bitnami · alvneiayu · Jan 20, 2025 · Jan 13, 2025 · Jan 13, 2025 · Jan 13, 2025
diff --git a/bitnami/seaweedfs/CHANGELOG.md b/bitnami/seaweedfs/CHANGELOG.md
@@ -1,8 +1,12 @@
 # Changelog
 
-## 4.3.2 (2025-01-17)
+## 4.5.0 (2025-01-20)
 
-* [bitnami/seaweedfs] Release 4.3.2 ([#31443](https://github.com/bitnami/charts/pull/31443))
+* [bitnami/seaweedfs]: add pod for `weed iam` ([#31334](https://github.com/bitnami/charts/pull/31334))
+
+## <small>4.3.2 (2025-01-17)</small>
+
+* [bitnami/seaweedfs] Release 4.3.2 (#31443) ([942718e](https://github.com/bitnami/charts/commit/942718e8ec1eef14fcd63ebc11e2f2ce7a180c17)), closes [#31443](https://github.com/bitnami/charts/issues/31443)
 
 ## <small>4.3.1 (2025-01-13)</small>
 

diff --git a/bitnami/seaweedfs/Chart.yaml b/bitnami/seaweedfs/Chart.yaml
@@ -50,4 +50,4 @@ name: seaweedfs
 sources:
 - https://github.com/bitnami/charts/tree/main/bitnami/seawwedfs
 - https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs
-version: 4.3.2
+version: 4.5.0
diff --git a/bitnami/seaweedfs/README.md b/bitnami/seaweedfs/README.md
diff --git a/bitnami/seaweedfs/templates/_helpers.tpl b/bitnami/seaweedfs/templates/_helpers.tpl
@@ -24,6 +24,13 @@ Return the proper SeaweedFS Filer Server fullname
 {{- printf "%s-filer" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 
+{{/*
+Return the proper SeaweedFS IAM Server fullname
+*/}}
+{{- define "seaweedfs.iam.fullname" -}}
+{{- printf "%s-iam" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
 {{/*
 Return the proper SeaweedFS Amazon S3 API fullname
 */}}

