chart with optional https port for s3 (#4507)

https://github.com/seaweedfs/seaweedfs/pull/4482

Co-authored-by: Konstantin Lebedev <9497591+kmlebedev@users.noreply.github.co>

5 files changed, 22 insertions, 0 deletions

diff --git a/k8s/charts/seaweedfs/templates/filer-service.yaml b/k8s/charts/seaweedfs/templates/filer-service.yaml
index 9a0fba8a4..ac44fa42b 100644
--- a/k8s/charts/seaweedfs/templates/filer-service.yaml
+++ b/k8s/charts/seaweedfs/templates/filer-service.yaml
@@ -25,6 +25,12 @@ spec:
     port: {{ .Values.filer.s3.port }}
     targetPort: {{ .Values.filer.s3.port }}
     protocol: TCP
+  {{- if .Values.filer.s3.httpsPort }}
+  - name: "swfs-s3-tls"
+    port: {{ .Values.filer.s3.httpsPort }}
+    targetPort: {{ .Values.filer.s3.httpsPort }}
+    protocol: TCP
+  {{- end }}
   {{- end }}
   {{- if .Values.filer.metricsPort }}
   - name: "metrics"
diff --git a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml b/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
index d472569cc..054ad1ccd 100644
--- a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/filer-statefulset.yaml
@@ -163,6 +163,9 @@ spec:
               -s3.domainName={{ .Values.filer.s3.domainName }} \
               {{- end }}
               {{- if .Values.global.enableSecurity }}
+              {{- if .Values.filer.s3.httpsPort }}
+              -s3.port.https={{ .Values.filer.s3.httpsPort }} \
+              {{- end }}
               -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \
               -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \
               {{- end }}
diff --git a/k8s/charts/seaweedfs/templates/s3-deployment.yaml b/k8s/charts/seaweedfs/templates/s3-deployment.yaml
index d4541a632..8565b6c81 100644
--- a/k8s/charts/seaweedfs/templates/s3-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/s3-deployment.yaml
@@ -90,6 +90,9 @@ spec:
               -metricsPort {{ .Values.s3.metricsPort }} \
               {{- end }}
               {{- if .Values.global.enableSecurity }}
+              {{- if .Values.s3.httpsPort }}
+              -port.https={{ .Values.s3.httpsPort }} \
+              {{- end }}
               -cert.file=/usr/local/share/ca-certificates/client/tls.crt \
               -key.file=/usr/local/share/ca-certificates/client/tls.key \
               {{- end }}
diff --git a/k8s/charts/seaweedfs/templates/s3-service.yaml b/k8s/charts/seaweedfs/templates/s3-service.yaml
index 122b33298..133ce3372 100644
--- a/k8s/charts/seaweedfs/templates/s3-service.yaml
+++ b/k8s/charts/seaweedfs/templates/s3-service.yaml
@@ -12,6 +12,12 @@ spec:
     port: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }}
     targetPort: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }}
     protocol: TCP
+{{- if and .Values.s3.enabled .Values.s3.httpsPort }}
+  - name: "swfs-s3-tls"
+    port: {{ .Values.s3.httpsPort }}
+    targetPort: {{ .Values.s3.httpsPort }}
+    protocol: TCP
+{{- end }}
 {{- if and .Values.s3.enabled .Values.s3.metricsPort }}
   - name: "metrics"
     port: {{ .Values.s3.metricsPort }}
diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml
index 05bdf4f69..3ed0f5d55 100644
--- a/k8s/charts/seaweedfs/values.yaml
+++ b/k8s/charts/seaweedfs/values.yaml
@@ -428,6 +428,8 @@ filer:
   s3:
     enabled: true
     port: 8333
+    # add additional https port
+    httpsPort: 0
     # allow empty folders
     allowEmptyFolder: false
     # Suffix of the host name, {bucket}.{domainName}
@@ -446,6 +448,8 @@ s3:
   replicas: 1
   bindAddress: 0.0.0.0
   port: 8333
+  # add additional https port
+  httpsPort: 0
   metricsPort: 9327
   loggingOverrideLevel: null
   # allow empty folders