From fae416586b17aa37ccff38bc954c46a3c1e1f29d Mon Sep 17 00:00:00 2001 From: Devin Lauderdale Date: Fri, 8 Aug 2025 12:36:01 -0500 Subject: Move helm templates into folders (#7113) * refactor: move helm templates into respective service folders * fix: update template path reference in filer-statefulset for s3-secret --- k8s/charts/seaweedfs/templates/_helpers.tpl | 221 ----------- .../seaweedfs/templates/all-in-one-deployment.yaml | 431 -------------------- k8s/charts/seaweedfs/templates/all-in-one-pvc.yaml | 21 - .../seaweedfs/templates/all-in-one-service.yml | 83 ---- .../templates/all-in-one-servicemonitor.yaml | 29 -- .../all-in-one/all-in-one-deployment.yaml | 431 ++++++++++++++++++++ .../templates/all-in-one/all-in-one-pvc.yaml | 21 + .../templates/all-in-one/all-in-one-service.yml | 83 ++++ .../all-in-one/all-in-one-servicemonitor.yaml | 29 ++ k8s/charts/seaweedfs/templates/ca-cert.yaml | 19 - k8s/charts/seaweedfs/templates/cert-caissuer.yaml | 15 - k8s/charts/seaweedfs/templates/cert-issuer.yaml | 13 - k8s/charts/seaweedfs/templates/cert/ca-cert.yaml | 19 + .../seaweedfs/templates/cert/cert-caissuer.yaml | 15 + .../seaweedfs/templates/cert/cert-issuer.yaml | 13 + .../seaweedfs/templates/cert/client-cert.yaml | 40 ++ .../seaweedfs/templates/cert/filer-cert.yaml | 45 +++ .../seaweedfs/templates/cert/master-cert.yaml | 45 +++ .../seaweedfs/templates/cert/volume-cert.yaml | 45 +++ k8s/charts/seaweedfs/templates/client-cert.yaml | 40 -- k8s/charts/seaweedfs/templates/cluster-role.yaml | 35 -- .../seaweedfs/templates/cosi-bucket-class.yaml | 16 - .../seaweedfs/templates/cosi-cluster-role.yaml | 69 ---- .../seaweedfs/templates/cosi-deployment.yaml | 217 ---------- .../seaweedfs/templates/cosi-service-account.yaml | 13 - .../templates/cosi/cosi-bucket-class.yaml | 16 + .../templates/cosi/cosi-cluster-role.yaml | 69 ++++ .../seaweedfs/templates/cosi/cosi-deployment.yaml | 217 ++++++++++ .../templates/cosi/cosi-service-account.yaml | 13 + k8s/charts/seaweedfs/templates/filer-cert.yaml | 45 --- k8s/charts/seaweedfs/templates/filer-ingress.yaml | 48 --- .../seaweedfs/templates/filer-service-client.yaml | 40 -- k8s/charts/seaweedfs/templates/filer-service.yaml | 52 --- .../seaweedfs/templates/filer-servicemonitor.yaml | 33 -- .../seaweedfs/templates/filer-statefulset.yaml | 442 --------------------- .../seaweedfs/templates/filer/filer-ingress.yaml | 48 +++ .../templates/filer/filer-service-client.yaml | 40 ++ .../seaweedfs/templates/filer/filer-service.yaml | 52 +++ .../templates/filer/filer-servicemonitor.yaml | 33 ++ .../templates/filer/filer-statefulset.yaml | 442 +++++++++++++++++++++ k8s/charts/seaweedfs/templates/master-cert.yaml | 45 --- .../seaweedfs/templates/master-configmap.yaml | 19 - k8s/charts/seaweedfs/templates/master-ingress.yaml | 48 --- k8s/charts/seaweedfs/templates/master-service.yaml | 38 -- .../seaweedfs/templates/master-servicemonitor.yaml | 33 -- .../seaweedfs/templates/master-statefulset.yaml | 358 ----------------- .../templates/master/master-configmap.yaml | 19 + .../seaweedfs/templates/master/master-ingress.yaml | 48 +++ .../seaweedfs/templates/master/master-service.yaml | 38 ++ .../templates/master/master-servicemonitor.yaml | 33 ++ .../templates/master/master-statefulset.yaml | 358 +++++++++++++++++ .../templates/notification-configmap.yaml | 19 - .../templates/post-install-bucket-hook.yaml | 122 ------ k8s/charts/seaweedfs/templates/s3-deployment.yaml | 279 ------------- k8s/charts/seaweedfs/templates/s3-ingress.yaml | 46 --- k8s/charts/seaweedfs/templates/s3-secret.yaml | 35 -- k8s/charts/seaweedfs/templates/s3-service.yaml | 38 -- .../seaweedfs/templates/s3-servicemonitor.yaml | 33 -- .../seaweedfs/templates/s3/s3-deployment.yaml | 279 +++++++++++++ k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml | 46 +++ k8s/charts/seaweedfs/templates/s3/s3-secret.yaml | 35 ++ k8s/charts/seaweedfs/templates/s3/s3-service.yaml | 38 ++ .../seaweedfs/templates/s3/s3-servicemonitor.yaml | 33 ++ .../templates/seaweedfs-grafana-dashboard.yaml | 19 - .../seaweedfs/templates/secret-seaweedfs-db.yaml | 21 - .../seaweedfs/templates/security-configmap.yaml | 82 ---- .../seaweedfs/templates/service-account.yaml | 11 - .../seaweedfs/templates/sftp-deployment.yaml | 301 -------------- k8s/charts/seaweedfs/templates/sftp-secret.yaml | 33 -- k8s/charts/seaweedfs/templates/sftp-service.yaml | 32 -- .../seaweedfs/templates/sftp-servicemonitor.yaml | 33 -- .../seaweedfs/templates/sftp/sftp-deployment.yaml | 301 ++++++++++++++ .../seaweedfs/templates/sftp/sftp-secret.yaml | 33 ++ .../seaweedfs/templates/sftp/sftp-service.yaml | 32 ++ .../templates/sftp/sftp-servicemonitor.yaml | 33 ++ k8s/charts/seaweedfs/templates/shared/_helpers.tpl | 221 +++++++++++ .../seaweedfs/templates/shared/cluster-role.yaml | 35 ++ .../templates/shared/notification-configmap.yaml | 19 + .../templates/shared/post-install-bucket-hook.yaml | 122 ++++++ .../shared/seaweedfs-grafana-dashboard.yaml | 19 + .../templates/shared/secret-seaweedfs-db.yaml | 21 + .../templates/shared/security-configmap.yaml | 82 ++++ .../templates/shared/service-account.yaml | 11 + k8s/charts/seaweedfs/templates/volume-cert.yaml | 45 --- .../seaweedfs/templates/volume-resize-hook.yaml | 117 ------ k8s/charts/seaweedfs/templates/volume-service.yaml | 44 -- .../seaweedfs/templates/volume-servicemonitor.yaml | 40 -- .../seaweedfs/templates/volume-statefulset.yaml | 417 ------------------- .../templates/volume/volume-resize-hook.yaml | 117 ++++++ .../seaweedfs/templates/volume/volume-service.yaml | 44 ++ .../templates/volume/volume-servicemonitor.yaml | 40 ++ .../templates/volume/volume-statefulset.yaml | 417 +++++++++++++++++++ 92 files changed, 4190 insertions(+), 4190 deletions(-) delete mode 100644 k8s/charts/seaweedfs/templates/_helpers.tpl delete mode 100644 k8s/charts/seaweedfs/templates/all-in-one-deployment.yaml delete mode 100644 k8s/charts/seaweedfs/templates/all-in-one-pvc.yaml delete mode 100644 k8s/charts/seaweedfs/templates/all-in-one-service.yml delete mode 100644 k8s/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml create mode 100644 k8s/charts/seaweedfs/templates/all-in-one/all-in-one-pvc.yaml create mode 100644 k8s/charts/seaweedfs/templates/all-in-one/all-in-one-service.yml create mode 100644 k8s/charts/seaweedfs/templates/all-in-one/all-in-one-servicemonitor.yaml delete mode 100644 k8s/charts/seaweedfs/templates/ca-cert.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cert-caissuer.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cert-issuer.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/ca-cert.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/cert-caissuer.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/cert-issuer.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/client-cert.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/filer-cert.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/master-cert.yaml create mode 100644 k8s/charts/seaweedfs/templates/cert/volume-cert.yaml delete mode 100644 k8s/charts/seaweedfs/templates/client-cert.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cluster-role.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cosi-bucket-class.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cosi-cluster-role.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cosi-deployment.yaml delete mode 100644 k8s/charts/seaweedfs/templates/cosi-service-account.yaml create mode 100644 k8s/charts/seaweedfs/templates/cosi/cosi-bucket-class.yaml create mode 100644 k8s/charts/seaweedfs/templates/cosi/cosi-cluster-role.yaml create mode 100644 k8s/charts/seaweedfs/templates/cosi/cosi-deployment.yaml create mode 100644 k8s/charts/seaweedfs/templates/cosi/cosi-service-account.yaml delete mode 100644 k8s/charts/seaweedfs/templates/filer-cert.yaml delete mode 100644 k8s/charts/seaweedfs/templates/filer-ingress.yaml delete mode 100644 k8s/charts/seaweedfs/templates/filer-service-client.yaml delete mode 100644 k8s/charts/seaweedfs/templates/filer-service.yaml delete mode 100644 k8s/charts/seaweedfs/templates/filer-servicemonitor.yaml delete mode 100644 k8s/charts/seaweedfs/templates/filer-statefulset.yaml create mode 100644 k8s/charts/seaweedfs/templates/filer/filer-ingress.yaml create mode 100644 k8s/charts/seaweedfs/templates/filer/filer-service-client.yaml create mode 100644 k8s/charts/seaweedfs/templates/filer/filer-service.yaml create mode 100644 k8s/charts/seaweedfs/templates/filer/filer-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml delete mode 100644 k8s/charts/seaweedfs/templates/master-cert.yaml delete mode 100644 k8s/charts/seaweedfs/templates/master-configmap.yaml delete mode 100644 k8s/charts/seaweedfs/templates/master-ingress.yaml delete mode 100644 k8s/charts/seaweedfs/templates/master-service.yaml delete mode 100644 k8s/charts/seaweedfs/templates/master-servicemonitor.yaml delete mode 100644 k8s/charts/seaweedfs/templates/master-statefulset.yaml create mode 100644 k8s/charts/seaweedfs/templates/master/master-configmap.yaml create mode 100644 k8s/charts/seaweedfs/templates/master/master-ingress.yaml create mode 100644 k8s/charts/seaweedfs/templates/master/master-service.yaml create mode 100644 k8s/charts/seaweedfs/templates/master/master-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/master/master-statefulset.yaml delete mode 100644 k8s/charts/seaweedfs/templates/notification-configmap.yaml delete mode 100644 k8s/charts/seaweedfs/templates/post-install-bucket-hook.yaml delete mode 100644 k8s/charts/seaweedfs/templates/s3-deployment.yaml delete mode 100644 k8s/charts/seaweedfs/templates/s3-ingress.yaml delete mode 100644 k8s/charts/seaweedfs/templates/s3-secret.yaml delete mode 100644 k8s/charts/seaweedfs/templates/s3-service.yaml delete mode 100644 k8s/charts/seaweedfs/templates/s3-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml create mode 100644 k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml create mode 100644 k8s/charts/seaweedfs/templates/s3/s3-secret.yaml create mode 100644 k8s/charts/seaweedfs/templates/s3/s3-service.yaml create mode 100644 k8s/charts/seaweedfs/templates/s3/s3-servicemonitor.yaml delete mode 100644 k8s/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml delete mode 100644 k8s/charts/seaweedfs/templates/secret-seaweedfs-db.yaml delete mode 100644 k8s/charts/seaweedfs/templates/security-configmap.yaml delete mode 100644 k8s/charts/seaweedfs/templates/service-account.yaml delete mode 100644 k8s/charts/seaweedfs/templates/sftp-deployment.yaml delete mode 100644 k8s/charts/seaweedfs/templates/sftp-secret.yaml delete mode 100644 k8s/charts/seaweedfs/templates/sftp-service.yaml delete mode 100644 k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/sftp/sftp-deployment.yaml create mode 100644 k8s/charts/seaweedfs/templates/sftp/sftp-secret.yaml create mode 100644 k8s/charts/seaweedfs/templates/sftp/sftp-service.yaml create mode 100644 k8s/charts/seaweedfs/templates/sftp/sftp-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/_helpers.tpl create mode 100644 k8s/charts/seaweedfs/templates/shared/cluster-role.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/notification-configmap.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/post-install-bucket-hook.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/seaweedfs-grafana-dashboard.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/secret-seaweedfs-db.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/security-configmap.yaml create mode 100644 k8s/charts/seaweedfs/templates/shared/service-account.yaml delete mode 100644 k8s/charts/seaweedfs/templates/volume-cert.yaml delete mode 100644 k8s/charts/seaweedfs/templates/volume-resize-hook.yaml delete mode 100644 k8s/charts/seaweedfs/templates/volume-service.yaml delete mode 100644 k8s/charts/seaweedfs/templates/volume-servicemonitor.yaml delete mode 100644 k8s/charts/seaweedfs/templates/volume-statefulset.yaml create mode 100644 k8s/charts/seaweedfs/templates/volume/volume-resize-hook.yaml create mode 100644 k8s/charts/seaweedfs/templates/volume/volume-service.yaml create mode 100644 k8s/charts/seaweedfs/templates/volume/volume-servicemonitor.yaml create mode 100644 k8s/charts/seaweedfs/templates/volume/volume-statefulset.yaml diff --git a/k8s/charts/seaweedfs/templates/_helpers.tpl b/k8s/charts/seaweedfs/templates/_helpers.tpl deleted file mode 100644 index b15b07fa0..000000000 --- a/k8s/charts/seaweedfs/templates/_helpers.tpl +++ /dev/null @@ -1,221 +0,0 @@ -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to -this (by the DNS naming spec). If release name contains chart name it will -be used as a full name. -*/}} -{{- define "seaweedfs.fullname" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "seaweedfs.chart" -}} -{{- printf "%s-helm" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Expand the name of the chart. -*/}} -{{- define "seaweedfs.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Inject extra environment vars in the format key:value, if populated -*/}} -{{- define "seaweedfs.extraEnvironmentVars" -}} -{{- if .extraEnvironmentVars -}} -{{- range $key, $value := .extraEnvironmentVars }} -- name: {{ $key }} - value: {{ $value | quote }} -{{- end -}} -{{- end -}} -{{- end -}} - -{{/* Return the proper filer image */}} -{{- define "filer.image" -}} -{{- if .Values.filer.imageOverride -}} -{{- $imageOverride := .Values.filer.imageOverride -}} -{{- printf "%s" $imageOverride -}} -{{- else -}} -{{- include "common.image" . }} -{{- end -}} -{{- end -}} - -{{/* Return the proper master image */}} -{{- define "master.image" -}} -{{- if .Values.master.imageOverride -}} -{{- $imageOverride := .Values.master.imageOverride -}} -{{- printf "%s" $imageOverride -}} -{{- else -}} -{{- include "common.image" . }} -{{- end -}} -{{- end -}} - -{{/* Return the proper s3 image */}} -{{- define "s3.image" -}} -{{- if .Values.s3.imageOverride -}} -{{- $imageOverride := .Values.s3.imageOverride -}} -{{- printf "%s" $imageOverride -}} -{{- else -}} -{{- include "common.image" . }} -{{- end -}} -{{- end -}} - -{{/* Return the proper sftp image */}} -{{- define "sftp.image" -}} -{{- if .Values.sftp.imageOverride -}} -{{- $imageOverride := .Values.sftp.imageOverride -}} -{{- printf "%s" $imageOverride -}} -{{- else -}} -{{- include "common.image" . }} -{{- end -}} -{{- end -}} - -{{/* Return the proper volume image */}} -{{- define "volume.image" -}} -{{- if .Values.volume.imageOverride -}} -{{- $imageOverride := .Values.volume.imageOverride -}} -{{- printf "%s" $imageOverride -}} -{{- else -}} -{{- include "common.image" . }} -{{- end -}} -{{- end -}} - -{{/* Computes the container image name for all components (if they are not overridden) */}} -{{- define "common.image" -}} -{{- $registryName := default .Values.image.registry .Values.global.registry | toString -}} -{{- $repositoryName := .Values.image.repository | toString -}} -{{- $name := .Values.global.imageName | toString -}} -{{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}} -{{- if $registryName -}} -{{- printf "%s/%s%s:%s" $registryName $repositoryName $name $tag -}} -{{- else -}} -{{- printf "%s%s:%s" $repositoryName $name $tag -}} -{{- end -}} -{{- end -}} - -{{/* check if any Volume PVC exists */}} -{{- define "volume.pvc_exists" -}} -{{- if or (or (eq .Values.volume.data.type "persistentVolumeClaim") (and (eq .Values.volume.idx.type "persistentVolumeClaim") .Values.volume.dir_idx )) (eq .Values.volume.logs.type "persistentVolumeClaim") -}} -{{- printf "true" -}} -{{- else -}} -{{- printf "" -}} -{{- end -}} -{{- end -}} - -{{/* check if any Filer PVC exists */}} -{{- define "filer.pvc_exists" -}} -{{- if or (eq .Values.filer.data.type "persistentVolumeClaim") (eq .Values.filer.logs.type "persistentVolumeClaim") -}} -{{- printf "true" -}} -{{- else -}} -{{- printf "" -}} -{{- end -}} -{{- end -}} - -{{/* check if any Master PVC exists */}} -{{- define "master.pvc_exists" -}} -{{- if or (eq .Values.master.data.type "persistentVolumeClaim") (eq .Values.master.logs.type "persistentVolumeClaim") -}} -{{- printf "true" -}} -{{- else -}} -{{- printf "" -}} -{{- end -}} -{{- end -}} - -{{/* check if any InitContainers exist for Volumes */}} -{{- define "volume.initContainers_exists" -}} -{{- if or (not (empty .Values.volume.idx )) (not (empty .Values.volume.initContainers )) -}} -{{- printf "true" -}} -{{- else -}} -{{- printf "" -}} -{{- end -}} -{{- end -}} - -{{/* Return the proper imagePullSecrets */}} -{{- define "seaweedfs.imagePullSecrets" -}} -{{- with .Values.global.imagePullSecrets }} -imagePullSecrets: -{{- if kindIs "string" . }} - - name: {{ . }} -{{- else }} -{{- range . }} - {{- if kindIs "string" . }} - - name: {{ . }} - {{- else }} - - {{ toYaml . }} - {{- end}} -{{- end }} -{{- end }} -{{- end }} -{{- end -}} - -{{/* -Renders a value that contains template perhaps with scope if the scope is present. -Usage: -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} -{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} -*/}} -{{- define "common.tplvalues.render" -}} -{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} -{{- if contains "{{" (toJson .value) }} - {{- if .scope }} - {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} - {{- else }} - {{- tpl $value .context }} - {{- end }} -{{- else }} - {{- $value }} -{{- end }} -{{- end -}} - -{{/* -Converts a Kubernetes quantity like "256Mi" or "2G" to a float64 in base units, -handling both binary (Ki, Mi, Gi) and decimal (m, k, M) suffixes; numeric inputs -Usage: -{{ include "common.resource-quantity" "10Gi" }} -*/}} -{{- define "common.resource-quantity" -}} - {{- $value := . -}} - {{- $unit := 1.0 -}} - {{- if typeIs "string" . -}} - {{- $base2 := dict "Ki" 0x1p10 "Mi" 0x1p20 "Gi" 0x1p30 "Ti" 0x1p40 "Pi" 0x1p50 "Ei" 0x1p60 -}} - {{- $base10 := dict "m" 1e-3 "k" 1e3 "M" 1e6 "G" 1e9 "T" 1e12 "P" 1e15 "E" 1e18 -}} - {{- range $k, $v := merge $base2 $base10 -}} - {{- if hasSuffix $k $ -}} - {{- $value = trimSuffix $k $ -}} - {{- $unit = $v -}} - {{- end -}} - {{- end -}} - {{- end -}} - {{- mulf (float64 $value) $unit -}} -{{- end -}} - -{{/* -getOrGeneratePassword will check if a password exists in a secret and return it, -or generate a new random password if it doesn't exist. -*/}} -{{- define "getOrGeneratePassword" -}} -{{- $params := . -}} -{{- $namespace := $params.namespace -}} -{{- $secretName := $params.secretName -}} -{{- $key := $params.key -}} -{{- $length := default 16 $params.length -}} - -{{- $existingSecret := lookup "v1" "Secret" $namespace $secretName -}} -{{- if and $existingSecret (index $existingSecret.data $key) -}} - {{- index $existingSecret.data $key | b64dec -}} -{{- else -}} - {{- randAlphaNum $length -}} -{{- end -}} -{{- end -}} diff --git a/k8s/charts/seaweedfs/templates/all-in-one-deployment.yaml b/k8s/charts/seaweedfs/templates/all-in-one-deployment.yaml deleted file mode 100644 index 86bb45a8e..000000000 --- a/k8s/charts/seaweedfs/templates/all-in-one-deployment.yaml +++ /dev/null @@ -1,431 +0,0 @@ -{{- if .Values.allInOne.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "seaweedfs.name" . }}-all-in-one - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: seaweedfs-all-in-one - {{- if .Values.allInOne.annotations }} - annotations: - {{- toYaml .Values.allInOne.annotations | nindent 4 }} - {{- end }} -spec: - replicas: 1 - strategy: - type: Recreate - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: seaweedfs-all-in-one - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: seaweedfs-all-in-one - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.allInOne.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.allInOne.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: {{ default .Values.global.restartPolicy .Values.allInOne.restartPolicy }} - {{- if .Values.allInOne.affinity }} - affinity: - {{ tpl .Values.allInOne.affinity . | nindent 8 | trim }} - {{- end }} - {{- if .Values.allInOne.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl .Values.allInOne.topologySpreadConstraints . | nindent 8 | trim }} - {{- end }} - {{- if .Values.allInOne.tolerations }} - tolerations: - {{- tpl .Values.allInOne.tolerations . | nindent 8 }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} - terminationGracePeriodSeconds: 60 - enableServiceLinks: false - {{- if .Values.allInOne.priorityClassName }} - priorityClassName: {{ .Values.allInOne.priorityClassName | quote }} - {{- end }} - {{- if .Values.allInOne.serviceAccountName }} - serviceAccountName: {{ .Values.allInOne.serviceAccountName | quote }} - {{- end }} - {{- if .Values.allInOne.initContainers }} - initContainers: - {{- tpl .Values.allInOne.initContainers . | nindent 8 }} - {{- end }} - {{- if .Values.allInOne.podSecurityContext.enabled }} - securityContext: - {{- omit .Values.allInOne.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs - image: {{ template "master.image" . }} - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - {{- if .Values.allInOne.extraEnvironmentVars }} - {{- range $key, $value := .Values.allInOne.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 }} - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 }} - {{- end }} - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-ec" - - | - /usr/bin/weed \ - -v={{ .Values.global.loggingLevel }} \ - server \ - -dir=/data \ - -master \ - -volume \ - -ip=${POD_IP} \ - -ip.bind=0.0.0.0 \ - {{- if .Values.allInOne.idleTimeout }} - -idleTimeout={{ .Values.allInOne.idleTimeout }} \ - {{- end }} - {{- if .Values.allInOne.dataCenter }} - -dataCenter={{ .Values.allInOne.dataCenter }} \ - {{- end }} - {{- if .Values.allInOne.rack }} - -rack={{ .Values.allInOne.rack }} \ - {{- end }} - {{- if .Values.allInOne.whiteList }} - -whiteList={{ .Values.allInOne.whiteList }} \ - {{- end }} - {{- if .Values.allInOne.disableHttp }} - -disableHttp={{ .Values.allInOne.disableHttp }} \ - {{- end }} - {{- if and (.Values.volume.dataDirs) (index .Values.volume.dataDirs 0 "maxVolumes") }} - -volume.max={{ index .Values.volume.dataDirs 0 "maxVolumes" }} \ - {{- end }} - -master.port={{ .Values.master.port }} \ - {{- if .Values.global.enableReplication }} - -master.defaultReplication={{ .Values.global.replicationPlacement }} \ - {{- else }} - -master.defaultReplication={{ .Values.master.defaultReplication }} \ - {{- end }} - {{- if .Values.master.volumePreallocate }} - -master.volumePreallocate \ - {{- end }} - -master.volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ - {{- if .Values.master.garbageThreshold }} - -master.garbageThreshold={{ .Values.master.garbageThreshold }} \ - {{- end }} - -volume.port={{ .Values.volume.port }} \ - -volume.readMode={{ .Values.volume.readMode }} \ - {{- if .Values.volume.imagesFixOrientation }} - -volume.images.fix.orientation \ - {{- end }} - {{- if .Values.volume.index }} - -volume.index={{ .Values.volume.index }} \ - {{- end }} - {{- if .Values.volume.fileSizeLimitMB }} - -volume.fileSizeLimitMB={{ .Values.volume.fileSizeLimitMB }} \ - {{- end }} - -volume.minFreeSpacePercent={{ .Values.volume.minFreeSpacePercent }} \ - -volume.compactionMBps={{ .Values.volume.compactionMBps }} \ - {{- if .Values.allInOne.metricsPort }} - -metricsPort={{ .Values.allInOne.metricsPort }} \ - {{- else if .Values.master.metricsPort }} - -metricsPort={{ .Values.master.metricsPort }} \ - {{- end }} - -filer \ - -filer.port={{ .Values.filer.port }} \ - {{- if .Values.filer.disableDirListing }} - -filer.disableDirListing \ - {{- end }} - -filer.dirListLimit={{ .Values.filer.dirListLimit }} \ - {{- if .Values.global.enableReplication }} - -filer.defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ - {{- else }} - -filer.defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ - {{- end }} - {{- if .Values.filer.maxMB }} - -filer.maxMB={{ .Values.filer.maxMB }} \ - {{- end }} - {{- if .Values.filer.encryptVolumeData }} - -filer.encryptVolumeData \ - {{- end }} - {{- if .Values.filer.filerGroup}} - -filer.filerGroup={{ .Values.filer.filerGroup}} \ - {{- end }} - {{- if .Values.filer.rack }} - -filer.rack={{ .Values.filer.rack }} \ - {{- end }} - {{- if .Values.filer.dataCenter }} - -filer.dataCenter={{ .Values.filer.dataCenter }} \ - {{- end }} - {{- if .Values.allInOne.s3.enabled }} - -s3 \ - -s3.port={{ .Values.s3.port }} \ - {{- if .Values.s3.domainName }} - -s3.domainName={{ .Values.s3.domainName }} \ - {{- end }} - {{- if .Values.global.enableSecurity }} - {{- if .Values.s3.httpsPort }} - -s3.port.https={{ .Values.s3.httpsPort }} \ - {{- end }} - -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ - -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ - {{- end }} - {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} - -s3.allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ - {{- end }} - {{- if .Values.s3.enableAuth }} - -s3.config=/etc/sw/s3/seaweedfs_s3_config \ - {{- end }} - {{- if .Values.s3.auditLogConfig }} - -s3.auditLogConfig=/etc/sw/s3/s3_auditLogConfig.json \ - {{- end }} - {{- end }} - {{- if .Values.allInOne.sftp.enabled }} - -sftp \ - -sftp.port={{ .Values.sftp.port }} \ - {{- if .Values.sftp.sshPrivateKey }} - -sftp.sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ - {{- end }} - {{- if .Values.sftp.hostKeysFolder }} - -sftp.hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ - {{- end }} - {{- if .Values.sftp.authMethods }} - -sftp.authMethods={{ .Values.sftp.authMethods }} \ - {{- end }} - {{- if .Values.sftp.maxAuthTries }} - -sftp.maxAuthTries={{ .Values.sftp.maxAuthTries }} \ - {{- end }} - {{- if .Values.sftp.bannerMessage }} - -sftp.bannerMessage="{{ .Values.sftp.bannerMessage }}" \ - {{- end }} - {{- if .Values.sftp.loginGraceTime }} - -sftp.loginGraceTime={{ .Values.sftp.loginGraceTime }} \ - {{- end }} - {{- if .Values.sftp.clientAliveInterval }} - -sftp.clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ - {{- end }} - {{- if .Values.sftp.clientAliveCountMax }} - -sftp.clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ - {{- end }} - -sftp.userStoreFile=/etc/sw/sftp/seaweedfs_sftp_config \ - {{- end }} - - volumeMounts: - - name: data - mountPath: /data - {{- if and .Values.allInOne.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} - - name: config-s3-users - mountPath: /etc/sw/s3 - readOnly: true - {{- end }} - {{- if .Values.allInOne.sftp.enabled }} - - name: config-ssh - mountPath: /etc/sw/ssh - readOnly: true - - mountPath: /etc/sw/sftp - name: config-users - readOnly: true - {{- end }} - {{- if .Values.filer.notificationConfig }} - - name: notification-config - mountPath: /etc/seaweedfs/notification.toml - subPath: notification.toml - readOnly: true - {{- end }} - - name: master-config - mountPath: /etc/seaweedfs/master.toml - subPath: master.toml - readOnly: true - {{- if .Values.global.enableSecurity }} - - name: security-config - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - readOnly: true - - name: ca-cert - mountPath: /usr/local/share/ca-certificates/ca/ - readOnly: true - - name: master-cert - mountPath: /usr/local/share/ca-certificates/master/ - readOnly: true - - name: volume-cert - mountPath: /usr/local/share/ca-certificates/volume/ - readOnly: true - - name: filer-cert - mountPath: /usr/local/share/ca-certificates/filer/ - readOnly: true - - name: client-cert - mountPath: /usr/local/share/ca-certificates/client/ - readOnly: true - {{- end }} - {{ tpl .Values.allInOne.extraVolumeMounts . | nindent 12 }} - ports: - - containerPort: {{ .Values.master.port }} - name: swfs-mas - - containerPort: {{ .Values.master.grpcPort }} - name: swfs-mas-grpc - - containerPort: {{ .Values.volume.port }} - name: swfs-vol - - containerPort: {{ .Values.volume.grpcPort }} - name: swfs-vol-grpc - - containerPort: {{ .Values.filer.port }} - name: swfs-fil - - containerPort: {{ .Values.filer.grpcPort }} - name: swfs-fil-grpc - {{- if .Values.allInOne.s3.enabled }} - - containerPort: {{ .Values.s3.port }} - name: swfs-s3 - {{- if .Values.s3.httpsPort }} - - containerPort: {{ .Values.s3.httpsPort }} - name: swfs-s3-tls - {{- end }} - {{- end }} - {{- if .Values.allInOne.sftp.enabled }} - - containerPort: {{ .Values.sftp.port }} - name: swfs-sftp - {{- end }} - {{- if .Values.allInOne.metricsPort }} - - containerPort: {{ .Values.allInOne.metricsPort }} - name: server-metrics - {{- end }} - {{- if .Values.allInOne.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.allInOne.readinessProbe.httpGet.path }} - port: {{ .Values.master.port }} - scheme: {{ .Values.allInOne.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.allInOne.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.allInOne.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.allInOne.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.allInOne.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.allInOne.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.allInOne.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.allInOne.livenessProbe.httpGet.path }} - port: {{ .Values.master.port }} - scheme: {{ .Values.allInOne.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.allInOne.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.allInOne.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.allInOne.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.allInOne.livenessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.allInOne.livenessProbe.timeoutSeconds }} - {{- end }} - {{- with .Values.allInOne.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.allInOne.containerSecurityContext.enabled }} - securityContext: - {{- omit .Values.allInOne.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.allInOne.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.allInOne.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: data - {{- if eq .Values.allInOne.data.type "hostPath" }} - hostPath: - path: {{ .Values.allInOne.data.hostPathPrefix }}/seaweedfs-all-in-one-data/ - type: DirectoryOrCreate - {{- else if eq .Values.allInOne.data.type "persistentVolumeClaim" }} - persistentVolumeClaim: - claimName: {{ .Values.allInOne.data.claimName }} - {{- else if eq .Values.allInOne.data.type "emptyDir" }} - emptyDir: {} - {{- end }} - {{- if and .Values.allInOne.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} - - name: config-s3-users - secret: - defaultMode: 420 - secretName: {{ default (printf "%s-s3-secret" (include "seaweedfs.name" .)) (or .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret) }} - {{- end }} - {{- if .Values.allInOne.sftp.enabled }} - - name: config-ssh - secret: - defaultMode: 420 - secretName: {{ default (printf "%s-sftp-ssh-secret" (include "seaweedfs.name" .)) .Values.sftp.existingSshConfigSecret }} - - name: config-users - secret: - defaultMode: 420 - secretName: {{ default (printf "%s-sftp-secret" (include "seaweedfs.name" .)) .Values.sftp.existingConfigSecret }} - {{- end }} - {{- if .Values.filer.notificationConfig }} - - name: notification-config - configMap: - name: {{ template "seaweedfs.name" . }}-notification-config - {{- end }} - - name: master-config - configMap: - name: {{ template "seaweedfs.name" . }}-master-config - {{- if .Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" . }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert - {{- end }} - {{ tpl .Values.allInOne.extraVolumes . | nindent 8 }} - {{- if .Values.allInOne.nodeSelector }} - nodeSelector: - {{ tpl .Values.allInOne.nodeSelector . | nindent 8 }} - {{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/all-in-one-pvc.yaml b/k8s/charts/seaweedfs/templates/all-in-one-pvc.yaml deleted file mode 100644 index 49ac20148..000000000 --- a/k8s/charts/seaweedfs/templates/all-in-one-pvc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if and .Values.allInOne.enabled (eq .Values.allInOne.data.type "persistentVolumeClaim") }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ .Values.allInOne.data.claimName }} - labels: - app.kubernetes.io/component: seaweedfs-all-in-one - {{- if .Values.allInOne.annotations }} - annotations: - {{- toYaml .Values.allInOne.annotations | nindent 4 }} - {{- end }} -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.allInOne.data.size }} - {{- if .Values.allInOne.data.storageClass }} - storageClassName: {{ .Values.allInOne.data.storageClass }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/all-in-one-service.yml b/k8s/charts/seaweedfs/templates/all-in-one-service.yml deleted file mode 100644 index 14076a9c3..000000000 --- a/k8s/charts/seaweedfs/templates/all-in-one-service.yml +++ /dev/null @@ -1,83 +0,0 @@ -{{- if .Values.allInOne.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "seaweedfs.name" . }}-all-in-one - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: seaweedfs-all-in-one - {{- if .Values.allInOne.service.annotations }} - annotations: - {{- toYaml .Values.allInOne.service.annotations | nindent 4 }} - {{- end }} -spec: - internalTrafficPolicy: {{ .Values.allInOne.service.internalTrafficPolicy | default "Cluster" }} - ports: - # Master ports - - name: "swfs-master" - port: {{ .Values.master.port }} - targetPort: {{ .Values.master.port }} - protocol: TCP - - name: "swfs-master-grpc" - port: {{ .Values.master.grpcPort }} - targetPort: {{ .Values.master.grpcPort }} - protocol: TCP - - # Volume ports - - name: "swfs-volume" - port: {{ .Values.volume.port }} - targetPort: {{ .Values.volume.port }} - protocol: TCP - - name: "swfs-volume-grpc" - port: {{ .Values.volume.grpcPort }} - targetPort: {{ .Values.volume.grpcPort }} - protocol: TCP - - # Filer ports - - name: "swfs-filer" - port: {{ .Values.filer.port }} - targetPort: {{ .Values.filer.port }} - protocol: TCP - - name: "swfs-filer-grpc" - port: {{ .Values.filer.grpcPort }} - targetPort: {{ .Values.filer.grpcPort }} - protocol: TCP - - # S3 ports (if enabled) - {{- if .Values.allInOne.s3.enabled }} - - name: "swfs-s3" - port: {{ if .Values.allInOne.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} - targetPort: {{ if .Values.allInOne.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} - protocol: TCP - {{- if and .Values.allInOne.s3.enabled .Values.s3.httpsPort }} - - name: "swfs-s3-tls" - port: {{ .Values.s3.httpsPort }} - targetPort: {{ .Values.s3.httpsPort }} - protocol: TCP - {{- end }} - {{- end }} - - # SFTP ports (if enabled) - {{- if .Values.allInOne.sftp.enabled }} - - name: "swfs-sftp" - port: {{ .Values.sftp.port }} - targetPort: {{ .Values.sftp.port }} - protocol: TCP - {{- end }} - - # Server metrics port (single metrics endpoint for all services) - {{- if .Values.allInOne.metricsPort }} - - name: "server-metrics" - port: {{ .Values.allInOne.metricsPort }} - targetPort: {{ .Values.allInOne.metricsPort }} - protocol: TCP - {{- end }} - - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: seaweedfs-all-in-one -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml deleted file mode 100644 index 0f9ce392c..000000000 --- a/k8s/charts/seaweedfs/templates/all-in-one-servicemonitor.yaml +++ /dev/null @@ -1,29 +0,0 @@ -{{- if .Values.allInOne.enabled }} -{{- if .Values.global.monitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "seaweedfs.name" . }}-all-in-one - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: all-in-one - {{- with .Values.global.monitoring.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -spec: - endpoints: - {{- if .Values.allInOne.metricsPort }} - - interval: 30s - port: server-metrics - scrapeTimeout: 5s - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: seaweedfs-all-in-one -{{- end }} -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml new file mode 100644 index 000000000..86bb45a8e --- /dev/null +++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml @@ -0,0 +1,431 @@ +{{- if .Values.allInOne.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-all-in-one + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + {{- if .Values.allInOne.annotations }} + annotations: + {{- toYaml .Values.allInOne.annotations | nindent 4 }} + {{- end }} +spec: + replicas: 1 + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.allInOne.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.allInOne.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.allInOne.restartPolicy }} + {{- if .Values.allInOne.affinity }} + affinity: + {{ tpl .Values.allInOne.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.allInOne.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.allInOne.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} + {{- if .Values.allInOne.tolerations }} + tolerations: + {{- tpl .Values.allInOne.tolerations . | nindent 8 }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 60 + enableServiceLinks: false + {{- if .Values.allInOne.priorityClassName }} + priorityClassName: {{ .Values.allInOne.priorityClassName | quote }} + {{- end }} + {{- if .Values.allInOne.serviceAccountName }} + serviceAccountName: {{ .Values.allInOne.serviceAccountName | quote }} + {{- end }} + {{- if .Values.allInOne.initContainers }} + initContainers: + {{- tpl .Values.allInOne.initContainers . | nindent 8 }} + {{- end }} + {{- if .Values.allInOne.podSecurityContext.enabled }} + securityContext: + {{- omit .Values.allInOne.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "master.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.allInOne.extraEnvironmentVars }} + {{- range $key, $value := .Values.allInOne.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + /usr/bin/weed \ + -v={{ .Values.global.loggingLevel }} \ + server \ + -dir=/data \ + -master \ + -volume \ + -ip=${POD_IP} \ + -ip.bind=0.0.0.0 \ + {{- if .Values.allInOne.idleTimeout }} + -idleTimeout={{ .Values.allInOne.idleTimeout }} \ + {{- end }} + {{- if .Values.allInOne.dataCenter }} + -dataCenter={{ .Values.allInOne.dataCenter }} \ + {{- end }} + {{- if .Values.allInOne.rack }} + -rack={{ .Values.allInOne.rack }} \ + {{- end }} + {{- if .Values.allInOne.whiteList }} + -whiteList={{ .Values.allInOne.whiteList }} \ + {{- end }} + {{- if .Values.allInOne.disableHttp }} + -disableHttp={{ .Values.allInOne.disableHttp }} \ + {{- end }} + {{- if and (.Values.volume.dataDirs) (index .Values.volume.dataDirs 0 "maxVolumes") }} + -volume.max={{ index .Values.volume.dataDirs 0 "maxVolumes" }} \ + {{- end }} + -master.port={{ .Values.master.port }} \ + {{- if .Values.global.enableReplication }} + -master.defaultReplication={{ .Values.global.replicationPlacement }} \ + {{- else }} + -master.defaultReplication={{ .Values.master.defaultReplication }} \ + {{- end }} + {{- if .Values.master.volumePreallocate }} + -master.volumePreallocate \ + {{- end }} + -master.volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ + {{- if .Values.master.garbageThreshold }} + -master.garbageThreshold={{ .Values.master.garbageThreshold }} \ + {{- end }} + -volume.port={{ .Values.volume.port }} \ + -volume.readMode={{ .Values.volume.readMode }} \ + {{- if .Values.volume.imagesFixOrientation }} + -volume.images.fix.orientation \ + {{- end }} + {{- if .Values.volume.index }} + -volume.index={{ .Values.volume.index }} \ + {{- end }} + {{- if .Values.volume.fileSizeLimitMB }} + -volume.fileSizeLimitMB={{ .Values.volume.fileSizeLimitMB }} \ + {{- end }} + -volume.minFreeSpacePercent={{ .Values.volume.minFreeSpacePercent }} \ + -volume.compactionMBps={{ .Values.volume.compactionMBps }} \ + {{- if .Values.allInOne.metricsPort }} + -metricsPort={{ .Values.allInOne.metricsPort }} \ + {{- else if .Values.master.metricsPort }} + -metricsPort={{ .Values.master.metricsPort }} \ + {{- end }} + -filer \ + -filer.port={{ .Values.filer.port }} \ + {{- if .Values.filer.disableDirListing }} + -filer.disableDirListing \ + {{- end }} + -filer.dirListLimit={{ .Values.filer.dirListLimit }} \ + {{- if .Values.global.enableReplication }} + -filer.defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ + {{- else }} + -filer.defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ + {{- end }} + {{- if .Values.filer.maxMB }} + -filer.maxMB={{ .Values.filer.maxMB }} \ + {{- end }} + {{- if .Values.filer.encryptVolumeData }} + -filer.encryptVolumeData \ + {{- end }} + {{- if .Values.filer.filerGroup}} + -filer.filerGroup={{ .Values.filer.filerGroup}} \ + {{- end }} + {{- if .Values.filer.rack }} + -filer.rack={{ .Values.filer.rack }} \ + {{- end }} + {{- if .Values.filer.dataCenter }} + -filer.dataCenter={{ .Values.filer.dataCenter }} \ + {{- end }} + {{- if .Values.allInOne.s3.enabled }} + -s3 \ + -s3.port={{ .Values.s3.port }} \ + {{- if .Values.s3.domainName }} + -s3.domainName={{ .Values.s3.domainName }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + {{- if .Values.s3.httpsPort }} + -s3.port.https={{ .Values.s3.httpsPort }} \ + {{- end }} + -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} + -s3.allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ + {{- end }} + {{- if .Values.s3.enableAuth }} + -s3.config=/etc/sw/s3/seaweedfs_s3_config \ + {{- end }} + {{- if .Values.s3.auditLogConfig }} + -s3.auditLogConfig=/etc/sw/s3/s3_auditLogConfig.json \ + {{- end }} + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + -sftp \ + -sftp.port={{ .Values.sftp.port }} \ + {{- if .Values.sftp.sshPrivateKey }} + -sftp.sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ + {{- end }} + {{- if .Values.sftp.hostKeysFolder }} + -sftp.hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ + {{- end }} + {{- if .Values.sftp.authMethods }} + -sftp.authMethods={{ .Values.sftp.authMethods }} \ + {{- end }} + {{- if .Values.sftp.maxAuthTries }} + -sftp.maxAuthTries={{ .Values.sftp.maxAuthTries }} \ + {{- end }} + {{- if .Values.sftp.bannerMessage }} + -sftp.bannerMessage="{{ .Values.sftp.bannerMessage }}" \ + {{- end }} + {{- if .Values.sftp.loginGraceTime }} + -sftp.loginGraceTime={{ .Values.sftp.loginGraceTime }} \ + {{- end }} + {{- if .Values.sftp.clientAliveInterval }} + -sftp.clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ + {{- end }} + {{- if .Values.sftp.clientAliveCountMax }} + -sftp.clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ + {{- end }} + -sftp.userStoreFile=/etc/sw/sftp/seaweedfs_sftp_config \ + {{- end }} + + volumeMounts: + - name: data + mountPath: /data + {{- if and .Values.allInOne.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} + - name: config-s3-users + mountPath: /etc/sw/s3 + readOnly: true + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + - name: config-ssh + mountPath: /etc/sw/ssh + readOnly: true + - mountPath: /etc/sw/sftp + name: config-users + readOnly: true + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + mountPath: /etc/seaweedfs/notification.toml + subPath: notification.toml + readOnly: true + {{- end }} + - name: master-config + mountPath: /etc/seaweedfs/master.toml + subPath: master.toml + readOnly: true + {{- if .Values.global.enableSecurity }} + - name: security-config + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + readOnly: true + - name: ca-cert + mountPath: /usr/local/share/ca-certificates/ca/ + readOnly: true + - name: master-cert + mountPath: /usr/local/share/ca-certificates/master/ + readOnly: true + - name: volume-cert + mountPath: /usr/local/share/ca-certificates/volume/ + readOnly: true + - name: filer-cert + mountPath: /usr/local/share/ca-certificates/filer/ + readOnly: true + - name: client-cert + mountPath: /usr/local/share/ca-certificates/client/ + readOnly: true + {{- end }} + {{ tpl .Values.allInOne.extraVolumeMounts . | nindent 12 }} + ports: + - containerPort: {{ .Values.master.port }} + name: swfs-mas + - containerPort: {{ .Values.master.grpcPort }} + name: swfs-mas-grpc + - containerPort: {{ .Values.volume.port }} + name: swfs-vol + - containerPort: {{ .Values.volume.grpcPort }} + name: swfs-vol-grpc + - containerPort: {{ .Values.filer.port }} + name: swfs-fil + - containerPort: {{ .Values.filer.grpcPort }} + name: swfs-fil-grpc + {{- if .Values.allInOne.s3.enabled }} + - containerPort: {{ .Values.s3.port }} + name: swfs-s3 + {{- if .Values.s3.httpsPort }} + - containerPort: {{ .Values.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + - containerPort: {{ .Values.sftp.port }} + name: swfs-sftp + {{- end }} + {{- if .Values.allInOne.metricsPort }} + - containerPort: {{ .Values.allInOne.metricsPort }} + name: server-metrics + {{- end }} + {{- if .Values.allInOne.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.allInOne.readinessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.allInOne.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.allInOne.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.allInOne.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.allInOne.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.allInOne.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.allInOne.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.allInOne.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.allInOne.livenessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.allInOne.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.allInOne.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.allInOne.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.allInOne.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.allInOne.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.allInOne.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.allInOne.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.allInOne.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.allInOne.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.allInOne.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.allInOne.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: data + {{- if eq .Values.allInOne.data.type "hostPath" }} + hostPath: + path: {{ .Values.allInOne.data.hostPathPrefix }}/seaweedfs-all-in-one-data/ + type: DirectoryOrCreate + {{- else if eq .Values.allInOne.data.type "persistentVolumeClaim" }} + persistentVolumeClaim: + claimName: {{ .Values.allInOne.data.claimName }} + {{- else if eq .Values.allInOne.data.type "emptyDir" }} + emptyDir: {} + {{- end }} + {{- if and .Values.allInOne.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} + - name: config-s3-users + secret: + defaultMode: 420 + secretName: {{ default (printf "%s-s3-secret" (include "seaweedfs.name" .)) (or .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret) }} + {{- end }} + {{- if .Values.allInOne.sftp.enabled }} + - name: config-ssh + secret: + defaultMode: 420 + secretName: {{ default (printf "%s-sftp-ssh-secret" (include "seaweedfs.name" .)) .Values.sftp.existingSshConfigSecret }} + - name: config-users + secret: + defaultMode: 420 + secretName: {{ default (printf "%s-sftp-secret" (include "seaweedfs.name" .)) .Values.sftp.existingConfigSecret }} + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + configMap: + name: {{ template "seaweedfs.name" . }}-notification-config + {{- end }} + - name: master-config + configMap: + name: {{ template "seaweedfs.name" . }}-master-config + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.allInOne.extraVolumes . | nindent 8 }} + {{- if .Values.allInOne.nodeSelector }} + nodeSelector: + {{ tpl .Values.allInOne.nodeSelector . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-pvc.yaml b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-pvc.yaml new file mode 100644 index 000000000..49ac20148 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-pvc.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.allInOne.enabled (eq .Values.allInOne.data.type "persistentVolumeClaim") }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ .Values.allInOne.data.claimName }} + labels: + app.kubernetes.io/component: seaweedfs-all-in-one + {{- if .Values.allInOne.annotations }} + annotations: + {{- toYaml .Values.allInOne.annotations | nindent 4 }} + {{- end }} +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.allInOne.data.size }} + {{- if .Values.allInOne.data.storageClass }} + storageClassName: {{ .Values.allInOne.data.storageClass }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-service.yml b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-service.yml new file mode 100644 index 000000000..14076a9c3 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-service.yml @@ -0,0 +1,83 @@ +{{- if .Values.allInOne.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-all-in-one + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: seaweedfs-all-in-one + {{- if .Values.allInOne.service.annotations }} + annotations: + {{- toYaml .Values.allInOne.service.annotations | nindent 4 }} + {{- end }} +spec: + internalTrafficPolicy: {{ .Values.allInOne.service.internalTrafficPolicy | default "Cluster" }} + ports: + # Master ports + - name: "swfs-master" + port: {{ .Values.master.port }} + targetPort: {{ .Values.master.port }} + protocol: TCP + - name: "swfs-master-grpc" + port: {{ .Values.master.grpcPort }} + targetPort: {{ .Values.master.grpcPort }} + protocol: TCP + + # Volume ports + - name: "swfs-volume" + port: {{ .Values.volume.port }} + targetPort: {{ .Values.volume.port }} + protocol: TCP + - name: "swfs-volume-grpc" + port: {{ .Values.volume.grpcPort }} + targetPort: {{ .Values.volume.grpcPort }} + protocol: TCP + + # Filer ports + - name: "swfs-filer" + port: {{ .Values.filer.port }} + targetPort: {{ .Values.filer.port }} + protocol: TCP + - name: "swfs-filer-grpc" + port: {{ .Values.filer.grpcPort }} + targetPort: {{ .Values.filer.grpcPort }} + protocol: TCP + + # S3 ports (if enabled) + {{- if .Values.allInOne.s3.enabled }} + - name: "swfs-s3" + port: {{ if .Values.allInOne.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + targetPort: {{ if .Values.allInOne.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + protocol: TCP + {{- if and .Values.allInOne.s3.enabled .Values.s3.httpsPort }} + - name: "swfs-s3-tls" + port: {{ .Values.s3.httpsPort }} + targetPort: {{ .Values.s3.httpsPort }} + protocol: TCP + {{- end }} + {{- end }} + + # SFTP ports (if enabled) + {{- if .Values.allInOne.sftp.enabled }} + - name: "swfs-sftp" + port: {{ .Values.sftp.port }} + targetPort: {{ .Values.sftp.port }} + protocol: TCP + {{- end }} + + # Server metrics port (single metrics endpoint for all services) + {{- if .Values.allInOne.metricsPort }} + - name: "server-metrics" + port: {{ .Values.allInOne.metricsPort }} + targetPort: {{ .Values.allInOne.metricsPort }} + protocol: TCP + {{- end }} + + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: seaweedfs-all-in-one +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-servicemonitor.yaml new file mode 100644 index 000000000..0f9ce392c --- /dev/null +++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-servicemonitor.yaml @@ -0,0 +1,29 @@ +{{- if .Values.allInOne.enabled }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-all-in-one + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: all-in-one + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + endpoints: + {{- if .Values.allInOne.metricsPort }} + - interval: 30s + port: server-metrics + scrapeTimeout: 5s + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: seaweedfs-all-in-one +{{- end }} +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/ca-cert.yaml b/k8s/charts/seaweedfs/templates/ca-cert.yaml deleted file mode 100644 index 0fd6615e1..000000000 --- a/k8s/charts/seaweedfs/templates/ca-cert.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Certificate -metadata: - name: {{ template "seaweedfs.name" . }}-ca-cert - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - commonName: "{{ template "seaweedfs.name" . }}-root-ca" - isCA: true - issuerRef: - name: {{ template "seaweedfs.name" . }}-issuer - kind: Issuer -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert-caissuer.yaml b/k8s/charts/seaweedfs/templates/cert-caissuer.yaml deleted file mode 100644 index 72de126e1..000000000 --- a/k8s/charts/seaweedfs/templates/cert-caissuer.yaml +++ /dev/null @@ -1,15 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Issuer -metadata: - name: {{ template "seaweedfs.name" . }}-ca-issuer - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - ca: - secretName: {{ template "seaweedfs.name" . }}-ca-cert -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert-issuer.yaml b/k8s/charts/seaweedfs/templates/cert-issuer.yaml deleted file mode 100644 index 9f243d07c..000000000 --- a/k8s/charts/seaweedfs/templates/cert-issuer.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Issuer -metadata: - name: {{ template "seaweedfs.name" . }}-issuer - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - selfSigned: {} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml new file mode 100644 index 000000000..0fd6615e1 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Certificate +metadata: + name: {{ template "seaweedfs.name" . }}-ca-cert + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + commonName: "{{ template "seaweedfs.name" . }}-root-ca" + isCA: true + issuerRef: + name: {{ template "seaweedfs.name" . }}-issuer + kind: Issuer +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/cert-caissuer.yaml b/k8s/charts/seaweedfs/templates/cert/cert-caissuer.yaml new file mode 100644 index 000000000..72de126e1 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/cert-caissuer.yaml @@ -0,0 +1,15 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Issuer +metadata: + name: {{ template "seaweedfs.name" . }}-ca-issuer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + ca: + secretName: {{ template "seaweedfs.name" . }}-ca-cert +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/cert-issuer.yaml b/k8s/charts/seaweedfs/templates/cert/cert-issuer.yaml new file mode 100644 index 000000000..9f243d07c --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/cert-issuer.yaml @@ -0,0 +1,13 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Issuer +metadata: + name: {{ template "seaweedfs.name" . }}-issuer + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + selfSigned: {} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/client-cert.yaml b/k8s/charts/seaweedfs/templates/cert/client-cert.yaml new file mode 100644 index 000000000..bda132a02 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/client-cert.yaml @@ -0,0 +1,40 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Certificate +metadata: + name: {{ template "seaweedfs.name" . }}-client-cert + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +spec: + secretName: {{ template "seaweedfs.name" . }}-client-cert + issuerRef: + name: {{ template "seaweedfs.name" . }}-ca-issuer + kind: Issuer + commonName: {{ .Values.certificates.commonName }} + subject: + organizations: + - "SeaweedFS CA" + dnsNames: + - '*.{{ .Release.Namespace }}' + - '*.{{ .Release.Namespace }}.svc' + - '*.{{ .Release.Namespace }}.svc.cluster.local' + - '*.{{ template "seaweedfs.name" . }}-master' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' +{{- if .Values.certificates.ipAddresses }} + ipAddresses: + {{- range .Values.certificates.ipAddresses }} + - {{ . }} + {{- end }} +{{- end }} + privateKey: + algorithm: {{ .Values.certificates.keyAlgorithm }} + size: {{ .Values.certificates.keySize }} + duration: {{ .Values.certificates.duration }} + renewBefore: {{ .Values.certificates.renewBefore }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/filer-cert.yaml b/k8s/charts/seaweedfs/templates/cert/filer-cert.yaml new file mode 100644 index 000000000..4cb117ae8 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/filer-cert.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Certificate +metadata: + name: {{ template "seaweedfs.name" . }}-filer-cert + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer + {{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} + {{- end }} +spec: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + issuerRef: + name: {{ template "seaweedfs.name" . }}-ca-issuer + kind: Issuer + commonName: {{ .Values.certificates.commonName }} + subject: + organizations: + - "SeaweedFS CA" + dnsNames: + - '*.{{ .Release.Namespace }}' + - '*.{{ .Release.Namespace }}.svc' + - '*.{{ .Release.Namespace }}.svc.cluster.local' + - '*.{{ template "seaweedfs.name" . }}-master' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' +{{- if .Values.certificates.ipAddresses }} + ipAddresses: + {{- range .Values.certificates.ipAddresses }} + - {{ . }} + {{- end }} +{{- end }} + privateKey: + algorithm: {{ .Values.certificates.keyAlgorithm }} + size: {{ .Values.certificates.keySize }} + duration: {{ .Values.certificates.duration }} + renewBefore: {{ .Values.certificates.renewBefore }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/master-cert.yaml b/k8s/charts/seaweedfs/templates/cert/master-cert.yaml new file mode 100644 index 000000000..256785254 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/master-cert.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Certificate +metadata: + name: {{ template "seaweedfs.name" . }}-master-cert + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} +spec: + secretName: {{ template "seaweedfs.name" . }}-master-cert + issuerRef: + name: {{ template "seaweedfs.name" . }}-ca-issuer + kind: Issuer + commonName: {{ .Values.certificates.commonName }} + subject: + organizations: + - "SeaweedFS CA" + dnsNames: + - '*.{{ .Release.Namespace }}' + - '*.{{ .Release.Namespace }}.svc' + - '*.{{ .Release.Namespace }}.svc.cluster.local' + - '*.{{ template "seaweedfs.name" . }}-master' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' +{{- if .Values.certificates.ipAddresses }} + ipAddresses: + {{- range .Values.certificates.ipAddresses }} + - {{ . }} + {{- end }} +{{- end }} + privateKey: + algorithm: {{ .Values.certificates.keyAlgorithm }} + size: {{ .Values.certificates.keySize }} + duration: {{ .Values.certificates.duration }} + renewBefore: {{ .Values.certificates.renewBefore }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cert/volume-cert.yaml b/k8s/charts/seaweedfs/templates/cert/volume-cert.yaml new file mode 100644 index 000000000..bd59a676d --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cert/volume-cert.yaml @@ -0,0 +1,45 @@ +{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} +apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} +kind: Certificate +metadata: + name: {{ template "seaweedfs.name" . }}-volume-cert + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: volume +{{- if .Values.volume.annotations }} + annotations: + {{- toYaml .Values.volume.annotations | nindent 4 }} +{{- end }} +spec: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + issuerRef: + name: {{ template "seaweedfs.name" . }}-ca-issuer + kind: Issuer + commonName: {{ .Values.certificates.commonName }} + subject: + organizations: + - "SeaweedFS CA" + dnsNames: + - '*.{{ .Release.Namespace }}' + - '*.{{ .Release.Namespace }}.svc' + - '*.{{ .Release.Namespace }}.svc.cluster.local' + - '*.{{ template "seaweedfs.name" . }}-master' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' + - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' +{{- if .Values.certificates.ipAddresses }} + ipAddresses: + {{- range .Values.certificates.ipAddresses }} + - {{ . }} + {{- end }} +{{- end }} + privateKey: + algorithm: {{ .Values.certificates.keyAlgorithm }} + size: {{ .Values.certificates.keySize }} + duration: {{ .Values.certificates.duration }} + renewBefore: {{ .Values.certificates.renewBefore }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/client-cert.yaml b/k8s/charts/seaweedfs/templates/client-cert.yaml deleted file mode 100644 index bda132a02..000000000 --- a/k8s/charts/seaweedfs/templates/client-cert.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Certificate -metadata: - name: {{ template "seaweedfs.name" . }}-client-cert - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -spec: - secretName: {{ template "seaweedfs.name" . }}-client-cert - issuerRef: - name: {{ template "seaweedfs.name" . }}-ca-issuer - kind: Issuer - commonName: {{ .Values.certificates.commonName }} - subject: - organizations: - - "SeaweedFS CA" - dnsNames: - - '*.{{ .Release.Namespace }}' - - '*.{{ .Release.Namespace }}.svc' - - '*.{{ .Release.Namespace }}.svc.cluster.local' - - '*.{{ template "seaweedfs.name" . }}-master' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' -{{- if .Values.certificates.ipAddresses }} - ipAddresses: - {{- range .Values.certificates.ipAddresses }} - - {{ . }} - {{- end }} -{{- end }} - privateKey: - algorithm: {{ .Values.certificates.keyAlgorithm }} - size: {{ .Values.certificates.keySize }} - duration: {{ .Values.certificates.duration }} - renewBefore: {{ .Values.certificates.renewBefore }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cluster-role.yaml b/k8s/charts/seaweedfs/templates/cluster-role.yaml deleted file mode 100644 index 154de0675..000000000 --- a/k8s/charts/seaweedfs/templates/cluster-role.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if .Values.global.createClusterRole }} -#hack for delete pod master after migration ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.global.serviceAccountName }}-rw-cr - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: system:serviceaccount:{{ .Values.global.serviceAccountName }}:default - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -subjects: - - kind: ServiceAccount - name: {{ .Values.global.serviceAccountName }} - namespace: {{ .Release.Namespace }} -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: {{ .Values.global.serviceAccountName }}-rw-cr -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/cosi-bucket-class.yaml b/k8s/charts/seaweedfs/templates/cosi-bucket-class.yaml deleted file mode 100644 index e5503abd8..000000000 --- a/k8s/charts/seaweedfs/templates/cosi-bucket-class.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{- if and .Values.cosi.enabled .Values.cosi.bucketClassName }} ---- -kind: BucketClass -apiVersion: objectstorage.k8s.io/v1alpha1 -metadata: - name: {{ .Values.cosi.bucketClassName }} -driverName: {{ .Values.cosi.driverName }} -deletionPolicy: Delete ---- -kind: BucketAccessClass -apiVersion: objectstorage.k8s.io/v1alpha1 -metadata: - name: {{ .Values.cosi.bucketClassName }} -driverName: {{ .Values.cosi.driverName }} -authenticationType: KEY -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi-cluster-role.yaml b/k8s/charts/seaweedfs/templates/cosi-cluster-role.yaml deleted file mode 100644 index 75d3ec32c..000000000 --- a/k8s/charts/seaweedfs/templates/cosi-cluster-role.yaml +++ /dev/null @@ -1,69 +0,0 @@ -{{- if .Values.cosi.enabled }} ---- -kind: ClusterRole -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -rules: -- apiGroups: ["objectstorage.k8s.io"] - resources: - - "buckets" - - "bucketaccesses" - - "bucketclaims" - - "bucketaccessclasses" - - "buckets/status" - - "bucketaccesses/status" - - "bucketclaims/status" - - "bucketaccessclasses/status" - verbs: - - "get" - - "list" - - "watch" - - "update" - - "create" - - "delete" -- apiGroups: ["coordination.k8s.io"] - resources: ["leases"] - verbs: - - "get" - - "watch" - - "list" - - "delete" - - "update" - - "create" -- apiGroups: [""] - resources: - - "secrets" - - "events" - verbs: - - "get" - - "list" - - "watch" - - "update" - - "create" - - "delete" - - "patch" ---- -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1 -metadata: - name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -subjects: - - kind: ServiceAccount - name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner - namespace: {{ .Release.Namespace }} -roleRef: - kind: ClusterRole - name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner - apiGroup: rbac.authorization.k8s.io -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi-deployment.yaml b/k8s/charts/seaweedfs/templates/cosi-deployment.yaml deleted file mode 100644 index b200c89ae..000000000 --- a/k8s/charts/seaweedfs/templates/cosi-deployment.yaml +++ /dev/null @@ -1,217 +0,0 @@ -{{- if .Values.cosi.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "seaweedfs.name" . }}-objectstorage-provisioner - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: objectstorage-provisioner -spec: - replicas: {{ .Values.cosi.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: objectstorage-provisioner - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: objectstorage-provisioner - {{ with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.cosi.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{ with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.cosi.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: {{ default .Values.global.restartPolicy .Values.cosi.restartPolicy }} - {{- if .Values.cosi.affinity }} - affinity: - {{ tpl .Values.cosi.affinity . | nindent 8 | trim }} - {{- end }} - {{- if .Values.cosi.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl .Values.cosi.topologySpreadConstraint . | nindent 8 | trim }} - {{- end }} - {{- if .Values.cosi.tolerations }} - tolerations: - {{ tpl .Values.cosi.tolerations . | nindent 8 | trim }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} - terminationGracePeriodSeconds: 10 - {{- if .Values.cosi.priorityClassName }} - priorityClassName: {{ .Values.cosi.priorityClassName | quote }} - {{- end }} - enableServiceLinks: false - serviceAccountName: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner - {{- if .Values.cosi.initContainers }} - initContainers: - {{ tpl .Values.cosi.initContainers . | nindent 8 | trim }} - {{- end }} - {{- if .Values.cosi.podSecurityContext.enabled }} - securityContext: {{- omit .Values.cosi.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs-cosi-driver - image: "{{ .Values.cosi.image }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - env: - - name: DRIVERNAME - value: "{{ .Values.cosi.driverName }}" - - name: ENDPOINT - {{- if .Values.cosi.endpoint }} - value: "{{ .Values.cosi.endpoint }}" - {{- else if .Values.s3.ingress.enabled }} - value: "{{ printf "https://%s" .Values.s3.ingress.host }}" - {{- else if .Values.s3.enabled }} - value: "{{ printf "https://%s-s3.%s.svc" (include "seaweedfs.name" .) .Release.Namespace }}" - {{- else }} - value: "{{ printf "https://%s-filer.%s.svc" (include "seaweedfs.name" .) .Release.Namespace }}" - {{- end }} - {{- with .Values.cosi.region }} - - name: REGION - value: "{{ . }}" - {{- end }} - - name: SEAWEEDFS_FILER - value: "{{ template "seaweedfs.name" . }}-filer:{{ .Values.filer.grpcPort }}" - {{- if .Values.global.enableSecurity }} - - name: WEED_GRPC_CLIENT_KEY - value: /usr/local/share/ca-certificates/client/tls.key - - name: WEED_GRPC_CLIENT_CERT - value: /usr/local/share/ca-certificates/client/tls.crt - - name: WEED_GRPC_CA - value: /usr/local/share/ca-certificates/client/ca.crt - {{- end }} - {{- if .Values.cosi.extraEnvironmentVars }} - {{- range $key, $value := .Values.cosi.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - volumeMounts: - - mountPath: /var/lib/cosi - name: socket - {{- if .Values.cosi.enableAuth }} - - mountPath: /etc/sw - name: config-users - readOnly: true - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - readOnly: true - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - - name: ca-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/ca/ - - name: master-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/master/ - - name: volume-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/volume/ - - name: filer-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/filer/ - - name: client-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/client/ - {{- end }} - {{ tpl .Values.cosi.extraVolumeMounts . | nindent 12 | trim }} - {{- with .Values.cosi.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - - name: seaweedfs-cosi-sidecar - image: "{{ .Values.cosi.sidecar.image }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - args: - - {{ printf "--v=%s" (default "5" .Values.cosi.sidecar.logLevel) }} - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - volumeMounts: - - mountPath: /var/lib/cosi - name: socket - {{- with .Values.cosi.sidecar.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.cosi.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.cosi.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.cosi.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.cosi.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - - name: socket - emptyDir: {} - {{- if .Values.cosi.enableAuth }} - - name: config-users - secret: - defaultMode: 420 - {{- if .Values.cosi.existingConfigSecret }} - secretName: {{ .Values.cosi.existingConfigSecret }} - {{- else }} - secretName: seaweedfs-s3-secret - {{- end }} - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" . }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert - {{- end }} - {{ tpl .Values.cosi.extraVolumes . | indent 8 | trim }} - {{- if .Values.cosi.nodeSelector }} - nodeSelector: - {{ tpl .Values.cosi.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi-service-account.yaml b/k8s/charts/seaweedfs/templates/cosi-service-account.yaml deleted file mode 100644 index 78227fdeb..000000000 --- a/k8s/charts/seaweedfs/templates/cosi-service-account.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.cosi.enabled }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -automountServiceAccountToken: {{ .Values.global.automountServiceAccountToken }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi/cosi-bucket-class.yaml b/k8s/charts/seaweedfs/templates/cosi/cosi-bucket-class.yaml new file mode 100644 index 000000000..e5503abd8 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cosi/cosi-bucket-class.yaml @@ -0,0 +1,16 @@ +{{- if and .Values.cosi.enabled .Values.cosi.bucketClassName }} +--- +kind: BucketClass +apiVersion: objectstorage.k8s.io/v1alpha1 +metadata: + name: {{ .Values.cosi.bucketClassName }} +driverName: {{ .Values.cosi.driverName }} +deletionPolicy: Delete +--- +kind: BucketAccessClass +apiVersion: objectstorage.k8s.io/v1alpha1 +metadata: + name: {{ .Values.cosi.bucketClassName }} +driverName: {{ .Values.cosi.driverName }} +authenticationType: KEY +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi/cosi-cluster-role.yaml b/k8s/charts/seaweedfs/templates/cosi/cosi-cluster-role.yaml new file mode 100644 index 000000000..75d3ec32c --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cosi/cosi-cluster-role.yaml @@ -0,0 +1,69 @@ +{{- if .Values.cosi.enabled }} +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: +- apiGroups: ["objectstorage.k8s.io"] + resources: + - "buckets" + - "bucketaccesses" + - "bucketclaims" + - "bucketaccessclasses" + - "buckets/status" + - "bucketaccesses/status" + - "bucketclaims/status" + - "bucketaccessclasses/status" + verbs: + - "get" + - "list" + - "watch" + - "update" + - "create" + - "delete" +- apiGroups: ["coordination.k8s.io"] + resources: ["leases"] + verbs: + - "get" + - "watch" + - "list" + - "delete" + - "update" + - "create" +- apiGroups: [""] + resources: + - "secrets" + - "events" + verbs: + - "get" + - "list" + - "watch" + - "update" + - "create" + - "delete" + - "patch" +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner + namespace: {{ .Release.Namespace }} +roleRef: + kind: ClusterRole + name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner + apiGroup: rbac.authorization.k8s.io +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi/cosi-deployment.yaml b/k8s/charts/seaweedfs/templates/cosi/cosi-deployment.yaml new file mode 100644 index 000000000..b200c89ae --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cosi/cosi-deployment.yaml @@ -0,0 +1,217 @@ +{{- if .Values.cosi.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-objectstorage-provisioner + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: objectstorage-provisioner +spec: + replicas: {{ .Values.cosi.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: objectstorage-provisioner + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: objectstorage-provisioner + {{ with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cosi.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.cosi.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.cosi.restartPolicy }} + {{- if .Values.cosi.affinity }} + affinity: + {{ tpl .Values.cosi.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.cosi.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.cosi.topologySpreadConstraint . | nindent 8 | trim }} + {{- end }} + {{- if .Values.cosi.tolerations }} + tolerations: + {{ tpl .Values.cosi.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 10 + {{- if .Values.cosi.priorityClassName }} + priorityClassName: {{ .Values.cosi.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + serviceAccountName: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner + {{- if .Values.cosi.initContainers }} + initContainers: + {{ tpl .Values.cosi.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.cosi.podSecurityContext.enabled }} + securityContext: {{- omit .Values.cosi.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs-cosi-driver + image: "{{ .Values.cosi.image }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: DRIVERNAME + value: "{{ .Values.cosi.driverName }}" + - name: ENDPOINT + {{- if .Values.cosi.endpoint }} + value: "{{ .Values.cosi.endpoint }}" + {{- else if .Values.s3.ingress.enabled }} + value: "{{ printf "https://%s" .Values.s3.ingress.host }}" + {{- else if .Values.s3.enabled }} + value: "{{ printf "https://%s-s3.%s.svc" (include "seaweedfs.name" .) .Release.Namespace }}" + {{- else }} + value: "{{ printf "https://%s-filer.%s.svc" (include "seaweedfs.name" .) .Release.Namespace }}" + {{- end }} + {{- with .Values.cosi.region }} + - name: REGION + value: "{{ . }}" + {{- end }} + - name: SEAWEEDFS_FILER + value: "{{ template "seaweedfs.name" . }}-filer:{{ .Values.filer.grpcPort }}" + {{- if .Values.global.enableSecurity }} + - name: WEED_GRPC_CLIENT_KEY + value: /usr/local/share/ca-certificates/client/tls.key + - name: WEED_GRPC_CLIENT_CERT + value: /usr/local/share/ca-certificates/client/tls.crt + - name: WEED_GRPC_CA + value: /usr/local/share/ca-certificates/client/ca.crt + {{- end }} + {{- if .Values.cosi.extraEnvironmentVars }} + {{- range $key, $value := .Values.cosi.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + volumeMounts: + - mountPath: /var/lib/cosi + name: socket + {{- if .Values.cosi.enableAuth }} + - mountPath: /etc/sw + name: config-users + readOnly: true + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.cosi.extraVolumeMounts . | nindent 12 | trim }} + {{- with .Values.cosi.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + - name: seaweedfs-cosi-sidecar + image: "{{ .Values.cosi.sidecar.image }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + args: + - {{ printf "--v=%s" (default "5" .Values.cosi.sidecar.logLevel) }} + env: + - name: POD_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + volumeMounts: + - mountPath: /var/lib/cosi + name: socket + {{- with .Values.cosi.sidecar.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.cosi.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.cosi.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.cosi.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.cosi.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + - name: socket + emptyDir: {} + {{- if .Values.cosi.enableAuth }} + - name: config-users + secret: + defaultMode: 420 + {{- if .Values.cosi.existingConfigSecret }} + secretName: {{ .Values.cosi.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-s3-secret + {{- end }} + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.cosi.extraVolumes . | indent 8 | trim }} + {{- if .Values.cosi.nodeSelector }} + nodeSelector: + {{ tpl .Values.cosi.nodeSelector . | indent 8 | trim }} + {{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/cosi/cosi-service-account.yaml b/k8s/charts/seaweedfs/templates/cosi/cosi-service-account.yaml new file mode 100644 index 000000000..78227fdeb --- /dev/null +++ b/k8s/charts/seaweedfs/templates/cosi/cosi-service-account.yaml @@ -0,0 +1,13 @@ +{{- if .Values.cosi.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +automountServiceAccountToken: {{ .Values.global.automountServiceAccountToken }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer-cert.yaml b/k8s/charts/seaweedfs/templates/filer-cert.yaml deleted file mode 100644 index 4cb117ae8..000000000 --- a/k8s/charts/seaweedfs/templates/filer-cert.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Certificate -metadata: - name: {{ template "seaweedfs.name" . }}-filer-cert - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer - {{- if .Values.filer.annotations }} - annotations: - {{- toYaml .Values.filer.annotations | nindent 4 }} - {{- end }} -spec: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - issuerRef: - name: {{ template "seaweedfs.name" . }}-ca-issuer - kind: Issuer - commonName: {{ .Values.certificates.commonName }} - subject: - organizations: - - "SeaweedFS CA" - dnsNames: - - '*.{{ .Release.Namespace }}' - - '*.{{ .Release.Namespace }}.svc' - - '*.{{ .Release.Namespace }}.svc.cluster.local' - - '*.{{ template "seaweedfs.name" . }}-master' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' -{{- if .Values.certificates.ipAddresses }} - ipAddresses: - {{- range .Values.certificates.ipAddresses }} - - {{ . }} - {{- end }} -{{- end }} - privateKey: - algorithm: {{ .Values.certificates.keyAlgorithm }} - size: {{ .Values.certificates.keySize }} - duration: {{ .Values.certificates.duration }} - renewBefore: {{ .Values.certificates.renewBefore }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer-ingress.yaml b/k8s/charts/seaweedfs/templates/filer-ingress.yaml deleted file mode 100644 index 7a7c98860..000000000 --- a/k8s/charts/seaweedfs/templates/filer-ingress.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.filer.enabled }} -{{- if .Values.filer.ingress.enabled }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: ingress-{{ template "seaweedfs.name" . }}-filer - namespace: {{ .Release.Namespace }} - {{- with .Values.filer.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer -spec: - ingressClassName: {{ .Values.filer.ingress.className | quote }} - tls: - {{ .Values.filer.ingress.tls | default list | toYaml | nindent 6}} - rules: - - http: - paths: - - path: /sw-filer/?(.*) - pathType: ImplementationSpecific - backend: -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} - service: - name: {{ template "seaweedfs.name" . }}-filer - port: - number: {{ .Values.filer.port }} - #name: -{{- else }} - serviceName: {{ template "seaweedfs.name" . }}-filer - servicePort: {{ .Values.filer.port }} -{{- end }} -{{- if .Values.filer.ingress.host }} - host: {{ .Values.filer.ingress.host }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer-service-client.yaml b/k8s/charts/seaweedfs/templates/filer-service-client.yaml deleted file mode 100644 index 1c32de0ba..000000000 --- a/k8s/charts/seaweedfs/templates/filer-service-client.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.filer.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "seaweedfs.name" . }}-filer-client - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer -{{- if .Values.filer.metricsPort }} - monitoring: "true" -{{- end }} -{{- if .Values.filer.annotations }} - annotations: - {{- toYaml .Values.filer.annotations | nindent 4 }} -{{- end }} -spec: - clusterIP: None - ports: - - name: "swfs-filer" - port: {{ .Values.filer.port }} - targetPort: {{ .Values.filer.port }} - protocol: TCP - - name: "swfs-filer-grpc" - port: {{ .Values.filer.grpcPort }} - targetPort: {{ .Values.filer.grpcPort }} - protocol: TCP -{{- if .Values.filer.metricsPort }} - - name: "metrics" - port: {{ .Values.filer.metricsPort }} - targetPort: {{ .Values.filer.metricsPort }} - protocol: TCP -{{- end }} - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: filer -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer-service.yaml b/k8s/charts/seaweedfs/templates/filer-service.yaml deleted file mode 100644 index 67436972e..000000000 --- a/k8s/charts/seaweedfs/templates/filer-service.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.filer.enabled }} -apiVersion: v1 -kind: Service -metadata: - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" - name: {{ template "seaweedfs.name" . }}-filer - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer -{{- if .Values.filer.annotations }} - annotations: - {{- toYaml .Values.filer.annotations | nindent 4 }} -{{- end }} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "swfs-filer" - port: {{ .Values.filer.port }} - targetPort: {{ .Values.filer.port }} - protocol: TCP - - name: "swfs-filer-grpc" - port: {{ .Values.filer.grpcPort }} - targetPort: {{ .Values.filer.grpcPort }} - protocol: TCP - {{- if .Values.filer.s3.enabled }} - - name: "swfs-s3" - port: {{ .Values.filer.s3.port }} - targetPort: {{ .Values.filer.s3.port }} - protocol: TCP - {{- if .Values.filer.s3.httpsPort }} - - name: "swfs-s3-tls" - port: {{ .Values.filer.s3.httpsPort }} - targetPort: {{ .Values.filer.s3.httpsPort }} - protocol: TCP - {{- end }} - {{- end }} - {{- if .Values.filer.metricsPort }} - - name: "metrics" - port: {{ .Values.filer.metricsPort }} - targetPort: {{ .Values.filer.metricsPort }} - protocol: TCP - {{- end }} - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: filer -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/filer-servicemonitor.yaml deleted file mode 100644 index e26c04b1f..000000000 --- a/k8s/charts/seaweedfs/templates/filer-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.filer.enabled }} -{{- if .Values.filer.metricsPort }} -{{- if .Values.global.monitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "seaweedfs.name" . }}-filer - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer - {{- with .Values.global.monitoring.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.filer.annotations }} - annotations: - {{- toYaml .Values.filer.annotations | nindent 4 }} -{{- end }} -spec: - endpoints: - - interval: 30s - port: metrics - scrapeTimeout: 5s - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: filer -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml b/k8s/charts/seaweedfs/templates/filer-statefulset.yaml deleted file mode 100644 index d2dad0097..000000000 --- a/k8s/charts/seaweedfs/templates/filer-statefulset.yaml +++ /dev/null @@ -1,442 +0,0 @@ -{{- if .Values.filer.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "seaweedfs.name" . }}-filer - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer -{{- if .Values.filer.annotations }} - annotations: - {{- toYaml .Values.filer.annotations | nindent 4 }} -{{- end }} -spec: - serviceName: {{ template "seaweedfs.name" . }}-filer - podManagementPolicy: {{ .Values.filer.podManagementPolicy }} - replicas: {{ .Values.filer.replicas }} - {{- if (gt (int .Values.filer.updatePartition) 0) }} - updateStrategy: - type: RollingUpdate - rollingUpdate: - partition: {{ .Values.filer.updatePartition }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: filer - {{- with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.filer.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{- with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.filer.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- if .Values.filer.s3.existingConfigSecret }} - {{- $configSecret := (lookup "v1" "Secret" .Release.Namespace .Values.filer.s3.existingConfigSecret) | default dict }} - checksum/s3config: {{ $configSecret | toYaml | sha256sum }} - {{- else }} - checksum/s3config: {{ include (print .Template.BasePath "/s3-secret.yaml") . | sha256sum }} - {{- end }} - spec: - restartPolicy: {{ default .Values.global.restartPolicy .Values.filer.restartPolicy }} - {{- if .Values.filer.affinity }} - affinity: - {{ tpl .Values.filer.affinity . | nindent 8 | trim }} - {{- end }} - {{- if .Values.filer.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl .Values.filer.topologySpreadConstraints . | nindent 8 | trim }} - {{- end }} - {{- if .Values.filer.tolerations }} - tolerations: - {{ tpl .Values.filer.tolerations . | nindent 8 | trim }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} - serviceAccountName: {{ .Values.filer.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration - terminationGracePeriodSeconds: 60 - {{- if .Values.filer.priorityClassName }} - priorityClassName: {{ .Values.filer.priorityClassName | quote }} - {{- end }} - enableServiceLinks: false - {{- if .Values.filer.initContainers }} - initContainers: - {{ tpl .Values.filer.initContainers . | nindent 8 | trim }} - {{- end }} - {{- if .Values.filer.podSecurityContext.enabled }} - securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs - image: {{ template "filer.image" . }} - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: WEED_MYSQL_USERNAME - valueFrom: - secretKeyRef: - name: secret-seaweedfs-db - key: user - optional: true - - name: WEED_MYSQL_PASSWORD - valueFrom: - secretKeyRef: - name: secret-seaweedfs-db - key: password - optional: true - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - {{- if .Values.filer.extraEnvironmentVars }} - {{- range $key, $value := .Values.filer.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if .Values.filer.secretExtraEnvironmentVars }} - {{- range $key, $value := .Values.filer.secretExtraEnvironmentVars }} - - name: {{ $key }} - valueFrom: {{ toYaml $value | nindent 16 }} - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-ec" - - | - exec /usr/bin/weed \ - {{- if or (eq .Values.filer.logs.type "hostPath") (eq .Values.filer.logs.type "persistentVolumeClaim") (eq .Values.filer.logs.type "emptyDir") }} - -logdir=/logs \ - {{- else }} - -logtostderr=true \ - {{- end }} - {{- if .Values.filer.loggingOverrideLevel }} - -v={{ .Values.filer.loggingOverrideLevel }} \ - {{- else }} - -v={{ .Values.global.loggingLevel }} \ - {{- end }} - filer \ - -port={{ .Values.filer.port }} \ - {{- if .Values.filer.metricsPort }} - -metricsPort={{ .Values.filer.metricsPort }} \ - {{- end }} - {{- if .Values.filer.metricsIp }} - -metricsIp={{ .Values.filer.metricsIp }} \ - {{- end }} - {{- if .Values.filer.redirectOnRead }} - -redirectOnRead \ - {{- end }} - {{- if .Values.filer.disableHttp }} - -disableHttp \ - {{- end }} - {{- if .Values.filer.disableDirListing }} - -disableDirListing \ - {{- end }} - -dirListLimit={{ .Values.filer.dirListLimit }} \ - {{- if .Values.global.enableReplication }} - -defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ - {{- else }} - -defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ - {{- end }} - {{- if .Values.filer.disableDirListing }} - -disableDirListing \ - {{- end }} - {{- if .Values.filer.maxMB }} - -maxMB={{ .Values.filer.maxMB }} \ - {{- end }} - {{- if .Values.filer.encryptVolumeData }} - -encryptVolumeData \ - {{- end }} - -ip=${POD_IP} \ - -ip.bind={{ .Values.filer.ipBind }} \ - {{- if .Values.filer.filerGroup}} - -filerGroup={{ .Values.filer.filerGroup}} \ - {{- end }} - {{- if .Values.filer.rack }} - -rack={{ .Values.filer.rack }} \ - {{- end }} - {{- if .Values.filer.dataCenter }} - -dataCenter={{ .Values.filer.dataCenter }} \ - {{- end }} - {{- if .Values.filer.s3.enabled }} - -s3 \ - -s3.port={{ .Values.filer.s3.port }} \ - {{- if .Values.filer.s3.domainName }} - -s3.domainName={{ .Values.filer.s3.domainName }} \ - {{- end }} - {{- if .Values.global.enableSecurity }} - {{- if .Values.filer.s3.httpsPort }} - -s3.port.https={{ .Values.filer.s3.httpsPort }} \ - {{- end }} - -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ - -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ - {{- end }} - {{- if eq (typeOf .Values.filer.s3.allowEmptyFolder) "bool" }} - -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \ - {{- end }} - {{- if .Values.filer.s3.enableAuth }} - -s3.config=/etc/sw/seaweedfs_s3_config \ - {{- end }} - {{- if .Values.filer.s3.auditLogConfig }} - -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \ - {{- end }} - {{- end }} - -master={{ if .Values.global.masterServer }}{{.Values.global.masterServer}}{{ else }}{{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} \ - {{- range .Values.filer.extraArgs }} - {{ . }} \ - {{- end }} - volumeMounts: - {{- if (or (eq .Values.filer.logs.type "hostPath") (eq .Values.filer.logs.type "persistentVolumeClaim") (eq .Values.filer.logs.type "emptyDir")) }} - - name: seaweedfs-filer-log-volume - mountPath: "/logs/" - {{- end }} - {{- if .Values.filer.s3.enableAuth }} - - name: config-users - mountPath: /etc/sw - readOnly: true - {{- end }} - {{- if (or .Values.filer.enablePVC (or (eq .Values.filer.data.type "hostPath") (eq .Values.filer.data.type "persistentVolumeClaim") (eq .Values.filer.data.type "emptyDir"))) }} - - name: data-filer - mountPath: /data - {{- end }} - {{- if .Values.filer.notificationConfig }} - - name: notification-config - readOnly: true - mountPath: /etc/seaweedfs/notification.toml - subPath: notification.toml - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - readOnly: true - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - - name: ca-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/ca/ - - name: master-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/master/ - - name: volume-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/volume/ - - name: filer-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/filer/ - - name: client-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/client/ - {{- end }} - {{ tpl .Values.filer.extraVolumeMounts . | nindent 12 | trim }} - ports: - - containerPort: {{ .Values.filer.port }} - name: swfs-filer - - containerPort: {{ .Values.filer.metricsPort }} - name: metrics - - containerPort: {{ .Values.filer.grpcPort }} - #name: swfs-filer-grpc - {{- if .Values.filer.s3.enabled }} - - containerPort: {{ .Values.filer.s3.port }} - name: swfs-s3 - {{- if .Values.filer.s3.httpsPort }} - - containerPort: {{ .Values.filer.s3.httpsPort }} - name: swfs-s3-tls - {{- end }} - {{- end }} - {{- if .Values.filer.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.filer.readinessProbe.httpGet.path }} - port: {{ .Values.filer.port }} - scheme: {{ .Values.filer.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.filer.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.filer.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.filer.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.filer.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.filer.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.filer.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.filer.livenessProbe.httpGet.path }} - port: {{ .Values.filer.port }} - scheme: {{ .Values.filer.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.filer.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.filer.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.filer.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.filer.livenessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.filer.livenessProbe.timeoutSeconds }} - {{- end }} - {{- with .Values.filer.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.filer.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.filer.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.filer.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.filer.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if eq .Values.filer.logs.type "hostPath" }} - - name: seaweedfs-filer-log-volume - hostPath: - path: {{ .Values.filer.logs.hostPathPrefix }}/logs/seaweedfs/filer - type: DirectoryOrCreate - {{- end }} - {{- if eq .Values.filer.logs.type "existingClaim" }} - - name: seaweedfs-filer-log-volume - persistentVolumeClaim: - claimName: {{ .Values.filer.logs.claimName }} - {{- end }} - {{- if eq .Values.filer.logs.type "emptyDir" }} - - name: seaweedfs-filer-log-volume - emptyDir: {} - {{- end }} - {{- if eq .Values.filer.data.type "hostPath" }} - - name: data-filer - hostPath: - path: {{ .Values.filer.data.hostPathPrefix }}/filer_store - type: DirectoryOrCreate - {{- end }} - {{- if eq .Values.filer.data.type "existingClaim" }} - - name: data-filer - persistentVolumeClaim: - claimName: {{ .Values.filer.data.claimName }} - {{- end }} - {{- if eq .Values.filer.data.type "emptyDir" }} - - name: data-filer - emptyDir: {} - {{- end }} - - name: db-schema-config-volume - configMap: - name: seaweedfs-db-init-config - {{- if and .Values.filer.s3.enabled .Values.filer.s3.enableAuth }} - - name: config-users - secret: - defaultMode: 420 - {{- if .Values.filer.s3.existingConfigSecret }} - secretName: {{ .Values.filer.s3.existingConfigSecret }} - {{- else }} - secretName: seaweedfs-s3-secret - {{- end }} - {{- end }} - {{- if .Values.filer.notificationConfig }} - - name: notification-config - configMap: - name: {{ template "seaweedfs.name" . }}-notification-config - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" . }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert - {{- end }} - {{ tpl .Values.filer.extraVolumes . | indent 8 | trim }} - {{- if .Values.filer.nodeSelector }} - nodeSelector: - {{ tpl .Values.filer.nodeSelector . | indent 8 | trim }} - {{- end }} - {{- if and (.Values.filer.enablePVC) (eq .Values.filer.data.type "persistentVolumeClaim") }} - # DEPRECATION: Deprecate in favor of filer.data section below - volumeClaimTemplates: - - metadata: - name: data-filer - spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: {{ .Values.filer.storage }} - {{- if .Values.filer.storageClass }} - storageClassName: {{ .Values.filer.storageClass }} - {{- end }} - {{- end }} - {{- $pvc_exists := include "filer.pvc_exists" . -}} - {{- if $pvc_exists }} - volumeClaimTemplates: - {{- if eq .Values.filer.data.type "persistentVolumeClaim" }} - - metadata: - name: data-filer - {{- with .Values.filer.data.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.filer.data.storageClass }} - resources: - requests: - storage: {{ .Values.filer.data.size }} - {{- end }} - {{- if eq .Values.filer.logs.type "persistentVolumeClaim" }} - - metadata: - name: seaweedfs-filer-log-volume - {{- with .Values.filer.logs.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.filer.logs.storageClass }} - resources: - requests: - storage: {{ .Values.filer.logs.size }} - {{- end }} - {{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer/filer-ingress.yaml b/k8s/charts/seaweedfs/templates/filer/filer-ingress.yaml new file mode 100644 index 000000000..7a7c98860 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/filer/filer-ingress.yaml @@ -0,0 +1,48 @@ +{{- if .Values.filer.enabled }} +{{- if .Values.filer.ingress.enabled }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: ingress-{{ template "seaweedfs.name" . }}-filer + namespace: {{ .Release.Namespace }} + {{- with .Values.filer.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer +spec: + ingressClassName: {{ .Values.filer.ingress.className | quote }} + tls: + {{ .Values.filer.ingress.tls | default list | toYaml | nindent 6}} + rules: + - http: + paths: + - path: /sw-filer/?(.*) + pathType: ImplementationSpecific + backend: +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ template "seaweedfs.name" . }}-filer + port: + number: {{ .Values.filer.port }} + #name: +{{- else }} + serviceName: {{ template "seaweedfs.name" . }}-filer + servicePort: {{ .Values.filer.port }} +{{- end }} +{{- if .Values.filer.ingress.host }} + host: {{ .Values.filer.ingress.host }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer/filer-service-client.yaml b/k8s/charts/seaweedfs/templates/filer/filer-service-client.yaml new file mode 100644 index 000000000..1c32de0ba --- /dev/null +++ b/k8s/charts/seaweedfs/templates/filer/filer-service-client.yaml @@ -0,0 +1,40 @@ +{{- if .Values.filer.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-filer-client + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer +{{- if .Values.filer.metricsPort }} + monitoring: "true" +{{- end }} +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} +spec: + clusterIP: None + ports: + - name: "swfs-filer" + port: {{ .Values.filer.port }} + targetPort: {{ .Values.filer.port }} + protocol: TCP + - name: "swfs-filer-grpc" + port: {{ .Values.filer.grpcPort }} + targetPort: {{ .Values.filer.grpcPort }} + protocol: TCP +{{- if .Values.filer.metricsPort }} + - name: "metrics" + port: {{ .Values.filer.metricsPort }} + targetPort: {{ .Values.filer.metricsPort }} + protocol: TCP +{{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: filer +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer/filer-service.yaml b/k8s/charts/seaweedfs/templates/filer/filer-service.yaml new file mode 100644 index 000000000..67436972e --- /dev/null +++ b/k8s/charts/seaweedfs/templates/filer/filer-service.yaml @@ -0,0 +1,52 @@ +{{- if .Values.filer.enabled }} +apiVersion: v1 +kind: Service +metadata: + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" + name: {{ template "seaweedfs.name" . }}-filer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: "swfs-filer" + port: {{ .Values.filer.port }} + targetPort: {{ .Values.filer.port }} + protocol: TCP + - name: "swfs-filer-grpc" + port: {{ .Values.filer.grpcPort }} + targetPort: {{ .Values.filer.grpcPort }} + protocol: TCP + {{- if .Values.filer.s3.enabled }} + - name: "swfs-s3" + port: {{ .Values.filer.s3.port }} + targetPort: {{ .Values.filer.s3.port }} + protocol: TCP + {{- if .Values.filer.s3.httpsPort }} + - name: "swfs-s3-tls" + port: {{ .Values.filer.s3.httpsPort }} + targetPort: {{ .Values.filer.s3.httpsPort }} + protocol: TCP + {{- end }} + {{- end }} + {{- if .Values.filer.metricsPort }} + - name: "metrics" + port: {{ .Values.filer.metricsPort }} + targetPort: {{ .Values.filer.metricsPort }} + protocol: TCP + {{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: filer +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer/filer-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/filer/filer-servicemonitor.yaml new file mode 100644 index 000000000..e26c04b1f --- /dev/null +++ b/k8s/charts/seaweedfs/templates/filer/filer-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.filer.enabled }} +{{- if .Values.filer.metricsPort }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-filer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: filer +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml b/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml new file mode 100644 index 000000000..5c1a0950b --- /dev/null +++ b/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml @@ -0,0 +1,442 @@ +{{- if .Values.filer.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "seaweedfs.name" . }}-filer + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} +spec: + serviceName: {{ template "seaweedfs.name" . }}-filer + podManagementPolicy: {{ .Values.filer.podManagementPolicy }} + replicas: {{ .Values.filer.replicas }} + {{- if (gt (int .Values.filer.updatePartition) 0) }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + partition: {{ .Values.filer.updatePartition }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: filer + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.filer.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.filer.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.filer.s3.existingConfigSecret }} + {{- $configSecret := (lookup "v1" "Secret" .Release.Namespace .Values.filer.s3.existingConfigSecret) | default dict }} + checksum/s3config: {{ $configSecret | toYaml | sha256sum }} + {{- else }} + checksum/s3config: {{ include (print .Template.BasePath "/s3/s3-secret.yaml") . | sha256sum }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.filer.restartPolicy }} + {{- if .Values.filer.affinity }} + affinity: + {{ tpl .Values.filer.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.filer.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.filer.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} + {{- if .Values.filer.tolerations }} + tolerations: + {{ tpl .Values.filer.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + serviceAccountName: {{ .Values.filer.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration + terminationGracePeriodSeconds: 60 + {{- if .Values.filer.priorityClassName }} + priorityClassName: {{ .Values.filer.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if .Values.filer.initContainers }} + initContainers: + {{ tpl .Values.filer.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.filer.podSecurityContext.enabled }} + securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "filer.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: WEED_MYSQL_USERNAME + valueFrom: + secretKeyRef: + name: secret-seaweedfs-db + key: user + optional: true + - name: WEED_MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: secret-seaweedfs-db + key: password + optional: true + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.filer.extraEnvironmentVars }} + {{- range $key, $value := .Values.filer.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.filer.secretExtraEnvironmentVars }} + {{- range $key, $value := .Values.filer.secretExtraEnvironmentVars }} + - name: {{ $key }} + valueFrom: {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if or (eq .Values.filer.logs.type "hostPath") (eq .Values.filer.logs.type "persistentVolumeClaim") (eq .Values.filer.logs.type "emptyDir") }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if .Values.filer.loggingOverrideLevel }} + -v={{ .Values.filer.loggingOverrideLevel }} \ + {{- else }} + -v={{ .Values.global.loggingLevel }} \ + {{- end }} + filer \ + -port={{ .Values.filer.port }} \ + {{- if .Values.filer.metricsPort }} + -metricsPort={{ .Values.filer.metricsPort }} \ + {{- end }} + {{- if .Values.filer.metricsIp }} + -metricsIp={{ .Values.filer.metricsIp }} \ + {{- end }} + {{- if .Values.filer.redirectOnRead }} + -redirectOnRead \ + {{- end }} + {{- if .Values.filer.disableHttp }} + -disableHttp \ + {{- end }} + {{- if .Values.filer.disableDirListing }} + -disableDirListing \ + {{- end }} + -dirListLimit={{ .Values.filer.dirListLimit }} \ + {{- if .Values.global.enableReplication }} + -defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ + {{- else }} + -defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ + {{- end }} + {{- if .Values.filer.disableDirListing }} + -disableDirListing \ + {{- end }} + {{- if .Values.filer.maxMB }} + -maxMB={{ .Values.filer.maxMB }} \ + {{- end }} + {{- if .Values.filer.encryptVolumeData }} + -encryptVolumeData \ + {{- end }} + -ip=${POD_IP} \ + -ip.bind={{ .Values.filer.ipBind }} \ + {{- if .Values.filer.filerGroup}} + -filerGroup={{ .Values.filer.filerGroup}} \ + {{- end }} + {{- if .Values.filer.rack }} + -rack={{ .Values.filer.rack }} \ + {{- end }} + {{- if .Values.filer.dataCenter }} + -dataCenter={{ .Values.filer.dataCenter }} \ + {{- end }} + {{- if .Values.filer.s3.enabled }} + -s3 \ + -s3.port={{ .Values.filer.s3.port }} \ + {{- if .Values.filer.s3.domainName }} + -s3.domainName={{ .Values.filer.s3.domainName }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + {{- if .Values.filer.s3.httpsPort }} + -s3.port.https={{ .Values.filer.s3.httpsPort }} \ + {{- end }} + -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + {{- if eq (typeOf .Values.filer.s3.allowEmptyFolder) "bool" }} + -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \ + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + -s3.config=/etc/sw/seaweedfs_s3_config \ + {{- end }} + {{- if .Values.filer.s3.auditLogConfig }} + -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \ + {{- end }} + {{- end }} + -master={{ if .Values.global.masterServer }}{{.Values.global.masterServer}}{{ else }}{{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} \ + {{- range .Values.filer.extraArgs }} + {{ . }} \ + {{- end }} + volumeMounts: + {{- if (or (eq .Values.filer.logs.type "hostPath") (eq .Values.filer.logs.type "persistentVolumeClaim") (eq .Values.filer.logs.type "emptyDir")) }} + - name: seaweedfs-filer-log-volume + mountPath: "/logs/" + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + - name: config-users + mountPath: /etc/sw + readOnly: true + {{- end }} + {{- if (or .Values.filer.enablePVC (or (eq .Values.filer.data.type "hostPath") (eq .Values.filer.data.type "persistentVolumeClaim") (eq .Values.filer.data.type "emptyDir"))) }} + - name: data-filer + mountPath: /data + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + readOnly: true + mountPath: /etc/seaweedfs/notification.toml + subPath: notification.toml + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.filer.extraVolumeMounts . | nindent 12 | trim }} + ports: + - containerPort: {{ .Values.filer.port }} + name: swfs-filer + - containerPort: {{ .Values.filer.metricsPort }} + name: metrics + - containerPort: {{ .Values.filer.grpcPort }} + #name: swfs-filer-grpc + {{- if .Values.filer.s3.enabled }} + - containerPort: {{ .Values.filer.s3.port }} + name: swfs-s3 + {{- if .Values.filer.s3.httpsPort }} + - containerPort: {{ .Values.filer.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} + {{- end }} + {{- if .Values.filer.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.filer.readinessProbe.httpGet.path }} + port: {{ .Values.filer.port }} + scheme: {{ .Values.filer.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.filer.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.filer.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.filer.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.filer.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.filer.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.filer.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.filer.livenessProbe.httpGet.path }} + port: {{ .Values.filer.port }} + scheme: {{ .Values.filer.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.filer.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.filer.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.filer.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.filer.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.filer.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.filer.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.filer.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.filer.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.filer.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.filer.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if eq .Values.filer.logs.type "hostPath" }} + - name: seaweedfs-filer-log-volume + hostPath: + path: {{ .Values.filer.logs.hostPathPrefix }}/logs/seaweedfs/filer + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.filer.logs.type "existingClaim" }} + - name: seaweedfs-filer-log-volume + persistentVolumeClaim: + claimName: {{ .Values.filer.logs.claimName }} + {{- end }} + {{- if eq .Values.filer.logs.type "emptyDir" }} + - name: seaweedfs-filer-log-volume + emptyDir: {} + {{- end }} + {{- if eq .Values.filer.data.type "hostPath" }} + - name: data-filer + hostPath: + path: {{ .Values.filer.data.hostPathPrefix }}/filer_store + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.filer.data.type "existingClaim" }} + - name: data-filer + persistentVolumeClaim: + claimName: {{ .Values.filer.data.claimName }} + {{- end }} + {{- if eq .Values.filer.data.type "emptyDir" }} + - name: data-filer + emptyDir: {} + {{- end }} + - name: db-schema-config-volume + configMap: + name: seaweedfs-db-init-config + {{- if and .Values.filer.s3.enabled .Values.filer.s3.enableAuth }} + - name: config-users + secret: + defaultMode: 420 + {{- if .Values.filer.s3.existingConfigSecret }} + secretName: {{ .Values.filer.s3.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-s3-secret + {{- end }} + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + configMap: + name: {{ template "seaweedfs.name" . }}-notification-config + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.filer.extraVolumes . | indent 8 | trim }} + {{- if .Values.filer.nodeSelector }} + nodeSelector: + {{ tpl .Values.filer.nodeSelector . | indent 8 | trim }} + {{- end }} + {{- if and (.Values.filer.enablePVC) (eq .Values.filer.data.type "persistentVolumeClaim") }} + # DEPRECATION: Deprecate in favor of filer.data section below + volumeClaimTemplates: + - metadata: + name: data-filer + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.filer.storage }} + {{- if .Values.filer.storageClass }} + storageClassName: {{ .Values.filer.storageClass }} + {{- end }} + {{- end }} + {{- $pvc_exists := include "filer.pvc_exists" . -}} + {{- if $pvc_exists }} + volumeClaimTemplates: + {{- if eq .Values.filer.data.type "persistentVolumeClaim" }} + - metadata: + name: data-filer + {{- with .Values.filer.data.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.filer.data.storageClass }} + resources: + requests: + storage: {{ .Values.filer.data.size }} + {{- end }} + {{- if eq .Values.filer.logs.type "persistentVolumeClaim" }} + - metadata: + name: seaweedfs-filer-log-volume + {{- with .Values.filer.logs.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.filer.logs.storageClass }} + resources: + requests: + storage: {{ .Values.filer.logs.size }} + {{- end }} + {{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master-cert.yaml b/k8s/charts/seaweedfs/templates/master-cert.yaml deleted file mode 100644 index 256785254..000000000 --- a/k8s/charts/seaweedfs/templates/master-cert.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Certificate -metadata: - name: {{ template "seaweedfs.name" . }}-master-cert - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: master -{{- if .Values.master.annotations }} - annotations: - {{- toYaml .Values.master.annotations | nindent 4 }} -{{- end }} -spec: - secretName: {{ template "seaweedfs.name" . }}-master-cert - issuerRef: - name: {{ template "seaweedfs.name" . }}-ca-issuer - kind: Issuer - commonName: {{ .Values.certificates.commonName }} - subject: - organizations: - - "SeaweedFS CA" - dnsNames: - - '*.{{ .Release.Namespace }}' - - '*.{{ .Release.Namespace }}.svc' - - '*.{{ .Release.Namespace }}.svc.cluster.local' - - '*.{{ template "seaweedfs.name" . }}-master' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' -{{- if .Values.certificates.ipAddresses }} - ipAddresses: - {{- range .Values.certificates.ipAddresses }} - - {{ . }} - {{- end }} -{{- end }} - privateKey: - algorithm: {{ .Values.certificates.keyAlgorithm }} - size: {{ .Values.certificates.keySize }} - duration: {{ .Values.certificates.duration }} - renewBefore: {{ .Values.certificates.renewBefore }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master-configmap.yaml b/k8s/charts/seaweedfs/templates/master-configmap.yaml deleted file mode 100644 index b3d7fe7d9..000000000 --- a/k8s/charts/seaweedfs/templates/master-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if or .Values.master.enabled .Values.allInOne.enabled }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "seaweedfs.name" . }}-master-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.master.annotations }} - annotations: - {{- toYaml .Values.master.annotations | nindent 4 }} -{{- end }} -data: - master.toml: |- - {{ .Values.master.config | nindent 4 }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master-ingress.yaml b/k8s/charts/seaweedfs/templates/master-ingress.yaml deleted file mode 100644 index 62d7f7a50..000000000 --- a/k8s/charts/seaweedfs/templates/master-ingress.yaml +++ /dev/null @@ -1,48 +0,0 @@ -{{- if .Values.master.enabled }} -{{- if .Values.master.ingress.enabled }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: ingress-{{ template "seaweedfs.name" . }}-master - namespace: {{ .Release.Namespace }} - {{- with .Values.master.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: master -spec: - ingressClassName: {{ .Values.master.ingress.className | quote }} - tls: - {{ .Values.master.ingress.tls | default list | toYaml | nindent 6 }} - rules: - - http: - paths: - - path: /sw-master/?(.*) - pathType: ImplementationSpecific - backend: -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} - service: - name: {{ template "seaweedfs.name" . }}-master - port: - number: {{ .Values.master.port }} - #name: -{{- else }} - serviceName: {{ template "seaweedfs.name" . }}-master - servicePort: {{ .Values.master.port }} -{{- end }} -{{- if .Values.filer.ingress.host }} - host: {{ .Values.master.ingress.host }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master-service.yaml b/k8s/charts/seaweedfs/templates/master-service.yaml deleted file mode 100644 index 0086b84c1..000000000 --- a/k8s/charts/seaweedfs/templates/master-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if .Values.master.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "seaweedfs.name" . }}-master - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: master - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - annotations: - service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" -{{- if .Values.master.annotations }} - {{- toYaml .Values.master.annotations | nindent 4 }} -{{- end }} -spec: - clusterIP: None - publishNotReadyAddresses: true - ports: - - name: "swfs-master" - port: {{ .Values.master.port }} - targetPort: {{ .Values.master.port }} - protocol: TCP - - name: "swfs-master-grpc" - port: {{ .Values.master.grpcPort }} - targetPort: {{ .Values.master.grpcPort }} - protocol: TCP - {{- if .Values.master.metricsPort }} - - name: "metrics" - port: {{ .Values.master.metricsPort }} - targetPort: {{ .Values.master.metricsPort }} - protocol: TCP - {{- end }} - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: master -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/master-servicemonitor.yaml deleted file mode 100644 index 7804e84ae..000000000 --- a/k8s/charts/seaweedfs/templates/master-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.master.enabled }} -{{- if .Values.master.metricsPort }} -{{- if .Values.global.monitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "seaweedfs.name" . }}-master - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: master - {{- with .Values.global.monitoring.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.master.annotations }} - annotations: - {{- toYaml .Values.master.annotations | nindent 4 }} -{{- end }} -spec: - endpoints: - - interval: 30s - port: metrics - scrapeTimeout: 5s - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: master -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master-statefulset.yaml b/k8s/charts/seaweedfs/templates/master-statefulset.yaml deleted file mode 100644 index 01387fc91..000000000 --- a/k8s/charts/seaweedfs/templates/master-statefulset.yaml +++ /dev/null @@ -1,358 +0,0 @@ -{{- if .Values.master.enabled }} -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "seaweedfs.name" . }}-master - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: master -{{- if .Values.master.annotations }} - annotations: - {{- toYaml .Values.master.annotations | nindent 4 }} -{{- end }} -spec: - serviceName: {{ template "seaweedfs.name" . }}-master - podManagementPolicy: {{ .Values.master.podManagementPolicy }} - replicas: {{ .Values.master.replicas }} - {{- if (gt (int .Values.master.updatePartition) 0) }} - updateStrategy: - type: RollingUpdate - rollingUpdate: - partition: {{ .Values.master.updatePartition }} - {{- end }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: master - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: master - {{ with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{ with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.master.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: {{ default .Values.global.restartPolicy .Values.master.restartPolicy }} - {{- if .Values.master.affinity }} - affinity: - {{ tpl .Values.master.affinity . | nindent 8 | trim }} - {{- end }} - {{- if .Values.master.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl .Values.master.topologySpreadConstraints . | nindent 8 | trim }} - {{- end }} - {{- if .Values.master.tolerations }} - tolerations: - {{ tpl .Values.master.tolerations . | nindent 8 | trim }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} - terminationGracePeriodSeconds: 60 - {{- if .Values.master.priorityClassName }} - priorityClassName: {{ .Values.master.priorityClassName | quote }} - {{- end }} - enableServiceLinks: false - {{- if .Values.global.createClusterRole }} - serviceAccountName: {{ .Values.master.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration - {{- end }} - {{- if .Values.master.initContainers }} - initContainers: - {{ tpl .Values.master.initContainers . | nindent 8 | trim }} - {{- end }} - {{- if .Values.master.podSecurityContext.enabled }} - securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs - image: {{ template "master.image" . }} - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - {{- if .Values.master.extraEnvironmentVars }} - {{- range $key, $value := .Values.master.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-ec" - - | - exec /usr/bin/weed \ - {{- if or (eq .Values.master.logs.type "hostPath") (eq .Values.master.logs.type "persistentVolumeClaim") (eq .Values.master.logs.type "emptyDir") }} - -logdir=/logs \ - {{- else }} - -logtostderr=true \ - {{- end }} - {{- if .Values.master.loggingOverrideLevel }} - -v={{ .Values.master.loggingOverrideLevel }} \ - {{- else }} - -v={{ .Values.global.loggingLevel }} \ - {{- end }} - master \ - -port={{ .Values.master.port }} \ - -mdir=/data \ - -ip.bind={{ .Values.master.ipBind }} \ - {{- if .Values.global.enableReplication }} - -defaultReplication={{ .Values.global.replicationPlacement }} \ - {{- else }} - -defaultReplication={{ .Values.master.defaultReplication }} \ - {{- end }} - {{- if .Values.master.volumePreallocate }} - -volumePreallocate \ - {{- end }} - {{- if .Values.global.monitoring.enabled }} - {{- if and .Values.global.monitoring.gatewayHost .Values.global.monitoring.gatewayPort }} - -metrics.address="{{ .Values.global.monitoring.gatewayHost }}:{{ .Values.global.monitoring.gatewayPort }}" \ - {{- if .Values.master.metricsIntervalSec }} - -metrics.intervalSeconds={{ .Values.master.metricsIntervalSec }} \ - {{- end }} - {{- end }} - {{- end }} - {{- if .Values.master.metricsPort }} - -metricsPort={{ .Values.master.metricsPort }} \ - {{- end }} - {{- if .Values.master.metricsIp }} - -metricsIp={{ .Values.master.metricsIp }} \ - {{- end }} - -volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ - {{- if .Values.master.disableHttp }} - -disableHttp \ - {{- end }} - {{- if .Values.master.resumeState }} - -resumeState \ - {{- end }} - {{- if .Values.master.raftHashicorp }} - -raftHashicorp \ - {{- end }} - {{- if .Values.master.raftBootstrap }} - -raftBootstrap \ - {{- end }} - {{- if .Values.master.electionTimeout }} - -electionTimeout={{ .Values.master.electionTimeout }} \ - {{- end }} - {{- if .Values.master.heartbeatInterval }} - -heartbeatInterval={{ .Values.master.heartbeatInterval }} \ - {{- end }} - {{- if .Values.master.garbageThreshold }} - -garbageThreshold={{ .Values.master.garbageThreshold }} \ - {{- end }} - -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-master.{{ .Release.Namespace }} \ - -peers={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} \ - {{- range .Values.master.extraArgs }} - {{ . }} \ - {{- end }} - volumeMounts: - - name : data-{{ .Release.Namespace }} - mountPath: /data - {{- if or (eq .Values.master.logs.type "hostPath") (eq .Values.master.logs.type "persistentVolumeClaim") (eq .Values.master.logs.type "emptyDir") }} - - name: seaweedfs-master-log-volume - mountPath: "/logs/" - {{- end }} - - name: master-config - readOnly: true - mountPath: /etc/seaweedfs/master.toml - subPath: master.toml - {{- if .Values.global.enableSecurity }} - - name: security-config - readOnly: true - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - - name: ca-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/ca/ - - name: master-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/master/ - - name: volume-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/volume/ - - name: filer-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/filer/ - - name: client-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/client/ - {{- end }} - {{ tpl .Values.master.extraVolumeMounts . | nindent 12 | trim }} - ports: - - containerPort: {{ .Values.master.port }} - name: swfs-master - {{- if and .Values.global.monitoring.enabled .Values.master.metricsPort }} - - containerPort: {{ .Values.master.metricsPort }} - name: metrics - {{- end }} - - containerPort: {{ .Values.master.grpcPort }} - #name: swfs-master-grpc - {{- if .Values.master.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.master.readinessProbe.httpGet.path }} - port: {{ .Values.master.port }} - scheme: {{ .Values.master.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.master.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.master.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.master.livenessProbe.httpGet.path }} - port: {{ .Values.master.port }} - scheme: {{ .Values.master.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.master.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }} - {{- end }} - {{- with .Values.master.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.master.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.master.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if eq .Values.master.logs.type "hostPath" }} - - name: seaweedfs-master-log-volume - hostPath: - path: {{ .Values.master.logs.hostPathPrefix }}/logs/seaweedfs/master - type: DirectoryOrCreate - {{- end }} - {{- if eq .Values.master.logs.type "existingClaim" }} - - name: seaweedfs-master-log-volume - persistentVolumeClaim: - claimName: {{ .Values.master.logs.claimName }} - {{- end }} - {{- if eq .Values.master.logs.type "emptyDir" }} - - name: seaweedfs-master-log-volume - emptyDir: {} - {{- end }} - {{- if eq .Values.master.data.type "hostPath" }} - - name: data-{{ .Release.Namespace }} - hostPath: - path: {{ .Values.master.data.hostPathPrefix }}/seaweed-master/ - type: DirectoryOrCreate - {{- end }} - {{- if eq .Values.master.data.type "existingClaim" }} - - name: data-{{ .Release.Namespace }} - persistentVolumeClaim: - claimName: {{ .Values.master.data.claimName }} - {{- end }} - {{- if eq .Values.master.data.type "emptyDir" }} - - name: data-{{ .Release.Namespace }} - emptyDir: {} - {{- end }} - - name: master-config - configMap: - name: {{ template "seaweedfs.name" . }}-master-config - {{- if .Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" . }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert - {{- end }} - {{ tpl .Values.master.extraVolumes . | indent 8 | trim }} - {{- if .Values.master.nodeSelector }} - nodeSelector: - {{ tpl .Values.master.nodeSelector . | indent 8 | trim }} - {{- end }} - {{- $pvc_exists := include "master.pvc_exists" . -}} - {{- if $pvc_exists }} - volumeClaimTemplates: - {{- if eq .Values.master.data.type "persistentVolumeClaim"}} - - metadata: - name: data-{{ .Release.Namespace }} - {{- with .Values.master.data.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.master.data.storageClass }} - resources: - requests: - storage: {{ .Values.master.data.size }} - {{- end }} - {{- if eq .Values.master.logs.type "persistentVolumeClaim"}} - - metadata: - name: seaweedfs-master-log-volume - {{- with .Values.master.logs.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ .Values.master.logs.storageClass }} - resources: - requests: - storage: {{ .Values.master.logs.size }} - {{- end }} - {{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master/master-configmap.yaml b/k8s/charts/seaweedfs/templates/master/master-configmap.yaml new file mode 100644 index 000000000..b3d7fe7d9 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/master/master-configmap.yaml @@ -0,0 +1,19 @@ +{{- if or .Values.master.enabled .Values.allInOne.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "seaweedfs.name" . }}-master-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} +data: + master.toml: |- + {{ .Values.master.config | nindent 4 }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master/master-ingress.yaml b/k8s/charts/seaweedfs/templates/master/master-ingress.yaml new file mode 100644 index 000000000..62d7f7a50 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/master/master-ingress.yaml @@ -0,0 +1,48 @@ +{{- if .Values.master.enabled }} +{{- if .Values.master.ingress.enabled }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: ingress-{{ template "seaweedfs.name" . }}-master + namespace: {{ .Release.Namespace }} + {{- with .Values.master.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master +spec: + ingressClassName: {{ .Values.master.ingress.className | quote }} + tls: + {{ .Values.master.ingress.tls | default list | toYaml | nindent 6 }} + rules: + - http: + paths: + - path: /sw-master/?(.*) + pathType: ImplementationSpecific + backend: +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ template "seaweedfs.name" . }}-master + port: + number: {{ .Values.master.port }} + #name: +{{- else }} + serviceName: {{ template "seaweedfs.name" . }}-master + servicePort: {{ .Values.master.port }} +{{- end }} +{{- if .Values.filer.ingress.host }} + host: {{ .Values.master.ingress.host }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master/master-service.yaml b/k8s/charts/seaweedfs/templates/master/master-service.yaml new file mode 100644 index 000000000..0086b84c1 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/master/master-service.yaml @@ -0,0 +1,38 @@ +{{- if .Values.master.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-master + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: master + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" +{{- if .Values.master.annotations }} + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + - name: "swfs-master" + port: {{ .Values.master.port }} + targetPort: {{ .Values.master.port }} + protocol: TCP + - name: "swfs-master-grpc" + port: {{ .Values.master.grpcPort }} + targetPort: {{ .Values.master.grpcPort }} + protocol: TCP + {{- if .Values.master.metricsPort }} + - name: "metrics" + port: {{ .Values.master.metricsPort }} + targetPort: {{ .Values.master.metricsPort }} + protocol: TCP + {{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: master +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master/master-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/master/master-servicemonitor.yaml new file mode 100644 index 000000000..7804e84ae --- /dev/null +++ b/k8s/charts/seaweedfs/templates/master/master-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.master.enabled }} +{{- if .Values.master.metricsPort }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-master + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: master +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/master/master-statefulset.yaml b/k8s/charts/seaweedfs/templates/master/master-statefulset.yaml new file mode 100644 index 000000000..01387fc91 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/master/master-statefulset.yaml @@ -0,0 +1,358 @@ +{{- if .Values.master.enabled }} +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "seaweedfs.name" . }}-master + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} +spec: + serviceName: {{ template "seaweedfs.name" . }}-master + podManagementPolicy: {{ .Values.master.podManagementPolicy }} + replicas: {{ .Values.master.replicas }} + {{- if (gt (int .Values.master.updatePartition) 0) }} + updateStrategy: + type: RollingUpdate + rollingUpdate: + partition: {{ .Values.master.updatePartition }} + {{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master + {{ with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.master.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.master.restartPolicy }} + {{- if .Values.master.affinity }} + affinity: + {{ tpl .Values.master.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.master.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.master.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} + {{- if .Values.master.tolerations }} + tolerations: + {{ tpl .Values.master.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 60 + {{- if .Values.master.priorityClassName }} + priorityClassName: {{ .Values.master.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if .Values.global.createClusterRole }} + serviceAccountName: {{ .Values.master.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration + {{- end }} + {{- if .Values.master.initContainers }} + initContainers: + {{ tpl .Values.master.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.master.podSecurityContext.enabled }} + securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "master.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.master.extraEnvironmentVars }} + {{- range $key, $value := .Values.master.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if or (eq .Values.master.logs.type "hostPath") (eq .Values.master.logs.type "persistentVolumeClaim") (eq .Values.master.logs.type "emptyDir") }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if .Values.master.loggingOverrideLevel }} + -v={{ .Values.master.loggingOverrideLevel }} \ + {{- else }} + -v={{ .Values.global.loggingLevel }} \ + {{- end }} + master \ + -port={{ .Values.master.port }} \ + -mdir=/data \ + -ip.bind={{ .Values.master.ipBind }} \ + {{- if .Values.global.enableReplication }} + -defaultReplication={{ .Values.global.replicationPlacement }} \ + {{- else }} + -defaultReplication={{ .Values.master.defaultReplication }} \ + {{- end }} + {{- if .Values.master.volumePreallocate }} + -volumePreallocate \ + {{- end }} + {{- if .Values.global.monitoring.enabled }} + {{- if and .Values.global.monitoring.gatewayHost .Values.global.monitoring.gatewayPort }} + -metrics.address="{{ .Values.global.monitoring.gatewayHost }}:{{ .Values.global.monitoring.gatewayPort }}" \ + {{- if .Values.master.metricsIntervalSec }} + -metrics.intervalSeconds={{ .Values.master.metricsIntervalSec }} \ + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.master.metricsPort }} + -metricsPort={{ .Values.master.metricsPort }} \ + {{- end }} + {{- if .Values.master.metricsIp }} + -metricsIp={{ .Values.master.metricsIp }} \ + {{- end }} + -volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ + {{- if .Values.master.disableHttp }} + -disableHttp \ + {{- end }} + {{- if .Values.master.resumeState }} + -resumeState \ + {{- end }} + {{- if .Values.master.raftHashicorp }} + -raftHashicorp \ + {{- end }} + {{- if .Values.master.raftBootstrap }} + -raftBootstrap \ + {{- end }} + {{- if .Values.master.electionTimeout }} + -electionTimeout={{ .Values.master.electionTimeout }} \ + {{- end }} + {{- if .Values.master.heartbeatInterval }} + -heartbeatInterval={{ .Values.master.heartbeatInterval }} \ + {{- end }} + {{- if .Values.master.garbageThreshold }} + -garbageThreshold={{ .Values.master.garbageThreshold }} \ + {{- end }} + -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-master.{{ .Release.Namespace }} \ + -peers={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} \ + {{- range .Values.master.extraArgs }} + {{ . }} \ + {{- end }} + volumeMounts: + - name : data-{{ .Release.Namespace }} + mountPath: /data + {{- if or (eq .Values.master.logs.type "hostPath") (eq .Values.master.logs.type "persistentVolumeClaim") (eq .Values.master.logs.type "emptyDir") }} + - name: seaweedfs-master-log-volume + mountPath: "/logs/" + {{- end }} + - name: master-config + readOnly: true + mountPath: /etc/seaweedfs/master.toml + subPath: master.toml + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.master.extraVolumeMounts . | nindent 12 | trim }} + ports: + - containerPort: {{ .Values.master.port }} + name: swfs-master + {{- if and .Values.global.monitoring.enabled .Values.master.metricsPort }} + - containerPort: {{ .Values.master.metricsPort }} + name: metrics + {{- end }} + - containerPort: {{ .Values.master.grpcPort }} + #name: swfs-master-grpc + {{- if .Values.master.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.master.readinessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.master.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.master.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.master.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.master.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.master.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.master.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.master.livenessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.master.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.master.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.master.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.master.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.master.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.master.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.master.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.master.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.master.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.master.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.master.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if eq .Values.master.logs.type "hostPath" }} + - name: seaweedfs-master-log-volume + hostPath: + path: {{ .Values.master.logs.hostPathPrefix }}/logs/seaweedfs/master + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.master.logs.type "existingClaim" }} + - name: seaweedfs-master-log-volume + persistentVolumeClaim: + claimName: {{ .Values.master.logs.claimName }} + {{- end }} + {{- if eq .Values.master.logs.type "emptyDir" }} + - name: seaweedfs-master-log-volume + emptyDir: {} + {{- end }} + {{- if eq .Values.master.data.type "hostPath" }} + - name: data-{{ .Release.Namespace }} + hostPath: + path: {{ .Values.master.data.hostPathPrefix }}/seaweed-master/ + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.master.data.type "existingClaim" }} + - name: data-{{ .Release.Namespace }} + persistentVolumeClaim: + claimName: {{ .Values.master.data.claimName }} + {{- end }} + {{- if eq .Values.master.data.type "emptyDir" }} + - name: data-{{ .Release.Namespace }} + emptyDir: {} + {{- end }} + - name: master-config + configMap: + name: {{ template "seaweedfs.name" . }}-master-config + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.master.extraVolumes . | indent 8 | trim }} + {{- if .Values.master.nodeSelector }} + nodeSelector: + {{ tpl .Values.master.nodeSelector . | indent 8 | trim }} + {{- end }} + {{- $pvc_exists := include "master.pvc_exists" . -}} + {{- if $pvc_exists }} + volumeClaimTemplates: + {{- if eq .Values.master.data.type "persistentVolumeClaim"}} + - metadata: + name: data-{{ .Release.Namespace }} + {{- with .Values.master.data.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.master.data.storageClass }} + resources: + requests: + storage: {{ .Values.master.data.size }} + {{- end }} + {{- if eq .Values.master.logs.type "persistentVolumeClaim"}} + - metadata: + name: seaweedfs-master-log-volume + {{- with .Values.master.logs.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ .Values.master.logs.storageClass }} + resources: + requests: + storage: {{ .Values.master.logs.size }} + {{- end }} + {{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/notification-configmap.yaml b/k8s/charts/seaweedfs/templates/notification-configmap.yaml deleted file mode 100644 index c638c8771..000000000 --- a/k8s/charts/seaweedfs/templates/notification-configmap.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if and .Values.filer.enabled .Values.filer.notificationConfig }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "seaweedfs.name" . }}-notification-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -{{- if .Values.filer.annotations }} - annotations: - {{- toYaml .Values.filer.annotations | nindent 4 }} -{{- end }} -data: - notification.toml: |- - {{ .Values.filer.notificationConfig | nindent 4 }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/post-install-bucket-hook.yaml b/k8s/charts/seaweedfs/templates/post-install-bucket-hook.yaml deleted file mode 100644 index 44d650898..000000000 --- a/k8s/charts/seaweedfs/templates/post-install-bucket-hook.yaml +++ /dev/null @@ -1,122 +0,0 @@ -{{- if .Values.master.enabled }} -{{- if .Values.filer.s3.enabled }} -{{- if .Values.filer.s3.createBuckets }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ $.Release.Name }}-bucket-hook" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ .Release.Name }}" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - spec: - restartPolicy: Never - {{- if .Values.filer.podSecurityContext.enabled }} - securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: post-install-job - image: {{ template "master.image" . }} - env: - - name: WEED_CLUSTER_DEFAULT - value: "sw" - - name: WEED_CLUSTER_SW_MASTER - value: "{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}:{{ .Values.master.port }}" - - name: WEED_CLUSTER_SW_FILER - value: "{{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }}" - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - command: - - "/bin/sh" - - "-ec" - - | - wait_for_service() { - local url=$1 - local max_attempts=60 # 5 minutes total (5s * 60) - local attempt=1 - - echo "Waiting for service at $url..." - while [ $attempt -le $max_attempts ]; do - if wget -q --spider "$url" >/dev/null 2>&1; then - echo "Service at $url is up!" - return 0 - fi - echo "Attempt $attempt: Service not ready yet, retrying in 5s..." - sleep 5 - attempt=$((attempt + 1)) - done - echo "Service at $url failed to become ready within 5 minutes" - exit 1 - } - wait_for_service "http://$WEED_CLUSTER_SW_MASTER{{ .Values.master.readinessProbe.httpGet.path }}" - wait_for_service "http://$WEED_CLUSTER_SW_FILER{{ .Values.filer.readinessProbe.httpGet.path }}" - {{- range $reg, $props := $.Values.filer.s3.createBuckets }} - exec /bin/echo \ - "s3.bucket.create --name {{ $props.name }}" |\ - /usr/bin/weed shell - {{- end }} - {{- range $reg, $props := $.Values.filer.s3.createBuckets }} - {{- if $props.anonymousRead }} - exec /bin/echo \ - "s3.configure --user anonymous \ - --buckets {{ $props.name }} \ - --actions Read \ - --apply true" |\ - /usr/bin/weed shell - {{- end }} - {{- end }} - {{- if .Values.filer.s3.enableAuth }} - volumeMounts: - - name: config-users - mountPath: /etc/sw - readOnly: true - {{- end }} - ports: - - containerPort: {{ .Values.master.port }} - name: swfs-master - {{- if and .Values.global.monitoring.enabled .Values.master.metricsPort }} - - containerPort: {{ .Values.master.metricsPort }} - name: metrics - {{- end }} - - containerPort: {{ .Values.master.grpcPort }} - #name: swfs-master-grpc - {{- if .Values.filer.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.filer.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.filer.s3.enableAuth }} - volumes: - - name: config-users - secret: - defaultMode: 420 - {{- if not (empty .Values.filer.s3.existingConfigSecret) }} - secretName: {{ .Values.filer.s3.existingConfigSecret }} - {{- else }} - secretName: seaweedfs-s3-secret - {{- end }} - {{- end }}{{/** if .Values.filer.s3.enableAuth **/}} -{{- end }}{{/** if .Values.master.enabled **/}} -{{- end }}{{/** if .Values.filer.s3.enabled **/}} -{{- end }}{{/** if .Values.filer.s3.createBuckets **/}} diff --git a/k8s/charts/seaweedfs/templates/s3-deployment.yaml b/k8s/charts/seaweedfs/templates/s3-deployment.yaml deleted file mode 100644 index d710fecbc..000000000 --- a/k8s/charts/seaweedfs/templates/s3-deployment.yaml +++ /dev/null @@ -1,279 +0,0 @@ -{{- if .Values.s3.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "seaweedfs.name" . }}-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: s3 -{{- if .Values.s3.annotations }} - annotations: - {{- toYaml .Values.s3.annotations | nindent 4 }} -{{- end }} -spec: - replicas: {{ .Values.s3.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: s3 - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: s3 - {{ with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.s3.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{ with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.s3.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: {{ default .Values.global.restartPolicy .Values.s3.restartPolicy }} - {{- if .Values.s3.affinity }} - affinity: - {{ tpl .Values.s3.affinity . | nindent 8 | trim }} - {{- end }} - {{- if .Values.s3.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl .Values.s3.topologySpreadConstraints . | nindent 8 | trim }} - {{- end }} - {{- if .Values.s3.tolerations }} - tolerations: - {{ tpl .Values.s3.tolerations . | nindent 8 | trim }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} - terminationGracePeriodSeconds: 10 - {{- if .Values.s3.priorityClassName }} - priorityClassName: {{ .Values.s3.priorityClassName | quote }} - {{- end }} - enableServiceLinks: false - {{- if .Values.s3.serviceAccountName }} - serviceAccountName: {{ .Values.s3.serviceAccountName | quote }} - {{- end }} - {{- if .Values.s3.initContainers }} - initContainers: - {{ tpl .Values.s3.initContainers . | nindent 8 | trim }} - {{- end }} - {{- if .Values.s3.podSecurityContext.enabled }} - securityContext: {{- omit .Values.s3.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs - image: {{ template "s3.image" . }} - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - {{- if .Values.s3.extraEnvironmentVars }} - {{- range $key, $value := .Values.s3.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-ec" - - | - exec /usr/bin/weed \ - {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }} - -logdir=/logs \ - {{- else }} - -logtostderr=true \ - {{- end }} - {{- if .Values.s3.loggingOverrideLevel }} - -v={{ .Values.s3.loggingOverrideLevel }} \ - {{- else }} - -v={{ .Values.global.loggingLevel }} \ - {{- end }} - s3 \ - -ip.bind={{ .Values.s3.bindAddress }} \ - -port={{ .Values.s3.port }} \ - {{- if .Values.s3.metricsPort }} - -metricsPort {{ .Values.s3.metricsPort }} \ - {{- end }} - {{- if .Values.global.enableSecurity }} - {{- if .Values.s3.httpsPort }} - -port.https={{ .Values.s3.httpsPort }} \ - {{- end }} - -cert.file=/usr/local/share/ca-certificates/client/tls.crt \ - -key.file=/usr/local/share/ca-certificates/client/tls.key \ - {{- end }} - {{- if .Values.s3.domainName }} - -domainName={{ .Values.s3.domainName }} \ - {{- end }} - {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} - -allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ - {{- end }} - {{- if .Values.s3.enableAuth }} - -config=/etc/sw/seaweedfs_s3_config \ - {{- end }} - {{- if .Values.s3.auditLogConfig }} - -auditLogConfig=/etc/sw/s3_auditLogConfig.json \ - {{- end }} - -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} - volumeMounts: - {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }} - - name: logs - mountPath: "/logs/" - {{- end }} - {{- if .Values.s3.enableAuth }} - - mountPath: /etc/sw - name: config-users - readOnly: true - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - readOnly: true - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - - name: ca-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/ca/ - - name: master-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/master/ - - name: volume-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/volume/ - - name: filer-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/filer/ - - name: client-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/client/ - {{- end }} - {{ tpl .Values.s3.extraVolumeMounts . | nindent 12 | trim }} - ports: - - containerPort: {{ .Values.s3.port }} - name: swfs-s3 - {{- if .Values.s3.httpsPort }} - - containerPort: {{ .Values.s3.httpsPort }} - name: swfs-s3-tls - {{- end }} - {{- if .Values.s3.metricsPort }} - - containerPort: {{ .Values.s3.metricsPort }} - name: metrics - {{- end }} - {{- if .Values.s3.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ .Values.s3.readinessProbe.httpGet.path }} - port: {{ .Values.s3.port }} - scheme: {{ .Values.s3.readinessProbe.scheme }} - initialDelaySeconds: {{ .Values.s3.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.s3.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.s3.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.s3.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.s3.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.s3.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ .Values.s3.livenessProbe.httpGet.path }} - port: {{ .Values.s3.port }} - scheme: {{ .Values.s3.livenessProbe.scheme }} - initialDelaySeconds: {{ .Values.s3.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.s3.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.s3.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.s3.livenessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.s3.livenessProbe.timeoutSeconds }} - {{- end }} - {{- with .Values.s3.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.s3.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.s3.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.s3.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.s3.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.s3.enableAuth }} - - name: config-users - secret: - defaultMode: 420 - {{- if .Values.s3.existingConfigSecret }} - secretName: {{ .Values.s3.existingConfigSecret }} - {{- else }} - secretName: seaweedfs-s3-secret - {{- end }} - {{- end }} - {{- if eq .Values.s3.logs.type "hostPath" }} - - name: logs - hostPath: - path: {{ .Values.s3.logs.hostPathPrefix }}/logs/seaweedfs/s3 - type: DirectoryOrCreate - {{- end }} - {{- if eq .Values.s3.logs.type "emptyDir" }} - - name: logs - emptyDir: {} - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" . }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert - {{- end }} - {{ tpl .Values.s3.extraVolumes . | indent 8 | trim }} - {{- if .Values.s3.nodeSelector }} - nodeSelector: - {{ tpl .Values.s3.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3-ingress.yaml b/k8s/charts/seaweedfs/templates/s3-ingress.yaml deleted file mode 100644 index 7b279793b..000000000 --- a/k8s/charts/seaweedfs/templates/s3-ingress.yaml +++ /dev/null @@ -1,46 +0,0 @@ -{{- if .Values.s3.ingress.enabled }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} -apiVersion: networking.k8s.io/v1beta1 -{{- else }} -apiVersion: extensions/v1beta1 -{{- end }} -kind: Ingress -metadata: - name: ingress-{{ template "seaweedfs.name" . }}-s3 - namespace: {{ .Release.Namespace }} - {{- with .Values.s3.ingress.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: s3 -spec: - ingressClassName: {{ .Values.s3.ingress.className | quote }} - tls: - {{ .Values.s3.ingress.tls | default list | toYaml | nindent 6}} - rules: - - http: - paths: - - path: / - pathType: ImplementationSpecific - backend: -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} - service: - name: {{ template "seaweedfs.name" . }}-s3 - port: - number: {{ .Values.s3.port }} - #name: -{{- else }} - serviceName: {{ template "seaweedfs.name" . }}-s3 - servicePort: {{ .Values.s3.port }} -{{- end }} -{{- if .Values.s3.ingress.host }} - host: {{ .Values.s3.ingress.host }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3-secret.yaml b/k8s/charts/seaweedfs/templates/s3-secret.yaml deleted file mode 100644 index 587ea77c4..000000000 --- a/k8s/charts/seaweedfs/templates/s3-secret.yaml +++ /dev/null @@ -1,35 +0,0 @@ -{{- if or (and (or .Values.s3.enabled .Values.allInOne.enabled) .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) }} -{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_access_key_id" "length" 20) -}} -{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_secret_access_key" "length" 40) -}} -{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_access_key_id" "length" 20) -}} -{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_secret_access_key" "length" 40) -}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: seaweedfs-s3-secret - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "pre-install,pre-upgrade" - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: s3 -stringData: - admin_access_key_id: {{ $access_key_admin }} - admin_secret_access_key: {{ $secret_key_admin }} - read_access_key_id: {{ $access_key_read }} - read_secret_access_key: {{ $secret_key_read }} - seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}' - {{- if .Values.filer.s3.auditLogConfig }} - filer_s3_auditLogConfig.json: | - {{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }} - {{- end }} - {{- if .Values.s3.auditLogConfig }} - s3_auditLogConfig.json: | - {{ toJson .Values.s3.auditLogConfig | nindent 4 }} - {{- end }} -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/s3-service.yaml b/k8s/charts/seaweedfs/templates/s3-service.yaml deleted file mode 100644 index 8afd48654..000000000 --- a/k8s/charts/seaweedfs/templates/s3-service.yaml +++ /dev/null @@ -1,38 +0,0 @@ -{{- if or .Values.s3.enabled .Values.filer.s3.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "seaweedfs.name" . }}-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: s3 - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.s3.annotations }} - annotations: - {{- toYaml .Values.s3.annotations | nindent 4 }} -{{- end }} -spec: - internalTrafficPolicy: {{ .Values.s3.internalTrafficPolicy | default "Cluster" }} - ports: - - name: "swfs-s3" - port: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} - targetPort: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} - protocol: TCP -{{- if and .Values.s3.enabled .Values.s3.httpsPort }} - - name: "swfs-s3-tls" - port: {{ .Values.s3.httpsPort }} - targetPort: {{ .Values.s3.httpsPort }} - protocol: TCP -{{- end }} -{{- if and .Values.s3.enabled .Values.s3.metricsPort }} - - name: "metrics" - port: {{ .Values.s3.metricsPort }} - targetPort: {{ .Values.s3.metricsPort }} - protocol: TCP -{{- end }} - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: {{ if .Values.s3.enabled }}s3{{ else }}filer{{ end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/s3-servicemonitor.yaml deleted file mode 100644 index 348255912..000000000 --- a/k8s/charts/seaweedfs/templates/s3-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or .Values.s3.enabled .Values.filer.s3.enabled }} -{{- if .Values.s3.metricsPort }} -{{- if .Values.global.monitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "seaweedfs.name" . }}-s3 - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: s3 - {{- with .Values.global.monitoring.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.s3.annotations }} - annotations: - {{- toYaml .Values.s3.annotations | nindent 4 }} -{{- end }} -spec: - endpoints: - - interval: 30s - port: metrics - scrapeTimeout: 5s - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: s3 -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml b/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml new file mode 100644 index 000000000..d710fecbc --- /dev/null +++ b/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml @@ -0,0 +1,279 @@ +{{- if .Values.s3.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-s3 + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 +{{- if .Values.s3.annotations }} + annotations: + {{- toYaml .Values.s3.annotations | nindent 4 }} +{{- end }} +spec: + replicas: {{ .Values.s3.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 + {{ with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.s3.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.s3.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.s3.restartPolicy }} + {{- if .Values.s3.affinity }} + affinity: + {{ tpl .Values.s3.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.s3.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.s3.topologySpreadConstraints . | nindent 8 | trim }} + {{- end }} + {{- if .Values.s3.tolerations }} + tolerations: + {{ tpl .Values.s3.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 10 + {{- if .Values.s3.priorityClassName }} + priorityClassName: {{ .Values.s3.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if .Values.s3.serviceAccountName }} + serviceAccountName: {{ .Values.s3.serviceAccountName | quote }} + {{- end }} + {{- if .Values.s3.initContainers }} + initContainers: + {{ tpl .Values.s3.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.s3.podSecurityContext.enabled }} + securityContext: {{- omit .Values.s3.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "s3.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.s3.extraEnvironmentVars }} + {{- range $key, $value := .Values.s3.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if .Values.s3.loggingOverrideLevel }} + -v={{ .Values.s3.loggingOverrideLevel }} \ + {{- else }} + -v={{ .Values.global.loggingLevel }} \ + {{- end }} + s3 \ + -ip.bind={{ .Values.s3.bindAddress }} \ + -port={{ .Values.s3.port }} \ + {{- if .Values.s3.metricsPort }} + -metricsPort {{ .Values.s3.metricsPort }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + {{- if .Values.s3.httpsPort }} + -port.https={{ .Values.s3.httpsPort }} \ + {{- end }} + -cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + {{- if .Values.s3.domainName }} + -domainName={{ .Values.s3.domainName }} \ + {{- end }} + {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} + -allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ + {{- end }} + {{- if .Values.s3.enableAuth }} + -config=/etc/sw/seaweedfs_s3_config \ + {{- end }} + {{- if .Values.s3.auditLogConfig }} + -auditLogConfig=/etc/sw/s3_auditLogConfig.json \ + {{- end }} + -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} + volumeMounts: + {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }} + - name: logs + mountPath: "/logs/" + {{- end }} + {{- if .Values.s3.enableAuth }} + - mountPath: /etc/sw + name: config-users + readOnly: true + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.s3.extraVolumeMounts . | nindent 12 | trim }} + ports: + - containerPort: {{ .Values.s3.port }} + name: swfs-s3 + {{- if .Values.s3.httpsPort }} + - containerPort: {{ .Values.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} + {{- if .Values.s3.metricsPort }} + - containerPort: {{ .Values.s3.metricsPort }} + name: metrics + {{- end }} + {{- if .Values.s3.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.s3.readinessProbe.httpGet.path }} + port: {{ .Values.s3.port }} + scheme: {{ .Values.s3.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.s3.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.s3.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.s3.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.s3.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.s3.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.s3.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.s3.livenessProbe.httpGet.path }} + port: {{ .Values.s3.port }} + scheme: {{ .Values.s3.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.s3.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.s3.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.s3.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.s3.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.s3.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.s3.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.s3.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.s3.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.s3.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.s3.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.s3.enableAuth }} + - name: config-users + secret: + defaultMode: 420 + {{- if .Values.s3.existingConfigSecret }} + secretName: {{ .Values.s3.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-s3-secret + {{- end }} + {{- end }} + {{- if eq .Values.s3.logs.type "hostPath" }} + - name: logs + hostPath: + path: {{ .Values.s3.logs.hostPathPrefix }}/logs/seaweedfs/s3 + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.s3.logs.type "emptyDir" }} + - name: logs + emptyDir: {} + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.s3.extraVolumes . | indent 8 | trim }} + {{- if .Values.s3.nodeSelector }} + nodeSelector: + {{ tpl .Values.s3.nodeSelector . | indent 8 | trim }} + {{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml b/k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml new file mode 100644 index 000000000..7b279793b --- /dev/null +++ b/k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml @@ -0,0 +1,46 @@ +{{- if .Values.s3.ingress.enabled }} +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1 +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }} +apiVersion: networking.k8s.io/v1beta1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: Ingress +metadata: + name: ingress-{{ template "seaweedfs.name" . }}-s3 + namespace: {{ .Release.Namespace }} + {{- with .Values.s3.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 +spec: + ingressClassName: {{ .Values.s3.ingress.className | quote }} + tls: + {{ .Values.s3.ingress.tls | default list | toYaml | nindent 6}} + rules: + - http: + paths: + - path: / + pathType: ImplementationSpecific + backend: +{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }} + service: + name: {{ template "seaweedfs.name" . }}-s3 + port: + number: {{ .Values.s3.port }} + #name: +{{- else }} + serviceName: {{ template "seaweedfs.name" . }}-s3 + servicePort: {{ .Values.s3.port }} +{{- end }} +{{- if .Values.s3.ingress.host }} + host: {{ .Values.s3.ingress.host }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml b/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml new file mode 100644 index 000000000..587ea77c4 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml @@ -0,0 +1,35 @@ +{{- if or (and (or .Values.s3.enabled .Values.allInOne.enabled) .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) }} +{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_access_key_id" "length" 20) -}} +{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_secret_access_key" "length" 40) -}} +{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_access_key_id" "length" 20) -}} +{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_secret_access_key" "length" 40) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: seaweedfs-s3-secret + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": "pre-install,pre-upgrade" + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 +stringData: + admin_access_key_id: {{ $access_key_admin }} + admin_secret_access_key: {{ $secret_key_admin }} + read_access_key_id: {{ $access_key_read }} + read_secret_access_key: {{ $secret_key_read }} + seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}' + {{- if .Values.filer.s3.auditLogConfig }} + filer_s3_auditLogConfig.json: | + {{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }} + {{- end }} + {{- if .Values.s3.auditLogConfig }} + s3_auditLogConfig.json: | + {{ toJson .Values.s3.auditLogConfig | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/s3/s3-service.yaml b/k8s/charts/seaweedfs/templates/s3/s3-service.yaml new file mode 100644 index 000000000..8afd48654 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/s3/s3-service.yaml @@ -0,0 +1,38 @@ +{{- if or .Values.s3.enabled .Values.filer.s3.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-s3 + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: s3 + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.s3.annotations }} + annotations: + {{- toYaml .Values.s3.annotations | nindent 4 }} +{{- end }} +spec: + internalTrafficPolicy: {{ .Values.s3.internalTrafficPolicy | default "Cluster" }} + ports: + - name: "swfs-s3" + port: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + targetPort: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + protocol: TCP +{{- if and .Values.s3.enabled .Values.s3.httpsPort }} + - name: "swfs-s3-tls" + port: {{ .Values.s3.httpsPort }} + targetPort: {{ .Values.s3.httpsPort }} + protocol: TCP +{{- end }} +{{- if and .Values.s3.enabled .Values.s3.metricsPort }} + - name: "metrics" + port: {{ .Values.s3.metricsPort }} + targetPort: {{ .Values.s3.metricsPort }} + protocol: TCP +{{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: {{ if .Values.s3.enabled }}s3{{ else }}filer{{ end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/s3/s3-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/s3/s3-servicemonitor.yaml new file mode 100644 index 000000000..348255912 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/s3/s3-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if or .Values.s3.enabled .Values.filer.s3.enabled }} +{{- if .Values.s3.metricsPort }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-s3 + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: s3 + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.s3.annotations }} + annotations: + {{- toYaml .Values.s3.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: s3 +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml b/k8s/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml deleted file mode 100644 index cf7801cce..000000000 --- a/k8s/charts/seaweedfs/templates/seaweedfs-grafana-dashboard.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.global.monitoring.enabled }} -{{- $files := .Files.Glob "dashboards/*.json" }} -{{- if $files }} -{{- range $path, $file := $files }} -{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} ---- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ printf "%s" $dashboardName | lower | replace "_" "-" }} - namespace: {{ $.Release.Namespace }} - labels: - grafana_dashboard: "1" -data: - {{ $dashboardName }}.json: |- -{{ toString $file | indent 4 }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/secret-seaweedfs-db.yaml b/k8s/charts/seaweedfs/templates/secret-seaweedfs-db.yaml deleted file mode 100644 index 5b7a81038..000000000 --- a/k8s/charts/seaweedfs/templates/secret-seaweedfs-db.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.filer.enabled }} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: secret-seaweedfs-db - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "pre-install" - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -stringData: - user: "YourSWUser" - password: "HardCodedPassword" - # better to random generate and create in DB - # password: {{ randAlphaNum 10 | sha256sum | b64enc | trunc 32 }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/security-configmap.yaml b/k8s/charts/seaweedfs/templates/security-configmap.yaml deleted file mode 100644 index 6f229c595..000000000 --- a/k8s/charts/seaweedfs/templates/security-configmap.yaml +++ /dev/null @@ -1,82 +0,0 @@ -{{- if .Values.global.enableSecurity }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ template "seaweedfs.name" . }}-security-config - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -data: - {{- $existing := (lookup "v1" "ConfigMap" .Release.Namespace (printf "%s-security-config" (include "seaweedfs.name" .))) }} - {{- $securityConfig := fromToml (dig "data" "security.toml" "" $existing) }} - security.toml: |- - # this file is read by master, volume server, and filer - - {{- if .Values.global.securityConfig.jwtSigning.volumeWrite }} - # the jwt signing key is read by master and volume server - # a jwt expires in 10 seconds - [jwt.signing] - key = "{{ dig "jwt" "signing" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" - {{- end }} - - {{- if .Values.global.securityConfig.jwtSigning.volumeRead }} - # this jwt signing key is read by master and volume server, and it is used for read operations: - # - the Master server generates the JWT, which can be used to read a certain file on a volume server - # - the Volume server validates the JWT on reading - [jwt.signing.read] - key = "{{ dig "jwt" "signing" "read" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" - {{- end }} - - {{- if .Values.global.securityConfig.jwtSigning.filerWrite }} - # If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT: - # - f.e. the S3 API Shim generates the JWT - # - the Filer server validates the JWT on writing - # the jwt defaults to expire after 10 seconds. - [jwt.filer_signing] - key = "{{ dig "jwt" "filer_signing" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" - {{- end }} - - {{- if .Values.global.securityConfig.jwtSigning.filerRead }} - # If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT: - # - f.e. the S3 API Shim generates the JWT - # - the Filer server validates the JWT on writing - # the jwt defaults to expire after 10 seconds. - [jwt.filer_signing.read] - key = "{{ dig "jwt" "filer_signing" "read" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" - {{- end }} - - # all grpc tls authentications are mutual - # the values for the following ca, cert, and key are paths to the PERM files. - [grpc] - ca = "/usr/local/share/ca-certificates/ca/tls.crt" - - [grpc.volume] - cert = "/usr/local/share/ca-certificates/volume/tls.crt" - key = "/usr/local/share/ca-certificates/volume/tls.key" - - [grpc.master] - cert = "/usr/local/share/ca-certificates/master/tls.crt" - key = "/usr/local/share/ca-certificates/master/tls.key" - - [grpc.filer] - cert = "/usr/local/share/ca-certificates/filer/tls.crt" - key = "/usr/local/share/ca-certificates/filer/tls.key" - - # use this for any place needs a grpc client - # i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload" - [grpc.client] - cert = "/usr/local/share/ca-certificates/client/tls.crt" - key = "/usr/local/share/ca-certificates/client/tls.key" - - # volume server https options - # Note: work in progress! - # this does not work with other clients, e.g., "weed filer|mount" etc, yet. - [https.client] - enabled = false - [https.volume] - cert = "" - key = "" -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/service-account.yaml b/k8s/charts/seaweedfs/templates/service-account.yaml deleted file mode 100644 index 429158a27..000000000 --- a/k8s/charts/seaweedfs/templates/service-account.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ .Values.global.serviceAccountName }} - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} -automountServiceAccountToken: {{ .Values.global.automountServiceAccountToken }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-deployment.yaml b/k8s/charts/seaweedfs/templates/sftp-deployment.yaml deleted file mode 100644 index c0bcb2c4a..000000000 --- a/k8s/charts/seaweedfs/templates/sftp-deployment.yaml +++ /dev/null @@ -1,301 +0,0 @@ -{{- if .Values.sftp.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "seaweedfs.name" . }}-sftp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sftp -{{- if .Values.sftp.annotations }} - annotations: - {{- toYaml .Values.sftp.annotations | nindent 4 }} -{{- end }} -spec: - replicas: {{ .Values.sftp.replicas }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sftp - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sftp - {{ with .Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.sftp.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{ with .Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.sftp.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - restartPolicy: {{ default .Values.global.restartPolicy .Values.sftp.restartPolicy }} - {{- if .Values.sftp.affinity }} - affinity: - {{ tpl .Values.sftp.affinity . | nindent 8 | trim }} - {{- end }} - {{- if .Values.sftp.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl .Values.sftp.topologySpreadConstraint . | nindent 8 | trim }} - {{- end }} - {{- if .Values.sftp.tolerations }} - tolerations: - {{ tpl .Values.sftp.tolerations . | nindent 8 | trim }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} - terminationGracePeriodSeconds: 10 - {{- if .Values.sftp.priorityClassName }} - priorityClassName: {{ .Values.sftp.priorityClassName | quote }} - {{- end }} - enableServiceLinks: false - {{- if .Values.sftp.serviceAccountName }} - serviceAccountName: {{ .Values.sftp.serviceAccountName | quote }} - {{- end }} - {{- if .Values.sftp.initContainers }} - initContainers: - {{ tpl .Values.sftp.initContainers . | nindent 8 | trim }} - {{- end }} - {{- if .Values.sftp.podSecurityContext.enabled }} - securityContext: {{- omit .Values.sftp.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs - image: {{ template "sftp.image" . }} - imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} - env: - - name: POD_IP - valueFrom: - fieldRef: - fieldPath: status.podIP - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" . }}" - {{- if .Values.sftp.extraEnvironmentVars }} - {{- range $key, $value := .Values.sftp.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if .Values.global.extraEnvironmentVars }} - {{- range $key, $value := .Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-ec" - - | - exec /usr/bin/weed \ - {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} - -logdir=/logs \ - {{- else }} - -logtostderr=true \ - {{- end }} - {{- if .Values.sftp.loggingOverrideLevel }} - -v={{ .Values.sftp.loggingOverrideLevel }} \ - {{- else }} - -v={{ .Values.global.loggingLevel }} \ - {{- end }} - sftp \ - -ip.bind={{ .Values.sftp.bindAddress }} \ - -port={{ .Values.sftp.port }} \ - {{- if .Values.sftp.metricsPort }} - -metricsPort={{ .Values.sftp.metricsPort }} \ - {{- end }} - {{- if .Values.sftp.metricsIp }} - -metricsIp={{ .Values.sftp.metricsIp }} \ - {{- end }} - {{- if .Values.sftp.sshPrivateKey }} - -sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ - {{- end }} - {{- if .Values.sftp.hostKeysFolder }} - -hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ - {{- end }} - {{- if .Values.sftp.authMethods }} - -authMethods={{ .Values.sftp.authMethods }} \ - {{- end }} - {{- if .Values.sftp.maxAuthTries }} - -maxAuthTries={{ .Values.sftp.maxAuthTries }} \ - {{- end }} - {{- if .Values.sftp.bannerMessage }} - -bannerMessage="{{ .Values.sftp.bannerMessage }}" \ - {{- end }} - {{- if .Values.sftp.loginGraceTime }} - -loginGraceTime={{ .Values.sftp.loginGraceTime }} \ - {{- end }} - {{- if .Values.sftp.clientAliveInterval }} - -clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ - {{- end }} - {{- if .Values.sftp.clientAliveCountMax }} - -clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ - {{- end }} - {{- if .Values.sftp.dataCenter }} - -dataCenter={{ .Values.sftp.dataCenter }} \ - {{- end }} - {{- if .Values.sftp.localSocket }} - -localSocket={{ .Values.sftp.localSocket }} \ - {{- end }} - {{- if .Values.global.enableSecurity }} - -cert.file=/usr/local/share/ca-certificates/client/tls.crt \ - -key.file=/usr/local/share/ca-certificates/client/tls.key \ - {{- end }} - -userStoreFile=/etc/sw/seaweedfs_sftp_config \ - -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} - volumeMounts: - {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} - - name: logs - mountPath: "/logs/" - {{- end }} - {{- if .Values.sftp.enableAuth }} - - mountPath: /etc/sw - name: config-users - readOnly: true - {{- end }} - - mountPath: /etc/sw/ssh - name: config-ssh - readOnly: true - {{- if .Values.global.enableSecurity }} - - name: security-config - readOnly: true - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - - name: ca-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/ca/ - - name: master-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/master/ - - name: volume-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/volume/ - - name: filer-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/filer/ - - name: client-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/client/ - {{- end }} - {{ tpl .Values.sftp.extraVolumeMounts . | nindent 12 | trim }} - ports: - - containerPort: {{ .Values.sftp.port }} - name: swfs-sftp - {{- if .Values.sftp.metricsPort }} - - containerPort: {{ .Values.sftp.metricsPort }} - name: metrics - {{- end }} - {{- if .Values.sftp.readinessProbe.enabled }} - readinessProbe: - tcpSocket: - port: {{ .Values.sftp.port }} - initialDelaySeconds: {{ .Values.sftp.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sftp.readinessProbe.periodSeconds }} - successThreshold: {{ .Values.sftp.readinessProbe.successThreshold }} - failureThreshold: {{ .Values.sftp.readinessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.sftp.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if .Values.sftp.livenessProbe.enabled }} - livenessProbe: - tcpSocket: - port: {{ .Values.sftp.port }} - initialDelaySeconds: {{ .Values.sftp.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ .Values.sftp.livenessProbe.periodSeconds }} - successThreshold: {{ .Values.sftp.livenessProbe.successThreshold }} - failureThreshold: {{ .Values.sftp.livenessProbe.failureThreshold }} - timeoutSeconds: {{ .Values.sftp.livenessProbe.timeoutSeconds }} - {{- end }} - {{- with .Values.sftp.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if .Values.sftp.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.sftp.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if .Values.sftp.sidecars }} - {{- include "common.tplvalues.render" (dict "value" .Values.sftp.sidecars "context" $) | nindent 8 }} - {{- end }} - volumes: - {{- if .Values.sftp.enableAuth }} - - name: config-users - secret: - defaultMode: 420 - {{- if .Values.sftp.existingConfigSecret }} - secretName: {{ .Values.sftp.existingConfigSecret }} - {{- else }} - secretName: seaweedfs-sftp-secret - {{- end }} - {{- end }} - - name: config-ssh - secret: - defaultMode: 420 - {{- if .Values.sftp.existingSshConfigSecret }} - secretName: {{ .Values.sftp.existingSshConfigSecret }} - {{- else }} - secretName: seaweedfs-sftp-ssh-secret - {{- end }} - {{- if eq .Values.sftp.logs.type "hostPath" }} - - name: logs - hostPath: - path: {{ .Values.sftp.logs.hostPathPrefix }}/logs/seaweedfs/sftp - type: DirectoryOrCreate - {{- end }} - {{- if eq .Values.sftp.logs.type "emptyDir" }} - - name: logs - emptyDir: {} - {{- end }} - {{- if .Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" . }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" . }}-client-cert - {{- end }} - {{ tpl .Values.sftp.extraVolumes . | indent 8 | trim }} - {{- if .Values.sftp.nodeSelector }} - nodeSelector: - {{ tpl .Values.sftp.nodeSelector . | indent 8 | trim }} - {{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/sftp-secret.yaml b/k8s/charts/seaweedfs/templates/sftp-secret.yaml deleted file mode 100644 index 2cec992a0..000000000 --- a/k8s/charts/seaweedfs/templates/sftp-secret.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if or .Values.sftp.enabled .Values.allInOne.enabled }} -{{- $admin_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "admin_password" 20) -}} -{{- $read_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "readonly_password" 20) -}} -{{- $public_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "public_user_password" 20) -}} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: seaweedfs-sftp-secret - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep - "helm.sh/hook": "pre-install,pre-upgrade" - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sftp -stringData: - admin_password: {{ $admin_pwd }} - readonly_password: {{ $read_user_pwd }} - public_user_password: {{ $public_user_pwd }} - seaweedfs_sftp_config: '[{"Username":"admin","Password":"{{ $admin_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","write","list"]},"Uid":0,"Gid":0},{"Username":"readonly_user","Password":"{{ $read_user_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","list"]},"Uid":1112,"Gid":1112},{"Username":"public_user","Password":"{{ $public_user_pwd }}","PublicKeys":[],"HomeDir":"/public","Permissions":{"/public":["write","read","list"]},"Uid":1113,"Gid":1113}]' - seaweedfs_sftp_ssh_private_key: | - -----BEGIN OPENSSH PRIVATE KEY----- - b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW - QyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8OwAAAJDjxkmk48ZJ - pAAAAAtzc2gtZWQyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8Ow - AAAEAeVy/4+gf6rjj2jla/AHqJpC1LcS5hn04IUs4q+iVq/MfgxzBwOmG15dW6WW7qrt6m - EQ3U3rTP7DSpnDRRVbw7AAAADHNla291ckAwMDY2NwE= - -----END OPENSSH PRIVATE KEY----- -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-service.yaml b/k8s/charts/seaweedfs/templates/sftp-service.yaml deleted file mode 100644 index 5e67570d6..000000000 --- a/k8s/charts/seaweedfs/templates/sftp-service.yaml +++ /dev/null @@ -1,32 +0,0 @@ -{{- if .Values.sftp.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: {{ template "seaweedfs.name" . }}-sftp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: sftp - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- if .Values.sftp.annotations }} - annotations: - {{- toYaml .Values.sftp.annotations | nindent 4 }} -{{- end }} -spec: - internalTrafficPolicy: {{ .Values.sftp.internalTrafficPolicy | default "Cluster" }} - ports: - - name: "swfs-sftp" - port: {{ .Values.sftp.port }} - targetPort: {{ .Values.sftp.port }} - protocol: TCP -{{- if .Values.sftp.metricsPort }} - - name: "metrics" - port: {{ .Values.sftp.metricsPort }} - targetPort: {{ .Values.sftp.metricsPort }} - protocol: TCP -{{- end }} - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: sftp -{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml deleted file mode 100644 index 4c7188866..000000000 --- a/k8s/charts/seaweedfs/templates/sftp-servicemonitor.yaml +++ /dev/null @@ -1,33 +0,0 @@ -{{- if .Values.sftp.enabled }} -{{- if .Values.sftp.metricsPort }} -{{- if .Values.global.monitoring.enabled }} -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "seaweedfs.name" . }}-sftp - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: sftp - {{- with .Values.global.monitoring.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.sftp.annotations }} - annotations: - {{- toYaml .Values.sftp.annotations | nindent 4 }} -{{- end }} -spec: - endpoints: - - interval: 30s - port: metrics - scrapeTimeout: 5s - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - app.kubernetes.io/component: sftp -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/sftp/sftp-deployment.yaml b/k8s/charts/seaweedfs/templates/sftp/sftp-deployment.yaml new file mode 100644 index 000000000..c0bcb2c4a --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp/sftp-deployment.yaml @@ -0,0 +1,301 @@ +{{- if .Values.sftp.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + replicas: {{ .Values.sftp.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + {{ with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sftp.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.sftp.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.sftp.restartPolicy }} + {{- if .Values.sftp.affinity }} + affinity: + {{ tpl .Values.sftp.affinity . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl .Values.sftp.topologySpreadConstraint . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.tolerations }} + tolerations: + {{ tpl .Values.sftp.tolerations . | nindent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }} + terminationGracePeriodSeconds: 10 + {{- if .Values.sftp.priorityClassName }} + priorityClassName: {{ .Values.sftp.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if .Values.sftp.serviceAccountName }} + serviceAccountName: {{ .Values.sftp.serviceAccountName | quote }} + {{- end }} + {{- if .Values.sftp.initContainers }} + initContainers: + {{ tpl .Values.sftp.initContainers . | nindent 8 | trim }} + {{- end }} + {{- if .Values.sftp.podSecurityContext.enabled }} + securityContext: {{- omit .Values.sftp.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "sftp.image" . }} + imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + {{- if .Values.sftp.extraEnvironmentVars }} + {{- range $key, $value := .Values.sftp.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if .Values.sftp.loggingOverrideLevel }} + -v={{ .Values.sftp.loggingOverrideLevel }} \ + {{- else }} + -v={{ .Values.global.loggingLevel }} \ + {{- end }} + sftp \ + -ip.bind={{ .Values.sftp.bindAddress }} \ + -port={{ .Values.sftp.port }} \ + {{- if .Values.sftp.metricsPort }} + -metricsPort={{ .Values.sftp.metricsPort }} \ + {{- end }} + {{- if .Values.sftp.metricsIp }} + -metricsIp={{ .Values.sftp.metricsIp }} \ + {{- end }} + {{- if .Values.sftp.sshPrivateKey }} + -sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ + {{- end }} + {{- if .Values.sftp.hostKeysFolder }} + -hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ + {{- end }} + {{- if .Values.sftp.authMethods }} + -authMethods={{ .Values.sftp.authMethods }} \ + {{- end }} + {{- if .Values.sftp.maxAuthTries }} + -maxAuthTries={{ .Values.sftp.maxAuthTries }} \ + {{- end }} + {{- if .Values.sftp.bannerMessage }} + -bannerMessage="{{ .Values.sftp.bannerMessage }}" \ + {{- end }} + {{- if .Values.sftp.loginGraceTime }} + -loginGraceTime={{ .Values.sftp.loginGraceTime }} \ + {{- end }} + {{- if .Values.sftp.clientAliveInterval }} + -clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ + {{- end }} + {{- if .Values.sftp.clientAliveCountMax }} + -clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ + {{- end }} + {{- if .Values.sftp.dataCenter }} + -dataCenter={{ .Values.sftp.dataCenter }} \ + {{- end }} + {{- if .Values.sftp.localSocket }} + -localSocket={{ .Values.sftp.localSocket }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + -cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + -userStoreFile=/etc/sw/seaweedfs_sftp_config \ + -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} + volumeMounts: + {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }} + - name: logs + mountPath: "/logs/" + {{- end }} + {{- if .Values.sftp.enableAuth }} + - mountPath: /etc/sw + name: config-users + readOnly: true + {{- end }} + - mountPath: /etc/sw/ssh + name: config-ssh + readOnly: true + {{- if .Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl .Values.sftp.extraVolumeMounts . | nindent 12 | trim }} + ports: + - containerPort: {{ .Values.sftp.port }} + name: swfs-sftp + {{- if .Values.sftp.metricsPort }} + - containerPort: {{ .Values.sftp.metricsPort }} + name: metrics + {{- end }} + {{- if .Values.sftp.readinessProbe.enabled }} + readinessProbe: + tcpSocket: + port: {{ .Values.sftp.port }} + initialDelaySeconds: {{ .Values.sftp.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sftp.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.sftp.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.sftp.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.sftp.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.sftp.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: {{ .Values.sftp.port }} + initialDelaySeconds: {{ .Values.sftp.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.sftp.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.sftp.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.sftp.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.sftp.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.sftp.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.sftp.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.sftp.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.sftp.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sftp.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.sftp.enableAuth }} + - name: config-users + secret: + defaultMode: 420 + {{- if .Values.sftp.existingConfigSecret }} + secretName: {{ .Values.sftp.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-sftp-secret + {{- end }} + {{- end }} + - name: config-ssh + secret: + defaultMode: 420 + {{- if .Values.sftp.existingSshConfigSecret }} + secretName: {{ .Values.sftp.existingSshConfigSecret }} + {{- else }} + secretName: seaweedfs-sftp-ssh-secret + {{- end }} + {{- if eq .Values.sftp.logs.type "hostPath" }} + - name: logs + hostPath: + path: {{ .Values.sftp.logs.hostPathPrefix }}/logs/seaweedfs/sftp + type: DirectoryOrCreate + {{- end }} + {{- if eq .Values.sftp.logs.type "emptyDir" }} + - name: logs + emptyDir: {} + {{- end }} + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" . }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" . }}-client-cert + {{- end }} + {{ tpl .Values.sftp.extraVolumes . | indent 8 | trim }} + {{- if .Values.sftp.nodeSelector }} + nodeSelector: + {{ tpl .Values.sftp.nodeSelector . | indent 8 | trim }} + {{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/sftp/sftp-secret.yaml b/k8s/charts/seaweedfs/templates/sftp/sftp-secret.yaml new file mode 100644 index 000000000..2cec992a0 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp/sftp-secret.yaml @@ -0,0 +1,33 @@ +{{- if or .Values.sftp.enabled .Values.allInOne.enabled }} +{{- $admin_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "admin_password" 20) -}} +{{- $read_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "readonly_password" 20) -}} +{{- $public_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "public_user_password" 20) -}} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: seaweedfs-sftp-secret + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": "pre-install,pre-upgrade" + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp +stringData: + admin_password: {{ $admin_pwd }} + readonly_password: {{ $read_user_pwd }} + public_user_password: {{ $public_user_pwd }} + seaweedfs_sftp_config: '[{"Username":"admin","Password":"{{ $admin_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","write","list"]},"Uid":0,"Gid":0},{"Username":"readonly_user","Password":"{{ $read_user_pwd }}","PublicKeys":[],"HomeDir":"/","Permissions":{"/":["read","list"]},"Uid":1112,"Gid":1112},{"Username":"public_user","Password":"{{ $public_user_pwd }}","PublicKeys":[],"HomeDir":"/public","Permissions":{"/public":["write","read","list"]},"Uid":1113,"Gid":1113}]' + seaweedfs_sftp_ssh_private_key: | + -----BEGIN OPENSSH PRIVATE KEY----- + b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW + QyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8OwAAAJDjxkmk48ZJ + pAAAAAtzc2gtZWQyNTUxOQAAACDH4McwcDphteXVullu6q7ephEN1N60z+w0qZw0UVW8Ow + AAAEAeVy/4+gf6rjj2jla/AHqJpC1LcS5hn04IUs4q+iVq/MfgxzBwOmG15dW6WW7qrt6m + EQ3U3rTP7DSpnDRRVbw7AAAADHNla291ckAwMDY2NwE= + -----END OPENSSH PRIVATE KEY----- +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp/sftp-service.yaml b/k8s/charts/seaweedfs/templates/sftp/sftp-service.yaml new file mode 100644 index 000000000..5e67570d6 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp/sftp-service.yaml @@ -0,0 +1,32 @@ +{{- if .Values.sftp.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + internalTrafficPolicy: {{ .Values.sftp.internalTrafficPolicy | default "Cluster" }} + ports: + - name: "swfs-sftp" + port: {{ .Values.sftp.port }} + targetPort: {{ .Values.sftp.port }} + protocol: TCP +{{- if .Values.sftp.metricsPort }} + - name: "metrics" + port: {{ .Values.sftp.metricsPort }} + targetPort: {{ .Values.sftp.metricsPort }} + protocol: TCP +{{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/sftp/sftp-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/sftp/sftp-servicemonitor.yaml new file mode 100644 index 000000000..4c7188866 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/sftp/sftp-servicemonitor.yaml @@ -0,0 +1,33 @@ +{{- if .Values.sftp.enabled }} +{{- if .Values.sftp.metricsPort }} +{{- if .Values.global.monitoring.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" . }}-sftp + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: sftp + {{- with .Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.sftp.annotations }} + annotations: + {{- toYaml .Values.sftp.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + app.kubernetes.io/component: sftp +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/shared/_helpers.tpl b/k8s/charts/seaweedfs/templates/shared/_helpers.tpl new file mode 100644 index 000000000..b15b07fa0 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/_helpers.tpl @@ -0,0 +1,221 @@ +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to +this (by the DNS naming spec). If release name contains chart name it will +be used as a full name. +*/}} +{{- define "seaweedfs.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "seaweedfs.chart" -}} +{{- printf "%s-helm" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "seaweedfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Inject extra environment vars in the format key:value, if populated +*/}} +{{- define "seaweedfs.extraEnvironmentVars" -}} +{{- if .extraEnvironmentVars -}} +{{- range $key, $value := .extraEnvironmentVars }} +- name: {{ $key }} + value: {{ $value | quote }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Return the proper filer image */}} +{{- define "filer.image" -}} +{{- if .Values.filer.imageOverride -}} +{{- $imageOverride := .Values.filer.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + +{{/* Return the proper master image */}} +{{- define "master.image" -}} +{{- if .Values.master.imageOverride -}} +{{- $imageOverride := .Values.master.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + +{{/* Return the proper s3 image */}} +{{- define "s3.image" -}} +{{- if .Values.s3.imageOverride -}} +{{- $imageOverride := .Values.s3.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + +{{/* Return the proper sftp image */}} +{{- define "sftp.image" -}} +{{- if .Values.sftp.imageOverride -}} +{{- $imageOverride := .Values.sftp.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + +{{/* Return the proper volume image */}} +{{- define "volume.image" -}} +{{- if .Values.volume.imageOverride -}} +{{- $imageOverride := .Values.volume.imageOverride -}} +{{- printf "%s" $imageOverride -}} +{{- else -}} +{{- include "common.image" . }} +{{- end -}} +{{- end -}} + +{{/* Computes the container image name for all components (if they are not overridden) */}} +{{- define "common.image" -}} +{{- $registryName := default .Values.image.registry .Values.global.registry | toString -}} +{{- $repositoryName := .Values.image.repository | toString -}} +{{- $name := .Values.global.imageName | toString -}} +{{- $tag := default .Chart.AppVersion .Values.image.tag | toString -}} +{{- if $registryName -}} +{{- printf "%s/%s%s:%s" $registryName $repositoryName $name $tag -}} +{{- else -}} +{{- printf "%s%s:%s" $repositoryName $name $tag -}} +{{- end -}} +{{- end -}} + +{{/* check if any Volume PVC exists */}} +{{- define "volume.pvc_exists" -}} +{{- if or (or (eq .Values.volume.data.type "persistentVolumeClaim") (and (eq .Values.volume.idx.type "persistentVolumeClaim") .Values.volume.dir_idx )) (eq .Values.volume.logs.type "persistentVolumeClaim") -}} +{{- printf "true" -}} +{{- else -}} +{{- printf "" -}} +{{- end -}} +{{- end -}} + +{{/* check if any Filer PVC exists */}} +{{- define "filer.pvc_exists" -}} +{{- if or (eq .Values.filer.data.type "persistentVolumeClaim") (eq .Values.filer.logs.type "persistentVolumeClaim") -}} +{{- printf "true" -}} +{{- else -}} +{{- printf "" -}} +{{- end -}} +{{- end -}} + +{{/* check if any Master PVC exists */}} +{{- define "master.pvc_exists" -}} +{{- if or (eq .Values.master.data.type "persistentVolumeClaim") (eq .Values.master.logs.type "persistentVolumeClaim") -}} +{{- printf "true" -}} +{{- else -}} +{{- printf "" -}} +{{- end -}} +{{- end -}} + +{{/* check if any InitContainers exist for Volumes */}} +{{- define "volume.initContainers_exists" -}} +{{- if or (not (empty .Values.volume.idx )) (not (empty .Values.volume.initContainers )) -}} +{{- printf "true" -}} +{{- else -}} +{{- printf "" -}} +{{- end -}} +{{- end -}} + +{{/* Return the proper imagePullSecrets */}} +{{- define "seaweedfs.imagePullSecrets" -}} +{{- with .Values.global.imagePullSecrets }} +imagePullSecrets: +{{- if kindIs "string" . }} + - name: {{ . }} +{{- else }} +{{- range . }} + {{- if kindIs "string" . }} + - name: {{ . }} + {{- else }} + - {{ toYaml . }} + {{- end}} +{{- end }} +{{- end }} +{{- end }} +{{- end -}} + +{{/* +Renders a value that contains template perhaps with scope if the scope is present. +Usage: +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ ) }} +{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $ "scope" $app ) }} +*/}} +{{- define "common.tplvalues.render" -}} +{{- $value := typeIs "string" .value | ternary .value (.value | toYaml) }} +{{- if contains "{{" (toJson .value) }} + {{- if .scope }} + {{- tpl (cat "{{- with $.RelativeScope -}}" $value "{{- end }}") (merge (dict "RelativeScope" .scope) .context) }} + {{- else }} + {{- tpl $value .context }} + {{- end }} +{{- else }} + {{- $value }} +{{- end }} +{{- end -}} + +{{/* +Converts a Kubernetes quantity like "256Mi" or "2G" to a float64 in base units, +handling both binary (Ki, Mi, Gi) and decimal (m, k, M) suffixes; numeric inputs +Usage: +{{ include "common.resource-quantity" "10Gi" }} +*/}} +{{- define "common.resource-quantity" -}} + {{- $value := . -}} + {{- $unit := 1.0 -}} + {{- if typeIs "string" . -}} + {{- $base2 := dict "Ki" 0x1p10 "Mi" 0x1p20 "Gi" 0x1p30 "Ti" 0x1p40 "Pi" 0x1p50 "Ei" 0x1p60 -}} + {{- $base10 := dict "m" 1e-3 "k" 1e3 "M" 1e6 "G" 1e9 "T" 1e12 "P" 1e15 "E" 1e18 -}} + {{- range $k, $v := merge $base2 $base10 -}} + {{- if hasSuffix $k $ -}} + {{- $value = trimSuffix $k $ -}} + {{- $unit = $v -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- mulf (float64 $value) $unit -}} +{{- end -}} + +{{/* +getOrGeneratePassword will check if a password exists in a secret and return it, +or generate a new random password if it doesn't exist. +*/}} +{{- define "getOrGeneratePassword" -}} +{{- $params := . -}} +{{- $namespace := $params.namespace -}} +{{- $secretName := $params.secretName -}} +{{- $key := $params.key -}} +{{- $length := default 16 $params.length -}} + +{{- $existingSecret := lookup "v1" "Secret" $namespace $secretName -}} +{{- if and $existingSecret (index $existingSecret.data $key) -}} + {{- index $existingSecret.data $key | b64dec -}} +{{- else -}} + {{- randAlphaNum $length -}} +{{- end -}} +{{- end -}} diff --git a/k8s/charts/seaweedfs/templates/shared/cluster-role.yaml b/k8s/charts/seaweedfs/templates/shared/cluster-role.yaml new file mode 100644 index 000000000..154de0675 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/cluster-role.yaml @@ -0,0 +1,35 @@ +{{- if .Values.global.createClusterRole }} +#hack for delete pod master after migration +--- +kind: ClusterRole +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ .Values.global.serviceAccountName }}-rw-cr + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +rules: + - apiGroups: [""] + resources: ["pods"] + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] +--- +kind: ClusterRoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: system:serviceaccount:{{ .Values.global.serviceAccountName }}:default + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +subjects: + - kind: ServiceAccount + name: {{ .Values.global.serviceAccountName }} + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ .Values.global.serviceAccountName }}-rw-cr +{{- end }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/shared/notification-configmap.yaml b/k8s/charts/seaweedfs/templates/shared/notification-configmap.yaml new file mode 100644 index 000000000..c638c8771 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/notification-configmap.yaml @@ -0,0 +1,19 @@ +{{- if and .Values.filer.enabled .Values.filer.notificationConfig }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "seaweedfs.name" . }}-notification-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- if .Values.filer.annotations }} + annotations: + {{- toYaml .Values.filer.annotations | nindent 4 }} +{{- end }} +data: + notification.toml: |- + {{ .Values.filer.notificationConfig | nindent 4 }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/shared/post-install-bucket-hook.yaml b/k8s/charts/seaweedfs/templates/shared/post-install-bucket-hook.yaml new file mode 100644 index 000000000..44d650898 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/post-install-bucket-hook.yaml @@ -0,0 +1,122 @@ +{{- if .Values.master.enabled }} +{{- if .Values.filer.s3.enabled }} +{{- if .Values.filer.s3.createBuckets }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $.Release.Name }}-bucket-hook" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-weight": "-5" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: "{{ .Release.Name }}" + labels: + app.kubernetes.io/managed-by: {{ .Release.Service | quote }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + spec: + restartPolicy: Never + {{- if .Values.filer.podSecurityContext.enabled }} + securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: post-install-job + image: {{ template "master.image" . }} + env: + - name: WEED_CLUSTER_DEFAULT + value: "sw" + - name: WEED_CLUSTER_SW_MASTER + value: "{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}:{{ .Values.master.port }}" + - name: WEED_CLUSTER_SW_FILER + value: "{{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" . }}" + command: + - "/bin/sh" + - "-ec" + - | + wait_for_service() { + local url=$1 + local max_attempts=60 # 5 minutes total (5s * 60) + local attempt=1 + + echo "Waiting for service at $url..." + while [ $attempt -le $max_attempts ]; do + if wget -q --spider "$url" >/dev/null 2>&1; then + echo "Service at $url is up!" + return 0 + fi + echo "Attempt $attempt: Service not ready yet, retrying in 5s..." + sleep 5 + attempt=$((attempt + 1)) + done + echo "Service at $url failed to become ready within 5 minutes" + exit 1 + } + wait_for_service "http://$WEED_CLUSTER_SW_MASTER{{ .Values.master.readinessProbe.httpGet.path }}" + wait_for_service "http://$WEED_CLUSTER_SW_FILER{{ .Values.filer.readinessProbe.httpGet.path }}" + {{- range $reg, $props := $.Values.filer.s3.createBuckets }} + exec /bin/echo \ + "s3.bucket.create --name {{ $props.name }}" |\ + /usr/bin/weed shell + {{- end }} + {{- range $reg, $props := $.Values.filer.s3.createBuckets }} + {{- if $props.anonymousRead }} + exec /bin/echo \ + "s3.configure --user anonymous \ + --buckets {{ $props.name }} \ + --actions Read \ + --apply true" |\ + /usr/bin/weed shell + {{- end }} + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + volumeMounts: + - name: config-users + mountPath: /etc/sw + readOnly: true + {{- end }} + ports: + - containerPort: {{ .Values.master.port }} + name: swfs-master + {{- if and .Values.global.monitoring.enabled .Values.master.metricsPort }} + - containerPort: {{ .Values.master.metricsPort }} + name: metrics + {{- end }} + - containerPort: {{ .Values.master.grpcPort }} + #name: swfs-master-grpc + {{- if .Values.filer.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.filer.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + volumes: + - name: config-users + secret: + defaultMode: 420 + {{- if not (empty .Values.filer.s3.existingConfigSecret) }} + secretName: {{ .Values.filer.s3.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-s3-secret + {{- end }} + {{- end }}{{/** if .Values.filer.s3.enableAuth **/}} +{{- end }}{{/** if .Values.master.enabled **/}} +{{- end }}{{/** if .Values.filer.s3.enabled **/}} +{{- end }}{{/** if .Values.filer.s3.createBuckets **/}} diff --git a/k8s/charts/seaweedfs/templates/shared/seaweedfs-grafana-dashboard.yaml b/k8s/charts/seaweedfs/templates/shared/seaweedfs-grafana-dashboard.yaml new file mode 100644 index 000000000..cf7801cce --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/seaweedfs-grafana-dashboard.yaml @@ -0,0 +1,19 @@ +{{- if .Values.global.monitoring.enabled }} +{{- $files := .Files.Glob "dashboards/*.json" }} +{{- if $files }} +{{- range $path, $file := $files }} +{{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ printf "%s" $dashboardName | lower | replace "_" "-" }} + namespace: {{ $.Release.Namespace }} + labels: + grafana_dashboard: "1" +data: + {{ $dashboardName }}.json: |- +{{ toString $file | indent 4 }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/shared/secret-seaweedfs-db.yaml b/k8s/charts/seaweedfs/templates/shared/secret-seaweedfs-db.yaml new file mode 100644 index 000000000..5b7a81038 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/secret-seaweedfs-db.yaml @@ -0,0 +1,21 @@ +{{- if .Values.filer.enabled }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: secret-seaweedfs-db + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep + "helm.sh/hook": "pre-install" + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +stringData: + user: "YourSWUser" + password: "HardCodedPassword" + # better to random generate and create in DB + # password: {{ randAlphaNum 10 | sha256sum | b64enc | trunc 32 }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml b/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml new file mode 100644 index 000000000..6f229c595 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml @@ -0,0 +1,82 @@ +{{- if .Values.global.enableSecurity }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "seaweedfs.name" . }}-security-config + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +data: + {{- $existing := (lookup "v1" "ConfigMap" .Release.Namespace (printf "%s-security-config" (include "seaweedfs.name" .))) }} + {{- $securityConfig := fromToml (dig "data" "security.toml" "" $existing) }} + security.toml: |- + # this file is read by master, volume server, and filer + + {{- if .Values.global.securityConfig.jwtSigning.volumeWrite }} + # the jwt signing key is read by master and volume server + # a jwt expires in 10 seconds + [jwt.signing] + key = "{{ dig "jwt" "signing" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" + {{- end }} + + {{- if .Values.global.securityConfig.jwtSigning.volumeRead }} + # this jwt signing key is read by master and volume server, and it is used for read operations: + # - the Master server generates the JWT, which can be used to read a certain file on a volume server + # - the Volume server validates the JWT on reading + [jwt.signing.read] + key = "{{ dig "jwt" "signing" "read" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" + {{- end }} + + {{- if .Values.global.securityConfig.jwtSigning.filerWrite }} + # If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT: + # - f.e. the S3 API Shim generates the JWT + # - the Filer server validates the JWT on writing + # the jwt defaults to expire after 10 seconds. + [jwt.filer_signing] + key = "{{ dig "jwt" "filer_signing" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" + {{- end }} + + {{- if .Values.global.securityConfig.jwtSigning.filerRead }} + # If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT: + # - f.e. the S3 API Shim generates the JWT + # - the Filer server validates the JWT on writing + # the jwt defaults to expire after 10 seconds. + [jwt.filer_signing.read] + key = "{{ dig "jwt" "filer_signing" "read" "key" (randAlphaNum 10 | b64enc) $securityConfig }}" + {{- end }} + + # all grpc tls authentications are mutual + # the values for the following ca, cert, and key are paths to the PERM files. + [grpc] + ca = "/usr/local/share/ca-certificates/ca/tls.crt" + + [grpc.volume] + cert = "/usr/local/share/ca-certificates/volume/tls.crt" + key = "/usr/local/share/ca-certificates/volume/tls.key" + + [grpc.master] + cert = "/usr/local/share/ca-certificates/master/tls.crt" + key = "/usr/local/share/ca-certificates/master/tls.key" + + [grpc.filer] + cert = "/usr/local/share/ca-certificates/filer/tls.crt" + key = "/usr/local/share/ca-certificates/filer/tls.key" + + # use this for any place needs a grpc client + # i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload" + [grpc.client] + cert = "/usr/local/share/ca-certificates/client/tls.crt" + key = "/usr/local/share/ca-certificates/client/tls.key" + + # volume server https options + # Note: work in progress! + # this does not work with other clients, e.g., "weed filer|mount" etc, yet. + [https.client] + enabled = false + [https.volume] + cert = "" + key = "" +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/shared/service-account.yaml b/k8s/charts/seaweedfs/templates/shared/service-account.yaml new file mode 100644 index 000000000..429158a27 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/shared/service-account.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.global.serviceAccountName }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" . }} + helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} +automountServiceAccountToken: {{ .Values.global.automountServiceAccountToken }} \ No newline at end of file diff --git a/k8s/charts/seaweedfs/templates/volume-cert.yaml b/k8s/charts/seaweedfs/templates/volume-cert.yaml deleted file mode 100644 index bd59a676d..000000000 --- a/k8s/charts/seaweedfs/templates/volume-cert.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if and .Values.global.enableSecurity (not .Values.certificates.externalCertificates.enabled)}} -apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }} -kind: Certificate -metadata: - name: {{ template "seaweedfs.name" . }}-volume-cert - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" . }} - helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ .Release.Service }} - app.kubernetes.io/instance: {{ .Release.Name }} - app.kubernetes.io/component: volume -{{- if .Values.volume.annotations }} - annotations: - {{- toYaml .Values.volume.annotations | nindent 4 }} -{{- end }} -spec: - secretName: {{ template "seaweedfs.name" . }}-volume-cert - issuerRef: - name: {{ template "seaweedfs.name" . }}-ca-issuer - kind: Issuer - commonName: {{ .Values.certificates.commonName }} - subject: - organizations: - - "SeaweedFS CA" - dnsNames: - - '*.{{ .Release.Namespace }}' - - '*.{{ .Release.Namespace }}.svc' - - '*.{{ .Release.Namespace }}.svc.cluster.local' - - '*.{{ template "seaweedfs.name" . }}-master' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' - - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' -{{- if .Values.certificates.ipAddresses }} - ipAddresses: - {{- range .Values.certificates.ipAddresses }} - - {{ . }} - {{- end }} -{{- end }} - privateKey: - algorithm: {{ .Values.certificates.keyAlgorithm }} - size: {{ .Values.certificates.keySize }} - duration: {{ .Values.certificates.duration }} - renewBefore: {{ .Values.certificates.renewBefore }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume-resize-hook.yaml b/k8s/charts/seaweedfs/templates/volume-resize-hook.yaml deleted file mode 100644 index 78e8a3fc9..000000000 --- a/k8s/charts/seaweedfs/templates/volume-resize-hook.yaml +++ /dev/null @@ -1,117 +0,0 @@ -{{- $seaweedfsName := include "seaweedfs.name" $ }} -{{- $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} - - -{{- if .Values.volume.resizeHook.enabled }} -{{- $commands := list }} -{{- range $vname, $volume := $volumes }} -{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} -{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} - -{{- if $volume.enabled }} -{{- $replicas := int $volume.replicas -}} -{{- $statefulsetName := printf "%s-%s" $seaweedfsName $volumeName -}} -{{- $statefulset := (lookup "apps/v1" "StatefulSet" $.Release.Namespace $statefulsetName) -}} - -{{/* Check for changes in volumeClaimTemplates */}} -{{- if $statefulset }} -{{- range $dir := $volume.dataDirs }} -{{- if eq .type "persistentVolumeClaim" }} -{{- $desiredSize := .size }} -{{- range $statefulset.spec.volumeClaimTemplates }} -{{- if and (eq .metadata.name $dir.name) (ne .spec.resources.requests.storage $desiredSize) }} -{{- $commands = append $commands (printf "kubectl delete statefulset %s --cascade=orphan" $statefulsetName) }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{/* Check for the need for patching existing PVCs */}} -{{- range $dir := $volume.dataDirs }} -{{- if eq .type "persistentVolumeClaim" }} -{{- $desiredSize := .size }} -{{- range $i, $e := until $replicas }} -{{- $pvcName := printf "%s-%s-%s-%d" $dir.name $seaweedfsName $volumeName $e }} -{{- $currentPVC := (lookup "v1" "PersistentVolumeClaim" $.Release.Namespace $pvcName) }} -{{- if and $currentPVC }} -{{- $oldSize := include "common.resource-quantity" $currentPVC.spec.resources.requests.storage }} -{{- $newSize := include "common.resource-quantity" $desiredSize }} -{{- if gt $newSize $oldSize }} -{{- $commands = append $commands (printf "kubectl patch pvc %s-%s-%s-%d -p '{\"spec\":{\"resources\":{\"requests\":{\"storage\":\"%s\"}}}}'" $dir.name $seaweedfsName $volumeName $e $desiredSize) }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} - -{{- end }} -{{- end }} - -{{- if $commands }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ $seaweedfsName }}-volume-resize-hook" - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-weight: "0" - helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation -spec: - template: - spec: - serviceAccountName: {{ $seaweedfsName }}-volume-resize-hook - restartPolicy: Never - backoffLimit: 1 - containers: - - name: resize - image: {{ .Values.volume.resizeHook.image }} - command: ["sh", "-xec"] - args: - - | - {{- range $commands }} - {{ . }} - {{- end }} ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ $seaweedfsName }}-volume-resize-hook - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ $seaweedfsName }}-volume-resize-hook - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation -rules: - - apiGroups: ["apps"] - resources: ["statefulsets"] - verbs: ["delete", "get", "list", "watch"] - - apiGroups: [""] - resources: ["persistentvolumeclaims"] - verbs: ["patch", "get", "list", "watch"] ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ $seaweedfsName }}-volume-resize-hook - annotations: - helm.sh/hook: pre-install,pre-upgrade - helm.sh/hook-weight: "-5" - helm.sh/hook-delete-policy: before-hook-creation -subjects: - - kind: ServiceAccount - name: {{ $seaweedfsName }}-volume-resize-hook -roleRef: - kind: Role - name: {{ $seaweedfsName }}-volume-resize-hook - apiGroup: rbac.authorization.k8s.io -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume-service.yaml b/k8s/charts/seaweedfs/templates/volume-service.yaml deleted file mode 100644 index dfafc8163..000000000 --- a/k8s/charts/seaweedfs/templates/volume-service.yaml +++ /dev/null @@ -1,44 +0,0 @@ -{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} -{{- range $vname, $volume := $volumes }} -{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} -{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} - -{{- if $volume.enabled }} ---- -apiVersion: v1 -kind: Service -metadata: - name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} - namespace: {{ $.Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - app.kubernetes.io/component: {{ $volumeName }} - helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} -{{- if $volume.annotations }} - annotations: - {{- toYaml $volume.annotations | nindent 4 }} -{{- end }} -spec: - clusterIP: None - internalTrafficPolicy: {{ $volume.internalTrafficPolicy | default "Cluster" }} - ports: - - name: "swfs-volume" - port: {{ $volume.port }} - targetPort: {{ $volume.port }} - protocol: TCP - - name: "swfs-volume-18080" - port: {{ $volume.grpcPort }} - targetPort: {{ $volume.grpcPort }} - protocol: TCP -{{- if $volume.metricsPort }} - - name: "metrics" - port: {{ $volume.metricsPort }} - targetPort: {{ $volume.metricsPort }} - protocol: TCP -{{- end }} - selector: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - app.kubernetes.io/component: {{ $volumeName }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/volume-servicemonitor.yaml deleted file mode 100644 index dd8a9f9d7..000000000 --- a/k8s/charts/seaweedfs/templates/volume-servicemonitor.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} -{{- range $vname, $volume := $volumes }} -{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} -{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} - -{{- if $volume.enabled }} -{{- if $volume.metricsPort }} -{{- if $.Values.global.monitoring.enabled }} ---- -apiVersion: monitoring.coreos.com/v1 -kind: ServiceMonitor -metadata: - name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} - namespace: {{ $.Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/instance: {{ $.Release.Name }} - app.kubernetes.io/component: {{ $volumeName }} - {{- with $.Values.global.monitoring.additionalLabels }} - {{- toYaml . | nindent 4 }} - {{- end }} -{{- if .Values.volume.annotations }} - annotations: - {{- toYaml .Values.volume.annotations | nindent 4 }} -{{- end }} -spec: - endpoints: - - interval: 30s - port: metrics - scrapeTimeout: 5s - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - app.kubernetes.io/component: {{ $volumeName }} -{{- end }} -{{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume-statefulset.yaml b/k8s/charts/seaweedfs/templates/volume-statefulset.yaml deleted file mode 100644 index 197401608..000000000 --- a/k8s/charts/seaweedfs/templates/volume-statefulset.yaml +++ /dev/null @@ -1,417 +0,0 @@ -{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} -{{- range $vname, $volume := $volumes }} -{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} -{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} - -{{- if $volume.enabled }} ---- -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} - namespace: {{ $.Release.Namespace }} - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} - app.kubernetes.io/managed-by: {{ $.Release.Service }} - app.kubernetes.io/instance: {{ $.Release.Name }} - app.kubernetes.io/component: {{ $volumeName }} -{{- if $volume.annotations }} - annotations: - {{- toYaml $volume.annotations | nindent 4 }} -{{- end }} -spec: - serviceName: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} - replicas: {{ $volume.replicas }} - podManagementPolicy: {{ $volume.podManagementPolicy }} - selector: - matchLabels: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - app.kubernetes.io/instance: {{ $.Release.Name }} - app.kubernetes.io/component: {{ $volumeName }} - template: - metadata: - labels: - app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} - helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} - app.kubernetes.io/instance: {{ $.Release.Name }} - app.kubernetes.io/component: {{ $volumeName }} - {{ with $.Values.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $volume.podLabels }} - {{- toYaml . | nindent 8 }} - {{- end }} - annotations: - {{ with $.Values.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with $volume.podAnnotations }} - {{- toYaml . | nindent 8 }} - {{- end }} - spec: - {{- if $volume.affinity }} - affinity: - {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.affinity) $ | indent 8 | trim }} - {{- end }} - {{- if $volume.topologySpreadConstraints }} - topologySpreadConstraints: - {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.topologySpreadConstraints) $ | nindent 8 | trim }} - {{- end }} - restartPolicy: {{ default $.Values.global.restartPolicy $volume.restartPolicy }} - {{- if $volume.tolerations }} - tolerations: - {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.tolerations) $ | indent 8 | trim }} - {{- end }} - {{- include "seaweedfs.imagePullSecrets" $ | nindent 6 }} - terminationGracePeriodSeconds: 150 - {{- if $volume.priorityClassName }} - priorityClassName: {{ $volume.priorityClassName | quote }} - {{- end }} - enableServiceLinks: false - {{- if $.Values.global.createClusterRole }} - serviceAccountName: {{ $volume.serviceAccountName | default $.Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration - {{- end }} - {{- $initContainers_exists := include "volume.initContainers_exists" $ -}} - {{- if $initContainers_exists }} - initContainers: - {{- if $volume.idx }} - - name: seaweedfs-vol-move-idx - image: {{ template "volume.image" $ }} - imagePullPolicy: {{ $.Values.global.imagePullPolicy | default "IfNotPresent" }} - command: [ '/bin/sh', '-c' ] - args: [ '{{range $dir := $volume.dataDirs }}if ls /{{$dir.name}}/*.idx >/dev/null 2>&1; then mv /{{$dir.name}}/*.idx /idx/ ; fi; {{end}}' ] - volumeMounts: - - name: idx - mountPath: /idx - {{- range $dir := $volume.dataDirs }} - - name: {{ $dir.name }} - mountPath: /{{ $dir.name }} - {{- end }} - {{- end }} - {{- if $volume.initContainers }} - {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.initContainers) $ | indent 8 | trim }} - {{- end }} - {{- end }} - {{- if $volume.podSecurityContext.enabled }} - securityContext: {{- omit $volume.podSecurityContext "enabled" | toYaml | nindent 8 }} - {{- end }} - containers: - - name: seaweedfs - image: {{ template "volume.image" $ }} - imagePullPolicy: {{ default "IfNotPresent" $.Values.global.imagePullPolicy }} - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: HOST_IP - valueFrom: - fieldRef: - fieldPath: status.hostIP - - name: SEAWEEDFS_FULLNAME - value: "{{ template "seaweedfs.name" $ }}" - {{- if $volume.extraEnvironmentVars }} - {{- range $key, $value := $volume.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - {{- if $.Values.global.extraEnvironmentVars }} - {{- range $key, $value := $.Values.global.extraEnvironmentVars }} - - name: {{ $key }} - {{- if kindIs "string" $value }} - value: {{ $value | quote }} - {{- else }} - valueFrom: - {{ toYaml $value | nindent 16 | trim }} - {{- end -}} - {{- end }} - {{- end }} - command: - - "/bin/sh" - - "-ec" - - | - exec /usr/bin/weed \ - {{- if $volume.logs }} - -logdir=/logs \ - {{- else }} - -logtostderr=true \ - {{- end }} - {{- if $volume.loggingOverrideLevel }} - -v={{ $volume.loggingOverrideLevel }} \ - {{- else }} - -v={{ $.Values.global.loggingLevel }} \ - {{- end }} - volume \ - -port={{ $volume.port }} \ - {{- if $volume.metricsPort }} - -metricsPort={{ $volume.metricsPort }} \ - {{- end }} - {{- if $volume.metricsIp }} - -metricsIp={{ $volume.metricsIp }} \ - {{- end }} - -dir {{range $index, $dir := $volume.dataDirs }}{{if ne $index 0}},{{end}}/{{$dir.name}}{{end}} \ - {{- if $volume.idx }} - -dir.idx=/idx \ - {{- end }} - -max {{range $index, $dir := $volume.dataDirs }}{{if ne $index 0}},{{end}} - {{- if eq ($dir.maxVolumes | toString) "0" }}0{{ else if not $dir.maxVolumes }}7{{ else }}{{$dir.maxVolumes}}{{ end }} - {{- end }} \ - {{- if $volume.rack }} - -rack={{ $volume.rack }} \ - {{- end }} - {{- if $volume.dataCenter }} - -dataCenter={{ $volume.dataCenter }} \ - {{- end }} - -ip.bind={{ $volume.ipBind }} \ - -readMode={{ $volume.readMode }} \ - {{- if $volume.whiteList }} - -whiteList={{ $volume.whiteList }} \ - {{- end }} - {{- if $volume.imagesFixOrientation }} - -images.fix.orientation \ - {{- end }} - {{- if $volume.pulseSeconds }} - -pulseSeconds={{ $volume.pulseSeconds }} \ - {{- end }} - {{- if $volume.index }} - -index={{ $volume.index }} \ - {{- end }} - {{- if $volume.fileSizeLimitMB }} - -fileSizeLimitMB={{ $volume.fileSizeLimitMB }} \ - {{- end }} - -minFreeSpacePercent={{ $volume.minFreeSpacePercent }} \ - -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-{{ $volumeName }}.{{ $.Release.Namespace }} \ - -compactionMBps={{ $volume.compactionMBps }} \ - -mserver={{ if $.Values.global.masterServer }}{{ $.Values.global.masterServer}}{{ else }}{{ range $index := until ($.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} - {{- range $volume.extraArgs }} - {{ . }} \ - {{- end }} - volumeMounts: - {{- range $dir := $volume.dataDirs }} - {{- if not ( eq $dir.type "custom" ) }} - - name: {{ $dir.name }} - mountPath: "/{{ $dir.name }}/" - {{- end }} - {{- end }} - {{- if $volume.logs }} - - name: logs - mountPath: "/logs/" - {{- end }} - {{- if $volume.idx }} - - name: idx - mountPath: "/idx/" - {{- end }} - {{- if $.Values.global.enableSecurity }} - - name: security-config - readOnly: true - mountPath: /etc/seaweedfs/security.toml - subPath: security.toml - - name: ca-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/ca/ - - name: master-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/master/ - - name: volume-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/volume/ - - name: filer-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/filer/ - - name: client-cert - readOnly: true - mountPath: /usr/local/share/ca-certificates/client/ - {{- end }} - {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.extraVolumeMounts) $ | indent 12 | trim }} - ports: - - containerPort: {{ $volume.port }} - name: swfs-vol - {{- if $volume.metricsPort }} - - containerPort: {{ $volume.metricsPort }} - name: metrics - {{- end }} - - containerPort: {{ $volume.grpcPort }} - name: swfs-vol-grpc - {{- if $volume.readinessProbe.enabled }} - readinessProbe: - httpGet: - path: {{ $volume.readinessProbe.httpGet.path }} - port: {{ $volume.port }} - scheme: {{ $volume.readinessProbe.scheme }} - initialDelaySeconds: {{ $volume.readinessProbe.initialDelaySeconds }} - periodSeconds: {{ $volume.readinessProbe.periodSeconds }} - successThreshold: {{ $volume.readinessProbe.successThreshold }} - failureThreshold: {{ $volume.readinessProbe.failureThreshold }} - timeoutSeconds: {{ $volume.readinessProbe.timeoutSeconds }} - {{- end }} - {{- if $volume.livenessProbe.enabled }} - livenessProbe: - httpGet: - path: {{ $volume.livenessProbe.httpGet.path }} - port: {{ $volume.port }} - scheme: {{ $volume.livenessProbe.scheme }} - initialDelaySeconds: {{ $volume.livenessProbe.initialDelaySeconds }} - periodSeconds: {{ $volume.livenessProbe.periodSeconds }} - successThreshold: {{ $volume.livenessProbe.successThreshold }} - failureThreshold: {{ $volume.livenessProbe.failureThreshold }} - timeoutSeconds: {{ $volume.livenessProbe.timeoutSeconds }} - {{- end }} - {{- with $volume.resources }} - resources: - {{- toYaml . | nindent 12 }} - {{- end }} - {{- if $volume.containerSecurityContext.enabled }} - securityContext: {{- omit $volume.containerSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - {{- if $volume.sidecars }} - {{- include "common.tplvalues.render" (dict "value" (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.sidecars) "context" $) | nindent 8 }} - {{- end }} - volumes: - - {{- range $dir := $volume.dataDirs }} - - {{- if eq $dir.type "hostPath" }} - - name: {{ $dir.name }} - hostPath: - path: {{ $dir.hostPathPrefix }}/object_store/ - type: DirectoryOrCreate - {{- end }} - {{- if eq $dir.type "existingClaim" }} - - name: {{ $dir.name }} - persistentVolumeClaim: - claimName: {{ $dir.claimName }} - {{- end }} - {{- if eq $dir.type "emptyDir" }} - - name: {{ $dir.name }} - emptyDir: {} - {{- end }} - - {{- end }} - - {{- if $volume.idx }} - {{- if eq $volume.idx.type "hostPath" }} - - name: idx - hostPath: - path: {{ $volume.idx.hostPathPrefix }}/seaweedfs-volume-idx/ - type: DirectoryOrCreate - {{- end }} - {{- if eq $volume.idx.type "existingClaim" }} - - name: idx - persistentVolumeClaim: - claimName: {{ $volume.idx.claimName }} - {{- end }} - {{- if eq $volume.idx.type "emptyDir" }} - - name: idx - emptyDir: {} - {{- end }} - {{- end }} - - {{- if $volume.logs }} - {{- if eq $volume.logs.type "hostPath" }} - - name: logs - hostPath: - path: {{ $volume.logs.hostPathPrefix }}/logs/seaweedfs/volume - type: DirectoryOrCreate - {{- end }} - {{- if eq $volume.logs.type "existingClaim" }} - - name: logs - persistentVolumeClaim: - claimName: {{ $volume.logs.claimName }} - {{- end }} - {{- if eq $volume.logs.type "emptyDir" }} - - name: logs - emptyDir: {} - {{- end }} - {{- end }} - {{- if $.Values.global.enableSecurity }} - - name: security-config - configMap: - name: {{ template "seaweedfs.name" $ }}-security-config - - name: ca-cert - secret: - secretName: {{ template "seaweedfs.name" $ }}-ca-cert - - name: master-cert - secret: - secretName: {{ template "seaweedfs.name" $ }}-master-cert - - name: volume-cert - secret: - secretName: {{ template "seaweedfs.name" $ }}-volume-cert - - name: filer-cert - secret: - secretName: {{ template "seaweedfs.name" $ }}-filer-cert - - name: client-cert - secret: - secretName: {{ template "seaweedfs.name" $ }}-client-cert - {{- end }} - {{- if $volume.extraVolumes }} - {{ tpl $volume.extraVolumes $ | indent 8 | trim }} - {{- end }} - {{- if $volume.nodeSelector }} - nodeSelector: - {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.nodeSelector) $ | indent 8 | trim }} - {{- end }} - volumeClaimTemplates: - {{- range $dir := $volume.dataDirs }} - {{- if eq $dir.type "persistentVolumeClaim" }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: {{ $dir.name }} - {{- with $dir.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ $dir.storageClass }} - resources: - requests: - storage: {{ $dir.size }} - {{- end }} - {{- end }} - - {{- if and $volume.idx (eq $volume.idx.type "persistentVolumeClaim") }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: idx - {{- with $volume.idx.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ $volume.idx.storageClass }} - resources: - requests: - storage: {{ $volume.idx.size }} - {{- end }} - {{- if and $volume.logs (eq $volume.logs.type "persistentVolumeClaim") }} - - apiVersion: v1 - kind: PersistentVolumeClaim - metadata: - name: logs - {{- with $volume.logs.annotations }} - annotations: - {{- toYaml . | nindent 10 }} - {{- end }} - spec: - accessModes: [ "ReadWriteOnce" ] - storageClassName: {{ $volume.logs.storageClass }} - resources: - requests: - storage: {{ $volume.logs.size }} - {{- end }} -{{- end }} -{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume/volume-resize-hook.yaml b/k8s/charts/seaweedfs/templates/volume/volume-resize-hook.yaml new file mode 100644 index 000000000..78e8a3fc9 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/volume/volume-resize-hook.yaml @@ -0,0 +1,117 @@ +{{- $seaweedfsName := include "seaweedfs.name" $ }} +{{- $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} + + +{{- if .Values.volume.resizeHook.enabled }} +{{- $commands := list }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +{{- $replicas := int $volume.replicas -}} +{{- $statefulsetName := printf "%s-%s" $seaweedfsName $volumeName -}} +{{- $statefulset := (lookup "apps/v1" "StatefulSet" $.Release.Namespace $statefulsetName) -}} + +{{/* Check for changes in volumeClaimTemplates */}} +{{- if $statefulset }} +{{- range $dir := $volume.dataDirs }} +{{- if eq .type "persistentVolumeClaim" }} +{{- $desiredSize := .size }} +{{- range $statefulset.spec.volumeClaimTemplates }} +{{- if and (eq .metadata.name $dir.name) (ne .spec.resources.requests.storage $desiredSize) }} +{{- $commands = append $commands (printf "kubectl delete statefulset %s --cascade=orphan" $statefulsetName) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{/* Check for the need for patching existing PVCs */}} +{{- range $dir := $volume.dataDirs }} +{{- if eq .type "persistentVolumeClaim" }} +{{- $desiredSize := .size }} +{{- range $i, $e := until $replicas }} +{{- $pvcName := printf "%s-%s-%s-%d" $dir.name $seaweedfsName $volumeName $e }} +{{- $currentPVC := (lookup "v1" "PersistentVolumeClaim" $.Release.Namespace $pvcName) }} +{{- if and $currentPVC }} +{{- $oldSize := include "common.resource-quantity" $currentPVC.spec.resources.requests.storage }} +{{- $newSize := include "common.resource-quantity" $desiredSize }} +{{- if gt $newSize $oldSize }} +{{- $commands = append $commands (printf "kubectl patch pvc %s-%s-%s-%d -p '{\"spec\":{\"resources\":{\"requests\":{\"storage\":\"%s\"}}}}'" $dir.name $seaweedfsName $volumeName $e $desiredSize) }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{- end }} +{{- end }} + +{{- if $commands }} +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $seaweedfsName }}-volume-resize-hook" + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "0" + helm.sh/hook-delete-policy: hook-succeeded,before-hook-creation +spec: + template: + spec: + serviceAccountName: {{ $seaweedfsName }}-volume-resize-hook + restartPolicy: Never + backoffLimit: 1 + containers: + - name: resize + image: {{ .Values.volume.resizeHook.image }} + command: ["sh", "-xec"] + args: + - | + {{- range $commands }} + {{ . }} + {{- end }} +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ $seaweedfsName }}-volume-resize-hook + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ $seaweedfsName }}-volume-resize-hook + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation +rules: + - apiGroups: ["apps"] + resources: ["statefulsets"] + verbs: ["delete", "get", "list", "watch"] + - apiGroups: [""] + resources: ["persistentvolumeclaims"] + verbs: ["patch", "get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ $seaweedfsName }}-volume-resize-hook + annotations: + helm.sh/hook: pre-install,pre-upgrade + helm.sh/hook-weight: "-5" + helm.sh/hook-delete-policy: before-hook-creation +subjects: + - kind: ServiceAccount + name: {{ $seaweedfsName }}-volume-resize-hook +roleRef: + kind: Role + name: {{ $seaweedfsName }}-volume-resize-hook + apiGroup: rbac.authorization.k8s.io +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume/volume-service.yaml b/k8s/charts/seaweedfs/templates/volume/volume-service.yaml new file mode 100644 index 000000000..dfafc8163 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/volume/volume-service.yaml @@ -0,0 +1,44 @@ +{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + namespace: {{ $.Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/component: {{ $volumeName }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} +{{- if $volume.annotations }} + annotations: + {{- toYaml $volume.annotations | nindent 4 }} +{{- end }} +spec: + clusterIP: None + internalTrafficPolicy: {{ $volume.internalTrafficPolicy | default "Cluster" }} + ports: + - name: "swfs-volume" + port: {{ $volume.port }} + targetPort: {{ $volume.port }} + protocol: TCP + - name: "swfs-volume-18080" + port: {{ $volume.grpcPort }} + targetPort: {{ $volume.grpcPort }} + protocol: TCP +{{- if $volume.metricsPort }} + - name: "metrics" + port: {{ $volume.metricsPort }} + targetPort: {{ $volume.metricsPort }} + protocol: TCP +{{- end }} + selector: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/component: {{ $volumeName }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume/volume-servicemonitor.yaml b/k8s/charts/seaweedfs/templates/volume/volume-servicemonitor.yaml new file mode 100644 index 000000000..dd8a9f9d7 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/volume/volume-servicemonitor.yaml @@ -0,0 +1,40 @@ +{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +{{- if $volume.metricsPort }} +{{- if $.Values.global.monitoring.enabled }} +--- +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + namespace: {{ $.Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} + {{- with $.Values.global.monitoring.additionalLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} +{{- if .Values.volume.annotations }} + annotations: + {{- toYaml .Values.volume.annotations | nindent 4 }} +{{- end }} +spec: + endpoints: + - interval: 30s + port: metrics + scrapeTimeout: 5s + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/component: {{ $volumeName }} +{{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/charts/seaweedfs/templates/volume/volume-statefulset.yaml b/k8s/charts/seaweedfs/templates/volume/volume-statefulset.yaml new file mode 100644 index 000000000..197401608 --- /dev/null +++ b/k8s/charts/seaweedfs/templates/volume/volume-statefulset.yaml @@ -0,0 +1,417 @@ +{{ $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume) }} +{{- range $vname, $volume := $volumes }} +{{- $volumeName := trimSuffix "-" (printf "volume-%s" $vname) }} +{{- $volume := mergeOverwrite (deepCopy $.Values.volume) (dict "enabled" true) $volume }} + +{{- if $volume.enabled }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + namespace: {{ $.Release.Namespace }} + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/managed-by: {{ $.Release.Service }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} +{{- if $volume.annotations }} + annotations: + {{- toYaml $volume.annotations | nindent 4 }} +{{- end }} +spec: + serviceName: {{ template "seaweedfs.name" $ }}-{{ $volumeName }} + replicas: {{ $volume.replicas }} + podManagementPolicy: {{ $volume.podManagementPolicy }} + selector: + matchLabels: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "seaweedfs.name" $ }} + helm.sh/chart: {{ $.Chart.Name }}-{{ $.Chart.Version | replace "+" "_" }} + app.kubernetes.io/instance: {{ $.Release.Name }} + app.kubernetes.io/component: {{ $volumeName }} + {{ with $.Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $volume.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{ with $.Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with $volume.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- if $volume.affinity }} + affinity: + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.affinity) $ | indent 8 | trim }} + {{- end }} + {{- if $volume.topologySpreadConstraints }} + topologySpreadConstraints: + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.topologySpreadConstraints) $ | nindent 8 | trim }} + {{- end }} + restartPolicy: {{ default $.Values.global.restartPolicy $volume.restartPolicy }} + {{- if $volume.tolerations }} + tolerations: + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.tolerations) $ | indent 8 | trim }} + {{- end }} + {{- include "seaweedfs.imagePullSecrets" $ | nindent 6 }} + terminationGracePeriodSeconds: 150 + {{- if $volume.priorityClassName }} + priorityClassName: {{ $volume.priorityClassName | quote }} + {{- end }} + enableServiceLinks: false + {{- if $.Values.global.createClusterRole }} + serviceAccountName: {{ $volume.serviceAccountName | default $.Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration + {{- end }} + {{- $initContainers_exists := include "volume.initContainers_exists" $ -}} + {{- if $initContainers_exists }} + initContainers: + {{- if $volume.idx }} + - name: seaweedfs-vol-move-idx + image: {{ template "volume.image" $ }} + imagePullPolicy: {{ $.Values.global.imagePullPolicy | default "IfNotPresent" }} + command: [ '/bin/sh', '-c' ] + args: [ '{{range $dir := $volume.dataDirs }}if ls /{{$dir.name}}/*.idx >/dev/null 2>&1; then mv /{{$dir.name}}/*.idx /idx/ ; fi; {{end}}' ] + volumeMounts: + - name: idx + mountPath: /idx + {{- range $dir := $volume.dataDirs }} + - name: {{ $dir.name }} + mountPath: /{{ $dir.name }} + {{- end }} + {{- end }} + {{- if $volume.initContainers }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.initContainers) $ | indent 8 | trim }} + {{- end }} + {{- end }} + {{- if $volume.podSecurityContext.enabled }} + securityContext: {{- omit $volume.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + containers: + - name: seaweedfs + image: {{ template "volume.image" $ }} + imagePullPolicy: {{ default "IfNotPresent" $.Values.global.imagePullPolicy }} + env: + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: HOST_IP + valueFrom: + fieldRef: + fieldPath: status.hostIP + - name: SEAWEEDFS_FULLNAME + value: "{{ template "seaweedfs.name" $ }}" + {{- if $volume.extraEnvironmentVars }} + {{- range $key, $value := $volume.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + {{- if $.Values.global.extraEnvironmentVars }} + {{- range $key, $value := $.Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 | trim }} + {{- end -}} + {{- end }} + {{- end }} + command: + - "/bin/sh" + - "-ec" + - | + exec /usr/bin/weed \ + {{- if $volume.logs }} + -logdir=/logs \ + {{- else }} + -logtostderr=true \ + {{- end }} + {{- if $volume.loggingOverrideLevel }} + -v={{ $volume.loggingOverrideLevel }} \ + {{- else }} + -v={{ $.Values.global.loggingLevel }} \ + {{- end }} + volume \ + -port={{ $volume.port }} \ + {{- if $volume.metricsPort }} + -metricsPort={{ $volume.metricsPort }} \ + {{- end }} + {{- if $volume.metricsIp }} + -metricsIp={{ $volume.metricsIp }} \ + {{- end }} + -dir {{range $index, $dir := $volume.dataDirs }}{{if ne $index 0}},{{end}}/{{$dir.name}}{{end}} \ + {{- if $volume.idx }} + -dir.idx=/idx \ + {{- end }} + -max {{range $index, $dir := $volume.dataDirs }}{{if ne $index 0}},{{end}} + {{- if eq ($dir.maxVolumes | toString) "0" }}0{{ else if not $dir.maxVolumes }}7{{ else }}{{$dir.maxVolumes}}{{ end }} + {{- end }} \ + {{- if $volume.rack }} + -rack={{ $volume.rack }} \ + {{- end }} + {{- if $volume.dataCenter }} + -dataCenter={{ $volume.dataCenter }} \ + {{- end }} + -ip.bind={{ $volume.ipBind }} \ + -readMode={{ $volume.readMode }} \ + {{- if $volume.whiteList }} + -whiteList={{ $volume.whiteList }} \ + {{- end }} + {{- if $volume.imagesFixOrientation }} + -images.fix.orientation \ + {{- end }} + {{- if $volume.pulseSeconds }} + -pulseSeconds={{ $volume.pulseSeconds }} \ + {{- end }} + {{- if $volume.index }} + -index={{ $volume.index }} \ + {{- end }} + {{- if $volume.fileSizeLimitMB }} + -fileSizeLimitMB={{ $volume.fileSizeLimitMB }} \ + {{- end }} + -minFreeSpacePercent={{ $volume.minFreeSpacePercent }} \ + -ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-{{ $volumeName }}.{{ $.Release.Namespace }} \ + -compactionMBps={{ $volume.compactionMBps }} \ + -mserver={{ if $.Values.global.masterServer }}{{ $.Values.global.masterServer}}{{ else }}{{ range $index := until ($.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}{{ end }} + {{- range $volume.extraArgs }} + {{ . }} \ + {{- end }} + volumeMounts: + {{- range $dir := $volume.dataDirs }} + {{- if not ( eq $dir.type "custom" ) }} + - name: {{ $dir.name }} + mountPath: "/{{ $dir.name }}/" + {{- end }} + {{- end }} + {{- if $volume.logs }} + - name: logs + mountPath: "/logs/" + {{- end }} + {{- if $volume.idx }} + - name: idx + mountPath: "/idx/" + {{- end }} + {{- if $.Values.global.enableSecurity }} + - name: security-config + readOnly: true + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + - name: ca-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/ca/ + - name: master-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/master/ + - name: volume-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/volume/ + - name: filer-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/filer/ + - name: client-cert + readOnly: true + mountPath: /usr/local/share/ca-certificates/client/ + {{- end }} + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.extraVolumeMounts) $ | indent 12 | trim }} + ports: + - containerPort: {{ $volume.port }} + name: swfs-vol + {{- if $volume.metricsPort }} + - containerPort: {{ $volume.metricsPort }} + name: metrics + {{- end }} + - containerPort: {{ $volume.grpcPort }} + name: swfs-vol-grpc + {{- if $volume.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ $volume.readinessProbe.httpGet.path }} + port: {{ $volume.port }} + scheme: {{ $volume.readinessProbe.scheme }} + initialDelaySeconds: {{ $volume.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ $volume.readinessProbe.periodSeconds }} + successThreshold: {{ $volume.readinessProbe.successThreshold }} + failureThreshold: {{ $volume.readinessProbe.failureThreshold }} + timeoutSeconds: {{ $volume.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if $volume.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ $volume.livenessProbe.httpGet.path }} + port: {{ $volume.port }} + scheme: {{ $volume.livenessProbe.scheme }} + initialDelaySeconds: {{ $volume.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ $volume.livenessProbe.periodSeconds }} + successThreshold: {{ $volume.livenessProbe.successThreshold }} + failureThreshold: {{ $volume.livenessProbe.failureThreshold }} + timeoutSeconds: {{ $volume.livenessProbe.timeoutSeconds }} + {{- end }} + {{- with $volume.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if $volume.containerSecurityContext.enabled }} + securityContext: {{- omit $volume.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if $volume.sidecars }} + {{- include "common.tplvalues.render" (dict "value" (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.sidecars) "context" $) | nindent 8 }} + {{- end }} + volumes: + + {{- range $dir := $volume.dataDirs }} + + {{- if eq $dir.type "hostPath" }} + - name: {{ $dir.name }} + hostPath: + path: {{ $dir.hostPathPrefix }}/object_store/ + type: DirectoryOrCreate + {{- end }} + {{- if eq $dir.type "existingClaim" }} + - name: {{ $dir.name }} + persistentVolumeClaim: + claimName: {{ $dir.claimName }} + {{- end }} + {{- if eq $dir.type "emptyDir" }} + - name: {{ $dir.name }} + emptyDir: {} + {{- end }} + + {{- end }} + + {{- if $volume.idx }} + {{- if eq $volume.idx.type "hostPath" }} + - name: idx + hostPath: + path: {{ $volume.idx.hostPathPrefix }}/seaweedfs-volume-idx/ + type: DirectoryOrCreate + {{- end }} + {{- if eq $volume.idx.type "existingClaim" }} + - name: idx + persistentVolumeClaim: + claimName: {{ $volume.idx.claimName }} + {{- end }} + {{- if eq $volume.idx.type "emptyDir" }} + - name: idx + emptyDir: {} + {{- end }} + {{- end }} + + {{- if $volume.logs }} + {{- if eq $volume.logs.type "hostPath" }} + - name: logs + hostPath: + path: {{ $volume.logs.hostPathPrefix }}/logs/seaweedfs/volume + type: DirectoryOrCreate + {{- end }} + {{- if eq $volume.logs.type "existingClaim" }} + - name: logs + persistentVolumeClaim: + claimName: {{ $volume.logs.claimName }} + {{- end }} + {{- if eq $volume.logs.type "emptyDir" }} + - name: logs + emptyDir: {} + {{- end }} + {{- end }} + {{- if $.Values.global.enableSecurity }} + - name: security-config + configMap: + name: {{ template "seaweedfs.name" $ }}-security-config + - name: ca-cert + secret: + secretName: {{ template "seaweedfs.name" $ }}-ca-cert + - name: master-cert + secret: + secretName: {{ template "seaweedfs.name" $ }}-master-cert + - name: volume-cert + secret: + secretName: {{ template "seaweedfs.name" $ }}-volume-cert + - name: filer-cert + secret: + secretName: {{ template "seaweedfs.name" $ }}-filer-cert + - name: client-cert + secret: + secretName: {{ template "seaweedfs.name" $ }}-client-cert + {{- end }} + {{- if $volume.extraVolumes }} + {{ tpl $volume.extraVolumes $ | indent 8 | trim }} + {{- end }} + {{- if $volume.nodeSelector }} + nodeSelector: + {{ tpl (printf "{{ $volumeName := \"%s\" }}%s" $volumeName $volume.nodeSelector) $ | indent 8 | trim }} + {{- end }} + volumeClaimTemplates: + {{- range $dir := $volume.dataDirs }} + {{- if eq $dir.type "persistentVolumeClaim" }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: {{ $dir.name }} + {{- with $dir.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ $dir.storageClass }} + resources: + requests: + storage: {{ $dir.size }} + {{- end }} + {{- end }} + + {{- if and $volume.idx (eq $volume.idx.type "persistentVolumeClaim") }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: idx + {{- with $volume.idx.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ $volume.idx.storageClass }} + resources: + requests: + storage: {{ $volume.idx.size }} + {{- end }} + {{- if and $volume.logs (eq $volume.logs.type "persistentVolumeClaim") }} + - apiVersion: v1 + kind: PersistentVolumeClaim + metadata: + name: logs + {{- with $volume.logs.annotations }} + annotations: + {{- toYaml . | nindent 10 }} + {{- end }} + spec: + accessModes: [ "ReadWriteOnce" ] + storageClassName: {{ $volume.logs.storageClass }} + resources: + requests: + storage: {{ $volume.logs.size }} + {{- end }} +{{- end }} +{{- end }} -- cgit v1.2.3