apiVersion: apps/v1 kind: StatefulSet metadata: annotations: a8r.io/repository: ssh://git@git.tr1ceracop.de:222/gitea_admin/k8s-and-chill.git name: garage namespace: garage spec: replicas: 1 selector: matchLabels: app: garage serviceName: garage template: metadata: labels: app: garage spec: containers: - args: - server command: - /garage env: - name: GARAGE_CONFIG_FILE value: /etc/garage.toml - name: GARAGE_ALLOW_WORLD_READABLE_SECRETS value: "true" image: dxflrs/garage:v1.0.1 imagePullPolicy: IfNotPresent name: garage ports: - containerPort: 3900 name: s3-api - containerPort: 3901 name: rpc - containerPort: 3902 name: s3-web - containerPort: 3903 name: admin readinessProbe: httpGet: path: /health port: 3903 initialDelaySeconds: 5 periodSeconds: 5 resources: limits: memory: 512Mi requests: cpu: 50m memory: 128Mi securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL readOnlyRootFilesystem: true volumeMounts: - mountPath: /var/lib/garage name: data - mountPath: /etc/garage.toml name: config readOnly: true subPath: garage.toml - mountPath: /etc/garage name: secrets readOnly: true securityContext: fsGroup: 1000 runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: RuntimeDefault volumes: - configMap: name: garage-config name: config - name: secrets secret: defaultMode: 256 secretName: garage-secrets volumeClaimTemplates: - metadata: name: data spec: accessModes: - ReadWriteOnce resources: requests: storage: 5Gi storageClassName: standard