Skip to content

[seaweedfs] Traffic locality #1748

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
nbykov0 merged 4 commits into from
Jan 8, 2026
Merged

[seaweedfs] Traffic locality #1748

nbykov0 merged 4 commits into from
Jan 8, 2026

Conversation

@nbykov0
Copy link
Collaborator

@nbykov0 nbykov0 commented Dec 23, 2025
edited by coderabbitai bot
Loading

What this PR does

Addes traffic locality capabilities to Seaweedfs.

Release note

Added traffic locality capabilities to Seaweedfs

Summary by CodeRabbit

Release Notes

  • New Features

    • SeaweedFS upgraded to version 4.05
    • Admin component with web-based UI and authentication support
    • Worker component for distributed operations
    • Enhanced S3 monitoring with new Grafana dashboard panels for buckets, API calls, costs, and performance metrics
    • TLS certificate support for admin and worker components

  • Improvements

    • S3 service traffic distribution optimization
    • Ingress multi-host support for S3 endpoints
    • Pod scheduling optimization for improved availability
    • Security enhancements with configurable TLS endpoints

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Dec 23, 2025
edited
Loading

📝 Walkthrough

Walkthrough

The pull request introduces admin and worker component deployments to the SeaweedFS Helm chart, bumps the version from 4.02 to 4.05, refactors the Makefile to use patch-based customization instead of Docker builds, enhances S3 observability metrics in Grafana, updates pod scheduling policies across components, and updates ingress configurations for multi-host and traffic distribution support.

Changes

Cohort / File(s) Summary
Version and Chart Metadata
packages/system/seaweedfs/charts/seaweedfs/Chart.yaml		 Updated appVersion to 4.05 and version to 4.0.405
Admin Component (New)
packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-statefulset.yaml, admin-service.yaml, admin-ingress.yaml, admin-secret.yaml, admin-servicemonitor.yaml		 Introduced comprehensive admin component with StatefulSet, Service (headless with metrics port), Ingress (version-aware), Secret (pre-install/upgrade hooks), and ServiceMonitor resources; includes validation for master server configuration, secret handling, and storage options
Worker Component (New)
packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml, worker-service.yaml, worker-servicemonitor.yaml		 Introduced worker component as Deployment with Service (headless, metrics-enabled) and ServiceMonitor; includes guard requiring adminServer configuration, support for capabilities, maxConcurrent, workingDir, and flexible volume/security setups
Certificate Management (New)
packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml, worker-cert.yaml		 Added cert-manager Certificate resources for admin and worker components with version-aware apiVersion selection and GRPC endpoint TLS configuration
Security Configuration
packages/system/seaweedfs/charts/seaweedfs/templates/shared/security-configmap.yaml		 Extended security TOML with TLS paths for grpc.admin and grpc.worker endpoints
Helper Templates and Refactoring
packages/system/seaweedfs/charts/seaweedfs/templates/shared/_helpers.tpl, filer/filer-statefulset.yaml, master/master-statefulset.yaml, volume/volume-statefulset.yaml		 Added helpers (admin.image, worker.image, admin.pvc_exists, seaweedfs.masterServers, seaweedfs.masterServerArg); refactored master server argument generation to use template helpers in filer, master, and volume StatefulSets
S3 Enhancements
packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-ingress.yaml, s3-service.yaml, patches/s3-traffic-distribution.patch		 Updated S3 ingress to support multi-host configuration with backward-compatible host handling; added trafficDistribution: PreferClose to S3 Service; introduced patch for traffic distribution
Build Process Changes
packages/system/seaweedfs/Makefile, images/seaweedfs/Dockerfile		 Removed image target from Makefile and Docker build logic; simplified tarball extraction; added patch application for s3-traffic-distribution; removed dynamic base image ARG VERSION from Dockerfile
Values Configuration
packages/system/seaweedfs/charts/seaweedfs/values.yaml, values.yaml		 Added comprehensive admin/worker configuration blocks (enabled, ports, replicas, storage, resources, affinity); expanded allInOne deployment config; added volume.id field; updated S3 config in root values to enable S3 with replicas, affinity, and service-upstream annotation
Observability
packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json, README.md		 Added S3-related Grafana panels (API calls per bucket, bucket size, object count, traffic, QPS, cost, request duration quantiles, Filer metrics); documented Admin and Worker component configuration and deployment strategies
Ingress Controller Configuration
packages/system/ingress-nginx/values.yaml		 Added pod anti-affinity policy to ingress-nginx controller with preferred hostname and zone-based scheduling constraints (weights 10 and 100)

