commit 8dad64654c0e99db1d33b9da0709bb28006ac5f6 Author: Swordsteel Date: Sun Aug 31 00:13:52 2025 +0200 initialize py-kms diff --git a/.gitea/workflows/release.yaml b/.gitea/workflows/release.yaml new file mode 100644 index 0000000..0dced27 --- /dev/null +++ b/.gitea/workflows/release.yaml @@ -0,0 +1,11 @@ +name: Publish Helm Chart + +on: + workflow_dispatch: + +jobs: + call-helm-ci: + uses: helm/common-workflows/.gitea/workflows/release.yaml@master + secrets: + CI_BOT_USERNAME: ${{ secrets.CI_BOT_USERNAME }} + CI_BOT_TOKEN: ${{ secrets.CI_BOT_TOKEN }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..62c8935 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.idea/ \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..fdea58f --- /dev/null +++ b/README.md @@ -0,0 +1,94 @@ +# py-kms + +## Basic stuff + +### Install + +```shell +helm install py-kms ./helm --namespace py-kms --create-namespace +``` + +### Update + +```shell +helm -n py-kms upgrade py-kms ./helm/ +``` + +### Check + +```shell +kubectl -n py-kms get cm,pvc,pod,svc +``` + +### Tail Log + +```shell +kubectl -n py-kms logs -f pykms-0 +``` + +### Delete + +```shell +kubectl delete ns py-kms +``` + +## Immigration + +We need to find the location for the files + +### Step 1 + +```shell +kubectl -n py-kms get pvc data-py-kms-0 -o wide +``` + +Output: + +``` +NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS VOLUMEATTRIBUTESCLASS AGE VOLUMEMODE +data-py-kms-0 Bound pvc-b84dce5e-bc04-456c-83c1-6f6f5f326040 1Gi RWO microk8s-hostpath 1m Filesystem +``` + +we need the volume name in this case `pvc-b84dce5e-bc04-456c-83c1-6f6f5f326040` + +### Step 2 + +```shell +kubectl get pv pvc-b84dce5e-bc04-456c-83c1-6f6f5f326040 -o yaml +``` + +Output: + +``` +apiVersion: v1 +kind: PersistentVolume +metadata: + ... +spec: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi + claimRef: + ... + hostPath: + path: /var/snap/microk8s/common/default-storage/py-kms-data-py-kms-0-pvc-b84dce5e-bc04-456c-83c1-6f6f5f326040 + type: DirectoryOrCreate + nodeAffinity: + ... + persistentVolumeReclaimPolicy: Delete + storageClassName: microk8s-hostpath + volumeMode: Filesystem +status: + ... +``` + +We need `spec -> hostPath -> path` in this case `/var/snap/microk8s/common/default-storage/py-kms-data-py-kms-0-pvc-b84dce5e-bc04-456c-83c1-6f6f5f326040` + +### Step 2 + +Login to the old server. and use rsync, don't forget stuff like puid, pgid, file access and stuff. + +```shell +rsync -avz -e ssh ./ username@0.0.0.0:/var/snap/microk8s/common/default-storage/py-kms-data-py-kms-0-pvc-b84dce5e-bc04-456c-83c1-6f6f5f326040 +``` diff --git a/helm/Chart.yaml b/helm/Chart.yaml new file mode 100644 index 0000000..38e8d13 --- /dev/null +++ b/helm/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: py-kms +description: Helm chart for py-kms with MetalLB and StatefulSet +type: application +version: 0.1.0 +appVersion: "python3" \ No newline at end of file diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl new file mode 100644 index 0000000..47d91c1 --- /dev/null +++ b/helm/templates/_helpers.tpl @@ -0,0 +1,7 @@ +{{ define "pykms.name" -}} +{{ .Chart.Name | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{ define "pykms.environment" -}} +{{ printf "environment-%s" .Chart.Name | trunc 51 | trimSuffix "-" }} +{{- end }} \ No newline at end of file diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml new file mode 100644 index 0000000..c8fa361 --- /dev/null +++ b/helm/templates/configmap.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "pykms.environment" . }} +data: + PGID: {{ .Values.environment.PGID | quote }} + PUID: {{ .Values.environment.PUID | quote }} \ No newline at end of file diff --git a/helm/templates/service.yaml b/helm/templates/service.yaml new file mode 100644 index 0000000..da3457c --- /dev/null +++ b/helm/templates/service.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pykms.name" . }} + labels: + app: {{ include "pykms.name" . }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (ne .Values.service.loadBalancerIP "") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + selector: + app: {{ include "pykms.name" . }} + ports: + - name: http + port: {{ .Values.service.uiPort }} + targetPort: 8080 + - name: kms + port: {{ .Values.service.kmsPort }} + targetPort: 1688 \ No newline at end of file diff --git a/helm/templates/statefulset.yaml b/helm/templates/statefulset.yaml new file mode 100644 index 0000000..f5690c5 --- /dev/null +++ b/helm/templates/statefulset.yaml @@ -0,0 +1,77 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "pykms.name" . }} + labels: + app: {{ include "pykms.name" . }} +spec: + serviceName: {{ include "pykms.name" . }} + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ include "pykms.name" . }} + template: + metadata: + labels: + app: {{ include "pykms.name" . }} + spec: + containers: + - name: {{ include "pykms.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ include "pykms.environment" . }} + ports: + - name: http + containerPort: 8080 + protocol: TCP + - name: kms + containerPort: 1688 + protocol: TCP + volumeMounts: + - name: data + mountPath: /home/py-kms/db + {{- if .Values.resources }} + resources: + {{- if .Values.resources.requests }} + requests: + {{- if .Values.resources.requests.cpu }} + cpu: "{{ .Values.resources.requests.cpu }}" + {{- end }} + {{- if .Values.resources.requests.memory }} + memory: "{{ .Values.resources.requests.memory }}" + {{- end }} + {{- end }} + {{- if .Values.resources.limits }} + limits: + {{- if .Values.resources.limits.cpu }} + cpu: "{{ .Values.resources.limits.cpu }}" + {{- end }} + {{- if .Values.resources.limits.memory }} + memory: "{{ .Values.resources.limits.memory }}" + {{- end }} + {{- end }} + {{- end }} + startupProbe: + httpGet: + port: http + path: /readyz + failureThreshold: 30 + periodSeconds: 1 + livenessProbe: + httpGet: + path: /livez + port: http + periodSeconds: 20 + volumeClaimTemplates: + - metadata: + name: data + spec: + accessModes: {{ .Values.persistence.accessModes }} + resources: + requests: + storage: {{ .Values.persistence.size }} + {{- if and .Values.persistence.storageClass (ne .Values.persistence.storageClass "") }} + storageClassName: {{ .Values.persistence.storageClass | quote }} + {{- end }} diff --git a/helm/values.yaml b/helm/values.yaml new file mode 100644 index 0000000..1161e93 --- /dev/null +++ b/helm/values.yaml @@ -0,0 +1,29 @@ +replicaCount: 1 + +image: + repository: "ghcr.io/py-kms-organization/py-kms" + tag: "python3" + pullPolicy: IfNotPresent + +persistence: + accessModes: + - ReadWriteOnce + size: 1Gi + storageClass: + +environment: + PGID: 1000 + PUID: 1000 + +resources: + requests: + cpu: "100m" + memory: "64Mi" + limits: + cpu: "500m" + memory: "256Mi" + +service: + type: ClusterIP + uiPort: 80 + kmsPort: 1688