feat(deployment) Replace minio with seaweedfs as object store

manifests/kustomize/env/platform-agnostic/kustomization.yaml

@@ -5,7 +5,7 @@ resources:
   - ../../base/installs/generic
   - ../../base/metadata/base
   - ../../third-party/argo/installs/namespace
-  - ../../third-party/minio/base
+  - ../../third-party/seaweedfs/base
   - ../../third-party/mysql/base
 
 # Identifier for application manager to apply ownerReference.

manifests/kustomize/third-party/seaweedfs/base/kustomization.yaml

@@ -0,0 +1,9 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubeflow
+
+resources:
+- seaweedfs-deployment.yaml
+- seaweedfs-pvc.yaml
+- seaweedfs-service.yaml
+- seaweedfs-config.yaml

manifests/kustomize/third-party/seaweedfs/base/seaweedfs-config.yaml

@@ -0,0 +1,28 @@
+kind: Secret
+apiVersion: v1
+metadata:
+  name: seaweedfs-config
+stringData:
+  config.json: >-
+    {
+      "identities": [
+        {
+          "name": "admin",
+          "credentials": [
+            {
+              "accessKey": "admin_access_key",
+              "secretKey": "admin_secret_key"
+            }
+          ],
+          "actions": [
+            "Admin",
+            "Read",
+            "ReadAcp",
+            "List",
+            "Tagging",
+            "Write",
+            "WriteAcp"
+          ]
+        }
+      ]
+    }

manifests/kustomize/third-party/seaweedfs/base/seaweedfs-deployment.yaml

@@ -0,0 +1,44 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: seaweedfs
+  labels:
+    app: seaweedfs
+spec:
+  selector:
+    matchLabels:
+      app: seaweedfs
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: seaweedfs
+    spec:
+      containers:
+      - name: seaweedfs
+        image: 'chrislusf/seaweedfs:3.69'
+        args:
+        - 'server'
+        - '-dir=/data'
+        - '-s3'
+        - '-s3.config=/etc/seaweedfs/config.json'
+        ports:
+        - containerPort: 8333
+        volumeMounts:
+        - mountPath: /etc/seaweedfs/
+          name: config
+        - mountPath: /data
+          name: data
+        resources:
+          # Benchmark this, just taken from minio
+          requests:
+            cpu: 20m
+            memory: 100Mi
+      volumes:
+      - name: config
+        secret:
+          secretName: seaweedfs-config
+      - name: data
+        persistentVolumeClaim:
+          claimName: seaweedfs-pvc

manifests/kustomize/third-party/seaweedfs/base/seaweedfs-pvc.yaml

@@ -0,0 +1,10 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: seaweedfs-pvc
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 20Gi

manifests/kustomize/third-party/seaweedfs/base/seaweedfs-service.yaml

@@ -0,0 +1,13 @@
+# Create new service or use minio-service (keep name and change target port / selector)?
+apiVersion: v1
+kind: Service
+metadata:
+  name: minio-service
+spec:
+  ports:
+  - name: http
+    port: 9000
+    protocol: TCP
+    targetPort: 8333
+  selector:
+    app: seaweedfs

manifests/kustomize/third-party/seaweedfs/options/istio/istio-authorization-policy.yaml

@@ -0,0 +1,30 @@
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: seaweedfs-service
+spec:
+  action: ALLOW
+  selector:
+    matchLabels:
+      app: seaweedfs
+  rules:
+  - from:
+    - source:
+        principals:
+        - cluster.local/ns/kubeflow/sa/ml-pipeline
+  - from:
+    - source:
+        principals:
+        - cluster.local/ns/kubeflow/sa/ml-pipeline-ui
+  # Allow traffic from User Pipeline Pods, which don't have a sidecar.
+  - {}
+---
+apiVersion: "networking.istio.io/v1alpha3"
+kind: DestinationRule
+metadata:
+  name: ml-pipeline-seaweedfs
+spec:
+  host: seaweedfs-service.kubeflow.svc.cluster.local
+  trafficPolicy:
+    tls:
+      mode: ISTIO_MUTUAL

manifests/kustomize/third-party/seaweedfs/options/istio/kustomization.yaml

@@ -0,0 +1,6 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+namespace: kubeflow
+
+resources:
+- istio-authorization-policy.yaml