ZhenYi/gitdataai
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(chart): add web frontend, external ConfigMap, SSH secret; fix probes and container names

Browse Source 
- Add web Deployment/Service with nginx SPA on port 80
- Remove env generation from chart, use external ConfigMap (configMap.create=false)
- Add SSH host key Secret injection for gitpod (/etc/ssh)
- Fix ServiceMonitor to scrape /metrics uniformly for all services
- Fix container names to be service-specific (gitdata/gitpod/gitsync/email/web)
- Parameterize PVC claimName and data mountPath
- Fix Ingress routing: / -> web, /api /socket.io -> gitdata
- Add web to HPA/PDB support lists
This commit is contained in:
zhenyi 2026-06-01 22:36:39 +08:00
parent 1e82d22048
commit dbb9e2a1e1
9 changed files with 220 additions and 73 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -61,4 +61,5 @@ temp/
*.backup
*~
chart/ConfigMap.yaml
chart/SSH.yaml
chart/pvc

27
chart/app/templates/configmap.yaml
View File

@ -1,28 +1,11 @@
{{/*
Single shared ConfigMap for all services.
Merges global.env with service-specific overrides.
*/}}
{{- $allEnv := deepCopy ($.Values.global.env | default dict) }}
{{- /* Auto-fill APP_GIT_RPC_ADDR for gitdata -> gitpod-rpc service */}}
{{- if and $.Values.gitdata.enabled (not $.Values.gitdata.env.APP_GIT_RPC_ADDR) }}
{{- $_ := set $allEnv "APP_GIT_RPC_ADDR" (include "app.gitpodRpcAddr" $) }}
{{- end }}
{{- range $svcName, $svc := dict "gitdata" $.Values.gitdata "gitpod" $.Values.gitpod "gitsync" $.Values.gitsync "email" $.Values.email }}
{{- if $svc.enabled }}
{{- $allEnv = merge $allEnv ($svc.env | default dict) }}
{{- end }}
{{- end }}
{{- if $allEnv }}
{{- if .Values.configMap.create }}
---
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "app.fullname" $ }}
namespace: {{ $.Values.global.namespace | default $.Release.Namespace }}
name: {{ .Values.configMap.name | default (include "app.fullname" .) }}
namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.labels" $ | nindent 4 }}
data:
{{- range $k, $v := $allEnv }}
{{ $k }}: {{ $v | quote }}
{{- end }}
{{- include "app.labels" . | nindent 4 }}
data: {}
{{- end }}

