Refactor Helm chart to use dynamic names for resources (#8142)

* Refactor Helm chart to use dynamic names for resources * ensure name length
1 day ago · c9c91ba568
56 changed files with 252 additions and 215 deletions
--- a/k8s/charts/seaweedfs/README.md
+++ b/k8s/charts/seaweedfs/README.md
@ -24,7 +24,7 @@ helm install --values=values.yaml seaweedfs seaweedfs/seaweedfs
 * master/filer/volume are stateful sets with anti-affinity on the hostname,
 so your deployment will be spread/HA.
 * chart is using memsql(mysql) as the filer backend to enable HA (multiple filer instances) and backup/HA memsql can provide.
-* mysql user/password are created in a k8s secret (secret-seaweedfs-db.yaml) and injected to the filer with ENV.
+* mysql user/password are created in a k8s secret (default: `<release>-seaweedfs-db-secret`) and injected to the filer with ENV.
 * cert config exists and can be enabled, but not been tested, requires cert-manager to be installed.

 ## Prerequisites
@ -35,7 +35,9 @@ leveldb is the default database, this supports multiple filer replicas that will
 When the [limitations](https://github.com/seaweedfs/seaweedfs/wiki/Filer-Store-Replication#limitation) apply, or for a large number of filer replicas, an external datastore is recommended.

 Such as MySQL-compatible database, as specified in the `values.yaml` at `filer.extraEnvironmentVars`.
-This database should be pre-configured and initialized by running:
+This database should be pre-configured and initialized. If using the default `db-init-config`, the configmap name is now dynamic (e.g., `<release>-seaweedfs-db-init-config`). You can override this name via `filer.dbInitConfigName`.
+
+To initialize manually:
 ```sql
 CREATE TABLE IF NOT EXISTS `filemeta` (
  `dirhash`   BIGINT NOT NULL       COMMENT 'first 64 bits of MD5 hash value of directory field',
--- a/k8s/charts/seaweedfs/templates/admin/admin-ingress.yaml
+++ b/k8s/charts/seaweedfs/templates/admin/admin-ingress.yaml
@ -8,7 +8,7 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: ingress-{{ template "seaweedfs.name" . }}-admin
+  name: ingress-{{ include "seaweedfs.fullname" . }}-admin
  namespace: {{ .Release.Namespace }}
  annotations:
  {{- if and (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) .Values.admin.ingress.className }}
@ -42,11 +42,11 @@ spec:
        backend:
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
          service:
-            name: {{ template "seaweedfs.name" . }}-admin
+            name: {{ include "seaweedfs.fullname" . }}-admin
            port:
              number: {{ .Values.admin.port }}
 {{- else }}
-          serviceName: {{ template "seaweedfs.name" . }}-admin
+          serviceName: {{ include "seaweedfs.fullname" . }}-admin
          servicePort: {{ .Values.admin.port }}
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/admin/admin-secret.yaml
+++ b/k8s/charts/seaweedfs/templates/admin/admin-secret.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: {{ template "seaweedfs.name" . }}-admin-secret
+  name: {{ include "seaweedfs.fullname" . }}-admin-secret
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/resource-policy": keep
--- a/k8s/charts/seaweedfs/templates/admin/admin-service.yaml
+++ b/k8s/charts/seaweedfs/templates/admin/admin-service.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-admin
+  name: {{ printf "%s-admin" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
--- a/k8s/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml
@ -3,7 +3,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-admin
+  name: {{ include "seaweedfs.fullname" . }}-admin
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -26,6 +26,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: admin
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/admin/admin-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/admin/admin-statefulset.yaml
@ -8,7 +8,7 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: {{ template "seaweedfs.name" . }}-admin
+  name: {{ include "seaweedfs.fullname" . }}-admin
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -21,7 +21,7 @@ metadata:
    {{- toYaml .Values.admin.annotations | nindent 4 }}
 {{- end }}
 spec:
-  serviceName: {{ template "seaweedfs.name" . }}-admin
+  serviceName: {{ include "seaweedfs.fullname" . }}-admin
  podManagementPolicy: {{ .Values.admin.podManagementPolicy }}
  replicas: {{ .Values.admin.replicas }}
  selector:
@ -90,7 +90,7 @@ spec:
          {{- if and .Values.admin.secret.existingSecret (not .Values.admin.secret.pwKey) -}}
          {{-   fail "admin.secret.pwKey must be set when admin.secret.existingSecret is provided" -}}
          {{- end -}}
-          {{- $adminSecretName := .Values.admin.secret.existingSecret | default (printf "%s-admin-secret" (include "seaweedfs.name" .)) }}
+          {{- $adminSecretName := .Values.admin.secret.existingSecret | default (printf "%s-admin-secret" (include "seaweedfs.fullname" .)) }}
          env:
            {{- if $adminAuthEnabled }}
            - name: SEAWEEDFS_ADMIN_USER
@ -117,7 +117,7 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.admin.extraEnvironmentVars }}
            {{- range $key, $value := .Values.admin.extraEnvironmentVars }}
            - name: {{ $key }}
@ -284,25 +284,25 @@ spec:
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        - name: admin-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-admin-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-admin-cert
        {{- end }}
        {{ tpl .Values.admin.extraVolumes . | indent 8 | trim }}
      {{- if .Values.admin.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-deployment.yaml
@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "seaweedfs.name" . }}-all-in-one
+  name: {{ include "seaweedfs.fullname" . }}-all-in-one
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -98,7 +98,7 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.allInOne.extraEnvironmentVars }}
            {{- range $key, $value := .Values.allInOne.extraEnvironmentVars }}
            {{- if and (ne $key $clusterMasterKey) (ne $key $clusterFilerKey) }}
@ -421,7 +421,7 @@ spec:
            type: DirectoryOrCreate
          {{- else if eq .Values.allInOne.data.type "persistentVolumeClaim" }}
          persistentVolumeClaim:
-            claimName: {{ template "seaweedfs.name" . }}-all-in-one-data
+            claimName: {{ include "seaweedfs.fullname" . }}-all-in-one-data
          {{- else if eq .Values.allInOne.data.type "existingClaim" }}
          persistentVolumeClaim:
            claimName: {{ .Values.allInOne.data.claimName }}
@ -432,47 +432,47 @@ spec:
        - name: config-s3-users
          secret:
            defaultMode: 420
-            secretName: {{ default (printf "%s-s3-secret" (include "seaweedfs.name" .)) (or .Values.allInOne.s3.existingConfigSecret .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret) }}
+            secretName: {{ default (printf "%s-s3-secret" (include "seaweedfs.fullname" .)) (or .Values.allInOne.s3.existingConfigSecret .Values.s3.existingConfigSecret .Values.filer.s3.existingConfigSecret) }}
        {{- end }}
        {{- if .Values.allInOne.sftp.enabled }}
        - name: config-ssh
          secret:
            defaultMode: 420
-            secretName: {{ default (printf "%s-sftp-ssh-secret" (include "seaweedfs.name" .)) (or .Values.allInOne.sftp.existingSshConfigSecret .Values.sftp.existingSshConfigSecret) }}
+            secretName: {{ default (printf "%s-sftp-ssh-secret" (include "seaweedfs.fullname" .)) (or .Values.allInOne.sftp.existingSshConfigSecret .Values.sftp.existingSshConfigSecret) }}
        {{- if or .Values.allInOne.sftp.enableAuth .Values.sftp.enableAuth }}
        - name: config-users
          secret:
            defaultMode: 420
-            secretName: {{ default (printf "%s-sftp-secret" (include "seaweedfs.name" .)) (or .Values.allInOne.sftp.existingConfigSecret .Values.sftp.existingConfigSecret) }}
+            secretName: {{ default (printf "%s-sftp-secret" (include "seaweedfs.fullname" .)) (or .Values.allInOne.sftp.existingConfigSecret .Values.sftp.existingConfigSecret) }}
        {{- end }}
        {{- end }}
        {{- if .Values.filer.notificationConfig }}
        - name: notification-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-notification-config
+            name: {{ include "seaweedfs.fullname" . }}-notification-config
        {{- end }}
        - name: master-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-master-config
+            name: {{ include "seaweedfs.fullname" . }}-master-config
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        {{- end }}
        {{ tpl .Values.allInOne.extraVolumes . | nindent 8 }}
      {{- if .Values.allInOne.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-pvc.yaml
+++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-pvc.yaml
@ -3,7 +3,7 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{ template "seaweedfs.name" . }}-all-in-one-data
+  name: {{ include "seaweedfs.fullname" . }}-all-in-one-data
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
--- a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-service.yml
+++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-service.yml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-all-in-one
+  name: {{ printf "%s-all-in-one" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -81,5 +81,6 @@ spec:
  
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: seaweedfs-all-in-one
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/all-in-one/all-in-one-servicemonitor.yaml
@ -3,7 +3,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-all-in-one
+  name: {{ include "seaweedfs.fullname" . }}-all-in-one
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -24,6 +24,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: seaweedfs-all-in-one
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/cert/admin-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/admin-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-admin-cert
+  name: {{ include "seaweedfs.fullname" . }}-admin-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,19 +15,19 @@ metadata:
    {{- toYaml .Values.admin.annotations | nindent 4 }}
  {{- end }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-admin-cert
+  secretName: {{ include "seaweedfs.fullname" . }}-admin-cert
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-ca-issuer
+    name: {{ include "seaweedfs.fullname" . }}-ca-issuer
    kind: Issuer
  commonName: {{ .Values.certificates.commonName }}
  subject:
    organizations:
    - "SeaweedFS CA"
  dnsNames:
-    - '*.{{ template "seaweedfs.name" . }}-admin'
-    - '*.{{ template "seaweedfs.name" . }}-admin.{{ .Release.Namespace }}'
-    - '*.{{ template "seaweedfs.name" . }}-admin.{{ .Release.Namespace }}.svc'
-    - '*.{{ template "seaweedfs.name" . }}-admin.{{ .Release.Namespace }}.svc.cluster.local'
+    - '*.{{ include "seaweedfs.fullname" . }}-admin'
+    - '*.{{ include "seaweedfs.fullname" . }}-admin.{{ .Release.Namespace }}'
+    - '*.{{ include "seaweedfs.fullname" . }}-admin.{{ .Release.Namespace }}.svc'
+    - '*.{{ include "seaweedfs.fullname" . }}-admin.{{ .Release.Namespace }}.svc.cluster.local'
 {{- if .Values.certificates.ipAddresses }}
  ipAddresses:
    {{- range .Values.certificates.ipAddresses }}
--- a/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/ca-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-ca-cert
+  name: {{ include "seaweedfs.fullname" . }}-ca-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -10,8 +10,8 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-ca-cert
-  commonName: "{{ template "seaweedfs.name" . }}-root-ca"
+  secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
+  commonName: "{{ include "seaweedfs.fullname" . }}-root-ca"
  isCA: true
  {{- if .Values.certificates.ca.duration }}
  duration: {{ .Values.certificates.ca.duration }}
@ -20,6 +20,6 @@ spec:
  renewBefore: {{ .Values.certificates.ca.renewBefore }}
  {{- end }}
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-issuer
+    name: {{ include "seaweedfs.fullname" . }}-issuer
    kind: Issuer
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/cert/cert-caissuer.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/cert-caissuer.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Issuer
 metadata:
-  name: {{ template "seaweedfs.name" . }}-ca-issuer
+  name: {{ include "seaweedfs.fullname" . }}-ca-issuer
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -11,5 +11,5 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
  ca:
-    secretName: {{ template "seaweedfs.name" . }}-ca-cert
+    secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/cert/cert-issuer.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/cert-issuer.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Issuer
 metadata:
-  name: {{ template "seaweedfs.name" . }}-issuer
+  name: {{ include "seaweedfs.fullname" . }}-issuer
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
--- a/k8s/charts/seaweedfs/templates/cert/client-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/client-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-client-cert
+  name: {{ include "seaweedfs.fullname" . }}-client-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -10,9 +10,9 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-client-cert
+  secretName: {{ include "seaweedfs.fullname" . }}-client-cert
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-ca-issuer
+    name: {{ include "seaweedfs.fullname" . }}-ca-issuer
    kind: Issuer
  commonName: {{ .Values.certificates.commonName }}
  subject:
@ -22,10 +22,10 @@ spec:
    - '*.{{ .Release.Namespace }}'
    - '*.{{ .Release.Namespace }}.svc'
    - '*.{{ .Release.Namespace }}.svc.cluster.local'
-    - '*.{{ template "seaweedfs.name" . }}-master'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
+    - '*.{{ include "seaweedfs.fullname" . }}-master'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
 {{- if .Values.certificates.ipAddresses }}
  ipAddresses:
    {{- range .Values.certificates.ipAddresses }}
--- a/k8s/charts/seaweedfs/templates/cert/filer-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/filer-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-filer-cert
+  name: {{ include "seaweedfs.fullname" . }}-filer-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,9 +15,9 @@ metadata:
    {{- toYaml .Values.filer.annotations | nindent 4 }}
  {{- end }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-filer-cert
+  secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-ca-issuer
+    name: {{ include "seaweedfs.fullname" . }}-ca-issuer
    kind: Issuer
  commonName: {{ .Values.certificates.commonName }}
  subject:
@ -27,10 +27,10 @@ spec:
    - '*.{{ .Release.Namespace }}'
    - '*.{{ .Release.Namespace }}.svc'
    - '*.{{ .Release.Namespace }}.svc.cluster.local'
-    - '*.{{ template "seaweedfs.name" . }}-master'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
+    - '*.{{ include "seaweedfs.fullname" . }}-master'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
 {{- if .Values.certificates.ipAddresses }}
  ipAddresses:
    {{- range .Values.certificates.ipAddresses }}
--- a/k8s/charts/seaweedfs/templates/cert/master-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/master-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-master-cert
+  name: {{ include "seaweedfs.fullname" . }}-master-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,9 +15,9 @@ metadata:
    {{- toYaml .Values.master.annotations | nindent 4 }}
 {{- end }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-master-cert
+  secretName: {{ include "seaweedfs.fullname" . }}-master-cert
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-ca-issuer
+    name: {{ include "seaweedfs.fullname" . }}-ca-issuer
    kind: Issuer
  commonName: {{ .Values.certificates.commonName }}
  subject:
@ -27,10 +27,10 @@ spec:
    - '*.{{ .Release.Namespace }}'
    - '*.{{ .Release.Namespace }}.svc'
    - '*.{{ .Release.Namespace }}.svc.cluster.local'
-    - '*.{{ template "seaweedfs.name" . }}-master'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
+    - '*.{{ include "seaweedfs.fullname" . }}-master'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
 {{- if .Values.certificates.ipAddresses }}
  ipAddresses:
    {{- range .Values.certificates.ipAddresses }}
--- a/k8s/charts/seaweedfs/templates/cert/volume-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/volume-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-volume-cert
+  name: {{ include "seaweedfs.fullname" . }}-volume-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,9 +15,9 @@ metadata:
    {{- toYaml .Values.volume.annotations | nindent 4 }}
 {{- end }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-volume-cert
+  secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-ca-issuer
+    name: {{ include "seaweedfs.fullname" . }}-ca-issuer
    kind: Issuer
  commonName: {{ .Values.certificates.commonName }}
  subject:
@ -27,10 +27,10 @@ spec:
    - '*.{{ .Release.Namespace }}'
    - '*.{{ .Release.Namespace }}.svc'
    - '*.{{ .Release.Namespace }}.svc.cluster.local'
-    - '*.{{ template "seaweedfs.name" . }}-master'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc'
-    - '*.{{ template "seaweedfs.name" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
+    - '*.{{ include "seaweedfs.fullname" . }}-master'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc'
+    - '*.{{ include "seaweedfs.fullname" . }}-master.{{ .Release.Namespace }}.svc.cluster.local'
 {{- if .Values.certificates.ipAddresses }}
  ipAddresses:
    {{- range .Values.certificates.ipAddresses }}
--- a/k8s/charts/seaweedfs/templates/cert/worker-cert.yaml
+++ b/k8s/charts/seaweedfs/templates/cert/worker-cert.yaml
@ -2,7 +2,7 @@
 apiVersion: cert-manager.io/v1{{ if .Values.global.certificates.alphacrds }}alpha1{{ end }}
 kind: Certificate
 metadata:
-  name: {{ template "seaweedfs.name" . }}-worker-cert
+  name: {{ include "seaweedfs.fullname" . }}-worker-cert
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,19 +15,19 @@ metadata:
    {{- toYaml .Values.worker.annotations | nindent 4 }}
  {{- end }}
 spec:
-  secretName: {{ template "seaweedfs.name" . }}-worker-cert
+  secretName: {{ include "seaweedfs.fullname" . }}-worker-cert
  issuerRef:
-    name: {{ template "seaweedfs.name" . }}-ca-issuer
+    name: {{ include "seaweedfs.fullname" . }}-ca-issuer
    kind: Issuer
  commonName: {{ .Values.certificates.commonName }}
  subject:
    organizations:
    - "SeaweedFS CA"
  dnsNames:
-    - '*.{{ template "seaweedfs.name" . }}-worker'
-    - '*.{{ template "seaweedfs.name" . }}-worker.{{ .Release.Namespace }}'
-    - '*.{{ template "seaweedfs.name" . }}-worker.{{ .Release.Namespace }}.svc'
-    - '*.{{ template "seaweedfs.name" . }}-worker.{{ .Release.Namespace }}.svc.cluster.local'
+    - '*.{{ include "seaweedfs.fullname" . }}-worker'
+    - '*.{{ include "seaweedfs.fullname" . }}-worker.{{ .Release.Namespace }}'
+    - '*.{{ include "seaweedfs.fullname" . }}-worker.{{ .Release.Namespace }}.svc'
+    - '*.{{ include "seaweedfs.fullname" . }}-worker.{{ .Release.Namespace }}.svc.cluster.local'
 {{- if .Values.certificates.ipAddresses }}
  ipAddresses:
    {{- range .Values.certificates.ipAddresses }}
--- a/k8s/charts/seaweedfs/templates/cosi/cosi-cluster-role.yaml
+++ b/k8s/charts/seaweedfs/templates/cosi/cosi-cluster-role.yaml
@ -3,7 +3,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner
+  name: {{ include "seaweedfs.fullname" . }}-objectstorage-provisioner
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -52,7 +52,7 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner
+  name: {{ include "seaweedfs.fullname" . }}-objectstorage-provisioner
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -64,6 +64,6 @@ subjects:
    namespace: {{ .Release.Namespace }}
 roleRef:
  kind: ClusterRole
-  name: {{ .Values.global.serviceAccountName }}-objectstorage-provisioner
+  name: {{ include "seaweedfs.fullname" . }}-objectstorage-provisioner
  apiGroup: rbac.authorization.k8s.io
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/cosi/cosi-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/cosi/cosi-deployment.yaml
@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "seaweedfs.name" . }}-objectstorage-provisioner
+  name: {{ include "seaweedfs.fullname" . }}-objectstorage-provisioner
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -78,16 +78,16 @@ spec:
              {{- else if .Values.s3.ingress.enabled }}
              value: "{{ printf "https://%s" .Values.s3.ingress.host }}"
              {{- else if .Values.s3.enabled }}
-              value: "{{ printf "https://%s-s3.%s.svc" (include "seaweedfs.name" .) .Release.Namespace }}"
+              value: "{{ printf "https://%s-s3.%s.svc" (include "seaweedfs.fullname" .) .Release.Namespace }}"
              {{- else }}
-              value: "{{ printf "https://%s-filer.%s.svc" (include "seaweedfs.name" .) .Release.Namespace }}"
+              value: "{{ printf "https://%s-filer.%s.svc" (include "seaweedfs.fullname" .) .Release.Namespace }}"
              {{- end }}
            {{- with .Values.cosi.region }}
            - name: REGION
              value: "{{ . }}"
            {{- end }}
            - name: SEAWEEDFS_FILER
-              value: "{{ template "seaweedfs.name" . }}-filer:{{ .Values.filer.grpcPort }}"
+              value: "{{ include "seaweedfs.fullname" . }}-filer:{{ .Values.filer.grpcPort }}"
            {{- if .Values.global.enableSecurity }}
            - name: WEED_GRPC_CLIENT_KEY
              value: /usr/local/share/ca-certificates/client/tls.key
@ -185,28 +185,28 @@ spec:
            {{- if .Values.cosi.existingConfigSecret }}
            secretName: {{ .Values.cosi.existingConfigSecret }}
            {{- else }}
-            secretName: seaweedfs-s3-secret
+            secretName: {{ include "seaweedfs.fullname" . }}-s3-secret
            {{- end }}
        {{- end }}
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        {{- end }}
        {{ tpl .Values.cosi.extraVolumes . | indent 8 | trim }}
      {{- if .Values.cosi.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/filer/filer-ingress.yaml
+++ b/k8s/charts/seaweedfs/templates/filer/filer-ingress.yaml
@ -2,7 +2,7 @@
 {{- $filerEnabled := or .Values.filer.enabled .Values.allInOne.enabled }}
 {{- if and $filerEnabled .Values.filer.ingress.enabled }}
 {{- /* Determine service name based on deployment mode */}}
-{{- $serviceName := ternary (printf "%s-all-in-one" (include "seaweedfs.name" .)) (printf "%s-filer" (include "seaweedfs.name" .)) .Values.allInOne.enabled }}
+{{- $serviceName := ternary (printf "%s-all-in-one" (include "seaweedfs.fullname" .)) (printf "%s-filer" (include "seaweedfs.fullname" .)) .Values.allInOne.enabled }}
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
 apiVersion: networking.k8s.io/v1
 {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion }}
@ -12,7 +12,7 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: ingress-{{ template "seaweedfs.name" . }}-filer
+  name: ingress-{{ include "seaweedfs.fullname" . }}-filer
  namespace: {{ .Release.Namespace }}
  {{- with .Values.filer.ingress.annotations }}
  annotations:
--- a/k8s/charts/seaweedfs/templates/filer/filer-service-client.yaml
+++ b/k8s/charts/seaweedfs/templates/filer/filer-service-client.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-filer-client
+  name: {{ printf "%s-filer-client" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -36,5 +36,6 @@ spec:
 {{- end }}
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: filer
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/filer/filer-service.yaml
+++ b/k8s/charts/seaweedfs/templates/filer/filer-service.yaml
@ -4,7 +4,7 @@ kind: Service
 metadata:
  annotations:
    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
-  name: {{ template "seaweedfs.name" . }}-filer
+  name: {{ printf "%s-filer" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -48,5 +48,6 @@ spec:
  {{- end }}
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: filer
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/filer/filer-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/filer/filer-servicemonitor.yaml
@ -4,7 +4,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-filer
+  name: {{ include "seaweedfs.fullname" . }}-filer
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -27,6 +27,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: filer
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/filer/filer-statefulset.yaml
@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: {{ template "seaweedfs.name" . }}-filer
+  name: {{ include "seaweedfs.fullname" . }}-filer
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,7 +15,7 @@ metadata:
    {{- toYaml .Values.filer.annotations | nindent 4 }}
 {{- end }}
 spec:
-  serviceName: {{ template "seaweedfs.name" . }}-filer
+  serviceName: {{ include "seaweedfs.fullname" . }}-filer
  podManagementPolicy: {{ .Values.filer.podManagementPolicy }}
  replicas: {{ .Values.filer.replicas }}
  {{- if (gt (int .Values.filer.updatePartition) 0) }}
@ -70,7 +70,7 @@ spec:
        {{ tpl .Values.filer.tolerations . | nindent 8 | trim }}
      {{- end }}
      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
-      serviceAccountName: {{ .Values.filer.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration
+      serviceAccountName: {{ .Values.filer.serviceAccountName | default (include "seaweedfs.serviceAccountName" .) | quote }} # for deleting statefulset pods after migration
      terminationGracePeriodSeconds: 60
      {{- if .Values.filer.priorityClassName }}
      priorityClassName: {{ .Values.filer.priorityClassName | quote }}
@ -103,17 +103,17 @@ spec:
            - name: WEED_MYSQL_USERNAME
              valueFrom:
                secretKeyRef:
-                  name: secret-seaweedfs-db
+                  name: {{ include "seaweedfs.fullname" . }}-db-secret
                  key: user
                  optional: true
            - name: WEED_MYSQL_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: secret-seaweedfs-db
+                  name: {{ include "seaweedfs.fullname" . }}-db-secret
                  key: password
                  optional: true
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.filer.extraEnvironmentVars }}
            {{- range $key, $value := .Values.filer.extraEnvironmentVars }}
            - name: {{ $key }}
@ -359,7 +359,7 @@ spec:
        {{- end }}
        - name: db-schema-config-volume
          configMap:
-            name: seaweedfs-db-init-config
+            name: {{ default (printf "%s-db-init-config" (include "seaweedfs.fullname" .)) .Values.filer.dbInitConfigName }}
        {{- if and .Values.filer.s3.enabled .Values.filer.s3.enableAuth }}
        - name: config-users
          secret:
@ -367,33 +367,33 @@ spec:
            {{- if .Values.filer.s3.existingConfigSecret }}
            secretName: {{ .Values.filer.s3.existingConfigSecret }}
            {{- else }}
-            secretName: seaweedfs-s3-secret
+            secretName: {{ include "seaweedfs.fullname" . }}-s3-secret
            {{- end }}
        {{- end }}
        {{- if .Values.filer.notificationConfig }}
        - name: notification-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-notification-config
+            name: {{ include "seaweedfs.fullname" . }}-notification-config
        {{- end }}
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        {{- end }}
        {{ tpl .Values.filer.extraVolumes . | indent 8 | trim }}
      {{- if .Values.filer.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/master/master-configmap.yaml
+++ b/k8s/charts/seaweedfs/templates/master/master-configmap.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "seaweedfs.name" . }}-master-config
+  name: {{ include "seaweedfs.fullname" . }}-master-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
--- a/k8s/charts/seaweedfs/templates/master/master-ingress.yaml
+++ b/k8s/charts/seaweedfs/templates/master/master-ingress.yaml
@ -9,7 +9,7 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: ingress-{{ template "seaweedfs.name" . }}-master
+  name: ingress-{{ include "seaweedfs.fullname" . }}-master
  namespace: {{ .Release.Namespace }}
  {{- with .Values.master.ingress.annotations }}
  annotations:
@ -33,12 +33,12 @@ spec:
            backend:
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
              service:
-                name: {{ template "seaweedfs.name" . }}-master
+                name: {{ include "seaweedfs.fullname" . }}-master
                port:
                  number: {{ .Values.master.port }}
                  #name:
 {{- else }}
-              serviceName: {{ template "seaweedfs.name" . }}-master
+              serviceName: {{ include "seaweedfs.fullname" . }}-master
              servicePort: {{ .Values.master.port }}
 {{- end }}
 {{- if .Values.filer.ingress.host }}
--- a/k8s/charts/seaweedfs/templates/master/master-service.yaml
+++ b/k8s/charts/seaweedfs/templates/master/master-service.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-master
+  name: {{ printf "%s-master" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -34,5 +34,6 @@ spec:
  {{- end }}
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: master
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/master/master-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/master/master-servicemonitor.yaml
@ -4,7 +4,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-master
+  name: {{ include "seaweedfs.fullname" . }}-master
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -27,6 +27,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: master
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/master/master-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/master/master-statefulset.yaml
@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: {{ template "seaweedfs.name" . }}-master
+  name: {{ include "seaweedfs.fullname" . }}-master
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -15,7 +15,7 @@ metadata:
    {{- toYaml .Values.master.annotations | nindent 4 }}
 {{- end }}
 spec:
-  serviceName: {{ template "seaweedfs.name" . }}-master
+  serviceName: {{ include "seaweedfs.fullname" . }}-master
  podManagementPolicy: {{ .Values.master.podManagementPolicy }}
  replicas: {{ .Values.master.replicas }}
  {{- if (gt (int .Values.master.updatePartition) 0) }}
@ -70,7 +70,7 @@ spec:
      {{- end }}
      enableServiceLinks: false
      {{- if .Values.global.createClusterRole }}
-      serviceAccountName: {{ .Values.master.serviceAccountName | default .Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration
+      serviceAccountName: {{ .Values.master.serviceAccountName | default (include "seaweedfs.serviceAccountName" .) | quote }} # for deleting statefulset pods after migration
      {{- end }}
      {{- if .Values.master.initContainers }}
      initContainers:
@ -97,7 +97,7 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.master.extraEnvironmentVars }}
            {{- range $key, $value := .Values.master.extraEnvironmentVars }}
            - name: {{ $key }}
@ -297,26 +297,26 @@ spec:
        {{- end }}
        - name: master-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-master-config
+            name: {{ include "seaweedfs.fullname" . }}-master-config
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        {{- end }}
        {{ tpl .Values.master.extraVolumes . | indent 8 | trim }}
      {{- if .Values.master.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-deployment.yaml
@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "seaweedfs.name" . }}-s3
+  name: {{ include "seaweedfs.fullname" . }}-s3
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -89,7 +89,7 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.s3.extraEnvironmentVars }}
            {{- range $key, $value := .Values.s3.extraEnvironmentVars }}
            - name: {{ $key }}
@ -149,7 +149,7 @@ spec:
              {{- if .Values.s3.auditLogConfig }}
              -auditLogConfig=/etc/sw/s3_auditLogConfig.json \
              {{- end }}
-              -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} \
+              -filer={{ include "seaweedfs.fullname" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} \
              {{- range .Values.s3.extraArgs }}
              {{ . }} \
              {{- end }}
@ -238,7 +238,7 @@ spec:
            {{- if .Values.s3.existingConfigSecret }}
            secretName: {{ .Values.s3.existingConfigSecret }}
            {{- else }}
-            secretName: seaweedfs-s3-secret
+            secretName: {{ include "seaweedfs.fullname" . }}-s3-secret
            {{- end }}
        {{- end }}
        {{- if eq .Values.s3.logs.type "hostPath" }}
@ -254,22 +254,22 @@ spec:
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        {{- end }}
        {{ tpl .Values.s3.extraVolumes . | indent 8 | trim }}
      {{- if .Values.s3.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-ingress.yaml
@ -2,7 +2,7 @@
 {{- $s3Enabled := or .Values.s3.enabled (and .Values.filer.s3.enabled (not .Values.allInOne.enabled)) (and .Values.allInOne.enabled .Values.allInOne.s3.enabled) }}
 {{- if and $s3Enabled .Values.s3.ingress.enabled }}
 {{- /* Determine service name based on deployment mode */}}
-{{- $serviceName := ternary (printf "%s-all-in-one" (include "seaweedfs.name" .)) (printf "%s-s3" (include "seaweedfs.name" .)) .Values.allInOne.enabled }}
+{{- $serviceName := ternary (printf "%s-all-in-one" (include "seaweedfs.fullname" .)) (printf "%s-s3" (include "seaweedfs.fullname" .)) .Values.allInOne.enabled }}
 {{- $s3Port := .Values.allInOne.s3.port | default .Values.s3.port }}
 {{- /* Build hosts list - support both legacy .host (string) and new .hosts (array) for backwards compatibility */}}
 {{- $hosts := list }}
@ -20,7 +20,7 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: ingress-{{ template "seaweedfs.name" . }}-s3
+  name: ingress-{{ include "seaweedfs.fullname" . }}-s3
  namespace: {{ .Release.Namespace }}
  {{- with .Values.s3.ingress.annotations }}
  annotations:
--- a/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-secret.yaml
@ -1,13 +1,19 @@
 {{- if or (and (or .Values.s3.enabled .Values.allInOne.enabled) .Values.s3.enableAuth (not .Values.s3.existingConfigSecret)) (and .Values.filer.s3.enabled .Values.filer.s3.enableAuth (not .Values.filer.s3.existingConfigSecret)) }}
-{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_access_key_id" "length" 20) -}}
-{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "admin_secret_access_key" "length" 40) -}}
-{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_access_key_id" "length" 20) -}}
-{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-s3-secret" "key" "read_secret_access_key" "length" 40) -}}
+{{- $secretName := printf "%s-s3-secret" (include "seaweedfs.fullname" .) }}
+{{- $existingSecret := lookup "v1" "Secret" .Release.Namespace (default $secretName .Values.s3.legacySecretName) }}
+{{- $reuse := false }}
