S3 Gateway enables access to an S3 storage through a unified entry point in the ELMA365 application. The unified entry point is a domain (FQDN) or IP address through which ELMA365 is accessible. The S3 Gateway allows traffic to be proxied to an S3 storage both outside and within the Kubernetes cluster.
Installation consists of four steps:
- Download the Helm chart and configuration file.
- Fill in the configuration file.
- Install the S3 Gateway chart using Helm in the Kubernetes cluster.
- Connect to S3.
Step 1: Download the Helm chart and configuration file
To install via the internet, obtain the configuration file values-s3gateway.yaml by executing the command:
helm repo add elma365 https://charts.elma365.tech
helm repo update
helm show values elma365/s3gateway > values-s3gateway.yaml
helm repo add elma365 https://charts.elma365.tech
tar -xf s3gateway-X.Y.Z.tgz |
Step 2: Fill in the configuration file
Fill in the configuration file values-s3gateway.yaml for the S3 Gateway installation.
In the ingress.hostname parameter, specify the domain (FQDN) or IP address through which the ELMA365 application is accessible. In the ingress.path parameter, specify the name of the S3 bucket in which the ELMA365 application stores files.
The format on for the name of the bucket in S3 must correspond to the s3elma365* format.
Начало примера
Example:
- s3elma365
- s3elma365-dev
- s3elma365-prod
конец примера
If the ELMA365 web interface is accessible over HTTPS:
- Specify the domain (FQDN) in the ingress.hostname parameter.
- Enable TLS support by setting the value to true in the ingress.tls parameter.
- Uncomment the parameters in the ingress.extraTls section.
- For the ingress.extraTls.hosts parameter, specify the domain (FQDN) through which the ELMA365 application is accessible.
- For the ingress.extraTls.secretName parameter, specify the name of the TLS type secret for the domain specified in ingress.extraTls.hosts.
If high availability is required, specify the desired number of replicas in the replicaCount parameter. The configuration parameter specifies the HAProxy configuration with which it will run in the Kubernetes cluster. In the backend s3_main section of the HAProxy configuration, specify the list of S3 servers to which user traffic should be redirected.
Example of proxying user traffic without SSL support to the S3 MinIO storage, installed according to the instructions in MinIO S3, using the elma365-dbs chart without SSL support in a Kubernetes cluster:
## HAProxy settings for proxying connections to the S3 Storage.
haproxy:
ingress:
enabled: true
## system's domain (FQDN) through which it is accessible
hostname: elma365-server.your_domain
## name of the bucket (in the S3 storage) for the ELMA365 application
path: /s3elma365
## enabling https
tls: false
# extraTls:
# - hosts:
# - elma365-server.your_domain
# secretName: elma365-server.your_domain-tls
## number of replicas to ensure high availability
replicaCount: 1
containerPorts:
- name: http
containerPort: 8080
## HAProxy configuration
configuration: |
global
log stdout format raw local0
maxconn 1024
defaults
log global
timeout client 60s
timeout connect 60s
timeout server 60s
frontend s3_main
bind :8080
default_backend s3_main
backend s3_main
server s3_1 minio.elma365-dbs.svc.cluster.local:80 check inter 2s
...
Example of proxying user traffic with SSL support to 4 S3 servers (MinIO) located outside the Kubernetes cluster and deployed according to the instructions in MinIO cluster with SSL support:
## HAProxy settings for proxying connections to the S3 Storage.
haproxy:
ingress:
enabled: true
## system's domain (FQDN) through which it is accessible
hostname: elma365-server.your_domain
## name of the bucket (in the S3 storage) for the ELMA365 application
path: /s3elma365
## enabling https
tls: true
extraTls:
- hosts:
- elma365-server.your_domain
secretName: elma365-server.your_domain-tls
## number of replicas to ensure high availability
replicaCount: 1
containerPorts:
- name: http
containerPort: 8080
## HAProxy configuration
configuration: |
global
log stdout format raw local0
maxconn 100000
defaults
log global
timeout client 60s
timeout connect 60s
timeout server 60s
frontend s3_main
bind :8080
default_backend s3_main
backend s3_main
balance leastconn
server s3_1 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s
server s3_2 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s
server s3_3 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s
server s3_4 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s
...
Filling in connection parameters for installation in a closed-loop without internet access
To connect to the private registry:
## HAProxy settings for proxying connections to the S3 Storage . |
Step 3: Install the S3 Gateway chart using Helm in the Kubernetes cluster
Perform the installation of the S3 Gateway chart in the s3gateway namespace.
For online installation:
helm upgrade --install s3gateway elma365/s3gateway -f values-s3gateway.yaml -n s3gateway --create-namespace
For offline installation without internet access:
helm upgrade --install s3gateway ./s3gateway -f values-s3gateway.yaml -n s3gateway --create-namespace
Step 4: Connect to S3
Parameters for connecting to S3:
address
— specifyhaproxy.image.pullSecrets
;bucket
,region, access key ID
,secret access key
,secret access key
andenable SSL
— specify values according to the parameters of the S3 storage for which proxying is configured.
начало внимание
Infrastructure preparation occurs before the installation of the ELMA365 application. If the S3-Gateway chart has been installed, don't forget to change the connection address to S3 (elma365.s3.backend.address) in the ELMA365 application settings. For more details, refer to Modify ELMA365 Enterprise parameters.
конец внимание
Found a typo? Highlight the text, press ctrl + enter and notify us