LBRY on Kubernetes with Helm

This commit is contained in:
Ryan McGuire 2019-04-30 19:13:10 -04:00 committed by Leopere
parent 7def73d24c
commit 2849405dcc
50 changed files with 2100 additions and 0 deletions

4
contrib/k8s-lbry/.gitignore vendored Normal file
View file

@ -0,0 +1,4 @@
index.yaml
*.tgz
requirements-dev.yaml
values-dev.yaml

View file

@ -0,0 +1,11 @@
apiVersion: v1
appVersion: "1.0"
description: LBRY on Kubernetes with Helm
name: k8s-lbry
version: 0.1.1
maintainers:
- email: ryan@enigmacurry.com
name: EnigmaCurry
- email: leopere [at] nixc [dot] us
name: Leopere
home: https://github.com/lbryio/lbry-docker/tree/master/contrib/k8s-lbry

623
contrib/k8s-lbry/README.md Normal file
View file

@ -0,0 +1,623 @@
# LBRY on Kubernetes with Helm
Contributing Author: [EnigmaCurry](https://www.enigmacurry.com)
Last Update: May 6 2019
Deploy lbrycrd, lbrynet, chainquery, mysql, and spee.ch on your Kubernetes
cluster.
[![asciicast](https://asciinema.org/a/fkVzPW05vKFEjBXdDp6I81odA.svg)](https://asciinema.org/a/fkVzPW05vKFEjBXdDp6I81odA)
<!-- Regenerate Table of contents with markdown-toc npm library -->
<!-- run: npx markdown-toc -i README.md -->
<!-- toc -->
- [Requirements](#requirements)
- [Helm Charts](#helm-charts)
* [Tiller](#tiller)
* [nginx-ingress](#nginx-ingress)
* [cert-manager](#cert-manager)
* [k8s-lbry](#k8s-lbry)
* [lbrycrd](#lbrycrd)
* [chainquery](#chainquery)
+ [MySQL for chainquery](#mysql-for-chainquery)
+ [Start chainquery](#start-chainquery)
+ [Startup chainquery with a database snapshot](#startup-chainquery-with-a-database-snapshot)
* [lbrynet](#lbrynet)
+ [IMPORTANT - Backup your cluster wallet](#important---backup-your-cluster-wallet)
* [spee.ch](#speech)
+ [MySQL for speech](#mysql-for-speech)
+ [Configure Speech](#configure-speech)
- [TLS Support](#tls-support)
* [Assign DNS name(s) to your Load Balancer](#assign-dns-names-to-your-load-balancer)
* [Enable TLS](#enable-tls)
- [Improvements](#improvements)
<!-- tocstop -->
## Requirements
* A Kubernetes cluster with role-based access control (RBAC) enabled.
* This tutorial was tested on a fresh DigitalOcean managed cluster on nodes
with 8GB of RAM, on kubernetes 1.13.5.
* [kubectl command line
tool](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed on
your local development machine.
* Tested with kubectl v1.14.0
* [Helm command line tool](https://github.com/helm/helm/releases) installed on
your local development machine.
* Tested with helm v2.13.1
Your cloud provider should have instructions for setting up kubectl to talk to
your cluster. This usually involves downloading a config file and putting it in
`$HOME/.kube/config`. (The file has to be renamed `config` and put in the
`$HOME/.kube` directory.)
Note: If you want to download the cluster config to a location other than
`$HOME/.kube/config`, you can set the `KUBECONFIG` environment variable to the
full path of your config file, or create a symlink from your config file to
`$HOME/.kube/config`, or you can use the `--kubeconfig` parameter to both
`kubectl` and `helm` commands every time you use them.
Test that your kubectl can talk to your cluster, by querying for a list of running
nodes:
```
kubectl get nodes
```
If everything is working, you should see a list of one or more nodes running and
showing `STATUS=Ready`
## Helm Charts
This system is installed via [Helm](https://helm.sh/docs/), the package manager
for Kubernetes. [Helm Charts](https://helm.sh/docs/developing_charts/#charts)
are the basis for packages in Helm. This directory is a Helm chart itself.
### Tiller
Tiller is the cluster-side component of helm, and needs to be installed before
you can use helm with your cluster. Run the following to install tiller to your
cluster:
```
kubectl -n kube-system create serviceaccount tiller
kubectl create clusterrolebinding tiller --clusterrole cluster-admin \
--serviceaccount=kube-system:tiller
helm init --service-account tiller
helm repo update
```
Now you can use helm locally to install things to your remote cluster.
### nginx-ingress
An Ingress Controller
([nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress))
will help you to route outside internet traffic into your cluster. nginx-ingress
will also help terminate TLS connections (SSL) so that your containers don't
need to worry about encryption.
Install nginx-ingress, with HTTPs turned off initially:
```
helm install stable/nginx-ingress --name nginx-ingress \
--set nginx-ingress.controller.service.enableHttps=false
```
### cert-manager
[cert-manager](https://docs.cert-manager.io/en/latest/index.html) will provide
TLS certificates (SSL) for your cluster, using [Let's
Encrypt](https://letsencrypt.org/).
Install cert-manager:
```
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install --name cert-manager --namespace cert-manager jetstack/cert-manager --version v0.7.1
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"
```
### k8s-lbry
The k8s-lbry helm chart installs lbrycrd, chainquery, lbrynet, and mysql.
Wait for the Load Balancer to show an External IP:
```
kubectl get svc -l app=nginx-ingress,component=controller -w
```
Press Ctrl-C to quit once you see the External IP listed (and not `<pending>`).
Add the `k8s-lbry` helm repository:
```
helm repo add k8s-lbry https://k8s-lbry.sfo2.digitaloceanspaces.com
```
Create a directory to store your configuration file for `k8s-lbry`. You can
download the default configuration file for the helm chart
([values.yaml](values.yaml)):
```
VALUES=https://raw.githubusercontent.com/lbryio/lbry-docker/master/contrib/k8s-lbry/values.yaml
curl -Lo values.yaml $VALUES
```
`values.yaml` is your own configuration file for `k8s-lbry`. You will need it
everytime you need to update your deployment. Commit the file to a git
repository, or save it someplace safe.
Edit `values.yaml`, change the following things:
* Change `lbrycrd.configurationFile.lbrycrd.conf` at the bottom find
`externalip=` and set it equal to the External IP address of the Load
Balancer obtained above.
* Change `cert-manager-issuer.email` to your email address to receive notices
from Let's Encrypt. (Only used if you choose to enable TLS.)
* Change `echo-http-server.hostname` to any domain name you choose. (It must be
a real internet domain that you control, if you choose to enable TLS.)
Save `values.yaml`.
Now install `k8s-lbry`:
```
helm install -n k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
This will create a new helm release for your cluster called `k8s-lbry`, from the
helm repository called `k8s-lbry`, using the package named `k8s-lbry`, using the
local configuration file called `values.yaml`.
### lbrycrd
Find the lbrycrd pod to ensure it has started correctly:
```
kubectl get pods -l app=lbrycrd
```
Tail the logs (Press Ctrl-C to quit):
```
kubectl logs -f -l app=lbrycrd
```
You can use lbrycrd-cli from the running pod:
```
POD=`kubectl get pod -l app=lbrycrd -o name | sed s+pod/++` && \
kubectl exec $POD -- lbrycrd-cli -rpcuser=lbry -rpcpassword=lbry getinfo
```
Upgrade the nginx-ingress release to allow forwarding port 9246 to lbrycrd:
```
helm upgrade nginx-ingress stable/nginx-ingress \
--set tcp.9246="default/k8s-lbry-lbrycrd:9246"
```
Verify the port is now open (9246 listed under PORTS):
```
kubectl get svc nginx-ingress-controller
```
After your lbrycrd service has been online for awhile, check back with the
`lbrcrd-cli getinfo` command from above. You will know that nginx-ingress is
properly connected to lbrycrd if you see that the number of connections listed
is a number greater than 8.
### chainquery
#### MySQL for chainquery
[MySQL](https://github.com/helm/charts/tree/master/stable/mysql) is used as
the database chainquery talks to.
Edit `values.yaml` and set `chainquery-mysql.enabled` to `true`.
Upgrade the release to turn on mysql for chainquery:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
You can try logging into the mysql shell if you like (default password is
`chainquery`):
```
POD=`kubectl get pod -l app=k8s-lbry-chainquery-mysql -o name | sed s+pod/++` && \
kubectl exec -it $POD -- mysql -u chainquery -p
```
You can view the mysql logs:
```
kubectl logs -l app=k8s-lbry-chainquery-mysql -f
```
#### Start chainquery
Edit `values.yaml` and set `chainquery.enabled` to `true`.
Upgrade the release to turn on chainquery:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
You can view the chainquery logs:
```
kubectl logs -l app=chainquery -f
```
#### Startup chainquery with a database snapshot
If chainquery is starting with a blank MySQL database, it will take several days
to synchronize with the full lbycrd blockchain. If this is OK, you can just
watch the chainquery logs and wait for it to get to the [current block
height](https://explorer.lbry.io/).
If you cannot wait that long, you may start from a database snapshot to speed up
this process.
Delete the chainquery and mysql deployments:
```
kubectl delete deployments k8s-lbry-chainquery k8s-lbry-chainquery-mysql
```
The pods will automatically terminate.
The mysql data still exists in a PersistentVolumeClaim, `k8s-lbry-chainquery-mysql`. Check
that it still exists:
```
kubectl get pvc
```
There's an included script to start a utility container with a PersistentVolume
attached. Download the script:
```
SCRIPT=https://raw.githubusercontent.com/lbryio/lbry-docker/master/contrib/k8s-lbry/scripts/kubectl-run-with-pvc.sh
curl -Lo kubectl-run-with-pvc.sh $SCRIPT && chmod a+x kubectl-run-with-pvc.sh
```
Run the `kubectl-run-with-pvc` script, attaching the mysql PVC:
```
./kubectl-run-with-pvc.sh k8s-lbry-chainquery-mysql
```
Wait a second for the container to start, and you should then be placed into a
container shell, indicated by the shell prompt changing to the container's
prompt.
In the container shell, delete any existing mysql data from the volume:
```
rm /pvcs/k8s-lbry-chainquery-mysql/* -rf
```
Still in the container shell, download the backup and extract it to the volume:
```
apt update && apt install -y curl
BACKUP_URL=https://lbry-chainquery-mysql-dump.sfo2.digitaloceanspaces.com/chainquery_height_560900.mysql-backup.tar.gz
curl $BACKUP_URL | tar xvz -C /pvcs/k8s-lbry-chainquery-mysql/
```
Once the download and extraction completes, exit the container (or just press
Ctrl-D):
```
exit
```
Now back on your local shell, upgrade the release to re-create the mysql and
chainquery deployments:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
You can verify that the database now has data up to the height of the database
snapshot. Login to the mysql shell (password: `chainquery`):
```
POD=`kubectl get pod -l app=k8s-lbry-chainquery-mysql -o name | sed s+pod/++` && \
kubectl exec -it $POD -- mysql -u chainquery -p
```
Then query for the number of blocks:
```
mysql> select count(*) from chainquery.block;
+----------+
| count(*) |
+----------+
| 561034 |
+----------+
1 row in set (15.00 sec)
```
Also verify that chainquery is again happy. View the chainquery logs:
```
kubectl logs -l app=chainquery -f
```
### lbrynet
Edit `values.yaml` and set `lbrynet.enabled` to `true`.
Update the release to turn on lbrynet:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
You can view the lbrynet logs:
```
kubectl logs -l app=lbrynet -f
```
#### IMPORTANT - Backup your cluster wallet
The wallet is stored inside the `k8s-lbry-lbrynet` persistent volume.
Copy the wallet in case the volume gets destroyed:
```
WALLET=/home/lbrynet/.local/share/lbry/lbryum/wallets/default_wallet \
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
kubectl cp $POD:$WALLET /tmp/k8s-lbry-lbrynet-wallet-backup.json
```
Check the contents of `/tmp/k8s-lbry-lbrynet-wallet-backup.json` and move the
file to a safe place for backup (and delete this temporary file.)
Once your wallet is backed up, you can generate a receiving address in order to
deposit LBC:
```
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
kubectl exec $POD -- lbrynet address unused
```
### spee.ch
Note: Throughout this deployment, the unstylized name `speech` is used.
#### MySQL for speech
[MySQL](https://github.com/helm/charts/tree/master/stable/mysql) is used as
the database speech talks to.
Edit `values.yaml` and set `speech-mysql.enabled` to `true`.
Upgrade the release to turn on mysql for speech:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
You can try logging into the mysql shell if you like (default password is
`speech`):
```
POD=`kubectl get pod -l app=k8s-lbry-speech-mysql -o name | sed s+pod/++` && \
kubectl exec -it $POD -- mysql -u speech -p
```
You can view the mysql logs:
```
kubectl logs -l app=k8s-lbry-speech-mysql -f
```
#### Configure Speech
Before you can fully configure speech, you must fund your lbrynet wallet in the
`k8s-lbry-lbrynet` deployment. Check the lbrynet section for details on
generating a receiving address for your wallet, as well as backing up your
wallet.
Speech has a large configuration, all of which is found in `values.yaml`. The
most important settings to configure yourself are:
* `speech.enabled` - turns on/off the the speech deployment.
* `speech.service.hostname` - The external hostname for speech.
* `speech.persistence.size` - How large of a data directory for speech.
* `speech.auth.masterPassword`
* `speech.details`
* `speech.publishing.primaryClaimAddress`
* This can be retrieved from the lbrynet pod:
```
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
kubectl exec $POD -- lbrynet address list
```
* Copy the first address from the list. This is your `primaryClaimAddress`.
* `speech.publishing.publishOnlyApproved`
* `speech.publishing.approvedChannels`
* `speech.publishing.thumbnailChannel`
* In order to publish thumbnails, you must create a channel. There are many options in creation. See the help from the lbrynet command to list them all:
```
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
kubectl exec $POD -- lbrynet channel create --help
```
* For example, this will create the channel named `YourChannel`, bidding 1 LBC for the name:
```
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
kubectl exec $POD -- lbrynet channel create --name @YourChannel --bid 1.0
```
* Make sure that when you copy the channel name to `values.yaml` that you use double quotes surrounding the value for thumbnailChannel. This is because in YAML, the `@` symbol cannot be used without quotes. ie: `thumbnailChannel: "@YourChannel"`
* `speech.publishing.thumbnailChannelId`
* When you create the channel, listed in the `outputs` section, you will find
`claim_id`; this is the `thumbnailChannelId`. You can also retrieve this
information again by running `channel list`:
```
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
kubectl exec $POD -- lbrynet channel list
```
Once you've configured speech in `values.yaml`, upgrade the helm release to
apply the changes:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
Open your browser to the hostname specified in `speech.service.hostname` and
demo the site.
## TLS Support
Enabling TLS (SSL) for your cluster is optional, but it is useful if you are
going to expose any HTTP services externally.
### Assign DNS name(s) to your Load Balancer
The k8s-lbry chart started a Load Balancer as part of the Ingress Controller.
You can assign a DNS name to the Load Balancer External IP address.
Get the External IP of the Load Balancer:
```
kubectl get svc -l app=nginx-ingress,component=controller
```
Copy the External IP address shown. Update your DNS provider for your domain
accordingly, with a subdomain of your choice to point to the External IP address.
Edit `values.yaml` and set `echo-service.enabled` to `true`. Set
`echo-service.hostname` to the domain name you configued in your DNS.
Upgrade the release to turn on the echo-http-server:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
```
Verify that the DNS is setup correctly by using curl to the echo-http-server on
port 80:
```
curl http://echo.example.com
```
(Replace `echo.example.com` with the domain you used in `values.yaml`.)
You should see the word `echo` returned.
### Enable TLS
Once you've verified that DNS for your domain correctly routes to the
echo-http-server, upgrade the nginx-ingress release with HTTPs now turned on:
```
helm upgrade nginx-ingress stable/nginx-ingress \
--set nginx-ingress.controller.service.enableHttps=true
```
Upgrade the k8s-lbry release, turning on HTTPs for the echo-http-server:
```
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml --set echo-http-server.enableHttps=true
```
Check that HTTPs connection to the echo service is working:
```
curl https://echo.example.com
```
(Replace `echo.example.com` with the domain you used in `values.yaml`.)
You should see the word `echo` returned. However, it may take up to 5 minutes
for it to start to work.
Watch the cert-manager log:
```
kubectl logs --namespace cert-manager -l app=cert-manager -f
```
A successful certificate message would look like:
```
Certificate "echo-tls" for ingress "echo" is up to date
```
Retry the curl command until you get an `echo` response.
## Improvements
Beyond this point, there are several things one could do to improve this
configuration and harden for production.
* Secrets
* At this stage, all your configuration resides in `values.yaml`, including
passwords. You can seperate these secrets out of your config and put them into a
[Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
* [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
* [Helm Secrets](https://github.com/futuresimple/helm-secrets)
* Namespaces
* If you are using the cluster for things other than lbry, you should install
k8s-lbry into its own namespace. This will allow pods within the same
namespace to talk to eachother, but not to pods in other namespaces.
* Using a namespace in the introductory docs above, would have complicated
the (already complex) helm and kubectl commands, so they were omitted.
* Both helm and kubectl support the `--namespace` argument. You can translate
all the commands above, adding the `--namespace` argument.
For example, to install the k8s-lbry chart in its own `k8s-lbry` namespace:
```
## helm install RELEASE REPO/CHART --namespace NAMESPACE -f VALUES
helm install k8s-lbry k8s-lbry/k8s-lbry --namespace k8s-lbry -f values.yaml
```
And to look at pods in the `k8s-lbry` namespace:
```
kubectl get pods --namespace k8s-lbry
```

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: Install staging and production certificate issuers with Lets Encrypt ACME.
name: cert-manager-issuer
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "cert-manager-issuer.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "cert-manager-issuer.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "cert-manager-issuer.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,16 @@
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-prod
spec:
acme:
# The ACME server URL
server: https://acme-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: {{ .Values.email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-prod
# Enable the HTTP-01 challenge provider
http01: {}

View file

@ -0,0 +1,15 @@
apiVersion: certmanager.k8s.io/v1alpha1
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: {{ .Values.email }}
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable the HTTP-01 challenge provider
http01: {}

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "v0.0.0"
description: LBRY chainquery
name: chainquery
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "chainquery.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "chainquery.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chainquery.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,13 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "chainquery.fullname" . }}
labels:
app: {{ template "chainquery.name" . }}
chart: {{ template "chainquery.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{ toYaml .Values.configurationFile | indent 2 }}
{{- end }}

View file

@ -0,0 +1,61 @@
{{- if .Values.enabled }}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "chainquery.fullname" . }}
labels:
app: {{ template "chainquery.name" . }}
chart: {{ template "chainquery.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: {{ template "chainquery.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "chainquery.name" . }}
release: {{ .Release.Name }}
spec:
securityContext:
fsGroup: 1000
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.configurationFile }}
initContainers:
- name: copy-chainquery-config
image: busybox
command: ['sh', '-c', 'cp /configmap/chainqueryconfig.toml /etc/lbry/chainqueryconfig.toml']
volumeMounts:
- name: configmap
mountPath: /configmap
- name: config
mountPath: /etc/lbry
{{- end }}
containers:
- name: {{ template "chainquery.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
resources:
{{ toYaml .Values.resources | indent 10 }}
ports:
- name: port
containerPort: {{ .Values.service.port }}
volumeMounts:
{{- if .Values.configurationFile }}
- name: config
mountPath: /etc/lbry/chainqueryconfig.toml
subPath: chainqueryconfig.toml
{{- end }}
volumes:
{{- if .Values.configurationFile }}
- name: config
emptyDir: {}
- name: configmap
configMap:
name: {{ template "chainquery.fullname" . }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,19 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "chainquery.fullname" . }}
labels:
app: {{ template "chainquery.name" . }}
chart: {{ template "chainquery.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
ports:
- name: port
port: {{ .Values.service.port }}
targetPort: port
selector:
app: {{ template "chainquery.name" . }}
release: {{ .Release.Name }}
{{- end }}

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: An HTTP echo service
name: echo-http-server
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "echo-http-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "echo-http-server.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "echo-http-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,24 @@
{{- if .Values.enabled }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Values.service }}
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/issuer: {{ .Values.certificateIssuer }}
certmanager.k8s.io/acme-challenge-type: http01
spec:
{{ if .Values.enableHttps }}
tls:
- hosts:
- {{ .Values.hostname }}
secretName: {{ .Values.service }}-tls
{{ end }}
rules:
- host: {{ .Values.hostname }}
http:
paths:
- backend:
serviceName: {{ .Values.service }}
servicePort: 80
{{- end }}

View file

@ -0,0 +1,34 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.service }}
spec:
ports:
- port: 80
targetPort: 5678
selector:
app: {{ .Values.service }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.service }}
spec:
selector:
matchLabels:
app: {{ .Values.service }}
replicas: 2
template:
metadata:
labels:
app: {{ .Values.service }}
spec:
containers:
- name: {{ template "echo-http-server.fullname" . }}
image: hashicorp/http-echo
args:
- "-text={{ .Values.service }}"
ports:
- containerPort: 5678
{{- end }}

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: A socket echo service
name: echo-socket-server
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "echo-socket-server.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "echo-socket-server.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "echo-socket-server.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,33 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ .Values.service }}
spec:
ports:
- port: 8000
targetPort: 8000
selector:
app: {{ .Values.service }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ .Values.service }}
spec:
selector:
matchLabels:
app: {{ .Values.service }}
replicas: 2
template:
metadata:
labels:
app: {{ .Values.service }}
spec:
containers:
- name: {{ template "echo-socket-server.fullname" . }}
image: enigmacurry/echo-socket-server
ports:
- containerPort: 8000
{{- end }}

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "v0.0.0"
description: lbrycrd LBRY blockchain daemon
name: lbrycrd
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "lbrycrd.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "lbrycrd.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "lbrycrd.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,13 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "lbrycrd.fullname" . }}
labels:
app: {{ template "lbrycrd.name" . }}
chart: {{ template "lbrycrd.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{ toYaml .Values.configurationFile | indent 2 }}
{{- end }}

View file

@ -0,0 +1,78 @@
{{- if .Values.enabled }}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "lbrycrd.fullname" . }}
labels:
app: {{ template "lbrycrd.name" . }}
chart: {{ template "lbrycrd.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: {{ template "lbrycrd.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "lbrycrd.name" . }}
release: {{ .Release.Name }}
spec:
securityContext:
fsGroup: 1000
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.configurationFile }}
initContainers:
- name: copy-lbrycrd-config
image: busybox
command: ['sh', '-c', 'cp /configmap/lbrycrd.conf /etc/lbry/lbrycrd.conf']
volumeMounts:
- name: configmap
mountPath: /configmap
- name: config
mountPath: /etc/lbry
{{- end }}
containers:
- name: {{ template "lbrycrd.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: RUN_MODE
value: "default"
- name: PORT
value: "{{ .Values.service.port }}"
- name: RPC_PORT
value: "{{ .Values.service.rpcPort }}"
resources: {{ toYaml .Values.resources | indent 10 }}
ports:
- name: port
containerPort: {{ .Values.service.port }}
- name: rpc
containerPort: {{ .Values.service.rpcPort }}
volumeMounts:
- name: data
mountPath: /data
{{- if .Values.configurationFile }}
- name: config
mountPath: /etc/lbry/lbrycrd.conf
subPath: lbrycrd.conf
{{- end }}
volumes:
{{- if .Values.configurationFile }}
- name: config
emptyDir: {}
- name: configmap
configMap:
name: {{ template "lbrycrd.fullname" . }}
{{- end }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "lbrycrd.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}

View file

@ -0,0 +1,31 @@
{{- if .Values.enabled }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "lbrycrd.fullname" . }}
labels:
app: {{ template "lbrycrd.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,22 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "lbrycrd.fullname" . }}
labels:
app: {{ template "lbrycrd.name" . }}
chart: {{ template "lbrycrd.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
ports:
- name: port
port: {{ .Values.service.port }}
targetPort: port
- name: rpc
port: {{ .Values.service.rpcPort }}
targetPort: rpc
selector:
app: {{ template "lbrycrd.name" . }}
release: {{ .Release.Name }}
{{- end }}

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "v0.0.0"
description: LBRY lbrynet
name: lbrynet
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "lbrynet.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "lbrynet.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "lbrynet.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,15 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "lbrynet.fullname" . }}
labels:
app: {{ template "lbrynet.name" . }}
chart: {{ template "lbrynet.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{- with .Values.daemon_settings }}
daemon_settings.yml: {{ toYaml . | quote }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,76 @@
{{- if .Values.enabled }}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "lbrynet.fullname" . }}
labels:
app: {{ template "lbrynet.name" . }}
chart: {{ template "lbrynet.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: {{ template "lbrynet.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "lbrynet.name" . }}
release: {{ .Release.Name }}
spec:
securityContext:
fsGroup: 1000
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
{{- if .Values.daemon_settings }}
initContainers:
- name: copy-lbrynet-config
image: busybox
command: ['sh', '-c', 'cp /configmap/daemon_settings.yml /etc/lbry/daemon_settings.yml']
volumeMounts:
- name: configmap
mountPath: /configmap
- name: config
mountPath: /etc/lbry
{{- end }}
containers:
- name: {{ template "lbrynet.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
env:
- name: RUN_MODE
value: "default"
- name: PORT
value: "{{ .Values.service.port }}"
- name: RPC_PORT
value: "{{ .Values.service.rpcPort }}"
resources: {{ toYaml .Values.resources | indent 10 }}
ports:
- name: rpc
containerPort: {{ .Values.service.rpcPort }}
volumeMounts:
- name: lbrynet-home
mountPath: /home/lbrynet
{{- if .Values.daemon_settings }}
- name: config
mountPath: /etc/lbry/daemon_settings.yml
subPath: daemon_settings.yml
{{- end }}
volumes:
{{- if .Values.daemon_settings }}
- name: config
emptyDir: {}
- name: configmap
configMap:
name: {{ template "lbrynet.fullname" . }}
{{- end }}
- name: lbrynet-home
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "lbrynet.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}

View file

@ -0,0 +1,30 @@
{{- if .Values.enabled }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "lbrynet.fullname" . }}
labels:
app: {{ template "lbrynet.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,19 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "lbrynet.fullname" . }}
labels:
app: {{ template "lbrynet.name" . }}
chart: {{ template "lbrynet.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
ports:
- name: rpc
port: {{ .Values.service.rpcPort }}
targetPort: rpc
selector:
app: {{ template "lbrynet.name" . }}
release: {{ .Release.Name }}
{{- end }}

View file

@ -0,0 +1,22 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/

View file

@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "v0.0.0"
description: LBRY spee.ch
name: speech
version: 0.1.0

View file

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "speech.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "speech.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "speech.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

View file

@ -0,0 +1,33 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "speech.fullname" . }}
labels:
app: {{ template "speech.name" . }}
chart: {{ template "speech.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
data:
{{- with .Values.auth }}
authConfig.json: {{ toJson . | quote }}
{{- end }}
{{- with .Values.mysql }}
mysqlConfig.json: {{ toJson . | quote }}
{{- end }}
{{- with .Values.chainquery }}
chainqueryConfig.json: {{ toJson . | quote }}
{{- end }}
{{- with .Values.lbrynet }}
lbryConfig.json: {{ toJson . | quote }}
{{- end }}
{{- with .Values.site }}
siteConfig.json: {{ toJson . | quote }}
{{- end }}
{{- with .Values.logger }}
loggerConfig.json: {{ toJson . | quote }}
{{- end }}
{{- with .Values.slack }}
slackConfig.json: {{ toJson . | quote }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,68 @@
{{- if .Values.enabled }}
apiVersion: apps/v1beta2
kind: Deployment
metadata:
name: {{ template "speech.fullname" . }}
labels:
app: {{ template "speech.name" . }}
chart: {{ template "speech.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
strategy:
type: Recreate
selector:
matchLabels:
app: {{ template "speech.name" . }}
release: {{ .Release.Name }}
template:
metadata:
labels:
app: {{ template "speech.name" . }}
release: {{ .Release.Name }}
spec:
securityContext:
fsGroup: 1000
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
initContainers:
- name: copy-lbrycrd-config
image: busybox
command: ['sh', '-c', 'cp /configmap/chainqueryConfig.json /configmap/lbryConfig.json /configmap/loggerConfig.json /configmap/mysqlConfig.json /configmap/siteConfig.json /configmap/slackConfig.json /config && cp /configmap/authConfig.json /private']
volumeMounts:
- name: configmap
mountPath: /configmap
- name: config
mountPath: /config
- name: private
mountPath: /private
containers:
- name: {{ template "speech.fullname" . }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
resources: {{ toYaml .Values.resources | indent 10 }}
ports:
- name: port
containerPort: {{ .Values.service.port }}
volumeMounts:
- name: configmap
mountPath: /spee.ch/site/config
- name: private
mountPath: /spee.ch/site/private
- name: data
mountPath: /data
volumes:
- name: config
mountPath: /spee.ch/site/config
- name: private
mountPath: /spee.ch/site/private
- name: configmap
configMap:
name: {{ template "speech.fullname" . }}
- name: data
{{- if .Values.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.persistence.existingClaim | default (include "speech.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- end }}

View file

@ -0,0 +1,24 @@
{{- if .Values.enabled }}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ .Values.service.name }}
annotations:
kubernetes.io/ingress.class: nginx
certmanager.k8s.io/issuer: {{ .Values.service.certificateIssuer }}
certmanager.k8s.io/acme-challenge-type: http01
spec:
{{ if .Values.service.enableHttps }}
tls:
- hosts:
- {{ .Values.service.hostname }}
secretName: {{ .Values.service.name }}-tls
{{ end }}
rules:
- host: {{ .Values.service.hostname }}
http:
paths:
- backend:
serviceName: {{ .Values.service.name }}
servicePort: {{ .Values.service.port }}
{{- end }}

View file

@ -0,0 +1,31 @@
{{- if .Values.enabled }}
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "speech.fullname" . }}
labels:
app: {{ template "speech.name" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
{{- with .Values.persistence.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
accessModes:
- {{ .Values.persistence.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.size | quote }}
{{- if .Values.persistence.storageClass }}
{{- if (eq "-" .Values.persistence.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.storageClass }}"
{{- end }}
{{- end }}
{{- end }}
{{- end }}

View file

@ -0,0 +1,19 @@
{{- if .Values.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ template "speech.fullname" . }}
labels:
app: {{ template "speech.name" . }}
chart: {{ template "speech.chart" . }}
release: {{ .Release.Name }}
heritage: {{ .Release.Service }}
spec:
ports:
- name: port
port: {{ .Values.service.port }}
targetPort: port
selector:
app: {{ template "speech.name" . }}
release: {{ .Release.Name }}
{{- end }}

View file

@ -0,0 +1,12 @@
dependencies:
- name: percona
repository: https://kubernetes-charts.storage.googleapis.com
version: 0.3.5
- name: mysql
repository: https://kubernetes-charts.storage.googleapis.com
version: 0.19.0
- name: mysql
repository: https://kubernetes-charts.storage.googleapis.com
version: 0.19.0
digest: sha256:c97a2ebaa817e80a3c343e24befc75b133758c17438a5a520ecb0780aaa2ecef
generated: 2019-05-04T13:44:28.303905337-04:00

View file

@ -0,0 +1,15 @@
dependencies:
- name: percona
repository: "@stable"
version: 0.3.5
condition: percona.enabled,global.percona.enabled
- name: mysql
alias: chainquery-mysql
repository: "@stable"
version: 0.19.0
condition: chainquery-mysql.enabled,global.chainquery-mysql.enabled
- name: mysql
alias: speech-mysql
repository: "@stable"
version: 0.19.0
condition: speech-mysql.enabled,global.speech-mysql.enabled

View file

@ -0,0 +1,65 @@
#!/bin/bash
# From https://gist.github.com/yuanying/3aa7d59dcce65470804ab43def646ab6
IMAGE="ubuntu:18.04"
COMMAND="/bin/bash"
SUFFIX=$(date +%s | shasum | base64 | fold -w 10 | head -1 | tr '[:upper:]' '[:lower:]')
usage_exit() {
echo "Usage: $0 [-c command] [-i image] PVC ..." 1>&2
exit 1
}
if [ "$#" -ne 1 ]; then
usage_exit
fi
while getopts i:h OPT
do
case $OPT in
i) IMAGE=$OPTARG
;;
c) COMMAND=$OPTARG
;;
h) usage_exit
;;
\?) usage_exit
;;
esac
done
shift $(($OPTIND - 1))
VOL_MOUNTS=""
VOLS=""
COMMA=""
for i in $@
do
VOL_MOUNTS="${VOL_MOUNTS}${COMMA}{\"name\": \"${i}\",\"mountPath\": \"/pvcs/${i}\"}"
VOLS="${VOLS}${COMMA}{\"name\": \"${i}\",\"persistentVolumeClaim\": {\"claimName\": \"${i}\"}}"
COMMA=","
done
kubectl run -it --rm --restart=Never --image=${IMAGE} pvc-mounter-${SUFFIX} --overrides "
{
\"spec\": {
\"hostNetwork\": true,
\"containers\":[
{
\"args\": [\"${COMMAND}\"],
\"stdin\": true,
\"tty\": true,
\"name\": \"pvc\",
\"image\": \"${IMAGE}\",
\"volumeMounts\": [
${VOL_MOUNTS}
]
}
],
\"volumes\": [
${VOLS}
]
}
}
" -- ${COMMAND}

View file

@ -0,0 +1,20 @@
#!/bin/bash
## Build Helm package and upload to s3 repository
exe() { echo "\$ $@" ; "$@" ; }
# Work from the parent directory to this script:
cd `dirname "$0"` && cd ..
if s3cmd info s3://k8s-lbry > /dev/null; then
exe helm dependency update
exe helm package .
exe helm repo index .
exe s3cmd put --acl-public index.yaml k8s-lbry-*.tgz s3://k8s-lbry/
exe s3cmd put --acl-public charts/*.tgz s3://k8s-lbry/charts/
else
echo "s3cmd is not setup, run s3cmd --configure"
exit 1
fi

View file

@ -0,0 +1,263 @@
cert-manager-issuer:
# Enter your email address to receive important notices from Let's Encrypt:
email: "fred@example.com"
echo-http-server:
enabled: false
# Enter your domain name for the echo test service:
hostname: "echo.example.com"
service: echo-http-server
enableHttps: true
certificateIssuer: letsencrypt-prod
echo-socket-server:
enabled: false
service: echo-socket-server
lbrycrd:
enabled: true
image:
repository: lbry/lbrycrd
tag: linux-x86_64-production
pullPolicy: Always
service:
port: 9246
rpcPort: 9245
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 50Gi
annotations:
"helm.sh/resource-policy": keep
configurationFile:
lbrycrd.conf: |-
datadir=/data
rpcuser=lbry
rpcpassword=lbry
regtest=0
txindex=1
rpcallowip=10.244.0.0/16
server=1
listen=1
daemon=0
externalip=
chainquery-mysql:
nameOverride: chainquery-mysql
enabled: false
mysqlUser: chainquery
mysqlPassword: chainquery
mysqlDatabase: chainquery
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 100Gi
annotations:
"helm.sh/resource-policy": keep
chainquery:
enabled: false
image:
repository: lbry/chainquery
tag: linux-x86_64-production
pullPolicy: IfNotPresent
service:
port: 6300
configurationFile:
chainqueryconfig.toml: |-
lbrycrdurl="rpc://lbry:lbry@k8s-lbry-lbrycrd:9245"
mysqldsn="chainquery:chainquery@tcp(k8s-lbry-chainquery-mysql:3306)/chainquery"
apimysqldsn="chainquery:chainquery@tcp(k8s-lbry-chainquery-mysql:3306)/chainquery"
lbrynet:
enabled: false
image:
# repository: lbry/lbrynet
# tag: linux-x86_64-production
repository: enigmacurry/dump
tag: lbrynet
pullPolicy: Always
service:
rpcPort: 5279
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 10Gi
annotations:
"helm.sh/resource-policy": keep
daemon_settings:
api: 0.0.0.0:5279
use_upnp: false
auto_re_reflect_interval: 0
max_key_fee: {amount: 0, currency: LBC}
run_reflector_server: false
speech-mysql:
nameOverride: speech-mysql
enabled: false
mysqlUser: speech
mysqlPassword: speech
mysqlDatabase: speech
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 100Gi
annotations:
"helm.sh/resource-policy": keep
speech:
enabled: false
service:
name: k8s-lbry-speech
hostname: "speech.example.com"
port: 3000
enableHttps: true
certificateIssuer: letsencrypt-prod
image:
repository: enigmacurry/dump
tag: spee.ch
pullPolicy: Always
persistence:
enabled: true
accessMode: ReadWriteOnce
size: 20Gi
annotations:
"helm.sh/resource-policy": keep
auth:
masterPassword: speech
sessionKey: mysecretkeyword
mysql:
host: k8s-lbry-speech-mysql
database: speech
username: speech
password: speech
chainquery:
host: k8s-lbry-chainquery-mysql
port: 3306
timeout: 30
database: chainquery
username: chainquery
password: chainquery
lbrynet:
apiHost: k8s-lbry-lbrynet
apiPort: 5279
getTimeout: 30
logger:
logLevel: verbose
slack:
slackWebHook: false
slackErrorChannel: false
slackInfoChannel: false
site:
analytics:
googleId:
assetDefaults:
description: 'Default Content Description'
thumbnail: https://spee.ch/0e5d4e8f4086e13f5b9ca3f9648f518e5f524402/speechflag.png
title: 'Default Content Title'
details:
blockListEndpoint: https://api.lbry.com/file/list_blocked
description: 'A decentralized hosting platform built on LBRY'
host: https://www.example.com
ipAddress: ""
port: 3000
title: 'My Site'
twitter: false
publishing:
primaryClaimAddress:
additionalClaimAddresses: []
approvedChannels: []
channelClaimBidAmount: 0.1
closedRegistration: false
disabled: false
disabledMessage: 'Default publishing disabled message'
fileClaimBidAmount: 0.01
fileSizeLimits:
application: 50000000
audio: 50000000
customByContentType:
application/octet-stream: 50000000
image: 50000000
model: 50000000
text: 50000000
video: 50000000
publishOnlyApproved: false
publishingChannelWhitelist: []
serveOnlyApproved: false
thumbnailChannel:
thumbnailChannelId:
uploadDirectory: /data/Uploads
serving:
customFileExtensions:
application/x-mif: mif
application/x-pn-realaudio: ram
application/x-python-code: pyc
application/x-sgml: sgm
application/x-troff: roff
application/x-troff-man: man
application/x-troff-me: me
application/x-troff-ms: ms
image/pict: pct
model/stl: stl
text/x-go: go
text/x-python: py
text/xul: xul
dynamicFileSizing:
enabled: true
maxDimension: 2000
markdownSettings:
allowedTypesDescriptions: []
allowedTypesExample:
- 'see react-markdown docs'
- root
- text
- break
- paragraph
- emphasis
- strong
- thematicBreak
- blockquote
- delete
- link
- image
- linkReference
- imageReference
- table
- tableHead
- tableBody
- tableRow
- tableCell
- list
- listItem
- heading
- inlineCode
- code
- html
- parsedHtml
allowedTypesMain: []
escapeHtmlDescriptions: true
escapeHtmlMain: true
skipHtmlDescriptions: true
skipHtmlMain: true
startup:
performChecks: true
performUpdates: true
percona:
#### Prefer mysql over percona for now:
enabled: false
# mysqlUser: chainquery
# mysqlPassword: chainquery
# mysqlDatabase: chainquery
# persistence:
# enabled: true
# accessMode: ReadWriteOnce
# size: 100Gi
# resources:
# requests:
# memory: 1Gi
# cpu: 1