Ci kubernetes chart update (#187)

* update helm chart from substrate * ci: change container image to kubetools

Ci kubernetes chart update (#187)
* update helm chart from substrate * ci: change container image to kubetools
6696c8ef · gabriel klawitter · GitHub · 8f19f8ab · 6696c8ef · 6696c8ef
Unverified Commit 6696c8ef authored Mar 26, 2019 by gabriel klawitter Committed by GitHub Mar 26, 2019
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -212,7 +212,7 @@ publish-s3-release:
  when:                            manual
  cache:                           {}
  retry:                           1
-  image:                           parity/kubectl-helm:$HELM_VERSION
+  image:                           parity/kubetools:latest
  <<:                              *build-only
  tags:
    # this is the runner that is used to deploy it

--- a/scripts/kubernetes/Chart.yaml
+++ b/scripts/kubernetes/Chart.yaml
 name: polkadot
-version: 0.1
+version: 0.2
 appVersion: 0.2.0
 description: Polkadot Node Implementation
 home: https://polkadot.network/

--- a/scripts/kubernetes/templates/poddisruptionbudget.yaml
+++ b/scripts/kubernetes/templates/poddisruptionbudget.yaml
 apiVersion: policy/v1beta1
 kind: PodDisruptionBudget
 metadata:
-  name: polkadot
+  name: {{ .Values.GitlabEnvSlug | default .Values.app }}
 spec:
  selector:
    matchLabels:
-      app: polkadot
+      app: {{ .Values.GitlabEnvSlug | default .Values.app }}
  maxUnavailable: 1
--- a/scripts/kubernetes/templates/service.yaml
+++ b/scripts/kubernetes/templates/service.yaml
@@ -5,9 +5,7 @@
 apiVersion: v1
 kind: Service
 metadata:
-  name: polkadot-rpc
+  name: {{ .Values.app }}-rpc
-  labels:
-    app: polkadot
 spec:
  ports:
  - port: 9933
@@ -15,15 +13,16 @@ spec:
  - port: 9944
    name: websocket-rpc
  selector:
-    app: polkadot
+    app: {{ .Values.GitlabEnvSlug | default .Values.app }}
  sessionAffinity: None
  type: ClusterIP
  clusterIP: None
 ---
+{{- if .Values.listen_node_port }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: polkadot
+  name: {{ .Values.app }}
 spec:
  ports:
  - port: 30333
@@ -31,9 +30,25 @@ spec:
    nodePort: 30333
    protocol: TCP
  selector:
-    app: polkadot
+    app: {{ .Values.GitlabEnvSlug | default .Values.app }}
  sessionAffinity: None
  type: NodePort
  # don't route exteral traffic to non-local pods
  externalTrafficPolicy: Local
+{{- else if .Values.validator.keys }}
+{{- $root := . -}}
+{{- range until (int .Values.nodes.replicas) }}
+---
+kind: Service
+apiVersion: v1
+metadata:
+  name: {{ $root.Values.app }}-{{ . }}
+spec:
+  selector:
+    statefulset.kubernetes.io/pod-name: {{ $root.Values.app }}-{{ . }}
+  ports:
+    - port: 30333
+      targetPort: 30333
+      protocol: TCP
+{{- end }}
+{{- end }}
--- a/scripts/kubernetes/templates/serviceaccount.yaml
+++ b/scripts/kubernetes/templates/serviceaccount.yaml
@@ -5,8 +5,6 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  labels:
-    app: polkadot
+    app: {{ .Values.GitlabEnvSlug | default .Values.app }}
-    chart: {{ .Chart.Name }}-{{ .Chart.Version }}
-    release: {{ .Release.Name }}
  name: {{ .Values.rbac.name }}
 {{- end }}
--- a/scripts/kubernetes/templates/statefulset.yaml
+++ b/scripts/kubernetes/templates/statefulset.yaml
@@ -3,12 +3,12 @@
 apiVersion: apps/v1
 kind: StatefulSet
 metadata:
-  name: polkadot
+  name: {{ .Values.app }}
 spec:
  selector:
    matchLabels:
-      app: polkadot
+      app: {{ .Values.GitlabEnvSlug | default .Values.app }}
-  serviceName: polkadot
+  serviceName: {{ .Values.app }}
  replicas: {{ .Values.nodes.replicas }}
  updateStrategy:
    type: RollingUpdate
@@ -16,7 +16,7 @@ spec:
  template:
    metadata:
      labels:
-        app: polkadot
+        app: {{ .Values.GitlabEnvSlug | default .Values.app }}
    spec:
      {{- if .Values.rbac.enable }}
      serviceAccountName: {{ .Values.rbac.name }}
@@ -31,7 +31,8 @@ spec:
                - key: node
                  operator: In
                  values:
-                  - polkadot
+                  - {{ .Values.node_group }}
+        {{- if .Values.listen_node_port }}
        podAntiAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            - labelSelector:
@@ -39,11 +40,41 @@ spec:
                  - key: "app"
                    operator: In
                    values:
-                    - polkadot
+                    - {{ .Values.app }}
              topologyKey: "kubernetes.io/hostname"
+        {{- end }}
      terminationGracePeriodSeconds: 300
+      {{- if .Values.validator.keys }}
+      volumes:
+        - name: {{ .Values.app }}-validator-secrets
+          secret:
+            secretName: {{ .Values.app }}-secrets
+      initContainers:
+      - name: prepare-secrets
+        image: busybox
+        command: [ "/bin/sh" ]
+        args:
+          - -c
+          - sed -n -r "s/^${POD_NAME}-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/key;
+            sed -n -r "s/^${POD_NAME}-node-key ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/node-key;
+            sed -n -r "s/^${POD_NAME}-name ([^ ]+)$/\1/p" /etc/validator/secrets > {{ .Values.image.basepath }}/name;
+            test -s {{ .Values.image.basepath }}/name || echo "${POD_NAME}" > {{ .Values.image.basepath }}/name
+        env:
+          # from (workaround for hostname)
+          # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
+          - name: POD_NAME
+            valueFrom:
+              fieldRef:
+                fieldPath: metadata.name
+        volumeMounts:
+        - name: {{ .Values.app }}-validator-secrets
+          readOnly: true
+          mountPath: "/etc/validator"
+        - name: {{ .Values.app }}dir
+          mountPath: {{ .Values.image.basepath }}
+      {{- end }}
      containers:
-      - name: polkapod
+      - name: {{ .Values.app }}
        imagePullPolicy: "{{ .Values.image.pullPolicy }}"
        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
        {{- if .Values.resources }}
@@ -59,40 +90,46 @@ spec:
          name: http-rpc
        - containerPort: 9944
          name: websocket-rpc
+        command: ["/bin/sh"]
        args:
-          - --base-path
+          - -c
-          - {{ .Values.image.basepath }}
+          - exec {{ .Values.image.executable }}
-          - --name
+            --base-path {{ .Values.image.basepath }}
-          - $(MY_POD_NAME)
+            {{- if .Values.validator.keys }}
-        {{- range .Values.nodes.args }}
+            --validator
-          - {{ . }}
+            --name $(cat {{ .Values.image.basepath }}/name)
-        {{- end }}
+            --key $(cat {{ .Values.image.basepath }}/key)
+            --node-key $(cat {{ .Values.image.basepath }}/node-key)
+            {{- else }}
+            --name $(POD_NAME)
+            {{- end }}
+            {{- range .Values.nodes.args }} {{ . }} {{- end }}
        env:
-          # from (workaround for hostname)
+          - name: POD_NAME
-          # https://kubernetes.io/docs/tasks/inject-data-application/environment-variable-expose-pod-information/
-          - name: MY_POD_NAME
            valueFrom:
              fieldRef:
                fieldPath: metadata.name
        volumeMounts:
-        - name: polkadir
+        - name: {{ .Values.app }}dir
          mountPath: {{ .Values.image.basepath }}
        readinessProbe:
-          tcpSocket:
+          httpGet:
+            path: /health
            port: http-rpc
-          initialDelaySeconds: 30
+          initialDelaySeconds: 10
-          periodSeconds: 30
+          periodSeconds: 10
        livenessProbe:
-          tcpSocket:
+          httpGet:
+            path: /health
            port: http-rpc
-          initialDelaySeconds: 30
+          initialDelaySeconds: 10
-          periodSeconds: 30
+          periodSeconds: 10
      securityContext:
        runAsUser: 1000
        fsGroup: 1000
  volumeClaimTemplates:
  - metadata:
-      name: polkadir
+      name: {{ .Values.app }}dir
    spec:
      accessModes: [ "ReadWriteOnce" ]
      storageClassName: ssd

--- a/scripts/kubernetes/values.yaml
+++ b/scripts/kubernetes/values.yaml
@@ -4,6 +4,7 @@ image:
  tag: latest
  pullPolicy: Always
  basepath: /polkadot
+  executable: /usr/local/bin/polkadot
 # if set to true a service account for polkadot will be created
@@ -11,12 +12,16 @@ rbac:
  enable: true
  name: polkadot
+# name of the statefulset
+app: polkadot
+node_group: polkadot
+listen_node_port: true
 nodes:
  replicas: 2
  args:
    - --chain
-    - krummelanke
+    - alexander
    # serve rpc within the local network
    # - fenced off the world via firewall
    # - used for health checks
@@ -24,11 +29,11 @@ nodes:
    - --ws-external
    # - --log
    # - sub-libp2p=trace
-    # - --validator
-    # - --key
-    # - key_name
+validator: {}
+# providing 'keys' string via --set commandline parameter will run the nodes
+# in validator mode (--validator).
 # maybe adopt resource limits here to the nodes of the pool
 # resources: