Merge branch 'docs_vstoianovici_gcp_kms' into 'master'

Outlined our code's incompatibility with Google KMS encryption See merge request gitlab-org/gitlab!68622

Merge branch 'docs_vstoianovici_gcp_kms' into 'master'
Outlined our code's incompatibility with Google KMS encryption See merge request gitlab-org/gitlab!68622
a0315e77 · Achilleas Pipinellis · fc143e65 · 612e097b · a0315e77
Commit a0315e77 authored Dec 09, 2021 by Achilleas Pipinellis
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 0 deletions

doc/administration/object_storage.md doc/administration/object_storage.md +5 -0

No files found.
--- a/doc/administration/object_storage.md
+++ b/doc/administration/object_storage.md
@@ -281,6 +281,9 @@ The service account must have permission to access the bucket. Learn more
 in Google's
 [Cloud Storage authentication documentation](https://cloud.google.com/storage/docs/authentication).

+NOTE:
+Bucket encryption with the [Cloud Key Management Service (KMS)](https://cloud.google.com/kms/docs) is not supported and will result in [ETag mismatch errors](#etag-mismatch).
+
 ##### Google example (consolidated form)

 For Omnibus installations, this is an example of the `connection` setting:
@@ -682,6 +685,8 @@ With the consolidated object configuration and instance profile, Workhorse has
 S3 credentials so that it can compute the `Content-MD5` header. This
 eliminates the need to compare ETag headers returned from the S3 server.

+Encrypting buckets with GCS' [Cloud Key Management Service (KMS)](https://cloud.google.com/kms/docs) is not supported and will result in ETag mismatch errors.
+
 ### Using Amazon instance profiles

 Instead of supplying AWS access and secret keys in object storage