+{{- if and .Values.s3.reuseLegacySecret $existingSecret }}
+{{- $reuse = true }}
+{{- end }}
+{{- $access_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
+{{- $secret_key_admin := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
+{{- $access_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_access_key_id" "length" 20 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
+{{- $secret_key_read := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "read_secret_access_key" "length" 40 "existingSecret" (ternary $existingSecret nil $reuse)) -}}
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: seaweedfs-s3-secret
+  name: {{ $secretName }}
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/resource-policy": keep
--- a/k8s/charts/seaweedfs/templates/s3/s3-service.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-service.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-s3
+  name: {{ printf "%s-s3" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -34,5 +34,6 @@ spec:
 {{- end }}
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: {{ if .Values.s3.enabled }}s3{{ else }}filer{{ end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/s3/s3-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/s3/s3-servicemonitor.yaml
@ -4,7 +4,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-s3
+  name: {{ include "seaweedfs.fullname" . }}-s3
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -27,6 +27,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: s3
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/sftp/sftp-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/sftp/sftp-deployment.yaml
@ -2,7 +2,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "seaweedfs.name" . }}-sftp
+  name: {{ include "seaweedfs.fullname" . }}-sftp
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -89,7 +89,7 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.sftp.extraEnvironmentVars }}
            {{- range $key, $value := .Values.sftp.extraEnvironmentVars }}
            - name: {{ $key }}
@ -171,7 +171,7 @@ spec:
              -key.file=/usr/local/share/ca-certificates/client/tls.key \
              {{- end }}
              -userStoreFile=/etc/sw/seaweedfs_sftp_config \
-              -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }}
+              -filer={{ include "seaweedfs.fullname" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }}
          volumeMounts:
            {{- if or (eq .Values.sftp.logs.type "hostPath") (eq .Values.sftp.logs.type "emptyDir") }}
            - name: logs
@ -252,7 +252,7 @@ spec:
            {{- if .Values.sftp.existingConfigSecret }}
            secretName: {{ .Values.sftp.existingConfigSecret }}
            {{- else }}
-            secretName: seaweedfs-sftp-secret
+            secretName: {{ include "seaweedfs.fullname" . }}-sftp-secret
            {{- end }}
        {{- end }}
        - name: config-ssh
@ -261,7 +261,7 @@ spec:
            {{- if .Values.sftp.existingSshConfigSecret }}
            secretName: {{ .Values.sftp.existingSshConfigSecret }}
            {{- else }}
-            secretName: seaweedfs-sftp-ssh-secret
+            secretName: {{ include "seaweedfs.fullname" . }}-sftp-ssh-secret
            {{- end }}
        {{- if eq .Values.sftp.logs.type "hostPath" }}
        - name: logs
@ -276,22 +276,22 @@ spec:
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        {{- end }}
        {{ tpl .Values.sftp.extraVolumes . | indent 8 | trim }}
      {{- if .Values.sftp.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/sftp/sftp-secret.yaml
+++ b/k8s/charts/seaweedfs/templates/sftp/sftp-secret.yaml
@ -1,12 +1,13 @@
 {{- if or .Values.sftp.enabled .Values.allInOne.enabled }}
-{{- $admin_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "admin_password" 20) -}}
-{{- $read_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "readonly_password" 20) -}}
-{{- $public_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" "seaweedfs-sftp-secret" "key" "public_user_password" 20) -}}
+{{- $secretName := printf "%s-sftp-secret" (include "seaweedfs.fullname" .) }}
+{{- $admin_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "admin_password" 20) -}}
+{{- $read_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "readonly_password" 20) -}}
+{{- $public_user_pwd := include "getOrGeneratePassword" (dict "namespace" .Release.Namespace "secretName" $secretName "key" "public_user_password" 20) -}}
 apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: seaweedfs-sftp-secret
+  name: {{ $secretName }}
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/resource-policy": keep
--- a/k8s/charts/seaweedfs/templates/sftp/sftp-service.yaml
+++ b/k8s/charts/seaweedfs/templates/sftp/sftp-service.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-sftp
+  name: {{ printf "%s-sftp" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -28,5 +28,6 @@ spec:
 {{- end }}
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: sftp
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/sftp/sftp-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/sftp/sftp-servicemonitor.yaml
@ -4,7 +4,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-sftp
+  name: {{ include "seaweedfs.fullname" . }}-sftp
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -27,6 +27,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: sftp
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/shared/_helpers.tpl
+++ b/k8s/charts/seaweedfs/templates/shared/_helpers.tpl
@ -244,7 +244,7 @@ or generate a new random password if it doesn't exist.
 {{- $key := $params.key -}}
 {{- $length := default 16 $params.length -}}

-{{- $existingSecret := lookup "v1" "Secret" $namespace $secretName -}}
+{{- $existingSecret := default (lookup "v1" "Secret" $namespace $secretName) $params.existingSecret -}}
 {{- if and $existingSecret (index $existingSecret.data $key) -}}
  {{- index $existingSecret.data $key | b64dec -}}
 {{- else -}}
@ -261,7 +261,7 @@ If allInOne is enabled, point to the all-in-one service; otherwise, point to the
 {{- if .Values.allInOne.enabled -}}
 {{-   $serviceNameSuffix = "-all-in-one" -}}
 {{- end -}}
-{{- printf "%s%s.%s:%d" (include "seaweedfs.name" .) $serviceNameSuffix .Release.Namespace (int .Values.master.port) -}}
+{{- printf "%s%s.%s:%d" (include "seaweedfs.fullname" .) $serviceNameSuffix .Release.Namespace (int .Values.master.port) -}}
 {{- end -}}

 {{/*
@ -273,7 +273,7 @@ If allInOne is enabled, point to the all-in-one service; otherwise, point to the
 {{- if .Values.allInOne.enabled -}}
 {{-   $serviceNameSuffix = "-all-in-one" -}}
 {{- end -}}
-{{- printf "%s%s.%s:%d" (include "seaweedfs.name" .) $serviceNameSuffix .Release.Namespace (int .Values.filer.port) -}}
+{{- printf "%s%s.%s:%d" (include "seaweedfs.fullname" .) $serviceNameSuffix .Release.Namespace (int .Values.filer.port) -}}
 {{- end -}}

 {{/*
@ -282,7 +282,7 @@ Usage: {{ include "seaweedfs.masterServers" . }}
 Output example: ${SEAWEEDFS_FULLNAME}-master-0.${SEAWEEDFS_FULLNAME}-master.namespace:9333,${SEAWEEDFS_FULLNAME}-master-1...
