Files
help365/platform/proxy-s3-kubernetes.html
2025-05-27 21:32:35 +04:00

397 lines
41 KiB
HTML
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE html>
<html lang="en">
<head>
<title>S3 proxying in Kubernetes via S3-Gateway</title>
<meta name="generator" content="Help+Manual" />
<meta name="keywords" content="" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="Proxying traffic to S3&nbsp;storage is one of the steps for preparing the BRIX infrastructure. The S3Gateway tool can be used for this purpose.&nbsp;" />
<meta name="picture" content="" />
<meta property="og:type" content="website" />
<meta property="og:title" content="Full documentation for BRIX365 platform. Low-code developer guide. User guide. Admin guide. Developer guide." />
<meta property="og:url" content="https://brix365.com/en/help" />
<meta property="og:image" content="" />
<link rel="icon" href="favicon.png" type="image/png" />
<link href="https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700&display=swap" rel="stylesheet" />
<link rel="stylesheet" href="./jquery-ui.min.css" />
<link rel="stylesheet" href="default.css" />
<link rel="stylesheet" href="./search-yandex.css" />
<link rel="stylesheet" href="./article.css" />
<link rel="stylesheet" href="./glossary.css" />
<link rel="stylesheet" href="./theme.css" />
<script type="text/javascript" src="jquery.js"></script>
<script type="text/javascript" src="helpman_settings.js"></script>
<script type="text/javascript" src="helpman_topicinit.js"></script>
<script type="text/javascript" src="highlight.js"></script>
<script type="text/javascript">
$(document).ready(function(){highlight();});
</script>
</head>
<body>
<script>!function(e,t,c,n,r,a,m){e.ym=e.ym||function(){(e.ym.a=e.ym.a||[]).push(arguments)},e.ym.l=1*new Date;for(var s=0;s<document.scripts.length;s++)if(document.scripts[s].src===n)return;a=t.createElement(c),m=t.getElementsByTagName(c)[0],a.async=1,a.src=n,m.parentNode.insertBefore(a,m)}(window,document,"script","https://mc.yandex.ru/metrika/tag.js"),ym(83179930,"init",{clickmap:!0,trackLinks:!0,accurateTrackBounce:!0,webvisor:!0})</script><noscript><div><img alt=""src=https://mc.yandex.ru/watch/83179930 style=position:absolute;left:-9999px></div></noscript>
<header class="header elma-365">
<div class="container">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-en.svg" alt="header logo">
</a>
<!-- <div class="hero__search-form" id="search-panel">
<form class="search-form" onsubmit="ym(83180416,'reachGoal','poisk')">
<label class="search-form__label">
<span id="reset-search" class="search__icon"></span>
<input class="search-form__input" type="text">
</label>
<input class="search-form__submit" type="submit" value="Submit">
</form>
</div> -->
<div class="hero__search-form" id="search-panel"> <form class="search-form"> <label class="search-form__label"> <span id="reset-search" class="search__icon"></span> <input class="search-form__input" type="text"> </label> <input class="search-form__submit" type="submit" value="Submit"> </form> </div>
<div class="hero__search">
<a href="#" id="search-icon" class="hero__search-icon">
<img src="search-icon-white.svg" alt="search string">
</a>
<a href="#" id="side-menu-icon" class="hero__side-icon">
<img src="side_menu.svg" alt="side menu">
</a>
</div>
<div class="header__navi">
<ul class="header__list"><li><span class="solution-select"><span class="solution-select__selected"></span><svg width="7" height="4" viewBox="0 0 7 4" fill="none" xmlns="http://www.w3.org/2000/svg"><path d="M1 1L3.5 3.5L6 1" stroke="white" stroke-linecap="round" stroke-linejoin="round"/></svg><ul class="solution-select__list"><li><a class="project-link" href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a class="project-link" href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a class="project-link" href="https://brix365.com/en/help/crm/crm_overview.html">CRM</a></li><li><a class="project-link" href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a class="project-link" href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li><li><a class="project-link" href="https://brix365.com/en/help/business_solutions/-elma365-store.html">Business Solutions</a></li></ul></span></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li><li><a href="https://tssdk.brix365.com/" target="_blank">SDK</a></li></ul>
</div>
</div>
</header>
<main class="main container">
<aside class="sidebar" id="sidebar">
<div class="sidebar__header">
<a class="header__logo" href="https://brix365.com/en/help">
<img src="./logo-light-en.svg">
</a>
<span class="sidebar__close elma-365-close" id="close"></span>
</div>
<div class="sidebar__wrapper" id="side-menu">
</div>
</aside>
<article class="article" id="article">
<div class="article-inner">
<div class="content">
<header class="article__header">
<div class="article__bread" style="display:flex; gap:10px;">
<span id="subcategory" class="search-res__item-category search-res__item-category_subcategory subcategory article__badge"></span>
<div class="topic__breadcrumbs">
<p><a href="elma365-on-premises.html">BRIX On-Premises</a> &gt; <a href="infrastructure-preparation.html">Prepare infrastructure</a> &gt; Load balancer / S3 proxying in Kubernetes via S3-Gateway</p>
</div>
</div>
<div class="topic__title"><h1 class="p_Heading1"><span class="f_Heading1">S3 proxying in Kubernetes via S3-Gateway</span></h1>
</div>
</header>
<section class="article__content">
<div class="scroll-top-inner">
<a href="#h1-article" class="scroll-top"></a>
</div>
<!-- Placeholder for topic body. -->
<p class="p_Normal">Proxying traffic to S3 storage is one of the steps for preparing the BRIX infrastructure. The S3Gateway tool can be used for this purpose. </p>
<p class="p_Normal">It provides access to the S3 storage deployed inside or outside the Kubernetes cluster via a single entry point — domain (FQDN) or IP address for BRIX.</p>
<p class="p_Normal">S3-Gateway installation consists of four steps:</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal"><a href="proxy-s3-kubernetes.html#download-helm-chart-and-config-file" class="topiclink">Download the Helm chart and configuration file</a>.</li><li value="2" class="p_Normal"><a href="proxy-s3-kubernetes.html#fill-config-file" class="topiclink">Fill in the configuration file</a>.</li><li value="3" class="p_Normal"><a href="proxy-s3-kubernetes.html#set-chart-s3-gateway" class="topiclink">Install the S3 Gateway chart using Helm in the Kubernetes cluster</a>.</li><li value="4" class="p_Normal"><a href="proxy-s3-kubernetes.html#s3-connect" class="topiclink">Connect to S3</a>.</li></ol>
<h2 class="p_Heading2"><a id="download-helm-chart-and-config-file" class="hmanchor"></a><span class="f_Heading2">Step 1: Download the Helm chart and configuration file</span></h2>
<p class="p_Normal">To install via the internet, obtain the <code><b>values-s3gateway.yaml</b></code> configuration file by executing the following command:</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;repo&nbsp;add&nbsp;elma365&nbsp;</span><span class="f_CodeExample">https://charts.elma365.tech</span><br />
<span class="f_CodeExample">helm&nbsp;repo&nbsp;update</span><br />
<span class="f_CodeExample">helm&nbsp;show&nbsp;values&nbsp;elma365/s3gateway&nbsp;&gt;&nbsp;values-s3gateway.yaml</span></p>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A1')">Obtaining the configuration file for installation in a closed-loop environment without internet access</a></p>
<div id="TOGGLE0186A1" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><ol style="list-style-type:decimal">
<li value="1" class="p_Normal">On a computer with internet access, download the archive of the latest version of the S3 Gateway chart from the elma365 repository:</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">helm&nbsp;repo&nbsp;add&nbsp;elma365&nbsp;</span><span class="f_CodeExample">https://charts.elma365.tech</span><br />
<span class="f_CodeExample">helm&nbsp;repo&nbsp;update</span><br />
<span class="f_CodeExample">helm&nbsp;pull&nbsp;elma365/s3gateway</span></p>
<ol style="list-style-type:decimal" start="2">
<li value="2" class="p_Normal">Copy the obtained <span style="font-weight: bold;">s3gateway-X.Y.Z.tgz</span> chart archive to the server where the installation will take place.</li></ol>
<ol style="list-style-type:decimal" start="3">
<li value="3" class="p_Normal">Unpack the <span style="font-weight: bold;">s3gateway-X.Y.Z.tgz</span> chart on the installation server, and copy the <code><b>values.yaml</b></code> default configuration file to <code><b>values-s3gateway.yaml</b></code>: </li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">tar&nbsp;-xf&nbsp;s3gateway-X.Y.Z.tgz</span><br />
<span class="f_CodeExample">cp&nbsp;s3gateway/values.yaml&nbsp;values-s3gateway.yaml</span></p>
</td>
</tr>
</table>
</div>
<h2 class="p_Heading2"><a id="fill-config-file" class="hmanchor"></a><span class="f_Heading2">Step 2: Fill in the configuration file</span></h2>
<p class="p_Normal">Fill in the configuration file <code><b>values-s3gateway.yaml</b></code><span style="font-weight: bold;"> </span>for the S3 Gateway installation:</p>
<ol style="list-style-type:upper-roman">
<li value="1" class="p_Normal">In the <code><b>ingress.hostname</b></code> parameter, specify the domain (FQDN) or IP address through which the BRIX application is accessible. </li><li value="2" class="p_Normal">In the <code><b>ingress.path</b></code> parameter, specify the name of the S3 bucket in which the BRIX application stores files.<br />
The name of the bucket in S3 must correspond to the <span style="font-weight: bold;">s3elma365 </span>format.</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">Начало&nbsp;примера</span></p>
<p class="p_Normal">Example</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal">s3elma365.</li><li value="2" class="p_Normal">s3elma365-dev.</li><li value="3" class="p_Normal">s3elma365-prod.</li></ol>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">конец&nbsp;примера</span></p>
<ol style="list-style-type:upper-roman" start="3">
<li value="3" class="p_Normal">The following changes should be made to the configuration file if the BRIX application webinterface is accessible via HTTPS:</li></ol>
<ul style="list-style-type:disc">
