feat(finance-service): wire MinIO env so GetExportDownloadURL presigns against the public endpoint#84
Merged
Conversation
…s against the public endpoint finance-service runs the GetExportDownloadURL gRPC method which presigns the download URL handed back to the BFF. Without explicit MinIO env vars the pod falls back to the localhost defaults from config.go and produces presigned URLs against http://localhost:9000 — browsers then either can't reach the host at all or hit a different MinIO and get NoSuchKey. (finance-worker already had these envs since the prior commit; this completes the picture.) Base adds MINIO_ENDPOINT/USE_SSL/INSECURE_SKIP_VERIFY/PUBLIC_URL/BUCKET plus MINIO_ACCESS_KEY/SECRET_KEY from the existing minio-secret. Overlay patches override MINIO_BUCKET and MINIO_PUBLIC_URL per environment so presigned URLs hit staging-goapps.mutugading.com:30091 (or goapps.mutugading.com:30091 in production).
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates the finance-service Kubernetes manifests to explicitly configure MinIO connection/public URL settings so GetExportDownloadURL generates presigned URLs against the externally reachable MinIO endpoint (instead of defaulting to localhost).
Changes:
- Add MinIO-related environment variables to
finance-servicebase deployment (endpoint, SSL settings, public URL, bucket, and credentials fromminio-secret). - Add per-environment kustomize patches in staging/production to override
MINIO_BUCKETandMINIO_PUBLIC_URL. - Wire the new patches into staging and production
kustomization.yaml.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| services/finance-service/base/deployment.yaml | Adds MinIO env vars (endpoint/SSL/public URL/bucket/credentials) for presigning download URLs correctly. |
| services/finance-service/overlays/staging/patches/env-storage.yaml | Staging overrides for MINIO_BUCKET and MINIO_PUBLIC_URL. |
| services/finance-service/overlays/staging/kustomization.yaml | Includes the new staging storage env patch. |
| services/finance-service/overlays/production/patches/env-storage.yaml | Production overrides for MINIO_BUCKET and MINIO_PUBLIC_URL. |
| services/finance-service/overlays/production/kustomization.yaml | Includes the new production storage env patch. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
This pull request adds MinIO storage configuration to the
finance-servicedeployment, enabling the service to generate presigned download URLs for export artifacts. The configuration is designed to be environment-specific, with overrides for staging and production environments handled via kustomize patches.finance-service runs the GetExportDownloadURL gRPC method which presigns the download URL handed back to the BFF. Without explicit MinIO env vars the pod falls back to the localhost defaults from config.go and produces presigned URLs against http://localhost:9000 — browsers then either can't reach the host at all or hit a different MinIO and get NoSuchKey. (finance-worker already had these envs since the prior commit; this completes the picture.)
Base adds MINIO_ENDPOINT/USE_SSL/INSECURE_SKIP_VERIFY/PUBLIC_URL/BUCKET plus MINIO_ACCESS_KEY/SECRET_KEY from the existing minio-secret. Overlay patches override MINIO_BUCKET and MINIO_PUBLIC_URL per environment so presigned URLs hit staging-goapps.mutugading.com:30091 (or goapps.mutugading.com:30091 in production).
Type of Change
Changes Made
MinIO storage integration:
MINIO_ENDPOINT,MINIO_BUCKET,MINIO_USE_SSL,MINIO_INSECURE_SKIP_VERIFY,MINIO_PUBLIC_URL,MINIO_ACCESS_KEY,MINIO_SECRET_KEY) to the base deployment inbase/deployment.yamlto support artifact storage and secure access.Environment-specific configuration:
env-storage.yaml) in both staging and production overlays to override theMINIO_BUCKETandMINIO_PUBLIC_URLvariables per environment. [1] [2]kustomization.yamlfiles for both staging and production to include the newenv-storage.yamlpatch. [1] [2]Pre-merge Checklist