fix: harden SeaweedFS storage and fix Drive presigned uploads

- SeaweedFS filer: Recreate strategy (prevents LevelDB lock contention), 60s termination grace period, memory 256Mi→2Gi limit - SeaweedFS volume: 60s termination grace period, memory 256Mi→1Gi limit - Drive: add AWS_S3_DOMAIN_REPLACE so presigned upload URLs use s3.sunbeam.pt instead of internal cluster DNS - Drive: relax liveness/readiness probes (failureThreshold 1→3, period 1s→10s, timeout 1s→5s) to prevent crash loops under load
2026-03-22 19:48:36 +00:00
parent 9af3cd3c49
commit a086049de6
4 changed files with 22 additions and 6 deletions
--- a/base/lasuite/drive-values.yaml
+++ b/base/lasuite/drive-values.yaml
@@ -13,6 +13,16 @@
 fullnameOverride: drive

 backend:
+  livenessProbe:
+    initialDelaySeconds: 15
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
+  readinessProbe:
+    initialDelaySeconds: 15
+    periodSeconds: 10
+    timeoutSeconds: 5
+    failureThreshold: 3
  createsuperuser:
    # No superuser — users authenticate via OIDC.
    # The chart always renders this Job; override command so it exits 0.
@@ -71,6 +81,8 @@ backend:
      secretKeyRef:
        name: seaweedfs-s3-credentials
        key: S3_SECRET_KEY
+    # Public S3 endpoint for browser-side presigned upload URLs.
+    AWS_S3_DOMAIN_REPLACE: https://s3.DOMAIN_SUFFIX
    # Base URL for media file references so nginx auth proxy receives full paths.
    MEDIA_BASE_URL: https://drive.DOMAIN_SUFFIX

--- a/base/storage/seaweedfs-filer.yaml
+++ b/base/storage/seaweedfs-filer.yaml
@@ -5,6 +5,8 @@ metadata:
  namespace: storage
 spec:
  replicas: 1
+  strategy:
+    type: Recreate
  selector:
    matchLabels:
      app: seaweedfs-filer
@@ -13,6 +15,7 @@ spec:
      labels:
        app: seaweedfs-filer
    spec:
+      terminationGracePeriodSeconds: 60
      initContainers:
        - name: fix-permissions
          image: busybox
@@ -56,9 +59,9 @@ spec:
              mountPath: /data/filer
          resources:
            limits:
-              memory: 256Mi
+              memory: 2Gi
            requests:
-              memory: 128Mi
+              memory: 512Mi
              cpu: 50m
      volumes:
        - name: config
--- a/base/storage/seaweedfs-volume.yaml
+++ b/base/storage/seaweedfs-volume.yaml
@@ -14,6 +14,7 @@ spec:
      labels:
        app: seaweedfs-volume
    spec:
+      terminationGracePeriodSeconds: 60
      containers:
        - name: volume
          image: chrislusf/seaweedfs:latest
@@ -35,9 +36,9 @@ spec:
              mountPath: /data
          resources:
            limits:
-              memory: 256Mi
+              memory: 1Gi
            requests:
-              memory: 128Mi
+              memory: 256Mi
              cpu: 50m
  volumeClaimTemplates:
    - metadata:
--- a/overlays/production/values-resources.yaml
+++ b/overlays/production/values-resources.yaml
@@ -126,10 +126,10 @@ spec:
        - name: filer
          resources:
            requests:
-              memory: 256Mi
+              memory: 512Mi
              cpu: 100m
            limits:
-              memory: 1Gi
+              memory: 2Gi

 ---
 apiVersion: apps/v1