[bucket] Fix s3manager endpoint to use actual S3 endpoint from BucketInfo

The deployment template was constructing the S3 endpoint from the tenant's
namespace host (e.g. s3.freedom.infra.example.com), while COSI credentials
are issued for the actual SeaweedFS endpoint (e.g. s3.infra.example.com).
This mismatch caused 'invalid credentials' errors when users tried to log
in with valid credentials from the bucket secret.

Now the endpoint is resolved from BucketInfo (same source as credentials),
with a fallback to the constructed namespace host for first-time deploys
before BucketAccess secrets are created.

Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
(cherry picked from commit f647cfd7b9)
This commit is contained in:
IvanHunters 2026-03-13 01:08:13 +03:00 committed by github-actions[bot]
parent 095d3ab150
commit 0ba129b4b7

View file

@ -1,3 +1,12 @@
{{- $endpoint := printf "s3.%s" .Values._namespace.host }}
{{- range $name, $user := .Values.users }}
{{- $secretName := printf "%s-%s" $.Values.bucketName $name }}
{{- $existingSecret := lookup "v1" "Secret" $.Release.Namespace $secretName }}
{{- if $existingSecret }}
{{- $bucketInfo := fromJson (b64dec (index $existingSecret.data "BucketInfo")) }}
{{- $endpoint = trimPrefix "https://" (index $bucketInfo.spec.secretS3 "endpoint") }}
{{- end }}
{{- end }}
apiVersion: apps/v1
kind: Deployment
metadata:
@ -17,6 +26,6 @@ spec:
image: "{{ $.Files.Get "images/s3manager.tag" | trim }}"
env:
- name: ENDPOINT
value: "s3.{{ .Values._namespace.host }}"
value: {{ $endpoint | quote }}
- name: SKIP_SSL_VERIFICATION
value: "true"