265 lines
10 KiB

  1. {{- if .Values.filer.enabled }}
  2. apiVersion: apps/v1
  3. kind: StatefulSet
  4. metadata:
  5. name: {{ template "seaweedfs.name" . }}-filer
  6. namespace: {{ .Release.Namespace }}
  7. labels:
  8. app: {{ template "seaweedfs.name" . }}
  9. chart: {{ template "seaweedfs.chart" . }}
  10. heritage: {{ .Release.Service }}
  11. release: {{ .Release.Name }}
  12. spec:
  13. serviceName: {{ template "seaweedfs.name" . }}-filer
  14. podManagementPolicy: Parallel
  15. replicas: {{ .Values.filer.replicas }}
  16. {{- if (gt (int .Values.filer.updatePartition) 0) }}
  17. updateStrategy:
  18. type: RollingUpdate
  19. rollingUpdate:
  20. partition: {{ .Values.filer.updatePartition }}
  21. {{- end }}
  22. selector:
  23. matchLabels:
  24. app: {{ template "seaweedfs.name" . }}
  25. chart: {{ template "seaweedfs.chart" . }}
  26. release: {{ .Release.Name }}
  27. component: filer
  28. template:
  29. metadata:
  30. labels:
  31. app: {{ template "seaweedfs.name" . }}
  32. chart: {{ template "seaweedfs.chart" . }}
  33. release: {{ .Release.Name }}
  34. component: filer
  35. spec:
  36. restartPolicy: {{ default .Values.global.restartPolicy .Values.filer.restartPolicy }}
  37. {{- if .Values.filer.affinity }}
  38. affinity:
  39. {{ tpl .Values.filer.affinity . | nindent 8 | trim }}
  40. {{- end }}
  41. {{- if .Values.filer.tolerations }}
  42. tolerations:
  43. {{ tpl .Values.filer.tolerations . | nindent 8 | trim }}
  44. {{- end }}
  45. {{- if .Values.global.imagePullSecrets }}
  46. imagePullSecrets:
  47. - name: {{ .Values.global.imagePullSecrets }}
  48. {{- end }}
  49. serviceAccountName: seaweefds-rw-sa #hack for delete pod master after migration
  50. terminationGracePeriodSeconds: 60
  51. {{- if .Values.filer.priorityClassName }}
  52. priorityClassName: {{ .Values.filer.priorityClassName | quote }}
  53. {{- end }}
  54. enableServiceLinks: false
  55. containers:
  56. - name: seaweedfs
  57. image: {{ template "filer.image" . }}
  58. imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }}
  59. env:
  60. - name: POD_IP
  61. valueFrom:
  62. fieldRef:
  63. fieldPath: status.podIP
  64. - name: POD_NAME
  65. valueFrom:
  66. fieldRef:
  67. fieldPath: metadata.name
  68. - name: NAMESPACE
  69. valueFrom:
  70. fieldRef:
  71. fieldPath: metadata.namespace
  72. - name: WEED_MYSQL_USERNAME
  73. valueFrom:
  74. secretKeyRef:
  75. name: secret-seaweedfs-db
  76. key: user
  77. - name: WEED_MYSQL_PASSWORD
  78. valueFrom:
  79. secretKeyRef:
  80. name: secret-seaweedfs-db
  81. key: password
  82. - name: SEAWEEDFS_FULLNAME
  83. value: "{{ template "seaweedfs.name" . }}"
  84. {{- if .Values.filer.extraEnvironmentVars }}
  85. {{- range $key, $value := .Values.filer.extraEnvironmentVars }}
  86. - name: {{ $key }}
  87. value: {{ $value | quote }}
  88. {{- end }}
  89. {{- end }}
  90. {{- if .Values.global.extraEnvironmentVars }}
  91. {{- range $key, $value := .Values.global.extraEnvironmentVars }}
  92. - name: {{ $key }}
  93. value: {{ $value | quote }}
  94. {{- end }}
  95. {{- end }}
  96. command:
  97. - "/bin/sh"
  98. - "-ec"
  99. - |
  100. exec /usr/bin/weed -logdir=/logs \
  101. {{- if .Values.filer.loggingOverrideLevel }}
  102. -v={{ .Values.filer.loggingOverrideLevel }} \
  103. {{- else }}
  104. -v={{ .Values.global.loggingLevel }} \
  105. {{- end }}
  106. filer \
  107. -port={{ .Values.filer.port }} \
  108. {{- if .Values.filer.metricsPort }}
  109. -metricsPort {{ .Values.filer.metricsPort }} \
  110. {{- end }}
  111. {{- if .Values.filer.redirectOnRead }}
  112. -redirectOnRead \
  113. {{- end }}
  114. {{- if .Values.filer.disableHttp }}
  115. -disableHttp \
  116. {{- end }}
  117. {{- if .Values.filer.disableDirListing }}
  118. -disableDirListing \
  119. {{- end }}
  120. -dirListLimit={{ .Values.filer.dirListLimit }} \
  121. {{- if .Values.global.enableReplication }}
  122. -defaultReplicaPlacement={{ .Values.global.replicationPlacment }} \
  123. {{- else }}
  124. -defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \
  125. {{- end }}
  126. {{- if .Values.filer.disableDirListing }}
  127. -disableDirListing \
  128. {{- end }}
  129. {{- if .Values.filer.maxMB }}
  130. -maxMB={{ .Values.filer.maxMB }} \
  131. {{- end }}
  132. {{- if .Values.filer.encryptVolumeData }}
  133. -encryptVolumeData \
  134. {{- end }}
  135. -ip=${POD_IP} \
