diff --git a/helm/README.md b/helm/README.md index 924da3ab..1a76491d 100644 --- a/helm/README.md +++ b/helm/README.md @@ -13,24 +13,32 @@ RustFS helm chart supports **standalone and distributed mode**. For standalone m | parameter | description | default value | | -- | -- | -- | -| replicaCount | Number of cluster nodes. | Default is `4`. | -| mode.standalone.enabled | RustFS standalone mode support, namely one pod one pvc. | Default is `false` | -| mode.distributed.enabled | RustFS distributed mode support, namely multiple pod multiple pvc. | Default is `true`. | -| image.repository | docker image repository. | rustfs/rustfs. | -| image.tag | the tag for rustfs docker image | "latest" | -| secret.rustfs.access_key | RustFS Access Key ID | `rustfsadmin` | -| secret.rustfs.secret_key | RustFS Secret Key ID | `rustfsadmin` | -| storageclass.name | The name for StorageClass. | `local-path` | -| storageclass.dataStorageSize | The storage size for data PVC. | `256Mi` | -| storageclass.logStorageSize | The storage size for log PVC. | `256Mi` | -| ingress.className | Specify the ingress class, traefik or nginx. | `nginx` | +| replicaCount | Number of cluster nodes. | `4`. | +| imagePullSecrets | Secret to pull image from private registry. | `rustfs-regcred`| +| imageRegistryCredentials.enabled | To indicate whether pull image from private registry. | `false` | +| imageRegistryCredentials.registry | Private registry url to pull rustfs image. | None | +| imageRegistryCredentials.username | The username to pull rustfs image from private registry. | None | +| imageRegistryCredentials.password | The password to pull rustfs image from private registry. | None | +| imageRegistryCredentials.email | The email to pull rustfs image from private registry. | None | +| mode.standalone.enabled | RustFS standalone mode support, namely one pod one pvc. | `false` | +| mode.distributed.enabled | RustFS distributed mode support, namely multiple pod multiple pvc. | `true` | +| image.repository | RustFS docker image repository. | `rustfs/rustfs` | +| image.tag | The tag for rustfs docker image | `latest` | +| secret.rustfs.access_key | RustFS Access Key ID | `rustfsadmin` | +| secret.rustfs.secret_key | RustFS Secret Key ID | `rustfsadmin` | +| storageclass.name | The name for StorageClass. | `local-path` | +| storageclass.dataStorageSize | The storage size for data PVC. | `256Mi` | +| storageclass.logStorageSize | The storage size for log PVC. | `256Mi` | +| ingress.className | Specify the ingress class, traefik or nginx. | `nginx` | -**NOTE**: [`local-path`](https://github.com/rancher/local-path-provisioner) is used by k3s. If you want to use `local-path`, running the command, +**NOTE**: -``` -kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.32/deploy/local-path-storage.yaml -``` +- The chart default pull rustfs image from dockerhub,if your rustfs image stores in private registry,you should enable `imageRegistryCredentials.enabled` to `true`,and then specify the `imageRegistryCredentials.registry/username/password/email` as well as `image.repository`,`image.tag` to pull rustfs image from your private registry. + +- The default storageclass is [`local-path`](https://github.com/rancher/local-path-provisioner),if you want to specify your own storageclass, try to set parameter `storageclass.name`. + +- The default size for data and logs dir is **256Mi** which must satisfy the production usage,you should specify `storageclass.dataStorageSize` and `storageclass.logStorageSize` to change the size, for example, 1Ti for data and 1Gi for logs. # Installation @@ -41,7 +49,7 @@ kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisione Due to the traefik and ingress has different session sticky/affinity annotations, and rustfs support both those two controller, you should specify parameter `ingress.className` to select the right one which suits for you. -## Installation with traekfik controller +## Installation with traefik controller If your ingress class is `traefik`, running the command: @@ -104,4 +112,4 @@ Uninstalling the rustfs installation with command, ``` helm uninstall rustfs -n rustfs -``` \ No newline at end of file +``` diff --git a/helm/rustfs/templates/_helpers.tpl b/helm/rustfs/templates/_helpers.tpl index 667b9ece..394ffd03 100644 --- a/helm/rustfs/templates/_helpers.tpl +++ b/helm/rustfs/templates/_helpers.tpl @@ -71,3 +71,12 @@ Return the secret name {{- printf "%s-secret" (include "rustfs.fullname" .) }} {{- end }} {{- end }} + +{{/* +Return image pull secret content +*/}} +{{- define "imagePullSecret" }} +{{- with .Values.imageRegistryCredentials }} +{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }} +{{- end }} +{{- end }} diff --git a/helm/rustfs/templates/deployment.yaml b/helm/rustfs/templates/deployment.yaml index 2edc4736..9104df63 100644 --- a/helm/rustfs/templates/deployment.yaml +++ b/helm/rustfs/templates/deployment.yaml @@ -15,6 +15,10 @@ spec: labels: app: {{ include "rustfs.name" . }} spec: + {{- if .Values.imageRegistryCredentials.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} {{- if .Values.podSecurityContext }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 12 }} diff --git a/helm/rustfs/templates/secret.yaml b/helm/rustfs/templates/secret.yaml index 7d061828..96c920c6 100644 --- a/helm/rustfs/templates/secret.yaml +++ b/helm/rustfs/templates/secret.yaml @@ -8,3 +8,14 @@ data: RUSTFS_ACCESS_KEY: {{ .Values.secret.rustfs.access_key | b64enc | quote }} RUSTFS_SECRET_KEY: {{ .Values.secret.rustfs.secret_key | b64enc | quote }} {{- end }} + +--- +{{- if .Values.imageRegistryCredentials.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.imagePullSecrets }} +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +{{- end }} diff --git a/helm/rustfs/templates/statefulset.yaml b/helm/rustfs/templates/statefulset.yaml index 931cfff4..2584985c 100644 --- a/helm/rustfs/templates/statefulset.yaml +++ b/helm/rustfs/templates/statefulset.yaml @@ -15,6 +15,10 @@ spec: labels: app: {{ include "rustfs.name" . }} spec: + {{- if .Values.imageRegistryCredentials.enabled }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} {{- if .Values.podSecurityContext }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 12 }} diff --git a/helm/rustfs/values.yaml b/helm/rustfs/values.yaml index 851651ca..5754350d 100644 --- a/helm/rustfs/values.yaml +++ b/helm/rustfs/values.yaml @@ -14,7 +14,16 @@ image: tag: "latest" # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ -imagePullSecrets: [] +imagePullSecrets: rustfs-regcred + +imageRegistryCredentials: + enabled: false + registry: "" + username: "" + password: "" + email: "" + + # This is to override the chart name. nameOverride: "" fullnameOverride: ""