From 2b268fdd7f3ac13e31643a73e3a570968cb06fe7 Mon Sep 17 00:00:00 2001 From: majinghe <42570491+majinghe@users.noreply.github.com> Date: Thu, 20 Nov 2025 22:20:11 +0800 Subject: [PATCH] update tls configuration in helm chart (#900) * update tls configuration in helm chart * typo fix --- helm/README.md | 48 +++++++++++++++++++++------ helm/rustfs/Chart.yaml | 4 +-- helm/rustfs/templates/secret-tls.yaml | 10 +++--- helm/rustfs/tls/tls.crt | 3 -- helm/rustfs/tls/tls.key | 3 -- helm/rustfs/values.yaml | 9 +++-- 6 files changed, 51 insertions(+), 26 deletions(-) delete mode 100644 helm/rustfs/tls/tls.crt delete mode 100644 helm/rustfs/tls/tls.key diff --git a/helm/README.md b/helm/README.md index 0741b3df..39aba9f8 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,8 +1,15 @@ -# rustfs-helm +# RustFS Helm Mode -You can use this helm chart to deploy rustfs on k8s cluster. The chart supports standalone and distributed mode. For standalone mode, there is only one pod and one pvc; for distributed mode, there are two styles, 4 pods and 16 pvcs(each pod has 4 pvcs), 16 pods and 16 pvcs(each pod has 1 pvc). You should decide which mode and style suits for your situation. You can specify the parameters `mode` and `replicaCount` to install different mode and style. +RustFS helm chart supports **standalone and distributed mode**. For standalone mode, there is only one pod and one pvc; for distributed mode, there are two styles, 4 pods and 16 pvcs(each pod has 4 pvcs), 16 pods and 16 pvcs(each pod has 1 pvc). You should decide which mode and style suits for your situation. You can specify the parameters `mode` and `replicaCount` to install different mode and style. -## Parameters Overview +- **For standalone mode**: Only one pod and one pvc acts as single node single disk; Specify parameters `mode.standalone.enabled="true",mode.distributed.enabled="false"` to install. +- **For distributed mode**(**default**): Multiple pods and multiple pvcs, acts as multiple nodes multiple disks, there are two styles: + - 4 pods and each pods has 4 pvcs(**default**) + - 16 pods and each pods has 1 pvc: Specify parameters `replicaCount` with `--set replicaCount="16"` to install. + +**NOTE**: Please make sure which mode suits for you situation and specify the right parameter to install rustfs on kubernetes. + +# Parameters Overview | parameter | description | default value | | -- | -- | -- | @@ -23,12 +30,16 @@ You can use this helm chart to deploy rustfs on k8s cluster. The chart supports kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.32/deploy/local-path-storage.yaml ``` +# Installation + ## Requirement * Helm V3 -* RustFS >= 1.0.0-alpha.68 +* RustFS >= 1.0.0-alpha.69 -## Installation +Due to the traefik and ingress has different session sticky/affinity annotations, and rustfs support both those two controller, you should specify parameter `ingress.className` to select the right one which suits for you. + +## Installation with traekfik controller If your ingress class is `traefik`, running the command: @@ -36,15 +47,15 @@ If your ingress class is `traefik`, running the command: helm install rustfs -n rustfs --create-namespace ./ --set ingress.className="traefik" ``` +## Installation with nginx controller + If your ingress class is `nginx`, running the command: ``` helm install rustfs -n rustfs --create-namespace ./ --set ingress.className="nginx" ``` -> `traefik` or `nginx`, the different is the session sticky/affinity annotations. - -**NOTE**: If you want to install standalone mode, specify the installation parameter `--set mode.standalone.enabled="true",mode.distributed.enabled="false"`; If you want to install distributed mode with 16 pods, specify the installation parameter `--set replicaCount="16"`. +# Installation check and rustfs login Check the pod status @@ -69,11 +80,26 @@ Access the rustfs cluster via `https://your.rustfs.com` with the default usernam > Replace the `your.rustfs.com` with your own domain as well as the certificates. -## Uninstall +# TLS configuration + +By default, tls is not enabled.If you want to enable tls(recommendated),you can follow below steps: + +* Step 1: Certification generation + +You can request cert and key from CA or use the self-signed cert(**not recommendated on prod**),and put those two files(eg, `tls.crt` and `tls.key`) under some directory on server, for example `tls` directory. + +* Step 2: Certification specifying + +You should use `--set-file` parameter when running `helm install` command, for example, running the below command can enable ingress tls and generate tls secret: + +``` +helm install rustfs rustfs/rustfs -n rustfs --set tls.enabled=true,--set-file tls.crt=./tls.crt,--set-file tls.key=./tls.key +``` + +# Uninstall Uninstalling the rustfs installation with command, ``` helm uninstall rustfs -n rustfs -``` - +``` \ No newline at end of file diff --git a/helm/rustfs/Chart.yaml b/helm/rustfs/Chart.yaml index 463a7ca9..725c6c46 100644 --- a/helm/rustfs/Chart.yaml +++ b/helm/rustfs/Chart.yaml @@ -15,10 +15,10 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.0.0 +version: 1.0.0-alpha.69 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to # follow Semantic Versioning. They should reflect the version the application is using. # It is recommended to use it with quotes. -appVersion: "1.16.0" +appVersion: "1.0.0-alpha.69" diff --git a/helm/rustfs/templates/secret-tls.yaml b/helm/rustfs/templates/secret-tls.yaml index e19f4c1d..8c78787b 100644 --- a/helm/rustfs/templates/secret-tls.yaml +++ b/helm/rustfs/templates/secret-tls.yaml @@ -1,10 +1,10 @@ -{{- if .Values.ingress.enabled }} +{{- if .Values.tls.enabled }} apiVersion: v1 kind: Secret metadata: name: {{ include "rustfs.fullname" . }}-tls -type: Opaque +type: kubernetes.io/tls data: - tls.crt : {{ .Files.Get "tls/tls.crt" | b64enc | quote }} - tls.key : {{ .Files.Get "tls/tls.key" | b64enc | quote }} -{{- end }} + tls.crt : {{ .Values.tls.crt | b64enc | quote }} + tls.key : {{ .Values.tls.key | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/helm/rustfs/tls/tls.crt b/helm/rustfs/tls/tls.crt deleted file mode 100644 index fdb61eb8..00000000 --- a/helm/rustfs/tls/tls.crt +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN CERTIFICATE----- -Input your crt content. ------END CERTIFICATE----- diff --git a/helm/rustfs/tls/tls.key b/helm/rustfs/tls/tls.key deleted file mode 100644 index d39de48b..00000000 --- a/helm/rustfs/tls/tls.key +++ /dev/null @@ -1,3 +0,0 @@ ------BEGIN PRIVATE KEY----- -Input your private key. ------END PRIVATE KEY----- diff --git a/helm/rustfs/values.yaml b/helm/rustfs/values.yaml index 4f0d65e6..14714c7f 100644 --- a/helm/rustfs/values.yaml +++ b/helm/rustfs/values.yaml @@ -80,7 +80,7 @@ service: # This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ ingress: enabled: true - className: "" # Specify the classname, traefik or nginx. Different classname has different annotations for session sticky. + className: "traefik" # Specify the classname, traefik or nginx. Different classname has different annotations for session sticky. traefikAnnotations: traefik.ingress.kubernetes.io/service.sticky.cookie: "true" traefik.ingress.kubernetes.io/service.sticky.cookie.httponly: "true" @@ -101,7 +101,12 @@ ingress: tls: - secretName: rustfs-tls hosts: - - xmg.rustfs.com + - your.rustfs.com + +tls: + enabled: false + crt: tls.crt + key: tls.key resources: # We usually recommend not to specify default resources and to leave this as a conscious