diff --git a/charts/attic/.helmignore b/charts/attic/.helmignore deleted file mode 100644 index 0e8a0eb..0000000 --- a/charts/attic/.helmignore +++ /dev/null @@ -1,23 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*.orig -*~ -# Various IDEs -.project -.idea/ -*.tmproj -.vscode/ diff --git a/charts/attic/Chart.yaml b/charts/attic/Chart.yaml index 654e0cc..5dc2044 100644 --- a/charts/attic/Chart.yaml +++ b/charts/attic/Chart.yaml @@ -1,9 +1,10 @@ apiVersion: v2 -name: attic-repo -description: A Nix binary caching server -appVersion: bdafd64910bb2b861cf90fa15f1fc93318b6fbf6 +name: attic +description: | + A Nix binary caching server +appVersion: 4dbdbee45728d8ce5788db6461aaaa89d98081f0 type: application -version: 0.5.1 +version: 0.1.0 maintainers: - name: Tommy Skaug email: tommy@skaug.me diff --git a/charts/attic/templates/_helpers.tpl b/charts/attic/templates/_helpers.tpl new file mode 100644 index 0000000..490a43a --- /dev/null +++ b/charts/attic/templates/_helpers.tpl @@ -0,0 +1,30 @@ +# Define a template for the chart's full name. +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "attic.fullname" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end }} + +# Define a template for standard labels. +{{/* +Common labels +*/}} +{{- define "attic.labels" -}} +helm.sh/chart: {{ include "attic.chart" . }} +app.kubernetes.io/name: {{ include "attic.fullname" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.Version | quote }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +# Define a template for the chart name and version. +{{/* +Generate basic labels +*/}} +{{- define "attic.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" -}} +{{- end }} + +# Optionally, add more helper templates as needed. diff --git a/charts/attic/templates/configuration.yaml b/charts/attic/templates/configuration.yaml new file mode 100644 index 0000000..e13e3e6 --- /dev/null +++ b/charts/attic/templates/configuration.yaml @@ -0,0 +1,74 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "attic.fullname" . }} + labels: + {{- include "attic.labels" . | nindent 4 }} +data: + config.toml: | + listen = "[::]:8080" + allowed-hosts = [] + #api-endpoint = "https://your.domain.tld/" + #soft-delete-caches = false + + [storage] + # Can be "local" or "s3". + type = "local" + + # The directory to store all files under + path = "/var/lib/atticd/storage" + + [database] + #require-proof-of-possession = true + #heartbeat = false + + # Set this if you are using an S3-compatible object storage (e.g., Minio). + #endpoint = "https://xxx.r2.cloudflarestorage.com" + + # If unset, the credentials are read from the `AWS_ACCESS_KEY_ID` and + # `AWS_SECRET_ACCESS_KEY` environment variables. + #[storage.credentials] + # access_key_id = "" + # secret_access_key = "" + + [chunking] + # If 0, chunking is disabled entirely for newly-uploaded NARs. + # If 1, all NARs are chunked. + nar-size-threshold = 65536 # chunk files that are 64 KiB or larger + + # The preferred minimum size of a chunk, in bytes + min-size = 16384 # 16 KiB + + # The preferred average size of a chunk, in bytes + avg-size = 65536 # 64 KiB + + # The preferred maximum size of a chunk, in bytes + max-size = 262144 # 256 KiB + + # Compression + [compression] + # Compression type + # + # Can be "none", "brotli", "zstd", or "xz" + type = "zstd" + + # Compression level + #level = 8 + + # Garbage collection + [garbage-collection] + # The frequency to run garbage collection at + # + # By default it's 12 hours. You can use natural language + # to specify the interval, like "1 day". + # + # If zero, automatic garbage collection is disabled, but + # it can still be run manually with `atticd --mode garbage-collector-once`. + interval = "12 hours" + + # Default retention period + # + # Zero (default) means time-based garbage-collection is + # disabled by default. You can enable it on a per-cache basis. + #default-retention-period = "6 months" diff --git a/charts/attic/templates/db-init.yaml b/charts/attic/templates/db-init.yaml new file mode 100644 index 0000000..0229446 --- /dev/null +++ b/charts/attic/templates/db-init.yaml @@ -0,0 +1,21 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "attic.fullname" . }}-db-init + labels: + {{- include "attic.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +spec: + template: + spec: + restartPolicy: Never + containers: + - name: general-db-init + image: "{{ .Values.initContainers.dbInit.image.repository }}:{{ .Values.initContainers.dbInit.image.tag }}" + envFrom: + - secretRef: + name: {{ .Values.postgres.secretName }} + # Tolerate a few failures, adjust the number as needed + backoffLimit: 3 diff --git a/charts/attic/templates/deployment-server.yaml b/charts/attic/templates/deployment-server.yaml new file mode 100644 index 0000000..e412ff5 --- /dev/null +++ b/charts/attic/templates/deployment-server.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "attic.fullname" . }} + labels: + {{- include "attic.labels" . | nindent 4 }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ include "attic.fullname" . }} + template: + metadata: + labels: + app: {{ include "attic.fullname" . }} + spec: + serviceAccountName: {{ include "attic.fullname" . }} + containers: + - name: {{ include "attic.fullname" . }} + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + command: ["atticd"] + args: ["-f", "/var/lib/atticd/config.toml"] + env: + - name: ATTIC_SERVER_TOKEN_HS256_SECRET_BASE64 + value: {{ .Values.config.externalUrl }} + envFrom: + - secretRef: + name: {{ .Values.envFromSecret }} + resources: + limits: + memory: "128Mi" + cpu: "500m" + ports: + - containerPort: 8080 + name: http + volumeMounts: + - name: {{ include "attic.fullname" . }} + mountPath: "/var/lib/atticd/storage" + readOnly: false + - name: config + mountPath: "/var/lib/atticd/config.toml" + readOnly: true + volumes: + - name: {{ include "attic.fullname" . }} + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} + - name: config + configMap: + name: {{ include "attic.fullname" . }} \ No newline at end of file diff --git a/charts/attic/templates/service-server.yaml b/charts/attic/templates/service-server.yaml new file mode 100644 index 0000000..296ae51 --- /dev/null +++ b/charts/attic/templates/service-server.yaml @@ -0,0 +1,13 @@ +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ include "attic.fullname" . }} + labels: + {{- include "attic.labels" . | nindent 4 }} +spec: + selector: + app: {{ include "attic.fullname" . }} + ports: + - port: 8080 + targetPort: 8080 \ No newline at end of file diff --git a/charts/attic/templates/serviceaccount.yaml b/charts/attic/templates/serviceaccount.yaml new file mode 100644 index 0000000..72890da --- /dev/null +++ b/charts/attic/templates/serviceaccount.yaml @@ -0,0 +1,7 @@ +--- +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "attic.fullname" . }} + labels: + {{- include "attic.labels" . | nindent 4 }} \ No newline at end of file diff --git a/charts/attic/values.yaml b/charts/attic/values.yaml index 208afa6..224a0c7 100644 --- a/charts/attic/values.yaml +++ b/charts/attic/values.yaml @@ -1,6 +1,31 @@ -replicaCount: 1 +config: + externalUrl: https://cache.example.com/ + +persistence: + existingClaim: attic + +initContainers: + dbInit: + image: + repository: ghcr.io/onedr0p/postgres-init + tag: "16" + envFrom: + - secretRef: + name: attic-secret + +envFromSecret: attic-secret image: - repository: zhaofengli/attic - pullPolicy: IfNotPresent - tag: bdafd64910bb2b861cf90fa15f1fc93318b6fbf6 + repository: ghcr.io/zhaofengli/attic + tag: 4dbdbee45728d8ce5788db6461aaaa89d98081f0 + +postgres: + secretName: attic-secret + +resources: + limits: + memory: "3Gi" + cpu: "1000m" +# requests: +# cpu: 100m +# memory: 250Mi