LBRY on Kubernetes with Helm
This commit is contained in:
parent
7def73d24c
commit
2849405dcc
50 changed files with 2100 additions and 0 deletions
4
contrib/k8s-lbry/.gitignore
vendored
Normal file
4
contrib/k8s-lbry/.gitignore
vendored
Normal file
|
@ -0,0 +1,4 @@
|
|||
index.yaml
|
||||
*.tgz
|
||||
requirements-dev.yaml
|
||||
values-dev.yaml
|
11
contrib/k8s-lbry/Chart.yaml
Normal file
11
contrib/k8s-lbry/Chart.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
apiVersion: v1
|
||||
appVersion: "1.0"
|
||||
description: LBRY on Kubernetes with Helm
|
||||
name: k8s-lbry
|
||||
version: 0.1.1
|
||||
maintainers:
|
||||
- email: ryan@enigmacurry.com
|
||||
name: EnigmaCurry
|
||||
- email: leopere [at] nixc [dot] us
|
||||
name: Leopere
|
||||
home: https://github.com/lbryio/lbry-docker/tree/master/contrib/k8s-lbry
|
623
contrib/k8s-lbry/README.md
Normal file
623
contrib/k8s-lbry/README.md
Normal file
|
@ -0,0 +1,623 @@
|
|||
# LBRY on Kubernetes with Helm
|
||||
|
||||
Contributing Author: [EnigmaCurry](https://www.enigmacurry.com)
|
||||
|
||||
Last Update: May 6 2019
|
||||
|
||||
Deploy lbrycrd, lbrynet, chainquery, mysql, and spee.ch on your Kubernetes
|
||||
cluster.
|
||||
|
||||
[![asciicast](https://asciinema.org/a/fkVzPW05vKFEjBXdDp6I81odA.svg)](https://asciinema.org/a/fkVzPW05vKFEjBXdDp6I81odA)
|
||||
|
||||
<!-- Regenerate Table of contents with markdown-toc npm library -->
|
||||
<!-- run: npx markdown-toc -i README.md -->
|
||||
|
||||
<!-- toc -->
|
||||
|
||||
- [Requirements](#requirements)
|
||||
- [Helm Charts](#helm-charts)
|
||||
* [Tiller](#tiller)
|
||||
* [nginx-ingress](#nginx-ingress)
|
||||
* [cert-manager](#cert-manager)
|
||||
* [k8s-lbry](#k8s-lbry)
|
||||
* [lbrycrd](#lbrycrd)
|
||||
* [chainquery](#chainquery)
|
||||
+ [MySQL for chainquery](#mysql-for-chainquery)
|
||||
+ [Start chainquery](#start-chainquery)
|
||||
+ [Startup chainquery with a database snapshot](#startup-chainquery-with-a-database-snapshot)
|
||||
* [lbrynet](#lbrynet)
|
||||
+ [IMPORTANT - Backup your cluster wallet](#important---backup-your-cluster-wallet)
|
||||
* [spee.ch](#speech)
|
||||
+ [MySQL for speech](#mysql-for-speech)
|
||||
+ [Configure Speech](#configure-speech)
|
||||
- [TLS Support](#tls-support)
|
||||
* [Assign DNS name(s) to your Load Balancer](#assign-dns-names-to-your-load-balancer)
|
||||
* [Enable TLS](#enable-tls)
|
||||
- [Improvements](#improvements)
|
||||
|
||||
<!-- tocstop -->
|
||||
|
||||
## Requirements
|
||||
|
||||
* A Kubernetes cluster with role-based access control (RBAC) enabled.
|
||||
* This tutorial was tested on a fresh DigitalOcean managed cluster on nodes
|
||||
with 8GB of RAM, on kubernetes 1.13.5.
|
||||
* [kubectl command line
|
||||
tool](https://kubernetes.io/docs/tasks/tools/install-kubectl/) installed on
|
||||
your local development machine.
|
||||
* Tested with kubectl v1.14.0
|
||||
* [Helm command line tool](https://github.com/helm/helm/releases) installed on
|
||||
your local development machine.
|
||||
* Tested with helm v2.13.1
|
||||
|
||||
Your cloud provider should have instructions for setting up kubectl to talk to
|
||||
your cluster. This usually involves downloading a config file and putting it in
|
||||
`$HOME/.kube/config`. (The file has to be renamed `config` and put in the
|
||||
`$HOME/.kube` directory.)
|
||||
|
||||
Note: If you want to download the cluster config to a location other than
|
||||
`$HOME/.kube/config`, you can set the `KUBECONFIG` environment variable to the
|
||||
full path of your config file, or create a symlink from your config file to
|
||||
`$HOME/.kube/config`, or you can use the `--kubeconfig` parameter to both
|
||||
`kubectl` and `helm` commands every time you use them.
|
||||
|
||||
Test that your kubectl can talk to your cluster, by querying for a list of running
|
||||
nodes:
|
||||
|
||||
```
|
||||
kubectl get nodes
|
||||
```
|
||||
|
||||
If everything is working, you should see a list of one or more nodes running and
|
||||
showing `STATUS=Ready`
|
||||
|
||||
## Helm Charts
|
||||
|
||||
This system is installed via [Helm](https://helm.sh/docs/), the package manager
|
||||
for Kubernetes. [Helm Charts](https://helm.sh/docs/developing_charts/#charts)
|
||||
are the basis for packages in Helm. This directory is a Helm chart itself.
|
||||
|
||||
### Tiller
|
||||
|
||||
Tiller is the cluster-side component of helm, and needs to be installed before
|
||||
you can use helm with your cluster. Run the following to install tiller to your
|
||||
cluster:
|
||||
|
||||
```
|
||||
kubectl -n kube-system create serviceaccount tiller
|
||||
|
||||
kubectl create clusterrolebinding tiller --clusterrole cluster-admin \
|
||||
--serviceaccount=kube-system:tiller
|
||||
|
||||
helm init --service-account tiller
|
||||
helm repo update
|
||||
```
|
||||
|
||||
Now you can use helm locally to install things to your remote cluster.
|
||||
|
||||
### nginx-ingress
|
||||
|
||||
An Ingress Controller
|
||||
([nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress))
|
||||
will help you to route outside internet traffic into your cluster. nginx-ingress
|
||||
will also help terminate TLS connections (SSL) so that your containers don't
|
||||
need to worry about encryption.
|
||||
|
||||
Install nginx-ingress, with HTTPs turned off initially:
|
||||
|
||||
```
|
||||
helm install stable/nginx-ingress --name nginx-ingress \
|
||||
--set nginx-ingress.controller.service.enableHttps=false
|
||||
```
|
||||
|
||||
### cert-manager
|
||||
|
||||
[cert-manager](https://docs.cert-manager.io/en/latest/index.html) will provide
|
||||
TLS certificates (SSL) for your cluster, using [Let's
|
||||
Encrypt](https://letsencrypt.org/).
|
||||
|
||||
Install cert-manager:
|
||||
|
||||
```
|
||||
kubectl apply -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.7/deploy/manifests/00-crds.yaml
|
||||
|
||||
helm repo add jetstack https://charts.jetstack.io
|
||||
helm repo update
|
||||
|
||||
helm install --name cert-manager --namespace cert-manager jetstack/cert-manager --version v0.7.1
|
||||
|
||||
kubectl label namespace cert-manager certmanager.k8s.io/disable-validation="true"
|
||||
```
|
||||
|
||||
### k8s-lbry
|
||||
|
||||
The k8s-lbry helm chart installs lbrycrd, chainquery, lbrynet, and mysql.
|
||||
|
||||
Wait for the Load Balancer to show an External IP:
|
||||
|
||||
```
|
||||
kubectl get svc -l app=nginx-ingress,component=controller -w
|
||||
```
|
||||
|
||||
Press Ctrl-C to quit once you see the External IP listed (and not `<pending>`).
|
||||
|
||||
Add the `k8s-lbry` helm repository:
|
||||
|
||||
```
|
||||
helm repo add k8s-lbry https://k8s-lbry.sfo2.digitaloceanspaces.com
|
||||
```
|
||||
|
||||
Create a directory to store your configuration file for `k8s-lbry`. You can
|
||||
download the default configuration file for the helm chart
|
||||
([values.yaml](values.yaml)):
|
||||
|
||||
```
|
||||
VALUES=https://raw.githubusercontent.com/lbryio/lbry-docker/master/contrib/k8s-lbry/values.yaml
|
||||
|
||||
curl -Lo values.yaml $VALUES
|
||||
```
|
||||
|
||||
`values.yaml` is your own configuration file for `k8s-lbry`. You will need it
|
||||
everytime you need to update your deployment. Commit the file to a git
|
||||
repository, or save it someplace safe.
|
||||
|
||||
Edit `values.yaml`, change the following things:
|
||||
|
||||
* Change `lbrycrd.configurationFile.lbrycrd.conf` at the bottom find
|
||||
`externalip=` and set it equal to the External IP address of the Load
|
||||
Balancer obtained above.
|
||||
* Change `cert-manager-issuer.email` to your email address to receive notices
|
||||
from Let's Encrypt. (Only used if you choose to enable TLS.)
|
||||
* Change `echo-http-server.hostname` to any domain name you choose. (It must be
|
||||
a real internet domain that you control, if you choose to enable TLS.)
|
||||
|
||||
Save `values.yaml`.
|
||||
|
||||
Now install `k8s-lbry`:
|
||||
|
||||
```
|
||||
helm install -n k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
This will create a new helm release for your cluster called `k8s-lbry`, from the
|
||||
helm repository called `k8s-lbry`, using the package named `k8s-lbry`, using the
|
||||
local configuration file called `values.yaml`.
|
||||
|
||||
### lbrycrd
|
||||
|
||||
Find the lbrycrd pod to ensure it has started correctly:
|
||||
|
||||
```
|
||||
kubectl get pods -l app=lbrycrd
|
||||
```
|
||||
|
||||
Tail the logs (Press Ctrl-C to quit):
|
||||
|
||||
```
|
||||
kubectl logs -f -l app=lbrycrd
|
||||
```
|
||||
|
||||
You can use lbrycrd-cli from the running pod:
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=lbrycrd -o name | sed s+pod/++` && \
|
||||
kubectl exec $POD -- lbrycrd-cli -rpcuser=lbry -rpcpassword=lbry getinfo
|
||||
```
|
||||
|
||||
Upgrade the nginx-ingress release to allow forwarding port 9246 to lbrycrd:
|
||||
|
||||
```
|
||||
helm upgrade nginx-ingress stable/nginx-ingress \
|
||||
--set tcp.9246="default/k8s-lbry-lbrycrd:9246"
|
||||
```
|
||||
|
||||
Verify the port is now open (9246 listed under PORTS):
|
||||
|
||||
```
|
||||
kubectl get svc nginx-ingress-controller
|
||||
```
|
||||
|
||||
After your lbrycrd service has been online for awhile, check back with the
|
||||
`lbrcrd-cli getinfo` command from above. You will know that nginx-ingress is
|
||||
properly connected to lbrycrd if you see that the number of connections listed
|
||||
is a number greater than 8.
|
||||
|
||||
### chainquery
|
||||
|
||||
#### MySQL for chainquery
|
||||
[MySQL](https://github.com/helm/charts/tree/master/stable/mysql) is used as
|
||||
the database chainquery talks to.
|
||||
|
||||
Edit `values.yaml` and set `chainquery-mysql.enabled` to `true`.
|
||||
|
||||
Upgrade the release to turn on mysql for chainquery:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
You can try logging into the mysql shell if you like (default password is
|
||||
`chainquery`):
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=k8s-lbry-chainquery-mysql -o name | sed s+pod/++` && \
|
||||
kubectl exec -it $POD -- mysql -u chainquery -p
|
||||
```
|
||||
|
||||
You can view the mysql logs:
|
||||
|
||||
```
|
||||
kubectl logs -l app=k8s-lbry-chainquery-mysql -f
|
||||
```
|
||||
|
||||
#### Start chainquery
|
||||
|
||||
Edit `values.yaml` and set `chainquery.enabled` to `true`.
|
||||
|
||||
Upgrade the release to turn on chainquery:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
You can view the chainquery logs:
|
||||
|
||||
```
|
||||
kubectl logs -l app=chainquery -f
|
||||
```
|
||||
|
||||
#### Startup chainquery with a database snapshot
|
||||
|
||||
If chainquery is starting with a blank MySQL database, it will take several days
|
||||
to synchronize with the full lbycrd blockchain. If this is OK, you can just
|
||||
watch the chainquery logs and wait for it to get to the [current block
|
||||
height](https://explorer.lbry.io/).
|
||||
|
||||
If you cannot wait that long, you may start from a database snapshot to speed up
|
||||
this process.
|
||||
|
||||
Delete the chainquery and mysql deployments:
|
||||
|
||||
```
|
||||
kubectl delete deployments k8s-lbry-chainquery k8s-lbry-chainquery-mysql
|
||||
```
|
||||
|
||||
The pods will automatically terminate.
|
||||
|
||||
The mysql data still exists in a PersistentVolumeClaim, `k8s-lbry-chainquery-mysql`. Check
|
||||
that it still exists:
|
||||
|
||||
```
|
||||
kubectl get pvc
|
||||
```
|
||||
|
||||
There's an included script to start a utility container with a PersistentVolume
|
||||
attached. Download the script:
|
||||
|
||||
```
|
||||
SCRIPT=https://raw.githubusercontent.com/lbryio/lbry-docker/master/contrib/k8s-lbry/scripts/kubectl-run-with-pvc.sh
|
||||
|
||||
curl -Lo kubectl-run-with-pvc.sh $SCRIPT && chmod a+x kubectl-run-with-pvc.sh
|
||||
```
|
||||
|
||||
Run the `kubectl-run-with-pvc` script, attaching the mysql PVC:
|
||||
|
||||
```
|
||||
./kubectl-run-with-pvc.sh k8s-lbry-chainquery-mysql
|
||||
```
|
||||
|
||||
Wait a second for the container to start, and you should then be placed into a
|
||||
container shell, indicated by the shell prompt changing to the container's
|
||||
prompt.
|
||||
|
||||
In the container shell, delete any existing mysql data from the volume:
|
||||
|
||||
```
|
||||
rm /pvcs/k8s-lbry-chainquery-mysql/* -rf
|
||||
```
|
||||
|
||||
Still in the container shell, download the backup and extract it to the volume:
|
||||
|
||||
```
|
||||
apt update && apt install -y curl
|
||||
|
||||
BACKUP_URL=https://lbry-chainquery-mysql-dump.sfo2.digitaloceanspaces.com/chainquery_height_560900.mysql-backup.tar.gz
|
||||
curl $BACKUP_URL | tar xvz -C /pvcs/k8s-lbry-chainquery-mysql/
|
||||
```
|
||||
|
||||
Once the download and extraction completes, exit the container (or just press
|
||||
Ctrl-D):
|
||||
|
||||
```
|
||||
exit
|
||||
```
|
||||
|
||||
Now back on your local shell, upgrade the release to re-create the mysql and
|
||||
chainquery deployments:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
You can verify that the database now has data up to the height of the database
|
||||
snapshot. Login to the mysql shell (password: `chainquery`):
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=k8s-lbry-chainquery-mysql -o name | sed s+pod/++` && \
|
||||
kubectl exec -it $POD -- mysql -u chainquery -p
|
||||
```
|
||||
|
||||
Then query for the number of blocks:
|
||||
|
||||
```
|
||||
mysql> select count(*) from chainquery.block;
|
||||
+----------+
|
||||
| count(*) |
|
||||
+----------+
|
||||
| 561034 |
|
||||
+----------+
|
||||
1 row in set (15.00 sec)
|
||||
```
|
||||
|
||||
Also verify that chainquery is again happy. View the chainquery logs:
|
||||
|
||||
```
|
||||
kubectl logs -l app=chainquery -f
|
||||
```
|
||||
|
||||
### lbrynet
|
||||
|
||||
Edit `values.yaml` and set `lbrynet.enabled` to `true`.
|
||||
|
||||
Update the release to turn on lbrynet:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
You can view the lbrynet logs:
|
||||
|
||||
```
|
||||
kubectl logs -l app=lbrynet -f
|
||||
```
|
||||
|
||||
#### IMPORTANT - Backup your cluster wallet
|
||||
|
||||
The wallet is stored inside the `k8s-lbry-lbrynet` persistent volume.
|
||||
|
||||
Copy the wallet in case the volume gets destroyed:
|
||||
|
||||
```
|
||||
WALLET=/home/lbrynet/.local/share/lbry/lbryum/wallets/default_wallet \
|
||||
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
|
||||
kubectl cp $POD:$WALLET /tmp/k8s-lbry-lbrynet-wallet-backup.json
|
||||
```
|
||||
|
||||
Check the contents of `/tmp/k8s-lbry-lbrynet-wallet-backup.json` and move the
|
||||
file to a safe place for backup (and delete this temporary file.)
|
||||
|
||||
Once your wallet is backed up, you can generate a receiving address in order to
|
||||
deposit LBC:
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
|
||||
kubectl exec $POD -- lbrynet address unused
|
||||
```
|
||||
|
||||
### spee.ch
|
||||
|
||||
Note: Throughout this deployment, the unstylized name `speech` is used.
|
||||
|
||||
#### MySQL for speech
|
||||
[MySQL](https://github.com/helm/charts/tree/master/stable/mysql) is used as
|
||||
the database speech talks to.
|
||||
|
||||
Edit `values.yaml` and set `speech-mysql.enabled` to `true`.
|
||||
|
||||
Upgrade the release to turn on mysql for speech:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
You can try logging into the mysql shell if you like (default password is
|
||||
`speech`):
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=k8s-lbry-speech-mysql -o name | sed s+pod/++` && \
|
||||
kubectl exec -it $POD -- mysql -u speech -p
|
||||
```
|
||||
|
||||
You can view the mysql logs:
|
||||
|
||||
```
|
||||
kubectl logs -l app=k8s-lbry-speech-mysql -f
|
||||
```
|
||||
|
||||
#### Configure Speech
|
||||
|
||||
Before you can fully configure speech, you must fund your lbrynet wallet in the
|
||||
`k8s-lbry-lbrynet` deployment. Check the lbrynet section for details on
|
||||
generating a receiving address for your wallet, as well as backing up your
|
||||
wallet.
|
||||
|
||||
Speech has a large configuration, all of which is found in `values.yaml`. The
|
||||
most important settings to configure yourself are:
|
||||
|
||||
* `speech.enabled` - turns on/off the the speech deployment.
|
||||
* `speech.service.hostname` - The external hostname for speech.
|
||||
* `speech.persistence.size` - How large of a data directory for speech.
|
||||
* `speech.auth.masterPassword`
|
||||
* `speech.details`
|
||||
* `speech.publishing.primaryClaimAddress`
|
||||
|
||||
* This can be retrieved from the lbrynet pod:
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
|
||||
kubectl exec $POD -- lbrynet address list
|
||||
```
|
||||
|
||||
* Copy the first address from the list. This is your `primaryClaimAddress`.
|
||||
|
||||
* `speech.publishing.publishOnlyApproved`
|
||||
* `speech.publishing.approvedChannels`
|
||||
* `speech.publishing.thumbnailChannel`
|
||||
|
||||
* In order to publish thumbnails, you must create a channel. There are many options in creation. See the help from the lbrynet command to list them all:
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
|
||||
kubectl exec $POD -- lbrynet channel create --help
|
||||
```
|
||||
|
||||
* For example, this will create the channel named `YourChannel`, bidding 1 LBC for the name:
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
|
||||
kubectl exec $POD -- lbrynet channel create --name @YourChannel --bid 1.0
|
||||
```
|
||||
|
||||
* Make sure that when you copy the channel name to `values.yaml` that you use double quotes surrounding the value for thumbnailChannel. This is because in YAML, the `@` symbol cannot be used without quotes. ie: `thumbnailChannel: "@YourChannel"`
|
||||
|
||||
* `speech.publishing.thumbnailChannelId`
|
||||
|
||||
* When you create the channel, listed in the `outputs` section, you will find
|
||||
`claim_id`; this is the `thumbnailChannelId`. You can also retrieve this
|
||||
information again by running `channel list`:
|
||||
|
||||
```
|
||||
POD=`kubectl get pod -l app=lbrynet -o name | sed s+pod/++` && \
|
||||
kubectl exec $POD -- lbrynet channel list
|
||||
```
|
||||
|
||||
Once you've configured speech in `values.yaml`, upgrade the helm release to
|
||||
apply the changes:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
Open your browser to the hostname specified in `speech.service.hostname` and
|
||||
demo the site.
|
||||
|
||||
## TLS Support
|
||||
|
||||
Enabling TLS (SSL) for your cluster is optional, but it is useful if you are
|
||||
going to expose any HTTP services externally.
|
||||
|
||||
### Assign DNS name(s) to your Load Balancer
|
||||
|
||||
The k8s-lbry chart started a Load Balancer as part of the Ingress Controller.
|
||||
You can assign a DNS name to the Load Balancer External IP address.
|
||||
|
||||
Get the External IP of the Load Balancer:
|
||||
|
||||
```
|
||||
kubectl get svc -l app=nginx-ingress,component=controller
|
||||
```
|
||||
|
||||
Copy the External IP address shown. Update your DNS provider for your domain
|
||||
accordingly, with a subdomain of your choice to point to the External IP address.
|
||||
|
||||
Edit `values.yaml` and set `echo-service.enabled` to `true`. Set
|
||||
`echo-service.hostname` to the domain name you configued in your DNS.
|
||||
|
||||
Upgrade the release to turn on the echo-http-server:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
Verify that the DNS is setup correctly by using curl to the echo-http-server on
|
||||
port 80:
|
||||
|
||||
```
|
||||
curl http://echo.example.com
|
||||
```
|
||||
|
||||
(Replace `echo.example.com` with the domain you used in `values.yaml`.)
|
||||
|
||||
You should see the word `echo` returned.
|
||||
|
||||
|
||||
### Enable TLS
|
||||
|
||||
Once you've verified that DNS for your domain correctly routes to the
|
||||
echo-http-server, upgrade the nginx-ingress release with HTTPs now turned on:
|
||||
|
||||
```
|
||||
helm upgrade nginx-ingress stable/nginx-ingress \
|
||||
--set nginx-ingress.controller.service.enableHttps=true
|
||||
```
|
||||
|
||||
Upgrade the k8s-lbry release, turning on HTTPs for the echo-http-server:
|
||||
|
||||
```
|
||||
helm upgrade k8s-lbry k8s-lbry/k8s-lbry -f values.yaml --set echo-http-server.enableHttps=true
|
||||
```
|
||||
|
||||
Check that HTTPs connection to the echo service is working:
|
||||
|
||||
```
|
||||
curl https://echo.example.com
|
||||
```
|
||||
|
||||
(Replace `echo.example.com` with the domain you used in `values.yaml`.)
|
||||
|
||||
You should see the word `echo` returned. However, it may take up to 5 minutes
|
||||
for it to start to work.
|
||||
|
||||
Watch the cert-manager log:
|
||||
|
||||
```
|
||||
kubectl logs --namespace cert-manager -l app=cert-manager -f
|
||||
```
|
||||
|
||||
A successful certificate message would look like:
|
||||
|
||||
```
|
||||
Certificate "echo-tls" for ingress "echo" is up to date
|
||||
```
|
||||
|
||||
Retry the curl command until you get an `echo` response.
|
||||
|
||||
## Improvements
|
||||
|
||||
Beyond this point, there are several things one could do to improve this
|
||||
configuration and harden for production.
|
||||
|
||||
* Secrets
|
||||
|
||||
* At this stage, all your configuration resides in `values.yaml`, including
|
||||
passwords. You can seperate these secrets out of your config and put them into a
|
||||
[Kubernetes Secret](https://kubernetes.io/docs/concepts/configuration/secret/).
|
||||
|
||||
* [Sealed Secrets](https://github.com/bitnami-labs/sealed-secrets)
|
||||
|
||||
* [Helm Secrets](https://github.com/futuresimple/helm-secrets)
|
||||
|
||||
* Namespaces
|
||||
|
||||
* If you are using the cluster for things other than lbry, you should install
|
||||
k8s-lbry into its own namespace. This will allow pods within the same
|
||||
namespace to talk to eachother, but not to pods in other namespaces.
|
||||
|
||||
* Using a namespace in the introductory docs above, would have complicated
|
||||
the (already complex) helm and kubectl commands, so they were omitted.
|
||||
|
||||
* Both helm and kubectl support the `--namespace` argument. You can translate
|
||||
all the commands above, adding the `--namespace` argument.
|
||||
|
||||
For example, to install the k8s-lbry chart in its own `k8s-lbry` namespace:
|
||||
|
||||
```
|
||||
## helm install RELEASE REPO/CHART --namespace NAMESPACE -f VALUES
|
||||
helm install k8s-lbry k8s-lbry/k8s-lbry --namespace k8s-lbry -f values.yaml
|
||||
```
|
||||
|
||||
And to look at pods in the `k8s-lbry` namespace:
|
||||
|
||||
```
|
||||
kubectl get pods --namespace k8s-lbry
|
||||
```
|
22
contrib/k8s-lbry/charts/cert-manager-issuer/.helmignore
Normal file
22
contrib/k8s-lbry/charts/cert-manager-issuer/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/cert-manager-issuer/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/cert-manager-issuer/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "1.0"
|
||||
description: Install staging and production certificate issuers with Lets Encrypt ACME.
|
||||
name: cert-manager-issuer
|
||||
version: 0.1.0
|
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "cert-manager-issuer.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "cert-manager-issuer.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "cert-manager-issuer.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,16 @@
|
|||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-prod
|
||||
spec:
|
||||
acme:
|
||||
# The ACME server URL
|
||||
server: https://acme-v02.api.letsencrypt.org/directory
|
||||
# Email address used for ACME registration
|
||||
email: {{ .Values.email }}
|
||||
# Name of a secret used to store the ACME account private key
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-prod
|
||||
# Enable the HTTP-01 challenge provider
|
||||
http01: {}
|
||||
|
|
@ -0,0 +1,15 @@
|
|||
apiVersion: certmanager.k8s.io/v1alpha1
|
||||
kind: Issuer
|
||||
metadata:
|
||||
name: letsencrypt-staging
|
||||
spec:
|
||||
acme:
|
||||
# The ACME server URL
|
||||
server: https://acme-staging-v02.api.letsencrypt.org/directory
|
||||
# Email address used for ACME registration
|
||||
email: {{ .Values.email }}
|
||||
# Name of a secret used to store the ACME account private key
|
||||
privateKeySecretRef:
|
||||
name: letsencrypt-staging
|
||||
# Enable the HTTP-01 challenge provider
|
||||
http01: {}
|
22
contrib/k8s-lbry/charts/chainquery/.helmignore
Normal file
22
contrib/k8s-lbry/charts/chainquery/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/chainquery/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/chainquery/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "v0.0.0"
|
||||
description: LBRY chainquery
|
||||
name: chainquery
|
||||
version: 0.1.0
|
32
contrib/k8s-lbry/charts/chainquery/templates/_helpers.tpl
Normal file
32
contrib/k8s-lbry/charts/chainquery/templates/_helpers.tpl
Normal file
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "chainquery.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "chainquery.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "chainquery.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
13
contrib/k8s-lbry/charts/chainquery/templates/configmap.yaml
Normal file
13
contrib/k8s-lbry/charts/chainquery/templates/configmap.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "chainquery.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "chainquery.name" . }}
|
||||
chart: {{ template "chainquery.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
{{ toYaml .Values.configurationFile | indent 2 }}
|
||||
{{- end }}
|
|
@ -0,0 +1,61 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "chainquery.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "chainquery.name" . }}
|
||||
chart: {{ template "chainquery.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "chainquery.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "chainquery.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||
{{- if .Values.configurationFile }}
|
||||
initContainers:
|
||||
- name: copy-chainquery-config
|
||||
image: busybox
|
||||
command: ['sh', '-c', 'cp /configmap/chainqueryconfig.toml /etc/lbry/chainqueryconfig.toml']
|
||||
volumeMounts:
|
||||
- name: configmap
|
||||
mountPath: /configmap
|
||||
- name: config
|
||||
mountPath: /etc/lbry
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "chainquery.fullname" . }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
resources:
|
||||
{{ toYaml .Values.resources | indent 10 }}
|
||||
ports:
|
||||
- name: port
|
||||
containerPort: {{ .Values.service.port }}
|
||||
volumeMounts:
|
||||
{{- if .Values.configurationFile }}
|
||||
- name: config
|
||||
mountPath: /etc/lbry/chainqueryconfig.toml
|
||||
subPath: chainqueryconfig.toml
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.configurationFile }}
|
||||
- name: config
|
||||
emptyDir: {}
|
||||
- name: configmap
|
||||
configMap:
|
||||
name: {{ template "chainquery.fullname" . }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
contrib/k8s-lbry/charts/chainquery/templates/service.yaml
Normal file
19
contrib/k8s-lbry/charts/chainquery/templates/service.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "chainquery.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "chainquery.name" . }}
|
||||
chart: {{ template "chainquery.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
ports:
|
||||
- name: port
|
||||
port: {{ .Values.service.port }}
|
||||
targetPort: port
|
||||
selector:
|
||||
app: {{ template "chainquery.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
22
contrib/k8s-lbry/charts/echo-http-server/.helmignore
Normal file
22
contrib/k8s-lbry/charts/echo-http-server/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/echo-http-server/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/echo-http-server/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "1.0"
|
||||
description: An HTTP echo service
|
||||
name: echo-http-server
|
||||
version: 0.1.0
|
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "echo-http-server.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "echo-http-server.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "echo-http-server.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,24 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Values.service }}
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
certmanager.k8s.io/issuer: {{ .Values.certificateIssuer }}
|
||||
certmanager.k8s.io/acme-challenge-type: http01
|
||||
spec:
|
||||
{{ if .Values.enableHttps }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.hostname }}
|
||||
secretName: {{ .Values.service }}-tls
|
||||
{{ end }}
|
||||
rules:
|
||||
- host: {{ .Values.hostname }}
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: {{ .Values.service }}
|
||||
servicePort: 80
|
||||
{{- end }}
|
|
@ -0,0 +1,34 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ .Values.service }}
|
||||
spec:
|
||||
ports:
|
||||
- port: 80
|
||||
targetPort: 5678
|
||||
selector:
|
||||
app: {{ .Values.service }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ .Values.service }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .Values.service }}
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ .Values.service }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ template "echo-http-server.fullname" . }}
|
||||
image: hashicorp/http-echo
|
||||
args:
|
||||
- "-text={{ .Values.service }}"
|
||||
ports:
|
||||
- containerPort: 5678
|
||||
{{- end }}
|
22
contrib/k8s-lbry/charts/echo-socket-server/.helmignore
Normal file
22
contrib/k8s-lbry/charts/echo-socket-server/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/echo-socket-server/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/echo-socket-server/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "1.0"
|
||||
description: A socket echo service
|
||||
name: echo-socket-server
|
||||
version: 0.1.0
|
