diff --git a/argocd/apps/seaweedfs/.seaweedfs-s3-secrets.yaml.swp b/argocd/apps/seaweedfs/.seaweedfs-s3-secrets.yaml.swp deleted file mode 100644 index ee8f1cf..0000000 Binary files a/argocd/apps/seaweedfs/.seaweedfs-s3-secrets.yaml.swp and /dev/null differ diff --git a/argocd/apps/seaweedfs/seaweedfs.bak b/argocd/apps/seaweedfs/seaweedfs.bak new file mode 100644 index 0000000..8b781f2 --- /dev/null +++ b/argocd/apps/seaweedfs/seaweedfs.bak @@ -0,0 +1,237 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: seaweedfs + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: default + source: + repoURL: 'https://seaweedfs.github.io/seaweedfs/helm' + chart: seaweedfs + targetRevision: 4.*.* + helm: + values: | + # Global Konfiguration + global: + enableSecurity: true + monitoring: + enabled: true + imagePullPolicy: IfNotPresent + + # Master Konfiguration + master: + replicas: 1 + data: + type: "persistentVolumeClaim" + size: "25Gi" + storageClass: "" + logs: + type: "persistentVolumeClaim" + size: "5Gi" + + # Master Service + service: + type: ClusterIP + ports: + http: 9333 + grpc: 19333 + + # Master Ingress + ingress: + enabled: true + className: "traefik" + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: "lets-encrypt" + traefik.ingress.kubernetes.io/router.entrypoints: "websecure" + traefik.ingress.kubernetes.io/router.middlewares: "seaweedfs-cors@kubernetescrd" + hosts: + - host: "seaweed.innovation-hub-niedersachsen.de" + paths: + - path: "/" + pathType: "Prefix" + tls: + - secretName: "seaweed.innovation-hub-niedersachsen.de-tls" + hosts: + - "seaweed.innovation-hub-niedersachsen.de" + + # Volume Server Konfiguration + volume: + replicas: 2 + data: + type: "persistentVolumeClaim" + size: "100Gi" + storageClass: "" + idx: + type: "persistentVolumeClaim" + size: "10Gi" + storageClass: "" + + service: + type: ClusterIP + ports: + http: 8080 + grpc: 18080 + + # Filer Konfiguration + filer: + replicas: 1 # Reduziert für einfachere Installation + data: + type: "persistentVolumeClaim" + size: "25Gi" + storageClass: "" + logs: + type: "persistentVolumeClaim" + size: "5Gi" + + # Filer Service + service: + type: ClusterIP + ports: + http: 8888 + grpc: 18888 + + # Filer Store Konfiguration - LevelDB (empfohlen) + store: + type: "leveldb" + leveldb: + # LevelDB speichert Daten im filer data volume + enabled: true + + # Optional: Filer Ingress (für Web UI) + ingress: + enabled: false + + # S3 Gateway Konfiguration + s3: + enabled: true + replicas: 1 + + # S3 Authentifizierung + enableAuth: true + existingConfigSecret: "admin-s3-secret" + port: 8333 + httpsPort: 0 + + # S3 Service - explizit HTTP + service: + type: ClusterIP + ports: + http: 8333 + + # S3 Args - minimal HTTP setup + args: + - "-port=8333" + - "-filer=seaweedfs-filer-client.seaweedfs:8888" + - "-v=4" + + # Environment Variablen + env: + - name: WEED_S3_PORT + value: "8333" + - name: WEED_S3_HTTPS_PORT + value: "0" + + # S3 Konfiguration + config: + logLevel: 4 + # Explizit HTTP-Port setzen, HTTPS deaktivieren + port: 8333 + httpsPort: 0 + cert: "" + key: "" + + # S3 Ingress + ingress: + enabled: true + className: "traefik" + annotations: + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: "lets-encrypt" + traefik.ingress.kubernetes.io/router.entrypoints: "websecure" + # traefik.ingress.kubernetes.io/router.middlewares: "seaweedfs-cors@kubernetescrd,seaweedfs-stripprefix@kubernetescrd" + # Backend explizit auf HTTP setzen + traefik.ingress.kubernetes.io/service.serversscheme: "http" + traefik.ingress.kubernetes.io/service.port: "8333" + hosts: + - host: "sws3.innovation-hub-niedersachsen.de" + paths: + - path: "/" + pathType: "Prefix" + tls: + - secretName: "sws3.innovation-hub-niedersachsen.de-tls" + hosts: + - "sws3.innovation-hub-niedersachsen.de" + + # WebDAV (optional - standardmäßig deaktiviert) + webdav: + enabled: false + + # Mount (optional - für FUSE Mount) + mount: + enabled: false + + # CORS Konfiguration + cors: + enabled: true + allowedOrigins: + - "*" + allowedMethods: + - "GET" + - "POST" + - "PUT" + - "DELETE" + - "HEAD" + - "OPTIONS" + allowedHeaders: + - "*" + + # Resource Limits (optional) + resources: + master: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + volume: + limits: + cpu: 1000m + memory: 1Gi + requests: + cpu: 200m + memory: 256Mi + filer: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + s3: + limits: + cpu: 500m + memory: 512Mi + requests: + cpu: 100m + memory: 128Mi + + # Node Affinity (optional) + nodeSelector: {} + tolerations: [] + affinity: {} + + destination: + server: 'https://kubernetes.default.svc' + namespace: seaweedfs + syncPolicy: + managedNamespaceMetadata: + labels: + pod-security.kubernetes.io/enforce: "privileged" + automated: + selfHeal: true + prune: true + syncOptions: + - CreateNamespace=true \ No newline at end of file diff --git a/argocd/apps/seaweedfs/seaweedfs.yaml b/argocd/apps/seaweedfs/seaweedfs.yaml index 8b781f2..37e6053 100644 --- a/argocd/apps/seaweedfs/seaweedfs.yaml +++ b/argocd/apps/seaweedfs/seaweedfs.yaml @@ -13,215 +13,133 @@ spec: helm: values: | # Global Konfiguration - global: - enableSecurity: true - monitoring: - enabled: true - imagePullPolicy: IfNotPresent +global: + imagePullPolicy: IfNotPresent + enableSecurity: true + monitoring: + enabled: true - # Master Konfiguration - master: - replicas: 1 - data: - type: "persistentVolumeClaim" - size: "25Gi" - storageClass: "" - logs: - type: "persistentVolumeClaim" - size: "5Gi" - - # Master Service - service: - type: ClusterIP - ports: - http: 9333 - grpc: 19333 - - # Master Ingress - ingress: - enabled: true - className: "traefik" - annotations: - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: "lets-encrypt" - traefik.ingress.kubernetes.io/router.entrypoints: "websecure" - traefik.ingress.kubernetes.io/router.middlewares: "seaweedfs-cors@kubernetescrd" - hosts: - - host: "seaweed.innovation-hub-niedersachsen.de" - paths: - - path: "/" - pathType: "Prefix" - tls: - - secretName: "seaweed.innovation-hub-niedersachsen.de-tls" - hosts: - - "seaweed.innovation-hub-niedersachsen.de" +master: + enabled: true + replicas: 1 + data: + type: "persistentVolumeClaim" + size: "25Gi" + storageClass: "" + logs: + type: "persistentVolumeClaim" + size: „5Gi" + storageClass: "" - # Volume Server Konfiguration - volume: - replicas: 2 - data: - type: "persistentVolumeClaim" - size: "100Gi" - storageClass: "" - idx: - type: "persistentVolumeClaim" - size: "10Gi" - storageClass: "" - - service: - type: ClusterIP - ports: - http: 8080 - grpc: 18080 + ingress: + enabled: true + className: "traefik" + # host: false for "*" hostname + host: "seaweed.innovation-hub-niedersachsen.de" + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/router.entrypoints: "websecure" + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: "lets-encrypt" + + tls: + - secretName: "seaweed.innovation-hub-niedersachsen.de-tls" + hosts: + - "seaweed.innovation-hub-niedersachsen.de" - # Filer Konfiguration - filer: - replicas: 1 # Reduziert für einfachere Installation - data: - type: "persistentVolumeClaim" - size: "25Gi" - storageClass: "" - logs: - type: "persistentVolumeClaim" - size: "5Gi" - - # Filer Service - service: - type: ClusterIP - ports: - http: 8888 - grpc: 18888 - - # Filer Store Konfiguration - LevelDB (empfohlen) - store: - type: "leveldb" - leveldb: - # LevelDB speichert Daten im filer data volume - enabled: true - - # Optional: Filer Ingress (für Web UI) - ingress: - enabled: false +volume: + enabled: true + replicas: 1 + dataDirs: + - name: data + type: "persistentVolumeClaim" + storageClass: "" + size: "100Gi" + idx: + type: "persistentVolumeClaim" + size: "10Gi" + storageClass: "" - # S3 Gateway Konfiguration - s3: - enabled: true - replicas: 1 - - # S3 Authentifizierung - enableAuth: true - existingConfigSecret: "admin-s3-secret" - port: 8333 - httpsPort: 0 - - # S3 Service - explizit HTTP - service: - type: ClusterIP - ports: - http: 8333 - - # S3 Args - minimal HTTP setup - args: - - "-port=8333" - - "-filer=seaweedfs-filer-client.seaweedfs:8888" - - "-v=4" - - # Environment Variablen - env: - - name: WEED_S3_PORT - value: "8333" - - name: WEED_S3_HTTPS_PORT - value: "0" - - # S3 Konfiguration - config: - logLevel: 4 - # Explizit HTTP-Port setzen, HTTPS deaktivieren - port: 8333 - httpsPort: 0 - cert: "" - key: "" - - # S3 Ingress - ingress: - enabled: true - className: "traefik" - annotations: - traefik.ingress.kubernetes.io/router.tls: "true" - cert-manager.io/cluster-issuer: "lets-encrypt" - traefik.ingress.kubernetes.io/router.entrypoints: "websecure" - # traefik.ingress.kubernetes.io/router.middlewares: "seaweedfs-cors@kubernetescrd,seaweedfs-stripprefix@kubernetescrd" - # Backend explizit auf HTTP setzen - traefik.ingress.kubernetes.io/service.serversscheme: "http" - traefik.ingress.kubernetes.io/service.port: "8333" - hosts: - - host: "sws3.innovation-hub-niedersachsen.de" - paths: - - path: "/" - pathType: "Prefix" - tls: - - secretName: "sws3.innovation-hub-niedersachsen.de-tls" - hosts: - - "sws3.innovation-hub-niedersachsen.de" +filer: + enabled: true + data: + type: "persistentVolumeClaim" + size: "25Gi" + storageClass: "" + logs: + type: "persistentVolumeClaim" + size: "5Gi" + storageClass: "" - # WebDAV (optional - standardmäßig deaktiviert) - webdav: - enabled: false +# ingress: +# enabled: true +# className: "traefik" +# host: "sws3.innovation-hub-niedersachsen.de" +# annotations: +# kubernetes.io/ingress.class: "traefik" +# traefik.ingress.kubernetes.io/router.entrypoints: "websecure" +# traefik.ingress.kubernetes.io/router.tls: "true" +# cert-manager.io/cluster-issuer: "lets-encrypt" +# tls: +# - secretName: "sws3.innovation-hub-niedersachsen.de-tls" +# hosts: +# - "sws3.innovation-hub-niedersachsen.de" +# s3: +# enabled: true +# port: 8333 +# httpsPort: 0 +# allowEmptyFolder: false +# # Suffix of the host name, {bucket}.{domainName} +# domainName: "" +# # enable user & permission to s3 (need to inject to all services) +# enableAuth: true +# # set to the name of an existing kubernetes Secret with the s3 json config file +# # should have a secret key called seaweedfs_s3_config with an inline json configure +# existingConfigSecret: "admin-s3-secret" - # Mount (optional - für FUSE Mount) - mount: - enabled: false +s3: + enabled: true + imageOverride: null + restartPolicy: null + replicas: 1 + bindAddress: 0.0.0.0 + port: 8333 + # add additional https port + httpsPort: 0 + metricsPort: 9327 + loggingOverrideLevel: null + # allow empty folders + allowEmptyFolder: true + # enable user & permission to s3 (need to inject to all services) + enableAuth: true + # set to the name of an existing kubernetes Secret with the s3 json config file + # should have a secret key called seaweedfs_s3_config with an inline json config + existingConfigSecret: "admin-s3-secret" + auditLogConfig: {} - # CORS Konfiguration - cors: - enabled: true - allowedOrigins: - - "*" - allowedMethods: - - "GET" - - "POST" - - "PUT" - - "DELETE" - - "HEAD" - - "OPTIONS" - allowedHeaders: - - "*" + ingress: + enabled: true + className: "traefik" + host: "sws3.innovation-hub-niedersachsen.de" + # additional ingress annotations for the s3 endpoint + annotations: + kubernetes.io/ingress.class: "traefik" + traefik.ingress.kubernetes.io/router.entrypoints: "websecure" + traefik.ingress.kubernetes.io/router.tls: "true" + cert-manager.io/cluster-issuer: "lets-encrypt" + tls: + - secretName: "sws3.innovation-hub-niedersachsen.de-tls" + hosts: + - "sws3.innovation-hub-niedersachsen.de" - # Resource Limits (optional) - resources: - master: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - volume: - limits: - cpu: 1000m - memory: 1Gi - requests: - cpu: 200m - memory: 256Mi - filer: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - s3: - limits: - cpu: 500m - memory: 512Mi - requests: - cpu: 100m - memory: 128Mi - - # Node Affinity (optional) - nodeSelector: {} - tolerations: [] - affinity: {} + # Resource management + resources: + limits: + cpu: "2" + memory: "2Gi" + requests: + cpu: "500m" + memory: "1Gi" destination: server: 'https://kubernetes.default.svc'