diff --git a/argocd/apps/seaweedfs/seaweedfs.yaml b/argocd/apps/seaweedfs/seaweedfs.yaml index e435518..0d45d4f 100644 --- a/argocd/apps/seaweedfs/seaweedfs.yaml +++ b/argocd/apps/seaweedfs/seaweedfs.yaml @@ -1,144 +1,149 @@ -#apiVersion: argoproj.io/v1alpha1 -#kind: Application -#metadata: -# name: seaweedfs -# finalizers: -# - resources-finalizer.argocd.argoproj.io -#spec: -# project: default -# source: -# repoURL: 'https://seaweedfs.github.io/seaweedfs/helm' -# chart: seaweedfs -# targetRevision: 4.*.* -# helm: -# valueFiles: -# - values.yaml -# values: | -# # Global Konfiguration -# global: -# imagePullPolicy: IfNotPresent -# enableSecurity: true -# jwtSecretName: seaweedfs-jwt -# monitoring: -# enabled: true -# -# master: -# enabled: true -# replicas: 1 -# data: -# type: "persistentVolumeClaim" -# size: "25Gi" -# storageClass: "" -# logs: -# type: "persistentVolumeClaim" -# size: "5Gi" -# storageClass: "" -# -# ingress: -# enabled: false -# # className: "traefik" -# # host: "seaweed.innovation-hub-niedersachsen.de" -# # annotations: -# # kubernetes.io/ingress.class: "traefik" -# # traefik.ingress.kubernetes.io/router.entrypoints: "websecure" -# # traefik.ingress.kubernetes.io/router.tls: "true" -# # cert-manager.io/cluster-issuer: "lets-encrypt" -# # traefik.ingress.kubernetes.io/headers.customRequestHeaders: | -# # X-Forwarded-Proto = https -# # traefik.ingress.kubernetes.io/headers.customResponseHeaders: | -# # Access-Control-Allow-Origin: "*" -# # Access-Control-Allow-Methods: "GET, OPTIONS, PUT, POST, DELETE" -# # Access-Control-Allow-Headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" -# # Access-Control-Expose-Headers: "Content-Length,Content-Range" -# # Referrer-Policy: no-referrer-when-downgrade -# # hosts: -# # - host: "seaweed.innovation-hub-niedersachsen.de" -# # tls: -# # - secretName: "seaweed.innovation-hub-niedersachsen.de-tls" -# # hosts: -# # - "seaweed.innovation-hub-niedersachsen.de" -# -# volume: -# enabled: true -# replicas: 1 -# dataDirs: -# - name: data -# type: "persistentVolumeClaim" -# storageClass: "" -# size: "100Gi" -# idx: -# type: "persistentVolumeClaim" -# size: "10Gi" -# storageClass: "" -# max: 100 -# -# filer: -# enabled: true -# data: -# type: "persistentVolumeClaim" -# size: "25Gi" -# storageClass: "" -# logs: -# type: "persistentVolumeClaim" -# size: "5Gi" -# storageClass: "" -# -# s3: -# enabled: true -# replicas: 1 -# bindAddress: 0.0.0.0 -# port: 8333 -# # add additional https port -# httpsPort: 8433 -# metricsPort: 9327 -# loggingOverrideLevel: null -# # allow empty folders -# allowEmptyFolder: true -# enableAuth: "true" -# existingConfigSecret: "admin-s3-secret" -# -# ingress: -# enabled: true -# className: "traefik" -# host: "sws3.innovation-hub-niedersachsen.de" -# # additional ingress annotations for the s3 endpoint -# annotations: -# kubernetes.io/ingress.class: "traefik" -# traefik.ingress.kubernetes.io/router.entrypoints: "websecure" -# traefik.ingress.kubernetes.io/router.tls: "true" -# cert-manager.io/cluster-issuer: "lets-encrypt" -# traefik.ingress.kubernetes.io/headers.customRequestHeaders: | -# X-Forwarded-Proto = https -# traefik.ingress.kubernetes.io/headers.customResponseHeaders: | -# Access-Control-Allow-Origin: "*" -# Access-Control-Allow-Methods: "GET, OPTIONS, PUT, POST, DELETE" -# Access-Control-Allow-Headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" -# Access-Control-Expose-Headers: "Content-Length,Content-Range" -# Referrer-Policy: no-referrer-when-downgrade -# hosts: -# - host: "sws3.innovation-hub-niedersachsen.de" -# tls: -# - secretName: "sws3.innovation-hub-niedersachsen.de-tls" -# hosts: -# - "sws3.innovation-hub-niedersachsen.de" -# # Resource management -# resources: -# limits: -# cpu: "2" -# memory: "2Gi" -# requests: -# cpu: "500m" -# memory: "1Gi" -# -# destination: -# server: 'https://kubernetes.default.svc' -# namespace: seaweedfs -# syncPolicy: -# managedNamespaceMetadata: -# labels: -# pod-security.kubernetes.io/enforce: "privileged" -# automated: -# selfHeal: true -# prune: true -# syncOptions: -# - CreateNamespace=true +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: seaweedfs + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: 'https://seaweedfs.github.io/seaweedfs/helm' + chart: seaweedfs + targetRevision: 4.*.* + helm: + valueFiles: + - values.yaml + values: | + # Global Konfiguration + global: + imagePullPolicy: IfNotPresent + enableSecurity: true + jwtSecretName: seaweedfs-jwt + monitoring: + enabled: true + + master: + enabled: true + replicas: 1 + data: + type: "persistentVolumeClaim" + size: "25Gi" + storageClass: "" + logs: + type: "persistentVolumeClaim" + size: "5Gi" + storageClass: "" + + ingress: + enabled: false + # className: "traefik" + # host: "seaweed.innovation-hub-niedersachsen.de" + # annotations: + # kubernetes.io/ingress.class: "traefik" + # traefik.ingress.kubernetes.io/router.entrypoints: "websecure" + # traefik.ingress.kubernetes.io/router.tls: "true" + # cert-manager.io/cluster-issuer: "lets-encrypt" + # traefik.ingress.kubernetes.io/headers.customRequestHeaders: | + # X-Forwarded-Proto = https + # traefik.ingress.kubernetes.io/headers.customResponseHeaders: | + # Access-Control-Allow-Origin: "*" + # Access-Control-Allow-Methods: "GET, OPTIONS, PUT, POST, DELETE" + # Access-Control-Allow-Headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" + # Access-Control-Expose-Headers: "Content-Length,Content-Range" + # Referrer-Policy: no-referrer-when-downgrade + # hosts: + # - host: "seaweed.innovation-hub-niedersachsen.de" + # tls: + # - secretName: "seaweed.innovation-hub-niedersachsen.de-tls" + # hosts: + # - "seaweed.innovation-hub-niedersachsen.de" + + volume: + enabled: true + replicas: 1 + dataDirs: + - name: data + type: "persistentVolumeClaim" + storageClass: "" + size: "100Gi" + idx: + type: "persistentVolumeClaim" + size: "10Gi" + storageClass: "" + max: 100 + + filer: + enabled: true + redirectOnRead: false + enablePVC: true + storage: 30Gi + storageClass: "" + data: + type: "hostPath" + size: "25Gi" + storageClass: "" + hostPathPrefix: /storage + logs: + type: "hostPath" + size: "5Gi" + storageClass: "" + hostPathPrefix: /storage + ingress: + enabled: true + className: "traefik" + host: "sws3.innovation-hub-niedersachsen.de" + # additional ingress annotations for the s3 endpoint + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/router.entrypoints: "websecure" + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: "lets-encrypt" + traefik.ingress.kubernetes.io/headers.customRequestHeaders: | + X-Forwarded-Proto = https + traefik.ingress.kubernetes.io/headers.customResponseHeaders: | + Access-Control-Allow-Origin: "*" + Access-Control-Allow-Methods: "GET, OPTIONS, PUT, POST, DELETE" + Access-Control-Allow-Headers: "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range" + Access-Control-Expose-Headers: "Content-Length,Content-Range" + Referrer-Policy: no-referrer-when-downgrade + hosts: + - host: "sws3.innovation-hub-niedersachsen.de" + tls: + - secretName: "sws3.innovation-hub-niedersachsen.de-tls" + hosts: + - "sws3.innovation-hub-niedersachsen.de" + s3: + enabled: true + replicas: 1 + bindAddress: 0.0.0.0 + port: 8333 + # add additional https port + httpsPort: 8433 + metricsPort: 9327 + loggingOverrideLevel: null + # allow empty folders + allowEmptyFolder: true + enableAuth: "true" + existingConfigSecret: "admin-s3-secret" + + # Resource management + resources: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi" + + destination: + server: 'https://kubernetes.default.svc' + namespace: seaweedfs + syncPolicy: + managedNamespaceMetadata: + labels: + pod-security.kubernetes.io/enforce: "privileged" + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true