filer/s3: enable/disable s3 and peers

enable/disable s3 pods launch s3 in filer pod, to reduce network/latency between pods when using s3 disable/enable the peers option (with external backend DB is not needed) added option to create s3 admin+read users
2024-01-19 02:48:24 +00:00 · 2021-02-09 09:55:58 +02:00 · 2021-02-09 09:55:58 +02:00 · 91a3314d36
parent 2646f5a784
commit 91a3314d36
4 changed files with 61 additions and 6 deletions
--- a/k8s/seaweedfs/templates/filer-statefulset.yaml
+++ b/k8s/seaweedfs/templates/filer-statefulset.yaml
@ -133,14 +133,36 @@ spec:
              -encryptVolumeData \
              {{- end }}
              -ip=${POD_IP} \
+              {{- if .Values.filer.enable_peers }}
              {{- if gt (.Values.filer.replicas | int) 1 }}
              -peers=$(echo -n "{{ range $index := until (.Values.filer.replicas | int) }}${SEAWEEDFS_FULLNAME}-filer-{{ $index }}.${SEAWEEDFS_FULLNAME}-filer:{{ $.Values.filer.port }}{{ if lt $index (sub ($.Values.filer.replicas | int) 1) }},{{ end }}{{ end }}" | sed "s/$HOSTNAME.${SEAWEEDFS_FULLNAME}-filer:{{ $.Values.filer.port }}//" | sed 's/,$//; 's/^,//'; s/,,/,/;' )  \
              {{- end }}
+              {{- end }}
+              {{- if .Values.filer.s3.enabled }}
+              -s3 \
+              -s3.port={{ .Values.filer.s3.port }} \
+              {{- if .Values.filer.s3.domainName }}
+              -s3.domainName={{ .Values.filer.s3.domainName }} \
+              {{- end }}
+              {{- if .Values.global.enableSecurity }}
+              -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \
+              -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \
+              {{- end }}
+              {{- if .Values.filer.s3.allowEmptyFolder }}
+              -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \
+              {{- end }}
+              {{- if .Values.filer.s3.enableAuth }}
+              -s3.config=/etc/sw/seaweedfs_s3_config \
+              {{- end }}
+              {{- end }}
              -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}
          {{- if or (.Values.global.enableSecurity) (.Values.filer.extraVolumeMounts) }}    
          volumeMounts:
            - name: seaweedfs-filer-log-volume
              mountPath: "/logs/"
+            - mountPath: /etc/sw
+              name: config-users
+              readOnly: true
            {{- if .Values.global.enableSecurity }}
            - name: security-config
              readOnly: true
@ -198,6 +220,13 @@ spec:
          hostPath:
            path: /storage/logs/seaweedfs/filer
            type: DirectoryOrCreate
+        - name: db-schema-config-volume
+          configMap:
+            name: seaweedfs-db-init-config
+        - name: config-users
+          secret:
+            defaultMode: 420
+            secretName: seaweedfs-s3-secret
        {{- if .Values.global.enableSecurity }}
        - name: security-config
          configMap:
--- a/k8s/seaweedfs/templates/s3-deployment.yaml
+++ b/k8s/seaweedfs/templates/s3-deployment.yaml
@ -90,10 +90,16 @@ spec:
              {{- if .Values.s3.allowEmptyFolder }}
              -allowEmptyFolder={{ .Values.s3.allowEmptyFolder }} \
              {{- end }}
+              {{- if .Values.s3.enableAuth }}
+              -config=/etc/sw/seaweedfs_s3_config \
+              {{- end }}
              -filer={{ template "seaweedfs.name" . }}-filer-client:{{ .Values.filer.port }}
          volumeMounts:
            - name: logs
              mountPath: "/logs/"
+            - mountPath: /etc/sw
+              name: config-users
+              readOnly: true
            {{- if .Values.global.enableSecurity }}
            - name: security-config
              readOnly: true
@ -144,6 +150,10 @@ spec:
            {{ tpl .Values.s3.resources . | nindent 12 | trim }}
          {{- end }}
      volumes:
+        - name: config-users
+          secret:
+            defaultMode: 420
+            secretName: seaweedfs-s3-secret
        {{- if eq .Values.s3.logs.type "hostPath" }}
        - name: logs
          hostPath:
--- a/k8s/seaweedfs/templates/s3-service.yaml
+++ b/k8s/seaweedfs/templates/s3-service.yaml
@ -9,15 +9,15 @@ metadata:
 spec:
  ports:
  - name: "swfs-s3"
-    port: {{ .Values.s3.port }}
-    targetPort: {{ .Values.s3.port }}
+    port: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }}
+    targetPort: {{ if .Values.s3.enabled }}{{ .Values.s3.port }}{{ else }}{{ .Values.filer.s3.port }}{{ end }}
    protocol: TCP
-{{- if .Values.s3.metricsPort }}
-  - name: "swfs-s3-metrics"
+{{- if and .Values.s3.enabled .Values.s3.metricsPort }}
+  - name: "metrics"
    port: {{ .Values.s3.metricsPort }}
    targetPort: {{ .Values.s3.metricsPort }}
    protocol: TCP
 {{- end }}
  selector:
    app: {{ template "seaweedfs.name" . }}
-    component: s3
+    component: {{ if .Values.s3.enabled }}s3{{ else }}filer{{ end }}
--- a/k8s/seaweedfs/values.yaml
+++ b/k8s/seaweedfs/values.yaml
@ -229,6 +229,8 @@ filer:
  maxMB: null
  # encrypt data on volume servers
  encryptVolumeData: false
+  # enable peers sync metadata, for leveldb (localdb for filer but with sync across)
+  enable_peers: false

  # Whether proxy or redirect to volume server during file GET request
  redirectOnRead: false
@ -311,8 +313,19 @@ filer:
    # directories under this folder will be automatically creating a separate bucket
    WEED_FILER_BUCKETS_FOLDER: "/buckets"

+  s3:
+    enabled: true
+    port: 8333
+    #allow empty folders
+    allowEmptyFolder: false
+    # Suffix of the host name, {bucket}.{domainName}
+    domainName: ""
+    # enable user & permission to s3 (need to inject to all services)
+    enableAuth: false
+    skipAuthSecretCreation: false
+
 s3:
-  enabled: true
+  enabled: false
  repository: null
  imageName: null
  imageTag: null
@ -323,6 +336,9 @@ s3:
  loggingOverrideLevel: null
  #allow empty folders
  allowEmptyFolder: true
+  # enable user & permission to s3 (need to inject to all services)
+  enableAuth: false
+  skipAuthSecretCreation: false

  # Suffix of the host name, {bucket}.{domainName}
  domainName: ""