ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(deploy): hardcode PVC name as shared-data in templates, remove pvcName Helm value

Browse Source 
PVC name is now immutable — hardcoded in all 4 deployment templates instead
of being a configurable Helm value. Removed pvcName from values.yaml and
--set pvcName from deploy.sh. This ensures the PVC can never be renamed or
deleted by Helm operations, only manually via kubectl.
This commit is contained in:
ZhenYi 2026-05-12 16:36:13 +08:00
parent dc193a061a
commit 8be15cb81e
7 changed files with 48 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
deploy.sh
View File

@ -65,7 +65,6 @@ if ! helm upgrade --install "$RELEASE" "$CHART_DIR" \
--set imageRegistry="$REGISTRY" \ --set imageRegistry="$REGISTRY" \
--set imageTag="$TAG" \ --set imageTag="$TAG" \
--set configMapName="$CONFIG_MAP" \ --set configMapName="$CONFIG_MAP" \
--set pvcName="$PVC_NAME" \
--timeout 5m; then --timeout 5m; then
echo "" echo ""
err "Deployment FAILED — release preserved for debugging. err "Deployment FAILED — release preserved for debugging.

24
deploy/README.md
View File

@ -5,7 +5,7 @@ Monolithic Helm chart for all backend services.
## Services ## Services
| Service | Port(s) | Replicas | HPA | Purpose | | Service | Port(s) | Replicas | HPA | Purpose |
|---|---|---|---|---| |----------------------|-------------------------|----------|----------|---------------------------------------------|
| `app` | 3000 (HTTP) | 2 | 210 | Main API server | | `app` | 3000 (HTTP) | 2 | 210 | Main API server |
| `gitserver` | 8021 (HTTP), 2222 (SSH) | 1 | 15 | Git HTTP + SSH server | | `gitserver` | 8021 (HTTP), 2222 (SSH) | 1 | 15 | Git HTTP + SSH server |
| `email_worker` | 8084 (HTTP) | 1 | disabled | Email queue consumer (single instance only) | | `email_worker` | 8084 (HTTP) | 1 | disabled | Email queue consumer (single instance only) |
@ -15,7 +15,8 @@ Monolithic Helm chart for all backend services.
## Prerequisites ## Prerequisites
The following resources must exist in the cluster **before** installing the Helm chart. They are not managed by Helm — install, upgrade, and uninstall of the chart will not touch them. The following resources must exist in the cluster **before** installing the Helm chart. They are not managed by Helm —
install, upgrade, and uninstall of the chart will not touch them.
### 1. Namespace ### 1. Namespace
@ -23,7 +24,7 @@ The following resources must exist in the cluster **before** installing the Helm
kubectl create namespace app kubectl create namespace app
``` ```
### 2. PVC (aliyun-nfs, 200Ti, ReadWriteMany) ### 2. PVC (aliyun-nfs-app, 200Ti, ReadWriteMany)
```bash ```bash
kubectl apply -f - <<'EOF' kubectl apply -f - <<'EOF'
@ -38,11 +39,12 @@ spec:
resources: resources:
requests: requests:
storage: 200Ti storage: 200Ti
storageClassName: aliyun-nfs storageClassName: aliyun-nfs-app
EOF EOF
``` ```
> The chart references this PVC by name. If you use a different name, pass `--set pvcName=your-pvc-name` to Helm. > The chart references this PVC by hardcoded name `shared-data`. This name is immutable — it cannot be changed via Helm
> values.
### 3. ConfigMap ### 3. ConfigMap
@ -72,7 +74,7 @@ EOF
``` ```
| Variable | Default / Example | Required | | Variable | Default / Example | Required |
|---|---|---| |------------------------------|-----------------------------|-----------|
| `APP_REPOS_ROOT` | `/data/repos` | Yes | | `APP_REPOS_ROOT` | `/data/repos` | Yes |
| `APP_AVATAR_PATH` | `/data/avatars` | Yes | | `APP_AVATAR_PATH` | `/data/avatars` | Yes |
| `STORAGE_PATH` | `/data/files` | Yes | | `STORAGE_PATH` | `/data/files` | Yes |
@ -128,7 +130,7 @@ helm upgrade --install deploy ./deploy \
All services share a single PVC (`shared-data`) via `subPath` mounts: All services share a single PVC (`shared-data`) via `subPath` mounts:
| SubPath | Mount | Used By | | SubPath | Mount | Used By |
|---|---|---| |-----------|-----------------|--------------------------|
| `repos` | `/data/repos` | app, gitserver, git-hook | | `repos` | `/data/repos` | app, gitserver, git-hook |
| `avatars` | `/data/avatars` | app | | `avatars` | `/data/avatars` | app |
| `files` | `/data/files` | app | | `files` | `/data/files` | app |
@ -136,7 +138,8 @@ All services share a single PVC (`shared-data`) via `subPath` mounts:
## Autoscaling ## Autoscaling
All services except `email_worker` have HPA enabled by default. The email worker is fixed at 1 replica and must not be scaled. All services except `email_worker` have HPA enabled by default. The email worker is fixed at 1 replica and must not be
scaled.
To adjust HPA bounds per service: To adjust HPA bounds per service:
@ -176,7 +179,7 @@ All services require these to be reachable from the cluster:
Optional dependencies with graceful degradation: Optional dependencies with graceful degradation:
| Dependency | Variable | Fallback | | Dependency | Variable | Fallback |
|---|---|---| |----------------|-------------------------------|------------------|
| NATS JetStream | `NATS_URL` + `NATS_TOKEN` | Redis queue | | NATS JetStream | `NATS_URL` + `NATS_TOKEN` | Redis queue |
| Loki | `LOKI_URL` | Logs discarded | | Loki | `LOKI_URL` | Logs discarded |
| OTEL Collector | `OTEL_EXPORTER_OTLP_ENDPOINT` | Tracing disabled | | OTEL Collector | `OTEL_EXPORTER_OTLP_ENDPOINT` | Tracing disabled |
@ -193,6 +196,5 @@ helm upgrade --install deploy ./deploy \
--set ingress.enabled=true \ --set ingress.enabled=true \
--set ingress.className=nginx \ --set ingress.className=nginx \
--set ingress.hosts[0].host=your-domain.com \ --set ingress.hosts[0].host=your-domain.com \
--set configMapName=app-env \ --set configMapName=app-env
--set pvcName=shared-data
``` ```

2
deploy/templates/app/deployment.yaml
View File

@ -74,7 +74,7 @@ spec:
volumes: volumes:
- name: shared-data - name: shared-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.pvcName }} claimName: shared-data
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

2
deploy/templates/git_hook/deployment.yaml
View File

@ -63,7 +63,7 @@ spec:
volumes: volumes:
- name: shared-data - name: shared-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.pvcName }} claimName: shared-data
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

2
deploy/templates/gitserver/deployment.yaml
View File

@ -73,7 +73,7 @@ spec:
volumes: volumes:
- name: shared-data - name: shared-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.pvcName }} claimName: shared-data
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

2
deploy/templates/static_server/deployment.yaml
View File

@ -63,7 +63,7 @@ spec:
volumes: volumes:
- name: shared-data - name: shared-data
persistentVolumeClaim: persistentVolumeClaim:
claimName: {{ .Values.pvcName }} claimName: shared-data
{{- with .Values.nodeSelector }} {{- with .Values.nodeSelector }}
nodeSelector: nodeSelector:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}

3
deploy/values.yaml
View File

@ -153,9 +153,6 @@ gingress:
cpu: 500m cpu: 500m
memory: 512Mi memory: 512Mi
# External PVC (managed outside Helm — not deleted on uninstall)
pvcName: "shared-data"
# Ingress — handled by gingress controller # Ingress — handled by gingress controller
ingress: ingress:
enabled: true enabled: true