Browse Source
SEAWEEDFS-K8S: helm chart
SEAWEEDFS-K8S: helm chart
seaweedfs on k8s deployment through helm chart & stateful setspull/1213/head
LazyDBA247-Anyvision
5 years ago
24 changed files with 2977 additions and 0 deletions
-
23k8s/README.md
-
22k8s/seaweedfs/.helmignore
-
4k8s/seaweedfs/Chart.yaml
-
114k8s/seaweedfs/templates/_helpers.tpl
-
14k8s/seaweedfs/templates/ca-cert.yaml
-
8k8s/seaweedfs/templates/cert-clusterissuer.yaml
-
33k8s/seaweedfs/templates/client-cert.yaml
-
33k8s/seaweedfs/templates/filer-cert.yaml
-
22k8s/seaweedfs/templates/filer-service.yaml
-
210k8s/seaweedfs/templates/filer-statefulset.yaml
-
59k8s/seaweedfs/templates/ingress.yaml
-
33k8s/seaweedfs/templates/master-cert.yaml
-
24k8s/seaweedfs/templates/master-service.yaml
-
199k8s/seaweedfs/templates/master-statefulset.yaml
-
159k8s/seaweedfs/templates/s3-deployment.yaml
-
17k8s/seaweedfs/templates/s3-service.yaml
-
1352k8s/seaweedfs/templates/seaweefs-grafana-dashboard.yaml
-
14k8s/seaweedfs/templates/secret-seaweedfs-db.yaml
-
52k8s/seaweedfs/templates/security-configmap.yaml
-
29k8s/seaweedfs/templates/service-account.yaml
-
33k8s/seaweedfs/templates/volume-cert.yaml
-
22k8s/seaweedfs/templates/volume-service.yaml
-
187k8s/seaweedfs/templates/volume-statefulset.yaml
-
314k8s/seaweedfs/values.yaml
@ -0,0 +1,23 @@ |
|||||
|
## SEAWEEDFS - helm chart (2.x) |
||||
|
|
||||
|
### info: |
||||
|
* master/filer/volume are stateful sets with anti-affinity on the hostname, |
||||
|
so your deployment will be spread/HA. |
||||
|
* chart is using memsql(mysql) as the filer backend to enable HA (multiple filer instances) |
||||
|
and backup/HA memsql can provide. |
||||
|
* mysql user/password are created in a k8s secret (secret-seaweedfs-db.yaml) and injected to the filer |
||||
|
with ENV. |
||||
|
* cert config exists and can be enabled, but not been tested. |
||||
|
|
||||
|
### current instances config (AIO): |
||||
|
1 instance for each type (master/filer/volume/s3) |
||||
|
|
||||
|
instances need node labels: |
||||
|
* sw-volume: true (for volume instance, specific tag) |
||||
|
* sw-backend: true (for all others, as they less resource demanding) |
||||
|
|
||||
|
you can update the replicas count for each node type in values.yaml, |
||||
|
need to add more nodes with the corresponding label. |
||||
|
|
||||
|
most of the configuration are available through values.yaml |
||||
|
|
@ -0,0 +1,22 @@ |
|||||
|
# Patterns to ignore when building packages. |
||||
|
# This supports shell glob matching, relative path matching, and |
||||
|
# negation (prefixed with !). Only one pattern per line. |
||||
|
.DS_Store |
||||
|
# Common VCS dirs |
||||
|
.git/ |
||||
|
.gitignore |
||||
|
.bzr/ |
||||
|
.bzrignore |
||||
|
.hg/ |
||||
|
.hgignore |
||||
|
.svn/ |
||||
|
# Common backup files |
||||
|
*.swp |
||||
|
*.bak |
||||
|
*.tmp |
||||
|
*~ |
||||
|
# Various IDEs |
||||
|
.project |
||||
|
.idea/ |
||||
|
*.tmproj |
||||
|
.vscode/ |
@ -0,0 +1,4 @@ |
|||||
|
apiVersion: v1 |
||||
|
description: SeaweedFS |
||||
|
name: seaweedfs |
||||
|
version: 1.57 |
@ -0,0 +1,114 @@ |
|||||
|
{{/* |
||||
|
Create a default fully qualified app name. |
||||
|
We truncate at 63 chars because some Kubernetes name fields are limited to |
||||
|
this (by the DNS naming spec). If release name contains chart name it will |
||||
|
be used as a full name. |
||||
|
*/}} |
||||
|
{{- define "seaweedfs.fullname" -}} |
||||
|
{{- if .Values.fullnameOverride -}} |
||||
|
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} |
||||
|
{{- else -}} |
||||
|
{{- $name := default .Chart.Name .Values.nameOverride -}} |
||||
|
{{- if contains $name .Release.Name -}} |
||||
|
{{- .Release.Name | trunc 63 | trimSuffix "-" -}} |
||||
|
{{- else -}} |
||||
|
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* |
||||
|
Create chart name and version as used by the chart label. |
||||
|
*/}} |
||||
|
{{- define "seaweedfs.chart" -}} |
||||
|
{{- printf "%s-helm" .Chart.Name | replace "+" "_" | trunc 63 | trimSuffix "-" -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* |
||||
|
Expand the name of the chart. |
||||
|
*/}} |
||||
|
{{- define "seaweedfs.name" -}} |
||||
|
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* |
||||
|
Inject extra environment vars in the format key:value, if populated |
||||
|
*/}} |
||||
|
{{- define "seaweedfs.extraEnvironmentVars" -}} |
||||
|
{{- if .extraEnvironmentVars -}} |
||||
|
{{- range $key, $value := .extraEnvironmentVars }} |
||||
|
- name: {{ $key }} |
||||
|
value: {{ $value | quote }} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* Return the proper filer image */}} |
||||
|
{{- define "filer.image" -}} |
||||
|
{{- if .Values.filer.imageOverride -}} |
||||
|
{{- $imageOverride := .Values.filer.imageOverride -}} |
||||
|
{{- printf "%s" $imageOverride -}} |
||||
|
{{- else -}} |
||||
|
{{- $registryName := default .Values.image.registry .Values.global.localRegistry | toString -}} |
||||
|
{{- $repositoryName := .Values.image.repository | toString -}} |
||||
|
{{- $name := .Values.global.imageName | toString -}} |
||||
|
{{- $tag := .Values.global.imageTag | toString -}} |
||||
|
{{- printf "%s%s%s:%s" $registryName $repositoryName $name $tag -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* Return the proper postgresqlSchema image */}} |
||||
|
{{- define "filer.dbSchema.image" -}} |
||||
|
{{- if .Values.filer.dbSchema.imageOverride -}} |
||||
|
{{- $imageOverride := .Values.filer.dbSchema.imageOverride -}} |
||||
|
{{- printf "%s" $imageOverride -}} |
||||
|
{{- else -}} |
||||
|
{{- $registryName := default .Values.global.registry .Values.global.localRegistry | toString -}} |
||||
|
{{- $repositoryName := .Values.global.repository | toString -}} |
||||
|
{{- $name := .Values.filer.dbSchema.imageName | toString -}} |
||||
|
{{- $tag := .Values.filer.dbSchema.imageTag | toString -}} |
||||
|
{{- printf "%s%s%s:%s" $registryName $repositoryName $name $tag -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* Return the proper master image */}} |
||||
|
{{- define "master.image" -}} |
||||
|
{{- if .Values.master.imageOverride -}} |
||||
|
{{- $imageOverride := .Values.master.imageOverride -}} |
||||
|
{{- printf "%s" $imageOverride -}} |
||||
|
{{- else -}} |
||||
|
{{- $registryName := default .Values.image.registry .Values.global.localRegistry | toString -}} |
||||
|
{{- $repositoryName := .Values.image.repository | toString -}} |
||||
|
{{- $name := .Values.global.imageName | toString -}} |
||||
|
{{- $tag := .Values.global.imageTag | toString -}} |
||||
|
{{- printf "%s%s%s:%s" $registryName $repositoryName $name $tag -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* Return the proper s3 image */}} |
||||
|
{{- define "s3.image" -}} |
||||
|
{{- if .Values.s3.imageOverride -}} |
||||
|
{{- $imageOverride := .Values.s3.imageOverride -}} |
||||
|
{{- printf "%s" $imageOverride -}} |
||||
|
{{- else -}} |
||||
|
{{- $registryName := default .Values.image.registry .Values.global.localRegistry | toString -}} |
||||
|
{{- $repositoryName := .Values.image.repository | toString -}} |
||||
|
{{- $name := .Values.global.imageName | toString -}} |
||||
|
{{- $tag := .Values.global.imageTag | toString -}} |
||||
|
{{- printf "%s%s%s:%s" $registryName $repositoryName $name $tag -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
||||
|
|
||||
|
{{/* Return the proper volume image */}} |
||||
|
{{- define "volume.image" -}} |
||||
|
{{- if .Values.volume.imageOverride -}} |
||||
|
{{- $imageOverride := .Values.volume.imageOverride -}} |
||||
|
{{- printf "%s" $imageOverride -}} |
||||
|
{{- else -}} |
||||
|
{{- $registryName := default .Values.image.registry .Values.global.localRegistry | toString -}} |
||||
|
{{- $repositoryName := .Values.image.repository | toString -}} |
||||
|
{{- $name := .Values.global.imageName | toString -}} |
||||
|
{{- $tag := .Values.global.imageTag | toString -}} |
||||
|
{{- printf "%s%s%s:%s" $registryName $repositoryName $name $tag -}} |
||||
|
{{- end -}} |
||||
|
{{- end -}} |
@ -0,0 +1,14 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: certmanager.k8s.io/v1alpha1 |
||||
|
kind: Certificate |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-ca-cert |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
spec: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-ca-cert |
||||
|
commonName: "{{ template "seaweedfs.name" . }}-root-ca" |
||||
|
isCA: true |
||||
|
issuerRef: |
||||
|
name: {{ template "seaweedfs.name" . }}-clusterissuer |
||||
|
kind: ClusterIssuer |
||||
|
{{- end }} |
@ -0,0 +1,8 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: certmanager.k8s.io/v1alpha1 |
||||
|
kind: ClusterIssuer |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-clusterissuer |
||||
|
spec: |
||||
|
selfSigned: {} |
||||
|
{{- end }} |
@ -0,0 +1,33 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: certmanager.k8s.io/v1alpha1 |
||||
|
kind: Certificate |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-client-cert |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
spec: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-client-cert |
||||
|
issuerRef: |
||||
|
name: {{ template "seaweedfs.name" . }}-clusterissuer |
||||
|
kind: ClusterIssuer |
||||
|
commonName: {{ .Values.certificates.commonName }} |
||||
|
organization: |
||||
|
- "SeaweedFS CA" |
||||
|
dnsNames: |
||||
|
- '*.{{ .Release.Namespace }}' |
||||
|
- '*.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
{{- if .Values.certificates.ipAddresses }} |
||||
|
ipAddresses: |
||||
|
{{- range .Values.certificates.ipAddresses }} |
||||
|
- {{ . }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
keyAlgorithm: {{ .Values.certificates.keyAlgorithm }} |
||||
|
keySize: {{ .Values.certificates.keySize }} |
||||
|
duration: {{ .Values.certificates.duration }} |
||||
|
renewBefore: {{ .Values.certificates.renewBefore }} |
||||
|
{{- end }} |
@ -0,0 +1,33 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: certmanager.k8s.io/v1alpha1 |
||||
|
kind: Certificate |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-filer-cert |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
spec: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-filer-cert |
||||
|
issuerRef: |
||||
|
name: {{ template "seaweedfs.name" . }}-clusterissuer |
||||
|
kind: ClusterIssuer |
||||
|
commonName: {{ .Values.certificates.commonName }} |
||||
|
organization: |
||||
|
- "SeaweedFS CA" |
||||
|
dnsNames: |
||||
|
- '*.{{ .Release.Namespace }}' |
||||
|
- '*.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
{{- if .Values.certificates.ipAddresses }} |
||||
|
ipAddresses: |
||||
|
{{- range .Values.certificates.ipAddresses }} |
||||
|
- {{ . }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
keyAlgorithm: {{ .Values.certificates.keyAlgorithm }} |
||||
|
keySize: {{ .Values.certificates.keySize }} |
||||
|
duration: {{ .Values.certificates.duration }} |
||||
|
renewBefore: {{ .Values.certificates.renewBefore }} |
||||
|
{{- end }} |
@ -0,0 +1,22 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-filer |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: filer |
||||
|
spec: |
||||
|
clusterIP: None |
||||
|
ports: |
||||
|
- name: "swfs-filer" |
||||
|
port: {{ .Values.filer.port }} |
||||
|
targetPort: {{ .Values.filer.port }} |
||||
|
protocol: TCP |
||||
|
- name: "swfs-filer-grpc" |
||||
|
port: {{ .Values.filer.grpcPort }} |
||||
|
targetPort: {{ .Values.filer.grpcPort }} |
||||
|
protocol: TCP |
||||
|
selector: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: filer |
@ -0,0 +1,210 @@ |
|||||
|
{{- if .Values.filer.enabled }} |
||||
|
apiVersion: apps/v1 |
||||
|
kind: StatefulSet |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-filer |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
heritage: {{ .Release.Service }} |
||||
|
release: {{ .Release.Name }} |
||||
|
spec: |
||||
|
serviceName: {{ template "seaweedfs.name" . }}-filer |
||||
|
podManagementPolicy: Parallel |
||||
|
replicas: {{ .Values.filer.replicas }} |
||||
|
{{- if (gt (int .Values.filer.updatePartition) 0) }} |
||||
|
updateStrategy: |
||||
|
type: RollingUpdate |
||||
|
rollingUpdate: |
||||
|
partition: {{ .Values.filer.updatePartition }} |
||||
|
{{- end }} |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: filer |
||||
|
template: |
||||
|
metadata: |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: filer |
||||
|
spec: |
||||
|
restartPolicy: {{ default .Values.global.restartPolicy .Values.filer.restartPolicy }} |
||||
|
{{- if .Values.filer.affinity }} |
||||
|
affinity: |
||||
|
{{ tpl .Values.filer.affinity . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.filer.tolerations }} |
||||
|
tolerations: |
||||
|
{{ tpl .Values.filer.tolerations . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.global.imagePullSecrets }} |
||||
|
imagePullSecrets: |
||||
|
- name: {{ .Values.global.imagePullSecrets }} |
||||
|
{{- end }} |
||||
|
serviceAccountName: seaweefds-rw-sa #hack for delete pod master after migration |
||||
|
terminationGracePeriodSeconds: 60 |
||||
|
{{- if .Values.filer.priorityClassName }} |
||||
|
priorityClassName: {{ .Values.filer.priorityClassName | quote }} |
||||
|
{{- end }} |
||||
|
enableServiceLinks: false |
||||
|
containers: |
||||
|
- name: seaweedfs |
||||
|
image: {{ template "filer.image" . }} |
||||
|
imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} |
||||
|
env: |
||||
|
- name: POD_IP |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: status.podIP |
||||
|
- name: POD_NAME |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.name |
||||
|
- name: NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
- name: WEED_MYSQL_USERNAME |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: secret-seaweedfs-db |
||||
|
key: user |
||||
|
- name: WEED_MYSQL_PASSWORD |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: secret-seaweedfs-db |
||||
|
key: password |
||||
|
- name: SEAWEEDFS_FULLNAME |
||||
|
value: "{{ template "seaweedfs.name" . }}" |
||||
|
{{- if .Values.filer.extraEnvironmentVars }} |
||||
|
{{- range $key, $value := .Values.filer.extraEnvironmentVars }} |
||||
|
- name: {{ $key }} |
||||
|
value: {{ $value | quote }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
command: |
||||
|
- "/bin/sh" |
||||
|
- "-ec" |
||||
|
- | |
||||
|
exec /usr/bin/weed -logdir=/logs \ |
||||
|
{{- if .Values.filer.loggingOverrideLevel }} |
||||
|
-v={{ .Values.filer.loggingOverrideLevel }} \ |
||||
|
{{- else }} |
||||
|
-v={{ .Values.global.loggingLevel }} \ |
||||
|
{{- end }} |
||||
|
filer \ |
||||
|
-port={{ .Values.filer.port }} \ |
||||
|
{{- if .Values.filer.redirectOnRead }} |
||||
|
-redirectOnRead \ |
||||
|
{{- end }} |
||||
|
{{- if .Values.filer.disableHttp }} |
||||
|
-disableHttp \ |
||||
|
{{- end }} |
||||
|
{{- if .Values.filer.disableDirListing }} |
||||
|
-disableDirListing \ |
||||
|
{{- end }} |
||||
|
-dirListLimit={{ .Values.filer.dirListLimit }} \ |
||||
|
-ip=${POD_IP} \ |
||||
|
-master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} |
||||
|
{{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }} |
||||
|
volumeMounts: |
||||
|
- name: seaweedfs-filer-log-volume |
||||
|
mountPath: "/logs/" |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
readOnly: true |
||||
|
mountPath: /etc/seaweedfs/security.toml |
||||
|
subPath: security.toml |
||||
|
- name: ca-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/ca/ |
||||
|
- name: master-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/master/ |
||||
|
- name: volume-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/volume/ |
||||
|
- name: filer-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/filer/ |
||||
|
- name: client-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/client/ |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.filer.extraVolumeMounts . | nindent 12 | trim }} |
||||
|
{{- end }} |
||||
|
ports: |
||||
|
- containerPort: {{ .Values.filer.port }} |
||||
|
name: swfs-filer |
||||
|
- containerPort: {{ .Values.filer.grpcPort }} |
||||
|
#name: swfs-filer-grpc |
||||
|
readinessProbe: |
||||
|
httpGet: |
||||
|
path: / |
||||
|
port: {{ .Values.filer.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 10 |
||||
|
periodSeconds: 15 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 100 |
||||
|
livenessProbe: |
||||
|
httpGet: |
||||
|
path: / |
||||
|
port: {{ .Values.filer.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 20 |
||||
|
periodSeconds: 30 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 5 |
||||
|
{{- if .Values.filer.resources }} |
||||
|
resources: |
||||
|
{{ tpl .Values.filer.resources . | nindent 12 | trim }} |
||||
|
{{- end }} |
||||
|
volumes: |
||||
|
- name: seaweedfs-filer-log-volume |
||||
|
hostPath: |
||||
|
path: /storage/logs/seaweedfs/filer |
||||
|
type: DirectoryOrCreate |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
configMap: |
||||
|
name: {{ template "seaweedfs.name" . }}-security-config |
||||
|
- name: ca-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-ca-cert |
||||
|
- name: master-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-master-cert |
||||
|
- name: volume-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-volume-cert |
||||
|
- name: filer-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-filer-cert |
||||
|
- name: client-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-client-cert |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.filer.extraVolumes . | indent 8 | trim }} |
||||
|
{{- if .Values.filer.nodeSelector }} |
||||
|
nodeSelector: |
||||
|
{{ tpl .Values.filer.nodeSelector . | indent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{/* volumeClaimTemplates:*/}} |
||||
|
{{/* - metadata:*/}} |
||||
|
{{/* name: data-{{ .Release.Namespace }}*/}} |
||||
|
{{/* spec:*/}} |
||||
|
{{/* accessModes:*/}} |
||||
|
{{/* - ReadWriteOnce*/}} |
||||
|
{{/* resources:*/}} |
||||
|
{{/* requests:*/}} |
||||
|
{{/* storage: {{ .Values.filer.storage }}*/}} |
||||
|
{{/* {{- if .Values.filer.storageClass }}*/}} |
||||
|
{{/* storageClassName: {{ .Values.filer.storageClass }}*/}} |
||||
|
{{/* {{- end }}*/}} |
||||
|
{{- end }} |
@ -0,0 +1,59 @@ |
|||||
|
apiVersion: extensions/v1beta1 |
||||
|
kind: Ingress |
||||
|
metadata: |
||||
|
name: ingress-{{ template "seaweedfs.name" . }}-filer |
||||
|
annotations: |
||||
|
kubernetes.io/ingress.class: "nginx" |
||||
|
nginx.ingress.kubernetes.io/auth-type: "basic" |
||||
|
nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret" |
||||
|
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Filer' |
||||
|
nginx.ingress.kubernetes.io/service-upstream: "true" |
||||
|
nginx.ingress.kubernetes.io/rewrite-target: /$1 |
||||
|
nginx.ingress.kubernetes.io/use-regex: "true" |
||||
|
nginx.ingress.kubernetes.io/enable-rewrite-log: "true" |
||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "false" |
||||
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "false" |
||||
|
nginx.ingress.kubernetes.io/configuration-snippet: | |
||||
|
sub_filter '<head>' '<head> <base href="/sw-filer/">'; #add base url |
||||
|
sub_filter '="/' '="./'; #make absolute paths to relative |
||||
|
sub_filter '=/' '=./'; |
||||
|
sub_filter '/seaweedfsstatic' './seaweedfsstatic'; |
||||
|
sub_filter_once off; |
||||
|
spec: |
||||
|
rules: |
||||
|
- http: |
||||
|
paths: |
||||
|
- path: /sw-filer/?(.*) |
||||
|
backend: |
||||
|
serviceName: {{ template "seaweedfs.name" . }}-filer |
||||
|
servicePort: {{ .Values.filer.port }} |
||||
|
--- |
||||
|
apiVersion: extensions/v1beta1 |
||||
|
kind: Ingress |
||||
|
metadata: |
||||
|
name: ingress-{{ template "seaweedfs.name" . }}-master |
||||
|
annotations: |
||||
|
kubernetes.io/ingress.class: "nginx" |
||||
|
nginx.ingress.kubernetes.io/auth-type: "basic" |
||||
|
nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret" |
||||
|
nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Master' |
||||
|
nginx.ingress.kubernetes.io/service-upstream: "true" |
||||
|
nginx.ingress.kubernetes.io/rewrite-target: /$1 |
||||
|
nginx.ingress.kubernetes.io/use-regex: "true" |
||||
|
nginx.ingress.kubernetes.io/enable-rewrite-log: "true" |
||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "false" |
||||
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "false" |
||||
|
nginx.ingress.kubernetes.io/configuration-snippet: | |
||||
|
sub_filter '<head>' '<head> <base href="/sw-master/">'; #add base url |
||||
|
sub_filter '="/' '="./'; #make absolute paths to relative |
||||
|
sub_filter '=/' '=./'; |
||||
|
sub_filter '/seaweedfsstatic' './seaweedfsstatic'; |
||||
|
sub_filter_once off; |
||||
|
spec: |
||||
|
rules: |
||||
|
- http: |
||||
|
paths: |
||||
|
- path: /sw-master/?(.*) |
||||
|
backend: |
||||
|
serviceName: {{ template "seaweedfs.name" . }}-master |
||||
|
servicePort: {{ .Values.master.port }} |
@ -0,0 +1,33 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: certmanager.k8s.io/v1alpha1 |
||||
|
kind: Certificate |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-master-cert |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
spec: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-master-cert |
||||
|
issuerRef: |
||||
|
name: {{ template "seaweedfs.name" . }}-clusterissuer |
||||
|
kind: ClusterIssuer |
||||
|
commonName: {{ .Values.certificates.commonName }} |
