Start roughing out K8s deployment spec for api-server; bootstrap global locks AFTER DB migrations have run

2025-02-25 00:18:45 -05:00
parent 0ce3ba0512
commit ed7b167167
11 changed files with 119 additions and 15 deletions
--- a/deploy/.gitignore
+++ b/deploy/.gitignore
@@ -0,0 +1 @@
+10-environment.yaml
--- a/deploy/0-namespace.yaml
+++ b/deploy/0-namespace.yaml
@@ -0,0 +1,5 @@
+---
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: p5x-system
--- a/deploy/20-volume.yaml
+++ b/deploy/20-volume.yaml
@@ -0,0 +1,27 @@
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: system-data
+  namespace: p5x-system
+spec:
+  capacity:
+    storage: 5Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: local-storage
+  local:
+    path: /mnt/p5x-system-data
+  claimRef:
+    namespace: p5x-system
+    name: system-data
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - control.k8s
--- a/deploy/22-volumeclaim.yaml
+++ b/deploy/22-volumeclaim.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: system-data
+  namespace: p5x-system
+spec:
+  storageClassName: local
+  accessModes:
+    - ReadWriteOnce
+  volumeName: system-data
+  resources:
+    requests:
+      storage: 5Gi
--- a/deploy/40-statefulset.yaml
+++ b/deploy/40-statefulset.yaml
@@ -0,0 +1,51 @@
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  labels:
+    app.kubernetes.io/component: api-server
+    app.kubernetes.io/name: p5x-api-server
+  name: p5x-api-server
+  namespace: p5x-system
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: p5x-api-server
+  serviceName: p5x-api-server
+  template:
+    metadata:
+      labels:
+        app: p5x-api-server
+    spec:
+      priorityClassName: system-cluster-critical
+      volumes:
+        - name: p5x-system-data
+          persistentVolumeClaim:
+            claimName: system-data
+      containers:
+        - name: api-server
+          image: registry.millslan.net/glmdev/p5x-api:latest
+# TODO: (1) add a dedicated /healthz endpoint and (2) prevent that endpoint from writing to the Rocket logs
+#          livenessProbe:
+#            failureThreshold: 5
+#            httpGet:
+#              path: /system/pubkey
+#              port: p5x
+#            initialDelaySeconds: 10
+#            periodSeconds: 120
+#            timeoutSeconds: 10
+          envFrom:
+            - configMapRef:
+                name: api-env
+          env:
+            - name: P5X_NODE_HOSTNAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: spec.nodeName
+          ports:
+            - containerPort: 3450
+              name: p5x
+          volumeMounts:
+            - mountPath: /p5x/data
+              name: p5x-system-data