pezkuwichain/pezkuwi-subxt
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-subxt.git synced 2026-06-13 19:51:05 +00:00
Code Issues Packages Projects Releases Wiki Activity

ci: add kubernetes helm chart and gcp deployment (#1854)

Browse Source 
* ci: add kubernetes helm chart and gcp deployment

* use official or parity's docker images only
This commit is contained in:
gabriel klawitter
2019-02-27 12:37:10 +01:00
committed by GitHub
parent 5282615416
commit f5c32f71f4
11 changed files with 425 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
substrate/scripts/kubernetes/Chart.yaml
+12
View File
@@ -0,0 +1,12 @@
name: substrate
version: 0.1
appVersion: 0.9.1
description: "Substrate: The platform for blockchain innovators"
home: https://substrate.network/
icon: https://substrate.network/favicon.ico
sources:
- https://github.com/paritytech/substrate/
maintainers:
- name: Paritytech Devops Team
email: devops-team@parity.io
tillerVersion: ">=2.8.0"
substrate/scripts/kubernetes/README.md
+47
View File
@@ -0,0 +1,47 @@
# Substrate Kubernetes Helm Chart
This [Helm Chart](https://helm.sh/) can be used for deploying containerized
**Substrate** to a [Kubernetes](https://kubernetes.io/) cluster.
## Prerequisites
- Tested on Kubernetes 1.10.7-gke.6
## Installation
To install the chart with the release name `my-release` into namespace
`my-namespace` from within this directory:
```console
$ helm install --namespace my-namespace --name my-release --values values.yaml ./
```
The command deploys Substrate on the Kubernetes cluster in the configuration
given in `values.yaml`. When the namespace is omitted it'll be installed in
the default one.
## Removal of the Chart
To uninstall/delete the `my-release` deployment:
```console
$ helm delete --namespace my-namespace my-release
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Upgrading
Once the chart is installed and a new version should be deployed helm takes
care of this by
```console
$ helm upgrade --namespace my-namespace --values values.yaml my-release ./
```
substrate/scripts/kubernetes/templates/poddisruptionbudget.yaml
+10
View File
@@ -0,0 +1,10 @@
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
name: substrate
spec:
selector:
matchLabels:
app: substrate
maxUnavailable: 1
substrate/scripts/kubernetes/templates/secrets.yaml
+11
View File
@@ -0,0 +1,11 @@
{{- if .Values.validator.keys }}
apiVersion: v1
kind: Secret
metadata:
name: substrate-secrets
labels:
app: substrate
type: Opaque
data:
secrets: {{ .Values.validator.keys | default "" }}
{{- end }}
substrate/scripts/kubernetes/templates/service.yaml
+39
View File
@@ -0,0 +1,39 @@
# see:
# https://kubernetes.io/docs/tutorials/services/
# https://kubernetes.io/docs/concepts/services-networking/service/
# headless service for rpc
apiVersion: v1
kind: Service
metadata:
name: substrate-rpc
labels:
app: substrate
spec:
ports:
- port: 9933
name: http-rpc
- port: 9944
name: websocket-rpc
selector:
app: substrate
sessionAffinity: None
type: ClusterIP
clusterIP: None
---
apiVersion: v1
kind: Service
metadata:
name: substrate
spec:
ports:
- port: 30333
name: p2p
nodePort: 30333
protocol: TCP
selector:
app: substrate
sessionAffinity: None
type: NodePort
# don't route exteral traffic to non-local pods
externalTrafficPolicy: Local
substrate/scripts/kubernetes/templates/serviceaccount.yaml
+10
View File
@@ -0,0 +1,10 @@
{{- if .Values.rbac.enable }}
# service account for substrate pods themselves
# no permissions for the api are required
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
app: substrate
name: {{ .Values.rbac.name }}
{{- end }}
substrate/scripts/kubernetes/templates/statefulset.yaml
+135
View File
@@ -0,0 +1,135 @@
# https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/
# https://cloud.google.com/kubernetes-engine/docs/concepts/statefulset
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: substrate
spec:
selector:
matchLabels:
app: substrate
serviceName: substrate
replicas: {{ .Values.nodes.replicas }}
updateStrategy:
type: RollingUpdate
podManagementPolicy: Parallel
template:
metadata:
labels:
app: substrate
spec:
{{- if .Values.rbac.enable }}
serviceAccountName: {{ .Values.rbac.name }}
{{- else }}
serviceAccountName: default
{{- end }}
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node
operator: In
values:
- substrate
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- substrate
topologyKey: "kubernetes.io/hostname"
terminationGracePeriodSeconds: 300
{{- if .Values.validator.keys }}
volumes:
- name: substrate-validator-secrets
secret:
secretName: substrate-secrets
initContainers:
- name: prepare-secrets
image: busybox
command: [ "/bin/sh" ]
args:
- -c
- sed -n -r "s/^${POD_NAME}-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/key;
sed -n -r "s/^${POD_NAME}-node-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/node-key
env:
# from (workaround for hostname)
# https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: substrate-validator-secrets
readOnly: true
mountPath: "/etc/validator"
- name: substratedir
mountPath: {{ .Values.image.basepath }}
{{- end }}
containers:
- name: substrate
imagePullPolicy: "{{ .Values.image.pullPolicy }}"
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
{{- if .Values.resources }}
resources:
requests:
memory: {{ .Values.resources.memory }}
cpu: {{ .Values.resources.cpu }}
{{- end }}
ports:
- containerPort: 30333
name: p2p
- containerPort: 9933
name: http-rpc
- containerPort: 9944
name: websocket-rpc
command: ["/bin/sh"]
args:
- -c
- exec /usr/local/bin/substrate
--base-path {{ .Values.image.basepath }}
--name $(POD_NAME)
{{- if .Values.validator.enable }}
--validator
{{- end }}
{{- if .Values.validator.keys }}
--key $(cat {{ .Values.image.basepath }}/key)
--node-key $(cat {{ .Values.image.basepath }}/node-key)
{{- end }}
{{- range .Values.nodes.args }} {{ . }} {{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
volumeMounts:
- name: substratedir
mountPath: {{ .Values.image.basepath }}
readinessProbe:
httpGet:
path: /health
port: http-rpc
initialDelaySeconds: 10
periodSeconds: 10
livenessProbe:
httpGet:
path: /health
port: http-rpc
initialDelaySeconds: 10
periodSeconds: 10
securityContext:
runAsUser: 1000
fsGroup: 1000
volumeClaimTemplates:
- metadata:
name: substratedir
spec:
accessModes: [ "ReadWriteOnce" ]
storageClassName: ssd
resources:
requests:
storage: 32Gi
substrate/scripts/kubernetes/values.yaml
+53
View File
@@ -0,0 +1,53 @@
# set tag manually --set image.tag=latest
image:
repository: parity/substrate
tag: latest
pullPolicy: Always
basepath: /substrate
# if set to true a service account for substrate will be created
rbac:
enable: true
name: substrate
nodes:
replicas: 2
args:
# name and data directory are set by the chart itself
# key and node-key may be provided on commandline invocation
#
# - --chain
# - krummelanke
# serve rpc within the local network
# - fenced off the world via firewall
# - used for health checks
- --rpc-external
- --ws-external
# - --log
# - sub-libp2p=trace
validator:
enable: True
# adds --validator commandline option
#
# key and node-key can be given in a base64 encoded keyfile string (at
# validator.keys) which has the following format:
#
# substrate-0-key <key-seed>
# substrate-0-node-key <node-secret-key>
# substrate-1-key <key-seed>
# substrate-1-node-key <node-secret-key>
#
# pod names are canonical. changing these or providing different amount of
# keys than the replicas count will lead to behaviour noone ever has
# experienced before.
# maybe adopt resource limits here to the nodes of the pool
# resources:
# memory: "5Gi"
# cpu: "1.5"