Open JSN-1 opened 1 year ago
Hi @JSN-1, Thanks for using s3gw; in order to properly understand the context, could you please describe in details the problem and what are you doing in terms of helm
installation configuration?
Hi
Thanks for a great product, it's more like a question, i like to use ingressroute instead of ingress.
I install it like this with ingress as false (removed keys)
helm upgrade --install s3gw s3gw/s3gw --namespace s3gw-system --create-namespace --set ingress.enabled=false,publicDomain=k8s.tux,ui.publicDomain=k8s.tux,serviceName=s3gw,ui.serviceName=s3gw-ui,accessKey=<access_key>,secretKey=<secret_key>,storageClass.name=longhorn
(urls have been changed to example.com in the below)
apply middleware
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
labels:
app.kubernetes.io/instance: s3gw
app.kubernetes.io/name: s3gw
app.kubernetes.io/version: latest
name: cors-header
namespace: s3gw-system
spec:
headers:
accessControlAllowHeaders:
- '*'
accessControlAllowMethods:
- DELETE
- GET
- HEAD
- POST
- PUT
- OPTIONS
accessControlAllowOriginList:
- '*'
accessControlExposeHeaders:
- '*'
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: x-forwarded-header-https
namespace: s3gw-system
spec:
headers:
customRequestHeaders:
X-Forwarded-Proto: "https"
apply certificates
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: s3gw-ingress-tls
namespace: s3gw-system
spec:
isCA: false
duration: 2160h
renewBefore: 360h
dnsNames:
- "s3gw.example.com"
- "*.s3gw.example.com"
- "s3gw-ui.example.com"
secretName: s3gw-ingress-cert
privateKey:
algorithm: RSA
encoding: PKCS8
size: 4096
usages:
- server auth
- client auth
issuerRef:
name: s3gw-s3gw-system-issuer
kind: ClusterIssuer
group: cert-manager.io
apply ingressroutes
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
cert-manager.io/cluster-issuer: s3gw-issuer
name: s3gw-no-tls
namespace: s3gw-system
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`s3gw.example.com`)
middlewares:
- name: cors-header
services:
- kind: Service
name: s3gw
passHostHeader: true
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
cert-manager.io/cluster-issuer: s3gw-issuer
name: s3gw-tls
namespace: s3gw-system
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`s3gw.example.com`) && PathPrefix(`/`)
middlewares:
- name: cors-header
- name: x-forwarded-header-https
services:
- kind: Service
name: s3gw
passHostHeader: true
port: 80
tls:
secretName: s3gw-ingress-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
cert-manager.io/cluster-issuer: s3gw-issuer
name: s3gw-any-no-tls
namespace: s3gw-system
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.s3gw.example.com`)
middlewares:
- name: cors-header
services:
- kind: Service
name: s3gw
passHostHeader: true
port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
cert-manager.io/cluster-issuer: s3gw-issuer
name: s3gw-any-tls
namespace: s3gw-system
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: HostRegexp(`{subdomain:[a-zA-Z0-9-]+}.s3gw.example.com`)
middlewares:
- name: cors-header
- name: x-forwarded-header-https
services:
- kind: Service
name: s3gw
passHostHeader: true
port: 443
tls:
secretName: s3gw-ingress-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
cert-manager.io/cluster-issuer: s3gw-issuer
name: s3gw-ui-tls
namespace: s3gw-system
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`s3gw-ui.example.com`)
middlewares:
- name: x-forwarded-header-https
- name: cors-header
services:
- kind: Service
name: s3gw-ui
passHostHeader: true
port: 80
tls:
secretName: s3gw-ingress-cert
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
cert-manager.io/cluster-issuer: s3gw-issuer
name: s3gw-ui-no-tls
namespace: s3gw-system
spec:
entryPoints:
- web
- websecure
routes:
- kind: Rule
match: Host(`s3gw-ui.example.com`)
middlewares:
- name: cors-header
services:
- kind: Service
name: s3gw-ui
passHostHeader: true
port: 80
i am unsure about why this does not work, but when i visit s3gw.example.com i get NoSuchBucket.
<Error>
<Code>NoSuchBucket</Code>
<BucketName>s3gw.example.com</BucketName>
<HostId/>
</Error>
it works fine if i use ingress, but i want to use ingressroute so i can add my own certificate.
@JSN-1 Hi, at this stage, using custom ingresses isn't possible. The team is evaluating this, and may be possible in the future. We'll let you know when this happens.
Is there anyway to use traefik ingressroutes instead of standard ingress ?
I have tried to get it to work, but i keep getting this error when i try to login.
1 req 0 0.002000000s op->ERRORHANDLER: err_no=-2027 new_err_no=-2027 "GET / HTTP/1.1" 403 104