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "echo-socket-server.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "echo-socket-server.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "echo-socket-server.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
|
@ -0,0 +1,33 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ .Values.service }}
|
||||
spec:
|
||||
ports:
|
||||
- port: 8000
|
||||
targetPort: 8000
|
||||
selector:
|
||||
app: {{ .Values.service }}
|
||||
---
|
||||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ .Values.service }}
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ .Values.service }}
|
||||
replicas: 2
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ .Values.service }}
|
||||
spec:
|
||||
containers:
|
||||
- name: {{ template "echo-socket-server.fullname" . }}
|
||||
image: enigmacurry/echo-socket-server
|
||||
ports:
|
||||
- containerPort: 8000
|
||||
{{- end }}
|
||||
|
22
contrib/k8s-lbry/charts/lbrycrd/.helmignore
Normal file
22
contrib/k8s-lbry/charts/lbrycrd/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/lbrycrd/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/lbrycrd/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "v0.0.0"
|
||||
description: lbrycrd LBRY blockchain daemon
|
||||
name: lbrycrd
|
||||
version: 0.1.0
|
32
contrib/k8s-lbry/charts/lbrycrd/templates/_helpers.tpl
Normal file
32
contrib/k8s-lbry/charts/lbrycrd/templates/_helpers.tpl
Normal file
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "lbrycrd.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "lbrycrd.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "lbrycrd.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
13
contrib/k8s-lbry/charts/lbrycrd/templates/configmap.yaml
Normal file
13
contrib/k8s-lbry/charts/lbrycrd/templates/configmap.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "lbrycrd.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
chart: {{ template "lbrycrd.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
{{ toYaml .Values.configurationFile | indent 2 }}
|
||||
{{- end }}
|
78
contrib/k8s-lbry/charts/lbrycrd/templates/deployments.yaml
Normal file
78
contrib/k8s-lbry/charts/lbrycrd/templates/deployments.yaml
Normal file
|
@ -0,0 +1,78 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "lbrycrd.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
chart: {{ template "lbrycrd.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||
{{- if .Values.configurationFile }}
|
||||
initContainers:
|
||||
- name: copy-lbrycrd-config
|
||||
image: busybox
|
||||
command: ['sh', '-c', 'cp /configmap/lbrycrd.conf /etc/lbry/lbrycrd.conf']
|
||||
volumeMounts:
|
||||
- name: configmap
|
||||
mountPath: /configmap
|
||||
- name: config
|
||||
mountPath: /etc/lbry
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "lbrycrd.fullname" . }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
env:
|
||||
- name: RUN_MODE
|
||||
value: "default"
|
||||
- name: PORT
|
||||
value: "{{ .Values.service.port }}"
|
||||
- name: RPC_PORT
|
||||
value: "{{ .Values.service.rpcPort }}"
|
||||
resources: {{ toYaml .Values.resources | indent 10 }}
|
||||
ports:
|
||||
- name: port
|
||||
containerPort: {{ .Values.service.port }}
|
||||
- name: rpc
|
||||
containerPort: {{ .Values.service.rpcPort }}
|
||||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
{{- if .Values.configurationFile }}
|
||||
- name: config
|
||||
mountPath: /etc/lbry/lbrycrd.conf
|
||||
subPath: lbrycrd.conf
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.configurationFile }}
|
||||
- name: config
|
||||
emptyDir: {}
|
||||
- name: configmap
|
||||
configMap:
|
||||
name: {{ template "lbrycrd.fullname" . }}
|
||||
{{- end }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default (include "lbrycrd.fullname" .) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
31
contrib/k8s-lbry/charts/lbrycrd/templates/pvc.yaml
Normal file
31
contrib/k8s-lbry/charts/lbrycrd/templates/pvc.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
{{- if .Values.enabled }}
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "lbrycrd.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
{{- with .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
22
contrib/k8s-lbry/charts/lbrycrd/templates/service.yaml
Normal file
22
contrib/k8s-lbry/charts/lbrycrd/templates/service.yaml
Normal file
|
@ -0,0 +1,22 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "lbrycrd.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
chart: {{ template "lbrycrd.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
ports:
|
||||
- name: port
|
||||
port: {{ .Values.service.port }}
|
||||
targetPort: port
|
||||
- name: rpc
|
||||
port: {{ .Values.service.rpcPort }}
|
||||
targetPort: rpc
|
||||
selector:
|
||||
app: {{ template "lbrycrd.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
22
contrib/k8s-lbry/charts/lbrynet/.helmignore
Normal file
22
contrib/k8s-lbry/charts/lbrynet/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/lbrynet/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/lbrynet/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "v0.0.0"
|
||||
description: LBRY lbrynet
|
||||
name: lbrynet
|
||||
version: 0.1.0
|
32
contrib/k8s-lbry/charts/lbrynet/templates/_helpers.tpl
Normal file
32
contrib/k8s-lbry/charts/lbrynet/templates/_helpers.tpl
Normal file
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "lbrynet.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "lbrynet.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "lbrynet.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
15
contrib/k8s-lbry/charts/lbrynet/templates/configmap.yaml
Normal file
15
contrib/k8s-lbry/charts/lbrynet/templates/configmap.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "lbrynet.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
chart: {{ template "lbrynet.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
{{- with .Values.daemon_settings }}
|
||||
daemon_settings.yml: {{ toYaml . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
76
contrib/k8s-lbry/charts/lbrynet/templates/deployments.yaml
Normal file
76
contrib/k8s-lbry/charts/lbrynet/templates/deployments.yaml
Normal file
|
@ -0,0 +1,76 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "lbrynet.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
chart: {{ template "lbrynet.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||
{{- if .Values.daemon_settings }}
|
||||
initContainers:
|
||||
- name: copy-lbrynet-config
|
||||
image: busybox
|
||||
command: ['sh', '-c', 'cp /configmap/daemon_settings.yml /etc/lbry/daemon_settings.yml']
|
||||
volumeMounts:
|
||||
- name: configmap
|
||||
mountPath: /configmap
|
||||
- name: config
|
||||
mountPath: /etc/lbry
|
||||
{{- end }}
|
||||
containers:
|
||||
- name: {{ template "lbrynet.fullname" . }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
env:
|
||||
- name: RUN_MODE
|
||||
value: "default"
|
||||
- name: PORT
|
||||
value: "{{ .Values.service.port }}"
|
||||
- name: RPC_PORT
|
||||
value: "{{ .Values.service.rpcPort }}"
|
||||
resources: {{ toYaml .Values.resources | indent 10 }}
|
||||
ports:
|
||||
- name: rpc
|
||||
containerPort: {{ .Values.service.rpcPort }}
|
||||
volumeMounts:
|
||||
- name: lbrynet-home
|
||||
mountPath: /home/lbrynet
|
||||
{{- if .Values.daemon_settings }}
|
||||
- name: config
|
||||
mountPath: /etc/lbry/daemon_settings.yml
|
||||
subPath: daemon_settings.yml
|
||||
{{- end }}
|
||||
volumes:
|
||||
{{- if .Values.daemon_settings }}
|
||||
- name: config
|
||||
emptyDir: {}
|
||||
- name: configmap
|
||||
configMap:
|
||||
name: {{ template "lbrynet.fullname" . }}
|
||||
{{- end }}
|
||||
- name: lbrynet-home
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default (include "lbrynet.fullname" .) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
30
contrib/k8s-lbry/charts/lbrynet/templates/pvc.yaml
Normal file
30
contrib/k8s-lbry/charts/lbrynet/templates/pvc.yaml
Normal file
|
@ -0,0 +1,30 @@
|
|||
{{- if .Values.enabled }}
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "lbrynet.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
{{- with .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
contrib/k8s-lbry/charts/lbrynet/templates/service.yaml
Normal file
19
contrib/k8s-lbry/charts/lbrynet/templates/service.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "lbrynet.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
chart: {{ template "lbrynet.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
ports:
|
||||
- name: rpc
|
||||
port: {{ .Values.service.rpcPort }}
|
||||
targetPort: rpc
|
||||
selector:
|
||||
app: {{ template "lbrynet.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
22
contrib/k8s-lbry/charts/speech/.helmignore
Normal file
22
contrib/k8s-lbry/charts/speech/.helmignore
Normal file
|
@ -0,0 +1,22 @@
|
|||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
5
contrib/k8s-lbry/charts/speech/Chart.yaml
Normal file
5
contrib/k8s-lbry/charts/speech/Chart.yaml
Normal file
|
@ -0,0 +1,5 @@
|
|||
apiVersion: v1
|
||||
appVersion: "v0.0.0"
|
||||
description: LBRY spee.ch
|
||||
name: speech
|
||||
version: 0.1.0
|
32
contrib/k8s-lbry/charts/speech/templates/_helpers.tpl
Normal file
32
contrib/k8s-lbry/charts/speech/templates/_helpers.tpl
Normal file
|
@ -0,0 +1,32 @@
|
|||
{{/* vim: set filetype=mustache: */}}
|
||||
{{/*
|
||||
Expand the name of the chart.
|
||||
*/}}
|
||||
{{- define "speech.name" -}}
|
||||
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create a default fully qualified app name.
|
||||
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
|
||||
If release name contains chart name it will be used as a full name.
|
||||
*/}}
|
||||
{{- define "speech.fullname" -}}
|
||||
{{- if .Values.fullnameOverride -}}
|
||||
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- $name := default .Chart.Name .Values.nameOverride -}}
|
||||
{{- if contains $name .Release.Name -}}
|
||||
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- else -}}
|
||||
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create chart name and version as used by the chart label.
|
||||
*/}}
|
||||
{{- define "speech.chart" -}}
|
||||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
|
||||
{{- end -}}
|
33
contrib/k8s-lbry/charts/speech/templates/configmap.yaml
Normal file
33
contrib/k8s-lbry/charts/speech/templates/configmap.yaml
Normal file
|
@ -0,0 +1,33 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ template "speech.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "speech.name" . }}
|
||||
chart: {{ template "speech.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
data:
|
||||
{{- with .Values.auth }}
|
||||
authConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.mysql }}
|
||||
mysqlConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.chainquery }}
|
||||
chainqueryConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.lbrynet }}
|
||||
lbryConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.site }}
|
||||
siteConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.logger }}
|
||||
loggerConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- with .Values.slack }}
|
||||
slackConfig.json: {{ toJson . | quote }}
|
||||
{{- end }}
|
||||
{{- end }}
|
68
contrib/k8s-lbry/charts/speech/templates/deployments.yaml
Normal file
68
contrib/k8s-lbry/charts/speech/templates/deployments.yaml
Normal file
|
@ -0,0 +1,68 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: apps/v1beta2
|
||||
kind: Deployment
|
||||
metadata:
|
||||
name: {{ template "speech.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "speech.name" . }}
|
||||
chart: {{ template "speech.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
strategy:
|
||||
type: Recreate
|
||||
selector:
|
||||
matchLabels:
|
||||
app: {{ template "speech.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: {{ template "speech.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
spec:
|
||||
securityContext:
|
||||
fsGroup: 1000
|
||||
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
|
||||
initContainers:
|
||||
- name: copy-lbrycrd-config
|
||||
image: busybox
|
||||
command: ['sh', '-c', 'cp /configmap/chainqueryConfig.json /configmap/lbryConfig.json /configmap/loggerConfig.json /configmap/mysqlConfig.json /configmap/siteConfig.json /configmap/slackConfig.json /config && cp /configmap/authConfig.json /private']
|
||||
volumeMounts:
|
||||
- name: configmap
|
||||
mountPath: /configmap
|
||||
- name: config
|
||||
mountPath: /config
|
||||
- name: private
|
||||
mountPath: /private
|
||||
containers:
|
||||
- name: {{ template "speech.fullname" . }}
|
||||
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
|
||||
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
|
||||
resources: {{ toYaml .Values.resources | indent 10 }}
|
||||
ports:
|
||||
- name: port
|
||||
containerPort: {{ .Values.service.port }}
|
||||
volumeMounts:
|
||||
- name: configmap
|
||||
mountPath: /spee.ch/site/config
|
||||
- name: private
|
||||
mountPath: /spee.ch/site/private
|
||||
- name: data
|
||||
mountPath: /data
|
||||
volumes:
|
||||
- name: config
|
||||
mountPath: /spee.ch/site/config
|
||||
- name: private
|
||||
mountPath: /spee.ch/site/private
|
||||
- name: configmap
|
||||
configMap:
|
||||
name: {{ template "speech.fullname" . }}
|
||||
- name: data
|
||||
{{- if .Values.persistence.enabled }}
|
||||
persistentVolumeClaim:
|
||||
claimName: {{ .Values.persistence.existingClaim | default (include "speech.fullname" .) }}
|
||||
{{- else }}
|
||||
emptyDir: {}
|
||||
{{- end -}}
|
||||
{{- end }}
|
24
contrib/k8s-lbry/charts/speech/templates/ingress.yaml
Normal file
24
contrib/k8s-lbry/charts/speech/templates/ingress.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: extensions/v1beta1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: {{ .Values.service.name }}
|
||||
annotations:
|
||||
kubernetes.io/ingress.class: nginx
|
||||
certmanager.k8s.io/issuer: {{ .Values.service.certificateIssuer }}
|
||||
certmanager.k8s.io/acme-challenge-type: http01
|
||||
spec:
|
||||
{{ if .Values.service.enableHttps }}
|
||||
tls:
|
||||
- hosts:
|
||||
- {{ .Values.service.hostname }}
|
||||
secretName: {{ .Values.service.name }}-tls
|
||||
{{ end }}
|
||||
rules:
|
||||
- host: {{ .Values.service.hostname }}
|
||||
http:
|
||||
paths:
|
||||
- backend:
|
||||
serviceName: {{ .Values.service.name }}
|
||||
servicePort: {{ .Values.service.port }}
|
||||
{{- end }}
|
31
contrib/k8s-lbry/charts/speech/templates/pvc.yaml
Normal file
31
contrib/k8s-lbry/charts/speech/templates/pvc.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
{{- if .Values.enabled }}
|
||||
{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }}
|
||||
kind: PersistentVolumeClaim
|
||||
apiVersion: v1
|
||||
metadata:
|
||||
name: {{ template "speech.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "speech.name" . }}
|
||||
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
|
||||
release: "{{ .Release.Name }}"
|
||||
heritage: "{{ .Release.Service }}"
|
||||
{{- with .Values.persistence.annotations }}
|
||||
annotations:
|
||||
{{ toYaml . | indent 4 }}
|
||||
{{- end }}
|
||||
|
||||
spec:
|
||||
accessModes:
|
||||
- {{ .Values.persistence.accessMode | quote }}
|
||||
resources:
|
||||
requests:
|
||||
storage: {{ .Values.persistence.size | quote }}
|
||||
{{- if .Values.persistence.storageClass }}
|
||||
{{- if (eq "-" .Values.persistence.storageClass) }}
|
||||
storageClassName: ""
|
||||
{{- else }}
|
||||
storageClassName: "{{ .Values.persistence.storageClass }}"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
19
contrib/k8s-lbry/charts/speech/templates/service.yaml
Normal file
19
contrib/k8s-lbry/charts/speech/templates/service.yaml
Normal file
|
@ -0,0 +1,19 @@
|
|||
{{- if .Values.enabled }}
|
||||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
name: {{ template "speech.fullname" . }}
|
||||
labels:
|
||||
app: {{ template "speech.name" . }}
|
||||
chart: {{ template "speech.chart" . }}
|
||||
release: {{ .Release.Name }}
|
||||
heritage: {{ .Release.Service }}
|
||||
spec:
|
||||
ports:
|
||||
- name: port
|
||||
port: {{ .Values.service.port }}
|
||||
targetPort: port
|
||||
selector:
|
||||
app: {{ template "speech.name" . }}
|
||||
release: {{ .Release.Name }}
|
||||
{{- end }}
|
12
contrib/k8s-lbry/requirements.lock
Normal file
12
contrib/k8s-lbry/requirements.lock
Normal file
|
@ -0,0 +1,12 @@
|
|||
dependencies:
|
||||
- name: percona
|
||||
repository: https://kubernetes-charts.storage.googleapis.com
|
||||
version: 0.3.5
|
||||
- name: mysql
|
||||
repository: https://kubernetes-charts.storage.googleapis.com
|
||||
version: 0.19.0
|
||||
- name: mysql
|
||||
repository: https://kubernetes-charts.storage.googleapis.com
|
||||
version: 0.19.0
|
||||
digest: sha256:c97a2ebaa817e80a3c343e24befc75b133758c17438a5a520ecb0780aaa2ecef
|
||||
generated: 2019-05-04T13:44:28.303905337-04:00
|
15
contrib/k8s-lbry/requirements.yaml
Normal file
15
contrib/k8s-lbry/requirements.yaml
Normal file
|
@ -0,0 +1,15 @@
|
|||
dependencies:
|
||||
- name: percona
|
||||
repository: "@stable"
|
||||
version: 0.3.5
|
||||
condition: percona.enabled,global.percona.enabled
|
||||
- name: mysql
|
||||
alias: chainquery-mysql
|
||||
repository: "@stable"
|
||||
version: 0.19.0
|
||||
condition: chainquery-mysql.enabled,global.chainquery-mysql.enabled
|
||||
- name: mysql
|
||||
alias: speech-mysql
|
||||
repository: "@stable"
|
||||
version: 0.19.0
|
||||
condition: speech-mysql.enabled,global.speech-mysql.enabled
|
65
contrib/k8s-lbry/scripts/kubectl-run-with-pvc.sh
Executable file
65
contrib/k8s-lbry/scripts/kubectl-run-with-pvc.sh
Executable file
|
@ -0,0 +1,65 @@
|
|||
#!/bin/bash
|
||||
|
||||
# From https://gist.github.com/yuanying/3aa7d59dcce65470804ab43def646ab6
|
||||
|
||||
IMAGE="ubuntu:18.04"
|
||||
COMMAND="/bin/bash"
|
||||
SUFFIX=$(date +%s | shasum | base64 | fold -w 10 | head -1 | tr '[:upper:]' '[:lower:]')
|
||||
|
||||
usage_exit() {
|
||||
echo "Usage: $0 [-c command] [-i image] PVC ..." 1>&2
|
||||
exit 1
|
||||
}
|
||||
|
||||
if [ "$#" -ne 1 ]; then
|
||||
usage_exit
|
||||
fi
|
||||
|
||||
while getopts i:h OPT
|
||||
do
|
||||
case $OPT in
|
||||
i) IMAGE=$OPTARG
|
||||
;;
|
||||
c) COMMAND=$OPTARG
|
||||
;;
|
||||
h) usage_exit
|
||||
;;
|
||||
\?) usage_exit
|
||||
;;
|
||||
esac
|
||||
done
|
||||
shift $(($OPTIND - 1))
|
||||
|
||||
VOL_MOUNTS=""
|
||||
VOLS=""
|
||||
COMMA=""
|
||||
|
||||
for i in $@
|
||||
do
|
||||
VOL_MOUNTS="${VOL_MOUNTS}${COMMA}{\"name\": \"${i}\",\"mountPath\": \"/pvcs/${i}\"}"
|
||||
VOLS="${VOLS}${COMMA}{\"name\": \"${i}\",\"persistentVolumeClaim\": {\"claimName\": \"${i}\"}}"
|
||||
COMMA=","
|
||||
done
|
||||
|
||||
kubectl run -it --rm --restart=Never --image=${IMAGE} pvc-mounter-${SUFFIX} --overrides "
|
||||
{
|
||||
\"spec\": {
|
||||
\"hostNetwork\": true,
|
||||
\"containers\":[
|
||||
{
|
||||
\"args\": [\"${COMMAND}\"],
|
||||
\"stdin\": true,
|
||||
\"tty\": true,
|
||||
\"name\": \"pvc\",
|
||||
\"image\": \"${IMAGE}\",
|
||||
\"volumeMounts\": [
|
||||
${VOL_MOUNTS}
|
||||
]
|
||||
}
|
||||
],
|
||||
\"volumes\": [
|
||||
${VOLS}
|
||||
]
|
||||
}
|
||||
}
|
||||
" -- ${COMMAND}
|
20
contrib/k8s-lbry/scripts/package.sh
Executable file
20
contrib/k8s-lbry/scripts/package.sh
Executable file
|
@ -0,0 +1,20 @@
|
|||
#!/bin/bash
|
||||
## Build Helm package and upload to s3 repository
|
||||
|
||||
exe() { echo "\$ $@" ; "$@" ; }
|
||||
|
||||
# Work from the parent directory to this script:
|
||||
cd `dirname "$0"` && cd ..
|
||||
|
||||
if s3cmd info s3://k8s-lbry > /dev/null; then
|
||||
exe helm dependency update
|
||||
exe helm package .
|
||||
exe helm repo index .
|
||||
|
||||
exe s3cmd put --acl-public index.yaml k8s-lbry-*.tgz s3://k8s-lbry/
|
||||
exe s3cmd put --acl-public charts/*.tgz s3://k8s-lbry/charts/
|
||||
else
|
||||
echo "s3cmd is not setup, run s3cmd --configure"
|
||||
exit 1
|
||||
fi
|
||||
|
263
contrib/k8s-lbry/values.yaml
Normal file
263
contrib/k8s-lbry/values.yaml
Normal file
|
@ -0,0 +1,263 @@
|
|||
cert-manager-issuer:
|
||||
# Enter your email address to receive important notices from Let's Encrypt:
|
||||
email: "fred@example.com"
|
||||
|
||||
echo-http-server:
|
||||
enabled: false
|
||||
# Enter your domain name for the echo test service:
|
||||
hostname: "echo.example.com"
|
||||
service: echo-http-server
|
||||
enableHttps: true
|
||||
certificateIssuer: letsencrypt-prod
|
||||
|
||||
echo-socket-server:
|
||||
enabled: false
|
||||
service: echo-socket-server
|
||||
|
||||
lbrycrd:
|
||||
enabled: true
|
||||
image:
|
||||
repository: lbry/lbrycrd
|
||||
tag: linux-x86_64-production
|
||||
pullPolicy: Always
|
||||
service:
|
||||
port: 9246
|
||||
rpcPort: 9245
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 50Gi
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
configurationFile:
|
||||
lbrycrd.conf: |-
|
||||
datadir=/data
|
||||
rpcuser=lbry
|
||||
rpcpassword=lbry
|
||||
regtest=0
|
||||
txindex=1
|
||||
rpcallowip=10.244.0.0/16
|
||||
server=1
|
||||
listen=1
|
||||
daemon=0
|
||||
externalip=
|
||||
|
||||
chainquery-mysql:
|
||||
nameOverride: chainquery-mysql
|
||||
enabled: false
|
||||
mysqlUser: chainquery
|
||||
mysqlPassword: chainquery
|
||||
mysqlDatabase: chainquery
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 100Gi
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
|
||||
chainquery:
|
||||
enabled: false
|
||||
image:
|
||||
repository: lbry/chainquery
|
||||
tag: linux-x86_64-production
|
||||
pullPolicy: IfNotPresent
|
||||
service:
|
||||
port: 6300
|
||||
configurationFile:
|
||||
chainqueryconfig.toml: |-
|
||||
lbrycrdurl="rpc://lbry:lbry@k8s-lbry-lbrycrd:9245"
|
||||
mysqldsn="chainquery:chainquery@tcp(k8s-lbry-chainquery-mysql:3306)/chainquery"
|
||||
apimysqldsn="chainquery:chainquery@tcp(k8s-lbry-chainquery-mysql:3306)/chainquery"
|
||||
|
||||
lbrynet:
|
||||
enabled: false
|
||||
image:
|
||||
# repository: lbry/lbrynet
|
||||
# tag: linux-x86_64-production
|
||||
repository: enigmacurry/dump
|
||||
tag: lbrynet
|
||||
pullPolicy: Always
|
||||
service:
|
||||
rpcPort: 5279
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 10Gi
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
daemon_settings:
|
||||
api: 0.0.0.0:5279
|
||||
use_upnp: false
|
||||
auto_re_reflect_interval: 0
|
||||
max_key_fee: {amount: 0, currency: LBC}
|
||||
run_reflector_server: false
|
||||
|
||||
speech-mysql:
|
||||
nameOverride: speech-mysql
|
||||
enabled: false
|
||||
mysqlUser: speech
|
||||
mysqlPassword: speech
|
||||
mysqlDatabase: speech
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 100Gi
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
|
||||
speech:
|
||||
enabled: false
|
||||
service:
|
||||
name: k8s-lbry-speech
|
||||
hostname: "speech.example.com"
|
||||
port: 3000
|
||||
enableHttps: true
|
||||
certificateIssuer: letsencrypt-prod
|
||||
image:
|
||||
repository: enigmacurry/dump
|
||||
tag: spee.ch
|
||||
pullPolicy: Always
|
||||
persistence:
|
||||
enabled: true
|
||||
accessMode: ReadWriteOnce
|
||||
size: 20Gi
|
||||
annotations:
|
||||
"helm.sh/resource-policy": keep
|
||||
auth:
|
||||
masterPassword: speech
|
||||
sessionKey: mysecretkeyword
|
||||
mysql:
|
||||
host: k8s-lbry-speech-mysql
|
||||
database: speech
|
||||
username: speech
|
||||
password: speech
|
||||
chainquery:
|
||||
host: k8s-lbry-chainquery-mysql
|
||||
port: 3306
|
||||
timeout: 30
|
||||
database: chainquery
|
||||
username: chainquery
|
||||
password: chainquery
|
||||
lbrynet:
|
||||
apiHost: k8s-lbry-lbrynet
|
||||
apiPort: 5279
|
||||
getTimeout: 30
|
||||
logger:
|
||||
logLevel: verbose
|
||||
slack:
|
||||
slackWebHook: false
|
||||
slackErrorChannel: false
|
||||
slackInfoChannel: false
|
||||
site:
|
||||
analytics:
|
||||
googleId:
|
||||
assetDefaults:
|
||||
description: 'Default Content Description'
|
||||
thumbnail: https://spee.ch/0e5d4e8f4086e13f5b9ca3f9648f518e5f524402/speechflag.png
|
||||
title: 'Default Content Title'
|
||||
details:
|
||||
blockListEndpoint: https://api.lbry.com/file/list_blocked
|
||||
description: 'A decentralized hosting platform built on LBRY'
|
||||
host: https://www.example.com
|
||||
ipAddress: ""
|
||||
port: 3000
|
||||
title: 'My Site'
|
||||
twitter: false
|
||||
publishing:
|
||||
primaryClaimAddress:
|
||||
additionalClaimAddresses: []
|
||||
approvedChannels: []
|
||||
channelClaimBidAmount: 0.1
|
||||
closedRegistration: false
|
||||
disabled: false
|
||||
disabledMessage: 'Default publishing disabled message'
|
||||
fileClaimBidAmount: 0.01
|
||||
fileSizeLimits:
|
||||
application: 50000000
|
||||
audio: 50000000
|
||||
customByContentType:
|
||||
application/octet-stream: 50000000
|
||||
image: 50000000
|
||||
model: 50000000
|
||||
text: 50000000
|
||||
video: 50000000
|
||||
publishOnlyApproved: false
|
||||
publishingChannelWhitelist: []
|
||||
serveOnlyApproved: false
|
||||
thumbnailChannel:
|
||||
thumbnailChannelId:
|
||||
uploadDirectory: /data/Uploads
|
||||
serving:
|
||||
customFileExtensions:
|
||||
application/x-mif: mif
|
||||
application/x-pn-realaudio: ram
|
||||
application/x-python-code: pyc
|
||||
application/x-sgml: sgm
|
||||
application/x-troff: roff
|
||||
application/x-troff-man: man
|
||||
application/x-troff-me: me
|
||||
application/x-troff-ms: ms
|
||||
image/pict: pct
|
||||
model/stl: stl
|
||||
text/x-go: go
|
||||
text/x-python: py
|
||||
text/xul: xul
|
||||
dynamicFileSizing:
|
||||
enabled: true
|
||||
maxDimension: 2000
|
||||
markdownSettings:
|
||||
allowedTypesDescriptions: []
|
||||
allowedTypesExample:
|
||||
- 'see react-markdown docs'
|
||||
- root
|
||||
- text
|
||||
- break
|
||||
- paragraph
|
||||
- emphasis
|
||||
- strong
|
||||
- thematicBreak
|
||||
- blockquote
|
||||
- delete
|
||||
- link
|
||||
- image
|
||||
- linkReference
|
||||
- imageReference
|
||||
- table
|
||||
- tableHead
|
||||
- tableBody
|
||||
- tableRow
|
||||
- tableCell
|
||||
- list
|
||||
- listItem
|
||||
- heading
|
||||
- inlineCode
|
||||
- code
|
||||
- html
|
||||
- parsedHtml
|
||||
allowedTypesMain: []
|
||||
escapeHtmlDescriptions: true
|
||||
escapeHtmlMain: true
|
||||
skipHtmlDescriptions: true
|
||||
skipHtmlMain: true
|
||||
startup:
|
||||
performChecks: true
|
||||
performUpdates: true
|
||||
|
||||
|
||||
percona:
|
||||
#### Prefer mysql over percona for now:
|
||||
enabled: false
|
||||
# mysqlUser: chainquery
|
||||
# mysqlPassword: chainquery
|
||||
# mysqlDatabase: chainquery
|
||||
# persistence:
|
||||
# enabled: true
|
||||
# accessMode: ReadWriteOnce
|
||||
# size: 100Gi
|
||||
# resources:
|
||||
# requests:
|
||||
# memory: 1Gi
|
||||
# cpu: 1
|
||||
|
||||
|
||||
|
Loading…
Reference in a new issue