Loading .gitlab-ci.yml +0 −7 Original line number Diff line number Diff line Loading @@ -88,13 +88,6 @@ build:jre: CONTEXT_DIR: $CI_PROJECT_DIR/images/jre needs: ["build:base"] build:kubectl: extends: .docker-build stage: build-2 variables: CONTEXT_DIR: $CI_PROJECT_DIR/images/kubectl needs: ["build:base"] build:rsync: extends: .docker-build stage: build-2 Loading deploy/kubernetes/chart/templates/_helpers.tpl +17 −10 Original line number Diff line number Diff line Loading @@ -49,8 +49,8 @@ Produces an image specification. */}} {{- define "esgf.component.image" -}} {{- $context := index . 0 -}} {{- $component := index . 1 -}} {{- $image := mergeOverwrite $context.Values.image $component.image -}} {{- $overrides := index . 1 -}} {{- $image := mergeOverwrite $context.Values.image $overrides -}} image: {{ printf "%s/%s:%s" $image.prefix $image.repository $image.tag }} imagePullPolicy: {{ $image.pullPolicy }} {{- end -}} Loading @@ -63,31 +63,38 @@ Produces an image specification with the correct nesting for use in deployments. {{- end -}} {{/* Produces a volume name from a mount path Produces a volume name for the given volume configuration. */}} {{- define "esgf.data.volumeName" -}} {{- regexReplaceAll "[^a-zA-Z0-9]+" . "-" | trimAll "-" -}} {{- if .name -}} {{- .name -}} {{- else -}} {{- regexReplaceAll "[^a-zA-Z0-9]+" .mountPath "-" | trimAll "-" -}} {{- end -}} {{- end -}} {{/* Produces volume definitions for the specified data volumes. Produces pod volume definitions for the configured data volumes. */}} {{- define "esgf.data.volumes" -}} {{- range .Values.data.mounts }} - name: {{ include "esgf.data.volumeName" .mountPath | quote }} {{- toYaml .volume | nindent 2 }} - name: {{ include "esgf.data.volumeName" . | quote }} {{ toYaml .volumeSpec | indent 2 | trim }} {{- end }} {{- end -}} {{/* Produces volume mount definitions for the specified data volumes. The produced mounts will always be read-only. */}} {{- define "esgf.data.volumeMounts" -}} {{- range .Values.data.mounts }} - name: {{ include "esgf.data.volumeName" .mountPath | quote }} - name: {{ include "esgf.data.volumeName" . | quote }} mountPath: {{ .mountPath }} readOnly: true {{- with (omit . "volume") }} {{- toYaml . | nindent 2 }} {{- with (omit (default dict .mountOptions) "readOnly") }} {{ toYaml . | indent 2 | trim }} {{- end }} {{- end }} {{- end -}} deploy/kubernetes/chart/templates/fileServer/deployment.yaml +2 −1 Original line number Diff line number Diff line Loading @@ -25,11 +25,12 @@ spec: {{- end }} containers: - name: file-server {{ include "esgf.deployment.image" (list . $fileServer) }} {{ include "esgf.deployment.image" (list . $fileServer.image) }} resources: {{ toYaml $fileServer.resources | nindent 12 }} ports: - name: http containerPort: 8080 env: {{ toYaml $fileServer.extraEnv | nindent 12 }} readinessProbe: &probe httpGet: path: / Loading deploy/kubernetes/chart/templates/thredds/configmap.yaml +1 −1 Original line number Diff line number Diff line {{- if (and .Values.data.thredds.enabled (not .Values.data.catalogVolume.volume)) -}} {{- if (and .Values.data.thredds.enabled (not .Values.data.thredds.catalogVolume)) -}} apiVersion: v1 kind: ConfigMap metadata: Loading deploy/kubernetes/chart/templates/thredds/daemonset.yaml 0 → 100644 +146 −0 Original line number Diff line number Diff line {{- $thredds := .Values.data.thredds -}} {{- if (and $thredds.enabled $thredds.catalogVolume $thredds.localCache.enabled) -}} #### # When the local cache is enabled, this daemonset will initialise the local caches for each host #### apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ include "esgf.component.fullname" (list . "thredds-prepare-node") }} labels: {{ include "esgf.component.labels" (list . "thredds-prepare-node") | nindent 4 }} spec: updateStrategy: type: RollingUpdate # Allow all pods on all nodes to update at once rollingUpdate: maxUnavailable: "100%" selector: matchLabels: {{ include "esgf.component.selectorLabels" (list . "thredds-prepare-node") | nindent 6 }} template: metadata: labels: {{ include "esgf.component.selectorLabels" (list . "thredds-prepare-node") | nindent 8 }} annotations: # Roll the daemonset on each revision to pick up new catalogs release/revision: {{ .Release.Revision | quote }} spec: {{- with (default .Values.image.pullSecrets $thredds.image.pullSecrets) }} imagePullSecrets: {{ toYaml . | nindent 8 }} {{- end }} {{- with .Values.data.podSecurityContext }} securityContext: {{ toYaml . | nindent 8 }} {{- end }} initContainers: - name: fix-permissions {{ include "esgf.deployment.image" (list . $thredds.image) }} env: - name: CHOWN_UID value: {{ pluck "runAsUser" .Values.data.securityContext .Values.data.podSecurityContext (dict "runAsUser" 1000) | first | quote }} - name: CHOWN_GID value: {{ pluck "fsGroup" .Values.data.securityContext .Values.data.podSecurityContext (dict "fsGroup" 1000) | first | quote }} args: - chown - "$(CHOWN_UID):$(CHOWN_GID)" - /thredds/cache - /thredds/catalogs securityContext: runAsUser: 0 {{- with (omit .Values.data.securityContext "runAsUser") }} {{ toYaml . | indent 12 | trim }} {{- end }} volumeMounts: - name: thredds-cache mountPath: /thredds/cache - name: thredds-local-catalogs mountPath: /thredds/catalogs - name: copy-catalogs {{ include "esgf.deployment.image" (list . $thredds.localCache.rsyncImage) }} # Use rsync so we only copy over catalogs that have changed args: - rsync - -avzh - /thredds/catalogs/ - /thredds/local-catalogs {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: thredds-local-catalogs mountPath: /thredds/local-catalogs - name: thredds-catalogs mountPath: /thredds/catalogs readOnly: true {{- with (omit (default dict $thredds.catalogVolume.mountOptions) "readOnly") }} {{ toYaml . | indent 14 | trim }} {{- end }} - name: rebuild-cache {{ include "esgf.deployment.image" (list . $thredds.image) }} args: # Start THREDDS in order to build the cache # Once it has started successfully, stop it - bash - -c - | set -ex # Setting a PID file is critical to allowing us to stop tomcat later export CATALINA_PID="$(mktemp)" # Start tomcat in the background catalina.sh start # Wait for THREDDS to start sleep 10 until curl -fsSL http://localhost:8080/thredds > /dev/null; do true; done # Stop tomcat and exit catalina.sh stop {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: thredds-local-catalogs mountPath: /opt/tomcat/content/thredds/esgcet readOnly: true - name: thredds-cache mountPath: /opt/tomcat/content/thredds/cache - name: write-revision-file {{ include "esgf.deployment.image" (list . $thredds.image) }} env: - name: RELEASE_REVISION value: {{ .Release.Revision | quote }} args: # Loop until the sentinel file exists and contains the correct revision # This indicates that the daemonset has initialised the node for this revision - bash - -c - echo "$(RELEASE_REVISION)" > /thredds/cache/revision.txt {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: thredds-cache mountPath: /thredds/cache containers: # All the work is done in the init containers # The main container just sits and does nothing until the daemonset is rolled - name: pause {{ include "esgf.deployment.image" (list . $thredds.image) }} args: [bash, -c, "sleep infinity"] {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- with $thredds.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} {{- with $thredds.affinity }} affinity: {{ toYaml . | nindent 8 }} {{- end }} {{- with $thredds.tolerations }} tolerations: {{ toYaml . | nindent 8 }} {{- end }} volumes: - name: thredds-local-catalogs hostPath: path: {{ printf "%s/%s/%s/catalogs" $thredds.localCache.pathPrefix .Release.Namespace .Release.Name | quote }} - name: thredds-catalogs {{ toYaml $thredds.catalogVolume.volumeSpec | indent 10 | trim }} - name: thredds-cache hostPath: path: {{ printf "%s/%s/%s/cache" $thredds.localCache.pathPrefix .Release.Namespace .Release.Name | quote }} {{- end -}} Loading
.gitlab-ci.yml +0 −7 Original line number Diff line number Diff line Loading @@ -88,13 +88,6 @@ build:jre: CONTEXT_DIR: $CI_PROJECT_DIR/images/jre needs: ["build:base"] build:kubectl: extends: .docker-build stage: build-2 variables: CONTEXT_DIR: $CI_PROJECT_DIR/images/kubectl needs: ["build:base"] build:rsync: extends: .docker-build stage: build-2 Loading
deploy/kubernetes/chart/templates/_helpers.tpl +17 −10 Original line number Diff line number Diff line Loading @@ -49,8 +49,8 @@ Produces an image specification. */}} {{- define "esgf.component.image" -}} {{- $context := index . 0 -}} {{- $component := index . 1 -}} {{- $image := mergeOverwrite $context.Values.image $component.image -}} {{- $overrides := index . 1 -}} {{- $image := mergeOverwrite $context.Values.image $overrides -}} image: {{ printf "%s/%s:%s" $image.prefix $image.repository $image.tag }} imagePullPolicy: {{ $image.pullPolicy }} {{- end -}} Loading @@ -63,31 +63,38 @@ Produces an image specification with the correct nesting for use in deployments. {{- end -}} {{/* Produces a volume name from a mount path Produces a volume name for the given volume configuration. */}} {{- define "esgf.data.volumeName" -}} {{- regexReplaceAll "[^a-zA-Z0-9]+" . "-" | trimAll "-" -}} {{- if .name -}} {{- .name -}} {{- else -}} {{- regexReplaceAll "[^a-zA-Z0-9]+" .mountPath "-" | trimAll "-" -}} {{- end -}} {{- end -}} {{/* Produces volume definitions for the specified data volumes. Produces pod volume definitions for the configured data volumes. */}} {{- define "esgf.data.volumes" -}} {{- range .Values.data.mounts }} - name: {{ include "esgf.data.volumeName" .mountPath | quote }} {{- toYaml .volume | nindent 2 }} - name: {{ include "esgf.data.volumeName" . | quote }} {{ toYaml .volumeSpec | indent 2 | trim }} {{- end }} {{- end -}} {{/* Produces volume mount definitions for the specified data volumes. The produced mounts will always be read-only. */}} {{- define "esgf.data.volumeMounts" -}} {{- range .Values.data.mounts }} - name: {{ include "esgf.data.volumeName" .mountPath | quote }} - name: {{ include "esgf.data.volumeName" . | quote }} mountPath: {{ .mountPath }} readOnly: true {{- with (omit . "volume") }} {{- toYaml . | nindent 2 }} {{- with (omit (default dict .mountOptions) "readOnly") }} {{ toYaml . | indent 2 | trim }} {{- end }} {{- end }} {{- end -}}
deploy/kubernetes/chart/templates/fileServer/deployment.yaml +2 −1 Original line number Diff line number Diff line Loading @@ -25,11 +25,12 @@ spec: {{- end }} containers: - name: file-server {{ include "esgf.deployment.image" (list . $fileServer) }} {{ include "esgf.deployment.image" (list . $fileServer.image) }} resources: {{ toYaml $fileServer.resources | nindent 12 }} ports: - name: http containerPort: 8080 env: {{ toYaml $fileServer.extraEnv | nindent 12 }} readinessProbe: &probe httpGet: path: / Loading
deploy/kubernetes/chart/templates/thredds/configmap.yaml +1 −1 Original line number Diff line number Diff line {{- if (and .Values.data.thredds.enabled (not .Values.data.catalogVolume.volume)) -}} {{- if (and .Values.data.thredds.enabled (not .Values.data.thredds.catalogVolume)) -}} apiVersion: v1 kind: ConfigMap metadata: Loading
deploy/kubernetes/chart/templates/thredds/daemonset.yaml 0 → 100644 +146 −0 Original line number Diff line number Diff line {{- $thredds := .Values.data.thredds -}} {{- if (and $thredds.enabled $thredds.catalogVolume $thredds.localCache.enabled) -}} #### # When the local cache is enabled, this daemonset will initialise the local caches for each host #### apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ include "esgf.component.fullname" (list . "thredds-prepare-node") }} labels: {{ include "esgf.component.labels" (list . "thredds-prepare-node") | nindent 4 }} spec: updateStrategy: type: RollingUpdate # Allow all pods on all nodes to update at once rollingUpdate: maxUnavailable: "100%" selector: matchLabels: {{ include "esgf.component.selectorLabels" (list . "thredds-prepare-node") | nindent 6 }} template: metadata: labels: {{ include "esgf.component.selectorLabels" (list . "thredds-prepare-node") | nindent 8 }} annotations: # Roll the daemonset on each revision to pick up new catalogs release/revision: {{ .Release.Revision | quote }} spec: {{- with (default .Values.image.pullSecrets $thredds.image.pullSecrets) }} imagePullSecrets: {{ toYaml . | nindent 8 }} {{- end }} {{- with .Values.data.podSecurityContext }} securityContext: {{ toYaml . | nindent 8 }} {{- end }} initContainers: - name: fix-permissions {{ include "esgf.deployment.image" (list . $thredds.image) }} env: - name: CHOWN_UID value: {{ pluck "runAsUser" .Values.data.securityContext .Values.data.podSecurityContext (dict "runAsUser" 1000) | first | quote }} - name: CHOWN_GID value: {{ pluck "fsGroup" .Values.data.securityContext .Values.data.podSecurityContext (dict "fsGroup" 1000) | first | quote }} args: - chown - "$(CHOWN_UID):$(CHOWN_GID)" - /thredds/cache - /thredds/catalogs securityContext: runAsUser: 0 {{- with (omit .Values.data.securityContext "runAsUser") }} {{ toYaml . | indent 12 | trim }} {{- end }} volumeMounts: - name: thredds-cache mountPath: /thredds/cache - name: thredds-local-catalogs mountPath: /thredds/catalogs - name: copy-catalogs {{ include "esgf.deployment.image" (list . $thredds.localCache.rsyncImage) }} # Use rsync so we only copy over catalogs that have changed args: - rsync - -avzh - /thredds/catalogs/ - /thredds/local-catalogs {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: thredds-local-catalogs mountPath: /thredds/local-catalogs - name: thredds-catalogs mountPath: /thredds/catalogs readOnly: true {{- with (omit (default dict $thredds.catalogVolume.mountOptions) "readOnly") }} {{ toYaml . | indent 14 | trim }} {{- end }} - name: rebuild-cache {{ include "esgf.deployment.image" (list . $thredds.image) }} args: # Start THREDDS in order to build the cache # Once it has started successfully, stop it - bash - -c - | set -ex # Setting a PID file is critical to allowing us to stop tomcat later export CATALINA_PID="$(mktemp)" # Start tomcat in the background catalina.sh start # Wait for THREDDS to start sleep 10 until curl -fsSL http://localhost:8080/thredds > /dev/null; do true; done # Stop tomcat and exit catalina.sh stop {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: thredds-local-catalogs mountPath: /opt/tomcat/content/thredds/esgcet readOnly: true - name: thredds-cache mountPath: /opt/tomcat/content/thredds/cache - name: write-revision-file {{ include "esgf.deployment.image" (list . $thredds.image) }} env: - name: RELEASE_REVISION value: {{ .Release.Revision | quote }} args: # Loop until the sentinel file exists and contains the correct revision # This indicates that the daemonset has initialised the node for this revision - bash - -c - echo "$(RELEASE_REVISION)" > /thredds/cache/revision.txt {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: thredds-cache mountPath: /thredds/cache containers: # All the work is done in the init containers # The main container just sits and does nothing until the daemonset is rolled - name: pause {{ include "esgf.deployment.image" (list . $thredds.image) }} args: [bash, -c, "sleep infinity"] {{- with .Values.data.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- with $thredds.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} {{- with $thredds.affinity }} affinity: {{ toYaml . | nindent 8 }} {{- end }} {{- with $thredds.tolerations }} tolerations: {{ toYaml . | nindent 8 }} {{- end }} volumes: - name: thredds-local-catalogs hostPath: path: {{ printf "%s/%s/%s/catalogs" $thredds.localCache.pathPrefix .Release.Namespace .Release.Name | quote }} - name: thredds-catalogs {{ toYaml $thredds.catalogVolume.volumeSpec | indent 10 | trim }} - name: thredds-cache hostPath: path: {{ printf "%s/%s/%s/cache" $thredds.localCache.pathPrefix .Release.Namespace .Release.Name | quote }} {{- end -}}
