diff options
Diffstat (limited to 'k8s')
| -rw-r--r-- | k8s/charts/seaweedfs/Chart.yaml | 2 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/_helpers.tpl | 32 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/s3-secret.yaml | 12 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/sftp-deployment.yaml | 292 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/sftp-secret.yaml | 33 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/sftp-service.yaml | 39 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml | 33 | ||||
| -rw-r--r-- | k8s/charts/seaweedfs/values.yaml | 76 |
8 files changed, 511 insertions, 8 deletions
diff --git a/k8s/charts/seaweedfs/Chart.yaml b/k8s/charts/seaweedfs/Chart.yaml index 4168b6f24..05887d922 100644 --- a/k8s/charts/seaweedfs/Chart.yaml +++ b/k8s/charts/seaweedfs/Chart.yaml @@ -3,4 +3,4 @@ description: SeaweedFS name: seaweedfs appVersion: "3.87" # Dev note: Trigger a helm chart release by `git tag -a helm-<version>` -version: 4.0.387 +version: 4.0.388 diff --git a/k8s/charts/seaweedfs/templates/_helpers.tpl b/k8s/charts/seaweedfs/templates/_helpers.tpl index 4f4b27157..9b9e44240 100644 --- a/k8s/charts/seaweedfs/templates/_helpers.tpl +++ b/k8s/charts/seaweedfs/templates/_helpers.tpl @@ -73,6 +73,16 @@ Inject extra environment vars in the format key:value, if populated {{- end -}} {{- end -}} +{{/* Return the proper sftp image */}} +{{- define "sftp.image" -}} +{{- if .Values.sftp.imageOverride -}} +{{- $imageOverride := .Values.sftp.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + {{/* Return the proper volume image */}} {{- define "volume.image" -}} {{- if .Values.volume.imageOverride -}} @@ -88,7 +98,7 @@ Inject extra environment vars in the format key:value, if populated {{- $registryName := default .Values.image.registry .Values.global.registry | toString -}} {{- $repositoryName := .Values.image.repository | toString -}} {{- $name := .Values.global.imageName | toString -}} -{{- $tag := .Chart.AppVersion | toString -}} +{{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}} {{- if $registryName -}} {{- printf "%s/%s%s:%s" $registryName $repositoryName $name $tag -}} {{- else -}} @@ -168,3 +178,23 @@ Usage: {{- $value }} {{- end }} {{- end -}} + + +{{/* +getOrGeneratePassword will check if a password exists in a secret and return it, +or generate a new random password if it doesn't exist. +*/}} +{{- define "getOrGeneratePassword" -}} +{{- $params := . -}} +{{- $namespace := $params.namespace -}} +{{- $secretName := $params.secretName -}} +{{- $key := $params.key -}} +{{- $length := default 16 $params.length -}} + +{{- $existingSecret := lookup "v1" "Secret" $namespace $secretName -}} +{{- if and $existingSecret (index $existingSecret.data $key) -}} + {{- index $existingSecret.data $key | b64dec -}} +{{- else -}} + {{- randAlphaNum $length -}} +{{- end -}} +{{- end -}}
\ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/s3-secret.yaml b/k8s/charts/seaweedfs/templates/s3-secret.yaml index 969b31f52..1dd11ab87 100644 --- a/k8s/charts/seaweedfs/templates/s3-secret.yaml +++ b/k8s/charts/seaweedfs/templates/s3-secret.yaml @@ -1,8 +1,8 @@ {{- if or (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) (and .Values.s3.enabled .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) }} -{{- $access_key_admin := randAlphaNum 16 -}} -{{- $secret_key_admin := randAlphaNum 32 -}} -{{- $access_key_read := randAlphaNum 16 -}} -{{- $secret_key_read := randAlphaNum 32 -}} +{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_access_key_id" "length" 20) -}} +{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_secret_access_key" "length" 40) -}} +{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_access_key_id" "length" 20) -}} +{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_secret_access_key" "length" 40) -}} apiVersion: v1 kind: Secret type: Opaque @@ -11,7 +11,7 @@ metadata: namespace: {{ .Release.Namespace }} annotations: "helm.sh/resource-policy": keep - "helm.sh/hook": "pre-install" + "helm.sh/hook": "pre-install,pre-upgrade" labels: app.kubernetes.io/name: {{ template "seaweedfs.name" . }} helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} @@ -32,4 +32,4 @@ stringData: s3_auditLogConfig.json: | {{ toJson .Values.s3.auditLogConfig | nindent 4 }} {{- end }} -{{- end }} +{{- end }}
\ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-deployment.yaml b/k8s/charts/seaweedfs/templates/sftp-deployment.yaml new file mode 100644 index 000000000..fe7f4f7e3 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp-deployment.yaml @@ -0,0 +1,292 @@ +{{- if .Values.sftp.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + replicas: {{ .Values.sftp.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + {{ with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sftp.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sftp.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.sftp.restartPolicy }} + {{- if .Values.sftp.tolerations }} + tolerations: + {{ tpl .Values.sftp.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 10 + {{- if .Values.sftp.priorityClassName }} + priorityClassName: {{ .Values.sftp.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if .Values.sftp.serviceAccountName }} + serviceAccountName: {{ .Values.sftp.serviceAccountName | quote }} + {{- end }} + {{- if .Values.sftp.initContainers }} + initContainers: + {{ tpl .Values.sftp.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.podSecurityContext.enabled }} + securityContext: {{- omit .Values.sftp.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "sftp.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.sftp.extraEnvironmentVars }} + {{- range $key, $value := .Values.sftp.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if .Values.sftp.loggingOverrideLevel }} + -v={{ .Values.sftp.loggingOverrideLevel }} \ + {{- else }} + -v={{ .Values.global.loggingLevel }} \ + {{- end }} + sftp \ + -ip.bind={{ .Values.sftp.bindAddress }} \ + -port={{ .Values.sftp.port }} \ + {{- if .Values.sftp.metricsPort }} + -metricsPort={{ .Values.sftp.metricsPort }} \ + {{- end }} + {{- if .Values.sftp.metricsIp }} + -metricsIp={{ .Values.sftp.metricsIp }} \ + {{- end }} + {{- if .Values.sftp.sshPrivateKey }} + -sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ + {{- end }} + {{- if .Values.sftp.hostKeysFolder }} + -hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ + {{- end }} + {{- if .Values.sftp.authMethods }} + -authMethods={{ .Values.sftp.authMethods }} \ + {{- end }} + {{- if .Values.sftp.maxAuthTries }} + -maxAuthTries={{ .Values.sftp.maxAuthTries }} \ + {{- end }} + {{- if .Values.sftp.bannerMessage }} + -bannerMessage="{{ .Values.sftp.bannerMessage }}" \ + {{- end }} + {{- if .Values.sftp.loginGraceTime }} + -loginGraceTime={{ .Values.sftp.loginGraceTime }} \ + {{- end }} + {{- if .Values.sftp.clientAliveInterval }} + -clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ + {{- end }} + {{- if .Values.sftp.clientAliveCountMax }} + -clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ + {{- end }} + {{- if .Values.sftp.dataCenter }} + -dataCenter={{ .Values.sftp.dataCenter }} \ + {{- end }} + {{- if .Values.sftp.localSocket }} + -localSocket={{ .Values.sftp.localSocket }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + -cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + -userStoreFile=/etc/sw/seaweedfs_sftp_config \ + -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} + volumeMounts: + {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} + - name: logs + mountPath: "/logs/" + {{- end }} + {{- if .Values.sftp.enableAuth }} + - mountPath: /etc/sw + name: config-users + readOnly: true + {{- end }} + - mountPath: /etc/sw/ssh + name: config-ssh + readOnly: true + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.sftp.extraVolumeMounts . | nindent 12 | trim }} + ports: + - containerPort: {{ .Values.sftp.port }} + name: swfs-sftp + {{- if .Values.sftp.metricsPort }} + - containerPort: {{ .Values.sftp.metricsPort }} + name: metrics + {{- end }} + {{- if .Values.sftp.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: {{ .Values.sftp.port }} + initialDelaySeconds: {{ .Values.sftp.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sftp.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.sftp.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.sftp.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.sftp.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.sftp.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.sftp.port }} + initialDelaySeconds: {{ .Values.sftp.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sftp.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.sftp.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.sftp.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.sftp.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.sftp.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.sftp.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.sftp.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.sftp.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sftp.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.sftp.enableAuth }} + - name: config-users + secret: + defaultMode: 420 + {{- if .Values.sftp.existingConfigSecret }} + secretName: {{ .Values.sftp.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-sftp-secret + {{- end }} + {{- end }} + - name: config-ssh + secret: + defaultMode: 420 + {{- if .Values.sftp.existingSshConfigSecret }} + secretName: {{ .Values.sftp.existingSshConfigSecret }} + {{- else }} + secretName: seaweedfs-sftp-ssh-secret + {{- end }} + {{- if eq .Values.sftp.logs.type "hostPath" }} + - name: logs + hostPath: + path: {{ .Values.sftp.logs.hostPathPrefix }}/logs/seaweedfs/sftp + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.sftp.logs.type "emptyDir" }} + - name: logs + emptyDir: {} + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.sftp.extraVolumes . | indent 8 | trim }} + {{- if .Values.sftp.nodeSelector }} + nodeSelector: + {{ tpl .Values.sftp.nodeSelector . | indent 8 | trim }} + {{- end }} +{{- end }}
\ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-secret.yaml b/k8s/charts/seaweedfs/templates/sftp-secret.yaml new file mode 100644 index 000000000..7dd28626d --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp-secret.yaml @@ -0,0 +1,33 @@ +{{- if .Values.sftp.enabled }} +{{- $admin_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "admin_password" 20) -}} +{{- $read_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "readonly_password" 20) -}} +{{- $public_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "public_user_password" 20) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: seaweedfs-sftp-secret + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": "pre-install,pre-upgrade" + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp +stringData: + admin_password: {{ $admin_pwd }} + readonly_password: {{ $read_user_pwd }} + public_user_password: {{ $public_user_pwd }} + seaweedfs_sftp_config: '[{"Username":"admin","Password":"{{ $admin_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","write","list"]},"Uid":0,"Gid":0},{"Username":"readonly_user","Password":"{{ $read_user_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","list"]},"Uid":1112,"Gid":1112},{"Username":"public_user","Password":"{{ $public_user_pwd }}","PublicKeys":[],"HomeDir":"/public","Permissions":{"/public":["write","read","list"]},"Uid":1113,"Gid":1113}]' + seaweedfs_sftp_ssh_private_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8OwAAAJDjxkmk48ZJ + pAAAAAtzc2gtZWQyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8Ow + AAAEAeVy/4+gf6rjj2jla/AHqJpC1LcS5hn04IUs4q+iVq/MfgxzBwOmG15dW6WW7qrt6m + EQ3U3rTP7DSpnDRRVbw7AAAADHNla291ckAwMDY2NwE= + -----END OPENSSH PRIVATE KEY----- +{{- end }}
\ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-service.yaml b/k8s/charts/seaweedfs/templates/sftp-service.yaml new file mode 100644 index 000000000..979153c76 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp-service.yaml @@ -0,0 +1,39 @@ +{{- if .Values.sftp.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + type: {{ .Values.sftp.service.type | default "ClusterIP" }} + internalTrafficPolicy: {{ .Values.sftp.internalTrafficPolicy | default "Cluster" }} + ports: + - name: "swfs-sftp" + port: {{ .Values.sftp.port }} + targetPort: {{ .Values.sftp.port }} + protocol: TCP + {{- if and (eq (.Values.sftp.service.type | default "ClusterIP") "NodePort") .Values.sftp.service.nodePort }} + nodePort: {{ .Values.sftp.service.nodePort }} + {{- end }} +{{- if .Values.sftp.metricsPort }} + - name: "metrics" + port: {{ .Values.sftp.metricsPort }} + targetPort: {{ .Values.sftp.metricsPort }} + protocol: TCP + {{- if and (eq (.Values.sftp.service.type | default "ClusterIP") "NodePort") .Values.sftp.service.metricsNodePort }} + nodePort: {{ .Values.sftp.service.metricsNodePort }} + {{- end }} +{{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp +{{- end }}
\ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml new file mode 100644 index 000000000..4c7188866 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.sftp.enabled }} +{{- if .Values.sftp.metricsPort }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/values.yaml b/k8s/charts/seaweedfs/values.yaml index f2ed59b8b..ddbf69123 100644 --- a/k8s/charts/seaweedfs/values.yaml +++ b/k8s/charts/seaweedfs/values.yaml @@ -46,6 +46,7 @@ global: image: registry: "" repository: "" + tag: "" master: enabled: true @@ -948,7 +949,82 @@ s3: # additional ingress annotations for the s3 endpoint annotations: {} tls: [] +sftp: + enabled: false + imageOverride: null + restartPolicy: null + replicas: 1 + bindAddress: 0.0.0.0 + port: 2022 # Default SFTP port + metricsPort: 9327 + metricsIp: "" # If empty, defaults to bindAddress + service: + type: ClusterIP # Can be ClusterIP, NodePort, LoadBalancer + nodePort: null # Optional: specific nodePort for SFTP + metricsNodePort: null # Optional: specific nodePort for metrics + loggingOverrideLevel: null + + # SSH server configuration + sshPrivateKey: "/etc/sw/seaweedfs_sftp_ssh_private_key" # Path to the SSH private key file for host authentication + hostKeysFolder: "/etc/sw/ssh" # path to folder containing SSH private key files for host authentication + authMethods: "password,publickey" # Comma-separated list of allowed auth methods: password, publickey, keyboard-interactive + maxAuthTries: 6 # Maximum number of authentication attempts per connection + bannerMessage: "SeaweedFS SFTP Server" # Message displayed before authentication + loginGraceTime: "2m" # Timeout for authentication + clientAliveInterval: "5s" # Interval for sending keep-alive messages + clientAliveCountMax: 3 # Maximum number of missed keep-alive messages before disconnecting + dataCenter: "" # Prefer to read and write to volumes in this data center + localSocket: "" # Default to /tmp/seaweedfs-sftp-<port>.sock + + # User authentication + enableAuth: false + # Set to the name of an existing kubernetes Secret with the sftp json config file + # Should have a secret key called seaweedfs_sftp_config with an inline json config + existingConfigSecret: null + # Set to the name of an existing kubernetes Secret with the list of ssh private keys for sftp + existingSshConfigSecret: null + + # Additional resources + sidecars: [] + initContainers: "" + extraVolumes: "" + extraVolumeMounts: "" + podLabels: {} + podAnnotations: {} + annotations: {} + resources: {} + tolerations: "" + nodeSelector: | + kubernetes.io/arch: amd64 + priorityClassName: "" + serviceAccountName: "" + podSecurityContext: {} + containerSecurityContext: {} + + logs: + type: "hostPath" + hostPathPrefix: /storage + + extraEnvironmentVars: {} + # Health checks + # Health checks for SFTP - using tcpSocket instead of httpGet + livenessProbe: + enabled: true + initialDelaySeconds: 20 + periodSeconds: 60 + successThreshold: 1 + failureThreshold: 20 + timeoutSeconds: 10 + + # Health checks for SFTP - using tcpSocket instead of httpGet + readinessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 100 + timeoutSeconds: 10 # Deploy Kubernetes COSI Driver for SeaweedFS # Requires COSI CRDs and controller to be installed in the cluster # For more information, visit: https://container-object-storage-interface.github.io/docs/deployment-guide |