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐰 New admin and workers now take their flight,
With patches applied and templates just right,
S3 spreads traffic PreferClose and wide,
While affinity rules keep pods side by side,
From 4.02 to 4.05, we've come such a way! 🌟

🚥 Pre-merge checks | ✅ 3
✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The PR title '[seaweedfs] Traffic locality' clearly and specifically describes the main change—adding traffic locality capabilities to SeaweedFS, which is well-reflected in the commit messages and file modifications across affinity rules, S3 service traffic distribution, and topology-aware scheduling.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist
Copy link
Contributor

gemini-code-assist bot commented Dec 23, 2025

Summary of Changes

Hello @nbykov0, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request enhances the traffic locality capabilities within the system by implementing strategic Kubernetes scheduling and service routing configurations. It ensures that ingress-nginx controllers are spread across the cluster for better resilience and that SeaweedFS S3 traffic is directed to the nearest available endpoints, thereby optimizing network performance and reducing latency. Additionally, it refines the SeaweedFS ingress setup with an updated host and a specific NGINX annotation.

Highlights

  • Ingress-Nginx Pod Anti-Affinity: Configured ingress-nginx controller pods with podAntiAffinity rules to ensure they are distributed across different hosts and Kubernetes zones. This enhances high availability and improves traffic locality by preventing multiple controller instances from running on the same physical or logical node.
  • SeaweedFS S3 Traffic Distribution: Modified the SeaweedFS S3 service to include trafficDistribution: PreferClose. This setting instructs Kubernetes to route traffic to S3 endpoints that are topologically closer to the client, reducing latency and improving performance.
  • SeaweedFS Ingress Configuration Update: Updated the ingress host for SeaweedFS from seaweedfs2.demo.cozystack.io to seaweedfs.demo.cozystack.io and added the nginx.ingress.kubernetes.io/service-upstream: true annotation. This annotation ensures that NGINX Ingress Controller uses the service name directly for upstream resolution, which can be beneficial for certain traffic routing scenarios.
  • Makefile Patch Integration: Integrated a new patch file, s3-traffic-distribution.patch, into the SeaweedFS Makefile. This patch is responsible for applying the trafficDistribution: PreferClose setting to the S3 service during the build process.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature Command Description
Code Review /gemini review Performs a code review for the current pull request in its current state.
Pull Request Summary /gemini summary Provides a summary of the current pull request in its current state.
Comment @gemini-code-assist Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help /gemini help Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

  1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution.

gemini-code-assist[bot]
gemini-code-assist bot reviewed Dec 23, 2025
View reviewed changes
Copy link
Contributor

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request aims to add traffic locality capabilities to SeaweedFS. It does so by configuring pod anti-affinity for ingress-nginx to spread pods across zones, and by setting trafficDistribution: PreferClose on the SeaweedFS S3 service. While these are good steps, there are a couple of areas for improvement. I've pointed out a way to make the ingress-nginx affinity rules more maintainable. More importantly, I've identified a configuration in the SeaweedFS ingress annotations that conflicts with the goal of traffic locality for ingress traffic and should be addressed.

