icy does git — infra (master): apps/garage/garage.yaml

apps/garage/garage.yaml (view raw)
apiVersion: v1
kind: ConfigMap
metadata:
  name: garage-config
data:
  garage.toml: |-
    metadata_dir = "/mnt/meta"
    data_dir = "/mnt/data"
    
    db_engine = "lmdb"
    
    block_size = 1048576
    
    replication_mode = "1"
    
    compression_level = 1
    
    rpc_bind_addr = "[::]:3901"
    
    bootstrap_peers = []
    
    [kubernetes_discovery]
    namespace = "default"
    service_name = "garage"
    skip_crd = false
    
    [s3_api]
    s3_region = "garage"
    api_bind_addr = "[::]:3900"
    root_domain = "garage.default.svc.koti.lan"
    
    [s3_web]
    bind_addr = "[::]:3902"
    root_domain = "garage.koti.lan"
    index = "index.html"
    
    [admin]
    api_bind_addr = "[::]:3903"
---
apiVersion: v1
kind: Service
metadata:
  name: garage
  labels:
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
  annotations:
    prometheus.io/scrape: "true"
    prometheus.io/port: "3903"
    prometheus.io/path: "/metrics"
spec:
  type: ClusterIP
  ports:
    - port: 3900
      targetPort: 3900
      protocol: TCP
      name: s3-api
    - port: 80
      targetPort: 3902
      protocol: TCP
      name: s3-web
    - port: 3903
      targetPort: 3903
      protocol: TCP
      name: admin
  selector:
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: garage
  labels:
    app.kubernetes.io/name: garage
    app.kubernetes.io/instance: garage
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: garage
      app.kubernetes.io/instance: garage
  replicas: 1
  serviceName: garage
  podManagementPolicy: OrderedReady
  template:
    metadata:
      labels:
        app.kubernetes.io/name: garage
        app.kubernetes.io/instance: garage
    spec:
      serviceAccountName: garage
      securityContext:
        fsGroup: 1000
        runAsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000
      containers:
        - name: garage
          securityContext:
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: false
          image: "dxflrs/amd64_garage:v1.0.1"
          imagePullPolicy: IfNotPresent
          ports:
            - containerPort: 3900
              name: s3-api
            - containerPort: 3902
              name: web-api
            - containerPort: 3903
              name: admin
          volumeMounts:
            - name: meta
              mountPath: /mnt/meta
            - name: data
              mountPath: /mnt/data
            - name: config
              mountPath: /etc/garage.toml
              subPath: garage.toml
          env:
            - name: GARAGE_RPC_SECRET
              valueFrom:
                secretKeyRef:
                  name: garage-rpc-secret
                  key: rpcSecret
      volumes:
        - name: config
          configMap:
            name: garage-config
  volumeClaimTemplates:
  - metadata:
      name: meta
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: "100Mi"
  - metadata:
      name: data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      resources:
        requests:
          storage: "30Gi"
all repos — infra @ master

infrastructure manifests and setup notes
