diff --git a/helm/blueapi/README.md b/helm/blueapi/README.md new file mode 100644 index 000000000..c8091590a --- /dev/null +++ b/helm/blueapi/README.md @@ -0,0 +1,43 @@ +# blueapi + +![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) + +A helm chart deploying a worker pod that runs Bluesky plans + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| affinity | object | `{}` | affinity to put into the container. | +| fullnameOverride | string | `""` | Set the application name used for all kubernetes objects instantiated by this chart, overriding default configuations and those generated by setting '.Values.nameOverride'. | +| hostNetwork | bool | `false` | indicates if the kubernetes objects created by this chart should run on the host network. This may be necessary for example to put values onto PVs, as their associated IOCs may only be accessible via the internal beamline network. Warning: some kubernetes configs may behave unexpectedly if this is set to true. | +| image.pullPolicy | string | `"Always"` | When to pull the image into the pods. Can be set to, 'IfNotPresent', 'Always' or 'Never'. | +| image.repository | string | `"ghcr.io/diamondlightsource/blueapi"` | Where to get the blueapi image from. Defaults to the blueapi image uploaded in the Github container registry (ghcr), which is updated on each release. | +| image.tag | string | `""` | Image tag, defaults to the chart appVersion. | +| imagePullSecrets | list | `[]` | Kubernetes secret(s) needed to access the repository hosting the image at image.repository. | +| ingress.create | bool | `false` | Creates an ingress if set to true, which by default maps to the port of the service in .Values.service. | +| listener.enabled | bool | `true` | | +| listener.resources | object | `{}` | | +| nameOverride | string | `""` | Customise the application name used for all kubernetes objects instantiated by this chart. If null, the name becomes '-' if the release and chart names are unique, or '<.Chart.Name>' if they are not. If this property is set, the name becomes '<.Release.Name>-<.Vallues.nameOverride>'. | +| nodeSelector | object | `{}` | nodeSelector to put into the container. | +| podAnnotations | object | `{}` | Annotations to pass to the container pods. | +| podSecurityContext | object | `{}` | Define privilege/access settings for the container pods. | +| replicaCount | int | `1` | How many replicated pods kubernetes should have running in the container. | +| resources | object | `{}` | Resources to put into the container. | +| scratch.containerPath | string | `"/blueapi-plugins/scratch"` | desired location of the mounted volume within the container | +| scratch.hostPath | string | `""` | location of host machine directory to be mounted into the container as a volume. e.g. /usr/local/blueapi-software-scratch | +| securityContext | object | `{}` | Define privilege/access settings for the container. | +| service.port | int | `80` | Which port to expose to. | +| service.type | string | `"ClusterIP"` | What type of service to use to expose ports from the container. Recommended to use ClusterIP and set up an ingress. | +| serviceAccount.annotations | object | `{}` | | +| serviceAccount.create | bool | `false` | | +| serviceAccount.name | string | `""` | | +| tolerations | list | `[]` | tolerations to put into the container. | +| worker.api.host | string | `"0.0.0.0"` | url at which to run blueapi rest server within the pod. Defaults to localhost; this gets exposed via a service and potentially ingress. | +| worker.api.port | int | `8000` | port at which to expose blueapi rest server. | +| worker.env.sources | list | `[{"kind":"deviceFunctions","module":"blueapi.startup.example_devices"},{"kind":"planFunctions","module":"blueapi.startup.example_plans"},{"kind":"planFunctions","module":"dls_bluesky_core.plans"},{"kind":"planFunctions","module":"dls_bluesky_core.stubs"}]` | blueapi will look at these python modules and import them differently based on if they contain devices or plans. See the corresponding modules for an example of how this should look like. | +| worker.stomp.auth.passcode | string | `"guest"` | passcode to authenticate to stomp within blueapi server. Strongly recommended to inject this as a sealed secret and *remove this line entirely* in your own implementations of this chart for security reasons. | +| worker.stomp.auth.username | string | `"guest"` | username to authenticate to stomp within blueapi server. | +| worker.stomp.host | string | `"rabbitmq"` | name or url to use to connect to a running rabbitmq instance. | +| worker.stomp.port | int | `61613` | port to use to connect to a running rabbitmq instance. | + diff --git a/helm/blueapi/values.yaml b/helm/blueapi/values.yaml index 4e7bbb259..3177e4b91 100644 --- a/helm/blueapi/values.yaml +++ b/helm/blueapi/values.yaml @@ -2,33 +2,42 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. +# -- How many replicated