apiVersion: apps/v1 kind: StatefulSet metadata: name: garage spec: selector: matchLabels: app.kubernetes.io/name: garage serviceName: garage replicas: 3 template: metadata: labels: app.kubernetes.io/name: garage spec: serviceAccountName: garage priorityClassName: system-cluster-critical containers: - name: garage image: garage env: - name: GARAGE_ADMIN_TOKEN valueFrom: secretKeyRef: name: garage-secrets key: admin-token - name: GARAGE_RPC_SECRET valueFrom: secretKeyRef: name: garage-secrets key: rpc-secret ports: - containerPort: 3900 name: s3-api - containerPort: 3902 name: s3-web - containerPort: 3903 name: metrics volumeMounts: - name: garage-data mountPath: /srv/garage - name: garage-config mountPath: /etc/garage.toml subPath: garage.toml readOnly: true resources: requests: cpu: 300m memory: 280Mi limits: cpu: 300m memory: 500Mi securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true nodeSelector: k8s.icb4dc0.de/storage-node: "true" affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 preference: matchExpressions: - key: kubernetes.io/arch operator: In values: - arm64 podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app.kubernetes.io/name operator: In values: - fider topologyKey: topology.kubernetes.io/zone securityContext: runAsUser: 1000 runAsGroup: 1000 fsGroup: 1000 runAsNonRoot: true volumes: - name: garage-config configMap: name: garage-config items: - key: garage.toml path: garage.toml volumeClaimTemplates: - metadata: name: garage-data spec: accessModes: [ "ReadWriteOnce" ] storageClassName: hcloud-volumes-xfs resources: requests: storage: 20Gi