diff --git a/packages/extra/seaweedfs/Chart.yaml b/packages/extra/seaweedfs/Chart.yaml index 233b0c8b..24796add 100644 --- a/packages/extra/seaweedfs/Chart.yaml +++ b/packages/extra/seaweedfs/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.5.0 +version: 0.6.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/packages/extra/seaweedfs/README.md b/packages/extra/seaweedfs/README.md index 0c6f9075..aea13939 100644 --- a/packages/extra/seaweedfs/README.md +++ b/packages/extra/seaweedfs/README.md @@ -4,14 +4,15 @@ ### Common parameters -| Name | Description | Value | -| ------------------- | ------------------------------------------------------------------------------------------------------------------------ | --------------- | -| `host` | The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host). | `""` | -| `topology` | The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client) | `Simple` | -| `replicationFactor` | The number of replicas for each volume in the SeaweedFS cluster. | `2` | -| `replicas` | Persistent Volume size for SeaweedFS | `2` | -| `size` | Persistent Volume size | `10Gi` | -| `storageClass` | StorageClass used to store the data | `""` | -| `zones` | A map of zones for MultiZone topology. Each zone can have its own number of replicas and size. | `{}` | -| `filer.external` | Enable external access to the SeaweedFS filer from outside the cluster. Use this when `topology` is not set to `Client`. | `false` | -| `remoteEndpoint` | The endpoint of the remote filer GRPC service. Used when `topology` is set to `Client`. | `1.2.3.4:18888` | +| Name | Description | Value | +| ------------------- | ------------------------------------------------------------------------------------------------------ | -------- | +| `host` | The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host). | `""` | +| `topology` | The topology of the SeaweedFS cluster. (allowed values: Simple, MultiZone, Client) | `Simple` | +| `replicationFactor` | The number of replicas for each volume in the SeaweedFS cluster. | `2` | +| `replicas` | Persistent Volume size for SeaweedFS | `2` | +| `size` | Persistent Volume size | `10Gi` | +| `storageClass` | StorageClass used to store the data | `""` | +| `zones` | A map of zones for MultiZone topology. Each zone can have its own number of replicas and size. | `{}` | +| `filer.grpcHost` | The hostname used to expose or access the filer service externally. | `""` | +| `filer.grpcPort` | The port used to access the filer service externally. | `443` | +| `filer.whitelist` | A list of IP addresses or CIDR ranges that are allowed to access the filer service. | `[]` | diff --git a/packages/extra/seaweedfs/images/seaweedfs-cosi-driver.tag b/packages/extra/seaweedfs/images/seaweedfs-cosi-driver.tag new file mode 100644 index 00000000..f07c125d --- /dev/null +++ b/packages/extra/seaweedfs/images/seaweedfs-cosi-driver.tag @@ -0,0 +1 @@ +ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.2.0 diff --git a/packages/extra/seaweedfs/templates/external/cosi-bucket-class.yaml b/packages/extra/seaweedfs/templates/client/cosi-bucket-class.yaml similarity index 100% rename from packages/extra/seaweedfs/templates/external/cosi-bucket-class.yaml rename to packages/extra/seaweedfs/templates/client/cosi-bucket-class.yaml diff --git a/packages/extra/seaweedfs/templates/external/cosi-cluster-role.yaml b/packages/extra/seaweedfs/templates/client/cosi-cluster-role.yaml similarity index 100% rename from packages/extra/seaweedfs/templates/external/cosi-cluster-role.yaml rename to packages/extra/seaweedfs/templates/client/cosi-cluster-role.yaml diff --git a/packages/extra/seaweedfs/templates/external/cosi-deployment.yaml b/packages/extra/seaweedfs/templates/client/cosi-deployment.yaml similarity index 94% rename from packages/extra/seaweedfs/templates/external/cosi-deployment.yaml rename to packages/extra/seaweedfs/templates/client/cosi-deployment.yaml index 720568a5..5307a67f 100644 --- a/packages/extra/seaweedfs/templates/external/cosi-deployment.yaml +++ b/packages/extra/seaweedfs/templates/client/cosi-deployment.yaml @@ -35,7 +35,7 @@ spec: spec: containers: - name: seaweedfs-cosi-driver - image: ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.1.2 + image: "{{ $.Files.Get "images/seaweedfs-cosi-driver.tag" | trim }}" imagePullPolicy: IfNotPresent env: - name: DRIVERNAME @@ -43,7 +43,7 @@ spec: - name: ENDPOINT value: https://{{ .Values.host | default (printf "s3.%s" $host) }} - name: SEAWEEDFS_FILER - value: {{ .Values.remoteEndpoint }} + value: "{{ .Values.filer.grpcHost }}:{{ .Values.filer.grpcPort }}" - name: WEED_GRPC_CLIENT_KEY value: /usr/local/share/ca-certificates/client/tls.key - name: WEED_GRPC_CLIENT_CERT diff --git a/packages/extra/seaweedfs/templates/external/cosi-service-account.yaml b/packages/extra/seaweedfs/templates/client/cosi-service-account.yaml similarity index 100% rename from packages/extra/seaweedfs/templates/external/cosi-service-account.yaml rename to packages/extra/seaweedfs/templates/client/cosi-service-account.yaml diff --git a/packages/extra/seaweedfs/templates/ingress.yaml b/packages/extra/seaweedfs/templates/ingress.yaml new file mode 100644 index 00000000..05bf201d --- /dev/null +++ b/packages/extra/seaweedfs/templates/ingress.yaml @@ -0,0 +1,44 @@ +{{- $cozyConfig := lookup "v1" "ConfigMap" "cozy-system" "cozystack" }} +{{- $issuerType := (index $cozyConfig.data "clusterissuer") | default "http01" }} + +{{- $myNS := lookup "v1" "Namespace" "" .Release.Namespace }} +{{- $ingress := index $myNS.metadata.annotations "namespace.cozystack.io/ingress" }} +{{- $host := index $myNS.metadata.annotations "namespace.cozystack.io/host" }} +{{- if and (not (eq .Values.topology "Client")) (.Values.filer.grpcHost) }} +--- +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + annotations: + nginx.ingress.kubernetes.io/backend-protocol: GRPCS + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," (.Values.filer.whitelist | default "0.0.0.0/32") }}" + name: seaweedfs-filer-external +spec: + ingressClassName: tenant-root + rules: + - host: {{ .Values.filer.grpcHost | default (printf "filer.%s" $host) }} + http: + paths: + - backend: + service: + name: {{ $.Release.Name }}-filer-external + port: + number: 18888 + path: / + pathType: ImplementationSpecific +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ $.Release.Name }}-filer-external +spec: + ports: + - name: swfs-filer-grpc + port: 18888 + protocol: TCP + targetPort: 18888 + selector: + app.kubernetes.io/component: filer + app.kubernetes.io/name: {{ $.Release.Name }} +{{- end }} diff --git a/packages/extra/seaweedfs/templates/seaweedfs.yaml b/packages/extra/seaweedfs/templates/seaweedfs.yaml index 34741f47..af485c46 100644 --- a/packages/extra/seaweedfs/templates/seaweedfs.yaml +++ b/packages/extra/seaweedfs/templates/seaweedfs.yaml @@ -2,8 +2,8 @@ {{- if not (has .Values.topology (list "Simple" "MultiZone" "Client")) }} {{- fail "Invalid value for .Values.topology. Must be one of 'Simple', 'MultiZone' or 'Client'." }} {{- end }} -{{- if and (eq .Values.topology "Client") (not .Values.remoteEndpoint) }} -{{- fail "When topology is 'Client', .Values.remoteEndpoint must be set to a valid remote filer GRPC service endpoint." }} +{{- if and (eq .Values.topology "Client") (not .Values.filer.grpcHost) }} +{{- fail "When topology is 'Client', .Values.filer.grpcHost must be set to a valid remote filer GRPC service endpoint." }} {{- end }} {{- if lt (int .Values.replicationFactor) 1 }} {{- fail "Invalid value for .Values.replicationFactor. Must be at least 1." }} diff --git a/packages/extra/seaweedfs/templates/svc-external.yaml b/packages/extra/seaweedfs/templates/svc-external.yaml deleted file mode 100644 index 835e098e..00000000 --- a/packages/extra/seaweedfs/templates/svc-external.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if and (not (eq .Values.topology "Client")) (.Values.filer.external) }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ $.Release.Name }}-filer-external -spec: - type: LoadBalancer - externalTrafficPolicy: Local - ports: - - name: swfs-filer-grpc - port: 18888 - protocol: TCP - targetPort: 18888 - selector: - app.kubernetes.io/component: filer - app.kubernetes.io/name: {{ $.Release.Name }} -{{- end }} diff --git a/packages/extra/seaweedfs/values.schema.json b/packages/extra/seaweedfs/values.schema.json index 7221d3fd..e822eda0 100644 --- a/packages/extra/seaweedfs/values.schema.json +++ b/packages/extra/seaweedfs/values.schema.json @@ -2,10 +2,21 @@ "properties": { "filer": { "properties": { - "external": { - "default": false, - "description": "Enable external access to the SeaweedFS filer from outside the cluster. Use this when `topology` is not set to `Client`.", - "type": "boolean" + "grpcHost": { + "default": "", + "description": "The hostname used to expose or access the filer service externally.", + "type": "string" + }, + "grpcPort": { + "default": 443, + "description": "The port used to access the filer service externally.", + "type": "number" + }, + "whitelist": { + "default": [], + "description": "A list of IP addresses or CIDR ranges that are allowed to access the filer service.", + "items": {}, + "type": "array" } }, "type": "object" @@ -15,11 +26,6 @@ "description": "The hostname used to access the SeaweedFS externally (defaults to 's3' subdomain for the tenant host).", "type": "string" }, - "remoteEndpoint": { - "default": "1.2.3.4:18888", - "description": "The endpoint of the remote filer GRPC service. Used when `topology` is set to `Client`.", - "type": "string" - }, "replicas": { "default": 2, "description": "Persistent Volume size for SeaweedFS", diff --git a/packages/extra/seaweedfs/values.yaml b/packages/extra/seaweedfs/values.yaml index f7e379de..c1f73a53 100644 --- a/packages/extra/seaweedfs/values.yaml +++ b/packages/extra/seaweedfs/values.yaml @@ -32,9 +32,10 @@ storageClass: "" ## size: 10Gi zones: {} -## @param filer.external Enable external access to the SeaweedFS filer from outside the cluster. Use this when `topology` is not set to `Client`. +## @param filer.grpcHost The hostname used to expose or access the filer service externally. +## @param filer.grpcPort The port used to access the filer service externally. +## @param filer.whitelist A list of IP addresses or CIDR ranges that are allowed to access the filer service. filer: - external: false - -## @param remoteEndpoint The endpoint of the remote filer GRPC service. Used when `topology` is set to `Client`. -remoteEndpoint: "1.2.3.4:18888" + grpcHost: "" + grpcPort: 443 + whitelist: [] diff --git a/packages/extra/versions_map b/packages/extra/versions_map index cb9683bb..bc581f82 100644 --- a/packages/extra/versions_map +++ b/packages/extra/versions_map @@ -54,4 +54,5 @@ seaweedfs 0.2.1 fde4bcfa seaweedfs 0.3.0 45a7416c seaweedfs 0.4.0 632224a3 seaweedfs 0.4.1 8c86905b -seaweedfs 0.5.0 HEAD +seaweedfs 0.5.0 9584e5f5 +seaweedfs 0.6.0 HEAD