Garage Admin Ui works very stable, web access and object security is also in place
This commit is contained in:
=
@@ -30,11 +30,19 @@ data:
|
|||||||
[s3_api]
|
[s3_api]
|
||||||
s3_region = "garage"
|
s3_region = "garage"
|
||||||
api_bind_addr = "[::]:3900"
|
api_bind_addr = "[::]:3900"
|
||||||
root_domain = ".garage.svc.cluster.local"
|
# Leaving this blank removes the hostname restriction on the API port.
|
||||||
|
# This allows internal pods to use 'garage.garage.svc.cluster.local' AND
|
||||||
|
# external apps to use '192.168.1.177:30900' or 's3.khongisa.co.za' without signature errors.
|
||||||
|
root_domain = ""
|
||||||
|
|
||||||
[admin]
|
[admin]
|
||||||
api_bind_addr = "[::]:3903"
|
api_bind_addr = "[::]:3903"
|
||||||
admin_token = "sWG5o2sa9xJx5Er3CgXqvOUSHXofFaz0pEj2G9roQ5hDREGQVVoAFSEv8iMLQ6qO"
|
admin_token = "sWG5o2sa9xJx5Er3CgXqvOUSHXofFaz0pEj2G9roQ5hDREGQVVoAFSEv8iMLQ6qO"
|
||||||
|
|
||||||
|
[s3_web]
|
||||||
|
bind_addr = "[::]:3902"
|
||||||
|
# This enforces that public web traffic matches 'test-bucket.s3.khongisa.co.za'
|
||||||
|
root_domain = ".cdn.khongisa.co.za"
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: PersistentVolumeClaim
|
kind: PersistentVolumeClaim
|
||||||
@@ -81,6 +89,8 @@ spec:
|
|||||||
name: s3-api
|
name: s3-api
|
||||||
- containerPort: 3903
|
- containerPort: 3903
|
||||||
name: admin-api
|
name: admin-api
|
||||||
|
- containerPort: 3902
|
||||||
|
name: s3-web
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /etc/garage.toml
|
mountPath: /etc/garage.toml
|
||||||
@@ -120,7 +130,7 @@ spec:
|
|||||||
value: "http://garage:3903"
|
value: "http://garage:3903"
|
||||||
- name: S3_ENDPOINT_URL
|
- name: S3_ENDPOINT_URL
|
||||||
value: "http://garage:3900"
|
value: "http://garage:3900"
|
||||||
- name: API_ADMIN_KEY # The UI uses this for the token
|
- name: API_ADMIN_KEY
|
||||||
valueFrom:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: garage-secrets
|
name: garage-secrets
|
||||||
@@ -147,6 +157,8 @@ spec:
|
|||||||
port: 3900
|
port: 3900
|
||||||
- name: admin-api
|
- name: admin-api
|
||||||
port: 3903
|
port: 3903
|
||||||
|
- name: s3-web
|
||||||
|
port: 3902
|
||||||
---
|
---
|
||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Service
|
kind: Service
|
||||||
@@ -174,7 +186,11 @@ spec:
|
|||||||
- name: s3-api-external
|
- name: s3-api-external
|
||||||
port: 3900
|
port: 3900
|
||||||
targetPort: 3900
|
targetPort: 3900
|
||||||
nodePort: 30900
|
nodePort: 30900
|
||||||
|
- name: s3-web-external
|
||||||
|
port: 3902
|
||||||
|
targetPort: 3902
|
||||||
|
nodePort: 30902
|
||||||
---
|
---
|
||||||
apiVersion: traefik.io/v1alpha1
|
apiVersion: traefik.io/v1alpha1
|
||||||
kind: IngressRoute
|
kind: IngressRoute
|
||||||
@@ -184,7 +200,7 @@ metadata:
|
|||||||
spec:
|
spec:
|
||||||
entryPoints: ["websecure"]
|
entryPoints: ["websecure"]
|
||||||
routes:
|
routes:
|
||||||
- match: Host(`cdn.khongisa.co.za`)
|
- match: Host(`s3.khongisa.co.za`)
|
||||||
kind: Rule
|
kind: Rule
|
||||||
services:
|
services:
|
||||||
- name: garage-ui
|
- name: garage-ui
|
||||||
|
|||||||
Reference in New Issue
Block a user