diff --git a/charts/flyte-devbox/Chart.lock b/charts/flyte-devbox/Chart.lock index 1de7e11ef7..fd766af02a 100644 --- a/charts/flyte-devbox/Chart.lock +++ b/charts/flyte-devbox/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: knative-serving repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ version: 1.18.3 -digest: sha256:6efe6bec03f8b60469f0a4d8c3a985d0c61a9a7ccdbf6a4c6608bd41b17ced8b -generated: "2026-04-23T12:14:59.242727-07:00" +- name: rustfs + repository: https://rustfs.github.io/helm + version: 0.0.94 +digest: sha256:7352f39ebf63c47326f8499ac0fa002e874094bccb74155b6d7adb460851936a +generated: "2026-04-28T23:16:06.37398-05:00" diff --git a/charts/flyte-devbox/Chart.yaml b/charts/flyte-devbox/Chart.yaml index 777885d74b..a6f88efbe8 100644 --- a/charts/flyte-devbox/Chart.yaml +++ b/charts/flyte-devbox/Chart.yaml @@ -36,3 +36,6 @@ dependencies: version: 1.18.3 repository: https://deeploy-knative-serving-charts.storage.googleapis.com/ condition: knative-serving.enabled + - name: rustfs + version: 0.0.94 + repository: https://rustfs.github.io/helm diff --git a/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml b/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml deleted file mode 100644 index 058f41c815..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/deployment.yaml +++ /dev/null @@ -1,85 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: apps/v1 -kind: Deployment -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - selector: - matchLabels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - strategy: - type: Recreate - template: - metadata: - labels: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} - spec: - initContainers: - - name: volume-permissions - image: busybox:latest - imagePullPolicy: IfNotPresent - command: - - /bin/sh - - -ec - - | - chown -R 10001:10001 /data - mkdir -p /data/flyte-data - chown 10001:10001 /data/flyte-data - securityContext: - runAsUser: 0 - volumeMounts: - - mountPath: /data - name: data - containers: - - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never - env: - - name: RUSTFS_ADDRESS - value: "0.0.0.0:9000" - - name: RUSTFS_VOLUMES - value: "/data" - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: access-key - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - name: rustfs - key: secret-key - ports: - - containerPort: 9000 - name: rustfs-api - protocol: TCP - livenessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 10 - periodSeconds: 10 - failureThreshold: 5 - readinessProbe: - tcpSocket: - port: rustfs-api - initialDelaySeconds: 5 - periodSeconds: 5 - failureThreshold: 5 - securityContext: - runAsUser: 10001 - runAsNonRoot: true - volumeMounts: - - mountPath: /data - name: data - securityContext: - fsGroup: 10001 - volumes: - - name: data - persistentVolumeClaim: - claimName: {{ include "flyte-devbox.persistence.rustfsVolumeName" . }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml b/charts/flyte-devbox/templates/storage/rustfs/pv.yaml index 3eb5000768..fc873d2e63 100644 --- a/charts/flyte-devbox/templates/storage/rustfs/pv.yaml +++ b/charts/flyte-devbox/templates/storage/rustfs/pv.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rustfs.enabled }} +{{- if .Values.rustfs }} apiVersion: v1 kind: PersistentVolume metadata: diff --git a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml b/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml index 500bb73273..9ec912c308 100644 --- a/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml +++ b/charts/flyte-devbox/templates/storage/rustfs/pvc.yaml @@ -1,4 +1,4 @@ -{{- if .Values.rustfs.enabled }} +{{- if .Values.rustfs }} apiVersion: v1 kind: PersistentVolumeClaim metadata: diff --git a/charts/flyte-devbox/templates/storage/rustfs/secret.yaml b/charts/flyte-devbox/templates/storage/rustfs/secret.yaml deleted file mode 100644 index 3766e0236f..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/secret.yaml +++ /dev/null @@ -1,13 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Secret -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -type: Opaque -data: - access-key: {{ .Values.rustfs.accessKey | b64enc | quote }} - secret-key: {{ .Values.rustfs.secretKey | b64enc | quote }} -{{- end }} diff --git a/charts/flyte-devbox/templates/storage/rustfs/service.yaml b/charts/flyte-devbox/templates/storage/rustfs/service.yaml deleted file mode 100644 index 2b4e80798c..0000000000 --- a/charts/flyte-devbox/templates/storage/rustfs/service.yaml +++ /dev/null @@ -1,19 +0,0 @@ -{{- if .Values.rustfs.enabled }} -apiVersion: v1 -kind: Service -metadata: - name: rustfs - namespace: {{ .Release.Namespace | quote }} - labels: - {{- include "flyte-devbox.labels" . | nindent 4 }} -spec: - type: NodePort - ports: - - name: rustfs-api - nodePort: 30002 - port: 9000 - targetPort: rustfs-api - selector: - app.kubernetes.io/name: rustfs - app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} diff --git a/charts/flyte-devbox/values.yaml b/charts/flyte-devbox/values.yaml index facceaa80c..efc0e97817 100644 --- a/charts/flyte-devbox/values.yaml +++ b/charts/flyte-devbox/values.yaml @@ -33,7 +33,7 @@ flyte-binary: s3: disableSSL: true v2Signing: true - endpoint: http://rustfs.{{ .Release.Namespace }}:9000 + endpoint: http://rustfs-svc.{{ .Release.Namespace }}:9000 authType: accesskey accessKey: rustfs secretKey: rustfsstorage @@ -58,7 +58,7 @@ flyte-binary: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.{{ .Release.Namespace }}:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc.{{ .Release.Namespace }}:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: 'flyte-binary-http.{{ .Release.Namespace }}:8090' @@ -133,10 +133,30 @@ flyte-binary: - '*' verbs: - '*' +# RustFS chart configuration. rustfs: - enabled: true - accessKey: rustfs - secretKey: rustfsstorage + fullnameOverride: rustfs + mode: + standalone: + enabled: true + existingClaim: + dataClaim: flyte-devbox-rustfs-storage + distributed: + enabled: false + ingress: + enabled: false + image: + repository: rustfs/rustfs + tag: sandbox + service: + type: NodePort + endpoint: + nodePort: 30002 + secret: + rustfs: + access_key: rustfs + secret_key: rustfsstorage + postgresql: fullnameOverride: postgresql enabled: true diff --git a/docker/devbox-bundled/Makefile b/docker/devbox-bundled/Makefile index 05e9a8643e..f50c2f7719 100644 --- a/docker/devbox-bundled/Makefile +++ b/docker/devbox-bundled/Makefile @@ -85,6 +85,7 @@ helm-repos: helm repo add docker-registry https://twuni.github.io/docker-registry.helm helm repo add bitnami https://charts.bitnami.com/bitnami helm repo add knative-serving https://deeploy-knative-serving-charts.storage.googleapis.com/ + helm repo add rustfs https://rustfs.github.io/helm helm repo update .PHONY: dep_build diff --git a/docker/devbox-bundled/kustomize/complete/kustomization.yaml b/docker/devbox-bundled/kustomize/complete/kustomization.yaml index f6ec725238..d77e611c4e 100644 --- a/docker/devbox-bundled/kustomize/complete/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/complete/kustomization.yaml @@ -83,4 +83,49 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete - +- target: + kind: Pod + name: rustfs-test-connection + patch: | + $patch: delete + apiVersion: v1 + kind: Pod + metadata: + name: rustfs-test-connection +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: rustfs + namespace: flyte + spec: + template: + spec: + initContainers: + - name: create-default-buckets + image: busybox:stable + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + chown -R 10001:10001 /data + mkdir -p /data/flyte-data + chown 10001:10001 /data/flyte-data + securityContext: + runAsUser: 0 + runAsNonRoot: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data +- target: + kind: Ingress + name: rustfs + patch: | + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: rustfs \ No newline at end of file diff --git a/docker/devbox-bundled/kustomize/dev/kustomization.yaml b/docker/devbox-bundled/kustomize/dev/kustomization.yaml index d705e2ba71..f0dee5a36c 100644 --- a/docker/devbox-bundled/kustomize/dev/kustomization.yaml +++ b/docker/devbox-bundled/kustomize/dev/kustomization.yaml @@ -73,4 +73,49 @@ patches: name: net-istio-controller namespace: knative-serving $patch: delete - +- target: + kind: Pod + name: rustfs-test-connection + patch: | + $patch: delete + apiVersion: v1 + kind: Pod + metadata: + name: rustfs-test-connection +- patch: |- + apiVersion: apps/v1 + kind: Deployment + metadata: + name: rustfs + namespace: flyte + spec: + template: + spec: + initContainers: + - name: create-default-buckets + image: busybox:stable + imagePullPolicy: IfNotPresent + command: + - sh + - -c + - | + chown -R 10001:10001 /data + mkdir -p /data/flyte-data + chown 10001:10001 /data/flyte-data + securityContext: + runAsUser: 0 + runAsNonRoot: false + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + volumeMounts: + - mountPath: /data + name: data +- target: + kind: Ingress + name: rustfs + patch: | + $patch: delete + apiVersion: networking.k8s.io/v1 + kind: Ingress + metadata: + name: rustfs \ No newline at end of file diff --git a/docker/devbox-bundled/manifests/complete.yaml b/docker/devbox-bundled/manifests/complete.yaml index b592d22f82..5bec3e5e8c 100644 --- a/docker/devbox-bundled/manifests/complete.yaml +++ b/docker/devbox-bundled/manifests/complete.yaml @@ -7068,6 +7068,19 @@ metadata: namespace: flyte --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7753,7 +7766,7 @@ data: region: us-east-1 disable_ssl: true v2_signing: true - endpoint: http://rustfs.flyte:9000 + endpoint: http://rustfs-svc.flyte:9000 auth_type: accesskey container: flyte-data 100-inline-config.yaml: | @@ -7772,7 +7785,7 @@ data: plugins: k8s: default-env-vars: - - FLYTE_AWS_ENDPOINT: http://rustfs.flyte:9000 + - FLYTE_AWS_ENDPOINT: http://rustfs-svc.flyte:9000 - FLYTE_AWS_ACCESS_KEY_ID: rustfs - FLYTE_AWS_SECRET_ACCESS_KEY: rustfsstorage - _U_EP_OVERRIDE: flyte-binary-http.flyte:8090 @@ -7831,6 +7844,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -8051,17 +8080,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -8208,20 +8232,28 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 @@ -8451,6 +8483,22 @@ spec: storageClassName: manual volumeName: flyte-devbox-rustfs-storage --- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -8542,7 +8590,7 @@ spec: template: metadata: annotations: - checksum/configuration: b8535eb0e5a85227f8d1d1aba0a4339b9050cad039c112d7dda9055b93586bd8 + checksum/configuration: 06269249f6e0df4e5df3c3f62e2f5bd703a127730dbcd6a68627557d343227af checksum/configuration-secret: e70194084619f4a1d4017093aac6367047167107fd0222513a32a61734629cac labels: app.kubernetes.io/component: flyte-binary @@ -8670,18 +8718,22 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: @@ -8689,65 +8741,102 @@ spec: app.kubernetes.io/name: rustfs spec: containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 name: rustfs ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c - | chown -R 10001:10001 /data mkdir -p /data/flyte-data chown 10001:10001 /data/flyte-data - image: busybox:latest + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: create-default-buckets securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: false runAsUser: 0 volumeMounts: - mountPath: /data name: data + - command: + - sh + - -c + - | + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable + imagePullPolicy: IfNotPresent + name: init-step + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: claimName: flyte-devbox-rustfs-storage diff --git a/docker/devbox-bundled/manifests/dev.yaml b/docker/devbox-bundled/manifests/dev.yaml index 2e66f5c7dd..ca52c29695 100644 --- a/docker/devbox-bundled/manifests/dev.yaml +++ b/docker/devbox-bundled/manifests/dev.yaml @@ -7057,6 +7057,19 @@ spec: status: {} --- apiVersion: v1 +automountServiceAccountToken: true +kind: ServiceAccount +metadata: + labels: + app.kubernetes.io/instance: flyte-devbox + app.kubernetes.io/managed-by: Helm + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs + namespace: flyte +--- +apiVersion: v1 kind: ServiceAccount metadata: labels: @@ -7547,6 +7560,22 @@ metadata: namespace: flyte --- apiVersion: v1 +data: + RUSTFS_ADDRESS: :9000 + RUSTFS_CONSOLE_ADDRESS: :9001 + RUSTFS_CONSOLE_ENABLE: "true" + RUSTFS_OBS_ENVIRONMENT: development + RUSTFS_OBS_LOG_DIRECTORY: /logs + RUSTFS_OBS_LOGGER_LEVEL: info + RUSTFS_REGION: us-east-1 + RUSTFS_VOLUMES: /data +kind: ConfigMap +metadata: + labels: {} + name: rustfs-config + namespace: flyte +--- +apiVersion: v1 data: max-scale: "1" kind: ConfigMap @@ -7744,17 +7773,12 @@ type: Opaque --- apiVersion: v1 data: - access-key: cnVzdGZz - secret-key: cnVzdGZzc3RvcmFnZQ== + RUSTFS_ACCESS_KEY: cnVzdGZz + RUSTFS_SECRET_KEY: cnVzdGZzc3RvcmFnZQ== kind: Secret metadata: - labels: - app.kubernetes.io/instance: flyte-devbox - app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + labels: {} + name: rustfs-secret namespace: flyte type: Opaque --- @@ -7901,20 +7925,28 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 - name: rustfs + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 + name: rustfs-svc namespace: flyte spec: ports: - - name: rustfs-api + - name: endpoint nodePort: 30002 port: 9000 - targetPort: rustfs-api + targetPort: 9000 + - name: console + nodePort: 32001 + port: 9001 + targetPort: 9001 selector: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs + sessionAffinity: ClientIP + sessionAffinityConfig: + clientIP: + timeoutSeconds: 10800 type: NodePort --- apiVersion: v1 @@ -8144,6 +8176,22 @@ spec: storageClassName: manual volumeName: flyte-devbox-rustfs-storage --- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + annotations: + helm.sh/resource-policy: keep + labels: {} + name: rustfs-logs + namespace: flyte +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 256Mi + storageClassName: local-path +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -8265,18 +8313,22 @@ metadata: labels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/managed-by: Helm - app.kubernetes.io/name: flyte-devbox - app.kubernetes.io/version: 1.16.1 - helm.sh/chart: flyte-devbox-0.1.0 + app.kubernetes.io/name: rustfs + app.kubernetes.io/version: 1.0.0-alpha.94 + helm.sh/chart: rustfs-0.0.94 name: rustfs namespace: flyte spec: + replicas: 1 selector: matchLabels: app.kubernetes.io/instance: flyte-devbox app.kubernetes.io/name: rustfs strategy: - type: Recreate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 + type: RollingUpdate template: metadata: labels: @@ -8284,65 +8336,102 @@ spec: app.kubernetes.io/name: rustfs spec: containers: - - env: - - name: RUSTFS_ADDRESS - value: 0.0.0.0:9000 - - name: RUSTFS_VOLUMES - value: /data - - name: RUSTFS_ACCESS_KEY - valueFrom: - secretKeyRef: - key: access-key - name: rustfs - - name: RUSTFS_SECRET_KEY - valueFrom: - secretKeyRef: - key: secret-key - name: rustfs - image: rustfs/rustfs:sandbox - imagePullPolicy: Never + - command: + - /usr/bin/rustfs + envFrom: + - configMapRef: + name: rustfs-config + - secretRef: + name: rustfs-secret + image: rustfs/rustfs:1.0.0-alpha.94 + imagePullPolicy: IfNotPresent livenessProbe: - failureThreshold: 5 + failureThreshold: 3 + httpGet: + path: /health + port: endpoint initialDelaySeconds: 10 - periodSeconds: 10 - tcpSocket: - port: rustfs-api + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 name: rustfs ports: - containerPort: 9000 - name: rustfs-api - protocol: TCP + name: endpoint + - containerPort: 9001 + name: console readinessProbe: - failureThreshold: 5 - initialDelaySeconds: 5 + failureThreshold: 3 + httpGet: + path: /health/ready + port: endpoint + initialDelaySeconds: 30 periodSeconds: 5 - tcpSocket: - port: rustfs-api + successThreshold: 1 + timeoutSeconds: 3 + resources: {} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true runAsNonRoot: true - runAsUser: 10001 volumeMounts: + - mountPath: /logs + name: logs + subPath: logs - mountPath: /data name: data + imagePullSecrets: [] initContainers: - command: - - /bin/sh - - -ec + - sh + - -c - | chown -R 10001:10001 /data mkdir -p /data/flyte-data chown 10001:10001 /data/flyte-data - image: busybox:latest + image: busybox:stable imagePullPolicy: IfNotPresent - name: volume-permissions + name: create-default-buckets securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsNonRoot: false runAsUser: 0 volumeMounts: - mountPath: /data name: data + - command: + - sh + - -c + - | + mkdir -p /data /mnt/rustfs/logs + chmod 755 /mnt/rustfs/logs + image: busybox:stable + imagePullPolicy: IfNotPresent + name: init-step + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + volumeMounts: + - mountPath: /data + name: data + - mountPath: /mnt/rustfs + name: logs securityContext: fsGroup: 10001 + runAsGroup: 10001 + runAsUser: 10001 volumes: + - name: logs + persistentVolumeClaim: + claimName: rustfs-logs - name: data persistentVolumeClaim: claimName: flyte-devbox-rustfs-storage