add azure blob config to chart#89
Conversation
mekilis
left a comment
mekilis
left a comment
There was a problem hiding this comment.
Before merge, run helm template with env.storage.enabled=true and env.storage.type=azure_blob, once with inline account_key and once with secret, to confirm both branches render. Env var names match the server's config.go and the type goes through the existing CONVOY_STORAGE_POLICY_TYPE, so this is just a formality.
| valueFrom: | ||
| secretKeyRef: | ||
| name: "{{ .Values.env.storage.azure_blob.secret }}" | ||
| key: accountKey |
There was a problem hiding this comment.
The secret must store the key as accountKey (camelCase), matching the README. Add an upgrade note: anyone who used the old extraEnvs workaround created the secret with account_key and needs to recreate it as accountKey. Note also that S3 uses secretKey here while Azure uses accountKey, so the two aren't symmetric by name.
Same applies at charts/server/templates/rollout.yaml:369, charts/agent/templates/deployment.yaml:361, and the paired line in charts/agent/templates/rollout.yaml.
| | global.externalRedis.port | string | `"6379"` | Port for the external redis | | ||
| | global.externalRedis.scheme | string | `"redis"` | Scheme for the external redis. This can be redis, rediss, redis-socket or redis-sentinel | | ||
| | global.externalRedis.secret | string | `""` | If this secret parameter is not empty, password value will be ignored. The password in the secret should be in the 'password' key | | ||
| | global.externalRedis.sentinelMasterName | string | `"mymaster"` | Redis Sentinel master name (required when scheme is redis-sentinel) | |
There was a problem hiding this comment.
The sentinel keys and JWT row reordering are unrelated to Azure Blob. They're helm-docs catching up on pre-existing drift. Harmless, just noting it widens the diff.
olamilekan000
force-pushed
the
add-azure-blob-config
branch
from
ca36b26 to
6769139
Compare
2 participants
Note
Medium Risk
Changes how cloud storage credentials are injected at deploy time; Azure adopters must use Secret key
accountKeyor upgrades fromextraEnvs/account_keycan fail silently on missing credentials.Overview
Adds first-class Azure Blob object storage to the Convoy Helm chart for server and agent (Deployment and Rollout templates), driven by
storage.type: azure_bloband newstorage.azure_blob.*values that map toCONVOY_STORAGE_AZURE_*environment variables.Account keys can be set inline or via an existing Secret (
storage.azure_blob.secret), with the Secret keyaccountKey(documented separately from S3’ssecretKey). README /README.md.gotmpladd an Object Storage section with examples and an upgrade note for teams moving offextraEnvswho may still haveaccount_keyin their Secret.S3 wiring is tightened on the server side: optional
storage.s3.prefixis emitted asCONVOY_STORAGE_AWS_PREFIX, and the S3 secret reference guard matches the agent pattern (and+ non-empty check). Defaultvalues.yamland subchart values gain matchingazure_blob(and agents3.prefix) blocks; generated README values table reflects the new fields.Reviewed by Cursor Bugbot for commit 6769139. Bugbot is set up for automated code reviews on this repo. Configure here.