UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Add doc objectstorage

Merged Add doc objectstorage
add-doc-objectstorage into master
All threads resolved!
Merged Kavitha Thulasiraman requested to merge add-doc-objectstorage into master
All threads resolved!
Compare
and
Show latest version
1 file
+ 57
31
Compare changes
  • Side-by-side
  • Inline
docs/developer/package-integration/package-integration-storage.md
+ 57
31
@@ -8,7+8,7 @@
Blob storage bucket available with correct permissions, or Minio Addon is enabled at the BigBang level. Alternatively, you have (1) an existing Minio Instance, or (2) AWS S3 AccessKey and SecretKey.
## Integration
There are currently 2 typical ways in bigbang that packages connect to object storage.
@@ -29,7+29,7 @@
objectStorage:
# -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used.
# Entering connection info will enable this option and will auto-create any required secrets
type: "" # supported types are "s3" or "minio"
type: "s3"
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
endpoint: "https://s3.amazonaws.com"
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
# -- If using accessKey and accessSecret, the iamProfile must be left as an empty string: ""
accessKey: ""
accessKey: "AHDKEJ3BYNC8B2BFJ38NRB"
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
accessSecret: "LKSJF2343KS9LS21J3KK20"
# -- Bucket prefix to use for identifying buckets.
# Example: "prod" will produce "prod-gitlab-bucket"
bucketPrefix: ""
bucketPrefix: "prod"
# -- NOTE: Current bug with AWS IAM Profiles and Object Storage where only artifacts are stored. Fixed in Gitlab 14.5
# -- Name of AWS IAM profile to use.
@@ -67,41 +65,52 @@ Add objectStorage values for the package in bigbang/chart/values.yaml
If object storage values are NOT present then the minio cluster is enabled and default values declared in the package are used.
```yml
{{- if .Values.addons.gitlab.objectStorage.endpoint }}
task-runner:
backups:
objectStorage:
config:
secret: gitlab-object-storage
key: backups
{{- with .Values.addons.<package>.objectStorage }}
{{- if and .endpoint .accessKey .accessSecret .bucket }}
fileStore:
accessKey: "{{ .accessKey }}"
accessSecret: "{{ .accessSecret }}"
endpoint: "{{ .endpoint }}"
bucket: "{{ .bucket }}"
{{- end }}
{{- end }}
```
Example: [GitLab](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/10d43bea9351b91dfc6f14d3b0c2b2a60fe60c6a/chart/templates/gitlab/values.yaml#L49)
Example: [MatterMost](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/master/chart/templates/mattermost/mattermost/values.yaml#L66-68) passes the endpoint and bucket via chart values.
2. Package chart accepts a secret name where all the object storage connection info is defined. In these cases we make the secret in the BB chart.
- add conditional statement in `chart/templates/<package>/values.yaml` to add values for object storage secret, if object storage values exist. Otherwise the minio cluster is used.
```yml
{{- with .Values.addons.mattermost.objectStorage }}
{{- if and .endpoint .accessKey .accessSecret .bucket }}
fileStore:
secret: "mattermost-objectstorage-secret"
url: {{ .endpoint }}
bucket: {{ .bucket }}
{{- else }}
minio:
install: true
accessKey: {{ .accessKey | default "minio" }}
secretKey: {{ .secretKey | default "BigBangDEVONLY" }}
imagePullSecrets:
- name: private-registry
{{- end }}
{{- end }}
objectStorage:
config:
secret: <package>-object-storage
key: backups
```
Example: [Mattermost secret-objectstore.yaml](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/master/chart/templates/mattermost/mattermost/secret-objectstore.yaml)
Example: [GitLab](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/master/chart/templates/gitlab/values.yaml#L54-57)
- Create the secret in the Big Bang chart. (NOTE: Replace <package> with your package name in the example below)
```yml
{{- if .Values.addons.<package>.enabled }}
{{- with .Values.addons.<package>.objectStorage }}
{{- if and .endpoint .accessKey .accessSecret }}
apiVersion: v1
kind: Secret
metadata:
name: <package>-object-storage
namespace: <package>
type: kubernetes.io/opaque
stringData:
bucket: {{ .bucket | default "<package>-bucket" }}
accesskey: {{ .accessKey }}
secretkey: {{ .accessSecret }}
endpoint: {{ .endpoint }}
{{- end }}
{{- end }}
{{- end }}
```
Example: [GitLab secret-objectstore.yaml](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/blob/master/chart/templates/gitlab/secret-objectstore.yaml)
## Validation
For validating connection to the object storage in your environment or testing in CI pipeline you will need to add the object storage specific values to your overrides file or `./tests/test-values.yaml` respectively. If you are using Minio, ensure `addons.minio.enabled: true`.
@@ -118,4 +127,21 @@ addons:
accessSecret: "LKSJF2343KS9LS21J3KK20"
bucket: "myMMBucket"
```
For testing with the CI pipeline, create a `tests/dependencies.yaml` and include Minio.
```yml
miniooperator:
git:
repo: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git"
tag: "4.2.3-bb.2"
namespace: "minio-operator"
minio:
git:
repo: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git"
tag: "4.2.3-bb.6"
namespace: minio
```
Example: [Velero dependencies.yaml](https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/tests/dependencies.yaml)
In order to test that the object storage is working, perform an action that stores a file. For example, if using Mattermost, upload an image for a user avatar.
\ No newline at end of file

UNCLASSIFIED - NO CUI