Make it possible to create a dedicated hazelcast svc (#686)

* Make it possible to create a dedicated hazelcast svc * Fix grammar --------- Co-authored-by: Yevhen Ivantsov <[email protected]>
atlassian · Oct 10, 2023 · 09fd862 · 09fd862
1 parent 347bf3a
commit 09fd862
Show file tree

Hide file tree

Showing 9 changed files with 119 additions and 0 deletions.
diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md
@@ -49,6 +49,10 @@ Kubernetes: `>=1.21.x-0`
 | bitbucket.elasticSearch.credentials.passwordSecretKey | string | `"password"` | The key in the Kubernetes Secret that contains the Elasticsearch password.  |
 | bitbucket.elasticSearch.credentials.secretName | string | `nil` | from-literal=password=<password>' https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets  |
 | bitbucket.elasticSearch.credentials.usernameSecretKey | string | `"username"` | The key in the Kubernetes Secret that contains the Elasticsearch username.  |
+| bitbucket.hazelcastService.annotations | object | `{}` | Additional annotations to apply to the Hazelcast Service  |
+| bitbucket.hazelcastService.enabled | bool | `false` | Enable or disable an additional Hazelcast service that Bitbucket nodes can use to join a cluster. It is recommended to create a separate Hazelcast service if the Bitbucket service uses a LoadBalancer type (e.g., NLB), ensuring that the Hazelcast port is not exposed at all. |
+| bitbucket.hazelcastService.port | int | `5701` | The port on which the Bitbucket K8s Hazelcast Service will listen  |
+| bitbucket.hazelcastService.type | string | `"ClusterIP"` | The type of the Hazelcast K8s service to use for Bitbucket  |
 | bitbucket.license.secretKey | string | `"license-key"` | The key in the K8s Secret that contains the Bitbucket license key  |
 | bitbucket.license.secretName | string | `nil` | The name of the K8s Secret that contains the Bitbucket license key. If specified, then the license will be automatically populated during Bitbucket setup. Otherwise, it will need to be provided via the browser after initial startup. An Example of creating a K8s secret for the license below: 'kubectl create secret generic <secret-name> --from-literal=license-key=<license> https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets  |
 | bitbucket.livenessProbe.enabled | bool | `false` | Whether to apply the livenessProbe check to pod.  |

diff --git a/src/main/charts/bitbucket/templates/service-hazelcast.yaml b/src/main/charts/bitbucket/templates/service-hazelcast.yaml
@@ -0,0 +1,21 @@
+{{ if .Values.bitbucket.hazelcastService.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.names.fullname" . }}-hazelcast
+  labels:
+    {{- include "common.labels.commonLabels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.bitbucket.hazelcastService.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.bitbucket.service.type }}
+  ports:
+    - port: {{ .Values.bitbucket.ports.hazelcast }}
+      targetPort: hazelcast
+      protocol: TCP
+      name: hazelcast
+  selector:
+    {{- include "common.labels.selectorLabels" . | nindent 4 }}
+{{ end }}
diff --git a/src/main/charts/bitbucket/templates/service.yaml b/src/main/charts/bitbucket/templates/service.yaml
@@ -29,9 +29,11 @@ spec:
       targetPort: ssh
       protocol: TCP
       name: ssh
+  {{- if not .Values.bitbucket.hazelcastService.enabled }}
     - port: {{ .Values.bitbucket.ports.hazelcast }}
       targetPort: hazelcast
       protocol: TCP
       name: hazelcast
+  {{- end }}
   selector:
     {{- include "common.labels.selectorLabels" . | nindent 4 }}
diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml
@@ -543,6 +543,25 @@ bitbucket:
     #
     annotations: {}
 
+  hazelcastService:
+
+    # -- Enable or disable an additional Hazelcast service that Bitbucket nodes can use to join a cluster.
+    # It is recommended to create a separate Hazelcast service if the Bitbucket service
+    # uses a LoadBalancer type (e.g., NLB), ensuring that the Hazelcast port is not exposed at all.
+    enabled: false
+
+    # -- The port on which the Bitbucket K8s Hazelcast Service will listen
+    #
+    port: 5701
+
+    # -- The type of the Hazelcast K8s service to use for Bitbucket
+    #
+    type: ClusterIP
+
+    # -- Additional annotations to apply to the Hazelcast Service
+    #
+    annotations: {}
+
   # Standard K8s field that holds pod-level security attributes and common container settings.
   # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
   # Do not populate when deploying to OpenShift, unless anyuid policy is attached to a service account.

diff --git a/src/main/charts/confluence/README.md b/src/main/charts/confluence/README.md
@@ -45,6 +45,10 @@ Kubernetes: `>=1.21.x-0`
 | confluence.clustering.usePodNameAsClusterNodeName | bool | `true` | Set to 'true' if the K8s pod name should be used as the end-user-visible name of the Data Center cluster node.  |
 | confluence.containerSecurityContext | object | `{}` | Standard K8s field that holds security configurations that will be applied to a container. https://kubernetes.io/docs/tasks/configure-pod-container/security-context/  |
 | confluence.forceConfigUpdate | bool | `false` | The Docker entrypoint.py generates application configuration on first start; not all of these files are regenerated on subsequent starts. By default, confluence.cfg.xml is generated only once. Set `forceConfigUpdate` to true to change this behavior.  |
+| confluence.hazelcastService.annotations | object | `{}` | Additional annotations to apply to the Hazelcast Service  |
+| confluence.hazelcastService.enabled | bool | `false` | Enable or disable an additional Hazelcast service that Confluence nodes can use to join a cluster. It is recommended to create a separate Hazelcast service if the Confluence service uses a LoadBalancer type (e.g., NLB), ensuring that the Hazelcast port is not exposed at all. |
+| confluence.hazelcastService.port | int | `5701` | The port on which the Confluence K8s Hazelcast Service will listen  |
+| confluence.hazelcastService.type | string | `"ClusterIP"` | The type of the Hazelcast K8s service to use for Confluence  |
 | confluence.jvmDebug.enabled | bool | `false` | Set to 'true' for remote debugging. Confluence JVM will be started with debugging port 5005 open. |
 | confluence.license.secretKey | string | `"license-key"` | The key in the K8s Secret that contains the Confluence license key  |
 | confluence.license.secretName | string | `nil` | The name of the K8s Secret that contains the Confluence license key. If specified, then the license will be automatically populated during Confluence setup. Otherwise, it will need to be provided via the browser after initial startup. An Example of creating a K8s secret for the license below: 'kubectl create secret generic <secret-name> --from-literal=license-key=<license> https://kubernetes.io/docs/concepts/configuration/secret/#opaque-secrets  |

diff --git a/src/main/charts/confluence/templates/service-hazelcast.yaml b/src/main/charts/confluence/templates/service-hazelcast.yaml
@@ -0,0 +1,21 @@
+{{ if .Values.confluence.hazelcastService.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "common.names.fullname" . }}-hazelcast
+  labels:
+    {{- include "common.labels.commonLabels" . | nindent 4 }}
+  annotations:
+    {{- with .Values.confluence.hazelcastService.annotations }}
+    {{- toYaml . | nindent 4 }}
+    {{- end }}
+spec:
+  type: {{ .Values.confluence.service.type }}
+  ports:
+    - port: {{ .Values.confluence.ports.hazelcast }}
+      targetPort: hazelcast
+      protocol: TCP
+      name: hazelcast
+  selector:
+    {{- include "common.labels.selectorLabels" . | nindent 4 }}
+{{ end }}
diff --git a/src/main/charts/confluence/templates/service.yaml b/src/main/charts/confluence/templates/service.yaml
@@ -24,9 +24,11 @@ spec:
       targetPort: http
       protocol: TCP
       name: http
+  {{- if not .Values.confluence.hazelcastService.enabled }}
     - port: {{ .Values.confluence.ports.hazelcast }}
       targetPort: hazelcast
       protocol: TCP
       name: hazelcast
+  {{- end }}
   selector:
     {{- include "common.labels.selectorLabels" . | nindent 4 }}
diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml
@@ -529,6 +529,25 @@ confluence:
     #
     annotations: {}
 
+  hazelcastService:
+
+    # -- Enable or disable an additional Hazelcast service that Confluence nodes can use to join a cluster.
+    # It is recommended to create a separate Hazelcast service if the Confluence service
+    # uses a LoadBalancer type (e.g., NLB), ensuring that the Hazelcast port is not exposed at all.
+    enabled: false
+
+    # -- The port on which the Confluence K8s Hazelcast Service will listen
+    #
+    port: 5701
+
+    # -- The type of the Hazelcast K8s service to use for Confluence
+    #
+    type: ClusterIP
+
+    # -- Additional annotations to apply to the Hazelcast Service
+    #
+    annotations: {}
+
   # Standard K8s field that holds pod-level security attributes and common container settings.
   # https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
   # Do not populate when deploying to OpenShift, unless anyuid policy is attached to a service account.

diff --git a/src/test/java/test/ServiceTest.java b/src/test/java/test/ServiceTest.java
@@ -131,4 +131,31 @@ void synchrony_service_custom_annotations(Product product) throws Exception {
                 "confluence", "qwerty-synchrony"
         ));
     }
+
+    @ParameterizedTest
+    @EnumSource(value = Product.class, names = {"bitbucket", "confluence"})
+    void dedicated_hazelcast_service(Product product) throws Exception {
+        final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of(
+                product.name() + ".hazelcastService.enabled", "true"
+        ));
+
+        final var hazelcastService = resources.get(Kind.Service, Service.class, product.getHelmReleaseName() + "-hazelcast");
+
+        assertThat(hazelcastService.getType()).hasTextEqualTo("ClusterIP");
+        assertThat(hazelcastService.getPort("hazelcast"))
+                .hasValueSatisfying(node -> assertThat(node.path("port")).hasValueEqualTo(5701));
+
+        final var service = resources.get(Kind.Service, Service.class, product.getHelmReleaseName());
+        assertThat(service.getPort("hazelcast")).isEmpty();
+    }
+
+    @ParameterizedTest
+    @EnumSource(value = Product.class, names = {"bitbucket", "confluence"})
+    void hazelcast_one_service(Product product) throws Exception {
+        final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of());
+
+        final var service = resources.get(Kind.Service, Service.class, product.getHelmReleaseName());
+        assertThat(service.getPort("hazelcast"))
+                .hasValueSatisfying(node -> assertThat(node.path("port")).hasValueEqualTo(5701));
+    }
 }