<li class="p_Normal">Specify the domain (FQDN) in the <code><b>ingress.hostname</b></code> parameter.</li><li class="p_Normal">Enable TLS support by setting the value to <code><b>true</b></code> in the <code><b>ingress.tls</b></code> parameter.</li><li class="p_Normal">Uncomment the parameters in the <code><b>ingress.extraTls</b></code> section.</li><li class="p_Normal">For the <code><b>ingress.extraTls.hosts</b></code> parameter, specify the domain (FQDN) through which the BRIX application is accessible.</li><li class="p_Normal">For the <code><b>ingress.extraTls.secretName</b></code> parameter, specify the name of the TLS type secret for the domain specified in <code><b>ingress.extraTls.hosts</b></code>.</li></ul>
<ol style="list-style-type:upper-roman" start="4">
<li value="4" class="p_Normal">If high availability is required, specify the desired number of replicas in the <code><b>replicaCount</b></code> parameter.</li><li value="5" class="p_Normal">The <code><b>configuration</b></code> parameter specifies the HAProxy configuration with which it will run in the Kubernetes cluster. In the <code><b>backend s3_main</b></code> section of the HAProxy configuration, specify the list of S3 servers to which user traffic should be redirected.</li></ol>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A2')">How to proxy the user traffic in the S3 MinIO storage using the elma365 dbs chart without SSL support in the Kubernetes cluster</a></p>
<div id="TOGGLE0186A2" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal">&nbsp;<br />
In this example, the S3 storage is installed according to the instruction in the <a href="configure-minio.html" class="topiclink">MinIO S3</a> article.</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">&nbsp;</span><br />
<span class="f_CodeExample"># HAProxy settings for proxying connections to the S3 Storage</span><br />
<span class="f_CodeExample">haproxy:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">ingress:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">enabled: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># enabling HAProxy Ingress support for working with OpenShift</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">openshift: </span><span class="f_CodeExample" style="font-weight: bold;">false</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># system's domain (FQDN) through which it is accessible</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">hostname: elma365-server.your_domain</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># name of the bucket (in the S3 storage) for the BRIX application</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">path: /s3elma365</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># enabling https</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">tls: </span><span class="f_CodeExample" style="font-weight: bold;">false</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># &nbsp;extraTls:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># &nbsp;- hosts:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># &nbsp; &nbsp; &nbsp;- elma365-server.your_domain</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># &nbsp;secretName: elma365-server.your_domain-tls</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># number of replicas to ensure high availability</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">replicaCount: 1</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">containerPorts:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">-</span><span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">name: http</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">containerPort: 8080</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># HAProxy configuration</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">configuration: |</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">global</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">log stdout format raw local0</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">maxconn 1024</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">defaults</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">log global</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">timeout client 60s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">timeout connect 60s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">timeout server 60s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">frontend s3_main</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">bind :8080</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">default_backend s3_main</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">backend s3_main</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">server s3_1 minio.elma365-dbs.svc.cluster.local:80 check inter 2s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># safety context policy</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">podSecurityContext:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">enabled: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">fsGroup: 1001</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">containerSecurityContext:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">enabled: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">runAsUser: 1001</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">runAsNonRoot: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># specifying resources</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">resources:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">requests:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">memory: &quot;64Mi&quot;</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">cpu: &quot;50m&quot;</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">limits:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">memory: &quot;512Mi&quot;</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">cpu: &quot;500m&quot;</span><br />
