Upd seaweedfs

[kvaps]

Summary by CodeRabbit

• New Features

  • Introduced S3-compatible domain name configuration for SeaweedFS.
  • Added support for secure HTTPS connections in S3 service.
  • New s3 and cosi configuration sections with enhanced parameters.

• Updates

  • Updated application and chart versions for SeaweedFS.
  • Improved health check paths for various components.

• Documentation

  • Enhanced comments in configuration files for clarity and guidance.

[coderabbitai]

Walkthrough

The changes introduce several enhancements to the SeaweedFS Helm chart, including a new filer configuration section for S3 compatibility in seaweedfs.yaml, updates to the application version in Chart.yaml, and the addition of new container ports for S3 services in filer-statefulset.yaml and s3-deployment.yaml. The values.yaml file sees significant updates, including new environment variables, S3 configuration options, and the introduction of a cosi section. Health check paths are standardized across configurations, improving consistency.

Changes

File Path	Change Summary
packages/extra/seaweedfs/templates/seaweedfs.yaml	Added filer configuration with s3 subsection and domainName field. Retained existing s3 configuration with default host value.
packages/system/seaweedfs/charts/seaweedfs/Chart.yaml	Updated appVersion from "3.71" to "3.74" and version from "4.0.0" to "4.0.376".
packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml	Added new container ports for S3 service (swfs-s3, swfs-s3-tls) and updated readiness/liveness probes.
packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml	Added new HTTPS container port and standardized metrics port name. Updated readiness and liveness probes and adjusted formatting for clarity.
packages/system/seaweedfs/charts/seaweedfs/values.yaml	Enhanced documentation with comments, updated health check paths from /status to /healthz, and made minor adjustments to various components.
packages/system/seaweedfs/values.yaml	Introduced new environment variables, S3 configuration, a new cosi section, and a certificates section. Updated existing configurations while adding comments for clarity.

Poem

In the fields where data flows,
SeaweedFS now brightly glows.
With S3 ports and health checks fine,
Our storage grows, a wondrous design!
New configs dance, like rabbits play,
Enhancing paths for a brighter day! 🐇✨

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 0

🧹 Outside diff range and nitpick comments (9)

packages/extra/seaweedfs/templates/seaweedfs.yaml (2)

42-44: LGTM! Consider adding a comment for clarity.

The new filer configuration for S3 domain name is well-implemented and enhances the chart's flexibility. The template expression correctly uses .Values.host if provided, falling back to a constructed domain using the $host variable.

Consider adding a brief comment explaining the purpose of this configuration, e.g.:

filer:
  s3:
    # Configure the S3-compatible domain name for the filer
    domainName: {{ .Values.host | default (printf "s3.%s" $host) }}

---

Line range hint 1-60: Overall, the changes enhance S3 compatibility and maintain consistency.

The modifications to this Helm chart template improve the SeaweedFS deployment by:

1. Adding a new filer.s3.domainName configuration for better S3 compatibility.
2. Maintaining consistency between the new filer configuration and the existing s3 configuration.
3. Utilizing Helm templating effectively to allow for flexible domain configuration.

These changes enhance the chart's ability to support S3 operations while keeping the configuration adaptable to different deployment scenarios.

As the SeaweedFS deployment grows more complex, consider splitting this file into separate templates for each major component (volume, filer, s3, cosi) to improve maintainability and readability of the Helm chart.

🧰 Tools

🪛 yamllint

[error] 45-45: trailing spaces

(trailing-spaces)

packages/system/seaweedfs/values.yaml (4)

Line range hint 1-7: LGTM! Consider using template variables for service names.

The addition of WEED_CLUSTER_SW_MASTER and WEED_CLUSTER_SW_FILER environment variables is a good practice for service discovery.

Consider using Helm template variables for the service names to make the configuration more flexible:

WEED_CLUSTER_SW_MASTER: "{{ include "seaweedfs.fullname" . }}-master:9333"
WEED_CLUSTER_SW_FILER: "{{ include "seaweedfs.fullname" . }}-filer-client:8888"

This way, if the release name changes, these values will automatically update.

---

Line range hint 39-67: Consider moving the SQL statement to a separate ConfigMap.

The addition of PostgreSQL configuration is good, but including the CREATE TABLE SQL statement as an environment variable might not be the best practice.

Consider moving the SQL statement to a separate ConfigMap:

1. Create a new ConfigMap:

apiVersion: v1
kind: ConfigMap
metadata:
  name: seaweedfs-postgres-init
data:
  init.sql: |
    CREATE TABLE IF NOT EXISTS "%s" (
      dirhash   BIGINT,
      name      VARCHAR(65535),
      directory VARCHAR(65535),
      meta      bytea,
      PRIMARY KEY (dirhash, name)
    );

2. Mount this ConfigMap as a volume in the filer pod.

3. Update the environment variable to reference the file:

WEED_POSTGRES2_CREATETABLE: /path/to/mounted/init.sql

This approach separates configuration from code and makes it easier to manage and update the SQL schema.

The use of secrets for sensitive PostgreSQL information is a good security practice. Well done!

---

Line range hint 115-121: LGTM! Consider using variables for certificate parameters.

The addition of the certificates section is excellent for security. The configuration looks good overall:

• Key size of 2048 bits is currently sufficient, but consider using 4096 bits for future-proofing.
• 90-day duration with a 15-day renewal period provides a good balance of security and maintenance.

Consider using Helm variables for some of these values to make them easily configurable:

certificates:
  commonName: {{ .Values.certificates.commonName | default "SeaweedFS CA" }}
  ipAddresses: {{ .Values.certificates.ipAddresses | default list }}
  keyAlgorithm: {{ .Values.certificates.keyAlgorithm | default "RSA" }}
  keySize: {{ .Values.certificates.keySize | default 2048 }}
  duration: {{ .Values.certificates.duration | default "2160h" }}  # 90d
  renewBefore: {{ .Values.certificates.renewBefore | default "360h" }}  # 15d

This approach allows users to easily customize these values when installing or upgrading the Helm chart.

---

Verify COSI Sidecar Image Stability

The COSI configuration is correctly enabled and the driver name is properly set. However, the sidecar image ghcr.io/kvaps/test:cosi-provisioner-sidecar-25 appears to be a custom or test image. It's recommended to:

• Use a stable, officially released version of the sidecar image to ensure reliability and security in production environments.
• Confirm that the current sidecar image tag (25) is appropriate and does not pose any risks related to stability or maintainability.

Ensure that these changes align with your production standards to maintain a robust and secure object storage setup.

🔗 Analysis chain

Line range hint 103-113: Verify COSI sidecar image and consider using a stable version.

The addition of COSI support is a good step towards standardizing object storage in Kubernetes. However, there are a few points to consider:

1. The sidecar image ghcr.io/kvaps/test:cosi-provisioner-sidecar-25 seems to be a custom or test image. Ensure this is the correct and up-to-date image for production use.

2. Consider using a stable, tagged version of the sidecar image instead of a potentially mutable tag like 25.

3. Verify that the driverName and bucketClassName are consistent with your COSI setup.

Run the following script to verify the COSI configuration:

This script will help ensure consistency in COSI configuration across your codebase and highlight any potential issues with the sidecar image configuration.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify COSI configuration

# Test: Check for COSI enabled configuration
echo "Checking COSI enabled configuration:"
rg --type yaml 'cosi:.*\n.*enabled: true'

# Test: Check for COSI driver name
echo "Checking COSI driver name:"
rg --type yaml 'driverName: "seaweedfs.objectstorage.k8s.io"'

# Test: Check for COSI sidecar image
echo "Checking COSI sidecar image:"
rg --type yaml 'image: "ghcr.io/kvaps/test:cosi-provisioner-sidecar-25"'

Length of output: 876

---

Script:

#!/bin/bash
# Description: Verify COSI configuration with corrected multiline regex

# Test: Check for COSI enabled configuration with multiline support
echo "Checking COSI enabled configuration:"
rg --type yaml -U 'cosi:\s*\n\s*enabled:\s*true' packages/system/seaweedfs/values.yaml

# Test: Check for COSI driver name
echo "Checking COSI driver name:"
rg --type yaml 'driverName: "seaweedfs.objectstorage.k8s.io"' packages/system/seaweedfs/values.yaml

# Test: Check for COSI sidecar image
echo "Checking COSI sidecar image:"
rg --type yaml 'image: "ghcr.io/kvaps/test:cosi-provisioner-sidecar-25"' packages/system/seaweedfs/values.yaml

Length of output: 653

packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml (2)

Line range hint 187-196: LGTM: Readiness probe is well-implemented.

The addition of the readiness probe is a good practice for Kubernetes deployments. It's correctly implemented with:

• Conditional enabling
• Configurable HTTP path and port
• Adjustable timing parameters

This will help ensure that traffic is only routed to pods that are ready to handle requests.

Consider adding a comment explaining the purpose of the readiness probe and the significance of its parameters for easier maintenance.

---

Line range hint 197-206: LGTM: Liveness probe is well-implemented.

The addition of the liveness probe is another good practice for Kubernetes deployments. It's correctly implemented with:

• Conditional enabling
• Configurable HTTP path and port
• Adjustable timing parameters

This will help Kubernetes determine when to restart a pod if the application becomes unresponsive.

For consistency with the readiness probe suggestion, consider adding a comment explaining the purpose of the liveness probe and the significance of its parameters.

To reduce duplication, you might want to consider creating a helper template for probe configuration, as the readiness and liveness probes share very similar structures.

packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml (1)

252-259: LGTM! S3 compatibility ports added correctly.

The addition of S3 compatibility ports is implemented correctly and consistently. The conditional statements ensure that the ports are only added when S3 is enabled, which is a good practice.

Consider adding a comment above this section to improve readability, e.g.:

# S3 compatibility ports

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL

📥 Commits

Files that changed from the base of the PR and between cbadfef and 4589c2f.

📒 Files selected for processing (6)

• packages/extra/seaweedfs/templates/seaweedfs.yaml (1 hunks)
• packages/system/seaweedfs/charts/seaweedfs/Chart.yaml (1 hunks)
• packages/system/seaweedfs/charts/seaweedfs/templates/filer-statefulset.yaml (1 hunks)
• packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml (1 hunks)
• packages/system/seaweedfs/charts/seaweedfs/values.yaml (4 hunks)
• packages/system/seaweedfs/values.yaml (1 hunks)

✅ Files skipped from review due to trivial changes (1)

• packages/system/seaweedfs/charts/seaweedfs/Chart.yaml

🧰 Additional context used

🔇 Additional comments (7)

packages/extra/seaweedfs/templates/seaweedfs.yaml (1)

Line range hint 46-60: Consistent configuration between filer and s3 sections.

The s3 configuration maintains consistency with the newly added filer.s3.domainName. Both sections use the same template expression for the host/domain:

{{ .Values.host | default (printf "s3.%s" $host) }}

This ensures that the filer and s3 components use the same domain configuration, which is a good practice for maintaining consistency across the SeaweedFS deployment.

🧰 Tools

🪛 yamllint

[error] 45-45: trailing spaces

(trailing-spaces)

packages/system/seaweedfs/values.yaml (1)

Line range hint 69-101: Review S3 configuration and uncomment allowEmptyFolder if needed.

The S3 configuration looks good overall. A few points to consider:

1. The allowEmptyFolder option is commented out. Determine if this option is needed for your use case and uncomment if necessary.

2. The seaweedfs.filer.s3.enableAuth is set to false, while seaweedfs.s3.enableAuth is set to true. Ensure this is the intended configuration.

3. The ingress configuration looks comprehensive, including TLS setup, which is good for security.

To verify the S3 configuration across the codebase, run the following script:

This script will help ensure consistency in S3 configuration across your codebase.

packages/system/seaweedfs/charts/seaweedfs/templates/s3-deployment.yaml (2)

178-181: LGTM: Container ports configuration looks good.

The changes in the container ports section are well-implemented:

1. The new HTTPS port is correctly added with proper conditional logic.
2. The metrics port name formatting is improved for consistency.

These modifications enhance the deployment's capabilities and maintain good practices in Kubernetes configuration.

Also applies to: 184-184

---

Line range hint 1-280: Overall, the changes to the S3 deployment configuration are well-implemented and valuable.

The modifications in this file enhance the SeaweedFS S3 component's deployment in several ways:

1. Added support for HTTPS, improving security options.
2. Improved consistency in port naming.
3. Implemented readiness and liveness probes, enhancing the deployment's reliability and self-healing capabilities.

These changes align well with Kubernetes best practices and should improve the overall robustness of the SeaweedFS deployment.

To ensure these changes don't introduce any conflicts or issues, please run the following verification script:

This script will help verify that the S3 service is properly exposed, the probes are correctly configured, and HTTPS is set up when enabled.

packages/system/seaweedfs/charts/seaweedfs/values.yaml (3)

103-111: Improved documentation for master logs storage options.

The added comments provide clear explanations of the available storage options for master logs, including examples of using persistentVolumeClaim with annotations. This improvement in documentation will help users better understand and configure their SeaweedFS deployment.

---

547-555: Improved documentation for filer logs storage options.

The added comments provide clear explanations of the available storage options for filer logs, including examples of using persistentVolumeClaim with annotations. This improvement in documentation is consistent with the changes made in the master section and will help users better understand and configure their SeaweedFS deployment.

---

462-462: Health check path updated for volume server.

The health check path for both liveness and readiness probes has been changed from /status to /healthz. This change aligns with common Kubernetes practices and potentially standardizes health check endpoints across components.

Please ensure that the /healthz endpoint is properly implemented in the volume server and provides the expected health check functionality. You can verify this by checking the SeaweedFS documentation or codebase.

Also applies to: 475-475

[themoriarti]

LGTM