community icon indicating copy to clipboard operation
community copied to clipboard

Published 20 hours ago verified publisher icon aws-controllers-k8s

S3 service controller

Open tabern opened this issue 5 years ago • 10 comments

New ACK service controller

Support for Amazon S3.

List of API resources

List the API resources in order of importance to you:

tabern avatar Aug 18 '20 16:08 tabern

I understand that this is still a development preview, do you think this is stable enough to use in production? I'm just looking for the ability to provision new buckets and manage their permissions with deployments.

Also are there any examples of a yaml chart for provisioning buckets that I can go off of?

kibblerz avatar Feb 25 '21 21:02 kibblerz

I understand that this is still a development preview, do you think this is stable enough to use in production? I'm just looking for the ability to provision new buckets and manage their permissions with deployments.

@kibblerz unfortunately, this controller is not yet ready for production use. the update code paths are still not implemented (hopefully soon, though)

Also are there any examples of a yaml chart for provisioning buckets that I can go off of?

We're working on that, too. :)

For now, you can check out the schema for the Bucket CRD:

https://github.com/aws-controllers-k8s/s3-controller/blob/main/config/crd/bases/s3.services.k8s.aws_buckets.yaml

jaypipes avatar Mar 02 '21 18:03 jaypipes

Hello!

We are willing to use the s3-controller for one of our customers. We have implemented a POC and it is looking good, however, we have found some limitations, as it is right now, in regards to the ability to create the bucket including tagging, KMS encryption, versioning, lifecycle policy and logs enable/disable settings.

Looking at the code generator, the CRD specs and status are generated looking at the api model (https://github.com/aws/aws-sdk-go/blob/master/models/apis/s3/2006-03-01/api-2.json). Would it be possible to extend the existing output from code generator to include the call to this or other functions that would allow us to set these properties at bucket creation time? If so, what would be the scope of the necessary changes? Are there any reasons why these options are not part of the current Bucket Create operation?

Thank you very much.

Kind regards.

FelixRodriguezJara avatar Mar 08 '21 16:03 FelixRodriguezJara

Hello!

Hello @FelixRodriguezJara! :)

We are willing to use the s3-controller for one of our customers. We have implemented a POC and it is looking good, however, we have found some limitations, as it is right now, in regards to the ability to create the bucket including tagging, KMS encryption, versioning, lifecycle policy and logs enable/disable settings.

Right, yes only a subset of fields are settable via the S3 CreateBucket API unfortunately, as you wrote below.

Looking at the code generator, the CRD specs and status are generated looking at the api model (https://github.com/aws/aws-sdk-go/blob/master/models/apis/s3/2006-03-01/api-2.json). Would it be possible to extend the existing output from code generator to include the call to this or other functions that would allow us to set these properties at bucket creation time?

Yes, but it will, for the immediate future at least, require keeping custom code in the controller. I'm currently working on this here:

https://github.com/jaypipes/ack-s3-controller/tree/update-code-paths

Hoping to get back to this branch this week...

If so, what would be the scope of the necessary changes? Are there any reasons why these options are not part of the current Bucket Create operation?

Heh, you'd have to ask the S3 team why those options are not part of the current CreateBucket operation :) Unfortunately, I have no idea. All I know is that there are 19 separate S3 API calls in the update code path, one for each group of related attributes to the bucket. See here for more details:

https://github.com/jaypipes/ack-s3-controller/commit/b0bfb279a1da914a468ecca057663ec29059b3a7

jaypipes avatar Mar 09 '21 00:03 jaypipes

Hey @FelixRodriguezJara . I know it's been a long time since the last update, but wanted to give you some news. The following fields can now be set on Bucket:

  • Accelerate
  • CORS
  • Encryption
  • Logging
  • OwnershipControls
  • Policy
  • RequestPayment
  • Tagging
  • Versioning
  • Website

There are a number of fields which our code-generator currently cannot support, since they have a many-to-one relationship with Bucket, which we are tracking in this issue: https://github.com/aws-controllers-k8s/community/issues/914

RedbackThomson avatar Aug 23 '21 21:08 RedbackThomson

Hi @RedbackThomson !

Thank you very much for the update, I really appreciate it. We are going to take a look at the new features to see if they match our current requirements in order to put the updated version of the controller to work.

Thank you!

FelixRodriguezJara avatar Aug 24 '21 08:08 FelixRodriguezJara

A couple of questions @RedbackThomson:

  • We have a requirement about setting into which account the bucket will be created by the controller, in previous version, the AWS Account was set up at controller level, is it the same case of the new version?
  • On the other hand, have you released any official docker image we can use for testing purposes or we have to build our own?

Thank you very much.

FelixRodriguezJara avatar Aug 24 '21 11:08 FelixRodriguezJara 

* We have a requirement about setting into which account the bucket will be created by the controller, in previous version, the AWS Account was set up at controller level, is it the same case of the new version?

By default, the controller assumes a role in a single account and creates all resources in that account (for a defined region). However, we also offer cross account resource management, which uses annotations bound to namespaces to determine which account to create the resources - https://aws-controllers-k8s.github.io/community/user-docs/authorization/#cross-account-resource-management

* On the other hand, have you released any official docker image we can use for testing purposes or we have to build our own?

We don't have any releases for S3, yet. Mostly because Bucket was in a very early state, and we didn't believe it was worth deploying until it provided a lot more configuration. However I will look into releasing a version now that we have all of these new attributes.

Edit: Just pushed through the latest version to v0.0.3. Check out the installation documentation to learn how to pull and install this version.

RedbackThomson avatar Aug 24 '21 18:08 RedbackThomson

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://github.com/aws-controllers-k8s/community. /lifecycle stale

ack-bot avatar Nov 22 '21 23:11 ack-bot

/lifecycle frozen

vijtrip2 avatar Nov 23 '21 01:11 vijtrip2

Closing as this service controller has graduated to GA. Separate issues can be opened to discuss specific follow on topics on the controller.

mikestef9 avatar Dec 06 '22 01:12 mikestef9