Comments (4)
So note/hint for anyone else running on this, in order to achieve this properly on a private bucket, I had to...
- Create a bucket policy which allowed the other accounts to use this bucket
- Ensure your bucket does not have encryption required/automatically and do not upload files with encryption (was too painful to get working multi-account)
- Since the
s3 push
plugin does not support --grants I have to upload with--acl bucket-owner-full-control
- Then I had to use a bit of a trick to copy in-place to add multi-account access via --grants per-file with the following command.
aws s3 cp --recursive s3://s3-reponame-here/helm-charts/ s3://s3-reponame-here/helm-charts/ --grants full=id=redacted_account_canonical_id_here full=id=redacted_account_2_canonical_id_here full=id=redacted_account_3_canonical_id_here --metadata '{"x-last-updated-at":"`date +%s`"}'
^ Note you may not want all your accounts to have full access as I do above, use "read" instead where relevant
from helm-s3.
We are also seeing those problems. Once we have set a ACL to helm s3 push we get access denied when we try to publish new charts (upload chart to s3: upload object to s3: AccessDenied: Access Denied)
from helm-s3.
Possibly related to #75
We noticed the same thing opening up cross-account access via bucket policy. I was looking at https://stackoverflow.com/questions/43722678/amazon-s3-file-permissions-access-denied-when-copied-from-another-account to troubleshoot and using the command:
aws s3 cp s3://helm-chart-bucket/ s3://helm-chart-bucket/ --recursive --acl bucket-owner-full-control
I was able to see a list of files that I did not have access to from the owner account. I purged those files and reindexed with helm s3 reindex repo_name
. Note that this included an updated index.yaml
and other, new chart revisions pushed by the secondary account.
We are in process of testing the solution, but I think this can be fixed by adding to the helm s3 push
command, --acl bucket-owner-full-control
flag to keep permissions tied to the bucket owner.
from helm-s3.
Thanks @AndrewFarley this worked great.
from helm-s3.
Related Issues (20)
- Plugin cannot connect, dispite AWS CLI connecting without issue HOT 1
- helm s3 push fails with an error HOT 4
- Wrong sort order for pre-releases above 9
- Helm s3 plugin cannot pull public s3 charts anymore HOT 1
- add/replace chart in the index: Invalid Semantic Version HOT 1
- Version number with `+` gets double URL escaped when using relative URLs
- Vulnerability found in helm-s3 v0.14.0 HOT 1
- Error installing last plugin version on windows HOT 1
- CVEs found in helm-s3 v0.14.0 HOT 1
- fork/exec /home/ubuntu/.helm/plugins/helm-s3.git/bin/helm-s3 download: no such file or directory HOT 3
- reindex does not report which chart throws an error HOT 1
- Unable to install helm-s3 plugin through Github runner HOT 1
- Error when install: env: can't execute 'bash': No such file or directory HOT 5
- helm s3 init failure with version 0.15.0 HOT 3
- repository.yaml not found if permissions on $KUBECONFIG are bad HOT 3
- Reindex is too slow in repos with thousands of charts HOT 3
- No results found HOT 3
- Vulnerability in helm v3.13.2 HOT 2
- Failed to load chart file HOT 1
- New release for CVE-2024-24790 HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from helm-s3.