Configuring Object Storage

A variety of Drycc Workflow components rely on an object storage system to do their work including storing application slugs, Container images and database logs.

2 minute read

Drycc Workflow ships with Storage by default, which provides in-cluster.

Configuring off-cluster Object Storage

Every component that relies on object storage uses two inputs for configuration:

Access credentials stored as a Kubernetes secret.
You must use object storage services that are compatible with S3 API.

The helm chart for Drycc Workflow can be easily configured to connect Workflow components to off-cluster object storage. Drycc Workflow currently supports Google Compute Storage, Amazon S3, Azure Blob Storage and OpenStack Swift Storage.

Step 1: Create storage buckets

Create storage buckets for each of the Workflow subsystems: builder and registry.

Depending on your chosen object storage you may need to provide globally unique bucket names. If you are using S3, use hyphens instead of periods in the bucket names. Using periods in the bucket name will cause an ssl certificate validation issue with S3.

If you provide credentials with sufficient access to the underlying storage, Workflow components will create the buckets if they do not exist.

Step 2: Generate storage credentials

If applicable, generate credentials that have create and write access to the storage buckets created in Step 1.

If you are using AWS S3 and your Kubernetes nodes are configured with appropriate IAM API keys via InstanceRoles, you do not need to create API credentials. Do, however, validate that the InstanceRole has appropriate permissions to the configured buckets!

Step 3: Configure Workflow Chart

Operators should configure object storage by editing the Helm values file before running helm install. To do so:

Fetch the Helm values by running helm inspect values oci://registry.drycc.cc/charts/workflow > values.yaml
Update the builder/storage and registry/storage parameter to reference the platform you are using.
Find the corresponding section for your storage type and provide appropriate values including region, bucket names, and access credentials.
Save your changes.

Note

Assume we are using MinIO’s play for storage, noting that it is only a test server and should not be used in production environments:

$ helm install drycc oci://registry.drycc.cc/charts/workflow \
	--namespace drycc \
	--set global.platformDomain=youdomain.com \
	--set builder.storageBucket=registry \
	--set builder.storageEndpoint=https://play.min.io \
	--set builder.storageAccesskey=Q3AM3UQ867SPQQA43P2F \
	--set builder.storageSecretkey=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG \
	--set builder.storagePathStyle=auto \
	--set registry.storageBucket=registry \
	--set registry.storageEndpoint=https://play.min.io \
	--set registry.storageAccesskey=Q3AM3UQ867SPQQA43P2F \
	--set registry.storageSecretkey=zuf+tfteSlswRu7BJ86wekitnifILbZam1KYY3TG \
	--set registry.storagePathStyle=auto

You are now ready to run helm install drycc oci://registry.drycc.cc/charts/workflow --namespace drycc -f values.yaml using your desired object storage.

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified 09.10.2025: fix(storage): expired configuration documentation (f95540e)