diff --git a/charts/druid/Chart.yaml b/charts/druid/Chart.yaml index 255cb50f..d8c13093 100644 --- a/charts/druid/Chart.yaml +++ b/charts/druid/Chart.yaml @@ -7,5 +7,5 @@ maintainers: - name: Gazza7205 sources: - https://github.com/CAAPIM/apim-charts -version: 1.0.17 +version: 1.0.18 appVersion: 31.0 diff --git a/charts/druid/templates/_helpers.tpl b/charts/druid/templates/_helpers.tpl index 9184d571..7f29cfc8 100644 --- a/charts/druid/templates/_helpers.tpl +++ b/charts/druid/templates/_helpers.tpl @@ -109,4 +109,21 @@ Portal Docops page {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} +{{- end -}} + + +{{/* +Return the Master Server peers +*/}} +{{- define "seaweedfs.master.servers" -}} +{{- $peers := list -}} +{{- $masterFullname := "seaweedfs-s3" -}} +{{- $masterHeadlessSvcName := printf "seaweedfs-s3" -}} +{{- $clusterDomain := .Values.seaweedfs.clusterDomain -}} +{{- $masterPort := int .Values.seaweedfs.master.port -}} +{{- $namespace := .Release.Namespace -}} +{{- range $i := until (int .Values.seaweedfs.replicaCount) }} + {{- $peers = append $peers (printf "%s-%d.%s.%s.svc.%s:%d" $masterFullname $i $masterHeadlessSvcName $namespace $clusterDomain $masterPort) -}} +{{- end -}} +{{- print (join "," $peers) -}} {{- end -}} \ No newline at end of file diff --git a/charts/druid/templates/coordinator/coordinator-config.yaml b/charts/druid/templates/coordinator/coordinator-config.yaml index 2342a9b0..1d5b239e 100644 --- a/charts/druid/templates/coordinator/coordinator-config.yaml +++ b/charts/druid/templates/coordinator/coordinator-config.yaml @@ -11,8 +11,14 @@ data: SERVICE_NAME: {{ .Values.coordinator.hostname }} ZOOKEEPER_HOST: {{ .Values.zookeeper.hostname }} ZOOKEEPER_PORT: {{ .Values.zookeeper.port | quote }} +{{- if .Values.global.deepStorage.seaweedfs }} + MINIO_URL: http://seaweedfs-s3:8333 + MINIO_HEALTH_URL: http://seaweedfs-s3:8333/status + MINIO_BUCKET: {{ .Values.global.deepStorage.analytics.bucketName }} +{{ else }} MINIO_URL: http://minio:9000 MINIO_BUCKET: {{ .Values.minio.bucketName }} +{{ end }} DATABASE_TYPE: {{ required "Please fill in databaseType in values.yaml" .Values.global.databaseType | quote }} {{ if .Values.global.setupDemoDatabase}} DATABASE_HOST: {{ .Release.Name }}-mysql-headless @@ -38,4 +44,8 @@ data: druid.coordinator.kill.period=P1D druid.coordinator.kill.durationToRetain=PT1H druid.coordinator.kill.maxSegments=25 - druid.storage.bucket={{ .Values.minio.bucketName }} \ No newline at end of file +{{- if (eq .Values.global.deepStorage.seaweedfs true) }} + druid.storage.bucket={{ .Values.global.deepStorage.analytics.bucketName }} +{{- else }} + druid.storage.bucket={{ .Values.minio.bucketName }} +{{- end }} \ No newline at end of file diff --git a/charts/druid/templates/coordinator/coordinator-statefulset.yaml b/charts/druid/templates/coordinator/coordinator-statefulset.yaml index e7d0e193..3a40e7a6 100644 --- a/charts/druid/templates/coordinator/coordinator-statefulset.yaml +++ b/charts/druid/templates/coordinator/coordinator-statefulset.yaml @@ -64,6 +64,18 @@ spec: securityContext: {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} {{- end }} env: + {{- if (eq .Values.global.deepStorage.seaweedfs true) }} + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_access_key_id + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_secret_access_key + {{- else }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: @@ -74,6 +86,7 @@ spec: secretKeyRef: name: {{ .Values.minio.auth.secretName }} key: MINIO_SECRET_KEY + {{- end }} - name: DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/druid/templates/historical/historical-config.yaml b/charts/druid/templates/historical/historical-config.yaml index b36e0478..9f722d1c 100644 --- a/charts/druid/templates/historical/historical-config.yaml +++ b/charts/druid/templates/historical/historical-config.yaml @@ -11,8 +11,14 @@ data: SERVICE_NAME: historical ZOOKEEPER_HOST: {{ .Values.zookeeper.hostname }} ZOOKEEPER_PORT: {{ .Values.zookeeper.port | quote }} +{{- if .Values.global.deepStorage.seaweedfs }} + MINIO_URL: http://seaweedfs-s3:8333 + MINIO_HEALTH_URL: http://seaweedfs-s3:8333/status + MINIO_BUCKET: {{ .Values.global.deepStorage.analytics.bucketName }} +{{ else }} MINIO_URL: http://minio:9000 MINIO_BUCKET: {{ .Values.minio.bucketName }} +{{ end }} CONTAINER_LOG_LEVEL: {{ .Values.historical.loglevel }} runtime.properties: |- druid.service=druid/historical @@ -35,4 +41,8 @@ data: druid.cache.type=caffeine druid.cache.sizeInBytes=10000000 - druid.storage.bucket={{ .Values.minio.bucketName }} \ No newline at end of file +{{- if (eq .Values.global.deepStorage.seaweedfs true) }} + druid.storage.bucket={{ .Values.global.deepStorage.analytics.bucketName }} +{{- else }} + druid.storage.bucket={{ .Values.minio.bucketName }} +{{- end }} \ No newline at end of file diff --git a/charts/druid/templates/historical/historical-statefulset.yaml b/charts/druid/templates/historical/historical-statefulset.yaml index 6b5076ca..f7416dcf 100644 --- a/charts/druid/templates/historical/historical-statefulset.yaml +++ b/charts/druid/templates/historical/historical-statefulset.yaml @@ -67,6 +67,18 @@ spec: securityContext: {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} {{- end }} env: + {{- if (eq .Values.global.deepStorage.seaweedfs true) }} + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_access_key_id + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_secret_access_key + {{- else }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: @@ -77,6 +89,7 @@ spec: secretKeyRef: name: {{ .Values.minio.auth.secretName }} key: MINIO_SECRET_KEY + {{- end }} envFrom: - configMapRef: name: historical-config diff --git a/charts/druid/templates/ingestion/ingestion-config.yaml b/charts/druid/templates/ingestion/ingestion-config.yaml index 436c9397..583f8139 100644 --- a/charts/druid/templates/ingestion/ingestion-config.yaml +++ b/charts/druid/templates/ingestion/ingestion-config.yaml @@ -15,8 +15,14 @@ data: OVERLORD_PORT: {{ .Values.coordinator.port | quote }} COORDINATOR_HOST: {{ .Values.coordinator.hostname }} COORDINATOR_PORT: {{ .Values.coordinator.port | quote }} +{{- if .Values.global.deepStorage.seaweedfs }} + MINIO_URL: http://seaweedfs-s3:8333 + MINIO_HEALTH_URL: http://seaweedfs-s3:8333/status + MINIO_BUCKET: {{ .Values.global.deepStorage.analytics.bucketName }} +{{ else }} MINIO_URL: http://minio:9000 MINIO_BUCKET: {{ .Values.minio.bucketName }} +{{ end }} PARTITION_COUNT: "{{ .Values.ingestion.config.partitionCount }}" REPLICATION_COUNT: "{{ .Values.kafka.replicaCount }}" {{ if .Values.global.setupDemoDatabase}} diff --git a/charts/druid/templates/ingestion/ingestion-deployment.yaml b/charts/druid/templates/ingestion/ingestion-deployment.yaml index 3d3f5119..9f9c6ee9 100644 --- a/charts/druid/templates/ingestion/ingestion-deployment.yaml +++ b/charts/druid/templates/ingestion/ingestion-deployment.yaml @@ -65,6 +65,18 @@ spec: securityContext: {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} {{- end }} env: + {{- if (eq .Values.global.deepStorage.seaweedfs true) }} + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_access_key_id + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_secret_access_key + {{- else }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: @@ -75,6 +87,7 @@ spec: secretKeyRef: name: {{ .Values.minio.auth.secretName }} key: MINIO_SECRET_KEY + {{- end }} - name: DATABASE_PASSWORD valueFrom: secretKeyRef: diff --git a/charts/druid/templates/middlemanager/middlemanager-config.yaml b/charts/druid/templates/middlemanager/middlemanager-config.yaml index 9ed9ae5c..d690137e 100644 --- a/charts/druid/templates/middlemanager/middlemanager-config.yaml +++ b/charts/druid/templates/middlemanager/middlemanager-config.yaml @@ -11,8 +11,14 @@ data: SERVICE_NAME: middleManager ZOOKEEPER_HOST: {{ .Values.zookeeper.hostname }} ZOOKEEPER_PORT: {{ .Values.zookeeper.port | quote }} +{{- if .Values.global.deepStorage.seaweedfs }} + MINIO_URL: http://seaweedfs-s3:8333 + MINIO_HEALTH_URL: http://seaweedfs-s3:8333/status + MINIO_BUCKET: {{ .Values.minio.bucketName }} +{{ else }} MINIO_URL: http://minio:9000 MINIO_BUCKET: {{ .Values.minio.bucketName }} +{{ end }} CONTAINER_LOG_LEVEL: {{ .Values.middlemanager.loglevel }} runtime.properties: |- druid.indexer.runner.startPort={{ .Values.middlemanager.indexer.startPort }} @@ -37,4 +43,8 @@ data: # Hadoop indexing druid.indexer.task.hadoopWorkingPath=var/druid/hadoop-tmp +{{- if (eq .Values.global.deepStorage.seaweedfs true) }} + druid.storage.bucket={{ .Values.global.deepStorage.bucketName }} +{{- else }} druid.storage.bucket={{ .Values.minio.bucketName }} +{{- end }} diff --git a/charts/druid/templates/middlemanager/middlemanager-statefulset.yaml b/charts/druid/templates/middlemanager/middlemanager-statefulset.yaml index a3d395b4..5f56e03d 100644 --- a/charts/druid/templates/middlemanager/middlemanager-statefulset.yaml +++ b/charts/druid/templates/middlemanager/middlemanager-statefulset.yaml @@ -64,6 +64,18 @@ spec: securityContext: {{- toYaml .Values.global.containerSecurityContext | nindent 12 }} {{- end }} env: + {{- if (eq .Values.global.deepStorage.seaweedfs true) }} + - name: MINIO_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_access_key_id + - name: MINIO_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.global.deepStorage.auth.secretName }} + key: admin_secret_access_key + {{- else }} - name: MINIO_ACCESS_KEY valueFrom: secretKeyRef: @@ -74,6 +86,7 @@ spec: secretKeyRef: name: {{ .Values.minio.auth.secretName }} key: MINIO_SECRET_KEY + {{- end }} envFrom: - configMapRef: name: middlemanager-config diff --git a/charts/druid/templates/minio/minio-pdb.yaml b/charts/druid/templates/minio/minio-pdb.yaml index 365383b3..773dca07 100644 --- a/charts/druid/templates/minio/minio-pdb.yaml +++ b/charts/druid/templates/minio/minio-pdb.yaml @@ -15,4 +15,4 @@ spec: selector: matchLabels: app: minio -{{ end }} +{{- end }} diff --git a/charts/druid/templates/minio/minio-secret.yaml b/charts/druid/templates/minio/minio-secret.yaml index fa8db3a3..bee1c18c 100644 --- a/charts/druid/templates/minio/minio-secret.yaml +++ b/charts/druid/templates/minio/minio-secret.yaml @@ -31,4 +31,4 @@ data: {{- if .Values.minio.s3gateway.secretKey }} awsSecretAccessKey: {{ .Values.minio.s3gateway.secretKey | b64enc | quote }} {{- end }} -{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/portal/Chart.lock b/charts/portal/Chart.lock index fda35b82..b483d58d 100644 --- a/charts/portal/Chart.lock +++ b/charts/portal/Chart.lock @@ -1,7 +1,10 @@ dependencies: - name: druid repository: file://../druid - version: 1.0.17 + version: 1.0.18 +- name: seaweedfs + repository: file://../seaweedfs + version: 1.0.1 - name: mysql repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami version: 12.2.2 @@ -11,5 +14,5 @@ dependencies: - name: ingress-nginx repository: https://kubernetes.github.io/ingress-nginx/ version: 4.12.1 -digest: sha256:a232d427aafce12b14085dbf887219aaf83e563693d86fd6c0985e1d5c800810 -generated: "2025-06-17T23:17:16.7865154+05:30" +digest: sha256:0023f65c31a891b2c52d96cedcce53c12f711c0d3c157dbe3cc970731b83d077 +generated: "2025-08-31T23:36:41.2457391+05:30" diff --git a/charts/portal/Chart.yaml b/charts/portal/Chart.yaml index cec2f6bc..b5f9e2aa 100644 --- a/charts/portal/Chart.yaml +++ b/charts/portal/Chart.yaml @@ -14,6 +14,10 @@ dependencies: version: ^1.0.0 condition: portal.analytics.enabled repository: "file://../druid" +- name: seaweedfs + version: ^1.0.0 + condition: global.deepStorage.seaweedfs + repository: "file://../seaweedfs" - name: mysql version: 12.2.2 repository: "https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami" diff --git a/charts/portal/README.md b/charts/portal/README.md index 20219007..c2e64b73 100644 --- a/charts/portal/README.md +++ b/charts/portal/README.md @@ -8,6 +8,41 @@ This Chart deploys the Layer7 API Developer Portal on a Kubernetes Cluster using ## 2.3.20 General Updates - This new version of the chart supports API Portal 5.4 +- Added seaweedfs as s3 storage for analytics data + - This resolves a race condition that occurs on slower hardware where apim/ingress starts before other dependent services are ready. + - This is not ***enabled by default***. + - This only gets added when you install the Chart. + - If you wish to enable this and use seaweedfs as deep storage, set global.deepStorage.seaweedfs to true + ``` + global: + deepStorage: + seaweedfs: false + bucketName: api-metrics + ... + auth: + secretName: seaweedfs-s3-secret + ... + ``` + - If you are upgrading from previous version and want to copy analytics data from minio to seaweedfs, set seaweedfs.migrateData to true. + - A Helm install will ***NOT*** data migration. + - A Helm upgrade will run the data migration and bucket name can be customized. + - Make Sure that the value seaweedfs.minio.bucketName is same as the druid.minio.bucketName. + - The migrated data will be stored in the new bucket global.deepStorage.bucketName which the druid stack starts using is seaweedfs is enabled. + ``` + global: + deepStorage: + seaweedfs: false + enableDataMigration: true + bucketName: api-metrics + ... + auth: + secretName: seaweedfs-s3-secret + ... + seaweedfs: + ... + minio: + bucketName: api-metrics + ``` ## 2.3.18 General Updates - Switch bitnami/mysql to bitnamilegacy/mysql. diff --git a/charts/portal/charts/druid-1.0.17.tgz b/charts/portal/charts/druid-1.0.17.tgz deleted file mode 100644 index 004f703b..00000000 Binary files a/charts/portal/charts/druid-1.0.17.tgz and /dev/null differ diff --git a/charts/portal/charts/druid-1.0.18.tgz b/charts/portal/charts/druid-1.0.18.tgz new file mode 100644 index 00000000..d7f1c867 Binary files /dev/null and b/charts/portal/charts/druid-1.0.18.tgz differ diff --git a/charts/portal/charts/seaweedfs-1.0.1.tgz b/charts/portal/charts/seaweedfs-1.0.1.tgz new file mode 100644 index 00000000..eb44786c Binary files /dev/null and b/charts/portal/charts/seaweedfs-1.0.1.tgz differ diff --git a/charts/portal/values-production.yaml b/charts/portal/values-production.yaml index cf922b73..256a6f15 100644 --- a/charts/portal/values-production.yaml +++ b/charts/portal/values-production.yaml @@ -515,6 +515,218 @@ image: upgradeVerify: upgrade-verify:5.4 tlsManager: tls-automator:5.4 + +## +## Subchart Configuration +## +seaweedfs: + image: + seaweedfs: seaweedfs:5.4 + migrationUtility: seaweedfs:5.4 + persistence: + storage: + seaweedfs: 50Gi + migrateData: false + replicaCount: 1 + bucketName: api-metrics + minio: + bucketName: api-metrics + restartPolicy: Always + imagePullPolicy: Always + loggingLevel: 1 + imageOverride: null + clusterDomain: cluster.local + + forceRedeploy: true + + # Core configuration + idleTimeout: 30 # Connection idle seconds + dataCenter: "" # Current volume server's data center name + rack: "" # Current volume server's rack name + whiteList: "" # Comma separated IP addresses having write permission + disableHttp: false # Disable HTTP requests, only gRPC operations are allowed + metricsPort: 9324 # Prometheus metrics listen port + metricsIp: "" # Metrics listen IP. If empty, defaults to bindAddress + loggingOverrideLevel: null # Override logging level + + auth: + secretName: seaweedfs-s3-secret + # Leave access_key and secret_key empty to auto-generate values. + # access_key: HvT9ZJ3jUe + # secret_key: SjLmBVEHaUWe5RexNCuJAoyq0gC3PZZDLSaHfveu + # admin_access_key_id: HvT9ZJ3jUe + # admin_secret_access_key: SjLmBVEHaUWe5RexNCuJAoyq0gC3PZZDLSaHfveu + # read_access_key_id: XNFg4vjFR5 + # read_secret_access_key: BIFxdgbcgxBlYak1eICCOuPe8UvCtBq5JkNls88g + + # Service configuration + s3: + enabled: true # Whether to enable S3 gateway + port: 8333 + enableAuth: true + existingConfigSecret: seaweedfs-s3-secret + sftp: + enabled: false # Whether to enable SFTP server + + filer: + port: 8888 + grpcPort: 18888 + defaultReplicaPlacement: "000" + dirListLimit: 100000 + s3: + enableAuth: true + createBuckets: + - name: api-metrics + anonymousRead: false + - name: file-storage + anonymousRead: false + config: | + [leveldb2] + enabled = false + + volume: + port: 8080 + grpcPort: 18080 + compactionMBps: 50 + minFreeSpacePercent: 7 + dataDirs: + - name: data-0 + type: "persistentVolumeClaim" + size: "50Gi" + maxVolumes: 50 + + master: + port: 9333 + grpcPort: 19333 + config: "" + volumeSizeLimitMB: 1024 + + # Service settings + service: + annotations: {} # Annotations for the service + type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer) + + # Storage configuration + data: + type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir" + hostPathPrefix: /mnt/data # Path prefix for hostPath volumes + claimName: seaweedfs-data-pvc # Name of the PVC to use + size: "" # Size of the PVC + storageClass: "" # Storage class for the PVC + + # Health checks + readinessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + failureThreshold: 6 + timeoutSeconds: 40 + + livenessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + failureThreshold: 6 + timeoutSeconds: 40 + + # Enable if replica count > 1 + startupProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 15 + timeoutSeconds: 40 + + # Additional resources + extraEnvironmentVars: {} # Additional environment variables + extraVolumeMounts: "" # Additional volume mounts + extraVolumes: "" # Additional volumes + initContainers: "" # Init containers + sidecars: "" # Sidecar containers + annotations: {} # Annotations for the deployment + podAnnotations: {} # Annotations for the pods + podLabels: {} # Labels for the pods + + # Scheduling configuration + # Affinity Settings + # Commenting out or setting as empty the affinity variable, will allow + # deployment to single node services such as Minikube + # affinity: | + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchLabels: + # app.kubernetes.io/name: seaweedfs" + # app.kubernetes.io/instance: {{ .Release.Name }} + # app.kubernetes.io/component: master + # topologyKey: kubernetes.io/hostname + + # Topology Spread Constraints Settings + # This should map directly to the value of the topologySpreadConstraints + # for a PodSpec. By Default no constraints are set. + topologySpreadConstraints: "" + + # Toleration Settings for master pods + # This should be a multi-line string matching the Toleration array + # in a PodSpec. + tolerations: "" + + # nodeSelector labels for master pod assignment, formatted as a muli-line string. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: | + kubernetes.io/arch: amd64 + + # Used to assign priority to master pods + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + priorityClassName: "" + + # Used to assign a service account. + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + serviceAccountName: "" + + # Configure security context for Pod + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Example: + podSecurityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + # podSecurityContext: {} + + # Configure security context for Container + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Example: + # containerSecurityContext: + # enabled: true + # runAsUser: 2000 + # allowPrivilegeEscalation: false + containerSecurityContext: {} + + # Resource management + resources: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi" + ## ## Subchart Configuration ## diff --git a/charts/portal/values.yaml b/charts/portal/values.yaml index 94557fe4..80394808 100644 --- a/charts/portal/values.yaml +++ b/charts/portal/values.yaml @@ -40,6 +40,13 @@ global: # required by bitnamilegacy/mysql security: allowInsecureImages: true + deepStorage: + seaweedfs: false + enableDataMigration: false + auth: + secretName: seaweedfs-s3-secret + analytics: + bucketName: api-metrics portal: domain: example.com @@ -457,6 +464,208 @@ image: ## ## Subchart Configuration ## +seaweedfs: + image: + seaweedfs: seaweedfs:5.4 + migrationUtility: seaweedfs:5.4 + persistence: + storage: + seaweedfs: 50Gi + replicaCount: 1 + bucketName: api-metrics + minio: + bucketName: api-metrics + restartPolicy: Always + imagePullPolicy: Always + loggingLevel: 1 + imageOverride: null + clusterDomain: cluster.local + + forceRedeploy: true + + # Core configuration + idleTimeout: 30 # Connection idle seconds + dataCenter: "" # Current volume server's data center name + rack: "" # Current volume server's rack name + whiteList: "" # Comma separated IP addresses having write permission + disableHttp: false # Disable HTTP requests, only gRPC operations are allowed + metricsPort: 9324 # Prometheus metrics listen port + metricsIp: "" # Metrics listen IP. If empty, defaults to bindAddress + loggingOverrideLevel: null # Override logging level + + auth: + secretName: seaweedfs-s3-secret + # Leave access_key and secret_key empty to auto-generate values. + # access_key: + # secret_key: + + # Service configuration + s3: + enabled: true # Whether to enable S3 gateway + port: 8333 + enableAuth: true + existingConfigSecret: seaweedfs-s3-secret + sftp: + enabled: false # Whether to enable SFTP server + + filer: + port: 8888 + grpcPort: 18888 + defaultReplicaPlacement: "000" + dirListLimit: 100000 + s3: + enableAuth: true + createBuckets: + - name: api-metrics + anonymousRead: false + - name: file-storage + anonymousRead: false + config: | + [leveldb2] + enabled = false + + volume: + port: 8080 + grpcPort: 18080 + compactionMBps: 50 + minFreeSpacePercent: 7 + dataDirs: + - name: data-0 + type: "persistentVolumeClaim" + size: "50Gi" + maxVolumes: 50 + + master: + port: 9333 + grpcPort: 19333 + config: "" + volumeSizeLimitMB: 1024 + + # Service settings + service: + annotations: {} # Annotations for the service + type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer) + + # Storage configuration + data: + type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir" + hostPathPrefix: /mnt/data # Path prefix for hostPath volumes + claimName: seaweedfs-data-pvc # Name of the PVC to use + size: "" # Size of the PVC + storageClass: "" # Storage class for the PVC + + # Health checks + readinessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + failureThreshold: 6 + timeoutSeconds: 40 + + livenessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + failureThreshold: 6 + timeoutSeconds: 40 + + # Enable if replica count > 1 + startupProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 15 + timeoutSeconds: 40 + + # Additional resources + extraEnvironmentVars: {} # Additional environment variables + extraVolumeMounts: "" # Additional volume mounts + extraVolumes: "" # Additional volumes + initContainers: "" # Init containers + sidecars: "" # Sidecar containers + annotations: {} # Annotations for the deployment + podAnnotations: {} # Annotations for the pods + podLabels: {} # Labels for the pods + + # Scheduling configuration + # Affinity Settings + # Commenting out or setting as empty the affinity variable, will allow + # deployment to single node services such as Minikube + # affinity: | + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchLabels: + # app.kubernetes.io/name: seaweedfs" + # app.kubernetes.io/instance: {{ .Release.Name }} + # app.kubernetes.io/component: master + # topologyKey: kubernetes.io/hostname + + # Topology Spread Constraints Settings + # This should map directly to the value of the topologySpreadConstraints + # for a PodSpec. By Default no constraints are set. + topologySpreadConstraints: "" + + # Toleration Settings for master pods + # This should be a multi-line string matching the Toleration array + # in a PodSpec. + tolerations: "" + + # nodeSelector labels for master pod assignment, formatted as a muli-line string. + # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: | + kubernetes.io/arch: amd64 + + # Used to assign priority to master pods + # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ + priorityClassName: "" + + # Used to assign a service account. + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + serviceAccountName: "" + + # Configure security context for Pod + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Example: + podSecurityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 + # podSecurityContext: {} + + # Configure security context for Container + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ + # Example: + # containerSecurityContext: + # enabled: true + # runAsUser: 2000 + # allowPrivilegeEscalation: false + containerSecurityContext: {} + + # Resource management + resources: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi" # Settings for Druid - this is a local sub chart druid: diff --git a/charts/seaweedfs/.helmignore b/charts/seaweedfs/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/charts/seaweedfs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/charts/seaweedfs/Chart.yaml b/charts/seaweedfs/Chart.yaml new file mode 100644 index 00000000..990d3dac --- /dev/null +++ b/charts/seaweedfs/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v2 +name: seaweedfs +description: Broadcom APIM Portal SeaweedFS Chart +type: application +home: https://github.com/CAAPIM/apim-charts +maintainers: + - name: Gazza7205 +sources: + - https://github.com/CAAPIM/apim-charts +version: 1.0.1 +appVersion: 41.0 diff --git a/charts/seaweedfs/README.md b/charts/seaweedfs/README.md new file mode 100644 index 00000000..68059538 --- /dev/null +++ b/charts/seaweedfs/README.md @@ -0,0 +1,10 @@ +## Broadcom APIM Portal SeaweedFS Chart +This repository contains the Portal SeaweedFS Stack. + +This will later be merged into https://github.com/CAAPIM/apim-charts + +## Usage - this is a sub-Chart of Portal +This Chart is not standalaone, please install Portal + +## Note +This Helm Chart was created by Layer7 Broadcom. diff --git a/charts/seaweedfs/templates/seaweedfs/_helpers.tpl b/charts/seaweedfs/templates/seaweedfs/_helpers.tpl new file mode 100644 index 00000000..79dae4a2 --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/_helpers.tpl @@ -0,0 +1,46 @@ +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "seaweedfs.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* + Set the service account name for the Portal Stack + */}} +{{- define "seaweedfs.serviceAccountName" -}} +{{- if .Values.global.serviceAccountName }} + {{ default "default" .Values.global.serviceAccountName }} +{{- else }} +{{- if .Values.serviceAccount.create -}} + {{ default (include "seaweedfs.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "seaweedfs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "seaweedfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/seaweedfs-config.yaml b/charts/seaweedfs/templates/seaweedfs/seaweedfs-config.yaml new file mode 100644 index 00000000..fd52cd82 --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/seaweedfs-config.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: seaweedfs-config + namespace: {{ .Release.Namespace }} + labels: + app: seaweedfs-s3 + chart: {{ template "druid.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.master.annotations }} + annotations: + {{- toYaml .Values.master.annotations | nindent 4 }} +{{- end }} +data: + master.toml: |- + {{ .Values.master.config | nindent 4 }} + filer.toml: |- + {{ .Values.filer.config | nindent 4 }} + DATABASE_TYPE: {{ required "Please fill in databaseType in values.yaml" .Values.global.databaseType | quote }} +{{ if .Values.global.setupDemoDatabase}} + WEED_MYSQL_HOSTNAME: {{ .Release.Name }}-mysql-headless +{{ else }} + WEED_MYSQL_HOSTNAME: {{ .Values.global.databaseHost | quote }} +{{ end }} + WEED_MYSQL_PORT: {{ include "database-port" . | quote }} + DATABASE_USE_SSL: {{ .Values.global.databaseUseSSL | quote }} + DATABASE_REQUIRE_SSL: {{ .Values.global.databaseRequireSSL | quote }} + WEED_MYSQL_USERNAME: {{ required "Please fill in databaseUsername in values.yaml" .Values.global.databaseUsername | quote }} + \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/seaweedfs-data-copy-job.yaml b/charts/seaweedfs/templates/seaweedfs/seaweedfs-data-copy-job.yaml new file mode 100644 index 00000000..d97ba8c4 --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/seaweedfs-data-copy-job.yaml @@ -0,0 +1,70 @@ +{{- if (eq .Values.global.deepStorage.enableDataMigration true) }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ template "portal.fullname" . }}-seaweedfs-data-copy-job + labels: + app: {{ template "portal.name" . }} + chart: {{ template "portal.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "-4" +spec: + suspend: false + parallelism: 1 + template: + metadata: + spec: + {{- if .Values.global.pullSecret }} + imagePullSecrets: + - name: "{{ .Values.global.pullSecret }}" + {{- end }} + volumes: + - name: empty-dir + emptyDir: {} + containers: + - name: data-copier + image: "{{ .Values.global.portalRepository }}{{ .Values.image.migrationUtility }}" + command: ["rclone", "--stats-one-line", "--stats", "2s", "-vv", "--progress", "copy", "minio:/{{ .Values.minio.bucketName }}", "seaweedfs:/{{ .Values.global.deepStorage.analytics.bucketName }}"] + env: + - name: RCLONE_CONFIG_MINIO_TYPE + value: s3 + - name: RCLONE_CONFIG_MINIO_PROVIDER + value: Minio + - name: RCLONE_CONFIG_MINIO_ENDPOINT + value: http://minio:9000 + - name: RCLONE_CONFIG_MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_ACCESS_KEY + - name: RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_SECRET_KEY + - name: RCLONE_CONFIG_SEAWEEDFS_TYPE + value: s3 + - name: RCLONE_CONFIG_SEAWEEDFS_PROVIDER + value: SeaweedFS + - name: RCLONE_CONFIG_SEAWEEDFS_ENDPOINT + value: http://seaweedfs-s3:8333 + - name: RCLONE_CONFIG_SEAWEEDFS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: seaweedfs-s3-secret + key: admin_access_key_id + - name: RCLONE_CONFIG_SEAWEEDFS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: seaweedfs-s3-secret + key: admin_secret_access_key + resources: + limits: + memory: 4Gi + requests: + memory: 4Gi + restartPolicy: "OnFailure" +{{ end }} \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/seaweedfs-s3-bucket-hook.yaml b/charts/seaweedfs/templates/seaweedfs/seaweedfs-s3-bucket-hook.yaml new file mode 100644 index 00000000..157876ef --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/seaweedfs-s3-bucket-hook.yaml @@ -0,0 +1,115 @@ +{{- if .Values.filer.s3.createBuckets }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: "{{ $.Release.Name }}-bucket-hook" + labels: + app: {{ template "portal.name" . }} + chart: {{ template "portal.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + "helm.sh/hook": post-install, post-upgrade + "helm.sh/hook-weight": "-5" +spec: + template: + metadata: + name: "{{ .Release.Name }}" + spec: + restartPolicy: Never + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.global.pullSecret }} + imagePullSecrets: + - name: "{{ .Values.global.pullSecret }}" + {{- end }} + containers: + - name: install-bucket-job + image: "{{ .Values.global.portalRepository }}{{ .Values.image.seaweedfs }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.imagePullPolicy }} + env: + - name: WEED_CLUSTER_DEFAULT + value: "sw" + - name: WEED_CLUSTER_SW_MASTER + value: "seaweedfs-s3:{{ .Values.master.port }}" + - name: WEED_CLUSTER_SW_S3 + value: "seaweedfs-s3:{{ .Values.s3.port }}" + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "seaweedfs-s3" + command: + - "/bin/bash" + - "-ec" + - | + wait_for_service() { + local port=$1 + local waitForS3InSeconds=$2 + local max_attempts=$(($waitForS3InSeconds/5)) # 10 minutes total (5s * 120) + local attempt=1 + + echo "Waiting for service at seaweedfs-s3/$port... for $waitForS3InSeconds seconds" + while [ $attempt -le $max_attempts ]; do + if timeout 5 bash -c ">/dev/tcp/seaweedfs-s3/$port" 2>/dev/null; then + echo "Service at seaweedfs-s3:$port is up!" + return 0 + fi + echo "Attempt $attempt: Service not ready yet, retrying in 5s..." + sleep 5 + attempt=$((attempt + 1)) + done + echo "Service at seaweedfs-s3:$port failed to become ready within 10 minutes" + exit 1 + } + wait_for_service "{{ .Values.readinessProbe.httpGet.port }}" "{{ .Values.waitForS3InSeconds }}" + {{- range $reg, $props := $.Values.filer.s3.createBuckets }} + exec /bin/echo \ + "s3.bucket.create --name {{ $props.name }}" |\ + /opt/bitnami/seaweedfs/bin/weed shell + {{- end }} + {{- range $reg, $props := $.Values.filer.s3.createBuckets }} + {{- if $props.anonymousRead }} + exec /bin/echo \ + "s3.configure --user anonymous \ + --buckets {{ $props.name }} \ + --actions Read \ + --apply true" |\ + /opt/bitnami/seaweedfs/bin/weed shell + {{- end }} + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + volumeMounts: + - name: config-users + mountPath: /etc/sw + readOnly: true + {{- end }} + ports: + - containerPort: {{ .Values.master.port }} + name: swfs-master + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + volumes: + - name: config-users + secret: + defaultMode: 420 + {{- if not (empty .Values.filer.s3.existingConfigSecret) }} + secretName: {{ .Values.filer.s3.existingConfigSecret }} + {{- else }} + secretName: seaweedfs-s3-secret + {{- end }} + {{- end }}{{/** if .Values.filer.s3.enableAuth **/}} +{{- end }}{{/** if .Values.filer.s3.createBuckets **/}} \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/seaweedfs-s3-secret.yaml b/charts/seaweedfs/templates/seaweedfs/seaweedfs-s3-secret.yaml new file mode 100644 index 00000000..8bfac322 --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/seaweedfs-s3-secret.yaml @@ -0,0 +1,43 @@ +{{- if and (eq .Values.s3.enabled true ) (eq .Values.s3.enableAuth true) }} +{{- $access_key_admin := randAlphaNum 10 -}} +{{- $secret_key_admin := randAlphaNum 40 -}} +{{- $access_key_read := randAlphaNum 10 }} +{{- $secret_key_read := randAlphaNum 40 }} +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: seaweedfs-s3-secret + namespace: {{ .Release.Namespace }} + labels: + app: seaweedfs-s3 + chart: {{ template "druid.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +stringData: +{{if .Values.auth.access_key }} + {{- $access_key_admin = .Values.auth.access_key }} + admin_access_key_id: {{ $access_key_admin }} + read_access_key_id: {{ $access_key_read }} +{{ else }} + admin_access_key_id: {{ $access_key_admin }} + read_access_key_id: {{ $access_key_read }} +{{ end }} +{{if .Values.auth.secret_key }} + {{- $secret_key_admin = .Values.auth.secret_key }} + admin_secret_access_key: {{ $secret_key_admin }} + read_secret_access_key: {{ $secret_key_read }} +{{ else }} + admin_secret_access_key: {{ $secret_key_admin }} + read_secret_access_key: {{ $secret_key_read }} +{{ end }} + seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"{{ $access_key_admin }}","secretKey":"{{ $secret_key_admin }}"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"{{ $access_key_read }}","secretKey":"{{ $secret_key_read }}"}],"actions":["Read"]}]}' + {{- if .Values.filer.s3.auditLogConfig }} + filer_s3_auditLogConfig.json: | + {{ toJson .Values.filer.s3.auditLogConfig | nindent 4 }} + {{- end }} + {{- if .Values.s3.auditLogConfig }} + s3_auditLogConfig.json: | + {{ toJson .Values.s3.auditLogConfig | nindent 4 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/seaweedfs-service.yaml b/charts/seaweedfs/templates/seaweedfs/seaweedfs-service.yaml new file mode 100644 index 00000000..05a10463 --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/seaweedfs-service.yaml @@ -0,0 +1,81 @@ +apiVersion: v1 +kind: Service +metadata: + name: seaweedfs-s3 + namespace: {{ .Release.Namespace }} + labels: + app: seaweedfs-s3 + chart: {{ template "druid.