypt objects transparently. The key is written to the object metadata, so in the default storage container configuration this only adds a small layer of additional security. This is only used for the managed cryostat-storage instance and will have no effect if an external, unmanaged storage provider is configured.
enabled: true
## @param storage.podAnnotations [object] Annotations to be applied to the Storage Pods
podAnnotations: {}
Expand Down