From e94d6f78d7584b64115905d4d6f7959160dd1936 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sat, 29 Oct 2022 21:07:02 +0200 Subject: Enable daemonset deployment using the helm chart DaemonSet is a k8s resource that schedules one instance per node, which is useful for some garage deployment use cases, including managing garage nodes using k8s node labels --- script/helm/garage/templates/workload.yaml | 133 +++++++++++++++++++++++++++++ 1 file changed, 133 insertions(+) create mode 100644 script/helm/garage/templates/workload.yaml (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml new file mode 100644 index 00000000..f41eff6f --- /dev/null +++ b/script/helm/garage/templates/workload.yaml @@ -0,0 +1,133 @@ +apiVersion: apps/v1 +kind: {{ .Values.deployment.kind }} +metadata: + name: {{ include "garage.fullname" . }} + labels: + {{- include "garage.labels" . | nindent 4 }} +spec: + selector: + matchLabels: + {{- include "garage.selectorLabels" . | nindent 6 }} + {{- if eq .Values.deployment.kind "StatefulSet" }} + replicas: {{ .Values.deployment.replicaCount }} + serviceName: {{ include "garage.fullname" . }} + {{- end }} + template: + metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "garage.selectorLabels" . | nindent 8 }} + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "garage.serviceAccountName" . }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} + initContainers: + # Copies garage.toml from configmap to temporary etc volume and replaces RPC secret placeholder + - name: {{ .Chart.Name }}-init + image: busybox:1.28 + command: ["sh", "-c", "sed \"s/__RPC_SECRET_REPLACE__/$RPC_SECRET/\" /mnt/garage.toml > /mnt/etc/garage.toml"] + env: + - name: RPC_SECRET + valueFrom: + secretKeyRef: + name: {{ include "garage.rpcSecretName" . }} + key: rpcSecret + volumeMounts: + - name: configmap + mountPath: /mnt/garage.toml + subPath: garage.toml + - name: etc + mountPath: /mnt/etc + containers: + - name: {{ .Chart.Name }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 3900 + name: s3-api + - containerPort: 3902 + name: web-api + volumeMounts: + - name: meta + mountPath: /mnt/meta + - name: data + mountPath: /mnt/data + - name: etc + mountPath: /etc/garage.toml + subPath: garage.toml + # TODO + # livenessProbe: + # httpGet: + # path: / + # port: 3900 + # readinessProbe: + # httpGet: + # path: / + # port: 3900 + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: configmap + configMap: + name: {{ include "garage.fullname" . }}-config + - name: etc + emptyDir: {} + {{- if eq .Values.deployment.kind "DaemonSet" }} + {{- if .Values.persistence.enabled }} + - name: meta + hostPath: + path: {{ .Values.persistence.meta.hostPath }} + - name: data + hostPath: + path: {{ .Values.persistence.data.hostPath }} + {{- else }} + {{- end }} + - name: meta + emptyDir: {} + - name: data + emptyDir: {} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if and .Values.persistence.enabled (eq .Values.deployment.kind "StatefulSet") }} + volumeClaimTemplates: + - metadata: + name: meta + spec: + accessModes: [ "ReadWriteOnce" ] + {{- if hasKey .Values.persistence.meta "storageClass" }} + storageClassName: {{ .Values.persistence.meta.storageClass | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.meta.size | quote }} + - metadata: + name: data + spec: + accessModes: [ "ReadWriteOnce" ] + {{- if hasKey .Values.persistence.data "storageClass" }} + storageClassName: {{ .Values.persistence.data.storageClass | quote }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.data.size | quote }} + {{- end }} -- cgit v1.2.3 From 49a138b670cf820a69b76ed8de1fa3a10d9070ff Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sun, 6 Nov 2022 17:50:06 +0100 Subject: Fix volume handling and persistence flag --- script/helm/garage/templates/workload.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index f41eff6f..26ff153f 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -81,16 +81,16 @@ spec: name: {{ include "garage.fullname" . }}-config - name: etc emptyDir: {} - {{- if eq .Values.deployment.kind "DaemonSet" }} {{- if .Values.persistence.enabled }} + {{- if eq .Values.deployment.kind "DaemonSet" }} - name: meta hostPath: path: {{ .Values.persistence.meta.hostPath }} - name: data hostPath: path: {{ .Values.persistence.data.hostPath }} - {{- else }} {{- end }} + {{- else }} - name: meta emptyDir: {} - name: data -- cgit v1.2.3 From e9b0068079923910819e73c76d24c58de528eeb1 Mon Sep 17 00:00:00 2001 From: kaiyou Date: Sun, 6 Nov 2022 21:54:09 +0100 Subject: Set hostPath type for volumes --- script/helm/garage/templates/workload.yaml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index 26ff153f..057a9858 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -86,9 +86,11 @@ spec: - name: meta hostPath: path: {{ .Values.persistence.meta.hostPath }} + type: DirectoryOrCreate - name: data hostPath: path: {{ .Values.persistence.data.hostPath }} + type: DirectoryOrCreate {{- end }} {{- else }} - name: meta -- cgit v1.2.3 From da6f7b0dda594fc13c96db481dd0fa6ae4c8857e Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 21:06:11 +0100 Subject: feat(helm): ensure that config changes trigger a pod rollout --- script/helm/garage/templates/workload.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index 057a9858..da5d386f 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -14,8 +14,10 @@ spec: {{- end }} template: metadata: - {{- with .Values.podAnnotations }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: -- cgit v1.2.3 From fd03b184b33337e3f1de06a5cadd3c5bcc0a3536 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 21:46:43 +0100 Subject: fix(helm): file permission issues when running as non-root user Specify the user group for the garage (and init) process and ensure that the persistent storage is mounted with the correct file system group --- script/helm/garage/templates/workload.yaml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index da5d386f..718f7bea 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -41,6 +41,8 @@ spec: secretKeyRef: name: {{ include "garage.rpcSecretName" . }} key: rpcSecret + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} volumeMounts: - name: configmap mountPath: /mnt/garage.toml -- cgit v1.2.3 From d20e8c92564843e8c9abdf573db5ce7f6c58f482 Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Wed, 16 Nov 2022 21:53:28 +0100 Subject: feat(helm): allow to override the init container image --- script/helm/garage/templates/workload.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index 718f7bea..b0303869 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -33,7 +33,8 @@ spec: initContainers: # Copies garage.toml from configmap to temporary etc volume and replaces RPC secret placeholder - name: {{ .Chart.Name }}-init - image: busybox:1.28 + image: "{{ .Values.initImage.repository }}:{{ .Values.initImage.tag }}" + imagePullPolicy: {{ .Values.initImage.pullPolicy }} command: ["sh", "-c", "sed \"s/__RPC_SECRET_REPLACE__/$RPC_SECRET/\" /mnt/garage.toml > /mnt/etc/garage.toml"] env: - name: RPC_SECRET -- cgit v1.2.3 From b999bb36af59de899c2426c0ad35e4e04abc317d Mon Sep 17 00:00:00 2001 From: Patrick Jahns Date: Thu, 17 Nov 2022 23:33:00 +0100 Subject: feat(helm): ability to monitor garage via prometheus --- script/helm/garage/templates/workload.yaml | 2 ++ 1 file changed, 2 insertions(+) (limited to 'script/helm/garage/templates/workload.yaml') diff --git a/script/helm/garage/templates/workload.yaml b/script/helm/garage/templates/workload.yaml index b0303869..340c0054 100644 --- a/script/helm/garage/templates/workload.yaml +++ b/script/helm/garage/templates/workload.yaml @@ -61,6 +61,8 @@ spec: name: s3-api - containerPort: 3902 name: web-api + - containerPort: 3903 + name: admin volumeMounts: - name: meta mountPath: /mnt/meta -- cgit v1.2.3