Comments (7)
harshavardhana
commented on June 7, 2024
S3 spec mandates hostnames. We can't change it.
from mc.
manju-rn
commented on June 7, 2024
S3 spec mandates hostnames. We can't change it.
is there a way to add additional host names in SERVER_URL env in minio server?
from mc.
harshavardhana
commented on June 7, 2024
is there a way to add additional host names in
SERVER_URLenv in minio server?
that's a server question not an mc question.
from mc.
manju-rn
commented on June 7, 2024
is there a way to add additional host names in
SERVER_URLenv in minio server?that's a server question not an
mcquestion.
Yes. Correct. Ignore the question here. Will post it there.
However, is there a way to override the host name when mc sends the details to mino server? like in curl you can override the host header. Assuming the minio server will use that host header fro signature
from mc.
harshavardhana
commented on June 7, 2024
is there a way to add additional host names in
SERVER_URLenv in minio server?that's a server question not an
mcquestion.Yes. Correct. Ignore the question here. Will post it there. However, is there a way to override the
hostname when mc sends the details to mino server? like incurlyou can override the host header. Assuming the minio server will use that host header fro signature
No sir, that would be security issue.
from mc.
manju-rn
commented on June 7, 2024
okay so it looks like minio service than cannot be called from "meshed" cross cluster resource and via ingress is the only option.
from mc.
manju-rn
commented on June 7, 2024
Okay found the solution. Details here for anybody using linkerd-multicluster
Problem Statement: The details mentioned at the start of the post has incorrect statement # 3 . Issue is (re)explained below
3. The mc client (as pod) is hosted in west cluster and can call minio-east service and connection goes thru fine, but minio server in the east cluster refuses service as signature is not matched.
- Signature creation at client i.e MC client in west cluster: It uses the URL given in the alias setting. In this case, since mirror service (using linkerd-multicluster) is used, the minio URL uses the service name
minio-east(mirror of corresponding service nameminiolocated on east cluster) - Signature verification at Server i.e Minio server in east cluster: When the minio server receives the request from the MC client, it uses the host name that is received in request header for signature calculation. Due to
linkerd-multiclustergateway which intercepts the call from west to east cluster for minio service, it updates the host header fromminio-easttominio. Although this is technically correct, the calculation of signature done by MC usingminio-eastdoes not match the signature viaminiohost calculated by minio server.
Linkerd-multicluster is technically correct since this service mirror concept to connect 2 clusters would need this setup. However, since the host name is changed from when it was generated causes this issue. Now, there is no configuration at linkerd-multicluster to preserve the original host header. However, the solution is Linkerd-SMI using Traffic split. https://linkerd.io/2.14/features/multicluster/#
Steps: - Define TrafficSplit which will map a dummy service which has exactly same name as was expected in the minio service in east cluster to linkerd mirrored service
minio-east - Update the alias in the MC client to connect to
minioin west cluster - thats it!
How does it work:
- When MC client in west cluster calls the service, it actually uses
minioand notminio-east. Traffic spit ensures that it calls the mirror servicemini-eastand there ontominioservice in east cluster. However, since MC client called theminioas host, it will calculate its signature using this host name and the signature will match.
kind: TrafficSplit
apiVersion: split.smi-spec.io/v1alpha2
metadata:
name: minio-split
namespace: minio-ns
spec:
service: minio #Dummy Service with correct name in west cluster just to redirect traffic to mirrored service minio-east
backends:
- service: minio-east
weight: 1000
---
apiVersion: v1
kind: Service
metadata:
name: minio
namespace: minio-ns
spec:
ports:
- port: 80
targetPort: 80 #Simple headless mapping to the port of the minio-east service
Hope this helps. The transfer of data via linkerd-SMI between 2 cluster is amazingly fast (compared to connecting via domain hosted URL)! Tested from Cloud to local and vice versa.
from mc.
Related Issues (20)
- 'mc mirror' Error HOT 2
- mc batch replication without S3 credentials
- `mc admin policy attach` should be idempotent HOT 2
- `mc rb --force --dangerous` says bucket deletion successful, but bucket remains HOT 2
- Support copying with pattern matching while preserving directory structure (--include, not just --exclude) HOT 1
- mc mirror takes long time when target bucket contains a lot of files HOT 1
- functional tests: base64 file generation not working under macOS
- functional tests not working because of a WORM protected file in play.min.io
- sha256sum mismatch for mcli_20240313235157.0.0_amd64.deb HOT 2
- mc du don't display results similar values ββon the minio console. HOT 2
- `mc rb --force minio/my-bucket` should be idempotent
- mirror watch doesn't recover when server is temporary down HOT 7
- Mirror fails with "Cannot create a file when that file already exists." HOT 1
- Debian package for the latest version is not available HOT 1
- Data transfer going, disk space usage is expanding, but the number of objects is not growing HOT 1
- mcli: Unable to prepare URL for copying. Unable to guess the type of copy operation. HOT 9
- LDAP login prompts are written to stdout
- Usage message for 'ilm rule remove' subcommand is missing --id HOT 1
- Accept colons in `mc alias` commands HOT 3
- mc --enc-{c,s3,kms) require that input to match the argument
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mc.