 */}}
 {{- define "seaweedfs.masterServers" -}}
-{{- $fullname := include "seaweedfs.name" . -}}
+{{- $fullname := include "seaweedfs.fullname" . -}}
 {{- range $index := until (.Values.master.replicas | int) -}}
 {{- if $index }},{{ end -}}
 ${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}
@ -300,3 +300,10 @@ Usage: {{ include "seaweedfs.masterServerArg" . }}
 {{- include "seaweedfs.masterServers" . -}}
 {{- end -}}
 {{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "seaweedfs.serviceAccountName" -}}
+{{- .Values.global.serviceAccountName | default "seaweedfs" -}}
+{{- end -}}
--- a/k8s/charts/seaweedfs/templates/shared/cluster-role.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/cluster-role.yaml
@ -4,7 +4,7 @@
 kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: {{ .Values.global.serviceAccountName }}-rw-cr
+  name: {{ include "seaweedfs.fullname" . }}-rw-cr
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -18,7 +18,7 @@ rules:
 kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
-  name: system:serviceaccount:{{ .Values.global.serviceAccountName }}:default
+  name: {{ include "seaweedfs.fullname" . }}-rw-crb
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
@ -26,10 +26,10 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
 subjects:
  - kind: ServiceAccount
-    name: {{ .Values.global.serviceAccountName }}
+    name: {{ include "seaweedfs.serviceAccountName" . }}
    namespace: {{ .Release.Namespace }}
 roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
-  name: {{ .Values.global.serviceAccountName }}-rw-cr
+  name: {{ include "seaweedfs.fullname" . }}-rw-cr
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/shared/notification-configmap.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/notification-configmap.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "seaweedfs.name" . }}-notification-config
+  name: {{ include "seaweedfs.fullname" . }}-notification-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
--- a/k8s/charts/seaweedfs/templates/shared/post-install-bucket-hook.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/post-install-bucket-hook.yaml
@ -74,7 +74,7 @@ spec:
              fieldRef:
                fieldPath: metadata.namespace
          - name: SEAWEEDFS_FULLNAME
-            value: "{{ template "seaweedfs.name" . }}"
+            value: "{{ include "seaweedfs.fullname" . }}"
        command:
          - "/bin/sh"
          - "-ec"
@ -145,7 +145,7 @@ spec:
            {{- if $existingConfigSecret }}
            secretName: {{ $existingConfigSecret }}
            {{- else }}
-            secretName: {{ template "seaweedfs.name" . }}-s3-secret
+            secretName: {{ include "seaweedfs.fullname" . }}-s3-secret
            {{- end }}
    {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/shared/seaweedfs-grafana-dashboard.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/seaweedfs-grafana-dashboard.yaml
@ -7,7 +7,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ printf "%s" $dashboardName | lower | replace "_" "-" }}
+  name: {{ include "seaweedfs.fullname" $ }}-{{ printf "%s" $dashboardName | lower | replace "_" "-" }}
  namespace: {{ $.Release.Namespace }}
  labels:
    grafana_dashboard: "1"
--- a/k8s/charts/seaweedfs/templates/shared/secret-seaweedfs-db.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/secret-seaweedfs-db.yaml
@ -3,7 +3,7 @@ apiVersion: v1
 kind: Secret
 type: Opaque
 metadata:
-  name: secret-seaweedfs-db
+  name: {{ include "seaweedfs.fullname" . }}-db-secret
  namespace: {{ .Release.Namespace }}
  annotations:
    "helm.sh/resource-policy": keep
--- a/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/security-configmap.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: {{ template "seaweedfs.name" . }}-security-config
+  name: {{ include "seaweedfs.fullname" . }}-security-config
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -10,7 +10,13 @@ metadata:
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 data:
-  {{- $existing := (lookup "v1" "ConfigMap" .Release.Namespace (printf "%s-security-config" (include "seaweedfs.name" .))) }}
+  {{- $fullname := include "seaweedfs.fullname" . }}
+  {{- $securityConfigName := printf "%s-security-config" $fullname }}
+  {{- $existing := lookup "v1" "ConfigMap" .Release.Namespace $securityConfigName }}
+  {{- if not $existing }}
+  {{- $legacyName := printf "%s-%s" (include "seaweedfs.name" .) "security-config" }}
+  {{- $existing = lookup "v1" "ConfigMap" .Release.Namespace $legacyName }}
+  {{- end }}
  {{- $securityConfig := fromToml (dig "data" "security.toml" "" $existing) }}
  security.toml: |-
    # this file is read by master, volume server, and filer
--- a/k8s/charts/seaweedfs/templates/shared/service-account.yaml
+++ b/k8s/charts/seaweedfs/templates/shared/service-account.yaml
@ -1,7 +1,7 @@
 apiVersion: v1
 kind: ServiceAccount
 metadata:
-  name: {{ .Values.global.serviceAccountName }}
+  name: {{ include "seaweedfs.serviceAccountName" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
--- a/k8s/charts/seaweedfs/templates/volume/volume-ingress.yaml
+++ b/k8s/charts/seaweedfs/templates/volume/volume-ingress.yaml
@ -8,7 +8,7 @@ apiVersion: extensions/v1beta1
 {{- end }}
 kind: Ingress
 metadata:
-  name: ingress-{{ template "seaweedfs.name" . }}-volume
+  name: ingress-{{ include "seaweedfs.fullname" . }}-volume
  namespace: {{ .Release.Namespace }}
  annotations:
  {{- if and (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) .Values.volume.ingress.className }}
@ -42,11 +42,11 @@ spec:
        backend:
 {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion }}
          service:
-            name: {{ template "seaweedfs.name" . }}-volume
+            name: {{ include "seaweedfs.fullname" . }}-volume
            port:
              number: {{ .Values.volume.port }}
 {{- else }}
-          serviceName: {{ template "seaweedfs.name" . }}-volume
+          serviceName: {{ include "seaweedfs.fullname" . }}-volume
          servicePort: {{ .Values.volume.port }}
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/volume/volume-resize-hook.yaml
+++ b/k8s/charts/seaweedfs/templates/volume/volume-resize-hook.yaml
@ -1,4 +1,4 @@
-{{- $seaweedfsName := include "seaweedfs.name" $ }}
+{{- $seaweedfsName := include "seaweedfs.fullname" $ }}
 {{- $volumes := deepCopy .Values.volumes | mergeOverwrite (dict "" .Values.volume)  }}


--- a/k8s/charts/seaweedfs/templates/volume/volume-service.yaml
+++ b/k8s/charts/seaweedfs/templates/volume/volume-service.yaml
