S3 connection specification
You can specify S3 connection details directly inside the TrinoCatalog specification or by referring to an external S3Connection custom resource.
To specify S3 connection details directly as part of the TrinoCatalog resource, you add an inline connection configuration as shown below:
s3: (1)
inline:
host: test-minio (2)
port: 9000 (3)
pathStyleAccess: true (4)
secretClass: minio-credentials (5)
tls:
verification:
server:
caCert:
secretClass: minio-tls-certificates (6)| 1 | Entry point for the connection configuration |
| 2 | Connection host |
| 3 | Optional connection port |
| 4 | Optional flag if path-style URLs should be used; This defaults to false
which means virtual hosted-style URLs are used. |
| 5 | Name of the Secret object expected to contain the following keys:
accessKey and secretKey |
| 6 | Optional TLS settings for encrypted traffic. The secretClass can be provided by the Secret Operator or yourself. |
A self provided S3 TLS secret can be specified like this:
---
apiVersion: secrets.stackable.tech/v1alpha1
kind: SecretClass
metadata:
name: minio-tls-certificates
spec:
backend:
k8sSearch:
searchNamespace:
pod: {}
---
apiVersion: v1
kind: Secret
metadata:
name: minio-tls-certificates
labels:
secrets.stackable.tech/class: minio-tls-certificates
data:
ca.crt: <your-base64-encoded-ca>
tls.crt: <your base64-encoded-public-key>
tls.key: <your-base64-encoded-private-key>It is also possible to configure the bucket connection details as a separate Kubernetes resource and only refer to that object from the TrinoCatalog specification like this:
s3:
reference: my-connection-resource (1)| 1 | Name of the connection resource with connection details |
The resource named my-connection-resource is then defined as shown below:
---
apiVersion: s3.stackable.tech/v1alpha1
kind: S3Connection
metadata:
name: my-connection-resource
spec:
host: test-minio
port: 9000
accessStyle: Path
credentials:
secretClass: minio-credentialsThis has the advantage that the connection configuration can be shared across applications and reduces the cost of updating these details.