feat: add PosixFS storage support

- Add PosixFS as alternative storage mode to S3
- Configure separate persistence for PosixFS volumes
- Enable volume separation for system and user data
- Tested successfully on Rackspace with 100GB user storage

Co-authored-by: Teo Hoinaru <[email protected]>

Author: teo

charts/opencloud/README.md

@@ -268,6 +268,14 @@ This will prepend `my-registry.com/` to all image references in the chart. For e
 | `opencloud.smtp.insecure` | SMTP insecure | `false` |
 | `opencloud.smtp.authentication` | SMTP authentication | `plain` |
 | `opencloud.smtp.encryption` | SMTP encryption | `starttls` |
+| `opencloud.storage.mode` | Choice between s3 and posixfs for user files | `s3` |
+
+### OpenCloud S3 Storage Settings
+
+The following options configure S3 for user file storage, either with the internal MinIO instance or with an external S3 provider.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
 | `opencloud.storage.s3.internal.enabled` | Enable internal MinIO instance | `true` |
 | `opencloud.storage.s3.internal.existingSecret` | Name of the existing secret | `` |
 | `opencloud.storage.s3.internal.rootUser` | MinIO root user | `opencloud` |
@@ -276,6 +284,7 @@ This will prepend `my-registry.com/` to all image references in the chart. For e
 | `opencloud.storage.s3.internal.region` | MinIO region | `default` |
 | `opencloud.storage.s3.internal.resources` | CPU/Memory resource requests/limits | See values.yaml |
 | `opencloud.storage.s3.internal.persistence.enabled` | Enable MinIO persistence | `true` |
+| `opencloud.storage.s3.internal.persistence.existingClaim` | Name of existing PVC instead of the settings below | `` |
 | `opencloud.storage.s3.internal.persistence.size` | Size of the MinIO persistent volume | `30Gi` |
 | `opencloud.storage.s3.internal.persistence.storageClass` | MinIO storage class | `""` |
 | `opencloud.storage.s3.internal.persistence.accessMode` | MinIO access mode | `ReadWriteOnce` |
@@ -288,6 +297,22 @@ This will prepend `my-registry.com/` to all image references in the chart. For e
 | `opencloud.storage.s3.external.bucket` | External S3 bucket | `""` |
 | `opencloud.storage.s3.external.createBucket` | Create bucket if it doesn't exist | `true` |
 
+### OpenCloud PosixFS Storage Settings
+
+The following options allow setting up a POSIX-compatible filesystem (such as NFS or CephFS) for user file storage instead of S3. This is useful for environments where object storage is not available or not desired.
+
+| Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `opencloud.storage.posixfs.idCacheStore` | Cache store, between 'memory', 'redis-sentinel', 'nats-js-kv', 'noop' | `nats-js-kv` |
+| `opencloud.storage.posixfs.rootPath` | Path of storage root directory in openCloud pod | `/var/lib/opencloud/storage` |
+| `opencloud.storage.posixfs.persistence.enabled` | Enable persistence for PosixFS | `true` |
+| `opencloud.storage.posixfs.persistence.existingClaim` | Name of existing PVC instead of the settings below | `""` |
+| `opencloud.storage.posixfs.persistence.size` | Size of the PosixFS persistent volume | `30Gi` |
+| `opencloud.storage.posixfs.persistence.storageClass` | Storage class for PosixFS volume | `""` |
+| `opencloud.storage.posixfs.persistence.accessMode` | Access mode for PosixFS volume | `ReadWriteMany` |
+
+**Note:** When using `posixfs` mode, ensure that the underlying storage supports the required access mode (e.g., `ReadWriteMany` for multiple replicas). The underlying filesystem must support `flock` and `xattrs` so for NFS the minimum version is 4.2.
+
 ### NATS Messaging Configuration
 
 | Parameter  | Description | Default |
@@ -435,7 +460,7 @@ The following HTTPRoutes are created when `httpRoute.enabled` is set to `true`:
    - Port: 8080
    - Headers: Adds Permissions-Policy header to prevent browser features like interest-based advertising
 
-3. **MinIO HTTPRoute** (when `opencloud.storage.s3.internal.enabled` is `true`):
+3. **MinIO HTTPRoute** (when `opencloud.storage.mode` is `s3` and `opencloud.storage.s3.internal.enabled` is `true`):
    - Hostname: `global.domain.minio`
    - Service: `{{ release-name }}-minio`
    - Port: 9001

charts/opencloud/templates/gateway/gateway.yaml

@@ -69,7 +69,7 @@ spec:
             matchLabels:
               kubernetes.io/metadata.name: {{ .Values.httpRoute.gateway.namespace | default .Release.Namespace }}
     {{- end }}
-    {{- if and .Values.opencloud.storage.s3.internal.enabled .Values.opencloud.storage.s3.internal.httpRoute.enabled }}
+    {{- if and (eq .Values.opencloud.storage.mode "s3") .Values.opencloud.storage.s3.internal.enabled .Values.opencloud.storage.s3.internal.httpRoute.enabled }}
     {{- if .Values.global.tls.enabled }}
     - name: minio-https
     {{- else }}

charts/opencloud/templates/gateway/minio-httproute.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.httpRoute.enabled .Values.opencloud.storage.s3.internal.enabled .Values.opencloud.storage.s3.internal.httpRoute.enabled }}
+{{- if and .Values.httpRoute.enabled (eq .Values.opencloud.storage.mode "s3") .Values.opencloud.storage.s3.internal.enabled .Values.opencloud.storage.s3.internal.httpRoute.enabled }}
 apiVersion: gateway.networking.k8s.io/v1beta1
 kind: HTTPRoute
 metadata:

charts/opencloud/templates/minio/deployment.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.opencloud.storage.s3.internal.enabled }}
+{{- if and (eq .Values.opencloud.storage.mode "s3") .Values.opencloud.storage.s3.internal.enabled }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/opencloud/templates/minio/pvc.yaml

@@ -1,4 +1,4 @@
-{{- if and .Values.opencloud.storage.s3.internal.enabled (and .Values.opencloud.storage.s3.internal.persistence.enabled (not .Values.opencloud.storage.s3.internal.persistence.existingClaim)) }}
+{{- if and (eq .Values.opencloud.storage.mode "s3") .Values.opencloud.storage.s3.internal.enabled (and .Values.opencloud.storage.s3.internal.persistence.enabled (not .Values.opencloud.storage.s3.internal.persistence.existingClaim)) }}
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:

charts/opencloud/templates/minio/secrets.yaml

@@ -1,4 +1,4 @@
-{{- if and (not .Values.opencloud.storage.s3.internal.existingSecret) .Values.opencloud.storage.s3.internal.enabled }}
+{{- if and (eq .Values.opencloud.storage.mode "s3") (and (not .Values.opencloud.storage.s3.internal.existingSecret) .Values.opencloud.storage.s3.internal.enabled) }}
 apiVersion: v1
 kind: Secret
 metadata:

charts/opencloud/templates/minio/service.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.opencloud.storage.s3.internal.enabled }}
+{{- if and (eq .Values.opencloud.storage.mode "s3") .Values.opencloud.storage.s3.internal.enabled }}
 apiVersion: v1
 kind: Service
 metadata:

charts/opencloud/templates/opencloud/deployment.yaml

@@ -317,12 +317,21 @@ spec:
             # Storage configuration
             # Always use decomposeds3 for user storage and decomposed for system storage
             - name: STORAGE_USERS_DRIVER
+            {{- if eq .Values.opencloud.storage.mode "posixfs" }}
+              value: "posix"
+            {{- else }}
               value: "decomposeds3"
+            {{- end }}
             - name: STORAGE_SYSTEM_DRIVER
               value: "decomposed"
 
+            {{- if eq .Values.opencloud.storage.mode "posixfs" }}
+            - name: STORAGE_USERS_POSIX_ROOT
+              value: {{ .Values.opencloud.storage.posixfs.rootPath | quote }}
+            - name: STORAGE_USERS_ID_CACHE_STORE
+              value: {{ .Values.opencloud.storage.posixfs.idCacheStore | quote }}
             # S3 storage configuration
-            {{- if .Values.opencloud.storage.s3.external.enabled }}
+            {{- else if and (eq .Values.opencloud.storage.mode "s3") .Values.opencloud.storage.s3.external.enabled }}
             # External S3 storage
             - name: STORAGE_USERS_DECOMPOSEDS3_ENDPOINT
               value: {{ .Values.opencloud.storage.s3.external.endpoint | quote }}
@@ -397,6 +406,10 @@ spec:
               mountPath: /etc/opencloud
             - name: data
               mountPath: /var/lib/opencloud
+            {{- if and (eq .Values.opencloud.storage.mode "posixfs") .Values.opencloud.storage.posixfs.persistence.enabled }}
+            - name: posixfs
+              mountPath: {{ .Values.opencloud.storage.posixfs.rootPath | default "/var/lib/opencloud/storage" | quote }}
+            {{- end }}
             - name: config-json
               mountPath: /var/lib/opencloud/config.json
               subPath: config.json
@@ -439,6 +452,15 @@ spec:
           {{- else }}
           emptyDir: {}
           {{- end }}
+        {{- if and (eq .Values.opencloud.storage.mode "posixfs") .Values.opencloud.storage.posixfs.persistence.enabled }}
+        - name: posixfs
+          persistentVolumeClaim:
+            {{- if .Values.opencloud.storage.posixfs.persistence.existingClaim }}
+            claimName: {{ .Values.opencloud.storage.posixfs.persistence.existingClaim | quote }}
+            {{- else }}
+            claimName: {{ include "opencloud.opencloud.fullname" . }}-posixfs
+            {{- end }}
+        {{- end }}
         - name: config-json
           configMap:
             name: {{ include "opencloud.opencloud.fullname" . }}-config-json

charts/opencloud/templates/opencloud/pvc.yaml

@@ -22,6 +22,7 @@ spec:
   {{- end }}
   {{- end }}
 {{- end }}
+
 {{- if and .Values.opencloud.enabled (and .Values.opencloud.persistence.data.enabled (not .Values.opencloud.persistence.data.existingClaim)) }}
 ---
 apiVersion: v1
@@ -48,3 +49,28 @@ spec:
   {{- end }}
 {{- end }}
 
+{{- if and (eq .Values.opencloud.storage.mode "posixfs") (and .Values.opencloud.storage.posixfs.persistence.enabled (not .Values.opencloud.storage.posixfs.persistence.existingClaim)) }}
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: {{ include "opencloud.opencloud.fullname" . }}-posixfs
+  annotations:
+    "helm.sh/resource-policy": "keep"
+  labels:
+    {{- include "opencloud.labels" . | nindent 4 }}
+    app.kubernetes.io/component: opencloud
+spec:
+  accessModes:
+    - {{ .Values.opencloud.storage.posixfs.persistence.accessMode | quote }}
+  resources:
+    requests:
+      storage: {{ .Values.opencloud.storage.posixfs.persistence.size | quote }}
+  {{- if .Values.opencloud.storage.posixfs.persistence.storageClass }}
+  {{- if (eq "-" .Values.opencloud.storage.posixfs.persistence.storageClass) }}
+  storageClassName: ""
+  {{- else }}
+  storageClassName: {{ .Values.opencloud.storage.posixfs.persistence.storageClass | quote }}
+  {{- end }}
+  {{- end }}
+{{- end }}

charts/opencloud/templates/opencloud/secrets.yaml

@@ -19,7 +19,7 @@ stringData:
   adminPassword: {{ .Values.opencloud.adminPassword }}
 {{- end }}
 ---
-{{- if and (not .Values.opencloud.storage.s3.external.existingSecret) .Values.opencloud.storage.s3.external.enabled }}
+{{- if and (eq .Values.opencloud.storage.mode "s3") (not .Values.opencloud.storage.s3.external.existingSecret) .Values.opencloud.storage.s3.external.enabled }}
 apiVersion: v1
 kind: Secret
 metadata: