Skip to content

Commit b450484

Browse files
docs: remove ingress and external redis examples from README (#5)
1 parent 9d3a518 commit b450484

File tree

9 files changed

+74
-89
lines changed

9 files changed

+74
-89
lines changed

.github/workflows/cluster-test.yml

Lines changed: 5 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -80,45 +80,6 @@ jobs:
8080
EOF
8181
kubectl wait --for=condition=ready pod -l app=minio -n s3proxy --timeout=120s
8282
83-
- name: Deploy Redis
84-
run: |
85-
cat <<EOF | kubectl apply -n s3proxy -f -
86-
apiVersion: apps/v1
87-
kind: Deployment
88-
metadata:
89-
name: redis
90-
spec:
91-
replicas: 1
92-
selector:
93-
matchLabels:
94-
app: redis
95-
template:
96-
metadata:
97-
labels:
98-
app: redis
99-
spec:
100-
containers:
101-
- name: redis
102-
image: redis:7-alpine
103-
ports:
104-
- containerPort: 6379
105-
resources:
106-
limits:
107-
memory: 128Mi
108-
cpu: 100m
109-
---
110-
apiVersion: v1
111-
kind: Service
112-
metadata:
113-
name: redis
114-
spec:
115-
selector:
116-
app: redis
117-
ports:
118-
- port: 6379
119-
EOF
120-
kubectl wait --for=condition=ready pod -l app=redis -n s3proxy --timeout=120s
121-
12283
- name: Build Helm dependencies
12384
run: |
12485
helm repo add dandydeveloper https://dandydeveloper.github.io/charts
@@ -136,8 +97,11 @@ jobs:
13697
--set secrets.encryptKey="test-encryption-key-32chars!!" \
13798
--set secrets.awsAccessKeyId=minioadmin \
13899
--set secrets.awsSecretAccessKey=minioadmin \
139-
--set redis-ha.enabled=false \
140-
--set externalRedis.url="redis://redis:6379/0" \
100+
--set redis-ha.auth=true \
101+
--set redis-ha.redisPassword=testredispassword123 \
102+
--set redis-ha.persistentVolume.enabled=false \
103+
--set redis-ha.hardAntiAffinity=false \
104+
--set redis-ha.haproxy.hardAntiAffinity=false \
141105
--set replicaCount=3 \
142106
--set resources.limits.cpu=100m \
143107
--set resources.requests.cpu=50m \

.github/workflows/helm-install-test.yml

Lines changed: 16 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,13 @@ jobs:
7171
EOF
7272
kubectl wait --for=condition=ready pod -l app=minio -n s3proxy --timeout=120s
7373
74-
- name: Deploy simple Redis
74+
- name: Deploy Redis with password
7575
run: |
76+
# Create Redis password secret
77+
kubectl create secret generic redis-secret \
78+
--from-literal=redis-password=testredispassword123 \
79+
-n s3proxy
80+
7681
cat <<EOF | kubectl apply -n s3proxy -f -
7782
apiVersion: apps/v1
7883
kind: Deployment
@@ -91,6 +96,14 @@ jobs:
9196
containers:
9297
- name: redis
9398
image: redis:7-alpine
99+
command: ["redis-server"]
100+
args: ["--requirepass", "\$(REDIS_PASSWORD)"]
101+
env:
102+
- name: REDIS_PASSWORD
103+
valueFrom:
104+
secretKeyRef:
105+
name: redis-secret
106+
key: redis-password
94107
ports:
95108
- containerPort: 6379
96109
resources:
@@ -139,6 +152,8 @@ jobs:
139152
--set secrets.awsSecretAccessKey=minioadmin \
140153
--set redis-ha.enabled=false \
141154
--set externalRedis.url="redis://redis:6379/0" \
155+
--set externalRedis.existingSecret=redis-secret \
156+
--set externalRedis.passwordKey=redis-password \
142157
--set replicaCount=3 \
143158
--set resources.limits.cpu=100m \
144159
--set resources.requests.cpu=50m \

README.md

Lines changed: 0 additions & 33 deletions
Original file line numberDiff line numberDiff line change
@@ -254,39 +254,6 @@ aws s3 --endpoint-url https://s3proxy.example.com cp file.txt s3://bucket/
254254

