diff --git a/helm/README.md b/helm/README.md index c437fdb5..0dcb4329 100644 --- a/helm/README.md +++ b/helm/README.md @@ -9,30 +9,105 @@ RustFS helm chart supports **standalone and distributed mode**. For standalone m **NOTE**: Please make sure which mode suits for you situation and specify the right parameter to install rustfs on kubernetes. +--- + # Parameters Overview -| parameter | description | default value | -| -- | -- | -- | -| replicaCount | Number of cluster nodes. | `4`. | -| imagePullSecrets | A List of secrets to pull image from private registry. | `name: secret-name`| -| imageRegistryCredentials.enabled | To indicate whether pull image from private registry. | `false` | -| imageRegistryCredentials.registry | Private registry url to pull rustfs image. | None | -| imageRegistryCredentials.username | The username to pull rustfs image from private registry. | None | -| imageRegistryCredentials.password | The password to pull rustfs image from private registry. | None | -| imageRegistryCredentials.email | The email to pull rustfs image from private registry. | None | -| mode.standalone.enabled | RustFS standalone mode support, namely one pod one pvc. | `false` | -| mode.distributed.enabled | RustFS distributed mode support, namely multiple pod multiple pvc. | `true` | -| image.repository | RustFS docker image repository. | `rustfs/rustfs` | -| image.tag | The tag for rustfs docker image | `latest` | -| secret.rustfs.access_key | RustFS Access Key ID | `rustfsadmin` | -| secret.rustfs.secret_key | RustFS Secret Key ID | `rustfsadmin` | -| storageclass.name | The name for StorageClass. | `local-path` | -| storageclass.dataStorageSize | The storage size for data PVC. | `256Mi` | -| storageclass.logStorageSize | The storage size for log PVC. | `256Mi` | -| ingress.className | Specify the ingress class, traefik or nginx. | `nginx` | +| Parameter | Type | Default value | Description | +|-----|------|---------|-------------| +| affinity.nodeAffinity | object | `{}` | | +| affinity.podAntiAffinity.enabled | bool | `true` | | +| affinity.podAntiAffinity.topologyKey | string | `"kubernetes.io/hostname"` | | +| commonLabels | object | `{}` | Labels to add to all deployed objects. | +| config.rustfs.address | string | `":9000"` | | +| config.rustfs.console_address | string | `":9001"` | | +| config.rustfs.console_enable | string | `"true"` | | +| config.rustfs.log_level | string | `"debug"` | | +| config.rustfs.obs_environment | string | `"develop"` | | +| config.rustfs.obs_log_directory | string | `"/logs"` | | +| config.rustfs.region | string | `"us-east-1"` | | +| config.rustfs.rust_log | string | `"debug"` | | +| config.rustfs.volumes | string | `""` | | +| containerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | +| containerSecurityContext.readOnlyRootFilesystem | bool | `true` | | +| containerSecurityContext.runAsNonRoot | bool | `true` | | +| extraManifests | list | `[]` | List of additional k8s manifests. | +| fullnameOverride | string | `""` | | +| image.pullPolicy | string | `"IfNotPresent"` | | +| image.repository | string | `"rustfs/rustfs"` | RustFS docker image repository. | +| image.tag | string | `"latest"` | The tag for rustfs docker image. | +| imagePullSecrets | list | `[]` | A List of secrets to pull image from private registry. | +| imageRegistryCredentials.email | string | `""` | The email to pull rustfs image from private registry. | +| imageRegistryCredentials.enabled | bool | `false` | To indicate whether pull image from private registry. | +| imageRegistryCredentials.password | string | `""` | The password to pull rustfs image from private registry. | +| imageRegistryCredentials.registry | string | `""` | Private registry url to pull rustfs image. | +| imageRegistryCredentials.username | string | `""` | The username to pull rustfs image from private registry. | +| ingress.className | string | `"traefik"` | Specify the ingress class, traefik or nginx. | +| ingress.enabled | bool | `true` | | +| ingress.hosts[0].host | string | `"your.rustfs.com"` | | +| ingress.hosts[0].paths[0].path | string | `"/"` | | +| ingress.hosts[0].paths[0].pathType | string | `"ImplementationSpecific"` | | +| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/affinity" | string | `"cookie"` | | +| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-expires" | string | `"3600"` | | +| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-hash" | string | `"sha1"` | | +| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-max-age" | string | `"3600"` | | +| ingress.nginxAnnotations."nginx.ingress.kubernetes.io/session-cookie-name" | string | `"rustfs"` | | +| ingress.tls[0].hosts[0] | string | `"your.rustfs.com"` | | +| ingress.tls[0].secretName | string | `"rustfs-tls"` | | +| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie" | string | `"true"` | | +| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.httponly" | string | `"true"` | | +| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.name" | string | `"rustfs"` | | +| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.samesite" | string | `"none"` | | +| ingress.traefikAnnotations."traefik.ingress.kubernetes.io/service.sticky.cookie.secure" | string | `"true"` | | +| livenessProbe.failureThreshold | int | `3` | | +| livenessProbe.httpGet.path | string | `"/health"` | | +| livenessProbe.httpGet.port | string | `"endpoint"` | | +| livenessProbe.initialDelaySeconds | int | `10` | | +| livenessProbe.periodSeconds | int | `5` | | +| livenessProbe.successThreshold | int | `1` | | +| livenessProbe.timeoutSeconds | int | `3` | | +| mode.distributed.enabled | bool | `true` | RustFS distributed mode support, namely multiple pod multiple pvc. | +| mode.standalone.enabled | bool | `false` | RustFS standalone mode support, namely one pod one pvc. | +| nameOverride | string | `""` | | +| nodeSelector | object | `{}` | | +| podAnnotations | object | `{}` | | +| podLabels | object | `{}` | | +| podSecurityContext.fsGroup | int | `10001` | | +| podSecurityContext.runAsGroup | int | `10001` | | +| podSecurityContext.runAsUser | int | `10001` | | +| readinessProbe.failureThreshold | int | `3` | | +| readinessProbe.httpGet.path | string | `"/health"` | | +| readinessProbe.httpGet.port | string | `"endpoint"` | | +| readinessProbe.initialDelaySeconds | int | `30` | | +| readinessProbe.periodSeconds | int | `5` | | +| readinessProbe.successThreshold | int | `1` | | +| readinessProbe.timeoutSeconds | int | `3` | | +| replicaCount | int | `4` | Number of cluster nodes. | +| resources.limits.cpu | string | `"200m"` | | +| resources.limits.memory | string | `"512Mi"` | | +| resources.requests.cpu | string | `"100m"` | | +| resources.requests.memory | string | `"128Mi"` | | +| secret.existingSecret | string | `""` | Use existing secret with a credentials. | +| secret.rustfs.access_key | string | `"rustfsadmin"` | RustFS Access Key ID | +| secret.rustfs.secret_key | string | `"rustfsadmin"` | RustFS Secret Key ID | +| service.console_port | int | `9001` | | +| service.ep_port | int | `9000` | | +| service.type | string | `"NodePort"` | | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.automount | bool | `true` | | +| serviceAccount.create | bool | `true` | | +| serviceAccount.name | string | `""` | | +| storageclass.dataStorageSize | string | `"256Mi"` | The storage size for data PVC. | +| storageclass.logStorageSize | string | `"256Mi"` | The storage size for logs PVC. | +| storageclass.name | string | `"local-path"` | The name for StorageClass. | +| tls.crt | string | `"tls.crt"` | | +| tls.enabled | bool | `false` | | +| tls.key | string | `"tls.key"` | | +| tolerations | list | `[]` | | +--- -**NOTE**: +**NOTE**: The chart pulls the rustfs image from Docker Hub by default. For private registries, provide either: @@ -112,11 +187,11 @@ Access the rustfs cluster via `https://your.rustfs.com` with the default usernam # TLS configuration -By default, tls is not enabled.If you want to enable tls(recommendated),you can follow below steps: +By default, tls is not enabled. If you want to enable tls(recommendated),you can follow below steps: * Step 1: Certification generation -You can request cert and key from CA or use the self-signed cert(**not recommendated on prod**),and put those two files(eg, `tls.crt` and `tls.key`) under some directory on server, for example `tls` directory. +You can request cert and key from CA or use the self-signed cert(**not recommendated on prod**), and put those two files(eg, `tls.crt` and `tls.key`) under some directory on server, for example `tls` directory. * Step 2: Certification specifying diff --git a/helm/rustfs/templates/NOTES.txt b/helm/rustfs/templates/NOTES.txt index 7f5eb704..e73932fb 100644 --- a/helm/rustfs/templates/NOTES.txt +++ b/helm/rustfs/templates/NOTES.txt @@ -1,22 +1,10 @@ -1. Get the application URL by running these commands: +1. Watch all pods come up + kubectl get pods -w -l app.kubernetes.io/name={{ include "rustfs.name" . }} -n {{ .Release.Namespace }} {{- if .Values.ingress.enabled }} +2. Visit the dashboard {{- range $host := .Values.ingress.hosts }} {{- range .paths }} http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} {{- end }} {{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "rustfs.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch its status by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "rustfs.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "rustfs.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "rustfs.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT {{- end }} diff --git a/helm/rustfs/templates/_helpers.tpl b/helm/rustfs/templates/_helpers.tpl index d9034b97..0b4a1b4f 100644 --- a/helm/rustfs/templates/_helpers.tpl +++ b/helm/rustfs/templates/_helpers.tpl @@ -99,3 +99,15 @@ Render imagePullSecrets for workloads - appends registry secret {{- toYaml $secrets }} {{- end }} +{{/* +Render RUSTFS_VOLUMES +*/}} +{{- define "rustfs.volumes" -}} +{{- if eq (int .Values.replicaCount) 4 }} +{{- printf "http://%s-{0...%d}.%s-headless:%d/data/rustfs{0...%d}" (include "rustfs.fullname" .) (sub (.Values.replicaCount | int) 1) (include "rustfs.fullname" . ) (.Values.service.ep_port | int) (sub (.Values.replicaCount | int) 1) }} +{{- end }} +{{- if eq (int .Values.replicaCount) 16 }} +{{- printf "http://%s-{0...%d}.%s-headless:%d/data" (include "rustfs.fullname" .) (sub (.Values.replicaCount | int) 1) (include "rustfs.fullname" .) (.Values.service.ep_port | int) }} +{{- end }} +{{- end }} + diff --git a/helm/rustfs/templates/configmap.yaml b/helm/rustfs/templates/configmap.yaml index 132ff4c2..e2a75a6d 100644 --- a/helm/rustfs/templates/configmap.yaml +++ b/helm/rustfs/templates/configmap.yaml @@ -2,22 +2,20 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ include "rustfs.fullname" . }}-config + labels: + {{- toYaml .Values.commonLabels | nindent 4 }} data: RUSTFS_ADDRESS: {{ .Values.config.rustfs.address | quote }} RUSTFS_CONSOLE_ADDRESS: {{ .Values.config.rustfs.console_address | quote }} - RUSTFS_OBS_LOG_DIRECTORY: {{ .Values.config.rustfs.obs_log_directory | quote }} RUSTFS_CONSOLE_ENABLE: {{ .Values.config.rustfs.console_enable | quote }} + RUSTFS_OBS_LOG_DIRECTORY: {{ .Values.config.rustfs.obs_log_directory | quote }} RUSTFS_OBS_LOGGER_LEVEL: {{ .Values.config.rustfs.log_level | quote }} + RUSTFS_OBS_ENVIRONMENT: {{ .Values.config.rustfs.obs_environment | quote }} {{- if .Values.config.rustfs.region }} RUSTFS_REGION: {{ .Values.config.rustfs.region | quote }} {{- end }} {{- if .Values.mode.distributed.enabled }} - {{- if eq (int .Values.replicaCount) 4 }} - RUSTFS_VOLUMES: "http://{{ include "rustfs.fullname" . }}-{0...3}.{{ include "rustfs.fullname" . }}-headless:9000/data/rustfs{0...3}" - {{- else if eq (int .Values.replicaCount) 16 }} - RUSTFS_VOLUMES: "http://{{ include "rustfs.fullname" . }}-{0...15}.{{ include "rustfs.fullname" . }}-headless:9000/data" - {{- end }} + RUSTFS_VOLUMES: {{ .Values.config.rustfs.volumes | default (include "rustfs.volumes" .) }} {{- else }} RUSTFS_VOLUMES: "/data" {{- end }} - RUSTFS_OBS_ENVIRONMENT: "develop" diff --git a/helm/rustfs/templates/deployment.yaml b/helm/rustfs/templates/deployment.yaml index 0394ae78..55d68df6 100644 --- a/helm/rustfs/templates/deployment.yaml +++ b/helm/rustfs/templates/deployment.yaml @@ -4,24 +4,56 @@ kind: Deployment metadata: name: {{ include "rustfs.fullname" . }} labels: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: 1 selector: matchLabels: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with include "chart.imagePullSecrets" . }} imagePullSecrets: {{- . | nindent 8 }} {{- end }} + {{- if .Values.affinity }} + affinity: + {{- if .Values.affinity.nodeAffinity }} + nodeAffinity: + {{- toYaml .Values.affinity.nodeAffinity | nindent 10 }} + {{- if .Values.affinity.podAntiAffinity.enabled }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "rustfs.name" . }} + topologyKey: {{ .Values.affinity.podAntiAffinity.topologyKey }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} {{- if .Values.podSecurityContext }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 12 }} + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} initContainers: - name: init-step diff --git a/helm/rustfs/templates/ingress.yaml b/helm/rustfs/templates/ingress.yaml index 94eedfc7..47197a98 100644 --- a/helm/rustfs/templates/ingress.yaml +++ b/helm/rustfs/templates/ingress.yaml @@ -5,6 +5,9 @@ metadata: name: {{ include "rustfs.fullname" . }} labels: {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- if eq .Values.ingress.className "nginx" }} {{- with .Values.ingress.nginxAnnotations }} annotations: diff --git a/helm/rustfs/templates/pvc.yaml b/helm/rustfs/templates/pvc.yaml index 1cab744d..a50a04e9 100644 --- a/helm/rustfs/templates/pvc.yaml +++ b/helm/rustfs/templates/pvc.yaml @@ -3,6 +3,8 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ include "rustfs.fullname" . }}-data + labels: + {{- toYaml .Values.commonLabels | nindent 4 }} spec: accessModes: ["ReadWriteOnce"] storageClassName: {{ .Values.storageclass.name }} @@ -15,10 +17,12 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: name: {{ include "rustfs.fullname" . }}-logs + labels: + {{- toYaml .Values.commonLabels | nindent 4 }} spec: accessModes: ["ReadWriteOnce"] storageClassName: {{ .Values.storageclass.name }} resources: requests: storage: {{ .Values.storageclass.logStorageSize }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/rustfs/templates/secret-tls.yaml b/helm/rustfs/templates/secret-tls.yaml index 8c78787b..6941d623 100644 --- a/helm/rustfs/templates/secret-tls.yaml +++ b/helm/rustfs/templates/secret-tls.yaml @@ -3,8 +3,10 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "rustfs.fullname" . }}-tls + labels: + {{- toYaml .Values.commonLabels | nindent 4 }} type: kubernetes.io/tls data: tls.crt : {{ .Values.tls.crt | b64enc | quote }} tls.key : {{ .Values.tls.key | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/helm/rustfs/templates/secret.yaml b/helm/rustfs/templates/secret.yaml index b0f061cb..2caa8509 100644 --- a/helm/rustfs/templates/secret.yaml +++ b/helm/rustfs/templates/secret.yaml @@ -3,6 +3,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "rustfs.secretName" . }} + labels: + {{- toYaml .Values.commonLabels | nindent 4 }} type: Opaque data: RUSTFS_ACCESS_KEY: {{ .Values.secret.rustfs.access_key | b64enc | quote }} @@ -15,6 +17,8 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "rustfs.imagePullSecret.name" . }} + labels: + {{- toYaml .Values.commonLabels | nindent 4 }} type: kubernetes.io/dockerconfigjson data: .dockerconfigjson: {{ template "imagePullSecret" . }} diff --git a/helm/rustfs/templates/service.yaml b/helm/rustfs/templates/service.yaml index 3e8d315a..e49894f2 100644 --- a/helm/rustfs/templates/service.yaml +++ b/helm/rustfs/templates/service.yaml @@ -5,24 +5,20 @@ metadata: name: {{ include "rustfs.fullname" . }}-headless labels: {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: + {{- /* headless service */}} clusterIP: None publishNotReadyAddresses: true ports: - {{- if .Values.ingress.enabled }} - - port: 9000 - {{- else }} - port: {{ .Values.service.ep_port }} - {{- end }} - targetPort: {{ .Values.service.ep_port }} - protocol: TCP name: endpoint - port: {{ .Values.service.console_port }} - targetPort: 9001 - protocol: TCP name: console selector: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.selectorLabels" . | nindent 4 }} {{- end }} --- @@ -40,6 +36,9 @@ metadata: {{- end }} labels: {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: {{- if .Values.ingress.enabled }} type: ClusterIP @@ -52,12 +51,8 @@ spec: {{- end }} ports: - port: {{ .Values.service.ep_port }} - targetPort: {{ .Values.service.ep_port }} - protocol: TCP name: endpoint - port: {{ .Values.service.console_port }} - targetPort: {{ .Values.service.console_port }} - protocol: TCP name: console selector: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.selectorLabels" . | nindent 4 }} diff --git a/helm/rustfs/templates/serviceaccount.yaml b/helm/rustfs/templates/serviceaccount.yaml index a70c5d2e..9edd6d7b 100644 --- a/helm/rustfs/templates/serviceaccount.yaml +++ b/helm/rustfs/templates/serviceaccount.yaml @@ -5,6 +5,9 @@ metadata: name: {{ include "rustfs.serviceAccountName" . }} labels: {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- with .Values.serviceAccount.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/helm/rustfs/templates/statefulset.yaml b/helm/rustfs/templates/statefulset.yaml index bc83389d..b17a08ef 100644 --- a/helm/rustfs/templates/statefulset.yaml +++ b/helm/rustfs/templates/statefulset.yaml @@ -1,27 +1,70 @@ +{{- $logDir := .Values.config.rustfs.obs_log_directory }} + {{- if .Values.mode.distributed.enabled }} +--- apiVersion: apps/v1 kind: StatefulSet metadata: name: {{ include "rustfs.fullname" . }} + labels: + {{- include "rustfs.labels" . | nindent 4 }} + {{- with .Values.commonLabels }} + {{- toYaml . | nindent 4 }} + {{- end }} spec: serviceName: {{ include "rustfs.fullname" . }}-headless replicas: {{ .Values.replicaCount }} podManagementPolicy: Parallel selector: matchLabels: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.selectorLabels" . | nindent 6 }} template: metadata: labels: - app: {{ include "rustfs.name" . }} + {{- include "rustfs.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} spec: {{- with include "chart.imagePullSecrets" . }} imagePullSecrets: {{- . | nindent 8 }} {{- end }} + {{- if and .Values.nodeSelector (not .Values.affinity.nodeAffinity) }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: + nodeAffinity: + {{- if .Values.affinity.nodeAffinity }} + {{- toYaml .Values.affinity.nodeAffinity | nindent 10 }} + {{- else }} + {} + {{- if .Values.affinity.podAntiAffinity.enabled }} + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - labelSelector: + matchExpressions: + - key: app.kubernetes.io/name + operator: In + values: + - {{ include "rustfs.name" . }} + topologyKey: {{ .Values.affinity.podAntiAffinity.topologyKey }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + {{- end }} {{- if .Values.podSecurityContext }} securityContext: - {{- toYaml .Values.podSecurityContext | nindent 12 }} + {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} initContainers: - name: init-step @@ -32,7 +75,7 @@ spec: runAsGroup: 0 env: - name: REPLICA_COUNT - value: "{{ .Values.replicaCount }}" + value: {{ .Values.replicaCount | quote }} command: - sh - -c @@ -44,9 +87,8 @@ spec: elif [ "$REPLICA_COUNT" -eq 16 ]; then mkdir -p /data fi - - chown -R 10001:10001 /data - chown -R 10001:10001 /logs + mkdir -p {{ $logDir }} + chown -R 10001:10001 /data {{ $logDir }} volumeMounts: {{- if eq (int .Values.replicaCount) 4 }} {{- range $i := until (int .Values.replicaCount) }} @@ -58,7 +100,7 @@ spec: mountPath: /data {{- end }} - name: logs - mountPath: /logs + mountPath: {{ $logDir }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -66,7 +108,7 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} {{- if .Values.containerSecurityContext }} securityContext: - {{- toYaml .Values.containerSecurityContext | nindent 12 }} + {{- toYaml .Values.containerSecurityContext | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.service.ep_port }} @@ -75,7 +117,7 @@ spec: name: console env: - name: REPLICA_COUNT - value: "{{ .Values.replicaCount }}" + value: {{ .Values.replicaCount | quote }} envFrom: - configMapRef: name: {{ include "rustfs.fullname" . }}-config @@ -89,26 +131,12 @@ spec: memory: {{ .Values.resources.limits.memory }} cpu: {{ .Values.resources.limits.cpu }} livenessProbe: - httpGet: - path: /health - port: 9000 - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 3 - successThreshold: 1 - failureThreshold: 3 + {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: - httpGet: - path: /health - port: 9000 - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 3 - successThreshold: 1 - failureThreshold: 3 + {{- toYaml .Values.readinessProbe | nindent 12 }} volumeMounts: - name: logs - mountPath: /logs + mountPath: {{ $logDir }} {{- if eq (int .Values.replicaCount) 4 }} {{- range $i := until (int .Values.replicaCount) }} - name: data-rustfs-{{ $i }} @@ -121,31 +149,37 @@ spec: volumeClaimTemplates: - metadata: name: logs + labels: + {{- toYaml .Values.commonLabels | nindent 10 }} spec: accessModes: ["ReadWriteOnce"] - storageClassName: {{ $.Values.storageclass.name }} + storageClassName: {{ .Values.storageclass.name }} resources: requests: - storage: {{ $.Values.storageclass.logStorageSize}} + storage: {{ .Values.storageclass.logStorageSize }} {{- if eq (int .Values.replicaCount) 4 }} {{- range $i := until (int .Values.replicaCount) }} - metadata: name: data-rustfs-{{ $i }} + labels: + {{- toYaml $.Values.commonLabels | nindent 10 }} spec: accessModes: ["ReadWriteOnce"] storageClassName: {{ $.Values.storageclass.name }} resources: requests: - storage: {{ $.Values.storageclass.dataStorageSize}} + storage: {{ $.Values.storageclass.dataStorageSize }} {{- end }} {{- else if eq (int .Values.replicaCount) 16 }} - metadata: name: data + labels: + {{- toYaml .Values.commonLabels | nindent 10 }} spec: accessModes: ["ReadWriteOnce"] - storageClassName: {{ $.Values.storageclass.name }} + storageClassName: {{ .Values.storageclass.name }} resources: requests: - storage: {{ $.Values.storageclass.dataStorageSize}} + storage: {{ .Values.storageclass.dataStorageSize }} {{- end }} {{- end }} diff --git a/helm/rustfs/templates/tests/test-connection.yaml b/helm/rustfs/templates/tests/test-connection.yaml index 42d4fff0..428fc9b5 100644 --- a/helm/rustfs/templates/tests/test-connection.yaml +++ b/helm/rustfs/templates/tests/test-connection.yaml @@ -11,5 +11,5 @@ spec: - name: wget image: busybox command: ['wget'] - args: ['{{ include "rustfs.fullname" . }}:{{ .Values.service.port }}'] + args: ['-O', '/dev/null', '{{ include "rustfs.fullname" . }}-svc:{{ .Values.service.ep_port }}/health'] restartPolicy: Never diff --git a/helm/rustfs/values.yaml b/helm/rustfs/values.yaml index 68dcedce..6ed5baa7 100644 --- a/helm/rustfs/values.yaml +++ b/helm/rustfs/values.yaml @@ -23,12 +23,10 @@ imageRegistryCredentials: password: "" email: "" - # This is to override the chart name. nameOverride: "" fullnameOverride: "" - mode: standalone: enabled: false @@ -43,14 +41,18 @@ secret: config: rustfs: - volume: "/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3" - address: "0.0.0.0:9000" - console_address: "0.0.0.0:9001" + # Examples + # volumes: "/data/rustfs0,/data/rustfs1,/data/rustfs2,/data/rustfs3" + # volumes: "http://rustfs-{0...3}.rustfs-headless:9000/data/rustfs{0...3}" + volumes: "" + address: ":9000" + console_enable: "true" + console_address: ":9001" log_level: "debug" rust_log: "debug" - console_enable: "true" - obs_log_directory: "/logs" region: "us-east-1" + obs_log_directory: "/logs" + obs_environment: "develop" # This section builds out the service account more information can be found here: https://kubernetes.io/docs/concepts/security/service-accounts/ serviceAccount: @@ -67,13 +69,17 @@ serviceAccount: # This is for setting Kubernetes Annotations to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ podAnnotations: {} + # This is for setting Kubernetes Labels to a Pod. # For more information checkout: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ podLabels: {} +# Labels to add to all deployed objects +commonLabels: {} + podSecurityContext: fsGroup: 10001 - runAsUser: 10001 + runAsUser: 10001 runAsGroup: 10001 containerSecurityContext: @@ -135,25 +141,32 @@ resources: livenessProbe: httpGet: path: /health - port: http + port: endpoint + initialDelaySeconds: 10 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: httpGet: path: /health - port: http - -# This section is for setting up autoscaling more information can be found here: https://kubernetes.io/docs/concepts/workloads/autoscaling/ -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 + port: endpoint + initialDelaySeconds: 30 + periodSeconds: 5 + timeoutSeconds: 3 + successThreshold: 1 + failureThreshold: 3 nodeSelector: {} tolerations: [] -affinity: {} +affinity: + podAntiAffinity: + enabled: true + topologyKey: kubernetes.io/hostname + nodeAffinity: {} storageclass: name: local-path