mirror of
https://github.com/edgelesssys/constellation.git
synced 2024-10-01 01:36:09 -04:00
122 lines
2.8 KiB
YAML
122 lines
2.8 KiB
YAML
apiVersion: cert-manager.io/v1
|
|
kind: Issuer
|
|
metadata:
|
|
name: selfsigned-issuer
|
|
labels:
|
|
app: s3proxy
|
|
spec:
|
|
selfSigned: {}
|
|
---
|
|
apiVersion: cert-manager.io/v1
|
|
kind: Certificate
|
|
metadata:
|
|
name: selfsigned-ca
|
|
labels:
|
|
app: s3proxy
|
|
spec:
|
|
isCA: true
|
|
commonName: s3proxy-selfsigned-ca
|
|
secretName: s3proxy-tls
|
|
privateKey:
|
|
algorithm: ECDSA
|
|
size: 256
|
|
dnsNames:
|
|
- "s3.us-east-1.amazonaws.com"
|
|
- "s3.us-east-2.amazonaws.com"
|
|
- "s3.us-west-1.amazonaws.com"
|
|
- "s3.us-west-2.amazonaws.com"
|
|
- "s3.eu-north-1.amazonaws.com"
|
|
- "s3.eu-south-1.amazonaws.com"
|
|
- "s3.eu-south-2.amazonaws.com"
|
|
- "s3.eu-west-1.amazonaws.com"
|
|
- "s3.eu-west-2.amazonaws.com"
|
|
- "s3.eu-west-3.amazonaws.com"
|
|
- "s3.eu-central-1.amazonaws.com"
|
|
- "s3.eu-central-2.amazonaws.com"
|
|
- "s3.ap-northeast-1.amazonaws.com"
|
|
- "s3.ap-northeast-2.amazonaws.com"
|
|
- "s3.ap-northeast-3.amazonaws.com"
|
|
- "s3.ap-east-1.amazonaws.com"
|
|
- "s3.ap-southeast-1.amazonaws.com"
|
|
- "s3.ap-southeast-2.amazonaws.com"
|
|
- "s3.ap-southeast-3.amazonaws.com"
|
|
- "s3.ap-southeast-4.amazonaws.com"
|
|
- "s3.ap-south-1.amazonaws.com"
|
|
- "s3.ap-south-2.amazonaws.com"
|
|
- "s3.me-south-1.amazonaws.com"
|
|
- "s3.me-central-1.amazonaws.com"
|
|
- "s3.il-central-1.amazonaws.com"
|
|
- "s3.af-south-1.amazonaws.com"
|
|
- "s3.ca-central-1.amazonaws.com"
|
|
- "s3.sa-east-1.amazonaws.com"
|
|
issuerRef:
|
|
name: selfsigned-issuer
|
|
kind: Issuer
|
|
group: cert-manager.io
|
|
---
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: s3proxy
|
|
labels:
|
|
app: s3proxy
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: s3proxy
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: s3proxy
|
|
spec:
|
|
containers:
|
|
- name: s3proxy
|
|
image: ghcr.io/edgelesssys/constellation/s3proxy:v2.13.0-pre
|
|
args:
|
|
- "--level=-1"
|
|
ports:
|
|
- containerPort: 4433
|
|
name: s3proxy-port
|
|
volumeMounts:
|
|
- name: tls-cert-data
|
|
mountPath: /etc/s3proxy/certs/s3proxy.crt
|
|
subPath: tls.crt
|
|
- name: tls-cert-data
|
|
mountPath: /etc/s3proxy/certs/s3proxy.key
|
|
subPath: tls.key
|
|
envFrom:
|
|
- secretRef:
|
|
name: s3-creds
|
|
volumes:
|
|
- name: tls-cert-data
|
|
secret:
|
|
secretName: s3proxy-tls
|
|
- name: s3-creds
|
|
secret:
|
|
secretName: s3-creds
|
|
---
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: s3proxy-service
|
|
labels:
|
|
app: s3proxy
|
|
spec:
|
|
selector:
|
|
app: s3proxy
|
|
ports:
|
|
- name: https
|
|
port: 443
|
|
targetPort: s3proxy-port
|
|
type: ClusterIP
|
|
---
|
|
apiVersion: v1
|
|
kind: Secret
|
|
metadata:
|
|
name: s3-creds
|
|
type: Opaque
|
|
stringData:
|
|
AWS_ACCESS_KEY_ID: "replaceme"
|
|
AWS_SECRET_ACCESS_KEY: "replaceme"
|