apunkt/trustgraph
1
0
Fork 0
mirror of https://github.com/trustgraph-ai/trustgraph.git synced 2026-04-29 02:23:44 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

K8s (#58)

Browse source 
Added templates which produce K8s resources.  With the provided GCP wrapper, it works on GCP K8s cluster.  This isn't stable enough for other folks to use so will need more piloting before it can be documented and released.
This commit is contained in:
cybermaggedon 2024-09-07 18:59:38 +01:00 committed by GitHub
parent 7af32b0eef
commit f661791bbf
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
50 changed files with 1037 additions and 345 deletions
Download patch file Download diff file Expand all files Collapse all files

330
templates/k8s.jsonnet Normal file
View file

@ -0,0 +1,330 @@
{
container:: function(name)
{
local container = self,
name: name,
limits: {},
reservations: {},
ports: [],
volumes: [],
with_image:: function(x) self + { image: x },
with_command:: function(x) self + { command: x },
with_environment:: function(x) self + { environment: x },
with_limits:: function(c, m) self + { limits: { cpu: c, memory: m } },
with_reservations::
function(c, m) self + { reservations: { cpu: c, memory: m } },
with_volume_mount::
function(vol, mnt)
self + {
volumes: super.volumes + [{
volume: vol, mount: mnt
}]
},
with_port::
function(src, dest, name) self + {
ports: super.ports + [
{ src: src, dest: dest, name : name }
]
},
add:: function() [
{
apiVersion: "apps/v1",
kind: "Deployment",
metadata: {
name: container.name,
namespace: "trustgraph",
labels: {
app: container.name
}
},
spec: {
replicas: 1,
selector: {
matchLabels: {
app: container.name,
}
},
template: {
metadata: {
labels: {
app: container.name,
}
},
spec: {
containers: [
{
name: container.name,
image: container.image,
securityContext: {
// fsGroup: 1234
// runAsUser: 65534
// runAsGroup: 65534
// runAsNonRoot: true
runAsUser: 0,
runAsGroup: 0,
// runAsNonRoot: true,
// readOnlyRootFilesystem: true,
},
resources: {
requests: container.reservations,
limits: container.limits
},
} + (
if std.length(container.ports) > 0 then
{
ports: [
{
hostPort: port.src,
containerPort: port.dest,
}
for port in container.ports
]
} else
{}) +
(if std.objectHas(container, "command") then
{ command: container.command }
else {}) +
(if std.objectHas(container, "environment") then
{ env: [ {
name: e.key, value: e.value
}
for e in
std.objectKeysValues(
container.environment
)
]
}
else {}) +
(if std.length(container.volumes) > 0 then
{
volumeMounts: [
{
mountPath: vol.mount,
name: vol.volume.name,
}
for vol in container.volumes
]
}
else
{}
)
],
volumes: [
vol.volume.volRef()
for vol in container.volumes
]
}
},
} + {}
}
]
},
// Just an alias
internalService:: self.service,
service:: function(containers)
{
local service = self,
name: containers.name,
ports: [],
with_port::
function(src, dest, name)
self + {
ports: super.ports + [
{ src: src, dest: dest, name: name }
]
},
add:: function() [
{
apiVersion: "v1",
kind: "Service",
metadata: {
name: service.name,
namespace: "trustgraph",
},
spec: {
selector: {
app: service.name,
},
ports: [
{
port: port.src,
targetPort: port.dest,
name: port.name,
}
for port in service.ports
],
}
}
],
},
volume:: function(name)
{
local volume = self,
name: name,
with_size:: function(size) self + { size: size },
add:: function() [
/*
{
apiVersion: "v1",
kind: "PersistentVolume",
metadata: {
name: volume.name,
labels: {
type: "local",
}
},
spec: {
storageClassName: "tg",
volumeMode: "Filesystem",
capacity: {
storage: volume.size,
},
accessModes: [ "ReadWriteOnce" ],
persistentVolumeReclaimPolicy: "Delete",
}
},
*/
{
apiVersion: "v1",
kind: "PersistentVolumeClaim",
metadata: {
name: volume.name,
namespace: "trustgraph",
},
spec: {
storageClassName: "tg",
accessModes: [ "ReadWriteOnce" ],
resources: {
requests: {
storage: volume.size,
}
},
// volumeName: volume.name,
}
}
],
volRef:: function() {
name: volume.name,
persistentVolumeClaim: { claimName: volume.name },
}
},
configVolume:: function(name, dir, parts)
{
local volume = self,
name: name,
with_size:: function(size) self + { size: size },
add:: function() [
{
apiVersion: "v1",
kind: "ConfigMap",
metadata: {
name: volume.name,
namespace: "trustgraph",
},
data: parts
},
],
volRef:: function() {
name: volume.name,
configMap: { name: volume.name },
}
},
secretVolume:: function(name, dir, parts)
{
local volume = self,
name: name,
with_size:: function(size) self + { size: size },
add:: function() [
{
apiVersion: "v1",
kind: "Secret",
metadata: {
name: volume.name,
namespace: "trustgraph",
},
data: {
[item.key]: std.base64(item.value)
for item in std.objectKeysValues(parts)
}
},
],
volRef:: function() {
name: volume.name,
secret: { secretName: volume.name },
}
},
containers:: function(name, containers)
{
local cont = self,
name: name,
containers: containers,
add:: function() std.flattenArrays(
[ c.add() for c in cont.containers ]
),
},
resources:: function(res)
std.flattenArrays(
[ c.add() for c in res ]
),
}