thaoduc/file
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

asd

Browse Source
This commit is contained in:
thaoduc
2025-10-08 23:37:43 +07:00
parent 610882c57d
commit 4c123eee1b
7 changed files with 443 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

383
label-studio/templates/deployment.yaml
View File

@@ -1,78 +1,371 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "label-studio.fullname" . }}
name: {{ include "ls-app.fullname" . }}
{{- with .Values.app.deploymentAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "label-studio.labels" . | nindent 4 }}
{{- include "ls-app.labels" . | nindent 4 }}
{{- if .Values.app.labels }}
{{- toYaml .Values.app.labels | nindent 4 }}
{{- end }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- if ne .Values.app.replicas nil }}
replicas: {{ .Values.app.replicas }}
{{- end }}
selector:
matchLabels:
{{- include "label-studio.selectorLabels" . | nindent 6 }}
{{- include "ls-app.selectorLabels" . | nindent 6 }}
{{- with .Values.app.deploymentStrategy }}
strategy:
{{- toYaml . | trim | nindent 4 }}
{{- end }}
template:
metadata:
{{- with .Values.podAnnotations }}
{{- with .Values.app.annotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- toYaml . | nindent 12 }}
{{- end }}
labels:
{{- include "label-studio.labels" . | nindent 8 }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- include "ls-app.selectorLabels" . | nindent 8 }}
{{- if .Values.app.podLabels }}
{{- toYaml .Values.app.podLabels | nindent 8 }}
{{- end }}
spec:
{{- with .Values.imagePullSecrets }}
{{- with .Values.global.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "label-studio.serviceAccountName" . }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
serviceAccountName: {{ include "ls-app.serviceAccountName" . }}
{{- if .Values.app.podSecurityContext.enabled }}
securityContext: {{- omit .Values.app.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
{{- with .Values.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
automountServiceAccountToken: {{ .Values.app.automountServiceAccountToken }}
initContainers:
{{- if .Values.app.initContainers }}
{{- range .Values.app.initContainers }}
- name: {{ .name }}
image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }}
args: {{- range .args }}
- {{ . }}
{{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
ports:
- name: http
containerPort: {{ .Values.service.port }}
protocol: TCP
{{- with .Values.livenessProbe }}
livenessProbe:
{{- toYaml . | nindent 12 }}
imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }}
{{- if .restartPolicy }}
restartPolicy: {{ .restartPolicy }}
{{- end }}
{{- with .Values.readinessProbe }}
readinessProbe:
{{- toYaml . | nindent 12 }}
{{- if $.Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.volumeMounts }}
env:
{{- include "ls.common.envs" $ | nindent 12 }}
- name: INIT_CONTAINER
value: "true"
volumeMounts:
{{- toYaml . | nindent 12 }}
- name: data
mountPath: /label-studio/data
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-init
- mountPath: /tmp
name: tmp-dir-init
{{- if $.Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if $.Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .extraVolumeMounts }}
{{ toYaml .extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- with .Values.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.nodeSelector }}
{{- end }}
{{- if not .Values.migrationJob.enabled }}
- name: db-migrations
image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
args: [ "label-studio-migrate" ]
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
{{- if .Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.app.initContainer.resources | nindent 12 }}
env:
{{- include "ls.common.envs" . | nindent 12 }}
- name: INIT_CONTAINER
value: "true"
volumeMounts:
- name: data
mountPath: /label-studio/data
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-init
- mountPath: /tmp
name: tmp-dir-init
{{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .Values.app.extraVolumeMounts }}
{{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- if .Values.app.postMigrationInitContainers }}