||||
|
organization: |
||||
|
- "SeaweedFS CA" |
||||
|
dnsNames: |
||||
|
- '*.{{ .Release.Namespace }}' |
||||
|
- '*.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
{{- if .Values.certificates.ipAddresses }} |
||||
|
ipAddresses: |
||||
|
{{- range .Values.certificates.ipAddresses }} |
||||
|
- {{ . }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
keyAlgorithm: {{ .Values.certificates.keyAlgorithm }} |
||||
|
keySize: {{ .Values.certificates.keySize }} |
||||
|
duration: {{ .Values.certificates.duration }} |
||||
|
renewBefore: {{ .Values.certificates.renewBefore }} |
||||
|
{{- end }} |
@ -0,0 +1,24 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-master |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: master |
||||
|
annotations: |
||||
|
service.alpha.kubernetes.io/tolerate-unready-endpoints: "true" |
||||
|
spec: |
||||
|
clusterIP: None |
||||
|
ports: |
||||
|
- name: "swfs-master" |
||||
|
port: {{ .Values.master.port }} |
||||
|
targetPort: {{ .Values.master.port }} |
||||
|
protocol: TCP |
||||
|
- name: "swfs-master-grpc" |
||||
|
port: {{ .Values.master.grpcPort }} |
||||
|
targetPort: {{ .Values.master.grpcPort }} |
||||
|
protocol: TCP |
||||
|
selector: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: master |
@ -0,0 +1,199 @@ |
|||||
|
{{- if .Values.master.enabled }} |
||||
|
apiVersion: apps/v1 |
||||
|
kind: StatefulSet |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-master |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
heritage: {{ .Release.Service }} |
||||
|
release: {{ .Release.Name }} |
||||
|
spec: |
||||
|
serviceName: {{ template "seaweedfs.name" . }}-master |
||||
|
podManagementPolicy: Parallel |
||||
|
replicas: {{ .Values.master.replicas }} |
||||
|
{{- if (gt (int .Values.master.updatePartition) 0) }} |
||||
|
updateStrategy: |
||||
|
type: RollingUpdate |
||||
|
rollingUpdate: |
||||
|
partition: {{ .Values.master.updatePartition }} |
||||
|
{{- end }} |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: master |
||||
|
template: |
||||
|
metadata: |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: master |
||||
|
spec: |
||||
|
restartPolicy: {{ default .Values.global.restartPolicy .Values.master.restartPolicy }} |
||||
|
{{- if .Values.master.affinity }} |
||||
|
affinity: |
||||
|
{{ tpl .Values.master.affinity . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.master.tolerations }} |
||||
|
tolerations: |
||||
|
{{ tpl .Values.master.tolerations . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.global.imagePullSecrets }} |
||||
|
imagePullSecrets: |
||||
|
- name: {{ .Values.global.imagePullSecrets }} |
||||
|
{{- end }} |
||||
|
terminationGracePeriodSeconds: 60 |
||||
|
{{- if .Values.master.priorityClassName }} |
||||
|
priorityClassName: {{ .Values.master.priorityClassName | quote }} |
||||
|
{{- end }} |
||||
|
enableServiceLinks: false |
||||
|
containers: |
||||
|
- name: seaweedfs |
||||
|
image: {{ template "master.image" . }} |
||||
|
imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} |
||||
|
env: |
||||
|
- name: POD_IP |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: status.podIP |
||||
|
- name: POD_NAME |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.name |
||||
|
- name: NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
- name: SEAWEEDFS_FULLNAME |
||||
|
value: "{{ template "seaweedfs.name" . }}" |
||||
|
command: |
||||
|
- "/bin/sh" |
||||
|
- "-ec" |
||||
|
- | |
||||
|
exec /usr/bin/weed -logdir=/logs \ |
||||
|
{{- if .Values.master.loggingOverrideLevel }} |
||||
|
-v={{ .Values.master.loggingOverrideLevel }} \ |
||||
|
{{- else }} |
||||
|
-v={{ .Values.global.loggingLevel }} \ |
||||
|
{{- end }} |
||||
|
master \ |
||||
|
-port={{ .Values.master.port }} \ |
||||
|
-mdir=/data \ |
||||
|
-ip.bind={{ .Values.master.ipBind }} \ |
||||
|
{{- if .Values.master.volumePreallocate }} |
||||
|
-volumePreallocate \ |
||||
|
{{- end }} |
||||
|
{{- if .Values.global.monitoring.enabled }} |
||||
|
-metrics.address="{{ .Values.global.monitoring.gatewayHost }}:{{ .Values.global.monitoring.gatewayPort }}" \ |
||||
|
{{- end }} |
||||
|
-volumeSizeLimitMB={{ .Values.master.volumeSizeLimitMB }} \ |
||||
|
{{- if .Values.master.disableHttp }} |
||||
|
-disableHttp \ |
||||
|
{{- end }} |
||||
|
-ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-master \ |
||||
|
-peers={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} |
||||
|
volumeMounts: |
||||
|
- name : data-{{ .Release.Namespace }} |
||||
|
mountPath: /data |
||||
|
- name: seaweedfs-master-log-volume |
||||
|
mountPath: "/logs/" |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
readOnly: true |
||||
|
mountPath: /etc/seaweedfs/security.toml |
||||
|
subPath: security.toml |
||||
|
- name: ca-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/ca/ |
||||
|
- name: master-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/master/ |
||||
|
- name: volume-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/volume/ |
||||
|
- name: filer-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/filer/ |
||||
|
- name: client-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/client/ |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.master.extraVolumeMounts . | nindent 12 | trim }} |
||||
|
ports: |
||||
|
- containerPort: {{ .Values.master.port }} |
||||
|
name: swfs-master |
||||
|
- containerPort: {{ .Values.master.grpcPort }} |
||||
|
#name: swfs-master-grpc |
||||
|
readinessProbe: |
||||
|
httpGet: |
||||
|
path: /cluster/status |
||||
|
port: {{ .Values.master.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 5 |
||||
|
periodSeconds: 15 |
||||
|
successThreshold: 2 |
||||
|
failureThreshold: 100 |
||||
|
livenessProbe: |
||||
|
httpGet: |
||||
|
path: /cluster/status |
||||
|
port: {{ .Values.master.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 20 |
||||
|
periodSeconds: 10 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 6 |
||||
|
{{- if .Values.master.resources }} |
||||
|
resources: |
||||
|
{{ tpl .Values.master.resources . | nindent 12 | trim }} |
||||
|
{{- end }} |
||||
|
volumes: |
||||
|
- name: seaweedfs-master-log-volume |
||||
|
hostPath: |
||||
|
path: /storage/logs/seaweedfs/master |
||||
|
type: DirectoryOrCreate |
||||
|
- name: data-{{ .Release.Namespace }} |
||||
|
hostPath: |
||||
|
path: /ssd/seaweed-master/ |
||||
|
type: DirectoryOrCreate |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
configMap: |
||||
|
name: {{ template "seaweedfs.name" . }}-security-config |
||||
|
- name: ca-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-ca-cert |
||||
|
- name: master-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-master-cert |
||||
|
- name: volume-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-volume-cert |
||||
|
- name: filer-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-filer-cert |
||||
|
- name: client-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-client-cert |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.master.extraVolumes . | indent 8 | trim }} |
||||
|
{{- if .Values.master.nodeSelector }} |
||||
|
nodeSelector: |
||||
|
{{ tpl .Values.master.nodeSelector . | indent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{/* volumeClaimTemplates:*/}} |
||||
|
{{/* - metadata:*/}} |
||||
|
{{/* name: data-{{ .Release.Namespace }}*/}} |
||||
|
{{/* spec:*/}} |
||||
|
{{/* accessModes:*/}} |
||||
|
{{/* - ReadWriteOnce*/}} |
||||
|
{{/* resources:*/}} |
||||
|
{{/* requests:*/}} |
||||
|
{{/* storage: {{ .Values.master.storage }}*/}} |
||||
|
{{/* {{- if .Values.master.storageClass }}*/}} |
||||
|
{{/* storageClassName: {{ .Values.master.storageClass }}*/}} |
||||
|
{{/* {{- end }}*/}} |
||||
|
{{- end }} |
@ -0,0 +1,159 @@ |
|||||
|
{{- if .Values.s3.enabled }} |
||||
|
apiVersion: apps/v1 |
||||
|
kind: Deployment |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-s3 |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
heritage: {{ .Release.Service }} |
||||
|
release: {{ .Release.Name }} |
||||
|
spec: |
||||
|
serviceName: {{ template "seaweedfs.name" . }}-s3 |
||||
|
replicas: {{ .Values.s3.replicas }} |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: s3 |
||||
|
template: |
||||
|
metadata: |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: s3 |
||||
|
spec: |
||||
|
restartPolicy: {{ default .Values.global.restartPolicy .Values.s3.restartPolicy }} |
||||
|
{{- if .Values.s3.tolerations }} |
||||
|
tolerations: |
||||
|
{{ tpl .Values.s3.tolerations . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.global.imagePullSecrets }} |
||||
|
imagePullSecrets: |
||||
|
- name: {{ .Values.global.imagePullSecrets }} |
||||
|
{{- end }} |
||||
|
terminationGracePeriodSeconds: 10 |
||||
|
{{- if .Values.s3.priorityClassName }} |
||||
|
priorityClassName: {{ .Values.s3.priorityClassName | quote }} |
||||
|
{{- end }} |
||||
|
enableServiceLinks: false |
||||
|
containers: |
||||
|
- name: seaweedfs |
||||
|
image: {{ template "s3.image" . }} |
||||
|
imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} |
||||
|
env: |
||||
|
- name: POD_IP |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: status.podIP |
||||
|
- name: POD_NAME |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.name |
||||
|
- name: NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
- name: SEAWEEDFS_FULLNAME |
||||
|
value: "{{ template "seaweedfs.name" . }}" |
||||
|
command: |
||||
|
- "/bin/sh" |
||||
|
- "-ec" |
||||
|
- | |
||||
|
exec /usr/bin/weed \ |
||||
|
{{- if .Values.s3.loggingOverrideLevel }} |
||||
|
-v={{ .Values.s3.loggingOverrideLevel }} \ |
||||
|
{{- else }} |
||||
|
-v={{ .Values.global.loggingLevel }} \ |
||||
|
{{- end }} |
||||
|
s3 \ |
||||
|
-port={{ .Values.s3.port }} \ |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
-cert.file=/usr/local/share/ca-certificates/client/tls.crt \ |
||||
|
-key.file=/usr/local/share/ca-certificates/client/tls.key \ |
||||
|
{{- end }} |
||||
|
-filer.dir.buckets={{ .Values.s3.filerDirBuckets }} \ |
||||
|
{{- if .Values.s3.domainName }} |
||||
|
-domainName={{ .Values.s3.domainName }} \ |
||||
|
{{- end }} |
||||
|
-filer={{ template "seaweedfs.name" . }}-filer:{{ .Values.filer.port }} |
||||
|
{{- if or (.Values.global.enableSecurity) (.Values.s3.extraVolumeMounts) }} |
||||
|
volumeMounts: |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
readOnly: true |
||||
|
mountPath: /etc/seaweedfs/security.toml |
||||
|
subPath: security.toml |
||||
|
- name: ca-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/ca/ |
||||
|
- name: master-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/master/ |
||||
|
- name: volume-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/volume/ |
||||
|
- name: filer-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/filer/ |
||||
|
- name: client-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/client/ |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.s3.extraVolumeMounts . | nindent 12 | trim }} |
||||
|
{{- end }} |
||||
|
ports: |
||||
|
- containerPort: {{ .Values.s3.port }} |
||||
|
name: swfs-s3 |
||||
|
readinessProbe: |
||||
|
httpGet: |
||||
|
path: / |
||||
|
port: {{ .Values.s3.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 15 |
||||
|
periodSeconds: 15 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 100 |
||||
|
livenessProbe: |
||||
|
httpGet: |
||||
|
path: / |
||||
|
port: {{ .Values.s3.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 20 |
||||
|
periodSeconds: 60 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 20 |
||||
|
{{- if .Values.s3.resources }} |
||||
|
resources: |
||||
|
{{ tpl .Values.s3.resources . | nindent 12 | trim }} |
||||
|
{{- end }} |
||||
|
volumes: |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
configMap: |
||||
|
name: {{ template "seaweedfs.name" . }}-security-config |
||||
|
- name: ca-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-ca-cert |
||||
|
- name: master-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-master-cert |
||||
|
- name: volume-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-volume-cert |
||||
|
- name: filer-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-filer-cert |
||||
|
- name: client-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-client-cert |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.s3.extraVolumes . | indent 8 | trim }} |
||||
|
{{- if .Values.s3.nodeSelector }} |
||||
|
nodeSelector: |
||||
|
{{ tpl .Values.s3.nodeSelector . | indent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
@ -0,0 +1,17 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-s3 |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: s3 |
||||
|
spec: |
||||
|
ports: |
||||
|
- name: "swfs-s3" |
||||
|
port: {{ .Values.s3.port }} |
||||
|
targetPort: {{ .Values.s3.port }} |
||||
|
protocol: TCP |
||||
|
selector: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: s3 |
1352
k8s/seaweedfs/templates/seaweefs-grafana-dashboard.yaml
File diff suppressed because it is too large
View File
File diff suppressed because it is too large
View File
@ -0,0 +1,14 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Secret |
||||
|
type: Opaque |
||||
|
metadata: |
||||
|
name: secret-seaweedfs-db |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
annotations: |
||||
|
"helm.sh/resource-policy": keep |
||||
|
"helm.sh/hook": "pre-install" |
||||
|
stringData: |
||||
|
user: {{ "YourSWUser" | b64enc }} |
||||
|
password: "HardCodedPassword" |
||||
|
# better to random generate and create in DB |
||||
|
# password: {{ randAlphaNum 10 | sha256sum | b64enc | trunc 32 }} |
@ -0,0 +1,52 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: v1 |
||||
|
kind: ConfigMap |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-security-config |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
heritage: {{ .Release.Service }} |
||||
|
release: {{ .Release.Name }} |
||||
|
data: |
||||
|
security.toml: |- |
||||
|
# this file is read by master, volume server, and filer |
||||
|
|
||||
|
# the jwt signing key is read by master and volume server |
||||
|
# a jwt expires in 10 seconds |
||||
|
[jwt.signing] |
||||
|
key = "{{ randAlphaNum 10 | b64enc }}" |
||||
|
|
||||
|
# all grpc tls authentications are mutual |
||||
|
# the values for the following ca, cert, and key are paths to the PERM files. |
||||
|
[grpc] |
||||
|
ca = "/usr/local/share/ca-certificates/ca/tls.crt" |
||||
|
|
||||
|
[grpc.volume] |
||||
|
cert = "/usr/local/share/ca-certificates/volume/tls.crt" |
||||
|
key = "/usr/local/share/ca-certificates/volume/tls.key" |
||||
|
|
||||
|
[grpc.master] |
||||
|
cert = "/usr/local/share/ca-certificates/master/tls.crt" |
||||
|
key = "/usr/local/share/ca-certificates/master/tls.key" |
||||
|
|
||||
|
[grpc.filer] |
||||
|
cert = "/usr/local/share/ca-certificates/filer/tls.crt" |
||||
|
key = "/usr/local/share/ca-certificates/filer/tls.key" |
||||
|
|
||||
|
# use this for any place needs a grpc client |
||||
|
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload" |
||||
|
[grpc.client] |
||||
|
cert = "/usr/local/share/ca-certificates/client/tls.crt" |
||||
|
key = "/usr/local/share/ca-certificates/client/tls.key" |
||||
|
|
||||
|
# volume server https options |
||||
|
# Note: work in progress! |
||||
|
# this does not work with other clients, e.g., "weed filer|mount" etc, yet. |
||||
|
[https.client] |
||||
|
enabled = false |
||||
|
[https.volume] |
||||
|
cert = "" |
||||
|
key = "" |
||||
|
{{- end }} |
@ -0,0 +1,29 @@ |
|||||
|
#hack for delete pod master after migration |
||||
|
--- |
||||
|
kind: ClusterRole |
||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1 |
||||
|
metadata: |
||||
|
name: seaweefds-rw-cr |
||||
|
rules: |
||||
|
- apiGroups: [""] |
||||
|
resources: ["pods"] |
||||
|
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] |
||||
|
--- |
||||
|
apiVersion: v1 |
||||
|
kind: ServiceAccount |
||||
|
metadata: |
||||
|
name: seaweefds-rw-sa |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
--- |
||||
|
kind: ClusterRoleBinding |
||||
|
apiVersion: rbac.authorization.k8s.io/v1beta1 |
||||
|
metadata: |
||||
|
name: system:serviceaccount:seaweefds-rw-sa:default |
||||
|
subjects: |
||||
|
- kind: ServiceAccount |
||||
|
name: seaweefds-rw-sa |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
roleRef: |
||||
|
apiGroup: rbac.authorization.k8s.io |
||||
|
kind: ClusterRole |
||||
|
name: seaweefds-rw-cr |
@ -0,0 +1,33 @@ |
|||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
apiVersion: certmanager.k8s.io/v1alpha1 |
||||
|
kind: Certificate |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-volume-cert |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
spec: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-volume-cert |
||||
|
issuerRef: |
||||
|
name: {{ template "seaweedfs.name" . }}-clusterissuer |
||||
|
kind: ClusterIssuer |
||||
|
commonName: {{ .Values.certificates.commonName }} |
||||
|
organization: |
||||
|
- "SeaweedFS CA" |
||||
|
dnsNames: |
||||
|
- '*.{{ .Release.Namespace }}' |
||||
|
- '*.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc' |
||||
|
- '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local' |
||||
|
{{- if .Values.certificates.ipAddresses }} |
||||
|
ipAddresses: |
||||
|
{{- range .Values.certificates.ipAddresses }} |
||||
|
- {{ . }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
||||
|
keyAlgorithm: {{ .Values.certificates.keyAlgorithm }} |
||||
|
keySize: {{ .Values.certificates.keySize }} |
||||
|
duration: {{ .Values.certificates.duration }} |
||||
|
renewBefore: {{ .Values.certificates.renewBefore }} |
||||
|
{{- end }} |
@ -0,0 +1,22 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Service |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-volume |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: volume |
||||
|
spec: |
||||
|
clusterIP: None |
||||
|
ports: |
||||
|
- name: "swfs-volume" |
||||
|
port: {{ .Values.volume.port }} |
||||
|
targetPort: {{ .Values.volume.port }} |
||||
|
protocol: TCP |
||||
|
- name: "swfs-volume-18080" |
||||
|
port: {{ .Values.volume.grpcPort }} |
||||
|
targetPort: {{ .Values.volume.grpcPort }} |
||||
|
protocol: TCP |
||||
|
selector: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
component: volume |
@ -0,0 +1,187 @@ |
|||||
|
{{- if .Values.volume.enabled }} |
||||
|
apiVersion: apps/v1 |
||||
|
kind: StatefulSet |
||||
|
metadata: |
||||
|
name: {{ template "seaweedfs.name" . }}-volume |
||||
|
namespace: {{ .Release.Namespace }} |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
heritage: {{ .Release.Service }} |
||||
|
release: {{ .Release.Name }} |
||||
|
spec: |
||||
|
serviceName: {{ template "seaweedfs.name" . }}-volume |
||||
|
replicas: {{ .Values.volume.replicas }} |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: volume |
||||
|
template: |
||||
|
metadata: |
||||
|
labels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
chart: {{ template "seaweedfs.chart" . }} |
||||
|
release: {{ .Release.Name }} |
||||
|
component: volume |
||||
|
spec: |
||||
|
{{- if .Values.volume.affinity }} |
||||
|
affinity: |
||||
|
{{ tpl .Values.volume.affinity . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
restartPolicy: {{ default .Values.global.restartPolicy .Values.volume.restartPolicy }} |
||||
|
{{- if .Values.volume.tolerations }} |
||||
|
tolerations: |
||||
|
{{ tpl .Values.volume.tolerations . | nindent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.global.imagePullSecrets }} |
||||
|
imagePullSecrets: |
||||
|
- name: {{ .Values.global.imagePullSecrets }} |
||||
|
{{- end }} |
||||
|
terminationGracePeriodSeconds: 10 |
||||
|
{{- if .Values.volume.priorityClassName }} |
||||
|
priorityClassName: {{ .Values.volume.priorityClassName | quote }} |
||||
|
{{- end }} |
||||
|
enableServiceLinks: false |
||||
|
containers: |
||||
|
- name: seaweedfs |
||||
|
image: {{ template "volume.image" . }} |
||||
|
imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }} |
||||
|
env: |
||||
|
- name: POD_NAME |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.name |
||||
|
- name: NAMESPACE |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: metadata.namespace |
||||
|
- name: HOST_IP |
||||
|
valueFrom: |
||||
|
fieldRef: |
||||
|
fieldPath: status.hostIP |
||||
|
- name: SEAWEEDFS_FULLNAME |
||||
|
value: "{{ template "seaweedfs.name" . }}" |
||||
|
command: |
||||
|
- "/bin/sh" |
||||
|
- "-ec" |
||||
|
- | |
||||
|
exec /usr/bin/weed -logdir=/logs \ |
||||
|
{{- if .Values.volume.loggingOverrideLevel }} |
||||
|
-v={{ .Values.volume.loggingOverrideLevel }} \ |
||||
|
{{- else }} |
||||
|
-v={{ .Values.global.loggingLevel }} \ |
||||
|
{{- end }} |
||||
|
volume \ |
||||
|
-port={{ .Values.volume.port }} \ |
||||
|
-dir={{ .Values.volume.dir }} \ |
||||
|
-max={{ .Values.volume.maxVolumes }} \ |
||||
|
{{- if .Values.volume.rack }} |
||||
|
-rack={{ .Values.volume.rack }} \ |
||||
|
{{- end }} |
||||
|
{{- if .Values.volume.dataCenter }} |
||||
|
-dataCenter={{ .Values.volume.dataCenter }} \ |
||||
|
{{- end }} |
||||
|
-ip.bind={{ .Values.volume.ipBind }} \ |
||||
|
-read.redirect={{ .Values.volume.readRedirect }} \ |
||||
|
{{- if .Values.volume.whiteList }} |
||||
|
-whiteList={{ .Values.volume.whiteList }} \ |
||||
|
{{- end }} |
||||
|
{{- if .Values.volume.imagesFixOrientation }} |
||||
|
-images.fix.orientation \ |
||||
|
{{- end }} |
||||
|
-ip=${POD_NAME}.${SEAWEEDFS_FULLNAME}-volume \ |
||||
|
-compactionMBps={{ .Values.volume.compactionMBps }} \ |
||||
|
-mserver={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} |
||||
|
volumeMounts: |
||||
|
- name: seaweedfs-volume-storage |
||||
|
mountPath: "/data/" |
||||
|
- name: seaweedfs-volume-log-volume |
||||
|
mountPath: "/logs/" |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
readOnly: true |
||||
|
mountPath: /etc/seaweedfs/security.toml |
||||
|
subPath: security.toml |
||||
|
- name: ca-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/ca/ |
||||
|
- name: master-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/master/ |
||||
|
- name: volume-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/volume/ |
||||
|
- name: filer-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/filer/ |
||||
|
- name: client-cert |
||||
|
readOnly: true |
||||
|
mountPath: /usr/local/share/ca-certificates/client/ |
||||
|
{{- end }} |
||||
|
{{ tpl .Values.volume.extraVolumeMounts . | nindent 12 | trim }} |
||||
|
ports: |
||||
|
- containerPort: {{ .Values.volume.port }} |
||||
|
name: swfs-vol |
||||
|
- containerPort: {{ .Values.volume.grpcPort }} |
||||
|
#name: swfs-vol-grpc |
||||
|
readinessProbe: |
||||
|
httpGet: |
||||
|
path: /status |
||||
|
port: {{ .Values.volume.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 5 |
||||
|
periodSeconds: 15 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 100 |
||||
|
livenessProbe: |
||||
|
httpGet: |
||||
|
path: /status |
||||
|
port: {{ .Values.volume.port }} |
||||
|
scheme: HTTP |
||||
|
initialDelaySeconds: 20 |
||||
|
periodSeconds: 30 |
||||
|
successThreshold: 1 |
||||
|
failureThreshold: 10 |
||||
|
{{- if .Values.volume.resources }} |
||||
|
resources: |
||||
|
{{ tpl .Values.volume.resources . | nindent 12 | trim }} |
||||
|
{{- end }} |
||||
|
volumes: |
||||
|
- name: seaweedfs-volume-log-volume |
||||
|
hostPath: |
||||
|
path: /storage/logs/seaweedfs/volume |
||||
|
type: DirectoryOrCreate |
||||
|
- name: seaweedfs-volume-storage |
||||
|
hostPath: |
||||
|
path: /storage/object_store/ |
||||
|
type: DirectoryOrCreate |
||||
|
{{- if .Values.global.enableSecurity }} |
||||
|
- name: security-config |
||||
|
configMap: |
||||
|
name: {{ template "seaweedfs.name" . }}-security-config |
||||
|
- name: ca-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-ca-cert |
||||
|
- name: master-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-master-cert |
||||
|
- name: volume-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-volume-cert |
||||
|
- name: filer-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-filer-cert |
||||
|
- name: client-cert |
||||
|
secret: |
||||
|
secretName: {{ template "seaweedfs.name" . }}-client-cert |
||||
|
{{- end }} |
||||
|
{{- if .Values.volume.extraVolumes }} |
||||
|
{{ tpl .Values.volume.extraVolumes . | indent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- if .Values.volume.nodeSelector }} |
||||
|
nodeSelector: |
||||
|
{{ tpl .Values.volume.nodeSelector . | indent 8 | trim }} |
||||
|
{{- end }} |
||||
|
{{- end }} |
@ -0,0 +1,314 @@ |
|||||
|
# Available parameters and their default values for the SeaweedFS chart. |
||||
|
|
||||
|
global: |
||||
|
registry: "" |
||||
|
repository: "" |
||||
|
imageName: chrislusf/seaweedfs |
||||
|
imageTag: "1.58" |
||||
|
imagePullPolicy: IfNotPresent |
||||
|
imagePullSecrets: imagepullsecret |
||||
|
restartPolicy: Always |
||||
|
loggingLevel: 1 |
||||
|
enableSecurity: false |
||||
|
monitoring: |
||||
|
enabled: false |
||||
|
gatewayHost: null |
||||
|
gatewayPort: null |
||||
|
|
||||
|
image: |
||||
|
registry: "" |
||||
|
repository: "" |
||||
|
|
||||
|
master: |
||||
|
enabled: true |
||||
|
repository: null |
||||
|
imageName: null |
||||
|
imageTag: null |
||||
|
imageOverride: null |
||||
|
restartPolicy: null |
||||
|
replicas: 1 |
||||
|
port: 9333 |
||||
|
grpcPort: 19333 |
||||
|
ipBind: "0.0.0.0" |
||||
|
volumePreallocate: false |
||||
|
volumeSizeLimitMB: 30000 |
||||
|
loggingOverrideLevel: null |
||||
|
|
||||
|
# Disable http request, only gRpc operations are allowed |
||||
|
disableHttp: false |
||||
|
|
||||
|
extraVolumes: "" |
||||
|
extraVolumeMounts: "" |
||||
|
|
||||
|
# storage and storageClass are the settings for configuring stateful |
||||
|
# storage for the master pods. storage should be set to the disk size of |
||||
|
# the attached volume. storageClass is the class of storage which defaults |
||||
|
# to null (the Kube cluster will pick the default). |
||||
|
storage: 25Gi |
||||
|
storageClass: null |
||||
|
|
||||
|
# Resource requests, limits, etc. for the master cluster placement. This |
||||
|
# should map directly to the value of the resources field for a PodSpec, |
||||
|
# formatted as a multi-line string. By default no direct resource request |
||||
|
# is made. |
||||
|
resources: null |
||||
|
|
||||
|
# updatePartition is used to control a careful rolling update of SeaweedFS |
||||
|
# masters. |
||||
|
updatePartition: 0 |
||||
|
|
||||
|
# Affinity Settings |
||||
|
# Commenting out or setting as empty the affinity variable, will allow |
||||
|
# deployment to single node services such as Minikube |
||||
|
affinity: | |
||||
|
podAntiAffinity: |
||||
|
requiredDuringSchedulingIgnoredDuringExecution: |
||||
|
- labelSelector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
release: "{{ .Release.Name }}" |
||||
|
component: master |
||||
|
topologyKey: kubernetes.io/hostname |
||||
|
|
||||
|
# Toleration Settings for master pods |
||||
|
# This should be a multi-line string matching the Toleration array |
||||
|
# in a PodSpec. |
||||
|
tolerations: "" |
||||
|
|
||||
|
# nodeSelector labels for master pod assignment, formatted as a muli-line string. |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
||||
|
# Example: |
||||
|
# nodeSelector: | |
||||
|
# beta.kubernetes.io/arch: amd64 |
||||
|
nodeSelector: | |
||||
|
sw-backend: "true" |
||||
|
|
||||
|
# used to assign priority to master pods |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
||||
|
priorityClassName: "" |
||||
|
|
||||
|
|
||||
|
volume: |
||||
|
enabled: true |
||||
|
repository: null |
||||
|
imageName: null |
||||
|
imageTag: null |
||||
|
imageOverride: null |
||||
|
restartPolicy: null |
||||
|
port: 8080 |
||||
|
grpcPort: 18080 |
||||
|
ipBind: "0.0.0.0" |
||||
|
replicas: 1 |
||||
|
loggingOverrideLevel: null |
||||
|
|
||||
|
# limit background compaction or copying speed in mega bytes per second |
||||
|
compactionMBps: "40" |
||||
|
|
||||
|
# Directories to store data files. dir[,dir]... (default "/tmp") |
||||
|
dir: "/data" |
||||
|
|
||||
|
# Maximum numbers of volumes, count[,count]... (default "7") |
||||
|
maxVolumes: "10000" |
||||
|
|
||||
|
# Volume server's rack name |
||||
|
rack: null |
||||
|
|
||||
|
# Volume server's data center name |
||||
|
dataCenter: null |
||||
|
|
||||
|
# Redirect moved or non-local volumes. (default true) |
||||
|
readRedirect: true |
||||
|
|
||||
|
