-
Notifications
You must be signed in to change notification settings - Fork 95
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use an endpoint instead of a port for the Minio service #2848
Comments
We discussed this on an internal call today. The consensus was it we think this should be possible to change. There may be an issue with conda store supporting minio on a subpath, but we agree it can/should be fixed if not. Thanks for calling this out and I'll transfer this to an issue. |
For additional context, this issue was initially discussed in #980 (back when it was related to QHub), which contains a bit more info on why that port specifically was chosen. Conda-store does allow customization of the bucket name and addresses, as shown in the configuration file: Lines 40 to 47 in 59a65e2
Since S3 (and MinIO) do not support subpaths (in the routing sense), changing the storage endpoint to port 443 would create a conflict between the conda-store's internal endpoints and storage access. We could rename the bucket to avoid the conflict; however, we need to plan how to migrate existing data safely. I've tried some remediation in the past, but due to the internal signing of the URLs I ended encountering some problems with mismatches in the expected request bodies |
Since a standard S3 url always includes the bucket name at minimum on the path I suspect conda-store will be fine. And if the bucket name does not conflict with other API paths you can put the bucket names directly in the ingress so the minio "base" has no subpath |
This is definitely a good and important callout. One thing I've done in a similar project is to differentiate between fresh installs and upgrades. In short, upgrades would preserve the current configuration, leaving Minio on a dedicated port, while fresh installs would adopt the new approach. This buys time until a clean migration approach can be built. |
Discussed in https://github.com/orgs/nebari-dev/discussions/2845
Originally posted by mcg1969 November 11, 2024
Hey folks! I wanted to ask if there was a specific reason why the Minio service was chosen to be deployed on a dedicated port (9080) instead of somewhere on the path of the existing HTTPS port (443). In my experience, as long as the bucket name does not conflict with a path used by other applications, the ingress (e.g., Traefik) can handle routing S3 traffic just fine.
Reducing the use of custom ports will make it easier to deploy Nebari in situations where it is important to re-use an existing cluster's ingress.
The text was updated successfully, but these errors were encountered: