Garage Admin Ui works very stable, web access and object security is also in place

2026-05-18 21:22:58 +00:00
parent 396e9e9e7e
commit 546e2f621c
1 changed files with 20 additions and 4 deletions
@@ -30,11 +30,19 @@ data:
    [s3_api]
    s3_region = "garage"
    api_bind_addr = "[::]:3900"
-    root_domain = ".garage.svc.cluster.local"
+    # Leaving this blank removes the hostname restriction on the API port.
+    # This allows internal pods to use 'garage.garage.svc.cluster.local' AND 
+    # external apps to use '192.168.1.177:30900' or 's3.khongisa.co.za' without signature errors.
+    root_domain = "" 

    [admin]
    api_bind_addr = "[::]:3903"
    admin_token = "sWG5o2sa9xJx5Er3CgXqvOUSHXofFaz0pEj2G9roQ5hDREGQVVoAFSEv8iMLQ6qO"
+
+    [s3_web]
+    bind_addr = "[::]:3902"
+    # This enforces that public web traffic matches 'test-bucket.s3.khongisa.co.za'
+    root_domain = ".cdn.khongisa.co.za"
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
@@ -81,6 +89,8 @@ spec:
              name: s3-api
            - containerPort: 3903
              name: admin-api
+            - containerPort: 3902
+              name: s3-web
          volumeMounts:
            - name: config
              mountPath: /etc/garage.toml
@@ -120,7 +130,7 @@ spec:
              value: "http://garage:3903"
            - name: S3_ENDPOINT_URL
              value: "http://garage:3900"
-            - name: API_ADMIN_KEY # The UI uses this for the token
+            - name: API_ADMIN_KEY
              valueFrom:
                secretKeyRef:
                  name: garage-secrets
@@ -147,6 +157,8 @@ spec:
      port: 3900
    - name: admin-api
      port: 3903
+    - name: s3-web
+      port: 3902
 ---
 apiVersion: v1
 kind: Service
@@ -175,6 +187,10 @@ spec:
      port: 3900
      targetPort: 3900
      nodePort: 30900    
+    - name: s3-web-external
+      port: 3902
+      targetPort: 3902
+      nodePort: 30902
 ---
 apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
@@ -184,7 +200,7 @@ metadata:
 spec:
  entryPoints: ["websecure"]
  routes:
-    - match: Host(`cdn.khongisa.co.za`)
+    - match: Host(`s3.khongisa.co.za`)
      kind: Rule
      services:
        - name: garage-ui