8ec9ff4a12
* admin: add plugin runtime UI page and route wiring * pb: add plugin gRPC contract and generated bindings * admin/plugin: implement worker registry, runtime, monitoring, and config store * admin/dash: wire plugin runtime and expose plugin workflow APIs * command: add flags to enable plugin runtime * admin: rename remaining plugin v2 wording to plugin * admin/plugin: add detectable job type registry helper * admin/plugin: add scheduled detection and dispatch orchestration * admin/plugin: prefetch job type descriptors when workers connect * admin/plugin: add known job type discovery API and UI * admin/plugin: refresh design doc to match current implementation * admin/plugin: enforce per-worker scheduler concurrency limits * admin/plugin: use descriptor runtime defaults for scheduler policy * admin/ui: auto-load first known plugin job type on page open * admin/plugin: bootstrap persisted config from descriptor defaults * admin/plugin: dedupe scheduled proposals by dedupe key * admin/ui: add job type and state filters for plugin monitoring * admin/ui: add per-job-type plugin activity summary * admin/plugin: split descriptor read API from schema refresh * admin/ui: keep plugin summary metrics global while tables are filtered * admin/plugin: retry executor reservation before timing out * admin/plugin: expose scheduler states for monitoring * admin/ui: show per-job-type scheduler states in plugin monitor * pb/plugin: rename protobuf package to plugin * admin/plugin: rename pluginRuntime wiring to plugin * admin/plugin: remove runtime naming from plugin APIs and UI * admin/plugin: rename runtime files to plugin naming * admin/plugin: persist jobs and activities for monitor recovery * admin/plugin: lease one detector worker per job type * admin/ui: show worker load from plugin heartbeats * admin/plugin: skip stale workers for detector and executor picks * plugin/worker: add plugin worker command and stream runtime scaffold * plugin/worker: implement vacuum detect and execute handlers * admin/plugin: document external vacuum plugin worker starter * command: update plugin.worker help to reflect implemented flow * command/admin: drop legacy Plugin V2 label * plugin/worker: validate vacuum job type and respect min interval * plugin/worker: test no-op detect when min interval not elapsed * command/admin: document plugin.worker external process * plugin/worker: advertise configured concurrency in hello * command/plugin.worker: add jobType handler selection * command/plugin.worker: test handler selection by job type * command/plugin.worker: persist worker id in workingDir * admin/plugin: document plugin.worker jobType and workingDir flags * plugin/worker: support cancel request for in-flight work * plugin/worker: test cancel request acknowledgements * command/plugin.worker: document workingDir and jobType behavior * plugin/worker: emit executor activity events for monitor * plugin/worker: test executor activity builder * admin/plugin: send last successful run in detection request * admin/plugin: send cancel request when detect or execute context ends * admin/plugin: document worker cancel request responsibility * admin/handlers: expose plugin scheduler states API in no-auth mode * admin/handlers: test plugin scheduler states route registration * admin/plugin: keep worker id on worker-generated activity records * admin/plugin: test worker id propagation in monitor activities * admin/dash: always initialize plugin service * command/admin: remove plugin enable flags and default to enabled * admin/dash: drop pluginEnabled constructor parameter * admin/plugin UI: stop checking plugin enabled state * admin/plugin: remove docs for plugin enable flags * admin/dash: remove unused plugin enabled check method * admin/dash: fallback to in-memory plugin init when dataDir fails * admin/plugin API: expose worker gRPC port in status * command/plugin.worker: resolve admin gRPC port via plugin status * split plugin UI into overview/configuration/monitoring pages * Update layout_templ.go * add volume_balance plugin worker handler * wire plugin.worker CLI for volume_balance job type * add erasure_coding plugin worker handler * wire plugin.worker CLI for erasure_coding job type * support multi-job handlers in plugin worker runtime * allow plugin.worker jobType as comma-separated list * admin/plugin UI: rename to Workers and simplify config view * plugin worker: queue detection requests instead of capacity reject * Update plugin_worker.go * plugin volume_balance: remove force_move/timeout from worker config UI * plugin erasure_coding: enforce local working dir and cleanup * admin/plugin UI: rename admin settings to job scheduling * admin/plugin UI: persist and robustly render detection results * admin/plugin: record and return detection trace metadata * admin/plugin UI: show detection process and decision trace * plugin: surface detector decision trace as activities * mini: start a plugin worker by default * admin/plugin UI: split monitoring into detection and execution tabs * plugin worker: emit detection decision trace for EC and balance * admin workers UI: split monitoring into detection and execution pages * plugin scheduler: skip proposals for active assigned/running jobs * admin workers UI: add job queue tab * plugin worker: add dummy stress detector and executor job type * admin workers UI: reorder tabs to detection queue execution * admin workers UI: regenerate plugin template * plugin defaults: include dummy stress and add stress tests * plugin dummy stress: rotate detection selections across runs * plugin scheduler: remove cross-run proposal dedupe * plugin queue: track pending scheduled jobs * plugin scheduler: wait for executor capacity before dispatch * plugin scheduler: skip detection when waiting backlog is high * plugin: add disk-backed job detail API and persistence * admin ui: show plugin job detail modal from job id links * plugin: generate unique job ids instead of reusing proposal ids * plugin worker: emit heartbeats on work state changes * plugin registry: round-robin tied executor and detector picks * add temporary EC overnight stress runner * plugin job details: persist and render EC execution plans * ec volume details: color data and parity shard badges * shard labels: keep parity ids numeric and color-only distinction * admin: remove legacy maintenance UI routes and templates * admin: remove dead maintenance endpoint helpers * Update layout_templ.go * remove dummy_stress worker and command support * refactor plugin UI to job-type top tabs and sub-tabs * migrate weed worker command to plugin runtime * remove plugin.worker command and keep worker runtime with metrics * update helm worker args for jobType and execution flags * set plugin scheduling defaults to global 16 and per-worker 4 * stress: fix RPC context reuse and remove redundant variables in ec_stress_runner * admin/plugin: fix lifecycle races, safe channel operations, and terminal state constants * admin/dash: randomize job IDs and fix priority zero-value overwrite in plugin API * admin/handlers: implement buffered rendering to prevent response corruption * admin/plugin: implement debounced persistence flusher and optimize BuildJobDetail memory lookups * admin/plugin: fix priority overwrite and implement bounded wait in scheduler reserve * admin/plugin: implement atomic file writes and fix run record side effects * admin/plugin: use P prefix for parity shard labels in execution plans * admin/plugin: enable parallel execution for cancellation tests * admin: refactor time.Time fields to pointers for better JSON omitempty support * admin/plugin: implement pointer-safe time assignments and comparisons in plugin core * admin/plugin: fix time assignment and sorting logic in plugin monitor after pointer refactor * admin/plugin: update scheduler activity tracking to use time pointers * admin/plugin: fix time-based run history trimming after pointer refactor * admin/dash: fix JobSpec struct literal in plugin API after pointer refactor * admin/view: add D/P prefixes to EC shard badges for UI consistency * admin/plugin: use lifecycle-aware context for schema prefetching * Update ec_volume_details_templ.go * admin/stress: fix proposal sorting and log volume cleanup errors * stress: refine ec stress runner with math/rand and collection name - Added Collection field to VolumeEcShardsDeleteRequest for correct filename construction. - Replaced crypto/rand with seeded math/rand PRNG for bulk payloads. - Added documentation for EcMinAge zero-value behavior. - Added logging for ignored errors in volume/shard deletion. * admin: return internal server error for plugin store failures Changed error status code from 400 Bad Request to 500 Internal Server Error for failures in GetPluginJobDetail to correctly reflect server-side errors. * admin: implement safe channel sends and graceful shutdown sync - Added sync.WaitGroup to Plugin struct to manage background goroutines. - Implemented safeSendCh helper using recover() to prevent panics on closed channels. - Ensured Shutdown() waits for all background operations to complete. * admin: robustify plugin monitor with nil-safe time and record init - Standardized nil-safe assignment for *time.Time pointers (CreatedAt, UpdatedAt, CompletedAt). - Ensured persistJobDetailSnapshot initializes new records correctly if they don't exist on disk. - Fixed debounced persistence to trigger immediate write on job completion. * admin: improve scheduler shutdown behavior and logic guards - Replaced brittle error string matching with explicit r.shutdownCh selection for shutdown detection. - Removed redundant nil guard in buildScheduledJobSpec. - Standardized WaitGroup usage for schedulerLoop. * admin: implement deep copy for job parameters and atomic write fixes - Implemented deepCopyGenericValue and used it in cloneTrackedJob to prevent shared state. - Ensured atomicWriteFile creates parent directories before writing. * admin: remove unreachable branch in shard classification Removed an unreachable 'totalShards <= 0' check in classifyShardID as dataShards and parityShards are already guarded. * admin: secure UI links and use canonical shard constants - Added rel="noopener noreferrer" to external links for security. - Replaced magic number 14 with erasure_coding.TotalShardsCount. - Used renderEcShardBadge for missing shard list consistency. * admin: stabilize plugin tests and fix regressions - Composed a robust plugin_monitor_test.go to handle asynchronous persistence. - Updated all time.Time literals to use timeToPtr helper. - Added explicit Shutdown() calls in tests to synchronize with debounced writes. - Fixed syntax errors and orphaned struct literals in tests. * Potential fix for code scanning alert no. 278: Slice memory allocation with excessive size value Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Potential fix for code scanning alert no. 283: Uncontrolled data used in path expression Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * admin: finalize refinements for error handling, scheduler, and race fixes - Standardized HTTP 500 status codes for store failures in plugin_api.go. - Tracked scheduled detection goroutines with sync.WaitGroup for safe shutdown. - Fixed race condition in safeSendDetectionComplete by extracting channel under lock. - Implemented deep copy for JobActivity details. - Used defaultDirPerm constant in atomicWriteFile. * test(ec): migrate admin dockertest to plugin APIs * admin/plugin_api: fix RunPluginJobTypeAPI to return 500 for server-side detection/filter errors * admin/plugin_api: fix ExecutePluginJobAPI to return 500 for job execution failures * admin/plugin_api: limit parseProtoJSONBody request body to 1MB to prevent unbounded memory usage * admin/plugin: consolidate regex to package-level validJobTypePattern; add char validation to sanitizeJobID * admin/plugin: fix racy Shutdown channel close with sync.Once * admin/plugin: track sendLoop and recv goroutines in WorkerStream with r.wg * admin/plugin: document writeProtoFiles atomicity — .pb is source of truth, .json is human-readable only * admin/plugin: extract activityLess helper to deduplicate nil-safe OccurredAt sort comparators * test/ec: check http.NewRequest errors to prevent nil req panics * test/ec: replace deprecated ioutil/math/rand, fix stale step comment 5.1→3.1 * plugin(ec): raise default detection and scheduling throughput limits * topology: include empty disks in volume list and EC capacity fallback * topology: remove hard 10-task cap for detection planning * Update ec_volume_details_templ.go * adjust default * fix tests --------- Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1644 lines
51 KiB
YAML
1644 lines
51 KiB
YAML
# Available parameters and their default values for the SeaweedFS chart.
|
|
|
|
global:
|
|
createClusterRole: true
|
|
registry: ""
|
|
# if repository is set, it overrides the namespace part of imageName
|
|
repository: ""
|
|
imageName: chrislusf/seaweedfs
|
|
imagePullPolicy: IfNotPresent
|
|
imagePullSecrets: ""
|
|
restartPolicy: Always
|
|
loggingLevel: 1
|
|
enableSecurity: false
|
|
masterServer: null
|
|
securityConfig:
|
|
jwtSigning:
|
|
volumeWrite: true
|
|
volumeRead: false
|
|
filerWrite: false
|
|
filerRead: false
|
|
# we will use this serviceAccountName for all ClusterRoles/ClusterRoleBindings
|
|
serviceAccountName: "seaweedfs"
|
|
automountServiceAccountToken: true
|
|
certificates:
|
|
duration: 87600h
|
|
renewBefore: 720h
|
|
alphacrds: false
|
|
monitoring:
|
|
enabled: false
|
|
gatewayHost: null
|
|
gatewayPort: null
|
|
additionalLabels: {}
|
|
# if enabled will use global.replicationPlacement and override master & filer defaultReplicaPlacement config
|
|
enableReplication: false
|
|
# replication type is XYZ:
|
|
# X number of replica in other data centers
|
|
# Y number of replica in other racks in the same data center
|
|
# Z number of replica in other servers in the same rack
|
|
replicationPlacement: "001"
|
|
extraEnvironmentVars:
|
|
WEED_CLUSTER_DEFAULT: "sw"
|
|
WEED_CLUSTER_SW_MASTER: "{{ include \"seaweedfs.cluster.masterAddress\" . }}"
|
|
WEED_CLUSTER_SW_FILER: "{{ include \"seaweedfs.cluster.filerAddress\" . }}"
|
|
# WEED_JWT_SIGNING_KEY:
|
|
# secretKeyRef:
|
|
# name: seaweedfs-signing-key
|
|
# key: signingKey
|
|
|
|
image:
|
|
registry: ""
|
|
repository: ""
|
|
tag: ""
|
|
|
|
master:
|
|
enabled: true
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
replicas: 1
|
|
port: 9333
|
|
grpcPort: 19333
|
|
metricsPort: 9327
|
|
metricsIp: "" # Metrics listen IP. If empty, defaults to ipBind
|
|
ipBind: "0.0.0.0"
|
|
volumePreallocate: false
|
|
volumeSizeLimitMB: 1000
|
|
loggingOverrideLevel: null
|
|
# threshold to vacuum and reclaim spaces, default 0.3 (30%)
|
|
garbageThreshold: null
|
|
# Prometheus push interval in seconds, default 15
|
|
metricsIntervalSec: 15
|
|
# replication type is XYZ:
|
|
# X number of replica in other data centers
|
|
# Y number of replica in other racks in the same data center
|
|
# Z number of replica in other servers in the same rack
|
|
defaultReplication: "000"
|
|
|
|
# Disable http request, only gRpc operations are allowed
|
|
disableHttp: false
|
|
|
|
# Resume previous state on start master server
|
|
resumeState: false
|
|
# Use Hashicorp Raft
|
|
raftHashicorp: false
|
|
# Whether to bootstrap the Raft cluster. Only use it when use Hashicorp Raft
|
|
raftBootstrap: false
|
|
|
|
# election timeout of master servers
|
|
electionTimeout: "10s"
|
|
# heartbeat interval of master servers, and will be randomly multiplied by [1, 1.25)
|
|
heartbeatInterval: "300ms"
|
|
|
|
# Custom command line arguments to add to the master command
|
|
# Example to fix IPv6 metrics connectivity issues:
|
|
# extraArgs: ["-metricsIp", "0.0.0.0"]
|
|
# Example with multiple args:
|
|
# extraArgs: ["-customFlag", "value", "-anotherFlag"]
|
|
extraArgs: []
|
|
|
|
config: |-
|
|
# Enter any extra configuration for master.toml here.
|
|
# It may be a multi-line string.
|
|
|
|
# You may use ANY storage-class, example with local-path-provisioner
|
|
# Annotations are optional.
|
|
# data:
|
|
# type: "persistentVolumeClaim"
|
|
# size: "24Ti"
|
|
# storageClass: "local-path-provisioner"
|
|
# annotations:
|
|
# "key": "value"
|
|
#
|
|
# You may also spacify an existing claim:
|
|
# data:
|
|
# type: "existingClaim"
|
|
# claimName: "my-pvc"
|
|
#
|
|
# You can also use emptyDir storage:
|
|
# data:
|
|
# type: "emptyDir"
|
|
data:
|
|
type: "hostPath"
|
|
storageClass: ""
|
|
hostPathPrefix: /ssd
|
|
|
|
# You may use ANY storage-class, example with local-path-provisioner
|
|
# Annotations are optional.
|
|
# logs:
|
|
# type: "persistentVolumeClaim"
|
|
# size: "24Ti"
|
|
# storageClass: "local-path-provisioner"
|
|
# annotations:
|
|
# "key": "value"
|
|
|
|
# You can also use emptyDir storage:
|
|
# logs:
|
|
# type: "emptyDir"
|
|
logs:
|
|
type: "hostPath"
|
|
size: ""
|
|
storageClass: ""
|
|
hostPathPrefix: /storage
|
|
|
|
## @param master.sidecars Add additional sidecar containers to the master pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
initContainers: ""
|
|
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
|
|
# Labels to be added to the master pods
|
|
podLabels: {}
|
|
|
|
# Annotations to be added to the master pods
|
|
podAnnotations: {}
|
|
|
|
# Annotations to be added to the master resources
|
|
annotations: {}
|
|
|
|
## Set podManagementPolicy
|
|
podManagementPolicy: Parallel
|
|
|
|
# Resource requests, limits, etc. for the master cluster placement. This
|
|
# should map directly to the value of the resources field for a PodSpec,
|
|
# formatted as a multi-line string. By default no direct resource request
|
|
# is made.
|
|
resources: {}
|
|
|
|
# updatePartition is used to control a careful rolling update of SeaweedFS
|
|
# masters.
|
|
updatePartition: 0
|
|
|
|
# Affinity Settings
|
|
# Commenting out or setting as empty the affinity variable, will allow
|
|
# deployment to single node services such as Minikube
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: master
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Topology Spread Constraints Settings
|
|
# This should map directly to the value of the topologySpreadConstraints
|
|
# for a PodSpec. By Default no constraints are set.
|
|
topologySpreadConstraints: ""
|
|
|
|
# Toleration Settings for master pods
|
|
# This should be a multi-line string matching the Toleration array
|
|
# in a PodSpec.
|
|
tolerations: ""
|
|
|
|
# nodeSelector labels for master pod assignment, formatted as a muli-line string.
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
# Example:
|
|
nodeSelector: ""
|
|
# nodeSelector: |
|
|
# sw-backend: "true"
|
|
|
|
# used to assign priority to master pods
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
priorityClassName: ""
|
|
|
|
# used to assign a service account.
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccountName: ""
|
|
|
|
# Configure security context for Pod
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# podSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 1000
|
|
# runAsGroup: 3000
|
|
# fsGroup: 2000
|
|
podSecurityContext: {}
|
|
|
|
# Configure security context for Container
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# containerSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 2000
|
|
# allowPrivilegeEscalation: false
|
|
containerSecurityContext: {}
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
# host: false for "*" hostname
|
|
host: "master.seaweedfs.local"
|
|
path: "/sw-master/?(.*)"
|
|
pathType: ImplementationSpecific
|
|
annotations: {}
|
|
# nginx.ingress.kubernetes.io/auth-type: "basic"
|
|
# nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret"
|
|
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Master'
|
|
# nginx.ingress.kubernetes.io/service-upstream: "true"
|
|
# nginx.ingress.kubernetes.io/rewrite-target: /$1
|
|
# nginx.ingress.kubernetes.io/use-regex: "true"
|
|
# nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
|
|
# nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
# nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
# nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
# sub_filter '<head>' '<head> <base href="/sw-master/">'; #add base url
|
|
# sub_filter '="/' '="./'; #make absolute paths to relative
|
|
# sub_filter '=/' '=./';
|
|
# sub_filter '/seaweedfsstatic' './seaweedfsstatic';
|
|
# sub_filter_once off;
|
|
tls: []
|
|
|
|
extraEnvironmentVars:
|
|
WEED_MASTER_VOLUME_GROWTH_COPY_1: "7"
|
|
WEED_MASTER_VOLUME_GROWTH_COPY_2: "6"
|
|
WEED_MASTER_VOLUME_GROWTH_COPY_3: "3"
|
|
WEED_MASTER_VOLUME_GROWTH_COPY_OTHER: "1"
|
|
|
|
# used to configure livenessProbe on master-server containers
|
|
#
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /cluster/status
|
|
scheme: HTTP
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
failureThreshold: 4
|
|
timeoutSeconds: 10
|
|
|
|
# used to configure readinessProbe on master-server containers
|
|
#
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /cluster/status
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 45
|
|
successThreshold: 2
|
|
failureThreshold: 100
|
|
timeoutSeconds: 10
|
|
|
|
volume:
|
|
enabled: true
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
port: 8080
|
|
grpcPort: 18080
|
|
metricsPort: 9327
|
|
metricsIp: "" # Metrics listen IP. If empty, defaults to ipBind
|
|
ipBind: "0.0.0.0"
|
|
replicas: 1
|
|
loggingOverrideLevel: null
|
|
# number of seconds between heartbeats, must be smaller than or equal to the master's setting
|
|
pulseSeconds: null
|
|
# Choose [memory|leveldb|leveldbMedium|leveldbLarge] mode for memory~performance balance., default memory
|
|
index: null
|
|
# limit file size to avoid out of memory, default 256mb
|
|
fileSizeLimitMB: null
|
|
# minimum free disk space(in percents). If free disk space lower this value - all volumes marks as ReadOnly
|
|
minFreeSpacePercent: 1
|
|
|
|
# Custom command line arguments to add to the volume command
|
|
# Example to fix IPv6 metrics connectivity issues:
|
|
# extraArgs: ["-metricsIp", "0.0.0.0"]
|
|
# Example with multiple args:
|
|
# extraArgs: ["-customFlag", "value", "-anotherFlag"]
|
|
extraArgs: []
|
|
|
|
# For each data disk you may use ANY storage-class, example with local-path-provisioner
|
|
# Annotations are optional.
|
|
# dataDirs:
|
|
# - name: data
|
|
# type: "persistentVolumeClaim"
|
|
# size: "24Ti"
|
|
# storageClass: "local-path-provisioner"
|
|
# annotations:
|
|
# "key": "value"
|
|
# maxVolumes: 0 # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
|
|
#
|
|
# You may also spacify an existing claim:
|
|
# - name: data
|
|
# type: "existingClaim"
|
|
# claimName: "my-pvc"
|
|
# maxVolumes: 0 # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
|
|
#
|
|
# You can also use emptyDir storage:
|
|
# - name: data
|
|
# type: "emptyDir"
|
|
# maxVolumes: 0 # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
|
|
#
|
|
# If these don't meet your needs, you can use "custom" here along with extraVolumes and extraVolumeMounts
|
|
# Particularly useful when using more than 1 for the volume server replicas.
|
|
# - name: data
|
|
# type: "custom"
|
|
# maxVolumes: 0 # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
|
|
|
|
dataDirs:
|
|
- name: data1
|
|
type: "hostPath"
|
|
hostPathPrefix: /ssd
|
|
maxVolumes: 0
|
|
|
|
# - name: data2
|
|
# type: "persistentVolumeClaim"
|
|
# storageClass: "yourClassNameOfChoice"
|
|
# size: "800Gi"
|
|
# maxVolumes: 0
|
|
|
|
# This will automatically create a job for patching Kubernetes resources if the dataDirs type is 'persistentVolumeClaim' and the size has changed.