@ -8,7 +8,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }}
+  name: {{ printf "%s-%s" (include "seaweedfs.fullname" $) $volumeName | trunc 63 | trimSuffix "-" }}
  namespace: {{ $.Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" $ }}
@ -39,6 +39,7 @@ spec:
 {{- end }}
  selector:
    app.kubernetes.io/name: {{ template "seaweedfs.name" $ }}
+    app.kubernetes.io/instance: {{ $.Release.Name }}
    app.kubernetes.io/component: {{ $volumeName }}
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/volume/volume-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/volume/volume-servicemonitor.yaml
@ -10,7 +10,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }}
+  name: {{ include "seaweedfs.fullname" $ }}-{{ $volumeName }}
  namespace: {{ $.Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" $ }}
@ -33,6 +33,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" $ }}
+      app.kubernetes.io/instance: {{ $.Release.Name }}
      app.kubernetes.io/component: {{ $volumeName }}
 {{- end }}
 {{- end }}
--- a/k8s/charts/seaweedfs/templates/volume/volume-statefulset.yaml
+++ b/k8s/charts/seaweedfs/templates/volume/volume-statefulset.yaml
@ -8,7 +8,7 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: {{ template "seaweedfs.name" $ }}-{{ $volumeName }}
+  name: {{ include "seaweedfs.fullname" $ }}-{{ $volumeName }}
  namespace: {{ $.Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" $ }}
@ -21,7 +21,7 @@ metadata:
    {{- toYaml $volume.annotations | nindent 4 }}
 {{- end }}
 spec:
-  serviceName: {{ template "seaweedfs.name" $ }}-{{ $volumeName }}
+  serviceName: {{ include "seaweedfs.fullname" $ }}-{{ $volumeName }}
  replicas: {{ $volume.replicas }}
  podManagementPolicy: {{ $volume.podManagementPolicy }}
  selector:
@ -70,7 +70,7 @@ spec:
      {{- end }}
      enableServiceLinks: false
      {{- if $.Values.global.createClusterRole }}
-      serviceAccountName: {{ $volume.serviceAccountName | default $.Values.global.serviceAccountName | quote }} # for deleting statefulset pods after migration
+      serviceAccountName: {{ $volume.serviceAccountName | default (include "seaweedfs.serviceAccountName" $) | quote }} # for deleting statefulset pods after migration
      {{- end }}
      {{- $initContainers_exists := include "volume.initContainers_exists" $ -}}
      {{- if $initContainers_exists }}
@ -117,7 +117,7 @@ spec:
                fieldRef:
                  fieldPath: status.hostIP
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" $ }}"
+              value: "{{ include "seaweedfs.fullname" $ }}"
            {{- if $volume.extraEnvironmentVars }}
            {{- range $key, $value := $volume.extraEnvironmentVars }}
            - name: {{ $key }}
@ -343,22 +343,22 @@ spec:
     {{- if $.Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" $ }}-security-config
+            name: {{ include "seaweedfs.fullname" $ }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" $ }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" $ }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" $ }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" $ }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" $ }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" $ }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" $ }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" $ }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" $ }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" $ }}-client-cert
      {{- end }}
      {{- if $volume.extraVolumes }}
        {{ tpl $volume.extraVolumes $ | indent 8 | trim }}
--- a/k8s/charts/seaweedfs/templates/worker/worker-deployment.yaml
+++ b/k8s/charts/seaweedfs/templates/worker/worker-deployment.yaml
@ -5,7 +5,7 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: {{ template "seaweedfs.name" . }}-worker
+  name: {{ include "seaweedfs.fullname" . }}-worker
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -92,7 +92,7 @@ spec:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
-              value: "{{ template "seaweedfs.name" . }}"
+              value: "{{ include "seaweedfs.fullname" . }}"
            {{- if .Values.worker.extraEnvironmentVars }}
            {{- range $key, $value := .Values.worker.extraEnvironmentVars }}
            - name: {{ $key }}
@ -260,25 +260,25 @@ spec:
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
-            name: {{ template "seaweedfs.name" . }}-security-config
+            name: {{ include "seaweedfs.fullname" . }}-security-config
        - name: ca-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-ca-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-ca-cert
        - name: master-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-master-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-master-cert
        - name: volume-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-volume-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-volume-cert
        - name: filer-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-filer-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-filer-cert
        - name: client-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-client-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-client-cert
        - name: worker-cert
          secret:
-            secretName: {{ template "seaweedfs.name" . }}-worker-cert
+            secretName: {{ include "seaweedfs.fullname" . }}-worker-cert
        {{- end }}
        {{ tpl .Values.worker.extraVolumes . | indent 8 | trim }}
      {{- if .Values.worker.nodeSelector }}
--- a/k8s/charts/seaweedfs/templates/worker/worker-service.yaml
+++ b/k8s/charts/seaweedfs/templates/worker/worker-service.yaml
@ -2,7 +2,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ template "seaweedfs.name" . }}-worker
+  name: {{ printf "%s-worker" (include "seaweedfs.fullname" .) | trunc 63 | trimSuffix "-" }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
--- a/k8s/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml
+++ b/k8s/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml
@ -4,7 +4,7 @@
 apiVersion: monitoring.coreos.com/v1
 kind: ServiceMonitor
 metadata:
-  name: {{ template "seaweedfs.name" . }}-worker
+  name: {{ include "seaweedfs.fullname" . }}-worker
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
@ -27,6 +27,7 @@ spec:
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
+      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: worker
 {{- end }}
 {{- end }}