Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-10 20:27:38 +08:00
Code Issues Packages Projects Releases Wiki Activity

New chart: SeaweedFS (#24944)

Browse Source
This commit is contained in:
Juan Ariza Toledano
2024-04-12 14:09:53 +02:00
committed by GitHub
parent 0205a5cb56
commit 51ac5cd2cd
79 changed files with 10298 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
.vib/seaweedfs/cypress/cypress.config.js Normal file
View File

@@ -0,0 +1,17 @@
module.exports = {
defaultCommandTimeout: 60000,
env: {
masterPortHttp: '9333',
masterPortGrpc: '19333',
volumePortHttp: '8080',
volumePortGrpc: '18080',
filerPortHttp: '8888',
filerPortGrpc: '18888',
s3PortHttp: '8333',
s3PortGrpc: '18333',
},
e2e: {
setupNodeEvents(on, config) {},
baseUrl: 'http://localhost',
},
}

13
.vib/seaweedfs/cypress/cypress/e2e/seaweedfs.cy.js Normal file
View File

@@ -0,0 +1,13 @@
/*
* Copyright VMware, Inc.
* SPDX-License-Identifier: APACHE-2.0
*/
/// <reference types="cypress" />
it('allows obtaining cluster status from Master Server', () => {
cy.request('/cluster/status').then((response) => {
expect(response.status).to.eq(200);
expect(response.body).to.have.property('Leader');
});
});

25
.vib/seaweedfs/cypress/cypress/support/e2e.js Normal file
View File

@@ -0,0 +1,25 @@
/*
* Copyright VMware, Inc.
* SPDX-License-Identifier: APACHE-2.0
*/
// ***********************************************************
// This example support/index.js is processed and
// loaded automatically before your test files.
//
// This is a great place to put global configuration and
// behavior that modifies Cypress.
//
// You can change the location of this file or turn off
// automatically serving support files with the
// 'supportFile' configuration option.
//
// You can read more here:
// https://on.cypress.io/configuration
// ***********************************************************
// Import commands.js using ES2015 syntax:
// import './commands';
// Alternatively you can use CommonJS syntax:
// require('./commands')

57
.vib/seaweedfs/ginkgo/go.mod Normal file
View File

@@ -0,0 +1,57 @@
module test-seaweedfs-chart
go 1.20
replace github.com/bitnami/charts/.vib/common-tests/ginkgo-utils => ../../common-tests/ginkgo-utils
require (
github.com/bitnami/charts/.vib/common-tests/ginkgo-utils v0.0.0-00010101000000-000000000000
github.com/onsi/ginkgo/v2 v2.11.0
github.com/onsi/gomega v1.27.8
k8s.io/api v0.28.0
k8s.io/apimachinery v0.28.0
k8s.io/client-go v0.28.0
)
require (
github.com/davecgh/go-spew v1.1.1 // indirect
github.com/emicklei/go-restful/v3 v3.9.0 // indirect
github.com/go-logr/logr v1.2.4 // indirect
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/protobuf v1.5.3 // indirect
github.com/google/gnostic-models v0.6.8 // indirect
github.com/google/go-cmp v0.5.9 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
github.com/google/uuid v1.3.0 // indirect
github.com/imdario/mergo v0.3.6 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
github.com/modern-go/reflect2 v1.0.2 // indirect
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/net v0.17.0 // indirect
golang.org/x/oauth2 v0.8.0 // indirect
golang.org/x/sys v0.13.0 // indirect
golang.org/x/term v0.13.0 // indirect
golang.org/x/text v0.13.0 // indirect
golang.org/x/time v0.3.0 // indirect
golang.org/x/tools v0.9.3 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
k8s.io/klog/v2 v2.100.1 // indirect
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
sigs.k8s.io/yaml v1.3.0 // indirect
)

160
.vib/seaweedfs/ginkgo/go.sum Normal file
View File

@@ -0,0 +1,160 @@
github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
k8s.io/api v0.28.0 h1:3j3VPWmN9tTDI68NETBWlDiA9qOiGJ7sdKeufehBYsM=
k8s.io/api v0.28.0/go.mod h1:0l8NZJzB0i/etuWnIXcwfIv+xnDOhL3lLW919AWYDuY=
k8s.io/apimachinery v0.28.0 h1:ScHS2AG16UlYWk63r46oU3D5y54T53cVI5mMJwwqFNA=
k8s.io/apimachinery v0.28.0/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw=
k8s.io/client-go v0.28.0 h1:ebcPRDZsCjpj62+cMk1eGNX1QkMdRmQ6lmz5BLoFWeM=
k8s.io/client-go v0.28.0/go.mod h1:0Asy9Xt3U98RypWJmU1ZrRAGKhP6NqDPmptlAzK2kMc=
k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

234
.vib/seaweedfs/ginkgo/seaweedfs_suite_test.go Normal file
View File

@@ -0,0 +1,234 @@
package seaweedfs_test
import (
"context"
"errors"
"flag"
"fmt"
"testing"
"time"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
batchv1 "k8s.io/api/batch/v1"
v1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/api/resource"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
const (
kindDownload string = "download"
kindUpload string = "upload"
)
var (
kubeconfig string
releaseName string
namespace string
timeoutSeconds int
timeout time.Duration
)
func init() {
flag.StringVar(&kubeconfig, "kubeconfig", "", "absolute path to the kubeconfig file")
flag.StringVar(&namespace, "namespace", "", "namespace where SeaweedFS is running")
flag.StringVar(&releaseName, "releaseName", "", "SeaweedFS chart release name")
flag.IntVar(&timeoutSeconds, "timeout", 120, "timeout in seconds")
timeout = time.Duration(timeoutSeconds) * time.Second
}
func TestSeaweedFS(t *testing.T) {
RegisterFailHandler(Fail)
RunSpecs(t, "SeaweedFS Persistence Test Suite")
}
func createPVC(ctx context.Context, c kubernetes.Interface, name, size string) error {
storageRequest, err := resource.ParseQuantity(size)
if err != nil {
return err
}
pvc := &v1.PersistentVolumeClaim{
ObjectMeta: metav1.ObjectMeta{
Name: name,
},
Spec: v1.PersistentVolumeClaimSpec{
AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
Resources: v1.ResourceRequirements{
Requests: v1.ResourceList{
v1.ResourceStorage: storageRequest,
},
},
},
}
_, err = c.CoreV1().PersistentVolumeClaims(namespace).Create(ctx, pvc, metav1.CreateOptions{})
return err
}
func createJob(ctx context.Context, c kubernetes.Interface, name, port, image, pvcName, kind string) error {
podSecurityContext := &v1.PodSecurityContext{
FSGroup: &[]int64{1001}[0],
FSGroupChangePolicy: &[]v1.PodFSGroupChangePolicy{v1.FSGroupChangeAlways}[0],
}
containerSecurityContext := &v1.SecurityContext{
Privileged: &[]bool{false}[0],
AllowPrivilegeEscalation: &[]bool{false}[0],
RunAsUser: &[]int64{1001}[0],
RunAsNonRoot: &[]bool{true}[0],
Capabilities: &v1.Capabilities{
Drop: []v1.Capability{"ALL"},
},
SeccompProfile: &v1.SeccompProfile{
Type: "RuntimeDefault",
},
}
args := []string{"-ec"}
switch kind {
case kindDownload:
downloadCmd := `cd /tmp
cat /data/fid | xargs weed download -server ${MASTER_HOST}:${MASTER_PORT}
[ -f .spdx-seaweedfs.spdx ] && echo "successful download"
`
args = append(args, downloadCmd)
case kindUpload:
// Response format: "[{"fileName":"FOO","url":"HOST:PORT/ID","fid":"ID","size":SIZE}]"
uploadCmd := `weed upload -master ${MASTER_HOST}:${MASTER_PORT} .spdx-seaweedfs.spdx | awk -F '","' '{print $3}' | awk -F '":"' '{print $2}' | tee /data/fid`
args = append(args, uploadCmd)
default:
return errors.New("job kind not supported")
}
job := &batchv1.Job{
ObjectMeta: metav1.ObjectMeta{
Name: name,
},
TypeMeta: metav1.TypeMeta{
Kind: "Job",
},
Spec: batchv1.JobSpec{
Template: v1.PodTemplateSpec{
Spec: v1.PodSpec{
RestartPolicy: "Never",
SecurityContext: podSecurityContext,
Containers: []v1.Container{
{
Name: "seaweedfs",
Image: image,
Command: []string{"bash"},
Args: args,
Env: []v1.EnvVar{
{
Name: "MASTER_HOST",
Value: fmt.Sprintf("%s-master", releaseName),
},
{
Name: "MASTER_PORT",
Value: port,
},
},
SecurityContext: containerSecurityContext,
VolumeMounts: []v1.VolumeMount{
{
Name: "data",
MountPath: "/data",
},
{
Name: "security-config",
MountPath: "/etc/seaweedfs/security.toml",
SubPath: "security.toml",
},
{
Name: "ca-cert",
MountPath: "/certs/ca",
},
{
Name: "master-cert",
MountPath: "/certs/master",
},
{
Name: "filer-cert",
MountPath: "/certs/filer",
},
{
Name: "volume-cert",
MountPath: "/certs/volume",
},
{
Name: "client-cert",
MountPath: "/certs/client",
},
},
},
},
Volumes: []v1.Volume{
{
Name: "data",
VolumeSource: v1.VolumeSource{
PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{
ClaimName: pvcName,
},
},
},
{
Name: "security-config",
VolumeSource: v1.VolumeSource{
ConfigMap: &v1.ConfigMapVolumeSource{
LocalObjectReference: v1.LocalObjectReference{
Name: fmt.Sprintf("%s-security", releaseName),
},
},
},
},
{
Name: "ca-cert",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: fmt.Sprintf("%s-ca-crt", releaseName),
},
},
},
{
Name: "master-cert",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: fmt.Sprintf("%s-master-crt", releaseName),
},
},
},
{
Name: "filer-cert",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: fmt.Sprintf("%s-filer-crt", releaseName),
},
},
},
{
Name: "volume-cert",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: fmt.Sprintf("%s-volume-crt", releaseName),
},
},
},
{
Name: "client-cert",
VolumeSource: v1.VolumeSource{
Secret: &v1.SecretVolumeSource{
SecretName: fmt.Sprintf("%s-client-crt", releaseName),
},
},
},
},
},
},
},
}
_, err := c.BatchV1().Jobs(namespace).Create(ctx, job, metav1.CreateOptions{})
return err
}

124
.vib/seaweedfs/ginkgo/seaweedfs_test.go Normal file
View File

@@ -0,0 +1,124 @@
package seaweedfs_test
import (
"context"
"fmt"
"time"
utils "github.com/bitnami/charts/.vib/common-tests/ginkgo-utils"
. "github.com/onsi/ginkgo/v2"
. "github.com/onsi/gomega"
appsv1 "k8s.io/api/apps/v1"
batchv1 "k8s.io/api/batch/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
)
const (
PollingInterval = 1 * time.Second
)
var _ = Describe("SeaweedFS", Ordered, func() {
var c *kubernetes.Clientset
var ctx context.Context
var cancel context.CancelFunc
BeforeEach(func() {
ctx, cancel = context.WithCancel(context.Background())
conf := utils.MustBuildClusterConfig(kubeconfig)
c = kubernetes.NewForConfigOrDie(conf)
})
When("a file is uploaded and SeaweedFS is scaled down to 0 replicas and back up", func() {
It("should have access to the uploaded file", func() {
getAvailableReplicas := func(ss *appsv1.StatefulSet) int32 { return ss.Status.AvailableReplicas }
getSucceededJobs := func(j *batchv1.Job) int32 { return j.Status.Succeeded }
getOpts := metav1.GetOptions{}
By("checking all the replicas are available")
masterStsName := fmt.Sprintf("%s-master", releaseName)
masterSts, err := c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
Expect(err).NotTo(HaveOccurred())
volumeStsName := fmt.Sprintf("%s-volume", releaseName)
volumeSts, err := c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
Expect(err).NotTo(HaveOccurred())
Expect(masterSts.Status.Replicas).NotTo(BeZero())
Expect(volumeSts.Status.Replicas).NotTo(BeZero())
masterOrigReplicas := *masterSts.Spec.Replicas
volumeOrigReplicas := *volumeSts.Spec.Replicas
Eventually(func() (*appsv1.StatefulSet, error) {
return c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(masterOrigReplicas)))
Eventually(func() (*appsv1.StatefulSet, error) {
return c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(volumeOrigReplicas)))
masterHeadlessSvcName := fmt.Sprintf("%s-master-headless", releaseName)
svc, err := c.CoreV1().Services(namespace).Get(ctx, masterHeadlessSvcName, getOpts)
Expect(err).NotTo(HaveOccurred())
port, err := utils.SvcGetPortByName(svc, "http")
Expect(err).NotTo(HaveOccurred())
image, err := utils.StsGetContainerImageByName(masterSts, "seaweedfs")
Expect(err).NotTo(HaveOccurred())
jobSuffix := time.Now().Format("20060102150405")
By("creating a pvc")
pvcName := fmt.Sprintf("weed-%s", jobSuffix)
err = createPVC(ctx, c, pvcName, "1G")
Expect(err).NotTo(HaveOccurred())
By("creating a job to upload a file")
uploadJobName := fmt.Sprintf("weed-upload-%s", jobSuffix)
err = createJob(ctx, c, uploadJobName, port, image, pvcName, kindUpload)
Expect(err).NotTo(HaveOccurred())
Eventually(func() (*batchv1.Job, error) {
return c.BatchV1().Jobs(namespace).Get(ctx, uploadJobName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getSucceededJobs, Equal(int32(1))))
By("scaling down to 0 replicas both master & volume servers")
masterSts, err = utils.StsScale(ctx, c, masterSts, 0)
Expect(err).NotTo(HaveOccurred())
volumeSts, err = utils.StsScale(ctx, c, volumeSts, 0)
Expect(err).NotTo(HaveOccurred())
Eventually(func() (*appsv1.StatefulSet, error) {
return c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, BeZero()))
Eventually(func() (*appsv1.StatefulSet, error) {
return c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, BeZero()))
By("scaling up to the original replicas")
_, err = utils.StsScale(ctx, c, masterSts, masterOrigReplicas)
Expect(err).NotTo(HaveOccurred())
_, err = utils.StsScale(ctx, c, volumeSts, volumeOrigReplicas)
Expect(err).NotTo(HaveOccurred())
Eventually(func() (*appsv1.StatefulSet, error) {
return c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(masterOrigReplicas)))
Eventually(func() (*appsv1.StatefulSet, error) {
return c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(volumeOrigReplicas)))
By("creating a job to download the file")
downloadJobName := fmt.Sprintf("weed-download-%s", jobSuffix)
err = createJob(ctx, c, downloadJobName, port, image, pvcName, kindDownload)
Expect(err).NotTo(HaveOccurred())
Eventually(func() (*batchv1.Job, error) {
return c.BatchV1().Jobs(namespace).Get(ctx, downloadJobName, getOpts)
}, timeout, PollingInterval).Should(WithTransform(getSucceededJobs, Equal(int32(1))))
})
})
AfterEach(func() {
cancel()
})
})

11
.vib/seaweedfs/runtime-parameters.yaml Normal file
View File

@@ -0,0 +1,11 @@
security:
enabled: true
mTLS:
enabled: true
autoGenerated:
enabled: true
master:
service:
type: LoadBalancer
ports:
http: 80