<span class="f_CodeExample">...</span></p>
</td>
</tr>
</table>
</div>
<p class="p_Normal">&nbsp;</p>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A3')">How to proxy the user traffic in the S3 MinIO storage with SSL support</a></p>
<div id="TOGGLE0186A3" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal">&nbsp;<br />
In this example, four S3 (MinIO) servers are located outside the Kubernetes cluster and deployed according to the instructions in <a href="minio-cluster.html" class="topiclink">MinIO cluster</a> article.</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">&nbsp;</span><br />
<span class="f_CodeExample"># HAProxy settings for proxying connections to the S3 Storage</span><br />
<span class="f_CodeExample">haproxy:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">ingress:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">enabled: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># enabling HAProxy Ingress support for working with OpenShift</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">openshift: </span><span class="f_CodeExample" style="font-weight: bold;">false</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># system's domain (FQDN) through which it is accessible</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">hostname: elma365-server.your_domain</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># name of the bucket (in the S3 storage) for the BRIX application</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">path: /s3elma365</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># enabling https</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">tls: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">extraTls:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">-</span><span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">hosts:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; &nbsp; </span><span class="f_CodeExample">-</span><span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">elma365-server.your_domain</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">secretName: elma365-server.your_domain-tls</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># number of replicas to ensure high availability</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">replicaCount: 1</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">containerPorts:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">-</span><span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">name: http</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">containerPort: 8080</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># HAProxy configuration</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">configuration: |</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">global</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">log stdout format raw local0</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">maxconn 100000</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">defaults</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">log global</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">timeout client 60s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">timeout connect 60s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">timeout server 60s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">frontend s3_main</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">bind :8080</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">default_backend s3_main</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">backend s3_main</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">balance leastconn</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">server s3_1 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">server s3_2 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">server s3_3 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">server s3_4 minio-server1.your_domain:9000 check-ssl ssl verify none check inter 2s</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># safety context policy</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">podSecurityContext:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">enabled: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">fsGroup: 1001</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">containerSecurityContext:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">enabled: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">runAsUser: 1001</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">runAsNonRoot: </span><span class="f_CodeExample" style="font-weight: bold;">true</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample"># resources</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> </span><span class="f_CodeExample">resources:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">requests:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">memory: &quot;64Mi&quot;</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">cpu: &quot;50m&quot;</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; </span><span class="f_CodeExample">limits:</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">memory: &quot;512Mi&quot;</span><br />
<span class="f_CodeExample" style="color: #ffffff;"> &nbsp; &nbsp; </span><span class="f_CodeExample">cpu: &quot;500m&quot;</span><br />
<span class="f_CodeExample">...</span></p>
</td>
</tr>
</table>
</div>
<ol style="list-style-type:upper-roman" start="6">
<li value="6" class="p_Normal">If you install S3Gateway in an isolated environment without internet access, fill out the parameters for connecting to the private <span style="font-weight: bold;">registry</span>.</li></ol>
<p class="p_Normal"><a class="dropdown-toggle" style="font-style: normal; font-weight: normal; color: #000000; background-color: transparent; text-decoration: none;" href="javascript:HMToggle('toggle','TOGGLE0186A4')">How to fill out the connection parameters for the private registry</a></p>
<div id="TOGGLE0186A4" class="dropdown-toggle-body" style="text-align: left; text-indent: 0; line-height: 1.80; padding: 0 0 0 0; margin: 0 0 0 0;"><table style="border:none; border-spacing:0;">
<tr>
<td style="vertical-align:top; padding:0; border:none"><p class="p_Normal">&nbsp;</p>
<ol style="list-style-type:decimal">
<li value="1" class="p_Normal">Set address in <code><b>haproxy.image.registry</b></code>.</li><li value="2" class="p_Normal">Set path in <code><b>haproxy.image.repository</b></code>.</li><li value="3" class="p_Normal">Set name of the secret with access rights to the private registry in<span style="font-weight: bold;"> </span><code><b>haproxy.image.pullSecrets</b></code>. The private registry must be created manually and encrypted in Base64.</li></ol>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample"># HAProxy settings for proxying connections to the S3 Storage.</span><br />
<span class="f_CodeExample">haproxy:</span><br />
<span class="f_CodeExample">...</span><br />
<span class="f_CodeExample">  # connection parameters to the private registry</span><br />
<span class="f_CodeExample">  image:</span><br />
<span class="f_CodeExample">  &nbsp; # address and path for the private registry</span><br />
<span class="f_CodeExample">  &nbsp; registry: registry.example.com</span><br />
<span class="f_CodeExample">  &nbsp; repository: /bitnami/haproxy</span><br />
<span class="f_CodeExample">#  &nbsp;tag: 2.7.3-debian-11-r5</span><br />
<span class="f_CodeExample">  &nbsp; # &nbsp;secret with access rights to the private registry must be created manually and encrypted in Base64</span><br />
<span class="f_CodeExample">  &nbsp; pullSecrets:</span><br />
<span class="f_CodeExample">  &nbsp; &nbsp; - myRegistryKeySecretName</span></p>
</td>
</tr>
</table>
</div>
<h2 class="p_Heading2"><a id="set-chart-s3-gateway" class="hmanchor"></a><span class="f_Heading2">Step 3: Install the S3 Gateway chart using Helm in the Kubernetes cluster</span></h2>
<p class="p_Normal">Perform the installation of the S3 Gateway chart in the <span style="font-weight: bold;">s3gateway</span> <code><b>namespace</b></code>.</p>
<p class="p_Normal">Run the following command for online installation:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">helm upgrade --install s3gateway elma365/s3gateway -f values-s3gateway.yaml -n s3gateway --create-namespace </span></p>
<p class="p_Normal">Run the following command for offline installation without internet access:</p>
<p class="p_CodeExample" style="white-space: normal; page-break-inside: avoid;"><span class="f_CodeExample">helm upgrade --install s3gateway ./s3gateway -f values-s3gateway.yaml -n s3gateway --create-namespace </span></p>
<h2 class="p_Heading2"><a id="s3-connect" class="hmanchor"></a><span class="f_Heading2">Step 4: Connect to S3</span></h2>
<p class="p_Normal">Parameters for connecting to S3:</p>
<ul style="list-style-type:disc">
<li class="p_Normal"><code><b>address</b></code>: specify <code><b>elma365-server.your_domain</b></code>.</li><li class="p_Normal"><code><b>bucket</b></code>, <code><b>region, access key ID</b></code>, <code><b>secret access key</b></code>, <code><b>secret access key</b></code> and <code><b>enable SSL</b></code>: specify values according to the parameters of the S3 storage for which proxying is configured.</li></ul>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">начало&nbsp;внимание</span></p>
<p class="p_Normal" style="line-height: 1.20;">Infrastructure preparation occurs before the installation of the BRIX application. If the S3-Gateway chart has been installed, change the connection address to S3 (<span style="font-weight: bold;">elma365.s3.backend.address</span>) in the <a href="change-settings-enterprise.html#changes-config-file" class="topiclink">BRIX application settings</a>.</p>
<p class="p_CodeExample" style="page-break-inside: avoid;"><span class="f_CodeExample">конец&nbsp;внимание</span></p>
<div class="bottom-nav">
<a id="prev-link" class="topic__navi_prev" href="proxy-db-kubernetes.html">
<span class="bottom-nav__arrow bottom-nav__arrow--prev"></span> <span
class="bottom-nav__link">proxy-db-kubernetes.html</span>
</a>
<a id="next-link" class="topic__navi_next" href="pgbouncer-installation.html">
<span class="bottom-nav__link">pgbouncer-installation.html</span> <span
class="bottom-nav__arrow bottom-nav__arrow--next"></span>
</a>
</div>
<!-- добавляет на страницу строку блок Была ли статья полезной? -->
<div class="feedback" id="feedback"><div class="feedback-help"><span><b>Was this helpful?</b></span><form action="" method="POST" class="feedback-form" id="feedback-form"><div class="feedback__popup feedback__popup-response" id="feedback__popup_thx" style="display: none;">Thanks for your feedback!</div><div class="feedback__popup" id="feedback__popup_why" style="display: none;"><div class="feedback__popup-header">Please specify why:</div><input type="radio" name="category" id="bad_recommendation" value="bad_recommendation"><label for="bad_recommendation">Recommendations did not help me</label><input type="radio" name="category" id="difficult_text" value="difficult_text"><label for="difficult_text">Article is hard to understand</label><input type="radio" name="category" id="no_answer" value="no_answer"><label for="no_answer">Didn`t answer my question</label><input type="radio" name="category" id="bad_header" value="bad_header"><label for="bad_header">Content does not match the topic</label><input type="radio" name="category" id="other_reason" value="other_reason"><label for="other_reason">Other</label></div><div class="feedback__popup" id="feedback__popup-other" style="display: none;"><div class="feedback__popup-header">How we can improve it?</div><textarea class="feedback__textarea" name="other" id=""></textarea><input type="submit" class="feedback__other-btn" value="Submit"></div><div class="feedback-form__btn-group"><input type="radio" name="useful" id="feedback__useful_yes" value="true"><label for="feedback__useful_yes"><img src="like.svg" class="small-img" alt="like"><spanclass="feedback-form__btn-group_yes-btn">Yes</spanclass="feedback-form__btn-group_yes-btn"></label><input type="radio" name="useful" id="feedback__useful_no" value="false"><label for="feedback__useful_no"><img src="dislike.svg" class="small-img" alt="dislike"><spanclass="feedback-form__btn-group_no-btn">No</spanclass="feedback-form__btn-group_no-btn"></label></div><select name="category"><option disabled="">Please specify why</option><option value="bad_recommendation" selected="">Recommendations did not help me</option><option value="difficult_text">Article is hard to understand</option><option value="no_answer">Didn`t answer my question</option><option value="bad_header">Content does not match the topic</option><option value="other_reason">Other</option></select><input type="submit"></form></div><div class="found_typo"><p style="margin: 0px; margin-top: 16px !important;"><span><b>Found a typo?</b></span> Select it and press <i>Ctrl+Enter</i> to send us feedback</p></div></div>
</section>
</div>
<aside class="article__sidebar" style="display:none">
<input type="checkbox" />
<div class="article__arrow"></div>
<div class="table-of-contents elma365-right" id="toc2Content">
<h3 class="h3-toc">In this topic</h3>
<nav id="toc2"></nav>
</div>
</aside>
</div>
</article>
</main>
<footer class="footer">
<div class="footer-container">
<div class="footer-mobile">
<ul class="footer-mobile__list"><li><a href="https://brix365.com/en/" target="_blank">BRIX</a></li><li><a href="https://tssdk.brix365.com/en/latest/" target="_blank">SDK</a></li><li><a href="https://api.brix365.com/en/" target="_blank">API</a></li></ul><ul class="footer-mobile__list"><li><a href="https://brix365.com/en/help/platform/get-trial.html">Platform</a></li><li><a href="https://brix365.com/en/help/ecm/ecm-functions.html">ECM</a></li><li><a href="https://brix365.com/en/help/service/service-functions.html">Service</a></li><li><a href="https://brix365.com/en/help/projects/projects-functions.html">Projects</a></li></ul>
</div>
<div class="footer-wrap">
<div><span class="mobile-question-popup">Send feedback</span><form method="POST" action class="question__popup question-xs" id="question__popup"><div class="question-wrap"><span class="close"></span><span class="title">Ask a question</span><label for="help_question" style="display: none;"></label><textarea name="help_question" id="help_question"></textarea><input type="submit" value="Send"></div></form><div class="hidden fade-in question-success-xs">Sent</div></div>
<div class="footer-flex-b">
<span class="footer-copy">&copy; 2025 BRIX</span>
<ul class="footer-list">
<li class="footer-item">
<a href="#" class="arrow-top" style="display: block;"></a>
</li>
</ul>
</div>
</div>
</div>
</footer>
<iframe name="hmnavigation" style="display:none!important"></iframe>
<script src="./jquery-ui.js"></script>
<!--script src="//cdn.jsdelivr.net/npm/featherlight@1.7.14/release/featherlight.min.js" type="text/javascript" charset="utf-8"></script-->
<script src="./jquery.tocify.min.js"></script>
<script src="./TypoReporter.min.js"></script>
<script src="./google-search.js"></script>
<script src="./main.js"></script>
<script type="text/javascript">
HMInitToggle('TOGGLE0186A1','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A2','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A3','hm.type','dropdown','hm.state','0');
HMInitToggle('TOGGLE0186A4','hm.type','dropdown','hm.state','0');
</script>
</body>
</html>