Serving assets from Minio through k8s ingress - Take 2
Truthfully I am not really happy regarding the configuration. Feels a bit fragile. Honestly I am not entirely sure the security implications either, although those could be mitigated. I would like something which involves less hacking of backends. Then there is the problem with index files.
dev.to’s Static Sites With Minio and S3www uses s3222 which looks promising. Looks possible to provide the credentials via a mounted secret.
Giving it a try
The follow boots but just hangs when making a request to the pods port 8080.
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${deployment_name}
namespace: ${namespace}
labels:
app: ${labels}
spec:
replicas: 1
selector:
matchLabels:
app: ${labels}
template:
metadata:
labels:
app: ${labels}
spec:
containers:
- name: s3www
image: y4m4/s3www:v0.8.0
ports:
- containerPort: 8080
command: ["/s3www","-endpoint","${s3_endpoint}", "-bucket", "${s3_bucket}","-address", "0.0.0.0:8080"]
Turns out the accessKey
and secretKey
arguments are required. The following also checks to see if the container
is alive via the service port and readiness via the probe. Overall that was relatively easy. Time to throw a standard
ingress on it.
apiVersion: apps/v1
kind: Deployment
metadata:
name: ${deployment_name}
namespace: ${namespace}
labels:
app: ${labels}
spec:
replicas: 1
selector:
matchLabels:
app: ${labels}
template:
metadata:
labels:
app: ${labels}
spec:
containers:
- name: s3www
image: y4m4/s3www:v0.8.0
ports:
- containerPort: 8080
command: ["/s3www","-endpoint","${s3_endpoint}", "-accessKey","${s3_access_key}", "-secretKey","${s3_secret_key}", "-bucket", "${s3_bucket}","-address", "0.0.0.0:8080"]
livenessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 1
periodSeconds: 30
readinessProbe:
httpGet:
port: 8080
path: /
initialDelaySeconds: 2
periodSeconds: 30