mirror-seaweedfs/k8s/charts/seaweedfs/values.yaml

# Available parameters and their default values for the SeaweedFS chart.

global:
  createClusterRole: true
  registry: ""
  # if repository is set, it overrides the namespace part of imageName
  repository: ""
  imageName: chrislusf/seaweedfs
  imagePullPolicy: IfNotPresent
  imagePullSecrets: ""
  restartPolicy: Always
  loggingLevel: 1
  enableSecurity: false
  masterServer: null
  securityConfig:
    jwtSigning:
      volumeWrite: true
      volumeRead: false
      filerWrite: false
      filerRead: false
  # we will use this serviceAccountName for all ClusterRoles/ClusterRoleBindings
  serviceAccountName: "seaweedfs"
  automountServiceAccountToken: true
  certificates:
    alphacrds: false
  monitoring:
    enabled: false
    gatewayHost: null
    gatewayPort: null
    additionalLabels: {}
  # if enabled will use global.replicationPlacement and override master & filer defaultReplicaPlacement config
  enableReplication: false
  #  replication type is XYZ:
  # X number of replica in other data centers
  # Y number of replica in other racks in the same data center
  # Z number of replica in other servers in the same rack
  replicationPlacement: "001"
  extraEnvironmentVars:
    WEED_CLUSTER_DEFAULT: "sw"
    WEED_CLUSTER_SW_MASTER: "seaweedfs-master.seaweedfs:9333"
    WEED_CLUSTER_SW_FILER: "seaweedfs-filer-client.seaweedfs:8888"
    # WEED_JWT_SIGNING_KEY:
    #   secretKeyRef:
    #     name: seaweedfs-signing-key
    #     key: signingKey

image:
  registry: ""
  repository: ""
  tag: ""

master:
  enabled: true
  imageOverride: null
  restartPolicy: null
  replicas: 1
  port: 9333
  grpcPort: 19333
  metricsPort: 9327
  metricsIp: ""  # Metrics listen IP. If empty, defaults to ipBind
  ipBind: "0.0.0.0"
  volumePreallocate: false
  volumeSizeLimitMB: 1000
  loggingOverrideLevel: null
  # threshold to vacuum and reclaim spaces, default 0.3 (30%)
  garbageThreshold: null
  # Prometheus push interval in seconds, default 15
  metricsIntervalSec: 15
  #  replication type is XYZ:
  # X number of replica in other data centers
  # Y number of replica in other racks in the same data center
  # Z number of replica in other servers in the same rack
  defaultReplication: "000"

  # Disable http request, only gRpc operations are allowed
  disableHttp: false

  # Resume previous state on start master server
  resumeState: false
  # Use Hashicorp Raft
  raftHashicorp: false
  # Whether to bootstrap the Raft cluster. Only use it when use Hashicorp Raft
  raftBootstrap: false

  # election timeout of master servers
  electionTimeout: "10s"
  # heartbeat interval of master servers, and will be randomly multiplied by [1, 1.25)
  heartbeatInterval: "300ms"

  # Custom command line arguments to add to the master command
  # Example to fix IPv6 metrics connectivity issues:
  # extraArgs: ["-metricsIp", "0.0.0.0"]
  # Example with multiple args:
  # extraArgs: ["-customFlag", "value", "-anotherFlag"]
  extraArgs: []

  config: |-
    # Enter any extra configuration for master.toml here.
    # It may be a multi-line string.

  # You may use ANY storage-class, example with local-path-provisioner
  # Annotations are optional.
  #  data:
  #    type: "persistentVolumeClaim"
  #    size: "24Ti"
  #    storageClass: "local-path-provisioner"
  #    annotations:
  #      "key": "value"
  #
  # You may also spacify an existing claim:
  #  data:
  #    type: "existingClaim"
  #    claimName: "my-pvc"
  #
  # You can also use emptyDir storage:
  #  data:
  #    type: "emptyDir"
  data:
    type: "hostPath"
    storageClass: ""
    hostPathPrefix: /ssd

  # You may use ANY storage-class, example with local-path-provisioner
  # Annotations are optional.
  # logs:
  #   type: "persistentVolumeClaim"
  #   size: "24Ti"
  #   storageClass: "local-path-provisioner"
  #   annotations:
  #     "key": "value"

  # You can also use emptyDir storage:
  #  logs:
  #    type: "emptyDir"
  logs:
    type: "hostPath"
    size: ""
    storageClass: ""
    hostPathPrefix: /storage

  ## @param master.sidecars Add additional sidecar containers to the master pod(s)
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  initContainers: ""

  extraVolumes: ""
  extraVolumeMounts: ""

