Skip to content

S3 service controller #204

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tabern opened this issue Aug 18, 2020 · 12 comments
Closed

S3 service controller #204

tabern opened this issue Aug 18, 2020 · 12 comments
Labels
kind/new-service Categorizes issue or PR as related to a new service. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.

Comments

@tabern
Copy link
Contributor

tabern commented Aug 18, 2020
edited by jaypipes
Loading

New ACK service controller

Support for Amazon S3.

List of API resources

List the API resources in order of importance to you:
@tabern tabern added the S3 label Aug 18, 2020
@tabern tabern added this to the Tier 0 Dev Preview milestone Aug 18, 2020
@tabern tabern added the kind/new-service Categorizes issue or PR as related to a new service. label Aug 18, 2020
jaypipes added a commit to jaypipes/aws-controllers-k8s that referenced this issue Aug 19, 2020
@jaypipes
checking in S3 service controller
bd01fa1 
Generated code for the S3 service controller.

Issue aws-controllers-k8s#204
@jaypipes jaypipes mentioned this issue Aug 19, 2020
Merged
kumargauravsharma pushed a commit to kumargauravsharma/ack-community that referenced this issue Aug 19, 2020
@jaypipes
checking in S3 service controller
809e1c6 
Generated code for the S3 service controller.

Issue aws-controllers-k8s#204
vijtrip2 pushed a commit to vijtrip2/community that referenced this issue Aug 21, 2020
@jaypipes @vijtrip2
checking in S3 service controller
b091331 
Generated code for the S3 service controller.

Issue aws-controllers-k8s#204
@jaypipes jaypipes modified the milestones: Phase 0 Dev Preview, S3 beta Nov 10, 2020
@jaypipes jaypipes reopened this Nov 10, 2020
@kibblerz
Copy link

I understand that this is still a development preview, do you think this is stable enough to use in production? I'm just looking for the ability to provision new buckets and manage their permissions with deployments.

Also are there any examples of a yaml chart for provisioning buckets that I can go off of?

@jaypipes
Copy link
Collaborator

jaypipes commented Mar 2, 2021

I understand that this is still a development preview, do you think this is stable enough to use in production? I'm just looking for the ability to provision new buckets and manage their permissions with deployments.

@kibblerz unfortunately, this controller is not yet ready for production use. the update code paths are still not implemented (hopefully soon, though)

Also are there any examples of a yaml chart for provisioning buckets that I can go off of?

We're working on that, too. :)

For now, you can check out the schema for the Bucket CRD:

https://github.com/aws-controllers-k8s/s3-controller/blob/main/config/crd/bases/s3.services.k8s.aws_buckets.yaml

@FelixRodriguezJara
Copy link

Hello!

We are willing to use the s3-controller for one of our customers. We have implemented a POC and it is looking good, however, we have found some limitations, as it is right now, in regards to the ability to create the bucket including tagging, KMS encryption, versioning, lifecycle policy and logs enable/disable settings.

Looking at the code generator, the CRD specs and status are generated looking at the api model (https://github.com/aws/aws-sdk-go/blob/master/models/apis/s3/2006-03-01/api-2.json). Would it be possible to extend the existing output from code generator to include the call to this or other functions that would allow us to set these properties at bucket creation time? If so, what would be the scope of the necessary changes? Are there any reasons why these options are not part of the current Bucket Create operation?

Thank you very much.

Kind regards.

@jaypipes
Copy link
Collaborator

jaypipes commented Mar 9, 2021

Hello!

Hello @FelixRodriguezJara! :)

We are willing to use the s3-controller for one of our customers. We have implemented a POC and it is looking good, however, we have found some limitations, as it is right now, in regards to the ability to create the bucket including tagging, KMS encryption, versioning, lifecycle policy and logs enable/disable settings.

Right, yes only a subset of fields are settable via the S3 CreateBucket API unfortunately, as you wrote below.

Looking at the code generator, the CRD specs and status are generated looking at the api model (https://github.com/aws/aws-sdk-go/blob/master/models/apis/s3/2006-03-01/api-2.json). Would it be possible to extend the existing output from code generator to include the call to this or other functions that would allow us to set these properties at bucket creation time?

Yes, but it will, for the immediate future at least, require keeping custom code in the controller. I'm currently working on this here:

https://github.com/jaypipes/ack-s3-controller/tree/update-code-paths

Hoping to get back to this branch this week...

If so, what would be the scope of the necessary changes? Are there any reasons why these options are not part of the current Bucket Create operation?

Heh, you'd have to ask the S3 team why those options are not part of the current CreateBucket operation :) Unfortunately, I have no idea. All I know is that there are 19 separate S3 API calls in the update code path, one for each group of related attributes to the bucket. See here for more details:

jaypipes/ack-s3-controller@b0bfb27

@jaypipes jaypipes removed this from the S3, ECR and DynamoDB beta milestone Jul 22, 2021
@RedbackThomson
Copy link
Contributor

Hey @FelixRodriguezJara . I know it's been a long time since the last update, but wanted to give you some news. The following fields can now be set on Bucket:

  • Accelerate
  • CORS
  • Encryption
  • Logging
  • OwnershipControls
  • Policy
  • RequestPayment
  • Tagging
  • Versioning
  • Website

There are a number of fields which our code-generator currently cannot support, since they have a many-to-one relationship with Bucket, which we are tracking in this issue: #914

@FelixRodriguezJara
Copy link

Hi @RedbackThomson !

Thank you very much for the update, I really appreciate it. We are going to take a look at the new features to see if they match our current requirements in order to put the updated version of the controller to work.

Thank you!

@FelixRodriguezJara
Copy link

A couple of questions @RedbackThomson:

  • We have a requirement about setting into which account the bucket will be created by the controller, in previous version, the AWS Account was set up at controller level, is it the same case of the new version?
  • On the other hand, have you released any official docker image we can use for testing purposes or we have to build our own?

Thank you very much.

@RedbackThomson
Copy link
Contributor

RedbackThomson commented Aug 24, 2021
edited
Loading 

* We have a requirement about setting into which account the bucket will be created by the controller, in previous version, the AWS Account was set up at controller level, is it the same case of the new version?

By default, the controller assumes a role in a single account and creates all resources in that account (for a defined region). However, we also offer cross account resource management, which uses annotations bound to namespaces to determine which account to create the resources - https://aws-controllers-k8s.github.io/community/user-docs/authorization/#cross-account-resource-management

* On the other hand, have you released any official docker image we can use for testing purposes or we have to build our own?

We don't have any releases for S3, yet. Mostly because Bucket was in a very early state, and we didn't believe it was worth deploying until it provided a lot more configuration. However I will look into releasing a version now that we have all of these new attributes.

Edit: Just pushed through the latest version to v0.0.3. Check out the installation documentation to learn how to pull and install this version.

@ack-bot
Copy link
Collaborator

ack-bot commented Nov 22, 2021

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
If this issue is safe to close now please do so with /close.
Provide feedback via https://github.com/aws-controllers-k8s/community.
/lifecycle stale

@ack-bot ack-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 22, 2021
@vijtrip2
Copy link
Contributor

/lifecycle frozen

@ack-bot ack-bot added lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Nov 23, 2021
@mikestef9
Copy link

Closing as this service controller has graduated to GA. Separate issues can be opened to discuss specific follow on topics on the controller.

@a-hilaly a-hilaly moved this to Generally Available in Service Controller Release Roadmap Aug 14, 2024
@gswallow
Copy link

gswallow commented Sep 9, 2024

Closing as this service controller has graduated to GA. Separate issues can be opened to discuss specific follow on topics on the controller.

So where's the documentation? Am I missing something?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/new-service Categorizes issue or PR as related to a new service. lifecycle/frozen Indicates that an issue or PR should not be auto-closed due to staleness.
Projects
Service Controller Release Roadmap
Status: Generally Available
Milestone
No milestone
Development

No branches or pull requests
10 participants
@mhausenblas @jaypipes @RedbackThomson @mikestef9 @gswallow @kibblerz @tabern @FelixRodriguezJara @vijtrip2 @ack-bot