seaweedfs
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# This file has been modified by Chainguard, Inc.
2
#
3
# Copyright Chainguard, Inc. All Rights Reserved.
4
# Chainguard, Inc. modifications are subject to the license
5
# available at: https://www.chainguard.dev/legal/software-license-agreement
6
#
7
# Copyright Broadcom, Inc. All Rights Reserved.
8
# SPDX-License-Identifier: APACHE-2.0
9
10
## @section Global parameters
11
## Global Docker image parameters
12
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
13
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
14
##
15
16
## @param global.imageRegistry Global Docker image registry
17
## @param global.imagePullSecrets Global Docker registry secret names as an array
18
## @param global.defaultStorageClass Global default StorageClass for Persistent Volume(s)
19
##
20
global:
21
imageRegistry: ""
22
## e.g:
23
## imagePullSecrets:
24
## - myRegistryKeySecretName
25
##
26
imagePullSecrets: []
27
defaultStorageClass: ""
28
## Security parameters
29
##
30
security:
31
## @param global.security.allowInsecureImages Allows skipping image verification
32
allowInsecureImages: false
33
## Compatibility adaptations for Kubernetes platforms
34
##
35
compatibility:
36
## Compatibility adaptations for Openshift
37
##
38
openshift:
39
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
40
##
41
adaptSecurityContext: auto
42
org: ""
43
## @section Common parameters
44
##
45
46
## @param kubeVersion Override Kubernetes version
47
##
48
kubeVersion: ""
49
## @param nameOverride String to partially override common.names.name
50
##
51
nameOverride: ""
52
## @param fullnameOverride String to fully override common.names.fullname
53
##
54
fullnameOverride: ""
55
## @param namespaceOverride String to fully override common.names.namespace
56
##
57
namespaceOverride: ""
58
## @param commonLabels Labels to add to all deployed objects
59
##
60
commonLabels: {}
61
## @param commonAnnotations Annotations to add to all deployed objects
62
##
63
commonAnnotations: {}
64
## @param clusterDomain Kubernetes cluster domain name
65
##
66
clusterDomain: cluster.local
67
## @param extraDeploy Array of extra objects to deploy with the release
68
##
69
extraDeploy: []
70
## Diagnostic mode
71
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
72
## @param diagnosticMode.command Command to override all containers in the chart release
73
## @param diagnosticMode.args Args to override all containers in the chart release
74
##
75
diagnosticMode:
76
enabled: false
77
command:
78
- sleep
79
args:
80
- infinity
81
## Iamguarded SeaweedFS image
82
## @param image.registry [default: REGISTRY_NAME] SeaweedFS image registry
83
## @param image.repository [default: REPOSITORY_NAME/seaweedfs] SeaweedFS image repository
84
## @skip image.tag SeaweedFS image tag (immutable tags are recommended)
85
## @param image.digest SeaweedFS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
86
## @param image.pullPolicy SeaweedFS image pull policy
87
## @param image.pullSecrets SeaweedFS image pull secrets
88
## @param image.debug Enable SeaweedFS image debug mode
89
##
90
image:
91
registry: cgr.dev
92
repository: chainguard-private/seaweedfs-iamguarded
93
tag: 4.17-r0
94
digest: ""
95
## Specify a imagePullPolicy
96
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
97
##
98
pullPolicy: IfNotPresent
99
## Optionally specify an array of imagePullSecrets.
100
## Secrets must be manually created in the namespace.
101
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
102
## e.g:
103
## pullSecrets:
104
## - myRegistryKeySecretName
105
##
106
pullSecrets: []
107
debug: false
108
## Security parameters
109
##
110
security:
111
## @param security.enabled Enable Security settings
112
##
113
enabled: false
114
## @param security.corsAllowedOrigins CORS allowed origins
115
##
116
corsAllowedOrigins: "*"
117
## JWT authz parameters
118
## ref: https://github.com/seaweedfs/seaweedfs/wiki/Security-Overview#securing-volume-servers
119
## ref: https://github.com/seaweedfs/seaweedfs/wiki/Security-Overview#securing-filer-http-with-jwt
120
## @param security.jwtSigning.volumeWrite Enable JWT signing for volume write operations
121
## @param security.jwtSigning.volumeRead Enable JWT signing for volume read operations
122
## @param security.jwtSigning.filerWrite Enable JWT signing for filer write operations
123
## @param security.jwtSigning.filerRead Enable JWT signing for filer read operations
124
##
125
jwtSigning:
126
volumeWrite: true
127
volumeRead: false
128
filerWrite: false
129
filerRead: false
130
## Mutual TLS for gRPC communications
131
## ref: https://github.com/seaweedfs/seaweedfs/wiki/Security-Overview#securing-grpc-operations
132
##
133
mTLS:
134
## @param security.mTLS.enabled Enable mTLS for gRPC communications
135
##
136
enabled: false
137
## @param security.mTLS.autoGenerated.enabled Enable automatic generation of certificates for mTLS
138
## @param security.mTLS.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
139
autoGenerated:
140
enabled: false
141
engine: helm
142
## @param security.mTLS.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
143
## @param security.mTLS.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
144
## @param security.mTLS.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
145
## @param security.mTLS.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
146
## @param security.mTLS.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
147
## @param security.mTLS.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
148
certManager:
149
existingIssuer: ""
150
existingIssuerKind: ""
151
keySize: 2048
152
keyAlgorithm: RSA
153
duration: 2160h
154
renewBefore: 360h
155
## @param security.mTLS.ca CA certificate for mTLS. Ignored if `security.mTLS.existingCASecret` is set
156
## @param security.mTLS.existingCASecret The name of an existing Secret containing the CA certificate for mTLS
157
## @param security.mTLS.master.cert Master Server certificate for mTLS. Ignored if `security.mTLS.master.existingSecret` is set
158
## @param security.mTLS.master.key Master Server key for mTLS. Ignored if `security.mTLS.master.existingSecret` is set
159
## @param security.mTLS.master.existingSecret The name of an existing Secret containing the Master Server certificates for mTLS
160
## @param security.mTLS.volume.cert Volume Server certificate for mTLS. Ignored if `security.mTLS.volume.existingSecret` is set
161
## @param security.mTLS.volume.key Volume Server key for mTLS. Ignored if `security.mTLS.volume.existingSecret` is set
162
## @param security.mTLS.volume.existingSecret The name of an existing Secret containing the Volume Server certificates for mTLS
163
## @param security.mTLS.filer.cert Filer certificate for mTLS. Ignored if `security.mTLS.filer.existingSecret` is set
164
## @param security.mTLS.filer.key Filer key for mTLS. Ignored if `security.mTLS.filer.existingSecret` is set
165
## @param security.mTLS.filer.existingSecret The name of an existing Secret containing the Filer certificates for mTLS
166
## @param security.mTLS.client.cert Client certificate for mTLS. Ignored if `security.mTLS.client.existingSecret` is set
167
## @param security.mTLS.client.key Client key for mTLS. Ignored if `security.mTLS.client.existingSecret` is set
168
## @param security.mTLS.client.existingSecret The name of an existing Secret containing the Client certificates for mTLS
169
ca: ""
170
existingCASecret: ""
171
master:
172
cert: ""
173
key: ""
174
existingSecret: ""
175
volume:
176
cert: ""
177
key: ""
178
existingSecret: ""
179
filer:
180
cert: ""
181
key: ""
182
existingSecret: ""
183
client:
184
cert: ""
185
key: ""
186
existingSecret: ""
187
## @param clusterDefault Default SeaweedFS cluster name
188
##
189
clusterDefault: sw
190
## @section Master Server Parameters
191
##
192
master:
193
## @param master.replicaCount Number of Master Server replicas to deploy
194
##
195
replicaCount: 1
196
## @param master.containerPorts.http Master Server HTTP container port
197
## @param master.containerPorts.grpc Master Server GRPC container port
198
## @param master.containerPorts.metrics Master Server metrics container port
199
##
200
containerPorts:
201
http: 9333
202
grpc: 19333
203
metrics: 9327
204
## @param master.extraContainerPorts Optionally specify extra list of additional ports for Master Server containers
205
## e.g:
206
## extraContainerPorts:
207
## - name: myservice
208
## containerPort: 9090
209
##
210
extraContainerPorts: []
211
## Configure extra options for Master Server containers' liveness and readiness probes
212
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
213
## @param master.livenessProbe.enabled Enable livenessProbe on Master Server containers
214
## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
215
## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe
216
## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
217
## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe
218
## @param master.livenessProbe.successThreshold Success threshold for livenessProbe
219
##
220
livenessProbe:
221
enabled: true
222
initialDelaySeconds: 30
223
timeoutSeconds: 30
224
periodSeconds: 10
225
successThreshold: 1
226
failureThreshold: 6
227
## @param master.readinessProbe.enabled Enable readinessProbe on Master Server containers
228
## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
229
## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe
230
## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
231
## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe
232
## @param master.readinessProbe.successThreshold Success threshold for readinessProbe
233
##
234
readinessProbe:
235
enabled: true
236
initialDelaySeconds: 30
237
timeoutSeconds: 30
238
periodSeconds: 10
239
successThreshold: 1
240
failureThreshold: 6
241
## @param master.startupProbe.enabled Enable startupProbe on Master Server containers
242
## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
243
## @param master.startupProbe.periodSeconds Period seconds for startupProbe
244
## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe
245
## @param master.startupProbe.failureThreshold Failure threshold for startupProbe
246
## @param master.startupProbe.successThreshold Success threshold for startupProbe
247
##
248
startupProbe:
249
enabled: false
250
initialDelaySeconds: 5
251
periodSeconds: 5
252
timeoutSeconds: 1
253
failureThreshold: 15
254
successThreshold: 1
255
## @param master.customLivenessProbe Custom livenessProbe that overrides the default one
256
##
257
customLivenessProbe: {}
258
## @param master.customReadinessProbe Custom readinessProbe that overrides the default one
259
##
260
customReadinessProbe: {}
261
## @param master.customStartupProbe Custom startupProbe that overrides the default one
262
##
263
customStartupProbe: {}
264
## Master Server resource requests and limits
265
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
266
## @param master.resourcesPreset Set Master Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
267
##
268
resourcesPreset: "nano"
269
## @param master.resources Set Master Server container requests and limits for different resources like CPU or memory (essential for production workloads)
270
## Example:
271
## resources:
272
## requests:
273
## cpu: 2
274
## memory: 512Mi
275
## limits:
276
## cpu: 3
277
## memory: 1024Mi
278
##
279
resources: {}
280
## Configure Pods Security Context
281
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
282
## @param master.podSecurityContext.enabled Enable Master Server pods' Security Context
283
## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Master Server pods
284
## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Master Server pods
285
## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups for Master Server pods
286
## @param master.podSecurityContext.fsGroup Set fsGroup in Master Server pods' Security Context
287
##
288
podSecurityContext:
289
enabled: true
290
fsGroupChangePolicy: Always
291
sysctls: []
292
supplementalGroups: []
293
fsGroup: 1001
294
## Configure Container Security Context
295
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
296
## @param master.containerSecurityContext.enabled Enabled Master Server container' Security Context
297
## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Master Server container
298
## @param master.containerSecurityContext.runAsUser Set runAsUser in Master Server container' Security Context
299
## @param master.containerSecurityContext.runAsGroup Set runAsGroup in Master Server container' Security Context
300
## @param master.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Master Server container' Security Context
301
## @param master.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Master Server container' Security Context
302
## @param master.containerSecurityContext.privileged Set privileged in Master Server container' Security Context
303
## @param master.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Master Server container' Security Context
304
## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Master Server container
305
## @param master.containerSecurityContext.seccompProfile.type Set seccomp profile in Master Server container
306
##
307
containerSecurityContext:
308
enabled: true
309
seLinuxOptions: {}
310
runAsUser: 1001
311
runAsGroup: 1001
312
runAsNonRoot: true
313
readOnlyRootFilesystem: true
314
privileged: false
315
allowPrivilegeEscalation: false
316
capabilities:
317
drop: ["ALL"]
318
seccompProfile:
319
type: "RuntimeDefault"
320
## @param master.logLevel Master Server log level (0, 1, 2, 3, or 4)
321
##
322
logLevel: 1
323
## @param master.bindAddress Master Server bind address
324
##
325
bindAddress: 0.0.0.0
326
## @param master.volumeSizeLimitMB Limit (in MB) to stop directing writes to oversized volumes
327
##
328
volumeSizeLimitMB: 1000
329
## @param master.config Master Server configuration
330
## Specify content for master.toml
331
##
332
config: ""
333
## @param master.existingConfigmap The name of an existing ConfigMap with your custom configuration for Master Server
334
##
335
existingConfigmap: ""
336
## @param master.command Override default Master Server container command (useful when using custom images)
337
##
338
command: []
339
## @param master.args Override default Master Server container args (useful when using custom images)
340
##
341
args: []
342
## @param master.automountServiceAccountToken Mount Service Account token in Master Server pods
343
##
344
automountServiceAccountToken: false
345
## @param master.hostAliases Master Server pods host aliases
346
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
347
##
348
hostAliases: []
349
## @param master.statefulsetAnnotations Annotations for Master Server StatefulSet
350
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
351
##
352
statefulsetAnnotations: {}
353
## @param master.podLabels Extra labels for Master Server pods
354
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
355
##
356
podLabels: {}
357
## @param master.podAnnotations Annotations for Master Server pods
358
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
359
##
360
podAnnotations: {}
361
## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
362
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
363
##
364
podAffinityPreset: ""
365
## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
366
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
367
##
368
podAntiAffinityPreset: soft
369
## Node master.affinity preset
370
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
371
##
372
nodeAffinityPreset:
373
## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
374
##
375
type: ""
376
## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
377
##
378
key: ""
379
## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
380
## E.g.
381
## values:
382
## - e2e-az1
383
## - e2e-az2
384
##
385
values: []
386
## @param master.affinity Affinity for Master Server pods assignment
387
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
388
## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
389
##
390
affinity: {}
391
## @param master.nodeSelector Node labels for Master Server pods assignment
392
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
393
##
394
nodeSelector: {}
395
## @param master.tolerations Tolerations for Master Server pods assignment
396
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
397
##
398
tolerations: []
399
## @param master.updateStrategy.type Master Server StatefulSet strategy type
400
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
401
##
402
updateStrategy:
403
## Can be set to RollingUpdate or OnDelete
404
##
405
type: RollingUpdate
406
## @param master.podManagementPolicy Pod management policy for Master Server StatefulSet
407
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
408
##
409
podManagementPolicy: Parallel
410
## @param master.priorityClassName Master Server pods' priorityClassName
411
##
412
priorityClassName: ""
413
## @param master.topologySpreadConstraints Topology Spread Constraints for Master Server pod assignment spread across your cluster among failure-domains
414
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
415
##
416
topologySpreadConstraints: []
417
## @param master.schedulerName Name of the k8s scheduler (other than default) for Master Server pods
418
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
419
##
420
schedulerName: ""
421
## @param master.terminationGracePeriodSeconds Seconds Master Server pods need to terminate gracefully
422
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
423
##
424
terminationGracePeriodSeconds: ""
425
## @param master.lifecycleHooks for Master Server containers to automate configuration before or after startup
426
##
427
lifecycleHooks: {}
428
## @param master.extraEnvVars Array with extra environment variables to add to Master Server containers
429
## e.g:
430
## extraEnvVars:
431
## - name: FOO
432
## value: "bar"
433
##
434
extraEnvVars: []
435
## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Master Server containers
436
##
437
extraEnvVarsCM: ""
438
## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Master Server containers
439
##
440
extraEnvVarsSecret: ""
441
## @param master.extraVolumes Optionally specify extra list of additional volumes for the Master Server pods
442
##
443
extraVolumes: []
444
## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Master Server containers
445
##
446
extraVolumeMounts: []
447
## @param master.sidecars Add additional sidecar containers to the Master Server pods
448
## e.g:
449
## sidecars:
450
## - name: your-image-name
451
## image: your-image
452
## imagePullPolicy: Always
453
## ports:
454
## - name: portname
455
## containerPort: 1234
456
##
457
sidecars: []
458
## @param master.initContainers Add additional init containers to the Master Server pods
459
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
460
## e.g:
461
## initContainers:
462
## - name: your-image-name
463
## image: your-image
464
## imagePullPolicy: Always
465
## command: ['sh', '-c', 'echo "hello world"']
466
##
467
initContainers: []
468
## Pod Disruption Budget configuration
469
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
470
## @param master.pdb.create Enable/disable a Pod Disruption Budget creation
471
## @param master.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
472
## @param master.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `master.pdb.minAvailable` and `master.pdb.maxUnavailable` are empty.
473
##
474
pdb:
475
create: true
476
minAvailable: ""
477
maxUnavailable: ""
478
## Autoscaling configuration
479
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
480
## @param master.autoscaling.enabled Enable autoscaling for master
481
## @param master.autoscaling.minReplicas Minimum number of master replicas
482
## @param master.autoscaling.maxReplicas Maximum number of master replicas
483
## @param master.autoscaling.targetCPU Target CPU utilization percentage
484
## @param master.autoscaling.targetMemory Target Memory utilization percentage
485
##
486
autoscaling:
487
enabled: false
488
minReplicas: ""
489
maxReplicas: ""
490
targetCPU: ""
491
targetMemory: ""
492
## @section Master Server Traffic Exposure Parameters
493
##
494
495
## Master Server service parameters
496
##
497
service:
498
## @param master.service.type Master Server service type
499
##
500
type: ClusterIP
501
## @param master.service.ports.http Master Server service HTTP port
502
## @param master.service.ports.grpc Master Server service GRPC port
503
##
504
ports:
505
http: 9333
506
grpc: 19333
507
## Node ports to expose
508
## @param master.service.nodePorts.http Node port for HTTP
509
## @param master.service.nodePorts.grpc Node port for GRPC
510
## NOTE: choose port between <30000-32767>
511
##
512
nodePorts:
513
http: ""
514
grpc: ""
515
## @param master.service.clusterIP Master Server service Cluster IP
516
## e.g.:
517
## clusterIP: None
518
##
519
clusterIP: ""
520
## @param master.service.loadBalancerIP Master Server service Load Balancer IP
521
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
522
##
523
loadBalancerIP: ""
524
## @param master.service.loadBalancerSourceRanges Master Server service Load Balancer sources
525
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
526
## e.g:
527
## loadBalancerSourceRanges:
528
## - 10.10.10.0/24
529
##
530
loadBalancerSourceRanges: []
531
## @param master.service.externalTrafficPolicy Master Server service external traffic policy
532
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
533
##
534
externalTrafficPolicy: Cluster
535
## @param master.service.annotations Additional custom annotations for Master Server service
536
##
537
annotations: {}
538
## @param master.service.extraPorts Extra ports to expose in Master Server service (normally used with the `sidecars` value)
539
##
540
extraPorts: []
541
## @param master.service.sessionAffinity Control where client requests go, to the same pod or round-robin
542
## Values: ClientIP or None
543
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
544
##
545
sessionAffinity: None
546
## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
547
## sessionAffinityConfig:
548
## clientIP:
549
## timeoutSeconds: 300
550
##
551
sessionAffinityConfig: {}
552
## Headless service properties
553
##
554
headless:
555
## @param master.service.headless.annotations Annotations for the headless service.
556
##
557
annotations: {}
558
## Network Policies for Master Server
559
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
560
##
561
networkPolicy:
562
## @param master.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Master Server
563
##
564
enabled: true
565
## @param master.networkPolicy.allowExternal Don't require server label for connections
566
## The Policy model to apply. When set to false, only pods with the correct
567
## server label will have network access to the ports server is listening
568
## on. When true, server will accept connections from any source
569
## (with the correct destination port).
570
##
571
allowExternal: true
572
## @param master.networkPolicy.allowExternalEgress Allow the Master Server pods to access any range of port and all destinations.
573
##
574
allowExternalEgress: true
575
## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
576
## e.g:
577
## extraIngress:
578
## - ports:
579
## - port: 1234
580
## from:
581
## - podSelector:
582
## - matchLabels:
583
## - role: frontend
584
## - podSelector:
585
## - matchExpressions:
586
## - key: role
587
## operator: In
588
## values:
589
## - frontend
590
extraIngress: []
591
## @param master.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
592
## e.g:
593
## extraEgress:
594
## - ports:
595
## - port: 1234
596
## to:
597
## - podSelector:
598
## - matchLabels:
599
## - role: frontend
600
## - podSelector:
601
## - matchExpressions:
602
## - key: role
603
## operator: In
604
## values:
605
## - frontend
606
##
607
extraEgress: []
608
## @param master.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
609
## @param master.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
610
##
611
ingressNSMatchLabels: {}
612
ingressNSPodMatchLabels: {}
613
## Master Server ingress parameters
614
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
615
##
616
ingress:
617
## @param master.ingress.enabled Enable ingress record generation for Master Server
618
##
619
enabled: false
620
## @param master.ingress.pathType Ingress path type
621
##
622
pathType: ImplementationSpecific
623
## @param master.ingress.apiVersion Force Ingress API version (automatically detected if not set)
624
##
625
apiVersion: ""
626
## @param master.ingress.hostname Default host for the ingress record
627
##
628
hostname: master.seaweedfs.local
629
## @param master.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
630
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
631
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
632
##
633
ingressClassName: ""
634
## @param master.ingress.path Default path for the ingress record
635
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
636
##
637
path: /
638
## @param master.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
639
## Use this parameter to set the required annotations for cert-manager, see
640
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
641
## e.g:
642
## annotations:
643
## kubernetes.io/ingress.class: nginx
644
## cert-manager.io/cluster-issuer: cluster-issuer-name
645
##
646
annotations: {}
647
## @param master.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
648
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
649
## You can:
650
## - Use the `ingress.secrets` parameter to create this TLS secret
651
## - Rely on cert-manager to create it by setting the corresponding annotations
652
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
653
##
654
tls: false
655
## @param master.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
656
##
657
selfSigned: false
658
## @param master.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
659
## e.g:
660
## extraHosts:
661
## - name: master.seaweedfs.local
662
## path: /
663
##
664
extraHosts: []
665
## @param master.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
666
## e.g:
667
## extraPaths:
668
## - path: /*
669
## backend:
670
## serviceName: ssl-redirect
671
## servicePort: use-annotation
672
##
673
extraPaths: []
674
## @param master.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
675
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
676
## e.g:
677
## extraTls:
678
## - hosts:
679
## - master.seaweedfs.local
680
## secretName: master.seaweedfs.local-tls
681
##
682
extraTls: []
683
## @param master.ingress.secrets Custom TLS certificates as secrets
684
## NOTE: 'key' and 'certificate' are expected in PEM format
685
## NOTE: 'name' should line up with a 'secretName' set further up
686
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
687
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
688
## It is also possible to create and manage the certificates outside of this helm chart
689
## Please see README.md for more information
690
## e.g:
691
## secrets:
692
## - name: master.seaweedfs.local-tls
693
## key: |-
694
## -----BEGIN RSA PRIVATE KEY-----
695
## ...
696
## -----END RSA PRIVATE KEY-----
697
## certificate: |-
698
## -----BEGIN CERTIFICATE-----
699
## ...
700
## -----END CERTIFICATE-----
701
##
702
secrets: []
703
## @param master.ingress.extraRules Additional rules to be covered with this ingress record
704
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
705
## e.g:
706
## extraRules:
707
## - host: example.local
708
## http:
709
## path: /
710
## backend:
711
## service:
712
## name: example-svc
713
## port:
714
## name: http
715
##
716
extraRules: []
717
## @section Master Server Persistence Parameters
718
##
719
720
## Enable Master data persistence using Persistent Volume Claims
721
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
722
##
723
persistence:
724
## @param master.persistence.enabled Enable data persistence on Master Server using Persistent Volume Claims
725
##
726
enabled: true
727
## @param master.persistence.mountPath Path to mount the volume at.
728
##
729
mountPath: /data
730
## @param master.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
731
##
732
subPath: ""
733
## @param master.persistence.storageClass Storage class of backing PVC
734
## If defined, storageClassName: <storageClass>
735
## If set to "-", storageClassName: "", which disables dynamic provisioning
736
## If undefined (the default) or set to null, no storageClassName spec is
737
## set, choosing the default provisioner. (gp2 on AWS, standard on
738
## GKE, AWS & OpenStack)
739
##
740
storageClass: ""
741
## @param master.persistence.annotations Persistent Volume Claim annotations
742
##
743
annotations: {}
744
## @param master.persistence.accessModes Persistent Volume Access Modes
745
##
746
accessModes:
747
- ReadWriteOnce
748
## @param master.persistence.size Size of data volume
749
##
750
size: 8Gi
751
## @param master.persistence.existingClaim The name of an existing PVC to use for data persistence
752
##
753
existingClaim: ""
754
## @param master.persistence.selector Selector to match an existing Persistent Volume for data PVC
755
## If set, the PVC can't have a PV dynamically provisioned for it
756
## E.g.
757
## selector:
758
## matchLabels:
759
## app: my-app
760
##
761
selector: {}
762
## @param master.persistence.dataSource Custom PVC data source
763
##
764
dataSource: {}
765
## Enable Master logs persistence using Persistent Volume Claims
766
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
767
##
768
logPersistence:
769
## @param master.logPersistence.enabled Enable logs persistence on Master Server using Persistent Volume Claims
770
##
771
enabled: false
772
## @param master.logPersistence.mountPath Path to mount the volume at.
773
##
774
mountPath: /logs
775
## @param master.logPersistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
776
##
777
subPath: ""
778
## @param master.logPersistence.storageClass Storage class of backing PVC
779
## If defined, storageClassName: <storageClass>
780
## If set to "-", storageClassName: "", which disables dynamic provisioning
781
## If undefined (the default) or set to null, no storageClassName spec is
782
## set, choosing the default provisioner. (gp2 on AWS, standard on
783
## GKE, AWS & OpenStack)
784
##
785
storageClass: ""
786
## @param master.logPersistence.annotations Persistent Volume Claim annotations
787
##
788
annotations: {}
789
## @param master.logPersistence.accessModes Persistent Volume Access Modes
790
##
791
accessModes:
792
- ReadWriteOnce
793
## @param master.logPersistence.size Size of logs volume
794
##
795
size: 8Gi
796
## @param master.logPersistence.existingClaim The name of an existing PVC to use for logs persistence
797
##
798
existingClaim: ""
799
## @param master.logPersistence.selector Selector to match an existing Persistent Volume for logs PVC
800
## If set, the PVC can't have a PV dynamically provisioned for it
801
## E.g.
802
## selector:
803
## matchLabels:
804
## app: my-app
805
##
806
selector: {}
807
## @param master.logPersistence.dataSource Custom PVC data source
808
##
809
dataSource: {}
810
## persistentVolumeClaimRetentionPolicy
811
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
812
## @param master.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of the Master Server StatefulSet
813
## @param master.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
814
## @param master.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
815
##
816
persistentVolumeClaimRetentionPolicy:
817
enabled: false
818
whenScaled: Retain
819
whenDeleted: Retain
820
## @section Master Server Metrics Parameters
821
##
822
metrics:
823
## @param master.metrics.enabled Enable the export of Prometheus metrics
824
##
825
enabled: false
826
## Metrics service properties
827
##
828
service:
829
## @param master.metrics.service.port Metrics service port
830
##
831
port: 9327
832
## @param master.metrics.service.annotations Annotations for the metrics service.
833
##
834
annotations: {}
835
## Prometheus Operator ServiceMonitor configuration
836
##
837
serviceMonitor:
838
## @param master.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
839
##
840
enabled: false
841
## @param master.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
842
##
843
namespace: ""
844
## @param master.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
845
##
846
annotations: {}
847
## @param master.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
848
##
849
labels: {}
850
## @param master.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
851
##
852
jobLabel: ""
853
## @param master.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
854
##
855
honorLabels: false
856
## @param master.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
857
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
858
## e.g:
859
## interval: 10s
860
##
861
interval: ""
862
## @param master.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
863
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
864
## e.g:
865
## scrapeTimeout: 10s
866
##
867
scrapeTimeout: ""
868
## @param master.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
869
##
870
metricRelabelings: []
871
## @param master.metrics.serviceMonitor.relabelings Specify general relabeling
872
##
873
relabelings: []
874
## @param master.metrics.serviceMonitor.selector Prometheus instance selector labels
875
## selector:
876
## prometheus: my-prometheus
877
##
878
selector: {}
879
## @section Volume Server Parameters
880
##
881
volume:
882
## @param volume.replicaCount Number of Volume Server replicas to deploy
883
##
884
replicaCount: 1
885
## @param volume.containerPorts.http Volume Server HTTP container port
886
## @param volume.containerPorts.grpc Volume Server GRPC container port
887
## @param volume.containerPorts.metrics Volume Server metrics container port
888
##
889
containerPorts:
890
http: 8080
891
grpc: 18080
892
metrics: 9327
893
## @param volume.extraContainerPorts Optionally specify extra list of additional ports for Volume Server containers
894
## e.g:
895
## extraContainerPorts:
896
## - name: myservice
897
## containerPort: 9090
898
##
899
extraContainerPorts: []
900
## Configure extra options for Volume Server containers' liveness and readiness probes
901
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
902
## @param volume.livenessProbe.enabled Enable livenessProbe on Volume Server containers
903
## @param volume.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
904
## @param volume.livenessProbe.periodSeconds Period seconds for livenessProbe
905
## @param volume.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
906
## @param volume.livenessProbe.failureThreshold Failure threshold for livenessProbe
907
## @param volume.livenessProbe.successThreshold Success threshold for livenessProbe
908
##
909
livenessProbe:
910
enabled: true
911
initialDelaySeconds: 30
912
timeoutSeconds: 30
913
periodSeconds: 10
914
successThreshold: 1
915
failureThreshold: 6
916
## @param volume.readinessProbe.enabled Enable readinessProbe on Volume Server containers
917
## @param volume.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
918
## @param volume.readinessProbe.periodSeconds Period seconds for readinessProbe
919
## @param volume.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
920
## @param volume.readinessProbe.failureThreshold Failure threshold for readinessProbe
921
## @param volume.readinessProbe.successThreshold Success threshold for readinessProbe
922
##
923
readinessProbe:
924
enabled: true
925
initialDelaySeconds: 30
926
timeoutSeconds: 30
927
periodSeconds: 10
928
successThreshold: 1
929
failureThreshold: 6
930
## @param volume.startupProbe.enabled Enable startupProbe on Volume Server containers
931
## @param volume.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
932
## @param volume.startupProbe.periodSeconds Period seconds for startupProbe
933
## @param volume.startupProbe.timeoutSeconds Timeout seconds for startupProbe
934
## @param volume.startupProbe.failureThreshold Failure threshold for startupProbe
935
## @param volume.startupProbe.successThreshold Success threshold for startupProbe
936
##
937
startupProbe:
938
enabled: false
939
initialDelaySeconds: 5
940
periodSeconds: 5
941
timeoutSeconds: 1
942
failureThreshold: 15
943
successThreshold: 1
944
## @param volume.customLivenessProbe Custom livenessProbe that overrides the default one
945
##
946
customLivenessProbe: {}
947
## @param volume.customReadinessProbe Custom readinessProbe that overrides the default one
948
##
949
customReadinessProbe: {}
950
## @param volume.customStartupProbe Custom startupProbe that overrides the default one
951
##
952
customStartupProbe: {}
953
## Volume Server resource requests and limits
954
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
955
## @param volume.resourcesPreset Set Volume Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volume.resources is set (volume.resources is recommended for production).
956
##
957
resourcesPreset: "nano"
958
## @param volume.resources Set Volume Server container requests and limits for different resources like CPU or memory (essential for production workloads)
959
## Example:
960
## resources:
961
## requests:
962
## cpu: 2
963
## memory: 512Mi
964
## limits:
965
## cpu: 3
966
## memory: 1024Mi
967
##
968
resources: {}
969
## Configure Pods Security Context
970
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
971
## @param volume.podSecurityContext.enabled Enable Volume Server pods' Security Context
972
## @param volume.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Volume Server pods
973
## @param volume.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Volume Server pods
974
## @param volume.podSecurityContext.supplementalGroups Set filesystem extra groups for Volume Server pods
975
## @param volume.podSecurityContext.fsGroup Set fsGroup in Volume Server pods' Security Context
976
##
977
podSecurityContext:
978
enabled: true
979
fsGroupChangePolicy: Always
980
sysctls: []
981
supplementalGroups: []
982
fsGroup: 1001
983
## Configure Container Security Context
984
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
985
## @param volume.containerSecurityContext.enabled Enabled Volume Server container' Security Context
986
## @param volume.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Volume Server container
987
## @param volume.containerSecurityContext.runAsUser Set runAsUser in Volume Server container' Security Context
988
## @param volume.containerSecurityContext.runAsGroup Set runAsGroup in Volume Server container' Security Context
989
## @param volume.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Volume Server container' Security Context
990
## @param volume.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Volume Server container' Security Context
991
## @param volume.containerSecurityContext.privileged Set privileged in Volume Server container' Security Context
992
## @param volume.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Volume Server container' Security Context
993
## @param volume.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Volume Server container
994
## @param volume.containerSecurityContext.seccompProfile.type Set seccomp profile in Volume Server container
995
##
996
containerSecurityContext:
997
enabled: true
998
seLinuxOptions: {}
999
runAsUser: 1001
1000
runAsGroup: 1001
1001
runAsNonRoot: true
1002
readOnlyRootFilesystem: true
1003
privileged: false
1004
allowPrivilegeEscalation: false
1005
capabilities:
1006
drop: ["ALL"]
1007
seccompProfile:
1008
type: "RuntimeDefault"
1009
## @param volume.logLevel Volume Server log level (0, 1, 2, 3, or 4)
1010
##
1011
logLevel: 1
1012
## @param volume.bindAddress Volume Server bind address
1013
##
1014
bindAddress: 0.0.0.0
1015
## @param volume.publicUrl Volume Server public URL
1016
##
1017
publicUrl: ""
1018
## @param volume.config Volume Server configuration
1019
## Specify content for volume.toml
1020
##
1021
config: ""
1022
## @param volume.existingConfigmap The name of an existing ConfigMap with your custom configuration for Volume Server
1023
##
1024
existingConfigmap: ""
1025
## @param volume.command Override default Volume Server container command (useful when using custom images)
1026
##
1027
command: []
1028
## @param volume.args Override default Volume Server container args (useful when using custom images)
1029
##
1030
args: []
1031
## @param volume.automountServiceAccountToken Mount Service Account token in Volume Server pods
1032
##
1033
automountServiceAccountToken: false
1034
## @param volume.hostAliases Volume Server pods host aliases
1035
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1036
##
1037
hostAliases: []
1038
## @param volume.statefulsetAnnotations Annotations for Volume Server StatefulSet
1039
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1040
##
1041
statefulsetAnnotations: {}
1042
## @param volume.podLabels Extra labels for Volume Server pods
1043
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1044
##
1045
podLabels: {}
1046
## @param volume.podAnnotations Annotations for Volume Server pods
1047
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1048
##
1049
podAnnotations: {}
1050
## @param volume.podAffinityPreset Pod affinity preset. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`
1051
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1052
##
1053
podAffinityPreset: ""
1054
## @param volume.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`
1055
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1056
##
1057
podAntiAffinityPreset: soft
1058
## Node volume.affinity preset
1059
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1060
##
1061
nodeAffinityPreset:
1062
## @param volume.nodeAffinityPreset.type Node affinity preset type. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`
1063
##
1064
type: ""
1065
## @param volume.nodeAffinityPreset.key Node label key to match. Ignored if `volume.affinity` is set
1066
##
1067
key: ""
1068
## @param volume.nodeAffinityPreset.values Node label values to match. Ignored if `volume.affinity` is set
1069
## E.g.
1070
## values:
1071
## - e2e-az1
1072
## - e2e-az2
1073
##
1074
values: []
1075
## @param volume.affinity Affinity for Volume Server pods assignment
1076
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1077
## NOTE: `volume.podAffinityPreset`, `volume.podAntiAffinityPreset`, and `volume.nodeAffinityPreset` will be ignored when it's set
1078
##
1079
affinity: {}
1080
## @param volume.nodeSelector Node labels for Volume Server pods assignment
1081
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1082
##
1083
nodeSelector: {}
1084
## @param volume.tolerations Tolerations for Volume Server pods assignment
1085
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1086
##
1087
tolerations: []
1088
## @param volume.updateStrategy.type Volume Server StatefulSet strategy type
1089
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1090
##
1091
updateStrategy:
1092
## Can be set to RollingUpdate or OnDelete
1093
##
1094
type: RollingUpdate
1095
## @param volume.podManagementPolicy Pod management policy for Volume Server StatefulSet
1096
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1097
##
1098
podManagementPolicy: Parallel
1099
## @param volume.priorityClassName Volume Server pods' priorityClassName
1100
##
1101
priorityClassName: ""
1102
## @param volume.topologySpreadConstraints Topology Spread Constraints for Volume Server pod assignment spread across your cluster among failure-domains
1103
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1104
##
1105
topologySpreadConstraints: []
1106
## @param volume.schedulerName Name of the k8s scheduler (other than default) for Volume Server pods
1107
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1108
##
1109
schedulerName: ""
1110
## @param volume.terminationGracePeriodSeconds Seconds Volume Server pods need to terminate gracefully
1111
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1112
##
1113
terminationGracePeriodSeconds: ""
1114
## @param volume.lifecycleHooks for Volume Server containers to automate configuration before or after startup
1115
##
1116
lifecycleHooks: {}
1117
## @param volume.extraEnvVars Array with extra environment variables to add to Volume Server containers
1118
## e.g:
1119
## extraEnvVars:
1120
## - name: FOO
1121
## value: "bar"
1122
##
1123
extraEnvVars: []
1124
## @param volume.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Volume Server containers
1125
##
1126
extraEnvVarsCM: ""
1127
## @param volume.extraEnvVarsSecret Name of existing Secret containing extra env vars for Volume Server containers
1128
##
1129
extraEnvVarsSecret: ""
1130
## @param volume.extraVolumes Optionally specify extra list of additional volumes for the Volume Server pods
1131
##
1132
extraVolumes: []
1133
## @param volume.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Volume Server containers
1134
##
1135
extraVolumeMounts: []
1136
## @param volume.sidecars Add additional sidecar containers to the Volume Server pods
1137
## e.g:
1138
## sidecars:
1139
## - name: your-image-name
1140
## image: your-image
1141
## imagePullPolicy: Always
1142
## ports:
1143
## - name: portname
1144
## containerPort: 1234
1145
##
1146
sidecars: []
1147
## @param volume.initContainers Add additional init containers to the Volume Server pods
1148
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1149
## e.g:
1150
## initContainers:
1151
## - name: your-image-name
1152
## image: your-image
1153
## imagePullPolicy: Always
1154
## command: ['sh', '-c', 'echo "hello world"']
1155
##
1156
initContainers: []
1157
## Pod Disruption Budget configuration
1158
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1159
## @param volume.pdb.create Enable/disable a Pod Disruption Budget creation
1160
## @param volume.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1161
## @param volume.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `volume.pdb.minAvailable` and `volume.pdb.maxUnavailable` are empty.
1162
##
1163
pdb:
1164
create: true
1165
minAvailable: ""
1166
maxUnavailable: ""
1167
## Autoscaling configuration
1168
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1169
## @param volume.autoscaling.enabled Enable autoscaling for volume
1170
## @param volume.autoscaling.minReplicas Minimum number of volume replicas
1171
## @param volume.autoscaling.maxReplicas Maximum number of volume replicas
1172
## @param volume.autoscaling.targetCPU Target CPU utilization percentage
1173
## @param volume.autoscaling.targetMemory Target Memory utilization percentage
1174
##
1175
autoscaling:
1176
enabled: false
1177
minReplicas: ""
1178
maxReplicas: ""
1179
targetCPU: ""
1180
targetMemory: ""
1181
## @section Volume Server Traffic Exposure Parameters
1182
##
1183
1184
## Volume Server service parameters
1185
##
1186
service:
1187
## @param volume.service.type Volume Server service type
1188
##
1189
type: ClusterIP
1190
## @param volume.service.ports.http Volume Server service HTTP port
1191
## @param volume.service.ports.grpc Volume Server service GRPC port
1192
##
1193
ports:
1194
http: 8080
1195
grpc: 18080
1196
## Node ports to expose
1197
## @param volume.service.nodePorts.http Node port for HTTP
1198
## @param volume.service.nodePorts.grpc Node port for GRPC
1199
## NOTE: choose port between <30000-32767>
1200
##
1201
nodePorts:
1202
http: ""
1203
grpc: ""
1204
## @param volume.service.clusterIP Volume Server service Cluster IP
1205
## e.g.:
1206
## clusterIP: None
1207
##
1208
clusterIP: ""
1209
## @param volume.service.loadBalancerIP Volume Server service Load Balancer IP
1210
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1211
##
1212
loadBalancerIP: ""
1213
## @param volume.service.loadBalancerSourceRanges Volume Server service Load Balancer sources
1214
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1215
## e.g:
1216
## loadBalancerSourceRanges:
1217
## - 10.10.10.0/24
1218
##
1219
loadBalancerSourceRanges: []
1220
## @param volume.service.externalTrafficPolicy Volume Server service external traffic policy
1221
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1222
##
1223
externalTrafficPolicy: Cluster
1224
## @param volume.service.annotations Additional custom annotations for Volume Server service
1225
##
1226
annotations: {}
1227
## @param volume.service.extraPorts Extra ports to expose in Volume Server service (normally used with the `sidecars` value)
1228
##
1229
extraPorts: []
1230
## @param volume.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1231
## Values: ClientIP or None
1232
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1233
##
1234
sessionAffinity: None
1235
## @param volume.service.sessionAffinityConfig Additional settings for the sessionAffinity
1236
## sessionAffinityConfig:
1237
## clientIP:
1238
## timeoutSeconds: 300
1239
##
1240
sessionAffinityConfig: {}
1241
## Headless service properties
1242
##
1243
headless:
1244
## @param volume.service.headless.annotations Annotations for the headless service.
1245
##
1246
annotations: {}
1247
## Network Policies for Volume Server
1248
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1249
##
1250
networkPolicy:
1251
## @param volume.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Volume Server
1252
##
1253
enabled: true
1254
## @param volume.networkPolicy.allowExternal Don't require server label for connections
1255
## The Policy model to apply. When set to false, only pods with the correct
1256
## server label will have network access to the ports server is listening
1257
## on. When true, server will accept connections from any source
1258
## (with the correct destination port).
1259
##
1260
allowExternal: true
1261
## @param volume.networkPolicy.allowExternalEgress Allow the Volume Server pods to access any range of port and all destinations.
1262
##
1263
allowExternalEgress: true
1264
## @param volume.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1265
## e.g:
1266
## extraIngress:
1267
## - ports:
1268
## - port: 1234
1269
## from:
1270
## - podSelector:
1271
## - matchLabels:
1272
## - role: frontend
1273
## - podSelector:
1274
## - matchExpressions:
1275
## - key: role
1276
## operator: In
1277
## values:
1278
## - frontend
1279
extraIngress: []
1280
## @param volume.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
1281
## e.g:
1282
## extraEgress:
1283
## - ports:
1284
## - port: 1234
1285
## to:
1286
## - podSelector:
1287
## - matchLabels:
1288
## - role: frontend
1289
## - podSelector:
1290
## - matchExpressions:
1291
## - key: role
1292
## operator: In
1293
## values:
1294
## - frontend
1295
##
1296
extraEgress: []
1297
## @param volume.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
1298
## @param volume.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
1299
##
1300
ingressNSMatchLabels: {}
1301
ingressNSPodMatchLabels: {}
1302
## Volume Server ingress parameters
1303
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
1304
##
1305
ingress:
1306
## @param volume.ingress.enabled Enable ingress record generation for Volume Server
1307
##
1308
enabled: false
1309
## @param volume.ingress.pathType Ingress path type
1310
##
1311
pathType: ImplementationSpecific
1312
## @param volume.ingress.apiVersion Force Ingress API version (automatically detected if not set)
1313
##
1314
apiVersion: ""
1315
## @param volume.ingress.hostname Default host for the ingress record
1316
##
1317
hostname: volume.seaweedfs.local
1318
## @param volume.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
1319
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
1320
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
1321
##
1322
ingressClassName: ""
1323
## @param volume.ingress.path Default path for the ingress record
1324
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
1325
##
1326
path: /
1327
## @param volume.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
1328
## Use this parameter to set the required annotations for cert-manager, see
1329
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
1330
## e.g:
1331
## annotations:
1332
## kubernetes.io/ingress.class: nginx
1333
## cert-manager.io/cluster-issuer: cluster-issuer-name
1334
##
1335
annotations: {}
1336
## @param volume.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
1337
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
1338
## You can:
1339
## - Use the `ingress.secrets` parameter to create this TLS secret
1340
## - Rely on cert-manager to create it by setting the corresponding annotations
1341
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
1342
##
1343
tls: false
1344
## @param volume.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
1345
##
1346
selfSigned: false
1347
## @param volume.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
1348
## e.g:
1349
## extraHosts:
1350
## - name: volume.seaweedfs.local
1351
## path: /
1352
##
1353
extraHosts: []
1354
## @param volume.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
1355
## e.g:
1356
## extraPaths:
1357
## - path: /*
1358
## backend:
1359
## serviceName: ssl-redirect
1360
## servicePort: use-annotation
1361
##
1362
extraPaths: []
1363
## @param volume.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
1364
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
1365
## e.g:
1366
## extraTls:
1367
## - hosts:
1368
## - volume.seaweedfs.local
1369
## secretName: volume.seaweedfs.local-tls
1370
##
1371
extraTls: []
1372
## @param volume.ingress.secrets Custom TLS certificates as secrets
1373
## NOTE: 'key' and 'certificate' are expected in PEM format
1374
## NOTE: 'name' should line up with a 'secretName' set further up
1375
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
1376
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
1377
## It is also possible to create and manage the certificates outside of this helm chart
1378
## Please see README.md for more information
1379
## e.g:
1380
## secrets:
1381
## - name: volume.seaweedfs.local-tls
1382
## key: |-
1383
## -----BEGIN RSA PRIVATE KEY-----
1384
## ...
1385
## -----END RSA PRIVATE KEY-----
1386
## certificate: |-
1387
## -----BEGIN CERTIFICATE-----
1388
## ...
1389
## -----END CERTIFICATE-----
1390
##
1391
secrets: []
1392
## @param volume.ingress.extraRules Additional rules to be covered with this ingress record
1393
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
1394
## e.g:
1395
## extraRules:
1396
## - host: example.local
1397
## http:
1398
## path: /
1399
## backend:
1400
## service:
1401
## name: example-svc
1402
## port:
1403
## name: http
1404
##
1405
extraRules: []
1406
## @section Volume Server Persistence Parameters
1407
##
1408
dataVolumes:
1409
- ## @param volume.dataVolumes[0].name Name of the data volume
1410
##
1411
name: data-0
1412
## @param volume.dataVolumes[0].mountPath Path to mount the volume at.
1413
##
1414
mountPath: /data-0
1415
## @param volume.dataVolumes[0].subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
1416
##
1417
subPath: ""
1418
## @param volume.dataVolumes[0].maxVolumes Max number of SeaweedFS volumes this data volume can be divided into. If set to 0, the limit will be auto configured as free disk space divided by default volume size (30GB)
1419
## ref: https://github.com/seaweedfs/seaweedfs/wiki/FAQ#how-many-volumes-do-i-need
1420
## ref: https://github.com/seaweedfs/seaweedfs/blob/master/weed/util/constants_4bytes.go#L8
1421
##
1422
maxVolumes: 8
1423
## Enable persistence using Persistent Volume Claims
1424
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1425
##
1426
persistence:
1427
## @param volume.dataVolumes[0].persistence.enabled Enable persistence on Volume Server using Persistent Volume Claims
1428
##
1429
enabled: true
1430
## @param volume.dataVolumes[0].persistence.storageClass Storage class of backing PVC
1431
## If defined, storageClassName: <storageClass>
1432
## If set to "-", storageClassName: "", which disables dynamic provisioning
1433
## If undefined (the default) or set to null, no storageClassName spec is
1434
## set, choosing the default provisioner. (gp2 on AWS, standard on
1435
## GKE, AWS & OpenStack)
1436
##
1437
storageClass: ""
1438
## @param volume.dataVolumes[0].persistence.annotations Persistent Volume Claim annotations
1439
##
1440
annotations: {}
1441
## @param volume.dataVolumes[0].persistence.accessModes Persistent Volume Access Modes
1442
##
1443
accessModes:
1444
- ReadWriteOnce
1445
## @param volume.dataVolumes[0].persistence.size Size of data volume
1446
##
1447
size: 8Gi
1448
## @param volume.dataVolumes[0].persistence.existingClaim The name of an existing PVC to use for persistence
1449
##
1450
existingClaim: ""
1451
## @param volume.dataVolumes[0].persistence.selector Selector to match an existing Persistent Volume for data PVC
1452
## If set, the PVC can't have a PV dynamically provisioned for it
1453
## E.g.
1454
## selector:
1455
## matchLabels:
1456
## app: my-app
1457
##
1458
selector: {}
1459
## @param volume.dataVolumes[0].persistence.dataSource Custom PVC data source
1460
##
1461
dataSource: {}
1462
## Enable Volume logs persistence using Persistent Volume Claims
1463
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
1464
##
1465
logPersistence:
1466
## @param volume.logPersistence.enabled Enable logs persistence on Volume Server using Persistent Volume Claims
1467
##
1468
enabled: false
1469
## @param volume.logPersistence.mountPath Path to mount the volume at.
1470
##
1471
mountPath: /logs
1472
## @param volume.logPersistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
1473
##
1474
subPath: ""
1475
## @param volume.logPersistence.storageClass Storage class of backing PVC
1476
## If defined, storageClassName: <storageClass>
1477
## If set to "-", storageClassName: "", which disables dynamic provisioning
1478
## If undefined (the default) or set to null, no storageClassName spec is
1479
## set, choosing the default provisioner. (gp2 on AWS, standard on
1480
## GKE, AWS & OpenStack)
1481
##
1482
storageClass: ""
1483
## @param volume.logPersistence.annotations Persistent Volume Claim annotations
1484
##
1485
annotations: {}
1486
## @param volume.logPersistence.accessModes Persistent Volume Access Modes
1487
##
1488
accessModes:
1489
- ReadWriteOnce
1490
## @param volume.logPersistence.size Size of logs volume
1491
##
1492
size: 8Gi
1493
## @param volume.logPersistence.existingClaim The name of an existing PVC to use for logs persistence
1494
##
1495
existingClaim: ""
1496
## @param volume.logPersistence.selector Selector to match an existing Persistent Volume for logs PVC
1497
## If set, the PVC can't have a PV dynamically provisioned for it
1498
## E.g.
1499
## selector:
1500
## matchLabels:
1501
## app: my-app
1502
##
1503
selector: {}
1504
## @param volume.logPersistence.dataSource Custom PVC data source
1505
##
1506
dataSource: {}
1507
## persistentVolumeClaimRetentionPolicy
1508
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
1509
## @param volume.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of the Volume Server StatefulSet
1510
## @param volume.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
1511
## @param volume.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
1512
##
1513
persistentVolumeClaimRetentionPolicy:
1514
enabled: false
1515
whenScaled: Retain
1516
whenDeleted: Retain
1517
## @section Volume Server Metrics Parameters
1518
##
1519
metrics:
1520
## @param volume.metrics.enabled Enable the export of Prometheus metrics
1521
##
1522
enabled: false
1523
## Metrics service properties
1524
##
1525
service:
1526
## @param volume.metrics.service.port Metrics service port
1527
##
1528
port: 9327
1529
## @param volume.metrics.service.annotations Annotations for the metrics service.
1530
##
1531
annotations: {}
1532
## Prometheus Operator ServiceMonitor configuration
1533
##
1534
serviceMonitor:
1535
## @param volume.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
1536
##
1537
enabled: false
1538
## @param volume.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
1539
##
1540
namespace: ""
1541
## @param volume.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
1542
##
1543
annotations: {}
1544
## @param volume.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
1545
##
1546
labels: {}
1547
## @param volume.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
1548
##
1549
jobLabel: ""
1550
## @param volume.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
1551
##
1552
honorLabels: false
1553
## @param volume.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
1554
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1555
## e.g:
1556
## interval: 10s
1557
##
1558
interval: ""
1559
## @param volume.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
1560
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
1561
## e.g:
1562
## scrapeTimeout: 10s
1563
##
1564
scrapeTimeout: ""
1565
## @param volume.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
1566
##
1567
metricRelabelings: []
1568
## @param volume.metrics.serviceMonitor.relabelings Specify general relabeling
1569
##
1570
relabelings: []
1571
## @param volume.metrics.serviceMonitor.selector Prometheus instance selector labels
1572
## selector:
1573
## prometheus: my-prometheus
1574
##
1575
selector: {}
1576
## @section Filer Server Parameters
1577
##
1578
filer:
1579
## @param filer.enabled Enable Filer Server deployment
1580
##
1581
enabled: true
1582
## @param filer.replicaCount Number of Filer Server replicas to deploy
1583
##
1584
replicaCount: 1
1585
## @param filer.containerPorts.http Filer Server HTTP container port
1586
## @param filer.containerPorts.grpc Filer Server GRPC container port
1587
## @param filer.containerPorts.metrics Filer Server metrics container port
1588
##
1589
containerPorts:
1590
http: 8888
1591
grpc: 18888
1592
metrics: 9327
1593
## @param filer.extraContainerPorts Optionally specify extra list of additional ports for Filer Server containers
1594
## e.g:
1595
## extraContainerPorts:
1596
## - name: myservice
1597
## containerPort: 9090
1598
##
1599
extraContainerPorts: []
1600
## Configure extra options for Filer Server containers' liveness and readiness probes
1601
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
1602
## @param filer.livenessProbe.enabled Enable livenessProbe on Filer Server containers
1603
## @param filer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
1604
## @param filer.livenessProbe.periodSeconds Period seconds for livenessProbe
1605
## @param filer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
1606
## @param filer.livenessProbe.failureThreshold Failure threshold for livenessProbe
1607
## @param filer.livenessProbe.successThreshold Success threshold for livenessProbe
1608
##
1609
livenessProbe:
1610
enabled: true
1611
initialDelaySeconds: 30
1612
timeoutSeconds: 30
1613
periodSeconds: 10
1614
successThreshold: 1
1615
failureThreshold: 6
1616
## @param filer.readinessProbe.enabled Enable readinessProbe on Filer Server containers
1617
## @param filer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
1618
## @param filer.readinessProbe.periodSeconds Period seconds for readinessProbe
1619
## @param filer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
1620
## @param filer.readinessProbe.failureThreshold Failure threshold for readinessProbe
1621
## @param filer.readinessProbe.successThreshold Success threshold for readinessProbe
1622
##
1623
readinessProbe:
1624
enabled: true
1625
initialDelaySeconds: 30
1626
timeoutSeconds: 30
1627
periodSeconds: 10
1628
successThreshold: 1
1629
failureThreshold: 6
1630
## @param filer.startupProbe.enabled Enable startupProbe on Filer Server containers
1631
## @param filer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
1632
## @param filer.startupProbe.periodSeconds Period seconds for startupProbe
1633
## @param filer.startupProbe.timeoutSeconds Timeout seconds for startupProbe
1634
## @param filer.startupProbe.failureThreshold Failure threshold for startupProbe
1635
## @param filer.startupProbe.successThreshold Success threshold for startupProbe
1636
##
1637
startupProbe:
1638
enabled: false
1639
initialDelaySeconds: 5
1640
periodSeconds: 5
1641
timeoutSeconds: 1
1642
failureThreshold: 15
1643
successThreshold: 1
1644
## @param filer.customLivenessProbe Custom livenessProbe that overrides the default one
1645
##
1646
customLivenessProbe: {}
1647
## @param filer.customReadinessProbe Custom readinessProbe that overrides the default one
1648
##
1649
customReadinessProbe: {}
1650
## @param filer.customStartupProbe Custom startupProbe that overrides the default one
1651
##
1652
customStartupProbe: {}
1653
## Filer Server resource requests and limits
1654
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
1655
## @param filer.resourcesPreset Set Filer Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if filer.resources is set (filer.resources is recommended for production).
1656
##
1657
resourcesPreset: "nano"
1658
## @param filer.resources Set Filer Server container requests and limits for different resources like CPU or memory (essential for production workloads)
1659
## Example:
1660
## resources:
1661
## requests:
1662
## cpu: 2
1663
## memory: 512Mi
1664
## limits:
1665
## cpu: 3
1666
## memory: 1024Mi
1667
##
1668
resources: {}
1669
## Configure Pods Security Context
1670
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
1671
## @param filer.podSecurityContext.enabled Enable Filer Server pods' Security Context
1672
## @param filer.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Filer Server pods
1673
## @param filer.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Filer Server pods
1674
## @param filer.podSecurityContext.supplementalGroups Set filesystem extra groups for Filer Server pods
1675
## @param filer.podSecurityContext.fsGroup Set fsGroup in Filer Server pods' Security Context
1676
##
1677
podSecurityContext:
1678
enabled: true
1679
fsGroupChangePolicy: Always
1680
sysctls: []
1681
supplementalGroups: []
1682
fsGroup: 1001
1683
## Configure Container Security Context
1684
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
1685
## @param filer.containerSecurityContext.enabled Enabled Filer Server container' Security Context
1686
## @param filer.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Filer Server container
1687
## @param filer.containerSecurityContext.runAsUser Set runAsUser in Filer Server container' Security Context
1688
## @param filer.containerSecurityContext.runAsGroup Set runAsGroup in Filer Server container' Security Context
1689
## @param filer.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Filer Server container' Security Context
1690
## @param filer.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Filer Server container' Security Context
1691
## @param filer.containerSecurityContext.privileged Set privileged in Filer Server container' Security Context
1692
## @param filer.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Filer Server container' Security Context
1693
## @param filer.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Filer Server container
1694
## @param filer.containerSecurityContext.seccompProfile.type Set seccomp profile in Filer Server container
1695
##
1696
containerSecurityContext:
1697
enabled: true
1698
seLinuxOptions: {}
1699
runAsUser: 1001
1700
runAsGroup: 1001
1701
runAsNonRoot: true
1702
readOnlyRootFilesystem: true
1703
privileged: false
1704
allowPrivilegeEscalation: false
1705
capabilities:
1706
drop: ["ALL"]
1707
seccompProfile:
1708
type: "RuntimeDefault"
1709
## @param filer.logLevel Filer Server log level (0, 1, 2, 3, or 4)
1710
##
1711
logLevel: 1
1712
## @param filer.bindAddress Filer Server bind address
1713
##
1714
bindAddress: 0.0.0.0
1715
## @param filer.config Filer Server configuration
1716
## Specify content for filer.toml
1717
##
1718
config: |
1719
[leveldb2]
1720
enabled = false
1721
## @param filer.existingConfigmap The name of an existing ConfigMap with your custom configuration for Filer Server
1722
##
1723
existingConfigmap: ""
1724
## @param filer.notificationConfig Filer Server notification configuration
1725
## Specify content for custom notification.toml
1726
##
1727
notificationConfig: ""
1728
## @param filer.existingNotificationConfigmap The name of an existing ConfigMap with your custom notification configuration for Filer Server
1729
##
1730
existingNotificationConfigmap: ""
1731
## @param filer.command Override default Filer Server container command (useful when using custom images)
1732
##
1733
command: []
1734
## @param filer.args Override default Filer Server container args (useful when using custom images)
1735
##
1736
args: []
1737
## @param filer.automountServiceAccountToken Mount Service Account token in Filer Server pods
1738
##
1739
automountServiceAccountToken: false
1740
## @param filer.hostAliases Filer Server pods host aliases
1741
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
1742
##
1743
hostAliases: []
1744
## @param filer.statefulsetAnnotations Annotations for Filer Server StatefulSet
1745
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1746
##
1747
statefulsetAnnotations: {}
1748
## @param filer.podLabels Extra labels for Filer Server pods
1749
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
1750
##
1751
podLabels: {}
1752
## @param filer.podAnnotations Annotations for Filer Server pods
1753
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
1754
##
1755
podAnnotations: {}
1756
## @param filer.podAffinityPreset Pod affinity preset. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`
1757
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1758
##
1759
podAffinityPreset: ""
1760
## @param filer.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`
1761
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
1762
##
1763
podAntiAffinityPreset: soft
1764
## Node filer.affinity preset
1765
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
1766
##
1767
nodeAffinityPreset:
1768
## @param filer.nodeAffinityPreset.type Node affinity preset type. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`
1769
##
1770
type: ""
1771
## @param filer.nodeAffinityPreset.key Node label key to match. Ignored if `filer.affinity` is set
1772
##
1773
key: ""
1774
## @param filer.nodeAffinityPreset.values Node label values to match. Ignored if `filer.affinity` is set
1775
## E.g.
1776
## values:
1777
## - e2e-az1
1778
## - e2e-az2
1779
##
1780
values: []
1781
## @param filer.affinity Affinity for Filer Server pods assignment
1782
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
1783
## NOTE: `filer.podAffinityPreset`, `filer.podAntiAffinityPreset`, and `filer.nodeAffinityPreset` will be ignored when it's set
1784
##
1785
affinity: {}
1786
## @param filer.nodeSelector Node labels for Filer Server pods assignment
1787
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
1788
##
1789
nodeSelector: {}
1790
## @param filer.tolerations Tolerations for Filer Server pods assignment
1791
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
1792
##
1793
tolerations: []
1794
## @param filer.updateStrategy.type Filer Server StatefulSet strategy type
1795
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
1796
##
1797
updateStrategy:
1798
## Can be set to RollingUpdate or OnDelete
1799
##
1800
type: RollingUpdate
1801
## @param filer.podManagementPolicy Pod management policy for Filer Server StatefulSet
1802
## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
1803
##
1804
podManagementPolicy: Parallel
1805
## @param filer.priorityClassName Filer Server pods' priorityClassName
1806
##
1807
priorityClassName: ""
1808
## @param filer.topologySpreadConstraints Topology Spread Constraints for Filer Server pod assignment spread across your cluster among failure-domains
1809
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
1810
##
1811
topologySpreadConstraints: []
1812
## @param filer.schedulerName Name of the k8s scheduler (other than default) for Filer Server pods
1813
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
1814
##
1815
schedulerName: ""
1816
## @param filer.terminationGracePeriodSeconds Seconds Filer Server pods need to terminate gracefully
1817
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
1818
##
1819
terminationGracePeriodSeconds: ""
1820
## @param filer.lifecycleHooks for Filer Server containers to automate configuration before or after startup
1821
##
1822
lifecycleHooks: {}
1823
## @param filer.extraEnvVars Array with extra environment variables to add to Filer Server containers
1824
## e.g:
1825
## extraEnvVars:
1826
## - name: FOO
1827
## value: "bar"
1828
##
1829
extraEnvVars: []
1830
## @param filer.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Filer Server containers
1831
##
1832
extraEnvVarsCM: ""
1833
## @param filer.extraEnvVarsSecret Name of existing Secret containing extra env vars for Filer Server containers
1834
##
1835
extraEnvVarsSecret: ""
1836
## @param filer.extraVolumes Optionally specify extra list of additional volumes for the Filer Server pods
1837
##
1838
extraVolumes: []
1839
## @param filer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Filer Server containers
1840
##
1841
extraVolumeMounts: []
1842
## @param filer.sidecars Add additional sidecar containers to the Filer Server pods
1843
## e.g:
1844
## sidecars:
1845
## - name: your-image-name
1846
## image: your-image
1847
## imagePullPolicy: Always
1848
## ports:
1849
## - name: portname
1850
## containerPort: 1234
1851
##
1852
sidecars: []
1853
## @param filer.initContainers Add additional init containers to the Filer Server pods
1854
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
1855
## e.g:
1856
## initContainers:
1857
## - name: your-image-name
1858
## image: your-image
1859
## imagePullPolicy: Always
1860
## command: ['sh', '-c', 'echo "hello world"']
1861
##
1862
initContainers: []
1863
## Pod Disruption Budget configuration
1864
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
1865
## @param filer.pdb.create Enable/disable a Pod Disruption Budget creation
1866
## @param filer.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
1867
## @param filer.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `filer.pdb.minAvailable` and `filer.pdb.maxUnavailable` are empty.
1868
##
1869
pdb:
1870
create: true
1871
minAvailable: ""
1872
maxUnavailable: ""
1873
## Autoscaling configuration
1874
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
1875
## @param filer.autoscaling.enabled Enable autoscaling for filer
1876
## @param filer.autoscaling.minReplicas Minimum number of filer replicas
1877
## @param filer.autoscaling.maxReplicas Maximum number of filer replicas
1878
## @param filer.autoscaling.targetCPU Target CPU utilization percentage
1879
## @param filer.autoscaling.targetMemory Target Memory utilization percentage
1880
##
1881
autoscaling:
1882
enabled: false
1883
minReplicas: ""
1884
maxReplicas: ""
1885
targetCPU: ""
1886
targetMemory: ""
1887
## @section Filer Server Traffic Exposure Parameters
1888
##
1889
1890
## Filer Server service parameters
1891
##
1892
service:
1893
## @param filer.service.type Filer Server service type
1894
##
1895
type: ClusterIP
1896
## @param filer.service.ports.http Filer Server service HTTP port
1897
## @param filer.service.ports.grpc Filer Server service GRPC port
1898
##
1899
ports:
1900
http: 8888
1901
grpc: 18888
1902
## Node ports to expose
1903
## @param filer.service.nodePorts.http Node port for HTTP
1904
## @param filer.service.nodePorts.grpc Node port for GRPC
1905
## NOTE: choose port between <30000-32767>
1906
##
1907
nodePorts:
1908
http: ""
1909
grpc: ""
1910
## @param filer.service.clusterIP Filer Server service Cluster IP
1911
## e.g.:
1912
## clusterIP: None
1913
##
1914
clusterIP: ""
1915
## @param filer.service.loadBalancerIP Filer Server service Load Balancer IP
1916
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
1917
##
1918
loadBalancerIP: ""
1919
## @param filer.service.loadBalancerSourceRanges Filer Server service Load Balancer sources
1920
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
1921
## e.g:
1922
## loadBalancerSourceRanges:
1923
## - 10.10.10.0/24
1924
##
1925
loadBalancerSourceRanges: []
1926
## @param filer.service.externalTrafficPolicy Filer Server service external traffic policy
1927
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
1928
##
1929
externalTrafficPolicy: Cluster
1930
## @param filer.service.annotations Additional custom annotations for Filer Server service
1931
##
1932
annotations: {}
1933
## @param filer.service.extraPorts Extra ports to expose in Filer Server service (normally used with the `sidecars` value)
1934
##
1935
extraPorts: []
1936
## @param filer.service.sessionAffinity Control where client requests go, to the same pod or round-robin
1937
## Values: ClientIP or None
1938
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
1939
##
1940
sessionAffinity: None
1941
## @param filer.service.sessionAffinityConfig Additional settings for the sessionAffinity
1942
## sessionAffinityConfig:
1943
## clientIP:
1944
## timeoutSeconds: 300
1945
##
1946
sessionAffinityConfig: {}
1947
## Headless service properties
1948
##
1949
headless:
1950
## @param filer.service.headless.annotations Annotations for the headless service.
1951
##
1952
annotations: {}
1953
## Network Policies for Filer Server
1954
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
1955
##
1956
networkPolicy:
1957
## @param filer.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Filer Server
1958
##
1959
enabled: true
1960
## @param filer.networkPolicy.allowExternal Don't require server label for connections
1961
## The Policy model to apply. When set to false, only pods with the correct
1962
## server label will have network access to the ports server is listening
1963
## on. When true, server will accept connections from any source
1964
## (with the correct destination port).
1965
##
1966
allowExternal: true
1967
## @param filer.networkPolicy.allowExternalEgress Allow the Filer Server pods to access any range of port and all destinations.
1968
##
1969
allowExternalEgress: true
1970
## @param filer.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
1971
## e.g:
1972
## extraIngress:
1973
## - ports:
1974
## - port: 1234
1975
## from:
1976
## - podSelector:
1977
## - matchLabels:
1978
## - role: frontend
1979
## - podSelector:
1980
## - matchExpressions:
1981
## - key: role
1982
## operator: In
1983
## values:
1984
## - frontend
1985
extraIngress: []
1986
## @param filer.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
1987
## e.g:
1988
## extraEgress:
1989
## - ports:
1990
## - port: 1234
1991
## to:
1992
## - podSelector:
1993
## - matchLabels:
1994
## - role: frontend
1995
## - podSelector:
1996
## - matchExpressions:
1997
## - key: role
1998
## operator: In
1999
## values:
2000
## - frontend
2001
##
2002
extraEgress: []
2003
## @param filer.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2004
## @param filer.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2005
##
2006
ingressNSMatchLabels: {}
2007
ingressNSPodMatchLabels: {}
2008
## Filer Server ingress parameters
2009
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
2010
##
2011
ingress:
2012
## @param filer.ingress.enabled Enable ingress record generation for Filer Server
2013
##
2014
enabled: false
2015
## @param filer.ingress.pathType Ingress path type
2016
##
2017
pathType: ImplementationSpecific
2018
## @param filer.ingress.apiVersion Force Ingress API version (automatically detected if not set)
2019
##
2020
apiVersion: ""
2021
## @param filer.ingress.hostname Default host for the ingress record
2022
##
2023
hostname: filer.seaweedfs.local
2024
## @param filer.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2025
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2026
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2027
##
2028
ingressClassName: ""
2029
## @param filer.ingress.path Default path for the ingress record
2030
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
2031
##
2032
path: /
2033
## @param filer.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
2034
## Use this parameter to set the required annotations for cert-manager, see
2035
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2036
## e.g:
2037
## annotations:
2038
## kubernetes.io/ingress.class: nginx
2039
## cert-manager.io/cluster-issuer: cluster-issuer-name
2040
##
2041
annotations: {}
2042
## @param filer.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
2043
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
2044
## You can:
2045
## - Use the `ingress.secrets` parameter to create this TLS secret
2046
## - Rely on cert-manager to create it by setting the corresponding annotations
2047
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
2048
##
2049
tls: false
2050
## @param filer.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2051
##
2052
selfSigned: false
2053
## @param filer.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
2054
## e.g:
2055
## extraHosts:
2056
## - name: filer.seaweedfs.local
2057
## path: /
2058
##
2059
extraHosts: []
2060
## @param filer.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
2061
## e.g:
2062
## extraPaths:
2063
## - path: /*
2064
## backend:
2065
## serviceName: ssl-redirect
2066
## servicePort: use-annotation
2067
##
2068
extraPaths: []
2069
## @param filer.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
2070
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2071
## e.g:
2072
## extraTls:
2073
## - hosts:
2074
## - filer.seaweedfs.local
2075
## secretName: filer.seaweedfs.local-tls
2076
##
2077
extraTls: []
2078
## @param filer.ingress.secrets Custom TLS certificates as secrets
2079
## NOTE: 'key' and 'certificate' are expected in PEM format
2080
## NOTE: 'name' should line up with a 'secretName' set further up
2081
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
2082
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
2083
## It is also possible to create and manage the certificates outside of this helm chart
2084
## Please see README.md for more information
2085
## e.g:
2086
## secrets:
2087
## - name: filer.seaweedfs.local-tls
2088
## key: |-
2089
## -----BEGIN RSA PRIVATE KEY-----
2090
## ...
2091
## -----END RSA PRIVATE KEY-----
2092
## certificate: |-
2093
## -----BEGIN CERTIFICATE-----
2094
## ...
2095
## -----END CERTIFICATE-----
2096
##
2097
secrets: []
2098
## @param filer.ingress.extraRules Additional rules to be covered with this ingress record
2099
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2100
## e.g:
2101
## extraRules:
2102
## - host: example.local
2103
## http:
2104
## path: /
2105
## backend:
2106
## service:
2107
## name: example-svc
2108
## port:
2109
## name: http
2110
##
2111
extraRules: []
2112
## @section Filer Server Persistence Parameters
2113
##
2114
2115
## Enable Filer logs persistence using Persistent Volume Claims
2116
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
2117
##
2118
logPersistence:
2119
## @param filer.logPersistence.enabled Enable logs persistence on Filer Server using Persistent Volume Claims
2120
##
2121
enabled: false
2122
## @param filer.logPersistence.mountPath Path to mount the volume at.
2123
##
2124
mountPath: /logs
2125
## @param filer.logPersistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
2126
##
2127
subPath: ""
2128
## @param filer.logPersistence.storageClass Storage class of backing PVC
2129
## If defined, storageClassName: <storageClass>
2130
## If set to "-", storageClassName: "", which disables dynamic provisioning
2131
## If undefined (the default) or set to null, no storageClassName spec is
2132
## set, choosing the default provisioner. (gp2 on AWS, standard on
2133
## GKE, AWS & OpenStack)
2134
##
2135
storageClass: ""
2136
## @param filer.logPersistence.annotations Persistent Volume Claim annotations
2137
##
2138
annotations: {}
2139
## @param filer.logPersistence.accessModes Persistent Volume Access Modes
2140
##
2141
accessModes:
2142
- ReadWriteOnce
2143
## @param filer.logPersistence.size Size of logs volume
2144
##
2145
size: 8Gi
2146
## @param filer.logPersistence.existingClaim The name of an existing PVC to use for logs persistence
2147
##
2148
existingClaim: ""
2149
## @param filer.logPersistence.selector Selector to match an existing Persistent Volume for logs PVC
2150
## If set, the PVC can't have a PV dynamically provisioned for it
2151
## E.g.
2152
## selector:
2153
## matchLabels:
2154
## app: my-app
2155
##
2156
selector: {}
2157
## @param filer.logPersistence.dataSource Custom PVC data source
2158
##
2159
dataSource: {}
2160
## persistentVolumeClaimRetentionPolicy
2161
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention
2162
## @param filer.persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of the Master Server StatefulSet
2163
## @param filer.persistentVolumeClaimRetentionPolicy.whenScaled Volume retention behavior when the replica count of the StatefulSet is reduced
2164
## @param filer.persistentVolumeClaimRetentionPolicy.whenDeleted Volume retention behavior that applies when the StatefulSet is deleted
2165
##
2166
persistentVolumeClaimRetentionPolicy:
2167
enabled: false
2168
whenScaled: Retain
2169
whenDeleted: Retain
2170
## @section Filer Server Metrics Parameters
2171
##
2172
metrics:
2173
## @param filer.metrics.enabled Enable the export of Prometheus metrics
2174
##
2175
enabled: false
2176
## Metrics service properties
2177
##
2178
service:
2179
## @param filer.metrics.service.port Metrics service port
2180
##
2181
port: 9327
2182
## @param filer.metrics.service.annotations Annotations for the metrics service.
2183
##
2184
annotations: {}
2185
## Prometheus Operator ServiceMonitor configuration
2186
##
2187
serviceMonitor:
2188
## @param filer.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
2189
##
2190
enabled: false
2191
## @param filer.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
2192
##
2193
namespace: ""
2194
## @param filer.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
2195
##
2196
annotations: {}
2197
## @param filer.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
2198
##
2199
labels: {}
2200
## @param filer.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
2201
##
2202
jobLabel: ""
2203
## @param filer.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
2204
##
2205
honorLabels: false
2206
## @param filer.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
2207
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2208
## e.g:
2209
## interval: 10s
2210
##
2211
interval: ""
2212
## @param filer.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
2213
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2214
## e.g:
2215
## scrapeTimeout: 10s
2216
##
2217
scrapeTimeout: ""
2218
## @param filer.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
2219
##
2220
metricRelabelings: []
2221
## @param filer.metrics.serviceMonitor.relabelings Specify general relabeling
2222
##
2223
relabelings: []
2224
## @param filer.metrics.serviceMonitor.selector Prometheus instance selector labels
2225
## selector:
2226
## prometheus: my-prometheus
2227
##
2228
selector: {}
2229
## @section Amazon S3 API Parameters
2230
##
2231
s3:
2232
## @param s3.enabled Enable Amazon S3 API deployment
2233
##
2234
enabled: false
2235
## @param s3.replicaCount Number of Amazon S3 API replicas to deploy
2236
##
2237
replicaCount: 1
2238
## @param s3.containerPorts.http Amazon S3 API HTTP container port
2239
## @param s3.containerPorts.grpc Amazon S3 API GRPC container port
2240
## @param s3.containerPorts.metrics Amazon S3 API metrics container port
2241
##
2242
containerPorts:
2243
http: 8333
2244
grpc: 18333
2245
metrics: 9327
2246
## @param s3.extraContainerPorts Optionally specify extra list of additional ports for Amazon S3 API containers
2247
## e.g:
2248
## extraContainerPorts:
2249
## - name: myservice
2250
## containerPort: 9090
2251
##
2252
extraContainerPorts: []
2253
## Configure extra options for Amazon S3 API containers' liveness and readiness probes
2254
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
2255
## @param s3.livenessProbe.enabled Enable livenessProbe on Amazon S3 API containers
2256
## @param s3.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2257
## @param s3.livenessProbe.periodSeconds Period seconds for livenessProbe
2258
## @param s3.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2259
## @param s3.livenessProbe.failureThreshold Failure threshold for livenessProbe
2260
## @param s3.livenessProbe.successThreshold Success threshold for livenessProbe
2261
##
2262
livenessProbe:
2263
enabled: true
2264
initialDelaySeconds: 30
2265
timeoutSeconds: 30
2266
periodSeconds: 10
2267
successThreshold: 1
2268
failureThreshold: 6
2269
## @param s3.readinessProbe.enabled Enable readinessProbe on Amazon S3 API containers
2270
## @param s3.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2271
## @param s3.readinessProbe.periodSeconds Period seconds for readinessProbe
2272
## @param s3.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2273
## @param s3.readinessProbe.failureThreshold Failure threshold for readinessProbe
2274
## @param s3.readinessProbe.successThreshold Success threshold for readinessProbe
2275
##
2276
readinessProbe:
2277
enabled: true
2278
initialDelaySeconds: 30
2279
timeoutSeconds: 30
2280
periodSeconds: 10
2281
successThreshold: 1
2282
failureThreshold: 6
2283
## @param s3.startupProbe.enabled Enable startupProbe on Amazon S3 API containers
2284
## @param s3.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2285
## @param s3.startupProbe.periodSeconds Period seconds for startupProbe
2286
## @param s3.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2287
## @param s3.startupProbe.failureThreshold Failure threshold for startupProbe
2288
## @param s3.startupProbe.successThreshold Success threshold for startupProbe
2289
##
2290
startupProbe:
2291
enabled: false
2292
initialDelaySeconds: 5
2293
periodSeconds: 5
2294
timeoutSeconds: 1
2295
failureThreshold: 15
2296
successThreshold: 1
2297
## @param s3.customLivenessProbe Custom livenessProbe that overrides the default one
2298
##
2299
customLivenessProbe: {}
2300
## @param s3.customReadinessProbe Custom readinessProbe that overrides the default one
2301
##
2302
customReadinessProbe: {}
2303
## @param s3.customStartupProbe Custom startupProbe that overrides the default one
2304
##
2305
customStartupProbe: {}
2306
## Amazon S3 API resource requests and limits
2307
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2308
## @param s3.resourcesPreset Set Amazon S3 API container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if s3.resources is set (s3.resources is recommended for production).
2309
##
2310
resourcesPreset: "nano"
2311
## @param s3.resources Set Amazon S3 API container requests and limits for different resources like CPU or memory (essential for production workloads)
2312
## Example:
2313
## resources:
2314
## requests:
2315
## cpu: 2
2316
## memory: 512Mi
2317
## limits:
2318
## cpu: 3
2319
## memory: 1024Mi
2320
##
2321
resources: {}
2322
## Configure Pods Security Context
2323
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2324
## @param s3.podSecurityContext.enabled Enable Amazon S3 API pods' Security Context
2325
## @param s3.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Amazon S3 API pods
2326
## @param s3.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Amazon S3 API pods
2327
## @param s3.podSecurityContext.supplementalGroups Set filesystem extra groups for Amazon S3 API pods
2328
## @param s3.podSecurityContext.fsGroup Set fsGroup in Amazon S3 API pods' Security Context
2329
##
2330
podSecurityContext:
2331
enabled: true
2332
fsGroupChangePolicy: Always
2333
sysctls: []
2334
supplementalGroups: []
2335
fsGroup: 1001
2336
## Configure Container Security Context
2337
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2338
## @param s3.containerSecurityContext.enabled Enabled Amazon S3 API container' Security Context
2339
## @param s3.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Amazon S3 API container
2340
## @param s3.containerSecurityContext.runAsUser Set runAsUser in Amazon S3 API container' Security Context
2341
## @param s3.containerSecurityContext.runAsGroup Set runAsGroup in Amazon S3 API container' Security Context
2342
## @param s3.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Amazon S3 API container' Security Context
2343
## @param s3.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Amazon S3 API container' Security Context
2344
## @param s3.containerSecurityContext.privileged Set privileged in Amazon S3 API container' Security Context
2345
## @param s3.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Amazon S3 API container' Security Context
2346
## @param s3.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Amazon S3 API container
2347
## @param s3.containerSecurityContext.seccompProfile.type Set seccomp profile in Amazon S3 API container
2348
##
2349
containerSecurityContext:
2350
enabled: true
2351
seLinuxOptions: {}
2352
runAsUser: 1001
2353
runAsGroup: 1001
2354
runAsNonRoot: true
2355
readOnlyRootFilesystem: true
2356
privileged: false
2357
allowPrivilegeEscalation: false
2358
capabilities:
2359
drop: ["ALL"]
2360
seccompProfile:
2361
type: "RuntimeDefault"
2362
## @param s3.logLevel Amazon S3 API log level (0, 1, 2, 3, or 4)
2363
##
2364
logLevel: 1
2365
## @param s3.bindAddress Amazon S3 API bind address
2366
##
2367
bindAddress: 0.0.0.0
2368
## @param s3.allowEmptyFolder Allow empty folders in Amazon S3 API
2369
allowEmptyFolder: true
2370
## S3 Authentication
2371
## ref: https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API#s3-authentication
2372
## @param s3.auth.enabled Enable Amazon S3 API authentication
2373
## @param s3.auth.existingSecret Existing secret with Amazon S3 API authentication configuration
2374
## @param s3.auth.existingSecretConfigKey Key of the above existing secret with S3 API authentication configuration, defaults to `config.json`
2375
## @param s3.auth.adminAccessKeyId Amazon S3 API access key with admin privileges. Ignored if `s3.auth.existingSecret` is set
2376
## @param s3.auth.adminSecretAccessKey Amazon S3 API secret key with admin privileges. Ignored if `s3.auth.existingSecret` is set
2377
## @param s3.auth.readAccessKeyId Amazon S3 API read access key with read-only privileges. Ignored if `s3.auth.existingSecret` is set
2378
## @param s3.auth.readSecretAccessKey Amazon S3 API read secret key with read-only privileges. Ignored if `s3.auth.existingSecret` is set
2379
##
2380
auth:
2381
enabled: false
2382
existingSecret: ""
2383
existingSecretConfigKey: ""
2384
adminAccessKeyId: ""
2385
adminSecretAccessKey: ""
2386
readAccessKeyId: ""
2387
readSecretAccessKey: ""
2388
## @param s3.command Override default Amazon S3 API container command (useful when using custom images)
2389
##
2390
command: []
2391
## @param s3.args Override default Amazon S3 API container args (useful when using custom images)
2392
##
2393
args: []
2394
## @param s3.automountServiceAccountToken Mount Service Account token in Amazon S3 API pods
2395
##
2396
automountServiceAccountToken: false
2397
## @param s3.hostAliases Amazon S3 API pods host aliases
2398
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2399
##
2400
hostAliases: []
2401
## @param s3.statefulsetAnnotations Annotations for Amazon S3 API statefulset
2402
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2403
##
2404
statefulsetAnnotations: {}
2405
## @param s3.podLabels Extra labels for Amazon S3 API pods
2406
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
2407
##
2408
podLabels: {}
2409
## @param s3.podAnnotations Annotations for Amazon S3 API pods
2410
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
2411
##
2412
podAnnotations: {}
2413
## @param s3.podAffinityPreset Pod affinity preset. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`
2414
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2415
##
2416
podAffinityPreset: ""
2417
## @param s3.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`
2418
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
2419
##
2420
podAntiAffinityPreset: soft
2421
## Node s3.affinity preset
2422
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
2423
##
2424
nodeAffinityPreset:
2425
## @param s3.nodeAffinityPreset.type Node affinity preset type. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`
2426
##
2427
type: ""
2428
## @param s3.nodeAffinityPreset.key Node label key to match. Ignored if `s3.affinity` is set
2429
##
2430
key: ""
2431
## @param s3.nodeAffinityPreset.values Node label values to match. Ignored if `s3.affinity` is set
2432
## E.g.
2433
## values:
2434
## - e2e-az1
2435
## - e2e-az2
2436
##
2437
values: []
2438
## @param s3.affinity Affinity for Amazon S3 API pods assignment
2439
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
2440
## NOTE: `s3.podAffinityPreset`, `s3.podAntiAffinityPreset`, and `s3.nodeAffinityPreset` will be ignored when it's set
2441
##
2442
affinity: {}
2443
## @param s3.nodeSelector Node labels for Amazon S3 API pods assignment
2444
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
2445
##
2446
nodeSelector: {}
2447
## @param s3.tolerations Tolerations for Amazon S3 API pods assignment
2448
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
2449
##
2450
tolerations: []
2451
## @param s3.updateStrategy.type Amazon S3 API deployment strategy type
2452
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
2453
##
2454
updateStrategy:
2455
## Can be set to RollingUpdate or Recreate
2456
##
2457
type: RollingUpdate
2458
## @param s3.priorityClassName Amazon S3 API pods' priorityClassName
2459
##
2460
priorityClassName: ""
2461
## @param s3.topologySpreadConstraints Topology Spread Constraints for Amazon S3 API pod assignment spread across your cluster among failure-domains
2462
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
2463
##
2464
topologySpreadConstraints: []
2465
## @param s3.schedulerName Name of the k8s scheduler (other than default) for Amazon S3 API pods
2466
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
2467
##
2468
schedulerName: ""
2469
## @param s3.terminationGracePeriodSeconds Seconds Amazon S3 API pods need to terminate gracefully
2470
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
2471
##
2472
terminationGracePeriodSeconds: ""
2473
## @param s3.lifecycleHooks for Amazon S3 API containers to automate configuration before or after startup
2474
##
2475
lifecycleHooks: {}
2476
## @param s3.extraEnvVars Array with extra environment variables to add to Amazon S3 API containers
2477
## e.g:
2478
## extraEnvVars:
2479
## - name: FOO
2480
## value: "bar"
2481
##
2482
extraEnvVars: []
2483
## @param s3.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Amazon S3 API containers
2484
##
2485
extraEnvVarsCM: ""
2486
## @param s3.extraEnvVarsSecret Name of existing Secret containing extra env vars for Amazon S3 API containers
2487
##
2488
extraEnvVarsSecret: ""
2489
## @param s3.extraVolumes Optionally specify extra list of additional volumes for the Amazon S3 API pods
2490
##
2491
extraVolumes: []
2492
## @param s3.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Amazon S3 API containers
2493
##
2494
extraVolumeMounts: []
2495
## @param s3.sidecars Add additional sidecar containers to the Amazon S3 API pods
2496
## e.g:
2497
## sidecars:
2498
## - name: your-image-name
2499
## image: your-image
2500
## imagePullPolicy: Always
2501
## ports:
2502
## - name: portname
2503
## containerPort: 1234
2504
##
2505
sidecars: []
2506
## @param s3.initContainers Add additional init containers to the Amazon S3 API pods
2507
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
2508
## e.g:
2509
## initContainers:
2510
## - name: your-image-name
2511
## image: your-image
2512
## imagePullPolicy: Always
2513
## command: ['sh', '-c', 'echo "hello world"']
2514
##
2515
initContainers: []
2516
## Pod Disruption Budget configuration
2517
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
2518
## @param s3.pdb.create Enable/disable a Pod Disruption Budget creation
2519
## @param s3.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
2520
## @param s3.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `s3.pdb.minAvailable` and `s3.pdb.maxUnavailable` are empty.
2521
##
2522
pdb:
2523
create: true
2524
minAvailable: ""
2525
maxUnavailable: ""
2526
## Autoscaling configuration
2527
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
2528
## @param s3.autoscaling.enabled Enable autoscaling for s3
2529
## @param s3.autoscaling.minReplicas Minimum number of s3 replicas
2530
## @param s3.autoscaling.maxReplicas Maximum number of s3 replicas
2531
## @param s3.autoscaling.targetCPU Target CPU utilization percentage
2532
## @param s3.autoscaling.targetMemory Target Memory utilization percentage
2533
##
2534
autoscaling:
2535
enabled: false
2536
minReplicas: ""
2537
maxReplicas: ""
2538
targetCPU: ""
2539
targetMemory: ""
2540
## @section Amazon S3 API Traffic Exposure Parameters
2541
##
2542
2543
## Amazon S3 API service parameters
2544
##
2545
service:
2546
## @param s3.service.type Amazon S3 API service type
2547
##
2548
type: ClusterIP
2549
## @param s3.service.ports.http Amazon S3 API service HTTP port
2550
## @param s3.service.ports.grpc Amazon S3 API service GRPC port
2551
##
2552
ports:
2553
http: 8333
2554
grpc: 18333
2555
## Node ports to expose
2556
## @param s3.service.nodePorts.http Node port for HTTP
2557
## @param s3.service.nodePorts.grpc Node port for GRPC
2558
## NOTE: choose port between <30000-32767>
2559
##
2560
nodePorts:
2561
http: ""
2562
grpc: ""
2563
## @param s3.service.clusterIP Amazon S3 API service Cluster IP
2564
## e.g.:
2565
## clusterIP: None
2566
##
2567
clusterIP: ""
2568
## @param s3.service.loadBalancerIP Amazon S3 API service Load Balancer IP
2569
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
2570
##
2571
loadBalancerIP: ""
2572
## @param s3.service.loadBalancerSourceRanges Amazon S3 API service Load Balancer sources
2573
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
2574
## e.g:
2575
## loadBalancerSourceRanges:
2576
## - 10.10.10.0/24
2577
##
2578
loadBalancerSourceRanges: []
2579
## @param s3.service.externalTrafficPolicy Amazon S3 API service external traffic policy
2580
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
2581
##
2582
externalTrafficPolicy: Cluster
2583
## @param s3.service.annotations Additional custom annotations for Amazon S3 API service
2584
##
2585
annotations: {}
2586
## @param s3.service.extraPorts Extra ports to expose in Amazon S3 API service (normally used with the `sidecars` value)
2587
##
2588
extraPorts: []
2589
## @param s3.service.sessionAffinity Control where client requests go, to the same pod or round-robin
2590
## Values: ClientIP or None
2591
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
2592
##
2593
sessionAffinity: None
2594
## @param s3.service.sessionAffinityConfig Additional settings for the sessionAffinity
2595
## sessionAffinityConfig:
2596
## clientIP:
2597
## timeoutSeconds: 300
2598
##
2599
sessionAffinityConfig: {}
2600
## Headless service properties
2601
##
2602
headless:
2603
## @param s3.service.headless.annotations Annotations for the headless service.
2604
##
2605
annotations: {}
2606
## Network Policies for Amazon S3 API
2607
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
2608
##
2609
networkPolicy:
2610
## @param s3.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Amazon S3 API
2611
##
2612
enabled: true
2613
## @param s3.networkPolicy.allowExternal Don't require server label for connections
2614
## The Policy model to apply. When set to false, only pods with the correct
2615
## server label will have network access to the ports server is listening
2616
## on. When true, server will accept connections from any source
2617
## (with the correct destination port).
2618
##
2619
allowExternal: true
2620
## @param s3.networkPolicy.allowExternalEgress Allow the Amazon S3 API pods to access any range of port and all destinations.
2621
##
2622
allowExternalEgress: true
2623
## @param s3.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
2624
## e.g:
2625
## extraIngress:
2626
## - ports:
2627
## - port: 1234
2628
## from:
2629
## - podSelector:
2630
## - matchLabels:
2631
## - role: frontend
2632
## - podSelector:
2633
## - matchExpressions:
2634
## - key: role
2635
## operator: In
2636
## values:
2637
## - frontend
2638
extraIngress: []
2639
## @param s3.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
2640
## e.g:
2641
## extraEgress:
2642
## - ports:
2643
## - port: 1234
2644
## to:
2645
## - podSelector:
2646
## - matchLabels:
2647
## - role: frontend
2648
## - podSelector:
2649
## - matchExpressions:
2650
## - key: role
2651
## operator: In
2652
## values:
2653
## - frontend
2654
##
2655
extraEgress: []
2656
## @param s3.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
2657
## @param s3.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
2658
##
2659
ingressNSMatchLabels: {}
2660
ingressNSPodMatchLabels: {}
2661
## Amazon S3 API ingress parameters
2662
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
2663
##
2664
ingress:
2665
## @param s3.ingress.enabled Enable ingress record generation for Amazon S3 API
2666
##
2667
enabled: false
2668
## @param s3.ingress.pathType Ingress path type
2669
##
2670
pathType: ImplementationSpecific
2671
## @param s3.ingress.apiVersion Force Ingress API version (automatically detected if not set)
2672
##
2673
apiVersion: ""
2674
## @param s3.ingress.hostname Default host for the ingress record
2675
##
2676
hostname: s3.seaweedfs.local
2677
## @param s3.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
2678
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
2679
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
2680
##
2681
ingressClassName: ""
2682
## @param s3.ingress.path Default path for the ingress record
2683
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
2684
##
2685
path: /
2686
## @param s3.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
2687
## Use this parameter to set the required annotations for cert-manager, see
2688
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
2689
## e.g:
2690
## annotations:
2691
## kubernetes.io/ingress.class: nginx
2692
## cert-manager.io/cluster-issuer: cluster-issuer-name
2693
##
2694
annotations: {}
2695
## @param s3.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
2696
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
2697
## You can:
2698
## - Use the `ingress.secrets` parameter to create this TLS secret
2699
## - Rely on cert-manager to create it by setting the corresponding annotations
2700
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
2701
##
2702
tls: false
2703
## @param s3.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
2704
##
2705
selfSigned: false
2706
## @param s3.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
2707
## e.g:
2708
## extraHosts:
2709
## - name: s3.seaweedfs.local
2710
## path: /
2711
##
2712
extraHosts: []
2713
## @param s3.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
2714
## e.g:
2715
## extraPaths:
2716
## - path: /*
2717
## backend:
2718
## serviceName: ssl-redirect
2719
## servicePort: use-annotation
2720
##
2721
extraPaths: []
2722
## @param s3.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
2723
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
2724
## e.g:
2725
## extraTls:
2726
## - hosts:
2727
## - s3.seaweedfs.local
2728
## secretName: s3.seaweedfs.local-tls
2729
##
2730
extraTls: []
2731
## @param s3.ingress.secrets Custom TLS certificates as secrets
2732
## NOTE: 'key' and 'certificate' are expected in PEM format
2733
## NOTE: 'name' should line up with a 'secretName' set further up
2734
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
2735
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
2736
## It is also possible to create and manage the certificates outside of this helm chart
2737
## Please see README.md for more information
2738
## e.g:
2739
## secrets:
2740
## - name: s3.seaweedfs.local-tls
2741
## key: |-
2742
## -----BEGIN RSA PRIVATE KEY-----
2743
## ...
2744
## -----END RSA PRIVATE KEY-----
2745
## certificate: |-
2746
## -----BEGIN CERTIFICATE-----
2747
## ...
2748
## -----END CERTIFICATE-----
2749
##
2750
secrets: []
2751
## @param s3.ingress.extraRules Additional rules to be covered with this ingress record
2752
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
2753
## e.g:
2754
## extraRules:
2755
## - host: example.local
2756
## http:
2757
## path: /
2758
## backend:
2759
## service:
2760
## name: example-svc
2761
## port:
2762
## name: http
2763
##
2764
extraRules: []
2765
## @section Amazon S3 API Metrics Parameters
2766
##
2767
metrics:
2768
## @param s3.metrics.enabled Enable the export of Prometheus metrics
2769
##
2770
enabled: false
2771
## Metrics service properties
2772
##
2773
service:
2774
## @param s3.metrics.service.port Metrics service port
2775
##
2776
port: 9327
2777
## @param s3.metrics.service.annotations Annotations for the metrics service.
2778
##
2779
annotations: {}
2780
## Prometheus Operator ServiceMonitor configuration
2781
##
2782
serviceMonitor:
2783
## @param s3.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
2784
##
2785
enabled: false
2786
## @param s3.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
2787
##
2788
namespace: ""
2789
## @param s3.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
2790
##
2791
annotations: {}
2792
## @param s3.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
2793
##
2794
labels: {}
2795
## @param s3.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
2796
##
2797
jobLabel: ""
2798
## @param s3.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
2799
##
2800
honorLabels: false
2801
## @param s3.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
2802
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2803
## e.g:
2804
## interval: 10s
2805
##
2806
interval: ""
2807
## @param s3.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
2808
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
2809
## e.g:
2810
## scrapeTimeout: 10s
2811
##
2812
scrapeTimeout: ""
2813
## @param s3.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
2814
##
2815
metricRelabelings: []
2816
## @param s3.metrics.serviceMonitor.relabelings Specify general relabeling
2817
##
2818
relabelings: []
2819
## @param s3.metrics.serviceMonitor.selector Prometheus instance selector labels
2820
## selector:
2821
## prometheus: my-prometheus
2822
##
2823
selector: {}
2824
## @section WebDAV Parameters
2825
##
2826
webdav:
2827
## @param webdav.enabled Enable WebDAV deployment
2828
##
2829
enabled: false
2830
## @param webdav.replicaCount Number of WebDAV replicas to deploy
2831
##
2832
replicaCount: 1
2833
## @param webdav.containerPorts.http WebDAV HTTP container port (HTTPS if `webdav.tls.enabled` is `true`)
2834
##
2835
containerPorts:
2836
http: 7333
2837
## @param webdav.extraContainerPorts Optionally specify extra list of additional ports for WebDAV containers
2838
## e.g:
2839
## extraContainerPorts:
2840
## - name: myservice
2841
## containerPort: 9090
2842
##
2843
extraContainerPorts: []
2844
## Configure extra options for WebDAV containers' liveness and readiness probes
2845
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
2846
## @param webdav.livenessProbe.enabled Enable livenessProbe on WebDAV containers
2847
## @param webdav.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
2848
## @param webdav.livenessProbe.periodSeconds Period seconds for livenessProbe
2849
## @param webdav.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
2850
## @param webdav.livenessProbe.failureThreshold Failure threshold for livenessProbe
2851
## @param webdav.livenessProbe.successThreshold Success threshold for livenessProbe
2852
##
2853
livenessProbe:
2854
enabled: true
2855
initialDelaySeconds: 30
2856
timeoutSeconds: 30
2857
periodSeconds: 10
2858
successThreshold: 1
2859
failureThreshold: 6
2860
## @param webdav.readinessProbe.enabled Enable readinessProbe on WebDAV containers
2861
## @param webdav.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
2862
## @param webdav.readinessProbe.periodSeconds Period seconds for readinessProbe
2863
## @param webdav.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
2864
## @param webdav.readinessProbe.failureThreshold Failure threshold for readinessProbe
2865
## @param webdav.readinessProbe.successThreshold Success threshold for readinessProbe
2866
##
2867
readinessProbe:
2868
enabled: true
2869
initialDelaySeconds: 30
2870
timeoutSeconds: 30
2871
periodSeconds: 10
2872
successThreshold: 1
2873
failureThreshold: 6
2874
## @param webdav.startupProbe.enabled Enable startupProbe on WebDAV containers
2875
## @param webdav.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
2876
## @param webdav.startupProbe.periodSeconds Period seconds for startupProbe
2877
## @param webdav.startupProbe.timeoutSeconds Timeout seconds for startupProbe
2878
## @param webdav.startupProbe.failureThreshold Failure threshold for startupProbe
2879
## @param webdav.startupProbe.successThreshold Success threshold for startupProbe
2880
##
2881
startupProbe:
2882
enabled: false
2883
initialDelaySeconds: 5
2884
periodSeconds: 5
2885
timeoutSeconds: 1
2886
failureThreshold: 15
2887
successThreshold: 1
2888
## @param webdav.customLivenessProbe Custom livenessProbe that overrides the default one
2889
##
2890
customLivenessProbe: {}
2891
## @param webdav.customReadinessProbe Custom readinessProbe that overrides the default one
2892
##
2893
customReadinessProbe: {}
2894
## @param webdav.customStartupProbe Custom startupProbe that overrides the default one
2895
##
2896
customStartupProbe: {}
2897
## WebDAV resource requests and limits
2898
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
2899
## @param webdav.resourcesPreset Set WebDAV container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if webdav.resources is set (webdav.resources is recommended for production).
2900
##
2901
resourcesPreset: "nano"
2902
## @param webdav.resources Set WebDAV container requests and limits for different resources like CPU or memory (essential for production workloads)
2903
## Example:
2904
## resources:
2905
## requests:
2906
## cpu: 2
2907
## memory: 512Mi
2908
## limits:
2909
## cpu: 3
2910
## memory: 1024Mi
2911
##
2912
resources: {}
2913
## Configure Pods Security Context
2914
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
2915
## @param webdav.podSecurityContext.enabled Enable WebDAV pods' Security Context
2916
## @param webdav.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for WebDAV pods
2917
## @param webdav.podSecurityContext.sysctls Set kernel settings using the sysctl interface for WebDAV pods
2918
## @param webdav.podSecurityContext.supplementalGroups Set filesystem extra groups for WebDAV pods
2919
## @param webdav.podSecurityContext.fsGroup Set fsGroup in WebDAV pods' Security Context
2920
##
2921
podSecurityContext:
2922
enabled: true
2923
fsGroupChangePolicy: Always
2924
sysctls: []
2925
supplementalGroups: []
2926
fsGroup: 1001
2927
## Configure Container Security Context
2928
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
2929
## @param webdav.containerSecurityContext.enabled Enabled WebDAV container' Security Context
2930
## @param webdav.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in WebDAV container
2931
## @param webdav.containerSecurityContext.runAsUser Set runAsUser in WebDAV container' Security Context
2932
## @param webdav.containerSecurityContext.runAsGroup Set runAsGroup in WebDAV container' Security Context
2933
## @param webdav.containerSecurityContext.runAsNonRoot Set runAsNonRoot in WebDAV container' Security Context
2934
## @param webdav.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in WebDAV container' Security Context
2935
## @param webdav.containerSecurityContext.privileged Set privileged in WebDAV container' Security Context
2936
## @param webdav.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in WebDAV container' Security Context
2937
## @param webdav.containerSecurityContext.capabilities.drop List of capabilities to be dropped in WebDAV container
2938
## @param webdav.containerSecurityContext.seccompProfile.type Set seccomp profile in WebDAV container
2939
##
2940
containerSecurityContext:
2941
enabled: true
2942
seLinuxOptions: {}
2943
runAsUser: 1001
2944
runAsGroup: 1001
2945
runAsNonRoot: true
2946
readOnlyRootFilesystem: true
2947
privileged: false
2948
allowPrivilegeEscalation: false
2949
capabilities:
2950
drop: ["ALL"]
2951
seccompProfile:
2952
type: "RuntimeDefault"
2953
## @param webdav.logLevel WebDAV log level (0, 1, 2, 3, or 4)
2954
##
2955
logLevel: 1
2956
## TLS configuration for WebDAV
2957
##
2958
tls:
2959
## @param webdav.tls.enabled Enable TLS transport for WebDAV
2960
##
2961
enabled: false
2962
## @param webdav.tls.autoGenerated.enabled Enable automatic generation of certificates for TLS
2963
## @param webdav.tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
2964
autoGenerated:
2965
enabled: false
2966
engine: helm
2967
## @param webdav.tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
2968
## @param webdav.tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
2969
## @param webdav.tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
2970
## @param webdav.tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
2971
## @param webdav.tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
2972
## @param webdav.tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
2973
certManager:
2974
existingIssuer: ""
2975
existingIssuerKind: ""
2976
keySize: 2048
2977
keyAlgorithm: RSA
2978
duration: 2160h
2979
renewBefore: 360h
2980
## @param webdav.tls.existingSecret The name of an existing Secret containing the certificates for TLS
2981
## @param webdav.tls.cert Volume Server certificate for TLS. Ignored if `webdav.tls.existingSecret` is set
2982
## @param webdav.tls.key Volume Server key for TLS. Ignored if `webdav.tls.existingSecret` is set
2983
##
2984
existingSecret: ""
2985
cert: ""
2986
key: ""
2987
## @param webdav.command Override default WebDAV container command (useful when using custom images)
2988
##
2989
command: []
2990
## @param webdav.args Override default WebDAV container args (useful when using custom images)
2991
##
2992
args: []
2993
## @param webdav.automountServiceAccountToken Mount Service Account token in WebDAV pods
2994
##
2995
automountServiceAccountToken: false
2996
## @param webdav.hostAliases WebDAV pods host aliases
2997
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
2998
##
2999
hostAliases: []
3000
## @param webdav.statefulsetAnnotations Annotations for WebDAV statefulset
3001
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3002
##
3003
statefulsetAnnotations: {}
3004
## @param webdav.podLabels Extra labels for WebDAV pods
3005
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3006
##
3007
podLabels: {}
3008
## @param webdav.podAnnotations Annotations for WebDAV pods
3009
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3010
##
3011
podAnnotations: {}
3012
## @param webdav.podAffinityPreset Pod affinity preset. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`
3013
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3014
##
3015
podAffinityPreset: ""
3016
## @param webdav.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`
3017
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3018
##
3019
podAntiAffinityPreset: soft
3020
## Node webdav.affinity preset
3021
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3022
##
3023
nodeAffinityPreset:
3024
## @param webdav.nodeAffinityPreset.type Node affinity preset type. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`
3025
##
3026
type: ""
3027
## @param webdav.nodeAffinityPreset.key Node label key to match. Ignored if `webdav.affinity` is set
3028
##
3029
key: ""
3030
## @param webdav.nodeAffinityPreset.values Node label values to match. Ignored if `webdav.affinity` is set
3031
## E.g.
3032
## values:
3033
## - e2e-az1
3034
## - e2e-az2
3035
##
3036
values: []
3037
## @param webdav.affinity Affinity for WebDAV pods assignment
3038
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3039
## NOTE: `webdav.podAffinityPreset`, `webdav.podAntiAffinityPreset`, and `webdav.nodeAffinityPreset` will be ignored when it's set
3040
##
3041
affinity: {}
3042
## @param webdav.nodeSelector Node labels for WebDAV pods assignment
3043
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3044
##
3045
nodeSelector: {}
3046
## @param webdav.tolerations Tolerations for WebDAV pods assignment
3047
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3048
##
3049
tolerations: []
3050
## @param webdav.updateStrategy.type WebDAV deployment strategy type
3051
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3052
##
3053
updateStrategy:
3054
## Can be set to RollingUpdate or Recreate
3055
##
3056
type: RollingUpdate
3057
## @param webdav.priorityClassName WebDAV pods' priorityClassName
3058
##
3059
priorityClassName: ""
3060
## @param webdav.topologySpreadConstraints Topology Spread Constraints for WebDAV pod assignment spread across your cluster among failure-domains
3061
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
3062
##
3063
topologySpreadConstraints: []
3064
## @param webdav.schedulerName Name of the k8s scheduler (other than default) for WebDAV pods
3065
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3066
##
3067
schedulerName: ""
3068
## @param webdav.terminationGracePeriodSeconds Seconds WebDAV pods need to terminate gracefully
3069
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
3070
##
3071
terminationGracePeriodSeconds: ""
3072
## @param webdav.lifecycleHooks for WebDAV containers to automate configuration before or after startup
3073
##
3074
lifecycleHooks: {}
3075
## @param webdav.extraEnvVars Array with extra environment variables to add to WebDAV containers
3076
## e.g:
3077
## extraEnvVars:
3078
## - name: FOO
3079
## value: "bar"
3080
##
3081
extraEnvVars: []
3082
## @param webdav.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for WebDAV containers
3083
##
3084
extraEnvVarsCM: ""
3085
## @param webdav.extraEnvVarsSecret Name of existing Secret containing extra env vars for WebDAV containers
3086
##
3087
extraEnvVarsSecret: ""
3088
## @param webdav.extraVolumes Optionally specify extra list of additional volumes for the WebDAV pods
3089
##
3090
extraVolumes: []
3091
## @param webdav.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the WebDAV containers
3092
##
3093
extraVolumeMounts: []
3094
## @param webdav.sidecars Add additional sidecar containers to the WebDAV pods
3095
## e.g:
3096
## sidecars:
3097
## - name: your-image-name
3098
## image: your-image
3099
## imagePullPolicy: Always
3100
## ports:
3101
## - name: portname
3102
## containerPort: 1234
3103
##
3104
sidecars: []
3105
## @param webdav.initContainers Add additional init containers to the WebDAV pods
3106
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3107
## e.g:
3108
## initContainers:
3109
## - name: your-image-name
3110
## image: your-image
3111
## imagePullPolicy: Always
3112
## command: ['sh', '-c', 'echo "hello world"']
3113
##
3114
initContainers: []
3115
## Pod Disruption Budget configuration
3116
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3117
## @param webdav.pdb.create Enable/disable a Pod Disruption Budget creation
3118
## @param webdav.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3119
## @param webdav.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `webdav.pdb.minAvailable` and `webdav.pdb.maxUnavailable` are empty.
3120
##
3121
pdb:
3122
create: true
3123
minAvailable: ""
3124
maxUnavailable: ""
3125
## Autoscaling configuration
3126
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
3127
## @param webdav.autoscaling.enabled Enable autoscaling for webdav
3128
## @param webdav.autoscaling.minReplicas Minimum number of webdav replicas
3129
## @param webdav.autoscaling.maxReplicas Maximum number of webdav replicas
3130
## @param webdav.autoscaling.targetCPU Target CPU utilization percentage
3131
## @param webdav.autoscaling.targetMemory Target Memory utilization percentage
3132
##
3133
autoscaling:
3134
enabled: false
3135
minReplicas: ""
3136
maxReplicas: ""
3137
targetCPU: ""
3138
targetMemory: ""
3139
## @section WebDAV Traffic Exposure Parameters
3140
##
3141
3142
## WebDAV service parameters
3143
##
3144
service:
3145
## @param webdav.service.type WebDAV service type
3146
##
3147
type: ClusterIP
3148
## @param webdav.service.ports.http WebDAV service HTTP port (HTTPS if `webdav.tls.enabled` is `true`)
3149
##
3150
ports:
3151
http: 7333
3152
## Node ports to expose
3153
## @param webdav.service.nodePorts.http Node port for HTTP (HTTPS if `webdav.tls.enabled` is `true`)
3154
## NOTE: choose port between <30000-32767>
3155
##
3156
nodePorts:
3157
http: ""
3158
## @param webdav.service.clusterIP WebDAV service Cluster IP
3159
## e.g.:
3160
## clusterIP: None
3161
##
3162
clusterIP: ""
3163
## @param webdav.service.loadBalancerIP WebDAV service Load Balancer IP
3164
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3165
##
3166
loadBalancerIP: ""
3167
## @param webdav.service.loadBalancerSourceRanges WebDAV service Load Balancer sources
3168
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3169
## e.g:
3170
## loadBalancerSourceRanges:
3171
## - 10.10.10.0/24
3172
##
3173
loadBalancerSourceRanges: []
3174
## @param webdav.service.externalTrafficPolicy WebDAV service external traffic policy
3175
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3176
##
3177
externalTrafficPolicy: Cluster
3178
## @param webdav.service.annotations Additional custom annotations for WebDAV service
3179
##
3180
annotations: {}
3181
## @param webdav.service.extraPorts Extra ports to expose in WebDAV service (normally used with the `sidecars` value)
3182
##
3183
extraPorts: []
3184
## @param webdav.service.sessionAffinity Control where client requests go, to the same pod or round-robin
3185
## Values: ClientIP or None
3186
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
3187
##
3188
sessionAffinity: None
3189
## @param webdav.service.sessionAffinityConfig Additional settings for the sessionAffinity
3190
## sessionAffinityConfig:
3191
## clientIP:
3192
## timeoutSeconds: 300
3193
##
3194
sessionAffinityConfig: {}
3195
## Headless service properties
3196
##
3197
headless:
3198
## @param webdav.service.headless.annotations Annotations for the headless service.
3199
##
3200
annotations: {}
3201
## Network Policies for WebDAV
3202
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3203
##
3204
networkPolicy:
3205
## @param webdav.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for WebDAV
3206
##
3207
enabled: true
3208
## @param webdav.networkPolicy.allowExternal Don't require server label for connections
3209
## The Policy model to apply. When set to false, only pods with the correct
3210
## server label will have network access to the ports server is listening
3211
## on. When true, server will accept connections from any source
3212
## (with the correct destination port).
3213
##
3214
allowExternal: true
3215
## @param webdav.networkPolicy.allowExternalEgress Allow the WebDAV pods to access any range of port and all destinations.
3216
##
3217
allowExternalEgress: true
3218
## @param webdav.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
3219
## e.g:
3220
## extraIngress:
3221
## - ports:
3222
## - port: 1234
3223
## from:
3224
## - podSelector:
3225
## - matchLabels:
3226
## - role: frontend
3227
## - podSelector:
3228
## - matchExpressions:
3229
## - key: role
3230
## operator: In
3231
## values:
3232
## - frontend
3233
extraIngress: []
3234
## @param webdav.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
3235
## e.g:
3236
## extraEgress:
3237
## - ports:
3238
## - port: 1234
3239
## to:
3240
## - podSelector:
3241
## - matchLabels:
3242
## - role: frontend
3243
## - podSelector:
3244
## - matchExpressions:
3245
## - key: role
3246
## operator: In
3247
## values:
3248
## - frontend
3249
##
3250
extraEgress: []
3251
## @param webdav.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
3252
## @param webdav.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
3253
##
3254
ingressNSMatchLabels: {}
3255
ingressNSPodMatchLabels: {}
3256
## WebDAV ingress parameters
3257
## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
3258
##
3259
ingress:
3260
## @param webdav.ingress.enabled Enable ingress record generation for WebDAV
3261
##
3262
enabled: false
3263
## @param webdav.ingress.pathType Ingress path type
3264
##
3265
pathType: ImplementationSpecific
3266
## @param webdav.ingress.apiVersion Force Ingress API version (automatically detected if not set)
3267
##
3268
apiVersion: ""
3269
## @param webdav.ingress.hostname Default host for the ingress record
3270
##
3271
hostname: webdav.seaweedfs.local
3272
## @param webdav.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
3273
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
3274
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
3275
##
3276
ingressClassName: ""
3277
## @param webdav.ingress.path Default path for the ingress record
3278
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
3279
##
3280
path: /
3281
## @param webdav.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
3282
## Use this parameter to set the required annotations for cert-manager, see
3283
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
3284
## e.g:
3285
## annotations:
3286
## kubernetes.io/ingress.class: nginx
3287
## cert-manager.io/cluster-issuer: cluster-issuer-name
3288
##
3289
annotations: {}
3290
## @param webdav.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
3291
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
3292
## You can:
3293
## - Use the `ingress.secrets` parameter to create this TLS secret
3294
## - Rely on cert-manager to create it by setting the corresponding annotations
3295
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
3296
##
3297
tls: false
3298
## @param webdav.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
3299
##
3300
selfSigned: false
3301
## @param webdav.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
3302
## e.g:
3303
## extraHosts:
3304
## - name: webdav.seaweedfs.local
3305
## path: /
3306
##
3307
extraHosts: []
3308
## @param webdav.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
3309
## e.g:
3310
## extraPaths:
3311
## - path: /*
3312
## backend:
3313
## serviceName: ssl-redirect
3314
## servicePort: use-annotation
3315
##
3316
extraPaths: []
3317
## @param webdav.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
3318
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
3319
## e.g:
3320
## extraTls:
3321
## - hosts:
3322
## - webdav.seaweedfs.local
3323
## secretName: webdav.seaweedfs.local-tls
3324
##
3325
extraTls: []
3326
## @param webdav.ingress.secrets Custom TLS certificates as secrets
3327
## NOTE: 'key' and 'certificate' are expected in PEM format
3328
## NOTE: 'name' should line up with a 'secretName' set further up
3329
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
3330
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
3331
## It is also possible to create and manage the certificates outside of this helm chart
3332
## Please see README.md for more information
3333
## e.g:
3334
## secrets:
3335
## - name: webdav.seaweedfs.local-tls
3336
## key: |-
3337
## -----BEGIN RSA PRIVATE KEY-----
3338
## ...
3339
## -----END RSA PRIVATE KEY-----
3340
## certificate: |-
3341
## -----BEGIN CERTIFICATE-----
3342
## ...
3343
## -----END CERTIFICATE-----
3344
##
3345
secrets: []
3346
## @param webdav.ingress.extraRules Additional rules to be covered with this ingress record
3347
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
3348
## e.g:
3349
## extraRules:
3350
## - host: example.local
3351
## http:
3352
## path: /
3353
## backend:
3354
## service:
3355
## name: example-svc
3356
## port:
3357
## name: http
3358
##
3359
extraRules: []
3360
## @section IAM Parameters
3361
##
3362
iam:
3363
## @param iam.enabled Enable IAM deployment
3364
##
3365
enabled: false
3366
## @param iam.replicaCount Number of IAM replicas to deploy
3367
##
3368
replicaCount: 1
3369
## @param iam.containerPorts.http IAM HTTP container port
3370
##
3371
containerPorts:
3372
http: 8111
3373
## Configure extra options for IAM containers' liveness and readiness probes
3374
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
3375
## @param iam.livenessProbe.enabled Enable livenessProbe on IAM containers
3376
## @param iam.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
3377
## @param iam.livenessProbe.periodSeconds Period seconds for livenessProbe
3378
## @param iam.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
3379
## @param iam.livenessProbe.failureThreshold Failure threshold for livenessProbe
3380
## @param iam.livenessProbe.successThreshold Success threshold for livenessProbe
3381
##
3382
livenessProbe:
3383
enabled: true
3384
initialDelaySeconds: 30
3385
timeoutSeconds: 30
3386
periodSeconds: 10
3387
successThreshold: 1
3388
failureThreshold: 6
3389
## @param iam.readinessProbe.enabled Enable readinessProbe on IAM containers
3390
## @param iam.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
3391
## @param iam.readinessProbe.periodSeconds Period seconds for readinessProbe
3392
## @param iam.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
3393
## @param iam.readinessProbe.failureThreshold Failure threshold for readinessProbe
3394
## @param iam.readinessProbe.successThreshold Success threshold for readinessProbe
3395
##
3396
readinessProbe:
3397
enabled: true
3398
initialDelaySeconds: 30
3399
timeoutSeconds: 30
3400
periodSeconds: 10
3401
successThreshold: 1
3402
failureThreshold: 6
3403
## @param iam.startupProbe.enabled Enable startupProbe on IAM containers
3404
## @param iam.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
3405
## @param iam.startupProbe.periodSeconds Period seconds for startupProbe
3406
## @param iam.startupProbe.timeoutSeconds Timeout seconds for startupProbe
3407
## @param iam.startupProbe.failureThreshold Failure threshold for startupProbe
3408
## @param iam.startupProbe.successThreshold Success threshold for startupProbe
3409
##
3410
startupProbe:
3411
enabled: false
3412
initialDelaySeconds: 5
3413
periodSeconds: 5
3414
timeoutSeconds: 1
3415
failureThreshold: 15
3416
successThreshold: 1
3417
## IAM resource requests and limits
3418
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3419
## @param iam.resourcesPreset Set IAM container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if webdav.resources is set (webdav.resources is recommended for production).
3420
##
3421
resourcesPreset: "nano"
3422
## @param iam.resources Set IAM container requests and limits for different resources like CPU or memory (essential for production workloads)
3423
## Example:
3424
## resources:
3425
## requests:
3426
## cpu: 2
3427
## memory: 512Mi
3428
## limits:
3429
## cpu: 3
3430
## memory: 1024Mi
3431
##
3432
resources: {}
3433
## Configure Pods Security Context
3434
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
3435
## @param iam.podSecurityContext.enabled Enable IAM pods' Security Context
3436
## @param iam.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for IAM pods
3437
## @param iam.podSecurityContext.sysctls Set kernel settings using the sysctl interface for IAM pods
3438
## @param iam.podSecurityContext.supplementalGroups Set filesystem extra groups for IAM pods
3439
## @param iam.podSecurityContext.fsGroup Set fsGroup in IAM pods' Security Context
3440
##
3441
podSecurityContext:
3442
enabled: true
3443
fsGroupChangePolicy: Always
3444
sysctls: []
3445
supplementalGroups: []
3446
fsGroup: 1001
3447
## Configure Container Security Context
3448
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
3449
## @param iam.containerSecurityContext.enabled Enabled IAM container' Security Context
3450
## @param iam.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in IAM container
3451
## @param iam.containerSecurityContext.runAsUser Set runAsUser in IAM container' Security Context
3452
## @param iam.containerSecurityContext.runAsGroup Set runAsGroup in IAM container' Security Context
3453
## @param iam.containerSecurityContext.runAsNonRoot Set runAsNonRoot in IAM container' Security Context
3454
## @param iam.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in IAM container' Security Context
3455
## @param iam.containerSecurityContext.privileged Set privileged in IAM container' Security Context
3456
## @param iam.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in IAM container' Security Context
3457
## @param iam.containerSecurityContext.capabilities.drop List of capabilities to be dropped in IAM container
3458
## @param iam.containerSecurityContext.seccompProfile.type Set seccomp profile in IAM container
3459
##
3460
containerSecurityContext:
3461
enabled: true
3462
seLinuxOptions: {}
3463
runAsUser: 1001
3464
runAsGroup: 1001
3465
runAsNonRoot: true
3466
readOnlyRootFilesystem: true
3467
privileged: false
3468
allowPrivilegeEscalation: false
3469
capabilities:
3470
drop: ["ALL"]
3471
seccompProfile:
3472
type: "RuntimeDefault"
3473
## @param iam.logLevel IAM log level (0, 1, 2, 3, or 4)
3474
##
3475
logLevel: 1
3476
## @param iam.command Override default IAM container command (useful when using custom images)
3477
##
3478
command: []
3479
## @param iam.args Override default IAM container args (useful when using custom images)
3480
##
3481
args: []
3482
## @param iam.automountServiceAccountToken Mount Service Account token in IAM pods
3483
##
3484
automountServiceAccountToken: false
3485
## @param iam.hostAliases IAM pods host aliases
3486
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
3487
##
3488
hostAliases: []
3489
## @param iam.statefulsetAnnotations Annotations for IAM statefulset
3490
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3491
##
3492
statefulsetAnnotations: {}
3493
## @param iam.podLabels Extra labels for IAM pods
3494
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
3495
##
3496
podLabels: {}
3497
## @param iam.podAnnotations Annotations for IAM pods
3498
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
3499
##
3500
podAnnotations: {}
3501
## @param iam.podAffinityPreset Pod affinity preset. Ignored if `iam.affinity` is set. Allowed values: `soft` or `hard`
3502
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3503
##
3504
podAffinityPreset: ""
3505
## @param iam.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `iam.affinity` is set. Allowed values: `soft` or `hard`
3506
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
3507
##
3508
podAntiAffinityPreset: soft
3509
## Node iam.affinity preset
3510
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
3511
##
3512
nodeAffinityPreset:
3513
## @param iam.nodeAffinityPreset.type Node affinity preset type. Ignored if `iam.affinity` is set. Allowed values: `soft` or `hard`
3514
##
3515
type: ""
3516
## @param iam.nodeAffinityPreset.key Node label key to match. Ignored if `iam.affinity` is set
3517
##
3518
key: ""
3519
## @param iam.nodeAffinityPreset.values Node label values to match. Ignored if `iam.affinity` is set
3520
## E.g.
3521
## values:
3522
## - e2e-az1
3523
## - e2e-az2
3524
##
3525
values: []
3526
## @param iam.affinity Affinity for IAM pods assignment
3527
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
3528
## NOTE: `iam.podAffinityPreset`, `iam.podAntiAffinityPreset`, and `iam.nodeAffinityPreset` will be ignored when it's set
3529
##
3530
affinity: {}
3531
## @param iam.nodeSelector Node labels for IAM pods assignment
3532
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
3533
##
3534
nodeSelector: {}
3535
## @param iam.tolerations Tolerations for IAM pods assignment
3536
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
3537
##
3538
tolerations: []
3539
## @param iam.updateStrategy.type IAM deployment strategy type
3540
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
3541
##
3542
updateStrategy:
3543
## Can be set to RollingUpdate or Recreate
3544
##
3545
type: RollingUpdate
3546
## @param iam.priorityClassName IAM pods' priorityClassName
3547
##
3548
priorityClassName: ""
3549
## @param iam.topologySpreadConstraints Topology Spread Constraints for IAM pod assignment spread across your cluster among failure-domains
3550
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
3551
##
3552
topologySpreadConstraints: []
3553
## @param iam.schedulerName Name of the k8s scheduler (other than default) for IAM pods
3554
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
3555
##
3556
schedulerName: ""
3557
## @param iam.terminationGracePeriodSeconds Seconds IAM pods need to terminate gracefully
3558
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
3559
##
3560
terminationGracePeriodSeconds: ""
3561
## @param iam.lifecycleHooks for IAM containers to automate configuration before or after startup
3562
##
3563
lifecycleHooks: {}
3564
## @param iam.extraEnvVars Array with extra environment variables to add to IAM containers
3565
## e.g:
3566
## extraEnvVars:
3567
## - name: FOO
3568
## value: "bar"
3569
##
3570
extraEnvVars: []
3571
## @param iam.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for IAM containers
3572
##
3573
extraEnvVarsCM: ""
3574
## @param iam.extraEnvVarsSecret Name of existing Secret containing extra env vars for IAM containers
3575
##
3576
extraEnvVarsSecret: ""
3577
## @param iam.extraVolumes Optionally specify extra list of additional volumes for the IAM pods
3578
##
3579
extraVolumes: []
3580
## @param iam.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the IAM containers
3581
##
3582
extraVolumeMounts: []
3583
## @param iam.sidecars Add additional sidecar containers to the IAM pods
3584
## e.g:
3585
## sidecars:
3586
## - name: your-image-name
3587
## image: your-image
3588
## imagePullPolicy: Always
3589
## ports:
3590
## - name: portname
3591
## containerPort: 1234
3592
##
3593
sidecars: []
3594
## @param iam.initContainers Add additional init containers to the IAM pods
3595
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
3596
## e.g:
3597
## initContainers:
3598
## - name: your-image-name
3599
## image: your-image
3600
## imagePullPolicy: Always
3601
## command: ['sh', '-c', 'echo "hello world"']
3602
##
3603
initContainers: []
3604
## Pod Disruption Budget configuration
3605
## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
3606
## @param iam.pdb.create Enable/disable a Pod Disruption Budget creation
3607
## @param iam.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
3608
## @param iam.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable. Defaults to `1` if both `iam.pdb.minAvailable` and `iam.pdb.maxUnavailable` are empty.
3609
##
3610
pdb:
3611
create: true
3612
minAvailable: ""
3613
maxUnavailable: ""
3614
## @section IAM Traffic Exposure Parameters
3615
##
3616
3617
## IAM service parameters
3618
##
3619
service:
3620
## @param iam.service.type IAM service type
3621
##
3622
type: ClusterIP
3623
## @param iam.service.ports.http IAM service HTTP port (HTTPS if `iam.tls.enabled` is `true`)
3624
##
3625
ports:
3626
http: 8111
3627
## Node ports to expose
3628
## @param iam.service.nodePorts.http Node port for HTTP (HTTPS if `iam.tls.enabled` is `true`)
3629
## NOTE: choose port between <30000-32767>
3630
##
3631
nodePorts:
3632
http: ""
3633
## @param iam.service.clusterIP IAM service Cluster IP
3634
## e.g.:
3635
## clusterIP: None
3636
##
3637
clusterIP: ""
3638
## @param iam.service.loadBalancerIP IAM service Load Balancer IP
3639
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
3640
##
3641
loadBalancerIP: ""
3642
## @param iam.service.loadBalancerSourceRanges IAM service Load Balancer sources
3643
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
3644
## e.g:
3645
## loadBalancerSourceRanges:
3646
## - 10.10.10.0/24
3647
##
3648
loadBalancerSourceRanges: []
3649
## @param iam.service.externalTrafficPolicy IAM service external traffic policy
3650
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
3651
##
3652
externalTrafficPolicy: Cluster
3653
## @param iam.service.annotations Additional custom annotations for IAM service
3654
##
3655
annotations: {}
3656
## @param iam.service.extraPorts Extra ports to expose in IAM service (normally used with the `sidecars` value)
3657
##
3658
extraPorts: []
3659
## @param iam.service.sessionAffinity Control where client requests go, to the same pod or round-robin
3660
## Values: ClientIP or None
3661
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
3662
##
3663
sessionAffinity: None
3664
## @param iam.service.sessionAffinityConfig Additional settings for the sessionAffinity
3665
## sessionAffinityConfig:
3666
## clientIP:
3667
## timeoutSeconds: 300
3668
##
3669
sessionAffinityConfig: {}
3670
## Headless service properties
3671
##
3672
## Network Policies for IAM
3673
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
3674
##
3675
## @section Init Container Parameters
3676
##
3677
3678
## 'volumePermissions' init container parameters
3679
## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
3680
## based on the *podSecurityContext/*containerSecurityContext parameters
3681
##
3682
volumePermissions:
3683
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
3684
##
3685
enabled: false
3686
## OS Shell + Utility image
3687
## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
3688
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
3689
## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
3690
## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
3691
## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
3692
##
3693
image:
3694
registry: cgr.dev
3695
repository: chainguard-private/os-shell-iamguarded
3696
tag: 1.0.0
3697
pullPolicy: IfNotPresent
3698
## Optionally specify an array of imagePullSecrets.
3699
## Secrets must be manually created in the namespace.
3700
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
3701
## e.g:
3702
## pullSecrets:
3703
## - myRegistryKeySecretName
3704
##
3705
pullSecrets: []
3706
## Init container's resource requests and limits
3707
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3708
## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
3709
##
3710
resourcesPreset: "nano"
3711
## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads)
3712
## Example:
3713
## resources:
3714
## requests:
3715
## cpu: 2
3716
## memory: 512Mi
3717
## limits:
3718
## cpu: 3
3719
## memory: 1024Mi
3720
##
3721
resources: {}
3722
## Init container Container Security Context
3723
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
3724
## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context
3725
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container
3726
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
3727
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
3728
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
3729
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
3730
##
3731
containerSecurityContext:
3732
enabled: true
3733
seLinuxOptions: {}
3734
runAsUser: 0
3735
## @section Other Parameters
3736
##
3737
3738
## ServiceAccount configuration
3739
##
3740
serviceAccount:
3741
## @param serviceAccount.create Specifies whether a ServiceAccount should be created
3742
##
3743
create: true
3744
## @param serviceAccount.name The name of the ServiceAccount to use.
3745
## If not set and create is true, a name is generated using the common.names.fullname template
3746
##
3747
name: ""
3748
## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
3749
##
3750
annotations: {}
3751
## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
3752
##
3753
automountServiceAccountToken: false
3754
## @section Database Parameters
3755
##
3756
3757
## MariaDB chart configuration
3758
##
3759
mariadb:
3760
## @param mariadb.enabled Deploy a MariaDB server to satisfy the Filer server database requirements
3761
## To use an external database set this to false and configure the `externalDatabase.*` parameters
3762
##
3763
enabled: true
3764
## Iamguarded MariaDB image
3765
## @param mariadb.image.registry [default: REGISTRY_NAME] MariaDB image registry
3766
## @param mariadb.image.repository [default: REPOSITORY_NAME/mariadb] MariaDB image repository
3767
## @skip mariadb.image.tag MariaDB image tag (immutable tags are recommended)
3768
## @param mariadb.image.digest MariaDB image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
3769
## @param mariadb.image.pullPolicy MariaDB image pull policy
3770
## @param mariadb.image.pullSecrets Specify docker-registry secret names as an array
3771
##
3772
image:
3773
registry: cgr.dev
3774
repository: chainguard-private/mariadb-iamguarded
3775
tag: 12.0.2-debian-12-r0
3776
digest: ""
3777
## Specify a imagePullPolicy
3778
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
3779
##
3780
pullPolicy: IfNotPresent
3781
## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace)
3782
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
3783
## Example:
3784
## pullSecrets:
3785
## - myRegistryKeySecretName
3786
##
3787
pullSecrets: []
3788
## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication`
3789
##
3790
architecture: standalone
3791
## MariaDB Authentication parameters
3792
## @param mariadb.auth.rootPassword MariaDB root password
3793
## @param mariadb.auth.database MariaDB custom database
3794
## @param mariadb.auth.username MariaDB custom user name
3795
## @param mariadb.auth.password MariaDB custom user password
3796
##
3797
auth:
3798
rootPassword: ""
3799
database: iamguarded_seaweedfs
3800
username: bn_seaweedfs
3801
password: ""
3802
## @param mariadb.initdbScripts [object] Specify dictionary of scripts to be run at first boot
3803
##
3804
initdbScripts:
3805
create_table.sql: |
3806
USE iamguarded_seaweedfs;
3807
CREATE TABLE IF NOT EXISTS filemeta (
3808
`dirhash` BIGINT NOT NULL COMMENT 'first 64 bits of MD5 hash value of directory field',
3809
`name` VARCHAR(766) NOT NULL COMMENT 'directory or file name',
3810
`directory` TEXT NOT NULL COMMENT 'full path to parent directory',
3811
`meta` LONGBLOB,
3812
PRIMARY KEY (`dirhash`, `name`)
3813
) DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
3814
## MariaDB Primary configuration
3815
##
3816
primary:
3817
## MariaDB Primary Persistence parameters
3818
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
3819
## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s)
3820
## @param mariadb.primary.persistence.storageClass Persistent Volume storage class
3821
## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes
3822
## @param mariadb.primary.persistence.size Persistent Volume size
3823
##
3824
persistence:
3825
enabled: true
3826
storageClass: ""
3827
accessModes:
3828
- ReadWriteOnce
3829
size: 8Gi
3830
## MariaDB primary container's resource requests and limits
3831
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3832
## We usually recommend not to specify default resources and to leave this as a conscious
3833
## choice for the user. This also increases chances charts run on environments with little
3834
## resources, such as Minikube. If you do want to specify resources, uncomment the following
3835
## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
3836
## @param mariadb.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
3837
##
3838
resourcesPreset: "micro"
3839
## @param mariadb.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3840
## Example:
3841
## resources:
3842
## requests:
3843
## cpu: 2
3844
## memory: 512Mi
3845
## limits:
3846
## cpu: 3
3847
## memory: 1024Mi
3848
##
3849
resources: {}
3850
## PostgresSQL chart configuration
3851
##
3852
postgresql:
3853
## @param postgresql.enabled Deploy a PostgresSQL server to satisfy the Filer server database requirements
3854
## To use an external database set this to false and configure the `externalDatabase.*` parameters
3855
##
3856
enabled: false
3857
## Iamguarded PostgreSQL image version
3858
## @param postgresql.image.registry [default: REGISTRY_NAME] PostgreSQL image registry
3859
## @param postgresql.image.repository [default: REPOSITORY_NAME/postgresql] PostgreSQL image repository
3860
## @skip postgresql.image.tag PostgreSQL image tag (immutable tags are recommended)
3861
## @param postgresql.image.digest PostgreSQL image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
3862
## @param postgresql.image.pullPolicy PostgreSQL image pull policy
3863
## @param postgresql.image.pullSecrets Specify image pull secrets
3864
##
3865
image:
3866
registry: cgr.dev
3867
repository: chainguard-private/postgres-iamguarded
3868
tag: 17.6.0-debian-12-r4
3869
digest: ""
3870
## Specify a imagePullPolicy
3871
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
3872
##
3873
pullPolicy: IfNotPresent
3874
## Optionally specify an array of imagePullSecrets.
3875
## Secrets must be manually created in the namespace.
3876
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
3877
## Example:
3878
## pullSecrets:
3879
## - myRegistryKeySecretName
3880
##
3881
pullSecrets: []
3882
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
3883
##
3884
architecture: standalone
3885
## @param postgresql.auth.postgresPassword Password for the "postgres" admin user. Ignored if `auth.existingSecret` with key `postgres-password` is provided
3886
## @param postgresql.auth.database Name for a custom database to create
3887
## @param postgresql.auth.username Name for a custom user to create
3888
## @param postgresql.auth.password Password for the custom user to create
3889
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
3890
## @param postgresql.auth.secretKeys.userPasswordKey Name of key in existing secret to use for PostgreSQL credentials. Only used when `auth.existingSecret` is set.
3891
auth:
3892
postgresPassword: ""
3893
database: iamguarded_seaweedfs
3894
username: bn_seaweedfs
3895
password: some-password
3896
existingSecret: ""
3897
secretKeys:
3898
userPasswordKey: password
3899
## PostgreSQL Primary configuration
3900
##
3901
primary:
3902
## PostgreSQL Primary resource requests and limits
3903
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
3904
## @param postgresql.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if postgresql.primary.resources is set (postgresql.primary.resources is recommended for production).
3905
##
3906
resourcesPreset: "nano"
3907
## @param postgresql.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
3908
## Example:
3909
## resources:
3910
## requests:
3911
## cpu: 2
3912
## memory: 512Mi
3913
## limits:
3914
## cpu: 3
3915
## memory: 1024Mi
3916
##
3917
resources: {}
3918
## @param postgresql.primary.initdb.scripts [object] Dictionary of initdb scripts
3919
##
3920
initdb:
3921
scripts:
3922
create_table.sql: |
3923
\c iamguarded_seaweedfs;
3924
CREATE TABLE IF NOT EXISTS filemeta (
3925
dirhash BIGINT,
3926
name VARCHAR(65535),
3927
directory VARCHAR(65535),
3928
meta bytea,
3929
PRIMARY KEY (dirhash, name)
3930
);
3931
## PostgreSQL Primary Persistence parameters
3932
## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
3933
## @param postgresql.primary.persistence.enabled Enable PostgreSQL Primary data persistence using PVC(s)
3934
## @param postgresql.primary.persistence.storageClass Persistent Volume storage class
3935
## @param postgresql.primary.persistence.accessModes [array] Persistent Volume access modes
3936
## @param postgresql.primary.persistence.size Persistent Volume size
3937
##
3938
persistence:
3939
enabled: true
3940
storageClass: ""
3941
accessModes:
3942
- ReadWriteOnce
3943
size: 8Gi
3944
## External Database Configuration
3945
## All of these values are only used if `mariadb.enabled=false` and `externalDatabase.enabled=true`.
3946
##
3947
externalDatabase:
3948
## @param externalDatabase.enabled Enable external database support
3949
##
3950
enabled: false
3951
## @param externalDatabase.store Database store (mariadb, postgresql)
3952
##
3953
store: mariadb
3954
## @param externalDatabase.host External Database server host
3955
##
3956
host: localhost
3957
## @param externalDatabase.port External Database server port
3958
##
3959
port: 3306
3960
## @param externalDatabase.user External Database username
3961
##
3962
user: bn_seaweedfs
3963
## @param externalDatabase.password External Database user password
3964
##
3965
password: ""
3966
## @param externalDatabase.database External Database database name
3967
##
3968
database: iamguarded_seaweedfs
3969
## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template
3970
## NOTE: Must contain key `mariadb-password` for mariadb or 'postgres-password' for postgres
3971
## NOTE: When it's set, the `externalDatabase.password` parameter is ignored
3972
##
3973
existingSecret: ""
3974
## @param externalDatabase.waitForDatabaseEnabled Whether to check for external database before starting seaweedfs containers
3975
##
3976
waitForDatabaseEnabled: true
3977
##
3978
## Init external database job
3979
##
3980
initDatabaseJob:
3981
## @param externalDatabase.initDatabaseJob.enabled Enable the init external database job
3982
##
3983
enabled: false
3984
## @param externalDatabase.initDatabaseJob.labels Extra labels for the init external database job
3985
##
3986
labels: {}
3987
## @param externalDatabase.initDatabaseJob.annotations [object] Extra annotations for the init external database job
3988
##
3989
annotations:
3990
helm.sh/hook: post-install
3991
helm.sh/hook-delete-policy: before-hook-creation,hook-succeeded
3992
## @param externalDatabase.initDatabaseJob.backoffLimit Set backoff limit of the init external database job
3993
##
3994
backoffLimit: 10
3995
## Configure Container Security Context
3996
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
3997
## @param externalDatabase.initDatabaseJob.containerSecurityContext.enabled Enabled init external database job containers' Security Context
3998
## @param externalDatabase.initDatabaseJob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
3999
## @param externalDatabase.initDatabaseJob.containerSecurityContext.runAsUser Set init external database job containers' Security Context runAsUser
4000
## @param externalDatabase.initDatabaseJob.containerSecurityContext.runAsGroup Set init external database job containers' Security Context runAsGroup
4001
## @param externalDatabase.initDatabaseJob.containerSecurityContext.runAsNonRoot Set init external database job containers' Security Context runAsNonRoot
4002
## @param externalDatabase.initDatabaseJob.containerSecurityContext.privileged Set init external database job containers' Security Context privileged
4003
## @param externalDatabase.initDatabaseJob.containerSecurityContext.readOnlyRootFilesystem Set init external database job containers' Security Context readOnlyRootFilesystem
4004
## @param externalDatabase.initDatabaseJob.containerSecurityContext.allowPrivilegeEscalation Set init external database job containers' Security Context allowPrivilegeEscalation
4005
## @param externalDatabase.initDatabaseJob.containerSecurityContext.capabilities.drop List of capabilities to be dropped
4006
## @param externalDatabase.initDatabaseJob.containerSecurityContext.seccompProfile.type Set init external database job containers' Security Context seccomp profile
4007
##
4008
containerSecurityContext:
4009
enabled: true
4010
seLinuxOptions: {}
4011
runAsUser: 1001
4012
runAsGroup: 1001
4013
runAsNonRoot: true
4014
privileged: false
4015
readOnlyRootFilesystem: true
4016
allowPrivilegeEscalation: false
4017
capabilities:
4018
drop: ["ALL"]
4019
seccompProfile:
4020
type: "RuntimeDefault"
4021
## Configure Pods Security Context
4022
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
4023
## @param externalDatabase.initDatabaseJob.podSecurityContext.enabled Enabled init external database job pods' Security Context
4024
## @param externalDatabase.initDatabaseJob.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
4025
## @param externalDatabase.initDatabaseJob.podSecurityContext.sysctls Set kernel settings using the sysctl interface
4026
## @param externalDatabase.initDatabaseJob.podSecurityContext.supplementalGroups Set filesystem extra groups
4027
## @param externalDatabase.initDatabaseJob.podSecurityContext.fsGroup Set init external database job pod's Security Context fsGroup
4028
##
4029
podSecurityContext:
4030
enabled: true
4031
fsGroupChangePolicy: Always
4032
sysctls: []
4033
supplementalGroups: []
4034
fsGroup: 1001
4035
## Container resource requests and limits
4036
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
4037
## @param externalDatabase.initDatabaseJob.resourcesPreset Set init external database job container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if externalDatabase.initDatabaseJob.resources is set (externalDatabase.initDatabaseJob.resources is recommended for production).
4038
##
4039
resourcesPreset: "micro"
4040
## @param externalDatabase.initDatabaseJob.resources Set init external database job container requests and limits for different resources like CPU or memory (essential for production workloads)
4041
## Example:
4042
## resources:
4043
## requests:
4044
## cpu: 2
4045
## memory: 512Mi
4046
## limits:
4047
## cpu: 3
4048
## memory: 1024Mi
4049
##
4050
resources: {}
4051
## @param externalDatabase.initDatabaseJob.automountServiceAccountToken Mount Service Account token in external database job pod
4052
##
4053
automountServiceAccountToken: false
4054
The trusted source for open source
Talk to an expertCustomers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.