New chart: SeaweedFS (#24944)

.vib/seaweedfs/cypress/cypress.config.js

@@ -0,0 +1,17 @@
+module.exports = {
+  defaultCommandTimeout: 60000,
+  env: {
+    masterPortHttp: '9333',
+    masterPortGrpc: '19333',
+    volumePortHttp: '8080',
+    volumePortGrpc: '18080',
+    filerPortHttp: '8888',
+    filerPortGrpc: '18888',
+    s3PortHttp: '8333',
+    s3PortGrpc: '18333',
+  },
+  e2e: {
+    setupNodeEvents(on, config) {},
+    baseUrl: 'http://localhost',
+  },
+}

.vib/seaweedfs/cypress/cypress/e2e/seaweedfs.cy.js

@@ -0,0 +1,13 @@
+/*
+ * Copyright VMware, Inc.
+ * SPDX-License-Identifier: APACHE-2.0
+ */
+
+/// <reference types="cypress" />
+
+it('allows obtaining cluster status from Master Server', () => {
+  cy.request('/cluster/status').then((response) => {
+    expect(response.status).to.eq(200);
+    expect(response.body).to.have.property('Leader');
+  });
+});

.vib/seaweedfs/cypress/cypress/support/e2e.js

@@ -0,0 +1,25 @@
+/*
+ * Copyright VMware, Inc.
+ * SPDX-License-Identifier: APACHE-2.0
+ */
+
+// ***********************************************************
+// This example support/index.js is processed and
+// loaded automatically before your test files.
+//
+// This is a great place to put global configuration and
+// behavior that modifies Cypress.
+//
+// You can change the location of this file or turn off
+// automatically serving support files with the
+// 'supportFile' configuration option.
+//
+// You can read more here:
+// https://on.cypress.io/configuration
+// ***********************************************************
+
+// Import commands.js using ES2015 syntax:
+// import './commands';
+
+// Alternatively you can use CommonJS syntax:
+// require('./commands')

.vib/seaweedfs/ginkgo/go.mod

@@ -0,0 +1,57 @@
+module test-seaweedfs-chart
+
+go 1.20
+
+replace github.com/bitnami/charts/.vib/common-tests/ginkgo-utils => ../../common-tests/ginkgo-utils
+
+require (
+	github.com/bitnami/charts/.vib/common-tests/ginkgo-utils v0.0.0-00010101000000-000000000000
+	github.com/onsi/ginkgo/v2 v2.11.0
+	github.com/onsi/gomega v1.27.8
+	k8s.io/api v0.28.0
+	k8s.io/apimachinery v0.28.0
+	k8s.io/client-go v0.28.0
+)
+
+require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
+	github.com/emicklei/go-restful/v3 v3.9.0 // indirect
+	github.com/go-logr/logr v1.2.4 // indirect
+	github.com/go-openapi/jsonpointer v0.19.6 // indirect
+	github.com/go-openapi/jsonreference v0.20.2 // indirect
+	github.com/go-openapi/swag v0.22.3 // indirect
+	github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/protobuf v1.5.3 // indirect
+	github.com/google/gnostic-models v0.6.8 // indirect
+	github.com/google/go-cmp v0.5.9 // indirect
+	github.com/google/gofuzz v1.2.0 // indirect
+	github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 // indirect
+	github.com/google/uuid v1.3.0 // indirect
+	github.com/imdario/mergo v0.3.6 // indirect
+	github.com/josharian/intern v1.0.0 // indirect
+	github.com/json-iterator/go v1.1.12 // indirect
+	github.com/mailru/easyjson v0.7.7 // indirect
+	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
+	github.com/modern-go/reflect2 v1.0.2 // indirect
+	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
+	github.com/spf13/pflag v1.0.5 // indirect
+	golang.org/x/net v0.17.0 // indirect
+	golang.org/x/oauth2 v0.8.0 // indirect
+	golang.org/x/sys v0.13.0 // indirect
+	golang.org/x/term v0.13.0 // indirect
+	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/time v0.3.0 // indirect
+	golang.org/x/tools v0.9.3 // indirect
+	google.golang.org/appengine v1.6.7 // indirect
+	google.golang.org/protobuf v1.33.0 // indirect
+	gopkg.in/inf.v0 v0.9.1 // indirect
+	gopkg.in/yaml.v2 v2.4.0 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
+	k8s.io/klog/v2 v2.100.1 // indirect
+	k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 // indirect
+	k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 // indirect
+	sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect
+	sigs.k8s.io/yaml v1.3.0 // indirect
+)

.vib/seaweedfs/ginkgo/go.sum

@@ -0,0 +1,160 @@
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
+github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/emicklei/go-restful/v3 v3.9.0 h1:XwGDlfxEnQZzuopoqxwSEllNcCOM9DhhFyhFIIGKwxE=
+github.com/emicklei/go-restful/v3 v3.9.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-logr/logr v1.2.4 h1:g01GSCwiDw2xSZfjJ2/T9M+S6pFdcNtFYsp+Y43HYDQ=
+github.com/go-logr/logr v1.2.4/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A=
+github.com/go-openapi/jsonpointer v0.19.6 h1:eCs3fxoIi3Wh6vtgmLTOjdhSpiqphQ+DaPn38N2ZdrE=
+github.com/go-openapi/jsonpointer v0.19.6/go.mod h1:osyAmYz/mB/C3I+WsTTSgw1ONzaLJoLCyoi6/zppojs=
+github.com/go-openapi/jsonreference v0.20.2 h1:3sVjiK66+uXK/6oQ8xgcRKcFgQ5KXa2KvnJRumpMGbE=
+github.com/go-openapi/jsonreference v0.20.2/go.mod h1:Bl1zwGIM8/wsvqjsOQLJ/SH+En5Ap4rVB5KVcIDZG2k=
+github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g=
+github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
+github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
+github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q=
+github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.5.0/go.mod h1:FsONVRAS9T7sI+LIUmWTfcYkHO4aIWwzhcaSAoJOfIk=
+github.com/golang/protobuf v1.5.3 h1:KhyjKVUg7Usr/dYsdSqoFveMYd5ko72D+zANwlG1mmg=
+github.com/golang/protobuf v1.5.3/go.mod h1:XVQd3VNwM+JqD3oG2Ue2ip4fOMUkwXdXDdiuN0vRsmY=
+github.com/google/gnostic-models v0.6.8 h1:yo/ABAfM5IMRsS1VnXjTBvUb61tFIHozhlYvRgGre9I=
+github.com/google/gnostic-models v0.6.8/go.mod h1:5n7qKqH0f5wFt+aWF8CW6pZLLNOfYuF5OpfBSENuI8U=
+github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
+github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38=
+github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY=
+github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0=
+github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec=
+github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE=
+github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I=
+github.com/google/uuid v1.3.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
+github.com/ianlancetaylor/demangle v0.0.0-20200824232613-28f6c0f3b639/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
+github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28=
+github.com/imdario/mergo v0.3.6/go.mod h1:2EnlNZ0deacrJVfApfmtdGgDfMuh/nq6Ok1EcJh5FfA=
+github.com/josharian/intern v1.0.0 h1:vlS4z54oSdjm0bgjRigI+G1HpF+tI+9rE5LLzOg8HmY=
+github.com/josharian/intern v1.0.0/go.mod h1:5DoeVV0s6jJacbCEi61lwdGj/aVlrQvzHFFd8Hwg//Y=
+github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnrnM=
+github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo=
+github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8=
+github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck=
+github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI=
+github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY=
+github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE=
+github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0=
+github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc=
+github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg=
+github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q=
+github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9Gz0M=
+github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=
+github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=
+github.com/onsi/ginkgo/v2 v2.11.0 h1:WgqUCUt/lT6yXoQ8Wef0fsNn5cAuMK7+KT9UFRz2tcU=
+github.com/onsi/ginkgo/v2 v2.11.0/go.mod h1:ZhrRA5XmEE3x3rhlzamx/JJvujdZoJ2uvgI7kR0iZvM=
+github.com/onsi/gomega v1.27.8 h1:gegWiwZjBsf2DgiSbf5hpokZ98JVDMcWkUiigk6/KXc=
+github.com/onsi/gomega v1.27.8/go.mod h1:2J8vzI/s+2shY9XHRApDkdgPo1TKT7P2u6fXeJKFnNQ=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/rogpeppe/go-internal v1.10.0 h1:TMyTOH3F/DB16zRVcYyreMH6GnZZrwQVAoYjRBZyWFQ=
+github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
+github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
+github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
+github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
+github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
+github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
+golang.org/x/mod v0.10.0 h1:lFO9qtOdlre5W1jxS3r/4szv2/6iXxScdzjoBMXNhYk=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks=
+golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
+golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM=
+golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
+golang.org/x/oauth2 v0.8.0 h1:6dkIjl3j3LtZ/O3sTgZTMsLKSftL/B8Zgq4huOIIUu8=
+golang.org/x/oauth2 v0.8.0/go.mod h1:yr7u4HXZRm1R1kBWqr/xKNqewf0plRYoB7sla+BCIXE=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
+golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek=
+golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
+golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
+golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4=
+golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
+golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
+golang.org/x/tools v0.9.3 h1:Gn1I8+64MsuTb/HpH+LmQtNas23LhUVr3rYZ0eKuaMM=
+golang.org/x/tools v0.9.3/go.mod h1:owI94Op576fPu3cIGQeHs3joujW/2Oc6MtlxbF5dfNc=
+golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+google.golang.org/appengine v1.6.7 h1:FZR1q0exgwxzPzp/aF+VccGrSfxfPpkBqjIIEq3ru6c=
+google.golang.org/appengine v1.6.7/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
+google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw=
+google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc=
+google.golang.org/protobuf v1.33.0 h1:uNO2rsAINq/JlFpSdYEKIZ0uKD/R9cpdv0T+yoGwGmI=
+google.golang.org/protobuf v1.33.0/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
+gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
+gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
+gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
+gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=
+gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=
+gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+k8s.io/api v0.28.0 h1:3j3VPWmN9tTDI68NETBWlDiA9qOiGJ7sdKeufehBYsM=
+k8s.io/api v0.28.0/go.mod h1:0l8NZJzB0i/etuWnIXcwfIv+xnDOhL3lLW919AWYDuY=
+k8s.io/apimachinery v0.28.0 h1:ScHS2AG16UlYWk63r46oU3D5y54T53cVI5mMJwwqFNA=
+k8s.io/apimachinery v0.28.0/go.mod h1:X0xh/chESs2hP9koe+SdIAcXWcQ+RM5hy0ZynB+yEvw=
+k8s.io/client-go v0.28.0 h1:ebcPRDZsCjpj62+cMk1eGNX1QkMdRmQ6lmz5BLoFWeM=
+k8s.io/client-go v0.28.0/go.mod h1:0Asy9Xt3U98RypWJmU1ZrRAGKhP6NqDPmptlAzK2kMc=
+k8s.io/klog/v2 v2.100.1 h1:7WCHKK6K8fNhTqfBhISHQ97KrnJNFZMcQvKp7gP/tmg=
+k8s.io/klog/v2 v2.100.1/go.mod h1:y1WjHnz7Dj687irZUWR/WLkLc5N1YHtjLdmgWjndZn0=
+k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9 h1:LyMgNKD2P8Wn1iAwQU5OhxCKlKJy0sHc+PcDwFB24dQ=
+k8s.io/kube-openapi v0.0.0-20230717233707-2695361300d9/go.mod h1:wZK2AVp1uHCp4VamDVgBP2COHZjqD1T68Rf0CM3YjSM=
+k8s.io/utils v0.0.0-20230406110748-d93618cff8a2 h1:qY1Ad8PODbnymg2pRbkyMT/ylpTrCM8P2RJ0yroCyIk=
+k8s.io/utils v0.0.0-20230406110748-d93618cff8a2/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
+sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE=
+sigs.k8s.io/structured-merge-diff/v4 v4.2.3/go.mod h1:qjx8mGObPmV2aSZepjQjbmb2ihdVs8cGKBraizNC69E=
+sigs.k8s.io/yaml v1.3.0 h1:a2VclLzOGrwOHDiV8EfBGhvjHvP46CtW5j6POvhYGGo=
+sigs.k8s.io/yaml v1.3.0/go.mod h1:GeOyir5tyXNByN85N/dRIT9es5UQNerPYEKK56eTBm8=

.vib/seaweedfs/ginkgo/seaweedfs_suite_test.go

@@ -0,0 +1,234 @@
+package seaweedfs_test
+
+import (
+	"context"
+	"errors"
+	"flag"
+	"fmt"
+	"testing"
+	"time"
+
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	batchv1 "k8s.io/api/batch/v1"
+	v1 "k8s.io/api/core/v1"
+	"k8s.io/apimachinery/pkg/api/resource"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+const (
+	kindDownload string = "download"
+	kindUpload   string = "upload"
+)
+
+var (
+	kubeconfig     string
+	releaseName    string
+	namespace      string
+	timeoutSeconds int
+	timeout        time.Duration
+)
+
+func init() {
+	flag.StringVar(&kubeconfig, "kubeconfig", "", "absolute path to the kubeconfig file")
+	flag.StringVar(&namespace, "namespace", "", "namespace where SeaweedFS is running")
+	flag.StringVar(&releaseName, "releaseName", "", "SeaweedFS chart release name")
+	flag.IntVar(&timeoutSeconds, "timeout", 120, "timeout in seconds")
+	timeout = time.Duration(timeoutSeconds) * time.Second
+}
+
+func TestSeaweedFS(t *testing.T) {
+	RegisterFailHandler(Fail)
+	RunSpecs(t, "SeaweedFS Persistence Test Suite")
+}
+
+func createPVC(ctx context.Context, c kubernetes.Interface, name, size string) error {
+	storageRequest, err := resource.ParseQuantity(size)
+	if err != nil {
+		return err
+	}
+
+	pvc := &v1.PersistentVolumeClaim{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Spec: v1.PersistentVolumeClaimSpec{
+			AccessModes: []v1.PersistentVolumeAccessMode{v1.ReadWriteOnce},
+			Resources: v1.ResourceRequirements{
+				Requests: v1.ResourceList{
+					v1.ResourceStorage: storageRequest,
+				},
+			},
+		},
+	}
+
+	_, err = c.CoreV1().PersistentVolumeClaims(namespace).Create(ctx, pvc, metav1.CreateOptions{})
+
+	return err
+}
+
+func createJob(ctx context.Context, c kubernetes.Interface, name, port, image, pvcName, kind string) error {
+	podSecurityContext := &v1.PodSecurityContext{
+		FSGroup:             &[]int64{1001}[0],
+		FSGroupChangePolicy: &[]v1.PodFSGroupChangePolicy{v1.FSGroupChangeAlways}[0],
+	}
+	containerSecurityContext := &v1.SecurityContext{
+		Privileged:               &[]bool{false}[0],
+		AllowPrivilegeEscalation: &[]bool{false}[0],
+		RunAsUser:                &[]int64{1001}[0],
+		RunAsNonRoot:             &[]bool{true}[0],
+		Capabilities: &v1.Capabilities{
+			Drop: []v1.Capability{"ALL"},
+		},
+		SeccompProfile: &v1.SeccompProfile{
+			Type: "RuntimeDefault",
+		},
+	}
+
+	args := []string{"-ec"}
+	switch kind {
+	case kindDownload:
+		downloadCmd := `cd /tmp
+cat /data/fid | xargs weed download -server ${MASTER_HOST}:${MASTER_PORT}
+[ -f .spdx-seaweedfs.spdx ] && echo "successful download"
+`
+		args = append(args, downloadCmd)
+	case kindUpload:
+		// Response format: "[{"fileName":"FOO","url":"HOST:PORT/ID","fid":"ID","size":SIZE}]"
+		uploadCmd := `weed upload -master ${MASTER_HOST}:${MASTER_PORT} .spdx-seaweedfs.spdx | awk -F '","' '{print $3}' | awk -F '":"' '{print $2}' | tee /data/fid`
+		args = append(args, uploadCmd)
+	default:
+		return errors.New("job kind not supported")
+	}
+	job := &batchv1.Job{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		TypeMeta: metav1.TypeMeta{
+			Kind: "Job",
+		},
+		Spec: batchv1.JobSpec{
+			Template: v1.PodTemplateSpec{
+				Spec: v1.PodSpec{
+					RestartPolicy:   "Never",
+					SecurityContext: podSecurityContext,
+					Containers: []v1.Container{
+						{
+							Name:    "seaweedfs",
+							Image:   image,
+							Command: []string{"bash"},
+							Args:    args,
+							Env: []v1.EnvVar{
+								{
+									Name:  "MASTER_HOST",
+									Value: fmt.Sprintf("%s-master", releaseName),
+								},
+								{
+									Name:  "MASTER_PORT",
+									Value: port,
+								},
+							},
+							SecurityContext: containerSecurityContext,
+							VolumeMounts: []v1.VolumeMount{
+								{
+									Name:      "data",
+									MountPath: "/data",
+								},
+								{
+									Name:      "security-config",
+									MountPath: "/etc/seaweedfs/security.toml",
+									SubPath:   "security.toml",
+								},
+								{
+									Name:      "ca-cert",
+									MountPath: "/certs/ca",
+								},
+								{
+									Name:      "master-cert",
+									MountPath: "/certs/master",
+								},
+								{
+									Name:      "filer-cert",
+									MountPath: "/certs/filer",
+								},
+								{
+									Name:      "volume-cert",
+									MountPath: "/certs/volume",
+								},
+								{
+									Name:      "client-cert",
+									MountPath: "/certs/client",
+								},
+							},
+						},
+					},
+					Volumes: []v1.Volume{
+						{
+							Name: "data",
+							VolumeSource: v1.VolumeSource{
+								PersistentVolumeClaim: &v1.PersistentVolumeClaimVolumeSource{
+									ClaimName: pvcName,
+								},
+							},
+						},
+						{
+							Name: "security-config",
+							VolumeSource: v1.VolumeSource{
+								ConfigMap: &v1.ConfigMapVolumeSource{
+									LocalObjectReference: v1.LocalObjectReference{
+										Name: fmt.Sprintf("%s-security", releaseName),
+									},
+								},
+							},
+						},
+						{
+							Name: "ca-cert",
+							VolumeSource: v1.VolumeSource{
+								Secret: &v1.SecretVolumeSource{
+									SecretName: fmt.Sprintf("%s-ca-crt", releaseName),
+								},
+							},
+						},
+						{
+							Name: "master-cert",
+							VolumeSource: v1.VolumeSource{
+								Secret: &v1.SecretVolumeSource{
+									SecretName: fmt.Sprintf("%s-master-crt", releaseName),
+								},
+							},
+						},
+						{
+							Name: "filer-cert",
+							VolumeSource: v1.VolumeSource{
+								Secret: &v1.SecretVolumeSource{
+									SecretName: fmt.Sprintf("%s-filer-crt", releaseName),
+								},
+							},
+						},
+						{
+							Name: "volume-cert",
+							VolumeSource: v1.VolumeSource{
+								Secret: &v1.SecretVolumeSource{
+									SecretName: fmt.Sprintf("%s-volume-crt", releaseName),
+								},
+							},
+						},
+						{
+							Name: "client-cert",
+							VolumeSource: v1.VolumeSource{
+								Secret: &v1.SecretVolumeSource{
+									SecretName: fmt.Sprintf("%s-client-crt", releaseName),
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}
+
+	_, err := c.BatchV1().Jobs(namespace).Create(ctx, job, metav1.CreateOptions{})
+
+	return err
+}

.vib/seaweedfs/ginkgo/seaweedfs_test.go

@@ -0,0 +1,124 @@
+package seaweedfs_test
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	utils "github.com/bitnami/charts/.vib/common-tests/ginkgo-utils"
+	. "github.com/onsi/ginkgo/v2"
+	. "github.com/onsi/gomega"
+	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	"k8s.io/client-go/kubernetes"
+)
+
+const (
+	PollingInterval = 1 * time.Second
+)
+
+var _ = Describe("SeaweedFS", Ordered, func() {
+	var c *kubernetes.Clientset
+	var ctx context.Context
+	var cancel context.CancelFunc
+
+	BeforeEach(func() {
+		ctx, cancel = context.WithCancel(context.Background())
+
+		conf := utils.MustBuildClusterConfig(kubeconfig)
+		c = kubernetes.NewForConfigOrDie(conf)
+	})
+
+	When("a file is uploaded and SeaweedFS is scaled down to 0 replicas and back up", func() {
+		It("should have access to the uploaded file", func() {
+
+			getAvailableReplicas := func(ss *appsv1.StatefulSet) int32 { return ss.Status.AvailableReplicas }
+			getSucceededJobs := func(j *batchv1.Job) int32 { return j.Status.Succeeded }
+			getOpts := metav1.GetOptions{}
+
+			By("checking all the replicas are available")
+			masterStsName := fmt.Sprintf("%s-master", releaseName)
+			masterSts, err := c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
+			Expect(err).NotTo(HaveOccurred())
+			volumeStsName := fmt.Sprintf("%s-volume", releaseName)
+			volumeSts, err := c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
+			Expect(err).NotTo(HaveOccurred())
+			Expect(masterSts.Status.Replicas).NotTo(BeZero())
+			Expect(volumeSts.Status.Replicas).NotTo(BeZero())
+			masterOrigReplicas := *masterSts.Spec.Replicas
+			volumeOrigReplicas := *volumeSts.Spec.Replicas
+
+			Eventually(func() (*appsv1.StatefulSet, error) {
+				return c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(masterOrigReplicas)))
+			Eventually(func() (*appsv1.StatefulSet, error) {
+				return c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(volumeOrigReplicas)))
+
+			masterHeadlessSvcName := fmt.Sprintf("%s-master-headless", releaseName)
+			svc, err := c.CoreV1().Services(namespace).Get(ctx, masterHeadlessSvcName, getOpts)
+			Expect(err).NotTo(HaveOccurred())
+
+			port, err := utils.SvcGetPortByName(svc, "http")
+			Expect(err).NotTo(HaveOccurred())
+
+			image, err := utils.StsGetContainerImageByName(masterSts, "seaweedfs")
+			Expect(err).NotTo(HaveOccurred())
+
+			jobSuffix := time.Now().Format("20060102150405")
+			By("creating a pvc")
+			pvcName := fmt.Sprintf("weed-%s", jobSuffix)
+			err = createPVC(ctx, c, pvcName, "1G")
+			Expect(err).NotTo(HaveOccurred())
+
+			By("creating a job to upload a file")
+			uploadJobName := fmt.Sprintf("weed-upload-%s", jobSuffix)
+			err = createJob(ctx, c, uploadJobName, port, image, pvcName, kindUpload)
+			Expect(err).NotTo(HaveOccurred())
+
+			Eventually(func() (*batchv1.Job, error) {
+				return c.BatchV1().Jobs(namespace).Get(ctx, uploadJobName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getSucceededJobs, Equal(int32(1))))
+
+			By("scaling down to 0 replicas both master & volume servers")
+			masterSts, err = utils.StsScale(ctx, c, masterSts, 0)
+			Expect(err).NotTo(HaveOccurred())
+			volumeSts, err = utils.StsScale(ctx, c, volumeSts, 0)
+			Expect(err).NotTo(HaveOccurred())
+
+			Eventually(func() (*appsv1.StatefulSet, error) {
+				return c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, BeZero()))
+			Eventually(func() (*appsv1.StatefulSet, error) {
+				return c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, BeZero()))
+
+			By("scaling up to the original replicas")
+			_, err = utils.StsScale(ctx, c, masterSts, masterOrigReplicas)
+			Expect(err).NotTo(HaveOccurred())
+			_, err = utils.StsScale(ctx, c, volumeSts, volumeOrigReplicas)
+			Expect(err).NotTo(HaveOccurred())
+
+			Eventually(func() (*appsv1.StatefulSet, error) {
+				return c.AppsV1().StatefulSets(namespace).Get(ctx, masterStsName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(masterOrigReplicas)))
+			Eventually(func() (*appsv1.StatefulSet, error) {
+				return c.AppsV1().StatefulSets(namespace).Get(ctx, volumeStsName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getAvailableReplicas, Equal(volumeOrigReplicas)))
+
+			By("creating a job to download the file")
+			downloadJobName := fmt.Sprintf("weed-download-%s", jobSuffix)
+			err = createJob(ctx, c, downloadJobName, port, image, pvcName, kindDownload)
+			Expect(err).NotTo(HaveOccurred())
+
+			Eventually(func() (*batchv1.Job, error) {
+				return c.BatchV1().Jobs(namespace).Get(ctx, downloadJobName, getOpts)
+			}, timeout, PollingInterval).Should(WithTransform(getSucceededJobs, Equal(int32(1))))
+		})
+	})
+
+	AfterEach(func() {
+		cancel()
+	})
+})

.vib/seaweedfs/runtime-parameters.yaml

@@ -0,0 +1,11 @@
+security:
+  enabled: true
+  mTLS:
+    enabled: true
+    autoGenerated:
+      enabled: true
+master:
+  service:
+    type: LoadBalancer
+    ports:
+      http: 80

.vib/seaweedfs/vib-publish.json

@@ -0,0 +1,37 @@
+{
+  "phases": {
+    "package": {
+      "context": {
+        "resources": {
+          "url": "{SHA_ARCHIVE}",
+          "path": "/bitnami/seaweedfs"
+        }
+      },
+      "actions": [
+        {
+          "action_id": "helm-package"
+        },
+        {
+          "action_id": "helm-lint"
+        }
+      ]
+    },
+    "publish": {
+      "actions": [
+        {
+          "action_id": "helm-publish",
+          "params": {
+            "repository": {
+              "kind": "S3",
+              "url": "{VIB_ENV_S3_URL}",
+              "authn": {
+                "access_key_id": "{VIB_ENV_S3_ACCESS_KEY_ID}",
+                "secret_access_key": "{VIB_ENV_S3_SECRET_ACCESS_KEY}"
+              }
+            }
+          }
+        }
+      ]
+    }
+  }
+}

.vib/seaweedfs/vib-verify.json

@@ -0,0 +1,69 @@
+{
+  "phases": {
+    "package": {
+      "context": {
+        "resources": {
+          "url": "{SHA_ARCHIVE}",
+          "path": "/bitnami/seaweedfs"
+        }
+      },
+      "actions": [
+        {
+          "action_id": "helm-package"
+        },
+        {
+          "action_id": "helm-lint"
+        }
+      ]
+    },
+    "verify": {
+      "context": {
+        "resources": {
+          "url": "{SHA_ARCHIVE}",
+          "path": "/bitnami/seaweedfs"
+        },
+        "target_platform": {
+          "target_platform_id": "{VIB_ENV_TARGET_PLATFORM}",
+          "size": {
+            "name": "M4"
+          }
+        }
+      },
+      "actions": [
+        {
+          "action_id": "cypress",
+          "params": {
+            "resources": {
+              "path": "/.vib/seaweedfs/cypress"
+            },
+            "endpoint": "lb-seaweedfs-master-http",
+            "app_protocol": "HTTP",
+            "env": {
+              "masterPortHttp": "9333",
+              "masterPortGrpc": "19333",
+              "volumePortHttp": "8080",
+              "volumePortGrpc": "18080",
+              "filerPortHttp": "8888",
+              "filerPortGrpc": "18888",
+              "s3PortHttp": "8333",
+              "s3PortGrpc": "18333"
+            }
+          }
+        },
+        {
+          "action_id": "ginkgo",
+          "params": {
+            "resources": {
+              "path": "/.vib/seaweedfs/ginkgo"
+            },
+            "params": {
+              "kubeconfig": "{{kubeconfig}}",
+              "namespace": "{{namespace}}",
+              "releaseName": "seaweedfs"
+            }
+          }
+        }
+      ]
+    }
+  }
+}

bitnami/seaweedfs/.helmignore

@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj

bitnami/seaweedfs/Chart.lock

@@ -0,0 +1,9 @@
+dependencies:
+- name: mariadb
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 18.0.1
+- name: common
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 2.19.1
+digest: sha256:8152fb970adce3298cd192b3735eadb1ae427b09ab57eecb56126a810c0f0f75
+generated: "2024-04-10T14:08:09.207002+02:00"

bitnami/seaweedfs/Chart.yaml

@@ -0,0 +1,40 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+annotations:
+  category: Infrastructure
+  licenses: Apache-2.0
+  images: |
+    - name: seaweedfs
+      image: docker.io/bitnami/seaweedfs:3.64.0-debian-12-r0
+apiVersion: v2
+appVersion: 3.64.0
+dependencies:
+  - condition: mariadb.enabled
+    name: mariadb
+    repository: oci://registry-1.docker.io/bitnamicharts
+    tags:
+      - seaweedfs-database
+    version: 18.x.x
+  - name: common
+    repository: oci://registry-1.docker.io/bitnamicharts
+    tags:
+      - bitnami-common
+    version: 2.x.x
+description: SeaweedFS is a fast distributed storage system for blobs, objects, files, and data lake, for billions of files!
+home: https://bitnami.com
+icon: https://bitnami.com/assets/stacks/seaweedfs/img/seaweedfs-stack-220x234.png
+keywords:
+  - seaweedfs
+  - storage
+  - blob-storage
+  - file-storage
+  - object-storage
+  - s3
+maintainers:
+  - name: VMware, Inc.
+    url: https://github.com/bitnami/charts
+name: seaweedfs
+sources:
+  - https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs
+version: 0.1.0

bitnami/seaweedfs/README.md

@@ -0,0 +1,1094 @@
+<!--- app-name: SeaweedFS -->
+
+# SeaweedFS
+
+SeaweedFS is a simple and highly scalable distributed file system.
+
+[Overview of SeaweedFS](https://github.com/seaweedfs/seaweedfs)
+
+Trademarks: This software listing is packaged by Bitnami. The respective trademarks mentioned in the offering are owned by the respective companies, and use of them does not imply any affiliation or endorsement.
+
+## TL;DR
+
+```console
+helm install my-release oci://registry-1.docker.io/bitnamicharts/seaweedfs
+```
+
+Looking to use SeaweedFS in production? Try [VMware Tanzu Application Catalog](https://bitnami.com/enterprise), the enterprise edition of Bitnami Application Catalog.
+
+## Introduction
+
+Bitnami charts for Helm are carefully engineered, actively maintained and are the quickest and easiest way to deploy containers on a Kubernetes cluster that are ready to handle production workloads.
+
+This chart bootstraps a [SeaweedFS](https://github.com/seaweedfs/seaweedfs) deployment in a [Kubernetes](https://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+Bitnami charts can be used with [Kubeapps](https://kubeapps.dev/) for deployment and management of Helm Charts in clusters.
+
+## Prerequisites
+
+- Kubernetes 1.23+
+- Helm 3.8.0+
+- PV provisioner support in the underlying infrastructure
+- ReadWriteMany volumes for deployment scaling
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```console
+helm install my-release oci://REGISTRY_NAME/REPOSITORY_NAME/seaweedfs
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
+The command deploys SeaweedFS on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Configuration and installation details
+
+### Resource requests and limits
+
+Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` values (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case.
+
+To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/).
+
+### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers)
+
+It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image.
+
+Bitnami will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist.
+
+### External database support
+
+You may want to have SeaweedFS Filer Server connect to an external database rather than installing one inside your cluster. Typical reasons for this are to use a managed database service, or to share a common database server for all your applications. To achieve this, the chart allows you to specify credentials for an external database with the [`externalDatabase` parameter](#parameters). You should also disable the MariaDB installation with the `mariadb.enabled` option. Here is an example:
+
+```console
+mariadb.enabled=false
+externalDatabase.host=myexternalhost
+externalDatabase.user=myuser
+externalDatabase.password=mypassword
+externalDatabase.database=mydatabase
+externalDatabase.port=3306
+```
+
+### Ingress
+
+This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application.
+
+To enable Ingress integration, set `master.ingress.enabled` to `true`. Please other SweaweedFS components can also be exposed via Ingress by setting the corresponding `ingress.enabled` parameter to `true` (e.g. `s3.ingress.enabled`, `filer.ingress.enabled`, etc).
+
+The most common scenario is to have one host name mapped to the deployment. In this case, the `master.ingress.hostname` property can be used to set the host name. The `master.ingress.tls` parameter can be used to add the TLS configuration for this host.
+
+However, it is also possible to have more than one host. To facilitate this, the `master.ingress.extraHosts` parameter (if available) can be set with the host names specified as an array. The `master.ingress.extraTLS` parameter (if available) can also be used to add the TLS configuration for extra hosts.
+
+> NOTE: For each host specified in the `master.ingress.extraHosts` parameter, it is necessary to set a name, path, and any annotations that the Ingress controller should know about. Not all annotations are supported by all Ingress controllers, but [this annotation reference document](https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md) lists the annotations supported by many popular Ingress controllers.
+
+Adding the TLS parameter (where available) will cause the chart to generate HTTPS URLs, and the  application will be available on port 443. The actual TLS secrets do not have to be generated by this chart. However, if TLS is enabled, the Ingress record will not work until the TLS secret exists.
+
+[Learn more about Ingress controllers](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/).
+
+### Security features
+
+Security enhancements can be enabled by setting `security.enabled` and `security.mTLS.enabled` to `true`. This will enable the following security features:
+
+- JWT-based access control for certain operations.
+- Ensure mutual TLS communications between the SeaweedFS components.
+
+You can manually create the required TLS certificates for each SeaweedFS component or relying on the chart auto-generation capabilities. The chart supports two different ways to auto-generate the required certificates:
+
+- Using Helm capabilities. Enable this feature by setting `security.mTLS.autoGenerated.useHelm` to `true`.
+- Relying on CertManager (please note it's required to have CertManager installed in your K8s cluster). Enable this feature by setting `security.mTLS.autoGenerated.useCertManager` to `true`.
+
+#### S3 Authentication
+
+Authentication can be enabled in the SeaweedFS S3 API by setting the `s3.auth.enabled` parameter to `true`.
+You can provide your custom authentication configuration creating a secret with the configuration and setting the `s3.auth.cexistingSecret` parameter with the name of the secret.
+Alternatively, you can rely on the chart to create a basic configuration with two main users: `admin` and `read-only`. You can provide the admin user credentials using the `s3.auth.adminAccessKeyId` and `s3.auth.adminSecretAccessKey` parameters, and the read-only user credentials using the `s3.auth.readAccessKeyId` and `s3.auth.readSecretAccessKey` parameters.
+
+### Additional environment variables
+
+In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property.
+
+```yaml
+master:
+  extraEnvVars:
+    - name: LOG_LEVEL
+      value: error
+```
+
+Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values.
+
+### Sidecars
+
+If additional containers are needed in the same pod as SeaweedFS (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter.
+
+```yaml
+sidecars:
+- name: your-image-name
+  image: your-image
+  imagePullPolicy: Always
+  ports:
+  - name: portname
+    containerPort: 1234
+```
+
+If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter (where available), as shown in the example below:
+
+```yaml
+service:
+  extraPorts:
+  - name: extraPort
+    port: 11311
+    targetPort: 11311
+```
+
+> NOTE: This Helm chart already includes sidecar containers for the Prometheus exporters (where applicable). These can be activated by adding the `--enable-metrics=true` parameter at deployment time. The `sidecars` parameter should therefore only be used for any extra sidecar containers.
+
+If additional init containers are needed in the same pod, they can be defined using the `initContainers` parameter. Here is an example:
+
+```yaml
+initContainers:
+  - name: your-image-name
+    image: your-image
+    imagePullPolicy: Always
+    ports:
+      - name: portname
+        containerPort: 1234
+```
+
+Learn more about [sidecar containers](https://kubernetes.io/docs/concepts/workloads/pods/) and [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/).
+
+### Pod affinity
+
+This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity).
+
+As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters.
+
+## Persistence
+
+The [Bitnami SeaweedFS](https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs) image stores the data and configurations at the `/bitnami` path of the container. Persistent Volume Claims are used to keep the data across deployments.
+
+If you encounter errors when working with persistent volumes, refer to our [troubleshooting guide for persistent volumes](https://docs.bitnami.com/kubernetes/faq/troubleshooting/troubleshooting-persistence-volumes/).
+
+## Parameters
+
+### Global parameters
+
+| Name                                                  | Description                                                                                                                                                                                                                                                                                                                                                         | Value  |
+| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ |
+| `global.imageRegistry`                                | Global Docker image registry                                                                                                                                                                                                                                                                                                                                        | `""`   |
+| `global.imagePullSecrets`                             | Global Docker registry secret names as an array                                                                                                                                                                                                                                                                                                                     | `[]`   |
+| `global.storageClass`                                 | Global StorageClass for Persistent Volume(s)                                                                                                                                                                                                                                                                                                                        | `""`   |
+| `global.compatibility.openshift.adaptSecurityContext` | Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation) | `auto` |
+
+### Common parameters
+
+| Name                                                         | Description                                                                                                                                          | Value                       |
+| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------- |
+| `kubeVersion`                                                | Override Kubernetes version                                                                                                                          | `""`                        |
+| `nameOverride`                                               | String to partially override common.names.name                                                                                                       | `""`                        |
+| `fullnameOverride`                                           | String to fully override common.names.fullname                                                                                                       | `""`                        |
+| `namespaceOverride`                                          | String to fully override common.names.namespace                                                                                                      | `""`                        |
+| `commonLabels`                                               | Labels to add to all deployed objects                                                                                                                | `{}`                        |
+| `commonAnnotations`                                          | Annotations to add to all deployed objects                                                                                                           | `{}`                        |
+| `clusterDomain`                                              | Kubernetes cluster domain name                                                                                                                       | `cluster.local`             |
+| `extraDeploy`                                                | Array of extra objects to deploy with the release                                                                                                    | `[]`                        |
+| `diagnosticMode.enabled`                                     | Enable diagnostic mode (all probes will be disabled and the command will be overridden)                                                              | `false`                     |
+| `diagnosticMode.command`                                     | Command to override all containers in the chart release                                                                                              | `["sleep"]`                 |
+| `diagnosticMode.args`                                        | Args to override all containers in the chart release                                                                                                 | `["infinity"]`              |
+| `image.registry`                                             | SeaweedFS image registry                                                                                                                             | `REGISTRY_NAME`             |
+| `image.repository`                                           | SeaweedFS image repository                                                                                                                           | `REPOSITORY_NAME/seaweedfs` |
+| `image.digest`                                               | SeaweedFS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""`                        |
+| `image.pullPolicy`                                           | SeaweedFS image pull policy                                                                                                                          | `IfNotPresent`              |
+| `image.pullSecrets`                                          | SeaweedFS image pull secrets                                                                                                                         | `[]`                        |
+| `image.debug`                                                | Enable SeaweedFS image debug mode                                                                                                                    | `false`                     |
+| `security.enabled`                                           | Enable Security settings                                                                                                                             | `false`                     |
+| `security.corsAllowedOrigins`                                | CORS allowed origins                                                                                                                                 | `*`                         |
+| `security.jwtSigning.volumeWrite`                            | Enable JWT signing for volume write operations                                                                                                       | `true`                      |
+| `security.jwtSigning.volumeRead`                             | Enable JWT signing for volume read operations                                                                                                        | `false`                     |
+| `security.jwtSigning.filerWrite`                             | Enable JWT signing for filer write operations                                                                                                        | `false`                     |
+| `security.jwtSigning.filerRead`                              | Enable JWT signing for filer read operations                                                                                                         | `false`                     |
+| `security.mTLS.enabled`                                      | Enable mTLS for gRPC communications                                                                                                                  | `false`                     |
+| `security.mTLS.autoGenerated.enabled`                        | Enable automatic generation of certificates for mTLS                                                                                                 | `false`                     |
+| `security.mTLS.autoGenerated.engine`                         | Mechanism to generate the certificates (allowed values: helm, cert-manager)                                                                          | `helm`                      |
+| `security.mTLS.autoGenerated.certManager.existingIssuer`     | The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)                                               | `""`                        |
+| `security.mTLS.autoGenerated.certManager.existingIssuerKind` | Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)                                                                            | `""`                        |
+| `security.mTLS.autoGenerated.certManager.keyAlgorithm`       | Key algorithm for the certificates (only for `cert-manager` engine)                                                                                  | `RSA`                       |
+| `security.mTLS.autoGenerated.certManager.keySize`            | Key size for the certificates (only for `cert-manager` engine)                                                                                       | `2048`                      |
+| `security.mTLS.autoGenerated.certManager.duration`           | Duration for the certificates (only for `cert-manager` engine)                                                                                       | `2160h`                     |
+| `security.mTLS.autoGenerated.certManager.renewBefore`        | Renewal period for the certificates (only for `cert-manager` engine)                                                                                 | `360h`                      |
+| `security.mTLS.ca`                                           | CA certificate for mTLS. Ignored if `security.mTLS.existingCASecret` is set                                                                          | `""`                        |
+| `security.mTLS.existingCASecret`                             | The name of an existing Secret containing the CA certificate for mTLS                                                                                | `""`                        |
+| `security.mTLS.master.cert`                                  | Master Server certificate for mTLS. Ignored if `security.mTLS.master.existingSecret` is set                                                          | `""`                        |
+| `security.mTLS.master.key`                                   | Master Server key for mTLS. Ignored if `security.mTLS.master.existingSecret` is set                                                                  | `""`                        |
+| `security.mTLS.master.existingSecret`                        | The name of an existing Secret containing the Master Server certificates for mTLS                                                                    | `""`                        |
+| `security.mTLS.volume.cert`                                  | Volume Server certificate for mTLS. Ignored if `security.mTLS.volume.existingSecret` is set                                                          | `""`                        |
+| `security.mTLS.volume.key`                                   | Volume Server key for mTLS. Ignored if `security.mTLS.volume.existingSecret` is set                                                                  | `""`                        |
+| `security.mTLS.volume.existingSecret`                        | The name of an existing Secret containing the Volume Server certificates for mTLS                                                                    | `""`                        |
+| `security.mTLS.filer.cert`                                   | Filer certificate for mTLS. Ignored if `security.mTLS.filer.existingSecret` is set                                                                   | `""`                        |
+| `security.mTLS.filer.key`                                    | Filer key for mTLS. Ignored if `security.mTLS.filer.existingSecret` is set                                                                           | `""`                        |
+| `security.mTLS.filer.existingSecret`                         | The name of an existing Secret containing the Filer certificates for mTLS                                                                            | `""`                        |
+| `security.mTLS.client.cert`                                  | Client certificate for mTLS. Ignored if `security.mTLS.client.existingSecret` is set                                                                 | `""`                        |
+| `security.mTLS.client.key`                                   | Client key for mTLS. Ignored if `security.mTLS.client.existingSecret` is set                                                                         | `""`                        |
+| `security.mTLS.client.existingSecret`                        | The name of an existing Secret containing the Client certificates for mTLS                                                                           | `""`                        |
+| `clusterDefault`                                             | Default SeaweedFS cluster name                                                                                                                       | `sw`                        |
+
+### Master Server Parameters
+
+| Name                                                       | Description                                                                                                                                                                                                                            | Value            |
+| ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `master.replicaCount`                                      | Number of Master Server replicas to deploy                                                                                                                                                                                             | `1`              |
+| `master.containerPorts.http`                               | Master Server HTTP container port                                                                                                                                                                                                      | `9333`           |
+| `master.containerPorts.grpc`                               | Master Server GRPC container port                                                                                                                                                                                                      | `19333`          |
+| `master.containerPorts.metrics`                            | Master Server metrics container port                                                                                                                                                                                                   | `9327`           |
+| `master.extraContainerPorts`                               | Optionally specify extra list of additional ports for Master Server containers                                                                                                                                                         | `[]`             |
+| `master.livenessProbe.enabled`                             | Enable livenessProbe on Master Server containers                                                                                                                                                                                       | `true`           |
+| `master.livenessProbe.initialDelaySeconds`                 | Initial delay seconds for livenessProbe                                                                                                                                                                                                | `30`             |
+| `master.livenessProbe.periodSeconds`                       | Period seconds for livenessProbe                                                                                                                                                                                                       | `10`             |
+| `master.livenessProbe.timeoutSeconds`                      | Timeout seconds for livenessProbe                                                                                                                                                                                                      | `30`             |
+| `master.livenessProbe.failureThreshold`                    | Failure threshold for livenessProbe                                                                                                                                                                                                    | `6`              |
+| `master.livenessProbe.successThreshold`                    | Success threshold for livenessProbe                                                                                                                                                                                                    | `1`              |
+| `master.readinessProbe.enabled`                            | Enable readinessProbe on Master Server containers                                                                                                                                                                                      | `true`           |
+| `master.readinessProbe.initialDelaySeconds`                | Initial delay seconds for readinessProbe                                                                                                                                                                                               | `30`             |
+| `master.readinessProbe.periodSeconds`                      | Period seconds for readinessProbe                                                                                                                                                                                                      | `10`             |
+| `master.readinessProbe.timeoutSeconds`                     | Timeout seconds for readinessProbe                                                                                                                                                                                                     | `30`             |
+| `master.readinessProbe.failureThreshold`                   | Failure threshold for readinessProbe                                                                                                                                                                                                   | `6`              |
+| `master.readinessProbe.successThreshold`                   | Success threshold for readinessProbe                                                                                                                                                                                                   | `1`              |
+| `master.startupProbe.enabled`                              | Enable startupProbe on Master Server containers                                                                                                                                                                                        | `false`          |
+| `master.startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                                                                                                                                                 | `5`              |
+| `master.startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                                                                                                                                        | `5`              |
+| `master.startupProbe.timeoutSeconds`                       | Timeout seconds for startupProbe                                                                                                                                                                                                       | `1`              |
+| `master.startupProbe.failureThreshold`                     | Failure threshold for startupProbe                                                                                                                                                                                                     | `15`             |
+| `master.startupProbe.successThreshold`                     | Success threshold for startupProbe                                                                                                                                                                                                     | `1`              |
+| `master.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                                                                                                                                                    | `{}`             |
+| `master.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                                                                                                                                                   | `{}`             |
+| `master.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                                                                                                                                                     | `{}`             |
+| `master.resourcesPreset`                                   | Set Master Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `nano`           |
+| `master.resources`                                         | Set Master Server container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                        | `{}`             |
+| `master.podSecurityContext.enabled`                        | Enable Master Server pods' Security Context                                                                                                                                                                                            | `true`           |
+| `master.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy for Master Server pods                                                                                                                                                                              | `Always`         |
+| `master.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface for Master Server pods                                                                                                                                                                  | `[]`             |
+| `master.podSecurityContext.supplementalGroups`             | Set filesystem extra groups for Master Server pods                                                                                                                                                                                     | `[]`             |
+| `master.podSecurityContext.fsGroup`                        | Set fsGroup in Master Server pods' Security Context                                                                                                                                                                                    | `1001`           |
+| `master.containerSecurityContext.enabled`                  | Enabled Master Server container' Security Context                                                                                                                                                                                      | `true`           |
+| `master.containerSecurityContext.seLinuxOptions`           | Set SELinux options in Master Server container                                                                                                                                                                                         | `{}`             |
+| `master.containerSecurityContext.runAsUser`                | Set runAsUser in Master Server container' Security Context                                                                                                                                                                             | `1001`           |
+| `master.containerSecurityContext.runAsGroup`               | Set runAsGroup in Master Server container' Security Context                                                                                                                                                                            | `1001`           |
+| `master.containerSecurityContext.runAsNonRoot`             | Set runAsNonRoot in Master Server container' Security Context                                                                                                                                                                          | `true`           |
+| `master.containerSecurityContext.readOnlyRootFilesystem`   | Set readOnlyRootFilesystem in Master Server container' Security Context                                                                                                                                                                | `true`           |
+| `master.containerSecurityContext.privileged`               | Set privileged in Master Server container' Security Context                                                                                                                                                                            | `false`          |
+| `master.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Master Server container' Security Context                                                                                                                                                              | `false`          |
+| `master.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped in Master Server container                                                                                                                                                                          | `["ALL"]`        |
+| `master.containerSecurityContext.seccompProfile.type`      | Set seccomp profile in Master Server container                                                                                                                                                                                         | `RuntimeDefault` |
+| `master.logLevel`                                          | Master Server log level [0|1|2|3|4]                                                                                                                                                                                                    | `1`              |
+| `master.bindAddress`                                       | Master Server bind address                                                                                                                                                                                                             | `0.0.0.0`        |
+| `master.config`                                            | Master Server configuration                                                                                                                                                                                                            | `""`             |
+| `master.existingConfigmap`                                 | The name of an existing ConfigMap with your custom configuration for Master Server                                                                                                                                                     | `""`             |
+| `master.command`                                           | Override default Master Server container command (useful when using custom images)                                                                                                                                                     | `[]`             |
+| `master.args`                                              | Override default Master Server container args (useful when using custom images)                                                                                                                                                        | `[]`             |
+| `master.automountServiceAccountToken`                      | Mount Service Account token in Master Server pods                                                                                                                                                                                      | `false`          |
+| `master.hostAliases`                                       | Master Server pods host aliases                                                                                                                                                                                                        | `[]`             |
+| `master.statefulsetAnnotations`                            | Annotations for Master Server statefulset                                                                                                                                                                                              | `{}`             |
+| `master.podLabels`                                         | Extra labels for Master Server pods                                                                                                                                                                                                    | `{}`             |
+| `master.podAnnotations`                                    | Annotations for Master Server pods                                                                                                                                                                                                     | `{}`             |
+| `master.podAffinityPreset`                                 | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                             | `""`             |
+| `master.podAntiAffinityPreset`                             | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                        | `soft`           |
+| `master.nodeAffinityPreset.type`                           | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                       | `""`             |
+| `master.nodeAffinityPreset.key`                            | Node label key to match. Ignored if `master.affinity` is set                                                                                                                                                                           | `""`             |
+| `master.nodeAffinityPreset.values`                         | Node label values to match. Ignored if `master.affinity` is set                                                                                                                                                                        | `[]`             |
+| `master.affinity`                                          | Affinity for Master Server pods assignment                                                                                                                                                                                             | `{}`             |
+| `master.nodeSelector`                                      | Node labels for Master Server pods assignment                                                                                                                                                                                          | `{}`             |
+| `master.tolerations`                                       | Tolerations for Master Server pods assignment                                                                                                                                                                                          | `[]`             |
+| `master.updateStrategy.type`                               | Master Server statefulset strategy type                                                                                                                                                                                                | `RollingUpdate`  |
+| `master.podManagementPolicy`                               | Pod management policy for Master Server statefulset                                                                                                                                                                                    | `Parallel`       |
+| `master.priorityClassName`                                 | Master Server pods' priorityClassName                                                                                                                                                                                                  | `""`             |
+| `master.topologySpreadConstraints`                         | Topology Spread Constraints for Master Server pod assignment spread across your cluster among failure-domains                                                                                                                          | `[]`             |
+| `master.schedulerName`                                     | Name of the k8s scheduler (other than default) for Master Server pods                                                                                                                                                                  | `""`             |
+| `master.terminationGracePeriodSeconds`                     | Seconds Master Server pods need to terminate gracefully                                                                                                                                                                                | `""`             |
+| `master.lifecycleHooks`                                    | for Master Server containers to automate configuration before or after startup                                                                                                                                                         | `{}`             |
+| `master.extraEnvVars`                                      | Array with extra environment variables to add to Master Server containers                                                                                                                                                              | `[]`             |
+| `master.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for Master Server containers                                                                                                                                                      | `""`             |
+| `master.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for Master Server containers                                                                                                                                                         | `""`             |
+| `master.extraVolumes`                                      | Optionally specify extra list of additional volumes for the Master Server pods                                                                                                                                                         | `[]`             |
+| `master.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Master Server containers                                                                                                                                              | `[]`             |
+| `master.sidecars`                                          | Add additional sidecar containers to the Master Server pods                                                                                                                                                                            | `[]`             |
+| `master.initContainers`                                    | Add additional init containers to the Master Server pods                                                                                                                                                                               | `[]`             |
+| `master.pdb.create`                                        | Enable/disable a Pod Disruption Budget creation                                                                                                                                                                                        | `false`          |
+| `master.pdb.minAvailable`                                  | Minimum number/percentage of pods that should remain scheduled                                                                                                                                                                         | `1`              |
+| `master.pdb.maxUnavailable`                                | Maximum number/percentage of pods that may be made unavailable                                                                                                                                                                         | `""`             |
+| `master.autoscaling.enabled`                               | Enable autoscaling for master                                                                                                                                                                                                          | `false`          |
+| `master.autoscaling.minReplicas`                           | Minimum number of master replicas                                                                                                                                                                                                      | `""`             |
+| `master.autoscaling.maxReplicas`                           | Maximum number of master replicas                                                                                                                                                                                                      | `""`             |
+| `master.autoscaling.targetCPU`                             | Target CPU utilization percentage                                                                                                                                                                                                      | `""`             |
+| `master.autoscaling.targetMemory`                          | Target Memory utilization percentage                                                                                                                                                                                                   | `""`             |
+
+### Master Server Traffic Exposure Parameters
+
+| Name                                           | Description                                                                                                                      | Value                    |
+| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `master.service.type`                          | Master Server service type                                                                                                       | `ClusterIP`              |
+| `master.service.ports.http`                    | Master Server service HTTP port                                                                                                  | `9333`                   |
+| `master.service.ports.grpc`                    | Master Server service GRPC port                                                                                                  | `19333`                  |
+| `master.service.nodePorts.http`                | Node port for HTTP                                                                                                               | `""`                     |
+| `master.service.nodePorts.grpc`                | Node port for GRPC                                                                                                               | `""`                     |
+| `master.service.clusterIP`                     | Master Server service Cluster IP                                                                                                 | `""`                     |
+| `master.service.loadBalancerIP`                | Master Server service Load Balancer IP                                                                                           | `""`                     |
+| `master.service.loadBalancerSourceRanges`      | Master Server service Load Balancer sources                                                                                      | `[]`                     |
+| `master.service.externalTrafficPolicy`         | Master Server service external traffic policy                                                                                    | `Cluster`                |
+| `master.service.annotations`                   | Additional custom annotations for Master Server service                                                                          | `{}`                     |
+| `master.service.extraPorts`                    | Extra ports to expose in Master Server service (normally used with the `sidecars` value)                                         | `[]`                     |
+| `master.service.sessionAffinity`               | Control where client requests go, to the same pod or round-robin                                                                 | `None`                   |
+| `master.service.sessionAffinityConfig`         | Additional settings for the sessionAffinity                                                                                      | `{}`                     |
+| `master.service.headless.annotations`          | Annotations for the headless service.                                                                                            | `{}`                     |
+| `master.networkPolicy.enabled`                 | Specifies whether a NetworkPolicy should be created for Master Server                                                            | `true`                   |
+| `master.networkPolicy.allowExternal`           | Don't require server label for connections                                                                                       | `true`                   |
+| `master.networkPolicy.allowExternalEgress`     | Allow the Master Server pods to access any range of port and all destinations.                                                   | `true`                   |
+| `master.networkPolicy.extraIngress`            | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `master.networkPolicy.extraEgress`             | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)                                               | `[]`                     |
+| `master.networkPolicy.ingressNSMatchLabels`    | Labels to match to allow traffic from other namespaces                                                                           | `{}`                     |
+| `master.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces                                                                       | `{}`                     |
+| `master.ingress.enabled`                       | Enable ingress record generation for Master Server                                                                               | `false`                  |
+| `master.ingress.pathType`                      | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `master.ingress.apiVersion`                    | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `master.ingress.hostname`                      | Default host for the ingress record                                                                                              | `master.seaweedfs.local` |
+| `master.ingress.ingressClassName`              | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
+| `master.ingress.path`                          | Default path for the ingress record                                                                                              | `/`                      |
+| `master.ingress.annotations`                   | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `master.ingress.tls`                           | Enable TLS configuration for the host defined at `ingress.hostname` parameter                                                    | `false`                  |
+| `master.ingress.selfSigned`                    | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `master.ingress.extraHosts`                    | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
+| `master.ingress.extraPaths`                    | An array with additional arbitrary paths that may need to be added to the ingress under the main host                            | `[]`                     |
+| `master.ingress.extraTls`                      | TLS configuration for additional hostname(s) to be covered with this ingress record                                              | `[]`                     |
+| `master.ingress.secrets`                       | Custom TLS certificates as secrets                                                                                               | `[]`                     |
+| `master.ingress.extraRules`                    | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+
+### Master Server Persistence Parameters
+
+| Name                               | Description                                                                                             | Value               |
+| ---------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------- |
+| `master.persistence.enabled`       | Enable persistence on Master Server using Persistent Volume Claims                                      | `true`              |
+| `master.persistence.mountPath`     | Path to mount the volume at.                                                                            | `/data`             |
+| `master.persistence.subPath`       | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""`                |
+| `master.persistence.storageClass`  | Storage class of backing PVC                                                                            | `""`                |
+| `master.persistence.annotations`   | Persistent Volume Claim annotations                                                                     | `{}`                |
+| `master.persistence.accessModes`   | Persistent Volume Access Modes                                                                          | `["ReadWriteOnce"]` |
+| `master.persistence.size`          | Size of data volume                                                                                     | `8Gi`               |
+| `master.persistence.existingClaim` | The name of an existing PVC to use for persistence                                                      | `""`                |
+| `master.persistence.selector`      | Selector to match an existing Persistent Volume for data PVC                                            | `{}`                |
+| `master.persistence.dataSource`    | Custom PVC data source                                                                                  | `{}`                |
+
+### Master Server Metrics Parameters
+
+| Name                                              | Description                                                                                            | Value   |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- |
+| `master.metrics.enabled`                          | Enable the export of Prometheus metrics                                                                | `false` |
+| `master.metrics.service.port`                     | Metrics service port                                                                                   | `9327`  |
+| `master.metrics.service.annotations`              | Annotations for the metrics service.                                                                   | `{}`    |
+| `master.metrics.serviceMonitor.enabled`           | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
+| `master.metrics.serviceMonitor.namespace`         | Namespace in which Prometheus is running                                                               | `""`    |
+| `master.metrics.serviceMonitor.annotations`       | Additional custom annotations for the ServiceMonitor                                                   | `{}`    |
+| `master.metrics.serviceMonitor.labels`            | Extra labels for the ServiceMonitor                                                                    | `{}`    |
+| `master.metrics.serviceMonitor.jobLabel`          | The name of the label on the target service to use as the job name in Prometheus                       | `""`    |
+| `master.metrics.serviceMonitor.honorLabels`       | honorLabels chooses the metric's labels on collisions with target labels                               | `false` |
+| `master.metrics.serviceMonitor.interval`          | Interval at which metrics should be scraped.                                                           | `""`    |
+| `master.metrics.serviceMonitor.scrapeTimeout`     | Timeout after which the scrape is ended                                                                | `""`    |
+| `master.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics                                                               | `[]`    |
+| `master.metrics.serviceMonitor.relabelings`       | Specify general relabeling                                                                             | `[]`    |
+| `master.metrics.serviceMonitor.selector`          | Prometheus instance selector labels                                                                    | `{}`    |
+
+### Volume Server Parameters
+
+| Name                                                       | Description                                                                                                                                                                                                                            | Value            |
+| ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `volume.replicaCount`                                      | Number of Volume Server replicas to deploy                                                                                                                                                                                             | `1`              |
+| `volume.containerPorts.http`                               | Volume Server HTTP container port                                                                                                                                                                                                      | `8080`           |
+| `volume.containerPorts.grpc`                               | Volume Server GRPC container port                                                                                                                                                                                                      | `18080`          |
+| `volume.containerPorts.metrics`                            | Volume Server metrics container port                                                                                                                                                                                                   | `9327`           |
+| `volume.extraContainerPorts`                               | Optionally specify extra list of additional ports for Volume Server containers                                                                                                                                                         | `[]`             |
+| `volume.livenessProbe.enabled`                             | Enable livenessProbe on Volume Server containers                                                                                                                                                                                       | `true`           |
+| `volume.livenessProbe.initialDelaySeconds`                 | Initial delay seconds for livenessProbe                                                                                                                                                                                                | `30`             |
+| `volume.livenessProbe.periodSeconds`                       | Period seconds for livenessProbe                                                                                                                                                                                                       | `10`             |
+| `volume.livenessProbe.timeoutSeconds`                      | Timeout seconds for livenessProbe                                                                                                                                                                                                      | `30`             |
+| `volume.livenessProbe.failureThreshold`                    | Failure threshold for livenessProbe                                                                                                                                                                                                    | `6`              |
+| `volume.livenessProbe.successThreshold`                    | Success threshold for livenessProbe                                                                                                                                                                                                    | `1`              |
+| `volume.readinessProbe.enabled`                            | Enable readinessProbe on Volume Server containers                                                                                                                                                                                      | `true`           |
+| `volume.readinessProbe.initialDelaySeconds`                | Initial delay seconds for readinessProbe                                                                                                                                                                                               | `30`             |
+| `volume.readinessProbe.periodSeconds`                      | Period seconds for readinessProbe                                                                                                                                                                                                      | `10`             |
+| `volume.readinessProbe.timeoutSeconds`                     | Timeout seconds for readinessProbe                                                                                                                                                                                                     | `30`             |
+| `volume.readinessProbe.failureThreshold`                   | Failure threshold for readinessProbe                                                                                                                                                                                                   | `6`              |
+| `volume.readinessProbe.successThreshold`                   | Success threshold for readinessProbe                                                                                                                                                                                                   | `1`              |
+| `volume.startupProbe.enabled`                              | Enable startupProbe on Volume Server containers                                                                                                                                                                                        | `false`          |
+| `volume.startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                                                                                                                                                 | `5`              |
+| `volume.startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                                                                                                                                        | `5`              |
+| `volume.startupProbe.timeoutSeconds`                       | Timeout seconds for startupProbe                                                                                                                                                                                                       | `1`              |
+| `volume.startupProbe.failureThreshold`                     | Failure threshold for startupProbe                                                                                                                                                                                                     | `15`             |
+| `volume.startupProbe.successThreshold`                     | Success threshold for startupProbe                                                                                                                                                                                                     | `1`              |
+| `volume.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                                                                                                                                                    | `{}`             |
+| `volume.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                                                                                                                                                   | `{}`             |
+| `volume.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                                                                                                                                                     | `{}`             |
+| `volume.resourcesPreset`                                   | Set Volume Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volume.resources is set (volume.resources is recommended for production). | `nano`           |
+| `volume.resources`                                         | Set Volume Server container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                        | `{}`             |
+| `volume.podSecurityContext.enabled`                        | Enable Volume Server pods' Security Context                                                                                                                                                                                            | `true`           |
+| `volume.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy for Volume Server pods                                                                                                                                                                              | `Always`         |
+| `volume.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface for Volume Server pods                                                                                                                                                                  | `[]`             |
+| `volume.podSecurityContext.supplementalGroups`             | Set filesystem extra groups for Volume Server pods                                                                                                                                                                                     | `[]`             |
+| `volume.podSecurityContext.fsGroup`                        | Set fsGroup in Volume Server pods' Security Context                                                                                                                                                                                    | `1001`           |
+| `volume.containerSecurityContext.enabled`                  | Enabled Volume Server container' Security Context                                                                                                                                                                                      | `true`           |
+| `volume.containerSecurityContext.seLinuxOptions`           | Set SELinux options in Volume Server container                                                                                                                                                                                         | `{}`             |
+| `volume.containerSecurityContext.runAsUser`                | Set runAsUser in Volume Server container' Security Context                                                                                                                                                                             | `1001`           |
+| `volume.containerSecurityContext.runAsGroup`               | Set runAsGroup in Volume Server container' Security Context                                                                                                                                                                            | `1001`           |
+| `volume.containerSecurityContext.runAsNonRoot`             | Set runAsNonRoot in Volume Server container' Security Context                                                                                                                                                                          | `true`           |
+| `volume.containerSecurityContext.readOnlyRootFilesystem`   | Set readOnlyRootFilesystem in Volume Server container' Security Context                                                                                                                                                                | `true`           |
+| `volume.containerSecurityContext.privileged`               | Set privileged in Volume Server container' Security Context                                                                                                                                                                            | `false`          |
+| `volume.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Volume Server container' Security Context                                                                                                                                                              | `false`          |
+| `volume.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped in Volume Server container                                                                                                                                                                          | `["ALL"]`        |
+| `volume.containerSecurityContext.seccompProfile.type`      | Set seccomp profile in Volume Server container                                                                                                                                                                                         | `RuntimeDefault` |
+| `volume.logLevel`                                          | Volume Server log level [0|1|2|3|4]                                                                                                                                                                                                    | `1`              |
+| `volume.bindAddress`                                       | Volume Server bind address                                                                                                                                                                                                             | `0.0.0.0`        |
+| `volume.publicUrl`                                         | Volume Server public URL                                                                                                                                                                                                               | `""`             |
+| `volume.config`                                            | Volume Server configuration                                                                                                                                                                                                            | `""`             |
+| `volume.existingConfigmap`                                 | The name of an existing ConfigMap with your custom configuration for Volume Server                                                                                                                                                     | `""`             |
+| `volume.command`                                           | Override default Volume Server container command (useful when using custom images)                                                                                                                                                     | `[]`             |
+| `volume.args`                                              | Override default Volume Server container args (useful when using custom images)                                                                                                                                                        | `[]`             |
+| `volume.automountServiceAccountToken`                      | Mount Service Account token in Volume Server pods                                                                                                                                                                                      | `false`          |
+| `volume.hostAliases`                                       | Volume Server pods host aliases                                                                                                                                                                                                        | `[]`             |
+| `volume.statefulsetAnnotations`                            | Annotations for Volume Server statefulset                                                                                                                                                                                              | `{}`             |
+| `volume.podLabels`                                         | Extra labels for Volume Server pods                                                                                                                                                                                                    | `{}`             |
+| `volume.podAnnotations`                                    | Annotations for Volume Server pods                                                                                                                                                                                                     | `{}`             |
+| `volume.podAffinityPreset`                                 | Pod affinity preset. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                             | `""`             |
+| `volume.podAntiAffinityPreset`                             | Pod anti-affinity preset. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                        | `soft`           |
+| `volume.nodeAffinityPreset.type`                           | Node affinity preset type. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                       | `""`             |
+| `volume.nodeAffinityPreset.key`                            | Node label key to match. Ignored if `volume.affinity` is set                                                                                                                                                                           | `""`             |
+| `volume.nodeAffinityPreset.values`                         | Node label values to match. Ignored if `volume.affinity` is set                                                                                                                                                                        | `[]`             |
+| `volume.affinity`                                          | Affinity for Volume Server pods assignment                                                                                                                                                                                             | `{}`             |
+| `volume.nodeSelector`                                      | Node labels for Volume Server pods assignment                                                                                                                                                                                          | `{}`             |
+| `volume.tolerations`                                       | Tolerations for Volume Server pods assignment                                                                                                                                                                                          | `[]`             |
+| `volume.updateStrategy.type`                               | Volume Server statefulset strategy type                                                                                                                                                                                                | `RollingUpdate`  |
+| `volume.podManagementPolicy`                               | Pod management policy for Volume Server statefulset                                                                                                                                                                                    | `Parallel`       |
+| `volume.priorityClassName`                                 | Volume Server pods' priorityClassName                                                                                                                                                                                                  | `""`             |
+| `volume.topologySpreadConstraints`                         | Topology Spread Constraints for Volume Server pod assignment spread across your cluster among failure-domains                                                                                                                          | `[]`             |
+| `volume.schedulerName`                                     | Name of the k8s scheduler (other than default) for Volume Server pods                                                                                                                                                                  | `""`             |
+| `volume.terminationGracePeriodSeconds`                     | Seconds Volume Server pods need to terminate gracefully                                                                                                                                                                                | `""`             |
+| `volume.lifecycleHooks`                                    | for Volume Server containers to automate configuration before or after startup                                                                                                                                                         | `{}`             |
+| `volume.extraEnvVars`                                      | Array with extra environment variables to add to Volume Server containers                                                                                                                                                              | `[]`             |
+| `volume.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for Volume Server containers                                                                                                                                                      | `""`             |
+| `volume.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for Volume Server containers                                                                                                                                                         | `""`             |
+| `volume.extraVolumes`                                      | Optionally specify extra list of additional volumes for the Volume Server pods                                                                                                                                                         | `[]`             |
+| `volume.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Volume Server containers                                                                                                                                              | `[]`             |
+| `volume.sidecars`                                          | Add additional sidecar containers to the Volume Server pods                                                                                                                                                                            | `[]`             |
+| `volume.initContainers`                                    | Add additional init containers to the Volume Server pods                                                                                                                                                                               | `[]`             |
+| `volume.pdb.create`                                        | Enable/disable a Pod Disruption Budget creation                                                                                                                                                                                        | `false`          |
+| `volume.pdb.minAvailable`                                  | Minimum number/percentage of pods that should remain scheduled                                                                                                                                                                         | `1`              |
+| `volume.pdb.maxUnavailable`                                | Maximum number/percentage of pods that may be made unavailable                                                                                                                                                                         | `""`             |
+| `volume.autoscaling.enabled`                               | Enable autoscaling for volume                                                                                                                                                                                                          | `false`          |
+| `volume.autoscaling.minReplicas`                           | Minimum number of volume replicas                                                                                                                                                                                                      | `""`             |
+| `volume.autoscaling.maxReplicas`                           | Maximum number of volume replicas                                                                                                                                                                                                      | `""`             |
+| `volume.autoscaling.targetCPU`                             | Target CPU utilization percentage                                                                                                                                                                                                      | `""`             |
+| `volume.autoscaling.targetMemory`                          | Target Memory utilization percentage                                                                                                                                                                                                   | `""`             |
+
+### Volume Server Traffic Exposure Parameters
+
+| Name                                           | Description                                                                                                                      | Value                    |
+| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `volume.service.type`                          | Volume Server service type                                                                                                       | `ClusterIP`              |
+| `volume.service.ports.http`                    | Volume Server service HTTP port                                                                                                  | `8080`                   |
+| `volume.service.ports.grpc`                    | Volume Server service GRPC port                                                                                                  | `18080`                  |
+| `volume.service.nodePorts.http`                | Node port for HTTP                                                                                                               | `""`                     |
+| `volume.service.nodePorts.grpc`                | Node port for GRPC                                                                                                               | `""`                     |
+| `volume.service.clusterIP`                     | Volume Server service Cluster IP                                                                                                 | `""`                     |
+| `volume.service.loadBalancerIP`                | Volume Server service Load Balancer IP                                                                                           | `""`                     |
+| `volume.service.loadBalancerSourceRanges`      | Volume Server service Load Balancer sources                                                                                      | `[]`                     |
+| `volume.service.externalTrafficPolicy`         | Volume Server service external traffic policy                                                                                    | `Cluster`                |
+| `volume.service.annotations`                   | Additional custom annotations for Volume Server service                                                                          | `{}`                     |
+| `volume.service.extraPorts`                    | Extra ports to expose in Volume Server service (normally used with the `sidecars` value)                                         | `[]`                     |
+| `volume.service.sessionAffinity`               | Control where client requests go, to the same pod or round-robin                                                                 | `None`                   |
+| `volume.service.sessionAffinityConfig`         | Additional settings for the sessionAffinity                                                                                      | `{}`                     |
+| `volume.service.headless.annotations`          | Annotations for the headless service.                                                                                            | `{}`                     |
+| `volume.networkPolicy.enabled`                 | Specifies whether a NetworkPolicy should be created for Volume Server                                                            | `true`                   |
+| `volume.networkPolicy.allowExternal`           | Don't require server label for connections                                                                                       | `true`                   |
+| `volume.networkPolicy.allowExternalEgress`     | Allow the Volume Server pods to access any range of port and all destinations.                                                   | `true`                   |
+| `volume.networkPolicy.extraIngress`            | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `volume.networkPolicy.extraEgress`             | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)                                               | `[]`                     |
+| `volume.networkPolicy.ingressNSMatchLabels`    | Labels to match to allow traffic from other namespaces                                                                           | `{}`                     |
+| `volume.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces                                                                       | `{}`                     |
+| `volume.ingress.enabled`                       | Enable ingress record generation for Volume Server                                                                               | `false`                  |
+| `volume.ingress.pathType`                      | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `volume.ingress.apiVersion`                    | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `volume.ingress.hostname`                      | Default host for the ingress record                                                                                              | `volume.seaweedfs.local` |
+| `volume.ingress.ingressClassName`              | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
+| `volume.ingress.path`                          | Default path for the ingress record                                                                                              | `/`                      |
+| `volume.ingress.annotations`                   | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `volume.ingress.tls`                           | Enable TLS configuration for the host defined at `ingress.hostname` parameter                                                    | `false`                  |
+| `volume.ingress.selfSigned`                    | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `volume.ingress.extraHosts`                    | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
+| `volume.ingress.extraPaths`                    | An array with additional arbitrary paths that may need to be added to the ingress under the main host                            | `[]`                     |
+| `volume.ingress.extraTls`                      | TLS configuration for additional hostname(s) to be covered with this ingress record                                              | `[]`                     |
+| `volume.ingress.secrets`                       | Custom TLS certificates as secrets                                                                                               | `[]`                     |
+| `volume.ingress.extraRules`                    | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+
+### Volume Server Persistence Parameters
+
+| Name                                              | Description                                                                                             | Value               |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------------- |
+| `volume.dataVolumes[0].name`                      | Name of the data volume                                                                                 | `data-0`            |
+| `volume.dataVolumes[0].mountPath`                 | Path to mount the volume at.                                                                            | `/data-0`           |
+| `volume.dataVolumes[0].subPath`                   | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""`                |
+| `volume.dataVolumes[0].persistence.enabled`       | Enable persistence on Volume Server using Persistent Volume Claims                                      | `true`              |
+| `volume.dataVolumes[0].persistence.storageClass`  | Storage class of backing PVC                                                                            | `""`                |
+| `volume.dataVolumes[0].persistence.annotations`   | Persistent Volume Claim annotations                                                                     | `{}`                |
+| `volume.dataVolumes[0].persistence.accessModes`   | Persistent Volume Access Modes                                                                          | `["ReadWriteOnce"]` |
+| `volume.dataVolumes[0].persistence.size`          | Size of data volume                                                                                     | `8Gi`               |
+| `volume.dataVolumes[0].persistence.existingClaim` | The name of an existing PVC to use for persistence                                                      | `""`                |
+| `volume.dataVolumes[0].persistence.selector`      | Selector to match an existing Persistent Volume for data PVC                                            | `{}`                |
+| `volume.dataVolumes[0].persistence.dataSource`    | Custom PVC data source                                                                                  | `{}`                |
+
+### Volume Server Metrics Parameters
+
+| Name                                              | Description                                                                                            | Value   |
+| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- |
+| `volume.metrics.enabled`                          | Enable the export of Prometheus metrics                                                                | `false` |
+| `volume.metrics.service.port`                     | Metrics service port                                                                                   | `9327`  |
+| `volume.metrics.service.annotations`              | Annotations for the metrics service.                                                                   | `{}`    |
+| `volume.metrics.serviceMonitor.enabled`           | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
+| `volume.metrics.serviceMonitor.namespace`         | Namespace in which Prometheus is running                                                               | `""`    |
+| `volume.metrics.serviceMonitor.annotations`       | Additional custom annotations for the ServiceMonitor                                                   | `{}`    |
+| `volume.metrics.serviceMonitor.labels`            | Extra labels for the ServiceMonitor                                                                    | `{}`    |
+| `volume.metrics.serviceMonitor.jobLabel`          | The name of the label on the target service to use as the job name in Prometheus                       | `""`    |
+| `volume.metrics.serviceMonitor.honorLabels`       | honorLabels chooses the metric's labels on collisions with target labels                               | `false` |
+| `volume.metrics.serviceMonitor.interval`          | Interval at which metrics should be scraped.                                                           | `""`    |
+| `volume.metrics.serviceMonitor.scrapeTimeout`     | Timeout after which the scrape is ended                                                                | `""`    |
+| `volume.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics                                                               | `[]`    |
+| `volume.metrics.serviceMonitor.relabelings`       | Specify general relabeling                                                                             | `[]`    |
+| `volume.metrics.serviceMonitor.selector`          | Prometheus instance selector labels                                                                    | `{}`    |
+
+### Filer Server Parameters
+
+| Name                                                      | Description                                                                                                                                                                                                                         | Value                         |
+| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------- |
+| `filer.enabled`                                           | Enable Filer Server deployment                                                                                                                                                                                                      | `true`                        |
+| `filer.replicaCount`                                      | Number of Filer Server replicas to deploy                                                                                                                                                                                           | `1`                           |
+| `filer.containerPorts.http`                               | Filer Server HTTP container port                                                                                                                                                                                                    | `8888`                        |
+| `filer.containerPorts.grpc`                               | Filer Server GRPC container port                                                                                                                                                                                                    | `18888`                       |
+| `filer.containerPorts.metrics`                            | Filer Server metrics container port                                                                                                                                                                                                 | `9327`                        |
+| `filer.extraContainerPorts`                               | Optionally specify extra list of additional ports for Filer Server containers                                                                                                                                                       | `[]`                          |
+| `filer.livenessProbe.enabled`                             | Enable livenessProbe on Filer Server containers                                                                                                                                                                                     | `true`                        |
+| `filer.livenessProbe.initialDelaySeconds`                 | Initial delay seconds for livenessProbe                                                                                                                                                                                             | `30`                          |
+| `filer.livenessProbe.periodSeconds`                       | Period seconds for livenessProbe                                                                                                                                                                                                    | `10`                          |
+| `filer.livenessProbe.timeoutSeconds`                      | Timeout seconds for livenessProbe                                                                                                                                                                                                   | `30`                          |
+| `filer.livenessProbe.failureThreshold`                    | Failure threshold for livenessProbe                                                                                                                                                                                                 | `6`                           |
+| `filer.livenessProbe.successThreshold`                    | Success threshold for livenessProbe                                                                                                                                                                                                 | `1`                           |
+| `filer.readinessProbe.enabled`                            | Enable readinessProbe on Filer Server containers                                                                                                                                                                                    | `true`                        |
+| `filer.readinessProbe.initialDelaySeconds`                | Initial delay seconds for readinessProbe                                                                                                                                                                                            | `30`                          |
+| `filer.readinessProbe.periodSeconds`                      | Period seconds for readinessProbe                                                                                                                                                                                                   | `10`                          |
+| `filer.readinessProbe.timeoutSeconds`                     | Timeout seconds for readinessProbe                                                                                                                                                                                                  | `30`                          |
+| `filer.readinessProbe.failureThreshold`                   | Failure threshold for readinessProbe                                                                                                                                                                                                | `6`                           |
+| `filer.readinessProbe.successThreshold`                   | Success threshold for readinessProbe                                                                                                                                                                                                | `1`                           |
+| `filer.startupProbe.enabled`                              | Enable startupProbe on Filer Server containers                                                                                                                                                                                      | `false`                       |
+| `filer.startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                                                                                                                                              | `5`                           |
+| `filer.startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                                                                                                                                     | `5`                           |
+| `filer.startupProbe.timeoutSeconds`                       | Timeout seconds for startupProbe                                                                                                                                                                                                    | `1`                           |
+| `filer.startupProbe.failureThreshold`                     | Failure threshold for startupProbe                                                                                                                                                                                                  | `15`                          |
+| `filer.startupProbe.successThreshold`                     | Success threshold for startupProbe                                                                                                                                                                                                  | `1`                           |
+| `filer.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                                                                                                                                                 | `{}`                          |
+| `filer.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                                                                                                                                                | `{}`                          |
+| `filer.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                                                                                                                                                  | `{}`                          |
+| `filer.resourcesPreset`                                   | Set Filer Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if filer.resources is set (filer.resources is recommended for production). | `nano`                        |
+| `filer.resources`                                         | Set Filer Server container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                      | `{}`                          |
+| `filer.podSecurityContext.enabled`                        | Enable Filer Server pods' Security Context                                                                                                                                                                                          | `true`                        |
+| `filer.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy for Filer Server pods                                                                                                                                                                            | `Always`                      |
+| `filer.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface for Filer Server pods                                                                                                                                                                | `[]`                          |
+| `filer.podSecurityContext.supplementalGroups`             | Set filesystem extra groups for Filer Server pods                                                                                                                                                                                   | `[]`                          |
+| `filer.podSecurityContext.fsGroup`                        | Set fsGroup in Filer Server pods' Security Context                                                                                                                                                                                  | `1001`                        |
+| `filer.containerSecurityContext.enabled`                  | Enabled Filer Server container' Security Context                                                                                                                                                                                    | `true`                        |
+| `filer.containerSecurityContext.seLinuxOptions`           | Set SELinux options in Filer Server container                                                                                                                                                                                       | `{}`                          |
+| `filer.containerSecurityContext.runAsUser`                | Set runAsUser in Filer Server container' Security Context                                                                                                                                                                           | `1001`                        |
+| `filer.containerSecurityContext.runAsGroup`               | Set runAsGroup in Filer Server container' Security Context                                                                                                                                                                          | `1001`                        |
+| `filer.containerSecurityContext.runAsNonRoot`             | Set runAsNonRoot in Filer Server container' Security Context                                                                                                                                                                        | `true`                        |
+| `filer.containerSecurityContext.readOnlyRootFilesystem`   | Set readOnlyRootFilesystem in Filer Server container' Security Context                                                                                                                                                              | `true`                        |
+| `filer.containerSecurityContext.privileged`               | Set privileged in Filer Server container' Security Context                                                                                                                                                                          | `false`                       |
+| `filer.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Filer Server container' Security Context                                                                                                                                                            | `false`                       |
+| `filer.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped in Filer Server container                                                                                                                                                                        | `["ALL"]`                     |
+| `filer.containerSecurityContext.seccompProfile.type`      | Set seccomp profile in Filer Server container                                                                                                                                                                                       | `RuntimeDefault`              |
+| `filer.logLevel`                                          | Filer Server log level [0|1|2|3|4]                                                                                                                                                                                                  | `1`                           |
+| `filer.bindAddress`                                       | Filer Server bind address                                                                                                                                                                                                           | `0.0.0.0`                     |
+| `filer.config`                                            | Filer Server configuration                                                                                                                                                                                                          | `[leveldb2]
+enabled = false
+` |
+| `filer.existingConfigmap`                                 | The name of an existing ConfigMap with your custom configuration for Filer Server                                                                                                                                                   | `""`                          |
+| `filer.command`                                           | Override default Filer Server container command (useful when using custom images)                                                                                                                                                   | `[]`                          |
+| `filer.args`                                              | Override default Filer Server container args (useful when using custom images)                                                                                                                                                      | `[]`                          |
+| `filer.automountServiceAccountToken`                      | Mount Service Account token in Filer Server pods                                                                                                                                                                                    | `false`                       |
+| `filer.hostAliases`                                       | Filer Server pods host aliases                                                                                                                                                                                                      | `[]`                          |
+| `filer.statefulsetAnnotations`                            | Annotations for Filer Server statefulset                                                                                                                                                                                            | `{}`                          |
+| `filer.podLabels`                                         | Extra labels for Filer Server pods                                                                                                                                                                                                  | `{}`                          |
+| `filer.podAnnotations`                                    | Annotations for Filer Server pods                                                                                                                                                                                                   | `{}`                          |
+| `filer.podAffinityPreset`                                 | Pod affinity preset. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                           | `""`                          |
+| `filer.podAntiAffinityPreset`                             | Pod anti-affinity preset. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                      | `soft`                        |
+| `filer.nodeAffinityPreset.type`                           | Node affinity preset type. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                     | `""`                          |
+| `filer.nodeAffinityPreset.key`                            | Node label key to match. Ignored if `filer.affinity` is set                                                                                                                                                                         | `""`                          |
+| `filer.nodeAffinityPreset.values`                         | Node label values to match. Ignored if `filer.affinity` is set                                                                                                                                                                      | `[]`                          |
+| `filer.affinity`                                          | Affinity for Filer Server pods assignment                                                                                                                                                                                           | `{}`                          |
+| `filer.nodeSelector`                                      | Node labels for Filer Server pods assignment                                                                                                                                                                                        | `{}`                          |
+| `filer.tolerations`                                       | Tolerations for Filer Server pods assignment                                                                                                                                                                                        | `[]`                          |
+| `filer.updateStrategy.type`                               | Filer Server statefulset strategy type                                                                                                                                                                                              | `RollingUpdate`               |
+| `filer.podManagementPolicy`                               | Pod management policy for Filer Server statefulset                                                                                                                                                                                  | `Parallel`                    |
+| `filer.priorityClassName`                                 | Filer Server pods' priorityClassName                                                                                                                                                                                                | `""`                          |
+| `filer.topologySpreadConstraints`                         | Topology Spread Constraints for Filer Server pod assignment spread across your cluster among failure-domains                                                                                                                        | `[]`                          |
+| `filer.schedulerName`                                     | Name of the k8s scheduler (other than default) for Filer Server pods                                                                                                                                                                | `""`                          |
+| `filer.terminationGracePeriodSeconds`                     | Seconds Filer Server pods need to terminate gracefully                                                                                                                                                                              | `""`                          |
+| `filer.lifecycleHooks`                                    | for Filer Server containers to automate configuration before or after startup                                                                                                                                                       | `{}`                          |
+| `filer.extraEnvVars`                                      | Array with extra environment variables to add to Filer Server containers                                                                                                                                                            | `[]`                          |
+| `filer.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for Filer Server containers                                                                                                                                                    | `""`                          |
+| `filer.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for Filer Server containers                                                                                                                                                       | `""`                          |
+| `filer.extraVolumes`                                      | Optionally specify extra list of additional volumes for the Filer Server pods                                                                                                                                                       | `[]`                          |
+| `filer.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Filer Server containers                                                                                                                                            | `[]`                          |
+| `filer.sidecars`                                          | Add additional sidecar containers to the Filer Server pods                                                                                                                                                                          | `[]`                          |
+| `filer.initContainers`                                    | Add additional init containers to the Filer Server pods                                                                                                                                                                             | `[]`                          |
+| `filer.pdb.create`                                        | Enable/disable a Pod Disruption Budget creation                                                                                                                                                                                     | `false`                       |
+| `filer.pdb.minAvailable`                                  | Minimum number/percentage of pods that should remain scheduled                                                                                                                                                                      | `1`                           |
+| `filer.pdb.maxUnavailable`                                | Maximum number/percentage of pods that may be made unavailable                                                                                                                                                                      | `""`                          |
+| `filer.autoscaling.enabled`                               | Enable autoscaling for filer                                                                                                                                                                                                        | `false`                       |
+| `filer.autoscaling.minReplicas`                           | Minimum number of filer replicas                                                                                                                                                                                                    | `""`                          |
+| `filer.autoscaling.maxReplicas`                           | Maximum number of filer replicas                                                                                                                                                                                                    | `""`                          |
+| `filer.autoscaling.targetCPU`                             | Target CPU utilization percentage                                                                                                                                                                                                   | `""`                          |
+| `filer.autoscaling.targetMemory`                          | Target Memory utilization percentage                                                                                                                                                                                                | `""`                          |
+
+### Filer Server Traffic Exposure Parameters
+
+| Name                                          | Description                                                                                                                      | Value                    |
+| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `filer.service.type`                          | Filer Server service type                                                                                                        | `ClusterIP`              |
+| `filer.service.ports.http`                    | Filer Server service HTTP port                                                                                                   | `8888`                   |
+| `filer.service.ports.grpc`                    | Filer Server service GRPC port                                                                                                   | `18888`                  |
+| `filer.service.nodePorts.http`                | Node port for HTTP                                                                                                               | `""`                     |
+| `filer.service.nodePorts.grpc`                | Node port for GRPC                                                                                                               | `""`                     |
+| `filer.service.clusterIP`                     | Filer Server service Cluster IP                                                                                                  | `""`                     |
+| `filer.service.loadBalancerIP`                | Filer Server service Load Balancer IP                                                                                            | `""`                     |
+| `filer.service.loadBalancerSourceRanges`      | Filer Server service Load Balancer sources                                                                                       | `[]`                     |
+| `filer.service.externalTrafficPolicy`         | Filer Server service external traffic policy                                                                                     | `Cluster`                |
+| `filer.service.annotations`                   | Additional custom annotations for Filer Server service                                                                           | `{}`                     |
+| `filer.service.extraPorts`                    | Extra ports to expose in Filer Server service (normally used with the `sidecars` value)                                          | `[]`                     |
+| `filer.service.sessionAffinity`               | Control where client requests go, to the same pod or round-robin                                                                 | `None`                   |
+| `filer.service.sessionAffinityConfig`         | Additional settings for the sessionAffinity                                                                                      | `{}`                     |
+| `filer.service.headless.annotations`          | Annotations for the headless service.                                                                                            | `{}`                     |
+| `filer.networkPolicy.enabled`                 | Specifies whether a NetworkPolicy should be created for Filer Server                                                             | `true`                   |
+| `filer.networkPolicy.allowExternal`           | Don't require server label for connections                                                                                       | `true`                   |
+| `filer.networkPolicy.allowExternalEgress`     | Allow the Filer Server pods to access any range of port and all destinations.                                                    | `true`                   |
+| `filer.networkPolicy.extraIngress`            | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `filer.networkPolicy.extraEgress`             | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)                                               | `[]`                     |
+| `filer.networkPolicy.ingressNSMatchLabels`    | Labels to match to allow traffic from other namespaces                                                                           | `{}`                     |
+| `filer.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces                                                                       | `{}`                     |
+| `filer.ingress.enabled`                       | Enable ingress record generation for Filer Server                                                                                | `false`                  |
+| `filer.ingress.pathType`                      | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `filer.ingress.apiVersion`                    | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `filer.ingress.hostname`                      | Default host for the ingress record                                                                                              | `filer.seaweedfs.local`  |
+| `filer.ingress.ingressClassName`              | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
+| `filer.ingress.path`                          | Default path for the ingress record                                                                                              | `/`                      |
+| `filer.ingress.annotations`                   | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `filer.ingress.tls`                           | Enable TLS configuration for the host defined at `ingress.hostname` parameter                                                    | `false`                  |
+| `filer.ingress.selfSigned`                    | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `filer.ingress.extraHosts`                    | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
+| `filer.ingress.extraPaths`                    | An array with additional arbitrary paths that may need to be added to the ingress under the main host                            | `[]`                     |
+| `filer.ingress.extraTls`                      | TLS configuration for additional hostname(s) to be covered with this ingress record                                              | `[]`                     |
+| `filer.ingress.secrets`                       | Custom TLS certificates as secrets                                                                                               | `[]`                     |
+| `filer.ingress.extraRules`                    | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+
+### Filer Server Metrics Parameters
+
+| Name                                             | Description                                                                                            | Value   |
+| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------ | ------- |
+| `filer.metrics.enabled`                          | Enable the export of Prometheus metrics                                                                | `false` |
+| `filer.metrics.service.port`                     | Metrics service port                                                                                   | `9327`  |
+| `filer.metrics.service.annotations`              | Annotations for the metrics service.                                                                   | `{}`    |
+| `filer.metrics.serviceMonitor.enabled`           | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
+| `filer.metrics.serviceMonitor.namespace`         | Namespace in which Prometheus is running                                                               | `""`    |
+| `filer.metrics.serviceMonitor.annotations`       | Additional custom annotations for the ServiceMonitor                                                   | `{}`    |
+| `filer.metrics.serviceMonitor.labels`            | Extra labels for the ServiceMonitor                                                                    | `{}`    |
+| `filer.metrics.serviceMonitor.jobLabel`          | The name of the label on the target service to use as the job name in Prometheus                       | `""`    |
+| `filer.metrics.serviceMonitor.honorLabels`       | honorLabels chooses the metric's labels on collisions with target labels                               | `false` |
+| `filer.metrics.serviceMonitor.interval`          | Interval at which metrics should be scraped.                                                           | `""`    |
+| `filer.metrics.serviceMonitor.scrapeTimeout`     | Timeout after which the scrape is ended                                                                | `""`    |
+| `filer.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics                                                               | `[]`    |
+| `filer.metrics.serviceMonitor.relabelings`       | Specify general relabeling                                                                             | `[]`    |
+| `filer.metrics.serviceMonitor.selector`          | Prometheus instance selector labels                                                                    | `{}`    |
+
+### Amazon S3 API Parameters
+
+| Name                                                   | Description                                                                                                                                                                                                                    | Value            |
+| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- |
+| `s3.enabled`                                           | Enable Amazon S3 API deployment                                                                                                                                                                                                | `false`          |
+| `s3.replicaCount`                                      | Number of Amazon S3 API replicas to deploy                                                                                                                                                                                     | `1`              |
+| `s3.containerPorts.http`                               | Amazon S3 API HTTP container port                                                                                                                                                                                              | `8333`           |
+| `s3.containerPorts.grpc`                               | Amazon S3 API GRPC container port                                                                                                                                                                                              | `18333`          |
+| `s3.containerPorts.metrics`                            | Amazon S3 API metrics container port                                                                                                                                                                                           | `9327`           |
+| `s3.extraContainerPorts`                               | Optionally specify extra list of additional ports for Amazon S3 API containers                                                                                                                                                 | `[]`             |
+| `s3.livenessProbe.enabled`                             | Enable livenessProbe on Amazon S3 API containers                                                                                                                                                                               | `true`           |
+| `s3.livenessProbe.initialDelaySeconds`                 | Initial delay seconds for livenessProbe                                                                                                                                                                                        | `30`             |
+| `s3.livenessProbe.periodSeconds`                       | Period seconds for livenessProbe                                                                                                                                                                                               | `10`             |
+| `s3.livenessProbe.timeoutSeconds`                      | Timeout seconds for livenessProbe                                                                                                                                                                                              | `30`             |
+| `s3.livenessProbe.failureThreshold`                    | Failure threshold for livenessProbe                                                                                                                                                                                            | `6`              |
+| `s3.livenessProbe.successThreshold`                    | Success threshold for livenessProbe                                                                                                                                                                                            | `1`              |
+| `s3.readinessProbe.enabled`                            | Enable readinessProbe on Amazon S3 API containers                                                                                                                                                                              | `true`           |
+| `s3.readinessProbe.initialDelaySeconds`                | Initial delay seconds for readinessProbe                                                                                                                                                                                       | `30`             |
+| `s3.readinessProbe.periodSeconds`                      | Period seconds for readinessProbe                                                                                                                                                                                              | `10`             |
+| `s3.readinessProbe.timeoutSeconds`                     | Timeout seconds for readinessProbe                                                                                                                                                                                             | `30`             |
+| `s3.readinessProbe.failureThreshold`                   | Failure threshold for readinessProbe                                                                                                                                                                                           | `6`              |
+| `s3.readinessProbe.successThreshold`                   | Success threshold for readinessProbe                                                                                                                                                                                           | `1`              |
+| `s3.startupProbe.enabled`                              | Enable startupProbe on Amazon S3 API containers                                                                                                                                                                                | `false`          |
+| `s3.startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                                                                                                                                         | `5`              |
+| `s3.startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                                                                                                                                | `5`              |
+| `s3.startupProbe.timeoutSeconds`                       | Timeout seconds for startupProbe                                                                                                                                                                                               | `1`              |
+| `s3.startupProbe.failureThreshold`                     | Failure threshold for startupProbe                                                                                                                                                                                             | `15`             |
+| `s3.startupProbe.successThreshold`                     | Success threshold for startupProbe                                                                                                                                                                                             | `1`              |
+| `s3.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                                                                                                                                            | `{}`             |
+| `s3.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                                                                                                                                           | `{}`             |
+| `s3.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                                                                                                                                             | `{}`             |
+| `s3.resourcesPreset`                                   | Set Amazon S3 API container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if s3.resources is set (s3.resources is recommended for production). | `nano`           |
+| `s3.resources`                                         | Set Amazon S3 API container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                | `{}`             |
+| `s3.podSecurityContext.enabled`                        | Enable Amazon S3 API pods' Security Context                                                                                                                                                                                    | `true`           |
+| `s3.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy for Amazon S3 API pods                                                                                                                                                                      | `Always`         |
+| `s3.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface for Amazon S3 API pods                                                                                                                                                          | `[]`             |
+| `s3.podSecurityContext.supplementalGroups`             | Set filesystem extra groups for Amazon S3 API pods                                                                                                                                                                             | `[]`             |
+| `s3.podSecurityContext.fsGroup`                        | Set fsGroup in Amazon S3 API pods' Security Context                                                                                                                                                                            | `1001`           |
+| `s3.containerSecurityContext.enabled`                  | Enabled Amazon S3 API container' Security Context                                                                                                                                                                              | `true`           |
+| `s3.containerSecurityContext.seLinuxOptions`           | Set SELinux options in Amazon S3 API container                                                                                                                                                                                 | `{}`             |
+| `s3.containerSecurityContext.runAsUser`                | Set runAsUser in Amazon S3 API container' Security Context                                                                                                                                                                     | `1001`           |
+| `s3.containerSecurityContext.runAsGroup`               | Set runAsGroup in Amazon S3 API container' Security Context                                                                                                                                                                    | `1001`           |
+| `s3.containerSecurityContext.runAsNonRoot`             | Set runAsNonRoot in Amazon S3 API container' Security Context                                                                                                                                                                  | `true`           |
+| `s3.containerSecurityContext.readOnlyRootFilesystem`   | Set readOnlyRootFilesystem in Amazon S3 API container' Security Context                                                                                                                                                        | `true`           |
+| `s3.containerSecurityContext.privileged`               | Set privileged in Amazon S3 API container' Security Context                                                                                                                                                                    | `false`          |
+| `s3.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in Amazon S3 API container' Security Context                                                                                                                                                      | `false`          |
+| `s3.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped in Amazon S3 API container                                                                                                                                                                  | `["ALL"]`        |
+| `s3.containerSecurityContext.seccompProfile.type`      | Set seccomp profile in Amazon S3 API container                                                                                                                                                                                 | `RuntimeDefault` |
+| `s3.logLevel`                                          | Amazon S3 API log level [0|1|2|3|4]                                                                                                                                                                                            | `1`              |
+| `s3.bindAddress`                                       | Amazon S3 API bind address                                                                                                                                                                                                     | `0.0.0.0`        |
+| `s3.auth.enabled`                                      | Enable Amazon S3 API authentication                                                                                                                                                                                            | `false`          |
+| `s3.auth.existingSecret`                               | Existing secret with Amazon S3 API authentication configuration                                                                                                                                                                | `""`             |
+| `s3.auth.existingSecretConfigKey`                      | Key of the above existing secret with S3 API authentication configuration, defaults to `config.json`                                                                                                                           | `""`             |
+| `s3.auth.adminAccessKeyId`                             | Amazon S3 API access key with admin privileges. Ignored if `security.mTLS.volume.existingSecret` is set                                                                                                                        | `""`             |
+| `s3.auth.adminSecretAccessKey`                         | Amazon S3 API secret key with admin privileges. Ignored if `security.mTLS.volume.existingSecret` is set                                                                                                                        | `""`             |
+| `s3.auth.readAccessKeyId`                              | Amazon S3 API read access key with read-only privileges. Ignored if `security.mTLS.volume.existingSecret` is set                                                                                                               | `""`             |
+| `s3.auth.readSecretAccessKey`                          | Amazon S3 API read secret key with read-only privileges. Ignored if `security.mTLS.volume.existingSecret` is set                                                                                                               | `""`             |
+| `s3.command`                                           | Override default Amazon S3 API container command (useful when using custom images)                                                                                                                                             | `[]`             |
+| `s3.args`                                              | Override default Amazon S3 API container args (useful when using custom images)                                                                                                                                                | `[]`             |
+| `s3.automountServiceAccountToken`                      | Mount Service Account token in Amazon S3 API pods                                                                                                                                                                              | `false`          |
+| `s3.hostAliases`                                       | Amazon S3 API pods host aliases                                                                                                                                                                                                | `[]`             |
+| `s3.statefulsetAnnotations`                            | Annotations for Amazon S3 API statefulset                                                                                                                                                                                      | `{}`             |
+| `s3.podLabels`                                         | Extra labels for Amazon S3 API pods                                                                                                                                                                                            | `{}`             |
+| `s3.podAnnotations`                                    | Annotations for Amazon S3 API pods                                                                                                                                                                                             | `{}`             |
+| `s3.podAffinityPreset`                                 | Pod affinity preset. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                         | `""`             |
+| `s3.podAntiAffinityPreset`                             | Pod anti-affinity preset. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                    | `soft`           |
+| `s3.nodeAffinityPreset.type`                           | Node affinity preset type. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                   | `""`             |
+| `s3.nodeAffinityPreset.key`                            | Node label key to match. Ignored if `s3.affinity` is set                                                                                                                                                                       | `""`             |
+| `s3.nodeAffinityPreset.values`                         | Node label values to match. Ignored if `s3.affinity` is set                                                                                                                                                                    | `[]`             |
+| `s3.affinity`                                          | Affinity for Amazon S3 API pods assignment                                                                                                                                                                                     | `{}`             |
+| `s3.nodeSelector`                                      | Node labels for Amazon S3 API pods assignment                                                                                                                                                                                  | `{}`             |
+| `s3.tolerations`                                       | Tolerations for Amazon S3 API pods assignment                                                                                                                                                                                  | `[]`             |
+| `s3.updateStrategy.type`                               | Amazon S3 API deployment strategy type                                                                                                                                                                                         | `RollingUpdate`  |
+| `s3.priorityClassName`                                 | Amazon S3 API pods' priorityClassName                                                                                                                                                                                          | `""`             |
+| `s3.topologySpreadConstraints`                         | Topology Spread Constraints for Amazon S3 API pod assignment spread across your cluster among failure-domains                                                                                                                  | `[]`             |
+| `s3.schedulerName`                                     | Name of the k8s scheduler (other than default) for Amazon S3 API pods                                                                                                                                                          | `""`             |
+| `s3.terminationGracePeriodSeconds`                     | Seconds Amazon S3 API pods need to terminate gracefully                                                                                                                                                                        | `""`             |
+| `s3.lifecycleHooks`                                    | for Amazon S3 API containers to automate configuration before or after startup                                                                                                                                                 | `{}`             |
+| `s3.extraEnvVars`                                      | Array with extra environment variables to add to Amazon S3 API containers                                                                                                                                                      | `[]`             |
+| `s3.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for Amazon S3 API containers                                                                                                                                              | `""`             |
+| `s3.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for Amazon S3 API containers                                                                                                                                                 | `""`             |
+| `s3.extraVolumes`                                      | Optionally specify extra list of additional volumes for the Amazon S3 API pods                                                                                                                                                 | `[]`             |
+| `s3.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the Amazon S3 API containers                                                                                                                                      | `[]`             |
+| `s3.sidecars`                                          | Add additional sidecar containers to the Amazon S3 API pods                                                                                                                                                                    | `[]`             |
+| `s3.initContainers`                                    | Add additional init containers to the Amazon S3 API pods                                                                                                                                                                       | `[]`             |
+| `s3.pdb.create`                                        | Enable/disable a Pod Disruption Budget creation                                                                                                                                                                                | `false`          |
+| `s3.pdb.minAvailable`                                  | Minimum number/percentage of pods that should remain scheduled                                                                                                                                                                 | `1`              |
+| `s3.pdb.maxUnavailable`                                | Maximum number/percentage of pods that may be made unavailable                                                                                                                                                                 | `""`             |
+| `s3.autoscaling.enabled`                               | Enable autoscaling for s3                                                                                                                                                                                                      | `false`          |
+| `s3.autoscaling.minReplicas`                           | Minimum number of s3 replicas                                                                                                                                                                                                  | `""`             |
+| `s3.autoscaling.maxReplicas`                           | Maximum number of s3 replicas                                                                                                                                                                                                  | `""`             |
+| `s3.autoscaling.targetCPU`                             | Target CPU utilization percentage                                                                                                                                                                                              | `""`             |
+| `s3.autoscaling.targetMemory`                          | Target Memory utilization percentage                                                                                                                                                                                           | `""`             |
+
+### Amazon S3 API Traffic Exposure Parameters
+
+| Name                                       | Description                                                                                                                      | Value                    |
+| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `s3.service.type`                          | Amazon S3 API service type                                                                                                       | `ClusterIP`              |
+| `s3.service.ports.http`                    | Amazon S3 API service HTTP port                                                                                                  | `8333`                   |
+| `s3.service.ports.grpc`                    | Amazon S3 API service GRPC port                                                                                                  | `18333`                  |
+| `s3.service.nodePorts.http`                | Node port for HTTP                                                                                                               | `""`                     |
+| `s3.service.nodePorts.grpc`                | Node port for GRPC                                                                                                               | `""`                     |
+| `s3.service.clusterIP`                     | Amazon S3 API service Cluster IP                                                                                                 | `""`                     |
+| `s3.service.loadBalancerIP`                | Amazon S3 API service Load Balancer IP                                                                                           | `""`                     |
+| `s3.service.loadBalancerSourceRanges`      | Amazon S3 API service Load Balancer sources                                                                                      | `[]`                     |
+| `s3.service.externalTrafficPolicy`         | Amazon S3 API service external traffic policy                                                                                    | `Cluster`                |
+| `s3.service.annotations`                   | Additional custom annotations for Amazon S3 API service                                                                          | `{}`                     |
+| `s3.service.extraPorts`                    | Extra ports to expose in Amazon S3 API service (normally used with the `sidecars` value)                                         | `[]`                     |
+| `s3.service.sessionAffinity`               | Control where client requests go, to the same pod or round-robin                                                                 | `None`                   |
+| `s3.service.sessionAffinityConfig`         | Additional settings for the sessionAffinity                                                                                      | `{}`                     |
+| `s3.service.headless.annotations`          | Annotations for the headless service.                                                                                            | `{}`                     |
+| `s3.networkPolicy.enabled`                 | Specifies whether a NetworkPolicy should be created for Amazon S3 API                                                            | `true`                   |
+| `s3.networkPolicy.allowExternal`           | Don't require server label for connections                                                                                       | `true`                   |
+| `s3.networkPolicy.allowExternalEgress`     | Allow the Amazon S3 API pods to access any range of port and all destinations.                                                   | `true`                   |
+| `s3.networkPolicy.extraIngress`            | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `s3.networkPolicy.extraEgress`             | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)                                               | `[]`                     |
+| `s3.networkPolicy.ingressNSMatchLabels`    | Labels to match to allow traffic from other namespaces                                                                           | `{}`                     |
+| `s3.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces                                                                       | `{}`                     |
+| `s3.ingress.enabled`                       | Enable ingress record generation for Amazon S3 API                                                                               | `false`                  |
+| `s3.ingress.pathType`                      | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `s3.ingress.apiVersion`                    | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `s3.ingress.hostname`                      | Default host for the ingress record                                                                                              | `s3.seaweedfs.local`     |
+| `s3.ingress.ingressClassName`              | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
+| `s3.ingress.path`                          | Default path for the ingress record                                                                                              | `/`                      |
+| `s3.ingress.annotations`                   | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `s3.ingress.tls`                           | Enable TLS configuration for the host defined at `ingress.hostname` parameter                                                    | `false`                  |
+| `s3.ingress.selfSigned`                    | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `s3.ingress.extraHosts`                    | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
+| `s3.ingress.extraPaths`                    | An array with additional arbitrary paths that may need to be added to the ingress under the main host                            | `[]`                     |
+| `s3.ingress.extraTls`                      | TLS configuration for additional hostname(s) to be covered with this ingress record                                              | `[]`                     |
+| `s3.ingress.secrets`                       | Custom TLS certificates as secrets                                                                                               | `[]`                     |
+| `s3.ingress.extraRules`                    | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+
+### Amazon S3 API Metrics Parameters
+
+| Name                                          | Description                                                                                            | Value   |
+| --------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------- |
+| `s3.metrics.enabled`                          | Enable the export of Prometheus metrics                                                                | `false` |
+| `s3.metrics.service.port`                     | Metrics service port                                                                                   | `9327`  |
+| `s3.metrics.service.annotations`              | Annotations for the metrics service.                                                                   | `{}`    |
+| `s3.metrics.serviceMonitor.enabled`           | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` |
+| `s3.metrics.serviceMonitor.namespace`         | Namespace in which Prometheus is running                                                               | `""`    |
+| `s3.metrics.serviceMonitor.annotations`       | Additional custom annotations for the ServiceMonitor                                                   | `{}`    |
+| `s3.metrics.serviceMonitor.labels`            | Extra labels for the ServiceMonitor                                                                    | `{}`    |
+| `s3.metrics.serviceMonitor.jobLabel`          | The name of the label on the target service to use as the job name in Prometheus                       | `""`    |
+| `s3.metrics.serviceMonitor.honorLabels`       | honorLabels chooses the metric's labels on collisions with target labels                               | `false` |
+| `s3.metrics.serviceMonitor.interval`          | Interval at which metrics should be scraped.                                                           | `""`    |
+| `s3.metrics.serviceMonitor.scrapeTimeout`     | Timeout after which the scrape is ended                                                                | `""`    |
+| `s3.metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics                                                               | `[]`    |
+| `s3.metrics.serviceMonitor.relabelings`       | Specify general relabeling                                                                             | `[]`    |
+| `s3.metrics.serviceMonitor.selector`          | Prometheus instance selector labels                                                                    | `{}`    |
+
+### WebDAV Parameters
+
+| Name                                                       | Description                                                                                                                                                                                                                     | Value            |
+| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
+| `webdav.enabled`                                           | Enable WebDAV deployment                                                                                                                                                                                                        | `false`          |
+| `webdav.replicaCount`                                      | Number of WebDAV replicas to deploy                                                                                                                                                                                             | `1`              |
+| `webdav.containerPorts.http`                               | WebDAV HTTP container port (HTTPS if `webdav.tls.enabled` is `true`)                                                                                                                                                            | `7333`           |
+| `webdav.extraContainerPorts`                               | Optionally specify extra list of additional ports for WebDAV containers                                                                                                                                                         | `[]`             |
+| `webdav.livenessProbe.enabled`                             | Enable livenessProbe on WebDAV containers                                                                                                                                                                                       | `true`           |
+| `webdav.livenessProbe.initialDelaySeconds`                 | Initial delay seconds for livenessProbe                                                                                                                                                                                         | `30`             |
+| `webdav.livenessProbe.periodSeconds`                       | Period seconds for livenessProbe                                                                                                                                                                                                | `10`             |
+| `webdav.livenessProbe.timeoutSeconds`                      | Timeout seconds for livenessProbe                                                                                                                                                                                               | `30`             |
+| `webdav.livenessProbe.failureThreshold`                    | Failure threshold for livenessProbe                                                                                                                                                                                             | `6`              |
+| `webdav.livenessProbe.successThreshold`                    | Success threshold for livenessProbe                                                                                                                                                                                             | `1`              |
+| `webdav.readinessProbe.enabled`                            | Enable readinessProbe on WebDAV containers                                                                                                                                                                                      | `true`           |
+| `webdav.readinessProbe.initialDelaySeconds`                | Initial delay seconds for readinessProbe                                                                                                                                                                                        | `30`             |
+| `webdav.readinessProbe.periodSeconds`                      | Period seconds for readinessProbe                                                                                                                                                                                               | `10`             |
+| `webdav.readinessProbe.timeoutSeconds`                     | Timeout seconds for readinessProbe                                                                                                                                                                                              | `30`             |
+| `webdav.readinessProbe.failureThreshold`                   | Failure threshold for readinessProbe                                                                                                                                                                                            | `6`              |
+| `webdav.readinessProbe.successThreshold`                   | Success threshold for readinessProbe                                                                                                                                                                                            | `1`              |
+| `webdav.startupProbe.enabled`                              | Enable startupProbe on WebDAV containers                                                                                                                                                                                        | `false`          |
+| `webdav.startupProbe.initialDelaySeconds`                  | Initial delay seconds for startupProbe                                                                                                                                                                                          | `5`              |
+| `webdav.startupProbe.periodSeconds`                        | Period seconds for startupProbe                                                                                                                                                                                                 | `5`              |
+| `webdav.startupProbe.timeoutSeconds`                       | Timeout seconds for startupProbe                                                                                                                                                                                                | `1`              |
+| `webdav.startupProbe.failureThreshold`                     | Failure threshold for startupProbe                                                                                                                                                                                              | `15`             |
+| `webdav.startupProbe.successThreshold`                     | Success threshold for startupProbe                                                                                                                                                                                              | `1`              |
+| `webdav.customLivenessProbe`                               | Custom livenessProbe that overrides the default one                                                                                                                                                                             | `{}`             |
+| `webdav.customReadinessProbe`                              | Custom readinessProbe that overrides the default one                                                                                                                                                                            | `{}`             |
+| `webdav.customStartupProbe`                                | Custom startupProbe that overrides the default one                                                                                                                                                                              | `{}`             |
+| `webdav.resourcesPreset`                                   | Set WebDAV container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if webdav.resources is set (webdav.resources is recommended for production). | `nano`           |
+| `webdav.resources`                                         | Set WebDAV container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                        | `{}`             |
+| `webdav.podSecurityContext.enabled`                        | Enable WebDAV pods' Security Context                                                                                                                                                                                            | `true`           |
+| `webdav.podSecurityContext.fsGroupChangePolicy`            | Set filesystem group change policy for WebDAV pods                                                                                                                                                                              | `Always`         |
+| `webdav.podSecurityContext.sysctls`                        | Set kernel settings using the sysctl interface for WebDAV pods                                                                                                                                                                  | `[]`             |
+| `webdav.podSecurityContext.supplementalGroups`             | Set filesystem extra groups for WebDAV pods                                                                                                                                                                                     | `[]`             |
+| `webdav.podSecurityContext.fsGroup`                        | Set fsGroup in WebDAV pods' Security Context                                                                                                                                                                                    | `1001`           |
+| `webdav.containerSecurityContext.enabled`                  | Enabled WebDAV container' Security Context                                                                                                                                                                                      | `true`           |
+| `webdav.containerSecurityContext.seLinuxOptions`           | Set SELinux options in WebDAV container                                                                                                                                                                                         | `{}`             |
+| `webdav.containerSecurityContext.runAsUser`                | Set runAsUser in WebDAV container' Security Context                                                                                                                                                                             | `1001`           |
+| `webdav.containerSecurityContext.runAsGroup`               | Set runAsGroup in WebDAV container' Security Context                                                                                                                                                                            | `1001`           |
+| `webdav.containerSecurityContext.runAsNonRoot`             | Set runAsNonRoot in WebDAV container' Security Context                                                                                                                                                                          | `true`           |
+| `webdav.containerSecurityContext.readOnlyRootFilesystem`   | Set readOnlyRootFilesystem in WebDAV container' Security Context                                                                                                                                                                | `true`           |
+| `webdav.containerSecurityContext.privileged`               | Set privileged in WebDAV container' Security Context                                                                                                                                                                            | `false`          |
+| `webdav.containerSecurityContext.allowPrivilegeEscalation` | Set allowPrivilegeEscalation in WebDAV container' Security Context                                                                                                                                                              | `false`          |
+| `webdav.containerSecurityContext.capabilities.drop`        | List of capabilities to be dropped in WebDAV container                                                                                                                                                                          | `["ALL"]`        |
+| `webdav.containerSecurityContext.seccompProfile.type`      | Set seccomp profile in WebDAV container                                                                                                                                                                                         | `RuntimeDefault` |
+| `webdav.logLevel`                                          | WebDAV log level [0|1|2|3|4]                                                                                                                                                                                                    | `1`              |
+| `webdav.tls.enabled`                                       | Enable TLS transport for WebDAV                                                                                                                                                                                                 | `false`          |
+| `webdav.tls.autoGenerated.enabled`                         | Enable automatic generation of certificates for TLS                                                                                                                                                                             | `false`          |
+| `webdav.tls.autoGenerated.engine`                          | Mechanism to generate the certificates (allowed values: helm, cert-manager)                                                                                                                                                     | `helm`           |
+| `webdav.tls.autoGenerated.certManager.existingIssuer`      | The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)                                                                                                                          | `""`             |
+| `webdav.tls.autoGenerated.certManager.existingIssuerKind`  | Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)                                                                                                                                                       | `""`             |
+| `webdav.tls.autoGenerated.certManager.keyAlgorithm`        | Key algorithm for the certificates (only for `cert-manager` engine)                                                                                                                                                             | `RSA`            |
+| `webdav.tls.autoGenerated.certManager.keySize`             | Key size for the certificates (only for `cert-manager` engine)                                                                                                                                                                  | `2048`           |
+| `webdav.tls.autoGenerated.certManager.duration`            | Duration for the certificates (only for `cert-manager` engine)                                                                                                                                                                  | `2160h`          |
+| `webdav.tls.autoGenerated.certManager.renewBefore`         | Renewal period for the certificates (only for `cert-manager` engine)                                                                                                                                                            | `360h`           |
+| `webdav.tls.existingSecret`                                | The name of an existing Secret containing the certificates for TLS                                                                                                                                                              | `""`             |
+| `webdav.tls.cert`                                          | Volume Server certificate for TLS. Ignored if `webdav.tls.existingSecret` is set                                                                                                                                                | `""`             |
+| `webdav.tls.key`                                           | Volume Server key for TLS. Ignored if `webdav.tls.existingSecret` is set                                                                                                                                                        | `""`             |
+| `webdav.command`                                           | Override default WebDAV container command (useful when using custom images)                                                                                                                                                     | `[]`             |
+| `webdav.args`                                              | Override default WebDAV container args (useful when using custom images)                                                                                                                                                        | `[]`             |
+| `webdav.automountServiceAccountToken`                      | Mount Service Account token in WebDAV pods                                                                                                                                                                                      | `false`          |
+| `webdav.hostAliases`                                       | WebDAV pods host aliases                                                                                                                                                                                                        | `[]`             |
+| `webdav.statefulsetAnnotations`                            | Annotations for WebDAV statefulset                                                                                                                                                                                              | `{}`             |
+| `webdav.podLabels`                                         | Extra labels for WebDAV pods                                                                                                                                                                                                    | `{}`             |
+| `webdav.podAnnotations`                                    | Annotations for WebDAV pods                                                                                                                                                                                                     | `{}`             |
+| `webdav.podAffinityPreset`                                 | Pod affinity preset. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                      | `""`             |
+| `webdav.podAntiAffinityPreset`                             | Pod anti-affinity preset. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                 | `soft`           |
+| `webdav.nodeAffinityPreset.type`                           | Node affinity preset type. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`                                                                                                                                | `""`             |
+| `webdav.nodeAffinityPreset.key`                            | Node label key to match. Ignored if `webdav.affinity` is set                                                                                                                                                                    | `""`             |
+| `webdav.nodeAffinityPreset.values`                         | Node label values to match. Ignored if `webdav.affinity` is set                                                                                                                                                                 | `[]`             |
+| `webdav.affinity`                                          | Affinity for WebDAV pods assignment                                                                                                                                                                                             | `{}`             |
+| `webdav.nodeSelector`                                      | Node labels for WebDAV pods assignment                                                                                                                                                                                          | `{}`             |
+| `webdav.tolerations`                                       | Tolerations for WebDAV pods assignment                                                                                                                                                                                          | `[]`             |
+| `webdav.updateStrategy.type`                               | WebDAV deployment strategy type                                                                                                                                                                                                 | `RollingUpdate`  |
+| `webdav.priorityClassName`                                 | WebDAV pods' priorityClassName                                                                                                                                                                                                  | `""`             |
+| `webdav.topologySpreadConstraints`                         | Topology Spread Constraints for WebDAV pod assignment spread across your cluster among failure-domains                                                                                                                          | `[]`             |
+| `webdav.schedulerName`                                     | Name of the k8s scheduler (other than default) for WebDAV pods                                                                                                                                                                  | `""`             |
+| `webdav.terminationGracePeriodSeconds`                     | Seconds WebDAV pods need to terminate gracefully                                                                                                                                                                                | `""`             |
+| `webdav.lifecycleHooks`                                    | for WebDAV containers to automate configuration before or after startup                                                                                                                                                         | `{}`             |
+| `webdav.extraEnvVars`                                      | Array with extra environment variables to add to WebDAV containers                                                                                                                                                              | `[]`             |
+| `webdav.extraEnvVarsCM`                                    | Name of existing ConfigMap containing extra env vars for WebDAV containers                                                                                                                                                      | `""`             |
+| `webdav.extraEnvVarsSecret`                                | Name of existing Secret containing extra env vars for WebDAV containers                                                                                                                                                         | `""`             |
+| `webdav.extraVolumes`                                      | Optionally specify extra list of additional volumes for the WebDAV pods                                                                                                                                                         | `[]`             |
+| `webdav.extraVolumeMounts`                                 | Optionally specify extra list of additional volumeMounts for the WebDAV containers                                                                                                                                              | `[]`             |
+| `webdav.sidecars`                                          | Add additional sidecar containers to the WebDAV pods                                                                                                                                                                            | `[]`             |
+| `webdav.initContainers`                                    | Add additional init containers to the WebDAV pods                                                                                                                                                                               | `[]`             |
+| `webdav.pdb.create`                                        | Enable/disable a Pod Disruption Budget creation                                                                                                                                                                                 | `false`          |
+| `webdav.pdb.minAvailable`                                  | Minimum number/percentage of pods that should remain scheduled                                                                                                                                                                  | `1`              |
+| `webdav.pdb.maxUnavailable`                                | Maximum number/percentage of pods that may be made unavailable                                                                                                                                                                  | `""`             |
+| `webdav.autoscaling.enabled`                               | Enable autoscaling for webdav                                                                                                                                                                                                   | `false`          |
+| `webdav.autoscaling.minReplicas`                           | Minimum number of webdav replicas                                                                                                                                                                                               | `""`             |
+| `webdav.autoscaling.maxReplicas`                           | Maximum number of webdav replicas                                                                                                                                                                                               | `""`             |
+| `webdav.autoscaling.targetCPU`                             | Target CPU utilization percentage                                                                                                                                                                                               | `""`             |
+| `webdav.autoscaling.targetMemory`                          | Target Memory utilization percentage                                                                                                                                                                                            | `""`             |
+
+### WebDAV Traffic Exposure Parameters
+
+| Name                                           | Description                                                                                                                      | Value                    |
+| ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ------------------------ |
+| `webdav.service.type`                          | WebDAV service type                                                                                                              | `ClusterIP`              |
+| `webdav.service.ports.http`                    | WebDAV service HTTP port (HTTPS if `webdav.tls.enabled` is `true`)                                                               | `7333`                   |
+| `webdav.service.nodePorts.http`                | Node port for HTTP (HTTPS if `webdav.tls.enabled` is `true`)                                                                     | `""`                     |
+| `webdav.service.clusterIP`                     | WebDAV service Cluster IP                                                                                                        | `""`                     |
+| `webdav.service.loadBalancerIP`                | WebDAV service Load Balancer IP                                                                                                  | `""`                     |
+| `webdav.service.loadBalancerSourceRanges`      | WebDAV service Load Balancer sources                                                                                             | `[]`                     |
+| `webdav.service.externalTrafficPolicy`         | WebDAV service external traffic policy                                                                                           | `Cluster`                |
+| `webdav.service.annotations`                   | Additional custom annotations for WebDAV service                                                                                 | `{}`                     |
+| `webdav.service.extraPorts`                    | Extra ports to expose in WebDAV service (normally used with the `sidecars` value)                                                | `[]`                     |
+| `webdav.service.sessionAffinity`               | Control where client requests go, to the same pod or round-robin                                                                 | `None`                   |
+| `webdav.service.sessionAffinityConfig`         | Additional settings for the sessionAffinity                                                                                      | `{}`                     |
+| `webdav.service.headless.annotations`          | Annotations for the headless service.                                                                                            | `{}`                     |
+| `webdav.networkPolicy.enabled`                 | Specifies whether a NetworkPolicy should be created for WebDAV                                                                   | `true`                   |
+| `webdav.networkPolicy.allowExternal`           | Don't require server label for connections                                                                                       | `true`                   |
+| `webdav.networkPolicy.allowExternalEgress`     | Allow the WebDAV pods to access any range of port and all destinations.                                                          | `true`                   |
+| `webdav.networkPolicy.extraIngress`            | Add extra ingress rules to the NetworkPolicy                                                                                     | `[]`                     |
+| `webdav.networkPolicy.extraEgress`             | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)                                               | `[]`                     |
+| `webdav.networkPolicy.ingressNSMatchLabels`    | Labels to match to allow traffic from other namespaces                                                                           | `{}`                     |
+| `webdav.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces                                                                       | `{}`                     |
+| `webdav.ingress.enabled`                       | Enable ingress record generation for WebDAV                                                                                      | `false`                  |
+| `webdav.ingress.pathType`                      | Ingress path type                                                                                                                | `ImplementationSpecific` |
+| `webdav.ingress.apiVersion`                    | Force Ingress API version (automatically detected if not set)                                                                    | `""`                     |
+| `webdav.ingress.hostname`                      | Default host for the ingress record                                                                                              | `webdav.seaweedfs.local` |
+| `webdav.ingress.ingressClassName`              | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)                                                    | `""`                     |
+| `webdav.ingress.path`                          | Default path for the ingress record                                                                                              | `/`                      |
+| `webdav.ingress.annotations`                   | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}`                     |
+| `webdav.ingress.tls`                           | Enable TLS configuration for the host defined at `ingress.hostname` parameter                                                    | `false`                  |
+| `webdav.ingress.selfSigned`                    | Create a TLS secret for this ingress record using self-signed certificates generated by Helm                                     | `false`                  |
+| `webdav.ingress.extraHosts`                    | An array with additional hostname(s) to be covered with the ingress record                                                       | `[]`                     |
+| `webdav.ingress.extraPaths`                    | An array with additional arbitrary paths that may need to be added to the ingress under the main host                            | `[]`                     |
+| `webdav.ingress.extraTls`                      | TLS configuration for additional hostname(s) to be covered with this ingress record                                              | `[]`                     |
+| `webdav.ingress.secrets`                       | Custom TLS certificates as secrets                                                                                               | `[]`                     |
+| `webdav.ingress.extraRules`                    | Additional rules to be covered with this ingress record                                                                          | `[]`                     |
+
+### Init Container Parameters
+
+| Name                                                        | Description                                                                                                                                                                                                                                         | Value                      |
+| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- |
+| `volumePermissions.enabled`                                 | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`                                                                                                                                                     | `false`                    |
+| `volumePermissions.image.registry`                          | OS Shell + Utility image registry                                                                                                                                                                                                                   | `REGISTRY_NAME`            |
+| `volumePermissions.image.repository`                        | OS Shell + Utility image repository                                                                                                                                                                                                                 | `REPOSITORY_NAME/os-shell` |
+| `volumePermissions.image.pullPolicy`                        | OS Shell + Utility image pull policy                                                                                                                                                                                                                | `IfNotPresent`             |
+| `volumePermissions.image.pullSecrets`                       | OS Shell + Utility image pull secrets                                                                                                                                                                                                               | `[]`                       |
+| `volumePermissions.resourcesPreset`                         | Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `nano`                     |
+| `volumePermissions.resources`                               | Set init container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                                              | `{}`                       |
+| `volumePermissions.containerSecurityContext.enabled`        | Enabled init container' Security Context                                                                                                                                                                                                            | `true`                     |
+| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in init container                                                                                                                                                                                                               | `{}`                       |
+| `volumePermissions.containerSecurityContext.runAsUser`      | Set init container's Security Context runAsUser                                                                                                                                                                                                     | `0`                        |
+
+### Other Parameters
+
+| Name                                          | Description                                                      | Value  |
+| --------------------------------------------- | ---------------------------------------------------------------- | ------ |
+| `serviceAccount.create`                       | Specifies whether a ServiceAccount should be created             | `true` |
+| `serviceAccount.name`                         | The name of the ServiceAccount to use.                           | `""`   |
+| `serviceAccount.annotations`                  | Additional Service Account annotations (evaluated as a template) | `{}`   |
+| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account   | `true` |
+
+### Database Parameters
+
+| Name                                       | Description                                                                                                                                                                                                                | Value               |
+| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- |
+| `mariadb.enabled`                          | Deploy a MariaDB server to satisfy the Filer server database requirements                                                                                                                                                  | `true`              |
+| `mariadb.architecture`                     | MariaDB architecture. Allowed values: `standalone` or `replication`                                                                                                                                                        | `standalone`        |
+| `mariadb.auth.rootPassword`                | MariaDB root password                                                                                                                                                                                                      | `""`                |
+| `mariadb.auth.database`                    | MariaDB custom database                                                                                                                                                                                                    | `bitnami_seaweedfs` |
+| `mariadb.auth.username`                    | MariaDB custom user name                                                                                                                                                                                                   | `bn_seaweedfs`      |
+| `mariadb.auth.password`                    | MariaDB custom user password                                                                                                                                                                                               | `""`                |
+| `mariadb.auth.usePasswordFiles`            | Mount credentials as a file instead of using an environment variable                                                                                                                                                       | `false`             |
+| `mariadb.initdbScripts`                    | Specify dictionary of scripts to be run at first boot                                                                                                                                                                      | `{}`                |
+| `mariadb.primary.persistence.enabled`      | Enable persistence on MariaDB using PVC(s)                                                                                                                                                                                 | `true`              |
+| `mariadb.primary.persistence.storageClass` | Persistent Volume storage class                                                                                                                                                                                            | `""`                |
+| `mariadb.primary.persistence.accessModes`  | Persistent Volume access modes                                                                                                                                                                                             | `[]`                |
+| `mariadb.primary.persistence.size`         | Persistent Volume size                                                                                                                                                                                                     | `8Gi`               |
+| `mariadb.primary.resourcesPreset`          | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production). | `micro`             |
+| `mariadb.primary.resources`                | Set container requests and limits for different resources like CPU or memory (essential for production workloads)                                                                                                          | `{}`                |
+| `externalDatabase.host`                    | External Database server host                                                                                                                                                                                              | `localhost`         |
+| `externalDatabase.port`                    | External Database server port                                                                                                                                                                                              | `3306`              |
+| `externalDatabase.user`                    | External Database username                                                                                                                                                                                                 | `bn_seaweedfs`      |
+| `externalDatabase.password`                | External Database user password                                                                                                                                                                                            | `""`                |
+| `externalDatabase.database`                | External Database database name                                                                                                                                                                                            | `bitnami_seaweedfs` |
+| `externalDatabase.existingSecret`          | The name of an existing secret with database credentials. Evaluated as a template                                                                                                                                          | `""`                |
+
+The above parameters map to the env variables defined in [bitnami/seaweedfs](https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs). For more information please refer to the [bitnami/seaweedfs](https://github.com/bitnami/containers/tree/main/bitnami/seaweedfs) image documentation.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```console
+helm install my-release \
+  --set filer.enabled=true \
+  --set s3.enabled=true \
+    oci://REGISTRY_NAME/REPOSITORY_NAME/seaweedfs
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+
+The above command enables two optional components of the SeaweedFS chart, the Filer and the Amazon S3 API.
+
+Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
+
+```console
+helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/seaweedfs
+```
+
+> Note: You need to substitute the placeholders `REGISTRY_NAME` and `REPOSITORY_NAME` with a reference to your Helm chart registry and repository. For example, in the case of Bitnami, you need to use `REGISTRY_NAME=registry-1.docker.io` and `REPOSITORY_NAME=bitnamicharts`.
+> **Tip**: You can use the default [values.yaml](https://github.com/bitnami/charts/blob/main/template/seaweedfs/values.yaml)
+
+## Troubleshooting
+
+Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues).
+
+## License
+
+Copyright &copy; 2024 Broadcom. The term "Broadcom" refers to Broadcom Inc. and/or its subsidiaries.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+<http://www.apache.org/licenses/LICENSE-2.0>
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

bitnami/seaweedfs/templates/NOTES.txt

@@ -0,0 +1,169 @@
+CHART NAME: {{ .Chart.Name  }}
+CHART VERSION: {{ .Chart.Version  }}
+APP VERSION: {{ .Chart.AppVersion  }}
+
+** Please be patient while the chart is being deployed **
+
+{{- if .Values.diagnosticMode.enabled }}
+The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with:
+
+  command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }}
+  args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }}
+
+Get the list of pods by executing:
+
+  kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }}
+
+Access the pod you want to debug by executing
+
+  kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti <NAME OF THE POD> -- bash
+
+Execute the 'weed' command with the same arguments used in the pod to replicate the container startup.
+
+{{- else }}
+
+The Master Server replicas can be accessed through the following DNS name from within your cluster:
+
+    {{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.master.service.ports.http }} for HTTP)
+    {{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }} (port {{ .Values.master.service.ports.grpc }} for gRPC)
+
+To access the Master Server replica from outside the cluster follow the steps below:
+
+{{- if .Values.master.ingress.enabled }}
+
+1. Get the Master Server API URL and associate Master Server hostname to your cluster external IP:
+
+   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+   echo "Master Server API URL: http{{ if .Values.master.ingress.tls }}s{{ end }}://{{ .Values.master.ingress.hostname }}{{ .Values.master.ingress.path }}"
+   echo "$CLUSTER_IP  {{ .Values.master.ingress.hostname }}" | sudo tee -a /etc/hosts
+
+{{- else }}
+{{- $port := .Values.master.service.ports.http | toString }}
+
+1. Get the Master Server API URL by running these commands:
+
+{{- if contains "NodePort" .Values.master.service.type }}
+
+   export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "seaweedfs.master.fullname" . }})
+   export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+   echo "Master Server API URL: http://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.master.service.type }}
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "seaweedfs.master.fullname" . }}'
+
+   export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "seaweedfs.master.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+   echo "Master Server API URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.master.service.ports.http }}{{ end }}/"
+
+{{- else if contains "ClusterIP"  .Values.master.service.type }}
+
+   kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "seaweedfs.master.fullname" . }} {{ .Values.master.service.ports.http }}:{{ .Values.master.service.ports.http }} &
+   echo "Master Server API URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.master.service.ports.http }}{{ end }}/"
+
+{{- end }}
+{{- end }}
+
+2. Access the Master Server API with your favorite REST client or using the "weed" CLI.
+
+{{- if and .Values.filer.enabled .Values.s3.enabled }}
+
+The chart was deployed enabling the Amazon S3 API, to access it from outside the cluster follow the steps below:
+
+{{- if .Values.s3.ingress.enabled }}
+
+1. Get the Amazon S3 API URL and associate the hostname to your cluster external IP:
+
+   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+   echo "Amazon S3 API URL: http{{ if .Values.s3.ingress.tls }}s{{ end }}://{{ .Values.s3.ingress.hostname }}{{ .Values.s3.ingress.path }}"
+   echo "$CLUSTER_IP  {{ .Values.s3.ingress.hostname }}" | sudo tee -a /etc/hosts
+
+{{- else }}
+{{- $port := .Values.s3.service.ports.http | toString }}
+
+1. Get the Amazon S3 API URL by running these commands:
+
+{{- if contains "NodePort" .Values.s3.service.type }}
+
+   export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "seaweedfs.s3.fullname" . }})
+   export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+   echo "Amazon S3 API URL: http://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.s3.service.type }}
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "seaweedfs.s3.fullname" . }}'
+
+   export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "seaweedfs.s3.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+   echo "Amazon S3 API URL: http://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.s3.service.ports.http }}{{ end }}"
+
+{{- else if contains "ClusterIP"  .Values.s3.service.type }}
+
+   kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "seaweedfs.s3.fullname" . }} {{ .Values.s3.service.ports.http }}:{{ .Values.s3.service.ports.http }} &
+   echo "Amazon S3 API URL: http://127.0.0.1{{- if ne $port "80" }}:{{ .Values.s3.service.ports.http }}{{ end }}/"
+
+{{- end }}
+{{- end }}
+
+2. Access the Amazon S3 API with your favorite REST client or using the "aws" CLI.
+{{- if and .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
+3. Obtain the credentials to configure "aws" CLI ("aws configure" command) running the commands below:
+
+   echo "Admin access key id: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }} -o jsonpath="{.data.admin_access_key_id}" | base64 -d)"
+   echo "Admin secret key: $(kubectl get secret --namespace {{ include "common.names.namespace" . }} {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }} -o jsonpath="{.data.admin_secret_access_key}" | base64 -d)"
+
+{{- end }}
+4. Example using "aws" CLI to create a new bucket "foo" and upload a "sample.txt" file:
+
+   aws s3 --endpoint-url [AMAZON_S3_API_URL] mb s3://foo
+   aws s3 --endpoint-url [AMAZON_S3_API_URL] cp sample.txt s3://foo
+
+{{- end }}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled }}
+
+The chart was deployed enabling WebDAV, to access it from outside the cluster follow the steps below:
+
+{{- if .Values.webdav.ingress.enabled }}
+
+1. Get the WebDAV URL and associate the hostname to your cluster external IP:
+
+   export CLUSTER_IP=$(minikube ip) # On Minikube. Use: `kubectl cluster-info` on others K8s clusters
+   echo "WebDAV URL: http{{ if .Values.webdav.ingress.tls }}s{{ end }}://{{ .Values.webdav.ingress.hostname }}{{ .Values.webdav.ingress.path }}"
+   echo "$CLUSTER_IP  {{ .Values.webdav.ingress.hostname }}" | sudo tee -a /etc/hosts
+
+{{- else }}
+{{- $port := .Values.webdav.service.ports.http | toString }}
+
+1. Get the WebDAV URL by running these commands:
+
+{{- if contains "NodePort" .Values.webdav.service.type }}
+
+   export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "seaweedfs.webdav.fullname" . }})
+   export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}")
+   echo "WebDAV URL: http{{ if .Values.webdav.tls.enabled }}s{{ end }}://$NODE_IP:$NODE_PORT/"
+
+{{- else if contains "LoadBalancer" .Values.webdav.service.type }}
+
+  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+        Watch the status with: 'kubectl get svc --namespace {{ include "common.names.namespace" . }} -w {{ include "seaweedfs.webdav.fullname" . }}'
+
+   export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ include "seaweedfs.webdav.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}")
+   echo "WebDAV URL: http{{ if .Values.webdav.tls.enabled }}s{{ end }}://$SERVICE_IP{{- if ne $port "80" }}:{{ .Values.webdav.service.ports.http }}{{ end }}/"
+
+{{- else if contains "ClusterIP"  .Values.webdav.service.type }}
+
+   kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ include "seaweedfs.webdav.fullname" . }} {{ .Values.webdav.service.ports.http }}:{{ .Values.webdav.service.ports.http }} &
+   echo "WebDAV URL: http{{ if .Values.webdav.tls.enabled }}s{{ end }}://127.0.0.1{{- if ne $port "80" }}:{{ .Values.webdav.service.ports.http }}{{ end }}/"
+
+{{- end }}
+{{- end }}
+
+2. Connect to WebDAV server as explained at https://github.com/seaweedfs/seaweedfs/wiki/WebDAV.
+
+{{- end }}
+{{- end }}
+
+{{- include "common.warnings.rollingTag" .Values.image }}
+{{- include "common.warnings.rollingTag" .Values.volumePermissions.image }}
+{{- include "seaweedfs.validateValues" . }}

bitnami/seaweedfs/templates/_helpers.tpl

@@ -0,0 +1,595 @@
+{{/*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/*
+Return the proper SeaweedFS Master Server fullname
+*/}}
+{{- define "seaweedfs.master.fullname" -}}
+{{- printf "%s-master" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper SeaweedFS Volume Server fullname
+*/}}
+{{- define "seaweedfs.volume.fullname" -}}
+{{- printf "%s-volume" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper SeaweedFS Filer Server fullname
+*/}}
+{{- define "seaweedfs.filer.fullname" -}}
+{{- printf "%s-filer" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper SeaweedFS Amazon S3 API fullname
+*/}}
+{{- define "seaweedfs.s3.fullname" -}}
+{{- printf "%s-s3" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper SeaweedFS WebDAV fullname
+*/}}
+{{- define "seaweedfs.webdav.fullname" -}}
+{{- printf "%s-webdav" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the proper SeaweedFS MariaDB database fullname
+*/}}
+{{- define "seaweedfs.mariadb.fullname" -}}
+{{- include "common.names.dependency.fullname" (dict "chartName" "mariadb" "chartValues" .Values.mariadb "context" $) -}}
+{{- end -}}
+
+{{/*
+Return the proper SeaweedFS image name
+*/}}
+{{- define "seaweedfs.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "seaweedfs.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "seaweedfs.imagePullSecrets" -}}
+{{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "context" $) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "seaweedfs.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Master Server configuration configmap.
+*/}}
+{{- define "seaweedfs.master.configmapName" -}}
+{{- if .Values.master.existingConfigmap -}}
+    {{- print (tpl .Values.master.existingConfigmap .) -}}
+{{- else -}}
+    {{- print (include "seaweedfs.master.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Volume Server configuration configmap.
+*/}}
+{{- define "seaweedfs.volume.configmapName" -}}
+{{- if .Values.volume.existingConfigmap -}}
+    {{- print (tpl .Values.volume.existingConfigmap .) -}}
+{{- else -}}
+    {{- print (include "seaweedfs.volume.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Filer Server configuration configmap.
+*/}}
+{{- define "seaweedfs.filer.configmapName" -}}
+{{- if .Values.filer.existingConfigmap -}}
+    {{- print (tpl .Values.filer.existingConfigmap .) -}}
+{{- else -}}
+    {{- print (include "seaweedfs.filer.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the Master Server peers
+*/}}
+{{- define "seaweedfs.master.servers" -}}
+{{- $peers := list -}}
+{{- $masterFullname := include "seaweedfs.master.fullname" . -}}
+{{- $masterHeadlessSvcName := printf "%s-headless" (include "seaweedfs.master.fullname" .) -}}
+{{- $clusterDomain := .Values.clusterDomain -}}
+{{- $masterPort := int .Values.master.containerPorts.http -}}
+{{- range $i := until (int .Values.master.replicaCount) }}
+    {{- $peers = append $peers (printf "%s-%d.%s.$(NAMESPACE).svc.%s:%d" $masterFullname $i $masterHeadlessSvcName $clusterDomain $masterPort) -}}
+{{- end -}}
+{{- print (join "," $peers) -}}
+{{- end -}}
+
+{{/*
+Return true if persistence is enabled for any of the data volumes for Volume Server
+*/}}
+{{- define "seaweedfs.volume.persistence.enabled" -}}
+{{- $persistenceEnabled := false -}}
+{{- range .Values.volume.dataVolumes -}}
+{{- if .persistence.enabled -}}
+    {{- $persistenceEnabled = true -}}
+{{- end -}}
+{{- end -}}
+{{- $persistenceEnabled -}}
+{{- end -}}
+
+{{/*
+Return the user defined LoadBalancerIP for Volume Server service
+Note: returns 127.0.0.1 if using ClusterIP
+*/}}
+{{- define "seaweedfs.volume.serviceIP" -}}
+{{- if eq .Values.volume.service.type "ClusterIP" -}}
+{{- print "127.0.0.1" -}}
+{{- else if eq .Values.volume.service.type "LoadBalancer" -}}
+{{- .Values.volume.service.loadBalancerIP | default "" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the advertised URL to access Volume Server
+*/}}
+{{- define "seaweedfs.volume.publicUrl" -}}
+{{- if .Values.volume.ingress.enabled -}}
+    {{- printf "%s%s" .Values.volume.ingress.hostname .Values.volume.ingress.path | default "" -}}
+{{- else if .Values.volume.publicUrl -}}
+    {{- .Values.volume.publicUrl | default "" -}}
+{{- else -}}
+    {{- include "seaweedfs.volume.serviceIP" . -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the name of the secret containing the mTLS CA
+*/}}
+{{- define "seaweedfs.security.mTLS.caSecretName" -}}
+{{- if or .Values.security.mTLS.autoGenerated.enabled (not (empty .Values.security.mTLS.ca)) -}}
+    {{- printf "%s-ca-crt" (include "common.names.fullname" .) -}}
+{{- else -}}
+    {{- required "An existing CA secret name must be provided if CA cert is not provided!" (tpl .Values.security.mTLS.existingCASecret .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the name of the secret containing the mTLS master certificates
+*/}}
+{{- define "seaweedfs.security.mTLS.master.secretName" -}}
+{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.master.cert)) (not (empty .Values.security.mTLS.master.key))) -}}
+    {{- printf "%s-crt" (include "seaweedfs.master.fullname" .) -}}
+{{- else -}}
+    {{- required "An existing master secret name must be provided if master cert and key are not provided!" (tpl .Values.security.mTLS.master.existingSecret .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the name of the secret containing the mTLS filer certificates
+*/}}
+{{- define "seaweedfs.security.mTLS.filer.secretName" -}}
+{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.filer.cert)) (not (empty .Values.security.mTLS.filer.key))) -}}
+    {{- printf "%s-crt" (include "seaweedfs.filer.fullname" .) -}}
+{{- else -}}
+    {{- required "An existing filer secret name must be provided if filer cert and key are not provided!" (tpl .Values.security.mTLS.filer.existingSecret .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the name of the secret containing the mTLS volume certificates
+*/}}
+{{- define "seaweedfs.security.mTLS.volume.secretName" -}}
+{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.volume.cert)) (not (empty .Values.security.mTLS.volume.key))) -}}
+    {{- printf "%s-crt" (include "seaweedfs.volume.fullname" .) -}}
+{{- else -}}
+    {{- required "An existing volume secret name must be provided if volume cert and key are not provided!" (tpl .Values.security.mTLS.volume.existingSecret .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the name of the secret containing the mTLS client certificates
+*/}}
+{{- define "seaweedfs.security.mTLS.client.secretName" -}}
+{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.security.mTLS.client.cert)) (not (empty .Values.security.mTLS.client.key))) -}}
+    {{- printf "%s-client-crt" (include "common.names.fullname" .) -}}
+{{- else -}}
+    {{- required "An existing client secret name must be provided if client cert and key are not provided!" (tpl .Values.security.mTLS.client.existingSecret .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the database hostname
+*/}}
+{{- define "seaweedfs.database.host" -}}
+{{- if .Values.mariadb.enabled }}
+    {{- if eq .Values.mariadb.architecture "replication" }}
+        {{- printf "%s-primary" (include "seaweedfs.mariadb.fullname" .) | trunc 63 | trimSuffix "-" -}}
+    {{- else -}}
+        {{- print (include "seaweedfs.mariadb.fullname" .) -}}
+    {{- end -}}
+{{- else -}}
+    {{- print .Values.externalDatabase.host -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the database port
+*/}}
+{{- define "seaweedfs.database.port" -}}
+{{- if .Values.mariadb.enabled }}
+    {{- print "3306" -}}
+{{- else -}}
+    {{- printf "%d" (.Values.externalDatabase.port | int ) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the database name
+*/}}
+{{- define "seaweedfs.database.name" -}}
+{{- if .Values.mariadb.enabled }}
+    {{- print .Values.mariadb.auth.database -}}
+{{- else -}}
+    {{- print .Values.externalDatabase.database -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the database user
+*/}}
+{{- define "seaweedfs.database.user" -}}
+{{- if .Values.mariadb.enabled }}
+    {{- print .Values.mariadb.auth.username -}}
+{{- else -}}
+    {{- print .Values.externalDatabase.user -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return the database secret name
+*/}}
+{{- define "seaweedfs.database.secretName" -}}
+{{- if .Values.mariadb.enabled }}
+    {{- if .Values.mariadb.auth.existingSecret -}}
+        {{- print (tpl .Values.mariadb.auth.existingSecret .) -}}
+    {{- else -}}
+        {{- print (include "seaweedfs.mariadb.fullname" .) -}}
+    {{- end -}}
+{{- else if .Values.externalDatabase.existingSecret -}}
+    {{- print (tpl .Values.externalDatabase.existingSecret .) -}}
+{{- else -}}
+    {{- printf "%s-externaldb" (include "common.names.fullname" .) -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Returns an init-container that waits for the database to be ready
+*/}}
+{{- define "seaweedfs.filer.waitForDBInitContainer" -}}
+- name: wait-for-db
+  image: {{ include "common.images.image" (dict "imageRoot" .Values.mariadb.image "global" .Values.global) }}
+  imagePullPolicy: {{ .Values.mariadb.image.pullPolicy }}
+  {{- if .Values.filer.containerSecurityContext.enabled }}
+  securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.filer.containerSecurityContext "context" $) | nindent 4 }}
+  {{- end }}
+  command:
+    - bash
+  args:
+    - -ec
+    - |
+      #!/bin/bash
+
+      set -o errexit
+      set -o nounset
+      set -o pipefail
+
+      . /opt/bitnami/scripts/liblog.sh
+      . /opt/bitnami/scripts/libvalidations.sh
+      . /opt/bitnami/scripts/libmariadb.sh
+      . /opt/bitnami/scripts/mariadb-env.sh
+
+      info "Waiting for host $DATABASE_HOST"
+      mariadb_is_ready() {
+          if ! echo "select 1" | mysql_remote_execute "$DATABASE_HOST" "$DATABASE_PORT_NUMBER" "$DATABASE_NAME" "$DATABASE_USER" "$DATABASE_PASSWORD"; then
+             return 1
+          fi
+          return 0
+      }
+      if ! retry_while "mariadb_is_ready"; then
+          error "Database not ready"
+          exit 1
+      fi
+      info "Database is ready"
+  env:
+    - name: BITNAMI_DEBUG
+      value: {{ ternary "true" "false" (or .Values.mariadb.image.debug .Values.diagnosticMode.enabled) | quote }}
+    - name: DATABASE_HOST
+      value: {{ include "seaweedfs.database.host" . | quote }}
+    - name: DATABASE_PORT_NUMBER
+      value: {{ include "seaweedfs.database.port" . | quote }}
+    - name: DATABASE_NAME
+      value: {{ include "seaweedfs.database.name" . | quote }}
+    - name: DATABASE_USER
+      value: {{ include "seaweedfs.database.user" . | quote }}
+    - name: DATABASE_PASSWORD
+      valueFrom:
+        secretKeyRef:
+          name: {{ include "seaweedfs.database.secretName" . }}
+          key: mariadb-password
+  volumeMounts:
+    - name: empty-dir
+      mountPath: /tmp
+      subPath: tmp-dir
+{{- end -}}
+
+{{/*
+Returns an init-container that generates auth configuration for the Amazon S3 API
+*/}}
+{{- define "seaweedfs.s3.authConfigInitContainer" -}}
+- name: auth-config-init
+  image: {{ template "seaweedfs.image" . }}
+  imagePullPolicy: {{ .Values.image.pullPolicy }}
+  {{- if .Values.s3.containerSecurityContext.enabled }}
+  securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.s3.containerSecurityContext "context" $) | nindent 4 }}
+  {{- end }}
+  command:
+    - bash
+  args:
+    - -ec
+    - |
+      #!/bin/bash
+
+      cat > "/auth/config.json" <<EOF
+      {
+        "identities": [
+          {
+            "name": "admin",
+            "credentials": [
+              {
+                "accessKey": "${ADMIN_ACCESS_KEY_ID}",
+                "secretKey": "${ADMIN_SECRET_ACCESS_KEY}"
+              }
+            ],
+            "actions": [
+              "Admin",
+              "Read",
+              "List",
+              "Tagging",
+              "Write"
+            ]
+          },
+          {
+            "name": "read_only",
+            "credentials": [
+              {
+                "accessKey": "${READ_ACCESS_KEY_ID}",
+                "secretKey": "${READ_SECRET_ACCESS_KEY}"
+              }
+            ],
+            "actions": [
+              "Read"
+            ]
+          }
+        ]
+      }
+      EOF
+  env:
+    - name: ADMIN_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
+          key: admin_access_key_id
+    - name: ADMIN_SECRET_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
+          key: admin_secret_access_key
+    - name: READ_ACCESS_KEY_ID
+      valueFrom:
+        secretKeyRef:
+          name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
+          key: read_access_key_id
+    - name: READ_SECRET_ACCESS_KEY
+      valueFrom:
+        secretKeyRef:
+          name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
+          key: read_secret_access_key
+  volumeMounts:
+    - name: empty-dir
+      mountPath: /auth
+      subPath: auth-dir
+{{- end -}}
+
+{{/*
+Return the name of the secret containing the WebDAV TLS certificates
+*/}}
+{{- define "seaweedfs.webdav.tls.secretName" -}}
+{{- if or .Values.security.mTLS.autoGenerated.enabled (and (not (empty .Values.webdav.tls.cert)) (not (empty .Values.webdav.tls.key))) -}}
+    {{- printf "%s-crt" (include "seaweedfs.webdav.fullname" .) -}}
+{{- else -}}
+    {{- required "An existing secret name must be provided if WebDAV TLS cert and key are not provided!" (tpl .Values.webdav.tls.existingSecret .) -}}
+{{- end -}}
+{{- end -}}
+
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "seaweedfs.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.security.mTLS" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.master.replicaCount" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.volume.replicaCount" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.volume.dataVolumes" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.filer.database" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.s3" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.webdav" .) -}}
+{{- $messages := append $messages (include "seaweedfs.validateValues.webdav.tls" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - MTLS
+*/}}
+{{- define "seaweedfs.validateValues.security.mTLS" -}}
+{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled -}}
+{{- if or (not (empty .Values.security.mTLS.ca)) (not (empty .Values.security.mTLS.master.cert)) (not (empty .Values.security.mTLS.master.key)) (not (empty .Values.security.mTLS.volume.cert)) (not (empty .Values.security.mTLS.volume.key)) (not (empty .Values.security.mTLS.filer.cert)) (not (empty .Values.security.mTLS.filer.key)) (not (empty .Values.security.mTLS.client.cert)) (not (empty .Values.security.mTLS.client.key)) -}}
+security.mTLS.autoGenerated
+    When enabling auto-generated MTLS certificates, all certificate and key fields must be empty.
+    Please disable auto-generated MTLS certificates (--set security.mTLS.autoGenerated.enabled=false) or
+    remove the certificate and key fields.
+{{- end -}}
+{{- if or (not (empty .Values.security.mTLS.existingCASecret) ) (not (empty .Values.security.mTLS.master.existingSecret)) (not (empty .Values.security.mTLS.volume.existingSecret)) (not (empty .Values.security.mTLS.filer.existingSecret)) (not (empty .Values.security.mTLS.client.existingSecret)) -}}
+security.mTLS.autoGenerated
+    When enabling auto-generated MTLS certificates, all existing secret fields must be empty.
+    Please disable auto-generated MTLS certificates (--set security.mTLS.autoGenerated.enabled=false) or
+    remove the existing secret fields.
+{{- end -}}
+{{- if and (ne .Values.security.mTLS.autoGenerated.engine "helm") (ne .Values.security.mTLS.autoGenerated.engine "cert-manager") -}}
+security.mTLS.autoGenerated.engine
+    Invalid mechanism to generate the mTLS certificates selected. Valid values are "helm" and
+    "cert-manager". Please set a valid one (--set security.mTLS.autoGenerated.engine="xxx")
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - number of Master server replicas
+*/}}
+{{- define "seaweedfs.validateValues.master.replicaCount" -}}
+{{- $masterReplicaCount := int .Values.master.replicaCount }}
+{{- if and .Values.master.persistence.enabled .Values.master.persistence.existingClaim (gt $masterReplicaCount 1) -}}
+master.replicaCount
+    A single existing PVC cannot be shared between multiple Master Server replicas.
+    Please set a valid number of replicas (--set master.replicaCount=1), disable persistence
+    (--set master.persistence.enabled=false) or rely on dynamic provisioning via Persitent
+    Volume Claims (--set master.persistence.existingClaim="").
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - number of Volume server replicas
+*/}}
+{{- define "seaweedfs.validateValues.volume.replicaCount" -}}
+{{- $volumeReplicaCount := int .Values.volume.replicaCount }}
+{{- range .Values.volume.dataVolumes -}}
+{{- if and .persistence.enabled .persistence.existingClaim (gt $volumeReplicaCount 1) -}}
+volume.replicaCount
+    A single existing PVC cannot be shared between multiple Volume Server replicas.
+    Please set a valid number of replicas (--set volume.replicaCount=1), disable persistence
+    (--set volume.dataVolumes[].persistence.enabled=false) or rely on dynamic provisioning via Persitent
+    Volume Claims (--set volume.dataVolumes[].persistence.existingClaim="").
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - Duplicates on Volume server dataVolumes
+*/}}
+{{- define "seaweedfs.validateValues.volume.dataVolumes" -}}
+{{- $uniqueNames := list -}}
+{{- $uniqueMountPaths := list -}}
+{{- range .Values.volume.dataVolumes -}}
+{{- if has .name $uniqueNames -}}
+volume.dataVolumes[]
+    Duplicate .name values are not allowed in the volume.dataVolumes array.
+    Please ensure that all .name values are unique.
+{{- else -}}
+{{- $uniqueNames = append $uniqueNames .name -}}
+{{- end -}}
+{{- if has .mountPath $uniqueMountPaths -}}
+volume.dataVolumes[]
+    Duplicate .mountPath values are not allowed in the volume.dataVolumes array.
+    Please ensure that all .mountPath values are unique.
+{{- else -}}
+{{- $uniqueMountPaths = append $uniqueMountPaths .mountPath -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - Filer server database
+*/}}
+{{- define "seaweedfs.validateValues.filer.database" -}}
+{{- if and (not .Values.filer.enabled) .Values.mariadb.enabled -}}
+mariadb.enabled
+    The Filer Server is disabled, but the MariaDB dependency is enabled.
+    Please enable the Filer Server (--set filer.enabled=true) or
+    disable the MariaDB dependency (--set mariadb.enabled=false).
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - Amazon S3 API
+*/}}
+{{- define "seaweedfs.validateValues.s3" -}}
+{{- if and (not .Values.filer.enabled) .Values.s3.enabled -}}
+s3.enabled
+    The Filer Server is disabled, but the Amazon S3 API is enabled.
+    Please enable the Filer Server (--set filer.enabled=true) or
+    disable the Amazon S3 API (--set s3.enabled=false).
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - WebDAV
+*/}}
+{{- define "seaweedfs.validateValues.webdav" -}}
+{{- if and (not .Values.filer.enabled) .Values.webdav.enabled -}}
+s3.enabled
+    The Filer Server is disabled, but WebDAV is enabled.
+    Please enable the Filer Server (--set filer.enabled=true) or
+    disable WebDAV (--set webdav.enabled=false).
+{{- end -}}
+{{- end -}}
+
+{{/*
+Validate values of SeaweedFS - WebDAV TLS
+*/}}
+{{- define "seaweedfs.validateValues.webdav.tls" -}}
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled .Values.security.mTLS.autoGenerated.enabled -}}
+{{- if or (not (empty .Values.webdav.tls.cert)) (not (empty .Values.webdav.tls.key)) -}}
+webdav.tls.autoGenerated
+    When enabling auto-generated TLS certificates, certificate and key fields must be empty.
+    Please disable auto-generated TLS certificates (--set webdav.tls.autoGenerated=false) or
+    remove the certificate and key fields (--set webdav.tls.cert="",webdav.tls.key="").
+{{- end -}}
+{{- if not (empty .Values.webdav.tls.existingSecret) -}}
+webdav.tls.autoGenerated
+    When enabling auto-generated TLS certificates, the existing secret field must be empty.
+    Please disable auto-generated TLS certificates (--set webdav.tls.autoGenerated=false) or
+    remove the existing secret field (--set webdav.tls.existingSecret="").
+{{- end -}}
+{{- if and (ne .Values.webdav.tls.autoGenerated.engine "helm") (ne .Values.webdav.tls.autoGenerated.engine "cert-manager") -}}
+webdav.tls.autoGenerated.engine
+    Invalid mechanism to generate the TLS certificates selected. Valid values are "helm" and
+    "cert-manager". Please set a valid one (--set webdav.tls.autoGenerated.engine="xxx")
+{{- end -}}
+{{- end -}}
+{{- end -}}

bitnami/seaweedfs/templates/ca-cert.yaml

@@ -0,0 +1,50 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
+{{- if empty .Values.security.mTLS.autoGenerated.certManager.existingIssuer }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ printf "%s-clusterissuer" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  selfSigned: {}
+---
+{{- end }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+  commonName: {{ printf "%s-root-ca" (include "common.names.fullname" .) }}
+  isCA: true
+  issuerRef:
+    name: {{ default (printf "%s-clusterissuer" (include "common.names.fullname" .)) .Values.security.mTLS.autoGenerated.certManager.existingIssuer }}
+    kind: {{ default "Issuer" .Values.security.mTLS.autoGenerated.certManager.existingIssuerKind }}
+---
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  ca:
+    secretName: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+{{- end }}

bitnami/seaweedfs/templates/client-cert.yaml

@@ -0,0 +1,34 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-client-crt" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-client-crt" (include "common.names.fullname" .) }}
+  commonName: {{ printf "%s-client" (include "common.names.fullname" .) }}
+  issuerRef:
+    name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+    kind: Issuer
+  subject:
+    organizations:
+      - "SeaweedFS"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/seaweedfs/templates/externaldb-secrets.yaml

@@ -0,0 +1,19 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if not (or .Values.mariadb.enabled .Values.externalDatabase.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-externaldb" (include "common.names.fullname" .) | trunc 63 | trimSuffix "-" }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  mariadb-password: {{ .Values.externalDatabase.password | b64enc | quote }}
+{{- end }}

bitnami/seaweedfs/templates/extra-list.yaml

@@ -0,0 +1,9 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- range .Values.extraDeploy }}
+---
+{{ include "common.tplvalues.render" (dict "value" . "context" $) }}
+{{- end }}

bitnami/seaweedfs/templates/filer/cert.yaml

@@ -0,0 +1,43 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.filer.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-crt" (include "seaweedfs.filer.fullname" .) }}
+  commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.filer.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
+  issuerRef:
+    name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+    kind: Issuer
+  subject:
+    organizations:
+      - "SeaweedFS"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ include "seaweedfs.filer.fullname" . }}'
+    - '*.{{ include "seaweedfs.filer.fullname" . }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "seaweedfs.filer.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "seaweedfs.filer.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/seaweedfs/templates/filer/configmap.yaml

@@ -0,0 +1,20 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.config (empty .Values.filer.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  filer.toml: |-
+{{ include "common.tplvalues.render" ( dict "value" .Values.filer.config "context" $ ) | indent 4 }}
+{{- end }}

bitnami/seaweedfs/templates/filer/headless-service.yaml

@@ -0,0 +1,37 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.filer.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if or .Values.filer.service.headless.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.service.headless.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: http
+      port: {{ .Values.filer.containerPorts.http }}
+      protocol: TCP
+    - name: grpc
+      port: {{ .Values.filer.containerPorts.grpc }}
+      protocol: TCP
+    {{- if .Values.filer.metrics.enabled }}
+    - name: tcp-metrics
+      port: {{ .Values.filer.containerPorts.metrics }}
+      protocol: TCP
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+{{- end }}

bitnami/seaweedfs/templates/filer/hpa.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+    kind: StatefulSet
+    name: {{ template "seaweedfs.filer.fullname" . }}
+  minReplicas: {{ .Values.filer.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.filer.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.filer.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.filer.autoscaling.targetMemory  }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.filer.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.filer.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.filer.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.filer.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/filer/ingress-tls-secret.yaml

@@ -0,0 +1,46 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.ingress.enabled }}
+{{- if .Values.filer.ingress.secrets }}
+{{- range .Values.filer.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "common.names.namespace" $ | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.filer.ingress.tls .Values.filer.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.filer.ingress.hostname }}
+{{- $ca := genCA "master-ca" 365 }}
+{{- $cert := genSignedCert .Values.filer.ingress.hostname nil (list .Values.filer.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}

bitnami/seaweedfs/templates/filer/ingress.yaml

@@ -0,0 +1,62 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.filer.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.ingress.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.filer.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.filer.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if or .Values.filer.ingress.hostname .Values.filer.ingress.path }}
+    - http:
+        paths:
+          {{- if .Values.filer.ingress.extraPaths }}
+          {{- toYaml .Values.filer.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.filer.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.filer.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.filer.fullname" .) "servicePort" "http" "context" $)  | nindent 14 }}
+      {{- if not (empty .Values.filer.ingress.hostname )}}
+      host: {{ .Values.filer.ingress.hostname }}
+      {{- end }}
+    {{- end }}
+    {{- range .Values.filer.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.filer.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.filer.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.filer.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.filer.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.filer.ingress.annotations )) .Values.filer.ingress.selfSigned)) .Values.filer.ingress.extraTls }}
+  tls:
+    {{- if and .Values.filer.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.filer.ingress.annotations )) .Values.filer.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.filer.ingress.hostname | quote }}
+      secretName: {{ printf "%s-tls" .Values.filer.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.filer.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.filer.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/filer/metrics-service.yaml

@@ -0,0 +1,31 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-metrics" (include "seaweedfs.filer.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+    app.kubernetes.io/part-of: metrics
+  {{- if or .Values.filer.metrics.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-metrics
+      port: {{ .Values.filer.metrics.service.port }}
+      {{- if not (eq .Values.filer.metrics.service.port .Values.filer.containerPorts.metrics) }}
+      targetPort: {{ .Values.filer.containerPorts.metrics }}
+      {{- end }}
+      protocol: TCP
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+{{- end }}

bitnami/seaweedfs/templates/filer/networkpolicy.yaml

@@ -0,0 +1,74 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.filer.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: filer
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    {{- if .Values.filer.networkPolicy.allowExternalEgress }}
+    - {}
+    {{- else }}
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    {{- if .Values.filer.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.filer.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.filer.containerPorts.http }}
+        - port: {{ .Values.filer.containerPorts.grpc }}
+        {{- if .Values.filer.metrics.enabled }}
+        - port: {{ .Values.filer.containerPorts.metrics }}
+        {{- end }}
+        {{- range .Values.filer.extraContainerPorts }}
+        - port: {{ .containerPort }}
+        {{- end }}
+      {{- if not .Values.filer.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "common.names.fullname" . }}-client: "true"
+        {{- if .Values.filer.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.filer.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.filer.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.filer.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- if .Values.filer.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.filer.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/filer/pdb.yaml

@@ -0,0 +1,29 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- $replicaCount := int .Values.filer.replicaCount }}
+{{- if and .Values.filer.enabled .Values.filer.pdb.create (or (gt $replicaCount 1) .Values.filer.autoscaling.enabled) }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.filer.pdb.minAvailable }}
+  minAvailable: {{ .Values.filer.pdb.minAvailable }}
+  {{- end  }}
+  {{- if .Values.filer.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.filer.pdb.maxUnavailable }}
+  {{- end  }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: filer
+{{- end }}

bitnami/seaweedfs/templates/filer/service.yaml

@@ -0,0 +1,63 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.filer.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if or .Values.filer.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.filer.service.type }}
+  {{- if and .Values.filer.service.clusterIP (eq .Values.filer.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.filer.service.clusterIP }}
+  {{- end }}
+  {{- if .Values.filer.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.filer.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.filer.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.filer.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if or (eq .Values.filer.service.type "LoadBalancer") (eq .Values.filer.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.filer.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.filer.service.type "LoadBalancer") (not (empty .Values.filer.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.filer.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.filer.service.type "LoadBalancer") (not (empty .Values.filer.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.filer.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.filer.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      {{- if and (or (eq .Values.filer.service.type "NodePort") (eq .Values.filer.service.type "LoadBalancer")) (not (empty .Values.filer.service.nodePorts.http)) }}
+      nodePort: {{ .Values.filer.service.nodePorts.http }}
+      {{- else if eq .Values.filer.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    - name: grpc
+      port: {{ .Values.filer.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      {{- if and (or (eq .Values.filer.service.type "NodePort") (eq .Values.filer.service.type "LoadBalancer")) (not (empty .Values.filer.service.nodePorts.grpc)) }}
+      nodePort: {{ .Values.filer.service.nodePorts.grpc }}
+      {{- else if eq .Values.filer.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- if .Values.filer.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.filer.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+{{- end }}

bitnami/seaweedfs/templates/filer/servicemonitor.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.filer.metrics.enabled .Values.filer.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ default (include "common.names.namespace" .) .Values.filer.metrics.serviceMonitor.namespace | quote }}
+  {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if or .Values.filer.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ .Values.filer.metrics.serviceMonitor.jobLabel | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: filer
+      app.kubernetes.io/part-of: metrics
+      {{- if .Values.filer.metrics.serviceMonitor.selector }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.filer.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+      {{- end }}
+  endpoints:
+    - port: tcp-metrics
+      path: "/metrics"
+      {{- if .Values.filer.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.filer.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.filer.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.filer.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.filer.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.filer.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.filer.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.filer.metrics.serviceMonitor.relabelings }}
+      relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+    - {{ include "common.names.namespace" . | quote }}
+{{- end }}

bitnami/seaweedfs/templates/filer/statefulset.yaml

@@ -0,0 +1,296 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.filer.enabled }}
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ template "seaweedfs.filer.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if or .Values.filer.statefulsetAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.filer.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.filer.autoscaling.enabled }}
+  replicas: {{ .Values.filer.replicaCount }}
+  {{- end }}
+  podManagementPolicy: {{ .Values.filer.podManagementPolicy | quote }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.filer.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: filer
+  serviceName: {{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}
+  {{- if .Values.filer.updateStrategy }}
+  updateStrategy: {{- toYaml .Values.filer.updateStrategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if and .Values.filer.config (empty .Values.filer.existingConfigmap) }}
+        checksum/config: {{ include (print $.Template.BasePath "/filer/configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.filer.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.filer.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: filer
+    spec:
+      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
+      serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}    
+      automountServiceAccountToken: {{ .Values.filer.automountServiceAccountToken }}
+      {{- if .Values.filer.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.filer.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.filer.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- if not (empty .Values.filer.podAffinityPreset) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.filer.podAffinityPreset "component" "filer" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.filer.podAntiAffinityPreset) }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.filer.podAntiAffinityPreset "component" "filer" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.filer.nodeAffinityPreset.type) }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.filer.nodeAffinityPreset.type "key" .Values.filer.nodeAffinityPreset.key "values" .Values.filer.nodeAffinityPreset.values) | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.filer.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.filer.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.filer.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.filer.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.filer.priorityClassName }}
+      priorityClassName: {{ .Values.filer.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.filer.schedulerName }}
+      schedulerName: {{ .Values.filer.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.filer.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.filer.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.filer.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.filer.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.filer.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.filer.terminationGracePeriodSeconds }}
+      {{- end }}
+      initContainers:
+        {{- include "seaweedfs.filer.waitForDBInitContainer" . | nindent 8 }}
+        {{- if .Values.filer.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.filer.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: seaweedfs
+          image: {{ template "seaweedfs.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.filer.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.filer.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.filer.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.filer.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.filer.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.filer.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - -logtostderr=true
+            - -v={{ .Values.filer.logLevel }}
+            {{- if or .Values.security.enabled .Values.filer.config .Values.filer.existingConfigmap }}
+            - -config_dir=/etc/seaweedfs
+            {{- end }}
+            - filer
+            - -ip.bind={{ .Values.filer.bindAddress }}
+            - -ip=$(POD_NAME).{{ printf "%s-headless" (include "seaweedfs.filer.fullname" .) }}.$(NAMESPACE).svc.{{ .Values.clusterDomain }}
+            - -port={{ .Values.filer.containerPorts.http }}
+            - -port.grpc={{ .Values.filer.containerPorts.grpc }}
+            - -master={{ include "seaweedfs.master.servers" . }}
+            {{- if .Values.filer.metrics.enabled }}
+            - -metricsPort={{ .Values.filer.containerPorts.metrics }}
+            {{- end }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: WEED_CLUSTER_DEFAULT
+              value: {{ .Values.clusterDefault | quote }}
+            - name: WEED_MYSQL_ENABLED
+              value: "true"
+            - name: WEED_MYSQL_HOSTNAME
+              value: {{ include "seaweedfs.database.host" . | quote }}
+            - name: WEED_MYSQL_PORT
+              value: {{ include "seaweedfs.database.port" . | quote }}
+            - name: WEED_MYSQL_DATABASE
+              value: {{ include "seaweedfs.database.name" . | quote }}
+            - name: WEED_MYSQL_USERNAME
+              value: {{ include "seaweedfs.database.user" . | quote }}
+            - name: WEED_MYSQL_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "seaweedfs.database.secretName" . }}
+                  key: mariadb-password
+            - name: WEED_MYSQL_CONNECTION_MAX_IDLE
+              value: "5"
+            - name: WEED_MYSQL_CONNECTION_MAX_OPEN
+              value: "75" 
+            - name: WEED_MYSQL_CONNECTION_MAX_LIFETIME_SECONDS
+              value: "600"
+            - name: WEED_MYSQL_INTERPOLATEPARAMS
+              value: "true"
+            {{- if .Values.filer.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.filer.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.filer.extraEnvVarsCM .Values.filer.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.filer.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.filer.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.filer.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.filer.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.filer.resources }}
+          resources: {{- toYaml .Values.filer.resources | nindent 12 }}
+          {{- else if ne .Values.filer.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.filer.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.filer.containerPorts.http }}
+            - name: grpc
+              containerPort: {{ .Values.filer.containerPorts.grpc }}
+            {{- if .Values.filer.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.filer.containerPorts.metrics }}
+            {{- end }}
+            {{- if .Values.filer.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.filer.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.filer.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.filer.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.filer.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.filer.livenessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /
+              port: http
+          {{- end }}
+          {{- if .Values.filer.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.filer.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.filer.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.filer.readinessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /
+              port: http
+          {{- end }}
+          {{- if .Values.filer.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.filer.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.filer.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.filer.startupProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /
+              port: http
+          {{- end }}
+          {{- end }}
+          {{- if .Values.filer.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.filer.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if or .Values.filer.config .Values.filer.existingConfigmap }}
+            - name: config
+              mountPath: /etc/seaweedfs/filer.toml
+              subPath: filer.toml
+              readOnly: true
+            {{- end }}
+            {{- if .Values.security.enabled }}
+            - name: security-config
+              mountPath: /etc/seaweedfs/security.toml
+              subPath: security.toml
+              readOnly: true
+            {{- if .Values.security.mTLS.enabled  }}
+            - name: ca-cert
+              readOnly: true
+              mountPath: /certs/ca
+            - name: master-cert
+              readOnly: true
+              mountPath: /certs/master
+            - name: filer-cert
+              readOnly: true
+              mountPath: /certs/filer
+            - name: volume-cert
+              readOnly: true
+              mountPath: /certs/volume
+            - name: client-cert
+              readOnly: true
+              mountPath: /certs/client
+            {{- end }}
+            {{- end }}
+          {{- if .Values.filer.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.filer.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.filer.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.filer.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if or .Values.filer.config .Values.filer.existingConfigmap }}
+        - name: config
+          configMap:
+            name: {{ template "seaweedfs.filer.configmapName" . }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        - name: security-config
+          configMap:
+            name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+        {{- if .Values.security.mTLS.enabled  }}
+        - name: ca-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+        - name: master-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
+        - name: filer-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
+        - name: volume-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
+        - name: client-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.filer.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.filer.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/master/cert.yaml

@@ -0,0 +1,43 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.master.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-crt" (include "seaweedfs.master.fullname" .) }}
+  commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.master.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
+  issuerRef:
+    name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+    kind: Issuer
+  subject:
+    organizations:
+      - "SeaweedFS"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ include "seaweedfs.master.fullname" . }}'
+    - '*.{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "seaweedfs.master.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/seaweedfs/templates/master/configmap.yaml

@@ -0,0 +1,20 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.master.config (empty .Values.master.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  master.toml: |-
+{{ include "common.tplvalues.render" ( dict "value" .Values.master.config "context" $ ) | indent 4 }}
+{{- end }}

bitnami/seaweedfs/templates/master/headless-service.yaml

@@ -0,0 +1,35 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.master.service.headless.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.service.headless.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: http
+      port: {{ .Values.master.containerPorts.http }}
+      protocol: TCP
+    - name: grpc
+      port: {{ .Values.master.containerPorts.grpc }}
+      protocol: TCP
+    {{- if .Values.master.metrics.enabled }}
+    - name: tcp-metrics
+      port: {{ .Values.master.containerPorts.metrics }}
+      protocol: TCP
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master

bitnami/seaweedfs/templates/master/hpa.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.master.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+    kind: StatefulSet
+    name: {{ template "seaweedfs.master.fullname" . }}
+  minReplicas: {{ .Values.master.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.master.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.master.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.master.autoscaling.targetMemory  }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.master.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.master.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.master.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.master.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/master/ingress-tls-secret.yaml

@@ -0,0 +1,46 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.master.ingress.enabled }}
+{{- if .Values.master.ingress.secrets }}
+{{- range .Values.master.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "common.names.namespace" $ | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.master.ingress.tls .Values.master.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.master.ingress.hostname }}
+{{- $ca := genCA "master-ca" 365 }}
+{{- $cert := genSignedCert .Values.master.ingress.hostname nil (list .Values.master.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}

bitnami/seaweedfs/templates/master/ingress.yaml

@@ -0,0 +1,62 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.master.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.master.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.ingress.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.master.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.master.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if or .Values.master.ingress.hostname .Values.master.ingress.path }}
+    - http:
+        paths:
+          {{- if .Values.master.ingress.extraPaths }}
+          {{- toYaml .Values.master.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.master.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.master.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.master.fullname" .) "servicePort" "http" "context" $)  | nindent 14 }}
+      {{- if not (empty .Values.master.ingress.hostname )}}
+      host: {{ .Values.master.ingress.hostname }}
+      {{- end }}
+    {{- end }}
+    {{- range .Values.master.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.master.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.master.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.master.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.master.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.master.ingress.annotations )) .Values.master.ingress.selfSigned)) .Values.master.ingress.extraTls }}
+  tls:
+    {{- if and .Values.master.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.master.ingress.annotations )) .Values.master.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.master.ingress.hostname | quote }}
+      secretName: {{ printf "%s-tls" .Values.master.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.master.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.master.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/master/metrics-service.yaml

@@ -0,0 +1,31 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.master.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-metrics" (include "seaweedfs.master.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+    app.kubernetes.io/part-of: metrics
+  {{- if or .Values.master.metrics.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-metrics
+      port: {{ .Values.master.metrics.service.port }}
+      {{- if not (eq .Values.master.metrics.service.port .Values.master.containerPorts.metrics) }}
+      targetPort: {{ .Values.master.containerPorts.metrics }}
+      {{- end }}
+      protocol: TCP
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+{{- end }}

bitnami/seaweedfs/templates/master/networkpolicy.yaml

@@ -0,0 +1,74 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.master.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.master.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: master
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    {{- if .Values.master.networkPolicy.allowExternalEgress }}
+    - {}
+    {{- else }}
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    {{- if .Values.master.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.master.containerPorts.http }}
+        - port: {{ .Values.master.containerPorts.grpc }}
+        {{- if .Values.master.metrics.enabled }}
+        - port: {{ .Values.master.containerPorts.metrics }}
+        {{- end }}
+        {{- range .Values.master.extraContainerPorts }}
+        - port: {{ .containerPort }}
+        {{- end }}
+      {{- if not .Values.master.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "common.names.fullname" . }}-client: "true"
+        {{- if .Values.master.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.master.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.master.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.master.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- if .Values.master.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.master.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/master/pdb.yaml

@@ -0,0 +1,29 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- $replicaCount := int .Values.master.replicaCount }}
+{{- if and .Values.master.pdb.create (or (gt $replicaCount 1) .Values.master.autoscaling.enabled) }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.master.pdb.minAvailable }}
+  minAvailable: {{ .Values.master.pdb.minAvailable }}
+  {{- end  }}
+  {{- if .Values.master.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.master.pdb.maxUnavailable }}
+  {{- end  }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: master
+{{- end }}

bitnami/seaweedfs/templates/master/service.yaml

@@ -0,0 +1,61 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.master.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.master.service.type }}
+  {{- if and .Values.master.service.clusterIP (eq .Values.master.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.master.service.clusterIP }}
+  {{- end }}
+  {{- if .Values.master.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.master.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.master.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.master.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if or (eq .Values.master.service.type "LoadBalancer") (eq .Values.master.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.master.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.master.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.master.service.type "LoadBalancer") (not (empty .Values.master.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.master.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.master.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      {{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) (not (empty .Values.master.service.nodePorts.http)) }}
+      nodePort: {{ .Values.master.service.nodePorts.http }}
+      {{- else if eq .Values.master.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    - name: grpc
+      port: {{ .Values.master.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      {{- if and (or (eq .Values.master.service.type "NodePort") (eq .Values.master.service.type "LoadBalancer")) (not (empty .Values.master.service.nodePorts.grpc)) }}
+      nodePort: {{ .Values.master.service.nodePorts.grpc }}
+      {{- else if eq .Values.master.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- if .Values.master.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.master.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master

bitnami/seaweedfs/templates/master/servicemonitor.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.master.metrics.enabled .Values.master.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ default (include "common.names.namespace" .) .Values.master.metrics.serviceMonitor.namespace | quote }}
+  {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.master.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.master.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ .Values.master.metrics.serviceMonitor.jobLabel | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: master
+      app.kubernetes.io/part-of: metrics
+      {{- if .Values.master.metrics.serviceMonitor.selector }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.master.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+      {{- end }}
+  endpoints:
+    - port: tcp-metrics
+      path: "/metrics"
+      {{- if .Values.master.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.master.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.master.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.master.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.master.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.master.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.master.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.master.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.master.metrics.serviceMonitor.relabelings }}
+      relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.master.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+    - {{ include "common.names.namespace" . | quote }}
+{{- end }}

bitnami/seaweedfs/templates/master/statefulset.yaml

@@ -0,0 +1,341 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ template "seaweedfs.master.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.master.statefulsetAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.master.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.master.autoscaling.enabled }}
+  replicas: {{ .Values.master.replicaCount }}
+  {{- end }}
+  podManagementPolicy: {{ .Values.master.podManagementPolicy | quote }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.master.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: master
+  serviceName: {{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}
+  {{- if .Values.master.updateStrategy }}
+  updateStrategy: {{- toYaml .Values.master.updateStrategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if and .Values.master.config (empty .Values.master.existingConfigmap) }}
+        checksum/config: {{ include (print $.Template.BasePath "/master/configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.master.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.master.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: master
+    spec:
+      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
+      serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}    
+      automountServiceAccountToken: {{ .Values.master.automountServiceAccountToken }}
+      {{- if .Values.master.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.master.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.master.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.master.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- if not (empty .Values.master.podAffinityPreset) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAffinityPreset "component" "master" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.master.podAntiAffinityPreset) }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.master.podAntiAffinityPreset "component" "master" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.master.nodeAffinityPreset.type) }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.master.nodeAffinityPreset.type "key" .Values.master.nodeAffinityPreset.key "values" .Values.master.nodeAffinityPreset.values) | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.master.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.master.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.master.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.master.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.master.priorityClassName }}
+      priorityClassName: {{ .Values.master.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.master.schedulerName }}
+      schedulerName: {{ .Values.master.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.master.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.master.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.master.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.master.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.master.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.master.terminationGracePeriodSeconds }}
+      {{- end }}
+      {{- if or (and .Values.volumePermissions.enabled .Values.master.persistence.enabled) .Values.master.initContainers }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled .Values.master.persistence.enabled }}
+        - name: volume-permissions
+          image: {{ include "seaweedfs.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - bash
+          args:
+            - -ec
+            - |
+              find {{ .Values.master.persistence.mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R {{ .Values.master.containerSecurityContext.runAsUser }}:{{ .Values.master.podSecurityContext.fsGroup }}
+          {{- if .Values.volumePermissions.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: {{ .Values.master.persistence.mountPath }}
+              {{- if .Values.master.persistence.subPath }}
+              subPath: {{ .Values.master.persistence.subPath }}
+              {{- end }}
+        {{- end }}
+        {{- if .Values.master.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.master.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: seaweedfs
+          image: {{ template "seaweedfs.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.master.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.master.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.master.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.master.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.master.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.master.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - -logtostderr=true
+            - -v={{ .Values.master.logLevel }}
+            {{- if or .Values.security.enabled .Values.master.config .Values.master.existingConfigmap }}
+            - -config_dir=/etc/seaweedfs
+            {{- end }}
+            - master
+            - -mdir={{ .Values.master.persistence.mountPath }}
+            - -ip.bind={{ .Values.master.bindAddress }}
+            - -ip=$(POD_NAME).{{ printf "%s-headless" (include "seaweedfs.master.fullname" .) }}.$(NAMESPACE).svc.{{ .Values.clusterDomain }}
+            - -port={{ .Values.master.containerPorts.http }}
+            - -port.grpc={{ .Values.master.containerPorts.grpc }}
+            - -peers={{ include "seaweedfs.master.servers" . }}
+            {{- if .Values.master.metrics.enabled }}
+            - -metricsPort={{ .Values.master.containerPorts.metrics }}
+            {{- end }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: WEED_CLUSTER_DEFAULT
+              value: {{ .Values.clusterDefault | quote }}
+            {{- if .Values.master.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.master.extraEnvVarsCM .Values.master.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.master.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.master.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.master.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.master.resources }}
+          resources: {{- toYaml .Values.master.resources | nindent 12 }}
+          {{- else if ne .Values.master.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.master.containerPorts.http }}
+            - name: grpc
+              containerPort: {{ .Values.master.containerPorts.grpc }}
+            {{- if .Values.master.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.master.containerPorts.metrics }}
+            {{- end }}
+            {{- if .Values.master.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.master.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.master.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.master.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.livenessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /cluster/status
+              port: http
+          {{- end }}
+          {{- if .Values.master.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.master.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.readinessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /cluster/status
+              port: http
+          {{- end }}
+          {{- if .Values.master.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.master.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.master.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.master.startupProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /cluster/status
+              port: http
+          {{- end }}
+          {{- end }}
+          {{- if .Values.master.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.master.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: data
+              mountPath: {{ .Values.master.persistence.mountPath }}
+              {{- if .Values.master.persistence.subPath }}
+              subPath: {{ .Values.master.persistence.subPath }}
+              {{- end }}
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if or .Values.master.config .Values.master.existingConfigmap }}
+            - name: config
+              mountPath: /etc/seaweedfs/master.toml
+              subPath: master.toml
+              readOnly: true
+            {{- end }}
+            {{- if .Values.security.enabled }}
+            - name: security-config
+              mountPath: /etc/seaweedfs/security.toml
+              subPath: security.toml
+              readOnly: true
+            {{- if .Values.security.mTLS.enabled  }}
+            - name: ca-cert
+              readOnly: true
+              mountPath: /certs/ca
+            - name: master-cert
+              readOnly: true
+              mountPath: /certs/master
+            - name: volume-cert
+              readOnly: true
+              mountPath: /certs/volume
+            {{- if .Values.filer.enabled }}
+            - name: filer-cert
+              readOnly: true
+              mountPath: /certs/filer
+            {{- end }}
+            - name: client-cert
+              readOnly: true
+              mountPath: /certs/client
+            {{- end }}
+            {{- end }}
+          {{- if .Values.master.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.master.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.master.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if or .Values.master.config .Values.master.existingConfigmap }}
+        - name: config
+          configMap:
+            name: {{ template "seaweedfs.master.configmapName" . }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        - name: security-config
+          configMap:
+            name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+        {{- if .Values.security.mTLS.enabled  }}
+        - name: ca-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+        - name: master-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
+        - name: volume-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
+        {{- if .Values.filer.enabled }}
+        - name: filer-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
+        {{- end }}
+        - name: client-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.master.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.master.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+  {{- if not .Values.master.persistence.enabled }}
+        - name: data
+          emptyDir: {}
+  {{- else if .Values.master.persistence.existingClaim }}
+        - name: data
+          persistentVolumeClaim:
+            claimName: {{ .Values.master.persistence.existingClaim }}
+  {{- else }}
+  volumeClaimTemplates:
+    - metadata:
+        name: data
+        {{- if or .Values.master.persistence.annotations .Values.commonAnnotations }}
+        {{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .Values.master.persistence.annotations .Values.commonAnnotations "context" .) | fromYaml }}
+        annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }}
+        {{- end }}
+        {{- if .Values.commonLabels }}
+        labels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 10 }}
+        {{- end }}
+      spec:
+        {{- if .Values.master.persistence.dataSource }}
+        dataSource: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.dataSource "context" $) | nindent 10 }}
+        {{- end }}
+        accessModes:
+        {{- range .Values.master.persistence.accessModes }}
+          - {{ . | quote }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.master.persistence.size | quote }}
+        {{- if .Values.master.persistence.selector }}
+        selector: {{- include "common.tplvalues.render" (dict "value" .Values.master.persistence.selector "context" $) | nindent 10 }}
+        {{- end }}
+        {{- include "common.storage.class" (dict "persistence" .Values.master.persistence "global" .Values.global) | nindent 8 }}
+  {{- end }}

bitnami/seaweedfs/templates/s3/auth-secret.yaml

@@ -0,0 +1,23 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-auth" (include "seaweedfs.s3.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  admin_access_key_id: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "admin_access_key_id" "length" 16 "providedValues" (list "s3.auth.adminAccessKeyId") "context" $) }}
+  admin_secret_access_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "admin_secret_access_key" "length" 32 "providedValues" (list "s3.auth.adminSecretAccessKey") "context" $) }}
+  read_access_key_id: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "read_access_key_id" "length" 16 "providedValues" (list "s3.auth.readAccessKeyId") "context" $) }}
+  read_secret_access_key: {{ include "common.secrets.passwords.manage" (dict "secret" (printf "%s-auth" (include "seaweedfs.s3.fullname" .)) "key" "read_secret_access_key" "length" 32 "providedValues" (list "s3.auth.readSecretAccessKey") "context" $) }}
+{{- end }}

bitnami/seaweedfs/templates/s3/deployment.yaml

@@ -0,0 +1,269 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if or .Values.s3.statefulsetAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.s3.autoscaling.enabled }}
+  replicas: {{ .Values.s3.replicaCount }}
+  {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: s3
+  {{- if .Values.s3.updateStrategy }}
+  strategy: {{- toYaml .Values.s3.updateStrategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if and .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
+        checksum/auth-secret: {{ include (print $.Template.BasePath "/s3/auth-secret.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.s3.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.s3.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: s3
+    spec:
+      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
+      serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}    
+      automountServiceAccountToken: {{ .Values.s3.automountServiceAccountToken }}
+      {{- if .Values.s3.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.s3.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.s3.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- if not (empty .Values.s3.podAffinityPreset) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.s3.podAffinityPreset "component" "s3" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.s3.podAntiAffinityPreset) }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.s3.podAntiAffinityPreset "component" "s3" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.s3.nodeAffinityPreset.type) }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.s3.nodeAffinityPreset.type "key" .Values.s3.nodeAffinityPreset.key "values" .Values.s3.nodeAffinityPreset.values) | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.s3.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.s3.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.s3.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.s3.priorityClassName }}
+      priorityClassName: {{ .Values.s3.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.s3.schedulerName }}
+      schedulerName: {{ .Values.s3.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.s3.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.s3.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.s3.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.s3.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.s3.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.s3.terminationGracePeriodSeconds }}
+      {{- end }}
+      initContainers:
+        {{- if and .Values.s3.auth.enabled (not .Values.s3.auth.existingSecret) }}
+        {{- include "seaweedfs.s3.authConfigInitContainer" . | nindent 8 }}
+        {{- end }}
+        {{- if .Values.s3.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.s3.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: seaweedfs
+          image: {{ template "seaweedfs.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.s3.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.s3.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.s3.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.s3.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.s3.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.s3.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - -logtostderr=true
+            - -v={{ .Values.s3.logLevel }}
+            - s3
+            {{- if .Values.s3.auth.enabled }}
+            - -config=/auth/{{ ternary "config.json" (default "config.json" .Values.s3.auth.existingSecretConfigKey) (empty .Values.s3.auth.existingSecret) }}
+            {{- end }}
+            - -ip.bind={{ .Values.s3.bindAddress }}
+            - -port={{ .Values.s3.containerPorts.http }}
+            - -port.grpc={{ .Values.s3.containerPorts.grpc }}
+            {{- if .Values.s3.metrics.enabled }}
+            - -metricsPort={{ .Values.s3.containerPorts.metrics }}
+            {{- end }}
+            - -filer={{ printf "%s:%d" (include "seaweedfs.filer.fullname" .) (int .Values.filer.service.ports.http) }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+            - name: WEED_CLUSTER_DEFAULT
+              value: {{ .Values.clusterDefault | quote }}
+            {{- if .Values.s3.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.s3.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.s3.extraEnvVarsCM .Values.s3.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.s3.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.s3.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.s3.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.s3.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.s3.resources }}
+          resources: {{- toYaml .Values.s3.resources | nindent 12 }}
+          {{- else if ne .Values.s3.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.s3.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.s3.containerPorts.http }}
+            - name: grpc
+              containerPort: {{ .Values.s3.containerPorts.grpc }}
+            {{- if .Values.s3.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.s3.containerPorts.metrics }}
+            {{- end }}
+            {{- if .Values.s3.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.s3.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.s3.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.s3.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.s3.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.s3.livenessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /status
+              port: http
+          {{- end }}
+          {{- if .Values.s3.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.s3.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.s3.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.s3.readinessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /status
+              port: http
+          {{- end }}
+          {{- if .Values.s3.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.s3.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.s3.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.s3.startupProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /status
+              port: http
+          {{- end }}
+          {{- end }}
+          {{- if .Values.s3.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.s3.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if .Values.s3.auth.enabled }}
+            - mountPath: /auth
+              readOnly: true
+            {{- if .Values.s3.auth.existingSecret }}
+              name: auth
+              subPath: {{ default "config.json" .Values.s3.auth.existingSecretConfigKey }}
+            {{- else }}
+              name: empty-dir
+              subPath: auth-dir
+            {{- end }}
+            {{- end }}
+            {{- if .Values.security.enabled }}
+            - name: security-config
+              mountPath: /etc/seaweedfs/security.toml
+              subPath: security.toml
+              readOnly: true
+            {{- if .Values.security.mTLS.enabled  }}
+            - name: ca-cert
+              readOnly: true
+              mountPath: /certs/ca
+            - name: master-cert
+              readOnly: true
+              mountPath: /certs/master
+            - name: filer-cert
+              readOnly: true
+              mountPath: /certs/filer
+            - name: volume-cert
+              readOnly: true
+              mountPath: /certs/volume
+            - name: client-cert
+              readOnly: true
+              mountPath: /certs/client
+            {{- end }}
+            {{- end }}
+          {{- if .Values.s3.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.s3.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.s3.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.s3.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if and .Values.s3.auth.enabled .Values.s3.auth.existingSecret }}
+        - name: auth
+          secret:
+            secretName: {{ print (tpl .Values.s3.auth.existingSecret .) }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        - name: security-config
+          configMap:
+            name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+        {{- if .Values.security.mTLS.enabled  }}
+        - name: ca-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+        - name: master-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
+        - name: filer-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
+        - name: volume-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
+        - name: client-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.s3.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.s3.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/s3/hpa.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+    kind: Deployment
+    name: {{ template "seaweedfs.s3.fullname" . }}
+  minReplicas: {{ .Values.s3.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.s3.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.s3.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.s3.autoscaling.targetMemory  }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.s3.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.s3.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.s3.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.s3.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/s3/ingress-tls-secret.yaml

@@ -0,0 +1,46 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.ingress.enabled }}
+{{- if .Values.s3.ingress.secrets }}
+{{- range .Values.s3.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "common.names.namespace" $ | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.s3.ingress.tls .Values.s3.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.s3.ingress.hostname }}
+{{- $ca := genCA "master-ca" 365 }}
+{{- $cert := genSignedCert .Values.s3.ingress.hostname nil (list .Values.s3.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}

bitnami/seaweedfs/templates/s3/ingress.yaml

@@ -0,0 +1,62 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.s3.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.ingress.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.s3.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.s3.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if or .Values.s3.ingress.hostname .Values.s3.ingress.path }}
+    - http:
+        paths:
+          {{- if .Values.s3.ingress.extraPaths }}
+          {{- toYaml .Values.s3.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.s3.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.s3.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.s3.fullname" .) "servicePort" "http" "context" $)  | nindent 14 }}
+      {{- if not (empty .Values.s3.ingress.hostname )}}
+      host: {{ .Values.s3.ingress.hostname }}
+      {{- end }}
+    {{- end }}
+    {{- range .Values.s3.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.s3.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.s3.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.s3.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.s3.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.s3.ingress.annotations )) .Values.s3.ingress.selfSigned)) .Values.s3.ingress.extraTls }}
+  tls:
+    {{- if and .Values.s3.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.s3.ingress.annotations )) .Values.s3.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.s3.ingress.hostname | quote }}
+      secretName: {{ printf "%s-tls" .Values.s3.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.s3.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.s3.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/s3/metrics-service.yaml

@@ -0,0 +1,31 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-metrics" (include "seaweedfs.s3.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+    app.kubernetes.io/part-of: metrics
+  {{- if or .Values.s3.metrics.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-metrics
+      port: {{ .Values.s3.metrics.service.port }}
+      {{- if not (eq .Values.s3.metrics.service.port .Values.s3.containerPorts.metrics) }}
+      targetPort: {{ .Values.s3.containerPorts.metrics }}
+      {{- end }}
+      protocol: TCP
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+{{- end }}

bitnami/seaweedfs/templates/s3/networkpolicy.yaml

@@ -0,0 +1,74 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.s3.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: s3
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    {{- if .Values.s3.networkPolicy.allowExternalEgress }}
+    - {}
+    {{- else }}
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    {{- if .Values.s3.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.s3.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.s3.containerPorts.http }}
+        - port: {{ .Values.s3.containerPorts.grpc }}
+        {{- if .Values.s3.metrics.enabled }}
+        - port: {{ .Values.s3.containerPorts.metrics }}
+        {{- end }}
+        {{- range .Values.s3.extraContainerPorts }}
+        - port: {{ .containerPort }}
+        {{- end }}
+      {{- if not .Values.s3.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "common.names.fullname" . }}-client: "true"
+        {{- if .Values.s3.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.s3.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.s3.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.s3.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- if .Values.s3.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.s3.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/s3/pdb.yaml

@@ -0,0 +1,29 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- $replicaCount := int .Values.s3.replicaCount }}
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.pdb.create (or (gt $replicaCount 1) .Values.s3.autoscaling.enabled) }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.s3.pdb.minAvailable }}
+  minAvailable: {{ .Values.s3.pdb.minAvailable }}
+  {{- end  }}
+  {{- if .Values.s3.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.s3.pdb.maxUnavailable }}
+  {{- end  }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: s3
+{{- end }}

bitnami/seaweedfs/templates/s3/service.yaml

@@ -0,0 +1,63 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if or .Values.s3.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.s3.service.type }}
+  {{- if and .Values.s3.service.clusterIP (eq .Values.s3.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.s3.service.clusterIP }}
+  {{- end }}
+  {{- if .Values.s3.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.s3.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.s3.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.s3.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if or (eq .Values.s3.service.type "LoadBalancer") (eq .Values.s3.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.s3.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.s3.service.type "LoadBalancer") (not (empty .Values.s3.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.s3.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.s3.service.type "LoadBalancer") (not (empty .Values.s3.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.s3.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.s3.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      {{- if and (or (eq .Values.s3.service.type "NodePort") (eq .Values.s3.service.type "LoadBalancer")) (not (empty .Values.s3.service.nodePorts.http)) }}
+      nodePort: {{ .Values.s3.service.nodePorts.http }}
+      {{- else if eq .Values.s3.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    - name: grpc
+      port: {{ .Values.s3.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      {{- if and (or (eq .Values.s3.service.type "NodePort") (eq .Values.s3.service.type "LoadBalancer")) (not (empty .Values.s3.service.nodePorts.grpc)) }}
+      nodePort: {{ .Values.s3.service.nodePorts.grpc }}
+      {{- else if eq .Values.s3.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- if .Values.s3.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.s3.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+{{- end }}

bitnami/seaweedfs/templates/s3/servicemonitor.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.s3.enabled .Values.s3.metrics.enabled .Values.s3.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "seaweedfs.s3.fullname" . }}
+  namespace: {{ default (include "common.names.namespace" .) .Values.s3.metrics.serviceMonitor.namespace | quote }}
+  {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.s3.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: s3
+  {{- if or .Values.s3.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.s3.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ .Values.s3.metrics.serviceMonitor.jobLabel | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: s3
+      app.kubernetes.io/part-of: metrics
+      {{- if .Values.s3.metrics.serviceMonitor.selector }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.s3.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+      {{- end }}
+  endpoints:
+    - port: tcp-metrics
+      path: "/metrics"
+      {{- if .Values.s3.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.s3.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.s3.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.s3.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.s3.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.s3.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.s3.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.s3.metrics.serviceMonitor.relabelings }}
+      relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.s3.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+    - {{ include "common.names.namespace" . | quote }}
+{{- end }}

bitnami/seaweedfs/templates/security-configmap.yaml

@@ -0,0 +1,89 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.security.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  security.toml: |-
+    # Security configuration
+    # Shared between master, volume and filer servers
+
+    # comma separated origins allowed to make requests to the filer and s3 gateway. 
+    # enter in this format: https://domain.com, or http://localhost:port
+    [cors.allowed_origins]
+    values = {{ .Values.security.corsAllowedOrigins | quote }}
+
+    {{- if .Values.security.jwtSigning.volumeWrite }}
+    # this jwt signing key is read by master and volume server, and it is used for write operations:
+    # - the Master server generates the JWT, which can be used to write a certain file on a volume server
+    # - the Volume server validates the JWT on writing
+    # the jwt defaults to expire after 10 seconds.
+    [jwt.signing]
+    key = {{ randAlphaNum 10 | b64enc | quote }}
+    {{- end }}
+
+    {{- if .Values.security.jwtSigning.volumeRead }}
+    # this jwt signing key is read by master and volume server, and it is used for read operations:
+    # - the Master server generates the JWT, which can be used to read a certain file on a volume server
+    # - the Volume server validates the JWT on reading
+    # NOTE: jwt for read is only supported with master+volume setup. Filer does not support this mode.
+    [jwt.signing.read]
+    key = {{ randAlphaNum 10 | b64enc | quote }}
+    {{- end }}
+
+    {{- if and .Values.filer.enabled .Values.security.jwtSigning.filerWrite }}
+    # If this JWT key is configured, Filer only accepts writes over HTTP if they are signed with this JWT:
+    # - f.e. the S3 API Shim generates the JWT
+    # - the Filer server validates the JWT on writing
+    # the jwt defaults to expire after 10 seconds.
+    [jwt.filer_signing]
+    key = {{ randAlphaNum 10 | b64enc | quote }}
+    {{- end }}
+
+    {{- if and .Values.filer.enabled .Values.security.jwtSigning.filerRead }}
+    # If this JWT key is configured, Filer only accepts reads over HTTP if they are signed with this JWT:
+    # - f.e. the S3 API Shim generates the JWT
+    # - the Filer server validates the JWT on writing
+    # the jwt defaults to expire after 10 seconds.
+    [jwt.filer_signing.read]
+    key = {{ randAlphaNum 10 | b64enc | quote }}
+    {{- end }}
+
+    {{- if .Values.security.mTLS.enabled }}
+    # all grpc tls authentications are mutual
+    # the values for the following ca, cert, and key are paths to the PERM files.
+    # the host name is not checked, so the PERM files can be shared.
+    [grpc]
+    ca = "/certs/ca/tls.crt"
+
+    [grpc.volume]
+    cert = "/certs/volume/tls.crt"
+    key  = "/certs/volume/tls.key"
+
+    [grpc.master]
+    cert = "/certs/master/tls.crt"
+    key  = "/certs/master/tls.key"
+
+    {{- if .Values.filer.enabled }}
+    [grpc.filer]
+    cert = "/certs/filer/tls.crt"
+    key  = "/certs/filer/tls.key"
+    {{- end }}
+
+    # use this for any place needs a grpc client
+    # i.e., "weed backup|benchmark|filer.copy|filer.replicate|mount|s3|upload"
+    [grpc.client]
+    cert = "/certs/client/tls.crt"
+    key  = "/certs/client/tls.key"
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/service-account.yaml

@@ -0,0 +1,18 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "seaweedfs.serviceAccountName" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.serviceAccount.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }}
+{{- end }}

bitnami/seaweedfs/templates/tls-secret.yaml

@@ -0,0 +1,177 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "helm") -}}
+{{- $ca := genCA "seaweedfs-ca" 365 }}
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
+{{- $secretAdminName := printf "%s-ca-crt" (include "common.names.fullname" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretAdminName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretAdminName "key" "tls.crt" "defaultValue" $ca.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretAdminName "key" "tls.key" "defaultValue" $ca.Key "context" $) }}
+---
+{{- $masterFullname := include "seaweedfs.master.fullname" . -}}
+{{- $masterHeadlessSvcName := printf "%s-headless" (include "seaweedfs.master.fullname" .) -}}
+{{- $masterAltNames := list (printf "*.%s.%s.svc.%s" $masterHeadlessSvcName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $masterHeadlessSvcName $releaseNamespace $clusterDomain) $masterHeadlessSvcName (printf "%s.%s.svc.%s" $masterFullname $releaseNamespace $clusterDomain) $masterFullname "127.0.0.1" "localhost" }}
+{{- $masterCert := genSignedCert $masterFullname nil $masterAltNames 365 $ca }}
+{{- $masterSecretName := printf "%s-crt" (include "seaweedfs.master.fullname" .) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $masterSecretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $masterSecretName "key" "tls.crt" "defaultValue" $masterCert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $masterSecretName "key" "tls.key" "defaultValue" $masterCert.Key "context" $) }}
+---
+{{- $volumeFullname := include "seaweedfs.volume.fullname" . -}}
+{{- $volumeHeadlessSvcName := printf "%s-headless" (include "seaweedfs.volume.fullname" .) -}}
+{{- $volumeAltNames := list (printf "*.%s.%s.svc.%s" $volumeHeadlessSvcName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $volumeHeadlessSvcName $releaseNamespace $clusterDomain) $volumeHeadlessSvcName (printf "%s.%s.svc.%s" $volumeFullname $releaseNamespace $clusterDomain) $volumeFullname "127.0.0.1" "localhost" }}
+{{- $volumeCert := genSignedCert $volumeFullname nil $volumeAltNames 365 $ca }}
+{{- $volumeSecretName := printf "%s-crt" (include "seaweedfs.volume.fullname" .) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $volumeSecretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $volumeSecretName "key" "tls.crt" "defaultValue" $volumeCert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $volumeSecretName "key" "tls.key" "defaultValue" $volumeCert.Key "context" $) }}
+---
+{{- if .Values.filer.enabled }}
+{{- $filerFullname := include "seaweedfs.filer.fullname" . -}}
+{{- $filerHeadlessSvcName := printf "%s-headless" (include "seaweedfs.filer.fullname" .) -}}
+{{- $filerAltNames := list (printf "*.%s.%s.svc.%s" $filerHeadlessSvcName $releaseNamespace $clusterDomain) (printf "%s.%s.svc.%s" $filerHeadlessSvcName $releaseNamespace $clusterDomain) $filerHeadlessSvcName (printf "%s.%s.svc.%s" $filerFullname $releaseNamespace $clusterDomain) $filerFullname "127.0.0.1" "localhost" }}
+{{- $filerCert := genSignedCert $filerFullname nil $filerAltNames 365 $ca }}
+{{- $filerSecretName := printf "%s-crt" (include "seaweedfs.filer.fullname" .) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $filerSecretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $filerSecretName "key" "tls.crt" "defaultValue" $filerCert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $filerSecretName "key" "tls.key" "defaultValue" $filerCert.Key "context" $) }}
+---
+{{- end }}
+{{- $clientCert := genSignedCert "client" nil nil 365 $ca }}
+{{- $clientSecretName := printf "%s-client-crt" (include "common.names.fullname" .) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $clientSecretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $clientSecretName "key" "tls.crt" "defaultValue" $clientCert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $clientSecretName "key" "tls.key" "defaultValue" $clientCert.Key "context" $) }}
+{{- else if and .Values.security.enabled .Values.security.mTLS.enabled (not .Values.security.mTLS.autoGenerated.enabled) (empty .Values.security.mTLS.existingCASecret) (empty .Values.security.mTLS.master.existingSecret) (empty .Values.security.mTLS.volume.existingSecret) (empty .Values.security.mTLS.filer.existingSecret) (empty .Values.security.mTLS.client.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-ca-crt" (include "common.names.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ required "A valid .Values.security.mTLS.ca entry required!" .Values.security.mTLS.ca | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.master.fullname" .) -}}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ required "A valid .Values.security.mTLS.master.cert entry required!" .Values.security.mTLS.master.cert | b64enc | quote }}
+  tls.key: {{ required "A valid .Values.security.mTLS.master.key entry required!" .Values.security.mTLS.master.key | b64enc | quote }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.volume.fullname" .) -}}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ required "A valid .Values.security.mTLS.volume.cert entry required!" .Values.security.mTLS.volume.cert | b64enc | quote }}
+  tls.key: {{ required "A valid .Values.security.mTLS.volume.key entry required!" .Values.security.mTLS.volume.key | b64enc | quote }}
+---
+{{- if .Values.filer.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.filer.fullname" .) -}}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: filer
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ required "A valid .Values.security.mTLS.filer.cert entry required!" .Values.security.mTLS.filer.cert | b64enc | quote }}
+  tls.key: {{ required "A valid .Values.security.mTLS.filer.key entry required!" .Values.security.mTLS.filer.key | b64enc | quote }}
+---
+{{- end }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-client-crt" (include "common.names.fullname" .) -}}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ required "A valid .Values.security.mTLS.client.cert entry required!" .Values.security.mTLS.client.cert | b64enc | quote }}
+  tls.key: {{ required "A valid .Values.security.mTLS.client.key entry required!" .Values.security.mTLS.client.key | b64enc | quote }}
+{{- end }}
+

bitnami/seaweedfs/templates/volume/cert.yaml

@@ -0,0 +1,43 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.security.enabled .Values.security.mTLS.enabled .Values.security.mTLS.autoGenerated.enabled (eq .Values.security.mTLS.autoGenerated.engine "cert-manager") }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.volume.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-crt" (include "seaweedfs.volume.fullname" .) }}
+  commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.volume.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
+  issuerRef:
+    name: {{ printf "%s-ca-issuer" (include "common.names.fullname" .) }}
+    kind: Issuer
+  subject:
+    organizations:
+      - "SeaweedFS"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ include "seaweedfs.volume.fullname" . }}'
+    - '*.{{ include "seaweedfs.volume.fullname" . }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "seaweedfs.volume.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "seaweedfs.volume.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.security.mTLS.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.security.mTLS.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.security.mTLS.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.security.mTLS.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/seaweedfs/templates/volume/configmap.yaml

@@ -0,0 +1,20 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.volume.config (empty .Values.volume.existingConfigmap) }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  volume.toml: |-
+{{ include "common.tplvalues.render" ( dict "value" .Values.volume.config "context" $ ) | indent 4 }}
+{{- end }}

bitnami/seaweedfs/templates/volume/headless-service.yaml

@@ -0,0 +1,35 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if or .Values.volume.service.headless.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.service.headless.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - name: http
+      port: {{ .Values.volume.containerPorts.http }}
+      protocol: TCP
+    - name: grpc
+      port: {{ .Values.volume.containerPorts.grpc }}
+      protocol: TCP
+    {{- if .Values.volume.metrics.enabled }}
+    - name: tcp-metrics
+      port: {{ .Values.volume.containerPorts.metrics }}
+      protocol: TCP
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume

bitnami/seaweedfs/templates/volume/hpa.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.volume.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+    kind: StatefulSet
+    name: {{ template "seaweedfs.volume.fullname" . }}
+  minReplicas: {{ .Values.volume.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.volume.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.volume.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.volume.autoscaling.targetMemory  }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.volume.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.volume.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.volume.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.volume.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/volume/ingress-tls-secret.yaml

@@ -0,0 +1,46 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.volume.ingress.enabled }}
+{{- if .Values.volume.ingress.secrets }}
+{{- range .Values.volume.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "common.names.namespace" $ | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.volume.ingress.tls .Values.volume.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.volume.ingress.hostname }}
+{{- $ca := genCA "volume-ca" 365 }}
+{{- $cert := genSignedCert .Values.volume.ingress.hostname nil (list .Values.volume.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}

bitnami/seaweedfs/templates/volume/ingress.yaml

@@ -0,0 +1,62 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.volume.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if or .Values.volume.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.ingress.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.volume.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.volume.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if or .Values.volume.ingress.hostname .Values.volume.ingress.path }}
+    - http:
+        paths:
+          {{- if .Values.volume.ingress.extraPaths }}
+          {{- toYaml .Values.volume.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.volume.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.volume.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.volume.fullname" .) "servicePort" "http" "context" $)  | nindent 14 }}
+      {{- if not (empty .Values.volume.ingress.hostname )}}
+      host: {{ .Values.volume.ingress.hostname }}
+      {{- end }}
+    {{- end }}
+    {{- range .Values.volume.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.volume.fullname" $) "servicePort" "http" "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.volume.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.volume.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.volume.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.volume.ingress.annotations )) .Values.volume.ingress.selfSigned)) .Values.volume.ingress.extraTls }}
+  tls:
+    {{- if and .Values.volume.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.volume.ingress.annotations )) .Values.volume.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.volume.ingress.hostname | quote }}
+      secretName: {{ printf "%s-tls" .Values.volume.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.volume.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.volume.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/volume/metrics-service.yaml

@@ -0,0 +1,31 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.volume.metrics.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ printf "%s-metrics" (include "seaweedfs.volume.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+    app.kubernetes.io/part-of: metrics
+  {{- if or .Values.volume.metrics.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.metrics.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: ClusterIP
+  ports:
+    - name: tcp-metrics
+      port: {{ .Values.volume.metrics.service.port }}
+      {{- if not (eq .Values.volume.metrics.service.port .Values.volume.containerPorts.metrics) }}
+      targetPort: {{ .Values.volume.containerPorts.metrics }}
+      {{- end }}
+      protocol: TCP
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+{{- end }}

bitnami/seaweedfs/templates/volume/networkpolicy.yaml

@@ -0,0 +1,74 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if .Values.volume.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.volume.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: volume
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    {{- if .Values.volume.networkPolicy.allowExternalEgress }}
+    - {}
+    {{- else }}
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    {{- if .Values.volume.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.volume.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.volume.containerPorts.http }}
+        - port: {{ .Values.volume.containerPorts.grpc }}
+        {{- if .Values.volume.metrics.enabled }}
+        - port: {{ .Values.volume.containerPorts.metrics }}
+        {{- end }}
+        {{- range .Values.volume.extraContainerPorts }}
+        - port: {{ .containerPort }}
+        {{- end }}
+      {{- if not .Values.volume.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "common.names.fullname" . }}-client: "true"
+        {{- if .Values.volume.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.volume.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.volume.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.volume.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- if .Values.volume.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.volume.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/volume/pdb.yaml

