forked from Deuxfleurs/garage
Patrick Jahns
fd03b184b3
Specify the user group for the garage (and init) process and ensure that the persistent storage is mounted with the correct file system group
183 lines
5.2 KiB
YAML
183 lines
5.2 KiB
YAML
# Default values for garage.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# Garage configuration. These values go to garage.toml
|
|
garage:
|
|
# Default to 3 replicas, see the replication_mode section at
|
|
# https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
|
|
replicationMode: "3"
|
|
rpcBindAddr: "[::]:3901"
|
|
# If not given, a random secret will be generated and stored in a Secret object
|
|
rpcSecret: ""
|
|
# This is not required if you use the integrated kubernetes discovery
|
|
bootstrapPeers: []
|
|
kubernetesSkipCrd: false
|
|
s3:
|
|
api:
|
|
region: "garage"
|
|
rootDomain: ".s3.garage.tld"
|
|
web:
|
|
rootDomain: ".web.garage.tld"
|
|
index: "index.html"
|
|
# Template for the garage configuration
|
|
# Values can be templated
|
|
# ref: https://garagehq.deuxfleurs.fr/documentation/reference-manual/configuration/
|
|
garage.toml: |-
|
|
metadata_dir = "/mnt/meta"
|
|
data_dir = "/mnt/data"
|
|
|
|
replication_mode = "{{ .Values.garage.replicationMode }}"
|
|
|
|
rpc_bind_addr = "{{ .Values.garage.rpcBindAddr }}"
|
|
# rpc_secret will be populated by the init container from a k8s secret object
|
|
rpc_secret = "__RPC_SECRET_REPLACE__"
|
|
|
|
bootstrap_peers = {{ .Values.garage.bootstrapPeers }}
|
|
|
|
[kubernetes_discovery]
|
|
namespace = "{{ .Release.Namespace }}"
|
|
service_name = "{{ include "garage.fullname" . }}"
|
|
skip_crd = {{ .Values.garage.kubernetesSkipCrd }}
|
|
|
|
[s3_api]
|
|
s3_region = "{{ .Values.garage.s3.api.region }}"
|
|
api_bind_addr = "[::]:3900"
|
|
root_domain = "{{ .Values.garage.s3.api.rootDomain }}"
|
|
|
|
[s3_web]
|
|
bind_addr = "[::]:3902"
|
|
root_domain = "{{ .Values.garage.s3.web.rootDomain }}"
|
|
index = "{{ .Values.garage.s3.web.index }}"
|
|
|
|
# Data persistence
|
|
persistence:
|
|
enabled: true
|
|
meta:
|
|
# storageClass: "fast-storage-class"
|
|
size: 100Mi
|
|
# used only for daemon sets
|
|
hostPath: /var/lib/garage/meta
|
|
data:
|
|
# storageClass: "slow-storage-class"
|
|
size: 100Mi
|
|
# used only for daemon sets
|
|
hostPath: /var/lib/garage/data
|
|
|
|
# Deployment configuration
|
|
deployment:
|
|
# Switchable to DaemonSet
|
|
kind: StatefulSet
|
|
# Number of StatefulSet replicas/garage nodes to start
|
|
replicaCount: 3
|
|
|
|
image:
|
|
repository: dxflrs/amd64_garage
|
|
# please prefer using the chart version and not this tag
|
|
tag: ""
|
|
pullPolicy: IfNotPresent
|
|
|
|
imagePullSecrets: []
|
|
nameOverride: ""
|
|
fullnameOverride: ""
|
|
|
|
serviceAccount:
|
|
# Specifies whether a service account should be created
|
|
create: true
|
|
# Annotations to add to the service account
|
|
annotations: {}
|
|
# The name of the service account to use.
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
name: ""
|
|
|
|
podAnnotations: {}
|
|
|
|
podSecurityContext:
|
|
runAsUser: 1000
|
|
runAsGroup: 1000
|
|
fsGroup: 1000
|
|
runAsNonRoot: true
|
|
|
|
securityContext:
|
|
# The default security context is heavily restricted
|
|
# feel free to tune it to your requirements
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
readOnlyRootFilesystem: true
|
|
|
|
service:
|
|
# You can rely on any service to expose your cluster
|
|
# - ClusterIP (+ Ingress)
|
|
# - NodePort (+ Ingress)
|
|
# - LoadBalancer
|
|
type: ClusterIP
|
|
s3:
|
|
api:
|
|
port: 3900
|
|
web:
|
|
port: 3902
|
|
# NOTE: the admin API is excluded for now as it is not consistent across nodes
|
|
ingress:
|
|
s3:
|
|
api:
|
|
enabled: false
|
|
# Rely either on the className or the annotation below but not both
|
|
# replace "nginx" by an Ingress controller
|
|
# you can find examples here https://kubernetes.io/docs/concepts/services-networking/ingress-controllers
|
|
# className: "nginx"
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: "nginx"
|
|
# kubernetes.io/tls-acme: "true"
|
|
labels: {}
|
|
hosts:
|
|
- host: "s3.garage.tld" # garage S3 API endpoint
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
- host: "*.s3.garage.tld" # garage S3 API endpoint, DNS style bucket access
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls: []
|
|
# - secretName: my-garage-cluster-tls
|
|
# hosts:
|
|
# - kubernetes.docker.internal
|
|
web:
|
|
enabled: false
|
|
# Rely either on the className or the annotation below but not both
|
|
# replace "nginx" by an Ingress controller
|
|
# you can find examples here https://kubernetes.io/docs/concepts/services-networking/ingress-controllers
|
|
# className: "nginx"
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
labels: {}
|
|
hosts:
|
|
- host: "*.web.garage.tld" # wildcard website access with bucket name prefix
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
- host: "mywebpage.example.com" # specific bucket access with FQDN bucket
|
|
paths:
|
|
- path: /
|
|
pathType: Prefix
|
|
tls: []
|
|
# - secretName: my-garage-cluster-tls
|
|
# hosts:
|
|
# - kubernetes.docker.internal
|
|
|
|
resources: {}
|
|
# The following are indicative for a small-size deployement, for anything serious double them.
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 1024Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 512Mi
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
affinity: {}
|