Skip to content

Commit 5844136

Browse files
author
Keerthan Mala
committed
feat(storage): change docs to use deis-object-storage-secret for configuring database
1 parent e94105d commit 5844136

1 file changed

Lines changed: 4 additions & 39 deletions

File tree

src/installing-workflow/configuring-object-storage.md

Lines changed: 4 additions & 39 deletions
Original file line numberDiff line numberDiff line change
@@ -119,53 +119,18 @@ If you are using the [Helm Chart for Workflow][helm-chart], put your credentials
119119

120120
## [deis/database](https://github.com/deis/postgres)
121121

122-
The database is configured slightly differently from the other components. Read the two sections below for details.
123-
124122
### Environment Variables
125123

126-
The database looks for a `DATABASE_STORAGE` environment variable, which it then uses as a key to look up the object storage location and authentication information in a configuration file. See below for the details on that file.
127-
128-
## Credentials
129-
130-
Depending on the value of `DATABASE_STORAGE`, the database will either read the credentials from a generic objectstore secret or from a minio-user secret.in `/var/run/secrets/deis/objectstore/creds/` or from `/var/run/secrets/deis/database/creds/`. The following ways to configure the database are listed below.
131-
132-
### Minio
133-
134-
If the `DATABASE_STORAGE` backend is configured as anything else other than "s3", the database will receive its credentials from `/var/run/secrets/deis/database/creds/`. This is generated based on the configuration options given in the https://github.com/deis/charts/blob/master/workflow-dev/manifests/deis-minio-secret-user.yaml file. The access key and secret key must be `base64` encoded.
135-
136-
Connection details to minio are configured via `DEIS_MINIO_SERVICE_HOST` and `DEIS_MINIO_SERVICE_PORT`, both of which are provided by the `deis-minio` service.
137-
138-
### Amazon Simple Storage Service (S3)
139-
140-
If the `DATABASE_STORAGE` backend is configured as "s3", the database will receive its credentials from `/var/run/secrets/deis/objectstore/creds/`. This is generated automatically (as part of the `helm generate` command) based on the configuration options given in the https://github.com/deis/charts/blob/master/workflow-dev/tpl/objectstorage.toml file.
124+
The database looks for a `DATABASE_STORAGE` environment variable, which it then uses as a key to look up the object storage location and authentication information in a configuration file. See below for details on that file.
141125

142-
### Google Cloud Storage (Interoperability Mode)
143-
144-
[Google Cloud Storage](https://cloud.google.com/storage/) (GCS) can interoperate with the S3 API using a feature called [interoperability](https://cloud.google.com/storage/docs/interoperability). If you choose to use GCS for object storage for database, you'll have to turn on this interoperability mode. In order to do so, please follow the steps in the [GCS migration documentation](https://cloud.google.com/storage/docs/migrating?hl=en_US#migration-simple).
145-
146-
If the `DATABASE_STORAGE` backend is configured as "gcs", the database will receive its credentials from `/var/run/secrets/deis/database/creds/`. This is generated based on the configuration options given in the https://github.com/deis/charts/blob/master/workflow-dev/manifests/deis-minio-secret-user.yaml file. The access key and secret key must be `base64` encoded.
147-
148-
You'll also need to add two environment variables to the https://github.com/deis/charts/blob/master/workflow-dev/tpl/deis-database-rc.yaml file so the database can communicate with Google Cloud Storage instead of minio. Add these values to your `spec.template.spec.containers[0].env` section, then run `helm generate` for the settings to take effect the next time you install workflow:
126+
### Credentials
149127

150-
```yaml
151-
- name: DEIS_MINIO_SERVICE_HOST
152-
value: storage.googleapis.com
153-
- name: DEIS_MINIO_SERVICE_PORT
154-
value: "443"
155-
```
128+
The database reads the credential information from a `objectstorage-keyfile` secret. This is generated automatically (as part of the `helm generate` command) based on the configuration options given in the [objectstorage.toml file][objectstorage-toml] file.
156129

157130
### Helm Chart
158131

159-
If you are using the [Helm Chart for Workflow][helm-chart], you'll have to put your credentials into the below two places before you run `helm generate`. For more details on using Helm, see the [installation instructions][helm-install].
160-
161-
- The [minio secret file][minio-user-secret] (under `access-key-id` and `access-secret-key`). Ensure your credentials are base64-encoded
162-
- The [objectstorage.toml][objectstorage-toml] file. Your credentials need not be base64-encoded in this file
163-
164-
Note - to base64 encode your credentials for use in the [minio secret file][minio-user-secret], you can use the `base64` tool on most systems. Here's an example usage:
132+
If you are using the [Helm Chart for Workflow][helm-chart], put your credentials in the [objectstorage.toml][objectstorage-toml] file before you run `helm generate`. Note that you don't need to base64-encode the credentials, as Helm will do that for you. For more information, see the [installation instructions][helm-install] for more details on using Helm.
165133

166-
```console
167-
echo $MY_ACCESS_KEY | base64
168-
```
169134

170135
[helm-chart]: https://github.com/deis/charts/tree/master/workflow-dev
171136
[minio-user-secret]: https://github.com/deis/charts/blob/master/workflow-dev/manifests/deis-minio-secret-user.yaml

0 commit comments

Comments
 (0)