This project provides a Kubernetes StatefulSet deployment for Gradle Build Cache Nodes in Azure Kubernetes Service (AKS). The setup includes two replicas of the build cache node, a service to expose the cache, an ingress controller for external access, and AzureFile for persistent storage.
- Azure Kubernetes Service (AKS) cluster
- Kubernetes CLI (
kubectl) - Azure CLI (
az) - Docker CLI
gradle-cache-stateful-set.yaml: Defines the StatefulSet for deploying Gradle Build Cache Nodes.service.yaml: Defines the Kubernetes Service on port 5071.ingress.yaml: Defines the Ingress configuration for external access.config.yaml: Custom configuration file for user authentication. Masked by .gitignore. You should have own copy of that.
Note: The manifests are expected to be applied in the build-cache namespace. You can change this as needed.
-
Create a storage account:
az storage account create --resource-group <resource-group> --name <storage-account-name> --location <location> --sku Standard_LRS
-
Create a file share:
az storage share create --account-name <storage-account-name> --name <file-share-name>
-
Get storage account key:
az storage account keys list --resource-group <resource-group> --account-name <storage-account-name>
-
Create Kubernetes secret:
kubectl create secret generic azure-build-cache-secret --from-literal=azurestorageaccountname=<storage-account-name> --from-literal=azurestorageaccountkey=<storage-account-key> -n build-cache
-
Apply StatefulSet:
kubectl apply -f gradle-cache-stateful-set.yaml
-
Apply Service:
kubectl apply -f service.yaml
- Apply Ingress:
kubectl apply -f ingress.yaml
-
Generate salted hash for password:
docker run --interactive --tty gradle/build-cache-node:19.0 hash -
Create
config.yamlwith user credentials: This is complete file exampleversion: 5 # Restrict UI access uiAccess: type: "secure" username: "<UI access user>" password: "<salted-hash passwrod>" # List users to read/write cache cache: accessControl: anonymousLevel: "read" users: <user name/role>: # e.g developer, reader etc. password: "<salted-hash passwrod>" level: "readwrite" note: "Developer to read/write cache"
-
Apply config to StatefulSet:
The details of the applying custom configuration for build cache node is here
- Make a secret for config.yaml file:
kubectl create secret generic gradle-build-cache-config-secret -n build-cache --from-file=config.yaml - You will use it as a volume to mount to InitialContainer
... initContainers: - name: config-mounter image: "busybox:1.33.0" command: [ "sh", "-ce", "cp /tmp/config.yaml /data/conf/config.yaml" ] volumeMounts: - name: tmp-build-cache-config-file mountPath: /tmp - name: build-cache-config-dir mountPath: /data/conf ... - name: tmp-build-cache-config-file secret: secretName: gradle-build-cache-config-secret
- Make a secret for config.yaml file:
-
Find the external IP of your ingress:
kubectl get ingress -n build-cache
-
Access the Gradle Build Cache Node UI:
- Navigate to
http://<external-ip>:5071in your browser.
- Navigate to
- Durability: AzureFile ensures that your data is highly available and durable.
- Simplicity: Easy to use and manage within the Azure ecosystem.
- Flexibility: Can be used by multiple pods concurrently.
Custom configurations are necessary to handle user authentication for pushing cache from a Gradle build. The default Gradle setup poses challenges for saving changes through the UI. To configure a user later, create a special config.yaml file and provide a hash-salted password.
- Ensure all Kubernetes resources are correctly applied.
- Verify the external IP and DNS settings for ingress.
- Check the StatefulSet and Service status using
kubectl get statefulsetsandkubectl get servicesinbuild-cachenamespace.
Feel free to contribute by submitting issues or pull requests.