Authentication

Bucket authentication varies between cloud providers.

  • Amazon S3

  • Google Cloud Storage

Amazon S3

You will need to supply the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN and AWS_REGION environment variables to the API for both the control plane and the builder. See the AWS authentication documentation for details. It is also possible to store the configuration as a Kubernetes secret, similar to the Google Cloud Storage configuration.

To configure a storage bucket, provide the SE2_STORAGE_PATH environment variable to both the control plane and builder, e.g. s3://my-bucket for Amazon S3 or gs://my-bucket for Google Cloud Storage. For Kubernetes deployments, this is done in .suborbital/se2-controlplane-deployment.yaml under the controlplane and builder containers sections, and for local docker-compose deployments, this is done in docker-compose.yaml under the se2-controlplane and se2-builder services.

containers:
    - name: controlplane
        image: suborbital/se2-controlplane:v0.4.2
        command: ["controlplane"]

        ports:
          - containerPort: 8081

        env:
          - name: SE2_HTTP_PORT
            value: "8081"

          - name: SE2_LOG_LEVEL
            value: "info"

          - name: SE2_ENV_TOKEN
            value: <your environment token>

          - name: SE2_STORAGE_PATH
            value: s3://<your-s3-storage-bucket>


      - name: builder
        image: suborbital/se2-builder:v0.4.2
        command: ["builder"]

        env:
          - name: SE2_DOMAIN
            value: "domain.example.com"

          - name: SE2_TLS_PORT
            value: "8443"

          - name: SE2_LOG_LEVEL
            value: "info"

          - name:  SE2_CONTROL_PLANE
            value: "se2-controlplane-service:8081"

          - name: SE2_STORAGE_PATH
            value: s3://your-s3-storage-bucket
Configure CapabilitiesConfigure Webhooks