Stream of Consciousness

Mark Eschbach's random writings on various topics.

Serving assets from Minio through k8s ingress - Take 2

Categories: tech

Tags: k8s minio

Truthfully I am not really happy regarding the configuration. Feels a bit fragile. Honestly I am not entirely sure the security implications either, although those could be mitigated. I would like something which involves less hacking of backends. Then there is the problem with index files.

dev.to’s Static Sites With Minio and S3www uses s3222 which looks promising. Looks possible to provide the credentials via a mounted secret.

Giving it a try

The follow boots but just hangs when making a request to the pods port 8080.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ${deployment_name}
  namespace: ${namespace}
  labels:
    app: ${labels}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ${labels}
  template:
    metadata:
      labels:
        app: ${labels}
    spec:
      containers:
        - name: s3www
          image: y4m4/s3www:v0.8.0
          ports:
            - containerPort: 8080
          command: ["/s3www","-endpoint","${s3_endpoint}", "-bucket", "${s3_bucket}","-address", "0.0.0.0:8080"]

Turns out the accessKey and secretKey arguments are required. The following also checks to see if the container is alive via the service port and readiness via the probe. Overall that was relatively easy. Time to throw a standard ingress on it.

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ${deployment_name}
  namespace: ${namespace}
  labels:
    app: ${labels}
spec:
  replicas: 1
  selector:
    matchLabels:
      app: ${labels}
  template:
    metadata:
      labels:
        app: ${labels}
    spec:
      containers:
        - name: s3www
          image: y4m4/s3www:v0.8.0
          ports:
            - containerPort: 8080
          command: ["/s3www","-endpoint","${s3_endpoint}", "-accessKey","${s3_access_key}", "-secretKey","${s3_secret_key}", "-bucket", "${s3_bucket}","-address", "0.0.0.0:8080"]
          livenessProbe:
            tcpSocket:
              port: 8080
            initialDelaySeconds: 1
            periodSeconds: 30
          readinessProbe:
            httpGet:
              port: 8080
              path: /
            initialDelaySeconds: 2
            periodSeconds: 30