Ci kubernetes chart update (paritytech#187)

* update helm chart from substrate * ci: change container image to kubetools
lamafab · Mar 26, 2019 · 6696c8e · 6696c8e
1 parent 8f19f8a
commit 6696c8e
Show file tree

Hide file tree

Showing 7 changed files with 98 additions and 43 deletions.
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -212,7 +212,7 @@ publish-s3-release:
   when:                            manual
   cache:                           {}
   retry:                           1
-  image:                           parity/kubectl-helm:$HELM_VERSION
+  image:                           parity/kubetools:latest
   <<:                              *build-only
   tags:
     # this is the runner that is used to deploy it

diff --git a/scripts/kubernetes/Chart.yaml b/scripts/kubernetes/Chart.yaml
@@ -1,5 +1,5 @@
 name: polkadot
-version: 0.1
+version: 0.2
 appVersion: 0.2.0
 description: Polkadot Node Implementation
 home: https://polkadot.network/

diff --git a/scripts/kubernetes/templates/poddisruptionbudget.yaml b/scripts/kubernetes/templates/poddisruptionbudget.yaml
@@ -1,10 +1,10 @@
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
-  name: polkadot
+  name: {{ .Values.GitlabEnvSlug | default .Values.app }}
 spec:
   selector:
     matchLabels:
-      app: polkadot
+      app: {{ .Values.GitlabEnvSlug | default .Values.app }}
   maxUnavailable: 1
 
diff --git a/scripts/kubernetes/templates/service.yaml b/scripts/kubernetes/templates/service.yaml
@@ -5,35 +5,50 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: polkadot-rpc
-  labels:
-    app: polkadot
+  name: {{ .Values.app }}-rpc
 spec:
   ports:
   - port: 9933
     name: http-rpc
   - port: 9944
     name: websocket-rpc
   selector:
-    app: polkadot
+    app: {{ .Values.GitlabEnvSlug | default .Values.app }}
   sessionAffinity: None
   type: ClusterIP
   clusterIP: None
 ---
+{{- if .Values.listen_node_port }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: polkadot
+  name: {{ .Values.app }}
 spec:
   ports:
   - port: 30333
     name: p2p
     nodePort: 30333
     protocol: TCP
   selector:
-    app: polkadot
+    app: {{ .Values.GitlabEnvSlug | default .Values.app }}
   sessionAffinity: None
   type: NodePort
   # don't route exteral traffic to non-local pods
   externalTrafficPolicy: Local
-
+{{- else if .Values.validator.keys }}
+{{- $root := . -}}
+{{- range until (int .Values.nodes.replicas) }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ $root.Values.app }}-{{ . }}
+spec:
+  selector:
+    statefulset.kubernetes.io/pod-name: {{ $root.Values.app }}-{{ . }}
+  ports:
+    - port: 30333
+      targetPort: 30333
+      protocol: TCP
+{{- end }}
+{{- end }}
diff --git a/scripts/kubernetes/templates/serviceaccount.yaml b/scripts/kubernetes/templates/serviceaccount.yaml
@@ -5,8 +5,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
   labels:
-    app: polkadot
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    release: {{ .Release.Name }}
+    app: {{ .Values.GitlabEnvSlug | default .Values.app }}
   name: {{ .Values.rbac.name }}
 {{- end }}
diff --git a/scripts/kubernetes/templates/statefulset.yaml b/scripts/kubernetes/templates/statefulset.yaml
@@ -3,20 +3,20 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: polkadot
+  name: {{ .Values.app }}
 spec:
   selector:
     matchLabels:
-      app: polkadot
-  serviceName: polkadot
+      app: {{ .Values.GitlabEnvSlug | default .Values.app }}
+  serviceName: {{ .Values.app }}
   replicas: {{ .Values.nodes.replicas }}
   updateStrategy:
     type: RollingUpdate
   podManagementPolicy: Parallel
   template:
     metadata:
       labels:
-        app: polkadot
+        app: {{ .Values.GitlabEnvSlug | default .Values.app }}
     spec:
       {{- if .Values.rbac.enable }}
       serviceAccountName: {{ .Values.rbac.name }}
@@ -31,19 +31,50 @@ spec:
                 - key: node
                   operator: In
                   values:
-                  - polkadot
+                  - {{ .Values.node_group }}
+        {{- if .Values.listen_node_port }}
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
             - labelSelector:
                 matchExpressions:
                   - key: "app"
                     operator: In
                     values:
-                    - polkadot
+                    - {{ .Values.app }}
               topologyKey: "kubernetes.io/hostname"
+        {{- end }}
       terminationGracePeriodSeconds: 300
+      {{- if .Values.validator.keys }}
+      volumes:
+        - name: {{ .Values.app }}-validator-secrets
+          secret:
+            secretName: {{ .Values.app }}-secrets
+      initContainers:
+      - name: prepare-secrets
+        image: busybox
+        command: [ "/bin/sh" ]
+        args:
+          - -c
+          - sed -n -r "s/^${POD_NAME}-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/key;
+            sed -n -r "s/^${POD_NAME}-node-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/node-key;
+            sed -n -r "s/^${POD_NAME}-name ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/name;
+            test -s {{ .Values.image.basepath }}/name || echo "${POD_NAME}" > {{ .Values.image.basepath }}/name
+        env:
+          # from (workaround for hostname)
+          # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+        volumeMounts:
+        - name: {{ .Values.app }}-validator-secrets
+          readOnly: true
+          mountPath: "/etc/validator"
+        - name: {{ .Values.app }}dir
+          mountPath: {{ .Values.image.basepath }}
+      {{- end }}
       containers:
-      - name: polkapod
+      - name: {{ .Values.app }}
         imagePullPolicy: "{{ .Values.image.pullPolicy }}"
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         {{- if .Values.resources }}
@@ -59,40 +90,46 @@ spec:
           name: http-rpc
         - containerPort: 9944
           name: websocket-rpc
+        command: ["/bin/sh"]
         args:
-          - --base-path
-          - {{ .Values.image.basepath }}
-          - --name
-          - $(MY_POD_NAME)
-        {{- range .Values.nodes.args }}
-          - {{ . }}
-        {{- end }}
+          - -c
+          - exec {{ .Values.image.executable }}
+            --base-path {{ .Values.image.basepath }}
+            {{- if .Values.validator.keys }}
+            --validator
+            --name $(cat {{ .Values.image.basepath }}/name)
+            --key $(cat {{ .Values.image.basepath }}/key)
+            --node-key $(cat {{ .Values.image.basepath }}/node-key)
+            {{- else }}
+            --name $(POD_NAME)
+            {{- end }}
+            {{- range .Values.nodes.args }} {{ . }} {{- end }}
         env:
-          # from (workaround for hostname)
-          # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
-          - name: MY_POD_NAME
+          - name: POD_NAME
             valueFrom:
               fieldRef:
                 fieldPath: metadata.name
         volumeMounts:
-        - name: polkadir
+        - name: {{ .Values.app }}dir
           mountPath: {{ .Values.image.basepath }}
         readinessProbe:
-          tcpSocket:
+          httpGet:
+            path: /health
             port: http-rpc
-          initialDelaySeconds: 30
-          periodSeconds: 30
+          initialDelaySeconds: 10
+          periodSeconds: 10
         livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /health
             port: http-rpc
-          initialDelaySeconds: 30
-          periodSeconds: 30
+          initialDelaySeconds: 10
+          periodSeconds: 10
       securityContext:
         runAsUser: 1000
         fsGroup: 1000
   volumeClaimTemplates:
   - metadata:
-      name: polkadir
+      name: {{ .Values.app }}dir
     spec:
       accessModes: [ "ReadWriteOnce" ]
       storageClassName: ssd

diff --git a/scripts/kubernetes/values.yaml b/scripts/kubernetes/values.yaml
@@ -4,31 +4,36 @@ image:
   tag: latest
   pullPolicy: Always
   basepath: /polkadot
+  executable: /usr/local/bin/polkadot
 
 
 # if set to true a service account for polkadot will be created
 rbac:
   enable: true
   name: polkadot
 
+# name of the statefulset
+app: polkadot
+node_group: polkadot
+listen_node_port: true
 
 nodes:
   replicas: 2
   args:
     - --chain
-    - krummelanke
+    - alexander
     # serve rpc within the local network
     # - fenced off the world via firewall
     # - used for health checks
     - --rpc-external
     - --ws-external
     # - --log
     # - sub-libp2p=trace
-    # - --validator
-    # - --key
-    # - key_name
 
 
+validator: {}
+# providing 'keys' string via --set commandline parameter will run the nodes
+# in validator mode (--validator).
 
 # maybe adopt resource limits here to the nodes of the pool
 # resources: