github.com/containerd/nerdctl/v2@v2.0.0-beta.5.0.20240520001846-b5758f54fa28/examples/nerdctl-ipfs-registry-kubernetes/ipfs-stargz-snapshotter/nerdctl-ipfs-registry.yaml (about)

     1  # Example YAML of IPFS-based node-to-node image sharing
     2  
     3  apiVersion: apps/v1
     4  kind: Deployment
     5  metadata:
     6    name: ipfs-bootstrap
     7  spec:
     8    selector:
     9      matchLabels:
    10        app: ipfs-bootstrap
    11    template:
    12      metadata:
    13        labels:
    14          app: ipfs-bootstrap
    15      spec:
    16        initContainers:
    17          - name: configure-ipfs
    18            image: "ghcr.io/stargz-containers/ipfs/kubo:v0.16.0"
    19            command: ["sh", "/custom/configure-ipfs.sh"]
    20            env:
    21              - name: LIBP2P_FORCE_PNET
    22                value: "1"
    23              - name: IPFS_SWARM_KEY
    24                valueFrom:
    25                  secretKeyRef:
    26                    name: secret-config
    27                    key: ipfs-swarm-key
    28            volumeMounts:
    29              - name: ipfs-storage
    30                mountPath: /data/ipfs
    31              - name: configure-script
    32                mountPath: /custom
    33        containers:
    34          - name: id
    35            image: "ghcr.io/stargz-containers/ipfs/kubo:v0.16.0"
    36            command: ["sh", "/custom/id-server.sh"]
    37            ports:
    38              - name: id
    39                protocol: TCP
    40                containerPort: 8000
    41            volumeMounts:
    42              - name: ipfs-storage
    43                mountPath: /data/ipfs
    44              - name: configure-script
    45                mountPath: /custom
    46          - name: ipfs
    47            image: "ghcr.io/stargz-containers/ipfs/kubo:v0.16.0"
    48            command: ["ipfs", "daemon"]
    49            env:
    50              - name: LIBP2P_FORCE_PNET
    51                value: "1"
    52            ports:
    53              - name: swarm
    54                protocol: TCP
    55                containerPort: 4001
    56            volumeMounts:
    57              - name: ipfs-storage
    58                mountPath: /data/ipfs
    59              - name: configure-script
    60                mountPath: /custom
    61            livenessProbe:
    62              tcpSocket:
    63                port: swarm
    64              initialDelaySeconds: 30
    65              timeoutSeconds: 5
    66              periodSeconds: 15
    67        volumes:
    68          - name: configure-script
    69            configMap:
    70              name: ipfs-bootstrap-conf
    71          - name: ipfs-storage
    72            emptyDir: {}
    73  
    74  ---
    75  
    76  apiVersion: v1
    77  kind: Service
    78  metadata:
    79    name: ipfs-bootstrap
    80    labels:
    81      app: ipfs-bootstrap
    82  spec:
    83    type: ClusterIP
    84    ports:
    85      - name: id
    86        targetPort: id
    87        port: 8000
    88      - name: swarm
    89        targetPort: swarm
    90        port: 4001
    91    selector:
    92      app: ipfs-bootstrap
    93  
    94  ---
    95  
    96  apiVersion: apps/v1
    97  kind: DaemonSet
    98  metadata:
    99    name: ipfs
   100  spec:
   101    selector:
   102      matchLabels:
   103        app: ipfs
   104    template:
   105      metadata:
   106        labels:
   107          app: ipfs
   108      spec:
   109        initContainers:
   110          - name: configure-ipfs
   111            image: "ghcr.io/stargz-containers/ipfs/kubo:v0.16.0"
   112            command: ["sh", "/custom/configure-ipfs.sh"]
   113            env:
   114              - name: BOOTSTRAP_SVC_NAME
   115                value: "ipfs-bootstrap"
   116              - name: LIBP2P_FORCE_PNET
   117                value: "1"
   118              - name: IPFS_SWARM_KEY
   119                valueFrom:
   120                  secretKeyRef:
   121                    name: secret-config
   122                    key: ipfs-swarm-key
   123            volumeMounts:
   124              - name: ipfs-storage
   125                mountPath: /data/ipfs
   126              - name: configure-script
   127                mountPath: /custom
   128        containers:
   129          - name: ipfs
   130            image: "ghcr.io/stargz-containers/ipfs/kubo:v0.16.0"
   131            command: ["ipfs", "daemon"]
   132            env:
   133              - name: LIBP2P_FORCE_PNET
   134                value: "1"
   135            ports:
   136              - name: swarm
   137                protocol: TCP
   138                containerPort: 4001
   139              - name: api
   140                protocol: TCP
   141                containerPort: 5001
   142                hostPort: 5001
   143            volumeMounts:
   144              - name: ipfs-storage
   145                mountPath: /data/ipfs
   146              - name: configure-script
   147                mountPath: /custom
   148            livenessProbe:
   149              tcpSocket:
   150                port: swarm
   151              initialDelaySeconds: 30
   152              timeoutSeconds: 5
   153              periodSeconds: 15
   154          - name: nerdctl-ipfs-registry
   155            image: "ghcr.io/stargz-containers/nerdctl-ipfs-registry:v0.23.0"
   156            command: ["sh", "/custom/nerdctl-ipfs-registry-entrypoint.sh"]
   157            env:
   158              - name: IPFS_PATH
   159                value: "/data/ipfs"
   160            ports:
   161              - containerPort: 5050
   162                hostPort: 5050
   163            volumeMounts:
   164              - name: ipfs-storage
   165                mountPath: /data/ipfs
   166              - name: configure-script
   167                mountPath: /custom
   168        volumes:
   169          - name: configure-script
   170            configMap:
   171              name: ipfs-peer-conf
   172          - name: ipfs-storage
   173            hostPath:
   174              path: /var/ipfs/
   175  
   176  ---
   177  
   178  apiVersion: v1
   179  kind: ConfigMap
   180  metadata:
   181    name: ipfs-peer-conf
   182  data:
   183    nerdctl-ipfs-registry-entrypoint.sh: |
   184      #!/bin/sh
   185      set -eu
   186  
   187      if ! command -v curl &> /dev/null
   188      then
   189          echo "curl not found. installing..."
   190          apt-get update -y && apt-get install -y curl
   191      fi
   192  
   193      # wait for ipfs daemon
   194      ok=false
   195      for i in $(seq 100) ; do
   196          if curl localhost:5001/api/v0/id >/dev/null 2>&1 ; then
   197              ok=true
   198              break
   199          fi
   200          echo "Fail(${i}). Retrying..."
   201          sleep 3
   202      done
   203      if [ "$ok" != "true" ] ; then
   204        echo "failed to detect ipfs api"
   205        exit 1
   206      fi
   207  
   208      exec /usr/local/bin/nerdctl ipfs registry serve --listen-registry 0.0.0.0:5050 --ipfs-address /ip4/127.0.0.1/tcp/5001 --read-retry-num 3 --read-timeout 500ms
   209  
   210    configure-ipfs.sh: |
   211      #!/bin/sh
   212      set -eu -o pipefail
   213  
   214      # wait for bootstrap node running
   215      ok=false
   216      for i in $(seq 100) ; do
   217          if nc -z ${BOOTSTRAP_SVC_NAME} 4001 ; then
   218              ok=true
   219              break
   220          fi
   221          echo "Fail(${i}). Retrying..."
   222          sleep 3
   223      done
   224      if [ "$ok" != "true" ] ; then
   225        echo "failed to detect bootstrap node"
   226        exit 1
   227      fi
   228  
   229      BOOTSTRAP_ID=$(wget -O - ${BOOTSTRAP_SVC_NAME}:8000/id)
   230      if [ "${BOOTSTRAP_ID}" == "" ] ; then
   231        echo "failed to get bootstrap peer id"
   232        exit 1
   233      fi
   234      if [ "${IPFS_SWARM_KEY}" == "" ] || [ "${LIBP2P_FORCE_PNET}" != "1" ] ; then
   235        echo "must be forced to private ipfs network (got LIBP2P_FORCE_PNET=${LIBP2P_FORCE_PNET})"
   236        exit 1
   237      fi
   238  
   239      mkdir -p /data/ipfs
   240      if ! [ -z "$(ls -A /data/ipfs)" ]; then
   241        echo "IPFS already configured on this node; destroying the current repo and refreshing..."
   242        rm -rf /data/ipfs/*
   243      fi
   244  
   245      ipfs init --profile=server
   246      ipfs bootstrap rm --all
   247      ipfs bootstrap add /dns4/${BOOTSTRAP_SVC_NAME}/tcp/4001/ipfs/${BOOTSTRAP_ID}
   248      ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
   249      ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
   250      ipfs config Datastore.StorageMax 100GB
   251      ipfs config Addresses.NoAnnounce --json '[]'
   252      ipfs config Swarm.AddrFilters --json '[]'
   253      echo -n "${IPFS_SWARM_KEY}" > /data/ipfs/swarm.key
   254  
   255  ---
   256  
   257  apiVersion: v1
   258  kind: ConfigMap
   259  metadata:
   260    name: ipfs-bootstrap-conf
   261  data:
   262    id-server.sh: |
   263      #!/bin/sh
   264      set -eu -o pipefail
   265  
   266      if [ ! -f /doc/id ]; then
   267        mkdir /doc
   268        ipfs config show | grep "PeerID" | sed -E 's/.*"PeerID": "([a-zA-Z0-9]*)".*/\1/' > /doc/id
   269      fi
   270      exec httpd -f -p 8000 -h /doc
   271  
   272    configure-ipfs.sh: |
   273      #!/bin/sh
   274      set -eu -o pipefail
   275  
   276      if [ "${IPFS_SWARM_KEY}" == "" ] || [ "${LIBP2P_FORCE_PNET}" != "1" ] ; then
   277        echo "must be forced to private ipfs network (got LIBP2P_FORCE_PNET=${LIBP2P_FORCE_PNET})"
   278      fi
   279  
   280      mkdir -p /data/ipfs
   281      if ! [ -z "$(ls -A /data/ipfs)" ]; then
   282        echo "IPFS already configured on this node; destroying the current repo and refreshing..."
   283        rm -rf /data/ipfs/*
   284      fi
   285  
   286      ipfs init --profile=server
   287      ipfs bootstrap rm --all
   288      ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
   289      ipfs config Addresses.Gateway /ip4/0.0.0.0/tcp/8080
   290      ipfs config Addresses.NoAnnounce --json '[]'
   291      ipfs config Swarm.AddrFilters --json '[]'
   292      ipfs config Datastore.StorageMax 1GB
   293      echo -n "${IPFS_SWARM_KEY}" > /data/ipfs/swarm.key