From a086049de6c9084a77710018dfc960d6ecd0fe25 Mon Sep 17 00:00:00 2001 From: Sienna Meridian Satterwhite Date: Sun, 22 Mar 2026 19:48:36 +0000 Subject: [PATCH] fix: harden SeaweedFS storage and fix Drive presigned uploads MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - SeaweedFS filer: Recreate strategy (prevents LevelDB lock contention), 60s termination grace period, memory 256Mi→2Gi limit - SeaweedFS volume: 60s termination grace period, memory 256Mi→1Gi limit - Drive: add AWS_S3_DOMAIN_REPLACE so presigned upload URLs use s3.sunbeam.pt instead of internal cluster DNS - Drive: relax liveness/readiness probes (failureThreshold 1→3, period 1s→10s, timeout 1s→5s) to prevent crash loops under load --- base/lasuite/drive-values.yaml | 12 ++++++++++++ base/storage/seaweedfs-filer.yaml | 7 +++++-- base/storage/seaweedfs-volume.yaml | 5 +++-- overlays/production/values-resources.yaml | 4 ++-- 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/base/lasuite/drive-values.yaml b/base/lasuite/drive-values.yaml index 68a9dcb..cd0a6a7 100644 --- a/base/lasuite/drive-values.yaml +++ b/base/lasuite/drive-values.yaml @@ -13,6 +13,16 @@ fullnameOverride: drive backend: + livenessProbe: + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readinessProbe: + initialDelaySeconds: 15 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 createsuperuser: # No superuser — users authenticate via OIDC. # The chart always renders this Job; override command so it exits 0. @@ -71,6 +81,8 @@ backend: secretKeyRef: name: seaweedfs-s3-credentials key: S3_SECRET_KEY + # Public S3 endpoint for browser-side presigned upload URLs. + AWS_S3_DOMAIN_REPLACE: https://s3.DOMAIN_SUFFIX # Base URL for media file references so nginx auth proxy receives full paths. MEDIA_BASE_URL: https://drive.DOMAIN_SUFFIX diff --git a/base/storage/seaweedfs-filer.yaml b/base/storage/seaweedfs-filer.yaml index 01b923d..d2b732d 100644 --- a/base/storage/seaweedfs-filer.yaml +++ b/base/storage/seaweedfs-filer.yaml @@ -5,6 +5,8 @@ metadata: namespace: storage spec: replicas: 1 + strategy: + type: Recreate selector: matchLabels: app: seaweedfs-filer @@ -13,6 +15,7 @@ spec: labels: app: seaweedfs-filer spec: + terminationGracePeriodSeconds: 60 initContainers: - name: fix-permissions image: busybox @@ -56,9 +59,9 @@ spec: mountPath: /data/filer resources: limits: - memory: 256Mi + memory: 2Gi requests: - memory: 128Mi + memory: 512Mi cpu: 50m volumes: - name: config diff --git a/base/storage/seaweedfs-volume.yaml b/base/storage/seaweedfs-volume.yaml index 3b1ebe9..584db6c 100644 --- a/base/storage/seaweedfs-volume.yaml +++ b/base/storage/seaweedfs-volume.yaml @@ -14,6 +14,7 @@ spec: labels: app: seaweedfs-volume spec: + terminationGracePeriodSeconds: 60 containers: - name: volume image: chrislusf/seaweedfs:latest @@ -35,9 +36,9 @@ spec: mountPath: /data resources: limits: - memory: 256Mi + memory: 1Gi requests: - memory: 128Mi + memory: 256Mi cpu: 50m volumeClaimTemplates: - metadata: diff --git a/overlays/production/values-resources.yaml b/overlays/production/values-resources.yaml index 1744858..482559e 100644 --- a/overlays/production/values-resources.yaml +++ b/overlays/production/values-resources.yaml @@ -126,10 +126,10 @@ spec: - name: filer resources: requests: - memory: 256Mi + memory: 512Mi cpu: 100m limits: - memory: 1Gi + memory: 2Gi --- apiVersion: apps/v1