Deploying the S3 Proxy
info
To set up the S3 Proxy, you will first need:
- A valid Antimatter domain and API key.
- A valid write-context (such as
default) - A valid read-context (such as
default) - An AWS account with a role containing permissions for the bucket operations you are performing. This can be accessed with an AWS Access ID and AWS Secret Key or as a service account (see https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html for more information).
Kubernetes manifest
Provided below is a minimum Kubernetes manifest to deploy a pod running the Antimatter S3 Proxy.
warning
The manifests will need to be updated with your own configuration values.
info
Please note that images maintained by Antimatter are subject to update.
apiVersion: v1
kind: Service
metadata:
name: s3-proxy-service
spec:
selector:
app: s3-proxy
ports:
- name: "9235"
port: 80
targetPort: 9235
- name: "9234"
port: 9234
targetPort: 9234
apiVersion: apps/v1
kind: Deployment
metadata:
name: s3-proxy
spec:
replicas: 1
selector:
matchLabels:
app: s3-proxy
template:
metadata:
labels:
app: s3-proxy
spec:
containers:
- name: s3-proxy
image: "antimatterio/s3-proxy:latest"
ports:
- containerPort: 9234
protocol: TCP
- containerPort: 9235
protocol: TCP
env:
- name: S3PROXY_HOST
value: "0.0.0.0"
- name: S3PROXY_PORT
value: "9234"
- name: S3PROXY_PRESIGNED_PORT
value: "9235"
envFrom:
- secretRef:
name: antimatter-secret
- configMapRef:
name: antimatter-configmap
volumeMounts:
- name: temp-storage
mountPath: /tmp
livenessProbe:
httpGet:
path: /healthz
port: 9234
volumes:
- name: temp-storage
emptyDir: {}
kind: ConfigMap
apiVersion: v1
metadata:
name: antimatter-configmap
data:
ANTIMATTER_DOMAIN_ID: <your Antimatter domain id>
AWS_REGION: <AWS region of bucket(s), such as us-west-2>
kind: Secret
apiVersion: v1
type: Opaque
metadata:
name: antimatter-secret
data:
ANTIMATTER_API_KEY: <your Antimatter API Key>
AWS_ACCESS_KEY_ID: <Access Key ID for AWS actions>
AWS_SECRET_ACCESS_KEY: <Access Key Secret for AWS actions>