add nats and s3 for runner

OpenCSGs · Dec 12, 2024 · e9085b7 · e9085b7
1 parent 2b6f90d
commit e9085b7
Show file tree

Hide file tree

Showing 5 changed files with 72 additions and 5 deletions.
diff --git a/docker-compose/docker-compose.yml b/docker-compose/docker-compose.yml
@@ -68,7 +68,7 @@ services:
       REGISTRY_STORAGE_S3_BUCKET: opencsg-registry-storage
       REGISTRY_STORAGE_S3_ENCRYPT: false
       REGISTRY_STORAGE_S3_SECURE: false
-      REGISTRY_STORAGE_S3_REGIONENDPOINT: http://${SERVER_DOMAIN}:9000  # must be accessible from client（such as docker push...）
+      REGISTRY_STORAGE_S3_REGIONENDPOINT: http://${SERVER_DOMAIN}:9000 # must be accessible from client（such as docker push...）
 
   postgres:
     image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/gradescope/postgresql-multiple-databases:14.4
@@ -190,6 +190,12 @@ services:
       STARHUB_SERVER_DOCKER_REG_BASE: ${DOCKER_REGISTRY_SERVER}/${DOCKER_REGISTRY_NS}/
       STARHUB_SERVER_INTERNAL_ROOT_DOMAIN: ${SPACE_APP_NS}.${SPACE_APP_INTERNAL_DOMAIN}:${SPACE_APP_INTERNAL_DOMAIN_PORT}
       STARHUB_SERVER_DOCKER_IMAGE_PULL_SECRET: ${DOCKER_REGISTRY_SECRET} #space-registry-credential
+      STARHUB_SERVER_S3_ENABLE_SSL: false
+      STARHUB_SERVER_S3_ACCESS_KEY_ID: admin
+      STARHUB_SERVER_S3_ACCESS_KEY_SECRET: Password_123
+      STARHUB_SERVER_ARGO_S3_PUBLIC_BUCKET: opencsg-portal-storage
+      STARHUB_SERVER_S3_ENDPOINT: ${SERVER_DOMAIN}:9000
+      OPENCSG_ACCOUNTING_NATS_URL: nats://natsadmin:gALqqbP6SpftVdFzrU2URJ8k1G@natsmaster:4222
     ports:
       - "8082:8082"
     restart: always
@@ -480,7 +486,6 @@ services:
       opencsg:
         ipv4_address: 192.171.100.230
 
-
   temporal:
     image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/temporalio/auto-setup:1.25.1
     depends_on:

diff --git a/docker/etc/profile.d/csghub_config_load.sh b/docker/etc/profile.d/csghub_config_load.sh
@@ -58,6 +58,7 @@ export SPACE_SESSION_SECRET_KEY=${SPACE_SESSION_SECRET_KEY:-c8f771f2a178089b9917
 # Runner Environments
 export STARHUB_SERVER_DOCKER_REG_BASE="${REGISTRY_ADDRESS}/${REGISTRY_NAMESPACE}/"
 export STARHUB_SERVER_DOCKER_IMAGE_PULL_SECRET="${REGISTRY_SECRET:-csghub-docker-config}"
+export STARHUB_SERVER_ARGO_S3_PUBLIC_BUCKET=${S3_PORTAL_BUCKET:-csghub-portal}
 
 # Casdoor Environments
 export CASDOOR_PORT=${CASDOOR_PORT:-"8000"}

diff --git a/helm-chart/charts/csghub/charts/runner/templates/configmap.yaml b/helm-chart/charts/csghub/charts/runner/templates/configmap.yaml
@@ -0,0 +1,34 @@
+{{- /*
+Copyright OpenCSG, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{- $conf := merge .Values.global.minio (omit .Values "global" "exports") }}
+{{- if $conf.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ include "common.names.custom" . }}
+  namespace: {{ .Release.Namespace }}
+  labels: {{ include "common.labels" . | nindent 4 }}
+  annotations: {{ $conf.annotations | toYaml | nindent 4 }}
+data:
+  {{- if .Values.global.minio.enabled }}
+  {{- if .Values.global.ingress.tls.enabled }}
+  STARHUB_SERVER_S3_ENABLE_SSL: "true"
+  {{- else }}
+  STARHUB_SERVER_S3_ENABLE_SSL:  "false"
+  {{- end }}
+  STARHUB_SERVER_S3_ENDPOINT: {{ include "minio.external.endpoint" . | trimPrefix "http://" | trimPrefix "https://" }} # used to generate download links for lfs files
+  STARHUB_SERVER_ARGO_S3_PUBLIC_BUCKET: "csghub-portal"
+  STARHUB_SERVER_S3_REGION: "cn-north-1"
+  {{- else }}
+  {{- with $conf.objectStore }}
+  STARHUB_SERVER_S3_ENDPOINT: {{ .endpoint | trimPrefix "http://" | trimPrefix "https://" }}
+  STARHUB_SERVER_S3_ACCESS_KEY_ID: {{ .accessKey }}
+  STARHUB_SERVER_S3_ACCESS_KEY_SECRET: {{ .accessSecret }}
+  STARHUB_SERVER_ARGO_S3_PUBLIC_BUCKET: {{ .bucket }}
+  STARHUB_SERVER_S3_REGION: {{ .region }}
+  {{- end }}
+  {{- end }}
+
diff --git a/helm-chart/charts/csghub/charts/runner/templates/deployment.yaml b/helm-chart/charts/csghub/charts/runner/templates/deployment.yaml
@@ -89,6 +89,14 @@ spec:
               {{- end }}
             - name: STARHUB_DATABASE_DSN
               value: "postgresql://$(STARHUB_DATABASE_USERNAME):$(POSTGRES_PASSWORD)@$(STARHUB_DATABASE_HOST):$(STARHUB_DATABASE_PORT)/$(STARHUB_DATABASE_NAME)?sslmode=disable"
+            - name: OPENCSG_ACCOUNTING_NATS_URL
+              value: "nats://$(NATS_USERNAME):$(NATS_PASSWORD)@{{ include "nats.internal.domain" . }}:{{ include "nats.internal.ports.api" . }}"
+            {{- if .Values.global.minio.enabled }}
+            - name: STARHUB_SERVER_S3_ACCESS_KEY_ID
+              value: "$(MINIO_ROOT_USER)"
+            - name: STARHUB_SERVER_S3_ACCESS_KEY_SECRET
+              value: "$(MINIO_ROOT_PASSWORD)"
+            {{- end }}
             {{- with $conf.environments }}
             {{- range $key, $value := . }}
             - name: {{ $key }}

diff --git a/helm-chart/charts/csghub/charts/runner/values.yaml b/helm-chart/charts/csghub/charts/runner/values.yaml
@@ -9,7 +9,7 @@ replicas: 1
 ## List of image pull secrets.
 ## Used to pull Docker images from private repositories.
 ## This array is empty by default, meaning no secrets are required by default.
-imagePullSecrets: [ ]
+imagePullSecrets: []
 
 image:
   ## Specifies the location of the Runner Docker image in the Runner.
@@ -66,7 +66,8 @@ podSecurityContext: {}
 
 ## securityContext: Specifies security settings for a specific container within a pod. This can include settings such as -
 ## capabilities, security enhanced Linux (SELinux) options, and whether the container should run as privileged.
-securityContext: {}
+securityContext:
+  {}
   # capabilities:
   #   drop:
   #   - ALL
@@ -97,7 +98,8 @@ annotations: {}
 ## 'limits' specify the maximum amount of CPU and memory the container can use.
 ## 'requests' specify the minimum amount of CPU and memory guaranteed to the container.
 ## If these values are not set, the container could be terminated in a resource-constrained environment or it might not perform as expected.
-resources: {}
+resources:
+  {}
   # limits:
   #   cpu: 100m
   #   memory: 128Mi
@@ -135,3 +137,20 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   ## Uncomment to enable scaling based on memory usage. This sets the target average memory utilization over all the pods.
   # targetMemoryUtilizationPercentage: 80
+objectStore:
+  ## The endpoint URL of the object storage service.
+  endpoint: "http://127.0.0.1:9000"
+  ## The access key ID for authentication with the object storage service.
+  ## This is empty by default and should be provided securely.
+  accessKey: ""
+  ## The secret access key for authentication with the object storage service.
+  ## This is also empty by default and should be provided securely.
+  accessSecret: ""
+  ## The name of the bucket within the object storage service to be used.
+  bucketName: "csghub-portal"
+  ## The region where the bucket is located within the object storage service.
+  region: "cn-north-1"
+  ## Indicates whether SSL should be used for connections to the object storage service.
+  ## Set to "false" by default, meaning connections are not encrypted.
+  ## Change to "true" if you want to enable SSL encryption for added security.
+  ssl: "false"