pass pre-signed URLs to slugrunners to download slugs

deis / controller

Deis Workflow Controller (API)

https://deis.com

MIT License

41 stars 53 forks source link

pass pre-signed URLs to slugrunners to download slugs #182

Open arschles opened 8 years ago

arschles commented 8 years ago

continuing the discussion from #140

since slugrunners run in app namespaces, the object storage secret is not available to them and they can't download slugs. the current strategy to fix that is to copy the secrets into the app namespace so that slugrunners can mount and use them there.

IMO, we should keep the secrets in deis, generate pre-signed URLs to get the appropriate slug, and pass those URLs to new slugrunners.

cc/ @smothiki

smothiki commented 8 years ago

Does Minio support pre signed URL's.

arschles commented 8 years ago

@smothiki I haven't tested it yet. I've been assuming yes since all of their SDKs support them.

helgi commented 8 years ago

I'm bumping this out of beta. If this is an important thing for someone here then please add it back or create a milestone for latter releases

arschles commented 8 years ago

@helgi sounds good

arschles commented 8 years ago

Note that we'll need to think about how to support scale-up operations because the pre-signed URL that was used to start the first slugrunner will likely no longer be valid when the scale is requested.