62a83ed469
* helm: enhance all-in-one deployment configuration Fixes #7110 This PR addresses multiple issues with the all-in-one Helm chart configuration: ## New Features ### Configurable Replicas - Added `allInOne.replicas` (was hardcoded to 1) ### S3 Gateway Configuration - Added full S3 config under `allInOne.s3`: - port, httpsPort, domainName, allowEmptyFolder - enableAuth, existingConfigSecret, auditLogConfig - createBuckets for declarative bucket creation ### SFTP Server Configuration - Added full SFTP config under `allInOne.sftp`: - port, sshPrivateKey, hostKeysFolder, authMethods - maxAuthTries, bannerMessage, loginGraceTime - clientAliveInterval, clientAliveCountMax, enableAuth ### Command Line Arguments - Added `allInOne.extraArgs` for custom CLI arguments ### Update Strategy - Added `allInOne.updateStrategy.type` (Recreate/RollingUpdate) ### Secret Environment Variables - Added `allInOne.secretExtraEnvironmentVars` for injecting secrets ### Ingress Support - Added `allInOne.ingress` with S3, filer, and master sub-configs ### Storage Options - Enhanced `allInOne.data` with existingClaim support - Added PVC template for persistentVolumeClaim type ## CI Enhancements - Added comprehensive tests for all-in-one configurations - Tests cover replicas, S3, SFTP, extraArgs, strategies, PVC, ingress * helm: add real cluster deployment tests to CI - Deploy all-in-one cluster with S3 enabled on kind cluster - Test Master API (/cluster/status endpoint) - Test Filer API (file upload/download) - Test S3 API (/status endpoint) - Test S3 operations with AWS CLI: - Create/delete buckets - Upload/download/delete objects - Verify file content integrity * helm: simplify CI and remove all-in-one ingress Address review comments: - Remove detailed all-in-one template rendering tests from CI - Remove real cluster deployment tests from CI - Remove all-in-one ingress template and values configuration Keep the core improvements: - allInOne.replicas configuration - allInOne.s3.* full configuration - allInOne.sftp.* full configuration - allInOne.extraArgs support - allInOne.updateStrategy configuration - allInOne.secretExtraEnvironmentVars support * helm: address review comments - Fix post-install-bucket-hook.yaml: add filer.s3.enableAuth and filer.s3.existingConfigSecret to or statements for consistency - Fix all-in-one-deployment.yaml: use default function for s3.domainName - Fix all-in-one-deployment.yaml: use hasKey function for s3.allowEmptyFolder * helm: clarify updateStrategy multi-replica behavior Expand comment to warn users that RollingUpdate with multiple replicas requires shared storage (ReadWriteMany) to avoid data loss. * helm: address gemini-code-assist review comments - Make PVC accessModes configurable to support ReadWriteMany for multi-replica deployments (defaults to ReadWriteOnce) - Use configured readiness probe paths in post-install bucket hook instead of hardcoded paths, respecting custom configurations * helm: simplify allowEmptyFolder logic using coalesce Use coalesce function for cleaner template code as suggested in review. * helm: fix extraArgs trailing backslash issue Remove trailing backslash after the last extraArgs argument to avoid shell syntax error. Use counter to only add backslash between arguments. * helm: fix fallback logic for allInOne s3/sftp configuration Changes: - Set allInOne.s3.* and allInOne.sftp.* override parameters to null by default This allows proper inheritance from global s3.* and sftp.* settings - Fix allowEmptyFolder logic to use explicit nil checking instead of coalesce The coalesce/default functions treat 'false' as empty, causing incorrect fallback behavior when users want to explicitly set false values Addresses review feedback about default value conflicts with fallback logic. * helm: fix exec in bucket creation loop causing premature termination Remove 'exec' from the range loops that create and configure S3 buckets. The exec command replaces the current shell process, causing the script to terminate after the first bucket, preventing creation/configuration of subsequent buckets. * helm: quote extraArgs to handle arguments with spaces Use the quote function to ensure each item in extraArgs is treated as a single, complete argument even if it contains spaces. * helm: make s3/filer ingress work for both normal and all-in-one modes Modified s3-ingress.yaml and filer-ingress.yaml to dynamically select the service name based on deployment mode: - Normal mode: points to seaweedfs-s3 / seaweedfs-filer services - All-in-one mode: points to seaweedfs-all-in-one service This eliminates the need for separate all-in-one ingress templates. Users can now use the standard s3.ingress and filer.ingress settings for both deployment modes. * helm: fix allInOne.data.size and storageClass to use null defaults Change size and storageClass from empty strings to null so the template defaults (10Gi for size, cluster default for storageClass) will apply correctly. Empty strings prevent the Helm | default function from working. * helm: fix S3 ingress to include standalone S3 gateway case Add s3.enabled check to the $s3Enabled logic so the ingress works for: 1. Standalone S3 gateway (s3.enabled) 2. S3 on Filer (filer.s3.enabled) when not in all-in-one mode 3. S3 in all-in-one mode (allInOne.s3.enabled)
SEAWEEDFS - helm chart (2.x+)
Getting Started
Add the helm repo
helm repo add seaweedfs https://seaweedfs.github.io/seaweedfs/helm
Install the helm chart
helm install seaweedfs seaweedfs/seaweedfs
(Recommended) Provide values.yaml
helm install --values=values.yaml seaweedfs seaweedfs/seaweedfs
Info:
- master/filer/volume are stateful sets with anti-affinity on the hostname, so your deployment will be spread/HA.
