docs: config aliyun oss as artifact repo to enhance user experience #9551
Conversation
Signed-off-by: yuhui.zy <[email protected]>
| ```bash | ||
| $ export mybucket=bucket-workflow-artifect | ||
| $ export myregion=cn-zhangjiakou | ||
| $ # limit permission to read/write the bucket. | ||
| $ cat > policy.json <<EOF | ||
| { | ||
| "Version": "1", | ||
| "Statement": [ | ||
| { | ||
| "Effect": "Allow", | ||
| "Action": [ | ||
| "oss:PutObject", | ||
| "oss:GetObject" | ||
| ], | ||
| "Resource": "acs:oss:*:*:$mybucket/*" | ||
| } | ||
| ] | ||
| } | ||
| EOF |
There was a problem hiding this comment.
This would be useful to have.
| $ # create bucket. | ||
| $ aliyun oss mb oss:https://$mybucket --region $myregion | ||
| $ # show endpoint of bucket. | ||
| $ aliyun oss stat oss:https://$mybucket | ||
| $ #create a ram user to access bucket. | ||
| $ aliyun ram CreateUser --UserName $mybucket-user | ||
| $ # create ram policy with the limit permission. | ||
| $ aliyun ram CreatePolicy --PolicyName $mybucket-policy --PolicyDocument "$(cat policy.json)" | ||
| $ # attch ram policy to the ram user. | ||
| $ aliyun ram AttachPolicyToUser --UserName $mybucket-user --PolicyName $mybucket-policy --PolicyType Custom | ||
| $ # create access key and secret key for the ram user. | ||
| $ aliyun ram CreateAccessKey --UserName $mybucket-user > access-key.json | ||
| $ # create secret in demo namespace, replace demo with your namespace. | ||
| $ kubectl create secret generic $mybucket-credentials -n demo\ | ||
| --from-literal "accessKey=$(cat access-key.json | jq -r .AccessKey.AccessKeyId)" \ | ||
| --from-literal "secretKey=$(cat access-key.json | jq -r .AccessKey.AccessKeySecret)" |
There was a problem hiding this comment.
This felt very verbose. I think we can just link to relevant OSS documentation directly?
There was a problem hiding this comment.
Understand. Let me explain.
It includes 3 parts, 1) create oss bucket; 2) create ram user and grant oss permission. 3) kubectl to config user into argo. There is not one document link for these steps. We have relevant two aliyun product(oss and ram) and several documents, like oss bucket creation, ram user creation, grant ram user oss permission. It is difficult for aliyun user to start up artifact.
So I refer AWS S3 configuration to have some cli commands to create oss/ram user, also add two kubectl commands to config argo ConfigMap and secret. It is an end to end steps for user to follow and start up argo workflow artifact.
…rgoproj#9551) Signed-off-by: yuhui.zy <[email protected]> Signed-off-by: yuhui.zy <[email protected]> Co-authored-by: yuhui.zy <[email protected]> Signed-off-by: juchao <[email protected]>
Provide a bash script to use aliyun cli to create oss bucket, ram user with limit permission. Then create ConfigMap and Secret to config artifact repository.
Signed-off-by: yuhui.zy [email protected]
Fixes #TODO