All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Configuration options:
useExistingSecretanddefaultUserCredentialsSecret. These fields allow the user to specify an existing secret containing the S3 credentials for the default user. useExistingSecretis a boolean field defaulted to false.defaultUserCredentialsSecretis a string field denoting asecretin thes3gwnamespace. It must contain 2 keys:RGW_DEFAULT_USER_ACCESS_KEYthat is the S3 Access Key for the default user.RGW_DEFAULT_USER_SECRET_KEYthat is the S3 Secret Key for the default user.
- When
useExistingSecretis set tofalse, the chart will create the secret using values from the preexisting fieldsaccessKeyandsecretKey. - Setting
accessKeyorsecretKeyas the empty string, will force the Chart to compute random alphanumeric values for the fields. - Defaulted values:
useExistingSecret: falsedefaultUserCredentialsSecret: s3gw-creds
- TLS Certificate Management
- Ability to use an optional certificate manager:
cert-manager,
to automatically provision TLS certificates. When using such feature,
cert-managerinstallation is a prerequisite. - Usage of
cert-manageris enabled by default and can be disabled with the flag:useCertManager
cert-managernamespace can be set with the following chart field:certManagerNamespace
cert-managerwill provision certificates for:- S3 service's ingress (public domain)
- UI service's ingress (public domain)
- S3 service's internal endpoint (Kubernetes private domain)
- When using
cert-manager, the user can choose between two predefinedClusterIssuer:s3gw-issuers3gw-letsencrypt-issuer
s3gw-issuercan be used to generate self-signed certificates.s3gw-letsencrypt-issuershould be used for production environments.- Please, note that when using a certificate manager, the
s3gw-issuerClusterIssuerwill be used for generating certificates for the S3 service's internal endpoint. - When the user chooses not to employ
cert-manager, TLS secrets must be filled manually. The following fields have been added to the chart for this purpose:tls.publicDomain.crttls.publicDomain.keytls.privateDomain.crttls.privateDomain.keytls.ui.publicDomain.crttls.ui.publicDomain.key
- The user can choose a custom
ClusterIssuerby setting the following chart fields:useCustomTlsIssuerandcustomTlsIssuer
- Ability to use an optional certificate manager:
cert-manager,
to automatically provision TLS certificates. When using such feature,
- Internal TLS endpoint for the S3 service
- The
s3gw-Pod can now accept TLS connections on port7481. - The
s3gw-cluster-ip-tlssecret is used to configure bothssl_certificateandssl_private_key. - The
s3gw-ClusterIP-Service has been extended to link thes3gw-Pod port7481with thes3gw-ClusterIP-Service port443.
- The
- Configuration options superseded by the newly added variables:
tls.crt,tls.keyui.tls.crt,ui.tls.key
- Dropped some entries from
s3gw-configmap:RGW_DNS_NAME,RGW_BACKEND_STORE,DEBUG_RGW- when applicable, these values are now taken directly from the chart.
- Bugfix Release: gh#aquarist-labs/s3gw#262
- Configuration options:
serviceName,publicDomain,privateDomainused to configure the s3gw-service's public domain used by the Ingress and the private domain used inside the Kubernetes cluster. - Defaulted values:
serviceName: s3gwpublicDomain: be.127.0.0.1.omg.howdoi.websiteprivateDomain: svc.cluster.local
- Configuration options:
ui.serviceName,ui.publicDomainused to configure the s3gw-ui-service's public domain used by the Ingress. - Defaulted values:
ui.serviceName: s3gw-uiui.publicDomain: fe.127.0.0.1.omg.howdoi.website
- Configuration option:
logLevelused to set the s3gw-service's log verbosity. - Defaulted value:
1
- Configuration options:
hostnameandui.hostname, both superseded by the newly added variables.
- Expose
ETagheader in the Traefik s3gw ingress to allow multipart uploads via browser (gh#aquarist-labs/s3gw-tools#170). - Add the
OPTIONSmethod to the Traefik CORS configuration (gh#aquarist-labs/s3gw-tools#188). - Fix an issue in the GW ingress related to TLS + wildcard host.
- Added some regression tests against templating failures
- Properly label all components of the chart to give helm hints about what is part of the chart.
- Redesign registry access variables to be usable with private registries
- Improve rancher questions to guide the installation in a more user friendly form
- Storage redesign storage settings to allow using an existing storage class while keeping it easy to use longhorn and local storage with minimal work required
- Give TLS certificates to UI ingress as well
- Enable TLS endpoints for Traefik ingress
- The variables
hostnameNoTLS,ui.hostnameandui.hostnameNoTLShas been added to configure the hostnames of the S3GW and S3GW-UI. - Defaulted
ui.enabledtotrue. - Rename the
access_keyandsecret_keyvariable names according the Helm Chart best practices guide toaccessKeyandsecretKey. - Rename the
enableIngressvariable toingress.enabled. - Relocate the variables
imageRegistry_ui,imageName_ui,imageTag_uiandimagePullPolicy_uitoui.imageRegistry,ui.imageName,ui.imageTagandui.imagePullPolicy
- Set 'system' flag for default user
- Added questions.yaml to support PVC selection
- Removed Traefik installation from CI pipeline
- Updated readme
- Disable version check for linter
- Configure UI and add information about CORS
- Fixed typos in documentation and code. - Add .editorconfig file.
- s3gw image set to v0.3.0 in values.yaml
- s3gw-ui image set to v0.3.0 in values.yaml
- Defaulted access_key and secret_key fields to "test" in values.yaml
- Set imageTag to a specific version rather than using "latest"
- RGW_BACKEND_STORE property set to "sfs"
- Initial version of the chart