  # Labels to be added to the master pods
  podLabels: {}

  # Annotations to be added to the master pods
  podAnnotations: {}

  # Annotations to be added to the master resources
  annotations: {}

  ## Set podManagementPolicy
  podManagementPolicy: Parallel

  # Resource requests, limits, etc. for the master cluster placement. This
  # should map directly to the value of the resources field for a PodSpec,
  # formatted as a multi-line string. By default no direct resource request
  # is made.
  resources: {}

  # updatePartition is used to control a careful rolling update of SeaweedFS
  # masters.
  updatePartition: 0

  # Affinity Settings
  # Commenting out or setting as empty the affinity variable, will allow
  # deployment to single node services such as Minikube
  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
              app.kubernetes.io/instance: {{ .Release.Name }}
              app.kubernetes.io/component: master
          topologyKey: kubernetes.io/hostname

  # Topology Spread Constraints Settings
  # This should map directly to the value of the topologySpreadConstraints
  # for a PodSpec. By Default no constraints are set.
  topologySpreadConstraints: ""

  # Toleration Settings for master pods
  # This should be a multi-line string matching the Toleration array
  # in a PodSpec.
  tolerations: ""

  # nodeSelector labels for master pod assignment, formatted as a muli-line string.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  # Example:
  nodeSelector: ""
  # nodeSelector: |
  #   sw-backend: "true"

  # used to assign priority to master pods
  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  priorityClassName: ""

  # used to assign a service account.
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  serviceAccountName: ""

  # Configure security context for Pod
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # podSecurityContext:
  #   enabled: true
  #   runAsUser: 1000
  #   runAsGroup: 3000
  #   fsGroup: 2000
  podSecurityContext: {}

  # Configure security context for Container
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # containerSecurityContext:
  #   enabled: true
  #   runAsUser: 2000
  #   allowPrivilegeEscalation: false
  containerSecurityContext: {}

  ingress:
    enabled: false
    className: "nginx"
    # host: false for "*" hostname
    host: "master.seaweedfs.local"
    annotations:
      nginx.ingress.kubernetes.io/auth-type: "basic"
      nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret"
      nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Master'
      nginx.ingress.kubernetes.io/service-upstream: "true"
      nginx.ingress.kubernetes.io/rewrite-target: /$1
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
      nginx.ingress.kubernetes.io/configuration-snippet: |
        sub_filter '<head>' '<head> <base href="/sw-master/">'; #add base url
        sub_filter '="/' '="./';                                #make absolute paths to relative
        sub_filter '=/' '=./';
        sub_filter '/seaweedfsstatic' './seaweedfsstatic';
        sub_filter_once off;
    tls: []

  extraEnvironmentVars:
    WEED_MASTER_VOLUME_GROWTH_COPY_1: '7'
    WEED_MASTER_VOLUME_GROWTH_COPY_2: '6'
    WEED_MASTER_VOLUME_GROWTH_COPY_3: '3'
    WEED_MASTER_VOLUME_GROWTH_COPY_OTHER: '1'

  # used to configure livenessProbe on master-server containers
  #
  livenessProbe:
    enabled: true
    httpGet:
      path: /cluster/status
      scheme: HTTP
    initialDelaySeconds: 20
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 4
    timeoutSeconds: 10

  # used to configure readinessProbe on master-server containers
  #
  readinessProbe:
    enabled: true
    httpGet:
      path: /cluster/status
      scheme: HTTP
    initialDelaySeconds: 10
    periodSeconds: 45
    successThreshold: 2
    failureThreshold: 100
    timeoutSeconds: 10

volume:
  enabled: true
  imageOverride: null
  restartPolicy: null
  port: 8080
  grpcPort: 18080
  metricsPort: 9327
  metricsIp: ""  # Metrics listen IP. If empty, defaults to ipBind
  ipBind: "0.0.0.0"
  replicas: 1
  loggingOverrideLevel: null
  # number of seconds between heartbeats, must be smaller than or equal to the master's setting
  pulseSeconds: null
  # Choose [memory|leveldb|leveldbMedium|leveldbLarge] mode for memory~performance balance., default memory
  index: null
  # limit file size to avoid out of memory, default 256mb
  fileSizeLimitMB: null
  # minimum free disk space(in percents). If free disk space lower this value - all volumes marks as ReadOnly
  minFreeSpacePercent: 7

  # Custom command line arguments to add to the volume command
  # Example to fix IPv6 metrics connectivity issues:
  # extraArgs: ["-metricsIp", "0.0.0.0"]
  # Example with multiple args:
  # extraArgs: ["-customFlag", "value", "-anotherFlag"]
  extraArgs: []

  # For each data disk you may use ANY storage-class, example with local-path-provisioner
  # Annotations are optional.
  #  dataDirs:
  #   - name: data
  #     type: "persistentVolumeClaim"
  #     size: "24Ti"
  #     storageClass: "local-path-provisioner"
  #     annotations:
  #      "key": "value"
  #     maxVolumes: 0  # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
  #
  # You may also spacify an existing claim:
  #   - name: data
  #     type: "existingClaim"
  #     claimName: "my-pvc"
  #     maxVolumes: 0  # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
  #
  # You can also use emptyDir storage:
  #   - name: data
  #     type: "emptyDir"
  #     maxVolumes: 0  # If set to zero on non-windows OS, the limit will be auto configured. (default "7")
  #
  # If these don't meet your needs, you can use "custom" here along with extraVolumes and extraVolumeMounts
  # Particularly useful when using more than 1 for the volume server replicas.
  #   - name: data
  #     type: "custom"
  #     maxVolumes: 0  # If set to zero on non-windows OS, the limit will be auto configured. (default "7")

  dataDirs:
  - name: data1
    type: "hostPath"
    hostPathPrefix: /ssd
    maxVolumes: 0

   # - name: data2
   #   type: "persistentVolumeClaim"
   #   storageClass: "yourClassNameOfChoice"
   #   size: "800Gi"
   #   maxVolumes: 0

  # This will automatically create a job for patching Kubernetes resources if the dataDirs type is 'persistentVolumeClaim' and the size has changed.
  resizeHook:
    enabled: true
    image: alpine/k8s:1.28.4

  # idx can be defined by:
  #
  # idx:
  #  type: "hostPath"
  #  hostPathPrefix: /ssd
  #
  # or
  #
  # idx:
  #  type: "persistentVolumeClaim"
  #  size: "20Gi"
  #  storageClass: "local-path-provisioner"
  #
  # or
  #
  # idx:
  #   type: "existingClaim"
  #   claimName: "myClaim"
  #
  # or
  #
  # idx:
  #  type: "emptyDir"

  # same applies to "logs"

  idx: {}

  logs: {}

  # limit background compaction or copying speed in mega bytes per second
  compactionMBps: "50"


  # Volume server's rack name
  rack: null

  # Volume server's data center name
  dataCenter: null

  # Redirect moved or non-local volumes. (default proxy)
  readMode: proxy

  # Comma separated Ip addresses having write permission. No limit if empty.
  whiteList: null

  # Adjust jpg orientation when uploading.
  imagesFixOrientation: false

  ## @param volume.sidecars Add additional sidecar containers to the volume pod(s)
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  initContainers: ""

  # Example for use when using more than 1 volume server replica
  # extraVolumeMounts: |
  #   - name: drive
  #     mountPath: /drive
  #     subPathExpr: $(POD_NAME)
  # extraVolumes: |
  #   - name: drive
  #     hostPath:
  #       path: /var/mnt/
  extraVolumes: ""
  extraVolumeMounts: ""

  # Labels to be added to the volume pods
  podLabels: {}

  # Annotations to be added to the volume pods
  podAnnotations: {}

  # Annotations to be added to the volume resources
  annotations: {}

  ## Set podManagementPolicy
  podManagementPolicy: Parallel

  # Affinity Settings
  # Commenting out or setting as empty the affinity variable, will allow
  # deployment to single node services such as Minikube
  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
              app.kubernetes.io/instance: {{ .Release.Name }}
              app.kubernetes.io/component: {{ $volumeName }}
          topologyKey: kubernetes.io/hostname

  # Topology Spread Constraints Settings
  # This should map directly to the value of the topologySpreadConstraints
  # for a PodSpec. By Default no constraints are set.
  topologySpreadConstraints: ""

  # Resource requests, limits, etc. for the server cluster placement. This
  # should map directly to the value of the resources field for a PodSpec,
  # formatted as a multi-line string. By default no direct resource request
  # is made.
  resources: {}

  # Toleration Settings for server pods
  # This should be a multi-line string matching the Toleration array
  # in a PodSpec.
  tolerations: ""

  # nodeSelector labels for server pod assignment, formatted as a muli-line string.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  # Example:
  nodeSelector: ""
  # nodeSelector: |
  #   sw-volume: "true"

  # used to assign priority to server pods
  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  priorityClassName: ""

  # used to assign a service account.
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  serviceAccountName: ""

  extraEnvironmentVars:

  # Configure security context for Pod
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # podSecurityContext:
  #   enabled: true
  #   runAsUser: 1000
  #   runAsGroup: 3000
  #   fsGroup: 2000
  podSecurityContext: {}

  # Configure security context for Container
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # containerSecurityContext:
  #   enabled: true
  #   runAsUser: 2000
  #   allowPrivilegeEscalation: false
  containerSecurityContext: {}

  # used to configure livenessProbe on volume-server containers
  #
  livenessProbe:
    enabled: true
    httpGet:
      path: /healthz
      scheme: HTTP
    initialDelaySeconds: 20
    periodSeconds: 90
    successThreshold: 1
    failureThreshold: 4
    timeoutSeconds: 30

  # used to configure readinessProbe on volume-server containers
  #
  readinessProbe:
    enabled: true
    httpGet:
      path: /healthz
      scheme: HTTP
    initialDelaySeconds: 15
    periodSeconds: 15
    successThreshold: 1
    failureThreshold: 100
    timeoutSeconds: 30

# Map of named volume groups for topology-aware deployments.
# Each key inherits all fields from the `volume` section but can override
# them locally—for example, replicas, nodeSelector, dataCenter, etc.
# To switch entirely to this scheme, set `volume.enabled: false`
# and define one entry per zone/data-center under `volumes`.
#
# volumes:
#   dc1:
#     replicas: 2
#     dataCenter: "dc1"
#     nodeSelector: |
#      topology.kubernetes.io/zone: dc1
#   dc2:
#     replicas: 2
#     dataCenter: "dc2"
#     nodeSelector: |
#      topology.kubernetes.io/zone: dc2
#   dc3:
#     replicas: 2
#     dataCenter: "dc3"
#     nodeSelector: |
#      topology.kubernetes.io/zone: dc3
#
volumes: {}

filer:
  enabled: true
  imageOverride: null
  restartPolicy: null
  replicas: 1
  port: 8888
  grpcPort: 18888
  metricsPort: 9327
  metricsIp: ""  # Metrics listen IP. If empty, defaults to ipBind
  ipBind: "0.0.0.0"  # IP address to bind to. Set to 0.0.0.0 to allow external traffic
  loggingOverrideLevel: null
  filerGroup: ""
  # prefer to read and write to volumes in this data center (not set by default)
  dataCenter: null
  # prefer to write to volumes in this rack (not set by default)
  rack: null
  #  replication type is XYZ:
  # X number of replica in other data centers
  # Y number of replica in other racks in the same data center
  # Z number of replica in other servers in the same rack
  defaultReplicaPlacement: "000"
  # turn off directory listing
  disableDirListing: false
  # split files larger than the limit, default 32
  maxMB: null
  # encrypt data on volume servers
  encryptVolumeData: false

  # Whether proxy or redirect to volume server during file GET request
  redirectOnRead: false

  # Limit sub dir listing size (default 100000)
  dirListLimit: 100000

  # Disable http request, only gRpc operations are allowed
  disableHttp: false

  # Custom command line arguments to add to the filer command
  # Example to fix IPv6 metrics connectivity issues:
  # extraArgs: ["-metricsIp", "0.0.0.0"]
  # Example with multiple args:
  # extraArgs: ["-customFlag", "value", "-anotherFlag"]
  extraArgs: []

  # Add a custom notification.toml to configure filer notifications
  # Example:
  # notificationConfig: |-
  #   [notification.kafka]
  #   enabled = false
  #   hosts = [
  #       "localhost:9092"
  #   ]
  #   topic = "seaweedfs_filer"
  #   offsetFile = "./last.offset"
  #   offsetSaveIntervalSeconds = 10
  notificationConfig: ""

  # DEPRECATE: enablePVC, storage, storageClass
  # Consider replacing with filer.data section below instead.

  # Settings for configuring stateful storage of filer pods.
  # enablePVC will create a pvc for filer for data persistence.
  enablePVC: false
  # storage should be set to the disk size of the attached volume.
  storage: 25Gi
  # storageClass is the class of storage which defaults to null (the Kube cluster will pick the default).
  storageClass: null
  # You may use ANY storage-class, example with local-path-provisioner
  # Annotations are optional.
  #  data:
  #    type: "persistentVolumeClaim"
  #    size: "24Ti"
  #    storageClass: "local-path-provisioner"
  #    annotations:
  #      "key": "value"
  #
  # You may also specify an existing claim:
  #  data:
  #    type: "existingClaim"
  #    claimName: "my-pvc"
  #
  # You can also use emptyDir storage:
  #  data:
  #    type: "emptyDir"
  data:
    type: "hostPath"
    size: ""
    storageClass: ""
    hostPathPrefix: /storage

  # You may use ANY storage-class, example with local-path-provisioner
  # Annotations are optional.
  # logs:
  #   type: "persistentVolumeClaim"
  #   size: "24Ti"
  #   storageClass: "local-path-provisioner"
  #   annotations:
  #     "key": "value"

  # You can also use emptyDir storage:
  #  logs:
  #    type: "emptyDir"
  logs:
    type: "hostPath"
    size: ""
    storageClass: ""
    hostPathPrefix: /storage

  ## @param filer.sidecars Add additional sidecar containers to the filer pod(s)
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  initContainers: ""

  extraVolumes: ""
  extraVolumeMounts: ""

  # Labels to be added to the filer pods
  podLabels: {}

  # Annotations to be added to the filer pods
  podAnnotations: {}

  # Annotations to be added to the filer resource
  annotations: {}

  ## Set podManagementPolicy
  podManagementPolicy: Parallel

  # Affinity Settings
  # Commenting out or setting as empty the affinity variable, will allow
  # deployment to single node services such as Minikube
  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
              app.kubernetes.io/instance: {{ .Release.Name }}
              app.kubernetes.io/component: filer
          topologyKey: kubernetes.io/hostname

  # Topology Spread Constraints Settings
  # This should map directly to the value of the topologySpreadConstraints
  # for a PodSpec. By Default no constraints are set.
  topologySpreadConstraints: ""

  # updatePartition is used to control a careful rolling update of SeaweedFS
  # masters.
  updatePartition: 0

  # Resource requests, limits, etc. for the server cluster placement. This
  # should map directly to the value of the resources field for a PodSpec,
  # formatted as a multi-line string. By default no direct resource request
  # is made.
  resources: {}

  # Toleration Settings for server pods
  # This should be a multi-line string matching the Toleration array
  # in a PodSpec.
  tolerations: ""

  # nodeSelector labels for server pod assignment, formatted as a muli-line string.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  # Example:
  nodeSelector: ""
  # nodeSelector: |
  #   sw-backend: "true"

  # used to assign priority to server pods
  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  priorityClassName: ""

  # used to assign a service account.
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  serviceAccountName: ""

  # Configure security context for Pod
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # podSecurityContext:
  #   enabled: true
  #   runAsUser: 1000
  #   runAsGroup: 3000
  #   fsGroup: 2000
  podSecurityContext: {}

  # Configure security context for Container
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # containerSecurityContext:
  #   enabled: true
  #   runAsUser: 2000
  #   allowPrivilegeEscalation: false
  containerSecurityContext: {}

  ingress:
    enabled: false
    className: "nginx"
    # host: false for "*" hostname
    host: "seaweedfs.cluster.local"
    annotations:
      nginx.ingress.kubernetes.io/backend-protocol: GRPC
      nginx.ingress.kubernetes.io/auth-type: "basic"
      nginx.ingress.kubernetes.io/auth-secret: "default/ingress-basic-auth-secret"
      nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - SW-Filer'
      nginx.ingress.kubernetes.io/service-upstream: "true"
      nginx.ingress.kubernetes.io/rewrite-target: /$1
      nginx.ingress.kubernetes.io/use-regex: "true"
      nginx.ingress.kubernetes.io/enable-rewrite-log: "true"
      nginx.ingress.kubernetes.io/ssl-redirect: "false"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "false"
      nginx.ingress.kubernetes.io/configuration-snippet: |
        sub_filter '<head>' '<head> <base href="/sw-filer/">'; #add base url
        sub_filter '="/' '="./';                               #make absolute paths to relative
        sub_filter '=/' '=./';
        sub_filter '/seaweedfsstatic' './seaweedfsstatic';
        sub_filter_once off;

  # extraEnvVars is a list of extra environment variables to set with the stateful set.
  extraEnvironmentVars:
    WEED_MYSQL_ENABLED: "false"
    WEED_MYSQL_HOSTNAME: "mysql-db-host"
    WEED_MYSQL_PORT: "3306"
    WEED_MYSQL_DATABASE: "sw_database"
    WEED_MYSQL_CONNECTION_MAX_IDLE: "5"
    WEED_MYSQL_CONNECTION_MAX_OPEN: "75"
    # "refresh" connection every 10 minutes, eliminating mysql closing "old" connections
    WEED_MYSQL_CONNECTION_MAX_LIFETIME_SECONDS: "600"
    # enable usage of memsql as filer backend
    WEED_MYSQL_INTERPOLATEPARAMS: "true"
    # if you want to use leveldb2, then should enable "enablePVC". or you may lose your data.
    WEED_LEVELDB2_ENABLED: "true"
    # with http DELETE, by default the filer would check whether a folder is empty.
    # recursive_delete will delete all sub folders and files, similar to "rm -Rf"
    WEED_FILER_OPTIONS_RECURSIVE_DELETE: "false"
    # directories under this folder will be automatically creating a separate bucket
    WEED_FILER_BUCKETS_FOLDER: "/buckets"

  # used to configure livenessProbe on filer containers
  #
  livenessProbe:
    enabled: true
    httpGet:
      path: /
      scheme: HTTP
    initialDelaySeconds: 20
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 5
    timeoutSeconds: 10

  # used to configure readinessProbe on filer containers
  #
  readinessProbe:
    enabled: true
    httpGet:
      path: /
      scheme: HTTP
    initialDelaySeconds: 10
    periodSeconds: 15
    successThreshold: 1
    failureThreshold: 100
    timeoutSeconds: 10

  # secret env variables
  secretExtraEnvironmentVars: {}
      # WEED_POSTGRES_USERNAME:
      #   secretKeyRef:
      #     name: postgres-credentials
      #     key: username
      # WEED_POSTGRES_PASSWORD:
      #   secretKeyRef:
      #     name: postgres-credentials
      #     key: password

  s3:
    enabled: false
    port: 8333
    # add additional https port
    httpsPort: 0
    # allow empty folders
    allowEmptyFolder: false
    # Suffix of the host name, {bucket}.{domainName}
    domainName: ""
    # enable user & permission to s3 (need to inject to all services)
    enableAuth: false
    # set to the name of an existing kubernetes Secret with the s3 json config file
    # should have a secret key called seaweedfs_s3_config with an inline json configure
    existingConfigSecret: null
    auditLogConfig: {}
    # You may specify buckets to be created during the install process.
    # Buckets may be exposed publicly by setting `anonymousRead` to `true`
    # createBuckets:
    #   - name: bucket-a
    #     anonymousRead: true
    #   - name: bucket-b
    #     anonymousRead: false

s3:
  enabled: true
  imageOverride: null
  restartPolicy: null
  replicas: 1
  bindAddress: 0.0.0.0
  port: 8333
  # add additional https port
  httpsPort: 0
  metricsPort: 9327
  loggingOverrideLevel: null
  # allow empty folders
  allowEmptyFolder: true
  # enable user & permission to s3 (need to inject to all services)
  enableAuth: false
  # set to the name of an existing kubernetes Secret with the s3 json config file
  # should have a secret key called seaweedfs_s3_config with an inline json config
  existingConfigSecret: null
  auditLogConfig: {}

  # Suffix of the host name, {bucket}.{domainName}
  domainName: ""

  ## @param s3.sidecars Add additional sidecar containers to the s3 pod(s)
  ## e.g:
  ## sidecars:
  ##   - name: your-image-name
  ##     image: your-image
  ##     imagePullPolicy: Always
  ##     ports:
  ##       - name: portname
  ##         containerPort: 1234
  ##
  sidecars: []
  initContainers: ""

  extraVolumes: ""
  extraVolumeMounts: ""

  # Labels to be added to the s3 pods
  podLabels: {}

  # Annotations to be added to the s3 pods
  podAnnotations: {}

  # Annotations to be added to the s3 resources
  annotations: {}

  # Resource requests, limits, etc. for the server cluster placement. This
  # should map directly to the value of the resources field for a PodSpec,
  # formatted as a multi-line string. By default no direct resource request
  # is made.
  resources: {}

  # Toleration Settings for server pods
  # This should be a multi-line string matching the Toleration array
  # in a PodSpec.
  tolerations: ""

  # nodeSelector labels for server pod assignment, formatted as a muli-line string.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  # Example:
  nodeSelector: ""
  # nodeSelector: |
  #   sw-backend: "true"

  # used to assign priority to server pods
  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  priorityClassName: ""

  # used to assign a service account.
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  serviceAccountName: ""

  # Configure security context for Pod
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # podSecurityContext:
  #   enabled: true
  #   runAsUser: 1000
  #   runAsGroup: 3000
  #   fsGroup: 2000
  podSecurityContext: {}

  # Configure security context for Container
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # containerSecurityContext:
  #   enabled: true
  #   runAsUser: 2000
  #   allowPrivilegeEscalation: false
  containerSecurityContext: {}

  # You can also use emptyDir storage:
  #  logs:
  #    type: "emptyDir"
  logs:
    type: "hostPath"
    size: ""
    storageClass: ""
    hostPathPrefix: /storage

  extraEnvironmentVars:

  # Custom command line arguments to add to the s3 command
  # Example to fix connection idle seconds:
  extraArgs: ["-idleTimeout=30"]
  #extraArgs: []

  # used to configure livenessProbe on s3 containers
  #
  livenessProbe:
    enabled: true
    httpGet:
      path: /status
      scheme: HTTP
    initialDelaySeconds: 20
    periodSeconds: 60
    successThreshold: 1
    failureThreshold: 20
    timeoutSeconds: 10

  # used to configure readinessProbe on s3 containers
  #
  readinessProbe:
    enabled: true
    httpGet:
      path: /status
      scheme: HTTP
    initialDelaySeconds: 15
    periodSeconds: 15
    successThreshold: 1
    failureThreshold: 100
    timeoutSeconds: 10

  ingress:
    enabled: false
    className: "nginx"
    # host: false for "*" hostname
    host: "seaweedfs.cluster.local"
    # additional ingress annotations for the s3 endpoint
    annotations: {}
    tls: []

sftp:
  enabled: false
  imageOverride: null
  restartPolicy: null
  replicas: 1
  bindAddress: 0.0.0.0
  port: 2022  # Default SFTP port
  metricsPort: 9327
  metricsIp: ""  # If empty, defaults to bindAddress
  loggingOverrideLevel: null

  # SSH server configuration
  sshPrivateKey: "/etc/sw/seaweedfs_sftp_ssh_private_key"  # Path to the SSH private key file for host authentication
  hostKeysFolder: "/etc/sw/ssh"  # path to folder containing SSH private key files for host authentication
  authMethods: "password,publickey"  # Comma-separated list of allowed auth methods: password, publickey, keyboard-interactive
  maxAuthTries: 6  # Maximum number of authentication attempts per connection
  bannerMessage: "SeaweedFS SFTP Server"  # Message displayed before authentication
  loginGraceTime: "2m"  # Timeout for authentication
  clientAliveInterval: "5s"  # Interval for sending keep-alive messages
  clientAliveCountMax: 3  # Maximum number of missed keep-alive messages before disconnecting
  dataCenter: ""  # Prefer to read and write to volumes in this data center
  localSocket: ""  # Default to /tmp/seaweedfs-sftp-<port>.sock

  # User authentication
  enableAuth: false
  # Set to the name of an existing kubernetes Secret with the sftp json config file
  # Should have a secret key called seaweedfs_sftp_config with an inline json config
  existingConfigSecret: null
  # Set to the name of an existing kubernetes Secret with the list of ssh private keys for sftp
  existingSshConfigSecret: null

  # Additional resources
  sidecars: []
  initContainers: ""
  extraVolumes: ""
  extraVolumeMounts: ""
  podLabels: {}
  podAnnotations: {}
  annotations: {}
  resources: {}
  tolerations: ""
  nodeSelector: ""
  priorityClassName: ""
  serviceAccountName: ""
  podSecurityContext: {}
  containerSecurityContext: {}

  logs:
    type: "hostPath"
    hostPathPrefix: /storage

  extraEnvironmentVars: {}

  # Health checks
  # Health checks for SFTP - using tcpSocket instead of httpGet
  livenessProbe:
    enabled: true
    initialDelaySeconds: 20
    periodSeconds: 60
    successThreshold: 1
    failureThreshold: 20
    timeoutSeconds: 10

  # Health checks for SFTP - using tcpSocket instead of httpGet
  readinessProbe:
    enabled: true
    initialDelaySeconds: 15
    periodSeconds: 15
    successThreshold: 1
    failureThreshold: 100
    timeoutSeconds: 10

# All-in-one deployment configuration
allInOne:
  enabled: false
  imageOverride: null
  restartPolicy: Always

  # Core configuration
  idleTimeout: 30  # Connection idle seconds
  dataCenter: ""  # Current volume server's data center name
  rack: ""  # Current volume server's rack name
  whiteList: ""  # Comma separated IP addresses having write permission
  disableHttp: false  # Disable HTTP requests, only gRPC operations are allowed
  metricsPort: 9324  # Prometheus metrics listen port
  metricsIp: ""  # Metrics listen IP. If empty, defaults to bindAddress
  loggingOverrideLevel: null  # Override logging level

  # Service configuration
  s3:
    enabled: false  # Whether to enable S3 gateway
  sftp:
    enabled: false  # Whether to enable SFTP server

  # Service settings
  service:
    annotations: {}  # Annotations for the service
    type: ClusterIP  # Service type (ClusterIP, NodePort, LoadBalancer)

  # Storage configuration
  data:
    type: "emptyDir"  # Options: "hostPath", "persistentVolumeClaim", "emptyDir"
    hostPathPrefix: /mnt/data  # Path prefix for hostPath volumes
    claimName: seaweedfs-data-pvc  # Name of the PVC to use
    size: ""  # Size of the PVC
    storageClass: ""  # Storage class for the PVC

  # Health checks
  readinessProbe:
    enabled: true
    httpGet:
      path: /cluster/status
      port: 9333
    scheme: HTTP
    initialDelaySeconds: 10
    periodSeconds: 15
    successThreshold: 1
    failureThreshold: 3
    timeoutSeconds: 5

  livenessProbe:
    enabled: true
    httpGet:
      path: /cluster/status
      port: 9333
    scheme: HTTP
    initialDelaySeconds: 20
    periodSeconds: 30
    successThreshold: 1
    failureThreshold: 5
    timeoutSeconds: 5

  # Additional resources
  extraEnvironmentVars: {}  # Additional environment variables
  extraVolumeMounts: ""  # Additional volume mounts
  extraVolumes: ""  # Additional volumes
  initContainers: ""  # Init containers
  sidecars: ""  # Sidecar containers
  annotations: {}  # Annotations for the deployment
  podAnnotations: {}  # Annotations for the pods
  podLabels: {}  # Labels for the pods

  # Scheduling configuration
  # Affinity Settings
  # Commenting out or setting as empty the affinity variable, will allow
  # deployment to single node services such as Minikube
  affinity: |
    podAntiAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        - labelSelector:
            matchLabels:
              app.kubernetes.io/name: {{ template "seaweedfs.name" . }}
              app.kubernetes.io/instance: {{ .Release.Name }}
              app.kubernetes.io/component: master
          topologyKey: kubernetes.io/hostname

  # Topology Spread Constraints Settings
  # This should map directly to the value of the topologySpreadConstraints
  # for a PodSpec. By Default no constraints are set.
  topologySpreadConstraints: ""

  # Toleration Settings for master pods
  # This should be a multi-line string matching the Toleration array
  # in a PodSpec.
  tolerations: ""

  # nodeSelector labels for master pod assignment, formatted as a muli-line string.
  # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
  nodeSelector: ""

  # Used to assign priority to master pods
  # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
  priorityClassName: ""

  # Used to assign a service account.
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/
  serviceAccountName: ""

  # Configure security context for Pod
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # podSecurityContext:
  #   enabled: true
  #   runAsUser: 1000
  #   runAsGroup: 3000
  #   fsGroup: 2000
  podSecurityContext: {}

  # Configure security context for Container
  # ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
  # Example:
  # containerSecurityContext:
  #   enabled: true
  #   runAsUser: 2000
  #   allowPrivilegeEscalation: false
  containerSecurityContext: {}

  # Resource management
  resources:
    limits:
      cpu: "2"
      memory: "2Gi"
    requests:
      cpu: "500m"
      memory: "1Gi"

# Deploy Kubernetes COSI Driver for SeaweedFS
# Requires COSI CRDs and controller to be installed in the cluster
# For more information, visit: https://container-object-storage-interface.github.io/docs/deployment-guide
cosi:
  enabled: false
  image: "ghcr.io/seaweedfs/seaweedfs-cosi-driver:v0.1.2"
  driverName: "seaweedfs.objectstorage.k8s.io"
  bucketClassName: "seaweedfs"
  endpoint: ""
  region: ""

  sidecar:
    image: gcr.io/k8s-staging-sig-storage/objectstorage-sidecar:v20250711-controllerv0.2.0-rc1-80-gc2f6e65
    # Resource requests, limits, etc. for the server cluster placement. This
    # should map directly to the value of the resources field for a PodSpec,
    # formatted as a multi-line string. By default no direct resource request
    # is made.
    resources: {}

  # enable user & permission to s3 (need to inject to all services)
  enableAuth: false
  # set to the name of an existing kubernetes Secret with the s3 json config file
  # should have a secret key called seaweedfs_s3_config with an inline json configure
  existingConfigSecret: null

  podSecurityContext: {}
  containerSecurityContext: {}

  extraVolumes: ""
  extraVolumeMounts: ""

  # Resource requests, limits, etc. for the server cluster placement. This
  # should map directly to the value of the resources field for a PodSpec,
  # formatted as a multi-line string. By default no direct resource request
  # is made.
  resources: {}

certificates:
  commonName: "SeaweedFS CA"
  ipAddresses: []
  keyAlgorithm: RSA
  keySize: 2048
  duration: 2160h  # 90d
  renewBefore: 360h  # 15d
  externalCertificates:
    # This will avoid the need to use cert-manager and will rely on providing your own external certificates and CA
    # you will need to store your provided certificates in the secret read by the different services:
    # seaweedfs-master-cert, seaweedfs-filer-cert, etc. Can see any statefulset definition to see secret names
    enabled: false

# Labels to be added to all the created pods
podLabels: {}
# Annotations to be added to all the created pods
podAnnotations: {}