Skip to content

Configure nginx reverse proxy for the external endpoints#524

Open
SanjalKatiyar wants to merge 3 commits intored-hat-storage:mainfrom
SanjalKatiyar:client_proxy
Open

Configure nginx reverse proxy for the external endpoints#524
SanjalKatiyar wants to merge 3 commits intored-hat-storage:mainfrom
SanjalKatiyar:client_proxy

Conversation

@SanjalKatiyar
Copy link

@SanjalKatiyar SanjalKatiyar commented Mar 2, 2026
edited
Loading

Corresponding OCS operator changes: red-hat-storage/ocs-operator#3695

  • Updated ocs-operator/services/provider/api version to incorporate latest provider RPC changes.
  • Added "externalEndpoints" section to the CR status, holds info about external endpoints deployed on the provider (e.g. NooBaa S3, NooBaa IAM, RGW S3 etc).
  • Mounted per client proxy config to the nginx (console) pod (using proxy-<clientuid>.conf ConfigMap key for this).
  • Added optional Secret for injecting custom CA certs per endpoint (using <clientuid>-<exposeas>.crt Secret key for this).
  • Updated nginx config.
  • Added rate and connection limits.
  • Added whitelisting to allow management operations only.
  • Cleanup while client deletion.

https://issues.redhat.com/browse/RHSTOR-8528
https://issues.redhat.com/browse/RHSTOR-8529
https://issues.redhat.com/browse/RHSTOR-8530

@openshift-ci
Copy link

openshift-ci bot commented Mar 2, 2026

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: SanjalKatiyar
Once this PR has been reviewed and has the lgtm label, please assign leelavg for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@SanjalKatiyar
Copy link
Author

SanjalKatiyar commented Mar 2, 2026

/hold

@SanjalKatiyar
godeps: update ocs-operator/services/provider/api version
560bb53 
- incorporate latest provider RPC changes.

Signed-off-by: sanjalkatiyar <sanjaldhir@gmail.com>
@SanjalKatiyar
api: add external endpoints to StorageClient status
5f8a18e 
- added "externalEndpoints" section to the CR status.

Signed-off-by: sanjalkatiyar <sanjaldhir@gmail.com>
@SanjalKatiyar SanjalKatiyar mentioned this pull request Mar 2, 2026
Open
@SanjalKatiyar
controllers: configure nginx reverse proxy for the external endpoints
56dbb61 
- Mounted per client proxy config to the nginx (console) pod.
- Added optional Secret for injecting custom CA certs.
- Updated nginx config.
- Added rate and connection limits.
- Added whitelisting to allow management operations only.
- Cleanup while client deletion.

Signed-off-by: sanjalkatiyar <sanjaldhir@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

do-not-merge/hold size/XL

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@SanjalKatiyar