Skip to content

Commit 42021f3

Browse files
bxy4543bxy4543
committed
init deploy helm chart
1 parent 0068c03 commit 42021f3

14 files changed

Lines changed: 576 additions & 265 deletions

File tree

frontend/providers/devbox/deploy/Kubefile

Lines changed: 3 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,7 @@ FROM scratch
33
USER 65532:65532
44

55
COPY registry registry
6-
COPY manifests manifests
6+
COPY charts charts
7+
COPY devbox-frontend-entrypoint.sh devbox-frontend-entrypoint.sh
78

8-
ENV cloudDomain="127.0.0.1.nip.io"
9-
ENV cloudPort=""
10-
ENV certSecretName="wildcard-cert"
11-
ENV registryAddr="sealos.hub:5000"
12-
13-
CMD ["kubectl apply -f manifests"]
9+
CMD ["bash devbox-frontend-entrypoint.sh"]

frontend/providers/devbox/deploy/charts/devbox-frontend/Chart.yaml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
apiVersion: v2
2+
name: devbox-frontend
3+
description: Sealos Devbox Frontend Helm Chart
4+
type: application
5+
version: 1.0.0
6+
appVersion: "latest"

frontend/providers/devbox/deploy/charts/devbox-frontend/devbox-frontend-values.yaml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
# User-customizable values for devbox frontend.
2+
3+
devboxConfig:
4+
tlsRejectUnauthorized: "1"
5+
documentUrlZH: https://sealos.run/docs/overview/intro
6+
documentUrlEN: https://sealos.io/docs/overview/intro
7+
privacyUrlZH: https://sealos.run/docs/msa/privacy-policy
8+
privacyUrlEN: https://sealos.io/docs/msa/privacy-policy
9+
monitorURL: http://launchpad-monitor.sealos.svc.cluster.local:8428
10+
accountURL: http://account-service.account-system.svc.cluster.local:2333
11+
rootRuntimeNamespace: devbox-system
12+
currencySymbol: usd
13+
gpuEnable: "false"
14+
retagSvcURL: http://devbox-service.devbox-system.svc.cluster.local:8092
15+
devboxAffinityEnable: "true"
16+
squashEnable: "false"
17+
enableImportFeature: "false"
18+
enableWebideFeature: "false"

frontend/providers/devbox/deploy/charts/devbox-frontend/templates/_helpers.tpl

Lines changed: 62 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,62 @@
1+
{{/*
2+
Expand the name of the chart.
3+
*/}}
4+
{{- define "devbox-frontend.name" -}}
5+
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
6+
{{- end }}
7+
8+
{{/*
9+
Create a default fully qualified app name.
10+
*/}}
11+
{{- define "devbox-frontend.fullname" -}}
12+
{{- if .Values.fullnameOverride }}
13+
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
14+
{{- else }}
15+
{{- $name := default .Chart.Name .Values.nameOverride }}
16+
{{- if contains $name .Release.Name }}
17+
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
18+
{{- else }}
19+
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
20+
{{- end }}
21+
{{- end }}
22+
{{- end }}
23+
24+
{{/*
25+
Create chart name and version as used by the chart label.
26+
*/}}
27+
{{- define "devbox-frontend.chart" -}}
28+
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
29+
{{- end }}
30+
31+
{{/*
32+
Common labels
33+
*/}}
34+
{{- define "devbox-frontend.labels" -}}
35+
helm.sh/chart: {{ include "devbox-frontend.chart" . }}
36+
{{ include "devbox-frontend.selectorLabels" . }}
37+
{{- if .Chart.AppVersion }}
38+
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
39+
{{- end }}
40+
app.kubernetes.io/managed-by: {{ .Release.Service }}
41+
{{- end }}
42+
43+
{{/*
44+
Selector labels
45+
*/}}
46+
{{- define "devbox-frontend.selectorLabels" -}}
47+
app.kubernetes.io/name: {{ include "devbox-frontend.name" . }}
48+
app.kubernetes.io/instance: {{ .Release.Name }}
49+
{{- end }}
50+
51+
{{/*
52+
External hostname without scheme.
53+
*/}}
54+
{{- define "devbox-frontend.externalHost" -}}
55+
{{- $host := .Values.ingress.host | default (printf "devbox.%s" .Values.devboxConfig.cloudDomain) -}}
56+
{{- $port := toString .Values.devboxConfig.cloudPort -}}
57+
{{- if and $port (ne $port "") -}}
58+
{{- printf "%s:%s" $host $port -}}
59+
{{- else -}}
60+
{{- $host -}}
61+
{{- end -}}
62+
{{- end }}

