From 1724b7451dc3f80b4718112f5707c4d84a610bfb Mon Sep 17 00:00:00 2001 From: Igor Sheykin <49325415+Ashigo@users.noreply.github.com> Date: Mon, 6 May 2024 16:36:19 +0500 Subject: [PATCH 01/91] fix pro-api/values.yaml doc (#432) --- charts/pro-api/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 64faf1bb6..e306ff685 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -163,8 +163,8 @@ s3: # @skip api.filterByZoneCodes # @skip api.esDataCentersCount # @skip Local cache settings -# @skip localCache.enabled -# @skip localCache.trackStatistics +# @skip api.localCache.enabled +# @skip api.localCache.trackStatistics api: serviceAccount: runner @@ -373,8 +373,8 @@ permissionsPodSettings: # @skip permissionsApi.host # @param permissionsApi.enabled If permissionsApi is enabled for the service. # @skip Local cache settings -# @skip localCache.enabled -# @skip localCache.trackStatistics +# @skip permissionsApi.localCache.enabled +# @skip permissionsApi.localCache.trackStatistics permissionsApi: host: '' From b07667447ddc98a692482197a64cc7136e68369c Mon Sep 17 00:00:00 2001 From: FreakyGranny Date: Mon, 6 May 2024 21:40:46 +0700 Subject: [PATCH 02/91] [tiles-api] Upgrade to 4.54.0 (#428) --- charts/tiles-api/Chart.yaml | 2 +- charts/tiles-api/README.md | 8 +++++--- charts/tiles-api/configs/importer/importer.yaml | 2 ++ charts/tiles-api/values.yaml | 12 +++++++++--- 4 files changed, 17 insertions(+), 7 deletions(-) diff --git a/charts/tiles-api/Chart.yaml b/charts/tiles-api/Chart.yaml index fc3b186e1..02343bf89 100644 --- a/charts/tiles-api/Chart.yaml +++ b/charts/tiles-api/Chart.yaml @@ -5,7 +5,7 @@ description: Tiles API for getting cartographic data type: application version: 1.22.0 -appVersion: 4.52.9 +appVersion: 4.54.0 maintainers: - name: 2gis diff --git a/charts/tiles-api/README.md b/charts/tiles-api/README.md index 9683677ab..cce8c0aca 100644 --- a/charts/tiles-api/README.md +++ b/charts/tiles-api/README.md @@ -89,7 +89,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `proxy.resources.limits.memory` | A memory limit. | `512Mi` | | `proxy.image` | **Docker image settings** | | | `proxy.image.repository` | Docker Repository. | `2gis-on-premise/tiles-api-proxy` | -| `proxy.image.tag` | Docker image tag. | `4.52.9` | +| `proxy.image.tag` | Docker image tag. | `4.54.0` | | `proxy.image.pullPolicy` | Kubernetes pull policy for the service's Docker image. | `IfNotPresent` | | `proxy.access` | **API Keys service access settings** | | | `proxy.access.enabled` | If access to the [API Keys service](https://docs.2gis.com/en/on-premise/keys) is enabled. | `false` | @@ -125,7 +125,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `api.resources.limits.memory` | A memory limit. | `512Mi` | | `api.image` | **Docker image settings** | | | `api.image.repository` | Docker Repository. | `2gis-on-premise/tiles-api` | -| `api.image.tag` | Docker image tag. | `4.52.9` | +| `api.image.tag` | Docker image tag. | `4.54.0` | | `api.image.pullPolicy` | Kubernetes pull policy for the service's Docker image. | `IfNotPresent` | | `api.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `api.strategy.rollingUpdate` | **Service's Rolling Update strategy settings** | | @@ -200,13 +200,15 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `importer.resources.limits.memory` | A memory limit. | `256Mi` | | `importer.image` | **Docker image settings** | | | `importer.image.repository` | Docker Repository. | `2gis-on-premise/tiles-api-importer` | -| `importer.image.tag` | Docker image tag. | `4.52.9` | +| `importer.image.tag` | Docker image tag. | `4.54.0` | | `importer.image.pullPolicy` | Kubernetes pull policy for the service's Docker image. | `IfNotPresent` | | `importer.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `importer.cleaner` | **Cassandra keyspace lifecycle management and Cleaner settings** | | | `importer.forceImport` | If enabled, then the Importer job will delete existing keyspace and do import, otherwise import will be skipped. | `false` | | `importer.clearSnapshots` | If enabled, then the Importer job will delete keyspace's snapshot as well when deleting a keyspace.
It executes the `nodetool clearsnapshot` command over JMX to do so, and therefore requires JMS to be enabled on the Cassandra side, and `cassandra.credentials.jmxUser`/`cassandra.credentials.jmxPassword` values to be set. | `false` | | `importer.cassandraHostsClockTimeCheckLimit` | Maximum difference over cassandra hosts clock time. | `1s` | +| `importer.retryInterval` | Period of time between tries to spawn worker job. | `5s` | +| `importer.retryCount` | Maximum number of tries to spawn worker job. | `3` | | `importer.cleaner.enabled` | Enables deletion of obsolete tilesets before making new imports. | `false` | | `importer.cleaner.limit` | Limit on the number of old tilesets to leave untouched when cleaning, minimum 1. | `3` | | `importer.workerResources` | **Kubernetes [resource management settings](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) for the cleaner process** | | diff --git a/charts/tiles-api/configs/importer/importer.yaml b/charts/tiles-api/configs/importer/importer.yaml index e19c70b83..0a5c06374 100644 --- a/charts/tiles-api/configs/importer/importer.yaml +++ b/charts/tiles-api/configs/importer/importer.yaml @@ -18,6 +18,8 @@ k8s: job-template-file-path: /config/job.yaml {{- with .Values.importer }} worker-image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .image.repository }}:{{ .image.tag }} + retry-interval: {{ .retryInterval }} + retry-count: {{ .retryCount }} {{- end }} namespace: {{ .Release.Namespace }} diff --git a/charts/tiles-api/values.yaml b/charts/tiles-api/values.yaml index 2ae0cdc25..c49b835a4 100644 --- a/charts/tiles-api/values.yaml +++ b/charts/tiles-api/values.yaml @@ -122,7 +122,7 @@ proxy: image: repository: 2gis-on-premise/tiles-api-proxy - tag: 4.52.9 + tag: 4.54.0 pullPolicy: IfNotPresent containerPort: 5000 @@ -179,7 +179,7 @@ api: image: repository: 2gis-on-premise/tiles-api - tag: 4.52.9 + tag: 4.54.0 pullPolicy: IfNotPresent terminationGracePeriodSeconds: 30 @@ -337,7 +337,7 @@ importer: image: repository: 2gis-on-premise/tiles-api-importer - tag: 4.52.9 + tag: 4.54.0 pullPolicy: IfNotPresent @@ -358,6 +358,9 @@ importer: # @param importer.clearSnapshots If enabled, then the Importer job will delete keyspace's snapshot as well when deleting a keyspace.
It executes the `nodetool clearsnapshot` command over JMX to do so, and therefore requires JMS to be enabled on the Cassandra side, and `cassandra.credentials.jmxUser`/`cassandra.credentials.jmxPassword` values to be set. # @param importer.cassandraHostsClockTimeCheckLimit Maximum difference over cassandra hosts clock time. + # @param importer.retryInterval Period of time between tries to spawn worker job. + # @param importer.retryCount Maximum number of tries to spawn worker job. + # @param importer.cleaner.enabled Enables deletion of obsolete tilesets before making new imports. # @param importer.cleaner.limit Limit on the number of old tilesets to leave untouched when cleaning, minimum 1. @@ -371,6 +374,9 @@ importer: clearSnapshots: false cassandraHostsClockTimeCheckLimit: 1s + retryInterval: "5s" + retryCount: 3 + tolerations: {} imagePullSecrets: [] nodeSelector: {} From 5e0f53a83b47682e29d33ad902e1cc44ed6d8a46 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=9F=D0=B5=D1=82=D1=80=20=D0=91=D0=B5=D0=BA=D0=BB=D0=B5?= =?UTF-8?q?=D0=BC=D0=B8=D1=88=D0=B5=D0=B2?= Date: Wed, 8 May 2024 11:53:29 +0700 Subject: [PATCH 03/91] Add missing default for enabled_modules->predictors in citylens-web configmap (#433) --- charts/citylens/templates/web/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/citylens/templates/web/configmap.yaml b/charts/citylens/templates/web/configmap.yaml index ded114b04..970a4fc0f 100644 --- a/charts/citylens/templates/web/configmap.yaml +++ b/charts/citylens/templates/web/configmap.yaml @@ -132,4 +132,4 @@ data: {{- end }} {{- end }} predictors: - {{- toYaml .Values.kafka.predictorsExtraTopics | nindent 8 }} + {{- toYaml (.Values.kafka.predictorsExtraTopics | default list) | nindent 8 }} From 5fd2f18292d31e6b6adc14ff4123fa6a3b5658a0 Mon Sep 17 00:00:00 2001 From: i-bogomazov <106957509+i-bogomazov@users.noreply.github.com> Date: Mon, 13 May 2024 17:31:21 +0300 Subject: [PATCH 04/91] navi-router 6.17.0.8 -> 6.17.1.2 (#434) --- charts/navi-router/Chart.yaml | 2 +- charts/navi-router/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/navi-router/Chart.yaml b/charts/navi-router/Chart.yaml index 6d84af764..7b0f71827 100644 --- a/charts/navi-router/Chart.yaml +++ b/charts/navi-router/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - router version: 1.22.0 -appVersion: 6.17.0.8 +appVersion: 6.17.1.2 maintainers: - name: 2gis url: https://github.com/2gis diff --git a/charts/navi-router/values.yaml b/charts/navi-router/values.yaml index d0f12ae4d..6107b27c3 100644 --- a/charts/navi-router/values.yaml +++ b/charts/navi-router/values.yaml @@ -39,7 +39,7 @@ affinity: {} image: repository: 2gis-on-premise/navi-router pullPolicy: IfNotPresent - tag: 6.17.0.8 + tag: 6.17.1.2 # @section Navi-Router service settings From 07e40683d65496cadb83e1a305fa63f2ffb1a1d2 Mon Sep 17 00:00:00 2001 From: Andrew Mikhailov Date: Fri, 17 May 2024 11:09:17 +0700 Subject: [PATCH 05/91] [PRO-5009] Changed helm/hooks. (#436) --- charts/pro-ui/templates/ui/styles-import-starter.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/pro-ui/templates/ui/styles-import-starter.yaml b/charts/pro-ui/templates/ui/styles-import-starter.yaml index 3bb1b1f01..13edb00f3 100644 --- a/charts/pro-ui/templates/ui/styles-import-starter.yaml +++ b/charts/pro-ui/templates/ui/styles-import-starter.yaml @@ -4,7 +4,7 @@ kind: Job metadata: name: {{ include "pro.ui.styles-importer-name" . }}-starter annotations: - "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded spec: backoffLimit: {{ .Values.stylesImporter.backoffLimit }} From ec3cfca6dd74251fca0d1f8fa7d1d05f76e16bf2 Mon Sep 17 00:00:00 2001 From: Konstantin Lobov Date: Fri, 24 May 2024 09:25:02 +0300 Subject: [PATCH 06/91] pro-ui: New external style manager config (#426) * pro-ui: New external style manager config --- charts/pro-ui/README.md | 12 ++++++++++++ charts/pro-ui/templates/_env.tpl | 4 ++++ charts/pro-ui/values.schema.json | 16 ++++++++++++++++ charts/pro-ui/values.yaml | 15 +++++++++++++++ 4 files changed, 47 insertions(+) diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 4108bb080..23d176691 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -84,6 +84,18 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | `ui.mapgl.stylePreview` | URL to image for ui.mapgl.styleUrl or ui.mapgl.styleId. It needs for preview in manager styles. | `""` | | `ui.mapgl.styleModelsUrl` | Optional URL for [MapGL Style](https://docs.2gis.com/en/mapgl/styles/overview/editor) models folder, e.g., '//mapgl.ingress.host/style/models' | `""` | +### Mapbox style config settings + +| Name | Description | Value | +| ---------------------- | --------------------------------------------------------------------- | ----- | +| `ui.mapbox.styleToken` | Optional [Mapbox Token](https://docs.mapbox.com/api/accounts/tokens/) | `""` | + +### External style manager configuration. + +| Name | Description | Value | +| --------------------------------- | ------------------------------------------------------ | ------- | +| `ui.externalStyleManager.enabled` | - Set "true" to enable External Style Manager features | `false` | + ### Map styles config settings | Name | Description | Value | diff --git a/charts/pro-ui/templates/_env.tpl b/charts/pro-ui/templates/_env.tpl index ff0aa0bb2..d7c5e85af 100644 --- a/charts/pro-ui/templates/_env.tpl +++ b/charts/pro-ui/templates/_env.tpl @@ -71,6 +71,10 @@ value: "/tmp" - name: SERVER_PORT value: "{{ .Values.ui.containerPort }}" +- name: MAPBOX_STYLE_TOKEN + value: "{{ .Values.ui.mapbox.styleToken }}" +- name: FEATURE_EXTERNAL_STYLE_MANAGER_IS_ENABLED + value: "{{ .Values.ui.externalStyleManager.enabled }}" - name: PUBLIC_S3_HOST value: "{{ .Values.ui.publicS3Url }}" - name: PUBLIC_S3_URL diff --git a/charts/pro-ui/values.schema.json b/charts/pro-ui/values.schema.json index c6d53e762..6f2e6f245 100644 --- a/charts/pro-ui/values.schema.json +++ b/charts/pro-ui/values.schema.json @@ -162,6 +162,22 @@ } } }, + "mapbox": { + "type": "object", + "additionalProperties": false, + "properties": { + "styleToken": { + "type": "string" + } + } + }, + "externalStyleManager": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { "type": "boolean" } + } + }, "styles": { "type": "object", "additionalProperties": false, diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 883524037..2efa87233 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -139,6 +139,21 @@ ui: stylePreview: '' styleModelsUrl: '' + # @section Mapbox style config settings + # + # Fill that parameters if your app has connection to Global Internet. + # @param ui.mapbox.styleToken Optional [Mapbox Token](https://docs.mapbox.com/api/accounts/tokens/) + mapbox: + styleToken: '' + + # @section External style manager configuration. + # External style manager allows managing WMS- and WMTS-maps from external sources. + # Access to public (internet) or private (intranet) WM(T)S services is required for this feature to work. + # + # @param ui.externalStyleManager.enabled - Set "true" to enable External Style Manager features + externalStyleManager: + enabled: false + # @section Map styles config settings # # @param ui.styles.s3Bucket Optional S3 bucket name for style files. Bucket must be public. From 79bc905f194ec235ca1a8df9cc31802c7c9ff5c1 Mon Sep 17 00:00:00 2001 From: DAMoskalev <33502773+DAMoskalev@users.noreply.github.com> Date: Fri, 24 May 2024 09:41:53 +0300 Subject: [PATCH 07/91] GH Actions readme checker workflow (#438) * base wf * fix * update * update * update * update * update * update * clean * clean * minor documentation changes --------- Co-authored-by: Dmitrii Moskalev --- .github/scripts/check-readme.sh | 46 +++++++++++++++++++++++++++++ .github/workflows/check-readme.yaml | 32 ++++++++++++++++++++ .gitignore | 1 + charts/navi-router/README.md | 2 +- charts/platform/README.md | 12 ++++---- 5 files changed, 85 insertions(+), 8 deletions(-) create mode 100644 .github/scripts/check-readme.sh create mode 100644 .github/workflows/check-readme.yaml diff --git a/.github/scripts/check-readme.sh b/.github/scripts/check-readme.sh new file mode 100644 index 000000000..82a8c7734 --- /dev/null +++ b/.github/scripts/check-readme.sh @@ -0,0 +1,46 @@ +#!/bin/bash + +set -e +set -u +set -o pipefail + +# Define directories +SCRIPT_DIR="$( cd $(dirname "$0") ; pwd )" +REPO_PATH=$( git -C "$SCRIPT_DIR" rev-parse --show-toplevel ) + +cd "$REPO_PATH" + +# Run the generator for each subdirectory in charts +for chart in charts/*; do + if [ -d "$chart" ]; then + echo "Building README for $chart..." + readme-generator --config="$REPO_PATH/bitnami-config.json" --values="$REPO_PATH/$chart/values.yaml" --readme="$REPO_PATH/$chart/README.md" + echo "" + fi +done + +# Check for unsaved changes in the repository +IS_DIRTY=0 +HAS_UNTRACKED=0 + +# Check for changes in README.md files in the working directory +git -C "$REPO_PATH" diff --name-only -- '*.md' | grep -q '.' && IS_DIRTY=1 + +# Check for changes in README.md files in the staging area +git -C "$REPO_PATH" diff --cached --name-only -- '*.md' | grep -q '.' && IS_DIRTY=1 + +# Check for untracked README.md files +git -C "$REPO_PATH" ls-files --others --exclude-standard -- '*.md' | grep -q '.' && HAS_UNTRACKED=1 + +RESULT=$(( IS_DIRTY + HAS_UNTRACKED )) + +if [[ "$RESULT" -eq 0 ]]; then + echo -e '\033[0;32mDocumentation is up-to-date\033[0m' +else + echo -e '\033[0;31mYou need to update documentation: run `make prepare && make all`\033[0m' + echo 'Changed files:' + git status --porcelain | grep md + exit 1 +fi + +exit 0 diff --git a/.github/workflows/check-readme.yaml b/.github/workflows/check-readme.yaml new file mode 100644 index 000000000..c90f41621 --- /dev/null +++ b/.github/workflows/check-readme.yaml @@ -0,0 +1,32 @@ +name: Check Readme Files + +on: + pull_request: + branches: + - develop + +jobs: + run-script: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v2 + + - name: Install Node.js and npm + uses: actions/setup-node@v2 + with: + node-version: '16' + + - name: Install readme-generator-for-helm + run: | + git clone https://github.com/bitnami/readme-generator-for-helm + cd readme-generator-for-helm + npm install + npm install -g . + + - name: Set up script permissions + run: chmod +x .github/scripts/check-readme.sh + + - name: Run script + run: .github/scripts/check-readme.sh diff --git a/.gitignore b/.gitignore index 090a1f02d..34b82a233 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .idea .DS_Store +readme-generator-for-helm diff --git a/charts/navi-router/README.md b/charts/navi-router/README.md index ae7b6a4c2..48462eed4 100644 --- a/charts/navi-router/README.md +++ b/charts/navi-router/README.md @@ -46,7 +46,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | Name | Description | Value | | ------------------ | ----------- | ----------------------------- | | `image.repository` | Repository | `2gis-on-premise/navi-router` | -| `image.tag` | Tag | `6.17.0.8` | +| `image.tag` | Tag | `6.17.1.2` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Navi-Router service settings diff --git a/charts/platform/README.md b/charts/platform/README.md index f434ff405..67bee418d 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -38,13 +38,11 @@ Use this Helm chart to deploy Platform service, which is a part of 2GIS's [On-Pr ### UI service settings -| Name | Description | Value | -| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `ui.appPort` | Service port. | `3000` | -| `ui.brand` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `""` | -| `ui.pages` | A list of pages available in application. Values must be written with a comma. Possible values: `"status"`, `"playground"`. E.g. "status, playground". The first page in a list is the one a user's going to be redirected to from deactivated ones. | `""` | -| `ui.googleAnalyticsId` | An id for Google Analytics. | `""` | -| `ui.googleTagManagerId` | An id for Google Tag Manager. | `""` | +| Name | Description | Value | +| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `ui.appPort` | Service port. | `3000` | +| `ui.brand` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `""` | +| `ui.pages` | A list of pages available in application. Values must be written with a comma. Possible values: `"status"`, `"playground"`. E.g. "status, playground". The first page in a list is the one a user's going to be redirected to from deactivated ones. | `""` | ### Statuses for services. A value is a string containing pairs of label and healthcheck URL for a service. Pairs must be divided with a comma. Each pair must be connected with a symbol "=", e.g. `mapgl: 'MapGL JS=https://example.com/healthcheck'`. URL must be an absolute. You can specify only one URL, e.g. `mapgl: 'https://example.com/healthcheck'`. From dc62228df22410f8090c25661e700f04b2de75fe Mon Sep 17 00:00:00 2001 From: DAMoskalev <33502773+DAMoskalev@users.noreply.github.com> Date: Fri, 24 May 2024 09:58:43 +0300 Subject: [PATCH 08/91] Gh actions readme checker changing name (#440) * base wf * fix * update * update * update * update * update * update * clean * clean * minor documentation changes * changing name --------- Co-authored-by: Dmitrii Moskalev --- .github/workflows/check-readme.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/check-readme.yaml b/.github/workflows/check-readme.yaml index c90f41621..1d996a14e 100644 --- a/.github/workflows/check-readme.yaml +++ b/.github/workflows/check-readme.yaml @@ -6,7 +6,7 @@ on: - develop jobs: - run-script: + readme-validator: runs-on: ubuntu-latest steps: From 7d7f1a55ad28305156855bede32a3cb25ffa6807 Mon Sep 17 00:00:00 2001 From: Aveldin1 <164148461+Aveldin1@users.noreply.github.com> Date: Tue, 28 May 2024 10:55:44 +0300 Subject: [PATCH 09/91] PRO-UI 2.14.0 (#441) --- charts/pro-api/Chart.yaml | 2 +- charts/pro-ui/Chart.yaml | 4 +-- charts/pro-ui/README.md | 44 ++++++++++++++++---------------- charts/pro-ui/values.schema.json | 2 +- charts/pro-ui/values.yaml | 14 +++++----- 5 files changed, 32 insertions(+), 34 deletions(-) diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index 54ff10f63..758843d1c 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,7 +4,7 @@ description: Geo API for getting geo data type: application -version: 1.22.0 +version: 1.23.0 appVersion: 1.11.2 maintainers: diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index f13d84b7f..869604be1 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,8 +3,8 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.22.0 -appVersion: 2.5.1 +version: 1.23.0 +appVersion: 2.14.0 maintainers: - name: 2gis diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 23d176691..5e0ee0c63 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -40,31 +40,31 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | Name | Description | Value | | --------------------- | ----------- | ------------------------ | | `ui.image.repository` | Repository | `2gis-on-premise/pro-ui` | -| `ui.image.tag` | Tag | `2.5.1` | +| `ui.image.tag` | Tag | `2.14.0` | ### UI service settings -| Name | Description | Value | -| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `ui.appTheme` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `urbi` | -| `ui.appLocale` | Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. | `en_AE` | -| `ui.appInitialMapCenter` | Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). | `[46.71, 24.72]` | -| `ui.supportDocumentationLink` | Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' | `""` | -| `ui.immersiveModels` | A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] | `""` | -| `ui.publicS3Url` | Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ | `""` | -| `ui.auth.sso` | Flag to turn on/off the authorization. Possible values: `"true"` or `"false"`. | `false` | -| `ui.auth.secure` | Flag to turn on/off the https for auth. Possible values: `"true"` or `"false"`. | `true` | -| `ui.auth.safeHosts` | a string with regExp, which checks incoming authCodeUrl | `.*` | -| `ui.auth.codeUrl` | an URL, which is used to exchange code to token: host/api/auth/code | `""` | -| `ui.auth.clientId` | a client_id from keycloack | `""` | -| `ui.auth.clientSecret` | a client_secret from keycloack | `""` | -| `ui.auth.oAuthProvider` | a provider name. Possible values: "keycloak" | "ugc" | "openid" | `keycloak` | -| `ui.auth.oAuthScopes` | scopes for openid connect. Possible values: | `""` | -| `ui.auth.identityProviderUrl` | a provider base URL | `""` | -| `ui.auth.oAuthApiUrl` | an oAuth provider base URL | `""` | -| `ui.auth.userDataApiUrl` | an user data provider URL | `""` | -| `ui.auth.turnOffCertValidation` | Flag to turn off certificate validation. Possible values: `"true"` or `"false"`. | `false` | -| `ui.auth.openIdWellKnownUrlListUrl` | URL to OpenID Connect Discovery data | `""` | +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `ui.appTheme` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `urbi` | +| `ui.appLocale` | Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. | `en_AE` | +| `ui.appInitialMapCenter` | Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). | `[46.71, 24.72]` | +| `ui.supportDocumentationLink` | Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' | `https://docs.urbi.ae/en/pro/start` | +| `ui.immersiveModels` | A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] | `""` | +| `ui.publicS3Url` | Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ | `""` | +| `ui.auth.sso` | Flag to turn on/off the authorization. Possible values: `"true"` or `"false"`. | `false` | +| `ui.auth.secure` | Flag to turn on/off the https for auth. Possible values: `"true"` or `"false"`. | `true` | +| `ui.auth.safeHosts` | a string with regExp, which checks incoming authCodeUrl | `.*` | +| `ui.auth.codeUrl` | an URL, which is used to exchange code to token: host/api/auth/code | `""` | +| `ui.auth.clientId` | a client_id from keycloack | `""` | +| `ui.auth.clientSecret` | a client_secret from keycloack | `""` | +| `ui.auth.oAuthProvider` | a provider name. Possible values: "keycloak" | "ugc" | "openid" | `keycloak` | +| `ui.auth.oAuthScopes` | scopes for openid connect. Possible values: | `""` | +| `ui.auth.identityProviderUrl` | a provider base URL | `""` | +| `ui.auth.oAuthApiUrl` | an oAuth provider base URL | `""` | +| `ui.auth.userDataApiUrl` | an user data provider URL | `""` | +| `ui.auth.turnOffCertValidation` | Flag to turn off certificate validation. Possible values: `"true"` or `"false"`. | `false` | +| `ui.auth.openIdWellKnownUrlListUrl` | URL to OpenID Connect Discovery data | `""` | ### 2GIS Pro API settings diff --git a/charts/pro-ui/values.schema.json b/charts/pro-ui/values.schema.json index 6f2e6f245..39b87bff5 100644 --- a/charts/pro-ui/values.schema.json +++ b/charts/pro-ui/values.schema.json @@ -22,7 +22,7 @@ "properties": { "logLevel": { "type": "string", - "enum": ["error"] + "enum": ["error", "warn"] }, "isOnPremise": { "type": "boolean" diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 2efa87233..4db38243e 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -50,7 +50,7 @@ ui: # @param ui.image.tag Tag image: repository: 2gis-on-premise/pro-ui - tag: 2.5.1 + tag: 2.14.0 # @section UI service settings @@ -68,7 +68,7 @@ ui: appTheme: urbi appLocale: en_AE appInitialMapCenter: '[46.71, 24.72]' - supportDocumentationLink: '' + supportDocumentationLink: 'https://docs.urbi.ae/en/pro/start' immersiveModels: '' publicS3Url: '' @@ -121,7 +121,6 @@ ui: # @param ui.mapgl.host FQDN (domain or IP) for the [MapGL JS API](https://docs.2gis.com/en/on-premise/map) service with or without protocol. Without protocol we will put App's protocol. # @skip ui.mapgl.scriptPath # @param ui.mapgl.key A key to the [MapGL JS API](https://docs.2gis.com/en/on-premise/map) service. - # @skip ui.mapgl.styleId # @param ui.mapgl.styleUrl Optional URL for [MapGL Style](https://docs.2gis.com/en/mapgl/styles/overview/editor) `style.json` folder, e.g., '//mapgl.ingress.host/style'. ui.mapgl.styleUrl has priority over ui.mapgl.styleId. # @param ui.mapgl.styleIconsUrl Optional URL for [MapGL Style](https://docs.2gis.com/en/mapgl/styles/overview/editor) icons folder, e.g., '//mapgl.ingress.host/style/icons' # @param ui.mapgl.styleFontsUrl Optional URL for [MapGL Style](https://docs.2gis.com/en/mapgl/styles/overview/editor) fonts folder, e.g., '//mapgl.ingress.host/style/fonts' @@ -132,7 +131,6 @@ ui: host: mapgl-api.host scriptPath: '' key: '' - styleId: '' styleUrl: '' styleIconsUrl: '' styleFontsUrl: '' @@ -210,10 +208,10 @@ ui: enabled: false className: nginx hosts: - - host: pro-ui.example.com - paths: - - path: / - pathType: Prefix + - host: pro-ui.example.com + paths: + - path: / + pathType: Prefix tls: [] # - hosts: # - pro-ui.example.com From 5ff1e8109d2bdfef3b504485343b954ba88d2bf9 Mon Sep 17 00:00:00 2001 From: Denis Belyaev <74010851+dbelyaev-nsk@users.noreply.github.com> Date: Thu, 30 May 2024 12:03:32 +0700 Subject: [PATCH 10/91] PRO-UI fix hooks (#443) --- charts/pro-ui/templates/_helpers.tpl | 4 ++++ charts/pro-ui/templates/ui/role.yaml | 3 +++ charts/pro-ui/templates/ui/rolebinding.yaml | 3 +++ charts/pro-ui/templates/ui/secrets-styles-importer.yaml | 3 +++ charts/pro-ui/templates/ui/service-account.yaml | 3 +++ charts/pro-ui/templates/ui/styles-import-starter.yaml | 4 ++-- 6 files changed, 18 insertions(+), 2 deletions(-) diff --git a/charts/pro-ui/templates/_helpers.tpl b/charts/pro-ui/templates/_helpers.tpl index 6ff127fc6..1a61ca675 100644 --- a/charts/pro-ui/templates/_helpers.tpl +++ b/charts/pro-ui/templates/_helpers.tpl @@ -48,3 +48,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{ end }} {{- end -}} +{{- define "pro.ui.importer.hook.annotations" -}} +"helm.sh/hook": pre-install,pre-upgrade +"helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded +{{- end -}} diff --git a/charts/pro-ui/templates/ui/role.yaml b/charts/pro-ui/templates/ui/role.yaml index 6c240dc0c..aaf870edd 100644 --- a/charts/pro-ui/templates/ui/role.yaml +++ b/charts/pro-ui/templates/ui/role.yaml @@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: Role metadata: name: {{ include "pro.ui.service-account-name" . }}-role + annotations: + {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} + "helm.sh/hook-weight": "-2" rules: - apiGroups: - batch diff --git a/charts/pro-ui/templates/ui/rolebinding.yaml b/charts/pro-ui/templates/ui/rolebinding.yaml index 493965ac8..d08208b85 100644 --- a/charts/pro-ui/templates/ui/rolebinding.yaml +++ b/charts/pro-ui/templates/ui/rolebinding.yaml @@ -3,6 +3,9 @@ apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding metadata: name: {{ include "pro.ui.service-account-name" . }}-binding + annotations: + {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} + "helm.sh/hook-weight": "-1" roleRef: apiGroup: rbac.authorization.k8s.io kind: Role diff --git a/charts/pro-ui/templates/ui/secrets-styles-importer.yaml b/charts/pro-ui/templates/ui/secrets-styles-importer.yaml index a806d7c16..af9d85311 100644 --- a/charts/pro-ui/templates/ui/secrets-styles-importer.yaml +++ b/charts/pro-ui/templates/ui/secrets-styles-importer.yaml @@ -3,6 +3,9 @@ apiVersion: v1 kind: Secret metadata: name: {{ include "pro.ui.name" . }}-secret + annotations: + {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} + "helm.sh/hook-weight": "-1" type: Opaque data: s3AccessKey: {{ required "Valid .Values.dgctlStorage.accessKey required!" .Values.dgctlStorage.accessKey | b64enc }} diff --git a/charts/pro-ui/templates/ui/service-account.yaml b/charts/pro-ui/templates/ui/service-account.yaml index 57d488a6e..a1704ab92 100644 --- a/charts/pro-ui/templates/ui/service-account.yaml +++ b/charts/pro-ui/templates/ui/service-account.yaml @@ -3,4 +3,7 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "pro.ui.service-account-name" . }} + annotations: + {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} + "helm.sh/hook-weight": "-1" {{ end }} diff --git a/charts/pro-ui/templates/ui/styles-import-starter.yaml b/charts/pro-ui/templates/ui/styles-import-starter.yaml index 13edb00f3..754992bbc 100644 --- a/charts/pro-ui/templates/ui/styles-import-starter.yaml +++ b/charts/pro-ui/templates/ui/styles-import-starter.yaml @@ -4,8 +4,8 @@ kind: Job metadata: name: {{ include "pro.ui.styles-importer-name" . }}-starter annotations: - "helm.sh/hook": pre-install,pre-upgrade - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} + "helm.sh/hook-weight": "1" spec: backoffLimit: {{ .Values.stylesImporter.backoffLimit }} template: From 31461f0b2cd78c09dbd5f526341d06df76bb4800 Mon Sep 17 00:00:00 2001 From: v-loboda <111125664+v-loboda@users.noreply.github.com> Date: Mon, 10 Jun 2024 11:39:41 +0700 Subject: [PATCH 11/91] =?UTF-8?q?[PRO-5181]=20=D0=9E=D0=B1=D0=BD=D0=BE?= =?UTF-8?q?=D0=B2=D0=BB=D0=B5=D0=BD=D0=B8=D0=B5=20pro-api=20=D0=B4=D0=BE?= =?UTF-8?q?=20=D0=B2=D0=B5=D1=80=D1=81=D0=B8=D0=B8=201.22.0=20=D0=B8=20pro?= =?UTF-8?q?-ui=20=D0=B4=D0=BE=20=D0=B2=D0=B5=D1=80=D1=81=D0=B8=D0=B8=202.1?= =?UTF-8?q?5.1=20(#435)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [PRO-5181] Обновление pro-api до версии 1.17 * [PRO-5181] Поправлены замечания по ревью * [PRO-5181] Поправлен url для catalog * [PRO-5181] обновил образ до 1.22.0 * [PRO-5181] Обновление pro-api до версии 1.17 * [PRO-5181] Поправлены замечания по ревью * [PRO-5181] Поправлен url для catalog * [PRO-5181] обновил образ до 1.22.0 * Add new version for PRO-UI * Fix readme --- Breaking-Changes.md | 6 ++++ charts/pro-api/Chart.yaml | 4 +-- charts/pro-api/README.md | 36 +++++++++++-------- charts/pro-api/templates/deployment.yaml | 6 ++-- .../templates/permissions-api-deployment.yaml | 2 ++ charts/pro-api/values.yaml | 34 +++++++++++------- charts/pro-ui/Chart.yaml | 4 +-- charts/pro-ui/README.md | 12 ++++--- charts/pro-ui/templates/_env.tpl | 8 +++-- charts/pro-ui/values.schema.json | 6 ++-- charts/pro-ui/values.yaml | 8 +++-- 11 files changed, 81 insertions(+), 45 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index cbf544229..f612f903e 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,5 +1,11 @@ # 2GIS On-Premise Breaking-Changes +## [NEW_VERSION] + +### pro-api +- Added new required parameters: licenseKey, license.url +- Removed api.licensePartner + ## [1.22.0] ## citylens diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index 758843d1c..32ae9c088 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,8 +4,8 @@ description: Geo API for getting geo data type: application -version: 1.23.0 -appVersion: 1.11.2 +version: 1.24.0 +appVersion: 1.22.0 maintainers: - name: 2gis diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index 158df0002..d4a72004a 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -13,6 +13,7 @@ | Name | Description | Value | | ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | | `appName` | Name of the service. | `pro-api` | +| `licenseKey` | License key. **Required** | `""` | | `replicaCount` | A replica count for the pod. | `2` | | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | @@ -74,7 +75,7 @@ | Name | Description | Value | | ------------------ | ----------- | ------------------------- | | `image.repository` | Repository | `2gis-on-premise/pro-api` | -| `image.tag` | Tag | `1.11.2` | +| `image.tag` | Tag | `1.22.0` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### 2GIS PRO Storage configuration @@ -94,12 +95,11 @@ | `api.serviceAccount` | Kubernetes service account | `runner` | | `api.tempPath` | Path to directory used for temp data | `/tmp` | | `api.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | -| `api.licensePartner` | Name of a partner for license verification. **Required** | `""` | | `api.logging` | Logging settings | | | `api.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | | `api.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | | `api.rateLimiter` | rate limiter settings | | -| `api.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `0` | +| `api.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | | `api.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | ### Auth configuration @@ -175,23 +175,29 @@ ### Catalog API settings -| Name | Description | Value | -| ------------- | ------------------------------------------------------------------------ | ------------------------ | -| `catalog.url` | URL for [Catalog API](https://docs.2gis.com/en/on-premise/search). | `http://catalog-api.svc` | -| `catalog.key` | Access key to [Catalog API](https://docs.2gis.com/en/on-premise/search). | `""` | +| Name | Description | Value | +| ------------- | -------------------------------------------------------------------------------------------------- | ----- | +| `catalog.url` | URL for [Catalog API](https://docs.2gis.com/en/on-premise/search). Example: http://catalog-api.svc | `""` | +| `catalog.key` | Access key to [Catalog API](https://docs.2gis.com/en/on-premise/search). | `""` | ### Navigation API settings -| Name | Description | Value | -| ---------- | ---------------------------------------------------------------------------------------- | ---------------------- | -| `navi.url` | URL for [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). | `http://navi-back.svc` | -| `navi.key` | Access key to [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). | `""` | +| Name | Description | Value | +| ---------- | ---------------------------------------------------------------------------------------------------------------- | ----- | +| `navi.url` | URL for [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). Example: http://navi-back.svc | `""` | +| `navi.key` | Access key to [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). | `""` | + +### License Service API settings + +| Name | Description | Value | +| ------------- | ------------------------------------------------------------------ | ----- | +| `license.url` | Licensing server v2 URL. Example: https://license.svc **Required** | `""` | ### Search API settings -| Name | Description | Value | -| ------------ | ---------------------------------------------------------------- | ----------------------- | -| `search.url` | URL for [Search API](https://docs.2gis.com/en/on-premise/search) | `http://search-api.svc` | +| Name | Description | Value | +| ------------ | ------------------------------------------------------------------------------------------------ | ----- | +| `search.url` | URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc | `""` | ### 2GIS PRO API Job settings @@ -211,7 +217,7 @@ | Name | Description | Value | | ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.11.2` | +| `assetImporter.tag` | Docker image tag. | `1.22.0` | | `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | | `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index 35e6f593f..54df5b651 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -255,8 +255,8 @@ spec: - name: Auth__ShareKeys__{{$i}} value: "{{ $s }}" {{- end }} - - name: License__Partner - value: {{ required "A valid .Values.api.licensePartner entry required" $.Values.api.licensePartner }} + - name: License__Key + value: {{ required "A valid .Values.licenseKey entry required" $.Values.licenseKey }} - name: KEYS_SERVICE_URL value: "{{ .Values.keys.url }}" {{ if .Values.keys.token }} @@ -295,3 +295,5 @@ spec: value: "{{ .Values.api.localCache.enabled }}" - name: LocalCache__TrackStatistics value: "{{ .Values.api.localCache.trackStatistics }}" + - name: LicensingService__BaseUri + value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index a4ff965af..27e399e2f 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -181,6 +181,8 @@ spec: value: "{{ $.Values.kafka.permissionsTopic.name }}" - name: Kafka__PermissionsTopicSettings__ReaderGroupId value: "{{ $.Values.kafka.permissionsTopic.readerGroupId }}" + - name: Kafka__EventsTopicSettings__Name + value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: LocalCache__Enabled value: "{{ .Values.permissionsApi.localCache.enabled }}" - name: LocalCache__TrackStatistics diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 8af96f255..f15d65ec0 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -7,6 +7,7 @@ dgctlDockerRegistry: '' # @section Common settings # @param appName Name of the service. +# @param licenseKey License key. **Required** # @param replicaCount A replica count for the pod. # @param imagePullSecrets Kubernetes image pull secrets. # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. @@ -23,6 +24,7 @@ dgctlDockerRegistry: '' # @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). appName: pro-api +licenseKey: '' replicaCount: 2 imagePullSecrets: [] nameOverride: '' @@ -119,14 +121,14 @@ vpa: image: repository: 2gis-on-premise/pro-api - tag: 1.11.2 + tag: 1.22.0 pullPolicy: IfNotPresent # @skip permissionsApiImage permissionsApiImage: repository: 2gis-on-premise/pro-permissions-api - tag: 1.11.2 + tag: 1.22.0 pullPolicy: IfNotPresent # @section 2GIS PRO Storage configuration @@ -149,7 +151,6 @@ s3: # @param api.serviceAccount Kubernetes service account # @param api.tempPath Path to directory used for temp data # @param api.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service -# @param api.licensePartner Name of a partner for license verification. **Required** # @extra api.logging Logging settings # @param api.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text # @param api.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). @@ -175,12 +176,11 @@ api: env: '' filterByZoneCodes: false esDataCentersCount: 1 - licensePartner: '' logging: format: simple targets: '' rateLimiter: - requestsLimit: 0 + requestsLimit: 1024 windowSizeInSeconds: 1 localCache: enabled: true @@ -308,27 +308,35 @@ backgroundJobs: # @section Catalog API settings -# @param catalog.url URL for [Catalog API](https://docs.2gis.com/en/on-premise/search). +# @param catalog.url URL for [Catalog API](https://docs.2gis.com/en/on-premise/search). Example: http://catalog-api.svc # @param catalog.key Access key to [Catalog API](https://docs.2gis.com/en/on-premise/search). catalog: - url: http://catalog-api.svc + url: '' key: '' # @section Navigation API settings -# @param navi.url URL for [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). +# @param navi.url URL for [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). Example: http://navi-back.svc # @param navi.key Access key to [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). navi: - url: http://navi-back.svc + url: '' key: '' +# @section License Service API settings + +# @param license.url Licensing server v2 URL. Example: https://license.svc **Required** + +license: + url: '' + # @section Search API settings -# @param search.url URL for [Search API](https://docs.2gis.com/en/on-premise/search) +# @param search.url URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc + search: - url: http://search-api.svc + url: '' # @skip tileGen @@ -404,7 +412,7 @@ permissionsApi: assetImporter: repository: 2gis-on-premise/pro-importer - tag: 1.11.2 + tag: 1.22.0 schedule: 0 18 * * * backoffLimit: 2 successfulJobsHistoryLimit: 3 @@ -435,7 +443,7 @@ userAssetImporter: assetPreparer: repository: 2gis-on-premise/pro-importer - tag: 1.11.2 + tag: 1.22.0 schedule: 0 16 * * 6 backoffLimit: 2 successfulJobsHistoryLimit: 1 diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index 869604be1..de7deb368 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,8 +3,8 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.23.0 -appVersion: 2.14.0 +version: 1.24.0 +appVersion: 2.15.1 maintainers: - name: 2gis diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 5e0ee0c63..9b879f65e 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -40,7 +40,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | Name | Description | Value | | --------------------- | ----------- | ------------------------ | | `ui.image.repository` | Repository | `2gis-on-premise/pro-ui` | -| `ui.image.tag` | Tag | `2.14.0` | +| `ui.image.tag` | Tag | `2.15.1` | ### UI service settings @@ -68,9 +68,11 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On ### 2GIS Pro API settings -| Name | Description | Value | -| ------------ | -------------------------------------------------------------------------------------------- | ----- | -| `ui.api.url` | Base URL for the Pro API with protocol and trailing slash, ex: http://pro-api.ingress.host/. | `""` | +| Name | Description | Value | +| ---------------------- | -------------------------------------------------------------------------------------------- | ------- | +| `ui.api.url` | Base URL for the Pro API with protocol and trailing slash, ex: http://pro-api.ingress.host/. | `""` | +| `ui.api.timeout` | Timeout in ms for API request on client side, ex: 30000. | `30000` | +| `ui.api.serverTimeout` | Timeout in ms for API request on server side, ex: 30000. | `30000` | ### MapGL JS API settings @@ -183,7 +185,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `stylesImporter.serviceAccount` | Kubernetes service account | `runner` | | `stylesImporter.image.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `stylesImporter.image.tag` | Docker image tag. | `1.11.2` | +| `stylesImporter.image.tag` | Docker image tag. | `1.22.0` | | `stylesImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `stylesImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | | `stylesImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | diff --git a/charts/pro-ui/templates/_env.tpl b/charts/pro-ui/templates/_env.tpl index d7c5e85af..177cd6ff5 100644 --- a/charts/pro-ui/templates/_env.tpl +++ b/charts/pro-ui/templates/_env.tpl @@ -1,13 +1,15 @@ {{- define "pro.env.ui" -}} +- name: NETWORK_TIMEOUT + value: "{{ required "A valid .Values.ui.api.timeout" .Values.ui.api.timeout }}" +- name: SERVER_NETWORK_TIMEOUT + value: "{{ required "A valid .Values.ui.api.serverTimeout" .Values.ui.api.serverTimeout }}" - name: URBI_API_URL value: "{{ required "A valid .Values.ui.api.url entry required" .Values.ui.api.url }}" - name: MAPGL_HOST value: "{{ required "A valid .Values.ui.mapgl.host entry required" .Values.ui.mapgl.host }}" - name: MAPGL_SCRIPT_PATH value: "{{ .Values.ui.mapgl.scriptPath }}" -- name: MAPGL_STYLE_ID - value: "{{ .Values.ui.mapgl.styleId }}" - name: MAPGL_KEY value: "{{ required "A valid .Values.ui.mapgl.key entry required" .Values.ui.mapgl.key }}" - name: MAPGL_STYLE_URL @@ -49,6 +51,8 @@ - name: OPEN_ID_WELL_KNOWN_URL_LIST_URL value: "{{ required "A valid .Values.ui.auth.openIdWellKnownUrlListUrl entry required" .Values.ui.auth.openIdWellKnownUrlListUrl }}" {{- else }} +- name: OPEN_ID_WELL_KNOWN_URL_LIST_URL + value: '' - name: AUTH_IDENTITY_PROVIDER_URL value: "{{ required "A valid .Values.ui.auth.identityProviderUrl entry required" .Values.ui.auth.identityProviderUrl }}" - name: O_AUTH_API_URL diff --git a/charts/pro-ui/values.schema.json b/charts/pro-ui/values.schema.json index 39b87bff5..8fac9fe44 100644 --- a/charts/pro-ui/values.schema.json +++ b/charts/pro-ui/values.schema.json @@ -120,12 +120,14 @@ "api": { "type": "object", "additionalProperties": false, - "required": ["url"], + "required": ["url", "timeout", "serverTimeout"], "properties": { "url": { "type": "string", "pattern": "^(https?://.+/)?$" - } + }, + "timeout": { "type": "number", "minimum": 0 }, + "serverTimeout": { "type": "number", "minimum": 0 } } }, "mapgl": { diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 19d6bb748..e5c93319d 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -50,7 +50,7 @@ ui: # @param ui.image.tag Tag image: repository: 2gis-on-premise/pro-ui - tag: 2.14.0 + tag: 2.15.1 # @section UI service settings @@ -112,9 +112,13 @@ ui: # @section 2GIS Pro API settings # @param ui.api.url Base URL for the Pro API with protocol and trailing slash, ex: http://pro-api.ingress.host/. + # @param ui.api.timeout Timeout in ms for API request on client side, ex: 30000. + # @param ui.api.serverTimeout Timeout in ms for API request on server side, ex: 30000. api: url: '' + timeout: 30000 + serverTimeout: 30000 # @section MapGL JS API settings @@ -294,7 +298,7 @@ stylesImporter: serviceAccount: runner image: repository: 2gis-on-premise/pro-importer - tag: 1.11.2 + tag: 1.22.0 backoffLimit: 2 successfulJobsHistoryLimit: 3 nodeSelector: {} From a1ce1bf45cd74e285b14515b6e57f5c3357c8df3 Mon Sep 17 00:00:00 2001 From: Sergey Ordin <61708156+sergeLeLe@users.noreply.github.com> Date: Mon, 10 Jun 2024 08:37:45 +0300 Subject: [PATCH 12/91] Citylens 1.9.0 & custom CA support (#439) * Added custom CA support * Update version to 1.9.0 * Fix customCA documentation * Update readme * Fix broken templating --- charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 13 ++++++++++--- charts/citylens/templates/api/deployment.yaml | 15 +++++++++++++++ .../templates/custom-ca.configmap.yaml | 13 +++++++++++++ charts/citylens/templates/helpers.tpl | 19 +++++++++++++++++++ charts/citylens/templates/web/deployment.yaml | 15 +++++++++++++++ .../worker/deployment-camcom-sender.yaml | 15 +++++++++++++++ .../worker/deployment-frames-saver.yaml | 15 +++++++++++++++ .../worker/deployment-logs-saver.yaml | 15 +++++++++++++++ .../worker/deployment-predictions-saver.yaml | 15 +++++++++++++++ .../deployment-reporter-pro-tracks.yaml | 15 +++++++++++++++ .../worker/deployment-reporter-pro.yaml | 15 +++++++++++++++ .../deployment-track-metadata-saver.yaml | 15 +++++++++++++++ .../worker/deployment-track-reloader.yaml | 15 +++++++++++++++ charts/citylens/values.yaml | 19 ++++++++++++++++--- 15 files changed, 209 insertions(+), 7 deletions(-) create mode 100644 charts/citylens/templates/custom-ca.configmap.yaml diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index d43263356..c77519ac4 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.23.0 -appVersion: 1.8.0 +appVersion: 1.9.0 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 5eaded5d3..5ccb36215 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.8.0` | +| `api.image.tag` | Tag. | `1.9.0` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -132,7 +132,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.8.0` | +| `web.image.tag` | Tag. | `1.9.0` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -336,7 +336,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.8.0` | +| `migrations.image.tag` | Tag. | `1.9.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | @@ -412,3 +412,10 @@ See the [documentation]() to learn about: | `pro.url` | PRO API endpoint URL for filters actualization. Ex: http(s)://pro-api.svc/your_asset_name/filters | `""` | | `pro.key` | PRO API auth token | `""` | | `pro.verifySsl` | Set to `false` if pro.url must be accessed via https without certificate validation. **Required** | `true` | + +### **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` | diff --git a/charts/citylens/templates/api/deployment.yaml b/charts/citylens/templates/api/deployment.yaml index ad0563960..dbf8d59f1 100644 --- a/charts/citylens/templates/api/deployment.yaml +++ b/charts/citylens/templates/api/deployment.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/api/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.api.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -54,15 +55,29 @@ spec: env: - name: API_CONFIG_PATH value: /opt/api/config/api_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.api.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/api/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.api.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.api.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/custom-ca.configmap.yaml b/charts/citylens/templates/custom-ca.configmap.yaml new file mode 100644 index 000000000..915329f6c --- /dev/null +++ b/charts/citylens/templates/custom-ca.configmap.yaml @@ -0,0 +1,13 @@ +{{- if $.Values.customCAs.bundle }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "citylens.name" . }}-custom-ca-configmap + labels: + {{- include "citylens.configmap.labels" . | nindent 4 }} + +data: + custom-ca.crt: |- + {{- $.Values.customCAs.bundle | nindent 4 }} +{{- end }} \ No newline at end of file diff --git a/charts/citylens/templates/helpers.tpl b/charts/citylens/templates/helpers.tpl index d5e239628..5fdd904d0 100644 --- a/charts/citylens/templates/helpers.tpl +++ b/charts/citylens/templates/helpers.tpl @@ -49,6 +49,11 @@ Expand the name of the chart. {{ include "citylens.name" . }}-track-reloader {{- end }} +{{- define "citylens.configmap.labels" -}} +app.kubernetes.io/name: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + {{- define "citylens.api.selectorLabels" -}} app.kubernetes.io/name: {{ .Release.Name }} app.kubernetes.io/instance: {{ include "citylens.api.name" . }} @@ -181,3 +186,17 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - name: DGCTL_MANIFEST_DATA_TYPE value: "data_migration" {{- end }} + +{{/* +Checksum for configmap or secret +*/}} +{{- define "citylens.checksum" -}} +{{ (include (print $.Template.BasePath .path) $ | fromYaml).data | toYaml | sha256sum }} +{{- end }} + +{{/* +Mount directory for custom CA +*/}} +{{- define "citylens.customCA.mountPath" -}} +{{ $.Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/citylens/templates/web/deployment.yaml b/charts/citylens/templates/web/deployment.yaml index 5c0f38da3..1da2129cf 100644 --- a/charts/citylens/templates/web/deployment.yaml +++ b/charts/citylens/templates/web/deployment.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.web.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -62,15 +63,29 @@ spec: - name: METRICS_ENABLED value: "true" {{- end }} + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.web.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/api/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.web.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-camcom-sender.yaml b/charts/citylens/templates/worker/deployment-camcom-sender.yaml index a43d76247..254bc1f95 100644 --- a/charts/citylens/templates/worker/deployment-camcom-sender.yaml +++ b/charts/citylens/templates/worker/deployment-camcom-sender.yaml @@ -26,6 +26,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.camcomSender.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -41,15 +42,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.camcomSender.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-frames-saver.yaml b/charts/citylens/templates/worker/deployment-frames-saver.yaml index 059e346c6..1e745fc72 100644 --- a/charts/citylens/templates/worker/deployment-frames-saver.yaml +++ b/charts/citylens/templates/worker/deployment-frames-saver.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.framesSaver.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -40,15 +41,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.framesSaver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-logs-saver.yaml b/charts/citylens/templates/worker/deployment-logs-saver.yaml index 15ab0a427..af054b291 100644 --- a/charts/citylens/templates/worker/deployment-logs-saver.yaml +++ b/charts/citylens/templates/worker/deployment-logs-saver.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.logsSaver.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -40,15 +41,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.logsSaver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-predictions-saver.yaml b/charts/citylens/templates/worker/deployment-predictions-saver.yaml index e365df062..b68508ca2 100644 --- a/charts/citylens/templates/worker/deployment-predictions-saver.yaml +++ b/charts/citylens/templates/worker/deployment-predictions-saver.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.predictionsSaver.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -40,15 +41,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.predictionsSaver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml b/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml index c5a6a9ea2..dfe877986 100644 --- a/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml +++ b/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml @@ -26,6 +26,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.reporterProTracks.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -41,15 +42,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.reporterProTracks.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-reporter-pro.yaml b/charts/citylens/templates/worker/deployment-reporter-pro.yaml index c6cb20a6b..568a70b68 100644 --- a/charts/citylens/templates/worker/deployment-reporter-pro.yaml +++ b/charts/citylens/templates/worker/deployment-reporter-pro.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.reporterPro.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -40,15 +41,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.reporterPro.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml b/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml index 6d82e3423..8e5c53681 100644 --- a/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml +++ b/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml @@ -25,6 +25,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.trackMetadataSaver.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -40,15 +41,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.trackMetadataSaver.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/templates/worker/deployment-track-reloader.yaml b/charts/citylens/templates/worker/deployment-track-reloader.yaml index 2529ee2ab..a1d2f44cf 100644 --- a/charts/citylens/templates/worker/deployment-track-reloader.yaml +++ b/charts/citylens/templates/worker/deployment-track-reloader.yaml @@ -26,6 +26,7 @@ spec: metadata: annotations: checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} {{- with .Values.worker.tracksUploader.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -41,15 +42,29 @@ spec: env: - name: CONFIG_PATH value: /opt/worker/config/dashboard_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} volumeMounts: - name: config-volume mountPath: /opt/worker/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} volumes: - name: config-volume configMap: name: {{ include "citylens.web.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} {{- with .Values.worker.tracksUploader.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 83af271c8..971f91d7f 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -97,7 +97,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.8.0 + tag: 1.9.0 replicas: 4 @@ -224,7 +224,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.8.0 + tag: 1.9.0 replicas: 1 @@ -561,7 +561,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.8.0 + tag: 1.9.0 resources: requests: @@ -691,3 +691,16 @@ pro: url: '' key: '' verifySsl: true + +# @section **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. + +customCAs: + bundle: '' + # bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' From 1c85ae0c9a9c816876b6286625afeb8fb1a4b537 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Tue, 11 Jun 2024 12:51:13 +0700 Subject: [PATCH 13/91] Fix citylens-web configmap (#448) --- charts/citylens/templates/web/configmap.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/citylens/templates/web/configmap.yaml b/charts/citylens/templates/web/configmap.yaml index 970a4fc0f..688135630 100644 --- a/charts/citylens/templates/web/configmap.yaml +++ b/charts/citylens/templates/web/configmap.yaml @@ -118,6 +118,7 @@ data: frames_topics: {{ .Values.kafka.topics.frames }} metadata_topics: {{ .Values.kafka.topics.tracks }} frames_lifecycle_topic: {{ required "A valid .Values.kafka.topics.framesLifecycle entry required" .Values.kafka.topics.framesLifecycle | squote }} + unified_predictions_topic: {{ required "A valid .Values.kafka.topics.predictions entry required" .Values.kafka.topics.predictions | squote }} logs_saver: logs_topic: {{ .Values.kafka.topics.logs }} reporters: From 52c05a408f8773dda27f815d4ec89bcec2fbae14 Mon Sep 17 00:00:00 2001 From: Voronkov Alexander Date: Mon, 17 Jun 2024 08:22:20 +0300 Subject: [PATCH 14/91] =?UTF-8?q?Gis-platform.=20=D0=9C=D0=B5=D0=BB=D0=BA?= =?UTF-8?q?=D0=B8=D0=B5=20=D0=BF=D1=80=D0=B0=D0=B2=D0=BA=D0=B8=20=D0=BF?= =?UTF-8?q?=D0=BE=20=D0=B4=D0=B5=D1=84=D0=BE=D0=BB=D1=82=D0=BD=D1=8B=D0=BC?= =?UTF-8?q?=20=D0=BF=D0=B0=D1=80=D0=B0=D0=BC=D0=B5=D1=82=D1=80=D0=B0=D0=BC?= =?UTF-8?q?=20(#450)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/scripts/check-readme.sh | 2 +- charts/gis-platform/README.md | 110 ++++++++++++++++---------------- charts/gis-platform/values.yaml | 4 +- 3 files changed, 58 insertions(+), 58 deletions(-) diff --git a/.github/scripts/check-readme.sh b/.github/scripts/check-readme.sh index 82a8c7734..adaabf547 100644 --- a/.github/scripts/check-readme.sh +++ b/.github/scripts/check-readme.sh @@ -37,7 +37,7 @@ RESULT=$(( IS_DIRTY + HAS_UNTRACKED )) if [[ "$RESULT" -eq 0 ]]; then echo -e '\033[0;32mDocumentation is up-to-date\033[0m' else - echo -e '\033[0;31mYou need to update documentation: run `make prepare && make all`\033[0m' + echo -e '\033[0;31mYou need to update documentation: run in the root of the project `make prepare && make all`\033[0m' echo 'Changed files:' git status --porcelain | grep md exit 1 diff --git a/charts/gis-platform/README.md b/charts/gis-platform/README.md index d524a7101..587fd3d85 100644 --- a/charts/gis-platform/README.md +++ b/charts/gis-platform/README.md @@ -54,61 +54,61 @@ See the [documentation](https://docs.2gis.com/en/on-premise/gis-platform) to lea ### SPCore service settings -| Name | Description | Value | -| ------------------------------------------- | --------------------------------------------------------------------------------------------------- | -------------------------- | -| `spcore.replicaCount` | A replica count for the pod. | `1` | -| `spcore.service` | Service settings. | `{}` | -| `spcore.debug` | If the debug mode is enabled. | `false` | -| `spcore.resetCluster` | If true, the cluster will be reset when applying this configuration. | `false` | -| `spcore.updateDb` | If true, the database schema and data will be updated when applying this configuration. | `true` | -| `spcore.terminationGracePeriodSeconds` | Wait for up to this amount of seconds for a running instance of the service to shut down. | `60` | -| `spcore.nodePort` | Port for communication between services cross the nodes in cluster mode | `5050` | -| `spcore.appPort` | SPCore service HTTP port. | `5051` | -| `spcore.maxRenderTargets` | Maximum number of targets to render simultaneously. | `1000` | -| `spcore.loglevel` | Log level. | `Info` | -| `spcore.cors` | **CORS settings.** | | -| `spcore.cors.allowEveryone` | If true, requests from any origin will be allowed. | `false` | -| `spcore.cors.origins` | List of allowed origins (if `allowEveryone` is false). | `[]` | -| `spcore.s3` | **S3-compatible storage settings.** | | -| `spcore.s3.accessKey` | S3 access key for accessing the bucket **Required** | `""` | -| `spcore.s3.secretKey` | S3 secret key for accessing the bucket **Required** | `""` | -| `spcore.s3.host` | S3 endpoint. Format: `host:port`. **Required** | `""` | -| `spcore.s3.region` | S3 region. | `US` | -| `spcore.s3.bucket` | S3 bucket name **Required** | `""` | -| `spcore.s3.sessionBucket` | S3 bucket name for temporary session files **Required** | `""` | -| `spcore.postgres` | **Database access settings.** | | -| `spcore.postgres.host` | PostgreSQL host **Required** | `""` | -| `spcore.postgres.port` | PostgreSQL port. | `5432` | -| `spcore.postgres.username` | PostgreSQL username **Required** | `""` | -| `spcore.postgres.password` | PostgreSQL password **Required** | `""` | -| `spcore.postgres.name` | PostgreSQL database name **Required** | `""` | -| `spcore.postgres.poolsize` | PostgreSQL connection pool size. | `25` | -| `spcore.admin` | **Admin access settings.** | | -| `spcore.admin.email` | Admin email **Required** | `admin@example.com` | -| `spcore.admin.password` | Admin password **Required** | `123456` | -| `spcore.jwt` | **JSON Web Token (JWT) settings.** | | -| `spcore.jwt.tokenKey` | JWT default user token **Required** | `supersecrettoken` | -| `spcore.jwt.tokenAdmin` | JWT admin user token **Required** | `supersecrettoken` | -| `spcore.catalog` | **Catalog settings.** | | -| `spcore.catalog.url` | Catalog service URL **Required** | `""` | -| `spcore.catalog.key` | Catalog access key **Required** | `""` | -| `spcore.catalog.type` | Additional geocoder filter | `""` | -| `spcore.catalog.regionId` | Additional geocoder filter | `""` | -| `spcore.navi` | **Navi settings.** | | -| `spcore.navi.url` | Navi service URL. | `https://catalog-api.host` | -| `spcore.defaultLimits` | **Default limits.** | | -| `spcore.defaultLimits.tables` | Maximum number of tables. | `500` | -| `spcore.defaultLimits.layers` | Maximum number of layers. | `500` | -| `spcore.defaultLimits.projects` | Maximum number of projects. | `1000` | -| `spcore.defaultLimits.features` | Maximum number of features. | `1000000` | -| `spcore.startupProbe` | **Startup probe [settings](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) .** | | -| `spcore.startupProbe.initialDelaySeconds` | Seconds before the first probe. | `5` | -| `spcore.startupProbe.periodSeconds` | Probing period. | `10` | -| `spcore.startupProbe.failureThreshold` | Probing failure threshold. | `100` | -| `spcore.readinessProbe` | **Readiness probe [settings](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) .** | | -| `spcore.readinessProbe.initialDelaySeconds` | Seconds before the first probe. | `5` | -| `spcore.readinessProbe.periodSeconds` | Probing period. | `5` | -| `spcore.readinessProbe.failureThreshold` | Probing failure threshold. | `3` | +| Name | Description | Value | +| ------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------- | +| `spcore.replicaCount` | A replica count for the pod. | `1` | +| `spcore.service` | Service settings. | `{}` | +| `spcore.debug` | If the debug mode is enabled. | `false` | +| `spcore.resetCluster` | If true, the cluster will be reset when applying this configuration. | `false` | +| `spcore.updateDb` | If true, the database schema and data will be updated when applying this configuration. | `true` | +| `spcore.terminationGracePeriodSeconds` | Wait for up to this amount of seconds for a running instance of the service to shut down. | `60` | +| `spcore.nodePort` | Port for communication between services cross the nodes in cluster mode | `5050` | +| `spcore.appPort` | SPCore service HTTP port. | `5051` | +| `spcore.maxRenderTargets` | Maximum number of targets to render simultaneously. | `1000` | +| `spcore.loglevel` | Log level. | `Info` | +| `spcore.cors` | **CORS settings.** | | +| `spcore.cors.allowEveryone` | If true, requests from any origin will be allowed. | `false` | +| `spcore.cors.origins` | List of allowed origins (if `allowEveryone` is false). | `[]` | +| `spcore.s3` | **S3-compatible storage settings.** | | +| `spcore.s3.accessKey` | S3 access key for accessing the bucket **Required** | `""` | +| `spcore.s3.secretKey` | S3 secret key for accessing the bucket **Required** | `""` | +| `spcore.s3.host` | S3 endpoint. Format: `host:port`. **Required** | `""` | +| `spcore.s3.region` | S3 region. | `US` | +| `spcore.s3.bucket` | S3 bucket name **Required** | `""` | +| `spcore.s3.sessionBucket` | S3 bucket name for temporary session files **Required** | `""` | +| `spcore.postgres` | **Database access settings.** | | +| `spcore.postgres.host` | PostgreSQL host **Required** | `""` | +| `spcore.postgres.port` | PostgreSQL port. | `5432` | +| `spcore.postgres.username` | PostgreSQL username **Required** | `""` | +| `spcore.postgres.password` | PostgreSQL password **Required** | `""` | +| `spcore.postgres.name` | PostgreSQL database name **Required** | `""` | +| `spcore.postgres.poolsize` | PostgreSQL connection pool size. | `25` | +| `spcore.admin` | **Admin access settings.** | | +| `spcore.admin.email` | Admin email **Required** | `admin@example.com` | +| `spcore.admin.password` | Admin password **Required** | `123456` | +| `spcore.jwt` | **JSON Web Token (JWT) settings.** | | +| `spcore.jwt.tokenKey` | JWT default user token **Required** | `supersecrettoken` | +| `spcore.jwt.tokenAdmin` | JWT admin user token **Required** | `supersecrettoken` | +| `spcore.catalog` | **Catalog settings.** | | +| `spcore.catalog.url` | Catalog service URL **Required** Example: `http://catalog-api` | `""` | +| `spcore.catalog.key` | Catalog access key **Required** | `""` | +| `spcore.catalog.type` | Additional geocoder filter | `""` | +| `spcore.catalog.regionId` | Additional geocoder filter | `""` | +| `spcore.navi` | **Navi settings.** | | +| `spcore.navi.url` | Navi service URL. | `http://navi-front` | +| `spcore.defaultLimits` | **Default limits.** | | +| `spcore.defaultLimits.tables` | Maximum number of tables. | `500` | +| `spcore.defaultLimits.layers` | Maximum number of layers. | `500` | +| `spcore.defaultLimits.projects` | Maximum number of projects. | `1000` | +| `spcore.defaultLimits.features` | Maximum number of features. | `1000000` | +| `spcore.startupProbe` | **Startup probe [settings](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) .** | | +| `spcore.startupProbe.initialDelaySeconds` | Seconds before the first probe. | `5` | +| `spcore.startupProbe.periodSeconds` | Probing period. | `10` | +| `spcore.startupProbe.failureThreshold` | Probing failure threshold. | `100` | +| `spcore.readinessProbe` | **Readiness probe [settings](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/) .** | | +| `spcore.readinessProbe.initialDelaySeconds` | Seconds before the first probe. | `5` | +| `spcore.readinessProbe.periodSeconds` | Probing period. | `5` | +| `spcore.readinessProbe.failureThreshold` | Probing failure threshold. | `3` | ### Portal settings diff --git a/charts/gis-platform/values.yaml b/charts/gis-platform/values.yaml index 810488569..60c2d999b 100644 --- a/charts/gis-platform/values.yaml +++ b/charts/gis-platform/values.yaml @@ -142,7 +142,7 @@ spcore: tokenAdmin: supersecrettoken # @extra spcore.catalog **Catalog settings.** - # @param spcore.catalog.url Catalog service URL **Required** + # @param spcore.catalog.url Catalog service URL **Required** Example: `http://catalog-api` # @param spcore.catalog.key Catalog access key **Required** # @param spcore.catalog.type Additional geocoder filter # @param spcore.catalog.regionId Additional geocoder filter @@ -157,7 +157,7 @@ spcore: # @param spcore.navi.url Navi service URL. navi: - url: https://catalog-api.host + url: http://navi-front # @extra spcore.defaultLimits **Default limits.** # @param spcore.defaultLimits.tables Maximum number of tables. From 651dbd988664c82d995f02d0b7af3d2e50f54cdc Mon Sep 17 00:00:00 2001 From: Vladimir Popov Date: Mon, 17 Jun 2024 12:23:02 +0700 Subject: [PATCH 15/91] [license] Fixed issue with k8s ca automount (#444) --- charts/license/templates/statefulset.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/license/templates/statefulset.yaml b/charts/license/templates/statefulset.yaml index 42bcc1c78..39174e3c6 100644 --- a/charts/license/templates/statefulset.yaml +++ b/charts/license/templates/statefulset.yaml @@ -39,6 +39,7 @@ spec: {{- if ne (include "license.type" $) "1" }} serviceAccountName: {{ include "license.serviceAccount" $ }} {{- end }} + automountServiceAccountToken: true containers: - name: license {{- with .image }} From f55281a384f3c9c5697d3f4289d76693e6451c33 Mon Sep 17 00:00:00 2001 From: Dmitriy Donov Date: Tue, 18 Jun 2024 13:08:53 +0700 Subject: [PATCH 16/91] WAPI-23444 custom ca twins api (#437) * WAPI-23444 custom ca twins api * WAPI-23444 custom ca twins api * WAPI-23444 custom ca twins api --- charts/twins-api/README.md | 7 ++++ charts/twins-api/templates/_helpers.tpl | 36 +++++++++++++++++++ .../twins-api/templates/api/deployment.yaml | 15 +++++++- .../templates/configmap-deploys.yaml | 11 ++++++ .../twins-api/templates/configmap-jobs.yaml | 15 ++++++++ .../templates/importer/cleaner/job.yaml | 11 ++++++ charts/twins-api/templates/importer/job.yaml | 17 +++++++-- charts/twins-api/templates/migrate/job.yaml | 11 ++++++ charts/twins-api/values.yaml | 13 +++++++ 9 files changed, 133 insertions(+), 3 deletions(-) create mode 100644 charts/twins-api/templates/configmap-deploys.yaml create mode 100644 charts/twins-api/templates/configmap-jobs.yaml diff --git a/charts/twins-api/README.md b/charts/twins-api/README.md index d232494c6..bdd033e38 100644 --- a/charts/twins-api/README.md +++ b/charts/twins-api/README.md @@ -171,6 +171,13 @@ Use this Helm chart to deploy API Twins service, which is a part of 2GIS's [On-P | `importer.cleaner.resources.limits.cpu` | A CPU limit | `1000m` | | `importer.cleaner.resources.limits.memory` | A memory limit | `512Mi` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` | + ## Maintainers diff --git a/charts/twins-api/templates/_helpers.tpl b/charts/twins-api/templates/_helpers.tpl index d6c3edb19..42c6fabaa 100644 --- a/charts/twins-api/templates/_helpers.tpl +++ b/charts/twins-api/templates/_helpers.tpl @@ -208,3 +208,39 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- print "autoscaling/v2" -}} {{- end -}} {{- end -}} + +{{- define "twins.env.custom.ca.path" -}} +- name: SSL_CERT_DIR + value: {{ include "twins.custom.ca.mountPath" . }} +{{- end }} + +{{- define "twins.custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} + +{{- define "twins.custom.ca.volumeMounts" -}} +- name: custom-ca + mountPath: {{ include "twins.custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + readOnly: true +{{- end -}} + +{{- define "twins.custom.ca.jobs.volumes" -}} +- name: custom-ca + configMap: + name: {{ include "twins.configmap.jobs.name" . }} +{{- end -}} + +{{- define "twins.custom.ca.deploys.volumes" -}} +- name: custom-ca + configMap: + name: {{ include "twins.configmap.deploys.name" . }} +{{- end -}} + +{{- define "twins.configmap.jobs.name" -}} +{{ include "twins.name" . }}-configmap-jobs +{{- end -}} + +{{- define "twins.configmap.deploys.name" -}} +{{ include "twins.name" . }}-configmap-deploys +{{- end -}} diff --git a/charts/twins-api/templates/api/deployment.yaml b/charts/twins-api/templates/api/deployment.yaml index 5ae69d561..757342d66 100644 --- a/charts/twins-api/templates/api/deployment.yaml +++ b/charts/twins-api/templates/api/deployment.yaml @@ -2,9 +2,14 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "twins.api.name" . }} - {{- with .Values.api.annotations }} + {{- if or .Values.api.annotations .Values.customCAs.bundle }} annotations: + {{- if .Values.customCAs.bundle }} + checksum/config: {{ include (print .Template.BasePath "/configmap-deploys.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.api.annotations }} {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} labels: {{- include "twins.api.labels" . | nindent 4 }} @@ -48,6 +53,14 @@ spec: {{- toYaml .Values.api.resources | nindent 12 }} env: {{- include "twins.env.api" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "twins.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "twins.custom.ca.deploys.volumes" . | nindent 8 }} + {{- end }} {{- with .Values.api.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/twins-api/templates/configmap-deploys.yaml b/charts/twins-api/templates/configmap-deploys.yaml new file mode 100644 index 000000000..37fd8eae3 --- /dev/null +++ b/charts/twins-api/templates/configmap-deploys.yaml @@ -0,0 +1,11 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "twins.configmap.deploys.name" . }} + labels: + {{- include "twins.labels" . | nindent 4}} +data: + custom-ca.crt: |- +{{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/twins-api/templates/configmap-jobs.yaml b/charts/twins-api/templates/configmap-jobs.yaml new file mode 100644 index 000000000..40b8dc213 --- /dev/null +++ b/charts/twins-api/templates/configmap-jobs.yaml @@ -0,0 +1,15 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "twins.configmap.jobs.name" . }} + labels: + {{- include "twins.labels" . | nindent 4}} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed + "helm.sh/hook-weight": "-10" +data: + custom-ca.crt: |- +{{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/twins-api/templates/importer/cleaner/job.yaml b/charts/twins-api/templates/importer/cleaner/job.yaml index b59fb8573..18d15d9dd 100644 --- a/charts/twins-api/templates/importer/cleaner/job.yaml +++ b/charts/twins-api/templates/importer/cleaner/job.yaml @@ -26,6 +26,17 @@ spec: {{- toYaml .Values.importer.cleaner.resources | nindent 12 }} env: {{- include "twins.env.importer" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "twins.env.custom.ca.path" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "twins.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "twins.custom.ca.jobs.volumes" . | nindent 8 }} + {{- end }} {{- with .Values.importer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/twins-api/templates/importer/job.yaml b/charts/twins-api/templates/importer/job.yaml index 74f16b12a..0e30b18aa 100644 --- a/charts/twins-api/templates/importer/job.yaml +++ b/charts/twins-api/templates/importer/job.yaml @@ -35,17 +35,30 @@ spec: {{- toYaml .Values.importer.resources | nindent 12 }} env: {{- include "twins.env.importer" . | nindent 12 }} - {{- if .Values.importer.persistentVolume.enabled }} + {{- if .Values.customCAs.bundle }} + {{- include "twins.env.custom.ca.path" . | nindent 12 }} + {{- end }} + {{- if or .Values.importer.persistentVolume.enabled .Values.customCAs.bundle }} volumeMounts: + {{- if .Values.importer.persistentVolume.enabled }} - name: {{ include "twins.importer.name" . }}-pv mountPath: "/tmp" + {{- end }} + {{- if .Values.customCAs.bundle }} + {{- include "twins.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} {{- end }} - {{- if .Values.importer.persistentVolume.enabled }} + {{- if or .Values.importer.persistentVolume.enabled .Values.customCAs.bundle }} volumes: + {{- if .Values.importer.persistentVolume.enabled }} - name: {{ include "twins.importer.name" . }}-pv persistentVolumeClaim: claimName: {{ include "twins.importer.name" . }} {{- end }} + {{- if .Values.customCAs.bundle }} + {{- include "twins.custom.ca.jobs.volumes" . | nindent 8 }} + {{- end }} + {{- end }} {{- with .Values.importer.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/twins-api/templates/migrate/job.yaml b/charts/twins-api/templates/migrate/job.yaml index 747a199e5..fb826873b 100644 --- a/charts/twins-api/templates/migrate/job.yaml +++ b/charts/twins-api/templates/migrate/job.yaml @@ -35,6 +35,17 @@ spec: {{- toYaml .Values.migrate.resources | nindent 12 }} env: {{- include "twins.env.db.jobs" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "twins.env.custom.ca.path" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "twins.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "twins.custom.ca.jobs.volumes" . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/twins-api/values.yaml b/charts/twins-api/values.yaml index e62d4aa61..35f4c65a3 100644 --- a/charts/twins-api/values.yaml +++ b/charts/twins-api/values.yaml @@ -298,3 +298,16 @@ importer: limits: cpu: 1000m memory: 512Mi + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. + +customCAs: + bundle: '' + # bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' From a178dcc25d5d6f4cbc4799c61ead3611e5f1d380 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Tue, 18 Jun 2024 18:40:57 +0700 Subject: [PATCH 17/91] Bump citylens to 1.10.0 (#453) * Bump citylens to 1.10.0 * Complete renaming pro.url to pro.baseUrl --- Breaking-Changes.md | 3 +++ charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 17 +++++++++-------- charts/citylens/templates/web/configmap.yaml | 6 ++++-- charts/citylens/values.yaml | 14 ++++++++------ 5 files changed, 25 insertions(+), 17 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index f612f903e..6d116035c 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -6,6 +6,9 @@ - Added new required parameters: licenseKey, license.url - Removed api.licensePartner +### citylens +- Parameter `pro.url` replaced with `pro.baseUrl` and `pro.framesAssetId` (ex: `pro.url: "http://pro-api:8080/my_asset/filters"` -> `pro.baseUrl: "http://pro-api:8080"` , `pro.framesAssetId: "my_asset"`) + ## [1.22.0] ## citylens diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index c77519ac4..41cd41638 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.23.0 -appVersion: 1.9.0 +appVersion: 1.10.0 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 5ccb36215..52a1adb86 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.9.0` | +| `api.image.tag` | Tag. | `1.10.0` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -132,7 +132,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.9.0` | +| `web.image.tag` | Tag. | `1.10.0` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -336,7 +336,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.9.0` | +| `migrations.image.tag` | Tag. | `1.10.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | @@ -407,11 +407,12 @@ See the [documentation]() to learn about: ### PRO integration (only when Pro reporter enabled) -| Name | Description | Value | -| --------------- | ------------------------------------------------------------------------------------------------- | ------ | -| `pro.url` | PRO API endpoint URL for filters actualization. Ex: http(s)://pro-api.svc/your_asset_name/filters | `""` | -| `pro.key` | PRO API auth token | `""` | -| `pro.verifySsl` | Set to `false` if pro.url must be accessed via https without certificate validation. **Required** | `true` | +| Name | Description | Value | +| ------------------- | ----------------------------------------------------------------------------------------------------- | ------ | +| `pro.baseUrl` | PRO API URL (used for filters actualization). Ex: http(s)://pro-api.svc/your_asset_name/filters | `""` | +| `pro.key` | PRO API auth token | `""` | +| `pro.verifySsl` | Set to `false` if pro.baseUrl must be accessed via https without certificate validation. **Required** | `true` | +| `pro.framesAssetId` | PRO frames asset id (used for filters actualization). Ex: your_asset_name | `""` | ### **Custom Certificate Authority** diff --git a/charts/citylens/templates/web/configmap.yaml b/charts/citylens/templates/web/configmap.yaml index 688135630..c8df5e164 100644 --- a/charts/citylens/templates/web/configmap.yaml +++ b/charts/citylens/templates/web/configmap.yaml @@ -83,12 +83,14 @@ data: pro: {{- with .Values.pro }} client: - endpoint_url: {{ .url }} + base_url: {{ .baseUrl }} token: {{ .key }} verify_ssl: {{ .verifySsl }} {{- end }} topics: frames: {{ .Values.kafka.topics.pro }} + assets: + frames: {{ .Values.pro.framesAssetId }} map: tileserver_url_template: {{ required "A valid .Values.map.tileserverUrl entry required" .Values.map.tileserverUrl }}/tiles?x={x}&y={y}&z={z} mapgl: @@ -110,7 +112,7 @@ data: {{- if .Values.worker.camcomSender.enabled }} - camcom_stats {{- end }} - {{- if .Values.pro.url }} + {{- if .Values.pro.baseUrl }} - pro {{- end }} header_help_url: 'https://docs.google.com/document/d/1ypaEpklxfc9S5e7FdG2sWBT-WfIR_uZGvQp8X3Xrr0c' diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 971f91d7f..f48152dbf 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -97,7 +97,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.9.0 + tag: 1.10.0 replicas: 4 @@ -224,7 +224,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.9.0 + tag: 1.10.0 replicas: 1 @@ -561,7 +561,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.9.0 + tag: 1.10.0 resources: requests: @@ -683,14 +683,16 @@ reporters: # @section PRO integration (only when Pro reporter enabled) -# @param pro.url PRO API endpoint URL for filters actualization. Ex: http(s)://pro-api.svc/your_asset_name/filters +# @param pro.baseUrl PRO API URL (used for filters actualization). Ex: http(s)://pro-api.svc/your_asset_name/filters # @param pro.key PRO API auth token -# @param pro.verifySsl Set to `false` if pro.url must be accessed via https without certificate validation. **Required** +# @param pro.verifySsl Set to `false` if pro.baseUrl must be accessed via https without certificate validation. **Required** +# @param pro.framesAssetId PRO frames asset id (used for filters actualization). Ex: your_asset_name pro: - url: '' + baseUrl: '' key: '' verifySsl: true + framesAssetId: '' # @section **Custom Certificate Authority** From ca434be81016ceb8724ea4569a3ef1af2e2e90e8 Mon Sep 17 00:00:00 2001 From: ostrovskiy2gis <108522609+ostrovskiy2gis@users.noreply.github.com> Date: Tue, 18 Jun 2024 20:03:19 +0300 Subject: [PATCH 18/91] PRO-5559: upgrade key ui to latest (#449) * PRO-5559: upgrade key ui to latest * WAPI-23482 Add configuration for Public API sign (#429) * WAPI-23482 Add configuration for Public API sign * impr * disabled by default * optional signkey in secret * optional signkey in secret * upd image version * reset chart version --------- Co-authored-by: Kirill Salnikov --- charts/keys/Chart.yaml | 2 +- charts/keys/README.md | 12 +++++++----- charts/keys/templates/helpers.tpl | 9 +++++++++ charts/keys/templates/secret-deploys.yaml | 3 +++ charts/keys/values.yaml | 14 ++++++++++++-- image_versions.txt | 2 +- 6 files changed, 33 insertions(+), 9 deletions(-) diff --git a/charts/keys/Chart.yaml b/charts/keys/Chart.yaml index 8a77152a2..4c0564cab 100644 --- a/charts/keys/Chart.yaml +++ b/charts/keys/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy API Keys service version: 1.23.0 -appVersion: 1.79.0 +appVersion: 1.85.2 maintainers: - name: 2gis diff --git a/charts/keys/README.md b/charts/keys/README.md index 2c2fb7054..f27da4a4d 100644 --- a/charts/keys/README.md +++ b/charts/keys/README.md @@ -31,17 +31,18 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `imagePullPolicy` | Pull policy. | `IfNotPresent` | | `backend.image.repository` | Backend service image repository. | `2gis-on-premise/keys-backend` | -| `backend.image.tag` | Backend service image tag. | `1.79.0` | +| `backend.image.tag` | Backend service image tag. | `1.85.2` | | `admin.image.repository` | Admin service image repository. | `2gis-on-premise/keys-ui` | -| `admin.image.tag` | Admin service image tag. | `0.7.0` | +| `admin.image.tag` | Admin service image tag. | `0.8.0` | | `redis.image.repository` | Redis image repository. | `2gis-on-premise/keys-redis` | | `redis.image.tag` | Redis image tag. | `6.2.6-alpine3.15` | ### Flags for enabling/disabling certain features. -| Name | Description | Value | -| -------------------------- | --------------------- | ------- | -| `featureFlags.enableAudit` | Enable audit logging. | `false` | +| Name | Description | Value | +| ---------------------------------- | --------------------------------------- | ------- | +| `featureFlags.enableAudit` | Enable audit logging. | `false` | +| `featureFlags.enablePublicAPISign` | Enable signing responses in Public API. | `false` | ### Admin service settings @@ -85,6 +86,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | `api.adminUsers` | Usernames and passwords of admin users. Format: `username1:password1,username2:password2`. | `""` | | `api.adminSessionTTL` | TTL of the admin users sessions. Duration string is a sequence of decimal numbers with optional fraction and unit suffix, like `100ms`, `2.3h` or `4h35m`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. | `336h` | | `api.logLevel` | Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. | `warning` | +| `api.signPrivateKey` | RSA-PSS 2048 private key (in PKCS#1 format) for signing responses in Public API. | `""` | | `api.replicas` | A replica count for the pod. | `1` | | `api.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | | `api.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | diff --git a/charts/keys/templates/helpers.tpl b/charts/keys/templates/helpers.tpl index 14c0651e5..97c148dff 100644 --- a/charts/keys/templates/helpers.tpl +++ b/charts/keys/templates/helpers.tpl @@ -99,11 +99,20 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- define "keys.env.featureFlags" -}} - name: KEYS_FEATURE_FLAGS_AUDIT value: "{{ .Values.featureFlags.enableAudit }}" +- name: KEYS_FEATURE_FLAGS_PUBLIC_API_SIGN + value: "{{ .Values.featureFlags.enablePublicAPISign }}" {{- end }} {{- define "keys.env.api" -}} - name: KEYS_LOG_LEVEL value: "{{ .Values.api.logLevel }}" +{{- if .Values.featureFlags.enablePublicAPISign }} +- name: KEYS_SIGN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ include "keys.secret.deploys.name" . }} + key: signPrivateKey +{{- end }} {{- end }} {{- define "keys.env.import" -}} diff --git a/charts/keys/templates/secret-deploys.yaml b/charts/keys/templates/secret-deploys.yaml index a8e83f533..03176dfa3 100644 --- a/charts/keys/templates/secret-deploys.yaml +++ b/charts/keys/templates/secret-deploys.yaml @@ -12,6 +12,9 @@ data: dbROPassword: {{ required "A valid .Values.postgres.ro.password required" .Values.postgres.ro.password | b64enc }} dbRWPassword: {{ required "A valid .Values.postgres.rw.password required" .Values.postgres.rw.password | b64enc }} ldapBindPassword: {{ .Values.ldap.bind.password | b64enc }} + {{- if .Values.featureFlags.enablePublicAPISign }} + signPrivateKey: {{ required "A valid .Values.api.signPrivateKey required" .Values.api.signPrivateKey | b64enc }} + {{- end }} {{- if .Values.redis.password }} redisPassword: {{ .Values.redis.password | b64enc }} {{- end }} diff --git a/charts/keys/values.yaml b/charts/keys/values.yaml index 635075296..889e84e5d 100644 --- a/charts/keys/values.yaml +++ b/charts/keys/values.yaml @@ -23,20 +23,22 @@ imagePullPolicy: IfNotPresent featureFlags: # @param featureFlags.enableAudit Enable audit logging. + # @param featureFlags.enablePublicAPISign Enable signing responses in Public API. enableAudit: false + enablePublicAPISign: false backend: image: repository: 2gis-on-premise/keys-backend - tag: 1.79.0 + tag: 1.85.2 # @section Admin service settings admin: image: repository: 2gis-on-premise/keys-ui - tag: 0.7.0 + tag: 0.8.0 # @param admin.replicas A replica count for the pod. @@ -142,6 +144,14 @@ api: # @param api.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. logLevel: warning + # @param api.signPrivateKey RSA-PSS 2048 private key (in PKCS#1 format) for signing responses in Public API. + + signPrivateKey: '' + # signPrivateKey: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + # @param api.replicas A replica count for the pod. replicas: 1 diff --git a/image_versions.txt b/image_versions.txt index 2220c1e8f..6c1d42a66 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -23,7 +23,7 @@ keycloak keys keys-backend:1.79.0 keys-redis:6.2.6-alpine3.15 - keys-ui:0.7.0 + keys-ui:0.8.0 license license:2.2.1 mapgl-js-api From 033623cc7543b4f5f59daf983809808215f58a76 Mon Sep 17 00:00:00 2001 From: Michel Beloshitsky Date: Wed, 19 Jun 2024 07:12:14 +0300 Subject: [PATCH 19/91] =?UTF-8?q?=D0=9F=D1=80=D0=B0=D0=B2=D0=BA=D0=B8=20?= =?UTF-8?q?=D0=B2=20=D1=87=D0=B0=D1=80=D1=82=D0=B0=D1=85=20mapgl-js-api=20?= =?UTF-8?q?=20=D0=B8=20floors-api=20(#420)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/floors-api/Chart.yaml | 2 +- charts/floors-api/README.md | 1 - charts/floors-api/values.yaml | 2 -- charts/mapgl-js-api/Chart.yaml | 2 +- charts/mapgl-js-api/README.md | 25 ++++++++++--------- charts/mapgl-js-api/templates/deployment.yaml | 6 ++--- charts/mapgl-js-api/values.yaml | 15 +++++------ 7 files changed, 26 insertions(+), 27 deletions(-) diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml index 8749e911e..d24edb04b 100644 --- a/charts/floors-api/Chart.yaml +++ b/charts/floors-api/Chart.yaml @@ -4,7 +4,7 @@ description: Helm for floors service type: application version: 1.23.0 -appVersion: 1.0.4 +appVersion: 1.0.5 maintainers: - name: 2gis diff --git a/charts/floors-api/README.md b/charts/floors-api/README.md index 72f46b609..13ba02603 100644 --- a/charts/floors-api/README.md +++ b/charts/floors-api/README.md @@ -100,7 +100,6 @@ Read more about the On-Premise solution [here](https://docs.2gis.com/en/on-premi | Name | Description | Value | | ---------------------------------- | -------------------------------- | --------------------------------- | -| `import.enabled` | If import task should be enabled | `true` | | `import.image.repository` | Import task image repository. | `2gis-on-premise/floors-importer` | | `import.image.tag` | Import task image tag. | `1.0.4` | | `import.image.pullPolicy` | Import task pull policy. | `IfNotPresent` | diff --git a/charts/floors-api/values.yaml b/charts/floors-api/values.yaml index 3b0e5d5b4..c990cb575 100644 --- a/charts/floors-api/values.yaml +++ b/charts/floors-api/values.yaml @@ -150,7 +150,6 @@ nginx: # @section Floors API data import settings -# @param import.enabled If import task should be enabled # @param import.image.repository Import task image repository. # @param import.image.tag Import task image tag. # @param import.image.pullPolicy Import task pull policy. @@ -161,7 +160,6 @@ nginx: # @extra import.resources.limits.memory A memory limit, e.g., `128Mi`. import: - enabled: true image: repository: 2gis-on-premise/floors-importer pullPolicy: IfNotPresent diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index 8121d52b0..a21cfbaab 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -5,7 +5,7 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application version: 1.23.0 -appVersion: 1.45.1 +appVersion: 1.47.1 maintainers: - name: 2gis diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index 91c0edb3e..86728fe61 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -45,22 +45,23 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | Name | Description | Value | | ------------------ | ----------- | ----------------------- | | `image.repository` | Repository | `2gis-on-premise/mapgl` | -| `image.tag` | Tag | `1.45.1` | +| `image.tag` | Tag | `1.47.1` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Environment variables -| Name | Description | Value | -| ----------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| `env.MAPGL_HOST` | Domain name for MapGL JS API service. | `https://mapgl-api.ingress.host` | -| `env.MAPGL_TILES_API` | Domain name of the Tiles API service. | `https://tiles-api.ingress.host` | -| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | -| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | -| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service. | `https://traffic-proxy.ingress.host` | -| `env.MAPGL_FLOORSSERVER` | Domain name of the Floors API service. | `https://floors-api.ingress.host` | -| `env.MAPGL_KEYSERVER` | Domain name of the API Keys service. | `https://keys-api.ingress.host` | -| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support. | `https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js` | -| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| `env.MAPGL_HOST` | URL for MapGL JS API service. | `https://mapgl-api.ingress.host` | +| `env.MAPGL_TILES_API` | URL of the Tiles API service. | `https://tiles-api.ingress.host` | +| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | +| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | +| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service. | `https://traffic-proxy.ingress.host` | +| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service. | `https://floors-api.ingress.host` | +| `env.MAPGL_KEYSERVER` | URL of the API Keys service. | `https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api` | +| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support. | `https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js` | +| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | +| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | ### Strategy settings diff --git a/charts/mapgl-js-api/templates/deployment.yaml b/charts/mapgl-js-api/templates/deployment.yaml index 2e309769b..b7ea17bca 100644 --- a/charts/mapgl-js-api/templates/deployment.yaml +++ b/charts/mapgl-js-api/templates/deployment.yaml @@ -53,17 +53,17 @@ spec: - name: MAPGL_TRAFFICSERVER value: "{{ .Values.env.MAPGL_TRAFFICSERVER }}" - name: MAPGL_FLOORSSERVER - value: "https://{{ .Values.env.MAPGL_FLOORSSERVER }}" + value: "{{ .Values.env.MAPGL_FLOORSSERVER }}" - name: MAPGL_FLOORSSERVER_HOST value: "{{ .Values.env.MAPGL_FLOORSSERVER }}" - name: MAPGL_KEYSERVER - value: "https://{{ .Values.env.MAPGL_KEYSERVER }}/public/v1/keys/{keyID}/services/mapgl-js-api" - - name: MAPGL_KEYSERVER_HOST value: "{{ .Values.env.MAPGL_KEYSERVER }}" - name: MAPGL_RTLPLUGIN value: "{{ .Values.env.MAPGL_RTLPLUGIN }}" - name: MAPGL_RTLPLUGINHASH value: "{{ .Values.env.MAPGL_RTLPLUGINHASH }}" + - name: MAPGL_INVALID_KEY_MESSAGE + value: "{{ .Values.env.MAPGL_INVALID_KEY_MESSAGE }}" ports: - name: http containerPort: 8080 diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index ccfa42373..add05e63d 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -36,22 +36,23 @@ podLabels: {} image: repository: 2gis-on-premise/mapgl - tag: 1.45.1 + tag: 1.47.1 pullPolicy: IfNotPresent # @section Environment variables # @skip env.MAPGL_DEMO_KEY -# @param env.MAPGL_HOST Domain name for MapGL JS API service. -# @param env.MAPGL_TILES_API Domain name of the Tiles API service. +# @param env.MAPGL_HOST URL for MapGL JS API service. +# @param env.MAPGL_TILES_API URL of the Tiles API service. # @param env.MAPGL_TILESET Tileset of the Tiles API service to use. # @param env.MAPGL_IMMERSIVE_TILESET Additional immersive tileset of the Tiles API service to use. # @param env.MAPGL_TRAFFICSERVER Domain name of the Traffic Proxy service. -# @param env.MAPGL_FLOORSSERVER Domain name of the Floors API service. -# @param env.MAPGL_KEYSERVER Domain name of the API Keys service. +# @param env.MAPGL_FLOORSSERVER URL of the Floors API service. +# @param env.MAPGL_KEYSERVER URL of the API Keys service. # @param env.MAPGL_RTLPLUGIN URL of the plugin for right-to-left languages support. # @param env.MAPGL_RTLPLUGINHASH SHA512 hash of the RTL plugin. +# @param env.MAPGL_INVALID_KEY_MESSAGE Custom error message for invalid MapGL key. env: MAPGL_DEMO_KEY: empty @@ -61,10 +62,10 @@ env: MAPGL_IMMERSIVE_TILESET: web_immersive MAPGL_TRAFFICSERVER: https://traffic-proxy.ingress.host MAPGL_FLOORSSERVER: https://floors-api.ingress.host - MAPGL_KEYSERVER: https://keys-api.ingress.host + MAPGL_KEYSERVER: "https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api" MAPGL_RTLPLUGIN: https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js MAPGL_RTLPLUGINHASH: sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA== - + MAPGL_INVALID_KEY_MESSAGE: Your MapGL key is invalid. Please contact support to get valid key. # @section Strategy settings From 8d6c3ff6730f98343a3ded631acdd87f701d7220 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Fri, 21 Jun 2024 12:49:46 +0700 Subject: [PATCH 20/91] Add ability to add extra env vars to citylens-web deployment (#455) * Add ability to add extra env vars to citylens-web deployment * Fix missing end tag --- charts/citylens/templates/web/deployment.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/charts/citylens/templates/web/deployment.yaml b/charts/citylens/templates/web/deployment.yaml index 1da2129cf..5dcd06be0 100644 --- a/charts/citylens/templates/web/deployment.yaml +++ b/charts/citylens/templates/web/deployment.yaml @@ -67,6 +67,12 @@ spec: - name: SSL_CERT_DIR value: {{ include "citylens.customCA.mountPath" $ }} {{- end }} + {{- if .Values.web.extraEnvVars }} + {{- range $env_name, $env_value := .Values.web.extraEnvVars }} + - name: {{ $env_name }} + value: {{ $env_value | squote }} + {{- end }} + {{- end }} resources: {{- toYaml .Values.web.resources | nindent 12 }} volumeMounts: From 2b50f212ee5808f6aab74a941c19a42ed70b126c Mon Sep 17 00:00:00 2001 From: i-bogomazov <106957509+i-bogomazov@users.noreply.github.com> Date: Tue, 25 Jun 2024 11:58:26 +0300 Subject: [PATCH 21/91] chart/generic-chart syncup (#452) --- charts/generic-chart/README.md | 69 ++++++++++++++----- charts/generic-chart/templates/_cronjob.yaml | 34 +++++++++ .../generic-chart/templates/_deployment.yaml | 39 ++--------- charts/generic-chart/templates/_helpers.tpl | 22 +++++- charts/generic-chart/templates/_job.yaml | 18 +++++ charts/generic-chart/templates/_job_spec.yaml | 28 ++++++++ charts/generic-chart/templates/_pod_spec.yaml | 43 ++++++++++++ charts/generic-chart/values.yaml | 48 ++++++++++++- 8 files changed, 243 insertions(+), 58 deletions(-) create mode 100644 charts/generic-chart/templates/_cronjob.yaml create mode 100644 charts/generic-chart/templates/_job.yaml create mode 100644 charts/generic-chart/templates/_job_spec.yaml create mode 100644 charts/generic-chart/templates/_pod_spec.yaml diff --git a/charts/generic-chart/README.md b/charts/generic-chart/README.md index 5066e0cd5..61d9d78ab 100644 --- a/charts/generic-chart/README.md +++ b/charts/generic-chart/README.md @@ -38,6 +38,12 @@ For other templates re-use named definitions as follows: Below are supported parameters. +## Test chart + +Test chart based on generic-chart is located in resources. + +Chart is tested using [pipeline](https://gitlab.2gis.ru/traffic/cicd-pipelines/-/blob/master/pipelines/single-chart.yml). See `.gitlab-ci.yml`. + ### Values #### Common settings @@ -47,23 +53,25 @@ Below are supported parameters. | `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | | `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -#### Deployment settings - -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ----- | -| `labels` | Custom labels to set to Deployment resource | `{}` | -| `annotations` | Custom annotations to set to Deployment resource | `{}` | -| `replicaCount` | A replica count for the pod | `1` | -| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `1` | -| `strategy` | Deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). Undergoes template rendering | `{}` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | -| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | -| `priorityClassName` | Kubernetes [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name | `""` | -| `terminationGracePeriodSeconds` | Maximum time allowed for graceful shutdown | `60` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +#### [Deployment](https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/) settings + +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------- | +| `labels` | Custom labels to set to Deployment resource | `{}` | +| `annotations` | Custom annotations to set to Deployment resource | `{}` | +| `replicaCount` | A replica count for the pod | `1` | +| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `1` | +| `strategy` | Deployment [strategy](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy). Undergoes template rendering | `{}` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `priorityClassName` | Kubernetes [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name | `""` | +| `terminationGracePeriodSeconds` | Maximum time allowed for graceful shutdown | `60` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `enableServiceLinks` | Services injection into containers environment | `false` | +| `restartPolicy` | Kubernetes pod [restart policy](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) | `""` | #### Kubernetes [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) settings @@ -97,7 +105,7 @@ Below are supported parameters. | `pdb.minAvailable` | How many pods must be available after the eviction. | `""` | | `pdb.maxUnavailable` | How many pods can be unavailable after the eviction. | `1` | -#### Service settings +#### [Service](https://kubernetes.io/docs/concepts/services-networking/service/) settings | Name | Description | Value | | --------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | @@ -107,10 +115,33 @@ Below are supported parameters. | `service.clusterIP` | Controls Service cluster IP allocation. Cannot be changed after resource creation. | `""` | | `service.port` | Service port. | `80` | -#### Service account settings +#### [Service account](https://kubernetes.io/docs/concepts/security/service-accounts/) settings | Name | Description | Value | | ---------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------ | | `serviceAccount.create` | Specifies whether a service account should be created. | `true` | | `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | | `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | + +#### [CronJob](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/) settings + +| Name | Description | Value | +| ------------------------------------ | --------------------------------------------------------------- | ------- | +| `cronJob.suspend` | Suspend execution of Jobs. | `false` | +| `cronJob.schedule` | Schedule follows the Cron syntax. | `""` | +| `cronJob.startingDeadlineSeconds` | Defines a deadline (in whole seconds) for starting the Job. | `""` | +| `cronJob.concurrencyPolicy` | Concurrent executions of a Job that is created by this CronJob. | `""` | +| `cronJob.successfulJobsHistoryLimit` | How many completed Jobs should be kept. | `""` | +| `cronJob.failedJobsHistoryLimit` | How many failed Jobs should be kept. | `""` | + +#### [Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/) settings + +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------------------------------------------------------------- | ----- | +| `job.backoffLimit` | Number of retries before considering a Job as failed. | `""` | +| `job.backoffLimitPerIndex` | Maximal number of pod failures per index. | `""` | +| `job.podFailurePolicy` | Pod failure policy. | `""` | +| `job.completions` | Number of successful pods for completion Job. | `""` | +| `job.completionMode` | Completion mode (NonIndexed or Indexed). | `""` | +| `job.parallelism` | Number of pods running at any instant. | `""` | +| `job.restartPolicy` | Kubernetes pod [restart policy](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) | `""` | diff --git a/charts/generic-chart/templates/_cronjob.yaml b/charts/generic-chart/templates/_cronjob.yaml new file mode 100644 index 000000000..e3cad0852 --- /dev/null +++ b/charts/generic-chart/templates/_cronjob.yaml @@ -0,0 +1,34 @@ +{{- define "generic-chart.cronjob.tpl" }} +{{ $ctx := .ctx }} +{{ $cronJob := .cronJob }} +apiVersion: {{ include "generic-chart.capabilities.cronjob.apiVersion" $ctx }} +kind: CronJob +metadata: + name: {{ include "generic-chart.fullname" $ctx }}{{ include "generic-chart.getSuffix" $cronJob }} + labels: + {{- include "generic-chart.labels" $ctx | nindent 4 }} + {{- with $ctx.labels }} + {{- toYaml . | nindent 4 }} + {{- end }}{{- /* labels */}} + {{- with $ctx.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }}{{- /* annotations */}} +spec: + schedule: {{ required "A valid cronJob.schedule entry required" $cronJob.schedule | quote }} + suspend: {{ ($cronJob).suspend }} + {{- if ($cronJob).startingDeadlineSeconds }} + startingDeadlineSeconds: {{ ($cronJob).startingDeadlineSeconds }} + {{- end }} + {{- if ($cronJob).concurrencyPolicy }} + concurrencyPolicy: {{ ($cronJob).concurrencyPolicy }} + {{- end }} + {{- if ($cronJob).successfulJobsHistoryLimit }} + successfulJobsHistoryLimit: {{ ($cronJob).successfulJobsHistoryLimit }} + {{- end }} + {{- if ($cronJob).failedJobsHistoryLimit }} + failedJobsHistoryLimit: {{ ($cronJob).failedJobsHistoryLimit }} + {{- end }} + jobTemplate: + {{- include "generic-chart.job_spec.tpl" . | nindent 4 }} +{{- end }} diff --git a/charts/generic-chart/templates/_deployment.yaml b/charts/generic-chart/templates/_deployment.yaml index 9cf972b56..6ed68956e 100644 --- a/charts/generic-chart/templates/_deployment.yaml +++ b/charts/generic-chart/templates/_deployment.yaml @@ -29,39 +29,8 @@ spec: matchLabels: {{- include "generic-chart.selectorLabels" . | nindent 6 }} template: - metadata: - {{- with .Values.podAnnotations }} - annotations: - {{- toYaml . | nindent 8 }} - {{- end }}{{- /* podAnnotations */}} - labels: - {{- include "generic-chart.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }}{{- /* imagePullSecrets */}} - serviceAccountName: {{ include "generic-chart.serviceAccountName" . }} - {{- with .Values.podSecurityContext }} - securityContext: - {{- toYaml . | nindent 8 }} - {{- end }}{{- /* podSecurityContext */}} - {{- with .Values.priorityClassName }} - priorityClassName: {{ . }} - {{- end }}{{- /* priorityClassName */}} - {{- with .Values.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ . | default 60 }} - {{- end }}{{- /* terminationGracePeriodSeconds */}} - {{- with .Values.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 8 }} - {{- end }}{{- /* nodeSelector */}} - {{- if .Values.affinity }} - affinity: - {{- include "tplvalues.render" ( dict "value" .Values.affinity "context" . ) | nindent 8 }} - {{- end }}{{- /* affinity */}} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }}{{- /* tolerations */}} + {{ include "generic-chart.pod_spec.tpl" . | nindent 4 }} + {{- with .Values.restartPolicy }} + restartPolicy: {{ . }} + {{- end }}{{- /* restartPolicy */}} {{- end }} {{- /* define */}} diff --git a/charts/generic-chart/templates/_helpers.tpl b/charts/generic-chart/templates/_helpers.tpl index 6049d0668..f7554aa78 100644 --- a/charts/generic-chart/templates/_helpers.tpl +++ b/charts/generic-chart/templates/_helpers.tpl @@ -82,7 +82,7 @@ Usage: "value" .Values.vpa.containerName "context" .) }} {{- else }} - {{- .Chart.Name }} + {{- .Chart.Name | replace "_" "-" }} {{- end }} {{- end -}} @@ -145,3 +145,23 @@ containerResource: container: {{ include "generic-chart.containerName" . }} {{- end -}} {{- end -}} + +{{/* +Return the appropriate apiVersion for cronjob. +*/}} +{{- define "generic-chart.capabilities.cronjob.apiVersion" -}} +{{- if semverCompare "<1.21-0" (include "generic-chart.capabilities.kubeVersion" .) -}} +{{- print "batch/v1beta1" -}} +{{- else -}} +{{- print "batch/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Return the suffix from .suffix. +*/}} +{{- define "generic-chart.getSuffix" -}} +{{- if .suffix -}} +{{- printf "-%s" (toString .suffix) -}} +{{- end -}} +{{- end -}} diff --git a/charts/generic-chart/templates/_job.yaml b/charts/generic-chart/templates/_job.yaml new file mode 100644 index 000000000..72b725e7d --- /dev/null +++ b/charts/generic-chart/templates/_job.yaml @@ -0,0 +1,18 @@ +{{- define "generic-chart.job.tpl" -}} +{{ $ctx := .ctx }} +{{ $job := .job }} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "generic-chart.fullname" $ctx }}{{ include "generic-chart.getSuffix" $job }} + labels: + {{- include "generic-chart.labels" $ctx | nindent 4 }} + {{- with $ctx.labels }} + {{- toYaml . | nindent 4 }} + {{- end }}{{- /* labels */}} + {{- with $ctx.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }}{{- /* annotations */}} +{{ include "generic-chart.job_spec.tpl" . }} +{{- end }} diff --git a/charts/generic-chart/templates/_job_spec.yaml b/charts/generic-chart/templates/_job_spec.yaml new file mode 100644 index 000000000..b969f3166 --- /dev/null +++ b/charts/generic-chart/templates/_job_spec.yaml @@ -0,0 +1,28 @@ +{{- define "generic-chart.job_spec.tpl" -}} +{{ $ctx := .ctx }} +{{ $job := .job }} +spec: + {{- if ($job).backoffLimit }} + backoffLimit: {{ ($job).backoffLimit }} + {{- end }} + {{- if ($job).backoffLimitPerIndex }} + backoffLimitPerIndex: {{ ($job).backoffLimitPerIndex }} + {{- end }} + {{- if ($job).podFailurePolicy }} + podFailurePolicy: {{ ($job).podFailurePolicy }} + {{- end }} + {{- if ($job).completions }} + completions: {{ ($job).completions }} + {{- end }} + {{- if ($job).completionMode }} + completionMode: {{ ($job).completionMode }} + {{- end }} + {{- if ($job).parallelism }} + parallelism: {{ ($job).parallelism }} + {{- end }} + template: + {{- include "generic-chart.pod_spec.tpl" $ctx | nindent 4 }} + {{- with ($job).restartPolicy }} + restartPolicy: {{ . }} + {{- end }}{{- /* restartPolicy */}} +{{- end }} diff --git a/charts/generic-chart/templates/_pod_spec.yaml b/charts/generic-chart/templates/_pod_spec.yaml new file mode 100644 index 000000000..a9b07a7f3 --- /dev/null +++ b/charts/generic-chart/templates/_pod_spec.yaml @@ -0,0 +1,43 @@ +{{- define "generic-chart.pod_spec.tpl" -}} +{{- /* +apiVersion: v1 +kind: Pod +metadata: +*/ -}} +metadata: + {{- with .Values.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }}{{- /* podAnnotations */}} + labels: + {{- include "generic-chart.selectorLabels" . | nindent 8 }} +spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }}{{- /* imagePullSecrets */}} + serviceAccountName: {{ include "generic-chart.serviceAccountName" . }} + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }}{{- /* podSecurityContext */}} + {{- with .Values.priorityClassName }} + priorityClassName: {{ . }} + {{- end }}{{- /* priorityClassName */}} + {{- with .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ . | default 60 }} + {{- end }}{{- /* terminationGracePeriodSeconds */}} + enableServiceLinks: {{ .Values.enableServiceLinks | default false }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }}{{- /* nodeSelector */}} + {{- if .Values.affinity }} + affinity: + {{- include "tplvalues.render" ( dict "value" .Values.affinity "context" . ) | nindent 8 }} + {{- end }}{{- /* affinity */}} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }}{{- /* tolerations */}} +{{- end }} {{- /* define */}} diff --git a/charts/generic-chart/values.yaml b/charts/generic-chart/values.yaml index 717c6a0a5..46541b202 100644 --- a/charts/generic-chart/values.yaml +++ b/charts/generic-chart/values.yaml @@ -7,7 +7,7 @@ nameOverride: '' fullnameOverride: '' -# @section Deployment settings +# @section [Deployment](https://kubernetes.io/docs/tasks/run-application/run-stateless-application-deployment/) settings # @param labels Custom labels to set to Deployment resource # @param annotations Custom annotations to set to Deployment resource @@ -22,6 +22,8 @@ fullnameOverride: '' # @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) # @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) # @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings +# @param enableServiceLinks Services injection into containers environment +# @param restartPolicy Kubernetes pod [restart policy](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) labels: {} annotations: {} @@ -36,6 +38,8 @@ terminationGracePeriodSeconds: 60 nodeSelector: {} affinity: {} tolerations: [] +enableServiceLinks: false +restartPolicy: '' # @section Kubernetes [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) settings @@ -86,7 +90,7 @@ pdb: maxUnavailable: 1 -# @section Service settings +# @section [Service](https://kubernetes.io/docs/concepts/services-networking/service/) settings # @param service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). Undergoes template rendering # @param service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). Undergoes template rendering @@ -102,7 +106,7 @@ service: port: 80 -# @section Service account settings +# @section [Service account](https://kubernetes.io/docs/concepts/security/service-accounts/) settings # @param serviceAccount.create Specifies whether a service account should be created. # @param serviceAccount.annotations Annotations to add to the service account. @@ -112,3 +116,41 @@ serviceAccount: create: true annotations: {} name: '' + + +# @section [CronJob](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/) settings + +# @param cronJob.suspend Suspend execution of Jobs. +# @param cronJob.schedule Schedule follows the Cron syntax. +# @param cronJob.startingDeadlineSeconds Defines a deadline (in whole seconds) for starting the Job. +# @param cronJob.concurrencyPolicy Concurrent executions of a Job that is created by this CronJob. +# @param cronJob.successfulJobsHistoryLimit How many completed Jobs should be kept. +# @param cronJob.failedJobsHistoryLimit How many failed Jobs should be kept. + +cronJob: + suspend: false + schedule: '' + startingDeadlineSeconds: '' + concurrencyPolicy: '' + successfulJobsHistoryLimit: '' + failedJobsHistoryLimit: '' + + +# @section [Job](https://kubernetes.io/docs/concepts/workloads/controllers/job/) settings + +# @param job.backoffLimit Number of retries before considering a Job as failed. +# @param job.backoffLimitPerIndex Maximal number of pod failures per index. +# @param job.podFailurePolicy Pod failure policy. +# @param job.completions Number of successful pods for completion Job. +# @param job.completionMode Completion mode (NonIndexed or Indexed). +# @param job.parallelism Number of pods running at any instant. +# @param job.restartPolicy Kubernetes pod [restart policy](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#restart-policy) + +job: + backoffLimit: '' + backoffLimitPerIndex: '' + podFailurePolicy: '' + completions: '' + completionMode: '' + parallelism: '' + restartPolicy: '' From 5785840cfd1238eca8febe4682883ae371ed8ec5 Mon Sep 17 00:00:00 2001 From: DAMoskalev <33502773+DAMoskalev@users.noreply.github.com> Date: Wed, 26 Jun 2024 10:49:01 +0300 Subject: [PATCH 22/91] pro-api serviceAccountOverride support (#456) * changes * update * value description added * readme update * readme update --------- Co-authored-by: Dmitrii Moskalev --- charts/pro-api/README.md | 23 ++++++++++--------- charts/pro-api/templates/_helpers.tpl | 13 +++++++---- charts/pro-api/templates/service-account.yaml | 2 ++ charts/pro-api/values.yaml | 4 +++- 4 files changed, 26 insertions(+), 16 deletions(-) diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index d4a72004a..0fb1d7330 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -90,17 +90,18 @@ ### 2GIS PRO API configuration -| Name | Description | Value | -| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | -| `api.serviceAccount` | Kubernetes service account | `runner` | -| `api.tempPath` | Path to directory used for temp data | `/tmp` | -| `api.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | -| `api.logging` | Logging settings | | -| `api.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | -| `api.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | -| `api.rateLimiter` | rate limiter settings | | -| `api.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | -| `api.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | +| Name | Description | Value | +| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | +| `api.serviceAccount` | Kubernetes service account | `runner` | +| `api.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | +| `api.tempPath` | Path to directory used for temp data | `/tmp` | +| `api.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | +| `api.logging` | Logging settings | | +| `api.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | +| `api.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | +| `api.rateLimiter` | rate limiter settings | | +| `api.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | +| `api.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | ### Auth configuration diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index a771fb884..d114e20db 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -51,12 +51,17 @@ {{- end -}} {{- end -}} + {{- define "pro-api.service-account-name" -}} -{{- $name := default .Values.api.serviceAccount -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- if empty .Values.api.serviceAccountOverride }} + {{- $name := default .Values.api.serviceAccount -}} + {{- if contains $name .Release.Name -}} + {{- .Release.Name | trunc 63 | trimSuffix "-" -}} + {{- else -}} + {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- end -}} {{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} + {{- .Values.api.serviceAccountOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} diff --git a/charts/pro-api/templates/service-account.yaml b/charts/pro-api/templates/service-account.yaml index dad84083d..7586bbd27 100644 --- a/charts/pro-api/templates/service-account.yaml +++ b/charts/pro-api/templates/service-account.yaml @@ -1,4 +1,6 @@ +{{- if empty .Values.api.serviceAccountOverride }} apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "pro-api.service-account-name" . }} +{{- end }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index f15d65ec0..9174c7c89 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -148,7 +148,8 @@ s3: # @section 2GIS PRO API configuration -# @param api.serviceAccount Kubernetes service account +# @param api.serviceAccount Kubernetes service account +# @param api.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. # @param api.tempPath Path to directory used for temp data # @param api.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service # @extra api.logging Logging settings @@ -169,6 +170,7 @@ s3: api: serviceAccount: runner + serviceAccountOverride: '' tempPath: /tmp allowAnyOrigin: false logEsQueries: false From 1d563573a7f0e642dde6313577ccd4d76c5a0766 Mon Sep 17 00:00:00 2001 From: uk-navi-ci <161344134+uk-navi-ci@users.noreply.github.com> Date: Wed, 26 Jun 2024 11:19:20 +0300 Subject: [PATCH 23/91] [chart/navi-back] 7.23.0.5 release (#451) --- .gitignore | 2 + charts/navi-back/Chart.yaml | 6 +- charts/navi-back/README.md | 427 ++++++----- charts/navi-back/templates/NOTES.txt | 8 +- charts/navi-back/templates/_helpers.tpl | 130 +--- charts/navi-back/templates/configmap.yaml | 696 ++++++++++-------- charts/navi-back/templates/deployment.yaml | 128 ++-- charts/navi-back/templates/hpa.yaml | 40 +- charts/navi-back/templates/ingress.yaml | 4 +- charts/navi-back/templates/pdb.yaml | 22 +- charts/navi-back/templates/secret.yaml | 4 +- charts/navi-back/templates/service.yaml | 19 +- .../navi-back/templates/serviceaccount.yaml | 13 +- charts/navi-back/templates/vpa.yaml | 36 +- charts/navi-back/values.yaml | 390 ++++++---- 15 files changed, 992 insertions(+), 933 deletions(-) diff --git a/.gitignore b/.gitignore index 34b82a233..2b8f1bd3e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ .idea .DS_Store readme-generator-for-helm +Chart.lock +/charts/*/charts diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index ecadf3af5..e1f31d734 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -7,7 +7,11 @@ keywords: - back - backend version: 1.24.0 -appVersion: 7.15.2.4 +appVersion: 7.23.0.5 +dependencies: + - name: generic-chart + version: "*" + repository: file://../generic-chart maintainers: - name: 2gis url: https://github.com/2gis diff --git a/charts/navi-back/README.md b/charts/navi-back/README.md index 9da6418b3..5f12e302e 100644 --- a/charts/navi-back/README.md +++ b/charts/navi-back/README.md @@ -22,231 +22,277 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn ### Docker Registry settings -| Name | Description | Value | -| --------------------- | --------------------------------------------------------------------------------------- | ----- | -| `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. | `""` | +| Name | Description | Value | +| --------------------- | -------------------------------------------------------------------------------------- | ----- | +| `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port` | `""` | ### Common settings -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| `replicaCount` | A replica count for the pod. | `1` | -| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | -| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `labels` | Custom labels to set to Deployment resource. | `{}` | -| `priorityClassName` | Kubernetes [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name. | `""` | -| `preStopDelay` | Delay in seconds before terminating container. | `5` | -| `terminationGracePeriodSeconds` | Maximum time allowed for graceful shutdown. | `60` | - -### Deployment settings +| Name | Description | Value | +| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------ | ------ | +| `replicaCount` | A replica count for the pod | `1` | +| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `1` | +| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart | `""` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| `labels` | Custom labels to set to Deployment resource | `{}` | +| `priorityClassName` | Kubernetes [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name | `""` | +| `preStopDelay` | Delay in seconds before terminating container | `5` | +| `terminationGracePeriodSeconds` | Maximum time allowed for graceful shutdown | `60` | +| `extraVolumes` | Optionally specify extra list of additional volumes | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts | `[]` | +| `initContainers` | Add additional init containers | `[]` | +| `sidecars` | Add additional sidecar containers | `[]` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `0` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `2` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `2` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `true` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `0` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `360` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `command` | Override default command | `[]` | +| `args` | Override default args | `[]` | + +### Container image settings | Name | Description | Value | | ------------------ | ----------- | --------------------------- | | `image.repository` | Repository | `2gis-on-premise/navi-back` | -| `image.tag` | Tag | `7.15.2.4` | +| `image.tag` | Tag | `7.23.0.5` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Navi-Back application settings -| Name | Description | Value | -| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | -| `naviback.ecaHost` | DEPRECATED: Use naviback.ecaUrl. Domain name of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster. | | -| `naviback.ecaUrl` | URL of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster. | | -| `naviback.forecastHost` | URL of Traffic forecast service. See the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster. | | -| `naviback.dmSourcesLimit` | Size limit for source matrices. | `1000` | -| `naviback.dmTargetsLimit` | Size limit for target matrices. | `1000` | -| `naviback.handlersNumber` | Number of HTTP handlers. | `1` | -| `naviback.maxProcessTime` | Maximum processing time limit in minutes. | `600` | -| `naviback.responseTimelimit` | Maximum response time limit in minutes. | `60` | -| `naviback.requestTimeout` | Maximum request time limit in minutes. | `60` | -| `naviback.timeoutLimitSec` | Maximum downloading time can be reached after failures. | `1200` | -| `naviback.timeoutIncrementSec` | Downloading time increment after failures. | `140` | -| `naviback.totalRetryDurationSec` | Downloading timeout with all failure retries. | `2400` | -| `naviback.initialRetryIntervalSec` | Initial timeout for a failure retry. | `2` | -| `naviback.dump.result` | Dump results in logs. | `false` | -| `naviback.dump.query` | Dump queries in logs. | `false` | -| `naviback.dump.answer` | Dump answers in logs. | `false` | -| `naviback.logLevel` | Logging level, one of: Verbose, Info, Warning, Error, Fatal. | `Info` | -| `naviback.indexFilename` | Name of index file. | `index.json.zip` | -| `naviback.citiesFilename` | Name of the cities file on Castle | `cities.conf.zip` | -| `naviback.sentry.enabled` | If sending crash dumps to Sentry needed | `false` | -| `naviback.sentry.address` | Sentry URL | `sentry.host` | -| `naviback.sentry.project` | Sentry project ID | `navi-back` | -| `naviback.sentry.username` | Sentry username | `navi-back` | -| `naviback.sentry.printMessages` | If outgoing messages needed | `false` | -| `naviback.sentry.debug` | Debugging switch | `false` | -| `naviback.sentry.reportPath` | Local directory to dump | `/tmp/sentry` | -| `naviback.sentry.handler` | Handler file location | `/usr/sbin/2gis/mosesd/crashpad_handler` | -| `naviback.castleHost` | URL of Navi-Castle service, ex: http://navi-castle.svc.
