diff --git a/.github/workflows/lint-test-eoc.yml b/.github/workflows/lint-test-eoc.yml
index 4da2f32..22f74d9 100644
--- a/.github/workflows/lint-test-eoc.yml
+++ b/.github/workflows/lint-test-eoc.yml
@@ -8,14 +8,14 @@ on:
jobs:
lint-test:
runs-on: ubuntu-latest
-
+
steps:
-
+
- name: Clear any existing tool cache
run: |
mv "${{ runner.tool_cache }}" "${{ runner.tool_cache }}.old"
mkdir -p "${{ runner.tool_cache }}"
-
+
- name: Checkout
uses: actions/checkout@v2
with:
@@ -28,7 +28,7 @@ jobs:
- uses: actions/setup-python@v2
with:
- python-version: 3.7
+ python-version: 3.9
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.3.0
@@ -42,24 +42,87 @@ jobs:
fi
helm repo add bitnami https://charts.bitnami.com/bitnami
helm repo add radiantone https://radiantlogic-devops.github.io/helm-charts
-
+
- name: Run chart-testing (lint)
run: ct lint --target-branch ${{ github.event.repository.default_branch }}
- name: Create kind cluster
uses: helm/kind-action@v1.2.0
if: steps.list-changed.outputs.changed == 'true'
-
+
- name: Kind cluster-info
run: |
kubectl cluster-info --context kind-chart-testing
kubectl get nodes --context kind-chart-testing
+ - name: Create temporary values file
+ run: |
+ cat << EOF > temp-values.yaml
+ backend:
+ releaseChannels:
+ - name: "Official"
+ url: "https://radiantlogic-devops.github.io/release-stable/index.yaml"
+ isDefault: "true"
+ tiers:
+ - name: BaseTier
+ asg:
+ Capacity: m5a.large
+ DesiredCapacity: 1
+ MinSize: 0
+ MaxSize: 3
+ MetaData:
+ - Key: OsDiskSize
+ Value: 50Gi
+ bwigrc:
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ fid:
+ persistence:
+ enabled: true
+ size: 100Gi
+ storageClass: gp3
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ - name: Tier1
+ asg:
+ Capacity: m5a.xlarge
+ bwigrc:
+ resources:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ fid:
+ persistence:
+ size: 100Gi
+ resources:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 8Gi
+ EOF
+
- name: Run chart-testing (install)
run: |
ct install --charts=charts/eoc --debug --helm-extra-args="--timeout=15m0s" --helm-extra-set-args="--set=postgresql.enabled=true \
--set=backend.database.auth.pass=eocadmin --set=backend.oauth.google.clientId=xxxxxx \
- --set=backend.oauth.microsoft.clientSecret=xxxxxx --set=backend.oauth.microsoft.clientId=xxxxxx \
- --set=backend.oauth.google.clientSecret=xxxxxx --set=backend.oauth.github.clientId=xxxxxx \
- --set=backend.oauth.github.clientSecret=xxxxxx --set=backend.s3BucketName=r1-eoc \
- --set=sss.s3.bucketName=r1-eoc --set=sss.s3.region=us-west-2" --upgrade
+ --set=backend.oauth.microsoft.enabled=true --set=backend.oauth.microsoft.clientSecret=xxxxxx --set=backend.oauth.microsoft.clientId=xxxxxx \
+ --set=backend.oauth.google.enabled=true --set=backend.oauth.google.clientSecret=xxxxxx --set=backend.oauth.github.clientId=xxxxxx \
+ --set=backend.oauth.github.enabled=true --set=backend.s3BucketName=r1-eoc --set=backend.grafana.metricsPrefixes=ldap \
+ --set=backend.oauth.local.enabled=true --set=features.mfa.enabled=false --set=features.mfa.appName=Radiant-Logic-EOC \
+ --set=applications.fid.nodeLimit=2 --set=applications.brainwave.nodeLimit=2 \
+ --set=applications.fid.minVersion=xxx --set=applications.brainwave.minVersion=xxx \
+ --set=global.commonServicesNamespace=xxxx --set=global.environmentNamespacePrefix=xxxx \
+ --set=sss.s3.bucketName=r1-eoc --set=sss.s3.region=us-west-2 \
+ --values temp-values.yaml" --upgrade
\ No newline at end of file
diff --git a/.github/workflows/lint-test-sdc-client.yaml b/.github/workflows/lint-test-sdc-client.yaml
new file mode 100644
index 0000000..362c560
--- /dev/null
+++ b/.github/workflows/lint-test-sdc-client.yaml
@@ -0,0 +1,58 @@
+name: Lint and Test SDC Client Charts
+
+on:
+ pull_request:
+ paths:
+ - 'charts/sdc-client/**'
+
+jobs:
+ lint-test:
+ runs-on: ubuntu-latest
+
+ steps:
+
+ - name: Clear any existing tool cache
+ run: |
+ mv "${{ runner.tool_cache }}" "${{ runner.tool_cache }}.old"
+ mkdir -p "${{ runner.tool_cache }}"
+
+ - name: Checkout
+ uses: actions/checkout@v2
+ with:
+ fetch-depth: 0
+
+ - name: Set up Helm
+ uses: azure/setup-helm@v1
+ with:
+ version: v3.9.2
+
+ - uses: actions/setup-python@v2
+ with:
+ python-version: 3.9
+
+ - name: Set up chart-testing
+ uses: helm/chart-testing-action@v2.3.0
+
+ - name: Run chart-testing (list-changed)
+ id: list-changed
+ run: |
+ changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }})
+ if [[ -n "$changed" ]]; then
+ echo "::set-output name=changed::true"
+ fi
+ helm repo add bitnami https://charts.bitnami.com/bitnami
+
+ - name: Run chart-testing (lint)
+ run: ct lint --target-branch ${{ github.event.repository.default_branch }}
+
+ - name: Create kind cluster
+ uses: helm/kind-action@v1.2.0
+ if: steps.list-changed.outputs.changed == 'true'
+
+ - name: Kind cluster-info
+ run: |
+ kubectl cluster-info --context kind-chart-testing
+ kubectl get nodes --context kind-chart-testing
+
+ - name: Run chart-testing (install)
+ run: ct install --charts=charts/sss --debug
diff --git a/.github/workflows/lint-test-sdc.yml b/.github/workflows/lint-test-sdc.yml
index d134922..9a854fe 100644
--- a/.github/workflows/lint-test-sdc.yml
+++ b/.github/workflows/lint-test-sdc.yml
@@ -28,7 +28,7 @@ jobs:
- uses: actions/setup-python@v2
with:
- python-version: 3.7
+ python-version: 3.9
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.3.0
diff --git a/.github/workflows/lint-test-sss.yml b/.github/workflows/lint-test-sss.yml
index 29ff30b..e43445c 100644
--- a/.github/workflows/lint-test-sss.yml
+++ b/.github/workflows/lint-test-sss.yml
@@ -28,7 +28,7 @@ jobs:
- uses: actions/setup-python@v2
with:
- python-version: 3.7
+ python-version: 3.9
- name: Set up chart-testing
uses: helm/chart-testing-action@v2.3.0
diff --git a/charts/eoc/Chart.yaml b/charts/eoc/Chart.yaml
index ab3fc80..7e8c2ec 100644
--- a/charts/eoc/Chart.yaml
+++ b/charts/eoc/Chart.yaml
@@ -7,13 +7,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.0
+version: 1.5.3-rc.1
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "0.4.0"
+appVersion: "1.5.3-rc.1"
maintainers:
- name: pgodey
diff --git a/charts/eoc/templates/backend_configmap.yaml b/charts/eoc/templates/backend_configmap.yaml
index f51a8e2..540cfeb 100644
--- a/charts/eoc/templates/backend_configmap.yaml
+++ b/charts/eoc/templates/backend_configmap.yaml
@@ -17,18 +17,27 @@ data:
DATABASE_USERNAME: {{ .Values.backend.database.auth.user | quote }}
DATABASE_PASSWORD: {{ .Values.backend.database.auth.pass | quote }}
+ ENABLE_MFA: {{ .Values.features.mfa.enabled | quote }}
+ APP_MFA_NAME: {{ .Values.features.mfa.appName | quote }}
+
JWT_SECRET: {{ .Values.backend.jwt.secret | quote }}
JWT_EXPIRES_IN: {{ .Values.backend.jwt.expiresIn | quote }}
+ OAUTH_GOOGLE_ENABLE: {{ .Values.backend.oauth.google.enabled | quote }}
OAUTH_GOOGLE_CLIENT_ID: {{ .Values.backend.oauth.google.clientId | quote }}
OAUTH_GOOGLE_CLIENT_SECRET: {{ .Values.backend.oauth.google.clientSecret | quote }}
+ OAUTH_GITHUB_ENABLE: {{ .Values.backend.oauth.github.enabled | quote }}
OAUTH_GITHUB_CLIENT_ID: {{ .Values.backend.oauth.github.clientId | quote }}
OAUTH_GITHUB_CLIENT_SECRET: {{ .Values.backend.oauth.github.clientSecret | quote }}
+ OAUTH_MICROSOFT_ENABLE: {{ .Values.backend.oauth.microsoft.enabled | quote }}
OAUTH_MICROSOFT_CLIENT_ID: {{ .Values.backend.oauth.microsoft.clientId | quote }}
OAUTH_MICROSOFT_CLIENT_SECRET: {{ .Values.backend.oauth.microsoft.clientSecret | quote }}
+ AUTH_LOCAL_ENABLE: {{ .Values.backend.oauth.local.enabled | quote }}
+ AUTH_LOCAL_MFA_ENABLE: {{ .Values.backend.oauth.local.mfa | default "false" | quote }}
+
EMAIL_FROM: {{ .Values.backend.smtp.from | quote }}
EMAIL_ID: {{ .Values.backend.smtp.user | quote }}
EMAIL_PASS: {{ .Values.backend.smtp.pass | quote }}
@@ -38,16 +47,20 @@ data:
ADMIN_EMAIL: {{ .Values.backend.admin.email | quote }}
ADMIN_FIRST_NAME: {{ .Values.backend.admin.firstName | quote }}
ADMIN_LAST_NAME: {{ .Values.backend.admin.lastName | quote }}
+ ADMIN_PASSWORD: {{ .Values.backend.admin.password | default "" | quote }}
APP_ROOT_DIRECTORY: {{ .Values.backend.appRootDirectory | quote }}
ENCRYPTION_KEY: {{ .Values.backend.encryptionKey | quote }}
KIBANA_API_LINK: {{ .Values.backend.kibana.apiUrl | quote }}
+ KIBANA_BASIC_AUTH: {{ .Values.backend.kibana.basicAuth | default "" | quote }}
GRAFANA_BASE_URL: {{ .Values.backend.grafana.host | quote }}
GRAFANA_USERNAME: {{ .Values.backend.grafana.username | quote }}
GRAFANA_PASSWORD: {{ .Values.backend.grafana.password | quote }}
+ GRAFANA_METRICS_PREFIXES: {{ .Values.backend.grafana.metricsPrefixes | quote }}
+ GRAFANA_BASIC_AUTH: {{ .Values.backend.grafana.basicAuth | default "" | quote }}
AGENTS_BASE_PATH: {{ .Values.backend.agents.api.endpoint | quote }}
AGENTS_CLIENT_ID: {{ .Values.backend.agents.api.clientId | quote }}
@@ -56,11 +69,57 @@ data:
AGENTS_SERVER_NAME: {{ .Values.backend.agents.inlets.serverName | quote }}
AGENTS_SERVER_ENDPOINT: {{ .Values.backend.agents.inlets.serverEndpoint | quote }}
- MIN_ENVIRONMENT_VERSION: {{ .Values.global.minFidVersion | quote }}
+ SDC_AWS_ACCESS_KEY_ID: {{ .Values.backend.agents.client.accessKeyId | quote}}
+ SDC_AWS_ACCESS_KEY_SECRET: {{ .Values.backend.agents.client.accessKeySecret | quote }}
+ SDC_AWS_REGION: {{ .Values.backend.agents.client.s3Region | quote }}
+ SDC_AWS_S3_BUCKET_NAME: {{ .Values.backend.agents.client.s3BucketName | quote }}
+ SDC_CLIENT_VERSION: {{ .Values.backend.agents.client.version | quote }}
+
ENV_PREFIX: {{ .Values.global.infrastructureName | quote }}
DOMAIN_NAME: {{ .Values.global.domainName | quote }}
- NODE_LIMIT: {{ .Values.global.nodeLimit | quote }}
+ NODE_LIMIT_FID: {{ .Values.applications.fid.nodeLimit | default 1 | quote }}
+ NODE_LIMIT_BRAINWAVE: {{ .Values.applications.brainwave.nodeLimit | default 1 | quote }}
+ NODE_LIMIT_IDO: {{ .Values.applications.ido.nodeLimit | default 1 | quote }}
+ FID_MIN_VERSION: {{ .Values.applications.fid.minVersion | default "8.0.0" | quote }}
+ BW_MIN_VERSION: {{ .Values.applications.brainwave.minVersion | default "3.0.0" | quote }}
+ IDO_MIN_VERSION: {{ .Values.applications.ido.minVersion | default "0.0.0" | quote }}
+
+ FID_MIN_VERSION_UPDATE: {{ .Values.applications.fid.minVersionUpdate | default "8.0.0" | quote }}
+ BW_MIN_VERSION_UPDATE: {{ .Values.applications.brainwave.minVersionUpdate | default "3.0.0" | quote }}
+ IDO_MIN_VERSION_UPDATE: {{ .Values.applications.ido.minVersionUpdate | default "0.0.0" | quote }}
+
+ DUPLO_SERVICES_NAMESPACE: {{ .Values.global.commonServicesNamespace | default .Values.orchestrator.duplo.servicesTenantName | quote }}
+ ENVIRONMENT_NAMESPACE_PREFIX: {{ .Values.global.environmentNamespacePrefix | default "" | quote }}
+
+ DEFAULT_TIER: {{ .Values.backend.defaultTierName | default "Tier1" | quote }}
+
+ DISABLE_SEQUENTIAL_APP_VERSION_UPDATE: {{ .Values.backend.disableSequentialAppVersionUpdate | default "true" | quote }}
+
+ OIDC_TEMPLATES: {{ .Values.backend.oidcTemplates | default "" | toJson | quote }}
+
+ RELEASE_CHANNELS: {{ .Values.backend.releaseChannels | default "[{\"isDefault\":\"true\",\"name\":\"Official\",\"url\":\"https://radiantlogic-devops.github.io/release-stable/index.yaml\"}]" | toJson | quote }}
+
+ TIERS: {{ .Values.backend.tiers | default "[{\"name\":\"BaseTier\",\"asg\":{\"MinSize\":0,\"MaxSize\":3,\"DesiredCapacity\":1,\"Capacity\":\"m5a.large\",\"MetaData\":[{\"Key\":\"OsDiskSize\",\"Value\":\"50Gi\"}]},\"fid\":{\"persistence\":{\"enabled\":true,\"storageClass\":\"gp3\",\"size\":\"100Gi\"},\"resources\":{\"limits\":{\"cpu\":1,\"memory\":\"4Gi\"},\"requests\":{\"cpu\":1,\"memory\":\"4Gi\"}}},\"bwigrc\":{\"resources\":{\"limits\":{\"cpu\":1,\"memory\":\"4Gi\"},\"requests\":{\"cpu\":1,\"memory\":\"4Gi\"}}}},{\"name\":\"Tier1\",\"asg\":{\"Capacity\":\"m5a.xlarge\"},\"fid\":{\"persistence\":{\"size\":\"100Gi\"},\"resources\":{\"limits\":{\"cpu\":2,\"memory\":\"8Gi\"},\"requests\":{\"cpu\":2,\"memory\":\"8Gi\"}}},\"bwigrc\":{\"resources\":{\"limits\":{\"cpu\":2,\"memory\":\"8Gi\"}}}},{\"name\":\"Tier2\",\"asg\":{\"Capacity\":\"m5a.2xlarge\"},\"fid\":{\"persistence\":{\"size\":\"200Gi\"},\"resources\":{\"limits\":{\"cpu\":4,\"memory\":\"16Gi\"},\"requests\":{\"cpu\":4,\"memory\":\"16Gi\"}}},\"bwigrc\":{\"resources\":{\"limits\":{\"cpu\":4,\"memory\":\"16Gi\"},\"requests\":{\"cpu\":4,\"memory\":\"16Gi\"}}}}]" | toJson | quote}}
+
+ SERVICE_STATUS_CONFIG: {{ .Values.backend.serviceStatusConfig | default "" | toJson | quote }}
+
+ FID_LOG_SETTINGS: {{ .Values.applications.fid.logsConfig | default "" | toJson | quote }}
+
+ DEFAULT_AGGREGATOR: {{ .Values.backend.defaultLogAggregator | default "" | toJson | quote }}
+
+ SCHEDULED_MAINTENANCE_CONFIG: {{ .Values.backend.scheduledMaintenanceConfig | default "" | toJson | quote }}
+
+ NOTIFICATION_CONFIG: {{ .Values.backend.userNotificationsConfig | default "" | toJson | quote }}
+
+ REGION: {{ .Values.global.region | quote }}
+
+{{- range $key, $value := (.Values.backend).env }}
+ {{ tpl $key $ }}: {{ tpl (print $value) $ | quote }}
+{{- end }}
+{{- range $key, $value := (.Values.global).env }}
+ {{ tpl $key $ }}: {{ tpl (print $value) $ | quote }}
+{{- end }}
kind: ConfigMap
metadata:
labels:
diff --git a/charts/eoc/templates/backend_deployment.yaml b/charts/eoc/templates/backend_deployment.yaml
index dcde4c2..134a5d4 100644
--- a/charts/eoc/templates/backend_deployment.yaml
+++ b/charts/eoc/templates/backend_deployment.yaml
@@ -14,7 +14,15 @@ spec:
name: {{ include "eoc-backend.fullname" . | nindent 8 }}
labels:
{{- include "eoc-backend.selectorLabels" . | nindent 8 }}
+ annotations:
+ {{- if (.Values.checksumConfigMap).enabled | default true }}
+ checksum/environment: {{ include (print $.Template.BasePath "/backend_configmap.yaml") . | sha256sum }}
+ {{- end }}
spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag | default .Chart.AppVersion }}"
@@ -28,16 +36,16 @@ spec:
httpGet:
path: /eoc-backend/health
port: 3000
- initialDelaySeconds: 120
- periodSeconds: 30
+ initialDelaySeconds: {{ default 60 .Values.backend.initialDelaySeconds }}
+ periodSeconds: {{ default 30 .Values.backend.periodSeconds }}
failureThreshold: 10
successThreshold: 1
readinessProbe:
httpGet:
path: /eoc-backend/health
port: 3000
- initialDelaySeconds: 120
- periodSeconds: 30
+ initialDelaySeconds: {{ default 60 .Values.backend.initialDelaySeconds }}
+ periodSeconds: {{ default 30 .Values.backend.periodSeconds }}
failureThreshold: 10
successThreshold: 1
{{- with .Values.backend.nodeSelector }}
diff --git a/charts/eoc/templates/backend_service.yaml b/charts/eoc/templates/backend_service.yaml
index b59874a..9b4ca9e 100644
--- a/charts/eoc/templates/backend_service.yaml
+++ b/charts/eoc/templates/backend_service.yaml
@@ -2,6 +2,12 @@ apiVersion: v1
kind: Service
metadata:
name: {{ include "eoc-backend.fullname" . }}-service
+{{- if .Values.backend.metrics.enabled }}
+ annotations:
+ prometheus.io/scrape: 'true'
+ prometheus.io/port: '3000'
+ prometheus.io/path: {{ .Values.backend.basePath }}/metrics
+{{- end }}
spec:
ports:
- name: {{ include "eoc-backend.fullname" . }}-service-port
diff --git a/charts/eoc/templates/orchestrator_configmap.yaml b/charts/eoc/templates/orchestrator_configmap.yaml
index 39ebd8b..6bf0904 100644
--- a/charts/eoc/templates/orchestrator_configmap.yaml
+++ b/charts/eoc/templates/orchestrator_configmap.yaml
@@ -3,29 +3,32 @@ data:
REGION: {{ .Values.global.region | quote }}
DOMAIN_NAME: {{ .Values.global.domainName | quote }}
CERTIFICATE_ARN: {{ .Values.global.certificateArn | quote }}
-
REDIS_HOST: {{ .Values.orchestrator.redis.host | quote }}
REDIS_PORT: {{ .Values.orchestrator.redis.port | quote }}
-
DUPLO_PLAN_ID: {{ .Values.global.infrastructureName | quote }}
DUPLO_TOKEN: {{ .Values.orchestrator.duplo.token | quote }}
DUPLO_BASE_URL: {{ .Values.orchestrator.duplo.baseUrl | quote }}
DUPLO_SERVICES_TENANT_NAME: {{ .Values.orchestrator.duplo.servicesTenantName | quote }}
DUPLO_ZONES: {{ .Values.global.zones | quote }}
DUPLO_AMI_IMAGE_ID: {{ .Values.global.amiImageId | quote }}
-
ARGO_CD_BASE_URL: {{ .Values.orchestrator.argocd.baseUrl | quote }}
ARGO_CD_TOKEN: {{ .Values.orchestrator.argocd.token | quote }}
-
FID_LICENSE_KEY: {{ .Values.global.fidLicense | quote }}
-
GIT_REPO: {{ .Values.orchestrator.git.repo | quote }}
GIT_PRIVATE_KEY: {{ .Values.orchestrator.git.privateKey | quote }}
-
REDIS_HOST: {{ .Values.orchestrator.redis.host | quote }}
REDIS_PORT: {{ .Values.orchestrator.redis.port | quote }}
-
ENCRYPTION_KEY: {{ .Values.backend.encryptionKey | quote }}
+ APP_GIT_REPO: {{ .Values.applications.fid.pipelineConfig.git.repo | quote }}
+ APP_GIT_PRIVATE_KEY: {{ .Values.applications.fid.pipelineConfig.git.privateKey | quote }}
+ DUPLO_SERVICES_NAMESPACE: {{ .Values.global.commonServicesNamespace | default .Values.orchestrator.duplo.servicesTenantName | quote }}
+ ENVIRONMENT_NAMESPACE_PREFIX: {{ .Values.global.environmentNamespacePrefix | quote }}
+{{- range $key, $value := (.Values.orchestrator).env }}
+ {{ tpl $key $ }}: {{ tpl (print $value) $ | quote }}
+{{- end }}
+{{- range $key, $value := (.Values.global).env }}
+ {{ tpl $key $ }}: {{ tpl (print $value) $ | quote }}
+{{- end }}
kind: ConfigMap
metadata:
labels:
@@ -35,4 +38,4 @@ metadata:
app: {{ template "eoc-orchestrator.fullname" . }}
chart: "{{ template "eoc-orchestrator.chart" . }}"
release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
\ No newline at end of file
+ heritage: "{{ .Release.Service }}"
diff --git a/charts/eoc/templates/ochestrator_deployment.yaml b/charts/eoc/templates/orchestrator_deployment.yaml
similarity index 66%
rename from charts/eoc/templates/ochestrator_deployment.yaml
rename to charts/eoc/templates/orchestrator_deployment.yaml
index afe12df..92dd667 100644
--- a/charts/eoc/templates/ochestrator_deployment.yaml
+++ b/charts/eoc/templates/orchestrator_deployment.yaml
@@ -14,7 +14,15 @@ spec:
name: {{ include "eoc-orchestrator.fullname" . | nindent 8 }}
labels:
{{- include "eoc-orchestrator.selectorLabels" . | nindent 8 }}
+ annotations:
+ {{- if (.Values.checksumConfigMap).enabled | default true }}
+ checksum/environment: {{ include (print $.Template.BasePath "/orchestrator_configmap.yaml") . | sha256sum }}
+ {{- end }}
spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.orchestrator.image.repository }}:{{ .Values.orchestrator.image.tag | default .Chart.AppVersion }}"
@@ -27,17 +35,18 @@ spec:
readinessProbe:
tcpSocket:
port: 3001
- initialDelaySeconds: 60
- periodSeconds: 30
+ initialDelaySeconds: {{ default 60 .Values.orchestrator.initialDelaySeconds }}
+ periodSeconds: {{ default 30 .Values.orchestrator.periodSeconds }}
failureThreshold: 5
successThreshold: 1
livenessProbe:
tcpSocket:
port: 3001
- initialDelaySeconds: 60
- periodSeconds: 30
+ initialDelaySeconds: {{ default 60 .Values.orchestrator.initialDelaySeconds }}
+ periodSeconds: {{ default 30 .Values.orchestrator.periodSeconds }}
failureThreshold: 5
successThreshold: 1
+ serviceAccount: eoc-orchestrator
{{- with .Values.orchestrator.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
@@ -49,4 +58,4 @@ spec:
{{- with .Values.orchestrator.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
- {{- end }}
\ No newline at end of file
+ {{- end }}
diff --git a/charts/eoc/templates/orchestrator_sa.yaml b/charts/eoc/templates/orchestrator_sa.yaml
new file mode 100644
index 0000000..d36b074
--- /dev/null
+++ b/charts/eoc/templates/orchestrator_sa.yaml
@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: eoc-orchestrator
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: eoc-orchestrator
+subjects:
+- kind: ServiceAccount
+ name: eoc-orchestrator
+ namespace: {{ .Values.global.commonServicesNamespace | default .Values.orchestrator.duplo.servicesTenantName | quote }}
+roleRef:
+ kind: ClusterRole
+ name: cluster-admin
+ apiGroup: rbac.authorization.k8s.io
+
diff --git a/charts/eoc/templates/orchestrator_service.yaml b/charts/eoc/templates/orchestrator_service.yaml
new file mode 100644
index 0000000..d6ae6d1
--- /dev/null
+++ b/charts/eoc/templates/orchestrator_service.yaml
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ include "eoc-orchestrator.fullname" . }}-service
+spec:
+ ports:
+ - name: {{ include "eoc-orchestrator.fullname" . }}-service-port
+ protocol: TCP
+ port: 80
+ targetPort: 3001
+ selector:
+ {{- include "eoc-orchestrator.selectorLabels" . | nindent 4 }}
\ No newline at end of file
diff --git a/charts/eoc/templates/ui_configmap.yaml b/charts/eoc/templates/ui_configmap.yaml
index 8c5b542..901b96b 100644
--- a/charts/eoc/templates/ui_configmap.yaml
+++ b/charts/eoc/templates/ui_configmap.yaml
@@ -10,6 +10,26 @@ data:
VITE_MONITORING_URL: {{ .Values.ui.monitoringDashboardUrl | quote }}
VITE_KIBANA_API_PATH: {{ .Values.ui.kibanaApiPath | quote }}
VITE_AMPLITUDE_KEY: {{ .Values.ui.amplitude.key | quote }}
+ VITE_GOOGLE_AUTH_ENABLED: {{ .Values.backend.oauth.google.enabled | quote }}
+ VITE_GITHUB_AUTH_ENABLED: {{ .Values.backend.oauth.github.enabled | quote }}
+ VITE_LOCAL_AUTH_ENABLED: {{ .Values.backend.oauth.local.enabled | quote }}
+ VITE_MICROSOFT_AUTH_ENABLED: {{ .Values.backend.oauth.microsoft.enabled | quote }}
+ VITE_INSERT_MONITORING_JWT_TOKEN: {{ .Values.ui.insertMonitoringJwtToken | default false | quote }}
+ VITE_TIERS_ENABLED: {{ .Values.ui.tiersVisibility | default false | quote }}
+ VITE_MULTI_TENANT_ENABLED: {{ .Values.ui.multiTenantEnabled | default false | quote }}
+ VITE_SERVICE_STATUS_ENABLED: {{ .Values.ui.serviceStatusEnabled | default false | quote }}
+ VITE_SCHEDULED_MAINTENANCE_ENABLED: {{ .Values.ui.scheduledMaintenanceEnabled | default false | quote }}
+ VITE_IDO_ENABLED: {{ .Values.applications.ido.enabled | default false | quote }}
+ VITE_TASK_MANAGEMENT_LOGS_ENABLED: {{ .Values.ui.taskManagementLogsEnabled | default false | quote }}
+ VITE_TASK_MANAGEMENT_RE_RUN_ENABLED: {{ .Values.ui.taskManagementReRunEnabled | default false | quote }}
+ VITE_TASK_MANAGEMENT_CANCEL_ENABLED: {{ .Values.ui.taskManagementCancelEnabled | default false | quote }}
+ VITE_PROMOTION_PIPELINES_ENABLED: {{ .Values.features.pipeline.enabled | default false | quote }}
+{{- range $key, $value := (.Values.ui).env }}
+ {{ tpl $key $ }}: {{ tpl (print $value) $ | quote }}
+{{- end }}
+{{- range $key, $value := (.Values.global).env }}
+ {{ tpl $key $ }}: {{ tpl (print $value) $ | quote }}
+{{- end }}
kind: ConfigMap
metadata:
labels:
@@ -19,4 +39,4 @@ metadata:
app: {{ template "eoc-ui.fullname" . }}
chart: "{{ template "eoc-ui.chart" . }}"
release: "{{ .Release.Name }}"
- heritage: "{{ .Release.Service }}"
\ No newline at end of file
+ heritage: "{{ .Release.Service }}"
diff --git a/charts/eoc/templates/ui_deployment.yaml b/charts/eoc/templates/ui_deployment.yaml
index be4bcb9..3a59f5b 100644
--- a/charts/eoc/templates/ui_deployment.yaml
+++ b/charts/eoc/templates/ui_deployment.yaml
@@ -14,7 +14,15 @@ spec:
name: {{ include "eoc-ui.fullname" . | nindent 8 }}
labels:
{{- include "eoc-ui.selectorLabels" . | nindent 8 }}
+ annotations:
+ {{- if (.Values.checksumConfigMap).enabled | default true }}
+ checksum/environment: {{ include (print $.Template.BasePath "/ui_configmap.yaml") . | sha256sum }}
+ {{- end }}
spec:
+ {{- with .Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 6 }}
+ {{- end }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag | default .Chart.AppVersion }}"
@@ -28,16 +36,16 @@ spec:
httpGet:
path: /eoc/login
port: 80
- initialDelaySeconds: 120
- periodSeconds: 30
+ initialDelaySeconds: {{ default 60 .Values.ui.initialDelaySeconds }}
+ periodSeconds: {{ default 30 .Values.ui.periodSeconds }}
failureThreshold: 10
successThreshold: 1
readinessProbe:
httpGet:
path: /eoc/login
port: 80
- initialDelaySeconds: 120
- periodSeconds: 30
+ initialDelaySeconds: {{ default 60 .Values.ui.initialDelaySeconds }}
+ periodSeconds: {{ default 30 .Values.ui.periodSeconds }}
failureThreshold: 10
successThreshold: 1
{{- with .Values.ui.nodeSelector }}
diff --git a/charts/eoc/values.yaml b/charts/eoc/values.yaml
index eec0e64..998ed0f 100644
--- a/charts/eoc/values.yaml
+++ b/charts/eoc/values.yaml
@@ -7,14 +7,131 @@ global:
fidLicense: ""
zones: 2
amiImageId: "ami-0fe74570d87750175"
- minFidVersion: "7.5.0"
+ minFidVersion: "8.0.0"
+ # duploservices-{common-services-tenant}
+ commonServicesNamespace: ""
+ environmentNamespacePrefix: "duploservices-"
+ ## Extra environment variables that will be pass onto all deployment pods
+ ##
+ ## env:
+ ## AWS_REGION: us-east-1
+ env: {}
+
+## Image pull secrets to pull the images
+## Do not add under global as it is used by redis
+## imagePullSecrets:
+## - regcred
+imagePullSecrets: []
+
+applications:
+ fid:
+ minVersion: "8.0.0"
+ minVersionUpdate: "8.0.0"
+ nodeLimit: 0
+ pipelineConfig:
+ # git config for promotion pipeline feature
+ git:
+ repo: ""
+ privateKey: |
+ -----BEGIN OPENSSH PRIVATE KEY-----
+ {private key needs to be multi-line and indented by 8}
+ -----END OPENSSH PRIVATE KEY-----
+ logsConfig:
+ connector:
+ enabled: true
+ path: "/opt/radiantone/vds/logs/sync_agents/*/connector.log"
+ index: connector
+ aggregators: ["Default"]
+ retention_days: 30
+ vds_server:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/vds_server.log"
+ index: vds_server.log
+ retention_days: 30
+ aggregators: ["Default"]
+ vds_server_access:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/vds_server_access.csv"
+ index: vds_server_access.log
+ parse: |-
+
+ @type tsv
+ keys LOGID,LOGDATE,LOGTIME,LOGTYPE,SERVERID,SERVERPORT,SESSIONID,MSGID,CLIENTIP,BINDDN,BINDUSER,CONNNB,OPNB,OPCODE,OPNAME,BASEDN,ATTRIBUTES,SCOPE,FILTER,SIZELIMIT,TIMELIMIT,LDAPCONTROLS,CHANGES,RESULTCODE,ERRORMESSAGE,MATCHEDDN,NBENTRIES,ETIME
+ types LOGID:integer,LOGDATE:string,LOGTIME:string,LOGTYPE:integer,SERVERID:string,SERVERPORT:integer,SESSIONID:integer,MSGID:integer,CLIENTIP:string,BINDDN:string,BINDUSER:string,CONNNB:integer,OPNB:integer,OPCODE:integer,OPNAME:string,BASEDN:string,ATTRIBUTES:string,SCOPE:string,FILTER:string,SIZELIMIT:integer,TIMELIMIT:integer,LDAPCONTROLS:string,CHANGES:string,RESULTCODE:integer,ERRORMESSAGE:string,MATCHEDDN:string,NBENTRIES:integer,ETIME:integer
+
+ retention_days: 30
+ aggregators: ["Default"]
+ vds_events:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/vds_events.log"
+ index: vds_events.log
+ retention_days: 30
+ aggregators: ["Default"]
+ periodiccache:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/periodiccache.log"
+ index: periodiccache.log
+ retention_days: 30
+ aggregators: ["Default"]
+ web:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/jetty//web.log"
+ index: web.log
+ retention_days: 30
+ aggregators: ["Default"]
+ web_access:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/jetty/web_access.log"
+ index: web_access.log
+ retention_days: 30
+ aggregators: ["Default"]
+ sync_engine:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/sync_engine.log"
+ index: sync_engine.log
+ retention_days: 30
+ aggregators: ["Default"]
+ alerts:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/alerts.log"
+ index: alerts.log
+ retention_days: 30
+ aggregators: ["Default"]
+ adap_access:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/adap_access.log"
+ index: adap_access.log
+ retention_days: 30
+ aggregators: ["Default"]
+ admin_rest_api_access:
+ enabled: true
+ path: "/opt/radiantone/vds/vds_server/logs/admin_rest_api_access.log"
+ index: admin_rest_api_access.log
+ retention_days: 30
+ aggregators: ["Default"]
+ brainwave:
+ minVersion: "3.0.0"
+ minVersionUpdate: "3.0.0"
+ nodeLimit: 0
+ ido:
+ enabled: false
+ nodeLimit: 0
+ minVersion: "1.0.0"
+ minVersionUpdate: "1.0.0"
+features:
+ mfa:
+ enabled: false
+ appName: "Radiant Logic EOC"
+ pipeline:
+ enabled: false
+ appName: "Promotion pipelines feature"
ui:
basePath: /eoc
# example https://{fqdm}/eoc-backend
apiBaseUrl: ""
auth:
- # local storage key to store jwt token
+ # the local storage key to store jwt token
tokenStoreKey: token
# example https://{fqdm}
loginReturnUrl: ""
@@ -23,17 +140,36 @@ ui:
# full external links to public grafana dashboard
reportingDashboardUrl: ""
monitoringDashboardUrl: ""
+ # add a jwt Token to the grafana iFrame url
+ insertMonitoringJwtToken: false
# override infrastructure name used for environment name prefix
infrastructureName: ""
- kibanaApiPath: /kibana/index-patterns
+ kibanaApiPath: /eoc-kibana/index-patterns
+ amplitude:
+ key: ""
image:
repository: radiantone/eoc-ui
pullPolicy: Always
- # Overrides the image tag whose default is the chart appVersion.
