From 38b11f1ddf7ffc2c2fb0fdc0d5a0ad9a9685548a Mon Sep 17 00:00:00 2001 From: yivan-atl <52448429+bianchi2@users.noreply.github.com> Date: Wed, 7 Aug 2024 15:01:56 +1000 Subject: [PATCH] Make it possible to define resources for import-certs init container (#851) * Make it possible to configure resources for import certs init container * Fix docs --------- Co-authored-by: Yevhen Ivantsov --- src/main/charts/bamboo/README.md | 5 +- .../charts/bamboo/templates/statefulset.yaml | 4 ++ src/main/charts/bamboo/values.yaml | 2 + src/main/charts/bitbucket/README.md | 7 +-- .../bitbucket/templates/statefulset-mesh.yaml | 4 ++ .../bitbucket/templates/statefulset.yaml | 4 ++ src/main/charts/bitbucket/values.yaml | 5 +- src/main/charts/confluence/README.md | 7 +-- .../templates/statefulset-synchrony.yaml | 4 ++ .../confluence/templates/statefulset.yaml | 4 ++ src/main/charts/confluence/values.yaml | 4 ++ src/main/charts/crowd/README.md | 5 +- .../charts/crowd/templates/statefulset.yaml | 4 ++ src/main/charts/crowd/values.yaml | 2 + src/main/charts/jira/README.md | 5 +- .../charts/jira/templates/statefulset.yaml | 4 ++ src/main/charts/jira/values.yaml | 2 + src/test/config/kind/common-values.yaml | 11 +++- .../java/test/AdditionalCertificatesTest.java | 54 +++++++++++++++++++ .../expected_helm_output/bamboo/output.yaml | 2 + .../bitbucket/output.yaml | 4 ++ .../confluence/output.yaml | 4 ++ .../expected_helm_output/crowd/output.yaml | 2 + .../expected_helm_output/jira/output.yaml | 4 +- 24 files changed, 137 insertions(+), 16 deletions(-) diff --git a/src/main/charts/bamboo/README.md b/src/main/charts/bamboo/README.md index 5ad647882..ed3c35df3 100644 --- a/src/main/charts/bamboo/README.md +++ b/src/main/charts/bamboo/README.md @@ -34,7 +34,7 @@ Kubernetes: `>=1.21.x-0` | bamboo.accessLog.localHomeSubPath | string | `"log"` | The subdirectory within the local-home volume where access logs should be stored. | | bamboo.accessLog.mountPath | string | `"/opt/atlassian/bamboo/logs"` | The path within the Bamboo container where the local-home volume should be mounted in order to capture access logs. | | bamboo.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bamboo plugins that should be added to the Bamboo container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| bamboo.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bamboo.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | bamboo.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bamboo container. See https://hub.docker.com/r/atlassian/bamboo for supported variables. | | bamboo.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bamboo JVM, e.g. system properties. | | bamboo.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bamboo container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -151,8 +151,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | -| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"jmxJarLocation":null,"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | | monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.jmxJarLocation | string | `nil` | The location of the JMX exporter jarfile in the JMX exporter image Leave blank for default bitnami image | | monitoring.jmxExporterInitContainer.resources | object | `{}` | Resources requests and limits for the JMX exporter init container See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | diff --git a/src/main/charts/bamboo/templates/statefulset.yaml b/src/main/charts/bamboo/templates/statefulset.yaml index 3552191e8..112af3038 100644 --- a/src/main/charts/bamboo/templates/statefulset.yaml +++ b/src/main/charts/bamboo/templates/statefulset.yaml @@ -85,6 +85,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "bamboo.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.bamboo.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ if .Values.bamboo.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }} diff --git a/src/main/charts/bamboo/values.yaml b/src/main/charts/bamboo/values.yaml index b935357fa..50623b801 100644 --- a/src/main/charts/bamboo/values.yaml +++ b/src/main/charts/bamboo/values.yaml @@ -973,6 +973,8 @@ bamboo: additionalCertificates: secretName: customCmd: + initContainer: + resources: {} # Monitoring # diff --git a/src/main/charts/bitbucket/README.md b/src/main/charts/bitbucket/README.md index 422d51282..70d15c63a 100644 --- a/src/main/charts/bitbucket/README.md +++ b/src/main/charts/bitbucket/README.md @@ -34,7 +34,7 @@ Kubernetes: `>=1.21.x-0` | atlassianAnalyticsAndSupport.analytics.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a JSON which DC products will read and send analytics events to Atlassian data pipelines | | atlassianAnalyticsAndSupport.helmValues.enabled | bool | `true` | Mount ConfigMap with selected Helm chart values as a YAML file which can be optionally including to support.zip | | bitbucket.additionalBundledPlugins | list | `[]` | Specifies a list of additional Bitbucket plugins that should be added to the Bitbucket container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| bitbucket.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | bitbucket.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Bitbucket container. See https://hub.docker.com/r/atlassian/bitbucket for supported variables. | | bitbucket.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g. system properties. | | bitbucket.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Bitbucket container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -64,7 +64,7 @@ Kubernetes: `>=1.21.x-0` | bitbucket.livenessProbe.initialDelaySeconds | int | `60` | Time to wait before starting the first probe | | bitbucket.livenessProbe.periodSeconds | int | `5` | How often (in seconds) the Bitbucket container liveness probe will run | | bitbucket.livenessProbe.timeoutSeconds | int | `1` | Number of seconds after which the probe times out | -| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| bitbucket.mesh.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | bitbucket.mesh.additionalEnvironmentVariables | object | `{}` | Defines any additional environment variables to be passed to the Bitbucket mesh containers. | | bitbucket.mesh.additionalFiles | string | `nil` | Additional existing ConfigMaps and Secrets not managed by Helm that should be mounted into service container | | bitbucket.mesh.additionalInitContainers | object | `{}` | Additional initContainer definitions that will be added to all Bitbucket pods | @@ -185,8 +185,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | -| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"jmxJarLocation":null,"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | | monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.jmxJarLocation | string | `nil` | The location of the JMX exporter jarfile in the JMX exporter image Leave blank for default bitnami image | | monitoring.jmxExporterInitContainer.resources | object | `{}` | Resources requests and limits for the JMX exporter init container See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | diff --git a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml index 766eab8c1..2b977400d 100644 --- a/src/main/charts/bitbucket/templates/statefulset-mesh.yaml +++ b/src/main/charts/bitbucket/templates/statefulset-mesh.yaml @@ -74,6 +74,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "bitbucketMesh.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.bitbucket.mesh.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ if .Values.bitbucket.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}-mesh{{ else }}{{ .Chart.Name }}-mesh{{ end }} diff --git a/src/main/charts/bitbucket/templates/statefulset.yaml b/src/main/charts/bitbucket/templates/statefulset.yaml index e653c9a02..22927ba1d 100644 --- a/src/main/charts/bitbucket/templates/statefulset.yaml +++ b/src/main/charts/bitbucket/templates/statefulset.yaml @@ -97,6 +97,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "bitbucket.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.bitbucket.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ if .Values.bitbucket.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }} diff --git a/src/main/charts/bitbucket/values.yaml b/src/main/charts/bitbucket/values.yaml index 39b86be9a..6c423f8f0 100644 --- a/src/main/charts/bitbucket/values.yaml +++ b/src/main/charts/bitbucket/values.yaml @@ -1129,7 +1129,8 @@ bitbucket: additionalCertificates: secretName: customCmd: - + initContainer: + resources: {} # -- Specifies a list of additional arguments that can be passed to the Bitbucket JVM, e.g. # system properties. # @@ -1209,6 +1210,8 @@ bitbucket: additionalCertificates: secretName: customCmd: + initContainer: + resources: {} # Monitoring # diff --git a/src/main/charts/confluence/README.md b/src/main/charts/confluence/README.md index 61e3051d0..3e2d40579 100644 --- a/src/main/charts/confluence/README.md +++ b/src/main/charts/confluence/README.md @@ -37,7 +37,7 @@ Kubernetes: `>=1.21.x-0` | confluence.accessLog.localHomeSubPath | string | `"logs"` | The subdirectory within the local-home volume where access logs should be stored. | | confluence.accessLog.mountPath | string | `"/opt/atlassian/confluence/logs"` | The path within the Confluence container where the local-home volume should be mounted in order to capture access logs. | | confluence.additionalBundledPlugins | list | `[]` | Specifies a list of additional Confluence plugins that should be added to the Confluence container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| confluence.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| confluence.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | confluence.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Confluence container. See https://hub.docker.com/r/atlassian/confluence for supported variables. | | confluence.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Confluence JVM, e.g. system properties. | | confluence.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Confluence container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -146,8 +146,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | -| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"jmxJarLocation":null,"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | | monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.jmxJarLocation | string | `nil` | The location of the JMX exporter jarfile in the JMX exporter image Leave blank for default bitnami image | | monitoring.jmxExporterInitContainer.resources | object | `{}` | Resources requests and limits for the JMX exporter init container See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | @@ -188,7 +189,7 @@ Kubernetes: `>=1.21.x-0` | serviceAccount.name | string | `nil` | The name of the ServiceAccount to be used by the pods. If not specified, but the "serviceAccount.create" flag is set to 'true', then the ServiceAccount name will be auto-generated, otherwise the 'default' ServiceAccount will be used. https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#use-the-default-service-account-to-access-the-api-server | | serviceAccount.role.create | bool | `true` | Create a role for Hazelcast client with privileges to get and list pods and endpoints in the namespace. Set to false if you need to create a Role and RoleBinding manually | | serviceAccount.roleBinding | object | `{"create":true}` | Grant permissions defined in Role (list and get pods and endpoints) to a service account. | -| synchrony.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| synchrony.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | synchrony.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Synchrony JVM, e.g. system properties. | | synchrony.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Synchrony container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | | synchrony.additionalPorts | list | `[]` | Defines any additional ports for the Synchrony container. | diff --git a/src/main/charts/confluence/templates/statefulset-synchrony.yaml b/src/main/charts/confluence/templates/statefulset-synchrony.yaml index d3f3260fd..53d3a64ea 100644 --- a/src/main/charts/confluence/templates/statefulset-synchrony.yaml +++ b/src/main/charts/confluence/templates/statefulset-synchrony.yaml @@ -59,6 +59,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "synchrony.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.synchrony.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: synchrony diff --git a/src/main/charts/confluence/templates/statefulset.yaml b/src/main/charts/confluence/templates/statefulset.yaml index 8f045d4f3..f440e3816 100644 --- a/src/main/charts/confluence/templates/statefulset.yaml +++ b/src/main/charts/confluence/templates/statefulset.yaml @@ -109,6 +109,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "confluence.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.confluence.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ if .Values.confluence.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }} diff --git a/src/main/charts/confluence/values.yaml b/src/main/charts/confluence/values.yaml index f96da118e..163eed192 100644 --- a/src/main/charts/confluence/values.yaml +++ b/src/main/charts/confluence/values.yaml @@ -1045,6 +1045,8 @@ confluence: additionalCertificates: secretName: customCmd: + initContainer: + resources: {} # Monitoring # @@ -1346,6 +1348,8 @@ synchrony: additionalCertificates: secretName: customCmd: + initContainer: + resources: {} # Fluentd configuration # diff --git a/src/main/charts/crowd/README.md b/src/main/charts/crowd/README.md index 66ab47ae7..9b9338eea 100644 --- a/src/main/charts/crowd/README.md +++ b/src/main/charts/crowd/README.md @@ -36,7 +36,7 @@ Kubernetes: `>=1.21.x-0` | crowd.accessLog.localHomeSubPath | string | `"logs"` | The subdirectory within the local-home volume where access logs should be stored. | | crowd.accessLog.mountPath | string | `"/opt/atlassian/crowd/apache-tomcat/logs"` | The path within the Crowd container where the local-home volume should be mounted in order to capture access logs. | | crowd.additionalBundledPlugins | list | `[]` | Specifies a list of additional Crowd plugins that should be added to the Crowd container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| crowd.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| crowd.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | crowd.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Crowd container. See https://hub.docker.com/r/atlassian/crowd for supported variables. | | crowd.additionalJvmArgs | list | `[]` | Specifies a list of additional arguments that can be passed to the Crowd JVM, e.g. system properties. | | crowd.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Crowd container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -137,8 +137,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | -| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"jmxJarLocation":null,"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | | monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.jmxJarLocation | string | `nil` | The location of the JMX exporter jarfile in the JMX exporter image Leave blank for default bitnami image | | monitoring.jmxExporterInitContainer.resources | object | `{}` | Resources requests and limits for the JMX exporter init container See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | diff --git a/src/main/charts/crowd/templates/statefulset.yaml b/src/main/charts/crowd/templates/statefulset.yaml index 1a69a65a8..b22e2ca53 100644 --- a/src/main/charts/crowd/templates/statefulset.yaml +++ b/src/main/charts/crowd/templates/statefulset.yaml @@ -90,6 +90,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "crowd.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.crowd.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ if .Values.crowd.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }} diff --git a/src/main/charts/crowd/values.yaml b/src/main/charts/crowd/values.yaml index e9400eee3..ce8e26c02 100644 --- a/src/main/charts/crowd/values.yaml +++ b/src/main/charts/crowd/values.yaml @@ -451,6 +451,8 @@ crowd: additionalCertificates: secretName: customCmd: + initContainer: + resources: {} # Ingress configuration # diff --git a/src/main/charts/jira/README.md b/src/main/charts/jira/README.md index d99358694..327028835 100644 --- a/src/main/charts/jira/README.md +++ b/src/main/charts/jira/README.md @@ -70,7 +70,7 @@ Kubernetes: `>=1.21.x-0` | jira.accessLog.localHomeSubPath | string | `"log"` | The subdirectory within the local-home volume where access logs should be stored. | | jira.accessLog.mountPath | string | `"/opt/atlassian/jira/logs"` | The path within the Jira container where the local-home volume should be mounted in order to capture access logs. | | jira.additionalBundledPlugins | list | `[]` | Specifies a list of additional Jira plugins that should be added to the Jira container. Note plugins installed via this method will appear as bundled plugins rather than user plugins. These should be specified in the same manner as the 'additionalLibraries' property. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ NOTE: only .jar files can be loaded using this approach. OBR's can be extracted (unzipped) to access the associated .jar An alternative to this method is to install the plugins via "Manage Apps" in the product system administration UI. | -| jira.additionalCertificates | object | `{"customCmd":null,"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | +| jira.additionalCertificates | object | `{"customCmd":null,"initContainer":{"resources":{}},"secretName":null}` | Certificates to be added to Java truststore. Provide reference to a secret that contains the certificates | | jira.additionalEnvironmentVariables | list | `[]` | Defines any additional environment variables to be passed to the Jira container. See https://hub.docker.com/r/atlassian/jira-software for supported variables. | | jira.additionalJvmArgs | list | `[]` | | | jira.additionalLibraries | list | `[]` | Specifies a list of additional Java libraries that should be added to the Jira container. Each item in the list should specify the name of the volume that contains the library, as well as the name of the library file within that volume's root directory. Optionally, a subDirectory field can be included to specify which directory in the volume contains the library file. Additional details: https://atlassian.github.io/data-center-helm-charts/examples/external_libraries/EXTERNAL_LIBS/ | @@ -137,8 +137,9 @@ Kubernetes: `>=1.21.x-0` | monitoring.jmxExporterCustomJarLocation | string | `nil` | Location of jmx_exporter jar file if mounted from a secret or manually copied to shared home | | monitoring.jmxExporterImageRepo | string | `"bitnami/jmx-exporter"` | Image repository with jmx_exporter jar | | monitoring.jmxExporterImageTag | string | `"0.18.0"` | Image tag to be used to pull jmxExporterImageRepo | -| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | +| monitoring.jmxExporterInitContainer | object | `{"customSecurityContext":{},"jmxJarLocation":null,"resources":{},"runAsRoot":true}` | JMX exporter init container configuration | | monitoring.jmxExporterInitContainer.customSecurityContext | object | `{}` | Custom SecurityContext for the jmx exporter init container | +| monitoring.jmxExporterInitContainer.jmxJarLocation | string | `nil` | The location of the JMX exporter jarfile in the JMX exporter image Leave blank for default bitnami image | | monitoring.jmxExporterInitContainer.resources | object | `{}` | Resources requests and limits for the JMX exporter init container See: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ | | monitoring.jmxExporterInitContainer.runAsRoot | bool | `true` | Whether to run JMX exporter init container as root to copy JMX exporter binary to shared home volume. Set to false if running containers as root is not allowed in the cluster. | | monitoring.jmxExporterPort | int | `9999` | Port number on which metrics will be available | diff --git a/src/main/charts/jira/templates/statefulset.yaml b/src/main/charts/jira/templates/statefulset.yaml index bf6f1cd12..7646484e7 100644 --- a/src/main/charts/jira/templates/statefulset.yaml +++ b/src/main/charts/jira/templates/statefulset.yaml @@ -90,6 +90,10 @@ spec: mountPath: /tmp/crt command: ["/bin/bash"] args: ["-c", {{ include "jira.addCrtToKeystoreCmd" . }}] + resources: + {{- with .Values.jira.additionalCertificates.initContainer.resources }} + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} containers: - name: {{ if .Values.jira.useHelmReleaseNameAsContainerName}}{{ include "common.names.fullname" . }}{{ else }}{{ .Chart.Name }}{{ end }} diff --git a/src/main/charts/jira/values.yaml b/src/main/charts/jira/values.yaml index 00ed26aed..e4f759cf8 100644 --- a/src/main/charts/jira/values.yaml +++ b/src/main/charts/jira/values.yaml @@ -870,6 +870,8 @@ jira: additionalCertificates: secretName: customCmd: + initContainer: + resources: {} # Monitoring # diff --git a/src/test/config/kind/common-values.yaml b/src/test/config/kind/common-values.yaml index 9a65c573c..57bd9c223 100644 --- a/src/test/config/kind/common-values.yaml +++ b/src/test/config/kind/common-values.yaml @@ -27,7 +27,14 @@ DC_APP_REPLACEME: # check if init container not failing when importing a custom crt into the default Java keystore additionalCertificates: secretName: certificate - + initContainer: + resources: + requests: + memory: 1Mi + cpu: 1m + limits: + memory: 100Mi + cpu: 1 # Bitbucket Only sshService: enabled: true @@ -37,7 +44,7 @@ DC_APP_REPLACEME: additionalEnvironmentVariables: - name: PLUGIN_SSH_BASEURL value: ssh://bitbucket.172.17.0.1.nip.io:2222 - + # non existing props will be ignored, so it's safe to set them for all products # these extra sys properties are mostly for the functional tests additionalJvmArgs: diff --git a/src/test/java/test/AdditionalCertificatesTest.java b/src/test/java/test/AdditionalCertificatesTest.java index 858fb4eea..d4bc514cf 100644 --- a/src/test/java/test/AdditionalCertificatesTest.java +++ b/src/test/java/test/AdditionalCertificatesTest.java @@ -203,4 +203,58 @@ void additional_certificates_synchrony_custom_cmd(Product product) throws Except final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()+"-synchrony"); assertThat(statefulSet.getInitContainers().get(0).path("args").path(1)).hasTextEqualTo("echo \"My custom command\""); } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bamboo_agent"}, mode = EnumSource.Mode.EXCLUDE) + void additional_certificates_init_resources(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "volumes.sharedHome.persistentVolumeClaim.create", "true", + product.name() + ".additionalCertificates.secretName", "mycrt", + product.name() + ".additionalCertificates.initContainer.resources.requests.memory", "1Gi", + product.name() + ".additionalCertificates.initContainer.resources.requests.cpu", "20m", + product.name() + ".additionalCertificates.initContainer.resources.limits.memory", "1Gi", + product.name() + ".additionalCertificates.initContainer.resources.limits.cpu", "20m" + + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()); + assertThat(statefulSet.getInitContainers().get(1).path("resources").path("requests").path("memory")).hasTextEqualTo("1Gi"); + assertThat(statefulSet.getInitContainers().get(1).path("resources").path("requests").path("cpu")).hasTextEqualTo("20m"); + assertThat(statefulSet.getInitContainers().get(1).path("resources").path("limits").path("memory")).hasTextEqualTo("1Gi"); + assertThat(statefulSet.getInitContainers().get(1).path("resources").path("limits").path("cpu")).hasTextEqualTo("20m"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"confluence"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificates_synchrony_init_resources(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + "synchrony.enabled", "true", + "synchrony.additionalCertificates.secretName", "mycrt", + "synchrony.additionalCertificates.initContainer.resources.requests.memory", "1Gi", + "synchrony.additionalCertificates.initContainer.resources.requests.cpu", "20m", + "synchrony.additionalCertificates.initContainer.resources.limits.memory", "1Gi", + "synchrony.additionalCertificates.initContainer.resources.limits.cpu", "20m" + )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()+"-synchrony"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("requests").path("memory")).hasTextEqualTo("1Gi"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("requests").path("cpu")).hasTextEqualTo("20m"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("limits").path("memory")).hasTextEqualTo("1Gi"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("limits").path("cpu")).hasTextEqualTo("20m"); + } + + @ParameterizedTest + @EnumSource(value = Product.class, names = {"bitbucket"}, mode = EnumSource.Mode.INCLUDE) + void additional_certificates_bitbucket_mesh_init_resources(Product product) throws Exception { + final var resources = helm.captureKubeResourcesFromHelmChart(product, Map.of( + product.name() + ".mesh.enabled", "true", + product.name() + ".mesh.additionalCertificates.secretName", "mycrt", + product.name() + ".mesh.additionalCertificates.initContainer.resources.requests.memory", "1Gi", + product.name() + ".mesh.additionalCertificates.initContainer.resources.requests.cpu", "20m", + product.name() + ".mesh.additionalCertificates.initContainer.resources.limits.memory", "1Gi", + product.name() + ".mesh.additionalCertificates.initContainer.resources.limits.cpu", "20m" )); + final var statefulSet = resources.getStatefulSet(product.getHelmReleaseName()+"-mesh"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("requests").path("memory")).hasTextEqualTo("1Gi"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("requests").path("cpu")).hasTextEqualTo("20m"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("limits").path("memory")).hasTextEqualTo("1Gi"); + assertThat(statefulSet.getInitContainers().get(0).path("resources").path("limits").path("cpu")).hasTextEqualTo("20m"); + } } diff --git a/src/test/resources/expected_helm_output/bamboo/output.yaml b/src/test/resources/expected_helm_output/bamboo/output.yaml index 465f24d45..4ca45bc5f 100644 --- a/src/test/resources/expected_helm_output/bamboo/output.yaml +++ b/src/test/resources/expected_helm_output/bamboo/output.yaml @@ -93,6 +93,8 @@ data: additionalBundledPlugins: [] additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] diff --git a/src/test/resources/expected_helm_output/bitbucket/output.yaml b/src/test/resources/expected_helm_output/bitbucket/output.yaml index 722ace4f4..c305d1df8 100644 --- a/src/test/resources/expected_helm_output/bitbucket/output.yaml +++ b/src/test/resources/expected_helm_output/bitbucket/output.yaml @@ -103,6 +103,8 @@ data: additionalBundledPlugins: [] additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -142,6 +144,8 @@ data: mesh: additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalEnvironmentVariables: {} additionalFiles: null diff --git a/src/test/resources/expected_helm_output/confluence/output.yaml b/src/test/resources/expected_helm_output/confluence/output.yaml index bd35de36c..9a3f7330e 100644 --- a/src/test/resources/expected_helm_output/confluence/output.yaml +++ b/src/test/resources/expected_helm_output/confluence/output.yaml @@ -95,6 +95,8 @@ data: additionalBundledPlugins: [] additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -316,6 +318,8 @@ data: synchrony: additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalJvmArgs: [] additionalLibraries: [] diff --git a/src/test/resources/expected_helm_output/crowd/output.yaml b/src/test/resources/expected_helm_output/crowd/output.yaml index 88ce71fc1..c1eefe9ae 100644 --- a/src/test/resources/expected_helm_output/crowd/output.yaml +++ b/src/test/resources/expected_helm_output/crowd/output.yaml @@ -98,6 +98,8 @@ data: additionalBundledPlugins: [] additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] diff --git a/src/test/resources/expected_helm_output/jira/output.yaml b/src/test/resources/expected_helm_output/jira/output.yaml index ff789c885..d1ff1389b 100644 --- a/src/test/resources/expected_helm_output/jira/output.yaml +++ b/src/test/resources/expected_helm_output/jira/output.yaml @@ -136,6 +136,8 @@ data: additionalBundledPlugins: [] additionalCertificates: customCmd: null + initContainer: + resources: {} secretName: null additionalEnvironmentVariables: [] additionalJvmArgs: [] @@ -384,7 +386,7 @@ spec: template: metadata: annotations: - checksum/config-jvm: c0a1259779974ff339d75c8692194c45d8f686966829bbee75ec8a59ba455afc + checksum/config-jvm: 38f23038a49bdac882b3e9130fa64b85f26fc2128687538bf138b714b4b5da07 labels: app.kubernetes.io/name: jira app.kubernetes.io/instance: unittest-jira