{{- range .Values.app.postMigrationInitContainers }}
- name: {{ .name }}
image: {{ or .image (printf "%s/%s:%s" ($.Values.global.image.registry | default "docker.io") $.Values.global.image.repository $.Values.global.image.tag) ($.Chart.AppVersion) }}
args: {{- range .args }}
- {{ . }}
{{- end }}
imagePullPolicy: {{ or .pullPolicy $.Values.global.image.pullPolicy }}
{{- if .restartPolicy }}
restartPolicy: {{ .restartPolicy }}
{{- end }}
{{- if $.Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit $.Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
env:
{{- include "ls.common.envs" $ | nindent 12 }}
- name: INIT_CONTAINER
value: "true"
volumeMounts:
- name: data
mountPath: /label-studio/data
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-init
- mountPath: /tmp
name: tmp-dir-init
{{- if $.Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if $.Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .extraVolumeMounts }}
{{ toYaml .extraVolumeMounts | nindent 12 }}
{{- end }}
{{- end }}
{{- end }}
terminationGracePeriodSeconds: {{ .Values.app.terminationGracePeriodSeconds }}
containers:
- name: app
image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
{{- if .Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args: {{- range .Values.app.args }}
- {{ . }}
{{- end }}
env:
- name: SKIP_DB_MIGRATIONS
value: "true"
{{- include "ls.common.envs" . | nindent 12 }}
{{- if .Values.app.extraEnvironmentVars -}}
{{- range $key, $value := .Values.app.extraEnvironmentVars }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.app.extraEnvironmentSecrets -}}
{{- range $key, $value := .Values.app.extraEnvironmentSecrets }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
valueFrom:
secretKeyRef:
name: {{ $value.secretName }}
key: {{ $value.secretKey }}
{{- end }}
{{- end }}
{{- if or $.Values.app.cmdWrapper $.Values.global.cmdWrapper }}
- name: CMD_WRAPPER
value: {{ coalesce $.Values.app.cmdWrapper $.Values.global.cmdWrapper }}
{{- end }}
{{- if .Values.app.readinessProbe.enabled }}
readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.app.livenessProbe.enabled }}
livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
lifecycle:
preStop:
exec:
command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ]
resources:
{{- toYaml .Values.app.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /label-studio/data
{{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }}
{{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }}
- name: gcs-storage-credentials
mountPath: /opt/heartex/secrets/gcs
readOnly: true
{{- end }}
{{- end }}
{{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
mountPath: /opt/heartex/secrets/pg_certs
{{- end }}
{{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
mountPath: /opt/heartex/secrets/redis_certs
{{- end }}
{{- if .Values.app.extraVolumeMounts }}
{{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
{{- end }}
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-app
- mountPath: /tmp
name: tmp-dir-app
{{- if .Values.metrics.enabled }}
ports:
- name: "djangometrics"
containerPort: 8000
{{- end }}
- name: nginx
image: "{{ .Values.global.image.registry | default "docker.io" }}/{{ .Values.global.image.repository }}:{{ .Values.global.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
{{- if .Values.app.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.app.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args: {{- range .Values.app.nginx.args }}
- {{ . }}
{{- end }}
env:
- name: APP_HOST
value: localhost
{{- include "ls.common.envs" . | nindent 12}}
{{- if .Values.app.nginx.extraEnvironmentVars -}}
{{- range $key, $value := .Values.app.nginx.extraEnvironmentVars }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
value: {{ $value | quote }}
{{- end }}
{{- end }}
{{- if .Values.app.nginx.extraEnvironmentSecrets -}}
{{- range $key, $value := .Values.app.nginx.extraEnvironmentSecrets }}
- name: {{ printf "%s" $key | replace "." "_" | upper | quote }}
valueFrom:
secretKeyRef:
name: {{ $value.secretName }}
key: {{ $value.secretKey }}
{{- end }}
{{- end }}
ports:
- name: {{ .Values.app.service.portName }}
containerPort: 8085
protocol: TCP
lifecycle:
preStop:
exec:
command: [ '/bin/sh', '-c', 'sleep {{ .Values.app.preStopDelaySeconds }}' ]
{{- if .Values.app.nginx.readinessProbe.enabled }}
readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.app.nginx.livenessProbe.enabled }}
livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.app.nginx.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
resources:
{{- toYaml .Values.app.nginx.resources | nindent 12 }}
volumeMounts:
- name: data
mountPath: /label-studio/data
{{- if .Values.app.extraVolumeMounts }}
{{ toYaml .Values.app.extraVolumeMounts | nindent 12 }}
{{- end }}
- mountPath: /opt/heartex/instance-data/etc
name: opt-heartex-nginx
- mountPath: /tmp
name: tmp-dir-nginx
{{- if and .Values.metrics.enabled .Values.metrics.uwsgiExporter.enabled }}
- name: uwsgi-exporter
image: "{{ .Values.metrics.uwsgiExporter.image.repository }}:{{ .Values.metrics.uwsgiExporter.image.tag | default "latest" }}"
imagePullPolicy: {{ .Values.metrics.uwsgiExporter.image.pullPolicy }}
{{- if .Values.metrics.uwsgiExporter.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.metrics.uwsgiExporter.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
args:
- "--stats.uri=http://localhost:1717"
{{- if .Values.metrics.uwsgiExporter.resources }}
resources: {{- toYaml .Values.metrics.uwsgiExporter.resources | nindent 12 }}
{{- end }}
{{- if .Values.metrics.uwsgiExporter.readinessProbe.enabled }}
readinessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.readinessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.metrics.uwsgiExporter.livenessProbe.enabled }}
livenessProbe: {{- include "tplvalues.render" (dict "value" (omit .Values.metrics.uwsgiExporter.livenessProbe "enabled") "context" $) | nindent 12 }}
{{- end }}
ports:
- name: "uwsgimetrics"
containerPort: 9117
{{- end }}
{{- with .Values.app.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
{{- if .Values.app.topologySpreadConstraints }}
topologySpreadConstraints: {{- include "tplvalues.render" (dict "value" .Values.app.topologySpreadConstraints "context" $) | nindent 8 }}
{{- end }}
dnsPolicy: {{ .Values.app.dnsPolicy }}
enableServiceLinks: {{ .Values.app.enableServiceLinks }}
shareProcessNamespace: {{ .Values.app.shareProcessNamespace }}
{{- with .Values.app.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
{{- with .Values.app.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
volumes:
- name: data
{{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "volume") }}
persistentVolumeClaim:
claimName: {{ include "ls-pvc.claimName" . }}
{{- else }}
emptyDir: {}
{{- end }}
{{- if and .Values.global.persistence.enabled (eq .Values.global.persistence.type "gcs") }}
{{- if or .Values.global.persistence.config.gcs.applicationCredentialsJSON (and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey) }}
- name: gcs-storage-credentials
secret:
{{- if and .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecretKey }}
secretName: {{ .Values.global.persistence.config.gcs.applicationCredentialsJSONExistingSecret }}
{{- else }}
secretName: {{ include "ls-secrets.fullname" . }}
{{- end }}
{{- end }}
{{- end }}
{{- if .Values.global.pgConfig.ssl.pgSslSecretName }}
- name: pg-ssl-certs
secret:
secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.pgConfig.ssl.pgSslSecretName "context" $) }}
defaultMode: 0640
{{- end }}
{{- if .Values.global.redisConfig.ssl.redisSslSecretName }}
- name: redis-ssl-certs
secret:
secretName: {{ include "tplvalues.render" ( dict "value" .Values.global.redisConfig.ssl.redisSslSecretName "context" $) }}
defaultMode: 0640
{{- end }}
{{- if .Values.app.extraVolumes -}}
{{- toYaml .Values.app.extraVolumes | nindent 8 }}
{{- end }}
- name: opt-heartex-app
emptyDir: { }
- name: opt-heartex-nginx
emptyDir: { }
- name: opt-heartex-init
emptyDir: { }
- name: tmp-dir-app
emptyDir: { }
- name: tmp-dir-nginx
emptyDir: { }
- name: tmp-dir-init
emptyDir: { }