diff --git a/README.md b/README.md index 63ab507..81834a7 100644 --- a/README.md +++ b/README.md @@ -184,7 +184,7 @@ Shared services used across multiple applications. - **[Versity S3 Gateway](https://github.com/versity/versitygw)** (Port: 10000 by default) - S3-compatible API over a POSIX directory (named Docker volumes). Use as shared object storage for apps that expect S3; pair with clients using path-style URLs and your LAN hostname or reverse proxy. -**Configuration:** Set either `ROOT_ACCESS_KEY` / `ROOT_SECRET_KEY` or `ROOT_ACCESS_KEY_ID` / `ROOT_SECRET_ACCESS_KEY` in a `.env` file next to `compose.yaml` (see `.env.sample`). Optional `VERSITYGW_PORT`. Komodo writes Stack Environment to `.env` by default; the service uses `env_file: .env` so those values reach the container (unlike shell pass-through, which does not read that file). +**Configuration:** Set either `ROOT_ACCESS_KEY` / `ROOT_SECRET_KEY` or `ROOT_ACCESS_KEY_ID` / `ROOT_SECRET_ACCESS_KEY`. Optional `VERSITYGW_PORT`. Compose uses `${VAR}` interpolation so credentials work with Komodo’s `docker compose --env-file /.env` (avoid `env_file:` in the service when `run_directory` is not the same folder as `compose.yaml`, or the written `.env` will not be found). --- diff --git a/komodo/s3/versitygw/.env.sample b/komodo/s3/versitygw/.env.sample index 1ae4a21..7b3ae80 100644 --- a/komodo/s3/versitygw/.env.sample +++ b/komodo/s3/versitygw/.env.sample @@ -1,14 +1,14 @@ # Versity S3 Gateway — root credentials for the flat-file IAM backend. -# Copy to `.env` in this directory (same folder as compose.yaml). # https://github.com/versity/versitygw/wiki/Quickstart # -# Komodo: use these exact names in Stack Environment — they are written to `.env` -# on the host (default `env_file_path`). If you change `env_file_path` in the Stack, -# update `env_file` in compose.yaml to match. +# Local: copy to `.env` next to compose.yaml (or set `run_directory` to this folder +# in Komodo) so `docker compose` can interpolate `${ROOT_ACCESS_KEY}` etc. # -# Set either pair (Helm chart uses the *_ID / *_ACCESS_KEY names): +# Komodo: Stack Environment is written to `/.env` and passed as +# `--env-file` — that drives `${VAR}` in compose.yaml. Set **one** pair using exact +# names (leave the other pair unset / empty): # ROOT_ACCESS_KEY + ROOT_SECRET_KEY -# ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY +# ROOT_ACCESS_KEY_ID + ROOT_SECRET_ACCESS_KEY (Helm-style) ROOT_ACCESS_KEY= ROOT_SECRET_KEY= diff --git a/komodo/s3/versitygw/compose.yaml b/komodo/s3/versitygw/compose.yaml index 29aa199..8153e46 100644 --- a/komodo/s3/versitygw/compose.yaml +++ b/komodo/s3/versitygw/compose.yaml @@ -5,15 +5,18 @@ services: image: versity/versitygw:v1.3.1 container_name: versitygw restart: unless-stopped - # Komodo writes Stack Environment to `.env` in the run directory; that file is - # not automatically injected into the container unless listed here (pass-through - # only sees the compose process env, not this file). - env_file: - - path: .env - required: false + # Credentials: use `${VAR}` so values come from the same env Komodo passes with + # `docker compose --env-file /.env` (see Komodo Stack docs). + # Do NOT use `env_file: .env` here: that path is resolved next to *this* compose + # file, while Komodo writes `.env` under `run_directory` — they often differ + # (e.g. run_directory = repo root, compose in komodo/s3/versitygw/). environment: + ROOT_ACCESS_KEY: ${ROOT_ACCESS_KEY} + ROOT_SECRET_KEY: ${ROOT_SECRET_KEY} + ROOT_ACCESS_KEY_ID: ${ROOT_ACCESS_KEY_ID} + ROOT_SECRET_ACCESS_KEY: ${ROOT_SECRET_ACCESS_KEY} # Matches Helm chart default; enables `/_/health` for probes. - - VGW_HEALTH=/_/health + VGW_HEALTH: /_/health ports: - "${VERSITYGW_PORT:-10000}:10000" volumes: