github-mirrors
/
mirror-seaweedfs


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282
							{{- if .Values.s3.enabled }}
apiVersion: apps/v1
kind: Deployment
metadata:
  name: {{ template "seaweedfs.name" . }}-s3
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
    helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/component: s3
{{- if .Values.s3.annotations }}
  annotations:
    {{- toYaml .Values.s3.annotations | nindent 4 }}
{{- end }}
spec:
  replicas: {{ .Values.s3.replicas }}
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
      app.kubernetes.io/component: s3
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
        helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
        app.kubernetes.io/instance: {{ .Release.Name }}
        app.kubernetes.io/component: s3
      {{ with .Values.podLabels }}
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.s3.podLabels }}
      {{- toYaml . | nindent 8 }}
      {{- end }}
      annotations:
      {{ with .Values.podAnnotations }}
      {{- toYaml . | nindent 8 }}
      {{- end }}
      {{- with .Values.s3.podAnnotations }}
      {{- toYaml . | nindent 8 }}
      {{- end }}
    spec:
      restartPolicy: {{ default .Values.global.restartPolicy .Values.s3.restartPolicy }}
      {{- if .Values.s3.affinity }}
      affinity:
        {{ tpl .Values.s3.affinity . | nindent 8 | trim }}
      {{- end }}
      {{- if .Values.s3.topologySpreadConstraints }}
      topologySpreadConstraints:
        {{ tpl .Values.s3.topologySpreadConstraints . | nindent 8 | trim }}
      {{- end }}
      {{- if .Values.s3.tolerations }}
      tolerations:
        {{ tpl .Values.s3.tolerations . | nindent 8 | trim }}
      {{- end }}
      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
      terminationGracePeriodSeconds: 10
      {{- if .Values.s3.priorityClassName }}
      priorityClassName: {{ .Values.s3.priorityClassName | quote }}
      {{- end }}
      enableServiceLinks: false
      {{- if .Values.s3.serviceAccountName }}
      serviceAccountName: {{ .Values.s3.serviceAccountName | quote }}
      {{- end }}
      {{- if .Values.s3.initContainers }}
      initContainers:
        {{ tpl .Values.s3.initContainers . | nindent 8 | trim }}
      {{- end }}
      {{- if .Values.s3.podSecurityContext.enabled }}
      securityContext: {{- omit .Values.s3.podSecurityContext "enabled" | toYaml | nindent 8 }}
      {{- end }}
      containers:
        - name: seaweedfs
          image: {{ template "s3.image" . }}
          imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }}
          env:
            - name: POD_IP
              valueFrom:
                fieldRef:
                  fieldPath: status.podIP
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: SEAWEEDFS_FULLNAME
              value: "{{ template "seaweedfs.name" . }}"
            {{- if .Values.s3.extraEnvironmentVars }}
            {{- range $key, $value := .Values.s3.extraEnvironmentVars }}
            - name: {{ $key }}
            {{- if kindIs "string" $value }}
              value: {{ $value | quote }}
            {{- else }}
              valueFrom:
                {{ toYaml $value | nindent 16 | trim }}
            {{- end -}}
            {{- end }}
            {{- end }}
            {{- if .Values.global.extraEnvironmentVars }}
            {{- range $key, $value := .Values.global.extraEnvironmentVars }}
            - name: {{ $key }}
            {{- if kindIs "string" $value }}
              value: {{ $value | quote }}
            {{- else }}
              valueFrom:
                {{ toYaml $value | nindent 16 | trim }}
            {{- end -}}
            {{- end }}
            {{- end }}
          command:
            - "/bin/sh"
            - "-ec"
            - |
              exec /usr/bin/weed \
              {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }}
              -logdir=/logs \
              {{- else }}
              -logtostderr=true \
              {{- end }}
              {{- if .Values.s3.loggingOverrideLevel }}
              -v={{ .Values.s3.loggingOverrideLevel }} \
              {{- else }}
              -v={{ .Values.global.loggingLevel }} \
              {{- end }}
              s3 \
              -ip.bind={{ .Values.s3.bindAddress }} \
              -port={{ .Values.s3.port }} \
              {{- if .Values.s3.metricsPort }}
              -metricsPort {{ .Values.s3.metricsPort }} \
              {{- end }}
              {{- if .Values.global.enableSecurity }}
              {{- if .Values.s3.httpsPort }}
              -port.https={{ .Values.s3.httpsPort }} \
              {{- end }}
              -cert.file=/usr/local/share/ca-certificates/client/tls.crt \
              -key.file=/usr/local/share/ca-certificates/client/tls.key \
              {{- end }}
              {{- if .Values.s3.domainName }}
              -domainName={{ .Values.s3.domainName }} \
              {{- end }}
              {{- if eq (typeOf .Values.s3.allowEmptyFolder) "bool" }}
              -allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \
              {{- end }}
              {{- if .Values.s3.enableAuth }}
              -config=/etc/sw/seaweedfs_s3_config \
              {{- end }}
              {{- if .Values.s3.auditLogConfig }}
              -auditLogConfig=/etc/sw/s3_auditLogConfig.json \
              {{- end }}
              -filer={{ template "seaweedfs.name" . }}-filer-client.{{ .Release.Namespace }}:{{ .Values.filer.port }} \
              {{- range .Values.s3.extraArgs }}
              {{ . }} \
              {{- end }}
          volumeMounts:
            {{- if or (eq .Values.s3.logs.type "hostPath") (eq .Values.s3.logs.type "emptyDir") }}
            - name: logs
              mountPath: "/logs/"
            {{- end }}
            {{- if .Values.s3.enableAuth }}
            - mountPath: /etc/sw
              name: config-users
              readOnly: true
            {{- end }}
            {{- if .Values.global.enableSecurity }}
            - name: security-config
              readOnly: true
              mountPath: /etc/seaweedfs/security.toml
              subPath: security.toml
            - name: ca-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/ca/
            - name: master-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/master/
            - name: volume-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/volume/
            - name: filer-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/filer/
            - name: client-cert
              readOnly: true
              mountPath: /usr/local/share/ca-certificates/client/
            {{- end }}
            {{ tpl .Values.s3.extraVolumeMounts . | nindent 12 | trim }}
          ports:
            - containerPort: {{ .Values.s3.port }}
              name: swfs-s3
            {{- if .Values.s3.httpsPort }}
            - containerPort: {{ .Values.s3.httpsPort }}
              name: swfs-s3-tls
            {{- end }}
            {{- if .Values.s3.metricsPort }}
            - containerPort: {{ .Values.s3.metricsPort }}
              name: metrics
            {{- end }}
          {{- if .Values.s3.readinessProbe.enabled }}
          readinessProbe:
            httpGet:
              path: {{ .Values.s3.readinessProbe.httpGet.path }}
              port: {{ .Values.s3.port }}
              scheme: {{ .Values.s3.readinessProbe.scheme }}
            initialDelaySeconds: {{ .Values.s3.readinessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.s3.readinessProbe.periodSeconds }}
            successThreshold: {{ .Values.s3.readinessProbe.successThreshold }}
            failureThreshold: {{ .Values.s3.readinessProbe.failureThreshold }}
            timeoutSeconds: {{ .Values.s3.readinessProbe.timeoutSeconds }}
          {{- end }}
          {{- if .Values.s3.livenessProbe.enabled }}
          livenessProbe:
            httpGet:
              path: {{ .Values.s3.livenessProbe.httpGet.path }}
              port: {{ .Values.s3.port }}
              scheme: {{ .Values.s3.livenessProbe.scheme }}
            initialDelaySeconds: {{ .Values.s3.livenessProbe.initialDelaySeconds }}
            periodSeconds: {{ .Values.s3.livenessProbe.periodSeconds }}
            successThreshold: {{ .Values.s3.livenessProbe.successThreshold }}
            failureThreshold: {{ .Values.s3.livenessProbe.failureThreshold }}
            timeoutSeconds: {{ .Values.s3.livenessProbe.timeoutSeconds }}
          {{- end }}
          {{- with .Values.s3.resources }}
          resources:
            {{- toYaml . | nindent 12 }}
          {{- end }}
          {{- if .Values.s3.containerSecurityContext.enabled }}
          securityContext: {{- omit .Values.s3.containerSecurityContext "enabled" | toYaml | nindent 12 }}
          {{- end }}
      {{- if .Values.s3.sidecars }}
      {{- include "common.tplvalues.render" (dict "value" .Values.s3.sidecars "context" $) | nindent 8 }}
      {{- end }}
      volumes:
        {{- if .Values.s3.enableAuth }}
        - name: config-users
          secret:
            defaultMode: 420
            {{- if .Values.s3.existingConfigSecret }}
            secretName: {{ .Values.s3.existingConfigSecret }}
            {{- else }}
            secretName: seaweedfs-s3-secret
            {{- end }}
        {{- end }}
        {{- if eq .Values.s3.logs.type "hostPath" }}
        - name: logs
          hostPath:
            path: {{ .Values.s3.logs.hostPathPrefix }}/logs/seaweedfs/s3
            type: DirectoryOrCreate
        {{- end }}
        {{- if eq .Values.s3.logs.type "emptyDir" }}
        - name: logs
          emptyDir: {}
        {{- end }}
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
            name: {{ template "seaweedfs.name" . }}-security-config
        - name: ca-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-ca-cert
        - name: master-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-master-cert
        - name: volume-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-volume-cert
        - name: filer-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-filer-cert
        - name: client-cert
          secret:
            secretName: {{ template "seaweedfs.name" . }}-client-cert
        {{- end }}
        {{ tpl .Values.s3.extraVolumes . | indent 8 | trim }}
      {{- if .Values.s3.nodeSelector }}
      nodeSelector:
        {{ tpl .Values.s3.nodeSelector . | indent 8 | trim }}
      {{- end }}
{{- end }}