From 6696c8ef4d9696e2d9bdf11c53ecb230805484e8 Mon Sep 17 00:00:00 2001 From: gabriel klawitter Date: Tue, 26 Mar 2019 10:58:34 +0100 Subject: [PATCH] Ci kubernetes chart update (#187) * update helm chart from substrate * ci: change container image to kubetools --- .gitlab-ci.yml | 2 +- scripts/kubernetes/Chart.yaml | 2 +- .../templates/poddisruptionbudget.yaml | 4 +- scripts/kubernetes/templates/service.yaml | 29 +++++-- .../kubernetes/templates/serviceaccount.yaml | 4 +- scripts/kubernetes/templates/statefulset.yaml | 87 +++++++++++++------ scripts/kubernetes/values.yaml | 13 ++- 7 files changed, 98 insertions(+), 43 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1a699ef205c47..948845f847773 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -212,7 +212,7 @@ publish-s3-release: when: manual cache: {} retry: 1 - image: parity/kubectl-helm:$HELM_VERSION + image: parity/kubetools:latest <<: *build-only tags: # this is the runner that is used to deploy it diff --git a/scripts/kubernetes/Chart.yaml b/scripts/kubernetes/Chart.yaml index 885cec57994a1..91652cef543e6 100644 --- a/scripts/kubernetes/Chart.yaml +++ b/scripts/kubernetes/Chart.yaml @@ -1,5 +1,5 @@ name: polkadot -version: 0.1 +version: 0.2 appVersion: 0.2.0 description: Polkadot Node Implementation home: https://polkadot.network/ diff --git a/scripts/kubernetes/templates/poddisruptionbudget.yaml b/scripts/kubernetes/templates/poddisruptionbudget.yaml index e19eae5f5d2ff..56958b1fbafd9 100644 --- a/scripts/kubernetes/templates/poddisruptionbudget.yaml +++ b/scripts/kubernetes/templates/poddisruptionbudget.yaml @@ -1,10 +1,10 @@ apiVersion: policy/v1beta1 kind: PodDisruptionBudget metadata: - name: polkadot + name: {{ .Values.GitlabEnvSlug | default .Values.app }} spec: selector: matchLabels: - app: polkadot + app: {{ .Values.GitlabEnvSlug | default .Values.app }} maxUnavailable: 1 diff --git a/scripts/kubernetes/templates/service.yaml b/scripts/kubernetes/templates/service.yaml index f64f4ac1bf76c..01ba9d5a567c5 100644 --- a/scripts/kubernetes/templates/service.yaml +++ b/scripts/kubernetes/templates/service.yaml @@ -5,9 +5,7 @@ apiVersion: v1 kind: Service metadata: - name: polkadot-rpc - labels: - app: polkadot + name: {{ .Values.app }}-rpc spec: ports: - port: 9933 @@ -15,15 +13,16 @@ spec: - port: 9944 name: websocket-rpc selector: - app: polkadot + app: {{ .Values.GitlabEnvSlug | default .Values.app }} sessionAffinity: None type: ClusterIP clusterIP: None --- +{{- if .Values.listen_node_port }} apiVersion: v1 kind: Service metadata: - name: polkadot + name: {{ .Values.app }} spec: ports: - port: 30333 @@ -31,9 +30,25 @@ spec: nodePort: 30333 protocol: TCP selector: - app: polkadot + app: {{ .Values.GitlabEnvSlug | default .Values.app }} sessionAffinity: None type: NodePort # don't route exteral traffic to non-local pods externalTrafficPolicy: Local - +{{- else if .Values.validator.keys }} +{{- $root := . -}} +{{- range until (int .Values.nodes.replicas) }} +--- +kind: Service +apiVersion: v1 +metadata: + name: {{ $root.Values.app }}-{{ . }} +spec: + selector: + statefulset.kubernetes.io/pod-name: {{ $root.Values.app }}-{{ . }} + ports: + - port: 30333 + targetPort: 30333 + protocol: TCP +{{- end }} +{{- end }} diff --git a/scripts/kubernetes/templates/serviceaccount.yaml b/scripts/kubernetes/templates/serviceaccount.yaml index 207cea964a1f3..cee891b1fa1e6 100644 --- a/scripts/kubernetes/templates/serviceaccount.yaml +++ b/scripts/kubernetes/templates/serviceaccount.yaml @@ -5,8 +5,6 @@ apiVersion: v1 kind: ServiceAccount metadata: labels: - app: polkadot - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} + app: {{ .Values.GitlabEnvSlug | default .Values.app }} name: {{ .Values.rbac.name }} {{- end }} diff --git a/scripts/kubernetes/templates/statefulset.yaml b/scripts/kubernetes/templates/statefulset.yaml index cb741d7c9dc0a..2f400bb32eb9d 100644 --- a/scripts/kubernetes/templates/statefulset.yaml +++ b/scripts/kubernetes/templates/statefulset.yaml @@ -3,12 +3,12 @@ apiVersion: apps/v1 kind: StatefulSet metadata: - name: polkadot + name: {{ .Values.app }} spec: selector: matchLabels: - app: polkadot - serviceName: polkadot + app: {{ .Values.GitlabEnvSlug | default .Values.app }} + serviceName: {{ .Values.app }} replicas: {{ .Values.nodes.replicas }} updateStrategy: type: RollingUpdate @@ -16,7 +16,7 @@ spec: template: metadata: labels: - app: polkadot + app: {{ .Values.GitlabEnvSlug | default .Values.app }} spec: {{- if .Values.rbac.enable }} serviceAccountName: {{ .Values.rbac.name }} @@ -31,7 +31,8 @@ spec: - key: node operator: In values: - - polkadot + - {{ .Values.node_group }} + {{- if .Values.listen_node_port }} podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: @@ -39,11 +40,41 @@ spec: - key: "app" operator: In values: - - polkadot + - {{ .Values.app }} topologyKey: "kubernetes.io/hostname" + {{- end }} terminationGracePeriodSeconds: 300 + {{- if .Values.validator.keys }} + volumes: + - name: {{ .Values.app }}-validator-secrets + secret: + secretName: {{ .Values.app }}-secrets + initContainers: + - name: prepare-secrets + image: busybox + command: [ "/bin/sh" ] + args: + - -c + - sed -n -r "s/^${POD_NAME}-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/key; + sed -n -r "s/^${POD_NAME}-node-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/node-key; + sed -n -r "s/^${POD_NAME}-name ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/name; + test -s {{ .Values.image.basepath }}/name || echo "${POD_NAME}" > {{ .Values.image.basepath }}/name + env: + # from (workaround for hostname) + # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/ + - name: POD_NAME + valueFrom: + fieldRef: + fieldPath: metadata.name + volumeMounts: + - name: {{ .Values.app }}-validator-secrets + readOnly: true + mountPath: "/etc/validator" + - name: {{ .Values.app }}dir + mountPath: {{ .Values.image.basepath }} + {{- end }} containers: - - name: polkapod + - name: {{ .Values.app }} imagePullPolicy: "{{ .Values.image.pullPolicy }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" {{- if .Values.resources }} @@ -59,40 +90,46 @@ spec: name: http-rpc - containerPort: 9944 name: websocket-rpc + command: ["/bin/sh"] args: - - --base-path - - {{ .Values.image.basepath }} - - --name - - $(MY_POD_NAME) - {{- range .Values.nodes.args }} - - {{ . }} - {{- end }} + - -c + - exec {{ .Values.image.executable }} + --base-path {{ .Values.image.basepath }} + {{- if .Values.validator.keys }} + --validator + --name $(cat {{ .Values.image.basepath }}/name) + --key $(cat {{ .Values.image.basepath }}/key) + --node-key $(cat {{ .Values.image.basepath }}/node-key) + {{- else }} + --name $(POD_NAME) + {{- end }} + {{- range .Values.nodes.args }} {{ . }} {{- end }} env: - # from (workaround for hostname) - # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/ - - name: MY_POD_NAME + - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name volumeMounts: - - name: polkadir + - name: {{ .Values.app }}dir mountPath: {{ .Values.image.basepath }} readinessProbe: - tcpSocket: + httpGet: + path: /health port: http-rpc - initialDelaySeconds: 30 - periodSeconds: 30 + initialDelaySeconds: 10 + periodSeconds: 10 livenessProbe: - tcpSocket: + httpGet: + path: /health port: http-rpc - initialDelaySeconds: 30 - periodSeconds: 30 + initialDelaySeconds: 10 + periodSeconds: 10 securityContext: runAsUser: 1000 fsGroup: 1000 volumeClaimTemplates: - metadata: - name: polkadir + name: {{ .Values.app }}dir spec: accessModes: [ "ReadWriteOnce" ] storageClassName: ssd diff --git a/scripts/kubernetes/values.yaml b/scripts/kubernetes/values.yaml index b32e6126b7660..98b81b0e1df27 100644 --- a/scripts/kubernetes/values.yaml +++ b/scripts/kubernetes/values.yaml @@ -4,6 +4,7 @@ image: tag: latest pullPolicy: Always basepath: /polkadot + executable: /usr/local/bin/polkadot # if set to true a service account for polkadot will be created @@ -11,12 +12,16 @@ rbac: enable: true name: polkadot +# name of the statefulset +app: polkadot +node_group: polkadot +listen_node_port: true nodes: replicas: 2 args: - --chain - - krummelanke + - alexander # serve rpc within the local network # - fenced off the world via firewall # - used for health checks @@ -24,11 +29,11 @@ nodes: - --ws-external # - --log # - sub-libp2p=trace - # - --validator - # - --key - # - key_name +validator: {} +# providing 'keys' string via --set commandline parameter will run the nodes +# in validator mode (--validator). # maybe adopt resource limits here to the nodes of the pool # resources: