This project contains all necessary dockerfile and yaml files that used provision the mindspore community:
├── development #contains all developing files (helm charts, init scripts, dockerfile)
└── production #contains the final yaml file that will be used in our production environment.
All of the components are deployed via ArgoCD,
Website: https://dev-deploy.mindspore.cn.
NOTE: The ArgoCD will use the pod name as default admin password, in order to keep the consistency, we patched the password via command:
kubectl patch secret -n argocd argocd-secret -p '{"stringData": { "admin.password": "'$(htpasswd -bnBC 10 "" realpassword | tr -d ':\n')'"}}'
Vault server used to hold all sensitive secrets that used in the infrastructure. In order to enable tls support, the
certificate secrets vault-secret is required.
kubectl create secret generic vault-secret --from-file=./server.key --from-file=./server.crt -n vault
Website: http://dev-secrets.mindspore.cn.
It's based on secret manager that holds and converts all vault secrets.
Secrets manager will sync specified secrets from vault server to k8s secret resource according to the CRD resource,
it use AppRole to retrieve all secrets, therefore we need create appropriate approle on vault manually before deploying.
- enable vault approle
vault auth enable approle
- create policies for secrets manager
cat > mindspore-secrets-manager.hcl <<EOF
path "secret/data/mindspore/*" {
capabilities = ["read"]
}
EOF
cat mindspore-secrets-manager.hcl | vault policy write mindspore-secrets-manager -
- create vault role
vault write auth/approle/role/mindspore-secret-manager policies=mindspore-secret-manager secret_id_num_uses=0 secret_id_ttl=0
- get role id and secret id
vault read --field role_id auth/approle/role/mindspore-secrets-manager/role-id
vault write --field secret_id -force auth/approle/role/mindspore-secrets-manager/secret-id
- create secret for secrets manager
kubectl create secret generic vault-approle-secret --from-literal role_id=<role-id> --from-literal secret_id=<secret-id>
It's based on the Docker mailman, but all components are upgraded into k8s version.
Website: https://mailweb.mindspore.cn.
It's used to record all meeting minutes happened on #mindspore-discuss and #mindspore-sc, minutes can be found
at here
It's based on Jenkins Helm chart within all slave nodes are configured via StatefulSets and will register them self when starting up.
Website: http://build.mindspore.cn for more detail.
It's mindspore's official website, please visit https://wwww.mindspore.cn
It's based on kubernetess' prow system, but some features are trimmed.
There are two containers inside, one is nginx with fancy index module and the other is rsync server, please visit official repo website
Now all mindspore components are deployed into two HuaweiCloud k8s clusters[CCE]. They are:
-
CCE on cn-north-1 which are all x86 based nodes
-
CCE on cn-north-4 which are all arm based nodes