diff --git a/bitnami/seaweedfs/templates/iam/deployment.yaml b/bitnami/seaweedfs/templates/iam/deployment.yaml
@@ -0,0 +1,226 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.iam.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "seaweedfs.iam.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: iam
+  {{- if or .Values.iam.statefulsetAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.iam.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  replicas: {{ .Values.iam.replicaCount }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.iam.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: iam
+  {{- if .Values.iam.updateStrategy }}
+  strategy: {{- toYaml .Values.iam.updateStrategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
+        {{- if .Values.iam.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.iam.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: iam
+    spec:
+      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
+      serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}    
+      automountServiceAccountToken: {{ .Values.iam.automountServiceAccountToken }}
+      {{- if .Values.iam.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.iam.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.iam.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.iam.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- if not (empty .Values.iam.podAffinityPreset) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.iam.podAffinityPreset "component" "iam" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.iam.podAntiAffinityPreset) }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.iam.podAntiAffinityPreset "component" "iam" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.iam.nodeAffinityPreset.type) }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.iam.nodeAffinityPreset.type "key" .Values.iam.nodeAffinityPreset.key "values" .Values.iam.nodeAffinityPreset.values) | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.iam.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.iam.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.iam.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.iam.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.iam.priorityClassName }}
+      priorityClassName: {{ .Values.iam.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.iam.schedulerName }}
+      schedulerName: {{ .Values.iam.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.iam.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.iam.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.iam.podSecurityContext.enabled }}
+      securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.iam.podSecurityContext "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.iam.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.iam.terminationGracePeriodSeconds }}
+      {{- end }}
+      initContainers:
+        {{- if .Values.iam.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.iam.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: seaweedfs
+          image: {{ template "seaweedfs.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.iam.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.iam.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.iam.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.iam.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.iam.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.iam.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - -logtostderr=true
+            - -v={{ .Values.iam.logLevel }}
+            - iam
+            - -port={{ .Values.iam.containerPorts.http }}
+            - -filer={{ printf "%s:%d" (include "seaweedfs.filer.fullname" .) (int .Values.filer.service.ports.http) }}
+            - -master={{ printf "%s:%d" (include "seaweedfs.master.fullname" .) (int .Values.master.service.ports.http) }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+            - name: WEED_CLUSTER_DEFAULT
+              value: {{ .Values.clusterDefault | quote }}
+            {{- if .Values.iam.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.iam.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.iam.extraEnvVarsCM .Values.iam.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.iam.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.iam.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.iam.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.iam.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.iam.resources }}
+          resources: {{- toYaml .Values.iam.resources | nindent 12 }}
+          {{- else if ne .Values.iam.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.iam.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: "http"
+              containerPort: {{ .Values.iam.containerPorts.http }}
+            {{- if .Values.iam.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.iam.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.iam.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.iam.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.iam.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.iam.livenessProbe "enabled") "context" $) | nindent 12 }}
+            exec:
+              command:
+                - pgrep
+                - -f
+                - iam
+          {{- end }}
+          {{- if .Values.iam.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.iam.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.iam.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.iam.readinessProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: "http"
+          {{- end }}
+          {{- if .Values.iam.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.iam.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.iam.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.iam.startupProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: "http"
+          {{- end }}
+          {{- end }}
+          {{- if .Values.iam.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.iam.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: security-config
+              mountPath: /etc/seaweedfs/security.toml
+              subPath: security.toml
+              readOnly: true
+            {{- if .Values.security.mTLS.enabled  }}
+            - name: ca-cert
+              readOnly: true
+              mountPath: /certs/ca
+            - name: master-cert
+              readOnly: true
+              mountPath: /certs/master
+            - name: filer-cert
+              readOnly: true
+              mountPath: /certs/filer
+            - name: volume-cert
+              readOnly: true
+              mountPath: /certs/volume
+            - name: client-cert
+              readOnly: true
+              mountPath: /certs/client
+            {{- end }}
+          {{- if .Values.iam.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.iam.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.iam.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.iam.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        - name: security-config
+          configMap:
+            name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+        {{- if .Values.security.mTLS.enabled  }}
+        - name: ca-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+        - name: master-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
+        - name: filer-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
+        - name: volume-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
+        - name: client-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
+        {{- end }}
+        {{- if .Values.iam.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.iam.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+{{- end }}
diff --git a/bitnami/seaweedfs/templates/iam/pdb.yaml b/bitnami/seaweedfs/templates/iam/pdb.yaml
@@ -0,0 +1,28 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.iam.enabled .Values.iam.pdb.create }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "seaweedfs.iam.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: iam
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.iam.pdb.minAvailable }}
+  minAvailable: {{ .Values.iam.pdb.minAvailable }}
+  {{- end  }}
+  {{- if or .Values.iam.pdb.maxUnavailable (not .Values.iam.pdb.minAvailable) }}
+  maxUnavailable: {{ .Values.iam.pdb.maxUnavailable | default 1 }}
+  {{- end  }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.iam.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: iam
+{{- end }}
diff --git a/bitnami/seaweedfs/templates/iam/service.yaml b/bitnami/seaweedfs/templates/iam/service.yaml
@@ -0,0 +1,54 @@
+{{- /*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.iam.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "seaweedfs.iam.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: iam
+  {{- if or .Values.iam.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.iam.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.iam.service.type }}
+  {{- if and .Values.iam.service.clusterIP (eq .Values.iam.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.iam.service.clusterIP }}
+  {{- end }}
+  {{- if .Values.iam.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.iam.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.iam.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.iam.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if or (eq .Values.iam.service.type "LoadBalancer") (eq .Values.iam.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.iam.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.iam.service.type "LoadBalancer") (not (empty .Values.iam.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.iam.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.iam.service.type "LoadBalancer") (not (empty .Values.iam.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.iam.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: "http"
+      port: {{ .Values.iam.service.ports.http }}
+      targetPort: "http"
+      protocol: TCP
+      {{- if and (or (eq .Values.iam.service.type "NodePort") (eq .Values.iam.service.type "LoadBalancer")) (not (empty .Values.iam.service.nodePorts.http)) }}
+      nodePort: {{ .Values.iam.service.nodePorts.http }}
+      {{- else if eq .Values.iam.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- if .Values.iam.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.iam.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.iam.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: iam
+{{- end }}