wireapp · jschaul · Apr 1, 2026
@@ -20,7 +20,7 @@ spec:
   - name: https
     protocol: TCP
     port: {{ .https.externalPort }}
-    # NOTE: This value should match s3 http listening port on the s3 service (minio)
+    # NOTE: This value should match the S3-compatible HTTP listening port on the selected service.
     targetPort: {{ .http.s3Port }}
 {{- end }}
 {{- end }}
@@ -33,7 +33,7 @@ ingress:
     ws:
       wsPort: 8081
   s3minio:
-    enabled: false # set to true if you wish to use minio on AWS instead of using real S3
+    enabled: false # set to true if you wish to expose the in-cluster S3-compatible service instead of real S3
     https:
       externalPort: 443
       sslCert: arn:aws:iam::00000-accountnumber-00000:server-certificate/wire.example
@@ -44,7 +44,7 @@ ingress:
       s3Port: 9000
     selector:
       key: app
-      value: minio # (currently) fake-aws-s3 chart uses 'minio', minio-external chart uses 'minio-external'
+      value: fake-aws-s3
   teamSettings:
     https:
       externalPort: 443

@@ -0,0 +1,4 @@
+apiVersion: v1
+description: Legacy wrapper chart for MinIO used by fake-aws-s3
+name: fake-aws-s3-legacy-minio
+version: 0.0.42
@@ -0,0 +1,16 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 53 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 53 chars (63 - len("-discovery")) because some Kubernetes name fields are limited to 63 (by the DNS naming spec).
+*/}}
+{{- define "fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s" $name | trunc 53 | trimSuffix "-" -}}
+{{- end -}}
@@ -0,0 +1,59 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "fullname" . }}-reaper
+  labels:
+    app: {{ template "fullname" . }}-reaper
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ template "fullname" . }}-reaper
+  template:
+    metadata:
+      labels:
+        app: {{ template "fullname" . }}-reaper
+    spec:
+      topologySpreadConstraints:
+        - maxSkew: 1
+          topologyKey: "kubernetes.io/hostname"
+          whenUnsatisfiable: ScheduleAnyway
+          labelSelector:
+            matchLabels:
+              app: {{ template "fullname" . }}-reaper
+      volumes:
+      - name: minio-configuration
+        projected:
+          # These are created by the minio chart and used for create buckets and
+          # users after deployment.
+          sources:
+          - configMap:
+              name: {{ .Values.minio.fullnameOverride }}
+          - secret:
+              name: {{ .Values.minio.fullnameOverride }}
+      containers:
+      - name: initiate-fake-aws-s3
+        image: "{{ .Values.minio.mcImage.repository }}:{{ .Values.minio.mcImage.tag }}"
+        imagePullPolicy: {{ .Values.minio.mcImage.pullPolicy }}
+        command: [/bin/sh]
+        args:
+        - -c
+        - |
+          echo 'Creating MinIO Users and Buckets'
+          while true
+          do
+              /bin/sh /config/initialize
+              /bin/sh /config/add-user
+              sleep 10
+          done
+        env:
+        - name: MINIO_ENDPOINT
+          value: {{ .Values.minio.fullnameOverride | quote }}
+        - name: MINIO_PORT
+          value: {{ .Values.minio.service.port | quote }}
+        volumeMounts:
+        - name: minio-configuration
+          mountPath: /config
@@ -0,0 +1,27 @@
+# See defaults in https://github.com/minio/minio/blob/RELEASE.2023-07-07T07-13-57Z/helm/minio/values.yaml
+minio:
+  fullnameOverride: fake-aws-s3
+  service:
+    port: "9000"
+  mode: standalone
+  users:
+    - accessKey: dummykey
+      secretKey: dummysecret
+      policy: consoleAdmin
+  persistence:
+    enabled: false
+  environment:
+    MINIO_BROWSER: "off"
+  resources:
+    requests:
+      memory: 200Mi
+  buckets:
+    - name: dummy-bucket
+      purge: false
+      policy: none
+    - name: assets
+      purge: false
+      policy: none
+    - name: public
+      purge: false
+      policy: public
@@ -1,4 +1,4 @@
 apiVersion: v1
-description: Wrapper chart for stable/minio
+description: Wrapper chart for RustFS used by fake-aws-s3
 name: fake-aws-s3
 version: 0.0.42
@@ -1,16 +1,8 @@
 {{/* vim: set filetype=mustache: */}}
-{{/*
-Expand the name of the chart.
-*/}}
-{{- define "name" -}}
+{{- define "fake-aws-s3.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 53 | trimSuffix "-" -}}
 {{- end -}}
 
-{{/*
-Create a default fully qualified app name.
-We truncate at 53 chars (63 - len("-discovery")) because some Kubernetes name fields are limited to 63 (by the DNS naming spec).
-*/}}
-{{- define "fullname" -}}
-{{- $name := default .Chart.Name .Values.nameOverride -}}
-{{- printf "%s" $name | trunc 53 | trimSuffix "-" -}}
+{{- define "fake-aws-s3.fullname" -}}
+{{- default .Chart.Name .Values.fullnameOverride | trunc 53 | trimSuffix "-" -}}
 {{- end -}}
@@ -1,59 +1,134 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "fake-aws-s3.fullname" . }}-bootstrap
+  labels:
+    app: {{ include "fake-aws-s3.fullname" . }}-bootstrap
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  backoffLimit: 6
+  template:
+    metadata:
+      labels:
+        app: {{ include "fake-aws-s3.fullname" . }}-bootstrap
+    spec:
+      restartPolicy: OnFailure
+      containers:
+      - name: bootstrap-fake-aws-s3
+        image: "{{ .Values.bootstrap.image.repository }}:{{ .Values.bootstrap.image.tag }}"
+        imagePullPolicy: {{ .Values.bootstrap.image.pullPolicy }}
+        command: [/bin/sh]
+        args:
+        - -c
+        - |
+          set -euo pipefail
+
+          export AWS_ACCESS_KEY_ID="$RUSTFS_ACCESS_KEY"
+          export AWS_SECRET_ACCESS_KEY="$RUSTFS_SECRET_KEY"
+          export AWS_REGION="${AWS_REGION:-eu-west-1}"
+
+          endpoint="http://{{ include "fake-aws-s3.fullname" . }}:{{ .Values.service.port }}"
+
+          until aws --endpoint-url="$endpoint" s3api list-buckets >/dev/null 2>&1; do
+            echo "waiting for RustFS"
+            sleep 2
+          done
+
+          {{- range .Values.bootstrap.buckets }}
+          if aws --endpoint-url="$endpoint" s3api head-bucket --bucket {{ .name | quote }} >/dev/null 2>&1; then
+            echo "bucket {{ .name }} already exists"
+          else
+            aws --endpoint-url="$endpoint" s3api create-bucket --bucket {{ .name | quote }}
+            aws --endpoint-url="$endpoint" s3api wait bucket-exists --bucket {{ .name | quote }}
+          fi
+          {{- end }}
+        env:
+        - name: RUSTFS_ACCESS_KEY
+          value: {{ .Values.credentials.accessKey | quote }}
+        - name: RUSTFS_SECRET_KEY
+          value: {{ .Values.credentials.secretKey | quote }}
+---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "fullname" . }}-reaper
+  name: {{ include "fake-aws-s3.fullname" . }}
   labels:
-    app: {{ template "fullname" . }}-reaper
+    app: {{ include "fake-aws-s3.fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
     release: "{{ .Release.Name }}"
     heritage: "{{ .Release.Service }}"
 spec:
   replicas: 1
   selector:
     matchLabels:
-      app: {{ template "fullname" . }}-reaper
+      app: {{ include "fake-aws-s3.fullname" . }}
   template:
     metadata:
       labels:
-        app: {{ template "fullname" . }}-reaper
+        app: {{ include "fake-aws-s3.fullname" . }}
     spec:
       topologySpreadConstraints:
         - maxSkew: 1
           topologyKey: "kubernetes.io/hostname"
           whenUnsatisfiable: ScheduleAnyway
           labelSelector:
             matchLabels:
-              app: {{ template "fullname" . }}-reaper
-      volumes:
-      - name: minio-configuration
-        projected:
-          # These are created by the minio chart and used for create buckets and
-          # users after deployment.
-          sources:
-          - configMap:
-              name: {{ .Values.minio.fullnameOverride }}
-          - secret:
-              name: {{ .Values.minio.fullnameOverride }}
+              app: {{ include "fake-aws-s3.fullname" . }}
       containers:
-      - name: initiate-fake-aws-s3
-        image: "{{ .Values.minio.mcImage.repository }}:{{ .Values.minio.mcImage.tag }}"
-        imagePullPolicy: {{ .Values.minio.mcImage.pullPolicy }}
-        command: [/bin/sh]
+      - name: fake-aws-s3
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
         args:
-        - -c
-        - |
-          echo 'Creating MinIO Users and Buckets'
-          while true
-          do
-              /bin/sh /config/initialize
-              /bin/sh /config/add-user
-              sleep 10
-          done
+        - {{ .Values.storage.dataPath | quote }}
         env:
-        - name: MINIO_ENDPOINT
-          value: {{ .Values.minio.fullnameOverride | quote }}
-        - name: MINIO_PORT
-          value: {{ .Values.minio.service.port | quote }}
+        - name: RUSTFS_ACCESS_KEY
+          value: {{ .Values.credentials.accessKey | quote }}
+        - name: RUSTFS_SECRET_KEY
+          value: {{ .Values.credentials.secretKey | quote }}
+        - name: RUSTFS_VOLUMES
+          value: {{ .Values.storage.dataPath | quote }}
+        - name: RUSTFS_ADDRESS
+          value: ":{{ .Values.service.port }}"
+        - name: RUSTFS_CONSOLE_ENABLE
+          value: "false"
+        ports:
+        - containerPort: {{ .Values.service.port }}
+          name: s3
+        readinessProbe:
+          tcpSocket:
+            port: s3
+          initialDelaySeconds: 5
+          periodSeconds: 5
+        livenessProbe:
+          tcpSocket:
+            port: s3
+          initialDelaySeconds: 15
+          periodSeconds: 10
+        resources:
+{{ toYaml .Values.resources | indent 10 }}
         volumeMounts:
-        - name: minio-configuration
-          mountPath: /config
+        - name: data
+          mountPath: {{ .Values.storage.dataPath }}
+      volumes:
+      - name: data
+        emptyDir: {}
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "fake-aws-s3.fullname" . }}
+  labels:
+    app: {{ include "fake-aws-s3.fullname" . }}
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: "{{ .Release.Name }}"
+    heritage: "{{ .Release.Service }}"
+spec:
+  type: ClusterIP
+  ports:
+  - name: s3
+    port: {{ .Values.service.port }}
+    targetPort: s3
+  selector:
+    app: {{ include "fake-aws-s3.fullname" . }}
@@ -1,27 +1,30 @@
-# See defaults in https://github.com/minio/minio/blob/RELEASE.2023-07-07T07-13-57Z/helm/minio/values.yaml
-minio:
-  fullnameOverride: fake-aws-s3
-  service:
-    port: "9000"
-  mode: standalone
-  users:
-    - accessKey: dummykey
-      secretKey: dummysecret
-      policy: consoleAdmin
-  persistence:
-    enabled: false
-  environment:
-    MINIO_BROWSER: "off"
-  resources:
-    requests:
-      memory: 200Mi
+fullnameOverride: fake-aws-s3
+
+image:
+  repository: rustfs/rustfs
+  tag: latest
+  pullPolicy: IfNotPresent
+
+service:
+  port: 9000
+
+credentials:
+  accessKey: dummykey
+  secretKey: dummysecret
+
+storage:
+  dataPath: /data
+
+resources:
+  requests:
+    memory: 200Mi
+
+bootstrap:
+  image:
+    repository: amazon/aws-cli
+    tag: 2.17.49
+    pullPolicy: IfNotPresent
   buckets:
     - name: dummy-bucket
-      purge: false
-      policy: none
     - name: assets
-      purge: false
-      policy: none
     - name: public
-      purge: false
-      policy: public