255255
> **Recommended for internal access:** Enable both `gateway.enabled=true` and `ingress.enabled=true`. This routes traffic through the ingress controller for load balancing across pods, while providing a convenient internal DNS name (`s3-gateway.<namespace>`) without external DNS configuration.
256256
257-
#### Example: External Access with Ingress
258-
259-
```yaml
260-
# values-prod.yaml
261-
gateway:
262-
enabled: true
263-
ingress:
264-
enabled: true
265-
className: nginx
266-
hosts:
267-
- s3proxy.example.com
268-
tls:
269-
- secretName: s3proxy-tls
270-
hosts:
271-
- s3proxy.example.com
272-
```
273-
274-
```bash
275-
helm install s3proxy ./manifests -f values-prod.yaml \
276-
--set secrets.existingSecrets.enabled=true \
277-
--set secrets.existingSecrets.name=s3proxy-secrets
278-
```
279-
280-
#### Example: Using External Redis (ElastiCache, etc.)
281-
282-
```bash
283-
helm install s3proxy ./manifests \
284-
--set redis-ha.enabled=false \
285-
--set externalRedis.url="redis://my-elasticache.xxx.cache.amazonaws.com:6379/0" \
286-
--set secrets.existingSecrets.enabled=true \
287-
--set secrets.existingSecrets.name=s3proxy-secrets
288-
```
289-
290257
### Health Checks
291258

292259
The proxy exposes health endpoints for Kubernetes probes:

e2e/docker-compose.cluster.yml

Lines changed: 5 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -93,12 +93,7 @@ services:
9393
echo "✓ Ingress Controller installed"
9494
9595
echo "=== Building s3proxy image ==="
96-
# Skip if image already exists (pre-built in CI)
97-
if docker image inspect s3proxy:latest >/dev/null 2>&1; then
98-
echo "Image already exists, skipping build"
99-
else
100-
docker build -t s3proxy:latest /app
101-
fi
96+
docker build -t s3proxy:latest /app
10297
10398
echo "=== Loading image into kind ==="
10499
kind load docker-image s3proxy:latest --name s3proxy-test
@@ -164,6 +159,7 @@ services:
164159
helm upgrade --install s3proxy /app/manifests \
165160
-n s3proxy --wait --timeout 1800s \
166161
--set image.repository=s3proxy \
162+
--debug \
167163
--set image.pullPolicy=IfNotPresent \
168164
--set s3.host="http://minio:9000" \
169165
--set secrets.encryptKey="$$ENCRYPT_KEY" \
@@ -177,7 +173,9 @@ services:
177173
--set redis-ha.hardAntiAffinity=false \
178174
--set redis-ha.affinity=null \
179175
--set redis-ha.haproxy.hardAntiAffinity=false \
180-
--set redis-ha.haproxy.affinity=null
176+
--set redis-ha.haproxy.affinity=null \
177+
--set redis-ha.auth=true \
178+
--set redis-ha.redisPassword=testredispassword123
181179
182180
echo "=== Deployment Status ==="
183181
kubectl get all -n s3proxy

manifests/templates/deployment.yaml

Lines changed: 26 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,13 @@ spec:
2929
{{- if not .Values.secrets.existingSecrets.enabled }}
3030
- secretRef:
3131
name: {{ printf "%s-secrets" .Chart.Name }}
32-
{{- else }}
32+
{{- end }}
33+
{{- /* Determine if we need env section */ -}}
34+
{{- $needsEnv := or .Values.secrets.existingSecrets.enabled (and (index .Values "redis-ha" "enabled") (index .Values "redis-ha" "auth")) (and (not (index .Values "redis-ha" "enabled")) .Values.externalRedis.existingSecret) }}
35+
{{- if $needsEnv }}
3336
env:
37+
{{- /* App secrets from existing secret */ -}}
38+
{{- if .Values.secrets.existingSecrets.enabled }}
3439
- name: S3PROXY_ENCRYPT_KEY
3540
valueFrom:
3641
secretKeyRef:
@@ -46,6 +51,26 @@ spec:
4651
secretKeyRef:
4752
name: {{ .Values.secrets.existingSecrets.name }}
4853
key: {{ .Values.secrets.existingSecrets.keys.awsSecretAccessKey }}
54+
{{- end }}
55+
{{- /* Redis password from redis-ha secret */ -}}
56+
{{- if and (index .Values "redis-ha" "enabled") (index .Values "redis-ha" "auth") }}
57+
- name: S3PROXY_REDIS_PASSWORD
58+
valueFrom:
59+
secretKeyRef:
60+
{{- if index .Values "redis-ha" "existingSecret" }}
61+
name: {{ index .Values "redis-ha" "existingSecret" }}
62+
{{- else }}
63+
name: {{ .Release.Name }}-redis-ha
64+
{{- end }}
65+
key: {{ index .Values "redis-ha" "authKey" | default "auth" }}
66+
{{- /* Redis password from external Redis secret */ -}}
67+
{{- else if and (not (index .Values "redis-ha" "enabled")) .Values.externalRedis.existingSecret }}
68+
- name: S3PROXY_REDIS_PASSWORD
69+
valueFrom:
70+
secretKeyRef:
71+
name: {{ .Values.externalRedis.existingSecret }}
72+
key: {{ .Values.externalRedis.passwordKey | default "redis-password" }}
73+
{{- end }}
4974
{{- end }}
5075
resources:
5176
{{- toYaml .Values.resources | nindent 12 }}

manifests/values.yaml

Lines changed: 13 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -22,14 +22,26 @@ performance:
2222

2323
# External Redis (for managed services)
2424
externalRedis:
25-
url: ""
25+
url: "" # e.g., "redis://host:6379/0" or "redis://:password@host:6379/0"
2626
uploadTtlHours: 24
27+
# Password can be provided in one of two ways:
28+
# 1. Embedded in URL above: redis://:password@host:6379/0
29+
# 2. Via existingSecret (recommended - keeps password out of configmap)
30+
existingSecret: ""
31+
passwordKey: "redis-password"
2732

2833
# Redis HA (embedded)
2934
redis-ha:
3035
enabled: true
3136
replicas: 3
37+
# Redis authentication - when auth: true, you MUST provide one of:
38+
# existingSecret: name of a pre-existing secret (recommended for production)
39+
# redisPassword: password value (chart will create a secret)
40+
# The secret key name is configured via authKey (default: "auth")
41+
auth: false
42+
redisPassword: ""
3243
existingSecret: ""
44+
authKey: "auth"
3345

3446
persistentVolume:
3547
enabled: true
@@ -62,8 +74,6 @@ redis-ha:
6274
min-replicas-to-write: 1
6375
min-replicas-max-lag: 5
6476

65-
auth: false
66-
authKey: ""
6777
hardAntiAffinity: true
6878

6979
resources:

s3proxy/config.py

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -35,6 +35,7 @@ class Settings(BaseSettings):
3535

3636
# Redis settings (for distributed state in HA deployments)
3737
redis_url: str = Field(default="", description="Redis URL for HA mode (empty = in-memory single-instance)")
38+
redis_password: str = Field(default="", description="Redis password (optional, can also be in URL)")
3839
redis_upload_ttl_hours: int = Field(default=24, description="TTL for upload state in Redis (hours)")
3940

4041
# Logging

s3proxy/main.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,7 @@ def create_lifespan(settings: Settings) -> "AsyncIterator[None]":
112112
async def lifespan(_app: FastAPI) -> "AsyncIterator[None]":
113113
logger.info("Starting", endpoint=settings.s3_endpoint, port=settings.port)
114114
# Initialize Redis if configured (for HA), otherwise use in-memory storage
115-
await init_redis(settings.redis_url or None)
115+
await init_redis(settings.redis_url or None, settings.redis_password or None)
116116
yield
117117
# Close Redis connection if active
118118
await close_redis()

s3proxy/multipart.py

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -56,11 +56,12 @@ def json_loads(data: bytes) -> dict:
5656
_use_redis: bool = False
5757

5858

59-
async def init_redis(redis_url: str | None) -> "Redis | None":
59+
async def init_redis(redis_url: str | None, redis_password: str | None = None) -> "Redis | None":
6060
"""Initialize Redis connection pool if URL is provided.
6161
6262
Args:
6363
redis_url: Redis URL or None/empty to use in-memory storage
64+
redis_password: Optional password (overrides any password in URL)
6465
6566
Returns:
6667
Redis client if connected, None if using in-memory storage
@@ -72,7 +73,11 @@ async def init_redis(redis_url: str | None) -> "Redis | None":
7273
_use_redis = False
7374
return None
7475

75-
_redis_client = redis.from_url(redis_url, decode_responses=False)
76+
# Pass password separately if provided (overrides URL password)
77+
if redis_password:
78+
_redis_client = redis.from_url(redis_url, password=redis_password, decode_responses=False)
79+
else:
80+
_redis_client = redis.from_url(redis_url, decode_responses=False)
7681
# Test connection
7782
await _redis_client.ping()
7883
_use_redis = True

0 commit comments

Comments
 (0)