filer-statefulset.yaml 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313
  1. {{- if .Values.filer.enabled }}
  2. apiVersion: apps/v1
  3. kind: StatefulSet
  4. metadata:
  5. name: {{ template "seaweedfs.name" . }}-filer
  6. namespace: {{ .Release.Namespace }}
  7. labels:
  8. app: {{ template "seaweedfs.name" . }}
  9. chart: {{ template "seaweedfs.chart" . }}
  10. heritage: {{ .Release.Service }}
  11. release: {{ .Release.Name }}
  12. spec:
  13. serviceName: {{ template "seaweedfs.name" . }}-filer
  14. podManagementPolicy: Parallel
  15. replicas: {{ .Values.filer.replicas }}
  16. {{- if (gt (int .Values.filer.updatePartition) 0) }}
  17. updateStrategy:
  18. type: RollingUpdate
  19. rollingUpdate:
  20. partition: {{ .Values.filer.updatePartition }}
  21. {{- end }}
  22. selector:
  23. matchLabels:
  24. app: {{ template "seaweedfs.name" . }}
  25. chart: {{ template "seaweedfs.chart" . }}
  26. release: {{ .Release.Name }}
  27. component: filer
  28. template:
  29. metadata:
  30. labels:
  31. app: {{ template "seaweedfs.name" . }}
  32. chart: {{ template "seaweedfs.chart" . }}
  33. release: {{ .Release.Name }}
  34. component: filer
  35. spec:
  36. restartPolicy: {{ default .Values.global.restartPolicy .Values.filer.restartPolicy }}
  37. {{- if .Values.filer.affinity }}
  38. affinity:
  39. {{ tpl .Values.filer.affinity . | nindent 8 | trim }}
  40. {{- end }}
  41. {{- if .Values.filer.tolerations }}
  42. tolerations:
  43. {{ tpl .Values.filer.tolerations . | nindent 8 | trim }}
  44. {{- end }}
  45. {{- if .Values.global.imagePullSecrets }}
  46. imagePullSecrets:
  47. - name: {{ .Values.global.imagePullSecrets }}
  48. {{- end }}
  49. serviceAccountName: seaweedfs-rw-sa #hack for delete pod master after migration
  50. terminationGracePeriodSeconds: 60
  51. {{- if .Values.filer.priorityClassName }}
  52. priorityClassName: {{ .Values.filer.priorityClassName | quote }}
  53. {{- end }}
  54. enableServiceLinks: false
  55. {{- if .Values.filer.initContainers }}
  56. initContainers:
  57. {{ tpl .Values.filer.initContainers . | nindent 8 | trim }}
  58. {{- end }}
  59. containers:
  60. - name: seaweedfs
  61. image: {{ template "filer.image" . }}
  62. imagePullPolicy: {{ default "IfNotPresent" .Values.global.imagePullPolicy }}
  63. env:
  64. - name: POD_IP
  65. valueFrom:
  66. fieldRef:
  67. fieldPath: status.podIP
  68. - name: POD_NAME
  69. valueFrom:
  70. fieldRef:
  71. fieldPath: metadata.name
  72. - name: NAMESPACE
  73. valueFrom:
  74. fieldRef:
  75. fieldPath: metadata.namespace
  76. - name: WEED_MYSQL_USERNAME
  77. valueFrom:
  78. secretKeyRef:
  79. name: secret-seaweedfs-db
  80. key: user
  81. - name: WEED_MYSQL_PASSWORD
  82. valueFrom:
  83. secretKeyRef:
  84. name: secret-seaweedfs-db
  85. key: password
  86. - name: SEAWEEDFS_FULLNAME
  87. value: "{{ template "seaweedfs.name" . }}"
  88. {{- if .Values.filer.extraEnvironmentVars }}
  89. {{- range $key, $value := .Values.filer.extraEnvironmentVars }}
  90. - name: {{ $key }}
  91. value: {{ $value | quote }}
  92. {{- end }}
  93. {{- end }}
  94. {{- if .Values.global.extraEnvironmentVars }}
  95. {{- range $key, $value := .Values.global.extraEnvironmentVars }}
  96. - name: {{ $key }}
  97. value: {{ $value | quote }}
  98. {{- end }}
  99. {{- end }}
  100. command:
  101. - "/bin/sh"
  102. - "-ec"
  103. - |
  104. exec /usr/bin/weed \
  105. {{- if eq .Values.filer.logs.type "hostPath" }}
  106. -logdir=/logs \
  107. {{- else }}
  108. -logtostderr=true \
  109. {{- end }}
  110. {{- if .Values.filer.loggingOverrideLevel }}
  111. -v={{ .Values.filer.loggingOverrideLevel }} \
  112. {{- else }}
  113. -v={{ .Values.global.loggingLevel }} \
  114. {{- end }}
  115. filer \
  116. -port={{ .Values.filer.port }} \
  117. {{- if .Values.filer.metricsPort }}
  118. -metricsPort={{ .Values.filer.metricsPort }} \
  119. {{- end }}
  120. {{- if .Values.filer.redirectOnRead }}
  121. -redirectOnRead \
  122. {{- end }}
  123. {{- if .Values.filer.disableHttp }}
  124. -disableHttp \
  125. {{- end }}
  126. {{- if .Values.filer.disableDirListing }}
  127. -disableDirListing \
  128. {{- end }}
  129. -dirListLimit={{ .Values.filer.dirListLimit }} \
  130. {{- if .Values.global.enableReplication }}
  131. -defaultReplicaPlacement={{ .Values.global.replicationPlacment }} \
  132. {{- else }}
  133. -defaultReplicaPlacement={{ .Values.filer.defaultReplicaPlacement }} \
  134. {{- end }}
  135. {{- if .Values.filer.disableDirListing }}
  136. -disableDirListing \
  137. {{- end }}
  138. {{- if .Values.filer.maxMB }}
  139. -maxMB={{ .Values.filer.maxMB }} \
  140. {{- end }}
  141. {{- if .Values.filer.encryptVolumeData }}
  142. -encryptVolumeData \
  143. {{- end }}
  144. -ip=${POD_IP} \
  145. {{- if .Values.filer.s3.enabled }}
  146. -s3 \
  147. -s3.port={{ .Values.filer.s3.port }} \
  148. {{- if .Values.filer.s3.domainName }}
  149. -s3.domainName={{ .Values.filer.s3.domainName }} \
  150. {{- end }}
  151. {{- if .Values.global.enableSecurity }}
  152. -s3.cert.file=/usr/local/share/ca-certificates/client/tls.crt \
  153. -s3.key.file=/usr/local/share/ca-certificates/client/tls.key \
  154. {{- end }}
  155. {{- if .Values.filer.s3.allowEmptyFolder }}
  156. -s3.allowEmptyFolder={{ .Values.filer.s3.allowEmptyFolder }} \
  157. {{- end }}
  158. {{- if .Values.filer.s3.enableAuth }}
  159. -s3.config=/etc/sw/seaweedfs_s3_config \
  160. {{- end }}
  161. {{- if .Values.filer.s3.auditLogConfig }}
  162. -s3.auditLogConfig=/etc/sw/filer_s3_auditLogConfig.json \
  163. {{- end }}
  164. {{- end }}
  165. -master={{ range $index := until (.Values.master.replicas | int) }}${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master:{{ $.Values.master.port }}{{ if lt $index (sub ($.Values.master.replicas | int) 1) }},{{ end }}{{ end }}
  166. volumeMounts:
  167. - name: seaweedfs-filer-log-volume
  168. mountPath: "/logs/"
  169. - mountPath: /etc/sw
  170. name: config-users
  171. readOnly: true
  172. {{- if .Values.filer.enablePVC }}
  173. - name: data-filer
  174. mountPath: /data
  175. {{- end }}
  176. {{- if .Values.global.enableSecurity }}
  177. - name: security-config
  178. readOnly: true
  179. mountPath: /etc/seaweedfs/security.toml
  180. subPath: security.toml
  181. - name: ca-cert
  182. readOnly: true
  183. mountPath: /usr/local/share/ca-certificates/ca/
  184. - name: master-cert
  185. readOnly: true
  186. mountPath: /usr/local/share/ca-certificates/master/
  187. - name: volume-cert
  188. readOnly: true
  189. mountPath: /usr/local/share/ca-certificates/volume/
  190. - name: filer-cert
  191. readOnly: true
  192. mountPath: /usr/local/share/ca-certificates/filer/
  193. - name: client-cert
  194. readOnly: true
  195. mountPath: /usr/local/share/ca-certificates/client/
  196. {{- end }}
  197. {{ tpl .Values.filer.extraVolumeMounts . | nindent 12 | trim }}
  198. ports:
  199. - containerPort: {{ .Values.filer.port }}
  200. name: swfs-filer
  201. - containerPort: {{ .Values.filer.metricsPort }}
  202. name: metrics
  203. - containerPort: {{ .Values.filer.grpcPort }}
  204. #name: swfs-filer-grpc
  205. readinessProbe:
  206. httpGet:
  207. path: /
  208. port: {{ .Values.filer.port }}
  209. scheme: HTTP
  210. initialDelaySeconds: 10
  211. periodSeconds: 15
  212. successThreshold: 1
  213. failureThreshold: 100
  214. timeoutSeconds: 10
  215. livenessProbe:
  216. httpGet:
  217. path: /
  218. port: {{ .Values.filer.port }}
  219. scheme: HTTP
  220. initialDelaySeconds: 20
  221. periodSeconds: 30
  222. successThreshold: 1
  223. failureThreshold: 5
  224. timeoutSeconds: 10
  225. {{- if .Values.filer.resources }}
  226. resources:
  227. {{ tpl .Values.filer.resources . | nindent 12 | trim }}
  228. {{- end }}
  229. volumes:
  230. {{- if eq .Values.filer.logs.type "hostPath" }}
  231. - name: seaweedfs-filer-log-volume
  232. hostPath:
  233. path: {{ .Values.filer.logs.hostPathPrefix }}/logs/seaweedfs/filer
  234. type: DirectoryOrCreate
  235. {{- end }}
  236. {{- if eq .Values.filer.data.type "hostPath" }}
  237. - name: data-filer
  238. hostPath:
  239. path: {{ .Values.filer.data.hostPathPrefix }}/filer_store
  240. type: DirectoryOrCreate
  241. {{- end }}
  242. - name: db-schema-config-volume
  243. configMap:
  244. name: seaweedfs-db-init-config
  245. - name: config-users
  246. secret:
  247. defaultMode: 420
  248. secretName: seaweedfs-s3-secret
  249. {{- if .Values.global.enableSecurity }}
  250. - name: security-config
  251. configMap:
  252. name: {{ template "seaweedfs.name" . }}-security-config
  253. - name: ca-cert
  254. secret:
  255. secretName: {{ template "seaweedfs.name" . }}-ca-cert
  256. - name: master-cert
  257. secret:
  258. secretName: {{ template "seaweedfs.name" . }}-master-cert
  259. - name: volume-cert
  260. secret:
  261. secretName: {{ template "seaweedfs.name" . }}-volume-cert
  262. - name: filer-cert
  263. secret:
  264. secretName: {{ template "seaweedfs.name" . }}-filer-cert
  265. - name: client-cert
  266. secret:
  267. secretName: {{ template "seaweedfs.name" . }}-client-cert
  268. {{- end }}
  269. {{ tpl .Values.filer.extraVolumes . | indent 8 | trim }}
  270. {{- if .Values.filer.nodeSelector }}
  271. nodeSelector:
  272. {{ tpl .Values.filer.nodeSelector . | indent 8 | trim }}
  273. {{- end }}
  274. {{- if .Values.filer.enablePVC }}
  275. # DEPRECATION: Deprecate in favor of filer.data section below
  276. volumeClaimTemplates:
  277. - metadata:
  278. name: data-filer
  279. spec:
  280. accessModes:
  281. - ReadWriteOnce
  282. resources:
  283. requests:
  284. storage: {{ .Values.filer.storage }}
  285. {{- if .Values.filer.storageClass }}
  286. storageClassName: {{ .Values.filer.storageClass }}
  287. {{- end }}
  288. {{- end }}
  289. {{- $pvc_exists := include "filer.pvc_exists" . -}}
  290. {{- if $pvc_exists }}
  291. volumeClaimTemplates:
  292. {{- if eq .Values.filer.data.type "persistentVolumeClaim"}}
  293. - metadata:
  294. name: data-filer
  295. spec:
  296. accessModes: [ "ReadWriteOnce" ]
  297. storageClassName: {{ .Values.filer.data.storageClass }}
  298. resources:
  299. requests:
  300. storage: {{ .Values.filer.data.size }}
  301. {{- end }}
  302. {{- if eq .Values.filer.logs.type "persistentVolumeClaim"}}
  303. - metadata:
  304. name: seaweedfs-filer-log-volume
  305. spec:
  306. accessModes: [ "ReadWriteOnce" ]
  307. storageClassName: {{ .Values.filer.logs.storageClass }}
  308. resources:
  309. requests:
  310. storage: {{ .Values.filer.logs.size }}
  311. {{- end }}
  312. {{- end }}
  313. {{- end }}