From 39f531e5c11670619a860ceeff04a29e5baaa1cb Mon Sep 17 00:00:00 2001 From: Otto Bittner Date: Fri, 6 Oct 2023 16:51:51 +0200 Subject: [PATCH] Add filestash as example --- .../examples/filstash-s3proxy.md | 69 +++++++++++++++++++ docs/docs/workflows/s3proxy.md | 3 +- docs/sidebars.js | 5 ++ 3 files changed, 75 insertions(+), 2 deletions(-) create mode 100644 docs/docs/getting-started/examples/filstash-s3proxy.md diff --git a/docs/docs/getting-started/examples/filstash-s3proxy.md b/docs/docs/getting-started/examples/filstash-s3proxy.md new file mode 100644 index 00000000000..888ae7bc325 --- /dev/null +++ b/docs/docs/getting-started/examples/filstash-s3proxy.md @@ -0,0 +1,69 @@ + +# Deploying Filestash + +Filestash is a web frontend for different storage backends, including S3. +It is a useful application to showcase s3proxy in action. + +1. Deploy s3proxy as described in [Deployment](../../workflows/s3proxy.md#deployment). +2. Create a deployment file for Filestash with one pod: + +```sh +cat << EOF > "deployment-filestash.yaml" +apiVersion: apps/v1 +kind: Deployment +metadata: + name: filestash +spec: + replicas: 1 + selector: + matchLabels: + app: filestash + template: + metadata: + labels: + app: filestash + spec: + imagePullSecrets: + - name: regcred + hostAliases: + - ip: $(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}') + hostnames: + - "s3.eu-west-1.amazonaws.com" + containers: + - name: filestash + image: machines/filestash:latest + ports: + - containerPort: 8334 + volumeMounts: + - name: ca-cert + mountPath: /etc/ssl/certs/kube-ca.crt + subPath: kube-ca.crt + volumes: + - name: ca-cert + secret: + secretName: s3proxy-tls + items: + - key: ca.crt + path: kube-ca.crt +EOF +``` + +The pod spec includes the `hostAliases` key, which adds an entry to the pod's `/etc/hosts`. +The entry forwards all requests for `s3.eu-west-1.amazonaws.com` to the kubernetes service `s3proxy-service`. +If you followed the s3proxy [Deployment](../../workflows/s3proxy.md#deployment) guide, this service points to a s3proxy pod. + +To use other regions than `eu-west-1`, add more entries to `hostAliases` for all regions you require. +Use the same IP for those entries. For example to add `us-east-1` add: +```yaml +- ip: $(kubectl get svc s3proxy-service -o=jsonpath='{.spec.clusterIP}') + hostnames: + - "s3.us-east-1.amazonaws.com" +``` + +The spec also includes a volume mount for the TLS certificate and adds it to the pod's truststore. +Not doing this will result in TLS authentication errors. + +3. Apply the file: `kubectl apply -f deployment-filestash.yaml` + +Afterwards you can use a port forward to access the Filestash pod: +`kubectl port-forward pod/$(kubectl get pod --selector='app=filestash' -o=jsonpath='{.items[*].metadata.name}') 8443:8443` diff --git a/docs/docs/workflows/s3proxy.md b/docs/docs/workflows/s3proxy.md index e21eea3b727..948fca33b01 100644 --- a/docs/docs/workflows/s3proxy.md +++ b/docs/docs/workflows/s3proxy.md @@ -26,8 +26,7 @@ If you want to use s3proxy but these limitations stop you from doing so, please - `kubectl apply -f deployment-s3proxy.yaml` s3proxy is now deployed. -If you want to run a demo application you can checkout the [Deploy Filestash](https://github.com/edgelesssys/constellation/tree/main/s3proxy/deploy#deploying-filestash) instructions to deploy Filestash. -Filestash is a web frontend for different storage backends, including S3. +If you want to run a demo application, checkout the [Filestash with s3proxy](../getting-started/examples/filstash-s3proxy.md) example. ## Technical details diff --git a/docs/sidebars.js b/docs/sidebars.js index a2fc44def08..203e9007bd0 100644 --- a/docs/sidebars.js +++ b/docs/sidebars.js @@ -119,6 +119,11 @@ const sidebars = { label: 'Horizontal Pod Autoscaling', id: 'getting-started/examples/horizontal-scaling' }, + { + type: 'doc', + label: 'Filestash with s3proxy', + id: 'getting-started/examples/filstash-s3proxy' + }, ] }, ],