diff --git a/charts/provider/Chart.yaml b/charts/provider/Chart.yaml index 009fa06a..4d7b1ed8 100644 --- a/charts/provider/Chart.yaml +++ b/charts/provider/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.1.0 +version: 0.2.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/provider/templates/NOTES.txt b/charts/provider/templates/NOTES.txt deleted file mode 100644 index 34492ac2..00000000 --- a/charts/provider/templates/NOTES.txt +++ /dev/null @@ -1,21 +0,0 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ . }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "provider.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "provider.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "provider.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "provider.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:80 -{{- end }} diff --git a/charts/provider/templates/deployment.yaml b/charts/provider/templates/deployment.yaml index ca75721b..eedd31f3 100644 --- a/charts/provider/templates/deployment.yaml +++ b/charts/provider/templates/deployment.yaml @@ -1,61 +1,340 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "provider.fullname" . }} - labels: - {{- include "provider.labels" . | nindent 4 }} + name: akash-provider spec: -{{- if not .Values.autoscaling.enabled }} - replicas: {{ .Values.replicaCount }} -{{- end }} selector: matchLabels: - {{- include "provider.selectorLabels" . | nindent 6 }} + app: akash-provider template: metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }} labels: - {{- include "provider.selectorLabels" . | nindent 8 }} + app: akash-provider spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - serviceAccountName: {{ include "provider.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.podSecurityContext | nindent 8 }} + serviceAccountName: akash-provider containers: - - name: {{ .Chart.Name }} - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + - name: akash-provider + image: ghcr.io/ovrclk/akash:stable + imagePullPolicy: IfNotPresent + command: ["/bin/sh", "/boot/run.sh"] + env: + ## + # boot config + ## + + # location of key export. must contain two files: + # + # key.txt: exported wallet key + # key-pass.txt: password used to encrypt exported key + - name: AKASH_BOOT_KEYS + value: /boot-keys + + ## + # cosmos-sdk client config + ## + + # --home + - name: AKASH_HOME + valueFrom: + configMapKeyRef: + name: akash-client-config + key: home + + # --from + - name: AKASH_FROM + valueFrom: + configMapKeyRef: + name: akash-client-config + key: from + + # --node + - name: AKASH_NODE + valueFrom: + configMapKeyRef: + name: akash-client-config + key: node + + # --chain-id + - name: AKASH_CHAIN_ID + valueFrom: + configMapKeyRef: + name: akash-client-config + key: chain-id + + # --keyring-backend + - name: AKASH_KEYRING_BACKEND + valueFrom: + configMapKeyRef: + name: akash-client-config + key: keyring-backend + + # --trust-node + - name: AKASH_TRUST_NODE + valueFrom: + configMapKeyRef: + name: akash-client-config + key: trust-node + + ## + # akash-provider config + ## + + - name: AKASH_AUTH_PEM + valueFrom: + secretKeyRef: + name: akash-provider-keys + key: provider-cert.pem + + # include unique hostnames for apps + - name: AKASH_DEPLOYMENT_RUNTIME_CLASS + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: deployment-runtime-class + optional: true + + # include unique hostnames for apps + - name: AKASH_DEPLOYMENT_INGRESS_STATIC_HOSTS + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: ingress-static-hosts + optional: true + + # domain to host unique app hostnames on + # (required if AKASH_DEPLOYMENT_INGRESS_STATIC_HOSTS is "true") + - name: AKASH_DEPLOYMENT_INGRESS_DOMAIN + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: ingress-domain + optional: true + + # return load balancer host in lease status command + - name: AKASH_DEPLOYMENT_INGRESS_EXPOSE_LB_HOSTS + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: ingress-expose-lb-hosts + optional: true + + # return load balancer host in lease status command + - name: AKASH_DEPLOYMENT_NETWORK_POLICIES_ENABLED + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: network-policies-enabled + optional: true + + - name: AKASH_MAX_UNIT_CPU + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-unit-cpu + optional: true + + - name: AKASH_MAX_UNIT_MEMORY + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-unit-memory + optional: true + + - name: AKASH_MAX_UNIT_STORAGE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-unit-storage + optional: true + + - name: AKASH_MAX_UNIT_COUNT + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-unit-count + optional: true + + - name: AKASH_MAX_UNIT_PRICE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-unit-price + optional: true + + - name: AKASH_MIN_UNIT_CPU + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: min-unit-cpu + optional: true + + - name: AKASH_MIN_UNIT_MEMORY + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: min-unit-memory + optional: true + + - name: AKASH_MIN_UNIT_STORAGE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: min-unit-storage + optional: true + + - name: AKASH_MIN_UNIT_COUNT + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: min-unit-count + optional: true + + - name: AKASH_MIN_UNIT_PRICE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: min-unit-price + optional: true + + - name: AKASH_MAX_GROUP_COUNT + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-group-count + optional: true + + - name: AKASH_MAX_GROUP_UNITS + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-group-units + optional: true + + - name: AKASH_MAX_GROUP_CPU + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-group-cpu + optional: true + + - name: AKASH_MAX_GROUP_MEMORY + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-group-memory + optional: true + + - name: AKASH_MAX_GROUP_STORAGE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: max-group-storage + optional: true + + - name: AKASH_MEM_PRICE_MIN + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: mem-price-min + optional: true + + - name: AKASH_CLUSTER_PUBLIC_HOSTNAME + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: cluster-public-hostname + optional: true + + - name: AKASH_CLUSTER_NODE_PORT_QUANTITY + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: cluster-node-port-quantity + optional: true + + - name: AKASH_CLUSTER_WAIT_READY_DURATION + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: cluster_wait-ready-duration + optional: true + + - name: AKASH_INVENTORY_RESOURCE_POLL_PERIOD + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: inventory-resource-poll-period + optional: true + + - name: AKASH_INVENTORY_RESOURCE_DEBUG_FREQUENCY + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: inventory-resource-debug-freq + optional: true + + - name: AKASH_BID_PRICE_STRATEGY + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-price-strategy + optional: true + + - name: AKASH_BID_PRICE_CPU_SCALE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-cpu-scale + optional: true + + - name: AKASH_BID_PRICE_MEMORY_SCALE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-memory-scale + optional: true + + - name: AKASH_BID_PRICE_STORAGE_SCALE + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-storage-scale + optional: true + + - name: AKASH_BID_PRICE_SCRIPT_PATH + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-script-path + optional: true + + - name: AKASH_BID_PRICE_SCRIPT_PROCESS_LIMIT + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-script-process-limit + optional: true + + - name: AKASH_BID_PRICE_SCRIPT_PROCESS_TIMEOUT + valueFrom: + configMapKeyRef: + name: akash-provider-config + key: bid-script-process-timeout + optional: true ports: - - name: http - containerPort: 80 - protocol: TCP - livenessProbe: - httpGet: - path: / - port: http - readinessProbe: - httpGet: - path: / - port: http - resources: - {{- toYaml .Values.resources | nindent 12 }} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.affinity }} - affinity: - {{- toYaml . | nindent 8 }} - {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} + - name: gateway + containerPort: 8443 + volumeMounts: + - name: boot + mountPath: /boot + readOnly: true + - name: keys + mountPath: /boot-keys + readOnly: true + volumes: + - name: boot + configMap: + name: akash-provider-boot + - name: keys + secret: + secretName: akash-provider-keys diff --git a/charts/provider/templates/hpa.yaml b/charts/provider/templates/hpa.yaml deleted file mode 100644 index e6b68a53..00000000 --- a/charts/provider/templates/hpa.yaml +++ /dev/null @@ -1,28 +0,0 @@ -{{- if .Values.autoscaling.enabled }} -apiVersion: autoscaling/v2beta1 -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "provider.fullname" . }} - labels: - {{- include "provider.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "provider.fullname" . }} - minReplicas: {{ .Values.autoscaling.minReplicas }} - maxReplicas: {{ .Values.autoscaling.maxReplicas }} - metrics: - {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} diff --git a/charts/provider/templates/ingress.yaml b/charts/provider/templates/ingress.yaml index c3253af5..a654e4e5 100644 --- a/charts/provider/templates/ingress.yaml +++ b/charts/provider/templates/ingress.yaml @@ -1,41 +1,21 @@ -{{- if .Values.ingress.enabled -}} -{{- $fullName := include "provider.fullname" . -}} -{{- $svcPort := .Values.service.port -}} -{{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} +apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ $fullName }} - labels: - {{- include "provider.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + name: akash-provider annotations: - {{- toYaml . | nindent 4 }} - {{- end }} + nginx.ingress.kubernetes.io/ssl-passthrough: "true" + nginx.ingress.kubernetes.io/secure-backends: "true" + nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" + nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" spec: - {{- if .Values.ingress.tls }} - tls: - {{- range .Values.ingress.tls }} - - hosts: - {{- range .hosts }} - - {{ . | quote }} - {{- end }} - secretName: {{ .secretName }} - {{- end }} - {{- end }} rules: - {{- range .Values.ingress.hosts }} - - host: {{ .host | quote }} + - host: akash-provider.localhost http: paths: - {{- range .paths }} - - path: {{ . }} + - path: / + pathType: Prefix backend: - serviceName: {{ $fullName }} - servicePort: {{ $svcPort }} - {{- end }} - {{- end }} - {{- end }} + service: + name: akash-provider + port: + name: gateway diff --git a/charts/provider/templates/rbac.yaml b/charts/provider/templates/rbac.yaml new file mode 100644 index 00000000..01db79bb --- /dev/null +++ b/charts/provider/templates/rbac.yaml @@ -0,0 +1,11 @@ +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: akash-provider-admin +subjects: + - kind: ServiceAccount + name: akash-provider +roleRef: + kind: ClusterRole + name: cluster-admin + apiGroup: rbac.authorization.k8s.io diff --git a/charts/provider/templates/service.yaml b/charts/provider/templates/service.yaml index 25c7228f..421d1e7c 100644 --- a/charts/provider/templates/service.yaml +++ b/charts/provider/templates/service.yaml @@ -1,15 +1,10 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "provider.fullname" . }} - labels: - {{- include "provider.labels" . | nindent 4 }} + name: akash-provider spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: http - protocol: TCP - name: http selector: - {{- include "provider.selectorLabels" . | nindent 4 }} + app: akash-provider + ports: + - name: gateway + port: 8443 diff --git a/charts/provider/templates/serviceaccount.yaml b/charts/provider/templates/serviceaccount.yaml index a2285060..f102564a 100644 --- a/charts/provider/templates/serviceaccount.yaml +++ b/charts/provider/templates/serviceaccount.yaml @@ -1,12 +1,4 @@ -{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: - name: {{ include "provider.serviceAccountName" . }} - labels: - {{- include "provider.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} + name: akash-provider