feat(gotosocial): switch media to S3

2026-01-28 02:18:24 +00:00 · 2023-05-28 09:22:13 +08:00
parent 0c85ea103e
commit 1632ef2bb3
2 changed files with 57 additions and 8 deletions
--- a/kube/3-deploy/2-apps/gotosocial/app/hr.yaml
+++ b/kube/3-deploy/2-apps/gotosocial/app/hr.yaml
@@ -14,8 +14,12 @@ spec:
        name: bjw-s
        namespace: flux-system
  values:
+    global:
+      fullnameOverride: *app
+      labels:
+        s3/bucket: rgw-${CLUSTER_NAME_LOWER}
    controller:
-      type: statefulset
+      replicas: 1
    image:
      repository: docker.io/superseriousbusiness/gotosocial
      tag: 0.8.1-amd64@sha256:69c995a8c3551142c7ff34082bd439f39f02c1240d032f83ef740750de9e44d9
@@ -27,7 +31,21 @@ spec:
      GTS_PROTOCOL: "https"
      GTS_TRUSTED_PROXIES: "${IP_POD_CIDR_V4}"
      GTS_ACCOUNTS_REGISTRATION_OPEN: "false"
-      GTS_STORAGE_LOCAL_BASE_PATH: &media "/gotosocial/storage"
+      #GTS_STORAGE_LOCAL_BASE_PATH: &media "/gotosocial/storage"
+      GTS_STORAGE_BACKEND: "s3"
+      GTS_STORAGE_S3_PROXY: "true"
+      GTS_STORAGE_S3_ENDPOINT: "rook-ceph-rgw-${CLUSTER_NAME_LOWER}.rook-ceph.svc.cluster.local.:6953"
+      GTS_STORAGE_S3_BUCKET: "gotosocial-media"
+      GTS_STORAGE_S3_ACCESS_KEY:
+        valueFrom:
+          secretKeyRef:
+            name: gotosocial-media-s3
+            key: AWS_ACCESS_KEY_ID
+      GTS_STORAGE_S3_SECRET_KEY:
+        valueFrom:
+          secretKeyRef:
+            name: gotosocial-media-s3
+            key: AWS_SECRET_ACCESS_KEY
    envFrom:
      - secretRef:
          name: gotosocial-pg
@@ -62,12 +80,12 @@ spec:
      runAsGroup: *uid
      fsGroup: *uid
      fsGroupChangePolicy: OnRootMismatch
-    volumeClaimTemplates:
-      - name: media
-        mountPath: *media
-        accessMode: ReadWriteOnce
-        size: 50Gi
-        storageClass: block
+    # volumeClaimTemplates:
+    #   - name: media
+    #     mountPath: *media
+    #     accessMode: ReadWriteOnce
+    #     size: 50Gi
+    #     storageClass: block
    persistence:
      config:
        enabled: false
--- a/kube/3-deploy/2-apps/gotosocial/app/netpol.yaml
+++ b/kube/3-deploy/2-apps/gotosocial/app/netpol.yaml
@@ -37,6 +37,37 @@ spec:
      toPorts:
        - ports:
            - port: "5432"
+    # connect to Rook-Ceph RGW/S3 object store in-cluster
+    - toServices:
+        - k8sServiceSelector:
+            selector:
+              matchLabels:
+                rook_object_store: "${CLUSTER_NAME_LOWER}"
+            namespace: rook-ceph
+      toPorts:
+        - ports:
+            - port: "6953"
+              protocol: TCP
+            - port: "6953"
+              protocol: UDP
+            - port: "8080"
+              protocol: TCP
+            - port: "8080"
+              protocol: UDP
+    - toEndpoints:
+        - matchLabels:
+            rook_object_store: "${CLUSTER_NAME_LOWER}"
+            io.kubernetes.pod.namespace: rook-ceph
+      toPorts:
+        - ports:
+            - port: "6953"
+              protocol: TCP
+            - port: "6953"
+              protocol: UDP
+            - port: "8080"
+              protocol: TCP
+            - port: "8080"
+              protocol: UDP
 ---
 apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy