-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(charts): begin adding a distinct chart for Nx Agents
As we narrow down our recommended deployment strategy for on-premise agents, we are finding that the separate cluster is the more appropriate method for reliability. This starts to break out the controller deployment and other required elements from the core nx-cloud chart. Once complete, we can publish a third nx-cloud-full chart that will contain both other charts for the less optimal single-cluster solution.
- Loading branch information
1 parent
a7171a7
commit 3f9880a
Showing
11 changed files
with
344 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
apiVersion: v2 | ||
name: nx-agents | ||
description: Nx Cloud Agents Helm Chart | ||
type: application | ||
version: 0.1.0 | ||
maintainers: | ||
- name: nx | ||
url: "https://nx.app/" | ||
appVersion: "v1.alpha" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
{{- define "nxCloud.app.name" }} | ||
{{- default .Chart.Name .Values.naming.nameOverride | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Create chart name and version as used by the chart label. | ||
*/}} | ||
{{- define "nxCloud.app.chartName" }} | ||
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} | ||
{{- end }} | ||
|
||
{{/* | ||
Selector labels | ||
*/}} | ||
{{- define "nxCloud.app.selectorLabels" }} | ||
app.kubernetes.io/name: {{ include "nxCloud.app.name" . }} | ||
app.kubernetes.io/instance: {{ .Release.Name }} | ||
{{- end }} | ||
|
||
{/* | ||
Common labels | ||
*/}} | ||
{{- define "nxCloud.app.labels" }} | ||
helm.sh/chart: {{ include "nxCloud.app.chartName" . }} | ||
{{- include "nxCloud.app.selectorLabels" . }} | ||
{{- if .Chart.AppVersion }} | ||
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} | ||
{{- end }} | ||
app.kubernetes.io/managed-by: {{ .Release.Service }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,35 @@ | ||
{{/* | ||
Return the proper image name | ||
Helper copied from bitnami/common: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_images.tpl | ||
and modified to support global imageTag | ||
{{ include "common.images.image" ( dict "imageRoot" .Values.path.to.the.image "global" .Values.global "image" .Values.image ) }} | ||
*/}} | ||
{{- define "nxCloud.images.common" }} | ||
{{- $registryName := .imageRoot.registry }} | ||
{{- $repositoryName := default .imageRoot.repository .global.imageRepository }} | ||
{{- $imageName := .imageRoot.imageName }} | ||
{{- $separator := ":" }} | ||
{{- $termination := default .global.imageTag .imageRoot.tag | toString }} | ||
{{- if .global }} | ||
{{- if .global.imageRegistry }} | ||
{{- $registryName = .global.imageRegistry }} | ||
{{- end }} | ||
{{- end }} | ||
{{- if .imageRoot.digest }} | ||
{{- $separator = "@" }} | ||
{{- $termination = .imageRoot.digest | toString }} | ||
{{- end }} | ||
{{- if $registryName }} | ||
{{- printf "%s/%s/%s%s%s" $registryName $repositoryName $imageName $separator $termination }} | ||
{{- else }} | ||
{{- printf "%s/%s%s%s" $repositoryName $imageName $separator $termination }} | ||
{{- end }} | ||
{{- end }} | ||
|
||
|
||
{{/* | ||
Return proper nx-cloud-workflow-controller image name | ||
*/}} | ||
{{- define "nxCloud.images.workflowController.image" }} | ||
{{- include "nxCloud.images.common" (dict "imageRoot" .Values.controller.image "global" .Values.global) }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,43 @@ | ||
{{- if .Values.daemonset.enabled }} | ||
apiVersion: apps/v1 | ||
kind: DaemonSet | ||
metadata: | ||
name: nx-cloud-workflows-daemon | ||
namespace: {{ .Values.global.namespace }} | ||
labels: | ||
k8s-app: nx-cloud-workflows-daemon | ||
spec: | ||
selector: | ||
matchLabels: | ||
name: nx-cloud-workflows-daemon | ||
template: | ||
metadata: | ||
labels: | ||
name: nx-cloud-workflows-daemon | ||
spec: | ||
containers: | ||
- name: nx-cloud-workflows-daemon | ||
image: ubuntu:22.04 | ||
command: ["/bin/sh","-c"] | ||
args: ["/script/daemon.sh; while true; do echo Sleeping && sleep 3600; done"] | ||
volumeMounts: | ||
- name: nx-cloud-workflows-daemon-script | ||
mountPath: /script | ||
securityContext: | ||
allowPrivilegeEscalation: true | ||
privileged: true | ||
volumes: | ||
- name: nx-cloud-workflows-daemon-script | ||
configMap: | ||
name: nx-cloud-workflows-daemon-script | ||
defaultMode: 0755 | ||
--- | ||
apiVersion: v1 | ||
kind: ConfigMap | ||
metadata: | ||
name: nx-cloud-workflows-daemon-script | ||
namespace: {{ .Values.global.namespace }} | ||
data: | ||
daemon.sh: | | ||
{{- .Values.daemonset.script | nindent 4 }} | ||
{{- end }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
--- | ||
apiVersion: apps/v1 | ||
kind: Deployment | ||
metadata: | ||
name: nx-cloud-workflow-controller | ||
namespace: {{ .Values.global.namespace | quote }} | ||
labels: | ||
{{- include "nxCloud.app.labels" . | indent 4 }} | ||
spec: | ||
selector: | ||
matchLabels: | ||
app: nx-cloud-workflow-controller | ||
replicas: 1 | ||
template: | ||
metadata: | ||
labels: | ||
app: nx-cloud-workflow-controller | ||
spec: | ||
securityContext: | ||
runAsNonRoot: true | ||
containers: | ||
- command: | ||
- /nx-cloud-workflow-controller | ||
- --namespace={{ .Values.global.namespace }} | ||
- --in-cluster=true | ||
{{- range $key, $value := .Values.executor.env }} | ||
- --executor-env={{ $key }}={{ $value }} | ||
{{- end }} | ||
- --workflow-service-address=http://nx-cloud-workflow-controller-service:9000 | ||
image: {{ include "nxCloud.images.workflowController.image" . }} | ||
imagePullPolicy: {{ .Values.controller.image.pullPolicy | quote }} | ||
{{- if .Values.controller.resources }} | ||
resources: {{- toYaml .Values.controller.resources | nindent 12 }} | ||
{{- end }} | ||
name: nx-cloud-workflow-controller | ||
securityContext: | ||
runAsUser: 1000 | ||
allowPrivilegeEscalation: false | ||
capabilities: | ||
drop: | ||
- 'ALL' | ||
livenessProbe: | ||
httpGet: | ||
path: /healthz | ||
port: {{ .Values.controller.deployment.port }} | ||
initialDelaySeconds: 15 | ||
periodSeconds: 20 | ||
readinessProbe: | ||
httpGet: | ||
path: /readyz | ||
port: {{ .Values.controller.deployment.port }} | ||
initialDelaySeconds: 5 | ||
periodSeconds: 10 | ||
{{- if gt (len .Values.controller.env) 0 }} | ||
env: | ||
{{- range $key, $value := .Values.controller.env }} | ||
- name: {{ $key | quote }} | ||
value: {{ $value | quote }} | ||
{{- end }} | ||
{{- with .Values.secret }} | ||
{{- if .awsS3AccessKeyId }} | ||
{{- if .name }} | ||
- name: AWS_S3_ACCESS_KEY_ID | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ .name }} | ||
key: {{ .awsS3AccessKeyId }} | ||
- name: AWS_S3_SECRET_ACCESS_KEY | ||
valueFrom: | ||
secretKeyRef: | ||
name: {{ .name }} | ||
key: {{ .awsS3SecretAccessKey }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
{{- end }} | ||
serviceAccountName: nx-cloud-workflow-controller | ||
terminationGracePeriodSeconds: 10 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,7 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: Namespace | ||
metadata: | ||
name: {{ .Values.global.namespace }} | ||
labels: | ||
{{- include "nxCloud.app.labels" . | indent 4 }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,16 @@ | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: RoleBinding | ||
metadata: | ||
labels: | ||
{{- include "nxCloud.app.labels" . | indent 4 }} | ||
name: nx-cloud-workflow-controller-rolebinding | ||
namespace: {{ .Values.global.namespace }} | ||
roleRef: | ||
apiGroup: rbac.authorization.k8s.io | ||
kind: Role | ||
name: nx-cloud-workflow-controller-role | ||
subjects: | ||
- kind: ServiceAccount | ||
name: nx-cloud-workflow-controller | ||
namespace: {{ .Values.global.namespace }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,62 @@ | ||
--- | ||
apiVersion: rbac.authorization.k8s.io/v1 | ||
kind: Role | ||
metadata: | ||
name: nx-cloud-workflow-controller-role | ||
namespace: {{ .Values.global.namespace }} | ||
rules: | ||
- apiGroups: | ||
- '' | ||
resources: | ||
- services | ||
- pods | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- apps | ||
resources: | ||
- deployments | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- '' | ||
resources: | ||
- secrets | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- batch | ||
resources: | ||
- jobs | ||
verbs: | ||
- create | ||
- delete | ||
- get | ||
- list | ||
- patch | ||
- update | ||
- watch | ||
- apiGroups: | ||
- batch | ||
resources: | ||
- jobs/status | ||
verbs: | ||
- get |
Empty file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
name: nx-cloud-workflow-runner | ||
namespace: {{ .Values.global.namespace }} | ||
--- | ||
apiVersion: v1 | ||
kind: ServiceAccount | ||
metadata: | ||
labels: | ||
{{- include "nxCloud.app.labels" . | indent 4 }} | ||
name: nx-cloud-workflow-controller | ||
namespace: {{ .Values.global.namespace }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
global: | ||
imageRegistry: '' | ||
imageTag: '' | ||
imageRepository: 'nxprivatecloud' | ||
namespace: 'nx-cloud-workflows' | ||
|
||
naming: | ||
nameOverride: '' | ||
fullNameOverride: '' | ||
|
||
controller: | ||
deployment: | ||
port: 9000 | ||
env: {} | ||
image: | ||
registry: '' | ||
imageName: nx-cloud-workflow-controller | ||
repository: '' | ||
tag: latest | ||
pullPolicy: Always | ||
resources: | ||
limits: | ||
memory: '1Gi' | ||
cpu: '1.0' | ||
requests: | ||
memory: '0.5Gi' | ||
cpu: '0.5' | ||
|
||
executor: | ||
env: {} | ||
|
||
daemonset: | ||
enabled: true | ||
script: | | ||
#!/bin/bash | ||
set -e | ||
# change the file-watcher max-count on each node to 1048576 | ||
# insert the new value into the system config | ||
sysctl -w fs.inotify.max_user_watches=1048576 | ||
# check that the new value was applied | ||
cat /proc/sys/fs/inotify/max_user_watches | ||
secret: | ||
name: '' | ||
awsS3AccessKeyId: '' | ||
awsS3SecretAccessKey: '' | ||