This URL should be accessible from all the pods within your Kubernetes cluster. | `""` | -| `naviback.enablePassableBarriers` | Consider passable barriers. | | -| `naviback.grpcPort` | GRPC port to serve. Disabled if empty. | | -| `naviback.disableUpdates` | Test switch for disabling runtime background updates | `false` | -| `naviback.indices` | List of dynamic indices kill switches. | | -| `naviback.additionalSections` | Optinal JSON block to be added to config file as-is. | | -| `naviback.simpleNetwork.bicycle` | Enable simple network for bicycle routing | | -| `naviback.simpleNetwork.car` | Enable simple network for auto routing | | -| `naviback.simpleNetwork.emergency` | Enable simple network for emergency vehicles routing | `false` | -| `naviback.simpleNetwork.pedestrian` | Enable simple network for pedestrian routing | | -| `naviback.simpleNetwork.taxi` | Enable simple network for taxi routing | | -| `naviback.simpleNetwork.truck` | Enable simple network for truck routing | | -| `naviback.simpleNetwork.scooter` | Enable simple network for scooters routing | | -| `naviback.attractor.bicycle` | Enable enhanced attractor for bicycle routing | | -| `naviback.attractor.car` | Enable enhanced attractor for auto routing | | -| `naviback.attractor.pedestrian` | Enable enhanced attractor for pedestrian routing | | -| `naviback.attractor.taxi` | Enable enhanced attractor for taxi routing | | -| `naviback.attractor.truck` | Enable enhanced attractor for truck routing | | -| `naviback.attractor.scooter` | Enable enhanced attractor for scooters routing | | -| `naviback.bss.enabled` | Enable sending information on the construction of routes to the business statistics service | `false` | -| `naviback.bss.client.serviceRemoteAddress` | Remote address business statistics service. Requeruired for enable sending information. | `""` | -| `naviback.bss.client.messageCountToFlush` | Message count to flush. | `500` | -| `naviback.bss.client.useCompression` | Enable compression. | `true` | -| `naviback.bss.client.packageSizeMaxBytes` | Package size max bytes. | `1800000` | -| `naviback.bss.client.pendingTransmissionMaxCount` | Pending transmission max count. | `10` | -| `naviback.reduceEdgesOptimizationFlag` | Enable optimizations for distance matrix queries processing | | -| `naviback.behindSplitter` | Current instance is behind splitter or not | `false` | -| `naviback.overrideConfig` | Complete config override. For test purposes only. | `""` | -| `naviback.rtr.enabled` | Enable real time restrictions. | `false` | -| `naviback.rtr.url` | URL real time restrictions server. | `http://rtr.navi` | +| Name | Description | Value | +| ------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | +| `naviback.ecaHost` | DEPRECATED: Use naviback.ecaUrl. Domain name of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster | | +| `naviback.ecaUrl` | URL of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster | | +| `naviback.forecastHost` | URL of Traffic forecast service. See the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster | | +| `naviback.dmSourcesLimit` | Size limit for source matrices | `1000` | +| `naviback.dmTargetsLimit` | Size limit for target matrices | `1000` | +| `naviback.handlersNumber` | Total number of HTTP/GRPC handlers | `1` | +| `naviback.queueSize` | Internal queue size | `128` | +| `naviback.maxProcessTime` | Maximum processing time limit in minutes | `20` | +| `naviback.responseTimelimit` | Maximum response time limit in minutes | `120` | +| `naviback.requestTimeout` | Maximum request time limit in minutes | `120` | +| `naviback.timeoutLimitSec` | Maximum downloading time can be reached after failures | `1200` | +| `naviback.timeoutIncrementSec` | Downloading time increment after failures | `140` | +| `naviback.totalRetryDurationSec` | Downloading timeout with all failure retries | `2400` | +| `naviback.initialRetryIntervalSec` | Initial timeout for a failure retry | `2` | +| `naviback.dump.result` | Dump results in logs | `false` | +| `naviback.dump.query` | Dump queries in logs | `false` | +| `naviback.dump.answer` | Dump answers in logs | `false` | +| `naviback.logLevel` | Logging level, one of: Verbose, Info, Warning, Error, Fatal | `Info` | +| `naviback.indexFilename` | Name of the index file on Castle | `index.json.zip` | +| `naviback.citiesFilename` | Name of the cities file on Castle | `cities.conf.zip` | +| `naviback.sentry.enabled` | If sending crash dumps to Sentry needed | `false` | +| `naviback.sentry.address` | Sentry URL | `sentry.local` | +| `naviback.sentry.project` | Sentry project ID | `navi-back` | +| `naviback.sentry.username` | Sentry username | `navi` | +| `naviback.sentry.printMessages` | If outgoing messages needed | `false` | +| `naviback.sentry.debug` | Debugging switch | `false` | +| `naviback.sentry.reportPath` | Local directory to dump | `/tmp/sentry` | +| `naviback.sentry.handler` | Handler file location | `/usr/sbin/2gis/mosesd/crashpad_handler` | +| `naviback.castleHost` | DEPRECATED: Use naviback.castleUrl. Domain name of Navi-Castle service.
This URL should be accessible from all the pods within your Kubernetes cluster | | +| `naviback.castleUrl` | URL of Navi-Castle service.
This URL should be accessible from all the pods within your Kubernetes cluster | `""` | +| `naviback.enablePassableBarriers` | Consider passable barriers | | +| `naviback.grpcPort` | GRPC port to serve. Disabled if empty | | +| `naviback.disableUpdates` | Test switch for disabling runtime background updates | `false` | +| `naviback.indices` | List of dynamic indices kill switches | | +| `naviback.additionalSections` | Optinal JSON block to be added to config file as-is | | +| `naviback.simpleNetwork.bicycle` | Enable simple network for bicycle routing | | +| `naviback.simpleNetwork.car` | Enable simple network for auto routing | | +| `naviback.simpleNetwork.emergency` | Enable simple network for emergency vehicles routing | | +| `naviback.simpleNetwork.pedestrian` | Enable simple network for pedestrian routing | | +| `naviback.simpleNetwork.taxi` | Enable simple network for taxi routing | | +| `naviback.simpleNetwork.truck` | Enable simple network for truck routing | | +| `naviback.simpleNetwork.scooter` | Enable simple network for scooters routing | | +| `naviback.attractor.bicycle` | Enable enhanced attractor for bicycle routing | | +| `naviback.attractor.car` | Enable enhanced attractor for auto routing | | +| `naviback.attractor.pedestrian` | Enable enhanced attractor for pedestrian routing | | +| `naviback.attractor.taxi` | Enable enhanced attractor for taxi routing | | +| `naviback.attractor.truck` | Enable enhanced attractor for truck routing | | +| `naviback.attractor.scooter` | Enable enhanced attractor for scooters routing | | +| `naviback.bss.enabled` | Enable sending information on the construction of routes to the business statistics service | `false` | +| `naviback.bss.client.serviceRemoteAddress` | Remote address business statistics service. Requeruired for enable sending information | `""` | +| `naviback.bss.client.messageCountToFlush` | Message count to flush | `500` | +| `naviback.bss.client.useCompression` | Enable compression | `true` | +| `naviback.bss.client.packageSizeMaxBytes` | Package size max bytes | `1800000` | +| `naviback.bss.client.pendingTransmissionMaxCount` | Pending transmission max count | `10` | +| `naviback.bss.client.timeoutLimitMilSec` | Maximum request time limit in milliseconds | `5000` | +| `naviback.reduceEdgesOptimizationFlag` | Enable optimizations for distance matrix queries processing | | +| `naviback.behindSplitter` | The current instance is behind splitter or not | `false` | +| `naviback.overrideConfig` | Complete config override. For test purposes only | `""` | +| `naviback.rtr.enabled` | Enable real time restrictions | `false` | +| `naviback.rtr.url` | URL real time restrictions server | `http://rtr` | +| `naviback.rtr.updatePeriod` | Update period from real time restrictions server | `60` | +| `naviback.validation.enabled` | Enable validation responses and requests (used for internal tests) | `false` | +| `naviback.validation.ctx.schemasFolder` | Path to folder with ctx JSON schemas | `/usr/share/2gis/schemas/nsr_schemas` | +| `naviback.validation.ctx.requestSchemaName` | Name of ctx request validation schema | `CTXRequestModel.json` | +| `naviback.validation.ctx.responseSchemaName` | Name of ctx response validation schema | `CTXResponseModelV4.json` | +| `naviback.validation.bss.schemasFolder` | Path to folder with bss JSON schemas | `/usr/share/2gis/schemas/bss_schemas` | +| `naviback.validation.bss.requestSchemaName` | Name of bss request validation schema | `""` | +| `naviback.validation.bss.responseSchemaName` | Name of bss response validation schema | `401.schema.json` | +| `naviback.validation.distanceMatrix.schemasFolder` | Path to folder with distance matrix JSON schemas | `/usr/share/2gis/schemas/nsr_schemas` | +| `naviback.validation.distanceMatrix.requestSchemaName` | Name of distance matrix request validation schema | `DistanceMatrixRequestModel.json` | +| `naviback.validation.distanceMatrix.responseSchemaName` | Name of distance matrix response validation schema | `DistanceMatrixResponseModel.json` | +| `naviback.validation.isochrone.schemasFolder` | Path to folder with isochrone JSON schemas | `/usr/share/2gis/schemas/nsr_schemas` | +| `naviback.validation.isochrone.requestSchemaName` | Name of isochrone request validation schema | `IsochroneApiRequestModel.json` | +| `naviback.validation.isochrone.responseSchemaName` | Name of isochrone response validation schema | `IsochroneApiResponseModel.json` | +| `naviback.tilesMetricsThreshold` | The value at which we send tiles metrics (used for internal tests) | `0` | +| `naviback.hierarchies.enabled` | If hierarchies cache available | `false` | +| `naviback.hierarchies.s3path` | Hierarchies cache remote location | `""` | +| `naviback.etaScheduleIndex.enabled` | If Schedule Index available | `false` | +| `naviback.etaScheduleIndex.url` | Schedule Index remote url | `""` | ### Envoy settings, ignored if not `transmitter.enabled`. Leave with defaults, FOR FUTURE RELEASE. -| Name | Description | Value | -| ------------------------ | ----------- | ----------------------- | -| `envoy.image.repository` | Repository | `2gis-on-premise/envoy` | -| `envoy.image.tag` | Tag | `v1.27.0` | -| `envoy.image.pullPolicy` | Pull Policy | `IfNotPresent` | - -### Frozen data settings. For test purposes only. - -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------- | ----------------------------- | -| `frozenData.enabled` | If use frozen data is enabled. | `false` | -| `frozenData.image.repository` | Repository | `2gis-on-premise/frozen-data` | -| `frozenData.image.tag` | Tag | `""` | -| `frozenData.image.pullPolicy` | Pull Policy | `Always` | -| `frozenData.resources` | Container resources requirements structure. | `{}` | -| `frozenData.resources.requests.cpu` | CPU request, recommended value `100m`. | `undefined` | -| `frozenData.resources.requests.memory` | Memory request, recommended value `100Mi`. | `undefined` | -| `frozenData.resources.limits.cpu` | CPU limit, recommended value `100m`. | `undefined` | -| `frozenData.resources.limits.memory` | Memory limit, recommended value `100Mi`. | `undefined` | +| Name | Description | Value | +| --------------------------------- | ------------------------------------------ | ----------------------- | +| `envoy.image.repository` | Repository | `2gis-on-premise/envoy` | +| `envoy.image.tag` | Tag | `v1.27.0` | +| `envoy.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `envoy.resources` | Container resources requirements structure | `{}` | +| `envoy.resources.requests.cpu` | CPU request, recommended value `100m` | `undefined` | +| `envoy.resources.requests.memory` | Memory request, recommended value `100Mi` | `undefined` | +| `envoy.resources.limits.cpu` | CPU limit, recommended value `100m` | `undefined` | +| `envoy.resources.limits.memory` | Memory limit, recommended value `100Mi` | `undefined` | ### Service account settings -| Name | Description | Value | -| ---------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ------- | -| `serviceAccount.create` | Specifies whether a service account should be created. | `false` | -| `serviceAccount.annotations` | Annotations to add to the service account. | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| Name | Description | Value | +| ---------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ------- | +| `serviceAccount.create` | Specifies whether a service account should be created | `false` | +| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | +| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | `""` | ### Service settings -| Name | Description | Value | -| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| `service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `service.clusterIP` | Controls Service cluster IP allocation. Cannot be changed after resource creation. | `""` | -| `service.port` | Service port. | `80` | -| `service.grpcPort` | Service GRPC port if `naviback.grpcPort` enabled. | `50051` | -| `service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `nil` | -| `service.headless.enabled` | Enable creating a secondary headless service | `false` | -| `service.headless.annotations` | Annotations for secondary headless service | `{}` | +| Name | Description | Value | +| ------------------------------ | ----------------------------------------------------------------------------------------------------------------------------- | ----------- | +| `service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) | `ClusterIP` | +| `service.clusterIP` | Controls Service cluster IP allocation. Cannot be changed after resource creation | `""` | +| `service.port` | Service port | `80` | +| `service.grpcPort` | Service GRPC port if `naviback.grpcPort` enabled | `50051` | +| `service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `nil` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `service.headless.enabled` | Enable creating a secondary headless service | `false` | +| `service.headless.annotations` | Annotations for secondary headless service | `{}` | ### Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------- | ----------------------- | -| `ingress.enabled` | If Ingress is enabled for the service. | `false` | -| `ingress.className` | Name of the Ingress controller class. | `nginx` | -| `ingress.hosts[0].host` | Hostname for the Ingress service. | `navi-back.example.com` | -| `ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `ingress.tls` | TLS configuration | `[]` | +| Name | Description | Value | +| ------------------------------------ | ---------------------------------------- | ----------------------- | +| `ingress.className` | Name of the Ingress controller class | `nginx` | +| `ingress.enabled` | If Ingress is enabled for the service | `false` | +| `ingress.hosts[0].host` | Hostname for the Ingress service | `navi-back.example.com` | +| `ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service | `/` | +| `ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service | `Prefix` | +| `ingress.tls` | TLS configuration | `[]` | ### Limits -| Name | Description | Value | -| --------------------------- | ------------------------------------------- | ----------- | -| `resources` | Container resources requirements structure. | `{}` | -| `resources.requests.cpu` | CPU request, recommended value `1000m`. | `undefined` | -| `resources.requests.memory` | Memory request, recommended value `2Gi`. | `undefined` | -| `resources.limits.cpu` | CPU limit, recommended value `3000m`. | `undefined` | -| `resources.limits.memory` | Memory limit, recommended value `8Gi`. | `undefined` | +| Name | Description | Value | +| --------------------------- | ------------------------------------------ | ----------- | +| `resources` | Container resources requirements structure | `{}` | +| `resources.requests.cpu` | CPU request, recommended value `1000m` | `undefined` | +| `resources.requests.memory` | Memory request, recommended value `2Gi` | `undefined` | +| `resources.limits.cpu` | CPU limit, recommended value `3000m` | `undefined` | +| `resources.limits.memory` | Memory limit, recommended value `8Gi` | `undefined` | ### Kubernetes [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) settings -| Name | Description | Value | -| ----------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `hpa.enabled` | If HPA is enabled for the service. | `false` | -| `hpa.minReplicas` | Lower limit for the number of replicas to which the autoscaler can scale down. | `1` | -| `hpa.maxReplicas` | Upper limit for the number of replicas to which the autoscaler can scale up. | `100` | -| `hpa.scaleDownStabilizationWindowSeconds` | Scale-down window. | `""` | -| `hpa.scaleUpStabilizationWindowSeconds` | Scale-up window. | `""` | -| `hpa.targetCPUUtilizationPercentage` | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used. | `80` | -| `hpa.targetMemoryUtilizationPercentage` | Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used. | `""` | +| Name | Description | Value | +| ----------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `hpa.enabled` | If HPA is enabled for the service | `false` | +| `hpa.minReplicas` | Lower limit for the number of replicas to which the autoscaler can scale down | `1` | +| `hpa.maxReplicas` | Upper limit for the number of replicas to which the autoscaler can scale up | `100` | +| `hpa.scaleDownStabilizationWindowSeconds` | Scale-down window | `""` | +| `hpa.scaleUpStabilizationWindowSeconds` | Scale-up window | `""` | +| `hpa.targetCPUUtilizationPercentage` | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used | `80` | +| `hpa.targetMemoryUtilizationPercentage` | Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used | `""` | ### Kubernetes [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) settings -| Name | Description | Value | -| ----------------------- | ------------------------------------------------------------------------------------------------------------ | ------- | -| `vpa.enabled` | If VPA is enabled for the service. | `false` | -| `vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | -| `vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | | -| `vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | | -| `vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | | -| `vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | | +| Name | Description | Value | +| ----------------------- | ----------------------------------------------------------------------------------------------------------- | ------- | +| `vpa.enabled` | If VPA is enabled for the service | `false` | +| `vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start) | `Auto` | +| `vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down | | +| `vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down | | +| `vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up | | +| `vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up | | ### Kubernetes [Pod Disruption Budget](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets) settings -| Name | Description | Value | -| -------------------- | ---------------------------------------------------- | ------- | -| `pdb.enabled` | If PDB is enabled for the service. | `false` | -| `pdb.minAvailable` | How many pods must be available after the eviction. | `""` | -| `pdb.maxUnavailable` | How many pods can be unavailable after the eviction. | `1` | +| Name | Description | Value | +| -------------------- | --------------------------------------------------- | ------- | +| `pdb.enabled` | If PDB is enabled for the service | `false` | +| `pdb.minAvailable` | How many pods must be available after the eviction | `""` | +| `pdb.maxUnavailable` | How many pods can be unavailable after the eviction | `1` | ### Kafka settings for interacting with Distance Matrix Async Service -| Name | Description | Value | -| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------- | -------------- | -| `kafka.enabled` | If the Kafka is enabled. | `false` | -| `kafka.groupId` | Navi-Back service group identifier. | `navi_back` | -| `kafka.properties` | Properties as supported by librdkafka. Refer to inline comments for details. | | -| `kafka.fileProperties` | As kafka.properties, but kept in a file, which passed to application as a filename. Refer to inline comments for details. | `{}` | -| `kafka.distanceMatrix` | **Settings for interacting with Distance Matrix Async service.** | | -| `kafka.distanceMatrix.taskTopic` | Name of the topic for receiving new tasks from Distance Matrix Async API. | `task_topic` | -| `kafka.distanceMatrix.cancelTopic` | Name of the topic for canceling or receiving information about finished tasks. | `cancel_topic` | -| `kafka.distanceMatrix.statusTopic` | Name of the topic for receiving task status information. | `status_topic` | -| `kafka.distanceMatrix.updateTaskStatusPeriodSec` | Update period for task statuses. | `120` | -| `kafka.distanceMatrix.messageExpiredPeriodSec` | Update period for task cancellations. | `3600` | -| `kafka.distanceMatrix.requestDownloadTimeoutSec` | Timeout for downloading request data. | `20` | -| `kafka.distanceMatrix.responseUploadTimeoutSec` | Timeout for uploading response data. | `40` | +| Name | Description | Value | +| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------ | -------------- | +| `kafka.enabled` | If the Kafka is enabled | `false` | +| `kafka.groupId` | Navi-Back service group identifier | `navi_back` | +| `kafka.handlersNumber` | Number of Kafka handlers | `2` | +| `kafka.properties` | Properties as supported by librdkafka. Refer to inline comments for details | | +| `kafka.fileProperties` | As kafka.properties, but kept in a file, which passed to application as a filename. Refer to inline comments for details | `{}` | +| `kafka.distanceMatrix` | **Settings for interacting with Distance Matrix Async service.** | | +| `kafka.distanceMatrix.taskTopic` | Name of the topic for receiving new tasks from Distance Matrix Async API | `task_topic` | +| `kafka.distanceMatrix.cancelTopic` | Name of the topic for canceling or receiving information about finished tasks | `cancel_topic` | +| `kafka.distanceMatrix.statusTopic` | Name of the topic for receiving task status information | `status_topic` | +| `kafka.distanceMatrix.updateTaskStatusPeriodSec` | Update period for task statuses | `120` | +| `kafka.distanceMatrix.messageExpiredPeriodSec` | Update period for task cancellations | `3600` | +| `kafka.distanceMatrix.requestDownloadTimeoutSec` | Timeout for downloading request data | `20` | +| `kafka.distanceMatrix.responseUploadTimeoutSec` | Timeout for uploading response data | `40` | ### S3-compatible storage settings for interacting with Distance Matrix Async Service -| Name | Description | Value | -| -------------- | --------------------------------------- | ------- | -| `s3.enabled` | if S3 storage is enabled. | `false` | -| `s3.host` | S3 endpoint, ex: async-matrix-s3.host. | `""` | -| `s3.bucket` | S3 bucket name. | `""` | -| `s3.accessKey` | S3 access key for accessing the bucket. | `""` | -| `s3.secretKey` | S3 secret key for accessing the bucket. | `""` | +| Name | Description | Value | +| -------------- | ----------------------------------------- | ------- | +| `s3.enabled` | if S3 storage is enabled | `false` | +| `s3.host` | S3 endpoint, ex: async-matrix-s3.host | `""` | +| `s3.bucket` | S3 bucket name | `""` | +| `s3.accessKey` | S3 access key for accessing the bucket | `""` | +| `s3.secretKey` | S3 secret key for accessing the bucket | `""` | +| `s3.suffix` | String to append to file names in replies | `""` | ### Settings for attractor connection. Leave with defaults, FOR FUTURE RELEASE. -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------- | ---------------------------- | -| `transmitter.enabled` | if attractor connection required | `false` | -| `transmitter.type` | connection type one of: grpc, grpc-async, grpc-stream, ws, ws-async | `grpc-async-stream` | -| `transmitter.host` | attractor service | `http://navi-attractor.host` | -| `transmitter.port` | attractor port | `50051` | -| `transmitter.responseTimeoutMs` | response waiting timeout | `100` | +| Name | Description | Value | +| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | +| `transmitter.enabled` | if attractor connection required | `false` | +| `transmitter.type` | connection type one of: grpc, grpc-async, grpc-stream, ws, ws-async | `grpc-async-stream` | +| `transmitter.host` | attractor service | `http://navi-attractor.host` | +| `transmitter.port` | attractor port | `50051` | +| `transmitter.responseTimeoutMs` | response waiting timeout | `2000` | +| `transmitter.retry.enabled` | Enable retry failed requests | `false` | +| `transmitter.retry.retryOn` | Status [codes for retry](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) | `internal,unavailable` | +| `transmitter.retry.numRetries` | Specifies the allowed number of retries | `5` | ### Back-end and attractor group properties. Leave with defaults, FOR FUTURE RELEASE. @@ -258,10 +304,9 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn ### License settings -| Name | Description | Value | -| ---------------------- | ---------------------------------------------------------------- | ------- | -| `license.url` | Address of the License service v2. Ex: https://license.svc | `""` | -| `license.notSupported` | Excludes the configuration block if true, for old versions only. | `false` | +| Name | Description | Value | +| ------------- | ---------------------------------------------------------- | ----- | +| `license.url` | Address of the License service v2. Ex: https://license.svc | `""` | ### Metrics aggregator container. Leave with defaults, FOR FUTURE RELEASE. @@ -271,12 +316,12 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `metrics.image.repository` | Repository | `2gis-on-premise/metrics-aggregator` | | `metrics.image.tag` | Tag | `""` | | `metrics.image.pullPolicy` | Pull Policy | `IfNotPresent` | -| `metrics.port` | Port of container. | `9090` | -| `metrics.resources` | Container resources requirements structure. | `{}` | -| `metrics.resources.requests.cpu` | CPU request, recommended value `10m`. | `undefined` | -| `metrics.resources.requests.memory` | Memory request, recommended value `10Mi`. | | -| `metrics.resources.limits.cpu` | CPU limit, recommended value `100m`. | | -| `metrics.resources.limits.memory` | Memory limit, recommended value `10Mi`. | | +| `metrics.port` | Port of container | `9090` | +| `metrics.resources` | Container resources requirements structure | `{}` | +| `metrics.resources.requests.cpu` | CPU request, recommended value `10m` | `undefined` | +| `metrics.resources.requests.memory` | Memory request, recommended value `10Mi` | | +| `metrics.resources.limits.cpu` | CPU limit, recommended value `100m` | | +| `metrics.resources.limits.memory` | Memory limit, recommended value `10Mi` | | ## Maintainers diff --git a/charts/navi-back/templates/NOTES.txt b/charts/navi-back/templates/NOTES.txt index 0dbc794de..28d930565 100644 --- a/charts/navi-back/templates/NOTES.txt +++ b/charts/navi-back/templates/NOTES.txt @@ -6,16 +6,16 @@ {{- end }} {{- end }} {{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "naviback.fullname" . }}) + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "generic-chart.fullname" . }}) export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") echo http://$NODE_IP:$NODE_PORT {{- else if contains "LoadBalancer" .Values.service.type }} NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "naviback.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "naviback.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "generic-chart.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "generic-chart.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") echo http://$SERVICE_IP:{{ .Values.service.port }} {{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "naviback.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "generic-chart.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") echo "Visit http://127.0.0.1:8080 to use your application" kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT diff --git a/charts/navi-back/templates/_helpers.tpl b/charts/navi-back/templates/_helpers.tpl index 588d0b449..c81df9461 100644 --- a/charts/navi-back/templates/_helpers.tpl +++ b/charts/navi-back/templates/_helpers.tpl @@ -1,39 +1,9 @@ -{{/* -Expand the name of the chart. -*/}} -{{- define "naviback.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} -{{- end }} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -If release name contains chart name it will be used as a full name. -*/}} -{{- define "naviback.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} -{{- if contains $name .Release.Name }} -{{- .Release.Name | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} -{{- end }} -{{- end }} -{{- end }} - -{{/* -Create chart name and version as used by the chart label. -*/}} -{{- define "naviback.chart" -}} -{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} -{{- end }} - {{/* Distinguishable main container name +Override generic-chart +TODO: rewrite https://github.com/helm/helm/issues/11291 */}} -{{- define "naviback.containerName" -}} +{{- define "generic-chart.containerName" -}} {{- if .Values.dataGroup.enabled }} {{- .Values.dataGroup.prefix }}-{{ .Chart.Name }} {{- else }} @@ -41,51 +11,6 @@ Distinguishable main container name {{- end }} {{- end -}} -{{/* -Common labels -*/}} -{{- define "naviback.labels" -}} -helm.sh/chart: {{ include "naviback.chart" . }} -{{ include "naviback.selectorLabels" . }} -{{- if .Chart.AppVersion }} -app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} -{{- end }} -app.kubernetes.io/managed-by: {{ .Release.Service }} -{{- end }} - -{{/* -Selector labels -*/}} -{{- define "naviback.selectorLabels" -}} -app.kubernetes.io/name: {{ include "naviback.name" . }} -app.kubernetes.io/instance: {{ .Release.Name }} -{{- end }} - -{{/* -Create the name of the service account to use -*/}} -{{- define "naviback.serviceAccountName" -}} -{{- if .Values.serviceAccount.create }} -{{- default (include "naviback.fullname" .) .Values.serviceAccount.name }} -{{- else }} -{{- default "default" .Values.serviceAccount.name }} -{{- end }} -{{- end }} - - -{{/* -Renders a value that contains template. -Usage: -{{ include "tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }} -*/}} -{{- define "tplvalues.render" -}} - {{- if typeIs "string" .value }} - {{- tpl .value .context }} - {{- else }} - {{- tpl (.value | toYaml) .context }} - {{- end }} -{{- end -}} - {{/* Get count of CPU from limits. @@ -448,48 +373,29 @@ Usage: {{- end -}} {{- end -}} -{{/* -Return the target Kubernetes version -*/}} -{{- define "capabilities.kubeVersion" -}} -{{- if .Values.global }} - {{- if .Values.global.kubeVersion }} - {{- .Values.global.kubeVersion -}} - {{- else }} - {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} - {{- end -}} -{{- else }} -{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} -{{- end -}} -{{- end -}} - -{{/* -Return the appropriate apiVersion for Horizontal Pod Autoscaler. -*/}} -{{- define "capabilities.hpa.apiVersion" -}} -{{- if semverCompare "<1.23-0" (include "capabilities.kubeVersion" .) -}} -{{- if .beta2 -}} -{{- print "autoscaling/v2beta2" -}} -{{- else -}} -{{- print "autoscaling/v2beta1" -}} -{{- end -}} -{{- else -}} -{{- print "autoscaling/v2" -}} -{{- end -}} -{{- end -}} - {{/* Set castle url -If use frozenData return local path Usage: {{ include "config.setCastleUrl" $ }} */}} {{- define "config.setCastleUrl" -}} - {{- if .Values.frozenData.enabled -}} - {{- printf "file://{LOCAL_PATH}" -}} - {{- else if .Values.naviback.castleUrl -}} + {{- if .Values.naviback.castleUrl -}} {{- printf .Values.naviback.castleUrl -}} {{- else if .Values.naviback.castleHost -}} {{- printf "http://%s" .Values.naviback.castleHost -}} {{- end -}} {{- end -}} + +{{/* +Set restriction url +If rtr enabled return naviback.rtr.url, else return naviback.castleUrl +Usage: +{{ include "config.setRestrictionUrl" $ }} +*/}} +{{- define "config.setRestrictionUrl" -}} + {{- if .Values.naviback.rtr.enabled -}} + {{- printf .Values.naviback.rtr.url -}} + {{- else -}} + {{- printf (include "config.setCastleUrl" $) -}} + {{- end -}} +{{- end -}} diff --git a/charts/navi-back/templates/configmap.yaml b/charts/navi-back/templates/configmap.yaml index 6446863ac..0313ae448 100644 --- a/charts/navi-back/templates/configmap.yaml +++ b/charts/navi-back/templates/configmap.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "naviback.fullname" . }}-configmap + name: {{ include "generic-chart.fullname" . }}-configmap data: navi-back.conf: | {{- if .Values.naviback.overrideConfig }} @@ -27,18 +27,11 @@ data: "pid_file": "/var/run/2gis/navi-back.pid" }, {{- /* distribute equally fot HTTP/GRPC */}} - {{- $httpHandlers := 0 }} - {{- $grpcHandlers := 0 }} - {{- if .Values.naviback.grpcPort }} - {{- $httpHandlers = div .Values.naviback.handlersNumber 2 }} - {{- $grpcHandlers = sub .Values.naviback.handlersNumber $httpHandlers }} - {{- else }} - {{- $httpHandlers = .Values.naviback.handlersNumber }} - {{- end }} "http": { "server": "0.0.0.0", "port": {{ .Values.naviback.appPort }}, - "handlers_number": {{ $httpHandlers }}, + "handlers_number": {{ .Values.naviback.handlersNumber | int }}, + "queue_size": {{ .Values.naviback.queueSize | int }}, "log_verbose": false, "max_process_time": {{ .Values.naviback.maxProcessTime | default 20 | int }}, "response_timelimit": {{ .Values.naviback.responseTimelimit | default 120 | int }}, @@ -52,23 +45,22 @@ data: {{- if .Values.naviback.grpcPort }} "grpc": { - "server" : "0.0.0.0", - "port" : {{ .Values.naviback.grpcPort | int }}, - "max_process_time" : {{ .Values.naviback.maxProcessTime | default 20 | int }}, - "response_timelimit" : {{ .Values.naviback.responseTimelimit | default 120 | int }}, - "request_timeout" : {{ .Values.naviback.requestTimeout | default 120 | int }}, - "thread_pool_size" : {{ $grpcHandlers }} + "server": "0.0.0.0", + "port": {{ .Values.naviback.grpcPort | int }}, + "max_process_time": {{ .Values.naviback.maxProcessTime | default 20 | int }}, + "response_timelimit": {{ .Values.naviback.responseTimelimit | default 120 | int }}, + "request_timeout": {{ .Values.naviback.requestTimeout | default 120 | int }} }, {{- end }} {{- if .Values.naviback.sentry.enabled }} - "error_tracker" : { - "report_destination_address" : {{ .Values.naviback.sentry.address | quote }}, - "project_name" : {{ .Values.naviback.sentry.project | quote }}, - "user_name" : {{ .Values.naviback.sentry.username | quote }}, - "print_outgoing_messages" : {{ .Values.naviback.sentry.printMessages | default false }}, - "debug" : {{ .Values.naviback.sentry.debug | default false }}, - "path" : {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }}, - "handler" : {{ .Values.naviback.sentry.handler | default "/usr/sbin/2gis/mosesd/crashpad_handler" | quote }} + "error_tracker": { + "report_destination_address": {{ .Values.naviback.sentry.address | quote }}, + "project_name": {{ .Values.naviback.sentry.project | quote }}, + "user_name": {{ .Values.naviback.sentry.username | quote }}, + "print_outgoing_messages": {{ .Values.naviback.sentry.printMessages | default false }}, + "debug": {{ .Values.naviback.sentry.debug | default false }}, + "path": {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }}, + "handler": {{ .Values.naviback.sentry.handler | default "/usr/sbin/2gis/mosesd/crashpad_handler" | quote }} }, {{- end }} {{- if .Values.transmitter.enabled }} @@ -76,19 +68,52 @@ data: "type": {{ .Values.transmitter.type | quote }}, "host": "127.0.0.1", "port": 9999, - "response_timeout_ms": {{ .Values.transmitter.responseTimeoutMs | int }} + "timeout_limit_ms": {{ .Values.transmitter.responseTimeoutMs | int }} }, {{- end }} "context": { + {{- if .Values.naviback.validation.enabled }} + "validation": [ + { + "service_name": "ctx", + "schemas_folder": {{ .Values.naviback.validation.ctx.schemasFolder | quote }}, + "request_schema_name": {{ .Values.naviback.validation.ctx.requestSchemaName | quote }}, + "response_schema_name": {{ .Values.naviback.validation.ctx.responseSchemaName | quote }} + }, + { + "service_name": "bss", + "schemas_folder": {{ .Values.naviback.validation.bss.schemasFolder | quote }}, + "request_schema_name": {{ .Values.naviback.validation.bss.requestSchemaName | quote }}, + "response_schema_name": {{ .Values.naviback.validation.bss.responseSchemaName | quote }} + }, + { + "service_name": "distance_matrix", + "schemas_folder": {{ .Values.naviback.validation.distanceMatrix.schemasFolder | quote }}, + "request_schema_name": {{ .Values.naviback.validation.distanceMatrix.requestSchemaName | quote }}, + "response_schema_name": {{ .Values.naviback.validation.distanceMatrix.responseSchemaName | quote }} + }, + { + "service_name": "isochrone", + "schemas_folder": {{ .Values.naviback.validation.isochrone.schemasFolder | quote }}, + "request_schema_name": {{ .Values.naviback.validation.isochrone.requestSchemaName | quote }}, + "response_schema_name": {{ .Values.naviback.validation.isochrone.responseSchemaName | quote }} + } + ], + {{- end }} "variables": { "LOCAL_PATH": "/opt/castle", "LOCAL_ETC": "/etc/2gis/mosesd", + {{- if .Values.naviback.hierarchies.enabled }} + "S3_CACHE_PATH": {{ .Values.naviback.hierarchies.s3path | quote }}, + "SHORTCUT_PATH": "/tmp/hierarchies/shortcuts", + "PATCHES_PATH": "/tmp/hierarchies/patches", + {{- end }}{{- /* if .Values.naviback.hierarchies.enabled */}} "REMOTE_PATH": "{{ include "config.setCastleUrl" $ }}", - "REMOTE_FORECAST" : "{{ .Values.naviback.forecastHost }}", - "REMOTE_ECA" : "{{ include "config.setEcaUrl" $ }}" + "REMOTE_FORECAST": "{{ .Values.naviback.forecastHost }}", + "REMOTE_ECA": "{{ include "config.setEcaUrl" $ }}" }, - "rules": { - "update_period" : 0, + "rules": { + "update_period": 0, "nodes": [ "file://{LOCAL_ETC}/rules.conf" ], @@ -120,116 +145,81 @@ data: }, {{- if not (include "config.isCTX" $) }} {{- if .Values.naviback.indices.speedIndex.enabled }} - "speed_index" : - { - "update_period" : {{ .Values.naviback.disableUpdates | ternary 604800 20 }}, - "nodes" : - [ - "{REMOTE_ECA}/traffic/moses/speeds5.json" - ], - "timeout_seconds": - { - "count": 60 - } + "speed_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 20 }}, + "nodes": [ + "{REMOTE_ECA}/traffic/moses/speeds5.json" + ], + "timeout_seconds": { + "count": 60 + } }, {{- end }}{{- /* .Values.naviback.indices.speedIndex.enabled */}} - {{- if .Values.naviback.indices.forecastedSpeedsIndex.enabled }} - "forecasted_speeds_index" : - { - "update_period" : {{ .Values.naviback.disableUpdates | ternary 604800 20 }}, - "nodes" : - [ - "http://{REMOTE_FORECAST}/index.json" - ], - "timeout_seconds": - { - "count": 30 - } + {{- if and .Values.naviback.indices.forecastedSpeedsIndex.enabled .Values.naviback.forecastHost }} + "forecasted_speeds_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 20 }}, + "nodes": [ + "http://{REMOTE_FORECAST}/index.json" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.forecastedSpeedsIndex.enabled */}} - {{- if .Values.naviback.indices.forecastedSpeeds.enabled }} - "forecasted_speeds" : - { - "update_period" : 0, - "nodes" : - [ - "http://{REMOTE_FORECAST}/" - ], - "timeout_seconds": - { - "count": 30 - } + {{- if and .Values.naviback.indices.forecastedSpeeds.enabled .Values.naviback.forecastHost }} + "forecasted_speeds": { + "update_period": 0, + "nodes": [ + "http://{REMOTE_FORECAST}/" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.forecastedSpeeds.enabled */}} {{- if .Values.naviback.indices.etaCorrectionCores.enabled }} - "eta_correction_cores" : - { - "update_period" : 0, - "nodes" : - [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": - { - "count": 60 - } + "eta_correction_cores": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 60 + } }, {{- end }}{{- /* .Values.naviback.indices.etaCorrectionCores.enabled */}} - {{- if .Values.naviback.indices.taxiReferers.enabled }} - "taxi_referers": - { - "update_period" : 3600, - "nodes" : - [ - "{REMOTE_PATH}/options/taxi_referers.json" - ], - "timeout_seconds": - { - "count": 360 - } - }, - {{- end }}{{- /* .Values.naviback.indices.taxiReferers.enabled */}} {{- else }} {{- if .Values.naviback.indices.restrictedTransportRoutes.enabled }} - "restricted_transport_routes" : - { - "update_period" : 0, - "nodes" : - [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": - { - "count": 10 - } + "restricted_transport_routes": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 10 + } }, {{- end }}{{- /* .Values.naviback.indices.restrictedTransportRoutes.enabled */}} {{- if .Values.naviback.indices.restrictedTransportPlatforms.enabled }} - "restricted_transport_platforms" : - { - "update_period" : 0, - "nodes" : - [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": - { - "count": 10 - } + "restricted_transport_platforms": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 10 + } }, {{- end }}{{- /* .Values.naviback.indices.restrictedTransportPlatforms.enabled */}} {{- if .Values.naviback.indices.restrictedTransportIndex.enabled }} - "restricted_transport_index" : - { - "update_period" : {{ .Values.naviback.disableUpdates | ternary 604800 300 }}, - "nodes" : - [ - "{REMOTE_PATH}/restricted_transport.json.zip" - ], - "timeout_seconds": - { - "count": 10 - } + "restricted_transport_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 300 }}, + "nodes": [ + "{REMOTE_PATH}/restricted_transport.json.zip" + ], + "timeout_seconds": { + "count": 10 + } }, {{- end }}{{- /* .Values.naviback.indices.restrictedTransportIndex.enabled */}} {{- end }} @@ -297,7 +287,7 @@ data: "restrictions": { "update_period": 0, "nodes": [ - "{REMOTE_PATH}/" + "{{ include "config.setRestrictionUrl" $ }}/" ], "timeout_seconds": { "count": 30 @@ -339,207 +329,221 @@ data: }, {{- end }}{{- /* .Values.naviback.indices.speedCams.enabled */}} {{- if .Values.naviback.indices.tugcUsersIndex.enabled }} - "tugc_users_index" : - { - "update_period" : {{ .Values.naviback.disableUpdates | ternary 604800 300 }}, - "nodes" : - [ - "{REMOTE_PATH}/tugc_users.json.zip" - ], - "timeout_seconds": - { - "count": 30 - } + "tugc_users_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 300 }}, + "nodes": [ + "{REMOTE_PATH}/tugc_users.json.zip" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.tugcUsersIndex.enabled */}} {{- if .Values.naviback.indices.tugcUsers.enabled }} - "tugc_users" : - { - "update_period" : 0, - "nodes" : - [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": - { - "count": 30 - } + "tugc_users": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.tugcUsers.enabled */}} {{- if .Values.naviback.indices.tugc2gisIndex.enabled }} - "tugc_2gis_index" : - { - "update_period" : {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, - "nodes" : - [ - "{REMOTE_PATH}/tugc_2gis.json.zip" - ], - "timeout_seconds": - { - "count": 30 - } + "tugc_2gis_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, + "nodes": [ + "{REMOTE_PATH}/tugc_2gis.json.zip" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.tugc2gisIndex.enabled */}} {{- if .Values.naviback.indices.tugc2gis.enabled }} - "tugc_2gis" : - { - "update_period" : 0, - "nodes" : - [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": - { - "count": 30 - } + "tugc_2gis": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.tugc2gis.enabled */}} {{- if .Values.naviback.indices.onlineSpeeds.enabled }} - "online_speeds" : - { - "update_period" : 0, - "max_updated_time_diff_minutes" : 20, - "nodes" : - [ - "{REMOTE_ECA}/" - ], - "timeout_seconds": - { - "count": 30 - } + "online_speeds": { + "update_period": 0, + "max_updated_time_diff_minutes": 20, + "nodes": [ + "{REMOTE_ECA}/" + ], + "timeout_seconds": { + "count": 30 + } }, {{- end }}{{- /* .Values.naviback.indices.onlineSpeeds.enabled */}} {{- end }} {{- if (include "config.isTaxi" $) }} + {{- if .Values.naviback.indices.taxiReferers.enabled }} + "taxi_referers": { + "update_period": 3600, + "nodes": [ + "{REMOTE_PATH}/options/taxi_referers.json" + ], + "timeout_seconds": { + "count": 360 + } + }, + {{- end }}{{- /* .Values.naviback.indices.taxiReferers.enabled */}} {{- if .Values.naviback.indices.taxiSpeedIndex.enabled }} - "taxi_speed_index": { - "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 20 }}, - "nodes": [ - "{REMOTE_ECA}/traffic/moses/speeds5.json" - ], - "timeout_seconds": { - "count": 60 - } - }, + "taxi_speed_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 20 }}, + "nodes": [ + "{REMOTE_ECA}/traffic/moses/speeds5.json" + ], + "timeout_seconds": { + "count": 60 + } + }, {{- end }}{{- /* .Values.naviback.indices.taxiSpeedIndex.enabled */}} {{- if .Values.naviback.indices.onlineTaxiSpeeds.enabled }} - "online_taxi_speeds" : - { - "update_period" : 0, - "max_updated_time_diff_minutes" : 20, - "nodes" : - [ - "{REMOTE_ECA}/" - ], - "timeout_seconds": - { - "count": 60 - } - }, + "online_taxi_speeds": { + "update_period": 0, + "max_updated_time_diff_minutes": 20, + "nodes": [ + "{REMOTE_ECA}/" + ], + "timeout_seconds": { + "count": 60 + } + }, {{- end }}{{- /* .Values.naviback.indices.onlineTaxiSpeeds.enabled */}} {{- end }} {{- if (include "config.isTruck" $) }} {{- if .Values.naviback.indices.passZones.enabled }} - "pass_zones": - { - "update_period": 0, - "nodes": - [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": - { - "count": 60 - } - }, + "pass_zones": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 60 + } + }, {{- end }}{{- /* .Values.naviback.indices.passZones.enabled */}} {{- end }} - "edge_transition_probability": { - "update_period": 0, - "nodes": [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": { - "count": 60 - }, - "cache_path": "file://{LOCAL_PATH}/{project_name}/edge_transition_probability.json" - }, - "turn_penalties": { - "update_period": 0, - "nodes": [ - "{REMOTE_PATH}/" - ], - "timeout_seconds": { - "count": 60 - }, - "cache_path": "file://{LOCAL_PATH}/{project_name}/turn_penalties.json" + "edge_transition_probability": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 60 + }, + "cache_path": "file://{LOCAL_PATH}/{project_name}/edge_transition_probability.json" }, - {{- if .Values.s3.enabled }} - "s3": { - "distance_matrix": { - "endpoint": {{ .Values.s3.host | quote }}, - "bucket": {{ .Values.s3.bucket | quote }}, - "access_key": {{ .Values.s3.accessKey | quote }}, - "secret_key": {{ .Values.s3.secretKey | quote }} - } + "turn_penalties": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 60 }, + "cache_path": "file://{LOCAL_PATH}/{project_name}/turn_penalties.json" + }, + {{- if .Values.naviback.indices.snImport.enabled }} + "sn_import": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 60 + } + }, + {{- end }}{{- /* .Values.naviback.indices.snImport.enabled */}} + {{- if .Values.naviback.indices.geoImport.enabled }} + "geo_import": { + "update_period": 0, + "nodes": [ + "{REMOTE_PATH}/" + ], + "timeout_seconds": { + "count": 60 + } + }, + {{- end }}{{- /* .Values.naviback.indices.geoImport.enabled */}} + {{- if .Values.s3.enabled }} + "s3": { + "distance_matrix": { + {{- if .Values.s3.suffix }} + "suffix": {{ .Values.s3.suffix | quote }}, + {{- end }} + "endpoint": {{ .Values.s3.host | quote }}, + "bucket": {{ .Values.s3.bucket | quote }}, + "access_key": {{ .Values.s3.accessKey | quote }}, + "secret_key": {{ .Values.s3.secretKey | quote }} + } + }, {{- end }} {{- if (include "config.isMapMatching" $) }} - "map_matching" : - { - "fmm": - { - "k": "24", - "radius": "4000", - "gps_error": "3000", - "vmax": "40", - "factor": "1.5", - "reverse_tolerance": "0.1" - } + "map_matching": { + "fmm": { + "k": "24", + "radius": "4000", + "gps_error": "3000", + "vmax": "40", + "factor": "1.5", + "reverse_tolerance": "0.1" + } }, {{- end }} {{- if .Values.kafka.enabled }} - "kafka": { - "task_group_id" : {{ .Values.kafka.groupId | quote }}, - "cancel_group_id": {{ .Values.kafka.groupId | quote }}, - "handlers_number": {{ .Values.kafka.handlersNumber }}, - {{- /* - Collect merged Kafka properties from these dictionaries: - - kafka.properties: this is a simple key/value dictionary - - kafka.fileProperties: this is a key/content dictionary given in values, - content is sensitive and stored in Secret resource, they get - mounted as files sonamed after key. While actual secret values are - hidden this way, what actually goes here in environment properties is - file names. This value substitution is implemented down here. - */ -}} - {{- $kafkaProperties := dict -}} - {{- range $key, $_ := .Values.kafka.fileProperties -}} - {{- $_ := set $kafkaProperties $key (printf "/etc/2gis/mosesd/secret/%s" $key) -}} - {{- end -}} - {{- $kafkaProperties := mustMerge $kafkaProperties .Values.kafka.properties -}} - "kafka_properties": {{ mustToPrettyJson $kafkaProperties | nindent 12 }}, - "distance_matrix": { - "task_topic": {{ .Values.kafka.distanceMatrix.taskTopic | quote }}, - "cancel_topic": {{ .Values.kafka.distanceMatrix.cancelTopic | quote }}, - "status_topic": {{ .Values.kafka.distanceMatrix.statusTopic | quote }}, - "update_task_status_period_sec": {{ .Values.kafka.distanceMatrix.updateTaskStatusPeriodSec | int }}, - "message_expired_period_sec" : {{ .Values.kafka.distanceMatrix.messageExpiredPeriodSec | int }}, - "request_download_timeout_sec" : {{ .Values.kafka.distanceMatrix.requestDownloadTimeoutSec | int }}, - "response_upload_timeout_sec": {{ .Values.kafka.distanceMatrix.responseUploadTimeoutSec | int }} - } - }, + "kafka": { + "task_group_id": {{ .Values.kafka.groupId | quote }}, + "cancel_group_id": {{ .Values.kafka.groupId | quote }}, + "handlers_number": {{ .Values.kafka.handlersNumber }}, + {{- /* + Collect merged Kafka properties from these dictionaries: + - kafka.properties: this is a simple key/value dictionary + - kafka.fileProperties: this is a key/content dictionary given in values, + content is sensitive and stored in Secret resource, they get + mounted as files sonamed after key. While actual secret values are + hidden this way, what actually goes here in environment properties is + file names. This value substitution is implemented down here. + */ -}} + {{- $kafkaProperties := dict -}} + {{- range $key, $_ := .Values.kafka.fileProperties -}} + {{- $_ := set $kafkaProperties $key (printf "/etc/2gis/mosesd/secret/%s" $key) -}} + {{- end -}} + {{- $kafkaProperties := mustMerge $kafkaProperties .Values.kafka.properties }} + "kafka_properties": + {{- mustToPrettyJson $kafkaProperties | nindent 12 -}}, + "distance_matrix": { + "task_topic": {{ .Values.kafka.distanceMatrix.taskTopic | quote }}, + "cancel_topic": {{ .Values.kafka.distanceMatrix.cancelTopic | quote }}, + "status_topic": {{ .Values.kafka.distanceMatrix.statusTopic | quote }}, + "update_task_status_period_sec": {{ .Values.kafka.distanceMatrix.updateTaskStatusPeriodSec | int }}, + "message_expired_period_sec": {{ .Values.kafka.distanceMatrix.messageExpiredPeriodSec | int }}, + "request_download_timeout_sec": {{ .Values.kafka.distanceMatrix.requestDownloadTimeoutSec | int }}, + "response_upload_timeout_sec": {{ .Values.kafka.distanceMatrix.responseUploadTimeoutSec | int }} + } + }, {{- end }} {{- if and .Values.naviback.bss.enabled .Values.naviback.bss.client.serviceRemoteAddress }} - "business_statistics_system" : { - "client" : { - "service_remote_address" : {{ .Values.naviback.bss.client.serviceRemoteAddress | mustToJson }}, - "message_count_to_flush" : {{ .Values.naviback.bss.client.messageCountToFlush | mustToJson }}, - "use_compression" : {{ .Values.naviback.bss.client.useCompression | mustToJson }}, - "package_size_max_bytes" : {{ .Values.naviback.bss.client.packageSizeMaxBytes | mustToJson }}, - "pending_transmission_max_count" : {{ .Values.naviback.bss.client.pendingTransmissionMaxCount | mustToJson }}, - "timeout_ms" : {{ .Values.naviback.bss.client.timeoutLimitMilSec | mustToJson }} - } - }, + "business_statistics_system": { + "client": { + "service_remote_address": {{ .Values.naviback.bss.client.serviceRemoteAddress | mustToJson }}, + "message_count_to_flush": {{ .Values.naviback.bss.client.messageCountToFlush | mustToJson }}, + "use_compression": {{ .Values.naviback.bss.client.useCompression | mustToJson }}, + "package_size_max_bytes": {{ .Values.naviback.bss.client.packageSizeMaxBytes | mustToJson }}, + "pending_transmission_max_count": {{ .Values.naviback.bss.client.pendingTransmissionMaxCount | mustToJson }}, + "timeout_ms": {{ .Values.naviback.bss.client.timeoutLimitMilSec | mustToJson }} + } + }, {{- end }}{{- /* .Values.naviback.bss.enabled */}} {{- if not .Values.license.notSupported }} {{- $licenseUrl := .Values.license.url | required "Valid license.url required!" }} @@ -548,7 +552,7 @@ data: {{- end }}{{- /* if not .Values.license.notSupported */}} {{- if .Values.naviback.rtr.enabled }} "restrictions_index": { - "update_period": 300, + "update_period": {{ .Values.naviback.rtr.updatePeriod | int }}, "nodes": [ "{{ .Values.naviback.rtr.url }}/restrictions_index.json.zip" ], @@ -558,43 +562,94 @@ data: "cache_path_": "file://{LOCAL_PATH}/{project_name}/restrictions_index.json.zip" }, {{- end }}{{- /* if .Values.naviback.rtr.enabled */}} + {{- if .Values.naviback.hierarchies.enabled }} + "hierarchies": { + "graphs_file_name": "{SHORTCUT_PATH}", + "patches_dir_name": "{PATCHES_PATH}" + }, + "hierarchy_shortcuts": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, + "nodes": [ + "{S3_CACHE_PATH}/shortcuts/shortcuts.tar.gz" + ], + "timeout_seconds": { + "count": 600 + } + }, + "hierarchy_patches": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, + "nodes": [ + "{S3_CACHE_PATH}/patches.json" + ], + "timeout_seconds": { + "count": 600 + } + }, + "sn_import": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, + "nodes": [ + "{S3_CACHE_PATH}/sn/export_sn.tar.gz" + ], + "timeout_seconds": { + "count": 600 + } + }, + {{- end }}{{- /* if .Values.naviback.hierarchies.enabled */}} + {{- if .Values.naviback.etaScheduleIndex.enabled }} + "eta_schedule_index": { + "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 10 }}, + "nodes": [ + "{{ .Values.naviback.etaScheduleIndex.url }}" + ], + "timeout_seconds": { + "count": 5 + } + }, + "eta_schedule": { + "update_period": 0, + "timeout_seconds": { + "count": 5 + } + }, + {{- end }}{{- /* if .Values.naviback.etaScheduleIndex.enabled */}} {{- if .Values.naviback.additionalSections }} {{- include "tplvalues.render" ( dict "value" .Values.naviback.additionalSections "context" $) | nindent 8 }} {{- end }} "server_info": { - "simple_network_car" : {{ include "config.setSimpleNetworkCar" $ | default false -}}, - "simple_network_pedestrian" : {{ include "config.setSimpleNetworkPedestrian" $ | default false -}}, - "simple_network_taxi" : {{ include "config.setSimpleNetworkTaxi" $ | default false -}}, - "simple_network_bicycle" : {{ include "config.setSimpleNetworkBicycle" $ | default false -}}, - "simple_network_truck" : {{ include "config.setSimpleNetworkTruck" $ | default false -}}, - "simple_network_emergency" : {{ include "config.setSimpleNetworkEmergency" $ | default false -}}, + "tiles_metrics_threshold": {{ .Values.naviback.tilesMetricsThreshold | int }}, + "simple_network_car": {{ include "config.setSimpleNetworkCar" $ | default false -}}, + "simple_network_pedestrian": {{ include "config.setSimpleNetworkPedestrian" $ | default false -}}, + "simple_network_taxi": {{ include "config.setSimpleNetworkTaxi" $ | default false -}}, + "simple_network_bicycle": {{ include "config.setSimpleNetworkBicycle" $ | default false -}}, + "simple_network_truck": {{ include "config.setSimpleNetworkTruck" $ | default false -}}, + "simple_network_emergency": {{ include "config.setSimpleNetworkEmergency" $ | default false -}}, "ctx_only": {{ include "rules.inRoutingSectionOnly" (dict "routingValue" "ctx" "context" $) -}}, - "attractor_car" : {{ include "config.setAttractorCar" $ | default false -}}, - "attractor_pedestrian" : {{ include "config.setAttractorPedestrian" $ | default false -}}, - "attractor_bicycle" : {{ include "config.setAttractorBicycle" $ | default false -}}, - "attractor_taxi" : {{ include "config.setAttractorTaxi" $ | default false -}}, - "attractor_truck" : {{ include "config.setAttractorTruck" $ | default false -}}, - "reduce_edges_optimization_flag" : {{ include "config.setReduceEdgesOptimizationFlag" $ | default false -}}, + "attractor_car": {{ include "config.setAttractorCar" $ | default false -}}, + "attractor_pedestrian": {{ include "config.setAttractorPedestrian" $ | default false -}}, + "attractor_bicycle": {{ include "config.setAttractorBicycle" $ | default false -}}, + "attractor_taxi": {{ include "config.setAttractorTaxi" $ | default false -}}, + "attractor_truck": {{ include "config.setAttractorTruck" $ | default false -}}, + "reduce_edges_optimization_flag": {{ include "config.setReduceEdgesOptimizationFlag" $ | default false -}}, {{- if ((.Values.resources).limits).cpu }} - "dist_matrix_thread_pool_size" : {{ include "config.setCpuNumber" . }}, - "simple_network_build_thread_pool_size" : {{ include "config.setCpuNumber" . }}, + "dist_matrix_thread_pool_size": {{ include "config.setCpuNumber" . }}, + "simple_network_build_thread_pool_size": {{ include "config.setCpuNumber" . }}, {{- end }} - "update_projects_limit" : 2, - "carrouting_page_cache_size" : 8192, - "carrouting_tile_cache_size" : 8192, - "carrouting_bit_tile_cache_size" : 2048, - "dump_query" : {{ mustToJson (.Values.naviback.dump).query }}, - "dump_result" : {{ mustToJson (.Values.naviback.dump).result }}, - "dump_answer" : {{ mustToJson (.Values.naviback.dump).answer }}, - "max_parallel_workers" : 2, - "use_memory_mapped_vfs" : true, - "engine_update_period_sec" : {{ include "config.setEngineUpdatePeriod" $ | default 30 }}, + "update_projects_limit": 2, + "carrouting_page_cache_size": 8192, + "carrouting_tile_cache_size": 8192, + "carrouting_bit_tile_cache_size": 2048, + "dump_query": {{ mustToJson (.Values.naviback.dump).query }}, + "dump_result": {{ mustToJson (.Values.naviback.dump).result }}, + "dump_answer": {{ mustToJson (.Values.naviback.dump).answer }}, + "max_parallel_workers": 2, + "use_memory_mapped_vfs": true, + "engine_update_period_sec": {{ include "config.setEngineUpdatePeriod" $ | default 30 }}, {{- if .Values.naviback.server_id }} - "server_id" : "{{- include "tplvalues.render" ( dict "value" .Values.naviback.server_id "context" .) }}", + "server_id": "{{- include "tplvalues.render" ( dict "value" .Values.naviback.server_id "context" .) }}", {{- else }} - "server_id" : "{{- include "naviback.fullname" . }}", + "server_id": "{{- include "generic-chart.fullname" . }}", {{- end }} - "extended_metrics": [ ], + "extended_metrics": [], "dash_colors": [ { "ratio": 2, @@ -678,6 +733,11 @@ data: prefix: "/" route: cluster: attractor + {{- if .Values.transmitter.retry.enabled }} + retry_policy: + retry_on: {{ .Values.transmitter.retry.retryOn | quote }} + num_retries: {{ .Values.transmitter.retry.numRetries | int }} + {{- end }} http_filters: - name: envoy.router typed_config: diff --git a/charts/navi-back/templates/deployment.yaml b/charts/navi-back/templates/deployment.yaml index 44a77a566..2ff5e1da3 100644 --- a/charts/navi-back/templates/deployment.yaml +++ b/charts/navi-back/templates/deployment.yaml @@ -1,13 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "naviback.fullname" . }} + name: {{ include "generic-chart.fullname" . }} labels: - {{- include "naviback.labels" . | nindent 4 }} + {{- include "generic-chart.labels" . | nindent 4 }} rule: {{ .Values.naviback.app_rule | default "" | quote }} navigroup: {{ .Values.navigroup | default "" | quote }} {{- if .Values.dataGroup.enabled }} - dataGroupTimestamp: {{ .Values.dataGroup.timestamp | quote }} + dataGroupTimestamp: {{ .Values.dataGroup.timestamp | int | quote }} dataGroupPrefix: {{ .Values.dataGroup.prefix | quote }} {{- end }}{{- /* dataGroup.enabled */}} {{- with .Values.labels }} @@ -24,20 +24,20 @@ spec: {{- end }} selector: matchLabels: - {{- include "naviback.selectorLabels" . | nindent 6 }} + {{- include "generic-chart.selectorLabels" . | nindent 6 }} template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/config: {{ (include (print $.Template.BasePath "/configmap.yaml") . | fromYaml).data | toYaml | sha256sum }} + checksum/secret: {{ (include (print $.Template.BasePath "/secret.yaml") . | fromYaml).data | toYaml | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: - {{- include "naviback.selectorLabels" . | nindent 8 }} + {{- include "generic-chart.selectorLabels" . | nindent 8 }} navigroup: {{ .Values.navigroup | default "" | quote }} {{- if .Values.dataGroup.enabled }} - dataGroupTimestamp: {{ .Values.dataGroup.timestamp | quote }} + dataGroupTimestamp: {{ .Values.dataGroup.timestamp | int | quote }} dataGroupPrefix: {{ .Values.dataGroup.prefix | quote }} {{- end }} spec: @@ -45,53 +45,46 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - serviceAccountName: {{ include "naviback.serviceAccountName" . }} + serviceAccountName: {{ include "generic-chart.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} volumes: - - name: {{ include "naviback.fullname" . }}-configmap + - name: {{ include "generic-chart.fullname" . }}-configmap configMap: - name: {{ include "naviback.fullname" . }}-configmap + name: {{ include "generic-chart.fullname" . }}-configmap {{- if .Values.kafka.fileProperties }} - - name: {{ include "naviback.fullname" . }}-secret + - name: {{ include "generic-chart.fullname" . }}-secret secret: - secretName: {{ include "naviback.fullname" . }}-secret + secretName: {{ include "generic-chart.fullname" . }}-secret {{- end }} {{- if .Values.naviback.sentry.enabled }} - name: sentry-volume emptyDir: {} {{- end }} - {{- if .Values.frozenData.enabled }} - - name: frozen-data + {{- if .Values.naviback.hierarchies.enabled }} + - name: hierarchies-volume emptyDir: {} {{- end }} + {{- if .Values.extraVolumes }} + {{- include "tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 6 }} + {{- end }} {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} - {{- if .Values.frozenData.enabled }} + {{- if .Values.initContainers }} initContainers: - - name: frozen-data - securityContext: - {{- toYaml .Values.securityContext | nindent 12 }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.frozenData.image.repository }}:{{ .Values.frozenData.image.tag }} - command: ['sh', '-ec', 'cp -r /frozen_data_init/* /opt/castle; ls -l /opt/castle'] - imagePullPolicy: {{ .Values.frozenData.pullPolicy }} - {{- if (.Values.frozenData).resources }} - resources: {{- toYaml .Values.frozenData.resources | nindent 12 }} - {{- end }} - volumeMounts: - - name: frozen-data - mountPath: /opt/castle + {{- include "tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} {{- end }} containers: {{- if .Values.transmitter.enabled }} - - name: {{ include "naviback.containerName" . }}-envoy +{{- /* generic-chart.containerName redefined in _helpers.tpl */}} + - name: {{ include "generic-chart.containerName" . }}-envoy securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.envoy.image.repository }}:{{ .Values.envoy.image.tag }} imagePullPolicy: {{ .Values.envoy.image.pullPolicy }} volumeMounts: - - name: {{ include "naviback.fullname" . }}-configmap + - name: {{ include "generic-chart.fullname" . }}-configmap mountPath: /etc/envoy/envoy.yaml subPath: envoy.yaml {{- if (.Values.envoy).resources }} @@ -153,34 +146,48 @@ spec: resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} - - name: {{ include "naviback.containerName" . }} +{{- /* generic-chart.containerName redefined in _helpers.tpl */}} + - name: {{ include "generic-chart.containerName" . }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.command }} + command: + {{- include "tplvalues.render" (dict "value" .Values.command "context" $) | nindent 12 }} + {{- else }} command: [ "/usr/sbin/2gis/mosesd/tini", "--" ] + {{- end }} + {{- if .Values.args }} + args: + {{- include "tplvalues.render" (dict "value" .Values.args "context" $) | nindent 12 }} + {{- else }} args: - - /usr/sbin/2gis/mosesd/mosesd - - --config - - /etc/2gis/mosesd/navi-back.conf + - /usr/sbin/2gis/mosesd/mosesd + - --config + - /etc/2gis/mosesd/navi-back.conf + {{- end }} volumeMounts: - - name: {{ include "naviback.fullname" . }}-configmap + - name: {{ include "generic-chart.fullname" . }}-configmap mountPath: /etc/2gis/mosesd/navi-back.conf subPath: navi-back.conf - - name: {{ include "naviback.fullname" . }}-configmap + - name: {{ include "generic-chart.fullname" . }}-configmap mountPath: /etc/2gis/mosesd/rules.conf subPath: rules.conf {{- if .Values.kafka.fileProperties }} - - name: {{ include "naviback.fullname" . }}-secret + - name: {{ include "generic-chart.fullname" . }}-secret mountPath: /etc/2gis/mosesd/secret/ {{- end }} {{- if .Values.naviback.sentry.enabled }} - name: sentry-volume mountPath: {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }} {{- end }} - {{- if .Values.frozenData.enabled }} - - name: frozen-data - mountPath: /opt/castle + {{- if .Values.naviback.hierarchies.enabled }} + - name: hierarchies-volume + mountPath: "/tmp/hierarchies" + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 10 }} {{- end }} ports: - name: http @@ -191,26 +198,48 @@ spec: containerPort: {{ .Values.naviback.grpcPort }} protocol: TCP {{- end }} + {{- if .Values.customStartupProbe }} + startupProbe: + {{- include "tplvalues.render" (dict "value" .Values.customStartupProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} startupProbe: httpGet: path: /successfulwork port: http - periodSeconds: 5 - failureThreshold: 360 + initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.startupProbe.periodSeconds }} + timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }} + successThreshold: {{ .Values.startupProbe.successThreshold }} + failureThreshold: {{ .Values.startupProbe.failureThreshold }} + {{- end }} + {{- if .Values.customLivenessProbe }} + livenessProbe: + {{- include "tplvalues.render" (dict "value" .Values.customLivenessProbe "context" $) | nindent 12 }} + {{- else if .Values.startupProbe.enabled }} livenessProbe: httpGet: path: /heartbeat port: http - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 2 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.customReadinessProbe }} + readinessProbe: + {{- include "tplvalues.render" (dict "value" .Values.customReadinessProbe "context" $) | nindent 12 }} + {{- else if .Values.readinessProbe.enabled }} readinessProbe: httpGet: path: /successfulwork port: http - periodSeconds: 5 - timeoutSeconds: 3 - failureThreshold: 2 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} env: @@ -223,6 +252,9 @@ spec: preStop: exec: command: ["/bin/sh", "-c", "sleep {{ .Values.preStopDelay | default 5 | int }}"] + {{- if .Values.sidecars }} + {{- include "tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds | default 60 }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/charts/navi-back/templates/hpa.yaml b/charts/navi-back/templates/hpa.yaml index 09de7f099..41e1e392d 100644 --- a/charts/navi-back/templates/hpa.yaml +++ b/charts/navi-back/templates/hpa.yaml @@ -1,39 +1 @@ -{{- if .Values.hpa.enabled }} -apiVersion: {{ include "capabilities.hpa.apiVersion" $ }} -kind: HorizontalPodAutoscaler -metadata: - name: {{ include "naviback.fullname" . }} - labels: - {{- include "naviback.labels" . | nindent 4 }} -spec: - scaleTargetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "naviback.fullname" . }} - minReplicas: {{ .Values.hpa.minReplicas }} - maxReplicas: {{ .Values.hpa.maxReplicas }} - behavior: - {{- if .Values.hpa.scaleUp }} - scaleUp: - {{- include "tplvalues.render" ( dict "value" .Values.hpa.scaleUp "context" $) | nindent 8 }} - {{- end }} - {{- if .Values.hpa.scaleDown }} - scaleDown: - {{- include "tplvalues.render" ( dict "value" .Values.hpa.scaleDown "context" $) | nindent 8 }} - {{- end }} - metrics: - {{- if .Values.hpa.targetCPUUtilizationPercentage }} - - type: Resource - resource: - name: cpu - target: - type: Utilization - averageUtilization: {{ .Values.hpa.targetCPUUtilizationPercentage }} - {{- end }} - {{- if .Values.hpa.targetMemoryUtilizationPercentage }} - - type: Resource - resource: - name: memory - targetAverageUtilization: {{ .Values.hpa.targetMemoryUtilizationPercentage }} - {{- end }} -{{- end }} +{{- template "generic-chart.hpa.tpl" . }} diff --git a/charts/navi-back/templates/ingress.yaml b/charts/navi-back/templates/ingress.yaml index d8706758e..8604b0c34 100644 --- a/charts/navi-back/templates/ingress.yaml +++ b/charts/navi-back/templates/ingress.yaml @@ -1,5 +1,5 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "naviback.fullname" . -}} +{{- $fullName := include "generic-chart.fullname" . -}} {{- $svcPort := .Values.service.port -}} {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} @@ -17,7 +17,7 @@ kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "naviback.labels" . | nindent 4 }} + {{- include "generic-chart.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/navi-back/templates/pdb.yaml b/charts/navi-back/templates/pdb.yaml index e51715299..824f66d70 100644 --- a/charts/navi-back/templates/pdb.yaml +++ b/charts/navi-back/templates/pdb.yaml @@ -1,21 +1 @@ -{{- with .Values.pdb }} -{{- if .enabled }} ---- -apiVersion: policy/v1 -kind: PodDisruptionBudget -metadata: - name: {{ include "naviback.fullname" $ }} - labels: - {{- include "naviback.labels" $ | nindent 4 }} -spec: - {{- if .minAvailable }} - minAvailable: {{ .minAvailable }} - {{- end }} - {{- if .maxUnavailable }} - maxUnavailable: {{ .maxUnavailable }} - {{- end }} - selector: - matchLabels: - {{- include "naviback.selectorLabels" $ | nindent 6 }} -{{- end }} -{{- end }} +{{- template "generic-chart.pdb.tpl" . }} diff --git a/charts/navi-back/templates/secret.yaml b/charts/navi-back/templates/secret.yaml index f3f376287..22e2f7c0e 100644 --- a/charts/navi-back/templates/secret.yaml +++ b/charts/navi-back/templates/secret.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: Secret metadata: - name: {{ include "naviback.fullname" . }}-secret + name: {{ include "generic-chart.fullname" . }}-secret labels: - {{- include "naviback.labels" . | nindent 4 }} + {{- include "generic-chart.labels" . | nindent 4 }} {{- if .Values.labels }} {{- toYaml .Values.labels | nindent 4 }} {{- end }} diff --git a/charts/navi-back/templates/service.yaml b/charts/navi-back/templates/service.yaml index 1b3d93aff..4947c886e 100644 --- a/charts/navi-back/templates/service.yaml +++ b/charts/navi-back/templates/service.yaml @@ -2,9 +2,9 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "naviback.fullname" . }} + name: {{ include "generic-chart.fullname" . }} labels: - {{- include "naviback.labels" . | nindent 4 }} + {{- include "generic-chart.labels" . | nindent 4 }} {{- if .Values.service.labels }} {{- include "tplvalues.render" ( dict "value" .Values.service.labels "context" $) | nindent 4 }} {{- end }} @@ -12,7 +12,7 @@ metadata: navigroup: {{ .Values.navigroup | default "" | quote }} type: {{ .Values.naviback.type | default "" | quote }} {{- if .Values.dataGroup.enabled }} - dataGroupTimestamp: {{ .Values.dataGroup.timestamp | quote }} + dataGroupTimestamp: {{ .Values.dataGroup.timestamp | int | quote }} dataGroupPrefix: {{ .Values.dataGroup.prefix | quote }} {{- end }} {{- if .Values.naviback.behindSplitter }} @@ -39,16 +39,19 @@ spec: protocol: TCP name: grpc {{- end }} + {{- if .Values.service.extraPorts }} + {{- include "tplvalues.render" (dict "value" .Values.service.extraPorts "context" $) | nindent 4 }} + {{- end }} selector: - {{- include "naviback.selectorLabels" . | nindent 4 }} + {{- include "generic-chart.selectorLabels" . | nindent 4 }} {{- if .Values.service.headless.enabled }} --- apiVersion: v1 kind: Service metadata: - name: {{ include "naviback.fullname" . }}-headless + name: {{ include "generic-chart.fullname" . }}-headless labels: - {{- include "naviback.labels" . | nindent 4 }} + {{- include "generic-chart.labels" . | nindent 4 }} {{- if .Values.service.headless.labels }} {{- include "tplvalues.render" ( dict "value" .Values.service.labels "context" $) | nindent 4 }} {{- end }} @@ -56,7 +59,7 @@ metadata: navigroup: {{ .Values.navigroup | default "" | quote }} type: {{ .Values.naviback.type | default "" | quote }} {{- if .Values.dataGroup.enabled }} - dataGroupTimestamp: {{ .Values.dataGroup.timestamp | quote }} + dataGroupTimestamp: {{ .Values.dataGroup.timestamp | int | quote }} dataGroupPrefix: {{ .Values.dataGroup.prefix | quote }} {{- end }} {{- /* pretend to be behind splitter to get ignored by mfront */}} @@ -81,5 +84,5 @@ spec: name: grpc {{- end }} selector: - {{- include "naviback.selectorLabels" . | nindent 4 }} + {{- include "generic-chart.selectorLabels" . | nindent 4 }} {{- end }} diff --git a/charts/navi-back/templates/serviceaccount.yaml b/charts/navi-back/templates/serviceaccount.yaml index 2854df970..7109eec48 100644 --- a/charts/navi-back/templates/serviceaccount.yaml +++ b/charts/navi-back/templates/serviceaccount.yaml @@ -1,12 +1 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "naviback.serviceAccountName" . }} - labels: - {{- include "naviback.labels" . | nindent 4 }} - {{- with .Values.serviceAccount.annotations }} - annotations: - {{- toYaml . | nindent 4 }} - {{- end }} -{{- end }} +{{- template "generic-chart.serviceaccount.tpl" . }} diff --git a/charts/navi-back/templates/vpa.yaml b/charts/navi-back/templates/vpa.yaml index b73202472..5de5ca28e 100644 --- a/charts/navi-back/templates/vpa.yaml +++ b/charts/navi-back/templates/vpa.yaml @@ -1,35 +1 @@ -{{ with .Values.vpa }} -{{- if .enabled }} ---- - -apiVersion: autoscaling.k8s.io/v1 -kind: VerticalPodAutoscaler -metadata: - name: {{ include "naviback.fullname" $ }} - labels: - {{- include "naviback.labels" $ | nindent 4 }} -spec: - targetRef: - apiVersion: apps/v1 - kind: Deployment - name: {{ include "naviback.fullname" $ }} - updatePolicy: - updateMode: {{ default "Auto" .updateMode }} - resourcePolicy: - containerPolicies: - - containerName: {{ include "naviback.containerName" $ }} - mode: Auto - {{- with .minAllowed }} - minAllowed: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- with .maxAllowed }} - maxAllowed: - {{- toYaml . | nindent 10 }} - {{- end }} - {{- if $.Values.transmitter.enabled }} - - containerName: {{ include "naviback.containerName" $ }}-envoy - mode: "Off" - {{- end }} -{{- end }} -{{- end }} +{{- template "generic-chart.vpa.tpl" . }} diff --git a/charts/navi-back/values.yaml b/charts/navi-back/values.yaml index e126cc70c..baa7949a5 100644 --- a/charts/navi-back/values.yaml +++ b/charts/navi-back/values.yaml @@ -1,27 +1,54 @@ # @section Docker Registry settings -# @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. +# @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port` dgctlDockerRegistry: '' # @section Common settings -# @param replicaCount A replica count for the pod. +# @param replicaCount A replica count for the pod # @param revisionHistoryLimit Number of replica sets to keep for deployment rollbacks -# @param imagePullSecrets Kubernetes image pull secrets. -# @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. -# @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. -# @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param podSecurityContext Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). -# @param securityContext Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). -# @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). -# @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. -# @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). -# @param labels Custom labels to set to Deployment resource. -# @param priorityClassName Kubernetes [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name. -# @param preStopDelay Delay in seconds before terminating container. -# @param terminationGracePeriodSeconds Maximum time allowed for graceful shutdown. +# @param imagePullSecrets Kubernetes image pull secrets +# @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart +# @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart +# @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) +# @param podSecurityContext Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) +# @param securityContext Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) +# @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) +# @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings +# @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) +# @param labels Custom labels to set to Deployment resource +# @param priorityClassName Kubernetes [Pod Priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#priorityclass) class name +# @param preStopDelay Delay in seconds before terminating container +# @param terminationGracePeriodSeconds Maximum time allowed for graceful shutdown +# @param extraVolumes Optionally specify extra list of additional volumes +# @param extraVolumeMounts Optionally specify extra list of additional volumeMounts +# @param initContainers Add additional init containers +# @param sidecars Add additional sidecar containers +# @param livenessProbe.enabled Enable livenessProbe +# @param livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe +# @param livenessProbe.periodSeconds Period seconds for livenessProbe +# @param livenessProbe.timeoutSeconds Timeout seconds for livenessProbe +# @param livenessProbe.failureThreshold Failure threshold for livenessProbe +# @param livenessProbe.successThreshold Success threshold for livenessProbe +# @param readinessProbe.enabled Enable readinessProbe +# @param readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe +# @param readinessProbe.periodSeconds Period seconds for readinessProbe +# @param readinessProbe.timeoutSeconds Timeout seconds for readinessProbe +# @param readinessProbe.failureThreshold Failure threshold for readinessProbe +# @param readinessProbe.successThreshold Success threshold for readinessProbe +# @param startupProbe.enabled Enable startupProbe +# @param startupProbe.initialDelaySeconds Initial delay seconds for startupProbe +# @param startupProbe.periodSeconds Period seconds for startupProbe +# @param startupProbe.timeoutSeconds Timeout seconds for startupProbe +# @param startupProbe.failureThreshold Failure threshold for startupProbe +# @param startupProbe.successThreshold Success threshold for startupProbe +# @param customLivenessProbe Override default liveness probe +# @param customReadinessProbe Override default readiness probe +# @param customStartupProbe Override default startup probe +# @param command Override default command +# @param args Override default args replicaCount: 1 revisionHistoryLimit: 1 @@ -38,9 +65,39 @@ labels: {} priorityClassName: '' preStopDelay: 5 terminationGracePeriodSeconds: 60 - - -# @section Deployment settings +extraVolumes: [] +extraVolumeMounts: [] +initContainers: [] +sidecars: [] +livenessProbe: + enabled: true + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 2 + successThreshold: 1 +readinessProbe: + enabled: true + initialDelaySeconds: 0 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 2 + successThreshold: 1 +startupProbe: + enabled: true + initialDelaySeconds: 0 + periodSeconds: 5 + failureThreshold: 360 + timeoutSeconds: 5 + successThreshold: 1 +customLivenessProbe: {} +customReadinessProbe: {} +customStartupProbe: {} +command: [] +args: [] + + +# @section Container image settings # @param image.repository Repository # @param image.tag Tag @@ -49,30 +106,31 @@ terminationGracePeriodSeconds: 60 image: repository: 2gis-on-premise/navi-back pullPolicy: IfNotPresent - tag: 7.15.2.4 + tag: 7.23.0.5 # @section Navi-Back application settings -# @extra naviback.ecaHost DEPRECATED: Use naviback.ecaUrl. Domain name of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster. -# @extra naviback.ecaUrl URL of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster. -# @extra naviback.forecastHost URL of Traffic forecast service. See the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster. +# @extra naviback.ecaHost DEPRECATED: Use naviback.ecaUrl. Domain name of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster +# @extra naviback.ecaUrl URL of the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster +# @extra naviback.forecastHost URL of Traffic forecast service. See the [Traffic Proxy service](https://docs.2gis.com/en/on-premise/traffic-proxy).
This URL should be accessible from all the pods within your Kubernetes cluster # @skip naviback.appPort -# @param naviback.dmSourcesLimit Size limit for source matrices. -# @param naviback.dmTargetsLimit Size limit for target matrices. -# @param naviback.handlersNumber Number of HTTP handlers. -# @param naviback.maxProcessTime Maximum processing time limit in minutes. -# @param naviback.responseTimelimit Maximum response time limit in minutes. -# @param naviback.requestTimeout Maximum request time limit in minutes. -# @param naviback.timeoutLimitSec Maximum downloading time can be reached after failures. -# @param naviback.timeoutIncrementSec Downloading time increment after failures. -# @param naviback.totalRetryDurationSec Downloading timeout with all failure retries. -# @param naviback.initialRetryIntervalSec Initial timeout for a failure retry. -# @param naviback.dump.result Dump results in logs. -# @param naviback.dump.query Dump queries in logs. -# @param naviback.dump.answer Dump answers in logs. -# @param naviback.logLevel Logging level, one of: Verbose, Info, Warning, Error, Fatal. -# @param naviback.indexFilename Name of index file. +# @param naviback.dmSourcesLimit Size limit for source matrices +# @param naviback.dmTargetsLimit Size limit for target matrices +# @param naviback.handlersNumber Total number of HTTP/GRPC handlers +# @param naviback.queueSize Internal queue size +# @param naviback.maxProcessTime Maximum processing time limit in minutes +# @param naviback.responseTimelimit Maximum response time limit in minutes +# @param naviback.requestTimeout Maximum request time limit in minutes +# @param naviback.timeoutLimitSec Maximum downloading time can be reached after failures +# @param naviback.timeoutIncrementSec Downloading time increment after failures +# @param naviback.totalRetryDurationSec Downloading timeout with all failure retries +# @param naviback.initialRetryIntervalSec Initial timeout for a failure retry +# @param naviback.dump.result Dump results in logs +# @param naviback.dump.query Dump queries in logs +# @param naviback.dump.answer Dump answers in logs +# @param naviback.logLevel Logging level, one of: Verbose, Info, Warning, Error, Fatal +# @param naviback.indexFilename Name of the index file on Castle # @param naviback.citiesFilename Name of the cities file on Castle # @param naviback.sentry.enabled If sending crash dumps to Sentry needed # @param naviback.sentry.address Sentry URL @@ -82,11 +140,12 @@ image: # @param naviback.sentry.debug Debugging switch # @param naviback.sentry.reportPath Local directory to dump # @param naviback.sentry.handler Handler file location -# @param naviback.castleHost URL of Navi-Castle service, ex: http://navi-castle.svc.
This URL should be accessible from all the pods within your Kubernetes cluster. -# @extra naviback.enablePassableBarriers Consider passable barriers. -# @extra naviback.grpcPort GRPC port to serve. Disabled if empty. +# @extra naviback.castleHost DEPRECATED: Use naviback.castleUrl. Domain name of Navi-Castle service.
This URL should be accessible from all the pods within your Kubernetes cluster +# @param naviback.castleUrl URL of Navi-Castle service.
