Add support for replication service

CHANGELOG.md

@@ -1,5 +1,9 @@
 # Changelog
 
+# 1.7.21
+:new: What's new:
+- Add support for replication service (Enterprise-only feature)
+
 # 1.7.20
 :bug: Bugs fixed:
 - Fix MDS crash when securityContext sets a different runAsUser by adding PYTHONPATH workaround

charts/lakefs/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: lakefs
 description: A Helm chart for running LakeFS on Kubernetes
 type: application
-version: 1.7.20
+version: 1.7.21
 appVersion: 1.78.0
 
 home: https://lakefs.io

charts/lakefs/templates/_helpers.tpl

@@ -87,6 +87,36 @@ Define which repository to use according to the following:
 {{- end -}}
 {{- end -}}
 
+{{/*
+Replication resource full name
+*/}}
+{{- define "replication.fullname" -}}
+{{- $name := include "lakefs.fullname" . }}
+{{- printf "%s-replication" $name | trunc 63 }}
+{{- end }}
+
+{{/*
+Replication common labels
+*/}}
+{{- define "replication.labels" -}}
+helm.sh/chart: {{ include "lakefs.chart" . }}
+{{ include "replication.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Replication selector labels
+*/}}
+{{- define "replication.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "lakefs.name" . }}-replication
+app.kubernetes.io/instance: {{ .Release.Name }}
+app.kubernetes.io/component: replication
+app: {{ include "lakefs.name" . }}-replication
+{{- end }}
+
 {{- define "lakefs.dockerConfigJson" }}
 {{- $token := .Values.image.privateRegistry.secretToken }}
 {{- $username := "externallakefs" }}

charts/lakefs/templates/replication/configmap.yaml

@@ -0,0 +1,20 @@
+{{- if .Values.replication.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "replication.fullname" . }}
+  labels:
+    {{- include "replication.labels" . | nindent 4 }}
+data:
+  config.yaml: |
+    {{- $config := deepCopy .Values.replication.config }}
+    {{- $_ := set $config "committed" (dict "local_cache" (dict "dir" (printf "%s/cache" .Values.replication.local_cache.base_dir) "size_bytes" .Values.replication.local_cache.size_bytes)) }}
+    {{- /* Auto-populate refstore_database from lakefsConfig.database if not explicitly set */ -}}
+    {{- if not (hasKey $config "refstore_database") }}
+    {{- $lakefsConf := fromYaml .Values.lakefsConfig }}
+    {{- if and $lakefsConf (hasKey $lakefsConf "database") }}
+    {{- $_ := set $config "refstore_database" $lakefsConf.database }}
+    {{- end }}
+    {{- end }}
+    {{- toYaml $config | nindent 4 }}
+{{- end }}

charts/lakefs/templates/replication/deployment.yaml

@@ -0,0 +1,96 @@
+{{- if .Values.replication.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "replication.fullname" . }}
+  labels:
+    {{- include "replication.labels" . | nindent 4 }}
+spec:
+  # Increasing replicas will not improve performance and is not recommended.
+  # The service uses internal concurrency controls and running multiple replicas
+  # may cause conflicts.
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "replication.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- with .Values.replication.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "replication.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.replication.serviceAccountName }}
+      serviceAccountName: {{ .Values.replication.serviceAccountName }}
+      {{- end }}
+      containers:
+        - name: replication
+          image: "{{ .Values.replication.image.repository }}:{{ .Values.replication.image.tag }}"
+          imagePullPolicy: {{ .Values.replication.image.pullPolicy }}
+          args: ["run", "--config", "/etc/replication/config.yaml"]
+          ports:
+            - containerPort: {{ .Values.replication.port }}
+              protocol: TCP
+          {{- if or .Values.replication.extraEnvVars .Values.replication.extraEnvVarsSecret }}
+          env:
+            {{- with .Values.replication.extraEnvVars }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+            {{- if .Values.replication.extraEnvVarsSecret }}
+            - name: REPLICATION_LAKEFS_ACCESS_KEY_ID
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.replication.extraEnvVarsSecret }}
+                  key: source_lakefs_access_key_id
+            - name: REPLICATION_LAKEFS_SECRET_ACCESS_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.replication.extraEnvVarsSecret }}
+                  key: source_lakefs_secret_access_key
+            - name: REPLICATION_AUTH_ENCRYPT_SECRET_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.replication.extraEnvVarsSecret }}
+                  key: auth_encrypt_secret_key
+            {{- end }}
+          {{- end }}
+          volumeMounts:
+            - name: config
+              mountPath: /etc/replication
+              readOnly: true
+            - name: cache
+              mountPath: {{ .Values.replication.local_cache.base_dir }}
+          readinessProbe:
+            httpGet:
+              path: /_health
+              port: {{ .Values.replication.port }}
+            initialDelaySeconds: 5
+            periodSeconds: 10
+          livenessProbe:
+            httpGet:
+              path: /_health
+              port: {{ .Values.replication.port }}
+            initialDelaySeconds: 10
+            periodSeconds: 30
+          {{- with .Values.replication.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      volumes:
+        - name: config
+          configMap:
+            name: {{ include "replication.fullname" . }}
+        - name: cache
+          emptyDir: {}
+      {{- if (.Values.image.privateRegistry).enabled }}
+      imagePullSecrets:
+       {{- if (.Values.image.privateRegistry).secretToken }}
+        - name: "docker-registry"
+       {{- else if (.Values.image.privateRegistry).secretName }}
+        - name: {{ .Values.image.privateRegistry.secretName }}
+       {{- end }}
+      {{- end }}
+{{- end }}

charts/lakefs/templates/replication/service.yaml

@@ -0,0 +1,16 @@
+{{- if .Values.replication.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "replication.fullname" . }}
+  labels:
+    {{- include "replication.labels" . | nindent 4 }}
+spec:
+  type: ClusterIP
+  ports:
+    - port: {{ .Values.replication.port }}
+      targetPort: {{ .Values.replication.port }}
+      protocol: TCP
+  selector:
+    {{- include "replication.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/lakefs/values.yaml

@@ -159,6 +159,57 @@ mds:
       #   - main
       #   - feature-*
 
+# https://docs.lakefs.io/latest/howto/mirroring/
+replication:
+  enabled: false
+  image:
+    repository: treeverse/replication
+    tag: 0.1.17
+    pullPolicy: IfNotPresent
+  port: 8008
+  resources: {}
+  podAnnotations: {}
+  extraEnvVars: []
+  extraEnvVarsSecret: null
+  serviceAccountName: ""
+  base_dir: /home/replication
+  local_cache:
+    base_dir: /cache
+    size_bytes: "512000000"
+  # All replication service configuration.
+  # Required fields: region, organization_id, mirrors_database, auth, blockstore.
+  # See services/mirroring/config.go for the full schema.
+  # Note: committed.local_cache (dir and size_bytes) is automatically injected from
+  #       replication.local_cache above — do not set it here.
+  # Note: refstore_database is automatically populated from lakefsConfig.database
+  #       if not explicitly set here.
+  # Example:
+  #   region: "us-east-1"
+  #   organization_id: "my-org"
+  #   regional_endpoint: "https://my-lakefs.us-east-1.example.com"
+  #   lakefs_access_key_id: "AKIAIOSFODNN7EXAMPLE"
+  #   lakefs_secret_access_key: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
+  #   dst_endpoints:
+  #     us-west-2: "https://my-lakefs.us-west-2.example.com"
+  #   mirrors_database:
+  #     type: dynamodb
+  #     dynamodb:
+  #       table_name: lakefs-replication-table
+  #   refstore_database:
+  #     type: dynamodb
+  #     dynamodb:
+  #       table_name: lakefs-refstore-my-org
+  #   auth:
+  #     api:
+  #       endpoint: "http://lakefs:8000/api/v1"
+  #     encrypt:
+  #       secret_key: "some-random-secret"
+  #   blockstore:
+  #     type: s3
+  #     s3:
+  #       region: "us-east-1"
+  config: {}
+
 # Start local postgres pod for quick start, not for production
 useDevPostgres: false