Skip to content

remove minio and configure apollo with s3 cred #37

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

remove minio and configure apollo with s3 cred #37

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9fa7b03
remove minio and configure apollo with s3 cred
riteshsonawane1372 Oct 29, 2025
1e6d04d
fix mercury probes (#40)
riteshsonawane1372 Oct 29, 2025
81fd018
create s3-cred and remove minio from deployment
riteshsonawane1372 Oct 29, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions composio/templates/apollo.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,6 +126,31 @@ spec:
secretKeyRef:
name: {{ .Release.Name }}-encryption-key
key: ENCRYPTION_KEY
- name: S3_ENDPOINT_URL
valueFrom:
secretKeyRef:
name: s3-cred
key: S3_ENDPOINT_URL

{{- if not .Values.apollo.oidcprovider }}
- name: S3_REGION
valueFrom:
secretKeyRef:
name: s3-cred
key: S3_REGION

- name: S3_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: s3-cred
key: S3_ACCESS_KEY_ID

- name: S3_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: s3-cred
key: S3_SECRET_ACCESS_KEY
{{- end }}
# OpenTelemetry configuration
{{- if .Values.otel.enabled }}
- name: OTEL_ENABLED
Expand Down
32 changes: 14 additions & 18 deletions composio/templates/mercury.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,26 +44,22 @@ spec:
- containerPort: {{ .Values.mercury.service.port | default 8080 }}
securityContext:
{{- toYaml .Values.mercury.securityContext | nindent 12 }}

{{- if .Values.mercury.livenessProbe.enabled }}
livenessProbe:
{{- toYaml .Values.mercury.livenessProbe.httpGet | nindent 12 }}
initialDelaySeconds: {{ .Values.mercury.livenessProbe.initialDelaySeconds }}
timeoutSeconds: {{ .Values.mercury.livenessProbe.timeoutSeconds }}
{{- end }}
{{- if .Values.mercury.readinessProbe.enabled }}
failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: {{ .Values.mercury.service.port | default 8080 }}
timeoutSeconds: 1
readinessProbe:
httpGet:
path: {{ .Values.mercury.readinessProbe.httpGet.path }}
port: {{ .Values.mercury.readinessProbe.httpGet.port }}
scheme: {{ .Values.mercury.readinessProbe.httpGet.scheme }}
failureThreshold: {{ .Values.mercury.readinessProbe.failureThreshold }}
initialDelaySeconds: {{ .Values.mercury.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.mercury.readinessProbe.periodSeconds }}
successThreshold: {{ .Values.mercury.readinessProbe.successThreshold }}
timeoutSeconds: {{ .Values.mercury.readinessProbe.timeoutSeconds }}
{{- end }}

failureThreshold: 3
initialDelaySeconds: 5
periodSeconds: 10
successThreshold: 1
tcpSocket:
port: {{ .Values.mercury.service.port | default 8080 }}
timeoutSeconds: 1
env:
# AWS S3 Configuration (using Minio)
- name: AWS_S3_REGION_NAME
Expand Down
3 changes: 3 additions & 0 deletions composio/templates/minio.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
{{- if .Values.minio.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -202,3 +203,5 @@ spec:
storageClassName: {{ .Values.minio.persistence.storageClass }}
{{- end }}
{{- end }}

{{- end }}
4 changes: 3 additions & 1 deletion composio/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,7 +72,8 @@ redis:

# Apollo service configuration - Development
apollo:
replicaCount: 2
replicaCount: 2
oidcprovider: false # If true don't need to pass S3 region, accessKey and secretKey
image:
repository: composio-self-host/apollo
tag: "495d325"
Expand Down Expand Up @@ -631,6 +632,7 @@ aws:

# Minio configuration - Development
minio:
enabled: false
replicaCount: 1

# Deployment strategy to prevent Multi-Attach volume errors
Expand Down
57 changes: 37 additions & 20 deletions secret-setup.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,26 +37,30 @@ usage() {
echo " THERMOS_POSTGRES_URL PostgreSQL connection URL for Thermos (postgresql://user:pass@host:port/db)"
echo " REDIS_URL Redis connection URL (redis://user:pass@host:port/db)"
echo " OPENAI_API_KEY OpenAI API key for AI functionality"
echo " S3_REGION Object store region"
echo " S3_ACCESS_KEY_ID Object store access-key-id"
echo " S3_SECRET_ACCESS_KEY Object store secret-access-key"
echo ""
echo -e "${YELLOW}Generated Secrets (auto-created if missing):${NC}"
echo " • \${release}-apollo-admin-token (APOLLO_ADMIN_TOKEN)"
echo " • \${release}-encryption-key (ENCRYPTION_KEY)"
echo " • \${release}-temporal-encryption-key (TEMPORAL_TRIGGER_ENCRYPTION_KEY)"
echo " • \${release}-composio-api-key (COMPOSIO_API_KEY)"
echo " • \${release}-minio-credentials (MINIO_ROOT_USER + MINIO_ROOT_PASSWORD)"
echo ""
echo -e "${YELLOW}User-Provided Secrets (created if env vars provided):${NC}"
echo " • external-postgres-secret (from POSTGRES_URL)"
echo " • external-thermos-postgres-secret (from THERMOS_POSTGRES_URL)"
echo " • external-redis-secret (from REDIS_URL)"
echo " • openai-secret (from OPENAI_API_KEY)"
echo " • s3-secret (from S3_ENDPOINT_URL)"
echo ""
echo -e "${YELLOW}Examples:${NC}"
echo " # Setup with all external secrets"
echo " POSTGRES_URL=\"postgresql://user:[email protected]:5432/apollo\" \\"
echo " THERMOS_POSTGRES_URL=\"postgresql://user:[email protected]:5432/thermos\" \\"
echo " REDIS_URL=\"redis://user:[email protected]:6379/0\" \\"
echo " OPENAI_API_KEY=\"sk-1234567890abcdef...\" \\"
echo " S3_ENDPOINT_URL=\"https://<bucket-name>.s3.<region>.amazonaws.com\" \\"
echo " $0 -r composio -n composio"
echo ""
echo " # Dry-run to see what would be created"
Expand Down Expand Up @@ -163,22 +167,38 @@ create_simple_secret() {
fi
}

# Function to create minio credentials secret
create_minio_secret() {
# create s3-cred
create_s3_secret() {
local secret_name=$1
local user=$2
local password=$3

if [[ "$DRY_RUN" == true ]]; then
print_info "[DRY-RUN] Would create secret: $secret_name"
print_info "kubectl create secret generic \"$secret_name\" --from-literal=\"MINIO_ROOT_USER=$user\" --from-literal=\"MINIO_ROOT_PASSWORD=$password\" -n \"$NAMESPACE\""
if [ -z "$S3_REGION" ] && [ -z "$S3_ACCESS_KEY_ID" ] && [ -z "$S3_SECRET_ACCESS_KEY" ]; then
print_info "kubectl create secret generic \"$secret_name\" --from-literal=\"S3_ENDPOINT_URL=$S3_ENDPOINT_URL\" -n \"$NAMESPACE\""
else
print_info "kubectl create secret generic \"$secret_name\" \
--from-literal=\"S3_ENDPOINT_URL=$S3_ENDPOINT_URL\" \
--from-literal=\"S3_REGION=$S3_REGION\" \
--from-literal=\"S3_ACCESS_KEY_ID=$S3_ACCESS_KEY_ID\" \
--from-literal=\"S3_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY\" \
-n \"$NAMESPACE\""
fi
else
print_info "Creating secret: $secret_name"
kubectl create secret generic "$secret_name" \
--from-literal="MINIO_ROOT_USER=$user" \
--from-literal="MINIO_ROOT_PASSWORD=$password" \
-n "$NAMESPACE"
print_success "Created secret: $secret_name"
if [ -z "$S3_REGION" ] && [ -z "$S3_ACCESS_KEY_ID" ] && [ -z "$S3_SECRET_ACCESS_KEY" ]; then
print_info "Creating secret: $secret_name"
kubectl create secret generic "$secret_name" \
--from-literal="S3_ENDPOINT_URL=$S3_ENDPOINT_URL" \
-n "$NAMESPACE"
print_success "Created secret: $secret_name"
else
print_info "Creating secret: $secret_name"
kubectl create secret generic "$secret_name" \
--from-literal="S3_ENDPOINT_URL=$S3_ENDPOINT_URL" \
--from-literal="S3_REGION=$S3_REGION" \
--from-literal="S3_ACCESS_KEY_ID=$S3_ACCESS_KEY_ID" \
--from-literal="S3_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY" \
-n "$NAMESPACE"
fi
fi
}

Expand Down Expand Up @@ -296,14 +316,11 @@ else
fi
done

# Handle MinIO credentials (combined secret)
minio_secret_name="${RELEASE_NAME}-minio-credentials"
if secret_exists "$minio_secret_name"; then
print_warning "Secret already exists: $minio_secret_name"
s3_secret_name="s3-cred"
if secret_exists "$s3_secret_name"; then
print_warning "Secret already exists: $s3_secret_name"
else
minio_user="minioadmin"
minio_password=$(generate_random 16)
create_minio_secret "$minio_secret_name" "$minio_user" "$minio_password"
create_s3_secret "$s3_secret_name"
fi
fi

Expand Down Expand Up @@ -364,4 +381,4 @@ print_info "To view a specific secret:"
print_info "kubectl get secret <secret-name> -n $NAMESPACE -o yaml"

print_info "To get a decoded secret value:"
print_info "kubectl get secret <secret-name> -n $NAMESPACE -o jsonpath='{.data.<key>}' | base64 -d"
print_info "kubectl get secret <secret-name> -n $NAMESPACE -o jsonpath='{.data.<key>}' | base64 -d"
Loading