From cbea46632e6acea886e3ad5b28d414c3819a5a8c Mon Sep 17 00:00:00 2001 From: jackyliu Date: Tue, 16 Jun 2026 01:11:46 +0000 Subject: [PATCH] chore: sync local changes --- .gitignore | 4 -- AGENTS.md | 10 ++-- README.md | 51 +++++++++---------- apps/code-server/README.md | 10 ++-- apps/code-server/base/deployment.yaml | 2 +- packages/code-server/README.md | 4 +- .../k3s-hami-v4/kustomization.yaml | 2 +- .../post-renders/k3s-hami/kustomization.yaml | 2 +- 8 files changed, 40 insertions(+), 45 deletions(-) diff --git a/.gitignore b/.gitignore index 5784328..d524185 100644 --- a/.gitignore +++ b/.gitignore @@ -7,7 +7,3 @@ tmp/ *.log .env .env.* -!.env.example -!*.env.example -!**/*.env.example -!**/.env.*.example diff --git a/AGENTS.md b/AGENTS.md index b63f6fa..0301147 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -7,11 +7,11 @@ This file is the execution guide for `ocdp-workload-manifests`. - Treat this project as a plain app manifests repository. - Do not store OCDP WorkloadTemplate records here; they belong in `ocdp-server` PostgreSQL. -- Do not store user WorkloadClaim instances here; they belong in target-cluster +- Do not store user Workload instances here; they belong in target-cluster CRs created through `ocdp-server`. - Keep reusable Kubernetes resources under `apps/*/base`. - Keep optional Kustomize components under `apps/*/components`. -- Keep Helm post-render presets under `packages/*/presets/*`. +- Keep Helm post-renders under `packages/*/post-renders/*`. - Keep per-deployment runtime values out of this repository. They belong in temporary source files or runtime specs generated by `ocdp-server`. - Use `tests/kustomize/*` only for generic validation overlays, never for real @@ -23,19 +23,19 @@ This file is the execution guide for `ocdp-workload-manifests`. - Do not add a global catalog index unless the server explicitly needs one later. - `ocdp-server` WorkloadTemplate records may reference Helm charts plus - `source.preset.repositoryUrl/ref/path`. + `source.postRender.repositoryUrl/ref/path`. - Runtime source generation may render Helm, create Secret, ConfigMap, and patch files, then run Kustomize. - Bases should stay template-free YAML. - App bases should keep Services internally reachable; expose apps from - WorkloadClaim top-level intent such as `exposure=internal` or + Workload top-level intent such as `exposure=internal` or `exposure=external`, rendered by the agent/template path. Components such as `service-nodeport`, `service-loadbalancer`, or `ingress` are implementation building blocks, not the user-facing contract. - Environment overlays are platform/admin choices for cluster- or site-level differences such as StorageClass, IngressClass, GPU runtime, registry prefix, pull secrets, node selectors, tolerations, and site labels. -- NodePort numbers should be assigned per claim by Kubernetes, not hard-coded in +- NodePort numbers should be assigned per workload by Kubernetes, not hard-coded in reusable app bases or components. ## Validation diff --git a/README.md b/README.md index c835228..55d1490 100644 --- a/README.md +++ b/README.md @@ -1,11 +1,11 @@ # ocdp-workload-manifests -Standalone Kubernetes manifests and post-render presets for OCDP workloads. +Standalone Kubernetes manifests and post-renders for OCDP workloads. This repository is intentionally just a Git repository of app manifests. There is no global catalog index and no dependency on the Gitea API. `ocdp-server` stores the template contract; the operator renders Helm sources and then applies -Kustomize presets from this repository. +Kustomize postRenders from this repository. ## Architecture @@ -15,36 +15,35 @@ OCDP keeps the responsibilities split: Git repo apps//base apps//components - packages//presets/ + packages//post-renders/ kustomization.yaml userInputs.yaml ocdp-server PostgreSQL WorkloadTemplate metadata WorkloadTemplate Helm source - WorkloadTemplate source.preset.repositoryUrl/ref/path + WorkloadTemplate source.postRender.repositoryUrl/ref/path user-facing values schema / parameters access bindings - no WorkloadClaim instance storage + no Workload instance storage target cluster - WorkloadClaim CR as the canonical user claim - Workload CR + Workload CR as the canonical user workload runtime Kubernetes resources ``` -This repository stores Git bases, reusable components, and Kustomize presets. +This repository stores Git bases, reusable components, and Kustomize postRenders. For Helm-backed workloads, the operator runs `helm template` first, writes that -output as `rendered.yaml`, then renders the selected preset with Workload -`spec.values`. A preset may include `userInputs.yaml` so admins can see which +output as `rendered.yaml`, then renders the selected postRender with Workload +`spec.values`. A postRender may include `userInputs.yaml` so admins can see which values should become the WorkloadTemplate user-facing parameter schema. This metadata file is not a Kubernetes resource and is not referenced by Kustomize. An admin creates or updates a `WorkloadTemplate` in `ocdp-server`. That template -can point at a Helm chart plus one of these Git presets: +can point at a Helm chart plus one of these Git postRenders: ```yaml -templateType: kustomize +templateType: composite source: type: helm repositoryUrl: https://kuoss.github.io/helm-charts @@ -58,7 +57,7 @@ source: persistence: enabled: true size: 20Gi - preset: + postRender: type: kustomize repositoryUrl: https://gitea.example.com/ocdp/ocdp-workload-manifests.git ref: main @@ -66,11 +65,11 @@ source: ``` After the template is stored in PostgreSQL and assigned to users or groups, users -call `ocdp-server` to create a claim by submitting `templateId`, `workspaceId`, +call `ocdp-server` to create a workload by submitting `templateId`, `workspaceId`, and values. `ocdp-server` resolves the template from PostgreSQL and writes a -`WorkloadClaim` CR into the target Kubernetes cluster. The operator renders Helm -with the resolved values, applies the Kustomize preset, and then applies the -final Kubernetes resources. The final user-created claim lives in Kubernetes, +`Workload` CR into the target Kubernetes cluster. The operator renders Helm +with the resolved values, applies the Kustomize postRender, and then applies the +final Kubernetes resources. The final user-created workload lives in Kubernetes, not in PostgreSQL. ## Layout @@ -101,7 +100,7 @@ tests/ ## Server Usage -`ocdp-server` should store a Helm source plus a Kustomize preset reference: +`ocdp-server` should store a Helm source plus a Kustomize postRender reference: ```yaml source: @@ -110,7 +109,7 @@ source: chart: code-server version: 3.16.1 releaseName: "{{ name }}" - preset: + postRender: type: kustomize repositoryUrl: https://gitea.example.com/ocdp/ocdp-workload-manifests.git ref: main @@ -118,16 +117,16 @@ source: ``` For one deployment, `ocdp-server` stores the Helm chart reference, static Helm -values, preset reference, and the template value contract. The preset renders -with Workload `spec.values`, so environment-specific implementation details -should live in the selected preset instead of in the WorkloadTemplate create -form. +values, postRender reference, and the template value contract. The postRender +renders with Workload `spec.values`, so environment-specific implementation +details should live in the selected postRender instead of in the WorkloadTemplate +create form. ## Exposure -Base services should stay internally reachable unless an environment preset +Base services should stay internally reachable unless an environment postRender intentionally changes the Service shape. For standard self-service workloads, -exposure is an admin preset decision and a user read view, not a user claim +exposure is an admin postRender decision and a user read view, not a user workload input. Reusable components are still useful implementation building blocks: @@ -137,7 +136,7 @@ Reusable components are still useful implementation building blocks: - `components/service-loadbalancer`: change the app Service to `LoadBalancer`. - `components/service-nodeport`: change the app Service to `NodePort`. -When a preset needs NodePort, it may leave the concrete nodePort for Kubernetes +When a postRender needs NodePort, it may leave the concrete nodePort for Kubernetes to allocate: ```yaml diff --git a/apps/code-server/README.md b/apps/code-server/README.md index c2b8653..433f042 100644 --- a/apps/code-server/README.md +++ b/apps/code-server/README.md @@ -8,15 +8,15 @@ The OCDP self-service code-server flow is Helm-backed now: ```text Helm chart -> operator helm template - -> packages/code-server/presets/k3s-hami + -> packages/code-server/post-renders/k3s-hami -> final Kubernetes resources ``` -The environment-specific preset lives in -`packages/code-server/presets/k3s-hami`. That preset owns the platform image +The environment-specific postRender lives in +`packages/code-server/post-renders/k3s-hami`. That postRender owns the platform image `harbor.bwgdi.com/library/earth2studio-demo:v6`, registry pull secret, HAMi scheduler, Service shape, code-server auth mode, and GPU resource keys. Users only fill CPU, memory, GPU count, and GPU memory. See -`packages/code-server/presets/k3s-hami/userInputs.yaml` for the values schema -that the console should render into the WorkloadClaim form. +`packages/code-server/post-renders/k3s-hami/userInputs.yaml` for the values schema +that the console should render into the Workload form. diff --git a/apps/code-server/base/deployment.yaml b/apps/code-server/base/deployment.yaml index 0db3196..3755bfc 100644 --- a/apps/code-server/base/deployment.yaml +++ b/apps/code-server/base/deployment.yaml @@ -20,7 +20,7 @@ spec: app.kubernetes.io/part-of: ocdp-workload spec: imagePullSecrets: - - name: regcred + - name: harbor-regcred schedulerName: hami-scheduler securityContext: fsGroup: 1000 diff --git a/packages/code-server/README.md b/packages/code-server/README.md index d0fa3cb..865f1cf 100644 --- a/packages/code-server/README.md +++ b/packages/code-server/README.md @@ -16,7 +16,7 @@ Helm chart + resolved values environment-managed choices: - image: `harbor.bwgdi.com/library/earth2studio-demo:v6` -- pull secret: `regcred` +- pull secret: `harbor-regcred` - scheduler: `hami-scheduler` - HAMi resource limit keys: `nvidia.com/gpu` and `nvidia.com/gpumem` - NodePort Service on port `80` @@ -29,6 +29,6 @@ start so the mounted volume does not hide the demo files baked into the image. `post-renders/k3s-hami/userInputs.yaml` is the user-facing value contract. Users only choose CPU, memory, GPU count, and GPU memory. The console renders these -fields as the WorkloadClaim form; the operator receives the resolved values on +fields as the Workload form; the operator receives the resolved values on the Workload CR and applies the postRender patches. Storage, exposure, image, scheduler, pull secret, and code-server auth mode stay in the admin postRender. diff --git a/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml b/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml index 4e4fb7b..242a63e 100644 --- a/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml +++ b/packages/code-server/post-renders/k3s-hami-v4/kustomization.yaml @@ -26,7 +26,7 @@ patches: app.kubernetes.io/part-of: ocdp-workload spec: imagePullSecrets: - - name: regcred + - name: harbor-regcred schedulerName: hami-scheduler securityContext: fsGroup: 1000 diff --git a/packages/code-server/post-renders/k3s-hami/kustomization.yaml b/packages/code-server/post-renders/k3s-hami/kustomization.yaml index 5dd88f9..0f5a185 100644 --- a/packages/code-server/post-renders/k3s-hami/kustomization.yaml +++ b/packages/code-server/post-renders/k3s-hami/kustomization.yaml @@ -26,7 +26,7 @@ patches: app.kubernetes.io/part-of: ocdp-workload spec: imagePullSecrets: - - name: regcred + - name: harbor-regcred schedulerName: hami-scheduler securityContext: fsGroup: 1000