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.service.annotations }} + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} + {{- end }} +spec: + # internalTrafficPolicy: {{ .Values.service.internalTrafficPolicy | default "Cluster" }} + clusterIP: None + sessionAffinity: ClientIP + ports: + # Master ports + - name: "swfs-master" + port: {{ .Values.master.port }} + targetPort: {{ .Values.master.port }} + protocol: TCP + - name: "swfs-master-grpc" + port: {{ .Values.master.grpcPort }} + targetPort: {{ .Values.master.grpcPort }} + protocol: TCP + + # Volume ports + - name: "swfs-volume" + port: {{ .Values.volume.port }} + targetPort: {{ .Values.volume.port }} + protocol: TCP + - name: "swfs-volume-grpc" + port: {{ .Values.volume.grpcPort }} + targetPort: {{ .Values.volume.grpcPort }} + protocol: TCP + + # Filer ports + - name: "swfs-filer" + port: {{ .Values.filer.port }} + targetPort: {{ .Values.filer.port }} + protocol: TCP + - name: "swfs-filer-grpc" + port: {{ .Values.filer.grpcPort }} + targetPort: {{ .Values.filer.grpcPort }} + protocol: TCP + + # S3 ports (if enabled) + {{- if .Values.s3.enabled }} + - name: "swfs-s3" + port: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + targetPort: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + protocol: TCP + {{- if and .Values.s3.enabled .Values.s3.httpsPort }} + - name: "swfs-s3-tls" + port: {{ .Values.s3.httpsPort }} + targetPort: {{ .Values.s3.httpsPort }} + protocol: TCP + {{- end }} + {{- end }} + + # SFTP ports (if enabled) + {{- if .Values.sftp.enabled }} + - name: "swfs-sftp" + port: {{ .Values.sftp.port }} + targetPort: {{ .Values.sftp.port }} + protocol: TCP + {{- end }} + + # Server metrics port (single metrics endpoint for all services) + {{- if .Values.metricsPort }} + - name: "server-metrics" + port: {{ .Values.metricsPort }} + targetPort: {{ .Values.metricsPort }} + protocol: TCP + {{- end }} + + selector: + app: seaweedfs-s3 \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/seaweedfs-statefulset.yaml b/charts/seaweedfs/templates/seaweedfs/seaweedfs-statefulset.yaml new file mode 100644 index 00000000..0a9e88f4 --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/seaweedfs-statefulset.yaml @@ -0,0 +1,506 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: seaweedfs-s3 + namespace: {{ .Release.Namespace }} + labels: + app: seaweedfs-s3 + chart: {{ template "seaweedfs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.annotations }} + annotations: + {{- toYaml .Values.annotations | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: seaweedfs-s3 + serviceName: seaweedfs-s3 + updateStrategy: + type: RollingUpdate + podManagementPolicy: Parallel + template: + metadata: + labels: + app: seaweedfs-s3 + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + annotations: + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.forceRedeploy }} + timestamp: {{ now | quote }} + {{- end }} + spec: + restartPolicy: {{ default .Values.global.restartPolicy .Values.restartPolicy }} + {{- if .Values.global.pullSecret }} + imagePullSecrets: + - name: "{{ .Values.global.pullSecret }}" + {{- end }} + terminationGracePeriodSeconds: 60 + enableServiceLinks: false + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + serviceAccountName: {{ include "seaweedfs.serviceAccountName" . }} + {{- if .Values.affinity }} + affinity: {{- toYaml .Values.affinity | nindent 12 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- toYaml .Values.nodeSelector | nindent 12 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- toYaml .Values.tolerations | nindent 12 }} + {{- end }} + {{- if .Values.podSecurityContext }} + securityContext: {{- toYaml .Values.podSecurityContext | nindent 12 }} + {{- else if .Values.global.podSecurityContext }} + securityContext: {{- toYaml .Values.global.podSecurityContext | nindent 12 }} + {{- else }} + securityContext: + fsGroup: 1010 + {{- end }} + containers: + - name: seaweedfs + image: "{{ .Values.global.portalRepository }}{{ .Values.image.seaweedfs }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.imagePullPolicy }} + env: + - name: POD_IP + valueFrom: + fieldRef: + fieldPath: status.podIP + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: SEAWEEDFS_FULLNAME + value: "seaweedfs" + {{- if .Values.extraEnvironmentVars }} + {{- range $key, $value := .Values.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.global.extraEnvironmentVars }} + {{- range $key, $value := .Values.global.extraEnvironmentVars }} + - name: {{ $key }} + {{- if kindIs "string" $value }} + value: {{ $value | quote }} + {{- else }} + valueFrom: + {{ toYaml $value | nindent 16 }} + {{- end }} + {{- end }} + {{- end }} + - name: WEED_MYSQL_ENABLED + value: "true" + - name: WEED_MYSQL_DATABASE + value: {{ include "portal-db-name" . | quote }} + - name: WEED_MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.global.databaseSecret }} + {{- if eq .Values.global.databaseType "mysql" }} + key: mysql-password + {{- end }} + - name: WEED_MYSQL_CONNECTION_MAX_IDLE + value: "5" + - name: WEED_MYSQL_CONNECTION_MAX_OPEN + value: "75" + - name: WEED_MYSQL_CONNECTION_MAX_LIFETIME_SECONDS + value: "600" + - name: WEED_MYSQL_INTERPOLATEPARAMS + value: "true" + - name: RCLONE_CONFIG_MINIO_TYPE + value: s3 + - name: RCLONE_CONFIG_MINIO_PROVIDER + value: Minio + - name: RCLONE_CONFIG_MINIO_ENDPOINT + value: http://minio:9000 + - name: RCLONE_CONFIG_MINIO_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_ACCESS_KEY + - name: RCLONE_CONFIG_MINIO_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: minio-secret + key: MINIO_SECRET_KEY + - name: RCLONE_CONFIG_SEAWEEDFS_TYPE + value: s3 + - name: RCLONE_CONFIG_SEAWEEDFS_PROVIDER + value: SeaweedFS + - name: RCLONE_CONFIG_SEAWEEDFS_ENDPOINT + value: http://seaweedfs-s3:8333 + - name: RCLONE_CONFIG_SEAWEEDFS_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: seaweedfs-s3-secret + key: admin_access_key_id + - name: RCLONE_CONFIG_SEAWEEDFS_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: seaweedfs-s3-secret + key: admin_secret_access_key + envFrom: + - configMapRef: + name: seaweedfs-config + command: + - "/bin/bash" + - "-ec" + - | + /opt/bitnami/seaweedfs/bin/weed \ + -v={{ .Values.loggingLevel }} \ + server \ + -dir=/opt/data \ + -master \ + {{ if gt (.Values.replicaCount | int) 1 -}} + -master.peers={{ include "seaweedfs.master.servers" . }} \ + -ip=$(POD_NAME).seaweedfs-s3.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }} \ + {{ end -}} + -volume \ + {{- if .Values.idleTimeout }} + -idleTimeout={{ .Values.idleTimeout }} \ + {{- end }} + {{- if .Values.dataCenter }} + -dataCenter={{ .Values.dataCenter }} \ + {{- end }} + {{- if .Values.rack }} + -rack={{ .Values.rack }} \ + {{- end }} + {{- if .Values.whiteList }} + -whiteList={{ .Values.whiteList }} \ + {{- end }} + {{- if .Values.disableHttp }} + -disableHttp={{ .Values.disableHttp }} \ + {{- end }} + {{- if and (.Values.volume.dataDirs) (index .Values.volume.dataDirs 0 "maxVolumes") }} + -volume.max={{ index .Values.volume.dataDirs 0 "maxVolumes" }} \ + {{- end }} + -master.port={{ .Values.master.port }} \ + {{- if .Values.global.enableReplication }} + -master.defaultReplication={{ .Values.global.replicationPlacement }} \ + {{- else }} + -master.defaultReplication={{ .Values.master.defaultReplication }} \ + {{- end }} + {{- if .Values.master.volumePreallocate }} + -master.volumePreallocate \ + {{- end }} + -master.volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ + {{- if .Values.master.garbageThreshold }} + -master.garbageThreshold={{ .Values.master.garbageThreshold }} \ + {{- end }} + -volume.port={{ .Values.volume.port }} \ + -volume.readMode={{ .Values.volume.readMode }} \ + {{- if .Values.volume.imagesFixOrientation }} + -volume.images.fix.orientation \ + {{- end }} + {{- if .Values.volume.index }} + -volume.index={{ .Values.volume.index }} \ + {{- end }} + {{- if .Values.volume.fileSizeLimitMB }} + -volume.fileSizeLimitMB={{ .Values.volume.fileSizeLimitMB }} \ + {{- end }} + -volume.minFreeSpacePercent={{ .Values.volume.minFreeSpacePercent }} \ + -volume.compactionMBps={{ .Values.volume.compactionMBps }} \ + {{- if .Values.metricsPort }} + -metricsPort={{ .Values.metricsPort }} \ + {{- else if .Values.master.metricsPort }} + -metricsPort={{ .Values.master.metricsPort }} \ + {{- end }} + -filer \ + -filer.port={{ .Values.filer.port }} \ + {{- if .Values.filer.disableDirListing }} + -filer.disableDirListing \ + {{- end }} + -filer.dirListLimit={{ .Values.filer.dirListLimit }} \ + {{- if .Values.global.enableReplication }} + -filer.defaultReplicaPlacement={{ .Values.global.replicationPlacement }} \ + {{- else }} + -filer.defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \ + {{- end }} + {{- if .Values.filer.maxMB }} + -filer.maxMB={{ .Values.filer.maxMB }} \ + {{- end }} + {{- if .Values.filer.encryptVolumeData }} + -filer.encryptVolumeData \ + {{- end }} + {{- if .Values.filer.filerGroup}} + -filer.filerGroup={{ .Values.filer.filerGroup}} \ + {{- end }} + {{- if .Values.filer.rack }} + -filer.rack={{ .Values.filer.rack }} \ + {{- end }} + {{- if .Values.filer.dataCenter }} + -filer.dataCenter={{ .Values.filer.dataCenter }} \ + {{- end }} + {{- if .Values.s3.enabled }} + -s3 \ + -s3.port={{ .Values.s3.port }} \ + {{- if .Values.s3.domainName }} + -s3.domainName={{ .Values.s3.domainName }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + {{- if .Values.s3.httpsPort }} + -s3.port.https={{ .Values.s3.httpsPort }} \ + {{- end }} + -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }} + -s3.allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ + {{- end }} + {{- if .Values.s3.enableAuth }} + -s3.config=/etc/sw/s3/seaweedfs_s3_config \ + {{- end }} + {{- if .Values.s3.auditLogConfig }} + -s3.auditLogConfig=/etc/sw/s3/s3_auditLogConfig.json \ + {{- end }} + {{- end }} + {{- if .Values.sftp.enabled }} + -sftp \ + -sftp.port={{ .Values.sftp.port }} \ + {{- if .Values.sftp.sshPrivateKey }} + -sftp.sshPrivateKey={{ .Values.sftp.sshPrivateKey }} \ + {{- end }} + {{- if .Values.sftp.hostKeysFolder }} + -sftp.hostKeysFolder={{ .Values.sftp.hostKeysFolder }} \ + {{- end }} + {{- if .Values.sftp.authMethods }} + -sftp.authMethods={{ .Values.sftp.authMethods }} \ + {{- end }} + {{- if .Values.sftp.maxAuthTries }} + -sftp.maxAuthTries={{ .Values.sftp.maxAuthTries }} \ + {{- end }} + {{- if .Values.sftp.bannerMessage }} + -sftp.bannerMessage="{{ .Values.sftp.bannerMessage }}" \ + {{- end }} + {{- if .Values.sftp.loginGraceTime }} + -sftp.loginGraceTime={{ .Values.sftp.loginGraceTime }} \ + {{- end }} + {{- if .Values.sftp.clientAliveInterval }} + -sftp.clientAliveInterval={{ .Values.sftp.clientAliveInterval }} \ + {{- end }} + {{- if .Values.sftp.clientAliveCountMax }} + -sftp.clientAliveCountMax={{ .Values.sftp.clientAliveCountMax }} \ + {{- end }} + -sftp.userStoreFile=/etc/sw/sftp/seaweedfs_sftp_config \ + {{- end }} + + volumeMounts: + - name: seaweedfs-vol-claim + mountPath: /opt/data + {{- if and .Values.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} + - name: config-s3-users + mountPath: /etc/sw/s3 + readOnly: true + {{- end }} + {{- if .Values.sftp.enabled }} + - name: config-ssh + mountPath: /etc/sw/ssh + readOnly: true + - mountPath: /etc/sw/sftp + name: config-users + readOnly: true + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + mountPath: /etc/seaweedfs/notification.toml + subPath: notification.toml + readOnly: true + {{- end }} + - name: master-config + mountPath: /etc/seaweedfs/master.toml + subPath: master.toml + readOnly: true + - name: filer-config + mountPath: /etc/seaweedfs/filer.toml + subPath: filer.toml + {{- if .Values.global.enableSecurity }} + - name: security-config + mountPath: /etc/seaweedfs/security.toml + subPath: security.toml + readOnly: true + - name: ca-cert + mountPath: /usr/local/share/ca-certificates/ca/ + readOnly: true + - name: master-cert + mountPath: /usr/local/share/ca-certificates/master/ + readOnly: true + - name: volume-cert + mountPath: /usr/local/share/ca-certificates/volume/ + readOnly: true + - name: filer-cert + mountPath: /usr/local/share/ca-certificates/filer/ + readOnly: true + - name: client-cert + mountPath: /usr/local/share/ca-certificates/client/ + readOnly: true + {{- end }} + {{ tpl .Values.extraVolumeMounts . | nindent 12 }} + ports: + - containerPort: {{ .Values.master.port }} + name: swfs-mas + - containerPort: {{ .Values.master.grpcPort }} + name: swfs-mas-grpc + - containerPort: {{ .Values.volume.port }} + name: swfs-vol + - containerPort: {{ .Values.volume.grpcPort }} + name: swfs-vol-grpc + - containerPort: {{ .Values.filer.port }} + name: swfs-fil + - containerPort: {{ .Values.filer.grpcPort }} + name: swfs-fil-grpc + {{- if .Values.s3.enabled }} + - containerPort: {{ .Values.s3.port }} + name: swfs-s3 + {{- if .Values.s3.httpsPort }} + - containerPort: {{ .Values.s3.httpsPort }} + name: swfs-s3-tls + {{- end }} + {{- end }} + {{- if .Values.sftp.enabled }} + - containerPort: {{ .Values.sftp.port }} + name: swfs-sftp + {{- end }} + {{- if .Values.metricsPort }} + - containerPort: {{ .Values.metricsPort }} + name: server-metrics + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.readinessProbe.scheme }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.livenessProbe.scheme }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.startupProbe.enabled }} + startupProbe: + httpGet: + path: {{ .Values.startupProbe.httpGet.path }} + port: {{ .Values.master.port }} + scheme: {{ .Values.startupProbe.scheme }} + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + {{- end }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: + {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if and .Values.s3.enabled (or .Values.s3.enableAuth .Values.filer.s3.enableAuth) }} + - name: config-s3-users + secret: + defaultMode: 420 + secretName: {{ default (printf "seaweedfs-s3-secret" ) (or .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret) }} + {{- end }} + {{- if .Values.sftp.enabled }} + - name: config-ssh + secret: + defaultMode: 420 + secretName: {{ default (printf "seaweedfs-sftp-ssh-secret" ) .Values.sftp.existingSshConfigSecret }} + - name: config-users + secret: + defaultMode: 420 + secretName: {{ default (printf "seaweedfs-sftp-secret" ) .Values.sftp.existingConfigSecret }} + {{- end }} + {{- if .Values.filer.notificationConfig }} + - name: notification-config + configMap: + name: seaweedfs-notification-config + {{- end }} + - name: master-config + configMap: + name: seaweedfs-config + items: + - key: master.toml + path: master.toml + - name: filer-config + configMap: + name: seaweedfs-config + items: + - key: filer.toml + path: filer.toml + {{- if .Values.global.enableSecurity }} + - name: security-config + configMap: + name: seaweedfs-security-config + - name: ca-cert + secret: + secretName: seaweedfs-ca-cert + - name: master-cert + secret: + secretName: seaweedfs-master-cert + - name: volume-cert + secret: + secretName: seaweedfs-volume-cert + - name: filer-cert + secret: + secretName: seaweedfs-filer-cert + - name: client-cert + secret: + secretName: seaweedfs-client-cert + {{- end }} + {{ tpl .Values.extraVolumes . | nindent 8 }} + {{- if .Values.nodeSelector }} + nodeSelector: + {{ tpl .Values.nodeSelector . | nindent 8 }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: seaweedfs-vol-claim + spec: + accessModes: [ "ReadWriteOnce" ] + {{- if .Values.global.storageClass}} + storageClassName: "{{ .Values.global.storageClass }}" + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.storage.seaweedfs }} \ No newline at end of file diff --git a/charts/seaweedfs/templates/seaweedfs/service-accounts/service-account.yaml b/charts/seaweedfs/templates/seaweedfs/service-accounts/service-account.yaml new file mode 100644 index 00000000..863aca1b --- /dev/null +++ b/charts/seaweedfs/templates/seaweedfs/service-accounts/service-account.