fix: harden SeaweedFS storage and fix Drive presigned uploads
- SeaweedFS filer: Recreate strategy (prevents LevelDB lock contention), 60s termination grace period, memory 256Mi→2Gi limit - SeaweedFS volume: 60s termination grace period, memory 256Mi→1Gi limit - Drive: add AWS_S3_DOMAIN_REPLACE so presigned upload URLs use s3.sunbeam.pt instead of internal cluster DNS - Drive: relax liveness/readiness probes (failureThreshold 1→3, period 1s→10s, timeout 1s→5s) to prevent crash loops under load
This commit is contained in:
@@ -13,6 +13,16 @@
|
|||||||
fullnameOverride: drive
|
fullnameOverride: drive
|
||||||
|
|
||||||
backend:
|
backend:
|
||||||
|
livenessProbe:
|
||||||
|
initialDelaySeconds: 15
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
|
readinessProbe:
|
||||||
|
initialDelaySeconds: 15
|
||||||
|
periodSeconds: 10
|
||||||
|
timeoutSeconds: 5
|
||||||
|
failureThreshold: 3
|
||||||
createsuperuser:
|
createsuperuser:
|
||||||
# No superuser — users authenticate via OIDC.
|
# No superuser — users authenticate via OIDC.
|
||||||
# The chart always renders this Job; override command so it exits 0.
|
# The chart always renders this Job; override command so it exits 0.
|
||||||
@@ -71,6 +81,8 @@ backend:
|
|||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: seaweedfs-s3-credentials
|
name: seaweedfs-s3-credentials
|
||||||
key: S3_SECRET_KEY
|
key: S3_SECRET_KEY
|
||||||
|
# Public S3 endpoint for browser-side presigned upload URLs.
|
||||||
|
AWS_S3_DOMAIN_REPLACE: https://s3.DOMAIN_SUFFIX
|
||||||
# Base URL for media file references so nginx auth proxy receives full paths.
|
# Base URL for media file references so nginx auth proxy receives full paths.
|
||||||
MEDIA_BASE_URL: https://drive.DOMAIN_SUFFIX
|
MEDIA_BASE_URL: https://drive.DOMAIN_SUFFIX
|
||||||
|
|
||||||
|
|||||||
@@ -5,6 +5,8 @@ metadata:
|
|||||||
namespace: storage
|
namespace: storage
|
||||||
spec:
|
spec:
|
||||||
replicas: 1
|
replicas: 1
|
||||||
|
strategy:
|
||||||
|
type: Recreate
|
||||||
selector:
|
selector:
|
||||||
matchLabels:
|
matchLabels:
|
||||||
app: seaweedfs-filer
|
app: seaweedfs-filer
|
||||||
@@ -13,6 +15,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: seaweedfs-filer
|
app: seaweedfs-filer
|
||||||
spec:
|
spec:
|
||||||
|
terminationGracePeriodSeconds: 60
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: fix-permissions
|
- name: fix-permissions
|
||||||
image: busybox
|
image: busybox
|
||||||
@@ -56,9 +59,9 @@ spec:
|
|||||||
mountPath: /data/filer
|
mountPath: /data/filer
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: 256Mi
|
memory: 2Gi
|
||||||
requests:
|
requests:
|
||||||
memory: 128Mi
|
memory: 512Mi
|
||||||
cpu: 50m
|
cpu: 50m
|
||||||
volumes:
|
volumes:
|
||||||
- name: config
|
- name: config
|
||||||
|
|||||||
@@ -14,6 +14,7 @@ spec:
|
|||||||
labels:
|
labels:
|
||||||
app: seaweedfs-volume
|
app: seaweedfs-volume
|
||||||
spec:
|
spec:
|
||||||
|
terminationGracePeriodSeconds: 60
|
||||||
containers:
|
containers:
|
||||||
- name: volume
|
- name: volume
|
||||||
image: chrislusf/seaweedfs:latest
|
image: chrislusf/seaweedfs:latest
|
||||||
@@ -35,9 +36,9 @@ spec:
|
|||||||
mountPath: /data
|
mountPath: /data
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
memory: 256Mi
|
memory: 1Gi
|
||||||
requests:
|
requests:
|
||||||
memory: 128Mi
|
memory: 256Mi
|
||||||
cpu: 50m
|
cpu: 50m
|
||||||
volumeClaimTemplates:
|
volumeClaimTemplates:
|
||||||
- metadata:
|
- metadata:
|
||||||
|
|||||||
@@ -126,10 +126,10 @@ spec:
|
|||||||
- name: filer
|
- name: filer
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
memory: 256Mi
|
memory: 512Mi
|
||||||
cpu: 100m
|
cpu: 100m
|
||||||
limits:
|
limits:
|
||||||
memory: 1Gi
|
memory: 2Gi
|
||||||
|
|
||||||
---
|
---
|
||||||
apiVersion: apps/v1
|
apiVersion: apps/v1
|
||||||
|
|||||||
Reference in New Issue
Block a user