helm: refactor helm chart (#1122)

Signed-off-by: Juri Malinovski <juri.malinovski@coolbet.com> Co-authored-by: loverustfs <hello@rustfs.com>
2026-01-16 17:20:33 +00:00 · 2025-12-15 07:05:43 +02:00
parent e8fe9731fd
commit 7178a94792
14 changed files with 279 additions and 116 deletions
--- a/helm/README.md
+++ b/helm/README.md
@@ -9,30 +9,105 @@ RustFS helm chart supports **standalone and distributed mode**. For standalone m

 **NOTE**: Please make sure which mode suits for you situation and specify the right parameter to install rustfs on kubernetes.

+---
+
 # Parameters Overview

-| parameter | description | default value |
-| -- | -- | -- |
-| replicaCount                      | Number of cluster nodes.                                           |  `4`.           |
-| imagePullSecrets                  | A List of secrets to pull image from private registry.             | `name: secret-name`|
-| imageRegistryCredentials.enabled  | To indicate whether pull image from private registry.              | `false`         |
-| imageRegistryCredentials.registry | Private registry url to pull rustfs image.                         | None            |
-| imageRegistryCredentials.username | The username to pull rustfs image from private registry.           | None            |
-| imageRegistryCredentials.password | The password to pull rustfs image from private registry.           | None            |
-| imageRegistryCredentials.email    | The email to pull rustfs image from private registry.              | None            |
-| mode.standalone.enabled           | RustFS standalone mode support, namely one pod one pvc.            | `false`         |
-| mode.distributed.enabled          | RustFS distributed mode support, namely multiple pod multiple pvc. | `true`          |
-| image.repository                  | RustFS docker image repository.                                    | `rustfs/rustfs` |
-| image.tag                         | The tag for rustfs docker image                                    | `latest`        |
-| secret.rustfs.access_key          | RustFS Access Key ID                                               | `rustfsadmin`   |
-| secret.rustfs.secret_key          | RustFS Secret Key ID                                               | `rustfsadmin`   |
-| storageclass.name                 | The name for StorageClass.                                         | `local-path`    |
-| storageclass.dataStorageSize      | The storage size for data PVC.                                     | `256Mi`         |
-| storageclass.logStorageSize       | The storage size for log PVC.                                      | `256Mi`         |
-| ingress.className                 | Specify the ingress class, traefik or nginx.                       | `nginx`         |
+| Parameter | Type | Default value | Description |
+|-----|------|---------|-------------|
+| affinity.nodeAffinity | object | `{}` |  |
+| affinity.podAntiAffinity.enabled | bool | `true` |  |
+| affinity.podAntiAffinity.topologyKey | string | `"kubernetes.io/hostname"` |  |
+| commonLabels | object | `{}` | Labels to add to all deployed objects. |
+| config.rustfs.address | string | `":9000"` |  |
+| config.rustfs.console_address | string | `":9001"` |  |
+| config.rustfs.console_enable | string | `"true"` |  |
+| config.rustfs.log_level | string | `"debug"` |  |
+| config.rustfs.obs_environment | string | `"develop"` |  |
+| config.rustfs.obs_log_directory | string | `"/logs"` |  |
+| config.rustfs.region | string | `"us-east-1"` |  |
+| config.rustfs.rust_log | string | `"debug"` |  |
+| config.rustfs.volumes | string | `""` |  |
+| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| containerSecurityContext.readOnlyRootFilesystem | bool | `true` |  |
+| containerSecurityContext.runAsNonRoot | bool | `true` |  |
+| extraManifests | list | `[]` | List of additional k8s manifests. |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"rustfs/rustfs"` | RustFS docker image repository. |
+| image.tag | string | `"latest"` | The tag for rustfs docker image.  |
+| imagePullSecrets | list | `[]` | A List of secrets to pull image from private registry. |
+| imageRegistryCredentials.email | string | `""` | The email to pull rustfs image from private registry.  |
+| imageRegistryCredentials.enabled | bool | `false` | To indicate whether pull image from private registry.  |
+| imageRegistryCredentials.password | string | `""` | The password to pull rustfs image from private registry.  |
+| imageRegistryCredentials.registry | string | `""` | Private registry url to pull rustfs image. |
+| imageRegistryCredentials.username | string | `""` | The username to pull rustfs image from private registry. |
+| ingress.className | string | `"traefik"` | Specify the ingress class, traefik or nginx. |
+| ingress.enabled | bool | `true` |  |
+| ingress.hosts[0].host | string | `"your.rustfs.com"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` |  |
+| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/affinity" | string | `"cookie"` |  |
+| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-expires" | string | `"3600"` |  |
+| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-hash" | string | `"sha1"` |  |
+| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-max-age" | string | `"3600"` |  |
+| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-name" | string | `"rustfs"` |  |
+| ingress.tls[0].hosts[0] | string | `"your.rustfs.com"` |  |
+| ingress.tls[0].secretName | string | `"rustfs-tls"` |  |
+| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie" | string | `"true"` |  |
+| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.httponly" | string | `"true"` |  |
+| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.name" | string | `"rustfs"` |  |
+| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.samesite" | string | `"none"` |  |
+| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.secure" | string | `"true"` |  |
+| livenessProbe.failureThreshold | int | `3` |  |
+| livenessProbe.httpGet.path | string | `"/health"` |  |
+| livenessProbe.httpGet.port | string | `"endpoint"` |  |
+| livenessProbe.initialDelaySeconds | int | `10` |  |
+| livenessProbe.periodSeconds | int | `5` |  |
+| livenessProbe.successThreshold | int | `1` |  |
+| livenessProbe.timeoutSeconds | int | `3` |  |
+| mode.distributed.enabled | bool | `true` | RustFS distributed mode support, namely multiple pod multiple pvc. |
+| mode.standalone.enabled | bool | `false` | RustFS standalone mode support, namely one pod one pvc.  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| podAnnotations | object | `{}` |  |
+| podLabels | object | `{}` |  |
+| podSecurityContext.fsGroup | int | `10001` |  |
+| podSecurityContext.runAsGroup | int | `10001` |  |
+| podSecurityContext.runAsUser | int | `10001` |  |
+| readinessProbe.failureThreshold | int | `3` |  |
+| readinessProbe.httpGet.path | string | `"/health"` |  |
+| readinessProbe.httpGet.port | string | `"endpoint"` |  |
+| readinessProbe.initialDelaySeconds | int | `30` |  |
+| readinessProbe.periodSeconds | int | `5` |  |
+| readinessProbe.successThreshold | int | `1` |  |
+| readinessProbe.timeoutSeconds | int | `3` |  |
+| replicaCount | int | `4` | Number of cluster nodes. |
+| resources.limits.cpu | string | `"200m"` |  |
+| resources.limits.memory | string | `"512Mi"` |  |
+| resources.requests.cpu | string | `"100m"` |  |
+| resources.requests.memory | string | `"128Mi"` |  |
+| secret.existingSecret | string | `""` | Use existing secret with a credentials. |
+| secret.rustfs.access_key | string | `"rustfsadmin"` | RustFS Access Key ID |
+| secret.rustfs.secret_key | string | `"rustfsadmin"` | RustFS Secret Key ID |
+| service.console_port | int | `9001` |  |
+| service.ep_port | int | `9000` |  |
+| service.type | string | `"NodePort"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.automount | bool | `true` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| storageclass.dataStorageSize | string | `"256Mi"` | The storage size for data PVC. |
+| storageclass.logStorageSize | string | `"256Mi"` | The storage size for logs PVC. |
+| storageclass.name | string | `"local-path"` | The name for StorageClass. |
+| tls.crt | string | `"tls.crt"` |  |
+| tls.enabled | bool | `false` |  |
+| tls.key | string | `"tls.key"` |  |
+| tolerations | list | `[]` |  |

+---

-**NOTE**: 
+**NOTE**:

 The chart pulls the rustfs image from Docker Hub by default. For private registries, provide either:

@@ -112,11 +187,11 @@ Access the rustfs cluster via `https://your.rustfs.com` with the default usernam

 # TLS configuration

-By default, tls is not enabled.If you want to enable tls(recommendated),you can follow below steps:
+By default, tls is not enabled. If you want to enable tls(recommendated),you can follow below steps:

 * Step 1: Certification generation

-You can request cert and key from CA or use the self-signed cert(**not recommendated on prod**),and put those two files(eg, `tls.crt` and `tls.key`) under some directory on server, for example `tls` directory.
+You can request cert and key from CA or use the self-signed cert(**not recommendated on prod**), and put those two files(eg, `tls.crt` and `tls.key`) under some directory on server, for example `tls` directory.

 * Step 2: Certification specifying

--- a/helm/rustfs/templates/NOTES.txt
+++ b/helm/rustfs/templates/NOTES.txt
@@ -1,22 +1,10 @@
-1. Get the application URL by running these commands:
+1. Watch all pods come up
+  kubectl get pods -w -l app.kubernetes.io/name={{ include "rustfs.name" . }} -n {{ .Release.Namespace }}
 {{- if .Values.ingress.enabled }}
+2. Visit the dashboard
 {{- range $host := .Values.ingress.hosts }}
  {{- range .paths }}
  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
  {{- end }}
 {{- end }}
-{{- else if contains "NodePort" .Values.service.type }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rustfs.fullname" . }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.service.type }}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rustfs.fullname" . }}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rustfs.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.service.port }}
-{{- else if contains "ClusterIP" .Values.service.type }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rustfs.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
 {{- end }}
--- a/helm/rustfs/templates/_helpers.tpl
+++ b/helm/rustfs/templates/_helpers.tpl
@@ -99,3 +99,15 @@ Render imagePullSecrets for workloads - appends registry secret
 {{- toYaml $secrets }}
 {{- end }}

+{{/*
+Render RUSTFS_VOLUMES
+*/}}
+{{- define "rustfs.volumes" -}}
+{{- if eq (int .Values.replicaCount) 4 }}
+{{- printf "http://%s-{0...%d}.%s-headless:%d/data/rustfs{0...%d}" (include "rustfs.fullname" .) (sub (.Values.replicaCount | int) 1) (include "rustfs.fullname" . ) (.Values.service.ep_port | int) (sub (.Values.replicaCount | int) 1) }}
+{{- end }}
+{{- if eq (int .Values.replicaCount) 16 }}
+{{- printf "http://%s-{0...%d}.%s-headless:%d/data" (include "rustfs.fullname" .) (sub (.Values.replicaCount | int) 1) (include "rustfs.fullname" .) (.Values.service.ep_port | int) }}
+{{- end }}
+{{- end }}
+
--- a/helm/rustfs/templates/configmap.yaml
+++ b/helm/rustfs/templates/configmap.yaml
@@ -2,22 +2,20 @@ apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ include "rustfs.fullname" . }}-config
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
 data:
  RUSTFS_ADDRESS: {{ .Values.config.rustfs.address | quote }}
  RUSTFS_CONSOLE_ADDRESS: {{ .Values.config.rustfs.console_address | quote }}
-  RUSTFS_OBS_LOG_DIRECTORY: {{ .Values.config.rustfs.obs_log_directory | quote }}
  RUSTFS_CONSOLE_ENABLE: {{ .Values.config.rustfs.console_enable | quote }}
+  RUSTFS_OBS_LOG_DIRECTORY: {{ .Values.config.rustfs.obs_log_directory | quote }}
  RUSTFS_OBS_LOGGER_LEVEL: {{ .Values.config.rustfs.log_level | quote }}
+  RUSTFS_OBS_ENVIRONMENT: {{ .Values.config.rustfs.obs_environment | quote }}
  {{- if .Values.config.rustfs.region }}
  RUSTFS_REGION: {{ .Values.config.rustfs.region | quote }}
  {{- end }}
  {{- if .Values.mode.distributed.enabled }}
-  {{- if eq (int .Values.replicaCount) 4 }}
-  RUSTFS_VOLUMES: "http://{{ include "rustfs.fullname" . }}-{0...3}.{{ include "rustfs.fullname" . }}-headless:9000/data/rustfs{0...3}"
-  {{- else if eq (int .Values.replicaCount) 16 }}
-  RUSTFS_VOLUMES: "http://{{ include "rustfs.fullname" . }}-{0...15}.{{ include "rustfs.fullname" . }}-headless:9000/data"
-  {{- end }}
+  RUSTFS_VOLUMES: {{ .Values.config.rustfs.volumes | default (include "rustfs.volumes" .) }}
  {{- else }}
  RUSTFS_VOLUMES: "/data"
  {{- end }}
-  RUSTFS_OBS_ENVIRONMENT: "develop"
--- a/helm/rustfs/templates/deployment.yaml
+++ b/helm/rustfs/templates/deployment.yaml
@@ -4,24 +4,56 @@ kind: Deployment
 metadata:
  name: {{ include "rustfs.fullname" . }}
  labels:
-    app: {{ include "rustfs.name" . }}
+    {{- include "rustfs.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
  replicas: 1
  selector:
    matchLabels:
-      app: {{ include "rustfs.name" . }}
+      {{- include "rustfs.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
-        app: {{ include "rustfs.name" . }}
+        {{- include "rustfs.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
    spec:
      {{- with include "chart.imagePullSecrets" . }}
      imagePullSecrets:
        {{- . | nindent 8 }}
      {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+        {{- if .Values.affinity.nodeAffinity }}
+        nodeAffinity:
+        {{- toYaml .Values.affinity.nodeAffinity | nindent 10 }}
+        {{- if .Values.affinity.podAntiAffinity.enabled }}
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                      - {{ include "rustfs.name" . }}
+              topologyKey: {{ .Values.affinity.podAntiAffinity.topologyKey }}
+        {{- end }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations:
+        {{- toYaml .Values.tolerations | nindent 8 }}
+      {{- end }}
      {{- if .Values.podSecurityContext }}
      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 12 }}
+      {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml .Values.imagePullSecrets | nindent 8 }}
      {{- end }}
      initContainers:
        - name: init-step
--- a/helm/rustfs/templates/ingress.yaml
+++ b/helm/rustfs/templates/ingress.yaml
@@ -5,6 +5,9 @@ metadata:
  name: {{ include "rustfs.fullname" . }}
  labels:
    {{- include "rustfs.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
  {{- if eq .Values.ingress.className "nginx" }}
  {{- with .Values.ingress.nginxAnnotations }}
  annotations:
--- a/helm/rustfs/templates/pvc.yaml
+++ b/helm/rustfs/templates/pvc.yaml
@@ -3,6 +3,8 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ include "rustfs.fullname" . }}-data
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
 spec:
  accessModes: ["ReadWriteOnce"]
  storageClassName: {{ .Values.storageclass.name }}
@@ -15,10 +17,12 @@ apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
  name: {{ include "rustfs.fullname" . }}-logs
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
 spec:
  accessModes: ["ReadWriteOnce"]
  storageClassName: {{ .Values.storageclass.name }}
  resources:
    requests:
      storage: {{ .Values.storageclass.logStorageSize }}
-{{- end }}
+{{- end }}
--- a/helm/rustfs/templates/secret-tls.yaml
+++ b/helm/rustfs/templates/secret-tls.yaml
@@ -3,8 +3,10 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "rustfs.fullname" . }}-tls
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
 type: kubernetes.io/tls
 data:
  tls.crt : {{ .Values.tls.crt | b64enc | quote }}
  tls.key : {{ .Values.tls.key | b64enc | quote }}
-{{- end }}
+{{- end }}
--- a/helm/rustfs/templates/secret.yaml
+++ b/helm/rustfs/templates/secret.yaml
@@ -3,6 +3,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "rustfs.secretName" . }}
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
 type: Opaque
 data:
  RUSTFS_ACCESS_KEY: {{ .Values.secret.rustfs.access_key | b64enc | quote }}
@@ -15,6 +17,8 @@ apiVersion: v1
 kind: Secret
 metadata:
  name: {{ include "rustfs.imagePullSecret.name" . }}
+  labels:
+    {{- toYaml .Values.commonLabels | nindent 4 }}
 type: kubernetes.io/dockerconfigjson
 data:
  .dockerconfigjson: {{ template "imagePullSecret" . }}
--- a/helm/rustfs/templates/service.yaml
+++ b/helm/rustfs/templates/service.yaml
@@ -5,24 +5,20 @@ metadata:
  name: {{ include "rustfs.fullname" . }}-headless
  labels:
    {{- include "rustfs.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
+  {{- /* headless service */}}
  clusterIP: None
  publishNotReadyAddresses: true
  ports:
-    {{- if .Values.ingress.enabled }}
-    - port: 9000
-    {{- else }}
    - port: {{ .Values.service.ep_port }}
-    {{- end }}
-      targetPort: {{ .Values.service.ep_port }}
-      protocol: TCP
      name: endpoint
    - port: {{ .Values.service.console_port }}
-      targetPort: 9001
-      protocol: TCP
      name: console
  selector:
-    app: {{ include "rustfs.name" . }}
+    {{- include "rustfs.selectorLabels" . | nindent 4 }}
 {{- end }}

 ---
@@ -40,6 +36,9 @@ metadata:
  {{- end }}
  labels:
    {{- include "rustfs.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
  {{- if .Values.ingress.enabled }}
  type: ClusterIP
@@ -52,12 +51,8 @@ spec:
  {{- end }}
  ports:
    - port: {{ .Values.service.ep_port }}
-      targetPort: {{ .Values.service.ep_port }}
-      protocol: TCP
      name: endpoint
    - port: {{ .Values.service.console_port }}
-      targetPort: {{ .Values.service.console_port }}
-      protocol: TCP
      name: console
  selector:
-    app: {{ include "rustfs.name" . }}
+    {{- include "rustfs.selectorLabels" . | nindent 4 }}
--- a/helm/rustfs/templates/serviceaccount.yaml
+++ b/helm/rustfs/templates/serviceaccount.yaml
@@ -5,6 +5,9 @@ metadata:
  name: {{ include "rustfs.serviceAccountName" . }}
  labels:
    {{- include "rustfs.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
  {{- with .Values.serviceAccount.annotations }}
  annotations:
    {{- toYaml . | nindent 4 }}
--- a/helm/rustfs/templates/statefulset.yaml
+++ b/helm/rustfs/templates/statefulset.yaml
@@ -1,27 +1,70 @@
+{{- $logDir := .Values.config.rustfs.obs_log_directory }}
+
 {{- if .Values.mode.distributed.enabled }}
+---
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
  name: {{ include "rustfs.fullname" . }}
+  labels:
+    {{- include "rustfs.labels" . | nindent 4 }}
+    {{- with .Values.commonLabels }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
 spec:
  serviceName: {{ include "rustfs.fullname" . }}-headless
  replicas: {{ .Values.replicaCount }}
  podManagementPolicy: Parallel
  selector:
    matchLabels:
-      app: {{ include "rustfs.name" . }}
+      {{- include "rustfs.selectorLabels" . | nindent 6 }}
  template:
    metadata:
      labels:
-        app: {{ include "rustfs.name" . }}
+        {{- include "rustfs.selectorLabels" . | nindent 8 }}
+        {{- with .Values.podLabels }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
    spec:
      {{- with include "chart.imagePullSecrets" . }}
      imagePullSecrets:
        {{- . | nindent 8 }}
      {{- end }}
+      {{- if and .Values.nodeSelector (not .Values.affinity.nodeAffinity) }}
+      nodeSelector:
+        {{- toYaml .Values.nodeSelector | nindent 8 }}
+      {{- end }}
+      {{- if .Values.affinity }}
+      affinity:
+        nodeAffinity:
+        {{- if .Values.affinity.nodeAffinity }}
+          {{- toYaml .Values.affinity.nodeAffinity | nindent 10 }}
+        {{- else }}
+          {}
+        {{- if .Values.affinity.podAntiAffinity.enabled }}
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: app.kubernetes.io/name
+                    operator: In
+                    values:
+                      - {{ include "rustfs.name" . }}
+              topologyKey: {{ .Values.affinity.podAntiAffinity.topologyKey }}
+        {{- end }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.tolerations }}
+      tolerations:
+        {{- toYaml .Values.tolerations | nindent 8 }}
+      {{- end }}
      {{- if .Values.podSecurityContext }}
      securityContext:
-      {{- toYaml .Values.podSecurityContext | nindent 12 }}
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
+      {{- if .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml .Values.imagePullSecrets | nindent 8 }}
      {{- end }}
      initContainers:
        - name: init-step
@@ -32,7 +75,7 @@ spec:
            runAsGroup: 0
          env:
            - name: REPLICA_COUNT
-              value: "{{ .Values.replicaCount }}"
+              value: {{ .Values.replicaCount | quote }}
          command:
            - sh
            - -c
@@ -44,9 +87,8 @@ spec:
              elif [ "$REPLICA_COUNT" -eq 16 ]; then
                mkdir -p /data
              fi
-
-              chown -R 10001:10001 /data
-              chown -R 10001:10001 /logs
+              mkdir -p {{ $logDir }}
+              chown -R 10001:10001 /data {{ $logDir }}
          volumeMounts:
            {{- if eq (int .Values.replicaCount) 4 }}
            {{- range $i := until (int .Values.replicaCount) }}
@@ -58,7 +100,7 @@ spec:
              mountPath: /data
            {{- end }}
            - name: logs
-              mountPath: /logs
+              mountPath: {{ $logDir }}
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
@@ -66,7 +108,7 @@ spec:
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          {{- if .Values.containerSecurityContext }}
          securityContext:
-          {{- toYaml .Values.containerSecurityContext | nindent 12 }}
+            {{- toYaml .Values.containerSecurityContext | nindent 12 }}
          {{- end }}
          ports:
            - containerPort: {{ .Values.service.ep_port }}
@@ -75,7 +117,7 @@ spec:
              name: console
          env:
            - name: REPLICA_COUNT
-              value: "{{ .Values.replicaCount }}"
+              value: {{ .Values.replicaCount | quote }}
          envFrom:
            - configMapRef:
                name: {{ include "rustfs.fullname" . }}-config
@@ -89,26 +131,12 @@ spec:
              memory: {{ .Values.resources.limits.memory }}
              cpu: {{ .Values.resources.limits.cpu }}
          livenessProbe:
-            httpGet:
-              path: /health
-              port: 9000
-            initialDelaySeconds: 10
-            periodSeconds: 5
-            timeoutSeconds: 3
-            successThreshold: 1
-            failureThreshold: 3
+            {{- toYaml .Values.livenessProbe | nindent 12 }}
          readinessProbe:
-            httpGet:
-              path: /health
-              port: 9000
-            initialDelaySeconds: 30
-            periodSeconds: 5
-            timeoutSeconds: 3
-            successThreshold: 1
-            failureThreshold: 3
+            {{- toYaml .Values.readinessProbe | nindent 12 }}
          volumeMounts:
            - name: logs
-              mountPath: /logs
+              mountPath: {{ $logDir }}
            {{- if eq (int .Values.replicaCount) 4 }}
            {{- range $i := until (int .Values.replicaCount) }}
            - name: data-rustfs-{{ $i }}
@@ -121,31 +149,37 @@ spec:
  volumeClaimTemplates:
    - metadata:
        name: logs
+        labels:
+          {{- toYaml .Values.commonLabels | nindent 10 }}
      spec:
        accessModes: ["ReadWriteOnce"]
-        storageClassName: {{ $.Values.storageclass.name }}
+        storageClassName: {{ .Values.storageclass.name }}
        resources:
          requests:
-            storage: {{ $.Values.storageclass.logStorageSize}}
+            storage: {{ .Values.storageclass.logStorageSize }}
    {{- if eq (int .Values.replicaCount) 4 }}
    {{- range $i := until (int .Values.replicaCount) }}
    - metadata:
        name: data-rustfs-{{ $i }}
+        labels:
+          {{- toYaml $.Values.commonLabels | nindent 10 }}
      spec:
        accessModes: ["ReadWriteOnce"]
        storageClassName: {{ $.Values.storageclass.name }}
        resources:
          requests:
-            storage: {{ $.Values.storageclass.dataStorageSize}}
+            storage: {{ $.Values.storageclass.dataStorageSize }}
    {{- end }}
    {{- else if eq (int .Values.replicaCount) 16 }}
    - metadata:
        name: data
+        labels:
+          {{- toYaml .Values.commonLabels | nindent 10 }}
      spec:
        accessModes: ["ReadWriteOnce"]
-        storageClassName: {{ $.Values.storageclass.name }}
+        storageClassName: {{ .Values.storageclass.name }}
        resources:
          requests:
-            storage: {{ $.Values.storageclass.dataStorageSize}}
+            storage: {{ .Values.storageclass.dataStorageSize }}
    {{- end }}
 {{- end }}
--- a/helm/rustfs/templates/tests/test-connection.yaml
+++ b/helm/rustfs/templates/tests/test-connection.yaml
@@ -11,5 +11,5 @@ spec:
    - name: wget
      image: busybox
      command: ['wget']
-      args: ['{{ include "rustfs.fullname" . }}:{{ .Values.service.port }}']
+      args: ['-O', '/dev/null', '{{ include "rustfs.fullname" . }}-svc:{{ .Values.service.ep_port }}/health']
  restartPolicy: Never
--- a/helm/rustfs/values.yaml
+++ b/helm/rustfs/values.yaml
@@ -23,12 +23,10 @@ imageRegistryCredentials:
  password: ""
  email: ""

-
 # This is to override the chart name.
 nameOverride: ""
 fullnameOverride: ""

-
 mode:
  standalone:
    enabled: false
@@ -43,14 +41,18 @@ secret:

 config:
  rustfs:
-    volume: "/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3"
-    address: "0.0.0.0:9000"
-    console_address: "0.0.0.0:9001"
+    # Examples
+    # volumes: "/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3"
+    # volumes: "http://rustfs-{0...3}.rustfs-headless:9000/data/rustfs{0...3}"
+    volumes: ""
+    address: ":9000"
+    console_enable: "true"
+    console_address: ":9001"
    log_level: "debug"
    rust_log: "debug"
-    console_enable: "true"
-    obs_log_directory: "/logs"
    region: "us-east-1"
+    obs_log_directory: "/logs"
+    obs_environment: "develop"

 # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/
 serviceAccount:
@@ -67,13 +69,17 @@ serviceAccount:
 # This is for setting Kubernetes Annotations to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
 podAnnotations: {}
+
 # This is for setting Kubernetes Labels to a Pod.
 # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
 podLabels: {}

+# Labels to add to all deployed objects
+commonLabels: {}
+
 podSecurityContext:
  fsGroup: 10001
-  runAsUser: 10001 
+  runAsUser: 10001
  runAsGroup: 10001

 containerSecurityContext:
@@ -135,25 +141,32 @@ resources:
 livenessProbe:
  httpGet:
    path: /health
-    port: http
+    port: endpoint
+  initialDelaySeconds: 10
+  periodSeconds: 5
+  timeoutSeconds: 3
+  successThreshold: 1
+  failureThreshold: 3
+
 readinessProbe:
  httpGet:
    path: /health
-    port: http
-
-# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/
-autoscaling:
-  enabled: false
-  minReplicas: 1
-  maxReplicas: 100
-  targetCPUUtilizationPercentage: 80
-  # targetMemoryUtilizationPercentage: 80
+    port: endpoint
+  initialDelaySeconds: 30
+  periodSeconds: 5
+  timeoutSeconds: 3
+  successThreshold: 1
+  failureThreshold: 3

 nodeSelector: {}

 tolerations: []

-affinity: {}
+affinity:
+  podAntiAffinity:
+    enabled: true
+    topologyKey: kubernetes.io/hostname
+  nodeAffinity: {}

 storageclass:
  name: local-path