From b9ef787eb76c28af803b78de83a62d39f24908a2 Mon Sep 17 00:00:00 2001 From: Josip Mrden Date: Mon, 9 Dec 2024 12:13:04 +0100 Subject: [PATCH 1/3] Add HA secrets --- .../templates/coordinators.yaml | 20 +++++++++++++++---- .../templates/data.yaml | 20 +++++++++++++++---- charts/memgraph-high-availability/values.yaml | 6 ++++++ 3 files changed, 38 insertions(+), 8 deletions(-) diff --git a/charts/memgraph-high-availability/templates/coordinators.yaml b/charts/memgraph-high-availability/templates/coordinators.yaml index 26d7151..80ead5a 100644 --- a/charts/memgraph-high-availability/templates/coordinators.yaml +++ b/charts/memgraph-high-availability/templates/coordinators.yaml @@ -117,10 +117,22 @@ spec: - "{{ $arg }}" {{- end }} env: - - name: MEMGRAPH_ENTERPRISE_LICENSE - value: "{{ $.Values.memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE }}" - - name: MEMGRAPH_ORGANIZATION_NAME - value: "{{ $.Values.memgraph.env.MEMGRAPH_ORGANIZATION_NAME }}" + {{- if .Values.secrets.enabled }} + - name: MEMGRAPH_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.name }} + key: {{ .Values.secrets.userKey }} + - name: MEMGRAPH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.name }} + key: {{ .Values.secrets.passwordKey }} + {{- end }} + - name: MEMGRAPH_ENTERPRISE_LICENSE + value: "{{ $.Values.memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE }}" + - name: MEMGRAPH_ORGANIZATION_NAME + value: "{{ $.Values.memgraph.env.MEMGRAPH_ORGANIZATION_NAME }}" volumeMounts: {{- if $.Values.memgraph.coordinators.volumeClaim.storagePVC }} - name: memgraph-coordinator-{{ $coordinator.id }}-lib-storage diff --git a/charts/memgraph-high-availability/templates/data.yaml b/charts/memgraph-high-availability/templates/data.yaml index 678e3db..f1b56d0 100644 --- a/charts/memgraph-high-availability/templates/data.yaml +++ b/charts/memgraph-high-availability/templates/data.yaml @@ -127,10 +127,22 @@ spec: - "{{ $arg }}" {{- end }} env: - - name: MEMGRAPH_ENTERPRISE_LICENSE - value: "{{ $.Values.memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE }}" - - name: MEMGRAPH_ORGANIZATION_NAME - value: "{{ $.Values.memgraph.env.MEMGRAPH_ORGANIZATION_NAME }}" + {{- if .Values.secrets.enabled }} + - name: MEMGRAPH_USER + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.name }} + key: {{ .Values.secrets.userKey }} + - name: MEMGRAPH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.secrets.name }} + key: {{ .Values.secrets.passwordKey }} + {{- end }} + - name: MEMGRAPH_ENTERPRISE_LICENSE + value: "{{ $.Values.memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE }}" + - name: MEMGRAPH_ORGANIZATION_NAME + value: "{{ $.Values.memgraph.env.MEMGRAPH_ORGANIZATION_NAME }}" volumeMounts: {{- if $.Values.memgraph.data.volumeClaim.storagePVC }} - name: memgraph-data-{{ $data.id }}-lib-storage diff --git a/charts/memgraph-high-availability/values.yaml b/charts/memgraph-high-availability/values.yaml index 044c46f..b1e216d 100644 --- a/charts/memgraph-high-availability/values.yaml +++ b/charts/memgraph-high-availability/values.yaml @@ -62,6 +62,12 @@ sysctlInitContainer: enabled: true maxMapCount: 262144 +secrets: + enabled: false + name: memgraph-secrets + userKey: USER + passwordKey: PASSWORD + data: - id: "0" args: From 3f8d29cd3d08a0db4d093ff8d4ce12b7336987b2 Mon Sep 17 00:00:00 2001 From: Josip Mrden Date: Mon, 9 Dec 2024 12:23:02 +0100 Subject: [PATCH 2/3] Add dollar signs --- .../templates/coordinators.yaml | 10 +++++----- charts/memgraph-high-availability/templates/data.yaml | 10 +++++----- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/memgraph-high-availability/templates/coordinators.yaml b/charts/memgraph-high-availability/templates/coordinators.yaml index 80ead5a..852add3 100644 --- a/charts/memgraph-high-availability/templates/coordinators.yaml +++ b/charts/memgraph-high-availability/templates/coordinators.yaml @@ -117,17 +117,17 @@ spec: - "{{ $arg }}" {{- end }} env: - {{- if .Values.secrets.enabled }} + {{- if $.Values.secrets.enabled }} - name: MEMGRAPH_USER valueFrom: secretKeyRef: - name: {{ .Values.secrets.name }} - key: {{ .Values.secrets.userKey }} + name: {{ $.Values.secrets.name }} + key: {{ $.Values.secrets.userKey }} - name: MEMGRAPH_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.secrets.name }} - key: {{ .Values.secrets.passwordKey }} + name: {{ $.Values.secrets.name }} + key: {{ $.Values.secrets.passwordKey }} {{- end }} - name: MEMGRAPH_ENTERPRISE_LICENSE value: "{{ $.Values.memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE }}" diff --git a/charts/memgraph-high-availability/templates/data.yaml b/charts/memgraph-high-availability/templates/data.yaml index f1b56d0..54f971c 100644 --- a/charts/memgraph-high-availability/templates/data.yaml +++ b/charts/memgraph-high-availability/templates/data.yaml @@ -127,17 +127,17 @@ spec: - "{{ $arg }}" {{- end }} env: - {{- if .Values.secrets.enabled }} + {{- if $.Values.secrets.enabled }} - name: MEMGRAPH_USER valueFrom: secretKeyRef: - name: {{ .Values.secrets.name }} - key: {{ .Values.secrets.userKey }} + name: {{ $.Values.secrets.name }} + key: {{ $.Values.secrets.userKey }} - name: MEMGRAPH_PASSWORD valueFrom: secretKeyRef: - name: {{ .Values.secrets.name }} - key: {{ .Values.secrets.passwordKey }} + name: {{ $.Values.secrets.name }} + key: {{ $.Values.secrets.passwordKey }} {{- end }} - name: MEMGRAPH_ENTERPRISE_LICENSE value: "{{ $.Values.memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE }}" From cd8a4855e7910bcd6b9e2f388065b60492a92f22 Mon Sep 17 00:00:00 2001 From: antejavor Date: Thu, 12 Dec 2024 14:21:35 +0100 Subject: [PATCH 3/3] Bump up version and update README. --- charts/memgraph-high-availability/Chart.yaml | 3 +- charts/memgraph-high-availability/README.md | 78 ++++++++++---------- 2 files changed, 42 insertions(+), 39 deletions(-) diff --git a/charts/memgraph-high-availability/Chart.yaml b/charts/memgraph-high-availability/Chart.yaml index 0782d1c..0abcf90 100644 --- a/charts/memgraph-high-availability/Chart.yaml +++ b/charts/memgraph-high-availability/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: memgraph-high-availability description: A Helm chart for Kubernetes with Memgraph High availabiliy capabilites -version: 0.1.5 +version: 0.1.6 appVersion: "2.22.0" type: application @@ -23,7 +23,6 @@ sources: - "https://github.com/memgraph/memgraph" - "https://github.com/memgraph/helm-charts" - maintainers: - name: Memgraph email: tech@memgraph.com diff --git a/charts/memgraph-high-availability/README.md b/charts/memgraph-high-availability/README.md index ed99eef..f9fb969 100644 --- a/charts/memgraph-high-availability/README.md +++ b/charts/memgraph-high-availability/README.md @@ -25,43 +25,47 @@ helm install memgraph/memgraph-high-availability -f values.yaml The following table lists the configurable parameters of the Memgraph chart and their default values. -| Parameter | Description | Default | -| -------------------------------------------------- | --------------------------------------------------------------------------------------------------------- | -------------------------- | -| `memgraph.image.repository` | Memgraph Docker image repository | `memgraph/memgraph` | -| `memgraph.image.tag` | Specific tag for the Memgraph Docker image. Overrides the image tag whose default is chart version. | `2.22.0` | -| `memgraph.