deployment.yaml
The system application need to be installed under the user-space namespace. Therefore, certain modifications are required:
Modify the
deployment.yamlfile in the Terminus Application Chart.Change the original namespace of
deploymentandservicetouser-space-{\\{ .Values.bfl.username }}YamlapiVersion: apps/v1 kind: Deployment metadata: name: desktop-dev namespace: user-space-{{ .Values.bfl.username }}Add
annotationsandlabelsaccording to the configuration in thedeployment.yamlfile of the app in Terminus.Yamlmetadata: name: desktop-dev namespace: user-space-{{ .Values.bfl.username }} labels: app: desktop-dev applications.app.bytetrade.io/name: desktop-dev applications.app.bytetrade.io/owner: {{ .Values.bfl.username }} applications.app.bytetrade.io/author: bytetrade.io annotations: applications.app.bytetrade.io/icon: https://docs-dev.jointerminus.com/icon. png applications.app.bytetrade.io/title: Desktop-dev applications.app.bytetrade.io/version: '0.0.1' # Configuration of entrances here should be consistent with the configuration in TerminusManifest.yaml. applications.app.bytetrade.io/entrances: '[{"name":"desktop-frontend-dev", "host":"desktop-svc-dev", "port":80,"title":"Desktop-dev"}]'Modify service
Yaml--- apiVersion: v1 kind: Service metadata: name: desktop-svc-dev namespace: user-space-{{ .Values.bfl.username }} spec: selector: app: desktop-dev ports: - protocol: TCP port: 80 targetPort: 8080 # Please note, the port of the Node.js dev container is 8080. please switch to this port.Modify the section of entrances in
TerminusManifest.yamlYamlentrances: - name: desktop-frontend-dev # Same with annotation in deployment host: desktop-svc-dev # Same with the name in service port: 80 icon: https://file.bttcdn.com/appstore/default/defaulticon.webp title: Desktop-dev authLevel: private openMethod: defaultAdd service to provide
app-serviceinstallation checkYaml# provide `app-service` installation check --- apiVersion: v1 kind: Service metadata: name: desktop-svc-dev # Same with the name in original service namespace: {{ .Release.Namespace }} spec: type: ExternalName externalName: desktop-svc-dev.user-space-{{ .Values.bfl.username }}.svc.cluster.local ports: - protocol: TCP name: desktop port: 80 targetPort: 80If you need to add a
local cacheor require access to theuser directoryinJuiceFS, you can addYamlvolumes: - name: appdata hostPath: type: DirectoryOrCreate path: {{ .Values.userspace.appData }}/desktop-dev - name: userdata hostPath: type: DirectoryOrCreate path: {{ .Values.userspace.userData }}/desktop-dev - name: appcache hostPath: type: DirectoryOrCreate path: {{ .Values.userspace.appCache }}/desktop-dev
Example of a complete deployment.yaml file
YAML
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: desktop-dev
namespace: user-space-{{ .Values.bfl.username }}
labels:
app: desktop-dev
applications.app.bytetrade.io/name: desktop-dev
applications.app.bytetrade.io/owner: {{ .Values.bfl.username }}
applications.app.bytetrade.io/author: bytetrade.io
annotations:
applications.app.bytetrade.io/icon: https://docs-dev.jointerminus.com/icon.png
applications.app.bytetrade.io/title: Desktop-dev
applications.app.bytetrade.io/version: '0.0.1'
applications.app.bytetrade.io/entrances: '[{"name":"desktop-frontend-dev", "host":"desktop-svc-dev", "port":80,"title":"Desktop-dev"}]'
spec:
replicas: 1
selector:
matchLabels:
app: desktop-dev
template:
metadata:
labels:
app: desktop-dev
spec:
volumes:
- name: terminus-sidecar-config
configMap:
name: sidecar-configs
items:
- key: envoy.yaml
path: envoy.yaml
- name: appdata
hostPath:
type: DirectoryOrCreate
path: {{ .Values.userspace.appData }}/desktop-dev
- name: userdata
hostPath:
type: DirectoryOrCreate
path: {{ .Values.userspace.userData }}/desktop-dev
- name: appcache
hostPath:
type: DirectoryOrCreate
path: {{ .Values.userspace.appCache }}/desktop-dev
initContainers:
- name: terminus-sidecar-init
image: openservicemesh/init:v1.2.3
imagePullPolicy: IfNotPresent
securityContext:
privileged: true
capabilities:
add:
- NET_ADMIN
runAsNonRoot: false
runAsUser: 0
command:
- /bin/sh
- -c
- |
iptables-restore --noflush <<EOF
# sidecar interception rules
*nat
:PROXY_IN_REDIRECT - [0:0]
:PROXY_INBOUND - [0:0]
-A PROXY_IN_REDIRECT -p tcp -j REDIRECT --to-port 15003
-A PROXY_INBOUND -p tcp --dport 15000 -j RETURN
-A PROXY_INBOUND -p tcp -j PROXY_IN_REDIRECT
-A PREROUTING -p tcp -j PROXY_INBOUND
COMMIT
EOF
env:
- name: POD_IP
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
containers:
- name: desktop
image: "aboveos/node-ts-dev"
imagePullPolicy: IfNotPresent
ports:
- name: port
containerPort: 8080
protocol: TCP
resources:
requests:
cpu: "50m"
memory: 100Mi
limits:
cpu: "0.5"
memory: 2Gi
volumeMounts:
- name: appdata
mountPath: /opt/code
- name: appcache
mountPath: /root/.config
- name: terminus-envoy-sidecar
image: envoyproxy/envoy-distroless:v1.25.2
imagePullPolicy: IfNotPresent
securityContext:
allowPrivilegeEscalation: false
runAsUser: 1000
ports:
- name: proxy-admin
containerPort: 15000
- name: proxy-inbound
containerPort: 15003
volumeMounts:
- name: terminus-sidecar-config
readOnly: true
mountPath: /etc/envoy/envoy.yaml
subPath: envoy.yaml
command:
- /usr/local/bin/envoy
- --log-level
- debug
- -c
- /etc/envoy/envoy.yaml
env:
- name: POD_UID
valueFrom:
fieldRef:
fieldPath: metadata.uid
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
resources:
requests:
cpu: "50m"
memory: 100Mi
limits:
cpu: "0.5"
memory: 500Mi
---
apiVersion: v1
kind: Service
metadata:
name: desktop-svc-dev
namespace: user-space-{{ .Values.bfl.username }}
spec:
selector:
app: desktop-dev
ports:
- protocol: TCP
port: 80
targetPort: 8080
---
apiVersion: v1
kind: Service
metadata:
name: desktop-svc-dev
namespace: {{ .Release.Namespace }}
spec:
type: ExternalName
externalName: desktop-svc-dev.user-space-{{ .Values.bfl.username }}.svc.cluster.local
ports:
- protocol: TCP
name: desktop
port: 80
targetPort: 80