apps/garage/resources/workload.yaml

109 lines
2.8 KiB
YAML

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: garage
spec:
selector:
matchLabels:
app.kubernetes.io/name: garage
serviceName: garage
replicas: 3
template:
metadata:
labels:
app.kubernetes.io/name: garage
spec:
serviceAccountName: garage
priorityClassName: system-cluster-critical
containers:
- name: garage
image: garage
env:
- name: GARAGE_ADMIN_TOKEN
valueFrom:
secretKeyRef:
name: garage-secrets
key: admin-token
- name: GARAGE_RPC_SECRET
valueFrom:
secretKeyRef:
name: garage-secrets
key: rpc-secret
ports:
- containerPort: 3900
name: s3-api
- containerPort: 3902
name: s3-web
- containerPort: 3903
name: metrics
volumeMounts:
- name: garage-data
mountPath: /srv/garage
- name: garage-config
mountPath: /etc/garage.toml
subPath: garage.toml
readOnly: true
resources:
requests:
cpu: 300m
memory: 280Mi
limits:
cpu: 750m
memory: 500Mi
readinessProbe:
httpGet:
port: 3903
path: /health
livenessProbe:
httpGet:
port: 3903
path: /health
securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
nodeSelector:
k8s.icb4dc0.de/storage-node: "true"
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: kubernetes.io/arch
operator: In
values:
- arm64
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- fider
topologyKey: topology.kubernetes.io/zone
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
runAsNonRoot: true
volumes:
- name: garage-config
configMap:
name: garage-config
items:
- key: garage.toml
path: garage.toml
volumeClaimTemplates:
- metadata:
name: garage-data
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: hcloud-volumes-xfs
resources:
requests:
storage: 20Gi