aboutsummaryrefslogtreecommitdiff
path: root/script/helm/garage/templates
diff options
context:
space:
mode:
authorAlex <alex@adnab.me>2022-10-02 16:40:54 +0200
committerAlex <alex@adnab.me>2022-10-02 16:40:54 +0200
commite21b672c96da3c6d01a5ef964aa0ad7a38f8e74c (patch)
tree3c81b18ce35f168f7fe2b625340d484cf5037a9f /script/helm/garage/templates
parentb17d59cfabbe92c509f4888cae83f6053a8cab1e (diff)
parentdb0c8b3980c5cb056c9402332dd09a1bfb276997 (diff)
downloadgarage-e21b672c96da3c6d01a5ef964aa0ad7a38f8e74c.tar.gz
garage-e21b672c96da3c6d01a5ef964aa0ad7a38f8e74c.zip
Merge pull request 'Add helm chart' (#331) from chemicstry/garage:helm_chart into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/garage/pulls/331 Reviewed-by: maximilien <me@mricher.fr>
Diffstat (limited to 'script/helm/garage/templates')
-rw-r--r--script/helm/garage/templates/_helpers.tpl88
-rw-r--r--script/helm/garage/templates/clusterrole.yaml28
-rw-r--r--script/helm/garage/templates/configmap.yaml30
-rw-r--r--script/helm/garage/templates/ingress.yaml123
-rw-r--r--script/helm/garage/templates/secret.yaml14
-rw-r--r--script/helm/garage/templates/service.yaml19
-rw-r--r--script/helm/garage/templates/serviceaccount.yaml12
-rw-r--r--script/helm/garage/templates/statefulset.yaml116
8 files changed, 430 insertions, 0 deletions
diff --git a/script/helm/garage/templates/_helpers.tpl b/script/helm/garage/templates/_helpers.tpl
new file mode 100644
index 00000000..037a5f1c
--- /dev/null
+++ b/script/helm/garage/templates/_helpers.tpl
@@ -0,0 +1,88 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "garage.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "garage.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create the name of the rpc secret
+*/}}
+{{- define "garage.rpcSecretName" -}}
+{{- printf "%s-rpc-secret" (include "garage.fullname" .) -}}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "garage.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "garage.labels" -}}
+helm.sh/chart: {{ include "garage.chart" . }}
+{{ include "garage.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "garage.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "garage.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "garage.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "garage.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+ Returns given number of random Hex characters.
+ In practice, it generates up to 100 randAlphaNum strings
+ that are filtered from non-hex characters and augmented
+ to the resulting string that is finally trimmed down.
+*/}}
+{{- define "jupyterhub.randHex" -}}
+ {{- $result := "" }}
+ {{- range $i := until 100 }}
+ {{- if lt (len $result) . }}
+ {{- $rand_list := randAlphaNum . | splitList "" -}}
+ {{- $reduced_list := without $rand_list "g" "h" "i" "j" "k" "l" "m" "n" "o" "p" "q" "r" "s" "t" "u" "v" "w" "x" "y" "z" "A" "B" "C" "D" "E" "F" "G" "H" "I" "J" "K" "L" "M" "N" "O" "P" "Q" "R" "S" "T" "U" "V" "W" "X" "Y" "Z" }}
+ {{- $rand_string := join "" $reduced_list }}
+ {{- $result = print $result $rand_string -}}
+ {{- end }}
+ {{- end }}
+ {{- $result | trunc . }}
+{{- end }}
diff --git a/script/helm/garage/templates/clusterrole.yaml b/script/helm/garage/templates/clusterrole.yaml
new file mode 100644
index 00000000..fa3e6405
--- /dev/null
+++ b/script/helm/garage/templates/clusterrole.yaml
@@ -0,0 +1,28 @@
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: manage-crds-{{ .Release.Namespace }}-{{ .Release.Name }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+rules:
+- apiGroups: ["apiextensions.k8s.io"]
+ resources: ["customresourcedefinitions"]
+ verbs: ["get", "list", "watch", "create", "patch"]
+- apiGroups: ["deuxfleurs.fr"]
+ resources: ["garagenodes"]
+ verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: allow-crds-for-{{ .Release.Namespace }}-{{ .Release.Name }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+subjects:
+- kind: ServiceAccount
+ name: {{ include "garage.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+roleRef:
+ kind: ClusterRole
+ name: manage-crds-{{ .Release.Namespace }}-{{ .Release.Name }}
+ apiGroup: rbac.authorization.k8s.io \ No newline at end of file
diff --git a/script/helm/garage/templates/configmap.yaml b/script/helm/garage/templates/configmap.yaml
new file mode 100644
index 00000000..e33a4dbd