- chart is using memsql(mysql) as the filer backend to enable HA (multiple filer instances) and backup/HA memsql can provide.
- mysql user/password are created in a k8s secret (secret-seaweedfs-db.yaml) and injected to the filer with ENV.
- cert config exists and can be enabled, but not been tested, requires cert-manager to be installed.
Prerequisites
Database
leveldb is the default database, this supports multiple filer replicas that will sync automatically, with some limitations.
When the limitations apply, or for a large number of filer replicas, an external datastore is recommended.
Such as MySQL-compatible database, as specified in the values.yaml at filer.extraEnvironmentVars.
This database should be pre-configured and initialized by running:
CREATE TABLE IF NOT EXISTS `filemeta` (
`dirhash` BIGINT NOT NULL COMMENT 'first 64 bits of MD5 hash value of directory field',
`name` VARCHAR(766) NOT NULL COMMENT 'directory or file name',
`directory` TEXT NOT NULL COMMENT 'full path to parent directory',
`meta` LONGBLOB,
PRIMARY KEY (`dirhash`, `name`)
) DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
Alternative database can also be configured (e.g. leveldb, postgres) following the instructions at filer.extraEnvironmentVars.
Node Labels
Kubernetes nodes can have labels which help to define which node(Host) will run which pod:
Here is an example:
- s3/filer/master needs the label sw-backend=true
- volume need the label sw-volume=true
to label a node to be able to run all pod types in k8s:
kubectl label node YOUR_NODE_NAME sw-volume=true sw-backend=true
on production k8s deployment you will want each pod to have a different host, especially the volume server and the masters, all pods (master/volume/filer) should have anti-affinity rules to disallow running multiple component pods on the same host.
If you still want to run multiple pods of the same component (master/volume/filer) on the same host please set/update the corresponding affinity rule in values.yaml to an empty one:
affinity: ""
PVC - storage class
On the volume stateful set added support for k8s PVC, currently example with the simple local-path-provisioner from Rancher (comes included with k3d / k3s) https://github.com/rancher/local-path-provisioner
you can use ANY storage class you like, just update the correct storage-class for your deployment.
current instances config (AIO):
1 instance for each type (master/filer+s3/volume)
You can update the replicas count for each node type in values.yaml, need to add more nodes with the corresponding labels if applicable.
Most of the configuration are available through values.yaml any pull requests to expand functionality or usability are greatly appreciated. Any pull request must pass chart-testing.
S3 configuration
To enable an s3 endpoint for your filer with a default install add the following to your values.yaml:
filer:
s3:
enabled: true
Enabling Authentication to S3
To enable authentication for S3, you have two options:
- let the helm chart create an admin user as well as a read only user
- provide your own s3 config.json file via an existing Kubernetes Secret
Use the default credentials for S3
Example parameters for your values.yaml:
filer:
s3:
enabled: true
enableAuth: true
Provide your own credentials for S3
Example parameters for your values.yaml:
filer:
s3:
enabled: true
enableAuth: true
existingConfigSecret: my-s3-secret
Example existing secret with your s3 config to create an admin user and readonly user, both with credentials:
---
# Source: seaweedfs/templates/seaweedfs-s3-secret.yaml
apiVersion: v1
kind: Secret
type: Opaque
metadata:
name: my-s3-secret
namespace: seaweedfs
labels:
app.kubernetes.io/name: seaweedfs
app.kubernetes.io/component: s3
stringData:
# this key must be an inline json config file
seaweedfs_s3_config: '{"identities":[{"name":"anvAdmin","credentials":[{"accessKey":"snu8yoP6QAlY0ne4","secretKey":"PNzBcmeLNEdR0oviwm04NQAicOrDH1Km"}],"actions":["Admin","Read","Write"]},{"name":"anvReadOnly","credentials":[{"accessKey":"SCigFee6c5lbi04A","secretKey":"kgFhbT38R8WUYVtiFQ1OiSVOrYr3NKku"}],"actions":["Read"]}]}'
Enterprise
For enterprise users, please visit seaweedfs.com for the SeaweedFS Enterprise Edition, which has a self-healing storage format with better data protection.