From 64ba52bc1edd4c9231de8acae1d9e8c3f691b70d Mon Sep 17 00:00:00 2001 From: majinghe <42570491+majinghe@users.noreply.github.com> Date: Wed, 29 Oct 2025 12:23:21 +0800 Subject: [PATCH] add rustfs helm chart files (#747) * add rustfs helm chart files * update readme file with helm chart * delete helm chart license file * fix typo in readme file --- README.md | 10 +- README_ZH.md | 48 +++++- helm/README.md | 75 ++++++++++ helm/rustfs/.helmignore | 23 +++ helm/rustfs/Chart.yaml | 24 +++ helm/rustfs/templates/NOTES.txt | 22 +++ helm/rustfs/templates/_helpers.tpl | 62 ++++++++ helm/rustfs/templates/configmap.yaml | 17 +++ helm/rustfs/templates/ingress.yaml | 45 ++++++ helm/rustfs/templates/secret-tls.yaml | 10 ++ helm/rustfs/templates/secret.yaml | 9 ++ helm/rustfs/templates/service.yaml | 59 ++++++++ helm/rustfs/templates/serviceaccount.yaml | 13 ++ helm/rustfs/templates/statefulset.yaml | 132 +++++++++++++++++ .../templates/tests/test-connection.yaml | 15 ++ helm/rustfs/tls/tls.crt | 3 + helm/rustfs/tls/tls.key | 3 + helm/rustfs/values.yaml | 139 ++++++++++++++++++ 18 files changed, 700 insertions(+), 9 deletions(-) create mode 100644 helm/README.md create mode 100644 helm/rustfs/.helmignore create mode 100644 helm/rustfs/Chart.yaml create mode 100644 helm/rustfs/templates/NOTES.txt create mode 100644 helm/rustfs/templates/_helpers.tpl create mode 100644 helm/rustfs/templates/configmap.yaml create mode 100644 helm/rustfs/templates/ingress.yaml create mode 100644 helm/rustfs/templates/secret-tls.yaml create mode 100644 helm/rustfs/templates/secret.yaml create mode 100644 helm/rustfs/templates/service.yaml create mode 100644 helm/rustfs/templates/serviceaccount.yaml create mode 100644 helm/rustfs/templates/statefulset.yaml create mode 100644 helm/rustfs/templates/tests/test-connection.yaml create mode 100644 helm/rustfs/tls/tls.crt create mode 100644 helm/rustfs/tls/tls.key create mode 100644 helm/rustfs/values.yaml diff --git a/README.md b/README.md index 4e7971c3..b6e5ae37 100644 --- a/README.md +++ b/README.md @@ -139,10 +139,14 @@ observability. If you want to start redis as well as nginx container, you can sp make help-docker # Show all Docker-related commands ``` -4. **Access the Console**: Open your web browser and navigate to `http://localhost:9000` to access the RustFS console, +4. **Build with helm chart(Option 4) - Cloud Native environment** + + Following the instructions on [helm chart README](./helm/README.md) to install RustFS on kubernetes cluster. + +5. **Access the Console**: Open your web browser and navigate to `http://localhost:9000` to access the RustFS console, default username and password is `rustfsadmin` . -5. **Create a Bucket**: Use the console to create a new bucket for your objects. -6. **Upload Objects**: You can upload files directly through the console or use S3-compatible APIs to interact with your +6. **Create a Bucket**: Use the console to create a new bucket for your objects. +7. **Upload Objects**: You can upload files directly through the console or use S3-compatible APIs to interact with your RustFS instance. **NOTE**: If you want to access RustFS instance with `https`, you can refer diff --git a/README_ZH.md b/README_ZH.md index be4606cc..88a79910 100644 --- a/README_ZH.md +++ b/README_ZH.md @@ -87,13 +87,49 @@ RustFS 是一个使用 Rust(全球最受欢迎的编程语言之一)构建 以外,还有 grafana、prometheus、jaeger 等,这些是为 rustfs 可观测性服务的,还有 redis 和 nginx。你想启动哪些容器,就需要用 `--profile` 参数指定相应的 profile。 -3. **访问控制台**:打开 Web 浏览器并导航到 `http://localhost:9000` 以访问 RustFS 控制台,默认的用户名和密码是 - `rustfsadmin` 。 -4. **创建存储桶**:使用控制台为您的对象创建新的存储桶。 -5. **上传对象**:您可以直接通过控制台上传文件,或使用 S3 兼容的 API 与您的 RustFS 实例交互。 +3. **从源码构建(方案三)- 高级用户** -**注意**:如果你想通过 `https` 来访问 RustFS -实例,请参考 [TLS 配置文档](https://docs.rustfs.com/zh/integration/tls-configured.html) + 面向希望从源码构建支持多架构 Docker 镜像的开发者: + + ```bash + # 本地构建多架构镜像 + ./docker-buildx.sh --build-arg RELEASE=latest + + # 构建并推送至镜像仓库 + ./docker-buildx.sh --push + + # 构建指定版本 + ./docker-buildx.sh --release v1.0.0 --push + + # 构建并推送到自定义镜像仓库 + ./docker-buildx.sh --registry your-registry.com --namespace yourname --push + ``` + + `docker-buildx.sh` 脚本支持: + - **多架构构建**:`linux/amd64`、`linux/arm64` + - **自动版本检测**:可使用 git 标签或提交哈希 + - **仓库灵活性**:支持 Docker Hub、GitHub Container Registry 等 + - **构建优化**:包含缓存和并行构建 + + 你也可以使用 Makefile 提供的目标命令以提升便捷性: + + ```bash + make docker-buildx # 本地构建 + make docker-buildx-push # 构建并推送 + make docker-buildx-version VERSION=v1.0.0 # 构建指定版本 + make help-docker # 显示全部 Docker 相关命令 + ``` + +4. **使用 Helm Chart 部署(方案四)- 云原生环境** + + 按照 [helm chart 说明文档](./helm/README.md) 的指引,在 Kubernetes 集群中安装 RustFS。 + +5. **访问控制台**:打开 Web 浏览器并导航到 `http://localhost:9000` 以访问 RustFS 控制台,默认的用户名和密码是 + `rustfsadmin` 。 +6. **创建存储桶**:使用控制台为您的对象创建新的存储桶。 +7. **上传对象**:您可以直接通过控制台上传文件,或使用 S3 兼容的 API 与您的 RustFS 实例交互。 + +**注意**:如果你想通过 `https` 来访问 RustFS 实例,请参考 [TLS 配置文档](https://docs.rustfs.com/zh/integration/tls-configured.html) ## 文档 diff --git a/helm/README.md b/helm/README.md new file mode 100644 index 00000000..d390cbbc --- /dev/null +++ b/helm/README.md @@ -0,0 +1,75 @@ +# rustfs-helm + +You can use this helm chart to deploy rustfs on k8s cluster. + +## Parameters Overview + +| parameter | description | default value | +| -- | -- | -- | +| replicaCount | Number of cluster nodes. | Default is `4`. | +| image.repository | docker image repository. | rustfs/rustfs. | +| image.tag | the tag for rustfs docker image | "latest" | +| secret.rustfs.access_key | RustFS Access Key ID | `rustfsadmin` | +| secret.rustfs.secret_key | RustFS Secret Key ID | `rustfsadmin` | +| storageclass.name | The name for StorageClass. | `local-path` | +| ingress.className | Specify the ingress class, traefik or nginx. | `nginx` | + + + +**NOTE**: [`local-path`](https://github.com/rancher/local-path-provisioner) is used by k3s. If you want to use `local-path`, running the command, + +``` +kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/v0.0.32/deploy/local-path-storage.yaml +``` + +## Requirement + +* Helm V3 +* RustFS >= 1.0.0-alpha.66 + +## Installation + +If your ingress class is `traefik`, running the command: + +``` +helm install rustfs -n rustfs --create-namespace ./ --set ingress.className="traefik" +``` + +If your ingress class is `nginx`, running the command: + +``` +helm install rustfs -n rustfs --create-namespace ./ --set ingress.className="nginx" +``` + +> `traefik` or `nginx`, the different is the session sticky/affinity annotations. + +Check the pod status + +``` +kubectl -n rustfs get pods -w +NAME READY STATUS RESTARTS AGE +rustfs-0 1/1 Running 0 2m27s +rustfs-1 1/1 Running 0 2m27s +rustfs-2 1/1 Running 0 2m27s +rustfs-3 1/1 Running 0 2m27s +``` + +Check the ingress status + +``` +kubectl -n rustfs get ing +NAME CLASS HOSTS ADDRESS PORTS AGE +rustfs nginx xmg.rustfs.com 10.43.237.152 80, 443 29m +``` + +Access the rustfs cluster via `https://xmg.rustfs.com` with the default username and password `rustfsadmin`. + +> Replace the `xmg.rustfs.com` with your own domain as well as the certificates. + +## Uninstall + +Uninstalling the rustfs installation with command, + +``` +helm uninstall rustfs -n rustfs +``` diff --git a/helm/rustfs/.helmignore b/helm/rustfs/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/rustfs/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/rustfs/Chart.yaml b/helm/rustfs/Chart.yaml new file mode 100644 index 00000000..463a7ca9 --- /dev/null +++ b/helm/rustfs/Chart.yaml @@ -0,0 +1,24 @@ +apiVersion: v2 +name: rustfs +description: RustFS helm chart to deploy RustFS on kubernetes cluster. + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 1.0.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/rustfs/templates/NOTES.txt b/helm/rustfs/templates/NOTES.txt new file mode 100644 index 00000000..7f5eb704 --- /dev/null +++ b/helm/rustfs/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rustfs.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rustfs.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rustfs.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rustfs.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/rustfs/templates/_helpers.tpl b/helm/rustfs/templates/_helpers.tpl new file mode 100644 index 00000000..6560f132 --- /dev/null +++ b/helm/rustfs/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "rustfs.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "rustfs.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "rustfs.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "rustfs.labels" -}} +helm.sh/chart: {{ include "rustfs.chart" . }} +{{ include "rustfs.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "rustfs.selectorLabels" -}} +app.kubernetes.io/name: {{ include "rustfs.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "rustfs.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "rustfs.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/rustfs/templates/configmap.yaml b/helm/rustfs/templates/configmap.yaml new file mode 100644 index 00000000..06b5e3ce --- /dev/null +++ b/helm/rustfs/templates/configmap.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "rustfs.fullname" . }}-config +data: + RUSTFS_ADDRESS: {{ .Values.config.rustfs.address | quote }} + RUSTFS_CONSOLE_ADDRESS: {{ .Values.config.rustfs.console_address | quote }} + RUSTFS_OBS_LOG_DIRECTORY: {{ .Values.config.rustfs.obs_log_directory | quote }} + RUSTFS_SINKS_FILE_PATH: {{ .Values.config.rustfs.sinks_file_path | quote }} + RUSTFS_CONSOLE_ENABLE: {{ .Values.config.rustfs.console_enable | quote }} + RUSTFS_LOG_LEVEL: {{ .Values.config.rustfs.log_level | quote }} + {{- if eq (int .Values.replicaCount) 4 }} + RUSTFS_VOLUMES: "http://rustfs-{0...3}.rustfs-headless.rustfs.svc.cluster.local:9000/data/rustfs{0...3}" + {{- else if eq (int .Values.replicaCount) 16 }} + RUSTFS_VOLUMES: "http://rustfs-{0...15}.rustfs-headless.rustfs.svc.cluster.local:9000/data" + {{- end }} + RUSTFS_OBS_ENVIRONMENT: "develop" diff --git a/helm/rustfs/templates/ingress.yaml b/helm/rustfs/templates/ingress.yaml new file mode 100644 index 00000000..792b4782 --- /dev/null +++ b/helm/rustfs/templates/ingress.yaml @@ -0,0 +1,45 @@ +{{- if .Values.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "rustfs.fullname" . }} + labels: + {{- include "rustfs.labels" . | nindent 4 }} + {{- if eq .Values.ingress.className "nginx" }} + {{- with .Values.ingress.nginxAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} +spec: + {{- with .Values.ingress.className }} + ingressClassName: {{ . }} + {{- end }} + {{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + {{- with .pathType }} + pathType: {{ . }} + {{- end }} + backend: + service: + name: {{ include "rustfs.fullname" $ }}-svc + port: + name: console + {{- end }} + {{- end }} +{{- end }} diff --git a/helm/rustfs/templates/secret-tls.yaml b/helm/rustfs/templates/secret-tls.yaml new file mode 100644 index 00000000..e19f4c1d --- /dev/null +++ b/helm/rustfs/templates/secret-tls.yaml @@ -0,0 +1,10 @@ +{{- if .Values.ingress.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "rustfs.fullname" . }}-tls +type: Opaque +data: + tls.crt : {{ .Files.Get "tls/tls.crt" | b64enc | quote }} + tls.key : {{ .Files.Get "tls/tls.key" | b64enc | quote }} +{{- end }} diff --git a/helm/rustfs/templates/secret.yaml b/helm/rustfs/templates/secret.yaml new file mode 100644 index 00000000..5de45709 --- /dev/null +++ b/helm/rustfs/templates/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "rustfs.fullname" . }}-secret +type: Opaque +data: + RUSTFS_ACCESS_KEY: {{ .Values.secret.rustfs.access_key | b64enc | quote }} + RUSTFS_SECRET_KEY: {{ .Values.secret.rustfs.secret_key | b64enc | quote }} + diff --git a/helm/rustfs/templates/service.yaml b/helm/rustfs/templates/service.yaml new file mode 100644 index 00000000..1ae37dc1 --- /dev/null +++ b/helm/rustfs/templates/service.yaml @@ -0,0 +1,59 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "rustfs.fullname" . }}-headless + labels: + {{- include "rustfs.labels" . | nindent 4 }} +spec: + clusterIP: None + publishNotReadyAddresses: true + ports: + {{- if .Values.ingress.enabled }} + - port: 9000 + {{- else }} + - port: {{ .Values.service.ep_port }} + {{- end }} + targetPort: {{ .Values.service.ep_port }} + protocol: TCP + name: endpoint + - port: {{ .Values.service.console_port }} + targetPort: 9001 + protocol: TCP + name: console + selector: + app: {{ include "rustfs.name" . }} + +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "rustfs.fullname" . }}-svc + {{- if eq .Values.ingress.className "traefik" }} + {{- with .Values.ingress.traefikAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- include "rustfs.labels" . | nindent 4 }} +spec: + {{- if .Values.ingress.enabled }} + type: ClusterIP + {{- else }} + type: NodePort + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 + {{- end }} + ports: + - port: {{ .Values.service.ep_port }} + targetPort: {{ .Values.service.ep_port }} + protocol: TCP + name: endpoint + - port: {{ .Values.service.console_port }} + targetPort: {{ .Values.service.console_port }} + protocol: TCP + name: console + selector: + app: {{ include "rustfs.name" . }} diff --git a/helm/rustfs/templates/serviceaccount.yaml b/helm/rustfs/templates/serviceaccount.yaml new file mode 100644 index 00000000..a70c5d2e --- /dev/null +++ b/helm/rustfs/templates/serviceaccount.yaml @@ -0,0 +1,13 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "rustfs.serviceAccountName" . }} + labels: + {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automount }} +{{- end }} diff --git a/helm/rustfs/templates/statefulset.yaml b/helm/rustfs/templates/statefulset.yaml new file mode 100644 index 00000000..0b8cc4cb --- /dev/null +++ b/helm/rustfs/templates/statefulset.yaml @@ -0,0 +1,132 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "rustfs.fullname" . }} +spec: + serviceName: {{ include "rustfs.fullname" . }}-headless + replicas: {{ .Values.replicaCount }} + podManagementPolicy: Parallel + selector: + matchLabels: + app: {{ include "rustfs.name" . }} + template: + metadata: + labels: + app: {{ include "rustfs.name" . }} + spec: + initContainers: + - name: init-step + image: busybox + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: REPLICA_COUNT + value: "{{ .Values.replicaCount }}" + command: + - sh + - -c + - | + if [ "$REPLICA_COUNT" -eq 4 ]; then + for i in $(seq 0 $(($REPLICA_COUNT - 1))); do + mkdir -p /data/rustfs$i + done; + elif [ "$REPLICA_COUNT" -eq 16 ]; then + mkdir -p /data + fi + + chown -R 1000:1000 /data + chown -R 1000:1000 /logs + volumeMounts: + {{- if eq (int .Values.replicaCount) 4 }} + {{- range $i := until (int .Values.replicaCount) }} + - name: data-rustfs-{{ $i }} + mountPath: /data/rustfs{{ $i }} + {{- end }} + {{- else if eq (int .Values.replicaCount) 16 }} + - name: data + mountPath: /data + {{- end }} + - name: logs + mountPath: /logs + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + command: ["/usr/bin/rustfs"] + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + runAsUser: 1000 + ports: + - containerPort: {{ .Values.service.ep_port }} + name: endpoint + - containerPort: {{ .Values.service.console_port }} + name: console + env: + - name: REPLICA_COUNT + value: "{{ .Values.replicaCount }}" + envFrom: + - configMapRef: + name: {{ include "rustfs.fullname" . }}-config + - secretRef: + name: {{ include "rustfs.fullname" . }}-secret + resources: + requests: + memory: {{ .Values.resources.requests.memory }} + cpu: {{ .Values.resources.requests.cpu }} + limits: + memory: {{ .Values.resources.limits.memory }} + cpu: {{ .Values.resources.limits.cpu }} + livenessProbe: + httpGet: + path: /health + port: 9000 + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /health + port: 9000 + exec: + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + volumeMounts: + - name: logs + mountPath: /logs + {{- if eq (int .Values.replicaCount) 4 }} + {{- range $i := until (int .Values.replicaCount) }} + - name: data-rustfs-{{ $i }} + mountPath: /data/rustfs{{ $i }} + {{- end }} + {{- else if eq (int .Values.replicaCount) 16 }} + - name: data + mountPath: /data + {{- end }} + volumes: + - name: logs + emptyDir: {} + volumeClaimTemplates: + {{- if eq (int .Values.replicaCount) 4 }} + {{- range $i := until (int .Values.replicaCount) }} + - metadata: + name: data-rustfs-{{ $i }} + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ $.Values.storageclass.name }} + resources: + requests: + storage: {{ $.Values.storageclass.size}} + {{- end }} + {{- else if eq (int .Values.replicaCount) 16 }} + - metadata: + name: data + spec: + accessModes: ["ReadWriteOnce"] + storageClassName: {{ $.Values.storageclass.name }} + resources: + requests: + storage: {{ $.Values.storageclass.size}} + {{- end }} diff --git a/helm/rustfs/templates/tests/test-connection.yaml b/helm/rustfs/templates/tests/test-connection.yaml new file mode 100644 index 00000000..42d4fff0 --- /dev/null +++ b/helm/rustfs/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "rustfs.fullname" . }}-test-connection" + labels: + {{- include "rustfs.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "rustfs.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/rustfs/tls/tls.crt b/helm/rustfs/tls/tls.crt new file mode 100644 index 00000000..61c76840 --- /dev/null +++ b/helm/rustfs/tls/tls.crt @@ -0,0 +1,3 @@ +-----BEGIN CERTIFICATE----- +Please input your cert file content. +-----END CERTIFICATE----- diff --git a/helm/rustfs/tls/tls.key b/helm/rustfs/tls/tls.key new file mode 100644 index 00000000..457880fe --- /dev/null +++ b/helm/rustfs/tls/tls.key @@ -0,0 +1,3 @@ +-----BEGIN PRIVATE KEY----- +Please input your key file content +-----END PRIVATE KEY----- diff --git a/helm/rustfs/values.yaml b/helm/rustfs/values.yaml new file mode 100644 index 00000000..7b222021 --- /dev/null +++ b/helm/rustfs/values.yaml @@ -0,0 +1,139 @@ +# Default values for rustfs. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +# This will set the replicaset count more information can be found here: https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ +replicaCount: 4 + +# This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/ +image: + repository: rustfs/rustfs + # This sets the pull policy for images. + pullPolicy: Always + # Overrides the image tag whose default is the chart appVersion. + tag: "1.0.0-alpha.66" + +# This is for the secrets for pulling an image from a private repository more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +imagePullSecrets: [] +# This is to override the chart name. +nameOverride: "" +fullnameOverride: "" + +secret: + rustfs: + access_key: rustfsadmin + secret_key: rustfsadmin + +config: + rustfs: + volume: "/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3" + address: "0.0.0.0:9000" + console_address: "0.0.0.0:9001" + log_level: "debug" + rust_log: "debug" + console_enable: "true" + sinks_file_path: "/logs" + obs_log_directory: "/logs" + +# This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ +serviceAccount: + # Specifies whether a service account should be created + create: true + # Automatically mount a ServiceAccount's API credentials? + automount: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +# This is for setting Kubernetes Annotations to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +podAnnotations: {} +# This is for setting Kubernetes Labels to a Pod. +# For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +podLabels: {} + +podSecurityContext: + {} + # fsGroup: 2000 + +securityContext: + {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: NodePort + ep_port: 9000 + console_port: 9001 + +# This block is for setting up the ingress for more information can be found here: https://kubernetes.io/docs/concepts/services-networking/ingress/ +ingress: + enabled: true + className: "" # Specify the classname, traefik or nginx. Different classname has different annotations for session sticky. + traefikAnnotations: + traefik.ingress.kubernetes.io/service.sticky.cookie: "true" + traefik.ingress.kubernetes.io/service.sticky.cookie.httponly: "true" + traefik.ingress.kubernetes.io/service.sticky.cookie.name: rustfs + traefik.ingress.kubernetes.io/service.sticky.cookie.samesite: none + traefik.ingress.kubernetes.io/service.sticky.cookie.secure: "true" + nginxAnnotations: + nginx.ingress.kubernetes.io/affinity: cookie + nginx.ingress.kubernetes.io/session-cookie-expires: "3600" + nginx.ingress.kubernetes.io/session-cookie-hash: sha1 + nginx.ingress.kubernetes.io/session-cookie-max-age: "3600" + nginx.ingress.kubernetes.io/session-cookie-name: rustfs + hosts: + - host: xmg.rustfs.com + paths: + - path: / + pathType: ImplementationSpecific + tls: + - secretName: rustfs-tls + hosts: + - xmg.rustfs.com + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + cpu: 200m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + +# This is to setup the liveness and readiness probes more information can be found here: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/ +livenessProbe: + httpGet: + path: /health + port: http +readinessProbe: + httpGet: + path: /health + port: http + +# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +storageclass: + name: local-path + size: 256Mi