diff --git a/packages/system/seaweedfs/Makefile b/packages/system/seaweedfs/Makefile index 1868ccdd..2d51079b 100644 --- a/packages/system/seaweedfs/Makefile +++ b/packages/system/seaweedfs/Makefile @@ -7,5 +7,5 @@ update: mkdir -p charts curl -sSL https://github.com/seaweedfs/seaweedfs/archive/refs/heads/master.tar.gz | \ tar xzvf - --strip 3 -C charts seaweedfs-master/k8s/charts/seaweedfs - patch --no-backup-if-mismatch -p4 < patches/retention-policy-delete.yaml patch --no-backup-if-mismatch -p4 < patches/resize-api-server-annotation.diff + #patch --no-backup-if-mismatch -p4 < patches/retention-policy-delete.yaml diff --git a/packages/system/seaweedfs/charts/seaweedfs/Chart.yaml b/packages/system/seaweedfs/charts/seaweedfs/Chart.yaml index 073679af..1dbacce0 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/Chart.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 description: SeaweedFS name: seaweedfs -appVersion: "3.71" +appVersion: "3.94" # Dev note: Trigger a helm chart release by `git tag -a helm-` -version: 4.0.0 +version: 4.0.394 diff --git a/packages/system/seaweedfs/charts/seaweedfs/README.md b/packages/system/seaweedfs/charts/seaweedfs/README.md index 41707ba8..30885aee 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/README.md +++ b/packages/system/seaweedfs/charts/seaweedfs/README.md @@ -57,7 +57,7 @@ Here is an example: to label a node to be able to run all pod types in k8s: ``` -kubectl label node YOUR_NODE_NAME sw-volume=true,sw-backend=true +kubectl label node YOUR_NODE_NAME sw-volume=true sw-backend=true ``` on production k8s deployment you will want each pod to have a different host, @@ -144,3 +144,8 @@ stringData: # this key must be an inline json config file seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"snu8yoP6QAlY0ne4","secretKey":"PNzBcmeLNEdR0oviwm04NQAicOrDH1Km"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"SCigFee6c5lbi04A","secretKey":"kgFhbT38R8WUYVtiFQ1OiSVOrYr3NKku"}],"actions":["Read"]}]}' ``` + +## Enterprise + +For enterprise users, please visit [seaweedfs.com](https://seaweedfs.com) for the SeaweedFS Enterprise Edition, +which has a self-healing storage format with better data protection. diff --git a/packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json b/packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json index f4e3b020..30b43f86 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json +++ b/packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json @@ -1505,6 +1505,96 @@ "title": "S3 Request Duration 99th percentile", "type": "timeseries" }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 0, + "y": 36 + }, + "id": 84, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "expr": "sum(rate(SeaweedFS_s3_bucket_traffic_received_bytes_total{namespace=\"$NAMESPACE\"}[$__interval])) by (bucket)", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{bucket}}", + "refId": "A" + } + ], + "title": "S3 Bucket Traffic Received", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 12, + "x": 12, + "y": 36 + }, + "id": 85, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "10.3.1", + "targets": [ + { + "expr": "sum(rate(SeaweedFS_s3_bucket_traffic_sent_bytes_total{namespace=\"$NAMESPACE\"}[$__interval])) by (bucket)", + "format": "time_series", + "hide": false, + "intervalFactor": 2, + "legendFormat": "{{bucket}}", + "refId": "A" + } + ], + "title": "S3 Bucket Traffic Sent", + "type": "timeseries" + }, { "datasource": { "type": "prometheus", @@ -1571,7 +1661,7 @@ "h": 7, "w": 24, "x": 0, - "y": 36 + "y": 41 }, "id": 72, "links": [], @@ -1689,7 +1779,7 @@ "h": 7, "w": 24, "x": 0, - "y": 43 + "y": 50 }, "id": 73, "links": [], @@ -1845,7 +1935,7 @@ "h": 7, "w": 24, "x": 0, - "y": 50 + "y": 57 }, "id": 55, "links": [], @@ -2002,7 +2092,7 @@ "h": 7, "w": 24, "x": 0, - "y": 57 + "y": 64 }, "hideTimeOverride": false, "id": 59, @@ -2074,7 +2164,7 @@ "h": 1, "w": 24, "x": 0, - "y": 64 + "y": 71 }, "id": 62, "panels": [], @@ -2146,7 +2236,7 @@ "h": 7, "w": 12, "x": 0, - "y": 65 + "y": 72 }, "id": 47, "links": [], @@ -2289,7 +2379,7 @@ "h": 7, "w": 12, "x": 12, - "y": 65 + "y": 72 }, "id": 40, "links": [], @@ -2386,7 +2476,7 @@ "h": 7, "w": 24, "x": 0, - "y": 72 + "y": 79 }, "id": 48, "links": [], @@ -2496,7 +2586,7 @@ "h": 7, "w": 24, "x": 0, - "y": 79 + "y": 86 }, "id": 50, "links": [], @@ -2598,7 +2688,7 @@ "h": 7, "w": 24, "x": 0, - "y": 86 + "y": 93 }, "id": 51, "links": [], @@ -2711,7 +2801,7 @@ "h": 7, "w": 12, "x": 0, - "y": 94 + "y": 101 }, "id": 12, "links": [], @@ -2806,7 +2896,7 @@ "h": 7, "w": 12, "x": 12, - "y": 94 + "y": 101 }, "id": 14, "links": [], @@ -2848,7 +2938,7 @@ "h": 1, "w": 24, "x": 0, - "y": 101 + "y": 108 }, "id": 64, "panels": [], @@ -2921,7 +3011,7 @@ "h": 7, "w": 12, "x": 0, - "y": 102 + "y": 109 }, "id": 52, "links": [], @@ -3049,7 +3139,7 @@ "h": 7, "w": 12, "x": 12, - "y": 102 + "y": 109 }, "id": 54, "links": [], @@ -3146,7 +3236,7 @@ "h": 7, "w": 24, "x": 0, - "y": 109 + "y": 116 }, "id": 53, "links": [], @@ -3266,4 +3356,4 @@ "uid": "a24009d7-cbda-4443-a132-1cc1c4677304", "version": 1, "weekStart": "" -} \ No newline at end of file +} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/_helpers.tpl b/packages/system/seaweedfs/charts/seaweedfs/templates/_helpers.tpl index d8261eb3..b15b07fa 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/_helpers.tpl +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/_helpers.tpl @@ -73,6 +73,16 @@ Inject extra environment vars in the format key:value, if populated {{- end -}} {{- end -}} +{{/* Return the proper sftp image */}} +{{- define "sftp.image" -}} +{{- if .Values.sftp.imageOverride -}} +{{- $imageOverride := .Values.sftp.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + {{/* Return the proper volume image */}} {{- define "volume.image" -}} {{- if .Values.volume.imageOverride -}} @@ -88,7 +98,7 @@ Inject extra environment vars in the format key:value, if populated {{- $registryName := default .Values.image.registry .Values.global.registry | toString -}} {{- $repositoryName := .Values.image.repository | toString -}} {{- $name := .Values.global.imageName | toString -}} -{{- $tag := .Chart.AppVersion | toString -}} +{{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}} {{- if $registryName -}} {{- printf "%s/%s%s:%s" $registryName $repositoryName $name $tag -}} {{- else -}} @@ -134,14 +144,17 @@ Inject extra environment vars in the format key:value, if populated {{/* Return the proper imagePullSecrets */}} {{- define "seaweedfs.imagePullSecrets" -}} -{{- if .Values.global.imagePullSecrets }} -{{- if kindIs "string" .Values.global.imagePullSecrets }} +{{- with .Values.global.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.global.imagePullSecrets }} -{{- else }} -imagePullSecrets: -{{- range .Values.global.imagePullSecrets }} +{{- if kindIs "string" . }} - name: {{ . }} +{{- else }} +{{- range . }} + {{- if kindIs "string" . }} + - name: {{ . }} + {{- else }} + - {{ toYaml . }} + {{- end}} {{- end }} {{- end }} {{- end }} @@ -165,3 +178,44 @@ Usage: {{- $value }} {{- end }} {{- end -}} + +{{/* +Converts a Kubernetes quantity like "256Mi" or "2G" to a float64 in base units, +handling both binary (Ki, Mi, Gi) and decimal (m, k, M) suffixes; numeric inputs +Usage: +{{ include "common.resource-quantity" "10Gi" }} +*/}} +{{- define "common.resource-quantity" -}} + {{- $value := . -}} + {{- $unit := 1.0 -}} + {{- if typeIs "string" . -}} + {{- $base2 := dict "Ki" 0x1p10 "Mi" 0x1p20 "Gi" 0x1p30 "Ti" 0x1p40 "Pi" 0x1p50 "Ei" 0x1p60 -}} + {{- $base10 := dict "m" 1e-3 "k" 1e3 "M" 1e6 "G" 1e9 "T" 1e12 "P" 1e15 "E" 1e18 -}} + {{- range $k, $v := merge $base2 $base10 -}} + {{- if hasSuffix $k $ -}} + {{- $value = trimSuffix $k $ -}} + {{- $unit = $v -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- mulf (float64 $value) $unit -}} +{{- end -}} + +{{/* +getOrGeneratePassword will check if a password exists in a secret and return it, +or generate a new random password if it doesn't exist. +*/}} +{{- define "getOrGeneratePassword" -}} +{{- $params := . -}} +{{- $namespace := $params.namespace -}} +{{- $secretName := $params.secretName -}} +{{- $key := $params.key -}} +{{- $length := default 16 $params.length -}} + +{{- $existingSecret := lookup "v1" "Secret" $namespace $secretName -}} +{{- if and $existingSecret (index $existingSecret.data $key) -}} + {{- index $existingSecret.data $key | b64dec -}} +{{- else -}} + {{- randAlphaNum $length -}} +{{- end -}} +{{- end -}} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-deployment.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-deployment.yaml new file mode 100644 index 00000000..1086d6a4 --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-deployment.yaml @@ -0,0 +1,428 @@ +{{- if .Values.allInOne.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-all-in-one + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + {{- if .Values.allInOne.annotations }} + annotations: + {{- toYaml .Values.allInOne.annotations | nindent 4 }} + {{- end }} +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.allInOne.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.allInOne.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.allInOne.restartPolicy }} + {{- if .Values.allInOne.affinity }} + affinity: + {{ tpl .Values.allInOne.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.allInOne.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.allInOne.topologySpreadConstraint . | nindent 8 | trim }} + {{- end }} + {{- if .Values.allInOne.tolerations }} + tolerations: + {{- tpl .Values.allInOne.tolerations . | nindent 8 }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 60 + enableServiceLinks: false + {{- if .Values.allInOne.priorityClassName }} + priorityClassName: {{ .Values.allInOne.priorityClassName | quote }} + {{- end }} + {{- if .Values.allInOne.serviceAccountName }} + serviceAccountName: {{ .Values.allInOne.serviceAccountName | quote }} + {{- end }} + {{- if .Values.allInOne.initContainers }} + initContainers: + {{- tpl .Values.allInOne.initContainers . | nindent 8 }} + {{- end }} + {{- if .Values.allInOne.podSecurityContext.enabled }} + securityContext: + {{- omit .Values.allInOne.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "master.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.allInOne.extraEnvironmentVars }} + {{- range $key, $value := .Values.allInOne.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + /usr/bin/weed \ + -v={{ .Values.global.loggingLevel }} \ + server \ + -dir=/data \ + -master \ + -volume \ + -ip=${POD_IP} \ + -ip.bind=0.0.0.0 \ + {{- if .Values.allInOne.idleTimeout }} + -idleTimeout={{ .Values.allInOne.idleTimeout }} \ + {{- end }} + {{- if .Values.allInOne.dataCenter }} + -dataCenter={{ .Values.allInOne.dataCenter }} \ + {{- end }} + {{- if .Values.allInOne.rack }} + -rack={{ .Values.allInOne.rack }} \ + {{- end }} + {{- if .Values.allInOne.whiteList }} + -whiteList={{ .Values.allInOne.whiteList }} \ + {{- end }} + {{- if .Values.allInOne.disableHttp }} + -disableHttp={{ .Values.allInOne.disableHttp }} \ + {{- end }} + -master.port={{ .Values.master.port }} \ + {{- if .Values.global.enableReplication }} + -master.defaultReplication={{ .Values.global.replicationPlacement }} \ + {{- else }} + -master.defaultReplication={{ .Values.master.defaultReplication }} \ + {{- end }} + {{- if .Values.master.volumePreallocate }} + -master.volumePreallocate \ + {{- end }} + -master.volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ + {{- if .Values.master.garbageThreshold }} + -master.garbageThreshold={{ .Values.master.garbageThreshold }} \ + {{- end }} + -volume.port={{ .Values.volume.port }} \ + -volume.readMode={{ .Values.volume.readMode }} \ + {{- if .Values.volume.imagesFixOrientation }} + -volume.images.fix.orientation \ + {{- end }} + {{- if .Values.volume.index }} + -volume.index={{ .Values.volume.index }} \ + {{- end }} + {{- if .Values.volume.fileSizeLimitMB }} + -volume.fileSizeLimitMB={{ .Values.volume.fileSizeLimitMB }} \ + {{- end }} + -volume.minFreeSpacePercent={{ .Values.volume.minFreeSpacePercent }} \ + -volume.compactionMBps={{ .Values.volume.compactionMBps }} \ + {{- if .Values.allInOne.metricsPort }} + -metricsPort={{ .Values.allInOne.metricsPort }} \ + {{- else if .Values.master.metricsPort }} + -metricsPort={{ .Values.master.metricsPort }} \ + {{- end }} + -filer \ + -filer.port={{ .Values.filer.port }} \ + {{- if .Values.filer.disableDirListing }} + -filer.disableDirListing \ + {{- end }} + -filer.dirListLimit={{ .Values.filer.dirListLimit }} \ + {{- if .Values.global.enableReplication }} + -filer.defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ + {{- else }} + -filer.defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ + {{- end }} + {{- if .Values.filer.maxMB }} + -filer.maxMB={{ .Values.filer.maxMB }} \ + {{- end }} + {{- if .Values.filer.encryptVolumeData }} + -filer.encryptVolumeData \ + {{- end }} + {{- if .Values.filer.filerGroup}} + -filer.filerGroup={{ .Values.filer.filerGroup}} \ + {{- end }} + {{- if .Values.filer.rack }} + -filer.rack={{ .Values.filer.rack }} \ + {{- end }} + {{- if .Values.filer.dataCenter }} + -filer.dataCenter={{ .Values.filer.dataCenter }} \ + {{- end }} + {{- if .Values.allInOne.s3.enabled }} + -s3 \ + -s3.port={{ .Values.s3.port }} \ + {{- if .Values.s3.domainName }} + -s3.domainName={{ .Values.s3.domainName }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + {{- if .Values.s3.httpsPort }} + -s3.port.https={{ .Values.s3.httpsPort }} \ + {{- end }} + -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} + -s3.allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ + {{- end }} + {{- if .Values.s3.enableAuth }} + -s3.config=/etc/sw/s3/seaweedfs_s3_config \ + {{- end }} + {{- if .Values.s3.auditLogConfig }} + -s3.auditLogConfig=/etc/sw/s3/s3_auditLogConfig.json \ + {{- end }} + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + -sftp \ + -sftp.port={{ .Values.sftp.port }} \ + {{- if .Values.sftp.sshPrivateKey }} + -sftp.sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ + {{- end }} + {{- if .Values.sftp.hostKeysFolder }} + -sftp.hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ + {{- end }} + {{- if .Values.sftp.authMethods }} + -sftp.authMethods={{ .Values.sftp.authMethods }} \ + {{- end }} + {{- if .Values.sftp.maxAuthTries }} + -sftp.maxAuthTries={{ .Values.sftp.maxAuthTries }} \ + {{- end }} + {{- if .Values.sftp.bannerMessage }} + -sftp.bannerMessage="{{ .Values.sftp.bannerMessage }}" \ + {{- end }} + {{- if .Values.sftp.loginGraceTime }} + -sftp.loginGraceTime={{ .Values.sftp.loginGraceTime }} \ + {{- end }} + {{- if .Values.sftp.clientAliveInterval }} + -sftp.clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ + {{- end }} + {{- if .Values.sftp.clientAliveCountMax }} + -sftp.clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ + {{- end }} + -sftp.userStoreFile=/etc/sw/sftp/seaweedfs_sftp_config \ + {{- end }} + + volumeMounts: + - name: data + mountPath: /data + {{- if and .Values.allInOne.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} + - name: config-s3-users + mountPath: /etc/sw/s3 + readOnly: true + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + - name: config-ssh + mountPath: /etc/sw/ssh + readOnly: true + - mountPath: /etc/sw/sftp + name: config-users + readOnly: true + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + mountPath: /etc/seaweedfs/notification.toml + subPath: notification.toml + readOnly: true + {{- end }} + - name: master-config + mountPath: /etc/seaweedfs/master.toml + subPath: master.toml + readOnly: true + {{- if .Values.global.enableSecurity }} + - name: security-config + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + readOnly: true + - name: ca-cert + mountPath: /usr/local/share/ca-certificates/ca/ + readOnly: true + - name: master-cert + mountPath: /usr/local/share/ca-certificates/master/ + readOnly: true + - name: volume-cert + mountPath: /usr/local/share/ca-certificates/volume/ + readOnly: true + - name: filer-cert + mountPath: /usr/local/share/ca-certificates/filer/ + readOnly: true + - name: client-cert + mountPath: /usr/local/share/ca-certificates/client/ + readOnly: true + {{- end }} + {{ tpl .Values.allInOne.extraVolumeMounts . | nindent 12 }} + ports: + - containerPort: {{ .Values.master.port }} + name: swfs-mas + - containerPort: {{ .Values.master.grpcPort }} + name: swfs-mas-grpc + - containerPort: {{ .Values.volume.port }} + name: swfs-vol + - containerPort: {{ .Values.volume.grpcPort }} + name: swfs-vol-grpc + - containerPort: {{ .Values.filer.port }} + name: swfs-fil + - containerPort: {{ .Values.filer.grpcPort }} + name: swfs-fil-grpc + {{- if .Values.allInOne.s3.enabled }} + - containerPort: {{ .Values.s3.port }} + name: swfs-s3 + {{- if .Values.s3.httpsPort }} + - containerPort: {{ .Values.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + - containerPort: {{ .Values.sftp.port }} + name: swfs-sftp + {{- end }} + {{- if .Values.allInOne.metricsPort }} + - containerPort: {{ .Values.allInOne.metricsPort }} + name: server-metrics + {{- end }} + {{- if .Values.allInOne.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.allInOne.readinessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.allInOne.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.allInOne.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.allInOne.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.allInOne.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.allInOne.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.allInOne.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.allInOne.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.allInOne.livenessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.allInOne.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.allInOne.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.allInOne.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.allInOne.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.allInOne.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.allInOne.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.allInOne.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.allInOne.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.allInOne.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.allInOne.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.allInOne.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: data + {{- if eq .Values.allInOne.data.type "hostPath" }} + hostPath: + path: {{ .Values.allInOne.data.hostPathPrefix }}/seaweedfs-all-in-one-data/ + type: DirectoryOrCreate + {{- else if eq .Values.allInOne.data.type "persistentVolumeClaim" }} + persistentVolumeClaim: + claimName: {{ .Values.allInOne.data.claimName }} + {{- else if eq .Values.allInOne.data.type "emptyDir" }} + emptyDir: {} + {{- end }} + {{- if and .Values.allInOne.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} + - name: config-s3-users + secret: + defaultMode: 420 + secretName: {{ default (printf "%s-s3-secret" (include "seaweedfs.name" .)) (or .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret) }} + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + - name: config-ssh + secret: + defaultMode: 420 + secretName: {{ default (printf "%s-sftp-ssh-secret" (include "seaweedfs.name" .)) .Values.sftp.existingSshConfigSecret }} + - name: config-users + secret: + defaultMode: 420 + secretName: {{ default (printf "%s-sftp-secret" (include "seaweedfs.name" .)) .Values.sftp.existingConfigSecret }} + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + configMap: + name: {{ template "seaweedfs.name" . }}-notification-config + {{- end }} + - name: master-config + configMap: + name: {{ template "seaweedfs.name" . }}-master-config + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.allInOne.extraVolumes . | nindent 8 }} + {{- if .Values.allInOne.nodeSelector }} + nodeSelector: + {{ tpl .Values.allInOne.nodeSelector . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-pvc.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-pvc.yaml new file mode 100644 index 00000000..49ac2014 --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.allInOne.enabled (eq .Values.allInOne.data.type "persistentVolumeClaim") }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.allInOne.data.claimName }} + labels: + app.kubernetes.io/component: seaweedfs-all-in-one + {{- if .Values.allInOne.annotations }} + annotations: + {{- toYaml .Values.allInOne.annotations | nindent 4 }} + {{- end }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.allInOne.data.size }} + {{- if .Values.allInOne.data.storageClass }} + storageClassName: {{ .Values.allInOne.data.storageClass }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-service.yml b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-service.yml new file mode 100644 index 00000000..14076a9c --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-service.yml @@ -0,0 +1,83 @@ +{{- if .Values.allInOne.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-all-in-one + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + {{- if .Values.allInOne.service.annotations }} + annotations: + {{- toYaml .Values.allInOne.service.annotations | nindent 4 }} + {{- end }} +spec: + internalTrafficPolicy: {{ .Values.allInOne.service.internalTrafficPolicy | default "Cluster" }} + ports: + # Master ports + - name: "swfs-master" + port: {{ .Values.master.port }} + targetPort: {{ .Values.master.port }} + protocol: TCP + - name: "swfs-master-grpc" + port: {{ .Values.master.grpcPort }} + targetPort: {{ .Values.master.grpcPort }} + protocol: TCP + + # Volume ports + - name: "swfs-volume" + port: {{ .Values.volume.port }} + targetPort: {{ .Values.volume.port }} + protocol: TCP + - name: "swfs-volume-grpc" + port: {{ .Values.volume.grpcPort }} + targetPort: {{ .Values.volume.grpcPort }} + protocol: TCP + + # Filer ports + - name: "swfs-filer" + port: {{ .Values.filer.port }} + targetPort: {{ .Values.filer.port }} + protocol: TCP + - name: "swfs-filer-grpc" + port: {{ .Values.filer.grpcPort }} + targetPort: {{ .Values.filer.grpcPort }} + protocol: TCP + + # S3 ports (if enabled) + {{- if .Values.allInOne.s3.enabled }} + - name: "swfs-s3" + port: {{ if .Values.allInOne.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + targetPort: {{ if .Values.allInOne.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + protocol: TCP + {{- if and .Values.allInOne.s3.enabled .Values.s3.httpsPort }} + - name: "swfs-s3-tls" + port: {{ .Values.s3.httpsPort }} + targetPort: {{ .Values.s3.httpsPort }} + protocol: TCP + {{- end }} + {{- end }} + + # SFTP ports (if enabled) + {{- if .Values.allInOne.sftp.enabled }} + - name: "swfs-sftp" + port: {{ .Values.sftp.port }} + targetPort: {{ .Values.sftp.port }} + protocol: TCP + {{- end }} + + # Server metrics port (single metrics endpoint for all services) + {{- if .Values.allInOne.metricsPort }} + - name: "server-metrics" + port: {{ .Values.allInOne.metricsPort }} + targetPort: {{ .Values.allInOne.metricsPort }} + protocol: TCP + {{- end }} + + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: seaweedfs-all-in-one +{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml new file mode 100644 index 00000000..0f9ce392 --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if .Values.allInOne.enabled }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-all-in-one + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: all-in-one + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.allInOne.metricsPort }} + - interval: 30s + port: server-metrics + scrapeTimeout: 5s + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: seaweedfs-all-in-one +{{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/cosi-deployment.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/cosi-deployment.yaml index 5c5c7e30..b200c89a 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/cosi-deployment.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/cosi-deployment.yaml @@ -9,6 +9,7 @@ metadata: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: objectstorage-provisioner spec: replicas: {{ .Values.cosi.replicas }} selector: @@ -39,6 +40,14 @@ spec: {{- end }} spec: restartPolicy: {{ default .Values.global.restartPolicy .Values.cosi.restartPolicy }} + {{- if .Values.cosi.affinity }} + affinity: + {{ tpl .Values.cosi.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.cosi.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.cosi.topologySpreadConstraint . | nindent 8 | trim }} + {{- end }} {{- if .Values.cosi.tolerations }} tolerations: {{ tpl .Values.cosi.tolerations . | nindent 8 | trim }} @@ -157,7 +166,7 @@ spec: volumeMounts: - mountPath: /var/lib/cosi name: socket - {{- with .Values.cosi.resources }} + {{- with .Values.cosi.sidecar.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} @@ -177,7 +186,7 @@ spec: {{- if .Values.cosi.existingConfigSecret }} secretName: {{ .Values.cosi.existingConfigSecret }} {{- else }} - secretName: seaweedfs-client-cert + secretName: seaweedfs-s3-secret {{- end }} {{- end }} {{- if .Values.global.enableSecurity }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-cert.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-cert.yaml index c17815af..4cb117ae 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-cert.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-cert.yaml @@ -10,6 +10,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: filer + {{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} + {{- end }} spec: secretName: {{ template "seaweedfs.name" . }}-filer-cert issuerRef: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service-client.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service-client.yaml index d7618c4c..1c32de0b 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service-client.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service-client.yaml @@ -13,6 +13,10 @@ metadata: {{- if .Values.filer.metricsPort }} monitoring: "true" {{- end }} +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} spec: clusterIP: None ports: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service.yaml index ab7e98df..67436972 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-service.yaml @@ -12,6 +12,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: filer +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} spec: clusterIP: None publishNotReadyAddresses: true diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-servicemonitor.yaml index 76c981c1..e26c04b1 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-servicemonitor.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-servicemonitor.yaml @@ -15,6 +15,10 @@ metadata: {{- with .Values.global.monitoring.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} spec: endpoints: - interval: 30s diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml index 49b62e86..d2dad009 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml @@ -10,6 +10,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: filer +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} spec: serviceName: {{ template "seaweedfs.name" . }}-filer podManagementPolicy: {{ .Values.filer.podManagementPolicy }} @@ -57,6 +61,10 @@ spec: affinity: {{ tpl .Values.filer.affinity . | nindent 8 | trim }} {{- end }} + {{- if .Values.filer.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.filer.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} {{- if .Values.filer.tolerations }} tolerations: {{ tpl .Values.filer.tolerations . | nindent 8 | trim }} @@ -154,6 +162,9 @@ spec: {{- if .Values.filer.metricsPort }} -metricsPort={{ .Values.filer.metricsPort }} \ {{- end }} + {{- if .Values.filer.metricsIp }} + -metricsIp={{ .Values.filer.metricsIp }} \ + {{- end }} {{- if .Values.filer.redirectOnRead }} -redirectOnRead \ {{- end }} @@ -165,7 +176,7 @@ spec: {{- end }} -dirListLimit={{ .Values.filer.dirListLimit }} \ {{- if .Values.global.enableReplication }} - -defaultReplicaPlacement={{ .Values.global.replicationPlacment }} \ + -defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ {{- else }} -defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ {{- end }} @@ -179,9 +190,16 @@ spec: -encryptVolumeData \ {{- end }} -ip=${POD_IP} \ + -ip.bind={{ .Values.filer.ipBind }} \ {{- if .Values.filer.filerGroup}} -filerGroup={{ .Values.filer.filerGroup}} \ {{- end }} + {{- if .Values.filer.rack }} + -rack={{ .Values.filer.rack }} \ + {{- end }} + {{- if .Values.filer.dataCenter }} + -dataCenter={{ .Values.filer.dataCenter }} \ + {{- end }} {{- if .Values.filer.s3.enabled }} -s3 \ -s3.port={{ .Values.filer.s3.port }} \ @@ -195,7 +213,7 @@ spec: -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ {{- end }} - {{- if .Values.filer.s3.allowEmptyFolder }} + {{- if eq (typeOf .Values.filer.s3.allowEmptyFolder) "bool" }} -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \ {{- end }} {{- if .Values.filer.s3.enableAuth }} @@ -205,7 +223,10 @@ spec: -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \ {{- end }} {{- end }} - -master={{ if .Values.global.masterServer }}{{.Values.global.masterServer}}{{ else }}{{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} + -master={{ if .Values.global.masterServer }}{{.Values.global.masterServer}}{{ else }}{{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} \ + {{- range .Values.filer.extraArgs }} + {{ . }} \ + {{- end }} volumeMounts: {{- if (or (eq .Values.filer.logs.type "hostPath") (eq .Values.filer.logs.type "persistentVolumeClaim") (eq .Values.filer.logs.type "emptyDir")) }} - name: seaweedfs-filer-log-volume @@ -220,6 +241,12 @@ spec: - name: data-filer mountPath: /data {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + readOnly: true + mountPath: /etc/seaweedfs/notification.toml + subPath: notification.toml + {{- end }} {{- if .Values.global.enableSecurity }} - name: security-config readOnly: true @@ -249,6 +276,14 @@ spec: name: metrics - containerPort: {{ .Values.filer.grpcPort }} #name: swfs-filer-grpc + {{- if .Values.filer.s3.enabled }} + - containerPort: {{ .Values.filer.s3.port }} + name: swfs-s3 + {{- if .Values.filer.s3.httpsPort }} + - containerPort: {{ .Values.filer.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} + {{- end }} {{- if .Values.filer.readinessProbe.enabled }} readinessProbe: httpGet: @@ -327,6 +362,11 @@ spec: secretName: seaweedfs-s3-secret {{- end }} {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + configMap: + name: {{ template "seaweedfs.name" . }}-notification-config + {{- end }} {{- if .Values.global.enableSecurity }} - name: security-config configMap: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/master-cert.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/master-cert.yaml index 47dcaacd..25678525 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/master-cert.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/master-cert.yaml @@ -10,6 +10,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: master +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} spec: secretName: {{ template "seaweedfs.name" . }}-master-cert issuerRef: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/master-configmap.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/master-configmap.yaml index 73155e87..b3d7fe7d 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/master-configmap.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/master-configmap.yaml @@ -1,4 +1,4 @@ -{{- if .Values.master.enabled }} +{{- if or .Values.master.enabled .Values.allInOne.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -9,6 +9,10 @@ metadata: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} data: master.toml: |- {{ .Values.master.config | nindent 4 }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/master-service.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/master-service.yaml index 9e69f94e..0086b84c 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/master-service.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/master-service.yaml @@ -11,6 +11,9 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} annotations: service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +{{- if .Values.master.annotations }} + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} spec: clusterIP: None publishNotReadyAddresses: true diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/master-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/master-servicemonitor.yaml index 81cade2e..7804e84a 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/master-servicemonitor.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/master-servicemonitor.yaml @@ -15,6 +15,10 @@ metadata: {{- with .Values.global.monitoring.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} spec: endpoints: - interval: 30s diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/master-statefulset.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/master-statefulset.yaml index 73d1f9fb..01387fc9 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/master-statefulset.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/master-statefulset.yaml @@ -9,6 +9,11 @@ metadata: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} spec: serviceName: {{ template "seaweedfs.name" . }}-master podManagementPolicy: {{ .Values.master.podManagementPolicy }} @@ -50,6 +55,10 @@ spec: affinity: {{ tpl .Values.master.affinity . | nindent 8 | trim }} {{- end }} + {{- if .Values.master.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.master.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} {{- if .Values.master.tolerations }} tolerations: {{ tpl .Values.master.tolerations . | nindent 8 | trim }} @@ -131,7 +140,7 @@ spec: -mdir=/data \ -ip.bind={{ .Values.master.ipBind }} \ {{- if .Values.global.enableReplication }} - -defaultReplication={{ .Values.global.replicationPlacment }} \ + -defaultReplication={{ .Values.global.replicationPlacement }} \ {{- else }} -defaultReplication={{ .Values.master.defaultReplication }} \ {{- end }} @@ -149,18 +158,36 @@ spec: {{- if .Values.master.metricsPort }} -metricsPort={{ .Values.master.metricsPort }} \ {{- end }} + {{- if .Values.master.metricsIp }} + -metricsIp={{ .Values.master.metricsIp }} \ + {{- end }} -volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ {{- if .Values.master.disableHttp }} -disableHttp \ {{- end }} - {{- if .Values.master.pulseSeconds }} - -pulseSeconds={{ .Values.master.pulseSeconds }} \ + {{- if .Values.master.resumeState }} + -resumeState \ + {{- end }} + {{- if .Values.master.raftHashicorp }} + -raftHashicorp \ + {{- end }} + {{- if .Values.master.raftBootstrap }} + -raftBootstrap \ + {{- end }} + {{- if .Values.master.electionTimeout }} + -electionTimeout={{ .Values.master.electionTimeout }} \ + {{- end }} + {{- if .Values.master.heartbeatInterval }} + -heartbeatInterval={{ .Values.master.heartbeatInterval }} \ {{- end }} {{- if .Values.master.garbageThreshold }} -garbageThreshold={{ .Values.master.garbageThreshold }} \ {{- end }} -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-master.{{ .Release.Namespace }} \ - -peers={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} + -peers={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} \ + {{- range .Values.master.extraArgs }} + {{ . }} \ + {{- end }} volumeMounts: - name : data-{{ .Release.Namespace }} mountPath: /data diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/notification-configmap.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/notification-configmap.yaml new file mode 100644 index 00000000..c638c877 --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/notification-configmap.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.filer.enabled .Values.filer.notificationConfig }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "seaweedfs.name" . }}-notification-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} +data: + notification.toml: |- + {{ .Values.filer.notificationConfig | nindent 4 }} +{{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/post-install-bucket-hook.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/post-install-bucket-hook.yaml index 2260bd84..44d65089 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/post-install-bucket-hook.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/post-install-bucket-hook.yaml @@ -32,9 +32,9 @@ spec: - name: WEED_CLUSTER_DEFAULT value: "sw" - name: WEED_CLUSTER_SW_MASTER - value: "{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}:9333" + value: "{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}:{{ .Values.master.port }}" - name: WEED_CLUSTER_SW_FILER - value: "{{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:8888" + value: "{{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }}" - name: POD_IP valueFrom: fieldRef: @@ -53,6 +53,26 @@ spec: - "/bin/sh" - "-ec" - | + wait_for_service() { + local url=$1 + local max_attempts=60 # 5 minutes total (5s * 60) + local attempt=1 + + echo "Waiting for service at $url..." + while [ $attempt -le $max_attempts ]; do + if wget -q --spider "$url" >/dev/null 2>&1; then + echo "Service at $url is up!" + return 0 + fi + echo "Attempt $attempt: Service not ready yet, retrying in 5s..." + sleep 5 + attempt=$((attempt + 1)) + done + echo "Service at $url failed to become ready within 5 minutes" + exit 1 + } + wait_for_service "http://$WEED_CLUSTER_SW_MASTER{{ .Values.master.readinessProbe.httpGet.path }}" + wait_for_service "http://$WEED_CLUSTER_SW_FILER{{ .Values.filer.readinessProbe.httpGet.path }}" {{- range $reg, $props := $.Values.filer.s3.createBuckets }} exec /bin/echo \ "s3.bucket.create --name {{ $props.name }}" |\ diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml index b678a0ef..d710fecb 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml @@ -9,12 +9,16 @@ metadata: helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 +{{- if .Values.s3.annotations }} + annotations: + {{- toYaml .Values.s3.annotations | nindent 4 }} +{{- end }} spec: replicas: {{ .Values.s3.replicas }} selector: matchLabels: app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: s3 template: @@ -39,6 +43,14 @@ spec: {{- end }} spec: restartPolicy: {{ default .Values.global.restartPolicy .Values.s3.restartPolicy }} + {{- if .Values.s3.affinity }} + affinity: + {{ tpl .Values.s3.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.s3.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.s3.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} {{- if .Values.s3.tolerations }} tolerations: {{ tpl .Values.s3.tolerations . | nindent 8 | trim }} @@ -131,7 +143,7 @@ spec: {{- if .Values.s3.domainName }} -domainName={{ .Values.s3.domainName }} \ {{- end }} - {{- if .Values.s3.allowEmptyFolder }} + {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} -allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ {{- end }} {{- if .Values.s3.enableAuth }} @@ -176,9 +188,13 @@ spec: ports: - containerPort: {{ .Values.s3.port }} name: swfs-s3 + {{- if .Values.s3.httpsPort }} + - containerPort: {{ .Values.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} {{- if .Values.s3.metricsPort }} - containerPort: {{ .Values.s3.metricsPort }} - name: "metrics" + name: metrics {{- end }} {{- if .Values.s3.readinessProbe.enabled }} readinessProbe: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-secret.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-secret.yaml index 969b31f5..587ea77c 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-secret.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-secret.yaml @@ -1,8 +1,8 @@ -{{- if or (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) (and .Values.s3.enabled .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) }} -{{- $access_key_admin := randAlphaNum 16 -}} -{{- $secret_key_admin := randAlphaNum 32 -}} -{{- $access_key_read := randAlphaNum 16 -}} -{{- $secret_key_read := randAlphaNum 32 -}} +{{- if or (and (or .Values.s3.enabled .Values.allInOne.enabled) .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) }} +{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_access_key_id" "length" 20) -}} +{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_secret_access_key" "length" 40) -}} +{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_access_key_id" "length" 20) -}} +{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_secret_access_key" "length" 40) -}} apiVersion: v1 kind: Secret type: Opaque @@ -11,7 +11,7 @@ metadata: namespace: {{ .Release.Namespace }} annotations: "helm.sh/resource-policy": keep - "helm.sh/hook": "pre-install" + "helm.sh/hook": "pre-install,pre-upgrade" labels: app.kubernetes.io/name: {{ template "seaweedfs.name" . }} helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -32,4 +32,4 @@ stringData: s3_auditLogConfig.json: | {{ toJson .Values.s3.auditLogConfig | nindent 4 }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-service.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-service.yaml index 01d79ad7..8afd4865 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-service.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-service.yaml @@ -9,6 +9,10 @@ metadata: app.kubernetes.io/component: s3 helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.s3.annotations }} + annotations: + {{- toYaml .Values.s3.annotations | nindent 4 }} +{{- end }} spec: internalTrafficPolicy: {{ .Values.s3.internalTrafficPolicy | default "Cluster" }} ports: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-servicemonitor.yaml index b47ba8ee..34825591 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/s3-servicemonitor.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/s3-servicemonitor.yaml @@ -15,6 +15,10 @@ metadata: {{- with .Values.global.monitoring.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} +{{- if .Values.s3.annotations }} + annotations: + {{- toYaml .Values.s3.annotations | nindent 4 }} +{{- end }} spec: endpoints: - interval: 30s @@ -22,8 +26,8 @@ spec: scrapeTimeout: 5s selector: matchLabels: - app: {{ template "seaweedfs.name" . }} - component: s3 + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: s3 {{- end }} {{- end }} {{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml index eb5a5eba..cf7801cc 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml @@ -1,20 +1,19 @@ {{- if .Values.global.monitoring.enabled }} {{- $files := .Files.Glob "dashboards/*.json" }} {{- if $files }} -apiVersion: v1 -kind: ConfigMapList -items: -{{- range $path, $fileContents := $files }} +{{- range $path, $file := $files }} {{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} -- apiVersion: v1 - kind: ConfigMap - metadata: - name: {{ printf "%s" $dashboardName | lower | replace "_" "-" }} - namespace: {{ $.Release.Namespace }} - labels: - grafana_dashboard: "1" - data: - {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s" $dashboardName | lower | replace "_" "-" }} + namespace: {{ $.Release.Namespace }} + labels: + grafana_dashboard: "1" +data: + {{ $dashboardName }}.json: |- +{{ toString $file | indent 4 }} +{{- end }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-deployment.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-deployment.yaml new file mode 100644 index 00000000..c0bcb2c4 --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-deployment.yaml @@ -0,0 +1,301 @@ +{{- if .Values.sftp.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + replicas: {{ .Values.sftp.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + {{ with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sftp.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sftp.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.sftp.restartPolicy }} + {{- if .Values.sftp.affinity }} + affinity: + {{ tpl .Values.sftp.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.sftp.topologySpreadConstraint . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.tolerations }} + tolerations: + {{ tpl .Values.sftp.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 10 + {{- if .Values.sftp.priorityClassName }} + priorityClassName: {{ .Values.sftp.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if .Values.sftp.serviceAccountName }} + serviceAccountName: {{ .Values.sftp.serviceAccountName | quote }} + {{- end }} + {{- if .Values.sftp.initContainers }} + initContainers: + {{ tpl .Values.sftp.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.podSecurityContext.enabled }} + securityContext: {{- omit .Values.sftp.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "sftp.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.sftp.extraEnvironmentVars }} + {{- range $key, $value := .Values.sftp.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if .Values.sftp.loggingOverrideLevel }} + -v={{ .Values.sftp.loggingOverrideLevel }} \ + {{- else }} + -v={{ .Values.global.loggingLevel }} \ + {{- end }} + sftp \ + -ip.bind={{ .Values.sftp.bindAddress }} \ + -port={{ .Values.sftp.port }} \ + {{- if .Values.sftp.metricsPort }} + -metricsPort={{ .Values.sftp.metricsPort }} \ + {{- end }} + {{- if .Values.sftp.metricsIp }} + -metricsIp={{ .Values.sftp.metricsIp }} \ + {{- end }} + {{- if .Values.sftp.sshPrivateKey }} + -sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ + {{- end }} + {{- if .Values.sftp.hostKeysFolder }} + -hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ + {{- end }} + {{- if .Values.sftp.authMethods }} + -authMethods={{ .Values.sftp.authMethods }} \ + {{- end }} + {{- if .Values.sftp.maxAuthTries }} + -maxAuthTries={{ .Values.sftp.maxAuthTries }} \ + {{- end }} + {{- if .Values.sftp.bannerMessage }} + -bannerMessage="{{ .Values.sftp.bannerMessage }}" \ + {{- end }} + {{- if .Values.sftp.loginGraceTime }} + -loginGraceTime={{ .Values.sftp.loginGraceTime }} \ + {{- end }} + {{- if .Values.sftp.clientAliveInterval }} + -clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ + {{- end }} + {{- if .Values.sftp.clientAliveCountMax }} + -clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ + {{- end }} + {{- if .Values.sftp.dataCenter }} + -dataCenter={{ .Values.sftp.dataCenter }} \ + {{- end }} + {{- if .Values.sftp.localSocket }} + -localSocket={{ .Values.sftp.localSocket }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + -cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + -userStoreFile=/etc/sw/seaweedfs_sftp_config \ + -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} + volumeMounts: + {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} + - name: logs + mountPath: "/logs/" + {{- end }} + {{- if .Values.sftp.enableAuth }} + - mountPath: /etc/sw + name: config-users + readOnly: true + {{- end }} + - mountPath: /etc/sw/ssh + name: config-ssh + readOnly: true + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.sftp.extraVolumeMounts . | nindent 12 | trim }} + ports: + - containerPort: {{ .Values.sftp.port }} + name: swfs-sftp + {{- if .Values.sftp.metricsPort }} + - containerPort: {{ .Values.sftp.metricsPort }} + name: metrics + {{- end }} + {{- if .Values.sftp.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: {{ .Values.sftp.port }} + initialDelaySeconds: {{ .Values.sftp.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sftp.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.sftp.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.sftp.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.sftp.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.sftp.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.sftp.port }} + initialDelaySeconds: {{ .Values.sftp.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sftp.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.sftp.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.sftp.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.sftp.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.sftp.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.sftp.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.sftp.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.sftp.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sftp.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.sftp.enableAuth }} + - name: config-users + secret: + defaultMode: 420 + {{- if .Values.sftp.existingConfigSecret }} + secretName: {{ .Values.sftp.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-sftp-secret + {{- end }} + {{- end }} + - name: config-ssh + secret: + defaultMode: 420 + {{- if .Values.sftp.existingSshConfigSecret }} + secretName: {{ .Values.sftp.existingSshConfigSecret }} + {{- else }} + secretName: seaweedfs-sftp-ssh-secret + {{- end }} + {{- if eq .Values.sftp.logs.type "hostPath" }} + - name: logs + hostPath: + path: {{ .Values.sftp.logs.hostPathPrefix }}/logs/seaweedfs/sftp + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.sftp.logs.type "emptyDir" }} + - name: logs + emptyDir: {} + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.sftp.extraVolumes . | indent 8 | trim }} + {{- if .Values.sftp.nodeSelector }} + nodeSelector: + {{ tpl .Values.sftp.nodeSelector . | indent 8 | trim }} + {{- end }} +{{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-secret.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-secret.yaml new file mode 100644 index 00000000..2cec992a --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-secret.yaml @@ -0,0 +1,33 @@ +{{- if or .Values.sftp.enabled .Values.allInOne.enabled }} +{{- $admin_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "admin_password" 20) -}} +{{- $read_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "readonly_password" 20) -}} +{{- $public_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "public_user_password" 20) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: seaweedfs-sftp-secret + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": "pre-install,pre-upgrade" + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp +stringData: + admin_password: {{ $admin_pwd }} + readonly_password: {{ $read_user_pwd }} + public_user_password: {{ $public_user_pwd }} + seaweedfs_sftp_config: '[{"Username":"admin","Password":"{{ $admin_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","write","list"]},"Uid":0,"Gid":0},{"Username":"readonly_user","Password":"{{ $read_user_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","list"]},"Uid":1112,"Gid":1112},{"Username":"public_user","Password":"{{ $public_user_pwd }}","PublicKeys":[],"HomeDir":"/public","Permissions":{"/public":["write","read","list"]},"Uid":1113,"Gid":1113}]' + seaweedfs_sftp_ssh_private_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8OwAAAJDjxkmk48ZJ + pAAAAAtzc2gtZWQyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8Ow + AAAEAeVy/4+gf6rjj2jla/AHqJpC1LcS5hn04IUs4q+iVq/MfgxzBwOmG15dW6WW7qrt6m + EQ3U3rTP7DSpnDRRVbw7AAAADHNla291ckAwMDY2NwE= + -----END OPENSSH PRIVATE KEY----- +{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-service.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-service.yaml new file mode 100644 index 00000000..5e67570d --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-service.yaml @@ -0,0 +1,32 @@ +{{- if .Values.sftp.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + internalTrafficPolicy: {{ .Values.sftp.internalTrafficPolicy | default "Cluster" }} + ports: + - name: "swfs-sftp" + port: {{ .Values.sftp.port }} + targetPort: {{ .Values.sftp.port }} + protocol: TCP +{{- if .Values.sftp.metricsPort }} + - name: "metrics" + port: {{ .Values.sftp.metricsPort }} + targetPort: {{ .Values.sftp.metricsPort }} + protocol: TCP +{{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp +{{- end }} \ No newline at end of file diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-servicemonitor.yaml new file mode 100644 index 00000000..4c718886 --- /dev/null +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/sftp-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.sftp.enabled }} +{{- if .Values.sftp.metricsPort }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp +{{- end }} +{{- end }} +{{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-cert.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-cert.yaml index 4df63db2..bd59a676 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-cert.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-cert.yaml @@ -10,6 +10,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/component: volume +{{- if .Values.volume.annotations }} + annotations: + {{- toYaml .Values.volume.annotations | nindent 4 }} +{{- end }} spec: secretName: {{ template "seaweedfs.name" . }}-volume-cert issuerRef: diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-resize-hook.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-resize-hook.yaml index 9f186eaa..8e3b5932 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-resize-hook.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-resize-hook.yaml @@ -1,40 +1,54 @@ -{{- if and .Values.volume.enabled .Values.volume.resizeHook.enabled }} {{- $seaweedfsName := include "seaweedfs.name" $ }} -{{- $replicas := int .Values.volume.replicas -}} -{{- $statefulsetName := printf "%s-volume" $seaweedfsName -}} -{{- $statefulset := (lookup "apps/v1" "StatefulSet" .Release.Namespace $statefulsetName) -}} +{{- $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} -{{/* Check for changes in volumeClaimTemplates */}} -{{- $templateChangesRequired := false -}} -{{- if $statefulset -}} - {{- range $dir := .Values.volume.dataDirs -}} - {{- if eq .type "persistentVolumeClaim" -}} - {{- $desiredSize := .size -}} - {{- range $statefulset.spec.volumeClaimTemplates -}} - {{- if and (eq .metadata.name $dir.name) (ne .spec.resources.requests.storage $desiredSize) -}} - {{- $templateChangesRequired = true -}} - {{- end -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} -{{/* Check for the need for patching existing PVCs */}} -{{- $pvcChangesRequired := false -}} -{{- range $dir := .Values.volume.dataDirs -}} - {{- if eq .type "persistentVolumeClaim" -}} - {{- $desiredSize := .size -}} - {{- range $i, $e := until $replicas }} - {{- $pvcName := printf "%s-%s-volume-%d" $dir.name $seaweedfsName $e -}} - {{- $currentPVC := (lookup "v1" "PersistentVolumeClaim" $.Release.Namespace $pvcName) -}} - {{- if and $currentPVC (ne ($currentPVC.spec.resources.requests.storage | toString) $desiredSize) -}} - {{- $pvcChangesRequired = true -}} - {{- end -}} - {{- end -}} - {{- end -}} -{{- end -}} +{{- if .Values.volume.resizeHook.enabled }} +{{- $commands := list }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} -{{- if or $templateChangesRequired $pvcChangesRequired }} +{{- if $volume.enabled }} +{{- $replicas := int $volume.replicas -}} +{{- $statefulsetName := printf "%s-%s" $seaweedfsName $volumeName -}} +{{- $statefulset := (lookup "apps/v1" "StatefulSet" $.Release.Namespace $statefulsetName) -}} + +{{/* Check for changes in volumeClaimTemplates */}} +{{- if $statefulset }} +{{- range $dir := $volume.dataDirs }} +{{- if eq .type "persistentVolumeClaim" }} +{{- $desiredSize := .size }} +{{- range $statefulset.spec.volumeClaimTemplates }} +{{- if and (eq .metadata.name $dir.name) (ne .spec.resources.requests.storage $desiredSize) }} +{{- $commands = append $commands (printf "kubectl delete statefulset %s --cascade=orphan" $statefulsetName) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{/* Check for the need for patching existing PVCs */}} +{{- range $dir := $volume.dataDirs }} +{{- if eq .type "persistentVolumeClaim" }} +{{- $desiredSize := .size }} +{{- range $i, $e := until $replicas }} +{{- $pvcName := printf "%s-%s-%s-%d" $dir.name $seaweedfsName $volumeName $e }} +{{- $currentPVC := (lookup "v1" "PersistentVolumeClaim" $.Release.Namespace $pvcName) }} +{{- if and $currentPVC }} +{{- $oldSize := include "common.resource-quantity" $currentPVC.spec.resources.requests.storage }} +{{- $newSize := include "common.resource-quantity" $desiredSize }} +{{- if gt $newSize $oldSize }} +{{- $commands = append $commands (printf "kubectl patch pvc %s-%s-%s-%d -p '{\"spec\":{\"resources\":{\"requests\":{\"storage\":\"%s\"}}}}'" $dir.name $seaweedfsName $volumeName $e $desiredSize) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- end }} +{{- end }} + +{{- if $commands }} apiVersion: batch/v1 kind: Job metadata: @@ -58,21 +72,9 @@ spec: command: ["sh", "-xec"] args: - | - {{- if $pvcChangesRequired -}} - {{- range $dir := .Values.volume.dataDirs -}} - {{- if eq .type "persistentVolumeClaim" -}} - {{- $desiredSize := .size -}} - {{- range $i, $e := until $replicas }} - kubectl patch pvc {{ printf "%s-%s-volume-%d" $dir.name $seaweedfsName $e }} -p '{"spec":{"resources":{"requests":{"storage":"{{ $desiredSize }}"}}}}' + {{- range $commands }} + {{ . }} {{- end }} - {{- end }} - {{- end }} - {{- end -}} - - {{- if $templateChangesRequired }} - kubectl delete statefulset {{ $statefulsetName }} --cascade=orphan - {{- end }} -{{- end }} --- apiVersion: v1 kind: ServiceAccount @@ -114,4 +116,5 @@ roleRef: kind: Role name: {{ $seaweedfsName }}-volume-resize-hook apiGroup: rbac.authorization.k8s.io +{{- end }} {{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-service.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-service.yaml index 1205f4fa..dfafc816 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-service.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-service.yaml @@ -1,33 +1,44 @@ -{{- if .Values.volume.enabled }} +{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +--- apiVersion: v1 kind: Service metadata: - name: {{ template "seaweedfs.name" . }}-volume - namespace: {{ .Release.Namespace }} + name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + namespace: {{ $.Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: volume - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/component: {{ $volumeName }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} +{{- if $volume.annotations }} + annotations: + {{- toYaml $volume.annotations | nindent 4 }} +{{- end }} spec: clusterIP: None - internalTrafficPolicy: {{ .Values.volume.internalTrafficPolicy | default "Cluster" }} + internalTrafficPolicy: {{ $volume.internalTrafficPolicy | default "Cluster" }} ports: - name: "swfs-volume" - port: {{ .Values.volume.port }} - targetPort: {{ .Values.volume.port }} + port: {{ $volume.port }} + targetPort: {{ $volume.port }} protocol: TCP - name: "swfs-volume-18080" - port: {{ .Values.volume.grpcPort }} - targetPort: {{ .Values.volume.grpcPort }} + port: {{ $volume.grpcPort }} + targetPort: {{ $volume.grpcPort }} protocol: TCP -{{- if .Values.volume.metricsPort }} +{{- if $volume.metricsPort }} - name: "metrics" - port: {{ .Values.volume.metricsPort }} - targetPort: {{ .Values.volume.metricsPort }} + port: {{ $volume.metricsPort }} + targetPort: {{ $volume.metricsPort }} protocol: TCP {{- end }} selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: volume + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/component: {{ $volumeName }} +{{- end }} {{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml index 4aeacc41..dd8a9f9d 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-servicemonitor.yaml @@ -1,20 +1,30 @@ -{{- if .Values.volume.enabled }} -{{- if .Values.volume.metricsPort }} -{{- if .Values.global.monitoring.enabled }} +{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +{{- if $volume.metricsPort }} +{{- if $.Values.global.monitoring.enabled }} +--- apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: - name: {{ template "seaweedfs.name" . }}-volume - namespace: {{ .Release.Namespace }} + name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + namespace: {{ $.Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: volume - {{- with .Values.global.monitoring.additionalLabels }} + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} + {{- with $.Values.global.monitoring.additionalLabels }} {{- toYaml . | nindent 4 }} {{- end }} +{{- if .Values.volume.annotations }} + annotations: + {{- toYaml .Values.volume.annotations | nindent 4 }} +{{- end }} spec: endpoints: - interval: 30s @@ -22,8 +32,9 @@ spec: scrapeTimeout: 5s selector: matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: volume + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/component: {{ $volumeName }} +{{- end }} {{- end }} {{- end }} {{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-statefulset.yaml b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-statefulset.yaml index eb3bb913..19740160 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/templates/volume-statefulset.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/templates/volume-statefulset.yaml @@ -1,93 +1,105 @@ -{{- if .Values.volume.enabled }} +{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +--- apiVersion: apps/v1 kind: StatefulSet metadata: - name: {{ template "seaweedfs.name" . }}-volume - namespace: {{ .Release.Namespace }} + name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + namespace: {{ $.Release.Namespace }} labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} +{{- if $volume.annotations }} + annotations: + {{- toYaml $volume.annotations | nindent 4 }} +{{- end }} spec: - persistentVolumeClaimRetentionPolicy: - whenDeleted: Delete - whenScaled: Delete - serviceName: {{ template "seaweedfs.name" . }}-volume - replicas: {{ .Values.volume.replicas }} - podManagementPolicy: {{ .Values.volume.podManagementPolicy }} + serviceName: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + replicas: {{ $volume.replicas }} + podManagementPolicy: {{ $volume.podManagementPolicy }} selector: matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: volume + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} template: metadata: labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: volume - {{ with .Values.podLabels }} + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} + {{ with $.Values.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volume.podLabels }} + {{- with $volume.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} annotations: - {{ with .Values.podAnnotations }} + {{ with $.Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.volume.podAnnotations }} + {{- with $volume.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- if .Values.volume.affinity }} + {{- if $volume.affinity }} affinity: - {{ tpl .Values.volume.affinity . | nindent 8 | trim }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.affinity) $ | indent 8 | trim }} {{- end }} - restartPolicy: {{ default .Values.global.restartPolicy .Values.volume.restartPolicy }} - {{- if .Values.volume.tolerations }} + {{- if $volume.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.topologySpreadConstraints) $ | nindent 8 | trim }} + {{- end }} + restartPolicy: {{ default $.Values.global.restartPolicy $volume.restartPolicy }} + {{- if $volume.tolerations }} tolerations: - {{ tpl .Values.volume.tolerations . | nindent 8 | trim }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.tolerations) $ | indent 8 | trim }} {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + {{- include "seaweedfs.imagePullSecrets" $ | nindent 6 }} terminationGracePeriodSeconds: 150 - {{- if .Values.volume.priorityClassName }} - priorityClassName: {{ .Values.volume.priorityClassName | quote }} + {{- if $volume.priorityClassName }} + priorityClassName: {{ $volume.priorityClassName | quote }} {{- end }} enableServiceLinks: false - {{- if .Values.global.createClusterRole }} - serviceAccountName: {{ .Values.volume.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration + {{- if $.Values.global.createClusterRole }} + serviceAccountName: {{ $volume.serviceAccountName | default $.Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration {{- end }} - {{- $initContainers_exists := include "volume.initContainers_exists" . -}} + {{- $initContainers_exists := include "volume.initContainers_exists" $ -}} {{- if $initContainers_exists }} initContainers: - {{- if .Values.volume.idx }} + {{- if $volume.idx }} - name: seaweedfs-vol-move-idx - image: {{ template "volume.image" . }} - imagePullPolicy: {{ .Values.global.imagePullPolicy | default "IfNotPresent" }} + image: {{ template "volume.image" $ }} + imagePullPolicy: {{ $.Values.global.imagePullPolicy | default "IfNotPresent" }} command: [ '/bin/sh', '-c' ] - args: [ '{{range $dir := .Values.volume.dataDirs }}if ls /{{$dir.name}}/*.idx >/dev/null 2>&1; then mv /{{$dir.name}}/*.idx /idx/ ; fi; {{end}}' ] + args: [ '{{range $dir := $volume.dataDirs }}if ls /{{$dir.name}}/*.idx >/dev/null 2>&1; then mv /{{$dir.name}}/*.idx /idx/ ; fi; {{end}}' ] volumeMounts: - name: idx mountPath: /idx - {{- range $dir := .Values.volume.dataDirs }} + {{- range $dir := $volume.dataDirs }} - name: {{ $dir.name }} mountPath: /{{ $dir.name }} {{- end }} {{- end }} - {{- if .Values.volume.initContainers }} - {{ tpl .Values.volume.initContainers . | nindent 8 | trim }} + {{- if $volume.initContainers }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.initContainers) $ | indent 8 | trim }} {{- end }} {{- end }} - {{- if .Values.volume.podSecurityContext.enabled }} - securityContext: {{- omit .Values.volume.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- if $volume.podSecurityContext.enabled }} + securityContext: {{- omit $volume.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} containers: - name: seaweedfs - image: {{ template "volume.image" . }} - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + image: {{ template "volume.image" $ }} + imagePullPolicy: {{ default "IfNotPresent" $.Values.global.imagePullPolicy }} env: - name: POD_NAME valueFrom: @@ -102,9 +114,9 @@ spec: fieldRef: fieldPath: status.hostIP - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - {{- if .Values.volume.extraEnvironmentVars }} - {{- range $key, $value := .Values.volume.extraEnvironmentVars }} + value: "{{ template "seaweedfs.name" $ }}" + {{- if $volume.extraEnvironmentVars }} + {{- range $key, $value := $volume.extraEnvironmentVars }} - name: {{ $key }} {{- if kindIs "string" $value }} value: {{ $value | quote }} @@ -114,8 +126,8 @@ spec: {{- end -}} {{- end }} {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} + {{- if $.Values.global.extraEnvironmentVars }} + {{- range $key, $value := $.Values.global.extraEnvironmentVars }} - name: {{ $key }} {{- if kindIs "string" $value }} value: {{ $value | quote }} @@ -130,67 +142,77 @@ spec: - "-ec" - | exec /usr/bin/weed \ - {{- if .Values.volume.logs }} + {{- if $volume.logs }} -logdir=/logs \ {{- else }} -logtostderr=true \ {{- end }} - {{- if .Values.volume.loggingOverrideLevel }} - -v={{ .Values.volume.loggingOverrideLevel }} \ + {{- if $volume.loggingOverrideLevel }} + -v={{ $volume.loggingOverrideLevel }} \ {{- else }} - -v={{ .Values.global.loggingLevel }} \ + -v={{ $.Values.global.loggingLevel }} \ {{- end }} volume \ - -port={{ .Values.volume.port }} \ - {{- if .Values.volume.metricsPort }} - -metricsPort={{ .Values.volume.metricsPort }} \ + -port={{ $volume.port }} \ + {{- if $volume.metricsPort }} + -metricsPort={{ $volume.metricsPort }} \ {{- end }} - -dir {{range $index, $dir := .Values.volume.dataDirs }}{{if ne $index 0}},{{end}}/{{$dir.name}}{{end}} \ - {{- if .Values.volume.idx }} + {{- if $volume.metricsIp }} + -metricsIp={{ $volume.metricsIp }} \ + {{- end }} + -dir {{range $index, $dir := $volume.dataDirs }}{{if ne $index 0}},{{end}}/{{$dir.name}}{{end}} \ + {{- if $volume.idx }} -dir.idx=/idx \ {{- end }} - -max {{range $index, $dir := .Values.volume.dataDirs }}{{if ne $index 0}},{{end}}{{$dir.maxVolumes}}{{end}} \ - {{- if .Values.volume.rack }} - -rack={{ .Values.volume.rack }} \ + -max {{range $index, $dir := $volume.dataDirs }}{{if ne $index 0}},{{end}} + {{- if eq ($dir.maxVolumes | toString) "0" }}0{{ else if not $dir.maxVolumes }}7{{ else }}{{$dir.maxVolumes}}{{ end }} + {{- end }} \ + {{- if $volume.rack }} + -rack={{ $volume.rack }} \ {{- end }} - {{- if .Values.volume.dataCenter }} - -dataCenter={{ .Values.volume.dataCenter }} \ + {{- if $volume.dataCenter }} + -dataCenter={{ $volume.dataCenter }} \ {{- end }} - -ip.bind={{ .Values.volume.ipBind }} \ - -readMode={{ .Values.volume.readMode }} \ - {{- if .Values.volume.whiteList }} - -whiteList={{ .Values.volume.whiteList }} \ + -ip.bind={{ $volume.ipBind }} \ + -readMode={{ $volume.readMode }} \ + {{- if $volume.whiteList }} + -whiteList={{ $volume.whiteList }} \ {{- end }} - {{- if .Values.volume.imagesFixOrientation }} + {{- if $volume.imagesFixOrientation }} -images.fix.orientation \ {{- end }} - {{- if .Values.volume.pulseSeconds }} - -pulseSeconds={{ .Values.volume.pulseSeconds }} \ + {{- if $volume.pulseSeconds }} + -pulseSeconds={{ $volume.pulseSeconds }} \ {{- end }} - {{- if .Values.volume.index }} - -index={{ .Values.volume.index }} \ + {{- if $volume.index }} + -index={{ $volume.index }} \ {{- end }} - {{- if .Values.volume.fileSizeLimitMB }} - -fileSizeLimitMB={{ .Values.volume.fileSizeLimitMB }} \ + {{- if $volume.fileSizeLimitMB }} + -fileSizeLimitMB={{ $volume.fileSizeLimitMB }} \ + {{- end }} + -minFreeSpacePercent={{ $volume.minFreeSpacePercent }} \ + -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-{{ $volumeName }}.{{ $.Release.Namespace }} \ + -compactionMBps={{ $volume.compactionMBps }} \ + -mserver={{ if $.Values.global.masterServer }}{{ $.Values.global.masterServer}}{{ else }}{{ range $index := until ($.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} + {{- range $volume.extraArgs }} + {{ . }} \ {{- end }} - -minFreeSpacePercent={{ .Values.volume.minFreeSpacePercent }} \ - -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-volume.{{ .Release.Namespace }} \ - -compactionMBps={{ .Values.volume.compactionMBps }} \ - -mserver={{ if .Values.global.masterServer }}{{.Values.global.masterServer}}{{ else }}{{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} volumeMounts: - {{- range $dir := .Values.volume.dataDirs }} + {{- range $dir := $volume.dataDirs }} + {{- if not ( eq $dir.type "custom" ) }} - name: {{ $dir.name }} mountPath: "/{{ $dir.name }}/" {{- end }} - {{- if .Values.volume.logs }} + {{- end }} + {{- if $volume.logs }} - name: logs mountPath: "/logs/" {{- end }} - {{- if .Values.volume.idx }} + {{- if $volume.idx }} - name: idx mountPath: "/idx/" {{- end }} - {{- if .Values.global.enableSecurity }} + {{- if $.Values.global.enableSecurity }} - name: security-config readOnly: true mountPath: /etc/seaweedfs/security.toml @@ -211,53 +233,53 @@ spec: readOnly: true mountPath: /usr/local/share/ca-certificates/client/ {{- end }} - {{ tpl .Values.volume.extraVolumeMounts . | nindent 12 | trim }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.extraVolumeMounts) $ | indent 12 | trim }} ports: - - containerPort: {{ .Values.volume.port }} + - containerPort: {{ $volume.port }} name: swfs-vol - {{- if .Values.volume.metricsPort }} - - containerPort: {{ .Values.volume.metricsPort }} + {{- if $volume.metricsPort }} + - containerPort: {{ $volume.metricsPort }} name: metrics {{- end }} - - containerPort: {{ .Values.volume.grpcPort }} + - containerPort: {{ $volume.grpcPort }} name: swfs-vol-grpc - {{- if .Values.volume.readinessProbe.enabled }} + {{- if $volume.readinessProbe.enabled }} readinessProbe: httpGet: - path: {{ .Values.volume.readinessProbe.httpGet.path }} - port: {{ .Values.volume.port }} - scheme: {{ .Values.volume.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.volume.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.volume.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.volume.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.volume.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.volume.readinessProbe.timeoutSeconds }} + path: {{ $volume.readinessProbe.httpGet.path }} + port: {{ $volume.port }} + scheme: {{ $volume.readinessProbe.scheme }} + initialDelaySeconds: {{ $volume.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $volume.readinessProbe.periodSeconds }} + successThreshold: {{ $volume.readinessProbe.successThreshold }} + failureThreshold: {{ $volume.readinessProbe.failureThreshold }} + timeoutSeconds: {{ $volume.readinessProbe.timeoutSeconds }} {{- end }} - {{- if .Values.volume.livenessProbe.enabled }} + {{- if $volume.livenessProbe.enabled }} livenessProbe: httpGet: - path: {{ .Values.volume.livenessProbe.httpGet.path }} - port: {{ .Values.volume.port }} - scheme: {{ .Values.volume.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.volume.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.volume.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.volume.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.volume.livenessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.volume.livenessProbe.timeoutSeconds }} + path: {{ $volume.livenessProbe.httpGet.path }} + port: {{ $volume.port }} + scheme: {{ $volume.livenessProbe.scheme }} + initialDelaySeconds: {{ $volume.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $volume.livenessProbe.periodSeconds }} + successThreshold: {{ $volume.livenessProbe.successThreshold }} + failureThreshold: {{ $volume.livenessProbe.failureThreshold }} + timeoutSeconds: {{ $volume.livenessProbe.timeoutSeconds }} {{- end }} - {{- with .Values.volume.resources }} + {{- with $volume.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} - {{- if .Values.volume.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.volume.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- if $volume.containerSecurityContext.enabled }} + securityContext: {{- omit $volume.containerSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} - {{- if .Values.volume.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.volume.sidecars "context" $) | nindent 8 }} + {{- if $volume.sidecars }} + {{- include "common.tplvalues.render" (dict "value" (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.sidecars) "context" $) | nindent 8 }} {{- end }} volumes: - {{- range $dir := .Values.volume.dataDirs }} + {{- range $dir := $volume.dataDirs }} {{- if eq $dir.type "hostPath" }} - name: {{ $dir.name }} @@ -277,72 +299,74 @@ spec: {{- end }} - {{- if .Values.volume.idx }} - {{- if eq .Values.volume.idx.type "hostPath" }} + {{- if $volume.idx }} + {{- if eq $volume.idx.type "hostPath" }} - name: idx hostPath: - path: {{ .Values.volume.idx.hostPathPrefix }}/seaweedfs-volume-idx/ + path: {{ $volume.idx.hostPathPrefix }}/seaweedfs-volume-idx/ type: DirectoryOrCreate {{- end }} - {{- if eq .Values.volume.idx.type "existingClaim" }} + {{- if eq $volume.idx.type "existingClaim" }} - name: idx persistentVolumeClaim: - claimName: {{ .Values.volume.idx.claimName }} + claimName: {{ $volume.idx.claimName }} {{- end }} - {{- if eq .Values.volume.idx.type "emptyDir" }} + {{- if eq $volume.idx.type "emptyDir" }} - name: idx emptyDir: {} {{- end }} {{- end }} - {{- if .Values.volume.logs }} - {{- if eq .Values.volume.logs.type "hostPath" }} + {{- if $volume.logs }} + {{- if eq $volume.logs.type "hostPath" }} - name: logs hostPath: - path: {{ .Values.volume.logs.hostPathPrefix }}/logs/seaweedfs/volume + path: {{ $volume.logs.hostPathPrefix }}/logs/seaweedfs/volume type: DirectoryOrCreate {{- end }} - {{- if eq .Values.volume.logs.type "existingClaim" }} + {{- if eq $volume.logs.type "existingClaim" }} - name: logs persistentVolumeClaim: - claimName: {{ .Values.volume.logs.claimName }} + claimName: {{ $volume.logs.claimName }} {{- end }} - {{- if eq .Values.volume.logs.type "emptyDir" }} + {{- if eq $volume.logs.type "emptyDir" }} - name: logs emptyDir: {} {{- end }} {{- end }} - {{- if .Values.global.enableSecurity }} + {{- if $.Values.global.enableSecurity }} - name: security-config configMap: - name: {{ template "seaweedfs.name" . }}-security-config + name: {{ template "seaweedfs.name" $ }}-security-config - name: ca-cert secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert + secretName: {{ template "seaweedfs.name" $ }}-ca-cert - name: master-cert secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert + secretName: {{ template "seaweedfs.name" $ }}-master-cert - name: volume-cert secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert + secretName: {{ template "seaweedfs.name" $ }}-volume-cert - name: filer-cert secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert + secretName: {{ template "seaweedfs.name" $ }}-filer-cert - name: client-cert secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert + secretName: {{ template "seaweedfs.name" $ }}-client-cert {{- end }} - {{- if .Values.volume.extraVolumes }} - {{ tpl .Values.volume.extraVolumes . | indent 8 | trim }} + {{- if $volume.extraVolumes }} + {{ tpl $volume.extraVolumes $ | indent 8 | trim }} {{- end }} - {{- if .Values.volume.nodeSelector }} + {{- if $volume.nodeSelector }} nodeSelector: - {{ tpl .Values.volume.nodeSelector . | indent 8 | trim }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.nodeSelector) $ | indent 8 | trim }} {{- end }} volumeClaimTemplates: - {{- range $dir := .Values.volume.dataDirs }} + {{- range $dir := $volume.dataDirs }} {{- if eq $dir.type "persistentVolumeClaim" }} - - metadata: + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: {{ $dir.name }} {{- with $dir.annotations }} annotations: @@ -357,32 +381,37 @@ spec: {{- end }} {{- end }} - {{- if and .Values.volume.idx (eq .Values.volume.idx.type "persistentVolumeClaim") }} - - metadata: + {{- if and $volume.idx (eq $volume.idx.type "persistentVolumeClaim") }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: idx - {{- with .Values.volume.idx.annotations }} + {{- with $volume.idx.annotations }} annotations: {{- toYaml . | nindent 10 }} {{- end }} spec: accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.volume.idx.storageClass }} + storageClassName: {{ $volume.idx.storageClass }} resources: requests: - storage: {{ .Values.volume.idx.size }} + storage: {{ $volume.idx.size }} {{- end }} - {{- if and .Values.volume.logs (eq .Values.volume.logs.type "persistentVolumeClaim") }} - - metadata: + {{- if and $volume.logs (eq $volume.logs.type "persistentVolumeClaim") }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: name: logs - {{- with .Values.volume.logs.annotations }} + {{- with $volume.logs.annotations }} annotations: {{- toYaml . | nindent 10 }} {{- end }} spec: accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.volume.logs.storageClass }} + storageClassName: {{ $volume.logs.storageClass }} resources: requests: - storage: {{ .Values.volume.logs.size }} - {{- end }} + storage: {{ $volume.logs.size }} {{- end }} +{{- end }} +{{- end }} diff --git a/packages/system/seaweedfs/charts/seaweedfs/values.yaml b/packages/system/seaweedfs/charts/seaweedfs/values.yaml index 3aecc5a7..b1b97de1 100644 --- a/packages/system/seaweedfs/charts/seaweedfs/values.yaml +++ b/packages/system/seaweedfs/charts/seaweedfs/values.yaml @@ -27,13 +27,13 @@ global: gatewayHost: null gatewayPort: null additionalLabels: {} - # if enabled will use global.replicationPlacment and override master & filer defaultReplicaPlacement config + # if enabled will use global.replicationPlacement and override master & filer defaultReplicaPlacement config enableReplication: false # replication type is XYZ: # X number of replica in other data centers # Y number of replica in other racks in the same data center # Z number of replica in other servers in the same rack - replicationPlacment: "001" + replicationPlacement: "001" extraEnvironmentVars: WEED_CLUSTER_DEFAULT: "sw" WEED_CLUSTER_SW_MASTER: "seaweedfs-master.seaweedfs:9333" @@ -46,6 +46,7 @@ global: image: registry: "" repository: "" + tag: "" master: enabled: true @@ -55,12 +56,11 @@ master: port: 9333 grpcPort: 19333 metricsPort: 9327 + metricsIp: "" # Metrics listen IP. If empty, defaults to ipBind ipBind: "0.0.0.0" volumePreallocate: false volumeSizeLimitMB: 1000 loggingOverrideLevel: null - # number of seconds between heartbeats, default 5 - pulseSeconds: null # threshold to vacuum and reclaim spaces, default 0.3 (30%) garbageThreshold: null # Prometheus push interval in seconds, default 15 @@ -74,6 +74,25 @@ master: # Disable http request, only gRpc operations are allowed disableHttp: false + # Resume previous state on start master server + resumeState: false + # Use Hashicorp Raft + raftHashicorp: false + # Whether to bootstrap the Raft cluster. Only use it when use Hashicorp Raft + raftBootstrap: false + + # election timeout of master servers + electionTimeout: "10s" + # heartbeat interval of master servers, and will be randomly multiplied by [1, 1.25) + heartbeatInterval: "300ms" + + # Custom command line arguments to add to the master command + # Example to fix IPv6 metrics connectivity issues: + # extraArgs: ["-metricsIp", "0.0.0.0"] + # Example with multiple args: + # extraArgs: ["-customFlag", "value", "-anotherFlag"] + extraArgs: [] + config: |- # Enter any extra configuration for master.toml here. # It may be a multi-line string. @@ -100,6 +119,15 @@ master: storageClass: "" hostPathPrefix: /ssd + # You may use ANY storage-class, example with local-path-provisioner + # Annotations are optional. + # logs: + # type: "persistentVolumeClaim" + # size: "24Ti" + # storageClass: "local-path-provisioner" + # annotations: + # "key": "value" + # You can also use emptyDir storage: # logs: # type: "emptyDir" @@ -131,6 +159,9 @@ master: # Annotations to be added to the master pods podAnnotations: {} + # Annotations to be added to the master resources + annotations: {} + ## Set podManagementPolicy podManagementPolicy: Parallel @@ -157,6 +188,11 @@ master: app.kubernetes.io/component: master topologyKey: kubernetes.io/hostname + # Topology Spread Constraints Settings + # This should map directly to the value of the topologySpreadConstraints + # for a PodSpec. By Default no constraints are set. + topologySpreadConstraints: "" + # Toleration Settings for master pods # This should be a multi-line string matching the Toleration array # in a PodSpec. @@ -259,6 +295,7 @@ volume: port: 8080 grpcPort: 18080 metricsPort: 9327 + metricsIp: "" # Metrics listen IP. If empty, defaults to ipBind ipBind: "0.0.0.0" replicas: 1 loggingOverrideLevel: null @@ -271,10 +308,17 @@ volume: # minimum free disk space(in percents). If free disk space lower this value - all volumes marks as ReadOnly minFreeSpacePercent: 7 + # Custom command line arguments to add to the volume command + # Example to fix IPv6 metrics connectivity issues: + # extraArgs: ["-metricsIp", "0.0.0.0"] + # Example with multiple args: + # extraArgs: ["-customFlag", "value", "-anotherFlag"] + extraArgs: [] + # For each data disk you may use ANY storage-class, example with local-path-provisioner # Annotations are optional. # dataDirs: - # - name: data: + # - name: data # type: "persistentVolumeClaim" # size: "24Ti" # storageClass: "local-path-provisioner" @@ -292,6 +336,12 @@ volume: # - name: data # type: "emptyDir" # maxVolumes: 0 # If set to zero on non-windows OS, the limit will be auto configured. (default "7") + # + # If these don't meet your needs, you can use "custom" here along with extraVolumes and extraVolumeMounts + # Particularly useful when using more than 1 for the volume server replicas. + # - name: data + # type: "custom" + # maxVolumes: 0 # If set to zero on non-windows OS, the limit will be auto configured. (default "7") dataDirs: - name: data1 @@ -372,6 +422,15 @@ volume: sidecars: [] initContainers: "" + # Example for use when using more than 1 volume server replica + # extraVolumeMounts: | + # - name: drive + # mountPath: /drive + # subPathExpr: $(POD_NAME) + # extraVolumes: | + # - name: drive + # hostPath: + # path: /var/mnt/ extraVolumes: "" extraVolumeMounts: "" @@ -381,6 +440,9 @@ volume: # Annotations to be added to the volume pods podAnnotations: {} + # Annotations to be added to the volume resources + annotations: {} + ## Set podManagementPolicy podManagementPolicy: Parallel @@ -394,9 +456,14 @@ volume: matchLabels: app.kubernetes.io/name: {{ template "seaweedfs.