  136. {{- if .Values.filer.s3.enabled }}
  137. -s3 \
  138. -s3.port={{ .Values.filer.s3.port }} \
  139. {{- if .Values.filer.s3.domainName }}
  140. -s3.domainName={{ .Values.filer.s3.domainName }} \
  141. {{- end }}
  142. {{- if .Values.global.enableSecurity }}
  143. -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \
  144. -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \
  145. {{- end }}
  146. {{- if .Values.filer.s3.allowEmptyFolder }}
  147. -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \
  148. {{- end }}
  149. {{- if .Values.filer.s3.enableAuth }}
  150. -s3.config=/etc/sw/seaweedfs_s3_config \
  151. {{- end }}
  152. {{- if .Values.filer.s3.auditLogConfig }}
  153. -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \
  154. {{- end }}
  155. {{- end }}
  156. -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}
  157. {{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }}
  158. volumeMounts:
  159. - name: seaweedfs-filer-log-volume
  160. mountPath: "/logs/"
  161. - mountPath: /etc/sw
  162. name: config-users
  163. readOnly: true
  164. {{- if .Values.global.enableSecurity }}
  165. - name: security-config
  166. readOnly: true
  167. mountPath: /etc/seaweedfs/security.toml
  168. subPath: security.toml
  169. - name: ca-cert
  170. readOnly: true
  171. mountPath: /usr/local/share/ca-certificates/ca/
  172. - name: master-cert
  173. readOnly: true
  174. mountPath: /usr/local/share/ca-certificates/master/
  175. - name: volume-cert
  176. readOnly: true
  177. mountPath: /usr/local/share/ca-certificates/volume/
  178. - name: filer-cert
  179. readOnly: true
  180. mountPath: /usr/local/share/ca-certificates/filer/
  181. - name: client-cert
  182. readOnly: true
  183. mountPath: /usr/local/share/ca-certificates/client/
  184. {{- end }}
  185. {{ tpl .Values.filer.extraVolumeMounts . | nindent 12 | trim }}
  186. {{- end }}
  187. ports:
  188. - containerPort: {{ .Values.filer.port }}
  189. name: swfs-filer
  190. - containerPort: {{ .Values.filer.grpcPort }}
  191. #name: swfs-filer-grpc
  192. readinessProbe:
  193. httpGet:
  194. path: /
  195. port: {{ .Values.filer.port }}
  196. scheme: HTTP
  197. initialDelaySeconds: 10
  198. periodSeconds: 15
  199. successThreshold: 1
  200. failureThreshold: 100
  201. timeoutSeconds: 10
  202. livenessProbe:
  203. httpGet:
  204. path: /
  205. port: {{ .Values.filer.port }}
  206. scheme: HTTP
  207. initialDelaySeconds: 20
  208. periodSeconds: 30
  209. successThreshold: 1
  210. failureThreshold: 5
  211. timeoutSeconds: 10
  212. {{- if .Values.filer.resources }}
  213. resources:
  214. {{ tpl .Values.filer.resources . | nindent 12 | trim }}
  215. {{- end }}
  216. volumes:
  217. - name: seaweedfs-filer-log-volume
  218. hostPath:
  219. path: /storage/logs/seaweedfs/filer
  220. type: DirectoryOrCreate
  221. - name: db-schema-config-volume
  222. configMap:
  223. name: seaweedfs-db-init-config
  224. - name: config-users
  225. secret:
  226. defaultMode: 420
  227. secretName: seaweedfs-s3-secret
  228. {{- if .Values.global.enableSecurity }}
  229. - name: security-config
  230. configMap:
  231. name: {{ template "seaweedfs.name" . }}-security-config
  232. - name: ca-cert
  233. secret:
  234. secretName: {{ template "seaweedfs.name" . }}-ca-cert
  235. - name: master-cert
  236. secret:
  237. secretName: {{ template "seaweedfs.name" . }}-master-cert
  238. - name: volume-cert
  239. secret:
  240. secretName: {{ template "seaweedfs.name" . }}-volume-cert
  241. - name: filer-cert
  242. secret:
  243. secretName: {{ template "seaweedfs.name" . }}-filer-cert
  244. - name: client-cert
  245. secret:
  246. secretName: {{ template "seaweedfs.name" . }}-client-cert
  247. {{- end }}
  248. {{ tpl .Values.filer.extraVolumes . | indent 8 | trim }}
  249. {{- if .Values.filer.nodeSelector }}
  250. nodeSelector:
  251. {{ tpl .Values.filer.nodeSelector . | indent 8 | trim }}
  252. {{- end }}
  253. {{/* volumeClaimTemplates:*/}}
  254. {{/* - metadata:*/}}
  255. {{/* name: data-{{ .Release.Namespace }}*/}}
  256. {{/* spec:*/}}
  257. {{/* accessModes:*/}}
  258. {{/* - ReadWriteOnce*/}}
  259. {{/* resources:*/}}
  260. {{/* requests:*/}}
  261. {{/* storage: {{ .Values.filer.storage }}*/}}
  262. {{/* {{- if .Values.filer.storageClass }}*/}}
  263. {{/* storageClassName: {{ .Values.filer.storageClass }}*/}}
  264. {{/* {{- end }}*/}}
  265. {{- end }}