diff --git a/manifests/kustomize/env/platform-agnostic/kustomization.yaml b/manifests/kustomize/env/platform-agnostic/kustomization.yaml index b1efdbcdc2d..858af411319 100644 --- a/manifests/kustomize/env/platform-agnostic/kustomization.yaml +++ b/manifests/kustomize/env/platform-agnostic/kustomization.yaml @@ -5,7 +5,7 @@ resources: - ../../base/installs/generic - ../../base/metadata/base - ../../third-party/argo/installs/namespace - - ../../third-party/minio/base + - ../../third-party/seaweedfs/base - ../../third-party/mysql/base # Identifier for application manager to apply ownerReference. diff --git a/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml new file mode 100644 index 00000000000..0bfd6b79f48 --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +resources: +- seaweedfs-deployment.yaml +- seaweedfs-pvc.yaml +- seaweedfs-service.yaml +- seaweedfs-config.yaml diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml new file mode 100644 index 00000000000..23747996b4f --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml @@ -0,0 +1,28 @@ +kind: Secret +apiVersion: v1 +metadata: + name: seaweedfs-config +stringData: + config.json: >- + { + "identities": [ + { + "name": "admin", + "credentials": [ + { + "accessKey": "admin_access_key", + "secretKey": "admin_secret_key" + } + ], + "actions": [ + "Admin", + "Read", + "ReadAcp", + "List", + "Tagging", + "Write", + "WriteAcp" + ] + } + ] + } diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml new file mode 100644 index 00000000000..866cd795a2b --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: seaweedfs + labels: + app: seaweedfs +spec: + selector: + matchLabels: + app: seaweedfs + strategy: + type: Recreate + template: + metadata: + labels: + app: seaweedfs + spec: + containers: + - name: seaweedfs + image: 'chrislusf/seaweedfs:3.69' + args: + - 'server' + - '-dir=/data' + - '-s3' + - '-s3.config=/etc/seaweedfs/config.json' + ports: + - containerPort: 8333 + volumeMounts: + - mountPath: /etc/seaweedfs/ + name: config + - mountPath: /data + name: data + resources: + # Benchmark this, just taken from minio + requests: + cpu: 20m + memory: 100Mi + volumes: + - name: config + secret: + secretName: seaweedfs-config + - name: data + persistentVolumeClaim: + claimName: seaweedfs-pvc diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml new file mode 100644 index 00000000000..ee7a894ea81 --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: seaweedfs-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml new file mode 100644 index 00000000000..c4b917b0201 --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml @@ -0,0 +1,13 @@ +# Create new service or use minio-service (keep name and change target port / selector)? +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 8333 + selector: + app: seaweedfs diff --git a/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml b/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml new file mode 100644 index 00000000000..0c19a145de5 --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml @@ -0,0 +1,30 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: seaweedfs-service +spec: + action: ALLOW + selector: + matchLabels: + app: seaweedfs + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + # Allow traffic from User Pipeline Pods, which don't have a sidecar. + - {} +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-seaweedfs +spec: + host: seaweedfs-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL diff --git a/manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml new file mode 100644 index 00000000000..1d6a254367d --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +resources: +- istio-authorization-policy.yaml \ No newline at end of file