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.serviceAccount.create (not .Values.global.serviceAccountName) }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "seaweedfs.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "seaweedfs.name" . }} + chart: {{ template "seaweedfs.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +secrets: + - name: {{ include "seaweedfs.fullname" . }} +{{- end }} \ No newline at end of file diff --git a/charts/seaweedfs/values.yaml b/charts/seaweedfs/values.yaml new file mode 100644 index 00000000..71a03017 --- /dev/null +++ b/charts/seaweedfs/values.yaml @@ -0,0 +1,215 @@ +# Analytics stack configuration - Apache Druid +# This Chart is designed to be deployed as a SubChart of the +# Broadcom API Developer Portal + +# Global values +global: + portalRepository: caapim/ + pullSecret: broadcom-apim + # these default to mysql settings above, change if connecting to an external database. +# setupDemoDatabase: true + databaseType: mysql + databaseHost: mysql + databasePort: 3306 + databaseUseSSL: true + databaseRequireSSL: false + databaseUsername: admin + databaseSecret: + subdomainPrefix: dev-portal + legacyHostnames: false + legacyDatabaseNames: false +# databasePassword: 7layer + deepStorage: + auth: + secretName: seaweedfs-s3-secret + +image: + seaweedfs: seaweedfs:5.3.3 + migrationUtility: seaweedfs:5.3.3 +persistence: + storage: + seaweedfs: 50Gi + + +migrateData: false +# time post-install hook re-tries to create the bucket. +waitForS3InSeconds: 1200 +imageOverride: null +restartPolicy: Always +imagePullPolicy: Always +loggingLevel: 1 +replicaCount: 1 +clusterDomain: cluster.local +minio: + bucketName: api-metrics +forceRedeploy: true +nameOverride: seaweedfs-s3 +serviceAccount: + create: true +# Core configuration +idleTimeout: 30 # Connection idle seconds +dataCenter: "" # Current volume server's data center name +rack: "" # Current volume server's rack name +whiteList: "" # Comma separated IP addresses having write permission +disableHttp: false # Disable HTTP requests, only gRPC operations are allowed +metricsPort: 9324 # Prometheus metrics listen port +metricsIp: "" # Metrics listen IP. If empty, defaults to bindAddress +loggingOverrideLevel: null # Override logging level +auth: + secretName: seaweedfs-s3-secret +# Leave access_key and secret_key empty to auto-generate values. +# access_key: +# secret_key: + # admin_access_key_id: + # admin_secret_access_key: + # read_access_key_id: + # read_secret_access_key: +# Service configuration +s3: + enabled: true # Whether to enable S3 gateway + port: 8333 + enableAuth: true + existingConfigSecret: seaweedfs-s3-secret +sftp: + enabled: false # Whether to enable SFTP server +filer: + port: 8888 + grpcPort: 18888 + defaultReplicaPlacement: "000" + dirListLimit: 100000 + s3: + enableAuth: true + createBuckets: + - name: api-metrics + anonymousRead: false + - name: file-storage + anonymousRead: false + config: | + [leveldb2] + enabled = false +volume: + port: 8080 + grpcPort: 18080 + compactionMBps: 50 + minFreeSpacePercent: 7 + dataDirs: + - name: data-0 + type: "persistentVolumeClaim" + size: "50Gi" + maxVolumes: 50 +master: + port: 9333 + grpcPort: 19333 + config: "" + volumeSizeLimitMB: 1024 +# Service settings +service: + annotations: {} # Annotations for the service + type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer) +# Storage configuration +data: + type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir" + hostPathPrefix: /mnt/data # Path prefix for hostPath volumes + claimName: seaweedfs-data-pvc # Name of the PVC to use + size: "" # Size of the PVC + storageClass: "" # Storage class for the PVC +# Health checks +readinessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + failureThreshold: 6 + timeoutSeconds: 40 +livenessProbe: + enabled: true + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 40 + successThreshold: 1 + failureThreshold: 6 + timeoutSeconds: 40 +# Enable if replica count > 1 +startupProbe: + enabled: false + httpGet: + path: /cluster/status + port: 9333 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 15 + timeoutSeconds: 40 +# Additional resources +extraEnvironmentVars: {} # Additional environment variables +extraVolumeMounts: "" # Additional volume mounts +extraVolumes: "" # Additional volumes +initContainers: "" # Init containers +sidecars: "" # Sidecar containers +annotations: {} # Annotations for the deployment +podAnnotations: {} # Annotations for the pods +podLabels: {} # Labels for the pods +# Scheduling configuration +# Affinity Settings +# Commenting out or setting as empty the affinity variable, will allow +# deployment to single node services such as Minikube +# affinity: | +# podAntiAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# - labelSelector: +# matchLabels: +# app.kubernetes.io/name: seaweedfs" +# app.kubernetes.io/instance: {{ .Release.Name }} +# app.kubernetes.io/component: master +# topologyKey: kubernetes.io/hostname +# Topology Spread Constraints Settings +# This should map directly to the value of the topologySpreadConstraints +# for a PodSpec. By Default no constraints are set. +topologySpreadConstraints: "" +# Toleration Settings for master pods +# This should be a multi-line string matching the Toleration array +# in a PodSpec. +tolerations: "" +# nodeSelector labels for master pod assignment, formatted as a muli-line string. +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: | + kubernetes.io/arch: amd64 +# Used to assign priority to master pods +# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +priorityClassName: "" +# Used to assign a service account. +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +serviceAccountName: "" +# Configure security context for Pod +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# Example: +podSecurityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 3000 + fsGroup: 2000 +# podSecurityContext: {} +# Configure security context for Container +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# Example: +# containerSecurityContext: +# enabled: true +# runAsUser: 2000 +# allowPrivilegeEscalation: false +containerSecurityContext: {} +# Resource management +resources: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi"