diff --git a/k8s/seaweedfs/templates/filer-statefulset.yaml b/k8s/seaweedfs/templates/filer-statefulset.yaml index d284e9992..fc1253479 100644 --- a/k8s/seaweedfs/templates/filer-statefulset.yaml +++ b/k8s/seaweedfs/templates/filer-statefulset.yaml @@ -133,14 +133,36 @@ spec: -encryptVolumeData \ {{- end }} -ip=${POD_IP} \ + {{- if .Values.filer.enable_peers }} {{- if gt (.Values.filer.replicas | int) 1 }} -peers=$(echo -n "{{ range $index := until (.Values.filer.replicas | int) }}${SEAWEEDFS_FULLNAME}-filer-{{ $index }}.${SEAWEEDFS_FULLNAME}-filer:{{ $.Values.filer.port }}{{ if lt $index (sub ($.Values.filer.replicas | int) 1) }},{{ end }}{{ end }}" | sed "s/$HOSTNAME.${SEAWEEDFS_FULLNAME}-filer:{{ $.Values.filer.port }}//" | sed 's/,$//; 's/^,//'; s/,,/,/;' ) \ {{- end }} + {{- end }} + {{- if .Values.filer.s3.enabled }} + -s3 \ + -s3.port={{ .Values.filer.s3.port }} \ + {{- if .Values.filer.s3.domainName }} + -s3.domainName={{ .Values.filer.s3.domainName }} \ + {{- end }} + {{- if .Values.global.enableSecurity }} + -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \ + -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \ + {{- end }} + {{- if .Values.filer.s3.allowEmptyFolder }} + -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \ + {{- end }} + {{- if .Values.filer.s3.enableAuth }} + -s3.config=/etc/sw/seaweedfs_s3_config \ + {{- end }} + {{- end }} -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }} {{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }} volumeMounts: - name: seaweedfs-filer-log-volume mountPath: "/logs/" + - mountPath: /etc/sw + name: config-users + readOnly: true {{- if .Values.global.enableSecurity }} - name: security-config readOnly: true @@ -198,6 +220,13 @@ spec: hostPath: path: /storage/logs/seaweedfs/filer type: DirectoryOrCreate + - name: db-schema-config-volume + configMap: + name: seaweedfs-db-init-config + - name: config-users + secret: + defaultMode: 420 + secretName: seaweedfs-s3-secret {{- if .Values.global.enableSecurity }} - name: security-config configMap: diff --git a/k8s/seaweedfs/templates/s3-deployment.yaml b/k8s/seaweedfs/templates/s3-deployment.yaml index ed01758b8..b513e937b 100644 --- a/k8s/seaweedfs/templates/s3-deployment.yaml +++ b/k8s/seaweedfs/templates/s3-deployment.yaml @@ -90,10 +90,16 @@ spec: {{- if .Values.s3.allowEmptyFolder }} -allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \ {{- end }} + {{- if .Values.s3.enableAuth }} + -config=/etc/sw/seaweedfs_s3_config \ + {{- end }} -filer={{ template "seaweedfs.name" . }}-filer-client:{{ .Values.filer.port }} volumeMounts: - name: logs mountPath: "/logs/" + - mountPath: /etc/sw + name: config-users + readOnly: true {{- if .Values.global.enableSecurity }} - name: security-config readOnly: true @@ -144,6 +150,10 @@ spec: {{ tpl .Values.s3.resources . | nindent 12 | trim }} {{- end }} volumes: + - name: config-users + secret: + defaultMode: 420 + secretName: seaweedfs-s3-secret {{- if eq .Values.s3.logs.type "hostPath" }} - name: logs hostPath: diff --git a/k8s/seaweedfs/templates/s3-service.yaml b/k8s/seaweedfs/templates/s3-service.yaml index 4a68c7976..122b33298 100644 --- a/k8s/seaweedfs/templates/s3-service.yaml +++ b/k8s/seaweedfs/templates/s3-service.yaml @@ -9,15 +9,15 @@ metadata: spec: ports: - name: "swfs-s3" - port: {{ .Values.s3.port }} - targetPort: {{ .Values.s3.port }} + port: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} + targetPort: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }} protocol: TCP -{{- if .Values.s3.metricsPort }} - - name: "swfs-s3-metrics" +{{- if and .Values.s3.enabled .Values.s3.metricsPort }} + - name: "metrics" port: {{ .Values.s3.metricsPort }} targetPort: {{ .Values.s3.metricsPort }} protocol: TCP {{- end }} selector: app: {{ template "seaweedfs.name" . }} - component: s3 \ No newline at end of file + component: {{ if .Values.s3.enabled }}s3{{ else }}filer{{ end }} diff --git a/k8s/seaweedfs/values.yaml b/k8s/seaweedfs/values.yaml index 301c9f236..43783d3b7 100644 --- a/k8s/seaweedfs/values.yaml +++ b/k8s/seaweedfs/values.yaml @@ -229,6 +229,8 @@ filer: maxMB: null # encrypt data on volume servers encryptVolumeData: false + # enable peers sync metadata, for leveldb (localdb for filer but with sync across) + enable_peers: false # Whether proxy or redirect to volume server during file GET request redirectOnRead: false @@ -311,8 +313,19 @@ filer: # directories under this folder will be automatically creating a separate bucket WEED_FILER_BUCKETS_FOLDER: "/buckets" + s3: + enabled: true + port: 8333 + #allow empty folders + allowEmptyFolder: false + # Suffix of the host name, {bucket}.{domainName} + domainName: "" + # enable user & permission to s3 (need to inject to all services) + enableAuth: false + skipAuthSecretCreation: false + s3: - enabled: true + enabled: false repository: null imageName: null imageTag: null @@ -323,6 +336,9 @@ s3: loggingOverrideLevel: null #allow empty folders allowEmptyFolder: true + # enable user & permission to s3 (need to inject to all services) + enableAuth: false + skipAuthSecretCreation: false # Suffix of the host name, {bucket}.{domainName} domainName: ""