diff --git a/charts/backingservices/charts/constellation-messaging/README.md b/charts/backingservices/charts/constellation-messaging/README.md index ded3b2f74..88e7058c8 100644 --- a/charts/backingservices/charts/constellation-messaging/README.md +++ b/charts/backingservices/charts/constellation-messaging/README.md @@ -8,14 +8,87 @@ Only a single Messaging Service deployment is necessary to support an entire org Complete information on the design of the service including architecture, scalability, reliability, operations and troubleshooting is available at [https://documents.constellation.pega.io/messaging/introduction.html](https://documents.constellation.pega.io/messaging/introduction.html). -### Configuration settings +## Configuration settings | Configuration | Usage | |-----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `enabled` | Enable the Messaging Service deployment as a backing service. Set this parameter to `true` to deploy the service. | -| `name` | Specify the name of your messaging service. Your deployment creates resources prefixed with this string. | -| `imagePullSecretNames` | List pre-existing secrets to be used for pulling docker images. | -| `pegaMessagingPort` | Defines the port used by the Service. | -| `pegaMessagingTargetPort` | Defines the port used by the Pod and Container. | +| `enabled` | Enable the Messaging Service deployment as a backing service. Set this parameter to `true` to deploy the service. | +| `provider` | Enter your Kubernetes provider. Accepted values are aws, gke or k8s. | +| `name` | Deprecated, use `deployment.name`. Specify the name of your messaging service. Your deployment creates resources prefixed with this string. | +| `deployment.name` | Specify the name of your messaging service. Your deployment creates resources prefixed with this string. | +| `imagePullSecretNames` | Deprected, use `docker.imagePullSecretNames`. List pre-existing secrets to be used for pulling docker images. | | `affinity` | Define pod affinity so that it is restricted to run on particular node(s), or to prefer to run on particular nodes. | -| `ingress` | Allows optional configuration of a domain name, ingressClass, and annotations. An ingress will be provisioned if a domain name is supplied. Due to the diversity of network configurations, ingress vendors, and TLS requirements it may be necessary to define your ingress separately from this chart. +| `docker.imagePullSecretNames` | List pre-existing secrets to be used for pulling docker images. | +| `docker.registry.url` | Specify the image registry url. | +| `docker.registry.username` | Specify the username for the docker registry. | +| `docker.registry.password` | Specify the password for the docker registry. | +| `docker.messaging.image` | Specify the image version. | +| `docker.messaging.imagePullPolicy` | Specify the image pull policy configurations for the image. | +| `pegaMessagingPort` | Deprecated, use `service.port`. Defines the port used by the Service. | +| `service.port` | Defines the port used by the Service. | +| `pegaMessagingTargetPort` | Deprecated, use `service.targetPort`. Defines the port used by the Pod and Container. | +| `service.targetPort` | Defines the port used by the Pod and Container. | +| `service.serviceType` | The [type of service](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) you wish to expose. | +| `service.annotations` | Optionally add custom annotations for advanced configuration. Specifying a custom set of annotations will result in them being used instead of the default configurations. | +| `ingress.enabled` | Set to true in order to deploy an ingress. Due to the diversity of network configurations, ingress vendors, and TLS requirements it may be necessary to define your ingress separately from this chart. | +| `ingress.ingressClassName` | Ingress class to be used in place of the annotation. | +| `ingress.tls.enabled` | Specify the use of HTTPS for ingress connectivity. If the tls block is omitted, TLS will not be enabled. | +| `ingress.tls.secretName` | Specify the Kubernetes secret you created in which you store your SSL certificate for your deployment. | +| `ingress.annotations` | Specify additional annotations to add to the ingress. | +| `ingress.domain` | Specify your custom domain. | + +```yaml +enabled: true +deployment: + name: "constellation-messaging" +# Cloud provider details. Accepted values are : aws +provider: aws + +# Docker repos and tag for image +docker: + # If using a custom Docker registry, supply the credentials here to pull Docker images. + registry: + url: YOUR_REGISTRY_URL_HERE + username: YOUR_REGISTRY_USERNAME_HERE + password: YOUR_REGISTRY_PASSWORD_HERE + # Docker image information for the Pega docker image, containing the application server. + constellation: + image: pega-docker.downloads.pega.com/constellation-messaging/docker-image:5.4.0 + imagePullPolicy: Always + +urlPath: /c11n-messaging +replicas: 1 + +``` + +### Liveness and readiness probes + +Constellation messaging service uses liveness and readiness to determine application health in your deployments. For an overview of these probes, see [Configure Liveness and Readiness Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). Configure a probe for *liveness* to determine if a Pod has entered a broken state; configure it for *readiness* to determine if the application is available to be exposed. If not explicitly configured, default probes are used during the deployment. Set the following parameters as part of a `livenessProbe` or `readinessProbe` configuration. + +Notes: +* `timeoutSeconds` cannot be greater than `periodSeconds` in some GCP environments. For details, see [this API library from Google](https://developers.google.com/resources/api-libraries/documentation/compute/v1/csharp/latest/classGoogle_1_1Apis_1_1Compute_1_1v1_1_1Data_1_1HttpHealthCheck.html#a027a3932f0681df5f198613701a83145). + +Parameter | Description | Default `livenessProbe` | Default `readinessProbe` +--- | --- | --- | --- +`initialDelaySeconds` | Number of seconds after the container has started before probes are initiated. | `5` | `5` +`timeoutSeconds` | Number of seconds after which the probe times out. | `5` | `5` +`periodSeconds` | How often (in seconds) to perform the probe. | `30` | `30` +`successThreshold` | Minimum consecutive successes for the probe to be considered successful after it determines a failure. | `1` | `1` +`failureThreshold` | The number consecutive failures for the pod to be terminated by Kubernetes. | `3` | `3` + +Example: + +```yaml +livenessProbe: + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 +``` diff --git a/charts/backingservices/charts/constellation-messaging/templates/_helpers.tpl b/charts/backingservices/charts/constellation-messaging/templates/_helpers.tpl deleted file mode 100644 index 8ba76dfa7..000000000 --- a/charts/backingservices/charts/constellation-messaging/templates/_helpers.tpl +++ /dev/null @@ -1,6 +0,0 @@ -{{- define "podAffinity" }} -{{- if .affinity }} -affinity: -{{- toYaml .affinity | nindent 2 }} -{{- end }} -{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation-messaging/templates/_messaging-registry-secret.tpl b/charts/backingservices/charts/constellation-messaging/templates/_messaging-registry-secret.tpl new file mode 100644 index 000000000..95b1d7631 --- /dev/null +++ b/charts/backingservices/charts/constellation-messaging/templates/_messaging-registry-secret.tpl @@ -0,0 +1,14 @@ +{{- define "messagingRegistryCredentialsSecretTemplate" }} +kind: Secret +apiVersion: v1 +metadata: + name: {{ include "backingservicesRegistrySecret" (dict "root" .Values "defaultname" "constellation-messaging" ) }} + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": pre-install, pre-upgrade + "helm.sh/hook-weight": "0" + "helm.sh/hook-delete-policy": before-hook-creation +data: + .dockerconfigjson: {{ template "imagePullSecret" . }} +type: kubernetes.io/dockerconfigjson +{{- end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation-messaging/templates/_supplemental.tpl b/charts/backingservices/charts/constellation-messaging/templates/_supplemental.tpl new file mode 100644 index 000000000..85a9215a3 --- /dev/null +++ b/charts/backingservices/charts/constellation-messaging/templates/_supplemental.tpl @@ -0,0 +1,66 @@ +{{- /* +imagePullSecret +backingservicesRegistrySecret +deploymentName +tlssecretsnippet +backingservices.gke.backendConfig +podAffinity +are copied from backingservices/templates/_supplemental.tpl because helm lint requires +charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. +*/}} + +{{- define "imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.docker.registry.url (printf "%s:%s" .Values.docker.registry.username .Values.docker.registry.password | b64enc) | b64enc }} +{{- end }} + +{{- define "backingservicesRegistrySecret" }} +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .root "defaultname" .defaultname )) -}} +{{- $depName -}}-registry-secret +{{- end }} + +{{- define "deploymentName" }}{{ $deploymentNamePrefix := .defaultname }}{{ if (.root.deployment) }}{{ if (.root.deployment.name) }}{{ $deploymentNamePrefix = .root.deployment.name }}{{ end }}{{ end }}{{ if (.root.name) }}{{ $deploymentNamePrefix = .root.name }}{{ end }}{{ $deploymentNamePrefix }}{{- end }} + +{{- define "tlssecretsnippet" -}} +tls: +- hosts: + - {{ include "domainName" (dict "node" .node) }} + secretName: {{ .node.ingress.tls.secretName }} +{{- end -}} + +{{- define "domainName" }} + {{- if .node.ingress -}} + {{- if .node.ingress.domain -}} + {{ .node.ingress.domain }} + {{- end -}} + {{- else if .node.service.domain -}} + {{ .node.service.domain }} + {{- end -}} +{{- end }} + + +{{- define "backingservices.gke.backendConfig" -}} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ .name }} +spec: + timeoutSec: 40 + connectionDraining: + drainingTimeoutSec: 60 + healthCheck: + checkIntervalSec: 5 + healthyThreshold: 1 + port: {{ .healthCheckPort }} + requestPath: {{ .requestPath }} + timeoutSec: 5 + type: HTTP + unhealthyThreshold: 2 +--- +{{ end }} + +{{- define "podAffinity" }} +{{- if .affinity }} +affinity: +{{- toYaml .affinity | nindent 2 }} +{{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml b/charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml index d76b3064a..0a4ae8b0e 100644 --- a/charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml +++ b/charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml @@ -1,28 +1,37 @@ +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }} +{{- $srvTargetPort := .Values.service.targetPort }}{{ if .Values.pegaMessagingTargetPort }}{{ $srvTargetPort = .Values.pegaMessagingTargetPort }}{{ end }} {{- if .Values.enabled }} kind: Deployment apiVersion: apps/v1 metadata: - name: {{ .Values.name }} + name: {{ $depName }} labels: - app: {{ .Values.name }} + app: {{ $depName }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: - app: {{ .Values.name }} + app: {{ $depName }} template: metadata: labels: - app: {{ .Values.name }} + app: {{ $depName }} spec: imagePullSecrets: + - name: {{ include "backingservicesRegistrySecret" ( dict "root" .Values "defaultname" "constellation-messaging" ) }} + {{ if .Values.docker.imagePullSecretNames }} + {{- range .Values.docker.imagePullSecretNames }} + - name: {{ . }} + {{- end }} + {{ else if .Values.imagePullSecretNames }} {{- range .Values.imagePullSecretNames }} - - name: {{ . }} + - name: {{ . }} {{- end }} + {{ end }} containers: - name: c11n-messaging - imagePullPolicy: {{ .Values.imagePullPolicy }} - image: {{ .Values.image }} + imagePullPolicy: {{ .Values.docker.messaging.imagePullPolicy }} + image: {{ .Values.docker.messaging.image }} resources: {{ if .Values.resources }} {{ toYaml .Values.resources | nindent 10 }} @@ -32,10 +41,28 @@ spec: {{ toYaml .Values.securityContext | nindent 10 }} {{- end }} args: - - --max-semi-space-size=1024 - - port={{ .Values.pegaMessagingTargetPort }} - - path=/c11n-messaging + - --max-semi-space-size=1024 + - port={{ $srvTargetPort }} + - urlPath={{ .Values.urlPath }} + livenessProbe: + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + httpGet: + path: {{ .Values.urlPath }}/ping + port: {{ $srvTargetPort }} + readinessProbe: + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + httpGet: + path: {{ .Values.urlPath }}/ping + port: {{ $srvTargetPort }} ports: - - containerPort: {{ .Values.pegaMessagingTargetPort }} + - containerPort: {{ $srvTargetPort }} {{- include "podAffinity" .Values | indent 6 }} {{ end }} diff --git a/charts/backingservices/charts/constellation-messaging/templates/messaging-gke-backend-config.yaml b/charts/backingservices/charts/constellation-messaging/templates/messaging-gke-backend-config.yaml new file mode 100644 index 000000000..ca1af1bfd --- /dev/null +++ b/charts/backingservices/charts/constellation-messaging/templates/messaging-gke-backend-config.yaml @@ -0,0 +1,11 @@ +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }} +{{- $requestPath := printf "%s/ping" .Values.urlPath }} +{{- $srvPort := .Values.service.port }}{{ if .Values.pegaMessagingPort }}{{ $srvPort = .Values.pegaMessagingPort }}{{ end }} + +{{- if .Values.enabled }} +{{- if (eq .Values.provider "gke") }} +{{- if .Values.ingress.enabled }} +{{ template "backingservices.gke.backendConfig" dict "root" .Values "name" $depName "requestPath" $requestPath "healthCheckPort" $srvPort }} +{{ end }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation-messaging/templates/messaging-ingress.yaml b/charts/backingservices/charts/constellation-messaging/templates/messaging-ingress.yaml index 6cacefded..bf5475ea3 100644 --- a/charts/backingservices/charts/constellation-messaging/templates/messaging-ingress.yaml +++ b/charts/backingservices/charts/constellation-messaging/templates/messaging-ingress.yaml @@ -1,8 +1,11 @@ -{{- if and .Values.enabled .Values.ingress.domain }} +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }} +{{- $srvPort := .Values.service.port }}{{ if .Values.pegaMessagingPort }}{{ $srvPort = .Values.pegaMessagingPort }}{{ end }} +{{- if .Values.enabled }} +{{- if and (.Values.ingress) (eq .Values.ingress.enabled true) }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: {{ .Values.name }} + name: {{ $depName }} {{- if .Values.ingress.annotations }} annotations: {{ toYaml .Values.ingress.annotations | indent 4 }} @@ -12,14 +15,22 @@ spec: ingressClassName: {{ .Values.ingress.ingressClassName }} {{- end }} rules: - - host: {{ .Values.ingress.domain }} - http: - paths: - - path: /c11n-messaging - pathType: Prefix - backend: - service: - name: {{ .Values.name }} - port: - number: {{ $.Values.pegaMessagingPort }} + - host: {{ .Values.ingress.domain }} + http: + paths: + - path: {{ .Values.urlPath }} + pathType: Prefix + backend: + service: + name: {{ $depName }} + port: + number: {{ $srvPort }} +{{ if (.Values.ingress.tls) }} +{{- if (eq .Values.ingress.tls.enabled true) }} +{{- if .Values.ingress.tls.secretName }} +{{- include "tlssecretsnippet" (dict "node" .Values) | indent 2 }} +{{- end }} +{{- end }} +{{- end }} {{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation-messaging/templates/messaging-registry-secret.yaml b/charts/backingservices/charts/constellation-messaging/templates/messaging-registry-secret.yaml new file mode 100644 index 000000000..1470c79ff --- /dev/null +++ b/charts/backingservices/charts/constellation-messaging/templates/messaging-registry-secret.yaml @@ -0,0 +1,3 @@ +{{- if .Values.enabled }} +{{- include "messagingRegistryCredentialsSecretTemplate" . }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation-messaging/templates/messaging-service.yaml b/charts/backingservices/charts/constellation-messaging/templates/messaging-service.yaml index a54f17a24..da40e821e 100644 --- a/charts/backingservices/charts/constellation-messaging/templates/messaging-service.yaml +++ b/charts/backingservices/charts/constellation-messaging/templates/messaging-service.yaml @@ -1,16 +1,30 @@ +{{ $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }} +{{- $srvTargetPort := .Values.service.targetPort }}{{ if .Values.pegaMessagingTargetPort }}{{ $srvTargetPort = .Values.pegaMessagingTargetPort }}{{ end }} +{{- $srvPort := .Values.service.port }}{{ if .Values.pegaMessagingPort }}{{ $srvPort = .Values.pegaMessagingPort }}{{ end }} {{- if .Values.enabled }} apiVersion: v1 kind: Service metadata: - name: {{ .Values.name }} + name: {{ $depName }} labels: - app: {{ .Values.name }} + app: {{ $depName }} +{{- if and (.Values.service) (.Values.service.annotations) }} + annotations: + # Custom annotations +{{ toYaml .Values.service.annotation | indent 4 }} +{{- else if (eq .Values.provider "gke") }} + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/app-protocols: '{"https":"HTTPS","http":"HTTP"}' + cloud.google.com/backend-config: '{"ports": {"{{ $srvPort }}": "{{ $depName }}"}}' +{{- end }} spec: - type: NodePort selector: - app: {{ .Values.name }} + app: {{ $depName }} ports: - - protocol: TCP - port: {{ .Values.pegaMessagingPort }} - targetPort: {{ .Values.pegaMessagingTargetPort }} + - name: http + protocol: TCP + port: {{ $srvPort }} + targetPort: {{ $srvTargetPort }} + type: {{ .Values.service.serviceType }} {{ end }} diff --git a/charts/backingservices/charts/constellation-messaging/values.yaml b/charts/backingservices/charts/constellation-messaging/values.yaml index 6c28d7ade..883a07aa3 100644 --- a/charts/backingservices/charts/constellation-messaging/values.yaml +++ b/charts/backingservices/charts/constellation-messaging/values.yaml @@ -1,17 +1,26 @@ --- enabled: false -name: YOUR_MESSAGING_SERVICE_DEPLOYMENT_NAME +deployment: + name: "constellation-messaging" +# Cloud provider details +provider: "aws" -image: YOUR_MESSAGING_SERVICE_IMAGE:TAG -replicas: 1 - -# To avoid exposing Docker credentials, create a separate Docker config secret. -# Specify secret names as an array of comma-separated strings. For example: ["secret1", "secret2"] -imagePullSecretNames: [] -imagePullPolicy: Always +# Docker repos and tag for image +docker: + # If using a custom Docker registry, supply the credentials here to pull Docker images. + registry: + url: YOUR_DOCKER_REGISTRY_URL + username: YOUR_DOCKER_REGISTRY_USERNAME + password: YOUR_DOCKER_REGISTRY_PASSWORD + # To avoid exposing Docker credentials, create a separate Docker config secret. + # Specify secret names as an array of comma-separated strings. For example: ["secret1", "secret2"] + imagePullSecretNames: [] + # Docker image information for the Pega docker image, containing the application server. + messaging: + image: YOUR_MESSAGING_SERVICE_IMAGE:TAG + imagePullPolicy: Always -pegaMessagingPort: 3000 -pegaMessagingTargetPort: 3000 +urlPath: /c11n-messaging # set memoryRequest & memoryLimit to Limit memory usage for container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory # resources: @@ -27,12 +36,37 @@ securityContext: readOnlyRootFilesystem: false # set allowPrivilegeEscalation to false to Restrict container from acquiring additional privileges https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ allowPrivilegeEscalation: true # false -serviceType: NodePort + +# Service +service: + port: 3000 + targetPort: 3000 + serviceType: NodePort # An ingress will be provisioned if a hostname is defined, or omitted if the hostname is empty. # ingressClassName and annotations are optional and will be included if defined. # Due to the diverse requirements for ingresses and TLS configuration, it may be necessary to define the ingress separately from this chart. ingress: - domain: + enabled: true + domain: YOUR_CUSTOM_DOMAIN_NAME_HERE ingressClassName: + # Additional annotations for the ingress can be specified here annotations: + tls: + enabled: false + secretName: + +# Deployment Spec +replicas: 1 +livenessProbe: + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 +readinessProbe: + initialDelaySeconds: 5 + timeoutSeconds: 5 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 3 diff --git a/charts/backingservices/charts/constellation/README.md b/charts/backingservices/charts/constellation/README.md index d999dc80a..341179bf1 100644 --- a/charts/backingservices/charts/constellation/README.md +++ b/charts/backingservices/charts/constellation/README.md @@ -42,17 +42,31 @@ The values.yaml file provides configuration options to define the values for the | Configuration | Usage | |-----------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | `enabled` | Enables the constellation appstatic service. Set to true to enable constellation appstatic service in the kubernetes environment. | -| `cloudProvider` | Specify the cloud provider details. Accepted values are aws. | +| `cloudProvider` | Deprecated, use `provider`. Specify the cloud provider details. Accepted values are aws. | +| `provider` | Enter your Kubernetes provider. Accepted values are aws, gke or k8s. | | `awsCertificateArn` | Specify the arn for the AWS ACM certificate. | -| `domainName` | Specify your custom domain. | -| `ingressAnnotations` | Specify additional annotations to add to the ingress. | +| `service.port` | The port of the tier to be exposed to the cluster. The default value is `3000`. | +| `service.targetPort` | The target port of the container to expose. The constellation container exposes web traffic on port `3000`. | +| `service.serviceType` | The [type of service](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) you wish to expose. | +| `service.annotations` | Optionally add custom annotations for advanced configuration. Specifying a custom set of annotations will result in them being used instead of the default configurations. | +| `domainName` | Deprecated, use `ingress.domain`. Specify your custom domain. | +| `ingress.domain` | Specify your custom domain. | +| `ingressAnnotations` | Deprecated, use `ingress.annotations`. Specify additional annotations to add to the ingress. | +| `ingress.annotations` | Specify additional annotations to add to the ingress. | +| `ingress.enabled` | Set to true in order to deploy an ingress. | +| `ingress.ingressClassName` | Ingress class to be used in place of the annotation. | +| `ingress.tls.enabled` | Specify the use of HTTPS for ingress connectivity. If the tls block is omitted, TLS will not be enabled. | +| `ingress.tls.secretName` | Specify the Kubernetes secret you created in which you store your SSL certificate for your deployment. | | `customerAssetVolumeClaimName` | Specify the volume claim name to be used for storing customer assets. | -| `imagePullSecretNames` | Specify a list of existing ImagePullSecrets to be added to the Deployment. | +| `imagePullSecretNames` | Deprected, use `docker.imagePullSecretNames`. Specify a list of existing ImagePullSecrets to be added to the Deployment. | +| `docker.imagePullSecretNames` | Specify a list of existing ImagePullSecrets to be added to the Deployment. | +| `docker.registry.url` | Specify the image registry url. | +| `docker.registry.username` | Specify the username for the docker registry. | +| `docker.registry.password` | Specify the password for the docker registry. | +| `docker.constellation.image` | Specify the image version. | +| `docker.messaging.imagePullPolicy` | Specify the image pull policy configurations for the image. | | `affinity` | Specify the pod affinity so that pods are restricted to run on particular node(s), or to prefer to run on particular nodes. -| `docker`.`registry`.`url` | Specify the image registry url. | -| `docker`.`registry`.`username` | Specify the username for the docker registry. | -| `docker`.`registry`.`password` | Specify the password for the docker registry. | -| `docker`.`constellation`.`image` | Specify the image version. | + | Example: @@ -61,23 +75,46 @@ enabled: true deployment: name: "constellation" # Cloud provider details. Accepted values are : aws -cloudProvider: aws +provider: aws # For aws cloud provider enter your acm certificate ARN here. awsCertificateArn : arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx -domainName: YOUR_CUSTOM_DOMAIN_HERE + # Docker repos and tag for image docker: - # If using a custom Docker registry, supply the credentials here to pull Docker images. - registry: - url: YOUR_REGISTRY_URL_HERE - username: YOUR_REGISTRY_USERNAME_HERE - password: YOUR_REGISTRY_PASSWORD_HERE - # Docker image information for the Pega docker image, containing the application server. - constellation: - image: pega-docker.downloads.pega.com/constellation-appstatic-service/docker-image:xxxxxxx + # If using a custom Docker registry, supply the credentials here to pull Docker images. + registry: + url: YOUR_REGISTRY_URL_HERE + username: YOUR_REGISTRY_USERNAME_HERE + password: YOUR_REGISTRY_PASSWORD_HERE + # Docker image information for the Pega docker image, containing the application server. + constellation: + image: pega-docker.downloads.pega.com/constellation-appstatic-service/docker-image:xxxxxxx + imagePullPolicy: Always + logLevel: info urlPath: /c11n replicas: 1 + +``` + +##### Liveness and readiness probes + +Constellation uses liveness and readiness to determine application health in your deployments. For an overview of these probes, see [Configure Liveness and Readiness Probes](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/). Configure a probe for *liveness* to determine if a Pod has entered a broken state; configure it for *readiness* to determine if the application is available to be exposed. If not explicitly configured, default probes are used during the deployment. Set the following parameters as part of a `livenessProbe` or `readinessProbe` configuration. + +Notes: +* `timeoutSeconds` cannot be greater than `periodSeconds` in some GCP environments. For details, see [this API library from Google](https://developers.google.com/resources/api-libraries/documentation/compute/v1/csharp/latest/classGoogle_1_1Apis_1_1Compute_1_1v1_1_1Data_1_1HttpHealthCheck.html#a027a3932f0681df5f198613701a83145). + +Parameter | Description | Default `livenessProbe` | Default `readinessProbe` +--- | --- | --- | --- +`initialDelaySeconds` | Number of seconds after the container has started before probes are initiated. | `5` | `5` +`timeoutSeconds` | Number of seconds after which the probe times out. | `5` | `5` +`periodSeconds` | How often (in seconds) to perform the probe. | `30` | `30` +`successThreshold` | Minimum consecutive successes for the probe to be considered successful after it determines a failure. | `1` | `1` +`failureThreshold` | The number consecutive failures for the pod to be terminated by Kubernetes. | `3` | `3` + +Example: + +```yaml livenessProbe: initialDelaySeconds: 5 timeoutSeconds: 5 diff --git a/charts/backingservices/charts/constellation/templates/_pega-registry-secret.tpl b/charts/backingservices/charts/constellation/templates/_clln-registry-secret.tpl similarity index 67% rename from charts/backingservices/charts/constellation/templates/_pega-registry-secret.tpl rename to charts/backingservices/charts/constellation/templates/_clln-registry-secret.tpl index dbe3002ce..10813786b 100644 --- a/charts/backingservices/charts/constellation/templates/_pega-registry-secret.tpl +++ b/charts/backingservices/charts/constellation/templates/_clln-registry-secret.tpl @@ -1,8 +1,8 @@ -{{- define "pegaRegistryCredentialsSecretTemplate" }} +{{- define "cllnRegistryCredentialsSecretTemplate" }} kind: Secret apiVersion: v1 metadata: - name: {{ template "pegaRegistrySecret" $ }} + name: {{ include "backingservicesRegistrySecret" (dict "root" .Values "defaultname" "constellation" ) }} namespace: {{ .Release.Namespace }} annotations: "helm.sh/hook": pre-install, pre-upgrade diff --git a/charts/backingservices/charts/constellation/templates/_helpers.tpl b/charts/backingservices/charts/constellation/templates/_helpers.tpl deleted file mode 100644 index 91da6041d..000000000 --- a/charts/backingservices/charts/constellation/templates/_helpers.tpl +++ /dev/null @@ -1,17 +0,0 @@ -{{- define "imagePullSecret" }} -{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.docker.registry.url (printf "%s:%s" .Values.docker.registry.username .Values.docker.registry.password | b64enc) | b64enc }} -{{- end }} - -{{- define "pegaRegistrySecret" }} -{{- $depName := printf "%s" (include "deploymentName" $) -}} -{{- $depName -}}-registry-secret -{{- end }} - -{{- define "deploymentName" }}{{ $deploymentNamePrefix := "constellation" }}{{ if (.Values.deployment) }}{{ if (.Values.deployment.name) }}{{ $deploymentNamePrefix = .Values.deployment.name }}{{ end }}{{ end }}{{ $deploymentNamePrefix }}{{- end }} - -{{- define "podAffinity" }} -{{- if .affinity }} -affinity: -{{- toYaml .affinity | nindent 2 }} -{{- end }} -{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/templates/_supplemental.tpl b/charts/backingservices/charts/constellation/templates/_supplemental.tpl new file mode 100644 index 000000000..85a9215a3 --- /dev/null +++ b/charts/backingservices/charts/constellation/templates/_supplemental.tpl @@ -0,0 +1,66 @@ +{{- /* +imagePullSecret +backingservicesRegistrySecret +deploymentName +tlssecretsnippet +backingservices.gke.backendConfig +podAffinity +are copied from backingservices/templates/_supplemental.tpl because helm lint requires +charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. +*/}} + +{{- define "imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.docker.registry.url (printf "%s:%s" .Values.docker.registry.username .Values.docker.registry.password | b64enc) | b64enc }} +{{- end }} + +{{- define "backingservicesRegistrySecret" }} +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .root "defaultname" .defaultname )) -}} +{{- $depName -}}-registry-secret +{{- end }} + +{{- define "deploymentName" }}{{ $deploymentNamePrefix := .defaultname }}{{ if (.root.deployment) }}{{ if (.root.deployment.name) }}{{ $deploymentNamePrefix = .root.deployment.name }}{{ end }}{{ end }}{{ if (.root.name) }}{{ $deploymentNamePrefix = .root.name }}{{ end }}{{ $deploymentNamePrefix }}{{- end }} + +{{- define "tlssecretsnippet" -}} +tls: +- hosts: + - {{ include "domainName" (dict "node" .node) }} + secretName: {{ .node.ingress.tls.secretName }} +{{- end -}} + +{{- define "domainName" }} + {{- if .node.ingress -}} + {{- if .node.ingress.domain -}} + {{ .node.ingress.domain }} + {{- end -}} + {{- else if .node.service.domain -}} + {{ .node.service.domain }} + {{- end -}} +{{- end }} + + +{{- define "backingservices.gke.backendConfig" -}} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ .name }} +spec: + timeoutSec: 40 + connectionDraining: + drainingTimeoutSec: 60 + healthCheck: + checkIntervalSec: 5 + healthyThreshold: 1 + port: {{ .healthCheckPort }} + requestPath: {{ .requestPath }} + timeoutSec: 5 + type: HTTP + unhealthyThreshold: 2 +--- +{{ end }} + +{{- define "podAffinity" }} +{{- if .affinity }} +affinity: +{{- toYaml .affinity | nindent 2 }} +{{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/templates/clln-deployment.yaml b/charts/backingservices/charts/constellation/templates/clln-deployment.yaml index ac27fe34b..2dcb3dc41 100644 --- a/charts/backingservices/charts/constellation/templates/clln-deployment.yaml +++ b/charts/backingservices/charts/constellation/templates/clln-deployment.yaml @@ -1,35 +1,41 @@ +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation" )) }} {{- if .Values.enabled }} kind: Deployment apiVersion: apps/v1 metadata: - name: constellation + name: {{ $depName }} labels: - app: constellation + app: {{ $depName }} spec: replicas: {{ .Values.replicas }} selector: matchLabels: - app: constellation + app: {{ $depName }} template: metadata: labels: - app: constellation + app: {{ $depName }} spec: {{- if .Values.customerAssetVolumeClaimName }} volumes: - - name: constellation-appstatic-assets + - name: {{ $depName }}-appstatic-assets persistentVolumeClaim: claimName: {{ .Values.customerAssetVolumeClaimName }} {{- end }} imagePullSecrets: - - name: {{ template "pegaRegistrySecret" $ }} - {{ if .Values.imagePullSecretNames }} + - name: {{ include "backingservicesRegistrySecret" ( dict "root" .Values "defaultname" "constellation" ) }} + {{ if .Values.docker.imagePullSecretNames }} + {{- range .Values.docker.imagePullSecretNames }} + - name: {{ . }} + {{- end }} + {{ else if .Values.imagePullSecretNames }} {{- range .Values.imagePullSecretNames }} - name: {{ . }} {{- end }} {{ end }} containers: - name: constellation + imagePullPolicy: {{ .Values.docker.constellation.imagePullPolicy }} image: {{ .Values.docker.constellation.image }} resources: {{ if .Values.resources }} @@ -41,13 +47,13 @@ spec: {{- end }} {{ if .Values.customerAssetVolumeClaimName }} volumeMounts: - - name: constellation-appstatic-assets + - name: {{ $depName }}-appstatic-assets mountPath: /usr/src/app/dist/customers {{- end }} args: - - port=3000 + - port={{ .Values.service.targetPort }} # constellation URL path, if you change it, you need to change ingress template files too - - urlPath=/c11n + - urlPath={{ .Values.urlPath }} - logLevel={{ .Values.logLevel }} livenessProbe: initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} @@ -56,8 +62,8 @@ spec: successThreshold: {{ .Values.livenessProbe.successThreshold }} failureThreshold: {{ .Values.livenessProbe.failureThreshold }} httpGet: - path: /c11n/buildInfo.json - port: 3000 + path: {{ .Values.urlPath }}/buildInfo.json + port: {{ .Values.service.targetPort }} readinessProbe: initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} @@ -65,9 +71,9 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} httpGet: - path: /c11n/buildInfo.json - port: 3000 + path: {{ .Values.urlPath }}/buildInfo.json + port: {{ .Values.service.targetPort }} ports: - - containerPort: 3000 + - containerPort: {{ .Values.service.targetPort }} {{- include "podAffinity" .Values | indent 6 }} {{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/templates/clln-gke-backend-config.yaml b/charts/backingservices/charts/constellation/templates/clln-gke-backend-config.yaml new file mode 100644 index 000000000..d666e9176 --- /dev/null +++ b/charts/backingservices/charts/constellation/templates/clln-gke-backend-config.yaml @@ -0,0 +1,10 @@ +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation" )) }} +{{- $requestPath := printf "%s/v860/ping" .Values.urlPath }} + +{{- if .Values.enabled }} +{{- if or (eq .Values.provider "gke") (eq .Values.cloudProvider "gke") }} +{{- if .Values.ingress.enabled }} +{{ template "backingservices.gke.backendConfig" dict "root" .Values "name" $depName "requestPath" $requestPath "healthCheckPort" .Values.service.port }} +{{ end }} +{{ end }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/templates/clln-ingress.yaml b/charts/backingservices/charts/constellation/templates/clln-ingress.yaml index 7552e7caf..97b06e058 100644 --- a/charts/backingservices/charts/constellation/templates/clln-ingress.yaml +++ b/charts/backingservices/charts/constellation/templates/clln-ingress.yaml @@ -1,35 +1,47 @@ +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation" )) }} {{- if .Values.enabled }} +{{- if and (.Values.ingress) (eq .Values.ingress.enabled true) }} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: constellationingress + name: {{ $depName }} annotations: - {{ if (eq .Values.cloudProvider "aws") }} + {{ if or (eq .Values.provider "aws") (eq .Values.cloudProvider "aws") }} alb.ingress.kubernetes.io/backend-protocol: HTTP alb.ingress.kubernetes.io/certificate-arn: {{ .Values.awsCertificateArn }} alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' alb.ingress.kubernetes.io/target-type: ip kubernetes.io/ingress.class: alb alb.ingress.kubernetes.io/scheme: internet-facing - alb.ingress.kubernetes.io/healthcheck-path: /c11n/buildInfo.json + alb.ingress.kubernetes.io/healthcheck-path: {{ .Values.urlPath }}/buildInfo.json alb.ingress.kubernetes.io/healthcheck-port: traffic-port {{ end }} - {{- if .Values.ingressAnnotations }} + {{- if .Values.ingress.annotations }} + {{- toYaml .Values.ingress.annotations | nindent 4 }} + {{- else if .Values.ingressAnnotations }} {{- toYaml .Values.ingressAnnotations | nindent 4 }} {{ end }} spec: -{{- if .Values.ingressClassName }} - ingressClassName: {{ .Values.ingressClassName }} +{{- if .Values.ingress.ingressClassName }} + ingressClassName: {{ .Values.ingress.ingressClassName }} {{- end }} rules: - - host: {{ .Values.domainName }} + - host: {{if (.Values.domainName) }}{{ .Values.domainName }}{{ else }}{{ .Values.ingress.domain }}{{ end }} http: paths: - path: {{ .Values.urlPath }} pathType: Prefix backend: service: - name: constellation + name: {{ $depName }} port: - number: 3000 + number: {{ .Values.service.port }} +{{ if (.Values.ingress.tls) }} +{{- if (eq .Values.ingress.tls.enabled true) }} +{{- if .Values.ingress.tls.secretName }} +{{- include "tlssecretsnippet" (dict "node" .Values) | indent 2 }} +{{- end }} +{{- end }} +{{- end }} +{{ end }} {{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/templates/clln-registry-secret.yaml b/charts/backingservices/charts/constellation/templates/clln-registry-secret.yaml new file mode 100644 index 000000000..5288aafba --- /dev/null +++ b/charts/backingservices/charts/constellation/templates/clln-registry-secret.yaml @@ -0,0 +1,3 @@ +{{- if .Values.enabled }} +{{- include "cllnRegistryCredentialsSecretTemplate" . }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/templates/clln-service.yaml b/charts/backingservices/charts/constellation/templates/clln-service.yaml index 2464d88be..c43ea0c4b 100644 --- a/charts/backingservices/charts/constellation/templates/clln-service.yaml +++ b/charts/backingservices/charts/constellation/templates/clln-service.yaml @@ -1,18 +1,28 @@ +{{ $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation" )) }} {{- if .Values.enabled }} apiVersion: v1 kind: Service metadata: - name: constellation + name: {{ $depName }} labels: - app: constellation - # component: constellation + app: {{ $depName }} +{{- if and (.Values.service) (.Values.service.annotations) }} + annotations: + # Custom annotations +{{ toYaml .Values.service.annotation | indent 4 }} +{{- else if or (eq .Values.provider "gke") (eq .Values.cloudProvider "gke") }} + annotations: + cloud.google.com/neg: '{"ingress": true}' + cloud.google.com/app-protocols: '{"https":"HTTPS","http":"HTTP"}' + cloud.google.com/backend-config: '{"ports": {"{{ .Values.service.port }}": "{{ $depName }}"}}' +{{- end }} spec: selector: - app: constellation - # component: constellation + app: {{ $depName }} ports: - - protocol: TCP - port: 3000 - targetPort: 3000 - type: NodePort + - name: http + protocol: TCP + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} + type: {{ .Values.service.serviceType }} {{ end }} diff --git a/charts/backingservices/charts/constellation/templates/pega-registry-secret.yaml b/charts/backingservices/charts/constellation/templates/pega-registry-secret.yaml deleted file mode 100644 index 35dabcb4f..000000000 --- a/charts/backingservices/charts/constellation/templates/pega-registry-secret.yaml +++ /dev/null @@ -1,3 +0,0 @@ -{{- if .Values.enabled }} -{{- include "pegaRegistryCredentialsSecretTemplate" . }} -{{ end }} \ No newline at end of file diff --git a/charts/backingservices/charts/constellation/values.yaml b/charts/backingservices/charts/constellation/values.yaml index 3d0b60a36..fa236b252 100644 --- a/charts/backingservices/charts/constellation/values.yaml +++ b/charts/backingservices/charts/constellation/values.yaml @@ -1,18 +1,14 @@ --- -enabled: true +enabled: false deployment: name: "constellation" -# Cloud provider details. Accepted values are aws -cloudProvider: "aws" +# Cloud provider details. Accepted values are aws, gke and k8s +provider: "aws" # For aws cloud provider enter your acm certificate ARN here. awsCertificateArn: arn:aws:acm:us-west-2:xxxxx:certificate/xxxxxxx -domainName: YOUR_CUSTOM_DOMAIN_NAME_HERE -# Additional annotations for the ingress can be specified here -ingressAnnotations: # Customer assets must be stored on a persistent storage volume. Create a volume claim and provide the name. customerAssetVolumeClaimName: -# Provide pre-defined image pull secret names if desired -imagePullSecretNames: [] + # Docker repos and tag for image docker: # If using a custom Docker registry, supply the credentials here to pull Docker images. @@ -20,13 +16,16 @@ docker: url: YOUR_DOCKER_REGISTRY_URL username: YOUR_DOCKER_REGISTRY_USERNAME password: YOUR_DOCKER_REGISTRY_PASSWORD + # Provide pre-defined image pull secret names if desired + imagePullSecretNames: [] # Docker image information for the Pega docker image, containing the application server. constellation: - image: cirrus-docker.jfrog.io/constellation-appstatic-service/docker-image:1.0.8-20221228123724 + image: YOUR_CONSTELLATION_SERVICE_IMAGE:TAG + imagePullPolicy: Always + logLevel: info urlPath: /c11n -# ingressClassName is optional and will be included if defined. -ingressClassName: + # set memoryRequest & memoryLimit to Limit memory usage for container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory # resources: # requests: @@ -41,6 +40,25 @@ securityContext: readOnlyRootFilesystem: false # set allowPrivilegeEscalation to false to Restrict container from acquiring additional privileges https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ allowPrivilegeEscalation: true # false + +# Service +service: + port: 3000 + targetPort: 3000 + serviceType: NodePort + +# Ingress +ingress: + enabled: true + domain: YOUR_CUSTOM_DOMAIN_NAME_HERE + ingressClassName: + # Additional annotations for the ingress can be specified here + annotations: + tls: + enabled: false + secretName: + +# Deployment Spec replicas: 1 livenessProbe: initialDelaySeconds: 5 diff --git a/charts/backingservices/templates/_supplemental.tpl b/charts/backingservices/templates/_supplemental.tpl new file mode 100644 index 000000000..0c1477177 --- /dev/null +++ b/charts/backingservices/templates/_supplemental.tpl @@ -0,0 +1,66 @@ +{{- /* +imagePullSecret +backingservicesRegistrySecret +deploymentName +tlssecretsnippet +backingservices.gke.backendConfig +podAffinity +are copied from backingservices/templates/_supplemental.tpl because helm lint requires +charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details. +*/}} + +{{- define "imagePullSecret" }} +{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.docker.registry.url (printf "%s:%s" .Values.docker.registry.username .Values.docker.registry.password | b64enc) | b64enc }} +{{- end }} + +{{- define "backingservicesRegistrySecret" }} +{{- $depName := printf "%s" (include "deploymentName" (dict "root" .root "defaultname" .defaultname )) -}} +{{- $depName -}}-registry-secret +{{- end }} + +{{- define "deploymentName" }}{{ $deploymentNamePrefix := .defaultname }}{{ if (.root.deployment) }}{{ if (.root.deployment.name) }}{{ $deploymentNamePrefix = .root.deployment.name }}{{ end }}{{ end }}{{ if (.root.name) }}{{ $deploymentNamePrefix = .root.name }}{{ end }}{{ $deploymentNamePrefix }}{{- end }} + +{{- define "tlssecretsnippet" -}} +tls: +- hosts: + - {{ include "domainName" (dict "node" .node) }} + secretName: {{ .node.ingress.tls.secretName }} +{{- end -}} + +{{- define "domainName" }} + {{- if .node.ingress -}} + {{- if .node.ingress.domain -}} + {{ .node.ingress.domain }} + {{- end -}} + {{- else if .node.service.domain -}} + {{ .node.service.domain }} + {{- end -}} +{{- end }} + + +{{- define "backingservices.gke.backendConfig" -}} +apiVersion: cloud.google.com/v1 +kind: BackendConfig +metadata: + name: {{ .name }} +spec: + timeoutSec: 40 + connectionDraining: + drainingTimeoutSec: 60 + healthCheck: + checkIntervalSec: 5 + healthyThreshold: 1 + port: {{ .healthCheckPort }} + requestPath: {{ .requestPath }} + timeoutSec: 5 + type: HTTP + unhealthyThreshold: 2 +--- +{{ end }} + +{{- define "podAffinity" }} +{{- if .affinity }} +affinity: +{{- toYaml .affinity | nindent 2 }} +{{- end }} +{{ end }} \ No newline at end of file diff --git a/charts/backingservices/values.yaml b/charts/backingservices/values.yaml index 841cefd42..7979f214e 100644 --- a/charts/backingservices/values.yaml +++ b/charts/backingservices/values.yaml @@ -96,7 +96,8 @@ constellation: constellation-messaging: enabled: false - name: YOUR_MESSAGING_SERVICE_DEPLOYMENT_NAME + deployment: + name: YOUR_MESSAGING_SERVICE_DEPLOYMENT_NAME image: YOUR_MESSAGING_SERVICE_IMAGE:TAG replicas: 1 diff --git a/terratest/src/test/backingservices/constellation-gke-backend-config_test.go b/terratest/src/test/backingservices/constellation-gke-backend-config_test.go new file mode 100644 index 000000000..24ffee373 --- /dev/null +++ b/terratest/src/test/backingservices/constellation-gke-backend-config_test.go @@ -0,0 +1,68 @@ +package backingservices + +import ( + "testing" + + "github.com/stretchr/testify/require" + v1 "k8s.io/ingress-gce/pkg/apis/backendconfig/v1" +) + +func TestConstellationGKEBackendConfig(t *testing.T) { + + var deploymentName string = "constellation-gke" + + helmChartParser := NewHelmConfigParser( + NewHelmTest(t, helmChartRelativePath, map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": deploymentName, + "constellation.provider": "gke", + "constellation.ingress.enabled": "true", + }), + ) + + var cllnBackendConfig v1.BackendConfig + helmChartParser.getResourceYAML(SearchResourceOption{ + Name: deploymentName, + Kind: "BackendConfig", + }, &cllnBackendConfig) + + require.Equal(t, deploymentName, cllnBackendConfig.Name) + require.Equal(t, 40, int(*cllnBackendConfig.Spec.TimeoutSec)) + require.Equal(t, 5, int(*cllnBackendConfig.Spec.HealthCheck.CheckIntervalSec)) + require.Equal(t, 1, int(*cllnBackendConfig.Spec.HealthCheck.HealthyThreshold)) + require.Equal(t, 3000, int(*cllnBackendConfig.Spec.HealthCheck.Port)) + require.Equal(t, "/c11n/v860/ping", *cllnBackendConfig.Spec.HealthCheck.RequestPath) + require.Equal(t, 5, int(*cllnBackendConfig.Spec.HealthCheck.TimeoutSec)) + require.Equal(t, "HTTP", *cllnBackendConfig.Spec.HealthCheck.Type) + require.Equal(t, 2, int(*cllnBackendConfig.Spec.HealthCheck.UnhealthyThreshold)) +} + +func TestConstellationMessagingGKEBackendConfig(t *testing.T) { + + var deploymentName string = "constellation-messaging-gke" + + helmChartParser := NewHelmConfigParser( + NewHelmTest(t, helmChartRelativePath, map[string]string{ + "constellation-messaging.enabled": "true", + "constellation-messaging.deployment.name": deploymentName, + "constellation-messaging.provider": "gke", + "constellation-messaging.ingress.enabled": "true", + }), + ) + + var cllnBackendConfig v1.BackendConfig + helmChartParser.getResourceYAML(SearchResourceOption{ + Name: deploymentName, + Kind: "BackendConfig", + }, &cllnBackendConfig) + + require.Equal(t, deploymentName, cllnBackendConfig.Name) + require.Equal(t, 40, int(*cllnBackendConfig.Spec.TimeoutSec)) + require.Equal(t, 5, int(*cllnBackendConfig.Spec.HealthCheck.CheckIntervalSec)) + require.Equal(t, 1, int(*cllnBackendConfig.Spec.HealthCheck.HealthyThreshold)) + require.Equal(t, 3000, int(*cllnBackendConfig.Spec.HealthCheck.Port)) + require.Equal(t, "/c11n-messaging/ping", *cllnBackendConfig.Spec.HealthCheck.RequestPath) + require.Equal(t, 5, int(*cllnBackendConfig.Spec.HealthCheck.TimeoutSec)) + require.Equal(t, "HTTP", *cllnBackendConfig.Spec.HealthCheck.Type) + require.Equal(t, 2, int(*cllnBackendConfig.Spec.HealthCheck.UnhealthyThreshold)) +} diff --git a/terratest/src/test/backingservices/constellation-ingress_test.go b/terratest/src/test/backingservices/constellation-ingress_test.go new file mode 100644 index 000000000..a4a14c2e2 --- /dev/null +++ b/terratest/src/test/backingservices/constellation-ingress_test.go @@ -0,0 +1,217 @@ +package backingservices + +import ( + "fmt" + "testing" + "github.com/stretchr/testify/require" +) + +func TestConstellationIngressDisabled(t *testing.T) { + + var supportedVendors = []string{"k8s", "gke", "aws"} + + for _, vendor := range supportedVendors { + + fmt.Println(vendor) + /* Run subtest in parallel */ + t.Run(vendor, func(subtest *testing.T) { + var mapconstellation = map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": "constellation-test", + "constellation.provider": vendor, + "constellation.ingress.enabled": "false", + }; + + var helmtest = NewHelmTest(subtest, helmChartRelativePath, mapconstellation); + helmChartParser := NewHelmConfigParser( + helmtest, + ) + + for _, i := range constellationGKEResourcesForIngress { + require.False(subtest, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } + }) + } + +} + +func TestConstellationMessagingIngressDisabled(t *testing.T) { + + var supportedVendors = []string{"k8s", "gke", "aws"} + + for _, vendor := range supportedVendors { + + fmt.Println(vendor) + /* Run subtest in parallel */ + t.Run(vendor, func(subtest *testing.T) { + var mapconstellation = map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": "constellation-messaging-test", + "constellation.provider": vendor, + "constellation.ingress.enabled": "false", + }; + + var helmtest = NewHelmTest(subtest, helmChartRelativePath, mapconstellation); + helmChartParser := NewHelmConfigParser( + helmtest, + ) + + for _, i := range constellationMessagingGKEResourcesForIngress { + require.False(subtest, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } + }) + } + +} + +func TestConstellationGKEIngressEnabled(t *testing.T) { + + var mapconstellation = map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": "constellation-test", + "constellation.provider": "gke", + "constellation.ingress.enabled": "true", + }; + + var helmtest = NewHelmTest(t, helmChartRelativePath, mapconstellation); + helmChartParser := NewHelmConfigParser( + helmtest, + ) + + for _, i := range constellationGKEResourcesForIngress { + require.True(t, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } + +} + +func TestConstellationMessagingGKEIngressEnabled(t *testing.T) { + + var mapconstellation = map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": "constellation-messaging-test", + "constellation.provider": "gke", + "constellation.ingress.enabled": "true", + }; + + var helmtest = NewHelmTest(t, helmChartRelativePath, mapconstellation); + helmChartParser := NewHelmConfigParser( + helmtest, + ) + + for _, i := range constellationMessagingGKEResourcesForIngress { + require.True(t, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } + +} + +func TestConstellationIngressEnabled(t *testing.T) { + + var supportedVendors = []string{"k8s", "aws"} + + for _, vendor := range supportedVendors { + + fmt.Println(vendor) + /* Run subtest in parallel */ + t.Run(vendor, func(subtest *testing.T) { + var mapconstellation = map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": "constellation-test", + "constellation.provider": vendor, + "constellation.ingress.enabled": "true", + }; + + var helmtest = NewHelmTest(subtest, helmChartRelativePath, mapconstellation); + helmChartParser := NewHelmConfigParser( + helmtest, + ) + + for _, i := range constellationResourcesForIngress { + require.True(subtest, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } + }) + } + +} + +func TestConstellationMessagingIngressEnabled(t *testing.T) { + + var supportedVendors = []string{"k8s", "aws"} + + for _, vendor := range supportedVendors { + + fmt.Println(vendor) + /* Run subtest in parallel */ + t.Run(vendor, func(subtest *testing.T) { + var mapconstellation = map[string]string{ + "constellation.enabled": "true", + "constellation.deployment.name": "constellation-messaging-test", + "constellation.provider": vendor, + "constellation.ingress.enabled": "true", + }; + + var helmtest = NewHelmTest(subtest, helmChartRelativePath, mapconstellation); + helmChartParser := NewHelmConfigParser( + helmtest, + ) + + for _, i := range constellationMessagingResourcesForIngress { + require.True(subtest, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } + }) + } + +} + +var constellationGKEResourcesForIngress = []SearchResourceOption{ + { + Name: "constellation-test", + Kind: "Ingress", + }, + { + Name: "constellation-test", + Kind: "BackendConfig", + }, +} + +var constellationMessagingGKEResourcesForIngress = []SearchResourceOption{ + { + Name: "constellation-messaging-test", + Kind: "Ingress", + }, + { + Name: "constellation-messaging-test", + Kind: "BackendConfig", + }, +} + +var constellationResourcesForIngress = []SearchResourceOption{ + { + Name: "constellation-test", + Kind: "Ingress", + }, +} + +var constellationMessagingResourcesForIngress = []SearchResourceOption{ + { + Name: "constellation-messaging-test", + Kind: "Ingress", + }, +} \ No newline at end of file diff --git a/terratest/src/test/backingservices/constellation_test.go b/terratest/src/test/backingservices/constellation_test.go index 97ae5de65..455a70d17 100644 --- a/terratest/src/test/backingservices/constellation_test.go +++ b/terratest/src/test/backingservices/constellation_test.go @@ -1,8 +1,9 @@ package backingservices import ( - "github.com/stretchr/testify/require" "testing" + + "github.com/stretchr/testify/require" ) func Test_shouldNotContainConstellationResourcesWhenDisabled(t *testing.T) { @@ -35,16 +36,33 @@ func Test_shouldContainConstellationResourcesWhenEnabled(t *testing.T) { } } +func Test_shouldContainConstellationResourcesWithIngressWhenEnabled(t *testing.T) { + helmChartParser := NewHelmConfigParser( + NewHelmTest(t, helmChartRelativePath, map[string]string{ + "constellation.enabled": "true", + "constellation.ingress.enabled": "true", + }), + ) + + for _, i := range constellationResourcesWithIngress { + require.True(t, helmChartParser.Contains(SearchResourceOption{ + Name: i.Name, + Kind: i.Kind, + })) + } +} + func Test_shouldContainConstellationMessagingWhenEnabled(t *testing.T) { helmChartParser := NewHelmConfigParser( NewHelmTest(t, helmChartRelativePath, map[string]string{ - "srs.enabled": "false", - "constellation-messaging.enabled": "true", - "constellation-messaging.name": "constellation-messaging", - "constellation-messaging.image": "messaging-image:1.0.0", - "constellation-messaging.replicas": "3", - "constellation-messaging.imagePullSecretNames": "{secret1, secret2}", - "constellation-messaging.ingress.domain": "test.com", + "srs.enabled": "false", + "constellation-messaging.enabled": "true", + "constellation-messaging.deployment.name": "constellation-messaging", + "constellation-messaging.docker.messaging.image": "messaging-image:1.0.0", + "constellation-messaging.replicas": "3", + "constellation-messaging.docker.imagePullSecretNames": "{secret1, secret2}", + "constellation-messaging.ingress.enabled": "true", + "constellation-messaging.ingress.domain": "test.com", }), ) @@ -59,13 +77,13 @@ func Test_shouldContainConstellationMessagingWhenEnabled(t *testing.T) { func Test_shouldNotContainConstellationMessagingWhenDisabled(t *testing.T) { helmChartParser := NewHelmConfigParser( NewHelmTest(t, helmChartRelativePath, map[string]string{ - "srs.enabled": "false", - "constellation-messaging.enabled": "false", - "constellation-messaging.name": "constellation-messaging", - "constellation-messaging.image": "messaging-image:1.0.0", - "constellation-messaging.replicas": "3", + "srs.enabled": "false", + "constellation-messaging.enabled": "false", + "constellation-messaging.name": "constellation-messaging", + "constellation-messaging.image": "messaging-image:1.0.0", + "constellation-messaging.replicas": "3", "constellation-messaging.imagePullSecretNames": "{secret1, secret2}", - "constellation-messaging.ingress.domain": "test.com", + "constellation-messaging.ingress.domain": "test.com", }), ) @@ -87,7 +105,22 @@ var constellationResources = []SearchResourceOption{ Kind: "Service", }, { - Name: "constellationingress", + Name: "constellation-registry-secret", + Kind: "Secret", + }, +} + +var constellationResourcesWithIngress = []SearchResourceOption{ + { + Name: "constellation", + Kind: "Deployment", + }, + { + Name: "constellation", + Kind: "Service", + }, + { + Name: "constellation", Kind: "Ingress", }, {