Skip to content

gcs: add UniverseDomain config to support custom GCS universe domains #202

New issue
New issue
Open
#201
Open
gcs: add UniverseDomain config to support custom GCS universe domains#202
#201
@7sinStone

Description

@7sinStone
7sinStone
opened on Aug 1, 2025

Description
Right now, the GCS provider in thanos-io/objstore hard-codes Google’s public “storage.googleapis.com” endpoint for JSON API calls. In environments with a custom GCS-compatible API (e.g., on-prem gateways, regional test environments, or internal caches), there is no way to override this. Thanos fails to authenticate or list buckets because it still points at Google’s metadata server or public endpoint.

This PR proposes to introduce a new UniverseDomain field in the GCS Config struct. When set, we append option.WithUniverseDomain(<value>) to the storage.Client options, allowing users to direct all JSON API calls to their custom domain.

Motivation

  • Users running Thanos on private or on-prem GCS-compatible systems need to point Thanos at an internal domain (e.g., storage.my-company.internal) instead of Google Cloud.

  • Without this, the initial store sync fails with errors like:

    metadata: GCE metadata "instance/service-accounts/default/token?scopes=…" not defined

    or

    storage: bucket doesn’t exist

  • This change enables full compatibility with custom universe domains supported by the upstream Google Cloud Go SDK.

Changes

providers/gcs/gcs.go

--- a/providers/gcs/gcs.go
+++ b/providers/gcs/gcs.go
@@ -XX,6 +XX,12 @@ type Config struct {
   noAuth           bool               `yaml:"no_auth"`
   MaxRetries       int                `yaml:"max_retries"`
+    // UniverseDomain allows overriding the JSON API endpoint,
+    // e.g. "storage.my-company.internal"
+    UniverseDomain   string             `yaml:"universe_domain"`
}
 func newBucket(ctx context.Context, logger log.Logger, gc Config, opts []option.ClientOption) (*Bucket, error) {
     // …
+    // If a custom universe domain is provided, use it for all JSON API calls.
+    if gc.UniverseDomain != "" {
+        opts = append(opts, option.WithUniverseDomain(gc.UniverseDomain))
+    }
 
     if gc.UseGRPC {
         opts = append(opts,

Impact

  • Backward-compatible: If universe_domain is empty, behavior is unchanged (defaults to Google’s public endpoint).
  • New functionality: Users can now deploy Thanos with custom GCS-compatible backends without forking the codebase.

You can append a “References” section to your issue and link your PR directly. For example, add the following at the bottom of your issue body:

References

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions