Add support for sharding

Author: MagicFun1241

charts/meilisearch/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "v1.18.0"
 description: A Helm chart for the Meilisearch search engine
 name: meilisearch
-version: 0.17.1
+version: 0.18.0
 icon: https://raw.githubusercontent.com/meilisearch/integration-guides/main/assets/logos/logo.svg
 home: https://github.com/meilisearch/meilisearch-kubernetes/tree/main/charts/meilisearch
 maintainers:

charts/meilisearch/README.md

@@ -50,6 +50,115 @@ For production deployment, the `environment.MEILI_MASTER_KEY` is required. If `M
 
 You can also use `auth.existingMasterKeySecret` to use an existing secret that has the key `MEILI_MASTER_KEY`
 
+## Horizontal Scaling with Sharding
+
+This chart supports Meilisearch's sharding feature for horizontal scaling across multiple replicas. Sharding is available exclusively in **Meilisearch Enterprise Edition v1.19+**.
+
+### Prerequisites
+
+1. **Meilisearch Enterprise Edition**: Version 1.19 or higher
+2. **License**: Required for production use (free for non-production environments under Business Source License 1.1)
+3. **Master Key**: All instances must share the same `MEILI_MASTER_KEY`
+4. **Primary Key**: Indexes must have a `primaryKey` configured before adding documents
+
+### Enabling Sharding
+
+To enable sharding in your Helm deployment:
+
+```yaml
+sharding:
+  enabled: true
+  replicaCount: 3  # Number of nodes in the sharded cluster
+  network:
+    experimentalFeatures: true
+    auth:
+      # Option 1: Let Helm generate random API keys (development)
+      searchApiKey: ""
+      writeApiKey: ""
+      
+      # Option 2: Use existing secret (recommended for production)
+      existingSecret: "my-sharding-keys-secret"
+      # The secret should contain 'searchApiKey' and 'writeApiKey' keys by default
+      
+      # If your existing secret uses different key names:
+      existingSecretSearchApiKey: "customSearchKeyName"
+      existingSecretWriteApiKey: "customWriteKeyName"
+
+persistence:
+  enabled: true
+  storageClass: "standard"
+  size: 10Gi
+```
+
+### How It Works
+
+When sharding is enabled:
+
+1. A **headless service** is created for StatefulSet pod-to-pod communication
+2. Each pod gets a unique **persistent volume** for its data partition
+3. A **network configurator sidecar** automatically configures the network topology
+4. Documents sent to any node are automatically distributed across all shards
+5. Each node indexes only its assigned subset of documents using consistent hashing
+
+### Searching Sharded Indexes
+
+To search across a sharded index, use [Meilisearch federated search](https://www.meilisearch.com/docs/learn/multi_search/performing_federated_search):
+
+```bash
+curl -X POST 'http://meilisearch:7700/multi-search' \
+  -H 'Authorization: Bearer YOUR_API_KEY' \
+  -H 'Content-Type: application/json' \
+  -d '{
+    "federation": {},
+    "queries": [
+      {
+        "indexUid": "movies",
+        "q": "star wars",
+        "federationOptions": { "remote": "node-0" }
+      },
+      {
+        "indexUid": "movies",
+        "q": "star wars",
+        "federationOptions": { "remote": "node-1" }
+      },
+      {
+        "indexUid": "movies",
+        "q": "star wars",
+        "federationOptions": { "remote": "node-2" }
+      }
+    ]
+  }'
+```
+
+### Architecture
+
+```
+┌─────────────────────────────────────────┐
+│         Load Balancer / Ingress         │
+└────────────────┬────────────────────────┘
+                 │
+      ┌──────────┼──────────┐
+      ▼          ▼          ▼
+  ┌──────┐  ┌──────┐  ┌──────┐
+  │Node-0│  │Node-1│  │Node-2│
+  └───┬──┘  └───┬──┘  └───┬──┘
+      │         │         │
+  ┌───▼──┐  ┌───▼──┐  ┌───▼──┐
+  │ PVC  │  │ PVC  │  │ PVC  │
+  │ 10Gi │  │ 10Gi │  │ 10Gi │
+  └──────┘  └──────┘  └──────┘
+```
+
+### Important Notes
+
+- **Persistence**: When sharding is enabled with persistence, each pod gets its own PVC (using volumeClaimTemplates)
+- **Scaling**: Changing the number of replicas after initial deployment requires careful data rebalancing
+- **Network Configuration**: Automatically handled by the sidecar container
+- **API Keys**: The `searchApiKey` and `writeApiKey` are used for secure inter-node communication
+- **Experimental**: Sharding is an experimental feature as of Meilisearch v1.19
+
+For more information, see the [official Meilisearch sharding documentation](https://www.meilisearch.com/blog/horizontal-scaling-with-sharding).
+
 ## Values
 
 | Key | Type | Default | Description |

charts/meilisearch/templates/configmap.yaml

@@ -11,3 +11,6 @@ data:
   {{- if $.Values.serviceMonitor.enabled }}
   MEILI_EXPERIMENTAL_ENABLE_METRICS: "true"
   {{- end }}
+  {{- if and .Values.sharding.enabled .Values.sharding.network.experimentalFeatures }}
+  MEILI_EXPERIMENTAL_ENABLE_SHARDING: "true"
+  {{- end }}

charts/meilisearch/templates/headless-service.yaml

@@ -0,0 +1,18 @@
+{{- if .Values.sharding.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "meilisearch.fullname" . }}-headless
+  labels:
+    {{- include "meilisearch.labels" . | nindent 4 }}
+spec:
+  clusterIP: None
+  publishNotReadyAddresses: true
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "meilisearch.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/meilisearch/templates/network-config.yaml

@@ -0,0 +1,58 @@
+{{- if .Values.sharding.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "meilisearch.fullname" . }}-network-config
+  labels:
+    {{- include "meilisearch.labels" . | nindent 4 }}
+data:
+  configure-network.sh: |
+    #!/bin/sh
+    set -e
+    
+    # Extract pod ordinal from hostname
+    POD_ORDINAL=${HOSTNAME##*-}
+    POD_NAME="node-${POD_ORDINAL}"
+    
+    # Wait for Meilisearch to be ready
+    echo "Waiting for Meilisearch to be ready..."
+    until curl -sf http://localhost:{{ .Values.service.port }}/health > /dev/null 2>&1; do
+      echo "Waiting for Meilisearch..."
+      sleep 2
+    done
+    echo "Meilisearch is ready!"
+    
+    # Build the remotes JSON object
+    REMOTES="{"
+    REPLICA_COUNT={{ .Values.sharding.replicaCount }}
+    FIRST=true
+    
+    for i in $(seq 0 $((REPLICA_COUNT - 1))); do
+      if [ "$i" != "$POD_ORDINAL" ]; then
+        if [ "$FIRST" = false ]; then
+          REMOTES="${REMOTES},"
+        fi
+        FIRST=false
+        NODE_NAME="node-${i}"
+        NODE_URL="http://{{ include "meilisearch.fullname" . }}-${i}.{{ include "meilisearch.fullname" . }}-headless.${NAMESPACE}.svc.cluster.local:{{ .Values.service.port }}"
+        REMOTES="${REMOTES}\"${NODE_NAME}\":{\"url\":\"${NODE_URL}\",\"searchApiKey\":\"${SEARCH_API_KEY}\",\"writeApiKey\":\"${WRITE_API_KEY}\"}"
+      fi
+    done
+    REMOTES="${REMOTES}}"
+    
+    echo "Configuring network for ${POD_NAME}..."
+    
+    # Step 1: Enable sharding
+    curl -X PATCH "http://localhost:{{ .Values.service.port }}/experimental-features/network" \
+      -H "Authorization: Bearer ${MEILI_MASTER_KEY}" \
+      -H "Content-Type: application/json" \
+      -d '{"sharding": true}' || echo "Warning: Failed to enable sharding"
+    
+    # Step 2: Configure network topology
+    curl -X PATCH "http://localhost:{{ .Values.service.port }}/experimental-features/network" \
+      -H "Authorization: Bearer ${MEILI_MASTER_KEY}" \
+      -H "Content-Type: application/json" \
+      -d "{\"self\":\"${POD_NAME}\",\"remotes\":${REMOTES}}" || echo "Warning: Failed to configure network"
+    
+    echo "Network configuration completed for ${POD_NAME}"
+{{- end }}

charts/meilisearch/templates/sharding-secret.yaml

@@ -0,0 +1,20 @@
+{{- if and .Values.sharding.enabled (not .Values.sharding.network.auth.existingSecret) -}}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "meilisearch.fullname" . }}-sharding-keys
+  labels:
+    {{- include "meilisearch.labels" . | nindent 4 }}
+type: Opaque
+data:
+  {{- if .Values.sharding.network.auth.searchApiKey }}
+  searchApiKey: {{ .Values.sharding.network.auth.searchApiKey | b64enc | quote }}
+  {{- else }}
+  searchApiKey: {{ randAlphaNum 32 | b64enc | quote }}
+  {{- end }}
+  {{- if .Values.sharding.network.auth.writeApiKey }}
+  writeApiKey: {{ .Values.sharding.network.auth.writeApiKey | b64enc | quote }}
+  {{- else }}
+  writeApiKey: {{ randAlphaNum 32 | b64enc | quote }}
+  {{- end }}
+{{- end }}