--- /dev/null
+++ b/script/helm/garage/templates/configmap.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "garage.fullname" . }}-config
+data:
+ garage.toml: |-
+ metadata_dir = "{{ .Values.garage.metadataDir }}"
+ data_dir = "{{ .Values.garage.dataDir }}"
+
+ replication_mode = "{{ .Values.garage.replicationMode }}"
+
+ rpc_bind_addr = "{{ .Values.garage.rpcBindAddr }}"
+ # rpc_secret will be populated by the init container from a k8s secret object
+ rpc_secret = "__RPC_SECRET_REPLACE__"
+
+ bootstrap_peers = {{ .Values.garage.bootstrapPeers }}
+
+ kubernetes_namespace = "{{ .Release.Namespace }}"
+ kubernetes_service_name = "{{ include "garage.fullname" . }}"
+ kubernetes_skip_crd = {{ .Values.garage.kubernetesSkipCrd }}
+
+ [s3_api]
+ s3_region = "{{ .Values.garage.s3.api.region }}"
+ api_bind_addr = "[::]:3900"
+ root_domain = "{{ .Values.garage.s3.api.rootDomain }}"
+
+ [s3_web]
+ bind_addr = "[::]:3902"
+ root_domain = "{{ .Values.garage.s3.web.rootDomain }}"
+ index = "{{ .Values.garage.s3.web.index }}" \ No newline at end of file
diff --git a/script/helm/garage/templates/ingress.yaml b/script/helm/garage/templates/ingress.yaml
new file mode 100644
index 00000000..c4ee5a3f
--- /dev/null
+++ b/script/helm/garage/templates/ingress.yaml
@@ -0,0 +1,123 @@
+{{- if .Values.ingress.s3.api.enabled -}}
+{{- $fullName := include "garage.fullname" . -}}
+{{- $svcPort := .Values.service.s3.api.port -}}
+{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.ingress.s3.api.annotations "kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.ingress.s3.api.annotations "kubernetes.io/ingress.class" .Values.ingress.s3.api.className}}
+ {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}-s3-api
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+ {{- with .Values.ingress.s3.api.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and .Values.ingress.s3.api.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.s3.api.className }}
+ {{- end }}
+ {{- if .Values.ingress.s3.api.tls }}
+ tls:
+ {{- range .Values.ingress.s3.api.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.s3.api.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+ pathType: {{ .pathType }}
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $svcPort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+---
+{{- if .Values.ingress.s3.web.enabled -}}
+{{- $fullName := include "garage.fullname" . -}}
+{{- $svcPort := .Values.service.s3.web.port -}}
+{{- if and .Values.ingress.s3.web.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+ {{- if not (hasKey .Values.ingress.s3.web.annotations "kubernetes.io/ingress.class") }}
+ {{- $_ := set .Values.ingress.s3.web.annotations "kubernetes.io/ingress.class" .Values.ingress.s3.web.className}}
+ {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+ name: {{ $fullName }}-s3-web
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+ {{- with .Values.ingress.s3.web.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+ {{- if and .Values.ingress.s3.web.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+ ingressClassName: {{ .Values.ingress.s3.web.className }}
+ {{- end }}
+ {{- if .Values.ingress.s3.web.tls }}
+ tls:
+ {{- range .Values.ingress.s3.web.tls }}
+ - hosts:
+ {{- range .hosts }}
+ - {{ . | quote }}
+ {{- end }}
+ secretName: {{ .secretName }}
+ {{- end }}
+ {{- end }}
+ rules:
+ {{- range .Values.ingress.s3.web.hosts }}
+ - host: {{ .host | quote }}
+ http:
+ paths:
+ {{- range .paths }}
+ - path: {{ .path }}
+ {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+ pathType: {{ .pathType }}
+ {{- end }}
+ backend:
+ {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+ service:
+ name: {{ $fullName }}
+ port:
+ number: {{ $svcPort }}
+ {{- else }}
+ serviceName: {{ $fullName }}
+ servicePort: {{ $svcPort }}
+ {{- end }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/script/helm/garage/templates/secret.yaml b/script/helm/garage/templates/secret.yaml
new file mode 100644
index 00000000..54749424
--- /dev/null
+++ b/script/helm/garage/templates/secret.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ include "garage.rpcSecretName" . }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+type: Opaque
+data:
+ {{/* retrieve the secret data using lookup function and when not exists, return an empty dictionary / map as result */}}
+ {{- $prevSecret := (lookup "v1" "Secret" .Release.Namespace (include "garage.rpcSecretName" .)) | default dict }}
+ {{- $prevSecretData := $prevSecret.data | default dict }}
+ {{- $prevRpcSecret := $prevSecretData.rpcSecret | default "" | b64dec }}
+ {{/* Priority is: 1. from values, 2. previous value, 3. generate random */}}
+ rpcSecret: {{ .Values.garage.rpcSecret | default $prevRpcSecret | default (include "jupyterhub.randHex" 64) | b64enc | quote }}
diff --git a/script/helm/garage/templates/service.yaml b/script/helm/garage/templates/service.yaml
new file mode 100644
index 00000000..2bfff99d
--- /dev/null
+++ b/script/helm/garage/templates/service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "garage.fullname" . }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - port: {{ .Values.service.s3.api.port }}
+ targetPort: 3900
+ protocol: TCP
+ name: s3-api
+ - port: {{ .Values.service.s3.web.port }}
+ targetPort: 3902
+ protocol: TCP
+ name: s3-web
+ selector:
+ {{- include "garage.selectorLabels" . | nindent 4 }}
diff --git a/script/helm/garage/templates/serviceaccount.yaml b/script/helm/garage/templates/serviceaccount.yaml
new file mode 100644
index 00000000..a0a89a33
--- /dev/null
+++ b/script/helm/garage/templates/serviceaccount.yaml
@@ -0,0 +1,12 @@
+{{- if .Values.serviceAccount.create -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ include "garage.serviceAccountName" . }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+ {{- with .Values.serviceAccount.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/script/helm/garage/templates/statefulset.yaml b/script/helm/garage/templates/statefulset.yaml
new file mode 100644
index 00000000..bda40117
--- /dev/null
+++ b/script/helm/garage/templates/statefulset.yaml
@@ -0,0 +1,116 @@
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+ name: {{ include "garage.fullname" . }}
+ labels:
+ {{- include "garage.labels" . | nindent 4 }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ selector:
+ matchLabels:
+ {{- include "garage.selectorLabels" . | nindent 6 }}
+ serviceName: {{ include "garage.fullname" . }}
+ template:
+ metadata:
+ {{- with .Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "garage.selectorLabels" . | nindent 8 }}
+ spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "garage.serviceAccountName" . }}
+ securityContext:
+ {{- toYaml .Values.podSecurityContext | nindent 8 }}
+ initContainers:
+ # Copies garage.toml from configmap to temporary etc volume and replaces RPC secret placeholder
+ - name: {{ .Chart.Name }}-init
+ image: busybox:1.28
+ command: ["sh", "-c", "sed \"s/__RPC_SECRET_REPLACE__/$RPC_SECRET/\" /mnt/garage.toml > /mnt/etc/garage.toml"]
+ env:
+ - name: RPC_SECRET
+ valueFrom:
+ secretKeyRef:
+ name: {{ include "garage.rpcSecretName" . }}
+ key: rpcSecret
+ volumeMounts:
+ - name: configmap
+ mountPath: /mnt/garage.toml
+ subPath: garage.toml
+ - name: etc
+ mountPath: /mnt/etc
+ containers:
+ - name: {{ .Chart.Name }}
+ securityContext:
+ {{- toYaml .Values.securityContext | nindent 12 }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ ports:
+ - containerPort: 3900
+ name: s3-api
+ - containerPort: 3902
+ name: web-api
+ volumeMounts:
+ - name: meta
+ mountPath: /mnt/meta
+ - name: data
+ mountPath: /mnt/data
+ - name: etc
+ mountPath: /etc/garage.toml
+ subPath: garage.toml
+ # TODO
+ # livenessProbe:
+ # httpGet:
+ # path: /
+ # port: 3900
+ # readinessProbe:
+ # httpGet:
+ # path: /
+ # port: 3900
+ resources:
+ {{- toYaml .Values.resources | nindent 12 }}
+ volumes:
+ - name: configmap
+ configMap:
+ name: {{ include "garage.fullname" . }}-config
+ - name: etc
+ emptyDir: {}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- if .Values.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: meta
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ {{- if hasKey .Values.persistence.meta "storageClass" }}
+ storageClassName: {{ .Values.persistence.meta.storageClass | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.meta.size | quote }}
+ - metadata:
+ name: data
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ {{- if hasKey .Values.persistence.data "storageClass" }}
+ storageClassName: {{ .Values.persistence.data.storageClass | quote }}
+ {{- end }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.data.size | quote }}
+ {{- end }}