+ # Overrides the image tag whose default is the chart appVersion. #
# tag: "dev"
nodeSelector: {}
tolerations: []
affinity: {}
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ tiersVisibility: false
+ multiTenantEnabled: false
+ serviceStatusEnabled: false
+ scheduledMaintenanceEnabled: true
+ taskManagementLogsEnabled: false
+ taskManagementReRunEnabled: false
+ taskManagementCancelEnabled: false
+ ## Extra environment variables that will be pass onto deployment pods
+ ##
+ ## env:
+ ## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
+ ## AWS_REGION: us-east-1
+ env: {}
backend:
basePath: eoc-backend
@@ -57,16 +193,22 @@ backend:
oauth:
# Get them from https://console.cloud.google.com/apis/credentials
google:
+ enabled: true
clientId: "xxxxxx"
clientSecret: "xxxxxx"
# Get them from https://github.com/settings/developers
github:
+ enabled: true
clientId: "xxxxxx"
clientSecret: "xxxxxx"
# Get them from https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade
microsoft:
+ enabled: true
clientId: "xxxxxx"
clientSecret: "xxxxxx"
+ local:
+ enabled: true
+ mfa: false
# mailer module
smtp:
from: ""
@@ -79,6 +221,7 @@ backend:
email: user@example.com
firstName: User
lastName: Example
+ password: ""
# Default on *nix if not explicitly specified
# APP_ROOT_DIRECTORY=${HOME}/.cloudmanager
# Custom value (if running as a systemd service for example)
@@ -88,15 +231,16 @@ backend:
encryptionKey: 1194c5c206aa26d37091c4e6d09dc9de
kibana:
# https://{fqdn}/kibana/api/
- apiUrl: "https://{fqdn}/kibana/api/"
+ apiUrl: "http://kibana:5601/eoc-backend/kibana/api/"
+ basicAuth: ""
grafana:
host: http://grafana
# used to create a service account for managing alerts and integrations
# should have enough permission to be able to create a service account
username: admin
password: xxxx
- amplitude:
- key: ""
+ metricsPrefixes: ldap_,process_,push_,fid_,ia_,sdc_,agent_
+ basicAuth: ""
agents:
api:
endpoint: ""
@@ -110,6 +254,12 @@ backend:
# external websocket
# client-router.dc.federated-identity.com/duploservices-rliqa-svc/acmeco
serverEndpoint: ""
+ client:
+ accessKeyId: ""
+ accessKeySecret: ""
+ s3Region: "us-east-2"
+ s3BucketName: "radiant-one-v8-sdc-distribution"
+ version: "1.2.1"
image:
repository: radiantone/eoc-backend
pullPolicy: Always
@@ -118,6 +268,199 @@ backend:
nodeSelector: {}
tolerations: []
affinity: {}
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ defaultTierName: "Tier1"
+ disableSequentialAppVersionUpdate: "true"
+ oidcTemplates:
+ - name: "Google"
+ discoveryUrl: "https://accounts.google.com/.well-known/openid-configuration"
+ - name: "Microsoft"
+ discoveryUrl: "https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration"
+ - name: "SalesForce"
+ discoveryUrl: "https://{replace-with-your-instance}.my.salesforce.com/.well-known/openid-configuration"
+ - name: "Okta"
+ discoveryUrl: "https://{replace-with-your-Okta-Domain}/.well-known/openid-configuration"
+ - name: "Github"
+ releaseChannels:
+ - name: "Official"
+ url: "https://radiantlogic-devops.github.io/release-stable/index.yaml"
+ isDefault: "true"
+ tiers:
+ - name: BaseTier
+ asg:
+ Capacity: m5a.large
+ DesiredCapacity: 1
+ MinSize: 0
+ MaxSize: 5
+ MetaData:
+ - Key: OsDiskSize
+ Value: 50
+ bwigrc:
+ portal:
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ batch:
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ cnpg:
+ resources:
+ requests:
+ memory: 512Mi
+ cpu: 500m
+ limits:
+ memory: 1Gi
+ cpu: 1
+ walStorage: 32Gi
+ fid:
+ persistence:
+ enabled: true
+ size: 100Gi
+ storageClass: gp3
+ resources:
+ limits:
+ cpu: 1
+ memory: 4Gi
+ requests:
+ cpu: 1
+ memory: 4Gi
+ - name: Tier1
+ asg:
+ Capacity: m5a.xlarge
+ bwigrc:
+ portal:
+ resources:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 8Gi
+ batch:
+ resources:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 8Gi
+ cnpg:
+ resources:
+ requests:
+ memory: 1Gi
+ cpu: 1
+ limits:
+ memory: 2Gi
+ cpu: 2
+ fid:
+ persistence:
+ size: 100Gi
+ resources:
+ limits:
+ cpu: 2
+ memory: 8Gi
+ requests:
+ cpu: 2
+ memory: 8Gi
+ - name: Tier2
+ asg:
+ Capacity: m5a.2xlarge
+ bwigrc:
+ portal:
+ resources:
+ limits:
+ cpu: 4
+ memory: 16Gi
+ requests:
+ cpu: 4
+ memory: 16Gi
+ batch:
+ resources:
+ limits:
+ cpu: 4
+ memory: 16Gi
+ requests:
+ cpu: 4
+ memory: 16Gi
+ cnpg:
+ resources:
+ requests:
+ memory: 2Gi
+ cpu: 2
+ limits:
+ memory: 4Gi
+ cpu: 4
+ fid:
+ persistence:
+ size: 500Gi
+ resources:
+ limits:
+ cpu: 8
+ memory: 32Gi
+ requests:
+ cpu: 6
+ memory: 24Gi
+ serviceStatusConfig: []
+ # - name: eoc
+ # enabled: true
+ # namespace: duploservices-ensemble-svc
+ # services:
+ # - name: redis-master
+ # kind: StatefulSet
+ # label: Redis
+ # enabled: true
+ # - name: sss
+ # kind: Deployment
+ # label: Storage Service
+ # enabled: true
+ defaultLogAggregator:
+ type: "elasticsearch"
+ host: "elasticsearch-master"
+ port: "9200"
+ scheduledMaintenanceConfig: {}
+ # name: uptime-kuma
+ # baseUrl: 'http://uptime-kuma.duploservices-ensemble-svc.svc.cluster.local:8000'
+ # username: admin
+ # password: 6rXUfw@VSWqZ!isAG3
+ userNotificationsConfig:
+ scheduledMaintenances:
+ enabled: true
+ notifyOn:
+ created: true
+ updated: true
+ remainders:
+ - 7d
+ - 1d
+ - 8h
+ executing: false
+ ended: false
+ notificationMethod:
+ in_app:
+ enabled: true
+ email:
+ enabled: true
+ ## Enable prometheus metrics
+ ##
+ ## metrics:
+ ## enabled: true
+ metrics:
+ enabled: false
+ ## Extra environment variables that will be pass onto deployment pods
+ ##
+ ## env:
+ ## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
+ ## AWS_REGION: us-east-1
+ env: {}
orchestrator:
duplo:
@@ -145,10 +488,46 @@ orchestrator:
nodeSelector: {}
tolerations: []
affinity: {}
+ initialDelaySeconds: 60
+ periodSeconds: 30
+ ## Extra environment variables that will be pass onto deployment pods
+ ##
+ ## env:
+ ## AWS_ROLE_ARN: arn:aws:iam::123456789000:role/iam-role-name-here
+ ## AWS_REGION: us-east-1
+ env: {}
redis:
enabled: true
fullnameOverride: redis
+ image:
+ registry: docker.io
+ repository: radiantone/redis
+ tag: 7.0.6-debian-11-r0
+ sentinel:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: radiantone/redis-sentinel
+ tag: 7.0.5-debian-11-r26
+ metrics:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: radiantone/redis-exporter
+ tag: 1.45.0-debian-11-r14
+ volumePermissions:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: radiantone/bitnami-shell
+ tag: 11-debian-11-r60
+ sysctl:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: radiantone/bitnami-shell
+ tag: 11-debian-11-r60
architecture: standalone
auth:
## @param auth.enabled Enable password authentication
@@ -169,6 +548,22 @@ redis:
postgresql:
enabled: false
fullnameOverride: postgresql
+ image:
+ registry: docker.io
+ repository: radiantone/postgresql
+ tag: 15.1.0-debian-11-r7
+ volumePermissions:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: radiantone/bitnami-shell
+ tag: 11-debian-11-r57
+ metrics:
+ enabled: false
+ image:
+ registry: docker.io
+ repository: radiantone/postgres-exporter
+ tag: 0.11.1-debian-11-r34
primary:
nodeSelector: {}
# tenantname: duploservices-ensemble-svc
diff --git a/charts/sdc-client/Chart.yaml b/charts/sdc-client/Chart.yaml
new file mode 100644
index 0000000..b5502c5
--- /dev/null
+++ b/charts/sdc-client/Chart.yaml
@@ -0,0 +1,29 @@
+apiVersion: v2
+name: sdc-client
+description: SDC Client Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 1.0.1
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.0.1"
+
+maintainers:
+ - name: pgodey
+ email: pgodey@radiantlogic.com
+ url: https://www.radiantlogic.com
diff --git a/charts/sdc-client/README.md b/charts/sdc-client/README.md
new file mode 100644
index 0000000..7778cdc
--- /dev/null
+++ b/charts/sdc-client/README.md
@@ -0,0 +1,319 @@
+# SDC-Client Helm Chart
+
+This Helm chart deploys the SDC-Client, which creates secure tunnels between systems running SDC servers and this client. The chart enables deploying multiple independent SDC-Client instances to connect to different servers.
+
+## Background
+
+The SDC-Client connects to SDC-Server instances. The architecture works as follows:
+
+- **SDC-Server**: Runs on any system (Kubernetes cluster, standalone server, etc.) and generates access tokens
+
+- **SDC-Client**: Runs on any system (Kubernetes cluster, standalone server, etc.) and connects back to servers using tokens
+
+- Each client creates a secure tunnel, enabling communication between the systems
+
+This chart supports deploying multiple SDC-Client instances, each connecting to a different server with its own token.
+
+## Prerequisites
+
+Before you begin, ensure you have:
+
+- Kubernetes 1.16+ cluster
+
+- Helm 3.0+ installed
+
+- Access tokens generated from your SDC-Server instances
+
+- Network connectivity between your client cluster and server systems
+
+- Sufficient resources in your cluster for the SDC-Client pods
+
+## Installing the Chart
+
+To install the chart with the release name `sdc-client`:
+
+```bash
+# Install the chart
+helm install sdc-client ./sdc-client \
+ --values my-values.yaml
+```
+
+### Installation Examples
+
+1. Basic installation with a single agent:
+
+```bash
+helm install sdc-client ./sdc-client \
+ --set agents[0].name=agent1 \
+ --set agents[0].token=your-token-here
+```
+
+2. Installation with multiple agents and custom resources:
+
+```bash
+helm install sdc-client ./sdc-client \
+ --set agents[0].name=prod-agent \
+ --set agents[0].token=prod-token \
+ --set agents[0].resources.limits.cpu=500m \
+ --set agents[0].resources.limits.memory=512Mi \
+ --set agents[1].name=staging-agent \
+ --set agents[1].token=staging-token \
+ --set agents[1].resources.limits.cpu=200m \
+ --set agents[1].resources.limits.memory=256Mi
+```
+
+## Uninstalling the Chart
+
+To uninstall/delete the deployment:
+
+```bash
+helm uninstall sdc-client
+```
+
+## Architecture
+
+The chart creates separate deployments for each agent defined in your values file. Each deployment:
+
+1. Runs its own instance of the SDC-Client container
+
+2. Uses a dedicated ConfigMap containing the unique token for its server connection
+
+3. Can have custom placement rules through nodeSelector, affinity, and tolerations
+
+This approach allows you to establish multiple secure tunnels from a single Kubernetes cluster to different target servers.
+
+## Configuration
+
+### Key Parameters
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `image.repository` | SDC-Client image repository | `radiantone/sdc-client` |
+| `image.tag` | Image tag (version) | Chart appVersion |
+| `image.pullPolicy` | Image pull policy | `Always` |
+| `replicaCount` | Number of replicas per agent | `1` |
+| `agents` | List of agent configurations (see below) | `[]` |
+
+### Agent Configuration
+
+The `agents` section allows you to define multiple client instances, each connecting to a different server:
+
+```yaml
+agents:
+ - name: "agent1" # Unique name for this agent
+ token: "your-server-token-here" # Token from the SDC-Server
+ nodeSelector: {} # Optional node selection rules
+ affinity: {} # Optional affinity rules
+ tolerations: [] # Optional tolerations
+```
+
+## Detailed Configuration
+
+### Global Configuration
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `nameOverride` | Override the name of the chart | `""` |
+| `fullnameOverride` | Override the full name of the chart | `""` |
+| `serviceAccount.create` | Create a service account | `false` |
+| `serviceAccount.name` | Name of the service account | `""` |
+| `podAnnotations` | Annotations for pods | `{}` |
+| `podSecurityContext` | Security context for pods | `{}` |
+| `securityContext` | Security context for containers | `{}` |
+| `nodeSelector` | Default node selector for all agents | `{}` |
+| `tolerations` | Default tolerations for all agents | `[]` |
+| `affinity` | Default affinity rules for all agents | `{}` |
+| `prometheus.enabled` | Enable Prometheus metrics | `false` |
+
+### Agent-Specific Configuration
+
+Each entry in the `agents` list can have the following parameters:
+
+| Parameter | Description | Default |
+|-----------|-------------|---------|
+| `name` | Unique name for this agent (required) | - |
+| `token` | Token for connecting to the SDC-Server (required) | - |
+| `nodeSelector` | Node selector for this specific agent | Global `nodeSelector` |
+| `affinity` | Affinity rules for this specific agent | Global `affinity` |
+| `tolerations` | Tolerations for this specific agent | Global `tolerations` |
+| `resources` | Resource limits and requests for this agent | Global `resources` |
+
+## Example Configurations
+
+### Basic Configuration
+
+```yaml
+agents:
+ - name: "agent1"
+ token: "your-sdc-server-token-here"
+```
+
+### Production Configuration with Resource Limits
+
+```yaml
+image:
+ repository: radiantone/sdc-client
+ tag: "latest"
+ pullPolicy: Always
+
+resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+ requests:
+ cpu: 200m
+ memory: 256Mi
+
+agents:
+ - name: "production"
+ token: "prod-token-123"
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+ requests:
+ cpu: 500m
+ memory: 512Mi
+ nodeSelector:
+ environment: production
+```
+
+### Multi-Environment Setup
+
+```yaml
+agents:
+ - name: "production"
+ token: "prod-token-123"
+ nodeSelector:
+ environment: production
+ resources:
+ limits:
+ cpu: 1000m
+ memory: 1Gi
+
+ - name: "staging"
+ token: "staging-token-456"
+ nodeSelector:
+ environment: staging
+ resources:
+ limits:
+ cpu: 500m
+ memory: 512Mi
+
+ - name: "development"
+ token: "dev-token-789"
+ nodeSelector:
+ environment: development
+ resources:
+ limits:
+ cpu: 200m
+ memory: 256Mi
+```
+
+## How It Works
+
+When you deploy this chart:
+
+1. For each entry in the `agents` list, the chart creates:
+
+ - A dedicated Deployment with the specified name
+
+ - A ConfigMap containing the token for that agent
+
+2. Each SDC-Client instance:
+
+ - Connects to its designated server using the provided token
+
+ - Establishes a secure tunnel between the client cluster and server system
+
+ - Operates independently from other agents
+
+3. The overall architecture enables:
+
+ - Multiple tunnels from a single Kubernetes cluster
+
+ - Independent configuration for each tunnel
+
+## Troubleshooting
+
+### Common Issues and Solutions
+
+1. **Pod Fails to Start**
+ - Check pod logs: `kubectl logs -f deployment/sdc-client-agent1`
+ - Verify token is valid and properly formatted
+ - Ensure network connectivity to SDC-Server
+ - Check resource limits and requests
+
+2. **Connection Issues**
+ - Verify SDC-Server is running and accessible
+ - Check network policies and firewall rules
+ - Validate token permissions
+ - Ensure DNS resolution works correctly
+
+3. **Resource Constraints**
+ - Monitor pod resource usage: `kubectl top pod -l app.kubernetes.io/name=sdc-client`
+ - Adjust resource limits if needed
+ - Check node capacity: `kubectl describe nodes`
+
+4. **Token Issues**
+ - Verify token format and validity
+ - Check token expiration
+ - Ensure token has correct permissions
+ - Validate token in ConfigMap: `kubectl get configmap sdc-client-agent1 -o yaml`
+
+### Debugging Commands
+
+```bash
+# Check pod status
+kubectl get pods -l app.kubernetes.io/name=sdc-client
+
+# View pod logs
+kubectl logs -f deployment/sdc-client-agent1
+
+# Check pod events
+kubectl describe pod -l app.kubernetes.io/name=sdc-client
+
+# Verify ConfigMap contents
+kubectl get configmap -l app.kubernetes.io/name=sdc-client
+
+# Check service account and permissions
+kubectl get serviceaccount -l app.kubernetes.io/name=sdc-client
+```
+
+## Minimal values.yaml file
+
+```yaml
+# Minimal values.yaml for SDC-Client Helm chart
+
+image:
+ repository: radiantone/sdc-client
+ pullPolicy: Always
+ # tag: "1.0.0" # Uncomment to override the default tag (Chart.appVersion)
+
+# Define your SDC-Client agents here
+agents:
+ - name: "agent1"
+ token: "your-sdc-server-token-here"
+
+# Basic configurations - all are optional and can be removed if defaults are acceptable
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ create: false
+ name: ""
+
+# Pod configurations - all are optional
+podAnnotations: {}
+podSecurityContext: {}
+securityContext: {}
+nodeSelector: {}
+tolerations: []
+affinity: {}
+```
+
+## Maintainers
+
+This chart is maintained by:
+
+- pgodey ()
diff --git a/charts/sdc-client/templates/_helpers.tpl b/charts/sdc-client/templates/_helpers.tpl
new file mode 100644
index 0000000..500a54a
--- /dev/null
+++ b/charts/sdc-client/templates/_helpers.tpl
@@ -0,0 +1,116 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "agent.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "agent.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create an agent-specific fully qualified app name.
+For each agent, we append the agent name to create a unique resource name.
+*/}}
+{{- define "agent.fullname.agent" -}}
+{{- $agentName := .agentName }}
+{{- $root := .root }}
+{{- if $root.Values.fullnameOverride }}
+{{- printf "%s-%s" $root.Values.fullnameOverride $agentName | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default $root.Chart.Name $root.Values.nameOverride }}
+{{- if contains $name $root.Release.Name }}
+{{- printf "%s-%s" $root.Release.Name $agentName | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s-%s" $root.Release.Name $name $agentName | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "agent.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "agent.labels" -}}
+helm.sh/chart: {{ include "agent.chart" . }}
+{{ include "agent.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Common labels with agent name
+*/}}
+{{- define "agent.labels.agent" -}}
+{{- $agentName := .agentName }}
+{{- $root := .root }}
+helm.sh/chart: {{ include "agent.chart" $root }}
+{{ include "agent.selectorLabels.agent" . }}
+{{- if $root.Chart.AppVersion }}
+app.kubernetes.io/version: {{ $root.Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ $root.Release.Service }}
+agent-name: {{ $agentName }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "agent.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Selector labels with agent name
+*/}}
+{{- define "agent.selectorLabels.agent" -}}
+{{- $agentName := .agentName }}
+{{- $root := .root }}
+app.kubernetes.io/name: {{ include "agent.name" $root }}
+app.kubernetes.io/instance: {{ $root.Release.Name }}
+agent-name: {{ $agentName }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "agent.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "agent.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Define Image Pull Secret
+*/}}
+{{- define "imagePullSecret" }}
+{{- with .Values.imageCredentials }}
+{{- printf "{\"auths\":{\"%s\":{\"username\":\"%s\",\"password\":\"%s\",\"email\":\"%s\",\"auth\":\"%s\"}}}" .registry .username .password .email (printf "%s:%s" .username .password | b64enc) | b64enc }}
+{{- end }}
+{{- end }}
diff --git a/charts/sdc-client/templates/deployment.yaml b/charts/sdc-client/templates/deployment.yaml
new file mode 100644
index 0000000..68f6470
--- /dev/null
+++ b/charts/sdc-client/templates/deployment.yaml
@@ -0,0 +1,81 @@
+{{- if .Values.agents }}
+# Create deployments for each agent
+{{- range .Values.agents }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ include "agent.fullname.agent" (dict "root" $ "agentName" .name) }}
+ labels:
+ {{- include "agent.labels.agent" (dict "root" $ "agentName" .name) | nindent 4 }}
+spec:
+ {{- if not $.Values.autoscaling.enabled }}
+ replicas: {{ $.Values.replicaCount }}
+ {{- end }}
+ selector:
+ matchLabels:
+ {{- include "agent.selectorLabels.agent" (dict "root" $ "agentName" .name) | nindent 6 }}
+ template:
+ metadata:
+ {{- with $.Values.podAnnotations }}
+ annotations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ labels:
+ {{- include "agent.selectorLabels.agent" (dict "root" $ "agentName" .name) | nindent 8 }}
+ spec:
+ {{- with $.Values.imagePullSecrets }}
+ imagePullSecrets:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ serviceAccountName: {{ include "agent.serviceAccountName" $ }}
+ securityContext:
+ {{- toYaml $.Values.podSecurityContext | nindent 8 }}
+ containers:
+ - name: {{ $.Chart.Name }}
+ securityContext:
+ {{- toYaml $.Values.securityContext | nindent 12 }}
+ image: "{{ $.Values.image.repository }}:{{ $.Values.image.tag | default $.Chart.AppVersion }}"
+ imagePullPolicy: {{ $.Values.image.pullPolicy }}
+ ports:
+ - name: http
+ containerPort: 80
+ protocol: TCP
+ env:
+ - name: ServerHubConfiguration__AgentToken
+ value: {{ .token | quote }}
+ resources:
+ {{- if .resources }}
+ {{- toYaml .resources | nindent 12 }}
+ {{- else }}
+ {{- toYaml $.Values.resources | nindent 12 }}
+ {{- end }}
+ {{- if .nodeSelector }}
+ nodeSelector:
+ {{- toYaml .nodeSelector | nindent 8 }}
+ {{- else }}
+ {{- with $.Values.nodeSelector }}
+ nodeSelector:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .affinity }}
+ affinity:
+ {{- toYaml .affinity | nindent 8 }}
+ {{- else }}
+ {{- with $.Values.affinity }}
+ affinity:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+ {{- if .tolerations }}
+ tolerations:
+ {{- toYaml .tolerations | nindent 8 }}
+ {{- else }}
+ {{- with $.Values.tolerations }}
+ tolerations:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ {{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/sdc-client/values.yaml b/charts/sdc-client/values.yaml
new file mode 100644
index 0000000..2362fc8
--- /dev/null
+++ b/charts/sdc-client/values.yaml
@@ -0,0 +1,85 @@
+replicaCount: 1
+
+image:
+ repository: radiantone/sdc-client
+ pullPolicy: Always
+ # Overrides the image tag whose default is the chart appVersion.
+ # tag: "0.1.1"
+
+imagePullSecrets: []
+ # - name: regcred
+
+nameOverride: ""
+fullnameOverride: ""
+
+serviceAccount:
+ # Specifies whether a service account should be created
+ create: false
+ # Annotations to add to the service account
+ annotations: {}
+ # The name of the service account to use.
+ # If not set and create is true, a name is generated using the fullname template
+ name: ""
+
+# Enable prometheus to activate scraping the metrics from metrics end point
+# Prometheus needs to deployed and available
+prometheus:
+ enabled: false
+
+podAnnotations: {}
+
+podSecurityContext: {}
+ # fsGroup: 2000
+
+securityContext: {}
+ # capabilities:
+ # drop:
+ # - ALL
+ # readOnlyRootFilesystem: true
+ # runAsNonRoot: true
+ # runAsUser: 1000
+
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
+
+autoscaling:
+ enabled: false
+ minReplicas: 1
+ maxReplicas: 5
+ targetCPUUtilizationPercentage: 80
+ # targetMemoryUtilizationPercentage: 80
+
+nodeSelector: {}
+tolerations: []
+affinity: {}
+
+# Configuration for multiple SDC clients
+agents:
+ # Each agent entry creates a separate deployment of sdc-client
+ - name: "agent1"
+ token: "-- set token for agent1 --"
+ # Optional per-agent overrides
+ resources: {}
+ nodeSelector: {}
+ affinity: {}
+ tolerations: []
+
+ # Example of another agent configuration
+ # - name: "agent2"
+ # token: "-- set token for agent2 --"
+ # resources:
+ # limits:
+ # cpu: 200m
+ # memory: 256Mi
+ # requests:
+ # cpu: 100m
+ # memory: 128Mi
diff --git a/charts/sdc/.helmignore b/charts/sdc/.helmignore
deleted file mode 100644
index 0e8a0eb..0000000
--- a/charts/sdc/.helmignore
+++ /dev/null
@@ -1,23 +0,0 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
-.DS_Store
-# Common VCS dirs
-.git/
-.gitignore
-.bzr/
-.bzrignore
-.hg/
-.hgignore
-.svn/
-# Common backup files
-*.swp
-*.bak
-*.tmp
-*.orig
-*~
-# Various IDEs
-.project
-.idea/
-*.tmproj
-.vscode/
diff --git a/charts/sdc/Chart.yaml b/charts/sdc/Chart.yaml
index b1badb4..7e994eb 100644
--- a/charts/sdc/Chart.yaml
+++ b/charts/sdc/Chart.yaml
@@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.2
+version: 1.3.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
-appVersion: "0.2.3"
+appVersion: "1.3.0"
maintainers:
- name: pgodey
@@ -44,5 +44,5 @@ dependencies:
- name: inlets-uplink-provider
alias: inlets
repository: oci://ghcr.io/openfaasltd
- version: 0.2.9
+ version: 0.3.0
condition: inlets.enabled
diff --git a/charts/sdc/README.md b/charts/sdc/README.md
index 6f937b9..e440a21 100644
--- a/charts/sdc/README.md
+++ b/charts/sdc/README.md
@@ -23,9 +23,12 @@ Additionally CERT-MANAGER, POSTGRES and PGADMIN can also be deployed as dependen
- cert-manager adds certificates and certificate issuers as resource types in Kubernetes clusters, and simplifies the process of obtaining, renewing and using those certificates.
- It will ensure certificates are valid and up to date, and attempt to renew certificates at a configured time before expiry.
-3. Posgresql
+3. PostgreSQL
- PostgreSQL, also known as Postgres, is a free and open-source relational database management system emphasizing extensibility and SQL compliance
+- **Chart Version:** 12.1.3 (Bitnami PostgreSQL Helm chart)
+- **Image:** radiantone/postgresql:15.1.0-debian-11-r7
+- **PostgreSQL Version:** 15.1.0
4. PGAdmin
@@ -111,9 +114,6 @@ tunnel:
# To open single ports of choice provide values under "ports:"
# To open range of ports provide values under "portRange" like "5001-5010"
# Provide higher + 1 for the higher limit (port) intended (for portRange)
- ports:
- - 8080
- - 8081
portRange:
- "5001-5010"
diff --git a/charts/sdc/templates/configmap.yaml b/charts/sdc/templates/configmap.yaml
index 498cce6..86265ba 100644
--- a/charts/sdc/templates/configmap.yaml
+++ b/charts/sdc/templates/configmap.yaml
@@ -12,4 +12,5 @@ data:
PortForward__Range: {{ .Values.agents.portForward__range | quote }}
{{- end }}
Jwt__Issuer: {{ .Values.agents.endpoint | quote }}
+ ASPNETCORE_URLS: http://+:{{- .Values.service.port -}}
diff --git a/charts/sdc/templates/hooks/post-upgrade-hook.yaml b/charts/sdc/templates/hooks/post-upgrade-hook.yaml
index 24d8ed9..724d326 100644
--- a/charts/sdc/templates/hooks/post-upgrade-hook.yaml
+++ b/charts/sdc/templates/hooks/post-upgrade-hook.yaml
@@ -21,7 +21,7 @@ spec:
restartPolicy: Never
containers:
- name: post-upgrade-job
- image: bitnami/kubectl:latest
+ image: radiantone/kubectl:latest
command:
- sh
- -c
diff --git a/charts/sdc/templates/hpa.yaml b/charts/sdc/templates/hpa.yaml
index 22ae57b..20a9ed7 100644
--- a/charts/sdc/templates/hpa.yaml
+++ b/charts/sdc/templates/hpa.yaml
@@ -1,5 +1,5 @@
{{- if .Values.autoscaling.enabled }}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ include "agent.fullname" . }}
@@ -17,12 +17,16 @@ spec:
- type: Resource
resource:
name: cpu
- targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
- targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
+ target:
+ type: Utilization
+ averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
diff --git a/charts/sdc/templates/service.yaml b/charts/sdc/templates/service.yaml
index 9f67a91..f54f375 100644
--- a/charts/sdc/templates/service.yaml
+++ b/charts/sdc/templates/service.yaml
@@ -7,6 +7,8 @@ metadata:
{{- if .Values.prometheus.enabled }}
annotations:
prometheus.io/scrape: 'true'
+ # prometheus.io/port: "{{ .Values.service.port }}"
+ # prometheus.io/path: "/metrics"
{{- end }}
spec:
type: {{ .Values.service.type }}
diff --git a/charts/sdc/values-sample.yaml b/charts/sdc/values-sample.yaml
index d31a8bd..d5ee7a9 100644
--- a/charts/sdc/values-sample.yaml
+++ b/charts/sdc/values-sample.yaml
@@ -32,6 +32,7 @@ inlets:
# Customer tunnels will connect with a URI of:
# wss://uplink.example.com/namespace/tunnel
domain: uplink.example.com/namespace/tunnel
+ inletsVersion: 0.9.21
tunnel:
tunnelname: r1tunnel
@@ -41,11 +42,8 @@ tunnel:
# To open single ports of choice provide values under "ports:"
# To open range of ports provide values under "portRange" like "5001-5010"
# Provide higher + 1 for the higher limit (port) intended (for portRange)
- ports:
- - 8080
- - 8081
portRange:
- - "5001-5010"
+ - "5001-5100"
# Postgresql should be deployed prior to deployment or should be enabled from below
postgresql:
diff --git a/charts/sdc/values.yaml b/charts/sdc/values.yaml
index 722c8c8..a7c3448 100644
--- a/charts/sdc/values.yaml
+++ b/charts/sdc/values.yaml
@@ -74,12 +74,13 @@ resources: {}
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # Recommended values for production:
# limits:
- # cpu: 100m
- # memory: 128Mi
+ # cpu: 500m
+ # memory: 1Gi
# requests:
- # cpu: 100m
- # memory: 128Mi
+ # cpu: 250m
+ # memory: 512Mi
autoscaling:
enabled: false
@@ -105,7 +106,7 @@ agents:
clientSecret: "xxxxx"
# PortForward__Range should match the start and end ports provided under tunnel
# PortForward__Range can be a single port if only one port is opened
- portForward__range: "5001-5009, 8080, 8081"
+ portForward__range: "5001-5100"
endpoint: https://sdc-envname.radiantlogic.io # domain for sdc
@@ -124,7 +125,7 @@ tunnel:
- 8080
- 8081
portRange:
- - "5001-5010"
+ - "5001-5100"
inlets:
nodeSelector: {}
@@ -169,7 +170,7 @@ inlets:
# inlets Pro release version for tunnel server Pods
# Check https://ghcr.io/inlets/inlets-pro for tags
- inletsVersion: 0.9.18
+ inletsVersion: 0.9.21
# monitoring tunnels
prometheus:
image: prom/prometheus:v2.40.1
@@ -207,6 +208,9 @@ cert-manager:
postgresql:
enabled: false
fullnameOverride: postgresql
+ image:
+ repository: radiantone/postgresql
+ tag: 15.1.0-debian-11-r7
primary:
nodeSelector: {}
# tenantname: xxxx
diff --git a/charts/sss/Chart.yaml b/charts/sss/Chart.yaml
index 256c03f..7c0adfe 100644
--- a/charts/sss/Chart.yaml
+++ b/charts/sss/Chart.yaml
@@ -7,7 +7,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.0.1
+version: 0.0.2
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
diff --git a/charts/sss/templates/deployment.yaml b/charts/sss/templates/deployment.yaml
index ca9400e..7b64e27 100644
--- a/charts/sss/templates/deployment.yaml
+++ b/charts/sss/templates/deployment.yaml
@@ -5,7 +5,7 @@ metadata:
labels:
{{- include "sss.labels" . | nindent 4 }}
spec:
- replicas: 1
+ replicas: {{ ((.Values.global).hibernate | default false) | ternary 0 .Values.replicaCount }}
selector:
matchLabels:
{{- include "sss.selectorLabels" . | nindent 6 }}
diff --git a/charts/sss/values.yaml b/charts/sss/values.yaml
index 9ccde8d..68be479 100644
--- a/charts/sss/values.yaml
+++ b/charts/sss/values.yaml
@@ -1,7 +1,12 @@
-# Default values for agent.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
+global:
+ # Hibernate the application
+ # Scales down pods to zero if set to true
+ # Default is false
+ hibernate: false
+
replicaCount: 1
image: