feat(miner-deployment): add Kubernetes StatefulSet + Secret example for AMS fleet-mode#5258
Conversation
…or AMS fleet-mode Add k8s/ example manifests so an operator can deploy N isolated miner workers with kubectl instead of hand-rolling manifests or being limited to docker run/compose (JSONbored#5181). Uses a StatefulSet (not a Deployment) with volumeClaimTemplates so each replica gets its OWN PersistentVolumeClaim — the miner's local SQLite ledgers are not safe for concurrent multi-pod access, so per-pod isolated storage is the safety property. Built on the existing Dockerfile image (entrypoint gittensory-miner, continuous 'run' worker, /data/miner state). Ships a Secret template (GITHUB_TOKEN + optional provider keys), a k8s/README.md deploy/scale guide, and a validation test asserting well-formed manifests pass, a malformed one fails, and the per-pod-storage invariant holds (no shared PVC across replicas). Packaging only — no runtime/governor/claim control-flow touched. Closes JSONbored#5181
|
Superagent didn't find any vulnerabilities or security issues in this PR. |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #5258 +/- ##
=======================================
Coverage 94.36% 94.36%
=======================================
Files 474 474
Lines 40081 40081
Branches 14614 14614
=======================================
Hits 37821 37821
Misses 1585 1585
Partials 675 675
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
|
Tip 🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩 ✅ Gittensory review result - approve/merge recommendedReview updated: 2026-07-12 12:11:08 UTC
✅ Suggested Action - Approve/Merge
Review summary Nits — 5 non-blocking
Linked issue satisfactionAddressed Review context
Contributor next steps
Signal definitions
[BETA] Chat with GittensoryAsk Gittensory a question about this PR directly in a comment — grounded only in the same cached, public-safe facts shown above, never a new claim.
Full command reference: https://gittensory.aethereal.dev/docs/gittensory-commands 🟩 Safe / merged · 🟦 Advisory · 🟨 Held for review · 🟥 Blocked / closed 💰 Earn for open-source contributions like this. Gittensor lets GitHub contributors earn for the work they already do — register to start earning →. Checked by Gittensory, a quiet PR intelligence layer for OSS maintainers.
|
Adds
k8s/example manifests so an operator can run N isolated miner workers on a small cluster withkubectl(#5181), built on the existingpackages/gittensory-miner/Dockerfileimage.Why a StatefulSet (not a Deployment)
The miner keeps all state in local SQLite ledgers not safe for concurrent multi-pod access, so each replica needs its OWN volume. A Deployment shares one PVC across replicas; a StatefulSet's
volumeClaimTemplatesgive each replica its own — the per-pod-isolation safety property this issue requires.Contents
k8s/miner-deployment.yaml— StatefulSet: configurablereplicas, per-podvolumeClaimTemplatefor/data/miner, non-root securityContext withrunAsGroup/fsGroup(so the worker can write its PVC), resource requests/limits, continuousrunworker, secret-referencedGITHUB_TOKEN(+ optional provider keys).k8s/miner-secret.example.yaml—Secrettemplate with empty values (real values go in out-of-band viakubectl create secret --from-literal, never committed).k8s/README.md— deploy sequence, scaling, and the StatefulSet/fsGroup rationale.Validation
test/unit/miner-k8s-manifests.test.ts(7 tests): the real manifests are well-formed Kubernetes (StatefulSet + Secret), a deliberately malformed manifest fails the structural validator, and the per-pod-storage invariant holds (hasvolumeClaimTemplates; rejects a shared-PVC config and a no-volumeClaimTemplates config).tsctypecheck clean; prettier-clean. Static infra only — nosrc/**logic, no runtime/governor/claim control-flow touched.Closes #5181