MngomaLab/automation
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
main
automation/kubernetes-templates/garage.yml
T

207 lines
4.6 KiB
YAML
Raw Permalink Blame History

apiVersion: v1
kind: Namespace
metadata:
name: garage
---
apiVersion: v1
kind: Secret
metadata:
name: garage-secrets
namespace: garage
type: Opaque
data:
GARAGE_RPC_SECRET: "Yjk2YzRjZDE2ZDY4NDFjYTZhZTEwNDQxOGJiNTIxMDc4MTYyMzkyMzk4OGZiMWRmNWI0MmQzMmQzYmQwMGIwZQ=="
GARAGE_ADMIN_TOKEN: "c1dHNW8yc2E5eEp4NUVyM0NnWHF2T1VTSFhvZkZhejBwRWoyRzlyb1E1aERSRUdRVlZvQUZTRXY4aU1MUTZxTw=="
---
apiVersion: v1
kind: ConfigMap
metadata:
name: garage-config
namespace: garage
data:
garage.toml: |
metadata_dir = "/var/lib/garage/meta"
data_dir = "/var/lib/garage/data"
replication_factor = 1
rpc_bind_addr = "[::]:3901"
rpc_public_addr = "garage.garage.svc.cluster.local:3901"
[s3_api]
s3_region = "garage"
api_bind_addr = "[::]:3900"
# Leaving this blank removes the hostname restriction on the API port.
# This allows internal pods to use 'garage.garage.svc.cluster.local' AND
# external apps to use '192.168.1.177:30900' or 's3.khongisa.co.za' without signature errors.
root_domain = ""
[admin]
api_bind_addr = "[::]:3903"
admin_token = "sWG5o2sa9xJx5Er3CgXqvOUSHXofFaz0pEj2G9roQ5hDREGQVVoAFSEv8iMLQ6qO"
[s3_web]
bind_addr = "[::]:3902"
# This enforces that public web traffic matches 'test-bucket.s3.khongisa.co.za'
root_domain = ".cdn.khongisa.co.za"
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: garage-data-pvc
namespace: garage
spec:
accessModes: ["ReadWriteOnce"]
storageClassName: nfs-storage
resources:
requests:
storage: 10Gi
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: garage
namespace: garage
spec:
serviceName: "garage"
replicas: 1
selector:
matchLabels:
app: garage
template:
metadata:
labels:
app: garage
spec:
securityContext:
fsGroup: 999
containers:
- name: garage
image: dxflrs/garage:v2.3.0
args: ["/garage", "server"]
env:
- name: GARAGE_RPC_SECRET
valueFrom:
secretKeyRef:
name: garage-secrets
key: GARAGE_RPC_SECRET
ports:
- containerPort: 3900
name: s3-api
- containerPort: 3903
name: admin-api
- containerPort: 3902
name: s3-web
volumeMounts:
- name: config
mountPath: /etc/garage.toml
subPath: garage.toml
- name: data
mountPath: /var/lib/garage
volumes:
- name: config
configMap:
name: garage-config
- name: data
persistentVolumeClaim:
claimName: garage-data-pvc
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: garage-ui
namespace: garage
spec:
replicas: 1
selector:
matchLabels:
app: garage-ui
template:
metadata:
labels:
app: garage-ui
spec:
containers:
- name: garage-ui
image: khairul169/garage-webui:latest
ports:
- containerPort: 3909
env:
- name: API_BASE_URL
value: "http://garage:3903"
- name: S3_ENDPOINT_URL
value: "http://garage:3900"
- name: API_ADMIN_KEY
valueFrom:
secretKeyRef:
name: garage-secrets
key: GARAGE_ADMIN_TOKEN
volumeMounts:
- name: config
mountPath: /etc/garage.toml
subPath: garage.toml
volumes:
- name: config
configMap:
name: garage-config
---
apiVersion: v1
kind: Service
metadata:
name: garage
namespace: garage
spec:
selector:
app: garage
ports:
- name: s3-api
port: 3900
- name: admin-api
port: 3903
- name: s3-web
port: 3902
---
apiVersion: v1
kind: Service
metadata:
name: garage-ui
namespace: garage
spec:
selector:
app: garage-ui
ports:
- name: http
port: 80
targetPort: 3909
---
apiVersion: v1
kind: Service
metadata:
name: garage-external-nodeport
namespace: garage
spec:
type: NodePort
selector:
app: garage
ports:
- name: s3-api-external
port: 3900
targetPort: 3900
nodePort: 30900
- name: s3-web-external
port: 3902
targetPort: 3902
nodePort: 30902
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: garage-ui-external
namespace: garage
spec:
entryPoints: ["websecure"]
routes:
- match: Host(`s3.khongisa.co.za`)
kind: Rule
services:
- name: garage-ui
port: 80
Reference in New Issue View Git Blame Copy Permalink