charts/meilisearch/templates/statefulset.yaml

@@ -5,8 +5,8 @@ metadata:
   labels:
     {{- include "meilisearch.labels" . | nindent 4 }}
 spec:
-  replicas: {{ .Values.replicaCount | default 1 }}
-  serviceName: {{ template "meilisearch.fullname" . }}
+  replicas: {{ if .Values.sharding.enabled }}{{ .Values.sharding.replicaCount }}{{ else }}{{ .Values.replicaCount | default 1 }}{{ end }}
+  serviceName: {{ if .Values.sharding.enabled }}{{ template "meilisearch.fullname" . }}-headless{{ else }}{{ template "meilisearch.fullname" . }}{{ end }}
   selector:
     matchLabels:
       {{- include "meilisearch.selectorLabels" . | nindent 6 }}
@@ -39,19 +39,27 @@ spec:
         - name: tmp
           emptyDir: {}
         {{- if .Values.persistence.enabled }}
+        {{- if not .Values.sharding.enabled }}
         - name: {{ .Values.persistence.volume.name }}
           persistentVolumeClaim:
             claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ include "meilisearch.fullname" . }}{{- end }}
+        {{- end }}
         {{- else }}
         - name: {{ .Values.persistence.volume.name }}
           emptyDir: {}
         {{- end }}
+        {{- if .Values.sharding.enabled }}
+        - name: network-config
+          configMap:
+            name: {{ include "meilisearch.fullname" . }}-network-config
+            defaultMode: 0755
+        {{- end }}
         {{- if .Values.volumes }}
 {{ toYaml .Values.volumes | indent 8 }}
         {{- end }}
 
-      {{ if .Values.initContainers }}
       initContainers:
+      {{- if .Values.initContainers }}
         {{ toYaml .Values.initContainers | nindent 8 }}
       {{- end }}
 
@@ -111,6 +119,63 @@ spec:
             timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
           resources:
 {{ toYaml .Values.resources | indent 12 }}
+          {{- if .Values.sharding.enabled }}
+          lifecycle:
+            postStart:
+              exec:
+                command:
+                  - /bin/sh
+                  - -c
+                  - |
+                    # Wait a bit for Meilisearch to fully initialize
+                    sleep 5
+          {{- end }}
+      {{- if .Values.sharding.enabled }}
+        - name: network-configurator
+          image: curlimages/curl:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              # Wait for main container to be ready
+              sleep 10
+              # Run the network configuration script
+              /scripts/configure-network.sh
+              # Keep the container running
+              echo "Network configuration completed. Sleeping..."
+              sleep infinity
+          env:
+            - name: NAMESPACE
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.namespace
+            - name: MEILI_MASTER_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ template "secretMasterKeyName" . }}
+                  key: MEILI_MASTER_KEY
+            - name: SEARCH_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ if .Values.sharding.network.auth.existingSecret }}{{ .Values.sharding.network.auth.existingSecret }}{{ else }}{{ include "meilisearch.fullname" . }}-sharding-keys{{ end }}
+                  key: {{ if .Values.sharding.network.auth.existingSecretSearchApiKey }}{{ .Values.sharding.network.auth.existingSecretSearchApiKey }}{{ else }}searchApiKey{{ end }}
+            - name: WRITE_API_KEY
+              valueFrom:
+                secretKeyRef:
+                  name: {{ if .Values.sharding.network.auth.existingSecret }}{{ .Values.sharding.network.auth.existingSecret }}{{ else }}{{ include "meilisearch.fullname" . }}-sharding-keys{{ end }}
+                  key: {{ if .Values.sharding.network.auth.existingSecretWriteApiKey }}{{ .Values.sharding.network.auth.existingSecretWriteApiKey }}{{ else }}writeApiKey{{ end }}
+          volumeMounts:
+            - name: network-config
+              mountPath: /scripts
+          securityContext:
+            runAsNonRoot: true
+            runAsUser: 100
+            capabilities:
+              drop:
+                - ALL
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+      {{- end }}
       {{- if .Values.containers }}
         {{ toYaml .Values.containers | nindent 8 }}
       {{- end }}
@@ -126,3 +191,25 @@ spec:
       tolerations:
 {{ toYaml . | indent 8 }}
     {{- end }}
+  {{- if and .Values.sharding.enabled .Values.persistence.enabled }}
+  volumeClaimTemplates:
+    - metadata:
+        name: {{ .Values.persistence.volume.name }}
+        {{- with .Values.persistence.annotations }}
+        annotations:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
+      spec:
+        accessModes:
+          - {{ .Values.persistence.accessMode | quote }}
+        {{- if .Values.persistence.storageClass }}
+        {{- if (eq "-" .Values.persistence.storageClass) }}
+        storageClassName: ""
+        {{- else }}
+        storageClassName: {{ .Values.persistence.storageClass | quote }}
+        {{- end }}
+        {{- end }}
+        resources:
+          requests:
+            storage: {{ .Values.persistence.size | quote }}
+  {{- end }}