apiVersion: v1 kind: ConfigMap metadata: name: garage labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage data: garage-1.toml: | replication_factor = 3 metadata_dir = "/var/lib/garage/meta" data_dir = "/var/lib/garage/data" metadata_snapshots_dir = "/var/lib/garage/snapshots" db_engine = "lmdb" metadata_auto_snapshot_interval = "6h" compression_level = 3 rpc_bind_addr = "[::]:3901" rpc_public_addr = "garage-1:3901" allow_world_readable_secrets = false [s3_api] s3_region = "us-east-1" api_bind_addr = "[::]:3900" root_domain = ".garage-s3.alexlebens.net" [s3_web] bind_addr = "[::]:3902" root_domain = ".garage-s3.alexlebens.net" [admin] api_bind_addr = "[::]:3903" metrics_require_token = true garage-2.toml: | replication_factor = 3 metadata_dir = "/var/lib/garage/meta" data_dir = "/var/lib/garage/data" metadata_snapshots_dir = "/var/lib/garage/snapshots" db_engine = "lmdb" metadata_auto_snapshot_interval = "6h" compression_level = 3 rpc_bind_addr = "[::]:3901" rpc_public_addr = "garage-2:3901" allow_world_readable_secrets = false [s3_api] s3_region = "us-east-1" api_bind_addr = "[::]:3900" root_domain = ".garage-s3.alexlebens.net" [s3_web] bind_addr = "[::]:3902" root_domain = ".garage-s3.alexlebens.net" [admin] api_bind_addr = "[::]:3903" metrics_require_token = true garage-3.toml: | replication_factor = 3 metadata_dir = "/var/lib/garage/meta" data_dir = "/var/lib/garage/data" metadata_snapshots_dir = "/var/lib/garage/snapshots" db_engine = "lmdb" metadata_auto_snapshot_interval = "6h" compression_level = 3 rpc_bind_addr = "[::]:3901" rpc_public_addr = "garage-3:3901" allow_world_readable_secrets = false [s3_api] s3_region = "us-east-1" api_bind_addr = "[::]:3900" root_domain = ".garage-s3.alexlebens.net" [s3_web] bind_addr = "[::]:3902" root_domain = ".garage-s3.alexlebens.net" [admin] api_bind_addr = "[::]:3903" metrics_require_token = true --- apiVersion: apps/v1 kind: Deployment metadata: name: garage-server-1 labels: app.kubernetes.io/controller: server-1 app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: server-1 app.kubernetes.io/name: garage app.kubernetes.io/instance: garage template: metadata: annotations: checksum/configMaps: a4f613efa4f7fb06d8534c15125737341ddd9bb29862c9d650df9887dfed102e labels: app.kubernetes.io/controller: server-1 app.kubernetes.io/instance: garage app.kubernetes.io/name: garage garage-type: server spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: garage-type operator: In values: - server topologyKey: kubernetes.io/hostname containers: - command: - sleep - infinity image: ubuntu:resolute-20260108 imagePullPolicy: IfNotPresent name: debug resources: requests: cpu: 10m memory: 32Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None name: config readOnly: true subPath: garage-1.toml - mountPath: /var/lib/garage/data name: data-1 - mountPath: /var/lib/garage/meta name: db-1 - envFrom: - secretRef: name: garage-token-secret image: dxflrs/garage:v2.2.0 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None name: config readOnly: true subPath: garage-1.toml - mountPath: /var/lib/garage/data name: data-1 - mountPath: /var/lib/garage/meta name: db-1 - mountPath: /var/lib/garage/snapshots name: snapshots volumes: - configMap: name: garage name: config - name: data-1 persistentVolumeClaim: claimName: garage-data - name: db-1 persistentVolumeClaim: claimName: garage-db-1 - name: snapshots persistentVolumeClaim: claimName: garage-snapshots --- apiVersion: apps/v1 kind: Deployment metadata: name: garage-server-2 labels: app.kubernetes.io/controller: server-2 app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: server-2 app.kubernetes.io/name: garage app.kubernetes.io/instance: garage template: metadata: annotations: checksum/configMaps: a4f613efa4f7fb06d8534c15125737341ddd9bb29862c9d650df9887dfed102e labels: app.kubernetes.io/controller: server-2 app.kubernetes.io/instance: garage app.kubernetes.io/name: garage garage-type: server spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: garage-type operator: In values: - server topologyKey: kubernetes.io/hostname containers: - envFrom: - secretRef: name: garage-token-secret image: dxflrs/garage:v2.2.0 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None name: config readOnly: true subPath: garage-2.toml - mountPath: /var/lib/garage/data name: data-2 - mountPath: /var/lib/garage/meta name: db-2 volumes: - configMap: name: garage name: config - name: data-2 persistentVolumeClaim: claimName: garage-data-2 - name: db-2 persistentVolumeClaim: claimName: garage-db-2 --- apiVersion: apps/v1 kind: Deployment metadata: name: garage-server-3 labels: app.kubernetes.io/controller: server-3 app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: server-3 app.kubernetes.io/name: garage app.kubernetes.io/instance: garage template: metadata: annotations: checksum/configMaps: a4f613efa4f7fb06d8534c15125737341ddd9bb29862c9d650df9887dfed102e labels: app.kubernetes.io/controller: server-3 app.kubernetes.io/instance: garage app.kubernetes.io/name: garage garage-type: server spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: garage-type operator: In values: - server topologyKey: kubernetes.io/hostname containers: - envFrom: - secretRef: name: garage-token-secret image: dxflrs/garage:v2.2.0 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None name: config readOnly: true subPath: garage-3.toml - mountPath: /var/lib/garage/data name: data-3 - mountPath: /var/lib/garage/meta name: db-3 volumes: - configMap: name: garage name: config - name: data-3 persistentVolumeClaim: claimName: garage-data-3 - name: db-3 persistentVolumeClaim: claimName: garage-db-3 --- apiVersion: apps/v1 kind: Deployment metadata: name: garage-webui labels: app.kubernetes.io/controller: webui app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: revisionHistoryLimit: 3 replicas: 1 strategy: type: Recreate selector: matchLabels: app.kubernetes.io/controller: webui app.kubernetes.io/name: garage app.kubernetes.io/instance: garage template: metadata: annotations: checksum/configMaps: a4f613efa4f7fb06d8534c15125737341ddd9bb29862c9d650df9887dfed102e labels: app.kubernetes.io/controller: webui app.kubernetes.io/instance: garage app.kubernetes.io/name: garage spec: enableServiceLinks: false serviceAccountName: default automountServiceAccountToken: true hostIPC: false hostNetwork: false hostPID: false dnsPolicy: ClusterFirst containers: - env: - name: API_BASE_URL value: http://garage-main.garage:3903 - name: S3_ENDPOINT_URL value: http://garage-main.garage:3900 - name: API_ADMIN_KEY valueFrom: secretKeyRef: key: GARAGE_ADMIN_TOKEN name: garage-token-secret image: khairul169/garage-webui:1.1.0 imagePullPolicy: IfNotPresent name: main resources: requests: cpu: 10m memory: 128Mi volumeMounts: - mountPath: /etc/garage.toml mountPropagation: None name: config readOnly: true subPath: garage-1.toml volumes: - configMap: name: garage name: config --- apiVersion: external-secrets.io/v1 kind: ExternalSecret metadata: name: garage-token-secret namespace: garage labels: app.kubernetes.io/name: garage-token-secret app.kubernetes.io/instance: garage app.kubernetes.io/part-of: garage spec: secretStoreRef: kind: ClusterSecretStore name: vault data: - secretKey: GARAGE_RPC_SECRET remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/garage/token metadataPolicy: None property: rpc - secretKey: GARAGE_ADMIN_TOKEN remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/garage/token metadataPolicy: None property: admin - secretKey: GARAGE_METRICS_TOKEN remoteRef: conversionStrategy: Default decodingStrategy: None key: /cl01tl/garage/token metadataPolicy: None property: metric --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: HTTPRoute metadata: name: garage-s3 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - "garage-s3.alexlebens.net" rules: - backendRefs: - group: "" kind: Service name: garage-main namespace: garage port: 3900 weight: 100 matches: - path: type: PathPrefix value: / --- apiVersion: gateway.networking.k8s.io/v1alpha2 kind: HTTPRoute metadata: name: garage-webui labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: parentRefs: - group: gateway.networking.k8s.io kind: Gateway name: traefik-gateway namespace: traefik hostnames: - "garage-webui.alexlebens.net" rules: - backendRefs: - group: "" kind: Service name: garage-webui namespace: garage port: 3909 weight: 100 matches: - path: type: PathPrefix value: / --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-data-2 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "800Gi" storageClassName: "synology-iscsi-delete" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-data-3 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "800Gi" storageClassName: "synology-iscsi-delete" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-data labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "800Gi" storageClassName: "synology-iscsi-delete" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-db-1 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "50Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-db-2 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "50Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-db-3 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "50Gi" storageClassName: "ceph-block" --- kind: PersistentVolumeClaim apiVersion: v1 metadata: name: garage-snapshots labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 annotations: helm.sh/resource-policy: keep namespace: garage spec: accessModes: - "ReadWriteOnce" resources: requests: storage: "50Gi" storageClassName: "synology-iscsi-delete" --- apiVersion: v1 kind: Service metadata: name: garage-1 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage app.kubernetes.io/service: garage-1 helm.sh/chart: garage-4.6.2 namespace: garage spec: type: ClusterIP ports: - port: 3903 targetPort: 3903 protocol: TCP name: admin - port: 3901 targetPort: 3901 protocol: TCP name: rpc - port: 3900 targetPort: 3900 protocol: TCP name: s3 - port: 3902 targetPort: 3902 protocol: TCP name: web selector: app.kubernetes.io/controller: server-1 app.kubernetes.io/instance: garage app.kubernetes.io/name: garage --- apiVersion: v1 kind: Service metadata: name: garage-2 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage app.kubernetes.io/service: garage-2 helm.sh/chart: garage-4.6.2 namespace: garage spec: type: ClusterIP ports: - port: 3903 targetPort: 3903 protocol: TCP name: admin - port: 3901 targetPort: 3901 protocol: TCP name: rpc - port: 3900 targetPort: 3900 protocol: TCP name: s3 - port: 3902 targetPort: 3902 protocol: TCP name: web selector: app.kubernetes.io/controller: server-2 app.kubernetes.io/instance: garage app.kubernetes.io/name: garage --- apiVersion: v1 kind: Service metadata: name: garage-3 labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage app.kubernetes.io/service: garage-3 helm.sh/chart: garage-4.6.2 namespace: garage spec: type: ClusterIP ports: - port: 3903 targetPort: 3903 protocol: TCP name: admin - port: 3901 targetPort: 3901 protocol: TCP name: rpc - port: 3900 targetPort: 3900 protocol: TCP name: s3 - port: 3902 targetPort: 3902 protocol: TCP name: web selector: app.kubernetes.io/controller: server-3 app.kubernetes.io/instance: garage app.kubernetes.io/name: garage --- apiVersion: v1 kind: Service metadata: name: garage-main namespace: garage labels: app.kubernetes.io/name: garage-main app.kubernetes.io/service: garage-main app.kubernetes.io/instance: garage app.kubernetes.io/part-of: garage spec: ports: - name: admin port: 3903 protocol: TCP targetPort: 3903 - name: rpc port: 3901 protocol: TCP targetPort: 3901 - name: s3 port: 3900 protocol: TCP targetPort: 3900 - name: web port: 3902 protocol: TCP targetPort: 3902 selector: app.kubernetes.io/instance: garage app.kubernetes.io/name: garage garage-type: server --- apiVersion: v1 kind: Service metadata: name: garage-webui labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage app.kubernetes.io/service: garage-webui helm.sh/chart: garage-4.6.2 namespace: garage spec: type: ClusterIP ports: - port: 3909 targetPort: 3909 protocol: TCP name: webui selector: app.kubernetes.io/controller: webui app.kubernetes.io/instance: garage app.kubernetes.io/name: garage --- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: garage labels: app.kubernetes.io/instance: garage app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: garage helm.sh/chart: garage-4.6.2 namespace: garage spec: jobLabel: garage namespaceSelector: matchNames: - garage selector: matchLabels: app.kubernetes.io/instance: garage app.kubernetes.io/name: garage app.kubernetes.io/service: garage-1 endpoints: - bearerTokenSecret: key: GARAGE_METRICS_TOKEN name: garage-token-secret interval: 5m path: /metrics port: admin scrapeTimeout: 2m