apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
  name: selfsigned-issuer
  labels:
    app: s3proxy
spec:
  selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
  name: selfsigned-ca
  labels:
    app: s3proxy
spec:
  isCA: true
  commonName: s3proxy-selfsigned-ca
  secretName: s3proxy-tls
  privateKey:
    algorithm: ECDSA
    size: 256
  dnsNames:
    - "s3.us-east-1.amazonaws.com"
    - "s3.us-east-2.amazonaws.com"
    - "s3.us-west-1.amazonaws.com"
    - "s3.us-west-2.amazonaws.com"
    - "s3.eu-north-1.amazonaws.com"
    - "s3.eu-south-1.amazonaws.com"
    - "s3.eu-south-2.amazonaws.com"
    - "s3.eu-west-1.amazonaws.com"
    - "s3.eu-west-2.amazonaws.com"
    - "s3.eu-west-3.amazonaws.com"
    - "s3.eu-central-1.amazonaws.com"
    - "s3.eu-central-2.amazonaws.com"
    - "s3.ap-northeast-1.amazonaws.com"
    - "s3.ap-northeast-2.amazonaws.com"
    - "s3.ap-northeast-3.amazonaws.com"
    - "s3.ap-east-1.amazonaws.com"
    - "s3.ap-southeast-1.amazonaws.com"
    - "s3.ap-southeast-2.amazonaws.com"
    - "s3.ap-southeast-3.amazonaws.com"
    - "s3.ap-southeast-4.amazonaws.com"
    - "s3.ap-south-1.amazonaws.com"
    - "s3.ap-south-2.amazonaws.com"
    - "s3.me-south-1.amazonaws.com"
    - "s3.me-central-1.amazonaws.com"
    - "s3.il-central-1.amazonaws.com"
    - "s3.af-south-1.amazonaws.com"
    - "s3.ca-central-1.amazonaws.com"
    - "s3.sa-east-1.amazonaws.com"
  issuerRef:
    name: selfsigned-issuer
    kind: Issuer
    group: cert-manager.io
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: s3proxy
  labels:
    app: s3proxy
spec:
  replicas: 1
  selector:
    matchLabels:
      app: s3proxy
  template:
    metadata:
      labels:
        app: s3proxy
    spec:
      containers:
        - name: s3proxy
          image: ghcr.io/edgelesssys/constellation/s3proxy:v2.13.0-pre
          args:
            - "--level=-1"
          ports:
            - containerPort: 4433
              name: s3proxy-port
          volumeMounts:
            - name: tls-cert-data
              mountPath: /etc/s3proxy/certs/s3proxy.crt
              subPath: tls.crt
            - name: tls-cert-data
              mountPath: /etc/s3proxy/certs/s3proxy.key
              subPath: tls.key
          envFrom:
            - secretRef:
                name: s3-creds
      volumes:
        - name: tls-cert-data
          secret:
            secretName: s3proxy-tls
        - name: s3-creds
          secret:
            secretName: s3-creds
---
apiVersion: v1
kind: Service
metadata:
  name: s3proxy-service
  labels:
    app: s3proxy
spec:
  selector:
    app: s3proxy
  ports:
    - name: https
      port: 443
      targetPort: s3proxy-port
  type: ClusterIP
---
apiVersion: v1
kind: Secret
metadata:
  name: s3-creds
type: Opaque
stringData:
  AWS_ACCESS_KEY_ID: "replaceme"
  AWS_SECRET_ACCESS_KEY: "replaceme"