A variety of Deis components rely on an object storage system to do their work. These components are:
These components are built flexibly, so they can work out of the box with almost any system that is compatible with the S3 API.
Additionally, Deis ships with a Minio component. This component runs as a Kubernetes service, and the components listed above are configured to automatically look for that service and use it as object storage if it's available.
The Deis components determine what object storage system to use via environment variables that you set up. The below list is the lookup order for all Deis components.
DEIS_OUTSIDE_STORAGE- The external S3-compatible object storage system. Commonly used URLs:s3.amazonaws.comfor Amazon S3storage.googleapis.comfor Google Cloud Storage
DEIS_MINIO_SERVICE_HOSTandDEIS_MINIO_SERVICE_PORT- The in-cluster Minio service. Note that these will be set automatically by Kubernetes if you run Minio as a service in the cluster. See the Minio service from the Deis Minio Chart for an example service.
In the Deis V2 Beta release, all components read credentials from the filesystem, and we suggest that credentials are stored in Kubernetes secrets and mounted to the appropriate location for the component. See the below list for the expected location for each component, and see the deis-dev chart for examples of using and mounting secrets.
- builder
- Key:
/var/run/secrets/object/store/access-key-id - Secret
/var/run/secrets/object/store/access-key-secret
- Key:
- slugbuilder
- Key:
/var/run/secrets/object/store/access-key-id - Secret
/var/run/secrets/object/store/access-key-secret
- Key:
- slugrunner
- Key:
/var/run/secrets/object/store/access-key-id - Secret:
/var/run/secrets/object/store/access-key-secret
- Key:
- registry
- Key:
/var/run/secrets/deis/registry/creds/accesskey - Secret:
/var/run/secrets/deis/registry/creds/secretkey
- Key:
- database
- Key:
/etc/wal-e.d/env/access-key-id - Secret:
/etc/wal-e.d/env/access-key-secret
- Key:
As you may know Google Cloud Storage (GCS) can interoperate with the S3 API, and, if you choose to use Google Cloud Storage for object storage, you'll have to turn on this interoperability mode.
If you choose to use Google Cloud Storage, set your DEIS_OUTSIDE_STORAGE_HOST environment variable to storage.googleapis.com, and follow these instructions to generate an S3 compatible access key ID and access key secret. Store these credentials just as you would if they were AWS S3 or Minio credentials (see the "Storing Credentials" section above).
The only currently known limitation is that the Deis registry component will not automatically look up the minio service, nor will it look for other storage env vars. That fix is being tracked in a GitHub issue and is planned for our beta release.