# Comma separated Ip addresses having write permission. No limit if empty. |
||||
|
whiteList: null |
||||
|
|
||||
|
# Adjust jpg orientation when uploading. |
||||
|
imagesFixOrientation: false |
||||
|
|
||||
|
extraVolumes: "" |
||||
|
extraVolumeMounts: "" |
||||
|
|
||||
|
# Affinity Settings |
||||
|
# Commenting out or setting as empty the affinity variable, will allow |
||||
|
# deployment to single node services such as Minikube |
||||
|
affinity: | |
||||
|
podAntiAffinity: |
||||
|
requiredDuringSchedulingIgnoredDuringExecution: |
||||
|
- labelSelector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
release: "{{ .Release.Name }}" |
||||
|
component: volume |
||||
|
topologyKey: kubernetes.io/hostname |
||||
|
|
||||
|
# Resource requests, limits, etc. for the server cluster placement. This |
||||
|
# should map directly to the value of the resources field for a PodSpec, |
||||
|
# formatted as a multi-line string. By default no direct resource request |
||||
|
# is made. |
||||
|
resources: null |
||||
|
|
||||
|
# Toleration Settings for server pods |
||||
|
# This should be a multi-line string matching the Toleration array |
||||
|
# in a PodSpec. |
||||
|
tolerations: "" |
||||
|
|
||||
|
# nodeSelector labels for server pod assignment, formatted as a muli-line string. |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
||||
|
# Example: |
||||
|
# nodeSelector: | |
||||
|
# beta.kubernetes.io/arch: amd64 |
||||
|
nodeSelector: | |
||||
|
sw-volume: "true" |
||||
|
|
||||
|
# used to assign priority to server pods |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
||||
|
priorityClassName: "" |
||||
|
|
||||
|
|
||||
|
filer: |
||||
|
enabled: true |
||||
|
repository: null |
||||
|
imageName: null |
||||
|
imageTag: null |
||||
|
imageOverride: null |
||||
|
restartPolicy: null |
||||
|
replicas: 1 |
||||
|
port: 8888 |
||||
|
grpcPort: 18888 |
||||
|
loggingOverrideLevel: null |
||||
|
|
||||
|
# Whether proxy or redirect to volume server during file GET request |
||||
|
redirectOnRead: false |
||||
|
|
||||
|
# Limit sub dir listing size (default 100000) |
||||
|
dirListLimit: 100000 |
||||
|
|
||||
|
# Turn off directory listing |
||||
|
disableDirListing: false |
||||
|
|
||||
|
# Disable http request, only gRpc operations are allowed |
||||
|
disableHttp: false |
||||
|
|
||||
|
# storage and storageClass are the settings for configuring stateful |
||||
|
# storage for the master pods. storage should be set to the disk size of |
||||
|
# the attached volume. storageClass is the class of storage which defaults |
||||
|
# to null (the Kube cluster will pick the default). |
||||
|
storage: 25Gi |
||||
|
storageClass: null |
||||
|
|
||||
|
extraVolumes: "" |
||||
|
extraVolumeMounts: "" |
||||
|
|
||||
|
# Affinity Settings |
||||
|
# Commenting out or setting as empty the affinity variable, will allow |
||||
|
# deployment to single node services such as Minikube |
||||
|
affinity: | |
||||
|
podAntiAffinity: |
||||
|
requiredDuringSchedulingIgnoredDuringExecution: |
||||
|
- labelSelector: |
||||
|
matchLabels: |
||||
|
app: {{ template "seaweedfs.name" . }} |
||||
|
release: "{{ .Release.Name }}" |
||||
|
component: filer |
||||
|
topologyKey: kubernetes.io/hostname |
||||
|
|
||||
|
# updatePartition is used to control a careful rolling update of SeaweedFS |
||||
|
# masters. |
||||
|
updatePartition: 0 |
||||
|
|
||||
|
# Resource requests, limits, etc. for the server cluster placement. This |
||||
|
# should map directly to the value of the resources field for a PodSpec, |
||||
|
# formatted as a multi-line string. By default no direct resource request |
||||
|
# is made. |
||||
|
resources: null |
||||
|
|
||||
|
# Toleration Settings for server pods |
||||
|
# This should be a multi-line string matching the Toleration array |
||||
|
# in a PodSpec. |
||||
|
tolerations: "" |
||||
|
|
||||
|
# nodeSelector labels for server pod assignment, formatted as a muli-line string. |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
||||
|
# Example: |
||||
|
# nodeSelector: | |
||||
|
# beta.kubernetes.io/arch: amd64 |
||||
|
nodeSelector: | |
||||
|
sw-backend: "true" |
||||
|
|
||||
|
# used to assign priority to server pods |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
||||
|
priorityClassName: "" |
||||
|
|
||||
|
dbSchema: |
||||
|
imageName: db-schema |
||||
|
imageTag: "development" |
||||
|
imageOverride: "" |
||||
|
|
||||
|
# extraEnvVars is a list of extra enviroment variables to set with the stateful set. |
||||
|
extraEnvironmentVars: |
||||
|
WEED_MYSQL_ENABLED: "true" |
||||
|
WEED_MYSQL_HOSTNAME: "mysql-db-host" |
||||
|
WEED_MYSQL_PORT: "3306" |
||||
|
WEED_MYSQL_DATABASE: "sw-database" |
||||
|
WEED_MYSQL_CONNECTION_MAX_IDLE: "10" |
||||
|
WEED_MYSQL_CONNECTION_MAX_OPEN: "150" |
||||
|
# enable usage of memsql as filer backend |
||||
|
WEED_MYSQL_INTERPOLATEPARAMS: "true" |
||||
|
WEED_LEVELDB2_ENABLED: "false" |
||||
|
# with http DELETE, by default the filer would check whether a folder is empty. |
||||
|
# recursive_delete will delete all sub folders and files, similar to "rm -Rf" |
||||
|
WEED_FILER_OPTIONS_RECURSIVE_DELETE: "false" |
||||
|
# directories under this folder will be automatically creating a separate bucket |
||||
|
WEED_FILER_BUCKETS_FOLDER: "/buckets" |
||||
|
# directories under this folder will be store message queue data |
||||
|
WEED_FILER_QUEUES_FOLDER: "/queues" |
||||
|
|
||||
|
s3: |
||||
|
enabled: true |
||||
|
repository: null |
||||
|
imageName: null |
||||
|
imageTag: null |
||||
|
restartPolicy: null |
||||
|
replicas: 1 |
||||
|
port: 8333 |
||||
|
loggingOverrideLevel: null |
||||
|
|
||||
|
# Folder on filer to store all buckets (default "/buckets") |
||||
|
filerDirBuckets: "/buckets" |
||||
|
|
||||
|
# Suffix of the host name, {bucket}.{domainName} |
||||
|
domainName: "" |
||||
|
|
||||
|
extraVolumes: "" |
||||
|
extraVolumeMounts: "" |
||||
|
|
||||
|
# Resource requests, limits, etc. for the server cluster placement. This |
||||
|
# should map directly to the value of the resources field for a PodSpec, |
||||
|
# formatted as a multi-line string. By default no direct resource request |
||||
|
# is made. |
||||
|
resources: null |
||||
|
|
||||
|
# Toleration Settings for server pods |
||||
|
# This should be a multi-line string matching the Toleration array |
||||
|
# in a PodSpec. |
||||
|
tolerations: "" |
||||
|
|
||||
|
# nodeSelector labels for server pod assignment, formatted as a muli-line string. |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector |
||||
|
# Example: |
||||
|
# nodeSelector: | |
||||
|
# beta.kubernetes.io/arch: amd64 |
||||
|
nodeSelector: | |
||||
|
sw-backend: "true" |
||||
|
|
||||
|
# used to assign priority to server pods |
||||
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ |
||||
|
priorityClassName: "" |
||||
|
|
||||
|
certificates: |
||||
|
commonName: "SeaweedFS CA" |
||||
|
ipAddresses: [] |
||||
|
keyAlgorithm: rsa |
||||
|
keySize: 2048 |
||||
|
duration: 2160h # 90d |
||||
|
renewBefore: 360h # 15d |
Write
Preview
Loading…
Cancel
Save
Reference in new issue