diff --git a/charts/sentry/Chart.lock b/charts/sentry/Chart.lock deleted file mode 100644 index c62b93a..0000000 --- a/charts/sentry/Chart.lock +++ /dev/null @@ -1,21 +0,0 @@ -dependencies: -- name: redis - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 9.3.2 -- name: kafka - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 12.0.0 -- name: clickhouse - repository: https://sentry-kubernetes.github.io/charts - version: 3.0.0 -- name: rabbitmq - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 8.9.1 -- name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 10.2.4 -- name: nginx - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 6.0.5 -digest: sha256:89e9fa1955a76912f549faedd5466b85be563a3aad90e0da5af34feed7a5104c -generated: "2022-09-15T15:41:20.489829+02:00" diff --git a/charts/sentry/Chart.yaml b/charts/sentry/Chart.yaml index 0b292eb..09c6dd7 100644 --- a/charts/sentry/Chart.yaml +++ b/charts/sentry/Chart.yaml @@ -1,32 +1,42 @@ apiVersion: v2 -appVersion: 21.5.1 +appVersion: 23.6.1 dependencies: +- condition: sourcemaps.enabled + name: memcached + repository: oci://registry-1.docker.io/bitnamicharts + version: 6.5.2 - condition: redis.enabled name: redis - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 9.3.2 + repository: oci://registry-1.docker.io/bitnamicharts + version: 17.11.3 - condition: kafka.enabled name: kafka - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 12.0.0 + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 16.3.2 - condition: clickhouse.enabled name: clickhouse repository: https://sentry-kubernetes.github.io/charts - version: 3.0.0 + version: 3.3.0 +- condition: zookeeper.enabled + name: zookeeper + repository: https://raw.githubusercontent.com/bitnami/charts/pre-2022/bitnami + version: 9.0.0 - alias: rabbitmq condition: rabbitmq.enabled name: rabbitmq - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 8.9.1 + repository: oci://registry-1.docker.io/bitnamicharts + version: 11.15.3 - condition: postgresql.enabled name: postgresql - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 10.2.4 + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.5.1 - condition: nginx.enabled name: nginx - repository: https://raw.githubusercontent.com/bitnami/charts/archive-full-index/bitnami - version: 6.0.5 + repository: oci://registry-1.docker.io/bitnamicharts + version: 14.2.2 description: A Helm chart for Kubernetes +maintainers: +- name: sentry-kubernetes name: sentry type: application -version: 11.3.3 +version: 19.4.0 diff --git a/charts/sentry/README.md b/charts/sentry/README.md index 9737f5c..d87fabf 100644 --- a/charts/sentry/README.md +++ b/charts/sentry/README.md @@ -1,31 +1,27 @@ -### Upgrading from deprecated 9.0 -> 10.0 Chart +# Install -As this chart runs in helm 3 and also tries its best to follow on from the original Sentry chart. There are some steps that needs to be taken in order to correctly upgrade. +## Add repo -From the previous upgrade, make sure to get the following from your previous installation: - -- Redis Password (If Redis auth was enabled) -- Postgresql Password -Both should be in the `secrets` of your original 9.0 release. Make a note of both of these values. - -#### Upgrade Steps - -Due to an issue where transferring from Helm 2 to 3. Statefulsets that use the following: `heritage: {{ .Release.Service }}` in the metadata field will error out with a `Forbidden` error during the upgrade. The only workaround is to delete the existing statefulsets (Don't worry, PVC will be retained): - -> kubectl delete --all sts -n +``` +helm repo add sentry https://sentry-kubernetes.github.io/charts +``` -Once the statefulsets are deleted. Next steps is to convert the helm release from version 2 to 3 using the helm 3 plugin: +## Without overrides -> helm3 2to3 convert +``` +helm install sentry sentry/sentry +``` -Finally, it's just a case of upgrading and ensuring the correct params are used: +## With your own values file -If Redis auth enabled: +``` +helm install sentry sentry/sentry -f values.yaml +``` -> helm upgrade -n . --set redis.usePassword=true --set redis.password= +# Upgrade -If Redis auth is disabled: -> helm upgrade -n . +Read the upgrade guide before upgrading to major versions of the chart. +[Upgrade Guide](docs/UPGRADE.md) ## Configuration @@ -33,42 +29,46 @@ The following table lists the configurable parameters of the Sentry chart and th Note: this table is incomplete, so have a look at the values.yaml in case you miss something -Parameter | Description | Default -:--------------------------------- | :--------------------------------------------------------------------------------------------------------- | :--------------------------------------------------- -`user.create` | if `true`, creates a default admin user defined from `email` and `password` | `true` -`user.email` | Admin user email | `admin@sentry.local` -`user.password` | Admin user password| `aaaa` -`ingress.enabled` | Enabling Ingress | `false` -`ingress.regexPathStyle` | Allows setting the style the regex paths are rendered in the ingress for the ingress controller in use. Possible values are `nginx`, `aws-alb` and `traefik` | `nginx` -`nginx.enabled` | Enabling NGINX | `true` -`metrics.enabled`| if `true`, enable Prometheus metrics | `false` -`metrics.image.repository` | Metrics exporter image repository | `prom/statsd-exporter` -`metrics.image.tag` | Metrics exporter image tag | `v0.10.5` -`metrics.image.PullPolicy` | Metrics exporter image pull policy | `IfNotPresent` -`metrics.nodeSelector`| Node labels for metrics pod assignment| `{}` -`metrics.tolerations` | Toleration labels for metrics pod assignment| `[]` -`metrics.affinity` | Affinity settings for metrics | `{}` -`metrics.resources`| Metrics resource requests/limit| `{}` -`metrics.service.annotations` | annotations for Prometheus metrics service | `{}` -`metrics.service.clusterIP` | cluster IP address to assign to service (set to `"-"` to pass an empty value) | `nil` -`metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false` -`metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]` -`metrics.service.additionalLabels` | labels for metrics service | `{}` -`metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` -`metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` -`metrics.service.servicePort` | Prometheus metrics service port | `9913` -`metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP` -`metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` -`metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` -`metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` -`metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as sentry` -`metrics.serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s` -`system.secretKey` | secret key for the session cookie ([documentation](https://develop.sentry.dev/config/#general)) | `nil` -`sentry.features.vstsLimitedScopes` | Disables the azdo-integrations with limited scopes that is the cause of so much pain | `true` -`sentry.web.customCA.secretName` | Allows mounting a custom CA secret | `nil` -`sentry.web.customCA.item` | Key of CA cert object within the secret | `ca.crt` -`symbolicator.api.enabled` | Enable Symbolicator | `false` -`symbolicator.api.config` | Config file for Symbolicator, see [its docs](https://getsentry.github.io/symbolicator/#configuration) | see values.yaml +| Parameter | Description | Default | +| :-------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------ | :----------------------------- | +| `user.create` | if `true`, creates a default admin user defined from `email` and `password` | `true` | +| `user.email` | Admin user email | `admin@sentry.local` | +| `user.password` | Admin user password | `aaaa` | +| `ingress.enabled` | Enabling Ingress | `false` | +| `ingress.regexPathStyle` | Allows setting the style the regex paths are rendered in the ingress for the ingress controller in use. Possible values are `nginx`, `aws-alb`, `gke` and `traefik` | `nginx` | +| `nginx.enabled` | Enabling NGINX | `true` | +| `metrics.enabled` | if `true`, enable Prometheus metrics | `false` | +| `metrics.image.repository` | Metrics exporter image repository | `prom/statsd-exporter` | +| `metrics.image.tag` | Metrics exporter image tag | `v0.10.5` | +| `metrics.image.PullPolicy` | Metrics exporter image pull policy | `IfNotPresent` | +| `metrics.nodeSelector` | Node labels for metrics pod assignment | `{}` | +| `metrics.tolerations` | Toleration labels for metrics pod assignment | `[]` | +| `metrics.affinity` | Affinity settings for metrics | `{}` | +| `metrics.resources` | Metrics resource requests/limit | `{}` | +| `metrics.service.annotations` | annotations for Prometheus metrics service | `{}` | +| `metrics.service.clusterIP` | cluster IP address to assign to service (set to `"-"` to pass an empty value) | `nil` | +| `metrics.service.omitClusterIP` | (Deprecated) To omit the `clusterIP` from the metrics service | `false` | +| `metrics.service.externalIPs` | Prometheus metrics service external IP addresses | `[]` | +| `metrics.service.additionalLabels` | labels for metrics service | `{}` | +| `metrics.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | +| `metrics.service.loadBalancerSourceRanges` | list of IP CIDRs allowed access to load balancer (if supported) | `[]` | +| `metrics.service.servicePort` | Prometheus metrics service port | `9913` | +| `metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP` | +| `metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` | +| `metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels. | `false` | +| `metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as sentry` | +| `metrics.serviceMonitor.scrapeInterval` | interval between Prometheus scraping | `30s` | +| `serviceAccount.annotations` | Additional Service Account annotations. | `{}` | +| `serviceAccount.enabled` | If `true`, a custom Service Account will be used. | `false` | +| `serviceAccount.name` | The base name of the ServiceAccount to use. Will be appended with e.g. `snuba` or `web` for the pods accordingly. | `"sentry"` | +| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a Service Account. | `true` | +| `sentry.existingSecret` | Existing kubernetes secret to be used for secret key for the session cookie ([documentation](https://develop.sentry.dev/config/#general)) | `nil` | +| `sentry.features.vstsLimitedScopes` | Disables the azdo-integrations with limited scopes that is the cause of so much pain | `true` | +| `sentry.web.customCA.secretName` | Allows mounting a custom CA secret | `nil` | +| `sentry.web.customCA.item` | Key of CA cert object within the secret | `ca.crt` | +| `symbolicator.api.enabled` | Enable Symbolicator | `false` | +| `symbolicator.api.config` | Config file for Symbolicator, see [its docs](https://getsentry.github.io/symbolicator/#configuration) | see values.yaml | ## NGINX and/or Ingress @@ -76,15 +76,15 @@ By default, NGINX is enabled to allow sending the incoming requests to [Sentry R ## Sentry secret key -For your security, the [`system.secret-key`](https://develop.sentry.dev/config/#general) is generated for you on the first installation. Another one will be regenerated on each upgrade invalidating all the current sessions unless it's been provided. The value is stored in the `sentry-sentry` configmap. +If no `sentry.existingSecret` value is specified, for your security, the [`system.secret-key`](https://develop.sentry.dev/config/#general) is generated for you on the first installation and stored in a kubernetes secret. + +If `sentry.existingSecret` / `sentry.existingSecretKey` values are provided, those secrets will be used. -``` -helm upgrade ... --set system.secretKey=xx -``` -## Symbolicator +## Symbolicator and or JavaScript source maps For getting native stacktraces and minidumps symbolicated with debug symbols (e.g. iOS/Android), you need to enable Symbolicator via + ```yaml symbolicator: enabled: true @@ -102,8 +102,96 @@ filestore: persistentWorkers: true # storageClass: 'efs-storage' # see note below ``` + Note: If you need to run or cannot avoid running sentry-worker and sentry-web on different cluster nodes, you need to set `filestore.filesystem.persistence.accessMode: ReadWriteMany` or might get problems. HOWEVER, [not all volume drivers support it](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes), like AWS EBS or GCP disks. So you would want to create and use a `StorageClass` with a supported volume driver like [AWS EFS](https://github.com/kubernetes-sigs/aws-efs-csi-driver) Its also important having `connect_to_reserved_ips: true` in the symbolicator config file, which this Chart defaults to. +#### Source Maps + +To get javascript source map processing working, you need to activate sourcemaps, which in turn activates the memcached dependency: + +```yaml +sourcemaps: + enabled: true +``` + +For details on the background see this blog post: https://engblog.yext.com/post/sentry-js-source-maps + + +## Geolocation + +[Geolocation of IP addresses](https://develop.sentry.dev/self-hosted/geolocation/) is supported if you provide a GeoIP database: + +Example values.yaml: + +```yaml + +relay: + # provide a volume for relay that contains the geoip database + volumes: + - name: geoip + hostPath: + path: /geodata + type: Directory + + +sentry: + web: + # provide a volume for sentry-web that contains the geoip database + volumes: + - name: geoip + hostPath: + path: /geodata + type: Directory + + worker: + # provide a volume for sentry-worker that contains the geoip database + volumes: + - name: geoip + hostPath: + path: /geodata + type: Directory + + +# enable and reference the volume +geodata: + volumeName: geoip + # mountPath of the volume containing the database + mountPath: /geodata + # path to the geoip database inside the volumemount + path: /geodata/GeoLite2-City.mmdb +``` + +## External Kafka configuration + +You can either provide a single host, which is there by default in `values.yaml`, like this: + +```yaml +externalKafka: + ## Hostname or ip address of external kafka + ## + host: "kafka-confluent" + port: 9092 +``` + +or you can feed in a cluster of Kafka instances like below: + +```yaml +externalKafka: + ## List of Hostnames or ip addresses of external kafka + - host: "233.5.100.28" + port: 9092 + - host: "233.5.100.29" + port: 9092 + - host: "233.5.100.30" + port: 9092 +``` + + + +# Usage + +- [AWS + Terraform](docs/usage-aws-terraform.md) +- [DigitalOcean](docs/usage-digitalocean.md) diff --git a/charts/sentry/charts/clickhouse-3.0.0.tgz b/charts/sentry/charts/clickhouse-3.0.0.tgz deleted file mode 100644 index a3bd561..0000000 Binary files a/charts/sentry/charts/clickhouse-3.0.0.tgz and /dev/null differ diff --git a/charts/sentry/charts/clickhouse-3.3.0.tgz b/charts/sentry/charts/clickhouse-3.3.0.tgz new file mode 100644 index 0000000..6114305 Binary files /dev/null and b/charts/sentry/charts/clickhouse-3.3.0.tgz differ diff --git a/charts/sentry/charts/kafka-12.0.0.tgz b/charts/sentry/charts/kafka-12.0.0.tgz deleted file mode 100644 index db27599..0000000 Binary files a/charts/sentry/charts/kafka-12.0.0.tgz and /dev/null differ diff --git a/charts/sentry/charts/kafka-16.3.2.tgz b/charts/sentry/charts/kafka-16.3.2.tgz new file mode 100644 index 0000000..b3d1691 Binary files /dev/null and b/charts/sentry/charts/kafka-16.3.2.tgz differ diff --git a/charts/sentry/charts/memcached-6.5.2.tgz b/charts/sentry/charts/memcached-6.5.2.tgz new file mode 100644 index 0000000..8c9174a Binary files /dev/null and b/charts/sentry/charts/memcached-6.5.2.tgz differ diff --git a/charts/sentry/charts/nginx-14.2.2.tgz b/charts/sentry/charts/nginx-14.2.2.tgz new file mode 100644 index 0000000..fa8158a Binary files /dev/null and b/charts/sentry/charts/nginx-14.2.2.tgz differ diff --git a/charts/sentry/charts/nginx-6.0.5.tgz b/charts/sentry/charts/nginx-6.0.5.tgz deleted file mode 100644 index 3172947..0000000 Binary files a/charts/sentry/charts/nginx-6.0.5.tgz and /dev/null differ diff --git a/charts/sentry/charts/postgresql-10.2.4.tgz b/charts/sentry/charts/postgresql-10.2.4.tgz deleted file mode 100644 index e7e0c00..0000000 Binary files a/charts/sentry/charts/postgresql-10.2.4.tgz and /dev/null differ diff --git a/charts/sentry/charts/postgresql-12.5.1.tgz b/charts/sentry/charts/postgresql-12.5.1.tgz new file mode 100644 index 0000000..2a80dae Binary files /dev/null and b/charts/sentry/charts/postgresql-12.5.1.tgz differ diff --git a/charts/sentry/charts/rabbitmq-11.15.3.tgz b/charts/sentry/charts/rabbitmq-11.15.3.tgz new file mode 100644 index 0000000..f6ca6fb Binary files /dev/null and b/charts/sentry/charts/rabbitmq-11.15.3.tgz differ diff --git a/charts/sentry/charts/rabbitmq-8.9.1.tgz b/charts/sentry/charts/rabbitmq-8.9.1.tgz deleted file mode 100644 index 23ba7aa..0000000 Binary files a/charts/sentry/charts/rabbitmq-8.9.1.tgz and /dev/null differ diff --git a/charts/sentry/charts/redis-17.11.3.tgz b/charts/sentry/charts/redis-17.11.3.tgz new file mode 100644 index 0000000..15ca760 Binary files /dev/null and b/charts/sentry/charts/redis-17.11.3.tgz differ diff --git a/charts/sentry/charts/redis-9.3.2.tgz b/charts/sentry/charts/redis-9.3.2.tgz deleted file mode 100644 index d99a638..0000000 Binary files a/charts/sentry/charts/redis-9.3.2.tgz and /dev/null differ diff --git a/charts/sentry/charts/zookeeper-9.0.0.tgz b/charts/sentry/charts/zookeeper-9.0.0.tgz new file mode 100644 index 0000000..dffe2ed Binary files /dev/null and b/charts/sentry/charts/zookeeper-9.0.0.tgz differ diff --git a/charts/sentry/docs/UPGRADE.md b/charts/sentry/docs/UPGRADE.md new file mode 100644 index 0000000..36f87d4 --- /dev/null +++ b/charts/sentry/docs/UPGRADE.md @@ -0,0 +1,85 @@ +# Upgrade + +## Upgrading from 13.x.x version of this Chart to 14.0.0 + +ClickHouse was reconfigured with sharding and replication in-mind, If you are using external ClickHouse, you don't need to do anything. + +**WARNING**: You will lose current event data
+Otherwise, you should delete the old ClickHouse volumes in-order to upgrade to this version. + + +## Upgrading from 12.x.x version of this Chart to 13.0.0 + +The service annotions have been moved from the `service` section to the respective service's service sub-section. So what was: + +```yaml +service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /_health/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port +``` + +will now be set per service: + +```yaml +sentry: + web: + service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /_health/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port + +relay: + service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port +``` + +## Upgrading from 11.x.x version of this Chart to 12.0.0 + +Redis chart was upgraded to newer version. If you are using external redis, you don't need to do anything. + +Otherwise, when upgrading to chart version 12.x.x from 11.x.x you need to either run `helm upgrade` with `--force` flag, or prior to upgrade delete statefulsets for redis master and redis slave. Then run upgrade and it will roll out new statefulsets. Your master redis data will not be lost (PVC is not deleted when you delete statefulset). Your redis slave will now be named redis replica and you can delete PVCs that were used by redis slave after the upgrade. + +## Upgrading from 10.x.x version of this Chart to 11.0.0 + +If you were using clickhouse tabix externally, we disabled it per default. + +## Upgrading from deprecated 9.0 -> 10.0 Chart + +As this chart runs in helm 3 and also tries its best to follow on from the original Sentry chart. There are some steps that needs to be taken in order to correctly upgrade. + +From the previous upgrade, make sure to get the following from your previous installation: + +- Redis Password (If Redis auth was enabled) +- Postgresql Password + Both should be in the `secrets` of your original 9.0 release. Make a note of both of these values. + +### Upgrade Steps + +Due to an issue where transferring from Helm 2 to 3. Statefulsets that use the following: `heritage: {{ .Release.Service }}` in the metadata field will error out with a `Forbidden` error during the upgrade. The only workaround is to delete the existing statefulsets (Don't worry, PVC will be retained): + +```shell +kubectl delete --all sts -n +``` + +Once the statefulsets are deleted. Next steps is to convert the helm release from version 2 to 3 using the helm 3 plugin: + +```shell +helm3 2to3 convert +``` + +Finally, it's just a case of upgrading and ensuring the correct params are used: + +If Redis auth enabled: + +```shell +helm upgrade -n . --set redis.usePassword=true --set redis.password= +``` + +If Redis auth is disabled: + +```shell +helm upgrade -n . +``` diff --git a/charts/sentry/docs/usage-aws-terraform.md b/charts/sentry/docs/usage-aws-terraform.md new file mode 100644 index 0000000..ed11c5d --- /dev/null +++ b/charts/sentry/docs/usage-aws-terraform.md @@ -0,0 +1,122 @@ +# Usage with Terraform + AWS + +`./templates/sentry_values.yaml` file + +```yaml +prefix: ${module_prefix} + +user: + create: true + email: ${sentry_email} + password: ${sentry_password} + +nginx: + enabled: false + +rabbitmq: + enabled: false + +sentry: + web: + service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /_health/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port + +relay: + service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port + +postgresql: + enabled: true + nameOverride: sentry-postgresql + postgresqlUsername: postgres + postgresqlPassword: ${postgres_password} + postgresqlDatabase: sentry + replication: + enabled: false + +ingress: + enabled: true + hostname: ${sentry_dns_name} + regexPathStyle: aws-alb + annotations: + kubernetes.io/ingress.class: alb + alb.ingress.kubernetes.io/scheme: internet-facing + alb.ingress.kubernetes.io/target-type: ip + alb.ingress.kubernetes.io/tags: ${tags} + alb.ingress.kubernetes.io/inbound-cidrs: ${allowed_cidr_blocks_str} + alb.ingress.kubernetes.io/subnets: ${public_subnet_ids_str} + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS": 443}]' + alb.ingress.kubernetes.io/ssl-redirect: "443" + alb.ingress.kubernetes.io/certificate-arn: ${subdomain_cert_arn} + external-dns.alpha.kubernetes.io/hostname: ${sentry_dns_name} +``` + +`./helm.tf` file + +```terraform +resource "helm_release" "sentry" { + name = "sentry" + chart = "${path.module}/helm_sentry/" + repository = "https://sentry-kubernetes.github.io/charts" + version = "14.0.0" + timeout = 600 + wait = false + dependency_update = true + + values = [ + templatefile( + "${path.module}/templates/sentry_values.yaml", + { + module_prefix = "${var.module_prefix}", + sentry_email = "${var.sentry_email}", + sentry_password = "${var.sentry_password}", + + sentry_dns_name = "${local.sentry_dns_name}", + subdomain_cert_arn = "${var.subdomain_cert_arn}", + allowed_cidr_blocks_str = "${join(",", var.allowed_cidr_blocks)}", + private_subnet_ids_str = "${join(",", var.private_subnet_ids)}", + public_subnet_ids_str = "${join(",", var.public_subnet_ids)}", + tags = "environment=${var.env}" + # postgres_db_host = "${module.sentry_rds_pg.this_rds_cluster_endpoint}", + # postgres_db_name = "${local.db_name}", + postgres_username = "${local.db_user}", + postgres_password = "${local.db_pass}", + } + ) + ] + + depends_on = [ + helm_release.lb_controller, + helm_release.external_dns, + ] +} +``` + +### Notes + +1. Ensure the control plane and node security groups are appropriately configured as documented [here](https://docs.aws.amazon.com/eks/latest/userguide/sec-group-reqs.html#control-plane-worker-node-sgs). +2. Annotations for ingress are as mentioned [here](https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.2/guide/ingress/annotations/) +3. `healthcheck-path` and `healthcheck-port` annotations can be setup per target group using the alb annotations in the corresponding services as mentioned [here](https://github.com/kubernetes-sigs/aws-load-balancer-controller/issues/1056#issuecomment-551585078). For example, here we have: + +```yaml +sentry: + web: + service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /_health/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port + +relay: + service: + annotations: + alb.ingress.kubernetes.io/healthcheck-path: /api/relay/healthcheck/ready/ + alb.ingress.kubernetes.io/healthcheck-port: traffic-port +``` + +Which are load balancer annotations specified in the service configuration for the load balancer to pick while creating the target groups. + +NOTE: AWS ALB Controller's Service annotations don't apply here as we want the `aws-load-balancer-controller` to pick-up the services and apply the appropriate healthcheck-path per service and not create a load balancer for the service itself. The service annotations will only apply when you want the service to be load balanced. diff --git a/charts/sentry/docs/usage-digitalocean.md b/charts/sentry/docs/usage-digitalocean.md new file mode 100644 index 0000000..1f5f20c --- /dev/null +++ b/charts/sentry/docs/usage-digitalocean.md @@ -0,0 +1,89 @@ +# Usage with DigitalOcean + +## Ingress Controller + +DigitalOcean does not create an Ingress Controller or LoadBalancer when the sentry chart is installed. +This usage example is for when you want to do SSL termination at LoadBalancer. + +#### Create an `ingress.yaml` file with the following content. + +```yaml +controller: + name: controller + service: + # This redirects the https request to http port after SSL termination + targetPorts: + http: http + https: http + annotations: + service.beta.kubernetes.io/do-loadbalancer-redirect-http-to-https: "true" + service.beta.kubernetes.io/do-loadbalancer-certificate-id: {{.DO_CERTIFICATE_ID}} + service.beta.kubernetes.io/do-loadbalancer-enable-proxy-protocol: "true" + service.beta.kubernetes.io/do-loadbalancer-hostname: {{.SENTRY_HOST}} + service.beta.kubernetes.io/do-loadbalancer-name: {{.SENTRY_HOST}} + config: + use-forwarded-headers: "true" + compute-full-forwarded-for: "true" + use-proxy-protocol: "true" +``` + +You can obtain the certificate id from doctl or [terraform](https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs/resources/certificate) + +#### Install the ingress controller to your cluster + +```shell +helm upgrade --install ingress-nginx ingress-nginx \ + --repo https://kubernetes.github.io/ingress-nginx \ + --namespace ingress-nginx --create-namespace -f ingress.yaml +``` + +```shell +doctl compute certificate list +``` + +## Chart configuration + +`values.yaml` +```yaml +prefix: + +# Required only when installing +user: + create: true + email: {{.SENTRY_EMAIL}} + password: {{.SENTRY_PASSWORD}} + +nginx: + enabled: false + +ingress: + enabled: true + hostname: {{.SENTRY_HOST}} + regexPathStyle: nginx + annotations: + kubernetes.io/ingress.class: "nginx" + nginx.ingress.kubernetes.io/force-ssl-redirect: "true" + +system: + url: "https://$SENTRY_HOST" + public: true + secret: {{.SENTRY_SECRET}} + +postgresql: + enabled: false + +# DigitalOcean managed database uses port 25060 and needs SSL to be enabled +externalPostgresql: + host: {{.SENTRY_DO_DB_HOST}} + port: 25060 + database: {{.SENTRY_DO_DB_NAME}} + username: {{.SENTRY_DO_DB_USER}} + password: {{.SENTRY_DO_DB_PASSWORD}} + sslMode: require +``` + + +### Notes + +1. Nginx Ingress Service can be configured with [chart values](https://github.com/kubernetes/ingress-nginx/tree/main/charts/ingress-nginx) and [annotations](https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/). +2. Annotations for DO Load Balancer are as mentioned [here](https://github.com/digitalocean/digitalocean-cloud-controller-manager/blob/master/docs/controllers/services/annotations.md) diff --git a/charts/sentry/templates/_helper.tpl b/charts/sentry/templates/_helper.tpl index 2b41359..19d495e 100644 --- a/charts/sentry/templates/_helper.tpl +++ b/charts/sentry/templates/_helper.tpl @@ -7,16 +7,13 @@ {{- end -}} {{- end -}} -{{- define "sentry.labels" -}} -app: {{ template "sentry.fullname" . }} -chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" -release: "{{ .Release.Name }}" -heritage: "{{ .Release.Service }}" -{{- end -}} - {{- define "nginx.port" -}}{{ default "8080" .Values.nginx.containerPort }}{{- end -}} {{- define "relay.port" -}}3000{{- end -}} +{{- define "relay.healthCheck.readinessRequestPath" -}}/api/relay/healthcheck/ready/{{- end -}} +{{- define "relay.healthCheck.livenessRequestPath" -}}/api/relay/healthcheck/live/{{- end -}} {{- define "sentry.port" -}}9000{{- end -}} +{{- define "sentry.healthCheck.requestPath" -}}/_health/{{- end -}} +{{- define "relay.healthCheck.requestPath" -}}/api/relay/healthcheck/live/{{- end -}} {{- define "snuba.port" -}}1218{{- end -}} {{- define "symbolicator.port" -}}3021{{- end -}} @@ -39,7 +36,7 @@ heritage: "{{ .Release.Service }}" {{- define "symbolicator.image" -}} {{- default "getsentry/symbolicator" .Values.images.symbolicator.repository -}} : -{{- .Values.images.symbolicator.tag -}} +{{- default .Chart.AppVersion .Values.images.symbolicator.tag -}} {{- end -}} {{- define "dbCheck.image" -}} @@ -73,6 +70,68 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} + +{{/* +Get KubeVersion removing pre-release information. +*/}} +{{- define "sentry.kubeVersion" -}} + {{- default .Capabilities.KubeVersion.Version (regexFind "v[0-9]+\\.[0-9]+\\.[0-9]+" .Capabilities.KubeVersion.Version) -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for ingress. +*/}} +{{- define "sentry.ingress.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "networking.k8s.io/v1") (semverCompare ">= 1.19.x" (include "sentry.kubeVersion" .)) -}} + {{- print "networking.k8s.io/v1" -}} + {{- else if .Capabilities.APIVersions.Has "networking.k8s.io/v1beta1" -}} + {{- print "networking.k8s.io/v1beta1" -}} + {{- else -}} + {{- print "extensions/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return if ingress is stable. +*/}} +{{- define "sentry.ingress.isStable" -}} + {{- eq (include "sentry.ingress.apiVersion" .) "networking.k8s.io/v1" -}} +{{- end -}} + +{{/* +Return the appropriate batch apiVersion for cronjobs. +batch/v1beta1 will no longer be served in v1.25 +See more at https://kubernetes.io/docs/reference/using-api/deprecation-guide/#cronjob-v125 +*/}} +{{- define "sentry.batch.apiVersion" -}} + {{- if and (.Capabilities.APIVersions.Has "batch/v1") (semverCompare ">= 1.21.x" (include "sentry.kubeVersion" .)) -}} + {{- print "batch/v1" -}} + {{- else if .Capabilities.APIVersions.Has "batch/v1beta1" -}} + {{- print "batch/v1beta1" -}} + {{- end -}} +{{- end -}} + +{{/* +Return if batch is stable. +*/}} +{{- define "sentry.batch.isStable" -}} + {{- eq (include "sentry.batch.apiVersion" .) "batch/v1" -}} +{{- end -}} + +{{/* +Return if ingress supports ingressClassName. +*/}} +{{- define "sentry.ingress.supportsIngressClassName" -}} + {{- or (eq (include "sentry.ingress.isStable" .) "true") (and (eq (include "sentry.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "sentry.kubeVersion" .))) -}} +{{- end -}} + +{{/* +Return if ingress supports pathType. +*/}} +{{- define "sentry.ingress.supportsPathType" -}} + {{- or (eq (include "sentry.ingress.isStable" .) "true") (and (eq (include "sentry.ingress.apiVersion" .) "networking.k8s.io/v1beta1") (semverCompare ">= 1.18.x" (include "sentry.kubeVersion" .))) -}} +{{- end -}} + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -155,7 +214,7 @@ Set postgres port */}} {{- define "sentry.postgresql.port" -}} {{- if .Values.postgresql.enabled -}} -{{- default 5432 .Values.postgresql.service.port }} +{{- default 5432 .Values.postgresql.primary.service.ports.postgresql }} {{- else -}} {{- required "A valid .Values.externalPostgresql.port is required" .Values.externalPostgresql.port -}} {{- end -}} @@ -172,17 +231,6 @@ Set postgresql username {{- end -}} {{- end -}} -{{/* -Set postgresql password -*/}} -{{- define "sentry.postgresql.password" -}} -{{- if .Values.postgresql.enabled -}} -{{- default "" .Values.postgresql.postgresqlPassword }} -{{- else -}} -{{ required "A valid .Values.externalPostgresql.password is required" .Values.externalPostgresql.password }} -{{- end -}} -{{- end -}} - {{/* Set postgresql database */}} @@ -293,13 +341,6 @@ default {{- end -}} {{- end -}} -{{/* -Set ClickHouse Authorization -*/}} -{{- define "sentry.clickhouse.auth" -}} ---user {{ include "sentry.clickhouse.username" . }} --password {{ include "sentry.clickhouse.password" .| quote }} -{{- end -}} - {{/* Set ClickHouse User */}} @@ -346,7 +387,7 @@ Set Kafka Confluent host {{- define "sentry.kafka.host" -}} {{- if .Values.kafka.enabled -}} {{- template "sentry.kafka.fullname" . -}} -{{- else -}} +{{- else if and (.Values.externalKafka) (not (kindIs "slice" .Values.externalKafka)) -}} {{ required "A valid .Values.externalKafka.host is required" .Values.externalKafka.host }} {{- end -}} {{- end -}} @@ -355,13 +396,27 @@ Set Kafka Confluent host Set Kafka Confluent port */}} {{- define "sentry.kafka.port" -}} -{{- if and (.Values.kafka.enabled) (.Values.kafka.service.port) -}} -{{- .Values.kafka.service.port }} -{{- else -}} +{{- if and (.Values.kafka.enabled) (.Values.kafka.service.ports.client) -}} +{{- .Values.kafka.service.ports.client }} +{{- else if and (.Values.externalKafka) (not (kindIs "slice" .Values.externalKafka)) -}} {{ required "A valid .Values.externalKafka.port is required" .Values.externalKafka.port }} {{- end -}} {{- end -}} +{{/* +Set Kafka bootstrap servers string +*/}} +{{- define "sentry.kafka.bootstrap_servers_string" -}} +{{- if or (.Values.kafka.enabled) (not (kindIs "slice" .Values.externalKafka)) -}} +{{ printf "%s:%s" (include "sentry.kafka.host" .) (include "sentry.kafka.port" .) }} +{{- else -}} +{{- range $index, $elem := .Values.externalKafka -}} +{{- if $index -}},{{- end -}}{{ printf "%s:%s" $elem.host (toString $elem.port) }} +{{- end -}} +{{- end -}} +{{- end -}} + + {{/* Set RabbitMQ host */}} @@ -380,5 +435,109 @@ Common Snuba environment variables - name: SNUBA_SETTINGS value: /etc/snuba/settings.py - name: DEFAULT_BROKERS - value: {{ printf "%s:%s" (include "sentry.kafka.host" .) (include "sentry.kafka.port" .) | quote }} + value: {{ include "sentry.kafka.bootstrap_servers_string" . | quote }} +{{- if .Values.externalClickhouse.existingSecret }} +- name: CLICKHOUSE_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalClickhouse.existingSecret }} + key: {{ default "clickhouse-password" .Values.externalClickhouse.existingSecretKey }} +{{- end }} +{{- end -}} + +{{/* +Common Sentry environment variables +*/}} +{{- define "sentry.env" -}} +- name: SNUBA + value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" . }} +{{- if .Values.sentry.existingSecret }} +- name: SENTRY_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.sentry.existingSecret }} + key: {{ default "key" .Values.sentry.existingSecretKey }} +{{- else }} +- name: SENTRY_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ template "sentry.fullname" . }}-sentry-secret + key: "key" +{{- end }} +{{- if .Values.postgresql.enabled }} +- name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} + key: {{ default "postgres-password" .Values.postgresql.existingSecretKey }} +{{- else if .Values.externalPostgresql.password }} +- name: POSTGRES_PASSWORD + value: {{ .Values.externalPostgresql.password | quote }} +{{- else if .Values.externalPostgresql.existingSecret }} +- name: POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalPostgresql.existingSecret }} + key: {{ default "postgresql-password" .Values.externalPostgresql.existingSecretKey }} +{{- end }} +{{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} +- name: GOOGLE_APPLICATION_CREDENTIALS + value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} +{{- end }} +{{- if .Values.mail.password }} +- name: SENTRY_EMAIL_PASSWORD + value: {{ .Values.mail.password | quote }} +{{- else if .Values.mail.existingSecret }} +- name: SENTRY_EMAIL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.mail.existingSecret }} + key: {{ default "mail-password" .Values.mail.existingSecretKey }} +{{- end }} +{{- if .Values.slack.existingSecret }} +- name: SLACK_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.slack.existingSecret }} + key: "client-id" +- name: SLACK_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.slack.existingSecret }} + key: "client-secret" +- name: SLACK_SIGNING_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.slack.existingSecret }} + key: "signing-secret" +{{- end }} +{{- if and .Values.github.existingSecret }} +- name: GITHUB_APP_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.github.existingSecret }} + key: {{ default "private-key" .Values.github.existingSecretPrivateKeyKey }} +- name: GITHUB_APP_WEBHOOK_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.github.existingSecret }} + key: {{ default "webhook-secret" .Values.github.existingSecretWebhookSecretKey }} +- name: GITHUB_APP_CLIENT_ID + valueFrom: + secretKeyRef: + name: {{ .Values.github.existingSecret }} + key: {{ default "client-id" .Values.github.existingSecretClientIdKey }} +- name: GITHUB_APP_CLIENT_SECRET + valueFrom: + secretKeyRef: + name: {{ .Values.github.existingSecret }} + key: {{ default "client-secret" .Values.github.existingSecretClientSecretKey }} +{{- end }} +{{- if .Values.openai.existingSecret }} +- name: OPENAI_API_KEY + valueFrom: + secretKeyRef: + name: {{ .Values.openai.existingSecret }} + key: {{ default "api-token" .Values.openai.existingSecretKey }} +{{- end }} {{- end -}} diff --git a/charts/sentry/templates/configmap-memcached.yaml b/charts/sentry/templates/configmap-memcached.yaml new file mode 100644 index 0000000..abe3590 --- /dev/null +++ b/charts/sentry/templates/configmap-memcached.yaml @@ -0,0 +1,8 @@ +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sentry.fullname" . }}-memcached +data: + MEMCACHED_MEMORY_LIMIT: "{{ .Values.memcached.memoryLimit }}" + MEMCACHED_MAX_ITEM_SIZE: "{{ .Values.memcached.maxItemSize }}" diff --git a/charts/sentry/templates/configmap-nginx.yaml b/charts/sentry/templates/configmap-nginx.yaml index c91464d..d795ce2 100644 --- a/charts/sentry/templates/configmap-nginx.yaml +++ b/charts/sentry/templates/configmap-nginx.yaml @@ -27,6 +27,13 @@ data: proxy_pass http://relay; } + {{ if and .Values.nginx.metrics.enabled .Values.nginx.metrics.serviceMonitor.enabled -}} + location = /status/ { + stub_status; + } + + {{ end -}} + location / { proxy_pass http://sentry; } diff --git a/charts/sentry/templates/configmap-relay.yaml b/charts/sentry/templates/configmap-relay.yaml index a258693..52713f8 100644 --- a/charts/sentry/templates/configmap-relay.yaml +++ b/charts/sentry/templates/configmap-relay.yaml @@ -22,10 +22,13 @@ data: processing: enabled: true + {{- if .Values.geodata.path }} + geoip_path: {{ .Values.geodata.path | quote }} + {{- end }} kafka_config: - name: "bootstrap.servers" - value: {{ printf "%s:%s" (include "sentry.kafka.host" .) (include "sentry.kafka.port" .) }} + value: {{ (include "sentry.kafka.bootstrap_servers_string" .) | quote }} - name: "message.max.bytes" value: 50000000 # 50MB or bust @@ -34,5 +37,8 @@ data: {{- else }} redis: "redis://{{ $redisHost }}:{{ $redisPort }}" {{- end }} + topics: + metrics_transactions: ingest-performance-metrics + metrics_sessions: ingest-metrics {{ .Values.config.relay | indent 4 }} diff --git a/charts/sentry/templates/configmap-sentry.yaml b/charts/sentry/templates/configmap-sentry.yaml index 90f1736..f345053 100644 --- a/charts/sentry/templates/configmap-sentry.yaml +++ b/charts/sentry/templates/configmap-sentry.yaml @@ -15,7 +15,6 @@ data: {{- if .Values.system.adminEmail }} system.admin-email: {{ .Values.system.adminEmail | quote }} {{- end }} - system.secret-key: {{ .Values.system.secretKey | default (randAlphaNum 50) | quote }} {{- if .Values.system.url }} system.url-prefix: {{ .Values.system.url | quote }} {{- end }} @@ -32,25 +31,26 @@ data: ########## # Github # ########## - {{- if .Values.github.appId }} - github-app.id: {{ .Values.github.appId }} - {{ end }} - {{- if .Values.github.appName }} - github-app.name: {{ .Values.github.appName | quote }} - {{ end }} - {{- if .Values.github.privateKey }} - github-app.private-key: |- - {{ .Values.github.privateKey | nindent 8 }}" - {{ end }} - {{- if .Values.github.webhookSecret }} - github-app.webhook-secret: {{ .Values.github.webhookSecret | quote }} - {{ end }} - {{- if .Values.github.clientId }} - github-app.client-id: {{ .Values.github.clientId | quote }} - {{ end }} - {{- if .Values.github.clientSecret }} - github-app.client-secret: {{ .Values.github.clientSecret | quote }} - {{ end }} + {{- with .Values.github.appId }} + github-app.id: {{ . }} + {{- end }} + {{- with .Values.github.appName }} + github-app.name: {{ . | quote }} + {{- end }} + {{- if not .Values.github.existingSecret }} + {{- with .Values.github.privateKey }} + github-app.private-key: {{- . | toYaml | indent 4 }} + {{- end }} + {{- with .Values.github.webhookSecret }} + github-app.webhook-secret: {{ . | quote }} + {{- end }} + {{- with .Values.github.clientId }} + github-app.client-id: {{ . | quote }} + {{- end }} + {{- with .Values.github.clientSecret }} + github-app.client-secret: {{ . | quote }} + {{- end }} + {{- end }} ########## # Google # @@ -63,7 +63,7 @@ data: ######### # Slack # ######### - {{- if .Values.slack.clientId }} + {{- if and (.Values.slack.clientId) (.Values.slack.clientSecret) (.Values.slack.signingSecret) (not .Values.slack.existingSecret) }} slack.client-id: {{ .Values.slack.clientId | quote }} slack.client-secret: {{ .Values.slack.clientSecret | quote }} slack.signing-secret: {{ .Values.slack.signingSecret | quote }} @@ -119,6 +119,13 @@ data: {{- if .Values.filestore.s3.default_acl }} default_acl: {{ .Values.filestore.s3.default_acl | quote }} {{- end }} + #add comfig params for s3 + {{- if .Values.filestore.s3.addressing_style }} + addressing_style: {{ .Values.filestore.s3.addressing_style | quote }} + {{- end }} + {{- if .Values.filestore.s3.location }} + location: {{ .Values.filestore.s3.location | quote }} + {{- end }} {{ end }} {{- if .Values.config.configYml }} @@ -128,12 +135,36 @@ data: from sentry.conf.server import * # NOQA from distutils.util import strtobool + BYTE_MULTIPLIER = 1024 + UNITS = ("K", "M", "G") + def unit_text_to_bytes(text): + unit = text[-1].upper() + power = UNITS.index(unit) + 1 + return float(text[:-1])*(BYTE_MULTIPLIER**power) + + {{- if .Values.sourcemaps.enabled }} + CACHES = { + "default": { + "BACKEND": "django.core.cache.backends.memcached.MemcachedCache", + "LOCATION": [ + "{{ template "sentry.fullname" . }}-memcached:11211" + ], + "TIMEOUT": 3600, + "OPTIONS": { + "server_max_value_length": unit_text_to_bytes(env("SENTRY_MAX_EXTERNAL_SOURCEMAP_SIZE", "1M")), + }, + } + } + import memcache + memcache.SERVER_MAX_VALUE_LENGTH = {{ .Values.memcached.maxItemSize }} + {{- end }} + DATABASES = { "default": { "ENGINE": "sentry.db.postgres", "NAME": {{ include "sentry.postgresql.database" . | quote }}, "USER": {{ include "sentry.postgresql.username" . | quote }}, - "PASSWORD": os.environ.get("POSTGRES_PASSWORD"), + "PASSWORD": os.environ.get("POSTGRES_PASSWORD", ""), "HOST": {{ include "sentry.postgresql.host" . | quote }}, "PORT": {{ template "sentry.postgresql.port" . }}, {{- if .Values.externalPostgresql.sslMode }} @@ -144,6 +175,10 @@ data: } } + {{- if .Values.geodata.path }} + GEOIP_PATH_MMDB = {{ .Values.geodata.path | quote }} + {{- end }} + # You should not change this setting after your database has been created # unless you have altered all schemas first SENTRY_USE_BIG_INTS = True @@ -152,11 +187,18 @@ data: # General # ########### + + secret_key = env('SENTRY_SECRET_KEY') + if not secret_key: + raise Exception('Error: SENTRY_SECRET_KEY is undefined') + + SENTRY_OPTIONS['system.secret-key'] = secret_key + # Instruct Sentry that this install intends to be run by a single organization # and thus various UI optimizations should be enabled. SENTRY_SINGLE_ORGANIZATION = {{ if .Values.sentry.singleOrganization }}True{{ else }}False{{ end }} - SENTRY_OPTIONS["system.event-retention-days"] = int(env('SENTRY_EVENT_RETENTION_DAYS') or 90) + SENTRY_OPTIONS["system.event-retention-days"] = int(env('SENTRY_EVENT_RETENTION_DAYS') or {{ .Values.sentry.cleanup.days | quote }}) ######### # Queue # @@ -193,7 +235,7 @@ data: SENTRY_CACHE = "sentry.cache.redis.RedisCache" DEFAULT_KAFKA_OPTIONS = { - "bootstrap.servers": {{ printf "%s:%s" (include "sentry.kafka.host" .) (include "sentry.kafka.port" .) | quote }}, + "bootstrap.servers": {{ (include "sentry.kafka.bootstrap_servers_string" .) | quote }}, "message.max.bytes": 50000000, "socket.timeout.ms": 1000, } @@ -269,9 +311,28 @@ data: "protocol": "uwsgi", # This is needed to prevent https://git.io/fj7Lw "uwsgi-socket": None, - "http-keepalive": True, + # Keep this between 15s-75s as that's what Relay supports + "http-keepalive": {{ .Values.config.web.httpKeepalive }}, + "http-chunked-input": True, + # the number of web workers + 'workers': 3, + # Turn off memory reporting "memory-report": False, - # 'workers': 3, # the number of web workers + # Some stuff so uwsgi will cycle workers sensibly + 'max-requests': 100000, + 'max-requests-delta': 500, + 'max-worker-lifetime': 86400, + # Duplicate options from sentry default just so we don't get + # bit by sentry changing a default value that we depend on. + 'thunder-lock': True, + 'log-x-forwarded-for': False, + 'buffer-size': 32768, + 'limit-post': 209715200, + 'disable-logging': True, + 'reload-on-rss': 600, + 'ignore-sigpipe': True, + 'ignore-write-errors': True, + 'disable-write-exception': True, } ########### @@ -322,6 +383,7 @@ data: "organizations:discover", "organizations:discover-basic", "organizations:discover-query", + "organizations:discover-frontend-use-events-endpoint", "organizations:enterprise-perf", "organizations:event-attachments", "organizations:events", @@ -349,6 +411,7 @@ data: "organizations:onboarding", "organizations:org-saved-searches", "organizations:performance-view", + "organizations:performance-frontend-use-events-endpoint", "organizations:project-detail", "organizations:relay", "organizations:release-performance-views", @@ -368,6 +431,11 @@ data: "organizations:unhandled-issue-flag", "organizations:invite-members-rate-limits", "organizations:dashboards-v2", + "organizations:reprocessing-v2", + "organizations:metrics", + "organizations:metrics-extraction", + "organizations:transaction-metrics-extraction", + "organizations:session-replay", "projects:alert-filters", "projects:custom-inbound-filters", @@ -382,7 +450,6 @@ data: "projects:similarity-indexing", "projects:similarity-view-v2", "projects:similarity-indexing-v2", - "projects:reprocessing-v2", "projects:plugins", ) @@ -394,15 +461,16 @@ data: ####################### SENTRY_OPTIONS['mail.backend'] = os.getenv("SENTRY_EMAIL_BACKEND", {{ .Values.mail.backend | quote }}) SENTRY_OPTIONS['mail.use-tls'] = bool(strtobool(os.getenv("SENTRY_EMAIL_USE_TLS", {{ .Values.mail.useTls | quote }}))) + SENTRY_OPTIONS['mail.use-ssl'] = bool(strtobool(os.getenv("SENTRY_EMAIL_USE_SSL", {{ .Values.mail.useSsl | quote }}))) SENTRY_OPTIONS['mail.username'] = os.getenv("SENTRY_EMAIL_USERNAME", {{ .Values.mail.username | quote }}) - SENTRY_OPTIONS['mail.password'] = os.getenv("SENTRY_EMAIL_PASSWORD", {{ .Values.mail.password | quote }}) + SENTRY_OPTIONS['mail.password'] = os.getenv("SENTRY_EMAIL_PASSWORD", "") SENTRY_OPTIONS['mail.port'] = int(os.getenv("SENTRY_EMAIL_PORT", {{ .Values.mail.port | quote }})) SENTRY_OPTIONS['mail.host'] = os.getenv("SENTRY_EMAIL_HOST", {{ .Values.mail.host | quote }}) SENTRY_OPTIONS['mail.from'] = os.getenv("SENTRY_EMAIL_FROM", {{ .Values.mail.from | quote }}) ######################### # Bitbucket Integration # - ######################## + ######################### # BITBUCKET_CONSUMER_KEY = 'YOUR_BITBUCKET_CONSUMER_KEY' # BITBUCKET_CONSUMER_SECRET = 'YOUR_BITBUCKET_CONSUMER_SECRET' @@ -413,6 +481,14 @@ data: SENTRY_RELAY_WHITELIST_PK = [] SENTRY_RELAY_OPEN_REGISTRATION = True + ####################### + # OpenAi Suggestions # + ####################### + + OPENAI_API_KEY = os.getenv("OPENAI_API_KEY", "") + if OPENAI_API_KEY: + SENTRY_FEATURES["organizations:open-ai-suggestion"] = True + {{- if .Values.metrics.enabled }} SENTRY_METRICS_BACKEND = 'sentry.metrics.statsd.StatsdMetricsBackend' SENTRY_METRICS_OPTIONS = { @@ -421,4 +497,22 @@ data: } {{- end }} +{{- if .Values.slack.existingSecret }} + ######### + # SLACK # + ######### + SENTRY_OPTIONS['slack.client-id'] = os.environ.get("SLACK_CLIENT_ID") + SENTRY_OPTIONS['slack.client-secret'] = os.environ.get("SLACK_CLIENT_SECRET") + SENTRY_OPTIONS['slack.signing-secret'] = os.environ.get("SLACK_SIGNING_SECRET") +{{- end }} + +{{- if .Values.github.existingSecret }} + ########## + # Github # + ########## + SENTRY_OPTIONS['github-app.private-key'] = os.environ.get("GITHUB_APP_PRIVATE_KEY") + SENTRY_OPTIONS['github-app.webhook-secret'] = os.environ.get("GITHUB_APP_WEBHOOK_SECRET") + SENTRY_OPTIONS['github-app.client-id'] = os.environ.get("GITHUB_APP_CLIENT_ID") + SENTRY_OPTIONS['github-app.client-secret'] = os.environ.get("GITHUB_APP_CLIENT_SECRET") +{{- end }} {{ .Values.config.sentryConfPy | indent 4 }} diff --git a/charts/sentry/templates/configmap-snuba.yaml b/charts/sentry/templates/configmap-snuba.yaml index deec4b4..f4897c0 100644 --- a/charts/sentry/templates/configmap-snuba.yaml +++ b/charts/sentry/templates/configmap-snuba.yaml @@ -19,14 +19,49 @@ data: DEBUG = env("DEBUG", "0").lower() in ("1", "true") # Clickhouse Options - CLUSTERS[0]["host"] = env("CLICKHOUSE_HOST", {{ include "sentry.clickhouse.host" . | quote }}) - CLUSTERS[0]["port"] = int({{ include "sentry.clickhouse.port" . }}) - CLUSTERS[0]["http_port"] = int({{ include "sentry.clickhouse.http_port" . }}) - CLUSTERS[0]["database"] = env("CLICKHOUSE_DATABASE", "default") - CLUSTERS[0]["user"] = env("CLICKHOUSE_USER", "default") - CLUSTERS[0]["password"] = env("CLICKHOUSE_PASSWORD", "") - # FIXME: Snuba will be able to migrate multi node clusters in the future - CLUSTERS[0]["single_node"] = env("CLICKHOUSE_SINGLE_NODE", "false").lower() == "true" + CLUSTERS = [ + { + "host": env("CLICKHOUSE_HOST", {{ include "sentry.clickhouse.host" . | quote }}), + "port": int({{ include "sentry.clickhouse.port" . }}), + "user": env("CLICKHOUSE_USER", "default"), + "password": env("CLICKHOUSE_PASSWORD", ""), + "database": env("CLICKHOUSE_DATABASE", "default"), + "http_port": {{ include "sentry.clickhouse.http_port" . }}, + "storage_sets": { + "cdc", + "discover", + "events", + "events_ro", + "metrics", + "migrations", + "outcomes", + "querylog", + "sessions", + "transactions", + "profiles", + "functions", + "replays", + "generic_metrics_sets", + "generic_metrics_distributions", + "search_issues", + "generic_metrics_counters", + "spans", + }, + {{- /* + The default clickhouse installation runs in distributed mode, while the external + clickhouse configured can be configured any way you choose + */}} + {{- if and .Values.externalClickhouse.singleNode (not .Values.clickhouse.enabled) }} + "single_node": True, + {{- else }} + "single_node": False, + {{- end }} + {{- if or .Values.clickhouse.enabled (not .Values.externalClickhouse.singleNode) }} + "cluster_name": {{ include "sentry.clickhouse.cluster.name" . | quote }}, + "distributed_cluster_name": {{ include "sentry.clickhouse.cluster.name" . | quote }}, + {{- end }} + }, + ] # Redis Options REDIS_HOST = {{ include "sentry.redis.host" . | quote }} @@ -36,4 +71,9 @@ data: {{- end }} REDIS_DB = int(env("REDIS_DB", 1)) +{{- if .Values.metrics.enabled }} + DOGSTATSD_HOST = "{{ template "sentry.fullname" . }}-metrics" + DOGSTATSD_PORT = 9125 +{{- end }} + {{ .Values.config.snubaSettingsPy | indent 4 }} diff --git a/charts/sentry/templates/cronjob-sentry-cleanup.yaml b/charts/sentry/templates/cronjob-sentry-cleanup.yaml index 46baf23..7569882 100644 --- a/charts/sentry/templates/cronjob-sentry-cleanup.yaml +++ b/charts/sentry/templates/cronjob-sentry-cleanup.yaml @@ -1,5 +1,6 @@ {{- if .Values.sentry.cleanup.enabled }} -apiVersion: batch/v1beta1 +{{- $batchApiIsStable := eq (include "sentry.batch.isStable" .) "true" -}} +apiVersion: {{ include "sentry.batch.apiVersion" . }} kind: CronJob metadata: name: {{ template "sentry.fullname" . }}-sentry-cleanup @@ -10,8 +11,14 @@ metadata: heritage: "{{ .Release.Service }}" spec: schedule: "{{ .Values.sentry.cleanup.schedule }}" + successfulJobsHistoryLimit: {{ .Values.sentry.cleanup.successfulJobsHistoryLimit }} + failedJobsHistoryLimit: {{ .Values.sentry.cleanup.failedJobsHistoryLimit }} + concurrencyPolicy: "{{ .Values.sentry.cleanup.concurrencyPolicy }}" jobTemplate: spec: + {{- if .Values.sentry.cleanup.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.sentry.cleanup.activeDeadlineSeconds }} + {{- end}} template: metadata: annotations: @@ -39,11 +46,22 @@ spec: {{- if .Values.sentry.cleanup.tolerations }} tolerations: {{ toYaml .Values.sentry.cleanup.tolerations | indent 12 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 12 }} {{- end }} {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 12 }} {{- end }} + {{- if .Values.sentry.cleanup.securityContext }} + securityContext: +{{ toYaml .Values.sentry.cleanup.securityContext | indent 12 }} + {{- end }} containers: - name: {{ .Chart.Name }}-sentry-cleanup image: "{{ template "sentry.image" . }}" @@ -51,22 +69,14 @@ spec: command: ["sentry"] args: - "cleanup" + - "--concurrency" + - {{ .Values.sentry.cleanup.concurrency | quote }} - "--days" - "{{ .Values.sentry.cleanup.days }}" env: - - name: SNUBA - value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" }} - name: C_FORCE_ROOT value: "true" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} - {{ if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} - {{ end }} +{{ include "sentry.env" . | indent 12 }} {{- if .Values.sentry.cleanup.env }} {{ toYaml .Values.sentry.cleanup.env | indent 12 }} {{- end }} @@ -80,8 +90,15 @@ spec: - name: sentry-google-cloud-key mountPath: /var/run/secrets/google {{ end }} +{{- if .Values.sentry.cleanup.volumeMounts }} +{{ toYaml .Values.sentry.cleanup.volumeMounts | indent 12 }} +{{- end }} resources: {{ toYaml .Values.sentry.cleanup.resources | indent 14 }} +{{- if .Values.sentry.cleanup.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.cleanup.containerSecurityContext | indent 14 }} +{{- end }} {{- if .Values.sentry.cleanup.sidecars }} {{ toYaml .Values.sentry.cleanup.sidecars | indent 10 }} {{- end }} @@ -92,8 +109,13 @@ spec: name: {{ template "sentry.fullname" . }}-sentry - name: sentry-data {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} persistentVolumeClaim: claimName: {{ template "sentry.fullname" . }}-data + {{- end }} {{- else }} emptyDir: {} {{ end }} @@ -108,4 +130,7 @@ spec: {{- if .Values.sentry.cleanup.priorityClassName }} priorityClassName: "{{ .Values.sentry.cleanup.priorityClassName }}" {{- end }} + {{- if .Values.sentry.cleanup.serviceAccount }} + serviceAccountName: {{ .Values.sentry.cleanup.serviceAccount.name }} + {{- end }} {{- end }} diff --git a/charts/sentry/templates/cronjob-snuba-cleanup-errors.yaml b/charts/sentry/templates/cronjob-snuba-cleanup-errors.yaml deleted file mode 100644 index 941b84b..0000000 --- a/charts/sentry/templates/cronjob-snuba-cleanup-errors.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.snuba.cleanupErrors.enabled }} -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ template "sentry.fullname" . }}-snuba-cleanup-errors - labels: - app: {{ template "sentry.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - schedule: "{{ .Values.snuba.cleanupErrors.schedule }}" - jobTemplate: - spec: - template: - metadata: - annotations: - checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} - checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-snuba.yaml") . | sha256sum }} - {{- if .Values.snuba.cleanupErrors.annotations }} -{{ toYaml .Values.snuba.cleanupErrors.annotations | indent 12 }} - {{- end }} - labels: - app: {{ template "sentry.fullname" . }} - release: "{{ .Release.Name }}" - {{- if .Values.snuba.cleanupErrors.podLabels }} -{{ toYaml .Values.snuba.cleanupErrors.podLabels | indent 12 }} - {{- end }} - spec: - affinity: - {{- if .Values.snuba.cleanupErrors.affinity }} -{{ toYaml .Values.snuba.cleanupErrors.affinity | indent 12 }} - {{- end }} - {{- if .Values.snuba.cleanupErrors.nodeSelector }} - nodeSelector: -{{ toYaml .Values.snuba.cleanupErrors.nodeSelector | indent 12 }} - {{- end }} - {{- if .Values.snuba.cleanupErrors.tolerations }} - tolerations: -{{ toYaml .Values.snuba.cleanupErrors.tolerations | indent 12 }} - {{- end }} - {{- if .Values.images.snuba.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.images.snuba.imagePullSecrets | indent 12 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-snuba-cleanup-errors - image: "{{ template "snuba.image" . }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: - - "snuba" - - "cleanup" - - "--storage" - - "errors" - - "--dry-run" - - "False" - - "--clickhouse-host" - - {{ include "sentry.clickhouse.host" . | quote }} - - "--clickhouse-port" - - {{ include "sentry.clickhouse.port" . | quote }} - env: - - name: SNUBA_SETTINGS - value: /etc/snuba/settings.py -{{- if .Values.snuba.cleanupErrors.env }} -{{ toYaml .Values.snuba.cleanupErrors.env | indent 12 }} -{{- end }} - envFrom: - - secretRef: - name: {{ template "sentry.fullname" . }}-snuba-env - volumeMounts: - - mountPath: /etc/snuba - name: config - readOnly: true - resources: -{{ toYaml .Values.snuba.cleanupErrors.resources | indent 14 }} -{{- if .Values.snuba.cleanupErrors.sidecars }} -{{ toYaml .Values.snuba.cleanupErrors.sidecars | indent 10 }} -{{- end }} - restartPolicy: Never - volumes: - - name: config - configMap: - name: {{ template "sentry.fullname" . }}-snuba -{{- if .Values.snuba.cleanupErrors.volumes }} -{{ toYaml .Values.snuba.cleanupErrors.volumes | indent 10 }} -{{- end }} - {{- if .Values.snuba.cleanupErrors.priorityClassName }} - priorityClassName: "{{ .Values.snuba.cleanupErrors.priorityClassName }}" - {{- end }} -{{- end }} diff --git a/charts/sentry/templates/cronjob-snuba-cleanup-transactions.yaml b/charts/sentry/templates/cronjob-snuba-cleanup-transactions.yaml deleted file mode 100644 index ce77e63..0000000 --- a/charts/sentry/templates/cronjob-snuba-cleanup-transactions.yaml +++ /dev/null @@ -1,90 +0,0 @@ -{{- if .Values.snuba.cleanupTransactions.enabled }} -apiVersion: batch/v1beta1 -kind: CronJob -metadata: - name: {{ template "sentry.fullname" . }}-snuba-cleanup-transactions - labels: - app: {{ template "sentry.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -spec: - schedule: "{{ .Values.snuba.cleanupTransactions.schedule }}" - jobTemplate: - spec: - template: - metadata: - annotations: - checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} - checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-snuba.yaml") . | sha256sum }} - {{- if .Values.snuba.cleanupTransactions.annotations }} -{{ toYaml .Values.snuba.cleanupTransactions.annotations | indent 12 }} - {{- end }} - labels: - app: {{ template "sentry.fullname" . }} - release: "{{ .Release.Name }}" - {{- if .Values.snuba.cleanupTransactions.podLabels }} -{{ toYaml .Values.snuba.cleanupTransactions.podLabels | indent 12 }} - {{- end }} - spec: - affinity: - {{- if .Values.snuba.cleanupTransactions.affinity }} -{{ toYaml .Values.snuba.cleanupTransactions.affinity | indent 12 }} - {{- end }} - {{- if .Values.snuba.cleanupTransactions.nodeSelector }} - nodeSelector: -{{ toYaml .Values.snuba.cleanupTransactions.nodeSelector | indent 12 }} - {{- end }} - {{- if .Values.snuba.cleanupTransactions.tolerations }} - tolerations: -{{ toYaml .Values.snuba.cleanupTransactions.tolerations | indent 12 }} - {{- end }} - {{- if .Values.images.snuba.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.images.snuba.imagePullSecrets | indent 12 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-snuba-cleanup-errors - image: "{{ template "snuba.image" . }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: - - "snuba" - - "cleanup" - - "--storage" - - "transactions" - - "--dry-run" - - "False" - - "--clickhouse-host" - - {{ include "sentry.clickhouse.host" . | quote }} - - "--clickhouse-port" - - {{ include "sentry.clickhouse.port" . | quote }} - env: - - name: SNUBA_SETTINGS - value: /etc/snuba/settings.py -{{- if .Values.snuba.cleanupTransactions.env }} -{{ toYaml .Values.snuba.cleanupTransactions.env | indent 12 }} -{{- end }} - envFrom: - - secretRef: - name: {{ template "sentry.fullname" . }}-snuba-env - volumeMounts: - - mountPath: /etc/snuba - name: config - readOnly: true - resources: -{{ toYaml .Values.snuba.cleanupTransactions.resources | indent 14 }} -{{- if .Values.snuba.cleanupTransactions.sidecars }} -{{ toYaml .Values.snuba.cleanupTransactions.sidecars | indent 10 }} -{{- end }} - restartPolicy: Never - volumes: - - name: config - configMap: - name: {{ template "sentry.fullname" . }}-snuba -{{- if .Values.snuba.cleanupTransactions.volumes }} -{{ toYaml .Values.snuba.cleanupTransactions.volumes | indent 10 }} -{{- end }} - {{- if .Values.snuba.cleanupTransactions.priorityClassName }} - priorityClassName: "{{ .Values.snuba.cleanupTransactions.priorityClassName }}" - {{- end }} -{{- end }} diff --git a/charts/sentry/templates/deployment-metrics.yaml b/charts/sentry/templates/deployment-metrics.yaml index 7e452c6..20d21fc 100644 --- a/charts/sentry/templates/deployment-metrics.yaml +++ b/charts/sentry/templates/deployment-metrics.yaml @@ -44,6 +44,13 @@ spec: {{- end }} {{- if .Values.metrics.schedulerName }} schedulerName: "{{ .Values.metrics.schedulerName }}" + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.metrics.securityContext }} securityContext: @@ -61,6 +68,10 @@ spec: containerPort: 9125 - name: metrics containerPort: 9102 +{{- if .Values.metrics.volumeMounts }} + volumeMounts: +{{ toYaml .Values.metrics.volumeMounts | indent 8 }} +{{- end }} {{- if .Values.metrics.livenessProbe.enabled }} livenessProbe: httpGet: @@ -87,4 +98,16 @@ spec: {{- end }} resources: {{ toYaml .Values.metrics.resources | indent 10 }} -{{- end }} \ No newline at end of file +{{- if .Values.metrics.containerSecurityContext }} + securityContext: +{{ toYaml .Values.metrics.containerSecurityContext | indent 10 }} +{{- end }} +{{- if .Values.metrics.volumes }} + volumes: +{{ toYaml .Values.metrics.volumes | indent 6 }} +{{- end }} + + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-metrics + {{- end }} +{{- end }} diff --git a/charts/sentry/templates/deployment-relay.yaml b/charts/sentry/templates/deployment-relay.yaml index d9401df..9179230 100644 --- a/charts/sentry/templates/deployment-relay.yaml +++ b/charts/sentry/templates/deployment-relay.yaml @@ -69,9 +69,21 @@ spec: args: - "credentials" - "generate" +{{- if .Values.relay.init.additionalArgs }} +{{ toYaml .Values.relay.init.additionalArgs | indent 12 }} +{{- end }} + resources: +{{ toYaml .Values.relay.init.resources | indent 12 }} +{{- if .Values.relay.containerSecurityContext }} + securityContext: +{{ toYaml .Values.relay.containerSecurityContext | indent 12 }} +{{- end }} env: - name: RELAY_PORT value: '{{ template "relay.port" }}' +{{- if .Values.relay.init.env }} +{{ toYaml .Values.relay.init.env | indent 12 }} +{{- end }} volumeMounts: - name: credentials mountPath: /work/.relay @@ -79,8 +91,22 @@ spec: mountPath: /work/.relay/config.yml subPath: config.yml readOnly: true +{{- if .Values.relay.init.volumeMounts }} +{{ toYaml .Values.relay.volumeMounts | indent 12 }} +{{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }}-relay +{{- if .Values.relay.args }} + args: +{{ toYaml .Values.relay.args | indent 10 }} +{{- end }} image: "{{ template "relay.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} ports: @@ -98,31 +124,45 @@ spec: mountPath: /work/.relay/config.yml subPath: config.yml readOnly: true + {{- if .Values.geodata.volumeName }} + - name: {{ .Values.geodata.volumeName }} + mountPath: {{ .Values.geodata.mountPath }} + {{- end }} +{{- if .Values.relay.volumeMounts }} +{{ toYaml .Values.relay.volumeMounts | indent 10 }} +{{- end }} livenessProbe: - failureThreshold: 5 + failureThreshold: {{ .Values.relay.probeFailureThreshold }} httpGet: - path: /api/relay/healthcheck/ready/ + path: {{ template "relay.healthCheck.livenessRequestPath" }} port: {{ template "relay.port" }} scheme: HTTP initialDelaySeconds: {{ .Values.relay.probeInitialDelaySeconds }} - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 + periodSeconds: {{ .Values.relay.probePeriodSeconds }} + successThreshold: {{ .Values.relay.probeSuccessThreshold }} + timeoutSeconds: {{ .Values.relay.probeTimeoutSeconds }} readinessProbe: - failureThreshold: 10 + failureThreshold: {{ .Values.relay.probeFailureThreshold }} httpGet: - path: /api/relay/healthcheck/ready/ + path: {{ template "relay.healthCheck.readinessRequestPath" }} port: {{ template "relay.port" }} scheme: HTTP initialDelaySeconds: {{ .Values.relay.probeInitialDelaySeconds }} - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 + periodSeconds: {{ .Values.relay.probePeriodSeconds }} + successThreshold: {{ .Values.relay.probeSuccessThreshold }} + timeoutSeconds: {{ .Values.relay.probeTimeoutSeconds }} resources: {{ toYaml .Values.relay.resources | indent 12 }} +{{- if .Values.relay.containerSecurityContext }} + securityContext: +{{ toYaml .Values.relay.containerSecurityContext | indent 12 }} +{{- end }} {{- if .Values.relay.sidecars }} {{ toYaml .Values.relay.sidecars | indent 6 }} {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-relay + {{- end }} volumes: - name: config configMap: @@ -135,4 +175,4 @@ spec: {{- end }} {{- if .Values.relay.priorityClassName }} priorityClassName: "{{ .Values.relay.priorityClassName }}" - {{- end }} \ No newline at end of file + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-billing-metrics-consumer.yaml b/charts/sentry/templates/deployment-sentry-billing-metrics-consumer.yaml new file mode 100644 index 0000000..1df7eb2 --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-billing-metrics-consumer.yaml @@ -0,0 +1,143 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-billing-metrics-consumer + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: billing-metrics-consumer +{{- if not .Values.sentry.billingMetricsConsumer.autoscaling.enabled }} + replicas: {{ .Values.sentry.billingMetricsConsumer.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.billingMetricsConsumer.annotations }} +{{ toYaml .Values.sentry.billingMetricsConsumer.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: billing-metrics-consumer + {{- if .Values.sentry.billingMetricsConsumer.podLabels }} +{{ toYaml .Values.sentry.billingMetricsConsumer.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.billingMetricsConsumer.affinity }} +{{ toYaml .Values.sentry.billingMetricsConsumer.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.billingMetricsConsumer.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.billingMetricsConsumer.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.billingMetricsConsumer.tolerations }} + tolerations: +{{ toYaml .Values.sentry.billingMetricsConsumer.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.billingMetricsConsumer.securityContext }} + securityContext: +{{ toYaml .Values.sentry.billingMetricsConsumer.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-billing-metrics-consumer + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "billing-metrics-consumer" + {{- if .Values.sentry.billingMetricsConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.sentry.billingMetricsConsumer.maxBatchSize }}" + {{- end }} + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.billingMetricsConsumer.env }} +{{ toYaml .Values.sentry.billingMetricsConsumer.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.billingMetricsConsumer.volumeMounts }} +{{ toYaml .Values.sentry.billingMetricsConsumer.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.billingMetricsConsumer.resources | indent 12 }} +{{- if .Values.sentry.billingMetricsConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.billingMetricsConsumer.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.billingMetricsConsumer.sidecars }} +{{ toYaml .Values.sentry.billingMetricsConsumer.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-billing-metrics-consumer + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.billingMetricsConsumer.volumes }} +{{ toYaml .Values.sentry.billingMetricsConsumer.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.billingMetricsConsumer.priorityClassName }} + priorityClassName: "{{ .Values.sentry.billingMetricsConsumer.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-cron.yaml b/charts/sentry/templates/deployment-sentry-cron.yaml index fa61c9b..6ad808c 100644 --- a/charts/sentry/templates/deployment-sentry-cron.yaml +++ b/charts/sentry/templates/deployment-sentry-cron.yaml @@ -32,7 +32,6 @@ spec: {{ toYaml .Values.sentry.cron.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "sentry.serviceAccountName" . }} affinity: {{- if .Values.sentry.cron.affinity }} {{ toYaml .Values.sentry.cron.affinity | indent 8 }} @@ -48,6 +47,13 @@ spec: {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.sentry.cron.securityContext }} securityContext: @@ -62,19 +68,9 @@ spec: - "run" - "cron" env: - - name: SNUBA - value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" }} - name: C_FORCE_ROOT value: "true" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} - {{ if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} - {{ end }} +{{ include "sentry.env" . | indent 8 }} {{- if .Values.sentry.cron.env }} {{ toYaml .Values.sentry.cron.env | indent 8 }} {{- end }} @@ -88,19 +84,34 @@ spec: - name: sentry-google-cloud-key mountPath: /var/run/secrets/google {{ end }} +{{- if .Values.sentry.cron.volumeMounts }} +{{ toYaml .Values.sentry.cron.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.sentry.cron.resources | indent 12 }} +{{- if .Values.sentry.cron.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.cron.containerSecurityContext | indent 12 }} +{{- end }} {{- if .Values.sentry.cron.sidecars }} {{ toYaml .Values.sentry.cron.sidecars | indent 6 }} {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-cron + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-sentry - name: sentry-data {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} persistentVolumeClaim: claimName: {{ template "sentry.fullname" . }}-data + {{- end }} {{- else }} emptyDir: {} {{ end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-consumer-attachments.yaml b/charts/sentry/templates/deployment-sentry-ingest-consumer-attachments.yaml new file mode 100644 index 0000000..c6cfd69 --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-ingest-consumer-attachments.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-ingest-consumer-attachments + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-consumer +{{- if not .Values.sentry.ingestConsumer.autoscaling.enabled }} + replicas: {{ .Values.sentry.ingestConsumer.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.ingestConsumer.annotations }} +{{ toYaml .Values.sentry.ingestConsumer.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-consumer + {{- if .Values.sentry.ingestConsumer.podLabels }} +{{ toYaml .Values.sentry.ingestConsumer.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.ingestConsumer.affinity }} +{{ toYaml .Values.sentry.ingestConsumer.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestConsumer.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.ingestConsumer.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestConsumer.tolerations }} + tolerations: +{{ toYaml .Values.sentry.ingestConsumer.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestConsumer.securityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestConsumer.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingest-consumer-attachments + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "ingest-consumer" + - "--consumer-type=attachments" + {{- if .Values.sentry.ingestConsumer.concurrency }} + - "--concurrency" + - "{{ .Values.sentry.ingestConsumer.concurrency }}" + {{- end }} + {{- if .Values.sentry.ingestConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.sentry.ingestConsumer.maxBatchSize }}" + {{- end }} + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.ingestConsumer.env }} +{{ toYaml .Values.sentry.ingestConsumer.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.ingestConsumer.volumeMounts }} +{{ toYaml .Values.sentry.ingestConsumer.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.ingestConsumer.resources | indent 12 }} +{{- if .Values.sentry.ingestConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestConsumer.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.ingestConsumer.sidecars }} +{{ toYaml .Values.sentry.ingestConsumer.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-consumer-attachments + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.ingestConsumer.volumes }} +{{ toYaml .Values.sentry.ingestConsumer.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.ingestConsumer.priorityClassName }} + priorityClassName: "{{ .Values.sentry.ingestConsumer.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-consumer.yaml b/charts/sentry/templates/deployment-sentry-ingest-consumer-events.yaml similarity index 78% rename from charts/sentry/templates/deployment-sentry-ingest-consumer.yaml rename to charts/sentry/templates/deployment-sentry-ingest-consumer-events.yaml index 6c442b0..2d86ad6 100644 --- a/charts/sentry/templates/deployment-sentry-ingest-consumer.yaml +++ b/charts/sentry/templates/deployment-sentry-ingest-consumer-events.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "sentry.fullname" . }}-ingest-consumer + name: {{ template "sentry.fullname" . }}-ingest-consumer-events labels: app: {{ template "sentry.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" @@ -43,7 +43,6 @@ spec: {{ toYaml .Values.sentry.ingestConsumer.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "sentry.serviceAccountName" . }} affinity: {{- if .Values.sentry.ingestConsumer.affinity }} {{ toYaml .Values.sentry.ingestConsumer.affinity | indent 8 }} @@ -59,38 +58,39 @@ spec: {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.sentry.ingestConsumer.securityContext }} securityContext: {{ toYaml .Values.sentry.ingestConsumer.securityContext | indent 8 }} {{- end }} containers: - - name: {{ .Chart.Name }}-ingest-consumer + - name: {{ .Chart.Name }}-ingest-consumer-events image: "{{ template "sentry.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} command: ["sentry"] args: - "run" - "ingest-consumer" - - "--all-consumer-types" + - "--consumer-type=events" {{- if .Values.sentry.ingestConsumer.concurrency }} - - "-c" + - "--concurrency" - "{{ .Values.sentry.ingestConsumer.concurrency }}" {{- end }} + {{- if .Values.sentry.ingestConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.sentry.ingestConsumer.maxBatchSize }}" + {{- end }} env: - - name: SNUBA - value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" }} - name: C_FORCE_ROOT value: "true" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} - {{ if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} - {{ end }} +{{ include "sentry.env" . | indent 8 }} {{- if .Values.sentry.ingestConsumer.env }} {{ toYaml .Values.sentry.ingestConsumer.env | indent 8 }} {{- end }} @@ -104,19 +104,34 @@ spec: - name: sentry-google-cloud-key mountPath: /var/run/secrets/google {{ end }} +{{- if .Values.sentry.ingestConsumer.volumeMounts }} +{{ toYaml .Values.sentry.ingestConsumer.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.sentry.ingestConsumer.resources | indent 12 }} +{{- if .Values.sentry.ingestConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestConsumer.containerSecurityContext | indent 12 }} +{{- end }} {{- if .Values.sentry.ingestConsumer.sidecars }} {{ toYaml .Values.sentry.ingestConsumer.sidecars | indent 6 }} {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-consumer-events + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-sentry - name: sentry-data {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} persistentVolumeClaim: claimName: {{ template "sentry.fullname" . }}-data + {{- end }} {{- else }} emptyDir: {} {{ end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-consumer-transactions.yaml b/charts/sentry/templates/deployment-sentry-ingest-consumer-transactions.yaml new file mode 100644 index 0000000..54e453b --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-ingest-consumer-transactions.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-ingest-consumer-transactions + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-consumer +{{- if not .Values.sentry.ingestConsumer.autoscaling.enabled }} + replicas: {{ .Values.sentry.ingestConsumer.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.ingestConsumer.annotations }} +{{ toYaml .Values.sentry.ingestConsumer.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-consumer + {{- if .Values.sentry.ingestConsumer.podLabels }} +{{ toYaml .Values.sentry.ingestConsumer.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.ingestConsumer.affinity }} +{{ toYaml .Values.sentry.ingestConsumer.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestConsumer.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.ingestConsumer.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestConsumer.tolerations }} + tolerations: +{{ toYaml .Values.sentry.ingestConsumer.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestConsumer.securityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestConsumer.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingest-consumer-transactions + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "ingest-consumer" + - "--consumer-type=transactions" + {{- if .Values.sentry.ingestConsumer.concurrency }} + - "--concurrency" + - "{{ .Values.sentry.ingestConsumer.concurrency }}" + {{- end }} + {{- if .Values.sentry.ingestConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.sentry.ingestConsumer.maxBatchSize }}" + {{- end }} + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.ingestConsumer.env }} +{{ toYaml .Values.sentry.ingestConsumer.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.ingestConsumer.volumeMounts }} +{{ toYaml .Values.sentry.ingestConsumer.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.ingestConsumer.resources | indent 12 }} +{{- if .Values.sentry.ingestConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestConsumer.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.ingestConsumer.sidecars }} +{{ toYaml .Values.sentry.ingestConsumer.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-consumer-transactions + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.ingestConsumer.volumes }} +{{ toYaml .Values.sentry.ingestConsumer.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.ingestConsumer.priorityClassName }} + priorityClassName: "{{ .Values.sentry.ingestConsumer.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-metrics-consumer-perf.yaml b/charts/sentry/templates/deployment-sentry-ingest-metrics-consumer-perf.yaml new file mode 100644 index 0000000..53cab38 --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-ingest-metrics-consumer-perf.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-ingest-metrics-consumer-perf + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-metrics-consumer-perf +{{- if not .Values.sentry.ingestMetricsConsumerPerf.autoscaling.enabled }} + replicas: {{ .Values.sentry.ingestMetricsConsumerPerf.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.ingestMetricsConsumerPerf.annotations }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-metrics-consumer-perf + {{- if .Values.sentry.ingestMetricsConsumerPerf.podLabels }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.ingestMetricsConsumerPerf.affinity }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMetricsConsumerPerf.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMetricsConsumerPerf.tolerations }} + tolerations: +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMetricsConsumerPerf.securityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingest-metrics-consumer-perf + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "ingest-metrics-parallel-consumer" + - "--ingest-profile" + - "performance" + {{- if .Values.sentry.ingestMetricsConsumerPerf.maxBatchSize }} + - "--max-msg-batch-size" + - "{{ .Values.sentry.ingestMetricsConsumerPerf.maxBatchSize }}" + {{- end }} + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.ingestMetricsConsumerPerf.env }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.ingestMetricsConsumerPerf.volumeMounts }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.resources | indent 12 }} +{{- if .Values.sentry.ingestMetricsConsumerPerf.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.ingestMetricsConsumerPerf.sidecars }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-metrics-consumer-perf + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.ingestMetricsConsumerPerf.volumes }} +{{ toYaml .Values.sentry.ingestMetricsConsumerPerf.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.ingestMetricsConsumerPerf.priorityClassName }} + priorityClassName: "{{ .Values.sentry.ingestMetricsConsumerPerf.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-metrics-consumer-rh.yaml b/charts/sentry/templates/deployment-sentry-ingest-metrics-consumer-rh.yaml new file mode 100644 index 0000000..d296166 --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-ingest-metrics-consumer-rh.yaml @@ -0,0 +1,145 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-ingest-metrics-consumer-rh + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-metrics-consumer-rh +{{- if not .Values.sentry.ingestMetricsConsumerRh.autoscaling.enabled }} + replicas: {{ .Values.sentry.ingestMetricsConsumerRh.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.ingestMetricsConsumerRh.annotations }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-metrics-consumer-rh + {{- if .Values.sentry.ingestMetricsConsumerRh.podLabels }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.ingestMetricsConsumerRh.affinity }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMetricsConsumerRh.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMetricsConsumerRh.tolerations }} + tolerations: +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMetricsConsumerRh.securityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingest-metrics-consumer-rh + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "ingest-metrics-parallel-consumer" + - "--ingest-profile" + - "release-health" + {{- if .Values.sentry.ingestMetricsConsumerRh.maxBatchSize }} + - "--max-msg-batch-size" + - "{{ .Values.sentry.ingestMetricsConsumerRh.maxBatchSize }}" + {{- end }} + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.ingestMetricsConsumerRh.env }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.ingestMetricsConsumerRh.volumeMounts }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.resources | indent 12 }} +{{- if .Values.sentry.ingestMetricsConsumerRh.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.ingestMetricsConsumerRh.sidecars }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-metrics-consumer-rh + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.ingestMetricsConsumerRh.volumes }} +{{ toYaml .Values.sentry.ingestMetricsConsumerRh.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.ingestMetricsConsumerRh.priorityClassName }} + priorityClassName: "{{ .Values.sentry.ingestMetricsConsumerRh.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-monitors.yaml b/charts/sentry/templates/deployment-sentry-ingest-monitors.yaml new file mode 100644 index 0000000..57b1abe --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-ingest-monitors.yaml @@ -0,0 +1,139 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-ingest-monitors + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-monitors +{{- if not .Values.sentry.ingestMonitors.autoscaling.enabled }} + replicas: {{ .Values.sentry.ingestMonitors.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.ingestMonitors.annotations }} +{{ toYaml .Values.sentry.ingestMonitors.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-monitors + {{- if .Values.sentry.ingestMonitors.podLabels }} +{{ toYaml .Values.sentry.ingestMonitors.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.ingestMonitors.affinity }} +{{ toYaml .Values.sentry.ingestMonitors.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMonitors.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.ingestMonitors.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMonitors.tolerations }} + tolerations: +{{ toYaml .Values.sentry.ingestMonitors.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestMonitors.securityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestMonitors.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingest-monitors + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "ingest-monitors" + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.ingestMonitors.env }} +{{ toYaml .Values.sentry.ingestMonitors.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.ingestMonitors.volumeMounts }} +{{ toYaml .Values.sentry.ingestMonitors.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.ingestMonitors.resources | indent 12 }} +{{- if .Values.sentry.ingestMonitors.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestMonitors.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.ingestMonitors.sidecars }} +{{ toYaml .Values.sentry.ingestMonitors.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-monitors + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.ingestMonitors.volumes }} +{{ toYaml .Values.sentry.ingestMonitors.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.ingestMonitors.priorityClassName }} + priorityClassName: "{{ .Values.sentry.ingestMonitors.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-ingest-replay-recordings.yaml b/charts/sentry/templates/deployment-sentry-ingest-replay-recordings.yaml new file mode 100644 index 0000000..91eaa18 --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-ingest-replay-recordings.yaml @@ -0,0 +1,139 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-ingest-replay-recordings + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-replay-recordings +{{- if not .Values.sentry.ingestReplayRecordings.autoscaling.enabled }} + replicas: {{ .Values.sentry.ingestReplayRecordings.replicas }} +{{- end }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.ingestReplayRecordings.annotations }} +{{ toYaml .Values.sentry.ingestReplayRecordings.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: ingest-replay-recordings + {{- if .Values.sentry.ingestReplayRecordings.podLabels }} +{{ toYaml .Values.sentry.ingestReplayRecordings.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.ingestReplayRecordings.affinity }} +{{ toYaml .Values.sentry.ingestReplayRecordings.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestReplayRecordings.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.ingestReplayRecordings.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestReplayRecordings.tolerations }} + tolerations: +{{ toYaml .Values.sentry.ingestReplayRecordings.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.ingestReplayRecordings.securityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestReplayRecordings.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-ingest-replay-recordings + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "ingest-replay-recordings" + env: + - name: C_FORCE_ROOT + value: "true" +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.ingestReplayRecordings.env }} +{{ toYaml .Values.sentry.ingestReplayRecordings.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.ingestReplayRecordings.volumeMounts }} +{{ toYaml .Values.sentry.ingestReplayRecordings.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.ingestReplayRecordings.resources | indent 12 }} +{{- if .Values.sentry.ingestReplayRecordings.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.ingestReplayRecordings.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.ingestReplayRecordings.sidecars }} +{{ toYaml .Values.sentry.ingestReplayRecordings.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-ingest-replay-recordings + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.ingestReplayRecordings.volumes }} +{{ toYaml .Values.sentry.ingestReplayRecordings.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.ingestReplayRecordings.priorityClassName }} + priorityClassName: "{{ .Values.sentry.ingestReplayRecordings.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-post-process-forwarder-errors.yaml b/charts/sentry/templates/deployment-sentry-post-process-forwarder-errors.yaml new file mode 100644 index 0000000..1b7f67a --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-post-process-forwarder-errors.yaml @@ -0,0 +1,137 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-post-process-forward-errors + labels: + app: sentry + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-post-process-forward-errors + replicas: {{ .Values.sentry.postProcessForwardErrors.replicas }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.postProcessForwardErrors.annotations }} +{{ toYaml .Values.sentry.postProcessForwardErrors.annotations | indent 8 }} + {{- end }} + labels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-post-process-forward-errors + {{- if .Values.sentry.postProcessForwardErrors.podLabels }} +{{ toYaml .Values.sentry.postProcessForwardErrors.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.postProcessForwardErrors.affinity }} +{{ toYaml .Values.sentry.postProcessForwardErrors.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.postProcessForwardErrors.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.postProcessForwardErrors.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.postProcessForwardErrors.tolerations }} + tolerations: +{{ toYaml .Values.sentry.postProcessForwardErrors.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.postProcessForwardErrors.securityContext }} + securityContext: +{{ toYaml .Values.sentry.postProcessForwardErrors.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-post-process-forward-errors + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "post-process-forwarder" + - "--entity" + - "errors" + env: +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.postProcessForwardErrors.env }} +{{ toYaml .Values.sentry.postProcessForwardErrors.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.postProcessForwardErrors.volumeMounts }} +{{ toYaml .Values.sentry.postProcessForwardErrors.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.postProcessForwardErrors.resources | indent 12 }} +{{- if .Values.sentry.postProcessForwardErrors.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.postProcessForwardErrors.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.postProcessForwardErrors.sidecars }} +{{ toYaml .Values.sentry.postProcessForwardErrors.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-post-process-forwarder-errors + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.postProcessForwardErrors.volumes }} +{{ toYaml .Values.sentry.postProcessForwardErrors.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.postProcessForwardErrors.priorityClassName }} + priorityClassName: "{{ .Values.sentry.postProcessForwardErrors.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-post-process-forwarder-transactions.yaml b/charts/sentry/templates/deployment-sentry-post-process-forwarder-transactions.yaml new file mode 100644 index 0000000..4745b7e --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-post-process-forwarder-transactions.yaml @@ -0,0 +1,140 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-post-process-forward-transactions + labels: + app: sentry + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-post-process-forward-transactions + replicas: {{ .Values.sentry.postProcessForwardTransactions.replicas }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.postProcessForwardTransactions.annotations }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.annotations | indent 8 }} + {{- end }} + labels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-post-process-forward-transactions + {{- if .Values.sentry.postProcessForwardTransactions.podLabels }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.postProcessForwardTransactions.affinity }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.postProcessForwardTransactions.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.postProcessForwardTransactions.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.postProcessForwardTransactions.tolerations }} + tolerations: +{{ toYaml .Values.sentry.postProcessForwardTransactions.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.sentry.postProcessForwardTransactions.securityContext }} + securityContext: +{{ toYaml .Values.sentry.postProcessForwardTransactions.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-post-process-forward-transactions + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "post-process-forwarder" + - "--entity" + - "transactions" + - "--commit-log-topic=snuba-transactions-commit-log" + - "--synchronize-commit-group" + - "transactions_group" + env: +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.postProcessForwardTransactions.env }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.postProcessForwardTransactions.volumeMounts }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.postProcessForwardTransactions.resources | indent 12 }} +{{- if .Values.sentry.postProcessForwardTransactions.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.postProcessForwardTransactions.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.postProcessForwardTransactions.sidecars }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-post-process-forwarder-transactions + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.postProcessForwardTransactions.volumes }} +{{ toYaml .Values.sentry.postProcessForwardTransactions.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.postProcessForwardTransactions.priorityClassName }} + priorityClassName: "{{ .Values.sentry.postProcessForwardTransactions.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-post-process-forwarder.yaml b/charts/sentry/templates/deployment-sentry-post-process-forwarder.yaml deleted file mode 100644 index f8a0f5f..0000000 --- a/charts/sentry/templates/deployment-sentry-post-process-forwarder.yaml +++ /dev/null @@ -1,118 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ template "sentry.fullname" . }}-post-process-forward - labels: - app: sentry - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - app.kubernetes.io/managed-by: "Helm" - {{- if .Values.asHook }} - {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} - annotations: - meta.helm.sh/release-name: "{{ .Release.Name }}" - meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-weight": "10" - {{- end }} -spec: - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - selector: - matchLabels: - app: sentry - release: "{{ .Release.Name }}" - role: sentry-post-process-forward - replicas: {{ .Values.sentry.postProcessForward.replicas }} - template: - metadata: - annotations: - checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} - checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} - checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} - labels: - app: sentry - release: "{{ .Release.Name }}" - role: sentry-post-process-forward - {{- if .Values.sentry.postProcessForward.podLabels }} -{{ toYaml .Values.sentry.postProcessForward.podLabels | indent 8 }} - {{- end }} - spec: - serviceAccountName: {{ template "sentry.serviceAccountName" . }} - affinity: - {{- if .Values.sentry.postProcessForward.affinity }} -{{ toYaml .Values.sentry.postProcessForward.affinity | indent 8 }} - {{- end }} - {{- if .Values.sentry.postProcessForward.nodeSelector }} - nodeSelector: -{{ toYaml .Values.sentry.postProcessForward.nodeSelector | indent 8 }} - {{- end }} - {{- if .Values.sentry.postProcessForward.tolerations }} - tolerations: -{{ toYaml .Values.sentry.postProcessForward.tolerations | indent 8 }} - {{- end }} - {{- if .Values.images.sentry.imagePullSecrets }} - imagePullSecrets: -{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} - {{- end }} - {{- if .Values.sentry.postProcessForward.securityContext }} - securityContext: -{{ toYaml .Values.sentry.postProcessForward.securityContext | indent 8 }} - {{- end }} - containers: - - name: {{ .Chart.Name }}-post-process-forward - image: "{{ template "sentry.image" . }}" - imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} - command: ["sentry", "run", "post-process-forwarder", "--commit-batch-size", "{{ default "1" .Values.sentry.postProcessForward.commitBatchSize }}"] - env: - - name: SNUBA - value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} - {{ if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} - {{ end }} -{{- if .Values.sentry.postProcessForward.env }} -{{ toYaml .Values.sentry.postProcessForward.env | indent 8 }} -{{- end }} - volumeMounts: - - mountPath: /etc/sentry - name: config - readOnly: true - - mountPath: {{ .Values.filestore.filesystem.path }} - name: sentry-data - {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: sentry-google-cloud-key - mountPath: /var/run/secrets/google - {{ end }} - resources: -{{ toYaml .Values.sentry.postProcessForward.resources | indent 12 }} -{{- if .Values.sentry.postProcessForward.sidecars }} -{{ toYaml .Values.sentry.postProcessForward.sidecars | indent 6 }} -{{- end }} - volumes: - - name: config - configMap: - name: {{ template "sentry.fullname" . }}-sentry - - name: sentry-data - {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} - persistentVolumeClaim: - claimName: {{ template "sentry.fullname" . }}-data - {{- else }} - emptyDir: {} - {{ end }} - {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: sentry-google-cloud-key - secret: - secretName: {{ .Values.filestore.gcs.secretName }} - {{ end }} -{{- if .Values.sentry.postProcessForward.volumes }} -{{ toYaml .Values.sentry.postProcessForward.volumes | indent 6 }} -{{- end }} - {{- if .Values.sentry.postProcessForward.priorityClassName }} - priorityClassName: "{{ .Values.sentry.postProcessForward.priorityClassName }}" - {{- end }} \ No newline at end of file diff --git a/charts/sentry/templates/deployment-sentry-subscription-consumer-events.yaml b/charts/sentry/templates/deployment-sentry-subscription-consumer-events.yaml new file mode 100644 index 0000000..6153ed8 --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-subscription-consumer-events.yaml @@ -0,0 +1,130 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-subscription-consumer-events + labels: + app: sentry + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-subscription-consumer-events + replicas: {{ .Values.sentry.subscriptionConsumerEvents.replicas }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.subscriptionConsumerEvents.annotations }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.annotations | indent 8 }} + {{- end }} + labels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-subscription-consumer-events + {{- if .Values.sentry.subscriptionConsumerEvents.podLabels }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.subscriptionConsumerEvents.affinity }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.subscriptionConsumerEvents.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.subscriptionConsumerEvents.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.subscriptionConsumerEvents.tolerations }} + tolerations: +{{ toYaml .Values.sentry.subscriptionConsumerEvents.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.sentry.subscriptionConsumerEvents.securityContext }} + securityContext: +{{ toYaml .Values.sentry.subscriptionConsumerEvents.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-subscription-consumer-events + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "query-subscription-consumer" + - "--topic" + - "events-subscription-results" + env: +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.subscriptionConsumerEvents.env }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.subscriptionConsumerEvents.volumeMounts }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.subscriptionConsumerEvents.resources | indent 12 }} +{{- if .Values.sentry.subscriptionConsumerEvents.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.subscriptionConsumerEvents.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.subscriptionConsumerEvents.sidecars }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-subscription-consumer-events + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.subscriptionConsumerEvents.volumes }} +{{ toYaml .Values.sentry.subscriptionConsumerEvents.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.subscriptionConsumerEvents.priorityClassName }} + priorityClassName: "{{ .Values.sentry.subscriptionConsumerEvents.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-subscription-consumer-transactions.yaml b/charts/sentry/templates/deployment-sentry-subscription-consumer-transactions.yaml new file mode 100644 index 0000000..4f21eef --- /dev/null +++ b/charts/sentry/templates/deployment-sentry-subscription-consumer-transactions.yaml @@ -0,0 +1,130 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-subscription-consumer-transactions + labels: + app: sentry + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "10" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-subscription-consumer-transactions + replicas: {{ .Values.sentry.subscriptionConsumerTransactions.replicas }} + template: + metadata: + annotations: + checksum/configYml: {{ .Values.config.configYml | toYaml | toString | sha256sum }} + checksum/sentryConfPy: {{ .Values.config.sentryConfPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-sentry.yaml") . | sha256sum }} + {{- if .Values.sentry.subscriptionConsumerTransactions.annotations }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.annotations | indent 8 }} + {{- end }} + labels: + app: sentry + release: "{{ .Release.Name }}" + role: sentry-subscription-consumer-transactions + {{- if .Values.sentry.subscriptionConsumerTransactions.podLabels }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.sentry.subscriptionConsumerTransactions.affinity }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.affinity | indent 8 }} + {{- end }} + {{- if .Values.sentry.subscriptionConsumerTransactions.nodeSelector }} + nodeSelector: +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.sentry.subscriptionConsumerTransactions.tolerations }} + tolerations: +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.sentry.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.sentry.subscriptionConsumerTransactions.securityContext }} + securityContext: +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-subscription-consumer-transactions + image: "{{ template "sentry.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} + command: ["sentry"] + args: + - "run" + - "query-subscription-consumer" + - "--topic" + - "transactions-subscription-results" + env: +{{ include "sentry.env" . | indent 8 }} +{{- if .Values.sentry.subscriptionConsumerTransactions.env }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.env | indent 8 }} +{{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + - mountPath: {{ .Values.filestore.filesystem.path }} + name: sentry-data + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + mountPath: /var/run/secrets/google + {{ end }} +{{- if .Values.sentry.subscriptionConsumerTransactions.volumeMounts }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.resources | indent 12 }} +{{- if .Values.sentry.subscriptionConsumerTransactions.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.containerSecurityContext | indent 12 }} +{{- end }} +{{- if .Values.sentry.subscriptionConsumerTransactions.sidecars }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.sidecars | indent 6 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-subscription-consumer-transactions + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-sentry + - name: sentry-data + {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} + persistentVolumeClaim: + claimName: {{ template "sentry.fullname" . }}-data + {{- end }} + {{- else }} + emptyDir: {} + {{ end }} + {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} + - name: sentry-google-cloud-key + secret: + secretName: {{ .Values.filestore.gcs.secretName }} + {{ end }} +{{- if .Values.sentry.subscriptionConsumerTransactions.volumes }} +{{ toYaml .Values.sentry.subscriptionConsumerTransactions.volumes | indent 6 }} +{{- end }} + {{- if .Values.sentry.subscriptionConsumerTransactions.priorityClassName }} + priorityClassName: "{{ .Values.sentry.subscriptionConsumerTransactions.priorityClassName }}" + {{- end }} diff --git a/charts/sentry/templates/deployment-sentry-web.yaml b/charts/sentry/templates/deployment-sentry-web.yaml index afafb37..01739d3 100644 --- a/charts/sentry/templates/deployment-sentry-web.yaml +++ b/charts/sentry/templates/deployment-sentry-web.yaml @@ -36,7 +36,6 @@ spec: {{ toYaml .Values.sentry.web.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "sentry.serviceAccountName" . }} affinity: {{- if .Values.sentry.web.affinity }} {{ toYaml .Values.sentry.web.affinity | indent 8 }} @@ -52,6 +51,13 @@ spec: {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.sentry.web.securityContext }} securityContext: @@ -65,17 +71,7 @@ spec: ports: - containerPort: {{ template "sentry.port" }} env: - - name: SNUBA - value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" }} - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} - {{ if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} - {{ end }} +{{ include "sentry.env" . | indent 8 }} {{ if .Values.sentry.web.customCA }} - name: REQUESTS_CA_BUNDLE value: /etc/pki/ca-trust/custom/{{ default "ca.crt" .Values.sentry.web.customCA.item }} @@ -89,6 +85,10 @@ spec: readOnly: true - mountPath: {{ .Values.filestore.filesystem.path }} name: sentry-data + {{- if .Values.geodata.volumeName }} + - name: {{ .Values.geodata.volumeName }} + mountPath: {{ .Values.geodata.mountPath }} + {{- end }} {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - name: sentry-google-cloud-key mountPath: /var/run/secrets/google @@ -97,39 +97,54 @@ spec: - name: custom-ca mountPath: /etc/pki/ca-trust/custom {{ end }} +{{- if .Values.sentry.web.volumeMounts }} +{{ toYaml .Values.sentry.web.volumeMounts | indent 8 }} +{{- end }} livenessProbe: - failureThreshold: 5 + failureThreshold: {{ .Values.sentry.web.probeFailureThreshold }} httpGet: - path: /_health/ + path: {{ template "sentry.healthCheck.requestPath" }} port: {{ template "sentry.port" }} scheme: HTTP initialDelaySeconds: {{ .Values.sentry.web.probeInitialDelaySeconds }} - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 + periodSeconds: {{ .Values.sentry.web.probePeriodSeconds }} + successThreshold: {{ .Values.sentry.web.probeSuccessThreshold }} + timeoutSeconds: {{ .Values.sentry.web.probeTimeoutSeconds }} readinessProbe: - failureThreshold: 10 + failureThreshold: {{ .Values.sentry.web.probeFailureThreshold }} httpGet: - path: /_health/ + path: {{ template "sentry.healthCheck.requestPath" }} port: {{ template "sentry.port" }} scheme: HTTP initialDelaySeconds: {{ .Values.sentry.web.probeInitialDelaySeconds }} - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 2 + periodSeconds: {{ .Values.sentry.web.probePeriodSeconds }} + successThreshold: {{ .Values.sentry.web.probeSuccessThreshold }} + timeoutSeconds: {{ .Values.sentry.web.probeTimeoutSeconds }} resources: {{ toYaml .Values.sentry.web.resources | indent 12 }} +{{- if .Values.sentry.web.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.web.containerSecurityContext | indent 12 }} +{{- end }} {{- if .Values.sentry.web.sidecars }} {{ toYaml .Values.sentry.web.sidecars | indent 6 }} {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-web + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-sentry - name: sentry-data {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} persistentVolumeClaim: claimName: {{ template "sentry.fullname" . }}-data + {{- end }} {{- else }} emptyDir: {} {{ end }} diff --git a/charts/sentry/templates/deployment-sentry-worker.yaml b/charts/sentry/templates/deployment-sentry-worker.yaml index d401105..6a0278a 100644 --- a/charts/sentry/templates/deployment-sentry-worker.yaml +++ b/charts/sentry/templates/deployment-sentry-worker.yaml @@ -34,7 +34,6 @@ spec: {{ toYaml .Values.sentry.worker.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "sentry.serviceAccountName" . }} affinity: {{- if .Values.sentry.worker.affinity }} {{ toYaml .Values.sentry.worker.affinity | indent 8 }} @@ -50,6 +49,13 @@ spec: {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.sentry.worker.securityContext }} securityContext: @@ -68,19 +74,9 @@ spec: - "{{ .Values.sentry.worker.concurrency }}" {{- end }} env: - - name: SNUBA - value: http://{{ template "sentry.fullname" . }}-snuba:{{ template "snuba.port" }} - name: C_FORCE_ROOT value: "true" - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} - {{ if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - - name: GOOGLE_APPLICATION_CREDENTIALS - value: /var/run/secrets/google/{{ .Values.filestore.gcs.credentialsFile }} - {{ end }} +{{ include "sentry.env" . | indent 8 }} {{- if .Values.sentry.worker.env }} {{ toYaml .Values.sentry.worker.env | indent 8 }} {{- end }} @@ -90,23 +86,55 @@ spec: readOnly: true - mountPath: {{ .Values.filestore.filesystem.path }} name: sentry-data + {{- if .Values.geodata.volumeName }} + - name: {{ .Values.geodata.volumeName }} + mountPath: {{ .Values.geodata.mountPath }} + {{- end }} {{- if and (eq .Values.filestore.backend "gcs") .Values.filestore.gcs.secretName }} - name: sentry-google-cloud-key mountPath: /var/run/secrets/google {{ end }} +{{- if .Values.sentry.worker.volumeMounts }} +{{ toYaml .Values.sentry.worker.volumeMounts | indent 8 }} +{{- end }} + {{- if .Values.sentry.worker.livenessProbe.enabled }} + livenessProbe: + periodSeconds: {{ .Values.sentry.worker.livenessProbe.periodSeconds }} + initialDelaySeconds: 10 + timeoutSeconds: {{ .Values.sentry.worker.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.sentry.worker.livenessProbe.failureThreshold }} + exec: + command: + - sentry + - exec + - -c + - 'import celery, os; dest="celery@{}".format(os.environ["HOSTNAME"]); print(celery.task.control.ping(destination=[dest], timeout=5)[0][dest]["ok"])' +{{- end }} resources: {{ toYaml .Values.sentry.worker.resources | indent 12 }} +{{- if .Values.sentry.worker.containerSecurityContext }} + securityContext: +{{ toYaml .Values.sentry.worker.containerSecurityContext | indent 12 }} +{{- end }} {{- if .Values.sentry.worker.sidecars }} {{ toYaml .Values.sentry.worker.sidecars | indent 6 }} {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-worker + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-sentry - name: sentry-data {{- if and (eq .Values.filestore.backend "filesystem") .Values.filestore.filesystem.persistence.enabled (.Values.filestore.filesystem.persistence.persistentWorkers) }} + {{- if .Values.filestore.filesystem.persistence.existingClaim }} + persistentVolumeClaim: + claimName: {{ .Values.filestore.filesystem.persistence.existingClaim }} + {{- else }} persistentVolumeClaim: claimName: {{ template "sentry.fullname" . }}-data + {{- end }} {{- else }} emptyDir: {} {{ end }} @@ -120,4 +148,4 @@ spec: {{- end }} {{- if .Values.sentry.worker.volumes }} {{ toYaml .Values.sentry.worker.volumes | indent 6 }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-api.yaml b/charts/sentry/templates/deployment-snuba-api.yaml index 8e668e0..c56de34 100644 --- a/charts/sentry/templates/deployment-snuba-api.yaml +++ b/charts/sentry/templates/deployment-snuba-api.yaml @@ -48,6 +48,13 @@ spec: {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.snuba.api.securityContext }} securityContext: @@ -57,6 +64,10 @@ spec: - name: {{ .Chart.Name }}-snuba image: "{{ template "snuba.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} + {{- if .Values.snuba.api.command }} + command: +{{ toYaml .Values.snuba.api.command | indent 8 }} + {{- end }} ports: - containerPort: {{ template "snuba.port" }} env: @@ -71,6 +82,9 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.snuba.api.volumeMounts }} +{{ toYaml .Values.snuba.api.volumeMounts | indent 8 }} +{{- end }} livenessProbe: failureThreshold: 5 httpGet: @@ -80,7 +94,7 @@ spec: initialDelaySeconds: {{ .Values.snuba.api.probeInitialDelaySeconds }} periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 2 + timeoutSeconds: {{ .Values.snuba.api.liveness.timeoutSeconds }} readinessProbe: failureThreshold: 10 httpGet: @@ -90,12 +104,19 @@ spec: initialDelaySeconds: {{ .Values.snuba.api.probeInitialDelaySeconds }} periodSeconds: 10 successThreshold: 1 - timeoutSeconds: 2 + timeoutSeconds: {{ .Values.snuba.api.readiness.timeoutSeconds }} resources: {{ toYaml .Values.snuba.api.resources | indent 12 }} +{{- if .Values.snuba.api.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.api.containerSecurityContext | indent 12 }} +{{- end }} {{- if .Values.snuba.api.sidecars }} {{ toYaml .Values.snuba.api.sidecars | indent 6 }} {{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} volumes: - name: config configMap: diff --git a/charts/sentry/templates/deployment-snuba-consumer.yaml b/charts/sentry/templates/deployment-snuba-consumer.yaml index 3ff2d18..7101271 100644 --- a/charts/sentry/templates/deployment-snuba-consumer.yaml +++ b/charts/sentry/templates/deployment-snuba-consumer.yaml @@ -55,6 +55,13 @@ spec: {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.snuba.consumer.securityContext }} securityContext: @@ -64,7 +71,46 @@ spec: - name: {{ .Chart.Name }}-snuba image: "{{ template "snuba.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: ["snuba", "consumer", "--storage", "errors", "--auto-offset-reset=latest", "--max-batch-time-ms", "750"] + command: + - "snuba" + - "consumer" + - "--storage" + - "errors" + - "--auto-offset-reset" + - "{{ .Values.snuba.consumer.autoOffsetReset }}" + - "--max-batch-time-ms" + - "750" + {{- if .Values.snuba.consumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.snuba.consumer.maxBatchSize }}" + {{- end }} + {{- if .Values.snuba.consumer.processes }} + - "--processes" + - "{{ .Values.snuba.consumer.processes }}" + {{- end }} + {{- if .Values.snuba.consumer.inputBlockSize }} + - "--input-block-size" + - "{{ .Values.snuba.consumer.inputBlockSize }}" + {{- end }} + {{- if .Values.snuba.consumer.outputBlockSize }} + - "--output-block-size" + - "{{ .Values.snuba.consumer.outputBlockSize }}" + {{- end }} + {{- if .Values.snuba.consumer.maxBatchTimeMs }} + - "--max-batch-time-ms" + - "{{ .Values.snuba.consumer.maxBatchTimeMs }}" + {{- end }} + {{- if .Values.snuba.consumer.queuedMaxMessagesKbytes }} + - "--queued-max-messages-kbytes" + - "{{ .Values.snuba.consumer.queuedMaxMessagesKbytes }}" + {{- end }} + {{- if .Values.snuba.consumer.queuedMinMessages }} + - "--queued-min-messages" + - "{{ .Values.snuba.consumer.queuedMinMessages }}" + {{- end }} + {{- if .Values.snuba.consumer.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} ports: - containerPort: {{ template "snuba.port" }} env: @@ -79,9 +125,22 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.snuba.consumer.volumeMounts }} +{{ toYaml .Values.snuba.consumer.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.snuba.consumer.resources | indent 12 }} +{{- if .Values.snuba.consumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.consumer.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.consumer.volumes }} +{{ toYaml .Values.snuba.consumer.volumes | indent 8 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-outcomes-consumer.yaml b/charts/sentry/templates/deployment-snuba-outcomes-consumer.yaml index 76490e3..e42a9a4 100644 --- a/charts/sentry/templates/deployment-snuba-outcomes-consumer.yaml +++ b/charts/sentry/templates/deployment-snuba-outcomes-consumer.yaml @@ -55,6 +55,13 @@ spec: {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.snuba.outcomesConsumer.securityContext }} securityContext: @@ -64,7 +71,42 @@ spec: - name: {{ .Chart.Name }}-snuba image: "{{ template "snuba.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: ["snuba", "consumer", "--storage", "outcomes_raw", "--auto-offset-reset=latest", "--max-batch-size", "3"] + command: + - "snuba" + - "consumer" + - "--storage" + - "outcomes_raw" + - "--auto-offset-reset" + - "{{ .Values.snuba.outcomesConsumer.autoOffsetReset }}" + - "--max-batch-size" + - "{{ default "3" .Values.snuba.outcomesConsumer.maxBatchSize }}" + {{- if .Values.snuba.outcomesConsumer.processes }} + - "--processes" + - "{{ .Values.snuba.outcomesConsumer.processes }}" + {{- end }} + {{- if .Values.snuba.outcomesConsumer.inputBlockSize }} + - "--input-block-size" + - "{{ .Values.snuba.outcomesConsumer.inputBlockSize }}" + {{- end }} + {{- if .Values.snuba.outcomesConsumer.outputBlockSize }} + - "--output-block-size" + - "{{ .Values.snuba.outcomesConsumer.outputBlockSize }}" + {{- end }} + {{- if .Values.snuba.outcomesConsumer.maxBatchTimeMs }} + - "--max-batch-time-ms" + - "{{ .Values.snuba.outcomesConsumer.maxBatchTimeMs }}" + {{- end }} + {{- if .Values.snuba.outcomesConsumer.queuedMaxMessagesKbytes }} + - "--queued-max-messages-kbytes" + - "{{ .Values.snuba.outcomesConsumer.queuedMaxMessagesKbytes }}" + {{- end }} + {{- if .Values.snuba.outcomesConsumer.queuedMinMessages }} + - "--queued-min-messages" + - "{{ .Values.snuba.outcomesConsumer.queuedMinMessages }}" + {{- end }} + {{- if .Values.snuba.outcomesConsumer.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} ports: - containerPort: {{ template "snuba.port" }} env: @@ -79,9 +121,22 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.snuba.outcomesConsumer.volumeMounts }} +{{ toYaml .Values.snuba.outcomesConsumer.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.snuba.outcomesConsumer.resources | indent 12 }} +{{- if .Values.snuba.outcomesConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.outcomesConsumer.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.outcomesConsumer.volumes }} +{{ toYaml .Values.snuba.outcomesConsumer.volumes | indent 8 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-replacer.yaml b/charts/sentry/templates/deployment-snuba-replacer.yaml index 4b9bdfa..9ed59c7 100644 --- a/charts/sentry/templates/deployment-snuba-replacer.yaml +++ b/charts/sentry/templates/deployment-snuba-replacer.yaml @@ -55,6 +55,13 @@ spec: {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.snuba.replacer.securityContext }} securityContext: @@ -64,7 +71,25 @@ spec: - name: {{ .Chart.Name }}-snuba image: "{{ template "snuba.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: ["snuba", "replacer", "--storage", "errors", "--auto-offset-reset=latest", "--max-batch-size", "3"] + command: + - "snuba" + - "replacer" + - "--storage" + - "errors" + - "--auto-offset-reset" + - "{{ .Values.snuba.replacer.autoOffsetReset }}" + {{- if .Values.snuba.replacer.maxBatchTimeMs }} + - "--max-batch-time-ms" + - "{{ .Values.snuba.replacer.maxBatchTimeMs }}" + {{- end }} + {{- if .Values.snuba.replacer.queuedMaxMessagesKbytes }} + - "--queued-max-messages-kbytes" + - "{{ .Values.snuba.replacer.queuedMaxMessagesKbytes }}" + {{- end }} + {{- if .Values.snuba.replacer.queuedMinMessages }} + - "--queued-min-messages" + - "{{ .Values.snuba.replacer.queuedMinMessages }}" + {{- end }} ports: - containerPort: {{ template "snuba.port" }} env: @@ -79,9 +104,22 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.snuba.replacer.volumeMounts }} +{{ toYaml .Values.snuba.replacer.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.snuba.replacer.resources | indent 12 }} +{{- if .Values.snuba.replacer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.replacer.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} volumes: - - name: config - configMap: - name: {{ template "sentry.fullname" . }}-snuba + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.replacer.volumes }} +{{ toYaml .Values.snuba.replacer.volumes | indent 6 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-replays-consumer.yaml b/charts/sentry/templates/deployment-snuba-replays-consumer.yaml new file mode 100644 index 0000000..3242e21 --- /dev/null +++ b/charts/sentry/templates/deployment-snuba-replays-consumer.yaml @@ -0,0 +1,148 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-snuba-replays-consumer + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "12" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-replays-consumer + replicas: {{ .Values.snuba.replaysConsumer.replicas }} + template: + metadata: + annotations: + checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-snuba.yaml") . | sha256sum }} + {{- if .Values.snuba.replaysConsumer.annotations }} +{{ toYaml .Values.snuba.replaysConsumer.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-replays-consumer + {{- if .Values.snuba.replaysConsumer.podLabels }} +{{ toYaml .Values.snuba.replaysConsumer.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.snuba.replaysConsumer.affinity }} +{{ toYaml .Values.snuba.replaysConsumer.affinity | indent 8 }} + {{- end }} + {{- if .Values.snuba.replaysConsumer.nodeSelector }} + nodeSelector: +{{ toYaml .Values.snuba.replaysConsumer.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.snuba.replaysConsumer.tolerations }} + tolerations: +{{ toYaml .Values.snuba.replaysConsumer.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.snuba.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.snuba.replaysConsumer.securityContext }} + securityContext: +{{ toYaml .Values.snuba.replaysConsumer.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-snuba + image: "{{ template "snuba.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} + command: + - "snuba" + - "consumer" + - "--storage" + - "replays" + - "--consumer-group" + - "replays_group" + - "--auto-offset-reset" + - "{{ .Values.snuba.replaysConsumer.autoOffsetReset }}" + - "--max-batch-time-ms" + - "750" + {{- if .Values.snuba.replaysConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.snuba.replaysConsumer.maxBatchSize }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.processes }} + - "--processes" + - "{{ .Values.snuba.replaysConsumer.processes }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.inputBlockSize }} + - "--input-block-size" + - "{{ .Values.snuba.replaysConsumer.inputBlockSize }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.outputBlockSize }} + - "--output-block-size" + - "{{ .Values.snuba.replaysConsumer.outputBlockSize }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.maxBatchTimeMs }} + - "--max-batch-time-ms" + - "{{ .Values.snuba.replaysConsumer.maxBatchTimeMs }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.queuedMaxMessagesKbytes }} + - "--queued-max-messages-kbytes" + - "{{ .Values.snuba.replaysConsumer.queuedMaxMessagesKbytes }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.queuedMinMessages }} + - "--queued-min-messages" + - "{{ .Values.snuba.replaysConsumer.queuedMinMessages }}" + {{- end }} + {{- if .Values.snuba.replaysConsumer.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} + ports: + - containerPort: {{ template "snuba.port" }} + env: +{{ include "sentry.snuba.env" . | indent 8 }} +{{- if .Values.snuba.replaysConsumer.env }} +{{ toYaml .Values.snuba.replaysConsumer.env | indent 8 }} +{{- end }} + envFrom: + - secretRef: + name: {{ template "sentry.fullname" . }}-snuba-env + volumeMounts: + - mountPath: /etc/snuba + name: config + readOnly: true +{{- if .Values.snuba.replaysConsumer.volumeMounts }} +{{ toYaml .Values.snuba.replaysConsumer.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.snuba.replaysConsumer.resources | indent 12 }} +{{- if .Values.snuba.replaysConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.replaysConsumer.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.replaysConsumer.volumes }} +{{ toYaml .Values.snuba.replaysConsumer.volumes | indent 8 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-sessions-consumer.yaml b/charts/sentry/templates/deployment-snuba-sessions-consumer.yaml index 33dc17e..9765d4a 100644 --- a/charts/sentry/templates/deployment-snuba-sessions-consumer.yaml +++ b/charts/sentry/templates/deployment-snuba-sessions-consumer.yaml @@ -55,6 +55,13 @@ spec: {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.snuba.sessionsConsumer.securityContext }} securityContext: @@ -64,7 +71,46 @@ spec: - name: {{ .Chart.Name }}-snuba image: "{{ template "snuba.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: ["snuba", "consumer", "--storage", "sessions_raw", "--auto-offset-reset=latest", "--max-batch-time-ms", "750"] + command: + - "snuba" + - "consumer" + - "--storage" + - "sessions_raw" + - "--auto-offset-reset" + - "{{ .Values.snuba.sessionsConsumer.autoOffsetReset }}" + - "--max-batch-time-ms" + - "750" + {{- if .Values.snuba.sessionsConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.snuba.sessionsConsumer.maxBatchSize }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.processes }} + - "--processes" + - "{{ .Values.snuba.sessionsConsumer.processes }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.inputBlockSize }} + - "--input-block-size" + - "{{ .Values.snuba.sessionsConsumer.inputBlockSize }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.outputBlockSize }} + - "--output-block-size" + - "{{ .Values.snuba.sessionsConsumer.outputBlockSize }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.maxBatchTimeMs }} + - "--max-batch-time-ms" + - "{{ .Values.snuba.sessionsConsumer.maxBatchTimeMs }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.queuedMaxMessagesKbytes }} + - "--queued-max-messages-kbytes" + - "{{ .Values.snuba.sessionsConsumer.queuedMaxMessagesKbytes }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.queuedMinMessages }} + - "--queued-min-messages" + - "{{ .Values.snuba.sessionsConsumer.queuedMinMessages }}" + {{- end }} + {{- if .Values.snuba.sessionsConsumer.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} ports: - containerPort: {{ template "snuba.port" }} env: @@ -79,9 +125,22 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.snuba.sessionsConsumer.volumeMounts }} +{{ toYaml .Values.snuba.sessionsConsumer.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.snuba.sessionsConsumer.resources | indent 12 }} +{{- if .Values.snuba.sessionsConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.sessionsConsumer.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.sessionsConsumer.volumes }} +{{ toYaml .Values.snuba.sessionsConsumer.volumes | indent 8 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-subscription-consumer-events.yaml b/charts/sentry/templates/deployment-snuba-subscription-consumer-events.yaml new file mode 100644 index 0000000..4a2a3ba --- /dev/null +++ b/charts/sentry/templates/deployment-snuba-subscription-consumer-events.yaml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-snuba-subscription-consumer-events + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "18" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-subscription-consumer-events + replicas: {{ .Values.snuba.subscriptionConsumerEvents.replicas }} + template: + metadata: + annotations: + checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-snuba.yaml") . | sha256sum }} + {{- if .Values.snuba.subscriptionConsumerEvents.annotations }} +{{ toYaml .Values.snuba.subscriptionConsumerEvents.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-subscription-consumer-events + {{- if .Values.snuba.subscriptionConsumerEvents.podLabels }} +{{ toYaml .Values.snuba.subscriptionConsumerEvents.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.snuba.subscriptionConsumerEvents.affinity }} +{{ toYaml .Values.snuba.subscriptionConsumerEvents.affinity | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerEvents.nodeSelector }} + nodeSelector: +{{ toYaml .Values.snuba.subscriptionConsumerEvents.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerEvents.tolerations }} + tolerations: +{{ toYaml .Values.snuba.subscriptionConsumerEvents.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.snuba.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerEvents.securityContext }} + securityContext: +{{ toYaml .Values.snuba.subscriptionConsumerEvents.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-snuba + image: "{{ template "snuba.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} + command: + - "snuba" + - "subscriptions-scheduler-executor" + - "--auto-offset-reset={{ .Values.snuba.subscriptionConsumerEvents.autoOffsetReset }}" + - "--dataset=events" + - "--entity=events" + {{- if .Values.snuba.subscriptionConsumerEvents.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} + - "--consumer-group=snuba-events-subscriptions-consumers" + - "--followed-consumer-group=snuba-consumers" + - "--delay-seconds=60" + - "--schedule-ttl=60" + - "--stale-threshold-seconds=900" + ports: + - containerPort: {{ template "snuba.port" }} + env: +{{ include "sentry.snuba.env" . | indent 8 }} +{{- if .Values.snuba.subscriptionConsumerEvents.env }} +{{ toYaml .Values.snuba.subscriptionConsumerEvents.env | indent 8 }} +{{- end }} + envFrom: + - secretRef: + name: {{ template "sentry.fullname" . }}-snuba-env + volumeMounts: + - mountPath: /etc/snuba + name: config + readOnly: true +{{- if .Values.snuba.subscriptionConsumerEvents.volumeMounts }} +{{ toYaml .Values.snuba.subscriptionConsumerEvents.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.snuba.subscriptionConsumerEvents.resources | indent 12 }} +{{- if .Values.snuba.subscriptionConsumerEvents.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.subscriptionConsumerEvents.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.subscriptionConsumerEvents.volumes }} +{{ toYaml .Values.snuba.subscriptionConsumerEvents.volumes | indent 6 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-subscription-consumer-sessions.yaml b/charts/sentry/templates/deployment-snuba-subscription-consumer-sessions.yaml new file mode 100644 index 0000000..112e2f4 --- /dev/null +++ b/charts/sentry/templates/deployment-snuba-subscription-consumer-sessions.yaml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-snuba-subscription-consumer-sessions + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "18" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-subscription-consumer-sessions + replicas: {{ .Values.snuba.subscriptionConsumerSessions.replicas }} + template: + metadata: + annotations: + checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-snuba.yaml") . | sha256sum }} + {{- if .Values.snuba.subscriptionConsumerSessions.annotations }} +{{ toYaml .Values.snuba.subscriptionConsumerSessions.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-subscription-consumer-sessions + {{- if .Values.snuba.subscriptionConsumerSessions.podLabels }} +{{ toYaml .Values.snuba.subscriptionConsumerSessions.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.snuba.subscriptionConsumerSessions.affinity }} +{{ toYaml .Values.snuba.subscriptionConsumerSessions.affinity | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerSessions.nodeSelector }} + nodeSelector: +{{ toYaml .Values.snuba.subscriptionConsumerSessions.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerSessions.tolerations }} + tolerations: +{{ toYaml .Values.snuba.subscriptionConsumerSessions.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.snuba.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerSessions.securityContext }} + securityContext: +{{ toYaml .Values.snuba.subscriptionConsumerSessions.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-snuba + image: "{{ template "snuba.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} + command: + - "snuba" + - "subscriptions-scheduler-executor" + - "--auto-offset-reset={{ .Values.snuba.subscriptionConsumerSessions.autoOffsetReset }}" + - "--dataset=sessions" + - "--entity=sessions" + {{- if .Values.snuba.subscriptionConsumerSessions.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} + - "--consumer-group=snuba-sessions-subscriptions-consumers" + - "--followed-consumer-group=snuba-consumers" + - "--delay-seconds=60" + - "--schedule-ttl=60" + - "--stale-threshold-seconds=900" + ports: + - containerPort: {{ template "snuba.port" }} + env: +{{ include "sentry.snuba.env" . | indent 8 }} +{{- if .Values.snuba.subscriptionConsumerSessions.env }} +{{ toYaml .Values.snuba.subscriptionConsumerSessions.env | indent 8 }} +{{- end }} + envFrom: + - secretRef: + name: {{ template "sentry.fullname" . }}-snuba-env + volumeMounts: + - mountPath: /etc/snuba + name: config + readOnly: true +{{- if .Values.snuba.subscriptionConsumerSessions.volumeMounts }} +{{ toYaml .Values.snuba.subscriptionConsumerSessions.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.snuba.subscriptionConsumerSessions.resources | indent 12 }} +{{- if .Values.snuba.subscriptionConsumerSessions.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.subscriptionConsumerSessions.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.subscriptionConsumerSessions.volumes }} +{{ toYaml .Values.snuba.subscriptionConsumerSessions.volumes | indent 6 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-subscription-consumer-transactions.yaml b/charts/sentry/templates/deployment-snuba-subscription-consumer-transactions.yaml new file mode 100644 index 0000000..b3a04c9 --- /dev/null +++ b/charts/sentry/templates/deployment-snuba-subscription-consumer-transactions.yaml @@ -0,0 +1,113 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sentry.fullname" . }}-snuba-subscription-consumer-transactions + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + app.kubernetes.io/managed-by: "Helm" + {{- if .Values.asHook }} + {{- /* Add the Helm annotations so that deployment after asHook from true to false works */}} + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "18" + {{- end }} +spec: + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + selector: + matchLabels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-subscription-consumer-transactions + replicas: {{ .Values.snuba.subscriptionConsumerTransactions.replicas }} + template: + metadata: + annotations: + checksum/snubaSettingsPy: {{ .Values.config.snubaSettingsPy | sha256sum }} + checksum/config.yaml: {{ include (print $.Template.BasePath "/configmap-snuba.yaml") . | sha256sum }} + {{- if .Values.snuba.subscriptionConsumerTransactions.annotations }} +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.annotations | indent 8 }} + {{- end }} + labels: + app: {{ template "sentry.fullname" . }} + release: "{{ .Release.Name }}" + role: snuba-subscription-consumer-transactions + {{- if .Values.snuba.subscriptionConsumerTransactions.podLabels }} +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.podLabels | indent 8 }} + {{- end }} + spec: + affinity: + {{- if .Values.snuba.subscriptionConsumerTransactions.affinity }} +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.affinity | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerTransactions.nodeSelector }} + nodeSelector: +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerTransactions.tolerations }} + tolerations: +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.tolerations | indent 8 }} + {{- end }} + {{- if .Values.images.snuba.imagePullSecrets }} + imagePullSecrets: +{{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.snuba.subscriptionConsumerTransactions.securityContext }} + securityContext: +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.securityContext | indent 8 }} + {{- end }} + containers: + - name: {{ .Chart.Name }}-snuba + image: "{{ template "snuba.image" . }}" + imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} + command: + - "snuba" + - "subscriptions-scheduler-executor" + - "--auto-offset-reset={{ .Values.snuba.subscriptionConsumerTransactions.autoOffsetReset }}" + - "--dataset=transactions" + - "--entity=transactions" + {{- if .Values.snuba.subscriptionConsumerTransactions.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} + - "--consumer-group=snuba-transactions-subscriptions-consumers" + - "--followed-consumer-group=transactions_group" + - "--delay-seconds=60" + - "--schedule-ttl=60" + - "--stale-threshold-seconds=900" + ports: + - containerPort: {{ template "snuba.port" }} + env: +{{ include "sentry.snuba.env" . | indent 8 }} +{{- if .Values.snuba.subscriptionConsumerTransactions.env }} +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.env | indent 8 }} +{{- end }} + envFrom: + - secretRef: + name: {{ template "sentry.fullname" . }}-snuba-env + volumeMounts: + - mountPath: /etc/snuba + name: config + readOnly: true +{{- if .Values.snuba.subscriptionConsumerTransactions.volumeMounts }} +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.volumeMounts | indent 8 }} +{{- end }} + resources: +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.resources | indent 12 }} +{{- if .Values.snuba.subscriptionConsumerTransactions.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} + volumes: + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.subscriptionConsumerTransactions.volumes }} +{{ toYaml .Values.snuba.subscriptionConsumerTransactions.volumes | indent 6 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-snuba-transactions-consumer.yaml b/charts/sentry/templates/deployment-snuba-transactions-consumer.yaml index 360f92b..d87d89b 100644 --- a/charts/sentry/templates/deployment-snuba-transactions-consumer.yaml +++ b/charts/sentry/templates/deployment-snuba-transactions-consumer.yaml @@ -55,6 +55,13 @@ spec: {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.snuba.transactionsConsumer.securityContext }} securityContext: @@ -64,7 +71,48 @@ spec: - name: {{ .Chart.Name }}-snuba image: "{{ template "snuba.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.snuba.pullPolicy }} - command: ["snuba", "consumer", "--storage", "transactions", "--consumer-group", "transactions_group", "--auto-offset-reset=latest", "--max-batch-time-ms", "750"] + command: + - "snuba" + - "consumer" + - "--storage" + - "transactions" + - "--consumer-group" + - "transactions_group" + - "--auto-offset-reset" + - "{{ .Values.snuba.transactionsConsumer.autoOffsetReset }}" + - "--max-batch-time-ms" + - "750" + {{- if .Values.snuba.transactionsConsumer.maxBatchSize }} + - "--max-batch-size" + - "{{ .Values.snuba.transactionsConsumer.maxBatchSize }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.processes }} + - "--processes" + - "{{ .Values.snuba.transactionsConsumer.processes }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.inputBlockSize }} + - "--input-block-size" + - "{{ .Values.snuba.transactionsConsumer.inputBlockSize }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.outputBlockSize }} + - "--output-block-size" + - "{{ .Values.snuba.transactionsConsumer.outputBlockSize }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.maxBatchTimeMs }} + - "--max-batch-time-ms" + - "{{ .Values.snuba.transactionsConsumer.maxBatchTimeMs }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.queuedMaxMessagesKbytes }} + - "--queued-max-messages-kbytes" + - "{{ .Values.snuba.transactionsConsumer.queuedMaxMessagesKbytes }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.queuedMinMessages }} + - "--queued-min-messages" + - "{{ .Values.snuba.transactionsConsumer.queuedMinMessages }}" + {{- end }} + {{- if .Values.snuba.transactionsConsumer.noStrictOffsetReset }} + - "--no-strict-offset-reset" + {{- end }} ports: - containerPort: {{ template "snuba.port" }} env: @@ -79,9 +127,22 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.snuba.transactionsConsumer.volumeMounts }} +{{ toYaml .Values.snuba.transactionsConsumer.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.snuba.transactionsConsumer.resources | indent 12 }} +{{- if .Values.snuba.transactionsConsumer.containerSecurityContext }} + securityContext: +{{ toYaml .Values.snuba.transactionsConsumer.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-snuba + {{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.snuba.transactionsConsumer.volumes }} +{{ toYaml .Values.snuba.transactionsConsumer.volumes | indent 8 }} +{{- end }} diff --git a/charts/sentry/templates/deployment-symbolicator.yaml b/charts/sentry/templates/deployment-symbolicator.yaml index 208973f..a0ccacb 100644 --- a/charts/sentry/templates/deployment-symbolicator.yaml +++ b/charts/sentry/templates/deployment-symbolicator.yaml @@ -33,7 +33,6 @@ spec: {{ toYaml .Values.symbolicator.api.podLabels | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "sentry.serviceAccountName" . }} {{- if .Values.symbolicator.api.affinity }} affinity: {{ toYaml .Values.symbolicator.api.affinity | indent 8 }} @@ -49,6 +48,13 @@ spec: {{- if .Values.images.symbolicator.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.symbolicator.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} {{- end }} {{- if .Values.symbolicator.api.securityContext }} securityContext: @@ -79,6 +85,9 @@ spec: - name: sentry-google-cloud-key mountPath: /var/run/secrets/google {{ end }} +{{- if .Values.symbolicator.api.volumeMounts }} +{{ toYaml .Values.symbolicator.api.volumeMounts | indent 8 }} +{{- end }} livenessProbe: failureThreshold: 5 httpGet: @@ -101,6 +110,13 @@ spec: timeoutSeconds: 2 resources: {{ toYaml .Values.symbolicator.api.resources | indent 12 }} +{{- if .Values.symbolicator.api.containerSecurityContext }} + securityContext: +{{ toYaml .Values.symbolicator.api.containerSecurityContext | indent 12 }} +{{- end }} + {{- if .Values.serviceAccount.enabled }} + serviceAccountName: {{ .Values.serviceAccount.name }}-symbolicator-api + {{- end }} volumes: - name: config configMap: @@ -112,6 +128,9 @@ spec: secret: secretName: {{ .Values.filestore.gcs.secretName }} {{ end }} +{{- if .Values.sentry.ingestConsumer.volumes }} +{{ toYaml .Values.symbolicator.api.volumes | indent 6 }} +{{- end }} {{- if .Values.symbolicator.api.priorityClassName }} priorityClassName: "{{ .Values.symbolicator.api.priorityClassName }}" {{- end }} diff --git a/charts/sentry/templates/gke/backendconfig-sentry-relay.yaml b/charts/sentry/templates/gke/backendconfig-sentry-relay.yaml new file mode 100644 index 0000000..22e40ff --- /dev/null +++ b/charts/sentry/templates/gke/backendconfig-sentry-relay.yaml @@ -0,0 +1,21 @@ +{{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} +apiVersion: cloud.google.com/v1beta1 +kind: BackendConfig +metadata: + name: {{ include "sentry.fullname" . }}-relay + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + healthCheck: + checkIntervalSec: {{ .Values.relay.probePeriodSeconds }} + timeoutSec: {{ .Values.relay.probeTimeoutSeconds }} + healthyThreshold: {{ .Values.relay.probeSuccessThreshold }} + unhealthyThreshold: {{ .Values.relay.probeFailureThreshold }} + type: HTTP + requestPath: {{ template "relay.healthCheck.requestPath" }} + port: {{ template "relay.port" . }} +{{- end }} diff --git a/charts/sentry/templates/gke/backendconfig-sentry-web.yaml b/charts/sentry/templates/gke/backendconfig-sentry-web.yaml new file mode 100644 index 0000000..c33d8cb --- /dev/null +++ b/charts/sentry/templates/gke/backendconfig-sentry-web.yaml @@ -0,0 +1,21 @@ +{{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} +apiVersion: cloud.google.com/v1beta1 +kind: BackendConfig +metadata: + name: {{ include "sentry.fullname" . }}-web + namespace: {{ .Release.Namespace | quote }} + labels: + app: {{ template "sentry.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + healthCheck: + checkIntervalSec: {{ .Values.sentry.web.probePeriodSeconds }} + timeoutSec: {{ .Values.sentry.web.probeTimeoutSeconds }} + healthyThreshold: {{ .Values.sentry.web.probeSuccessThreshold }} + unhealthyThreshold: {{ .Values.sentry.web.probeFailureThreshold }} + type: HTTP + requestPath: {{ template "sentry.healthCheck.requestPath" }} + port: {{ .Values.service.externalPort }} +{{- end }} diff --git a/charts/sentry/templates/hooks/clickhouse-init.job.yaml b/charts/sentry/templates/hooks/clickhouse-init.job.yaml deleted file mode 100644 index 3ff464f..0000000 --- a/charts/sentry/templates/hooks/clickhouse-init.job.yaml +++ /dev/null @@ -1,76 +0,0 @@ -{{- if .Values.hooks.enabled -}} -{{- $clickhouseHost := include "sentry.clickhouse.host" . -}} -{{- $clickhousePort := include "sentry.clickhouse.port" . -}} -{{- $clickhouseDB := include "sentry.clickhouse.database" . -}} -{{- $clickhouseAuth := include "sentry.clickhouse.auth" . -}} -{{- $clickhouseClusterName := include "sentry.clickhouse.cluster.name" . -}} -{{- $tables := "discover errors groupassignee groupedmessage outcomes_hourly migrations outcomes_mv_hourly outcomes_raw sentry sessions_hourly sessions_hourly_mv sessions_raw transactions" -}} -{{- $dropQuery := "DROP TABLE IF EXISTS ${tbl}_dist" -}} -{{- $createQuery := printf "CREATE TABLE ${tbl}_dist AS ${tbl}_local ENGINE = Distributed('%s', '%s', ${tbl}_local, rand())" $clickhouseClusterName $clickhouseDB -}} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ template "sentry.fullname" . }}-clickhouse-init - labels: - app: sentry - chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" - annotations: - # This is what defines this resource as a hook. Without this line, the - # job is considered part of the release. - "helm.sh/hook": "post-install,post-upgrade" - "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" - "helm.sh/hook-weight": "6" -spec: - template: - metadata: - name: {{ template "sentry.fullname" . }}-clickhouse-init - annotations: - {{- if .Values.hooks.clickhouseInit.podAnnotations }} -{{ toYaml .Values.hooks.clickhouseInit.podAnnotations | indent 8 }} - {{- end }} - labels: - app: sentry - release: "{{ .Release.Name }}" - spec: - restartPolicy: Never - {{- if .Values.clickhouse.clickhouse.imagePullSecrets }} - imagePullSecrets: - {{- range .Values.clickhouse.clickhouse.imagePullSecrets }} - - name: {{ . | quote }} - {{- end }} - {{- end }} - containers: - - name: clickhouse-init - image: "{{ .Values.clickhouse.clickhouse.image }}:{{ .Values.clickhouse.clickhouse.imageVersion }}" - command: - - /bin/bash - - -ec - - >- - {{- if .Values.clickhouse.enabled }} - echo "clickhouse-init started" - - for tbl in {{ $tables }}; do - for ((i=0;i<{{ .Values.clickhouse.clickhouse.replicas }};i++)); do - clickhouse-client {{ $clickhouseAuth }} --database={{ $clickhouseDB }} --host={{ $clickhouseHost }}-$i.{{ $clickhouseHost }}-headless --port={{ $clickhousePort }} --query="{{ $dropQuery }}"; - clickhouse-client {{ $clickhouseAuth }} --database={{ $clickhouseDB }} --host={{ $clickhouseHost }}-$i.{{ $clickhouseHost }}-headless --port={{ $clickhousePort }} --query="{{ $createQuery }}"; - {{- if .Values.clickhouse.clickhouse.configmap.remote_servers.replica.backup.enabled }} - clickhouse-client {{ $clickhouseAuth }} --database={{ $clickhouseDB }} --host={{ $clickhouseHost }}-replica-$i.{{ $clickhouseHost }}-replica-headless --port={{ $clickhousePort }} --query="{{ $dropQuery }}"; - clickhouse-client {{ $clickhouseAuth }} --database={{ $clickhouseDB }} --host={{ $clickhouseHost }}-replica-$i.{{ $clickhouseHost }}-replica-headless --port={{ $clickhousePort }} --query="{{ $createQuery }}"; - {{- end }} - done - done - - echo "clickhouse-init finished" - {{- else }} - echo "clickhouse-init started" - - for tbl in {{ $tables }}; do - clickhouse-client {{ $clickhouseAuth }} --database={{ $clickhouseDB }} --host={{ $clickhouseHost }} --port={{ $clickhousePort }} --query="{{ $dropQuery }}"; - clickhouse-client {{ $clickhouseAuth }} --database={{ $clickhouseDB }} --host={{ $clickhouseHost }} --port={{ $clickhousePort }} --query="{{ $createQuery }}"; - done - - echo "clickhouse-init finished" - {{- end }} -{{- end }} diff --git a/charts/sentry/templates/hooks/sentry-db-check.job.yaml b/charts/sentry/templates/hooks/sentry-db-check.job.yaml index 967eb23..56773e4 100644 --- a/charts/sentry/templates/hooks/sentry-db-check.job.yaml +++ b/charts/sentry/templates/hooks/sentry-db-check.job.yaml @@ -19,6 +19,9 @@ metadata: "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" "helm.sh/hook-weight": "-1" spec: + {{- if .Values.hooks.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} + {{- end}} template: metadata: name: {{ template "sentry.fullname" . }}-db-check @@ -35,11 +38,35 @@ spec: {{- if .Values.sentry.worker.podLabels }} {{ toYaml .Values.sentry.worker.podLabels | indent 8 }} {{- end }} + {{- if .Values.hooks.dbCheck.podLabels }} +{{ toYaml .Values.hooks.dbCheck.podLabels | indent 8 }} + {{- end }} spec: + {{- if .Values.hooks.dbCheck.affinity }} + affinity: +{{ toYaml .Values.hooks.dbCheck.affinity | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbCheck.nodeSelector }} + nodeSelector: +{{ toYaml .Values.hooks.dbCheck.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbCheck.tolerations }} + tolerations: +{{ toYaml .Values.hooks.dbCheck.tolerations | indent 8 }} + {{- end }} restartPolicy: Never {{- if .Values.hooks.dbCheck.image.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.hooks.dbCheck.image.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbCheck.securityContext }} + securityContext: +{{ toYaml .Values.hooks.dbCheck.securityContext | indent 8 }} + {{- else }} + {{- if .Values.hooks.securityContext }} + securityContext: +{{ toYaml .Values.hooks.securityContext | indent 8 }} + {{- end }} {{- end }} containers: - name: db-check @@ -49,18 +76,22 @@ spec: - /bin/sh - -c - | - {{- if .Values.clickhouse.enabled }} echo "Checking if clickhouse is up" CLICKHOUSE_STATUS=0 while [ $CLICKHOUSE_STATUS -eq 0 ]; do CLICKHOUSE_STATUS=1 - i=0; while [ $i -lt {{ .Values.clickhouse.clickhouse.replicas }} ]; do + CLICKHOUSE_REPLICAS={{ .Values.clickhouse.enabled | ternary .Values.clickhouse.clickhouse.replicas "1" }} + i=0; while [ $i -lt $CLICKHOUSE_REPLICAS ]; do + {{- if .Values.clickhouse.enabled }} CLICKHOUSE_HOST={{ $clickhouseHost }}-$i.{{ $clickhouseHost }}-headless + {{- else }} + CLICKHOUSE_HOST={{ .Values.externalClickhouse.host }} + {{- end }} if ! nc -z "$CLICKHOUSE_HOST" {{ $clickhousePort }}; then CLICKHOUSE_STATUS=0 echo "$CLICKHOUSE_HOST is not available yet" fi - {{- if .Values.clickhouse.clickhouse.configmap.remote_servers.replica.backup.enabled }} + {{- if and .Values.clickhouse.enabled .Values.clickhouse.clickhouse.configmap.remote_servers.replica.backup.enabled }} CLICKHOUSE_HOST={{ $clickhouseHost }}-replica-$i.{{ $clickhouseHost }}-replica-headless if ! nc -z "$CLICKHOUSE_HOST" {{ $clickhousePort }}; then CLICKHOUSE_STATUS=0 @@ -75,14 +106,14 @@ spec: fi done echo "Clickhouse is up" - {{- end }} - {{- if .Values.kafka.enabled }} echo "Checking if kafka is up" KAFKA_STATUS=0 while [ $KAFKA_STATUS -eq 0 ]; do KAFKA_STATUS=1 - i=0; while [ $i -lt {{ .Values.kafka.replicaCount }} ]; do + {{- if .Values.kafka.enabled }} + KAFKA_REPLICAS={{ .Values.kafka.replicaCount }} + i=0; while [ $i -lt $KAFKA_REPLICAS ]; do KAFKA_HOST={{ $kafkaHost }}-$i.{{ $kafkaHost }}-headless if ! nc -z "$KAFKA_HOST" {{ $kafkaPort }}; then KAFKA_STATUS=0 @@ -90,17 +121,46 @@ spec: fi i=$((i+1)) done + {{- else if (not (kindIs "slice" .Values.externalKafka)) }} + KAFKA_HOST={{ .Values.externalKafka.host }} + if ! nc -z "$KAFKA_HOST" {{ $kafkaPort }}; then + KAFKA_STATUS=0 + echo "$KAFKA_HOST is not available yet" + fi + {{- else }} + {{- range $elem := .Values.externalKafka }} + KAFKA_HOST={{ $elem.host }} + if ! nc -z "$KAFKA_HOST" {{ $elem.port }}; then + KAFKA_STATUS=0 + echo "$KAFKA_HOST is not available yet" + fi + {{- end }} + {{- end }} if [ "$KAFKA_STATUS" -eq 0 ]; then echo "Kafka not ready. Sleeping for 10s before trying again" sleep 10; fi done echo "Kafka is up" - {{- end }} +{{- if .Values.hooks.dbCheck.volumeMounts }} + volumeMounts: +{{ toYaml .Values.hooks.dbCheck.volumeMounts | indent 8 }} +{{- end }} env: {{- if .Values.hooks.dbCheck.env }} {{ toYaml .Values.hooks.dbCheck.env | indent 8 }} {{- end }} resources: {{ toYaml .Values.hooks.dbCheck.resources | indent 10 }} +{{- if .Values.hooks.dbCheck.containerSecurityContext }} + securityContext: +{{ toYaml .Values.hooks.dbCheck.containerSecurityContext | indent 10 }} +{{- end }} +{{- if .Values.hooks.dbCheck.volumes }} + volumes: +{{ toYaml .Values.hooks.dbCheck.volumes | indent 6 }} +{{- end }} + {{- if .Values.hooks.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} + {{- end }} {{- end }} diff --git a/charts/sentry/templates/hooks/sentry-db-init.job.yaml b/charts/sentry/templates/hooks/sentry-db-init.job.yaml index 68cd18f..4c7eb44 100644 --- a/charts/sentry/templates/hooks/sentry-db-init.job.yaml +++ b/charts/sentry/templates/hooks/sentry-db-init.job.yaml @@ -15,6 +15,9 @@ metadata: "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" "helm.sh/hook-weight": "6" spec: + {{- if .Values.hooks.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} + {{- end}} template: metadata: name: {{ template "sentry.fullname" . }}-db-init @@ -32,11 +35,42 @@ spec: {{- if .Values.sentry.worker.podLabels }} {{ toYaml .Values.sentry.worker.podLabels | indent 8 }} {{- end }} + {{- if .Values.hooks.dbInit.podLabels }} +{{ toYaml .Values.hooks.dbInit.podLabels | indent 8 }} + {{- end }} spec: + {{- if .Values.hooks.dbInit.affinity }} + affinity: +{{ toYaml .Values.hooks.dbInit.affinity | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbInit.nodeSelector }} + nodeSelector: +{{ toYaml .Values.hooks.dbInit.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbInit.tolerations }} + tolerations: +{{ toYaml .Values.hooks.dbInit.tolerations | indent 8 }} + {{- end }} restartPolicy: Never {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbInit.securityContext }} + securityContext: +{{ toYaml .Values.hooks.dbInit.securityContext | indent 8 }} + {{- else }} + {{- if .Values.hooks.securityContext }} + securityContext: +{{ toYaml .Values.hooks.securityContext | indent 8 }} + {{- end }} {{- end }} containers: - name: db-init-job @@ -44,11 +78,7 @@ spec: imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} command: ["sentry","upgrade","--noinput"] env: - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} +{{ include "sentry.env" . | indent 8 }} {{- if .Values.hooks.dbInit.env }} {{ toYaml .Values.hooks.dbInit.env | indent 8 }} {{- end }} @@ -56,8 +86,15 @@ spec: - mountPath: /etc/sentry name: config readOnly: true +{{- if .Values.hooks.dbInit.volumeMounts }} +{{ toYaml .Values.hooks.dbInit.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.hooks.dbInit.resources | indent 10 }} +{{- if .Values.hooks.dbInit.containerSecurityContext }} + securityContext: +{{ toYaml .Values.hooks.dbInit.containerSecurityContext | indent 10 }} +{{- end }} {{- if .Values.hooks.dbInit.sidecars }} {{ toYaml .Values.hooks.dbInit.sidecars | indent 6 }} {{- end }} @@ -68,4 +105,7 @@ spec: {{- if .Values.hooks.dbInit.volumes }} {{ toYaml .Values.hooks.dbInit.volumes | indent 6 }} {{- end }} -{{- end -}} \ No newline at end of file + {{- if .Values.hooks.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} + {{- end }} +{{- end -}} diff --git a/charts/sentry/templates/hooks/sentry-secret-create.yaml b/charts/sentry/templates/hooks/sentry-secret-create.yaml new file mode 100644 index 0000000..2675032 --- /dev/null +++ b/charts/sentry/templates/hooks/sentry-secret-create.yaml @@ -0,0 +1,17 @@ +{{- if not .Values.sentry.existingSecret -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "sentry.fullname" . }}-sentry-secret + labels: + app: sentry + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" + annotations: + "helm.sh/hook": "pre-install" + "helm.sh/hook-weight": "3" +type: Opaque +data: + key: {{ randAlphaNum 50 | b64enc | quote }} +{{- end -}} diff --git a/charts/sentry/templates/hooks/snuba-db-init.job.yaml b/charts/sentry/templates/hooks/snuba-db-init.job.yaml index b403dd0..89da9cd 100644 --- a/charts/sentry/templates/hooks/snuba-db-init.job.yaml +++ b/charts/sentry/templates/hooks/snuba-db-init.job.yaml @@ -16,6 +16,9 @@ metadata: "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" "helm.sh/hook-weight": "3" spec: + {{- if .Values.hooks.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} + {{- end}} template: metadata: name: {{ template "sentry.fullname" . }}-snuba-db-init @@ -34,38 +37,50 @@ spec: {{- if .Values.snuba.podLabels }} {{ toYaml .Values.snuba.podLabels | indent 8 }} {{- end }} + {{- if .Values.hooks.snubaInit.podLabels }} +{{ toYaml .Values.hooks.snubaInit.podLabels | indent 8 }} + {{- end }} spec: + {{- if .Values.hooks.snubaInit.affinity }} + affinity: +{{ toYaml .Values.hooks.snubaInit.affinity | indent 8 }} + {{- end }} + {{- if .Values.hooks.snubaInit.nodeSelector }} + nodeSelector: +{{ toYaml .Values.hooks.snubaInit.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.hooks.snubaInit.tolerations }} + tolerations: +{{ toYaml .Values.hooks.snubaInit.tolerations | indent 8 }} + {{- end }} restartPolicy: Never {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.hooks.snubaInit.securityContext }} + securityContext: +{{ toYaml .Values.hooks.snubaInit.securityContext | indent 8 }} + {{- else }} + {{- if .Values.hooks.securityContext }} + securityContext: +{{ toYaml .Values.hooks.securityContext | indent 8 }} + {{- end }} {{- end }} containers: - name: snuba-init image: "{{ template "snuba.image" . }}" - # command: ["./docker_entrypoint.sh", "replacer","--auto-offset-reset=latest","--max-batch-size", "3"] - command: - - /bin/bash - - -ec - - >- - {{- if .Values.clickhouse.enabled }} - for ((i=0;i<{{ .Values.clickhouse.clickhouse.replicas }};i++)); do - export CLICKHOUSE_HOST={{ $clickhouseHost }}-$i.{{ $clickhouseHost }}-headless; - snuba bootstrap --force; - {{- if .Values.clickhouse.clickhouse.configmap.remote_servers.replica.backup.enabled }} - export CLICKHOUSE_HOST={{ $clickhouseHost }}-replica-$i.{{ $clickhouseHost }}-replica-headless; - snuba bootstrap --force; - {{- end }} - done - {{- else }} - export CLICKHOUSE_HOST={{ $clickhouseHost }}; - snuba bootstrap --force; - {{- end }} + command: [snuba, bootstrap, --no-migrate, --force] env: - name: LOG_LEVEL value: debug - - name: CLICKHOUSE_SINGLE_NODE - value: "true" {{ include "sentry.snuba.env" . | indent 8 }} {{- if .Values.snuba.dbInitJob.env }} {{ toYaml .Values.snuba.dbInitJob.env | indent 8 }} @@ -77,10 +92,23 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.hooks.snubaInit.volumeMounts }} +{{ toYaml .Values.hooks.snubaInit.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.hooks.snubaInit.resources | indent 10 }} +{{- if .Values.hooks.snubaInit.containerSecurityContext }} + securityContext: +{{ toYaml .Values.hooks.snubaInit.containerSecurityContext | indent 10 }} +{{- end }} volumes: - - name: config - configMap: - name: {{ template "sentry.fullname" . }}-snuba + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.hooks.snubaInit.volumes }} +{{ toYaml .Values.hooks.snubaInit.volumes | indent 6 }} +{{- end }} + {{- if .Values.hooks.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} + {{- end }} {{- end }} diff --git a/charts/sentry/templates/hooks/snuba-migrate.job.yaml b/charts/sentry/templates/hooks/snuba-migrate.job.yaml index 185d0c4..9299d3c 100644 --- a/charts/sentry/templates/hooks/snuba-migrate.job.yaml +++ b/charts/sentry/templates/hooks/snuba-migrate.job.yaml @@ -16,6 +16,9 @@ metadata: "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" "helm.sh/hook-weight": "5" spec: + {{- if .Values.hooks.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} + {{- end}} template: metadata: name: {{ template "sentry.fullname" . }}-snuba-migrate @@ -34,38 +37,50 @@ spec: {{- if .Values.snuba.podLabels }} {{ toYaml .Values.snuba.podLabels | indent 8 }} {{- end }} + {{- if .Values.hooks.snubaMigrate.podLabels }} +{{ toYaml .Values.hooks.snubaMigrate.podLabels | indent 8 }} + {{- end }} spec: + {{- if .Values.hooks.snubaInit.affinity }} + affinity: +{{ toYaml .Values.hooks.snubaInit.affinity | indent 8 }} + {{- end }} + {{- if .Values.hooks.snubaInit.nodeSelector }} + nodeSelector: +{{ toYaml .Values.hooks.snubaInit.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.hooks.snubaInit.tolerations }} + tolerations: +{{ toYaml .Values.hooks.snubaInit.tolerations | indent 8 }} + {{- end }} restartPolicy: Never {{- if .Values.images.snuba.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.snuba.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.hooks.snubaMigrate.securityContext }} + securityContext: +{{ toYaml .Values.hooks.snubaMigrate.securityContext | indent 8 }} + {{- else }} + {{- if .Values.hooks.securityContext }} + securityContext: +{{ toYaml .Values.hooks.securityContext | indent 8 }} + {{- end }} {{- end }} containers: - name: snuba-migrate image: "{{ template "snuba.image" . }}" - # command: ["./docker_entrypoint.sh", "replacer","--auto-offset-reset=latest","--max-batch-size", "3"] - command: - - /bin/bash - - -ec - - >- - {{- if .Values.clickhouse.enabled }} - for ((i=0;i<{{ .Values.clickhouse.clickhouse.replicas }};i++)); do - export CLICKHOUSE_HOST={{ $clickhouseHost }}-$i.{{ $clickhouseHost }}-headless; - snuba migrations migrate --force; - {{- if .Values.clickhouse.clickhouse.configmap.remote_servers.replica.backup.enabled }} - export CLICKHOUSE_HOST={{ $clickhouseHost }}-replica-$i.{{ $clickhouseHost }}-replica-headless; - snuba migrations migrate --force; - {{- end }} - done - {{- else }} - export CLICKHOUSE_HOST={{ $clickhouseHost }}; - snuba migrations migrate --force; - {{- end }} + command: [snuba, migrations, migrate, --force] env: - name: LOG_LEVEL value: debug - - name: CLICKHOUSE_SINGLE_NODE - value: "true" {{ include "sentry.snuba.env" . | indent 8 }} {{- if .Values.snuba.migrateJob.env }} {{ toYaml .Values.snuba.migrateJob.env | indent 8 }} @@ -77,10 +92,23 @@ spec: - mountPath: /etc/snuba name: config readOnly: true +{{- if .Values.hooks.snubaInit.volumeMounts }} +{{ toYaml .Values.hooks.snubaInit.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.hooks.snubaInit.resources | indent 10 }} +{{- if .Values.hooks.snubaMigrate.containerSecurityContext }} + securityContext: +{{ toYaml .Values.hooks.snubaMigrate.containerSecurityContext | indent 10 }} +{{- end }} volumes: - - name: config - configMap: - name: {{ template "sentry.fullname" . }}-snuba + - name: config + configMap: + name: {{ template "sentry.fullname" . }}-snuba +{{- if .Values.hooks.snubaInit.volumes }} +{{ toYaml .Values.hooks.snubaInit.volumes | indent 6 }} +{{- end }} + {{- if .Values.hooks.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} + {{- end }} {{- end }} diff --git a/charts/sentry/templates/hooks/user-create.yaml b/charts/sentry/templates/hooks/user-create.yaml index 40e5511..fda1247 100644 --- a/charts/sentry/templates/hooks/user-create.yaml +++ b/charts/sentry/templates/hooks/user-create.yaml @@ -13,6 +13,9 @@ metadata: "helm.sh/hook-delete-policy": "{{ if .Values.hooks.removeOnSuccess }}hook-succeeded,{{ end }}before-hook-creation" "helm.sh/hook-weight": "9" spec: + {{- if .Values.hooks.activeDeadlineSeconds }} + activeDeadlineSeconds: {{ .Values.hooks.activeDeadlineSeconds }} + {{- end}} template: metadata: name: {{ template "sentry.fullname" . }}-user-create @@ -31,10 +34,38 @@ spec: {{ toYaml .Values.sentry.worker.podLabels | indent 8 }} {{- end }} spec: + {{- if .Values.hooks.dbInit.affinity }} + affinity: +{{ toYaml .Values.hooks.dbInit.affinity | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbInit.nodeSelector }} + nodeSelector: +{{ toYaml .Values.hooks.dbInit.nodeSelector | indent 8 }} + {{- end }} restartPolicy: Never + {{- if .Values.hooks.dbInit.tolerations }} + tolerations: +{{ toYaml .Values.hooks.dbInit.tolerations | indent 8 }} + {{- end }} {{- if .Values.images.sentry.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.images.sentry.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.dnsPolicy }} + dnsPolicy: {{ .Values.dnsPolicy | quote }} + {{- end }} + {{- if .Values.dnsConfig }} + dnsConfig: +{{ toYaml .Values.dnsConfig | indent 8 }} + {{- end }} + {{- if .Values.hooks.dbInit.securityContext }} + securityContext: +{{ toYaml .Values.hooks.dbInit.securityContext | indent 8 }} + {{- else }} + {{- if .Values.hooks.securityContext }} + securityContext: +{{ toYaml .Values.hooks.securityContext | indent 8 }} + {{- end }} {{- end }} containers: - name: user-create-job @@ -49,18 +80,24 @@ spec: --no-input \ --superuser \ --email "{{ .Values.user.email }}" \ - --password "{{ .Values.user.password }}" || true; \ + --password "$ADMIN_PASSWORD" || true; \ if [ $? -eq 0 ] || [ $? -eq 3 ]; then \ exit 0; \ else \ exit 1; \ fi env: - - name: POSTGRES_PASSWORD +{{ include "sentry.env" . | indent 8 }} + {{- if .Values.user.existingSecret }} + - name: ADMIN_PASSWORD valueFrom: secretKeyRef: - name: {{ default (include "sentry.postgresql.fullname" .) .Values.postgresql.existingSecret }} - key: {{ default "postgresql-password" .Values.postgresql.existingSecretKey }} + name: {{ .Values.user.existingSecret }} + key: {{ default "admin-password" .Values.user.existingSecretKey }} + {{- else if .Values.user.password }} + - name: ADMIN_PASSWORD + value: {{ .Values.user.password | quote }} + {{- end }} {{- if .Values.hooks.dbInit.env }} {{ toYaml .Values.hooks.dbInit.env | indent 8 }} {{- end }} @@ -68,10 +105,23 @@ spec: - mountPath: /etc/sentry name: config readOnly: true +{{- if .Values.hooks.dbInit.volumeMounts }} +{{ toYaml .Values.hooks.dbInit.volumeMounts | indent 8 }} +{{- end }} resources: {{ toYaml .Values.hooks.dbInit.resources | indent 10 }} +{{- if .Values.hooks.dbInit.containerSecurityContext }} + securityContext: +{{ toYaml .Values.hooks.dbInit.containerSecurityContext | indent 10 }} +{{- end }} volumes: - name: config configMap: name: {{ template "sentry.fullname" . }}-sentry +{{- if .Values.hooks.dbInit.volumes }} +{{ toYaml .Values.hooks.dbInit.volumes | indent 6 }} +{{- end }} + {{- if .Values.hooks.shareProcessNamespace }} + shareProcessNamespace: {{ .Values.hooks.shareProcessNamespace }} + {{- end }} {{- end -}} diff --git a/charts/sentry/templates/hpa-relay.yaml b/charts/sentry/templates/hpa-relay.yaml index 6b3403f..974b917 100644 --- a/charts/sentry/templates/hpa-relay.yaml +++ b/charts/sentry/templates/hpa-relay.yaml @@ -3,6 +3,11 @@ apiVersion: autoscaling/v1 kind: HorizontalPodAutoscaler metadata: name: {{ template "sentry.fullname" . }}-relay + annotations: + meta.helm.sh/release-name: "{{ .Release.Name }}" + meta.helm.sh/release-namespace: "{{ .Release.Namespace }}" + "helm.sh/hook": "post-install,post-upgrade" + "helm.sh/hook-weight": "25" spec: scaleTargetRef: apiVersion: apps/v1 diff --git a/charts/sentry/templates/ingress.yaml b/charts/sentry/templates/ingress.yaml index a7a18e9..d849272 100644 --- a/charts/sentry/templates/ingress.yaml +++ b/charts/sentry/templates/ingress.yaml @@ -1,16 +1,9 @@ {{- if .Values.ingress.enabled -}} -{{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} - {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} - {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} - {{- end }} -{{- end }} -{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1 -{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} -apiVersion: networking.k8s.io/v1beta1 -{{- else -}} -apiVersion: extensions/v1beta1 -{{- end }} +{{- $ingressApiIsStable := eq (include "sentry.ingress.isStable" .) "true" -}} +{{- $ingressSupportsIngressClassName := eq (include "sentry.ingress.supportsIngressClassName" .) "true" -}} +{{- $ingressSupportsPathType := eq (include "sentry.ingress.supportsPathType" .) "true" -}} +{{- $ingressPathType := .Values.ingress.pathType | default "ImplementationSpecific" -}} +apiVersion: {{ include "sentry.ingress.apiVersion" . }} kind: Ingress metadata: name: {{ template "sentry.fullname" . }} @@ -23,69 +16,87 @@ metadata: {{- range $key, $value := .Values.ingress.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if eq .Values.ingress.regexPathStyle "nginx" }} + nginx.ingress.kubernetes.io/use-regex: "true" + {{- end }} {{- if and (eq .Values.ingress.regexPathStyle "aws-alb") (.Values.ingress.alb.httpRedirect) }} - alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' + alb.ingress.kubernetes.io/actions.ssl-redirect: '{"Type": "redirect", "RedirectConfig": { "Protocol": "HTTPS", "Port": "443", "StatusCode": "HTTP_301"}}' {{- end }} spec: - {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} - ingressClassName: {{ .Values.ingress.className }} + {{- if and $ingressSupportsIngressClassName .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} {{- end }} rules: - - host: {{ .Values.ingress.hostname }} +{{- $hosts := list .Values.ingress.hostname }} +{{- range .Values.ingress.additionalHostNames -}} +{{- $hosts = append $hosts . -}} +{{- end -}} +{{- $outer := . -}} +{{- range $idx, $host := $hosts }} +{{- with $outer }} + - host: {{ $host }} http: paths: {{- if .Values.nginx.enabled }} - path: {{ default "/" .Values.ingress.path | quote }} - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-nginx port: - number: {{ .Values.nginx.service.port }} + {{- if kindIs "float64" .Values.nginx.service.ports.http }} + number: {{ .Values.nginx.service.ports.http }} + {{- else }} + name: {{ .Values.nginx.service.ports.http }} + {{- end }} {{- else }} serviceName: {{ template "sentry.fullname" . }}-nginx - servicePort: {{ .Values.nginx.service.port }} + servicePort: {{ .Values.nginx.service.ports.http }} {{- end }} - {{- else if eq (default "nginx" .Values.ingress.regexPathStyle) "aws-alb" }} + {{- else if or (eq (default "nginx" .Values.ingress.regexPathStyle) "aws-alb") (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} {{- if .Values.ingress.alb.httpRedirect }} - path: "/*" - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: ssl-redirect port: - number: use-annotation #TODO: this likely doesn't work + name: use-annotation {{- else }} serviceName: ssl-redirect servicePort: use-annotation {{- end }} {{- end }} - path: /api/0/* - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-web port: + {{- if kindIs "float64" .Values.service.externalPort }} number: {{ .Values.service.externalPort }} + {{- else }} + name: {{ .Values.service.externalPort }} + {{- end }} {{- else }} serviceName: {{ template "sentry.fullname" . }}-web servicePort: {{ .Values.service.externalPort }} {{- end }} - path: /api/* - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-relay port: @@ -95,26 +106,30 @@ spec: servicePort: {{ template "relay.port" . }} {{- end }} - path: "/*" - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-web port: + {{- if kindIs "float64" .Values.service.externalPort }} number: {{ .Values.service.externalPort }} + {{- else }} + name: {{ .Values.service.externalPort }} + {{- end }} {{- else }} serviceName: {{ template "sentry.fullname" . }}-web servicePort: {{ .Values.service.externalPort }} {{- end }} {{- else }} - path: {{ default "/" .Values.ingress.path }}api/store - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-relay port: @@ -128,11 +143,11 @@ spec: {{- else }} - path: {{ default "/" .Values.ingress.path }}api/[1-9][0-9]*/(.*) {{- end }} - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-relay port: @@ -142,20 +157,26 @@ spec: servicePort: {{ template "relay.port" . }} {{- end }} - path: {{ default "/" .Values.ingress.path | quote }} - {{- if and .Values.ingress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} - pathType: {{ .Values.ingress.pathType }} + {{- if $ingressSupportsPathType }} + pathType: {{ $ingressPathType }} {{- end }} backend: - {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} + {{- if $ingressApiIsStable }} service: name: {{ template "sentry.fullname" . }}-web port: + {{- if kindIs "float64" .Values.service.externalPort }} number: {{ .Values.service.externalPort }} + {{- else }} + name: {{ .Values.service.externalPort }} + {{- end }} {{- else }} serviceName: {{ template "sentry.fullname" . }}-web servicePort: {{ .Values.service.externalPort }} {{- end }} {{- end }} +{{- end -}} +{{- end -}} {{- if .Values.ingress.tls }} tls: {{ toYaml .Values.ingress.tls | indent 4 }} diff --git a/charts/sentry/templates/secret-snuba-env.yaml b/charts/sentry/templates/secret-snuba-env.yaml index ac578bd..1b40bca 100644 --- a/charts/sentry/templates/secret-snuba-env.yaml +++ b/charts/sentry/templates/secret-snuba-env.yaml @@ -9,6 +9,9 @@ metadata: heritage: "{{ .Release.Service }}" type: Opaque data: + CLICKHOUSE_PORT: {{ include "sentry.clickhouse.port" . | b64enc | quote }} CLICKHOUSE_DATABASE: {{ include "sentry.clickhouse.database" . | b64enc | quote }} CLICKHOUSE_USER: {{ include "sentry.clickhouse.username" . | b64enc | quote }} +{{- if not .Values.externalClickhouse.existingSecret }} CLICKHOUSE_PASSWORD: {{ include "sentry.clickhouse.password" . | b64enc | quote }} +{{- end }} diff --git a/charts/sentry/templates/service-account.yaml b/charts/sentry/templates/service-account.yaml deleted file mode 100644 index d0312cf..0000000 --- a/charts/sentry/templates/service-account.yaml +++ /dev/null @@ -1,10 +0,0 @@ -{{ if .Values.serviceAccount.create }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "sentry.serviceAccountName" . }} - labels: -{{ include "sentry.labels" . | indent 4 }} - annotations: - {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} -{{ end }} \ No newline at end of file diff --git a/charts/sentry/templates/service-metrics.yaml b/charts/sentry/templates/service-metrics.yaml index 8048e47..bf8087d 100644 --- a/charts/sentry/templates/service-metrics.yaml +++ b/charts/sentry/templates/service-metrics.yaml @@ -3,6 +3,9 @@ apiVersion: v1 kind: Service metadata: name: {{ template "sentry.fullname" . }}-metrics + {{- if .Values.metrics.service.annotations }} + annotations: {{ toYaml .Values.metrics.service.annotations | nindent 4 }} + {{- end }} labels: app: {{ template "sentry.fullname" . }}-metrics chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" @@ -27,4 +30,4 @@ spec: app: {{ template "sentry.fullname" . }}-metrics release: {{ .Release.Name }} role: metrics -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/sentry/templates/service-relay.yaml b/charts/sentry/templates/service-relay.yaml index 0fcae7f..962b0e3 100644 --- a/charts/sentry/templates/service-relay.yaml +++ b/charts/sentry/templates/service-relay.yaml @@ -3,9 +3,12 @@ kind: Service metadata: name: {{ template "sentry.fullname" . }}-relay annotations: - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- range $key, $value := .Values.relay.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} + cloud.google.com/backend-config: '{"ports": {"{{ template "relay.port" . }}":"{{ include "sentry.fullname" . }}-relay"}}' + {{- end }} labels: app: {{ template "sentry.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" diff --git a/charts/sentry/templates/service-sentry.yaml b/charts/sentry/templates/service-sentry.yaml index 50021be..71c593a 100644 --- a/charts/sentry/templates/service-sentry.yaml +++ b/charts/sentry/templates/service-sentry.yaml @@ -3,9 +3,12 @@ kind: Service metadata: name: {{ template "sentry.fullname" . }}-web annotations: - {{- range $key, $value := .Values.service.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} + {{- range $key, $value := .Values.sentry.web.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if and (.Values.ingress.enabled) (eq (default "nginx" .Values.ingress.regexPathStyle) "gke") }} + cloud.google.com/backend-config: '{"ports": {"{{ .Values.service.externalPort }}":"{{ include "sentry.fullname" . }}-web"}}' + {{- end }} labels: app: {{ template "sentry.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" diff --git a/charts/sentry/templates/service-snuba.yaml b/charts/sentry/templates/service-snuba.yaml index 80a826a..14b7d58 100644 --- a/charts/sentry/templates/service-snuba.yaml +++ b/charts/sentry/templates/service-snuba.yaml @@ -6,6 +6,9 @@ metadata: {{- range $key, $value := .Values.service.annotations }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- range $key, $value := .Values.snuba.api.service.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} labels: app: {{ template "sentry.fullname" . }} chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" diff --git a/charts/sentry/templates/serviceaccount-metrics.yaml b/charts/sentry/templates/serviceaccount-metrics.yaml new file mode 100644 index 0000000..f317723 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-metrics.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-metrics +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-relay.yaml b/charts/sentry/templates/serviceaccount-relay.yaml new file mode 100644 index 0000000..bad816e --- /dev/null +++ b/charts/sentry/templates/serviceaccount-relay.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-relay +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-billing-metrics-consumer.yaml b/charts/sentry/templates/serviceaccount-sentry-billing-metrics-consumer.yaml new file mode 100644 index 0000000..10cc9b9 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-billing-metrics-consumer.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-billing-metrics-consumer +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-cron.yaml b/charts/sentry/templates/serviceaccount-sentry-cron.yaml new file mode 100644 index 0000000..51f3f5e --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-cron.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-cron +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-attachments.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-attachments.yaml new file mode 100644 index 0000000..9544283 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-attachments.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-consumer-attachments +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-events.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-events.yaml new file mode 100644 index 0000000..40b9b6e --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-events.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-consumer-events +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-transactions.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-transactions.yaml new file mode 100644 index 0000000..4a08d21 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-consumer-transactions.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-consumer-transactions +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-metrics-consumer-perf.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-metrics-consumer-perf.yaml new file mode 100644 index 0000000..3650478 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-metrics-consumer-perf.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-metrics-consumer-perf +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-metrics-consumer-rh.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-metrics-consumer-rh.yaml new file mode 100644 index 0000000..601a711 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-metrics-consumer-rh.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-metrics-consumer-rh +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-monitors.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-monitors.yaml new file mode 100644 index 0000000..6160cfc --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-monitors.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-monitors +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-ingest-replay-recordings.yaml b/charts/sentry/templates/serviceaccount-sentry-ingest-replay-recordings.yaml new file mode 100644 index 0000000..a29e44d --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-ingest-replay-recordings.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-ingest-replay-recordings +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-post-process-forwarder-errors.yaml b/charts/sentry/templates/serviceaccount-sentry-post-process-forwarder-errors.yaml new file mode 100644 index 0000000..a38e8fb --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-post-process-forwarder-errors.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-post-process-forwarder-errors +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-post-process-forwarder-transactions.yaml b/charts/sentry/templates/serviceaccount-sentry-post-process-forwarder-transactions.yaml new file mode 100644 index 0000000..3659704 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-post-process-forwarder-transactions.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-post-process-forwarder-transactions +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-subscription-consumer-events.yaml b/charts/sentry/templates/serviceaccount-sentry-subscription-consumer-events.yaml new file mode 100644 index 0000000..7678d9c --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-subscription-consumer-events.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-subscription-consumer-events +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-subscription-consumer-transactions.yaml b/charts/sentry/templates/serviceaccount-sentry-subscription-consumer-transactions.yaml new file mode 100644 index 0000000..32af7cb --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-subscription-consumer-transactions.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-subscription-consumer-transactions +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-web.yaml b/charts/sentry/templates/serviceaccount-sentry-web.yaml new file mode 100644 index 0000000..383ea19 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-web.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-web +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-sentry-worker.yaml b/charts/sentry/templates/serviceaccount-sentry-worker.yaml new file mode 100644 index 0000000..1deb53b --- /dev/null +++ b/charts/sentry/templates/serviceaccount-sentry-worker.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-worker +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-snuba.yaml b/charts/sentry/templates/serviceaccount-snuba.yaml new file mode 100644 index 0000000..c8a3896 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-snuba.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-snuba +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/serviceaccount-symbolicator.yaml b/charts/sentry/templates/serviceaccount-symbolicator.yaml new file mode 100644 index 0000000..974b227 --- /dev/null +++ b/charts/sentry/templates/serviceaccount-symbolicator.yaml @@ -0,0 +1,10 @@ +{{- if .Values.serviceAccount.enabled }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }}-symbolicator-api +{{- if .Values.serviceAccount.annotations }} + annotations: {{ toYaml .Values.serviceAccount.annotations | nindent 4 }} +{{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/sentry/templates/servicemonitor-metrics.yaml b/charts/sentry/templates/servicemonitor-metrics.yaml index c05d447..ec1c91c 100644 --- a/charts/sentry/templates/servicemonitor-metrics.yaml +++ b/charts/sentry/templates/servicemonitor-metrics.yaml @@ -34,4 +34,4 @@ spec: app: {{ template "sentry.fullname" . }}-metrics release: "{{ .Release.Name }}" role: metrics -{{- end }} \ No newline at end of file +{{- end }} diff --git a/charts/sentry/values.yaml b/charts/sentry/values.yaml index abd8f40..8df0ecb 100644 --- a/charts/sentry/values.yaml +++ b/charts/sentry/values.yaml @@ -1,321 +1,3322 @@ -prefix: - -user: - create: true - email: admin@sentry.local - password: aaaa - -serviceAccount: - create: true - annotations: {} - -# this is required on the first installation, as sentry has to be initialized first -# recommended to set false for updating the helm chart afterwards, -# as you will have some downtime on each update if it's a hook -# deploys relay & snuba consumers as post hooks asHook: true - +auth: + register: true +clickhouse: + clickhouse: + configmap: + builtin_dictionaries_reload_interval: "3600" + compression: + cases: + - method: zstd + min_part_size: "10000000000" + min_part_size_ratio: "0.01" + enabled: false + default_session_timeout: "60" + disable_internal_dns_cache: "1" + enabled: true + graphite: + config: + - asynchronous_metrics: true + events: true + events_cumulative: true + interval: "60" + metrics: true + root_path: one_min + timeout: "0.1" + enabled: false + keep_alive_timeout: "3" + logger: + count: "10" + level: trace + path: /var/log/clickhouse-server + size: 1000M + stdoutLogsEnabled: false + mark_cache_size: "5368709120" + max_concurrent_queries: "100" + max_connections: "4096" + max_session_timeout: "3600" + merge_tree: + enabled: false + max_part_loading_threads: auto + parts_to_delay_insert: 150 + parts_to_throw_insert: 300 + mlock_executable: false + profiles: + enabled: false + profile: + - config: + load_balancing: random + max_memory_usage: "10000000000" + use_uncompressed_cache: "0" + name: default + quotas: + enabled: false + quota: + - config: + - duration: "3600" + errors: "0" + execution_time: "0" + queries: "0" + read_rows: "0" + result_rows: "0" + name: default + remote_servers: + enabled: true + internal_replication: true + replica: + backup: + enabled: false + compression: true + user: default + umask: "022" + uncompressed_cache_size: "8589934592" + users: + enabled: false + user: + - config: + networks: + - ::/0 + password: "" + profile: default + quota: default + name: default + zookeeper_servers: + config: + - hostTemplate: '{{ .Release.Name }}-zookeeper-clickhouse' + index: clickhouse + port: "2181" + enabled: true + operation_timeout_ms: "10000" + session_timeout_ms: "30000" + http_port: "8123" + image: yandex/clickhouse-server + imagePullPolicy: IfNotPresent + imageVersion: 20.12.8.5 + ingress: + enabled: false + init: + image: busybox + imagePullPolicy: IfNotPresent + imageVersion: 1.31.0 + resources: {} + interserver_http_port: "9009" + livenessProbe: + enabled: true + failureThreshold: "3" + initialDelaySeconds: "30" + periodSeconds: "30" + successThreshold: "1" + timeoutSeconds: "5" + metrics: + enabled: false + image: + port: 9116 + pullPolicy: IfNotPresent + registry: docker.io + repository: f1yegor/clickhouse-exporter + tag: latest + podAnnotations: + prometheus.io/port: "9116" + prometheus.io/scrape: "true" + podLabels: {} + prometheusRule: + additionalLabels: {} + enabled: false + namespace: "" + rules: [] + service: + annotations: {} + labels: {} + type: ClusterIP + serviceMonitor: + enabled: false + selector: + prometheus: kube-prometheus + path: /var/lib/clickhouse + persistentVolumeClaim: + dataPersistentVolume: + accessModes: + - ReadWriteOnce + enabled: true + storage: 30Gi + enabled: true + logsPersistentVolume: + accessModes: + - ReadWriteOnce + enabled: false + storage: 50Gi + podManagementPolicy: Parallel + podSecurityContext: {} + readinessProbe: + enabled: true + failureThreshold: "3" + initialDelaySeconds: "30" + periodSeconds: "30" + successThreshold: "1" + timeoutSeconds: "5" + replicas: "3" + resources: {} + securityContext: {} + tcp_port: "9000" + updateStrategy: RollingUpdate + clusterDomain: cluster.local + enabled: true + global: {} + serviceAccount: + annotations: {} + automountServiceAccountToken: true + enabled: false + name: clickhouse + tabix: + enabled: false + image: spoonest/clickhouse-tabix-web-client + imagePullPolicy: IfNotPresent + imageVersion: stable + ingress: + enabled: false + livenessProbe: + enabled: true + failureThreshold: "3" + initialDelaySeconds: "30" + periodSeconds: "30" + successThreshold: "1" + timeoutSeconds: "5" + podAnnotations: null + podLabels: null + readinessProbe: + enabled: true + failureThreshold: "3" + initialDelaySeconds: "30" + periodSeconds: "30" + successThreshold: "1" + timeoutSeconds: "5" + replicas: "1" + resources: {} + security: + password: admin + user: admin + updateStrategy: + maxSurge: 3 + maxUnavailable: 1 + type: RollingUpdate + timezone: UTC +config: + configYml: {} + relay: | + # No YAML relay config given + sentryConfPy: | + # No Python Extension Config Given + snubaSettingsPy: | + # No Python Extension Config Given + web: + httpKeepalive: 15 +externalClickhouse: + database: default + host: clickhouse + httpPort: 8123 + password: "" + singleNode: true + tcpPort: 9000 + username: default +externalKafka: + port: 9092 +externalPostgresql: + database: sentry + port: 5432 + username: postgres +externalRedis: + port: 6379 +filestore: + backend: filesystem + filesystem: + path: /var/lib/sentry/files + persistence: + accessMode: ReadWriteOnce + enabled: true + existingClaim: "" + persistentWorkers: false + size: 10Gi + gcs: {} + s3: {} +geodata: + mountPath: "" + path: "" + volumeName: "" +github: {} +google: {} +hooks: + activeDeadlineSeconds: 100 + dbCheck: + affinity: {} + containerSecurityContext: {} + env: [] + image: + imagePullSecrets: [] + nodeSelector: {} + podAnnotations: {} + resources: + limits: + memory: 64Mi + requests: + cpu: 100m + memory: 64Mi + securityContext: {} + dbInit: + affinity: {} + env: [] + nodeSelector: {} + podAnnotations: {} + resources: + limits: + memory: 2048Mi + requests: + cpu: 300m + memory: 2048Mi + sidecars: [] + volumes: [] + enabled: true + removeOnSuccess: true + shareProcessNamespace: false + snubaInit: + affinity: {} + nodeSelector: {} + podAnnotations: {} + resources: + limits: + cpu: 2000m + memory: 1Gi + requests: + cpu: 700m + memory: 1Gi + snubaMigrate: {} images: + relay: + imagePullSecrets: [] sentry: - # repository: getsentry/sentry - # tag: Chart.AppVersion - # pullPolicy: IfNotPresent imagePullSecrets: [] snuba: - # repository: getsentry/snuba - # tag: Chart.AppVersion - # pullPolicy: IfNotPresent - imagePullSecrets: [] - relay: - # repository: getsentry/relay - # tag: Chart.AppVersion - # pullPolicy: IfNotPresent imagePullSecrets: [] symbolicator: - # repository: getsentry/symbolicator - tag: 0.3.3 - # pullPolicy: IfNotPresent imagePullSecrets: [] - -relay: - replicas: 1 - mode: managed - env: [] - probeInitialDelaySeconds: 10 - resources: {} +ingress: + alb: + httpRedirect: false + enabled: false + regexPathStyle: nginx +kafka: + advertisedListeners: [] affinity: {} + allowEveryoneIfNoAclFound: true + allowPlaintextListener: true + args: [] + auth: + clientProtocol: plaintext + externalClientProtocol: "" + interBrokerProtocol: plaintext + sasl: + interBrokerMechanism: plain + jaas: + clientPasswords: [] + clientUsers: + - user + existingSecret: "" + interBrokerPassword: "" + interBrokerUser: admin + zookeeperPassword: "" + zookeeperUser: "" + mechanisms: plain,scram-sha-256,scram-sha-512 + tls: + autoGenerated: false + endpointIdentificationAlgorithm: https + existingSecret: "" + existingSecrets: [] + jksKeystoreSAN: "" + jksTruststore: "" + jksTruststoreSecret: "" + password: "" + pemChainIncluded: false + type: jks + zookeeper: + tls: + enabled: false + existingSecret: "" + existingSecretKeystoreKey: zookeeper.keystore.jks + existingSecretTruststoreKey: zookeeper.truststore.jks + passwordsSecret: "" + passwordsSecretKeystoreKey: keystore-password + passwordsSecretTruststoreKey: truststore-password + type: jks + verifyHostname: true + authorizerClassName: "" + autoCreateTopicsEnable: true + clusterDomain: cluster.local + command: + - /scripts/setup.sh + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + commonAnnotations: {} + commonLabels: {} + config: "" + containerPorts: + client: 9092 + external: 9094 + internal: 9093 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + defaultReplicationFactor: 3 + deleteTopicEnable: false + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + enabled: true + existingConfigmap: "" + existingLog4jConfigMap: "" + externalAccess: + autoDiscovery: + enabled: false + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/kubectl + tag: 1.24.0-debian-10-r2 + resources: + limits: {} + requests: {} + enabled: false + service: + annotations: {} + domain: "" + extraPorts: [] + loadBalancerAnnotations: [] + loadBalancerIPs: [] + loadBalancerNames: [] + loadBalancerSourceRanges: [] + nodePorts: [] + ports: + external: 9094 + type: LoadBalancer + useHostIPs: false + usePodIPs: false + externalZookeeper: + servers: [] + extraDeploy: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraVolumeMounts: [] + extraVolumes: [] + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + heapOpts: -Xmx1024m -Xms1024m + hostAliases: [] + hostIPC: false + hostNetwork: false + image: + debug: false + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/kafka + tag: 3.1.1-debian-10-r6 + initContainers: [] + interBrokerListenerName: INTERNAL + kubeVersion: "" + lifecycleHooks: {} + listenerSecurityProtocolMap: "" + listeners: [] + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + log4j: "" + logFlushIntervalMessages: _10000 + logFlushIntervalMs: 1000 + logPersistence: + accessModes: + - ReadWriteOnce + annotations: {} + enabled: false + existingClaim: "" + mountPath: /opt/bitnami/kafka/logs + selector: {} + size: 8Gi + storageClass: "" + logRetentionBytes: _1073741824 + logRetentionCheckIntervalMs: 300000 + logRetentionHours: 168 + logSegmentBytes: _1073741824 + logsDirs: /bitnami/kafka/data + maxMessageBytes: "50000000" + metrics: + jmx: + config: |- + jmxUrl: service:jmx:rmi:///jndi/rmi://127.0.0.1:5555/jmxrmi + lowercaseOutputName: true + lowercaseOutputLabelNames: true + ssl: false + {{- if .Values.metrics.jmx.whitelistObjectNames }} + whitelistObjectNames: ["{{ join "\",\"" .Values.metrics.jmx.whitelistObjectNames }}"] + {{- end }} + containerPorts: + metrics: 5556 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + enabled: false + existingConfigmap: "" + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/jmx-exporter + tag: 0.16.1-debian-10-r303 + resources: + limits: {} + requests: {} + service: + annotations: + prometheus.io/path: / + prometheus.io/port: '{{ .Values.metrics.jmx.service.ports.metrics }}' + prometheus.io/scrape: "true" + clusterIP: "" + ports: + metrics: 5556 + sessionAffinity: None + whitelistObjectNames: + - kafka.controller:* + - kafka.server:* + - java.lang:* + - kafka.network:* + - kafka.log:* + kafka: + affinity: {} + args: [] + certificatesSecret: "" + command: [] + containerPorts: + metrics: 9308 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + enabled: false + extraFlags: {} + extraVolumeMounts: [] + extraVolumes: [] + hostAliases: [] + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/kafka-exporter + tag: 1.4.2-debian-10-r240 + initContainers: [] + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podSecurityContext: + enabled: true + fsGroup: 1001 + resources: + limits: {} + requests: {} + schedulerName: "" + service: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: '{{ .Values.metrics.kafka.service.ports.metrics }}' + prometheus.io/scrape: "true" + clusterIP: "" + ports: + metrics: 9308 + sessionAffinity: None + serviceAccount: + automountServiceAccountToken: true + create: true + name: "" + sidecars: [] + tlsCaCert: ca-file + tlsCaSecret: "" + tlsCert: cert-file + tlsKey: key-file + tolerations: [] + serviceMonitor: + enabled: false + honorLabels: false + interval: "" + jobLabel: "" + labels: {} + metricRelabelings: [] + namespace: "" + relabelings: [] + scrapeTimeout: "" + selector: {} + minBrokerId: 0 + nameOverride: "" + networkPolicy: + allowExternal: true + egressRules: + customRules: [] + enabled: false + explicitNamespacesSelector: {} + externalAccess: + from: [] + nodeAffinityPreset: + key: "" + type: "" + values: [] nodeSelector: {} - securityContext: {} - # tolerations: [] - # podLabels: [] - + numIoThreads: 8 + numNetworkThreads: 3 + numPartitions: 1 + numRecoveryThreadsPerDataDir: 1 + offsetsTopicReplicationFactor: 3 + pdb: + create: false + maxUnavailable: 1 + minAvailable: "" + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + enabled: true + existingClaim: "" + mountPath: /bitnami/kafka + selector: {} + size: 8Gi + storageClass: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podManagementPolicy: Parallel + podSecurityContext: + enabled: true + fsGroup: 1001 + priorityClassName: "" + provisioning: + args: [] + auth: + tls: + caCert: ca.crt + cert: tls.crt + certificatesSecret: "" + key: tls.key + keyPassword: "" + keyPasswordSecretKey: key-password + keystore: keystore.jks + keystorePassword: "" + keystorePasswordSecretKey: keystore-password + passwordsSecret: "" + truststore: truststore.jks + truststorePassword: "" + truststorePasswordSecretKey: truststore-password + type: jks + command: [] + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + enabled: true + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraProvisioningCommands: [] + extraVolumeMounts: [] + extraVolumes: [] + initContainers: [] + numPartitions: 1 + parallel: 1 + podAnnotations: {} + podLabels: {} + podSecurityContext: + enabled: true + fsGroup: 1001 + postScript: "" + preScript: "" + replicationFactor: 1 + resources: + limits: {} + requests: {} + schedulerName: "" + sidecars: [] + topics: + - name: ingest-attachments + - name: ingest-transactions + - name: ingest-events + - name: ingest-replay-recordings + - name: profiles + waitForKafka: true + rbac: + create: false + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + replicaCount: 3 + resources: + limits: {} + requests: {} + schedulerName: "" + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + client: "" + external: "" + ports: + client: 9092 + external: 9094 + internal: 9093 + sessionAffinity: None + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: true + name: "" + sidecars: [] + socketReceiveBufferBytes: 102400 + socketRequestMaxBytes: "50000000" + socketSendBufferBytes: 102400 + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + superUsers: User:admin + terminationGracePeriodSeconds: "" + tolerations: [] + topologySpreadConstraints: {} + transactionStateLogMinIsr: 3 + transactionStateLogReplicationFactor: 3 + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r431 + resources: + limits: {} + requests: {} + zookeeper: + affinity: {} + args: [] + auth: + clientPassword: "" + clientUser: "" + enabled: false + existingSecret: "" + serverPasswords: "" + serverUsers: "" + autopurge: + purgeInterval: 0 + snapRetainCount: 3 + clusterDomain: cluster.local + command: + - /scripts/setup.sh + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + commonAnnotations: {} + commonLabels: {} + configuration: "" + containerPorts: + client: 2181 + election: 3888 + follower: 2888 + tls: 3181 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + dataLogDir: "" + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + enabled: true + existingConfigmap: "" + extraDeploy: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraVolumeMounts: [] + extraVolumes: [] + fourlwCommandsWhitelist: srvr, mntr, ruok + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + heapSize: 1024 + hostAliases: [] + image: + debug: false + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/zookeeper + tag: 3.8.0-debian-10-r63 + initContainers: [] + initLimit: 10 + jvmFlags: "" + kubeVersion: "" + lifecycleHooks: {} + listenOnAllIPs: false + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + probeCommandTimeout: 2 + successThreshold: 1 + timeoutSeconds: 5 + logLevel: ERROR + maxClientCnxns: 60 + maxSessionTimeout: 40000 + metrics: + containerPort: 9141 + enabled: false + prometheusRule: + additionalLabels: {} + enabled: false + namespace: "" + rules: [] + service: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: '{{ .Values.metrics.service.port }}' + prometheus.io/scrape: "true" + port: 9141 + type: ClusterIP + serviceMonitor: + additionalLabels: {} + enabled: false + honorLabels: false + interval: "" + jobLabel: "" + metricRelabelings: [] + namespace: "" + relabelings: [] + scrapeTimeout: "" + selector: {} + minServerId: 1 + nameOverride: "" + namespaceOverride: "" + networkPolicy: + allowExternal: true + enabled: false + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + pdb: + create: false + maxUnavailable: 1 + minAvailable: "" + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataLogDir: + existingClaim: "" + selector: {} + size: 8Gi + enabled: true + existingClaim: "" + selector: {} + size: 8Gi + storageClass: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podManagementPolicy: Parallel + podSecurityContext: + enabled: true + fsGroup: 1001 + preAllocSize: 65536 + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + probeCommandTimeout: 2 + successThreshold: 1 + timeoutSeconds: 5 + replicaCount: 1 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + schedulerName: "" + service: + annotations: {} + clusterIP: "" + disableBaseClientPort: false + externalTrafficPolicy: Cluster + extraPorts: [] + headless: + annotations: {} + publishNotReadyAddresses: true + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + client: "" + tls: "" + ports: + client: 2181 + election: 3888 + follower: 2888 + tls: 3181 + sessionAffinity: None + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: false + name: "" + sidecars: [] + snapCount: 100000 + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + syncLimit: 5 + tickTime: 2000 + tls: + client: + auth: none + autoGenerated: false + enabled: false + existingSecret: "" + existingSecretKeystoreKey: "" + existingSecretTruststoreKey: "" + keystorePassword: "" + keystorePath: /opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks + passwordsSecretKeystoreKey: "" + passwordsSecretName: "" + passwordsSecretTruststoreKey: "" + truststorePassword: "" + truststorePath: /opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks + quorum: + auth: none + autoGenerated: false + enabled: false + existingSecret: "" + existingSecretKeystoreKey: "" + existingSecretTruststoreKey: "" + keystorePassword: "" + keystorePath: /opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks + passwordsSecretKeystoreKey: "" + passwordsSecretName: "" + passwordsSecretTruststoreKey: "" + truststorePassword: "" + truststorePath: /opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks + resources: + limits: {} + requests: {} + tolerations: [] + topologySpreadConstraints: {} + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r430 + resources: + limits: {} + requests: {} + zookeeperChrootPath: "" + zookeeperConnectionTimeoutMs: 6000 +mail: + backend: dummy + from: "" + host: "" + password: "" + port: 25 + useSsl: false + useTls: false + username: "" +memcached: + affinity: {} + architecture: standalone + args: + - memcached + - -u memcached + - -p 11211 + - -v + - -m $(MEMCACHED_MEMORY_LIMIT) + - -I $(MEMCACHED_MAX_ITEM_SIZE) + auth: + enabled: false + existingPasswordSecret: "" + password: "" + username: "" autoscaling: enabled: false - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 50 - sidecars: [ ] - volumes: [ ] - -sentry: - singleOrganization: true - web: - # if using filestore backend filesystem with RWO access, set strategyType to Recreate - strategyType: RollingUpdate + maxReplicas: 6 + minReplicas: 3 + targetCPU: 50 + targetMemory: 50 + clusterDomain: cluster.local + command: [] + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + commonAnnotations: {} + commonLabels: {} + containerPorts: + memcached: 11211 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + extraDeploy: [] + extraEnvVars: [] + extraEnvVarsCM: sentry-memcached + extraEnvVarsSecret: "" + extraVolumeMounts: [] + extraVolumes: [] + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + hostAliases: [] + image: + debug: false + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/memcached + tag: 1.6.20-debian-11-r3 + initContainers: [] + kubeVersion: "" + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + maxItemSize: "26214400" + memoryLimit: "2048" + metrics: + containerPorts: + metrics: 9150 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/memcached-exporter + tag: 0.11.3-debian-11-r12 + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 15 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + podAnnotations: + prometheus.io/port: '{{ .Values.metrics.containerPorts.metrics }}' + prometheus.io/scrape: "true" + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 3 + resources: + limits: {} + requests: {} + service: + annotations: + prometheus.io/port: '{{ .Values.metrics.service.ports.metrics }}' + prometheus.io/scrape: "true" + clusterIP: "" + ports: + metrics: 9150 + sessionAffinity: None + serviceMonitor: + enabled: false + honorLabels: false + interval: "" + jobLabel: "" + labels: {} + metricRelabelings: [] + namespace: "" + relabelings: [] + scrapeTimeout: "" + selector: {} + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + nameOverride: "" + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + pdb: + create: false + maxUnavailable: 1 + minAvailable: "" + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + enabled: false + labels: {} + selector: {} + size: 8Gi + storageClass: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podManagementPolicy: Parallel + podSecurityContext: + enabled: true + fsGroup: 1001 + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + replicaCount: 1 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + schedulerName: "" + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + memcached: "" + ports: + memcached: 11211 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: false + name: "" + sidecars: [] + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + terminationGracePeriodSeconds: "" + tolerations: [] + topologySpreadConstraints: [] + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r118 + resources: + limits: {} + requests: {} +metrics: + affinity: {} + containerSecurityContext: {} + enabled: false + image: + pullPolicy: IfNotPresent + repository: prom/statsd-exporter + tag: v0.17.0 + livenessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + nodeSelector: {} + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 30 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 2 + resources: {} + securityContext: {} + service: + labels: {} + type: ClusterIP + serviceMonitor: + additionalLabels: {} + enabled: false + namespace: "" + namespaceSelector: {} + scrapeInterval: 30s + tolerations: [] +nginx: + affinity: {} + args: [] + autoscaling: + enabled: false + maxReplicas: "" + minReplicas: "" + targetCPU: "" + targetMemory: "" + cloneStaticSiteFromGit: + branch: "" + enabled: false + extraEnvVars: [] + extraVolumeMounts: [] + gitClone: + args: [] + command: [] + gitSync: + args: [] + command: [] + resources: + limits: {} + requests: {} + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/git + tag: 2.40.1-debian-11-r8 + interval: 60 + repository: "" + clusterDomain: cluster.local + command: [] + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + commonAnnotations: {} + commonLabels: {} + containerPort: 8080 + containerPorts: + http: 8080 + https: "" + containerSecurityContext: + enabled: false + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + enabled: true + existingServerBlockConfigmap: '{{ template "sentry.fullname" . }}' + extraContainerPorts: [] + extraDeploy: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraVolumeMounts: [] + extraVolumes: [] + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + healthIngress: + annotations: {} + enabled: false + extraHosts: [] + extraPaths: [] + extraRules: [] + extraTls: [] + hostname: example.local + ingressClassName: "" + path: / + pathType: ImplementationSpecific + secrets: [] + selfSigned: false + tls: false + hostAliases: [] + hostIPC: false + hostNetwork: false + image: + debug: false + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/nginx + tag: 1.24.0-debian-11-r10 + ingress: + annotations: {} + apiVersion: "" + enabled: false + extraHosts: [] + extraPaths: [] + extraRules: [] + extraTls: [] + hostname: nginx.local + ingressClassName: "" + path: / + pathType: ImplementationSpecific + secrets: [] + selfSigned: false + tls: false + initContainers: [] + kubeVersion: "" + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + metrics: + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/nginx-exporter + tag: 0.11.0-debian-11-r82 + podAnnotations: {} + port: "" + prometheusRule: + additionalLabels: {} + enabled: false + namespace: "" + rules: [] + resources: + limits: {} + requests: {} + securityContext: + enabled: false + runAsUser: 1001 + service: + annotations: + prometheus.io/port: '{{ .Values.metrics.service.port }}' + prometheus.io/scrape: "true" + port: 9113 + serviceMonitor: + enabled: false + honorLabels: false + interval: "" + jobLabel: "" + labels: {} + metricRelabelings: [] + namespace: "" + relabelings: [] + scrapeTimeout: "" + selector: {} + nameOverride: "" + namespaceOverride: "" + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + pdb: + create: false + maxUnavailable: 0 + minAvailable: 1 + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podSecurityContext: + enabled: false + fsGroup: 1001 + sysctls: [] + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 3 + replicaCount: 1 + resources: + limits: {} + requests: {} + schedulerName: "" + serverBlock: "" + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + http: "" + https: "" + ports: + http: 80 + https: 443 + sessionAffinity: None + sessionAffinityConfig: {} + targetPort: + http: http + https: https + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: false + create: false + name: "" + sidecarSingleProcessNamespace: false + sidecars: [] + startupProbe: + enabled: false + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + staticSiteConfigmap: "" + staticSitePVC: "" + terminationGracePeriodSeconds: "" + tolerations: [] + topologySpreadConstraints: [] + updateStrategy: + rollingUpdate: {} + type: RollingUpdate +openai: {} +postgresql: + architecture: standalone + audit: + clientMinMessages: error + logConnections: false + logDisconnections: false + logHostname: false + logLinePrefix: "" + logTimezone: "" + pgAuditLog: "" + pgAuditLogCatalog: "off" + auth: + database: sentry + enablePostgresUser: true + existingSecret: "" + password: "" + postgresPassword: "" + replicationPassword: "" + replicationUsername: repl_user + secretKeys: + adminPasswordKey: postgres-password + replicationPasswordKey: replication-password + userPasswordKey: password + usePasswordFiles: false + username: "" + clusterDomain: cluster.local + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + postgresql: + auth: + database: "" + existingSecret: "" + password: "" + postgresPassword: "" + secretKeys: + adminPasswordKey: "" + replicationPasswordKey: "" + userPasswordKey: "" + username: "" + service: + ports: + postgresql: "" + storageClass: "" + commonAnnotations: {} + commonLabels: {} + containerPorts: + postgresql: 5432 + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + enabled: true + extraDeploy: [] + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + postgresql: + auth: + database: "" + existingSecret: "" + password: "" + postgresPassword: "" + secretKeys: + adminPasswordKey: "" + replicationPasswordKey: "" + userPasswordKey: "" + username: "" + service: + ports: + postgresql: "" + storageClass: "" + image: + debug: false + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/postgresql + tag: 15.3.0-debian-11-r0 + kubeVersion: "" + ldap: + basedn: "" + binddn: "" + bindpw: "" + enabled: false + port: "" + prefix: "" + scheme: "" + searchAttribute: "" + searchFilter: "" + server: "" + suffix: "" + tls: + enabled: false + uri: "" + metrics: + containerPorts: + metrics: 9187 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customMetrics: {} + customReadinessProbe: {} + customStartupProbe: {} + enabled: false + extraEnvVars: [] + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/postgres-exporter + tag: 0.12.0-debian-11-r86 + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + prometheusRule: + enabled: false + labels: {} + namespace: "" + rules: [] + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: {} + service: + annotations: + prometheus.io/port: '{{ .Values.metrics.service.ports.metrics }}' + prometheus.io/scrape: "true" + clusterIP: "" + ports: + metrics: 9187 + sessionAffinity: None + serviceMonitor: + enabled: false + honorLabels: false + interval: "" + jobLabel: "" + labels: {} + metricRelabelings: [] + namespace: "" + relabelings: [] + scrapeTimeout: "" + selector: {} + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + nameOverride: sentry-postgresql + networkPolicy: + egressRules: + customRules: {} + denyConnectionsToExternal: false + enabled: false + ingressRules: + primaryAccessOnlyFrom: + customRules: {} + enabled: false + namespaceSelector: {} + podSelector: {} + readReplicasAccessOnlyFrom: + customRules: {} + enabled: false + namespaceSelector: {} + podSelector: {} + metrics: + enabled: false + namespaceSelector: {} + podSelector: {} + postgresqlDataDir: /bitnami/postgresql/data + postgresqlSharedPreloadLibraries: pgaudit + primary: + affinity: {} + annotations: {} + args: [] + command: [] + configuration: "" + containerSecurityContext: + enabled: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + existingConfigmap: "" + existingExtendedConfigmap: "" + extendedConfiguration: "" + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraPodSpec: {} + extraVolumeMounts: [] + extraVolumes: [] + hostAliases: [] + hostIPC: false + hostNetwork: false + initContainers: [] + initdb: + args: "" + password: "" + postgresqlWalDir: "" + scripts: {} + scriptsConfigMap: "" + scriptsSecret: "" + user: "" + labels: {} + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: primary + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataSource: {} + enabled: true + existingClaim: "" + labels: {} + mountPath: /bitnami/postgresql + selector: {} + size: 8Gi + storageClass: "" + subPath: "" + pgHbaConfiguration: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podSecurityContext: + enabled: true + fsGroup: 1001 + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + schedulerName: "" + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + headless: + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + postgresql: "" + ports: + postgresql: 5432 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + sidecars: [] + standby: + enabled: false + primaryHost: "" + primaryPort: "" + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + terminationGracePeriodSeconds: "" + tolerations: [] + topologySpreadConstraints: [] + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + psp: + create: false + rbac: + create: false + rules: [] + readReplicas: + affinity: {} + annotations: {} + args: [] + command: [] + containerSecurityContext: + enabled: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + extendedConfiguration: "" + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraPodSpec: {} + extraVolumeMounts: [] + extraVolumes: [] + hostAliases: [] + hostIPC: false + hostNetwork: false + initContainers: [] + labels: {} + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + name: read + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataSource: {} + enabled: true + existingClaim: "" + labels: {} + mountPath: /bitnami/postgresql + selector: {} + size: 8Gi + storageClass: "" + subPath: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podSecurityContext: + enabled: true + fsGroup: 1001 + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + replicaCount: 1 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + schedulerName: "" + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + headless: + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + postgresql: "" + ports: + postgresql: 5432 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + sidecars: [] + startupProbe: + enabled: false + failureThreshold: 15 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + terminationGracePeriodSeconds: "" + tolerations: [] + topologySpreadConstraints: [] + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + replication: + applicationName: sentry + enabled: false + numSynchronousReplicas: 1 + readReplicas: 2 + synchronousCommit: "on" + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: false + name: "" + serviceBindings: + enabled: false + shmVolume: + enabled: true + sizeLimit: "" + tls: + autoGenerated: false + certCAFilename: "" + certFilename: "" + certKeyFilename: "" + certificatesSecret: "" + crlFilename: "" + enabled: false + preferServerCiphers: true + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r115 + resources: + limits: {} + requests: {} +prefix: null +rabbitmq: + advancedConfiguration: "" + advancedConfigurationExistingSecret: "" + affinity: {} + args: [] + auth: + enableLoopbackUser: false + erlangCookie: pHgpy3Q6adTskzAT6bLHCFqFTF7lMxhA + existingErlangSecret: "" + existingPasswordSecret: "" + password: guest + securePassword: true + tls: + autoGenerated: false + caCertificate: "" + enabled: false + existingSecret: "" + existingSecretFullChain: false + failIfNoPeerCert: true + overrideCaCertificate: "" + serverCertificate: "" + serverKey: "" + sslOptionsPassword: + enabled: false + existingSecret: "" + key: "" + password: "" + sslOptionsVerify: verify_peer + username: guest + clusterDomain: cluster.local + clustering: + addressType: hostname + enabled: true + forceBoot: true + partitionHandling: autoheal + rebalance: true + command: [] + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + commonAnnotations: {} + commonLabels: {} + communityPlugins: "" + configuration: |- + ## Username and password + ## + default_user = {{ .Values.auth.username }} + {{- if and (not .Values.auth.securePassword) .Values.auth.password }} + default_pass = {{ .Values.auth.password }} + {{- end }} + {{- if .Values.clustering.enabled }} + ## Clustering + ## + cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s + cluster_formation.k8s.host = kubernetes.default + cluster_formation.node_cleanup.interval = 10 + cluster_formation.node_cleanup.only_log_warning = true + cluster_partition_handling = {{ .Values.clustering.partitionHandling }} + {{- end }} + {{ if and .Values.clustering.enabled .Values.loadDefinition.enabled }} + cluster_formation.target_cluster_size_hint = {{ .Values.replicaCount }} + {{ end }} + {{- if .Values.loadDefinition.enabled }} + load_definitions = {{ .Values.loadDefinition.file }} + {{- end }} + # queue master locator + queue_master_locator = min-masters + # enable loopback user + {{- if not (empty .Values.auth.username) }} + loopback_users.{{ .Values.auth.username }} = {{ .Values.auth.enableLoopbackUser }} + {{- else}} + loopback_users.guest = {{ .Values.auth.enableLoopbackUser }} + {{- end }} + {{ template "rabbitmq.extraConfiguration" . }} + {{- if .Values.auth.tls.enabled }} + ssl_options.verify = {{ .Values.auth.tls.sslOptionsVerify }} + listeners.ssl.default = {{ .Values.service.ports.amqpTls }} + ssl_options.fail_if_no_peer_cert = {{ .Values.auth.tls.failIfNoPeerCert }} + ssl_options.cacertfile = /opt/bitnami/rabbitmq/certs/ca_certificate.pem + ssl_options.certfile = /opt/bitnami/rabbitmq/certs/server_certificate.pem + ssl_options.keyfile = /opt/bitnami/rabbitmq/certs/server_key.pem + {{- if .Values.auth.tls.sslOptionsPassword.enabled }} + ssl_options.password = {{ template "rabbitmq.tlsSslOptionsPassword" . }} + {{- end }} + {{- end }} + {{- if .Values.ldap.enabled }} + auth_backends.1.authn = ldap + auth_backends.1.authz = {{ ternary "ldap" "internal" .Values.ldap.authorisationEnabled }} + auth_backends.2 = internal + {{- $host := list }} + {{- $port := ternary 636 389 .Values.ldap.tls.enabled }} + {{- if .Values.ldap.uri }} + {{- $hostPort := get (urlParse .Values.ldap.uri) "host" }} + {{- $host = list (index (splitList ":" $hostPort) 0) -}} + {{- if (contains ":" $hostPort) }} + {{- $port = index (splitList ":" $hostPort) 1 -}} + {{- end }} + {{- end }} + {{- range $index, $server := concat $host .Values.ldap.servers }} + auth_ldap.servers.{{ add $index 1 }} = {{ $server }} + {{- end }} + auth_ldap.port = {{ coalesce .Values.ldap.port $port }} + {{- if or .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} + auth_ldap.user_dn_pattern = {{ coalesce .Values.ldap.user_dn_pattern .Values.ldap.userDnPattern }} + {{- end }} + {{- if .Values.ldap.basedn }} + auth_ldap.dn_lookup_base = {{ .Values.ldap.basedn }} + {{- end }} + {{- if .Values.ldap.uidField }} + auth_ldap.dn_lookup_attribute = {{ .Values.ldap.uidField }} + {{- end }} + {{- if .Values.ldap.binddn }} + auth_ldap.dn_lookup_bind.user_dn = {{ .Values.ldap.binddn }} + auth_ldap.dn_lookup_bind.password = {{ required "'ldap.bindpw' is required when 'ldap.binddn' is defined" .Values.ldap.bindpw }} + {{- end }} + {{- if .Values.ldap.tls.enabled }} + auth_ldap.use_ssl = {{ not .Values.ldap.tls.startTls }} + auth_ldap.use_starttls = {{ .Values.ldap.tls.startTls }} + {{- if .Values.ldap.tls.CAFilename }} + auth_ldap.ssl_options.cacertfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ .Values.ldap.tls.CAFilename }} + {{- end }} + {{- if .Values.ldap.tls.certFilename }} + auth_ldap.ssl_options.certfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ .Values.ldap.tls.certFilename }} + auth_ldap.ssl_options.keyfile = {{ .Values.ldap.tls.certificatesMountPath }}/{{ required "'ldap.tls.certKeyFilename' is required when 'ldap.tls.certFilename' is defined" .Values.ldap.tls.certKeyFilename }} + {{- end }} + {{- if .Values.ldap.tls.skipVerify }} + auth_ldap.ssl_options.verify = verify_none + auth_ldap.ssl_options.fail_if_no_peer_cert = false + {{- else if .Values.ldap.tls.verify }} + auth_ldap.ssl_options.verify = {{ .Values.ldap.tls.verify }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.metrics.enabled }} + ## Prometheus metrics + ## + prometheus.tcp.port = {{ .Values.containerPorts.metrics }} + {{- end }} + {{- if .Values.memoryHighWatermark.enabled }} + ## Memory Threshold + ## + total_memory_available_override_value = {{ include "rabbitmq.toBytes" .Values.resources.limits.memory }} + vm_memory_high_watermark.{{ .Values.memoryHighWatermark.type }} = {{ .Values.memoryHighWatermark.value }} + ## TCP Listen Options + ## + tcp_listen_options.backlog = {{ .Values.tcpListenOptions.backlog }} + tcp_listen_options.nodelay = {{ .Values.tcpListenOptions.nodelay }} + tcp_listen_options.linger.on = {{ .Values.tcpListenOptions.linger.lingerOn }} + tcp_listen_options.linger.timeout = {{ .Values.tcpListenOptions.linger.timeout }} + tcp_listen_options.keepalive = {{ .Values.tcpListenOptions.keepalive }} + {{- end }} + configurationExistingSecret: "" + containerPorts: + amqp: 5672 + amqpTls: 5671 + dist: 25672 + epmd: 4369 + manager: 15672 + metrics: 9419 + containerSecurityContext: + enabled: true + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + dnsConfig: {} + dnsPolicy: "" + enabled: true + extraConfiguration: | + load_definitions = /app/load_definition.json + extraConfigurationExistingSecret: "" + extraContainerPorts: [] + extraDeploy: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraPlugins: rabbitmq_auth_backend_ldap + extraSecrets: + load-definition: + load_definition.json: | + { + "users": [ + { + "name": "{{ .Values.auth.username }}", + "password": "{{ .Values.auth.password }}", + "tags": "administrator" + } + ], + "permissions": [{ + "user": "{{ .Values.auth.username }}", + "vhost": "/", + "configure": ".*", + "write": ".*", + "read": ".*" + }], + "policies": [ + { + "name": "ha-all", + "pattern": ".*", + "vhost": "/", + "definition": { + "ha-mode": "all", + "ha-sync-mode": "automatic", + "ha-sync-batch-size": 1 + } + } + ], + "vhosts": [ + { + "name": "/" + } + ] + } + extraSecretsPrependReleaseName: false + extraVolumeMounts: [] + extraVolumes: [] + featureFlags: "" + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + hostAliases: [] + image: + debug: false + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/rabbitmq + tag: 3.11.16-debian-11-r3 + ingress: + annotations: {} + enabled: false + existingSecret: "" + extraHosts: [] + extraPaths: [] + extraRules: [] + extraTls: [] + hostname: rabbitmq.local + ingressClassName: "" + path: / + pathType: ImplementationSpecific + secrets: [] + selfSigned: false + tls: false + initContainers: [] + initScripts: {} + initScriptsCM: "" + initScriptsSecret: "" + kubeVersion: "" + ldap: + authorisationEnabled: false + basedn: "" + binddn: "" + bindpw: "" + enabled: false + port: "" + servers: [] + tls: + CAFilename: "" + certFilename: "" + certKeyFilename: "" + certificatesMountPath: /opt/bitnami/rabbitmq/ldap/certs + certificatesSecret: "" + enabled: false + skipVerify: false + startTls: false + verify: verify_peer + uidField: "" + uri: "" + userDnPattern: "" + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 6 + initialDelaySeconds: 120 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 20 + loadDefinition: + enabled: true + existingSecret: load-definition + file: /app/load_definition.json + logs: '-' + maxAvailableSchedulers: "" + memoryHighWatermark: + enabled: false + type: relative + value: 0.4 + metrics: + enabled: false + plugins: rabbitmq_prometheus + podAnnotations: + prometheus.io/port: '{{ .Values.service.ports.metrics }}' + prometheus.io/scrape: "true" + prometheusRule: + additionalLabels: {} + enabled: false + namespace: "" + rules: [] + serviceMonitor: + annotations: {} + enabled: false + honorLabels: false + interval: 30s + jobLabel: "" + labels: {} + metricRelabelings: [] + namespace: "" + path: "" + podTargetLabels: {} + relabelings: [] + scrapeTimeout: "" + selector: {} + targetLabels: {} + nameOverride: "" + namespaceOverride: "" + networkPolicy: + additionalRules: [] + allowExternal: true + enabled: false + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + onlineSchedulers: "" + pdb: + create: true + maxUnavailable: "" + minAvailable: 1 + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + enabled: true + existingClaim: "" + labels: {} + mountPath: /bitnami/rabbitmq/mnesia + selector: {} + size: 8Gi + storageClass: "" + subPath: "" + plugins: rabbitmq_management rabbitmq_peer_discovery_k8s + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podManagementPolicy: OrderedReady + podSecurityContext: + enabled: true + fsGroup: 1001 + priorityClassName: "" + rbac: + create: true + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 20 + replicaCount: 3 + resources: + limits: {} + requests: {} + schedulerName: "" + service: + annotations: {} + annotationsHeadless: {} + clusterIP: "" + distPortEnabled: true + epmdPortEnabled: true + externalIPs: [] + externalTrafficPolicy: Cluster + extraPorts: [] + headless: + annotations: {} + labels: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + managerPortEnabled: true + nodePorts: + amqp: "" + amqpTls: "" + dist: "" + epmd: "" + manager: "" + metrics: "" + portEnabled: true + portNames: + amqp: amqp + amqpTls: amqp-tls + dist: dist + epmd: epmd + manager: http-stats + metrics: metrics + ports: + amqp: 5672 + amqpTls: 5671 + dist: 25672 + epmd: 4369 + manager: 15672 + metrics: 9419 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: true + name: "" + serviceBindings: + enabled: false + servicenameOverride: "" + sidecars: [] + startupProbe: + enabled: false + failureThreshold: 3 + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 20 + statefulsetAnnotations: {} + statefulsetLabels: {} + tcpListenOptions: + backlog: 128 + keepalive: false + linger: + lingerOn: true + timeout: 0 + nodelay: true + terminationGracePeriodSeconds: 120 + tolerations: [] + topologySpreadConstraints: [] + ulimitNofiles: "65536" + updateStrategy: + type: RollingUpdate + vhost: / + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r118 + resources: + limits: {} + requests: {} +redis: + architecture: replication + auth: + enabled: false + existingSecret: "" + existingSecretPasswordKey: "" + password: "" + sentinel: false + usePasswordFiles: false + clusterDomain: cluster.local + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + redis: + password: "" + storageClass: "" + commonAnnotations: {} + commonConfiguration: |- + # Enable AOF https://redis.io/topics/persistence#append-only-file + appendonly yes + # Disable RDB persistence, AOF persistence already enabled. + save "" + commonLabels: {} + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + enabled: true + existingConfigmap: "" + extraDeploy: [] + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + redis: + password: "" + storageClass: "" + image: + debug: false + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/redis + tag: 7.0.11-debian-11-r12 + kubeVersion: "" + master: + affinity: {} + args: [] + command: [] + configuration: "" + containerPorts: + redis: 6379 + containerSecurityContext: + enabled: true + runAsUser: 1001 + count: 1 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + disableCommands: + - FLUSHDB + - FLUSHALL + dnsConfig: {} + dnsPolicy: "" + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraFlags: [] + extraVolumeMounts: [] + extraVolumes: [] + hostAliases: [] + initContainers: [] + kind: StatefulSet + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + minReadySeconds: 0 + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataSource: {} + enabled: true + existingClaim: "" + labels: {} + medium: "" + path: /data + selector: {} + size: 8Gi + sizeLimit: "" + storageClass: "" + subPath: "" + subPathExpr: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podSecurityContext: + enabled: true + fsGroup: 1001 + preExecCmds: [] + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + resources: + limits: {} + requests: {} + schedulerName: "" + service: + annotations: {} + clusterIP: "" + externalIPs: [] + externalTrafficPolicy: Cluster + extraPorts: [] + internalTrafficPolicy: Cluster + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + redis: "" + ports: + redis: 6379 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: false + name: "" + shareProcessNamespace: false + sidecars: [] + startupProbe: + enabled: false + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + terminationGracePeriodSeconds: 30 + tolerations: [] + topologySpreadConstraints: [] + updateStrategy: + type: RollingUpdate + metrics: + command: [] + containerSecurityContext: + enabled: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + enabled: false + extraArgs: {} + extraEnvVars: [] + extraVolumeMounts: [] + extraVolumes: [] + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/redis-exporter + tag: 1.50.0-debian-11-r13 + livenessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + podAnnotations: + prometheus.io/port: "9121" + prometheus.io/scrape: "true" + podLabels: {} + prometheusRule: + additionalLabels: {} + enabled: false + namespace: "" + rules: [] + readinessProbe: + enabled: true + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + redisTargetHost: localhost + resources: + limits: {} + requests: {} + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + loadBalancerIP: "" + loadBalancerSourceRanges: [] + port: 9121 + type: ClusterIP + serviceMonitor: + additionalLabels: {} + enabled: false + honorLabels: false + interval: 30s + metricRelabelings: [] + namespace: "" + podTargetLabels: [] + relabellings: [] + scrapeTimeout: "" + startupProbe: + enabled: false + failureThreshold: 5 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + nameOverride: sentry-redis + nameResolutionThreshold: 5 + nameResolutionTimeout: 5 + networkPolicy: + allowExternal: true + enabled: false + extraEgress: [] + extraIngress: [] + ingressNSMatchLabels: {} + ingressNSPodMatchLabels: {} + pdb: + create: false + maxUnavailable: "" + minAvailable: 1 + podSecurityPolicy: + create: false + enabled: false + rbac: + create: false + rules: [] + replica: + affinity: {} + args: [] + autoscaling: + enabled: false + maxReplicas: 11 + minReplicas: 1 + targetCPU: "" + targetMemory: "" + command: [] + configuration: "" + containerPorts: + redis: 6379 + containerSecurityContext: + enabled: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + disableCommands: + - FLUSHDB + - FLUSHALL + dnsConfig: {} + dnsPolicy: "" + externalMaster: + enabled: false + host: "" + port: 6379 + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraFlags: [] + extraVolumeMounts: [] + extraVolumes: [] + hostAliases: [] + initContainers: [] + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + minReadySeconds: 0 + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataSource: {} + enabled: true + existingClaim: "" + labels: {} + medium: "" + path: /data + selector: {} + size: 8Gi + sizeLimit: "" + storageClass: "" + subPath: "" + subPathExpr: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podManagementPolicy: "" + podSecurityContext: + enabled: true + fsGroup: 1001 + preExecCmds: [] + priorityClassName: "" + readinessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + replicaCount: 3 + resources: + limits: {} + requests: {} + schedulerName: "" + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + internalTrafficPolicy: Cluster + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + redis: "" + ports: + redis: 6379 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: false + name: "" + shareProcessNamespace: false + sidecars: [] + startupProbe: + enabled: true + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + terminationGracePeriodSeconds: 30 + tolerations: [] + topologySpreadConstraints: [] + updateStrategy: + type: RollingUpdate + secretAnnotations: {} + sentinel: + annotations: {} + args: [] + automateClusterRecovery: false + command: [] + configuration: "" + containerPorts: + sentinel: 26379 + containerSecurityContext: + enabled: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + downAfterMilliseconds: 60000 + enabled: false + externalMaster: + enabled: false + host: "" + port: 6379 + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraVolumeMounts: [] + extraVolumes: [] + failoverTimeout: 180000 + getMasterTimeout: 220 + image: + debug: false + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/redis-sentinel + tag: 7.0.11-debian-11-r10 + lifecycleHooks: {} + livenessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + masterSet: mymaster + parallelSyncs: 1 + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataSource: {} + enabled: false + labels: {} + medium: "" + selector: {} + size: 100Mi + sizeLimit: "" + storageClass: "" + preExecCmds: [] + quorum: 2 + readinessProbe: + enabled: true + failureThreshold: 5 + initialDelaySeconds: 20 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 1 + redisShutdownWaitFailover: true + resources: + limits: {} + requests: {} + service: + annotations: {} + clusterIP: "" + externalTrafficPolicy: Cluster + extraPorts: [] + headless: + annotations: {} + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + redis: "" + sentinel: "" + ports: + redis: 6379 + sentinel: 26379 + sessionAffinity: None + sessionAffinityConfig: {} + type: ClusterIP + startupProbe: + enabled: true + failureThreshold: 22 + initialDelaySeconds: 10 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + terminationGracePeriodSeconds: 30 + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: true + name: "" + serviceBindings: + enabled: false + sysctl: + command: [] + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r118 + mountHostSys: false + resources: + limits: {} + requests: {} + tls: + authClients: true + autoGenerated: false + certCAFilename: "" + certFilename: "" + certKeyFilename: "" + certificatesSecret: "" + dhParamsFilename: "" + enabled: false + existingSecret: "" + useExternalDNS: + additionalAnnotations: {} + annotationKey: external-dns.alpha.kubernetes.io/ + enabled: false + suffix: "" + useHostnames: true + usePassword: false + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + digest: "" + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 11-debian-11-r118 + resources: + limits: {} + requests: {} +relay: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 5 + minReplicas: 2 + targetCPUUtilizationPercentage: 50 + containerSecurityContext: {} + env: [] + init: + resources: {} + mode: managed + nodeSelector: {} + probeFailureThreshold: 5 + probeInitialDelaySeconds: 10 + probePeriodSeconds: 10 + probeSuccessThreshold: 1 + probeTimeoutSeconds: 2 + replicas: 1 + resources: {} + securityContext: {} + service: + annotations: {} + sidecars: [] + volumeMounts: [] + volumes: [] +revisionHistoryLimit: 10 +sentry: + billingMetricsConsumer: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 3 + minReplicas: 1 + targetCPUUtilizationPercentage: 50 + containerSecurityContext: {} + env: [] + nodeSelector: {} replicas: 1 + resources: {} + securityContext: {} + sidecars: [] + volumes: [] + cleanup: + activeDeadlineSeconds: 100 + concurrency: 1 + concurrencyPolicy: Allow + days: 90 + enabled: true + failedJobsHistoryLimit: 5 + schedule: 0 0 * * * + serviceAccount: {} + sidecars: [] + successfulJobsHistoryLimit: 5 + volumes: [] + cron: + affinity: {} env: [] - probeInitialDelaySeconds: 10 + nodeSelector: {} + replicas: 1 resources: {} + sidecars: [] + volumes: [] + features: + orgSubdomains: false + vstsLimitedScopes: true + ingestConsumer: affinity: {} + autoscaling: + enabled: false + maxReplicas: 3 + minReplicas: 1 + targetCPUUtilizationPercentage: 50 + containerSecurityContext: {} + env: [] nodeSelector: {} + replicas: 1 + resources: {} securityContext: {} - # tolerations: [] - # podLabels: [] - # Mount and use custom CA - # customCA: - # secretName: custom-ca - # item: ca.crt - + sidecars: [] + volumes: [] + ingestMetricsConsumerPerf: + affinity: {} autoscaling: enabled: false - minReplicas: 2 - maxReplicas: 5 + maxReplicas: 3 + minReplicas: 1 targetCPUUtilizationPercentage: 50 - sidecars: [ ] - volumes: [ ] - - features: - orgSubdomains: false - vstsLimitedScopes: true - - worker: - replicas: 3 - # concurrency: 4 + containerSecurityContext: {} env: [] + nodeSelector: {} + replicas: 1 resources: {} + securityContext: {} + sidecars: [] + volumes: [] + ingestMetricsConsumerRh: affinity: {} - nodeSelector: {} - # tolerations: [] - # podLabels: [] - - # it's better to use prometheus adapter and scale based on - # the size of the rabbitmq queue autoscaling: enabled: false - minReplicas: 2 - maxReplicas: 5 + maxReplicas: 3 + minReplicas: 1 targetCPUUtilizationPercentage: 50 - sidecars: [ ] - volumes: [ ] - - ingestConsumer: - replicas: 1 - # concurrency: 4 + containerSecurityContext: {} env: [] + nodeSelector: {} + replicas: 1 resources: {} + securityContext: {} + sidecars: [] + volumes: [] + ingestMonitors: affinity: {} + autoscaling: + enabled: false + maxReplicas: 3 + minReplicas: 1 + targetCPUUtilizationPercentage: 50 + containerSecurityContext: {} + env: [] nodeSelector: {} + replicas: 1 + resources: {} securityContext: {} - # tolerations: [] - # podLabels: [] - - # it's better to use prometheus adapter and scale based on - # the size of the rabbitmq queue + sidecars: [] + volumes: [] + ingestReplayRecordings: + affinity: {} autoscaling: enabled: false - minReplicas: 1 maxReplicas: 3 + minReplicas: 1 targetCPUUtilizationPercentage: 50 - sidecars: [ ] - volumes: [ ] - cron: - replicas: 1 + containerSecurityContext: {} env: [] + nodeSelector: {} + replicas: 1 resources: {} + securityContext: {} + sidecars: [] + volumes: [] + postProcessForwardErrors: affinity: {} + containerSecurityContext: {} + env: [] nodeSelector: {} - # tolerations: [] - # podLabels: [] - sidecars: [ ] - volumes: [ ] - postProcessForward: replicas: 1 - env: [] resources: {} + securityContext: {} + sidecars: [] + volumes: [] + postProcessForwardTransactions: affinity: {} + containerSecurityContext: {} + env: [] nodeSelector: {} + replicas: 1 + resources: {} securityContext: {} - # tolerations: [] - # podLabels: [] - # commitBatchSize: 1 - sidecars: [ ] - volumes: [ ] - cleanup: - enabled: true - schedule: "0 0 * * *" - days: 90 sidecars: [] volumes: [] - -snuba: - api: + singleOrganization: true + subscriptionConsumerEvents: + affinity: {} + containerSecurityContext: {} + env: [] + nodeSelector: {} replicas: 1 + resources: {} + securityContext: {} + sidecars: [] + volumes: [] + subscriptionConsumerSessions: + affinity: {} + containerSecurityContext: {} env: [] - probeInitialDelaySeconds: 10 + nodeSelector: {} + replicas: 1 resources: {} + securityContext: {} + sidecars: [] + volumes: [] + subscriptionConsumerTransactions: affinity: {} + containerSecurityContext: {} + env: [] nodeSelector: {} + replicas: 1 + resources: {} securityContext: {} - # tolerations: [] - # podLabels: [] - + sidecars: [] + volumes: [] + web: + affinity: {} autoscaling: enabled: false - minReplicas: 2 maxReplicas: 5 + minReplicas: 2 targetCPUUtilizationPercentage: 50 - sidecars: [ ] - volumes: [ ] - - consumer: + containerSecurityContext: {} + env: [] + nodeSelector: {} + probeFailureThreshold: 5 + probeInitialDelaySeconds: 10 + probePeriodSeconds: 10 + probeSuccessThreshold: 1 + probeTimeoutSeconds: 2 replicas: 1 + resources: {} + securityContext: {} + service: + annotations: {} + sidecars: [] + strategyType: RollingUpdate + volumeMounts: [] + volumes: [] + worker: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 5 + minReplicas: 2 + targetCPUUtilizationPercentage: 50 env: [] + livenessProbe: + enabled: false + failureThreshold: 3 + periodSeconds: 60 + timeoutSeconds: 10 + nodeSelector: {} + replicas: 3 resources: {} + sidecars: [] + volumeMounts: [] + volumes: [] +service: + annotations: {} + externalPort: 9000 + name: sentry + type: ClusterIP +serviceAccount: + annotations: {} + automountServiceAccountToken: true + enabled: false + name: sentry +slack: {} +snuba: + api: affinity: {} + autoscaling: + enabled: false + maxReplicas: 5 + minReplicas: 2 + targetCPUUtilizationPercentage: 50 + command: [] + containerSecurityContext: {} + env: [] + liveness: + timeoutSeconds: 2 nodeSelector: {} - securityContext: {} - # tolerations: [] - # podLabels: [] - - outcomesConsumer: + probeInitialDelaySeconds: 10 + readiness: + timeoutSeconds: 2 replicas: 1 - env: [] resources: {} + securityContext: {} + service: + annotations: {} + sidecars: [] + volumes: [] + consumer: affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} + env: [] nodeSelector: {} - securityContext: {} - # tolerations: [] - # podLabels: [] - - replacer: replicas: 1 - env: [] resources: {} + securityContext: {} + dbInitJob: + env: [] + migrateJob: + env: [] + outcomesConsumer: affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} + env: [] + maxBatchSize: "3" nodeSelector: {} - securityContext: {} - # tolerations: [] - # podLabels: [] - - sessionsConsumer: replicas: 1 - env: [] resources: {} + securityContext: {} + replacer: affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} + env: [] nodeSelector: {} - securityContext: {} - # tolerations: [] - # podLabels: [] - - transactionsConsumer: replicas: 1 - env: [] resources: {} + securityContext: {} + replaysConsumer: affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} + env: [] nodeSelector: {} + replicas: 1 + resources: {} securityContext: {} - # tolerations: [] - # podLabels: [] - - dbInitJob: - env: [] - - migrateJob: - env: [] - - cleanupErrors: - enabled: true - schedule: "0 * * * *" - sidecars: [] - volumes: [] - - cleanupTransactions: - enabled: true - schedule: "0 * * * *" - sidecars: [] - volumes: [] - -hooks: - enabled: true - removeOnSuccess: true - clickhouseInit: - podAnnotations: {} - dbCheck: - image: - # repository: subfuzion/netcat - # tag: latest - # pullPolicy: IfNotPresent - imagePullSecrets: [] + sessionsConsumer: + affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} env: [] - podAnnotations: {} - resources: - limits: - memory: 64Mi - requests: - cpu: 100m - memory: 64Mi - dbInit: + nodeSelector: {} + replicas: 1 + resources: {} + securityContext: {} + subscriptionConsumerEvents: + affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} env: [] - podAnnotations: {} - resources: - limits: - memory: 2048Mi - requests: - cpu: 300m - memory: 2048Mi - sidecars: [ ] - volumes: [ ] - snubaInit: - podAnnotations: {} - resources: - limits: - cpu: 2000m - memory: 1Gi - requests: - cpu: 700m - memory: 1Gi - -system: - ## be sure to include the scheme on the url, for example: "https://sentry.example.com" - url: "" - adminEmail: "" - ## This should only be used if you’re installing Sentry behind your company’s firewall. - public: false - ## This will generate one for you (it's must be given upon updates) - #secretKey: "xx" - -mail: - backend: dummy # smtp - useTls: false - username: "" - password: "" - port: 25 - host: "" - from: "" - -symbolicator: - enabled: false - api: + nodeSelector: {} + replicas: 1 + resources: {} + securityContext: {} + subscriptionConsumerSessions: + affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} + env: [] + nodeSelector: {} replicas: 1 + resources: {} + securityContext: {} + sidecars: [] + volumes: [] + subscriptionConsumerTransactions: + affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} env: [] - probeInitialDelaySeconds: 10 + nodeSelector: {} + replicas: 1 resources: {} + securityContext: {} + transactionsConsumer: affinity: {} + autoOffsetReset: earliest + containerSecurityContext: {} + env: [] nodeSelector: {} + replicas: 1 + resources: {} securityContext: {} - # tolerations: [] - # podLabels: [] - # priorityClassName: "xxx" +sourcemaps: + enabled: false +symbolicator: + api: + affinity: {} + autoscaling: + enabled: false + maxReplicas: 5 + minReplicas: 2 + targetCPUUtilizationPercentage: 50 config: |- # See: https://getsentry.github.io/symbolicator/#configuration cache_dir: "/data" @@ -338,385 +3339,261 @@ symbolicator: # retry_malformed_after: 5m # diagnostics: # retention: 1w - - # TODO autoscaling in not yet implemented - autoscaling: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetCPUUtilizationPercentage: 50 - # TODO The cleanup cronjob is not yet implemented + containerSecurityContext: {} + env: [] + nodeSelector: {} + probeInitialDelaySeconds: 10 + replicas: 1 + resources: {} + securityContext: {} cleanup: enabled: false - # podLabels: [] - # affinity: {} - # env: [] - -auth: - register: true - -service: - name: sentry - type: ClusterIP - externalPort: 9000 - annotations: {} - # externalIPs: - # - 192.168.0.1 - # loadBalancerSourceRanges: [] - -github: {} # https://github.com/settings/apps (Create a Github App) -# github: -# appId: "xxxx" -# appName: MyAppName -# clientId: "xxxxx" -# clientSecret: "xxxxx" -# privateKey: "-----BEGIN RSA PRIVATE KEY-----\nMIIEpA" !!!! Don't forget a trailing \n -# webhookSecret: "xxxxx`" - -google: {} # https://developers.google.com/identity/sign-in/web/server-side-flow#step_1_create_a_client_id_and_client_secret -# google: -# clientId: -# clientSecret: - -slack: {} -# slack: -# clientId: -# clientSecret: -# signingSecret: -# Reference -> https://develop.sentry.dev/integrations/slack/ - -nginx: - enabled: true - containerPort: 8080 - existingServerBlockConfigmap: '{{ template "sentry.fullname" . }}' - resources: {} - replicaCount: 1 - service: - type: ClusterIP - port: 80 - -ingress: enabled: false - className: "" - pathType: Prefix - # If you are using traefik ingress controller, switch this to 'traefik' - # if you are using AWS ALB Ingress controller, switch this to 'aws-alb' - regexPathStyle: nginx - #If you are using AWS ALB Ingress controller, switch to true if you want activate the http to https redirection. - alb: - httpRedirect: false - # annotations: - # If you are using nginx ingress controller, please use at least those 2 annotations - # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/use-regex: "true" - # - # hostname: - # - # tls: - # - secretName: - # hosts: - -filestore: - # Set to one of filesystem, gcs or s3 as supported by Sentry. - backend: filesystem - - filesystem: - path: /var/lib/sentry/files - - ## Enable persistence using Persistent Volume Claims - ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ - ## - persistence: - enabled: true - ## database data Persistent Volume Storage Class - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## - # storageClass: "-" - accessMode: ReadWriteOnce - size: 10Gi - - ## Whether to mount the persistent volume to the Sentry worker and - ## cron deployments. This setting needs to be enabled for some advanced - ## Sentry features, such as private source maps. If you disable this - ## setting, the Sentry workers will not have access to artifacts you upload - ## through the web deployment. - ## Please note that you may need to change your accessMode to ReadWriteMany - ## if you plan on having the web, worker and cron deployments run on - ## different nodes. - persistentWorkers: false - - gcs: {} - ## Point this at a pre-configured secret containing a service account. The resulting - ## secret will be mounted at /var/run/secrets/google - # secretName: - # credentialsFile: credentials.json - # bucketName: - - ## Currently unconfigured and changing this has no impact on the template configuration. - s3: {} - # accessKey: - # secretKey: - # bucketName: - # endpointUrl: - # signature_version: - # region_name: - # default_acl: - -config: - # No YAML Extension Config Given - configYml: {} - sentryConfPy: | - # No Python Extension Config Given - snubaSettingsPy: | - # No Python Extension Config Given - relay: | - # No YAML relay config given - -clickhouse: - enabled: true - clickhouse: - imageVersion: "20.8.9.6" - configmap: - remote_servers: - internal_replication: true - replica: - backup: - enabled: false - users: - enabled: false - user: - # the first user will be used if enabled - - name: default - config: - password: "" - networks: - - ::/0 - profile: default - quota: default - - persistentVolumeClaim: - enabled: true - dataPersistentVolume: - enabled: true - accessModes: - - "ReadWriteOnce" - storage: "30Gi" - -## This value is only used when clickhouse.enabled is set to false -## -externalClickhouse: - ## Hostname or ip address of external clickhouse - ## - host: "clickhouse" - tcpPort: 9000 - httpPort: 8123 - username: default - password: "" - database: default - ## Cluster name, can be found in config - ## (https://clickhouse.tech/docs/en/operations/server-configuration-parameters/settings/#server-settings-remote-servers) - ## or by executing `select * from system.clusters` - ## - # clusterName: test_shard_localhost - -# Settings for Kafka. -# See https://github.com/bitnami/charts/tree/master/bitnami/kafka -kafka: - enabled: true - replicaCount: 3 - allowPlaintextListener: true - defaultReplicationFactor: 3 - offsetsTopicReplicationFactor: 3 - transactionStateLogReplicationFactor: 3 - transactionStateLogMinIsr: 3 - # 50 MB - maxMessageBytes: "50000000" - # 50 MB - socketRequestMaxBytes: "50000000" - - service: - port: 9092 - -## This value is only used when kafka.enabled is set to false -## -externalKafka: - ## Hostname or ip address of external kafka - ## - # host: "kafka-confluent" - port: 9092 - -redis: - enabled: true - nameOverride: sentry-redis - usePassword: false - ## Just omit the password field if your redis cluster doesn't use password - # password: redis - master: - persistence: - enabled: true - -## This value is only used when redis.enabled is set to false -## -externalRedis: - ## Hostname or ip address of external redis cluster - ## - # host: "redis" - port: 6379 - ## Just omit the password field if your redis cluster doesn't use password - # password: redis - -postgresql: - enabled: true - nameOverride: sentry-postgresql - postgresqlUsername: postgres - postgresqlDatabase: sentry - replication: - enabled: false - readReplicas: 2 - synchronousCommit: "on" - numSynchronousReplicas: 1 - applicationName: sentry - -## This value is only used when postgresql.enabled is set to false -## -externalPostgresql: - # host: postgres - port: 5432 - username: postgres - # password: postgres - database: sentry - # sslMode: require - -rabbitmq: - ## If disabled, Redis will be used instead as the broker. - enabled: true - vhost: / - clustering: - forceBoot: true - rebalance: true - replicaCount: 3 +system: + adminEmail: "" + public: false + url: "" +user: + create: true + email: admin@sentry.local + password: aaaa +zookeeper: + affinity: {} + args: [] auth: - erlangCookie: pHgpy3Q6adTskzAT6bLHCFqFTF7lMxhA - username: guest - password: guest - nameOverride: "" - - pdb: - create: true - persistence: - enabled: true - resources: {} - memoryHighWatermark: {} - # enabled: true - # type: relative - # value: 0.4 - - extraSecrets: - load-definition: - load_definition.json: | - { - "users": [ - { - "name": "{{ .Values.auth.username }}", - "password": "{{ .Values.auth.password }}", - "tags": "administrator" - } - ], - "permissions": [{ - "user": "{{ .Values.auth.username }}", - "vhost": "/", - "configure": ".*", - "write": ".*", - "read": ".*" - }], - "policies": [ - { - "name": "ha-all", - "pattern": ".*", - "vhost": "/", - "definition": { - "ha-mode": "all", - "ha-sync-mode": "automatic", - "ha-sync-batch-size": 1 - } - } - ], - "vhosts": [ - { - "name": "/" - } - ] - } - loadDefinition: + clientPassword: "" + clientUser: "" + enabled: false + existingSecret: "" + serverPasswords: "" + serverUsers: "" + autopurge: + purgeInterval: 0 + snapRetainCount: 3 + clusterDomain: cluster.local + command: + - /scripts/setup.sh + common: + exampleValue: common-chart + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + commonAnnotations: {} + commonLabels: {} + configuration: "" + containerPorts: + client: 2181 + election: 3888 + follower: 2888 + tls: 3181 + containerSecurityContext: enabled: true - existingSecret: load-definition - extraConfiguration: | - load_definitions = /app/load_definition.json - - -## Prometheus Exporter / Metrics -## -metrics: - enabled: false - - ## Configure extra options for liveness and readiness probes - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + runAsNonRoot: true + runAsUser: 1001 + customLivenessProbe: {} + customReadinessProbe: {} + customStartupProbe: {} + dataLogDir: "" + diagnosticMode: + args: + - infinity + command: + - sleep + enabled: false + enabled: true + existingConfigmap: "" + extraDeploy: [] + extraEnvVars: [] + extraEnvVarsCM: "" + extraEnvVarsSecret: "" + extraVolumeMounts: [] + extraVolumes: [] + fourlwCommandsWhitelist: srvr, mntr, ruok + fullnameOverride: "" + global: + imagePullSecrets: [] + imageRegistry: "" + storageClass: "" + heapSize: 1024 + hostAliases: [] + image: + debug: false + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/zookeeper + tag: 3.8.0-debian-10-r0 + initContainers: [] + initLimit: 10 + jvmFlags: "" + kubeVersion: "" + lifecycleHooks: {} + listenOnAllIPs: false livenessProbe: enabled: true + failureThreshold: 6 initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 3 + periodSeconds: 10 + probeCommandTimeout: 2 successThreshold: 1 + timeoutSeconds: 5 + logLevel: ERROR + maxClientCnxns: 60 + maxSessionTimeout: 40000 + metrics: + containerPort: 9141 + enabled: false + prometheusRule: + additionalLabels: {} + enabled: false + namespace: "" + rules: [] + service: + annotations: + prometheus.io/path: /metrics + prometheus.io/port: '{{ .Values.metrics.service.port }}' + prometheus.io/scrape: "true" + port: 9141 + type: ClusterIP + serviceMonitor: + additionalLabels: {} + enabled: false + honorLabels: false + interval: "" + jobLabel: "" + metricRelabelings: [] + namespace: "" + relabelings: [] + scrapeTimeout: "" + selector: {} + minServerId: 1 + nameOverride: zookeeper-clickhouse + namespaceOverride: "" + networkPolicy: + allowExternal: true + enabled: false + nodeAffinityPreset: + key: "" + type: "" + values: [] + nodeSelector: {} + pdb: + create: false + maxUnavailable: 1 + minAvailable: "" + persistence: + accessModes: + - ReadWriteOnce + annotations: {} + dataLogDir: + existingClaim: "" + selector: {} + size: 8Gi + enabled: true + existingClaim: "" + selector: {} + size: 8Gi + storageClass: "" + podAffinityPreset: "" + podAnnotations: {} + podAntiAffinityPreset: soft + podLabels: {} + podManagementPolicy: Parallel + podSecurityContext: + enabled: true + fsGroup: 1001 + preAllocSize: 65536 + priorityClassName: "" readinessProbe: enabled: true - initialDelaySeconds: 30 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 3 + failureThreshold: 6 + initialDelaySeconds: 5 + periodSeconds: 10 + probeCommandTimeout: 2 successThreshold: 1 - - ## Metrics exporter resource requests and limits - ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ - resources: {} - # limits: - # cpu: 100m - # memory: 100Mi - # requests: - # cpu: 100m - # memory: 100Mi - - nodeSelector: {} - tolerations: [] - affinity: {} - securityContext: {} - # schedulerName: - # Optional extra labels for pod, i.e. redis-client: "true" - # podLabels: [] + timeoutSeconds: 5 + replicaCount: 3 + resources: + limits: {} + requests: + cpu: 250m + memory: 256Mi + schedulerName: "" service: + annotations: {} + clusterIP: "" + disableBaseClientPort: false + externalTrafficPolicy: Cluster + extraPorts: [] + headless: + annotations: {} + publishNotReadyAddresses: true + loadBalancerIP: "" + loadBalancerSourceRanges: [] + nodePorts: + client: "" + tls: "" + ports: + client: 2181 + election: 3888 + follower: 2888 + tls: 3181 + sessionAffinity: None type: ClusterIP - labels: {} - - image: - repository: prom/statsd-exporter - tag: v0.17.0 - pullPolicy: IfNotPresent - - # Enable this if you're using https://github.com/coreos/prometheus-operator - serviceMonitor: + serviceAccount: + annotations: {} + automountServiceAccountToken: true + create: false + name: "" + sidecars: [] + snapCount: 100000 + startupProbe: enabled: false - additionalLabels: {} - namespace: "" - namespaceSelector: {} - # Default: scrape .Release.Namespace only - # To scrape all, use the following: - # namespaceSelector: - # any: true - scrapeInterval: 30s - # honorLabels: true - -revisionHistoryLimit: 10 + failureThreshold: 15 + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 1 + syncLimit: 5 + tickTime: 2000 + tls: + client: + autoGenerated: false + enabled: false + existingSecret: "" + keystorePassword: "" + keystorePath: /opt/bitnami/zookeeper/config/certs/client/zookeeper.keystore.jks + passwordsSecretName: "" + truststorePassword: "" + truststorePath: /opt/bitnami/zookeeper/config/certs/client/zookeeper.truststore.jks + quorum: + autoGenerated: false + enabled: false + existingSecret: "" + keystorePassword: "" + keystorePath: /opt/bitnami/zookeeper/config/certs/quorum/zookeeper.keystore.jks + passwordsSecretName: "" + truststorePassword: "" + truststorePath: /opt/bitnami/zookeeper/config/certs/quorum/zookeeper.truststore.jks + resources: + limits: {} + requests: {} + tolerations: [] + topologySpreadConstraints: {} + updateStrategy: + rollingUpdate: {} + type: RollingUpdate + volumePermissions: + containerSecurityContext: + runAsUser: 0 + enabled: false + image: + pullPolicy: IfNotPresent + pullSecrets: [] + registry: docker.io + repository: bitnami/bitnami-shell + tag: 10-debian-10-r368 + resources: + limits: {} + requests: {}