From c20baef2044761d3b724fec8fc459b5a1fd0bfab Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Thu, 11 Jul 2024 15:07:47 +0200 Subject: [PATCH 1/2] Keep minio-service for seaweedfs store --- .../env/platform-agnostic/kustomization.yaml | 2 +- .../seaweedfs/base/kustomization.yaml | 9 ++++ .../seaweedfs/base/seaweedfs-config.yaml | 28 ++++++++++++ .../seaweedfs/base/seaweedfs-deployment.yaml | 44 +++++++++++++++++++ .../seaweedfs/base/seaweedfs-pvc.yaml | 10 +++++ .../seaweedfs/base/seaweedfs-service.yaml | 13 ++++++ .../istio/istio-authorization-policy.yaml | 30 +++++++++++++ .../options/istio/kustomization.yaml | 6 +++ 8 files changed, 141 insertions(+), 1 deletion(-) create mode 100644 manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml create mode 100644 manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml create mode 100644 manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml create mode 100644 manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml create mode 100644 manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml create mode 100644 manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml create mode 100644 manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml diff --git a/manifests/kustomize/env/platform-agnostic/kustomization.yaml b/manifests/kustomize/env/platform-agnostic/kustomization.yaml index b1efdbcdc2d..858af411319 100644 --- a/manifests/kustomize/env/platform-agnostic/kustomization.yaml +++ b/manifests/kustomize/env/platform-agnostic/kustomization.yaml @@ -5,7 +5,7 @@ resources: - ../../base/installs/generic - ../../base/metadata/base - ../../third-party/argo/installs/namespace - - ../../third-party/minio/base + - ../../third-party/seaweedfs/base - ../../third-party/mysql/base # Identifier for application manager to apply ownerReference. diff --git a/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml new file mode 100644 index 00000000000..2d6893c48ec --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml @@ -0,0 +1,9 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +resources: +- seaweedfs-deployment.yaml +- seaweedfs-pvc.yaml +- seaweedfs-service.yaml +- seaweedfs-config.yaml \ No newline at end of file diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml new file mode 100644 index 00000000000..d8fdb01fd2d --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml @@ -0,0 +1,28 @@ +kind: Secret +apiVersion: v1 +metadata: + name: seaweedfs-config +stringData: + config.json: >- + { + "identities": [ + { + "name": "admin", + "credentials": [ + { + "accessKey": "admin_access_key", + "secretKey": "admin_secret_key" + } + ], + "actions": [ + "Admin", + "Read", + "ReadAcp", + "List", + "Tagging", + "Write", + "WriteAcp" + ] + } + ] + } \ No newline at end of file diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml new file mode 100644 index 00000000000..866cd795a2b --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml @@ -0,0 +1,44 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: seaweedfs + labels: + app: seaweedfs +spec: + selector: + matchLabels: + app: seaweedfs + strategy: + type: Recreate + template: + metadata: + labels: + app: seaweedfs + spec: + containers: + - name: seaweedfs + image: 'chrislusf/seaweedfs:3.69' + args: + - 'server' + - '-dir=/data' + - '-s3' + - '-s3.config=/etc/seaweedfs/config.json' + ports: + - containerPort: 8333 + volumeMounts: + - mountPath: /etc/seaweedfs/ + name: config + - mountPath: /data + name: data + resources: + # Benchmark this, just taken from minio + requests: + cpu: 20m + memory: 100Mi + volumes: + - name: config + secret: + secretName: seaweedfs-config + - name: data + persistentVolumeClaim: + claimName: seaweedfs-pvc diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml new file mode 100644 index 00000000000..522c9f77bdd --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: seaweedfs-pvc +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 20Gi \ No newline at end of file diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml new file mode 100644 index 00000000000..c4b917b0201 --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml @@ -0,0 +1,13 @@ +# Create new service or use minio-service (keep name and change target port / selector)? +apiVersion: v1 +kind: Service +metadata: + name: minio-service +spec: + ports: + - name: http + port: 9000 + protocol: TCP + targetPort: 8333 + selector: + app: seaweedfs diff --git a/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml b/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml new file mode 100644 index 00000000000..32b885603fe --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml @@ -0,0 +1,30 @@ +apiVersion: security.istio.io/v1beta1 +kind: AuthorizationPolicy +metadata: + name: seaweedfs-service +spec: + action: ALLOW + selector: + matchLabels: + app: seaweedfs + rules: + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline + - from: + - source: + principals: + - cluster.local/ns/kubeflow/sa/ml-pipeline-ui + # Allow traffic from User Pipeline Pods, which don't have a sidecar. + - {} +--- +apiVersion: "networking.istio.io/v1alpha3" +kind: DestinationRule +metadata: + name: ml-pipeline-seaweedfs +spec: + host: seaweedfs-service.kubeflow.svc.cluster.local + trafficPolicy: + tls: + mode: ISTIO_MUTUAL \ No newline at end of file diff --git a/manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml new file mode 100644 index 00000000000..1d6a254367d --- /dev/null +++ b/manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml @@ -0,0 +1,6 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +namespace: kubeflow + +resources: +- istio-authorization-policy.yaml \ No newline at end of file From af854ab9f7d424f7fc484a8770676b090477a9f3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20Sch=C3=B6nthaler?= Date: Thu, 11 Jul 2024 15:37:37 +0200 Subject: [PATCH 2/2] Add newlines to end of files --- .../kustomize/third-party/seaweedfs/base/kustomization.yaml | 2 +- .../kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml | 2 +- .../kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml | 2 +- .../seaweedfs/options/istio/istio-authorization-policy.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml b/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml index 2d6893c48ec..0bfd6b79f48 100644 --- a/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml +++ b/manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml @@ -6,4 +6,4 @@ resources: - seaweedfs-deployment.yaml - seaweedfs-pvc.yaml - seaweedfs-service.yaml -- seaweedfs-config.yaml \ No newline at end of file +- seaweedfs-config.yaml diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml index d8fdb01fd2d..23747996b4f 100644 --- a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml @@ -25,4 +25,4 @@ stringData: ] } ] - } \ No newline at end of file + } diff --git a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml index 522c9f77bdd..ee7a894ea81 100644 --- a/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml +++ b/manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml @@ -7,4 +7,4 @@ spec: - ReadWriteOnce resources: requests: - storage: 20Gi \ No newline at end of file + storage: 20Gi diff --git a/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml b/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml index 32b885603fe..0c19a145de5 100644 --- a/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml +++ b/manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml @@ -27,4 +27,4 @@ spec: host: seaweedfs-service.kubeflow.svc.cluster.local trafficPolicy: tls: - mode: ISTIO_MUTUAL \ No newline at end of file + mode: ISTIO_MUTUAL