[kots] S3 Endpoint value isn't required for actual AWS S3 endpoints for in-cluster registry support #10790
Comments
mrzarquon
added
type: bug
lucasvaltl
moved this to 📓Scheduled
in 🚚 Security, Infrastructure, and Delivery Team (SID)
|
|
This looks like it's a required field in the underlying Helm chart |
|
@mrsimonemms could you take a look at this and see what the next steps should be? We did try to get to the bottom of this in this internal thread, but did not really get a good answer. |
lucasvaltl
moved this from 📓Scheduled
to 🧊Backlog
in 🚚 Security, Infrastructure, and Delivery Team (SID)
|
I'd like to have a sync on this with @mrzarquon because I'm not understanding this issue. I know we've recently updated the config on the in-cluster S3 section - hopefully this has solved it, but the sync should establish that
|
|
Talking with @mrsimonemms it looks like this is hard to detect because it only manifests by how the Registry service talks to S3, other services seem to handle it ok. We can't do things like force an S3 endpoint name based on region since that could block other S3-like endpoints. An analyzer that detects that the registry service is rebooting / falling over (which would then also create the workspace headless task failures when trying to create your first workspace) and tell the user that they need to check their S3 settings for registry would be the other half of the solution. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
1 similar comment
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
github-project-automation
bot
moved this from 🧊Backlog
to ✨Done
in 🚚 Security, Infrastructure, and Delivery Team (SID)
Bug description
Currently the Gitpod configuration screen requires one to provide an S3 endpoint to use if using the in-cluster registry. This works fine for users who aren't using an actual AWS provided S3 bucket, but for users who are, they should not provide one.
The result is that if a user uses the default regionendpoint of s3.amazonaws.com the Registry container crashes if the bucket is not in us-east-1 with a bucket not found error.
The documentation for the provider specifically calls out not setting this value if using an AWS provided S3 bucket.
To work around this at the moment, a user has to customize the S3 endpoint to point to their region specific endpoint: so in eu-west-1 it changes to s3.eu-west-1.amazonaws.com, etc.
Steps to reproduce
Install gitpod to use an in-cluster registry and an S3 bucket not in us-east-1, do not change the default value from s3.amazonaws.com
Workspace affected
No response
Expected behavior
When using an AWS S3 bucket one should just have to provide the AWS region and the storage provider will determine the specific hostname to use for the endpoint.
The option S3 storage should be something like:
Endpoint:
Use AWS provided S3 ✅
And then unchecked it asks for hostname:
Use AWS provided S3 🔲
Hostname:______
And if check box is checked, then
REGISTRY_STORAGE_S3_REGIONshould not be populated or set in the installation.Example repository
No response
Anything else?
No response
The text was updated successfully, but these errors were encountered: