From 44f3f3d070eb0975d7cab80105a7938dc2b345c8 Mon Sep 17 00:00:00 2001 From: majinghe <42570491+majinghe@users.noreply.github.com> Date: Wed, 19 Nov 2025 13:56:21 +0800 Subject: [PATCH] add standalone mode support (#881) * add standalone mode support * update readme file * change non-root from 1000 to 10001 * delete self sign crt content * modify security content * fix synatx error for readme file. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * update image repository and tag info. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix helm chart syntax issue. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> * fix helm chart syntax issue. Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --------- Co-authored-by: houseme Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: loverustfs --- Dockerfile | 4 +- helm/README.md | 16 +++-- helm/rustfs/templates/configmap.yaml | 4 ++ helm/rustfs/templates/deployment.yaml | 96 ++++++++++++++++++++++++++ helm/rustfs/templates/pvc.yaml | 24 +++++++ helm/rustfs/templates/service.yaml | 4 ++ helm/rustfs/templates/statefulset.yaml | 39 +++++++---- helm/rustfs/tls/tls.crt | 2 +- helm/rustfs/tls/tls.key | 2 +- helm/rustfs/values.yaml | 23 +++--- 10 files changed, 183 insertions(+), 31 deletions(-) create mode 100644 helm/rustfs/templates/deployment.yaml create mode 100644 helm/rustfs/templates/pvc.yaml diff --git a/Dockerfile b/Dockerfile index 616a6ee1..f6e5baf6 100644 --- a/Dockerfile +++ b/Dockerfile @@ -66,8 +66,8 @@ COPY entrypoint.sh /entrypoint.sh RUN chmod +x /usr/bin/rustfs /entrypoint.sh -RUN addgroup -g 1000 -S rustfs && \ - adduser -u 1000 -G rustfs -S rustfs -D && \ +RUN addgroup -g 10001 -S rustfs && \ + adduser -u 10001 -G rustfs -S rustfs -D && \ mkdir -p /data /logs && \ chown -R rustfs:rustfs /data /logs && \ chmod 0750 /data /logs diff --git a/helm/README.md b/helm/README.md index d390cbbc..0741b3df 100644 --- a/helm/README.md +++ b/helm/README.md @@ -1,12 +1,14 @@ # rustfs-helm -You can use this helm chart to deploy rustfs on k8s cluster. +You can use this helm chart to deploy rustfs on k8s cluster. The chart supports standalone and distributed mode. For standalone mode, there is only one pod and one pvc; for distributed mode, there are two styles, 4 pods and 16 pvcs(each pod has 4 pvcs), 16 pods and 16 pvcs(each pod has 1 pvc). You should decide which mode and style suits for your situation. You can specify the parameters `mode` and `replicaCount` to install different mode and style. ## Parameters Overview | parameter | description | default value | | -- | -- | -- | | replicaCount | Number of cluster nodes. | Default is `4`. | +| mode.standalone.enabled | RustFS standalone mode support, namely one pod one pvc. | Default is `false` | +| mode.distributed.enabled | RustFS distributed mode support, namely multiple pod multiple pvc. | Default is `true`. | | image.repository | docker image repository. | rustfs/rustfs. | | image.tag | the tag for rustfs docker image | "latest" | | secret.rustfs.access_key | RustFS Access Key ID | `rustfsadmin` | @@ -15,7 +17,6 @@ You can use this helm chart to deploy rustfs on k8s cluster. | ingress.className | Specify the ingress class, traefik or nginx. | `nginx` | - **NOTE**: [`local-path`](https://github.com/rancher/local-path-provisioner) is used by k3s. If you want to use `local-path`, running the command, ``` @@ -25,7 +26,7 @@ kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisione ## Requirement * Helm V3 -* RustFS >= 1.0.0-alpha.66 +* RustFS >= 1.0.0-alpha.68 ## Installation @@ -43,6 +44,8 @@ helm install rustfs -n rustfs --create-namespace ./ --set ingress.className="ngi > `traefik` or `nginx`, the different is the session sticky/affinity annotations. +**NOTE**: If you want to install standalone mode, specify the installation parameter `--set mode.standalone.enabled="true",mode.distributed.enabled="false"`; If you want to install distributed mode with 16 pods, specify the installation parameter `--set replicaCount="16"`. + Check the pod status ``` @@ -59,12 +62,12 @@ Check the ingress status ``` kubectl -n rustfs get ing NAME CLASS HOSTS ADDRESS PORTS AGE -rustfs nginx xmg.rustfs.com 10.43.237.152 80, 443 29m +rustfs nginx your.rustfs.com 10.43.237.152 80, 443 29m ``` -Access the rustfs cluster via `https://xmg.rustfs.com` with the default username and password `rustfsadmin`. +Access the rustfs cluster via `https://your.rustfs.com` with the default username and password `rustfsadmin`. -> Replace the `xmg.rustfs.com` with your own domain as well as the certificates. +> Replace the `your.rustfs.com` with your own domain as well as the certificates. ## Uninstall @@ -73,3 +76,4 @@ Uninstalling the rustfs installation with command, ``` helm uninstall rustfs -n rustfs ``` + diff --git a/helm/rustfs/templates/configmap.yaml b/helm/rustfs/templates/configmap.yaml index 77412972..b9a46eae 100644 --- a/helm/rustfs/templates/configmap.yaml +++ b/helm/rustfs/templates/configmap.yaml @@ -8,9 +8,13 @@ data: RUSTFS_OBS_LOG_DIRECTORY: {{ .Values.config.rustfs.obs_log_directory | quote }} RUSTFS_CONSOLE_ENABLE: {{ .Values.config.rustfs.console_enable | quote }} RUSTFS_LOG_LEVEL: {{ .Values.config.rustfs.log_level | quote }} + {{- if .Values.mode.distributed.enabled }} {{- if eq (int .Values.replicaCount) 4 }} RUSTFS_VOLUMES: "http://rustfs-{0...3}.rustfs-headless.rustfs.svc.cluster.local:9000/data/rustfs{0...3}" {{- else if eq (int .Values.replicaCount) 16 }} RUSTFS_VOLUMES: "http://rustfs-{0...15}.rustfs-headless.rustfs.svc.cluster.local:9000/data" {{- end }} + {{- else }} + RUSTFS_VOLUMES: "/data" + {{- end }} RUSTFS_OBS_ENVIRONMENT: "develop" diff --git a/helm/rustfs/templates/deployment.yaml b/helm/rustfs/templates/deployment.yaml new file mode 100644 index 00000000..a8f5ce7b --- /dev/null +++ b/helm/rustfs/templates/deployment.yaml @@ -0,0 +1,96 @@ +{{- if .Values.mode.standalone.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "rustfs.fullname" . }} + labels: + app: {{ include "rustfs.name" . }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ include "rustfs.name" . }} + template: + metadata: + labels: + app: {{ include "rustfs.name" . }} + spec: + {{- if .Values.podSecurityContext }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 12 }} + {{- end }} + initContainers: + - name: init-step + image: busybox + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 0 + runAsGroup: 0 + command: + - sh + - -c + - | + mkdir -p /data /logs + chown -R 10001:10001 /data /logs + volumeMounts: + - name: data + mountPath: /data + - name: logs + mountPath: /logs + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["/usr/bin/rustfs"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext }} + securityContext: + {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- end }} + ports: + - containerPort: {{ .Values.service.ep_port }} + name: endpoint + - containerPort: {{ .Values.service.console_port }} + name: console + envFrom: + - configMapRef: + name: {{ include "rustfs.fullname" . }}-config + - secretRef: + name: {{ include "rustfs.fullname" . }}-secret + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + livenessProbe: + httpGet: + path: /health + port: 9000 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /health + port: 9000 + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: logs + mountPath: /logs + - name: data + mountPath: /data + volumes: + - name: logs + persistentVolumeClaim: + claimName: {{ include "rustfs.fullname" . }}-logs + - name: data + persistentVolumeClaim: + claimName: {{ include "rustfs.fullname" . }}-data +{{- end }} diff --git a/helm/rustfs/templates/pvc.yaml b/helm/rustfs/templates/pvc.yaml new file mode 100644 index 00000000..735d3302 --- /dev/null +++ b/helm/rustfs/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if .Values.mode.standalone.enabled }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "rustfs.fullname" . }}-data +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ .Values.storageclass.name }} + resources: + requests: + storage: {{ .Values.storageclass.size }} + +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ include "rustfs.fullname" . }}-logs +spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ .Values.storageclass.name }} + resources: + requests: + storage: {{ .Values.storageclass.size }} +{{- end }} \ No newline at end of file diff --git a/helm/rustfs/templates/service.yaml b/helm/rustfs/templates/service.yaml index 1ae37dc1..3275a822 100644 --- a/helm/rustfs/templates/service.yaml +++ b/helm/rustfs/templates/service.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mode.distributed.enabled }} apiVersion: v1 kind: Service metadata: @@ -22,18 +23,21 @@ spec: name: console selector: app: {{ include "rustfs.name" . }} +{{- end }} --- apiVersion: v1 kind: Service metadata: name: {{ include "rustfs.fullname" . }}-svc + {{- if .Values.mode.distributed.enabled }} {{- if eq .Values.ingress.className "traefik" }} {{- with .Values.ingress.traefikAnnotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} {{- end }} + {{- end }} labels: {{- include "rustfs.labels" . | nindent 4 }} spec: diff --git a/helm/rustfs/templates/statefulset.yaml b/helm/rustfs/templates/statefulset.yaml index 78121615..2045d089 100644 --- a/helm/rustfs/templates/statefulset.yaml +++ b/helm/rustfs/templates/statefulset.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mode.distributed.enabled }} apiVersion: apps/v1 kind: StatefulSet metadata: @@ -14,10 +15,17 @@ spec: labels: app: {{ include "rustfs.name" . }} spec: + {{- if .Values.podSecurityContext }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 12 }} + {{- end }} initContainers: - name: init-step image: busybox imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 0 + runAsGroup: 0 env: - name: REPLICA_COUNT value: "{{ .Values.replicaCount }}" @@ -33,8 +41,8 @@ spec: mkdir -p /data fi - chown -R 1000:1000 /data - chown -R 1000:1000 /logs + chown -R 10001:10001 /data + chown -R 10001:10001 /logs volumeMounts: {{- if eq (int .Values.replicaCount) 4 }} {{- range $i := until (int .Values.replicaCount) }} @@ -52,9 +60,9 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" command: ["/usr/bin/rustfs"] imagePullPolicy: {{ .Values.image.pullPolicy }} - {{- if .Values.securityContext }} + {{- if .Values.containerSecurityContext }} securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.service.ep_port }} @@ -89,7 +97,6 @@ spec: httpGet: path: /health port: 9000 - exec: initialDelaySeconds: 30 periodSeconds: 5 timeoutSeconds: 3 @@ -107,12 +114,17 @@ spec: - name: data mountPath: /data {{- end }} - volumes: - - name: logs - emptyDir: {} volumeClaimTemplates: - {{- if eq (int .Values.replicaCount) 4 }} - {{- range $i := until (int .Values.replicaCount) }} + - metadata: + name: logs + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ $.Values.storageclass.name }} + resources: + requests: + storage: {{ $.Values.storageclass.size}} + {{- if eq (int .Values.replicaCount) 4 }} + {{- range $i := until (int .Values.replicaCount) }} - metadata: name: data-rustfs-{{ $i }} spec: @@ -121,8 +133,8 @@ spec: resources: requests: storage: {{ $.Values.storageclass.size}} - {{- end }} - {{- else if eq (int .Values.replicaCount) 16 }} + {{- end }} + {{- else if eq (int .Values.replicaCount) 16 }} - metadata: name: data spec: @@ -131,4 +143,5 @@ spec: resources: requests: storage: {{ $.Values.storageclass.size}} - {{- end }} + {{- end }} +{{- end }} diff --git a/helm/rustfs/tls/tls.crt b/helm/rustfs/tls/tls.crt index 61c76840..fdb61eb8 100644 --- a/helm/rustfs/tls/tls.crt +++ b/helm/rustfs/tls/tls.crt @@ -1,3 +1,3 @@ -----BEGIN CERTIFICATE----- -Please input your cert file content. +Input your crt content. -----END CERTIFICATE----- diff --git a/helm/rustfs/tls/tls.key b/helm/rustfs/tls/tls.key index 457880fe..d39de48b 100644 --- a/helm/rustfs/tls/tls.key +++ b/helm/rustfs/tls/tls.key @@ -1,3 +1,3 @@ -----BEGIN PRIVATE KEY----- -Please input your key file content +Input your private key. -----END PRIVATE KEY----- diff --git a/helm/rustfs/values.yaml b/helm/rustfs/values.yaml index 124f1b04..4f0d65e6 100644 --- a/helm/rustfs/values.yaml +++ b/helm/rustfs/values.yaml @@ -9,9 +9,9 @@ replicaCount: 4 image: repository: rustfs/rustfs # This sets the pull policy for images. - pullPolicy: Always + pullPolicy: IfNotPresent # Overrides the image tag whose default is the chart appVersion. - tag: "1.0.0-alpha.66" + tag: "latest" # This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ imagePullSecrets: [] @@ -19,6 +19,13 @@ imagePullSecrets: [] nameOverride: "" fullnameOverride: "" + +mode: + standalone: + enabled: false + distributed: + enabled: true + secret: rustfs: access_key: rustfsadmin @@ -54,16 +61,16 @@ podAnnotations: {} podLabels: {} podSecurityContext: - {} - # fsGroup: 2000 + fsGroup: 10001 + runAsUser: 10001 + runAsGroup: 10001 -securityContext: +containerSecurityContext: capabilities: drop: - - ALL + - ALL readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 1000 service: type: NodePort @@ -87,7 +94,7 @@ ingress: nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" nginx.ingress.kubernetes.io/session-cookie-name: rustfs hosts: - - host: xmg.rustfs.com + - host: your.rustfs.com paths: - path: / pathType: ImplementationSpecific