Merge branch 'main' into main

charts/retool/templates/_helpers.tpl

@@ -123,6 +123,18 @@ Set postgresql user
 {{- end -}}
 {{- end -}}
 
+{{/*
+Set Jobs Runner enabled
+Usage: (include "retool.jobRunner.enabled" .)
+*/}}
+{{- define "retool.jobRunner.enabled" -}}
+{{- $output := "" -}}
+{{- if or (gt (int (toString (.Values.replicaCount))) 1) (eq .Values.jobRunner.enabled true) }}
+  {{- $output = "1" -}}
+{{- end -}}
+{{- $output -}}
+{{- end -}}
+
 {{/*
 Set Workflows enabled
 Usage: (include "retool.workflows.enabled" .)

charts/retool/templates/deployment_backend.yaml

@@ -45,7 +45,7 @@ spec:
       {{- with .Values.hostAliases }}
       hostAliases:
 {{ toYaml . | indent 8 }}
-      {{- end }} 
+      {{- end }}
 {{- if .Values.initContainers }}
       initContainers:
 {{- range $key, $value := .Values.initContainers }}
@@ -67,12 +67,22 @@ spec:
         env:
           - name: NODE_ENV
             value: production
-          {{- if gt (int (toString (.Values.replicaCount))) 1 }}
+          {{- if include "retool.jobRunner.enabled" . }}
+          {{ if "$.Values.dbconnector.java.enabled" }}
+          - name: SERVICE_TYPE
+            value: MAIN_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR,JAVA_DBCONNECTOR
+          {{ else }}
           - name: SERVICE_TYPE
             value: MAIN_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR
+          {{ end }}
           {{- else }}
+          {{ if "$.Values.dbconnector.java.enabled" }}
+          - name: SERVICE_TYPE
+            value: MAIN_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR,JAVA_DBCONNECTOR,JOBS_RUNNER
+          {{ else }}
           - name: SERVICE_TYPE
             value: MAIN_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR,JOBS_RUNNER
+          {{ end }}
           {{- end }}
           - name: CLIENT_ID
             value: {{ default "" .Values.config.auth.google.clientId }}
@@ -88,43 +98,43 @@ spec:
             value: {{ template "retool.postgresql.user" . }}
           - name: POSTGRES_SSL_ENABLED
             value: {{ template "retool.postgresql.ssl_enabled" . }}
-          {{- if .Values.config.dbConnectorTimeout }}	
-          - name: DBCONNECTOR_QUERY_TIMEOUT_MS	
-            value: {{ .Values.config.dbConnectorTimeout | quote }}	
+          {{- if .Values.config.dbConnectorTimeout }}
+          - name: DBCONNECTOR_QUERY_TIMEOUT_MS
+            value: {{ .Values.config.dbConnectorTimeout | quote }}
           {{- end }}
           {{- if and (include "retool.workflows.enabled" .) (or (index .Values "retool-temporal-services-helm" "enabled") (.Values.workflows.temporal.enabled)) }}
-          - name: WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST	
-            value: {{ template "retool.temporal.host" . }}	
-          - name: WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT	
-            value: {{ template "retool.temporal.port" . }}	
-          - name: WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE	
-            value: {{ template "retool.temporal.namespace" . }}	
-          {{- end }}	
+          - name: WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_HOST
+            value: {{ template "retool.temporal.host" . }}
+          - name: WORKFLOW_TEMPORAL_CLUSTER_FRONTEND_PORT