118
chart/app/templates/deployment.yaml
View File

@ -1,6 +1,6 @@
{{/*
Deployments — One per enabled service.
All pods share app-data-pvc mounted at /data.
All pods share the configured data PVC.
*/}}
{{/* ============================================================
@ -35,7 +35,7 @@ spec:
securityContext:
{{- toYaml $svc.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
- name: gitdata
image: {{ include "app.image" (dict "root" . "svc" $svc.image) }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
@ -44,14 +44,14 @@ spec:
protocol: TCP
envFrom:
- configMapRef:
name: {{ include "app.fullname" . }}
name: {{ .Values.configMap.name | default (include "app.fullname" .) }}
resources:
{{- toYaml $svc.resources | nindent 12 }}
securityContext:
{{- toYaml $svc.securityContext | nindent 12 }}
volumeMounts:
- name: data
mountPath: /data
mountPath: {{ .Values.persistence.data.mountPath }}
{{- with $svc.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
@ -75,7 +75,7 @@ spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: app-data-pvc
claimName: {{ .Values.persistence.data.claimName }}
{{- with $svc.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -125,7 +125,7 @@ spec:
securityContext:
{{- toYaml $svc.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
- name: gitpod
image: {{ include "app.image" (dict "root" . "svc" $svc.image) }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
@ -140,14 +140,14 @@ spec:
protocol: TCP
envFrom:
- configMapRef:
name: {{ include "app.fullname" . }}
name: {{ .Values.configMap.name | default (include "app.fullname" .) }}
resources:
{{- toYaml $svc.resources | nindent 12 }}
securityContext:
{{- toYaml $svc.securityContext | nindent 12 }}
volumeMounts:
- name: data
mountPath: /data
mountPath: {{ .Values.persistence.data.mountPath }}
{{- with $svc.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
@ -176,7 +176,7 @@ spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: app-data-pvc
claimName: {{ .Values.persistence.data.claimName }}
{{- if $svc.sshHostKeySecret }}
- name: ssh-host-key
secret:
@ -232,7 +232,7 @@ spec:
securityContext:
{{- toYaml $svc.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
- name: gitsync
image: {{ include "app.image" (dict "root" . "svc" $svc.image) }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
@ -241,14 +241,14 @@ spec:
protocol: TCP
envFrom:
- configMapRef:
name: {{ include "app.fullname" . }}
name: {{ .Values.configMap.name | default (include "app.fullname" .) }}
resources:
{{- toYaml $svc.resources | nindent 12 }}
securityContext:
{{- toYaml $svc.securityContext | nindent 12 }}
volumeMounts:
- name: data
mountPath: /data
mountPath: {{ .Values.persistence.data.mountPath }}
{{- with $svc.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
@ -272,7 +272,7 @@ spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: app-data-pvc
claimName: {{ .Values.persistence.data.claimName }}
{{- with $svc.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -322,7 +322,7 @@ spec:
securityContext:
{{- toYaml $svc.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
- name: email
image: {{ include "app.image" (dict "root" . "svc" $svc.image) }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
@ -331,14 +331,14 @@ spec:
protocol: TCP
envFrom:
- configMapRef:
name: {{ include "app.fullname" . }}
name: {{ .Values.configMap.name | default (include "app.fullname" .) }}
resources:
{{- toYaml $svc.resources | nindent 12 }}
securityContext:
{{- toYaml $svc.securityContext | nindent 12 }}
volumeMounts:
- name: data
mountPath: /data
mountPath: {{ .Values.persistence.data.mountPath }}
{{- with $svc.volumeMounts }}
{{- toYaml . | nindent 12 }}
{{- end }}
@ -362,7 +362,7 @@ spec:
volumes:
- name: data
persistentVolumeClaim:
claimName: app-data-pvc
claimName: {{ .Values.persistence.data.claimName }}
{{- with $svc.volumes }}
{{- toYaml . | nindent 8 }}
{{- end }}
@ -379,3 +379,87 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{/* ============================================================
web — Frontend SPA
============================================================ */}}
{{- if .Values.web.enabled }}
{{- $svc := .Values.web }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "app.serviceFullname" (dict "root" . "name" "web") }}
namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.serviceLabels" (dict "root" . "name" "web") | nindent 4 }}
spec:
replicas: {{ $svc.replicaCount }}
selector:
matchLabels:
{{- include "app.serviceSelectorLabels" (dict "root" . "name" "web") | nindent 6 }}
template:
metadata:
annotations:
{{- with $svc.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "app.serviceLabels" (dict "root" . "name" "web") | nindent 8 }}
spec:
{{- include "app.imagePullSecrets" . | nindent 6 }}
serviceAccountName: {{ include "app.serviceAccountName" . }}
securityContext:
{{- toYaml $svc.podSecurityContext | nindent 8 }}
containers:
- name: web
image: {{ include "app.image" (dict "root" . "svc" $svc.image) }}
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
ports:
- name: http
containerPort: 80
protocol: TCP
envFrom:
- configMapRef:
name: {{ .Values.configMap.name | default (include "app.fullname" .) }}
resources:
{{- toYaml $svc.resources | nindent 12 }}
securityContext:
{{- toYaml $svc.securityContext | nindent 12 }}
{{- with $svc.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
httpGet:
path: {{ $svc.startupProbe.httpGet.path }}
port: {{ $svc.startupProbe.httpGet.port }}
initialDelaySeconds: {{ $svc.startupProbe.initialDelaySeconds }}
periodSeconds: {{ $svc.startupProbe.periodSeconds }}
failureThreshold: {{ $svc.startupProbe.failureThreshold }}
livenessProbe:
httpGet:
path: {{ $svc.livenessProbe.httpGet.path }}
port: {{ $svc.livenessProbe.httpGet.port }}
periodSeconds: {{ $svc.livenessProbe.periodSeconds }}
readinessProbe:
httpGet:
path: {{ $svc.readinessProbe.httpGet.path }}
port: {{ $svc.readinessProbe.httpGet.port }}
periodSeconds: {{ $svc.readinessProbe.periodSeconds }}
{{- with $svc.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $svc.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $svc.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with $svc.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

2
chart/app/templates/hpa.yaml
View File

@ -1,4 +1,4 @@
{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" }}
{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" "web" }}
{{- $svcCfg := index $.Values $svcName }}
{{- $hpaCfg := index $.Values.autoscaling $svcName }}
{{- if and $svcCfg.enabled $hpaCfg.enabled }}

9
chart/app/templates/ingress.yaml
View File

@ -43,6 +43,15 @@ spec:
port:
number: {{ $.Values.gitdata.service.port }}
{{- end }}
{{- if $.Values.web.enabled }}
- path: /
pathType: Prefix
backend:
service:
name: {{ include "app.serviceFullname" (dict "root" $ "name" "web") }}
port:
number: {{ $.Values.web.service.port }}
{{- end }}
{{- end }}
{{- range .Values.ingress.git.hosts }}
- host: {{ .host | quote }}

2
chart/app/templates/pdb.yaml
View File

@ -1,5 +1,5 @@
{{- if .Values.podDisruptionBudget.enabled }}
{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" }}
{{- range $svcName := list "gitdata" "gitpod" "gitsync" "email" "web" }}
{{- $svcCfg := index $.Values $svcName }}
{{- $pdbCfg := index $.Values.podDisruptionBudget $svcName }}
{{- if and $svcCfg.enabled $pdbCfg.minAvailable }}

23
chart/app/templates/service.yaml
View File

@ -139,3 +139,26 @@ spec:
selector:
{{- include "app.serviceSelectorLabels" (dict "root" . "name" "email") | nindent 4 }}
{{- end }}
{{- if .Values.web.enabled }}
---
apiVersion: v1
kind: Service
metadata:
name: {{ include "app.serviceFullname" (dict "root" . "name" "web") }}
namespace: {{ include "app.namespace" . }}
labels:
{{- include "app.serviceLabels" (dict "root" . "name" "web") | nindent 4 }}
{{- with .Values.web.service.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
type: {{ .Values.web.service.type }}
ports:
- port: {{ .Values.web.service.port | default 80 }}
targetPort: http
protocol: TCP
name: http
selector:
{{- include "app.serviceSelectorLabels" (dict "root" . "name" "web") | nindent 4 }}
{{- end }}

4
chart/app/templates/servicemonitor.yaml
View File

@ -23,11 +23,7 @@ spec:
endpoints:
- interval: {{ $.Values.serviceMonitor.interval }}
port: {{ if eq $svcName "gitdata" }}http{{ else if eq $svcName "gitpod" }}http{{ else }}health{{ end }}
{{- if eq $svcName "gitdata" }}
path: /metrics
{{- else }}
path: /health
{{- end }}
selector:
matchLabels:
{{- include "app.serviceSelectorLabels" (dict "root" $ "name" $svcName) | nindent 6 }}

107
chart/app/values.yaml
View File

@ -13,6 +13,15 @@ serviceAccount:
annotations: {}
name: ""
configMap:
create: false
name: gitdataai
persistence:
data:
claimName: app-data-pvc
mountPath: /data
gitdata:
enabled: true
replicaCount: 1
@ -21,12 +30,6 @@ gitdata:
registry: ""
tag: ""
env:
APP_API_PORT: "8080"
APP_OTEL_SERVICE_NAME: "gitdata-api"
APP_GIT_RPC_ADDR: ""
APP_GIT_RPC_PORT: "50051"
service:
type: ClusterIP
port: 8080
@ -88,16 +91,6 @@ gitpod:
registry: ""
tag: ""
env:
APP_GIT_HTTP_PORT: "8080"
APP_SSH_PORT: "2222"
APP_GIT_RPC_ADDR: "0.0.0.0"
APP_GIT_RPC_PORT: "50051"
APP_OTEL_SERVICE_NAME: "gitpod"
APP_SSH_DOMAIN: ""
APP_GIT_HTTP_DOMAIN: ""
APP_REPOS_ROOT: "/data/repos"
service:
type: ClusterIP
port: 8080
@ -155,8 +148,8 @@ gitpod:
tolerations: []
affinity: {}
# -- SSH host key secret (mount to /etc/ssh)
sshHostKeySecret: ""
# -- SSH host key secret mounted to /etc/ssh.
sshHostKeySecret: gitpod-ssh-host-keys
# -- Data volumes (repos storage)
volumes: []
@ -171,11 +164,6 @@ gitsync:
registry: ""
tag: ""
env:
APP_GITSYNC_HEALTH_PORT: "8081"
APP_OTEL_SERVICE_NAME: "gitsync"
APP_REPOS_ROOT: "/data/repos"
service:
type: ClusterIP
port: 8081
@ -236,10 +224,6 @@ email:
registry: ""
tag: ""
env:
APP_EMAIL_HEALTH_PORT: "8083"
APP_OTEL_SERVICE_NAME: "email-service"
service:
enabled: false
type: ClusterIP
@ -290,6 +274,63 @@ email:
volumes: []
volumeMounts: []
web:
enabled: true
replicaCount: 1
image:
name: gitdata-web
registry: ""
tag: ""
service:
type: ClusterIP
port: 80
annotations: {}
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 256Mi
startupProbe:
httpGet:
path: /health
port: http
initialDelaySeconds: 5
periodSeconds: 5
failureThreshold: 30
livenessProbe:
httpGet:
path: /health
port: http
periodSeconds: 30
readinessProbe:
httpGet:
path: /health
port: http
periodSeconds: 15
podAnnotations: {}
podSecurityContext:
runAsNonRoot: true
runAsUser: 101
fsGroup: 101
securityContext:
readOnlyRootFilesystem: false
allowPrivilegeEscalation: false
nodeSelector: {}
tolerations: []
affinity: {}
volumes: []
volumeMounts: []
ingress:
enabled: true
className: "nginx"
@ -299,7 +340,9 @@ ingress:
hosts:
- host: dev.gitdata.ai
paths:
- path: /
- path: /api
pathType: Prefix
- path: /socket.io
pathType: Prefix
tls:
- hosts:
@ -352,6 +395,12 @@ autoscaling:
maxReplicas: 3
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: ""
web:
enabled: false
minReplicas: 1
maxReplicas: 3
targetCPUUtilizationPercentage: 80
targetMemoryUtilizationPercentage: ""
podDisruptionBudget:
enabled: false
@ -363,3 +412,5 @@ podDisruptionBudget:
minAvailable: ""
email:
minAvailable: ""
web:
minAvailable: ""