Allow configuration of s3 region for registry backend #10208
Conversation
github-actions
bot
added
the
team: delivery
|
Do we need to change the region here as well? |
| @@ -201,6 +201,7 @@ type ContainerRegistryExternal struct { | |||
| type S3Storage struct { | |||
| Bucket string `json:"bucket" validate:"required"` | |||
| Certificate ObjectRef `json:"certificate" validate:"required"` | |||
| Region string `json:"region"` | |||
There was a problem hiding this comment.
Would it make sense to set cfg.Config.Metadata.Region as default value (especially for backwards compatibility)?
There was a problem hiding this comment.
By the way: Couldn't we just set the region of metadata instead?
metadata:
region: local
What is the reason that we need a specific S3 storage region that differs from the metadata region?
As far as I see this in the code metadata.region is for the storage provider and here:
Don't know for what the env variable is used, though. Maybe also for the storage provider?
There was a problem hiding this comment.
I understand what you mean, this probably is true and we don't need a separate region field for each s3 storage. In my mind I was very convinced that people might want to use buckets belonging to different regions for different usecases.
There was a problem hiding this comment.
If the user decides not to configure the object storage and uses Minio in-cluster, this will remain as local and will error
| @@ -52,6 +52,13 @@ spec: | |||
| when: '{{repl (ConfigOptionEquals "reg_incluster_storage" "s3") }}' | |||
| help_text: The name of the bucket to act as your S3 storage backend. | |||
|
|
|||
| - name: reg_incluster_storage_s3_region | |||
| title: S3 bucket region | |||
| type: text | |||
There was a problem hiding this comment.
Can we set local as default value?
There was a problem hiding this comment.
Very good point! I will add it!
There was a problem hiding this comment.
| type: text | |
| type: text | |
| value: "local" |
I think it's value that we need here, right?
@corneliusludmann This is a good question! But in the case of S3 storage(not for registry), it is already accepting the The reason why I added a new struct field is because, I was thinking what if the user wants to use two different regions for |
|
OK, I see that is for the registry buckets only. Sorry, I missed this. 😇 Thank you for explaining your reasoning. Makes sense and I see the benefit of having a dedicated config value! 👍 I see the following issues with having a second region config for the registry only:
When we don't have an urgent requirement to have separate regions for bucket storage and registry storage, I would prefer to just change the KOTS UI to be able to change the S3 region even when it's used for the internal registry only. And when we think it would be beneficial in the future to have separate configs for both, then we should introduce a v2 version of the config for the June release that replaces the @mrzarquon What do you think? |
|
Thanks for your detailed thoughts, @corneliusludmann! I will for now rollback to using |
nandajavarma
force-pushed
the
nvn/fix-9800
branch
from
23971d8 to
6eb9ba0
Compare
|
/werft run 👍 started the job as gitpod-build-nvn-fix-9800.7 |
There was a problem hiding this comment.
There is an issue with the current implementation:
The user could set different values for Container registry → S3 bucket region and Object storage → Storage region. However, we don't support different values and one value will be overwritten.
As far as I know, KOTS doesn't support field validation (so that we cannot simply reject when users have different values in the fields).
What other option do we have?
- Move the storage region to a common section at the bottom and make it visible when one of the 2 (storage or registry) are configured.
- Move the storage region to the general section at the top, make it always visible, and call it just “region” (would fit better to the installer config where it is just
metadata.region. - Just live with it how it currently is and find a better approach later.
@lucasvaltl What do you think from a product perspective?
I personally would prefer (2). With a proper help text, we could make clear what it is for. In my opinion (1) does not fit very well in what we currently have and it could be confusing when this text field appears/disappears.
| @@ -52,6 +52,13 @@ spec: | |||
| when: '{{repl (ConfigOptionEquals "reg_incluster_storage" "s3") }}' | |||
| help_text: The name of the bucket to act as your S3 storage backend. | |||
|
|
|||
| - name: reg_incluster_storage_s3_region | |||
| title: S3 bucket region | |||
| type: text | |||
There was a problem hiding this comment.
| type: text | |
| type: text | |
| value: "local" |
I think it's value that we need here, right?
|
With very limited context, I agree that (2) sounds like the best approach. I do have questions though - is the original problem here that we do not allow you to set a region for S3 if S3 is being used as the storage for the (in cluster?) container registry? (If yes, how many customers are using this right now?) And right now we are just reusing the value from |
| @@ -9,7 +9,7 @@ metadata: | |||
| app: gitpod | |||
| component: gitpod-installer | |||
| annotations: | |||
| kots.io/when: '{{repl and (ConfigOptionEquals "reg_incluster" "0") (ConfigOptionEquals "reg_incluster_storage" "s3") }}' | |||
| kots.io/when: '{{repl ConfigOptionEquals "reg_incluster_storage" "s3" }}' | |||
There was a problem hiding this comment.
I ran into this today, and this worked!
Description
This PR adds an option to configure the bucket region. Alongside it also ensures the secret is created even when the registry is set to
inClustersince s3 backend can be set forinClusterregistry.Related Issue(s)
Fixes #9800
How to test
Use
S3as theIn-cluster Storage providerin KOTS config UI. You will see the option to set theRegionfor S3Release Notes
Documentation