|
|
resizeHook:
|
|
enabled: true
|
|
image: alpine/k8s:1.28.4
|
|
|
|
# idx can be defined by:
|
|
#
|
|
# idx:
|
|
# type: "hostPath"
|
|
# hostPathPrefix: /ssd
|
|
#
|
|
# or
|
|
#
|
|
# idx:
|
|
# type: "persistentVolumeClaim"
|
|
# size: "20Gi"
|
|
# storageClass: "local-path-provisioner"
|
|
#
|
|
# or
|
|
#
|
|
# idx:
|
|
# type: "existingClaim"
|
|
# claimName: "myClaim"
|
|
#
|
|
# or
|
|
#
|
|
# idx:
|
|
# type: "emptyDir"
|
|
|
|
# same applies to "logs"
|
|
|
|
idx: {}
|
|
|
|
logs: {}
|
|
|
|
# limit background compaction or copying speed in mega bytes per second
|
|
compactionMBps: "50"
|
|
|
|
# Volume server's rack name
|
|
rack: null
|
|
|
|
# Stable identifier for the volume server, independent of IP address
|
|
# Useful for Kubernetes environments with hostPath volumes to maintain stable identity
|
|
id: null
|
|
|
|
# Volume server's data center name
|
|
dataCenter: null
|
|
|
|
# Redirect moved or non-local volumes. (default proxy)
|
|
readMode: proxy
|
|
|
|
# Comma separated Ip addresses having write permission. No limit if empty.
|
|
whiteList: null
|
|
|
|
# Adjust jpg orientation when uploading.
|
|
imagesFixOrientation: false
|
|
|
|
## @param volume.sidecars Add additional sidecar containers to the volume pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
initContainers: ""
|
|
|
|
# Example for use when using more than 1 volume server replica
|
|
# extraVolumeMounts: |
|
|
# - name: drive
|
|
# mountPath: /drive
|
|
# subPathExpr: $(POD_NAME)
|
|
# extraVolumes: |
|
|
# - name: drive
|
|
# hostPath:
|
|
# path: /var/mnt/
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
|
|
# Labels to be added to the volume pods
|
|
podLabels: {}
|
|
|
|
# Annotations to be added to the volume pods
|
|
podAnnotations: {}
|
|
|
|
# Annotations to be added to the volume resources
|
|
annotations: {}
|
|
|
|
## Set podManagementPolicy
|
|
podManagementPolicy: Parallel
|
|
|
|
# Affinity Settings
|
|
# Commenting out or setting as empty the affinity variable, will allow
|
|
# deployment to single node services such as Minikube
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: {{ $volumeName }}
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Topology Spread Constraints Settings
|
|
# This should map directly to the value of the topologySpreadConstraints
|
|
# for a PodSpec. By Default no constraints are set.
|
|
topologySpreadConstraints: ""
|
|
|
|
# Resource requests, limits, etc. for the server cluster placement. This
|
|
# should map directly to the value of the resources field for a PodSpec,
|
|
# formatted as a multi-line string. By default no direct resource request
|
|
# is made.
|
|
resources: {}
|
|
|
|
# Toleration Settings for server pods
|
|
# This should be a multi-line string matching the Toleration array
|
|
# in a PodSpec.
|
|
tolerations: ""
|
|
|
|
# nodeSelector labels for server pod assignment, formatted as a muli-line string.
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
# Example:
|
|
nodeSelector: ""
|
|
# nodeSelector: |
|
|
# sw-volume: "true"
|
|
|
|
# used to assign priority to server pods
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
priorityClassName: ""
|
|
|
|
# used to assign a service account.
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccountName: ""
|
|
|
|
extraEnvironmentVars:
|
|
|
|
# Configure security context for Pod
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# podSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 1000
|
|
# runAsGroup: 3000
|
|
# fsGroup: 2000
|
|
podSecurityContext: {}
|
|
|
|
# Configure security context for Container
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# containerSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 2000
|
|
# allowPrivilegeEscalation: false
|
|
containerSecurityContext: {}
|
|
|
|
# used to configure livenessProbe on volume-server containers
|
|
#
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /healthz
|
|
scheme: HTTP
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 90
|
|
successThreshold: 1
|
|
failureThreshold: 4
|
|
timeoutSeconds: 30
|
|
|
|
# used to configure readinessProbe on volume-server containers
|
|
#
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /healthz
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 100
|
|
timeoutSeconds: 30
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
host: "volume.seaweedfs.local"
|
|
path: "/"
|
|
pathType: Prefix
|
|
annotations:
|
|
nginx.ingress.kubernetes.io/app-root: /ui/index.html
|
|
# nginx.ingress.kubernetes.io/use-regex: "true"
|
|
# nginx.ingress.kubernetes.io/rewrite-target: /$1
|
|
# nginx.ingress.kubernetes.io/auth-type: "basic"
|
|
# nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret"
|
|
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Volume'
|
|
# nginx.ingress.kubernetes.io/service-upstream: "true"
|
|
# nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
|
|
# nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
# nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
# nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
# sub_filter '<head>' '<head> <base href="/sw-volume/">'; #add base url
|
|
# sub_filter '="/' '="./'; #make absolute paths to relative
|
|
# sub_filter '=/' '=./';
|
|
# sub_filter '/seaweedfsstatic' './seaweedfsstatic';
|
|
# sub_filter_once off;
|
|
|
|
# Map of named volume groups for topology-aware deployments.
|
|
# Each key inherits all fields from the `volume` section but can override
|
|
# them locally—for example, replicas, nodeSelector, dataCenter, etc.
|
|
# To switch entirely to this scheme, set `volume.enabled: false`
|
|
# and define one entry per zone/data-center under `volumes`.
|
|
#
|
|
# volumes:
|
|
# dc1:
|
|
# replicas: 2
|
|
# dataCenter: "dc1"
|
|
# nodeSelector: |
|
|
# topology.kubernetes.io/zone: dc1
|
|
# dc2:
|
|
# replicas: 2
|
|
# dataCenter: "dc2"
|
|
# nodeSelector: |
|
|
# topology.kubernetes.io/zone: dc2
|
|
# dc3:
|
|
# replicas: 2
|
|
# dataCenter: "dc3"
|
|
# nodeSelector: |
|
|
# topology.kubernetes.io/zone: dc3
|
|
#
|
|
volumes: {}
|
|
|
|
filer:
|
|
enabled: true
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
replicas: 1
|
|
port: 8888
|
|
grpcPort: 18888
|
|
metricsPort: 9327
|
|
metricsIp: "" # Metrics listen IP. If empty, defaults to ipBind
|
|
ipBind: "0.0.0.0" # IP address to bind to. Set to 0.0.0.0 to allow external traffic
|
|
loggingOverrideLevel: null
|
|
filerGroup: ""
|
|
# prefer to read and write to volumes in this data center (not set by default)
|
|
dataCenter: null
|
|
# prefer to write to volumes in this rack (not set by default)
|
|
rack: null
|
|
# replication type is XYZ:
|
|
# X number of replica in other data centers
|
|
# Y number of replica in other racks in the same data center
|
|
# Z number of replica in other servers in the same rack
|
|
defaultReplicaPlacement: "000"
|
|
# turn off directory listing
|
|
disableDirListing: false
|
|
# split files larger than the limit, default 32
|
|
maxMB: null
|
|
# encrypt data on volume servers
|
|
encryptVolumeData: false
|
|
|
|
# Whether proxy or redirect to volume server during file GET request
|
|
redirectOnRead: false
|
|
|
|
# Limit sub dir listing size (default 100000)
|
|
dirListLimit: 100000
|
|
|
|
# Disable http request, only gRpc operations are allowed
|
|
disableHttp: false
|
|
|
|
# Custom command line arguments to add to the filer command
|
|
# Example to fix IPv6 metrics connectivity issues:
|
|
# extraArgs: ["-metricsIp", "0.0.0.0"]
|
|
# Example with multiple args:
|
|
# extraArgs: ["-customFlag", "value", "-anotherFlag"]
|
|
extraArgs: []
|
|
|
|
# Add a custom notification.toml to configure filer notifications
|
|
# Example:
|
|
# notificationConfig: |-
|
|
# [notification.kafka]
|
|
# enabled = false
|
|
# hosts = [
|
|
# "localhost:9092"
|
|
# ]
|
|
# topic = "seaweedfs_filer"
|
|
# offsetFile = "./last.offset"
|
|
# offsetSaveIntervalSeconds = 10
|
|
notificationConfig: ""
|
|
|
|
# DEPRECATE: enablePVC, storage, storageClass
|
|
# Consider replacing with filer.data section below instead.
|
|
|
|
# Settings for configuring stateful storage of filer pods.
|
|
# enablePVC will create a pvc for filer for data persistence.
|
|
enablePVC: false
|
|
# storage should be set to the disk size of the attached volume.
|
|
storage: 25Gi
|
|
# storageClass is the class of storage which defaults to null (the Kube cluster will pick the default).
|
|
storageClass: null
|
|
# You may use ANY storage-class, example with local-path-provisioner
|
|
# Annotations are optional.
|
|
# data:
|
|
# type: "persistentVolumeClaim"
|
|
# size: "24Ti"
|
|
# storageClass: "local-path-provisioner"
|
|
# annotations:
|
|
# "key": "value"
|
|
#
|
|
# You may also specify an existing claim:
|
|
# data:
|
|
# type: "existingClaim"
|
|
# claimName: "my-pvc"
|
|
#
|
|
# You can also use emptyDir storage:
|
|
# data:
|
|
# type: "emptyDir"
|
|
data:
|
|
type: "hostPath"
|
|
size: ""
|
|
storageClass: ""
|
|
hostPathPrefix: /storage
|
|
|
|
# You may use ANY storage-class, example with local-path-provisioner
|
|
# Annotations are optional.
|
|
# logs:
|
|
# type: "persistentVolumeClaim"
|
|
# size: "24Ti"
|
|
# storageClass: "local-path-provisioner"
|
|
# annotations:
|
|
# "key": "value"
|
|
|
|
# You can also use emptyDir storage:
|
|
# logs:
|
|
# type: "emptyDir"
|
|
logs:
|
|
type: "hostPath"
|
|
size: ""
|
|
storageClass: ""
|
|
hostPathPrefix: /storage
|
|
|
|
## @param filer.sidecars Add additional sidecar containers to the filer pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
initContainers: ""
|
|
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
|
|
# Labels to be added to the filer pods
|
|
podLabels: {}
|
|
|
|
# Annotations to be added to the filer pods
|
|
podAnnotations: {}
|
|
|
|
# Annotations to be added to the filer resource
|
|
annotations: {}
|
|
|
|
## Set podManagementPolicy
|
|
podManagementPolicy: Parallel
|
|
|
|
# Affinity Settings
|
|
# Commenting out or setting as empty the affinity variable, will allow
|
|
# deployment to single node services such as Minikube
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: filer
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Topology Spread Constraints Settings
|
|
# This should map directly to the value of the topologySpreadConstraints
|
|
# for a PodSpec. By Default no constraints are set.
|
|
topologySpreadConstraints: ""
|
|
|
|
# updatePartition is used to control a careful rolling update of SeaweedFS
|
|
# masters.
|
|
updatePartition: 0
|
|
|
|
# Resource requests, limits, etc. for the server cluster placement. This
|
|
# should map directly to the value of the resources field for a PodSpec,
|
|
# formatted as a multi-line string. By default no direct resource request
|
|
# is made.
|
|
resources: {}
|
|
|
|
# Toleration Settings for server pods
|
|
# This should be a multi-line string matching the Toleration array
|
|
# in a PodSpec.
|
|
tolerations: ""
|
|
|
|
# nodeSelector labels for server pod assignment, formatted as a muli-line string.
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
# Example:
|
|
nodeSelector: ""
|
|
# nodeSelector: |
|
|
# sw-backend: "true"
|
|
|
|
# used to assign priority to server pods
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
priorityClassName: ""
|
|
|
|
# used to assign a service account.
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccountName: ""
|
|
|
|
# Configure security context for Pod
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# podSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 1000
|
|
# runAsGroup: 3000
|
|
# fsGroup: 2000
|
|
podSecurityContext: {}
|
|
|
|
# Configure security context for Container
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# containerSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 2000
|
|
# allowPrivilegeEscalation: false
|
|
containerSecurityContext: {}
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
# host: false for "*" hostname
|
|
host: "seaweedfs.cluster.local"
|
|
path: "/sw-filer/?(.*)"
|
|
pathType: ImplementationSpecific
|
|
annotations: {}
|
|
# nginx.ingress.kubernetes.io/backend-protocol: GRPC
|
|
# nginx.ingress.kubernetes.io/auth-type: "basic"
|
|
# nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret"
|
|
# nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Filer'
|
|
# nginx.ingress.kubernetes.io/service-upstream: "true"
|
|
# nginx.ingress.kubernetes.io/rewrite-target: /$1
|
|
# nginx.ingress.kubernetes.io/use-regex: "true"
|
|
# nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
|
|
# nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
# nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
|
|
# nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
# sub_filter '<head>' '<head> <base href="/sw-filer/">'; #add base url
|
|
# sub_filter '="/' '="./'; #make absolute paths to relative
|
|
# sub_filter '=/' '=./';
|
|
# sub_filter '/seaweedfsstatic' './seaweedfsstatic';
|
|
# sub_filter_once off;
|
|
|
|
# extraEnvVars is a list of extra environment variables to set with the stateful set.
|
|
extraEnvironmentVars:
|
|
WEED_MYSQL_ENABLED: "false"
|
|
WEED_MYSQL_HOSTNAME: "mysql-db-host"
|
|
WEED_MYSQL_PORT: "3306"
|
|
WEED_MYSQL_DATABASE: "sw_database"
|
|
WEED_MYSQL_CONNECTION_MAX_IDLE: "5"
|
|
WEED_MYSQL_CONNECTION_MAX_OPEN: "75"
|
|
# "refresh" connection every 10 minutes, eliminating mysql closing "old" connections
|
|
WEED_MYSQL_CONNECTION_MAX_LIFETIME_SECONDS: "600"
|
|
# enable usage of memsql as filer backend
|
|
WEED_MYSQL_INTERPOLATEPARAMS: "true"
|
|
# if you want to use leveldb2, then should enable "enablePVC". or you may lose your data.
|
|
WEED_LEVELDB2_ENABLED: "true"
|
|
# with http DELETE, by default the filer would check whether a folder is empty.
|
|
# recursive_delete will delete all sub folders and files, similar to "rm -Rf"
|
|
WEED_FILER_OPTIONS_RECURSIVE_DELETE: "false"
|
|
# directories under this folder will be automatically creating a separate bucket
|
|
WEED_FILER_BUCKETS_FOLDER: "/buckets"
|
|
|
|
# used to configure livenessProbe on filer containers
|
|
#
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /
|
|
scheme: HTTP
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
timeoutSeconds: 10
|
|
|
|
# used to configure readinessProbe on filer containers
|
|
#
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 100
|
|
timeoutSeconds: 10
|
|
|
|
# secret env variables
|
|
secretExtraEnvironmentVars: {}
|
|
# WEED_POSTGRES_USERNAME:
|
|
# secretKeyRef:
|
|
# name: postgres-credentials
|
|
# key: username
|
|
# WEED_POSTGRES_PASSWORD:
|
|
# secretKeyRef:
|
|
# name: postgres-credentials
|
|
# key: password
|
|
|
|
s3:
|
|
enabled: false
|
|
port: 8333
|
|
# add additional https port
|
|
httpsPort: 0
|
|
# Suffix of the host name, {bucket}.{domainName}
|
|
domainName: ""
|
|
# enable user & permission to s3 (need to inject to all services)
|
|
enableAuth: false
|
|
# set to the name of an existing kubernetes Secret with the s3 json config file
|
|
# should have a secret key called seaweedfs_s3_config with an inline json configure
|
|
existingConfigSecret: null
|
|
auditLogConfig: {}
|
|
# You may specify buckets to be created during the install or upgrade process.
|
|
# Buckets may be exposed publicly by setting `anonymousRead` to `true`
|
|
# createBuckets:
|
|
# - name: bucket-a
|
|
# anonymousRead: true
|
|
# - name: bucket-b
|
|
# anonymousRead: false
|
|
|
|
s3:
|
|
enabled: false
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
replicas: 1
|
|
bindAddress: 0.0.0.0
|
|
port: 8333
|
|
# add additional https port
|
|
httpsPort: 0
|
|
metricsPort: 9327
|
|
# Iceberg catalog REST port (Apache Iceberg REST Catalog API)
|
|
# Set to a port number to enable, or 0/null to disable
|
|
icebergPort: null
|
|
loggingOverrideLevel: null
|
|
# enable user & permission to s3 (need to inject to all services)
|
|
enableAuth: false
|
|
# set to the name of an existing kubernetes Secret with the s3 json config file
|
|
# should have a secret key called seaweedfs_s3_config with an inline json config
|
|
existingConfigSecret: null
|
|
auditLogConfig: {}
|
|
# You may specify buckets to be created during the install or upgrade process.
|
|
# Buckets may be exposed publicly by setting `anonymousRead` to `true`
|
|
# createBuckets:
|
|
# - name: bucket-a
|
|
# anonymousRead: true
|
|
# - name: bucket-b
|
|
# anonymousRead: false
|
|
|
|
# Suffix of the host name, {bucket}.{domainName}
|
|
domainName: ""
|
|
|
|
## @param s3.sidecars Add additional sidecar containers to the s3 pod(s)
|
|
## e.g:
|
|
## sidecars:
|
|
## - name: your-image-name
|
|
## image: your-image
|
|
## imagePullPolicy: Always
|
|
## ports:
|
|
## - name: portname
|
|
## containerPort: 1234
|
|
##
|
|
sidecars: []
|
|
initContainers: ""
|
|
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
|
|
# Labels to be added to the s3 pods
|
|
podLabels: {}
|
|
|
|
# Annotations to be added to the s3 pods
|
|
podAnnotations: {}
|
|
|
|
# Annotations to be added to the s3 resources
|
|
annotations: {}
|
|
|
|
# Resource requests, limits, etc. for the server cluster placement. This
|
|
# should map directly to the value of the resources field for a PodSpec,
|
|
# formatted as a multi-line string. By default no direct resource request
|
|
# is made.
|
|
resources: {}
|
|
|
|
# Toleration Settings for server pods
|
|
# This should be a multi-line string matching the Toleration array
|
|
# in a PodSpec.
|
|
tolerations: ""
|
|
|
|
# nodeSelector labels for server pod assignment, formatted as a muli-line string.
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
# Example:
|
|
nodeSelector: ""
|
|
# nodeSelector: |
|
|
# sw-backend: "true"
|
|
|
|
# used to assign priority to server pods
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
priorityClassName: ""
|
|
|
|
# used to assign a service account.
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccountName: ""
|
|
|
|
# Configure security context for Pod
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# podSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 1000
|
|
# runAsGroup: 3000
|
|
# fsGroup: 2000
|
|
podSecurityContext: {}
|
|
|
|
# Configure security context for Container
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# containerSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 2000
|
|
# allowPrivilegeEscalation: false
|
|
containerSecurityContext: {}
|
|
|
|
# You can also use emptyDir storage:
|
|
# logs:
|
|
# type: "emptyDir"
|
|
logs:
|
|
type: "hostPath"
|
|
size: ""
|
|
storageClass: ""
|
|
hostPathPrefix: /storage
|
|
|
|
extraEnvironmentVars:
|
|
|
|
# Custom command line arguments to add to the s3 command
|
|
# Default idleTimeout is 120 seconds. Example to customize:
|
|
# extraArgs: ["-idleTimeout=300"]
|
|
extraArgs: []
|
|
|
|
# used to configure livenessProbe on s3 containers
|
|
#
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /status
|
|
scheme: HTTP
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 60
|
|
successThreshold: 1
|
|
failureThreshold: 20
|
|
timeoutSeconds: 10
|
|
|
|
# used to configure readinessProbe on s3 containers
|
|
#
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /status
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 100
|
|
timeoutSeconds: 10
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: ""
|
|
# host: false for "*" hostname, or an array for multiple hostnames
|
|
host: "seaweedfs.cluster.local"
|
|
path: "/"
|
|
pathType: Prefix
|
|
# additional ingress annotations for the s3 endpoint
|
|
annotations: {}
|
|
tls: []
|
|
|
|
icebergIngress:
|
|
enabled: false
|
|
className: ""
|
|
host: "seaweedfs-iceberg.cluster.local"
|
|
path: "/"
|
|
pathType: Prefix
|
|
annotations: {}
|
|
tls: []
|
|
|
|
sftp:
|
|
enabled: false
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
replicas: 1
|
|
bindAddress: 0.0.0.0
|
|
port: 2022 # Default SFTP port
|
|
metricsPort: 9327
|
|
metricsIp: "" # If empty, defaults to bindAddress
|
|
loggingOverrideLevel: null
|
|
|
|
# SSH server configuration
|
|
sshPrivateKey: "/etc/sw/seaweedfs_sftp_ssh_private_key" # Path to the SSH private key file for host authentication
|
|
hostKeysFolder: "/etc/sw/ssh" # path to folder containing SSH private key files for host authentication
|
|
authMethods: "password,publickey" # Comma-separated list of allowed auth methods: password, publickey, keyboard-interactive
|
|
maxAuthTries: 6 # Maximum number of authentication attempts per connection
|
|
bannerMessage: "SeaweedFS SFTP Server" # Message displayed before authentication
|
|
loginGraceTime: "2m" # Timeout for authentication
|
|
clientAliveInterval: "5s" # Interval for sending keep-alive messages
|
|
clientAliveCountMax: 3 # Maximum number of missed keep-alive messages before disconnecting
|
|
dataCenter: "" # Prefer to read and write to volumes in this data center
|
|
localSocket: "" # Default to /tmp/seaweedfs-sftp-<port>.sock
|
|
|
|
# User authentication
|
|
enableAuth: false
|
|
# Set to the name of an existing kubernetes Secret with the sftp json config file
|
|
# Should have a secret key called seaweedfs_sftp_config with an inline json config
|
|
existingConfigSecret: null
|
|
# Set to the name of an existing kubernetes Secret with the list of ssh private keys for sftp
|
|
existingSshConfigSecret: null
|
|
|
|
# Additional resources
|
|
sidecars: []
|
|
initContainers: ""
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
podLabels: {}
|
|
podAnnotations: {}
|
|
annotations: {}
|
|
resources: {}
|
|
tolerations: ""
|
|
nodeSelector: ""
|
|
priorityClassName: ""
|
|
serviceAccountName: ""
|
|
podSecurityContext: {}
|
|
containerSecurityContext: {}
|
|
|
|
logs:
|
|
type: "hostPath"
|
|
hostPathPrefix: /storage
|
|
|
|
extraEnvironmentVars: {}
|
|
|
|
# Health checks
|
|
# Health checks for SFTP - using tcpSocket instead of httpGet
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 60
|
|
successThreshold: 1
|
|
failureThreshold: 20
|
|
timeoutSeconds: 10
|
|
|
|
# Health checks for SFTP - using tcpSocket instead of httpGet
|
|
readinessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 100
|
|
timeoutSeconds: 10
|
|
|
|
admin:
|
|
enabled: false
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
replicas: 1
|
|
port: 23646 # Default admin port
|
|
grpcPort: 33646 # Default gRPC port for worker connections
|
|
loggingOverrideLevel: null
|
|
|
|
# Admin authentication
|
|
secret:
|
|
# Name of an existing secret containing admin credentials. If set, adminUser and adminPassword below are ignored.
|
|
existingSecret: ""
|
|
# Key in the existing secret for the admin username. Required if existingSecret is set.
|
|
userKey: ""
|
|
# Key in the existing secret for the admin password. Required if existingSecret is set.
|
|
pwKey: ""
|
|
adminUser: "admin"
|
|
adminPassword: "" # If empty, authentication is disabled.
|
|
|
|
# Data directory for admin configuration and maintenance data
|
|
dataDir: "" # If empty, configuration is kept in memory only
|
|
|
|
# Master servers to connect to
|
|
# If empty, uses global.masterServer or auto-discovers from master statefulset
|
|
masters: ""
|
|
|
|
# Custom command line arguments to add to the admin command
|
|
# Example: ["-customFlag", "value", "-anotherFlag"]
|
|
extraArgs: []
|
|
|
|
# Storage configuration
|
|
data:
|
|
type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir", "existingClaim"
|
|
size: "10Gi"
|
|
storageClass: ""
|
|
hostPathPrefix: /storage
|
|
claimName: ""
|
|
annotations: {}
|
|
|
|
logs:
|
|
type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir", "existingClaim"
|
|
size: "5Gi"
|
|
storageClass: ""
|
|
hostPathPrefix: /storage
|
|
claimName: ""
|
|
annotations: {}
|
|
|
|
# Additional resources
|
|
sidecars: []
|
|
initContainers: ""
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
podLabels: {}
|
|
podAnnotations: {}
|
|
annotations: {}
|
|
|
|
## Set podManagementPolicy
|
|
podManagementPolicy: Parallel
|
|
|
|
# Affinity Settings
|
|
# Commenting out or setting as empty the affinity variable, will allow
|
|
# deployment to single node services such as Minikube
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: admin
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Topology Spread Constraints Settings
|
|
# This should map directly to the value of the topologySpreadConstraints
|
|
# for a PodSpec. By Default no constraints are set.
|
|
topologySpreadConstraints: ""
|
|
|
|
resources: {}
|
|
tolerations: ""
|
|
nodeSelector: ""
|
|
priorityClassName: ""
|
|
serviceAccountName: ""
|
|
podSecurityContext: {}
|
|
containerSecurityContext: {}
|
|
|
|
extraEnvironmentVars: {}
|
|
|
|
# Health checks
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /health
|
|
scheme: HTTP
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 60
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
timeoutSeconds: 10
|
|
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /health
|
|
scheme: HTTP
|
|
initialDelaySeconds: 15
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
timeoutSeconds: 10
|
|
|
|
ingress:
|
|
enabled: false
|
|
className: "nginx"
|
|
# host: false for "*" hostname
|
|
host: "admin.seaweedfs.local"
|
|
path: "/"
|
|
pathType: Prefix
|
|
annotations: {}
|
|
tls: []
|
|
|
|
service:
|
|
type: ClusterIP
|
|
annotations: {}
|
|
|
|
# ServiceMonitor annotations (separate from pod/deployment annotations)
|
|
serviceMonitor:
|
|
annotations: {}
|
|
|
|
worker:
|
|
enabled: false
|
|
imageOverride: null
|
|
restartPolicy: null
|
|
replicas: 1
|
|
loggingOverrideLevel: null
|
|
metricsPort: 9327
|
|
metricsIp: "" # If empty, defaults to 0.0.0.0
|
|
|
|
# Admin server to connect to
|
|
adminServer: ""
|
|
|
|
# Worker job types - comma-separated list
|
|
# Available: vacuum, volume_balance, erasure_coding
|
|
jobType: "vacuum,volume_balance,erasure_coding"
|
|
|
|
# Maximum number of concurrent detection requests
|
|
maxDetect: 1
|
|
|
|
# Maximum number of concurrent execution jobs
|
|
maxExecute: 4
|
|
|
|
# Working directory for task execution
|
|
workingDir: "/tmp/seaweedfs-worker"
|
|
|
|
# Custom command line arguments to add to the worker command
|
|
# Example: ["-customFlag", "value", "-anotherFlag"]
|
|
extraArgs: []
|
|
|
|
# Storage configuration for working directory
|
|
# Note: Workers use Deployment, so use "emptyDir", "hostPath", or "existingClaim"
|
|
# Do NOT use "persistentVolumeClaim" - use "existingClaim" with pre-provisioned PVC instead
|
|
data:
|
|
type: "emptyDir" # Options: "hostPath", "emptyDir", "existingClaim"
|
|
hostPathPrefix: /storage
|
|
claimName: "" # For existingClaim type
|
|
|
|
logs:
|
|
type: "emptyDir" # Options: "hostPath", "emptyDir", "existingClaim"
|
|
hostPathPrefix: /storage
|
|
claimName: "" # For existingClaim type
|
|
|
|
# Additional resources
|
|
sidecars: []
|
|
initContainers: ""
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
podLabels: {}
|
|
podAnnotations: {}
|
|
annotations: {}
|
|
|
|
# Affinity Settings
|
|
# Commenting out or setting as empty the affinity variable, will allow
|
|
# deployment to single node services such as Minikube
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: worker
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Topology Spread Constraints Settings
|
|
# This should map directly to the value of the topologySpreadConstraints
|
|
# for a PodSpec. By Default no constraints are set.
|
|
topologySpreadConstraints: ""
|
|
|
|
resources:
|
|
requests:
|
|
cpu: "500m"
|
|
memory: "512Mi"
|
|
limits:
|
|
cpu: "2"
|
|
memory: "2Gi"
|
|
tolerations: ""
|
|
nodeSelector: ""
|
|
priorityClassName: ""
|
|
serviceAccountName: ""
|
|
podSecurityContext: {}
|
|
containerSecurityContext: {}
|
|
|
|
extraEnvironmentVars: {}
|
|
|
|
# Health checks for worker pods
|
|
# Workers expose /health (liveness) and /ready (readiness) endpoints on the metricsPort
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /health
|
|
port: metrics
|
|
initialDelaySeconds: 30
|
|
periodSeconds: 60
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
timeoutSeconds: 10
|
|
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /ready
|
|
port: metrics
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
timeoutSeconds: 10
|
|
|
|
# ServiceMonitor annotations (separate from pod/deployment annotations)
|
|
serviceMonitor:
|
|
annotations: {}
|
|
|
|
# All-in-one deployment configuration
|
|
allInOne:
|
|
enabled: false
|
|
imageOverride: null
|
|
restartPolicy: Always
|
|
replicas: 1 # Number of replicas (note: multiple replicas may require shared storage)
|
|
|
|
# Core configuration
|
|
idleTimeout: 30 # Connection idle seconds
|
|
dataCenter: "" # Current volume server's data center name
|
|
rack: "" # Current volume server's rack name
|
|
whiteList: "" # Comma separated IP addresses having write permission
|
|
disableHttp: false # Disable HTTP requests, only gRPC operations are allowed
|
|
metricsPort: 9324 # Prometheus metrics listen port
|
|
metricsIp: "" # Metrics listen IP. If empty, defaults to bindAddress
|
|
loggingOverrideLevel: null # Override logging level
|
|
|
|
# Custom command line arguments to add to the server command
|
|
# Example to fix IPv6 metrics connectivity issues:
|
|
# extraArgs: ["-metricsIp", "0.0.0.0"]
|
|
# Example with multiple args:
|
|
# extraArgs: ["-customFlag", "value", "-anotherFlag"]
|
|
extraArgs: []
|
|
|
|
# Update strategy configuration
|
|
# type: Recreate or RollingUpdate
|
|
# For single replica, Recreate is recommended to avoid data conflicts.
|
|
# For multiple replicas with RollingUpdate, you MUST use shared storage
|
|
# (e.g., data.type: persistentVolumeClaim with ReadWriteMany access mode)
|
|
# to avoid data loss or inconsistency between pods.
|
|
updateStrategy:
|
|
type: Recreate
|
|
|
|
# S3 gateway configuration
|
|
# Note: Most parameters below default to null, which means they inherit from
|
|
# the global s3.* settings. Set explicit values here to override for allInOne only.
|
|
s3:
|
|
enabled: false # Whether to enable S3 gateway
|
|
port: null # S3 gateway port (null inherits from s3.port)
|
|
httpsPort: null # S3 gateway HTTPS port (null inherits from s3.httpsPort)
|
|
domainName: null # Suffix of the host name (null inherits from s3.domainName)
|
|
enableAuth: false # Enable user & permission to S3
|
|
# Set to the name of an existing kubernetes Secret with the s3 json config file
|
|
# should have a secret key called seaweedfs_s3_config with an inline json config
|
|
existingConfigSecret: null
|
|
auditLogConfig: null # S3 audit log configuration (null inherits from s3.auditLogConfig)
|
|
# You may specify buckets to be created during the install process.
|
|
# Buckets may be exposed publicly by setting `anonymousRead` to `true`
|
|
# createBuckets:
|
|
# - name: bucket-a
|
|
# anonymousRead: true
|
|
# - name: bucket-b
|
|
# anonymousRead: false
|
|
|
|
# SFTP server configuration
|
|
# Note: Most parameters below default to null, which means they inherit from
|
|
# the global sftp.* settings. Set explicit values here to override for allInOne only.
|
|
sftp:
|
|
enabled: false # Whether to enable SFTP server
|
|
port: null # SFTP port (null inherits from sftp.port)
|
|
sshPrivateKey: null # Path to SSH private key (null inherits from sftp.sshPrivateKey)
|
|
hostKeysFolder: null # Path to SSH host keys folder (null inherits from sftp.hostKeysFolder)
|
|
authMethods: null # Comma-separated auth methods (null inherits from sftp.authMethods)
|
|
maxAuthTries: null # Maximum authentication attempts (null inherits from sftp.maxAuthTries)
|
|
bannerMessage: null # Banner message (null inherits from sftp.bannerMessage)
|
|
loginGraceTime: null # Login grace time (null inherits from sftp.loginGraceTime)
|
|
clientAliveInterval: null # Client keep-alive interval (null inherits from sftp.clientAliveInterval)
|
|
clientAliveCountMax: null # Maximum missed keep-alive messages (null inherits from sftp.clientAliveCountMax)
|
|
enableAuth: false # Enable SFTP authentication
|
|
# Set to the name of an existing kubernetes Secret with the sftp json config file
|
|
existingConfigSecret: null
|
|
# Set to the name of an existing kubernetes Secret with the SSH keys
|
|
existingSshConfigSecret: null
|
|
|
|
# Service settings
|
|
service:
|
|
annotations: {} # Annotations for the service
|
|
type: ClusterIP # Service type (ClusterIP, NodePort, LoadBalancer)
|
|
internalTrafficPolicy: Cluster # Internal traffic policy
|
|
|
|
# Note: For ingress in all-in-one mode, use the standard s3.ingress and
|
|
# filer.ingress settings. The templates automatically detect all-in-one mode
|
|
# and point to the correct service (seaweedfs-all-in-one instead of
|
|
# seaweedfs-s3 or seaweedfs-filer).
|
|
|
|
# Storage configuration
|
|
data:
|
|
type: "emptyDir" # Options: "hostPath", "persistentVolumeClaim", "emptyDir", "existingClaim"
|
|
hostPathPrefix: /mnt/data # Path prefix for hostPath volumes
|
|
claimName: seaweedfs-data-pvc # Name of the PVC to use (for existingClaim type)
|
|
size: null # Size of the PVC (null defaults to 10Gi for persistentVolumeClaim type)
|
|
storageClass: null # Storage class for the PVC (null uses cluster default)
|
|
# accessModes for the PVC. Default is ["ReadWriteOnce"].
|
|
# For multi-replica deployments, use ["ReadWriteMany"] with a compatible storage class.
|
|
accessModes: []
|
|
annotations: {} # Annotations for the PVC
|
|
|
|
# Health checks
|
|
readinessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /cluster/status
|
|
port: 9333
|
|
scheme: HTTP
|
|
initialDelaySeconds: 10
|
|
periodSeconds: 15
|
|
successThreshold: 1
|
|
failureThreshold: 3
|
|
timeoutSeconds: 5
|
|
|
|
livenessProbe:
|
|
enabled: true
|
|
httpGet:
|
|
path: /cluster/status
|
|
port: 9333
|
|
scheme: HTTP
|
|
initialDelaySeconds: 20
|
|
periodSeconds: 30
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
timeoutSeconds: 5
|
|
|
|
# Additional resources
|
|
extraEnvironmentVars: {} # Additional environment variables
|
|
# Secret environment variables (for database credentials, etc.)
|
|
# Example:
|
|
# secretExtraEnvironmentVars:
|
|
# WEED_POSTGRES_USERNAME:
|
|
# secretKeyRef:
|
|
# name: postgres-credentials
|
|
# key: username
|
|
# WEED_POSTGRES_PASSWORD:
|
|
# secretKeyRef:
|
|
# name: postgres-credentials
|
|
# key: password
|
|
secretExtraEnvironmentVars: {}
|
|
extraVolumeMounts: "" # Additional volume mounts
|
|
extraVolumes: "" # Additional volumes
|
|
initContainers: "" # Init containers
|
|
sidecars: "" # Sidecar containers
|
|
annotations: {} # Annotations for the deployment
|
|
podAnnotations: {} # Annotations for the pods
|
|
podLabels: {} # Labels for the pods
|
|
|
|
# Scheduling configuration
|
|
# Affinity Settings
|
|
# Commenting out or setting as empty the affinity variable, will allow
|
|
# deployment to single node services such as Minikube
|
|
affinity: |
|
|
podAntiAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
- labelSelector:
|
|
matchLabels:
|
|
app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
|
|
app.kubernetes.io/instance: {{ .Release.Name }}
|
|
app.kubernetes.io/component: seaweedfs-all-in-one
|
|
topologyKey: kubernetes.io/hostname
|
|
|
|
# Topology Spread Constraints Settings
|
|
# This should map directly to the value of the topologySpreadConstraints
|
|
# for a PodSpec. By Default no constraints are set.
|
|
topologySpreadConstraints: ""
|
|
|
|
# Toleration Settings for pods
|
|
# This should be a multi-line string matching the Toleration array
|
|
# in a PodSpec.
|
|
tolerations: ""
|
|
|
|
# nodeSelector labels for pod assignment, formatted as a muli-line string.
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
|
|
nodeSelector: ""
|
|
|
|
# Used to assign priority to pods
|
|
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
|
|
priorityClassName: ""
|
|
|
|
# Used to assign a service account.
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
|
|
serviceAccountName: ""
|
|
|
|
# Configure security context for Pod
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# podSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 1000
|
|
# runAsGroup: 3000
|
|
# fsGroup: 2000
|
|
podSecurityContext: {}
|
|
|
|
# Configure security context for Container
|
|
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
|
|
# Example:
|
|
# containerSecurityContext:
|
|
# enabled: true
|
|
# runAsUser: 2000
|
|
# allowPrivilegeEscalation: false
|
|
containerSecurityContext: {}
|
|
|
|
# Resource management
|
|
resources:
|
|
limits:
|
|
cpu: "2"
|
|
memory: "2Gi"
|
|
requests:
|
|
cpu: "500m"
|
|
memory: "1Gi"
|
|
|
|
# Deploy Kubernetes COSI Driver for SeaweedFS
|
|
# Requires COSI CRDs and controller to be installed in the cluster
|
|
# For more information, visit: https://container-object-storage-interface.github.io/docs/deployment-guide
|
|
cosi:
|
|
enabled: false
|
|
image: "ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.1.2"
|
|
driverName: "seaweedfs.objectstorage.k8s.io"
|
|
bucketClassName: "seaweedfs"
|
|
endpoint: ""
|
|
region: ""
|
|
|
|
sidecar:
|
|
image: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:v20250711-controllerv0.2.0-rc1-80-gc2f6e65
|
|
# Resource requests, limits, etc. for the server cluster placement. This
|
|
# should map directly to the value of the resources field for a PodSpec,
|
|
# formatted as a multi-line string. By default no direct resource request
|
|
# is made.
|
|
resources: {}
|
|
|
|
# enable user & permission to s3 (need to inject to all services)
|
|
enableAuth: false
|
|
# set to the name of an existing kubernetes Secret with the s3 json config file
|
|
# should have a secret key called seaweedfs_s3_config with an inline json configure
|
|
existingConfigSecret: null
|
|
|
|
podSecurityContext: {}
|
|
containerSecurityContext: {}
|
|
|
|
extraVolumes: ""
|
|
extraVolumeMounts: ""
|
|
|
|
# Resource requests, limits, etc. for the server cluster placement. This
|
|
# should map directly to the value of the resources field for a PodSpec,
|
|
# formatted as a multi-line string. By default no direct resource request
|
|
# is made.
|
|
resources: {}
|
|
|
|
certificates:
|
|
commonName: "SeaweedFS CA"
|
|
ipAddresses: []
|
|
keyAlgorithm: RSA
|
|
keySize: 2048
|
|
duration: 2160h # 90d
|
|
renewBefore: 360h # 15d
|
|
ca:
|
|
duration: 87600h # 10 years
|
|
renewBefore: 720h # 30d
|
|
externalCertificates:
|
|
# This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
|
|
# you will need to store your provided certificates in the secret read by the different services:
|
|
# seaweedfs-master-cert, seaweedfs-filer-cert, etc. Can see any statefulset definition to see secret names
|
|
enabled: false
|
|
|
|
# Labels to be added to all the created pods
|
|
podLabels: {}
|
|
# Annotations to be added to all the created pods
|
|
podAnnotations: {}
|