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: volume + app.kubernetes.io/component: {{ $volumeName }} topologyKey: kubernetes.io/hostname + # Topology Spread Constraints Settings + # This should map directly to the value of the topologySpreadConstraints + # for a PodSpec. By Default no constraints are set. + topologySpreadConstraints: "" + # Resource requests, limits, etc. for the server cluster placement. This # should map directly to the value of the resources field for a PodSpec, # formatted as a multi-line string. By default no direct resource request @@ -450,7 +517,7 @@ volume: livenessProbe: enabled: true httpGet: - path: /status + path: /healthz scheme: HTTP initialDelaySeconds: 20 periodSeconds: 90 @@ -463,7 +530,7 @@ volume: readinessProbe: enabled: true httpGet: - path: /status + path: /healthz scheme: HTTP initialDelaySeconds: 15 periodSeconds: 15 @@ -471,6 +538,31 @@ volume: failureThreshold: 100 timeoutSeconds: 30 +# Map of named volume groups for topology-aware deployments. +# Each key inherits all fields from the `volume` section but can override +# them locally—for example, replicas, nodeSelector, dataCenter, etc. +# To switch entirely to this scheme, set `volume.enabled: false` +# and define one entry per zone/data-center under `volumes`. +# +# volumes: +# dc1: +# replicas: 2 +# dataCenter: "dc1" +# nodeSelector: | +# topology.kubernetes.io/zone: dc1 +# dc2: +# replicas: 2 +# dataCenter: "dc2" +# nodeSelector: | +# topology.kubernetes.io/zone: dc2 +# dc3: +# replicas: 2 +# dataCenter: "dc3" +# nodeSelector: | +# topology.kubernetes.io/zone: dc3 +# +volumes: {} + filer: enabled: true imageOverride: null @@ -479,8 +571,14 @@ filer: port: 8888 grpcPort: 18888 metricsPort: 9327 + metricsIp: "" # Metrics listen IP. If empty, defaults to ipBind + ipBind: "0.0.0.0" # IP address to bind to. Set to 0.0.0.0 to allow external traffic loggingOverrideLevel: null filerGroup: "" + # prefer to read and write to volumes in this data center (not set by default) + dataCenter: null + # prefer to write to volumes in this rack (not set by default) + rack: null # replication type is XYZ: # X number of replica in other data centers # Y number of replica in other racks in the same data center @@ -502,6 +600,26 @@ filer: # Disable http request, only gRpc operations are allowed disableHttp: false + # Custom command line arguments to add to the filer command + # Example to fix IPv6 metrics connectivity issues: + # extraArgs: ["-metricsIp", "0.0.0.0"] + # Example with multiple args: + # extraArgs: ["-customFlag", "value", "-anotherFlag"] + extraArgs: [] + + # Add a custom notification.toml to configure filer notifications + # Example: + # notificationConfig: |- + # [notification.kafka] + # enabled = false + # hosts = [ + # "localhost:9092" + # ] + # topic = "seaweedfs_filer" + # offsetFile = "./last.offset" + # offsetSaveIntervalSeconds = 10 + notificationConfig: "" + # DEPRECATE: enablePVC, storage, storageClass # Consider replacing with filer.data section below instead. @@ -535,6 +653,15 @@ filer: storageClass: "" hostPathPrefix: /storage + # You may use ANY storage-class, example with local-path-provisioner + # Annotations are optional. + # logs: + # type: "persistentVolumeClaim" + # size: "24Ti" + # storageClass: "local-path-provisioner" + # annotations: + # "key": "value" + # You can also use emptyDir storage: # logs: # type: "emptyDir" @@ -566,6 +693,9 @@ filer: # Annotations to be added to the filer pods podAnnotations: {} + # Annotations to be added to the filer resource + annotations: {} + ## Set podManagementPolicy podManagementPolicy: Parallel @@ -582,6 +712,11 @@ filer: app.kubernetes.io/component: filer topologyKey: kubernetes.io/hostname + # Topology Spread Constraints Settings + # This should map directly to the value of the topologySpreadConstraints + # for a PodSpec. By Default no constraints are set. + topologySpreadConstraints: "" + # updatePartition is used to control a careful rolling update of SeaweedFS # masters. updatePartition: 0 @@ -655,7 +790,7 @@ filer: sub_filter '/seaweedfsstatic' './seaweedfsstatic'; sub_filter_once off; - # extraEnvVars is a list of extra enviroment variables to set with the stateful set. + # extraEnvVars is a list of extra environment variables to set with the stateful set. extraEnvironmentVars: WEED_MYSQL_ENABLED: "false" WEED_MYSQL_HOSTNAME: "mysql-db-host" @@ -780,6 +915,9 @@ s3: # Annotations to be added to the s3 pods podAnnotations: {} + # Annotations to be added to the s3 resources + annotations: {} + # Resource requests, limits, etc. for the server cluster placement. This # should map directly to the value of the resources field for a PodSpec, # formatted as a multi-line string. By default no direct resource request @@ -872,6 +1010,215 @@ s3: annotations: {} tls: [] +sftp: + enabled: false + imageOverride: null + restartPolicy: null + replicas: 1 + bindAddress: 0.0.0.0 + port: 2022 # Default SFTP port + metricsPort: 9327 + metricsIp: "" # If empty, defaults to bindAddress + loggingOverrideLevel: null + + # SSH server configuration + sshPrivateKey: "/etc/sw/seaweedfs_sftp_ssh_private_key" # Path to the SSH private key file for host authentication + hostKeysFolder: "/etc/sw/ssh" # path to folder containing SSH private key files for host authentication + authMethods: "password,publickey" # Comma-separated list of allowed auth methods: password, publickey, keyboard-interactive + maxAuthTries: 6 # Maximum number of authentication attempts per connection + bannerMessage: "SeaweedFS SFTP Server" # Message displayed before authentication + loginGraceTime: "2m" # Timeout for authentication + clientAliveInterval: "5s" # Interval for sending keep-alive messages + clientAliveCountMax: 3 # Maximum number of missed keep-alive messages before disconnecting + dataCenter: "" # Prefer to read and write to volumes in this data center + localSocket: "" # Default to /tmp/seaweedfs-sftp-.sock + + # User authentication + enableAuth: false + # Set to the name of an existing kubernetes Secret with the sftp json config file + # Should have a secret key called seaweedfs_sftp_config with an inline json config + existingConfigSecret: null + # Set to the name of an existing kubernetes Secret with the list of ssh private keys for sftp + existingSshConfigSecret: null + + # Additional resources + sidecars: [] + initContainers: "" + extraVolumes: "" + extraVolumeMounts: "" + podLabels: {} + podAnnotations: {} + annotations: {} + resources: {} + tolerations: "" + nodeSelector: | + kubernetes.io/arch: amd64 + priorityClassName: "" + serviceAccountName: "" + podSecurityContext: {} + containerSecurityContext: {} + + logs: + type: "hostPath" + hostPathPrefix: /storage + + extraEnvironmentVars: {} + + # Health checks + # Health checks for SFTP - using tcpSocket instead of httpGet + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 60 + successThreshold: 1 + failureThreshold: 20 + timeoutSeconds: 10 + + # Health checks for SFTP - using tcpSocket instead of httpGet + readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 100 + timeoutSeconds: 10 + +# All-in-one deployment configuration +allInOne: + enabled: false + imageOverride: null + restartPolicy: Always + replicas: 1 + + # Core configuration + idleTimeout: 30 # Connection idle seconds + dataCenter: "" # Current volume server's data center name + rack: "" # Current volume server's rack name + whiteList: "" # Comma separated IP addresses having write permission + disableHttp: false # Disable HTTP requests, only gRPC operations are allowed + metricsPort: 9324 # Prometheus metrics listen port + metricsIp: "" # Metrics listen IP. If empty, defaults to bindAddress + loggingOverrideLevel: null # Override logging level + + # Service configuration + s3: + enabled: false # Whether to enable S3 gateway + sftp: + enabled: false # Whether to enable SFTP server + + # Service settings + service: + annotations: {} # Annotations for the service + type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer) + + # Storage configuration + data: + type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir" + hostPathPrefix: /mnt/data # Path prefix for hostPath volumes + claimName: seaweedfs-data-pvc # Name of the PVC to use + size: "" # Size of the PVC + storageClass: "" # Storage class for the PVC + + # Health checks + readinessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 10 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 3 + timeoutSeconds: 5 + + livenessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 20 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + timeoutSeconds: 5 + + # Additional resources + extraEnvironmentVars: {} # Additional environment variables + extraVolumeMounts: "" # Additional volume mounts + extraVolumes: "" # Additional volumes + initContainers: "" # Init containers + sidecars: "" # Sidecar containers + annotations: {} # Annotations for the deployment + podAnnotations: {} # Annotations for the pods + podLabels: {} # Labels for the pods + + # Scheduling configuration + # Affinity Settings + # Commenting out or setting as empty the affinity variable, will allow + # deployment to single node services such as Minikube + affinity: | + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master + topologyKey: kubernetes.io/hostname + + # Topology Spread Constraints Settings + # This should map directly to the value of the topologySpreadConstraints + # for a PodSpec. By Default no constraints are set. + topologySpreadConstraints: "" + + # Toleration Settings for master pods + # This should be a multi-line string matching the Toleration array + # in a PodSpec. + tolerations: "" + + # nodeSelector labels for master pod assignment, formatted as a muli-line string. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: | + kubernetes.io/arch: amd64 + + # Used to assign priority to master pods + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + priorityClassName: "" + + # Used to assign a service account. + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + serviceAccountName: "" + + # Configure security context for Pod + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Example: + # podSecurityContext: + # enabled: true + # runAsUser: 1000 + # runAsGroup: 3000 + # fsGroup: 2000 + podSecurityContext: {} + + # Configure security context for Container + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Example: + # containerSecurityContext: + # enabled: true + # runAsUser: 2000 + # allowPrivilegeEscalation: false + containerSecurityContext: {} + + # Resource management + resources: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi" + # Deploy Kubernetes COSI Driver for SeaweedFS # Requires COSI CRDs and controller to be installed in the cluster # For more information, visit: https://container-object-storage-interface.github.io/docs/deployment-guide @@ -885,6 +1232,11 @@ cosi: sidecar: image: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar/objectstorage-sidecar:v20230130-v0.1.0-24-gc0cf995 + # Resource requests, limits, etc. for the server cluster placement. This + # should map directly to the value of the resources field for a PodSpec, + # formatted as a multi-line string. By default no direct resource request + # is made. + resources: {} # enable user & permission to s3 (need to inject to all services) enableAuth: false @@ -898,6 +1250,12 @@ cosi: extraVolumes: "" extraVolumeMounts: "" + # Resource requests, limits, etc. for the server cluster placement. This + # should map directly to the value of the resources field for a PodSpec, + # formatted as a multi-line string. By default no direct resource request + # is made. + resources: {} + certificates: commonName: "SeaweedFS CA" ipAddresses: []