From e5179c9aff1a7862d63732f635f21d0b36431e97 Mon Sep 17 00:00:00 2001 From: this-is-tobi Date: Thu, 16 May 2024 22:47:40 +0200 Subject: [PATCH] feat: :sparkles: add cnpg deployment option in console chart --- charts/dso-console/Chart.yaml | 3 +- charts/dso-console/README.md | 39 +++++++++-- charts/dso-console/templates/_helpers.tpl | 23 +++++-- .../templates/client/deployment.yaml | 4 +- .../templates/cnpg/pg-cluster.yaml | 50 ++++++++++++++ .../templates/cnpg/scheduled-backup.yaml | 13 ++++ .../templates/server/deployment.yaml | 4 +- charts/dso-console/values.yaml | 68 +++++++++++++++++-- 8 files changed, 178 insertions(+), 26 deletions(-) create mode 100644 charts/dso-console/templates/cnpg/pg-cluster.yaml create mode 100644 charts/dso-console/templates/cnpg/scheduled-backup.yaml diff --git a/charts/dso-console/Chart.yaml b/charts/dso-console/Chart.yaml index 5bf0cee..3bb8500 100644 --- a/charts/dso-console/Chart.yaml +++ b/charts/dso-console/Chart.yaml @@ -2,11 +2,12 @@ apiVersion: v2 name: cpn-console description: A Helm chart to deploy Cloud Pi Native Console type: application -version: 1.1.4 +version: 1.2.0 appVersion: 8.3.0 keywords: [] home: https://cloud-pi-native.fr sources: + - https://github.com/cloud-pi-native/helm-charts - https://github.com/cloud-pi-native/console dependencies: - name: postgresql diff --git a/charts/dso-console/README.md b/charts/dso-console/README.md index 21524cf..b94aa41 100644 --- a/charts/dso-console/README.md +++ b/charts/dso-console/README.md @@ -1,6 +1,6 @@ # cpn-console -![Version: 1.1.4](https://img.shields.io/badge/Version-1.1.4-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.3.0](https://img.shields.io/badge/AppVersion-8.3.0-informational?style=flat-square) +![Version: 1.2.0](https://img.shields.io/badge/Version-1.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 8.3.0](https://img.shields.io/badge/AppVersion-8.3.0-informational?style=flat-square) A Helm chart to deploy Cloud Pi Native Console @@ -14,6 +14,7 @@ A Helm chart to deploy Cloud Pi Native Console ## Source Code +* * ## Requirements @@ -38,7 +39,7 @@ A Helm chart to deploy Cloud Pi Native Console | client.container.port | int | `8080` | Console CPN client container port. | | client.container.securityContext | object | `{}` | Toggle and define container-level security context. | | client.env | object | `{}` | Console CPN client container env variables, it will be injected into a configmap and loaded into the container. | -| client.extraContainers | string | `nil` | Extra containers to add to the Console CPN client pod as sidecars. | +| client.extraContainers | list | `[]` | Extra containers to add to the Console CPN client pod as sidecars. | | client.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes). | | client.extraVolumes | list | `[]` | List of extra volumes to add. | | client.healthcheckPath | string | `"/"` | Console CPN client container healthcheck endpoint. | @@ -64,7 +65,10 @@ A Helm chart to deploy Cloud Pi Native Console | client.readinessProbe.successThreshold | int | `2` | Minimum consecutive successes for the probe to be considered successful after having failed. | | client.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | | client.replicaCount | int | `1` | The number of application controller pods to run. | -| client.resources | object | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"128Mi"}}` | Resource limits and requests for the Console CPN client. | +| client.resources.limits.cpu | string | `"500m"` | CPU limit for the Console CPN client. | +| client.resources.limits.memory | string | `"512Mi"` | Memory limit for the Console CPN client. | +| client.resources.requests.cpu | string | `"250m"` | CPU request for the Console CPN client. | +| client.resources.requests.memory | string | `"128Mi"` | Memory request for the Console CPN client. | | client.secrets | object | `{}` | Console CPN client container env secrets, it will be injected into a secret and loaded into the container. | | client.service.port | int | `80` | Console CPN client service port. | | client.service.type | string | `"ClusterIP"` | Console CPN client service type. | @@ -76,10 +80,29 @@ A Helm chart to deploy Cloud Pi Native Console | client.startupProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | | client.strategy.type | string | `"RollingUpdate"` | Strategy type used to replace old Pods by new ones, can be "Recreate" or "RollingUpdate". | | client.tolerations | list | `[]` | Default tolerations for Console CPN client. | +| cnpg.annotations | object | `{}` | Additional cnpg cluster annotations. | +| cnpg.backup.cron | string | `"0 */6 * * * *"` | The cron rule used for cnpg backups. By default it runs every 6 hours. | +| cnpg.backup.destinationPath | string | `""` | S3 destination path for cnpg backups (it should be set like `s3:///`). | +| cnpg.backup.enabled | bool | `false` | Whether or not cnpg cluster deployment should be enabled. | +| cnpg.backup.endpointCA.key | string | `""` | The secret key containing S3 CA for cnpg backups. | +| cnpg.backup.endpointCA.name | string | `""` | The secret name containing S3 CA for cnpg backups. | +| cnpg.backup.endpointURL | string | `""` | S3 endpoint for cnpg backups. | +| cnpg.backup.retentionPolicy | string | `"30d"` | Retention policy for cnpg backups recurrences. | +| cnpg.backup.s3Credentials.accessKeyId.key | string | `""` | S3 accessKeyId kubernetes secret key used for cnpg backups. | +| cnpg.backup.s3Credentials.accessKeyId.name | string | `""` | S3 accessKeyId kuebernetes secret name used for cnpg backups. | +| cnpg.backup.s3Credentials.secretAccessKey.key | string | `""` | S3 secretAccessKey kubernetes secret key used for cnpg backups. | +| cnpg.backup.s3Credentials.secretAccessKey.name | string | `""` | S3 secretAccessKey kuebernetes secret name used for cnpg backups. | +| cnpg.dbName | string | `"dso-console-db"` | Name of the database. | +| cnpg.enableSuperuserAccess | bool | `true` | Enable superuser access. | +| cnpg.enabled | bool | `false` | Whether or not cnpg cluster deployment should be enabled. | +| cnpg.instances | int | `3` | Number of instances to spawn in the cluster. | +| cnpg.primaryUpdateStrategy | string | `"unsupervised"` | Rolling update strategy used : unsupervised: automated update of the primary once all replicas have been upgraded (default) supervised: requires manual supervision to perform the switchover of the primary | +| cnpg.pvcSize | string | `"10Gi"` | Size of the PVC used by each cnpg instance. | +| cnpg.username | string | `"dso"` | Username of the database user. | | config.create | bool | `false` | Whether or not helm should create the console config. | | config.name | string | `"dso-config"` | Name of the genrated config. | | config.projectsRootDir | string | `"forge"` | Projects root directory to use in other services such as Gitlab, etc. | -| config.secrets | string | `nil` | Secrets to inject into the configuration. It is needed for server to get services informations such as urls, admin username, admin password or token, etc. | +| config.secrets | object | `{}` | Secrets to inject into the configuration. It is needed for server to get services informations such as urls, admin username, admin password or token, etc. | | fullnameOverride | string | `""` | String to fully override the default application name. | | global.env | object | `{"NODE_ENV":"production"}` | Map of environment variables to inject into backend and frontend containers. | | global.keycloak.clientIds.backend | string | `"console-backend"` | Keycloak clientId used for Console CPN client. | @@ -153,11 +176,10 @@ A Helm chart to deploy Cloud Pi Native Console | server.dbDataCm | string | `""` | Name of the configmap with javascript data that need to be imported by the server at start up. | | server.disabledPlugins | string | `""` | CSV list of plugins to disabled. | | server.env | object | `{}` | Console CPN server container env variables, it will be injected into a configmap and loaded into the container. | -| server.extraCa | object | `{"key":"","mountSubPath":"ca_certs","name":""}` | Extra certificate to add to the container, it should be provide as a configmap. | | server.extraCa.key | string | `""` | The key to lookup. | | server.extraCa.mountSubPath | string | `"ca_certs"` | The path inside the container where the certificate file should be mount. This is a native Nodejs environment variable to extends certificates, see: https://nodejs.org/api/cli.html#node_extra_ca_certsfile. This mount path represent the subpath to use under the `/config` config root path. | | server.extraCa.name | string | `""` | The name of the configmap in namespace where certificates are stored. | -| server.extraContainers | string | `nil` | Extra containers to add to the Console CPN server pod as sidecars. | +| server.extraContainers | list | `[]` | Extra containers to add to the Console CPN server pod as sidecars. | | server.extraVolumeMounts | list | `[]` | List of extra mounts to add (normally used with extraVolumes) | | server.extraVolumes | list | `[]` | List of extra volumes to add. | | server.healthcheckPath | string | `"/api/v1/healthz"` | Console CPN server container healthcheck endpoint. | @@ -184,7 +206,10 @@ A Helm chart to deploy Cloud Pi Native Console | server.readinessProbe.successThreshold | int | `2` | Minimum consecutive successes for the probe to be considered successful after having failed. | | server.readinessProbe.timeoutSeconds | int | `5` | Number of seconds after which the probe times out. | | server.replicaCount | int | `1` | The number of application controller pods to run. | -| server.resources | object | `{"limits":{"cpu":"500m","memory":"512Mi"},"requests":{"cpu":"250m","memory":"128Mi"}}` | Resource limits and requests for the Console CPN server. | +| server.resources.limits.cpu | string | `"500m"` | CPU limit for the Console CPN server. | +| server.resources.limits.memory | string | `"512Mi"` | Memory limit for the Console CPN server. | +| server.resources.requests.cpu | string | `"250m"` | CPU request for the Console CPN server. | +| server.resources.requests.memory | string | `"128Mi"` | Memory request for the Console CPN server. | | server.secrets | object | `{}` | Console CPN server container env secrets, it will be injected into a secret and loaded into the container. | | server.service.port | int | `80` | Console CPN server service port. | | server.service.type | string | `"ClusterIP"` | Console CPN server service type. | diff --git a/charts/dso-console/templates/_helpers.tpl b/charts/dso-console/templates/_helpers.tpl index a557c24..7929963 100644 --- a/charts/dso-console/templates/_helpers.tpl +++ b/charts/dso-console/templates/_helpers.tpl @@ -5,6 +5,7 @@ Expand the name of the chart. {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} {{- end }} + {{/* Create chart name and version as used by the chart label. */}} @@ -12,6 +13,7 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} {{- end }} + {{/* Create the name of the service account to use */}} @@ -23,6 +25,7 @@ Create the name of the service account to use {{- end }} {{- end }} + {{/* Create image pull secret */}} @@ -32,6 +35,7 @@ Create image pull secret {{- end }} {{- end }} + {{/* Create container environment variables from configmap */}} @@ -41,6 +45,7 @@ Create container environment variables from configmap {{- end }} {{- end }} + {{/* Create container environment variables from secret */}} @@ -50,6 +55,7 @@ Create container environment variables from secret {{- end }} {{- end }} + {{/* Define a file checksum to trigger rollout on configmap of secret change */}} @@ -62,6 +68,7 @@ checksum/{{ $resourceType.metadata.name }}: {{ $resourceType.data | toYaml | sha {{- end -}} {{- end -}} + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -80,27 +87,29 @@ If release name contains chart name it will be used as a full name. {{- end }} {{- end }} + {{/* Common labels */}} -{{- define "cpnConsole.client.labels" -}} +{{- define "cpnConsole.common.labels" -}} helm.sh/chart: {{ include "cpnConsole.chart" . }} -{{ include "cpnConsole.client.selectorLabels" . }} {{- if .Chart.AppVersion }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} +{{- define "cpnConsole.client.labels" -}} +{{ include "cpnConsole.common.labels" . }} +{{ include "cpnConsole.client.selectorLabels" . }} +{{- end }} + {{- define "cpnConsole.server.labels" -}} -helm.sh/chart: {{ include "cpnConsole.chart" . }} +{{ include "cpnConsole.common.labels" . }} {{ include "cpnConsole.server.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end }} + {{/* Selector labels */}} diff --git a/charts/dso-console/templates/client/deployment.yaml b/charts/dso-console/templates/client/deployment.yaml index 495955f..d2feafc 100644 --- a/charts/dso-console/templates/client/deployment.yaml +++ b/charts/dso-console/templates/client/deployment.yaml @@ -35,7 +35,7 @@ spec: {{- toYaml .Values.client.podSecurityContext | nindent 8 }} {{- if .Values.client.initContainers }} initContainers: - {{- toYaml .Values.client.initContainers | nindent 8 }} + {{- tpl(toYaml .Values.client.initContainers) . | nindent 8 }} {{- end }} containers: - name: client @@ -110,7 +110,7 @@ spec: mountPath: {{ $volumeMount.mountPath }} {{- end }} {{- if .Values.client.extraContainers }} - {{- toYaml .Values.client.extraContainers | nindent 8 }} + {{- tpl(toYaml .Values.client.extraContainers) . | nindent 8 }} {{- end }} {{- with .Values.client.nodeSelector }} nodeSelector: diff --git a/charts/dso-console/templates/cnpg/pg-cluster.yaml b/charts/dso-console/templates/cnpg/pg-cluster.yaml new file mode 100644 index 0000000..64dee3a --- /dev/null +++ b/charts/dso-console/templates/cnpg/pg-cluster.yaml @@ -0,0 +1,50 @@ +{{- if .Values.cnpg.enabled }} +apiVersion: postgresql.cnpg.io/v1 +kind: Cluster +metadata: + name: {{ include "cpnConsole.fullname" . }}-pg-cluster + labels: + {{- include "cpnConsole.common.labels" . | nindent 4 }} + annotations: + {{- with .Values.cnpg.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + instances: {{ .Values.cnpg.instances }} + {{- if .Values.cnpg.imageName }} + imageName: {{ .Values.cnpg.imageName }} + {{- end }} + postgresql: + {{- if .Values.cnpg.imageName }} + image: {{ .Values.cnpg.imageName }} + {{- end }} + parameters: + max_worker_processes: "60" + pg_hba: + - {{ printf "%s %s %s %s %s" "host" .Values.cnpg.dbName .Values.cnpg.username "all" "md5" }} + bootstrap: + initdb: + database: {{ .Values.cnpg.dbName }} + owner: {{ .Values.cnpg.username }} + enableSuperuserAccess: {{ .Values.cnpg.enableSuperuserAccess }} + primaryUpdateStrategy: {{ .Values.cnpg.primaryUpdateStrategy }} + storage: + size: {{ .Values.cnpg.pvcSize }} +{{- if .Values.cnpg.backup.enabled }} + backup: + barmanObjectStore: + destinationPath: {{ .Values.cnpg.backup.destinationPath }} + endpointURL: {{ .Values.cnpg.backup.endpointURL }} + endpointCA: + name: {{ .Values.cnpg.backup.endpointCA.name }} + key: {{ .Values.cnpg.backup.endpointCA.key }} + s3Credentials: + accessKeyId: + name: {{.Values.cnpg.backup.s3Credentials.accessKeyId.name }} + key: {{ .Values.cnpg.backup.s3Credentials.accessKeyId.key }} + secretAccessKey: + name: {{ .Values.cnpg.backup.s3Credentials.secretAccessKey.name }} + key: {{ .Values.cnpg.backup.s3Credentials.secretAccessKey.key }} + retentionPolicy: {{ .Values.cnpg.backup.retentionPolicy }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/dso-console/templates/cnpg/scheduled-backup.yaml b/charts/dso-console/templates/cnpg/scheduled-backup.yaml new file mode 100644 index 0000000..a3a9488 --- /dev/null +++ b/charts/dso-console/templates/cnpg/scheduled-backup.yaml @@ -0,0 +1,13 @@ +{{- if .Values.cnpg.backup.enabled }} +apiVersion: postgresql.cnpg.io/v1 +kind: ScheduledBackup +metadata: + name: {{ include "cpnConsole.fullname" . }}-pg-cluster + labels: + {{- include "cpnConsole.common.labels" . | nindent 4 }} +spec: + schedule: "{{ dsc.cnpg.backup.cron }}" + backupOwnerReference: self + cluster: + name: {{ include "cpnConsole.fullname" . }}-pg-cluster +{{- end }} \ No newline at end of file diff --git a/charts/dso-console/templates/server/deployment.yaml b/charts/dso-console/templates/server/deployment.yaml index 01cba26..da7190b 100644 --- a/charts/dso-console/templates/server/deployment.yaml +++ b/charts/dso-console/templates/server/deployment.yaml @@ -50,7 +50,7 @@ spec: mountPath: /plugins {{- end }} {{- if .Values.server.initContainers }} - {{- toYaml .Values.server.initContainers | nindent 8 }} + {{- tpl(toYaml .Values.server.initContainers) . | nindent 8 }} {{- end }} {{- end }} containers: @@ -134,7 +134,7 @@ spec: mountPath: {{ $volumeMount.mountPath }} {{- end }} {{- if .Values.server.extraContainers }} - {{- toYaml .Values.server.extraContainers | nindent 8 }} + {{- tpl(toYaml .Values.server.extraContainers) . | nindent 8 }} {{- end }} {{- with .Values.server.nodeSelector }} nodeSelector: diff --git a/charts/dso-console/values.yaml b/charts/dso-console/values.yaml index 47e2c04..12c62a2 100644 --- a/charts/dso-console/values.yaml +++ b/charts/dso-console/values.yaml @@ -24,7 +24,7 @@ config: projectsRootDir: "forge" # -- Secrets to inject into the configuration. # It is needed for server to get services informations such as urls, admin username, admin password or token, etc. - secrets: + secrets: {} # ARGO_NAMESPACE: "dso-argocd" # ARGOCD_URL: "https://argocd.domain.local" # GITLAB_TOKEN: "" @@ -76,6 +76,7 @@ global: ## For postgres it should look like this "postgresql://db_user:db_password@db_service:db_port/db_name?schema=public" dbUrl: "" + # Ingress configuration ingress: # -- Whether or not ingress should be enabled. @@ -143,7 +144,7 @@ client: # runAsNonRoot: true # runAsUser: 1000 # -- Extra containers to add to the Console CPN client pod as sidecars. - extraContainers: + extraContainers: [] # - name: fluentd # image: "fluentd" # volumeMounts: @@ -229,13 +230,16 @@ client: type: "ClusterIP" # -- Console CPN client service port. port: 80 - # -- Resource limits and requests for the Console CPN client. resources: requests: + # -- Memory request for the Console CPN client. memory: "128Mi" + # -- CPU request for the Console CPN client. cpu: "250m" limits: + # -- Memory limit for the Console CPN client. memory: "512Mi" + # -- CPU limit for the Console CPN client. cpu: "500m" ## Console CPN client Horizontal Pod Autoscaler autoscaling: @@ -304,7 +308,7 @@ server: # runAsNonRoot: true # runAsUser: 1000 # -- Extra containers to add to the Console CPN server pod as sidecars. - extraContainers: + extraContainers: [] # - name: fluentd # image: "fluentd" # volumeMounts: @@ -376,7 +380,7 @@ server: # hostnames: # - "foo.remote" # - "bar.remote" - # -- Extra certificate to add to the container, it should be provide as a configmap. + ## Extra certificate to add to the container, it should be provide as a configmap. extraCa: # -- The name of the configmap in namespace where certificates are stored. name: "" @@ -408,15 +412,17 @@ server: plugins: [] # -- CSV list of plugins to disabled. disabledPlugins: "" - # -- Resource limits and requests for the Console CPN server. resources: requests: + # -- Memory request for the Console CPN server. memory: "128Mi" + # -- CPU request for the Console CPN server. cpu: "250m" limits: + # -- Memory limit for the Console CPN server. memory: "512Mi" + # -- CPU limit for the Console CPN server. cpu: "500m" - ## Console CPN server Horizontal Pod Autoscaler autoscaling: # -- Enable Horizontal Pod Autoscaler ([HPA]) for the Console CPN server. enabled: false @@ -442,6 +448,54 @@ server: # -- Service account name. name: "cpn-console-server" +# CNPG configuration +cnpg: + # -- Whether or not cnpg cluster deployment should be enabled. + enabled: false + # -- Number of instances to spawn in the cluster. + instances: 3 + # -- Username of the database user. + username: "dso" + # -- Name of the database. + dbName: "dso-console-db" + # -- Enable superuser access. + enableSuperuserAccess: true + # -- Rolling update strategy used : + # unsupervised: automated update of the primary once all replicas have been upgraded (default) + # supervised: requires manual supervision to perform the switchover of the primary + primaryUpdateStrategy: "unsupervised" + # -- Size of the PVC used by each cnpg instance. + pvcSize: "10Gi" + # -- Additional cnpg cluster annotations. + annotations: {} + backup: + # -- Whether or not cnpg cluster deployment should be enabled. + enabled: false + # -- S3 destination path for cnpg backups (it should be set like `s3:///`). + destinationPath: "" + # -- S3 endpoint for cnpg backups. + endpointURL: "" + endpointCA: + # -- The secret name containing S3 CA for cnpg backups. + name: "" + # -- The secret key containing S3 CA for cnpg backups. + key: "" + s3Credentials: + accessKeyId: + # -- S3 accessKeyId kuebernetes secret name used for cnpg backups. + name: "" + # -- S3 accessKeyId kubernetes secret key used for cnpg backups. + key: "" + secretAccessKey: + # -- S3 secretAccessKey kuebernetes secret name used for cnpg backups. + name: "" + # -- S3 secretAccessKey kubernetes secret key used for cnpg backups. + key: "" + # -- The cron rule used for cnpg backups. By default it runs every 6 hours. + cron: "0 */6 * * * *" + # -- Retention policy for cnpg backups recurrences. + retentionPolicy: "30d" + # Postgresql configuration. ## Ref: https://artifacthub.io/packages/helm/bitnami/postgresql postgresql: