diff --git a/etc/helm/.helmignore b/etc/helm/.helmignore new file mode 100644 index 0000000..f0c1319 --- /dev/null +++ b/etc/helm/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/etc/helm/Chart.yaml b/etc/helm/Chart.yaml new file mode 100644 index 0000000..d7d1a02 --- /dev/null +++ b/etc/helm/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: A Helm chart for Kubernetes +name: stackage-server +version: 0.1.0 diff --git a/etc/helm/templates/NOTES.txt b/etc/helm/templates/NOTES.txt new file mode 100644 index 0000000..3810c63 --- /dev/null +++ b/etc/helm/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "stackage-server.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "stackage-server.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "stackage-server.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "stackage-server.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/etc/helm/templates/_helpers.tpl b/etc/helm/templates/_helpers.tpl new file mode 100644 index 0000000..e023139 --- /dev/null +++ b/etc/helm/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "stackage-server.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "stackage-server.fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/etc/helm/templates/cron_deployment.yaml b/etc/helm/templates/cron_deployment.yaml new file mode 100644 index 0000000..5cf8ede --- /dev/null +++ b/etc/helm/templates/cron_deployment.yaml @@ -0,0 +1,63 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ .Values.cronName }} +spec: + replicas: 1 + minReadySeconds: 5 + strategy: + type: Recreate + template: + metadata: + labels: + app: {{ .Values.cronApp }} + spec: + imagePullSecrets: + - name: registry-key + volumes: + - name: stackage-server-cron-volume + secret: + secretName: {{ .Values.cronName }}-secret + containers: + - name: stackage-server-cron + image: {{ .Values.image.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: PGSTRING + valueFrom: + secretKeyRef: + name: {{ .Values.name }} + key: PGCONN + command: + - bash + - "-c" + - | + set -eux + source /secret/aws.sh + mkdir -p /work + cd /work + while true + do + date + stack update + /usr/local/bin/stackage-server-cron + sleep 5m + done + volumeMounts: + - name: stackage-server-cron-volume + readOnly: true + mountPath: /secret + resources: +{{ toYaml .Values.cronResources.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/etc/helm/templates/deployment.yaml b/etc/helm/templates/deployment.yaml new file mode 100644 index 0000000..6de83a7 --- /dev/null +++ b/etc/helm/templates/deployment.yaml @@ -0,0 +1,58 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ .Values.name }} +spec: + replicas: {{ .Values.image.replicas }} + minReadySeconds: 50 + template: + metadata: + labels: + app: {{ .Values.app }} + release: {{ .Release.Name }} + spec: + imagePullSecrets: + - name: registry-key + containers: + - name: stackage-server + image: {{ .Values.image.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 3000 + command: + - stackage-server + env: + - name: APPROOT + value: {{ .Values.image.env.approot | quote }} + - name: PGSTRING + valueFrom: + secretKeyRef: + name: {{ .Values.name }} + key: PGCONN + livenessProbe: + httpGet: + path: / + port: 3000 + readinessProbe: + httpGet: + path: / + port: 3000 + httpHeaders: + # Works around stackage-server's `forceSSL` redirect + - name: HTTPS + value: "on" + resources: +{{ toYaml .Values.stackageResources.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/etc/helm/templates/hoogle_deployment.yaml b/etc/helm/templates/hoogle_deployment.yaml new file mode 100644 index 0000000..20086ce --- /dev/null +++ b/etc/helm/templates/hoogle_deployment.yaml @@ -0,0 +1,65 @@ +apiVersion: extensions/v1beta1 +kind: Deployment +metadata: + name: {{ .Values.hoogleName }} +spec: + replicas: {{ .Values.image.replicas }} + template: + metadata: + labels: + app: {{ .Values.hoogleApp }} + spec: + imagePullSecrets: + - name: registry-key + containers: + - name: stackage-server-hoogle + image: {{ .Values.image.image }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 3000 + command: ["stackage-server"] + workingDir: /app + env: + - name: APPROOT + value: {{ .Values.image.env.approot | quote }} + - name: PGSTRING + valueFrom: + secretKeyRef: + name: {{ .Values.name }} + key: PGCONN + livenessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 120 + timeoutSeconds: 1 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: / + port: 3000 + httpHeaders: + # Works around stackage-server's `forceSSL` redirect + - name: HTTPS + value: "on" + initialDelaySeconds: 5 + timeoutSeconds: 1 + periodSeconds: 5 + successThreshold: 1 + resources: +{{ toYaml .Values.stackageResources.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/etc/helm/templates/hoogle_service.yaml b/etc/helm/templates/hoogle_service.yaml new file mode 100644 index 0000000..921b676 --- /dev/null +++ b/etc/helm/templates/hoogle_service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.hoogleName }} + labels: + app: {{ .Values.hoogleApp }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + - name: https + port: 443 + targetPort: http + protocol: TCP + selector: + app: {{ .Values.hoogleApp }} diff --git a/etc/helm/templates/ingress.yaml b/etc/helm/templates/ingress.yaml new file mode 100644 index 0000000..2232f8c --- /dev/null +++ b/etc/helm/templates/ingress.yaml @@ -0,0 +1,38 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := .Values.name -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app: {{ .Values.app }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + - host: {{ .Values.ingress.host }} + http: + paths: + - path: /haddock.* + backend: + serviceName: {{ .Values.name }} + servicePort: 80 + - path: /.+/hoogle + backend: + serviceName: {{ .Values.hoogleName }} + servicePort: 80 + - backend: + serviceName: {{ .Values.name }} + servicePort: 80 + tls: + - hosts: + {{- range .Values.ingress.hosts }} + - {{ . }} + {{- end }} + secretName: {{ $fullName }}-tls +{{- end }} diff --git a/etc/helm/templates/service.yaml b/etc/helm/templates/service.yaml new file mode 100644 index 0000000..eacb7f2 --- /dev/null +++ b/etc/helm/templates/service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.name }} + labels: + app: {{ .Values.app }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - name: http + port: 80 + targetPort: http + protocol: TCP + - name: https + port: 443 + targetPort: http + protocol: TCP + selector: + app: {{ template "stackage-server.name" . }} + release: {{ .Release.Name }} diff --git a/etc/helm/values.yaml b/etc/helm/values.yaml new file mode 100644 index 0000000..8ea85c0 --- /dev/null +++ b/etc/helm/values.yaml @@ -0,0 +1,16 @@ +image: + pullPolicy: IfNotPresent + minReadySeconds: 5 + +service: + type: ClusterIP + +ingress: + enabled: true + annotations: + kubernetes.io/ingress.class: "nginx" + kubernetes.io/tls-acme: "true" + nginx.ingress.kubernetes.io/use-regex: "true" + path: / + +resources: {} diff --git a/etc/helm/values/production.yaml b/etc/helm/values/production.yaml new file mode 100644 index 0000000..32af6c9 --- /dev/null +++ b/etc/helm/values/production.yaml @@ -0,0 +1,25 @@ +replicaCount: 1 + +image: + env: + approot: "stackage.org" + +stackageResources: + resources: + requests: + cpu: 100m + memory: 1.0Gi + limits: + cpu: 150m + memory: 1.5Gi + +cronResources: + resources: + requests: + cpu: 150m + memory: 2048Mi + limits: + cpu: 300m + memory: 4096Mi + + diff --git a/etc/helm/values/staging.yaml b/etc/helm/values/staging.yaml new file mode 100644 index 0000000..aabee67 --- /dev/null +++ b/etc/helm/values/staging.yaml @@ -0,0 +1,30 @@ +name: stackage-server-ci +app: stackage-server-ci +hoogleName: stackage-server-hoogle-ci +hoogleApp: stackage-server-hoogle-ci +cronName: stackage-server-cron-ci +cronApp: stackage-server-cron-ci + +image: + replicas: 1 + env: + #approot: "https://ci.stackage.org" + approot: "" + +stackageResources: + resources: + requests: + cpu: 100m + memory: 1.0Gi + limits: + cpu: 150m + memory: 1.5Gi + +cronResources: + resources: + requests: + cpu: 150m + memory: 1048Mi + limits: + cpu: 200m + memory: 2096Mi