kubeflow · pschoen-itsc · Oct 24, 2025 · Nov 18, 2025 · Nov 18, 2025
diff --git a/manifests/kustomize/env/platform-agnostic-multi-user/kustomization.yaml b/manifests/kustomize/env/platform-agnostic-multi-user/kustomization.yaml
@@ -9,7 +9,7 @@ resources:
 - ../../third-party/argo/installs/cluster
 - ../../third-party/mysql/base
 - ../../third-party/mysql/options/istio
-- ../../third-party/seaweedfs/istio
+- ../../third-party/seaweedfs/single-pod/istio
 
 
 # !!! If you want to customize the namespace,

diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs/kustomization.yaml
@@ -3,10 +3,6 @@ kind: Kustomization
 namespace: kubeflow
 
 resources:
-- seaweedfs-deployment.yaml
-- seaweedfs-pvc.yaml
-- seaweedfs-networkpolicy.yaml
-- seaweedfs-service.yaml
 - seaweedfs-service-account.yaml
 - minio-service.yaml
 - mlpipeline-minio-artifact-secret.yaml
diff --git a/manifests/kustomize/third-party/seaweedfs/ha/base/filer-statefulset.yaml b/manifests/kustomize/third-party/seaweedfs/ha/base/filer-statefulset.yaml
@@ -0,0 +1,104 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: seaweedfs
+    component: filer
+  name: seaweedfs-filer
+spec:
+  serviceName: seaweedfs-filer
+  replicas: 2
+  podManagementPolicy: Parallel
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+        app: seaweedfs
+        component: filer
+  template:
+    metadata:
+      labels:
+        app: seaweedfs
+        component: filer
+        application-crd-id: kubeflow-pipelines
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: seaweedfs
+                component: filer
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: seaweedfs
+      terminationGracePeriodSeconds: 60
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        fsGroup: 1000
+      containers:
+      - name: seaweedfs-filer
+        env:
+        - name: AWS_ACCESS_KEY_ID
+          valueFrom:
+            secretKeyRef:
+              name: mlpipeline-minio-artifact
+              key: accesskey
+        - name: AWS_SECRET_ACCESS_KEY
+          valueFrom:
+            secretKeyRef:
+              name: mlpipeline-minio-artifact
+              key: secretkey
+        image: 'chrislusf/seaweedfs'
+        args:
+        - 'filer'
+        - '-port=8888'
+        - '-iam'
+        - '-master=seaweedfs-master-0.seaweedfs-master:9333,seaweedfs-master-1.seaweedfs-master:9333,seaweedfs-master-2.seaweedfs-master:9333'
+        volumeMounts:
+          - name: data-filer
+            mountPath: /data
+        ports:
+          - containerPort: 8888
+            name: http-filer
+          - containerPort: 18888
+            name: grpc-filer
+          - containerPort: 8333
+            name: http-s3
+          - containerPort: 8111
+            name: http-iam
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8888
+            scheme: HTTP
+          initialDelaySeconds: 5
+          periodSeconds: 15
+          successThreshold: 1
+          failureThreshold: 100
+          timeoutSeconds: 10
+        resources:
+          requests:
+            cpu: 100m
+            memory: 128Mi
+          limits:
+            memory: 2Gi
+        securityContext: # Using restricted profile
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          # image defaults to root user
+          runAsUser: 1000
+          runAsGroup: 1000
+          capabilities:
+            drop:
+            - ALL
+  volumeClaimTemplates:
+    - metadata:
+        name: data-filer
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
diff --git a/manifests/kustomize/third-party/seaweedfs/ha/base/filer-svc.yaml b/manifests/kustomize/third-party/seaweedfs/ha/base/filer-svc.yaml
@@ -0,0 +1,52 @@
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    service.alpha.kubernetes.io/tolerate-unready-endpoints: "true"
+  labels:
+    app: seaweedfs
+    component: filer
+  name: seaweedfs-filer-intern
+spec:
+  ports:
+  - name: grpc-filer
+    port: 18888
+    protocol: TCP
+    targetPort: 18888
+  - name: http-filer
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
+  publishNotReadyAddresses: true
+  selector:
+    app: seaweedfs
+    component: filer
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: seaweedfs
+    component: filer
+  name: seaweedfs-filer
+spec:
+  ports:
+  - name: http-iam
+    port: 8111
+    protocol: TCP
+    targetPort: 8111
+  - name: http-s3
+    port: 8333
+    protocol: TCP
+    targetPort: 8333
+  - name: grpc-filer
+    port: 18888
+    protocol: TCP
+    targetPort: 18888
+  - name: http-filer
+    port: 8888
+    protocol: TCP
+    targetPort: 8888
+  selector:
+    app: seaweedfs
+    component: filer
diff --git a/manifests/kustomize/third-party/seaweedfs/ha/base/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/ha/base/kustomization.yaml
@@ -0,0 +1,38 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubeflow
+
+resources:
+- ../../base
+- filer-statefulset.yaml
+- filer-svc.yaml
+- master-statefulset.yaml
+- master-svc.yaml
+- s3-gateway-deployment.yaml
+- volume-statefulset.yaml
+- volume-svc.yaml
+
+patches:
+- target:
+    version: v1
+    kind: Job
+    name: init-seaweedfs
+  patch: |-
+    - op: replace
+      path: /spec/template/spec/containers/0/env/1/value
+      value: "seaweedfs-master:9333"
+    - op: add
+      path: /spec/template/spec/containers/0/env/-
+      value: {"name": "WEED_CLUSTER_SW_FILER", "value": "seaweedfs-filer:8888"}
+- target:
+    version: v1
+    kind: Service
+    name: minio-service
+  patch: |-
+    - op: add
+      path: /spec/selector/component
+      value: s3
+
+images:
+- name: chrislusf/seaweedfs
+  newTag: '4.00'
diff --git a/manifests/kustomize/third-party/seaweedfs/ha/base/master-statefulset.yaml b/manifests/kustomize/third-party/seaweedfs/ha/base/master-statefulset.yaml
@@ -0,0 +1,102 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app: seaweedfs
+    component: master
+  name: seaweedfs-master
+spec:
+  serviceName: seaweedfs-master
+  replicas: 3
+  podManagementPolicy: Parallel
+  updateStrategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: seaweedfs
+      component: master
+  template:
+    metadata:
+      labels:
+        app: seaweedfs
+        component: master
+        application-crd-id: kubeflow-pipelines
+    spec:
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                app: seaweedfs
+                component: master
+            topologyKey: kubernetes.io/hostname
+      serviceAccountName: seaweedfs
+      terminationGracePeriodSeconds: 60
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
+        fsGroup: 1000
+      containers:
+      - name: seaweedfs-master
+        image: 'chrislusf/seaweedfs'
+        args:
+        - 'master'
+        - '-mdir=/data'
+        - '-defaultReplication=001'  # replicate data to at least another volume (same "rack" and "datacenter")
+        - '-volumePreallocate=false'
+        - '-ip=$(POD_NAME).seaweedfs-master.$(NAMESPACE)'
+        - '-ip.bind=0.0.0.0'
+        - '-port=9333'
+        - '-peers=seaweedfs-master-0.seaweedfs-master.$(NAMESPACE):9333,seaweedfs-master-1.seaweedfs-master.$(NAMESPACE):9333,seaweedfs-master-2.seaweedfs-master.$(NAMESPACE):9333'
+        volumeMounts:
+          - name : data-master
+            mountPath: /data
+        ports:
+          - containerPort: 9333
+            name: http-master
+          - containerPort: 19333
+            name: grpc-master
+        env:
+        - name: POD_NAME
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.name
+        - name: NAMESPACE
+          valueFrom:
+            fieldRef:
+              fieldPath: metadata.namespace
+        readinessProbe:
+          httpGet:
+            path: /cluster/status
+            port: 9333
+            scheme: HTTP
+          initialDelaySeconds: 15
+          periodSeconds: 15
+          successThreshold: 1
+          failureThreshold: 100
+          timeoutSeconds: 10
+        resources:
+          requests:
+            cpu: 128m
+            memory: 256Mi
+          limits:
+            memory: 256Mi
+        securityContext: # Using restricted profile
+          allowPrivilegeEscalation: false
+          privileged: false
+          runAsNonRoot: true
+          # image defaults to root user
+          runAsUser: 1000
+          runAsGroup: 1000
+          capabilities:
+            drop:
+            - ALL
+  volumeClaimTemplates:
+    - metadata:
+        name: data-master
+      spec:
+        accessModes:
+        - ReadWriteOnce
+        resources:
+          requests:
+            storage: 20Gi
diff --git a/manifests/kustomize/third-party/seaweedfs/ha/base/master-svc.yaml b/manifests/kustomize/third-party/seaweedfs/ha/base/master-svc.yaml
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: seaweedfs
+    component: master
+  name: seaweedfs-master
+spec:
+  publishNotReadyAddresses: true
+  ports:
+  - name: http-master
+    port: 9333
+    protocol: TCP
+    targetPort: 9333
+  - name: grpc-master
+    port: 19333
+    protocol: TCP
+    targetPort: 19333
+  selector:
+    app: seaweedfs
+    component: master