diff --git a/kubernetes-templates/garage.yml b/kubernetes-templates/garage.yml new file mode 100644 index 0000000..6c4eddc --- /dev/null +++ b/kubernetes-templates/garage.yml @@ -0,0 +1,191 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: garage +--- +apiVersion: v1 +kind: Secret +metadata: + name: garage-secrets + namespace: garage +type: Opaque +data: + GARAGE_RPC_SECRET: "Yjk2YzRjZDE2ZDY4NDFjYTZhZTEwNDQxOGJiNTIxMDc4MTYyMzkyMzk4OGZiMWRmNWI0MmQzMmQzYmQwMGIwZQ==" + GARAGE_ADMIN_TOKEN: "c1dHNW8yc2E5eEp4NUVyM0NnWHF2T1VTSFhvZkZhejBwRWoyRzlyb1E1aERSRUdRVlZvQUZTRXY4aU1MUTZxTw==" +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: garage-config + namespace: garage +data: + garage.toml: | + metadata_dir = "/var/lib/garage/meta" + data_dir = "/var/lib/garage/data" + replication_factor = 1 + + rpc_bind_addr = "[::]:3901" + rpc_public_addr = "garage.garage.svc.cluster.local:3901" + + [s3_api] + s3_region = "garage" + api_bind_addr = "[::]:3900" + root_domain = ".garage.svc.cluster.local" + + [admin] + api_bind_addr = "[::]:3903" + admin_token = "sWG5o2sa9xJx5Er3CgXqvOUSHXofFaz0pEj2G9roQ5hDREGQVVoAFSEv8iMLQ6qO" +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: garage-data-pvc + namespace: garage +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: nfs-storage + resources: + requests: + storage: 10Gi +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: garage + namespace: garage +spec: + serviceName: "garage" + replicas: 1 + selector: + matchLabels: + app: garage + template: + metadata: + labels: + app: garage + spec: + securityContext: + fsGroup: 999 + containers: + - name: garage + image: dxflrs/garage:v2.3.0 + args: ["/garage", "server"] + env: + - name: GARAGE_RPC_SECRET + valueFrom: + secretKeyRef: + name: garage-secrets + key: GARAGE_RPC_SECRET + ports: + - containerPort: 3900 + name: s3-api + - containerPort: 3903 + name: admin-api + volumeMounts: + - name: config + mountPath: /etc/garage.toml + subPath: garage.toml + - name: data + mountPath: /var/lib/garage + volumes: + - name: config + configMap: + name: garage-config + - name: data + persistentVolumeClaim: + claimName: garage-data-pvc +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: garage-ui + namespace: garage +spec: + replicas: 1 + selector: + matchLabels: + app: garage-ui + template: + metadata: + labels: + app: garage-ui + spec: + containers: + - name: garage-ui + image: khairul169/garage-webui:latest + ports: + - containerPort: 3909 + env: + - name: API_BASE_URL + value: "http://garage:3903" + - name: S3_ENDPOINT_URL + value: "http://garage:3900" + - name: API_ADMIN_KEY # The UI uses this for the token + valueFrom: + secretKeyRef: + name: garage-secrets + key: GARAGE_ADMIN_TOKEN + volumeMounts: + - name: config + mountPath: /etc/garage.toml + subPath: garage.toml + volumes: + - name: config + configMap: + name: garage-config +--- +apiVersion: v1 +kind: Service +metadata: + name: garage + namespace: garage +spec: + selector: + app: garage + ports: + - name: s3-api + port: 3900 + - name: admin-api + port: 3903 +--- +apiVersion: v1 +kind: Service +metadata: + name: garage-ui + namespace: garage +spec: + selector: + app: garage-ui + ports: + - name: http + port: 80 + targetPort: 3909 +--- +apiVersion: v1 +kind: Service +metadata: + name: garage-external-nodeport + namespace: garage +spec: + type: NodePort + selector: + app: garage + ports: + - name: s3-api-external + port: 3900 + targetPort: 3900 + nodePort: 30900 +--- +apiVersion: traefik.io/v1alpha1 +kind: IngressRoute +metadata: + name: garage-ui-external + namespace: garage +spec: + entryPoints: ["websecure"] + routes: + - match: Host(`cdn.khongisa.co.za`) + kind: Rule + services: + - name: garage-ui + port: 80 \ No newline at end of file