From b3d2780e43cd673cb77bf5bfcfe6c3efdd3acea1 Mon Sep 17 00:00:00 2001 From: David Blane <32327139+dblane-digicatapult@users.noreply.github.com> Date: Tue, 21 Feb 2023 10:01:03 +0000 Subject: [PATCH] Added wasp-ws-reading-service (#22) * Added wasp-ws-reading-service * Changed template name of kafka.listenerType template and bumped several charts to new versions. --- README.md | 6 +- charts/wasp-event-service/Chart.yaml | 2 +- .../wasp-event-service/templates/_helpers.tpl | 8 +- charts/wasp-reading-service/Chart.yaml | 2 +- .../templates/_helpers.tpl | 8 +- charts/wasp-routing-service/Chart.yaml | 2 +- .../templates/_helpers.tpl | 8 +- charts/wasp-ws-event-service/Chart.yaml | 2 +- .../templates/_helpers.tpl | 8 +- charts/wasp-ws-reading-service/.helmignore | 21 + charts/wasp-ws-reading-service/Chart.lock | 9 +- charts/wasp-ws-reading-service/Chart.yaml | 38 +- charts/wasp-ws-reading-service/README.md | 323 ++++++++ .../wasp-ws-reading-service/ci/ct-values.yaml | 4 - .../templates/NOTES.txt | 59 ++ .../templates/_helpers.tpl | 167 ++-- .../templates/configmap.yaml | 15 - .../templates/deployment.yaml | 224 ++++-- .../templates/extra-list.yaml | 4 + .../templates/hpa.yaml | 47 ++ .../templates/ingress.yaml | 77 +- .../templates/pdb.yaml | 26 + .../templates/secret.yaml | 7 - .../templates/service-account.yaml | 22 + .../templates/service.yaml | 57 +- .../templates/tls-secret.yaml | 46 ++ charts/wasp-ws-reading-service/values.yaml | 725 +++++++++++++++++- 27 files changed, 1702 insertions(+), 215 deletions(-) create mode 100644 charts/wasp-ws-reading-service/.helmignore create mode 100644 charts/wasp-ws-reading-service/README.md delete mode 100644 charts/wasp-ws-reading-service/ci/ct-values.yaml create mode 100644 charts/wasp-ws-reading-service/templates/NOTES.txt delete mode 100644 charts/wasp-ws-reading-service/templates/configmap.yaml create mode 100644 charts/wasp-ws-reading-service/templates/extra-list.yaml create mode 100644 charts/wasp-ws-reading-service/templates/hpa.yaml create mode 100644 charts/wasp-ws-reading-service/templates/pdb.yaml delete mode 100644 charts/wasp-ws-reading-service/templates/secret.yaml create mode 100644 charts/wasp-ws-reading-service/templates/service-account.yaml create mode 100644 charts/wasp-ws-reading-service/templates/tls-secret.yaml diff --git a/README.md b/README.md index 00d75c6a..45c7d307 100644 --- a/README.md +++ b/README.md @@ -12,8 +12,8 @@ A collection of [helm](https://helm.sh) charts created by [Digital Catapult](htt * [wasp-routing-service](charts/wasp-routing-service/README.md) - Deploy wasp-routing-service * [wasp-authentication-service](charts/wasp-authentication-service/README.md) - Deploy wasp-authentication-service * [wasp-thing-service](charts/wasp-thing-service/README.md) - Deploy wasp-thing-service -* [wasp-user-service](charts/wasp-user-service/Chart.yaml) - Deploy wasp-user-service +* [wasp-user-service](charts/wasp-user-service/README.md) - Deploy wasp-user-service * [wasp-reading-service](charts/wasp-reading-service/README.md) - Deploy wasp-reading-service * [wasp-event-service](charts/wasp-event-service/README.md) - Deploy wasp-event-service -* [wasp-ws-event-service](charts/wasp-ws-event-service/Chart.yaml) - Deploy wasp-ws-event-service -* [wasp-ws-reading-service](charts/wasp-ws-reading-service/Chart.yaml) - Deploy wasp-ws-reading-service +* [wasp-ws-event-service](charts/wasp-ws-event-service/README.md) - Deploy wasp-ws-event-service +* [wasp-ws-reading-service](charts/wasp-ws-reading-service/README.md) - Deploy wasp-ws-reading-service diff --git a/charts/wasp-event-service/Chart.yaml b/charts/wasp-event-service/Chart.yaml index 9381f626..fc1f6a46 100644 --- a/charts/wasp-event-service/Chart.yaml +++ b/charts/wasp-event-service/Chart.yaml @@ -29,4 +29,4 @@ maintainers: name: wasp-event-service sources: - https://github.com/digicatapult/wasp-event-service -version: 1.0.0 +version: 1.0.1 diff --git a/charts/wasp-event-service/templates/_helpers.tpl b/charts/wasp-event-service/templates/_helpers.tpl index 3a7d2720..994d7bce 100644 --- a/charts/wasp-event-service/templates/_helpers.tpl +++ b/charts/wasp-event-service/templates/_helpers.tpl @@ -55,9 +55,9 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{/* Return the type of listener Usage: -{{ include "wasp-event-service.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} +{{ include "wasp-event-service.kafka.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} */}} -{{- define "wasp-event-service.listenerType" -}} +{{- define "wasp-event-service.kafka.listenerType" -}} {{- if eq .protocol "plaintext" -}} PLAINTEXT {{- else if or (eq .protocol "tls") (eq .protocol "mtls") -}} @@ -267,7 +267,7 @@ wasp-event-service: {{/* Validate values of Schema Registry - SASL authentication */}} {{- define "wasp-event-service.validateValues.authentication.sasl" -}} -{{- $kafkaProtocol := include "wasp-event-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-event-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if .Values.kafka.enabled }} {{- if and (contains "SASL" $kafkaProtocol) (or (not .Values.kafka.auth.sasl.jaas.clientUsers) (not .Values.kafka.auth.sasl.jaas.clientPasswords)) }} wasp-event-service: kafka.auth.jaas.clientUsers kafka.auth.jaas.clientPasswords @@ -287,7 +287,7 @@ wasp-event-service: externalKafka.auth.jaas.user externalKafka.auth.jaas.passwor {{/* Validate values of Schema Registry - TLS authentication */}} {{- define "wasp-event-service.validateValues.authentication.tls" -}} -{{- $kafkaProtocol := include "wasp-event-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-event-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if and (contains "SSL" $kafkaProtocol) (not .Values.kafka.auth.jksSecret) }} kafka: auth.kafka.jksSecret A secret containing the Schema Registry JKS files is required when TLS encryption in enabled diff --git a/charts/wasp-reading-service/Chart.yaml b/charts/wasp-reading-service/Chart.yaml index 985da349..8a28fc1c 100644 --- a/charts/wasp-reading-service/Chart.yaml +++ b/charts/wasp-reading-service/Chart.yaml @@ -29,4 +29,4 @@ maintainers: name: wasp-reading-service sources: - https://github.com/digicatapult/wasp-reading-service -version: 1.0.0 +version: 1.0.1 diff --git a/charts/wasp-reading-service/templates/_helpers.tpl b/charts/wasp-reading-service/templates/_helpers.tpl index b66db398..c0666aa7 100644 --- a/charts/wasp-reading-service/templates/_helpers.tpl +++ b/charts/wasp-reading-service/templates/_helpers.tpl @@ -55,9 +55,9 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{/* Return the type of listener Usage: -{{ include "wasp-reading-service.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} +{{ include "wasp-reading-service.kafka.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} */}} -{{- define "wasp-reading-service.listenerType" -}} +{{- define "wasp-reading-service.kafka.listenerType" -}} {{- if eq .protocol "plaintext" -}} PLAINTEXT {{- else if or (eq .protocol "tls") (eq .protocol "mtls") -}} @@ -267,7 +267,7 @@ wasp-reading-service: {{/* Validate values of Schema Registry - SASL authentication */}} {{- define "wasp-reading-service.validateValues.authentication.sasl" -}} -{{- $kafkaProtocol := include "wasp-reading-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-reading-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if .Values.kafka.enabled }} {{- if and (contains "SASL" $kafkaProtocol) (or (not .Values.kafka.auth.sasl.jaas.clientUsers) (not .Values.kafka.auth.sasl.jaas.clientPasswords)) }} wasp-reading-service: kafka.auth.jaas.clientUsers kafka.auth.jaas.clientPasswords @@ -287,7 +287,7 @@ wasp-reading-service: externalKafka.auth.jaas.user externalKafka.auth.jaas.passw {{/* Validate values of Schema Registry - TLS authentication */}} {{- define "wasp-reading-service.validateValues.authentication.tls" -}} -{{- $kafkaProtocol := include "wasp-reading-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-reading-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if and (contains "SSL" $kafkaProtocol) (not .Values.kafka.auth.jksSecret) }} kafka: auth.kafka.jksSecret A secret containing the Schema Registry JKS files is required when TLS encryption in enabled diff --git a/charts/wasp-routing-service/Chart.yaml b/charts/wasp-routing-service/Chart.yaml index b0162168..53d7e945 100644 --- a/charts/wasp-routing-service/Chart.yaml +++ b/charts/wasp-routing-service/Chart.yaml @@ -24,4 +24,4 @@ maintainers: name: wasp-routing-service sources: - https://github.com/digicatapult/wasp-routing-service -version: 3.0.0 +version: 3.0.1 diff --git a/charts/wasp-routing-service/templates/_helpers.tpl b/charts/wasp-routing-service/templates/_helpers.tpl index 0e2fd59e..9ce533c7 100644 --- a/charts/wasp-routing-service/templates/_helpers.tpl +++ b/charts/wasp-routing-service/templates/_helpers.tpl @@ -14,9 +14,9 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{/* Return the type of listener Usage: -{{ include "wasp-routing-service.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} +{{ include "wasp-routing-service.kafka.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} */}} -{{- define "wasp-routing-service.listenerType" -}} +{{- define "wasp-routing-service.kafka.listenerType" -}} {{- if eq .protocol "plaintext" -}} PLAINTEXT {{- else if or (eq .protocol "tls") (eq .protocol "mtls") -}} @@ -126,7 +126,7 @@ Compile all warnings into a single message, and call fail. {{/* Validate values of Schema Registry - SASL authentication */}} {{- define "wasp-routing-service.validateValues.authentication.sasl" -}} -{{- $kafkaProtocol := include "wasp-routing-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-routing-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if .Values.kafka.enabled }} {{- if and (contains "SASL" $kafkaProtocol) (or (not .Values.kafka.auth.sasl.jaas.clientUsers) (not .Values.kafka.auth.sasl.jaas.clientPasswords)) }} wasp-routing-service: kafka.auth.jaas.clientUsers kafka.auth.jaas.clientPasswords @@ -146,7 +146,7 @@ wasp-routing-service: externalKafka.auth.jaas.user externalKafka.auth.jaas.passw {{/* Validate values of Schema Registry - TLS authentication */}} {{- define "wasp-routing-service.validateValues.authentication.tls" -}} -{{- $kafkaProtocol := include "wasp-routing-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-routing-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if and (contains "SSL" $kafkaProtocol) (not .Values.auth.kafka.jksSecret) }} kafka: auth.kafka.jksSecret A secret containing the Schema Registry JKS files is required when TLS encryption in enabled diff --git a/charts/wasp-ws-event-service/Chart.yaml b/charts/wasp-ws-event-service/Chart.yaml index 304410e9..8c089a5c 100644 --- a/charts/wasp-ws-event-service/Chart.yaml +++ b/charts/wasp-ws-event-service/Chart.yaml @@ -25,4 +25,4 @@ maintainers: name: wasp-ws-event-service sources: - https://github.com/digicatapult/wasp-ws-event-service -version: 1.0.0 +version: 1.0.1 diff --git a/charts/wasp-ws-event-service/templates/_helpers.tpl b/charts/wasp-ws-event-service/templates/_helpers.tpl index 8742a2bb..4ab524ed 100644 --- a/charts/wasp-ws-event-service/templates/_helpers.tpl +++ b/charts/wasp-ws-event-service/templates/_helpers.tpl @@ -40,9 +40,9 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{/* Return the type of listener Usage: -{{ include "wasp-ws-event-service.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} +{{ include "wasp-ws-event-service.kafka.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} */}} -{{- define "wasp-ws-event-service.listenerType" -}} +{{- define "wasp-ws-event-service.kafka.listenerType" -}} {{- if eq .protocol "plaintext" -}} PLAINTEXT {{- else if or (eq .protocol "tls") (eq .protocol "mtls") -}} @@ -113,7 +113,7 @@ Compile all warnings into a single message, and call fail. {{/* Validate values of Schema Registry - SASL authentication */}} {{- define "wasp-ws-event-service.validateValues.authentication.sasl" -}} -{{- $kafkaProtocol := include "wasp-ws-event-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-ws-event-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if .Values.kafka.enabled }} {{- if and (contains "SASL" $kafkaProtocol) (or (not .Values.kafka.auth.sasl.jaas.clientUsers) (not .Values.kafka.auth.sasl.jaas.clientPasswords)) }} wasp-ws-event-service: kafka.auth.jaas.clientUsers kafka.auth.jaas.clientPasswords @@ -133,7 +133,7 @@ wasp-ws-event-service: externalKafka.auth.jaas.user externalKafka.auth.jaas.pass {{/* Validate values of Schema Registry - TLS authentication */}} {{- define "wasp-ws-event-service.validateValues.authentication.tls" -}} -{{- $kafkaProtocol := include "wasp-ws-event-service.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- $kafkaProtocol := include "wasp-ws-event-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} {{- if and (contains "SSL" $kafkaProtocol) (not .Values.kafka.auth.jksSecret) }} kafka: auth.kafka.jksSecret A secret containing the Schema Registry JKS files is required when TLS encryption in enabled diff --git a/charts/wasp-ws-reading-service/.helmignore b/charts/wasp-ws-reading-service/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/wasp-ws-reading-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/wasp-ws-reading-service/Chart.lock b/charts/wasp-ws-reading-service/Chart.lock index 67f4771d..d54cb986 100644 --- a/charts/wasp-ws-reading-service/Chart.lock +++ b/charts/wasp-ws-reading-service/Chart.lock @@ -1,6 +1,9 @@ dependencies: - name: kafka repository: https://charts.bitnami.com/bitnami - version: 20.0.5 -digest: sha256:7b64b5633bdd799f9b73157c2eba9edd918998952031ff5bd13d2fb27cd3830b -generated: "2023-01-24T10:13:21.759898Z" + version: 20.0.6 +- name: common + repository: https://charts.bitnami.com/bitnami + version: 2.2.3 +digest: sha256:e09ef4c860d8c62fa8b131797793c98af5bf85342f629fa624bf3a8b999e51c5 +generated: "2023-02-20T11:38:59.023932Z" diff --git a/charts/wasp-ws-reading-service/Chart.yaml b/charts/wasp-ws-reading-service/Chart.yaml index 19fee370..2e02cbea 100644 --- a/charts/wasp-ws-reading-service/Chart.yaml +++ b/charts/wasp-ws-reading-service/Chart.yaml @@ -1,16 +1,28 @@ +annotations: + category: wasp + licenses: Apache-2.0 apiVersion: v2 -name: wasp-ws-reading-service -appVersion: '0.1.0' -description: A Helm chart for wasp-ws-reading-service -version: '0.0.9' -type: application -maintainers: - - name: digicatapult - email: opensource@digicatapult.org.uk - url: www.digicatapult.org.uk - +appVersion: 0.1.1 dependencies: - - name: kafka - version: '20.x.x' + - condition: kafka.enabled + name: kafka + repository: https://charts.bitnami.com/bitnami + version: 20.x.x + - name: common repository: https://charts.bitnami.com/bitnami - condition: kafka.enabled + tags: + - bitnami-common + version: 2.x.x +description: The wasp-ws-reading-service is a component of the WASP (Wide-Area-Sensor-Platform), an IoT platform designed to normalise and consolidate data from multiple IoT data services into one place. +home: https://github.com/digicatapult/wasp-documentation +icon: https://raw.githubusercontent.com/digicatapult/wasp-documentation/main/assets/icon.png +keywords: + - IoT +maintainers: + - name: digicatapult # Digital Catapult + url: https://github.com/digicatapult/helm-charts + email: opensource@digicatapult.org.uk +name: wasp-ws-reading-service +sources: + - https://github.com/digicatapult/wasp-ws-reading-service +version: 1.0.0 diff --git a/charts/wasp-ws-reading-service/README.md b/charts/wasp-ws-reading-service/README.md new file mode 100644 index 00000000..82758e62 --- /dev/null +++ b/charts/wasp-ws-reading-service/README.md @@ -0,0 +1,323 @@ +# wasp-ws-reading-service + +The wasp-ws-reading-service is a component of the WASP (Wide-Area-Sensor-Platform), an IoT platform designed to normalise and consolidate data from multiple IoT data services into one place. The wasp-ws-reading-service is a websocket service for streaming readings to a client. See [https://github.com/digicatapult/wasp-documentation](https://github.com/digicatapult/wasp-documentation) for details. + +## TL;DR + +```console +$ helm repo add digicatapult https://digicatapult.github.io/helm-charts +$ helm install my-release digicatapult/wasp-ws-reading-service +``` + +## Introduction + +This chart bootstraps a [wasp-ws-reading-service](https://github.com/digicatapult/wasp-ws-reading-service/) deployment on a Kubernetes cluster using the [Helm](https://helm.sh/) package manager. + +## Prerequisites + +- Kubernetes 1.19+ +- Helm 3.2.0+ +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm repo add digicatapult https://digicatapult.github.io/helm-charts +$ helm install my-release digicatapult/wasp-ws-reading-service +``` + +The command deploys wasp-ws-reading-service on the Kubernetes cluster in the default configuration. The [Parameters](#parameters) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +helm delete my-releases +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Parameters + +### Global parameters + +| Name | Description | Value | +| ------------------------- | ----------------------------------------------- | ----- | +| `global.imageRegistry` | Global Docker image registry | `""` | +| `global.imagePullSecrets` | Global Docker registry secret names as an array | `[]` | +| `global.storageClass` | Global StorageClass for Persistent Volume(s) | `""` | + + +### Common parameters + +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------- | --------------- | +| `kubeVersion` | Override Kubernetes version | `""` | +| `nameOverride` | String to partially override common.names.name | `""` | +| `fullnameOverride` | String to fully override common.names.fullname | `""` | +| `namespaceOverride` | String to fully override common.names.namespace | `""` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `clusterDomain` | Kubernetes cluster domain name | `cluster.local` | +| `extraDeploy` | Array of extra objects to deploy with the release | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | + + +### WASP Event Service config parameters + +| Name | Description | Value | +| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------------------- | +| `logLevel` | Allowed values: error, warn, info, debug | `info` | +| `apiVersion` | Override api version presented by the service's OpenAPI specification | `""` | +| `kafkaJsLogLevel` | Allowed values: error, warn, info, debug | `error` | +| `readingsNotificationTopic` | Kafka topic to consume readings from | `reading-notifications` | +| `wsPingInterval` | Interval in milliseconds to send ping messages to the client | `500` | +| `image.registry` | wasp-ws-reading-service image registry | `docker.io` | +| `image.repository` | wasp-ws-reading-service image repository | `digicatapult/wasp-ws-reading-service` | +| `image.tag` | wasp-ws-reading-service image tag (immutable tags are recommended) | `v0.1.0` | +| `image.digest` | wasp-ws-reading-service image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `image.pullPolicy` | wasp-ws-reading-service image pull policy | `IfNotPresent` | +| `image.pullSecrets` | wasp-ws-reading-service image pull secrets | `[]` | +| `image.debug` | Enable wasp-ws-reading-service image debug mode | `false` | +| `replicaCount` | Number of wasp-ws-reading-service replicas to deploy | `1` | +| `containerPorts.http` | wasp-ws-reading-service HTTP container port | `3000` | +| `livenessProbe.enabled` | Enable livenessProbe on wasp-ws-reading-service containers | `true` | +| `livenessProbe.path` | Path for to check for livenessProbe | `/health` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on wasp-ws-reading-service containers | `true` | +| `readinessProbe.path` | Path for to check for readinessProbe | `/health` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on wasp-ws-reading-service containers | `false` | +| `startupProbe.path` | Path for to check for startupProbe | `/health` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `10` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resources.limits` | The resources limits for the wasp-ws-reading-service containers | `{}` | +| `resources.requests` | The requested resources for the wasp-ws-reading-service containers | `{}` | +| `podSecurityContext.enabled` | Enabled wasp-ws-reading-service pods' Security Context | `true` | +| `podSecurityContext.fsGroup` | Set wasp-ws-reading-service pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled wasp-ws-reading-service containers' Security Context | `true` | +| `containerSecurityContext.runAsUser` | Set wasp-ws-reading-service containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set wasp-ws-reading-service containers' Security Context runAsNonRoot | `true` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set wasp-ws-reading-service containers' Security Context runAsNonRoot | `false` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `hostAliases` | wasp-ws-reading-service pods host aliases | `[]` | +| `podLabels` | Extra labels for wasp-ws-reading-service pods | `{}` | +| `podAnnotations` | Annotations for wasp-ws-reading-service pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `autoscaling.enabled` | Enable autoscaling for wasp-ws-reading-service | `false` | +| `autoscaling.minReplicas` | Minimum number of wasp-ws-reading-service replicas | `""` | +| `autoscaling.maxReplicas` | Maximum number of wasp-ws-reading-service replicas | `""` | +| `autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for wasp-ws-reading-service pods assignment | `{}` | +| `nodeSelector` | Node labels for wasp-ws-reading-service pods assignment | `{}` | +| `tolerations` | Tolerations for wasp-ws-reading-service pods assignment | `[]` | +| `updateStrategy.type` | wasp-ws-reading-service statefulset strategy type | `RollingUpdate` | +| `priorityClassName` | wasp-ws-reading-service pods' priorityClassName | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `schedulerName` | Name of the k8s scheduler (other than default) for wasp-ws-reading-service pods | `""` | +| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `lifecycleHooks` | for the wasp-ws-reading-service container(s) to automate configuration before or after startup | `{}` | +| `extraEnvVars` | Array with extra environment variables to add to wasp-ws-reading-service nodes | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for wasp-ws-reading-service nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for wasp-ws-reading-service nodes | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the wasp-ws-reading-service pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the wasp-ws-reading-service container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the wasp-ws-reading-service pod(s) | `[]` | +| `initContainers` | Add additional init containers to the wasp-ws-reading-service pod(s) | `[]` | + + +### Traffic Exposure Parameters + +| Name | Description | Value | +| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `service.type` | wasp-ws-reading-service service type | `ClusterIP` | +| `service.ports.http` | wasp-ws-reading-service service HTTP port | `3000` | +| `service.nodePorts.http` | Node port for HTTP | `""` | +| `service.clusterIP` | wasp-ws-reading-service service Cluster IP | `""` | +| `service.loadBalancerIP` | wasp-ws-reading-service service Load Balancer IP | `""` | +| `service.loadBalancerSourceRanges` | wasp-ws-reading-service service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | wasp-ws-reading-service service external traffic policy | `Cluster` | +| `service.annotations` | Additional custom annotations for wasp-ws-reading-service service | `{}` | +| `service.extraPorts` | Extra ports to expose in wasp-ws-reading-service service (normally used with the `sidecars` value) | `[]` | +| `service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `ingress.enabled` | Enable ingress record generation for wasp-ws-reading-service | `true` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress record | `wasp-ws-reading-service.local` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.paths[0].path` | Default reading websocket Path | `/thing/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/dataset/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/reading` | +| `ingress.paths[0].pathType` | Default reading websocket PathType | `Prefix` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | + + +### Init Container Parameters + +| Name | Description | Value | +| -------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | --------------- | +| `initReadingNotifications.enable` | Initialise the reading-notifications topics as an init container | `true` | +| `initReadingNotifications.partitions` | Number of Partitions to create topic with | `30` | +| `initReadingNotifications.replicationFactor` | Replication factor for topic | `1` | +| `initReadingNotifications.image.registry` | Kafka image registry | `docker.io` | +| `initReadingNotifications.image.repository` | Kafka image repository | `bitnami/kafka` | +| `initReadingNotifications.image.tag` | Kafka image tag (immutable tags are recommended) | `3.3-debian-11` | +| `initReadingNotifications.image.digest` | Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) | `""` | +| `initReadingNotifications.image.pullPolicy` | Kafka image pull policy | `IfNotPresent` | +| `initReadingNotifications.image.pullSecrets` | Kafka image pull secrets | `[]` | + + +### Other Parameters + +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------- | ------ | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `true` | + + +### Kafka chart parameters + +| Name | Description | Value | +| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------- | -------------------- | +| `kafka.enabled` | Enable/disable Kafka chart installation | `true` | +| `kafka.replicaCount` | Number of Kafka brokers | `1` | +| `kafka.auth.clientProtocol` | Authentication protocol for communications with clients. Allowed protocols: plaintext, tls, mtls, sasl and sasl_tls | `plaintext` | +| `kafka.auth.interBrokerProtocol` | Authentication protocol for inter-broker communications. Allowed protocols: plaintext, tls, mtls, sasl and sasl_tls | `plaintext` | +| `kafka.auth.tls.existingSecrets` | Array existing secrets containing the TLS certificates for the Kafka brokers | `[]` | +| `kafka.auth.tls.password` | Password to access the JKS files or PEM key when they are password-protected. | `""` | +| `kafka.auth.tls.endpointIdentificationAlgorithm` | The endpoint identification algorithm to validate server hostname using server certificate | `https` | +| `kafka.auth.sasl.jaas.clientUsers` | Kafka client users for SASL authentication | `[]` | +| `kafka.auth.sasl.jaas.clientPasswords` | Kafka client passwords for SASL authentication | `[]` | +| `kafka.auth.sasl.jaas.interBrokerUser` | Kafka inter broker communication user for SASL authentication | `admin` | +| `kafka.auth.sasl.jaas.interBrokerPassword` | Kafka inter broker communication password for SASL authentication | `""` | +| `kafka.auth.sasl.jaas.zookeeperUser` | Kafka Zookeeper user for SASL authentication | `""` | +| `kafka.auth.sasl.jaas.zookeeperPassword` | Kafka Zookeeper password for SASL authentication | `""` | +| `kafka.auth.sasl.jaas.existingSecret` | Name of the existing secret containing credentials for brokerUser, interBrokerUser and zookeeperUser | `""` | +| `kafka.service.ports.client` | Kafka service port for client connections | `9092` | +| `kafka.zookeeper.enabled` | Enable/disable Zookeeper chart installation | `true` | +| `kafka.zookeeper.replicaCount` | Number of Zookeeper replicas | `1` | +| `kafka.zookeeper.auth` | Zookeeper auth settings | `{}` | +| `externalKafka.brokers` | Array of Kafka brokers to connect to. Format: protocol://broker_hostname:port | `["localhost:9092"]` | +| `externalKafka.auth.protocol` | Authentication protocol. Allowed protocols: plaintext, tls, sasl and sasl_tls | `plaintext` | +| `externalKafka.auth.jaas.user` | User for SASL authentication | `user` | +| `externalKafka.auth.jaas.password` | Password for SASL authentication | `""` | + + +## Configuration and installation details + +### [Rolling VS Immutable tags](https://docs.bitnami.com/containers/how-to/understand-rolling-tags-containers/) + +It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. + +Digital Catapult will release a new chart updating its containers if a new version of the main container, significant changes, or critical vulnerabilities exist. + +### Using an external Kafka + +Sometimes you may want to have Schema Registry connect to an external Kafka cluster rather than installing one as dependency. To do this, the chart allows you to specify credentials for an existing Kafka cluster under the [`externalKafka` parameter](#kafka-chart-parameters). You should also disable the Kafka installation with the `kafka.enabled` option. + +For example, use the parameters below to connect Schema Registry with an existing Kafka installation using SASL authentication: + +```console +kafka.enabled=false +externalKafka.brokers=SASL_PLAINTEXT://kafka-0.kafka-headless.default.svc.cluster.local:9092 +externalKafka.auth.protocol=sasl +externalKafka.auth.jaas.user=myuser +externalKafka.auth.jaas.password=mypassword +``` + +### Ingress + +This chart provides support for Ingress resources. If you have an ingress controller installed on your cluster, such as [nginx-ingress-controller](https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller) or [contour](https://github.com/bitnami/charts/tree/main/bitnami/contour) you can utilize the ingress controller to serve your application. + +To enable Ingress integration, set `ingress.enabled` to `true`. The `ingress.hostname` property can be used to set the host name. The `ingress.tls` parameter can be used to add the TLS configuration for this host. It is also possible to have more than one host, with a separate TLS configuration for each host. [Learn more about configuring and using Ingress](https://docs.bitnami.com/kubernetes/apps/wasp-ws-reading-service/configuration/configure-use-ingress/). + +### TLS secrets + +The chart also facilitates the creation of TLS secrets for use with the Ingress controller, with different options for certificate management. [Learn more about TLS secrets](https://docs.bitnami.com/kubernetes/apps/wasp-ws-reading-service/administration/enable-tls/). + +### Additional environment variables + +In case you want to add extra environment variables (useful for advanced operations like custom init scripts), you can use the `extraEnvVars` property. + +```yaml +extraEnvVars: + - name: LOG_LEVEL + value: error +``` + +Alternatively, you can use a ConfigMap or a Secret with the environment variables. To do so, use the `extraEnvVarsCM` or the `extraEnvVarsSecret` values. + +### Sidecars + +If additional containers are needed in the same pod as wasp-ws-reading-service (such as additional metrics or logging exporters), they can be defined using the `sidecars` parameter. If these sidecars export extra ports, extra port definitions can be added using the `service.extraPorts` parameter. [Learn more about configuring and using sidecar containers](https://docs.bitnami.com/kubernetes/apps/wasp-ws-reading-service/administration/configure-use-sidecars/). + +### Pod affinity + +This chart allows you to set your custom affinity using the `affinity` parameter. Find more information about Pod affinity in the [kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity). + +As an alternative, use one of the preset configurations for pod affinity, pod anti-affinity, and node affinity available at the [bitnami/common](https://github.com/bitnami/charts/tree/main/bitnami/common#affinities) chart. To do so, set the `podAffinityPreset`, `podAntiAffinityPreset`, or `nodeAffinityPreset` parameters. + +## Troubleshooting + +Find more information about how to deal with common errors related to Bitnami's Helm charts in [this troubleshooting guide](https://docs.bitnami.com/general/how-to/troubleshoot-helm-chart-issues). + +## License + +This chart is licensed under the Apache v2.0 license. + +Copyright © 2023 Digital Catapult + +### Attribution + +This chart is adapted from The [charts]((https://github.com/bitnami/charts)) provided by [Bitnami](https://bitnami.com/) which are licensed under the Apache v2.0 License which is reproduced here: + +``` +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +``` diff --git a/charts/wasp-ws-reading-service/ci/ct-values.yaml b/charts/wasp-ws-reading-service/ci/ct-values.yaml deleted file mode 100644 index 7ad1d5c3..00000000 --- a/charts/wasp-ws-reading-service/ci/ct-values.yaml +++ /dev/null @@ -1,4 +0,0 @@ -kafka: - enabled: true -config: - kafkaBrokers: null diff --git a/charts/wasp-ws-reading-service/templates/NOTES.txt b/charts/wasp-ws-reading-service/templates/NOTES.txt new file mode 100644 index 00000000..c5e0d713 --- /dev/null +++ b/charts/wasp-ws-reading-service/templates/NOTES.txt @@ -0,0 +1,59 @@ +CHART NAME: {{ .Chart.Name }} +CHART VERSION: {{ .Chart.Version }} +APP VERSION: {{ .Chart.AppVersion }} + +** Please be patient while the chart is being deployed ** + +{{- if .Values.diagnosticMode.enabled }} +The chart has been deployed in diagnostic mode. All probes have been disabled and the command has been overwritten with: + + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 4 }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 4 }} + +Get the list of pods by executing: + + kubectl get pods --namespace {{ include "common.names.namespace" . | quote }} -l app.kubernetes.io/instance={{ .Release.Name }} + +Access the pod you want to debug by executing + + kubectl exec --namespace {{ include "common.names.namespace" . | quote }} -ti -- bash + +In order to replicate the container startup scripts execute this command: + + node ./app/index.js + +{{- else }} + +1. Get a wasp-ws-reading-service URL by running these commands: + +{{- if contains "NodePort" .Values.service.type }} + + export NODE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "common.names.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo "http://${NODE_IP}:${NODE_PORT}" + +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ include "common.names.namespace" . }} svc -w {{ template "common.names.fullname" . }}' + + export SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].port}" services {{ template "common.names.fullname" . }}) + export SERVICE_IP=$(kubectl get svc --namespace {{ include "common.names.namespace" . }} {{ template "common.names.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo "http://${SERVICE_IP}:${SERVICE_PORT}" + +{{- else if contains "ClusterIP" .Values.service.type }} + + export SERVICE_PORT=$(kubectl get --namespace {{ include "common.names.namespace" . }} -o jsonpath="{.spec.ports[0].port}" services {{ template "common.names.fullname" . }}) + kubectl port-forward --namespace {{ include "common.names.namespace" . }} svc/{{ template "common.names.fullname" . }} ${SERVICE_PORT}:${SERVICE_PORT} & + echo "http://127.0.0.1:${SERVICE_PORT}" + +{{- end }} + +2. Access wasp-ws-reading-service using the obtained URL. For example for the ClusterIP url http://127.0.0.1:3000: + +curl http://127.0.0.1:3000/health + +{{- end }} + +{{- include "common.warnings.rollingTag" .Values.image }} +{{- include "wasp-ws-reading-service.validateValues" . }} diff --git a/charts/wasp-ws-reading-service/templates/_helpers.tpl b/charts/wasp-ws-reading-service/templates/_helpers.tpl index 3267e1f5..51fb4a24 100644 --- a/charts/wasp-ws-reading-service/templates/_helpers.tpl +++ b/charts/wasp-ws-reading-service/templates/_helpers.tpl @@ -1,78 +1,141 @@ + {{/* -Create name to be used with deployment. +Return the proper wasp-ws-reading-service image name */}} -{{- define "wasp-ws-reading-service.fullname" -}} - {{- if .Values.fullnameOverride -}} - {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- $name := default .Chart.Name .Values.nameOverride -}} - {{- if contains $name .Release.Name -}} - {{- .Release.Name | trunc 63 | trimSuffix "-" -}} - {{- else -}} - {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} - {{- end -}} - {{- end -}} +{{- define "wasp-ws-reading-service.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }} {{- end -}} {{/* -Create chart name and version as used by the chart label. +Return the proper Docker Image Registry Secret Names */}} -{{- define "wasp-ws-reading-service.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} +{{- define "wasp-ws-reading-service.imagePullSecrets" -}} +{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.initReadingNotifications.image ) "global" .Values.global) -}} +{{- end -}} {{/* -Selector labels +Create the name of the service account to use */}} -{{- define "wasp-ws-reading-service.selectorLabels" -}} -app.kubernetes.io/name: {{ include "wasp-ws-reading-service.fullname" . }} -{{- end }} +{{- define "wasp-ws-reading-service.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "common.names.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} {{/* -Common labels +Create a default fully qualified app name for Kafka subchart +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} -{{- define "wasp-ws-reading-service.labels" -}} -helm.sh/chart: {{ include "wasp-ws-reading-service.chart" . }} -{{ include "wasp-ws-reading-service.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} +{{- define "wasp-ws-reading-service.kafka.fullname" -}} +{{- if .Values.kafka.fullnameOverride -}} +{{- .Values.kafka.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default "kafka" .Values.kafka.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} {{/* -Conditionally populate imagePullSecrets if present in the context +Return the type of listener +Usage: +{{ include "wasp-ws-reading-service.kafka.listenerType" ( dict "protocol" .Values.path.to.the.Value ) }} */}} -{{- define "wasp-ws-reading-service.imagePullSecrets" -}} - {{- if (not (empty .Values.image.pullSecrets)) }} -imagePullSecrets: - {{- range .Values.image.pullSecrets }} - - name: {{ . }} - {{- end }} - {{- end }} +{{- define "wasp-ws-reading-service.kafka.listenerType" -}} +{{- if eq .protocol "plaintext" -}} +PLAINTEXT +{{- else if or (eq .protocol "tls") (eq .protocol "mtls") -}} +SSL +{{- else if eq .protocol "sasl_tls" -}} +SASL_SSL +{{- else if eq .protocol "sasl" -}} +SASL_PLAINTEXT +{{- end -}} {{- end -}} {{/* -Create a default fully qualified kafka broker name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +Create a comma separated list of kafka brokers to be used as the brokers list */}} {{- define "wasp-ws-reading-service.kafka.brokers" -}} -{{- if .Values.config.kafkaBrokers -}} -{{ .Values.config.kafkaBrokers | trunc 63 | trimSuffix "-" -}} -{{- else if not ( .Values.kafka.enabled ) -}} -{{ fail "Kafka brokers must either be configured or a kafka instance enabled" }} -{{- else if .Values.kafka.fullnameOverride -}} -{{- printf "%s:9092" .Values.kafka.fullnameOverride -}} +{{- $releaseNamespace := .Release.Namespace -}} +{{- $clusterDomain := .Values.clusterDomain -}} +{{- $kafkaReplicaCount := int .Values.kafka.replicaCount -}} +{{- $kafkaFullname := include "wasp-ws-reading-service.kafka.fullname" . -}} +{{- $kafkaPort := int .Values.kafka.service.ports.client -}} +{{- if .Values.kafka.enabled -}} +{{- $brokers := list -}} +{{- range $e, $i := until $kafkaReplicaCount -}} +{{- $brokers = append $brokers (printf "%s-%d.%s-headless.%s.svc.%s:%d" $kafkaFullname $i $kafkaFullname $releaseNamespace $clusterDomain $kafkaPort) -}} +{{- end -}} +{{- join "," $brokers | quote -}} {{- else -}} -{{- $name := default "kafka" .Values.kafka.nameOverride -}} -{{- printf "%s-%s:9092" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- join "," .Values.externalKafka.brokers | quote -}} {{- end -}} {{- end -}} -{{- define "wasp-ws-reading-service.initNotifications.name" -}} -{{- if .Values.fullnameOverride -}} -{{- printf "%s-ws-readings" .Values.fullnameOverride | lower | trunc 63 | trimSuffix "-" -}} +{{/* +Kafka broker to be used to bootstrap initialisation +*/}} +{{- define "wasp-ws-reading-service.kafka.bootstrapBroker" -}} +{{- $releaseNamespace := .Release.Namespace -}} +{{- $clusterDomain := .Values.clusterDomain -}} +{{- $kafkaFullname := include "wasp-ws-reading-service.kafka.fullname" . -}} +{{- $kafkaPort := int .Values.kafka.service.ports.client -}} +{{- if .Values.kafka.enabled -}} +{{- printf "%s-%d.%s-headless.%s.svc.%s:%d" $kafkaFullname 0 $kafkaFullname $releaseNamespace $clusterDomain $kafkaPort -}} {{- else -}} -{{- printf "%s-%s-ws-readings" .Release.Name .Chart.Name | lower | trunc 63 | trimSuffix "-" -}} +{{- first .Values.externalKafka.brokers -}} +{{- end -}} +{{- end -}} + +{{/* +Return the proper init container image name +*/}} +{{- define "wasp-ws-reading-service.initReadingNotifications.image" -}} +{{ include "common.images.image" (dict "imageRoot" .Values.initReadingNotifications.image "global" .Values.global) }} +{{- end -}} + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "wasp-ws-reading-service.validateValues" -}} +{{- $messages := list -}} +{{- $messages := append $messages (include "wasp-ws-reading-service.validateValues.authentication.sasl" .) -}} +{{- $messages := append $messages (include "wasp-ws-reading-service.validateValues.authentication.tls" .) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALUES VALIDATION:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* Validate values of Schema Registry - SASL authentication */}} +{{- define "wasp-ws-reading-service.validateValues.authentication.sasl" -}} +{{- $kafkaProtocol := include "wasp-ws-reading-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- if .Values.kafka.enabled }} +{{- if and (contains "SASL" $kafkaProtocol) (or (not .Values.kafka.auth.sasl.jaas.clientUsers) (not .Values.kafka.auth.sasl.jaas.clientPasswords)) }} +wasp-ws-reading-service: kafka.auth.jaas.clientUsers kafka.auth.jaas.clientPasswords + It's mandatory to set the SASL credentials when enabling SASL authentication with Kafka brokers. + You can specify these credentials setting the parameters below: + - kafka.auth.jaas.clientUsers + - kafka.auth.jaas.clientPasswords +{{- end }} +{{- else if and (contains "SASL" $kafkaProtocol) (or (not .Values.externalKafka.auth.jaas.user) (not .Values.externalKafka.auth.jaas.password)) }} +wasp-ws-reading-service: externalKafka.auth.jaas.user externalKafka.auth.jaas.password + It's mandatory to set the SASL credentials when enabling SASL authentication with Kafka brokers. + You can specify these credentials setting the parameters below: + - externalKafka.auth.jaas.user + - externalKafka.auth.jaas.password +{{- end -}} +{{- end -}} + +{{/* Validate values of Schema Registry - TLS authentication */}} +{{- define "wasp-ws-reading-service.validateValues.authentication.tls" -}} +{{- $kafkaProtocol := include "wasp-ws-reading-service.kafka.listenerType" ( dict "protocol" (ternary .Values.kafka.auth.clientProtocol .Values.externalKafka.auth.protocol .Values.kafka.enabled) ) -}} +{{- if and (contains "SSL" $kafkaProtocol) (not .Values.kafka.auth.jksSecret) }} +kafka: auth.kafka.jksSecret + A secret containing the Schema Registry JKS files is required when TLS encryption in enabled +{{- end -}} {{- end -}} -{{- end -}} \ No newline at end of file diff --git a/charts/wasp-ws-reading-service/templates/configmap.yaml b/charts/wasp-ws-reading-service/templates/configmap.yaml deleted file mode 100644 index ced6c2a2..00000000 --- a/charts/wasp-ws-reading-service/templates/configmap.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - labels: - {{- include "wasp-ws-reading-service.labels" . | nindent 4 }} -data: - port: {{ .Values.config.port | quote }} - logLevel: {{ .Values.config.logLevel }} - wsPingIntervalMs: {{ .Values.config.wsPingIntervalMs | quote }} - kafkaLogLevel: {{ .Values.config.kafkaLogLevel }} - kafkaBrokers: {{ include "wasp-ws-reading-service.kafka.brokers" . }} - kafkaNotificationReadingsTopic: {{ .Values.config.kafkaNotificationReadingsTopic }} - notificationsReplicationFactor: {{ .Values.config.notificationsReplicationFactor | quote}} - notificationsPartitions: {{ .Values.config.notificationsPartitions | quote}} diff --git a/charts/wasp-ws-reading-service/templates/deployment.yaml b/charts/wasp-ws-reading-service/templates/deployment.yaml index 29775b9b..89a09025 100644 --- a/charts/wasp-ws-reading-service/templates/deployment.yaml +++ b/charts/wasp-ws-reading-service/templates/deployment.yaml @@ -1,70 +1,184 @@ -apiVersion: apps/v1 +apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} kind: Deployment metadata: - name: {{ include "wasp-ws-reading-service.fullname" . }} - labels: - {{- include "wasp-ws-reading-service.labels" . | nindent 4 }} + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} spec: + {{- if not .Values.autoscaling.enabled }} + replicas: {{ .Values.replicaCount }} + {{- end }} + {{- if .Values.updateStrategy }} + strategy: {{- toYaml .Values.updateStrategy | nindent 4 }} + {{- end }} selector: - matchLabels: - name: {{ include "wasp-ws-reading-service.fullname" . }} + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: wasp-ws-reading-service template: metadata: - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} - labels: - name: {{ include "wasp-ws-reading-service.fullname" . }} + {{- if .Values.podAnnotations }} + annotations: {{- include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) | nindent 8 }} + {{- end }} + labels: {{- include "common.labels.standard" . | nindent 8 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" .Values.podLabels "context" $) | nindent 8 }} + {{- end }} spec: - {{- include "wasp-ws-reading-service.imagePullSecrets" . | indent 6 }} + serviceAccountName: {{ template "wasp-ws-reading-service.serviceAccountName" . }} + {{- include "wasp-ws-reading-service.imagePullSecrets" . | nindent 6 }} + {{- if .Values.hostAliases }} + hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }} + {{- else }} + affinity: + podAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAffinityPreset "component" "wasp-ws-reading-service" "context" $) | nindent 10 }} + podAntiAffinity: {{- include "common.affinities.pods" (dict "type" .Values.podAntiAffinityPreset "component" "wasp-ws-reading-service" "context" $) | nindent 10 }} + nodeAffinity: {{- include "common.affinities.nodes" (dict "type" .Values.nodeAffinityPreset.type "key" .Values.nodeAffinityPreset.key "values" .Values.nodeAffinityPreset.values) | nindent 10 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: {{- include "common.tplvalues.render" ( dict "value" .Values.nodeSelector "context" $) | nindent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: {{- include "common.tplvalues.render" (dict "value" .Values.tolerations "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.schedulerName }} + schedulerName: {{ .Values.schedulerName | quote }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" .) | nindent 8 }} + {{- end }} + {{- if .Values.podSecurityContext.enabled }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + {{- if or .Values.initContainers .Values.initReadingNotifications.enable }} initContainers: - - name: {{ include "wasp-ws-reading-service.initNotifications.name" . }} - image: {{ .Values.kafkaInit.repository }}:{{ .Values.kafkaInit.tag }} - envFrom: - - configMapRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config + {{- if .Values.initReadingNotifications.enable}} + - name: assert-reading-notifications + image: {{ template "wasp-ws-reading-service.initReadingNotifications.image" . }} + imagePullPolicy: {{ .Values.initReadingNotifications.image.pullPolicy }} + env: + - name: KAFKA_BROKER + value: {{ include "wasp-ws-reading-service.kafka.bootstrapBroker" . }} + - name: TOPIC + value: {{ .Values.readingsNotificationTopic }} + - name: PARTITIONS + value: {{ .Values.initReadingNotifications.partitions | quote }} + - name: REPLICATION_FACTOR + value: {{ .Values.initReadingNotifications.replicationFactor | quote }} command: ['/bin/sh', '-c'] - args: ['/opt/bitnami/kafka/bin/kafka-topics.sh --create --topic $(kafkaNotificationReadingsTopic) --bootstrap-server=$(kafkaBrokers) --partitions $(notificationsPartitions) --replication-factor $(notificationsReplicationFactor) --if-not-exists'] + args: ['/opt/bitnami/kafka/bin/kafka-topics.sh --create --topic $(TOPIC) --bootstrap-server=$(KAFKA_BROKER) --partitions $(PARTITIONS) --replication-factor $(REPLICATION_FACTOR) --if-not-exists'] + {{- end }} + {{- if .Values.initContainers }} + {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} + {{- end }} + {{- end }} containers: - - name: {{ include "wasp-ws-reading-service.fullname" . }} - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy | quote }} - livenessProbe: - httpGet: - path: /health - port: {{ .Values.config.port }} - initialDelaySeconds: 15 - timeoutSeconds: 3 - periodSeconds: 5 + - name: wasp-ws-reading-service + image: {{ template "wasp-ws-reading-service.image" . }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }} + {{- else if .Values.command }} + command: {{- include "common.tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.diagnosticMode.enabled }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }} + {{- else if .Values.args }} + args: {{- include "common.tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- end }} env: + - name: WASP_DEBUG + value: {{ ternary "true" "false" (or .Values.image.debug .Values.diagnosticMode.enabled) | quote }} - name: PORT - valueFrom: - configMapKeyRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - key: port - - name: LOG_LEVEL - valueFrom: - configMapKeyRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - key: logLevel + value: {{ .Values.containerPorts.http | quote }} + {{- if .Values.apiVersion }} + - name: API_VERSION + value: {{ .Values.apiVersion }} + {{- end }} + {{- if .Values.apiOffsetLimit }} - name: WS_PING_INTERVAL_MS - valueFrom: - configMapKeyRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - key: wsPingIntervalMs + value: {{ .Values.wsPingInterval | quote }} + {{- end }} - name: KAFKA_LOG_LEVEL - valueFrom: - configMapKeyRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - key: kafkaLogLevel + value: {{ .Values.kafkaJsLogLevel }} - name: KAFKA_BROKERS - valueFrom: - configMapKeyRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - key: kafkaBrokers - - name: KAFKA_NOTIFICATION_READINGS_TOPIC - valueFrom: - configMapKeyRef: - name: {{ include "wasp-ws-reading-service.fullname" . }}-config - key: kafkaNotificationReadingsTopic - + value: {{ include "wasp-ws-reading-service.kafka.brokers" . }} + - name: KAFKA_NOTIFICATIONS_EVENT_TOPIC + value: {{ .Values.readingsNotificationTopic }} + {{- if .Values.extraEnvVars }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }} + {{- end }} + envFrom: + {{- if .Values.extraEnvVarsCM }} + - configMapRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsCM "context" $) }} + {{- end }} + {{- if .Values.extraEnvVarsSecret }} + - secretRef: + name: {{ include "common.tplvalues.render" (dict "value" .Values.extraEnvVarsSecret "context" $) }} + {{- end }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} + {{- end }} + ports: + - name: http + containerPort: {{ .Values.containerPorts.http }} + {{- if not .Values.diagnosticMode.enabled }} + {{- if .Values.customLivenessProbe }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.livenessProbe.enabled }} + livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.livenessProbe "enabled" "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.livenessProbe.path }} + port: http + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} + readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.readinessProbe "enabled" "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.readinessProbe.path }} + port: http + {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} + startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.startupProbe "enabled" "path") "context" $) | nindent 12 }} + httpGet: + path: {{ .Values.startupProbe.path }} + port: http + {{- end }} + {{- end }} + {{- if .Values.lifecycleHooks }} + lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} + {{- end }} + volumeMounts: + {{- if .Values.extraVolumeMounts }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} + {{- end }} + {{- if .Values.sidecars }} + {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.extraVolumes }} + {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} + {{- end }} diff --git a/charts/wasp-ws-reading-service/templates/extra-list.yaml b/charts/wasp-ws-reading-service/templates/extra-list.yaml new file mode 100644 index 00000000..9ac65f9e --- /dev/null +++ b/charts/wasp-ws-reading-service/templates/extra-list.yaml @@ -0,0 +1,4 @@ +{{- range .Values.extraDeploy }} +--- +{{ include "common.tplvalues.render" (dict "value" . "context" $) }} +{{- end }} diff --git a/charts/wasp-ws-reading-service/templates/hpa.yaml b/charts/wasp-ws-reading-service/templates/hpa.yaml new file mode 100644 index 00000000..314888eb --- /dev/null +++ b/charts/wasp-ws-reading-service/templates/hpa.yaml @@ -0,0 +1,47 @@ +{{- if .Values.autoscaling.enabled }} +apiVersion: {{ include "common.capabilities.hpa.apiVersion" . }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + scaleTargetRef: + apiVersion: {{ include "common.capabilities.deployment.apiVersion" . }} + kind: Deployment + name: {{ include "common.names.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetMemory }} + - type: Resource + resource: + name: memory + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemory }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetCPU }} + - type: Resource + resource: + name: cpu + {{- if semverCompare "<1.23-0" (include "common.capabilities.kubeVersion" .) }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- else }} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPU }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wasp-ws-reading-service/templates/ingress.yaml b/charts/wasp-ws-reading-service/templates/ingress.yaml index 166d959c..ab6d3f2f 100644 --- a/charts/wasp-ws-reading-service/templates/ingress.yaml +++ b/charts/wasp-ws-reading-service/templates/ingress.yaml @@ -1,25 +1,70 @@ -{{- $fullName := include "wasp-ws-reading-service.fullname" . -}} - {{- $ingressPaths := .Values.ingress.paths -}} -apiVersion: networking.k8s.io/v1 +{{- if .Values.ingress.enabled }} +apiVersion: {{ include "common.capabilities.ingress.apiVersion" . }} kind: Ingress metadata: - name: {{ $fullName }} - labels: - {{- include "wasp-ws-reading-service.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.ingress.annotations .Values.commonAnnotations }} annotations: - {{- toYaml . | nindent 4 }} + {{- if .Values.ingress.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.ingress.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} {{- end }} spec: + {{- if and .Values.ingress.ingressClassName (eq "true" (include "common.ingress.supportsIngressClassname" .)) }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + {{- end }} rules: - - http: + {{- if .Values.ingress.hostname }} + - host: {{ .Values.ingress.hostname }} + http: paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} {{- range .Values.ingress.paths }} - - pathType: Prefix - path: {{ . }} - backend: - service: - name: {{ $fullName }} - port: - number: 80 + - path: {{ .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} + {{- end }} + {{- end }} + {{- range .Values.ingress.extraHosts }} + - host: {{ .name | quote }} + http: + paths: + {{- if .Values.ingress.extraPaths }} + {{- toYaml .Values.ingress.extraPaths | nindent 10 }} + {{- end }} + {{- range .paths }} + - path: {{ .path }} + {{- if eq "true" (include "common.ingress.supportsPathType" $) }} + pathType: {{ default "ImplementationSpecific" .pathType }} + {{- end }} + backend: {{- include "common.ingress.backend" (dict "serviceName" (include "common.names.fullname" $) "servicePort" "http" "context" $) | nindent 14 }} {{- end }} + {{- end }} + {{- if .Values.ingress.extraRules }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraRules "context" $) | nindent 4 }} + {{- end }} + {{- if or (and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned)) .Values.ingress.extraTls }} + tls: + {{- if and .Values.ingress.tls (or (include "common.ingress.certManagerRequest" ( dict "annotations" .Values.ingress.annotations )) .Values.ingress.selfSigned) }} + - hosts: + - {{ .Values.ingress.hostname | quote }} + secretName: {{ printf "%s-tls" .Values.ingress.hostname }} + {{- end }} + {{- if .Values.ingress.extraTls }} + {{- include "common.tplvalues.render" (dict "value" .Values.ingress.extraTls "context" $) | nindent 4 }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/wasp-ws-reading-service/templates/pdb.yaml b/charts/wasp-ws-reading-service/templates/pdb.yaml new file mode 100644 index 00000000..8348dfe6 --- /dev/null +++ b/charts/wasp-ws-reading-service/templates/pdb.yaml @@ -0,0 +1,26 @@ +{{- $replicaCount := int .Values.replicaCount }} +{{- if and .Values.pdb.create (or (gt $replicaCount 1) .Values.autoscaling.enabled) }} +apiVersion: {{ include "common.capabilities.policy.apiVersion" . }} +kind: PodDisruptionBudget +metadata: + name: {{ include "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: {{- include "common.labels.matchLabels" . | nindent 6 }} + app.kubernetes.io/component: wasp-ws-reading-service +{{- end }} diff --git a/charts/wasp-ws-reading-service/templates/secret.yaml b/charts/wasp-ws-reading-service/templates/secret.yaml deleted file mode 100644 index 016bba75..00000000 --- a/charts/wasp-ws-reading-service/templates/secret.yaml +++ /dev/null @@ -1,7 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "wasp-ws-reading-service.fullname" . }}-secret - labels: - {{- include "wasp-ws-reading-service.labels" . | nindent 4 }} -data: {} diff --git a/charts/wasp-ws-reading-service/templates/service-account.yaml b/charts/wasp-ws-reading-service/templates/service-account.yaml new file mode 100644 index 00000000..04b770fc --- /dev/null +++ b/charts/wasp-ws-reading-service/templates/service-account.yaml @@ -0,0 +1,22 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "wasp-ws-reading-service.serviceAccountName" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.serviceAccount.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.serviceAccount.annotations }} + {{- include "common.tplvalues.render" (dict "value" .Values.serviceAccount.annotations "context" $) | nindent 4 }} + {{- end }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/wasp-ws-reading-service/templates/service.yaml b/charts/wasp-ws-reading-service/templates/service.yaml index cc5e7cbd..872bba7b 100644 --- a/charts/wasp-ws-reading-service/templates/service.yaml +++ b/charts/wasp-ws-reading-service/templates/service.yaml @@ -1,14 +1,53 @@ -{{- $fullName := include "wasp-ws-reading-service.fullname" . -}} apiVersion: v1 kind: Service metadata: - name: wasp-ws-reading-service - labels: - {{- include "wasp-ws-reading-service.labels" . | nindent 4 }} + name: {{ template "common.names.fullname" . }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} spec: - selector: - name: {{ include "wasp-ws-reading-service.fullname" . }} + type: {{ .Values.service.type }} + {{- if and .Values.service.clusterIP (eq .Values.service.type "ClusterIP") }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if .Values.service.sessionAffinity }} + sessionAffinity: {{ .Values.service.sessionAffinity }} + {{- end }} + {{- if .Values.service.sessionAffinityConfig }} + sessionAffinityConfig: {{- include "common.tplvalues.render" (dict "value" .Values.service.sessionAffinityConfig "context" $) | nindent 4 }} + {{- end }} + {{- if or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort") }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy | quote }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerSourceRanges)) }} + loadBalancerSourceRanges: {{ .Values.service.loadBalancerSourceRanges }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP)) }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} ports: - - protocol: 'TCP' - port: 80 - targetPort: {{ .Values.config.port }} + - name: http + port: {{ .Values.service.ports.http }} + protocol: TCP + {{- if and (or (eq .Values.service.type "NodePort") (eq .Values.service.type "LoadBalancer")) (not (empty .Values.service.nodePorts.http)) }} + nodePort: {{ .Values.service.nodePorts.http }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "common.tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} + selector: {{- include "common.labels.matchLabels" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service diff --git a/charts/wasp-ws-reading-service/templates/tls-secret.yaml b/charts/wasp-ws-reading-service/templates/tls-secret.yaml new file mode 100644 index 00000000..98495893 --- /dev/null +++ b/charts/wasp-ws-reading-service/templates/tls-secret.yaml @@ -0,0 +1,46 @@ +{{- if .Values.ingress.enabled }} +{{- if .Values.ingress.secrets }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + namespace: {{ include "common.names.namespace" $ | quote }} + labels: {{- include "common.labels.standard" $ | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if $.Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" $.Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if $.Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" $.Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +--- +{{- end }} +{{- end }} +{{- if and .Values.ingress.tls .Values.ingress.selfSigned }} +{{- $ca := genCA "wasp-ws-reading-service-ca" 365 }} +{{- $cert := genSignedCert .Values.ingress.hostname nil (list .Values.ingress.hostname) 365 $ca }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-tls" .Values.ingress.hostname }} + namespace: {{ include "common.names.namespace" . | quote }} + labels: {{- include "common.labels.standard" . | nindent 4 }} + app.kubernetes.io/component: wasp-ws-reading-service + {{- if .Values.commonLabels }} + {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} +type: kubernetes.io/tls +data: + tls.crt: {{ $cert.Cert | b64enc | quote }} + tls.key: {{ $cert.Key | b64enc | quote }} + ca.crt: {{ $ca.Cert | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/charts/wasp-ws-reading-service/values.yaml b/charts/wasp-ws-reading-service/values.yaml index e6b740e7..8533c9b7 100644 --- a/charts/wasp-ws-reading-service/values.yaml +++ b/charts/wasp-ws-reading-service/values.yaml @@ -1,24 +1,713 @@ -kafka: +## @section Global parameters +## Global Docker image parameters +## Please, note that this will override the image parameters, including dependencies, configured to use the global value +## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass +## + +## @param global.imageRegistry Global Docker image registry +## @param global.imagePullSecrets Global Docker registry secret names as an array +## @param global.storageClass Global StorageClass for Persistent Volume(s) +## +global: + imageRegistry: "" + ## E.g. + ## imagePullSecrets: + ## - myRegistryKeySecretName + ## + imagePullSecrets: [] + storageClass: "" + +## @section Common parameters +## + +## @param kubeVersion Override Kubernetes version +## +kubeVersion: "" +## @param nameOverride String to partially override common.names.name +## +nameOverride: "" +## @param fullnameOverride String to fully override common.names.fullname +## +fullnameOverride: "" +## @param namespaceOverride String to fully override common.names.namespace +## +namespaceOverride: "" +## @param commonLabels Labels to add to all deployed objects +## +commonLabels: {} +## @param commonAnnotations Annotations to add to all deployed objects +## +commonAnnotations: {} +## @param clusterDomain Kubernetes cluster domain name +## +clusterDomain: cluster.local +## @param extraDeploy Array of extra objects to deploy with the release +## +extraDeploy: [] + +## Enable diagnostic mode in the deployment +## +diagnosticMode: + ## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden) + ## enabled: false -config: - port: 80 - logLevel: info - wsPingIntervalMs: 500 - kafkaLogLevel: 'nothing' - kafkaBrokers: 'kafka:9092' - kafkaNotificationReadingsTopic: reading-notifications - notificationsReplicationFactor: 1 - notificationsPartitions: 5 + ## @param diagnosticMode.command Command to override all containers in the deployment + ## + command: + - sleep + ## @param diagnosticMode.args Args to override all containers in the deployment + ## + args: + - infinity + +## @section WASP Event Service config parameters +## + +## @param logLevel Allowed values: error, warn, info, debug +## +logLevel: "info" +## @param apiVersion Override api version presented by the service's OpenAPI specification +## +apiVersion: "" +## @param kafkaJsLogLevel Allowed values: error, warn, info, debug +## +kafkaJsLogLevel: "error" +## @param readingsNotificationTopic Kafka topic to consume readings from +## +readingsNotificationTopic: reading-notifications +## @param wsPingInterval Interval in milliseconds to send ping messages to the client +## +wsPingInterval: 500 + + +## Digital Catapult wasp-ws-reading-service image +## ref: https://hub.docker.com/r/digicatapult/wasp-ws-reading-service/tags/ +## @param image.registry wasp-ws-reading-service image registry +## @param image.repository wasp-ws-reading-service image repository +## @param image.tag wasp-ws-reading-service image tag (immutable tags are recommended) +## @param image.digest wasp-ws-reading-service image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) +## @param image.pullPolicy wasp-ws-reading-service image pull policy +## @param image.pullSecrets wasp-ws-reading-service image pull secrets +## @param image.debug Enable wasp-ws-reading-service image debug mode +## image: + registry: docker.io repository: digicatapult/wasp-ws-reading-service + tag: v0.1.1 + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## pullPolicy: IfNotPresent - tag: 'v0.1.0' -kafkaInit: - repository: bitnami/kafka - tag: '3.3-debian-11' + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + ## Enable debug mode + ## + debug: false +## @param replicaCount Number of wasp-ws-reading-service replicas to deploy +## +replicaCount: 1 +## @param containerPorts.http wasp-ws-reading-service HTTP container port +## +containerPorts: + http: 3000 +## Configure extra options for wasp-ws-reading-service containers' liveness and readiness probes +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes +## @param livenessProbe.enabled Enable livenessProbe on wasp-ws-reading-service containers +## @param livenessProbe.path Path for to check for livenessProbe +## @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +## @param livenessProbe.periodSeconds Period seconds for livenessProbe +## @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +## @param livenessProbe.failureThreshold Failure threshold for livenessProbe +## @param livenessProbe.successThreshold Success threshold for livenessProbe +## +livenessProbe: + enabled: true + path: /health + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + successThreshold: 1 +## @param readinessProbe.enabled Enable readinessProbe on wasp-ws-reading-service containers +## @param readinessProbe.path Path for to check for readinessProbe +## @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +## @param readinessProbe.periodSeconds Period seconds for readinessProbe +## @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +## @param readinessProbe.failureThreshold Failure threshold for readinessProbe +## @param readinessProbe.successThreshold Success threshold for readinessProbe +## +readinessProbe: + enabled: true + path: /health + initialDelaySeconds: 5 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 5 + successThreshold: 1 +## @param startupProbe.enabled Enable startupProbe on wasp-ws-reading-service containers +## @param startupProbe.path Path for to check for startupProbe +## @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +## @param startupProbe.periodSeconds Period seconds for startupProbe +## @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +## @param startupProbe.failureThreshold Failure threshold for startupProbe +## @param startupProbe.successThreshold Success threshold for startupProbe +## +startupProbe: + enabled: false + path: /health + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 10 + successThreshold: 1 +## @param customLivenessProbe Custom livenessProbe that overrides the default one +## +customLivenessProbe: {} +## @param customReadinessProbe Custom readinessProbe that overrides the default one +## +customReadinessProbe: {} +## @param customStartupProbe Custom startupProbe that overrides the default one +## +customStartupProbe: {} +## wasp-ws-reading-service resource requests and limits +## ref: http://kubernetes.io/docs/user-guide/compute-resources/ +## @param resources.limits The resources limits for the wasp-ws-reading-service containers +## @param resources.requests The requested resources for the wasp-ws-reading-service containers +## +resources: + limits: {} + requests: {} +## Configure Pods Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod +## @param podSecurityContext.enabled Enabled wasp-ws-reading-service pods' Security Context +## @param podSecurityContext.fsGroup Set wasp-ws-reading-service pod's Security Context fsGroup +## +podSecurityContext: + enabled: true + fsGroup: 1001 +## Configure Container Security Context +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container +## @param containerSecurityContext.enabled Enabled wasp-ws-reading-service containers' Security Context +## @param containerSecurityContext.runAsUser Set wasp-ws-reading-service containers' Security Context runAsUser +## @param containerSecurityContext.runAsNonRoot Set wasp-ws-reading-service containers' Security Context runAsNonRoot +## @param containerSecurityContext.readOnlyRootFilesystem Set wasp-ws-reading-service containers' Security Context runAsNonRoot +## +containerSecurityContext: + enabled: true + runAsUser: 1001 + runAsNonRoot: true + readOnlyRootFilesystem: false + +## @param command Override default container command (useful when using custom images) +## +command: [] +## @param args Override default container args (useful when using custom images) +## +args: [] +## @param hostAliases wasp-ws-reading-service pods host aliases +## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ +## +hostAliases: [] +## @param podLabels Extra labels for wasp-ws-reading-service pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ +## +podLabels: {} +## @param podAnnotations Annotations for wasp-ws-reading-service pods +## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ +## +podAnnotations: {} +## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAffinityPreset: "" +## @param podAntiAffinityPreset Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity +## +podAntiAffinityPreset: soft +## Pod Disruption Budget configuration +## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb +## @param pdb.create Enable/disable a Pod Disruption Budget creation +## @param pdb.minAvailable Minimum number/percentage of pods that should remain scheduled +## @param pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable +## +pdb: + create: false + minAvailable: 1 + maxUnavailable: "" +## Autoscaling configuration +## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ +## @param autoscaling.enabled Enable autoscaling for wasp-ws-reading-service +## @param autoscaling.minReplicas Minimum number of wasp-ws-reading-service replicas +## @param autoscaling.maxReplicas Maximum number of wasp-ws-reading-service replicas +## @param autoscaling.targetCPU Target CPU utilization percentage +## @param autoscaling.targetMemory Target Memory utilization percentage +## +autoscaling: + enabled: false + minReplicas: "" + maxReplicas: "" + targetCPU: "" + targetMemory: "" +## Node affinity preset +## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity +## +nodeAffinityPreset: + ## @param nodeAffinityPreset.type Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` + ## + type: "" + ## @param nodeAffinityPreset.key Node label key to match. Ignored if `affinity` is set + ## + key: "" + ## @param nodeAffinityPreset.values Node label values to match. Ignored if `affinity` is set + ## E.g. + ## values: + ## - e2e-az1 + ## - e2e-az2 + ## + values: [] +## @param affinity Affinity for wasp-ws-reading-service pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## NOTE: `podAffinityPreset`, `podAntiAffinityPreset`, and `nodeAffinityPreset` will be ignored when it's set +## +affinity: {} +## @param nodeSelector Node labels for wasp-ws-reading-service pods assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} +## @param tolerations Tolerations for wasp-ws-reading-service pods assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] +## @param updateStrategy.type wasp-ws-reading-service statefulset strategy type +## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies +## +updateStrategy: + ## StrategyType + ## Can be set to RollingUpdate or OnDelete + ## + type: RollingUpdate + +## @param priorityClassName wasp-ws-reading-service pods' priorityClassName +## +priorityClassName: "" +## @param topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template +## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods +## +topologySpreadConstraints: [] +## @param schedulerName Name of the k8s scheduler (other than default) for wasp-ws-reading-service pods +## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ +## +schedulerName: "" +## @param terminationGracePeriodSeconds Seconds Redmine pod needs to terminate gracefully +## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods +## +terminationGracePeriodSeconds: "" +## @param lifecycleHooks for the wasp-ws-reading-service container(s) to automate configuration before or after startup +## +lifecycleHooks: {} +## @param extraEnvVars Array with extra environment variables to add to wasp-ws-reading-service nodes +## e.g: +## extraEnvVars: +## - name: FOO +## value: "bar" +## +extraEnvVars: [] +## @param extraEnvVarsCM Name of existing ConfigMap containing extra env vars for wasp-ws-reading-service nodes +## +extraEnvVarsCM: "" +## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for wasp-ws-reading-service nodes +## +extraEnvVarsSecret: "" +## @param extraVolumes Optionally specify extra list of additional volumes for the wasp-ws-reading-service pod(s) +## +extraVolumes: [] +## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for the wasp-ws-reading-service container(s) +## +extraVolumeMounts: [] +## @param sidecars Add additional sidecar containers to the wasp-ws-reading-service pod(s) +## e.g: +## sidecars: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## ports: +## - name: portname +## containerPort: 1234 +## +sidecars: [] +## @param initContainers Add additional init containers to the wasp-ws-reading-service pod(s) +## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ +## e.g: +## initContainers: +## - name: your-image-name +## image: your-image +## imagePullPolicy: Always +## command: ['sh', '-c', 'echo "hello world"'] +## +initContainers: [] + +## @section Traffic Exposure Parameters +## + +## wasp-ws-reading-service service parameters +## +service: + ## @param service.type wasp-ws-reading-service service type + ## + type: ClusterIP + ## @param service.ports.http wasp-ws-reading-service service HTTP port + ## + ports: + http: 3000 + ## Node ports to expose + ## @param service.nodePorts.http Node port for HTTP + ## NOTE: choose port between <30000-32767> + ## + nodePorts: + http: "" + ## @param service.clusterIP wasp-ws-reading-service service Cluster IP + ## e.g.: + ## clusterIP: None + ## + clusterIP: "" + ## @param service.loadBalancerIP wasp-ws-reading-service service Load Balancer IP + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer + ## + loadBalancerIP: "" + ## @param service.loadBalancerSourceRanges wasp-ws-reading-service service Load Balancer sources + ## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service + ## e.g: + ## loadBalancerSourceRanges: + ## - 10.10.10.0/24 + ## + loadBalancerSourceRanges: [] + ## @param service.externalTrafficPolicy wasp-ws-reading-service service external traffic policy + ## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip + ## + externalTrafficPolicy: Cluster + ## @param service.annotations Additional custom annotations for wasp-ws-reading-service service + ## + annotations: {} + ## @param service.extraPorts Extra ports to expose in wasp-ws-reading-service service (normally used with the `sidecars` value) + ## + extraPorts: [] + ## @param service.sessionAffinity Control where client requests go, to the same pod or round-robin + ## Values: ClientIP or None + ## ref: https://kubernetes.io/docs/user-guide/services/ + ## + sessionAffinity: None + ## @param service.sessionAffinityConfig Additional settings for the sessionAffinity + ## sessionAffinityConfig: + ## clientIP: + ## timeoutSeconds: 300 + ## + sessionAffinityConfig: {} + +## wasp-ws-reading-service ingress parameters +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## ingress: - annotations: - nginx.ingress.kubernetes.io/proxy-read-timeout: '3600' - nginx.ingress.kubernetes.io/proxy-send-timeout: '3600' + ## @param ingress.enabled Enable ingress record generation for wasp-ws-reading-service + ## + enabled: true + ## @param ingress.apiVersion Force Ingress API version (automatically detected if not set) + ## + apiVersion: "" + ## @param ingress.hostname Default host for the ingress record + ## + hostname: wasp-ws-reading-service.local + ## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) + ## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster . + ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ + ## + ingressClassName: "" + ## @param ingress.paths[0].path Default reading websocket Path + ## @param ingress.paths[0].pathType Default reading websocket PathType + ## e.g: + ## paths: + ## - path: / + ## pathType: Prefix paths: - - /thing/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/dataset/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/reading + - path: /thing/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/dataset/[a-f0-9]{8}-[a-f0-9]{4}-4[a-f0-9]{3}-[89aAbB][a-f0-9]{3}-[a-f0-9]{12}/reading + pathType: Prefix + ## @param ingress.annotations Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. + ## Use this parameter to set the required annotations for cert-manager, see + ## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations + ## e.g: + ## annotations: + ## kubernetes.io/ingress.class: nginx + ## cert-manager.io/cluster-issuer: cluster-issuer-name + ## + annotations: {} + ## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter + ## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}` + ## You can: + ## - Use the `ingress.secrets` parameter to create this TLS secret + ## - Rely on cert-manager to create it by setting the corresponding annotations + ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` + ## + tls: false + ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm + ## + selfSigned: false + ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record + ## e.g: + ## extraHosts: + ## - name: wasp-ws-reading-service.local + ## path: / + ## + extraHosts: [] + ## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host + ## e.g: + ## extraPaths: + ## - path: /* + ## backend: + ## serviceName: ssl-redirect + ## servicePort: use-annotation + ## + extraPaths: [] + ## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls + ## e.g: + ## extraTls: + ## - hosts: + ## - wasp-ws-reading-service.local + ## secretName: wasp-ws-reading-service.local-tls + ## + extraTls: [] + ## @param ingress.secrets Custom TLS certificates as secrets + ## NOTE: 'key' and 'certificate' are expected in PEM format + ## NOTE: 'name' should line up with a 'secretName' set further up + ## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates + ## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + ## e.g: + ## secrets: + ## - name: wasp-ws-reading-service.local-tls + ## key: |- + ## -----BEGIN RSA PRIVATE KEY----- + ## ... + ## -----END RSA PRIVATE KEY----- + ## certificate: |- + ## -----BEGIN CERTIFICATE----- + ## ... + ## -----END CERTIFICATE----- + ## + secrets: [] + ## @param ingress.extraRules Additional rules to be covered with this ingress record + ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules + ## e.g: + ## extraRules: + ## - host: example.local + ## http: + ## path: / + ## backend: + ## service: + ## name: example-svc + ## port: + ## name: http + ## + extraRules: [] + +## @section Init Container Parameters +## +## @param initReadingNotifications.enable Initialise the reading-notifications topics as an init container +## @param initReadingNotifications.partitions Number of Partitions to create topic with +## @param initReadingNotifications.replicationFactor Replication factor for topic +initReadingNotifications: + enable: true + partitions: 30 + replicationFactor: 1 + + ## Kafka image + ## @param initReadingNotifications.image.registry Kafka image registry + ## @param initReadingNotifications.image.repository Kafka image repository + ## @param initReadingNotifications.image.tag Kafka image tag (immutable tags are recommended) + ## @param initReadingNotifications.image.digest Kafka image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended) + ## @param initReadingNotifications.image.pullPolicy Kafka image pull policy + ## @param initReadingNotifications.image.pullSecrets Kafka image pull secrets + ## + image: + registry: docker.io + repository: bitnami/kafka + tag: '3.3-debian-11' + digest: "" + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## + pullPolicy: IfNotPresent + ## Optionally specify an array of imagePullSecrets. + ## Secrets must be manually created in the namespace. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + ## e.g: + ## pullSecrets: + ## - myRegistryKeySecretName + ## + pullSecrets: [] + +## @section Other Parameters +## + +## ServiceAccount configuration +## +serviceAccount: + ## @param serviceAccount.create Specifies whether a ServiceAccount should be created + ## + create: true + ## @param serviceAccount.name The name of the ServiceAccount to use. + ## If not set and create is true, a name is generated using the common.names.fullname template + ## + name: "" + ## @param serviceAccount.annotations Additional Service Account annotations (evaluated as a template) + ## + annotations: {} + ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account + ## + automountServiceAccountToken: true + +## @section Kafka chart parameters +## +## Kafka chart configuration +## For information about these parameters, refer to: +## https://github.com/bitnami/charts/blob/main/bitnami/kafka/values.yaml +## +kafka: + ## @param kafka.enabled Enable/disable Kafka chart installation + ## + enabled: true + ## @param kafka.replicaCount Number of Kafka brokers + ## + replicaCount: 1 + auth: + ## @param kafka.auth.clientProtocol Authentication protocol for communications with clients. Allowed protocols: plaintext, tls, mtls, sasl and sasl_tls + ## + clientProtocol: plaintext + ## @param kafka.auth.interBrokerProtocol Authentication protocol for inter-broker communications. Allowed protocols: plaintext, tls, mtls, sasl and sasl_tls + ## + interBrokerProtocol: plaintext + ## TLS configuration + ## + tls: + ## @param kafka.auth.tls.existingSecrets Array existing secrets containing the TLS certificates for the Kafka brokers + ## When using 'jks' format for certificates, each secret should contain a truststore and a keystore. + ## Create these secrets following the steps below: + ## 1) Generate your truststore and keystore files. Helpful script: https://raw.githubusercontent.com/confluentinc/confluent-platform-security-tools/master/kafka-generate-ssl.sh + ## 2) Rename your truststore to `kafka.truststore.jks`. + ## 3) Rename your keystores to `kafka-X.keystore.jks` where X is the ID of each Kafka broker. + ## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create): + ## kubectl create secret generic SECRET_NAME_0 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-0.keystore.jks + ## kubectl create secret generic SECRET_NAME_1 --from-file=kafka.truststore.jks=./kafka.truststore.jks --from-file=kafka.keystore.jks=./kafka-1.keystore.jks + ## ... + ## + ## When using 'pem' format for certificates, each secret should contain a public CA certificate, a public certificate and one private key. + ## Create these secrets following the steps below: + ## 1) Create a certificate key and signing request per Kafka broker, and sign the signing request with your CA + ## 2) Rename your CA file to `kafka.ca.crt`. + ## 3) Rename your certificates to `kafka-X.tls.crt` where X is the ID of each Kafka broker. + ## 3) Rename your keys to `kafka-X.tls.key` where X is the ID of each Kafka broker. + ## 4) Run the command below one time per broker to create its associated secret (SECRET_NAME_X is the name of the secret you want to create): + ## kubectl create secret generic SECRET_NAME_0 --from-file=ca.crt=./kafka.ca.crt --from-file=tls.crt=./kafka-0.tls.crt --from-file=tls.key=./kafka-0.tls.key + ## kubectl create secret generic SECRET_NAME_1 --from-file=ca.crt=./kafka.ca.crt --from-file=tls.crt=./kafka-1.tls.crt --from-file=tls.key=./kafka-1.tls.key + ## ... + ## + existingSecrets: [] + ## @param kafka.auth.tls.password Password to access the JKS files or PEM key when they are password-protected. + ## Note: ignored when using 'existingSecret'. + ## + password: "" + ## @param kafka.auth.tls.endpointIdentificationAlgorithm The endpoint identification algorithm to validate server hostname using server certificate + ## Disable server host name verification by setting it to an empty string. + ## ref: https://docs.confluent.io/current/kafka/authentication_ssl.html#optional-settings + ## + endpointIdentificationAlgorithm: https + sasl: + jaas: + ## @param kafka.auth.sasl.jaas.clientUsers [array] Kafka client users for SASL authentication + ## + clientUsers: + - user + ## @param kafka.auth.sasl.jaas.clientPasswords Kafka client passwords for SASL authentication + ## + clientPasswords: [] + ## @param kafka.auth.sasl.jaas.interBrokerUser Kafka inter broker communication user for SASL authentication + ## + interBrokerUser: admin + ## @param kafka.auth.sasl.jaas.interBrokerPassword Kafka inter broker communication password for SASL authentication + ## + interBrokerPassword: "" + ## @param kafka.auth.sasl.jaas.zookeeperUser Kafka Zookeeper user for SASL authentication + ## + zookeeperUser: "" + ## @param kafka.auth.sasl.jaas.zookeeperPassword Kafka Zookeeper password for SASL authentication + ## + zookeeperPassword: "" + ## @param kafka.auth.sasl.jaas.existingSecret Name of the existing secret containing credentials for brokerUser, interBrokerUser and zookeeperUser + ## + existingSecret: "" + service: + ## @param kafka.service.ports.client Kafka service port for client connections + ## + ports: + client: 9092 + ## + ## Zookeeper chart configuration + ## For information about these parameters, refer to: + ## https://github.com/bitnami/charts/blob/main/bitnami/zookeeper/values.yaml + ## + zookeeper: + ## @param kafka.zookeeper.enabled Enable/disable Zookeeper chart installation + ## + enabled: true + ## @param kafka.zookeeper.replicaCount Number of Zookeeper replicas + ## + replicaCount: 1 + ## @param kafka.zookeeper.auth [object] Zookeeper auth settings + auth: + client: + enabled: false + clientUser: zookeeperUser + clientPassword: "" + serverUsers: zookeeperUser + serverPasswords: "" + existingSecret: "" +## +## External Kafka Configuration +## All of these values are only used when kafka.enabled is set to false +## +externalKafka: + ## @param externalKafka.brokers Array of Kafka brokers to connect to. Format: protocol://broker_hostname:port + ## + brokers: + - localhost:9092 + ## Authentication parameters + ## @param externalKafka.auth.protocol Authentication protocol. Allowed protocols: plaintext, tls, sasl and sasl_tls + ## @param externalKafka.auth.jaas.user User for SASL authentication + ## @param externalKafka.auth.jaas.password Password for SASL authentication + ## + auth: + ## Authentication protocol + ## Supported values: 'plaintext', 'tls', sasl' and 'sasl_tls' + ## This table shows the security provided on each protocol: + ## | Method | Authentication | Encryption via TLS | + ## | plaintext | None | No | + ## | tls | None | Yes | + ## | sasl | Yes (via SASL) | No | + ## | sasl_tls | Yes (via SASL) | Yes | + ## + protocol: plaintext + ## JAAS configuration for SASL authentication + ## MANDATORY when protocol is 'sasl' or 'sasl_tls' + ## + jaas: + user: user + password: ""