frontend/providers/devbox/deploy/charts/devbox-frontend/templates/app.yaml

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
{{- if .Values.app.enabled }}
2+
apiVersion: app.sealos.io/v1
3+
kind: App
4+
metadata:
5+
name: {{ .Values.app.name }}
6+
namespace: {{ .Values.app.namespace }}
7+
spec:
8+
data:
9+
desc: Devbox
10+
url: {{ printf "https://%s" (include "devbox-frontend.externalHost" .) | quote }}
11+
icon: {{ printf "https://%s/logo.svg" (include "devbox-frontend.externalHost" .) | quote }}
12+
i18n:
13+
zh:
14+
name: Devbox
15+
zh-Hans:
16+
name: Devbox
17+
name: {{ .Values.app.name }}
18+
type: {{ .Values.app.type }}
19+
displayType: {{ .Values.app.displayType }}
20+
{{- end }}

frontend/providers/devbox/deploy/charts/devbox-frontend/templates/configmap.yaml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
apiVersion: v1
2+
kind: ConfigMap
3+
metadata:
4+
name: {{ include "devbox-frontend.fullname" . }}-config
5+
namespace: {{ .Release.Namespace }}
6+
labels:
7+
{{- include "devbox-frontend.labels" . | nindent 4 }}
8+
data:
9+
config.yaml: |-
10+
addr: :3000

frontend/providers/devbox/deploy/charts/devbox-frontend/templates/deployment.yaml

Lines changed: 147 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,147 @@
1+
apiVersion: apps/v1
2+
kind: Deployment
3+
metadata:
4+
name: {{ include "devbox-frontend.fullname" . }}
5+
namespace: {{ .Release.Namespace }}
6+
labels:
7+
{{- include "devbox-frontend.labels" . | nindent 4 }}
8+
spec:
9+
replicas: {{ .Values.replicaCount }}
10+
selector:
11+
matchLabels:
12+
{{- include "devbox-frontend.selectorLabels" . | nindent 6 }}
13+
strategy:
14+
type: RollingUpdate
15+
rollingUpdate:
16+
maxUnavailable: 25%
17+
maxSurge: 25%
18+
template:
19+
metadata:
20+
labels:
21+
{{- include "devbox-frontend.selectorLabels" . | nindent 8 }}
22+
{{- with .Values.podLabels }}
23+
{{- toYaml . | nindent 8 }}
24+
{{- end }}
25+
{{- with .Values.podAnnotations }}
26+
annotations:
27+
{{- toYaml . | nindent 8 }}
28+
{{- end }}
29+
spec:
30+
{{- with .Values.imagePullSecrets }}
31+
imagePullSecrets:
32+
{{- toYaml . | nindent 8 }}
33+
{{- end }}
34+
securityContext:
35+
{{- toYaml .Values.podSecurityContext | nindent 8 }}
36+
initContainers:
37+
- name: devbox-frontend-init
38+
image: "{{ .Values.image }}"
39+
imagePullPolicy: {{ .Values.imagePullPolicy }}
40+
env:
41+
- name: DATABASE_URL
42+
value: {{ .Values.devboxConfig.databaseURL | quote }}
43+
- name: DATABASE_PROVIDER
44+
value: {{ .Values.global.featureConfigs.database.type | quote }}
45+
command:
46+
- sh
47+
- -c
48+
args:
49+
- |-
50+
cd /app/providers/devbox
51+
DB_PROVIDER="${DATABASE_PROVIDER:-cockroachdb}"
52+
SCHEMA_PATH="./prisma/cockroach/schema.prisma"
53+
if [ "$DB_PROVIDER" = "postgresql" ] || [ "$DB_PROVIDER" = "postgres" ] || [ "$DB_PROVIDER" = "pg" ]; then
54+
SCHEMA_PATH="./prisma/postgresql/schema.prisma"
55+
HAS_UUID_FN=$(psql "$DATABASE_URL" -tAc "SELECT 1 FROM pg_proc WHERE proname='gen_random_uuid' LIMIT 1;")
56+
if [ "$HAS_UUID_FN" != "1" ]; then
57+
psql "$DATABASE_URL" -v ON_ERROR_STOP=1 -c 'CREATE OR REPLACE FUNCTION public.gen_random_uuid() RETURNS uuid LANGUAGE SQL VOLATILE AS $func$ SELECT md5(random()::text || clock_timestamp()::text || txid_current()::text)::uuid; $func$;'
58+
fi
59+
MIGRATION="20260125094114_add_template_repository_kind"
60+
HAS_MIGRATION=$(psql "$DATABASE_URL" -tAc "SELECT 1 FROM _prisma_migrations WHERE migration_name='${MIGRATION}' AND rolled_back_at IS NULL LIMIT 1;")
61+
if [ "$HAS_MIGRATION" = "1" ]; then
62+
prisma migrate deploy --schema "$SCHEMA_PATH"
63+
exit 0
64+
fi
65+
HAS_ENUM=$(psql "$DATABASE_URL" -tAc "SELECT 1 FROM pg_enum e JOIN pg_type t ON t.oid = e.enumtypid WHERE t.typname IN ('TemplateRepositoryKind','template_repository_kind') AND e.enumlabel = 'SERVICE' LIMIT 1;")
66+
if [ "$HAS_ENUM" = "1" ]; then
67+
prisma migrate resolve --schema "$SCHEMA_PATH" --applied "$MIGRATION"
68+
fi
69+
fi
70+
prisma migrate deploy --schema "$SCHEMA_PATH"
71+
containers:
72+
- name: {{ include "devbox-frontend.name" . }}
73+
image: "{{ .Values.image }}"
74+
imagePullPolicy: {{ .Values.imagePullPolicy }}
75+
securityContext:
76+
{{- toYaml .Values.securityContext | nindent 12 }}
77+
env:
78+
- name: NODE_TLS_REJECT_UNAUTHORIZED
79+
value: {{ .Values.devboxConfig.tlsRejectUnauthorized | quote }}
80+
- name: DOCUMENT_URL_ZH
81+
value: {{ .Values.devboxConfig.documentUrlZH | quote }}
82+
- name: DOCUMENT_URL_EN
83+
value: {{ .Values.devboxConfig.documentUrlEN | quote }}
84+
- name: PRIVACY_URL_ZH
85+
value: {{ .Values.devboxConfig.privacyUrlZH | quote }}
86+
- name: PRIVACY_URL_EN
87+
value: {{ .Values.devboxConfig.privacyUrlEN | quote }}
88+
- name: SEALOS_DOMAIN
89+
value: {{ .Values.devboxConfig.cloudDomain | quote }}
90+
- name: INGRESS_SECRET
91+
value: {{ .Values.devboxConfig.certSecretName | quote }}
92+
- name: REGISTRY_ADDR
93+
value: {{ .Values.devboxConfig.registryAddr | quote }}
94+
- name: DEVBOX_AFFINITY_ENABLE
95+
value: {{ .Values.devboxConfig.devboxAffinityEnable | quote }}
96+
- name: MONITOR_URL
97+
value: {{ .Values.devboxConfig.monitorURL | quote }}
98+
- name: SQUASH_ENABLE
99+
value: {{ .Values.devboxConfig.squashEnable | quote }}
100+
- name: ACCOUNT_URL
101+
value: {{ .Values.devboxConfig.accountURL | quote }}
102+
- name: ROOT_RUNTIME_NAMESPACE
103+
value: {{ .Values.devboxConfig.rootRuntimeNamespace | quote }}
104+
- name: INGRESS_DOMAIN
105+
value: {{ default .Values.devboxConfig.cloudDomain .Values.devboxConfig.ingressDomain | quote }}
106+
- name: CURRENCY_SYMBOL
107+
value: {{ .Values.devboxConfig.currencySymbol | quote }}
108+
- name: GPU_ENABLE
109+
value: {{ .Values.devboxConfig.gpuEnable | quote }}
110+
- name: PRIVACY_URL
111+
value: {{ .Values.devboxConfig.privacyUrlZH | quote }}
112+
- name: RETAG_SVC_URL
113+
value: {{ .Values.devboxConfig.retagSvcURL | quote }}
114+
- name: JWT_SECRET
115+
value: {{ .Values.devboxConfig.jwtInternal | quote }}
116+
- name: REGION_UID
117+
value: {{ .Values.devboxConfig.regionUID | quote }}
118+
- name: DATABASE_URL
119+
value: {{ .Values.devboxConfig.databaseURL | quote }}
120+
- name: DATABASE_PROVIDER
121+
value: {{ .Values.global.featureConfigs.database.type | quote }}
122+
- name: ENABLE_IMPORT_FEATURE
123+
value: {{ .Values.devboxConfig.enableImportFeature | quote }}
124+
- name: ENABLE_WEBIDE_FEATURE
125+
value: {{ .Values.devboxConfig.enableWebideFeature | quote }}
126+
resources:
127+
{{- toYaml .Values.resources | nindent 12 }}
128+
volumeMounts:
129+
- name: devbox-frontend-volume
130+
mountPath: /config.yaml
131+
subPath: config.yaml
132+
{{- with .Values.affinity }}
133+
affinity:
134+
{{- toYaml . | nindent 8 }}
135+
{{- end }}
136+
{{- with .Values.nodeSelector }}
137+
nodeSelector:
138+
{{- toYaml . | nindent 8 }}
139+
{{- end }}
140+
{{- with .Values.tolerations }}
141+
tolerations:
142+
{{- toYaml . | nindent 8 }}
143+
{{- end }}
144+
volumes:
145+
- name: devbox-frontend-volume
146+
configMap:
147+
name: {{ include "devbox-frontend.fullname" . }}-config

frontend/providers/devbox/deploy/charts/devbox-frontend/templates/ingress.yaml

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
{{- if .Values.ingress.enabled }}
2+
apiVersion: networking.k8s.io/v1
3+
kind: Ingress
4+
metadata:
5+
name: {{ include "devbox-frontend.fullname" . }}
6+
namespace: {{ .Release.Namespace }}
7+
labels:
8+
{{- include "devbox-frontend.labels" . | nindent 4 }}
9+
annotations:
10+
kubernetes.io/ingress.class: {{ .Values.ingress.className | quote }}
11+
nginx.ingress.kubernetes.io/configuration-snippet: |
12+
more_clear_headers "X-Frame-Options:";
13+
more_set_headers "Content-Security-Policy: default-src * blob: data: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }}; img-src * data: blob: resource: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }}; connect-src * wss: blob: resource:; style-src 'self' 'unsafe-inline' blob: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} resource:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} resource: *.baidu.com *.bdstatic.com; frame-src 'self' {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} mailto: tel: weixin: mtt: *.baidu.com; frame-ancestors 'self' https://{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} https://*.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }}";
14+
more_set_headers "X-Xss-Protection: 1; mode=block";
15+
higress.io/response-header-control-remove: X-Frame-Options
16+
higress.io/response-header-control-update: |
17+
Content-Security-Policy "default-src * blob: data: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }}; img-src * data: blob: resource: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }}; connect-src * wss: blob: resource:; style-src 'self' 'unsafe-inline' blob: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} resource:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob: *.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} resource: *.baidu.com *.bdstatic.com; frame-src 'self' {{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} mailto: tel: weixin: mtt: *.baidu.com; frame-ancestors 'self' https://{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }} https://*.{{ .Values.devboxConfig.cloudDomain }}{{- if .Values.devboxConfig.cloudPort -}}:{{ .Values.devboxConfig.cloudPort }}{{- end }}"
18+
X-Xss-Protection "1; mode=block"
19+
{{- with .Values.ingress.annotations }}
20+
{{- toYaml . | nindent 4 }}
21+
{{- end }}
22+
spec:
23+
ingressClassName: {{ .Values.ingress.className | quote }}
24+
rules:
25+
- host: {{ .Values.ingress.host | default (printf "devbox.%s" .Values.devboxConfig.cloudDomain) | quote }}
26+
http:
27+
paths:
28+
- pathType: Prefix
29+
path: /
30+
backend:
31+
service:
32+
name: {{ include "devbox-frontend.fullname" . }}
33+
port:
34+
number: {{ .Values.service.port }}
35+
tls:
36+
- hosts:
37+
- {{ .Values.ingress.host | default (printf "devbox.%s" .Values.devboxConfig.cloudDomain) | quote }}
38+
secretName: {{ .Values.ingress.certSecretName | quote }}
39+
---
40+
{{- if .Values.ingress.challenge.enabled }}
41+
apiVersion: networking.k8s.io/v1
42+
kind: Ingress
43+
metadata:
44+
name: devbox-challenge
45+
namespace: {{ .Release.Namespace }}
46+
labels:
47+
{{- include "devbox-frontend.labels" . | nindent 4 }}
48+
annotations:
49+
kubernetes.io/ingress.class: {{ .Values.ingress.className | quote }}
50+
spec:
51+
ingressClassName: {{ .Values.ingress.className | quote }}
52+
rules:
53+
- host: {{ .Values.ingress.challenge.host | quote }}
54+
http:
55+
paths:
56+
- pathType: Prefix
57+
path: {{ .Values.ingress.challenge.path | quote }}
58+
backend:
59+
service:
60+
name: {{ include "devbox-frontend.fullname" . }}
61+
port:
62+
number: {{ .Values.service.port }}
63+
{{- end }}
64+
{{- end }}

frontend/providers/devbox/deploy/charts/devbox-frontend/templates/service.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
apiVersion: v1
2+
kind: Service
3+
metadata:
4+
name: {{ include "devbox-frontend.fullname" . }}
5+
namespace: {{ .Release.Namespace }}
6+
labels:
7+
{{- include "devbox-frontend.labels" . | nindent 4 }}
8+
spec:
9+
type: {{ .Values.service.type }}
10+
ports:
11+
- name: http
12+
port: {{ .Values.service.port }}
13+
protocol: TCP
14+
targetPort: {{ .Values.service.port }}
15+
selector:
16+
{{- include "devbox-frontend.selectorLabels" . | nindent 4 }}

0 commit comments

Comments
 (0)