+            value: {{ template "retool.temporal.port" . }}
+          - name: WORKFLOW_TEMPORAL_CLUSTER_NAMESPACE
+            value: {{ template "retool.temporal.namespace" . }}
+          {{- end }}
           {{- if include "retool.workflows.enabled" . }}
-          - name: WORKFLOW_BACKEND_HOST	
-            value: http://{{ template "retool.fullname" . }}-workflow-backend	
-          {{- end }}	
-          {{- if (.Values.workflows.temporal).sslEnabled }}	
-          - name: WORKFLOW_TEMPORAL_TLS_ENABLED	
-            value: "true"	
-          {{- if (and (.Values.workflows.temporal).sslCert (.Values.workflows.temporal).sslKey) }}	
-          - name: WORKFLOW_TEMPORAL_TLS_CRT	
-            value: {{ .Values.workflows.temporal.sslCert }}	
-          - name: WORKFLOW_TEMPORAL_TLS_KEY	
-            valueFrom:	
-              secretKeyRef:	
-              {{- if (.Values.workflows.temporal).sslKeySecretName }}	
-                name: {{ .Values.workflows.temporal.sslKeySecretName }}	
-                key: {{ .Values.workflows.temporal.sslKeySecretKey | default "temporal-tls-key" }}	
-              {{- else }}	
-                name: {{ template "retool.fullname" . }}	
-                key: "temporal-tls-key"	
-              {{- end }}	
-          {{- end }}	
-          {{- end }}	
-          {{- if .Values.codeExecutor.enabled }}	
-          - name: CODE_EXECUTOR_INGRESS_DOMAIN	
-            value: http://{{ template "retool.codeExecutor.name" . }}	
+          - name: WORKFLOW_BACKEND_HOST
+            value: http://{{ template "retool.fullname" . }}-workflow-backend
+          {{- end }}
+          {{- if (.Values.workflows.temporal).sslEnabled }}
+          - name: WORKFLOW_TEMPORAL_TLS_ENABLED
+            value: "true"
+          {{- if (and (.Values.workflows.temporal).sslCert (.Values.workflows.temporal).sslKey) }}
+          - name: WORKFLOW_TEMPORAL_TLS_CRT
+            value: {{ .Values.workflows.temporal.sslCert }}
+          - name: WORKFLOW_TEMPORAL_TLS_KEY
+            valueFrom:
+              secretKeyRef:
+              {{- if (.Values.workflows.temporal).sslKeySecretName }}
+                name: {{ .Values.workflows.temporal.sslKeySecretName }}
+                key: {{ .Values.workflows.temporal.sslKeySecretKey | default "temporal-tls-key" }}
+              {{- else }}
+                name: {{ template "retool.fullname" . }}
+                key: "temporal-tls-key"
+              {{- end }}
+          {{- end }}
+          {{- end }}
+          {{- if .Values.codeExecutor.enabled }}
+          - name: CODE_EXECUTOR_INGRESS_DOMAIN
+            value: http://{{ template "retool.codeExecutor.name" . }}
           {{- end }}
           {{- if and (not .Values.externalSecrets.enabled) (not .Values.externalSecrets.externalSecretsOperator.enabled) }}
           - name: LICENSE_KEY
@@ -207,9 +217,9 @@ spec:
         envFrom:
         - secretRef:
             name: {{ .Values.externalSecrets.name }}
-        {{- range .Values.externalSecrets.secrets }}	
-        - secretRef:	
-            name: {{ .name }}	
+        {{- range .Values.externalSecrets.secrets }}
+        - secretRef:
+            name: {{ .name }}
         {{- end }}
         {{- end }}
         {{- if .Values.externalSecrets.externalSecretsOperator.enabled  }}

charts/retool/templates/deployment_jobs.yaml

@@ -1,4 +1,4 @@
-{{- if gt (int (toString (.Values.replicaCount))) 1 }}
+{{- if include "retool.jobRunner.enabled" . }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:

charts/retool/templates/deployment_workflows.yaml

@@ -59,8 +59,13 @@ spec:
         env:
           - name: NODE_ENV
             value: production
+          {{ if "$.Values.dbconnector.java.enabled" }}
           - name: SERVICE_TYPE
-            value: DB_CONNECTOR,DB_SSH_CONNECTOR,WORKFLOW_BACKEND
+            value: WORKFLOW_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR,JAVA_DBCONNECTOR
+          {{ else }}
+          - name: SERVICE_TYPE
+            value: WORKFLOW_BACKEND,DB_CONNECTOR,DB_SSH_CONNECTOR
+          {{ end }}
           - name: DBCONNECTOR_POSTGRES_POOL_MAX_SIZE
             value: "100"
           - name: DBCONNECTOR_QUERY_TIMEOUT_MS

charts/retool/values.yaml

@@ -32,7 +32,8 @@ config:
 
   # IMPORTANT: Incompatible with postgresql subchart
   # Please disable the subchart in order to use a managed or external postgres instance.
-  postgresql: {}
+  postgresql:
+    {}
     # Specify if postgresql subchart is disabled
     # host:
     # port:
@@ -58,7 +59,8 @@ env: {}
 
 # Optionally specify additional environment variables to be populated from Kubernetes secrets.
 # Useful for passing in SCIM_AUTH_TOKEN or other secret environment variables from Kubernetes secrets.
-environmentSecrets: []
+environmentSecrets:
+  []
   # - name: SCIM_AUTH_TOKEN
   #   secretKeyRef:
   #     name: retool-scim-auth-token
@@ -70,7 +72,8 @@ environmentSecrets: []
 
 # Optionally specify environmental variables. Useful for variables that are not key-value, as env: {} above requires.
 # Can also include environment secrets here instead of in environmentSecrets
-environmentVariables: []
+environmentVariables:
+  []
   #   - name: SCIM_AUTH_TOKEN
   #     valueFrom:
   #       secretKeyRef:
@@ -94,7 +97,8 @@ externalSecrets:
   enabled: false
   name: retool-config
   # Array of secrets to be use as env variables. (Optional)
-  secrets: []
+  secrets:
+    []
     # - name: retool-config
     # - name: retool-db
   # Support for External Secrets Operator: https://github.com/external-secrets/external-secrets
@@ -104,7 +108,8 @@ externalSecrets:
     # Default set to AWS Secrets Manager.
     backendType: secretsManager
     # Array of name/path key/value pairs to use for the External Secrets Objects.
-    secretRef: []
+    secretRef:
+      []
       # - name: retool-config
       #   path: global-retool-config
       # - name: retool-db
@@ -244,15 +249,15 @@ priorityClassName: ""
 affinity:
   podAntiAffinity:
     preferredDuringSchedulingIgnoredDuringExecution:
-    - weight: 100
-      podAffinityTerm:
-        labelSelector:
-          matchExpressions:
-          - key: "app.kubernetes.io/name"
-            operator: In
-            values:
-            - retool
-        topologyKey: "kubernetes.io/hostname"
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+              - key: "app.kubernetes.io/name"
+                operator: In
+                values:
+                  - retool
+          topologyKey: "kubernetes.io/hostname"
 
 # Tolerations for pod assignment
 # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
@@ -265,9 +270,6 @@ nodeSelector: {}
 # Common annotations for all pods (backend and job runner).
 podAnnotations: {}
 
-# Increasing replica count will deploy a separate pod for backend and jobs
-# Example: with 3 replicas, you will end up with 3 backends + 1 jobs pod
-replicaCount: 2
 revisionHistoryLimit: 3
 
 # Optional pod disruption budget, for ensuring higher availability of the
@@ -282,7 +284,18 @@ revisionHistoryLimit: 3
 # Common labels for all pods (backend and job runner) for pod assignment
 podLabels: {}
 
+# Increasing replica count will deploy a separate pod for backend and jobs
+# Example 1: with 1 replicas, you will end up with 1 combined backend and jobs pod (unless jobRunner.enabled is true, see below)
+# Example 2: with 2 replicas, you will end up with 2 backends + 1 jobs pod
+# Example 3: with 3 replicas, you will end up with 3 backends + 1 jobs pod
+replicaCount: 2
+
 jobRunner:
+  # explicitly enable this pod if exactly 1 api backend container and
+  # 1 jobs runner container is desired. otherwise a replicaCount of 2
+  # will already launch a job runner pod
+  # enabled: true
+
   # Annotations for job runner pods
   annotations: {}
 
@@ -386,6 +399,12 @@ workflows:
       cpu: 1000m
       memory: 2048Mi
 
+dbconnector:
+  java:
+    # Enable this to use Retool's experimental next-gen dbconnector to connect to resources.
+    # This feature is not ready for production use; please check with the Retool team before enablement.
+    enabled: false
+
 codeExecutor:
   # Enable this for Python support and running code more securely within a separate
   # sandboxed environment

values.yaml

@@ -32,7 +32,8 @@ config:
 
   # IMPORTANT: Incompatible with postgresql subchart
   # Please disable the subchart in order to use a managed or external postgres instance.
-  postgresql: {}
+  postgresql:
+    {}
     # Specify if postgresql subchart is disabled
     # host:
     # port:
@@ -58,7 +59,8 @@ env: {}
 
 # Optionally specify additional environment variables to be populated from Kubernetes secrets.
 # Useful for passing in SCIM_AUTH_TOKEN or other secret environment variables from Kubernetes secrets.
-environmentSecrets: []
+environmentSecrets:
+  []
   # - name: SCIM_AUTH_TOKEN
   #   secretKeyRef:
   #     name: retool-scim-auth-token
@@ -70,7 +72,8 @@ environmentSecrets: []
 
 # Optionally specify environmental variables. Useful for variables that are not key-value, as env: {} above requires.
 # Can also include environment secrets here instead of in environmentSecrets
-environmentVariables: []
+environmentVariables:
+  []
   #   - name: SCIM_AUTH_TOKEN
   #     valueFrom:
   #       secretKeyRef:
@@ -94,7 +97,8 @@ externalSecrets:
   enabled: false
   name: retool-config
   # Array of secrets to be use as env variables. (Optional)
-  secrets: []
+  secrets:
+    []
     # - name: retool-config
     # - name: retool-db
   # Support for External Secrets Operator: https://github.com/external-secrets/external-secrets
@@ -104,7 +108,8 @@ externalSecrets:
     # Default set to AWS Secrets Manager.
     backendType: secretsManager
     # Array of name/path key/value pairs to use for the External Secrets Objects.
-    secretRef: []
+    secretRef:
+      []
       # - name: retool-config
       #   path: global-retool-config
       # - name: retool-db
@@ -244,15 +249,15 @@ priorityClassName: ""
 affinity:
   podAntiAffinity:
     preferredDuringSchedulingIgnoredDuringExecution:
-    - weight: 100
-      podAffinityTerm:
-        labelSelector:
-          matchExpressions:
-          - key: "app.kubernetes.io/name"
-            operator: In
-            values:
-            - retool
-        topologyKey: "kubernetes.io/hostname"
+      - weight: 100
+        podAffinityTerm:
+          labelSelector:
+            matchExpressions:
+              - key: "app.kubernetes.io/name"
+                operator: In
+                values:
+                  - retool
+          topologyKey: "kubernetes.io/hostname"
 
 # Tolerations for pod assignment
 # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
@@ -265,9 +270,6 @@ nodeSelector: {}
 # Common annotations for all pods (backend and job runner).
 podAnnotations: {}
 
-# Increasing replica count will deploy a separate pod for backend and jobs
-# Example: with 3 replicas, you will end up with 3 backends + 1 jobs pod
-replicaCount: 2
 revisionHistoryLimit: 3
 
 # Optional pod disruption budget, for ensuring higher availability of the
@@ -282,7 +284,18 @@ revisionHistoryLimit: 3
 # Common labels for all pods (backend and job runner) for pod assignment
 podLabels: {}
 
+# Increasing replica count will deploy a separate pod for backend and jobs
+# Example 1: with 1 replicas, you will end up with 1 combined backend and jobs pod (unless jobRunner.enabled is true, see below)
+# Example 2: with 2 replicas, you will end up with 2 backends + 1 jobs pod
+# Example 3: with 3 replicas, you will end up with 3 backends + 1 jobs pod
+replicaCount: 2
+
 jobRunner:
+  # explicitly enable this pod if exactly 1 api backend container and
+  # 1 jobs runner container is desired. otherwise a replicaCount of 2
+  # will already launch a job runner pod
+  # enabled: true
+
   # Annotations for job runner pods
   annotations: {}
 
@@ -386,6 +399,12 @@ workflows:
       cpu: 1000m
       memory: 2048Mi
 
+dbconnector:
+  java:
+    # Enable this to use Retool's experimental next-gen dbconnector to connect to resources.
+    # This feature is not ready for production use; please check with the Retool team before enablement.
+    enabled: false
+
 codeExecutor:
   # Enable this for Python support and running code more securely within a separate
   # sandboxed environment