Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Remove references to setting cloud_storage_access_key and cloud_storage_secret_key in Kubernetes #799

Merged
merged 2 commits into from
Oct 11, 2024
Merged

Remove references to setting cloud_storage_access_key and cloud_storage_secret_key in Kubernetes #799

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
a8e1c2f
Fixes https://github.com/redpanda-data/documentation-private/issues/2757
JakeSCahill Oct 7, 2024
32a6592
Apply suggestions from code review
JakeSCahill Oct 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 105 additions & 31 deletions modules/manage/partials/remote-read-replicas.adoc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
include::shared:partial$enterprise-license.adoc[]
====


ifdef::env-kubernetes[]
:tiered-storage-link: manage:kubernetes/storage/tiered-storage/k-tiered-storage.adoc
:data-archiving-link: manage:kubernetes/storage/tiered-storage/k-tiered-storage.adoc#data-archiving
Expand Down Expand Up @@ -111,6 +112,9 @@ Amazon S3::

You can configure access to Amazon S3 with either an IAM role attached to the instance or with access keys.

[discrete]
=== Use IAM roles

To configure access to an S3 bucket with an IAM role:

. Configure an xref:manage:security/iam-roles.adoc#configuring-iam-roles[IAM role] with read permissions for the S3 bucket.
Expand Down Expand Up @@ -152,14 +156,33 @@ Replace the following placeholders:
+
- `<region>`: The region of your S3 bucket.

[discrete]
=== Use access keys

To configure access to an S3 bucket with access keys instead of an IAM role:

. Grant a user the following permissions to read objects on the bucket to be used with the cluster (or on all buckets):
+
- `GetObject`
- `ListBucket`

. Copy the access key and secret key for the `cloud_storage_access_key` and `cloud_storage_secret_key` cluster properties.
. Create a Secret in which to store the access key and secret key.
+
[source,yaml]
----
apiVersion: v1
kind: Secret
metadata:
name: storage-secrets
namespace: <namespace>
type: Opaque
data:
access-key: <base64-encoded-access-key>
secret-key: <base64-encoded-secret-key>
----
+
- Replace `<base64-encoded-access-key>` with your base64-encoded access key.
- Replace `<base64-encoded-secret-key>` with your base64-encoded secret key.
. Override the following required cluster properties in the Helm chart:
+
[tabs]
Expand All @@ -171,11 +194,16 @@ To configure access to an S3 bucket with access keys instead of an IAM role:
----
storage:
tiered:
credentialsSecretRef:
accessKey:
name: storage-secrets
key: access-key
secretKey:
name: storage-secrets
key: secret-key
config:
cloud_storage_enabled: true
cloud_storage_credentials_source: config_file
cloud_storage_access_key: <access-key>
cloud_storage_secret_key: <secret-key>
cloud_storage_region: <region>
cloud_storage_bucket: "none"
----
Expand All @@ -189,19 +217,17 @@ helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --crea
```bash
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
--set storage.tiered.config.cloud_storage_enabled=true \
--set storage.tiered.credentialsSecretRef.accessKey.name=storage-secrets \
--set storage.tiered.credentialsSecretRef.accessKey.key=access-key \
--set storage.tiered.credentialsSecretRef.secretKey.name=storage-secrets \
--set storage.tiered.credentialsSecretRef.secretKey.key=secret-key \
--set storage.tiered.config.cloud_storage_credentials_source=config_file \
--set storage.tiered.config.cloud_storage_access_key=<access-key> \
--set storage.tiered.config.cloud_storage_secret_key=<secret-key> \
--set storage.tiered.config.cloud_storage_region=<region> \
--set storage.tiered.config.cloud_storage_bucket="none"
```
====
+
Replace the following placeholders:
+
- `<access-key>`: The access key for your S3 bucket.
- `<secret-key>`: The secret key for your S3 bucket.
- `<region>`: The region of your S3 bucket.
Replace `<region>` with the region of your S3 bucket.

--
Google Cloud Storage::
Expand All @@ -210,8 +236,11 @@ Google Cloud Storage::

You can configure access to Google Cloud Storage with either an IAM role attached to the instance or with access keys.

- To configure access to Google Cloud Storage with an IAM role, override the following required cluster properties in the Helm chart:
+
[discrete]
=== Use IAM roles

To configure access to Google Cloud Storage with an IAM role, override the following required cluster properties in the Helm chart:

[tabs]
====
--values::
Expand Down Expand Up @@ -242,10 +271,33 @@ helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --crea
--set storage.tiered.config.cloud_storage_bucket="none"
```
====
+

Replace `<region>` with the region of your bucket.

- To configure access to Google Cloud Storage with access keys instead of an IAM role, override the following required cluster properties in the Helm chart:
[discrete]
=== Use access keys

To configure access to Google Cloud Storage with access keys instead of an IAM role:

. Create a Secret in which to store the access key and secret key.
+
[source,yaml]
----
apiVersion: v1
kind: Secret
metadata:
name: storage-secrets
namespace: <namespace>
type: Opaque
data:
access-key: <base64-encoded-access-key>
secret-key: <base64-encoded-secret-key>
----
+
- Replace `<base64-encoded-access-key>` with your base64-encoded access key.
- Replace `<base64-encoded-secret-key>` with your base64-encoded secret key.

. Override the following required cluster properties in the Helm chart:
+
[tabs]
====
Expand All @@ -256,12 +308,17 @@ Replace `<region>` with the region of your bucket.
----
storage:
tiered:
credentialsSecretRef:
accessKey:
name: storage-secrets
key: access-key
secretKey:
name: storage-secrets
key: secret-key
config:
cloud_storage_enabled: true
cloud_storage_credentials_source: config_file
cloud_storage_api_endpoint: storage.googleapis.com
cloud_storage_access_key: <access-key>
cloud_storage_secret_key: <secret-key>
cloud_storage_region: <region>
cloud_storage_bucket: "none"
----
Expand All @@ -275,30 +332,44 @@ helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --crea
```bash
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
--set storage.tiered.config.cloud_storage_enabled=true \
--set storage.tiered.credentialsSecretRef.accessKey.name=storage-secrets \
--set storage.tiered.credentialsSecretRef.accessKey.key=access-key \
--set storage.tiered.credentialsSecretRef.secretKey.name=storage-secrets \
--set storage.tiered.credentialsSecretRef.secretKey.key=secret-key \
--set storage.tiered.config.cloud_storage_credentials_source=config_file \
--set storage.tiered.config.cloud_storage_api_endpoint=storage.googleapis.com \
--set storage.tiered.config.cloud_storage_access_key=<access-key> \
--set storage.tiered.config.cloud_storage_secret_key=<secret-key> \
--set storage.tiered.config.cloud_storage_region=<region> \
--set storage.tiered.config.cloud_storage_bucket="none"
```
====
+
Replace the following placeholders:
+
- `<access-key>`: The access key for your bucket.
- `<secret-key>`: The secret key for your bucket.
- `<region>`: The region of your bucket.
Replace `<region>` with the region of your bucket.

--
Azure Blob Storage::
+
--

To configure access to Azure Blob Storage, override the following required cluster properties in the Helm chart:
To configure access to Azure Blob Storage:

Replace the following placeholders:
. Create a Secret in which to store the access key.
+
[source,yaml]
----
apiVersion: v1
kind: Secret
metadata:
name: storage-secrets
namespace: <namespace>
type: Opaque
data:
access-key: <base64-encoded-access-key>
----
+
- Replace `<base64-encoded-access-key>` with your base64-encoded access key.

. Override the following required cluster properties in the Helm chart:
+
[tabs]
====
--values::
Expand All @@ -308,9 +379,13 @@ Replace the following placeholders:
----
storage:
tiered:
credentialsSecretRef:
secretKey:
configurationKey: cloud_storage_azure_shared_key
name: storage-secrets
key: access-key
config:
cloud_storage_enabled: true
cloud_storage_azure_shared_key: <access_key>
cloud_storage_azure_storage_account: <account-name>
cloud_storage_azure_container: "none"
----
Expand All @@ -324,16 +399,15 @@ helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --crea
```bash
helm upgrade --install redpanda redpanda/redpanda --namespace <namespace> --create-namespace \
--set storage.tiered.config.cloud_storage_enabled=true \
--set storage.tiered.config.cloud_storage_azure_shared_key=<access_key> \
--set storage.tiered.credentialsSecretRef.secretKey.configurationKey=cloud_storage_azure_shared_key \
--set storage.tiered.credentialsSecretRef.secretKey.name=storage-secrets \
--set storage.tiered.credentialsSecretRef.secretKey.key=access-key \
--set storage.tiered.config.cloud_storage_azure_storage_account=<account-name> \
--set storage.tiered.config.cloud_storage_azure_container="none"
```
====

Replace the following placeholders:

- `<access-key>`: The access key for your Azure account.
- `<account-name>`: The name of your Azure account.
Replace `<account-name>` with the name of your Azure account.
--
======
endif::[]
Expand Down
Loading