diff --git a/.travis.yml b/.travis.yml index 4a6088f3b..3398b5621 100644 --- a/.travis.yml +++ b/.travis.yml @@ -15,9 +15,9 @@ jobs: name: "Lint and install charts" env: - CHART_TESTING_IMAGE=quay.io/helmpack/chart-testing - - CHART_TESTING_TAG=v2.0.1 + - CHART_TESTING_TAG=v2.2.0 - TEST_IMAGE=gcr.io/kubernetes-charts-ci/test-image - - TEST_IMAGE_TAG=v3.0.1 + - TEST_IMAGE_TAG=v3.2.0 - CHARTS_REPO=https://github.com/jfrog/charts - K8S_VERSION="v1.11.3" script: diff --git a/Makefile b/Makefile index 1ffcc45a9..d7fb36618 100644 --- a/Makefile +++ b/Makefile @@ -1,6 +1,6 @@ # Lint charts locally -CHART_TESTING_TAG ?= v2.0.1 -TEST_IMAGE_TAG ?= v3.0.1 +CHART_TESTING_TAG ?= v2.2.0 +TEST_IMAGE_TAG ?= v3.2.0 CHARTS_REPO ?= https://github.com/jfrog/charts MAC_ARGS ?= diff --git a/stable/mission-control/CHANGELOG.md b/stable/mission-control/CHANGELOG.md index e77372b5b..739311ab8 100644 --- a/stable/mission-control/CHANGELOG.md +++ b/stable/mission-control/CHANGELOG.md @@ -1,6 +1,18 @@ # JFrog Mission-Control Chart Changelog All changes to this chart will be documented in this file. +## [0.8.0] - Feb 19, 2018 +* Update Mission-Control version 3.4.2 +* Move to using PostgreSQL as Mission-Control database (replace MongoDB) +* Move setup of database from post install hook to init container of corresponding deployment +* **NOTE:** For upgrading an existing deployment (pre 3.4.2), Mission-Control must be installed with both databases: MongoDB and PostgreSQL +* **UPGRADE NOTES:** For upgrading an existing deployment (pre 3.4.2), follow the following: + * Pass `--set mongodb.enabled=true` to the `helm upgrade command`. + * Mission-Control should be idle. + * New Mission-Control must be installed with both databases: MongoDB and PostgreSQL + * Upgrade to new version (3.4.2) with the following parameter for the upgrade process `helm upgrade .... --set mongodb.enabled=true ....` + * Once Mission-Control is up - it means the migration from MongoDB to PostgreSQL is done! + ## [0.7.3] - Jan 31, 2019 * Add 0.5G to all memory limits for java services to be higher than java xmx value diff --git a/stable/mission-control/Chart.yaml b/stable/mission-control/Chart.yaml index 4238d6c35..98866da48 100644 --- a/stable/mission-control/Chart.yaml +++ b/stable/mission-control/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: mission-control description: A Helm chart for JFrog Mission Control -version: 0.7.3 -appVersion: 3.3.2 +version: 0.8.0 +appVersion: 3.4.2 home: https://jfrog.com/mission-control/ icon: https://raw.githubusercontent.com/JFrogDev/artifactory-dcos/master/images/jfrog_med.png keywords: diff --git a/stable/mission-control/README.md b/stable/mission-control/README.md index d55723e4d..ab3d0f285 100644 --- a/stable/mission-control/README.md +++ b/stable/mission-control/README.md @@ -43,7 +43,7 @@ helm upgrade --name mission-control --set missionControl.missionControlUrl=$MISS ### Accessing Mission Control **NOTE:** It might take a few minutes for Mission Control's public IP to become available, and the nodes to complete initial setup. -Follow the instructions outputted by the install command to get the Distribution IP and URL to access it. +Follow the instructions outputted by the install command to get the Mission Control IP and URL to access it. ### Updating Mission Control Once you have a new chart version, you can update your deployment with @@ -51,6 +51,39 @@ Once you have a new chart version, you can update your deployment with helm upgrade mission-control jfrog/mission-control ``` +### Use an external Database +There are cases where you will want to use an external **PostgreSQL** and not the enclosed **PostgreSQL**. +See more details on [configuring the database](https://www.jfrog.com/confluence/display/MC/Using+External+Databases#UsingExternalDatabases-ExternalizingPostgreSQL) + +This can be done with the following parameters +```bash +... +--set postgresql.enabled=false \ +--set database.host=${DB_HOST} \ +--set database.port=${DB_PORT} \ +--set database.user=${DB_USER} \ +--set database.password=${DB_PASSWORD} \ +... +``` +**NOTE:** You must set `postgresql.enabled=false` in order for the chart to use the `database.*` parameters. Without it, they will be ignored! + +#### Use existing secrets for PostgreSQL connection details +You can use already existing secrets for managing the database connection details. + +Pass them to the install command with the following parameters +```bash +export POSTGRES_USERNAME_SECRET_NAME= +export POSTGRES_USERNAME_SECRET_KEY= +export POSTGRES_PASSWORD_SECRET_NAME= +export POSTGRES_PASSWORD_SECRET_KEY= +... + --set database.secrets.user.name=${POSTGRES_USERNAME_SECRET_NAME} \ + --set database.secrets.user.key=${POSTGRES_USERNAME_SECRET_KEY} \ + --set database.secrets.password.name=${POSTGRES_PASSWORD_SECRET_NAME} \ + --set database.secrets.password.key=${POSTGRES_PASSWORD_SECRET_KEY} \ +... +``` + ### Custom init containers There are cases where a special, unsupported init processes is needed like checking something on the file system or testing something before spinning up the main container. @@ -63,7 +96,7 @@ missionControl: ``` ## Configuration -The following table lists the configurable parameters of the distribution chart and their default values. +The following table lists the configurable parameters of the mission-control chart and their default values. | Parameter | Description | Default | |----------------------------------------------|-------------------------------------------------|---------------------------------------| @@ -74,7 +107,7 @@ The following table lists the configurable parameters of the distribution chart | `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the fullname template | | `rbac.create` | Specifies whether RBAC resources should be created | `true` | | `rbac.role.rules` | Rules to create | `[]` | -| `mongodb.enabled` | Enable Mongodb | `true` | +| `mongodb.enabled` | Enable Mongodb | `false` | | `mongodb.image.tag` | Mongodb docker image tag | `3.6.8-debian-9` | | `mongodb.image.pullPolicy` | Mongodb Container pull policy | `IfNotPresent` | | `mongodb.persistence.enabled` | Mongodb persistence volume enabled | `true` | @@ -92,21 +125,64 @@ The following table lists the configurable parameters of the distribution chart | `mongodb.db.insightUser` | Mongodb Database Insight User | `jfrog_insight` | | `mongodb.db.insightPassword` | Mongodb Database password for Insight User | ` ` | | `mongodb.db.insightSchedulerDb` | Mongodb Database for Scheduler | `insight_scheduler` | +| `postgresql.enabled` | Enable PostgreSQL | `true` | +| `postgresql.imageTag` | PostgreSQL docker image tag | `9.6.11` | +| `postgresql.image.pullPolicy` | PostgreSQL Container pull policy | `IfNotPresent` | +| `postgresql.persistence.enabled` | PostgreSQL persistence volume enabled | `true` | +| `postgresql.persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `postgresql.persistence.size` | PostgreSQL persistence volume size | `50Gi` | +| `postgresql.postgresUsername` | PostgreSQL admin username | `postgres` | +| `postgresql.postgresPassword` | PostgreSQL admin password | ` ` | +| `postgresql.db.name` | PostgreSQL Database name | `mission_control` | +| `postgresql.db.sslmode` | PostgreSQL Database SSL Mode | `false` | +| `postgresql.db.tablespace` | PostgreSQL Database Tablespace | `pg_default` | +| `postgresql.db.jfmcUsername` | PostgreSQL Database mission control User | `jfmc` | +| `postgresql.db.jfisUsername` | PostgreSQL Database insight server User | `jfis` | +| `postgresql.db.jfscUsername` | PostgreSQL Database insight scheduler User | `jfsc` | +| `postgresql.db.jfexUsername` | PostgreSQL Database mission executor User | `jfex` | +| `postgresql.db.jfmcPassword` | PostgreSQL Database mission control Password | ` ` | +| `postgresql.db.jfisPassword` | PostgreSQL Database insight server Password | ` ` | +| `postgresql.db.jfscPassword` | PostgreSQL Database insight scheduler Password | ` ` | +| `postgresql.db.jfexPassword` | PostgreSQL Database mission executor Password | ` ` | +| `postgresql.db.jfmcSchema` | PostgreSQL Database mission control Schema | `jfmc_server` | +| `postgresql.db.jfisSchema` | PostgreSQL Database insight server Schema | `insight_server` | +| `postgresql.db.jfscSchema` | PostgreSQL Database insight scheduler Schema | `insight_scheduler` | +| `postgresql.db.jfexSchema` | PostgreSQL Database mission executor Schema | `insight_executor` | +| `postgresql.service.port` | PostgreSQL Database Port | `5432` | +| `database.type` | External database type (`postgresql`) | `postgresql` | +| `database.host` | External database Connection Host | ` ` | +| `database.port` | External database Connection Port | ` ` | +| `database.name` | External database name | `mission_control` | +| `database.user` | External database user | ` ` | +| `database.password` | External database password | ` ` | +| `database.jfmcUsername` | External database mission control User | `jfmc` | +| `database.jfisUsername` | External database insight server User | `jfis` | +| `database.jfscUsername` | External database insight scheduler User | `jfsc` | +| `database.jfexUsername` | External database mission executor User | `jfex` | +| `database.jfmcPassword` | External database mission control Password | ` ` | +| `database.jfisPassword` | External database insight server Password | ` ` | +| `database.jfscPassword` | External database insight scheduler Password | ` ` | +| `database.jfexPassword` | External database mission executor Password | ` ` | +| `database.jfmcSchema` | External database mission control Schema | `jfmc_server` | +| `database.jfisSchema` | External database insight server Schema | `insight_server` | +| `database.jfscSchema` | External database insight scheduler Schema | `insight_scheduler` | +| `database.jfexSchema` | External database mission executor Schema | `insight_executor` | +| `database.secrets.user.name` | External database username `Secret` name | | +| `database.secrets.user.key` | External database username `Secret` key | | +| `database.secrets.password.name` | External database password `Secret` name | | +| `database.secrets.password.key` | External database password `Secret` key | | | `elasticsearch.enabled` | Enable Elasticsearch | `true` | | `elasticsearch.persistence.enabled` | Elasticsearch persistence volume enabled | `true` | | `elasticsearch.persistence.existingClaim` | Use an existing PVC to persist data | `nil` | | `elasticsearch.persistence.storageClass` | Storage class of backing PVC | `generic` | | `elasticsearch.persistence.size` | Elasticsearch persistence volume size | `50Gi` | -| `elasticsearch.javaOpts.xms` | Elasticsearch ES_JAVA_OPTS -Xms | `` | -| `elasticsearch.javaOpts.xmx` | Elasticsearch ES_JAVA_OPTS -Xmx | `` | +| `elasticsearch.javaOpts.xms` | Elasticsearch ES_JAVA_OPTS -Xms | ` ` | +| `elasticsearch.javaOpts.xmx` | Elasticsearch ES_JAVA_OPTS -Xmx | ` ` | | `elasticsearch.env.clusterName` | Elasticsearch Cluster Name | `es-cluster` | -| `elasticsearch.env.esUsername` | Elasticsearch User Name | `elastic` | -| `elasticsearch.env.esPassword` | Elasticsearch User Name | `changeme` | | `missionControl.name` | Mission Control name | `mission-control` | -| `missionControl.replicaCount` | Mission Control replica count | `1` | | `missionControl.image` | Container image | `docker.jfrog.io/jfrog/mission-control` | -| `missionControl.version` | Container image tag | `.Chart.AppVersion` | -| `missionControl.customInitContainers` | Custom init containers | `` | +| `missionControl.version` | Container image tag | `.Chart.AppVersion` | +| `missionControl.customInitContainers` | Custom init containers | ` ` | | `missionControl.service.type` | Mission Control service type | `LoadBalancer` | | `missionControl.externalPort` | Mission Control service external port | `80` | | `missionControl.internalPort` | Mission Control service internal port | `8080` | @@ -118,20 +194,18 @@ The following table lists the configurable parameters of the distribution chart | `missionControl.persistence.accessMode` | Mission Control persistence volume access mode | `ReadWriteOnce` | | `missionControl.persistence.size` | Mission Control persistence volume size | `100Gi` | | `missionControl.javaOpts.other` | Mission Control JAVA_OPTIONS | `-server -XX:+UseG1GC -Dfile.encoding=UTF8` | -| `missionControl.javaOpts.xms` | Mission Control JAVA_OPTIONS -Xms | `` | -| `missionControl.javaOpts.xmx` | Mission Control JAVA_OPTIONS -Xmx | `` | +| `missionControl.javaOpts.xms` | Mission Control JAVA_OPTIONS -Xms | ` ` | +| `missionControl.propertyOverride` | Force write of properties on mc startup | ` ` | | `insightServer.name` | Insight Server name | `insight-server` | -| `insightServer.replicaCount` | Insight Server replica count | `1` | | `insightServer.image` | Container image | `docker.jfrog.io/jfrog/insight-server`| -| `insightServer.version` | Container image tag | `.Chart.AppVersion` | +| `insightServer.version` | Container image tag | `.Chart.AppVersion` | | `insightServer.service.type` | Insight Server service type | `ClusterIP` | | `insightServer.externalHttpPort` | Insight Server service external port | `8082` | | `insightServer.internalHttpPort` | Insight Server service internal port | `8082` | | `insightServer.allowIP` | Range of IPs allowed to be served by Insight Server service | `"0.0.0.0/0"` | | `insightScheduler.name` | Insight Scheduler name | `insight-scheduler` | -| `insightScheduler.replicaCount` | Insight Scheduler replica count | `1` | | `insightScheduler.image` | Container image | `docker.jfrog.io/jfrog/insight-scheduler` | -| `insightScheduler.version` | Container image tag | `.Chart.AppVersion` | +| `insightScheduler.version` | Container image tag | `.Chart.AppVersion` | | `insightScheduler.service.type` | Insight Scheduler service type | `ClusterIP` | | `insightScheduler.externalPort` | Insight Scheduler service external port | `8080` | | `insightScheduler.internalPort` | Insight Scheduler service internal port | `8080` | @@ -139,21 +213,14 @@ The following table lists the configurable parameters of the distribution chart | `insightScheduler.javaOpts.xms` | Insight Scheduler JFMC_EXTRA_JAVA_OPTS -Xms | `` | | `insightScheduler.javaOpts.xmx` | Insight Scheduler JFMC_EXTRA_JAVA_OPTS -Xmx | `` | | `insightExecutor.name` | Insight Executor name | `insight-scheduler` | -| `insightExecutor.replicaCount` | Insight Executor replica count | `1` | | `insightExecutor.image` | Container image | `docker.jfrog.io/jfrog/insight-executor` | -| `insightExecutor.version` | Container image tag | `.Chart.AppVersion` | +| `insightExecutor.version` | Container image tag | `.Chart.AppVersion` | | `insightExecutor.service.type` | Insight Executor service type | `ClusterIP` | | `insightExecutor.externalPort` | Insight Executor service external port | `8080` | | `insightExecutor.internalPort` | Insight Executor service internal port | `8080` | | `insightExecutor.javaOpts.other` | Insight Executor JFMC_EXTRA_JAVA_OPTS | `` | | `insightExecutor.javaOpts.xms` | Insight Executor JFMC_EXTRA_JAVA_OPTS -Xms | `` | | `insightExecutor.javaOpts.xmx` | Insight Executor JFMC_EXTRA_JAVA_OPTS -Xmx | `` | -| `insightExecutor.persistence.mountPath` | Insight Executor persistence volume mount path | `"/var/cloudbox"` | -| `insightExecutor.persistence.enabled` | Insight Executor persistence volume enabled | `true` | -| `insightExecutor.persistence.storageClass` | Storage class of backing PVC | `nil (uses alpha storage class annotation)`| -| `insightExecutor.persistence.existingClaim` | Provide an existing PersistentVolumeClaim | `nil` | -| `insightExecutor.persistence.accessMode` | Insight Executor persistence volume access mode | `ReadWriteOnce` | -| `insightExecutor.persistence.size` | Insight Executor persistence volume size | `100Gi` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/mission-control/ci/test-values.yaml b/stable/mission-control/ci/test-values.yaml index cdfdb9735..fb8d4c923 100644 --- a/stable/mission-control/ci/test-values.yaml +++ b/stable/mission-control/ci/test-values.yaml @@ -1,13 +1,15 @@ # CI values for Mission-control. -#rbac: -# create: false +# rbac: +# create: false # -#serviceAccount: -# create: false +# serviceAccount: +# create: false -mongodb: +postgresql: + postgresPassword: postgres db: - adminPassword: password - mcPassword: password - insightPassword: password + jfisPassword: password + jfscPassword: password + jfexPassword: password + jfmcPassword: password diff --git a/stable/mission-control/requirements.lock b/stable/mission-control/requirements.lock index 83978504b..fb00cb12f 100644 --- a/stable/mission-control/requirements.lock +++ b/stable/mission-control/requirements.lock @@ -1,6 +1,9 @@ dependencies: +- name: postgresql + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 0.9.5 - name: mongodb repository: https://kubernetes-charts.storage.googleapis.com/ version: 4.3.10 -digest: sha256:4b73e049c22266044d5ac107752a71e7462fd6df8cd3954ffaa8ddca0e9848d0 -generated: 2018-10-14T15:09:31.394737758+03:00 +digest: sha256:3299d564e9a61263571329d573aa1c6100869bd81d55edf949072c34ee43fcdd +generated: 2019-02-19T18:55:08.944392949+05:30 diff --git a/stable/mission-control/requirements.yaml b/stable/mission-control/requirements.yaml index a9299be20..e9ba321bd 100644 --- a/stable/mission-control/requirements.yaml +++ b/stable/mission-control/requirements.yaml @@ -1,5 +1,9 @@ dependencies: +- name: postgresql + version: 0.9.5 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: postgresql.enabled - name: mongodb version: 4.3.10 repository: https://kubernetes-charts.storage.googleapis.com/ - condition: mongodb.enabled + condition: mongodb.enabled \ No newline at end of file diff --git a/stable/mission-control/templates/database-secrets.yaml b/stable/mission-control/templates/database-secrets.yaml new file mode 100644 index 000000000..f18d8afd6 --- /dev/null +++ b/stable/mission-control/templates/database-secrets.yaml @@ -0,0 +1,28 @@ +{{- if and .Values.database.type (not (.Values.postgresql.enabled)) }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mission-control.fullname" . }}-db-cred + labels: + app: {{ template "mission-control.name" . }} + chart: {{ template "mission-control.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: +{{- if .Values.database.password }} + dbPassword: {{ .Values.database.password | b64enc | quote }} +{{- end }} +{{- if .Values.database.jfmcPassword }} + jfmcPassword: {{ .Values.database.jfmcPassword | b64enc | quote }} +{{- end }} +{{- if .Values.database.jfisPassword }} + jfisPassword: {{ .Values.database.jfisPassword | b64enc | quote }} +{{- end }} +{{- if .Values.database.jfscPassword }} + jfscPassword: {{ .Values.database.jfscPassword | b64enc | quote }} +{{- end }} +{{- if .Values.database.jfexPassword }} + jfexPassword: {{ .Values.database.jfexPassword | b64enc | quote }} +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/hooks/create-user.yaml b/stable/mission-control/templates/hooks/create-user.yaml deleted file mode 100644 index 3653ab7df..000000000 --- a/stable/mission-control/templates/hooks/create-user.yaml +++ /dev/null @@ -1,59 +0,0 @@ -{{- if .Values.mongodb.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "mission-control.fullname" . }}-create-user - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - component: mongodb - annotations: - "helm.sh/hook": post-install - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - spec: - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - restartPolicy: OnFailure - containers: - - name: post-install-job - image: "{{ .Values.postInstallHook.image.repository }}:{{ .Values.postInstallHook.image.tag }}" - env: - - name: MONGODB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: adminPassword - - name: MONGODB_MC_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: mcPassword - - name: MONGODB_INSIGHT_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: insightPassword - command: - - 'sh' - - '-c' - - 'sh /scripts/setup.sh' - volumeMounts: - - name: mongodb-setup - mountPath: "/scripts" - volumes: - - name: mongodb-setup - configMap: - name: {{ template "mission-control.fullname" . }}-setup-script -{{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-executor-deployment.yaml b/stable/mission-control/templates/insight-executor-deployment.yaml deleted file mode 100644 index 04fcb937a..000000000 --- a/stable/mission-control/templates/insight-executor-deployment.yaml +++ /dev/null @@ -1,134 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: {{ template "insight-executor.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - component: {{ .Values.insightExecutor.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.insightExecutor.replicaCount }} - selector: - matchLabels: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightExecutor.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightExecutor.name }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "mission-control.serviceAccountName" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: - fsGroup: {{ .Values.uid }} - initContainers: - - name: "prepare-storage" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - mkdir -p {{ .Values.insightExecutor.persistence.mountPath }} ; - chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.insightExecutor.persistence.mountPath }} - volumeMounts: - - name: insight-executor-data - mountPath: {{ .Values.insightExecutor.persistence.mountPath | quote }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-mongodb 27017 && echo mongodb ok; - do sleep 2; - done; - sleep 10 - containers: - - name: {{ .Values.insightExecutor.name }} - image: {{ .Values.insightExecutor.image }}:{{ default .Chart.AppVersion .Values.insightExecutor.version }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - env: - - name: JFIS_URL - value: 'http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}' - - name: JFEX_LOGS - value: '{{ .Values.insightExecutor.home }}/{{ .Values.insightExecutor.name }}/logs' - - name: JFEX_APP_NAME - value: '{{ .Values.insightExecutor.name }}' - - name: MONGO_URL - value: '{{ .Release.Name }}-mongodb:27017' - - name: MONGODB_USERNAME - value: '{{ .Values.mongodb.db.insightUser }}' - - name: MONGODB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: insightPassword - - name: MONGODB_ADMIN_USERNAME - value: '{{ .Values.mongodb.db.adminUser }}' - - name: MONGODB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: adminPassword - - name: JFMC_EXECUTOR_MONGO_DB - value: '{{ .Values.mongodb.db.insightExecutorDb }}' - - name: JFMC_EXTRA_JAVA_OPTS - value: " - {{- if .Values.insightExecutor.javaOpts.other }} - {{ .Values.insightExecutor.javaOpts.other }} - {{- end}} - {{- if .Values.insightExecutor.javaOpts.xms }} - -Xms{{ .Values.insightExecutor.javaOpts.xms }} - {{- end}} - {{- if .Values.insightExecutor.javaOpts.xmx }} - -Xmx{{ .Values.insightExecutor.javaOpts.xmx }} - {{- end}} - " - ports: - - containerPort: {{ .Values.insightExecutor.internalPort }} - protocol: TCP - volumeMounts: - - name: insight-executor-data - mountPath: {{ .Values.insightExecutor.persistence.mountPath | quote }} - livenessProbe: - httpGet: - path: /executorservice/api - port: {{ .Values.insightExecutor.internalPort }} - initialDelaySeconds: 600 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /executorservice/api - port: {{ .Values.insightExecutor.internalPort }} - initialDelaySeconds: 600 - periodSeconds: 10 - resources: -{{ toYaml .Values.insightExecutor.resources | indent 10 }} - {{- with .Values.insightExecutor.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.insightExecutor.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.insightExecutor.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: insight-executor-data - {{- if .Values.insightExecutor.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.insightExecutor.persistence.existingClaim }}{{ .Values.insightExecutor.persistence.existingClaim }}{{ else }}{{ template "insight-executor.fullname" . }}{{ end }} - {{- else }} - emptyDir: {} - {{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-executor-pvc.yaml b/stable/mission-control/templates/insight-executor-pvc.yaml deleted file mode 100644 index 6d576cb62..000000000 --- a/stable/mission-control/templates/insight-executor-pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.insightExecutor.persistence.enabled (not .Values.insightExecutor.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "insight-executor.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.insightExecutor.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.insightExecutor.persistence.size }} -{{- if .Values.insightExecutor.persistence.storageClass }} -{{- if (eq "-" .Values.insightExecutor.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.insightExecutor.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/stable/mission-control/templates/insight-executor-svc.yaml b/stable/mission-control/templates/insight-executor-svc.yaml deleted file mode 100644 index 9c011fa6d..000000000 --- a/stable/mission-control/templates/insight-executor-svc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "insight-executor.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - component: {{ .Values.insightExecutor.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.insightExecutor.service.type }} - ports: - - name: http - port: {{ .Values.insightExecutor.internalPort }} - targetPort: {{ .Values.insightExecutor.externalPort }} - protocol: TCP - selector: - app: {{ template "mission-control.name" . }} - component: "{{ .Values.insightExecutor.name }}" - release: {{ .Release.Name }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-scheduler-deployment.yaml b/stable/mission-control/templates/insight-scheduler-deployment.yaml deleted file mode 100644 index 2e3f8434c..000000000 --- a/stable/mission-control/templates/insight-scheduler-deployment.yaml +++ /dev/null @@ -1,137 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: {{ template "insight-scheduler.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - component: {{ .Values.insightScheduler.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.insightScheduler.replicaCount }} - selector: - matchLabels: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightScheduler.name }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ .Values.insightScheduler.name }} - labels: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightScheduler.name }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "mission-control.serviceAccountName" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: - fsGroup: {{ .Values.uid }} - initContainers: - - name: "prepare-storage" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - mkdir -p {{ .Values.insightScheduler.persistence.mountPath }} ; - chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.insightScheduler.persistence.mountPath }} - volumeMounts: - - name: insight-scheduler-data - mountPath: {{ .Values.insightScheduler.persistence.mountPath | quote }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-mongodb 27017 && echo mongodb ok; - do sleep 2; - done; - sleep 10 - containers: - - name: {{ .Values.insightScheduler.name }} - image: {{ .Values.insightScheduler.image }}:{{ default .Chart.AppVersion .Values.insightScheduler.version }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - env: - - name: JFIS_URL - value: 'http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}' - - name: JFMC_URL - value: 'http://{{ template "mission-control.fullname" . }}:{{ .Values.missionControl.internalPort }}' - - name: MONGO_URL - value: '{{ .Release.Name }}-mongodb:27017' - - name: MONGODB_USERNAME - value: '{{ .Values.mongodb.db.insightUser }}' - - name: MONGODB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: insightPassword - - name: MONGODB_ADMIN_USERNAME - value: '{{ .Values.mongodb.db.adminUser }}' - - name: MONGODB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: adminPassword - - name: JFMC_SCHEDULER_MONGO_DB - value: '{{ .Values.mongodb.db.insightSchedulerDb }}' - - name: JFMC_EXTRA_JAVA_OPTS - value: " - {{- if .Values.insightScheduler.javaOpts.other }} - {{ .Values.insightScheduler.javaOpts.other }} - {{- end}} - {{- if .Values.insightScheduler.javaOpts.xms }} - -Xms{{ .Values.insightScheduler.javaOpts.xms }} - {{- end}} - {{- if .Values.insightScheduler.javaOpts.xmx }} - -Xmx{{ .Values.insightScheduler.javaOpts.xmx }} - {{- end}} - " - - name: JFSC_LOGS - value: '{{ .Values.insightScheduler.home }}/{{ .Values.insightScheduler.name }}/logs' - - name: JFSC_APP_NAME - value: '{{ .Values.insightScheduler.name }}' - volumeMounts: - - name: insight-scheduler-data - mountPath: {{ .Values.insightScheduler.persistence.mountPath | quote }} - ports: - - containerPort: {{ .Values.insightScheduler.internalPort }} - protocol: TCP - livenessProbe: - httpGet: - path: /api/status - port: {{ .Values.insightScheduler.internalPort }} - initialDelaySeconds: 120 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /api/status - port: {{ .Values.insightScheduler.internalPort }} - initialDelaySeconds: 120 - periodSeconds: 10 - resources: -{{ toYaml .Values.insightScheduler.resources | indent 10 }} - {{- with .Values.insightScheduler.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.insightScheduler.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.insightScheduler.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: insight-scheduler-data - {{- if .Values.insightScheduler.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.insightScheduler.persistence.existingClaim }}{{ .Values.insightScheduler.persistence.existingClaim }}{{ else }}{{ template "insight-scheduler.fullname" . }}{{ end }} - {{- else }} - emptyDir: {} - {{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-scheduler-pvc.yaml b/stable/mission-control/templates/insight-scheduler-pvc.yaml deleted file mode 100644 index cb010d862..000000000 --- a/stable/mission-control/templates/insight-scheduler-pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.insightScheduler.persistence.enabled (not .Values.insightScheduler.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "insight-scheduler.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - accessModes: - - {{ .Values.insightScheduler.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.insightScheduler.persistence.size }} -{{- if .Values.insightScheduler.persistence.storageClass }} -{{- if (eq "-" .Values.insightScheduler.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.insightScheduler.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/stable/mission-control/templates/insight-scheduler-svc.yaml b/stable/mission-control/templates/insight-scheduler-svc.yaml deleted file mode 100644 index b06c0ba23..000000000 --- a/stable/mission-control/templates/insight-scheduler-svc.yaml +++ /dev/null @@ -1,23 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "insight-scheduler.fullname" . }} - labels: - role: {{ .Values.insightScheduler.service.name }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - component: {{ .Values.insightScheduler.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.insightScheduler.service.type }} - ports: - - name: http - port: {{ .Values.insightScheduler.internalPort }} - targetPort: {{ .Values.insightScheduler.externalPort }} - protocol: TCP - selector: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightScheduler.name }} - release: {{ .Release.Name }} diff --git a/stable/mission-control/templates/insight-server-deployment.yaml b/stable/mission-control/templates/insight-server-deployment.yaml deleted file mode 100644 index 5c2111a77..000000000 --- a/stable/mission-control/templates/insight-server-deployment.yaml +++ /dev/null @@ -1,152 +0,0 @@ -apiVersion: apps/v1beta2 -kind: Deployment -metadata: - name: {{ template "insight-server.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - component: {{ .Values.insightServer.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - replicas: {{ .Values.insightServer.replicaCount }} - selector: - matchLabels: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightServer.name }} - release: {{ .Release.Name }} - template: - metadata: - labels: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightServer.name }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "mission-control.serviceAccountName" . }} - {{- if .Values.imagePullSecrets }} - imagePullSecrets: - - name: {{ .Values.imagePullSecrets }} - {{- end }} - securityContext: - fsGroup: {{ .Values.uid }} - initContainers: - - name: "prepare-storage" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - mkdir -p {{ .Values.insightServer.persistence.mountPath }} {{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/_MASTER_/data/contexts/security ; - chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.insightServer.persistence.mountPath }} - volumeMounts: - - name: insight-server-data - mountPath: {{ .Values.insightServer.persistence.mountPath | quote }} - - name: "wait-for-db" - image: "{{ .Values.initContainerImage }}" - command: - - 'sh' - - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-mongodb 27017 && echo mongodb ok && \ - nc -z -w 2 {{ .Release.Name }}-elasticsearch 9200 && echo elasticsearch ok; - do sleep 2; - done; - sleep 40 - containers: - - name: {{ .Values.insightServer.name }} - image: {{ .Values.insightServer.image }}:{{ default .Chart.AppVersion .Values.insightServer.version }} - imagePullPolicy: {{ .Values.imagePullPolicy }} - env: - - name: JFIS_URL - value: 'http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}' - - name: JFEX_URL - value: 'http://{{ template "insight-executor.fullname" . }}:{{ .Values.insightExecutor.internalPort }}' - - name: JFSC_URL - value: 'http://{{ template "insight-scheduler.fullname" . }}:{{ .Values.insightScheduler.internalPort }}' - - name: JFIS_LOGS - value: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/logs" - - name: JFIS_APP_NAME - value: "{{ .Values.insightServer.name }}" - - name: MONGO_URL - value: '{{ .Release.Name }}-mongodb:27017' - - name: MONGODB_USERNAME - value: '{{ .Values.mongodb.db.insightUser }}' - - name: MONGODB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: insightPassword - - name: MONGODB_ADMIN_USERNAME - value: '{{ .Values.mongodb.db.adminUser }}' - - name: MONGODB_ADMIN_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "mission-control.fullname" . }}-mongodb-cred - key: adminPassword - - name: JFMC_URL - value: 'http://{{ template "mission-control.fullname" . }}:{{ .Values.missionControl.internalPort }}' - - name: ELASTIC_SEARCH_URL - value: 'http://{{ .Release.Name }}-elasticsearch:9200' - - name: ELASTIC_SEARCH_WRITE_URL - value: 'http://{{ .Release.Name }}-elasticsearch:9200' - - name: ELASTIC_SEARCH_READ_URL - value: 'http://{{ .Release.Name }}-elasticsearch:9200' - - name: ELASTIC_LB_WRITE_URL - value: '' - - name: ELASTIC_LB_READ_URL - value: '' - - name: ELASTIC_CLUSTER_NAME - value: '{{ .Values.elasticsearch.env.clusterName }}' - - name: ELASTIC_SEARCH_USERNAME - value: '{{ .Values.elasticsearch.env.esUsername }}' - - name: ELASTIC_SEARCH_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-elasticsearch - key: esPassword - - name: JFMC_INSIGHT_SERVER_DB - value: "{{ .Values.mongodb.db.insightServerDb }}" - - name: JFIS_ALLOW_IP - value: "{{ .Values.insightServer.allowIP }}" - - name: JFMC_INSIGHT_SERVER_PORT - value: "{{ .Values.insightServer.internalHttpPort }}" - ports: - - containerPort: {{ .Values.insightServer.internalHttpPort }} - protocol: TCP - volumeMounts: - - name: insight-server-data - mountPath: {{ .Values.insightServer.persistence.mountPath | quote }} - livenessProbe: - httpGet: - path: /api/status - port: {{ .Values.insightServer.internalHttpPort }} - initialDelaySeconds: 600 - periodSeconds: 10 - readinessProbe: - httpGet: - path: /api/status - port: {{ .Values.insightServer.internalHttpPort }} - initialDelaySeconds: 600 - periodSeconds: 10 - resources: -{{ toYaml .Values.insightServer.resources | indent 10 }} - {{- with .Values.insightServer.nodeSelector }} - nodeSelector: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.insightServer.affinity }} - affinity: -{{ toYaml . | indent 8 }} - {{- end }} - {{- with .Values.insightServer.tolerations }} - tolerations: -{{ toYaml . | indent 8 }} - {{- end }} - volumes: - - name: insight-server-data - {{- if .Values.insightServer.persistence.enabled }} - persistentVolumeClaim: - claimName: {{ if .Values.insightServer.persistence.existingClaim }}{{ .Values.insightServer.persistence.existingClaim }}{{ else }}{{ template "insight-server.fullname" . }}{{ end }} - {{- else }} - emptyDir: {} - {{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/insight-server-pvc.yaml b/stable/mission-control/templates/insight-server-pvc.yaml deleted file mode 100644 index 5ca35d663..000000000 --- a/stable/mission-control/templates/insight-server-pvc.yaml +++ /dev/null @@ -1,24 +0,0 @@ -{{- if and .Values.insightServer.persistence.enabled (not .Values.insightServer.persistence.existingClaim) }} -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: {{ template "insight-server.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - accessModes: - - {{ .Values.insightServer.persistence.accessMode | quote }} - resources: - requests: - storage: {{ .Values.insightServer.persistence.size }} -{{- if .Values.insightServer.persistence.storageClass }} -{{- if (eq "-" .Values.insightServer.persistence.storageClass) }} - storageClassName: "" -{{- else }} - storageClassName: "{{ .Values.insightServer.persistence.storageClass }}" -{{- end }} -{{- end }} -{{- end }} diff --git a/stable/mission-control/templates/insight-server-svc.yaml b/stable/mission-control/templates/insight-server-svc.yaml deleted file mode 100644 index 10c64b6e4..000000000 --- a/stable/mission-control/templates/insight-server-svc.yaml +++ /dev/null @@ -1,21 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "insight-server.fullname" . }} - labels: - app: {{ template "mission-control.name" . }} - chart: {{ template "mission-control.chart" . }} - component: {{ .Values.insightServer.name }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} -spec: - type: {{ .Values.insightServer.service.type }} - ports: - - name: http - port: {{ .Values.insightServer.internalHttpPort }} - targetPort: {{ .Values.insightServer.externalHttpPort }} - protocol: TCP - selector: - app: {{ template "mission-control.name" . }} - component: {{ .Values.insightServer.name }} - release: {{ .Release.Name }} diff --git a/stable/mission-control/templates/jfmc-setup-scripts.yaml b/stable/mission-control/templates/jfmc-setup-scripts.yaml new file mode 100644 index 000000000..ad578af39 --- /dev/null +++ b/stable/mission-control/templates/jfmc-setup-scripts.yaml @@ -0,0 +1,57 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mission-control.fullname" . }}-jfmc-setup-scripts + labels: + app: {{ template "mission-control.name" . }} + chart: {{ template "mission-control.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + setProperties.sh: | + #!/bin/bash + # Setup script to set properties in mission-control.properties on install + # Setup script to set properties in mission-control.properties on install + addProperty() { + local propertyName=$1 + local propertyValue=$2 + local propertiesPath=$3 + local result= + local propertyNotSet=1 + local propertySet=0 + + # Return if any of the inputs are empty + [[ -z "$propertyName" || "$propertyName" == "" ]] && return + [[ -z "$propertyValue" || "$propertyValue" == "" ]] && return + [[ -z "$propertiesPath" || "$propertiesPath" == "" ]] && return + + grep "^${propertyName}\s*=.*$" ${propertiesPath} >/dev/null 2>&1 + result=$? + if [[ ${result} -eq ${propertyNotSet} ]]; then + echo "setting ${propertyName} property in ${propertiesPath}" + echo -e "\n${propertyName}=${propertyValue}" >> ${propertiesPath} + elif [[ ${result} -eq ${propertySet} && {{ .Values.missionControl.propertyOverride | quote }} == true ]]; then + echo "modifying ${propertyName} property in ${propertiesPath}" + sed -i -e "s|^${propertyName}\s*=.*$|${propertyName}=${propertyValue}|g;" ${propertiesPath} + else + echo "skipping ${propertyName} as it is already set" + fi + } + + JFMC_ETC={{ .Values.missionControl.persistence.mountPath }}/etc + JFMC_PROPERTIES=${JFMC_ETC}/mission-control.properties + + if ! [[ -f ${JFMC_PROPERTIES} ]]; then \ + mkdir -p ${JFMC_ETC}; \ + touch ${JFMC_PROPERTIES} || ( echo "unable to create ${JFMC_PROPERTIES} file" && exit 1 ) + fi + + addProperty "jfmc.db.username" "${JFMC_DB_USERNAME}" ${JFMC_PROPERTIES} && \ + addProperty "jfmc.db.password" "${JFMC_DB_PASSWORD}" ${JFMC_PROPERTIES} && \ + addProperty "jfex.db.username" "${JFEX_DB_USERNAME}" ${JFMC_PROPERTIES} && \ + addProperty "jfex.db.password" "${JFEX_DB_PASSWORD}" ${JFMC_PROPERTIES} && \ + addProperty "jfsc.db.username" "${JFSC_DB_USERNAME}" ${JFMC_PROPERTIES} && \ + addProperty "jfsc.db.password" "${JFSC_DB_PASSWORD}" ${JFMC_PROPERTIES} && \ + addProperty "jfis.db.username" "${JFIS_DB_USERNAME}" ${JFMC_PROPERTIES} && \ + addProperty "jfis.db.password" "${JFIS_DB_PASSWORD}" ${JFMC_PROPERTIES} || \ + ( echo "unable to set mission-control properties in ${JFMC_PROPERTIES}" && exit 1 ) \ No newline at end of file diff --git a/stable/mission-control/templates/mission-control-deployment.yaml b/stable/mission-control/templates/mission-control-deployment.yaml index 5cb06f906..4e1ffdbcb 100644 --- a/stable/mission-control/templates/mission-control-deployment.yaml +++ b/stable/mission-control/templates/mission-control-deployment.yaml @@ -10,6 +10,11 @@ metadata: release: {{ .Release.Name }} spec: replicas: {{ .Values.missionControl.replicaCount }} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 0 + maxUnavailable: 1 selector: matchLabels: app: {{ template "mission-control.name" . }} @@ -30,35 +35,274 @@ spec: securityContext: fsGroup: {{ .Values.uid }} initContainers: - - name: "prepare-storage" + - name: "wait-for-db" image: "{{ .Values.initContainerImage }}" command: - 'sh' - '-c' - > - mkdir -p {{ .Values.missionControl.persistence.mountPath }}; - chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.missionControl.persistence.mountPath }} + {{- if .Values.postgresql.enabled }} + until nc -z -w 2 {{ .Release.Name }}-postgresql {{ .Values.postgresql.service.port }} && echo database ok; \ + {{- else }} + {{- if and .Values.database.host .Values.database.port }} + until nc -z -w 2 {{ .Values.database.host }} {{ .Values.database.port }} && echo database ok; \ + {{- else }} + until true; \ + {{- end }} + {{- end }} + {{- if .Values.mongodb.enabled }} + nc -z -w 2 {{ .Release.Name }}-mongodb 27017 && echo mongodb ok && \ + {{- end }} + {{- if .Values.elasticsearch.enabled }} + nc -z -w 2 {{ .Release.Name }}-elasticsearch {{ .Values.elasticsearch.service.port }} && echo elasticsearch ok; + {{- end }} + do sleep 2; + done; + {{- if .Values.mongodb.enabled }} + - name: mongodb-setup + image: "{{ .Values.dbSetup.mongodb.image.repository }}:{{ .Values.dbSetup.mongodb.image.tag }}" + env: + - name: MONGODB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: adminPassword + - name: MONGODB_MC_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: mcPassword + - name: MONGODB_INSIGHT_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: insightPassword + command: + - 'sh' + - '-c' + - 'sh /scripts/setup.sh' volumeMounts: - - name: mission-control-data - mountPath: {{ .Values.missionControl.persistence.mountPath | quote }} - - name: "wait-for-db" + - name: mongodb-setup + mountPath: "/scripts" + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: postgresql-setup + image: "{{ .Values.dbSetup.postgresql.image.repository }}:{{ .Values.dbSetup.postgresql.image.tag }}" + env: + - name: DB_PORT + value: '{{ .Values.postgresql.service.port }}' + - name: DB_HOST + value: '{{ .Release.Name }}-postgresql' + - name: DB_NAME + value: '{{ .Values.postgresql.db.name }}' + - name: DB_SSLMODE + value: '{{ .Values.postgresql.db.sslmode }}' + - name: DB_TABLESPACE + value: '{{ .Values.postgresql.db.tablespace }}' + - name: PGPASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: postgresPassword + - name: JFMC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfmcPassword + - name: JFMC_DB_USERNAME + value: '{{ .Values.postgresql.db.jfmcUsername }}' + - name: JFMC_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfmcSchema }}' + - name: JFEX_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfexPassword + - name: JFEX_DB_USERNAME + value: '{{ .Values.postgresql.db.jfexUsername }}' + - name: JFEX_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfexSchema }}' + - name: JFSC_DB_USERNAME + value: '{{ .Values.postgresql.db.jfscUsername }}' + - name: JFSC_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfscSchema }}' + - name: JFSC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfscPassword + - name: JFIS_DB_USERNAME + value: '{{ .Values.postgresql.db.jfisUsername }}' + - name: JFIS_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfisSchema }}' + - name: JFIS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfisPassword + command: + - 'bash' + - '-c' + - 'su postgres -c "PGPASSWORD=${PGPASSWORD} bash /scripts/createPostgresUsers.sh all"' + volumeMounts: + - name: postgresql-setup + mountPath: "/scripts" + {{- end }} + - name: "set-properties" image: "{{ .Values.initContainerImage }}" + env: + {{- if .Values.postgresql.enabled }} + - name: JFMC_DB_USERNAME + value: '{{ .Values.postgresql.db.jfmcUsername }}' + - name: JFMC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfmcPassword + - name: JFEX_DB_USERNAME + value: '{{ .Values.postgresql.db.jfexUsername }}' + - name: JFEX_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfexPassword + - name: JFSC_DB_USERNAME + value: '{{ .Values.postgresql.db.jfscUsername }}' + - name: JFSC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfscPassword + - name: JFIS_DB_USERNAME + value: '{{ .Values.postgresql.db.jfisUsername }}' + - name: JFIS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + key: jfisPassword + {{- else }} + {{- if .Values.database.secrets.user }} + - name: JFMC_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.user.name }} + key: {{ .Values.database.secrets.user.key }} + - name: JFEX_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.user.name }} + key: {{ .Values.database.secrets.user.key }} + - name: JFSC_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.user.name }} + key: {{ .Values.database.secrets.user.key }} + - name: JFIS_DB_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.user.name }} + key: {{ .Values.database.secrets.user.key }} + {{- end }} + {{- if .Values.database.secrets.password }} + - name: JFMC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.password.name }} + key: {{ .Values.database.secrets.password.key }} + - name: JFEX_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.password.name }} + key: {{ .Values.database.secrets.password.key }} + - name: JFSC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.password.name }} + key: {{ .Values.database.secrets.password.key }} + - name: JFIS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.database.secrets.password.name }} + key: {{ .Values.database.secrets.password.key }} + {{- else }} + {{- if and .Values.database.user .Values.database.password }} + - name: JFMC_DB_USERNAME + value: '{{ .Values.database.user }}' + - name: JFMC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: dbPassword + - name: JFEX_DB_USERNAME + value: '{{ .Values.database.user }}' + - name: JFEX_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: dbPassword + - name: JFSC_DB_USERNAME + value: '{{ .Values.database.user }}' + - name: JFSC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: dbPassword + - name: JFIS_DB_USERNAME + value: '{{ .Values.database.user }}' + - name: JFIS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: dbPassword + {{- else }} + - name: JFMC_DB_USERNAME + value: '{{ .Values.database.jfmcUsername }}' + - name: JFMC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: jfmcPassword + - name: JFEX_DB_USERNAME + value: '{{ .Values.database.jfexUsername }}' + - name: JFEX_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: jfexPassword + - name: JFSC_DB_USERNAME + value: '{{ .Values.database.jfscUsername }}' + - name: JFSC_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: jfscPassword + - name: JFIS_DB_USERNAME + value: '{{ .Values.database.jfisUsername }}' + - name: JFIS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-db-cred + key: jfisPassword + {{- end }} + {{- end }} + {{- end }} command: - 'sh' - '-c' - - > - until nc -z -w 2 {{ .Release.Name }}-mongodb 27017 && echo mongodb ok && \ - nc -z -w 2 {{ .Release.Name }}-elasticsearch 9200 && echo elasticsearch ok; - do sleep 2; - done; - sleep 10 - - name: set-password + - 'sh /scripts/setProperties.sh' + volumeMounts: + - name: jfmc-setup-scripts + mountPath: "/scripts" + - name: mission-control-data + mountPath: {{ .Values.missionControl.persistence.mountPath | quote }} + - name: "prepare-storage" image: "{{ .Values.initContainerImage }}" command: - 'sh' - '-c' - > - chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.missionControl.persistence.mountPath }}; + mkdir -p {{ .Values.missionControl.persistence.mountPath }}; + chown -R {{ .Values.uid }}:{{ .Values.uid }} {{ .Values.missionControl.persistence.mountPath }} volumeMounts: - name: mission-control-data mountPath: {{ .Values.missionControl.persistence.mountPath | quote }} @@ -70,6 +314,30 @@ spec: image: {{ .Values.missionControl.image }}:{{ default .Chart.AppVersion .Values.missionControl.version }} imagePullPolicy: {{ .Values.imagePullPolicy }} env: + {{- if .Values.postgresql.enabled }} + - name: DB_TYPE + value: 'postgresql' + - name: DB_SSLMODE + value: '{{ .Values.postgresql.db.sslmode }}' + - name: DB_NAME + value: '{{ .Values.postgresql.db.name }}' + - name: DB_TABLESPACE + value: '{{ .Values.postgresql.db.tablespace }}' + - name: JFMC_DB_URL + value: 'jdbc:postgresql://{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}/{{ .Values.postgresql.db.name }}?currentSchema={{ .Values.postgresql.db.jfmcSchema }}' + {{- else }} + - name: DB_TYPE + value: '{{ .Values.database.type }}' + - name: DB_NAME + value: '{{ .Values.database.name }}' + - name: DB_HOST + value: '{{ .Values.database.host }}' + - name: DB_PORT + value: '{{ .Values.database.port }}' + - name: JFMC_DB_URL + value: 'jdbc:postgresql://{{ .Values.database.host }}:{{ .Values.database.port }}/{{ .Values.database.name }}?currentSchema={{ .Values.database.jfmcSchema }}' + {{- end }} + {{- if .Values.mongodb.enabled }} - name: SPRING_DATA_MONGODB_HOST value: '{{ .Release.Name }}-mongodb' - name: SPRING_DATA_MONGODB_PORT @@ -83,8 +351,9 @@ spec: key: mcPassword - name: SPRING_DATA_MONGODB_DATABASE value: '{{ .Values.mongodb.db.missionControl }}' + {{- end }} - name: INSIGHT_URL - value: "http://{{ template "insight-server.fullname" . }}:{{ .Values.insightServer.internalHttpPort }}" + value: "http://localhost:{{ .Values.insightServer.internalHttpPort }}" - name: POD_RESTART_TIME value: "{{ .Values.podRestartTime }}" - name: ARTIFACTORY_CLIENT_CONNECTIONTIMEOUT @@ -120,7 +389,7 @@ spec: - name: JFMC_APP_NAME value: "{{ .Values.missionControl.appName }}" - name: JFSC_URL - value: 'http://{{ template "insight-scheduler.fullname" . }}:{{ .Values.insightScheduler.internalPort }}' + value: 'http://localhost:{{ .Values.insightScheduler.internalPort }}' - name: JFMC_REPOSITORY value: "{{ .Values.missionControl.repository }}" - name: JFMC_PACKAGE @@ -148,13 +417,235 @@ spec: path: /api/v3/ping port: {{ .Values.missionControl.internalPort }} periodSeconds: 10 - initialDelaySeconds: 240 + initialDelaySeconds: 600 readinessProbe: httpGet: path: /api/v3/ping port: {{ .Values.missionControl.internalPort }} + periodSeconds: 20 + initialDelaySeconds: 120 + - name: {{ .Values.insightServer.name }} + image: {{ .Values.insightServer.image }}:{{ default .Chart.AppVersion .Values.insightServer.version }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + env: + - name: JFIS_URL + value: 'http://localhost:{{ .Values.insightServer.internalHttpPort }}' + - name: JFEX_URL + value: 'http://localhost:{{ .Values.insightExecutor.internalPort }}' + - name: JFSC_URL + value: 'http://localhost:{{ .Values.insightScheduler.internalPort }}' + - name: JFIS_LOGS + value: "{{ .Values.insightServer.home }}/{{ .Values.insightServer.name }}/logs" + - name: JFIS_APP_NAME + value: "{{ .Values.insightServer.name }}" + - name: GOMAXPROCS + value: "1" + {{- if .Values.mongodb.enabled }} + - name: MONGO_URL + value: '{{ .Release.Name }}-mongodb:27017' + - name: MONGODB_USERNAME + value: '{{ .Values.mongodb.db.insightUser }}' + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: insightPassword + - name: MONGODB_ADMIN_USERNAME + value: '{{ .Values.mongodb.db.adminUser }}' + - name: MONGODB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: adminPassword + - name: JFMC_INSIGHT_SERVER_DB + value: "{{ .Values.mongodb.db.insightServerDb }}" + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: DB_TYPE + value: 'postgresql' + - name: DB_URL + value: '{{ .Release.Name }}-postgresql:{{ .Values.postgresql.service.port }}' + - name: DB_NAME + value: '{{ .Values.postgresql.db.name }}' + - name: DB_SSLMODE + value: '{{ .Values.postgresql.db.sslmode }}' + - name: DB_TABLESPACE + value: '{{ .Values.postgresql.db.tablespace }}' + - name: JFIS_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfisSchema }}' + - name: JFSC_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfscSchema }}' + - name: JFEX_DB_SCHEMA + value: '{{ .Values.postgresql.db.jfexSchema }}' + {{- else }} + - name: DB_TYPE + value: '{{ .Values.database.type }}' + - name: DB_NAME + value: '{{ .Values.database.name }}' + - name: DB_HOST + value: '{{ .Values.database.host }}' + - name: DB_PORT + value: '{{ .Values.database.port }}' + - name: DB_URL + value: '{{ .Values.database.host }}:{{ .Values.database.port }}' + - name: JFIS_DB_SCHEMA + value: '{{ .Values.database.jfisSchema }}' + - name: JFSC_DB_SCHEMA + value: '{{ .Values.database.jfscSchema }}' + - name: JFEX_DB_SCHEMA + value: '{{ .Values.database.jfexSchema }}' + {{- end }} + - name: JFMC_URL + value: 'http://localhost:{{ .Values.missionControl.internalPort }}' + - name: ELASTIC_SEARCH_URL + value: 'http://{{ .Release.Name }}-elasticsearch:9200' + - name: ELASTIC_SEARCH_WRITE_URL + value: 'http://{{ .Release.Name }}-elasticsearch:9200' + - name: ELASTIC_SEARCH_READ_URL + value: 'http://{{ .Release.Name }}-elasticsearch:9200' + - name: ELASTIC_LB_WRITE_URL + value: '' + - name: ELASTIC_LB_READ_URL + value: '' + - name: ELASTIC_CLUSTER_NAME + value: '{{ .Values.elasticsearch.env.clusterName }}' + - name: JFIS_ALLOW_IP + value: "{{ .Values.insightServer.allowIP }}" + - name: JFMC_INSIGHT_SERVER_PORT + value: "{{ .Values.insightServer.internalHttpPort }}" + ports: + - containerPort: {{ .Values.insightServer.internalHttpPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /api/status + port: {{ .Values.insightServer.internalHttpPort }} + initialDelaySeconds: 600 periodSeconds: 10 - initialDelaySeconds: 240 + readinessProbe: + httpGet: + path: /api/status + port: {{ .Values.insightServer.internalHttpPort }} + initialDelaySeconds: 30 + periodSeconds: 20 + - name: {{ .Values.insightScheduler.name }} + image: {{ .Values.insightScheduler.image }}:{{ default .Chart.AppVersion .Values.insightScheduler.version }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + env: + - name: JFIS_URL + value: 'http://localhost:{{ .Values.insightServer.internalHttpPort }}' + - name: JFMC_URL + value: 'http://localhost:{{ .Values.missionControl.internalPort }}' + {{- if .Values.mongodb.enabled }} + - name: MONGO_URL + value: '{{ .Release.Name }}-mongodb:27017' + - name: MONGODB_USERNAME + value: '{{ .Values.mongodb.db.insightUser }}' + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: insightPassword + - name: MONGODB_ADMIN_USERNAME + value: '{{ .Values.mongodb.db.adminUser }}' + - name: MONGODB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: adminPassword + - name: JFMC_SCHEDULER_MONGO_DB + value: '{{ .Values.mongodb.db.insightSchedulerDb }}' + {{- end }} + - name: JFMC_EXTRA_JAVA_OPTS + value: " + {{- if .Values.insightScheduler.javaOpts.other }} + {{ .Values.insightScheduler.javaOpts.other }} + {{- end}} + {{- if .Values.insightScheduler.javaOpts.xms }} + -Xms{{ .Values.insightScheduler.javaOpts.xms }} + {{- end}} + {{- if .Values.insightScheduler.javaOpts.xmx }} + -Xmx{{ .Values.insightScheduler.javaOpts.xmx }} + {{- end}} + -Dserver.port={{ .Values.insightScheduler.internalPort }} + " + - name: JFSC_LOGS + value: '{{ .Values.insightScheduler.home }}/{{ .Values.insightScheduler.name }}/logs' + - name: JFSC_APP_NAME + value: '{{ .Values.insightScheduler.name }}' + ports: + - containerPort: {{ .Values.insightScheduler.internalPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /api/status + port: {{ .Values.insightScheduler.internalPort }} + initialDelaySeconds: 600 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /api/status + port: {{ .Values.insightScheduler.internalPort }} + initialDelaySeconds: 60 + periodSeconds: 20 + - name: {{ .Values.insightExecutor.name }} + image: {{ .Values.insightExecutor.image }}:{{ default .Chart.AppVersion .Values.insightExecutor.version }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + env: + - name: JFIS_URL + value: 'http://localhost:{{ .Values.insightServer.internalHttpPort }}' + - name: JFEX_LOGS + value: '{{ .Values.insightExecutor.home }}/{{ .Values.insightExecutor.name }}/logs' + - name: JFEX_APP_NAME + value: '{{ .Values.insightExecutor.name }}' + {{- if .Values.mongodb.enabled }} + - name: MONGO_URL + value: '{{ .Release.Name }}-mongodb:27017' + - name: MONGODB_USERNAME + value: '{{ .Values.mongodb.db.insightUser }}' + - name: MONGODB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: insightPassword + - name: MONGODB_ADMIN_USERNAME + value: '{{ .Values.mongodb.db.adminUser }}' + - name: MONGODB_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "mission-control.fullname" . }}-mongodb-cred + key: adminPassword + - name: JFMC_EXECUTOR_MONGO_DB + value: '{{ .Values.mongodb.db.insightExecutorDb }}' + {{- end }} + - name: JFMC_EXTRA_JAVA_OPTS + value: " + {{- if .Values.insightExecutor.javaOpts.other }} + {{ .Values.insightExecutor.javaOpts.other }} + {{- end}} + {{- if .Values.insightExecutor.javaOpts.xms }} + -Xms{{ .Values.insightExecutor.javaOpts.xms }} + {{- end}} + {{- if .Values.insightExecutor.javaOpts.xmx }} + -Xmx{{ .Values.insightExecutor.javaOpts.xmx }} + {{- end}} + -Dserver.port={{ .Values.insightExecutor.internalPort }} + " + ports: + - containerPort: {{ .Values.insightExecutor.internalPort }} + protocol: TCP + livenessProbe: + httpGet: + path: /executorservice/api + port: {{ .Values.insightExecutor.internalPort }} + initialDelaySeconds: 600 + periodSeconds: 10 + readinessProbe: + httpGet: + path: /executorservice/api + port: {{ .Values.insightExecutor.internalPort }} + initialDelaySeconds: 60 + periodSeconds: 20 {{- with .Values.missionControl.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} @@ -174,4 +665,17 @@ spec: claimName: {{ if .Values.missionControl.persistence.existingClaim }}{{ .Values.missionControl.persistence.existingClaim }}{{ else }}{{ template "mission-control.fullname" . }}{{ end }} {{- else }} emptyDir: {} - {{- end }} \ No newline at end of file + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: postgresql-setup + configMap: + name: {{ template "mission-control.fullname" . }}-postgresql-setup-script + {{- end }} + {{- if .Values.mongodb.enabled }} + - name: mongodb-setup + configMap: + name: {{ template "mission-control.fullname" . }}-setup-script + {{- end }} + - name: jfmc-setup-scripts + configMap: + name: {{ template "mission-control.fullname" . }}-jfmc-setup-scripts \ No newline at end of file diff --git a/stable/mission-control/templates/mongodb-secret.yaml b/stable/mission-control/templates/mongodb-secret.yaml index 51f260dfb..dc9f4e5a8 100644 --- a/stable/mission-control/templates/mongodb-secret.yaml +++ b/stable/mission-control/templates/mongodb-secret.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mongodb.enabled }} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: adminPassword: {{ required "A valid .Values.mongodb.db.adminPassword entry required!" .Values.mongodb.db.adminPassword | b64enc | quote }} mcPassword: {{ required "A valid .Values.mongodb.db.mcPassword entry required!" .Values.mongodb.db.mcPassword | b64enc | quote }} insightPassword: {{ required "A valid .Values.mongodb.db.insightPassword entry required!" .Values.mongodb.db.insightPassword | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/mongodb-setup-scripts.yaml b/stable/mission-control/templates/mongodb-setup-scripts.yaml index 3ba8fa22c..1336e379e 100644 --- a/stable/mission-control/templates/mongodb-setup-scripts.yaml +++ b/stable/mission-control/templates/mongodb-setup-scripts.yaml @@ -1,3 +1,4 @@ +{{- if .Values.mongodb.enabled }} apiVersion: v1 kind: ConfigMap metadata: @@ -74,5 +75,5 @@ data: createUserDB("insight_team", jiUser); createUserDB("{{ .Values.mongodb.db.insightSchedulerDb }}", jiUser) - +{{- end }} diff --git a/stable/mission-control/templates/postgresql-secret.yaml b/stable/mission-control/templates/postgresql-secret.yaml new file mode 100644 index 000000000..6a98ad138 --- /dev/null +++ b/stable/mission-control/templates/postgresql-secret.yaml @@ -0,0 +1,18 @@ +{{- if .Values.postgresql.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "mission-control.fullname" . }}-postgresql-cred + labels: + app: {{ template "mission-control.name" . }} + chart: {{ template "mission-control.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +type: Opaque +data: + jfisPassword: {{ required "A valid .Values.postgresql.db.jfisPassword entry required!" .Values.postgresql.db.jfisPassword | b64enc | quote }} + jfscPassword: {{ required "A valid .Values.postgresql.db.jfscPassword entry required!" .Values.postgresql.db.jfscPassword | b64enc | quote }} + jfexPassword: {{ required "A valid .Values.postgresql.db.jfexPassword entry required!" .Values.postgresql.db.jfexPassword | b64enc | quote }} + jfmcPassword: {{ required "A valid .Values.postgresql.db.jfmcPassword entry required!" .Values.postgresql.db.jfmcPassword | b64enc | quote }} + postgresPassword: {{ required "A valid .Values.postgresql.postgresPassword entry required!" .Values.postgresql.postgresPassword | b64enc | quote }} +{{- end }} \ No newline at end of file diff --git a/stable/mission-control/templates/postgresql-setup-script.yaml b/stable/mission-control/templates/postgresql-setup-script.yaml new file mode 100644 index 000000000..8cd66c58e --- /dev/null +++ b/stable/mission-control/templates/postgresql-setup-script.yaml @@ -0,0 +1,170 @@ +{{- if .Values.postgresql.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "mission-control.fullname" . }}-postgresql-setup-script + labels: + app: {{ template "mission-control.name" . }} + chart: {{ template "mission-control.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +data: + createPostgresUsers.sh: | + #!/bin/bash + # This can be used to create user, database, schema and grant the required permissions. + # This script can handle multiple execution and not with "already exists" error. An entity will get created only if it does not exist. + # NOTE : 1. This expects current linux user to be admin user in postgreSQL (this is the case with 'postgres' user) + # 2. Execute this by logging as postgres or any other user with similar privilege + # 3. This files needs be executed from a location which postgres (or the admin user which will be used) has access to. (/opt can be used) + # + # su postgres -c "POSTGRES_PATH=/path/to/postgres/bin PGPASSWORD=postgres bash ./createPostgresUsers.sh" + + POSTGRES_LABEL="Postgres" + + log() { + echo -e "$1" + } + + errorExit() { + echo; echo -e "\033[31mERROR:\033[0m $1"; echo + exit 1 + } + + # Create user if it does not exist + createUser(){ + local user=$1 + local pass=$2 + + [ ! -z ${user} ] || errorExit "user is empty" + [ ! -z ${pass} ] || errorExit "password is empty" + + ${PSQL} $POSTGRES_OPTIONS -tAc "SELECT 1 FROM pg_roles WHERE rolname='${user}'" | grep -q 1 1>/dev/null || \ + ${PSQL} $POSTGRES_OPTIONS -c "CREATE USER ${user} WITH PASSWORD '${pass}';" 1>/dev/null || \ + errorExit "Failed creating user ${user} on PostgreSQL" + } + + # Create database if it does not exist + createDB(){ + local db=$1 + local user=$2 + + [ ! -z ${db} ] || errorExit "db is empty" + [ ! -z ${user} ] || errorExit "user is empty" + + if ! ${PSQL} $POSTGRES_OPTIONS -lqt | cut -d \| -f 1 | grep -qw ${db} 1>/dev/null; then + ${PSQL} $POSTGRES_OPTIONS -c "CREATE DATABASE ${db} WITH ENCODING='UTF8' TABLESPACE=${DB_TABLESPACE} template template0;" 1>/dev/null || errorExit "Failed creating db ${db} on PostgreSQL" + fi + } + + # Create schema if it does not exist + createSchema(){ + local schema=$1 + local db=$2 + local user=$3 + + [ ! -z ${schema} ] || errorExit "schema is empty" + [ ! -z ${db} ] || errorExit "db is empty" + [ ! -z ${user} ] || errorExit "user is empty" + + PGOPTIONS='--client-min-messages=warning' ${PSQL} $POSTGRES_OPTIONS --dbname="${db}" -qc "CREATE SCHEMA IF NOT EXISTS ${schema} AUTHORIZATION ${user}" 1>/dev/null + } + + postgresIsNotReady() { + attempt_number=${attempt_number:-0} + ${PSQL} $POSTGRES_OPTIONS --version > /dev/null 2>&1 + outcome1=$? + # Execute a simple db function to verify if mongo is up and running + ${PSQL} $POSTGRES_OPTIONS -l > /dev/null 2>&1 + outcome2=$? + if [[ $outcome1 -eq 0 ]] && [[ $outcome2 -eq 0 ]]; then + return 0 + else + if [ $attempt_number -gt 10 ]; then + errorExit "Unable to proceed. $POSTGRES_LABEL is not reachable. This can occur if the service is not running \ + or the port is not accepting requests at $DB_PORT (host : $DB_HOST). Gave up after $attempt_number attempts" + fi + let "attempt_number=attempt_number+1" + return 1 + fi + } + + init(){ + if [[ -z $POSTGRES_PATH ]]; then + hash ${PSQL} 2>/dev/null || { echo >&2 "\"${PSQL}\" is not installed or not available in path"; exit 1; } + fi + + log "Waiting for $POSTGRES_LABEL to get ready using the commands: \"${PSQL} $POSTGRES_OPTIONS --version\" & \"${PSQL} $POSTGRES_OPTIONS -l\"" + attempt_number=0 + while ! postgresIsNotReady + do + sleep 5 + echo -n '.' + done + log "$POSTGRES_LABEL is ready. Executing commands" + } + + setupDB(){ + local user=$1 + local pass=$2 + local db=$3 + local schema=$4 + + createUser "${user}" "${pass}" + createDB "${db}" "${user}" + createSchema "${schema}" "${db}" "${user}" + + ${PSQL} $POSTGRES_OPTIONS -c "GRANT ALL ON DATABASE ${db} TO ${user}" 1>/dev/null; + ${PSQL} $POSTGRES_OPTIONS -c "GRANT ALL ON SCHEMA ${schema} TO ${user}" --dbname="${db}" 1>/dev/null; + } + + # Load default and custom postgres details from below files + [ -f setenvDefaults.sh ] && source setenvDefaults.sh || true + [ -f setenv.sh ] && source setenv.sh || true + + ### Following are the postgres details being setup for each service. + ## Common details + : ${DB_PORT:=5432} + : ${DB_NAME:="mission_control"} + : ${DB_SSLMODE:="false"} + : ${DB_TABLESPACE:="pg_default"} + : ${DB_HOST:="localhost"} + + ## Insight Server + : ${JFIS_DB_USERNAME:="jfis"} + : ${JFIS_DB_PASSWORD:="password"} + : ${JFIS_DB_SCHEMA:="insight_server"} + + ## Insight Scheduler + : ${JFSC_DB_USERNAME:="jfsc"} + : ${JFSC_DB_PASSWORD:="password"} + : ${JFSC_DB_SCHEMA:="insight_scheduler"} + + ## Insight Executor + : ${JFEX_DB_USERNAME:="jfex"} + : ${JFEX_DB_PASSWORD:="password"} + : ${JFEX_DB_SCHEMA:="insight_executor"} + + ## Jfmc Server + : ${JFMC_DB_USERNAME:="jfmc"} + : ${JFMC_DB_PASSWORD:="password"} + : ${JFMC_DB_SCHEMA:="jfmc_server"} + + # Enable script to run setup for specific service + SERVICE=${1:-all} + if ! [[ $SERVICE =~ all|jfmc|jfex|jfsc|jfis ]]; then + SERVICE=all + fi + + DB_HOST={{ .Release.Name }}-postgresql + [[ -z "${POSTGRES_PATH}" ]] && PSQL=psql || PSQL=${POSTGRES_PATH}/psql + POSTGRES_OPTIONS="--host=${DB_HOST} --port=${DB_PORT} -U {{ .Values.postgresql.postgresUsername }} -w" + + init + [[ $SERVICE =~ all|jfis ]] && setupDB "${JFIS_DB_USERNAME}" "${JFIS_DB_PASSWORD}" "${DB_NAME}" "${JFIS_DB_SCHEMA}" || true + [[ $SERVICE =~ all|jfsc ]] && setupDB "${JFSC_DB_USERNAME}" "${JFSC_DB_PASSWORD}" "${DB_NAME}" "${JFSC_DB_SCHEMA}" || true + [[ $SERVICE =~ all|jfex ]] && setupDB "${JFEX_DB_USERNAME}" "${JFEX_DB_PASSWORD}" "${DB_NAME}" "${JFEX_DB_SCHEMA}" || true + [[ $SERVICE =~ all|jfmc ]] && setupDB "${JFMC_DB_USERNAME}" "${JFMC_DB_PASSWORD}" "${DB_NAME}" "${JFMC_DB_SCHEMA}" || true + log "$POSTGRES_LABEL setup is now complete" + + exit 0 +{{- end }} \ No newline at end of file diff --git a/stable/mission-control/values.yaml b/stable/mission-control/values.yaml index 2649b2516..ba223e755 100644 --- a/stable/mission-control/values.yaml +++ b/stable/mission-control/values.yaml @@ -39,19 +39,25 @@ serviceAccount: ## If not set and create is true, a name is generated using the fullname template name: -## Post Install hook to create user in Mongodb -postInstallHook: - image: - repository: mvertes/alpine-mongo - tag: 3.6.3-0 - pullPolicy: IfNotPresent +## Details required for initialization/setup of database +dbSetup: + mongodb: + image: + repository: mvertes/alpine-mongo + tag: 3.6.3-0 + pullPolicy: IfNotPresent + postgresql: + image: + repository: postgres + tag: 9.6.11-alpine + pullPolicy: IfNotPresent # Sub charts ## Configuration values for the mongodb dependency ## ref: https://github.com/kubernetes/charts/blob/master/stable/mongodb/README.md ## mongodb: - enabled: true + enabled: false image: tag: 3.6.8-debian-9 pullPolicy: IfNotPresent @@ -85,6 +91,88 @@ mongodb: readinessProbe: initialDelaySeconds: 30 +# PostgreSQL +## Configuration values for the postgresql dependency +## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## +postgresql: + enabled: true + imageTag: "9.6.11" + postgresUsername: postgres + postgresPassword: + postgresConfig: + maxConnections: "1500" + db: + name: mission_control + sslmode: "false" + tablespace: "pg_default" + jfmcUsername: jfmc + jfisUsername: jfis + jfscUsername: jfsc + jfexUsername: jfex + jfmcPassword: + jfisPassword: + jfscPassword: + jfexPassword: + jfmcSchema: jfmc_server + jfisSchema: insight_server + jfscSchema: insight_scheduler + jfexSchema: insight_executor + service: + port: 5432 + persistence: + enabled: true + size: 50Gi + existingClaim: + resources: {} + # requests: + # memory: "1Gi" + # cpu: "250m" + # limits: + # memory: "2Gi" + # cpu: "1" + nodeSelector: {} + affinity: {} + tolerations: [] + +### If NOT using the PostgreSQL in this chart (postgresql.enabled=false), +## specify custom database details here or leave empty +database: + type: postgresql + host: + port: + ## Please make sure these are created under the provided database + name: mission_control + jfisSchema: insight_server + jfmcSchema: jfmc_server + jfscSchema: insight_scheduler + jfexSchema: insight_executor + ## If you would like to use single user and password for all the services + user: + password: + ## If you have existing Kubernetes secrets containing db credentials, use + ## these values + secrets: {} + # user: + # name: "database-creds" + # key: "db-user" + # password: + # name: "database-creds" + # key: "db-password" + ## If you want to use different credentials for each service + ## Mission-Control + jfmcUsername: jfmc + jfmcPassword: + ## Insight-Server + jfisUsername: jfis + jfisPassword: + ## Insight-Scheduler + jfscUsername: jfsc + jfscPassword: + ## Insight-Executor + jfexUsername: jfex + jfexPassword: + elasticsearch: enabled: true persistence: @@ -105,6 +193,9 @@ elasticsearch: esUsername: "elastic" esPassword: + service: + port: 9200 + podRestartTime: ingress: @@ -126,6 +217,8 @@ missionControl: appName: jfmc-server home: /var/opt/jfrog/mission-control image: docker.bintray.io/jfrog/mission-control + # Set this to true if you want to override credentials in mission-control.properties on startup + propertyOverride: false ## Note that by default we use appVersion to get image tag # version: @@ -202,29 +295,6 @@ insightServer: image: docker.bintray.io/jfrog/insight-server ## Note that by default we use appVersion to get image tag # version: - persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - mountPath: "/opt/jfrog/insight-server/logs" - accessMode: ReadWriteOnce - size: 100Gi - ## Mission Control data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - service: - name: insight-server - type: ClusterIP - externalHttpPort: 8082 internalHttpPort: 8082 ## This can be used to whitelist the range of IPs allowed to be served by Insight Server service ## The value must follow CIDR format @@ -236,11 +306,6 @@ insightServer: # limits: # memory: "1Gi" # cpu: "1" - nodeSelector: {} - - tolerations: [] - - affinity: {} insightScheduler: replicaCount: 1 @@ -249,29 +314,7 @@ insightScheduler: image: docker.bintray.io/jfrog/insight-scheduler ## Note that by default we use appVersion to get image tag # version: - persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - mountPath: "/opt/jfrog/insight-scheduler/logs" - accessMode: ReadWriteOnce - size: 100Gi - ## Mission Control data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - service: - type: ClusterIP - externalPort: 8080 - internalPort: 8080 + internalPort: 8085 ## Control Java options (JFMC_EXTRA_JAVA_OPTS) ## IMPORTANT: keep resources.limits.memory higher than javaOpts.xmx by 0.5G @@ -286,11 +329,6 @@ insightScheduler: # limits: # memory: "3.5Gi" # cpu: "1" - nodeSelector: {} - - tolerations: [] - - affinity: {} insightExecutor: replicaCount: 1 @@ -299,29 +337,7 @@ insightExecutor: image: docker.bintray.io/jfrog/insight-executor ## Note that by default we use appVersion to get image tag # version: - persistence: - enabled: true - ## A manually managed Persistent Volume and Claim - ## Requires persistence.enabled: true - ## If defined, PVC must be created manually before volume will be bound - # existingClaim: - - mountPath: "/opt/jfrog/insight-executor/logs" - accessMode: ReadWriteOnce - size: 100Gi - ## Mission Control data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - - service: - type: ClusterIP - externalPort: 8080 - internalPort: 8080 + internalPort: 8087 ## Control Java options (JFMC_EXTRA_JAVA_OPTS) ## IMPORTANT: keep resources.limits.memory higher than javaOpts.xmx by 0.5G @@ -336,8 +352,3 @@ insightExecutor: # limits: # memory: "3.5Gi" # cpu: "1" - nodeSelector: {} - - tolerations: [] - - affinity: {}