forked from All-Hands-AI/OpenHands
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #9 from zchn/add-kubernetes-configs
Add Kubernetes configurations for OpenHands deployment
- Loading branch information
Showing
6 changed files
with
170 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,69 @@ | ||
| # OpenHands Kubernetes Deployment | ||
|
|
||
| This directory contains Kubernetes configurations for deploying OpenHands in a Kubernetes cluster. | ||
|
|
||
| ## Components | ||
|
|
||
| - `namespace.yaml`: Creates a dedicated namespace for OpenHands | ||
| - `configmap.yaml`: Contains configuration for OpenHands application | ||
| - `deployment.yaml`: Deploys the OpenHands application container | ||
| - `pvc.yaml`: Persistent Volume Claim for OpenHands state | ||
| - `service.yaml`: Service and Ingress configurations for accessing OpenHands | ||
|
|
||
| ## Prerequisites | ||
|
|
||
| 1. A Kubernetes cluster | ||
| 2. kubectl configured to access your cluster | ||
| 3. Storage class available in your cluster | ||
| 4. Ingress controller installed (if using the provided Ingress configuration) | ||
|
|
||
| ## Deployment Steps | ||
|
|
||
| 1. Create the namespace: | ||
| ```bash | ||
| kubectl apply -f namespace.yaml | ||
| ``` | ||
|
|
||
| 2. Create the ConfigMap: | ||
| ```bash | ||
| kubectl apply -f configmap.yaml | ||
| ``` | ||
|
|
||
| 3. Create the PVC: | ||
| ```bash | ||
| kubectl apply -f pvc.yaml | ||
| ``` | ||
|
|
||
| 4. Deploy the application: | ||
| ```bash | ||
| kubectl apply -f deployment.yaml | ||
| ``` | ||
|
|
||
| 5. Create the Service and Ingress: | ||
| ```bash | ||
| kubectl apply -f service.yaml | ||
| ``` | ||
|
|
||
| Or apply all at once: | ||
| ```bash | ||
| kubectl apply -f . | ||
| ``` | ||
|
|
||
| ## Configuration | ||
|
|
||
| 1. Update `configmap.yaml` with your desired configuration values | ||
| 2. Modify storage class in `pvc.yaml` according to your cluster's available options | ||
| 3. Adjust the Ingress configuration in `service.yaml` based on your cluster's setup | ||
|
|
||
| ## Important Notes | ||
|
|
||
| - The deployment requires access to the Docker socket (`/var/run/docker.sock`) for running sandboxed environments | ||
| - The container runs in privileged mode to access Docker | ||
| - Persistent storage is used to maintain OpenHands state | ||
| - Default storage request is 1Gi, adjust as needed | ||
|
|
||
| ## Security Considerations | ||
|
|
||
| - The deployment runs in privileged mode and has access to the Docker socket. Ensure proper security measures are in place. | ||
| - Consider implementing network policies to restrict pod communication | ||
| - Review and adjust RBAC permissions as needed for your environment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,10 @@ | ||
| apiVersion: v1 | ||
| kind: ConfigMap | ||
| metadata: | ||
| name: openhands-config | ||
| namespace: openhands | ||
| data: | ||
| SANDBOX_RUNTIME_CONTAINER_IMAGE: "docker.all-hands.dev/all-hands-ai/runtime:0.26-nikolaik" | ||
| LOG_ALL_EVENTS: "true" | ||
| # Add other configuration options as needed | ||
| # These can be overridden by environment variables in the deployment |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,38 @@ | ||
| apiVersion: apps/v1 | ||
| kind: Deployment | ||
| metadata: | ||
| name: openhands | ||
| namespace: openhands | ||
| spec: | ||
| replicas: 1 | ||
| selector: | ||
| matchLabels: | ||
| app: openhands | ||
| template: | ||
| metadata: | ||
| labels: | ||
| app: openhands | ||
| spec: | ||
| containers: | ||
| - name: openhands | ||
| image: docker.all-hands.dev/all-hands-ai/openhands:0.26 | ||
| ports: | ||
| - containerPort: 3000 | ||
| envFrom: | ||
| - configMapRef: | ||
| name: openhands-config | ||
| volumeMounts: | ||
| - name: docker-sock | ||
| mountPath: /var/run/docker.sock | ||
| - name: openhands-state | ||
| mountPath: /.openhands-state | ||
| securityContext: | ||
| privileged: true # Required for Docker socket access | ||
| volumes: | ||
| - name: docker-sock | ||
| hostPath: | ||
| path: /var/run/docker.sock | ||
| type: Socket | ||
| - name: openhands-state | ||
| persistentVolumeClaim: | ||
| claimName: openhands-state-pvc |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| apiVersion: v1 | ||
| kind: Namespace | ||
| metadata: | ||
| name: openhands | ||
| labels: | ||
| name: openhands |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| apiVersion: v1 | ||
| kind: PersistentVolumeClaim | ||
| metadata: | ||
| name: openhands-state-pvc | ||
| namespace: openhands | ||
| spec: | ||
| accessModes: | ||
| - ReadWriteOnce | ||
| resources: | ||
| requests: | ||
| storage: 1Gi | ||
| storageClassName: standard # Adjust based on your cluster's available storage classes |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,35 @@ | ||
| apiVersion: v1 | ||
| kind: Service | ||
| metadata: | ||
| name: openhands | ||
| namespace: openhands | ||
| spec: | ||
| selector: | ||
| app: openhands | ||
| ports: | ||
| - port: 3000 | ||
| targetPort: 3000 | ||
| protocol: TCP | ||
| name: http | ||
| type: NodePort # Using NodePort to expose the service externally | ||
| --- | ||
| apiVersion: networking.k8s.io/v1 | ||
| kind: Ingress | ||
| metadata: | ||
| name: openhands | ||
| namespace: openhands | ||
| annotations: | ||
| nginx.ingress.kubernetes.io/proxy-body-size: "0" | ||
| nginx.ingress.kubernetes.io/proxy-read-timeout: "3600" | ||
| nginx.ingress.kubernetes.io/proxy-send-timeout: "3600" | ||
| spec: | ||
| rules: | ||
| - http: | ||
| paths: | ||
| - path: / | ||
| pathType: Prefix | ||
| backend: | ||
| service: | ||
| name: openhands | ||
| port: | ||
| number: 3000 |