This URL should be accessible from all the pods within your Kubernetes cluster +# @extra naviback.enablePassableBarriers Consider passable barriers +# @extra naviback.grpcPort GRPC port to serve. Disabled if empty # @param naviback.disableUpdates Test switch for disabling runtime background updates -# @extra naviback.indices List of dynamic indices kill switches. +# @extra naviback.indices List of dynamic indices kill switches # @skip naviback.indices.carOptions.enabled # @skip naviback.indices.carOptions.filename # @skip naviback.indices.countryCarOptions.enabled @@ -95,6 +154,7 @@ image: # @skip naviback.indices.etaCorrectionCores.enabled # @skip naviback.indices.forecastedSpeeds.enabled # @skip naviback.indices.forecastedSpeedsIndex.enabled +# @skip naviback.indices.geoImport.enabled # @skip naviback.indices.onlineSpeeds.enabled # @skip naviback.indices.onlineTaxiSpeeds.enabled # @skip naviback.indices.passZones.enabled @@ -103,6 +163,7 @@ image: # @skip naviback.indices.restrictedTransportPlatforms.enabled # @skip naviback.indices.restrictedTransportRoutes.enabled # @skip naviback.indices.smatrix.enabled +# @skip naviback.indices.snImport.enabled # @skip naviback.indices.speedCams.enabled # @skip naviback.indices.speedIndex.enabled # @skip naviback.indices.taxiReferers.enabled @@ -111,10 +172,11 @@ image: # @skip naviback.indices.tugc2gisIndex.enabled # @skip naviback.indices.tugcUsers.enabled # @skip naviback.indices.tugcUsersIndex.enabled -# @extra naviback.additionalSections Optinal JSON block to be added to config file as-is. +# @extra naviback.additionalSections Optinal JSON block to be added to config file as-is +# @skip naviback.simpleNetwork # @extra naviback.simpleNetwork.bicycle Enable simple network for bicycle routing # @extra naviback.simpleNetwork.car Enable simple network for auto routing -# @param naviback.simpleNetwork.emergency Enable simple network for emergency vehicles routing +# @extra naviback.simpleNetwork.emergency Enable simple network for emergency vehicles routing # @extra naviback.simpleNetwork.pedestrian Enable simple network for pedestrian routing # @extra naviback.simpleNetwork.taxi Enable simple network for taxi routing # @extra naviback.simpleNetwork.truck Enable simple network for truck routing @@ -127,16 +189,36 @@ image: # @extra naviback.attractor.truck Enable enhanced attractor for truck routing # @extra naviback.attractor.scooter Enable enhanced attractor for scooters routing # @param naviback.bss.enabled Enable sending information on the construction of routes to the business statistics service -# @param naviback.bss.client.serviceRemoteAddress Remote address business statistics service. Requeruired for enable sending information. -# @param naviback.bss.client.messageCountToFlush Message count to flush. -# @param naviback.bss.client.useCompression Enable compression. -# @param naviback.bss.client.packageSizeMaxBytes Package size max bytes. -# @param naviback.bss.client.pendingTransmissionMaxCount Pending transmission max count. +# @param naviback.bss.client.serviceRemoteAddress Remote address business statistics service. Requeruired for enable sending information +# @param naviback.bss.client.messageCountToFlush Message count to flush +# @param naviback.bss.client.useCompression Enable compression +# @param naviback.bss.client.packageSizeMaxBytes Package size max bytes +# @param naviback.bss.client.pendingTransmissionMaxCount Pending transmission max count +# @param naviback.bss.client.timeoutLimitMilSec Maximum request time limit in milliseconds # @extra naviback.reduceEdgesOptimizationFlag Enable optimizations for distance matrix queries processing -# @param naviback.behindSplitter Current instance is behind splitter or not -# @param naviback.overrideConfig Complete config override. For test purposes only. -# @param naviback.rtr.enabled Enable real time restrictions. -# @param naviback.rtr.url URL real time restrictions server. +# @param naviback.behindSplitter The current instance is behind splitter or not +# @param naviback.overrideConfig Complete config override. For test purposes only +# @param naviback.rtr.enabled Enable real time restrictions +# @param naviback.rtr.url URL real time restrictions server +# @param naviback.rtr.updatePeriod Update period from real time restrictions server +# @param naviback.validation.enabled Enable validation responses and requests (used for internal tests) +# @param naviback.validation.ctx.schemasFolder Path to folder with ctx JSON schemas +# @param naviback.validation.ctx.requestSchemaName Name of ctx request validation schema +# @param naviback.validation.ctx.responseSchemaName Name of ctx response validation schema +# @param naviback.validation.bss.schemasFolder Path to folder with bss JSON schemas +# @param naviback.validation.bss.requestSchemaName Name of bss request validation schema +# @param naviback.validation.bss.responseSchemaName Name of bss response validation schema +# @param naviback.validation.distanceMatrix.schemasFolder Path to folder with distance matrix JSON schemas +# @param naviback.validation.distanceMatrix.requestSchemaName Name of distance matrix request validation schema +# @param naviback.validation.distanceMatrix.responseSchemaName Name of distance matrix response validation schema +# @param naviback.validation.isochrone.schemasFolder Path to folder with isochrone JSON schemas +# @param naviback.validation.isochrone.requestSchemaName Name of isochrone request validation schema +# @param naviback.validation.isochrone.responseSchemaName Name of isochrone response validation schema +# @param naviback.tilesMetricsThreshold The value at which we send tiles metrics (used for internal tests) +# @param naviback.hierarchies.enabled If hierarchies cache available +# @param naviback.hierarchies.s3path Hierarchies cache remote location +# @param naviback.etaScheduleIndex.enabled If Schedule Index available +# @param naviback.etaScheduleIndex.url Schedule Index remote url # @skip rules naviback: @@ -144,9 +226,10 @@ naviback: dmSourcesLimit: 1000 dmTargetsLimit: 1000 handlersNumber: 1 - maxProcessTime: 600 - responseTimelimit: 60 - requestTimeout: 60 + queueSize: 128 + maxProcessTime: 20 + responseTimelimit: 120 + requestTimeout: 120 timeoutLimitSec: 1200 timeoutIncrementSec: 140 totalRetryDurationSec: 2400 @@ -160,14 +243,14 @@ naviback: citiesFilename: cities.conf.zip sentry: enabled: false - address: sentry.host + address: sentry.local project: navi-back - username: navi-back + username: navi printMessages: false debug: false reportPath: /tmp/sentry handler: /usr/sbin/2gis/mosesd/crashpad_handler - castleHost: '' + castleUrl: '' disableUpdates: false indices: carOptions: @@ -185,6 +268,8 @@ naviback: enabled: false forecastedSpeedsIndex: enabled: false + geoImport: + enabled: false onlineSpeeds: enabled: false onlineTaxiSpeeds: @@ -201,6 +286,8 @@ naviback: enabled: false smatrix: enabled: false + snImport: + enabled: false speedCams: enabled: false speedIndex: @@ -228,11 +315,38 @@ naviback: useCompression: true packageSizeMaxBytes: 1800000 pendingTransmissionMaxCount: 10 + timeoutLimitMilSec: 5000 behindSplitter: false overrideConfig: '' rtr: enabled: false - url: http://rtr.navi + url: http://rtr + updatePeriod: 60 + validation: + enabled: false + ctx: + schemasFolder: /usr/share/2gis/schemas/nsr_schemas + requestSchemaName: CTXRequestModel.json + responseSchemaName: CTXResponseModelV4.json + bss: + schemasFolder: /usr/share/2gis/schemas/bss_schemas + requestSchemaName: '' + responseSchemaName: 401.schema.json + distanceMatrix: + schemasFolder: /usr/share/2gis/schemas/nsr_schemas + requestSchemaName: DistanceMatrixRequestModel.json + responseSchemaName: DistanceMatrixResponseModel.json + isochrone: + schemasFolder: /usr/share/2gis/schemas/nsr_schemas + requestSchemaName: IsochroneApiRequestModel.json + responseSchemaName: IsochroneApiResponseModel.json + tilesMetricsThreshold: 0 + hierarchies: + enabled: false + s3path: '' + etaScheduleIndex: + enabled: false + url: '' rules: [] @@ -242,40 +356,25 @@ rules: [] # @param envoy.image.repository Repository # @param envoy.image.tag Tag # @param envoy.image.pullPolicy Pull Policy +# @param envoy.resources [nullable] Container resources requirements structure +# @param envoy.resources.requests.cpu [nullable] CPU request, recommended value `100m` +# @param envoy.resources.requests.memory [nullable] Memory request, recommended value `100Mi` +# @param envoy.resources.limits.cpu [nullable] CPU limit, recommended value `100m` +# @param envoy.resources.limits.memory [nullable] Memory limit, recommended value `100Mi` envoy: image: repository: 2gis-on-premise/envoy pullPolicy: IfNotPresent tag: v1.27.0 - - -# @section Frozen data settings. For test purposes only. - -# @param frozenData.enabled If use frozen data is enabled. -# @param frozenData.image.repository Repository -# @param frozenData.image.tag Tag -# @param frozenData.image.pullPolicy Pull Policy -# @param frozenData.resources [nullable] Container resources requirements structure. -# @param frozenData.resources.requests.cpu [nullable] CPU request, recommended value `100m`. -# @param frozenData.resources.requests.memory [nullable] Memory request, recommended value `100Mi`. -# @param frozenData.resources.limits.cpu [nullable] CPU limit, recommended value `100m`. -# @param frozenData.resources.limits.memory [nullable] Memory limit, recommended value `100Mi`. - -frozenData: - enabled: false - image: - repository: 2gis-on-premise/frozen-data - pullPolicy: Always - tag: '' resources: {} # @section Service account settings -# @param serviceAccount.create Specifies whether a service account should be created. -# @param serviceAccount.annotations Annotations to add to the service account. -# @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template. +# @param serviceAccount.create Specifies whether a service account should be created +# @param serviceAccount.annotations Annotations to add to the service account +# @param serviceAccount.name The name of the service account to use. If not set and create is true, a name is generated using the fullname template serviceAccount: create: false @@ -285,12 +384,13 @@ serviceAccount: # @section Service settings -# @param service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). -# @param service.clusterIP Controls Service cluster IP allocation. Cannot be changed after resource creation. -# @param service.port Service port. -# @param service.grpcPort Service GRPC port if `naviback.grpcPort` enabled. -# @param service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) +# @param service.clusterIP Controls Service cluster IP allocation. Cannot be changed after resource creation +# @param service.port Service port +# @param service.grpcPort Service GRPC port if `naviback.grpcPort` enabled +# @param service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) +# @param service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +# @param service.extraPorts Extra ports to expose in the service (normally used with the `sidecar` value) # @param service.headless.enabled Enable creating a secondary headless service # @param service.headless.annotations Annotations for secondary headless service @@ -301,6 +401,7 @@ service: grpcPort: 50051 annotations: {} labels: + extraPorts: [] headless: enabled: false annotations: {} @@ -308,16 +409,16 @@ service: # @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings -# @param ingress.enabled If Ingress is enabled for the service. -# @param ingress.className Name of the Ingress controller class. -# @param ingress.hosts[0].host Hostname for the Ingress service. -# @param ingress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. +# @param ingress.className Name of the Ingress controller class +# @param ingress.enabled If Ingress is enabled for the service +# @param ingress.hosts[0].host Hostname for the Ingress service +# @param ingress.hosts[0].paths[0].path Path of the host for the Ingress service +# @param ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service # @param ingress.tls TLS configuration ingress: - enabled: false className: nginx + enabled: false hosts: - host: navi-back.example.com paths: @@ -331,24 +432,24 @@ ingress: # @section Limits -# @param resources [nullable] Container resources requirements structure. -# @param resources.requests.cpu [nullable] CPU request, recommended value `1000m`. -# @param resources.requests.memory [nullable] Memory request, recommended value `2Gi`. -# @param resources.limits.cpu [nullable] CPU limit, recommended value `3000m`. -# @param resources.limits.memory [nullable] Memory limit, recommended value `8Gi`. +# @param resources [nullable] Container resources requirements structure +# @param resources.requests.cpu [nullable] CPU request, recommended value `1000m` +# @param resources.requests.memory [nullable] Memory request, recommended value `2Gi` +# @param resources.limits.cpu [nullable] CPU limit, recommended value `3000m` +# @param resources.limits.memory [nullable] Memory limit, recommended value `8Gi` resources: {} # @section Kubernetes [Horizontal Pod Autoscaling](https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/) settings -# @param hpa.enabled If HPA is enabled for the service. -# @param hpa.minReplicas Lower limit for the number of replicas to which the autoscaler can scale down. -# @param hpa.maxReplicas Upper limit for the number of replicas to which the autoscaler can scale up. -# @param hpa.scaleDownStabilizationWindowSeconds Scale-down window. -# @param hpa.scaleUpStabilizationWindowSeconds Scale-up window. -# @param hpa.targetCPUUtilizationPercentage Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used. -# @param hpa.targetMemoryUtilizationPercentage Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used. +# @param hpa.enabled If HPA is enabled for the service +# @param hpa.minReplicas Lower limit for the number of replicas to which the autoscaler can scale down +# @param hpa.maxReplicas Upper limit for the number of replicas to which the autoscaler can scale up +# @param hpa.scaleDownStabilizationWindowSeconds Scale-down window +# @param hpa.scaleUpStabilizationWindowSeconds Scale-up window +# @param hpa.targetCPUUtilizationPercentage Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used +# @param hpa.targetMemoryUtilizationPercentage Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used hpa: enabled: false @@ -362,12 +463,12 @@ hpa: # @section Kubernetes [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) settings -# @param vpa.enabled If VPA is enabled for the service. -# @param vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). -# @extra vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. -# @extra vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. -# @extra vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. -# @extra vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. +# @param vpa.enabled If VPA is enabled for the service +# @param vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start) +# @extra vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down +# @extra vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down +# @extra vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up +# @extra vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up vpa: enabled: false @@ -376,9 +477,9 @@ vpa: # @section Kubernetes [Pod Disruption Budget](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets) settings -# @param pdb.enabled If PDB is enabled for the service. -# @param pdb.minAvailable How many pods must be available after the eviction. -# @param pdb.maxUnavailable How many pods can be unavailable after the eviction. +# @param pdb.enabled If PDB is enabled for the service +# @param pdb.minAvailable How many pods must be available after the eviction +# @param pdb.maxUnavailable How many pods can be unavailable after the eviction pdb: enabled: false @@ -388,24 +489,26 @@ pdb: # @section Kafka settings for interacting with Distance Matrix Async Service -# @param kafka.enabled If the Kafka is enabled. -# @param kafka.groupId Navi-Back service group identifier. -# @extra kafka.properties Properties as supported by librdkafka. Refer to inline comments for details. +# @param kafka.enabled If the Kafka is enabled +# @param kafka.groupId Navi-Back service group identifier +# @param kafka.handlersNumber Number of Kafka handlers +# @extra kafka.properties Properties as supported by librdkafka. Refer to inline comments for details # @skip kafka.properties.bootstrap.servers # @skip kafka.properties.security.protocol -# @param kafka.fileProperties As kafka.properties, but kept in a file, which passed to application as a filename. Refer to inline comments for details. +# @param kafka.fileProperties As kafka.properties, but kept in a file, which passed to application as a filename. Refer to inline comments for details # @extra kafka.distanceMatrix **Settings for interacting with Distance Matrix Async service.** -# @param kafka.distanceMatrix.taskTopic Name of the topic for receiving new tasks from Distance Matrix Async API. -# @param kafka.distanceMatrix.cancelTopic Name of the topic for canceling or receiving information about finished tasks. -# @param kafka.distanceMatrix.statusTopic Name of the topic for receiving task status information. -# @param kafka.distanceMatrix.updateTaskStatusPeriodSec Update period for task statuses. -# @param kafka.distanceMatrix.messageExpiredPeriodSec Update period for task cancellations. -# @param kafka.distanceMatrix.requestDownloadTimeoutSec Timeout for downloading request data. -# @param kafka.distanceMatrix.responseUploadTimeoutSec Timeout for uploading response data. +# @param kafka.distanceMatrix.taskTopic Name of the topic for receiving new tasks from Distance Matrix Async API +# @param kafka.distanceMatrix.cancelTopic Name of the topic for canceling or receiving information about finished tasks +# @param kafka.distanceMatrix.statusTopic Name of the topic for receiving task status information +# @param kafka.distanceMatrix.updateTaskStatusPeriodSec Update period for task statuses +# @param kafka.distanceMatrix.messageExpiredPeriodSec Update period for task cancellations +# @param kafka.distanceMatrix.requestDownloadTimeoutSec Timeout for downloading request data +# @param kafka.distanceMatrix.responseUploadTimeoutSec Timeout for uploading response data kafka: enabled: false groupId: navi_back + handlersNumber: 2 properties: bootstrap.servers: kafka.host:9092 security.protocol: PLAINTEXT @@ -455,11 +558,12 @@ kafka: # @section S3-compatible storage settings for interacting with Distance Matrix Async Service -# @param s3.enabled if S3 storage is enabled. -# @param s3.host S3 endpoint, ex: async-matrix-s3.host. -# @param s3.bucket S3 bucket name. -# @param s3.accessKey S3 access key for accessing the bucket. -# @param s3.secretKey S3 secret key for accessing the bucket. +# @param s3.enabled if S3 storage is enabled +# @param s3.host S3 endpoint, ex: async-matrix-s3.host +# @param s3.bucket S3 bucket name +# @param s3.accessKey S3 access key for accessing the bucket +# @param s3.secretKey S3 secret key for accessing the bucket +# @param s3.suffix String to append to file names in replies s3: enabled: false @@ -467,6 +571,7 @@ s3: bucket: '' accessKey: '' secretKey: '' + suffix: '' # @section Settings for attractor connection. Leave with defaults, FOR FUTURE RELEASE. @@ -475,13 +580,20 @@ s3: # @param transmitter.host attractor service # @param transmitter.port attractor port # @param transmitter.responseTimeoutMs response waiting timeout +# @param transmitter.retry.enabled Enable retry failed requests +# @param transmitter.retry.retryOn Status [codes for retry](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) +# @param transmitter.retry.numRetries Specifies the allowed number of retries transmitter: enabled: false type: grpc-async-stream host: http://navi-attractor.host port: 50051 - responseTimeoutMs: 100 + responseTimeoutMs: 2000 + retry: + enabled: false + retryOn: internal,unavailable + numRetries: 5 # @section Back-end and attractor group properties. Leave with defaults, FOR FUTURE RELEASE. @@ -497,11 +609,9 @@ dataGroup: # @section License settings # @param license.url Address of the License service v2. Ex: https://license.svc -# @param license.notSupported Excludes the configuration block if true, for old versions only. license: url: '' - notSupported: false # @section Metrics aggregator container. Leave with defaults, FOR FUTURE RELEASE. @@ -509,12 +619,12 @@ license: # @param metrics.image.repository Repository # @param metrics.image.tag Tag # @param metrics.image.pullPolicy Pull Policy -# @param metrics.port Port of container. -# @param metrics.resources [nullable] Container resources requirements structure. -# @param metrics.resources.requests.cpu [nullable] CPU request, recommended value `10m`. -# @extra metrics.resources.requests.memory [nullable] Memory request, recommended value `10Mi`. -# @extra metrics.resources.limits.cpu [nullable] CPU limit, recommended value `100m`. -# @extra metrics.resources.limits.memory [nullable] Memory limit, recommended value `10Mi`. +# @param metrics.port Port of container +# @param metrics.resources [nullable] Container resources requirements structure +# @param metrics.resources.requests.cpu [nullable] CPU request, recommended value `10m` +# @extra metrics.resources.requests.memory [nullable] Memory request, recommended value `10Mi` +# @extra metrics.resources.limits.cpu [nullable] CPU limit, recommended value `100m` +# @extra metrics.resources.limits.memory [nullable] Memory limit, recommended value `10Mi` metrics: enabled: false From 5871c1372aaa315d28301f20a5258b8c633ed052 Mon Sep 17 00:00:00 2001 From: Dmitrii Moskalev Date: Thu, 27 Jun 2024 11:13:25 +0300 Subject: [PATCH 24/91] fix conflict --- charts/navi-back/Chart.yaml | 9 --------- 1 file changed, 9 deletions(-) diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index 7e7524391..311088951 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -6,21 +6,12 @@ keywords: - navi - back - backend -<<<<<<< HEAD -version: 1.24.0 -appVersion: 7.23.0.5 -dependencies: - - name: generic-chart - version: "*" - repository: file://../generic-chart -======= version: 1.25.0 appVersion: 7.23.0.5 dependencies: - name: generic-chart version: '*' repository: file://../generic-chart ->>>>>>> origin/master maintainers: - name: 2gis url: https://github.com/2gis From ebec6e63b82e41ca83fbc0cc8cf9134712d993fc Mon Sep 17 00:00:00 2001 From: Igor Sheykin <49325415+Ashigo@users.noreply.github.com> Date: Fri, 12 Jul 2024 13:19:32 +0500 Subject: [PATCH 25/91] [ONPREM-839] Add revisionHistoryLimit (#459) * add revisionHistoryLimit spec for catalog-api * add revisionHistoryLimit for citylens * add revisionHistoryLimit for dgtt * add revisionHistoryLimit for floors-api * add revisionHistoryLimit to gis-platform * add revisionHistoryLimit to keycloak * add revisionHistoryLimit to kays * add revisionHistoryLimit to license * add revisionHistoryLimit to mapgl * add revisionHistoryLimit to platform * add revisionHistoryLimit to search-api * add revisionHistoryLimit to stat-reciever * add revisionHistoryLimit to traffic-proxy * Add revisionHistoryLimit to twins-api * update readme files * fix schema and value path * fix license lint error * remove revisionHistoryLimit for StatefulSet --- charts/catalog-api/README.md | 9 +- .../catalog-api/templates/api/deployment.yaml | 1 + charts/catalog-api/values.yaml | 2 + charts/citylens/README.md | 226 +++++++++--------- charts/citylens/templates/api/deployment.yaml | 1 + charts/citylens/templates/web/deployment.yaml | 1 + .../worker/deployment-camcom-sender.yaml | 1 + .../worker/deployment-frames-saver.yaml | 1 + .../worker/deployment-logs-saver.yaml | 1 + .../worker/deployment-predictions-saver.yaml | 1 + .../deployment-reporter-pro-tracks.yaml | 1 + .../worker/deployment-reporter-pro.yaml | 1 + .../deployment-track-metadata-saver.yaml | 1 + .../worker/deployment-track-reloader.yaml | 1 + charts/citylens/values.yaml | 40 ++++ charts/floors-api/README.md | 25 +- charts/floors-api/templates/deployment.yaml | 1 + charts/floors-api/values.yaml | 2 + charts/gis-platform/README.md | 35 +-- .../templates/gis-platform-portal-dep.yaml | 1 + charts/gis-platform/values.yaml | 2 + charts/keys/README.md | 3 + charts/keys/templates/admin/deployment.yaml | 1 + charts/keys/templates/api/deployment.yaml | 1 + charts/keys/templates/tasker/deployment.yaml | 1 + charts/keys/values.yaml | 12 + charts/mapgl-js-api/README.md | 23 +- charts/mapgl-js-api/templates/deployment.yaml | 1 + charts/mapgl-js-api/values.yaml | 2 + charts/platform/README.md | 21 +- charts/platform/templates/ui/deployment.yaml | 1 + charts/platform/values.yaml | 2 + charts/search-api/README.md | 19 +- charts/search-api/templates/deployment.yaml | 1 + charts/search-api/values.yaml | 2 + charts/stat-receiver/README.md | 52 ++-- .../templates/api/deployment.yaml | 1 + .../templates/streams/deployment.yaml | 1 + charts/stat-receiver/values.schema.json | 24 +- charts/stat-receiver/values.yaml | 4 + charts/traffic-proxy/README.md | 23 +- .../traffic-proxy/templates/deployment.yaml | 1 + charts/traffic-proxy/values.yaml | 2 + charts/twins-api/README.md | 1 + .../twins-api/templates/api/deployment.yaml | 1 + charts/twins-api/values.yaml | 2 + 46 files changed, 338 insertions(+), 218 deletions(-) diff --git a/charts/catalog-api/README.md b/charts/catalog-api/README.md index 1a562fa40..79a16f85a 100644 --- a/charts/catalog-api/README.md +++ b/charts/catalog-api/README.md @@ -69,10 +69,11 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### API settings -| Name | Description | Value | -| -------------- | ------------------------------ | ------ | -| `api.replicas` | Number of replicas of API pods | `1` | -| `api.logLevel` | Log level | `info` | +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `api.replicas` | Number of replicas of API pods | `1` | +| `api.logLevel` | Log level | `info` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | ### api.image **Deployment settings** diff --git a/charts/catalog-api/templates/api/deployment.yaml b/charts/catalog-api/templates/api/deployment.yaml index 2863ee06a..8d230ced7 100644 --- a/charts/catalog-api/templates/api/deployment.yaml +++ b/charts/catalog-api/templates/api/deployment.yaml @@ -20,6 +20,7 @@ spec: {{- if not .Values.api.hpa.enabled }} replicas: {{ .Values.api.replicas }} {{- end }} + revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/catalog-api/values.yaml b/charts/catalog-api/values.yaml index 4abb5e8d0..2f67311ba 100644 --- a/charts/catalog-api/values.yaml +++ b/charts/catalog-api/values.yaml @@ -73,10 +73,12 @@ strategy: # @param api.replicas Number of replicas of API pods # @param api.logLevel Log level +# @param api.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). api: replicas: 1 logLevel: info + revisionHistoryLimit: 3 # @section api.image **Deployment settings** diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 52a1adb86..0f8f5b7e1 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -52,13 +52,14 @@ See the [documentation]() to learn about: ### Resources settings -| Name | Description | Value | -| ------------------------------- | ---------------------------- | ------- | -| `api.replicas` | A replica count for the pod. | `4` | -| `api.resources.requests.cpu` | A CPU request. | `1000m` | -| `api.resources.requests.memory` | A memory request. | `1Gi` | -| `api.resources.limits.cpu` | A CPU limit. | `2000m` | -| `api.resources.limits.memory` | A memory limit. | `2Gi` | +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `api.replicas` | A replica count for the pod. | `4` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.resources.requests.cpu` | A CPU request. | `1000m` | +| `api.resources.requests.memory` | A memory request. | `1Gi` | +| `api.resources.limits.cpu` | A CPU limit. | `2000m` | +| `api.resources.limits.memory` | A memory limit. | `2Gi` | ### Service settings @@ -137,13 +138,14 @@ See the [documentation]() to learn about: ### Resources settings -| Name | Description | Value | -| ------------------------------- | ---------------------------- | ------- | -| `web.replicas` | A replica count for the pod. | `1` | -| `web.resources.requests.cpu` | A CPU request. | `1000m` | -| `web.resources.requests.memory` | A memory request. | `1Gi` | -| `web.resources.limits.cpu` | A CPU limit. | `2000m` | -| `web.resources.limits.memory` | A memory limit. | `2Gi` | +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `web.replicas` | A replica count for the pod. | `1` | +| `web.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `web.resources.requests.cpu` | A CPU request. | `1000m` | +| `web.resources.requests.memory` | A memory request. | `1Gi` | +| `web.resources.limits.cpu` | A CPU limit. | `2000m` | +| `web.resources.limits.memory` | A memory limit. | `2Gi` | ### Service settings @@ -214,121 +216,129 @@ See the [documentation]() to learn about: ### Citylens Frames Saver worker's settings -| Name | Description | Value | -| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `worker.framesSaver.replicas` | A replica count for the pod. | `4` | -| `worker.framesSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.framesSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.framesSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.framesSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.framesSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.framesSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.framesSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `worker.framesSaver.replicas` | A replica count for the pod. | `4` | +| `worker.framesSaver.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.framesSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.framesSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.framesSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.framesSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.framesSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.framesSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.framesSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Camcom sender worker's settings -| Name | Description | Value | -| --------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ------- | -| `worker.camcomSender.enabled` | If Camcom Sender worker is enabled for the service. | `false` | -| `worker.camcomSender.replicas` | A replica count for the pod. | `1` | -| `worker.camcomSender.apiKey` | A key for Camcom's API access | `""` | -| `worker.camcomSender.endpointUrl` | Camcom endpoint URL | `""` | -| `worker.camcomSender.requestTimeout` | Camcom request timeout | `1` | -| `worker.camcomSender.requestRateLimit.calls` | Camcom calls rate limit | `1000` | -| `worker.camcomSender.requestRateLimit.period` | Camcom period rate limit | `60` | -| `worker.camcomSender.requestRetries` | Camcom request retries | `3` | -| `worker.camcomSender.requestRetriesBackoff` | request retries backoff | `1` | -| `worker.camcomSender.sourceEnv` | Environment name to send to CamCam (source_env field in request), ignored if empty. | `""` | -| `worker.camcomSender.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.camcomSender.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.camcomSender.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.camcomSender.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.camcomSender.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.camcomSender.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.camcomSender.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `worker.camcomSender.enabled` | If Camcom Sender worker is enabled for the service. | `false` | +| `worker.camcomSender.replicas` | A replica count for the pod. | `1` | +| `worker.camcomSender.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.camcomSender.apiKey` | A key for Camcom's API access | `""` | +| `worker.camcomSender.endpointUrl` | Camcom endpoint URL | `""` | +| `worker.camcomSender.requestTimeout` | Camcom request timeout | `1` | +| `worker.camcomSender.requestRateLimit.calls` | Camcom calls rate limit | `1000` | +| `worker.camcomSender.requestRateLimit.period` | Camcom period rate limit | `60` | +| `worker.camcomSender.requestRetries` | Camcom request retries | `3` | +| `worker.camcomSender.requestRetriesBackoff` | request retries backoff | `1` | +| `worker.camcomSender.sourceEnv` | Environment name to send to CamCam (source_env field in request), ignored if empty. | `""` | +| `worker.camcomSender.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.camcomSender.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.camcomSender.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.camcomSender.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.camcomSender.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.camcomSender.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.camcomSender.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Predictions Saver worker's settings -| Name | Description | Value | -| ---------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `worker.predictionsSaver.replicas` | A replica count for the pod. | `1` | -| `worker.predictionsSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.predictionsSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.predictionsSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.predictionsSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.predictionsSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.predictionsSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.predictionsSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `worker.predictionsSaver.replicas` | A replica count for the pod. | `1` | +| `worker.predictionsSaver.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.predictionsSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.predictionsSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.predictionsSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.predictionsSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.predictionsSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.predictionsSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.predictionsSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Logs Saver worker's settings -| Name | Description | Value | -| --------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `worker.logsSaver.replicas` | A replica count for the pod. | `1` | -| `worker.logsSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.logsSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.logsSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.logsSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.logsSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.logsSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.logsSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| --------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `worker.logsSaver.replicas` | A replica count for the pod. | `1` | +| `worker.logsSaver.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.logsSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.logsSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.logsSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.logsSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.logsSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.logsSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.logsSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Reporter Pro worker's settings (synchronization with Pro) -| Name | Description | Value | -| ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `worker.reporterPro.replicas` | A replica count for the pod. | `1` | -| `worker.reporterPro.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.reporterPro.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.reporterPro.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.reporterPro.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.reporterPro.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.reporterPro.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.reporterPro.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| ----------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `worker.reporterPro.replicas` | A replica count for the pod. | `1` | +| `worker.reporterPro.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.reporterPro.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.reporterPro.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.reporterPro.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.reporterPro.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.reporterPro.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.reporterPro.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.reporterPro.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Reporter Pro Tracks worker's settings (track status actualization) -| Name | Description | Value | -| ----------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ------ | -| `worker.reporterProTracks.enabled` | Deploy worker or not. | `true` | -| `worker.reporterProTracks.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.reporterProTracks.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.reporterProTracks.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.reporterProTracks.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.reporterProTracks.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.reporterProTracks.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.reporterProTracks.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| ----------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `worker.reporterProTracks.enabled` | Deploy worker or not. | `true` | +| `worker.reporterProTracks.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.reporterProTracks.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.reporterProTracks.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.reporterProTracks.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.reporterProTracks.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.reporterProTracks.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.reporterProTracks.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.reporterProTracks.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Track Metadata Saver worker's settings -| Name | Description | Value | -| ------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `worker.trackMetadataSaver.replicas` | A replica count for the pod. | `1` | -| `worker.trackMetadataSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.trackMetadataSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.trackMetadataSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.trackMetadataSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.trackMetadataSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.trackMetadataSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.trackMetadataSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `worker.trackMetadataSaver.replicas` | A replica count for the pod. | `1` | +| `worker.trackMetadataSaver.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.trackMetadataSaver.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.trackMetadataSaver.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.trackMetadataSaver.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.trackMetadataSaver.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.trackMetadataSaver.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.trackMetadataSaver.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.trackMetadataSaver.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Citylens Tracks Uploader worker's settings -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------ | ------- | -| `worker.tracksUploader.enabled` | If Tracks Uploader worker is enabled for the service. | `false` | -| `worker.tracksUploader.replicas` | A replica count for the pod. | `1` | -| `worker.tracksUploader.api` | Destination API address citylens. Ex.: http(s)://citylens-api.host/ | `""` | -| `worker.tracksUploader.source` | Source address citylens-web. Ex.: http(s)://citylens-web.host | `""` | -| `worker.tracksUploader.verifySsl` | Set to `false` if tracksUploader.api or tracksUploader.source must be accessed via https without certificate validation **Required** | `true` | -| `worker.tracksUploader.reloadTrackTimeoutSeconds` | Track reload timeout, seconds. | `900` | -| `worker.tracksUploader.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.tracksUploader.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.tracksUploader.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `worker.tracksUploader.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `worker.tracksUploader.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `worker.tracksUploader.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | -| `worker.tracksUploader.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +| Name | Description | Value | +| ------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `worker.tracksUploader.enabled` | If Tracks Uploader worker is enabled for the service. | `false` | +| `worker.tracksUploader.replicas` | A replica count for the pod. | `1` | +| `worker.tracksUploader.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.tracksUploader.api` | Destination API address citylens. Ex.: http(s)://citylens-api.host/ | `""` | +| `worker.tracksUploader.source` | Source address citylens-web. Ex.: http(s)://citylens-web.host | `""` | +| `worker.tracksUploader.verifySsl` | Set to `false` if tracksUploader.api or tracksUploader.source must be accessed via https without certificate validation **Required** | `true` | +| `worker.tracksUploader.reloadTrackTimeoutSeconds` | Track reload timeout, seconds. | `900` | +| `worker.tracksUploader.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.tracksUploader.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.tracksUploader.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.tracksUploader.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.tracksUploader.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.tracksUploader.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.tracksUploader.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | ### Migration job settings diff --git a/charts/citylens/templates/api/deployment.yaml b/charts/citylens/templates/api/deployment.yaml index dbf8d59f1..5192d7900 100644 --- a/charts/citylens/templates/api/deployment.yaml +++ b/charts/citylens/templates/api/deployment.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.api.replicas}} + revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.api.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/web/deployment.yaml b/charts/citylens/templates/web/deployment.yaml index 5dcd06be0..0b493adbe 100644 --- a/charts/citylens/templates/web/deployment.yaml +++ b/charts/citylens/templates/web/deployment.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.web.replicas}} + revisionHistoryLimit: {{ .Values.web.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.web.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-camcom-sender.yaml b/charts/citylens/templates/worker/deployment-camcom-sender.yaml index 254bc1f95..3b6e45d22 100644 --- a/charts/citylens/templates/worker/deployment-camcom-sender.yaml +++ b/charts/citylens/templates/worker/deployment-camcom-sender.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.camcomSender.replicas }} + revisionHistoryLimit: {{ .Values.worker.camcomSender.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.camcom-sender.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-frames-saver.yaml b/charts/citylens/templates/worker/deployment-frames-saver.yaml index 1e745fc72..825854ea3 100644 --- a/charts/citylens/templates/worker/deployment-frames-saver.yaml +++ b/charts/citylens/templates/worker/deployment-frames-saver.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.framesSaver.replicas }} + revisionHistoryLimit: {{ .Values.worker.framesSaver.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.frames-saver.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-logs-saver.yaml b/charts/citylens/templates/worker/deployment-logs-saver.yaml index af054b291..5ed395932 100644 --- a/charts/citylens/templates/worker/deployment-logs-saver.yaml +++ b/charts/citylens/templates/worker/deployment-logs-saver.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.logsSaver.replicas }} + revisionHistoryLimit: {{ .Values.worker.logsSaver.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.logs-saver.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-predictions-saver.yaml b/charts/citylens/templates/worker/deployment-predictions-saver.yaml index b68508ca2..c256c3c50 100644 --- a/charts/citylens/templates/worker/deployment-predictions-saver.yaml +++ b/charts/citylens/templates/worker/deployment-predictions-saver.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.predictionsSaver.replicas }} + revisionHistoryLimit: {{ .Values.worker.predictionsSaver.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.predictions-saver.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml b/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml index dfe877986..e6b86ac7d 100644 --- a/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml +++ b/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} spec: replicas: 1 + revisionHistoryLimit: {{ .Values.worker.reporterProTracks.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.reporter-pro-tracks.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-reporter-pro.yaml b/charts/citylens/templates/worker/deployment-reporter-pro.yaml index 568a70b68..1de49fc55 100644 --- a/charts/citylens/templates/worker/deployment-reporter-pro.yaml +++ b/charts/citylens/templates/worker/deployment-reporter-pro.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.reporterPro.replicas }} + revisionHistoryLimit: {{ .Values.worker.reporterPro.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.reporter-pro.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml b/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml index 8e5c53681..5b9ab05e2 100644 --- a/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml +++ b/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.trackMetadataSaver.replicas }} + revisionHistoryLimit: {{ .Values.worker.trackMetadataSaver.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.track-metadata-saver.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/templates/worker/deployment-track-reloader.yaml b/charts/citylens/templates/worker/deployment-track-reloader.yaml index a1d2f44cf..8dcbbf7d0 100644 --- a/charts/citylens/templates/worker/deployment-track-reloader.yaml +++ b/charts/citylens/templates/worker/deployment-track-reloader.yaml @@ -14,6 +14,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.worker.tracksUploader.replicas }} + revisionHistoryLimit: {{ .Values.worker.tracksUploader.revisionHistoryLimit }} selector: matchLabels: {{- include "citylens.track-reloader.selectorLabels" . | nindent 6 }} diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index f48152dbf..00a933b86 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -37,6 +37,8 @@ dgctlStorage: # @param api.replicas A replica count for the pod. +# @param api.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param api.resources.requests.cpu A CPU request. # @param api.resources.requests.memory A memory request. # @param api.resources.limits.cpu A CPU limit. @@ -101,6 +103,8 @@ api: replicas: 4 + revisionHistoryLimit: 3 + resources: requests: cpu: 1000m @@ -169,6 +173,8 @@ api: # @param web.replicas A replica count for the pod. +# @param web.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param web.resources.requests.cpu A CPU request. # @param web.resources.requests.memory A memory request. # @param web.resources.limits.cpu A CPU limit. @@ -228,6 +234,8 @@ web: replicas: 1 + revisionHistoryLimit: 3 + resources: requests: cpu: 1000m @@ -303,6 +311,8 @@ worker: # @param worker.framesSaver.replicas A replica count for the pod. +# @param worker.framesSaver.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.framesSaver.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param worker.framesSaver.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). # @param worker.framesSaver.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). @@ -316,6 +326,8 @@ worker: replicas: 4 + revisionHistoryLimit: 3 + annotations: {} labels: {} podAnnotations: {} @@ -330,6 +342,8 @@ worker: # @param worker.camcomSender.replicas A replica count for the pod. +# @param worker.camcomSender.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.camcomSender.apiKey A key for Camcom's API access # @param worker.camcomSender.endpointUrl Camcom endpoint URL @@ -357,6 +371,8 @@ worker: replicas: 1 + revisionHistoryLimit: 3 + apiKey: '' endpointUrl: '' requestTimeout: 1 @@ -379,6 +395,8 @@ worker: # @param worker.predictionsSaver.replicas A replica count for the pod. +# @param worker.predictionsSaver.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.predictionsSaver.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param worker.predictionsSaver.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). # @param worker.predictionsSaver.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). @@ -392,6 +410,8 @@ worker: replicas: 1 + revisionHistoryLimit: 3 + annotations: {} labels: {} podAnnotations: {} @@ -404,6 +424,8 @@ worker: # @param worker.logsSaver.replicas A replica count for the pod. +# @param worker.logsSaver.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.logsSaver.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param worker.logsSaver.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). # @param worker.logsSaver.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). @@ -417,6 +439,8 @@ worker: replicas: 1 + revisionHistoryLimit: 3 + annotations: {} labels: {} podAnnotations: {} @@ -429,6 +453,8 @@ worker: # @param worker.reporterPro.replicas A replica count for the pod. +# @param worker.reporterPro.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.reporterPro.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param worker.reporterPro.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). # @param worker.reporterPro.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). @@ -442,6 +468,8 @@ worker: replicas: 1 + revisionHistoryLimit: 3 + annotations: {} labels: {} podAnnotations: {} @@ -454,6 +482,8 @@ worker: # @param worker.reporterProTracks.enabled Deploy worker or not. +# @param worker.reporterProTracks.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.reporterProTracks.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param worker.reporterProTracks.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). # @param worker.reporterProTracks.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). @@ -467,6 +497,8 @@ worker: enabled: true + revisionHistoryLimit: 3 + annotations: {} labels: {} podAnnotations: {} @@ -479,6 +511,8 @@ worker: # @param worker.trackMetadataSaver.replicas A replica count for the pod. +# @param worker.trackMetadataSaver.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.trackMetadataSaver.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param worker.trackMetadataSaver.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). # @param worker.trackMetadataSaver.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). @@ -492,6 +526,8 @@ worker: replicas: 1 + revisionHistoryLimit: 3 + annotations: {} labels: {} podAnnotations: {} @@ -507,6 +543,8 @@ worker: # @param worker.tracksUploader.replicas A replica count for the pod. +# @param worker.tracksUploader.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @param worker.tracksUploader.api Destination API address citylens. Ex.: http(s)://citylens-api.host/ # @param worker.tracksUploader.source Source address citylens-web. Ex.: http(s)://citylens-web.host # @param worker.tracksUploader.verifySsl Set to `false` if tracksUploader.api or tracksUploader.source must be accessed via https without certificate validation **Required** @@ -527,6 +565,8 @@ worker: replicas: 1 + revisionHistoryLimit: 3 + api: '' source: '' verifySsl: true diff --git a/charts/floors-api/README.md b/charts/floors-api/README.md index 13ba02603..ca22ca032 100644 --- a/charts/floors-api/README.md +++ b/charts/floors-api/README.md @@ -35,18 +35,19 @@ Read more about the On-Premise solution [here](https://docs.2gis.com/en/on-premi ### Common settings -| Name | Description | Value | -| -------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `replicaCount` | A replica count for the pod. | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | -| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `replicaCount` | A replica count for the pod. | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | +| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | ### Service account settings diff --git a/charts/floors-api/templates/deployment.yaml b/charts/floors-api/templates/deployment.yaml index bf4327f3f..0a96741a3 100644 --- a/charts/floors-api/templates/deployment.yaml +++ b/charts/floors-api/templates/deployment.yaml @@ -15,6 +15,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/floors-api/values.yaml b/charts/floors-api/values.yaml index c990cb575..e2c35d9e5 100644 --- a/charts/floors-api/values.yaml +++ b/charts/floors-api/values.yaml @@ -33,6 +33,7 @@ dgctlStorage: # @section Common settings # @param replicaCount A replica count for the pod. +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param imagePullSecrets Kubernetes image pull secrets. # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. # @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. @@ -44,6 +45,7 @@ dgctlStorage: # @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). replicaCount: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/gis-platform/README.md b/charts/gis-platform/README.md index 587fd3d85..297054be8 100644 --- a/charts/gis-platform/README.md +++ b/charts/gis-platform/README.md @@ -112,23 +112,24 @@ See the [documentation](https://docs.2gis.com/en/on-premise/gis-platform) to lea ### Portal settings -| Name | Description | Value | -| -------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------ | -| `portal.replicaCount` | A replica count for the pod. | `1` | -| `portal.terminationGracePeriodSeconds` | Wait for up to this amount of seconds for a running instance of the service to shut down. | `60` | -| `portal.maxBodySize` | Maximum HTTP request body size. | `100m` | -| `portal.gzip.enabled` | If GZip compression should be enabled for the HTTP requests and responses. | `true` | -| `portal.service.type` | Kubernetes [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `portal.service.port` | Service port. | `80` | -| `portal.websocket.timeout` | WebSocket timeout in seconds. | `604800` | -| `portal.cache` | **Cache settings** | | -| `portal.cache.enabled` | If caching should be enabled for the Portal service. | `false` | -| `portal.cache.size` | Maximum cache size. | `1G` | -| `portal.cache.valid` | Cache vailidity period. | `1m` | -| `portal.cache.regex` | Array of regexes to match the resources that should be cached. | `["^/sp/wms.*layers=admin.satellite_imagery&.*$","^/sp/wms.*layers=admin.2gis&.*$"]` | -| `portal.s3proxy` | **S3 storage proxy settings** | | -| `portal.s3proxy.enabled` | If S3 proxy should be enabled. | `false` | -| `portal.s3proxy.scheme` | Protocol to use: `http` or `https`. | `http` | +| Name | Description | Value | +| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------ | +| `portal.replicaCount` | A replica count for the pod. | `1` | +| `portal.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `portal.terminationGracePeriodSeconds` | Wait for up to this amount of seconds for a running instance of the service to shut down. | `60` | +| `portal.maxBodySize` | Maximum HTTP request body size. | `100m` | +| `portal.gzip.enabled` | If GZip compression should be enabled for the HTTP requests and responses. | `true` | +| `portal.service.type` | Kubernetes [Service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `portal.service.port` | Service port. | `80` | +| `portal.websocket.timeout` | WebSocket timeout in seconds. | `604800` | +| `portal.cache` | **Cache settings** | | +| `portal.cache.enabled` | If caching should be enabled for the Portal service. | `false` | +| `portal.cache.size` | Maximum cache size. | `1G` | +| `portal.cache.valid` | Cache vailidity period. | `1m` | +| `portal.cache.regex` | Array of regexes to match the resources that should be cached. | `["^/sp/wms.*layers=admin.satellite_imagery&.*$","^/sp/wms.*layers=admin.2gis&.*$"]` | +| `portal.s3proxy` | **S3 storage proxy settings** | | +| `portal.s3proxy.enabled` | If S3 proxy should be enabled. | `false` | +| `portal.s3proxy.scheme` | Protocol to use: `http` or `https`. | `http` | ### ZooKeeper settings diff --git a/charts/gis-platform/templates/gis-platform-portal-dep.yaml b/charts/gis-platform/templates/gis-platform-portal-dep.yaml index df534af2d..08c3ce06d 100644 --- a/charts/gis-platform/templates/gis-platform-portal-dep.yaml +++ b/charts/gis-platform/templates/gis-platform-portal-dep.yaml @@ -6,6 +6,7 @@ metadata: name: {{ include "gis-platform-portal.fullname" . }} spec: replicas: {{ .Values.portal.replicaCount }} + revisionHistoryLimit: {{ .Values.portal.revisionHistoryLimit }} selector: matchLabels: {{- include "gis-platform-portal.selectorLabels" . | nindent 6 }} diff --git a/charts/gis-platform/values.yaml b/charts/gis-platform/values.yaml index 60c2d999b..3db9f23f3 100644 --- a/charts/gis-platform/values.yaml +++ b/charts/gis-platform/values.yaml @@ -195,12 +195,14 @@ spcore: # @section Portal settings # @param portal.replicaCount A replica count for the pod. +# @param portal.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param portal.terminationGracePeriodSeconds Wait for up to this amount of seconds for a running instance of the service to shut down. # @param portal.maxBodySize Maximum HTTP request body size. # @param portal.gzip.enabled If GZip compression should be enabled for the HTTP requests and responses. portal: replicaCount: 1 + revisionHistoryLimit: 3 terminationGracePeriodSeconds: 60 maxBodySize: 100m gzip: diff --git a/charts/keys/README.md b/charts/keys/README.md index f27da4a4d..da0970c6b 100644 --- a/charts/keys/README.md +++ b/charts/keys/README.md @@ -49,6 +49,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | Name | Description | Value | | --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | | `admin.replicas` | A replica count for the pod. | `1` | +| `admin.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | | `admin.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | | `admin.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | | `admin.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | @@ -88,6 +89,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | `api.logLevel` | Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. | `warning` | | `api.signPrivateKey` | RSA-PSS 2048 private key (in PKCS#1 format) for signing responses in Public API. | `""` | | `api.replicas` | A replica count for the pod. | `1` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | | `api.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | | `api.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | | `api.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | @@ -143,6 +145,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | | `tasker.logLevel` | Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. | `warning` | | `tasker.delay` | Delay in seconds at the service startup. | `30s` | +| `tasker.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | | `tasker.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | | `tasker.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | | `tasker.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | diff --git a/charts/keys/templates/admin/deployment.yaml b/charts/keys/templates/admin/deployment.yaml index b99e03c42..8c5b8eb79 100644 --- a/charts/keys/templates/admin/deployment.yaml +++ b/charts/keys/templates/admin/deployment.yaml @@ -18,6 +18,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.admin.replicas }} + revisionHistoryLimit: {{ .Values.admin.revisionHistoryLimit }} strategy: {{- toYaml .Values.admin.strategy | nindent 4 }} selector: diff --git a/charts/keys/templates/api/deployment.yaml b/charts/keys/templates/api/deployment.yaml index dbd6cea00..e9d1d4f56 100644 --- a/charts/keys/templates/api/deployment.yaml +++ b/charts/keys/templates/api/deployment.yaml @@ -20,6 +20,7 @@ spec: {{- if not .Values.api.hpa.enabled }} replicas: {{ .Values.api.replicas }} {{- end }} + revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} strategy: {{- toYaml .Values.api.strategy | nindent 4 }} selector: diff --git a/charts/keys/templates/tasker/deployment.yaml b/charts/keys/templates/tasker/deployment.yaml index d85b6f568..6d40e749f 100644 --- a/charts/keys/templates/tasker/deployment.yaml +++ b/charts/keys/templates/tasker/deployment.yaml @@ -18,6 +18,7 @@ metadata: {{- end }} spec: replicas: 1 + revisionHistoryLimit: {{ .Values.tasker.revisionHistoryLimit }} strategy: {{- toYaml .Values.tasker.strategy | nindent 4 }} selector: diff --git a/charts/keys/values.yaml b/charts/keys/values.yaml index 889e84e5d..49bd728fd 100644 --- a/charts/keys/values.yaml +++ b/charts/keys/values.yaml @@ -44,6 +44,10 @@ admin: replicas: 1 + # @param admin.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + + revisionHistoryLimit: 3 + # @param admin.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. # @param admin.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). # @param admin.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. @@ -156,6 +160,10 @@ api: replicas: 1 + # @param api.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + + revisionHistoryLimit: 3 + # @param api.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. # @param api.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). # @param api.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. @@ -299,6 +307,10 @@ tasker: delay: 30s + # @param tasker.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + + revisionHistoryLimit: 3 + # @param tasker.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. # @param tasker.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). # @param tasker.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index 86728fe61..9be5aa4eb 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -28,17 +28,18 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: ### Common settings -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `replicaCount` | A replica count for the pod. | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `replicaCount` | A replica count for the pod. | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | ### Deployment settings diff --git a/charts/mapgl-js-api/templates/deployment.yaml b/charts/mapgl-js-api/templates/deployment.yaml index b7ea17bca..7edbd4512 100644 --- a/charts/mapgl-js-api/templates/deployment.yaml +++ b/charts/mapgl-js-api/templates/deployment.yaml @@ -15,6 +15,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index de89d3f7f..e0e6bb202 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @section Common settings # @param replicaCount A replica count for the pod. +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param imagePullSecrets Kubernetes image pull secrets. # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. # @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. @@ -18,6 +19,7 @@ dgctlDockerRegistry: '' # @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). replicaCount: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/platform/README.md b/charts/platform/README.md index 67bee418d..7e1f4ff31 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -17,16 +17,17 @@ Use this Helm chart to deploy Platform service, which is a part of 2GIS's [On-Pr ### Common settings -| Name | Description | Value | -| ------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `ui.replicas` | A replica count for a pod. | `1` | -| `ui.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `ui.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `ui.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `ui.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `ui.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `ui.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `ui.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| Name | Description | Value | +| ------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `ui.replicas` | A replica count for a pod. | `1` | +| `ui.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `ui.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `ui.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `ui.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `ui.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `ui.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `ui.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `ui.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | ### Deployment settings diff --git a/charts/platform/templates/ui/deployment.yaml b/charts/platform/templates/ui/deployment.yaml index 853928f87..f08782d63 100644 --- a/charts/platform/templates/ui/deployment.yaml +++ b/charts/platform/templates/ui/deployment.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.ui.replicas }} + revisionHistoryLimit: {{ .Values.ui.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index b54b24797..09fca33d7 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -12,6 +12,7 @@ ui: # @section Common settings # @param ui.replicas A replica count for a pod. + # @param ui.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param ui.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). # @param ui.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). # @param ui.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. @@ -21,6 +22,7 @@ ui: # @param ui.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). replicas: 1 + revisionHistoryLimit: 3 nodeSelector: {} affinity: {} tolerations: [] diff --git a/charts/search-api/README.md b/charts/search-api/README.md index ff0aa0a4b..282e6c843 100644 --- a/charts/search-api/README.md +++ b/charts/search-api/README.md @@ -28,15 +28,16 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### Common settings -| Name | Description | Value | -| ---------------- | ------------------------------------------------------------------------------------------------------------------ | ----- | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | -| `replicaCount` | A replica count for the pod | `1` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | -| `redeployLabel` | If this label is changed since the last deployment, the whole chart will be redeployed | `""` | +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | +| `replicaCount` | A replica count for the pod | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `affinity` | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `redeployLabel` | If this label is changed since the last deployment, the whole chart will be redeployed | `""` | ### Deployment Artifacts Storage settings diff --git a/charts/search-api/templates/deployment.yaml b/charts/search-api/templates/deployment.yaml index f45e5ba40..6fc6dd2ee 100644 --- a/charts/search-api/templates/deployment.yaml +++ b/charts/search-api/templates/deployment.yaml @@ -15,6 +15,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/search-api/values.yaml b/charts/search-api/values.yaml index e074fd4b1..3f55aaec5 100644 --- a/charts/search-api/values.yaml +++ b/charts/search-api/values.yaml @@ -10,6 +10,7 @@ dgctlDockerRegistry: '' # @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) # @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) # @param replicaCount A replica count for the pod +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) # @param affinity Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) # @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings @@ -18,6 +19,7 @@ dgctlDockerRegistry: '' podAnnotations: {} podLabels: {} replicaCount: 1 +revisionHistoryLimit: 3 nodeSelector: {} affinity: {} tolerations: [] diff --git a/charts/stat-receiver/README.md b/charts/stat-receiver/README.md index 3417d46a1..6e6295204 100644 --- a/charts/stat-receiver/README.md +++ b/charts/stat-receiver/README.md @@ -56,34 +56,36 @@ helm upgrade stat-receiver 2gis-on-premise/stat-receiver -f values-stat-receiver ### API service settings -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------- | -| `api` | **Common settings** | | -| `api.replicas` | A replica count for the pod. | `1` | -| `api.jvmXmx` | Memory allocation options for JVM. | `-Xmx1500m` | -| `api.image` | **Deployment settings** | | -| `api.image.repository` | Repository | `2gis-on-premise/stat-receiver-api` | -| `api.image.tag` | Tag | `1.11.1` | -| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | -| `api.service` | **Service settings** | | -| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `api.service.port` | Service port. | `80` | -| `api.service.targetPort` | Port inside the container. | `8080` | +| Name | Description | Value | +| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `api` | **Common settings** | | +| `api.replicas` | A replica count for the pod. | `1` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.jvmXmx` | Memory allocation options for JVM. | `-Xmx1500m` | +| `api.image` | **Deployment settings** | | +| `api.image.repository` | Repository | `2gis-on-premise/stat-receiver-api` | +| `api.image.tag` | Tag | `1.11.1` | +| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `api.service` | **Service settings** | | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | Service port. | `80` | +| `api.service.targetPort` | Port inside the container. | `8080` | ### Streams service settings -| Name | Description | Value | -| -------------------------- | ------------------------------------------------- | --------------------------------------- | -| `streams` | **Common settings** | | -| `streams.replicas` | A replica count for the pod. | `1` | -| `streams.jvmXmx` | Memory allocation options for JVM. | `-Xmx2G -XX:+UseParallelGC` | -| `streams.jmxPort` | Port for JMX protocol. | `9010` | -| `streams.metricsPort` | Port for metrics. | `8081` | -| `streams.storageSize` | Size of ephemeral disk that holds temporary files | `500Mi` | -| `streams.image` | **Deployment settings** | | -| `streams.image.repository` | Repository | `2gis-on-premise/stat-receiver-streams` | -| `streams.image.tag` | Tag | `1.11.1` | -| `streams.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| Name | Description | Value | +| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | +| `streams` | **Common settings** | | +| `streams.replicas` | A replica count for the pod. | `1` | +| `streams.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `streams.jvmXmx` | Memory allocation options for JVM. | `-Xmx2G -XX:+UseParallelGC` | +| `streams.jmxPort` | Port for JMX protocol. | `9010` | +| `streams.metricsPort` | Port for metrics. | `8081` | +| `streams.storageSize` | Size of ephemeral disk that holds temporary files | `500Mi` | +| `streams.image` | **Deployment settings** | | +| `streams.image.repository` | Repository | `2gis-on-premise/stat-receiver-streams` | +| `streams.image.tag` | Tag | `1.11.1` | +| `streams.image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Kafka service settings diff --git a/charts/stat-receiver/templates/api/deployment.yaml b/charts/stat-receiver/templates/api/deployment.yaml index d31066a1a..4cfb8f72b 100644 --- a/charts/stat-receiver/templates/api/deployment.yaml +++ b/charts/stat-receiver/templates/api/deployment.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.api.replicas }} + revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} strategy: rollingUpdate: maxSurge: 1 diff --git a/charts/stat-receiver/templates/streams/deployment.yaml b/charts/stat-receiver/templates/streams/deployment.yaml index 7b8a85296..23dfee688 100644 --- a/charts/stat-receiver/templates/streams/deployment.yaml +++ b/charts/stat-receiver/templates/streams/deployment.yaml @@ -13,6 +13,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.streams.replicas }} + revisionHistoryLimit: {{ .Values.streams.revisionHistoryLimit }} strategy: rollingUpdate: maxSurge: 1 diff --git a/charts/stat-receiver/values.schema.json b/charts/stat-receiver/values.schema.json index 08fd60d46..528b0d978 100644 --- a/charts/stat-receiver/values.schema.json +++ b/charts/stat-receiver/values.schema.json @@ -15,10 +15,11 @@ "type": "object", "additionalProperties": false, "properties": { - "replicas": { "type": "integer", "minimum": 0 }, - "jvmXmx": { "type": "string" }, - "image": { "$ref": "#/definitions/image" }, - "resources": { "$ref": "#/definitions/k8s_resources" }, + "replicas": { "type": "integer", "minimum": 0 }, + "revisionHistoryLimit": { "type": "integer", "minimum": 0 }, + "jvmXmx": { "type": "string" }, + "image": { "$ref": "#/definitions/image" }, + "resources": { "$ref": "#/definitions/k8s_resources" }, "service": { "type": "object", "additionalProperties": false, @@ -34,13 +35,14 @@ "type": "object", "additionalProperties": false, "properties": { - "replicas": { "type": "integer", "minimum": 0 }, - "jvmXmx": { "type": "string" }, - "jmxPort": { "$ref": "#/definitions/port" }, - "metricsPort": { "$ref": "#/definitions/port" }, - "image": { "$ref": "#/definitions/image" }, - "resources": { "$ref": "#/definitions/k8s_resources" }, - "storageSize": { "$ref": "#/definitions/k8s_quantity" } + "replicas": { "type": "integer", "minimum": 0 }, + "revisionHistoryLimit": { "type": "integer", "minimum": 0 }, + "jvmXmx": { "type": "string" }, + "jmxPort": { "$ref": "#/definitions/port" }, + "metricsPort": { "$ref": "#/definitions/port" }, + "image": { "$ref": "#/definitions/image" }, + "resources": { "$ref": "#/definitions/k8s_resources" }, + "storageSize": { "$ref": "#/definitions/k8s_quantity" } } }, "kafka": { diff --git a/charts/stat-receiver/values.yaml b/charts/stat-receiver/values.yaml index 03742ef7d..3921fba10 100644 --- a/charts/stat-receiver/values.yaml +++ b/charts/stat-receiver/values.yaml @@ -10,9 +10,11 @@ api: # @extra api **Common settings** # @param api.replicas A replica count for the pod. + # @param api.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param api.jvmXmx Memory allocation options for JVM. replicas: 1 + revisionHistoryLimit: 3 jvmXmx: -Xmx1500m # @extra api.image **Deployment settings** @@ -51,11 +53,13 @@ streams: # @extra streams **Common settings** # @param streams.replicas A replica count for the pod. + # @param streams.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param streams.jvmXmx Memory allocation options for JVM. # @param streams.jmxPort Port for JMX protocol. # @param streams.metricsPort Port for metrics. replicas: 1 + revisionHistoryLimit: 3 jvmXmx: -Xmx2G -XX:+UseParallelGC jmxPort: 9010 metricsPort: 8081 diff --git a/charts/traffic-proxy/README.md b/charts/traffic-proxy/README.md index 0dcdb073b..ed9df5966 100644 --- a/charts/traffic-proxy/README.md +++ b/charts/traffic-proxy/README.md @@ -29,17 +29,18 @@ See the [documentation](https://docs.2gis.com/en/on-premise/traffic-proxy) to le ### Common settings -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `replicaCount` | A replica count for the pod. | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `replicaCount` | A replica count for the pod. | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | ### Proxy server settings diff --git a/charts/traffic-proxy/templates/deployment.yaml b/charts/traffic-proxy/templates/deployment.yaml index 3c2ec3a07..97d1001b3 100644 --- a/charts/traffic-proxy/templates/deployment.yaml +++ b/charts/traffic-proxy/templates/deployment.yaml @@ -15,6 +15,7 @@ metadata: {{- end }} spec: replicas: {{ .Values.replicaCount }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/traffic-proxy/values.yaml b/charts/traffic-proxy/values.yaml index 69f3afac3..622b8d8a5 100644 --- a/charts/traffic-proxy/values.yaml +++ b/charts/traffic-proxy/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @section Common settings # @param replicaCount A replica count for the pod. +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param imagePullSecrets Kubernetes image pull secrets. # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. # @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. @@ -18,6 +19,7 @@ dgctlDockerRegistry: '' # @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. replicaCount: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/twins-api/README.md b/charts/twins-api/README.md index bdd033e38..ad73dc137 100644 --- a/charts/twins-api/README.md +++ b/charts/twins-api/README.md @@ -45,6 +45,7 @@ Use this Helm chart to deploy API Twins service, which is a part of 2GIS's [On-P | `api.keys.token` | Keys service API key **Required** | `""` | | `api.keys.requestTimeout` | Timeout for requests to the Keys API. | `5s` | | `api.replicas` | A replica count for the pod. | `1` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | ### api.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** diff --git a/charts/twins-api/templates/api/deployment.yaml b/charts/twins-api/templates/api/deployment.yaml index 757342d66..6b97027d9 100644 --- a/charts/twins-api/templates/api/deployment.yaml +++ b/charts/twins-api/templates/api/deployment.yaml @@ -20,6 +20,7 @@ spec: {{- if not .Values.api.hpa.enabled }} replicas: {{ .Values.api.replicas }} {{- end }} + revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} strategy: {{- toYaml .Values.strategy | nindent 4 }} selector: diff --git a/charts/twins-api/values.yaml b/charts/twins-api/values.yaml index 35f4c65a3..eca547876 100644 --- a/charts/twins-api/values.yaml +++ b/charts/twins-api/values.yaml @@ -58,8 +58,10 @@ api: requestTimeout: 5s # @param api.replicas A replica count for the pod. + # @param api.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). replicas: 1 + revisionHistoryLimit: 3 # @section api.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** # @param api.resources.requests.cpu A CPU request. From 391e6b5a04c90d1a7fe03b3479766149f13ccaf5 Mon Sep 17 00:00:00 2001 From: Igor Sheykin <49325415+Ashigo@users.noreply.github.com> Date: Fri, 12 Jul 2024 13:20:01 +0500 Subject: [PATCH 26/91] add revision history limit to navi-services (#458) * add revisionHistoryLimit to navi-async-matrix * add revisionHistoryLimit to navi-castle * add revisionHistoryLimit to navi-front * add revisionHistoryLimit to navi-restrictions * add revisionHistoryLimit to navi-router * update readme files for navi * update default value to 3 * remove revisionHistoryLimit for StatefulSet --- charts/navi-async-grpc-proxy/README.md | 2 +- charts/navi-async-grpc-proxy/values.yaml | 2 +- charts/navi-front/README.md | 25 +++++++------- charts/navi-front/templates/deployment.yaml | 1 + charts/navi-front/values.yaml | 2 ++ charts/navi-restrictions/README.md | 33 ++++++++++--------- .../templates/deployment.yaml | 1 + charts/navi-restrictions/values.yaml | 2 ++ charts/navi-router/README.md | 25 +++++++------- charts/navi-router/templates/deployment.yaml | 1 + charts/navi-router/values.yaml | 2 ++ charts/navi-splitter/README.md | 2 +- charts/navi-splitter/values.yaml | 2 +- 13 files changed, 56 insertions(+), 44 deletions(-) diff --git a/charts/navi-async-grpc-proxy/README.md b/charts/navi-async-grpc-proxy/README.md index 6f29c7496..acaff7df7 100644 --- a/charts/navi-async-grpc-proxy/README.md +++ b/charts/navi-async-grpc-proxy/README.md @@ -18,7 +18,7 @@ https://gitlab.2gis.ru/traffic/async-grpc-proxy | Name | Description | Value | | ---------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | | `replicaCount` | A replica count for the pod. | `1` | -| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `1` | +| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `3` | | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | | `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | diff --git a/charts/navi-async-grpc-proxy/values.yaml b/charts/navi-async-grpc-proxy/values.yaml index 2701734eb..eedb519bb 100644 --- a/charts/navi-async-grpc-proxy/values.yaml +++ b/charts/navi-async-grpc-proxy/values.yaml @@ -21,7 +21,7 @@ dgctlDockerRegistry: '' # @param labels Custom labels to set to Deployment resource. replicaCount: 1 -revisionHistoryLimit: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/navi-front/README.md b/charts/navi-front/README.md index 39910a1a5..10fbab960 100644 --- a/charts/navi-front/README.md +++ b/charts/navi-front/README.md @@ -28,18 +28,19 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn ### Common settings -| Name | Description | Value | -| -------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | -| `replicaCount` | A replica count for the pod. | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | -| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `replicaCount` | A replica count for the pod. | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | +| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/). | `{}` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | ### Deployment settings diff --git a/charts/navi-front/templates/deployment.yaml b/charts/navi-front/templates/deployment.yaml index 30e89bd4f..56d91a27e 100644 --- a/charts/navi-front/templates/deployment.yaml +++ b/charts/navi-front/templates/deployment.yaml @@ -8,6 +8,7 @@ spec: {{- if not .Values.hpa.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} selector: matchLabels: {{- include "front.selectorLabels" . | nindent 6 }} diff --git a/charts/navi-front/values.yaml b/charts/navi-front/values.yaml index ec37b7739..983b9d14c 100644 --- a/charts/navi-front/values.yaml +++ b/charts/navi-front/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @section Common settings # @param replicaCount A replica count for the pod. +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param imagePullSecrets Kubernetes image pull secrets. # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. # @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. @@ -19,6 +20,7 @@ dgctlDockerRegistry: '' # @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). replicaCount: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/navi-restrictions/README.md b/charts/navi-restrictions/README.md index 90033e19b..bbbb34e1d 100644 --- a/charts/navi-restrictions/README.md +++ b/charts/navi-restrictions/README.md @@ -28,22 +28,23 @@ See the [documentation](https://docs.2gis.com/en/on-premise/restrictions) to lea ### Common settings -| Name | Description | Value | -| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------- | ------ | -| `replicaCount` | A replica count for the pod | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart | `""` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | -| `labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | -| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | -| `priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | `""` | -| `terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | `120` | -| `prometheusEnabled` | If Prometheus scrape is enabled | `true` | +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ------ | +| `replicaCount` | A replica count for the pod | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart | `""` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | +| `labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| `priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) | `""` | +| `terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/) | `120` | +| `prometheusEnabled` | If Prometheus scrape is enabled | `true` | ### Docker registry settings diff --git a/charts/navi-restrictions/templates/deployment.yaml b/charts/navi-restrictions/templates/deployment.yaml index e67bd8595..9369ad4ae 100644 --- a/charts/navi-restrictions/templates/deployment.yaml +++ b/charts/navi-restrictions/templates/deployment.yaml @@ -14,6 +14,7 @@ spec: {{- if not .Values.api.hpa.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/navi-restrictions/values.yaml b/charts/navi-restrictions/values.yaml index c255cacc0..20e1c7d32 100644 --- a/charts/navi-restrictions/values.yaml +++ b/charts/navi-restrictions/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @section Common settings # @param replicaCount A replica count for the pod +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param imagePullSecrets Kubernetes image pull secrets # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart # @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart @@ -23,6 +24,7 @@ dgctlDockerRegistry: '' # @param prometheusEnabled If Prometheus scrape is enabled replicaCount: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/navi-router/README.md b/charts/navi-router/README.md index 48462eed4..5b40fd869 100644 --- a/charts/navi-router/README.md +++ b/charts/navi-router/README.md @@ -28,18 +28,19 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn ### Common settings -| Name | Description | Value | -| -------------------- | -------------------------------------------------------------------------------------------------------------------------- | ----- | -| `replicaCount` | A replica count for the pod | `1` | -| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart | `""` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | -| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| Name | Description | Value | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `replicaCount` | A replica count for the pod | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `imagePullSecrets` | Kubernetes image pull secrets | `[]` | +| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart | `""` | +| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart | `""` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `securityContext` | Kubernetes [security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | ### Deployment settings diff --git a/charts/navi-router/templates/deployment.yaml b/charts/navi-router/templates/deployment.yaml index 8a353a3a4..e700463fa 100644 --- a/charts/navi-router/templates/deployment.yaml +++ b/charts/navi-router/templates/deployment.yaml @@ -9,6 +9,7 @@ spec: {{- if not .Values.hpa.enabled }} replicas: {{ .Values.replicaCount }} {{- end }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} {{- if .Values.strategy }} strategy: {{- toYaml .Values.strategy | nindent 4 }} diff --git a/charts/navi-router/values.yaml b/charts/navi-router/values.yaml index 6107b27c3..7636d86b5 100644 --- a/charts/navi-router/values.yaml +++ b/charts/navi-router/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @section Common settings # @param replicaCount A replica count for the pod +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). # @param imagePullSecrets Kubernetes image pull secrets # @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart # @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart @@ -19,6 +20,7 @@ dgctlDockerRegistry: '' # @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) replicaCount: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' diff --git a/charts/navi-splitter/README.md b/charts/navi-splitter/README.md index ebf1d0231..737ebac9b 100644 --- a/charts/navi-splitter/README.md +++ b/charts/navi-splitter/README.md @@ -32,7 +32,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | Name | Description | Value | | ---------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | | `replicaCount` | A replica count for the pod. | `1` | -| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `1` | +| `revisionHistoryLimit` | Number of replica sets to keep for deployment rollbacks | `3` | | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | | `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | diff --git a/charts/navi-splitter/values.yaml b/charts/navi-splitter/values.yaml index e2814fa3a..2c9d261eb 100644 --- a/charts/navi-splitter/values.yaml +++ b/charts/navi-splitter/values.yaml @@ -22,7 +22,7 @@ dgctlDockerRegistry: '' replicaCount: 1 -revisionHistoryLimit: 1 +revisionHistoryLimit: 3 imagePullSecrets: [] nameOverride: '' fullnameOverride: '' From 5441daae1f4a484ecc9d67d4ee6e1b9ddac4a930 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Fri, 19 Jul 2024 13:13:20 +0500 Subject: [PATCH 27/91] Add github action with Mattermost Notify (#465) --- .github/workflows/mm-notify.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) create mode 100644 .github/workflows/mm-notify.yaml diff --git a/.github/workflows/mm-notify.yaml b/.github/workflows/mm-notify.yaml new file mode 100644 index 000000000..ce6453bf3 --- /dev/null +++ b/.github/workflows/mm-notify.yaml @@ -0,0 +1,29 @@ +--- + +name: Send notification to Mattermost + +on: + pull_request: + types: [opened, reopened, edited, ready_for_review] +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: mattermost/action-mattermost-notify@master + if: ${{ !github.event.pull_request.draft && !startsWith(github.event.pull_request.title, 'WIP:') && github.event.action != 'edited' && github.event.action != 'ready_for_review'}} + with: + MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} + MATTERMOST_USERNAME: Github + MATTERMOST_ICON_URL: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/GitHub_Invertocat_Logo.svg/256px-GitHub_Invertocat_Logo.svg.png + TEXT: | + Создан Pull Request [${{ github.event.pull_request.title }}](${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.number }}) + Автор: ${{ github.triggering_actor }} + - uses: mattermost/action-mattermost-notify@master + if: ${{ (github.event.pull_request.draft == false && startsWith(github.event.pull_request.title, 'WIP:') == false && github.event.action == 'edited' && startsWith(github.event.changes.title.from, 'WIP:') == true ) || github.event.action == 'ready_for_review'}} + with: + MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} + MATTERMOST_USERNAME: Github + MATTERMOST_ICON_URL: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/GitHub_Invertocat_Logo.svg/256px-GitHub_Invertocat_Logo.svg.png + TEXT: | + Pull Request готов к проверке [${{ github.event.pull_request.title }}](${{ github.server_url }}/${{ github.repository }}/pull/${{ github.event.number }}) + Автор: ${{ github.triggering_actor }} From 9af06818a47a25edfc79815719e0d139dd9d70d0 Mon Sep 17 00:00:00 2001 From: Alexandr Sentyabov <36183816+SanchezzRU@users.noreply.github.com> Date: Tue, 23 Jul 2024 00:47:18 +0700 Subject: [PATCH 28/91] [DEVOPS-1178] add navi back freeroam (#447) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [tiles-api] Upgrade to 4.54.0 (#428) * PRO-UI 2.14.0 (#441) * [DEVOPS-1178] add navi back freeroam * [DEVOPS-1178] up versions and add rules for free roam * [DEVOPS-1178] typo * [DEVOPS-1178] add gzip --------- Co-authored-by: FreakyGranny Co-authored-by: Aveldin1 <164148461+Aveldin1@users.noreply.github.com> Co-authored-by: Сентябов Александр Сергеевич --- .../navi-front/templates/configmap-base.yaml | 9 +++++ helmfile/README.md | 40 +++++++++++-------- helmfile/deploy/navi/navi-back-custom.yaml | 24 +++++++++++ helmfile/deploy/tests/navi-front.sh | 6 +++ helmfile/deploy/tests/points/moscow_fr.txt | 1 + .../services/navi/navi-back/_common.gotmpl | 3 ++ image_versions.txt | 4 +- 7 files changed, 68 insertions(+), 19 deletions(-) create mode 100644 helmfile/deploy/tests/points/moscow_fr.txt diff --git a/charts/navi-front/templates/configmap-base.yaml b/charts/navi-front/templates/configmap-base.yaml index cc9e23264..4f089b280 100644 --- a/charts/navi-front/templates/configmap-base.yaml +++ b/charts/navi-front/templates/configmap-base.yaml @@ -71,6 +71,15 @@ data: js_content bundle.geo_coding; } + location ^~ /free_roam { + gzip on; + gzip_vary on; + gzip_proxied any; + gzip_comp_level 5; + gzip_types *; + js_content bundle.geo_coding; + } + location /geocoding { rewrite ^/geocoding(.*)$ $1 break; proxy_pass http://{{ ternary (include "front.createRouterUpstream" .) .Values.front.router.host .Values.front.router.discover }}; diff --git a/helmfile/README.md b/helmfile/README.md index d4203b401..ec5475187 100644 --- a/helmfile/README.md +++ b/helmfile/README.md @@ -1,21 +1,22 @@ #### Содержание -[Подготовка](#prepare) -[Деплой castle](#castle) -[Деплой бэкенда Directions API авто](#directions-car) -[Деплой бэкенда Directions API пешеходы](#directions-pedestrian) -[Деплой бэкенда Directions API велосипеды](#directions-bicycle) -[Деплой бэкенда Directions API такси](#directions-taxi) -[Деплой бэкенда Directions API грузовики](#directions-truck) -[Деплой бэкенда Pairs Directions API](#pairs-directions) -[Деплой бэкенда Public Transport](#public-transport) -[Деплой бэкенда Distance Matrix API (до 25х25)](#distance-matrix) -[Деплой бэкенда Distance Matrix API Async (более 25х25)](#async) -[Деплой бэкенда Distance Matrix API Public Transport (до 10х10)](#distance-matrix-ctx) -[Деплой GRPC-proxy для Distance Matrix API Async (более 25х25)](#grpc) -[Деплой фронтенда для Distance Matrix API Async (более 25х25)](#async-front) -[Деплой splitter для Distance Matrix API Public Transport (до 10х10)](#splitter) -[Деплой navi-router](#navi-router) -[Деплой navi-front](#navi-front) +[Подготовка](#prepare) +[Деплой castle](#castle) +[Деплой бэкенда Directions API авто](#directions-car) +[Деплой бэкенда Directions API пешеходы](#directions-pedestrian) +[Деплой бэкенда Directions API велосипеды](#directions-bicycle) +[Деплой бэкенда Directions API такси](#directions-taxi) +[Деплой бэкенда Directions API грузовики](#directions-truck) +[Деплой бэкенда Free Roam API](#freeroam) +[Деплой бэкенда Pairs Directions API](#pairs-directions) +[Деплой бэкенда Public Transport](#public-transport) +[Деплой бэкенда Distance Matrix API (до 25х25)](#distance-matrix) +[Деплой бэкенда Distance Matrix API Async (более 25х25)](#async) +[Деплой бэкенда Distance Matrix API Public Transport (до 10х10)](#distance-matrix-ctx) +[Деплой GRPC-proxy для Distance Matrix API Async (более 25х25)](#grpc) +[Деплой фронтенда для Distance Matrix API Async (более 25х25)](#async-front) +[Деплой splitter для Distance Matrix API Public Transport (до 10х10)](#splitter) +[Деплой navi-router](#navi-router) +[Деплой navi-front](#navi-front)

Подготовка

 Скачать данные и загрузить в s3 @@ -68,6 +69,11 @@ helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-cus helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=directions-truck sync ``` +

Деплой бэкенда Free Roam

 +``` +helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=freeroam sync +``` +

Деплой бэкенда Pairs Directions API

