tower 0.61.1 — Phase F (B): tenant-scoped S3 resolver
Refactor s3Resolver from a single-global-creds reader into a
tenant-scoped factory. Each tenant brings their own S3 endpoint,
region, three named buckets (backups + templates + audit), and
access keys (in Vault at v3/tenants/<id>/s3-credentials).
Touches:
s3.go — s3Resolver becomes factory; tenantS3 wraps
one minio.Client + bucket per tenant
audit.go — events grouped by tenantID per flush, written
to the tenant's audit bucket
backups.go — fleet view fans out one S3 LIST per tenant;
per-instance handlers resolve via Argo App
export/import/migrate — tenant resolved from Argo App label
or scope.TenantID
templates_* — per-template tenant lookup via templateTenantID
(platform tenant for OwnerPlatform manifests)
vitals.go — last-backup probe pulls tenantID before list
Adds AllTenants() to PlatformStore so the templates orphan sweep
can iterate every tenant configured with a templates bucket.
Build: tower:0.61.1 — pushed to registry.odoosky.cloud
This commit is contained in:
Tower Bot
@@ -9,7 +9,7 @@ backend:
|
|||||||
# so every cluster that runs Tower needs the same imagePullSecret
|
# so every cluster that runs Tower needs the same imagePullSecret
|
||||||
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
# provisioned out-of-band (until cluster-platform-v3 owns it).
|
||||||
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
|
||||||
tag: "0.61.0"
|
tag: "0.61.1"
|
||||||
pullPolicy: IfNotPresent
|
pullPolicy: IfNotPresent
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
- name: docker-mirror-pull
|
- name: docker-mirror-pull
|
||||||
|
|||||||
Reference in New Issue
Block a user