From e8621666f2f153a10f9fd389b708e1a27dc74270 Mon Sep 17 00:00:00 2001
From: titver968 <vermesan@hotmail.com>
Date: Fri, 13 Jun 2025 13:14:12 +0200
Subject: [PATCH] seaweed with caddy

---
 argocd/apps/seaweedfs/seaweedfs.yaml | 99 ++++++++++++++++++----------
 1 file changed, 64 insertions(+), 35 deletions(-)

diff --git a/argocd/apps/seaweedfs/seaweedfs.yaml b/argocd/apps/seaweedfs/seaweedfs.yaml
index 03120c5..1bc104e 100644
--- a/argocd/apps/seaweedfs/seaweedfs.yaml
+++ b/argocd/apps/seaweedfs/seaweedfs.yaml
@@ -12,6 +12,47 @@ spec:
     targetRevision: 4.*.*
     chart: seaweedfs
     helm:
+      values: |
+        s3:
+          enabled: true
+          auth:
+            enabled: true
+            adminAccessKeyId: "wjpKrmaqXra99rX3D61H"
+            adminSecretAccessKey: "fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u"
+          extraContainers:
+            - name: caddy
+              image: caddy:2
+              ports:
+                - containerPort: 443
+                  name: https
+              volumeMounts:
+                - name: caddy-config
+                  mountPath: /etc/caddy/Caddyfile
+                  subPath: Caddyfile
+                - name: caddy-certs
+                  mountPath: /certs
+          extraVolumes:
+            - name: caddy-config
+              configMap:
+                name: caddy-config
+            - name: caddy-certs
+              secret:
+                secretName: sws3.innovation-hub-niedersachsen.de-tls
+          service:
+            ports:
+              s3:
+                port: 8333
+                targetPort: 8333
+              https:
+                port: 443
+                targetPort: 443
+        master.ingress.enabled: true
+        master.ingress.hostname: seaweed.innovation-hub-niedersachsen.de
+        master.ingress.tls: true
+        master.ingress.annotations.kubernetes\.io/ingress\.class: traefik
+        master.ingress.annotations.traefik\.ingress\.kubernetes\.io/router\.tls: "true"
+        master.ingress.annotations.cert-manager\.io/cluster-issuer: lets-encrypt
+        master.ingress.annotations.traefik\.ingress\.kubernetes\.io/router\.entrypoints: websecure
       parameters:
         - name: master.ingress.enabled
           value: 'true'
@@ -30,43 +71,31 @@ spec:
           value: 'seaweed.innovation-hub-niedersachsen.de-tls'
         - name: master.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints
           value: websecure
-        - name: s3.enabled
-          value: 'true'
-#        - name: s3.extraArgs[0]
-#          value: "-s3.signature.version=v4"
-#        - name: s3.extraEnvVars[0].name
-#          value: S3_SIGNATURE_VERSION
-#        - name: s3.extraEnvVars[0].value
-#          value: "v4"    
-        - name: s3.auth.enabled
-          value: 'true'
-        - name: s3.auth.adminAccessKeyId
-          value: 'wjpKrmaqXra99rX3D61H'
-        - name: s3.auth.adminSecretAccessKey
-          value: 'fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u'
-        - name: s3.ingress.enabled
-          value: 'true'
-        - name: s3.ingress.hostname
-          value: 'sws3.innovation-hub-niedersachsen.de'  
-        - name: s3.ingress.tls
-          value: 'true'  
-        - name: s3.ingress.annotations.kubernetes\.io\/ingress\.class  
-          value: traefik
-        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
-          value: 'true'
-          forceString: true
-        - name: s3.ingress.annotations.cert-manager\.io\/cluster-issuer
-          value: 'lets-encrypt'  
-        - name: s3.ingress.annotations.ingress\.secrets
-          value: 'sws3.innovation-hub-niedersachsen.de-tls'  
-        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints
-          value: websecure  
-#        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints\.web\.forwardedHeaders\.insecure 
-#          value: "true"
-#        - name: s3.ingress.annotations\.traefik\.ingress\.kubernetes\.io\/router\.entrypoints\.websecure\.forwardedHeaders\.insecure 
+#        - name: s3.enabled
 #          value: 'true'
-#        - name: s3.ingress.annotations.traefik.ingress.kubernetes.io/router.entrypoints.websecure.forwardedHeaders.insecure
+#        - name: s3.auth.enabled
 #          value: 'true'
+#        - name: s3.auth.adminAccessKeyId
+#          value: 'wjpKrmaqXra99rX3D61H'
+#        - name: s3.auth.adminSecretAccessKey
+#          value: 'fTPi0u0FR6Lv9Y9IKydWv6WM0EA5XrsK008HCt9u'
+#        - name: s3.ingress.enabled
+#          value: 'true'
+#        - name: s3.ingress.hostname
+#          value: 'sws3.innovation-hub-niedersachsen.de'  
+#        - name: s3.ingress.tls
+#          value: 'true'  
+#        - name: s3.ingress.annotations.kubernetes\.io\/ingress\.class  
+#          value: traefik
+#        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
+#          value: 'true'
+#          forceString: true
+#        - name: s3.ingress.annotations.cert-manager\.io\/cluster-issuer
+#          value: 'lets-encrypt'  
+#        - name: s3.ingress.annotations.ingress\.secrets
+#          value: 'sws3.innovation-hub-niedersachsen.de-tls'  
+#        - name: s3.ingress.annotations.traefik\.ingress\.kubernetes\.io\/router\.entrypoints
+#          value: websecure  
         - name: mariadb.auth.rootPassword
           value: 'InnoHubSEAWEEDFS_2024!'
         - name: mariadb.auth.username