github/privacy-pools-core
1
1
Fork 0
mirror of https://github.com/0xbow-io/privacy-pools-core.git synced 2026-01-09 01:17:58 -05:00
Code Issues 16 Packages Projects Releases Wiki Activity

deploy pipeline

Browse Source
This commit is contained in:
n8wb
2025-02-18 14:55:55 -08:00
parent 8ae370005a
commit c976e67672
10 changed files with 352 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ops/chart/Chart.yaml Normal file
View File

@@ -0,0 +1,5 @@
apiVersion: v1
appVersion: "1.0"
description: Privacy Pool Core
name: privacy-pool-core
version: 0.1.0

32
ops/chart/templates/_helpers.tpl Normal file
View File

@@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

88
ops/chart/templates/deployment.yaml Normal file
View File

@@ -0,0 +1,88 @@
{{- $name := include "name" . -}}
{{- $chart := include "chart" . -}}
{{- range $service, $val := $.Values.services }}
{{- if not .disabled }}
{{- $serviceName := printf "%s-%s" $name $service -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $serviceName }}
namespace: {{ $.Values.namespace }}
labels:
app.kubernetes.io/name: {{ $serviceName }}
app.kubernetes.io/instance: {{ $.Release.Name }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/version: {{ $.Values.version | quote }}
app.kubernetes.io/component: {{ $service }}
helm.sh/chart: {{ $chart }}
{{- if .labels}}
{{ toYaml .labels | nindent 4 }}
{{- end }}
spec:
replicas: {{ default 1 .replicas}}
selector:
matchLabels:
app.kubernetes.io/name: {{ $serviceName }}
app.kubernetes.io/instance: {{ $.Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ $serviceName }}
app.kubernetes.io/instance: {{ $.Release.Name }}
app.kubernetes.io/version: {{ $.Values.version | quote }}
app.kubernetes.io/component: {{ $service }}
helm.sh/chart: {{ $chart }}
{{- if .labels}}
{{ toYaml .labels | indent 8 }}
{{- end }}
spec:
{{- if .serviceAccount}}
serviceAccountName: {{ .serviceAccount }}
{{- end }}
# securityContext:
# runAsNonRoot: true
# seccompProfile:
# type: RuntimeDefault
containers:
- name: {{ $service }}
image: "{{ .image }}:{{ $.Values.version }}"
{{- if .command }}
command: [{{ .command }}]
{{- if .args }}
args: {{- range .args }}
- {{.}}
{{- end }}
{{- end }}
{{- end }}
# securityContext:
# allowPrivilegeEscalation: false
# runAsUser: 1001
# runAsNonRoot: true
# capabilities:
# drop:
# - ALL
env:
- name: NAME
value: {{ $service }}
- name: VERSION
value: {{ $.Values.version | quote }}
- name: VERBOSITY
value: {{ $.Values.verbosity }}
- name: SECRETS
value: {{ join "," .secrets | quote }}
- name: PROJECT_ID
value: {{ $.Values.projectId }}
{{ toYaml $.Values.environment | indent 12 }}
{{- if .environment }}
{{ toYaml .environment | indent 12 }}
{{- end }}
resources:
limits:
{{- toYaml .resources | nindent 14 }}
requests:
{{- toYaml .resources | nindent 14 }}
---
{{ end }}
{{ end }}

52
ops/chart/templates/ingress.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- $chart := include "chart" . }}
{{- $name := include "name" . -}}
{{- range $service, $val := $.Values.services }}
{{- if and .ingress (not .disabled) }}
{{- $serviceName := printf "%s-%s" $name $service -}}
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: {{ $serviceName }}
namespace: {{ $.Values.namespace }}
labels:
app.kubernetes.io/name: {{ $serviceName }}
app.kubernetes.io/component: {{ $service }}
helm.sh/chart: {{ $chart }}
app.kubernetes.io/instance: {{ $.Release.Name }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/version: {{ $.Values.version | quote }}
{{- if .labels}}
{{- toYaml .labels | nindent 4 }}
{{- end }}
{{- if $.Values.ingress.annotations }}
{{- with $.Values.ingress.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
spec:
tls:
{{- range .ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
rules:
- host: {{ .ingress.host}}
http:
paths:
{{- range .paths }}
- path: {{ . }}
pathType: Prefix
backend:
service:
name: {{ $serviceName }}
port:
number: {{ $.Values.service.port }}
{{- end }}
---
{{- end }}
{{- end }}

