deploy: helm charts templates for single-node (#587)

1 year ago · 98a15069eb
parent e88220c424
commit 98a15069eb
14 changed files with 343 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -56,4 +56,7 @@ node_modules/
 __*
 !__mocks__
 !.gitkeep
-*.local
+*.local
+
+# Monokle
+.monokle
--- a/install/helm-single/.helmignore
+++ b/install/helm-single/.helmignore
@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
--- a/install/helm-single/Chart.yaml
+++ b/install/helm-single/Chart.yaml
@ -0,0 +1,6 @@
+apiVersion: v2
+name: hydro-helm
+description: A Helm chart for Hydro Deployment
+type: application
+version: 0.1.0
+appVersion: "1.16.0"
--- a/install/helm-single/readme.md
+++ b/install/helm-single/readme.md
@ -0,0 +1,22 @@
+## 该部署方式非官方维护，仅适用于有经验的K8s集群运维人员修改使用
+## 普通用户请务必使用自动脚本安装，这可大大提高您一次成功的可能性
+
+## It is for testing purposes only and is not production-ready.
+## TL;DR
+
+首次部署完毕后，不会自动创建用户，请手动在Backend的Pod中执行
+
+```
+hydrooj cli user create systemjudge@systemjudge.local root rootroot
+hydrooj cli user setSuperAdmin 2
+```
+
+Helm Chart示例中尚未完全适配多节点以及HA需求。主要体现在
+- Mongo的单节点部署
+- 为了理解和调试便利，后端容器`/data/file`和`/root/.hydro`，Mongo容器`/data/db`，评测机容器`/root/.config/hydro`使用了HostPath。
+
+
+由于Judge需要以特权容器运行（cgroup所需），建议将Backend和Judge调度到不同的节点上。
+
+本部署方式暂不支持本地构建镜像，请根据组织架构场景下的基础设施，自行处理镜像仓库问题。
+
--- a/install/helm-single/templates/backend.config.yaml
+++ b/install/helm-single/templates/backend.config.yaml
@ -0,0 +1,13 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: backend-config-map
+  labels:
+    app: backend
+  namespace: hydro-namespace
+data:
+  addon.json: |-
+    {{.Values.Backend.AddonJson | nindent 4}}
+
+  config.json: |-
+    {{.Values.Backend.ConfigJson | nindent 4}}
--- a/install/helm-single/templates/backend.deployment.yaml
+++ b/install/helm-single/templates/backend.deployment.yaml
@ -0,0 +1,63 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: backend
+  name: backend-deployment
+  namespace: hydro-namespace
+spec:
+  replicas: {{.Values.Backend.Replicas}}
+  revisionHistoryLimit: 1
+  strategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: backend
+  template:
+    metadata:
+      labels:
+        app: backend
+    spec:
+      containers:
+        - name: oj-backend
+          image: {{.Values.Backend.Image}}
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - mountPath: /data/file
+              name: file-volume
+            - mountPath: /root/.hydro
+              name: backend-volume
+            - mountPath: /root/.hydro-config-map
+              name: config-json-volume
+          ports:
+            - name: server-port
+              containerPort: 80
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              cp /root/.hydro-config-map/addon.json /root/.hydro/ &&
+              cp /root/.hydro-config-map/config.json /root/.hydro/ &&
+              hydrooj
+
+      initContainers:
+        - name: init-mydb
+          image: busybox
+          command:
+            [
+              "sh",
+              "-c",
+              "until nslookup {{.Values.Global.Mongo.SvcDomain}}; do echo waiting for {{.Values.Global.Mongo.SvcDomain}}; sleep 2; done;",
+            ]
+      restartPolicy: Always
+      volumes:
+        - name: file-volume
+          hostPath:
+            path: {{.Values.Backend.FileVolume}}
+            type: DirectoryOrCreate
+        - name: backend-volume
+          hostPath:
+            path: {{.Values.Backend.BackendVolume}}
+            type: DirectoryOrCreate
+        - name: config-volume
+          configMap:
+            name: backend-config-map
--- a/install/helm-single/templates/backend.service.yaml
+++ b/install/helm-single/templates/backend.service.yaml
@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: backend
+  name: backend-service
+  namespace: hydro-namespace
+spec:
+  ports:
+    - port: {{.Values.Backend.ClusterPort}}
+      name: backend-cluster-endpoint
+      protocol: TCP
+      targetPort: 80
+  selector:
+    app: backend
+  type: ClusterIP
--- a/install/helm-single/templates/ingress.yaml
+++ b/install/helm-single/templates/ingress.yaml
@ -0,0 +1,20 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: hydro-ingress
+  annotations:
+    kubernetes.io/ingress.class: traefik
+    ingress.kubernetes.io/ssl-redirect: "false"
+  namespace: hydro-namespace
+spec:
+  rules:
+    - host: "backend.boo.foo" # 如果不需要当然也可以去掉HostName
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: backend-service-service
+                port:
+                  name: backend-cluster-endpoint
--- a/install/helm-single/templates/judge.config.yaml
+++ b/install/helm-single/templates/judge.config.yaml
@ -0,0 +1,10 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: judge-config-map
+  labels:
+    app: judge
+  namespace: hydro-namespace
+data:
+  judge.yaml: |-
+    {{.Values.Judge.JudgeYaml | nindent 4}}
--- a/install/helm-single/templates/judge.deployment.yaml
+++ b/install/helm-single/templates/judge.deployment.yaml
@ -0,0 +1,49 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: judge
+  name: judge-deployment
+  namespace: hydro-namespace
+spec:
+  replicas: {{.Values.Judge.Replicas}}
+  revisionHistoryLimit: 1
+  strategy:
+    type: RollingUpdate
+  selector:
+    matchLabels:
+      app: judge
+  template:
+    metadata:
+      labels:
+        app: judge
+    spec:
+      containers:
+        - name: oj-judge
+          image: {{.Values.Judge.Image}}
+          imagePullPolicy: IfNotPresent
+          privileged: true
+          volumeMounts:
+            - mountPath: /root/.config/hydro
+              name: judge-volume
+            - mountPath: /root/.judge-config-map
+              name: config-json-volume
+          ports:
+            - name: server-port
+              containerPort: 80
+          command: ["/bin/sh", "-c"]
+          args:
+            - |
+              cp /root/.judge-config-map/judge.yaml /root/ &&
+              pm2 start sandbox &&
+              pm2-runtime start hydrojudge
+
+      restartPolicy: Always
+      volumes:
+        - name: judge-volume
+          hostPath:
+            path: {{.Values.Judge.ConfigVolume}}
+            type: DirectoryOrCreate
+        - name: config-volume
+          configMap:
+            name: judge-config-map
--- a/install/helm-single/templates/mongo.deployment.yaml
+++ b/install/helm-single/templates/mongo.deployment.yaml
@ -0,0 +1,40 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: mongo
+  name: mongo-deployment
+  namespace: hydro-namespace
+spec:
+  replicas: 1
+  revisionHistoryLimit: 1
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: mongo
+  template:
+    metadata:
+      labels:
+        app: mongo
+    spec:
+      containers:
+        - name: oj-mongo
+          image: mongo:latest
+          imagePullPolicy: IfNotPresent
+          volumeMounts:
+            - mountPath: /data/db
+              name: localvolume
+          env:
+            - name: MONGO_INITDB_ROOT_USERNAME
+              value: {{.Values.Mongo.Username}}
+            - name: MONGO_INITDB_ROOT_PASSWORD
+              value: {{.Values.Mongo.Password}}
+          ports:
+            - name: db-port
+              containerPort: 27017
+      volumes:
+        - name: localvolume
+          hostPath:
+            path: {{.Values.Mongo.Volume}}
+            type: DirectoryOrCreate
--- a/install/helm-single/templates/mongo.service.yaml
+++ b/install/helm-single/templates/mongo.service.yaml
@ -0,0 +1,33 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-service
+  namespace: hydro-namespace
+spec:
+  ports:
+    - port: {{.Values.Mongo.ClusterPort}}
+      name: mongo-cluster-endpoint
+      protocol: TCP
+      targetPort: 27017
+  selector:
+    app: mongo
+  type: ClusterIP
+---
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: mongo
+  name: mongo-loadbalance-service
+  namespace: hydro-namespace
+spec:
+  ports:
+    - port: {{.Values.Mongo.LoadBalancerPort}}
+      name: mongo-endpoint
+      protocol: TCP
+      targetPort: 27017
+  selector:
+    app: mongo
+  type: LoadBalancer
--- a/install/helm-single/templates/namespace.yaml
+++ b/install/helm-single/templates/namespace.yaml
@ -0,0 +1,6 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: hydro-namespace
+  labels:
+    name: hydro-namespace-label
--- a/install/helm-single/values.yaml
+++ b/install/helm-single/values.yaml
@ -0,0 +1,38 @@
+Mongo:
+  Volume: /path/of/mongo-volume
+  Username: username
+  Password: password
+  ClusterPort: 27017 # 对集群内服务端口
+  LoadBalancerPort: 27017 # 对集群外暴露端口
+
+Backend:
+  Image: some.url/docker/backend:latest
+  FileVolume: /path/of/backend-file-volume # aka /data/file
+  BackendVolume: /path/of/backend-config-volume # aka /root/.hydro
+  Replicas: 1
+  ClusterPort: 8080 # 对集群内服务端口
+  ConfigJson: |-
+    {"host": "mongo-service.hydro-namespace.svc.cluster.local", "port": "27017", "name": "hydro", "username": "username", "password": "password"}
+
+  AddonJson: |-
+    ["@hydrooj/ui-default"]
+
+Judge:
+  Replicas: 1
+  ConfigVolume: /path/of/judge-volume # aka /root/.config/hydro
+  Image: some.url/docker/judge:latest
+  # 评测机走svc内网连接后端
+  JudgeYaml: |-
+    hosts:
+      localhost:
+        type: hydro
+        server_url: http://backend-service.hydro-namespace.svc.cluster.local:8080/
+        uname: root
+        password: rootroot
+        detail: true
+
+Global:
+  Mongo:
+    SvcDomain: mongo-service.hydro-namespace.svc.cluster.local
+  Backend:
+    SvcDomain: backend-service.hydro-namespace.svc.cluster.local