@@ -0,0 +1,29 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- $replicaCount := int .Values.volume.replicaCount }}
+{{- if and .Values.volume.pdb.create (or (gt $replicaCount 1) .Values.volume.autoscaling.enabled) }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.volume.pdb.minAvailable }}
+  minAvailable: {{ .Values.volume.pdb.minAvailable }}
+  {{- end  }}
+  {{- if .Values.volume.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.volume.pdb.maxUnavailable }}
+  {{- end  }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: volume
+{{- end }}

bitnami/seaweedfs/templates/volume/service.yaml

@@ -0,0 +1,61 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if or .Values.volume.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.volume.service.type }}
+  {{- if and .Values.volume.service.clusterIP (eq .Values.volume.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.volume.service.clusterIP }}
+  {{- end }}
+  {{- if .Values.volume.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.volume.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.volume.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.volume.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if or (eq .Values.volume.service.type "LoadBalancer") (eq .Values.volume.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.volume.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.volume.service.type "LoadBalancer") (not (empty .Values.volume.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.volume.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.volume.service.type "LoadBalancer") (not (empty .Values.volume.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.volume.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: http
+      port: {{ .Values.volume.service.ports.http }}
+      targetPort: http
+      protocol: TCP
+      {{- if and (or (eq .Values.volume.service.type "NodePort") (eq .Values.volume.service.type "LoadBalancer")) (not (empty .Values.volume.service.nodePorts.http)) }}
+      nodePort: {{ .Values.volume.service.nodePorts.http }}
+      {{- else if eq .Values.volume.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    - name: grpc
+      port: {{ .Values.volume.service.ports.grpc }}
+      targetPort: grpc
+      protocol: TCP
+      {{- if and (or (eq .Values.volume.service.type "NodePort") (eq .Values.volume.service.type "LoadBalancer")) (not (empty .Values.volume.service.nodePorts.grpc)) }}
+      nodePort: {{ .Values.volume.service.nodePorts.grpc }}
+      {{- else if eq .Values.volume.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- if .Values.volume.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.volume.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume

bitnami/seaweedfs/templates/volume/servicemonitor.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.volume.metrics.enabled .Values.volume.metrics.serviceMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ default (include "common.names.namespace" .) .Values.volume.metrics.serviceMonitor.namespace | quote }}
+  {{- $labels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.metrics.serviceMonitor.labels .Values.commonLabels) "context" .) }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $labels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if or .Values.volume.metrics.serviceMonitor.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.metrics.serviceMonitor.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  jobLabel: {{ .Values.volume.metrics.serviceMonitor.jobLabel | quote }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: volume
+      app.kubernetes.io/part-of: metrics
+      {{- if .Values.volume.metrics.serviceMonitor.selector }}
+      {{- include "common.tplvalues.render" (dict "value" .Values.volume.metrics.serviceMonitor.selector "context" $) | nindent 6 }}
+      {{- end }}
+  endpoints:
+    - port: tcp-metrics
+      path: "/metrics"
+      {{- if .Values.volume.metrics.serviceMonitor.interval }}
+      interval: {{ .Values.volume.metrics.serviceMonitor.interval }}
+      {{- end }}
+      {{- if .Values.volume.metrics.serviceMonitor.scrapeTimeout }}
+      scrapeTimeout: {{ .Values.volume.metrics.serviceMonitor.scrapeTimeout }}
+      {{- end }}
+      {{- if .Values.volume.metrics.serviceMonitor.honorLabels }}
+      honorLabels: {{ .Values.volume.metrics.serviceMonitor.honorLabels }}
+      {{- end }}
+      {{- if .Values.volume.metrics.serviceMonitor.metricRelabelings }}
+      metricRelabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.metrics.serviceMonitor.metricRelabelings "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.volume.metrics.serviceMonitor.relabelings }}
+      relabelings: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.metrics.serviceMonitor.relabelings "context" $) | nindent 8 }}
+      {{- end }}
+  namespaceSelector:
+    matchNames:
+    - {{ include "common.names.namespace" . | quote }}
+{{- end }}

bitnami/seaweedfs/templates/volume/statefulset.yaml

@@ -0,0 +1,359 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+apiVersion: {{ include "common.capabilities.statefulset.apiVersion" . }}
+kind: StatefulSet
+metadata:
+  name: {{ template "seaweedfs.volume.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: volume
+  {{- if or .Values.volume.statefulsetAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.volume.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.volume.autoscaling.enabled }}
+  replicas: {{ .Values.volume.replicaCount }}
+  {{- end }}
+  podManagementPolicy: {{ .Values.volume.podManagementPolicy | quote }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.volume.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: volume
+  serviceName: {{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}
+  {{- if .Values.volume.updateStrategy }}
+  updateStrategy: {{- toYaml .Values.volume.updateStrategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if and .Values.volume.config (empty .Values.volume.existingConfigmap) }}
+        checksum/config: {{ include (print $.Template.BasePath "/volume/configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.volume.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.volume.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: volume
+    spec:
+      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
+      serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}    
+      automountServiceAccountToken: {{ .Values.volume.automountServiceAccountToken }}
+      {{- if .Values.volume.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.volume.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.volume.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- if not (empty .Values.volume.podAffinityPreset) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.volume.podAffinityPreset "component" "volume" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.volume.podAntiAffinityPreset) }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.volume.podAntiAffinityPreset "component" "volume" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.volume.nodeAffinityPreset.type) }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.volume.nodeAffinityPreset.type "key" .Values.volume.nodeAffinityPreset.key "values" .Values.volume.nodeAffinityPreset.values) | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.volume.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.volume.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.volume.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.volume.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.volume.priorityClassName }}
+      priorityClassName: {{ .Values.volume.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.volume.schedulerName }}
+      schedulerName: {{ .Values.volume.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.volume.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.volume.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.volume.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.volume.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.volume.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.volume.terminationGracePeriodSeconds }}
+      {{- end }}
+      {{- if or (and .Values.volumePermissions.enabled (include "seaweedfs.volume.persistence.enabled" .)) .Values.volume.initContainers }}
+      initContainers:
+        {{- if and .Values.volumePermissions.enabled (include "seaweedfs.volume.persistence.enabled" .) }}
+        - name: volume-permissions
+          image: {{ include "seaweedfs.volumePermissions.image" . }}
+          imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy | quote }}
+          command:
+            - bash
+          args:
+            - -ec
+            - |
+              {{- $chown := printf "%d:%d" (int .Values.volume.containerSecurityContext.runAsUser) (int .Values.volume.podSecurityContext.fsGroup) }}
+              {{- range .Values.volume.dataVolumes }}
+              find {{ .mountPath }} -mindepth 1 -maxdepth 1 -not -name ".snapshot" -not -name "lost+found" | xargs chown -R {{ $chown }}
+              {{- end }}
+          {{- if .Values.volumePermissions.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volumePermissions.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.volumePermissions.resources }}
+          resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
+          {{- else if ne .Values.volumePermissions.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            {{- range .Values.volume.dataVolumes }}
+            - name: data
+              mountPath: {{ .mountPath }}
+              {{- if .subPath }}
+              subPath: {{ .subPath }}
+              {{- end }}
+            {{- end }}
+        {{- end }}
+        {{- if .Values.volume.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.volume.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      {{- end }}
+      containers:
+        - name: seaweedfs
+          image: {{ template "seaweedfs.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.volume.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.volume.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.volume.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.volume.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.volume.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.volume.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - -logtostderr=true
+            - -v={{ .Values.volume.logLevel }}
+            {{- if or .Values.security.enabled .Values.volume.config .Values.volume.existingConfigmap }}
+            - -config_dir=/etc/seaweedfs
+            {{- end }}
+            - volume
+            {{- $dataDirs := list }}
+            {{- range .Values.volume.dataVolumes }}
+            {{- $dataDirs = append $dataDirs .mountPath }}
+            {{- end }}
+            - -dir={{ join "," $dataDirs }}
+            - -ip.bind={{ .Values.volume.bindAddress }}
+            - -ip=$(POD_NAME).{{ printf "%s-headless" (include "seaweedfs.volume.fullname" .) }}.$(NAMESPACE).svc.{{ .Values.clusterDomain }}
+            - -port={{ .Values.volume.containerPorts.http }}
+            - -port.grpc={{ .Values.volume.containerPorts.grpc }}
+            - -port.public={{ .Values.volume.service.ports.http }}
+            - -publicUrl={{ printf "%s:%d" (include "seaweedfs.volume.publicUrl" .) (int .Values.volume.service.ports.http) }}
+            - -mserver={{ include "seaweedfs.master.servers" . }}
+            {{- if .Values.volume.metrics.enabled }}
+            - -metricsPort={{ .Values.volume.containerPorts.metrics }}
+            {{- end }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: WEED_CLUSTER_DEFAULT
+              value: {{ .Values.clusterDefault | quote }}
+            {{- if .Values.volume.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.volume.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.volume.extraEnvVarsCM .Values.volume.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.volume.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.volume.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.volume.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.volume.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.volume.resources }}
+          resources: {{- toYaml .Values.volume.resources | nindent 12 }}
+          {{- else if ne .Values.volume.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.volume.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: http
+              containerPort: {{ .Values.volume.containerPorts.http }}
+            - name: grpc
+              containerPort: {{ .Values.volume.containerPorts.grpc }}
+            {{- if .Values.volume.metrics.enabled }}
+            - name: metrics
+              containerPort: {{ .Values.volume.containerPorts.metrics }}
+            {{- end }}
+            {{- if .Values.volume.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.volume.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.volume.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.volume.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.volume.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.volume.livenessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /status
+              port: http
+          {{- end }}
+          {{- if .Values.volume.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.volume.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.volume.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.volume.readinessProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /status
+              port: http
+          {{- end }}
+          {{- if .Values.volume.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.volume.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.volume.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.volume.startupProbe "enabled") "context" $) | nindent 12 }}
+            httpGet:
+              path: /status
+              port: http
+          {{- end }}
+          {{- end }}
+          {{- if .Values.volume.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.volume.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            {{- range .Values.volume.dataVolumes }}
+            - name: {{ .name }}
+              mountPath: {{ .mountPath }}
+              {{- if .subPath }}
+              subPath: {{ .subPath }}
+              {{- end }}
+            {{- end }}
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            {{- if or .Values.volume.config .Values.volume.existingConfigmap }}
+            - name: config
+              mountPath: /etc/seaweedfs/volume.toml
+              subPath: volume.toml
+              readOnly: true
+            {{- end }}
+            {{- if .Values.security.enabled }}
+            - name: security-config
+              mountPath: /etc/seaweedfs/security.toml
+              subPath: security.toml
+              readOnly: true
+            {{- if .Values.security.mTLS.enabled  }}
+            - name: ca-cert
+              readOnly: true
+              mountPath: /certs/ca
+            - name: master-cert
+              readOnly: true
+              mountPath: /certs/master
+            - name: volume-cert
+              readOnly: true
+              mountPath: /certs/volume
+            {{- if .Values.filer.enabled }}
+            - name: filer-cert
+              readOnly: true
+              mountPath: /certs/filer
+            {{- end }}
+            - name: client-cert
+              readOnly: true
+              mountPath: /certs/client
+            {{- end }}
+            {{- end }}
+          {{- if .Values.volume.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.volume.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.volume.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.volume.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if or .Values.volume.config .Values.volume.existingConfigmap }}
+        - name: config
+          configMap:
+            name: {{ template "seaweedfs.volume.configmapName" . }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        - name: security-config
+          configMap:
+            name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+        {{- if .Values.security.mTLS.enabled  }}
+        - name: ca-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+        - name: master-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
+        - name: volume-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
+        {{- if .Values.filer.enabled }}
+        - name: filer-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
+        {{- end }}
+        - name: client-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.volume.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.volume.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+        {{- range .Values.volume.dataVolumes }}
+        {{- if not .persistence.enabled }}
+        - name: {{ .name }}
+          emptyDir: {}
+        {{- else if .persistence.existingClaim }}
+        - name: {{ .name }}
+          persistentVolumeClaim:
+            claimName: {{ .persistence.existingClaim }}
+        {{- end }}
+        {{- end }}
+  volumeClaimTemplates:
+  {{- range .Values.volume.dataVolumes }}
+  {{- if and .persistence.enabled (not .persistence.existingClaim) }}
+    - metadata:
+        name: {{ .name }}
+        {{- if or .persistence.annotations $.Values.commonAnnotations }}
+        {{- $claimAnnotations := include "common.tplvalues.merge" (dict "values" .persistence.annotations $.Values.commonAnnotations "context" $) | fromYaml }}
+        annotations: {{- include "common.tplvalues.render" ( dict "value" $claimAnnotations "context" $ ) | nindent 10 }}
+        {{- end }}
+        {{- if $.Values.commonLabels }}
+        labels: {{- include "common.labels.matchLabels" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 10 }}
+        {{- end }}
+      spec:
+        {{- if .persistence.dataSource }}
+        dataSource: {{- include "common.tplvalues.render" (dict "value" .persistence.dataSource "context" $) | nindent 10 }}
+        {{- end }}
+        accessModes:
+        {{- range .persistence.accessModes }}
+          - {{ . | quote }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .persistence.size | quote }}
+        {{- if .persistence.selector }}
+        selector: {{- include "common.tplvalues.render" (dict "value" .persistence.selector "context" $) | nindent 10 }}
+        {{- end }}
+        {{- include "common.storage.class" (dict "persistence" .persistence "global" $.Values.global) | nindent 8 }}
+  {{- end }}
+  {{- end }}

bitnami/seaweedfs/templates/webadv/cert.yaml

@@ -0,0 +1,54 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled .Values.webdav.tls.autoGenerated.enabled (eq .Values.webdav.tls.autoGenerated.engine "cert-manager") }}
+{{- if empty .Values.webdav.tls.autoGenerated.certManager.existingIssuer }}
+apiVersion: cert-manager.io/v1
+kind: Issuer
+metadata:
+  name: {{ printf "%s-issuer" (include "seaweedfs.webdav.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  selfSigned: {}
+---
+{{- end }}
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.webdav.fullname" .) }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  secretName: {{ printf "%s-crt" (include "seaweedfs.webdav.fullname" .) }}
+  commonName: {{ printf "%s.%s.svc.%s" (include "seaweedfs.webdav.fullname" .) (include "common.names.namespace" .) .Values.clusterDomain }}
+  issuerRef:
+    name: {{ default (printf "%s-issuer" (include "seaweedfs.webdav.fullname" .)) .Values.webdav.tls.autoGenerated.certManager.existingIssuer }}
+    kind: {{ default "Issuer" .Values.webdav.tls.autoGenerated.certManager.existingIssuerKind }}
+  subject:
+    organizations:
+      - "SeaweedFS"
+  dnsNames:
+    - '*.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+    - '*.{{ include "seaweedfs.webdav.fullname" . }}'
+    - '*.{{ include "seaweedfs.webdav.fullname" . }}.{{ include "common.names.namespace" . }}'
+    - '*.{{ include "seaweedfs.webdav.fullname" . }}.{{ include "common.names.namespace" . }}.svc'
+    - '*.{{ include "seaweedfs.webdav.fullname" . }}.{{ include "common.names.namespace" . }}.svc.{{ .Values.clusterDomain }}'
+  privateKey:
+    algorithm: {{ .Values.webdav.tls.autoGenerated.certManager.keyAlgorithm }}
+    size: {{ int .Values.webdav.tls.autoGenerated.certManager.keySize }}
+  duration: {{ .Values.webdav.tls.autoGenerated.certManager.duration }}
+  renewBefore: {{ .Values.webdav.tls.autoGenerated.certManager.renewBefore }}
+{{- end }}

bitnami/seaweedfs/templates/webadv/deployment.yaml

@@ -0,0 +1,248 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled }}
+apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+kind: Deployment
+metadata:
+  name: {{ template "seaweedfs.webdav.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if or .Values.webdav.statefulsetAnnotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.statefulsetAnnotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if not .Values.webdav.autoscaling.enabled }}
+  replicas: {{ .Values.webdav.replicaCount }}
+  {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: webdav
+  {{- if .Values.webdav.updateStrategy }}
+  strategy: {{- toYaml .Values.webdav.updateStrategy | nindent 4 }}
+  {{- end }}
+  template:
+    metadata:
+      annotations:
+        {{- if .Values.security.enabled }}
+        checksum/security-config: {{ include (print $.Template.BasePath "/security-configmap.yaml") . | sha256sum }}
+        {{- end }}
+        {{- if .Values.webdav.podAnnotations }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.webdav.podAnnotations "context" $) | nindent 8 }}
+        {{- end }}
+      labels: {{- include "common.labels.standard" ( dict "customLabels" $podLabels "context" $ ) | nindent 8 }}
+        app.kubernetes.io/component: webdav
+    spec:
+      {{- include "seaweedfs.imagePullSecrets" . | nindent 6 }}
+      serviceAccountName: {{ template "seaweedfs.serviceAccountName" . }}    
+      automountServiceAccountToken: {{ .Values.webdav.automountServiceAccountToken }}
+      {{- if .Values.webdav.hostAliases }}
+      hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.hostAliases "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.webdav.affinity }}
+      affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.affinity "context" $) | nindent 8 }}
+      {{- else }}
+      affinity:
+        {{- if not (empty .Values.webdav.podAffinityPreset) }}
+        podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.webdav.podAffinityPreset "component" "webdav" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.webdav.podAntiAffinityPreset) }}
+        podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.webdav.podAntiAffinityPreset "component" "webdav" "customLabels" $podLabels "context" $) | nindent 10 }}
+        {{- end }}
+        {{- if not (empty .Values.webdav.nodeAffinityPreset.type) }}
+        nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.webdav.nodeAffinityPreset.type "key" .Values.webdav.nodeAffinityPreset.key "values" .Values.webdav.nodeAffinityPreset.values) | nindent 10 }}
+        {{- end }}
+      {{- end }}
+      {{- if .Values.webdav.nodeSelector }}
+      nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.nodeSelector "context" $) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.webdav.tolerations }}
+      tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.tolerations "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.webdav.priorityClassName }}
+      priorityClassName: {{ .Values.webdav.priorityClassName | quote }}
+      {{- end }}
+      {{- if .Values.webdav.schedulerName }}
+      schedulerName: {{ .Values.webdav.schedulerName | quote }}
+      {{- end }}
+      {{- if .Values.webdav.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.topologySpreadConstraints "context" .) | nindent 8 }}
+      {{- end }}
+      {{- if .Values.webdav.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.webdav.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- if .Values.webdav.terminationGracePeriodSeconds }}
+      terminationGracePeriodSeconds: {{ .Values.webdav.terminationGracePeriodSeconds }}
+      {{- end }}
+      initContainers:
+        {{- if .Values.webdav.initContainers }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.webdav.initContainers "context" $) | nindent 8 }}
+        {{- end }}
+      containers:
+        - name: seaweedfs
+          image: {{ template "seaweedfs.image" . }}
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.webdav.containerSecurityContext.enabled }}
+          securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.webdav.containerSecurityContext "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
+          {{- else if .Values.webdav.command }}
+          command: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.command "context" $) | nindent 12 }}
+          {{- end }}
+          {{- if .Values.diagnosticMode.enabled }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
+          {{- else if .Values.webdav.args }}
+          args: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.args "context" $) | nindent 12 }}
+          {{- else }}
+          args:
+            - -logtostderr=true
+            - -v={{ .Values.webdav.logLevel }}
+            - webdav
+            - -cacheDir=/cache
+            - -port={{ .Values.webdav.containerPorts.http }}
+            {{- if .Values.webdav.tls.enabled }}
+            - -cert.file=/certs/tls/tls.crt
+            - -key.file=/certs/tls/tls.key
+            {{- end }}
+            - -filer={{ printf "%s:%d" (include "seaweedfs.filer.fullname" .) (int .Values.filer.service.ports.http) }}
+          {{- end }}
+          env:
+            - name: BITNAMI_DEBUG
+              value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }}
+            - name: WEED_CLUSTER_DEFAULT
+              value: {{ .Values.clusterDefault | quote }}
+            {{- if .Values.webdav.extraEnvVars }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVars "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if or .Values.webdav.extraEnvVarsCM .Values.webdav.extraEnvVarsSecret }}
+          envFrom:
+            {{- if .Values.webdav.extraEnvVarsCM }}
+            - configMapRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVarsCM "context" $) }}
+            {{- end }}
+            {{- if .Values.webdav.extraEnvVarsSecret }}
+            - secretRef:
+                name: {{ include "common.tplvalues.render" (dict "value" .Values.webdav.extraEnvVarsSecret "context" $) }}
+            {{- end }}
+          {{- end }}
+          {{- if .Values.webdav.resources }}
+          resources: {{- toYaml .Values.webdav.resources | nindent 12 }}
+          {{- else if ne .Values.webdav.resourcesPreset "none" }}
+          resources: {{- include "common.resources.preset" (dict "type" .Values.webdav.resourcesPreset) | nindent 12 }}
+          {{- end }}
+          ports:
+            - name: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
+              containerPort: {{ .Values.webdav.containerPorts.http }}
+            {{- if .Values.webdav.extraContainerPorts }}
+            {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraContainerPorts "context" $) | nindent 12 }}
+            {{- end }}
+          {{- if not .Values.diagnosticMode.enabled }}
+          {{- if .Values.webdav.customLivenessProbe }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.customLivenessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.webdav.livenessProbe.enabled }}
+          livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.livenessProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
+          {{- end }}
+          {{- if .Values.webdav.customReadinessProbe }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.customReadinessProbe "context" $) | nindent 12 }}
+          {{- else if .Values.webdav.readinessProbe.enabled }}
+          readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.readinessProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
+          {{- end }}
+          {{- if .Values.webdav.customStartupProbe }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.customStartupProbe "context" $) | nindent 12 }}
+          {{- else if .Values.webdav.startupProbe.enabled }}
+          startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.webdav.startupProbe "enabled") "context" $) | nindent 12 }}
+            tcpSocket:
+              port: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.webdav.lifecycleHooks }}
+          lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.lifecycleHooks "context" $) | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            - name: empty-dir
+              mountPath: /tmp
+              subPath: tmp-dir
+            - name: empty-dir
+              mountPath: /cache
+              subPath: cache-dir
+            {{- if .Values.webdav.tls.enabled }}
+            - name: tls-cert
+              mountPath: /certs/tls
+              readOnly: true
+            {{- end }}
+            {{- if .Values.security.enabled }}
+            - name: security-config
+              mountPath: /etc/seaweedfs/security.toml
+              subPath: security.toml
+              readOnly: true
+            {{- if .Values.security.mTLS.enabled  }}
+            - name: ca-cert
+              readOnly: true
+              mountPath: /certs/ca
+            - name: master-cert
+              readOnly: true
+              mountPath: /certs/master
+            - name: filer-cert
+              readOnly: true
+              mountPath: /certs/filer
+            - name: volume-cert
+              readOnly: true
+              mountPath: /certs/volume
+            - name: client-cert
+              readOnly: true
+              mountPath: /certs/client
+            {{- end }}
+            {{- end }}
+          {{- if .Values.webdav.extraVolumeMounts }}
+          {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraVolumeMounts "context" $) | nindent 12 }}
+          {{- end }}
+        {{- if .Values.webdav.sidecars }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.sidecars "context" $) | nindent 8 }}
+        {{- end }}
+      volumes:
+        - name: empty-dir
+          emptyDir: {}
+        {{- if .Values.webdav.tls.enabled }}
+        - name: tls-cert
+          secret:
+            secretName: {{ template "seaweedfs.webdav.tls.secretName" . }}
+        {{- end }}
+        {{- if .Values.security.enabled }}
+        - name: security-config
+          configMap:
+            name: {{ printf "%s-security" (include "common.names.fullname" .) }}
+        {{- if .Values.security.mTLS.enabled  }}
+        - name: ca-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.caSecretName" . }}
+            items:
+              - key: tls.crt
+                path: tls.crt
+        - name: master-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.master.secretName" . }}
+        - name: filer-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.filer.secretName" . }}
+        - name: volume-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.volume.secretName" . }}
+        - name: client-cert
+          secret:
+            secretName: {{ template "seaweedfs.security.mTLS.client.secretName" . }}
+        {{- end }}
+        {{- end }}
+        {{- if .Values.webdav.extraVolumes }}
+        {{- include "common.tplvalues.render" (dict "value" .Values.webdav.extraVolumes "context" $) | nindent 8 }}
+        {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/webadv/hpa.yaml

@@ -0,0 +1,49 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.autoscaling.enabled }}
+apiVersion: {{ include "common.capabilities.hpa.apiVersion" ( dict "context" $ ) }}
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "seaweedfs.webdav.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  scaleTargetRef:
+    apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }}
+    kind: Deployment
+    name: {{ template "seaweedfs.webdav.fullname" . }}
+  minReplicas: {{ .Values.webdav.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.webdav.autoscaling.maxReplicas }}
+  metrics:
+    {{- if .Values.webdav.autoscaling.targetMemory }}
+    - type: Resource
+      resource:
+        name: memory
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.webdav.autoscaling.targetMemory  }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.webdav.autoscaling.targetMemory }}
+        {{- end }}
+    {{- end }}
+    {{- if .Values.webdav.autoscaling.targetCPU }}
+    - type: Resource
+      resource:
+        name: cpu
+        {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }}
+        targetAverageUtilization: {{ .Values.webdav.autoscaling.targetCPU }}
+        {{- else }}
+        target:
+          type: Utilization
+          averageUtilization: {{ .Values.webdav.autoscaling.targetCPU }}
+        {{- end }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/webadv/ingress-tls-secret.yaml

@@ -0,0 +1,46 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.ingress.enabled }}
+{{- if .Values.webdav.ingress.secrets }}
+{{- range .Values.webdav.ingress.secrets }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ .name }}
+  namespace: {{ include "common.names.namespace" $ | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" $.Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if $.Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .certificate | b64enc }}
+  tls.key: {{ .key | b64enc }}
+---
+{{- end }}
+{{- end }}
+{{- if and .Values.webdav.ingress.tls .Values.webdav.ingress.selfSigned }}
+{{- $secretName := printf "%s-tls" .Values.webdav.ingress.hostname }}
+{{- $ca := genCA "master-ca" 365 }}
+{{- $cert := genSignedCert .Values.webdav.ingress.hostname nil (list .Values.webdav.ingress.hostname) 365 $ca }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+  ca.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "ca.crt" "defaultValue" $ca.Cert "context" $) }}
+{{- end }}
+{{- end }}

bitnami/seaweedfs/templates/webadv/ingress.yaml

@@ -0,0 +1,62 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.ingress.enabled }}
+apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }}
+kind: Ingress
+metadata:
+  name: {{ template "seaweedfs.webdav.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: master
+  {{- if or .Values.webdav.ingress.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.ingress.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.webdav.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }}
+  ingressClassName: {{ .Values.webdav.ingress.ingressClassName | quote }}
+  {{- end }}
+  rules:
+    {{- if or .Values.webdav.ingress.hostname .Values.webdav.ingress.path }}
+    - http:
+        paths:
+          {{- if .Values.webdav.ingress.extraPaths }}
+          {{- toYaml .Values.webdav.ingress.extraPaths | nindent 10 }}
+          {{- end }}
+          - path: {{ .Values.webdav.ingress.path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" .) }}
+            pathType: {{ .Values.webdav.ingress.pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.webdav.fullname" .) "servicePort" (ternary "https" "http" .Values.webdav.tls.enabled) "context" $)  | nindent 14 }}
+      {{- if not (empty .Values.webdav.ingress.hostname )}}
+      host: {{ .Values.webdav.ingress.hostname }}
+      {{- end }}
+    {{- end }}
+    {{- range .Values.webdav.ingress.extraHosts }}
+    - host: {{ .name | quote }}
+      http:
+        paths:
+          - path: {{ default "/" .path }}
+            {{- if eq "true" (include "common.ingress.supportsPathType" $) }}
+            pathType: {{ default "ImplementationSpecific" .pathType }}
+            {{- end }}
+            backend: {{- include "common.ingress.backend" (dict "serviceName" (include "seaweedfs.webdav.fullname" $) "servicePort" ("https" "http" .Values.webdav.tls.enabled) "context" $) | nindent 14 }}
+    {{- end }}
+    {{- if .Values.webdav.ingress.extraRules }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.webdav.ingress.extraRules "context" $) | nindent 4 }}
+    {{- end }}
+  {{- if or (and .Values.webdav.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.webdav.ingress.annotations )) .Values.webdav.ingress.selfSigned)) .Values.webdav.ingress.extraTls }}
+  tls:
+    {{- if and .Values.webdav.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.webdav.ingress.annotations )) .Values.webdav.ingress.selfSigned) }}
+    - hosts:
+        - {{ .Values.webdav.ingress.hostname | quote }}
+      secretName: {{ printf "%s-tls" .Values.webdav.ingress.hostname }}
+    {{- end }}
+    {{- if .Values.webdav.ingress.extraTls }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.webdav.ingress.extraTls "context" $) | nindent 4 }}
+    {{- end }}
+  {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/webadv/networkpolicy.yaml

@@ -0,0 +1,70 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ include "common.capabilities.networkPolicy.apiVersion" . }}
+metadata:
+  name: {{ template "seaweedfs.webdav.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- $podLabels := include "common.tplvalues.merge" ( dict "values" ( list .Values.webdav.podLabels .Values.commonLabels ) "context" . ) }}
+  podSelector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: webdav
+  policyTypes:
+    - Ingress
+    - Egress
+  egress:
+    {{- if .Values.webdav.networkPolicy.allowExternalEgress }}
+    - {}
+    {{- else }}
+    - ports:
+        # Allow dns resolution
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
+    {{- if .Values.webdav.networkPolicy.extraEgress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.networkPolicy.extraEgress "context" $ ) | nindent 4 }}
+    {{- end }}
+    {{- end }}
+  ingress:
+    - ports:
+        - port: {{ .Values.webdav.containerPorts.http }}
+        {{- range .Values.webdav.extraContainerPorts }}
+        - port: {{ .containerPort }}
+        {{- end }}
+      {{- if not .Values.webdav.networkPolicy.allowExternal }}
+      from:
+        - podSelector:
+            matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 14 }}
+        - podSelector:
+            matchLabels:
+              {{ template "common.names.fullname" . }}-client: "true"
+        {{- if .Values.webdav.networkPolicy.ingressNSMatchLabels }}
+        - namespaceSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.webdav.networkPolicy.ingressNSMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- if .Values.webdav.networkPolicy.ingressNSPodMatchLabels }}
+          podSelector:
+            matchLabels:
+              {{- range $key, $value := .Values.webdav.networkPolicy.ingressNSPodMatchLabels }}
+              {{ $key | quote }}: {{ $value | quote }}
+              {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+    {{- if .Values.webdav.networkPolicy.extraIngress }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.webdav.networkPolicy.extraIngress "context" $ ) | nindent 4 }}
+    {{- end }}
+{{- end }}

bitnami/seaweedfs/templates/webadv/pdb.yaml

@@ -0,0 +1,29 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- $replicaCount := int .Values.webdav.replicaCount }}
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.pdb.create (or (gt $replicaCount 1) .Values.webdav.autoscaling.enabled) }}
+apiVersion: {{ include "common.capabilities.policy.apiVersion" . }}
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "seaweedfs.webdav.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if .Values.webdav.pdb.minAvailable }}
+  minAvailable: {{ .Values.webdav.pdb.minAvailable }}
+  {{- end  }}
+  {{- if .Values.webdav.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.webdav.pdb.maxUnavailable }}
+  {{- end  }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.podLabels .Values.commonLabels) "context" .) }}
+  selector:
+    matchLabels: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 6 }}
+      app.kubernetes.io/component: webdav
+{{- end }}

bitnami/seaweedfs/templates/webadv/service.yaml

@@ -0,0 +1,54 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "seaweedfs.webdav.fullname" . }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if or .Values.webdav.service.annotations .Values.commonAnnotations }}
+  {{- $annotations := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.service.annotations .Values.commonAnnotations) "context" .) }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $ ) | nindent 4 }}
+  {{- end }}
+spec:
+  type: {{ .Values.webdav.service.type }}
+  {{- if and .Values.webdav.service.clusterIP (eq .Values.webdav.service.type "ClusterIP") }}
+  clusterIP: {{ .Values.webdav.service.clusterIP }}
+  {{- end }}
+  {{- if .Values.webdav.service.sessionAffinity }}
+  sessionAffinity: {{ .Values.webdav.service.sessionAffinity }}
+  {{- end }}
+  {{- if .Values.webdav.service.sessionAffinityConfig }}
+  sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.webdav.service.sessionAffinityConfig "context" $) | nindent 4 }}
+  {{- end }}
+  {{- if or (eq .Values.webdav.service.type "LoadBalancer") (eq .Values.webdav.service.type "NodePort") }}
+  externalTrafficPolicy: {{ .Values.webdav.service.externalTrafficPolicy | quote }}
+  {{- end }}
+  {{- if and (eq .Values.webdav.service.type "LoadBalancer") (not (empty .Values.webdav.service.loadBalancerSourceRanges)) }}
+  loadBalancerSourceRanges: {{ .Values.webdav.service.loadBalancerSourceRanges }}
+  {{- end }}
+  {{- if and (eq .Values.webdav.service.type "LoadBalancer") (not (empty .Values.webdav.service.loadBalancerIP)) }}
+  loadBalancerIP: {{ .Values.webdav.service.loadBalancerIP }}
+  {{- end }}
+  ports:
+    - name: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
+      port: {{ .Values.webdav.service.ports.http }}
+      targetPort: {{ ternary "https" "http" .Values.webdav.tls.enabled }}
+      protocol: TCP
+      {{- if and (or (eq .Values.webdav.service.type "NodePort") (eq .Values.webdav.service.type "LoadBalancer")) (not (empty .Values.webdav.service.nodePorts.http)) }}
+      nodePort: {{ .Values.webdav.service.nodePorts.http }}
+      {{- else if eq .Values.webdav.service.type "ClusterIP" }}
+      nodePort: null
+      {{- end }}
+    {{- if .Values.webdav.service.extraPorts }}
+    {{- include "common.tplvalues.render" (dict "value" .Values.webdav.service.extraPorts "context" $) | nindent 4 }}
+    {{- end }}
+  {{- $podLabels := include "common.tplvalues.merge" (dict "values" (list .Values.webdav.podLabels .Values.commonLabels) "context" .) | fromYaml }}
+  selector: {{- include "common.labels.matchLabels" ( dict "customLabels" $podLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+{{- end }}

bitnami/seaweedfs/templates/webadv/tls-secret.yaml

@@ -0,0 +1,44 @@
+{{- /*
+Copyright VMware, Inc.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled .Values.webdav.tls.autoGenerated.enabled (eq .Values.webdav.tls.autoGenerated.engine "helm") -}}
+{{- $ca := genCA "webdav-ca" 365 }}
+{{- $releaseNamespace := include "common.names.namespace" . }}
+{{- $clusterDomain := .Values.clusterDomain }}
+{{- $fullname := include "seaweedfs.webdav.fullname" . -}}
+{{- $altNames := list (printf "%s.%s.svc.%s" $fullname $releaseNamespace $clusterDomain) $fullname "127.0.0.1" "localhost" }}
+{{- $cert := genSignedCert $fullname nil $altNames 365 $ca }}
+{{- $secretName := printf "%s-crt" (include "seaweedfs.webdav.fullname" .) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ $secretName }}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.crt" "defaultValue" $cert.Cert "context" $) }}
+  tls.key: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "tls.key" "defaultValue" $cert.Key "context" $) }}
+{{- else if and .Values.filer.enabled .Values.webdav.enabled .Values.webdav.tls.enabled (not .Values.webdav.tls.autoGenerated.enabled) (empty .Values.webdav.tls.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ printf "%s-crt" (include "seaweedfs.webdav.fullname" .) -}}
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
+    app.kubernetes.io/component: webdav
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ required "A valid .Values.webdav.tls.cert entry required!" .Values.webdav.tls.cert | b64enc | quote }}
+  tls.key: {{ required "A valid .Values.webdav.tls.key entry required!" .Values.webdav.tls.key | b64enc | quote }}
+{{- end }}
+

bitnami/seaweedfs/values.yaml

@@ -0,0 +1,3379 @@
+# Copyright VMware, Inc.
+# SPDX-License-Identifier: APACHE-2.0
+
+## @section Global parameters
+## Global Docker image parameters
+## Please, note that this will override the image parameters, including dependencies, configured to use the global value
+## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
+##
+
+## @param global.imageRegistry Global Docker image registry
+## @param global.imagePullSecrets Global Docker registry secret names as an array
+## @param global.storageClass Global StorageClass for Persistent Volume(s)
+##
+global:
+  imageRegistry: ""
+  ## e.g:
+  ## imagePullSecrets:
+  ##   - myRegistryKeySecretName
+  ##
+  imagePullSecrets: []
+  storageClass: ""
+  ## Compatibility adaptations for Kubernetes platforms
+  ##
+  compatibility:
+    ## Compatibility adaptations for Openshift
+    ##
+    openshift:
+      ## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
+      ##
+      adaptSecurityContext: auto
+
+## @section Common parameters
+##
+
+## @param kubeVersion Override Kubernetes version
+##
+kubeVersion: ""
+## @param nameOverride String to partially override common.names.name
+##
+nameOverride: ""
+## @param fullnameOverride String to fully override common.names.fullname
+##
+fullnameOverride: ""
+## @param namespaceOverride String to fully override common.names.namespace
+##
+namespaceOverride: ""
+## @param commonLabels Labels to add to all deployed objects
+##
+commonLabels: {}
+## @param commonAnnotations Annotations to add to all deployed objects
+##
+commonAnnotations: {}
+## @param clusterDomain Kubernetes cluster domain name
+##
+clusterDomain: cluster.local
+## @param extraDeploy Array of extra objects to deploy with the release
+##
+extraDeploy: []
+## Diagnostic mode
+## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
+## @param diagnosticMode.command Command to override all containers in the chart release
+## @param diagnosticMode.args Args to override all containers in the chart release
+##
+diagnosticMode:
+  enabled: false
+  command:
+    - sleep
+  args:
+    - infinity
+## Bitnami SeaweedFS image
+## ref: https://hub.docker.com/r/bitnami/seaweedfs/tags/
+## @param image.registry [default: REGISTRY_NAME] SeaweedFS image registry
+## @param image.repository [default: REPOSITORY_NAME/seaweedfs] SeaweedFS image repository
+## @skip image.tag SeaweedFS image tag (immutable tags are recommended)
+## @param image.digest SeaweedFS image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
+## @param image.pullPolicy SeaweedFS image pull policy
+## @param image.pullSecrets SeaweedFS image pull secrets
+## @param image.debug Enable SeaweedFS image debug mode
+##
+image:
+  registry: docker.io
+  repository: bitnami/seaweedfs
+  tag: 3.64.0-debian-12-r0
+  digest: ""
+  ## Specify a imagePullPolicy
+  ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
+  ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
+  ##
+  pullPolicy: IfNotPresent
+  ## Optionally specify an array of imagePullSecrets.
+  ## Secrets must be manually created in the namespace.
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+  ## e.g:
+  ## pullSecrets:
+  ##   - myRegistryKeySecretName
+  ##
+  pullSecrets: []
+  debug: false
+## Security parameters
+##
+security:
+  ## @param security.enabled Enable Security settings
+  ##
+  enabled: false
+  ## @param security.corsAllowedOrigins CORS allowed origins
+  ##
+  corsAllowedOrigins: "*"
+  ## JWT authz parameters
+  ## ref: https://github.com/seaweedfs/seaweedfs/wiki/Security-Overview#securing-volume-servers
+  ## ref: https://github.com/seaweedfs/seaweedfs/wiki/Security-Overview#securing-filer-http-with-jwt
+  ## @param security.jwtSigning.volumeWrite Enable JWT signing for volume write operations
+  ## @param security.jwtSigning.volumeRead Enable JWT signing for volume read operations
+  ## @param security.jwtSigning.filerWrite Enable JWT signing for filer write operations
+  ## @param security.jwtSigning.filerRead Enable JWT signing for filer read operations
+  ##
+  jwtSigning:
+    volumeWrite: true
+    volumeRead: false
+    filerWrite: false
+    filerRead: false
+  ## Mutual TLS for gRPC communications
+  ## ref: https://github.com/seaweedfs/seaweedfs/wiki/Security-Overview#securing-grpc-operations
+  ##
+  mTLS:
+    ## @param security.mTLS.enabled Enable mTLS for gRPC communications
+    ##
+    enabled: false
+    ## @param security.mTLS.autoGenerated.enabled Enable automatic generation of certificates for mTLS
+    ## @param security.mTLS.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
+    autoGenerated:
+      enabled: false
+      engine: helm
+      ## @param security.mTLS.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
+      ## @param security.mTLS.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
+      ## @param security.mTLS.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
+      ## @param security.mTLS.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
+      ## @param security.mTLS.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
+      ## @param security.mTLS.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
+      certManager:
+        existingIssuer: ""
+        existingIssuerKind: ""
+        keySize: 2048
+        keyAlgorithm: RSA
+        duration: 2160h
+        renewBefore: 360h
+    ## @param security.mTLS.ca CA certificate for mTLS. Ignored if `security.mTLS.existingCASecret` is set
+    ## @param security.mTLS.existingCASecret The name of an existing Secret containing the CA certificate for mTLS
+    ## @param security.mTLS.master.cert Master Server certificate for mTLS. Ignored if `security.mTLS.master.existingSecret` is set
+    ## @param security.mTLS.master.key Master Server key for mTLS. Ignored if `security.mTLS.master.existingSecret` is set
+    ## @param security.mTLS.master.existingSecret The name of an existing Secret containing the Master Server certificates for mTLS
+    ## @param security.mTLS.volume.cert Volume Server certificate for mTLS. Ignored if `security.mTLS.volume.existingSecret` is set
+    ## @param security.mTLS.volume.key Volume Server key for mTLS. Ignored if `security.mTLS.volume.existingSecret` is set
+    ## @param security.mTLS.volume.existingSecret The name of an existing Secret containing the Volume Server certificates for mTLS
+    ## @param security.mTLS.filer.cert Filer certificate for mTLS. Ignored if `security.mTLS.filer.existingSecret` is set
+    ## @param security.mTLS.filer.key Filer key for mTLS. Ignored if `security.mTLS.filer.existingSecret` is set
+    ## @param security.mTLS.filer.existingSecret The name of an existing Secret containing the Filer certificates for mTLS
+    ## @param security.mTLS.client.cert Client certificate for mTLS. Ignored if `security.mTLS.client.existingSecret` is set
+    ## @param security.mTLS.client.key Client key for mTLS. Ignored if `security.mTLS.client.existingSecret` is set
+    ## @param security.mTLS.client.existingSecret The name of an existing Secret containing the Client certificates for mTLS
+    ca: ""
+    existingCASecret: ""
+    master:
+      cert: ""
+      key: ""
+      existingSecret: ""
+    volume:
+      cert: ""
+      key: ""
+      existingSecret: ""
+    filer:
+      cert: ""
+      key: ""
+      existingSecret: ""
+    client:
+      cert: ""
+      key: ""
+      existingSecret: ""
+## @param clusterDefault Default SeaweedFS cluster name
+##
+clusterDefault: sw
+
+## @section Master Server Parameters
+##
+master:
+  ## @param master.replicaCount Number of Master Server replicas to deploy
+  ##
+  replicaCount: 1
+  ## @param master.containerPorts.http Master Server HTTP container port
+  ## @param master.containerPorts.grpc Master Server GRPC container port
+  ## @param master.containerPorts.metrics Master Server metrics container port
+  ##
+  containerPorts:
+    http: 9333
+    grpc: 19333
+    metrics: 9327
+  ## @param master.extraContainerPorts Optionally specify extra list of additional ports for Master Server containers
+  ## e.g:
+  ## extraContainerPorts:
+  ##   - name: myservice
+  ##     containerPort: 9090
+  ##
+  extraContainerPorts: []
+  ## Configure extra options for Master Server containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param master.livenessProbe.enabled Enable livenessProbe on Master Server containers
+  ## @param master.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param master.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param master.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param master.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param master.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param master.readinessProbe.enabled Enable readinessProbe on Master Server containers
+  ## @param master.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param master.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param master.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param master.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param master.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param master.startupProbe.enabled Enable startupProbe on Master Server containers
+  ## @param master.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param master.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param master.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param master.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param master.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 1
+    failureThreshold: 15
+    successThreshold: 1
+  ## @param master.customLivenessProbe Custom livenessProbe that overrides the default one
+  ##
+  customLivenessProbe: {}
+  ## @param master.customReadinessProbe Custom readinessProbe that overrides the default one
+  ##
+  customReadinessProbe: {}
+  ## @param master.customStartupProbe Custom startupProbe that overrides the default one
+  ##
+  customStartupProbe: {}
+  ## Master Server resource requests and limits
+  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param master.resourcesPreset Set Master Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "nano"
+  ## @param master.resources Set Master Server container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param master.podSecurityContext.enabled Enable Master Server pods' Security Context
+  ## @param master.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Master Server pods
+  ## @param master.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Master Server pods
+  ## @param master.podSecurityContext.supplementalGroups Set filesystem extra groups for Master Server pods
+  ## @param master.podSecurityContext.fsGroup Set fsGroup in Master Server pods' Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param master.containerSecurityContext.enabled Enabled Master Server container' Security Context
+  ## @param master.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Master Server container
+  ## @param master.containerSecurityContext.runAsUser Set runAsUser in Master Server container' Security Context
+  ## @param master.containerSecurityContext.runAsGroup Set runAsGroup in Master Server container' Security Context
+  ## @param master.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Master Server container' Security Context
+  ## @param master.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Master Server container' Security Context
+  ## @param master.containerSecurityContext.privileged Set privileged in Master Server container' Security Context
+  ## @param master.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Master Server container' Security Context
+  ## @param master.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Master Server container
+  ## @param master.containerSecurityContext.seccompProfile.type Set seccomp profile in Master Server container
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+  ## @param master.logLevel Master Server log level [0|1|2|3|4]
+  ##
+  logLevel: 1
+  ## @param master.bindAddress Master Server bind address
+  ##
+  bindAddress: 0.0.0.0
+  ## @param master.config Master Server configuration
+  ## Specify content for master.yml
+  ##
+  config: ""
+  ## @param master.existingConfigmap The name of an existing ConfigMap with your custom configuration for Master Server
+  ##
+  existingConfigmap: ""
+  ## @param master.command Override default Master Server container command (useful when using custom images)
+  ##
+  command: []
+  ## @param master.args Override default Master Server container args (useful when using custom images)
+  ##
+  args: []
+  ## @param master.automountServiceAccountToken Mount Service Account token in Master Server pods
+  ##
+  automountServiceAccountToken: false
+  ## @param master.hostAliases Master Server pods host aliases
+  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  ##
+  hostAliases: []
+  ## @param master.statefulsetAnnotations Annotations for Master Server statefulset
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  statefulsetAnnotations: {}
+  ## @param master.podLabels Extra labels for Master Server pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  ##
+  podLabels: {}
+  ## @param master.podAnnotations Annotations for Master Server pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+  ## @param master.podAffinityPreset Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAffinityPreset: ""
+  ## @param master.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAntiAffinityPreset: soft
+  ## Node master.affinity preset
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+  ##
+  nodeAffinityPreset:
+    ## @param master.nodeAffinityPreset.type Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard`
+    ##
+    type: ""
+    ## @param master.nodeAffinityPreset.key Node label key to match. Ignored if `master.affinity` is set
+    ##
+    key: ""
+    ## @param master.nodeAffinityPreset.values Node label values to match. Ignored if `master.affinity` is set
+    ## E.g.
+    ## values:
+    ##   - e2e-az1
+    ##   - e2e-az2
+    ##
+    values: []
+  ## @param master.affinity Affinity for Master Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ## NOTE: `master.podAffinityPreset`, `master.podAntiAffinityPreset`, and `master.nodeAffinityPreset` will be ignored when it's set
+  ##
+  affinity: {}
+  ## @param master.nodeSelector Node labels for Master Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ##
+  nodeSelector: {}
+  ## @param master.tolerations Tolerations for Master Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## @param master.updateStrategy.type Master Server statefulset strategy type
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  ##
+  updateStrategy:
+    ## Can be set to RollingUpdate or OnDelete
+    ##
+    type: RollingUpdate
+  ## @param master.podManagementPolicy Pod management policy for Master Server statefulset
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
+  ##
+  podManagementPolicy: Parallel
+  ## @param master.priorityClassName Master Server pods' priorityClassName
+  ##
+  priorityClassName: ""
+  ## @param master.topologySpreadConstraints Topology Spread Constraints for Master Server pod assignment spread across your cluster among failure-domains
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+  ##
+  topologySpreadConstraints: []
+  ## @param master.schedulerName Name of the k8s scheduler (other than default) for Master Server pods
+  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+  ##
+  schedulerName: ""
+  ## @param master.terminationGracePeriodSeconds Seconds Master Server pods need to terminate gracefully
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+  ##
+  terminationGracePeriodSeconds: ""
+  ## @param master.lifecycleHooks for Master Server containers to automate configuration before or after startup
+  ##
+  lifecycleHooks: {}
+  ## @param master.extraEnvVars Array with extra environment variables to add to Master Server containers
+  ## e.g:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param master.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Master Server containers
+  ##
+  extraEnvVarsCM: ""
+  ## @param master.extraEnvVarsSecret Name of existing Secret containing extra env vars for Master Server containers
+  ##
+  extraEnvVarsSecret: ""
+  ## @param master.extraVolumes Optionally specify extra list of additional volumes for the Master Server pods
+  ##
+  extraVolumes: []
+  ## @param master.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Master Server containers
+  ##
+  extraVolumeMounts: []
+  ## @param master.sidecars Add additional sidecar containers to the Master Server pods
+  ## e.g:
+  ## sidecars:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  sidecars: []
+  ## @param master.initContainers Add additional init containers to the Master Server pods
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: []
+  ## Pod Disruption Budget configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
+  ## @param master.pdb.create Enable/disable a Pod Disruption Budget creation
+  ## @param master.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ## @param master.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
+  ##
+  pdb:
+    create: false
+    minAvailable: 1
+    maxUnavailable: ""
+  ## Autoscaling configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  ## @param master.autoscaling.enabled Enable autoscaling for master
+  ## @param master.autoscaling.minReplicas Minimum number of master replicas
+  ## @param master.autoscaling.maxReplicas Maximum number of master replicas
+  ## @param master.autoscaling.targetCPU Target CPU utilization percentage
+  ## @param master.autoscaling.targetMemory Target Memory utilization percentage
+  ##
+  autoscaling:
+    enabled: false
+    minReplicas: ""
+    maxReplicas: ""
+    targetCPU: ""
+    targetMemory: ""
+
+  ## @section Master Server Traffic Exposure Parameters
+  ##
+
+  ## Master Server service parameters
+  ##
+  service:
+    ## @param master.service.type Master Server service type
+    ##
+    type: ClusterIP
+    ## @param master.service.ports.http Master Server service HTTP port
+    ## @param master.service.ports.grpc Master Server service GRPC port
+    ##
+    ports:
+      http: 9333
+      grpc: 19333
+    ## Node ports to expose
+    ## @param master.service.nodePorts.http Node port for HTTP
+    ## @param master.service.nodePorts.grpc Node port for GRPC
+    ## NOTE: choose port between <30000-32767>
+    ##
+    nodePorts:
+      http: ""
+      grpc: ""
+    ## @param master.service.clusterIP Master Server service Cluster IP
+    ## e.g.:
+    ## clusterIP: None
+    ##
+    clusterIP: ""
+    ## @param master.service.loadBalancerIP Master Server service Load Balancer IP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+    ##
+    loadBalancerIP: ""
+    ## @param master.service.loadBalancerSourceRanges Master Server service Load Balancer sources
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ## e.g:
+    ## loadBalancerSourceRanges:
+    ##   - 10.10.10.0/24
+    ##
+    loadBalancerSourceRanges: []
+    ## @param master.service.externalTrafficPolicy Master Server service external traffic policy
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## @param master.service.annotations Additional custom annotations for Master Server service
+    ##
+    annotations: {}
+    ## @param master.service.extraPorts Extra ports to expose in Master Server service (normally used with the `sidecars` value)
+    ##
+    extraPorts: []
+    ## @param master.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+    ## Values: ClientIP or None
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ##
+    sessionAffinity: None
+    ## @param master.service.sessionAffinityConfig Additional settings for the sessionAffinity
+    ## sessionAffinityConfig:
+    ##   clientIP:
+    ##     timeoutSeconds: 300
+    ##
+    sessionAffinityConfig: {}
+    ## Headless service properties
+    ##
+    headless:
+      ## @param master.service.headless.annotations Annotations for the headless service.
+      ##
+      annotations: {}
+  ## Network Policies for Master Server
+  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  ##
+  networkPolicy:
+    ## @param master.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Master Server
+    ##
+    enabled: true
+    ## @param master.networkPolicy.allowExternal Don't require server label for connections
+    ## The Policy model to apply. When set to false, only pods with the correct
+    ## server label will have network access to the ports server is listening
+    ## on. When true, server will accept connections from any source
+    ## (with the correct destination port).
+    ##
+    allowExternal: true
+    ## @param master.networkPolicy.allowExternalEgress Allow the Master Server pods to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
+    ## @param master.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+    ## e.g:
+    ## extraIngress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     from:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    extraIngress: []
+    ## @param master.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
+    ## e.g:
+    ## extraEgress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     to:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    ##
+    extraEgress: []
+    ## @param master.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+    ## @param master.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+    ##
+    ingressNSMatchLabels: {}
+    ingressNSPodMatchLabels: {}
+  ## Master Server ingress parameters
+  ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
+  ##
+  ingress:
+    ## @param master.ingress.enabled Enable ingress record generation for Master Server
+    ##
+    enabled: false
+    ## @param master.ingress.pathType Ingress path type
+    ##
+    pathType: ImplementationSpecific
+    ## @param master.ingress.apiVersion Force Ingress API version (automatically detected if not set)
+    ##
+    apiVersion: ""
+    ## @param master.ingress.hostname Default host for the ingress record
+    ##
+    hostname: master.seaweedfs.local
+    ## @param master.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
+    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+    ##
+    ingressClassName: ""
+    ## @param master.ingress.path Default path for the ingress record
+    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+    ##
+    path: /
+    ## @param master.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## Use this parameter to set the required annotations for cert-manager, see
+    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+    ## e.g:
+    ## annotations:
+    ##   kubernetes.io/ingress.class: nginx
+    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+    ##
+    annotations: {}
+    ## @param master.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+    ## You can:
+    ##   - Use the `ingress.secrets` parameter to create this TLS secret
+    ##   - Rely on cert-manager to create it by setting the corresponding annotations
+    ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+    ##
+    tls: false
+    ## @param master.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+    ##
+    selfSigned: false
+    ## @param master.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+    ## e.g:
+    ## extraHosts:
+    ##   - name: master.seaweedfs.local
+    ##     path: /
+    ##
+    extraHosts: []
+    ## @param master.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+    ## e.g:
+    ## extraPaths:
+    ## - path: /*
+    ##   backend:
+    ##     serviceName: ssl-redirect
+    ##     servicePort: use-annotation
+    ##
+    extraPaths: []
+    ## @param master.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+    ## e.g:
+    ## extraTls:
+    ## - hosts:
+    ##     - master.seaweedfs.local
+    ##   secretName: master.seaweedfs.local-tls
+    ##
+    extraTls: []
+    ## @param master.ingress.secrets Custom TLS certificates as secrets
+    ## NOTE: 'key' and 'certificate' are expected in PEM format
+    ## NOTE: 'name' should line up with a 'secretName' set further up
+    ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## It is also possible to create and manage the certificates outside of this helm chart
+    ## Please see README.md for more information
+    ## e.g:
+    ## secrets:
+    ##   - name: master.seaweedfs.local-tls
+    ##     key: |-
+    ##       -----BEGIN RSA PRIVATE KEY-----
+    ##       ...
+    ##       -----END RSA PRIVATE KEY-----
+    ##     certificate: |-
+    ##       -----BEGIN CERTIFICATE-----
+    ##       ...
+    ##       -----END CERTIFICATE-----
+    ##
+    secrets: []
+    ## @param master.ingress.extraRules Additional rules to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+    ## e.g:
+    ## extraRules:
+    ## - host: example.local
+    ##     http:
+    ##       path: /
+    ##       backend:
+    ##         service:
+    ##           name: example-svc
+    ##           port:
+    ##             name: http
+    ##
+    extraRules: []
+
+  ## @section Master Server Persistence Parameters
+  ##
+
+  ## Enable persistence using Persistent Volume Claims
+  ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+  ##
+  persistence:
+    ## @param master.persistence.enabled Enable persistence on Master Server using Persistent Volume Claims
+    ##
+    enabled: true
+    ## @param master.persistence.mountPath Path to mount the volume at.
+    ##
+    mountPath: /data
+    ## @param master.persistence.subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
+    ##
+    subPath: ""
+    ## @param master.persistence.storageClass Storage class of backing PVC
+    ## If defined, storageClassName: <storageClass>
+    ## If set to "-", storageClassName: "", which disables dynamic provisioning
+    ## If undefined (the default) or set to null, no storageClassName spec is
+    ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+    ##   GKE, AWS & OpenStack)
+    ##
+    storageClass: ""
+    ## @param master.persistence.annotations Persistent Volume Claim annotations
+    ##
+    annotations: {}
+    ## @param master.persistence.accessModes Persistent Volume Access Modes
+    ##
+    accessModes:
+      - ReadWriteOnce
+    ## @param master.persistence.size Size of data volume
+    ##
+    size: 8Gi
+    ## @param master.persistence.existingClaim The name of an existing PVC to use for persistence
+    ##
+    existingClaim: ""
+    ## @param master.persistence.selector Selector to match an existing Persistent Volume for data PVC
+    ## If set, the PVC can't have a PV dynamically provisioned for it
+    ## E.g.
+    ## selector:
+    ##   matchLabels:
+    ##     app: my-app
+    ##
+    selector: {}
+    ## @param master.persistence.dataSource Custom PVC data source
+    ##
+    dataSource: {}
+
+  ## @section Master Server Metrics Parameters
+  ##
+  metrics:
+    ## @param master.metrics.enabled Enable the export of Prometheus metrics
+    ##
+    enabled: false
+    ## Metrics service properties
+    ##
+    service:
+      ## @param master.metrics.service.port Metrics service port
+      ##
+      port: 9327
+      ## @param master.metrics.service.annotations Annotations for the metrics service.
+      ##
+      annotations: {}
+    ## Prometheus Operator ServiceMonitor configuration
+    ##
+    serviceMonitor:
+      ## @param master.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
+      ##
+      enabled: false
+      ## @param master.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
+      ##
+      namespace: ""
+      ## @param master.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
+      ##
+      annotations: {}
+      ## @param master.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+      ##
+      labels: {}
+      ## @param master.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
+      ##
+      jobLabel: ""
+      ## @param master.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
+      ##
+      honorLabels: false
+      ## @param master.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## interval: 10s
+      ##
+      interval: ""
+      ## @param master.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## scrapeTimeout: 10s
+      ##
+      scrapeTimeout: ""
+      ## @param master.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
+      ##
+      metricRelabelings: []
+      ## @param master.metrics.serviceMonitor.relabelings Specify general relabeling
+      ##
+      relabelings: []
+      ## @param master.metrics.serviceMonitor.selector Prometheus instance selector labels
+      ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
+      ## selector:
+      ##   prometheus: my-prometheus
+      ##
+      selector: {}
+
+## @section Volume Server Parameters
+##
+volume:
+  ## @param volume.replicaCount Number of Volume Server replicas to deploy
+  ##
+  replicaCount: 1
+  ## @param volume.containerPorts.http Volume Server HTTP container port
+  ## @param volume.containerPorts.grpc Volume Server GRPC container port
+  ## @param volume.containerPorts.metrics Volume Server metrics container port
+  ##
+  containerPorts:
+    http: 8080
+    grpc: 18080
+    metrics: 9327
+  ## @param volume.extraContainerPorts Optionally specify extra list of additional ports for Volume Server containers
+  ## e.g:
+  ## extraContainerPorts:
+  ##   - name: myservice
+  ##     containerPort: 9090
+  ##
+  extraContainerPorts: []
+  ## Configure extra options for Volume Server containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param volume.livenessProbe.enabled Enable livenessProbe on Volume Server containers
+  ## @param volume.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param volume.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param volume.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param volume.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param volume.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param volume.readinessProbe.enabled Enable readinessProbe on Volume Server containers
+  ## @param volume.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param volume.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param volume.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param volume.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param volume.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param volume.startupProbe.enabled Enable startupProbe on Volume Server containers
+  ## @param volume.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param volume.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param volume.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param volume.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param volume.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 1
+    failureThreshold: 15
+    successThreshold: 1
+  ## @param volume.customLivenessProbe Custom livenessProbe that overrides the default one
+  ##
+  customLivenessProbe: {}
+  ## @param volume.customReadinessProbe Custom readinessProbe that overrides the default one
+  ##
+  customReadinessProbe: {}
+  ## @param volume.customStartupProbe Custom startupProbe that overrides the default one
+  ##
+  customStartupProbe: {}
+  ## Volume Server resource requests and limits
+  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param volume.resourcesPreset Set Volume Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volume.resources is set (volume.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "nano"
+  ## @param volume.resources Set Volume Server container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param volume.podSecurityContext.enabled Enable Volume Server pods' Security Context
+  ## @param volume.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Volume Server pods
+  ## @param volume.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Volume Server pods
+  ## @param volume.podSecurityContext.supplementalGroups Set filesystem extra groups for Volume Server pods
+  ## @param volume.podSecurityContext.fsGroup Set fsGroup in Volume Server pods' Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param volume.containerSecurityContext.enabled Enabled Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Volume Server container
+  ## @param volume.containerSecurityContext.runAsUser Set runAsUser in Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.runAsGroup Set runAsGroup in Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.privileged Set privileged in Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Volume Server container' Security Context
+  ## @param volume.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Volume Server container
+  ## @param volume.containerSecurityContext.seccompProfile.type Set seccomp profile in Volume Server container
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+  ## @param volume.logLevel Volume Server log level [0|1|2|3|4]
+  ##
+  logLevel: 1
+  ## @param volume.bindAddress Volume Server bind address
+  ##
+  bindAddress: 0.0.0.0
+  ## @param volume.publicUrl Volume Server public URL
+  ##
+  publicUrl: ""
+  ## @param volume.config Volume Server configuration
+  ## Specify content for volume.yml
+  ##
+  config: ""
+  ## @param volume.existingConfigmap The name of an existing ConfigMap with your custom configuration for Volume Server
+  ##
+  existingConfigmap: ""
+  ## @param volume.command Override default Volume Server container command (useful when using custom images)
+  ##
+  command: []
+  ## @param volume.args Override default Volume Server container args (useful when using custom images)
+  ##
+  args: []
+  ## @param volume.automountServiceAccountToken Mount Service Account token in Volume Server pods
+  ##
+  automountServiceAccountToken: false
+  ## @param volume.hostAliases Volume Server pods host aliases
+  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  ##
+  hostAliases: []
+  ## @param volume.statefulsetAnnotations Annotations for Volume Server statefulset
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  statefulsetAnnotations: {}
+  ## @param volume.podLabels Extra labels for Volume Server pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  ##
+  podLabels: {}
+  ## @param volume.podAnnotations Annotations for Volume Server pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+  ## @param volume.podAffinityPreset Pod affinity preset. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAffinityPreset: ""
+  ## @param volume.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAntiAffinityPreset: soft
+  ## Node volume.affinity preset
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+  ##
+  nodeAffinityPreset:
+    ## @param volume.nodeAffinityPreset.type Node affinity preset type. Ignored if `volume.affinity` is set. Allowed values: `soft` or `hard`
+    ##
+    type: ""
+    ## @param volume.nodeAffinityPreset.key Node label key to match. Ignored if `volume.affinity` is set
+    ##
+    key: ""
+    ## @param volume.nodeAffinityPreset.values Node label values to match. Ignored if `volume.affinity` is set
+    ## E.g.
+    ## values:
+    ##   - e2e-az1
+    ##   - e2e-az2
+    ##
+    values: []
+  ## @param volume.affinity Affinity for Volume Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ## NOTE: `volume.podAffinityPreset`, `volume.podAntiAffinityPreset`, and `volume.nodeAffinityPreset` will be ignored when it's set
+  ##
+  affinity: {}
+  ## @param volume.nodeSelector Node labels for Volume Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ##
+  nodeSelector: {}
+  ## @param volume.tolerations Tolerations for Volume Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## @param volume.updateStrategy.type Volume Server statefulset strategy type
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  ##
+  updateStrategy:
+    ## Can be set to RollingUpdate or OnDelete
+    ##
+    type: RollingUpdate
+  ## @param volume.podManagementPolicy Pod management policy for Volume Server statefulset
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
+  ##
+  podManagementPolicy: Parallel
+  ## @param volume.priorityClassName Volume Server pods' priorityClassName
+  ##
+  priorityClassName: ""
+  ## @param volume.topologySpreadConstraints Topology Spread Constraints for Volume Server pod assignment spread across your cluster among failure-domains
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+  ##
+  topologySpreadConstraints: []
+  ## @param volume.schedulerName Name of the k8s scheduler (other than default) for Volume Server pods
+  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+  ##
+  schedulerName: ""
+  ## @param volume.terminationGracePeriodSeconds Seconds Volume Server pods need to terminate gracefully
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+  ##
+  terminationGracePeriodSeconds: ""
+  ## @param volume.lifecycleHooks for Volume Server containers to automate configuration before or after startup
+  ##
+  lifecycleHooks: {}
+  ## @param volume.extraEnvVars Array with extra environment variables to add to Volume Server containers
+  ## e.g:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param volume.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Volume Server containers
+  ##
+  extraEnvVarsCM: ""
+  ## @param volume.extraEnvVarsSecret Name of existing Secret containing extra env vars for Volume Server containers
+  ##
+  extraEnvVarsSecret: ""
+  ## @param volume.extraVolumes Optionally specify extra list of additional volumes for the Volume Server pods
+  ##
+  extraVolumes: []
+  ## @param volume.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Volume Server containers
+  ##
+  extraVolumeMounts: []
+  ## @param volume.sidecars Add additional sidecar containers to the Volume Server pods
+  ## e.g:
+  ## sidecars:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  sidecars: []
+  ## @param volume.initContainers Add additional init containers to the Volume Server pods
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: []
+  ## Pod Disruption Budget configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
+  ## @param volume.pdb.create Enable/disable a Pod Disruption Budget creation
+  ## @param volume.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ## @param volume.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
+  ##
+  pdb:
+    create: false
+    minAvailable: 1
+    maxUnavailable: ""
+  ## Autoscaling configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  ## @param volume.autoscaling.enabled Enable autoscaling for volume
+  ## @param volume.autoscaling.minReplicas Minimum number of volume replicas
+  ## @param volume.autoscaling.maxReplicas Maximum number of volume replicas
+  ## @param volume.autoscaling.targetCPU Target CPU utilization percentage
+  ## @param volume.autoscaling.targetMemory Target Memory utilization percentage
+  ##
+  autoscaling:
+    enabled: false
+    minReplicas: ""
+    maxReplicas: ""
+    targetCPU: ""
+    targetMemory: ""
+
+  ## @section Volume Server Traffic Exposure Parameters
+  ##
+
+  ## Volume Server service parameters
+  ##
+  service:
+    ## @param volume.service.type Volume Server service type
+    ##
+    type: ClusterIP
+    ## @param volume.service.ports.http Volume Server service HTTP port
+    ## @param volume.service.ports.grpc Volume Server service GRPC port
+    ##
+    ports:
+      http: 8080
+      grpc: 18080
+    ## Node ports to expose
+    ## @param volume.service.nodePorts.http Node port for HTTP
+    ## @param volume.service.nodePorts.grpc Node port for GRPC
+    ## NOTE: choose port between <30000-32767>
+    ##
+    nodePorts:
+      http: ""
+      grpc: ""
+    ## @param volume.service.clusterIP Volume Server service Cluster IP
+    ## e.g.:
+    ## clusterIP: None
+    ##
+    clusterIP: ""
+    ## @param volume.service.loadBalancerIP Volume Server service Load Balancer IP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+    ##
+    loadBalancerIP: ""
+    ## @param volume.service.loadBalancerSourceRanges Volume Server service Load Balancer sources
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ## e.g:
+    ## loadBalancerSourceRanges:
+    ##   - 10.10.10.0/24
+    ##
+    loadBalancerSourceRanges: []
+    ## @param volume.service.externalTrafficPolicy Volume Server service external traffic policy
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## @param volume.service.annotations Additional custom annotations for Volume Server service
+    ##
+    annotations: {}
+    ## @param volume.service.extraPorts Extra ports to expose in Volume Server service (normally used with the `sidecars` value)
+    ##
+    extraPorts: []
+    ## @param volume.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+    ## Values: ClientIP or None
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ##
+    sessionAffinity: None
+    ## @param volume.service.sessionAffinityConfig Additional settings for the sessionAffinity
+    ## sessionAffinityConfig:
+    ##   clientIP:
+    ##     timeoutSeconds: 300
+    ##
+    sessionAffinityConfig: {}
+    ## Headless service properties
+    ##
+    headless:
+      ## @param volume.service.headless.annotations Annotations for the headless service.
+      ##
+      annotations: {}
+  ## Network Policies for Volume Server
+  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  ##
+  networkPolicy:
+    ## @param volume.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Volume Server
+    ##
+    enabled: true
+    ## @param volume.networkPolicy.allowExternal Don't require server label for connections
+    ## The Policy model to apply. When set to false, only pods with the correct
+    ## server label will have network access to the ports server is listening
+    ## on. When true, server will accept connections from any source
+    ## (with the correct destination port).
+    ##
+    allowExternal: true
+    ## @param volume.networkPolicy.allowExternalEgress Allow the Volume Server pods to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
+    ## @param volume.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+    ## e.g:
+    ## extraIngress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     from:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    extraIngress: []
+    ## @param volume.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
+    ## e.g:
+    ## extraEgress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     to:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    ##
+    extraEgress: []
+    ## @param volume.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+    ## @param volume.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+    ##
+    ingressNSMatchLabels: {}
+    ingressNSPodMatchLabels: {}
+  ## Volume Server ingress parameters
+  ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
+  ##
+  ingress:
+    ## @param volume.ingress.enabled Enable ingress record generation for Volume Server
+    ##
+    enabled: false
+    ## @param volume.ingress.pathType Ingress path type
+    ##
+    pathType: ImplementationSpecific
+    ## @param volume.ingress.apiVersion Force Ingress API version (automatically detected if not set)
+    ##
+    apiVersion: ""
+    ## @param volume.ingress.hostname Default host for the ingress record
+    ##
+    hostname: volume.seaweedfs.local
+    ## @param volume.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
+    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+    ##
+    ingressClassName: ""
+    ## @param volume.ingress.path Default path for the ingress record
+    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+    ##
+    path: /
+    ## @param volume.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## Use this parameter to set the required annotations for cert-manager, see
+    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+    ## e.g:
+    ## annotations:
+    ##   kubernetes.io/ingress.class: nginx
+    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+    ##
+    annotations: {}
+    ## @param volume.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+    ## You can:
+    ##   - Use the `ingress.secrets` parameter to create this TLS secret
+    ##   - Rely on cert-manager to create it by setting the corresponding annotations
+    ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+    ##
+    tls: false
+    ## @param volume.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+    ##
+    selfSigned: false
+    ## @param volume.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+    ## e.g:
+    ## extraHosts:
+    ##   - name: volume.seaweedfs.local
+    ##     path: /
+    ##
+    extraHosts: []
+    ## @param volume.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+    ## e.g:
+    ## extraPaths:
+    ## - path: /*
+    ##   backend:
+    ##     serviceName: ssl-redirect
+    ##     servicePort: use-annotation
+    ##
+    extraPaths: []
+    ## @param volume.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+    ## e.g:
+    ## extraTls:
+    ## - hosts:
+    ##     - volume.seaweedfs.local
+    ##   secretName: volume.seaweedfs.local-tls
+    ##
+    extraTls: []
+    ## @param volume.ingress.secrets Custom TLS certificates as secrets
+    ## NOTE: 'key' and 'certificate' are expected in PEM format
+    ## NOTE: 'name' should line up with a 'secretName' set further up
+    ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## It is also possible to create and manage the certificates outside of this helm chart
+    ## Please see README.md for more information
+    ## e.g:
+    ## secrets:
+    ##   - name: volume.seaweedfs.local-tls
+    ##     key: |-
+    ##       -----BEGIN RSA PRIVATE KEY-----
+    ##       ...
+    ##       -----END RSA PRIVATE KEY-----
+    ##     certificate: |-
+    ##       -----BEGIN CERTIFICATE-----
+    ##       ...
+    ##       -----END CERTIFICATE-----
+    ##
+    secrets: []
+    ## @param volume.ingress.extraRules Additional rules to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+    ## e.g:
+    ## extraRules:
+    ## - host: example.local
+    ##     http:
+    ##       path: /
+    ##       backend:
+    ##         service:
+    ##           name: example-svc
+    ##           port:
+    ##             name: http
+    ##
+    extraRules: []
+
+  ## @section Volume Server Persistence Parameters
+  ##
+
+  dataVolumes:
+    -
+      ## @param volume.dataVolumes[0].name Name of the data volume
+      ##
+      name: data-0
+      ## @param volume.dataVolumes[0].mountPath Path to mount the volume at.
+      ##
+      mountPath: /data-0
+      ## @param volume.dataVolumes[0].subPath The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services
+      ##
+      subPath: ""
+      ## Enable persistence using Persistent Volume Claims
+      ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+      ##
+      persistence:
+        ## @param volume.dataVolumes[0].persistence.enabled Enable persistence on Volume Server using Persistent Volume Claims
+        ##
+        enabled: true
+        ## @param volume.dataVolumes[0].persistence.storageClass Storage class of backing PVC
+        ## If defined, storageClassName: <storageClass>
+        ## If set to "-", storageClassName: "", which disables dynamic provisioning
+        ## If undefined (the default) or set to null, no storageClassName spec is
+        ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+        ##   GKE, AWS & OpenStack)
+        ##
+        storageClass: ""
+        ## @param volume.dataVolumes[0].persistence.annotations Persistent Volume Claim annotations
+        ##
+        annotations: {}
+        ## @param volume.dataVolumes[0].persistence.accessModes Persistent Volume Access Modes
+        ##
+        accessModes:
+          - ReadWriteOnce
+        ## @param volume.dataVolumes[0].persistence.size Size of data volume
+        ##
+        size: 8Gi
+        ## @param volume.dataVolumes[0].persistence.existingClaim The name of an existing PVC to use for persistence
+        ##
+        existingClaim: ""
+        ## @param volume.dataVolumes[0].persistence.selector Selector to match an existing Persistent Volume for data PVC
+        ## If set, the PVC can't have a PV dynamically provisioned for it
+        ## E.g.
+        ## selector:
+        ##   matchLabels:
+        ##     app: my-app
+        ##
+        selector: {}
+        ## @param volume.dataVolumes[0].persistence.dataSource Custom PVC data source
+        ##
+        dataSource: {}
+
+  ## @section Volume Server Metrics Parameters
+  ##
+  metrics:
+    ## @param volume.metrics.enabled Enable the export of Prometheus metrics
+    ##
+    enabled: false
+    ## Metrics service properties
+    ##
+    service:
+      ## @param volume.metrics.service.port Metrics service port
+      ##
+      port: 9327
+      ## @param volume.metrics.service.annotations Annotations for the metrics service.
+      ##
+      annotations: {}
+    ## Prometheus Operator ServiceMonitor configuration
+    ##
+    serviceMonitor:
+      ## @param volume.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
+      ##
+      enabled: false
+      ## @param volume.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
+      ##
+      namespace: ""
+      ## @param volume.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
+      ##
+      annotations: {}
+      ## @param volume.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+      ##
+      labels: {}
+      ## @param volume.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
+      ##
+      jobLabel: ""
+      ## @param volume.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
+      ##
+      honorLabels: false
+      ## @param volume.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## interval: 10s
+      ##
+      interval: ""
+      ## @param volume.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## scrapeTimeout: 10s
+      ##
+      scrapeTimeout: ""
+      ## @param volume.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
+      ##
+      metricRelabelings: []
+      ## @param volume.metrics.serviceMonitor.relabelings Specify general relabeling
+      ##
+      relabelings: []
+      ## @param volume.metrics.serviceMonitor.selector Prometheus instance selector labels
+      ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
+      ## selector:
+      ##   prometheus: my-prometheus
+      ##
+      selector: {}
+
+## @section Filer Server Parameters
+##
+filer:
+  ## @param filer.enabled Enable Filer Server deployment
+  ##
+  enabled: true
+  ## @param filer.replicaCount Number of Filer Server replicas to deploy
+  ##
+  replicaCount: 1
+  ## @param filer.containerPorts.http Filer Server HTTP container port
+  ## @param filer.containerPorts.grpc Filer Server GRPC container port
+  ## @param filer.containerPorts.metrics Filer Server metrics container port
+  ##
+  containerPorts:
+    http: 8888
+    grpc: 18888
+    metrics: 9327
+  ## @param filer.extraContainerPorts Optionally specify extra list of additional ports for Filer Server containers
+  ## e.g:
+  ## extraContainerPorts:
+  ##   - name: myservice
+  ##     containerPort: 9090
+  ##
+  extraContainerPorts: []
+  ## Configure extra options for Filer Server containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param filer.livenessProbe.enabled Enable livenessProbe on Filer Server containers
+  ## @param filer.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param filer.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param filer.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param filer.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param filer.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param filer.readinessProbe.enabled Enable readinessProbe on Filer Server containers
+  ## @param filer.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param filer.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param filer.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param filer.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param filer.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param filer.startupProbe.enabled Enable startupProbe on Filer Server containers
+  ## @param filer.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param filer.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param filer.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param filer.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param filer.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 1
+    failureThreshold: 15
+    successThreshold: 1
+  ## @param filer.customLivenessProbe Custom livenessProbe that overrides the default one
+  ##
+  customLivenessProbe: {}
+  ## @param filer.customReadinessProbe Custom readinessProbe that overrides the default one
+  ##
+  customReadinessProbe: {}
+  ## @param filer.customStartupProbe Custom startupProbe that overrides the default one
+  ##
+  customStartupProbe: {}
+  ## Filer Server resource requests and limits
+  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param filer.resourcesPreset Set Filer Server container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if filer.resources is set (filer.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "nano"
+  ## @param filer.resources Set Filer Server container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param filer.podSecurityContext.enabled Enable Filer Server pods' Security Context
+  ## @param filer.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Filer Server pods
+  ## @param filer.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Filer Server pods
+  ## @param filer.podSecurityContext.supplementalGroups Set filesystem extra groups for Filer Server pods
+  ## @param filer.podSecurityContext.fsGroup Set fsGroup in Filer Server pods' Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param filer.containerSecurityContext.enabled Enabled Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Filer Server container
+  ## @param filer.containerSecurityContext.runAsUser Set runAsUser in Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.runAsGroup Set runAsGroup in Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.privileged Set privileged in Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Filer Server container' Security Context
+  ## @param filer.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Filer Server container
+  ## @param filer.containerSecurityContext.seccompProfile.type Set seccomp profile in Filer Server container
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+  ## @param filer.logLevel Filer Server log level [0|1|2|3|4]
+  ##
+  logLevel: 1
+  ## @param filer.bindAddress Filer Server bind address
+  ##
+  bindAddress: 0.0.0.0
+  ## @param filer.config Filer Server configuration
+  ## Specify content for filer.yml
+  ##
+  config: |
+    [leveldb2]
+    enabled = false
+  ## @param filer.existingConfigmap The name of an existing ConfigMap with your custom configuration for Filer Server
+  ##
+  existingConfigmap: ""
+  ## @param filer.command Override default Filer Server container command (useful when using custom images)
+  ##
+  command: []
+  ## @param filer.args Override default Filer Server container args (useful when using custom images)
+  ##
+  args: []
+  ## @param filer.automountServiceAccountToken Mount Service Account token in Filer Server pods
+  ##
+  automountServiceAccountToken: false
+  ## @param filer.hostAliases Filer Server pods host aliases
+  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  ##
+  hostAliases: []
+  ## @param filer.statefulsetAnnotations Annotations for Filer Server statefulset
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  statefulsetAnnotations: {}
+  ## @param filer.podLabels Extra labels for Filer Server pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  ##
+  podLabels: {}
+  ## @param filer.podAnnotations Annotations for Filer Server pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+  ## @param filer.podAffinityPreset Pod affinity preset. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAffinityPreset: ""
+  ## @param filer.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAntiAffinityPreset: soft
+  ## Node filer.affinity preset
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+  ##
+  nodeAffinityPreset:
+    ## @param filer.nodeAffinityPreset.type Node affinity preset type. Ignored if `filer.affinity` is set. Allowed values: `soft` or `hard`
+    ##
+    type: ""
+    ## @param filer.nodeAffinityPreset.key Node label key to match. Ignored if `filer.affinity` is set
+    ##
+    key: ""
+    ## @param filer.nodeAffinityPreset.values Node label values to match. Ignored if `filer.affinity` is set
+    ## E.g.
+    ## values:
+    ##   - e2e-az1
+    ##   - e2e-az2
+    ##
+    values: []
+  ## @param filer.affinity Affinity for Filer Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ## NOTE: `filer.podAffinityPreset`, `filer.podAntiAffinityPreset`, and `filer.nodeAffinityPreset` will be ignored when it's set
+  ##
+  affinity: {}
+  ## @param filer.nodeSelector Node labels for Filer Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ##
+  nodeSelector: {}
+  ## @param filer.tolerations Tolerations for Filer Server pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## @param filer.updateStrategy.type Filer Server statefulset strategy type
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  ##
+  updateStrategy:
+    ## Can be set to RollingUpdate or OnDelete
+    ##
+    type: RollingUpdate
+  ## @param filer.podManagementPolicy Pod management policy for Filer Server statefulset
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
+  ##
+  podManagementPolicy: Parallel
+  ## @param filer.priorityClassName Filer Server pods' priorityClassName
+  ##
+  priorityClassName: ""
+  ## @param filer.topologySpreadConstraints Topology Spread Constraints for Filer Server pod assignment spread across your cluster among failure-domains
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+  ##
+  topologySpreadConstraints: []
+  ## @param filer.schedulerName Name of the k8s scheduler (other than default) for Filer Server pods
+  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+  ##
+  schedulerName: ""
+  ## @param filer.terminationGracePeriodSeconds Seconds Filer Server pods need to terminate gracefully
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+  ##
+  terminationGracePeriodSeconds: ""
+  ## @param filer.lifecycleHooks for Filer Server containers to automate configuration before or after startup
+  ##
+  lifecycleHooks: {}
+  ## @param filer.extraEnvVars Array with extra environment variables to add to Filer Server containers
+  ## e.g:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param filer.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Filer Server containers
+  ##
+  extraEnvVarsCM: ""
+  ## @param filer.extraEnvVarsSecret Name of existing Secret containing extra env vars for Filer Server containers
+  ##
+  extraEnvVarsSecret: ""
+  ## @param filer.extraVolumes Optionally specify extra list of additional volumes for the Filer Server pods
+  ##
+  extraVolumes: []
+  ## @param filer.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Filer Server containers
+  ##
+  extraVolumeMounts: []
+  ## @param filer.sidecars Add additional sidecar containers to the Filer Server pods
+  ## e.g:
+  ## sidecars:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  sidecars: []
+  ## @param filer.initContainers Add additional init containers to the Filer Server pods
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: []
+  ## Pod Disruption Budget configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
+  ## @param filer.pdb.create Enable/disable a Pod Disruption Budget creation
+  ## @param filer.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ## @param filer.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
+  ##
+  pdb:
+    create: false
+    minAvailable: 1
+    maxUnavailable: ""
+  ## Autoscaling configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  ## @param filer.autoscaling.enabled Enable autoscaling for filer
+  ## @param filer.autoscaling.minReplicas Minimum number of filer replicas
+  ## @param filer.autoscaling.maxReplicas Maximum number of filer replicas
+  ## @param filer.autoscaling.targetCPU Target CPU utilization percentage
+  ## @param filer.autoscaling.targetMemory Target Memory utilization percentage
+  ##
+  autoscaling:
+    enabled: false
+    minReplicas: ""
+    maxReplicas: ""
+    targetCPU: ""
+    targetMemory: ""
+
+  ## @section Filer Server Traffic Exposure Parameters
+  ##
+
+  ## Filer Server service parameters
+  ##
+  service:
+    ## @param filer.service.type Filer Server service type
+    ##
+    type: ClusterIP
+    ## @param filer.service.ports.http Filer Server service HTTP port
+    ## @param filer.service.ports.grpc Filer Server service GRPC port
+    ##
+    ports:
+      http: 8888
+      grpc: 18888
+    ## Node ports to expose
+    ## @param filer.service.nodePorts.http Node port for HTTP
+    ## @param filer.service.nodePorts.grpc Node port for GRPC
+    ## NOTE: choose port between <30000-32767>
+    ##
+    nodePorts:
+      http: ""
+      grpc: ""
+    ## @param filer.service.clusterIP Filer Server service Cluster IP
+    ## e.g.:
+    ## clusterIP: None
+    ##
+    clusterIP: ""
+    ## @param filer.service.loadBalancerIP Filer Server service Load Balancer IP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+    ##
+    loadBalancerIP: ""
+    ## @param filer.service.loadBalancerSourceRanges Filer Server service Load Balancer sources
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ## e.g:
+    ## loadBalancerSourceRanges:
+    ##   - 10.10.10.0/24
+    ##
+    loadBalancerSourceRanges: []
+    ## @param filer.service.externalTrafficPolicy Filer Server service external traffic policy
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## @param filer.service.annotations Additional custom annotations for Filer Server service
+    ##
+    annotations: {}
+    ## @param filer.service.extraPorts Extra ports to expose in Filer Server service (normally used with the `sidecars` value)
+    ##
+    extraPorts: []
+    ## @param filer.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+    ## Values: ClientIP or None
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ##
+    sessionAffinity: None
+    ## @param filer.service.sessionAffinityConfig Additional settings for the sessionAffinity
+    ## sessionAffinityConfig:
+    ##   clientIP:
+    ##     timeoutSeconds: 300
+    ##
+    sessionAffinityConfig: {}
+    ## Headless service properties
+    ##
+    headless:
+      ## @param filer.service.headless.annotations Annotations for the headless service.
+      ##
+      annotations: {}
+  ## Network Policies for Filer Server
+  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  ##
+  networkPolicy:
+    ## @param filer.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Filer Server
+    ##
+    enabled: true
+    ## @param filer.networkPolicy.allowExternal Don't require server label for connections
+    ## The Policy model to apply. When set to false, only pods with the correct
+    ## server label will have network access to the ports server is listening
+    ## on. When true, server will accept connections from any source
+    ## (with the correct destination port).
+    ##
+    allowExternal: true
+    ## @param filer.networkPolicy.allowExternalEgress Allow the Filer Server pods to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
+    ## @param filer.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+    ## e.g:
+    ## extraIngress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     from:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    extraIngress: []
+    ## @param filer.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
+    ## e.g:
+    ## extraEgress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     to:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    ##
+    extraEgress: []
+    ## @param filer.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+    ## @param filer.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+    ##
+    ingressNSMatchLabels: {}
+    ingressNSPodMatchLabels: {}
+  ## Filer Server ingress parameters
+  ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
+  ##
+  ingress:
+    ## @param filer.ingress.enabled Enable ingress record generation for Filer Server
+    ##
+    enabled: false
+    ## @param filer.ingress.pathType Ingress path type
+    ##
+    pathType: ImplementationSpecific
+    ## @param filer.ingress.apiVersion Force Ingress API version (automatically detected if not set)
+    ##
+    apiVersion: ""
+    ## @param filer.ingress.hostname Default host for the ingress record
+    ##
+    hostname: filer.seaweedfs.local
+    ## @param filer.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
+    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+    ##
+    ingressClassName: ""
+    ## @param filer.ingress.path Default path for the ingress record
+    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+    ##
+    path: /
+    ## @param filer.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## Use this parameter to set the required annotations for cert-manager, see
+    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+    ## e.g:
+    ## annotations:
+    ##   kubernetes.io/ingress.class: nginx
+    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+    ##
+    annotations: {}
+    ## @param filer.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+    ## You can:
+    ##   - Use the `ingress.secrets` parameter to create this TLS secret
+    ##   - Rely on cert-manager to create it by setting the corresponding annotations
+    ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+    ##
+    tls: false
+    ## @param filer.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+    ##
+    selfSigned: false
+    ## @param filer.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+    ## e.g:
+    ## extraHosts:
+    ##   - name: filer.seaweedfs.local
+    ##     path: /
+    ##
+    extraHosts: []
+    ## @param filer.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+    ## e.g:
+    ## extraPaths:
+    ## - path: /*
+    ##   backend:
+    ##     serviceName: ssl-redirect
+    ##     servicePort: use-annotation
+    ##
+    extraPaths: []
+    ## @param filer.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+    ## e.g:
+    ## extraTls:
+    ## - hosts:
+    ##     - filer.seaweedfs.local
+    ##   secretName: filer.seaweedfs.local-tls
+    ##
+    extraTls: []
+    ## @param filer.ingress.secrets Custom TLS certificates as secrets
+    ## NOTE: 'key' and 'certificate' are expected in PEM format
+    ## NOTE: 'name' should line up with a 'secretName' set further up
+    ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## It is also possible to create and manage the certificates outside of this helm chart
+    ## Please see README.md for more information
+    ## e.g:
+    ## secrets:
+    ##   - name: filer.seaweedfs.local-tls
+    ##     key: |-
+    ##       -----BEGIN RSA PRIVATE KEY-----
+    ##       ...
+    ##       -----END RSA PRIVATE KEY-----
+    ##     certificate: |-
+    ##       -----BEGIN CERTIFICATE-----
+    ##       ...
+    ##       -----END CERTIFICATE-----
+    ##
+    secrets: []
+    ## @param filer.ingress.extraRules Additional rules to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+    ## e.g:
+    ## extraRules:
+    ## - host: example.local
+    ##     http:
+    ##       path: /
+    ##       backend:
+    ##         service:
+    ##           name: example-svc
+    ##           port:
+    ##             name: http
+    ##
+    extraRules: []
+
+  ## @section Filer Server Metrics Parameters
+  ##
+  metrics:
+    ## @param filer.metrics.enabled Enable the export of Prometheus metrics
+    ##
+    enabled: false
+    ## Metrics service properties
+    ##
+    service:
+      ## @param filer.metrics.service.port Metrics service port
+      ##
+      port: 9327
+      ## @param filer.metrics.service.annotations Annotations for the metrics service.
+      ##
+      annotations: {}
+    ## Prometheus Operator ServiceMonitor configuration
+    ##
+    serviceMonitor:
+      ## @param filer.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
+      ##
+      enabled: false
+      ## @param filer.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
+      ##
+      namespace: ""
+      ## @param filer.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
+      ##
+      annotations: {}
+      ## @param filer.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+      ##
+      labels: {}
+      ## @param filer.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
+      ##
+      jobLabel: ""
+      ## @param filer.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
+      ##
+      honorLabels: false
+      ## @param filer.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## interval: 10s
+      ##
+      interval: ""
+      ## @param filer.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## scrapeTimeout: 10s
+      ##
+      scrapeTimeout: ""
+      ## @param filer.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
+      ##
+      metricRelabelings: []
+      ## @param filer.metrics.serviceMonitor.relabelings Specify general relabeling
+      ##
+      relabelings: []
+      ## @param filer.metrics.serviceMonitor.selector Prometheus instance selector labels
+      ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
+      ## selector:
+      ##   prometheus: my-prometheus
+      ##
+      selector: {}
+
+## @section Amazon S3 API Parameters
+##
+s3:
+  ## @param s3.enabled Enable Amazon S3 API deployment
+  ##
+  enabled: false
+  ## @param s3.replicaCount Number of Amazon S3 API replicas to deploy
+  ##
+  replicaCount: 1
+  ## @param s3.containerPorts.http Amazon S3 API HTTP container port
+  ## @param s3.containerPorts.grpc Amazon S3 API GRPC container port
+  ## @param s3.containerPorts.metrics Amazon S3 API metrics container port
+  ##
+  containerPorts:
+    http: 8333
+    grpc: 18333
+    metrics: 9327
+  ## @param s3.extraContainerPorts Optionally specify extra list of additional ports for Amazon S3 API containers
+  ## e.g:
+  ## extraContainerPorts:
+  ##   - name: myservice
+  ##     containerPort: 9090
+  ##
+  extraContainerPorts: []
+  ## Configure extra options for Amazon S3 API containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param s3.livenessProbe.enabled Enable livenessProbe on Amazon S3 API containers
+  ## @param s3.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param s3.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param s3.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param s3.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param s3.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param s3.readinessProbe.enabled Enable readinessProbe on Amazon S3 API containers
+  ## @param s3.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param s3.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param s3.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param s3.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param s3.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param s3.startupProbe.enabled Enable startupProbe on Amazon S3 API containers
+  ## @param s3.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param s3.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param s3.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param s3.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param s3.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 1
+    failureThreshold: 15
+    successThreshold: 1
+  ## @param s3.customLivenessProbe Custom livenessProbe that overrides the default one
+  ##
+  customLivenessProbe: {}
+  ## @param s3.customReadinessProbe Custom readinessProbe that overrides the default one
+  ##
+  customReadinessProbe: {}
+  ## @param s3.customStartupProbe Custom startupProbe that overrides the default one
+  ##
+  customStartupProbe: {}
+  ## Amazon S3 API resource requests and limits
+  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param s3.resourcesPreset Set Amazon S3 API container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if s3.resources is set (s3.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "nano"
+  ## @param s3.resources Set Amazon S3 API container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param s3.podSecurityContext.enabled Enable Amazon S3 API pods' Security Context
+  ## @param s3.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for Amazon S3 API pods
+  ## @param s3.podSecurityContext.sysctls Set kernel settings using the sysctl interface for Amazon S3 API pods
+  ## @param s3.podSecurityContext.supplementalGroups Set filesystem extra groups for Amazon S3 API pods
+  ## @param s3.podSecurityContext.fsGroup Set fsGroup in Amazon S3 API pods' Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param s3.containerSecurityContext.enabled Enabled Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in Amazon S3 API container
+  ## @param s3.containerSecurityContext.runAsUser Set runAsUser in Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.runAsGroup Set runAsGroup in Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.runAsNonRoot Set runAsNonRoot in Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.privileged Set privileged in Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in Amazon S3 API container' Security Context
+  ## @param s3.containerSecurityContext.capabilities.drop List of capabilities to be dropped in Amazon S3 API container
+  ## @param s3.containerSecurityContext.seccompProfile.type Set seccomp profile in Amazon S3 API container
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+  ## @param s3.logLevel Amazon S3 API log level [0|1|2|3|4]
+  ##
+  logLevel: 1
+  ## @param s3.bindAddress Amazon S3 API bind address
+  ##
+  bindAddress: 0.0.0.0
+  ## S3 Authentication
+  ## ref: https://github.com/seaweedfs/seaweedfs/wiki/Amazon-S3-API#s3-authentication
+  ## @param s3.auth.enabled Enable Amazon S3 API authentication
+  ## @param s3.auth.existingSecret Existing secret with Amazon S3 API authentication configuration
+  ## @param s3.auth.existingSecretConfigKey Key of the above existing secret with S3 API authentication configuration, defaults to `config.json`
+  ## @param s3.auth.adminAccessKeyId Amazon S3 API access key with admin privileges. Ignored if `security.mTLS.volume.existingSecret` is set
+  ## @param s3.auth.adminSecretAccessKey Amazon S3 API secret key with admin privileges. Ignored if `security.mTLS.volume.existingSecret` is set
+  ## @param s3.auth.readAccessKeyId Amazon S3 API read access key with read-only privileges. Ignored if `security.mTLS.volume.existingSecret` is set
+  ## @param s3.auth.readSecretAccessKey Amazon S3 API read secret key with read-only privileges. Ignored if `security.mTLS.volume.existingSecret` is set
+  ##
+  auth:
+    enabled: false
+    existingSecret: ""
+    existingSecretConfigKey: ""
+    adminAccessKeyId: ""
+    adminSecretAccessKey: ""
+    readAccessKeyId: ""
+    readSecretAccessKey: ""
+  ## @param s3.command Override default Amazon S3 API container command (useful when using custom images)
+  ##
+  command: []
+  ## @param s3.args Override default Amazon S3 API container args (useful when using custom images)
+  ##
+  args: []
+  ## @param s3.automountServiceAccountToken Mount Service Account token in Amazon S3 API pods
+  ##
+  automountServiceAccountToken: false
+  ## @param s3.hostAliases Amazon S3 API pods host aliases
+  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  ##
+  hostAliases: []
+  ## @param s3.statefulsetAnnotations Annotations for Amazon S3 API statefulset
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  statefulsetAnnotations: {}
+  ## @param s3.podLabels Extra labels for Amazon S3 API pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  ##
+  podLabels: {}
+  ## @param s3.podAnnotations Annotations for Amazon S3 API pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+  ## @param s3.podAffinityPreset Pod affinity preset. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAffinityPreset: ""
+  ## @param s3.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAntiAffinityPreset: soft
+  ## Node s3.affinity preset
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+  ##
+  nodeAffinityPreset:
+    ## @param s3.nodeAffinityPreset.type Node affinity preset type. Ignored if `s3.affinity` is set. Allowed values: `soft` or `hard`
+    ##
+    type: ""
+    ## @param s3.nodeAffinityPreset.key Node label key to match. Ignored if `s3.affinity` is set
+    ##
+    key: ""
+    ## @param s3.nodeAffinityPreset.values Node label values to match. Ignored if `s3.affinity` is set
+    ## E.g.
+    ## values:
+    ##   - e2e-az1
+    ##   - e2e-az2
+    ##
+    values: []
+  ## @param s3.affinity Affinity for Amazon S3 API pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ## NOTE: `s3.podAffinityPreset`, `s3.podAntiAffinityPreset`, and `s3.nodeAffinityPreset` will be ignored when it's set
+  ##
+  affinity: {}
+  ## @param s3.nodeSelector Node labels for Amazon S3 API pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ##
+  nodeSelector: {}
+  ## @param s3.tolerations Tolerations for Amazon S3 API pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## @param s3.updateStrategy.type Amazon S3 API deployment strategy type
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  ##
+  updateStrategy:
+    ## Can be set to RollingUpdate or Recreate
+    ##
+    type: RollingUpdate
+  ## @param s3.priorityClassName Amazon S3 API pods' priorityClassName
+  ##
+  priorityClassName: ""
+  ## @param s3.topologySpreadConstraints Topology Spread Constraints for Amazon S3 API pod assignment spread across your cluster among failure-domains
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+  ##
+  topologySpreadConstraints: []
+  ## @param s3.schedulerName Name of the k8s scheduler (other than default) for Amazon S3 API pods
+  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+  ##
+  schedulerName: ""
+  ## @param s3.terminationGracePeriodSeconds Seconds Amazon S3 API pods need to terminate gracefully
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+  ##
+  terminationGracePeriodSeconds: ""
+  ## @param s3.lifecycleHooks for Amazon S3 API containers to automate configuration before or after startup
+  ##
+  lifecycleHooks: {}
+  ## @param s3.extraEnvVars Array with extra environment variables to add to Amazon S3 API containers
+  ## e.g:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param s3.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Amazon S3 API containers
+  ##
+  extraEnvVarsCM: ""
+  ## @param s3.extraEnvVarsSecret Name of existing Secret containing extra env vars for Amazon S3 API containers
+  ##
+  extraEnvVarsSecret: ""
+  ## @param s3.extraVolumes Optionally specify extra list of additional volumes for the Amazon S3 API pods
+  ##
+  extraVolumes: []
+  ## @param s3.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Amazon S3 API containers
+  ##
+  extraVolumeMounts: []
+  ## @param s3.sidecars Add additional sidecar containers to the Amazon S3 API pods
+  ## e.g:
+  ## sidecars:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  sidecars: []
+  ## @param s3.initContainers Add additional init containers to the Amazon S3 API pods
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: []
+  ## Pod Disruption Budget configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
+  ## @param s3.pdb.create Enable/disable a Pod Disruption Budget creation
+  ## @param s3.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ## @param s3.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
+  ##
+  pdb:
+    create: false
+    minAvailable: 1
+    maxUnavailable: ""
+  ## Autoscaling configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  ## @param s3.autoscaling.enabled Enable autoscaling for s3
+  ## @param s3.autoscaling.minReplicas Minimum number of s3 replicas
+  ## @param s3.autoscaling.maxReplicas Maximum number of s3 replicas
+  ## @param s3.autoscaling.targetCPU Target CPU utilization percentage
+  ## @param s3.autoscaling.targetMemory Target Memory utilization percentage
+  ##
+  autoscaling:
+    enabled: false
+    minReplicas: ""
+    maxReplicas: ""
+    targetCPU: ""
+    targetMemory: ""
+
+  ## @section Amazon S3 API Traffic Exposure Parameters
+  ##
+
+  ## Amazon S3 API service parameters
+  ##
+  service:
+    ## @param s3.service.type Amazon S3 API service type
+    ##
+    type: ClusterIP
+    ## @param s3.service.ports.http Amazon S3 API service HTTP port
+    ## @param s3.service.ports.grpc Amazon S3 API service GRPC port
+    ##
+    ports:
+      http: 8333
+      grpc: 18333
+    ## Node ports to expose
+    ## @param s3.service.nodePorts.http Node port for HTTP
+    ## @param s3.service.nodePorts.grpc Node port for GRPC
+    ## NOTE: choose port between <30000-32767>
+    ##
+    nodePorts:
+      http: ""
+      grpc: ""
+    ## @param s3.service.clusterIP Amazon S3 API service Cluster IP
+    ## e.g.:
+    ## clusterIP: None
+    ##
+    clusterIP: ""
+    ## @param s3.service.loadBalancerIP Amazon S3 API service Load Balancer IP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+    ##
+    loadBalancerIP: ""
+    ## @param s3.service.loadBalancerSourceRanges Amazon S3 API service Load Balancer sources
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ## e.g:
+    ## loadBalancerSourceRanges:
+    ##   - 10.10.10.0/24
+    ##
+    loadBalancerSourceRanges: []
+    ## @param s3.service.externalTrafficPolicy Amazon S3 API service external traffic policy
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## @param s3.service.annotations Additional custom annotations for Amazon S3 API service
+    ##
+    annotations: {}
+    ## @param s3.service.extraPorts Extra ports to expose in Amazon S3 API service (normally used with the `sidecars` value)
+    ##
+    extraPorts: []
+    ## @param s3.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+    ## Values: ClientIP or None
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ##
+    sessionAffinity: None
+    ## @param s3.service.sessionAffinityConfig Additional settings for the sessionAffinity
+    ## sessionAffinityConfig:
+    ##   clientIP:
+    ##     timeoutSeconds: 300
+    ##
+    sessionAffinityConfig: {}
+    ## Headless service properties
+    ##
+    headless:
+      ## @param s3.service.headless.annotations Annotations for the headless service.
+      ##
+      annotations: {}
+  ## Network Policies for Amazon S3 API
+  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  ##
+  networkPolicy:
+    ## @param s3.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for Amazon S3 API
+    ##
+    enabled: true
+    ## @param s3.networkPolicy.allowExternal Don't require server label for connections
+    ## The Policy model to apply. When set to false, only pods with the correct
+    ## server label will have network access to the ports server is listening
+    ## on. When true, server will accept connections from any source
+    ## (with the correct destination port).
+    ##
+    allowExternal: true
+    ## @param s3.networkPolicy.allowExternalEgress Allow the Amazon S3 API pods to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
+    ## @param s3.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+    ## e.g:
+    ## extraIngress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     from:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    extraIngress: []
+    ## @param s3.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
+    ## e.g:
+    ## extraEgress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     to:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    ##
+    extraEgress: []
+    ## @param s3.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+    ## @param s3.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+    ##
+    ingressNSMatchLabels: {}
+    ingressNSPodMatchLabels: {}
+  ## Amazon S3 API ingress parameters
+  ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
+  ##
+  ingress:
+    ## @param s3.ingress.enabled Enable ingress record generation for Amazon S3 API
+    ##
+    enabled: false
+    ## @param s3.ingress.pathType Ingress path type
+    ##
+    pathType: ImplementationSpecific
+    ## @param s3.ingress.apiVersion Force Ingress API version (automatically detected if not set)
+    ##
+    apiVersion: ""
+    ## @param s3.ingress.hostname Default host for the ingress record
+    ##
+    hostname: s3.seaweedfs.local
+    ## @param s3.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
+    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+    ##
+    ingressClassName: ""
+    ## @param s3.ingress.path Default path for the ingress record
+    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+    ##
+    path: /
+    ## @param s3.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## Use this parameter to set the required annotations for cert-manager, see
+    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+    ## e.g:
+    ## annotations:
+    ##   kubernetes.io/ingress.class: nginx
+    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+    ##
+    annotations: {}
+    ## @param s3.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+    ## You can:
+    ##   - Use the `ingress.secrets` parameter to create this TLS secret
+    ##   - Rely on cert-manager to create it by setting the corresponding annotations
+    ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+    ##
+    tls: false
+    ## @param s3.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+    ##
+    selfSigned: false
+    ## @param s3.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+    ## e.g:
+    ## extraHosts:
+    ##   - name: s3.seaweedfs.local
+    ##     path: /
+    ##
+    extraHosts: []
+    ## @param s3.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+    ## e.g:
+    ## extraPaths:
+    ## - path: /*
+    ##   backend:
+    ##     serviceName: ssl-redirect
+    ##     servicePort: use-annotation
+    ##
+    extraPaths: []
+    ## @param s3.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+    ## e.g:
+    ## extraTls:
+    ## - hosts:
+    ##     - s3.seaweedfs.local
+    ##   secretName: s3.seaweedfs.local-tls
+    ##
+    extraTls: []
+    ## @param s3.ingress.secrets Custom TLS certificates as secrets
+    ## NOTE: 'key' and 'certificate' are expected in PEM format
+    ## NOTE: 'name' should line up with a 'secretName' set further up
+    ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## It is also possible to create and manage the certificates outside of this helm chart
+    ## Please see README.md for more information
+    ## e.g:
+    ## secrets:
+    ##   - name: s3.seaweedfs.local-tls
+    ##     key: |-
+    ##       -----BEGIN RSA PRIVATE KEY-----
+    ##       ...
+    ##       -----END RSA PRIVATE KEY-----
+    ##     certificate: |-
+    ##       -----BEGIN CERTIFICATE-----
+    ##       ...
+    ##       -----END CERTIFICATE-----
+    ##
+    secrets: []
+    ## @param s3.ingress.extraRules Additional rules to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+    ## e.g:
+    ## extraRules:
+    ## - host: example.local
+    ##     http:
+    ##       path: /
+    ##       backend:
+    ##         service:
+    ##           name: example-svc
+    ##           port:
+    ##             name: http
+    ##
+    extraRules: []
+
+  ## @section Amazon S3 API Metrics Parameters
+  ##
+  metrics:
+    ## @param s3.metrics.enabled Enable the export of Prometheus metrics
+    ##
+    enabled: false
+    ## Metrics service properties
+    ##
+    service:
+      ## @param s3.metrics.service.port Metrics service port
+      ##
+      port: 9327
+      ## @param s3.metrics.service.annotations Annotations for the metrics service.
+      ##
+      annotations: {}
+    ## Prometheus Operator ServiceMonitor configuration
+    ##
+    serviceMonitor:
+      ## @param s3.metrics.serviceMonitor.enabled if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`)
+      ##
+      enabled: false
+      ## @param s3.metrics.serviceMonitor.namespace Namespace in which Prometheus is running
+      ##
+      namespace: ""
+      ## @param s3.metrics.serviceMonitor.annotations Additional custom annotations for the ServiceMonitor
+      ##
+      annotations: {}
+      ## @param s3.metrics.serviceMonitor.labels Extra labels for the ServiceMonitor
+      ##
+      labels: {}
+      ## @param s3.metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in Prometheus
+      ##
+      jobLabel: ""
+      ## @param s3.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels
+      ##
+      honorLabels: false
+      ## @param s3.metrics.serviceMonitor.interval Interval at which metrics should be scraped.
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## interval: 10s
+      ##
+      interval: ""
+      ## @param s3.metrics.serviceMonitor.scrapeTimeout Timeout after which the scrape is ended
+      ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
+      ## e.g:
+      ## scrapeTimeout: 10s
+      ##
+      scrapeTimeout: ""
+      ## @param s3.metrics.serviceMonitor.metricRelabelings Specify additional relabeling of metrics
+      ##
+      metricRelabelings: []
+      ## @param s3.metrics.serviceMonitor.relabelings Specify general relabeling
+      ##
+      relabelings: []
+      ## @param s3.metrics.serviceMonitor.selector Prometheus instance selector labels
+      ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
+      ## selector:
+      ##   prometheus: my-prometheus
+      ##
+      selector: {}
+
+## @section WebDAV Parameters
+##
+webdav:
+  ## @param webdav.enabled Enable WebDAV deployment
+  ##
+  enabled: false
+  ## @param webdav.replicaCount Number of WebDAV replicas to deploy
+  ##
+  replicaCount: 1
+  ## @param webdav.containerPorts.http WebDAV HTTP container port (HTTPS if `webdav.tls.enabled` is `true`)
+  ##
+  containerPorts:
+    http: 7333
+  ## @param webdav.extraContainerPorts Optionally specify extra list of additional ports for WebDAV containers
+  ## e.g:
+  ## extraContainerPorts:
+  ##   - name: myservice
+  ##     containerPort: 9090
+  ##
+  extraContainerPorts: []
+  ## Configure extra options for WebDAV containers' liveness and readiness probes
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
+  ## @param webdav.livenessProbe.enabled Enable livenessProbe on WebDAV containers
+  ## @param webdav.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
+  ## @param webdav.livenessProbe.periodSeconds Period seconds for livenessProbe
+  ## @param webdav.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
+  ## @param webdav.livenessProbe.failureThreshold Failure threshold for livenessProbe
+  ## @param webdav.livenessProbe.successThreshold Success threshold for livenessProbe
+  ##
+  livenessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param webdav.readinessProbe.enabled Enable readinessProbe on WebDAV containers
+  ## @param webdav.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
+  ## @param webdav.readinessProbe.periodSeconds Period seconds for readinessProbe
+  ## @param webdav.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
+  ## @param webdav.readinessProbe.failureThreshold Failure threshold for readinessProbe
+  ## @param webdav.readinessProbe.successThreshold Success threshold for readinessProbe
+  ##
+  readinessProbe:
+    enabled: true
+    initialDelaySeconds: 30
+    timeoutSeconds: 30
+    periodSeconds: 10
+    successThreshold: 1
+    failureThreshold: 6
+  ## @param webdav.startupProbe.enabled Enable startupProbe on WebDAV containers
+  ## @param webdav.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
+  ## @param webdav.startupProbe.periodSeconds Period seconds for startupProbe
+  ## @param webdav.startupProbe.timeoutSeconds Timeout seconds for startupProbe
+  ## @param webdav.startupProbe.failureThreshold Failure threshold for startupProbe
+  ## @param webdav.startupProbe.successThreshold Success threshold for startupProbe
+  ##
+  startupProbe:
+    enabled: false
+    initialDelaySeconds: 5
+    periodSeconds: 5
+    timeoutSeconds: 1
+    failureThreshold: 15
+    successThreshold: 1
+  ## @param webdav.customLivenessProbe Custom livenessProbe that overrides the default one
+  ##
+  customLivenessProbe: {}
+  ## @param webdav.customReadinessProbe Custom readinessProbe that overrides the default one
+  ##
+  customReadinessProbe: {}
+  ## @param webdav.customStartupProbe Custom startupProbe that overrides the default one
+  ##
+  customStartupProbe: {}
+  ## WebDAV resource requests and limits
+  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param webdav.resourcesPreset Set WebDAV container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if webdav.resources is set (webdav.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "nano"
+  ## @param webdav.resources Set WebDAV container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## Configure Pods Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+  ## @param webdav.podSecurityContext.enabled Enable WebDAV pods' Security Context
+  ## @param webdav.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy for WebDAV pods
+  ## @param webdav.podSecurityContext.sysctls Set kernel settings using the sysctl interface for WebDAV pods
+  ## @param webdav.podSecurityContext.supplementalGroups Set filesystem extra groups for WebDAV pods
+  ## @param webdav.podSecurityContext.fsGroup Set fsGroup in WebDAV pods' Security Context
+  ##
+  podSecurityContext:
+    enabled: true
+    fsGroupChangePolicy: Always
+    sysctls: []
+    supplementalGroups: []
+    fsGroup: 1001
+  ## Configure Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param webdav.containerSecurityContext.enabled Enabled WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in WebDAV container
+  ## @param webdav.containerSecurityContext.runAsUser Set runAsUser in WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.runAsGroup Set runAsGroup in WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.runAsNonRoot Set runAsNonRoot in WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.readOnlyRootFilesystem Set readOnlyRootFilesystem in WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.privileged Set privileged in WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.allowPrivilegeEscalation Set allowPrivilegeEscalation in WebDAV container' Security Context
+  ## @param webdav.containerSecurityContext.capabilities.drop List of capabilities to be dropped in WebDAV container
+  ## @param webdav.containerSecurityContext.seccompProfile.type Set seccomp profile in WebDAV container
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 1001
+    runAsGroup: 1001
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    privileged: false
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["ALL"]
+    seccompProfile:
+      type: "RuntimeDefault"
+  ## @param webdav.logLevel WebDAV log level [0|1|2|3|4]
+  ##
+  logLevel: 1
+  ## TLS configuration for WebDAV
+  ##
+  tls:
+    ## @param webdav.tls.enabled Enable TLS transport for WebDAV
+    ##
+    enabled: false
+    ## @param webdav.tls.autoGenerated.enabled Enable automatic generation of certificates for TLS
+    ## @param webdav.tls.autoGenerated.engine Mechanism to generate the certificates (allowed values: helm, cert-manager)
+    autoGenerated:
+      enabled: false
+      engine: helm
+      ## @param webdav.tls.autoGenerated.certManager.existingIssuer The name of an existing Issuer to use for generating the certificates (only for `cert-manager` engine)
+      ## @param webdav.tls.autoGenerated.certManager.existingIssuerKind Existing Issuer kind, defaults to Issuer (only for `cert-manager` engine)
+      ## @param webdav.tls.autoGenerated.certManager.keyAlgorithm Key algorithm for the certificates (only for `cert-manager` engine)
+      ## @param webdav.tls.autoGenerated.certManager.keySize Key size for the certificates (only for `cert-manager` engine)
+      ## @param webdav.tls.autoGenerated.certManager.duration Duration for the certificates (only for `cert-manager` engine)
+      ## @param webdav.tls.autoGenerated.certManager.renewBefore Renewal period for the certificates (only for `cert-manager` engine)
+      certManager:
+        existingIssuer: ""
+        existingIssuerKind: ""
+        keySize: 2048
+        keyAlgorithm: RSA
+        duration: 2160h
+        renewBefore: 360h
+    ## @param webdav.tls.existingSecret The name of an existing Secret containing the certificates for TLS
+    ## @param webdav.tls.cert Volume Server certificate for TLS. Ignored if `webdav.tls.existingSecret` is set
+    ## @param webdav.tls.key Volume Server key for TLS. Ignored if `webdav.tls.existingSecret` is set
+    ##
+    existingSecret: ""
+    cert: ""
+    key: ""
+  ## @param webdav.command Override default WebDAV container command (useful when using custom images)
+  ##
+  command: []
+  ## @param webdav.args Override default WebDAV container args (useful when using custom images)
+  ##
+  args: []
+  ## @param webdav.automountServiceAccountToken Mount Service Account token in WebDAV pods
+  ##
+  automountServiceAccountToken: false
+  ## @param webdav.hostAliases WebDAV pods host aliases
+  ## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+  ##
+  hostAliases: []
+  ## @param webdav.statefulsetAnnotations Annotations for WebDAV statefulset
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  statefulsetAnnotations: {}
+  ## @param webdav.podLabels Extra labels for WebDAV pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
+  ##
+  podLabels: {}
+  ## @param webdav.podAnnotations Annotations for WebDAV pods
+  ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  podAnnotations: {}
+  ## @param webdav.podAffinityPreset Pod affinity preset. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAffinityPreset: ""
+  ## @param webdav.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
+  ##
+  podAntiAffinityPreset: soft
+  ## Node webdav.affinity preset
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
+  ##
+  nodeAffinityPreset:
+    ## @param webdav.nodeAffinityPreset.type Node affinity preset type. Ignored if `webdav.affinity` is set. Allowed values: `soft` or `hard`
+    ##
+    type: ""
+    ## @param webdav.nodeAffinityPreset.key Node label key to match. Ignored if `webdav.affinity` is set
+    ##
+    key: ""
+    ## @param webdav.nodeAffinityPreset.values Node label values to match. Ignored if `webdav.affinity` is set
+    ## E.g.
+    ## values:
+    ##   - e2e-az1
+    ##   - e2e-az2
+    ##
+    values: []
+  ## @param webdav.affinity Affinity for WebDAV pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
+  ## NOTE: `webdav.podAffinityPreset`, `webdav.podAntiAffinityPreset`, and `webdav.nodeAffinityPreset` will be ignored when it's set
+  ##
+  affinity: {}
+  ## @param webdav.nodeSelector Node labels for WebDAV pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
+  ##
+  nodeSelector: {}
+  ## @param webdav.tolerations Tolerations for WebDAV pods assignment
+  ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+  ##
+  tolerations: []
+  ## @param webdav.updateStrategy.type WebDAV deployment strategy type
+  ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+  ##
+  updateStrategy:
+    ## Can be set to RollingUpdate or Recreate
+    ##
+    type: RollingUpdate
+  ## @param webdav.priorityClassName WebDAV pods' priorityClassName
+  ##
+  priorityClassName: ""
+  ## @param webdav.topologySpreadConstraints Topology Spread Constraints for WebDAV pod assignment spread across your cluster among failure-domains
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
+  ##
+  topologySpreadConstraints: []
+  ## @param webdav.schedulerName Name of the k8s scheduler (other than default) for WebDAV pods
+  ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
+  ##
+  schedulerName: ""
+  ## @param webdav.terminationGracePeriodSeconds Seconds WebDAV pods need to terminate gracefully
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
+  ##
+  terminationGracePeriodSeconds: ""
+  ## @param webdav.lifecycleHooks for WebDAV containers to automate configuration before or after startup
+  ##
+  lifecycleHooks: {}
+  ## @param webdav.extraEnvVars Array with extra environment variables to add to WebDAV containers
+  ## e.g:
+  ## extraEnvVars:
+  ##   - name: FOO
+  ##     value: "bar"
+  ##
+  extraEnvVars: []
+  ## @param webdav.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for WebDAV containers
+  ##
+  extraEnvVarsCM: ""
+  ## @param webdav.extraEnvVarsSecret Name of existing Secret containing extra env vars for WebDAV containers
+  ##
+  extraEnvVarsSecret: ""
+  ## @param webdav.extraVolumes Optionally specify extra list of additional volumes for the WebDAV pods
+  ##
+  extraVolumes: []
+  ## @param webdav.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the WebDAV containers
+  ##
+  extraVolumeMounts: []
+  ## @param webdav.sidecars Add additional sidecar containers to the WebDAV pods
+  ## e.g:
+  ## sidecars:
+  ##   - name: your-image-name
+  ##     image: your-image
+  ##     imagePullPolicy: Always
+  ##     ports:
+  ##       - name: portname
+  ##         containerPort: 1234
+  ##
+  sidecars: []
+  ## @param webdav.initContainers Add additional init containers to the WebDAV pods
+  ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
+  ## e.g:
+  ## initContainers:
+  ##  - name: your-image-name
+  ##    image: your-image
+  ##    imagePullPolicy: Always
+  ##    command: ['sh', '-c', 'echo "hello world"']
+  ##
+  initContainers: []
+  ## Pod Disruption Budget configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb
+  ## @param webdav.pdb.create Enable/disable a Pod Disruption Budget creation
+  ## @param webdav.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled
+  ## @param webdav.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable
+  ##
+  pdb:
+    create: false
+    minAvailable: 1
+    maxUnavailable: ""
+  ## Autoscaling configuration
+  ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
+  ## @param webdav.autoscaling.enabled Enable autoscaling for webdav
+  ## @param webdav.autoscaling.minReplicas Minimum number of webdav replicas
+  ## @param webdav.autoscaling.maxReplicas Maximum number of webdav replicas
+  ## @param webdav.autoscaling.targetCPU Target CPU utilization percentage
+  ## @param webdav.autoscaling.targetMemory Target Memory utilization percentage
+  ##
+  autoscaling:
+    enabled: false
+    minReplicas: ""
+    maxReplicas: ""
+    targetCPU: ""
+    targetMemory: ""
+
+  ## @section WebDAV Traffic Exposure Parameters
+  ##
+
+  ## WebDAV service parameters
+  ##
+  service:
+    ## @param webdav.service.type WebDAV service type
+    ##
+    type: ClusterIP
+    ## @param webdav.service.ports.http WebDAV service HTTP port (HTTPS if `webdav.tls.enabled` is `true`)
+    ##
+    ports:
+      http: 7333
+    ## Node ports to expose
+    ## @param webdav.service.nodePorts.http Node port for HTTP (HTTPS if `webdav.tls.enabled` is `true`)
+    ## NOTE: choose port between <30000-32767>
+    ##
+    nodePorts:
+      http: ""
+    ## @param webdav.service.clusterIP WebDAV service Cluster IP
+    ## e.g.:
+    ## clusterIP: None
+    ##
+    clusterIP: ""
+    ## @param webdav.service.loadBalancerIP WebDAV service Load Balancer IP
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
+    ##
+    loadBalancerIP: ""
+    ## @param webdav.service.loadBalancerSourceRanges WebDAV service Load Balancer sources
+    ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
+    ## e.g:
+    ## loadBalancerSourceRanges:
+    ##   - 10.10.10.0/24
+    ##
+    loadBalancerSourceRanges: []
+    ## @param webdav.service.externalTrafficPolicy WebDAV service external traffic policy
+    ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
+    ##
+    externalTrafficPolicy: Cluster
+    ## @param webdav.service.annotations Additional custom annotations for WebDAV service
+    ##
+    annotations: {}
+    ## @param webdav.service.extraPorts Extra ports to expose in WebDAV service (normally used with the `sidecars` value)
+    ##
+    extraPorts: []
+    ## @param webdav.service.sessionAffinity Control where client requests go, to the same pod or round-robin
+    ## Values: ClientIP or None
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/service/
+    ##
+    sessionAffinity: None
+    ## @param webdav.service.sessionAffinityConfig Additional settings for the sessionAffinity
+    ## sessionAffinityConfig:
+    ##   clientIP:
+    ##     timeoutSeconds: 300
+    ##
+    sessionAffinityConfig: {}
+    ## Headless service properties
+    ##
+    headless:
+      ## @param webdav.service.headless.annotations Annotations for the headless service.
+      ##
+      annotations: {}
+  ## Network Policies for WebDAV
+  ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
+  ##
+  networkPolicy:
+    ## @param webdav.networkPolicy.enabled Specifies whether a NetworkPolicy should be created for WebDAV
+    ##
+    enabled: true
+    ## @param webdav.networkPolicy.allowExternal Don't require server label for connections
+    ## The Policy model to apply. When set to false, only pods with the correct
+    ## server label will have network access to the ports server is listening
+    ## on. When true, server will accept connections from any source
+    ## (with the correct destination port).
+    ##
+    allowExternal: true
+    ## @param webdav.networkPolicy.allowExternalEgress Allow the WebDAV pods to access any range of port and all destinations.
+    ##
+    allowExternalEgress: true
+    ## @param webdav.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
+    ## e.g:
+    ## extraIngress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     from:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    extraIngress: []
+    ## @param webdav.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
+    ## e.g:
+    ## extraEgress:
+    ##   - ports:
+    ##       - port: 1234
+    ##     to:
+    ##       - podSelector:
+    ##           - matchLabels:
+    ##               - role: frontend
+    ##       - podSelector:
+    ##           - matchExpressions:
+    ##               - key: role
+    ##                 operator: In
+    ##                 values:
+    ##                   - frontend
+    ##
+    extraEgress: []
+    ## @param webdav.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
+    ## @param webdav.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
+    ##
+    ingressNSMatchLabels: {}
+    ingressNSPodMatchLabels: {}
+  ## WebDAV ingress parameters
+  ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/
+  ##
+  ingress:
+    ## @param webdav.ingress.enabled Enable ingress record generation for WebDAV
+    ##
+    enabled: false
+    ## @param webdav.ingress.pathType Ingress path type
+    ##
+    pathType: ImplementationSpecific
+    ## @param webdav.ingress.apiVersion Force Ingress API version (automatically detected if not set)
+    ##
+    apiVersion: ""
+    ## @param webdav.ingress.hostname Default host for the ingress record
+    ##
+    hostname: webdav.seaweedfs.local
+    ## @param webdav.ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
+    ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
+    ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
+    ##
+    ingressClassName: ""
+    ## @param webdav.ingress.path Default path for the ingress record
+    ## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
+    ##
+    path: /
+    ## @param webdav.ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
+    ## Use this parameter to set the required annotations for cert-manager, see
+    ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
+    ## e.g:
+    ## annotations:
+    ##   kubernetes.io/ingress.class: nginx
+    ##   cert-manager.io/cluster-issuer: cluster-issuer-name
+    ##
+    annotations: {}
+    ## @param webdav.ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
+    ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
+    ## You can:
+    ##   - Use the `ingress.secrets` parameter to create this TLS secret
+    ##   - Rely on cert-manager to create it by setting the corresponding annotations
+    ##   - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
+    ##
+    tls: false
+    ## @param webdav.ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
+    ##
+    selfSigned: false
+    ## @param webdav.ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
+    ## e.g:
+    ## extraHosts:
+    ##   - name: webdav.seaweedfs.local
+    ##     path: /
+    ##
+    extraHosts: []
+    ## @param webdav.ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
+    ## e.g:
+    ## extraPaths:
+    ## - path: /*
+    ##   backend:
+    ##     serviceName: ssl-redirect
+    ##     servicePort: use-annotation
+    ##
+    extraPaths: []
+    ## @param webdav.ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+    ## e.g:
+    ## extraTls:
+    ## - hosts:
+    ##     - webdav.seaweedfs.local
+    ##   secretName: webdav.seaweedfs.local-tls
+    ##
+    extraTls: []
+    ## @param webdav.ingress.secrets Custom TLS certificates as secrets
+    ## NOTE: 'key' and 'certificate' are expected in PEM format
+    ## NOTE: 'name' should line up with a 'secretName' set further up
+    ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
+    ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
+    ## It is also possible to create and manage the certificates outside of this helm chart
+    ## Please see README.md for more information
+    ## e.g:
+    ## secrets:
+    ##   - name: webdav.seaweedfs.local-tls
+    ##     key: |-
+    ##       -----BEGIN RSA PRIVATE KEY-----
+    ##       ...
+    ##       -----END RSA PRIVATE KEY-----
+    ##     certificate: |-
+    ##       -----BEGIN CERTIFICATE-----
+    ##       ...
+    ##       -----END CERTIFICATE-----
+    ##
+    secrets: []
+    ## @param webdav.ingress.extraRules Additional rules to be covered with this ingress record
+    ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
+    ## e.g:
+    ## extraRules:
+    ## - host: example.local
+    ##     http:
+    ##       path: /
+    ##       backend:
+    ##         service:
+    ##           name: example-svc
+    ##           port:
+    ##             name: http
+    ##
+    extraRules: []
+
+## @section Init Container Parameters
+##
+
+## 'volumePermissions' init container parameters
+## Changes the owner and group of the persistent volume mount point to runAsUser:fsGroup values
+##   based on the *podSecurityContext/*containerSecurityContext parameters
+##
+volumePermissions:
+  ## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
+  ##
+  enabled: false
+  ## OS Shell + Utility image
+  ## ref: https://hub.docker.com/r/bitnami/os-shell/tags/
+  ## @param volumePermissions.image.registry [default: REGISTRY_NAME] OS Shell + Utility image registry
+  ## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] OS Shell + Utility image repository
+  ## @skip volumePermissions.image.tag OS Shell + Utility image tag (immutable tags are recommended)
+  ## @param volumePermissions.image.pullPolicy OS Shell + Utility image pull policy
+  ## @param volumePermissions.image.pullSecrets OS Shell + Utility image pull secrets
+  ##
+  image:
+    registry: docker.io
+    repository: bitnami/os-shell
+    tag: 12-debian-12-r16
+    pullPolicy: IfNotPresent
+    ## Optionally specify an array of imagePullSecrets.
+    ## Secrets must be manually created in the namespace.
+    ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
+    ## e.g:
+    ## pullSecrets:
+    ##   - myRegistryKeySecretName
+    ##
+    pullSecrets: []
+  ## Init container's resource requests and limits
+  ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+  ## @param volumePermissions.resourcesPreset Set init container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
+  ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+  ##
+  resourcesPreset: "nano"
+  ## @param volumePermissions.resources Set init container requests and limits for different resources like CPU or memory (essential for production workloads)
+  ## Example:
+  ## resources:
+  ##   requests:
+  ##     cpu: 2
+  ##     memory: 512Mi
+  ##   limits:
+  ##     cpu: 3
+  ##     memory: 1024Mi
+  ##
+  resources: {}
+  ## Init container Container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param volumePermissions.containerSecurityContext.enabled Enabled init container' Security Context
+  ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in init container
+  ## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
+  ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
+  ##   data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
+  ##   "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
+  ##
+  containerSecurityContext:
+    enabled: true
+    seLinuxOptions: {}
+    runAsUser: 0
+
+## @section Other Parameters
+##
+
+## ServiceAccount configuration
+##
+serviceAccount:
+  ## @param serviceAccount.create Specifies whether a ServiceAccount should be created
+  ##
+  create: true
+  ## @param serviceAccount.name The name of the ServiceAccount to use.
+  ## If not set and create is true, a name is generated using the common.names.fullname template
+  ##
+  name: ""
+  ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template)
+  ##
+  annotations: {}
+  ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account
+  ##
+  automountServiceAccountToken: true
+
+## @section Database Parameters
+##
+
+## MariaDB chart configuration
+## ref: https://github.com/bitnami/charts/blob/main/bitnami/mariadb/values.yaml
+##
+mariadb:
+  ## @param mariadb.enabled Deploy a MariaDB server to satisfy the Filer server database requirements
+  ## To use an external database set this to false and configure the `externalDatabase.*` parameters
+  ##
+  enabled: true
+  ## @param mariadb.architecture MariaDB architecture. Allowed values: `standalone` or `replication`
+  ##
+  architecture: standalone
+  ## MariaDB Authentication parameters
+  ## @param mariadb.auth.rootPassword MariaDB root password
+  ## @param mariadb.auth.database MariaDB custom database
+  ## @param mariadb.auth.username MariaDB custom user name
+  ## @param mariadb.auth.password MariaDB custom user password
+  ## @param mariadb.auth.usePasswordFiles Mount credentials as a file instead of using an environment variable
+  ## ref: https://github.com/bitnami/containers/tree/main/bitnami/mariadb#setting-the-root-password-on-first-run
+  ##      https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-on-first-run
+  ##      https://github.com/bitnami/containers/blob/main/bitnami/mariadb/README.md#creating-a-database-user-on-first-run
+  ##
+  auth:
+    rootPassword: ""
+    database: bitnami_seaweedfs
+    username: bn_seaweedfs
+    password: ""
+    usePasswordFiles: false
+  ## @param mariadb.initdbScripts [object] Specify dictionary of scripts to be run at first boot
+  ##
+  initdbScripts:
+    create_table.sql: |
+      USE bitnami_seaweedfs;
+      CREATE TABLE IF NOT EXISTS `filemeta` (
+        `dirhash`   BIGINT NOT NULL       COMMENT 'first 64 bits of MD5 hash value of directory field',
+        `name`      VARCHAR(766) NOT NULL COMMENT 'directory or file name',
+        `directory` TEXT NOT NULL         COMMENT 'full path to parent directory',
+        `meta`      LONGBLOB,
+        PRIMARY KEY (`dirhash`, `name`)
+      ) DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_bin;
+  ## MariaDB Primary configuration
+  ##
+  primary:
+    ## MariaDB Primary Persistence parameters
+    ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/
+    ## @param mariadb.primary.persistence.enabled Enable persistence on MariaDB using PVC(s)
+    ## @param mariadb.primary.persistence.storageClass Persistent Volume storage class
+    ## @param mariadb.primary.persistence.accessModes [array] Persistent Volume access modes
+    ## @param mariadb.primary.persistence.size Persistent Volume size
+    ##
+    persistence:
+      enabled: true
+      storageClass: ""
+      accessModes:
+        - ReadWriteOnce
+      size: 8Gi
+    ## MariaDB primary container's resource requests and limits
+    ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
+    ## We usually recommend not to specify default resources and to leave this as a conscious
+    ## choice for the user. This also increases chances charts run on environments with little
+    ## resources, such as Minikube. If you do want to specify resources, uncomment the following
+    ## lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+    ## @param mariadb.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
+    ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
+    ##
+    resourcesPreset: "micro"
+    ## @param mariadb.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+    ## Example:
+    ## resources:
+    ##   requests:
+    ##     cpu: 2
+    ##     memory: 512Mi
+    ##   limits:
+    ##     cpu: 3
+    ##     memory: 1024Mi
+    ##
+    resources: {}
+## External Database Configuration
+## All of these values are only used if `mariadb.enabled=false`
+##
+externalDatabase:
+  ## @param externalDatabase.host External Database server host
+  ##
+  host: localhost
+  ## @param externalDatabase.port External Database server port
+  ##
+  port: 3306
+  ## @param externalDatabase.user External Database username
+  ##
+  user: bn_seaweedfs
+  ## @param externalDatabase.password External Database user password
+  ##
+  password: ""
+  ## @param externalDatabase.database External Database database name
+  ##
+  database: bitnami_seaweedfs
+  ## @param externalDatabase.existingSecret The name of an existing secret with database credentials. Evaluated as a template
+  ## NOTE: Must contain key `mariadb-password`
+  ## NOTE: When it's set, the `externalDatabase.password` parameter is ignored
+  ##
+  existingSecret: ""