@nbykov0 nbykov0 force-pushed the s3-topology-aware branch 2 times, most recently from 101eb1f to 452b5ab Compare December 23, 2025 21:46
@nbykov0 nbykov0 self-assigned this Dec 23, 2025
@nbykov0 nbykov0 changed the title Seaweedfs traffic locality [seaweedfs] Traffic locality Dec 23, 2025
@nbykov0 nbykov0 force-pushed the s3-topology-aware branch from c45b6d8 to ff2a135 Compare January 5, 2026 14:32
@nbykov0
[ingress] Add topology anti-affinities
6ca8011 
Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com>
@nbykov0 nbykov0 force-pushed the s3-topology-aware branch from ff2a135 to 0c4da72 Compare January 5, 2026 14:36
nbykov0 added 3 commits January 7, 2026 21:07
@nbykov0
[seaweedfs] Traffic locality for seaweedfs
2a8a8a4 
Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com>
@nbykov0
[seaweed] Update to 4.05
aede1b9 
Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com>
@nbykov0
[seaweed] Use upstream images
bcd4b89 
Signed-off-by: nbykov0 <166552198+nbykov0@users.noreply.github.com>
@nbykov0 nbykov0 force-pushed the s3-topology-aware branch from 0c4da72 to bcd4b89 Compare January 7, 2026 18:07
@nbykov0 nbykov0 marked this pull request as ready for review January 7, 2026 18:20
@nbykov0 nbykov0 requested review from kvaps and lllamnyp as code owners January 7, 2026 18:20
@dosubot dosubot bot added size:XXL This PR changes 1000+ lines, ignoring generated files. enhancement New feature or request labels Jan 7, 2026
@nbykov0 nbykov0 added the backport Should change be backported on previus release label Jan 7, 2026
coderabbitai[bot]
coderabbitai bot reviewed Jan 7, 2026
View reviewed changes
Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 4

🤖 Fix all issues with AI agents 
In @packages/system/seaweedfs/charts/seaweedfs/Chart.yaml:
- Around line 4-6: The Chart.yaml appVersion is invalid ("4.05"); update the
appVersion field in Chart.yaml to a valid SeaweedFS release (e.g., "4.00") and
ensure the chart's version/metadata remain consistent; do not edit the vendored
chart in-place—implement this change via the repository's chart patch mechanism
(create an appropriate patch under patches/ or use the established chart
vendoring workflow) so the vendored upstream remains untouched.

In @packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-service.yaml:
- Line 17: Revert the direct change that hardcodes trafficDistribution:
PreferClose in the s3 service template; instead remove the hardcoded
trafficDistribution line and implement it via chart values and proper vendoring
(overlay/kustomize or chart dependency) so users can opt-in or set it
per-cluster. Introduce a chart value (e.g., values.s3.trafficDistributionEnabled
and values.s3.trafficDistributionValue) and conditionally render the
trafficDistribution field in the s3 service template only when
trafficDistributionEnabled is true, and document that PreferClose should only be
used on clusters that support the feature (Kubernetes GA >= 1.33). Ensure the
vendoring change is applied through an overlay or dependency update rather than
a direct edit to the vendored template.

In
@packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml:
- Around line 134-138: The admin flag construction for the worker is appending
the gRPC port as a dot-suffixed token, creating invalid addresses (e.g.,
host:port.grpcPort); update the template that builds the -admin flag so it uses
either .Values.worker.adminServer when set or the generated host plus only
.Values.admin.port (remove any use of .Values.admin.grpcPort in the -admin
value). Locate the block that references -admin (the template using
"seaweedfs.name", .Values.worker.adminServer, .Values.admin.port and
.Values.admin.grpcPort) and delete the conditional that appends
.Values.admin.grpcPort so the -admin flag becomes host:port only; handle gRPC
port separately if needed elsewhere.

In @packages/system/seaweedfs/patches/s3-traffic-distribution.patch:
- Line 9: The chart currently sets trafficDistribution: PreferClose which is
deprecated; update the value to a supported option (e.g., trafficDistribution:
PreferSameZone or trafficDistribution: PreferSameNode) and adjust the chart's
kubeVersion constraint to require at least Kubernetes v1.33 (the v1 API
stabilization version) so the minimum version reflects the stable API; locate
the trafficDistribution setting and the kubeVersion field in the chart and make
these two coordinated edits.
🧹 Nitpick comments (7)
packages/system/seaweedfs/charts/seaweedfs/templates/cert/worker-cert.yaml (1)

1-42: LGTM! Certificate template correctly configured.

