From 7d854b15f54cc42c87e36eddf6aa9fc9fa453e6e Mon Sep 17 00:00:00 2001 From: Katarina Supe <61758502+katarinasupe@users.noreply.github.com> Date: Tue, 18 Jun 2024 11:15:38 +0200 Subject: [PATCH 1/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5426d10..39c059b 100644 --- a/README.md +++ b/README.md @@ -9,7 +9,7 @@ Welcome to the Memgraph Helm Charts repository. This repository provides Helm ch ## Available charts - [**Memgraph standalone**](#memgraph-standalone) - [**Memgraph Lab**](#memgraph-lab) -- [**Memgraph high availability](#memgraph-high-availability) +- [**Memgraph high availability**](#memgraph-high-availability) ## Prerequisites Helm version 3 or above installed. From 0bcfa7563542e81634305f221cc387504ae0bfda Mon Sep 17 00:00:00 2001 From: Katarina Supe <61758502+katarinasupe@users.noreply.github.com> Date: Tue, 18 Jun 2024 11:17:09 +0200 Subject: [PATCH 2/5] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 39c059b..1a67fa6 100644 --- a/README.md +++ b/README.md @@ -64,7 +64,7 @@ To upgrade or uninstall a deployed Memgraph release, you can use the `helm upgra ## Memgraph high availability Deploys high available Memgraph cluster, that includes two data instances and three coordinators. -For detailed information and usage instructions, please refer to the [chart's individual README file](./charts/memgraph/README.md). +For detailed information and usage instructions, please refer to the [chart's individual README file](./charts/memgraph-high-availability/README.md). To install Memgraph standalone, run the following command: From cafe408e7201ee0eb2db4b4cbdf53ac379365004 Mon Sep 17 00:00:00 2001 From: Toni Date: Thu, 20 Jun 2024 21:11:20 +0200 Subject: [PATCH 3/5] Fix: Add correct url for liveness/readiness of Lab The URL `/` is really slow to be used for the liveness/readiness of the Lab because it loads the front end and returns the full code along with the HTML application code. Url `/check` is the one that should be used instead because it is simple, fast, and does no processing at all. --- charts/memgraph-lab/templates/deployment.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/memgraph-lab/templates/deployment.yaml b/charts/memgraph-lab/templates/deployment.yaml index bc40420..4e778e5 100644 --- a/charts/memgraph-lab/templates/deployment.yaml +++ b/charts/memgraph-lab/templates/deployment.yaml @@ -39,11 +39,11 @@ spec: protocol: TCP livenessProbe: httpGet: - path: / + path: /check port: http readinessProbe: httpGet: - path: / + path: /check port: http resources: {{- toYaml .Values.resources | nindent 12 }} From e7231b60585dd85b1a32a598379a8cad64cce3d6 Mon Sep 17 00:00:00 2001 From: Ante Javor Date: Wed, 26 Jun 2024 13:50:03 +0200 Subject: [PATCH 4/5] Add enterprise licence to test. (#32) Injected a license to a test for HA. Separated the actions for testing since HA will require a special setup. --- .../lint-test-high-availability.yaml | 81 +++++++++++++++++++ .github/workflows/lint-test-memgraph-lab.yaml | 56 +++++++++++++ .../{lint-test.yml => lint-test-memgraph.yml} | 10 ++- 3 files changed, 145 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/lint-test-high-availability.yaml create mode 100644 .github/workflows/lint-test-memgraph-lab.yaml rename .github/workflows/{lint-test.yml => lint-test-memgraph.yml} (76%) diff --git a/.github/workflows/lint-test-high-availability.yaml b/.github/workflows/lint-test-high-availability.yaml new file mode 100644 index 0000000..8b64f1d --- /dev/null +++ b/.github/workflows/lint-test-high-availability.yaml @@ -0,0 +1,81 @@ +name: Lint and Test Charts + +on: + pull_request: + paths: + - 'charts/memgraph-high-availability/**' + + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.14.0 + + - uses: actions/setup-python@v4 + with: + python-version: '3.12' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + continue-on-error: true + + - name: Create kind cluster + if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@v1.8.0 + + - name: Set up Memgraph environment variables + if: steps.list-changed.outputs.changed == 'true' + run: | + echo "MEMGRAPH_ENTERPRISE_LICENSE=${{ secrets.MEMGRAPH_ENTERPRISE_LICENSE }}" >> $GITHUB_ENV + echo "MEMGRAPH_ORGANIZATION_NAME=${{ secrets.MEMGRAPH_ORGANIZATION_NAME }}" >> $GITHUB_ENV + + - name: Custom Helm install for memgraph-high-availability + if: steps.list-changed.outputs.changed == 'true' + env: + MEMGRAPH_ENTERPRISE_LICENSE: ${{ secrets.MEMGRAPH_ENTERPRISE_LICENSE }} + MEMGRAPH_ORGANIZATION_NAME: ${{ secrets.MEMGRAPH_ORGANIZATION_NAME }} + run: | + helm install mem-ha-test ./charts/memgraph-high-availability \ + --set memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE=$MEMGRAPH_ENTERPRISE_LICENSE \ + --set memgraph.env.MEMGRAPH_ORGANIZATION_NAME=$MEMGRAPH_ORGANIZATION_NAME + + - name: Wait for Memgraph setup to complete + if: steps.list-changed.outputs.changed == 'true' + run: sleep 30 + + - name: Check the status of Memgraph setup + if: steps.list-changed.outputs.changed == 'true' + run: | + pods=$(kubectl get pods --selector=job-name=memgraph-setup --output=jsonpath='{.items[*].metadata.name}') + for pod in $pods; do + echo "Logs from $pod:" + kubectl logs $pod + done + + - name: Run Helm tests + if: steps.list-changed.outputs.changed == 'true' + run: | + helm test mem-ha-test + kubectl logs -l app=memgraph diff --git a/.github/workflows/lint-test-memgraph-lab.yaml b/.github/workflows/lint-test-memgraph-lab.yaml new file mode 100644 index 0000000..2d51f3e --- /dev/null +++ b/.github/workflows/lint-test-memgraph-lab.yaml @@ -0,0 +1,56 @@ +name: Lint and Test Charts Memgraph Lab + +on: + pull_request: + paths: + - 'charts/memgraph-lab/**' + + +jobs: + lint-test: + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Set up Helm + uses: azure/setup-helm@v3 + with: + version: v3.14.0 + + - uses: actions/setup-python@v4 + with: + python-version: '3.12' + check-latest: true + + - name: Set up chart-testing + uses: helm/chart-testing-action@v2.6.1 + + - name: Run chart-testing (list-changed) + id: list-changed + run: | + changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + if [[ -n "$changed" ]]; then + echo "changed=true" >> "$GITHUB_OUTPUT" + fi + + - name: Run chart-testing (lint) + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch ${{ github.event.repository.default_branch }} + continue-on-error: true + + - name: Create kind cluster + if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@v1.8.0 + + - name: Set up Memgraph environment variables + if: steps.list-changed.outputs.changed == 'true' + run: | + echo "MEMGRAPH_ENTERPRISE_LICENSE=${{ secrets.MEMGRAPH_ENTERPRISE_LICENSE }}" >> $GITHUB_ENV + echo "MEMGRAPH_ORGANIZATION_NAME=${{ secrets.MEMGRAPH_ORGANIZATION_NAME }}" >> $GITHUB_ENV + + - name: Run chart-testing (install) + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch ${{ github.event.repository.default_branch }} diff --git a/.github/workflows/lint-test.yml b/.github/workflows/lint-test-memgraph.yml similarity index 76% rename from .github/workflows/lint-test.yml rename to .github/workflows/lint-test-memgraph.yml index eab5b9c..0a1a394 100644 --- a/.github/workflows/lint-test.yml +++ b/.github/workflows/lint-test-memgraph.yml @@ -1,9 +1,9 @@ -name: Lint and Test Charts +name: Lint and Test Charts Memgraph on: pull_request: paths: - - 'charts/**' + - 'charts/memgraph/**' jobs: @@ -45,6 +45,12 @@ jobs: if: steps.list-changed.outputs.changed == 'true' uses: helm/kind-action@v1.8.0 + - name: Set up Memgraph environment variables + if: steps.list-changed.outputs.changed == 'true' + run: | + echo "MEMGRAPH_ENTERPRISE_LICENSE=${{ secrets.MEMGRAPH_ENTERPRISE_LICENSE }}" >> $GITHUB_ENV + echo "MEMGRAPH_ORGANIZATION_NAME=${{ secrets.MEMGRAPH_ORGANIZATION_NAME }}" >> $GITHUB_ENV + - name: Run chart-testing (install) if: steps.list-changed.outputs.changed == 'true' run: ct install --target-branch ${{ github.event.repository.default_branch }} From c21de838cb0405f9d5d9c7daf587f33a2f86a434 Mon Sep 17 00:00:00 2001 From: Ante Javor Date: Wed, 26 Jun 2024 14:33:09 +0200 Subject: [PATCH 5/5] Introduce init containers. (#33) Introduce init containers that should fix an issue with volume ownership. This enables Memgraph not being run as a root in k8s. --- charts/memgraph/templates/statefulset.yaml | 25 +++++++++++++++++++--- 1 file changed, 22 insertions(+), 3 deletions(-) diff --git a/charts/memgraph/templates/statefulset.yaml b/charts/memgraph/templates/statefulset.yaml index 1e258a1..dd35adc 100644 --- a/charts/memgraph/templates/statefulset.yaml +++ b/charts/memgraph/templates/statefulset.yaml @@ -27,7 +27,28 @@ spec: {{- toYaml . | nindent 4 }} {{- end }} spec: - securityContext: + initContainers: + - name: init-volume-mounts + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + volumeMounts: + {{- if $.Values.persistentVolumeClaim.storagePVC }} + - name: {{ include "memgraph.fullname" . }}-lib-storage + mountPath: /var/lib/memgraph + {{- end }} + {{- if $.Values.persistentVolumeClaim.logPVC }} + - name: {{ include "memgraph.fullname" . }}-log-storage + mountPath: /var/log/memgraph + {{- end }} + command: [ "/bin/sh","-c" ] + args: [ "chown -R memgraph:memgraph /var/log; chown -R memgraph:memgraph /var/lib" ] + securityContext: + privileged: true + readOnlyRootFilesystem: false + capabilities: + drop: [ "all" ] + add: [ "CHOWN" ] + runAsUser: 0 + runAsNonRoot: false containers: - name: memgraph image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -36,8 +57,6 @@ spec: - {{ . | quote }} {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - runAsUser: 0 ports: - name: memgraph containerPort: {{ .Values.service.port }}