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE` | Memgraph enterprise license | `` | -| `memgraph.env.MEMGRAPH_ORGANIZATION_NAME` | Organization name | `` | -| `memgraph.probes.startup.failureThreshold` | Startup probe failure threshold | `30` | -| `memgraph.probes.startup.periodSeconds` | Startup probe period in seconds | `10` | -| `memgraph.probes.readiness.initialDelaySeconds` | Readiness probe initial delay in seconds | `5` | -| `memgraph.probes.readiness.periodSeconds` | Readiness probe period in seconds | `5` | -| `memgraph.probes.liveness.initialDelaySeconds` | Liveness probe initial delay in seconds | `30` | -| `memgraph.probes.liveness.periodSeconds` | Liveness probe period in seconds | `10` | -| `memgraph.data.volumeClaim.storagePVC` | Enable storage PVC | `true` | -| `memgraph.data.volumeClaim.storagePVCSize` | Size of the storage PVC | `1Gi` | -| `memgraph.data.volumeClaim.logPVC` | Enable log PVC | `false` | -| `memgraph.data.volumeClaim.logPVCSize` | Size of the log PVC | `256Mi` | -| `memgraph.coordinators.volumeClaim.storagePVC` | Enable storage PVC for coordinators | `true` | -| `memgraph.coordinators.volumeClaim.storagePVCSize` | Size of the storage PVC for coordinators | `1Gi` | -| `memgraph.coordinators.volumeClaim.logPVC` | Enable log PVC for coordinators | `false` | -| `memgraph.coordinators.volumeClaim.logPVCSize` | Size of the log PVC for coordinators | `256Mi` | -| `memgraph.externalAccess.coordinator.serviceType` | IngressNginx, NodePort, CommonLoadBalancer or LoadBalancer. Use LoadBalancer for Cloud production deployment and NodePort for local testing. 'CommonLoadBalancer' will open one load balancer for all coordinators while 'LoadBalancer' will open one load balancer for each coordinators. IngressNginx will create ingress controller that will allow TCP connections towards coordinator services. | `NodePort` | -| `memgraph.externalAccess.dataInstance.serviceType` | IngressNginx, NodePort or LoadBalancer. Use LoadBalancer for Cloud production deployment and NodePort for local testing. IngressNginx will create ingress controller that will allow TCP connections towards data instances' services. | `NodePort` | -| `memgraph.ports.boltPort` | Bolt port used on coordinator and data instances. | `7687` | -| `memgraph.ports.managementPort` | Management port used on coordinator and data instances. | `10000` | -| `memgraph.ports.replicationPort` | Replication port used on data instances. | `20000` | -| `memgraph.ports.coordinatorPort` | Coordinator port used on coordinators. | `12000` | -| `memgraph.affinity.unique` | Schedule pods on different nodes in the cluster | `false` | -| `memgraph.affinity.parity` | Schedule pods on the same node with maximum one coordinator and one data node | `false` | -| `memgraph.affinity.nodeSelection` | Schedule pods on nodes with specific labels | `false` | -| `memgraph.affinity.roleLabelKey` | Label key for node selection | `role` | -| `memgraph.affinity.dataNodeLabelValue` | Label value for data nodes | `data-node` | -| `memgraph.affinity.coordinatorNodeLabelValue` | Label value for coordinator nodes | `coordinator-node` | -| `data` | Configuration for data instances | See `data` section | -| `coordinators` | Configuration for coordinator instances | See `coordinators` section | -| `sysctlInitContainer.enabled` | Enable the init container to set sysctl parameters | `true` | -| `sysctlInitContainer.maxMapCount` | Value for `vm.max_map_count` to be set by the init container | `262144` | +| Parameter | Description | Default | +| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `memgraph.image.repository` | Memgraph Docker image repository | `memgraph/memgraph` | +| `memgraph.image.tag` | Specific tag for the Memgraph Docker image. Overrides the image tag whose default is chart version. | `2.22.0` | +| `memgraph.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `memgraph.env.MEMGRAPH_ENTERPRISE_LICENSE` | Memgraph enterprise license | `` | +| `memgraph.env.MEMGRAPH_ORGANIZATION_NAME` | Organization name | `` | +| `memgraph.probes.startup.failureThreshold` | Startup probe failure threshold | `30` | +| `memgraph.probes.startup.periodSeconds` | Startup probe period in seconds | `10` | +| `memgraph.probes.readiness.initialDelaySeconds` | Readiness probe initial delay in seconds | `5` | +| `memgraph.probes.readiness.periodSeconds` | Readiness probe period in seconds | `5` | +| `memgraph.probes.liveness.initialDelaySeconds` | Liveness probe initial delay in seconds | `30` | +| `memgraph.probes.liveness.periodSeconds` | Liveness probe period in seconds | `10` | +| `memgraph.data.volumeClaim.storagePVC` | Enable storage PVC | `true` | +| `memgraph.data.volumeClaim.storagePVCSize` | Size of the storage PVC | `1Gi` | +| `memgraph.data.volumeClaim.logPVC` | Enable log PVC | `false` | +| `memgraph.data.volumeClaim.logPVCSize` | Size of the log PVC | `256Mi` | +| `memgraph.coordinators.volumeClaim.storagePVC` | Enable storage PVC for coordinators | `true` | +| `memgraph.coordinators.volumeClaim.storagePVCSize` | Size of the storage PVC for coordinators | `1Gi` | +| `memgraph.coordinators.volumeClaim.logPVC` | Enable log PVC for coordinators | `false` | +| `memgraph.coordinators.volumeClaim.logPVCSize` | Size of the log PVC for coordinators | `256Mi` | +| `memgraph.externalAccess.coordinator.serviceType` | IngressNginx, NodePort, CommonLoadBalancer or LoadBalancer. Use LoadBalancer for Cloud production deployment and NodePort for local testing. 'CommonLoadBalancer' will open one load balancer for all coordinators while 'LoadBalancer' will open one load balancer for each coordinators. IngressNginx will create ingress controller that will allow TCP connections towards coordinator services. | `NodePort` | +| `memgraph.externalAccess.dataInstance.serviceType` | IngressNginx, NodePort or LoadBalancer. Use LoadBalancer for Cloud production deployment and NodePort for local testing. IngressNginx will create ingress controller that will allow TCP connections towards data instances' services. | `NodePort` | +| `memgraph.ports.boltPort` | Bolt port used on coordinator and data instances. | `7687` | +| `memgraph.ports.managementPort` | Management port used on coordinator and data instances. | `10000` | +| `memgraph.ports.replicationPort` | Replication port used on data instances. | `20000` | +| `memgraph.ports.coordinatorPort` | Coordinator port used on coordinators. | `12000` | +| `memgraph.affinity.unique` | Schedule pods on different nodes in the cluster | `false` | +| `memgraph.affinity.parity` | Schedule pods on the same node with maximum one coordinator and one data node | `false` | +| `memgraph.affinity.nodeSelection` | Schedule pods on nodes with specific labels | `false` | +| `memgraph.affinity.roleLabelKey` | Label key for node selection | `role` | +| `memgraph.affinity.dataNodeLabelValue` | Label value for data nodes | `data-node` | +| `memgraph.affinity.coordinatorNodeLabelValue` | Label value for coordinator nodes | `coordinator-node` | +| `data` | Configuration for data instances | See `data` section | +| `coordinators` | Configuration for coordinator instances | See `coordinators` section | +| `sysctlInitContainer.enabled` | Enable the init container to set sysctl parameters | `true` | +| `sysctlInitContainer.maxMapCount` | Value for `vm.max_map_count` to be set by the init container | `262144` | +| `secrets.enabled` | Enable the use of Kubernetes secrets for Memgraph credentials | `false` | +| `secrets.name` | The name of the Kubernetes secret containing Memgraph credentials | `memgraph-secrets` | +| `secrets.userKey` | The key in the Kubernetes secret for the Memgraph user, the value is passed to the `MEMGRAPH_USER` env | `USER` | +| `secrets.passwordKey` | The key in the Kubernetes secret for the Memgraph password, the value is passed to the `MEMGRAPH_PASSWORD` | `PASSWORD` | For the `data` and `coordinators` sections, each item in the list has the following parameters: