all repos — infra @ a14f6c932906e5b9007c071a4b07ed9edc32a023

infrastructure manifests and setup notes

apps/garage/garage.yaml (view raw)

 1
 2
 3
 4
 5
 6
 7
 8
 9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
 100
 101
 102
 103
 104
 105
 106
 107
 108
 109
 110
 111
 112
 113
 114
 115
 116
 117
 118
 119
 120
 121
 122
 123
 124
 125
 126
 127
 128
 129
 130
 131
 132
 133
 134
 135
 136
 137
 138
 139
 140
 141
 142
 143
 144
 145
apiVersion: v1
kind: ConfigMap
metadata:
  name: garage-config
data:
  garage.toml: |-
    metadata_dir = "/mnt/meta"
    data_dir = "/mnt/data"
    
    db_engine = "lmdb"
    
    block_size = 1048576
    
    replication_mode = "1"
    
    compression_level = 1
    
    rpc_bind_addr = "[::]:3901"
    
    bootstrap_peers = []
    
    [kubernetes_discovery]
    namespace = "default"
    service_name = "garage"
    skip_crd = false
    
    [s3_api]
    s3_region = "garage"
    api_bind_addr = "[::]:3900"
    root_domain = "garage.default.svc.koti.lan"
    
    [s3_web]
    bind_addr = "[::]:3902"
    root_domain = "garage.koti.lan"
    index = "index.html"
    
    [admin]
    api_bind_addr = "[::]:3903"
---
apiVersion: v1
kind: Service
metadata:
  name: garage
  labels:
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "3903"
    prometheus.io/path: "/metrics"
spec:
  type: ClusterIP
  ports:
    - port: 3900
      targetPort: 3900
      protocol: TCP
      name: s3-api
    - port: 80
      targetPort: 3902
      protocol: TCP
      name: s3-web
    - port: 3903
      targetPort: 3903
      protocol: TCP
      name: admin
  selector:
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: garage
  labels:
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: garage
      app.kubernetes.io/instance: garage
  replicas: 1
  serviceName: garage
  podManagementPolicy: OrderedReady
  template:
    metadata:
      labels:
        app.kubernetes.io/name: garage
        app.kubernetes.io/instance: garage
    spec:
      serviceAccountName: garage
      securityContext:
        fsGroup: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
      containers:
        - name: garage
          securityContext:
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          image: "dxflrs/amd64_garage:v1.0.0"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3900
              name: s3-api
            - containerPort: 3902
              name: web-api
            - containerPort: 3903
              name: admin
          volumeMounts:
            - name: meta
              mountPath: /mnt/meta
            - name: data
              mountPath: /mnt/data
            - name: config
              mountPath: /etc/garage.toml
              subPath: garage.toml
          env:
            - name: GARAGE_RPC_SECRET
              valueFrom:
                secretKeyRef:
                  name: garage-rpc-secret
                  key: rpcSecret
      volumes:
        - name: config
          configMap:
            name: garage-config
  volumeClaimTemplates:
  - metadata:
      name: meta
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: "100Mi"
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: "30Gi"