From 8be15cb81e92473bbb9b38b6ecb337703008eaa7 Mon Sep 17 00:00:00 2001 From: ZhenYi <434836402@qq.com> Date: Tue, 12 May 2026 16:36:13 +0800 Subject: [PATCH] fix(deploy): hardcode PVC name as shared-data in templates, remove pvcName Helm value MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit PVC name is now immutable — hardcoded in all 4 deployment templates instead of being a configurable Helm value. Removed pvcName from values.yaml and --set pvcName from deploy.sh. This ensures the PVC can never be renamed or deleted by Helm operations, only manually via kubectl. --- deploy.sh | 1 - deploy/README.md | 86 ++++++++++--------- deploy/templates/app/deployment.yaml | 2 +- deploy/templates/git_hook/deployment.yaml | 2 +- deploy/templates/gitserver/deployment.yaml | 2 +- .../templates/static_server/deployment.yaml | 2 +- deploy/values.yaml | 3 - 7 files changed, 48 insertions(+), 50 deletions(-) diff --git a/deploy.sh b/deploy.sh index 1371f9d..230c15c 100644 --- a/deploy.sh +++ b/deploy.sh @@ -65,7 +65,6 @@ if ! helm upgrade --install "$RELEASE" "$CHART_DIR" \ --set imageRegistry="$REGISTRY" \ --set imageTag="$TAG" \ --set configMapName="$CONFIG_MAP" \ - --set pvcName="$PVC_NAME" \ --timeout 5m; then echo "" err "Deployment FAILED — release preserved for debugging. diff --git a/deploy/README.md b/deploy/README.md index 13ac6d7..e8ff9a5 100644 --- a/deploy/README.md +++ b/deploy/README.md @@ -4,18 +4,19 @@ Monolithic Helm chart for all backend services. ## Services -| Service | Port(s) | Replicas | HPA | Purpose | -|---|---|---|---|---| -| `app` | 3000 (HTTP) | 2 | 2–10 | Main API server | -| `gitserver` | 8021 (HTTP), 2222 (SSH) | 1 | 1–5 | Git HTTP + SSH server | -| `email_worker` | 8084 (HTTP) | 1 | disabled | Email queue consumer (single instance only) | -| `git_hook` | 8083 (HTTP) | 1 | 1–5 | Git hook worker pool | -| `metrics_aggregator` | 9090 (HTTP) | 1 | 1–5 | Prometheus scrape + Loki push | -| `static_server` | 8081 (HTTP) | 1 | 1–5 | Static file server (avatars, blobs, media) | +| Service | Port(s) | Replicas | HPA | Purpose | +|----------------------|-------------------------|----------|----------|---------------------------------------------| +| `app` | 3000 (HTTP) | 2 | 2–10 | Main API server | +| `gitserver` | 8021 (HTTP), 2222 (SSH) | 1 | 1–5 | Git HTTP + SSH server | +| `email_worker` | 8084 (HTTP) | 1 | disabled | Email queue consumer (single instance only) | +| `git_hook` | 8083 (HTTP) | 1 | 1–5 | Git hook worker pool | +| `metrics_aggregator` | 9090 (HTTP) | 1 | 1–5 | Prometheus scrape + Loki push | +| `static_server` | 8081 (HTTP) | 1 | 1–5 | Static file server (avatars, blobs, media) | ## Prerequisites -The following resources must exist in the cluster **before** installing the Helm chart. They are not managed by Helm — install, upgrade, and uninstall of the chart will not touch them. +The following resources must exist in the cluster **before** installing the Helm chart. They are not managed by Helm — +install, upgrade, and uninstall of the chart will not touch them. ### 1. Namespace @@ -23,7 +24,7 @@ The following resources must exist in the cluster **before** installing the Helm kubectl create namespace app ``` -### 2. PVC (aliyun-nfs, 200Ti, ReadWriteMany) +### 2. PVC (aliyun-nfs-app, 200Ti, ReadWriteMany) ```bash kubectl apply -f - <<'EOF' @@ -38,11 +39,12 @@ spec: resources: requests: storage: 200Ti - storageClassName: aliyun-nfs + storageClassName: aliyun-nfs-app EOF ``` -> The chart references this PVC by name. If you use a different name, pass `--set pvcName=your-pvc-name` to Helm. +> The chart references this PVC by hardcoded name `shared-data`. This name is immutable — it cannot be changed via Helm +> values. ### 3. ConfigMap @@ -71,23 +73,23 @@ data: EOF ``` -| Variable | Default / Example | Required | -|---|---|---| -| `APP_REPOS_ROOT` | `/data/repos` | Yes | -| `APP_AVATAR_PATH` | `/data/avatars` | Yes | -| `STORAGE_PATH` | `/data/files` | Yes | -| `STATIC_ROOT` | `/data` | Yes | -| `APP_LOG_LEVEL` | `info` | No | -| `APP_COOKIE_SECURE` | `false` | No | -| `APP_DOMAIN_URL` | `https://your-domain.com` | Yes | -| `APP_DATABASE_URL` | `postgres://...` | **Yes** | -| `APP_REDIS_URL` | `redis://...` | **Yes** | -| `APP_AI_BASIC_URL` | `https://api.openai.com/v1` | **Yes** | -| `APP_AI_API_KEY` | `sk-...` | **Yes** | -| `APP_SMTP_PASSWORD` | `...` | **Yes** | -| `APP_SESSION_SECRET` | min 32 bytes | **Yes** | -| `APP_SSH_SERVER_PRIVATE_KEY` | hex-encoded PEM | **Yes** | -| `APP_SSH_PORT` | `2222` | Yes (k8s) | +| Variable | Default / Example | Required | +|------------------------------|-----------------------------|-----------| +| `APP_REPOS_ROOT` | `/data/repos` | Yes | +| `APP_AVATAR_PATH` | `/data/avatars` | Yes | +| `STORAGE_PATH` | `/data/files` | Yes | +| `STATIC_ROOT` | `/data` | Yes | +| `APP_LOG_LEVEL` | `info` | No | +| `APP_COOKIE_SECURE` | `false` | No | +| `APP_DOMAIN_URL` | `https://your-domain.com` | Yes | +| `APP_DATABASE_URL` | `postgres://...` | **Yes** | +| `APP_REDIS_URL` | `redis://...` | **Yes** | +| `APP_AI_BASIC_URL` | `https://api.openai.com/v1` | **Yes** | +| `APP_AI_API_KEY` | `sk-...` | **Yes** | +| `APP_SMTP_PASSWORD` | `...` | **Yes** | +| `APP_SESSION_SECRET` | min 32 bytes | **Yes** | +| `APP_SSH_SERVER_PRIVATE_KEY` | hex-encoded PEM | **Yes** | +| `APP_SSH_PORT` | `2222` | Yes (k8s) | > **SSH host key**: `APP_SSH_SERVER_PRIVATE_KEY` must be the hex-encoded Ed25519 private key PEM bytes. > ```bash @@ -127,16 +129,17 @@ helm upgrade --install deploy ./deploy \ All services share a single PVC (`shared-data`) via `subPath` mounts: -| SubPath | Mount | Used By | -|---|---|---| -| `repos` | `/data/repos` | app, gitserver, git-hook | -| `avatars` | `/data/avatars` | app | -| `files` | `/data/files` | app | -| `static` | `/data` | static-server | +| SubPath | Mount | Used By | +|-----------|-----------------|--------------------------| +| `repos` | `/data/repos` | app, gitserver, git-hook | +| `avatars` | `/data/avatars` | app | +| `files` | `/data/files` | app | +| `static` | `/data` | static-server | ## Autoscaling -All services except `email_worker` have HPA enabled by default. The email worker is fixed at 1 replica and must not be scaled. +All services except `email_worker` have HPA enabled by default. The email worker is fixed at 1 replica and must not be +scaled. To adjust HPA bounds per service: @@ -175,10 +178,10 @@ All services require these to be reachable from the cluster: Optional dependencies with graceful degradation: -| Dependency | Variable | Fallback | -|---|---|---| -| NATS JetStream | `NATS_URL` + `NATS_TOKEN` | Redis queue | -| Loki | `LOKI_URL` | Logs discarded | +| Dependency | Variable | Fallback | +|----------------|-------------------------------|------------------| +| NATS JetStream | `NATS_URL` + `NATS_TOKEN` | Redis queue | +| Loki | `LOKI_URL` | Logs discarded | | OTEL Collector | `OTEL_EXPORTER_OTLP_ENDPOINT` | Tracing disabled | ## Production Example @@ -193,6 +196,5 @@ helm upgrade --install deploy ./deploy \ --set ingress.enabled=true \ --set ingress.className=nginx \ --set ingress.hosts[0].host=your-domain.com \ - --set configMapName=app-env \ - --set pvcName=shared-data + --set configMapName=app-env ``` diff --git a/deploy/templates/app/deployment.yaml b/deploy/templates/app/deployment.yaml index cfebdae..66d551d 100644 --- a/deploy/templates/app/deployment.yaml +++ b/deploy/templates/app/deployment.yaml @@ -74,7 +74,7 @@ spec: volumes: - name: shared-data persistentVolumeClaim: - claimName: {{ .Values.pvcName }} + claimName: shared-data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/templates/git_hook/deployment.yaml b/deploy/templates/git_hook/deployment.yaml index 51ff724..7cfd1f2 100644 --- a/deploy/templates/git_hook/deployment.yaml +++ b/deploy/templates/git_hook/deployment.yaml @@ -63,7 +63,7 @@ spec: volumes: - name: shared-data persistentVolumeClaim: - claimName: {{ .Values.pvcName }} + claimName: shared-data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/templates/gitserver/deployment.yaml b/deploy/templates/gitserver/deployment.yaml index 0cd6dde..78d98f8 100644 --- a/deploy/templates/gitserver/deployment.yaml +++ b/deploy/templates/gitserver/deployment.yaml @@ -73,7 +73,7 @@ spec: volumes: - name: shared-data persistentVolumeClaim: - claimName: {{ .Values.pvcName }} + claimName: shared-data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/templates/static_server/deployment.yaml b/deploy/templates/static_server/deployment.yaml index d872c7f..bc91ea0 100644 --- a/deploy/templates/static_server/deployment.yaml +++ b/deploy/templates/static_server/deployment.yaml @@ -63,7 +63,7 @@ spec: volumes: - name: shared-data persistentVolumeClaim: - claimName: {{ .Values.pvcName }} + claimName: shared-data {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/deploy/values.yaml b/deploy/values.yaml index e7e6dfa..af96f9e 100644 --- a/deploy/values.yaml +++ b/deploy/values.yaml @@ -153,9 +153,6 @@ gingress: cpu: 500m memory: 512Mi -# External PVC (managed outside Helm — not deleted on uninstall) -pvcName: "shared-data" - # Ingress — handled by gingress controller ingress: enabled: true