pods kubernetes should have running in the container. replicaCount: 1 image: + # -- Where to get the blueapi image from. Defaults to the blueapi image uploaded in the Github container registry (ghcr), which is updated on each release. repository: ghcr.io/diamondlightsource/blueapi + # -- When to pull the image into the pods. Can be set to, 'IfNotPresent', 'Always' or 'Never'. pullPolicy: Always - # Overrides the image tag whose default is the chart appVersion. + # -- Image tag, defaults to the chart appVersion. tag: "" +# -- Kubernetes secret(s) needed to access the repository hosting the image at image.repository. imagePullSecrets: [] +# -- Customise the application name used for all kubernetes objects instantiated by this chart. If null, the name becomes '-' if the release and chart names are unique, or '<.Chart.Name>' if they are not. If this property is set, the name becomes '<.Release.Name>-<.Vallues.nameOverride>'. nameOverride: "" +# -- Set the application name used for all kubernetes objects instantiated by this chart, overriding default configuations and those generated by setting '.Values.nameOverride'. fullnameOverride: "" serviceAccount: - # Specifies whether a service account should be created + # If set to true, creates a serviceAccount on install. create: false - # Annotations to add to the service account + # Annotations to add to the serviceAccount - only valid if serviceAccount.create is set to true. annotations: {} - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template + # The name to use for the serviceAccount - only valid if serviceAccount.create is set to true. + # If not set, the app name configured by .Values.fullnameOverride or .Values.nameOverride is used (or the defaults given in their descriptions). name: "" +# -- Annotations to pass to the container pods. podAnnotations: {} +# -- Define privilege/access settings for the container pods. podSecurityContext: {} # fsGroup: 2000 +# -- Define privilege/access settings for the container. securityContext: {} # capabilities: @@ -38,15 +47,18 @@ securityContext: # runAsNonRoot: true # runAsUser: 1000 -# Recommended for production to change service.type to ClusterIP and set up an Ingress service: + # -- What type of service to use to expose ports from the container. Recommended to use ClusterIP and set up an ingress. type: ClusterIP + # -- Which port to expose to. port: 80 ingress: + # -- Creates an ingress if set to true, which by default maps to the port of the service in .Values.service. create: false # host: foo.diamond.ac.uk (assumes port = service.port) +# -- Resources to put into the container. resources: {} # We usually recommend not to specify default resources and to leave this as a conscious @@ -60,29 +72,38 @@ resources: # cpu: 100m # memory: 128Mi +# -- nodeSelector to put into the container. nodeSelector: {} +# -- tolerations to put into the container. tolerations: [] +# -- affinity to put into the container. affinity: {} #existingSecret: see templates/secret.yaml -hostNetwork: false # May be needed for talking to arcane protocols such as EPICS +# -- indicates if the kubernetes objects created by this chart should run on the host network. This may be necessary for example to put values onto PVs, as their associated IOCs may only be accessible via the internal beamline network. Warning: some kubernetes configs may behave unexpectedly if this is set to true. +hostNetwork: false listener: enabled: true resources: {} scratch: - hostPath: "" # example: /usr/local/blueapi-software-scratch + # -- location of host machine directory to be mounted into the container as a volume. e.g. /usr/local/blueapi-software-scratch + hostPath: "" + # -- desired location of the mounted volume within the container containerPath: /blueapi-plugins/scratch worker: api: + # -- url at which to run blueapi rest server within the pod. Defaults to localhost; this gets exposed via a service and potentially ingress. host: 0.0.0.0 # Allow non-loopback traffic + # -- port at which to expose blueapi rest server. port: 8000 env: + # -- blueapi will look at these python modules and import them differently based on if they contain devices or plans. See the corresponding modules for an example of how this should look like. sources: - kind: deviceFunctions module: blueapi.startup.example_devices @@ -94,8 +115,13 @@ worker: module: dls_bluesky_core.stubs stomp: auth: + # -- username to authenticate to stomp within blueapi server. username: guest + # -- passcode to authenticate to stomp within blueapi server. Strongly recommended to inject this as a sealed secret and *remove this line entirely* in your own implementations of this chart for security reasons. passcode: guest + # -- name or url to use to connect to a running rabbitmq instance. host: rabbitmq + # -- port to use to connect to a running rabbitmq instance. port: 61613 + # Config for the worker goes here, will be mounted into a config file