37
.vib/seaweedfs/vib-publish.json Normal file
View File

@@ -0,0 +1,37 @@
{
"phases": {
"package": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/seaweedfs"
}
},
"actions": [
{
"action_id": "helm-package"
},
{
"action_id": "helm-lint"
}
]
},
"publish": {
"actions": [
{
"action_id": "helm-publish",
"params": {
"repository": {
"kind": "S3",
"url": "{VIB_ENV_S3_URL}",
"authn": {
"access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}",
"secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}"
}
}
}
}
]
}
}
}

69
.vib/seaweedfs/vib-verify.json Normal file
View File

@@ -0,0 +1,69 @@
{
"phases": {
"package": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/seaweedfs"
}
},
"actions": [
{
"action_id": "helm-package"
},
{
"action_id": "helm-lint"
}
]
},
"verify": {
"context": {
"resources": {
"url": "{SHA_ARCHIVE}",
"path": "/bitnami/seaweedfs"
},
"target_platform": {
"target_platform_id": "{VIB_ENV_TARGET_PLATFORM}",
"size": {
"name": "M4"
}
}
},
"actions": [
{
"action_id": "cypress",
"params": {
"resources": {
"path": "/.vib/seaweedfs/cypress"
},
"endpoint": "lb-seaweedfs-master-http",
"app_protocol": "HTTP",
"env": {
"masterPortHttp": "9333",
"masterPortGrpc": "19333",
"volumePortHttp": "8080",
"volumePortGrpc": "18080",
"filerPortHttp": "8888",
"filerPortGrpc": "18888",
"s3PortHttp": "8333",
"s3PortGrpc": "18333"
}
}
},
{
"action_id": "ginkgo",
"params": {
"resources": {
"path": "/.vib/seaweedfs/ginkgo"
},
"params": {
"kubeconfig": "{{kubeconfig}}",
"namespace": "{{namespace}}",
"releaseName": "seaweedfs"
}
}
}
]
}
}
}

21
bitnami/seaweedfs/.helmignore Normal file
View File

@@ -0,0 +1,21 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj

9
bitnami/seaweedfs/Chart.lock Normal file
View File

@@ -0,0 +1,9 @@
dependencies:
- name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
version: 18.0.1
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.1
digest: sha256:8152fb970adce3298cd192b3735eadb1ae427b09ab57eecb56126a810c0f0f75
generated: "2024-04-10T14:08:09.207002+02:00"

40
bitnami/seaweedfs/Chart.yaml Normal file
View File

@@ -0,0 +1,40 @@
# Copyright VMware, Inc.
# SPDX-License-Identifier: APACHE-2.0
annotations:
category: Infrastructure
licenses: Apache-2.0
images: |
- name: seaweedfs
image: docker.io/bitnami/seaweedfs:3.64.0-debian-12-r0
apiVersion: v2
appVersion: 3.64.0
dependencies:
- condition: mariadb.enabled
name: mariadb
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- seaweedfs-database
version: 18.x.x
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
tags:
- bitnami-common
version: 2.x.x
description: SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files!
home: https://bitnami.com
icon: https://bitnami.com/assets/stacks/seaweedfs/img/seaweedfs-stack-220x234.png
keywords:
- seaweedfs
- storage
- blob-storage
- file-storage
- object-storage
- s3
maintainers:
- name: VMware, Inc.
url: https://github.com/bitnami/charts
name: seaweedfs
sources:
- https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs
version: 0.1.0

1094
bitnami/seaweedfs/README.md Normal file
View File

File diff suppressed because it is too large Load Diff

169
bitnami/seaweedfs/templates/NOTES.txt Normal file
View File

@@ -0,0 +1,169 @@
CHART NAME: {{ .Chart.Name }}
CHART VERSION: {{ .Chart.Version }}
APP VERSION: {{ .Chart.AppVersion }}
** Please be patient while the chart is being deployed **
{{- if .Values.diagnosticMode.enabled }}
The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
Get the list of pods by executing:
kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }}
Access the pod you want to debug by executing
kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti <NAME OF THE POD> -- bash
Execute the 'weed' command with the same arguments used in the pod to replicate the container startup.
{{- else }}
The Master Server replicas can be accessed through the following DNS name from within your cluster:
{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.master.service.ports.http }} for HTTP)
{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.master.service.ports.grpc }} for gRPC)
To access the Master Server replica from outside the cluster follow the steps below:
{{- if .Values.master.ingress.enabled }}
1. Get the Master Server API URL and associate Master Server hostname to your cluster external IP:
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "Master Server API URL: http{{ if .Values.master.ingress.tls }}s{{ end }}://{{ .Values.master.ingress.hostname }}{{ .Values.master.ingress.path }}"
echo "$CLUSTER_IP {{ .Values.master.ingress.hostname }}" | sudo tee -a /etc/hosts
{{- else }}
{{- $port := .Values.master.service.ports.http | toString }}
1. Get the Master Server API URL by running these commands:
{{- if contains "NodePort" .Values.master.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "seaweedfs.master.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "Master Server API URL: http://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.master.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "seaweedfs.master.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "seaweedfs.master.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "Master Server API URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.master.service.ports.http }}{{ end }}/"
{{- else if contains "ClusterIP" .Values.master.service.type }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "seaweedfs.master.fullname" . }} {{ .Values.master.service.ports.http }}:{{ .Values.master.service.ports.http }} &
echo "Master Server API URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.master.service.ports.http }}{{ end }}/"
{{- end }}
{{- end }}
2. Access the Master Server API with your favorite REST client or using the "weed" CLI.
{{- if and .Values.filer.enabled .Values.s3.enabled }}
The chart was deployed enabling the Amazon S3 API, to access it from outside the cluster follow the steps below:
{{- if .Values.s3.ingress.enabled }}
1. Get the Amazon S3 API URL and associate the hostname to your cluster external IP:
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "Amazon S3 API URL: http{{ if .Values.s3.ingress.tls }}s{{ end }}://{{ .Values.s3.ingress.hostname }}{{ .Values.s3.ingress.path }}"
echo "$CLUSTER_IP {{ .Values.s3.ingress.hostname }}" | sudo tee -a /etc/hosts
{{- else }}
{{- $port := .Values.s3.service.ports.http | toString }}
1. Get the Amazon S3 API URL by running these commands:
{{- if contains "NodePort" .Values.s3.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "seaweedfs.s3.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "Amazon S3 API URL: http://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.s3.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "seaweedfs.s3.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "seaweedfs.s3.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "Amazon S3 API URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.s3.service.ports.http }}{{ end }}"
{{- else if contains "ClusterIP" .Values.s3.service.type }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "seaweedfs.s3.fullname" . }} {{ .Values.s3.service.ports.http }}:{{ .Values.s3.service.ports.http }} &
echo "Amazon S3 API URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.s3.service.ports.http }}{{ end }}/"
{{- end }}
{{- end }}
2. Access the Amazon S3 API with your favorite REST client or using the "aws" CLI.
{{- if and .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
3. Obtain the credentials to configure "aws" CLI ("aws configure" command) running the commands below:
echo "Admin access key id: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }} -o jsonpath="{.data.admin_access_key_id}" | base64 -d)"
echo "Admin secret key: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }} -o jsonpath="{.data.admin_secret_access_key}" | base64 -d)"
{{- end }}
4. Example using "aws" CLI to create a new bucket "foo" and upload a "sample.txt" file:
aws s3 --endpoint-url [AMAZON_S3_API_URL] mb s3://foo
aws s3 --endpoint-url [AMAZON_S3_API_URL] cp sample.txt s3://foo
{{- end }}
{{- if and .Values.filer.enabled .Values.webdav.enabled }}
The chart was deployed enabling WebDAV, to access it from outside the cluster follow the steps below:
{{- if .Values.webdav.ingress.enabled }}
1. Get the WebDAV URL and associate the hostname to your cluster external IP:
export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
echo "WebDAV URL: http{{ if .Values.webdav.ingress.tls }}s{{ end }}://{{ .Values.webdav.ingress.hostname }}{{ .Values.webdav.ingress.path }}"
echo "$CLUSTER_IP {{ .Values.webdav.ingress.hostname }}" | sudo tee -a /etc/hosts
{{- else }}
{{- $port := .Values.webdav.service.ports.http | toString }}
1. Get the WebDAV URL by running these commands:
{{- if contains "NodePort" .Values.webdav.service.type }}
export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "seaweedfs.webdav.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo "WebDAV URL: http{{ if .Values.webdav.tls.enabled }}s{{ end }}://$NODE_IP:$NODE_PORT/"
{{- else if contains "LoadBalancer" .Values.webdav.service.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "seaweedfs.webdav.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "seaweedfs.webdav.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
echo "WebDAV URL: http{{ if .Values.webdav.tls.enabled }}s{{ end }}://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.webdav.service.ports.http }}{{ end }}/"
{{- else if contains "ClusterIP" .Values.webdav.service.type }}
kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "seaweedfs.webdav.fullname" . }} {{ .Values.webdav.service.ports.http }}:{{ .Values.webdav.service.ports.http }} &
echo "WebDAV URL: http{{ if .Values.webdav.tls.enabled }}s{{ end }}://127.0.0.1{{- if ne $port "80" }}:{{ .Values.webdav.service.ports.http }}{{ end }}/"
{{- end }}
{{- end }}
2. Connect to WebDAV server as explained at https://github.com/seaweedfs/seaweedfs/wiki/WebDAV.
{{- end }}
{{- end }}
{{- include "common.warnings.rollingTag" .Values.image }}
{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
{{- include "seaweedfs.validateValues" . }}

595
bitnami/seaweedfs/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,595 @@
{{/*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{/*
Return the proper SeaweedFS Master Server fullname
*/}}
{{- define "seaweedfs.master.fullname" -}}
{{- printf "%s-master" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper SeaweedFS Volume Server fullname
*/}}
{{- define "seaweedfs.volume.fullname" -}}
{{- printf "%s-volume" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper SeaweedFS Filer Server fullname
*/}}
{{- define "seaweedfs.filer.fullname" -}}
{{- printf "%s-filer" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper SeaweedFS Amazon S3 API fullname
*/}}
{{- define "seaweedfs.s3.fullname" -}}
{{- printf "%s-s3" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper SeaweedFS WebDAV fullname
*/}}
{{- define "seaweedfs.webdav.fullname" -}}
{{- printf "%s-webdav" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper SeaweedFS MariaDB database fullname
*/}}
{{- define "seaweedfs.mariadb.fullname" -}}
{{- include "common.names.dependency.fullname" (dict "chartName" "mariadb" "chartValues" .Values.mariadb "context" $) -}}
{{- end -}}
{{/*
Return the proper SeaweedFS image name
*/}}
{{- define "seaweedfs.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper image name (for the init container volume-permissions image)
*/}}
{{- define "seaweedfs.volumePermissions.image" -}}
{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
{{- end -}}
{{/*
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "seaweedfs.imagePullSecrets" -}}
{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) -}}
{{- end -}}
{{/*
Create the name of the service account to use
*/}}
{{- define "seaweedfs.serviceAccountName" -}}
{{- if .Values.serviceAccount.create -}}
{{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
{{- else -}}
{{ default "default" .Values.serviceAccount.name }}
{{- end -}}
{{- end -}}
{{/*
Return the Master Server configuration configmap.
*/}}
{{- define "seaweedfs.master.configmapName" -}}
{{- if .Values.master.existingConfigmap -}}
{{- print (tpl .Values.master.existingConfigmap .) -}}
{{- else -}}
{{- print (include "seaweedfs.master.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Volume Server configuration configmap.
*/}}
{{- define "seaweedfs.volume.configmapName" -}}
{{- if .Values.volume.existingConfigmap -}}
{{- print (tpl .Values.volume.existingConfigmap .) -}}
{{- else -}}
{{- print (include "seaweedfs.volume.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Filer Server configuration configmap.
*/}}
{{- define "seaweedfs.filer.configmapName" -}}
{{- if .Values.filer.existingConfigmap -}}
{{- print (tpl .Values.filer.existingConfigmap .) -}}
{{- else -}}
{{- print (include "seaweedfs.filer.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the Master Server peers
*/}}
{{- define "seaweedfs.master.servers" -}}
{{- $peers := list -}}
{{- $masterFullname := include "seaweedfs.master.fullname" . -}}
{{- $masterHeadlessSvcName := printf "%s-headless" (include "seaweedfs.master.fullname" .) -}}
{{- $clusterDomain := .Values.clusterDomain -}}
{{- $masterPort := int .Values.master.containerPorts.http -}}
{{- range $i := until (int .Values.master.replicaCount) }}
{{- $peers = append $peers (printf "%s-%d.%s.$(NAMESPACE).svc.%s:%d" $masterFullname $i $masterHeadlessSvcName $clusterDomain $masterPort) -}}
{{- end -}}
{{- print (join "," $peers) -}}
{{- end -}}
{{/*
Return true if persistence is enabled for any of the data volumes for Volume Server
*/}}
{{- define "seaweedfs.volume.persistence.enabled" -}}
{{- $persistenceEnabled := false -}}
{{- range .Values.volume.dataVolumes -}}
{{- if .persistence.enabled -}}
{{- $persistenceEnabled = true -}}
{{- end -}}
{{- end -}}
{{- $persistenceEnabled -}}
{{- end -}}
{{/*
Return the user defined LoadBalancerIP for Volume Server service
Note: returns 127.0.0.1 if using ClusterIP
*/}}
{{- define "seaweedfs.volume.serviceIP" -}}
{{- if eq .Values.volume.service.type "ClusterIP" -}}
{{- print "127.0.0.1" -}}
{{- else if eq .Values.volume.service.type "LoadBalancer" -}}
{{- .Values.volume.service.loadBalancerIP | default "" -}}
{{- end -}}
{{- end -}}
{{/*
Return the advertised URL to access Volume Server
*/}}
{{- define "seaweedfs.volume.publicUrl" -}}
{{- if .Values.volume.ingress.enabled -}}
{{- printf "%s%s" .Values.volume.ingress.hostname .Values.volume.ingress.path | default "" -}}
{{- else if .Values.volume.publicUrl -}}
{{- .Values.volume.publicUrl | default "" -}}
{{- else -}}
{{- include "seaweedfs.volume.serviceIP" . -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret containing the mTLS CA
*/}}
{{- define "seaweedfs.security.mTLS.caSecretName" -}}
{{- if or .Values.security.mTLS.autoGenerated.enabled (not (empty .Values.security.mTLS.ca)) -}}
{{- printf "%s-ca-crt" (include "common.names.fullname" .) -}}
{{- else -}}
{{- required "An existing CA secret name must be provided if CA cert is not provided!" (tpl .Values.security.mTLS.existingCASecret .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret containing the mTLS master certificates
*/}}
{{- define "seaweedfs.security.mTLS.master.secretName" -}}
{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.master.cert)) (not (empty .Values.security.mTLS.master.key))) -}}
{{- printf "%s-crt" (include "seaweedfs.master.fullname" .) -}}
{{- else -}}
{{- required "An existing master secret name must be provided if master cert and key are not provided!" (tpl .Values.security.mTLS.master.existingSecret .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret containing the mTLS filer certificates
*/}}
{{- define "seaweedfs.security.mTLS.filer.secretName" -}}
{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.filer.cert)) (not (empty .Values.security.mTLS.filer.key))) -}}
{{- printf "%s-crt" (include "seaweedfs.filer.fullname" .) -}}
{{- else -}}
{{- required "An existing filer secret name must be provided if filer cert and key are not provided!" (tpl .Values.security.mTLS.filer.existingSecret .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret containing the mTLS volume certificates
*/}}
{{- define "seaweedfs.security.mTLS.volume.secretName" -}}
{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.volume.cert)) (not (empty .Values.security.mTLS.volume.key))) -}}
{{- printf "%s-crt" (include "seaweedfs.volume.fullname" .) -}}
{{- else -}}
{{- required "An existing volume secret name must be provided if volume cert and key are not provided!" (tpl .Values.security.mTLS.volume.existingSecret .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the name of the secret containing the mTLS client certificates
*/}}
{{- define "seaweedfs.security.mTLS.client.secretName" -}}
{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.client.cert)) (not (empty .Values.security.mTLS.client.key))) -}}
{{- printf "%s-client-crt" (include "common.names.fullname" .) -}}
{{- else -}}
{{- required "An existing client secret name must be provided if client cert and key are not provided!" (tpl .Values.security.mTLS.client.existingSecret .) -}}
{{- end -}}
{{- end -}}
{{/*
Return the database hostname
*/}}
{{- define "seaweedfs.database.host" -}}
{{- if .Values.mariadb.enabled }}
{{- if eq .Values.mariadb.architecture "replication" }}
{{- printf "%s-primary" (include "seaweedfs.mariadb.fullname" .) | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- print (include "seaweedfs.mariadb.fullname" .) -}}
{{- end -}}
{{- else -}}
{{- print .Values.externalDatabase.host -}}
{{- end -}}
{{- end -}}
{{/*
Return the database port
*/}}
{{- define "seaweedfs.database.port" -}}
{{- if .Values.mariadb.enabled }}
{{- print "3306" -}}
{{- else -}}
{{- printf "%d" (.Values.externalDatabase.port | int ) -}}
{{- end -}}
{{- end -}}
{{/*
Return the database name
*/}}
{{- define "seaweedfs.database.name" -}}
{{- if .Values.mariadb.enabled }}
{{- print .Values.mariadb.auth.database -}}
{{- else -}}
{{- print .Values.externalDatabase.database -}}
{{- end -}}
{{- end -}}
{{/*
Return the database user
*/}}
{{- define "seaweedfs.database.user" -}}
{{- if .Values.mariadb.enabled }}
{{- print .Values.mariadb.auth.username -}}
{{- else -}}
{{- print .Values.externalDatabase.user -}}
{{- end -}}
{{- end -}}
{{/*
Return the database secret name
*/}}
{{- define "seaweedfs.database.secretName" -}}
{{- if .Values.mariadb.enabled }}
{{- if .Values.mariadb.auth.existingSecret -}}
{{- print (tpl .Values.mariadb.auth.existingSecret .) -}}
{{- else -}}
{{- print (include "seaweedfs.mariadb.fullname" .) -}}
{{- end -}}
{{- else if .Values.externalDatabase.existingSecret -}}
{{- print (tpl .Values.externalDatabase.existingSecret .) -}}
{{- else -}}
{{- printf "%s-externaldb" (include "common.names.fullname" .) -}}
{{- end -}}
{{- end -}}
{{/*
Returns an init-container that waits for the database to be ready
*/}}
{{- define "seaweedfs.filer.waitForDBInitContainer" -}}
- name: wait-for-db
image: {{ include "common.images.image" (dict "imageRoot" .Values.mariadb.image "global" .Values.global) }}
imagePullPolicy: {{ .Values.mariadb.image.pullPolicy }}
{{- if .Values.filer.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.filer.containerSecurityContext "context" $) | nindent 4 }}
{{- end }}
command:
- bash
args:
- -ec
- |
#!/bin/bash
set -o errexit
set -o nounset
set -o pipefail
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libvalidations.sh
. /opt/bitnami/scripts/libmariadb.sh
. /opt/bitnami/scripts/mariadb-env.sh
info "Waiting for host $DATABASE_HOST"
mariadb_is_ready() {
if ! echo "select 1" | mysql_remote_execute "$DATABASE_HOST" "$DATABASE_PORT_NUMBER" "$DATABASE_NAME" "$DATABASE_USER" "$DATABASE_PASSWORD"; then
return 1
fi
return 0
}
if ! retry_while "mariadb_is_ready"; then
error "Database not ready"
exit 1
fi
info "Database is ready"
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.mariadb.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: DATABASE_HOST
value: {{ include "seaweedfs.database.host" . | quote }}
- name: DATABASE_PORT_NUMBER
value: {{ include "seaweedfs.database.port" . | quote }}
- name: DATABASE_NAME
value: {{ include "seaweedfs.database.name" . | quote }}
- name: DATABASE_USER
value: {{ include "seaweedfs.database.user" . | quote }}
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "seaweedfs.database.secretName" . }}
key: mariadb-password
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- end -}}
{{/*
Returns an init-container that generates auth configuration for the Amazon S3 API
*/}}
{{- define "seaweedfs.s3.authConfigInitContainer" -}}
- name: auth-config-init
image: {{ template "seaweedfs.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.s3.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.s3.containerSecurityContext "context" $) | nindent 4 }}
{{- end }}
command:
- bash
args:
- -ec
- |
#!/bin/bash
cat > "/auth/config.json" <<EOF
{
"identities": [
{
"name": "admin",
"credentials": [
{
"accessKey": "${ADMIN_ACCESS_KEY_ID}",
"secretKey": "${ADMIN_SECRET_ACCESS_KEY}"
}
],
"actions": [
"Admin",
"Read",
"List",
"Tagging",
"Write"
]
},
{
"name": "read_only",
"credentials": [
{
"accessKey": "${READ_ACCESS_KEY_ID}",
"secretKey": "${READ_SECRET_ACCESS_KEY}"
}
],
"actions": [
"Read"
]
}
]
}
EOF
env:
- name: ADMIN_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
key: admin_access_key_id
- name: ADMIN_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
key: admin_secret_access_key
- name: READ_ACCESS_KEY_ID
valueFrom:
secretKeyRef:
name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
key: read_access_key_id
- name: READ_SECRET_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
key: read_secret_access_key
volumeMounts:
- name: empty-dir
mountPath: /auth
subPath: auth-dir
{{- end -}}
{{/*
Return the name of the secret containing the WebDAV TLS certificates
*/}}
{{- define "seaweedfs.webdav.tls.secretName" -}}
{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.webdav.tls.cert)) (not (empty .Values.webdav.tls.key))) -}}
{{- printf "%s-crt" (include "seaweedfs.webdav.fullname" .) -}}
{{- else -}}
{{- required "An existing secret name must be provided if WebDAV TLS cert and key are not provided!" (tpl .Values.webdav.tls.existingSecret .) -}}
{{- end -}}
{{- end -}}
{{/*
Compile all warnings into a single message.
*/}}
{{- define "seaweedfs.validateValues" -}}
{{- $messages := list -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.security.mTLS" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.master.replicaCount" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.volume.replicaCount" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.volume.dataVolumes" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.filer.database" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.s3" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.webdav" .) -}}
{{- $messages := append $messages (include "seaweedfs.validateValues.webdav.tls" .) -}}
{{- $messages := without $messages "" -}}
{{- $message := join "\n" $messages -}}
{{- if $message -}}
{{- printf "\nVALUES VALIDATION:\n%s" $message -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - MTLS
*/}}
{{- define "seaweedfs.validateValues.security.mTLS" -}}
{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled -}}
{{- if or (not (empty .Values.security.mTLS.ca)) (not (empty .Values.security.mTLS.master.cert)) (not (empty .Values.security.mTLS.master.key)) (not (empty .Values.security.mTLS.volume.cert)) (not (empty .Values.security.mTLS.volume.key)) (not (empty .Values.security.mTLS.filer.cert)) (not (empty .Values.security.mTLS.filer.key)) (not (empty .Values.security.mTLS.client.cert)) (not (empty .Values.security.mTLS.client.key)) -}}
security.mTLS.autoGenerated
When enabling auto-generated MTLS certificates, all certificate and key fields must be empty.
Please disable auto-generated MTLS certificates (--set security.mTLS.autoGenerated.enabled=false) or
remove the certificate and key fields.
{{- end -}}
{{- if or (not (empty .Values.security.mTLS.existingCASecret) ) (not (empty .Values.security.mTLS.master.existingSecret)) (not (empty .Values.security.mTLS.volume.existingSecret)) (not (empty .Values.security.mTLS.filer.existingSecret)) (not (empty .Values.security.mTLS.client.existingSecret)) -}}
security.mTLS.autoGenerated
When enabling auto-generated MTLS certificates, all existing secret fields must be empty.
Please disable auto-generated MTLS certificates (--set security.mTLS.autoGenerated.enabled=false) or
remove the existing secret fields.
{{- end -}}
{{- if and (ne .Values.security.mTLS.autoGenerated.engine "helm") (ne .Values.security.mTLS.autoGenerated.engine "cert-manager") -}}
security.mTLS.autoGenerated.engine
Invalid mechanism to generate the mTLS certificates selected. Valid values are "helm" and
"cert-manager". Please set a valid one (--set security.mTLS.autoGenerated.engine="xxx")
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - number of Master server replicas
*/}}
{{- define "seaweedfs.validateValues.master.replicaCount" -}}
{{- $masterReplicaCount := int .Values.master.replicaCount }}
{{- if and .Values.master.persistence.enabled .Values.master.persistence.existingClaim (gt $masterReplicaCount 1) -}}
master.replicaCount
A single existing PVC cannot be shared between multiple Master Server replicas.
Please set a valid number of replicas (--set master.replicaCount=1), disable persistence
(--set master.persistence.enabled=false) or rely on dynamic provisioning via Persitent
Volume Claims (--set master.persistence.existingClaim="").
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - number of Volume server replicas
*/}}
{{- define "seaweedfs.validateValues.volume.replicaCount" -}}
{{- $volumeReplicaCount := int .Values.volume.replicaCount }}
{{- range .Values.volume.dataVolumes -}}
{{- if and .persistence.enabled .persistence.existingClaim (gt $volumeReplicaCount 1) -}}
volume.replicaCount
A single existing PVC cannot be shared between multiple Volume Server replicas.
Please set a valid number of replicas (--set volume.replicaCount=1), disable persistence
(--set volume.dataVolumes[].persistence.enabled=false) or rely on dynamic provisioning via Persitent
Volume Claims (--set volume.dataVolumes[].persistence.existingClaim="").
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - Duplicates on Volume server dataVolumes
*/}}
{{- define "seaweedfs.validateValues.volume.dataVolumes" -}}
{{- $uniqueNames := list -}}
{{- $uniqueMountPaths := list -}}
{{- range .Values.volume.dataVolumes -}}
{{- if has .name $uniqueNames -}}
volume.dataVolumes[]
Duplicate .name values are not allowed in the volume.dataVolumes array.
Please ensure that all .name values are unique.
{{- else -}}
{{- $uniqueNames = append $uniqueNames .name -}}
{{- end -}}
{{- if has .mountPath $uniqueMountPaths -}}
volume.dataVolumes[]
Duplicate .mountPath values are not allowed in the volume.dataVolumes array.
Please ensure that all .mountPath values are unique.
{{- else -}}
{{- $uniqueMountPaths = append $uniqueMountPaths .mountPath -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - Filer server database
*/}}
{{- define "seaweedfs.validateValues.filer.database" -}}
{{- if and (not .Values.filer.enabled) .Values.mariadb.enabled -}}
mariadb.enabled
The Filer Server is disabled, but the MariaDB dependency is enabled.
Please enable the Filer Server (--set filer.enabled=true) or
disable the MariaDB dependency (--set mariadb.enabled=false).
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - Amazon S3 API
*/}}
{{- define "seaweedfs.validateValues.s3" -}}
{{- if and (not .Values.filer.enabled) .Values.s3.enabled -}}
s3.enabled
The Filer Server is disabled, but the Amazon S3 API is enabled.
Please enable the Filer Server (--set filer.enabled=true) or
disable the Amazon S3 API (--set s3.enabled=false).
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - WebDAV
*/}}
{{- define "seaweedfs.validateValues.webdav" -}}
{{- if and (not .Values.filer.enabled) .Values.webdav.enabled -}}
s3.enabled
The Filer Server is disabled, but WebDAV is enabled.
Please enable the Filer Server (--set filer.enabled=true) or
disable WebDAV (--set webdav.enabled=false).
{{- end -}}
{{- end -}}
{{/*
Validate values of SeaweedFS - WebDAV TLS
*/}}
{{- define "seaweedfs.validateValues.webdav.tls" -}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled .Values.security.mTLS.autoGenerated.enabled -}}
{{- if or (not (empty .Values.webdav.tls.cert)) (not (empty .Values.webdav.tls.key)) -}}
webdav.tls.autoGenerated
When enabling auto-generated TLS certificates, certificate and key fields must be empty.
Please disable auto-generated TLS certificates (--set webdav.tls.autoGenerated=false) or
remove the certificate and key fields (--set webdav.tls.cert="",webdav.tls.key="").
{{- end -}}
{{- if not (empty .Values.webdav.tls.existingSecret) -}}
webdav.tls.autoGenerated
When enabling auto-generated TLS certificates, the existing secret field must be empty.
Please disable auto-generated TLS certificates (--set webdav.tls.autoGenerated=false) or
remove the existing secret field (--set webdav.tls.existingSecret="").
{{- end -}}
{{- if and (ne .Values.webdav.tls.autoGenerated.engine "helm") (ne .Values.webdav.tls.autoGenerated.engine "cert-manager") -}}
webdav.tls.autoGenerated.engine
Invalid mechanism to generate the TLS certificates selected. Valid values are "helm" and
"cert-manager". Please set a valid one (--set webdav.tls.autoGenerated.engine="xxx")
{{- end -}}
{{- end -}}
{{- end -}}

50
bitnami/seaweedfs/templates/ca-cert.yaml Normal file
View File

@@ -0,0 +1,50 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
{{- if empty .Values.security.mTLS.autoGenerated.certManager.existingIssuer }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ printf "%s-clusterissuer" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selfSigned: {}
---
{{- end }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
commonName: {{ printf "%s-root-ca" (include "common.names.fullname" .) }}
isCA: true
issuerRef:
name: {{ default (printf "%s-clusterissuer" (include "common.names.fullname" .)) .Values.security.mTLS.autoGenerated.certManager.existingIssuer }}
kind: {{ default "Issuer" .Values.security.mTLS.autoGenerated.certManager.existingIssuerKind }}
---
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
ca:
secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
{{- end }}

34
bitnami/seaweedfs/templates/client-cert.yaml Normal file
View File

@@ -0,0 +1,34 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-client-crt" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-client-crt" (include "common.names.fullname" .) }}
commonName: {{ printf "%s-client" (include "common.names.fullname" .) }}
issuerRef:
name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
kind: Issuer
subject:
organizations:
- "SeaweedFS"
dnsNames:
- '*.{{ include "common.names.namespace" . }}'
- '*.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
privateKey:
algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
{{- end }}

19
bitnami/seaweedfs/templates/externaldb-secrets.yaml Normal file
View File

@@ -0,0 +1,19 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }}
{{- end }}

9
bitnami/seaweedfs/templates/extra-list.yaml Normal file
View File

@@ -0,0 +1,9 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- range .Values.extraDeploy }}
---
{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
{{- end }}

43
bitnami/seaweedfs/templates/filer/cert.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.filer.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-crt" (include "seaweedfs.filer.fullname" .) }}
commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.filer.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
issuerRef:
name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
kind: Issuer
subject:
organizations:
- "SeaweedFS"
dnsNames:
- '*.{{ include "common.names.namespace" . }}'
- '*.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ include "seaweedfs.filer.fullname" . }}'
- '*.{{ include "seaweedfs.filer.fullname" . }}.{{ include "common.names.namespace" . }}'
- '*.{{ include "seaweedfs.filer.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "seaweedfs.filer.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.{{ include "common.names.namespace" . }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
privateKey:
algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
{{- end }}

20
bitnami/seaweedfs/templates/filer/configmap.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.config (empty .Values.filer.existingConfigmap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
filer.toml: |-
{{ include "common.tplvalues.render" ( dict "value" .Values.filer.config "context" $ ) | indent 4 }}
{{- end }}

37
bitnami/seaweedfs/templates/filer/headless-service.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.filer.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if or .Values.filer.service.headless.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.service.headless.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: http
port: {{ .Values.filer.containerPorts.http }}
protocol: TCP
- name: grpc
port: {{ .Values.filer.containerPorts.grpc }}
protocol: TCP
{{- if .Values.filer.metrics.enabled }}
- name: tcp-metrics
port: {{ .Values.filer.containerPorts.metrics }}
protocol: TCP
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- end }}

49
bitnami/seaweedfs/templates/filer/hpa.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ template "seaweedfs.filer.fullname" . }}
minReplicas: {{ .Values.filer.autoscaling.minReplicas }}
maxReplicas: {{ .Values.filer.autoscaling.maxReplicas }}
metrics:
{{- if .Values.filer.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.filer.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.filer.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- if .Values.filer.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.filer.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.filer.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- end }}

46
bitnami/seaweedfs/templates/filer/ingress-tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.ingress.enabled }}
{{- if .Values.filer.ingress.secrets }}
{{- range .Values.filer.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.filer.ingress.tls .Values.filer.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.filer.ingress.hostname }}
{{- $ca := genCA "master-ca" 365 }}
{{- $cert := genSignedCert .Values.filer.ingress.hostname nil (list .Values.filer.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

62
bitnami/seaweedfs/templates/filer/ingress.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.filer.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.ingress.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.filer.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.filer.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if or .Values.filer.ingress.hostname .Values.filer.ingress.path }}
- http:
paths:
{{- if .Values.filer.ingress.extraPaths }}
{{- toYaml .Values.filer.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.filer.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.filer.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.filer.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if not (empty .Values.filer.ingress.hostname )}}
host: {{ .Values.filer.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.filer.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.filer.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.filer.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.filer.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.filer.ingress.annotations )) .Values.filer.ingress.selfSigned)) .Values.filer.ingress.extraTls }}
tls:
{{- if and .Values.filer.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.filer.ingress.annotations )) .Values.filer.ingress.selfSigned) }}
- hosts:
- {{ .Values.filer.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.filer.ingress.hostname }}
{{- end }}
{{- if .Values.filer.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

31
bitnami/seaweedfs/templates/filer/metrics-service.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "seaweedfs.filer.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
app.kubernetes.io/part-of: metrics
{{- if or .Values.filer.metrics.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: tcp-metrics
port: {{ .Values.filer.metrics.service.port }}
{{- if not (eq .Values.filer.metrics.service.port .Values.filer.containerPorts.metrics) }}
targetPort: {{ .Values.filer.containerPorts.metrics }}
{{- end }}
protocol: TCP
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- end }}

74
bitnami/seaweedfs/templates/filer/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,74 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.filer.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: filer
policyTypes:
- Ingress
- Egress
egress:
{{- if .Values.filer.networkPolicy.allowExternalEgress }}
- {}
{{- else }}
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- if .Values.filer.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.filer.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.filer.containerPorts.http }}
- port: {{ .Values.filer.containerPorts.grpc }}
{{- if .Values.filer.metrics.enabled }}
- port: {{ .Values.filer.containerPorts.metrics }}
{{- end }}
{{- range .Values.filer.extraContainerPorts }}
- port: {{ .containerPort }}
{{- end }}
{{- if not .Values.filer.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.filer.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.filer.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.filer.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.filer.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.filer.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.filer.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

29
bitnami/seaweedfs/templates/filer/pdb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $replicaCount := int .Values.filer.replicaCount }}
{{- if and .Values.filer.enabled .Values.filer.pdb.create (or (gt $replicaCount 1) .Values.filer.autoscaling.enabled) }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.filer.pdb.minAvailable }}
minAvailable: {{ .Values.filer.pdb.minAvailable }}
{{- end }}
{{- if .Values.filer.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.filer.pdb.maxUnavailable }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: filer
{{- end }}

63
bitnami/seaweedfs/templates/filer/service.yaml Normal file
View File

@@ -0,0 +1,63 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.filer.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if or .Values.filer.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.filer.service.type }}
{{- if and .Values.filer.service.clusterIP (eq .Values.filer.service.type "ClusterIP") }}
clusterIP: {{ .Values.filer.service.clusterIP }}
{{- end }}
{{- if .Values.filer.service.sessionAffinity }}
sessionAffinity: {{ .Values.filer.service.sessionAffinity }}
{{- end }}
{{- if .Values.filer.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.filer.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.filer.service.type "LoadBalancer") (eq .Values.filer.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.filer.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.filer.service.type "LoadBalancer") (not (empty .Values.filer.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.filer.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.filer.service.type "LoadBalancer") (not (empty .Values.filer.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.filer.service.loadBalancerIP }}
{{- end }}
ports:
- name: http
port: {{ .Values.filer.service.ports.http }}
targetPort: http
protocol: TCP
{{- if and (or (eq .Values.filer.service.type "NodePort") (eq .Values.filer.service.type "LoadBalancer")) (not (empty .Values.filer.service.nodePorts.http)) }}
nodePort: {{ .Values.filer.service.nodePorts.http }}
{{- else if eq .Values.filer.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: grpc
port: {{ .Values.filer.service.ports.grpc }}
targetPort: grpc
protocol: TCP
{{- if and (or (eq .Values.filer.service.type "NodePort") (eq .Values.filer.service.type "LoadBalancer")) (not (empty .Values.filer.service.nodePorts.grpc)) }}
nodePort: {{ .Values.filer.service.nodePorts.grpc }}
{{- else if eq .Values.filer.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.filer.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- end }}

49
bitnami/seaweedfs/templates/filer/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.filer.metrics.enabled .Values.filer.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.filer.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if or .Values.filer.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.filer.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: filer
app.kubernetes.io/part-of: metrics
{{- if .Values.filer.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: tcp-metrics
path: "/metrics"
{{- if .Values.filer.metrics.serviceMonitor.interval }}
interval: {{ .Values.filer.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.filer.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.filer.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.filer.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.filer.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.filer.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.filer.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

296
bitnami/seaweedfs/templates/filer/statefulset.yaml Normal file
View File

@@ -0,0 +1,296 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.filer.enabled }}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "seaweedfs.filer.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if or .Values.filer.statefulsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.filer.autoscaling.enabled }}
replicas: {{ .Values.filer.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.filer.podManagementPolicy | quote }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: filer
serviceName: {{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}
{{- if .Values.filer.updateStrategy }}
updateStrategy: {{- toYaml .Values.filer.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- if and .Values.filer.config (empty .Values.filer.existingConfigmap) }}
checksum/config: {{ include (print $.Template.BasePath "/filer/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.security.enabled }}
checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.filer.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: filer
spec:
{{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.filer.automountServiceAccountToken }}
{{- if .Values.filer.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.filer.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.filer.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- if not (empty .Values.filer.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.filer.podAffinityPreset "component" "filer" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.filer.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.filer.podAntiAffinityPreset "component" "filer" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.filer.nodeAffinityPreset.type) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.filer.nodeAffinityPreset.type "key" .Values.filer.nodeAffinityPreset.key "values" .Values.filer.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.filer.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.filer.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.filer.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.filer.priorityClassName }}
priorityClassName: {{ .Values.filer.priorityClassName | quote }}
{{- end }}
{{- if .Values.filer.schedulerName }}
schedulerName: {{ .Values.filer.schedulerName | quote }}
{{- end }}
{{- if .Values.filer.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.filer.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.filer.podSecurityContext.enabled }}
securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.filer.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.filer.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- include "seaweedfs.filer.waitForDBInitContainer" . | nindent 8 }}
{{- if .Values.filer.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: seaweedfs
image: {{ template "seaweedfs.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.filer.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.filer.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.filer.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.filer.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.filer.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.filer.args "context" $) | nindent 12 }}
{{- else }}
args:
- -logtostderr=true
- -v={{ .Values.filer.logLevel }}
{{- if or .Values.security.enabled .Values.filer.config .Values.filer.existingConfigmap }}
- -config_dir=/etc/seaweedfs
{{- end }}
- filer
- -ip.bind={{ .Values.filer.bindAddress }}
- -ip=$(POD_NAME).{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.$(NAMESPACE).svc.{{ .Values.clusterDomain }}
- -port={{ .Values.filer.containerPorts.http }}
- -port.grpc={{ .Values.filer.containerPorts.grpc }}
- -master={{ include "seaweedfs.master.servers" . }}
{{- if .Values.filer.metrics.enabled }}
- -metricsPort={{ .Values.filer.containerPorts.metrics }}
{{- end }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEED_CLUSTER_DEFAULT
value: {{ .Values.clusterDefault | quote }}
- name: WEED_MYSQL_ENABLED
value: "true"
- name: WEED_MYSQL_HOSTNAME
value: {{ include "seaweedfs.database.host" . | quote }}
- name: WEED_MYSQL_PORT
value: {{ include "seaweedfs.database.port" . | quote }}
- name: WEED_MYSQL_DATABASE
value: {{ include "seaweedfs.database.name" . | quote }}
- name: WEED_MYSQL_USERNAME
value: {{ include "seaweedfs.database.user" . | quote }}
- name: WEED_MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "seaweedfs.database.secretName" . }}
key: mariadb-password
- name: WEED_MYSQL_CONNECTION_MAX_IDLE
value: "5"
- name: WEED_MYSQL_CONNECTION_MAX_OPEN
value: "75"
- name: WEED_MYSQL_CONNECTION_MAX_LIFETIME_SECONDS
value: "600"
- name: WEED_MYSQL_INTERPOLATEPARAMS
value: "true"
{{- if .Values.filer.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.filer.extraEnvVarsCM .Values.filer.extraEnvVarsSecret }}
envFrom:
{{- if .Values.filer.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.filer.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.filer.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.filer.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.filer.resources }}
resources: {{- toYaml .Values.filer.resources | nindent 12 }}
{{- else if ne .Values.filer.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.filer.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.filer.containerPorts.http }}
- name: grpc
containerPort: {{ .Values.filer.containerPorts.grpc }}
{{- if .Values.filer.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.filer.containerPorts.metrics }}
{{- end }}
{{- if .Values.filer.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.filer.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.filer.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.filer.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.filer.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: http
{{- end }}
{{- if .Values.filer.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.filer.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.filer.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.filer.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: http
{{- end }}
{{- if .Values.filer.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.filer.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.filer.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.filer.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /
port: http
{{- end }}
{{- end }}
{{- if .Values.filer.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.filer.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if or .Values.filer.config .Values.filer.existingConfigmap }}
- name: config
mountPath: /etc/seaweedfs/filer.toml
subPath: filer.toml
readOnly: true
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
mountPath: /etc/seaweedfs/security.toml
subPath: security.toml
readOnly: true
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
readOnly: true
mountPath: /certs/ca
- name: master-cert
readOnly: true
mountPath: /certs/master
- name: filer-cert
readOnly: true
mountPath: /certs/filer
- name: volume-cert
readOnly: true
mountPath: /certs/volume
- name: client-cert
readOnly: true
mountPath: /certs/client
{{- end }}
{{- end }}
{{- if .Values.filer.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.filer.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.filer.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if or .Values.filer.config .Values.filer.existingConfigmap }}
- name: config
configMap:
name: {{ template "seaweedfs.filer.configmapName" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
configMap:
name: {{ printf "%s-security" (include "common.names.fullname" .) }}
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
items:
- key: tls.crt
path: tls.crt
- name: master-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
- name: filer-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
- name: volume-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
- name: client-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
{{- end }}
{{- end }}
{{- if .Values.filer.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.filer.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

43
bitnami/seaweedfs/templates/master/cert.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.master.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-crt" (include "seaweedfs.master.fullname" .) }}
commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.master.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
issuerRef:
name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
kind: Issuer
subject:
organizations:
- "SeaweedFS"
dnsNames:
- '*.{{ include "common.names.namespace" . }}'
- '*.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ include "seaweedfs.master.fullname" . }}'
- '*.{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}'
- '*.{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.{{ include "common.names.namespace" . }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
privateKey:
algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
{{- end }}

20
bitnami/seaweedfs/templates/master/configmap.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.master.config (empty .Values.master.existingConfigmap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
master.toml: |-
{{ include "common.tplvalues.render" ( dict "value" .Values.master.config "context" $ ) | indent 4 }}
{{- end }}

35
bitnami/seaweedfs/templates/master/headless-service.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.master.service.headless.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.service.headless.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: http
port: {{ .Values.master.containerPorts.http }}
protocol: TCP
- name: grpc
port: {{ .Values.master.containerPorts.grpc }}
protocol: TCP
{{- if .Values.master.metrics.enabled }}
- name: tcp-metrics
port: {{ .Values.master.containerPorts.metrics }}
protocol: TCP
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master

49
bitnami/seaweedfs/templates/master/hpa.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.master.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ template "seaweedfs.master.fullname" . }}
minReplicas: {{ .Values.master.autoscaling.minReplicas }}
maxReplicas: {{ .Values.master.autoscaling.maxReplicas }}
metrics:
{{- if .Values.master.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.master.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.master.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- if .Values.master.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.master.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.master.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- end }}

46
bitnami/seaweedfs/templates/master/ingress-tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.master.ingress.enabled }}
{{- if .Values.master.ingress.secrets }}
{{- range .Values.master.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.master.ingress.tls .Values.master.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.master.ingress.hostname }}
{{- $ca := genCA "master-ca" 365 }}
{{- $cert := genSignedCert .Values.master.ingress.hostname nil (list .Values.master.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

62
bitnami/seaweedfs/templates/master/ingress.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.master.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.master.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.ingress.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.master.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.master.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if or .Values.master.ingress.hostname .Values.master.ingress.path }}
- http:
paths:
{{- if .Values.master.ingress.extraPaths }}
{{- toYaml .Values.master.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.master.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.master.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.master.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if not (empty .Values.master.ingress.hostname )}}
host: {{ .Values.master.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.master.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.master.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.master.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.master.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.master.ingress.annotations )) .Values.master.ingress.selfSigned)) .Values.master.ingress.extraTls }}
tls:
{{- if and .Values.master.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.master.ingress.annotations )) .Values.master.ingress.selfSigned) }}
- hosts:
- {{ .Values.master.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.master.ingress.hostname }}
{{- end }}
{{- if .Values.master.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

31
bitnami/seaweedfs/templates/master/metrics-service.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.master.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "seaweedfs.master.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
app.kubernetes.io/part-of: metrics
{{- if or .Values.master.metrics.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: tcp-metrics
port: {{ .Values.master.metrics.service.port }}
{{- if not (eq .Values.master.metrics.service.port .Values.master.containerPorts.metrics) }}
targetPort: {{ .Values.master.containerPorts.metrics }}
{{- end }}
protocol: TCP
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- end }}

74
bitnami/seaweedfs/templates/master/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,74 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.master.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: master
policyTypes:
- Ingress
- Egress
egress:
{{- if .Values.master.networkPolicy.allowExternalEgress }}
- {}
{{- else }}
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- if .Values.master.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.master.containerPorts.http }}
- port: {{ .Values.master.containerPorts.grpc }}
{{- if .Values.master.metrics.enabled }}
- port: {{ .Values.master.containerPorts.metrics }}
{{- end }}
{{- range .Values.master.extraContainerPorts }}
- port: {{ .containerPort }}
{{- end }}
{{- if not .Values.master.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.master.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.master.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.master.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.master.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.master.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

29
bitnami/seaweedfs/templates/master/pdb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $replicaCount := int .Values.master.replicaCount }}
{{- if and .Values.master.pdb.create (or (gt $replicaCount 1) .Values.master.autoscaling.enabled) }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.master.pdb.minAvailable }}
minAvailable: {{ .Values.master.pdb.minAvailable }}
{{- end }}
{{- if .Values.master.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.master.pdb.maxUnavailable }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: master
{{- end }}

61
bitnami/seaweedfs/templates/master/service.yaml Normal file
View File

@@ -0,0 +1,61 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.master.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.master.service.type }}
{{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }}
clusterIP: {{ .Values.master.service.clusterIP }}
{{- end }}
{{- if .Values.master.service.sessionAffinity }}
sessionAffinity: {{ .Values.master.service.sessionAffinity }}
{{- end }}
{{- if .Values.master.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.master.service.type "LoadBalancer") (eq .Values.master.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
{{- end }}
ports:
- name: http
port: {{ .Values.master.service.ports.http }}
targetPort: http
protocol: TCP
{{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) (not (empty .Values.master.service.nodePorts.http)) }}
nodePort: {{ .Values.master.service.nodePorts.http }}
{{- else if eq .Values.master.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: grpc
port: {{ .Values.master.service.ports.grpc }}
targetPort: grpc
protocol: TCP
{{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) (not (empty .Values.master.service.nodePorts.grpc)) }}
nodePort: {{ .Values.master.service.nodePorts.grpc }}
{{- else if eq .Values.master.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.master.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master

49
bitnami/seaweedfs/templates/master/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.master.metrics.enabled .Values.master.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.master.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.master.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.master.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.master.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: master
app.kubernetes.io/part-of: metrics
{{- if .Values.master.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: tcp-metrics
path: "/metrics"
{{- if .Values.master.metrics.serviceMonitor.interval }}
interval: {{ .Values.master.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.master.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.master.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.master.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.master.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.master.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.master.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.master.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

341
bitnami/seaweedfs/templates/master/statefulset.yaml Normal file
View File

@@ -0,0 +1,341 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "seaweedfs.master.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.master.statefulsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.master.autoscaling.enabled }}
replicas: {{ .Values.master.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.master.podManagementPolicy | quote }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: master
serviceName: {{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}
{{- if .Values.master.updateStrategy }}
updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- if and .Values.master.config (empty .Values.master.existingConfigmap) }}
checksum/config: {{ include (print $.Template.BasePath "/master/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.security.enabled }}
checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.master.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: master
spec:
{{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }}
{{- if .Values.master.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.master.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- if not (empty .Values.master.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.master.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.master.nodeAffinityPreset.type) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.master.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.master.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.master.priorityClassName }}
priorityClassName: {{ .Values.master.priorityClassName | quote }}
{{- end }}
{{- if .Values.master.schedulerName }}
schedulerName: {{ .Values.master.schedulerName | quote }}
{{- end }}
{{- if .Values.master.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.master.podSecurityContext.enabled }}
securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.master.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }}
{{- end }}
{{- if or (and .Values.volumePermissions.enabled .Values.master.persistence.enabled) .Values.master.initContainers }}
initContainers:
{{- if and .Values.volumePermissions.enabled .Values.master.persistence.enabled }}
- name: volume-permissions
image: {{ include "seaweedfs.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- bash
args:
- -ec
- |
find {{ .Values.master.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }}
{{- if .Values.volumePermissions.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.master.persistence.mountPath }}
{{- if .Values.master.persistence.subPath }}
subPath: {{ .Values.master.persistence.subPath }}
{{- end }}
{{- end }}
{{- if .Values.master.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: seaweedfs
image: {{ template "seaweedfs.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.master.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.master.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.master.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }}
{{- else }}
args:
- -logtostderr=true
- -v={{ .Values.master.logLevel }}
{{- if or .Values.security.enabled .Values.master.config .Values.master.existingConfigmap }}
- -config_dir=/etc/seaweedfs
{{- end }}
- master
- -mdir={{ .Values.master.persistence.mountPath }}
- -ip.bind={{ .Values.master.bindAddress }}
- -ip=$(POD_NAME).{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.$(NAMESPACE).svc.{{ .Values.clusterDomain }}
- -port={{ .Values.master.containerPorts.http }}
- -port.grpc={{ .Values.master.containerPorts.grpc }}
- -peers={{ include "seaweedfs.master.servers" . }}
{{- if .Values.master.metrics.enabled }}
- -metricsPort={{ .Values.master.containerPorts.metrics }}
{{- end }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEED_CLUSTER_DEFAULT
value: {{ .Values.clusterDefault | quote }}
{{- if .Values.master.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
envFrom:
{{- if .Values.master.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.master.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.master.resources }}
resources: {{- toYaml .Values.master.resources | nindent 12 }}
{{- else if ne .Values.master.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.master.containerPorts.http }}
- name: grpc
containerPort: {{ .Values.master.containerPorts.grpc }}
{{- if .Values.master.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.master.containerPorts.metrics }}
{{- end }}
{{- if .Values.master.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.master.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.master.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /cluster/status
port: http
{{- end }}
{{- if .Values.master.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.master.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /cluster/status
port: http
{{- end }}
{{- if .Values.master.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.master.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /cluster/status
port: http
{{- end }}
{{- end }}
{{- if .Values.master.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: data
mountPath: {{ .Values.master.persistence.mountPath }}
{{- if .Values.master.persistence.subPath }}
subPath: {{ .Values.master.persistence.subPath }}
{{- end }}
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if or .Values.master.config .Values.master.existingConfigmap }}
- name: config
mountPath: /etc/seaweedfs/master.toml
subPath: master.toml
readOnly: true
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
mountPath: /etc/seaweedfs/security.toml
subPath: security.toml
readOnly: true
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
readOnly: true
mountPath: /certs/ca
- name: master-cert
readOnly: true
mountPath: /certs/master
- name: volume-cert
readOnly: true
mountPath: /certs/volume
{{- if .Values.filer.enabled }}
- name: filer-cert
readOnly: true
mountPath: /certs/filer
{{- end }}
- name: client-cert
readOnly: true
mountPath: /certs/client
{{- end }}
{{- end }}
{{- if .Values.master.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.master.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.master.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if or .Values.master.config .Values.master.existingConfigmap }}
- name: config
configMap:
name: {{ template "seaweedfs.master.configmapName" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
configMap:
name: {{ printf "%s-security" (include "common.names.fullname" .) }}
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
items:
- key: tls.crt
path: tls.crt
- name: master-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
- name: volume-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
{{- if .Values.filer.enabled }}
- name: filer-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
{{- end }}
- name: client-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
{{- end }}
{{- end }}
{{- if .Values.master.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- if not .Values.master.persistence.enabled }}
- name: data
emptyDir: {}
{{- else if .Values.master.persistence.existingClaim }}
- name: data
persistentVolumeClaim:
claimName: {{ .Values.master.persistence.existingClaim }}
{{- else }}
volumeClaimTemplates:
- metadata:
name: data
{{- if or .Values.master.persistence.annotations .Values.commonAnnotations }}
{{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.master.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }}
{{- end }}
{{- if .Values.commonLabels }}
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }}
{{- end }}
spec:
{{- if .Values.master.persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }}
{{- end }}
accessModes:
{{- range .Values.master.persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .Values.master.persistence.size | quote }}
{{- if .Values.master.persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }}
{{- end }}

23
bitnami/seaweedfs/templates/s3/auth-secret.yaml Normal file
View File

@@ -0,0 +1,23 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: Opaque
data:
admin_access_key_id: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "admin_access_key_id" "length" 16 "providedValues" (list "s3.auth.adminAccessKeyId") "context" $) }}
admin_secret_access_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "admin_secret_access_key" "length" 32 "providedValues" (list "s3.auth.adminSecretAccessKey") "context" $) }}
read_access_key_id: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "read_access_key_id" "length" 16 "providedValues" (list "s3.auth.readAccessKeyId") "context" $) }}
read_secret_access_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "read_secret_access_key" "length" 32 "providedValues" (list "s3.auth.readSecretAccessKey") "context" $) }}
{{- end }}

269
bitnami/seaweedfs/templates/s3/deployment.yaml Normal file
View File

@@ -0,0 +1,269 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if or .Values.s3.statefulsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.s3.autoscaling.enabled }}
replicas: {{ .Values.s3.replicaCount }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: s3
{{- if .Values.s3.updateStrategy }}
strategy: {{- toYaml .Values.s3.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- if and .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
checksum/auth-secret: {{ include (print $.Template.BasePath "/s3/auth-secret.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.security.enabled }}
checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.s3.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: s3
spec:
{{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.s3.automountServiceAccountToken }}
{{- if .Values.s3.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.s3.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.s3.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- if not (empty .Values.s3.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.s3.podAffinityPreset "component" "s3" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.s3.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.s3.podAntiAffinityPreset "component" "s3" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.s3.nodeAffinityPreset.type) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.s3.nodeAffinityPreset.type "key" .Values.s3.nodeAffinityPreset.key "values" .Values.s3.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.s3.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.s3.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.s3.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.s3.priorityClassName }}
priorityClassName: {{ .Values.s3.priorityClassName | quote }}
{{- end }}
{{- if .Values.s3.schedulerName }}
schedulerName: {{ .Values.s3.schedulerName | quote }}
{{- end }}
{{- if .Values.s3.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.s3.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.s3.podSecurityContext.enabled }}
securityContext: {{- omit .Values.s3.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.s3.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.s3.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if and .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
{{- include "seaweedfs.s3.authConfigInitContainer" . | nindent 8 }}
{{- end }}
{{- if .Values.s3.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: seaweedfs
image: {{ template "seaweedfs.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.s3.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.s3.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.s3.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.s3.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.s3.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.s3.args "context" $) | nindent 12 }}
{{- else }}
args:
- -logtostderr=true
- -v={{ .Values.s3.logLevel }}
- s3
{{- if .Values.s3.auth.enabled }}
- -config=/auth/{{ ternary "config.json" (default "config.json" .Values.s3.auth.existingSecretConfigKey) (empty .Values.s3.auth.existingSecret) }}
{{- end }}
- -ip.bind={{ .Values.s3.bindAddress }}
- -port={{ .Values.s3.containerPorts.http }}
- -port.grpc={{ .Values.s3.containerPorts.grpc }}
{{- if .Values.s3.metrics.enabled }}
- -metricsPort={{ .Values.s3.containerPorts.metrics }}
{{- end }}
- -filer={{ printf "%s:%d" (include "seaweedfs.filer.fullname" .) (int .Values.filer.service.ports.http) }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: WEED_CLUSTER_DEFAULT
value: {{ .Values.clusterDefault | quote }}
{{- if .Values.s3.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.s3.extraEnvVarsCM .Values.s3.extraEnvVarsSecret }}
envFrom:
{{- if .Values.s3.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.s3.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.s3.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.s3.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.s3.resources }}
resources: {{- toYaml .Values.s3.resources | nindent 12 }}
{{- else if ne .Values.s3.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.s3.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.s3.containerPorts.http }}
- name: grpc
containerPort: {{ .Values.s3.containerPorts.grpc }}
{{- if .Values.s3.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.s3.containerPorts.metrics }}
{{- end }}
{{- if .Values.s3.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.s3.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.s3.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.s3.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.s3.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /status
port: http
{{- end }}
{{- if .Values.s3.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.s3.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.s3.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.s3.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /status
port: http
{{- end }}
{{- if .Values.s3.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.s3.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.s3.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.s3.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /status
port: http
{{- end }}
{{- end }}
{{- if .Values.s3.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.s3.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.s3.auth.enabled }}
- mountPath: /auth
readOnly: true
{{- if .Values.s3.auth.existingSecret }}
name: auth
subPath: {{ default "config.json" .Values.s3.auth.existingSecretConfigKey }}
{{- else }}
name: empty-dir
subPath: auth-dir
{{- end }}
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
mountPath: /etc/seaweedfs/security.toml
subPath: security.toml
readOnly: true
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
readOnly: true
mountPath: /certs/ca
- name: master-cert
readOnly: true
mountPath: /certs/master
- name: filer-cert
readOnly: true
mountPath: /certs/filer
- name: volume-cert
readOnly: true
mountPath: /certs/volume
- name: client-cert
readOnly: true
mountPath: /certs/client
{{- end }}
{{- end }}
{{- if .Values.s3.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.s3.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.s3.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if and .Values.s3.auth.enabled .Values.s3.auth.existingSecret }}
- name: auth
secret:
secretName: {{ print (tpl .Values.s3.auth.existingSecret .) }}
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
configMap:
name: {{ printf "%s-security" (include "common.names.fullname" .) }}
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
items:
- key: tls.crt
path: tls.crt
- name: master-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
- name: filer-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
- name: volume-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
- name: client-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
{{- end }}
{{- end }}
{{- if .Values.s3.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

49
bitnami/seaweedfs/templates/s3/hpa.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ template "seaweedfs.s3.fullname" . }}
minReplicas: {{ .Values.s3.autoscaling.minReplicas }}
maxReplicas: {{ .Values.s3.autoscaling.maxReplicas }}
metrics:
{{- if .Values.s3.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.s3.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.s3.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- if .Values.s3.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.s3.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.s3.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- end }}

46
bitnami/seaweedfs/templates/s3/ingress-tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.ingress.enabled }}
{{- if .Values.s3.ingress.secrets }}
{{- range .Values.s3.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.s3.ingress.tls .Values.s3.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.s3.ingress.hostname }}
{{- $ca := genCA "master-ca" 365 }}
{{- $cert := genSignedCert .Values.s3.ingress.hostname nil (list .Values.s3.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

62
bitnami/seaweedfs/templates/s3/ingress.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.s3.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.ingress.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.s3.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.s3.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if or .Values.s3.ingress.hostname .Values.s3.ingress.path }}
- http:
paths:
{{- if .Values.s3.ingress.extraPaths }}
{{- toYaml .Values.s3.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.s3.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.s3.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.s3.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if not (empty .Values.s3.ingress.hostname )}}
host: {{ .Values.s3.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.s3.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.s3.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.s3.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.s3.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.s3.ingress.annotations )) .Values.s3.ingress.selfSigned)) .Values.s3.ingress.extraTls }}
tls:
{{- if and .Values.s3.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.s3.ingress.annotations )) .Values.s3.ingress.selfSigned) }}
- hosts:
- {{ .Values.s3.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.s3.ingress.hostname }}
{{- end }}
{{- if .Values.s3.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

31
bitnami/seaweedfs/templates/s3/metrics-service.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "seaweedfs.s3.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
app.kubernetes.io/part-of: metrics
{{- if or .Values.s3.metrics.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: tcp-metrics
port: {{ .Values.s3.metrics.service.port }}
{{- if not (eq .Values.s3.metrics.service.port .Values.s3.containerPorts.metrics) }}
targetPort: {{ .Values.s3.containerPorts.metrics }}
{{- end }}
protocol: TCP
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- end }}

74
bitnami/seaweedfs/templates/s3/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,74 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.s3.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: s3
policyTypes:
- Ingress
- Egress
egress:
{{- if .Values.s3.networkPolicy.allowExternalEgress }}
- {}
{{- else }}
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- if .Values.s3.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.s3.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.s3.containerPorts.http }}
- port: {{ .Values.s3.containerPorts.grpc }}
{{- if .Values.s3.metrics.enabled }}
- port: {{ .Values.s3.containerPorts.metrics }}
{{- end }}
{{- range .Values.s3.extraContainerPorts }}
- port: {{ .containerPort }}
{{- end }}
{{- if not .Values.s3.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.s3.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.s3.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.s3.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.s3.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.s3.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.s3.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

29
bitnami/seaweedfs/templates/s3/pdb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $replicaCount := int .Values.s3.replicaCount }}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.pdb.create (or (gt $replicaCount 1) .Values.s3.autoscaling.enabled) }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.s3.pdb.minAvailable }}
minAvailable: {{ .Values.s3.pdb.minAvailable }}
{{- end }}
{{- if .Values.s3.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.s3.pdb.maxUnavailable }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: s3
{{- end }}

63
bitnami/seaweedfs/templates/s3/service.yaml Normal file
View File

@@ -0,0 +1,63 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if or .Values.s3.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.s3.service.type }}
{{- if and .Values.s3.service.clusterIP (eq .Values.s3.service.type "ClusterIP") }}
clusterIP: {{ .Values.s3.service.clusterIP }}
{{- end }}
{{- if .Values.s3.service.sessionAffinity }}
sessionAffinity: {{ .Values.s3.service.sessionAffinity }}
{{- end }}
{{- if .Values.s3.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.s3.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.s3.service.type "LoadBalancer") (eq .Values.s3.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.s3.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.s3.service.type "LoadBalancer") (not (empty .Values.s3.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.s3.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.s3.service.type "LoadBalancer") (not (empty .Values.s3.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.s3.service.loadBalancerIP }}
{{- end }}
ports:
- name: http
port: {{ .Values.s3.service.ports.http }}
targetPort: http
protocol: TCP
{{- if and (or (eq .Values.s3.service.type "NodePort") (eq .Values.s3.service.type "LoadBalancer")) (not (empty .Values.s3.service.nodePorts.http)) }}
nodePort: {{ .Values.s3.service.nodePorts.http }}
{{- else if eq .Values.s3.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: grpc
port: {{ .Values.s3.service.ports.grpc }}
targetPort: grpc
protocol: TCP
{{- if and (or (eq .Values.s3.service.type "NodePort") (eq .Values.s3.service.type "LoadBalancer")) (not (empty .Values.s3.service.nodePorts.grpc)) }}
nodePort: {{ .Values.s3.service.nodePorts.grpc }}
{{- else if eq .Values.s3.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.s3.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- end }}

49
bitnami/seaweedfs/templates/s3/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.metrics.enabled .Values.s3.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "seaweedfs.s3.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.s3.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: s3
{{- if or .Values.s3.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.s3.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: s3
app.kubernetes.io/part-of: metrics
{{- if .Values.s3.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.s3.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: tcp-metrics
path: "/metrics"
{{- if .Values.s3.metrics.serviceMonitor.interval }}
interval: {{ .Values.s3.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.s3.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.s3.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.s3.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.s3.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.s3.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.s3.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

89
bitnami/seaweedfs/templates/security-configmap.yaml Normal file
View File

@@ -0,0 +1,89 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.security.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ printf "%s-security" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
security.toml: |-
# Security configuration
# Shared between master, volume and filer servers
# comma separated origins allowed to make requests to the filer and s3 gateway.
# enter in this format: https://domain.com, or http://localhost:port
[cors.allowed_origins]
values = {{ .Values.security.corsAllowedOrigins | quote }}
{{- if .Values.security.jwtSigning.volumeWrite }}
# this jwt signing key is read by master and volume server, and it is used for write operations:
# - the Master server generates the JWT, which can be used to write a certain file on a volume server
# - the Volume server validates the JWT on writing
# the jwt defaults to expire after 10 seconds.
[jwt.signing]
key = {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- if .Values.security.jwtSigning.volumeRead }}
# this jwt signing key is read by master and volume server, and it is used for read operations:
# - the Master server generates the JWT, which can be used to read a certain file on a volume server
# - the Volume server validates the JWT on reading
# NOTE: jwt for read is only supported with master+volume setup. Filer does not support this mode.
[jwt.signing.read]
key = {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- if and .Values.filer.enabled .Values.security.jwtSigning.filerWrite }}
# If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT:
# - f.e. the S3 API Shim generates the JWT
# - the Filer server validates the JWT on writing
# the jwt defaults to expire after 10 seconds.
[jwt.filer_signing]
key = {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- if and .Values.filer.enabled .Values.security.jwtSigning.filerRead }}
# If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT:
# - f.e. the S3 API Shim generates the JWT
# - the Filer server validates the JWT on writing
# the jwt defaults to expire after 10 seconds.
[jwt.filer_signing.read]
key = {{ randAlphaNum 10 | b64enc | quote }}
{{- end }}
{{- if .Values.security.mTLS.enabled }}
# all grpc tls authentications are mutual
# the values for the following ca, cert, and key are paths to the PERM files.
# the host name is not checked, so the PERM files can be shared.
[grpc]
ca = "/certs/ca/tls.crt"
[grpc.volume]
cert = "/certs/volume/tls.crt"
key = "/certs/volume/tls.key"
[grpc.master]
cert = "/certs/master/tls.crt"
key = "/certs/master/tls.key"
{{- if .Values.filer.enabled }}
[grpc.filer]
cert = "/certs/filer/tls.crt"
key = "/certs/filer/tls.key"
{{- end }}
# use this for any place needs a grpc client
# i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
[grpc.client]
cert = "/certs/client/tls.crt"
key = "/certs/client/tls.key"
{{- end }}
{{- end }}

18
bitnami/seaweedfs/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "seaweedfs.serviceAccountName" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
{{- end }}

177
bitnami/seaweedfs/templates/tls-secret.yaml Normal file
View File

@@ -0,0 +1,177 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "helm") -}}
{{- $ca := genCA "seaweedfs-ca" 365 }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $secretAdminName := printf "%s-ca-crt" (include "common.names.fullname" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretAdminName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretAdminName "key" "tls.crt" "defaultValue" $ca.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretAdminName "key" "tls.key" "defaultValue" $ca.Key "context" $) }}
---
{{- $masterFullname := include "seaweedfs.master.fullname" . -}}
{{- $masterHeadlessSvcName := printf "%s-headless" (include "seaweedfs.master.fullname" .) -}}
{{- $masterAltNames := list (printf "*.%s.%s.svc.%s" $masterHeadlessSvcName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterHeadlessSvcName $releaseNamespace $clusterDomain) $masterHeadlessSvcName (printf "%s.%s.svc.%s" $masterFullname $releaseNamespace $clusterDomain) $masterFullname "127.0.0.1" "localhost" }}
{{- $masterCert := genSignedCert $masterFullname nil $masterAltNames 365 $ca }}
{{- $masterSecretName := printf "%s-crt" (include "seaweedfs.master.fullname" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $masterSecretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $masterSecretName "key" "tls.crt" "defaultValue" $masterCert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $masterSecretName "key" "tls.key" "defaultValue" $masterCert.Key "context" $) }}
---
{{- $volumeFullname := include "seaweedfs.volume.fullname" . -}}
{{- $volumeHeadlessSvcName := printf "%s-headless" (include "seaweedfs.volume.fullname" .) -}}
{{- $volumeAltNames := list (printf "*.%s.%s.svc.%s" $volumeHeadlessSvcName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $volumeHeadlessSvcName $releaseNamespace $clusterDomain) $volumeHeadlessSvcName (printf "%s.%s.svc.%s" $volumeFullname $releaseNamespace $clusterDomain) $volumeFullname "127.0.0.1" "localhost" }}
{{- $volumeCert := genSignedCert $volumeFullname nil $volumeAltNames 365 $ca }}
{{- $volumeSecretName := printf "%s-crt" (include "seaweedfs.volume.fullname" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $volumeSecretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $volumeSecretName "key" "tls.crt" "defaultValue" $volumeCert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $volumeSecretName "key" "tls.key" "defaultValue" $volumeCert.Key "context" $) }}
---
{{- if .Values.filer.enabled }}
{{- $filerFullname := include "seaweedfs.filer.fullname" . -}}
{{- $filerHeadlessSvcName := printf "%s-headless" (include "seaweedfs.filer.fullname" .) -}}
{{- $filerAltNames := list (printf "*.%s.%s.svc.%s" $filerHeadlessSvcName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $filerHeadlessSvcName $releaseNamespace $clusterDomain) $filerHeadlessSvcName (printf "%s.%s.svc.%s" $filerFullname $releaseNamespace $clusterDomain) $filerFullname "127.0.0.1" "localhost" }}
{{- $filerCert := genSignedCert $filerFullname nil $filerAltNames 365 $ca }}
{{- $filerSecretName := printf "%s-crt" (include "seaweedfs.filer.fullname" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $filerSecretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $filerSecretName "key" "tls.crt" "defaultValue" $filerCert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $filerSecretName "key" "tls.key" "defaultValue" $filerCert.Key "context" $) }}
---
{{- end }}
{{- $clientCert := genSignedCert "client" nil nil 365 $ca }}
{{- $clientSecretName := printf "%s-client-crt" (include "common.names.fullname" .) }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $clientSecretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $clientSecretName "key" "tls.crt" "defaultValue" $clientCert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $clientSecretName "key" "tls.key" "defaultValue" $clientCert.Key "context" $) }}
{{- else if and .Values.security.enabled .Values.security.mTLS.enabled (not .Values.security.mTLS.autoGenerated.enabled) (empty .Values.security.mTLS.existingCASecret) (empty .Values.security.mTLS.master.existingSecret) (empty .Values.security.mTLS.volume.existingSecret) (empty .Values.security.mTLS.filer.existingSecret) (empty .Values.security.mTLS.client.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ required "A valid .Values.security.mTLS.ca entry required!" .Values.security.mTLS.ca | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.master.fullname" .) -}}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ required "A valid .Values.security.mTLS.master.cert entry required!" .Values.security.mTLS.master.cert | b64enc | quote }}
tls.key: {{ required "A valid .Values.security.mTLS.master.key entry required!" .Values.security.mTLS.master.key | b64enc | quote }}
---
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.volume.fullname" .) -}}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ required "A valid .Values.security.mTLS.volume.cert entry required!" .Values.security.mTLS.volume.cert | b64enc | quote }}
tls.key: {{ required "A valid .Values.security.mTLS.volume.key entry required!" .Values.security.mTLS.volume.key | b64enc | quote }}
---
{{- if .Values.filer.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.filer.fullname" .) -}}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: filer
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ required "A valid .Values.security.mTLS.filer.cert entry required!" .Values.security.mTLS.filer.cert | b64enc | quote }}
tls.key: {{ required "A valid .Values.security.mTLS.filer.key entry required!" .Values.security.mTLS.filer.key | b64enc | quote }}
---
{{- end }}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-client-crt" (include "common.names.fullname" .) -}}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ required "A valid .Values.security.mTLS.client.cert entry required!" .Values.security.mTLS.client.cert | b64enc | quote }}
tls.key: {{ required "A valid .Values.security.mTLS.client.key entry required!" .Values.security.mTLS.client.key | b64enc | quote }}
{{- end }}

43
bitnami/seaweedfs/templates/volume/cert.yaml Normal file
View File

@@ -0,0 +1,43 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.volume.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-crt" (include "seaweedfs.volume.fullname" .) }}
commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.volume.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
issuerRef:
name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
kind: Issuer
subject:
organizations:
- "SeaweedFS"
dnsNames:
- '*.{{ include "common.names.namespace" . }}'
- '*.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ include "seaweedfs.volume.fullname" . }}'
- '*.{{ include "seaweedfs.volume.fullname" . }}.{{ include "common.names.namespace" . }}'
- '*.{{ include "seaweedfs.volume.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "seaweedfs.volume.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.{{ include "common.names.namespace" . }}'
- '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
privateKey:
algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
{{- end }}

20
bitnami/seaweedfs/templates/volume/configmap.yaml Normal file
View File

@@ -0,0 +1,20 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.volume.config (empty .Values.volume.existingConfigmap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
volume.toml: |-
{{ include "common.tplvalues.render" ( dict "value" .Values.volume.config "context" $ ) | indent 4 }}
{{- end }}

35
bitnami/seaweedfs/templates/volume/headless-service.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if or .Values.volume.service.headless.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.service.headless.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
clusterIP: None
publishNotReadyAddresses: true
ports:
- name: http
port: {{ .Values.volume.containerPorts.http }}
protocol: TCP
- name: grpc
port: {{ .Values.volume.containerPorts.grpc }}
protocol: TCP
{{- if .Values.volume.metrics.enabled }}
- name: tcp-metrics
port: {{ .Values.volume.containerPorts.metrics }}
protocol: TCP
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume

49
bitnami/seaweedfs/templates/volume/hpa.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.volume.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
name: {{ template "seaweedfs.volume.fullname" . }}
minReplicas: {{ .Values.volume.autoscaling.minReplicas }}
maxReplicas: {{ .Values.volume.autoscaling.maxReplicas }}
metrics:
{{- if .Values.volume.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.volume.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.volume.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- if .Values.volume.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.volume.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.volume.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- end }}

46
bitnami/seaweedfs/templates/volume/ingress-tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.volume.ingress.enabled }}
{{- if .Values.volume.ingress.secrets }}
{{- range .Values.volume.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.volume.ingress.tls .Values.volume.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.volume.ingress.hostname }}
{{- $ca := genCA "volume-ca" 365 }}
{{- $cert := genSignedCert .Values.volume.ingress.hostname nil (list .Values.volume.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

62
bitnami/seaweedfs/templates/volume/ingress.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.volume.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if or .Values.volume.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.ingress.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.volume.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.volume.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if or .Values.volume.ingress.hostname .Values.volume.ingress.path }}
- http:
paths:
{{- if .Values.volume.ingress.extraPaths }}
{{- toYaml .Values.volume.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.volume.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.volume.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.volume.fullname" .) "servicePort" "http" "context" $) | nindent 14 }}
{{- if not (empty .Values.volume.ingress.hostname )}}
host: {{ .Values.volume.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.volume.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.volume.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.volume.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.volume.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.volume.ingress.annotations )) .Values.volume.ingress.selfSigned)) .Values.volume.ingress.extraTls }}
tls:
{{- if and .Values.volume.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.volume.ingress.annotations )) .Values.volume.ingress.selfSigned) }}
- hosts:
- {{ .Values.volume.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.volume.ingress.hostname }}
{{- end }}
{{- if .Values.volume.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

31
bitnami/seaweedfs/templates/volume/metrics-service.yaml Normal file
View File

@@ -0,0 +1,31 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.volume.metrics.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ printf "%s-metrics" (include "seaweedfs.volume.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
app.kubernetes.io/part-of: metrics
{{- if or .Values.volume.metrics.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: ClusterIP
ports:
- name: tcp-metrics
port: {{ .Values.volume.metrics.service.port }}
{{- if not (eq .Values.volume.metrics.service.port .Values.volume.containerPorts.metrics) }}
targetPort: {{ .Values.volume.containerPorts.metrics }}
{{- end }}
protocol: TCP
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- end }}

74
bitnami/seaweedfs/templates/volume/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,74 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if .Values.volume.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.volume.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: volume
policyTypes:
- Ingress
- Egress
egress:
{{- if .Values.volume.networkPolicy.allowExternalEgress }}
- {}
{{- else }}
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- if .Values.volume.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.volume.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.volume.containerPorts.http }}
- port: {{ .Values.volume.containerPorts.grpc }}
{{- if .Values.volume.metrics.enabled }}
- port: {{ .Values.volume.containerPorts.metrics }}
{{- end }}
{{- range .Values.volume.extraContainerPorts }}
- port: {{ .containerPort }}
{{- end }}
{{- if not .Values.volume.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.volume.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.volume.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.volume.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.volume.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.volume.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.volume.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

29
bitnami/seaweedfs/templates/volume/pdb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $replicaCount := int .Values.volume.replicaCount }}
{{- if and .Values.volume.pdb.create (or (gt $replicaCount 1) .Values.volume.autoscaling.enabled) }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.volume.pdb.minAvailable }}
minAvailable: {{ .Values.volume.pdb.minAvailable }}
{{- end }}
{{- if .Values.volume.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.volume.pdb.maxUnavailable }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: volume
{{- end }}

61
bitnami/seaweedfs/templates/volume/service.yaml Normal file
View File

@@ -0,0 +1,61 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if or .Values.volume.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.volume.service.type }}
{{- if and .Values.volume.service.clusterIP (eq .Values.volume.service.type "ClusterIP") }}
clusterIP: {{ .Values.volume.service.clusterIP }}
{{- end }}
{{- if .Values.volume.service.sessionAffinity }}
sessionAffinity: {{ .Values.volume.service.sessionAffinity }}
{{- end }}
{{- if .Values.volume.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.volume.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.volume.service.type "LoadBalancer") (eq .Values.volume.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.volume.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.volume.service.type "LoadBalancer") (not (empty .Values.volume.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.volume.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.volume.service.type "LoadBalancer") (not (empty .Values.volume.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.volume.service.loadBalancerIP }}
{{- end }}
ports:
- name: http
port: {{ .Values.volume.service.ports.http }}
targetPort: http
protocol: TCP
{{- if and (or (eq .Values.volume.service.type "NodePort") (eq .Values.volume.service.type "LoadBalancer")) (not (empty .Values.volume.service.nodePorts.http)) }}
nodePort: {{ .Values.volume.service.nodePorts.http }}
{{- else if eq .Values.volume.service.type "ClusterIP" }}
nodePort: null
{{- end }}
- name: grpc
port: {{ .Values.volume.service.ports.grpc }}
targetPort: grpc
protocol: TCP
{{- if and (or (eq .Values.volume.service.type "NodePort") (eq .Values.volume.service.type "LoadBalancer")) (not (empty .Values.volume.service.nodePorts.grpc)) }}
nodePort: {{ .Values.volume.service.nodePorts.grpc }}
{{- else if eq .Values.volume.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.volume.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume

49
bitnami/seaweedfs/templates/volume/servicemonitor.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.volume.metrics.enabled .Values.volume.metrics.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ default (include "common.names.namespace" .) .Values.volume.metrics.serviceMonitor.namespace | quote }}
{{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if or .Values.volume.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
jobLabel: {{ .Values.volume.metrics.serviceMonitor.jobLabel | quote }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: volume
app.kubernetes.io/part-of: metrics
{{- if .Values.volume.metrics.serviceMonitor.selector }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
{{- end }}
endpoints:
- port: tcp-metrics
path: "/metrics"
{{- if .Values.volume.metrics.serviceMonitor.interval }}
interval: {{ .Values.volume.metrics.serviceMonitor.interval }}
{{- end }}
{{- if .Values.volume.metrics.serviceMonitor.scrapeTimeout }}
scrapeTimeout: {{ .Values.volume.metrics.serviceMonitor.scrapeTimeout }}
{{- end }}
{{- if .Values.volume.metrics.serviceMonitor.honorLabels }}
honorLabels: {{ .Values.volume.metrics.serviceMonitor.honorLabels }}
{{- end }}
{{- if .Values.volume.metrics.serviceMonitor.metricRelabelings }}
metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.volume.metrics.serviceMonitor.relabelings }}
relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
{{- end }}
namespaceSelector:
matchNames:
- {{ include "common.names.namespace" . | quote }}
{{- end }}

359
bitnami/seaweedfs/templates/volume/statefulset.yaml Normal file
View File

@@ -0,0 +1,359 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
kind: StatefulSet
metadata:
name: {{ template "seaweedfs.volume.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: volume
{{- if or .Values.volume.statefulsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.volume.autoscaling.enabled }}
replicas: {{ .Values.volume.replicaCount }}
{{- end }}
podManagementPolicy: {{ .Values.volume.podManagementPolicy | quote }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: volume
serviceName: {{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}
{{- if .Values.volume.updateStrategy }}
updateStrategy: {{- toYaml .Values.volume.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- if and .Values.volume.config (empty .Values.volume.existingConfigmap) }}
checksum/config: {{ include (print $.Template.BasePath "/volume/configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.security.enabled }}
checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.volume.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: volume
spec:
{{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.volume.automountServiceAccountToken }}
{{- if .Values.volume.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.volume.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.volume.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- if not (empty .Values.volume.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.volume.podAffinityPreset "component" "volume" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.volume.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.volume.podAntiAffinityPreset "component" "volume" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.volume.nodeAffinityPreset.type) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.volume.nodeAffinityPreset.type "key" .Values.volume.nodeAffinityPreset.key "values" .Values.volume.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.volume.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.volume.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.volume.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.volume.priorityClassName }}
priorityClassName: {{ .Values.volume.priorityClassName | quote }}
{{- end }}
{{- if .Values.volume.schedulerName }}
schedulerName: {{ .Values.volume.schedulerName | quote }}
{{- end }}
{{- if .Values.volume.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.volume.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.volume.podSecurityContext.enabled }}
securityContext: {{- omit .Values.volume.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.volume.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.volume.terminationGracePeriodSeconds }}
{{- end }}
{{- if or (and .Values.volumePermissions.enabled (include "seaweedfs.volume.persistence.enabled" .)) .Values.volume.initContainers }}
initContainers:
{{- if and .Values.volumePermissions.enabled (include "seaweedfs.volume.persistence.enabled" .) }}
- name: volume-permissions
image: {{ include "seaweedfs.volumePermissions.image" . }}
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
command:
- bash
args:
- -ec
- |
{{- $chown := printf "%d:%d" (int .Values.volume.containerSecurityContext.runAsUser) (int .Values.volume.podSecurityContext.fsGroup) }}
{{- range .Values.volume.dataVolumes }}
find {{ .mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R {{ $chown }}
{{- end }}
{{- if .Values.volumePermissions.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.volumePermissions.resources }}
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
{{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
{{- end }}
volumeMounts:
{{- range .Values.volume.dataVolumes }}
- name: data
mountPath: {{ .mountPath }}
{{- if .subPath }}
subPath: {{ .subPath }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.volume.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.initContainers "context" $) | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: seaweedfs
image: {{ template "seaweedfs.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.volume.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volume.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.volume.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.volume.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.volume.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.volume.args "context" $) | nindent 12 }}
{{- else }}
args:
- -logtostderr=true
- -v={{ .Values.volume.logLevel }}
{{- if or .Values.security.enabled .Values.volume.config .Values.volume.existingConfigmap }}
- -config_dir=/etc/seaweedfs
{{- end }}
- volume
{{- $dataDirs := list }}
{{- range .Values.volume.dataVolumes }}
{{- $dataDirs = append $dataDirs .mountPath }}
{{- end }}
- -dir={{ join "," $dataDirs }}
- -ip.bind={{ .Values.volume.bindAddress }}
- -ip=$(POD_NAME).{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.$(NAMESPACE).svc.{{ .Values.clusterDomain }}
- -port={{ .Values.volume.containerPorts.http }}
- -port.grpc={{ .Values.volume.containerPorts.grpc }}
- -port.public={{ .Values.volume.service.ports.http }}
- -publicUrl={{ printf "%s:%d" (include "seaweedfs.volume.publicUrl" .) (int .Values.volume.service.ports.http) }}
- -mserver={{ include "seaweedfs.master.servers" . }}
{{- if .Values.volume.metrics.enabled }}
- -metricsPort={{ .Values.volume.containerPorts.metrics }}
{{- end }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: WEED_CLUSTER_DEFAULT
value: {{ .Values.clusterDefault | quote }}
{{- if .Values.volume.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.volume.extraEnvVarsCM .Values.volume.extraEnvVarsSecret }}
envFrom:
{{- if .Values.volume.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.volume.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.volume.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.volume.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.volume.resources }}
resources: {{- toYaml .Values.volume.resources | nindent 12 }}
{{- else if ne .Values.volume.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.volume.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: http
containerPort: {{ .Values.volume.containerPorts.http }}
- name: grpc
containerPort: {{ .Values.volume.containerPorts.grpc }}
{{- if .Values.volume.metrics.enabled }}
- name: metrics
containerPort: {{ .Values.volume.containerPorts.metrics }}
{{- end }}
{{- if .Values.volume.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.volume.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.volume.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.volume.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.volume.livenessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /status
port: http
{{- end }}
{{- if .Values.volume.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.volume.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.volume.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.volume.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /status
port: http
{{- end }}
{{- if .Values.volume.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.volume.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.volume.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.volume.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /status
port: http
{{- end }}
{{- end }}
{{- if .Values.volume.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.volume.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
{{- range .Values.volume.dataVolumes }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
{{- if .subPath }}
subPath: {{ .subPath }}
{{- end }}
{{- end }}
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if or .Values.volume.config .Values.volume.existingConfigmap }}
- name: config
mountPath: /etc/seaweedfs/volume.toml
subPath: volume.toml
readOnly: true
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
mountPath: /etc/seaweedfs/security.toml
subPath: security.toml
readOnly: true
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
readOnly: true
mountPath: /certs/ca
- name: master-cert
readOnly: true
mountPath: /certs/master
- name: volume-cert
readOnly: true
mountPath: /certs/volume
{{- if .Values.filer.enabled }}
- name: filer-cert
readOnly: true
mountPath: /certs/filer
{{- end }}
- name: client-cert
readOnly: true
mountPath: /certs/client
{{- end }}
{{- end }}
{{- if .Values.volume.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.volume.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.volume.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if or .Values.volume.config .Values.volume.existingConfigmap }}
- name: config
configMap:
name: {{ template "seaweedfs.volume.configmapName" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
configMap:
name: {{ printf "%s-security" (include "common.names.fullname" .) }}
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
items:
- key: tls.crt
path: tls.crt
- name: master-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
- name: volume-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
{{- if .Values.filer.enabled }}
- name: filer-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
{{- end }}
- name: client-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
{{- end }}
{{- end }}
{{- if .Values.volume.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.volume.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- range .Values.volume.dataVolumes }}
{{- if not .persistence.enabled }}
- name: {{ .name }}
emptyDir: {}
{{- else if .persistence.existingClaim }}
- name: {{ .name }}
persistentVolumeClaim:
claimName: {{ .persistence.existingClaim }}
{{- end }}
{{- end }}
volumeClaimTemplates:
{{- range .Values.volume.dataVolumes }}
{{- if and .persistence.enabled (not .persistence.existingClaim) }}
- metadata:
name: {{ .name }}
{{- if or .persistence.annotations $.Values.commonAnnotations }}
{{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .persistence.annotations $.Values.commonAnnotations "context" $) | fromYaml }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }}
{{- end }}
{{- if $.Values.commonLabels }}
labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 10 }}
{{- end }}
spec:
{{- if .persistence.dataSource }}
dataSource: {{- include "common.tplvalues.render" (dict "value" .persistence.dataSource "context" $) | nindent 10 }}
{{- end }}
accessModes:
{{- range .persistence.accessModes }}
- {{ . | quote }}
{{- end }}
resources:
requests:
storage: {{ .persistence.size | quote }}
{{- if .persistence.selector }}
selector: {{- include "common.tplvalues.render" (dict "value" .persistence.selector "context" $) | nindent 10 }}
{{- end }}
{{- include "common.storage.class" (dict "persistence" .persistence "global" $.Values.global) | nindent 8 }}
{{- end }}
{{- end }}

54
bitnami/seaweedfs/templates/webadv/cert.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled .Values.webdav.tls.autoGenerated.enabled (eq .Values.webdav.tls.autoGenerated.engine "cert-manager") }}
{{- if empty .Values.webdav.tls.autoGenerated.certManager.existingIssuer }}
apiVersion: cert-manager.io/v1
kind: Issuer
metadata:
name: {{ printf "%s-issuer" (include "seaweedfs.webdav.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
selfSigned: {}
---
{{- end }}
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.webdav.fullname" .) }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
secretName: {{ printf "%s-crt" (include "seaweedfs.webdav.fullname" .) }}
commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.webdav.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
issuerRef:
name: {{ default (printf "%s-issuer" (include "seaweedfs.webdav.fullname" .)) .Values.webdav.tls.autoGenerated.certManager.existingIssuer }}
kind: {{ default "Issuer" .Values.webdav.tls.autoGenerated.certManager.existingIssuerKind }}
subject:
organizations:
- "SeaweedFS"
dnsNames:
- '*.{{ include "common.names.namespace" . }}'
- '*.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
- '*.{{ include "seaweedfs.webdav.fullname" . }}'
- '*.{{ include "seaweedfs.webdav.fullname" . }}.{{ include "common.names.namespace" . }}'
- '*.{{ include "seaweedfs.webdav.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
- '*.{{ include "seaweedfs.webdav.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
privateKey:
algorithm: {{ .Values.webdav.tls.autoGenerated.certManager.keyAlgorithm }}
size: {{ int .Values.webdav.tls.autoGenerated.certManager.keySize }}
duration: {{ .Values.webdav.tls.autoGenerated.certManager.duration }}
renewBefore: {{ .Values.webdav.tls.autoGenerated.certManager.renewBefore }}
{{- end }}

248
bitnami/seaweedfs/templates/webadv/deployment.yaml Normal file
View File

@@ -0,0 +1,248 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled }}
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
metadata:
name: {{ template "seaweedfs.webdav.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if or .Values.webdav.statefulsetAnnotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.webdav.autoscaling.enabled }}
replicas: {{ .Values.webdav.replicaCount }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: webdav
{{- if .Values.webdav.updateStrategy }}
strategy: {{- toYaml .Values.webdav.updateStrategy | nindent 4 }}
{{- end }}
template:
metadata:
annotations:
{{- if .Values.security.enabled }}
checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
{{- end }}
{{- if .Values.webdav.podAnnotations }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.podAnnotations "context" $) | nindent 8 }}
{{- end }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
app.kubernetes.io/component: webdav
spec:
{{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}
automountServiceAccountToken: {{ .Values.webdav.automountServiceAccountToken }}
{{- if .Values.webdav.hostAliases }}
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.hostAliases "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.webdav.affinity }}
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.affinity "context" $) | nindent 8 }}
{{- else }}
affinity:
{{- if not (empty .Values.webdav.podAffinityPreset) }}
podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.webdav.podAffinityPreset "component" "webdav" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.webdav.podAntiAffinityPreset) }}
podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.webdav.podAntiAffinityPreset "component" "webdav" "customLabels" $podLabels "context" $) | nindent 10 }}
{{- end }}
{{- if not (empty .Values.webdav.nodeAffinityPreset.type) }}
nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.webdav.nodeAffinityPreset.type "key" .Values.webdav.nodeAffinityPreset.key "values" .Values.webdav.nodeAffinityPreset.values) | nindent 10 }}
{{- end }}
{{- end }}
{{- if .Values.webdav.nodeSelector }}
nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.nodeSelector "context" $) | nindent 8 }}
{{- end }}
{{- if .Values.webdav.tolerations }}
tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.tolerations "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.webdav.priorityClassName }}
priorityClassName: {{ .Values.webdav.priorityClassName | quote }}
{{- end }}
{{- if .Values.webdav.schedulerName }}
schedulerName: {{ .Values.webdav.schedulerName | quote }}
{{- end }}
{{- if .Values.webdav.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.topologySpreadConstraints "context" .) | nindent 8 }}
{{- end }}
{{- if .Values.webdav.podSecurityContext.enabled }}
securityContext: {{- omit .Values.webdav.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.webdav.terminationGracePeriodSeconds }}
terminationGracePeriodSeconds: {{ .Values.webdav.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
{{- if .Values.webdav.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.initContainers "context" $) | nindent 8 }}
{{- end }}
containers:
- name: seaweedfs
image: {{ template "seaweedfs.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.webdav.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.webdav.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.webdav.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.webdav.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.args "context" $) | nindent 12 }}
{{- else }}
args:
- -logtostderr=true
- -v={{ .Values.webdav.logLevel }}
- webdav
- -cacheDir=/cache
- -port={{ .Values.webdav.containerPorts.http }}
{{- if .Values.webdav.tls.enabled }}
- -cert.file=/certs/tls/tls.crt
- -key.file=/certs/tls/tls.key
{{- end }}
- -filer={{ printf "%s:%d" (include "seaweedfs.filer.fullname" .) (int .Values.filer.service.ports.http) }}
{{- end }}
env:
- name: BITNAMI_DEBUG
value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
- name: WEED_CLUSTER_DEFAULT
value: {{ .Values.clusterDefault | quote }}
{{- if .Values.webdav.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
{{- if or .Values.webdav.extraEnvVarsCM .Values.webdav.extraEnvVarsSecret }}
envFrom:
{{- if .Values.webdav.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.webdav.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- end }}
{{- if .Values.webdav.resources }}
resources: {{- toYaml .Values.webdav.resources | nindent 12 }}
{{- else if ne .Values.webdav.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.webdav.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
- name: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
containerPort: {{ .Values.webdav.containerPorts.http }}
{{- if .Values.webdav.extraContainerPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraContainerPorts "context" $) | nindent 12 }}
{{- end }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.webdav.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.webdav.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
{{- end }}
{{- if .Values.webdav.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.webdav.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.readinessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
{{- end }}
{{- if .Values.webdav.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.webdav.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.startupProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
{{- end }}
{{- end }}
{{- if .Values.webdav.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
- name: empty-dir
mountPath: /cache
subPath: cache-dir
{{- if .Values.webdav.tls.enabled }}
- name: tls-cert
mountPath: /certs/tls
readOnly: true
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
mountPath: /etc/seaweedfs/security.toml
subPath: security.toml
readOnly: true
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
readOnly: true
mountPath: /certs/ca
- name: master-cert
readOnly: true
mountPath: /certs/master
- name: filer-cert
readOnly: true
mountPath: /certs/filer
- name: volume-cert
readOnly: true
mountPath: /certs/volume
- name: client-cert
readOnly: true
mountPath: /certs/client
{{- end }}
{{- end }}
{{- if .Values.webdav.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.webdav.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.webdav.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
{{- if .Values.webdav.tls.enabled }}
- name: tls-cert
secret:
secretName: {{ template "seaweedfs.webdav.tls.secretName" . }}
{{- end }}
{{- if .Values.security.enabled }}
- name: security-config
configMap:
name: {{ printf "%s-security" (include "common.names.fullname" .) }}
{{- if .Values.security.mTLS.enabled }}
- name: ca-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
items:
- key: tls.crt
path: tls.crt
- name: master-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
- name: filer-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
- name: volume-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
- name: client-cert
secret:
secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
{{- end }}
{{- end }}
{{- if .Values.webdav.extraVolumes }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraVolumes "context" $) | nindent 8 }}
{{- end }}
{{- end }}

49
bitnami/seaweedfs/templates/webadv/hpa.yaml Normal file
View File

@@ -0,0 +1,49 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.autoscaling.enabled }}
apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "seaweedfs.webdav.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
scaleTargetRef:
apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
kind: Deployment
name: {{ template "seaweedfs.webdav.fullname" . }}
minReplicas: {{ .Values.webdav.autoscaling.minReplicas }}
maxReplicas: {{ .Values.webdav.autoscaling.maxReplicas }}
metrics:
{{- if .Values.webdav.autoscaling.targetMemory }}
- type: Resource
resource:
name: memory
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.webdav.autoscaling.targetMemory }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.webdav.autoscaling.targetMemory }}
{{- end }}
{{- end }}
{{- if .Values.webdav.autoscaling.targetCPU }}
- type: Resource
resource:
name: cpu
{{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
targetAverageUtilization: {{ .Values.webdav.autoscaling.targetCPU }}
{{- else }}
target:
type: Utilization
averageUtilization: {{ .Values.webdav.autoscaling.targetCPU }}
{{- end }}
{{- end }}
{{- end }}

46
bitnami/seaweedfs/templates/webadv/ingress-tls-secret.yaml Normal file
View File

@@ -0,0 +1,46 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.ingress.enabled }}
{{- if .Values.webdav.ingress.secrets }}
{{- range .Values.webdav.ingress.secrets }}
apiVersion: v1
kind: Secret
metadata:
name: {{ .name }}
namespace: {{ include "common.names.namespace" $ | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if $.Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ .certificate | b64enc }}
tls.key: {{ .key | b64enc }}
---
{{- end }}
{{- end }}
{{- if and .Values.webdav.ingress.tls .Values.webdav.ingress.selfSigned }}
{{- $secretName := printf "%s-tls" .Values.webdav.ingress.hostname }}
{{- $ca := genCA "master-ca" 365 }}
{{- $cert := genSignedCert .Values.webdav.ingress.hostname nil (list .Values.webdav.ingress.hostname) 365 $ca }}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
{{- end }}
{{- end }}

62
bitnami/seaweedfs/templates/webadv/ingress.yaml Normal file
View File

@@ -0,0 +1,62 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.ingress.enabled }}
apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
kind: Ingress
metadata:
name: {{ template "seaweedfs.webdav.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: master
{{- if or .Values.webdav.ingress.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.ingress.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if and .Values.webdav.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
ingressClassName: {{ .Values.webdav.ingress.ingressClassName | quote }}
{{- end }}
rules:
{{- if or .Values.webdav.ingress.hostname .Values.webdav.ingress.path }}
- http:
paths:
{{- if .Values.webdav.ingress.extraPaths }}
{{- toYaml .Values.webdav.ingress.extraPaths | nindent 10 }}
{{- end }}
- path: {{ .Values.webdav.ingress.path }}
{{- if eq "true" (include "common.ingress.supportsPathType" .) }}
pathType: {{ .Values.webdav.ingress.pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.webdav.fullname" .) "servicePort" (ternary "https" "http" .Values.webdav.tls.enabled) "context" $) | nindent 14 }}
{{- if not (empty .Values.webdav.ingress.hostname )}}
host: {{ .Values.webdav.ingress.hostname }}
{{- end }}
{{- end }}
{{- range .Values.webdav.ingress.extraHosts }}
- host: {{ .name | quote }}
http:
paths:
- path: {{ default "/" .path }}
{{- if eq "true" (include "common.ingress.supportsPathType" $) }}
pathType: {{ default "ImplementationSpecific" .pathType }}
{{- end }}
backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.webdav.fullname" $) "servicePort" ("https" "http" .Values.webdav.tls.enabled) "context" $) | nindent 14 }}
{{- end }}
{{- if .Values.webdav.ingress.extraRules }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.ingress.extraRules "context" $) | nindent 4 }}
{{- end }}
{{- if or (and .Values.webdav.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.webdav.ingress.annotations )) .Values.webdav.ingress.selfSigned)) .Values.webdav.ingress.extraTls }}
tls:
{{- if and .Values.webdav.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.webdav.ingress.annotations )) .Values.webdav.ingress.selfSigned) }}
- hosts:
- {{ .Values.webdav.ingress.hostname | quote }}
secretName: {{ printf "%s-tls" .Values.webdav.ingress.hostname }}
{{- end }}
{{- if .Values.webdav.ingress.extraTls }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.ingress.extraTls "context" $) | nindent 4 }}
{{- end }}
{{- end }}
{{- end }}

70
bitnami/seaweedfs/templates/webadv/networkpolicy.yaml Normal file
View File

@@ -0,0 +1,70 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.networkPolicy.enabled }}
kind: NetworkPolicy
apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
metadata:
name: {{ template "seaweedfs.webdav.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.webdav.podLabels .Values.commonLabels ) "context" . ) }}
podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: webdav
policyTypes:
- Ingress
- Egress
egress:
{{- if .Values.webdav.networkPolicy.allowExternalEgress }}
- {}
{{- else }}
- ports:
# Allow dns resolution
- port: 53
protocol: UDP
- port: 53
protocol: TCP
{{- if .Values.webdav.networkPolicy.extraEgress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.webdav.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}
ingress:
- ports:
- port: {{ .Values.webdav.containerPorts.http }}
{{- range .Values.webdav.extraContainerPorts }}
- port: {{ .containerPort }}
{{- end }}
{{- if not .Values.webdav.networkPolicy.allowExternal }}
from:
- podSelector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
- podSelector:
matchLabels:
{{ template "common.names.fullname" . }}-client: "true"
{{- if .Values.webdav.networkPolicy.ingressNSMatchLabels }}
- namespaceSelector:
matchLabels:
{{- range $key, $value := .Values.webdav.networkPolicy.ingressNSMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- if .Values.webdav.networkPolicy.ingressNSPodMatchLabels }}
podSelector:
matchLabels:
{{- range $key, $value := .Values.webdav.networkPolicy.ingressNSPodMatchLabels }}
{{ $key | quote }}: {{ $value | quote }}
{{- end }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.webdav.networkPolicy.extraIngress }}
{{- include "common.tplvalues.render" ( dict "value" .Values.webdav.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
{{- end }}
{{- end }}

29
bitnami/seaweedfs/templates/webadv/pdb.yaml Normal file
View File

@@ -0,0 +1,29 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- $replicaCount := int .Values.webdav.replicaCount }}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.pdb.create (or (gt $replicaCount 1) .Values.webdav.autoscaling.enabled) }}
apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
kind: PodDisruptionBudget
metadata:
name: {{ template "seaweedfs.webdav.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
{{- if .Values.webdav.pdb.minAvailable }}
minAvailable: {{ .Values.webdav.pdb.minAvailable }}
{{- end }}
{{- if .Values.webdav.pdb.maxUnavailable }}
maxUnavailable: {{ .Values.webdav.pdb.maxUnavailable }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.podLabels .Values.commonLabels) "context" .) }}
selector:
matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
app.kubernetes.io/component: webdav
{{- end }}

54
bitnami/seaweedfs/templates/webadv/service.yaml Normal file
View File

@@ -0,0 +1,54 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "seaweedfs.webdav.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if or .Values.webdav.service.annotations .Values.commonAnnotations }}
{{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.service.annotations .Values.commonAnnotations) "context" .) }}
annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.webdav.service.type }}
{{- if and .Values.webdav.service.clusterIP (eq .Values.webdav.service.type "ClusterIP") }}
clusterIP: {{ .Values.webdav.service.clusterIP }}
{{- end }}
{{- if .Values.webdav.service.sessionAffinity }}
sessionAffinity: {{ .Values.webdav.service.sessionAffinity }}
{{- end }}
{{- if .Values.webdav.service.sessionAffinityConfig }}
sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.service.sessionAffinityConfig "context" $) | nindent 4 }}
{{- end }}
{{- if or (eq .Values.webdav.service.type "LoadBalancer") (eq .Values.webdav.service.type "NodePort") }}
externalTrafficPolicy: {{ .Values.webdav.service.externalTrafficPolicy | quote }}
{{- end }}
{{- if and (eq .Values.webdav.service.type "LoadBalancer") (not (empty .Values.webdav.service.loadBalancerSourceRanges)) }}
loadBalancerSourceRanges: {{ .Values.webdav.service.loadBalancerSourceRanges }}
{{- end }}
{{- if and (eq .Values.webdav.service.type "LoadBalancer") (not (empty .Values.webdav.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.webdav.service.loadBalancerIP }}
{{- end }}
ports:
- name: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
port: {{ .Values.webdav.service.ports.http }}
targetPort: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
protocol: TCP
{{- if and (or (eq .Values.webdav.service.type "NodePort") (eq .Values.webdav.service.type "LoadBalancer")) (not (empty .Values.webdav.service.nodePorts.http)) }}
nodePort: {{ .Values.webdav.service.nodePorts.http }}
{{- else if eq .Values.webdav.service.type "ClusterIP" }}
nodePort: null
{{- end }}
{{- if .Values.webdav.service.extraPorts }}
{{- include "common.tplvalues.render" (dict "value" .Values.webdav.service.extraPorts "context" $) | nindent 4 }}
{{- end }}
{{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.podLabels .Values.commonLabels) "context" .) | fromYaml }}
selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- end }}

44
bitnami/seaweedfs/templates/webadv/tls-secret.yaml Normal file
View File

@@ -0,0 +1,44 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled .Values.webdav.tls.autoGenerated.enabled (eq .Values.webdav.tls.autoGenerated.engine "helm") -}}
{{- $ca := genCA "webdav-ca" 365 }}
{{- $releaseNamespace := include "common.names.namespace" . }}
{{- $clusterDomain := .Values.clusterDomain }}
{{- $fullname := include "seaweedfs.webdav.fullname" . -}}
{{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
{{- $secretName := printf "%s-crt" (include "seaweedfs.webdav.fullname" .) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ $secretName }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
{{- else if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled (not .Values.webdav.tls.autoGenerated.enabled) (empty .Values.webdav.tls.existingSecret) -}}
apiVersion: v1
kind: Secret
metadata:
name: {{ printf "%s-crt" (include "seaweedfs.webdav.fullname" .) -}}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: webdav
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
type: kubernetes.io/tls
data:
tls.crt: {{ required "A valid .Values.webdav.tls.cert entry required!" .Values.webdav.tls.cert | b64enc | quote }}
tls.key: {{ required "A valid .Values.webdav.tls.key entry required!" .Values.webdav.tls.key | b64enc | quote }}
{{- end }}

3379
bitnami/seaweedfs/values.yaml Normal file
View File

File diff suppressed because it is too large Load Diff