21
ops/chart/templates/service-account.yaml Normal file
View File

@@ -0,0 +1,21 @@
{{- $name := include "name" . -}}
{{- $chart := include "chart" . -}}
{{- range $service, $val := $.Values.services }}
{{- if and $val.serviceAccount (not $val.disabled) }}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ $val.serviceAccount }}
namespace: {{ $.Values.namespace }}
annotations:
iam.gke.io/gcp-service-account: "{{$val.serviceAccount }}@{{ $.Values.projectId}}.iam.gserviceaccount.com"
labels:
app.kubernetes.io/instance: {{ $.Release.Name }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/version: {{ $.Values.version | quote }}
app.kubernetes.io/component: {{ $service }}
helm.sh/chart: {{ $chart }}
---
{{ end }}
{{- end }}

35
ops/chart/templates/service.yaml Normal file
View File

@@ -0,0 +1,35 @@
{{- $chart := include "chart" . }}
{{- $name := include "name" . -}}
{{- range $service, $val := .Values.services }}
{{- $serviceName := printf "%s-%s" $name $service -}}
{{- if and .service (not .disabled) }}
apiVersion: v1
kind: Service
metadata:
name: {{ $serviceName }}
namespace: {{ $.Values.namespace }}
labels:
app.kubernetes.io/name: {{ $serviceName }}
app.kubernetes.io/component: {{ $service }}
helm.sh/chart: {{ $chart }}
app.kubernetes.io/instance: {{ $.Release.Name }}
app.kubernetes.io/managed-by: {{ $.Release.Service }}
app.kubernetes.io/version: {{ $.Values.version | quote }}
{{- if .labels}}
{{- toYaml .labels | nindent 4 }}
{{- end }}
spec:
type: {{ .service.type }}
ports:
- port: {{ .service.port }}
targetPort: {{ .targetPort }}
protocol: {{ .protocol }}
name: http
selector:
app.kubernetes.io/name: {{ $serviceName }}
app.kubernetes.io/instance: {{ $.Release.Name }}
---
{{- end }}
{{- end }}

24
ops/chart/values.staging.relayer.yaml Normal file
View File

@@ -0,0 +1,24 @@
services:
relayer:
image: us-central1-docker.pkg.dev/oxbow-406621/privacy-pools-core/staging/relayer
serviceAccount: relayer-staging
command: python3
args: ["/app/main.py"]
resources:
cpu: 100m
memory: 2Gi
service:
type: ClusterIP
port: 80
protocol: TCP
targetPort: 3000
ingress:
host: testnet-relayer.privacypools.com
paths:
- /
tls:
- secretName: privacypools-tls
hosts:
- testnet-relayer.privacypools.com

3
ops/chart/values.staging.yaml Normal file
View File

@@ -0,0 +1,3 @@
namespace: staging

22
ops/chart/values.yaml Normal file
View File

@@ -0,0 +1,22 @@
services:
version: latest
replicaCount: 1
ingress:
annotations:
kubernetes.io/ingress.class: nginx
nginx.org/mergeable-ingress-type: "minion"
nginx.ingress.kubernetes.io/enable-cors: "true"
nginx.ingress.kubernetes.io/cors-allow-origin: "*"
verbosity: WARN
# Shared environment variables
environment:
- name: PORT
value: "8080"
projectId: oxbow-406621
namespace: default