Intro

As of version 0.1.0 the s3sync-service is shipped with some k8s integration, which allows you to configure the application for reading k8s configmap instead of a configuration file. This approach bring some benefits such as:

  • no need to mount the configmap to a pod
  • the application will watch for the configmap changes and perform reload if needed

This approach requires RBAC resources allowing read/watch/list of the configmap and valid configmap data structure. Which will be handled automagically if you use the helm chart, otherwise please make sure the data contains config.yml and valid configuration underneath.

Manual way

The configmap data should be similar to the following:

apiVersion: v1
kind: ConfigMap
data:
  config.yml: |-
    aws_region: us-east-1
    sites:
    - name: my-data1
      bucket: my-data-bucket1
      local_path: /my-data1
    - name: my-data2
      bucket: my-data-bucket2
      local_path: /my-data2
      retire_deleted: true
      storage_class: STANDARD_IA

And following are the RBAC resources:

---
# Source: s3sync-service/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: s3sync-service-kube-system-serviceaccount
  namespace: kube-system
---
# Source: s3sync-service/templates/clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: s3sync-service-kube-system-clusterrole
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    verbs:
      - get
      - list
      - watch
---
# Source: s3sync-service/templates/clusterrolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: s3sync-service-kube-system-clusterrolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: s3sync-service-kube-system-clusterrole
subjects:
  - kind: ServiceAccount
    name: s3sync-service-kube-system-serviceaccount
    namespace: kube-system
---
# Source: s3sync-service/templates/role.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: s3sync-service-kube-system-role
  namespace: kube-system
rules:
  - apiGroups:
      - ""
    resources:
      - configmaps
    resourceNames:
      - "s3sync-service-kube-system-configmap"
    verbs:
      - get
      - watch
---
# Source: s3sync-service/templates/rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: s3sync-service-kube-system-rolebinding
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: s3sync-service-kube-system-role
subjects:
  - kind: ServiceAccount
    name: s3sync-service-kube-system-serviceaccount
    namespace: kube-system

Feel free to check out the example deployment manifest and the guide.