The worker certificate template is properly structured with:

  • Correct conditional rendering (security enabled, external certs disabled)
  • Appropriate cert-manager.io/v1 API usage
  • Well-formed DNS names covering all cluster DNS resolution levels
  • Consistent pattern matching other component certificates

Optional: Remove the extra blank line at the end of the file (line 43) for consistency with Helm template conventions.

packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml (1)

43-43: Minor: Remove trailing blank line.

The static analysis flagged a trailing blank line at the end of the file.

🧹 Remove trailing blank line 
   renewBefore: {{ .Values.certificates.renewBefore }}
 {{- end }}
-
packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml (1)

1-33: LGTM! ServiceMonitor configuration is correct.

The ServiceMonitor properly configures metrics collection for the admin component with appropriate conditionals, labels, and endpoint configuration.

Minor: Remove trailing blank line

Per yamllint, there's a trailing blank line at the end of the file (line 39 in the full template). This is a minor formatting inconsistency.

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-service.yaml (1)

1-38: LGTM! Service configuration is correct.

The Service properly exposes the admin component's http, grpc, and optional metrics ports with appropriate labels and selectors.

Minor: Remove trailing blank line

Per yamllint, there's a trailing blank line at the end of the file (line 39). This is a minor formatting inconsistency.

packages/system/seaweedfs/charts/seaweedfs/templates/shared/_helpers.tpl (1)

284-290: Consider removing unused variable.

The $fullname variable is defined but never used. The helper uses ${SEAWEEDFS_FULLNAME} (shell variable) instead, which is resolved at runtime from the pod's environment.

🧹 Optional cleanup 
 {{- define "seaweedfs.masterServers" -}}
-{{- $fullname := include "seaweedfs.name" . -}}
 {{- range $index := until (.Values.master.replicas | int) -}}
 {{- if $index }},{{ end -}}
 ${SEAWEEDFS_FULLNAME}-master-{{ $index }}.${SEAWEEDFS_FULLNAME}-master.{{ $.Release.Namespace }}:{{ $.Values.master.port }}
 {{- end -}}
 {{- end -}}
packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml (2)

34-46: Inconsistent whitespace control in template directives.

Lines 34 and 41 use {{ with ...}} while similar constructs elsewhere use {{- with ...}}. This inconsistency may introduce unwanted blank lines in the rendered output.

Suggested fix for consistency 
-      {{ with .Values.podLabels }}
+      {{- with .Values.podLabels }}
       {{- toYaml . | nindent 8 }}
       {{- end }}
       {{- with .Values.worker.podLabels }}
       {{- toYaml . | nindent 8 }}
       {{- end }}
       annotations:
-      {{ with .Values.podAnnotations }}
+      {{- with .Values.podAnnotations }}
       {{- toYaml . | nindent 8 }}
       {{- end }}

283-287: Potential indentation issues with indent usage.

Lines 283 and 286 use indent 8 combined with trim, which may produce incorrect indentation:

  • indent adds leading spaces, but trim removes them
  • The rest of the file uses nindent (which adds a newline before indenting)
  • At this nesting level, volumes require 8-space indentation, but nodeSelector content should align differently

Consider using nindent consistently and verify the rendered output.

Suggested fix for consistency 
-        {{ tpl .Values.worker.extraVolumes . | indent 8 | trim }}
+        {{- tpl .Values.worker.extraVolumes . | nindent 8 | trim }}
       {{- if .Values.worker.nodeSelector }}
       nodeSelector:
-        {{ tpl .Values.worker.nodeSelector . | indent 8 | trim }}
+        {{- tpl .Values.worker.nodeSelector . | nindent 8 | trim }}
       {{- end }}
📜 Review details

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 56cba3f and bcd4b89.

📒 Files selected for processing (26)
  • packages/system/ingress-nginx/values.yaml
  • packages/system/seaweedfs/Makefile
  • packages/system/seaweedfs/charts/seaweedfs/Chart.yaml
  • packages/system/seaweedfs/charts/seaweedfs/README.md
  • packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-ingress.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-secret.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/cert/worker-cert.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/filer/filer-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/master/master-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-ingress.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/shared/_helpers.tpl
  • packages/system/seaweedfs/charts/seaweedfs/templates/shared/security-configmap.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/volume/volume-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml
  • packages/system/seaweedfs/charts/seaweedfs/values.yaml
  • packages/system/seaweedfs/images/seaweedfs/Dockerfile
  • packages/system/seaweedfs/patches/s3-traffic-distribution.patch
  • packages/system/seaweedfs/values.yaml
💤 Files with no reviewable changes (1)
  • packages/system/seaweedfs/images/seaweedfs/Dockerfile
🧰 Additional context used
📓 Path-based instructions (3)
packages/system/**

📄 CodeRabbit inference engine (AGENTS.md)

Use Helm Chart umbrella pattern with vendored upstream charts in charts/ directory

Files:

  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/shared/security-configmap.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/volume/volume-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml
  • packages/system/seaweedfs/Makefile
  • packages/system/seaweedfs/charts/seaweedfs/templates/master/master-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/shared/_helpers.tpl
  • packages/system/seaweedfs/charts/seaweedfs/README.md
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml
  • packages/system/ingress-nginx/values.yaml
  • packages/system/seaweedfs/patches/s3-traffic-distribution.patch
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-ingress.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-secret.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-service.yaml
  • packages/system/seaweedfs/values.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/cert/worker-cert.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/filer/filer-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/values.yaml
  • packages/system/seaweedfs/charts/seaweedfs/Chart.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-ingress.yaml
  • packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json
**/*.yaml

📄 CodeRabbit inference engine (AGENTS.md)

Do NOT directly edit upstream Helm charts in vendored charts directory; use proper chart vendoring mechanisms

Files:

  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/shared/security-configmap.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/volume/volume-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/master/master-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml
  • packages/system/ingress-nginx/values.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-ingress.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-secret.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-service.yaml
  • packages/system/seaweedfs/values.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/cert/worker-cert.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/filer/filer-statefulset.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-service.yaml
  • packages/system/seaweedfs/charts/seaweedfs/values.yaml
  • packages/system/seaweedfs/charts/seaweedfs/Chart.yaml
  • packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-ingress.yaml
**/*.md

📄 CodeRabbit inference engine (AGENTS.md)

Git commits should follow [component] Description format and include --signoff flag

Files:

  • packages/system/seaweedfs/charts/seaweedfs/README.md
🧠 Learnings (2)
📚 Learning: 2025-12-25T09:45:26.524Z 
Learnt from: CR
Repo: cozystack/cozystack PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-25T09:45:26.524Z
Learning: Applies to **/*.yaml : Do NOT directly edit upstream Helm charts in vendored charts directory; use proper chart vendoring mechanisms

Applied to files:

  • packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-ingress.yaml
📚 Learning: 2025-12-25T09:45:26.524Z 
Learnt from: CR
Repo: cozystack/cozystack PR: 0
File: AGENTS.md:0-0
Timestamp: 2025-12-25T09:45:26.524Z
Learning: Applies to packages/apps/** : Use Helm Chart umbrella pattern with vendored upstream charts in `charts/` directory

Applied to files:

  • packages/system/seaweedfs/charts/seaweedfs/Chart.yaml
🪛 YAMLlint (1.37.1)
packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml

[warning] 43-43: too many blank lines (1 > 0)

(empty-lines)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-servicemonitor.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-statefulset.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-ingress.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-service.yaml

[warning] 39-39: too many blank lines (1 > 0)

(empty-lines)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-secret.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/cert/worker-cert.yaml

[warning] 43-43: too many blank lines (1 > 0)

(empty-lines)

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-service.yaml

[error] 1-1: syntax error: expected the node content, but found '-'

(syntax)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)
  • GitHub Check: Install Cozystack
🔇 Additional comments (36)
packages/system/seaweedfs/charts/seaweedfs/templates/shared/security-configmap.yaml (1)

68-74: LGTM! TLS configuration follows established pattern.

The TLS configuration for admin and worker GRPC endpoints correctly follows the same pattern as existing components (volume, master, filer), with appropriate certificate paths that align with the new certificate templates.

packages/system/seaweedfs/Makefile (2)

11-13: LGTM! Simplified extraction and added traffic distribution patch.

The changes correctly:

  • Simplify tar extraction by removing unnecessary intermediate steps
  • Add the s3-traffic-distribution.patch application
  • Maintain the existing resize-api-server-annotation patch

This aligns with the shift to upstream container images and the patch-based customization approach per coding guidelines.

1-13: The review comment assumes removal of a Docker image target from the Makefile, but no such target exists in the current state. The Makefile correctly implements upstream chart vendoring via the update target, which downloads and patches the SeaweedFS chart from the official repository. Image references are properly defined: the vendored chart includes upstream SeaweedFS images, and packages/system/seaweedfs/values.yaml appropriately overrides specific images (resize hook and sidecar). This follows the required Helm Chart umbrella pattern with vendored charts.

Likely an incorrect or invalid review comment.

packages/system/ingress-nginx/values.yaml (1)

57-93: Appropriate anti-affinity configuration for ingress controller spreading.

The pod anti-affinity rules correctly prioritize zone-level spreading (weight 100) over hostname-level spreading (weight 10), which is a sensible default for high availability. The use of preferredDuringSchedulingIgnoredDuringExecution allows flexibility when constraints cannot be met.

packages/system/seaweedfs/charts/seaweedfs/dashboards/seaweedfs-grafana-dashboard.json (2)

1655-1692: Good S3 observability enhancements.

The unit change from seconds to "reqps" (requests per second) is appropriate for this rate-based metric panel. The new "S3 API Calls per Bucket" panel provides useful bucket-level visibility.

3365-3567: Well-structured bucket size and object count panels.

The new panels for S3 Bucket Size (logical and physical) and S3 Bucket Object Count provide valuable storage visibility. The use of max() aggregation for gauge metrics is appropriate.

packages/system/seaweedfs/charts/seaweedfs/values.yaml (3)

404-406: Useful stable identifier for volume servers.

The volume.id field with clear documentation helps maintain volume server identity in Kubernetes environments with hostPath storage, which is important for data consistency.

1106-1114: Clarify the security implications of empty adminPassword.

The comment states authentication is disabled when adminPassword is empty, but this may not be immediately obvious to users. Consider whether the admin component should require authentication by default in production environments.

Ensure the README or documentation clearly explains that leaving adminPassword empty disables authentication for the admin UI, and that this is intentional for development/testing only.

1225-1335: Well-structured worker configuration.

The worker configuration block follows established patterns with appropriate defaults:

  • Explicit resource limits prevent runaway consumption
  • Capabilities are clearly documented
  • Health probes use appropriate endpoints (/health, /ready)
packages/system/seaweedfs/charts/seaweedfs/templates/cert/admin-cert.yaml (1)

1-42: Consistent certificate template for admin component.

The admin certificate template correctly follows the established patterns used by other component certificates (filer, volume, worker). The conditional rendering, DNS name patterns, and certificate specifications are properly configured.

packages/system/seaweedfs/charts/seaweedfs/templates/volume/volume-statefulset.yaml (2)

179-181: Clean conditional for optional volume ID.

The -id flag is correctly added only when $volume.id is set, maintaining backward compatibility.

202-202: Good refactor to centralized master server argument helper.

Replacing inline master server logic with include "seaweedfs.masterServerArg" improves maintainability by centralizing the logic in the shared helper template. This aligns with DRY principles and matches the refactoring done in other templates (filer, master).

packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-servicemonitor.yaml (1)

1-33: Properly structured ServiceMonitor for worker component.

The ServiceMonitor template correctly:

  • Uses triple conditional to ensure all prerequisites are met
  • Follows the established pattern from other ServiceMonitor templates (admin, filer, etc.)
  • Configures appropriate scrape interval (30s) and timeout (5s)
  • Includes proper labels for service discovery

The YAMLlint syntax error on line 1 is a false positive caused by Helm templating syntax.

packages/system/seaweedfs/charts/seaweedfs/templates/master/master-statefulset.yaml (1)

187-187: LGTM! Good refactoring to use shared helper template.

The refactoring to use include "seaweedfs.masterServers" centralizes the master peer list generation logic, improving maintainability and consistency across the chart.

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-secret.yaml (1)

1-20: LGTM! Secret configuration follows Helm best practices.

The admin Secret is properly configured with:

  • Helm hooks to ensure creation before installation/upgrade
  • Resource policy "keep" to preserve credentials across uninstalls
  • Conditional rendering to respect existingSecret configuration

Note: The helm.sh/resource-policy: keep annotation means this Secret will persist even after helm uninstall. This is intentional for credentials but operators should be aware they need to manually delete the Secret if desired.

packages/system/seaweedfs/charts/seaweedfs/templates/filer/filer-statefulset.yaml (1)

223-223: LGTM! Consistent refactoring to use shared helper template.

The change to use include "seaweedfs.masterServerArg" aligns with the refactoring in master-statefulset.yaml, centralizing master server address resolution and improving consistency across components.

packages/system/seaweedfs/charts/seaweedfs/templates/s3/s3-ingress.yaml (2)

7-13: LGTM! Backwards-compatible multi-host support.

The logic correctly handles both legacy single-host strings and new multi-host arrays, maintaining backwards compatibility while enabling flexible ingress configuration.

40-57: LGTM! Multi-host ingress rules generation.

The range loop correctly uses $ prefix for root context access ($.Values, $.Capabilities) and properly handles Kubernetes API version differences for backend configuration.

packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-service.yaml (1)

1-26: LGTM! Well-structured headless service.

The worker service correctly uses clusterIP: None for headless configuration, conditionally exposes the metrics port, and follows consistent labeling conventions. The static analysis YAMLlint error is a false positive since this is a Helm template file with Go templating syntax, not pure YAML.

packages/system/seaweedfs/charts/seaweedfs/README.md (2)

148-201: LGTM! Comprehensive admin component documentation.

The Admin Component documentation is well-structured, covering key features, configuration options, authentication, and data persistence methods with clear YAML examples.

202-331: LGTM! Thorough worker component documentation.

The Worker Component documentation covers capabilities, deployment strategies, and specialized worker pools with practical examples. The guidance on cross-namespace scenarios and persistent storage limitations for Deployments is particularly helpful.

packages/system/seaweedfs/values.yaml (2)

86-98: LGTM! S3 component configuration.

The S3 component is correctly enabled with appropriate replica count and probe configurations.

120-171: LGTM! Well-designed affinity rules for traffic locality.

The affinity configuration effectively implements traffic locality:

  • Zone-level anti-affinity (weight 100) ensures pods spread across zones
  • Hostname anti-affinity (weight 10) provides secondary spreading within zones
  • Pod affinity to ingress-nginx (weight 20) co-locates S3 pods with ingress controllers

This design, combined with the service-upstream: "true" annotation, enables efficient traffic routing.

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-ingress.yaml (1)

1-52: LGTM! Consistent admin ingress implementation.

The admin ingress template follows the same patterns as other ingress templates in the chart, with proper Kubernetes version compatibility handling for API versions, ingressClassName, and pathType fields. The static analysis YAMLlint error is a false positive since this is a Helm template file.

packages/system/seaweedfs/charts/seaweedfs/templates/shared/_helpers.tpl (3)

86-104: LGTM! Consistent image helper implementations.

The admin.image and worker.image helpers follow the exact same pattern as existing image helpers (filer, master, s3, volume), maintaining consistency across the chart.

159-166: LGTM! Consistent PVC existence helper.

The admin.pvc_exists helper follows the same pattern as master.pvc_exists and filer.pvc_exists.

292-302: LGTM! Clean master server argument helper.

The seaweedfs.masterServerArg helper provides a clean fallback mechanism: use global.masterServer if set, otherwise generate the list dynamically.

packages/system/seaweedfs/charts/seaweedfs/templates/admin/admin-statefulset.yaml (5)

1-4: LGTM! Early validation prevents misconfiguration.

The fail directive ensures that either admin.masters, global.masterServer, or master.enabled is configured, preventing deployment errors from missing master server configuration.

83-89: LGTM! Robust secret validation.

The validation ensures that when existingSecret is provided, both userKey and pwKey must also be specified, preventing incomplete secret configurations.

186-209: LGTM! Comprehensive security certificate mounts.

When security is enabled, the admin component correctly mounts all required certificates (CA, master, volume, filer, client, admin) for secure communication with other SeaweedFS components.

313-344: LGTM! Proper volumeClaimTemplates configuration.

The volumeClaimTemplates section correctly handles persistent storage for both data and logs, with support for custom storage classes and annotations.

167-173: The inline master server logic in the admin component intentionally differs from the shared helper.

The admin component supports an additional admin.masters override that the seaweedfs.masterServerArg helper (used by filer and volume components) does not provide. This creates duplication, but the extra configuration option appears intentional. If the admin component does not require its own masters override and should align with filer and volume, consider refactoring to use the shared helper for consistency.

packages/system/seaweedfs/charts/seaweedfs/templates/worker/worker-deployment.yaml (4)

1-4: Verify this aligns with the chart vendoring approach.

This file is located in packages/system/seaweedfs/charts/seaweedfs/templates/, which appears to be a vendored charts directory. As per coding guidelines, upstream Helm charts in vendored directories should not be directly edited; instead, proper chart vendoring mechanisms (e.g., patches) should be used.

Please confirm whether this worker deployment is a custom addition managed via a patch-based approach (as mentioned in the PR summary), or if the chart structure has been intentionally customized as part of the umbrella pattern.

The validation guard logic on lines 2-4 is well-implemented and will prevent misconfiguration at deploy time.

Note: The YAMLlint syntax error on line 1 is a false positive—Helm templates are not valid YAML until rendered.

191-222: LGTM!

The probe configuration is well-structured with support for both httpGet and tcpSocket types, and all timing parameters are properly configurable.

229-259: LGTM!

The volume configuration properly supports hostPath, emptyDir, and existingClaim types. The conditional logic is consistent between volume mounts (lines 149-156) and volume definitions, ensuring no orphaned mounts.

260-282: LGTM!

The security volume configuration properly mounts all required certificates and the security config when global.enableSecurity is enabled. Read-only mounts for sensitive materials is the correct approach.

@dosubot dosubot bot added the lgtm This PR has been approved by a maintainer label Jan 8, 2026
@nbykov0 nbykov0 merged commit 305c9e4 into main Jan 8, 2026
37 of 38 checks passed
@nbykov0 nbykov0 deleted the s3-topology-aware branch January 8, 2026 12:56
@github-actions
Copy link

github-actions bot commented Jan 8, 2026

Successfully created backport PR for release-0.39:

@github-actions github-actions bot mentioned this pull request Jan 8, 2026
Merged
nbykov0 added a commit that referenced this pull request Jan 8, 2026
@nbykov0
[Backport release-0.39] [seaweedfs] Traffic locality (#1830)
17966bf 
# Description
Backport of #1748 to `release-0.39`.
kvaps pushed a commit that referenced this pull request Jan 8, 2026
@nbykov0 @kvaps
[seaweedfs] Traffic locality (#1748)
4569003 
## What this PR does
Addes traffic locality capabilities to Seaweedfs.

### Release note
```release-note
Added traffic locality capabilities to Seaweedfs
kvaps pushed a commit that referenced this pull request Jan 8, 2026
@nbykov0 @kvaps
[seaweedfs] Traffic locality (#1748)
51e5bee 
## What this PR does
Addes traffic locality capabilities to Seaweedfs.

### Release note
```release-note
Added traffic locality capabilities to Seaweedfs
kvaps pushed a commit that referenced this pull request Jan 9, 2026
@nbykov0 @kvaps
[seaweedfs] Traffic locality (#1748)
33452d6 
## What this PR does
Addes traffic locality capabilities to Seaweedfs.

### Release note
```release-note
Added traffic locality capabilities to Seaweedfs
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@lllamnyp lllamnyp lllamnyp approved these changes

@kvaps kvaps Awaiting requested review from kvaps kvaps is a code owner

+1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@nbykov0 nbykov0

Labels

backport Should change be backported on previus release enhancement New feature or request lgtm This PR has been approved by a maintainer size:XXL This PR changes 1000+ lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@nbykov0 @lllamnyp