Add ha overlay for seaweedfs

Signed-off-by: Patrick Schönthaler <[email protected]>

Author: pschoen-itsc

manifests/kustomize/third-party/seaweedfs/base/seaweedfs/kustomization.yaml

@@ -3,11 +3,7 @@ kind: Kustomization
 namespace: kubeflow
 
 resources:
-- seaweedfs-deployment.yaml
-- seaweedfs-pvc.yaml
-- seaweedfs-networkpolicy.yaml
 - seaweedfs-create-admin-user-job.yaml
-- seaweedfs-service.yaml
 - seaweedfs-service-account.yaml
 - minio-service.yaml
 - mlpipeline-minio-artifact-secret.yaml

manifests/kustomize/third-party/seaweedfs/base/seaweedfs/seaweedfs-create-admin-user-job.yaml

@@ -13,7 +13,7 @@ spec:
       restartPolicy: OnFailure
       containers:
       - name: init-seaweedfs
-        image: 'chrislusf/seaweedfs:3.85'
+        image: 'chrislusf/seaweedfs:3.92'
         env:
         - name: WEED_CLUSTER_DEFAULT
           value: "sw"
@@ -44,7 +44,7 @@ spec:
             echo "Service at $url failed to become ready within 5 minutes"
             exit 1
           }
-          wait_for_service "http://minio-service.kubeflow:9000/status"
+          wait_for_service "http://minio-service:9000/status"
           echo "Creating S3 bucket..."
           echo "s3.bucket.create --name mlpipeline" | /usr/bin/weed shell > /dev/null 2>&1
           if [ $? -eq 0 ]; then
@@ -64,14 +64,17 @@ spec:
             echo "Failed to configure S3 credentials"
             exit 1
           fi
-        securityContext:  # Using restricted profile
-          allowPrivilegeEscalation: false
-          privileged: false
-          runAsNonRoot: true
+        ports:
+          - containerPort: 9333
+            name: http-master
+          - containerPort: 19333
+        #securityContext:  # Using restricted profile
+          #allowPrivilegeEscalation: false
+          #privileged: false
+          #runAsNonRoot: true
           # image defaults to root user
-          runAsUser: 1001
-          runAsGroup: 1001
-          capabilities:
-            drop:
-            - ALL
+          #runAsUser: 1001
+          #runAsGroup: 1001
+          ## drop:
+            #- ALL
       serviceAccountName: seaweedfs

manifests/kustomize/third-party/seaweedfs/ha/base/filer-statefulset.yaml

@@ -0,0 +1,91 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: seaweedfs
+    component: filer
+  name: seaweedfs-filer
+spec:
+  serviceName: seaweedfs-filer
+  replicas: 2
+  podManagementPolicy: Parallel
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+        app: seaweedfs
+        component: filer
+  template:
+    metadata:
+      labels:
+        app: seaweedfs
+        component: filer
+        application-crd-id: kubeflow-pipelines
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: seaweedfs
+                component: filer
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: seaweedfs
+      terminationGracePeriodSeconds: 60
+      securityContext:
+        fsGroup: 1001
+      containers:
+      - name: seaweedfs-filer
+        image: 'chrislusf/seaweedfs:3.92'
+        args:
+        - 'filer'
+        - '-port=8888'
+        - '-iam'
+        - '-master=seaweedfs-master-0.seaweedfs-master:9333,seaweedfs-master-1.seaweedfs-master:9333,seaweedfs-master-2.seaweedfs-master:9333'
+        volumeMounts:
+          - name: data-filer
+            mountPath: /data
+        ports:
+          - containerPort: 8888
+            name: http-filer
+          - containerPort: 18888
+            name: grpc-filer
+          - containerPort: 8333
+            name: http-s3
+          - containerPort: 8111
+            name: http-iam
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8888
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 15
+          successThreshold: 1
+          failureThreshold: 100
+          timeoutSeconds: 10
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            memory: 2Gi
+        securityContext: # Using restricted profile
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          # image defaults to root user
+          runAsUser: 1001
+          runAsGroup: 1001
+          capabilities:
+            drop:
+            - ALL
+  volumeClaimTemplates:
+    - metadata:
+        name: data-filer
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 25Gi

manifests/kustomize/third-party/seaweedfs/ha/base/filer-svc.yaml

@@ -0,0 +1,53 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  labels:
+    app: seaweedfs
+    component: filer
+  name: seaweedfs-filer-intern
+spec:
+  ports:
+  - name: grpc-filer
+    port: 18888
+    protocol: TCP
+    targetPort: 18888
+  - name: http-filer
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
+  publishNotReadyAddresses: true
+  selector:
+    app: seaweedfs
+    component: filer
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: seaweedfs
+    component: filer
+  name: seaweedfs-filer
+  namespace: kubeflow
+spec:
+  ports:
+  - name: http-iam
+    port: 8111
+    protocol: TCP
+    targetPort: 8111
+  - name: http-s3
+    port: 8333
+    protocol: TCP
+    targetPort: 8333
+  - name: grpc-filer
+    port: 18888
+    protocol: TCP
+    targetPort: 18888
+  - name: http-filer
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
+  selector:
+    app: seaweedfs
+    component: filer

manifests/kustomize/third-party/seaweedfs/ha/base/kustomization.yaml

@@ -0,0 +1,34 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubeflow
+
+resources:
+- ../../base
+- filer-statefulset.yaml
+- filer-svc.yaml
+- master-statefulset.yaml
+- master-svc.yaml
+- s3-gateway-deployment.yaml
+- volume-statefulset.yaml
+- volume-svc.yaml
+
+patches:
+- target:
+    version: v1
+    kind: Job
+    name: init-seaweedfs
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/env/1/value
+      value: "seaweedfs-master:9333"
+    - op: add
+      path: /spec/template/spec/containers/0/env/-
+      value: {"name": "WEED_CLUSTER_SW_FILER", "value": "seaweedfs-filer:8888"}
+- target:
+    version: v1
+    kind: Service
+    name: minio-service
+  patch: |-
+    - op: add
+      path: /spec/selector/component
+      value: s3

manifests/kustomize/third-party/seaweedfs/ha/base/master-statefulset.yaml

@@ -0,0 +1,100 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: seaweedfs
+    component: master
+  name: seaweedfs-master
+spec:
+  serviceName: seaweedfs-master
+  replicas: 3
+  podManagementPolicy: Parallel
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: seaweedfs
+      component: master
+  template:
+    metadata:
+      labels:
+        app: seaweedfs
+        component: master
+        application-crd-id: kubeflow-pipelines
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: seaweedfs
+                component: master
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: seaweedfs
+      terminationGracePeriodSeconds: 60
+      securityContext:
+        fsGroup: 1001
+      containers:
+      - name: seaweedfs-master
+        image: 'chrislusf/seaweedfs:3.92'
+        args:
+        - 'master'
+        - '-mdir=/data'
+        - '-defaultReplication=001'
+        - '-volumePreallocate=false'
+        - '-ip=$(POD_NAME).seaweedfs-master.$(NAMESPACE)'
+        - '-ip.bind=0.0.0.0'
+        - '-port=9333'
+        - '-peers=seaweedfs-master-0.seaweedfs-master.$(NAMESPACE):9333,seaweedfs-master-1.seaweedfs-master.$(NAMESPACE):9333,seaweedfs-master-2.seaweedfs-master.$(NAMESPACE):9333'
+        volumeMounts:
+          - name : data-master
+            mountPath: /data
+        ports:
+          - containerPort: 9333
+            name: http-master
+          - containerPort: 19333
+            name: grpc-master
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        readinessProbe:
+          httpGet:
+            path: /cluster/status
+            port: 9333
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 15
+          successThreshold: 1
+          failureThreshold: 100
+          timeoutSeconds: 10
+        resources:
+          requests:
+            cpu: 128m
+            memory: 256Mi
+          limits:
+            memory: 256Mi
+        securityContext: # Using restricted profile
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          # image defaults to root user
+          runAsUser: 1001
+          runAsGroup: 1001
+          capabilities:
+            drop:
+            - ALL
+  volumeClaimTemplates:
+    - metadata:
+        name: data-master
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi

manifests/kustomize/third-party/seaweedfs/ha/base/master-svc.yaml

@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: seaweedfs
+    component: master
+  name: seaweedfs-master
+spec:
+  publishNotReadyAddresses: true
+  ports:
+  - name: http-master
+    port: 9333
+    protocol: TCP
+    targetPort: 9333
+  - name: grpc-master
+    port: 19333
+    protocol: TCP
+    targetPort: 19333
+  selector:
+    app: seaweedfs
+    component: master