Open in app

Sign in

Write

Sign in

Setup S3Proxy in Kubernetes to Read/Write to Azure Blob Storage

Kiran Indukuri
3 min readFeb 3, 2024

--

S3API has been very popular in the Cloud Object Storage world. Let us say you developed a software that does data-processing on S3 objects. But, you got a new customer that is interested in using your software for Azure Blob Storage (ABS) .

Now you have to scramble and start developing a new connector to read from ABS. Instead, you could use the open source S3Proxy . S3Proxy can be a great option for this use case, as it would help interact with Azure Blob Storage using S3 APIs.

S3Proxy

In the following article, we can discuss how to setup S3Proxy on Kubernetes. Also we can verify that using S3 Proxy you could read/write to Azure Blob Storage (ABS).

You could use the following file as a starting point, and update the following values in it.

JCLOUDS_IDENTITY --> Azure Storage Account name
JCLOUDS_CREDENTIAL --> Azure Storage Key
JCLOUDS_ENDPOINT --> https://<<storageaccountname>>.blob.core.windows.net

In the following example, nfljan2024 is the Azure Storage account name

Azure Storage Key can be found via Azure CLI using the following command. If you do not have Azure CLI installed, you can get it from here.

az storage account keys list -n <<storageaccountname>> --query ‘[0].value’ -o tsv

s3proxy.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: s3proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: s3proxy
  template:
    metadata:
      labels:
        app: s3proxy
    spec:
      containers:
      - name: s3proxy
        image: andrewgaul/s3proxy
        ports:
        - containerPort: 8080
        env:
        - name: S3PROXY_AUTHORIZATION
          value: "none"
        - name: JCLOUDS_IDENTITY
          value: "nfljan2024"
        - name: JCLOUDS_CREDENTIAL
          value: "RXXXXXXXXXXj1I=="
        - name: JCLOUDS_ENDPOINT
          value: "https://nfljan2024.blob.core.windows.net"
        - name: JCLOUDS_PROVIDER
          value: "azureblob"
        - name: JCLOUDS_AZUREBLOB_AUTH
          value: "azureKey"
        - name: S3PROXY_ENDPOINT
          value: "http://0.0.0.0:8080"
---
apiVersion: v1
kind: Service
metadata:
  name: s3proxy-service
spec:
  type: ClusterIP  
  ports:
  - port: 8080
    targetPort: 8080
  selector:
    app: s3proxy

Apply the code with the following commands, which would create a deployment and a s3proxy-service exposing it.

kubectl create namespace s3proxy
kubectl apply -f s3proxy.yaml -n s3proxy

To test this locally from your laptop, you could port-forward the service locally with :

kubectl port-forward service/s3proxy-service 8080:8080 -n s3proxy

Let us Verify

We will now verify that you can read/write to Azure Storage using AWS CLI.

List Storage Containers

The following command lists the Azure containers within the Storage Account

aws --endpoint-url="http://localhost:8080" s3 ls  --recursive

Output : (similar to the following)
1969–12–31 18:00:00 test

Copy local file to Azure Storage using S3 CLI

Create a local with

echo “This is some text content.” > temp.txt

Update test to a storage container in your Storage Account in the following command:

aws --endpoint-url="http://localhost:8080" s3 cp temp.txt s3://test

Output: (similar to the following)

upload: ./temp.txt to s3://test/temp.txt

List files in a Storage container

The following command lists the files in Azure container test within the Storage Account ( Update test to a storage container in your Storage Account). See that the copied file temp.txt is now listed in the Azure Storage contents.

aws --endpoint-url="http://localhost:8080" s3 ls s3://test --recursive

Output: (Similar to the following)
2024–02–01 16:29:00 74989116 fins.csv
2024–02–01 18:08:54 6 temp.txt

Note: If you are using this production, use Kubernetes Secrets to store the sensitive values, and refer to them in the deployment file. The above yaml code is meant to be a proof-of-concept and so uses these values directly as environment variables.

Debugging

In case the above Kubernetes setup does not work for any reason, you could test it locally with Docker container

Running S3Proxy as a Local Docker container

The same environment variable values used in the k8s yaml above could be used for env values in the docker command below:

docker run -d — restart=always — name s3proxy \
 -p 8080:8080 \
 -e S3PROXY_AUTHORIZATION=none \
 -e JCLOUDS_IDENTITY=nfljan2024 \
 -e JCLOUDS_CREDENTIAL=RxxxxxxxA== \
 -e JCLOUDS_ENDPOINT=https://nfljan2024.blob.core.windows.net \
 -e JCLOUDS_PROVIDER=azureblob \
 -e JCLOUDS_AZUREBLOB_AUTH=azureKey \
 -e S3PROXY_ENDPOINT=http://0.0.0.0:8080 \
 andrewgaul/s3proxy

Once the docker container is running, you could verify using the steps in the Verification section listed above.

--

--

Kiran Indukuri
Kiran Indukuri

Written by Kiran Indukuri

0 Followers
3 Following

Kiran Indukuri is a Principal Software Engineer at Privacy Dynamics Inc. He has about 20 years experience in Software Development. He lives in Austin, Texas.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams