apiVersion: apps/v1
kind: StatefulSet
metadata:
  name: garage
spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: garage
  serviceName: garage
  replicas: 3
  template:
    metadata:
      labels:
        app.kubernetes.io/name: garage
    spec:
      serviceAccountName: garage
      priorityClassName: system-cluster-critical
      containers:
      - name: garage
        image: garage
        env:
          - name: GARAGE_ADMIN_TOKEN
            valueFrom:
              secretKeyRef:
                name: garage-secrets
                key: admin-token
          - name: GARAGE_RPC_SECRET
            valueFrom:
              secretKeyRef:
                name: garage-secrets
                key: rpc-secret
        ports:
        - containerPort: 3900
          name: s3-api
        - containerPort: 3902
          name: s3-web
        - containerPort: 3903
          name: metrics
        volumeMounts:
        - name: garage-data
          mountPath: /srv/garage
        - name: garage-config
          mountPath: /etc/garage.toml
          subPath: garage.toml
          readOnly: true
        resources:
          requests:
            cpu: 300m
            memory: 280Mi
          limits:
            cpu: 750m
            memory: 500Mi
        readinessProbe:
          httpGet:
            port: 3903
            path: /health
        livenessProbe:
          httpGet:
            port: 3903
            path: /health
        securityContext:
          capabilities:
            drop:
              - ALL
          readOnlyRootFilesystem: true
      nodeSelector:
        k8s.icb4dc0.de/storage-node: "true"
      affinity:
        nodeAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              preference:
                matchExpressions:
                  - key: kubernetes.io/arch
                    operator: In
                    values:
                      - arm64
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
          - weight: 100
            podAffinityTerm:
              labelSelector:
                matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                  - fider
              topologyKey: topology.kubernetes.io/zone
      securityContext:
        runAsUser: 1000
        runAsGroup: 1000
        fsGroup: 1000
        runAsNonRoot: true
      volumes:
        - name: garage-config
          configMap:
            name: garage-config
            items:
              - key: garage.toml
                path: garage.toml
  volumeClaimTemplates:
  - metadata:
      name: garage-data
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: hcloud-volumes-xfs
      resources:
        requests:
          storage: 20Gi