apiVersion: v1 kind: Namespace metadata: name: garage --- apiVersion: v1 kind: Secret metadata: name: garage-secrets namespace: garage type: Opaque data: GARAGE_RPC_SECRET: "Yjk2YzRjZDE2ZDY4NDFjYTZhZTEwNDQxOGJiNTIxMDc4MTYyMzkyMzk4OGZiMWRmNWI0MmQzMmQzYmQwMGIwZQ==" GARAGE_ADMIN_TOKEN: "c1dHNW8yc2E5eEp4NUVyM0NnWHF2T1VTSFhvZkZhejBwRWoyRzlyb1E1aERSRUdRVlZvQUZTRXY4aU1MUTZxTw==" --- apiVersion: v1 kind: ConfigMap metadata: name: garage-config namespace: garage data: garage.toml: | metadata_dir = "/var/lib/garage/meta" data_dir = "/var/lib/garage/data" replication_factor = 1 rpc_bind_addr = "[::]:3901" rpc_public_addr = "garage.garage.svc.cluster.local:3901" [s3_api] s3_region = "garage" api_bind_addr = "[::]:3900" # Leaving this blank removes the hostname restriction on the API port. # This allows internal pods to use 'garage.garage.svc.cluster.local' AND # external apps to use '192.168.1.177:30900' or 's3.khongisa.co.za' without signature errors. root_domain = "" [admin] api_bind_addr = "[::]:3903" admin_token = "sWG5o2sa9xJx5Er3CgXqvOUSHXofFaz0pEj2G9roQ5hDREGQVVoAFSEv8iMLQ6qO" [s3_web] bind_addr = "[::]:3902" # This enforces that public web traffic matches 'test-bucket.s3.khongisa.co.za' root_domain = ".cdn.khongisa.co.za" --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: garage-data-pvc namespace: garage spec: accessModes: ["ReadWriteOnce"] storageClassName: nfs-storage resources: requests: storage: 10Gi --- apiVersion: apps/v1 kind: StatefulSet metadata: name: garage namespace: garage spec: serviceName: "garage" replicas: 1 selector: matchLabels: app: garage template: metadata: labels: app: garage spec: securityContext: fsGroup: 999 containers: - name: garage image: dxflrs/garage:v2.3.0 args: ["/garage", "server"] env: - name: GARAGE_RPC_SECRET valueFrom: secretKeyRef: name: garage-secrets key: GARAGE_RPC_SECRET ports: - containerPort: 3900 name: s3-api - containerPort: 3903 name: admin-api - containerPort: 3902 name: s3-web volumeMounts: - name: config mountPath: /etc/garage.toml subPath: garage.toml - name: data mountPath: /var/lib/garage volumes: - name: config configMap: name: garage-config - name: data persistentVolumeClaim: claimName: garage-data-pvc --- apiVersion: apps/v1 kind: Deployment metadata: name: garage-ui namespace: garage spec: replicas: 1 selector: matchLabels: app: garage-ui template: metadata: labels: app: garage-ui spec: containers: - name: garage-ui image: khairul169/garage-webui:latest ports: - containerPort: 3909 env: - name: API_BASE_URL value: "http://garage:3903" - name: S3_ENDPOINT_URL value: "http://garage:3900" - name: API_ADMIN_KEY valueFrom: secretKeyRef: name: garage-secrets key: GARAGE_ADMIN_TOKEN volumeMounts: - name: config mountPath: /etc/garage.toml subPath: garage.toml volumes: - name: config configMap: name: garage-config --- apiVersion: v1 kind: Service metadata: name: garage namespace: garage spec: selector: app: garage ports: - name: s3-api port: 3900 - name: admin-api port: 3903 - name: s3-web port: 3902 --- apiVersion: v1 kind: Service metadata: name: garage-ui namespace: garage spec: selector: app: garage-ui ports: - name: http port: 80 targetPort: 3909 --- apiVersion: v1 kind: Service metadata: name: garage-external-nodeport namespace: garage spec: type: NodePort selector: app: garage ports: - name: s3-api-external port: 3900 targetPort: 3900 nodePort: 30900 - name: s3-web-external port: 3902 targetPort: 3902 nodePort: 30902 --- apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: name: garage-ui-external namespace: garage spec: entryPoints: ["websecure"] routes: - match: Host(`s3.khongisa.co.za`) kind: Rule services: - name: garage-ui port: 80