From 4592e95f070828b3c2c2988f4a25531045ee00ab Mon Sep 17 00:00:00 2001 From: "Pierre A. Manseau" Date: Wed, 3 Jul 2024 12:49:39 +0300 Subject: [PATCH] Persistent Storage with Existing Claim and other improvments (#26) Added features: NodeAffinity ImagePullSecrets Version bump to 2.17 Added User, Password ENV Added Enterprise License and Organization ENV Probes (Liveliness, readiness, and startup) --------- Co-authored-by: Ante Javor --- charts/memgraph/README.md | 50 ++++-- charts/memgraph/templates/service.yaml | 22 ++- charts/memgraph/templates/statefulset.yaml | 187 +++++++++++++++------ charts/memgraph/values.yaml | 95 +++++++++-- 4 files changed, 279 insertions(+), 75 deletions(-) diff --git a/charts/memgraph/README.md b/charts/memgraph/README.md index c236b59..a34d888 100644 --- a/charts/memgraph/README.md +++ b/charts/memgraph/README.md @@ -27,25 +27,51 @@ The following table lists the configurable parameters of the Memgraph chart and | `image.repository` | Memgraph Docker image repository | `memgraph/memgraph` | | `image.tag` | Specific tag for the Memgraph Docker image. Overrides the image tag whose default is chart version. | `""` (Defaults to chart's app version) | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `useImagePullSecrets` | Override the default imagePullSecrets | `false` | +| `imagePullSecrets` | Specify image pull secrets | `- name: regcred` | | `replicaCount` | Number of Memgraph instances to run. Note: no replication or HA support. | `1` | -| `service.type` | Kubernetes service type | `NodePort` | -| `service.port` | Kubernetes service port | `7687` | -| `service.targetPort` | Kubernetes service target port | `7687` | -| `service.protocol` | Protocol used by the service | `TCP` | +| `affinity.nodeKey` | Key for node affinity (Preferred) | `""` | +| `affinity.nodeValue` | Value for node affinity (Preferred) | `""` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.enableBolt` | Enable Bolt protocol | `true` | +| `service.boltPort` | Bolt protocol port | `7687` | +| `service.boltProtocol` | Protocol used by Bolt | `TCP` | +| `service.enableWebsocketMonitoring` | Enable WebSocket monitoring | `false` | +| `service.websocketPortMonitoring` | WebSocket monitoring port | `7444` | +| `service.websocketPortMonitoringProtocol` | Protocol used by WebSocket monitoring | `TCP` | +| `service.enableHttpMonitoring` | Enable HTTP monitoring | `false` | +| `service.httpPortMonitoring` | HTTP monitoring port | `9091` | +| `service.httpPortMonitoringProtocol` | Protocol used by HTTP monitoring | `http` | | `service.annotations` | Annotations to add to the service | `{}` | -| `persistentVolumeClaim.storagePVC` | Enable persistent volume claim for storage | `true` | -| `persistentVolumeClaim.storagePVCClassName` | Storage class name for the persistent volume claim for storage. If not specified, default used. | `""` | -| `persistentVolumeClaim.storagePVCSize` | Size of the persistent volume claim for storage | `1Gi` | -| `persistentVolumeClaim.logPVC` | Enable persistent volume claim for logs | `true` | -| `persistentVolumeClaim.logPVCClassName` | Storage class name for the persistent volume claim for logs. If not specified, default used. | `""` | -| `persistentVolumeClaim.logPVCSize` | Size of the persistent volume claim for logs | `256Mi` | +| `persistentVolumeClaim.createStorageClaim` | Enable creation of a Persistent Volume Claim for storage | `true` | +| `persistentVolumeClaim.storageClassName` | Storage class name for the persistent volume claim | `""` | +| `persistentVolumeClaim.storageSize` | Size of the persistent volume claim for storage | `10Gi` | +| `persistentVolumeClaim.existingClaim` | Use an existing Persistent Volume Claim | `memgraph-0` | +| `persistentVolumeClaim.storageVolumeName` | Name of an existing Volume to create a PVC for | `""` | +| `persistentVolumeClaim.createLogStorage` | Enable creation of a Persistent Volume Claim for logs | `true` | +| `persistentVolumeClaim.logStorageClassName` | Storage class name for the persistent volume claim for logs | `""` | +| `persistentVolumeClaim.logStorageSize` | Size of the persistent volume claim for logs | `1Gi` | | `memgraphConfig` | List of strings defining Memgraph configuration settings | `["--also-log-to-stderr=true"]` | +| `memgraphUser` | User for the Memgraph database | `""` | +| `memgraphPassword` | Password for the Memgraph database | `""` | +| `memgraphEnterpriseLicense` | Memgraph Enterprise License | `""` | +| `memgraphOrganizationName` | Organization name for Memgraph Enterprise License | `""` | | `statefulSetAnnotations` | Annotations to add to the stateful set | `{}` | | `podAnnotations` | Annotations to add to the pod | `{}` | -| `resources` | CPU/Memory resource requests/limits. Left empty by default. | `{}` (See note on uncommenting) | +| `resources` | CPU/Memory resource requests/limits. Left empty by default. | `{}` | | `serviceAccount.create` | Specifies whether a service account should be created | `true` | | `serviceAccount.annotations` | Annotations to add to the service account | `{}` | | `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated. | `""` | +| `container.terminationGracePeriodSeconds` | Grace period for pod termination | `1800` | +| `probes.liveliness.initialDelaySeconds` | Initial delay for liveliness probe | `10` | +| `probes.liveliness.periodSeconds` | Period seconds for liveliness probe | `60` | +| `probes.liveliness.failureThreshold` | Failure threshold for liveliness probe | `3` | +| `probes.readiness.initialDelaySeconds` | Initial delay for readiness probe | `10` | +| `probes.readiness.periodSeconds` | Period seconds for readiness probe | `30` | +| `probes.readiness.failureThreshold` | Failure threshold for readiness probe | `3` | +| `probes.startup.initialDelaySeconds` | Initial delay for startup probe | `10` | +| `probes.startup.periodSeconds` | Period seconds for startup probe | `10` | +| `probes.startup.failureThreshold` | Failure threshold for startup probe | `30` | **Note:** It's often recommended not to specify default resources and leave it as a conscious choice for the user. If you want to specify resources, uncomment the following lines in your `values.yaml`, adjust them as necessary: @@ -66,5 +92,7 @@ The `memgraphConfig` parameter should be a list of strings defining the values o memgraphConfig: - "--also-log-to-stderr=true" - "--log-level=TRACE" + - "--log-file=''" + ``` For all available database settings, refer to the [Configuration settings reference guide](https://memgraph.com/docs/memgraph/reference-guide/configuration). diff --git a/charts/memgraph/templates/service.yaml b/charts/memgraph/templates/service.yaml index 7e7ac6c..37ee72b 100644 --- a/charts/memgraph/templates/service.yaml +++ b/charts/memgraph/templates/service.yaml @@ -11,9 +11,23 @@ metadata: spec: type: {{ .Values.service.type }} ports: - - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort}} - protocol: {{ .Values.service.protocol }} - name: bolt + {{- if .Values.service.boltPort }} + - port: {{ .Values.service.boltPort }} + targetPort: {{ .Values.service.boltPort }} + protocol: {{ .Values.service.boltProtocol }} + name: bolt-port + {{- end }} + {{- if .Values.service.enableWebsocketMonitoring }} + - port: {{ .Values.service.websocketPortMonitoring }} + targetPort: {{ .Values.service.websocketPortMonitoring }} + protocol: {{ .Values.service.websocketPortMonitoringProtocol }} + name: websocket-monitoring-port + {{- end }} + {{- if .Values.service.enableHttpMonitoring }} + - port: {{ .Values.service.httpPortMonitoring }} + targetPort: {{ .Values.service.httpPortMonitoring }} + protocol: {{ .Values.service.httpPortMonitoringProtocol }} + name: http-monitoring-port + {{- end }} selector: {{- include "memgraph.selectorLabels" . | nindent 4 }} diff --git a/charts/memgraph/templates/statefulset.yaml b/charts/memgraph/templates/statefulset.yaml index dd35adc..be6e016 100644 --- a/charts/memgraph/templates/statefulset.yaml +++ b/charts/memgraph/templates/statefulset.yaml @@ -28,27 +28,56 @@ spec: {{- end }} spec: initContainers: - - name: init-volume-mounts - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - volumeMounts: - {{- if $.Values.persistentVolumeClaim.storagePVC }} + - name: init-volume-mounts + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + volumeMounts: + {{- if .Values.persistentVolumeClaim.createStorageClaim }} + - name: {{ include "memgraph.fullname" . }}-lib-storage + mountPath: /var/lib/memgraph + {{- end }} + {{- if .Values.persistentVolumeClaim.createLogStorage }} + - name: {{ include "memgraph.fullname" . }}-log-storage + mountPath: /var/log/memgraph + {{- end }} + command: ["/bin/sh", "-c"] + args: + - > + {{- if .Values.persistentVolumeClaim.createStorageClaim }} + chown -R memgraph:memgraph /var/lib/memgraph; + {{- end }} + {{- if .Values.persistentVolumeClaim.createLogStorage }} + chown -R memgraph:memgraph /var/log/memgraph; + {{- end }} + securityContext: + privileged: true + readOnlyRootFilesystem: false + capabilities: + drop: ["all"] + add: ["CHOWN"] + runAsUser: 0 + runAsNonRoot: false + + terminationGracePeriodSeconds: {{ .Values.container.terminationGracePeriodSeconds }} + securityContext: + {{- if .Values.useImagePullSecrets }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 4 }} + {{- end }} + volumes: - name: {{ include "memgraph.fullname" . }}-lib-storage - mountPath: /var/lib/memgraph - {{- end }} - {{- if $.Values.persistentVolumeClaim.logPVC }} + persistentVolumeClaim: + {{- if .Values.persistentVolumeClaim.createStorageClaim }} + claimName: {{ include "memgraph.fullname" . }}-lib-storage + {{- else }} + claimName: {{ .Values.persistentVolumeClaim.existingClaim }} + {{- end}} + + {{- if .Values.persistentVolumeClaim.createLogStorage }} - name: {{ include "memgraph.fullname" . }}-log-storage - mountPath: /var/log/memgraph - {{- end }} - command: [ "/bin/sh","-c" ] - args: [ "chown -R memgraph:memgraph /var/log; chown -R memgraph:memgraph /var/lib" ] - securityContext: - privileged: true - readOnlyRootFilesystem: false - capabilities: - drop: [ "all" ] - add: [ "CHOWN" ] - runAsUser: 0 - runAsNonRoot: false + persistentVolumeClaim: + claimName: {{ include "memgraph.fullname" . }}-log-storage + {{- end }} + containers: - name: memgraph image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" @@ -56,47 +85,107 @@ spec: {{- range .Values.memgraphConfig }} - {{ . | quote }} {{- end }} + {{- if not .Values.persistentVolumeClaim.createLogStorage }} + - "--log-file=''" + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: memgraph - containerPort: {{ .Values.service.port }} + - name: bolt + containerPort: {{ .Values.service.boltPort }} + - name: websocket + containerPort: {{ .Values.service.websocketPortMonitoring }} + - name: http + containerPort: {{ .Values.service.httpPortMonitoring }} + livenessProbe: + exec: + command: + - sh + - -c + - echo 'RETURN 0;' | mgconsole --host localhost --port {{ .Values.service.boltPort }} + initialDelaySeconds: {{ .Values.container.probes.liveliness.initialDelaySeconds }} + periodSeconds: {{ .Values.container.probes.liveliness.periodSeconds }} + failureThreshold: {{ .Values.container.probes.liveliness.failureThreshold }} + readinessProbe: + exec: + command: + - sh + - -c + - echo 'RETURN 0;' | mgconsole --host localhost --port {{ .Values.service.boltPort }} + initialDelaySeconds: {{ .Values.container.probes.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.container.probes.readiness.periodSeconds }} + failureThreshold: {{ .Values.container.probes.readiness.failureThreshold }} + startupProbe: + exec: + command: + - sh + - -c + - echo 'RETURN 0;' | mgconsole --host localhost --port {{ .Values.service.boltPort }} + failureThreshold: {{ .Values.container.probes.startup.failureThreshold }} + periodSeconds: {{ .Values.container.probes.startup.periodSeconds }} + initialDelaySeconds: {{ .Values.container.probes.startup.initialDelaySeconds }} {{- with .Values.resources }} resources: {{- toYaml . | nindent 12 }} {{- end }} + env: + {{ if .Values.memgraphUser }} + - name: MEMGRAPH_USER + value: {{ .Values.memgraphUser }} + - name: MEMGRAPH_PASSWORD + value: {{ .Values.memgraphPassword }} + {{- end }} + {{ if .Values.memgraphEnterpriseLicense }} + - name: MEMGRAPH_ENTERPRISE_LICENSE + value: {{ .Values.memgraphEnterpriseLicense }} + - name: MEMGRAPH_ORGANIZATION_NAME + value: {{ .Values.memgraphOrganizationName}} + {{- end}} volumeMounts: - {{- if .Values.persistentVolumeClaim.storagePVC }} - name: {{ include "memgraph.fullname" . }}-lib-storage mountPath: /var/lib/memgraph - {{- end }} - {{- if .Values.persistentVolumeClaim.logPVC }} - - name: {{ include "memgraph.fullname" . }}-log-storage + {{- if .Values.persistentVolumeClaim.createLogStorage }} + - name: {{ include "memgraph.fullname" . }}-lib-storage mountPath: /var/log/memgraph {{- end }} - volumeClaimTemplates: - {{- if .Values.persistentVolumeClaim.storagePVC }} - - metadata: - name: {{ include "memgraph.fullname" . }}-lib-storage - spec: - accessModes: - - "ReadWriteOnce" - {{- if .Values.persistentVolumeClaim.storagePVCClassName }} - storageClassName: {{ .Values.persistentVolumeClaim.storagePVCClassName }} + {{- if and .Values.affinity.nodeKey .Values.affinity.nodeValue }} + affinity: + nodeAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + preference: + matchExpressions: + - key: {{ .Values.affinity.nodeKey }} + operator: In + values: + - {{ .Values.affinity.nodeValue }} {{- end }} - resources: - requests: - storage: {{ .Values.persistentVolumeClaim.storagePVCSize }} + volumeClaimTemplates: + {{- if .Values.persistentVolumeClaim.createStorageClaim }} + - metadata: + name: {{ include "memgraph.fullname" . }}-lib-storage + spec: + accessModes: + - "ReadWriteOnce" + {{- if .Values.persistentVolumeClaim.storageClassName }} + storageClassName: {{ .Values.persistentVolumeClaim.storageClassName }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistentVolumeClaim.storageSize }} + {{- if .Values.persistentVolumeClaim.storageVolumeName }} + volumeName: {{ .Values.persistentVolumeClaim.storageVolumeName }} + {{- end }} {{- end }} - {{- if .Values.persistentVolumeClaim.logPVC }} - - metadata: - name: {{ include "memgraph.fullname" . }}-log-storage - spec: - accessModes: - - "ReadWriteOnce" - {{- if .Values.persistentVolumeClaim.logPVCClassName }} - storageClassName: {{ .Values.persistentVolumeClaim.logPVCClassName }} - {{- end }} - resources: - requests: - storage: {{ .Values.persistentVolumeClaim.logPVCSize }} + {{- if .Values.persistentVolumeClaim.createLogStorage }} + - metadata: + name: {{ include "memgraph.fullname" . }}-log-storage + spec: + accessModes: + - "ReadWriteOnce" + {{- if .Values.persistentVolumeClaim.logStorageClassName }} + storageClassName: {{ .Values.persistentVolumeClaim.logStorageClassName }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistentVolumeClaim.logStorageSize }} {{- end }} diff --git a/charts/memgraph/values.yaml b/charts/memgraph/values.yaml index 237f18e..0234dfe 100644 --- a/charts/memgraph/values.yaml +++ b/charts/memgraph/values.yaml @@ -4,27 +4,83 @@ image: tag: "" pullPolicy: IfNotPresent -# Can be increased to more but there is no replication or HA support in this chart. +## Override the default imagePullSecrets +useImagePullSecrets: false +imagePullSecrets: +- name: regcred + replicaCount: 1 +## Node Affinity Preferred +# By setting theses parameters the PREFERRED deployment will be done first on the match LABELS with key and value then on other nodes. +# nodeKey: "nodegroup" give the name of a key +# Operator is In +# nodeValue: "memgraph" give the value of the key +affinity: + nodeKey: + nodeValue: + service: - type: NodePort - port: 7687 - targetPort: 7687 - protocol: TCP + ## ClusterIP, NodePort, LoadBalancer + # ClusterIP keep the service inside the cluster makes it secure + # NodePort would create a external port change port: between 30000-32767 accessible to all the nodes and Public IPs if not in a VPC + # LoadBalancer is compabile with Cloud Providers on port: 80 without SSL redirected to the 7687 + type: ClusterIP + + #Bolt Port + enableBolt: true + boltPort: 7687 + boltProtocol: TCP + + #Websocket Monitoring + enableWebsocketMonitoring: false + websocketPortMonitoring: 7444 + websocketPortMonitoringProtocol: TCP + + #HTTP Monitoring + enableHttpMonitoring: false + httpPortMonitoring: 9091 + httpPortMonitoringProtocol: http annotations: {} persistentVolumeClaim: - storagePVCClassName: "" - storagePVC: true - storagePVCSize: 1Gi - logPVCClassName: "" - logPVC: true - logPVCSize: 256Mi + ## createStoragePVC `true` will create for each statefulset server a Persistant Volume Claim + ## `false` will let you choose an existing Persistant Volume Claim or will create one with an existing volume + createStorageClaim: true + ## Using a Storage Class Name with policy `retain` will keep the Persistant Volume Claim and the Volume + ## If you use a Storage Class Name with policy `delete` the Persistant Volume Claim and Volume will be deleted when the helm release is deleted + storageClassName: "" + ## Storage Size must me at minimum 4x the maximum size of your Dataset for Snapshots + ## See documentation for choosing the right size depending on the number of Snapshots you want to keep + ## Default is 3 snapshots and you need space to create a new one and WAL files + storageSize: 10Gi + + ## if `createStoragePVC` is `false` you can choose to use an existing Persistant Volume Claim + ## Write the name and exising Persistant Volume Claim + existingClaim: memgraph-0 + ## If you want to create a Persistant Volume Claim for an existing Volume + storageVolumeName: "" + + ## Create a Dynamic Persistant Volume Claim for Logs + # `false` will only write logs to stdout / stderr + createLogStorage: true + logStorageClassName: "" + logStorageSize: 1Gi memgraphConfig: - "--also-log-to-stderr=true" +## User and Password for the memgraph +memgraphUser: "" +memgraphPassword: "" + +## Memgraph Enterprise Licence +# memgraphEnterpriseLicense: "" +# memgraphOrganizationName: "" + +memgraphEnterpriseLicense: "" +memgraphOrganizationName: "" + # Annotations to add to the statefulSet statefulSetAnnotations: {} # Annotations to add to the Pod @@ -50,3 +106,20 @@ serviceAccount: # The name of the service account to use. # If not set and create is true, a name is generated using the fullname template name: "" + + +container: + terminationGracePeriodSeconds: 1800 + probes: + liveliness: + initialDelaySeconds: 10 + periodSeconds: 60 + failureThreshold: 3 + readiness: + initialDelaySeconds: 10 + periodSeconds: 30 + failureThreshold: 3 + startup: + initialDelaySeconds: 10 + periodSeconds: 10 + failureThreshold: 30