 ``` helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=pairs-directions sync diff --git a/helmfile/deploy/navi/navi-back-custom.yaml b/helmfile/deploy/navi/navi-back-custom.yaml index 3460c35a9..239520dbf 100644 --- a/helmfile/deploy/navi/navi-back-custom.yaml +++ b/helmfile/deploy/navi/navi-back-custom.yaml @@ -374,3 +374,27 @@ releases: value: {{ .Values.kafka.authLogin.sslPassword }} {{ end }} {{ end }} + + {{ $API := "freeroam" }}{{ $type := "freeroam"}} + - name: navi-back-{{ $API }} + <<: *default + labels: + service: {{ $API }} + chart: navi-back + set: + - name: naviback.app_rule + value: {{ $API }} + - name: naviback.type + value: {{ $type }} + {{ if eq .Values.naviCustomResources true }} + - name: replicaCount + value: {{ .Values.freeroam.replicaCount }} + - name: resources.limits.cpu + value: {{ .Values.freeroam.limits.cpu }} + - name: resources.limits.memory + value: {{ .Values.freeroam.limits.memory }} + - name: resources.requests.cpu + value: {{ .Values.freeroam.requests.cpu }} + - name: resources.requests.memory + value: {{ .Values.freeroam.requests.memory }} + {{- end }} diff --git a/helmfile/deploy/tests/navi-front.sh b/helmfile/deploy/tests/navi-front.sh index 311c10d82..b5d08913f 100755 --- a/helmfile/deploy/tests/navi-front.sh +++ b/helmfile/deploy/tests/navi-front.sh @@ -19,6 +19,12 @@ echo $UPSTREAM # Truck Directions API - to do нет токена в api key for service in $UPSTREAM; do case $service in + "freeroam") + echo "Create routing for Directions API freeroam:" + echo + echo `curl -sSfG $URL/free_roam/2.0?key=$KEY -d @moscow_fr.txt` + echo + ;; "directions-bicycle") echo "Create routing for Directions API bicycle:" echo diff --git a/helmfile/deploy/tests/points/moscow_fr.txt b/helmfile/deploy/tests/points/moscow_fr.txt new file mode 100644 index 000000000..4139c26a2 --- /dev/null +++ b/helmfile/deploy/tests/points/moscow_fr.txt @@ -0,0 +1 @@ +bound={"min":{"lat":55.7683,"lon":37.5998},"max":{"lat":55.7622,"lon":37.6076}} diff --git a/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl index a44b08f16..508f34980 100644 --- a/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl +++ b/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl @@ -17,6 +17,9 @@ resources: memory: 4Gi rules: + - name: free-roam # свободное вождение + queries: ["free_roam"] + routing: [] - name: directions-car # авто queries: ["routing"] routing: ["driving"] diff --git a/image_versions.txt b/image_versions.txt index 68bc0e436..e6c804fa5 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -35,7 +35,7 @@ navi-async-matrix navi-back envoy:v1.27.0 metrics-aggregator: - navi-back:7.23.0.5 + navi-back:7.25.0.3 navi-castle navi-castle:1.9.2 navi-front:1.24.1 @@ -45,7 +45,7 @@ navi-restrictions navi-restrictions-api:1.0.1 navi-restrictions-syncer:1.0.1 navi-router - navi-router:6.17.1.2 + navi-router:6.24.0.3 navi-splitter navi-splitter:1.0.1 platform From 781e69657b8b561b6b52834fdbb665e7290e54b7 Mon Sep 17 00:00:00 2001 From: Aveldin1 <164148461+Aveldin1@users.noreply.github.com> Date: Mon, 22 Jul 2024 20:50:28 +0300 Subject: [PATCH 29/91] [PRO-5488] Change-Helm for PRO-UI (#460) * Change-Helm for PRO-UI * Fix Readme * add link to docs.2gis.com --------- Co-authored-by: Igor Sheykin --- charts/pro-ui/README.md | 50 ++++++++----------- charts/pro-ui/templates/_helpers.tpl | 15 ++---- charts/pro-ui/templates/ui/role.yaml | 20 -------- charts/pro-ui/templates/ui/rolebinding.yaml | 16 ------ .../templates/ui/secrets-styles-importer.yaml | 3 +- .../pro-ui/templates/ui/service-account.yaml | 9 ---- .../templates/ui/styles-import-starter.yaml | 10 ++-- charts/pro-ui/values.schema.json | 8 +-- charts/pro-ui/values.yaml | 14 ++---- 9 files changed, 39 insertions(+), 106 deletions(-) delete mode 100644 charts/pro-ui/templates/ui/role.yaml delete mode 100644 charts/pro-ui/templates/ui/rolebinding.yaml delete mode 100644 charts/pro-ui/templates/ui/service-account.yaml diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 9b879f65e..89f81ec07 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -44,27 +44,27 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On ### UI service settings -| Name | Description | Value | -| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `ui.appTheme` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `urbi` | -| `ui.appLocale` | Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. | `en_AE` | -| `ui.appInitialMapCenter` | Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). | `[46.71, 24.72]` | -| `ui.supportDocumentationLink` | Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' | `https://docs.urbi.ae/en/pro/start` | -| `ui.immersiveModels` | A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] | `""` | -| `ui.publicS3Url` | Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ | `""` | -| `ui.auth.sso` | Flag to turn on/off the authorization. Possible values: `"true"` or `"false"`. | `false` | -| `ui.auth.secure` | Flag to turn on/off the https for auth. Possible values: `"true"` or `"false"`. | `true` | -| `ui.auth.safeHosts` | a string with regExp, which checks incoming authCodeUrl | `.*` | -| `ui.auth.codeUrl` | an URL, which is used to exchange code to token: host/api/auth/code | `""` | -| `ui.auth.clientId` | a client_id from keycloack | `""` | -| `ui.auth.clientSecret` | a client_secret from keycloack | `""` | -| `ui.auth.oAuthProvider` | a provider name. Possible values: "keycloak" | "ugc" | "openid" | `keycloak` | -| `ui.auth.oAuthScopes` | scopes for openid connect. Possible values: | `""` | -| `ui.auth.identityProviderUrl` | a provider base URL | `""` | -| `ui.auth.oAuthApiUrl` | an oAuth provider base URL | `""` | -| `ui.auth.userDataApiUrl` | an user data provider URL | `""` | -| `ui.auth.turnOffCertValidation` | Flag to turn off certificate validation. Possible values: `"true"` or `"false"`. | `false` | -| `ui.auth.openIdWellKnownUrlListUrl` | URL to OpenID Connect Discovery data | `""` | +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `ui.appTheme` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `urbi` | +| `ui.appLocale` | Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. | `en_AE` | +| `ui.appInitialMapCenter` | Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). | `[46.71, 24.72]` | +| `ui.supportDocumentationLink` | Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' or 'https://docs.2gis.com/ru/pro/start' | `""` | +| `ui.immersiveModels` | A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] | `""` | +| `ui.publicS3Url` | Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ | `""` | +| `ui.auth.sso` | Flag to turn on/off the authorization. Possible values: `"true"` or `"false"`. | `false` | +| `ui.auth.secure` | Flag to turn on/off the https for auth. Possible values: `"true"` or `"false"`. | `true` | +| `ui.auth.safeHosts` | a string with regExp, which checks incoming authCodeUrl | `.*` | +| `ui.auth.codeUrl` | an URL, which is used to exchange code to token: host/api/auth/code | `""` | +| `ui.auth.clientId` | a client_id from keycloack | `""` | +| `ui.auth.clientSecret` | a client_secret from keycloack | `""` | +| `ui.auth.oAuthProvider` | a provider name. Possible values: "keycloak" | "ugc" | "openid" | `keycloak` | +| `ui.auth.oAuthScopes` | scopes for openid connect. Possible values: | `""` | +| `ui.auth.identityProviderUrl` | a provider base URL | `""` | +| `ui.auth.oAuthApiUrl` | an oAuth provider base URL | `""` | +| `ui.auth.userDataApiUrl` | an user data provider URL | `""` | +| `ui.auth.turnOffCertValidation` | Flag to turn off certificate validation. Possible values: `"true"` or `"false"`. | `false` | +| `ui.auth.openIdWellKnownUrlListUrl` | URL to OpenID Connect Discovery data | `""` | ### 2GIS Pro API settings @@ -160,12 +160,6 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | `ui.hpa.targetCPU` | Target CPU utilization percentage | `100` | | `ui.hpa.targetMemory` | Target Memory utilization percentage | `""` | -### 2GIS PRO UI Job settings - -| Name | Description | Value | -| ----------------------- | ----------------------- | ----------------- | -| `appStylesImporterName` | Styles Import job name. | `styles-importer` | - ### Artifacts Storage settings | Name | Description | Value | @@ -183,7 +177,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | Name | Description | Value | | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `stylesImporter.serviceAccount` | Kubernetes service account | `runner` | +| `stylesImporter.name` | Styles Import job name. | `styles-importer` | | `stylesImporter.image.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | | `stylesImporter.image.tag` | Docker image tag. | `1.22.0` | | `stylesImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | diff --git a/charts/pro-ui/templates/_helpers.tpl b/charts/pro-ui/templates/_helpers.tpl index 1a61ca675..dd4de2916 100644 --- a/charts/pro-ui/templates/_helpers.tpl +++ b/charts/pro-ui/templates/_helpers.tpl @@ -24,17 +24,8 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} {{- end -}} -{{- define "pro.ui.styles-importer-name" -}} -{{- $name := default .Values.appStylesImporterName -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - -{{- define "pro.ui.service-account-name" -}} -{{- $name := default .Values.stylesImporter.serviceAccount -}} +{{- define "pro.ui.styles-importer.name" -}} +{{- $name := default .Values.stylesImporter.name -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -48,7 +39,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{ end }} {{- end -}} -{{- define "pro.ui.importer.hook.annotations" -}} +{{- define "pro.ui.styles-importer.helm-hooks" -}} "helm.sh/hook": pre-install,pre-upgrade "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded {{- end -}} diff --git a/charts/pro-ui/templates/ui/role.yaml b/charts/pro-ui/templates/ui/role.yaml deleted file mode 100644 index aaf870edd..000000000 --- a/charts/pro-ui/templates/ui/role.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{ if .Values.stylesImporter.startOnDeploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - name: {{ include "pro.ui.service-account-name" . }}-role - annotations: - {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} - "helm.sh/hook-weight": "-2" -rules: - - apiGroups: - - batch - resources: - - jobs - verbs: - - get - - list - - create - - watch - - delete -{{ end }} diff --git a/charts/pro-ui/templates/ui/rolebinding.yaml b/charts/pro-ui/templates/ui/rolebinding.yaml deleted file mode 100644 index d08208b85..000000000 --- a/charts/pro-ui/templates/ui/rolebinding.yaml +++ /dev/null @@ -1,16 +0,0 @@ -{{ if .Values.stylesImporter.startOnDeploy }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: {{ include "pro.ui.service-account-name" . }}-binding - annotations: - {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} - "helm.sh/hook-weight": "-1" -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: {{ include "pro.ui.service-account-name" . }}-role -subjects: - - kind: ServiceAccount - name: {{ include "pro.ui.service-account-name" . }} -{{ end }} diff --git a/charts/pro-ui/templates/ui/secrets-styles-importer.yaml b/charts/pro-ui/templates/ui/secrets-styles-importer.yaml index af9d85311..5bdacbf3f 100644 --- a/charts/pro-ui/templates/ui/secrets-styles-importer.yaml +++ b/charts/pro-ui/templates/ui/secrets-styles-importer.yaml @@ -4,8 +4,7 @@ kind: Secret metadata: name: {{ include "pro.ui.name" . }}-secret annotations: - {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} - "helm.sh/hook-weight": "-1" + {{- include "pro.ui.styles-importer.helm-hooks" $ | nindent 4 }} type: Opaque data: s3AccessKey: {{ required "Valid .Values.dgctlStorage.accessKey required!" .Values.dgctlStorage.accessKey | b64enc }} diff --git a/charts/pro-ui/templates/ui/service-account.yaml b/charts/pro-ui/templates/ui/service-account.yaml deleted file mode 100644 index a1704ab92..000000000 --- a/charts/pro-ui/templates/ui/service-account.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{ if .Values.stylesImporter.startOnDeploy }} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ include "pro.ui.service-account-name" . }} - annotations: - {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} - "helm.sh/hook-weight": "-1" -{{ end }} diff --git a/charts/pro-ui/templates/ui/styles-import-starter.yaml b/charts/pro-ui/templates/ui/styles-import-starter.yaml index 754992bbc..4c47dc7dd 100644 --- a/charts/pro-ui/templates/ui/styles-import-starter.yaml +++ b/charts/pro-ui/templates/ui/styles-import-starter.yaml @@ -2,10 +2,9 @@ apiVersion: batch/v1 kind: Job metadata: - name: {{ include "pro.ui.styles-importer-name" . }}-starter + name: {{ include "pro.ui.styles-importer.name" . }}-starter annotations: - {{- include "pro.ui.importer.hook.annotations" $ | nindent 4 }} - "helm.sh/hook-weight": "1" + {{- include "pro.ui.styles-importer.helm-hooks" $ | nindent 4 }} spec: backoffLimit: {{ .Values.stylesImporter.backoffLimit }} template: @@ -15,12 +14,11 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} restartPolicy: Never - serviceAccountName: {{ include "pro.ui.service-account-name" . }} volumes: - name: temp-volume emptyDir: {} containers: - - name: {{ include "pro.ui.styles-importer-name" . }} + - name: {{ include "pro.ui.styles-importer.name" . }} image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.stylesImporter.image.repository }}:{{ .Values.stylesImporter.image.tag }} imagePullPolicy: IfNotPresent resources: @@ -30,7 +28,7 @@ spec: name: temp-volume env: - name: JOB_NAME - value: {{ include "pro.ui.styles-importer-name" . }} + value: {{ include "pro.ui.styles-importer.name" . }} - name: ES_HOST value: http://some_fake_url - name: API_URL diff --git a/charts/pro-ui/values.schema.json b/charts/pro-ui/values.schema.json index 8fac9fe44..26f857b3f 100644 --- a/charts/pro-ui/values.schema.json +++ b/charts/pro-ui/values.schema.json @@ -198,9 +198,6 @@ } } }, - "appStylesImporterName": { - "type": "string" - }, "dgctlStorage": { "type": "object", "required": ["host", "secure", "bucket", "accessKey", "secretKey", "manifest"], @@ -231,6 +228,11 @@ "type": "boolean" } } + }, + "stylesImporter": { + "properties": { + "name": { "type": "string" } + } } } } diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index e5c93319d..bf7920cbe 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -59,7 +59,7 @@ ui: # @param ui.appTheme Branding inside the app. Possible values: `"2gis"` or `"urbi"`. # @param ui.appLocale Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. # @param ui.appInitialMapCenter Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). - # @param ui.supportDocumentationLink Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' + # @param ui.supportDocumentationLink Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' or 'https://docs.2gis.com/ru/pro/start' # @param ui.immersiveModels A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] # @param ui.publicS3Url Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ @@ -68,7 +68,7 @@ ui: appTheme: urbi appLocale: en_AE appInitialMapCenter: '[46.71, 24.72]' - supportDocumentationLink: https://docs.urbi.ae/en/pro/start + supportDocumentationLink: '' immersiveModels: '' publicS3Url: '' @@ -250,12 +250,6 @@ ui: targetCPU: 100 targetMemory: '' -# @section 2GIS PRO UI Job settings - -# @param appStylesImporterName Styles Import job name. - -appStylesImporterName: styles-importer - # @section Artifacts Storage settings # @param dgctlStorage.host S3 endpoint. Format: `host:port`. **Required** @@ -281,7 +275,7 @@ dgctlStorage: # If the Style Importer Job failed, then we don't need to deploy the whole pro-ui app. -# @param stylesImporter.serviceAccount Kubernetes service account +# @param stylesImporter.name Styles Import job name. # @param stylesImporter.image.repository Docker Repository Image. # @param stylesImporter.image.tag Docker image tag. # @param stylesImporter.backoffLimit The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. @@ -295,7 +289,7 @@ dgctlStorage: # @param stylesImporter.resources.limits.memory A memory limit. stylesImporter: - serviceAccount: runner + name: styles-importer image: repository: 2gis-on-premise/pro-importer tag: 1.22.0 From 34701ccf9b3a528636eb37afea2646d9e0a030c7 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Wed, 24 Jul 2024 18:07:21 +0700 Subject: [PATCH 30/91] Add new citylens-workers based worker & add Drivers asset-related topics (#466) --- Breaking-Changes.md | 8 ++ charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 57 +++++++++---- charts/citylens/templates/api/configmap.yaml | 4 +- charts/citylens/templates/helpers.tpl | 38 +++++++++ charts/citylens/templates/web/configmap.yaml | 9 ++- .../workers}/deployment-camcom-sender.yaml | 0 .../workers}/deployment-frames-saver.yaml | 0 .../workers}/deployment-logs-saver.yaml | 0 .../deployment-predictions-saver.yaml | 0 .../deployment-reporter-pro-tracks.yaml | 0 .../workers}/deployment-reporter-pro.yaml | 0 .../deployment-track-metadata-saver.yaml | 0 .../workers}/deployment-track-reloader.yaml | 0 .../citylens/templates/workers/configmap.yaml | 38 +++++++++ .../deployment-dashboard-batch-events.yaml | 79 +++++++++++++++++++ charts/citylens/values.yaml | 56 ++++++++++++- 17 files changed, 264 insertions(+), 27 deletions(-) rename charts/citylens/templates/{worker => web/workers}/deployment-camcom-sender.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-frames-saver.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-logs-saver.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-predictions-saver.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-reporter-pro-tracks.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-reporter-pro.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-track-metadata-saver.yaml (100%) rename charts/citylens/templates/{worker => web/workers}/deployment-track-reloader.yaml (100%) create mode 100644 charts/citylens/templates/workers/configmap.yaml create mode 100644 charts/citylens/templates/workers/deployment-dashboard-batch-events.yaml diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 56e373f53..8faf673ce 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,5 +1,13 @@ # 2GIS On-Premise Breaking-Changes +## [#.#.#] + +### citylens +- Added new worker `worker.dashboardBatchEvents` +- Added new kafka topics + - `kafka.topics.tracksLifecycle` - tracks lifecycle events + - `kafka.topics.proDrivers` - synchonization drivers tracks with Pro + ## [1.24.0] ### pro-api diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 15044f251..7dcdeead6 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.25.0 -appVersion: 1.10.0 +appVersion: 1.11.0 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 0f8f5b7e1..846b0d5d8 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.10.0` | +| `api.image.tag` | Tag. | `1.11.0` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -133,7 +133,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.10.0` | +| `web.image.tag` | Tag. | `1.11.1` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -340,13 +340,36 @@ See the [documentation]() to learn about: | `worker.tracksUploader.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | | `worker.tracksUploader.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | +### Citylens Dashboard batch events worker's settings + +| Name | Description | Value | +| -------------------------------------- | ---------------------------- | ----- | +| `worker.dashboardBatchEvents.replicas` | A replica count for the pod. | `1` | + +### Citylens Dashboard batch events worker's Image settings + +| Name | Description | Value | +| -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | +| `worker.dashboardBatchEvents.image.repository` | Repository. | `2gis-on-premise/citylens-workers` | +| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.11.1` | +| `worker.dashboardBatchEvents.image.pullPolicy` | Pull Policy. | `IfNotPresent` | +| `worker.dashboardBatchEvents.logLevel` | Worker's log level. | `INFO` | +| `worker.dashboardBatchEvents.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `worker.dashboardBatchEvents.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.dashboardBatchEvents.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.dashboardBatchEvents.podAnnotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.dashboardBatchEvents.podLabels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.dashboardBatchEvents.nodeSelector` | Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.dashboardBatchEvents.tolerations` | Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `worker.dashboardBatchEvents.affinity` | Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. | `{}` | + ### Migration job settings | Name | Description | Value | | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.10.0` | +| `migrations.image.tag` | Tag. | `1.11.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | @@ -356,19 +379,21 @@ See the [documentation]() to learn about: ### Kafka settings -| Name | Description | Value | -| ------------------------------ | ------------------------------------------------------------------------------------- | ----- | -| `kafka.bootstrapServer` | A Kafka broker endpoint. **Required** | `""` | -| `kafka.username` | A Kafka username for connection. **Required** | `""` | -| `kafka.password` | A Kafka password for connection. **Required** | `""` | -| `kafka.topics.frames` | List of topics for Frames saver worker. **Required** | `""` | -| `kafka.topics.tracks` | List of topics for Tracks metadata worker. **Required** | `""` | -| `kafka.topics.pro` | Topic for frames synchronization with Pro (used by Reporter pro worker). **Required** | `""` | -| `kafka.topics.uploader` | Topic for Uploader worker. **Required** | `""` | -| `kafka.topics.logs` | Topic for citylens mobile app logs, uploaded via citylens-api. **Required** | `""` | -| `kafka.topics.framesLifecycle` | Topic for frames lifecycle events. **Required** | `""` | -| `kafka.topics.predictions` | Topic for predictions events from detectors. **Required** | `""` | -| `kafka.consumerGroups.prefix` | Kafka topics prefix. **Required** | `""` | +| Name | Description | Value | +| ------------------------------ | --------------------------------------------------------------------------------------------- | ----- | +| `kafka.bootstrapServer` | A Kafka broker endpoint. **Required** | `""` | +| `kafka.username` | A Kafka username for connection. **Required** | `""` | +| `kafka.password` | A Kafka password for connection. **Required** | `""` | +| `kafka.topics.frames` | List of topics for Frames saver worker. **Required** | `""` | +| `kafka.topics.tracks` | List of topics for Tracks metadata worker. **Required** | `""` | +| `kafka.topics.pro` | Topic for frames synchronization with Pro (used by Reporter pro worker). **Required** | `""` | +| `kafka.topics.proDrivers` | Topic for drivers tracks synchronization with Pro (used by Reporter pro worker). **Required** | `""` | +| `kafka.topics.uploader` | Topic for Uploader worker. **Required** | `""` | +| `kafka.topics.logs` | Topic for citylens mobile app logs, uploaded via citylens-api. **Required** | `""` | +| `kafka.topics.framesLifecycle` | Topic for frames lifecycle events. **Required** | `""` | +| `kafka.topics.tracksLifecycle` | Topic for tracks lifecycle events. **Required** | `""` | +| `kafka.topics.predictions` | Topic for predictions events from detectors. **Required** | `""` | +| `kafka.consumerGroups.prefix` | Kafka topics prefix. **Required** | `""` | ### S3 settings diff --git a/charts/citylens/templates/api/configmap.yaml b/charts/citylens/templates/api/configmap.yaml index 701f854ae..335dc2e4f 100644 --- a/charts/citylens/templates/api/configmap.yaml +++ b/charts/citylens/templates/api/configmap.yaml @@ -19,9 +19,7 @@ data: predictions: {{ required "A valid .Values.kafka.topics.predictions entry required" .topics.predictions | squote }} {{- end }} database: - {{- with .Values.postgres }} - postgres: 'postgresql+asyncpg://{{ required "A valid .Values.postgres.username entry required" .username }}:{{ required "A valid .Values.postgres.password entry required" .password }}@{{ required "A valid .Values.postgres.host entry required" .host }}:{{ required "A valid .Values.postgres.port entry required" .port }}/{{ required "A valid .Values.postgres.database entry required" .database }}' - {{- end }} + postgres: {{ include "citylens.pgDSN.asyncpg" . | squote }} {{- with .Values.api.auth }} auth: enabled: {{ .enabled }} diff --git a/charts/citylens/templates/helpers.tpl b/charts/citylens/templates/helpers.tpl index 5fdd904d0..293eadab0 100644 --- a/charts/citylens/templates/helpers.tpl +++ b/charts/citylens/templates/helpers.tpl @@ -49,6 +49,14 @@ Expand the name of the chart. {{ include "citylens.name" . }}-track-reloader {{- end }} +{{- define "citylens.workers.name" -}} +{{ include "citylens.name" . }}-workers +{{- end }} + +{{- define "citylens.dashboard-batch-events.name" -}} +{{ include "citylens.name" . }}-dashboard-batch-events +{{- end }} + {{- define "citylens.configmap.labels" -}} app.kubernetes.io/name: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} @@ -134,6 +142,16 @@ app.kubernetes.io/instance: {{ include "citylens.track-reloader.name" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} +{{- define "citylens.dashboard-batch-events.selectorLabels" -}} +app.kubernetes.io/name: {{ .Release.Name }} +app.kubernetes.io/instance: {{ include "citylens.dashboard-batch-events.name" . }} +{{- end }} + +{{- define "citylens.dashboard-batch-events.labels" -}} +{{ include "citylens.dashboard-batch-events.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + {{- define "citylens.reporter-pro.labels" -}} {{ include "citylens.reporter-pro.selectorLabels" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} @@ -200,3 +218,23 @@ Mount directory for custom CA {{- define "citylens.customCA.mountPath" -}} {{ $.Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} {{- end -}} + +{{/* +Postgres DSN variations +*/}} +{{- define "citylens.pgDSN" -}} +{{- with .Values.postgres -}} +postgresql://{{ required "A valid .Values.postgres.username entry required" .username }}:{{ required "A valid .Values.postgres.password entry required" .password }}@{{ required "A valid .Values.postgres.host entry required" .host }}:{{ required "A valid .Values.postgres.port entry required" .port }}/{{ required "A valid .Values.postgres.database entry required" .database }} +{{- end -}} +{{- end -}} + +{{- define "citylens.pgDSN.asyncpg" -}} +{{ include "citylens.pgDSN" . | replace "postgresql://" "postgresql+asyncpg://" }} +{{- end -}} + +{{/* +S3 key template for frames +*/}} +{{- define "citylens.s3_constants.frame_key_template" -}} +{track_uuid}/{frame_timestamp_ms}.jpg +{{- end -}} diff --git a/charts/citylens/templates/web/configmap.yaml b/charts/citylens/templates/web/configmap.yaml index c8df5e164..0aca2d866 100644 --- a/charts/citylens/templates/web/configmap.yaml +++ b/charts/citylens/templates/web/configmap.yaml @@ -28,9 +28,7 @@ data: log_level: {{ .Values.web.logLevel | squote }} metrics_app_name: {{ .Values.web.metricsAppName }} db_connections: - {{- with .Values.postgres }} - postgres: 'postgresql://{{ required "A valid .Values.postgres.username entry required" .username }}:{{ required "A valid .Values.postgres.password entry required" .password }}@{{ required "A valid .Values.postgres.host entry required" .host }}:{{ required "A valid .Values.postgres.port entry required" .port }}/{{ required "A valid .Values.postgres.database entry required" .database }}' - {{- end }} + postgres: {{ include "citylens.pgDSN" . | squote }} kafka: {{- with .Values.kafka }} bootstrap_servers: {{ required "A valid .Values.kafka.bootstrap.servers entry required" .bootstrapServer | squote }} @@ -52,7 +50,7 @@ data: key_templates: log: '{track_uuid}/log_{log_timestamp_ms}' log_prefix: '{track_uuid}/log_' - frame: '{track_uuid}/{frame_timestamp_ms}.jpg' + frame: {{ include "citylens.s3_constants.frame_key_template" . | squote }} client_params: aws_access_key_id: {{ required "A valid .Values.s3.accessKey entry required" .accessKey | squote }} aws_secret_access_key: {{ required "A valid .Values.s3.secretAccessKey entry required" .secretAccessKey | squote }} @@ -89,6 +87,7 @@ data: {{- end }} topics: frames: {{ .Values.kafka.topics.pro }} + drivers: {{ .Values.kafka.topics.proDrivers }} assets: frames: {{ .Values.pro.framesAssetId }} map: @@ -102,6 +101,7 @@ data: coords: [{{ join "," .coords }}] {{- end }} initial_project: {{ .Values.map.initialProject | squote }} + register_predictor_ttl_seconds: 600 enabled_modules: header_links: {{- toYaml .Values.headerLinks | nindent 8 }} @@ -120,6 +120,7 @@ data: frames_topics: {{ .Values.kafka.topics.frames }} metadata_topics: {{ .Values.kafka.topics.tracks }} frames_lifecycle_topic: {{ required "A valid .Values.kafka.topics.framesLifecycle entry required" .Values.kafka.topics.framesLifecycle | squote }} + tracks_lifecycle_topic: {{ required "A valid .Values.kafka.topics.tracksLifecycle entry required" .Values.kafka.topics.tracksLifecycle | squote }} unified_predictions_topic: {{ required "A valid .Values.kafka.topics.predictions entry required" .Values.kafka.topics.predictions | squote }} logs_saver: logs_topic: {{ .Values.kafka.topics.logs }} diff --git a/charts/citylens/templates/worker/deployment-camcom-sender.yaml b/charts/citylens/templates/web/workers/deployment-camcom-sender.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-camcom-sender.yaml rename to charts/citylens/templates/web/workers/deployment-camcom-sender.yaml diff --git a/charts/citylens/templates/worker/deployment-frames-saver.yaml b/charts/citylens/templates/web/workers/deployment-frames-saver.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-frames-saver.yaml rename to charts/citylens/templates/web/workers/deployment-frames-saver.yaml diff --git a/charts/citylens/templates/worker/deployment-logs-saver.yaml b/charts/citylens/templates/web/workers/deployment-logs-saver.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-logs-saver.yaml rename to charts/citylens/templates/web/workers/deployment-logs-saver.yaml diff --git a/charts/citylens/templates/worker/deployment-predictions-saver.yaml b/charts/citylens/templates/web/workers/deployment-predictions-saver.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-predictions-saver.yaml rename to charts/citylens/templates/web/workers/deployment-predictions-saver.yaml diff --git a/charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml b/charts/citylens/templates/web/workers/deployment-reporter-pro-tracks.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-reporter-pro-tracks.yaml rename to charts/citylens/templates/web/workers/deployment-reporter-pro-tracks.yaml diff --git a/charts/citylens/templates/worker/deployment-reporter-pro.yaml b/charts/citylens/templates/web/workers/deployment-reporter-pro.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-reporter-pro.yaml rename to charts/citylens/templates/web/workers/deployment-reporter-pro.yaml diff --git a/charts/citylens/templates/worker/deployment-track-metadata-saver.yaml b/charts/citylens/templates/web/workers/deployment-track-metadata-saver.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-track-metadata-saver.yaml rename to charts/citylens/templates/web/workers/deployment-track-metadata-saver.yaml diff --git a/charts/citylens/templates/worker/deployment-track-reloader.yaml b/charts/citylens/templates/web/workers/deployment-track-reloader.yaml similarity index 100% rename from charts/citylens/templates/worker/deployment-track-reloader.yaml rename to charts/citylens/templates/web/workers/deployment-track-reloader.yaml diff --git a/charts/citylens/templates/workers/configmap.yaml b/charts/citylens/templates/workers/configmap.yaml new file mode 100644 index 000000000..7531b1767 --- /dev/null +++ b/charts/citylens/templates/workers/configmap.yaml @@ -0,0 +1,38 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "citylens.workers.name" . }}-configmap +data: + workers_config.yaml: | + pg_connection_url: {{ include "citylens.pgDSN" . | squote }} + + image_service: + {{- with .Values.s3 }} + s3_endpoint: {{ required "A valid .Values.s3.endpoint entry required" .endpoint | squote }} + bucket_prefix: {{ required "A valid .Values.s3.bucketPrefix entry required" .bucketPrefix | squote }} + frame_key_template: {{ include "citylens.s3_constants.frame_key_template" . | squote }} + {{- end }} + topics: + {{- with .Values.kafka.topics }} + frames_lifecycle_topic: {{ required "A valid .Values.kafka.topics.framesLifecycle entry required" .framesLifecycle | squote }} + tracks_lifecycle_topic: {{ required "A valid .Values.kafka.topics.tracksLifecycle entry required" .tracksLifecycle | squote }} + {{- end }} + log_level: {{ .Values.worker.dashboardBatchEvents.logLevel }} + {{- with .Values.kafka }} + kafka: + broker: {{ .bootstrapServer }} + is_credentials_enabled: true + credentials: + mechanism: 'SCRAM-SHA-512' + username: {{ .username }} + password: {{ .password }} + advanced: + stream_wait_empty: true + topic_allow_declare: false + topic_disable_leader: true + consumer_max_fetch_size: 8192 + broker_max_poll_records: 32 + stream_buffer_maxsize: 32 + + consumer_group_prefix: {{ .consumerGroups.prefix }} + {{- end }} diff --git a/charts/citylens/templates/workers/deployment-dashboard-batch-events.yaml b/charts/citylens/templates/workers/deployment-dashboard-batch-events.yaml new file mode 100644 index 000000000..399f5869c --- /dev/null +++ b/charts/citylens/templates/workers/deployment-dashboard-batch-events.yaml @@ -0,0 +1,79 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "citylens.dashboard-batch-events.name" . }} + {{- if .Values.worker.dashboardBatchEvents.podAnnotations }} + annotations: + {{- toYaml .Values.worker.dashboardBatchEvents.podAnnotations | nindent 4 }} + {{- end }} + labels: + {{- include "citylens.dashboard-batch-events.labels" . | nindent 4 }} + {{- if .Values.worker.dashboardBatchEvents.labels }} + {{- toYaml .Values.worker.dashboardBatchEvents.labels | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.worker.dashboardBatchEvents.replicas}} + revisionHistoryLimit: {{ .Values.worker.dashboardBatchEvents.revisionHistoryLimit }} + selector: + matchLabels: + {{- include "citylens.dashboard-batch-events.selectorLabels" . | nindent 6 }} + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/web/configmap.yaml") . | sha256sum }} + checksum/custom-ca: {{ include "citylens.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} + {{- with .Values.worker.dashboardBatchEvents.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "citylens.dashboard-batch-events.selectorLabels" . | nindent 8 }} + spec: + containers: + - name: {{ include "citylens.dashboard-batch-events.name" . }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.worker.dashboardBatchEvents.image.repository }}:{{ .Values.worker.dashboardBatchEvents.image.tag }} + imagePullPolicy: {{ .Values.worker.dashboardBatchEvents.image.pullPolicy }} + command: [ "/bin/sh", "-c" ] + args: [ "python -m faust -A faust_workers.dashboard_batch_events.app worker -p 8080 -l INFO" ] + env: + - name: CONFIG_PATH + value: /opt/workers/config/workers_config.yaml + {{- if $.Values.customCAs.bundle }} + - name: SSL_CERT_DIR + value: {{ include "citylens.customCA.mountPath" $ }} + {{- end }} + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + volumeMounts: + - name: config-volume + mountPath: /opt/workers/config + {{- if $.Values.customCAs.bundle }} + - mountPath: {{ include "citylens.customCA.mountPath" $ }} + name: custom-ca + readOnly: true + {{- end }} + volumes: + - name: config-volume + configMap: + name: {{ include "citylens.workers.name" . }}-configmap + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "citylens.name" $ }}-custom-ca-configmap + {{- end }} + {{- with .Values.worker.dashboardBatchEvents.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.dashboardBatchEvents.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.dashboardBatchEvents.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 00a933b86..77b912fe1 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,7 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.10.0 + tag: 1.11.0 replicas: 4 @@ -230,7 +230,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.10.0 + tag: 1.11.1 replicas: 1 @@ -580,6 +580,52 @@ worker: affinity: {} tolerations: {} + +# @section Citylens Dashboard batch events worker's settings + +# @param worker.dashboardBatchEvents.replicas A replica count for the pod. + +# @section Citylens Dashboard batch events worker's Image settings + +# @param worker.dashboardBatchEvents.image.repository Repository. +# @param worker.dashboardBatchEvents.image.tag Tag. +# @param worker.dashboardBatchEvents.image.pullPolicy Pull Policy. + +# @param worker.dashboardBatchEvents.logLevel Worker's log level. + +# @param worker.dashboardBatchEvents.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + +# @param worker.dashboardBatchEvents.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param worker.dashboardBatchEvents.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param worker.dashboardBatchEvents.podAnnotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param worker.dashboardBatchEvents.podLabels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + +# @param worker.dashboardBatchEvents.nodeSelector Kubernetes pod [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @param worker.dashboardBatchEvents.tolerations Kubernetes pod [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. +# @param worker.dashboardBatchEvents.affinity Kubernetes pod [affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) settings. + + dashboardBatchEvents: + + replicas: 1 + + image: + repository: 2gis-on-premise/citylens-workers + pullPolicy: IfNotPresent + tag: 1.11.1 + + revisionHistoryLimit: 3 + + logLevel: INFO + + annotations: {} + labels: {} + podAnnotations: {} + podLabels: {} + nodeSelector: {} + affinity: {} + tolerations: {} + + # @section Migration job settings # @param migrations.enabled If migrations needed. @@ -601,7 +647,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.10.0 + tag: 1.11.0 resources: requests: @@ -621,9 +667,11 @@ migrations: # @param kafka.topics.frames List of topics for Frames saver worker. **Required** # @param kafka.topics.tracks List of topics for Tracks metadata worker. **Required** # @param kafka.topics.pro Topic for frames synchronization with Pro (used by Reporter pro worker). **Required** +# @param kafka.topics.proDrivers Topic for drivers tracks synchronization with Pro (used by Reporter pro worker). **Required** # @param kafka.topics.uploader Topic for Uploader worker. **Required** # @param kafka.topics.logs Topic for citylens mobile app logs, uploaded via citylens-api. **Required** # @param kafka.topics.framesLifecycle Topic for frames lifecycle events. **Required** +# @param kafka.topics.tracksLifecycle Topic for tracks lifecycle events. **Required** # @param kafka.topics.predictions Topic for predictions events from detectors. **Required** # @param kafka.consumerGroups.prefix Kafka topics prefix. **Required** @@ -636,9 +684,11 @@ kafka: frames: '' tracks: '' pro: '' + proDrivers: '' logs: '' uploader: '' framesLifecycle: '' + tracksLifecycle: '' predictions: '' consumerGroups: prefix: '' From 6d2fb86f6515870ba05eb8249ad050d4c8a7aea9 Mon Sep 17 00:00:00 2001 From: DAMoskalev <33502773+DAMoskalev@users.noreply.github.com> Date: Thu, 25 Jul 2024 12:39:26 +0300 Subject: [PATCH 31/91] Update Chart.yaml --- charts/citylens/Chart.yaml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 233c3b489..125d35802 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -3,13 +3,8 @@ name: citylens type: application description: A Helm chart for Kubernetes to deploy Citylens service -<<<<<<< HEAD -version: 1.25.0 -appVersion: 1.11.0 -======= version: 1.26.0 appVersion: 1.11.1 ->>>>>>> origin/master maintainers: - name: 2gis From 866ddfa0d846e5dfee05846dcb2d885397a1db47 Mon Sep 17 00:00:00 2001 From: Dmitrii Moskalev Date: Thu, 25 Jul 2024 12:41:44 +0300 Subject: [PATCH 32/91] changelog update --- Breaking-Changes.md | 2 +- CHANGELOG.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 8faf673ce..ea9465ac0 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,6 +1,6 @@ # 2GIS On-Premise Breaking-Changes -## [#.#.#] +## [1.26.0] ### citylens - Added new worker `worker.dashboardBatchEvents` diff --git a/CHANGELOG.md b/CHANGELOG.md index 72164e7dd..9f76d7896 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,7 @@ # 2GIS On-Premise Changelog ## [1.26.0] (2024-07-25) +#### [Breaking-Changes](Breaking-Changes.md#1260) #### Images ``` catalog-api From ca3520bd88b8635cdd523a5590fc4342ffbe9159 Mon Sep 17 00:00:00 2001 From: Dmitrii Moskalev Date: Thu, 25 Jul 2024 12:45:08 +0300 Subject: [PATCH 33/91] conflict trash fix --- charts/citylens/README.md | 4 ---- charts/citylens/values.yaml | 4 ---- charts/pro-ui/values.yaml | 8 ++++---- 3 files changed, 4 insertions(+), 12 deletions(-) diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 330241ece..c22ec19e0 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,11 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -<<<<<<< HEAD -| `api.image.tag` | Tag. | `1.11.0` | -======= | `api.image.tag` | Tag. | `1.11.1` | ->>>>>>> origin/master | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 2259fa576..4e76e063a 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,11 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent -<<<<<<< HEAD - tag: 1.11.0 -======= tag: 1.11.1 ->>>>>>> origin/master replicas: 4 diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index bf7920cbe..90a9531aa 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -212,10 +212,10 @@ ui: enabled: false className: nginx hosts: - - host: pro-ui.example.com - paths: - - path: / - pathType: Prefix + - host: pro-ui.example.com + paths: + - path: / + pathType: Prefix tls: [] # - hosts: # - pro-ui.example.com From 9a91285a020ff4e5c833bb6a2996384e09ad445d Mon Sep 17 00:00:00 2001 From: Dmitrii Moskalev Date: Thu, 25 Jul 2024 12:45:38 +0300 Subject: [PATCH 34/91] update --- charts/pro-ui/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 90a9531aa..782b49659 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -214,8 +214,8 @@ ui: hosts: - host: pro-ui.example.com paths: - - path: / - pathType: Prefix + - path: / + pathType: Prefix tls: [] # - hosts: # - pro-ui.example.com From 0bb2be5fc6d6ff5ffc4cb005c74f9afb661a1340 Mon Sep 17 00:00:00 2001 From: Andrey Morozov <62840181+endryhold@users.noreply.github.com> Date: Thu, 8 Aug 2024 08:48:16 +0700 Subject: [PATCH 35/91] Chore: remove unused helmfile (#480) --- helmfile/CHANGELOG.md | 36 -- helmfile/README.md | 125 ------ helmfile/deploy/navi/navi-async-grpc.yaml | 30 -- helmfile/deploy/navi/navi-async-matrix.yaml | 75 ---- helmfile/deploy/navi/navi-back-custom.yaml | 400 ------------------ helmfile/deploy/navi/navi-castle.yaml | 28 -- helmfile/deploy/navi/navi-front.yaml | 35 -- helmfile/deploy/navi/navi-router.yaml | 29 -- helmfile/deploy/navi/navi-splitter.yaml | 27 -- helmfile/deploy/tests/navi-async-service.sh | 50 --- helmfile/deploy/tests/navi-front.sh | 83 ---- helmfile/deploy/tests/points/moscow_bc.json | 17 - helmfile/deploy/tests/points/moscow_cr.json | 16 - helmfile/deploy/tests/points/moscow_dm.json | 22 - helmfile/deploy/tests/points/moscow_fr.txt | 1 - .../deploy/tests/points/moscow_is_cr.json | 8 - helmfile/deploy/tests/points/moscow_pd.json | 17 - helmfile/deploy/tests/points/moscow_pr.json | 12 - helmfile/deploy/tests/points/moscow_pt.json | 22 - helmfile/deploy/tests/points/moscow_tr.json | 15 - helmfile/deploy/tests/points/moscow_tx.json | 17 - helmfile/helmfile_values/base.yaml | 65 --- .../navi/navi-async-grpc-proxy/_common.gotmpl | 10 - .../navi/navi-async-matrix/_common.gotmpl | 15 - .../navi/navi-async-matrix/prod-kafka.yaml | 0 .../services/navi/navi-async-matrix/prod.yaml | 0 .../navi/navi-async-matrix/test-kafka.yaml | 33 -- .../services/navi/navi-async-matrix/test.yaml | 11 - .../services/navi/navi-back/_common.gotmpl | 52 --- .../navi/navi-back/_common_dma.gotmpl | 23 - .../navi/navi-back/prod-custom-resources.yaml | 0 .../navi/navi-back/test-custom-resources.yaml | 81 ---- .../services/navi/navi-castle/_common.gotmpl | 9 - .../services/navi/navi-front/_common.gotmpl | 10 - .../services/navi/navi-router/_common.gotmpl | 18 - .../services/navi/navi-router/prod.yaml | 0 .../services/navi/navi-router/test.yaml | 14 - .../navi/navi-splitter/_common.gotmpl | 8 - helmfile/helmfile_values/ssl/.gitkeep | 0 .../helmfile_values/templates/dgctl.gotmpl | 19 - .../helmfile_values/templates/ingress.gotmpl | 20 - .../templates/optionalEnv.gotmpl | 5 - .../templates/optionalEnvDMA.gotmpl | 5 - 43 files changed, 1463 deletions(-) delete mode 100644 helmfile/CHANGELOG.md delete mode 100644 helmfile/README.md delete mode 100644 helmfile/deploy/navi/navi-async-grpc.yaml delete mode 100644 helmfile/deploy/navi/navi-async-matrix.yaml delete mode 100644 helmfile/deploy/navi/navi-back-custom.yaml delete mode 100644 helmfile/deploy/navi/navi-castle.yaml delete mode 100644 helmfile/deploy/navi/navi-front.yaml delete mode 100644 helmfile/deploy/navi/navi-router.yaml delete mode 100644 helmfile/deploy/navi/navi-splitter.yaml delete mode 100755 helmfile/deploy/tests/navi-async-service.sh delete mode 100755 helmfile/deploy/tests/navi-front.sh delete mode 100644 helmfile/deploy/tests/points/moscow_bc.json delete mode 100644 helmfile/deploy/tests/points/moscow_cr.json delete mode 100644 helmfile/deploy/tests/points/moscow_dm.json delete mode 100644 helmfile/deploy/tests/points/moscow_fr.txt delete mode 100644 helmfile/deploy/tests/points/moscow_is_cr.json delete mode 100644 helmfile/deploy/tests/points/moscow_pd.json delete mode 100644 helmfile/deploy/tests/points/moscow_pr.json delete mode 100644 helmfile/deploy/tests/points/moscow_pt.json delete mode 100644 helmfile/deploy/tests/points/moscow_tr.json delete mode 100644 helmfile/deploy/tests/points/moscow_tx.json delete mode 100644 helmfile/helmfile_values/base.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-async-grpc-proxy/_common.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-async-matrix/_common.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-async-matrix/prod-kafka.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-async-matrix/prod.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-async-matrix/test-kafka.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-async-matrix/test.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-back/_common_dma.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-back/prod-custom-resources.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-back/test-custom-resources.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-castle/_common.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-front/_common.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-router/_common.gotmpl delete mode 100644 helmfile/helmfile_values/services/navi/navi-router/prod.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-router/test.yaml delete mode 100644 helmfile/helmfile_values/services/navi/navi-splitter/_common.gotmpl delete mode 100644 helmfile/helmfile_values/ssl/.gitkeep delete mode 100644 helmfile/helmfile_values/templates/dgctl.gotmpl delete mode 100644 helmfile/helmfile_values/templates/ingress.gotmpl delete mode 100644 helmfile/helmfile_values/templates/optionalEnv.gotmpl delete mode 100644 helmfile/helmfile_values/templates/optionalEnvDMA.gotmpl diff --git a/helmfile/CHANGELOG.md b/helmfile/CHANGELOG.md deleted file mode 100644 index abd42ddaf..000000000 --- a/helmfile/CHANGELOG.md +++ /dev/null @@ -1,36 +0,0 @@ -# 2GIS On-Premise Helmfile Changelog - -## [1.7.0] -#### navi-router - перемещена секция key_management_service в *helmfile_values/services/navi/navi-router/test.yaml* -``` -router: - logLevel: Warning - keyManagementService: - enabled: true - host: http://keys.api.example.com - apis: - directions: "DIRECTIONS_TOKEN" - distance-matrix: "DISTANCE_MATRIX_TOKEN" - pairs-directions: "PAIRS_DIRECTIONS_TOKEN" - truck-directions: "TRUCK_DIRECTIONS_TOKEN" - public-transport: "PUBLIC_TRANSPORT_TOKEN" - isochrone: "ISOCHRONE_TOKEN" - map-matching : "MAP_MATCHING_TOKEN" - ppnot: "PPNOT_TOKEN" - combo-routes: "COMBO_ROUTES_TOKEN" - free-roam: "FREE_ROAM_TOKEN" - -``` -#### Добавлен деплой [grpc proxy](README.md) для ассинхронных матриц -- добавлены values *helmfile_values/services/navi/navi-async-grpc-proxy* - -#### Добавлен деплой [бэкенда Distance Matrix API Public Transport (до 10х10)](README.md) -- для бэкендов добавлены replicaCount в *helmfile_values/services/navi/navi-back/test-custom-resources.yaml* -- добавлены новые rules в helmfile_values/services/navi/navi-back/_common.gotmpl -``` - - name: distance-matrix-ctx # матрицы общественного транспорта - queries: ["get_dist_matrix"] - routing: ["ctx"] -``` -#### Добавлен деплой [splitter для Distance Matrix API Public Transport (до 10х10)](README.md) -- добавлены values *helmfile_values/services/navi/navi-splitter* diff --git a/helmfile/README.md b/helmfile/README.md deleted file mode 100644 index ec5475187..000000000 --- a/helmfile/README.md +++ /dev/null @@ -1,125 +0,0 @@ -#### Содержание -[Подготовка](#prepare) -[Деплой castle](#castle) -[Деплой бэкенда Directions API авто](#directions-car) -[Деплой бэкенда Directions API пешеходы](#directions-pedestrian) -[Деплой бэкенда Directions API велосипеды](#directions-bicycle) -[Деплой бэкенда Directions API такси](#directions-taxi) -[Деплой бэкенда Directions API грузовики](#directions-truck) -[Деплой бэкенда Free Roam API](#freeroam) -[Деплой бэкенда Pairs Directions API](#pairs-directions) -[Деплой бэкенда Public Transport](#public-transport) -[Деплой бэкенда Distance Matrix API (до 25х25)](#distance-matrix) -[Деплой бэкенда Distance Matrix API Async (более 25х25)](#async) -[Деплой бэкенда Distance Matrix API Public Transport (до 10х10)](#distance-matrix-ctx) -[Деплой GRPC-proxy для Distance Matrix API Async (более 25х25)](#grpc) -[Деплой фронтенда для Distance Matrix API Async (более 25х25)](#async-front) -[Деплой splitter для Distance Matrix API Public Transport (до 10х10)](#splitter) -[Деплой navi-router](#navi-router) -[Деплой navi-front](#navi-front) - -

Подготовка

 -Скачать данные и загрузить в s3 -Данные и образы скачиваем по инструкции https://docs.2gis.com/ru/on-premise/dgctl - -Для ускорения можно использовать флаги --only-data и --service - -Копируем директорию helmfile_falues на один уровень с on-premise-helm-charts: -.. -helmfile_values -on-premise-helm-charts - -либо переносим ее в удобное для нас место, прописав абсолютный путь до нее в переменную окружения HELMFILE_VALUES - -Проходимся по файлам в директории helmfile_values и заполняем актуальными значениями - -Выставляем нужные значения в base.yaml. - -Перед разворачиванием сервисов навигации должен быть задеплоен keys service - -Пример команд для деплоя (в зависимости от того, где у нас располагаются helmfile_values, будет меняться путь до конфигов деплоя, ниже примеры для values расположенных на одном уровне с on-premise-helm-charts, команды запускаются из директории helmfile_values) - -

Деплой castle

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-castle.yaml sync -``` - -

Деплой бэкенда Directions API авто

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=directions-car sync -``` - -

Деплой бэкенда Directions API пешеходы

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=directions-pedestrian sync -``` - -

Деплой бэкенда Directions API велосипеды

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=directions-bicycle sync -``` - -

Деплой бэкенда Directions API такси

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=directions-taxi sync -``` - -

Деплой бэкенда Directions API грузовики

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=directions-truck sync -``` - -

Деплой бэкенда Free Roam

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=freeroam sync -``` - -

Деплой бэкенда Pairs Directions API

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=pairs-directions sync -``` - -

Деплой бэкенда Public Transport

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=public-transport sync -``` - -

Деплой бэкенда Distance Matrix API (до 25х25)

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=distance-matrix sync -``` - -

Деплой бэкенда Distance Matrix API Async (более 25х25)

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=async sync -``` - -

Деплой бэкенда Distance Matrix API Public Transport (до 10х10)

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-back-custom.yaml -l service=distance-matrix-ctx sync -``` - -

Деплой фронтенда для Distance Matrix API Async (более 25х25)

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-async-matrix.yaml sync -``` - -

Деплой GRPC-proxy для Distance Matrix API Async (более 25х25)

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-async-grpc.yaml sync -``` - -

Деплой splitter для Distance Matrix API Public Transport (до 10х10)

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-splitter.yaml sync -``` - -

Деплой navi-router

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-router.yaml sync -``` - -

Деплой navi-front

 -``` -helmfile -e test -f ../on-premise-helm-charts/helmfile/deploy/navi/navi-front.yaml sync -``` diff --git a/helmfile/deploy/navi/navi-async-grpc.yaml b/helmfile/deploy/navi/navi-async-grpc.yaml deleted file mode 100644 index 4554887d8..000000000 --- a/helmfile/deploy/navi/navi-async-grpc.yaml +++ /dev/null @@ -1,30 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -releases: - - name: navi-async-grpc-proxy - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-async-grpc-proxy - {{- else}} - chart: ../../../charts/navi-async-grpc-proxy - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - labels: - chart: navi-async-grpc-proxy - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-async-grpc-proxy/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl - {{- if .Values.ingress.enabled }} - - {{ $path_values }}/templates/ingress.gotmpl - {{ end }} diff --git a/helmfile/deploy/navi/navi-async-matrix.yaml b/helmfile/deploy/navi/navi-async-matrix.yaml deleted file mode 100644 index eca2aa17b..000000000 --- a/helmfile/deploy/navi/navi-async-matrix.yaml +++ /dev/null @@ -1,75 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -releases: - - name: navi-async-matrix - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-async-matrix - {{- else}} - chart: ../../../charts/navi-async-matrix - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - labels: - chart: navi-async-matrix - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-async-matrix/{{ .Environment.Name }}-kafka.yaml - - {{ $path_values }}/services/navi/navi-async-matrix/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl - {{- if .Values.ingress.enabled }} - - {{ $path_values }}/templates/ingress.gotmpl - {{ end }} - set: - - name: s3.host - value: {{ .Values.s3.citiesUrl }} - - name: s3.accessKey - value: {{ .Values.s3.accessKey }} - - name: s3.secretKey - value: {{ .Values.s3.secretKey }} -{{- if or .Values.kafka.authCert .Values.kafka.authLogin }} - {{- if .Values.kafka.authCert }} # kafka аутентификация по сертификату - {{- if .Values.kafka.authCert.pathCert }} #windows - - name: kafka.fileProperties.ssl\.cafile - file: {{ .Values.kafka.authCert.pathCert }}\\{{ .Values.kafka.authCert.sslCA }} - - name: kafka.fileProperties.ssl\.certfile - file: {{ .Values.kafka.authCert.pathCert }}\\{{ .Values.kafka.authCert.sslCertificate }} - - name: kafka.fileProperties.ssl\.keyfile - file: {{ .Values.kafka.authCert.pathCert }}\\{{ .Values.kafka.authCert.sslKey }} - {{ else }} - - name: kafka.fileProperties.ssl\.cafile - file: {{ $path_values }}/ssl/{{ .Values.kafka.authCert.sslCA }} - - name: kafka.fileProperties.ssl\.certfile - file: {{ $path_values }}/ssl/{{ .Values.kafka.authCert.sslCertificate }} - - name: kafka.fileProperties.ssl\.keyfile - file: {{ $path_values }}/ssl/{{ .Values.kafka.authCert.sslKey }} - {{ end }} - - name: kafka.properties.ssl\.check\.hostname - value: '' - {{- if .Values.kafka.authCert.sslPassword }} - - name: kafka.sensitiveProperties.ssl\.password - value: {{ .Values.kafka.authCert.sslPassword }} - {{ end }} - {{ else }} # kafka аутентификация по логину и паролю - - name: kafka.properties.sasl\.plain\.username - value: {{ .Values.kafka.authLogin.username }} - - name: kafka.sensitiveProperties.sasl\.plain\.password - value: {{ .Values.kafka.authLogin.password }} - {{ end }} -{{ end }} - {{- if .Values.ingress.enabled }} - hooks: - - events: ["postsync"] - showlogs: true - command: "../tests/navi-async-service.sh" - args: ["{{ .Values.ingress.protocol }}://navi-async-matrix.{{ .Values.ingress.domain }}", "{{ .Values.apiKey }}"] - {{ end }} diff --git a/helmfile/deploy/navi/navi-back-custom.yaml b/helmfile/deploy/navi/navi-back-custom.yaml deleted file mode 100644 index 239520dbf..000000000 --- a/helmfile/deploy/navi/navi-back-custom.yaml +++ /dev/null @@ -1,400 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.naviCustomResources true }} -environments: -{{- printf "%s%s" .Environment.Name ":" | nindent 2 }} - values: - - {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/services/navi/navi-back/{{ .Environment.Name }}-custom-resources.yaml -{{ end }} ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -templates: - default: &default - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-back - {{- else}} - chart: ../../../charts/navi-back - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - timeout: 3600 - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-back/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl -releases: - {{ $API := "directions-car" }}{{ $type := "carrouting"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.carrouting.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.carrouting.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.carrouting.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.carrouting.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.carrouting.requests.memory }} - {{- end }} - - {{ $API := "directions-pedestrian" }}{{ $type := "pedestrian"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.pedestrian.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.pedestrian.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.pedestrian.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.pedestrian.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.pedestrian.requests.memory }} - {{- end }} - - {{ $API := "directions-bicycle" }}{{ $type := "bicycle"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.bicycle.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.bicycle.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.bicycle.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.bicycle.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.bicycle.requests.memory }} - {{- end }} - - {{ $API := "directions-taxi" }}{{ $type := "taxi"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.taxi.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.taxi.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.taxi.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.taxi.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.taxi.requests.memory }} - {{- end }} - - {{ $API := "directions-emergency" }}{{ $type := "carrouting"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - - name: naviback.simpleNetwork.emergency - value: true - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.emergency.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.emergency.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.emergency.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.emergency.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.emergency.requests.memory }} - {{- end }} - - {{ $API := "distance-matrix" }}{{ $type := "dm"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.dm.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.dm.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.dm.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.dm.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.dm.requests.memory }} - {{- end }} - - {{ $API := "public-transport" }}{{ $type := "ctx"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.ctx.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.ctx.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.ctx.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.ctx.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.ctx.requests.memory }} - {{- end }} - - {{ $API := "pairs-directions" }}{{ $type := "pairs"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.pairs.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.pairs.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.pairs.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.pairs.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.pairs.requests.memory }} - {{- end }} - - {{ $API := "directions-truck" }}{{ $type := "truck"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.truck.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.truck.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.truck.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.truck.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.truck.requests.memory }} - {{- end }} - - {{ $API := "isochrone-car" }}{{ $type := "carrouting"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.carrouting.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.carrouting.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.carrouting.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.carrouting.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.carrouting.requests.memory }} - {{- end }} - - {{ $API := "isochrone-pedestrian" }}{{ $type := "pedestrian"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.pedestrian.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.pedestrian.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.pedestrian.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.pedestrian.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.pedestrian.requests.memory }} - {{- end }} - - {{ $API := "distance-matrix-ctx"}}{{ $type := "dm"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - - name: naviback.behindSplitter - value: true - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.matrixCtx.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.matrixCtx.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.matrixCtx.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.matrixCtx.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.matrixCtx.requests.memory }} - {{- end }} - - {{ $API := "async" }}{{ $type := "dm"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-async-matrix/{{ .Environment.Name }}-kafka.yaml - - {{ $path_values }}/services/navi/navi-back/_common_dma.gotmpl - - {{ $path_values }}/templates/optionalEnvDMA.gotmpl - set: - - name: naviback.app_rule - value: dma - - name: naviback.type - value: {{ $type }} - - name: s3.host - value: {{ .Values.s3.citiesUrl }} - - name: s3.accessKey - value: {{ .Values.s3.accessKey }} - - name: s3.secretKey - value: {{ .Values.s3.secretKey }} -{{- if or .Values.kafka.authCert .Values.kafka.authLogin }} - {{- if .Values.kafka.authCert }} - {{- if .Values.kafka.authCert.pathCert }} #windows - - name: kafka.fileProperties.ssl\.ca\.location - file: {{ .Values.kafka.authCert.pathCert }}\\{{ .Values.kafka.authCert.sslCA }} - - name: kafka.fileProperties.ssl\.certificate\.location - file: {{ .Values.kafka.authCert.pathCert }}\\{{ .Values.kafka.authCert.sslCertificate }} - - name: kafka.fileProperties.ssl\.key\.location - file: {{ .Values.kafka.authCert.pathCert }}\\{{ .Values.kafka.authCert.sslKey }} - {{ else }} - - name: kafka.fileProperties.ssl\.ca\.location - file: {{ $path_values }}/ssl/{{ .Values.kafka.authCert.sslCA }} - - name: kafka.fileProperties.ssl\.certificate\.location - file: {{ $path_values }}/ssl/{{ .Values.kafka.authCert.sslCertificate }} - - name: kafka.fileProperties.ssl\.key\.location - file: {{ $path_values }}/ssl/{{ .Values.kafka.authCert.sslKey }} - {{ end }} - {{- if .Values.kafka.authCert.sslPassword }} - - name: kafka.properties.ssl\.key\.password - value: {{ .Values.kafka.authCert.sslPassword }} - {{ end }} - {{ else }} # kafka аутентификация по логину и паролю - - name: kafka.properties.sasl\.username - value: {{ .Values.kafka.authLogin.username }} - - name: kafka.properties.sasl\.password - value: {{ .Values.kafka.authLogin.sslPassword }} - {{ end }} -{{ end }} - - {{ $API := "freeroam" }}{{ $type := "freeroam"}} - - name: navi-back-{{ $API }} - <<: *default - labels: - service: {{ $API }} - chart: navi-back - set: - - name: naviback.app_rule - value: {{ $API }} - - name: naviback.type - value: {{ $type }} - {{ if eq .Values.naviCustomResources true }} - - name: replicaCount - value: {{ .Values.freeroam.replicaCount }} - - name: resources.limits.cpu - value: {{ .Values.freeroam.limits.cpu }} - - name: resources.limits.memory - value: {{ .Values.freeroam.limits.memory }} - - name: resources.requests.cpu - value: {{ .Values.freeroam.requests.cpu }} - - name: resources.requests.memory - value: {{ .Values.freeroam.requests.memory }} - {{- end }} diff --git a/helmfile/deploy/navi/navi-castle.yaml b/helmfile/deploy/navi/navi-castle.yaml deleted file mode 100644 index dd1f5143d..000000000 --- a/helmfile/deploy/navi/navi-castle.yaml +++ /dev/null @@ -1,28 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -releases: - - name: navi-castle - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-castle - {{- else}} - chart: ../../../charts/navi-castle - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - timeout: 1200 - labels: - chart: navi-castle - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-castle/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl diff --git a/helmfile/deploy/navi/navi-front.yaml b/helmfile/deploy/navi/navi-front.yaml deleted file mode 100644 index 9b344efba..000000000 --- a/helmfile/deploy/navi/navi-front.yaml +++ /dev/null @@ -1,35 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -releases: - - name: navi-front - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-front - {{- else}} - chart: ../../../charts/navi-front - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - labels: - chart: navi-front - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-front/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl - {{- if .Values.ingress.enabled }} - - {{ $path_values }}/templates/ingress.gotmpl - hooks: - - events: ["postsync"] - showlogs: true - command: "../tests/navi-front.sh" - args: ["{{ .Values.ingress.protocol }}://navi-front.{{ .Values.ingress.domain }}", "{{ .Values.apiKey }}", '{{`{{ .Release.Name }}`}}'] - {{ end }} diff --git a/helmfile/deploy/navi/navi-router.yaml b/helmfile/deploy/navi/navi-router.yaml deleted file mode 100644 index 7aca4b7ac..000000000 --- a/helmfile/deploy/navi/navi-router.yaml +++ /dev/null @@ -1,29 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -releases: - - name: navi-router - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-router - {{- else}} - chart: ../../../charts/navi-router - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - timeout: 1200 - labels: - chart: navi-router - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-back/_common.gotmpl - - {{ $path_values }}/services/navi/navi-router/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl diff --git a/helmfile/deploy/navi/navi-splitter.yaml b/helmfile/deploy/navi/navi-splitter.yaml deleted file mode 100644 index 338dc5ede..000000000 --- a/helmfile/deploy/navi/navi-splitter.yaml +++ /dev/null @@ -1,27 +0,0 @@ ---- -bases: -- {{ env "HELMFILE_VALUES" | default "../../../../helmfile_values" }}/base.yaml ---- -{{ if eq .Values.remoteCharts true }} -repositories: -- name: 2gis-on-premise - url: https://2gis.github.io/on-premise-helm-charts -{{ end }} ---- -{{ $path_values:= env "HELMFILE_VALUES" | default "../../../../helmfile_values" }} -releases: - - name: navi-splitter - {{- if eq .Values.remoteCharts true }} - chart: 2gis-on-premise/navi-splitter - {{- else}} - chart: ../../../charts/navi-splitter - {{- end }} - namespace: {{ .Values.namespace }} - kubeContext: {{ .Values.kubeContext }} - version: "{{ .Values.version }}" - labels: - chart: navi-splitter - values: - - {{ $path_values }}/templates/dgctl.gotmpl - - {{ $path_values }}/services/navi/navi-splitter/_common.gotmpl - - {{ $path_values }}/templates/optionalEnv.gotmpl diff --git a/helmfile/deploy/tests/navi-async-service.sh b/helmfile/deploy/tests/navi-async-service.sh deleted file mode 100755 index 9b4341e50..000000000 --- a/helmfile/deploy/tests/navi-async-service.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash -set -e -set -u -set -o pipefail - -SCRIPTPATH=$(dirname `readlink -f "$0"`) - -URL=$1 -KEY=$2 -i=0 -cd $SCRIPTPATH/points - -TASK_ID=`curl -s $URL/create_task/get_dist_matrix?key=$KEY --header 'Content-Type: application/json' -d @moscow_dm.json | jq -r '.task_id'` -echo "Start test Moscow" -echo "Create task with ID" $TASK_ID -sleep 5 -function task_status() { - echo `curl -s $URL/result/get_dist_matrix/$TASK_ID?key=$KEY | jq -r '.status'` -} - -function task_response() { - LINK=`curl -s $URL/result/get_dist_matrix/$TASK_ID?key=$KEY | jq -r '.result_link'` - if [[ $LINK == "" ]] ;then - echo "response.json not found on s3, check settings s3 on navi-back-async" && exit 1 - else - response=`curl -s $LINK` - echo -e $response $'\n' - response_status=`echo $response | jq .routes[].status | grep OK | wc -l` - if [[ $response_status -ge "1" ]]; then - echo "OK" - else - echo "No successful routes" && exit 1 - fi - fi -} - -echo "Task status" `task_status` -while [[ `task_status` != "TASK_DONE" && "$i" -lt "5" ]]; do - i=$[ $i + 1 ] - echo "Wait..." - sleep 10 -done - -if [[ "$i" -ge "5" ]] || [[ `task_status` != "TASK_DONE" ]];then - echo "Task status" `task_status` - echo "Long task processing, check logs navi-async-service and navi-back-async" && exit 1 -elif [[ `task_status` == "TASK_DONE" ]];then - echo "Task status" `task_status` - task_response -fi diff --git a/helmfile/deploy/tests/navi-front.sh b/helmfile/deploy/tests/navi-front.sh deleted file mode 100755 index b5d08913f..000000000 --- a/helmfile/deploy/tests/navi-front.sh +++ /dev/null @@ -1,83 +0,0 @@ -#!/bin/bash -set -e -set -u -set -o pipefail - -URL=$1 -KEY=$2 -NAVI_FRONT=$3 - -SCRIPTPATH=$(dirname `readlink -f "$0"`) -cd $SCRIPTPATH/points - -UPSTREAM=`kubectl describe cm $NAVI_FRONT-configmap | grep upstream | awk '{print $2}'|awk -F 'back-' '{print $2}'` -#UPSTREAM=`helm ls | grep navi-back | awk '{print $1}' | awk -F 'back-' '{print $2}'` # для партнера из-за openshift - -sleep 5 -echo $UPSTREAM -# Pairs Directions API - to do нет токена в api key -# Truck Directions API - to do нет токена в api key -for service in $UPSTREAM; do - case $service in - "freeroam") - echo "Create routing for Directions API freeroam:" - echo - echo `curl -sSfG $URL/free_roam/2.0?key=$KEY -d @moscow_fr.txt` - echo - ;; - "directions-bicycle") - echo "Create routing for Directions API bicycle:" - echo - echo `curl -s $URL/carrouting/6.0.1/global?key=$KEY --header 'Content-Type: application/json' -d @moscow_bc.json` - echo - ;; - "directions-car") - echo "Create routing for Directions API car:" - echo - echo `curl -s $URL/carrouting/6.0.1/global?key=$KEY --header 'Content-Type: application/json' -d @moscow_сr.json` - echo - ;; - "distance-matrix") - echo "Create routing for Distance Matrix API:" - echo - echo `curl -s $URL/get_dist_matrix/2.0?key=$KEY --header 'Content-Type: application/json' -d @moscow_dm.json` - echo - ;; - "directions-pedestrian") - echo "Create routing for Directions API pedestrian:" - echo - echo `curl -s $URL/carrouting/6.0.1/global?key=$KEY --header 'Content-Type: application/json' -d @moscow_pd.json` - echo - ;; - "public-transport") - echo "Create routing for Public Transport API:" - echo - echo `curl -s $URL/public_transport/2.0?key=$KEY --header 'Content-Type: application/json' -d @moscow_pt.json` - echo - ;; - "directions-taxi") - echo "Create routing for Directions API taxi:" - echo - echo `curl -s $URL/carrouting/6.0.1/global?key=$KEY --header 'Content-Type: application/json' -d @moscow_tx.json` - echo - ;; - "directions-emergency") - echo "Create routing for Directions API emergency:" - echo - echo `curl -s $URL/carrouting/6.0.1/global?key=$KEY --header 'Content-Type: application/json' -d @moscow_em.json` - echo - ;; - "directions-truck") - echo "Create routing for Directions API truck:" - echo - echo `curl -s $URL/carrouting/6.0.1/global?key=$KEY --header 'Content-Type: application/json' -d @moscow_tr.json` - echo - ;; - "isochrone-car") - echo "Create routing for Isochrone API car:" - echo - echo `curl -s $URL/get_hull?key=$KEY --header 'Content-Type: application/json' -d @moscow_is_cr.json` - echo - ;; - esac -done diff --git a/helmfile/deploy/tests/points/moscow_bc.json b/helmfile/deploy/tests/points/moscow_bc.json deleted file mode 100644 index efda706bd..000000000 --- a/helmfile/deploy/tests/points/moscow_bc.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "type": "bicycle", - "points": [ - { - "start": true, - "type": "walking", - "x": 37.5998, - "y": 55.7683 - }, - { - "start": false, - "type": "walking", - "x": 37.6076, - "y": 55.7622 - } - ] -} diff --git a/helmfile/deploy/tests/points/moscow_cr.json b/helmfile/deploy/tests/points/moscow_cr.json deleted file mode 100644 index 893b1c2dc..000000000 --- a/helmfile/deploy/tests/points/moscow_cr.json +++ /dev/null @@ -1,16 +0,0 @@ -{ - "points": [ - { - "start": true, - "type": "walking", - "x": 37.5998, - "y": 55.7683 - }, - { - "start": false, - "type": "walking", - "x": 37.6076, - "y": 55.7622 - } - ] - } diff --git a/helmfile/deploy/tests/points/moscow_dm.json b/helmfile/deploy/tests/points/moscow_dm.json deleted file mode 100644 index 28f08748f..000000000 --- a/helmfile/deploy/tests/points/moscow_dm.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "points": [ - { - "lon": 37.5833, - "lat": 55.7404 - }, - { - "lon": 37.5803, - "lat": 55.7696 - }, - { - "lon": 37.6539, - "lat": 55.7692 - }, - { - "lon": 37.6546, - "lat": 55.7415 - } - ], - "sources": [0, 1], - "targets": [2, 3] -} diff --git a/helmfile/deploy/tests/points/moscow_fr.txt b/helmfile/deploy/tests/points/moscow_fr.txt deleted file mode 100644 index 4139c26a2..000000000 --- a/helmfile/deploy/tests/points/moscow_fr.txt +++ /dev/null @@ -1 +0,0 @@ -bound={"min":{"lat":55.7683,"lon":37.5998},"max":{"lat":55.7622,"lon":37.6076}} diff --git a/helmfile/deploy/tests/points/moscow_is_cr.json b/helmfile/deploy/tests/points/moscow_is_cr.json deleted file mode 100644 index ad61a0449..000000000 --- a/helmfile/deploy/tests/points/moscow_is_cr.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "start": { - "lat":37.5998, - "lon":55.7683 - }, - "durations": [600, 1200], - "mode": "driving" -} diff --git a/helmfile/deploy/tests/points/moscow_pd.json b/helmfile/deploy/tests/points/moscow_pd.json deleted file mode 100644 index 0949cf885..000000000 --- a/helmfile/deploy/tests/points/moscow_pd.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "type": "pedestrian", - "points": [ - { - "start": true, - "type": "walking", - "x": 37.5998, - "y": 55.7683 - }, - { - "start": false, - "type": "walking", - "x": 37.6076, - "y": 55.7622 - } - ] -} diff --git a/helmfile/deploy/tests/points/moscow_pr.json b/helmfile/deploy/tests/points/moscow_pr.json deleted file mode 100644 index fab4dd2bd..000000000 --- a/helmfile/deploy/tests/points/moscow_pr.json +++ /dev/null @@ -1,12 +0,0 @@ -{ - "points": [ - { - "lon1": 37.5998, - "lat1": 55.7683, - "lon2": 37.6076, - "lat2": 55.7622 - } - ], - "type": "jam", - "output": "simple" -} diff --git a/helmfile/deploy/tests/points/moscow_pt.json b/helmfile/deploy/tests/points/moscow_pt.json deleted file mode 100644 index 6a1230549..000000000 --- a/helmfile/deploy/tests/points/moscow_pt.json +++ /dev/null @@ -1,22 +0,0 @@ -{ - "locale": "ru", - "source": - { - "name": "Point A", - "point": - { - "lon": 37.5883, - "lat": 55.7931 - } - }, - "target": - { - "name": "Point B", - "point": - { - "lon": 37.6036, - "lat": 55.7734 - } - }, - "transport": ["bus", "tram"] -} diff --git a/helmfile/deploy/tests/points/moscow_tr.json b/helmfile/deploy/tests/points/moscow_tr.json deleted file mode 100644 index bb91e08ef..000000000 --- a/helmfile/deploy/tests/points/moscow_tr.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "points": [ - { - "type": "walking", - "x": 37.5998, - "y": 55.7683 - }, - { - "type": "walking", - "x": 37.6076, - "y": 55.7622 - } - ], - "type": "truck_jam" -} diff --git a/helmfile/deploy/tests/points/moscow_tx.json b/helmfile/deploy/tests/points/moscow_tx.json deleted file mode 100644 index c549df4e9..000000000 --- a/helmfile/deploy/tests/points/moscow_tx.json +++ /dev/null @@ -1,17 +0,0 @@ -{ - "type": "taxi_jam", - "points": [ - { - "start": true, - "type": "walking", - "x": 37.5998, - "y": 55.7683 - }, - { - "start": false, - "type": "walking", - "x": 37.6076, - "y": 55.7622 - } - ] -} diff --git a/helmfile/helmfile_values/base.yaml b/helmfile/helmfile_values/base.yaml deleted file mode 100644 index 430196859..000000000 --- a/helmfile/helmfile_values/base.yaml +++ /dev/null @@ -1,65 +0,0 @@ -helmDefaults: - createNamespace: false - atomic: true - wait: true - - -environments: - test: - values: - - version: 1.7.0 # актуальная версия релиза - remoteCharts: false - manifest: manifests/1675328936.json # укажите манифест, полученный при скачивании данных dgctl - namespace: 2gis-on-premise # namespace k8s для деплоя сервисов 2gis - kubeContext: dev-cluster # имя контекста k8s для доступа к кластеру - apiKey: API_KEY # API-ключ для доступа к сервисам поиска. Подробнее см. в документации сервиса API Keys. - dockerRegistry: docker-hub.2gis.ru - imagePullSecrets: [] #указать k8s secrets, если требуется авторизация на doker registry - #- name: secret_regestry - s3: - citiesUrl: http://artifacts.example.com - bucket: onpremise-artifacts # бакет, куда загружены данные утилитой dgctl - accessKey: AKIAIOSFODNN7EXAMPLE - secretKey: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY - ingress: - enabled: false # включение ингресса - domain: example.com # домен ингресса - protocol: https # протокол ингресса http или https - secretName: secret_tls # указать k8s secrets, содержащий сертификат для https, если будет использоваться https - naviCustomResources: true # реплики, ресурсы и лимиты выставляются для каждого типа бека навигации в файле navi-custom-resources.yaml - kafka: # методы аутентификации (login/password or ssl certificates) - authLogin: {} - # username: kafka-user - # password: kafka-password - authCert: # сертификаты и ключ нужно положить в директорию ssl и указать здесь имена файлов - sslCA: CAcert.pem - sslCertificate: Cert.crt - sslKey: Private.key - sslPassword: '' # укажите пароль Private.key, если используется - pathCert: '' #если запускается на windows, необходимо указать абсолютный путь до директории с сертификатами, - #например: C:\\Users\\user\\on-premise-helm-charts\\helmfile\\ssl - - prod: - values: - - version: 1.7.0 - remoteCharts: true - manifest: manifests/1675328936.json - namespace: 2gis-on-premise - kubeContext: prod-cluster - dockerRegistry: docker.storage.example.local - s3: - citiesUrl: http://artifacts.example.com - bucket: onpremise-artifacts - accessKey: AKIAIOSFODNN7EXAMPLE - secretKey: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY - ingress: - enabled: true - domain: example.com - protocol: https - secretName: secret_tls - customProjectNavi: false - kafka: - authCert: - sslCA: CAcert.pem - sslCertificate: Cert.crt - sslKey: Private.key diff --git a/helmfile/helmfile_values/services/navi/navi-async-grpc-proxy/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-async-grpc-proxy/_common.gotmpl deleted file mode 100644 index fa596f099..000000000 --- a/helmfile/helmfile_values/services/navi/navi-async-grpc-proxy/_common.gotmpl +++ /dev/null @@ -1,10 +0,0 @@ -replicaCount: 1 - -dm: - url: http://navi-async-matrix - -{{- if .Values.ingress.enabled }} -ingress: - annotations: - nginx.ingress.kubernetes.io/backend-protocol: "GRPC" -{{- end}} diff --git a/helmfile/helmfile_values/services/navi/navi-async-matrix/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-async-matrix/_common.gotmpl deleted file mode 100644 index a7a05ff35..000000000 --- a/helmfile/helmfile_values/services/navi/navi-async-matrix/_common.gotmpl +++ /dev/null @@ -1,15 +0,0 @@ -replicaCount: 1 - -dm: - citiesUrl: http://navi-castle/cities.conf - -keys: - host: http://keys-api/service/v1/keys - -resources: - limits: - cpu: 2000m - memory: 4Gi - requests: - cpu: 2000m - memory: 4Gi diff --git a/helmfile/helmfile_values/services/navi/navi-async-matrix/prod-kafka.yaml b/helmfile/helmfile_values/services/navi/navi-async-matrix/prod-kafka.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/helmfile/helmfile_values/services/navi/navi-async-matrix/prod.yaml b/helmfile/helmfile_values/services/navi/navi-async-matrix/prod.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/helmfile/helmfile_values/services/navi/navi-async-matrix/test-kafka.yaml b/helmfile/helmfile_values/services/navi/navi-async-matrix/test-kafka.yaml deleted file mode 100644 index 9840935f5..000000000 --- a/helmfile/helmfile_values/services/navi/navi-async-matrix/test-kafka.yaml +++ /dev/null @@ -1,33 +0,0 @@ -.topics: - task_topic: &tt task_topic - status_topic: &st status_topic - canсel_topic: &ct cancel_topic - -kafka: - enabled: true - groupId: navi_async_matrix - properties: - bootstrap.servers: navi-back-kafka.storage.example.local:31560 # в формате hostname:port - security.protocol: SSL - fileProperties: {} - - # navi-back topics - distanceMatrix: - taskTopic: *tt - cancelTopic: *ct - statusTopic: *st - updateTaskStatusPeriodSec: 120 - messageExpiredPeriodSec: 3600 - requestDownloadTimeoutSec: 20 - responseUploadTimeoutSec: 40 - - # navi-async-matrix topics - statusTopic: *st - cancelTopic: *ct - taskTopicRules: - - topic: *tt - default: true - -s3: - enabled: true - bucket: navi-async-matrix diff --git a/helmfile/helmfile_values/services/navi/navi-async-matrix/test.yaml b/helmfile/helmfile_values/services/navi/navi-async-matrix/test.yaml deleted file mode 100644 index ebe3b9f0a..000000000 --- a/helmfile/helmfile_values/services/navi/navi-async-matrix/test.yaml +++ /dev/null @@ -1,11 +0,0 @@ -replicaCount: 1 - -keys: - token: 16564b03-8185-472f-ad99-cad94e972e97 - -db: - host: navi-async-matrix-postgresql.storage.example.local - port: 5432 - name: onpremise_navi_async_matrix - user: navi-async-matrix-user - password: navi-async-matrix-password diff --git a/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl deleted file mode 100644 index 508f34980..000000000 --- a/helmfile/helmfile_values/services/navi/navi-back/_common.gotmpl +++ /dev/null @@ -1,52 +0,0 @@ -replicaCount: 1 - -navigroup: navi - -naviback: - castleHost: navi-castle # #имя сервиса navi-castle в k8s - dmSourcesLimit: 25 - dmTargetsLimit: 25 - -#дефолтные ресурсы -resources: - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi - -rules: - - name: free-roam # свободное вождение - queries: ["free_roam"] - routing: [] - - name: directions-car # авто - queries: ["routing"] - routing: ["driving"] - - name: directions-pedestrian # пешеходы - queries: ["routing"] - routing: ["pedestrian"] - - name: directions-bicycle # велосипедисты - queries: ["routing"] - routing: ["bicycle"] - - name: directions-taxi # taxi - queries: ["routing"] - routing: ["taxi"] - - name: distance-matrix # distance-matrix - queries: ["get_dist_matrix"] - routing: ["driving"] - - name: public-transport # общественный транспорт - queries: ["public_transport"] - routing: ["public_transport"] - - name: directions-truck # грузовики truck - queries: ["routing"] - routing: ["truck"] - - name: pairs-directions # pairs - queries: ["get_pairs"] - routing: ["driving"] - - name: isochrone-car # isochrone - queries: ["get_hull"] - routing: ["driving"] - - name: distance-matrix-ctx # матрицы общественного транспорта - queries: ["get_dist_matrix"] - routing: ["ctx"] diff --git a/helmfile/helmfile_values/services/navi/navi-back/_common_dma.gotmpl b/helmfile/helmfile_values/services/navi/navi-back/_common_dma.gotmpl deleted file mode 100644 index 4aebb8aa8..000000000 --- a/helmfile/helmfile_values/services/navi/navi-back/_common_dma.gotmpl +++ /dev/null @@ -1,23 +0,0 @@ -replicaCount: 1 - -navigroup: async - -naviback: - castleHost: navi-castle # #имя сервиса navi-castle в k8s - dmSourcesLimit: 12000 # ограничение на размер матриц - dmTargetsLimit: 12000 # ограничение на размер матриц - app_rule: dma - type: dm - -resources: - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi - -rules: - - name: dma - queries: ["routing"] - routing: ["driving"] diff --git a/helmfile/helmfile_values/services/navi/navi-back/prod-custom-resources.yaml b/helmfile/helmfile_values/services/navi/navi-back/prod-custom-resources.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/helmfile/helmfile_values/services/navi/navi-back/test-custom-resources.yaml b/helmfile/helmfile_values/services/navi/navi-back/test-custom-resources.yaml deleted file mode 100644 index 3acbea2c6..000000000 --- a/helmfile/helmfile_values/services/navi/navi-back/test-custom-resources.yaml +++ /dev/null @@ -1,81 +0,0 @@ -#ресурсы для разных типов навигации -carrouting: #directions-car, isochrone - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -pedestrian: #directions-pedestrian - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -bicycle: #directions-bicycle - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -taxi: #directions-taxi - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -pairs: #pairs-directions - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -truck: #directions-truck - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -dm: #distance-matrix - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -ctx: #public-transport - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -emergency: #directions-emergency - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi -matrixCtx: #distance-matrix-ctx - replicaCount: 1 - limits: - cpu: 4 - memory: 8Gi - requests: - cpu: 2 - memory: 4Gi diff --git a/helmfile/helmfile_values/services/navi/navi-castle/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-castle/_common.gotmpl deleted file mode 100644 index a20ffe4c5..000000000 --- a/helmfile/helmfile_values/services/navi/navi-castle/_common.gotmpl +++ /dev/null @@ -1,9 +0,0 @@ -replicaCount: 2 - -resources: - limits: - cpu: 1000m - memory: 2048Mi - requests: - cpu: 500m - memory: 256Mi diff --git a/helmfile/helmfile_values/services/navi/navi-front/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-front/_common.gotmpl deleted file mode 100644 index 47915259f..000000000 --- a/helmfile/helmfile_values/services/navi/navi-front/_common.gotmpl +++ /dev/null @@ -1,10 +0,0 @@ -navigroup: navi -replicaCount: 2 - -resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 100m - memory: 128Mi diff --git a/helmfile/helmfile_values/services/navi/navi-router/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-router/_common.gotmpl deleted file mode 100644 index 5b265f8b8..000000000 --- a/helmfile/helmfile_values/services/navi/navi-router/_common.gotmpl +++ /dev/null @@ -1,18 +0,0 @@ -navigroup: navi - -router: - logLevel: Warning - castleHost: navi-castle - keyManagementService: - enabled: true - host: http://keys-api/service/v1/keys - -replicaCount: 2 - -resources: - limits: - cpu: 2000m - memory: 1024Mi - requests: - cpu: 500m - memory: 128Mi diff --git a/helmfile/helmfile_values/services/navi/navi-router/prod.yaml b/helmfile/helmfile_values/services/navi/navi-router/prod.yaml deleted file mode 100644 index e69de29bb..000000000 diff --git a/helmfile/helmfile_values/services/navi/navi-router/test.yaml b/helmfile/helmfile_values/services/navi/navi-router/test.yaml deleted file mode 100644 index 725a93531..000000000 --- a/helmfile/helmfile_values/services/navi/navi-router/test.yaml +++ /dev/null @@ -1,14 +0,0 @@ -router: -# How to get service tokens see https://docs.2gis.com/en/on-premise/deployment/keys#nav-lvl1--4._Fetch_the_service_tokens - keyManagementService: - apis: - directions: "DIRECTIONS_TOKEN" - distance-matrix: "DISTANCE_MATRIX_TOKEN" - pairs-directions: "PAIRS_DIRECTIONS_TOKEN" - truck-directions: "TRUCK_DIRECTIONS_TOKEN" - public-transport: "PUBLIC_TRANSPORT_TOKEN" - isochrone: "ISOCHRONE_TOKEN" - map-matching : "MAP_MATCHING_TOKEN" - ppnot: "PPNOT_TOKEN" - combo-routes: "COMBO_ROUTES_TOKEN" - free-roam: "FREE_ROAM_TOKEN" diff --git a/helmfile/helmfile_values/services/navi/navi-splitter/_common.gotmpl b/helmfile/helmfile_values/services/navi/navi-splitter/_common.gotmpl deleted file mode 100644 index bcf879b13..000000000 --- a/helmfile/helmfile_values/services/navi/navi-splitter/_common.gotmpl +++ /dev/null @@ -1,8 +0,0 @@ -navigroup: navi -replicaCount: 1 - -splitter: - logLevel: info - app_rule: distance-matrix-ctx - ctxUrl: http://navi-back-distance-matrix-ctx/ctx/2.0/?source=distance_matrix - statHost: '' diff --git a/helmfile/helmfile_values/ssl/.gitkeep b/helmfile/helmfile_values/ssl/.gitkeep deleted file mode 100644 index e69de29bb..000000000 diff --git a/helmfile/helmfile_values/templates/dgctl.gotmpl b/helmfile/helmfile_values/templates/dgctl.gotmpl deleted file mode 100644 index 3ee83735c..000000000 --- a/helmfile/helmfile_values/templates/dgctl.gotmpl +++ /dev/null @@ -1,19 +0,0 @@ -{{ $host := .Values.s3.citiesUrl }} -{{ $protocol := trunc 5 .Values.s3.citiesUrl }} -{{ if eq $protocol "https" }} -{{ $host = trimPrefix "https://" .Values.s3.citiesUrl }} -{{ else }} -{{ $host = trimPrefix "http://" .Values.s3.citiesUrl }} -{{ end }} -dgctlDockerRegistry: {{ .Values.dockerRegistry }} -dgctlStorage: - host: {{ $host }} - bucket: {{ .Values.s3.bucket }} - accessKey: {{ .Values.s3.accessKey }} - secretKey: {{ .Values.s3.secretKey }} - manifest: {{ .Values.manifest }} - -{{- with .Values.imagePullSecrets }} -imagePullSecrets: - {{- toYaml . | nindent 8 }} -{{- end }} diff --git a/helmfile/helmfile_values/templates/ingress.gotmpl b/helmfile/helmfile_values/templates/ingress.gotmpl deleted file mode 100644 index f82b26c3f..000000000 --- a/helmfile/helmfile_values/templates/ingress.gotmpl +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.ingress.enabled }} -ingress: - className: nginx - enabled: true - hosts: - - host: {{ .Release.Name }}.{{ .Values.ingress.domain }} - paths: - - path: / - pathType: Prefix - {{- if eq .Values.ingress.protocol "https" }} - tls: - - hosts: - - {{ .Release.Name }}.{{ .Values.ingress.domain }} - {{- if .Values.ingress.secretName }} - secretName: {{ .Values.ingress.secretName }} - {{ else }} - {{- fail "Not specified secret for https, check value secretName" }} - {{ end }} - {{ end }} -{{ end }} diff --git a/helmfile/helmfile_values/templates/optionalEnv.gotmpl b/helmfile/helmfile_values/templates/optionalEnv.gotmpl deleted file mode 100644 index 302a7daa8..000000000 --- a/helmfile/helmfile_values/templates/optionalEnv.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -{{- with $envVal := printf "../services/navi/%s/%s.yaml" $.Release.Labels.chart $.Environment.Name }} -{{- if isFile $envVal }} -{{ readFile $envVal }} -{{- end }} -{{- end }} diff --git a/helmfile/helmfile_values/templates/optionalEnvDMA.gotmpl b/helmfile/helmfile_values/templates/optionalEnvDMA.gotmpl deleted file mode 100644 index e3c0379e7..000000000 --- a/helmfile/helmfile_values/templates/optionalEnvDMA.gotmpl +++ /dev/null @@ -1,5 +0,0 @@ -{{- with $envVal := printf "../services/navi/%s/%s-dma.yaml" $.Release.Labels.chart $.Environment.Name }} -{{- if isFile $envVal }} -{{ readFile $envVal }} -{{- end }} -{{- end }} From 576873d3b153e10cc892865f97ec8a03a2a0c87c Mon Sep 17 00:00:00 2001 From: zhukov-d-man Date: Mon, 26 Aug 2024 13:02:34 +0700 Subject: [PATCH 36/91] search-api: custom CA certificates support (#478) --- charts/search-api/README.md | 7 +++++ charts/search-api/templates/_helpers.tpl | 22 ++++++++++++++ charts/search-api/templates/configmap.yaml | 4 +++ charts/search-api/templates/deployment.yaml | 32 +++++++++++++++++++-- charts/search-api/values.yaml | 13 +++++++++ 5 files changed, 76 insertions(+), 2 deletions(-) diff --git a/charts/search-api/README.md b/charts/search-api/README.md index 231c18d09..4ab831791 100644 --- a/charts/search-api/README.md +++ b/charts/search-api/README.md @@ -142,6 +142,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo | `nginx.resources.limits.cpu` | A CPU limit, e.g., `100m` | | | `nginx.resources.limits.memory` | A memory limit, e.g., `128Mi` | | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` | + ## Maintainers diff --git a/charts/search-api/templates/_helpers.tpl b/charts/search-api/templates/_helpers.tpl index aed8e4ca9..1ef711582 100644 --- a/charts/search-api/templates/_helpers.tpl +++ b/charts/search-api/templates/_helpers.tpl @@ -37,6 +37,28 @@ app.kubernetes.io/managed-by: {{ .Release.Service }} {{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .registry (printf "%s:%s" .username .password | b64enc) | b64enc }} {{- end }} +{{- define "search_api.env.custom.ca.path" -}} +- name: SSL_CERT_FILE + value: {{ include "search_api.custom.ca.mountPath" . }}/custom-ca.crt +{{- end }} + +{{- define "search_api.custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} + +{{- define "search_api.custom.ca.volumeMounts" -}} +- name: custom-ca + mountPath: {{ include "search_api.custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + readOnly: true +{{- end -}} + +{{- define "search_api.custom.ca.deploys.volumes" -}} +- name: custom-ca + configMap: + name: {{ include "search_api.fullname" . }} +{{- end -}} + {{/* Return the target Kubernetes version */}} diff --git a/charts/search-api/templates/configmap.yaml b/charts/search-api/templates/configmap.yaml index b3e9fa14a..89c3071f9 100644 --- a/charts/search-api/templates/configmap.yaml +++ b/charts/search-api/templates/configmap.yaml @@ -74,3 +74,7 @@ data: } } } +{{- if .Values.customCAs.bundle }} + custom-ca.crt: |- +{{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/search-api/templates/deployment.yaml b/charts/search-api/templates/deployment.yaml index 6fc6dd2ee..1e5d41d30 100644 --- a/charts/search-api/templates/deployment.yaml +++ b/charts/search-api/templates/deployment.yaml @@ -4,9 +4,14 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "search_api.fullname" . }} - {{- if .Values.annotations }} + {{- if or .Values.annotations .Values.customCAs.bundle }} annotations: - {{- toYaml .Values.annotations | nindent 4 }} + {{- if .Values.customCAs.bundle }} + checksum/config: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} {{- end }} labels: {{- include "search_api.labels" . | nindent 4 }} @@ -53,6 +58,9 @@ spec: secretKeyRef: name: {{ include "search_api.fullname" . }} key: s3SecretKey + {{- if .Values.customCAs.bundle }} + {{- include "search_api.env.custom.ca.path" . | nindent 10 }} + {{- end }} command: - importer - --endpoint={{ required "Valid .Values.dgctlStorage.host required!" .Values.dgctlStorage.host }} @@ -72,6 +80,9 @@ spec: mountPath: /etc/2gis - name: search-api-data mountPath: {{ .Values.api.dataDir }} + {{- if .Values.customCAs.bundle }} + {{- include "search_api.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} containers: - name: api image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} @@ -88,9 +99,16 @@ spec: mountPath: /etc/2gis - name: search-api-data mountPath: {{ .Values.api.dataDir }} + {{- if .Values.customCAs.bundle }} + {{- include "search_api.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} env: - name: REDEPLOY_LABEL value: "{{ .Values.redeployLabel }}" + {{- if .Values.customCAs.bundle }} + {{- include "search_api.env.custom.ca.path" . | nindent 12 }} + {{- end }} + - name: nginx image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }} imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} @@ -122,6 +140,13 @@ spec: volumeMounts: - name: {{ include "search_api.name" $ }}-configmap mountPath: /etc/2gis + {{- if .Values.customCAs.bundle }} + {{- include "search_api.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + env: + {{- if .Values.customCAs.bundle }} + {{- include "search_api.env.custom.ca.path" . | nindent 12 }} + {{- end }} volumes: - name: {{ include "search_api.name" . }}-configmap configMap: @@ -133,6 +158,9 @@ spec: path: nginx.conf - name: search-api-data emptyDir: {} + {{- if .Values.customCAs.bundle }} + {{- include "search_api.custom.ca.deploys.volumes" . | nindent 8 }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/search-api/values.yaml b/charts/search-api/values.yaml index beb29a0aa..a2b3a94f0 100644 --- a/charts/search-api/values.yaml +++ b/charts/search-api/values.yaml @@ -189,3 +189,16 @@ ingress: # @extra nginx.resources.requests.memory A memory request, e.g., `128Mi` # @extra nginx.resources.limits.cpu A CPU limit, e.g., `100m` # @extra nginx.resources.limits.memory A memory limit, e.g., `128Mi` + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' From 89d06607a75fd74001fb0154d099ad451761cab7 Mon Sep 17 00:00:00 2001 From: Voronkov Alexander Date: Mon, 26 Aug 2024 15:17:32 +0300 Subject: [PATCH 37/91] =?UTF-8?q?=D0=9F=D1=80=D0=BE=D0=B2=D0=B5=D1=80?= =?UTF-8?q?=D0=B8=D1=82=D1=8C=20=D0=9F=D0=A0=20search=20478.=20Fix=20readm?= =?UTF-8?q?e=20(#485)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/search-api/README.md | 2 +- charts/search-api/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/search-api/README.md b/charts/search-api/README.md index 4ab831791..8b437ef6a 100644 --- a/charts/search-api/README.md +++ b/charts/search-api/README.md @@ -147,7 +147,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo | Name | Description | Value | | --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | | `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | -| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | ## Maintainers diff --git a/charts/search-api/values.yaml b/charts/search-api/values.yaml index a2b3a94f0..08d4bcda8 100644 --- a/charts/search-api/values.yaml +++ b/charts/search-api/values.yaml @@ -193,7 +193,7 @@ ingress: # @section customCAs **Custom Certificate Authority** # @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) -# @param customCAs.certsPath Custom CA bundle mount directory in the container. +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" customCAs: bundle: '' From 8a561aec8a2e01e16973d0a93cd8d83cf9375751 Mon Sep 17 00:00:00 2001 From: Dmitrii Molochnikov Date: Wed, 28 Aug 2024 14:45:59 +0700 Subject: [PATCH 38/91] =?UTF-8?q?=D0=9E=D0=B1=D0=BD=D0=BE=D0=B2=D0=BB?= =?UTF-8?q?=D0=B5=D0=BD=D0=B8=D0=B5=20PRO=20API=20=D0=B4=D0=BE=20=D0=B2?= =?UTF-8?q?=D0=B5=D1=80=D1=81=D0=B8=D0=B8=201.35.0=20=D0=B8=20PRO=20UI=20?= =?UTF-8?q?=D0=B4=D0=BE=20=D0=B2=D0=B5=D1=80=D1=81=D0=B8=D0=B8=202.27.0=20?= =?UTF-8?q?(#481)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Breaking-Changes.md | 24 ++ charts/pro-api/Chart.yaml | 4 +- charts/pro-api/README.md | 30 +-- charts/pro-api/templates/_helpers.tpl | 10 - charts/pro-api/templates/deployment.yaml | 21 +- .../templates/permissions-api-deployment.yaml | 9 +- .../templates/user-asset-importer.yaml | 112 --------- charts/pro-api/values.yaml | 26 +- charts/pro-ui/Chart.yaml | 4 +- charts/pro-ui/README.md | 160 ++++++------ charts/pro-ui/templates/NOTES.txt | 6 +- charts/pro-ui/templates/_env.tpl | 3 +- charts/pro-ui/templates/_helpers.tpl | 4 +- charts/pro-ui/templates/ui/deployment.yaml | 42 ++-- charts/pro-ui/templates/ui/hpa.yaml | 2 +- charts/pro-ui/templates/ui/ingress.yaml | 14 +- charts/pro-ui/templates/ui/service.yaml | 8 +- charts/pro-ui/values.yaml | 238 +++++++++--------- 18 files changed, 314 insertions(+), 403 deletions(-) delete mode 100755 charts/pro-api/templates/user-asset-importer.yaml diff --git a/Breaking-Changes.md b/Breaking-Changes.md index ea9465ac0..d62beda9f 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,5 +1,29 @@ # 2GIS On-Premise Breaking-Changes +## [1.27.0] + +### PRO +- ui.strategy renamed to strategy +- ui.image renamed to image +- ui.replicas renamed to replicas +- ui.revisionHistoryLimit renamed to revisionHistoryLimit +- ui.terminationGracePeriodSeconds renamed to terminationGracePeriodSeconds +- ui.nodeSelector renamed to nodeSelector +- ui.affinity renamed to affinity +- ui.tolerations renamed to tolerations +- ui.podAnnotations renamed to podAnnotations +- ui.podLabels renamed to podLabels +- ui.annotations renamed to annotations +- ui.labels renamed to labels +- ui.readinessProbe renamed to readinessProbe +- ui.livenessProbe renamed to livenessProbe +- ui.containerPort renamed to containerPort +- ui.service renamed to service +- ui.ingress renamed to ingress +- ui.resources renamed to resources +- ui.hpa renamed to hpa + + ## [1.26.0] ### citylens diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index f56c386d6..dd6dafd5a 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,8 +4,8 @@ description: Geo API for getting geo data type: application -version: 1.26.0 -appVersion: 1.22.0 +version: 1.35.0 +appVersion: 1.35.0 maintainers: - name: 2gis diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index 0fb1d7330..f33f81fb8 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -75,7 +75,7 @@ | Name | Description | Value | | ------------------ | ----------- | ------------------------- | | `image.repository` | Repository | `2gis-on-premise/pro-api` | -| `image.tag` | Tag | `1.22.0` | +| `image.tag` | Tag | `1.35.0` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### 2GIS PRO Storage configuration @@ -105,15 +105,16 @@ ### Auth configuration -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | -| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | -| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | -| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | -| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | -| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | -| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | +| Name | Description | Value | +| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | +| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | +| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | +| `auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | +| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | +| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | +| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | +| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | ### PostgreSQL settings @@ -202,10 +203,9 @@ ### 2GIS PRO API Job settings -| Name | Description | Value | -| -------------------------- | -------------------------- | --------------------- | -| `appAssetImporterName` | Data Import job name. | `asset-importer` | -| `appUserAssetImporterName` | User Data Import job name. | `user-asset-importer` | +| Name | Description | Value | +| ---------------------- | --------------------- | ---------------- | +| `appAssetImporterName` | Data Import job name. | `asset-importer` | ### 2GIS PRO Permissions API configuration @@ -218,7 +218,7 @@ | Name | Description | Value | | ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.22.0` | +| `assetImporter.tag` | Docker image tag. | `1.35.0` | | `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | | `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index d114e20db..38121023e 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -33,15 +33,6 @@ {{- end -}} {{- end -}} -{{- define "pro-api.user-asset-importer-name" -}} -{{- $name := default .Values.appUserAssetImporterName -}} -{{- if contains $name .Release.Name -}} -{{- .Release.Name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} -{{- end -}} - {{- define "pro-api.asset-preparer-name" -}} {{- $name := default .Values.appAssetPreparerName -}} {{- if contains $name .Release.Name -}} @@ -51,7 +42,6 @@ {{- end -}} {{- end -}} - {{- define "pro-api.service-account-name" -}} {{- if empty .Values.api.serviceAccountOverride }} {{- $name := default .Values.api.serviceAccount -}} diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index 54df5b651..e6582ad47 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -70,13 +70,16 @@ spec: - name: http containerPort: 8080 protocol: TCP + - name: management + containerPort: 8090 + protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -85,7 +88,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: http + port: management failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 5 @@ -94,7 +97,7 @@ spec: startupProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 5 @@ -112,10 +115,8 @@ spec: value: "{{ .Values.backgroundJobs.enableUserAssetsImporter }}" - name: Import__EnableAssetsStreaming value: "{{ .Values.backgroundJobs.enableAssetsStreaming }}" - - name: Import__CommonAssetsJobName + - name: Import__AssetImporterJobName value: {{ include "pro-api.asset-importer-name" . }} - - name: Import__UserAssetsJobName - value: {{ include "pro-api.user-asset-importer-name" . }} - name: Import__ExternalLinksProxyUrl value: "{{ .Values.assetImporter.externalLinksProxyUrl }}" - name: Import__ExternalLinksAllowedHosts @@ -220,7 +221,7 @@ spec: - name: Kafka__ImportTasksTopicSettings__ReaderGroupId value: {{ $.Values.kafka.importTasksTopic.readerGroupId }} - name: Kafka__AssetDataTopicSettings__Name - value: {{ $.Values.kafka.assetDataTopic.name }} + value: {{ required "A valid .Values.kafka.assetDataTopic.name entry required" $.Values.kafka.assetDataTopic.name }} - name: Kafka__EventsTopicSettings__Name value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: Kafka__EventsTopicSettings__ReaderGroupId @@ -231,6 +232,8 @@ spec: value: "{{ .Values.auth.url }}" - name: Auth__UserInfoEndpoint value: "{{ .Values.auth.userInfoEndpoint }}" + - name: Auth__WellKnownConfigEndpoint + value: "{{ .Values.auth.wellKnownConfigEndpoint }}" - name: Auth__AutoRegisterUsers value: "{{ .Values.auth.autoRegisterUsers }}" - name: Auth__TurnOffCertValidation @@ -297,3 +300,7 @@ spec: value: "{{ .Values.api.localCache.trackStatistics }}" - name: LicensingService__BaseUri value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} + {{- range $i, $s := .Values.api.openApi.servers }} + - name: OpenApi__Servers__{{$i}} + value: "{{ $s }}" + {{- end }} diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index 27e399e2f..b8b743827 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -66,13 +66,16 @@ spec: - name: http containerPort: 8081 protocol: TCP + - name: management + containerPort: 8091 + protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -81,7 +84,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: http + port: management failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 @@ -90,7 +93,7 @@ spec: startupProbe: httpGet: path: /health/live - port: http + port: management failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 diff --git a/charts/pro-api/templates/user-asset-importer.yaml b/charts/pro-api/templates/user-asset-importer.yaml deleted file mode 100755 index a861ab889..000000000 --- a/charts/pro-api/templates/user-asset-importer.yaml +++ /dev/null @@ -1,112 +0,0 @@ -{{ if .Values.userAssetImporter.enabled }} -apiVersion: batch/v1 -kind: CronJob -metadata: - name: {{ include "pro-api.user-asset-importer-name" . }} -spec: - concurrencyPolicy: Forbid - schedule: "{{ .Values.assetImporter.schedule }}" - successfulJobsHistoryLimit: {{ .Values.assetImporter.successfulJobsHistoryLimit }} - suspend: true # джоба используется как шаблон для запуска обычных джоб - jobTemplate: - spec: - backoffLimit: {{ .Values.assetImporter.backoffLimit }} - template: - spec: - {{- with .Values.assetImporter.nodeSelector }} - nodeSelector: - {{- toYaml . | nindent 12 }} - {{- end }} - restartPolicy: Never - serviceAccountName: {{ include "pro-api.service-account-name" . }} - volumes: - - name: temp-volume - emptyDir: {} - containers: - - name: {{ include "pro-api.user-asset-importer-name" . }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.assetImporter.repository }}:{{ .Values.assetImporter.tag }} - imagePullPolicy: IfNotPresent - resources: - {{- toYaml .Values.assetImporter.resources | nindent 16 }} - volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" - name: temp-volume - env: - - name: JOB_NAME - value: {{ include "pro-api.user-asset-importer-name" . }} - - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" - - name: ENV - value: "{{ .Values.api.env }}" - - name: MODE - value: "Schedule" - - name: ASSET_TYPE - value: "user" - - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetImporter.maxParallelJobs }}" - - name: S3Settings__Url - value: {{ required "A valid .Values.dgctlStorage.host entry required" $.Values.dgctlStorage.host }} - - name: S3Settings__Secure - value: "{{ .Values.dgctlStorage.secure }}" - - name: S3Settings__Region - value: {{ .Values.dgctlStorage.region }} - - name: S3Settings__DisablePayloadSigning - value: "{{ .Values.dgctlStorage.disablePayloadSigning }}" - - name: S3Settings__AssetDataBucket - value: {{ required "A valid .Values.s3.assetsDataBucket entry required" $.Values.s3.assetsDataBucket }} - - name: S3Settings__UserAssetDataBucket - value: "{{ .Values.s3.userAssetsDataBucket }}" - - name: S3Settings__LayerDataBucket - value: "{{ .Values.s3.layerDataBucket }}" - - name: S3Settings__SnapshotBucket - value: {{ .Values.s3.snapshotBucket }} - - name: S3Settings__AccessKey - valueFrom: - secretKeyRef: - key: s3AccessKey - name: {{ include "pro-api.name" . }}-secret - - name: S3Settings__SecretKey - valueFrom: - secretKeyRef: - key: s3SecretKey - name: {{ include "pro-api.name" . }}-secret - - name: ES_HOST - value: "{{ .Values.elastic.host }}" - {{- if .Values.elastic.credentials }} - - name: ES_CREDENTIALS - valueFrom: - secretKeyRef: - key: esCredentials - name: {{ include "pro-api.name" . }}-secret - {{ end }} - - name: ES_INDEX_PREFIX - value: "{{ .Values.elastic.indexPrefix }}" - - name: API_URL - value: http://{{ include "pro-api.name" . }} - - name: IMAGE_PROXY_URL - value: "{{ .Values.assetImporter.imageProxyUrl }}" - {{ if .Values.auth.apiKey }} - - name: API_TOKEN - valueFrom: - secretKeyRef: - key: apiKey - name: {{ include "pro-api.name" . }}-secret - {{ end }} - - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" - - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" - - name: Common__SuppressImportFailure - value: "true" - - name: Navi__Url - value: {{ .Values.navi.url }} - - name: Navi__Key - valueFrom: - secretKeyRef: - key: routingApi2gisKey - name: {{ include "pro-api.name" . }}-secret - - name: TileGen__Url - value: "{{ .Values.tileGen.url }}" - - name: TileGen__UserDataTileSet - value: "{{ .Values.tileGen.userDataTileSet }}" -{{ end }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 9174c7c89..b4ff4318c 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,4 +1,4 @@ -# @section Docker Registry settings +# @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. @@ -121,14 +121,14 @@ vpa: image: repository: 2gis-on-premise/pro-api - tag: 1.22.0 + tag: 1.35.0 pullPolicy: IfNotPresent # @skip permissionsApiImage permissionsApiImage: repository: 2gis-on-premise/pro-permissions-api - tag: 1.22.0 + tag: 1.35.0 pullPolicy: IfNotPresent # @section 2GIS PRO Storage configuration @@ -167,6 +167,8 @@ s3: # @skip Local cache settings # @skip api.localCache.enabled # @skip api.localCache.trackStatistics +# @skip Open API settings +# @skip api.openApi.servers api: serviceAccount: runner @@ -187,12 +189,15 @@ api: localCache: enabled: true trackStatistics: false + openApi: + servers: [] # @section Auth configuration # @param auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol # @param auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` # @param auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` +# @param auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` # @param auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` # @param auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` # @param auth.turnOffCertValidation Turn off certificate validation for auth.url @@ -203,6 +208,7 @@ auth: type: none url: '' userInfoEndpoint: '' + wellKnownConfigEndpoint: '' apiKey: '' permissionsApiKey: '' autoRegisterUsers: true @@ -349,11 +355,9 @@ tileGen: # @section 2GIS PRO API Job settings # @param appAssetImporterName Data Import job name. -# @param appUserAssetImporterName User Data Import job name. # @skip appAssetPreparerName appAssetImporterName: asset-importer -appUserAssetImporterName: user-asset-importer appAssetPreparerName: asset-preparer # @skip permissionsPodSettings @@ -374,10 +378,10 @@ permissionsPodSettings: resources: requests: cpu: 300m - memory: 256M + memory: 512M limits: cpu: 1 - memory: 512M + memory: 1G # @section 2GIS PRO Permissions API configuration # @skip permissionsApi.host @@ -414,7 +418,7 @@ permissionsApi: assetImporter: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.35.0 schedule: 0 18 * * * backoffLimit: 2 successfulJobsHistoryLimit: 3 @@ -437,15 +441,11 @@ assetImporter: externalLinksAllowedHosts: '' esMetricsEnabled: false -# @skip userAssetImporter -userAssetImporter: - enabled: true - # @skip assetPreparer assetPreparer: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.35.0 schedule: 0 16 * * 6 backoffLimit: 2 successfulJobsHistoryLimit: 1 diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index f7a54e8a1..eb7e58534 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,8 +3,8 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.26.0 -appVersion: 2.15.1 +version: 2.0.0 +appVersion: 2.27.0 maintainers: - name: 2gis diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 89f81ec07..47b3c7a8c 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -16,55 +16,63 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | `imagePullPolicy` | Pull Policy | `IfNotPresent` | | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -### Common settings - -| Name | Description | Value | -| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | -| `ui.replicas` | A replica count for the pod. | `1` | -| `ui.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | -| `ui.terminationGracePeriodSeconds` | Seconds pod needs to [terminate](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) gracefully | `60` | -| `ui.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `ui.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `ui.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `ui.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `ui.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `ui.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `ui.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `ui.readinessProbe.enabled` | Enable [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers | `true` | -| `ui.livenessProbe.enabled` | Enable [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers | `false` | -| `ui.healthcheckPath` | Application http path for health check | `/api/healthcheck/app` | -| `ui.containerPort` | Port on which application listen connection in container | `3000` | +### Strategy settings + +| Name | Description | Value | +| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | +| `strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | +| `strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | ### Deployment settings -| Name | Description | Value | -| --------------------- | ----------- | ------------------------ | -| `ui.image.repository` | Repository | `2gis-on-premise/pro-ui` | -| `ui.image.tag` | Tag | `2.15.1` | +| Name | Description | Value | +| ------------------ | ----------- | ------------------------ | +| `image.repository` | Repository | `2gis-on-premise/pro-ui` | +| `image.tag` | Tag | `2.27.0` | + +### Common deployment settings + +| Name | Description | Value | +| ------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `replicas` | A replica count for the pod. | `1` | +| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `terminationGracePeriodSeconds` | Seconds pod needs to [terminate](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) gracefully | `60` | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `readinessProbe.enabled` | Enable [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers | `true` | +| `livenessProbe.enabled` | Enable [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers | `false` | +| `containerPort` | Port on which application listen connection in container | `3000` | ### UI service settings -| Name | Description | Value | -| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `ui.appTheme` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `urbi` | -| `ui.appLocale` | Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. | `en_AE` | -| `ui.appInitialMapCenter` | Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). | `[46.71, 24.72]` | -| `ui.supportDocumentationLink` | Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' or 'https://docs.2gis.com/ru/pro/start' | `""` | -| `ui.immersiveModels` | A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] | `""` | -| `ui.publicS3Url` | Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ | `""` | -| `ui.auth.sso` | Flag to turn on/off the authorization. Possible values: `"true"` or `"false"`. | `false` | -| `ui.auth.secure` | Flag to turn on/off the https for auth. Possible values: `"true"` or `"false"`. | `true` | -| `ui.auth.safeHosts` | a string with regExp, which checks incoming authCodeUrl | `.*` | -| `ui.auth.codeUrl` | an URL, which is used to exchange code to token: host/api/auth/code | `""` | -| `ui.auth.clientId` | a client_id from keycloack | `""` | -| `ui.auth.clientSecret` | a client_secret from keycloack | `""` | -| `ui.auth.oAuthProvider` | a provider name. Possible values: "keycloak" | "ugc" | "openid" | `keycloak` | -| `ui.auth.oAuthScopes` | scopes for openid connect. Possible values: | `""` | -| `ui.auth.identityProviderUrl` | a provider base URL | `""` | -| `ui.auth.oAuthApiUrl` | an oAuth provider base URL | `""` | -| `ui.auth.userDataApiUrl` | an user data provider URL | `""` | -| `ui.auth.turnOffCertValidation` | Flag to turn off certificate validation. Possible values: `"true"` or `"false"`. | `false` | -| `ui.auth.openIdWellKnownUrlListUrl` | URL to OpenID Connect Discovery data | `""` | +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------- | +| `ui.healthcheckPath` | Application http path for health check | `/api/healthcheck/app` | +| `ui.appTheme` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `urbi` | +| `ui.appLocale` | Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. | `en_AE` | +| `ui.appInitialMapCenter` | Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). | `[46.71, 24.72]` | +| `ui.supportDocumentationLink` | Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start', 'https://docs.2gis.com/ru/pro/start' | `""` | +| `ui.immersiveModels` | A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] | `""` | +| `ui.publicS3Url` | Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ | `""` | +| `ui.auth.sso` | Flag to turn on/off the authorization. Possible values: `"true"` or `"false"`. | `false` | +| `ui.auth.secure` | Flag to turn on/off the https for auth. Possible values: `"true"` or `"false"`. | `true` | +| `ui.auth.safeHosts` | a string with regExp, which checks incoming authCodeUrl | `.*` | +| `ui.auth.codeUrl` | an URL, which is used to exchange code to token: host/api/auth/code | `""` | +| `ui.auth.clientId` | a client_id from keycloack | `""` | +| `ui.auth.clientSecret` | a client_secret from keycloack | `""` | +| `ui.auth.oAuthProvider` | a provider name. Possible values: "keycloak" | "ugc" | "openid" | `keycloak` | +| `ui.auth.oAuthScopes` | scopes for openid connect. Possible values: | `""` | +| `ui.auth.identityProviderUrl` | a provider base URL | `""` | +| `ui.auth.oAuthApiUrl` | an oAuth provider base URL | `""` | +| `ui.auth.userDataApiUrl` | an user data provider URL | `""` | +| `ui.auth.turnOffCertValidation` | Flag to turn off certificate validation. Possible values: `"true"` or `"false"`. | `false` | +| `ui.auth.openIdWellKnownUrlListUrl` | URL to OpenID Connect Discovery data | `""` | ### 2GIS Pro API settings @@ -112,53 +120,45 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | `ui.whiteLabel.configUrl` | Optional URL for whitelabel config file | `""` | | `ui.whiteLabel.s3Bucket` | Optional S3 bucket name for whitelabel files. Bucket must be public. If set with ui.publicS3Url all relative URL in config will be replaced to ui.publicS3Url + ui.whiteLabel.s3Bucket + originalURL | `""` | -### Strategy settings - -| Name | Description | Value | -| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `ui.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | -| `ui.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | -| `ui.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | - ### Service settings -| Name | Description | Value | -| ------------------------ | ------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| `ui.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `ui.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `ui.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `ui.service.port` | Service port. | `3000` | -| `ui.service.targetPort` | Service target port. | `http` | +| Name | Description | Value | +| --------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ----------- | +| `service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `service.port` | Service port. | `3000` | +| `service.targetPort` | Service target port. | `http` | ### Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings -| Name | Description | Value | -| --------------------------------------- | ----------------------------------------- | -------------------- | -| `ui.ingress.enabled` | If Ingress is enabled for the service. | `false` | -| `ui.ingress.className` | Name of the Ingress controller class. | `nginx` | -| `ui.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-ui.example.com` | -| `ui.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `ui.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `ui.ingress.tls` | TLS configuration | `[]` | +| Name | Description | Value | +| ------------------------------------ | ----------------------------------------- | -------------------- | +| `ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `ingress.className` | Name of the Ingress controller class. | `nginx` | +| `ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-ui.example.com` | +| `ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `ingress.tls` | TLS configuration | `[]` | ### Limits -| Name | Description | Value | -| ------------------------------ | ----------------- | ------- | -| `ui.resources.requests.cpu` | A CPU request. | `300m` | -| `ui.resources.requests.memory` | A memory request. | `256Mi` | -| `ui.resources.limits.cpu` | A CPU limit. | `1` | -| `ui.resources.limits.memory` | A memory limit. | `384Mi` | +| Name | Description | Value | +| --------------------------- | ----------------- | ------- | +| `resources.requests.cpu` | A CPU request. | `300m` | +| `resources.requests.memory` | A memory request. | `256Mi` | +| `resources.limits.cpu` | A CPU limit. | `1` | +| `resources.limits.memory` | A memory limit. | `384Mi` | ### Autoscaling configuration -| Name | Description | Value | -| --------------------- | ------------------------------------ | ------- | -| `ui.hpa.enabled` | Enable hpa for PRO UI | `false` | -| `ui.hpa.minReplicas` | Minimum number of PRO UI replicas | `2` | -| `ui.hpa.maxReplicas` | Maximum number of PRO UI replicas | `5` | -| `ui.hpa.targetCPU` | Target CPU utilization percentage | `100` | -| `ui.hpa.targetMemory` | Target Memory utilization percentage | `""` | +| Name | Description | Value | +| ------------------ | ------------------------------------ | ------- | +| `hpa.enabled` | Enable hpa for PRO UI | `false` | +| `hpa.minReplicas` | Minimum number of PRO UI replicas | `2` | +| `hpa.maxReplicas` | Maximum number of PRO UI replicas | `5` | +| `hpa.targetCPU` | Target CPU utilization percentage | `100` | +| `hpa.targetMemory` | Target Memory utilization percentage | `""` | ### Artifacts Storage settings @@ -179,7 +179,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `stylesImporter.name` | Styles Import job name. | `styles-importer` | | `stylesImporter.image.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `stylesImporter.image.tag` | Docker image tag. | `1.22.0` | +| `stylesImporter.image.tag` | Docker image tag. | `1.35.0` | | `stylesImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `stylesImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | | `stylesImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | diff --git a/charts/pro-ui/templates/NOTES.txt b/charts/pro-ui/templates/NOTES.txt index 760de33f6..16aebb51f 100644 --- a/charts/pro-ui/templates/NOTES.txt +++ b/charts/pro-ui/templates/NOTES.txt @@ -1,9 +1,9 @@ Pro UI service is released as "{{ .Release.Name }}" at "{{ .Release.Namespace }}" namespace. -{{- if .Values.ui.ingress.enabled }} +{{- if .Values.ingress.enabled }} You can check service using curl -{{- range $host := .Values.ui.ingress.hosts }} - http{{ if $.Values.ui.ingress.tls }}s{{ end }}://{{ $host.host }}/ +{{- range $host := .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}/ {{- end }} {{- else }} You should publish the service in your preferred way (ingress, balancer, etc). diff --git a/charts/pro-ui/templates/_env.tpl b/charts/pro-ui/templates/_env.tpl index 177cd6ff5..065e8096b 100644 --- a/charts/pro-ui/templates/_env.tpl +++ b/charts/pro-ui/templates/_env.tpl @@ -1,4 +1,3 @@ - {{- define "pro.env.ui" -}} - name: NETWORK_TIMEOUT value: "{{ required "A valid .Values.ui.api.timeout" .Values.ui.api.timeout }}" @@ -74,7 +73,7 @@ - name: HOME value: "/tmp" - name: SERVER_PORT - value: "{{ .Values.ui.containerPort }}" + value: "{{ .Values.containerPort }}" - name: MAPBOX_STYLE_TOKEN value: "{{ .Values.ui.mapbox.styleToken }}" - name: FEATURE_EXTERNAL_STYLE_MANAGER_IS_ENABLED diff --git a/charts/pro-ui/templates/_helpers.tpl b/charts/pro-ui/templates/_helpers.tpl index dd4de2916..125a2e1b3 100644 --- a/charts/pro-ui/templates/_helpers.tpl +++ b/charts/pro-ui/templates/_helpers.tpl @@ -34,8 +34,8 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end -}} {{- define "pro.ui.service.annotations" -}} -{{- if .Values.ui.service.annotations }} -{{- include "pro.ui.tplvalues.render" (dict "value" .Values.ui.service.annotations "context" . ) }} +{{- if .Values.service.annotations }} +{{- include "pro.ui.tplvalues.render" (dict "value" .Values.service.annotations "context" . ) }} {{ end }} {{- end -}} diff --git a/charts/pro-ui/templates/ui/deployment.yaml b/charts/pro-ui/templates/ui/deployment.yaml index 16e719ea1..5bd1b1ae4 100644 --- a/charts/pro-ui/templates/ui/deployment.yaml +++ b/charts/pro-ui/templates/ui/deployment.yaml @@ -2,60 +2,60 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "pro.ui.name" . }} - {{- with .Values.ui.annotations }} + {{- with .Values.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "pro.ui.labels" . | nindent 4 }} - {{- with .Values.ui.labels }} + {{- with .Values.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - replicas: {{ .Values.ui.replicas }} - revisionHistoryLimit: {{ .Values.ui.revisionHistoryLimit }} - {{- if .Values.ui.strategy }} + replicas: {{ .Values.replicas }} + revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if .Values.strategy }} strategy: - {{- toYaml .Values.ui.strategy | nindent 4 }} + {{- toYaml .Values.strategy | nindent 4 }} {{- end }} selector: matchLabels: {{- include "pro.ui.selectorLabels" . | nindent 6 }} template: metadata: - {{- with .Values.ui.podAnnotations }} + {{- with .Values.podAnnotations }} annotations: {{- include "pro.ui.tplvalues.render" (dict "value" . "context" $ ) | nindent 8 }} {{- end }} labels: {{- include "pro.ui.labels" . | nindent 8 }} - {{- with .Values.ui.podLabels }} + {{- with .Values.podLabels }} {{- include "pro.ui.tplvalues.render" (dict "value" . "context" $ ) | nindent 8 }} {{- end }} spec: containers: - name: pro-ui - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.ui.image.repository }}:{{ .Values.ui.image.tag }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.imagePullPolicy }} ports: - name: http - containerPort: {{ .Values.ui.containerPort }} - {{- if .Values.ui.readinessProbe.enabled }} + containerPort: {{ .Values.containerPort }} + {{- if .Values.readinessProbe.enabled }} readinessProbe: httpGet: path: {{ .Values.ui.healthcheckPath }} port: http - {{- $otherProbeParams := (omit .Values.ui.readinessProbe "enabled") }} + {{- $otherProbeParams := (omit .Values.readinessProbe "enabled") }} {{- with $otherProbeParams }} {{- include "pro.ui.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} {{- end }} {{- end }} - {{- if .Values.ui.livenessProbe.enabled }} + {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: path: {{ .Values.ui.healthcheckPath }} port: http - {{- $otherProbeParams := (omit .Values.ui.livenessProbe "enabled") }} + {{- $otherProbeParams := (omit .Values.livenessProbe "enabled") }} {{- with $otherProbeParams }} {{- include "pro.ui.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} {{- end }} @@ -64,20 +64,20 @@ spec: preStop: exec: command: ["/bin/sh", "-c", "sleep 5"] - {{- if .Values.ui.resources }} - resources: {{- toYaml .Values.ui.resources | nindent 12 }} + {{- if .Values.resources }} + resources: {{- toYaml .Values.resources | nindent 12 }} {{- end }} env: {{- include "pro.env.ui" . | nindent 12 }} - {{- with .Values.ui.nodeSelector }} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.ui.affinity }} + {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.ui.tolerations }} + {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} @@ -85,6 +85,6 @@ spec: imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.ui.terminationGracePeriodSeconds }} - terminationGracePeriodSeconds: {{ .Values.ui.terminationGracePeriodSeconds }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} diff --git a/charts/pro-ui/templates/ui/hpa.yaml b/charts/pro-ui/templates/ui/hpa.yaml index 6f84ed928..dc559f0f0 100644 --- a/charts/pro-ui/templates/ui/hpa.yaml +++ b/charts/pro-ui/templates/ui/hpa.yaml @@ -1,4 +1,4 @@ -{{- with .Values.ui.hpa -}} +{{- with .Values.hpa -}} {{- if .enabled -}} apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler diff --git a/charts/pro-ui/templates/ui/ingress.yaml b/charts/pro-ui/templates/ui/ingress.yaml index d7f88e3e6..45b547dc9 100644 --- a/charts/pro-ui/templates/ui/ingress.yaml +++ b/charts/pro-ui/templates/ui/ingress.yaml @@ -1,19 +1,19 @@ -{{- if .Values.ui.ingress.enabled -}} +{{- if .Values.ingress.enabled -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ include "pro.ui.name" . }} labels: {{- include "pro.ui.labels" . | nindent 4 }} - {{- with .Values.ui.ingress.annotations }} + {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - ingressClassName: {{ .Values.ui.ingress.className }} - {{- if .Values.ui.ingress.tls }} + ingressClassName: {{ .Values.ingress.className }} + {{- if .Values.ingress.tls }} tls: - {{- range .Values.ui.ingress.tls }} + {{- range .Values.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -22,7 +22,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ui.ingress.hosts }} + {{- range .Values.ingress.hosts }} - host: {{ .host | quote }} http: paths: @@ -33,7 +33,7 @@ spec: service: name: {{ include "pro.ui.name" $ }} port: - number: {{ $.Values.ui.service.port }} + number: {{ $.Values.service.port }} {{- end }} {{- end }} {{- end }} diff --git a/charts/pro-ui/templates/ui/service.yaml b/charts/pro-ui/templates/ui/service.yaml index b523cd3bd..777acd377 100644 --- a/charts/pro-ui/templates/ui/service.yaml +++ b/charts/pro-ui/templates/ui/service.yaml @@ -6,15 +6,15 @@ metadata: {{- include "pro.ui.service.annotations" . | nindent 4 }} labels: {{- include "pro.ui.labels" . | nindent 4 }} - {{- with .Values.ui.service.labels }} + {{- with .Values.service.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - type: {{ .Values.ui.service.type }} + type: {{ .Values.service.type }} ports: - name: http - port: {{ .Values.ui.service.port }} - targetPort: {{ .Values.ui.service.targetPort }} + port: {{ .Values.service.port }} + targetPort: {{ .Values.service.targetPort }} protocol: TCP appProtocol: http selector: diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 782b49659..86f09b295 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -9,60 +9,72 @@ dgctlDockerRegistry: '' imagePullPolicy: IfNotPresent imagePullSecrets: [] -ui: - # @section Common settings - - # @param ui.replicas A replica count for the pod. - # @param ui.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). - # @param ui.terminationGracePeriodSeconds Seconds pod needs to [terminate](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) gracefully - # @param ui.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). - # @param ui.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). - # @param ui.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. - # @param ui.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). - # @param ui.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). - # @param ui.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). - # @param ui.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). - # @param ui.readinessProbe.enabled Enable [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers - # @param ui.livenessProbe.enabled Enable [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers - # @param ui.healthcheckPath Application http path for health check - # @param ui.containerPort Port on which application listen connection in container - - replicas: 1 - revisionHistoryLimit: 3 - terminationGracePeriodSeconds: 60 - nodeSelector: {} - affinity: {} - tolerations: [] - podAnnotations: {} - podLabels: {} - annotations: {} - labels: {} - readinessProbe: - enabled: true - livenessProbe: - enabled: false - healthcheckPath: /api/healthcheck/app - containerPort: 3000 - - # @section Deployment settings - - # @param ui.image.repository Repository - # @param ui.image.tag Tag - image: - repository: 2gis-on-premise/pro-ui - tag: 2.15.1 - - # @section UI service settings +# @section Strategy settings + +# @param strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. +# @param strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). +# @param strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. + +strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + +# @section Deployment settings + +# @param image.repository Repository +# @param image.tag Tag +image: + repository: 2gis-on-premise/pro-ui + tag: 2.27.0 + +# @section Common deployment settings + +# @param replicas A replica count for the pod. +# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). +# @param terminationGracePeriodSeconds Seconds pod needs to [terminate](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) gracefully +# @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). +# @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. +# @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param readinessProbe.enabled Enable [readinessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers +# @param livenessProbe.enabled Enable [livenessProbe](https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes) on PRO UI containers +# @param containerPort Port on which application listen connection in container + +replicas: 1 +revisionHistoryLimit: 3 +terminationGracePeriodSeconds: 60 +nodeSelector: {} +affinity: {} +tolerations: [] +podAnnotations: {} +podLabels: {} +annotations: {} +labels: {} +readinessProbe: + enabled: true +livenessProbe: + enabled: false +containerPort: 3000 + +# @section UI service settings +ui: # @skip ui.logLevel # @skip ui.isOnPremise + # @param ui.healthcheckPath Application http path for health check # @param ui.appTheme Branding inside the app. Possible values: `"2gis"` or `"urbi"`. # @param ui.appLocale Language in the app. Possible values: `"ar_AE"`, `"en_AE"` or `"ru_RU"`. # @param ui.appInitialMapCenter Default map coordinates, it contains of two numbers in an array: [lng, lat] (e.g., [55.27, 25.2] stands for Dubai, [37.64, 55.74] — for Moscow). - # @param ui.supportDocumentationLink Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start' or 'https://docs.2gis.com/ru/pro/start' + # @param ui.supportDocumentationLink Product online documentation link. Ex.: 'https://docs.urbi.ae/en/pro/start', 'https://docs.2gis.com/ru/pro/start' # @param ui.immersiveModels A string value for config to enabling 3D-models. Possible values: [{"id":4,"name":"Ground","mapOptions":{"center":[53.287567,23.564967],"styleZoom":19.2,"pitch":45,"rotation":0},"objects":[{"buildingIds":[],"coords":[53.284762,23.569323],"scale":90,"rotateX":0.5,"rotateY":0,"moveX":0,"moveY":0,"moveZ":0,"models":[{"path":"/static/models/adnoc/ground.glb","name":"Ground","displayName":"Ground"}]}]}] # @param ui.publicS3Url Optional URL of public S3 where style data will be placed. Example: https://s3.domain.example.com/ + healthcheckPath: /api/healthcheck/app logLevel: error isOnPremise: true appTheme: urbi @@ -172,83 +184,71 @@ ui: configUrl: '' s3Bucket: '' - # @section Strategy settings - - # @param ui.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. - # @param ui.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). - # @param ui.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. - - strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 +# @section Service settings - # @section Service settings +# @param service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). +# @param service.port Service port. +# @param service.targetPort Service target port. - # @param ui.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). - # @param ui.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). - # @param ui.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). - # @param ui.service.port Service port. - # @param ui.service.targetPort Service target port. - - service: - annotations: {} - labels: {} - type: ClusterIP - port: 3000 - targetPort: http - - # @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings - - # @param ui.ingress.enabled If Ingress is enabled for the service. - # @param ui.ingress.className Name of the Ingress controller class. - # @param ui.ingress.hosts[0].host Hostname for the Ingress service. - # @param ui.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. - # @param ui.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. - # @param ui.ingress.tls TLS configuration - - ingress: - enabled: false - className: nginx - hosts: +service: + annotations: {} + labels: {} + type: ClusterIP + port: 3000 + targetPort: http + +# @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings + +# @param ingress.enabled If Ingress is enabled for the service. +# @param ingress.className Name of the Ingress controller class. +# @param ingress.hosts[0].host Hostname for the Ingress service. +# @param ingress.hosts[0].paths[0].path Path of the host for the Ingress service. +# @param ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. +# @param ingress.tls TLS configuration + +ingress: + enabled: false + className: nginx + hosts: - host: pro-ui.example.com paths: - - path: / - pathType: Prefix - tls: [] - # - hosts: - # - pro-ui.example.com - # secretName: secret.tls - - # @section Limits - - # @param ui.resources.requests.cpu A CPU request. - # @param ui.resources.requests.memory A memory request. - # @param ui.resources.limits.cpu A CPU limit. - # @param ui.resources.limits.memory A memory limit. - - resources: - requests: - cpu: 300m - memory: 256Mi - limits: - cpu: 1 - memory: 384Mi - - # @section Autoscaling configuration - - # @param ui.hpa.enabled Enable hpa for PRO UI - # @param ui.hpa.minReplicas Minimum number of PRO UI replicas - # @param ui.hpa.maxReplicas Maximum number of PRO UI replicas - # @param ui.hpa.targetCPU Target CPU utilization percentage - # @param ui.hpa.targetMemory Target Memory utilization percentage - hpa: - enabled: false - minReplicas: 2 - maxReplicas: 5 - targetCPU: 100 - targetMemory: '' + - path: / + pathType: Prefix + tls: [] + # - hosts: + # - pro-ui.example.com + # secretName: secret.tls + +# @section Limits + +# @param resources.requests.cpu A CPU request. +# @param resources.requests.memory A memory request. +# @param resources.limits.cpu A CPU limit. +# @param resources.limits.memory A memory limit. + +resources: + requests: + cpu: 300m + memory: 256Mi + limits: + cpu: 1 + memory: 384Mi + +# @section Autoscaling configuration + +# @param hpa.enabled Enable hpa for PRO UI +# @param hpa.minReplicas Minimum number of PRO UI replicas +# @param hpa.maxReplicas Maximum number of PRO UI replicas +# @param hpa.targetCPU Target CPU utilization percentage +# @param hpa.targetMemory Target Memory utilization percentage +hpa: + enabled: false + minReplicas: 2 + maxReplicas: 5 + targetCPU: 100 + targetMemory: '' # @section Artifacts Storage settings @@ -292,7 +292,7 @@ stylesImporter: name: styles-importer image: repository: 2gis-on-premise/pro-importer - tag: 1.22.0 + tag: 1.35.0 backoffLimit: 2 successfulJobsHistoryLimit: 3 nodeSelector: {} From cf78afba8de39e90718f91e2c60eef143d60e562 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Wed, 28 Aug 2024 19:04:00 +0700 Subject: [PATCH 39/91] Citylens 1.12.0 (#484) * Update Citylens 1.12.0 --------- Co-authored-by: Petr Beklemishev --- charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 8 ++++---- charts/citylens/templates/api/configmap.yaml | 3 +++ charts/citylens/values.yaml | 8 ++++---- 4 files changed, 12 insertions(+), 9 deletions(-) diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 125d35802..8fa2d5fdf 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.26.0 -appVersion: 1.11.1 +appVersion: 1.12.0 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index c22ec19e0..2af5890ef 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.11.1` | +| `api.image.tag` | Tag. | `1.12.0` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -133,7 +133,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.11.1` | +| `web.image.tag` | Tag. | `1.12.0` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -351,7 +351,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | `worker.dashboardBatchEvents.image.repository` | Repository. | `2gis-on-premise/citylens-workers` | -| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.11.1` | +| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.12.0` | | `worker.dashboardBatchEvents.image.pullPolicy` | Pull Policy. | `IfNotPresent` | | `worker.dashboardBatchEvents.logLevel` | Worker's log level. | `INFO` | | `worker.dashboardBatchEvents.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | @@ -369,7 +369,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.11.0` | +| `migrations.image.tag` | Tag. | `1.12.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | diff --git a/charts/citylens/templates/api/configmap.yaml b/charts/citylens/templates/api/configmap.yaml index 335dc2e4f..0510abc95 100644 --- a/charts/citylens/templates/api/configmap.yaml +++ b/charts/citylens/templates/api/configmap.yaml @@ -44,3 +44,6 @@ data: show_docs: {{ .Values.api.showDocs }} log_level: {{ .Values.api.logLevel }} metrics_app_name: {{ .Values.api.metricsAppName }} + {{- if .Values.api.routesApiBaseUrl }} + routes_api_base_url: {{ .Values.api.routesApiBaseUrl | squote }} + {{- end }} diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 4e76e063a..8e48ae5a6 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,7 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.11.1 + tag: 1.12.0 replicas: 4 @@ -230,7 +230,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.11.1 + tag: 1.12.0 replicas: 1 @@ -611,7 +611,7 @@ worker: image: repository: 2gis-on-premise/citylens-workers pullPolicy: IfNotPresent - tag: 1.11.1 + tag: 1.12.0 revisionHistoryLimit: 3 @@ -647,7 +647,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.11.0 + tag: 1.12.0 resources: requests: From 1952c4b39fc1bf966019adf83e698d8fddacde8b Mon Sep 17 00:00:00 2001 From: uk-navi-ci <161344134+uk-navi-ci@users.noreply.github.com> Date: Wed, 28 Aug 2024 18:08:59 +0300 Subject: [PATCH 40/91] chart/navi-back syncup (#470) --- charts/navi-back/README.md | 11 +++++++++++ charts/navi-back/templates/configmap.yaml | 24 ++++++++++++++++++++--- charts/navi-back/templates/secret.yaml | 17 ++++++++++++++++ charts/navi-back/values.yaml | 22 +++++++++++++++++++++ 4 files changed, 71 insertions(+), 3 deletions(-) diff --git a/charts/navi-back/README.md b/charts/navi-back/README.md index 8edfd3676..68fb79abe 100644 --- a/charts/navi-back/README.md +++ b/charts/navi-back/README.md @@ -103,6 +103,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `naviback.dump.query` | Dump queries in logs | `false` | | `naviback.dump.answer` | Dump answers in logs | `false` | | `naviback.logLevel` | Logging level, one of: Verbose, Info, Warning, Error, Fatal | `Info` | +| `naviback.logMessageField` | Field name in logs for messages data. | `custom.navi_msg` | | `naviback.indexFilename` | Name of the index file on Castle | `index.json.zip` | | `naviback.citiesFilename` | Name of the cities file on Castle | `cities.conf.zip` | | `naviback.sentry.enabled` | If sending crash dumps to Sentry needed | `false` | @@ -161,6 +162,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `naviback.validation.isochrone.responseSchemaName` | Name of isochrone response validation schema | `IsochroneApiResponseModel.json` | | `naviback.tilesMetricsThreshold` | The value at which we send tiles metrics (used for internal tests) | `0` | | `naviback.hierarchies.enabled` | If hierarchies cache available | `false` | +| `naviback.hierarchies.skipPatches` | Skip patches in hierarchies cache | `false` | | `naviback.hierarchies.s3path` | Hierarchies cache remote location | `""` | | `naviback.etaScheduleIndex.enabled` | If Schedule Index available | `false` | | `naviback.etaScheduleIndex.url` | Schedule Index remote url | `""` | @@ -302,6 +304,15 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `dataGroup.prefix` | common prefix for the group used for identifiers | `sampleGroup` | | `dataGroup.timestamp` | data timestamp the group is running on | `no-default` | +### Route sharing properties. Leave with defaults, FOR FUTURE RELEASE + +| Name | Description | Value | +| ----------------------------------- | ----------------------------------------------------------------------- | --------------------- | +| `routesharing.enabled` | If route sharing enabled | `false` | +| `routesharing.topic` | Topic to use for route sharing | `sharing-kafka-topic` | +| `routesharing.kafka.properties` | Properties as supported by librdkafka, see `kafka` section and comments | | +| `routesharing.kafka.fileProperties` | Properties stored in file, see `kafka` section and comments | `{}` | + ### License settings | Name | Description | Value | diff --git a/charts/navi-back/templates/configmap.yaml b/charts/navi-back/templates/configmap.yaml index 0313ae448..3295e00e7 100644 --- a/charts/navi-back/templates/configmap.yaml +++ b/charts/navi-back/templates/configmap.yaml @@ -21,6 +21,7 @@ data: "ProjectContext" ], "format": "Json", + "json_message_field_name": {{ .Values.naviback.logMessageField | quote }}, "enable_mirroring": true }, "service": { @@ -533,6 +534,18 @@ data: } }, {{- end }} + {{- if .Values.routesharing.enabled }} + "sharing": { + {{- $kafkaProperties := dict -}} + {{- range $key, $_ := .Values.routesharing.kafka.fileProperties -}} + {{- $_ := set $kafkaProperties $key (printf "/etc/2gis/mosesd/secret/%s" $key) -}} + {{- end -}} + {{- $kafkaProperties := mustMerge $kafkaProperties .Values.routesharing.kafka.properties }} + "kafka_properties": + {{- mustToPrettyJson $kafkaProperties | nindent 12 }}, + "topic": {{ .Values.routesharing.topic | quote }} + }, + {{- end }}{{/* .Values.routesharing.enabled */}} {{- if and .Values.naviback.bss.enabled .Values.naviback.bss.client.serviceRemoteAddress }} "business_statistics_system": { "client": { @@ -564,8 +577,11 @@ data: {{- end }}{{- /* if .Values.naviback.rtr.enabled */}} {{- if .Values.naviback.hierarchies.enabled }} "hierarchies": { - "graphs_file_name": "{SHORTCUT_PATH}", - "patches_dir_name": "{PATCHES_PATH}" + "use_hierarchy": true, + {{- if (not .Values.naviback.hierarchies.skipPatches) }} + "patches_file_name": "{PATCHES_PATH}", + {{- end }}{{- /* if (not .Values.naviback.hierarchies.skipPatches) */}} + "graphs_file_name": "{SHORTCUT_PATH}" }, "hierarchy_shortcuts": { "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, @@ -576,15 +592,17 @@ data: "count": 600 } }, + {{- if (not .Values.naviback.hierarchies.skipPatches) }} "hierarchy_patches": { "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, "nodes": [ - "{S3_CACHE_PATH}/patches.json" + "{S3_CACHE_PATH}/patches/patches.tar.gz" ], "timeout_seconds": { "count": 600 } }, + {{- end }}{{- /* if (not .Values.naviback.hierarchies.skipPatches) */}} "sn_import": { "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, "nodes": [ diff --git a/charts/navi-back/templates/secret.yaml b/charts/navi-back/templates/secret.yaml index 22e2f7c0e..f7a09186b 100644 --- a/charts/navi-back/templates/secret.yaml +++ b/charts/navi-back/templates/secret.yaml @@ -14,3 +14,20 @@ data: {{ $prop | quote }}: {{ $val | b64enc | quote }} {{- end }} {{- end }} +--- +{{- if .Values.routesharing.kafka.fileProperties }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "generic-chart.fullname" . }}-routesharing-secret + labels: + {{- include "generic-chart.labels" . | nindent 4 }} + {{- if .Values.labels }} + {{- toYaml .Values.labels | nindent 4 }} + {{- end }} +type: Opaque +data: + {{- range $prop, $val := .Values.routesharing.kafka.fileProperties }} + {{ $prop | quote }}: {{ $val | b64enc | quote }} + {{- end }} +{{- end }} diff --git a/charts/navi-back/values.yaml b/charts/navi-back/values.yaml index a3d41a6bf..042780d1a 100644 --- a/charts/navi-back/values.yaml +++ b/charts/navi-back/values.yaml @@ -130,6 +130,7 @@ image: # @param naviback.dump.query Dump queries in logs # @param naviback.dump.answer Dump answers in logs # @param naviback.logLevel Logging level, one of: Verbose, Info, Warning, Error, Fatal +# @param naviback.logMessageField Field name in logs for messages data. # @param naviback.indexFilename Name of the index file on Castle # @param naviback.citiesFilename Name of the cities file on Castle # @param naviback.sentry.enabled If sending crash dumps to Sentry needed @@ -216,6 +217,7 @@ image: # @param naviback.validation.isochrone.responseSchemaName Name of isochrone response validation schema # @param naviback.tilesMetricsThreshold The value at which we send tiles metrics (used for internal tests) # @param naviback.hierarchies.enabled If hierarchies cache available +# @param naviback.hierarchies.skipPatches Skip patches in hierarchies cache # @param naviback.hierarchies.s3path Hierarchies cache remote location # @param naviback.etaScheduleIndex.enabled If Schedule Index available # @param naviback.etaScheduleIndex.url Schedule Index remote url @@ -239,6 +241,7 @@ naviback: query: false answer: false logLevel: Info + logMessageField: custom.navi_msg indexFilename: index.json.zip citiesFilename: cities.conf.zip sentry: @@ -343,6 +346,7 @@ naviback: tilesMetricsThreshold: 0 hierarchies: enabled: false + skipPatches: false s3path: '' etaScheduleIndex: enabled: false @@ -606,6 +610,24 @@ dataGroup: prefix: sampleGroup timestamp: no-default +# @section Route sharing properties. Leave with defaults, FOR FUTURE RELEASE + +# @param routesharing.enabled If route sharing enabled +# @param routesharing.topic Topic to use for route sharing +# @extra routesharing.kafka.properties Properties as supported by librdkafka, see `kafka` section and comments +# @skip routesharing.kafka.properties.bootstrap.servers +# @skip routesharing.kafka.properties.security.protocol +# @param routesharing.kafka.fileProperties Properties stored in file, see `kafka` section and comments + +routesharing: + enabled: false + topic: sharing-kafka-topic + kafka: + properties: + bootstrap.servers: kafka.host:9092 + security.protocol: PLAINTEXT + fileProperties: {} + # @section License settings # @param license.url Address of the License service v2. Ex: https://license.svc From bb112bdeeab0b315509ed798e295d81474ec54cc Mon Sep 17 00:00:00 2001 From: Andrey Morozov <62840181+endryhold@users.noreply.github.com> Date: Thu, 29 Aug 2024 13:19:29 +0700 Subject: [PATCH 41/91] Chore: styleguide kafka example (#488) --- styleguide.md | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/styleguide.md b/styleguide.md index 2f13580b5..c3540f0d6 100644 --- a/styleguide.md +++ b/styleguide.md @@ -68,8 +68,21 @@ make charts/navi-back Примеры: - Не `serviceAccount.create`, а `serviceAccount.enabled`. - - [Настройки Kafka](https://github.com/documentat-alibaev/on-premise-helm-charts/blob/1f7b7d269aec9c6e265c41da3718bfc9135125a1/charts/navi-back/values.yaml#L185). - - Настройки S3: `host`, `bucket`, `accessKey`, `secretKey`. + - Настройки Kafka: + + ```yaml + kafka: + enabled: false + groupId: example_group + bootstrapServers: '' + securityProtocol: SaslPlaintext + sasl: + mechanism: ScramSha512 + username: '' + password: '' + ``` + + - Настройки S3: `host`, `bucket`, `accessKey`, `secretKey`, `region`. - Настройки PostgreSQL: `host`, `port`, `name`, `username`, `password`. - Настройки Ingress: `enabled`, `host`. Другие настройки Ingress не описываем. - horizontalPodAutoscaler - hpa From d751a56b82a3998a443b90fd3d4dd6fe5cb74174 Mon Sep 17 00:00:00 2001 From: Dmitriy Donov Date: Thu, 29 Aug 2024 13:43:26 +0700 Subject: [PATCH 42/91] WAPI-23606 catalog search config (#475) --- charts/catalog-api/README.md | 11 +++++++---- charts/catalog-api/templates/helpers.tpl | 6 ++++++ charts/catalog-api/values.yaml | 6 ++++++ 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/charts/catalog-api/README.md b/charts/catalog-api/README.md index 5ddc84781..7c89aaa00 100644 --- a/charts/catalog-api/README.md +++ b/charts/catalog-api/README.md @@ -152,10 +152,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### Search settings -| Name | Description | Value | -| ----------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `search.url` | URL of the Search service, ex: http://{search-api}.svc. This URL should be accessible from all the pods within your Kubernetes cluster. **Required** | `""` | -| `search.connectTimeout` | Timeout for connect to the Search service | `300ms` | +| Name | Description | Value | +| ------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `search.url` | URL of the Search service, ex: http://{search-api}.svc. This URL should be accessible from all the pods within your Kubernetes cluster. **Required** | `""` | +| `search.connectTimeout` | Timeout for connect to the Search service | `300ms` | +| `search.minConnections` | The minimum number connections to the Search service | `10` | +| `search.maxConnections` | The maximum number connections to the Search service | `100` | +| `search.maxOpenRequests` | The maximum number open requests to the Search service | `128` | ### Keys settings diff --git a/charts/catalog-api/templates/helpers.tpl b/charts/catalog-api/templates/helpers.tpl index e13ffc197..6e0fb6c40 100644 --- a/charts/catalog-api/templates/helpers.tpl +++ b/charts/catalog-api/templates/helpers.tpl @@ -149,6 +149,12 @@ onprem value: "{{ required "A valid .Values.search.url entry required" .Values.search.url }}" - name: CATALOG_SAPPHIRE_CONNECTION_TIMEOUT value: "{{ .Values.search.connectTimeout }}" +- name: CATALOG_SAPPHIRE_MIN_CONNECTIONS + value: "{{ .Values.search.minConnections }}" +- name: CATALOG_SAPPHIRE_MAX_CONNECTIONS + value: "{{ .Values.search.maxConnections }}" +- name: CATALOG_SAPPHIRE_MAX_OPEN_REQUESTS + value: "{{ .Values.search.maxOpenRequests }}" {{- end }} {{- define "catalog.env.keys" -}} diff --git a/charts/catalog-api/values.yaml b/charts/catalog-api/values.yaml index b6784e385..5cd1ec62a 100644 --- a/charts/catalog-api/values.yaml +++ b/charts/catalog-api/values.yaml @@ -213,10 +213,16 @@ api: # @param search.url URL of the Search service, ex: http://{search-api}.svc. This URL should be accessible from all the pods within your Kubernetes cluster. **Required** # @param search.connectTimeout Timeout for connect to the Search service +# @param search.minConnections The minimum number connections to the Search service +# @param search.maxConnections The maximum number connections to the Search service +# @param search.maxOpenRequests The maximum number open requests to the Search service search: url: '' connectTimeout: 300ms + minConnections: 10 + maxConnections: 100 + maxOpenRequests: 128 # @section Keys settings From 7f321c4a8a6dda4bdb09bd604e2e34eb94715d83 Mon Sep 17 00:00:00 2001 From: Morozov Dmitriy Date: Thu, 29 Aug 2024 10:08:10 +0300 Subject: [PATCH 43/91] DEVOPS-1348: add bicycle nginx location to navi-front (#487) --- charts/navi-front/templates/configmap-base.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/navi-front/templates/configmap-base.yaml b/charts/navi-front/templates/configmap-base.yaml index 4f089b280..9e41dee3d 100644 --- a/charts/navi-front/templates/configmap-base.yaml +++ b/charts/navi-front/templates/configmap-base.yaml @@ -51,6 +51,10 @@ data: js_content bundle.geo_coding; } + location ^~ /bicycle { + js_content bundle.geo_coding; + } + location ^~ /public_transport { js_content bundle.geo_coding; } From 3f905eadef2ac2bdce15e8e165bb62cf6829705b Mon Sep 17 00:00:00 2001 From: Dmitry Milov Date: Thu, 29 Aug 2024 15:12:57 +0700 Subject: [PATCH 44/91] Platform 0.15.0 (#483) * GEFEST-82: update platform to 0-15-0 * GEFEST-82: update pages comment --------- Co-authored-by: Milov Dmitriy --- charts/platform/Chart.yaml | 4 ++-- charts/platform/README.md | 18 ++++++++++++------ charts/platform/templates/ui/deployment.yaml | 2 ++ charts/platform/values.yaml | 11 +++++++++-- 4 files changed, 25 insertions(+), 10 deletions(-) diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index 289b38eeb..5b75142df 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -3,8 +3,8 @@ name: platform type: application description: A Helm chart for Kubernetes to deploy Platform -version: 1.26.0 -appVersion: 0.8.1 +version: 1.27.0 +appVersion: 0.15.0 maintainers: - name: 2gis diff --git a/charts/platform/README.md b/charts/platform/README.md index 7e1f4ff31..2c284a3de 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -34,16 +34,16 @@ Use this Helm chart to deploy Platform service, which is a part of 2GIS's [On-Pr | Name | Description | Value | | --------------------- | ------------------------------ | ----------------------------- | | `ui.image.repository` | Repository | `2gis-on-premise/platform-ui` | -| `ui.image.tag` | Tag | `0.8.1` | +| `ui.image.tag` | Tag | `0.15.0` | | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | ### UI service settings -| Name | Description | Value | -| ------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------ | -| `ui.appPort` | Service port. | `3000` | -| `ui.brand` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `""` | -| `ui.pages` | A list of pages available in application. Values must be written with a comma. Possible values: `"status"`, `"playground"`. E.g. "status, playground". The first page in a list is the one a user's going to be redirected to from deactivated ones. | `""` | +| Name | Description | Value | +| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------ | +| `ui.appPort` | Service port. | `3000` | +| `ui.brand` | Branding inside the app. Possible values: `"2gis"` or `"urbi"`. | `""` | +| `ui.pages` | A list of pages available in application. Values must be written with a comma. Possible values: `"status"`, `"playground", "map_styles"`. E.g. "status, playground". The first page in a list is the one a user's going to be redirected to from deactivated ones. | `""` | ### Statuses for services. A value is a string containing pairs of label and healthcheck URL for a service. Pairs must be divided with a comma. Each pair must be connected with a symbol "=", e.g. `mapgl: 'MapGL JS=https://example.com/healthcheck'`. URL must be an absolute. You can specify only one URL, e.g. `mapgl: 'https://example.com/healthcheck'`. @@ -65,6 +65,12 @@ Use this Helm chart to deploy Platform service, which is a part of 2GIS's [On-Pr | `ui.mapgl.key` | A key to the [MapGL JS API](https://docs.2gis.com/en/on-premise/map) service. | `""` | | `ui.mapgl.initCenter` | Optional default map coordinates. Contains of two numbers in an array: `[lon,lat]` (e.g., `"[55.27,25.2]"` stands for Dubai, `"[37.64,55.74]"` — for Moscow). | `""` | +### Map styles API settings + +| Name | Description | Value | +| ------------------ | ---------------------- | ----- | +| `ui.mapStyles.url` | URL to Map Styles API. | `""` | + ### Search API settings | Name | Description | Value | diff --git a/charts/platform/templates/ui/deployment.yaml b/charts/platform/templates/ui/deployment.yaml index f08782d63..d1d080e22 100644 --- a/charts/platform/templates/ui/deployment.yaml +++ b/charts/platform/templates/ui/deployment.yaml @@ -75,6 +75,8 @@ spec: value: {{ .Values.ui.navi.url | quote }} - name: NAVI_API_KEY value: {{ .Values.ui.navi.key | quote }} + - name: MAP_STYLES_API_URL + value: {{ .Values.ui.mapStyles.url | quote }} - name: MAPGL_URL value: {{ .Values.ui.mapgl.url | quote }} - name: MAPGL_SCRIPT_PATH diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 09fca33d7..0d471ae2f 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -39,7 +39,7 @@ ui: image: repository: 2gis-on-premise/platform-ui - tag: 0.8.1 + tag: 0.15.0 # @section UI service settings @@ -49,7 +49,7 @@ ui: # @param ui.brand Branding inside the app. Possible values: `"2gis"` or `"urbi"`. # @skip ui.defaultLocale - # @param ui.pages A list of pages available in application. Values must be written with a comma. Possible values: `"status"`, `"playground"`. E.g. "status, playground". The first page in a list is the one a user's going to be redirected to from deactivated ones. + # @param ui.pages A list of pages available in application. Values must be written with a comma. Possible values: `"status"`, `"playground", "map_styles"`. E.g. "status, playground". The first page in a list is the one a user's going to be redirected to from deactivated ones. # @skip ui.googleAnalyticsId # @skip ui.googleTagManagerId @@ -89,6 +89,13 @@ ui: key: '' initCenter: '' + # @section Map styles API settings + + # @param ui.mapStyles.url URL to Map Styles API. + + mapStyles: + url: '' + # @section Search API settings # @param ui.catalog.url URL for [Search API](https://docs.2gis.com/en/on-premise/search). From 2c1adcfc110d69d34c30a09ea99cfecbcc721bfb Mon Sep 17 00:00:00 2001 From: Dmitry Nischeta <55282960+dnischeta@users.noreply.github.com> Date: Thu, 29 Aug 2024 11:46:32 +0300 Subject: [PATCH 45/91] TILES-6466 mapgl-js-api: add styles server vars (#469) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * mapgl-js-api: add styles server vars * Apply suggestions from code review Co-authored-by: Michel Beloshitsky * Link readme * Use mapgl-api 1.50.0 * Update mapgl --------- Co-authored-by: Нищета Дмитрий Антонович Co-authored-by: Michel Beloshitsky Co-authored-by: Igor Sheykin <49325415+Ashigo@users.noreply.github.com> --- charts/mapgl-js-api/Chart.yaml | 2 +- charts/mapgl-js-api/README.md | 3 +++ charts/mapgl-js-api/templates/deployment.yaml | 8 ++++++-- charts/mapgl-js-api/values.yaml | 6 ++++++ 4 files changed, 16 insertions(+), 3 deletions(-) diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index 4f5271b7b..673e51796 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -5,7 +5,7 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application version: 1.26.0 -appVersion: 1.49.0 +appVersion: 1.50.1 maintainers: - name: 2gis diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index d0d35d488..d468a7c81 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -59,6 +59,9 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | | `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service. | `https://traffic-proxy.ingress.host` | | `env.MAPGL_FLOORSSERVER` | URL of the Floors API service. | `https://floors-api.ingress.host` | +| `env.MAPGL_STYLESERVER` | URL of the Styles API service. | `https://styles.ingress.host` | +| `env.MAPGL_ICONSPATH` | URL of the icons directory. | `https://styles.ingress.host/styles/assets/icons` | +| `env.MAPGL_MODELSPATH` | URL of the models directory. | `https://styles.ingress.host/styles/assets/models` | | `env.MAPGL_KEYSERVER` | URL of the API Keys service. | `https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api` | | `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support. | `https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js` | | `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | diff --git a/charts/mapgl-js-api/templates/deployment.yaml b/charts/mapgl-js-api/templates/deployment.yaml index 7edbd4512..bb022bb84 100644 --- a/charts/mapgl-js-api/templates/deployment.yaml +++ b/charts/mapgl-js-api/templates/deployment.yaml @@ -55,8 +55,12 @@ spec: value: "{{ .Values.env.MAPGL_TRAFFICSERVER }}" - name: MAPGL_FLOORSSERVER value: "{{ .Values.env.MAPGL_FLOORSSERVER }}" - - name: MAPGL_FLOORSSERVER_HOST - value: "{{ .Values.env.MAPGL_FLOORSSERVER }}" + - name: MAPGL_STYLESERVER + value: "{{ .Values.env.MAPGL_STYLESERVER }}" + - name: MAPGL_ICONSPATH + value: "{{ .Values.env.MAPGL_ICONSPATH }}" + - name: MAPGL_MODELSPATH + value: "{{ .Values.env.MAPGL_MODELSPATH }}" - name: MAPGL_KEYSERVER value: "{{ .Values.env.MAPGL_KEYSERVER }}" - name: MAPGL_RTLPLUGIN diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index 704b1e52e..30fd93e24 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -51,6 +51,9 @@ image: # @param env.MAPGL_IMMERSIVE_TILESET Additional immersive tileset of the Tiles API service to use. # @param env.MAPGL_TRAFFICSERVER Domain name of the Traffic Proxy service. # @param env.MAPGL_FLOORSSERVER URL of the Floors API service. +# @param env.MAPGL_STYLESERVER URL of the Styles API service. +# @param env.MAPGL_ICONSPATH URL of the icons directory. +# @param env.MAPGL_MODELSPATH URL of the models directory. # @param env.MAPGL_KEYSERVER URL of the API Keys service. # @param env.MAPGL_RTLPLUGIN URL of the plugin for right-to-left languages support. # @param env.MAPGL_RTLPLUGINHASH SHA512 hash of the RTL plugin. @@ -64,6 +67,9 @@ env: MAPGL_IMMERSIVE_TILESET: web_immersive MAPGL_TRAFFICSERVER: https://traffic-proxy.ingress.host MAPGL_FLOORSSERVER: https://floors-api.ingress.host + MAPGL_STYLESERVER: https://styles.ingress.host + MAPGL_ICONSPATH: https://styles.ingress.host/styles/assets/icons + MAPGL_MODELSPATH: https://styles.ingress.host/styles/assets/models MAPGL_KEYSERVER: https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api MAPGL_RTLPLUGIN: https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js MAPGL_RTLPLUGINHASH: sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA== From 32ad384a06c0a0cb3f0c6e31ccb305558756ac58 Mon Sep 17 00:00:00 2001 From: Dmitriy Donov Date: Thu, 29 Aug 2024 16:27:18 +0700 Subject: [PATCH 46/91] =?UTF-8?q?WAPI-23337=20=D0=98=D0=BD=D1=82=D0=B5?= =?UTF-8?q?=D0=B3=D1=80=D0=B0=D1=86=D0=B8=D1=8F=20catalog=20api=20=D1=81?= =?UTF-8?q?=20=D1=81=D0=B5=D1=80=D0=B2=D0=B8=D1=81=D0=BE=D0=BC=20license?= =?UTF-8?q?=20v2=20(#486)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Breaking-Changes.md | 5 ++++- charts/catalog-api/Chart.yaml | 2 +- charts/catalog-api/README.md | 8 ++++---- charts/catalog-api/values.yaml | 2 +- 4 files changed, 10 insertions(+), 7 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index d62beda9f..dbc80da29 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -2,6 +2,10 @@ ## [1.27.0] +### catalog-api +- Backward compatibility with `license` versions before `2.0.0` (on-premise version `1.8.0`) is broken. +- License v2 over HTTPS is required. + ### PRO - ui.strategy renamed to strategy - ui.image renamed to image @@ -23,7 +27,6 @@ - ui.resources renamed to resources - ui.hpa renamed to hpa - ## [1.26.0] ### citylens diff --git a/charts/catalog-api/Chart.yaml b/charts/catalog-api/Chart.yaml index 1bd6396a8..8375a7166 100644 --- a/charts/catalog-api/Chart.yaml +++ b/charts/catalog-api/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Catalog APIs version: 1.26.0 -appVersion: 3.619.0 +appVersion: 3.625.0 maintainers: - name: 2gis diff --git a/charts/catalog-api/README.md b/charts/catalog-api/README.md index 7c89aaa00..1fbf4767f 100644 --- a/charts/catalog-api/README.md +++ b/charts/catalog-api/README.md @@ -176,10 +176,10 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### License settings -| Name | Description | Value | -| ------------------------ | ---------------------------------------------------------------------- | ----- | -| `license.url` | Address of the License service v1. Ex: http://license.svc **Required** | `""` | -| `license.requestTimeout` | Timeout for requests to the License service | `1s` | +| Name | Description | Value | +| ------------------------ | ----------------------------------------------------------------------- | ----- | +| `license.url` | Address of the License service v2. Ex: https://license.svc **Required** | `""` | +| `license.requestTimeout` | Timeout for requests to the License service | `1s` | ### Kubernetes Importer job settings diff --git a/charts/catalog-api/values.yaml b/charts/catalog-api/values.yaml index 5cd1ec62a..1dd2004f3 100644 --- a/charts/catalog-api/values.yaml +++ b/charts/catalog-api/values.yaml @@ -250,7 +250,7 @@ keys: # @section License settings -# @param license.url Address of the License service v1. Ex: http://license.svc **Required** +# @param license.url Address of the License service v2. Ex: https://license.svc **Required** # @param license.requestTimeout Timeout for requests to the License service license: From c419601be03c841cf799c0cb6dff39d95ebbf7f6 Mon Sep 17 00:00:00 2001 From: dbelyaev-nsk Date: Fri, 30 Aug 2024 11:53:16 +0700 Subject: [PATCH 47/91] fix pro-ui values --- charts/pro-ui/values.yaml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index e95605fe1..828219900 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -212,17 +212,10 @@ ingress: enabled: false className: nginx hosts: -<<<<<<< HEAD - - host: pro-ui.example.com - paths: - - path: / - pathType: Prefix -======= - host: pro-ui.example.com paths: - path: / pathType: Prefix ->>>>>>> origin/master tls: [] # - hosts: # - pro-ui.example.com From 5f09f13964d2ef6a829bda69d5d3acb26405b60b Mon Sep 17 00:00:00 2001 From: vgivanov Date: Fri, 6 Sep 2024 21:11:16 +0700 Subject: [PATCH 48/91] [navi-async-matrix] netloc must start with scheme (#477) --- Breaking-Changes.md | 6 ++++++ charts/navi-async-matrix/README.md | 16 ++++++++-------- .../navi-async-matrix/templates/statefulset.yaml | 7 +++++++ charts/navi-async-matrix/values.yaml | 6 +++--- 4 files changed, 24 insertions(+), 11 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 43ae87fc0..c94b8761b 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,5 +1,11 @@ # 2GIS On-Premise Breaking-Changes +## [#.#.#] + +### navi-async-matric + +- `s3.publicNetloc` now MUST start with `http://` or `https://` scheme + ## [1.27.0] ### catalog-api diff --git a/charts/navi-async-matrix/README.md b/charts/navi-async-matrix/README.md index 2eb3fae42..5d2d7fd7d 100644 --- a/charts/navi-async-matrix/README.md +++ b/charts/navi-async-matrix/README.md @@ -52,7 +52,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation/distance- | Name | Description | Value | | ------------------ | ----------- | ----------------------------------- | | `image.repository` | Repository | `2gis-on-premise/navi-async-matrix` | -| `image.tag` | Tag | `1.10.3` | +| `image.tag` | Tag | `1.11.2` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Service account settings @@ -187,13 +187,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation/distance- ### S3-compatible storage settings -| Name | Description | Value | -| ----------------- | ----------------------------------------------------------------- | ----- | -| `s3.host` | S3 endpoint URL, ex: http://async-matrix-s3.host. **Required** | `""` | -| `s3.bucket` | S3 bucket name. **Required** | `""` | -| `s3.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | -| `s3.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | -| `s3.publicNetloc` | Announce proxy URL for S3 results instead of s3.url if not empty. | `nil` | +| Name | Description | Value | +| ----------------- | ---------------------------------------------------------------------------------------------- | ----- | +| `s3.host` | S3 endpoint URL, ex: http://async-matrix-s3.host. **Required** | `""` | +| `s3.bucket` | S3 bucket name. **Required** | `""` | +| `s3.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | +| `s3.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | +| `s3.publicNetloc` | Announce proxy URL for S3 results instead of s3.url if not empty. Must start with `http(s)://` | `""` | ### API keys service diff --git a/charts/navi-async-matrix/templates/statefulset.yaml b/charts/navi-async-matrix/templates/statefulset.yaml index 54e4f885f..d02897f01 100644 --- a/charts/navi-async-matrix/templates/statefulset.yaml +++ b/charts/navi-async-matrix/templates/statefulset.yaml @@ -177,7 +177,14 @@ spec: - name: DM_ASYNC_SERVICE_LOGGER_SETTING__LEVEL value: {{ .Values.dm.logLevel | quote }} {{- if .Values.s3.publicNetloc }} + # DM_ASYNC_SERVICE_STORAGE_SETTING__S3_PUBLIC_NETLOC for < 1.11.0 + # DM_ASYNC_SERVICE_STORAGE_SETTING__S3_PUBLIC_NETLOC_URL for >= 1.11.0 - name: DM_ASYNC_SERVICE_STORAGE_SETTING__S3_PUBLIC_NETLOC + value: {{ regexReplaceAllLiteral "^https?://" .Values.s3.publicNetloc "" | quote }} + {{- if not (regexMatch "^https?://" .Values.s3.publicNetloc) }} + {{- fail "s3.publicNetLoc must start with the scheme: `://[/]`" }} + {{- end }} + - name: DM_ASYNC_SERVICE_STORAGE_SETTING__S3_PUBLIC_NETLOC_URL value: {{ .Values.s3.publicNetloc | quote }} {{- end }} - name: DM_ASYNC_SERVICE_KAFKA_CONSUMER_SETTING__KAFKA_CONSUMER_TASK_TOPIC diff --git a/charts/navi-async-matrix/values.yaml b/charts/navi-async-matrix/values.yaml index e169b40ff..4d3ca0cf0 100644 --- a/charts/navi-async-matrix/values.yaml +++ b/charts/navi-async-matrix/values.yaml @@ -51,7 +51,7 @@ prometheusEnabled: true image: repository: 2gis-on-premise/navi-async-matrix pullPolicy: IfNotPresent - tag: 1.10.3 + tag: 1.11.2 # @section Service account settings @@ -363,14 +363,14 @@ kafka: # @param s3.bucket S3 bucket name. **Required** # @param s3.accessKey S3 access key for accessing the bucket. **Required** # @param s3.secretKey S3 secret key for accessing the bucket. **Required** -# @param s3.publicNetloc Announce proxy URL for S3 results instead of s3.url if not empty. +# @param s3.publicNetloc Announce proxy URL for S3 results instead of s3.url if not empty. Must start with `http(s)://` s3: host: '' bucket: '' accessKey: '' secretKey: '' - publicNetloc: + publicNetloc: '' # @skip bss.enabled # @skip bss.url From 006459927f2c8ccb08da671a5b7b208a45a78f53 Mon Sep 17 00:00:00 2001 From: uk-navi-ci <161344134+uk-navi-ci@users.noreply.github.com> Date: Mon, 9 Sep 2024 14:10:55 +0300 Subject: [PATCH 49/91] [chart/navi-back] chart syncup (#493) --- charts/navi-back/Chart.yaml | 2 +- charts/navi-back/README.md | 7 ++++--- charts/navi-back/templates/configmap.yaml | 10 ++++++---- charts/navi-back/values.yaml | 8 +++++--- 4 files changed, 16 insertions(+), 11 deletions(-) diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index dabd23c40..1a7c01292 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -7,7 +7,7 @@ keywords: - back - backend version: 1.27.0 -appVersion: 7.25.0.3 +appVersion: 7.27.1.2 dependencies: - name: generic-chart version: '*' diff --git a/charts/navi-back/README.md b/charts/navi-back/README.md index 68fb79abe..b17180c99 100644 --- a/charts/navi-back/README.md +++ b/charts/navi-back/README.md @@ -78,7 +78,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | Name | Description | Value | | ------------------ | ----------- | --------------------------- | | `image.repository` | Repository | `2gis-on-premise/navi-back` | -| `image.tag` | Tag | `7.25.0.3` | +| `image.tag` | Tag | `7.27.1.2` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Navi-Back application settings @@ -161,8 +161,9 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `naviback.validation.isochrone.requestSchemaName` | Name of isochrone request validation schema | `IsochroneApiRequestModel.json` | | `naviback.validation.isochrone.responseSchemaName` | Name of isochrone response validation schema | `IsochroneApiResponseModel.json` | | `naviback.tilesMetricsThreshold` | The value at which we send tiles metrics (used for internal tests) | `0` | -| `naviback.hierarchies.enabled` | If hierarchies cache available | `false` | -| `naviback.hierarchies.skipPatches` | Skip patches in hierarchies cache | `false` | +| `naviback.hierarchies.enabled` | If SN cache available | `false` | +| `naviback.hierarchies.skipPatches` | Skip patches in hierarchies cache, ignored if skipShortcuts set | `false` | +| `naviback.hierarchies.skipShortcuts` | Skip shortcuts in SN cache | `false` | | `naviback.hierarchies.s3path` | Hierarchies cache remote location | `""` | | `naviback.etaScheduleIndex.enabled` | If Schedule Index available | `false` | | `naviback.etaScheduleIndex.url` | Schedule Index remote url | `""` | diff --git a/charts/navi-back/templates/configmap.yaml b/charts/navi-back/templates/configmap.yaml index 3295e00e7..db82430ab 100644 --- a/charts/navi-back/templates/configmap.yaml +++ b/charts/navi-back/templates/configmap.yaml @@ -576,11 +576,12 @@ data: }, {{- end }}{{- /* if .Values.naviback.rtr.enabled */}} {{- if .Values.naviback.hierarchies.enabled }} + {{- if (not .Values.naviback.hierarchies.skipShortcuts) }} "hierarchies": { "use_hierarchy": true, - {{- if (not .Values.naviback.hierarchies.skipPatches) }} + {{- if (not .Values.naviback.hierarchies.skipPatches) }} "patches_file_name": "{PATCHES_PATH}", - {{- end }}{{- /* if (not .Values.naviback.hierarchies.skipPatches) */}} + {{- end }}{{- /* if (not .Values.naviback.hierarchies.skipPatches) */}} "graphs_file_name": "{SHORTCUT_PATH}" }, "hierarchy_shortcuts": { @@ -592,7 +593,7 @@ data: "count": 600 } }, - {{- if (not .Values.naviback.hierarchies.skipPatches) }} + {{- if (not .Values.naviback.hierarchies.skipPatches) }} "hierarchy_patches": { "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, "nodes": [ @@ -602,7 +603,8 @@ data: "count": 600 } }, - {{- end }}{{- /* if (not .Values.naviback.hierarchies.skipPatches) */}} + {{- end }}{{- /* if (not .Values.naviback.hierarchies.skipPatches) */}} + {{- end }}{{- /* (not .Values.naviback.hierarchies.skipShortcuts) */}} "sn_import": { "update_period": {{ .Values.naviback.disableUpdates | ternary 604800 600 }}, "nodes": [ diff --git a/charts/navi-back/values.yaml b/charts/navi-back/values.yaml index 042780d1a..ad7dcc950 100644 --- a/charts/navi-back/values.yaml +++ b/charts/navi-back/values.yaml @@ -106,7 +106,7 @@ args: [] image: repository: 2gis-on-premise/navi-back pullPolicy: IfNotPresent - tag: 7.25.0.3 + tag: 7.27.1.2 # @section Navi-Back application settings @@ -216,8 +216,9 @@ image: # @param naviback.validation.isochrone.requestSchemaName Name of isochrone request validation schema # @param naviback.validation.isochrone.responseSchemaName Name of isochrone response validation schema # @param naviback.tilesMetricsThreshold The value at which we send tiles metrics (used for internal tests) -# @param naviback.hierarchies.enabled If hierarchies cache available -# @param naviback.hierarchies.skipPatches Skip patches in hierarchies cache +# @param naviback.hierarchies.enabled If SN cache available +# @param naviback.hierarchies.skipPatches Skip patches in hierarchies cache, ignored if skipShortcuts set +# @param naviback.hierarchies.skipShortcuts Skip shortcuts in SN cache # @param naviback.hierarchies.s3path Hierarchies cache remote location # @param naviback.etaScheduleIndex.enabled If Schedule Index available # @param naviback.etaScheduleIndex.url Schedule Index remote url @@ -347,6 +348,7 @@ naviback: hierarchies: enabled: false skipPatches: false + skipShortcuts: false s3path: '' etaScheduleIndex: enabled: false From e5417c89075102580543a38451158935fd9b4ce4 Mon Sep 17 00:00:00 2001 From: ostrovskiy2gis <108522609+ostrovskiy2gis@users.noreply.github.com> Date: Wed, 11 Sep 2024 07:15:01 +0300 Subject: [PATCH 50/91] Upgrade version of platform UI to 0.15.1 (#491) --- charts/platform/Chart.yaml | 2 +- charts/platform/README.md | 2 +- charts/platform/values.yaml | 2 +- image_versions.txt | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index 5b75142df..9f6515b8c 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Platform version: 1.27.0 -appVersion: 0.15.0 +appVersion: 0.15.1 maintainers: - name: 2gis diff --git a/charts/platform/README.md b/charts/platform/README.md index 2c284a3de..ab726bebc 100644 --- a/charts/platform/README.md +++ b/charts/platform/README.md @@ -34,7 +34,7 @@ Use this Helm chart to deploy Platform service, which is a part of 2GIS's [On-Pr | Name | Description | Value | | --------------------- | ------------------------------ | ----------------------------- | | `ui.image.repository` | Repository | `2gis-on-premise/platform-ui` | -| `ui.image.tag` | Tag | `0.15.0` | +| `ui.image.tag` | Tag | `0.15.1` | | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | ### UI service settings diff --git a/charts/platform/values.yaml b/charts/platform/values.yaml index 0d471ae2f..de158a1a9 100644 --- a/charts/platform/values.yaml +++ b/charts/platform/values.yaml @@ -39,7 +39,7 @@ ui: image: repository: 2gis-on-premise/platform-ui - tag: 0.15.0 + tag: 0.15.1 # @section UI service settings diff --git a/image_versions.txt b/image_versions.txt index dda4f5c62..bb95825d7 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -50,7 +50,7 @@ navi-router navi-splitter navi-splitter:1.0.1 platform - platform-ui:0.15.0 + platform-ui:0.15.1 pro-api pro-api:1.35.0 pro-importer:1.35.0 From 92f75e8b04246aeaf04aaf8e6b558991dd1c29ae Mon Sep 17 00:00:00 2001 From: Igor Sheykin <49325415+Ashigo@users.noreply.github.com> Date: Wed, 11 Sep 2024 09:19:40 +0500 Subject: [PATCH 51/91] Mapgl styles default urls fix (#494) * style urls fix * update default values and description * update readme * defined mapgl_demo_key --- charts/mapgl-js-api/README.md | 31 ++++++++++++------------- charts/mapgl-js-api/values.yaml | 40 ++++++++++++++++----------------- 2 files changed, 36 insertions(+), 35 deletions(-) diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index 171837548..ecfccfd84 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -51,21 +51,22 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: ### Environment variables -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| `env.MAPGL_HOST` | URL for MapGL JS API service. | `https://mapgl-api.ingress.host` | -| `env.MAPGL_TILES_API` | URL of the Tiles API service. | `https://tiles-api.ingress.host` | -| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | -| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | -| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service. | `https://traffic-proxy.ingress.host` | -| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service. | `https://floors-api.ingress.host` | -| `env.MAPGL_STYLESERVER` | URL of the Styles API service. | `https://styles.ingress.host` | -| `env.MAPGL_ICONSPATH` | URL of the icons directory. | `https://styles.ingress.host/styles/assets/icons` | -| `env.MAPGL_MODELSPATH` | URL of the models directory. | `https://styles.ingress.host/styles/assets/models` | -| `env.MAPGL_KEYSERVER` | URL of the API Keys service. | `https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api` | -| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support. | `https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js` | -| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | -| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| `env.MAPGL_DEMO_KEY` | token from 'keys-api' service. Defines access for map through MAPGL_HOST. | `""` | +| `env.MAPGL_HOST` | URL for MapGL JS API service, e.g. 'https://mapgl-api.ingress.host' | `""` | +| `env.MAPGL_TILES_API` | URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' | `""` | +| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | +| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | +| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `""` | +| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service, e.g. 'https://floors-api.ingress.host' | `""` | +| `env.MAPGL_STYLESERVER` | URL of the Styles API service, e.g. 'https://styles.ingress.host' | `""` | +| `env.MAPGL_ICONSPATH` | URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' | `""` | +| `env.MAPGL_MODELSPATH` | URL of the models directory, e.g. 'https://styles.ingress.host/styles/assets/models' | `""` | +| `env.MAPGL_KEYSERVER` | URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' | `""` | +| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' | `""` | +| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | +| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | ### Strategy settings diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index d66ac2716..57ce17181 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -44,34 +44,34 @@ image: # @section Environment variables -# @skip env.MAPGL_DEMO_KEY -# @param env.MAPGL_HOST URL for MapGL JS API service. -# @param env.MAPGL_TILES_API URL of the Tiles API service. +# @param env.MAPGL_DEMO_KEY token from 'keys-api' service. Defines access for map through MAPGL_HOST. +# @param env.MAPGL_HOST URL for MapGL JS API service, e.g. 'https://mapgl-api.ingress.host' +# @param env.MAPGL_TILES_API URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' # @param env.MAPGL_TILESET Tileset of the Tiles API service to use. # @param env.MAPGL_IMMERSIVE_TILESET Additional immersive tileset of the Tiles API service to use. -# @param env.MAPGL_TRAFFICSERVER Domain name of the Traffic Proxy service. -# @param env.MAPGL_FLOORSSERVER URL of the Floors API service. -# @param env.MAPGL_STYLESERVER URL of the Styles API service. -# @param env.MAPGL_ICONSPATH URL of the icons directory. -# @param env.MAPGL_MODELSPATH URL of the models directory. -# @param env.MAPGL_KEYSERVER URL of the API Keys service. -# @param env.MAPGL_RTLPLUGIN URL of the plugin for right-to-left languages support. +# @param env.MAPGL_TRAFFICSERVER Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' +# @param env.MAPGL_FLOORSSERVER URL of the Floors API service, e.g. 'https://floors-api.ingress.host' +# @param env.MAPGL_STYLESERVER URL of the Styles API service, e.g. 'https://styles.ingress.host' +# @param env.MAPGL_ICONSPATH URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' +# @param env.MAPGL_MODELSPATH URL of the models directory, e.g. 'https://styles.ingress.host/styles/assets/models' +# @param env.MAPGL_KEYSERVER URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' +# @param env.MAPGL_RTLPLUGIN URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' # @param env.MAPGL_RTLPLUGINHASH SHA512 hash of the RTL plugin. # @param env.MAPGL_INVALID_KEY_MESSAGE Custom error message for invalid MapGL key. env: - MAPGL_DEMO_KEY: empty - MAPGL_HOST: https://mapgl-api.ingress.host - MAPGL_TILES_API: https://tiles-api.ingress.host + MAPGL_DEMO_KEY: '' + MAPGL_HOST: '' + MAPGL_TILES_API: '' MAPGL_TILESET: web MAPGL_IMMERSIVE_TILESET: web_immersive - MAPGL_TRAFFICSERVER: https://traffic-proxy.ingress.host - MAPGL_FLOORSSERVER: https://floors-api.ingress.host - MAPGL_STYLESERVER: https://styles.ingress.host - MAPGL_ICONSPATH: https://styles.ingress.host/styles/assets/icons - MAPGL_MODELSPATH: https://styles.ingress.host/styles/assets/models - MAPGL_KEYSERVER: https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api - MAPGL_RTLPLUGIN: https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js + MAPGL_TRAFFICSERVER: '' + MAPGL_FLOORSSERVER: '' + MAPGL_STYLESERVER: '' + MAPGL_ICONSPATH: '' + MAPGL_MODELSPATH: '' + MAPGL_KEYSERVER: '' + MAPGL_RTLPLUGIN: '' MAPGL_RTLPLUGINHASH: sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA== MAPGL_INVALID_KEY_MESSAGE: Your MapGL key is invalid. Please contact support to get valid key. From 3934dd7b6a0e32ca002617b6b6249583fb2a211f Mon Sep 17 00:00:00 2001 From: Voronkov Alexander Date: Wed, 11 Sep 2024 11:23:04 +0300 Subject: [PATCH 52/91] [keys-api] empty default values (#499) --- charts/keys/README.md | 20 ++++++++++---------- charts/keys/values.yaml | 4 ++-- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/charts/keys/README.md b/charts/keys/README.md index eead4f481..7995d7c67 100644 --- a/charts/keys/README.md +++ b/charts/keys/README.md @@ -238,16 +238,16 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about ### Deployment Artifacts Storage settings -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `dgctlStorage.host` | S3 endpoint. Format: `host:port`. **Required** | `""` | -| `dgctlStorage.region` | S3 region name. | `""` | -| `dgctlStorage.secure` | Set to `true` if dgctlStorage.host must be accessed via https. **Required** | `false` | -| `dgctlStorage.verifySsl` | Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required** | `true` | -| `dgctlStorage.bucket` | S3 bucket name. | `keys` | -| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | -| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | -| `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`
This file contains the description of pieces of data that the service requires to operate. | `manifest.json` | +| Name | Description | Value | +| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `dgctlStorage.host` | S3 endpoint. Format: `host:port`. **Required** | `""` | +| `dgctlStorage.region` | S3 region name. | `""` | +| `dgctlStorage.secure` | Set to `true` if dgctlStorage.host must be accessed via https. **Required** | `false` | +| `dgctlStorage.verifySsl` | Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required** | `true` | +| `dgctlStorage.bucket` | S3 bucket name. | `""` | +| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | +| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | +| `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`
This file contains the description of pieces of data that the service requires to operate. | `""` | ### Limits diff --git a/charts/keys/values.yaml b/charts/keys/values.yaml index ef70f0827..4fd7c3b0d 100644 --- a/charts/keys/values.yaml +++ b/charts/keys/values.yaml @@ -531,10 +531,10 @@ dgctlStorage: region: '' secure: false verifySsl: true - bucket: keys + bucket: '' accessKey: '' secretKey: '' - manifest: manifest.json + manifest: '' # @section Limits From 3a2e92a0ae6713654d0b1c39bcc3b647b4ffe3d4 Mon Sep 17 00:00:00 2001 From: Pavel Gopanenko Date: Wed, 11 Sep 2024 16:11:08 +0700 Subject: [PATCH 53/91] WAPI-23578 Styles API (#482) * WAPI-23578 Styles API * WAPI-23578 Remove configurable s3 bucket for styles * Revert "WAPI-23578 Remove configurable s3 bucket for styles" This reverts commit f7f3e6f75715080c2bb93dc973d8da120242ecb0. * Styles API version as 1.0.0 * Add missiong secrets deploy annotations * Increase ingress default body size, remove useless worker disable * Fix ingress values annotations * Disable ingress nginx params * Use secret in jobs deploy * Worker as deployment * Set default nginx ingress body size * Set actual Styles API release version * Fix notes Twins mension * fix initialDelaySeconds for worker * No useless peristent volume * rename endpoint to host, update descriptions * fix required * fix readme --------- Co-authored-by: Gopanenko Pavel Co-authored-by: Igor Sheykin --- charts/styles-api/Chart.yaml | 12 + charts/styles-api/README.md | 145 ++++++++++ charts/styles-api/templates/NOTES.txt | 10 + charts/styles-api/templates/_helpers.tpl | 211 +++++++++++++++ .../styles-api/templates/api/deployment.yaml | 81 ++++++ charts/styles-api/templates/api/hpa.yaml | 39 +++ charts/styles-api/templates/api/ingress.yaml | 39 +++ charts/styles-api/templates/api/service.yaml | 21 ++ .../templates/configmap-deploys.yaml | 11 + .../styles-api/templates/configmap-jobs.yaml | 15 + charts/styles-api/templates/migrate/job.yaml | 51 ++++ .../styles-api/templates/secret-deploys.yaml | 11 + charts/styles-api/templates/secret-post.yaml | 15 + charts/styles-api/templates/secret-pre.yaml | 15 + .../templates/worker/deployment.yaml | 72 +++++ charts/styles-api/values.yaml | 256 ++++++++++++++++++ .../twins-api/templates/api/deployment.yaml | 2 +- charts/twins-api/templates/migrate/job.yaml | 2 +- 18 files changed, 1006 insertions(+), 2 deletions(-) create mode 100644 charts/styles-api/Chart.yaml create mode 100644 charts/styles-api/README.md create mode 100644 charts/styles-api/templates/NOTES.txt create mode 100644 charts/styles-api/templates/_helpers.tpl create mode 100644 charts/styles-api/templates/api/deployment.yaml create mode 100644 charts/styles-api/templates/api/hpa.yaml create mode 100644 charts/styles-api/templates/api/ingress.yaml create mode 100644 charts/styles-api/templates/api/service.yaml create mode 100644 charts/styles-api/templates/configmap-deploys.yaml create mode 100644 charts/styles-api/templates/configmap-jobs.yaml create mode 100644 charts/styles-api/templates/migrate/job.yaml create mode 100644 charts/styles-api/templates/secret-deploys.yaml create mode 100644 charts/styles-api/templates/secret-post.yaml create mode 100644 charts/styles-api/templates/secret-pre.yaml create mode 100644 charts/styles-api/templates/worker/deployment.yaml create mode 100644 charts/styles-api/values.yaml diff --git a/charts/styles-api/Chart.yaml b/charts/styles-api/Chart.yaml new file mode 100644 index 000000000..f12a280c2 --- /dev/null +++ b/charts/styles-api/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v2 +name: styles-api +type: application +description: A Helm chart for Kubernetes to deploy API Styles service + +version: 1.26.0 +appVersion: 0.30.0 + +maintainers: + - name: 2gis + url: https://github.com/2gis + email: on-premise@2gis.com diff --git a/charts/styles-api/README.md b/charts/styles-api/README.md new file mode 100644 index 000000000..369384373 --- /dev/null +++ b/charts/styles-api/README.md @@ -0,0 +1,145 @@ +# 2GIS API Styles service + +Use this Helm chart to deploy API Styles service, which is a part of 2GIS's [On-Premise solution](https://docs.2gis.com/en/on-premise/overview). + +> **Note:** +> +> All On-Premise services are beta, and under development. + +## Values + +### Docker Registry settings + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------- | ----- | +| `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. | `""` | + +### Common settings + +| Name | Description | Value | +| ------------------ | --------------------------------------------------------------------------------------------- | ---------------------------- | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `imagePullPolicy` | Image [pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) | `IfNotPresent` | +| `image.repository` | Styles API service image repository. | `2gis-on-premise/styles-api` | +| `image.tag` | Styles API service image tag. | `1.0.0` | + +### API service settings + +| Name | Description | Value | +| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | +| `api.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `api.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | +| `api.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | +| `api.replicas` | A replica count for the pod. | `1` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | + +### api.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** + +| Name | Description | Value | +| --------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------- | +| `api.resources.requests.cpu` | A CPU request. | `50m` | +| `api.resources.requests.memory` | A memory request. | `128Mi` | +| `api.resources.limits.cpu` | A CPU limit. | `1` | +| `api.resources.limits.memory` | A memory limit. | `256Mi` | +| `api.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `api.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `api.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `api.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | Service port. | `80` | +| `api.ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `api.ingress.className` | Name of the Ingress controller class. | `nginx` | +| `api.ingress.annotations.nginx.ingress.kubernetes.io/proxy-body-size` | Max body size. [Ingress Nginx](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-max-body-size). | `{"nginx.ingress.kubernetes.io/proxy-body-size":"100mb"}` | +| `api.ingress.hosts[0].host` | Hostname for the Ingress service. | `styles.example.com` | +| `api.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `api.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `api.ingress.tls` | TLS configuration | `[]` | +| `api.hpa.enabled` | If HPA is enabled for the service. | `false` | +| `api.hpa.minReplicas` | Lower limit for the number of replicas to which the autoscaler can scale down. | `1` | +| `api.hpa.maxReplicas` | Upper limit for the number of replicas to which the autoscaler can scale up. | `2` | +| `api.hpa.scaleDownStabilizationWindowSeconds` | Scale-down window. | `""` | +| `api.hpa.scaleUpStabilizationWindowSeconds` | Scale-up window. | `""` | +| `api.hpa.targetCPUUtilizationPercentage` | Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used. | `80` | +| `api.hpa.targetMemoryUtilizationPercentage` | Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used. | `""` | + +### Worker service settings + +| Name | Description | Value | +| ---------------------------- | ---------------------------------------- | ----- | +| `worker.initialDelaySeconds` | Delay in seconds at the service startup. | `5` | + +### worker.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** + +| Name | Description | Value | +| ---------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | ------- | +| `worker.resources.requests.cpu` | A CPU request. | `50m` | +| `worker.resources.requests.memory` | A memory request. | `128Mi` | +| `worker.resources.limits.cpu` | A CPU limit. | `1` | +| `worker.resources.limits.memory` | A memory limit. | `256Mi` | +| `worker.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `worker.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `worker.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `worker.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `worker.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | + +### Migrate service settings + +| Name | Description | Value | +| ----------------------------- | ---------------------------------------- | ----- | +| `migrate.initialDelaySeconds` | Delay in seconds at the service startup. | `5` | + +### migrate.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** + +| Name | Description | Value | +| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------- | ------ | +| `migrate.resources.requests.cpu` | A CPU request. | `10m` | +| `migrate.resources.requests.memory` | A memory request. | `32Mi` | +| `migrate.resources.limits.cpu` | A CPU limit. | `100m` | +| `migrate.resources.limits.memory` | A memory limit. | `64Mi` | +| `migrate.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | + +### Logging settings + +| Name | Description | Value | +| ----------- | ----------------------------------------------------------------------------------- | ------ | +| `log.level` | Log level. Possible values: `debug`, `info`, `warn`, `error`, `fatal`. **Required** | `info` | + +### Database access settings + +| Name | Description | Value | +| ------------------- | ----------------------------------------------------------------------------------- | ------ | +| `postgres.host` | PostgreSQL hostname or IP. **Required** | `""` | +| `postgres.port` | PostgreSQL port. | `5432` | +| `postgres.timeout` | PostgreSQL client connection timeout. | `3s` | +| `postgres.retry` | PostgreSQL client connection retry. | `10` | +| `postgres.name` | PostgreSQL database name. **Required** | `""` | +| `postgres.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` | +| `postgres.username` | PostgreSQL username. **Required** | `""` | +| `postgres.password` | PostgreSQL password. **Required** | `""` | + +### S3 like storage access settings + +| Name | Description | Value | +| -------------------- | ----------------------------------------------------------------------------------- | ----- | +| `s3.host` | S3 host as `host:port`. **Required** | `""` | +| `s3.accessKey` | S3 access key. **Required** | `""` | +| `s3.secretKey` | S3 secret key. **Required** | `""` | +| `s3.bucket` | S3 bucket name, for example 'styles'. **Required** | `""` | +| `s3.publicDomain` | S3 public access domain. Uses https access. **Required** | `""` | +| `s3.connectTimeout` | S3 management client connection timeout. If not specified, the default value is 3s. | `3s` | +| `s3.requestTimeout` | S3 management client request timeout. If not specified, the default value is 30s. | `5s` | +| `s3.responseTimeout` | S3 management client response timeout. If not specified, the default value is 3s. | `5s` | + +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` | diff --git a/charts/styles-api/templates/NOTES.txt b/charts/styles-api/templates/NOTES.txt new file mode 100644 index 000000000..b54d5aa23 --- /dev/null +++ b/charts/styles-api/templates/NOTES.txt @@ -0,0 +1,10 @@ +Styles API service is released as "{{ .Release.Name }}" at "{{ .Release.Namespace }}" namespace. + +{{ if .Values.api.ingress.enabled }} +You can check service using curl +{{- range $host := .Values.api.ingress.hosts }} + http{{ if $.Values.api.ingress.tls }}s{{ end }}://{{ $host.host }}/healthcheck +{{- end }} +{{- else }} +You can publish api service in your preferred way (ingress, balancer, etc). +{{ end }} diff --git a/charts/styles-api/templates/_helpers.tpl b/charts/styles-api/templates/_helpers.tpl new file mode 100644 index 000000000..60d259fb1 --- /dev/null +++ b/charts/styles-api/templates/_helpers.tpl @@ -0,0 +1,211 @@ +{{- define "styles.name" -}} +{{- .Release.Name | trunc 32 | trimSuffix "-" }} +{{- end }} + +{{- define "styles.api.name" -}} +{{ include "styles.name" . }} +{{- end }} + +{{- define "styles.worker.name" -}} +{{ include "styles.name" . }}-worker +{{- end }} + +{{- define "styles.migrate.name" -}} +{{ include "styles.name" . }}-migrate +{{- end }} + +{{- define "styles.secret.deploys.name" -}} +{{ include "styles.name" . }}-secret-deploys +{{- end }} + +{{- define "styles.secret.jobs.name" -}} +{{ include "styles.name" . }}-secret-jobs +{{- end }} + +{{- define "styles.selectorLabels" -}} +app.kubernetes.io/name: {{ .Chart.Name }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "styles.labels" -}} +{{ include "styles.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + +{{- define "styles.api.selectorLabels" -}} +app.kubernetes.io/name: {{ .Chart.Name }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "styles.api.labels" -}} +{{ include "styles.api.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + +{{- define "styles.worker.selectorLabels" -}} +app.kubernetes.io/name: {{ .Chart.Name }}-worker +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "styles.worker.labels" -}} +{{ include "styles.worker.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + +{{- define "styles.migrate.labels" -}} +app.kubernetes.io/name: {{ .Chart.Name }}-migrate +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + +{{- define "styles.env.loglevel" -}} +- name: MGS_LOG_LEVEL + value: "{{ .Values.log.level }}" +{{- end }} + +{{- define "styles.env.db" -}} +- name: MGS_DB_HOST + value: "{{ required "A valid .Values.postgres.host required" .Values.postgres.host }}" +- name: MGS_DB_PORT + value: "{{ .Values.postgres.port }}" +- name: MGS_DB_NAME + value: "{{ required "A valid .Values.postgres.name required" .Values.postgres.name }}" +- name: MGS_DB_SCHEMA + value: "{{ .Values.postgres.schema }}" +- name: MGS_DB_CONNECTION_TIMEOUT + value: "{{ .Values.postgres.timeout }}" +- name: MGS_DB_CONNECTION_RETRY + value: "{{ .Values.postgres.retry }}" +- name: MGS_DB_USERNAME + value: "{{ required "A valid .Values.postgres.ro.username required" .Values.postgres.username }}" +{{- end}} + +{{- define "styles.env.db.deploys" -}} +{{ include "styles.env.db" . }} +- name: MGS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "styles.secret.deploys.name" . }} + key: dbPassword +{{- end }} + +{{- define "styles.env.db.jobs" -}} +{{ include "styles.env.db" . }} +- name: MGS_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "styles.secret.jobs.name" . }} + key: dbPassword +{{- end }} + +{{- define "styles.env.s3" -}} +- name: MGS_S3_ENDPOINT + value: "{{ required "A valid .Values.s3.host required" .Values.s3.host }}" +- name: MGS_S3_BUCKET + value: "{{ .Values.s3.bucket }}" +- name: MGS_S3_PUBLIC_DOMAIN + value: "{{ .Values.s3.publicDomain }}" +- name: MGS_S3_CONNECT_TIMEOUT + value: "{{ .Values.s3.connectTimeout }}" +- name: MGS_S3_REQUEST_TIMEOUT + value: "{{ .Values.s3.requestTimeout }}" +- name: MGS_S3_RESPONSE_TIMEOUT + value: "{{ .Values.s3.responseTimeout }}" +{{- end}} + +{{- define "styles.env.s3.deploys" -}} +{{ include "styles.env.s3" . }} +- name: MGS_S3_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ include "styles.secret.deploys.name" . }} + key: s3AccessKey +- name: MGS_S3_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ include "styles.secret.deploys.name" . }} + key: s3SecretKey +{{- end }} + +{{- define "styles.env.api" -}} +{{ include "styles.env.loglevel" . }} +{{ include "styles.env.db.deploys" . }} +{{ include "styles.env.s3.deploys" . }} +{{- end }} + +{{- define "styles.env.worker" -}} +{{ include "styles.env.loglevel" . }} +{{ include "styles.env.db.deploys" . }} +{{ include "styles.env.s3.deploys" . }} +{{- end }} + +{{- define "styles.env.migrate" -}} +{{ include "styles.env.loglevel" . }} +{{ include "styles.env.db.jobs" . }} +{{- end }} + +{{/* +Return the target Kubernetes version +*/}} +{{- define "capabilities.kubeVersion" -}} +{{- if .Values.global }} + {{- if .Values.global.kubeVersion }} + {{- .Values.global.kubeVersion -}} + {{- else }} + {{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} + {{- end -}} +{{- else }} +{{- default .Capabilities.KubeVersion.Version .Values.kubeVersion -}} +{{- end -}} +{{- end -}} + +{{/* +Return the appropriate apiVersion for Horizontal Pod Autoscaler. +*/}} +{{- define "capabilities.hpa.apiVersion" -}} +{{- if semverCompare "<1.23-0" (include "capabilities.kubeVersion" .) -}} +{{- if .beta2 -}} +{{- print "autoscaling/v2beta2" -}} +{{- else -}} +{{- print "autoscaling/v2beta1" -}} +{{- end -}} +{{- else -}} +{{- print "autoscaling/v2" -}} +{{- end -}} +{{- end -}} + +{{- define "styles.env.custom.ca.path" -}} +- name: SSL_CERT_DIR + value: {{ include "styles.custom.ca.mountPath" . }} +{{- end }} + +{{- define "styles.custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} + +{{- define "styles.custom.ca.volumeMounts" -}} +- name: custom-ca + mountPath: {{ include "styles.custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + readOnly: true +{{- end -}} + +{{- define "styles.custom.ca.jobs.volumes" -}} +- name: custom-ca + configMap: + name: {{ include "styles.configmap.jobs.name" . }} +{{- end -}} + +{{- define "styles.custom.ca.deploys.volumes" -}} +- name: custom-ca + configMap: + name: {{ include "styles.configmap.deploys.name" . }} +{{- end -}} + +{{- define "styles.configmap.jobs.name" -}} +{{ include "styles.name" . }}-configmap-jobs +{{- end -}} + +{{- define "styles.configmap.deploys.name" -}} +{{ include "styles.name" . }}-configmap-deploys +{{- end -}} diff --git a/charts/styles-api/templates/api/deployment.yaml b/charts/styles-api/templates/api/deployment.yaml new file mode 100644 index 000000000..49bf4d57f --- /dev/null +++ b/charts/styles-api/templates/api/deployment.yaml @@ -0,0 +1,81 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "styles.api.name" . }} + {{- if or .Values.api.annotations .Values.customCAs.bundle }} + annotations: + {{- if .Values.customCAs.bundle }} + checksum/config: {{ include (print .Template.BasePath "/configmap-deploys.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.api.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- include "styles.api.labels" . | nindent 4 }} + {{- with .Values.api.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + {{- if not .Values.api.hpa.enabled }} + replicas: {{ .Values.api.replicas }} + {{- end }} + revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} + strategy: + {{- toYaml .Values.api.strategy | nindent 4 }} + selector: + matchLabels: + {{- include "styles.api.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ (include (print $.Template.BasePath "/secret-deploys.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- with .Values.api.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "styles.api.labels" . | nindent 8 }} + {{- with .Values.api.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: api + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: [ "mgs", "server" ] + ports: + - name: http + containerPort: 8080 + readinessProbe: + httpGet: + path: /healthcheck + port: http + resources: + {{- toYaml .Values.api.resources | nindent 12 }} + env: + {{- include "styles.env.api" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "styles.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "styles.custom.ca.deploys.volumes" . | nindent 8 }} + {{- end }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/styles-api/templates/api/hpa.yaml b/charts/styles-api/templates/api/hpa.yaml new file mode 100644 index 000000000..97e042ee4 --- /dev/null +++ b/charts/styles-api/templates/api/hpa.yaml @@ -0,0 +1,39 @@ +{{- with .Values.api.hpa }} +{{- if .enabled }} +apiVersion: {{ include "capabilities.hpa.apiVersion" $ }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "styles.api.name" $ }} + labels: + {{- include "styles.api.labels" $ | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "styles.api.name" $ }} + minReplicas: {{ .minReplicas }} + maxReplicas: {{ .maxReplicas }} + behavior: + scaleUp: + stabilizationWindowSeconds: {{ .scaleUpStabilizationWindowSeconds }} + scaleDown: + stabilizationWindowSeconds: {{ .scaleDownStabilizationWindowSeconds }} + metrics: + {{- with .targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} + {{- with .targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} + {{- end }} +{{- end }} +{{- end }} diff --git a/charts/styles-api/templates/api/ingress.yaml b/charts/styles-api/templates/api/ingress.yaml new file mode 100644 index 000000000..7573e1d5b --- /dev/null +++ b/charts/styles-api/templates/api/ingress.yaml @@ -0,0 +1,39 @@ +{{- if .Values.api.ingress.enabled -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ include "styles.api.name" . }} + labels: + {{- include "styles.api.labels" . | nindent 4 }} + {{- with .Values.api.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.api.ingress.className }} + {{- if .Values.api.ingress.tls }} + tls: + {{- range .Values.api.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.api.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: Prefix + backend: + service: + name: {{ include "styles.api.name" $ }} + port: + number: {{ $.Values.api.service.port }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/styles-api/templates/api/service.yaml b/charts/styles-api/templates/api/service.yaml new file mode 100644 index 000000000..b7b383101 --- /dev/null +++ b/charts/styles-api/templates/api/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "styles.api.name" . }} + {{- with .Values.api.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "styles.api.labels" . | nindent 4 }} + {{- with .Values.api.service.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.api.service.type }} + ports: + - port: {{ .Values.api.service.port }} + name: http + targetPort: http + selector: + {{- include "styles.api.selectorLabels" . | nindent 4 }} diff --git a/charts/styles-api/templates/configmap-deploys.yaml b/charts/styles-api/templates/configmap-deploys.yaml new file mode 100644 index 000000000..d2271227d --- /dev/null +++ b/charts/styles-api/templates/configmap-deploys.yaml @@ -0,0 +1,11 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "styles.configmap.deploys.name" . }} + labels: + {{- include "styles.labels" . | nindent 4}} +data: + custom-ca.crt: |- +{{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/styles-api/templates/configmap-jobs.yaml b/charts/styles-api/templates/configmap-jobs.yaml new file mode 100644 index 000000000..ba395474f --- /dev/null +++ b/charts/styles-api/templates/configmap-jobs.yaml @@ -0,0 +1,15 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "styles.configmap.jobs.name" . }} + labels: + {{- include "styles.labels" . | nindent 4}} + annotations: + "helm.sh/hook": pre-install,pre-upgrade,post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded,hook-failed + "helm.sh/hook-weight": "-10" +data: + custom-ca.crt: |- +{{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/styles-api/templates/migrate/job.yaml b/charts/styles-api/templates/migrate/job.yaml new file mode 100644 index 000000000..811a8accd --- /dev/null +++ b/charts/styles-api/templates/migrate/job.yaml @@ -0,0 +1,51 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ include "styles.migrate.name" . }} + labels: + {{- include "styles.migrate.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-10" +spec: + backoffLimit: 0 + template: + metadata: + name: {{ include "styles.migrate.name" . }} + labels: + {{- include "styles.migrate.labels" . | nindent 8 }} + spec: + restartPolicy: Never + {{- if .Values.migrate.initialDelaySeconds }} + initContainers: + - name: delay + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} + command: [ "sh", "-c", "sleep {{ .Values.migrate.initialDelaySeconds }}" ] + resources: + {{- toYaml .Values.migrate.resources | nindent 12 }} + {{- end }} + containers: + - name: migrate + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: [ "mgs", "migrate" ] + resources: + {{- toYaml .Values.migrate.resources | nindent 12 }} + env: + {{- include "styles.env.migrate" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "styles.env.custom.ca.path" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "styles.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "styles.custom.ca.jobs.volumes" . | nindent 8 }} + {{- end }} + {{- with .Values.migrate.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/styles-api/templates/secret-deploys.yaml b/charts/styles-api/templates/secret-deploys.yaml new file mode 100644 index 000000000..9a12560dd --- /dev/null +++ b/charts/styles-api/templates/secret-deploys.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "styles.secret.deploys.name" . }} + labels: + {{- include "styles.labels" . | nindent 4 }} +type: Opaque +data: + dbPassword: {{ required "A valid .Values.postgres.password required" .Values.postgres.password | b64enc }} + s3AccessKey: {{ required "A valid .Values.s3.accessKey required" .Values.s3.accessKey | b64enc }} + s3SecretKey: {{ required "A valid .Values.s3.secretKey required" .Values.s3.secretKey | b64enc }} diff --git a/charts/styles-api/templates/secret-post.yaml b/charts/styles-api/templates/secret-post.yaml new file mode 100644 index 000000000..de5cb34af --- /dev/null +++ b/charts/styles-api/templates/secret-post.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "styles.secret.jobs.name" . }} + labels: + {{- include "styles.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": post-install,post-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-20" +type: Opaque +data: + dbPassword: {{ required "A valid .Values.postgres.password required" .Values.postgres.password | b64enc }} + s3AccessKey: {{ required "A valid .Values.s3.accessKey required" .Values.s3.accessKey | b64enc }} + s3SecretKey: {{ required "A valid .Values.s3.secretKey required" .Values.s3.secretKey | b64enc }} diff --git a/charts/styles-api/templates/secret-pre.yaml b/charts/styles-api/templates/secret-pre.yaml new file mode 100644 index 000000000..2b4760372 --- /dev/null +++ b/charts/styles-api/templates/secret-pre.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "styles.secret.jobs.name" . }} + labels: + {{- include "styles.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded + "helm.sh/hook-weight": "-20" +type: Opaque +data: + dbPassword: {{ required "A valid .Values.postgres.password required" .Values.postgres.password | b64enc }} + s3AccessKey: {{ required "A valid .Values.s3.accessKey required" .Values.s3.accessKey | b64enc }} + s3SecretKey: {{ required "A valid .Values.s3.secretKey required" .Values.s3.secretKey | b64enc }} diff --git a/charts/styles-api/templates/worker/deployment.yaml b/charts/styles-api/templates/worker/deployment.yaml new file mode 100644 index 000000000..ad2648b95 --- /dev/null +++ b/charts/styles-api/templates/worker/deployment.yaml @@ -0,0 +1,72 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "styles.worker.name" . }} + {{- if or .Values.worker.annotations .Values.customCAs.bundle }} + annotations: + {{- if .Values.customCAs.bundle }} + checksum/config: {{ include (print .Template.BasePath "/configmap-deploys.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.worker.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- include "styles.worker.labels" . | nindent 4 }} + {{- with .Values.worker.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.api.replicas }} + revisionHistoryLimit: 1 + strategy: + type: Recreate + selector: + matchLabels: + {{- include "styles.worker.selectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/config: {{ (include (print $.Template.BasePath "/secret-deploys.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- with .Values.worker.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "styles.worker.labels" . | nindent 8 }} + {{- with .Values.worker.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: worker + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: [ "mgs", "worker" ] + resources: + {{- toYaml .Values.worker.resources | nindent 12 }} + env: + {{- include "styles.env.worker" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "styles.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "styles.custom.ca.deploys.volumes" . | nindent 8 }} + {{- end }} + {{- with .Values.worker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.worker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/styles-api/values.yaml b/charts/styles-api/values.yaml new file mode 100644 index 000000000..b5d244b2f --- /dev/null +++ b/charts/styles-api/values.yaml @@ -0,0 +1,256 @@ +# @section Docker Registry settings + +# @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. + +dgctlDockerRegistry: '' + +# @section Common settings + +# @param imagePullSecrets Kubernetes image pull secrets. +# @param imagePullPolicy Image [pull policy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy) +# @param image.repository Styles API service image repository. +# @param image.tag Styles API service image tag. + +imagePullSecrets: [] +imagePullPolicy: IfNotPresent +image: + repository: 2gis-on-premise/styles-api + tag: 1.0.0 + +# @section API service settings + +api: + + # @param api.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. + # @param api.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). + # @param api.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. + + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + + # @param api.replicas A replica count for the pod. + # @param api.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + + replicas: 1 + revisionHistoryLimit: 3 + + # @section api.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** + # @param api.resources.requests.cpu A CPU request. + # @param api.resources.requests.memory A memory request. + # @param api.resources.limits.cpu A CPU limit. + # @param api.resources.limits.memory A memory limit. + + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 1 + memory: 256Mi + + # @param api.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param api.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + + annotations: {} + labels: {} + + # @param api.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param api.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + + podAnnotations: {} + podLabels: {} + + # @param api.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + # @param api.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + # @param api.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. + + nodeSelector: {} + affinity: {} + tolerations: {} + + # @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). + # @param api.service.port Service port. + + service: + annotations: {} + labels: {} + type: ClusterIP + port: 80 + + # @param api.ingress.enabled If Ingress is enabled for the service. + # @param api.ingress.className Name of the Ingress controller class. + # @param api.ingress.annotations.nginx.ingress.kubernetes.io/proxy-body-size Max body size. [Ingress Nginx](https://github.com/kubernetes/ingress-nginx/blob/main/docs/user-guide/nginx-configuration/annotations.md#custom-max-body-size). + # @param api.ingress.hosts[0].host Hostname for the Ingress service. + # @param api.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. + # @param api.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. + # @param api.ingress.tls TLS configuration + + ingress: + enabled: false + className: nginx + annotations: + nginx.ingress.kubernetes.io/proxy-body-size: "100mb" + hosts: + - host: styles.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - hosts: + # - styles-api.example.com + # secretName: secret.tls + + # @param api.hpa.enabled If HPA is enabled for the service. + # @param api.hpa.minReplicas Lower limit for the number of replicas to which the autoscaler can scale down. + # @param api.hpa.maxReplicas Upper limit for the number of replicas to which the autoscaler can scale up. + # @param api.hpa.scaleDownStabilizationWindowSeconds Scale-down window. + # @param api.hpa.scaleUpStabilizationWindowSeconds Scale-up window. + # @param api.hpa.targetCPUUtilizationPercentage Target average CPU utilization (represented as a percentage of requested CPU) over all the pods; if not specified the default autoscaling policy will be used. + # @param api.hpa.targetMemoryUtilizationPercentage Target average memory utilization (represented as a percentage of requested memory) over all the pods; if not specified the default autoscaling policy will be used. + + hpa: + enabled: false + minReplicas: 1 + maxReplicas: 2 + scaleDownStabilizationWindowSeconds: '' + scaleUpStabilizationWindowSeconds: '' + targetCPUUtilizationPercentage: 80 + targetMemoryUtilizationPercentage: '' + +# @section Worker service settings + +worker: + + # @param worker.initialDelaySeconds Delay in seconds at the service startup. + + initialDelaySeconds: 5 + + # @section worker.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** + # @param worker.resources.requests.cpu A CPU request. + # @param worker.resources.requests.memory A memory request. + # @param worker.resources.limits.cpu A CPU limit. + # @param worker.resources.limits.memory A memory limit. + + resources: + requests: + cpu: 50m + memory: 128Mi + limits: + cpu: 1 + memory: 256Mi + + # @param worker.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param worker.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + + annotations: {} + labels: {} + + # @param worker.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param worker.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + + podAnnotations: {} + podLabels: {} + + # @param worker.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + # @param worker.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + # @param worker.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. + + nodeSelector: {} + affinity: {} + tolerations: {} + +# @section Migrate service settings + +migrate: + + # @param migrate.initialDelaySeconds Delay in seconds at the service startup. + + initialDelaySeconds: 5 + + # @section migrate.resources **Kubernetes [resource management](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) settings** + # @param migrate.resources.requests.cpu A CPU request. + # @param migrate.resources.requests.memory A memory request. + # @param migrate.resources.limits.cpu A CPU limit. + # @param migrate.resources.limits.memory A memory limit. + + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 64Mi + + # @param migrate.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + + nodeSelector: {} + +# @section Logging settings + +log: + + # @param log.level Log level. Possible values: `debug`, `info`, `warn`, `error`, `fatal`. **Required** + + level: info + +# @section Database access settings + +postgres: + + # @param postgres.host PostgreSQL hostname or IP. **Required** + # @param postgres.port PostgreSQL port. + # @param postgres.timeout PostgreSQL client connection timeout. + # @param postgres.retry PostgreSQL client connection retry. + # @param postgres.name PostgreSQL database name. **Required** + # @param postgres.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. + # @param postgres.username PostgreSQL username. **Required** + # @param postgres.password PostgreSQL password. **Required** + + host: '' + port: 5432 + timeout: 3s + retry: 10 + name: '' + schema: '' + username: '' + password: '' + +# @section S3 like storage access settings + +s3: + + # @param s3.host S3 host as `host:port`. **Required** + # @param s3.accessKey S3 access key. **Required** + # @param s3.secretKey S3 secret key. **Required** + # @param s3.bucket S3 bucket name, for example 'styles'. **Required** + # @param s3.publicDomain S3 public access domain. Uses https access. **Required** + # @param s3.connectTimeout S3 management client connection timeout. If not specified, the default value is 3s. + # @param s3.requestTimeout S3 management client request timeout. If not specified, the default value is 30s. + # @param s3.responseTimeout S3 management client response timeout. If not specified, the default value is 3s. + + host: '' + accessKey: '' + secretKey: '' + bucket: '' + publicDomain: '' + connectTimeout: 3s + requestTimeout: 5s + responseTimeout: 5s + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. + +customCAs: + bundle: '' + # bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/twins-api/templates/api/deployment.yaml b/charts/twins-api/templates/api/deployment.yaml index 6b97027d9..3e79dc3a6 100644 --- a/charts/twins-api/templates/api/deployment.yaml +++ b/charts/twins-api/templates/api/deployment.yaml @@ -22,7 +22,7 @@ spec: {{- end }} revisionHistoryLimit: {{ .Values.api.revisionHistoryLimit }} strategy: - {{- toYaml .Values.strategy | nindent 4 }} + {{- toYaml .Values.api.strategy | nindent 4 }} selector: matchLabels: {{- include "twins.api.selectorLabels" . | nindent 6 }} diff --git a/charts/twins-api/templates/migrate/job.yaml b/charts/twins-api/templates/migrate/job.yaml index fb826873b..b35c1bebb 100644 --- a/charts/twins-api/templates/migrate/job.yaml +++ b/charts/twins-api/templates/migrate/job.yaml @@ -46,7 +46,7 @@ spec: volumes: {{- include "twins.custom.ca.jobs.volumes" . | nindent 8 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with .Values.migrate.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} From 5669c1b3f9f027ae21129997784bd7518bf91930 Mon Sep 17 00:00:00 2001 From: Alexandr Sentyabov <36183816+SanchezzRU@users.noreply.github.com> Date: Fri, 13 Sep 2024 09:17:35 +0700 Subject: [PATCH 54/91] [DEVOPS-1394] fix typo in castle chart (#501) --- charts/navi-castle/README.md | 2 +- charts/navi-castle/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/navi-castle/README.md b/charts/navi-castle/README.md index 2d56319a7..7705cae84 100644 --- a/charts/navi-castle/README.md +++ b/charts/navi-castle/README.md @@ -145,7 +145,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | Name | Description | Value | | ------------------------------- | ------------------------------------------------------------------------------------- | ------------------- | -| `persistentVolume.enabled` | If Kubernetes persistence volume should be enabled for ZooKeeper. | `false` | +| `persistentVolume.enabled` | If Kubernetes persistence volume should be enabled for Castle. | `false` | | `persistentVolume.accessModes` | Volume access mode. | `["ReadWriteOnce"]` | | `persistentVolume.storageClass` | Volume [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). | `ceph-csi-rbd` | | `persistentVolume.size` | Volume size. | `5Gi` | diff --git a/charts/navi-castle/values.yaml b/charts/navi-castle/values.yaml index 4471ee9cb..fcc24587b 100644 --- a/charts/navi-castle/values.yaml +++ b/charts/navi-castle/values.yaml @@ -194,7 +194,7 @@ init: # @section Kubernetes [Persistence Volumes](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) settings -# @param persistentVolume.enabled If Kubernetes persistence volume should be enabled for ZooKeeper. +# @param persistentVolume.enabled If Kubernetes persistence volume should be enabled for Castle. # @param persistentVolume.accessModes Volume access mode. # @param persistentVolume.storageClass Volume [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). # @param persistentVolume.size Volume size. From f49913c0296008cb6df027090a77138239e45b95 Mon Sep 17 00:00:00 2001 From: Andrey Morozov <62840181+endryhold@users.noreply.github.com> Date: Wed, 18 Sep 2024 17:54:29 +0700 Subject: [PATCH 55/91] Release 1.28.2 (#505) (#507) --- CHANGELOG.md | 9 +++++++++ charts/catalog-api/Chart.yaml | 2 +- charts/citylens/Chart.yaml | 2 +- charts/dgtt/Chart.yaml | 2 +- charts/floors-api/Chart.yaml | 2 +- charts/generic-chart/Chart.yaml | 2 +- charts/gis-platform/Chart.yaml | 2 +- charts/keycloak/Chart.yaml | 2 +- charts/keys/Chart.yaml | 2 +- charts/license/Chart.yaml | 2 +- charts/mapgl-js-api/Chart.yaml | 4 ++-- charts/mapgl-js-api/README.md | 2 +- charts/mapgl-js-api/values.yaml | 2 +- charts/navi-async-grpc-proxy/Chart.yaml | 2 +- charts/navi-async-matrix/Chart.yaml | 2 +- charts/navi-back/Chart.yaml | 2 +- charts/navi-castle/Chart.yaml | 2 +- charts/navi-front/Chart.yaml | 2 +- charts/navi-restrictions/Chart.yaml | 2 +- charts/navi-router/Chart.yaml | 2 +- charts/navi-splitter/Chart.yaml | 2 +- charts/platform/Chart.yaml | 2 +- charts/pro-api/Chart.yaml | 2 +- charts/pro-ui/Chart.yaml | 2 +- charts/search-api/Chart.yaml | 2 +- charts/stat-receiver/Chart.yaml | 2 +- charts/styles-api/Chart.yaml | 2 +- charts/tiles-api/Chart.yaml | 2 +- charts/traffic-proxy/Chart.yaml | 2 +- charts/twins-api/Chart.yaml | 2 +- image_versions.txt | 2 +- 31 files changed, 40 insertions(+), 31 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f506258c4..4ea48ac63 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,14 @@ # 2GIS On-Premise Changelog +## [1.28.2] (2024-09-18) +#### Images +``` +mapgl-js-api + - mapgl:1.50.1 + + mapgl:1.51.0 + +``` + ## [1.28.0] (2024-09-11) #### [Breaking-Changes](Breaking-Changes.md#1280) #### Images diff --git a/charts/catalog-api/Chart.yaml b/charts/catalog-api/Chart.yaml index 1a2c58cf4..b7512c2ce 100644 --- a/charts/catalog-api/Chart.yaml +++ b/charts/catalog-api/Chart.yaml @@ -3,7 +3,7 @@ name: catalog-api type: application description: A Helm chart for Kubernetes to deploy Catalog APIs -version: 1.28.0 +version: 1.28.2 appVersion: 3.625.0 maintainers: diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index e96a05854..6a5a60178 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -3,7 +3,7 @@ name: citylens type: application description: A Helm chart for Kubernetes to deploy Citylens service -version: 1.28.0 +version: 1.28.2 appVersion: 1.12.0 maintainers: diff --git a/charts/dgtt/Chart.yaml b/charts/dgtt/Chart.yaml index b27611784..8d9aa89e8 100644 --- a/charts/dgtt/Chart.yaml +++ b/charts/dgtt/Chart.yaml @@ -3,7 +3,7 @@ name: dgtt description: DGTT Helm chart for Kubernetes type: application -version: 1.28.0 +version: 1.28.2 appVersion: 0.2.27-b188673e09 maintainers: diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml index 7cf3a4b22..217b86fde 100644 --- a/charts/floors-api/Chart.yaml +++ b/charts/floors-api/Chart.yaml @@ -3,7 +3,7 @@ name: floors-api description: Helm for floors service type: application -version: 1.28.0 +version: 1.28.2 appVersion: 1.0.4 maintainers: diff --git a/charts/generic-chart/Chart.yaml b/charts/generic-chart/Chart.yaml index 53b7b98d7..903b13fde 100644 --- a/charts/generic-chart/Chart.yaml +++ b/charts/generic-chart/Chart.yaml @@ -4,7 +4,7 @@ description: Generic library Helm chart for 2Gis type: library keywords: - library -version: 1.28.0 +version: 1.28.2 maintainers: - name: 2gis url: https://github.com/2gis diff --git a/charts/gis-platform/Chart.yaml b/charts/gis-platform/Chart.yaml index abba06f02..eb09c35c7 100644 --- a/charts/gis-platform/Chart.yaml +++ b/charts/gis-platform/Chart.yaml @@ -4,7 +4,7 @@ description: GIS Platform type: application -version: 1.28.0 +version: 1.28.2 appVersion: 2023.8.3-0 dependencies: diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 2c270b5dc..1d5c5a0ad 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -3,7 +3,7 @@ name: keycloak type: application description: Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort. -version: 1.28.0 +version: 1.28.2 appVersion: 21.1.1-debian-11-r4 maintainers: diff --git a/charts/keys/Chart.yaml b/charts/keys/Chart.yaml index 83073550d..c9d59265d 100644 --- a/charts/keys/Chart.yaml +++ b/charts/keys/Chart.yaml @@ -3,7 +3,7 @@ name: keys type: application description: A Helm chart for Kubernetes to deploy API Keys service -version: 1.28.0 +version: 1.28.2 appVersion: 1.87.0 maintainers: diff --git a/charts/license/Chart.yaml b/charts/license/Chart.yaml index 5ee66ec2f..6938efee1 100644 --- a/charts/license/Chart.yaml +++ b/charts/license/Chart.yaml @@ -3,7 +3,7 @@ name: license type: application description: A Helm chart for Kubernetes to deploy License service -version: 1.28.0 +version: 1.28.2 appVersion: 2.2.1 maintainers: diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index c32dc11f3..60466c451 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -4,8 +4,8 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application -version: 1.28.0 -appVersion: 1.50.1 +version: 1.28.2 +appVersion: 1.51.0 maintainers: - name: 2gis diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index ecfccfd84..30e0307bc 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -46,7 +46,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | Name | Description | Value | | ------------------ | ----------- | ----------------------- | | `image.repository` | Repository | `2gis-on-premise/mapgl` | -| `image.tag` | Tag | `1.50.1` | +| `image.tag` | Tag | `1.51.0` | | `image.pullPolicy` | Pull Policy | `IfNotPresent` | ### Environment variables diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index 57ce17181..75a925eb0 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -38,7 +38,7 @@ podLabels: {} image: repository: 2gis-on-premise/mapgl - tag: 1.50.1 + tag: 1.51.0 pullPolicy: IfNotPresent diff --git a/charts/navi-async-grpc-proxy/Chart.yaml b/charts/navi-async-grpc-proxy/Chart.yaml index ff3db59fa..6ddabb57b 100644 --- a/charts/navi-async-grpc-proxy/Chart.yaml +++ b/charts/navi-async-grpc-proxy/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - dm-async-matrix - async-grpc-proxy -version: 1.28.0 +version: 1.28.2 appVersion: 0.0.2 maintainers: - name: 2gis diff --git a/charts/navi-async-matrix/Chart.yaml b/charts/navi-async-matrix/Chart.yaml index da5976e1d..2e4b3a27a 100644 --- a/charts/navi-async-matrix/Chart.yaml +++ b/charts/navi-async-matrix/Chart.yaml @@ -4,7 +4,7 @@ description: Service implements asynchronous API over Distance Matrix type: application -version: 1.28.0 +version: 1.28.2 appVersion: 1.11.2 maintainers: diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index da61e77b9..8ac907fb1 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - back - backend -version: 1.28.0 +version: 1.28.2 appVersion: 7.27.1.2 dependencies: - name: generic-chart diff --git a/charts/navi-castle/Chart.yaml b/charts/navi-castle/Chart.yaml index 80217d77c..f9ebd5741 100644 --- a/charts/navi-castle/Chart.yaml +++ b/charts/navi-castle/Chart.yaml @@ -4,7 +4,7 @@ description: Castle Helm chart for Kubernetes type: application -version: 1.28.0 +version: 1.28.2 appVersion: 1.9.2 maintainers: diff --git a/charts/navi-front/Chart.yaml b/charts/navi-front/Chart.yaml index 01b037cb2..04fc28bda 100644 --- a/charts/navi-front/Chart.yaml +++ b/charts/navi-front/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - front -version: 1.28.0 +version: 1.28.2 appVersion: 1.24.1 maintainers: - name: 2gis diff --git a/charts/navi-restrictions/Chart.yaml b/charts/navi-restrictions/Chart.yaml index 6e93f826b..e84f1dc65 100644 --- a/charts/navi-restrictions/Chart.yaml +++ b/charts/navi-restrictions/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Restrictions backend type: application -version: 1.28.0 +version: 1.28.2 appVersion: 1.24.1 maintainers: diff --git a/charts/navi-router/Chart.yaml b/charts/navi-router/Chart.yaml index 6d1e4bdee..d8b139ddf 100644 --- a/charts/navi-router/Chart.yaml +++ b/charts/navi-router/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - router -version: 1.28.0 +version: 1.28.2 appVersion: 6.24.0.3 maintainers: - name: 2gis diff --git a/charts/navi-splitter/Chart.yaml b/charts/navi-splitter/Chart.yaml index 1dda2d45f..5df1808a7 100644 --- a/charts/navi-splitter/Chart.yaml +++ b/charts/navi-splitter/Chart.yaml @@ -15,5 +15,5 @@ maintainers: - name: 2gis url: https://github.com/2gis email: on-premise@2gis.com -version: 1.28.0 +version: 1.28.2 appVersion: 1.0.1 diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index f4e4b5919..ba75830a2 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -3,7 +3,7 @@ name: platform type: application description: A Helm chart for Kubernetes to deploy Platform -version: 1.28.0 +version: 1.28.2 appVersion: 0.15.1 maintainers: diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index 6d2fd243e..5930bdeb0 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,7 +4,7 @@ description: Geo API for getting geo data type: application -version: 1.28.0 +version: 1.28.2 appVersion: 1.35.0 maintainers: diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index 87f7ffafe..6f4c2909c 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,7 +3,7 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.28.0 +version: 1.28.2 appVersion: 2.27.0 maintainers: diff --git a/charts/search-api/Chart.yaml b/charts/search-api/Chart.yaml index 8f09e3fce..1478babc2 100644 --- a/charts/search-api/Chart.yaml +++ b/charts/search-api/Chart.yaml @@ -4,7 +4,7 @@ description: Search engine for catalog type: application -version: 1.28.0 +version: 1.28.2 appVersion: 7.80.0 maintainers: diff --git a/charts/stat-receiver/Chart.yaml b/charts/stat-receiver/Chart.yaml index 9dbbed69e..ea87f7ad2 100644 --- a/charts/stat-receiver/Chart.yaml +++ b/charts/stat-receiver/Chart.yaml @@ -3,7 +3,7 @@ name: stat-receiver type: application description: A Helm chart for Kubernetes to deploy Stat Receiver -version: 1.28.0 +version: 1.28.2 appVersion: 1.11.1 maintainers: diff --git a/charts/styles-api/Chart.yaml b/charts/styles-api/Chart.yaml index ed16381aa..fb06a53fb 100644 --- a/charts/styles-api/Chart.yaml +++ b/charts/styles-api/Chart.yaml @@ -3,7 +3,7 @@ name: styles-api type: application description: A Helm chart for Kubernetes to deploy API Styles service -version: 1.28.0 +version: 1.28.2 appVersion: 0.30.0 maintainers: diff --git a/charts/tiles-api/Chart.yaml b/charts/tiles-api/Chart.yaml index f5d077f43..8662f9b96 100644 --- a/charts/tiles-api/Chart.yaml +++ b/charts/tiles-api/Chart.yaml @@ -4,7 +4,7 @@ description: Tiles API for getting cartographic data type: application -version: 1.28.0 +version: 1.28.2 appVersion: 4.54.0 maintainers: diff --git a/charts/traffic-proxy/Chart.yaml b/charts/traffic-proxy/Chart.yaml index a2193327b..6cd7e3ee6 100644 --- a/charts/traffic-proxy/Chart.yaml +++ b/charts/traffic-proxy/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Proxy for traffic jams type: application -version: 1.28.0 +version: 1.28.2 appVersion: 1.21.6 maintainers: diff --git a/charts/twins-api/Chart.yaml b/charts/twins-api/Chart.yaml index 36bed389e..81816bb54 100644 --- a/charts/twins-api/Chart.yaml +++ b/charts/twins-api/Chart.yaml @@ -3,7 +3,7 @@ name: twins-api type: application description: A Helm chart for Kubernetes to deploy API Twins service -version: 1.28.0 +version: 1.28.2 appVersion: 1.13.0 maintainers: diff --git a/image_versions.txt b/image_versions.txt index de2e9e7fa..2433dc599 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -28,7 +28,7 @@ keys license license:2.2.1 mapgl-js-api - mapgl:1.50.1 + mapgl:1.51.0 navi-async-grpc-proxy async-grpc-proxy:1.0.0 navi-async-matrix From 37d1f21aba46cb5e10831d03fade281135ca80f7 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Mon, 23 Sep 2024 13:49:34 +0500 Subject: [PATCH 56/91] Change variables naming (#506) * [stat-receiver] Change variables naming --------- Co-authored-by: Sergey Vlasov --- charts/stat-receiver/README.md | 80 +++++++++---------- .../configs/streams/application.conf.template | 2 +- .../templates/api/configmap.yaml | 5 +- .../templates/api/deployment.yaml | 11 +-- .../stat-receiver/templates/api/ingress.yaml | 4 +- .../stat-receiver/templates/api/service.yaml | 6 +- charts/stat-receiver/templates/helpers.tpl | 16 ++-- .../templates/streams/configmap.yaml | 4 +- .../templates/streams/deployment.yaml | 10 +-- .../templates/streams/headless-service.yaml | 6 +- charts/stat-receiver/values.yaml | 29 ++++--- 11 files changed, 85 insertions(+), 88 deletions(-) diff --git a/charts/stat-receiver/README.md b/charts/stat-receiver/README.md index 6e6295204..0444fdd00 100644 --- a/charts/stat-receiver/README.md +++ b/charts/stat-receiver/README.md @@ -53,39 +53,50 @@ helm upgrade stat-receiver 2gis-on-premise/stat-receiver -f values-stat-receiver | Name | Description | Value | | --------------------- | --------------------------------------------------------------------------------------- | ----- | | `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. | `""` | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | ### API service settings -| Name | Description | Value | -| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `api` | **Common settings** | | -| `api.replicas` | A replica count for the pod. | `1` | -| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | -| `api.jvmXmx` | Memory allocation options for JVM. | `-Xmx1500m` | -| `api.image` | **Deployment settings** | | -| `api.image.repository` | Repository | `2gis-on-premise/stat-receiver-api` | -| `api.image.tag` | Tag | `1.11.1` | -| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | -| `api.service` | **Service settings** | | -| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `api.service.port` | Service port. | `80` | -| `api.service.targetPort` | Port inside the container. | `8080` | +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `api` | **Common settings** | | +| `api.replicas` | A replica count for the pod. | `1` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.jvmXmx` | Memory allocation options for JVM. | `-Xmx1500m` | +| `api.image` | **Deployment settings** | | +| `api.image.repository` | Repository | `2gis-on-premise/stat-receiver-api` | +| `api.image.tag` | Tag | `1.11.1` | +| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `api.service` | **Service settings** | | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | Service port. | `80` | +| `api.service.targetPort` | Port inside the container. | `8080` | +| `api.resources` | **Limits for the API service** | | +| `api.resources.requests.cpu` | A CPU request. | `0.5` | +| `api.resources.requests.memory` | A memory request. | `1500Mi` | +| `api.resources.limits.cpu` | A CPU limit. | `1` | +| `api.resources.limits.memory` | A memory limit. | `1500Mi` | ### Streams service settings -| Name | Description | Value | -| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | -| `streams` | **Common settings** | | -| `streams.replicas` | A replica count for the pod. | `1` | -| `streams.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | -| `streams.jvmXmx` | Memory allocation options for JVM. | `-Xmx2G -XX:+UseParallelGC` | -| `streams.jmxPort` | Port for JMX protocol. | `9010` | -| `streams.metricsPort` | Port for metrics. | `8081` | -| `streams.storageSize` | Size of ephemeral disk that holds temporary files | `500Mi` | -| `streams.image` | **Deployment settings** | | -| `streams.image.repository` | Repository | `2gis-on-premise/stat-receiver-streams` | -| `streams.image.tag` | Tag | `1.11.1` | -| `streams.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| Name | Description | Value | +| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | +| `streams` | **Common settings** | | +| `streams.replicas` | A replica count for the pod. | `1` | +| `streams.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `streams.jvmXmx` | Memory allocation options for JVM. | `-Xmx2G -XX:+UseParallelGC` | +| `streams.jmxPort` | Port for JMX protocol. | `9010` | +| `streams.metricsPort` | Port for metrics. | `8081` | +| `streams.storageSize` | Size of ephemeral disk that holds temporary files | `500Mi` | +| `streams.image` | **Deployment settings** | | +| `streams.image.repository` | Repository | `2gis-on-premise/stat-receiver-streams` | +| `streams.image.tag` | Tag | `1.11.1` | +| `streams.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `streams.resources` | **Limits for the Streams service** | | +| `streams.resources.requests.cpu` | A CPU request. | `1` | +| `streams.resources.requests.memory` | A memory request. | `4G` | +| `streams.resources.limits.cpu` | A CPU limit. | `2` | +| `streams.resources.limits.memory` | A memory limit. | `4G` | ### Kafka service settings @@ -124,21 +135,6 @@ helm upgrade stat-receiver 2gis-on-premise/stat-receiver -f values-stat-receiver | `ingress.enabled` | If Ingress is enabled for the service. | `false` | | `ingress.hosts[0].host` | Hostname for the Ingress service. | `stat-receiver.host` | -### Limits - -| Name | Description | Value | -| ----------------------------------- | ---------------------------------- | -------- | -| `api.resources` | **Limits for the API service** | | -| `api.resources.requests.cpu` | A CPU request. | `0.5` | -| `api.resources.requests.memory` | A memory request. | `1500Mi` | -| `api.resources.limits.cpu` | A CPU limit. | `1` | -| `api.resources.limits.memory` | A memory limit. | `1500Mi` | -| `streams.resources` | **Limits for the Streams service** | | -| `streams.resources.requests.cpu` | A CPU request. | `1` | -| `streams.resources.requests.memory` | A memory request. | `4G` | -| `streams.resources.limits.cpu` | A CPU limit. | `2` | -| `streams.resources.limits.memory` | A memory limit. | `4G` | - ## Maintainers diff --git a/charts/stat-receiver/configs/streams/application.conf.template b/charts/stat-receiver/configs/streams/application.conf.template index e04f03baa..d34c24b4e 100644 --- a/charts/stat-receiver/configs/streams/application.conf.template +++ b/charts/stat-receiver/configs/streams/application.conf.template @@ -53,7 +53,7 @@ streams = { "rocksdb.shared.block.cache.size" = 536870912 # 512Mb "bootstrap.servers" = {{ required "A valid .Values.kafka.servers entry required" .Values.kafka.servers | quote }} {{- if .Values.kafka.sasl.mechanism }} - "sasl.mechanism" = {{ .Values.kafka.saslMechanism }} + "sasl.mechanism" = {{ .Values.kafka.sasl.mechanism }} {{- end }} {{- if .Values.kafka.securityProtocol }} "security.protocol" = {{ .Values.kafka.securityProtocol }} diff --git a/charts/stat-receiver/templates/api/configmap.yaml b/charts/stat-receiver/templates/api/configmap.yaml index f8ce8eb9d..4ee1e5b31 100644 --- a/charts/stat-receiver/templates/api/configmap.yaml +++ b/charts/stat-receiver/templates/api/configmap.yaml @@ -3,11 +3,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} data: application.conf: |- {{- tpl (.Files.Get "configs/api/application.conf.template") . | nindent 4 }} logback.xml: |- {{- .Files.Get "configs/api/logback.xml" | nindent 4 }} + \ No newline at end of file diff --git a/charts/stat-receiver/templates/api/deployment.yaml b/charts/stat-receiver/templates/api/deployment.yaml index 4cfb8f72b..e961bac2a 100644 --- a/charts/stat-receiver/templates/api/deployment.yaml +++ b/charts/stat-receiver/templates/api/deployment.yaml @@ -1,13 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} {{- if .Values.api.annotations }} annotations: {{- toYaml .Values.api.annotations | nindent 4 }} {{- end }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} {{- if .Values.api.labels }} {{- toYaml .Values.api.labels | nindent 4 }} {{- end }} @@ -21,11 +21,11 @@ spec: type: RollingUpdate selector: matchLabels: - {{- include "bss-receiver-api.selectorLabels" . | nindent 6 }} + {{- include "stat-receiver-api.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- include "bss-receiver-api.labels" . | nindent 8 }} + {{- include "stat-receiver-api.labels" . | nindent 8 }} {{- if .Values.api.labels }} {{- toYaml .Values.api.labels | nindent 8 }} {{- end }} @@ -95,7 +95,7 @@ spec: volumes: - name: config-volume configMap: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} {{- if .Values.kafka.truststore.enabled }} - name: kafka-truststore secret: @@ -106,3 +106,4 @@ spec: secret: secretName: {{ .Values.kafka.keystore.secretName }} {{- end }} + \ No newline at end of file diff --git a/charts/stat-receiver/templates/api/ingress.yaml b/charts/stat-receiver/templates/api/ingress.yaml index a5f3a6243..104aa312e 100644 --- a/charts/stat-receiver/templates/api/ingress.yaml +++ b/charts/stat-receiver/templates/api/ingress.yaml @@ -1,12 +1,12 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "bss-receiver-api.name" . -}} +{{- $fullName := include "stat-receiver-api.name" . -}} {{- $svcPort := .Values.api.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/stat-receiver/templates/api/service.yaml b/charts/stat-receiver/templates/api/service.yaml index 03feeee8e..2c52efa4e 100644 --- a/charts/stat-receiver/templates/api/service.yaml +++ b/charts/stat-receiver/templates/api/service.yaml @@ -3,13 +3,13 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} {{- if .Values.api.service.annotations }} annotations: {{- toYaml .Values.api.service.annotations | nindent 4 }} {{- end }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} {{- if .Values.api.service.labels }} {{- toYaml .Values.api.service.labels | nindent 4 }} {{- end }} @@ -22,4 +22,4 @@ spec: name: http appProtocol: http selector: - {{- include "bss-receiver-api.selectorLabels" . | nindent 4 }} + {{- include "stat-receiver-api.selectorLabels" . | nindent 4 }} diff --git a/charts/stat-receiver/templates/helpers.tpl b/charts/stat-receiver/templates/helpers.tpl index 168dff0ab..adba0ec24 100644 --- a/charts/stat-receiver/templates/helpers.tpl +++ b/charts/stat-receiver/templates/helpers.tpl @@ -1,28 +1,28 @@ -{{- define "bss-receiver-api.name" -}} +{{- define "stat-receiver-api.name" -}} {{- printf "%s-api" .Release.Name | trunc 32 | trimSuffix "-" }} {{- end }} -{{- define "bss-receiver-streams.name" -}} +{{- define "stat-receiver-streams.name" -}} {{- printf "%s-streams" .Release.Name | trunc 32 | trimSuffix "-" }} {{- end }} -{{- define "bss-receiver-api.selectorLabels" -}} +{{- define "stat-receiver-api.selectorLabels" -}} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/instance: {{ printf "%s-api" .Release.Name }} {{- end }} -{{- define "bss-receiver-api.labels" -}} -{{ include "bss-receiver-api.selectorLabels" . }} +{{- define "stat-receiver-api.labels" -}} +{{ include "stat-receiver-api.selectorLabels" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -{{- define "bss-receiver-streams.selectorLabels" -}} +{{- define "stat-receiver-streams.selectorLabels" -}} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/instance: {{ printf "%s-streams" .Release.Name }} {{- end }} -{{- define "bss-receiver-streams.labels" -}} -{{ include "bss-receiver-streams.selectorLabels" . }} +{{- define "stat-receiver-streams.labels" -}} +{{ include "stat-receiver-streams.selectorLabels" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/charts/stat-receiver/templates/streams/configmap.yaml b/charts/stat-receiver/templates/streams/configmap.yaml index 63148a125..e0d797eed 100644 --- a/charts/stat-receiver/templates/streams/configmap.yaml +++ b/charts/stat-receiver/templates/streams/configmap.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "bss-receiver-streams.name" . }} + name: {{ include "stat-receiver-streams.name" . }} labels: - {{- include "bss-receiver-streams.labels" . | nindent 4 }} + {{- include "stat-receiver-streams.labels" . | nindent 4 }} data: application.conf: |- {{- tpl (.Files.Get "configs/streams/application.conf.template") . | nindent 4 }} diff --git a/charts/stat-receiver/templates/streams/deployment.yaml b/charts/stat-receiver/templates/streams/deployment.yaml index 23dfee688..f2b9fb3ec 100644 --- a/charts/stat-receiver/templates/streams/deployment.yaml +++ b/charts/stat-receiver/templates/streams/deployment.yaml @@ -1,13 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "bss-receiver-streams.name" . }} + name: {{ include "stat-receiver-streams.name" . }} {{- if .Values.streams.annotations }} annotations: {{- toYaml .Values.streams.annotations | nindent 4 }} {{- end }} labels: - {{- include "bss-receiver-streams.labels" . | nindent 4 }} + {{- include "stat-receiver-streams.labels" . | nindent 4 }} {{- if .Values.streams.labels }} {{- toYaml .Values.streams.labels | nindent 4 }} {{- end }} @@ -21,11 +21,11 @@ spec: type: RollingUpdate selector: matchLabels: - {{- include "bss-receiver-streams.selectorLabels" . | nindent 6 }} + {{- include "stat-receiver-streams.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- include "bss-receiver-streams.labels" . | nindent 8 }} + {{- include "stat-receiver-streams.labels" . | nindent 8 }} {{- if .Values.streams.labels }} {{- toYaml .Values.streams.labels | nindent 8 }} {{- end }} @@ -100,7 +100,7 @@ spec: volumes: - name: config-volume configMap: - name: {{ include "bss-receiver-streams.name" . }} + name: {{ include "stat-receiver-streams.name" . }} - name: data-volume emptyDir: sizeLimit: {{ .Values.streams.storageSize }} diff --git a/charts/stat-receiver/templates/streams/headless-service.yaml b/charts/stat-receiver/templates/streams/headless-service.yaml index fd8482af0..ee7bc7366 100644 --- a/charts/stat-receiver/templates/streams/headless-service.yaml +++ b/charts/stat-receiver/templates/streams/headless-service.yaml @@ -3,12 +3,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "bss-receiver-streams.name" . }}-headless + name: {{ include "stat-receiver-streams.name" . }}-headless labels: - {{- include "bss-receiver-streams.labels" . | nindent 4 }} + {{- include "stat-receiver-streams.labels" . | nindent 4 }} spec: type: ClusterIP clusterIP: None publishNotReadyAddresses: true selector: - {{- include "bss-receiver-streams.selectorLabels" . | nindent 4 }} + {{- include "stat-receiver-streams.selectorLabels" . | nindent 4 }} diff --git a/charts/stat-receiver/values.yaml b/charts/stat-receiver/values.yaml index 3921fba10..5012833e0 100644 --- a/charts/stat-receiver/values.yaml +++ b/charts/stat-receiver/values.yaml @@ -1,8 +1,10 @@ # @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. +# @param imagePullSecrets Kubernetes image pull secrets. dgctlDockerRegistry: '' +imagePullSecrets: [] # @section API service settings @@ -38,6 +40,12 @@ api: port: 80 targetPort: 8080 + # @extra api.resources **Limits for the API service** + # @param api.resources.requests.cpu A CPU request. + # @param api.resources.requests.memory A memory request. + # @param api.resources.limits.cpu A CPU limit. + # @param api.resources.limits.memory A memory limit. + resources: requests: cpu: 0.5 @@ -77,6 +85,12 @@ streams: tag: 1.11.1 pullPolicy: IfNotPresent + # @extra streams.resources **Limits for the Streams service** + # @param streams.resources.requests.cpu A CPU request. + # @param streams.resources.requests.memory A memory request. + # @param streams.resources.limits.cpu A CPU limit. + # @param streams.resources.limits.memory A memory limit. + resources: requests: cpu: 1 @@ -154,18 +168,3 @@ ingress: enabled: false hosts: - host: stat-receiver.host - - -# @section Limits - -# @extra api.resources **Limits for the API service** -# @param api.resources.requests.cpu A CPU request. -# @param api.resources.requests.memory A memory request. -# @param api.resources.limits.cpu A CPU limit. -# @param api.resources.limits.memory A memory limit. - -# @extra streams.resources **Limits for the Streams service** -# @param streams.resources.requests.cpu A CPU request. -# @param streams.resources.requests.memory A memory request. -# @param streams.resources.limits.cpu A CPU limit. -# @param streams.resources.limits.memory A memory limit. From 01e0d090f1c530d4c81ecf5907ddb31e3982c18b Mon Sep 17 00:00:00 2001 From: Igor Sheykin <49325415+Ashigo@users.noreply.github.com> Date: Mon, 23 Sep 2024 15:44:00 +0500 Subject: [PATCH 57/91] add required field to mapgl ENV values (#504) --- charts/mapgl-js-api/README.md | 2 +- charts/mapgl-js-api/templates/deployment.yaml | 28 +++++++++---------- charts/mapgl-js-api/values.yaml | 2 +- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index 30e0307bc..93e623ad5 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -58,7 +58,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `env.MAPGL_TILES_API` | URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' | `""` | | `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | | `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | -| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `""` | +| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `https://traffic-proxy.ingress.host` | | `env.MAPGL_FLOORSSERVER` | URL of the Floors API service, e.g. 'https://floors-api.ingress.host' | `""` | | `env.MAPGL_STYLESERVER` | URL of the Styles API service, e.g. 'https://styles.ingress.host' | `""` | | `env.MAPGL_ICONSPATH` | URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' | `""` | diff --git a/charts/mapgl-js-api/templates/deployment.yaml b/charts/mapgl-js-api/templates/deployment.yaml index bb022bb84..7c56b7dc2 100644 --- a/charts/mapgl-js-api/templates/deployment.yaml +++ b/charts/mapgl-js-api/templates/deployment.yaml @@ -42,33 +42,33 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: PUBLIC_HOST - value: "{{ .Values.env.MAPGL_HOST }}" + value: {{ .Values.env.MAPGL_HOST | quote }} - name: DEMO_KEY - value: "{{ .Values.env.MAPGL_DEMO_KEY }}" + value: {{ .Values.env.MAPGL_DEMO_KEY | quote }} - name: MAPGL_TILESERVER - value: "{{ .Values.env.MAPGL_TILES_API }}" + value: {{ required "A valid .Values.env.MAPGL_TILES_API entry required" .Values.env.MAPGL_TILES_API | quote }} - name: MAPGL_TILESET - value: "{{ .Values.env.MAPGL_TILESET }}" + value: {{ .Values.env.MAPGL_TILESET | quote }} - name: MAPGL_MODELS_TILESET - value: "{{ .Values.env.MAPGL_IMMERSIVE_TILESET }}" + value: {{ .Values.env.MAPGL_IMMERSIVE_TILESET | quote }} - name: MAPGL_TRAFFICSERVER - value: "{{ .Values.env.MAPGL_TRAFFICSERVER }}" + value: {{ .Values.env.MAPGL_TRAFFICSERVER | quote }} - name: MAPGL_FLOORSSERVER - value: "{{ .Values.env.MAPGL_FLOORSSERVER }}" + value: {{ .Values.env.MAPGL_FLOORSSERVER | quote }} - name: MAPGL_STYLESERVER - value: "{{ .Values.env.MAPGL_STYLESERVER }}" + value: {{ .Values.env.MAPGL_STYLESERVER | quote }} - name: MAPGL_ICONSPATH - value: "{{ .Values.env.MAPGL_ICONSPATH }}" + value: {{ .Values.env.MAPGL_ICONSPATH | quote }} - name: MAPGL_MODELSPATH - value: "{{ .Values.env.MAPGL_MODELSPATH }}" + value: {{ .Values.env.MAPGL_MODELSPATH | quote }} - name: MAPGL_KEYSERVER - value: "{{ .Values.env.MAPGL_KEYSERVER }}" + value: {{ .Values.env.MAPGL_KEYSERVER | quote }} - name: MAPGL_RTLPLUGIN - value: "{{ .Values.env.MAPGL_RTLPLUGIN }}" + value: {{ .Values.env.MAPGL_RTLPLUGIN | quote }} - name: MAPGL_RTLPLUGINHASH - value: "{{ .Values.env.MAPGL_RTLPLUGINHASH }}" + value: {{ .Values.env.MAPGL_RTLPLUGINHASH | quote }} - name: MAPGL_INVALID_KEY_MESSAGE - value: "{{ .Values.env.MAPGL_INVALID_KEY_MESSAGE }}" + value: {{ .Values.env.MAPGL_INVALID_KEY_MESSAGE | quote }} ports: - name: http containerPort: 8080 diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index 75a925eb0..04d2e2f3c 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -65,7 +65,7 @@ env: MAPGL_TILES_API: '' MAPGL_TILESET: web MAPGL_IMMERSIVE_TILESET: web_immersive - MAPGL_TRAFFICSERVER: '' + MAPGL_TRAFFICSERVER: 'https://traffic-proxy.ingress.host' MAPGL_FLOORSSERVER: '' MAPGL_STYLESERVER: '' MAPGL_ICONSPATH: '' From 87b0d4e68fd221596b542fbe19cf32027a021257 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Tue, 24 Sep 2024 16:49:34 +0700 Subject: [PATCH 58/91] Citylens 1.13.0 (#508) --- charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 8 ++++---- charts/citylens/values.yaml | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 6a5a60178..c3df448da 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.28.2 -appVersion: 1.12.0 +appVersion: 1.13.0 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 2af5890ef..11925c672 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.12.0` | +| `api.image.tag` | Tag. | `1.13.1` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -133,7 +133,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.12.0` | +| `web.image.tag` | Tag. | `1.13.0` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -351,7 +351,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | `worker.dashboardBatchEvents.image.repository` | Repository. | `2gis-on-premise/citylens-workers` | -| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.12.0` | +| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.13.0` | | `worker.dashboardBatchEvents.image.pullPolicy` | Pull Policy. | `IfNotPresent` | | `worker.dashboardBatchEvents.logLevel` | Worker's log level. | `INFO` | | `worker.dashboardBatchEvents.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | @@ -369,7 +369,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.12.0` | +| `migrations.image.tag` | Tag. | `1.13.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 8e48ae5a6..22395787f 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,7 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.1 replicas: 4 @@ -230,7 +230,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.0 replicas: 1 @@ -611,7 +611,7 @@ worker: image: repository: 2gis-on-premise/citylens-workers pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.0 revisionHistoryLimit: 3 @@ -647,7 +647,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.0 resources: requests: From b4de0f1334ea6b695de09b3f58469c7ff17cb764 Mon Sep 17 00:00:00 2001 From: Morozov Dmitriy Date: Wed, 25 Sep 2024 08:01:48 +0300 Subject: [PATCH 59/91] DEVOPS-1409: add securityContext (#510) --- charts/navi-castle/templates/statefulset.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/charts/navi-castle/templates/statefulset.yaml b/charts/navi-castle/templates/statefulset.yaml index fe2e69159..1ebb39524 100644 --- a/charts/navi-castle/templates/statefulset.yaml +++ b/charts/navi-castle/templates/statefulset.yaml @@ -34,6 +34,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: {{ include "castle.fullname" . }}-builder-config configMap: @@ -53,6 +57,11 @@ spec: containers: - name: castle-nginx image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -80,6 +89,11 @@ spec: failureThreshold: 2 - name: castle-cron image: {{ required "A valid $.Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ $.Values.castle.image.repository }}:{{ $.Values.castle.image.tag }} + imagePullPolicy: {{ .Values.castle.image.pullPolicy }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} command: ["/tini","--"] args: - /opt/update_services_init.sh From 59b7f91049f410359813a4be1d3a29024184d1c8 Mon Sep 17 00:00:00 2001 From: Vladimir Popov Date: Fri, 27 Sep 2024 10:30:41 +0700 Subject: [PATCH 60/91] [license] Upgraded app version to 2.2.3 (#496) * [license] Upgraded app version to 2.2.2 * [license] Upgraded app version to 2.2.3 and added dgctlStorage.region, persistence.region to values --- charts/license/Chart.yaml | 2 +- charts/license/README.md | 4 +++- charts/license/templates/configmap.yaml | 2 ++ charts/license/values.yaml | 6 +++++- 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/charts/license/Chart.yaml b/charts/license/Chart.yaml index 6938efee1..331363142 100644 --- a/charts/license/Chart.yaml +++ b/charts/license/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy License service version: 1.28.2 -appVersion: 2.2.1 +appVersion: 2.2.3 maintainers: - name: 2gis diff --git a/charts/license/README.md b/charts/license/README.md index 30790f211..751c8ef31 100644 --- a/charts/license/README.md +++ b/charts/license/README.md @@ -28,6 +28,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/architecture/service | ------------------------ | --------------------------------------- | ------- | | `dgctlStorage.host` | S3 endpoint. Format: `host:port`. | `""` | | `dgctlStorage.secure` | If S3 uses https. | `false` | +| `dgctlStorage.region` | S3 region. | `""` | | `dgctlStorage.bucket` | S3 bucket name. | `""` | | `dgctlStorage.accessKey` | S3 access key for accessing the bucket. | `""` | | `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. | `""` | @@ -53,7 +54,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/architecture/service | Name | Description | Value | | ------------------ | ------------ | ------------------------- | | `image.repository` | Repository. | `2gis-on-premise/license` | -| `image.tag` | Tag. | `2.2.1` | +| `image.tag` | Tag. | `2.2.3` | | `image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### License service application settings @@ -100,6 +101,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/architecture/service | ----------------------- | --------------------------------------- | ------- | | `persistence.host` | S3 endpoint. Format: `host:port`. | `""` | | `persistence.secure` | If S3 uses https. | `false` | +| `persistence.region` | S3 region. | `""` | | `persistence.bucket` | S3 bucket name. | `""` | | `persistence.root` | Root directory in S3 bucket. | `""` | | `persistence.accessKey` | S3 access key for accessing the bucket. | `""` | diff --git a/charts/license/templates/configmap.yaml b/charts/license/templates/configmap.yaml index 079443206..297a1c85d 100644 --- a/charts/license/templates/configmap.yaml +++ b/charts/license/templates/configmap.yaml @@ -21,12 +21,14 @@ data: storage: host: {{ required "A valid $.Values.dgctlStorage.host entry is required" .host }} secure: {{ .secure }} + region: {{ .region }} bucket: {{ required "A valid $.Values.dgctlStorage.bucket entry is required" .bucket }} {{- end }} {{- with .persistence }} persistence: host: {{ .host }} secure: {{ .secure }} + region: {{ .region }} bucket: {{ .bucket }} root: {{ .root }} {{- end }} diff --git a/charts/license/values.yaml b/charts/license/values.yaml index cf84b24e6..c83c0183b 100644 --- a/charts/license/values.yaml +++ b/charts/license/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @param dgctlStorage.host S3 endpoint. Format: `host:port`. # @param dgctlStorage.secure If S3 uses https. +# @param dgctlStorage.region S3 region. # @param dgctlStorage.bucket S3 bucket name. # @param dgctlStorage.accessKey S3 access key for accessing the bucket. # @param dgctlStorage.secretKey S3 secret key for accessing the bucket. @@ -15,6 +16,7 @@ dgctlDockerRegistry: '' dgctlStorage: host: '' secure: false + region: '' bucket: '' accessKey: '' secretKey: '' @@ -63,7 +65,7 @@ imagePullSecrets: [] image: repository: 2gis-on-premise/license - tag: 2.2.1 + tag: 2.2.3 pullPolicy: IfNotPresent # @section License service application settings @@ -137,6 +139,7 @@ resources: # @param persistence.host S3 endpoint. Format: `host:port`. # @param persistence.secure If S3 uses https. +# @param persistence.region S3 region. # @param persistence.bucket S3 bucket name. # @param persistence.root Root directory in S3 bucket. # @param persistence.accessKey S3 access key for accessing the bucket. @@ -145,6 +148,7 @@ resources: persistence: host: '' secure: false + region: '' bucket: '' root: '' accessKey: '' From b2d31f965dc6ecd878fe455c62e05c50e3446763 Mon Sep 17 00:00:00 2001 From: Dmitrii Molochnikov Date: Fri, 27 Sep 2024 14:29:02 +0700 Subject: [PATCH 61/91] =?UTF-8?q?=D0=98=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5?= =?UTF-8?q?=D0=BD=D0=B8=D0=B5=20=D1=81=D1=82=D1=80=D1=83=D0=BA=D1=82=D1=83?= =?UTF-8?q?=D1=80=D1=8B=20=D1=87=D0=B0=D1=80=D1=82=D0=B0=20pro-api=20(#490?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Breaking-Changes.md | 36 +- charts/pro-api/README.md | 330 ++++---- charts/pro-api/templates/_helpers.tpl | 22 +- .../templates/asset-import-starter.yaml | 18 +- charts/pro-api/templates/asset-importer.yaml | 20 +- charts/pro-api/templates/asset-preparer.yaml | 14 +- charts/pro-api/templates/deployment.yaml | 96 +-- charts/pro-api/templates/ingress.yaml | 14 +- .../templates/permission-api-service.yaml | 14 +- .../templates/permissions-api-deployment.yaml | 56 +- .../templates/permissions-api-ingress.yaml | 14 +- charts/pro-api/templates/secrets.yaml | 8 +- charts/pro-api/templates/service-account.yaml | 2 +- charts/pro-api/templates/service.yaml | 12 +- charts/pro-api/templates/vpa.yaml | 8 +- charts/pro-api/values.yaml | 775 +++++++++--------- 16 files changed, 712 insertions(+), 727 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 671b870ee..0bba4f8fa 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,9 +1,43 @@ # 2GIS On-Premise Breaking-Changes +## [1.29.0] + +### pro-api +- appName renamed to api.appName +- image renamed to api.image +- ingress renamed to api.ingress +- pod renamed to api.pod +- vpa renamed to api.vpa +- service renamed to api.service +- licenseKey renamed to api.settings.licenseKey +- api.tempPath renamed to api.settings.tempPath +- api.allowAnyOrigin renamed to api.settings.allowAnyOrigin +- api.logEsQueries renamed to api.settings.logEsQueries +- api.debug renamed to api.settings.debug +- api.env renamed to api.settings.env +- api.filterByZoneCodes renamed to api.settings.filterByZoneCodes +- api.esDataCentersCount renamed to api.settings.esDataCentersCount +- api.rateLimiter renamed to api.settings.rateLimiter +- api.localCache renamed to api.settings.localCache +- api.openApi renamed to api.settings.openApi +- auth renamed to api.settings.auth +- permissionsApiImage renamed to permissions.image +- permissionsApiIngress renamed to permissions.ingress +- permissionsPodSettings renamed to permissions.pod +- permissionApiService renamed to permissions.service +- add permissions.settings block +- add assetImporter.appName +- assetImporter.maxParallelJobs renamed to assetImporter.settings.maxParallelJobs +- assetImporter.files renamed to assetImporter.settings.files +- assetImporter.imageProxyUrl renamed to assetImporter.settings.imageProxyUrl +- assetImporter.externalLinksProxyUrl renamed to assetImporter.settings.externalLinksProxyUrl +- assetImporter.externalLinksAllowedHosts renamed to assetImporter.settings.externalLinksAllowedHosts +- assetImporter.esMetricsEnabled renamed to assetImporter.settings.esMetricsEnabled +- assetPreparer.maxParallelJobs renamed to assetPreparer.settings.maxParallelJobs + ## [1.28.0] ### navi-async-matric - - `s3.publicNetloc` now MUST start with `http://` or `https://` scheme ## [1.27.0] diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index f33f81fb8..e32d76d93 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -2,33 +2,131 @@ ## Values +### Geo API configuration & settings + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- | +| `Image` | settings | | +| `api.image.repository` | Repository | `2gis-on-premise/pro-api` | +| `api.image.tag` | Tag | `1.35.0` | +| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `Ingress` | settings | | +| `api.ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `api.ingress.className` | Name of the Ingress controller class. | `nginx` | +| `api.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-api.example.com` | +| `api.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `api.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `api.ingress.tls` | TLS configuration | `[]` | +| `Pod` | settings | | +| `api.pod.appName` | Name of the service. | `pro-api` | +| `api.pod.replicaCount` | A replica count for the pod. | `2` | +| `api.pod.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `api.pod.nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `api.pod.fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `api.pod.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `api.pod.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `api.pod.priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | +| `api.pod.terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `300` | +| `api.pod.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `api.pod.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.pod.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.pod.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.pod.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.pod.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.pod.resources` | **Limits for the application service** | | +| `api.pod.resources.requests.cpu` | A CPU request. | `400m` | +| `api.pod.resources.requests.memory` | A memory request. | `256M` | +| `api.pod.resources.limits.cpu` | A CPU limit. | `1` | +| `api.pod.resources.limits.memory` | A memory limit. | `1024M` | +| `api.pod.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `api.pod.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | +| `api.pod.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | +| `VPA` | settings [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) | | +| `api.vpa.enabled` | If VPA is enabled for the service. | `false` | +| `api.vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | +| `api.vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | `400m` | +| `api.vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | `256M` | +| `api.vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | `1` | +| `api.vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | `1024M` | +| `Service` | settings | | +| `api.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `api.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | PRO API service port. | `80` | +| `api.service.serviceAccount` | Kubernetes service account | `runner` | +| `api.service.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | +| `Geo` | API settings | | +| `api.settings.licenseKey` | License key. **Required** | `""` | +| `api.settings.tempPath` | Path to directory used for temp data | `/tmp` | +| `api.settings.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | +| `api.settings.logging` | Logging settings | | +| `api.settings.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | +| `api.settings.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | +| `api.settings.rateLimiter` | rate limiter settings | | +| `api.settings.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | +| `api.settings.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | +| `api.settings.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | +| `api.settings.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | +| `api.settings.auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | +| `api.settings.auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | +| `api.settings.auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | +| `api.settings.auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | +| `api.settings.auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | +| `api.settings.auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | +| `api.settings.auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | +| `api.settings.auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | + +### Permissions API configuration & settings + +| Name | Description | Value | +| ------------------------------------------------ | --------------------------------------------- | --------------------------------- | +| `Ingress` | settings | | +| `permissions.ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `permissions.ingress.className` | Name of the Ingress controller class. | `nginx` | +| `permissions.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-permissions-api.example.com` | +| `permissions.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `permissions.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `permissions.ingress.tls` | TLS configuration | `[]` | +| `Permissions` | API settings | | +| `permissions.settings.enabled` | If permissionsApi is enabled for the service. | `false` | + +### asset importer settings + +| Name | Description | Value | +| -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `assetImporter.appName` | Data Import job name. | `asset-importer` | +| `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | +| `assetImporter.tag` | Docker image tag. | `1.35.0` | +| `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | +| `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | +| `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | +| `assetImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `assetImporter.resources` | **Limits for the import job** | | +| `assetImporter.resources.requests.cpu` | A CPU request. | `700m` | +| `assetImporter.resources.requests.memory` | A memory request. | `768M` | +| `assetImporter.resources.limits.cpu` | A CPU limit. | `1000m` | +| `assetImporter.resources.limits.memory` | A memory limit. | `8Gi` | +| `assetImporter.enabled` | If assetImporter is enabled for the service. | `true` | +| `assetImporter.startOnDeploy` | Indicates that asset import should start when service installed or updated | `true` | +| `assetImporter.startOnDeployMode` | Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. | `ScheduleManifest` | +| `Asset` | importer settings | | +| `assetImporter.settings.maxParallelJobs` | How many import jobs can be run simultaneously | `1` | +| `assetImporter.settings.imageProxyUrl` | URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | +| `assetImporter.settings.externalLinksProxyUrl` | URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | +| `assetImporter.settings.externalLinksAllowedHosts` | Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) | `""` | + +### asset preparer settings + + +### common infrastructure settings + + ### Docker Registry settings | Name | Description | Value | | --------------------- | --------------------------------------------------------------------------------------- | ----- | | `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. | `""` | -### Common settings - -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | -| `appName` | Name of the service. | `pro-api` | -| `licenseKey` | License key. **Required** | `""` | -| `replicaCount` | A replica count for the pod. | `2` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | -| `terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `300` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | - ### Deployment Artifacts Storage settings | Name | Description | Value | @@ -42,42 +140,6 @@ | `dgctlStorage.region` | AuthenticationRegion property for S3 client. Used in AWS4 request signing, this is an optional property | `""` | | `dgctlStorage.disablePayloadSigning` | Turns off payload signing, this is an optional property. Should be TRUE for Oracle S3 storage | `false` | -### Strategy settings - -| Name | Description | Value | -| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | -| `strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | -| `strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | - -### Service settings - -| Name | Description | Value | -| --------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| `service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `service.port` | PRO API service port. | `80` | - -### Kubernetes [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) settings - -| Name | Description | Value | -| ----------------------- | ------------------------------------------------------------------------------------------------------------ | ------- | -| `vpa.enabled` | If VPA is enabled for the service. | `false` | -| `vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | -| `vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | `400m` | -| `vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | `256M` | -| `vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | `1` | -| `vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | `1024M` | - -### Deployment settings - -| Name | Description | Value | -| ------------------ | ----------- | ------------------------- | -| `image.repository` | Repository | `2gis-on-premise/pro-api` | -| `image.tag` | Tag | `1.35.0` | -| `image.pullPolicy` | Pull Policy | `IfNotPresent` | - ### 2GIS PRO Storage configuration | Name | Description | Value | @@ -88,34 +150,6 @@ | `s3.snapshotBucket` | S3 bucket for storing snapshots of inclemental data updates. **Required** | `""` | | `s3.resourcesBucket` | S3 bucket for storing static resources. **Required** | `""` | -### 2GIS PRO API configuration - -| Name | Description | Value | -| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | -| `api.serviceAccount` | Kubernetes service account | `runner` | -| `api.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | -| `api.tempPath` | Path to directory used for temp data | `/tmp` | -| `api.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | -| `api.logging` | Logging settings | | -| `api.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | -| `api.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | -| `api.rateLimiter` | rate limiter settings | | -| `api.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | -| `api.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | - -### Auth configuration - -| Name | Description | Value | -| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | -| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | -| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | -| `auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | -| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | -| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | -| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | -| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | - ### PostgreSQL settings | Name | Description | Value | @@ -124,29 +158,6 @@ | `postgres.connectionStringReadonly` | Connection string to the readonly node of PostgreSQL database. Format: `Server=SERVER_URL;Database=DB_NAME;UID=USER_NAME;` | `""` | | `postgres.password` | User password to connect to the PostgreSQL database. | `""` | -### Keys Service settings - -| Name | Description | Value | -| ------------ | ---------------------------------------------------------------------------------------- | ----- | -| `keys.url` | API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** | `""` | -| `keys.token` | keys.api access token. **Required** | `""` | - -### ElasticSearch settings (supported version 7.x) - -| Name | Description | Value | -| --------------------- | ------------------------------------------------------------------------------------ | ----- | -| `elastic.host` | ElasticSearch host address. Format: `http(s)://HOST:PORT` | `""` | -| `elastic.credentials` | User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` | `""` | - -### Redis settings (supported version 6.x) - -| Name | Description | Value | -| ---------------- | --------------------------------- | ------ | -| `redis.host` | Redis host address. **Required** | `""` | -| `redis.port` | Redis port. **Required** | `6379` | -| `redis.username` | Username used to connect to Redis | `""` | -| `redis.password` | Password used to connect to Redis | `""` | - ### Kafka settings (supported version 2.7) | Name | Description | Value | @@ -168,12 +179,34 @@ | `kafka.assetDataTopic.name` | Kafka topic name. | `""` | | `kafka.refreshAssetsIntervalMinutes` | Refresh interval for reading streaming assets settings in minutes. | `60` | -### Import background jobs settings +### ElasticSearch settings (supported version 7.x) + +| Name | Description | Value | +| --------------------- | ------------------------------------------------------------------------------------ | ----- | +| `elastic.host` | ElasticSearch host address. Format: `http(s)://HOST:PORT` | `""` | +| `elastic.credentials` | User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` | `""` | -| Name | Description | Value | -| ----------------------------------------- | ---------------------------------------------------------------- | ------- | -| `backgroundJobs.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | -| `backgroundJobs.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | +### Redis settings (supported version 6.x) + +| Name | Description | Value | +| ---------------- | --------------------------------- | ------ | +| `redis.host` | Redis host address. **Required** | `""` | +| `redis.port` | Redis port. **Required** | `6379` | +| `redis.username` | Username used to connect to Redis | `""` | +| `redis.password` | Password used to connect to Redis | `""` | + +### external services + + +### digger settings + + +### Keys Service settings + +| Name | Description | Value | +| ------------ | ---------------------------------------------------------------------------------------- | ----- | +| `keys.url` | API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** | `""` | +| `keys.token` | keys.api access token. **Required** | `""` | ### Catalog API settings @@ -201,77 +234,6 @@ | ------------ | ------------------------------------------------------------------------------------------------ | ----- | | `search.url` | URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc | `""` | -### 2GIS PRO API Job settings - -| Name | Description | Value | -| ---------------------- | --------------------- | ---------------- | -| `appAssetImporterName` | Data Import job name. | `asset-importer` | - -### 2GIS PRO Permissions API configuration - -| Name | Description | Value | -| ------------------------ | --------------------------------------------- | ------- | -| `permissionsApi.enabled` | If permissionsApi is enabled for the service. | `false` | - -### Import job settings - -| Name | Description | Value | -| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.35.0` | -| `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | -| `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | -| `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | -| `assetImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `assetImporter.maxParallelJobs` | How many import jobs can be run simultaneously | `1` | -| `assetImporter.enabled` | If assetImporter is enabled for the service. | `true` | -| `assetImporter.startOnDeploy` | Indicates that asset import should start when service installed or updated | `true` | -| `assetImporter.startOnDeployMode` | Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. | `ScheduleManifest` | -| `assetImporter.imageProxyUrl` | URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | -| `assetImporter.externalLinksProxyUrl` | URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | -| `assetImporter.externalLinksAllowedHosts` | Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) | `""` | - -### Limits - -| Name | Description | Value | -| ----------------------------------------- | -------------------------------------- | ------- | -| `resources` | **Limits for the application service** | | -| `resources.requests.cpu` | A CPU request. | `400m` | -| `resources.requests.memory` | A memory request. | `256M` | -| `resources.limits.cpu` | A CPU limit. | `1` | -| `resources.limits.memory` | A memory limit. | `1024M` | -| `assetImporter.resources` | **Limits for the import job** | | -| `assetImporter.resources.requests.cpu` | A CPU request. | `700m` | -| `assetImporter.resources.requests.memory` | A memory request. | `768M` | -| `assetImporter.resources.limits.cpu` | A CPU limit. | `1000m` | -| `assetImporter.resources.limits.memory` | A memory limit. | `8Gi` | - -### Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings - - -### 2GIS PRO API ingress settings - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------- | --------------------- | -| `ingress.enabled` | If Ingress is enabled for the service. | `false` | -| `ingress.className` | Name of the Ingress controller class. | `nginx` | -| `ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-api.example.com` | -| `ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `ingress.tls` | TLS configuration | `[]` | - -### 2GIS PRO Permissions API ingress settings - -| Name | Description | Value | -| -------------------------------------------------- | ----------------------------------------- | --------------------------------- | -| `permissionsApiIngress.enabled` | If Ingress is enabled for the service. | `false` | -| `permissionsApiIngress.className` | Name of the Ingress controller class. | `nginx` | -| `permissionsApiIngress.hosts[0].host` | Hostname for the Ingress service. | `pro-permissions-api.example.com` | -| `permissionsApiIngress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `permissionsApiIngress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `permissionsApiIngress.tls` | TLS configuration | `[]` | - - ## Installing 1. Create a configuration file values-api.yaml and fill in all the required parameters according to the docs above. diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index 38121023e..13c15d1fe 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -1,8 +1,8 @@ {{- define "pro-api.name" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- if .Values.api.pod.fullnameOverride -}} +{{- .Values.api.pod.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- $name := default .Values.appName .Values.nameOverride -}} +{{- $name := default .Values.api.pod.appName .Values.api.pod.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -16,8 +16,8 @@ {{- end -}} {{- define "pro-api.permissions-url" -}} -{{- if .Values.permissionsApi.host -}} -{{- .Values.permissionsApi.host -}} +{{- if .Values.permissions.settings.host -}} +{{- .Values.permissions.settings.host -}} {{- else -}} {{- "http://" -}} {{ include "pro-api.permissions-name" . }} @@ -25,7 +25,7 @@ {{- end -}} {{- define "pro-api.asset-importer-name" -}} -{{- $name := default .Values.appAssetImporterName -}} +{{- $name := default .Values.assetImporter.appName -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -34,7 +34,7 @@ {{- end -}} {{- define "pro-api.asset-preparer-name" -}} -{{- $name := default .Values.appAssetPreparerName -}} +{{- $name := default .Values.assetPreparer.appName -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -43,20 +43,20 @@ {{- end -}} {{- define "pro-api.service-account-name" -}} -{{- if empty .Values.api.serviceAccountOverride }} - {{- $name := default .Values.api.serviceAccount -}} +{{- if empty .Values.api.service.serviceAccountOverride }} + {{- $name := default .Values.api.service.serviceAccount -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- else -}} - {{- .Values.api.serviceAccountOverride | trunc 63 | trimSuffix "-" -}} + {{- .Values.api.service.serviceAccountOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- define "pro-api.chart" -}} -{{- printf "%s-%s" .Values.appName .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" .Values.api.pod.appName .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "pro-api.selectorLabels" -}} diff --git a/charts/pro-api/templates/asset-import-starter.yaml b/charts/pro-api/templates/asset-import-starter.yaml index ef2e84f1b..907f26f4d 100644 --- a/charts/pro-api/templates/asset-import-starter.yaml +++ b/charts/pro-api/templates/asset-import-starter.yaml @@ -26,19 +26,19 @@ spec: resources: {{- toYaml .Values.assetImporter.resources | nindent 16 }} volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume env: - name: JOB_NAME value: {{ include "pro-api.asset-importer-name" . }} - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" + value: "{{ .Values.api.settings.tempPath }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: MODE value: "{{ .Values.assetImporter.startOnDeployMode }}" - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetImporter.maxParallelJobs }}" + value: "{{ .Values.assetImporter.settings.maxParallelJobs }}" - name: manifest_filename value: "{{ .Values.dgctlStorage.manifest }}" - name: S3Settings__Url @@ -82,21 +82,21 @@ spec: value: "{{ .Values.elastic.indexPrefix }}" - name: API_URL value: http://{{ include "pro-api.name" . }} - {{- if .Values.auth.apiKey }} + {{- if .Values.api.settings.auth.apiKey }} - name: API_TOKEN valueFrom: secretKeyRef: key: apiKey name: {{ include "pro-api.name" . }}-secret {{- end }} - {{- if .Values.assetImporter.files }} + {{- if .Values.assetImporter.settings.files }} - name: FILES - value: "{{ .Values.assetImporter.files}}" + value: "{{ .Values.assetImporter.settings.files}}" {{- end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Common__FailJobOnError value: "true" - name: Navi__Url diff --git a/charts/pro-api/templates/asset-importer.yaml b/charts/pro-api/templates/asset-importer.yaml index 3bcdf499e..fea2db40f 100644 --- a/charts/pro-api/templates/asset-importer.yaml +++ b/charts/pro-api/templates/asset-importer.yaml @@ -29,19 +29,19 @@ spec: resources: {{- toYaml .Values.assetImporter.resources | nindent 16 }} volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume env: - name: JOB_NAME value: {{ include "pro-api.asset-importer-name" . }} - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" + value: "{{ .Values.api.settings.tempPath }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: MODE value: "Schedule" - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetImporter.maxParallelJobs }}" + value: "{{ .Values.assetImporter.settings.maxParallelJobs }}" - name: manifest value: "{{ .Values.dgctlStorage.manifest }}" - name: S3Settings__Url @@ -85,16 +85,16 @@ spec: value: "{{ .Values.elastic.indexPrefix }}" - name: API_URL value: http://{{ include "pro-api.name" . }} - {{- if .Values.auth.apiKey }} + {{- if .Values.api.settings.auth.apiKey }} - name: API_TOKEN valueFrom: secretKeyRef: key: apiKey name: {{ include "pro-api.name" . }}-secret {{- end }} - {{- if .Values.assetImporter.files }} + {{- if .Values.assetImporter.settings.files }} - name: FILES - value: "{{ .Values.assetImporter.files}}" + value: "{{ .Values.assetImporter.settings.files}}" {{- end }} - name: DB_CONNECTION_STRING value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} @@ -104,11 +104,11 @@ spec: key: dbConnectionPwd name: {{ include "pro-api.name" . }}-secret - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Common__EsMetricsEnabled - value: "{{ .Values.assetImporter.esMetricsEnabled }}" + value: "{{ .Values.assetImporter.settings.esMetricsEnabled }}" - name: Digger__Address value: "{{ .Values.digger.url}}" - name: Digger__UserName diff --git a/charts/pro-api/templates/asset-preparer.yaml b/charts/pro-api/templates/asset-preparer.yaml index 95d5a032d..a31bdecf8 100644 --- a/charts/pro-api/templates/asset-preparer.yaml +++ b/charts/pro-api/templates/asset-preparer.yaml @@ -27,7 +27,7 @@ spec: resources: {{- toYaml .Values.assetPreparer.resources | nindent 16 }} volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume env: - name: JOB_NAME @@ -39,7 +39,7 @@ spec: - name: MODE value: "PrepareData" - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetPreparer.maxParallelJobs }}" + value: "{{ .Values.assetPreparer.settings.maxParallelJobs }}" - name: S3Settings__Url value: {{ required "A valid .Values.dgctlStorage.host entry required" $.Values.dgctlStorage.host }} - name: S3Settings__Secure @@ -77,21 +77,21 @@ spec: value: "{{ .Values.elastic.indexPrefix }}" - name: API_URL value: http://{{ include "pro-api.name" . }} - {{ if .Values.auth.apiKey }} + {{ if .Values.api.settings.auth.apiKey }} - name: API_TOKEN valueFrom: secretKeyRef: key: apiKey name: {{ include "pro-api.name" . }}-secret {{ end }} - {{ if .Values.assetPreparer.files }} + {{ if .Values.assetPreparer.settings.files }} - name: FILES - value: "{{ .Values.assetPreparer.files}}" + value: "{{ .Values.assetPreparer.settings.files}}" {{ end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Digger__Address value: "{{ .Values.digger.url}}" - name: Digger__UserName diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index e6582ad47..de7ff3b9f 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -2,21 +2,21 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "pro-api.name" . }} - {{- with .Values.annotations }} + {{- with .Values.api.pod.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "pro-api.labels" . | nindent 4 }} - {{- with .Values.labels }} + {{- with .Values.api.pod.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.strategy }} + replicas: {{ .Values.api.pod.replicaCount }} + revisionHistoryLimit: {{ .Values.api.pod.revisionHistoryLimit }} + {{- if .Values.api.pod.strategy }} strategy: - {{- toYaml .Values.strategy | nindent 4 }} + {{- toYaml .Values.api.pod.strategy | nindent 4 }} {{- end }} selector: matchLabels: @@ -25,47 +25,47 @@ spec: metadata: annotations: checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} + {{- with .Values.api.pod.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "pro-api.labels" . | nindent 8 }} - {{- with .Values.podLabels }} + {{- with .Values.api.pod.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.imagePullSecrets }} + {{- with .Values.api.pod.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.api.pod.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with .Values.api.pod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.api.pod.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if .Values.api.pod.priorityClassName }} + priorityClassName: {{ .Values.api.pod.priorityClassName }} {{- end }} - {{- with .Values.podSecurityContext }} + {{- with .Values.api.pod.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.api.pod.terminationGracePeriodSeconds }} serviceAccountName: {{ include "pro-api.service-account-name" . }} volumes: - name: temp-volume emptyDir: {} containers: - name: {{ include "pro-api.name" . }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} + imagePullPolicy: {{ .Values.api.image.pullPolicy }} ports: - name: http containerPort: 8080 @@ -74,7 +74,7 @@ spec: containerPort: 8090 protocol: TCP volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume livenessProbe: httpGet: @@ -103,26 +103,26 @@ spec: periodSeconds: 5 timeoutSeconds: 5 resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.api.pod.resources | nindent 12 }} lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 5"] env: - name: DEBUG - value: "{{ .Values.api.debug }}" + value: "{{ .Values.api.settings.debug }}" - name: Import__EnableUserAssetsImporter - value: "{{ .Values.backgroundJobs.enableUserAssetsImporter }}" + value: "{{ .Values.api.settings.enableUserAssetsImporter }}" - name: Import__EnableAssetsStreaming - value: "{{ .Values.backgroundJobs.enableAssetsStreaming }}" + value: "{{ .Values.api.settings.enableAssetsStreaming }}" - name: Import__AssetImporterJobName value: {{ include "pro-api.asset-importer-name" . }} - name: Import__ExternalLinksProxyUrl - value: "{{ .Values.assetImporter.externalLinksProxyUrl }}" + value: "{{ .Values.assetImporter.settings.externalLinksProxyUrl }}" - name: Import__ExternalLinksAllowedHosts - value: "{{ .Values.assetImporter.externalLinksAllowedHosts }}" + value: "{{ .Values.assetImporter.settings.externalLinksAllowedHosts }}" - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" + value: "{{ .Values.api.settings.tempPath }}" - name: CATALOG_API_2GIS_URL value: "{{ .Values.catalog.url }}" - name: CATALOG_API_2GIS_KEY @@ -151,13 +151,13 @@ spec: name: {{ include "pro-api.name" . }}-secret {{ end }} - name: LOG_ES_QUERIES - value: "{{ .Values.api.logEsQueries }}" + value: "{{ .Values.api.settings.logEsQueries }}" - name: ALLOW_ANY_ORIGIN - value: "{{ .Values.api.allowAnyOrigin }}" + value: "{{ .Values.api.settings.allowAnyOrigin }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: Common__FilterByZoneCodes - value: "{{ .Values.api.filterByZoneCodes }}" + value: "{{ .Values.api.settings.filterByZoneCodes }}" - name: DB_CONNECTION_STRING value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} {{ if .Values.postgres.connectionStringReadonly }} @@ -227,18 +227,18 @@ spec: - name: Kafka__EventsTopicSettings__ReaderGroupId value: {{ required "A valid .Values.kafka.eventsTopic.readerGroupId entry required" $.Values.kafka.eventsTopic.readerGroupId }} - name: Auth__Type - value: "{{ .Values.auth.type }}" + value: "{{ .Values.api.settings.auth.type }}" - name: Auth__Url - value: "{{ .Values.auth.url }}" + value: "{{ .Values.api.settings.auth.url }}" - name: Auth__UserInfoEndpoint - value: "{{ .Values.auth.userInfoEndpoint }}" + value: "{{ .Values.api.settings.auth.userInfoEndpoint }}" - name: Auth__WellKnownConfigEndpoint - value: "{{ .Values.auth.wellKnownConfigEndpoint }}" + value: "{{ .Values.api.settings.auth.wellKnownConfigEndpoint }}" - name: Auth__AutoRegisterUsers - value: "{{ .Values.auth.autoRegisterUsers }}" + value: "{{ .Values.api.settings.auth.autoRegisterUsers }}" - name: Auth__TurnOffCertValidation - value: "{{ .Values.auth.turnOffCertValidation }}" - {{ if .Values.auth.apiKey }} + value: "{{ .Values.api.settings.auth.turnOffCertValidation }}" + {{ if .Values.api.settings.auth.apiKey }} - name: Auth__ApiKey valueFrom: secretKeyRef: @@ -247,19 +247,19 @@ spec: {{ end }} - name: Auth__PermissionsApiUrl value: {{ include "pro-api.permissions-url" . }} - {{ if .Values.auth.permissionsApiKey }} + {{ if .Values.api.settings.auth.permissionsApiKey }} - name: Auth__PermissionsApiKey valueFrom: secretKeyRef: key: permissionsApiKey name: {{ include "pro-api.name" . }}-secret {{ end }} - {{- range $i, $s := .Values.auth.shareKeys }} + {{- range $i, $s := .Values.api.settings.auth.shareKeys }} - name: Auth__ShareKeys__{{$i}} value: "{{ $s }}" {{- end }} - name: License__Key - value: {{ required "A valid .Values.licenseKey entry required" $.Values.licenseKey }} + value: {{ required "A valid .Values.api.settings.licenseKey entry required" $.Values.api.settings.licenseKey }} - name: KEYS_SERVICE_URL value: "{{ .Values.keys.url }}" {{ if .Values.keys.token }} @@ -285,22 +285,22 @@ spec: name: {{ include "pro-api.name" . }}-secret {{ end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Common__EsDataCentersCount - value: "{{ .Values.api.esDataCentersCount }}" + value: "{{ .Values.api.settings.esDataCentersCount }}" - name: RateLimiter__RequestsLimit - value: "{{ .Values.api.rateLimiter.requestsLimit }}" + value: "{{ .Values.api.settings.rateLimiter.requestsLimit }}" - name: RateLimiter__WindowSizeInSeconds - value: "{{ .Values.api.rateLimiter.windowSizeInSeconds }}" + value: "{{ .Values.api.settings.rateLimiter.windowSizeInSeconds }}" - name: LocalCache__Enabled - value: "{{ .Values.api.localCache.enabled }}" + value: "{{ .Values.api.settings.localCache.enabled }}" - name: LocalCache__TrackStatistics - value: "{{ .Values.api.localCache.trackStatistics }}" + value: "{{ .Values.api.settings.localCache.trackStatistics }}" - name: LicensingService__BaseUri value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} - {{- range $i, $s := .Values.api.openApi.servers }} + {{- range $i, $s := .Values.api.settings.openApi.servers }} - name: OpenApi__Servers__{{$i}} value: "{{ $s }}" {{- end }} diff --git a/charts/pro-api/templates/ingress.yaml b/charts/pro-api/templates/ingress.yaml index 3ac61c435..0f552bff4 100644 --- a/charts/pro-api/templates/ingress.yaml +++ b/charts/pro-api/templates/ingress.yaml @@ -1,21 +1,21 @@ -{{- if .Values.ingress.enabled -}} +{{- if .Values.api.ingress.enabled -}} {{- $fullName := include "pro-api.name" . -}} -{{- $svcPort := .Values.service.port -}} +{{- $svcPort := .Values.api.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: {{- include "pro-api.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- with .Values.api.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - ingressClassName: {{ .Values.ingress.className }} - {{- if .Values.ingress.tls }} + ingressClassName: {{ .Values.api.ingress.className }} + {{- if .Values.api.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.api.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -24,7 +24,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.api.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/charts/pro-api/templates/permission-api-service.yaml b/charts/pro-api/templates/permission-api-service.yaml index f4c6f3692..e8f4dda4e 100644 --- a/charts/pro-api/templates/permission-api-service.yaml +++ b/charts/pro-api/templates/permission-api-service.yaml @@ -1,21 +1,21 @@ -{{ if .Values.permissionsApi.enabled }} +{{ if .Values.permissions.settings.enabled }} apiVersion: v1 kind: Service metadata: name: {{ include "pro-api.permissions-name" . }} - {{- if .Values.permissionApiService.annotations }} + {{- if .Values.permissions.service.annotations }} annotations: - {{- toYaml .Values.permissionApiService.annotations | nindent 4 }} + {{- toYaml .Values.permissions.service.annotations | nindent 4 }} {{- end }} labels: {{- include "pro-api.permissionLabels" . | nindent 4 }} - {{- if .Values.permissionApiService.labels }} - {{- toYaml .Values.permissionApiService.labels | nindent 4 }} + {{- if .Values.permissions.service.labels }} + {{- toYaml .Values.permissions.service.labels | nindent 4 }} {{- end }} spec: - type: {{ .Values.permissionApiService.type }} + type: {{ .Values.permissions.service.type }} ports: - - port: {{ .Values.permissionApiService.port }} + - port: {{ .Values.permissions.service.port }} targetPort: http protocol: TCP name: http diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index b8b743827..c0136b7f0 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -1,20 +1,20 @@ -{{ if .Values.permissionsApi.enabled }} +{{ if .Values.permissions.settings.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "pro-api.permissions-name" . }} - {{- with .Values.permissionsPodSettings.annotations }} + {{- with .Values.permissions.pod.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "pro-api.permissionLabels" . | nindent 4 }} - {{- with .Values.permissionsPodSettings.labels }} + {{- with .Values.permissions.pod.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - replicas: {{ .Values.permissionsPodSettings.replicaCount }} - revisionHistoryLimit: {{ .Values.permissionsPodSettings.revisionHistoryLimit }} + replicas: {{ .Values.permissions.pod.replicaCount }} + revisionHistoryLimit: {{ .Values.permissions.pod.revisionHistoryLimit }} selector: matchLabels: {{- include "pro-api.permissionsSelectorLabels" . | nindent 6 }} @@ -22,46 +22,46 @@ spec: metadata: annotations: checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.permissionsPodSettings.podAnnotations }} + {{- with .Values.permissions.pod.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "pro-api.permissionLabels" . | nindent 8 }} - {{- with .Values.permissionsPodSettings.podLabels }} + {{- with .Values.permissions.pod.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.permissionsPodSettings.imagePullSecrets }} + {{- with .Values.permissions.pod.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.permissionsPodSettings.affinity }} + {{- with .Values.permissions.pod.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.permissionsPodSettings.nodeSelector }} + {{- with .Values.permissions.pod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.permissionsPodSettings.tolerations }} + {{- with .Values.permissions.pod.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.permissionsPodSettings.priorityClassName }} - priorityClassName: {{ .Values.permissionsPodSettings.priorityClassName }} + {{- if .Values.permissions.pod.priorityClassName }} + priorityClassName: {{ .Values.permissions.pod.priorityClassName }} {{- end }} - {{- with .Values.permissionsPodSettings.podSecurityContext }} + {{- with .Values.permissions.pod.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} - terminationGracePeriodSeconds: {{ .Values.permissionsPodSettings.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.permissions.pod.terminationGracePeriodSeconds }} volumes: - name: temp-volume emptyDir: {} containers: - name: {{ include "pro-api.permissions-name" . }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.permissionsApiImage.repository }}:{{ .Values.permissionsApiImage.tag }} - imagePullPolicy: {{ .Values.permissionsApiImage.pullPolicy }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.permissions.image.repository }}:{{ .Values.permissions.image.tag }} + imagePullPolicy: {{ .Values.permissions.image.pullPolicy }} ports: - name: http containerPort: 8081 @@ -70,7 +70,7 @@ spec: containerPort: 8091 protocol: TCP volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume livenessProbe: httpGet: @@ -100,18 +100,18 @@ spec: successThreshold: 1 timeoutSeconds: 5 resources: - {{- toYaml .Values.permissionsPodSettings.resources | nindent 12 }} + {{- toYaml .Values.permissions.pod.resources | nindent 12 }} lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 5"] env: - name: DEBUG - value: "{{ .Values.api.debug }}" + value: "{{ .Values.api.settings.debug }}" - name: ALLOW_ANY_ORIGIN - value: "{{ .Values.api.allowAnyOrigin }}" + value: "{{ .Values.api.settings.allowAnyOrigin }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: DB_CONNECTION_STRING value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} - name: DB_CONNECTION_STRING_READONLY @@ -129,8 +129,8 @@ spec: key: apiKey name: {{ include "pro-api.name" . }}-secret - name: Auth__Type - value: {{ required "A valid .Values.auth.type entry required" $.Values.auth.type }} - {{ if .Values.auth.permissionsApiKey }} + value: {{ required "A valid .Values.api.settings.auth.type entry required" $.Values.api.settings.auth.type }} + {{ if .Values.api.settings.auth.permissionsApiKey }} - name: Auth__PermissionsApiKey valueFrom: secretKeyRef: @@ -162,9 +162,9 @@ spec: name: {{ include "pro-api.name" . }}-secret {{ end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Kafka__BootstrapServers value: {{ $.Values.kafka.bootstrapServers }} - name: Kafka__SecurityProtocol @@ -187,7 +187,7 @@ spec: - name: Kafka__EventsTopicSettings__Name value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: LocalCache__Enabled - value: "{{ .Values.permissionsApi.localCache.enabled }}" + value: "{{ .Values.permissions.settings.localCache.enabled }}" - name: LocalCache__TrackStatistics - value: "{{ .Values.permissionsApi.localCache.trackStatistics }}" + value: "{{ .Values.permissions.settings.localCache.trackStatistics }}" {{- end }} diff --git a/charts/pro-api/templates/permissions-api-ingress.yaml b/charts/pro-api/templates/permissions-api-ingress.yaml index cfd6e1061..4173a915e 100644 --- a/charts/pro-api/templates/permissions-api-ingress.yaml +++ b/charts/pro-api/templates/permissions-api-ingress.yaml @@ -1,21 +1,21 @@ -{{- if and (.Values.permissionsApiIngress.enabled) (.Values.permissionsApi.enabled) }} +{{- if and (.Values.permissions.ingress.enabled) (.Values.permissions.settings.enabled) }} {{- $fullName := include "pro-api.permissions-name" . -}} - {{- $svcPort := .Values.permissionApiService.port -}} + {{- $svcPort := .Values.permissions.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: {{- include "pro-api.permissionLabels" . | nindent 4 }} - {{- with .Values.permissionsApiIngress.annotations }} + {{- with .Values.permissions.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - ingressClassName: {{ .Values.permissionsApiIngress.className }} - {{- if .Values.permissionsApiIngress.tls }} + ingressClassName: {{ .Values.permissions.ingress.className }} + {{- if .Values.permissions.ingress.tls }} tls: - {{- range .Values.permissionsApiIngress.tls }} + {{- range .Values.permissions.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -24,7 +24,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.permissionsApiIngress.hosts }} + {{- range .Values.permissions.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/charts/pro-api/templates/secrets.yaml b/charts/pro-api/templates/secrets.yaml index a0c5d11cf..9092ceef5 100644 --- a/charts/pro-api/templates/secrets.yaml +++ b/charts/pro-api/templates/secrets.yaml @@ -12,8 +12,8 @@ data: {{ if .Values.digger.password }} diggerPassword: {{ .Values.digger.password | b64enc }} {{ end }} - {{ if .Values.auth.permissionsApiKey }} - permissionsApiKey: {{ required "Valid .Values.auth.permissionsApiKey required!" .Values.auth.permissionsApiKey | b64enc }} + {{ if .Values.api.settings.auth.permissionsApiKey }} + permissionsApiKey: {{ required "Valid .Values.api.settings.auth.permissionsApiKey required!" .Values.api.settings.auth.permissionsApiKey | b64enc }} {{ end }} {{ if .Values.elastic.credentials }} esCredentials: {{ .Values.elastic.credentials | b64enc }} @@ -21,8 +21,8 @@ data: {{ if .Values.keys.token }} keysServiceToken: {{ .Values.keys.token | b64enc }} {{ end }} - {{ if .Values.auth.apiKey }} - apiKey: {{ .Values.auth.apiKey | b64enc }} + {{ if .Values.api.settings.auth.apiKey }} + apiKey: {{ .Values.api.settings.auth.apiKey | b64enc }} {{ end }} {{ if .Values.kafka.sasl.password }} kafkaSaslPassword: {{ .Values.kafka.sasl.password | b64enc }} diff --git a/charts/pro-api/templates/service-account.yaml b/charts/pro-api/templates/service-account.yaml index 7586bbd27..b164b55ea 100644 --- a/charts/pro-api/templates/service-account.yaml +++ b/charts/pro-api/templates/service-account.yaml @@ -1,4 +1,4 @@ -{{- if empty .Values.api.serviceAccountOverride }} +{{- if empty .Values.api.service.serviceAccountOverride }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/pro-api/templates/service.yaml b/charts/pro-api/templates/service.yaml index 417928294..f314753f4 100644 --- a/charts/pro-api/templates/service.yaml +++ b/charts/pro-api/templates/service.yaml @@ -4,19 +4,19 @@ apiVersion: v1 kind: Service metadata: name: {{ include "pro-api.name" . }} - {{- if .Values.service.annotations }} + {{- if .Values.api.service.annotations }} annotations: - {{- toYaml .Values.service.annotations | nindent 4 }} + {{- toYaml .Values.api.service.annotations | nindent 4 }} {{- end }} labels: {{- include "pro-api.labels" . | nindent 4 }} - {{- if .Values.service.labels }} - {{- toYaml .Values.service.labels | nindent 4 }} + {{- if .Values.api.service.labels }} + {{- toYaml .Values.api.service.labels | nindent 4 }} {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.api.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.api.service.port }} targetPort: http protocol: TCP name: http diff --git a/charts/pro-api/templates/vpa.yaml b/charts/pro-api/templates/vpa.yaml index 347495d59..6eb8deb95 100644 --- a/charts/pro-api/templates/vpa.yaml +++ b/charts/pro-api/templates/vpa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.vpa.enabled }} +{{- if .Values.api.vpa.enabled }} --- apiVersion: autoscaling.k8s.io/v1 @@ -13,17 +13,17 @@ spec: kind: Deployment name: {{ include "pro-api.name" . }} updatePolicy: - updateMode: {{ .Values.vpa.updateMode }} + updateMode: {{ .Values.api.vpa.updateMode }} resourcePolicy: containerPolicies: - containerName: {{ .Chart.Name }} controlledValues: RequestsOnly mode: Auto - {{- with .Values.vpa.minAllowed }} + {{- with .Values.api.vpa.minAllowed }} minAllowed: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.vpa.maxAllowed }} + {{- with .Values.api.vpa.maxAllowed }} maxAllowed: {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index b4ff4318c..5057bd0ea 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,45 +1,335 @@ -# @section Docker Registry settings + +# @section Geo API configuration & settings + +# @extra Image settings +# @param api.image.repository Repository +# @param api.image.tag Tag +# @param api.image.pullPolicy Pull Policy +# @extra Ingress settings +# @param api.ingress.enabled If Ingress is enabled for the service. +# @param api.ingress.className Name of the Ingress controller class. +# @param api.ingress.hosts[0].host Hostname for the Ingress service. +# @param api.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. +# @param api.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. +# @param api.ingress.tls TLS configuration +# @extra Pod settings +# @param api.pod.appName Name of the service. +# @param api.pod.replicaCount A replica count for the pod. +# @param api.pod.imagePullSecrets Kubernetes image pull secrets. +# @param api.pod.nameOverride Base name to use in all the Kubernetes entities deployed by this chart. +# @param api.pod.fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. +# @param api.pod.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @param api.pod.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). +# @param api.pod.priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). +# @param api.pod.terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds +# @param api.pod.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. +# @param api.pod.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param api.pod.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param api.pod.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param api.pod.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param api.pod.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). +# @extra api.pod.resources **Limits for the application service** +# @param api.pod.resources.requests.cpu A CPU request. +# @param api.pod.resources.requests.memory A memory request. +# @param api.pod.resources.limits.cpu A CPU limit. +# @param api.pod.resources.limits.memory A memory limit. +# @param api.pod.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. +# @param api.pod.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). +# @param api.pod.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. +# @extra VPA settings [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) +# @param api.vpa.enabled If VPA is enabled for the service. +# @param api.vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). +# @param api.vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. +# @param api.vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. +# @param api.vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. +# @param api.vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. +# @extra Service settings +# @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) +# @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). +# @param api.service.port PRO API service port. +# @param api.service.serviceAccount Kubernetes service account +# @param api.service.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. +# @extra Geo API settings +# @param api.settings.licenseKey License key. **Required** +# @param api.settings.tempPath Path to directory used for temp data +# @param api.settings.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service +# @skip api.settings.logEsQueries +# @skip api.settings.debug +# @skip api.settings.env +# @skip api.settings.filterByZoneCodes +# @skip api.settings.esDataCentersCount +# @extra api.settings.logging Logging settings +# @param api.settings.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text +# @param api.settings.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). +# @extra api.settings.rateLimiter rate limiter settings +# @param api.settings.rateLimiter.requestsLimit max number of requests from one user during time window (0 means rate limiter is disabled) +# @param api.settings.rateLimiter.windowSizeInSeconds the size of time windows to count and limit incoming requests +# @skip api.settings.localCache.enabled +# @skip api.settings.localCache.trackStatistics +# @skip api.settings.openApi.servers +# @param api.settings.enableUserAssetsImporter If user data importer job is enabled for the service. +# @param api.settings.enableAssetsStreaming If the streaming data processing job is enabled for the service. +# @param api.settings.auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol +# @param api.settings.auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` +# @param api.settings.auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` +# @param api.settings.auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` +# @param api.settings.auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` +# @param api.settings.auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` +# @skip api.settings.auth.autoRegisterUsers +# @param api.settings.auth.turnOffCertValidation Turn off certificate validation for auth.url +# @param api.settings.auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` + +api: + image: + repository: 2gis-on-premise/pro-api + tag: 1.35.0 + pullPolicy: IfNotPresent + ingress: + enabled: false + className: nginx + hosts: + - host: pro-api.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - hosts: + # - pro-api.example.com + # secretName: secret.tls + pod: + appName: pro-api + replicaCount: 2 + imagePullSecrets: [] + nameOverride: '' + fullnameOverride: '' + nodeSelector: {} + affinity: {} + priorityClassName: '' + terminationGracePeriodSeconds: 300 + tolerations: [] + podAnnotations: {} + podLabels: {} + annotations: {} + labels: {} + revisionHistoryLimit: 3 + resources: + requests: + cpu: 400m + memory: 256M + limits: + cpu: 1 + memory: 1024M + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + vpa: + enabled: false + updateMode: Auto + minAllowed: + cpu: 400m + memory: 256M + maxAllowed: + cpu: 1 + memory: 1024M + service: + annotations: {} + labels: {} + type: ClusterIP + port: 80 + serviceAccount: runner + serviceAccountOverride: '' + settings: + licenseKey: '' + tempPath: /tmp + allowAnyOrigin: false + logEsQueries: false + debug: false + env: '' + filterByZoneCodes: false + esDataCentersCount: 1 + logging: + format: simple + targets: '' + rateLimiter: + requestsLimit: 1024 + windowSizeInSeconds: 1 + localCache: + enabled: true + trackStatistics: false + openApi: + servers: [] + enableUserAssetsImporter: true + enableAssetsStreaming: false + auth: + type: none + url: '' + userInfoEndpoint: '' + wellKnownConfigEndpoint: '' + apiKey: '' + permissionsApiKey: '' + autoRegisterUsers: true + turnOffCertValidation: false + shareKeys: [] + + +# @section Permissions API configuration & settings + +# @skip permissions.image +# @extra Ingress settings +# @param permissions.ingress.enabled If Ingress is enabled for the service. +# @param permissions.ingress.className Name of the Ingress controller class. +# @param permissions.ingress.hosts[0].host Hostname for the Ingress service. +# @param permissions.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. +# @param permissions.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. +# @param permissions.ingress.tls TLS configuration +# @skip permissions.pod +# @skip permissions.service +# @extra Permissions API settings +# @skip permissions.settings.host +# @param permissions.settings.enabled If permissionsApi is enabled for the service. +# @skip permissions.settings.localCache.enabled +# @skip permissions.settings.localCache.trackStatistics + +permissions: + image: + repository: 2gis-on-premise/pro-permissions-api + tag: 1.35.0 + pullPolicy: IfNotPresent + ingress: + enabled: false + className: nginx + hosts: + - host: pro-permissions-api.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - hosts: + # - pro-permissions-api.example.com + # secretName: secret.tls + pod: + replicaCount: 1 + imagePullSecrets: [] + nodeSelector: {} + affinity: {} + priorityClassName: '' + terminationGracePeriodSeconds: 60 + tolerations: [] + podAnnotations: {} + podLabels: {} + annotations: {} + labels: {} + revisionHistoryLimit: 3 + resources: + requests: + cpu: 300m + memory: 256M + limits: + cpu: 1 + memory: 1G + service: + annotations: {} + labels: {} + type: ClusterIP + port: 80 + settings: + host: '' + enabled: false + localCache: + enabled: true + trackStatistics: false + + +# @section asset importer settings + +# @param assetImporter.appName Data Import job name. +# @param assetImporter.repository Docker Repository Image. +# @param assetImporter.tag Docker image tag. +# @param assetImporter.schedule Import job schedule. +# @param assetImporter.backoffLimit The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. +# @param assetImporter.successfulJobsHistoryLimit How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). +# @param assetImporter.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @extra assetImporter.resources **Limits for the import job** +# @param assetImporter.resources.requests.cpu A CPU request. +# @param assetImporter.resources.requests.memory A memory request. +# @param assetImporter.resources.limits.cpu A CPU limit. +# @param assetImporter.resources.limits.memory A memory limit. +# @param assetImporter.enabled If assetImporter is enabled for the service. +# @skip assetImporter.suspended +# @param assetImporter.startOnDeploy Indicates that asset import should start when service installed or updated +# @param assetImporter.startOnDeployMode Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. +# @extra Asset importer settings +# @param assetImporter.settings.maxParallelJobs How many import jobs can be run simultaneously +# @skip assetImporter.settings.files +# @param assetImporter.settings.imageProxyUrl URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) +# @param assetImporter.settings.externalLinksProxyUrl URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) +# @param assetImporter.settings.externalLinksAllowedHosts Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) +# @skip assetImporter.settings.esMetricsEnabled + +assetImporter: + appName: asset-importer + repository: 2gis-on-premise/pro-importer + tag: 1.35.0 + schedule: 0 18 * * * + backoffLimit: 2 + successfulJobsHistoryLimit: 3 + nodeSelector: {} + resources: + requests: + cpu: 700m + memory: 768M + limits: + cpu: 1000m + memory: 8Gi + enabled: true + suspended: false + startOnDeploy: true + startOnDeployMode: ScheduleManifest + settings: + maxParallelJobs: 1 + files: '' + imageProxyUrl: '' + externalLinksProxyUrl: '' + externalLinksAllowedHosts: '' + esMetricsEnabled: false + + +# @section asset preparer settings + +# @skip assetPreparer + +assetPreparer: + appName: asset-preparer + repository: 2gis-on-premise/pro-importer + tag: 1.35.0 + schedule: 0 16 * * 6 + backoffLimit: 2 + successfulJobsHistoryLimit: 1 + nodeSelector: {} + resources: + requests: + cpu: 300m + memory: 256M + limits: + cpu: 500m + memory: 512M + enabled: true + settings: + maxParallelJobs: 1 + + +# @section common infrastructure settings + + +# @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. dgctlDockerRegistry: '' -# @section Common settings - -# @param appName Name of the service. -# @param licenseKey License key. **Required** -# @param replicaCount A replica count for the pod. -# @param imagePullSecrets Kubernetes image pull secrets. -# @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. -# @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. -# @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). -# @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). -# @param priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). -# @param terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds -# @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. -# @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). - -appName: pro-api -licenseKey: '' -replicaCount: 2 -imagePullSecrets: [] -nameOverride: '' -fullnameOverride: '' -nodeSelector: {} -affinity: {} -priorityClassName: '' -terminationGracePeriodSeconds: 300 -tolerations: [] -podAnnotations: {} -podLabels: {} -annotations: {} -labels: {} -revisionHistoryLimit: 3 - # @section Deployment Artifacts Storage settings # @param dgctlStorage.host S3 endpoint. Format: `host:port`. **Required** @@ -61,75 +351,6 @@ dgctlStorage: region: '' disablePayloadSigning: false -# @section Strategy settings - -# @param strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. -# @param strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). -# @param strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. - -strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 - -# @section Service settings - -# @param service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) -# @param service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). -# @param service.port PRO API service port. - -service: - annotations: {} - labels: {} - type: ClusterIP - port: 80 - -# @skip permissionApiService - -permissionApiService: - annotations: {} - labels: {} - type: ClusterIP - port: 80 - -# @section Kubernetes [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) settings - -# @param vpa.enabled If VPA is enabled for the service. -# @param vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). -# @param vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. -# @param vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. -# @param vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. -# @param vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. - -vpa: - enabled: false - updateMode: Auto - minAllowed: - cpu: 400m - memory: 256M - maxAllowed: - cpu: 1 - memory: 1024M - -# @section Deployment settings - -# @param image.repository Repository -# @param image.tag Tag -# @param image.pullPolicy Pull Policy - -image: - repository: 2gis-on-premise/pro-api - tag: 1.35.0 - pullPolicy: IfNotPresent - -# @skip permissionsApiImage - -permissionsApiImage: - repository: 2gis-on-premise/pro-permissions-api - tag: 1.35.0 - pullPolicy: IfNotPresent # @section 2GIS PRO Storage configuration @@ -146,81 +367,6 @@ s3: snapshotBucket: '' resourcesBucket: '' -# @section 2GIS PRO API configuration - -# @param api.serviceAccount Kubernetes service account -# @param api.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. -# @param api.tempPath Path to directory used for temp data -# @param api.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service -# @extra api.logging Logging settings -# @param api.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text -# @param api.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). -# @extra api.rateLimiter rate limiter settings -# @param api.rateLimiter.requestsLimit max number of requests from one user during time window (0 means rate limiter is disabled) -# @param api.rateLimiter.windowSizeInSeconds the size of time windows to count and limit incoming requests -# @skip api.logEsQueries -# @skip api.debug -# @skip api.env -# @skip api.token -# @skip api.filterByZoneCodes -# @skip api.esDataCentersCount -# @skip Local cache settings -# @skip api.localCache.enabled -# @skip api.localCache.trackStatistics -# @skip Open API settings -# @skip api.openApi.servers - -api: - serviceAccount: runner - serviceAccountOverride: '' - tempPath: /tmp - allowAnyOrigin: false - logEsQueries: false - debug: false - env: '' - filterByZoneCodes: false - esDataCentersCount: 1 - logging: - format: simple - targets: '' - rateLimiter: - requestsLimit: 1024 - windowSizeInSeconds: 1 - localCache: - enabled: true - trackStatistics: false - openApi: - servers: [] - -# @section Auth configuration - -# @param auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol -# @param auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` -# @param auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` -# @param auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` -# @param auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` -# @param auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` -# @param auth.turnOffCertValidation Turn off certificate validation for auth.url -# @param auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` -# @skip auth.autoRegisterUsers - -auth: - type: none - url: '' - userInfoEndpoint: '' - wellKnownConfigEndpoint: '' - apiKey: '' - permissionsApiKey: '' - autoRegisterUsers: true - turnOffCertValidation: false - shareKeys: [] - -# @skip digger - -digger: - url: '' - userName: '' - password: '' # @section PostgreSQL settings @@ -233,41 +379,9 @@ postgres: connectionStringReadonly: '' password: '' -# @section Keys Service settings -# @param keys.url API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** -# @param keys.token keys.api access token. **Required** - -keys: - url: '' - token: '' - -# @section ElasticSearch settings (supported version 7.x) - -# @param elastic.host ElasticSearch host address. Format: `http(s)://HOST:PORT` -# @param elastic.credentials User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` -# @skip elastic.indexPrefix - -elastic: - host: '' - credentials: '' - indexPrefix: '' - -# @section Redis settings (supported version 6.x) - -# @param redis.host Redis host address. **Required** -# @param redis.port Redis port. **Required** -# @skip redis.enabled -# @param redis.username Username used to connect to Redis -# @param redis.password Password used to connect to Redis - -redis: - host: '' - port: 6379 - enabled: true - username: '' - password: '' # @section Kafka settings (supported version 2.7) + # @param kafka.bootstrapServers Kafka bootstrap servers. Format: 'host1:port1,host2:port2' # @param kafka.securityProtocol Kafka security protocol. Supported options: SaslPlaintext. # @extra kafka.sasl **Kafka sasl settings** (see [the documentation](https://kafka.apache.org/documentation/#security_sasl_config)) @@ -307,12 +421,57 @@ kafka: readerGroupId: '' refreshAssetsIntervalMinutes: 60 -# @section Import background jobs settings -# @param backgroundJobs.enableUserAssetsImporter If user data importer job is enabled for the service. -# @param backgroundJobs.enableAssetsStreaming If the streaming data processing job is enabled for the service. -backgroundJobs: - enableUserAssetsImporter: true - enableAssetsStreaming: false + +# @section ElasticSearch settings (supported version 7.x) + +# @param elastic.host ElasticSearch host address. Format: `http(s)://HOST:PORT` +# @param elastic.credentials User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` +# @skip elastic.indexPrefix + +elastic: + host: '' + credentials: '' + indexPrefix: '' + + +# @section Redis settings (supported version 6.x) + +# @param redis.host Redis host address. **Required** +# @param redis.port Redis port. **Required** +# @skip redis.enabled +# @param redis.username Username used to connect to Redis +# @param redis.password Password used to connect to Redis + +redis: + host: '' + port: 6379 + enabled: true + username: '' + password: '' + + +# @section external services + + +# @section digger settings + +# @skip digger + +digger: + url: '' + userName: '' + password: '' + + +# @section Keys Service settings + +# @param keys.url API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** +# @param keys.token keys.api access token. **Required** + +keys: + url: '' + token: '' + # @section Catalog API settings @@ -323,6 +482,7 @@ catalog: url: '' key: '' + # @section Navigation API settings # @param navi.url URL for [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). Example: http://navi-back.svc @@ -332,6 +492,7 @@ navi: url: '' key: '' + # @section License Service API settings # @param license.url Licensing server v2 URL. Example: https://license.svc **Required** @@ -339,6 +500,7 @@ navi: license: url: '' + # @section Search API settings # @param search.url URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc @@ -351,176 +513,3 @@ search: tileGen: url: '' userDataTileSet: '' - -# @section 2GIS PRO API Job settings - -# @param appAssetImporterName Data Import job name. -# @skip appAssetPreparerName - -appAssetImporterName: asset-importer -appAssetPreparerName: asset-preparer - -# @skip permissionsPodSettings - -permissionsPodSettings: - replicaCount: 1 - imagePullSecrets: [] - nodeSelector: {} - affinity: {} - priorityClassName: '' - terminationGracePeriodSeconds: 60 - tolerations: [] - podAnnotations: {} - podLabels: {} - annotations: {} - labels: {} - revisionHistoryLimit: 3 - resources: - requests: - cpu: 300m - memory: 512M - limits: - cpu: 1 - memory: 1G - -# @section 2GIS PRO Permissions API configuration -# @skip permissionsApi.host -# @param permissionsApi.enabled If permissionsApi is enabled for the service. -# @skip Local cache settings -# @skip permissionsApi.localCache.enabled -# @skip permissionsApi.localCache.trackStatistics - -permissionsApi: - host: '' - enabled: false - localCache: - enabled: true - trackStatistics: false - -# @section Import job settings - -# @param assetImporter.repository Docker Repository Image. -# @param assetImporter.tag Docker image tag. -# @param assetImporter.schedule Import job schedule. -# @param assetImporter.backoffLimit The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. -# @param assetImporter.successfulJobsHistoryLimit How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). -# @param assetImporter.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). -# @param assetImporter.maxParallelJobs How many import jobs can be run simultaneously -# @param assetImporter.enabled If assetImporter is enabled for the service. -# @param assetImporter.startOnDeploy Indicates that asset import should start when service installed or updated -# @param assetImporter.startOnDeployMode Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. -# @param assetImporter.imageProxyUrl URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) -# @param assetImporter.externalLinksProxyUrl URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) -# @param assetImporter.externalLinksAllowedHosts Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) -# @skip assetImporter.files -# @skip assetImporter.esMetricsEnabled -# @skip assetImporter.suspended - -assetImporter: - repository: 2gis-on-premise/pro-importer - tag: 1.35.0 - schedule: 0 18 * * * - backoffLimit: 2 - successfulJobsHistoryLimit: 3 - nodeSelector: {} - resources: - requests: - cpu: 700m - memory: 768M - limits: - cpu: 1000m - memory: 8Gi - maxParallelJobs: 1 - enabled: true - suspended: false - startOnDeploy: true - startOnDeployMode: ScheduleManifest - files: '' - imageProxyUrl: '' - externalLinksProxyUrl: '' - externalLinksAllowedHosts: '' - esMetricsEnabled: false - -# @skip assetPreparer - -assetPreparer: - repository: 2gis-on-premise/pro-importer - tag: 1.35.0 - schedule: 0 16 * * 6 - backoffLimit: 2 - successfulJobsHistoryLimit: 1 - nodeSelector: {} - resources: - requests: - cpu: 300m - memory: 256M - limits: - cpu: 500m - memory: 512M - enabled: true - maxParallelJobs: 1 - -# @section Limits - -# @extra resources **Limits for the application service** -# @param resources.requests.cpu A CPU request. -# @param resources.requests.memory A memory request. -# @param resources.limits.cpu A CPU limit. -# @param resources.limits.memory A memory limit. - -# @extra assetImporter.resources **Limits for the import job** -# @param assetImporter.resources.requests.cpu A CPU request. -# @param assetImporter.resources.requests.memory A memory request. -# @param assetImporter.resources.limits.cpu A CPU limit. -# @param assetImporter.resources.limits.memory A memory limit. - -resources: - requests: - cpu: 400m - memory: 256M - limits: - cpu: 1 - memory: 1024M - -# @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings - -# @section 2GIS PRO API ingress settings -# @param ingress.enabled If Ingress is enabled for the service. -# @param ingress.className Name of the Ingress controller class. -# @param ingress.hosts[0].host Hostname for the Ingress service. -# @param ingress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. -# @param ingress.tls TLS configuration - -ingress: - enabled: false - className: nginx - hosts: - - host: pro-api.example.com - paths: - - path: / - pathType: Prefix - tls: [] - # - hosts: - # - pro-api.example.com - # secretName: secret.tls - -# @section 2GIS PRO Permissions API ingress settings -# @param permissionsApiIngress.enabled If Ingress is enabled for the service. -# @param permissionsApiIngress.className Name of the Ingress controller class. -# @param permissionsApiIngress.hosts[0].host Hostname for the Ingress service. -# @param permissionsApiIngress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param permissionsApiIngress.hosts[0].paths[0].pathType Type of the path for the Ingress service. -# @param permissionsApiIngress.tls TLS configuration -permissionsApiIngress: - enabled: false - className: nginx - hosts: - - host: pro-permissions-api.example.com - paths: - - path: / - pathType: Prefix - tls: [] - # - hosts: - # - pro-permissions-api.example.com - # secretName: secret.tls From d002483a488dca78441e69cc80014db283279526 Mon Sep 17 00:00:00 2001 From: Michel Beloshitsky Date: Mon, 30 Sep 2024 14:24:54 +0300 Subject: [PATCH 62/91] Improve MapGL JS API params (#509) --- Breaking-Changes.md | 4 +++ charts/mapgl-js-api/README.md | 32 +++++++++---------- charts/mapgl-js-api/templates/deployment.yaml | 4 +-- charts/mapgl-js-api/values.yaml | 8 ++--- 4 files changed, 26 insertions(+), 22 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 0bba4f8fa..535702108 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -2,6 +2,10 @@ ## [1.29.0] +### mapgl-js-api +- MAPGL_ICONSPATH renamed to MAPGL_ICONS_URL +- MAPGL_MODELSPATH renamed to MAPGL_MODELS_URL. + ### pro-api - appName renamed to api.appName - image renamed to api.image diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index 93e623ad5..e3750dbb7 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -51,22 +51,22 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: ### Environment variables -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| `env.MAPGL_DEMO_KEY` | token from 'keys-api' service. Defines access for map through MAPGL_HOST. | `""` | -| `env.MAPGL_HOST` | URL for MapGL JS API service, e.g. 'https://mapgl-api.ingress.host' | `""` | -| `env.MAPGL_TILES_API` | URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' | `""` | -| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | -| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | -| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `https://traffic-proxy.ingress.host` | -| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service, e.g. 'https://floors-api.ingress.host' | `""` | -| `env.MAPGL_STYLESERVER` | URL of the Styles API service, e.g. 'https://styles.ingress.host' | `""` | -| `env.MAPGL_ICONSPATH` | URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' | `""` | -| `env.MAPGL_MODELSPATH` | URL of the models directory, e.g. 'https://styles.ingress.host/styles/assets/models' | `""` | -| `env.MAPGL_KEYSERVER` | URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' | `""` | -| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' | `""` | -| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | -| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| `env.MAPGL_DEMO_KEY` | token from 'keys-api' service. Defines access for map through MAPGL_HOST. | `""` | +| `env.MAPGL_HOST` | URL for MapGL JS API service, e.g. 'https://mapgl-api.ingress.host' | `""` | +| `env.MAPGL_TILES_API` | URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' | `""` | +| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | +| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | +| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `https://traffic-proxy.ingress.host` | +| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service, e.g. 'https://floors-api.ingress.host' | `""` | +| `env.MAPGL_STYLESERVER` | URL of the Styles API service, e.g. 'https://styles.ingress.host' | `""` | +| `env.MAPGL_ICONS_URL` | URL of the icons directory, e.g. 'https://s3.ingress.host/styles/assets/icons'. This s3 URL must be public available (accessible from browser). | `""` | +| `env.MAPGL_MODELS_URL` | URL of the models directory, e.g. 'https://s3.ingress.host/styles/assets/models'. This s3 URL must be public available (accessible from browser). | `""` | +| `env.MAPGL_KEYSERVER` | URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' | `""` | +| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' | `""` | +| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | +| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | ### Strategy settings diff --git a/charts/mapgl-js-api/templates/deployment.yaml b/charts/mapgl-js-api/templates/deployment.yaml index 7c56b7dc2..862d49ea8 100644 --- a/charts/mapgl-js-api/templates/deployment.yaml +++ b/charts/mapgl-js-api/templates/deployment.yaml @@ -58,9 +58,9 @@ spec: - name: MAPGL_STYLESERVER value: {{ .Values.env.MAPGL_STYLESERVER | quote }} - name: MAPGL_ICONSPATH - value: {{ .Values.env.MAPGL_ICONSPATH | quote }} + value: {{ .Values.env.MAPGL_ICONS_URL | quote }} - name: MAPGL_MODELSPATH - value: {{ .Values.env.MAPGL_MODELSPATH | quote }} + value: {{ .Values.env.MAPGL_MODELS_URL | quote }} - name: MAPGL_KEYSERVER value: {{ .Values.env.MAPGL_KEYSERVER | quote }} - name: MAPGL_RTLPLUGIN diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index 04d2e2f3c..9dd17ded7 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -52,8 +52,8 @@ image: # @param env.MAPGL_TRAFFICSERVER Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' # @param env.MAPGL_FLOORSSERVER URL of the Floors API service, e.g. 'https://floors-api.ingress.host' # @param env.MAPGL_STYLESERVER URL of the Styles API service, e.g. 'https://styles.ingress.host' -# @param env.MAPGL_ICONSPATH URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' -# @param env.MAPGL_MODELSPATH URL of the models directory, e.g. 'https://styles.ingress.host/styles/assets/models' +# @param env.MAPGL_ICONS_URL URL of the icons directory, e.g. 'https://s3.ingress.host/styles/assets/icons'. This s3 URL must be public available (accessible from browser). +# @param env.MAPGL_MODELS_URL URL of the models directory, e.g. 'https://s3.ingress.host/styles/assets/models'. This s3 URL must be public available (accessible from browser). # @param env.MAPGL_KEYSERVER URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' # @param env.MAPGL_RTLPLUGIN URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' # @param env.MAPGL_RTLPLUGINHASH SHA512 hash of the RTL plugin. @@ -68,8 +68,8 @@ env: MAPGL_TRAFFICSERVER: 'https://traffic-proxy.ingress.host' MAPGL_FLOORSSERVER: '' MAPGL_STYLESERVER: '' - MAPGL_ICONSPATH: '' - MAPGL_MODELSPATH: '' + MAPGL_ICONS_URL: '' + MAPGL_MODELS_URL: '' MAPGL_KEYSERVER: '' MAPGL_RTLPLUGIN: '' MAPGL_RTLPLUGINHASH: sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA== From 425cbc052070a9f2c8266404af481e8a68a092ff Mon Sep 17 00:00:00 2001 From: uk-navi-ci <161344134+uk-navi-ci@users.noreply.github.com> Date: Tue, 1 Oct 2024 05:31:29 +0300 Subject: [PATCH 63/91] [chart/navi-back] chart syncup (#498) * Added custom CA support --------- Co-authored-by: Morozov Dmitriy --- charts/navi-back/README.md | 7 ++ charts/navi-back/templates/_helpers.tpl | 9 +++ charts/navi-back/templates/configmap-ca.yaml | 9 +++ charts/navi-back/templates/deployment.yaml | 77 +++++++++++++------- charts/navi-back/values.yaml | 13 ++++ 5 files changed, 90 insertions(+), 25 deletions(-) create mode 100644 charts/navi-back/templates/configmap-ca.yaml diff --git a/charts/navi-back/README.md b/charts/navi-back/README.md index b17180c99..5fd1d63d5 100644 --- a/charts/navi-back/README.md +++ b/charts/navi-back/README.md @@ -335,6 +335,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `metrics.resources.limits.cpu` | CPU limit, recommended value `100m` | | | `metrics.resources.limits.memory` | Memory limit, recommended value `10Mi` | | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-back/templates/_helpers.tpl b/charts/navi-back/templates/_helpers.tpl index c81df9461..4bbe27c71 100644 --- a/charts/navi-back/templates/_helpers.tpl +++ b/charts/navi-back/templates/_helpers.tpl @@ -399,3 +399,12 @@ Usage: {{- printf (include "config.setCastleUrl" $) -}} {{- end -}} {{- end -}} + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-back/templates/configmap-ca.yaml b/charts/navi-back/templates/configmap-ca.yaml new file mode 100644 index 000000000..c1f0d6598 --- /dev/null +++ b/charts/navi-back/templates/configmap-ca.yaml @@ -0,0 +1,9 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "generic-chart.fullname" . }}-configmap-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-back/templates/deployment.yaml b/charts/navi-back/templates/deployment.yaml index 2ff5e1da3..603a9c44b 100644 --- a/charts/navi-back/templates/deployment.yaml +++ b/charts/navi-back/templates/deployment.yaml @@ -30,6 +30,9 @@ spec: annotations: checksum/config: {{ (include (print $.Template.BasePath "/configmap.yaml") . | fromYaml).data | toYaml | sha256sum }} checksum/secret: {{ (include (print $.Template.BasePath "/secret.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -52,6 +55,11 @@ spec: - name: {{ include "generic-chart.fullname" . }}-configmap configMap: name: {{ include "generic-chart.fullname" . }}-configmap + {{- if .Values.customCAs.bundle }} + - name: {{ include "generic-chart.fullname" . }}-configmap-ca + configMap: + name: {{ include "generic-chart.fullname" . }}-configmap-ca + {{- end }} {{- if .Values.kafka.fileProperties }} - name: {{ include "generic-chart.fullname" . }}-secret secret: @@ -87,6 +95,16 @@ spec: - name: {{ include "generic-chart.fullname" . }}-configmap mountPath: /etc/envoy/envoy.yaml subPath: envoy.yaml + {{- if .Values.customCAs.bundle }} + - name: {{ include "generic-chart.fullname" . }}-configmap-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} + {{- if .Values.customCAs.bundle }} + env: + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} {{- if (.Values.envoy).resources }} resources: {{- toYaml .Values.envoy.resources | nindent 12 }} {{- end }} @@ -168,27 +186,32 @@ spec: - /etc/2gis/mosesd/navi-back.conf {{- end }} volumeMounts: - - name: {{ include "generic-chart.fullname" . }}-configmap - mountPath: /etc/2gis/mosesd/navi-back.conf - subPath: navi-back.conf - - name: {{ include "generic-chart.fullname" . }}-configmap - mountPath: /etc/2gis/mosesd/rules.conf - subPath: rules.conf - {{- if .Values.kafka.fileProperties }} - - name: {{ include "generic-chart.fullname" . }}-secret - mountPath: /etc/2gis/mosesd/secret/ - {{- end }} - {{- if .Values.naviback.sentry.enabled }} - - name: sentry-volume - mountPath: {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }} - {{- end }} - {{- if .Values.naviback.hierarchies.enabled }} - - name: hierarchies-volume - mountPath: "/tmp/hierarchies" - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 10 }} - {{- end }} + - name: {{ include "generic-chart.fullname" . }}-configmap + mountPath: /etc/2gis/mosesd/navi-back.conf + subPath: navi-back.conf + - name: {{ include "generic-chart.fullname" . }}-configmap + mountPath: /etc/2gis/mosesd/rules.conf + subPath: rules.conf + {{- if .Values.kafka.fileProperties }} + - name: {{ include "generic-chart.fullname" . }}-secret + mountPath: /etc/2gis/mosesd/secret/ + {{- end }} + {{- if .Values.naviback.sentry.enabled }} + - name: sentry-volume + mountPath: {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }} + {{- end }} + {{- if .Values.naviback.hierarchies.enabled }} + - name: hierarchies-volume + mountPath: "/tmp/hierarchies" + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + - name: {{ include "generic-chart.fullname" . }}-configmap-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} ports: - name: http containerPort: {{ .Values.naviback.appPort }} @@ -243,10 +266,14 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: - - name: RULE - value: {{ .Values.naviback.app_rule | default "" | quote }} - - name: PROJECT - value: {{ .Values.app_project | default "" | quote }} + - name: RULE + value: {{ .Values.naviback.app_rule | default "" | quote }} + - name: PROJECT + value: {{ .Values.app_project | default "" | quote }} + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} lifecycle: # wait for the endpoint removal process preStop: diff --git a/charts/navi-back/values.yaml b/charts/navi-back/values.yaml index ad7dcc950..de6f8d3f8 100644 --- a/charts/navi-back/values.yaml +++ b/charts/navi-back/values.yaml @@ -658,3 +658,16 @@ metrics: tag: '' port: 9090 resources: {} + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' From e7edc6cb821806aac834c540bd0935c81e77c660 Mon Sep 17 00:00:00 2001 From: Morozov Dmitriy Date: Tue, 1 Oct 2024 11:52:18 +0300 Subject: [PATCH 64/91] add custom ca for navi-castle, navi-restrictions, navi-async-matrix (#511) Co-authored-by: Morozov Dmitriy --- charts/navi-async-matrix/README.md | 7 +++++++ .../navi-async-matrix/templates/_helpers.tpl | 9 +++++++++ .../templates/configmap-ca.yaml | 10 ++++++++++ .../templates/statefulset.yaml | 17 +++++++++++++++++ charts/navi-async-matrix/values.yaml | 14 ++++++++++++++ charts/navi-castle/README.md | 7 +++++++ charts/navi-castle/templates/_helpers.tpl | 10 ++++++++++ .../navi-castle/templates/configmap-ca.yaml | 9 +++++++++ charts/navi-castle/templates/cronjob.yaml | 15 +++++++++++++++ charts/navi-castle/templates/statefulset.yaml | 18 ++++++++++++++++++ charts/navi-castle/values.yaml | 13 +++++++++++++ charts/navi-restrictions/README.md | 7 +++++++ .../navi-restrictions/templates/_helpers.tpl | 9 +++++++++ .../templates/configmap-ca.yaml | 9 +++++++++ .../navi-restrictions/templates/cronjob.yaml | 16 ++++++++++++++++ .../templates/deployment.yaml | 19 +++++++++++++++++++ charts/navi-restrictions/values.yaml | 14 ++++++++++++++ 17 files changed, 203 insertions(+) create mode 100644 charts/navi-async-matrix/templates/configmap-ca.yaml create mode 100644 charts/navi-castle/templates/configmap-ca.yaml create mode 100644 charts/navi-restrictions/templates/configmap-ca.yaml diff --git a/charts/navi-async-matrix/README.md b/charts/navi-async-matrix/README.md index 5d2d7fd7d..ab82fb334 100644 --- a/charts/navi-async-matrix/README.md +++ b/charts/navi-async-matrix/README.md @@ -202,6 +202,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation/distance- | `keys.url` | API keys service URL, ex: http://keys-api.svc/service/v1/keys. **Required** | `""` | | `keys.token` | API token to authorize at the service. **Required** | `""` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-async-matrix/templates/_helpers.tpl b/charts/navi-async-matrix/templates/_helpers.tpl index f18deae00..9d18c9a6f 100644 --- a/charts/navi-async-matrix/templates/_helpers.tpl +++ b/charts/navi-async-matrix/templates/_helpers.tpl @@ -212,3 +212,12 @@ Name for psql secret and volume {{- define "navi-async-matrix.fullname-psql" -}} {{- printf "%s-psql" (include "navi-async-matrix.fullname" .) -}} {{- end }} + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-async-matrix/templates/configmap-ca.yaml b/charts/navi-async-matrix/templates/configmap-ca.yaml new file mode 100644 index 000000000..87141aca4 --- /dev/null +++ b/charts/navi-async-matrix/templates/configmap-ca.yaml @@ -0,0 +1,10 @@ + +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "navi-async-matrix.fullname" . }}-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-async-matrix/templates/statefulset.yaml b/charts/navi-async-matrix/templates/statefulset.yaml index d02897f01..b1a48dd73 100644 --- a/charts/navi-async-matrix/templates/statefulset.yaml +++ b/charts/navi-async-matrix/templates/statefulset.yaml @@ -33,6 +33,9 @@ spec: {{- end }} checksum/config: {{ (include (print $.Template.BasePath "/configmap.yaml") . | fromYaml).data | toYaml | sha256sum }} checksum/secret: {{ (include (print $.Template.BasePath "/secret.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -93,6 +96,11 @@ spec: - name: {{ include "navi-async-matrix.fullname-psql" . | quote }} emptyDir: {} {{- end }} + {{- if .Values.customCAs.bundle }} + - name: {{ include "navi-async-matrix.fullname" . }}-ca + configMap: + name: {{ include "navi-async-matrix.fullname" . }}-ca + {{- end }} initContainers: {{- if .Values.db.tls.enabled }} - name: copy-certs @@ -155,6 +163,11 @@ spec: - name: {{ printf "%s-psql" (include "navi-async-matrix.fullname" .) | quote }} mountPath: /etc/2gis/secret/psql {{- end }} + {{- if .Values.customCAs.bundle }} + - name: {{ include "navi-async-matrix.fullname" . }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} env: - name: DM_ASYNC_SERVICE_HOST value: {{ .Values.dm.host | quote }} @@ -263,3 +276,7 @@ spec: secretKeyRef: name: {{ include "navi-async-matrix.fullname" . | quote }} key: dmApiKey + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} diff --git a/charts/navi-async-matrix/values.yaml b/charts/navi-async-matrix/values.yaml index 4d3ca0cf0..7569c1393 100644 --- a/charts/navi-async-matrix/values.yaml +++ b/charts/navi-async-matrix/values.yaml @@ -389,3 +389,17 @@ bss: keys: url: '' token: '' + + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/navi-castle/README.md b/charts/navi-castle/README.md index 7705cae84..9145e9a79 100644 --- a/charts/navi-castle/README.md +++ b/charts/navi-castle/README.md @@ -150,6 +150,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `persistentVolume.storageClass` | Volume [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). | `ceph-csi-rbd` | | `persistentVolume.size` | Volume size. | `5Gi` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-castle/templates/_helpers.tpl b/charts/navi-castle/templates/_helpers.tpl index 8e4d071bb..20c641d06 100644 --- a/charts/navi-castle/templates/_helpers.tpl +++ b/charts/navi-castle/templates/_helpers.tpl @@ -83,3 +83,13 @@ Determine --service parameter for a specific cron job flavor {{- define "castle.serviceParameter" -}} {{- eq "restrictionImport" .flavor | ternary "import-restrictions" .flavor -}} {{- end -}} + + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-castle/templates/configmap-ca.yaml b/charts/navi-castle/templates/configmap-ca.yaml new file mode 100644 index 000000000..96d19c95c --- /dev/null +++ b/charts/navi-castle/templates/configmap-ca.yaml @@ -0,0 +1,9 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "castle.fullname" . }}-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-castle/templates/cronjob.yaml b/charts/navi-castle/templates/cronjob.yaml index ff1011da3..87dde3969 100644 --- a/charts/navi-castle/templates/cronjob.yaml +++ b/charts/navi-castle/templates/cronjob.yaml @@ -38,6 +38,11 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config configMap: name: {{ include "castle.fullname" $ }}-builder-config + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + configMap: + name: {{ include "castle.fullname" $ }}-ca + {{- end }} containers: - name: castle-cron image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ $.Values.castle.image.repository }}:{{ $.Values.castle.image.tag | default $.Chart.AppVersion }} @@ -48,6 +53,11 @@ spec: - /opt/config_builder.conf - --service={{ include "castle.serviceParameter" ( dict "flavor" $flavor ) }} - --jobs={{ $.Values.castle.jobs | default 1 | int }} + {{- if .Values.customCAs.bundle }} + env: + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} volumeMounts: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: /opt/config_builder.conf @@ -55,6 +65,11 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: {{ $.Values.castle.castleDataPath }}/cities_template subPath: cities_template + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} - name: {{ include "castle.fullname" $ }}-pvc mountPath: {{ $.Values.castle.castleDataPath }} resources: diff --git a/charts/navi-castle/templates/statefulset.yaml b/charts/navi-castle/templates/statefulset.yaml index 1ebb39524..c6ef8fedc 100644 --- a/charts/navi-castle/templates/statefulset.yaml +++ b/charts/navi-castle/templates/statefulset.yaml @@ -25,6 +25,9 @@ spec: checksum/configbuilder: {{ include (print $.Template.BasePath "/configmapbuilder.yaml") . | sha256sum }} checksum/configbuilder-runnable: {{ include (print $.Template.BasePath "/configmapbuilder-runnable.yaml") . | sha256sum }} checksum/confignginx: {{ include (print $.Template.BasePath "/configmapnginx.yaml") . | sha256sum }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -49,6 +52,11 @@ spec: - name: {{ include "castle.fullname" . }}-castle-nginx-config configMap: name: {{ include "castle.fullname" . }}-castle-nginx-config + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + configMap: + name: {{ include "castle.fullname" $ }}-ca + {{- end }} {{- if (not .Values.persistentVolume.enabled) }} - name: {{ include "castle.fullname" . }}-data emptyDir: {} @@ -97,6 +105,11 @@ spec: command: ["/tini","--"] args: - /opt/update_services_init.sh + env: + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} resources: {{- toYaml $.Values.resources | nindent 12 }} startupProbe: @@ -130,6 +143,11 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: /opt/update_services subPath: update_services + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} {{- if .Values.persistentVolume.enabled }} - name: {{ include "castle.fullname" . }}-pvc mountPath: {{ .Values.castle.castleDataPath }} diff --git a/charts/navi-castle/values.yaml b/charts/navi-castle/values.yaml index fcc24587b..a8a2e9385 100644 --- a/charts/navi-castle/values.yaml +++ b/charts/navi-castle/values.yaml @@ -205,3 +205,16 @@ persistentVolume: - ReadWriteOnce storageClass: ceph-csi-rbd size: 5Gi + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/navi-restrictions/README.md b/charts/navi-restrictions/README.md index bbbb34e1d..1c27f5777 100644 --- a/charts/navi-restrictions/README.md +++ b/charts/navi-restrictions/README.md @@ -174,6 +174,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/restrictions) to lea | `cron.resources.limits.cpu` | A CPU limit | `1000m` | | `cron.resources.limits.memory` | A memory limit | `1024Mi` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-restrictions/templates/_helpers.tpl b/charts/navi-restrictions/templates/_helpers.tpl index ebbefcc47..cefd13446 100644 --- a/charts/navi-restrictions/templates/_helpers.tpl +++ b/charts/navi-restrictions/templates/_helpers.tpl @@ -87,3 +87,12 @@ Check for deprecated values {{- if .Values.db -}}{{ fail "[after 1.20.2] .Values.db renamed to .Values.postgres" }}{{- end }} {{- end }} {{/* 1.20.2 */}} {{- end }} + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-restrictions/templates/configmap-ca.yaml b/charts/navi-restrictions/templates/configmap-ca.yaml new file mode 100644 index 000000000..a45b15138 --- /dev/null +++ b/charts/navi-restrictions/templates/configmap-ca.yaml @@ -0,0 +1,9 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "navi-restrictions.fullname" . }}-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-restrictions/templates/cronjob.yaml b/charts/navi-restrictions/templates/cronjob.yaml index da2f23c5f..31818a91c 100644 --- a/charts/navi-restrictions/templates/cronjob.yaml +++ b/charts/navi-restrictions/templates/cronjob.yaml @@ -32,6 +32,12 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} spec: + {{- if .Values.customCAs.bundle }} + volumes: + - name: {{ include "navi-restrictions.fullname" $ }}-ca + configMap: + name: {{ include "navi-restrictions.fullname" $ }}-ca + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 12 }} @@ -83,4 +89,14 @@ spec: secretKeyRef: name: {{ include "navi-restrictions.fullname" . }} key: keysApi + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + - name: {{ include "navi-restrictions.fullname" $ }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} {{- end }} diff --git a/charts/navi-restrictions/templates/deployment.yaml b/charts/navi-restrictions/templates/deployment.yaml index 9369ad4ae..e2d6b8c1e 100644 --- a/charts/navi-restrictions/templates/deployment.yaml +++ b/charts/navi-restrictions/templates/deployment.yaml @@ -31,6 +31,9 @@ spec: {{- if .Values.prometheusEnabled }} prometheus.io/scrape: "true" {{- end }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -41,6 +44,12 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- if .Values.customCAs.bundle }} + volumes: + - name: {{ include "navi-restrictions.fullname" . }}-ca + configMap: + name: {{ include "navi-restrictions.fullname" . }}-ca + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -90,6 +99,12 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + - name: {{ include "navi-restrictions.fullname" . }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} env: - name: DEBUG value: "{{ .Values.api.debug | ternary "True" "False" }}" @@ -115,3 +130,7 @@ spec: secretKeyRef: name: {{ include "navi-restrictions.fullname" . }} key: keysApi + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} diff --git a/charts/navi-restrictions/values.yaml b/charts/navi-restrictions/values.yaml index 20e1c7d32..76b524fee 100644 --- a/charts/navi-restrictions/values.yaml +++ b/charts/navi-restrictions/values.yaml @@ -267,3 +267,17 @@ cron: # @param cron.resources.requests.memory A memory request # @param cron.resources.limits.cpu A CPU limit # @param cron.resources.limits.memory A memory limit + + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' From a49f2573ed58a9cb8841fe93266043fdc3ebccf4 Mon Sep 17 00:00:00 2001 From: dbelyaev-nsk Date: Wed, 2 Oct 2024 17:25:51 +0700 Subject: [PATCH 65/91] sm fix --- charts/pro-api/values.yaml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 77ef8e55c..7d8c61e7b 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,7 +1,3 @@ -<<<<<<< HEAD - -======= ->>>>>>> origin/master # @section Geo API configuration & settings # @extra Image settings From 9db512ec981832525b25f552681713b3158a3bbd Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Thu, 3 Oct 2024 10:10:38 +0500 Subject: [PATCH 66/91] Fix customCAs include in navi-castle cronjob template --- charts/navi-castle/templates/cronjob.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/navi-castle/templates/cronjob.yaml b/charts/navi-castle/templates/cronjob.yaml index 87dde3969..a12ee3f5d 100644 --- a/charts/navi-castle/templates/cronjob.yaml +++ b/charts/navi-castle/templates/cronjob.yaml @@ -38,7 +38,7 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config configMap: name: {{ include "castle.fullname" $ }}-builder-config - {{- if .Values.customCAs.bundle }} + {{- if $.Values.customCAs.bundle }} - name: {{ include "castle.fullname" $ }}-ca configMap: name: {{ include "castle.fullname" $ }}-ca @@ -53,7 +53,7 @@ spec: - /opt/config_builder.conf - --service={{ include "castle.serviceParameter" ( dict "flavor" $flavor ) }} - --jobs={{ $.Values.castle.jobs | default 1 | int }} - {{- if .Values.customCAs.bundle }} + {{- if $.Values.customCAs.bundle }} env: - name: SSL_CERT_FILE value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt @@ -65,7 +65,7 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: {{ $.Values.castle.castleDataPath }}/cities_template subPath: cities_template - {{- if .Values.customCAs.bundle }} + {{- if $.Values.customCAs.bundle }} - name: {{ include "castle.fullname" $ }}-ca mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt subPath: custom-ca.crt From 869da3970c61a1cdc0fc3ae10d3b5935f5ca3836 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Thu, 3 Oct 2024 10:11:57 +0500 Subject: [PATCH 67/91] Revert "Fix customCAs include in navi-castle cronjob template" This reverts commit 9db512ec981832525b25f552681713b3158a3bbd. --- charts/navi-castle/templates/cronjob.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/navi-castle/templates/cronjob.yaml b/charts/navi-castle/templates/cronjob.yaml index a12ee3f5d..87dde3969 100644 --- a/charts/navi-castle/templates/cronjob.yaml +++ b/charts/navi-castle/templates/cronjob.yaml @@ -38,7 +38,7 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config configMap: name: {{ include "castle.fullname" $ }}-builder-config - {{- if $.Values.customCAs.bundle }} + {{- if .Values.customCAs.bundle }} - name: {{ include "castle.fullname" $ }}-ca configMap: name: {{ include "castle.fullname" $ }}-ca @@ -53,7 +53,7 @@ spec: - /opt/config_builder.conf - --service={{ include "castle.serviceParameter" ( dict "flavor" $flavor ) }} - --jobs={{ $.Values.castle.jobs | default 1 | int }} - {{- if $.Values.customCAs.bundle }} + {{- if .Values.customCAs.bundle }} env: - name: SSL_CERT_FILE value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt @@ -65,7 +65,7 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: {{ $.Values.castle.castleDataPath }}/cities_template subPath: cities_template - {{- if $.Values.customCAs.bundle }} + {{- if .Values.customCAs.bundle }} - name: {{ include "castle.fullname" $ }}-ca mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt subPath: custom-ca.crt From 6b27e8849af7e92752099b7640785b963aff0a18 Mon Sep 17 00:00:00 2001 From: mprudnikov3 <139206622+mprudnikov3@users.noreply.github.com> Date: Thu, 17 Oct 2024 13:34:52 +0700 Subject: [PATCH 68/91] Add github action "MM Release notification" (#516) * [ONPREM-932] test notif release mm * [ONPREM-932] change tests rules * [ONPREM-932] add changes job rules * [ONPREM-932] fix on.workflows * [ONPREM-932] fixes style * [ONPREM-932] rename PR notif action & fix release notif --------- Co-authored-by: mprudnikov3 --- .../{mm-notify.yaml => mm-pr-notify.yaml} | 9 +++++-- .github/workflows/mm-release-notify.yaml | 27 +++++++++++++++++++ 2 files changed, 34 insertions(+), 2 deletions(-) rename .github/workflows/{mm-notify.yaml => mm-pr-notify.yaml} (92%) create mode 100644 .github/workflows/mm-release-notify.yaml diff --git a/.github/workflows/mm-notify.yaml b/.github/workflows/mm-pr-notify.yaml similarity index 92% rename from .github/workflows/mm-notify.yaml rename to .github/workflows/mm-pr-notify.yaml index ce6453bf3..055676671 100644 --- a/.github/workflows/mm-notify.yaml +++ b/.github/workflows/mm-pr-notify.yaml @@ -4,7 +4,12 @@ name: Send notification to Mattermost on: pull_request: - types: [opened, reopened, edited, ready_for_review] + types: + - opened + - reopened + - edited + - ready_for_review + jobs: build: runs-on: ubuntu-latest @@ -21,7 +26,7 @@ jobs: - uses: mattermost/action-mattermost-notify@master if: ${{ (github.event.pull_request.draft == false && startsWith(github.event.pull_request.title, 'WIP:') == false && github.event.action == 'edited' && startsWith(github.event.changes.title.from, 'WIP:') == true ) || github.event.action == 'ready_for_review'}} with: - MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WEBHOOK_URL }} + MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WH_PR }} MATTERMOST_USERNAME: Github MATTERMOST_ICON_URL: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/GitHub_Invertocat_Logo.svg/256px-GitHub_Invertocat_Logo.svg.png TEXT: | diff --git a/.github/workflows/mm-release-notify.yaml b/.github/workflows/mm-release-notify.yaml new file mode 100644 index 000000000..bb75c0b83 --- /dev/null +++ b/.github/workflows/mm-release-notify.yaml @@ -0,0 +1,27 @@ +--- + +name: Send release notification to Mattermost + +on: + workflow_run: + workflows: + - "Release Charts" + push: + tags: + - \d+\.\d+\.\d+ + types: + - completed + +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: mattermost/action-mattermost-notify@master + if: ${{ github.event.workflow_run.conclusion == 'success' }} + with: + MATTERMOST_WEBHOOK_URL: ${{ secrets.MM_WH_ON_PREMISE_RELEASE }} + MATTERMOST_USERNAME: Github + MATTERMOST_ICON_URL: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/GitHub_Invertocat_Logo.svg/256px-GitHub_Invertocat_Logo.svg.png + TEXT: | + Опубликован On-Premise: ${{ github.ref_name }} + Документация: https://confluence.2gis.ru/display/Karta/Release+${{ github.ref_name }}+On-Premise From 546f7002b0ce898000e4bf11e0665a716ad76c5d Mon Sep 17 00:00:00 2001 From: vgivanov Date: Thu, 17 Oct 2024 16:12:10 +0700 Subject: [PATCH 69/91] [gis-platform] Do not use config template (#512) --- .../gis-platform/templates/gis-platform-portal-configmap.yaml | 2 +- charts/gis-platform/templates/gis-platform-portal-dep.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/gis-platform/templates/gis-platform-portal-configmap.yaml b/charts/gis-platform/templates/gis-platform-portal-configmap.yaml index 68bff4141..e8edce5c8 100644 --- a/charts/gis-platform/templates/gis-platform-portal-configmap.yaml +++ b/charts/gis-platform/templates/gis-platform-portal-configmap.yaml @@ -9,5 +9,5 @@ metadata: data: nginx.conf: |- {{- tpl (.Files.Get "configs/portal/nginx.conf.template") . | nindent 4 }} - default.conf.template: |- + default.conf: |- {{- tpl (.Files.Get "configs/portal/default.conf.template") . | nindent 4 }} diff --git a/charts/gis-platform/templates/gis-platform-portal-dep.yaml b/charts/gis-platform/templates/gis-platform-portal-dep.yaml index 08c3ce06d..5f531e6a1 100644 --- a/charts/gis-platform/templates/gis-platform-portal-dep.yaml +++ b/charts/gis-platform/templates/gis-platform-portal-dep.yaml @@ -40,8 +40,8 @@ spec: {{- toYaml .Values.portal.resources | nindent 12 }} volumeMounts: - name: {{ include "gis-platform-portal.name" . }}-configmap - mountPath: /etc/nginx/templates/default.conf.template - subPath: default.conf.template + mountPath: /etc/nginx/conf.d/default.conf + subPath: default.conf - name: {{ include "gis-platform-portal.name" . }}-configmap mountPath: /etc/nginx/nginx.conf subPath: nginx.conf From 7160161cacbc511d1659f5ff0fc2afba0cc31e31 Mon Sep 17 00:00:00 2001 From: Voronkov Alexander Date: Thu, 17 Oct 2024 14:46:41 +0300 Subject: [PATCH 70/91] =?UTF-8?q?[EVERGIS]=20websocket-services=20=D0=B4?= =?UTF-8?q?=D0=BE=D0=BB=D0=B6=D0=B5=D0=BD=20=D1=83=D0=BA=D0=B0=D0=B7=D1=8B?= =?UTF-8?q?=D0=B2=D0=B0=D1=82=D1=8C=20=D0=BD=D0=B0=20backend.service.name.?= =?UTF-8?q?=20Required=20defaults=20(#457)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [EVERGIS] websocket-services должен указывать на backend.service.name * [EVERGIS] websocket-services должен указывать на backend.service.name. Default values * [EVERGIS] websocket-services должен указывать на backend.service.name. Default values --------- Co-authored-by: Alexander Voronkov --- charts/gis-platform/README.md | 8 ++++---- .../templates/gis-platform-websocket-ingress.yaml | 2 +- charts/gis-platform/values.yaml | 10 +++++----- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/charts/gis-platform/README.md b/charts/gis-platform/README.md index 297054be8..feb10c9d3 100644 --- a/charts/gis-platform/README.md +++ b/charts/gis-platform/README.md @@ -84,11 +84,11 @@ See the [documentation](https://docs.2gis.com/en/on-premise/gis-platform) to lea | `spcore.postgres.name` | PostgreSQL database name **Required** | `""` | | `spcore.postgres.poolsize` | PostgreSQL connection pool size. | `25` | | `spcore.admin` | **Admin access settings.** | | -| `spcore.admin.email` | Admin email **Required** | `admin@example.com` | -| `spcore.admin.password` | Admin password **Required** | `123456` | +| `spcore.admin.email` | Admin email **Required** Example: admin@example.com | `""` | +| `spcore.admin.password` | Admin password **Required** | `""` | | `spcore.jwt` | **JSON Web Token (JWT) settings.** | | -| `spcore.jwt.tokenKey` | JWT default user token **Required** | `supersecrettoken` | -| `spcore.jwt.tokenAdmin` | JWT admin user token **Required** | `supersecrettoken` | +| `spcore.jwt.tokenKey` | JWT default user token **Required** | `""` | +| `spcore.jwt.tokenAdmin` | JWT admin user token **Required** | `""` | | `spcore.catalog` | **Catalog settings.** | | | `spcore.catalog.url` | Catalog service URL **Required** Example: `http://catalog-api` | `""` | | `spcore.catalog.key` | Catalog access key **Required** | `""` | diff --git a/charts/gis-platform/templates/gis-platform-websocket-ingress.yaml b/charts/gis-platform/templates/gis-platform-websocket-ingress.yaml index a14fa1104..0b56eaba8 100644 --- a/charts/gis-platform/templates/gis-platform-websocket-ingress.yaml +++ b/charts/gis-platform/templates/gis-platform-websocket-ingress.yaml @@ -11,7 +11,7 @@ metadata: nginx.ingress.kubernetes.io/proxy-connect-timeout: {{ .Values.portal.websocket.timeout | quote }} nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.portal.websocket.timeout | quote }} nginx.ingress.kubernetes.io/proxy-send-timeout: {{ .Values.portal.websocket.timeout | quote }} - nginx.org/websocket-services: websocket + nginx.org/websocket-services: {{ $fullName }} {{- if .Values.ingress.annotations }} {{- with .Values.ingress.annotations }} {{- toYaml . | nindent 4 }} diff --git a/charts/gis-platform/values.yaml b/charts/gis-platform/values.yaml index 3db9f23f3..bde507027 100644 --- a/charts/gis-platform/values.yaml +++ b/charts/gis-platform/values.yaml @@ -126,20 +126,20 @@ spcore: poolsize: 25 # @extra spcore.admin **Admin access settings.** - # @param spcore.admin.email Admin email **Required** + # @param spcore.admin.email Admin email **Required** Example: admin@example.com # @param spcore.admin.password Admin password **Required** admin: - email: admin@example.com - password: '123456' + email: '' + password: '' # @extra spcore.jwt **JSON Web Token (JWT) settings.** # @param spcore.jwt.tokenKey JWT default user token **Required** # @param spcore.jwt.tokenAdmin JWT admin user token **Required** jwt: - tokenKey: supersecrettoken - tokenAdmin: supersecrettoken + tokenKey: '' + tokenAdmin: '' # @extra spcore.catalog **Catalog settings.** # @param spcore.catalog.url Catalog service URL **Required** Example: `http://catalog-api` From 94ee0e92611964a140a93551de14595121865363 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Fri, 18 Oct 2024 14:03:50 +0500 Subject: [PATCH 71/91] [traffic-proxy] Update traffic-proxy chart configuration and nginx template (#518) * Update traffic-proxy chart configuration and nginx template * Add customizable server section * Update charts/traffic-proxy/templates/configmap.yaml Co-authored-by: Voronkov Alexander * Update charts/traffic-proxy/templates/configmap.yaml Co-authored-by: Voronkov Alexander * Change log configuration * Change README * lint fix * Delete duplicate field description in traffic-proxy * Fix configmap spaces. Add loglevel field allowed values --------- Co-authored-by: Sergey Vlasov Co-authored-by: Voronkov Alexander --- charts/traffic-proxy/README.md | 22 ++++++--- charts/traffic-proxy/templates/configmap.yaml | 31 +++++++++++-- charts/traffic-proxy/values.yaml | 46 +++++++++++++++++++ 3 files changed, 87 insertions(+), 12 deletions(-) diff --git a/charts/traffic-proxy/README.md b/charts/traffic-proxy/README.md index ed9df5966..f7b6f885d 100644 --- a/charts/traffic-proxy/README.md +++ b/charts/traffic-proxy/README.md @@ -44,13 +44,21 @@ See the [documentation](https://docs.2gis.com/en/on-premise/traffic-proxy) to le ### Proxy server settings -| Name | Description | Value | -| --------------------- | --------------------------------------------------------------------------------------- | ------ | -| `proxy.host` | URL for the proxy server to serve, ex: https://traffic0.edromaps.2gis.com. **Required** | `""` | -| `proxy.listen` | Port for the proxy server to listen. | `8080` | -| `proxy.cache.enabled` | If caching should be enabled for the proxy server. | `true` | -| `proxy.cache.age` | Cache validity period. | `1m` | -| `proxy.cache.size` | Maximum cache size. | `32m` | +| Name | Description | Value | +| -------------------------- | ------------------------------------------------------------------------------------------------------ | ------- | +| `proxy.host` | URL for the proxy server to serve, ex: https://traffic0.edromaps.2gis.com. **Required** | `""` | +| `proxy.listen` | Port for the proxy server to listen. | `8080` | +| `proxy.cache.enabled` | If caching should be enabled for the proxy server. | `true` | +| `proxy.cache.age` | Cache validity period. | `1m` | +| `proxy.cache.size` | Maximum cache size. | `32m` | +| `proxy.worker.processes` | Number of worker processes. | `2` | +| `proxy.worker.connections` | Number of worker connections. | `1024` | +| `proxy.log.errorLog.level` | Error log level. Allowed values: `debug`, `info`, `notice`, `warn`, `error`, `crit`, `alert`, `emerg`. | `error` | +| `proxy.log.accessLog` | Access log definition. | `off` | +| `proxy.keepaliveTimeout` | Keepalive timeout. | `65` | +| `proxy.log.customFormats` | List of custom log formats to be used in NGINX configuration | `[]` | +| `proxy.locations` | List of additional location blocks to be included in the NGINX configuration | `[]` | +| `proxy.httpServers` | List of additional server blocks to be included in the NGINX configuration | `{}` | ### Deployment settings diff --git a/charts/traffic-proxy/templates/configmap.yaml b/charts/traffic-proxy/templates/configmap.yaml index 75e1031d5..3532cb917 100644 --- a/charts/traffic-proxy/templates/configmap.yaml +++ b/charts/traffic-proxy/templates/configmap.yaml @@ -8,12 +8,12 @@ metadata: {{- include "traffic-proxy.labels" . | nindent 4 }} data: nginx.conf: | - worker_processes 2; + worker_processes {{ .Values.proxy.worker.processes }}; pid /run/nginx.pid; events { - worker_connections 1024; + worker_connections {{ .Values.proxy.worker.connections }}; } http { @@ -44,12 +44,19 @@ data: '"request_id":"$http_x_request_id",' '"upstream_request_id":"$upstream_http_x_request_id"}'; - access_log off; - error_log /dev/stderr error; + {{- if .Values.proxy.log.customFormats }} + {{ range .Values.proxy.log.customFormats }} + log_format {{ .name }} escape={{ .escape }} {{ .format | nindent 36 | trim }}; + {{- end }} + {{- end }} + + access_log {{ required "A valid .Values.proxy.log.accessLog required" .Values.proxy.log.accessLog }}; + + error_log /dev/stderr {{ required "A valid .Values.proxy.log.errorLog.level required" .Values.proxy.log.errorLog.level }}; sendfile on; tcp_nopush on; - keepalive_timeout 65; + keepalive_timeout {{ .Values.proxy.keepaliveTimeout }}; {{ if .Values.proxy.cache.enabled }} proxy_cache_path /var/cache/nginx/trafficcache keys_zone=trafficcache:{{ .Values.proxy.cache.size }}; @@ -81,5 +88,19 @@ data: default_type text/html; return 200 "

OK

\n"; } + + {{ if .Values.proxy.locations }} + {{ range .Values.proxy.locations }} + location {{ .path }} { + {{- .definition | trim | nindent 14}} + } + {{ end }} + {{ end }} } + + {{ if .Values.proxy.httpServers }} + {{ range .Values.proxy.httpServers }} + {{- . | trim | nindent 6 }} + {{ end }} + {{ end }} } diff --git a/charts/traffic-proxy/values.yaml b/charts/traffic-proxy/values.yaml index 622b8d8a5..543d8d60f 100644 --- a/charts/traffic-proxy/values.yaml +++ b/charts/traffic-proxy/values.yaml @@ -39,6 +39,12 @@ podLabels: {} # @param proxy.cache.enabled If caching should be enabled for the proxy server. # @param proxy.cache.age Cache validity period. # @param proxy.cache.size Maximum cache size. +# @param proxy.worker.processes Number of worker processes. +# @param proxy.worker.connections Number of worker connections. +# @param proxy.log.errorLog.level Error log level. Allowed values: `debug`, `info`, `notice`, `warn`, `error`, `crit`, `alert`, `emerg`. +# @param proxy.log.accessLog Access log definition. +# @param proxy.keepaliveTimeout Keepalive timeout. + proxy: host: '' @@ -49,6 +55,46 @@ proxy: enabled: true age: 1m size: 32m + worker: + processes: 2 + connections: 1024 + log: + # @param proxy.log.customFormats List of custom log formats to be used in NGINX configuration + customFormats: [] + # - name: small + # escape: json + # format: | + # '{"time_local":"$time_local",' + # '"remote_addr":"$remote_addr",' + # '"request":"$request",' + # '"status":"$status",' + # '"host":"$host"}' + errorLog: + level: error + + accessLog: off + # accessLog: '/dev/stdout main' + + keepaliveTimeout: 65 + + # @param proxy.locations List of additional location blocks to be included in the NGINX configuration + locations: [] + # - path: /test/ + # definition: | + # default_type text/html; + # return 200 "

test page

\n"; + + # @param proxy.httpServers List of additional server blocks to be included in the NGINX configuration + httpServers: {} + # examplecfg: | + # server { + # listen 0.0.0.0:8080; + + # location / { + # default_type text/html; + # return 200 "

test page

\n"; + # } + # } # @section Deployment settings From ef98d59244e11ab3b1f64512706e125022948123 Mon Sep 17 00:00:00 2001 From: FreakyGranny Date: Mon, 21 Oct 2024 11:31:52 +0700 Subject: [PATCH 72/91] Upgrade to 4.61.0 (#514) Co-authored-by: p.fomin Co-authored-by: mprudnikov3 <139206622+mprudnikov3@users.noreply.github.com> --- charts/tiles-api/Chart.yaml | 2 +- charts/tiles-api/README.md | 1 + charts/tiles-api/configs/importer/importer.yaml | 1 + charts/tiles-api/values.yaml | 2 ++ 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/charts/tiles-api/Chart.yaml b/charts/tiles-api/Chart.yaml index 3d5101152..60a60514f 100644 --- a/charts/tiles-api/Chart.yaml +++ b/charts/tiles-api/Chart.yaml @@ -5,7 +5,7 @@ description: Tiles API for getting cartographic data type: application version: 1.29.0 -appVersion: 4.54.0 +appVersion: 4.61.0 maintainers: - name: 2gis diff --git a/charts/tiles-api/README.md b/charts/tiles-api/README.md index cce8c0aca..dcbdfbcd0 100644 --- a/charts/tiles-api/README.md +++ b/charts/tiles-api/README.md @@ -33,6 +33,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `dgctlStorage.host` | S3 endpoint. Format: `host:port`. | `""` | | `dgctlStorage.secure` | If S3 uses https. | `false` | | `dgctlStorage.bucket` | S3 bucket name. | `""` | +| `dgctlStorage.region` | S3 region. | `""` | | `dgctlStorage.accessKey` | S3 access key for accessing the bucket. | `""` | | `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. | `""` | | `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`.
This file contains the description of pieces of data that the service requires to operate. | `""` | diff --git a/charts/tiles-api/configs/importer/importer.yaml b/charts/tiles-api/configs/importer/importer.yaml index 0a5c06374..e5effae47 100644 --- a/charts/tiles-api/configs/importer/importer.yaml +++ b/charts/tiles-api/configs/importer/importer.yaml @@ -12,6 +12,7 @@ storage: host: {{ required "Valid .Values.dgctlStorage.host required!" .Values.dgctlStorage.host }} secure: {{ .Values.dgctlStorage.secure }} bucket: {{ required "Valid .Values.dgctlStorage.bucket required!" .Values.dgctlStorage.bucket }} + region: {{ .Values.dgctlStorage.region }} url-lifetime-period: 60m k8s: diff --git a/charts/tiles-api/values.yaml b/charts/tiles-api/values.yaml index 52d828d2e..4873d5a70 100644 --- a/charts/tiles-api/values.yaml +++ b/charts/tiles-api/values.yaml @@ -9,6 +9,7 @@ dgctlDockerRegistry: '' # @param dgctlStorage.host S3 endpoint. Format: `host:port`. # @param dgctlStorage.secure If S3 uses https. # @param dgctlStorage.bucket S3 bucket name. +# @param dgctlStorage.region S3 region. # @param dgctlStorage.accessKey S3 access key for accessing the bucket. # @param dgctlStorage.secretKey S3 secret key for accessing the bucket. # @param dgctlStorage.manifest The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`.
This file contains the description of pieces of data that the service requires to operate. @@ -17,6 +18,7 @@ dgctlStorage: host: '' secure: false bucket: '' + region: '' accessKey: '' secretKey: '' manifest: '' From 69fba45ec1a00e97bb0cd2ee7b8fc99bca66baae Mon Sep 17 00:00:00 2001 From: ArtemPolykov <44114018+ArtemPolykov@users.noreply.github.com> Date: Tue, 22 Oct 2024 07:49:34 +0300 Subject: [PATCH 73/91] =?UTF-8?q?[PRO-6241]=20=D0=9E=D0=B1=D0=BD=D0=BE?= =?UTF-8?q?=D0=B2=D0=BB=D0=B5=D0=BD=D0=B8=D0=B5=20PRO=20API=20=D0=B4=D0=BE?= =?UTF-8?q?=20=D0=B2=D0=B5=D1=80=D1=81=D0=B8=D0=B8=201.41.1=20(#513)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Breaking-Changes.md | 8 + charts/pro-api/Chart.yaml | 2 +- charts/pro-api/README.md | 221 ++++++++-------- charts/pro-api/templates/_helpers.tpl | 4 +- charts/pro-api/templates/deployment.yaml | 10 +- .../templates/permissions-api-deployment.yaml | 4 +- charts/pro-api/templates/secrets.yaml | 4 +- charts/pro-api/values.yaml | 241 ++++++++++-------- 8 files changed, 278 insertions(+), 216 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 5663b344b..f90a78d90 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,5 +1,13 @@ # 2GIS On-Premise Breaking-Changes +## [1.30.0] + +### pro-api +- api.pod.appName renamed api.appName +- api.settings.enableUserAssetsImporter renamed to api.settings.backgroundJobs.enableUserAssetsImporter +- api.settings.enableAssetsStreaming renamed to api.settings.backgroundJobs.enableAssetsStreaming +- api.settings.auth.permissionsApiKey renamed permissions.settings.auth.apiKey + ## [1.29.0] ### mapgl-js-api diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index e01669dfe..0c0bec5f0 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -5,7 +5,7 @@ description: Geo API for getting geo data type: application version: 1.29.0 -appVersion: 1.35.0 +appVersion: 1.41.0 maintainers: - name: 2gis diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index e32d76d93..be5f296af 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -4,91 +4,108 @@ ### Geo API configuration & settings -| Name | Description | Value | -| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- | -| `Image` | settings | | -| `api.image.repository` | Repository | `2gis-on-premise/pro-api` | -| `api.image.tag` | Tag | `1.35.0` | -| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | -| `Ingress` | settings | | -| `api.ingress.enabled` | If Ingress is enabled for the service. | `false` | -| `api.ingress.className` | Name of the Ingress controller class. | `nginx` | -| `api.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-api.example.com` | -| `api.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `api.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `api.ingress.tls` | TLS configuration | `[]` | -| `Pod` | settings | | -| `api.pod.appName` | Name of the service. | `pro-api` | -| `api.pod.replicaCount` | A replica count for the pod. | `2` | -| `api.pod.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `api.pod.nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `api.pod.fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `api.pod.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `api.pod.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `api.pod.priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | -| `api.pod.terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `300` | -| `api.pod.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `api.pod.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `api.pod.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `api.pod.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `api.pod.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `api.pod.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | -| `api.pod.resources` | **Limits for the application service** | | -| `api.pod.resources.requests.cpu` | A CPU request. | `400m` | -| `api.pod.resources.requests.memory` | A memory request. | `256M` | -| `api.pod.resources.limits.cpu` | A CPU limit. | `1` | -| `api.pod.resources.limits.memory` | A memory limit. | `1024M` | -| `api.pod.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | -| `api.pod.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | -| `api.pod.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | -| `VPA` | settings [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) | | -| `api.vpa.enabled` | If VPA is enabled for the service. | `false` | -| `api.vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | -| `api.vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | `400m` | -| `api.vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | `256M` | -| `api.vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | `1` | -| `api.vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | `1024M` | -| `Service` | settings | | -| `api.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `api.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `api.service.port` | PRO API service port. | `80` | -| `api.service.serviceAccount` | Kubernetes service account | `runner` | -| `api.service.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | -| `Geo` | API settings | | -| `api.settings.licenseKey` | License key. **Required** | `""` | -| `api.settings.tempPath` | Path to directory used for temp data | `/tmp` | -| `api.settings.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | -| `api.settings.logging` | Logging settings | | -| `api.settings.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | -| `api.settings.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | -| `api.settings.rateLimiter` | rate limiter settings | | -| `api.settings.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | -| `api.settings.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | -| `api.settings.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | -| `api.settings.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | -| `api.settings.auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | -| `api.settings.auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | -| `api.settings.auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | -| `api.settings.auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | -| `api.settings.auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | -| `api.settings.auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | -| `api.settings.auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | -| `api.settings.auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- | +| `api.appName` | Name of the service | `pro-api` | +| `api.image.repository` | Repository | `2gis-on-premise/pro-api` | +| `api.image.tag` | Tag | `1.41.0` | +| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `api.ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `api.ingress.className` | Name of the Ingress controller class. | `nginx` | +| `api.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-api.example.com` | +| `api.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `api.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `api.ingress.tls` | TLS configuration | `[]` | +| `api.pod.replicaCount` | A replica count for the pod. | `2` | +| `api.pod.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `api.pod.nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `api.pod.fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `api.pod.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `api.pod.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `api.pod.priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | +| `api.pod.terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `300` | +| `api.pod.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `api.pod.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.pod.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.pod.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.pod.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.pod.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.pod.resources` | **Limits for the application service** | | +| `api.pod.resources.requests.cpu` | A CPU request. | `400m` | +| `api.pod.resources.requests.memory` | A memory request. | `256M` | +| `api.pod.resources.limits.cpu` | A CPU limit. | `1` | +| `api.pod.resources.limits.memory` | A memory limit. | `1024M` | +| `api.pod.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `api.pod.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | +| `api.pod.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | +| `api.vpa.enabled` | If VPA is enabled for the service. | `false` | +| `api.vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | +| `api.vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | `400m` | +| `api.vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | `256M` | +| `api.vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | `1` | +| `api.vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | `1024M` | +| `api.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `api.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | PRO API service port. | `80` | +| `api.service.serviceAccount` | Kubernetes service account | `runner` | +| `api.service.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | +| `api.settings.licenseKey` | License key. **Required** | `""` | +| `api.settings.tempPath` | Path to directory used for temp data | `/tmp` | +| `api.settings.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | +| `api.settings.logging` | Logging settings | | +| `api.settings.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | +| `api.settings.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | +| `api.settings.rateLimiter` | rate limiter settings | | +| `api.settings.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | +| `api.settings.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | +| `api.settings.auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | +| `api.settings.auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | +| `api.settings.auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | +| `api.settings.auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | +| `api.settings.auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | +| `api.settings.auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | +| `api.settings.auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | +| `api.settings.backgroundJobs.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | +| `api.settings.backgroundJobs.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | +| `api.settings.layerGeneration.isochroneLayerMaxPointsCount` | If layer contains more points, isochrone is not avalible | `500` | ### Permissions API configuration & settings -| Name | Description | Value | -| ------------------------------------------------ | --------------------------------------------- | --------------------------------- | -| `Ingress` | settings | | -| `permissions.ingress.enabled` | If Ingress is enabled for the service. | `false` | -| `permissions.ingress.className` | Name of the Ingress controller class. | `nginx` | -| `permissions.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-permissions-api.example.com` | -| `permissions.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `permissions.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `permissions.ingress.tls` | TLS configuration | `[]` | -| `Permissions` | API settings | | -| `permissions.settings.enabled` | If permissionsApi is enabled for the service. | `false` | +| Name | Description | Value | +| ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | +| `permissions.image.repository` | Repository | `2gis-on-premise/pro-permissions-api` | +| `permissions.image.tag` | Tag | `1.41.0` | +| `permissions.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `permissions.ingress.enabled` | If Ingress is enabled for the service | `false` | +| `permissions.ingress.className` | Name of the Ingress controller class | `nginx` | +| `permissions.ingress.hosts[0].host` | Hostname for the Ingress service | `pro-permissions-api.example.com` | +| `permissions.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service | `/` | +| `permissions.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service | `Prefix` | +| `permissions.ingress.tls` | TLS configuration | `[]` | +| `permissions.pod.replicaCount` | A replica count for the pod. | `1` | +| `permissions.pod.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `permissions.pod.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `permissions.pod.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `permissions.pod.priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | +| `permissions.pod.terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `60` | +| `permissions.pod.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `permissions.pod.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `permissions.pod.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `permissions.pod.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `permissions.pod.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `permissions.pod.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `permissions.pod.resources` | **Limits for the application service** | | +| `permissions.pod.resources.requests.cpu` | A CPU request. | `300m` | +| `permissions.pod.resources.requests.memory` | A memory request. | `256M` | +| `permissions.pod.resources.limits.cpu` | A CPU limit. | `1` | +| `permissions.pod.resources.limits.memory` | A memory limit. | `1G` | +| `permissions.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `permissions.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `permissions.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `permissions.service.port` | PRO API service port. | `80` | +| `permissions.settings.enabled` | Set to `true` if authorization is used | `false` | +| `permissions.settings.auth.apiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | ### asset importer settings @@ -96,7 +113,7 @@ | -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `assetImporter.appName` | Data Import job name. | `asset-importer` | | `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.35.0` | +| `assetImporter.tag` | Docker image tag. | `1.41.0` | | `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | | `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | @@ -160,24 +177,25 @@ ### Kafka settings (supported version 2.7) -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------- | -| `kafka.bootstrapServers` | Kafka bootstrap servers. Format: 'host1:port1,host2:port2' | `""` | -| `kafka.securityProtocol` | Kafka security protocol. Supported options: SaslPlaintext. | `SaslPlaintext` | -| `kafka.sasl` | **Kafka sasl settings** (see [the documentation](https://kafka.apache.org/documentation/#security_sasl_config)) | | -| `kafka.sasl.mechanism` | Kafka sasl mechanism. Supported options: ScramSha512. | `ScramSha512` | -| `kafka.sasl.username` | Kafka sasl username. | `""` | -| `kafka.sasl.password` | Kafka sasl password. | `""` | -| `kafka.assetTopicsReaderGroupId` | Kafka consumer group for reading streaming assets data. | `""` | -| `kafka.importTasksTopic` | Kafka topic settings to run import tasks. | | -| `kafka.importTasksTopic.name` | Kafka topic name. | `""` | -| `kafka.importTasksTopic.readerGroupId` | Kafka consumer group for reading importing tasks. | `""` | -| `kafka.eventsTopic` | Kafka topic settings to manage events. | | -| `kafka.eventsTopic.name` | Kafka events topic name. **Required** | `""` | -| `kafka.eventsTopic.readerGroupId` | Kafka consumer group for reading events. **Required** | `""` | -| `kafka.assetDataTopic` | Kafka topic settings to manage asset data updates. | | -| `kafka.assetDataTopic.name` | Kafka topic name. | `""` | -| `kafka.refreshAssetsIntervalMinutes` | Refresh interval for reading streaming assets settings in minutes. | `60` | +| Name | Description | Value | +| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | --------------- | +| `kafka.bootstrapServers` | Kafka bootstrap servers. Format: 'host1:port1,host2:port2' | `""` | +| `kafka.securityProtocol` | Kafka security protocol. Supported options: SaslPlaintext. | `SaslPlaintext` | +| `kafka.sasl` | **Kafka sasl settings** (see [the documentation](https://kafka.apache.org/documentation/#security_sasl_config)) | | +| `kafka.sasl.mechanism` | Kafka sasl mechanism. Supported options: ScramSha512. | `ScramSha512` | +| `kafka.sasl.username` | Kafka sasl username. | `""` | +| `kafka.sasl.password` | Kafka sasl password. | `""` | +| `kafka.assetTopicsReaderGroupId` | Kafka consumer group for reading streaming assets data. | `""` | +| `kafka.importTasksTopic` | Kafka topic settings to run import tasks. | | +| `kafka.importTasksTopic.name` | Kafka topic name. | `""` | +| `kafka.importTasksTopic.readerGroupId` | Kafka consumer group for reading importing tasks. | `""` | +| `kafka.eventsTopic` | Kafka topic settings to manage events. | | +| `kafka.eventsTopic.name` | Kafka events topic name. **Required** | `""` | +| `kafka.eventsTopic.readerGroupId` | Kafka consumer group for reading events. **Required** | `""` | +| `kafka.assetDataTopic` | Kafka topic settings to manage asset data updates. | | +| `kafka.assetDataTopic.name` | Kafka topic name. | `""` | +| `kafka.refreshAssetsIntervalMinutes` | Refresh interval for reading streaming assets settings in minutes. | `60` | +| `kafka.useReplicaTopics` | Use topic replica when using multiple kafka clusters. Each topic in the kafka settings must have a corresponding ".replica" topic | `false` | ### ElasticSearch settings (supported version 7.x) @@ -234,6 +252,7 @@ | ------------ | ------------------------------------------------------------------------------------------------ | ----- | | `search.url` | URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc | `""` | + ## Installing 1. Create a configuration file values-api.yaml and fill in all the required parameters according to the docs above. diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index 13c15d1fe..109f0afed 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -2,7 +2,7 @@ {{- if .Values.api.pod.fullnameOverride -}} {{- .Values.api.pod.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- $name := default .Values.api.pod.appName .Values.api.pod.nameOverride -}} +{{- $name := default .Values.api.appName .Values.api.pod.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -56,7 +56,7 @@ {{- end -}} {{- define "pro-api.chart" -}} -{{- printf "%s-%s" .Values.api.pod.appName .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" .Values.api.appName .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "pro-api.selectorLabels" -}} diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index de7ff3b9f..048b4510d 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -112,9 +112,9 @@ spec: - name: DEBUG value: "{{ .Values.api.settings.debug }}" - name: Import__EnableUserAssetsImporter - value: "{{ .Values.api.settings.enableUserAssetsImporter }}" + value: "{{ .Values.api.settings.backgroundJobs.enableUserAssetsImporter }}" - name: Import__EnableAssetsStreaming - value: "{{ .Values.api.settings.enableAssetsStreaming }}" + value: "{{ .Values.api.settings.backgroundJobs.enableAssetsStreaming }}" - name: Import__AssetImporterJobName value: {{ include "pro-api.asset-importer-name" . }} - name: Import__ExternalLinksProxyUrl @@ -226,6 +226,8 @@ spec: value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: Kafka__EventsTopicSettings__ReaderGroupId value: {{ required "A valid .Values.kafka.eventsTopic.readerGroupId entry required" $.Values.kafka.eventsTopic.readerGroupId }} + - name: Kafka__UseReplicaTopics + value: "{{ $.Values.kafka.useReplicaTopics }}" - name: Auth__Type value: "{{ .Values.api.settings.auth.type }}" - name: Auth__Url @@ -247,7 +249,7 @@ spec: {{ end }} - name: Auth__PermissionsApiUrl value: {{ include "pro-api.permissions-url" . }} - {{ if .Values.api.settings.auth.permissionsApiKey }} + {{ if .Values.permissions.settings.auth.apiKey }} - name: Auth__PermissionsApiKey valueFrom: secretKeyRef: @@ -300,6 +302,8 @@ spec: value: "{{ .Values.api.settings.localCache.trackStatistics }}" - name: LicensingService__BaseUri value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} + - name: LayerGeneration__IsochroneLayerMaxPointsCount + value: "{{ .Values.api.settings.layerGeneration.isochroneLayerMaxPointsCount }}" {{- range $i, $s := .Values.api.settings.openApi.servers }} - name: OpenApi__Servers__{{$i}} value: "{{ $s }}" diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index c0136b7f0..e1a6b40dd 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -130,7 +130,7 @@ spec: name: {{ include "pro-api.name" . }}-secret - name: Auth__Type value: {{ required "A valid .Values.api.settings.auth.type entry required" $.Values.api.settings.auth.type }} - {{ if .Values.api.settings.auth.permissionsApiKey }} + {{ if .Values.permissions.settings.auth.apiKey }} - name: Auth__PermissionsApiKey valueFrom: secretKeyRef: @@ -186,6 +186,8 @@ spec: value: "{{ $.Values.kafka.permissionsTopic.readerGroupId }}" - name: Kafka__EventsTopicSettings__Name value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} + - name: Kafka__UseReplicaTopics + value: "{{ $.Values.kafka.useReplicaTopics }}" - name: LocalCache__Enabled value: "{{ .Values.permissions.settings.localCache.enabled }}" - name: LocalCache__TrackStatistics diff --git a/charts/pro-api/templates/secrets.yaml b/charts/pro-api/templates/secrets.yaml index 9092ceef5..e0bdbd78e 100644 --- a/charts/pro-api/templates/secrets.yaml +++ b/charts/pro-api/templates/secrets.yaml @@ -12,8 +12,8 @@ data: {{ if .Values.digger.password }} diggerPassword: {{ .Values.digger.password | b64enc }} {{ end }} - {{ if .Values.api.settings.auth.permissionsApiKey }} - permissionsApiKey: {{ required "Valid .Values.api.settings.auth.permissionsApiKey required!" .Values.api.settings.auth.permissionsApiKey | b64enc }} + {{ if .Values.permissions.settings.auth.apiKey }} + permissionsApiKey: {{ required "Valid .Values.permissions.settings.auth.apiKey required!" .Values.permissions.settings.auth.apiKey | b64enc }} {{ end }} {{ if .Values.elastic.credentials }} esCredentials: {{ .Values.elastic.credentials | b64enc }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 7d8c61e7b..1b97a02a0 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,89 +1,24 @@ # @section Geo API configuration & settings -# @extra Image settings -# @param api.image.repository Repository -# @param api.image.tag Tag -# @param api.image.pullPolicy Pull Policy -# @extra Ingress settings -# @param api.ingress.enabled If Ingress is enabled for the service. -# @param api.ingress.className Name of the Ingress controller class. -# @param api.ingress.hosts[0].host Hostname for the Ingress service. -# @param api.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param api.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. -# @param api.ingress.tls TLS configuration -# @extra Pod settings -# @param api.pod.appName Name of the service. -# @param api.pod.replicaCount A replica count for the pod. -# @param api.pod.imagePullSecrets Kubernetes image pull secrets. -# @param api.pod.nameOverride Base name to use in all the Kubernetes entities deployed by this chart. -# @param api.pod.fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. -# @param api.pod.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). -# @param api.pod.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). -# @param api.pod.priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). -# @param api.pod.terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds -# @param api.pod.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. -# @param api.pod.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param api.pod.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param api.pod.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param api.pod.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param api.pod.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). -# @extra api.pod.resources **Limits for the application service** -# @param api.pod.resources.requests.cpu A CPU request. -# @param api.pod.resources.requests.memory A memory request. -# @param api.pod.resources.limits.cpu A CPU limit. -# @param api.pod.resources.limits.memory A memory limit. -# @param api.pod.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. -# @param api.pod.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). -# @param api.pod.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. -# @extra VPA settings [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) -# @param api.vpa.enabled If VPA is enabled for the service. -# @param api.vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). -# @param api.vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. -# @param api.vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. -# @param api.vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. -# @param api.vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. -# @extra Service settings -# @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) -# @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). -# @param api.service.port PRO API service port. -# @param api.service.serviceAccount Kubernetes service account -# @param api.service.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. -# @extra Geo API settings -# @param api.settings.licenseKey License key. **Required** -# @param api.settings.tempPath Path to directory used for temp data -# @param api.settings.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service -# @skip api.settings.logEsQueries -# @skip api.settings.debug -# @skip api.settings.env -# @skip api.settings.filterByZoneCodes -# @skip api.settings.esDataCentersCount -# @extra api.settings.logging Logging settings -# @param api.settings.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text -# @param api.settings.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). -# @extra api.settings.rateLimiter rate limiter settings -# @param api.settings.rateLimiter.requestsLimit max number of requests from one user during time window (0 means rate limiter is disabled) -# @param api.settings.rateLimiter.windowSizeInSeconds the size of time windows to count and limit incoming requests -# @skip api.settings.localCache.enabled -# @skip api.settings.localCache.trackStatistics -# @skip api.settings.openApi.servers -# @param api.settings.enableUserAssetsImporter If user data importer job is enabled for the service. -# @param api.settings.enableAssetsStreaming If the streaming data processing job is enabled for the service. -# @param api.settings.auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol -# @param api.settings.auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` -# @param api.settings.auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` -# @param api.settings.auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` -# @param api.settings.auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` -# @param api.settings.auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` -# @skip api.settings.auth.autoRegisterUsers -# @param api.settings.auth.turnOffCertValidation Turn off certificate validation for auth.url -# @param api.settings.auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` - api: + + # @param api.appName Name of the service + appName: pro-api + + # @param api.image.repository Repository + # @param api.image.tag Tag + # @param api.image.pullPolicy Pull Policy image: repository: 2gis-on-premise/pro-api - tag: 1.35.0 + tag: 1.41.0 pullPolicy: IfNotPresent + + # @param api.ingress.enabled If Ingress is enabled for the service. + # @param api.ingress.className Name of the Ingress controller class. + # @param api.ingress.hosts[0].host Hostname for the Ingress service. + # @param api.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. + # @param api.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. + # @param api.ingress.tls TLS configuration ingress: enabled: false className: nginx @@ -96,8 +31,30 @@ api: # - hosts: # - pro-api.example.com # secretName: secret.tls + + # @param api.pod.replicaCount A replica count for the pod. + # @param api.pod.imagePullSecrets Kubernetes image pull secrets. + # @param api.pod.nameOverride Base name to use in all the Kubernetes entities deployed by this chart. + # @param api.pod.fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. + # @param api.pod.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + # @param api.pod.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + # @param api.pod.priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). + # @param api.pod.terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds + # @param api.pod.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. + # @param api.pod.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param api.pod.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param api.pod.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param api.pod.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param api.pod.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @extra api.pod.resources **Limits for the application service** + # @param api.pod.resources.requests.cpu A CPU request. + # @param api.pod.resources.requests.memory A memory request. + # @param api.pod.resources.limits.cpu A CPU limit. + # @param api.pod.resources.limits.memory A memory limit. + # @param api.pod.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. + # @param api.pod.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). + # @param api.pod.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. pod: - appName: pro-api replicaCount: 2 imagePullSecrets: [] nameOverride: '' @@ -124,6 +81,13 @@ api: rollingUpdate: maxUnavailable: 0 maxSurge: 1 + + # @param api.vpa.enabled If VPA is enabled for the service. + # @param api.vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). + # @param api.vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. + # @param api.vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. + # @param api.vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. + # @param api.vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. vpa: enabled: false updateMode: Auto @@ -133,6 +97,13 @@ api: maxAllowed: cpu: 1 memory: 1024M + + # @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + # @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). + # @param api.service.port PRO API service port. + # @param api.service.serviceAccount Kubernetes service account + # @param api.service.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. service: annotations: {} labels: {} @@ -140,6 +111,35 @@ api: port: 80 serviceAccount: runner serviceAccountOverride: '' + + # @param api.settings.licenseKey License key. **Required** + # @param api.settings.tempPath Path to directory used for temp data + # @param api.settings.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service + # @skip api.settings.logEsQueries + # @skip api.settings.debug + # @skip api.settings.env + # @skip api.settings.filterByZoneCodes + # @skip api.settings.esDataCentersCount + # @extra api.settings.logging Logging settings + # @param api.settings.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text + # @param api.settings.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). + # @extra api.settings.rateLimiter rate limiter settings + # @param api.settings.rateLimiter.requestsLimit max number of requests from one user during time window (0 means rate limiter is disabled) + # @param api.settings.rateLimiter.windowSizeInSeconds the size of time windows to count and limit incoming requests + # @skip api.settings.localCache.enabled + # @skip api.settings.localCache.trackStatistics + # @skip api.settings.openApi.servers + # @param api.settings.auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol + # @param api.settings.auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` + # @param api.settings.auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` + # @param api.settings.auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` + # @param api.settings.auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` + # @skip api.settings.auth.autoRegisterUsers + # @param api.settings.auth.turnOffCertValidation Turn off certificate validation for auth.url + # @param api.settings.auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` + # @param api.settings.backgroundJobs.enableUserAssetsImporter If user data importer job is enabled for the service. + # @param api.settings.backgroundJobs.enableAssetsStreaming If the streaming data processing job is enabled for the service. + # @param api.settings.layerGeneration.isochroneLayerMaxPointsCount If layer contains more points, isochrone is not avalible settings: licenseKey: '' tempPath: /tmp @@ -160,43 +160,39 @@ api: trackStatistics: false openApi: servers: [] - enableUserAssetsImporter: true - enableAssetsStreaming: false auth: type: none url: '' userInfoEndpoint: '' wellKnownConfigEndpoint: '' apiKey: '' - permissionsApiKey: '' autoRegisterUsers: true turnOffCertValidation: false shareKeys: [] - + backgroundJobs: + enableUserAssetsImporter: true + enableAssetsStreaming: false + layerGeneration: + isochroneLayerMaxPointsCount: 500 # @section Permissions API configuration & settings -# @skip permissions.image -# @extra Ingress settings -# @param permissions.ingress.enabled If Ingress is enabled for the service. -# @param permissions.ingress.className Name of the Ingress controller class. -# @param permissions.ingress.hosts[0].host Hostname for the Ingress service. -# @param permissions.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param permissions.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. -# @param permissions.ingress.tls TLS configuration -# @skip permissions.pod -# @skip permissions.service -# @extra Permissions API settings -# @skip permissions.settings.host -# @param permissions.settings.enabled If permissionsApi is enabled for the service. -# @skip permissions.settings.localCache.enabled -# @skip permissions.settings.localCache.trackStatistics - permissions: + + # @param permissions.image.repository Repository + # @param permissions.image.tag Tag + # @param permissions.image.pullPolicy Pull Policy image: repository: 2gis-on-premise/pro-permissions-api - tag: 1.35.0 + tag: 1.41.0 pullPolicy: IfNotPresent + + # @param permissions.ingress.enabled If Ingress is enabled for the service + # @param permissions.ingress.className Name of the Ingress controller class + # @param permissions.ingress.hosts[0].host Hostname for the Ingress service + # @param permissions.ingress.hosts[0].paths[0].path Path of the host for the Ingress service + # @param permissions.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service + # @param permissions.ingress.tls TLS configuration ingress: enabled: false className: nginx @@ -206,9 +202,25 @@ permissions: - path: / pathType: Prefix tls: [] - # - hosts: - # - pro-permissions-api.example.com # secretName: secret.tls + + # @param permissions.pod.replicaCount A replica count for the pod. + # @param permissions.pod.imagePullSecrets Kubernetes image pull secrets. + # @param permissions.pod.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + # @param permissions.pod.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + # @param permissions.pod.priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). + # @param permissions.pod.terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds + # @param permissions.pod.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. + # @param permissions.pod.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param permissions.pod.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param permissions.pod.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param permissions.pod.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param permissions.pod.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). + # @extra permissions.pod.resources **Limits for the application service** + # @param permissions.pod.resources.requests.cpu A CPU request. + # @param permissions.pod.resources.requests.memory A memory request. + # @param permissions.pod.resources.limits.cpu A CPU limit. + # @param permissions.pod.resources.limits.memory A memory limit. pod: replicaCount: 1 imagePullSecrets: [] @@ -229,17 +241,30 @@ permissions: limits: cpu: 1 memory: 1G + + # @param permissions.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) + # @param permissions.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + # @param permissions.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). + # @param permissions.service.port PRO API service port. service: annotations: {} labels: {} type: ClusterIP port: 80 + + # @skip permissions.settings.host + # @param permissions.settings.enabled Set to `true` if authorization is used + # @skip permissions.settings.localCache.enabled + # @skip permissions.settings.localCache.trackStatistics + # @param permissions.settings.auth.apiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` settings: host: '' enabled: false localCache: enabled: true trackStatistics: false + auth: + apiKey: '' # @section asset importer settings @@ -271,7 +296,7 @@ permissions: assetImporter: appName: asset-importer repository: 2gis-on-premise/pro-importer - tag: 1.35.0 + tag: 1.41.0 schedule: 0 18 * * * backoffLimit: 2 successfulJobsHistoryLimit: 3 @@ -303,7 +328,7 @@ assetImporter: assetPreparer: appName: asset-preparer repository: 2gis-on-premise/pro-importer - tag: 1.35.0 + tag: 1.41.0 schedule: 0 16 * * 6 backoffLimit: 2 successfulJobsHistoryLimit: 1 @@ -317,6 +342,7 @@ assetPreparer: memory: 512M enabled: true settings: + files: '' maxParallelJobs: 1 @@ -398,6 +424,7 @@ postgres: # @param kafka.assetDataTopic.name Kafka topic name. # @skip kafka.permissionsTopic # @param kafka.refreshAssetsIntervalMinutes Refresh interval for reading streaming assets settings in minutes. +# @param kafka.useReplicaTopics Use topic replica when using multiple kafka clusters. Each topic in the kafka settings must have a corresponding ".replica" topic kafka: bootstrapServers: '' @@ -419,6 +446,7 @@ kafka: name: '' readerGroupId: '' refreshAssetsIntervalMinutes: 60 + useReplicaTopics: false # @section ElasticSearch settings (supported version 7.x) @@ -507,6 +535,7 @@ license: search: url: '' + # @skip tileGen tileGen: From 837b2c49d090b14c1460d9c43daee4968fdff223 Mon Sep 17 00:00:00 2001 From: urbiae <156092383+urbiae@users.noreply.github.com> Date: Tue, 22 Oct 2024 12:06:53 +0500 Subject: [PATCH 74/91] [GEFEST-877] Dispatcher deployment and cleaner cronjob (#446) --- charts/keys/Chart.yaml | 2 +- charts/keys/README.md | 104 +++++++++++------ charts/keys/templates/cleaner/cronjob.yaml | 49 ++++++++ .../keys/templates/dispatcher/deployment.yaml | 78 +++++++++++++ charts/keys/templates/helpers.tpl | 42 +++++++ charts/keys/values.yaml | 109 +++++++++++++++++- 6 files changed, 349 insertions(+), 35 deletions(-) create mode 100644 charts/keys/templates/cleaner/cronjob.yaml create mode 100644 charts/keys/templates/dispatcher/deployment.yaml diff --git a/charts/keys/Chart.yaml b/charts/keys/Chart.yaml index 01fa60b1d..542a427ec 100644 --- a/charts/keys/Chart.yaml +++ b/charts/keys/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy API Keys service version: 1.29.0 -appVersion: 1.87.0 +appVersion: 1.89.0 maintainers: - name: 2gis diff --git a/charts/keys/README.md b/charts/keys/README.md index 7995d7c67..93192e295 100644 --- a/charts/keys/README.md +++ b/charts/keys/README.md @@ -31,7 +31,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `imagePullPolicy` | Pull policy. | `IfNotPresent` | | `backend.image.repository` | Backend service image repository. | `2gis-on-premise/keys-backend` | -| `backend.image.tag` | Backend service image tag. | `1.87.0` | +| `backend.image.tag` | Backend service image tag. | `1.89.0` | | `admin.image.repository` | Admin service image repository. | `2gis-on-premise/keys-ui` | | `admin.image.tag` | Admin service image tag. | `0.8.0` | | `redis.image.repository` | Redis image repository. | `2gis-on-premise/keys-redis` | @@ -157,6 +157,34 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about | `tasker.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | | `tasker.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +### Dispatcher settings + +| Name | Description | Value | +| ---------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | +| `dispatcher.enabled` | If dispatcher worker is deployed. | `false` | +| `dispatcher.logLevel` | Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. | `warning` | +| `dispatcher.replicas` | A replica count for the pod. | `1` | +| `dispatcher.auditEvents.sendInterval` | Send audit events interval | `1m` | +| `dispatcher.auditEvents.batchMaxSize` | Max batch size when sending audit events | `1000` | +| `dispatcher.auditEvents.holdDuration` | In case of an unsuccessful attempt to send messages, the service will not resend it for a given duration | `10m` | +| `dispatcher.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `dispatcher.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | +| `dispatcher.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | +| `dispatcher.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `dispatcher.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `dispatcher.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `dispatcher.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `dispatcher.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `dispatcher.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `dispatcher.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | +| `dispatcher.cleaner` | **Settings for cronjob that cleans sent messages from database** | | +| `dispatcher.cleaner.logLevel` | Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. | `warning` | +| `dispatcher.cleaner.auditEvents.retentionDuration` | Retention period for successfully sent audit messages. | `4320h` | +| `dispatcher.cleaner.cron.schedule` | Cron job schedule. | `0 1 * * *` | +| `dispatcher.cleaner.cron.successfulJobsHistoryLimit` | Specifies the number of successful finished jobs to keep. See [jobs history limits](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#jobs-history-limits). | `3` | +| `dispatcher.cleaner.cron.suspend` | You can suspend execution of Jobs for a CronJob, by setting the field to true. See [schedule suspension](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-suspension). | `false` | +| `dispatcher.cleaner.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | + ### Redis settings | Name | Description | Value | @@ -251,38 +279,48 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about ### Limits -| Name | Description | Value | -| ----------------------------------- | ---------------------------------- | ------- | -| `admin.resources` | **Limits for the Admin service** | | -| `admin.resources.requests.cpu` | A CPU request. | `300m` | -| `admin.resources.requests.memory` | A memory request. | `256Mi` | -| `admin.resources.limits.cpu` | A CPU limit. | `1` | -| `admin.resources.limits.memory` | A memory limit. | `384Mi` | -| `api.resources` | **Limits for the API service** | | -| `api.resources.requests.cpu` | A CPU request. | `50m` | -| `api.resources.requests.memory` | A memory request. | `128Mi` | -| `api.resources.limits.cpu` | A CPU limit. | `1` | -| `api.resources.limits.memory` | A memory limit. | `256Mi` | -| `import.resources` | **Limits for the Import service** | | -| `import.resources.requests.cpu` | A CPU request. | `10m` | -| `import.resources.requests.memory` | A memory request. | `32Mi` | -| `import.resources.limits.cpu` | A CPU limit. | `100m` | -| `import.resources.limits.memory` | A memory limit. | `64Mi` | -| `migrate.resources` | **Limits for the Migrate service** | | -| `migrate.resources.requests.cpu` | A CPU request. | `10m` | -| `migrate.resources.requests.memory` | A memory request. | `32Mi` | -| `migrate.resources.limits.cpu` | A CPU limit. | `100m` | -| `migrate.resources.limits.memory` | A memory limit. | `64Mi` | -| `tasker.resources` | **Limits for the Tasker service** | | -| `tasker.resources.requests.cpu` | A CPU request. | `10m` | -| `tasker.resources.requests.memory` | A memory request. | `32Mi` | -| `tasker.resources.limits.cpu` | A CPU limit. | `100m` | -| `tasker.resources.limits.memory` | A memory limit. | `64Mi` | -| `redis.resources` | **Limits for Redis** | | -| `redis.resources.requests.cpu` | A CPU request. | `50m` | -| `redis.resources.requests.memory` | A memory request. | `32Mi` | -| `redis.resources.limits.cpu` | A CPU limit. | `1` | -| `redis.resources.limits.memory` | A memory limit. | `256Mi` | +| Name | Description | Value | +| ---------------------------------------------- | ------------------------------------- | ------- | +| `admin.resources` | **Limits for the Admin service** | | +| `admin.resources.requests.cpu` | A CPU request. | `300m` | +| `admin.resources.requests.memory` | A memory request. | `256Mi` | +| `admin.resources.limits.cpu` | A CPU limit. | `1` | +| `admin.resources.limits.memory` | A memory limit. | `384Mi` | +| `api.resources` | **Limits for the API service** | | +| `api.resources.requests.cpu` | A CPU request. | `50m` | +| `api.resources.requests.memory` | A memory request. | `128Mi` | +| `api.resources.limits.cpu` | A CPU limit. | `1` | +| `api.resources.limits.memory` | A memory limit. | `256Mi` | +| `import.resources` | **Limits for the Import service** | | +| `import.resources.requests.cpu` | A CPU request. | `10m` | +| `import.resources.requests.memory` | A memory request. | `32Mi` | +| `import.resources.limits.cpu` | A CPU limit. | `100m` | +| `import.resources.limits.memory` | A memory limit. | `64Mi` | +| `migrate.resources` | **Limits for the Migrate service** | | +| `migrate.resources.requests.cpu` | A CPU request. | `10m` | +| `migrate.resources.requests.memory` | A memory request. | `32Mi` | +| `migrate.resources.limits.cpu` | A CPU limit. | `100m` | +| `migrate.resources.limits.memory` | A memory limit. | `64Mi` | +| `tasker.resources` | **Limits for the Tasker service** | | +| `tasker.resources.requests.cpu` | A CPU request. | `10m` | +| `tasker.resources.requests.memory` | A memory request. | `32Mi` | +| `tasker.resources.limits.cpu` | A CPU limit. | `100m` | +| `tasker.resources.limits.memory` | A memory limit. | `64Mi` | +| `dispatcher.resources` | **Limits for the Dispatcher service** | | +| `dispatcher.resources.requests.cpu` | A CPU request. | `10m` | +| `dispatcher.resources.requests.memory` | A memory request. | `32Mi` | +| `dispatcher.resources.limits.cpu` | A CPU limit. | `100m` | +| `dispatcher.resources.limits.memory` | A memory limit. | `64Mi` | +| `dispatcher.cleaner.resources` | **Limits for the Cleaner service** | | +| `dispatcher.cleaner.resources.requests.cpu` | A CPU request. | `10m` | +| `dispatcher.cleaner.resources.requests.memory` | A memory request. | `32Mi` | +| `dispatcher.cleaner.resources.limits.cpu` | A CPU limit. | `100m` | +| `dispatcher.cleaner.resources.limits.memory` | A memory limit. | `64Mi` | +| `redis.resources` | **Limits for Redis** | | +| `redis.resources.requests.cpu` | A CPU request. | `50m` | +| `redis.resources.requests.memory` | A memory request. | `32Mi` | +| `redis.resources.limits.cpu` | A CPU limit. | `1` | +| `redis.resources.limits.memory` | A memory limit. | `256Mi` | ### customCAs **Custom Certificate Authority** diff --git a/charts/keys/templates/cleaner/cronjob.yaml b/charts/keys/templates/cleaner/cronjob.yaml new file mode 100644 index 000000000..a3711c4ef --- /dev/null +++ b/charts/keys/templates/cleaner/cronjob.yaml @@ -0,0 +1,49 @@ +{{- if .Values.dispatcher.enabled }} +apiVersion: batch/v1 +kind: CronJob +metadata: + name: {{ include "keys.cleaner.name" . }} + labels: + {{- include "keys.cleaner.labels" . | nindent 4 }} + +spec: + concurrencyPolicy: Forbid + schedule: "{{ .Values.dispatcher.cleaner.cron.schedule }}" + successfulJobsHistoryLimit: {{ .Values.dispatcher.cleaner.cron.successfulJobsHistoryLimit }} + suspend: {{ .Values.dispatcher.cleaner.cron.suspend }} + jobTemplate: + spec: + template: + metadata: + name: {{ include "keys.cleaner.name" . }} + labels: + {{- include "keys.cleaner.labels" . | nindent 12 }} + spec: + restartPolicy: Never + containers: + - name: clean + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: [ "keysctl", "clear" ] + args: [ "audit_events" ] + resources: + {{- toYaml .Values.dispatcher.cleaner.resources | nindent 16 }} + env: + {{- include "keys.env.db.deploys" . | nindent 16 }} + {{- include "keys.env.cleaner" . | nindent 16 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.env.custom.ca.path" . | nindent 16 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "keys.custom.ca.volumeMounts" . | nindent 16 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "keys.custom.ca.jobs.volumes" . | nindent 12 }} + {{- end }} + {{- with .Values.dispatcher.cleaner.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 12 }} + {{- end }} +{{- end }} diff --git a/charts/keys/templates/dispatcher/deployment.yaml b/charts/keys/templates/dispatcher/deployment.yaml new file mode 100644 index 000000000..a66518f38 --- /dev/null +++ b/charts/keys/templates/dispatcher/deployment.yaml @@ -0,0 +1,78 @@ +{{- if .Values.dispatcher.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "keys.dispatcher.name" . }} + {{- if or .Values.dispatcher.annotations .Values.customCAs.bundle }} + annotations: + {{- if .Values.customCAs.bundle }} + checksum/config: {{ include (print $.Template.BasePath "/configmap-deploys.yaml") . | sha256sum }} + {{- end }} + {{- with .Values.dispatcher.annotations }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- end }} + labels: + {{- include "keys.dispatcher.labels" . | nindent 4 }} + {{- with .Values.dispatcher.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.dispatcher.replicas }} + strategy: + {{- toYaml .Values.dispatcher.strategy | nindent 4 }} + selector: + matchLabels: + {{- include "keys.dispatcher.selectorLabels" . | nindent 6 }} + template: + metadata: + {{- with .Values.dispatcher.podAnnotations }} + annotations: + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "keys.dispatcher.labels" . | nindent 8 }} + {{- with .Values.dispatcher.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + containers: + - name: dispatcher + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} + imagePullPolicy: {{ .Values.imagePullPolicy }} + command: [ "keys-dispatcher" ] + resources: + {{- toYaml .Values.dispatcher.resources | nindent 12 }} + env: + {{- include "keys.env.db.deploys" . | nindent 12 }} + {{- include "keys.env.dispatcher" . | nindent 12 }} + {{- include "keys.env.kafka.audit" . | nindent 12 }} + {{- include "keys.env.featureFlags" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.env.custom.ca.path" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + volumes: + {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} + {{- end }} + {{- with .Values.dispatcher.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dispatcher.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.dispatcher.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} +{{- end }} diff --git a/charts/keys/templates/helpers.tpl b/charts/keys/templates/helpers.tpl index 97c148dff..6f6f7c3b5 100644 --- a/charts/keys/templates/helpers.tpl +++ b/charts/keys/templates/helpers.tpl @@ -10,6 +10,14 @@ {{ include "keys.name" . }}-tasker {{- end }} +{{- define "keys.dispatcher.name" -}} +{{ include "keys.name" . }}-dispatcher +{{- end }} + +{{- define "keys.cleaner.name" -}} +{{ include "keys.name" . }}-cleaner +{{- end }} + {{- define "keys.migrate.name" -}} {{ include "keys.name" . }}-migrate {{- end }} @@ -80,6 +88,22 @@ app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} +{{- define "keys.dispatcher.selectorLabels" -}} +app.kubernetes.io/name: {{ .Chart.Name }}-dispatcher +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "keys.dispatcher.labels" -}} +{{ include "keys.dispatcher.selectorLabels" . }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + +{{- define "keys.cleaner.labels" -}} +app.kubernetes.io/name: {{ .Chart.Name }}-cleaner +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} + {{- define "keys.import.labels" -}} app.kubernetes.io/name: {{ .Chart.Name }}-import app.kubernetes.io/instance: {{ .Release.Name }} @@ -132,6 +156,24 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} value: "{{ .Values.tasker.delay }}" {{- end }} +{{- define "keys.env.dispatcher" -}} +- name: KEYS_LOG_LEVEL + value: "{{ .Values.dispatcher.logLevel }}" +- name: KEYS_AUDIT_EVENTS_SEND_INTERVAL + value: "{{ .Values.dispatcher.auditEvents.sendInterval }}" +- name: KEYS_AUDIT_EVENTS_BATCH_MAX_SIZE + value: "{{ .Values.dispatcher.auditEvents.batchMaxSize }}" +- name: KEYS_AUDIT_EVENTS_HOLD_DURATION + value: "{{ .Values.dispatcher.auditEvents.holdDuration }}" +{{- end }} + +{{- define "keys.env.cleaner" -}} +- name: KEYS_LOG_LEVEL + value: "{{ .Values.dispatcher.cleaner.logLevel }}" +- name: KEYS_AUDIT_EVENTS_RETENTION_DURATION + value: "{{ .Values.dispatcher.cleaner.auditEvents.retentionDuration }}" +{{- end -}} + {{- define "keys.env.db" -}} - name: KEYS_DB_RO_HOST value: "{{ required "A valid .Values.postgres.ro.host required" .Values.postgres.ro.host }}" diff --git a/charts/keys/values.yaml b/charts/keys/values.yaml index 4fd7c3b0d..9f25e2ddc 100644 --- a/charts/keys/values.yaml +++ b/charts/keys/values.yaml @@ -31,7 +31,7 @@ featureFlags: backend: image: repository: 2gis-on-premise/keys-backend - tag: 1.87.0 + tag: 1.89.0 # @section Admin service settings @@ -342,6 +342,101 @@ tasker: tolerations: {} +# @section Dispatcher settings + +dispatcher: + + # @param dispatcher.enabled If dispatcher worker is deployed. + enabled: false + + # @param dispatcher.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. + logLevel: warning + + # @param dispatcher.replicas A replica count for the pod. + replicas: 1 + + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 64Mi + + # @param dispatcher.auditEvents.sendInterval Send audit events interval + # @param dispatcher.auditEvents.batchMaxSize Max batch size when sending audit events + # @param dispatcher.auditEvents.holdDuration In case of an unsuccessful attempt to send messages, the service will not resend it for a given duration + + auditEvents: + sendInterval: 1m + batchMaxSize: 1000 + holdDuration: 10m + + # @param dispatcher.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. + # @param dispatcher.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). + # @param dispatcher.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. + + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + + # @param dispatcher.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param dispatcher.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + + annotations: {} + labels: {} + + # @param dispatcher.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). + # @param dispatcher.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). + + podAnnotations: {} + podLabels: {} + + # @param dispatcher.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + # @param dispatcher.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). + # @param dispatcher.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. + + nodeSelector: {} + affinity: {} + tolerations: {} + + + # @extra dispatcher.cleaner **Settings for cronjob that cleans sent messages from database** + + cleaner: + + # @param dispatcher.cleaner.logLevel Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. + logLevel: warning + + # @param dispatcher.cleaner.auditEvents.retentionDuration Retention period for successfully sent audit messages. + + auditEvents: + retentionDuration: 4320h + + resources: + requests: + cpu: 10m + memory: 32Mi + limits: + cpu: 100m + memory: 64Mi + + # @param dispatcher.cleaner.cron.schedule Cron job schedule. + # @param dispatcher.cleaner.cron.successfulJobsHistoryLimit Specifies the number of successful finished jobs to keep. See [jobs history limits](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#jobs-history-limits). + # @param dispatcher.cleaner.cron.suspend You can suspend execution of Jobs for a CronJob, by setting the field to true. See [schedule suspension](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/#schedule-suspension). + + cron: + schedule: 0 1 * * * + successfulJobsHistoryLimit: 3 + suspend: false + + # @param dispatcher.cleaner.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). + + nodeSelector: {} + + # @section Redis settings redis: @@ -568,6 +663,18 @@ dgctlStorage: # @param tasker.resources.limits.cpu A CPU limit. # @param tasker.resources.limits.memory A memory limit. +# @extra dispatcher.resources **Limits for the Dispatcher service** +# @param dispatcher.resources.requests.cpu A CPU request. +# @param dispatcher.resources.requests.memory A memory request. +# @param dispatcher.resources.limits.cpu A CPU limit. +# @param dispatcher.resources.limits.memory A memory limit. + +# @extra dispatcher.cleaner.resources **Limits for the Cleaner service** +# @param dispatcher.cleaner.resources.requests.cpu A CPU request. +# @param dispatcher.cleaner.resources.requests.memory A memory request. +# @param dispatcher.cleaner.resources.limits.cpu A CPU limit. +# @param dispatcher.cleaner.resources.limits.memory A memory limit. + # @extra redis.resources **Limits for Redis** # @param redis.resources.requests.cpu A CPU request. # @param redis.resources.requests.memory A memory request. From abed271444d669098e90200a3b81dbcb2f5eda70 Mon Sep 17 00:00:00 2001 From: Andrey Morozov <62840181+endryhold@users.noreply.github.com> Date: Wed, 23 Oct 2024 17:42:35 +0700 Subject: [PATCH 75/91] Chore: Update styleguide for logging block (#521) --- styleguide.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/styleguide.md b/styleguide.md index c3540f0d6..985885bad 100644 --- a/styleguide.md +++ b/styleguide.md @@ -10,7 +10,7 @@ Файлы `README.md` формируются полуавтоматически. Для каждого чарта сначала необходимо создать файл `README.md` с общим описанием сервиса и пустым разделом «Values», а затем запустить инструмент [`readme-generator-for-helm`](https://github.com/bitnami-labs/readme-generator-for-helm) от Bitnami, чтобы автоматически заполнить раздел «Values» описаниями настроек на основе комментариев из `values.yaml`. Подробнее об использовании генератора можно прочитать в [документе](https://docs.google.com/document/d/1iEPG8tcCYu9q5iZssTAPOd43xh8uCQhNXyXhFPUTir8/edit). -Генератор можно запускать напрямую или с помощью [`Makefile`](Makefile), например: +Генератор можно запускать напрямую или с помощью [`Makefile`](Makefile) (лучше это делать на linux. На windows были замечены проблемы с лишними пустыми строками при генерации README.md), например: ```sh make prepare @@ -49,8 +49,8 @@ make charts/navi-back - В переменных, где предполагается конечный список значений, всегда его явно перечисляем. ```yaml - # @param LOG_LEVEL Log level: `error`, `warn`, `info` or `debug`. - LOG_LEVEL: error + # @param logLevel Log level: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. + logLevel: error ``` - Константы или переменные, которые никогда не меняются при типовом использовании сервиса, следует скрывать из `README.md` при помощи тэга `@skip`. @@ -89,6 +89,9 @@ make charts/navi-back - verticalPodAutoscaler - vpa - podDisruptionBudget - pdb - serviceAccount.yaml - serviceAccount + - Настройки логгирования: + - logLevel: `trace`, `debug`, `info`, `warning`, `error`, `fatal` + - logFormat: `json`, `plaintext` - Группы настроек называем везде одинаково. Предпочтение отдаём не сокращённым, а полным названиям. По возможности используем [официальные названия](https://github.com/helm/helm/blob/main/pkg/releaseutil/kind_sorter.go#L72). - Исключения: hpa, vpa, pdb From ee28f798e54cd5ce29296da8701952e091e5264c Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Thu, 24 Oct 2024 11:15:24 +0700 Subject: [PATCH 76/91] Citylens 1.14.0 (#523) --- charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 17 +++++++++-------- charts/citylens/templates/web/configmap.yaml | 5 +++++ charts/citylens/values.yaml | 11 +++++++---- 4 files changed, 22 insertions(+), 13 deletions(-) diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 66c091798..f39112e87 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.29.0 -appVersion: 1.13.1 +appVersion: 1.14.2 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 11925c672..2421360fe 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.13.1` | +| `api.image.tag` | Tag. | `1.14.2` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -133,7 +133,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.13.0` | +| `web.image.tag` | Tag. | `1.14.2` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -185,10 +185,11 @@ See the [documentation]() to learn about: ### Custom settings -| Name | Description | Value | -| -------------------- | ------------------------------------------------------ | -------------- | -| `web.logLevel` | Log level. | `WARNING` | -| `web.metricsAppName` | Value for service prometheus metrics label "app_name". | `citylens-web` | +| Name | Description | Value | +| -------------------- | ------------------------------------------------------------------------ | -------------- | +| `web.logLevel` | Log level. | `WARNING` | +| `web.metricsAppName` | Value for service prometheus metrics label "app_name". | `citylens-web` | +| `web.pgPoolSize` | Postgres: maximum number of connections in connections pool to maintain. | `5` | ### Metadata settings @@ -351,7 +352,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | `worker.dashboardBatchEvents.image.repository` | Repository. | `2gis-on-premise/citylens-workers` | -| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.13.0` | +| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.14.2` | | `worker.dashboardBatchEvents.image.pullPolicy` | Pull Policy. | `IfNotPresent` | | `worker.dashboardBatchEvents.logLevel` | Worker's log level. | `INFO` | | `worker.dashboardBatchEvents.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | @@ -369,7 +370,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.13.0` | +| `migrations.image.tag` | Tag. | `1.14.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | diff --git a/charts/citylens/templates/web/configmap.yaml b/charts/citylens/templates/web/configmap.yaml index 0aca2d866..376add551 100644 --- a/charts/citylens/templates/web/configmap.yaml +++ b/charts/citylens/templates/web/configmap.yaml @@ -29,6 +29,7 @@ data: metrics_app_name: {{ .Values.web.metricsAppName }} db_connections: postgres: {{ include "citylens.pgDSN" . | squote }} + postgres_pool_size: {{ .Values.web.pgPoolSize }} kafka: {{- with .Values.kafka }} bootstrap_servers: {{ required "A valid .Values.kafka.bootstrap.servers entry required" .bootstrapServer | squote }} @@ -44,6 +45,7 @@ data: {{- with .Values.s3 }} bucket_prefix: {{ required "A valid .Values.s3.bucketPrefix entry required" .bucketPrefix | squote }} logs_bucket_prefix: {{ required "A valid .Values.s3.logsBucketPrefix entry required" .logsBucketPrefix | squote }} + videos_bucket_prefix: '' {{- if .setPublicReadACL }} set_public_read_acl: {{ .setPublicReadACL }} {{- end }} @@ -51,12 +53,15 @@ data: log: '{track_uuid}/log_{log_timestamp_ms}' log_prefix: '{track_uuid}/log_' frame: {{ include "citylens.s3_constants.frame_key_template" . | squote }} + videos: '{track_uuid}/{resource_type}' client_params: aws_access_key_id: {{ required "A valid .Values.s3.accessKey entry required" .accessKey | squote }} aws_secret_access_key: {{ required "A valid .Values.s3.secretAccessKey entry required" .secretAccessKey | squote }} endpoint_url: {{ required "A valid .Values.s3.endpoint entry required" .endpoint | squote }} region_name: {{ .region }} verify: {{ .verifySsl }} + config: + max_pool_connections: 10 {{- end }} tracks_uploader: api: {{ .Values.worker.tracksUploader.api | squote }} diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 22395787f..9485c003b 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,7 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.13.1 + tag: 1.14.2 replicas: 4 @@ -214,6 +214,7 @@ api: # @param web.logLevel Log level. # @param web.metricsAppName Value for service prometheus metrics label "app_name". +# @param web.pgPoolSize Postgres: maximum number of connections in connections pool to maintain. # @section Metadata settings @@ -230,7 +231,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.13.0 + tag: 1.14.2 replicas: 1 @@ -277,6 +278,8 @@ web: verifySsl: true pkce: false + pgPoolSize: 5 + logLevel: WARNING metricsAppName: citylens-web @@ -611,7 +614,7 @@ worker: image: repository: 2gis-on-premise/citylens-workers pullPolicy: IfNotPresent - tag: 1.13.0 + tag: 1.14.2 revisionHistoryLimit: 3 @@ -647,7 +650,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.13.0 + tag: 1.14.0 resources: requests: From 17b28fe7ab4cb5a2b4a5cc117374f79dce687550 Mon Sep 17 00:00:00 2001 From: mprudnikov3 <139206622+mprudnikov3@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:03:29 +0700 Subject: [PATCH 77/91] Release 1.30.0 (#525) Co-authored-by: mprudnikov --- CHANGELOG.md | 38 +++++++++++++++++++++++++ charts/catalog-api/Chart.yaml | 2 +- charts/citylens/Chart.yaml | 2 +- charts/dgtt/Chart.yaml | 2 +- charts/floors-api/Chart.yaml | 2 +- charts/generic-chart/Chart.yaml | 2 +- charts/gis-platform/Chart.yaml | 2 +- charts/keycloak/Chart.yaml | 2 +- charts/keys/Chart.yaml | 2 +- charts/license/Chart.yaml | 2 +- charts/mapgl-js-api/Chart.yaml | 2 +- charts/navi-async-grpc-proxy/Chart.yaml | 2 +- charts/navi-async-matrix/Chart.yaml | 2 +- charts/navi-back/Chart.yaml | 2 +- charts/navi-castle/Chart.yaml | 2 +- charts/navi-front/Chart.yaml | 2 +- charts/navi-restrictions/Chart.yaml | 2 +- charts/navi-router/Chart.yaml | 2 +- charts/navi-splitter/Chart.yaml | 2 +- charts/platform/Chart.yaml | 2 +- charts/pro-api/Chart.yaml | 2 +- charts/pro-ui/Chart.yaml | 2 +- charts/pro-ui/README.md | 2 +- charts/pro-ui/values.yaml | 2 +- charts/search-api/Chart.yaml | 2 +- charts/stat-receiver/Chart.yaml | 2 +- charts/styles-api/Chart.yaml | 2 +- charts/tiles-api/Chart.yaml | 2 +- charts/tiles-api/README.md | 6 ++-- charts/tiles-api/values.yaml | 6 ++-- charts/traffic-proxy/Chart.yaml | 2 +- charts/twins-api/Chart.yaml | 2 +- image_versions.txt | 26 ++++++++--------- 33 files changed, 86 insertions(+), 48 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 699499879..f2fb5d692 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,43 @@ # 2GIS On-Premise Changelog +## [1.30.0] (2024-10-24) +#### [Breaking-Changes](Breaking-Changes.md#1300) +#### Images +``` +citylens + - citylens-api:1.13.1 + + citylens-api:1.14.2 + - citylens-database:1.13.0 + + citylens-database:1.14.0 + - citylens-web:1.13.0 + + citylens-web:1.14.2 + - citylens-workers:1.13.0 + + citylens-workers:1.14.2 +keys + - keys-backend:1.87.0 + + keys-backend:1.89.0 +pro-api + - pro-api:1.35.0 + + pro-api:1.41.0 + - pro-importer:1.35.0 + + pro-importer:1.41.0 + - pro-importer:1.35.0 + + pro-importer:1.41.0 + - pro-permissions-api:1.35.0 + + pro-permissions-api:1.41.0 +pro-ui + - pro-importer:1.35.0 + + pro-importer:1.41.0 +tiles-api + - tiles-api-importer:4.54.0 + + tiles-api-importer:4.61.0 + - tiles-api-proxy:4.54.0 + + tiles-api-proxy:4.61.0 + - tiles-api:4.54.0 + + tiles-api:4.61.0 + +``` + ## [1.29.0] (2024-10-02) #### [Breaking-Changes](Breaking-Changes.md#1290) #### Images diff --git a/charts/catalog-api/Chart.yaml b/charts/catalog-api/Chart.yaml index fd35e1524..861982e1a 100644 --- a/charts/catalog-api/Chart.yaml +++ b/charts/catalog-api/Chart.yaml @@ -3,7 +3,7 @@ name: catalog-api type: application description: A Helm chart for Kubernetes to deploy Catalog APIs -version: 1.29.0 +version: 1.30.0 appVersion: 3.625.0 maintainers: diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index f39112e87..f8cc8d890 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -3,7 +3,7 @@ name: citylens type: application description: A Helm chart for Kubernetes to deploy Citylens service -version: 1.29.0 +version: 1.30.0 appVersion: 1.14.2 maintainers: diff --git a/charts/dgtt/Chart.yaml b/charts/dgtt/Chart.yaml index 4fee8e3d8..bded37c3f 100644 --- a/charts/dgtt/Chart.yaml +++ b/charts/dgtt/Chart.yaml @@ -3,7 +3,7 @@ name: dgtt description: DGTT Helm chart for Kubernetes type: application -version: 1.29.0 +version: 1.30.0 appVersion: 0.2.27-b188673e09 maintainers: diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml index d5029c3cd..dcca97988 100644 --- a/charts/floors-api/Chart.yaml +++ b/charts/floors-api/Chart.yaml @@ -3,7 +3,7 @@ name: floors-api description: Helm for floors service type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.0.4 maintainers: diff --git a/charts/generic-chart/Chart.yaml b/charts/generic-chart/Chart.yaml index b3c1beadb..9f7dc0f55 100644 --- a/charts/generic-chart/Chart.yaml +++ b/charts/generic-chart/Chart.yaml @@ -4,7 +4,7 @@ description: Generic library Helm chart for 2Gis type: library keywords: - library -version: 1.29.0 +version: 1.30.0 maintainers: - name: 2gis url: https://github.com/2gis diff --git a/charts/gis-platform/Chart.yaml b/charts/gis-platform/Chart.yaml index b2cedfe28..98388be68 100644 --- a/charts/gis-platform/Chart.yaml +++ b/charts/gis-platform/Chart.yaml @@ -4,7 +4,7 @@ description: GIS Platform type: application -version: 1.29.0 +version: 1.30.0 appVersion: 2023.8.3-0 dependencies: diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 1b000468d..1ab557058 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -3,7 +3,7 @@ name: keycloak type: application description: Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort. -version: 1.29.0 +version: 1.30.0 appVersion: 21.1.1-debian-11-r4 maintainers: diff --git a/charts/keys/Chart.yaml b/charts/keys/Chart.yaml index 542a427ec..eb3ef77bb 100644 --- a/charts/keys/Chart.yaml +++ b/charts/keys/Chart.yaml @@ -3,7 +3,7 @@ name: keys type: application description: A Helm chart for Kubernetes to deploy API Keys service -version: 1.29.0 +version: 1.30.0 appVersion: 1.89.0 maintainers: diff --git a/charts/license/Chart.yaml b/charts/license/Chart.yaml index fd5858e7b..236d37a69 100644 --- a/charts/license/Chart.yaml +++ b/charts/license/Chart.yaml @@ -3,7 +3,7 @@ name: license type: application description: A Helm chart for Kubernetes to deploy License service -version: 1.29.0 +version: 1.30.0 appVersion: 2.2.3 maintainers: diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index dba618f3b..66773891d 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -4,7 +4,7 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.51.0 maintainers: diff --git a/charts/navi-async-grpc-proxy/Chart.yaml b/charts/navi-async-grpc-proxy/Chart.yaml index b0be35a30..88633c128 100644 --- a/charts/navi-async-grpc-proxy/Chart.yaml +++ b/charts/navi-async-grpc-proxy/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - dm-async-matrix - async-grpc-proxy -version: 1.29.0 +version: 1.30.0 appVersion: 0.0.2 maintainers: - name: 2gis diff --git a/charts/navi-async-matrix/Chart.yaml b/charts/navi-async-matrix/Chart.yaml index d350995a6..621bf6a3b 100644 --- a/charts/navi-async-matrix/Chart.yaml +++ b/charts/navi-async-matrix/Chart.yaml @@ -4,7 +4,7 @@ description: Service implements asynchronous API over Distance Matrix type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.11.2 maintainers: diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index 131789c58..e3c83e53c 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - back - backend -version: 1.29.0 +version: 1.30.0 appVersion: 7.27.1.2 dependencies: - name: generic-chart diff --git a/charts/navi-castle/Chart.yaml b/charts/navi-castle/Chart.yaml index 6e9beccb3..0080cae33 100644 --- a/charts/navi-castle/Chart.yaml +++ b/charts/navi-castle/Chart.yaml @@ -4,7 +4,7 @@ description: Castle Helm chart for Kubernetes type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.9.2 maintainers: diff --git a/charts/navi-front/Chart.yaml b/charts/navi-front/Chart.yaml index f0315fe0e..f69750652 100644 --- a/charts/navi-front/Chart.yaml +++ b/charts/navi-front/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - front -version: 1.29.0 +version: 1.30.0 appVersion: 1.24.1 maintainers: - name: 2gis diff --git a/charts/navi-restrictions/Chart.yaml b/charts/navi-restrictions/Chart.yaml index 743b19fb8..7bd265524 100644 --- a/charts/navi-restrictions/Chart.yaml +++ b/charts/navi-restrictions/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Restrictions backend type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.24.1 maintainers: diff --git a/charts/navi-router/Chart.yaml b/charts/navi-router/Chart.yaml index 4740b9cb0..4def4c763 100644 --- a/charts/navi-router/Chart.yaml +++ b/charts/navi-router/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - router -version: 1.29.0 +version: 1.30.0 appVersion: 6.24.0.3 maintainers: - name: 2gis diff --git a/charts/navi-splitter/Chart.yaml b/charts/navi-splitter/Chart.yaml index 001ee1da8..2712eff5a 100644 --- a/charts/navi-splitter/Chart.yaml +++ b/charts/navi-splitter/Chart.yaml @@ -15,5 +15,5 @@ maintainers: - name: 2gis url: https://github.com/2gis email: on-premise@2gis.com -version: 1.29.0 +version: 1.30.0 appVersion: 1.0.1 diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index b487ad650..5fb4fb9c0 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -3,7 +3,7 @@ name: platform type: application description: A Helm chart for Kubernetes to deploy Platform -version: 1.29.0 +version: 1.30.0 appVersion: 0.15.1 maintainers: diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index 0c0bec5f0..9cb7b13b3 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,7 +4,7 @@ description: Geo API for getting geo data type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.41.0 maintainers: diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index f16c1db1e..ab3ce3214 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,7 +3,7 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.29.0 +version: 1.30.0 appVersion: 2.27.0 maintainers: diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 47b3c7a8c..b579824d4 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -179,7 +179,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `stylesImporter.name` | Styles Import job name. | `styles-importer` | | `stylesImporter.image.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `stylesImporter.image.tag` | Docker image tag. | `1.35.0` | +| `stylesImporter.image.tag` | Docker image tag. | `1.41.0` | | `stylesImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `stylesImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | | `stylesImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 828219900..e139ad82e 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -292,7 +292,7 @@ stylesImporter: name: styles-importer image: repository: 2gis-on-premise/pro-importer - tag: 1.35.0 + tag: 1.41.0 backoffLimit: 2 successfulJobsHistoryLimit: 3 nodeSelector: {} diff --git a/charts/search-api/Chart.yaml b/charts/search-api/Chart.yaml index b234795ce..bdab4ab85 100644 --- a/charts/search-api/Chart.yaml +++ b/charts/search-api/Chart.yaml @@ -4,7 +4,7 @@ description: Search engine for catalog type: application -version: 1.29.0 +version: 1.30.0 appVersion: 7.80.0 maintainers: diff --git a/charts/stat-receiver/Chart.yaml b/charts/stat-receiver/Chart.yaml index cc9d5b4e4..4d242a98a 100644 --- a/charts/stat-receiver/Chart.yaml +++ b/charts/stat-receiver/Chart.yaml @@ -3,7 +3,7 @@ name: stat-receiver type: application description: A Helm chart for Kubernetes to deploy Stat Receiver -version: 1.29.0 +version: 1.30.0 appVersion: 1.11.1 maintainers: diff --git a/charts/styles-api/Chart.yaml b/charts/styles-api/Chart.yaml index 8e9354feb..401bee3d5 100644 --- a/charts/styles-api/Chart.yaml +++ b/charts/styles-api/Chart.yaml @@ -3,7 +3,7 @@ name: styles-api type: application description: A Helm chart for Kubernetes to deploy API Styles service -version: 1.29.0 +version: 1.30.0 appVersion: 0.30.0 maintainers: diff --git a/charts/tiles-api/Chart.yaml b/charts/tiles-api/Chart.yaml index 60a60514f..a0b0e0875 100644 --- a/charts/tiles-api/Chart.yaml +++ b/charts/tiles-api/Chart.yaml @@ -4,7 +4,7 @@ description: Tiles API for getting cartographic data type: application -version: 1.29.0 +version: 1.30.0 appVersion: 4.61.0 maintainers: diff --git a/charts/tiles-api/README.md b/charts/tiles-api/README.md index dcbdfbcd0..788dea89a 100644 --- a/charts/tiles-api/README.md +++ b/charts/tiles-api/README.md @@ -90,7 +90,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `proxy.resources.limits.memory` | A memory limit. | `512Mi` | | `proxy.image` | **Docker image settings** | | | `proxy.image.repository` | Docker Repository. | `2gis-on-premise/tiles-api-proxy` | -| `proxy.image.tag` | Docker image tag. | `4.54.0` | +| `proxy.image.tag` | Docker image tag. | `4.61.0` | | `proxy.image.pullPolicy` | Kubernetes pull policy for the service's Docker image. | `IfNotPresent` | | `proxy.access` | **API Keys service access settings** | | | `proxy.access.enabled` | If access to the [API Keys service](https://docs.2gis.com/en/on-premise/keys) is enabled. | `false` | @@ -126,7 +126,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `api.resources.limits.memory` | A memory limit. | `512Mi` | | `api.image` | **Docker image settings** | | | `api.image.repository` | Docker Repository. | `2gis-on-premise/tiles-api` | -| `api.image.tag` | Docker image tag. | `4.54.0` | +| `api.image.tag` | Docker image tag. | `4.61.0` | | `api.image.pullPolicy` | Kubernetes pull policy for the service's Docker image. | `IfNotPresent` | | `api.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `api.strategy.rollingUpdate` | **Service's Rolling Update strategy settings** | | @@ -201,7 +201,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `importer.resources.limits.memory` | A memory limit. | `256Mi` | | `importer.image` | **Docker image settings** | | | `importer.image.repository` | Docker Repository. | `2gis-on-premise/tiles-api-importer` | -| `importer.image.tag` | Docker image tag. | `4.54.0` | +| `importer.image.tag` | Docker image tag. | `4.61.0` | | `importer.image.pullPolicy` | Kubernetes pull policy for the service's Docker image. | `IfNotPresent` | | `importer.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | | `importer.cleaner` | **Cassandra keyspace lifecycle management and Cleaner settings** | | diff --git a/charts/tiles-api/values.yaml b/charts/tiles-api/values.yaml index 4873d5a70..74eeaf3dd 100644 --- a/charts/tiles-api/values.yaml +++ b/charts/tiles-api/values.yaml @@ -124,7 +124,7 @@ proxy: image: repository: 2gis-on-premise/tiles-api-proxy - tag: 4.54.0 + tag: 4.61.0 pullPolicy: IfNotPresent containerPort: 5000 @@ -181,7 +181,7 @@ api: image: repository: 2gis-on-premise/tiles-api - tag: 4.54.0 + tag: 4.61.0 pullPolicy: IfNotPresent terminationGracePeriodSeconds: 30 @@ -339,7 +339,7 @@ importer: image: repository: 2gis-on-premise/tiles-api-importer - tag: 4.54.0 + tag: 4.61.0 pullPolicy: IfNotPresent diff --git a/charts/traffic-proxy/Chart.yaml b/charts/traffic-proxy/Chart.yaml index 5151db4a8..5035695f1 100644 --- a/charts/traffic-proxy/Chart.yaml +++ b/charts/traffic-proxy/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Proxy for traffic jams type: application -version: 1.29.0 +version: 1.30.0 appVersion: 1.21.6 maintainers: diff --git a/charts/twins-api/Chart.yaml b/charts/twins-api/Chart.yaml index 853b4b68a..caf15e205 100644 --- a/charts/twins-api/Chart.yaml +++ b/charts/twins-api/Chart.yaml @@ -3,7 +3,7 @@ name: twins-api type: application description: A Helm chart for Kubernetes to deploy API Twins service -version: 1.29.0 +version: 1.30.0 appVersion: 1.13.0 maintainers: diff --git a/image_versions.txt b/image_versions.txt index 8e552efa5..1d7d37b3c 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -2,10 +2,10 @@ catalog-api catalog-api:3.625.0 catalog-importer:1.7.0 citylens - citylens-api:1.13.1 - citylens-database:1.13.0 - citylens-web:1.13.0 - citylens-workers:1.13.0 + citylens-api:1.14.2 + citylens-database:1.14.0 + citylens-web:1.14.2 + citylens-workers:1.14.2 dgtt dgtt:0.2.27-b188673e09 floors-api @@ -22,7 +22,7 @@ keycloak keycloak-themes:0.0.8 keycloak:21.1.1-debian-11-r4 keys - keys-backend:1.87.0 + keys-backend:1.89.0 keys-redis:6.2.6-alpine3.15 keys-ui:0.8.0 license @@ -52,12 +52,12 @@ navi-splitter platform platform-ui:0.15.1 pro-api - pro-api:1.35.0 - pro-importer:1.35.0 - pro-importer:1.35.0 - pro-permissions-api:1.35.0 + pro-api:1.41.0 + pro-importer:1.41.0 + pro-importer:1.41.0 + pro-permissions-api:1.41.0 pro-ui - pro-importer:1.35.0 + pro-importer:1.41.0 pro-ui:2.27.0 search-api search-api:7.80.0 @@ -68,9 +68,9 @@ stat-receiver styles-api styles-api:0.30.0 tiles-api - tiles-api-importer:4.54.0 - tiles-api-proxy:4.54.0 - tiles-api:4.54.0 + tiles-api-importer:4.61.0 + tiles-api-proxy:4.61.0 + tiles-api:4.61.0 traffic-proxy nginx:1.21.6 twins-api From 661d2703aed0bab939bf7da2eec0e71df0a490b6 Mon Sep 17 00:00:00 2001 From: mprudnikov3 <139206622+mprudnikov3@users.noreply.github.com> Date: Thu, 24 Oct 2024 14:34:07 +0700 Subject: [PATCH 78/91] Release 1.30.0 (#526) (#527) From 32d6538779f0b3f1544e04380b84942189490282 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Thu, 31 Oct 2024 10:00:23 +0500 Subject: [PATCH 79/91] Fix lint warning for accessLog value (#529) --- charts/traffic-proxy/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/traffic-proxy/values.yaml b/charts/traffic-proxy/values.yaml index 543d8d60f..0d656bc0a 100644 --- a/charts/traffic-proxy/values.yaml +++ b/charts/traffic-proxy/values.yaml @@ -72,7 +72,7 @@ proxy: errorLog: level: error - accessLog: off + accessLog: 'off' # accessLog: '/dev/stdout main' keepaliveTimeout: 65 From 31ee157c5aef0c8ef9bc4082d7a2a32533269c31 Mon Sep 17 00:00:00 2001 From: Dmitry Nischeta <55282960+dnischeta@users.noreply.github.com> Date: Wed, 6 Nov 2024 17:09:22 +0500 Subject: [PATCH 80/91] TILES-6894 floors-api: add user certs (#524) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * floors-api: add user certs * Format --------- Co-authored-by: Нищета Дмитрий Антонович --- charts/floors-api/Chart.yaml | 2 +- charts/floors-api/README.md | 7 +++++++ charts/floors-api/templates/_helpers.tpl | 11 +++++++++++ .../templates/custom-ca.configmap.yaml | 13 +++++++++++++ charts/floors-api/templates/deployment.yaml | 16 ++++++++++++++++ charts/floors-api/values.yaml | 13 +++++++++++++ 6 files changed, 61 insertions(+), 1 deletion(-) create mode 100644 charts/floors-api/templates/custom-ca.configmap.yaml diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml index dcca97988..46a52ec99 100644 --- a/charts/floors-api/Chart.yaml +++ b/charts/floors-api/Chart.yaml @@ -4,7 +4,7 @@ description: Helm for floors service type: application version: 1.30.0 -appVersion: 1.0.4 +appVersion: 1.1.0 maintainers: - name: 2gis diff --git a/charts/floors-api/README.md b/charts/floors-api/README.md index ca22ca032..659971d8b 100644 --- a/charts/floors-api/README.md +++ b/charts/floors-api/README.md @@ -108,3 +108,10 @@ Read more about the On-Premise solution [here](https://docs.2gis.com/en/on-premi | `import.resources.requests.memory` | A memory request, e.g., `128Mi`. | | | `import.resources.limits.cpu` | A CPU limit, e.g., `100m`. | | | `import.resources.limits.memory` | A memory limit, e.g., `128Mi`. | | + +### **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. | `""` | diff --git a/charts/floors-api/templates/_helpers.tpl b/charts/floors-api/templates/_helpers.tpl index 2c779c3d1..b7dd3acf3 100644 --- a/charts/floors-api/templates/_helpers.tpl +++ b/charts/floors-api/templates/_helpers.tpl @@ -67,3 +67,14 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- print "autoscaling/v2" -}} {{- end -}} {{- end -}} + +{{/* +Mount directory for custom CA +*/}} +{{- define "floors.customCA.mountPath" -}} +{{ $.Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} + +{{- define "floors.checksum" -}} +{{ (include (print $.Template.BasePath .path) $ | fromYaml).data | toYaml | sha256sum }} +{{- end }} diff --git a/charts/floors-api/templates/custom-ca.configmap.yaml b/charts/floors-api/templates/custom-ca.configmap.yaml new file mode 100644 index 000000000..01c05c359 --- /dev/null +++ b/charts/floors-api/templates/custom-ca.configmap.yaml @@ -0,0 +1,13 @@ +{{- if $.Values.customCAs.bundle }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "floors.fullname" . }}-custom-ca + labels: + {{- include "floors.labels" . | nindent 4 }} + +data: + custom-ca.crt: |- + {{- $.Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/floors-api/templates/deployment.yaml b/charts/floors-api/templates/deployment.yaml index 0a96741a3..95e9c9f33 100644 --- a/charts/floors-api/templates/deployment.yaml +++ b/charts/floors-api/templates/deployment.yaml @@ -27,6 +27,7 @@ spec: metadata: {{- with .Values.podAnnotations }} annotations: + checksum/custom-ca: {{ include "floors.checksum" (merge (dict "path" "/custom-ca.configmap.yaml") $) }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- toYaml . | nindent 8 }} {{- end }} @@ -60,9 +61,19 @@ spec: value: "{{ .Values.dgctlStorage.region }}" - name: IMPORTER_S3_SECURE value: "{{ .Values.dgctlStorage.secure }}" + {{- if $.Values.customCAs.bundle }} + - name: IMPORTER_SSL_CERT_FILE + value: {{ include "floors.customCA.mountPath" $ }}/custom-ca.crt + {{- end }} volumeMounts: - name: {{ include "floors.fullname" $ }}-data mountPath: "/var/floorsConvertedData" + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + mountPath: {{ include "floors.customCA.mountPath" $ }}/custom-ca.crt + subPath: custom-ca.crt + readOnly: true + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} containers: @@ -146,6 +157,11 @@ spec: path: servers.conf - name: {{ include "floors.fullname" $ }}-data emptyDir: {} + {{- if $.Values.customCAs.bundle }} + - name: custom-ca + configMap: + name: {{ include "floors.fullname" $ }}-custom-ca + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} diff --git a/charts/floors-api/values.yaml b/charts/floors-api/values.yaml index e2c35d9e5..80ae38733 100644 --- a/charts/floors-api/values.yaml +++ b/charts/floors-api/values.yaml @@ -166,3 +166,16 @@ import: repository: 2gis-on-premise/floors-importer pullPolicy: IfNotPresent tag: 1.0.4 + +# @section **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. + +customCAs: + bundle: '' + # bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' From a676d13774398f86b17f60fc0965c85d5645352a Mon Sep 17 00:00:00 2001 From: Dmitry Nischeta <55282960+dnischeta@users.noreply.github.com> Date: Wed, 6 Nov 2024 17:13:13 +0500 Subject: [PATCH 81/91] Bump mapgl-js-api (#530) --- charts/mapgl-js-api/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index 66773891d..287c5290f 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -5,7 +5,7 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application version: 1.30.0 -appVersion: 1.51.0 +appVersion: 1.53.0 maintainers: - name: 2gis From b360648adf57946fdb49a310aeb14c1856710831 Mon Sep 17 00:00:00 2001 From: mprudnikov3 <139206622+mprudnikov3@users.noreply.github.com> Date: Wed, 6 Nov 2024 19:17:35 +0700 Subject: [PATCH 82/91] Fix release MM notification (#528) --- .github/workflows/mm-release-notify.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/mm-release-notify.yaml b/.github/workflows/mm-release-notify.yaml index bb75c0b83..64589ffaa 100644 --- a/.github/workflows/mm-release-notify.yaml +++ b/.github/workflows/mm-release-notify.yaml @@ -23,5 +23,5 @@ jobs: MATTERMOST_USERNAME: Github MATTERMOST_ICON_URL: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c2/GitHub_Invertocat_Logo.svg/256px-GitHub_Invertocat_Logo.svg.png TEXT: | - Опубликован On-Premise: ${{ github.ref_name }} - Документация: https://confluence.2gis.ru/display/Karta/Release+${{ github.ref_name }}+On-Premise + Опубликован On-Premise: ${{ github.event.workflow_run.head_branch }} + Документация: https://confluence.2gis.ru/display/ONPREM/Release+${{ github.event.workflow_run.head_branch }}+On-Premise From 1f7b020e4fc59d1da2236bf4137aa0f018572734 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Wed, 6 Nov 2024 17:18:08 +0500 Subject: [PATCH 83/91] Fix customCAs include in navi-castle cronjob template (#517) --- charts/navi-castle/templates/cronjob.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/navi-castle/templates/cronjob.yaml b/charts/navi-castle/templates/cronjob.yaml index 87dde3969..a12ee3f5d 100644 --- a/charts/navi-castle/templates/cronjob.yaml +++ b/charts/navi-castle/templates/cronjob.yaml @@ -38,7 +38,7 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config configMap: name: {{ include "castle.fullname" $ }}-builder-config - {{- if .Values.customCAs.bundle }} + {{- if $.Values.customCAs.bundle }} - name: {{ include "castle.fullname" $ }}-ca configMap: name: {{ include "castle.fullname" $ }}-ca @@ -53,7 +53,7 @@ spec: - /opt/config_builder.conf - --service={{ include "castle.serviceParameter" ( dict "flavor" $flavor ) }} - --jobs={{ $.Values.castle.jobs | default 1 | int }} - {{- if .Values.customCAs.bundle }} + {{- if $.Values.customCAs.bundle }} env: - name: SSL_CERT_FILE value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt @@ -65,7 +65,7 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: {{ $.Values.castle.castleDataPath }}/cities_template subPath: cities_template - {{- if .Values.customCAs.bundle }} + {{- if $.Values.customCAs.bundle }} - name: {{ include "castle.fullname" $ }}-ca mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt subPath: custom-ca.crt From 8b342e6ced8fc16fa71de7f9e45119400780996a Mon Sep 17 00:00:00 2001 From: Dmitriy Donov Date: Wed, 6 Nov 2024 19:53:09 +0700 Subject: [PATCH 84/91] =?UTF-8?q?WAPI-23658=20=D0=B4=D0=BE=D0=B1=D0=B0?= =?UTF-8?q?=D0=B2=D0=BB=D0=B5=D0=BD=D1=8B=20=D0=BD=D0=B5=D0=B4=D0=BE=D1=81?= =?UTF-8?q?=D1=82=D0=B0=D1=8E=D1=89=D0=B8=D0=B5=20=D0=BF=D0=B0=D1=80=D0=B0?= =?UTF-8?q?=D0=BC=D0=B5=D1=82=D1=80=D1=8B=20=D0=B2=20=D0=BA=D0=BE=D0=BD?= =?UTF-8?q?=D1=84=D0=B8=D0=B3=20dgctlStorage=20(#503)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * WAPI-23658 добавлены недостающие параметры в конфиг dgctlStorage * WAPI-23658 добавлены недостающие параметры в конфиг dgctlStorage * WAPI-23658 добавлены недостающие параметры в конфиг dgctlStorage * WAPI-23658 добавлены недостающие параметры в конфиг dgctlStorage --------- Co-authored-by: Donov Dmitriy --- charts/twins-api/README.md | 17 ++++++++++------- charts/twins-api/templates/_helpers.tpl | 6 ++++++ charts/twins-api/values.yaml | 6 ++++++ 3 files changed, 22 insertions(+), 7 deletions(-) diff --git a/charts/twins-api/README.md b/charts/twins-api/README.md index d8c3efda9..a226167d2 100644 --- a/charts/twins-api/README.md +++ b/charts/twins-api/README.md @@ -25,13 +25,16 @@ Use this Helm chart to deploy API Twins service, which is a part of 2GIS's [On-P ### Deployment Artifacts Storage settings -| Name | Description | Value | -| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| `dgctlStorage.host` | S3 host. Format: `host:port`. **Required** | `""` | -| `dgctlStorage.bucket` | S3 bucket name. **Required** | `""` | -| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | -| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | -| `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`
This file contains the description of pieces of data that the service requires to operate. **Required** | `""` | +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `dgctlStorage.host` | S3 host. Format: `host:port`. **Required** | `""` | +| `dgctlStorage.region` | S3 region name. | `""` | +| `dgctlStorage.secure` | Set to `true` if dgctlStorage.host must be accessed via https. **Required** | `false` | +| `dgctlStorage.verifySsl` | Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required** | `true` | +| `dgctlStorage.bucket` | S3 bucket name. **Required** | `""` | +| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | +| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | +| `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`
This file contains the description of pieces of data that the service requires to operate. **Required** | `""` | ### API service settings diff --git a/charts/twins-api/templates/_helpers.tpl b/charts/twins-api/templates/_helpers.tpl index 42c6fabaa..be6ce1950 100644 --- a/charts/twins-api/templates/_helpers.tpl +++ b/charts/twins-api/templates/_helpers.tpl @@ -153,6 +153,12 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} value: "{{ .Values.importer.postgres.schemaSwitchEnabled }}" - name: TWINS_S3_ENDPOINT value: "{{ .Values.dgctlStorage.host }}" +- name: TWINS_S3_REGION + value: "{{ .Values.dgctlStorage.region }}" +- name: TWINS_S3_SECURE + value: "{{ .Values.dgctlStorage.secure }}" +- name: TWINS_S3_VERIFY_SSL + value: "{{ .Values.dgctlStorage.verifySsl }}" - name: TWINS_S3_BUCKET value: "{{ .Values.dgctlStorage.bucket }}" - name: TWINS_S3_ACCESS_KEY diff --git a/charts/twins-api/values.yaml b/charts/twins-api/values.yaml index be79dd650..7a06d6fb1 100644 --- a/charts/twins-api/values.yaml +++ b/charts/twins-api/values.yaml @@ -17,6 +17,9 @@ imagePullSecrets: [] # @section Deployment Artifacts Storage settings # @param dgctlStorage.host S3 host. Format: `host:port`. **Required** +# @param dgctlStorage.region S3 region name. +# @param dgctlStorage.secure Set to `true` if dgctlStorage.host must be accessed via https. **Required** +# @param dgctlStorage.verifySsl Set to `false` if dgctlStorage.host must be accessed via https without certificate validation. **Required** # @param dgctlStorage.bucket S3 bucket name. **Required** # @param dgctlStorage.accessKey S3 access key for accessing the bucket. **Required** # @param dgctlStorage.secretKey S3 secret key for accessing the bucket. **Required** @@ -24,6 +27,9 @@ imagePullSecrets: [] dgctlStorage: host: '' + region: '' + secure: false + verifySsl: true bucket: '' accessKey: '' secretKey: '' From 9fbcef59e437667e39d99f2df64c6367ca447201 Mon Sep 17 00:00:00 2001 From: Sergey Vlasov Date: Wed, 20 Nov 2024 07:35:46 +0500 Subject: [PATCH 85/91] [stat-receiver] Refactoring by styleguide (#535) * Add logLevel, change chart by style guide * Update README --- charts/stat-receiver/README.md | 8 ++++++++ .../configs/api/application.conf.template | 2 +- .../configs/api/{logback.xml => logback.xml.template} | 2 +- .../configs/streams/application.conf.template | 2 +- .../streams/{logback.xml => logback.xml.template} | 2 +- charts/stat-receiver/templates/api/configmap.yaml | 3 +-- charts/stat-receiver/templates/streams/configmap.yaml | 2 +- charts/stat-receiver/values.schema.json | 8 +++++++- charts/stat-receiver/values.yaml | 11 +++++++++++ 9 files changed, 32 insertions(+), 8 deletions(-) rename charts/stat-receiver/configs/api/{logback.xml => logback.xml.template} (89%) rename charts/stat-receiver/configs/streams/{logback.xml => logback.xml.template} (89%) diff --git a/charts/stat-receiver/README.md b/charts/stat-receiver/README.md index 0444fdd00..3c3f44f1c 100644 --- a/charts/stat-receiver/README.md +++ b/charts/stat-receiver/README.md @@ -135,6 +135,14 @@ helm upgrade stat-receiver 2gis-on-premise/stat-receiver -f values-stat-receiver | `ingress.enabled` | If Ingress is enabled for the service. | `false` | | `ingress.hosts[0].host` | Hostname for the Ingress service. | `stat-receiver.host` | +### stat-receiver parameters + +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------- | ------- | +| `initializeTopics.enabled` | If true, topics will be created automatically. | `false` | +| `topicsPrefix` | Prefix for topics. | `""` | +| `logLevel` | Log level: `TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `OFF` | `INFO` | + ## Maintainers diff --git a/charts/stat-receiver/configs/api/application.conf.template b/charts/stat-receiver/configs/api/application.conf.template index e31217005..ec7b31aad 100644 --- a/charts/stat-receiver/configs/api/application.conf.template +++ b/charts/stat-receiver/configs/api/application.conf.template @@ -8,7 +8,7 @@ schema-loader = { v-3-schemas-path = "file:///app/schema/v3/0/" } -initialize-topics = {{ required "A valid .Values.initializeTopics entry required" .Values.initializeTopics }} +initialize-topics = {{ required "A valid .Values.initializeTopics.enabled entry required" .Values.initializeTopics.enabled }} topics-manager.prefix = {{ required "A valid .Values.topicsPrefix entry required" .Values.topicsPrefix }} input-bss-topic = "{{ required "A valid .Values.topicsPrefix entry required" .Values.topicsPrefix }}input" diff --git a/charts/stat-receiver/configs/api/logback.xml b/charts/stat-receiver/configs/api/logback.xml.template similarity index 89% rename from charts/stat-receiver/configs/api/logback.xml rename to charts/stat-receiver/configs/api/logback.xml.template index fc91a7609..51ea1299b 100644 --- a/charts/stat-receiver/configs/api/logback.xml +++ b/charts/stat-receiver/configs/api/logback.xml.template @@ -14,7 +14,7 @@ - + diff --git a/charts/stat-receiver/configs/streams/application.conf.template b/charts/stat-receiver/configs/streams/application.conf.template index d34c24b4e..9cbf44b36 100644 --- a/charts/stat-receiver/configs/streams/application.conf.template +++ b/charts/stat-receiver/configs/streams/application.conf.template @@ -21,7 +21,7 @@ streams = { v-3-schemas-path = "file:///app/schema/v3/0/" } - initialize-topics = {{ required "A valid .Values.initializeTopics entry required" .Values.initializeTopics }} + initialize-topics = {{ required "A valid .Values.initializeTopics.enabled entry required" .Values.initializeTopics.enabled }} topics-manager.prefix = {{ required "A valid .Values.topicsPrefix entry required" .Values.topicsPrefix }} input-topics = [ diff --git a/charts/stat-receiver/configs/streams/logback.xml b/charts/stat-receiver/configs/streams/logback.xml.template similarity index 89% rename from charts/stat-receiver/configs/streams/logback.xml rename to charts/stat-receiver/configs/streams/logback.xml.template index 059276c93..1a3cc6ee8 100644 --- a/charts/stat-receiver/configs/streams/logback.xml +++ b/charts/stat-receiver/configs/streams/logback.xml.template @@ -12,7 +12,7 @@ - + diff --git a/charts/stat-receiver/templates/api/configmap.yaml b/charts/stat-receiver/templates/api/configmap.yaml index 4ee1e5b31..ca4f4abd3 100644 --- a/charts/stat-receiver/templates/api/configmap.yaml +++ b/charts/stat-receiver/templates/api/configmap.yaml @@ -10,5 +10,4 @@ data: application.conf: |- {{- tpl (.Files.Get "configs/api/application.conf.template") . | nindent 4 }} logback.xml: |- - {{- .Files.Get "configs/api/logback.xml" | nindent 4 }} - \ No newline at end of file + {{- tpl (.Files.Get "configs/api/logback.xml.template") . | nindent 4 }} diff --git a/charts/stat-receiver/templates/streams/configmap.yaml b/charts/stat-receiver/templates/streams/configmap.yaml index e0d797eed..b389b75b1 100644 --- a/charts/stat-receiver/templates/streams/configmap.yaml +++ b/charts/stat-receiver/templates/streams/configmap.yaml @@ -8,4 +8,4 @@ data: application.conf: |- {{- tpl (.Files.Get "configs/streams/application.conf.template") . | nindent 4 }} logback.xml: |- - {{- .Files.Get "configs/streams/logback.xml" | nindent 4 }} + {{- tpl (.Files.Get "configs/streams/logback.xml.template") . | nindent 4 }} diff --git a/charts/stat-receiver/values.schema.json b/charts/stat-receiver/values.schema.json index 528b0d978..0414dd245 100644 --- a/charts/stat-receiver/values.schema.json +++ b/charts/stat-receiver/values.schema.json @@ -9,7 +9,13 @@ { "$ref": "#/definitions/ip_or_host" } ] }, - "initializeTopics": { "type": "boolean" }, + "initializeTopics": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { "type": "boolean" } + } + }, "topicsPrefix": { "type": "string" }, "api": { "type": "object", diff --git a/charts/stat-receiver/values.yaml b/charts/stat-receiver/values.yaml index 5012833e0..b6c9f6803 100644 --- a/charts/stat-receiver/values.yaml +++ b/charts/stat-receiver/values.yaml @@ -168,3 +168,14 @@ ingress: enabled: false hosts: - host: stat-receiver.host + +# @section stat-receiver parameters +# @param initializeTopics.enabled If true, topics will be created automatically. +# @param topicsPrefix Prefix for topics. + +initializeTopics: + enabled: false +topicsPrefix: '' + +# @param logLevel Log level: `TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `OFF` +logLevel: INFO From 73874be2ffe6100ecffad3447b5c10b205b3e66a Mon Sep 17 00:00:00 2001 From: Dmitriy Donov Date: Wed, 27 Nov 2024 12:10:13 +0700 Subject: [PATCH 86/91] =?UTF-8?q?WAPI-23770=20=D0=BF=D0=BE=D0=B4=D0=B4?= =?UTF-8?q?=D0=B5=D1=80=D0=B6=D0=BA=D0=B0=20securityContext=20=D0=B2=20cat?= =?UTF-8?q?alog=20api=20(#536)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- charts/catalog-api/README.md | 19 ++++++++++--------- .../catalog-api/templates/api/deployment.yaml | 4 ++++ .../templates/importer/cleaner/job.yaml | 4 ++++ .../catalog-api/templates/importer/job.yaml | 4 ++++ charts/catalog-api/values.yaml | 2 ++ 5 files changed, 24 insertions(+), 9 deletions(-) diff --git a/charts/catalog-api/README.md b/charts/catalog-api/README.md index 1ad455adf..1bbc2027e 100644 --- a/charts/catalog-api/README.md +++ b/charts/catalog-api/README.md @@ -28,15 +28,16 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### Common settings -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | -| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | -| `imagePullSecrets` | Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | `[]` | +| Name | Description | Value | +| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `affinity` | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `imagePullSecrets` | Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | `[]` | ### Kubernetes [Pod Disruption Budget](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets) settings diff --git a/charts/catalog-api/templates/api/deployment.yaml b/charts/catalog-api/templates/api/deployment.yaml index 8d230ced7..f57825ace 100644 --- a/charts/catalog-api/templates/api/deployment.yaml +++ b/charts/catalog-api/templates/api/deployment.yaml @@ -40,6 +40,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.api.postgres.tls.enabled }} initContainers: - name: copy-certs diff --git a/charts/catalog-api/templates/importer/cleaner/job.yaml b/charts/catalog-api/templates/importer/cleaner/job.yaml index ca553d1d6..935485cfb 100644 --- a/charts/catalog-api/templates/importer/cleaner/job.yaml +++ b/charts/catalog-api/templates/importer/cleaner/job.yaml @@ -16,6 +16,10 @@ spec: labels: {{- include "catalog.importer.labels" . | nindent 8 }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} restartPolicy: Never {{- if .Values.importer.postgres.tls.enabled }} initContainers: diff --git a/charts/catalog-api/templates/importer/job.yaml b/charts/catalog-api/templates/importer/job.yaml index de9d9f3e3..41dab0da7 100644 --- a/charts/catalog-api/templates/importer/job.yaml +++ b/charts/catalog-api/templates/importer/job.yaml @@ -16,6 +16,10 @@ spec: labels: {{- include "catalog.importer.labels" . | nindent 8 }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} restartPolicy: Never {{- if or .Values.importer.initialDelaySeconds .Values.importer.postgres.tls.enabled }} initContainers: diff --git a/charts/catalog-api/values.yaml b/charts/catalog-api/values.yaml index 8404f519e..4874acf9a 100644 --- a/charts/catalog-api/values.yaml +++ b/charts/catalog-api/values.yaml @@ -13,6 +13,7 @@ dgctlDockerRegistry: '' # @param annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) # @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +# @param podSecurityContext Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) # @param imagePullSecrets Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) nodeSelector: {} @@ -21,6 +22,7 @@ tolerations: [] annotations: {} podAnnotations: {} podLabels: {} +podSecurityContext: {} imagePullSecrets: [] From 4841faecbb3cf6c85ded2f7a1800a620ac347f79 Mon Sep 17 00:00:00 2001 From: Petr Beklemishev Date: Thu, 28 Nov 2024 12:55:22 +0700 Subject: [PATCH 87/91] Citylens 1.15.0 (#542) --- charts/citylens/Chart.yaml | 2 +- charts/citylens/README.md | 8 ++++---- charts/citylens/templates/helpers.tpl | 6 +++++- charts/citylens/templates/web/configmap.yaml | 1 + charts/citylens/values.yaml | 8 ++++---- 5 files changed, 15 insertions(+), 10 deletions(-) diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 3b4671113..2fa97ba96 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -4,7 +4,7 @@ type: application description: A Helm chart for Kubernetes to deploy Citylens service version: 1.31.0 -appVersion: 1.14.2 +appVersion: 1.15.0 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 2421360fe..490d8feed 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.14.2` | +| `api.image.tag` | Tag. | `1.15.0` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -133,7 +133,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.14.2` | +| `web.image.tag` | Tag. | `1.15.0` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -352,7 +352,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | `worker.dashboardBatchEvents.image.repository` | Repository. | `2gis-on-premise/citylens-workers` | -| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.14.2` | +| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.15.0` | | `worker.dashboardBatchEvents.image.pullPolicy` | Pull Policy. | `IfNotPresent` | | `worker.dashboardBatchEvents.logLevel` | Worker's log level. | `INFO` | | `worker.dashboardBatchEvents.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | @@ -370,7 +370,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.14.0` | +| `migrations.image.tag` | Tag. | `1.15.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | diff --git a/charts/citylens/templates/helpers.tpl b/charts/citylens/templates/helpers.tpl index 293eadab0..6dcf34cbd 100644 --- a/charts/citylens/templates/helpers.tpl +++ b/charts/citylens/templates/helpers.tpl @@ -233,8 +233,12 @@ postgresql://{{ required "A valid .Values.postgres.username entry required" .use {{- end -}} {{/* -S3 key template for frames +S3 key templates for frames & frames crops */}} {{- define "citylens.s3_constants.frame_key_template" -}} {track_uuid}/{frame_timestamp_ms}.jpg {{- end -}} + +{{- define "citylens.s3_constants.crop_frame_key_template" -}} +{track_uuid}/{frame_timestamp_ms}_{theta}.jpg +{{- end -}} diff --git a/charts/citylens/templates/web/configmap.yaml b/charts/citylens/templates/web/configmap.yaml index 376add551..f0d9fe10c 100644 --- a/charts/citylens/templates/web/configmap.yaml +++ b/charts/citylens/templates/web/configmap.yaml @@ -53,6 +53,7 @@ data: log: '{track_uuid}/log_{log_timestamp_ms}' log_prefix: '{track_uuid}/log_' frame: {{ include "citylens.s3_constants.frame_key_template" . | squote }} + crop_frame: {{ include "citylens.s3_constants.crop_frame_key_template" . | squote }} videos: '{track_uuid}/{resource_type}' client_params: aws_access_key_id: {{ required "A valid .Values.s3.accessKey entry required" .accessKey | squote }} diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 9485c003b..66d4c90de 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,7 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.14.2 + tag: 1.15.0 replicas: 4 @@ -231,7 +231,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.14.2 + tag: 1.15.0 replicas: 1 @@ -614,7 +614,7 @@ worker: image: repository: 2gis-on-premise/citylens-workers pullPolicy: IfNotPresent - tag: 1.14.2 + tag: 1.15.0 revisionHistoryLimit: 3 @@ -650,7 +650,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.14.0 + tag: 1.15.0 resources: requests: From cdcd2048597f5bee2ec6b517cd8b01d3fa4b9729 Mon Sep 17 00:00:00 2001 From: mprudnikov3 <139206622+mprudnikov3@users.noreply.github.com> Date: Thu, 28 Nov 2024 17:53:13 +0700 Subject: [PATCH 88/91] tiles-api: rename bss & description edits (#522) --- Breaking-Changes.md | 5 +++++ charts/tiles-api/README.md | 32 ++++++++++++++--------------- charts/tiles-api/configs/proxy.yaml | 6 +++--- charts/tiles-api/values.yaml | 30 +++++++++++++-------------- 4 files changed, 39 insertions(+), 34 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index f90a78d90..9c6b132a9 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -2,6 +2,11 @@ ## [1.30.0] +### tiles-api +- proxy.access.bss.enabled renamed to proxy.access.stat.enabled +- proxy.access.bss.url renamed to proxy.access.stat.url +- added setting dgctlStorage.region + ### pro-api - api.pod.appName renamed api.appName - api.settings.enableUserAssetsImporter renamed to api.settings.backgroundJobs.enableUserAssetsImporter diff --git a/charts/tiles-api/README.md b/charts/tiles-api/README.md index 788dea89a..1bfb78707 100644 --- a/charts/tiles-api/README.md +++ b/charts/tiles-api/README.md @@ -28,15 +28,15 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: ### Deployment Artifacts Storage settings -| Name | Description | Value | -| ------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `dgctlStorage.host` | S3 endpoint. Format: `host:port`. | `""` | -| `dgctlStorage.secure` | If S3 uses https. | `false` | -| `dgctlStorage.bucket` | S3 bucket name. | `""` | -| `dgctlStorage.region` | S3 region. | `""` | -| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. | `""` | -| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. | `""` | -| `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`.
This file contains the description of pieces of data that the service requires to operate. | `""` | +| Name | Description | Value | +| ------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | +| `dgctlStorage.host` | S3 endpoint. Format: `host:port`. **Required** | `""` | +| `dgctlStorage.secure` | Set to `true` if dgctlStorage.host must be accessed via https. **Required** | `false` | +| `dgctlStorage.bucket` | S3 bucket name. **Required** | `""` | +| `dgctlStorage.region` | AuthenticationRegion property for S3 client. Used in AWS4 request signing, this is an optional property | `""` | +| `dgctlStorage.accessKey` | S3 access key for accessing the bucket. **Required** | `""` | +| `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. **Required** | `""` | +| `dgctlStorage.manifest` | The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`.
This file contains the description of pieces of data that the service requires to operate. **Required** | `""` | ### Tiles API configuration @@ -67,8 +67,8 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `cassandra.consistencyLevelWrite` | Apache Cassandra [write consistency level](https://docs.datastax.com/en/cassandra-oss/3.0/cassandra/dml/dmlConfigConsistency.html#Readconsistencylevels). | `LOCAL_QUORUM` | | `cassandra.timeout` | Timeout for connect attempts to the database. | `90s` | | `cassandra.credentials` | **Credentials for accessing Apache Cassandra** | | -| `cassandra.credentials.user` | User name to connect to the database. | `cassandra` | -| `cassandra.credentials.password` | User password to connect to the database. | `cassandra` | +| `cassandra.credentials.user` | User name to connect to the database. **Required** | `cassandra` | +| `cassandra.credentials.password` | User password to connect to the database. **Required** | `cassandra` | | `cassandra.credentials.jmxUser` | JMX user name to be used by the Kubernetes Importer Job's cleaner process. | `cassandra` | | `cassandra.credentials.jmxPassword` | JMX password to be used by the Kubernetes Importer Job's cleaner process. | `cassandra` | | `cassandra.ssl` | **SSL configuration for accessing Apache Cassandra** | | @@ -97,9 +97,9 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `proxy.access.url` | API Keys endpoint url, ex: http://keys-api.svc. **Required** | `""` | | `proxy.access.token` | Service key for Keys API. **Required** | `""` | | `proxy.access.syncPeriod` | Proxy sync period. | `2m` | -| `proxy.access.bss` | **BSS statistics receiver settings** | | -| `proxy.access.bss.enabled` | If statistics receiver is enabled. | `false` | -| `proxy.access.bss.url` | BSS statistics receiver endpoint url, ex: http(s)://host:port/path. **Required** | `""` | +| `proxy.access.stat` | **Statistics receiver settings** | | +| `proxy.access.stat.enabled` | If statistics receiver is enabled. | `false` | +| `proxy.access.stat.url` | Statistics receiver endpoint url, ex: http(s)://host:port/path. **Required** | `""` | ### Tiles API settings @@ -191,7 +191,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | `importer.logFormatOverride` | A custom importer logging format. Allowed options: text|json. If not defined, 'json' format will be used. | `nil` | | `importer.workerNum` | Number of parallel import processes (workers). | `6` | | `importer.writerNum` | Number of write processes per import process (worker). | `8` | -| `importer.workerNumAttempts` | Number of attempts for import process (worker) if it is failing. | `3` | +| `importer.workerNumAttempts` | Number of attempts for import process (worker) if it is failing. **Required** | `3` | | `importer.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `{}` | | `importer.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | | `importer.resources` | **Kubernetes [resource management settings](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/)** | | @@ -227,7 +227,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: | Name | Description | Value | | --------------------- | ----------------------------------------------------------------------------------------------- | ----- | -| `license.url` | Address of the License service. Ex: https://license.svc | `""` | +| `license.url` | Address of the License service. Ex: https://license.svc **Required** | `""` | | `license.retryPeriod` | Duration how often tiles server should try to update license status if it is failing to get it. | `30s` | ### **Custom Certificate Authority** diff --git a/charts/tiles-api/configs/proxy.yaml b/charts/tiles-api/configs/proxy.yaml index dad2ef3c8..097951a95 100644 --- a/charts/tiles-api/configs/proxy.yaml +++ b/charts/tiles-api/configs/proxy.yaml @@ -18,9 +18,9 @@ access: host: {{ .access.url }} token: {{ .access.token }} bss: - enabled: {{ .access.bss.enabled }} - {{- if .access.bss.enabled }} - host: {{ required "Valid .Values.proxy.access.bss.url required!" .access.bss.url }} + enabled: {{ .access.stat.enabled }} + {{- if .access.stat.enabled }} + host: {{ required "Valid .Values.proxy.access.stat.url required!" .access.stat.url }} {{- end }} storage: diff --git a/charts/tiles-api/values.yaml b/charts/tiles-api/values.yaml index 74eeaf3dd..e40abccf5 100644 --- a/charts/tiles-api/values.yaml +++ b/charts/tiles-api/values.yaml @@ -6,13 +6,13 @@ dgctlDockerRegistry: '' # @section Deployment Artifacts Storage settings -# @param dgctlStorage.host S3 endpoint. Format: `host:port`. -# @param dgctlStorage.secure If S3 uses https. -# @param dgctlStorage.bucket S3 bucket name. -# @param dgctlStorage.region S3 region. -# @param dgctlStorage.accessKey S3 access key for accessing the bucket. -# @param dgctlStorage.secretKey S3 secret key for accessing the bucket. -# @param dgctlStorage.manifest The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`.
This file contains the description of pieces of data that the service requires to operate. +# @param dgctlStorage.host S3 endpoint. Format: `host:port`. **Required** +# @param dgctlStorage.secure Set to `true` if dgctlStorage.host must be accessed via https. **Required** +# @param dgctlStorage.bucket S3 bucket name. **Required** +# @param dgctlStorage.region AuthenticationRegion property for S3 client. Used in AWS4 request signing, this is an optional property +# @param dgctlStorage.accessKey S3 access key for accessing the bucket. **Required** +# @param dgctlStorage.secretKey S3 secret key for accessing the bucket. **Required** +# @param dgctlStorage.manifest The path to the [manifest file](https://docs.2gis.com/en/on-premise/overview#nav-lvl2@paramCommon_deployment_steps). Format: `manifests/0000000000.json`.
This file contains the description of pieces of data that the service requires to operate. **Required** dgctlStorage: host: '' @@ -65,8 +65,8 @@ types: # @param cassandra.timeout Timeout for connect attempts to the database. # @extra cassandra.credentials **Credentials for accessing Apache Cassandra** -# @param cassandra.credentials.user User name to connect to the database. -# @param cassandra.credentials.password User password to connect to the database. +# @param cassandra.credentials.user User name to connect to the database. **Required** +# @param cassandra.credentials.password User password to connect to the database. **Required** # @param cassandra.credentials.jmxUser JMX user name to be used by the Kubernetes Importer Job's cleaner process. # @param cassandra.credentials.jmxPassword JMX password to be used by the Kubernetes Importer Job's cleaner process. @@ -114,9 +114,9 @@ cassandra: # @param proxy.access.token Service key for Keys API. **Required** # @param proxy.access.syncPeriod Proxy sync period. -# @extra proxy.access.bss **BSS statistics receiver settings** -# @param proxy.access.bss.enabled If statistics receiver is enabled. -# @param proxy.access.bss.url BSS statistics receiver endpoint url, ex: http(s)://host:port/path. **Required** +# @extra proxy.access.stat **Statistics receiver settings** +# @param proxy.access.stat.enabled If statistics receiver is enabled. +# @param proxy.access.stat.url Statistics receiver endpoint url, ex: http(s)://host:port/path. **Required** proxy: logLevelOverride: @@ -143,7 +143,7 @@ proxy: url: '' token: '' syncPeriod: 2m - bss: + stat: enabled: false url: '' @@ -314,7 +314,7 @@ api: # @param importer.logFormatOverride A custom importer logging format. Allowed options: text|json. If not defined, 'json' format will be used. # @param importer.workerNum Number of parallel import processes (workers). # @param importer.writerNum Number of write processes per import process (worker). -# @param importer.workerNumAttempts Number of attempts for import process (worker) if it is failing. +# @param importer.workerNumAttempts Number of attempts for import process (worker) if it is failing. **Required** # @param importer.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. # @param importer.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). @@ -412,7 +412,7 @@ importer: # @section License service settings -# @param license.url Address of the License service. Ex: https://license.svc +# @param license.url Address of the License service. Ex: https://license.svc **Required** # @param license.retryPeriod Duration how often tiles server should try to update license status if it is failing to get it. license: From 23742e46ab5bb85a52f9d1eec16517b17171335d Mon Sep 17 00:00:00 2001 From: Golovanov Sergey Date: Thu, 28 Nov 2024 15:53:55 +0500 Subject: [PATCH 89/91] keys-api: add TLS support for postgresql connects (#537) --- charts/keys/README.md | 44 +++-- charts/keys/templates/admin/deployment.yaml | 14 +- charts/keys/templates/api/deployment.yaml | 14 +- charts/keys/templates/cleaner/cronjob.yaml | 15 +- .../keys/templates/dispatcher/deployment.yaml | 14 +- charts/keys/templates/helpers.tpl | 154 +++++++++++++++++- charts/keys/templates/import/job.yaml | 14 +- charts/keys/templates/migrate/job.yaml | 13 +- charts/keys/templates/secret-tls.yaml | 43 +++++ charts/keys/templates/tasker/deployment.yaml | 12 +- charts/keys/values.yaml | 19 ++- 11 files changed, 300 insertions(+), 56 deletions(-) create mode 100644 charts/keys/templates/secret-tls.yaml diff --git a/charts/keys/README.md b/charts/keys/README.md index 93192e295..744533a4e 100644 --- a/charts/keys/README.md +++ b/charts/keys/README.md @@ -205,24 +205,32 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about ### Database access settings -| Name | Description | Value | -| ---------------------- | ----------------------------------------------------------------------------------- | ------ | -| `postgres.ro` | **Settings for the read-only access** | | -| `postgres.ro.host` | PostgreSQL hostname or IP. **Required** | `""` | -| `postgres.ro.port` | PostgreSQL port. | `5432` | -| `postgres.ro.timeout` | PostgreSQL client connection timeout. | `3s` | -| `postgres.ro.name` | PostgreSQL database name. **Required** | `""` | -| `postgres.ro.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` | -| `postgres.ro.username` | PostgreSQL username. **Required** | `""` | -| `postgres.ro.password` | PostgreSQL password. **Required** | `""` | -| `postgres.rw` | **Settings for the read-write access** | | -| `postgres.rw.host` | PostgreSQL hostname or IP. **Required** | `""` | -| `postgres.rw.port` | PostgreSQL port. | `5432` | -| `postgres.rw.timeout` | PostgreSQL client connection timeout. | `3s` | -| `postgres.rw.name` | PostgreSQL database name. **Required** | `""` | -| `postgres.rw.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` | -| `postgres.rw.username` | PostgreSQL username. **Required** | `""` | -| `postgres.rw.password` | PostgreSQL password. **Required** | `""` | +| Name | Description | Value | +| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------- | +| `postgres.ro` | **Settings for the read-only access** | | +| `postgres.ro.host` | PostgreSQL hostname or IP. **Required** | `""` | +| `postgres.ro.port` | PostgreSQL port. | `5432` | +| `postgres.ro.timeout` | PostgreSQL client connection timeout. | `3s` | +| `postgres.ro.name` | PostgreSQL database name. **Required** | `""` | +| `postgres.ro.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` | +| `postgres.ro.username` | PostgreSQL username. **Required** | `""` | +| `postgres.ro.password` | PostgreSQL password. **Required** | `""` | +| `postgres.ro.tls.mode` | PostgreSQL ssl [connection mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION). Available modes: `disabled`, `require`, `verify-ca` and `verify-full`. | `disabled` | +| `postgres.ro.tls.serverCA` | PostgreSQL CA certificate for server CA verify. **Required for mode `verify-ca` or `verify-full`**. | `""` | +| `postgres.ro.tls.clientCert` | client certificate. **Required for mode `verify-full`**. | `""` | +| `postgres.ro.tls.clientKey` | client private key. **Required for mode `verify-full`**. | `""` | +| `postgres.rw` | **Settings for the read-write access** | | +| `postgres.rw.host` | PostgreSQL hostname or IP. **Required** | `""` | +| `postgres.rw.port` | PostgreSQL port. | `5432` | +| `postgres.rw.timeout` | PostgreSQL client connection timeout. | `3s` | +| `postgres.rw.name` | PostgreSQL database name. **Required** | `""` | +| `postgres.rw.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` | +| `postgres.rw.username` | PostgreSQL username. **Required** | `""` | +| `postgres.rw.password` | PostgreSQL password. **Required** | `""` | +| `postgres.rw.tls.mode` | PostgreSQL ssl [connection mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION). Available modes: `disabled`, `require`, `verify-ca` and `verify-full`. | `disabled` | +| `postgres.rw.tls.serverCA` | PostgreSQL CA certificate for server CA verify. **Required for mode `verify-ca` or `verify-full`**. | `""` | +| `postgres.rw.tls.clientCert` | client certificate. **Required for mode `verify-full`**. | `""` | +| `postgres.rw.tls.clientKey` | client private key. **Required for mode `verify-full`**. | `""` | ### Kafka settings diff --git a/charts/keys/templates/admin/deployment.yaml b/charts/keys/templates/admin/deployment.yaml index 8c5b8eb79..4207765e1 100644 --- a/charts/keys/templates/admin/deployment.yaml +++ b/charts/keys/templates/admin/deployment.yaml @@ -36,6 +36,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with include "keys.psql.initTLS" . }} + initContainers: + {{- . | nindent 8 }} + {{- end }} containers: - name: keys-admin image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.admin.image.repository }}:{{ .Values.admin.image.tag }} @@ -54,14 +58,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 12 }} volumes: - {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 8 }} {{- with .Values.admin.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keys/templates/api/deployment.yaml b/charts/keys/templates/api/deployment.yaml index e9d1d4f56..78158fcca 100644 --- a/charts/keys/templates/api/deployment.yaml +++ b/charts/keys/templates/api/deployment.yaml @@ -38,6 +38,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with include "keys.psql.initTLS" . }} + initContainers: + {{- . | nindent 8 }} + {{- end }} containers: - name: keys-api image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} @@ -62,14 +66,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 12 }} volumes: - {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 8 }} {{- with .Values.api.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keys/templates/cleaner/cronjob.yaml b/charts/keys/templates/cleaner/cronjob.yaml index a3711c4ef..d177809d8 100644 --- a/charts/keys/templates/cleaner/cronjob.yaml +++ b/charts/keys/templates/cleaner/cronjob.yaml @@ -5,7 +5,6 @@ metadata: name: {{ include "keys.cleaner.name" . }} labels: {{- include "keys.cleaner.labels" . | nindent 4 }} - spec: concurrencyPolicy: Forbid schedule: "{{ .Values.dispatcher.cleaner.cron.schedule }}" @@ -20,6 +19,10 @@ spec: {{- include "keys.cleaner.labels" . | nindent 12 }} spec: restartPolicy: Never + {{- with include "keys.psql.initTLS" . }} + initContainers: + {{- . | nindent 12 }} + {{- end }} containers: - name: clean image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} @@ -34,14 +37,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 16 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 16 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 16 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 16 }} volumes: - {{- include "keys.custom.ca.jobs.volumes" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.jobs.volumes" . | nindent 12 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 12 }} {{- with .Values.dispatcher.cleaner.nodeSelector }} nodeSelector: {{- toYaml . | nindent 12 }} diff --git a/charts/keys/templates/dispatcher/deployment.yaml b/charts/keys/templates/dispatcher/deployment.yaml index a66518f38..092f15624 100644 --- a/charts/keys/templates/dispatcher/deployment.yaml +++ b/charts/keys/templates/dispatcher/deployment.yaml @@ -36,6 +36,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with include "keys.psql.initTLS" . }} + initContainers: + {{- . | nindent 8 }} + {{- end }} containers: - name: dispatcher image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} @@ -51,14 +55,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 12 }} volumes: - {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 8 }} {{- with .Values.dispatcher.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keys/templates/helpers.tpl b/charts/keys/templates/helpers.tpl index 6f6f7c3b5..da71979ee 100644 --- a/charts/keys/templates/helpers.tpl +++ b/charts/keys/templates/helpers.tpl @@ -187,6 +187,24 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} value: "{{ .Values.postgres.ro.timeout }}" - name: KEYS_DB_RO_USERNAME value: "{{ required "A valid .Values.postgres.ro.username required" .Values.postgres.ro.username }}" +- name: KEYS_DB_RO_SSL_MODE + value: {{ .Values.postgres.ro.tls.mode }} +{{- if has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full") }} +{{- if .Values.postgres.ro.tls.serverCA }} +- name: KEYS_DB_RO_SSL_SERVERCERT_PATH + value: /etc/ssl/psql/psql-ro-server-ca.crt +{{- end }} +{{- if eq .Values.postgres.ro.tls.mode "verify-full" }} +{{- if .Values.postgres.ro.tls.clientKey }} +- name: KEYS_DB_RO_SSL_CLIENTKEY_PATH + value: /etc/ssl/psql/psql-ro-client.key +{{- end }} +{{- if .Values.postgres.ro.tls.clientCert }} +- name: KEYS_DB_RO_SSL_CLIENTCERT_PATH + value: /etc/ssl/psql/psql-ro-client.crt +{{- end }} +{{- end }} +{{- end }} - name: KEYS_DB_RW_HOST value: "{{ required "A valid .Values.postgres.rw.host required" .Values.postgres.rw.host }}" - name: KEYS_DB_RW_PORT @@ -199,10 +217,28 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} value: "{{ .Values.postgres.rw.schema }}" - name: KEYS_DB_RW_USERNAME value: "{{ required "A valid .Values.postgres.rw.username required" .Values.postgres.rw.username }}" +- name: KEYS_DB_RW_SSL_MODE + value: {{ .Values.postgres.rw.tls.mode }} +{{- if has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full") }} +{{- if .Values.postgres.rw.tls.serverCA }} +- name: KEYS_DB_RW_SSL_SERVERCERT_PATH + value: /etc/ssl/psql/psql-rw-server-ca.crt +{{- end }} +{{- if eq .Values.postgres.rw.tls.mode "verify-full" }} +{{- if .Values.postgres.rw.tls.clientKey }} +- name: KEYS_DB_RW_SSL_CLIENTKEY_PATH + value: /etc/ssl/psql/psql-rw-client.key +{{- end }} +{{- if .Values.postgres.rw.tls.clientCert }} +- name: KEYS_DB_RW_SSL_CLIENTCERT_PATH + value: /etc/ssl/psql/psql-rw-client.crt +{{- end }} +{{- end }} +{{- end }} {{- end }} {{- define "keys.env.db.deploys" -}} -{{ include "keys.env.db" . }} +{{- include "keys.env.db" . }} - name: KEYS_DB_RO_PASSWORD valueFrom: secretKeyRef: @@ -216,7 +252,7 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} {{- define "keys.env.db.jobs" -}} -{{ include "keys.env.db" . }} +{{- include "keys.env.db" . }} - name: KEYS_DB_RO_PASSWORD valueFrom: secretKeyRef: @@ -230,12 +266,12 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} {{- define "keys.env.redis" -}} -{{- if .Values.redis.useExternalRedis }} +{{- if .Values.redis.useExternalRedis -}} - name: KEYS_REDIS_HOST value: "{{ .Values.redis.host }}" - name: KEYS_REDIS_DB value: "{{ .Values.redis.db }}" -{{- else }} +{{- else -}} - name: KEYS_REDIS_HOST value: "{{ include "keys.redis.name" . }}" {{- end }} @@ -309,14 +345,14 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} {{- define "keys.env.predef" -}} -{{ range $service, $key := .Values.predefined.service.keys }} +{{- range $service, $key := .Values.predefined.service.keys }} - name: KEYS_PREDEF_SERVICE_KEY_{{ $service | upper }} value: {{ $key }} -{{ end }} -{{ range $service, $key := .Values.predefined.service.aliases }} +{{- end }} +{{- range $service, $key := .Values.predefined.service.aliases }} - name: KEYS_PREDEF_SERVICE_ALIAS_{{ $service | upper }} value: {{ $key }} -{{ end }} +{{- end }} {{- end }} {{- define "keys.env.dgctlStorage" -}} @@ -424,3 +460,105 @@ Return the appropriate apiVersion for Horizontal Pod Autoscaler. {{- define "keys.configmap.deploys.name" -}} {{ include "keys.name" . }}-configmap-deploys {{- end -}} + +{{- define "keys.psql.checks" -}} +{{- if has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full") }} +{{ $testVar := required "You should set .Values.postgres.ro.tls.serverCA for selected mode" .Values.postgres.ro.tls.serverCA }} +{{- end }} +{{- if eq .Values.postgres.ro.tls.mode "verify-full" }} +{{ $testVar := required "You should set .Values.postgres.ro.tls.clientCert for selected mode" .Values.postgres.ro.tls.clientCert }} +{{ $testVar := required "You should set .Values.postgres.ro.tls.clientKey for selected mode" .Values.postgres.ro.tls.clientKey }} +{{- end }} +{{- if has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full") }} +{{ $testVar := required "You should set .Values.postgres.rw.tls.serverCA for selected mode" .Values.postgres.rw.tls.serverCA }} +{{- end }} +{{- if eq .Values.postgres.rw.tls.mode "verify-full" }} +{{ $testVar := required "You should set .Values.postgres.rw.tls.clientCert for selected mode" .Values.postgres.rw.tls.clientCert }} +{{ $testVar := required "You should set .Values.postgres.rw.tls.clientKey for selected mode" .Values.postgres.rw.tls.clientKey }} +{{- end }} +{{- end -}} + +{{- define "keys.psql.volumeMount" -}} +{{- if or + (has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full")) + (has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full")) +-}} +- name: tls + mountPath: /etc/ssl/psql +{{- end }} +{{- end -}} + +{{- define "keys.psql.volume" -}} +{{- if or + (has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full")) + (has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full")) +-}} +- name: tls-raw + secret: + secretName: {{ include "keys.name" . }}-tls + items: + {{- if has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full") }} + {{- if .Values.postgres.ro.tls.serverCA }} + - key: psql-ro-server-ca.crt + path: psql-ro-server-ca.crt + {{- end }} + {{- if has .Values.postgres.ro.tls.mode (list "verify-full") }} + {{- if .Values.postgres.ro.tls.clientKey }} + - key: psql-ro-client.key + path: psql-ro-client.key + {{- end }} + {{- if .Values.postgres.ro.tls.clientCert }} + - key: psql-ro-client.crt + path: psql-ro-client.crt + {{- end }} + {{- end }} + {{- end }} + {{- if has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full") }} + {{- if .Values.postgres.rw.tls.serverCA }} + - key: psql-rw-server-ca.crt + path: psql-rw-server-ca.crt + {{- end }} + {{- if has .Values.postgres.rw.tls.mode (list "verify-full") }} + {{- if .Values.postgres.rw.tls.clientKey }} + - key: psql-rw-client.key + path: psql-rw-client.key + {{- end }} + {{- if .Values.postgres.rw.tls.clientCert }} + - key: psql-rw-client.crt + path: psql-rw-client.crt + {{- end }} + {{- end }} + {{- end }} +- name: tls + emptyDir: {} +{{- end }} +{{- end -}} + +{{- define "keys.psql.initTLS" -}} +{{- if or + (has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full")) + (has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full")) +-}} +- name: copy-certs + image: {{ .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} + command: + - /bin/sh + - -c + - |- + cp /tls/* /etc/ssl/psql/ + chmod 0400 /etc/ssl/psql/psql-ro-client.key + chmod 0400 /etc/ssl/psql/psql-rw-client.key + resources: + requests: + cpu: 20m + memory: 16Mi + limits: + cpu: 20m + memory: 16Mi + volumeMounts: + - name: tls-raw + mountPath: /tls + - name: tls + mountPath: /etc/ssl/psql +{{- end -}} +{{- end -}} diff --git a/charts/keys/templates/import/job.yaml b/charts/keys/templates/import/job.yaml index 2521a247f..c090a4d07 100644 --- a/charts/keys/templates/import/job.yaml +++ b/charts/keys/templates/import/job.yaml @@ -17,6 +17,10 @@ spec: {{- include "keys.import.labels" . | nindent 8 }} spec: restartPolicy: Never + {{- with include "keys.psql.initTLS" . }} + initContainers: + {{- . | nindent 8 }} + {{- end }} containers: - name: migrate image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} @@ -32,14 +36,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 12 }} volumes: - {{- include "keys.custom.ca.jobs.volumes" . | nindent 8 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.jobs.volumes" . | nindent 8 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 8 }} {{- with .Values.import.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keys/templates/migrate/job.yaml b/charts/keys/templates/migrate/job.yaml index 0635f1e11..5ff53b62b 100644 --- a/charts/keys/templates/migrate/job.yaml +++ b/charts/keys/templates/migrate/job.yaml @@ -17,14 +17,15 @@ spec: {{- include "keys.migrate.labels" . | nindent 8 }} spec: restartPolicy: Never - {{- if .Values.migrate.initialDelaySeconds }} initContainers: + {{- if .Values.migrate.initialDelaySeconds }} - name: delay image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} command: [ "sh", "-c", "sleep {{ .Values.migrate.initialDelaySeconds }}" ] resources: {{- toYaml .Values.migrate.resources | nindent 12 }} {{- end }} + {{- include "keys.psql.initTLS" . | nindent 8 }} containers: - name: migrate image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} @@ -39,14 +40,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 12 }} volumes: - {{- include "keys.custom.ca.jobs.volumes" . | nindent 8 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.jobs.volumes" . | nindent 8 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 8 }} {{- with .Values.migrate.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keys/templates/secret-tls.yaml b/charts/keys/templates/secret-tls.yaml new file mode 100644 index 000000000..f247797d0 --- /dev/null +++ b/charts/keys/templates/secret-tls.yaml @@ -0,0 +1,43 @@ +{{- if or + (has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full")) + (has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full")) +}} +{{ include "keys.psql.checks" . }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "keys.name" . }}-tls + labels: + {{- include "keys.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-weight": "-20" +type: Opaque +data: + {{- if has .Values.postgres.ro.tls.mode (list "verify-ca" "verify-full") }} + {{- with .Values.postgres.ro.tls.serverCA }} + psql-ro-server-ca.crt: {{ . | b64enc}} + {{- end }} + {{- if has .Values.postgres.ro.tls.mode (list "verify-full")}} + {{- with .Values.postgres.ro.tls.clientKey }} + psql-ro-client.key: {{ . | b64enc }} + {{- end }} + {{- with .Values.postgres.ro.tls.clientCert }} + psql-ro-client.crt: {{ . | b64enc }} + {{- end }} + {{- end }} + {{- end }} + {{- if has .Values.postgres.rw.tls.mode (list "verify-ca" "verify-full") }} + {{- with .Values.postgres.rw.tls.serverCA }} + psql-rw-server-ca.crt: {{ . | b64enc}} + {{- end }} + {{- if has .Values.postgres.rw.tls.mode (list "verify-full") }} + {{- with .Values.postgres.rw.tls.clientKey }} + psql-rw-client.key: {{ . | b64enc }} + {{- end }} + {{- with .Values.postgres.rw.tls.clientCert }} + psql-rw-client.crt: {{ . | b64enc }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/keys/templates/tasker/deployment.yaml b/charts/keys/templates/tasker/deployment.yaml index 6d40e749f..12c1e8778 100644 --- a/charts/keys/templates/tasker/deployment.yaml +++ b/charts/keys/templates/tasker/deployment.yaml @@ -36,6 +36,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with include "keys.psql.initTLS" . }} + initContainers: + {{- . | nindent 8 }} + {{- end }} containers: - name: tasker image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }} @@ -50,14 +54,16 @@ spec: {{- if .Values.customCAs.bundle }} {{- include "keys.env.custom.ca.path" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} volumeMounts: - {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} + {{- if .Values.customCAs.bundle }} + {{- include "keys.custom.ca.volumeMounts" . | nindent 12 }} {{- end }} - {{- if .Values.customCAs.bundle }} + {{- include "keys.psql.volumeMount" . | nindent 12 }} volumes: + {{- if .Values.customCAs.bundle }} {{- include "keys.custom.ca.deploys.volumes" . | nindent 8 }} {{- end }} + {{- include "keys.psql.volume" . | nindent 8 }} {{- with .Values.tasker.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/keys/values.yaml b/charts/keys/values.yaml index 9f25e2ddc..1a43a41f9 100644 --- a/charts/keys/values.yaml +++ b/charts/keys/values.yaml @@ -504,6 +504,10 @@ postgres: # @param postgres.ro.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. # @param postgres.ro.username PostgreSQL username. **Required** # @param postgres.ro.password PostgreSQL password. **Required** + # @param postgres.ro.tls.mode PostgreSQL ssl [connection mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION). Available modes: `disabled`, `require`, `verify-ca` and `verify-full`. + # @param postgres.ro.tls.serverCA PostgreSQL CA certificate for server CA verify. **Required for mode `verify-ca` or `verify-full`**. + # @param postgres.ro.tls.clientCert client certificate. **Required for mode `verify-full`**. + # @param postgres.ro.tls.clientKey client private key. **Required for mode `verify-full`**. ro: host: '' @@ -513,6 +517,11 @@ postgres: schema: '' username: '' password: '' + tls: + mode: disabled + serverCA: '' + clientCert: '' + clientKey: '' # @extra postgres.rw **Settings for the read-write access** @@ -523,6 +532,10 @@ postgres: # @param postgres.rw.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. # @param postgres.rw.username PostgreSQL username. **Required** # @param postgres.rw.password PostgreSQL password. **Required** + # @param postgres.rw.tls.mode PostgreSQL ssl [connection mode](https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-PROTECTION). Available modes: `disabled`, `require`, `verify-ca` and `verify-full`. + # @param postgres.rw.tls.serverCA PostgreSQL CA certificate for server CA verify. **Required for mode `verify-ca` or `verify-full`**. + # @param postgres.rw.tls.clientCert client certificate. **Required for mode `verify-full`**. + # @param postgres.rw.tls.clientKey client private key. **Required for mode `verify-full`**. rw: host: '' @@ -532,7 +545,11 @@ postgres: schema: '' username: '' password: '' - + tls: + mode: disabled + serverCA: '' + clientCert: '' + clientKey: '' # @section Kafka settings From 4ee8ffa55d309a7c9c6f2fca98fd6a3b3c215a0f Mon Sep 17 00:00:00 2001 From: Ilia Korolev <32981442+mount-li@users.noreply.github.com> Date: Thu, 28 Nov 2024 14:16:46 +0300 Subject: [PATCH 90/91] [PRO-6552] upgrade pro-api and pro-ui versions, deliver dashboards (#532) --- charts/pro-api/README.md | 10 +- charts/pro-api/templates/_helpers.tpl | 18 +++ charts/pro-api/templates/asset-preparer.yaml | 1 + charts/pro-api/templates/deployment.yaml | 17 +- .../templates/permissions-api-deployment.yaml | 15 +- .../tasks-api/deployment-worker.yaml | 150 ++++++++++++++++++ .../templates/tasks-api/deployment.yaml | 146 +++++++++++++++++ .../pro-api/templates/tasks-api/ingress.yaml | 41 +++++ .../pro-api/templates/tasks-api/service.yaml | 25 +++ charts/pro-api/templates/tasks-api/vpa.yaml | 28 ++++ charts/pro-api/values.yaml | 91 +++++++++-- charts/pro-ui/README.md | 2 +- charts/pro-ui/values.yaml | 2 +- 13 files changed, 512 insertions(+), 34 deletions(-) create mode 100644 charts/pro-api/templates/tasks-api/deployment-worker.yaml create mode 100644 charts/pro-api/templates/tasks-api/deployment.yaml create mode 100644 charts/pro-api/templates/tasks-api/ingress.yaml create mode 100644 charts/pro-api/templates/tasks-api/service.yaml create mode 100644 charts/pro-api/templates/tasks-api/vpa.yaml diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index be5f296af..c89890e16 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -8,7 +8,7 @@ | ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- | | `api.appName` | Name of the service | `pro-api` | | `api.image.repository` | Repository | `2gis-on-premise/pro-api` | -| `api.image.tag` | Tag | `1.41.0` | +| `api.image.tag` | Tag | `1.50.1` | | `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `api.ingress.enabled` | If Ingress is enabled for the service. | `false` | | `api.ingress.className` | Name of the Ingress controller class. | `nginx` | @@ -68,14 +68,14 @@ | `api.settings.auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | | `api.settings.backgroundJobs.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | | `api.settings.backgroundJobs.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | -| `api.settings.layerGeneration.isochroneLayerMaxPointsCount` | If layer contains more points, isochrone is not avalible | `500` | +| `api.settings.layerGeneration.isochroneLayerMaxPointsCount` | If layer contains more points, isochrone is not avalible. | `500` | ### Permissions API configuration & settings | Name | Description | Value | | ------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------- | | `permissions.image.repository` | Repository | `2gis-on-premise/pro-permissions-api` | -| `permissions.image.tag` | Tag | `1.41.0` | +| `permissions.image.tag` | Tag | `1.50.1` | | `permissions.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `permissions.ingress.enabled` | If Ingress is enabled for the service | `false` | | `permissions.ingress.className` | Name of the Ingress controller class | `nginx` | @@ -104,7 +104,7 @@ | `permissions.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | | `permissions.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | | `permissions.service.port` | PRO API service port. | `80` | -| `permissions.settings.enabled` | Set to `true` if authorization is used | `false` | +| `permissions.settings.enabled` | If permissionsApi is enabled for the service. | `false` | | `permissions.settings.auth.apiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | ### asset importer settings @@ -113,7 +113,7 @@ | -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `assetImporter.appName` | Data Import job name. | `asset-importer` | | `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.41.0` | +| `assetImporter.tag` | Docker image tag. | `1.50.1` | | `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | | `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index 109f0afed..35cc89636 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -15,6 +15,10 @@ {{ include "pro-api.name" . }}-permissions {{- end -}} +{{- define "pro-api.tasks-name" -}} +{{ include "pro-api.name" . }}-tasks +{{- end -}} + {{- define "pro-api.permissions-url" -}} {{- if .Values.permissions.settings.host -}} {{- .Values.permissions.settings.host -}} @@ -69,6 +73,11 @@ app.kubernetes.io/name: {{ include "pro-api.permissions-name" . }} app.kubernetes.io/instance: {{ .Release.Name }}-permissions {{- end -}} +{{- define "pro-api.tasksSelectorLabels" -}} +app.kubernetes.io/name: {{ include "pro-api.tasks-name" . }} +app.kubernetes.io/instance: {{ .Release.Name }}-tasks +{{- end -}} + {{- define "pro-api.labels" -}} helm.sh/chart: {{ include "pro-api.chart" . }} {{ include "pro-api.selectorLabels" . }} @@ -86,3 +95,12 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} app.kubernetes.io/managed-by: {{ .Release.Service }} {{- end -}} + +{{- define "pro-api.tasksLabels" -}} +helm.sh/chart: {{ include "pro-api.chart" . }} +{{ include "pro-api.tasksSelectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/charts/pro-api/templates/asset-preparer.yaml b/charts/pro-api/templates/asset-preparer.yaml index a31bdecf8..0524340f1 100644 --- a/charts/pro-api/templates/asset-preparer.yaml +++ b/charts/pro-api/templates/asset-preparer.yaml @@ -10,6 +10,7 @@ spec: jobTemplate: spec: backoffLimit: {{ .Values.assetPreparer.backoffLimit }} + activeDeadlineSeconds: 172800 template: spec: {{- with .Values.assetPreparer.nodeSelector }} diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index 048b4510d..8ad345332 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -70,16 +70,13 @@ spec: - name: http containerPort: 8080 protocol: TCP - - name: management - containerPort: 8090 - protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: management + port: http failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -88,7 +85,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: management + port: http failureThreshold: 3 initialDelaySeconds: 5 periodSeconds: 5 @@ -97,7 +94,7 @@ spec: startupProbe: httpGet: path: /health/live - port: management + port: http failureThreshold: 20 initialDelaySeconds: 5 periodSeconds: 5 @@ -158,13 +155,13 @@ spec: value: "{{ .Values.api.settings.env }}" - name: Common__FilterByZoneCodes value: "{{ .Values.api.settings.filterByZoneCodes }}" - - name: DB_CONNECTION_STRING + - name: Postgres__ConnectionString value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} {{ if .Values.postgres.connectionStringReadonly }} - - name: DB_CONNECTION_STRING_READONLY + - name: Postgres__ConnectionStringReadonly value: "{{ .Values.postgres.connectionStringReadonly }}" {{ end }} - - name: DB_CONNECTION_PWD + - name: Postgres__Password valueFrom: secretKeyRef: key: dbConnectionPwd @@ -308,3 +305,5 @@ spec: - name: OpenApi__Servers__{{$i}} value: "{{ $s }}" {{- end }} + - name: TasksApi__Url + value: http://{{ include "pro-api.tasks-name" . }} diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index e1a6b40dd..aa18c0d87 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -66,16 +66,13 @@ spec: - name: http containerPort: 8081 protocol: TCP - - name: management - containerPort: 8091 - protocol: TCP volumeMounts: - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume livenessProbe: httpGet: path: /health/live - port: management + port: http failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 15 @@ -84,7 +81,7 @@ spec: readinessProbe: httpGet: path: /health/ready - port: management + port: http failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 @@ -93,7 +90,7 @@ spec: startupProbe: httpGet: path: /health/live - port: management + port: http failureThreshold: 3 initialDelaySeconds: 15 periodSeconds: 5 @@ -112,11 +109,11 @@ spec: value: "{{ .Values.api.settings.allowAnyOrigin }}" - name: ENV value: "{{ .Values.api.settings.env }}" - - name: DB_CONNECTION_STRING + - name: Postgres__ConnectionString value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} - - name: DB_CONNECTION_STRING_READONLY + - name: Postgres__ConnectionStringReadonly value: "{{ .Values.postgres.connectionStringReadonly }}" - - name: DB_CONNECTION_PWD + - name: Postgres__Password valueFrom: secretKeyRef: key: dbConnectionPwd diff --git a/charts/pro-api/templates/tasks-api/deployment-worker.yaml b/charts/pro-api/templates/tasks-api/deployment-worker.yaml new file mode 100644 index 000000000..589e4528f --- /dev/null +++ b/charts/pro-api/templates/tasks-api/deployment-worker.yaml @@ -0,0 +1,150 @@ +{{ if .Values.tasks.settings.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pro-api.tasks-name" . }}-worker + {{- with .Values.tasks.pod.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 4 }} + {{- with .Values.tasks.pod.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.tasks.pod.workerReplicaCount }} + revisionHistoryLimit: {{ .Values.tasks.pod.revisionHistoryLimit }} + {{- if .Values.tasks.pod.strategy }} + strategy: + {{- toYaml .Values.tasks.pod.strategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "pro-api.tasksSelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.tasks.pod.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 8 }} + {{- with .Values.tasks.pod.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.tasks.pod.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tasks.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tasks.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tasks.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tasks.pod.priorityClassName }} + priorityClassName: {{ .Values.tasks.pod.priorityClassName }} + {{- end }} + {{- with .Values.tasks.pod.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.tasks.pod.terminationGracePeriodSeconds }} + serviceAccountName: {{ include "pro-api.service-account-name" . }} + volumes: + - name: temp-volume + emptyDir: {} + containers: + - name: {{ include "pro-api.tasks-name" . }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.tasks.image.repository }}:{{ .Values.tasks.image.tag }} + imagePullPolicy: {{ .Values.tasks.image.pullPolicy }} + ports: + - name: http + containerPort: 8082 + protocol: TCP + volumeMounts: + - mountPath: "{{ .Values.tasks.settings.tempPath }}" + name: temp-volume + livenessProbe: + httpGet: + path: /health/live + port: http + failureThreshold: 5 + initialDelaySeconds: 5 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /health/ready + port: http + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + httpGet: + path: /health/live + port: http + failureThreshold: 20 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + resources: + {{- toYaml .Values.tasks.pod.resources | nindent 12 }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 5"] + env: + - name: ENV + value: "{{ .Values.tasks.settings.env }}" + - name: TEMP_PATH + value: "{{ .Values.tasks.settings.tempPath }}" + - name: Postgres__ConnectionString + value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} + - name: Postgres__Password + valueFrom: + secretKeyRef: + key: dbConnectionPwd + name: {{ include "pro-api.name" . }}-secret + - name: Common__Logging__Format + value: "{{ .Values.tasks.settings.logging.format }}" + - name: Common__Logging__Targets + value: "{{ .Values.tasks.settings.logging.targets }}" + - name: Kafka__BootstrapServers + value: {{ $.Values.kafka.bootstrapServers }} + - name: Kafka__SecurityProtocol + value: {{ $.Values.kafka.securityProtocol }} + - name: Kafka__SaslMechanism + value: {{ $.Values.kafka.sasl.mechanism }} + - name: Kafka__SaslUsername + value: {{ $.Values.kafka.sasl.username }} + {{ if .Values.kafka.sasl.password }} + - name: Kafka__SaslPassword + valueFrom: + secretKeyRef: + key: kafkaSaslPassword + name: {{ include "pro-api.name" . }}-secret + {{ end }} + - name: Kafka__EventsTopicSettings__Name + value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} + - name: Kafka__UseReplicaTopics + value: "{{ $.Values.kafka.useReplicaTopics }}" + - name: Common__Mode + value: "Worker" + - name: Common__Worker__ResourceIntensiveTasksWorkersCount + value: "{{ $.Values.tasks.settings.worker.resourceIntensiveTasksWorkersCount }}" + - name: Common__Worker__DefaultWorkersCount + value: "{{ $.Values.tasks.settings.worker.regularTasksWorkersCount }}" +{{- end }} diff --git a/charts/pro-api/templates/tasks-api/deployment.yaml b/charts/pro-api/templates/tasks-api/deployment.yaml new file mode 100644 index 000000000..4a7fc760e --- /dev/null +++ b/charts/pro-api/templates/tasks-api/deployment.yaml @@ -0,0 +1,146 @@ +{{ if .Values.tasks.settings.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "pro-api.tasks-name" . }} + {{- with .Values.tasks.pod.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 4 }} + {{- with .Values.tasks.pod.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + replicas: {{ .Values.tasks.pod.apiReplicaCount }} + revisionHistoryLimit: {{ .Values.tasks.pod.revisionHistoryLimit }} + {{- if .Values.tasks.pod.strategy }} + strategy: + {{- toYaml .Values.tasks.pod.strategy | nindent 4 }} + {{- end }} + selector: + matchLabels: + {{- include "pro-api.tasksSelectorLabels" . | nindent 6 }} + template: + metadata: + annotations: + checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} + {{- with .Values.tasks.pod.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 8 }} + {{- with .Values.tasks.pod.podLabels }} + {{- toYaml . | nindent 8 }} + {{- end }} + spec: + {{- with .Values.tasks.pod.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tasks.pod.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tasks.pod.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tasks.pod.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.tasks.pod.priorityClassName }} + priorityClassName: {{ .Values.tasks.pod.priorityClassName }} + {{- end }} + {{- with .Values.tasks.pod.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + terminationGracePeriodSeconds: {{ .Values.tasks.pod.terminationGracePeriodSeconds }} + serviceAccountName: {{ include "pro-api.service-account-name" . }} + volumes: + - name: temp-volume + emptyDir: {} + containers: + - name: {{ include "pro-api.tasks-name" . }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.tasks.image.repository }}:{{ .Values.tasks.image.tag }} + imagePullPolicy: {{ .Values.tasks.image.pullPolicy }} + ports: + - name: http + containerPort: 8082 + protocol: TCP + volumeMounts: + - mountPath: "{{ .Values.tasks.settings.tempPath }}" + name: temp-volume + livenessProbe: + httpGet: + path: /health/live + port: http + failureThreshold: 5 + initialDelaySeconds: 5 + periodSeconds: 15 + successThreshold: 1 + timeoutSeconds: 5 + readinessProbe: + httpGet: + path: /health/ready + port: http + failureThreshold: 3 + initialDelaySeconds: 5 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + startupProbe: + httpGet: + path: /health/live + port: http + failureThreshold: 20 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 5 + resources: + {{- toYaml .Values.tasks.pod.resources | nindent 12 }} + lifecycle: + preStop: + exec: + command: ["/bin/sh", "-c", "sleep 5"] + env: + - name: ENV + value: "{{ .Values.tasks.settings.env }}" + - name: TEMP_PATH + value: "{{ .Values.tasks.settings.tempPath }}" + - name: Postgres__ConnectionString + value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} + - name: Postgres__Password + valueFrom: + secretKeyRef: + key: dbConnectionPwd + name: {{ include "pro-api.name" . }}-secret + - name: Common__Logging__Format + value: "{{ .Values.tasks.settings.logging.format }}" + - name: Common__Logging__Targets + value: "{{ .Values.tasks.settings.logging.targets }}" + - name: Kafka__BootstrapServers + value: {{ $.Values.kafka.bootstrapServers }} + - name: Kafka__SecurityProtocol + value: {{ $.Values.kafka.securityProtocol }} + - name: Kafka__SaslMechanism + value: {{ $.Values.kafka.sasl.mechanism }} + - name: Kafka__SaslUsername + value: {{ $.Values.kafka.sasl.username }} + {{ if .Values.kafka.sasl.password }} + - name: Kafka__SaslPassword + valueFrom: + secretKeyRef: + key: kafkaSaslPassword + name: {{ include "pro-api.name" . }}-secret + {{ end }} + - name: Kafka__EventsTopicSettings__Name + value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} + - name: Kafka__UseReplicaTopics + value: "{{ $.Values.kafka.useReplicaTopics }}" + - name: Common__Mode + value: "Api" +{{- end }} diff --git a/charts/pro-api/templates/tasks-api/ingress.yaml b/charts/pro-api/templates/tasks-api/ingress.yaml new file mode 100644 index 000000000..bf8361c19 --- /dev/null +++ b/charts/pro-api/templates/tasks-api/ingress.yaml @@ -0,0 +1,41 @@ +{{- if and (.Values.tasks.ingress.enabled) (.Values.tasks.settings.enabled) }} +{{- $fullName := include "pro-api.tasks-name" . -}} +{{- $svcPort := .Values.tasks.service.port -}} +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 4 }} + {{- with .Values.tasks.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + ingressClassName: {{ .Values.tasks.ingress.className }} + {{- if .Values.tasks.ingress.tls }} + tls: + {{- range .Values.tasks.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} + {{- end }} + rules: + {{- range .Values.tasks.ingress.hosts }} + - host: {{ .host | quote }} + http: + paths: + {{- range .paths }} + - path: {{ .path }} + pathType: {{ .pathType }} + backend: + service: + name: {{ $fullName }} + port: + number: {{ $svcPort }} + {{- end }} + {{- end }} +{{- end }} diff --git a/charts/pro-api/templates/tasks-api/service.yaml b/charts/pro-api/templates/tasks-api/service.yaml new file mode 100644 index 000000000..af05cb220 --- /dev/null +++ b/charts/pro-api/templates/tasks-api/service.yaml @@ -0,0 +1,25 @@ +{{ if .Values.tasks.settings.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "pro-api.tasks-name" . }} + {{- if .Values.tasks.service.annotations }} + annotations: + {{- toYaml .Values.tasks.service.annotations | nindent 4 }} + {{- end }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 4 }} + {{- if .Values.tasks.service.labels }} + {{- toYaml .Values.tasks.service.labels | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.tasks.service.type }} + ports: + - port: {{ .Values.tasks.service.port }} + targetPort: http + protocol: TCP + name: http + appProtocol: http + selector: + {{- include "pro-api.tasksSelectorLabels" . | nindent 4 }} +{{- end }} diff --git a/charts/pro-api/templates/tasks-api/vpa.yaml b/charts/pro-api/templates/tasks-api/vpa.yaml new file mode 100644 index 000000000..a8cec1be3 --- /dev/null +++ b/charts/pro-api/templates/tasks-api/vpa.yaml @@ -0,0 +1,28 @@ +{{- if and (.Values.tasks.vpa.enabled) (.Values.tasks.settings.enabled) }} +apiVersion: autoscaling.k8s.io/v1 +kind: VerticalPodAutoscaler +metadata: + name: {{ include "pro-api.tasks-name" . }} + labels: + {{- include "pro-api.tasksLabels" . | nindent 4 }} +spec: + targetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "pro-api.tasks-name" . }} + updatePolicy: + updateMode: {{ .Values.tasks.vpa.updateMode }} + resourcePolicy: + containerPolicies: + - containerName: {{ .Chart.Name }} + controlledValues: RequestsOnly + mode: Auto + {{- with .Values.tasks.vpa.minAllowed }} + minAllowed: + {{- toYaml . | nindent 10 }} + {{- end }} + {{- with .Values.tasks.vpa.maxAllowed }} + maxAllowed: + {{- toYaml . | nindent 10 }} + {{- end }} +{{- end }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 1b97a02a0..cec370312 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,4 +1,4 @@ -# @section Geo API configuration & settings +# @section Geo API configuration & settings api: @@ -10,7 +10,7 @@ api: # @param api.image.pullPolicy Pull Policy image: repository: 2gis-on-premise/pro-api - tag: 1.41.0 + tag: 1.50.1 pullPolicy: IfNotPresent # @param api.ingress.enabled If Ingress is enabled for the service. @@ -28,8 +28,6 @@ api: - path: / pathType: Prefix tls: [] - # - hosts: - # - pro-api.example.com # secretName: secret.tls # @param api.pod.replicaCount A replica count for the pod. @@ -139,7 +137,7 @@ api: # @param api.settings.auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` # @param api.settings.backgroundJobs.enableUserAssetsImporter If user data importer job is enabled for the service. # @param api.settings.backgroundJobs.enableAssetsStreaming If the streaming data processing job is enabled for the service. - # @param api.settings.layerGeneration.isochroneLayerMaxPointsCount If layer contains more points, isochrone is not avalible + # @param api.settings.layerGeneration.isochroneLayerMaxPointsCount If layer contains more points, isochrone is not avalible. settings: licenseKey: '' tempPath: /tmp @@ -184,7 +182,7 @@ permissions: # @param permissions.image.pullPolicy Pull Policy image: repository: 2gis-on-premise/pro-permissions-api - tag: 1.41.0 + tag: 1.50.1 pullPolicy: IfNotPresent # @param permissions.ingress.enabled If Ingress is enabled for the service @@ -253,7 +251,7 @@ permissions: port: 80 # @skip permissions.settings.host - # @param permissions.settings.enabled Set to `true` if authorization is used + # @param permissions.settings.enabled If permissionsApi is enabled for the service. # @skip permissions.settings.localCache.enabled # @skip permissions.settings.localCache.trackStatistics # @param permissions.settings.auth.apiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` @@ -267,6 +265,81 @@ permissions: apiKey: '' +# @skip tasks + +tasks: + + image: + repository: 2gis-on-premise/pro-tasks-api + tag: 1.50.1 + pullPolicy: IfNotPresent + + ingress: + enabled: false + className: nginx + hosts: + - host: '' + paths: + - path: / + pathType: Prefix + tls: [] + # secretName: secret.tls + + pod: + apiReplicaCount: 1 + workerReplicaCount: 1 + imagePullSecrets: [] + nodeSelector: {} + affinity: {} + priorityClassName: '' + terminationGracePeriodSeconds: 60 + tolerations: [] + podAnnotations: {} + podLabels: {} + annotations: {} + labels: {} + revisionHistoryLimit: 3 + resources: + requests: + cpu: 400m + memory: 256M + limits: + cpu: 1 + memory: 1024M + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + + vpa: + enabled: false + updateMode: Auto + minAllowed: + cpu: 400m + memory: 256M + maxAllowed: + cpu: 1 + memory: 1024M + + service: + annotations: {} + labels: {} + type: ClusterIP + port: 80 + + settings: + enabled: false + env: '' + tempPath: /tmp + logging: + format: simple + targets: '' + worker: + resourceIntensiveTasksWorkersCount: 5 + regularTasksWorkersCount: 5 + + # @section asset importer settings # @param assetImporter.appName Data Import job name. @@ -296,7 +369,7 @@ permissions: assetImporter: appName: asset-importer repository: 2gis-on-premise/pro-importer - tag: 1.41.0 + tag: 1.50.1 schedule: 0 18 * * * backoffLimit: 2 successfulJobsHistoryLimit: 3 @@ -328,7 +401,7 @@ assetImporter: assetPreparer: appName: asset-preparer repository: 2gis-on-premise/pro-importer - tag: 1.41.0 + tag: 1.50.1 schedule: 0 16 * * 6 backoffLimit: 2 successfulJobsHistoryLimit: 1 diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index b579824d4..499fe7240 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -29,7 +29,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | Name | Description | Value | | ------------------ | ----------- | ------------------------ | | `image.repository` | Repository | `2gis-on-premise/pro-ui` | -| `image.tag` | Tag | `2.27.0` | +| `image.tag` | Tag | `3.5.0` | ### Common deployment settings diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index e139ad82e..809197ae6 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -27,7 +27,7 @@ strategy: # @param image.tag Tag image: repository: 2gis-on-premise/pro-ui - tag: 2.27.0 + tag: 3.5.0 # @section Common deployment settings From 53d0f8b7f57865d6fcbfa8f828a7b1cb39799f73 Mon Sep 17 00:00:00 2001 From: Golovanov Sergey Date: Thu, 28 Nov 2024 17:34:12 +0500 Subject: [PATCH 91/91] release-1.32.0 (#543) Co-authored-by: dbelyaev-nsk --- Breaking-Changes.md | 5 ++-- CHANGELOG.md | 31 +++++++++++++++++++++++++ charts/catalog-api/Chart.yaml | 2 +- charts/citylens/Chart.yaml | 2 +- charts/dgtt/Chart.yaml | 2 +- charts/floors-api/Chart.yaml | 2 +- charts/generic-chart/Chart.yaml | 2 +- charts/gis-platform/Chart.yaml | 2 +- charts/keycloak/Chart.yaml | 2 +- charts/keys/Chart.yaml | 2 +- charts/license/Chart.yaml | 2 +- charts/mapgl-js-api/Chart.yaml | 2 +- charts/navi-async-grpc-proxy/Chart.yaml | 2 +- charts/navi-async-matrix/Chart.yaml | 2 +- charts/navi-back/Chart.yaml | 2 +- charts/navi-castle/Chart.yaml | 2 +- charts/navi-front/Chart.yaml | 2 +- charts/navi-restrictions/Chart.yaml | 2 +- charts/navi-router/Chart.yaml | 2 +- charts/navi-splitter/Chart.yaml | 2 +- charts/platform/Chart.yaml | 2 +- charts/pro-api/Chart.yaml | 4 ++-- charts/pro-api/values.yaml | 2 +- charts/pro-ui/Chart.yaml | 4 ++-- charts/pro-ui/README.md | 2 +- charts/pro-ui/values.yaml | 2 +- charts/search-api/Chart.yaml | 2 +- charts/stat-receiver/Chart.yaml | 2 +- charts/styles-api/Chart.yaml | 2 +- charts/tiles-api/Chart.yaml | 2 +- charts/traffic-proxy/Chart.yaml | 2 +- charts/twins-api/Chart.yaml | 2 +- image_versions.txt | 21 +++++++++-------- 33 files changed, 77 insertions(+), 44 deletions(-) diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 9c6b132a9..9f7dd87bd 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,11 +1,12 @@ # 2GIS On-Premise Breaking-Changes -## [1.30.0] +## [1.32.0] ### tiles-api - proxy.access.bss.enabled renamed to proxy.access.stat.enabled - proxy.access.bss.url renamed to proxy.access.stat.url -- added setting dgctlStorage.region + +## [1.30.0] ### pro-api - api.pod.appName renamed api.appName diff --git a/CHANGELOG.md b/CHANGELOG.md index def02e2f2..3f31e9948 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,36 @@ # 2GIS On-Premise Changelog +## [1.32.0] (2024-11-28) +#### [Breaking-Changes](Breaking-Changes.md#1320) +#### Images +``` +citylens + - citylens-api:1.14.2 + + citylens-api:1.15.0 + - citylens-database:1.14.0 + + citylens-database:1.15.0 + - citylens-web:1.14.2 + + citylens-web:1.15.0 + - citylens-workers:1.14.2 + + citylens-workers:1.15.0 +pro-api + - pro-api:1.41.0 + + pro-api:1.50.1 + - pro-importer:1.41.0 + + pro-importer:1.50.1 + - pro-importer:1.41.0 + + pro-importer:1.50.1 + - pro-permissions-api:1.41.0 + + pro-permissions-api:1.50.1 + + pro-tasks-api:1.50.1 +pro-ui + - pro-importer:1.41.0 + + pro-importer:1.50.1 + - pro-ui:2.27.0 + + pro-ui:3.5.0 + +``` + ## [1.31.0] (2024-11-07) #### Images ``` diff --git a/charts/catalog-api/Chart.yaml b/charts/catalog-api/Chart.yaml index c150e2065..481119409 100644 --- a/charts/catalog-api/Chart.yaml +++ b/charts/catalog-api/Chart.yaml @@ -3,7 +3,7 @@ name: catalog-api type: application description: A Helm chart for Kubernetes to deploy Catalog APIs -version: 1.31.0 +version: 1.32.0 appVersion: 3.625.0 maintainers: diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 2fa97ba96..0e3927b90 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -3,7 +3,7 @@ name: citylens type: application description: A Helm chart for Kubernetes to deploy Citylens service -version: 1.31.0 +version: 1.32.0 appVersion: 1.15.0 maintainers: diff --git a/charts/dgtt/Chart.yaml b/charts/dgtt/Chart.yaml index 3797aab93..7eb005a7f 100644 --- a/charts/dgtt/Chart.yaml +++ b/charts/dgtt/Chart.yaml @@ -3,7 +3,7 @@ name: dgtt description: DGTT Helm chart for Kubernetes type: application -version: 1.31.0 +version: 1.32.0 appVersion: 0.2.27-b188673e09 maintainers: diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml index fcc395efe..9b09a57e7 100644 --- a/charts/floors-api/Chart.yaml +++ b/charts/floors-api/Chart.yaml @@ -3,7 +3,7 @@ name: floors-api description: Helm for floors service type: application -version: 1.31.0 +version: 1.32.0 appVersion: 1.1.0 maintainers: diff --git a/charts/generic-chart/Chart.yaml b/charts/generic-chart/Chart.yaml index 535fdfce2..35882ca71 100644 --- a/charts/generic-chart/Chart.yaml +++ b/charts/generic-chart/Chart.yaml @@ -4,7 +4,7 @@ description: Generic library Helm chart for 2Gis type: library keywords: - library -version: 1.31.0 +version: 1.32.0 maintainers: - name: 2gis url: https://github.com/2gis diff --git a/charts/gis-platform/Chart.yaml b/charts/gis-platform/Chart.yaml index 3390b162f..c6d3f4013 100644 --- a/charts/gis-platform/Chart.yaml +++ b/charts/gis-platform/Chart.yaml @@ -4,7 +4,7 @@ description: GIS Platform type: application -version: 1.31.0 +version: 1.32.0 appVersion: 2023.8.3-0 dependencies: diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 32a1eb3b1..b046e2825 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -3,7 +3,7 @@ name: keycloak type: application description: Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort. -version: 1.31.0 +version: 1.32.0 appVersion: 21.1.1-debian-11-r4 maintainers: diff --git a/charts/keys/Chart.yaml b/charts/keys/Chart.yaml index a8acd5144..0175536dc 100644 --- a/charts/keys/Chart.yaml +++ b/charts/keys/Chart.yaml @@ -3,7 +3,7 @@ name: keys type: application description: A Helm chart for Kubernetes to deploy API Keys service -version: 1.31.0 +version: 1.32.0 appVersion: 1.89.0 maintainers: diff --git a/charts/license/Chart.yaml b/charts/license/Chart.yaml index a88ec22fe..9c8b30022 100644 --- a/charts/license/Chart.yaml +++ b/charts/license/Chart.yaml @@ -3,7 +3,7 @@ name: license type: application description: A Helm chart for Kubernetes to deploy License service -version: 1.31.0 +version: 1.32.0 appVersion: 2.2.3 maintainers: diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index bc8b75087..dc495f361 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -4,7 +4,7 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application -version: 1.31.0 +version: 1.32.0 appVersion: 1.53.0 maintainers: diff --git a/charts/navi-async-grpc-proxy/Chart.yaml b/charts/navi-async-grpc-proxy/Chart.yaml index 0076dd6c9..ca72b4277 100644 --- a/charts/navi-async-grpc-proxy/Chart.yaml +++ b/charts/navi-async-grpc-proxy/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - dm-async-matrix - async-grpc-proxy -version: 1.31.0 +version: 1.32.0 appVersion: 0.0.2 maintainers: - name: 2gis diff --git a/charts/navi-async-matrix/Chart.yaml b/charts/navi-async-matrix/Chart.yaml index b6d2a3fc7..db7d7e22f 100644 --- a/charts/navi-async-matrix/Chart.yaml +++ b/charts/navi-async-matrix/Chart.yaml @@ -4,7 +4,7 @@ description: Service implements asynchronous API over Distance Matrix type: application -version: 1.31.0 +version: 1.32.0 appVersion: 1.11.2 maintainers: diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index 16cfc7f0d..71bee55c7 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - back - backend -version: 1.31.0 +version: 1.32.0 appVersion: 7.29.2.2 dependencies: - name: generic-chart diff --git a/charts/navi-castle/Chart.yaml b/charts/navi-castle/Chart.yaml index 19e25bca2..56eec7cdc 100644 --- a/charts/navi-castle/Chart.yaml +++ b/charts/navi-castle/Chart.yaml @@ -4,7 +4,7 @@ description: Castle Helm chart for Kubernetes type: application -version: 1.31.0 +version: 1.32.0 appVersion: 1.9.2 maintainers: diff --git a/charts/navi-front/Chart.yaml b/charts/navi-front/Chart.yaml index 6f6037f86..5d042267a 100644 --- a/charts/navi-front/Chart.yaml +++ b/charts/navi-front/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - front -version: 1.31.0 +version: 1.32.0 appVersion: 1.24.1 maintainers: - name: 2gis diff --git a/charts/navi-restrictions/Chart.yaml b/charts/navi-restrictions/Chart.yaml index 6ccb9e8f8..330a47446 100644 --- a/charts/navi-restrictions/Chart.yaml +++ b/charts/navi-restrictions/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Restrictions backend type: application -version: 1.31.0 +version: 1.32.0 appVersion: 1.24.1 maintainers: diff --git a/charts/navi-router/Chart.yaml b/charts/navi-router/Chart.yaml index 2ebda4625..a8ab58e8f 100644 --- a/charts/navi-router/Chart.yaml +++ b/charts/navi-router/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - router -version: 1.31.0 +version: 1.32.0 appVersion: 6.24.0.3 maintainers: - name: 2gis diff --git a/charts/navi-splitter/Chart.yaml b/charts/navi-splitter/Chart.yaml index fda13052c..68cf62132 100644 --- a/charts/navi-splitter/Chart.yaml +++ b/charts/navi-splitter/Chart.yaml @@ -15,5 +15,5 @@ maintainers: - name: 2gis url: https://github.com/2gis email: on-premise@2gis.com -version: 1.31.0 +version: 1.32.0 appVersion: 1.0.1 diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index 3758bed61..37cb372df 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -3,7 +3,7 @@ name: platform type: application description: A Helm chart for Kubernetes to deploy Platform -version: 1.31.0 +version: 1.32.0 appVersion: 0.15.1 maintainers: diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index bc2118c43..07d85fd15 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,8 +4,8 @@ description: Geo API for getting geo data type: application -version: 1.31.0 -appVersion: 1.41.0 +version: 1.32.0 +appVersion: 1.50.1 maintainers: - name: 2gis diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index cec370312..c3947e837 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,4 +1,4 @@ -# @section Geo API configuration & settings +# @section Geo API configuration & settings api: diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index d3c1b4ad0..289adf2b0 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,8 +3,8 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.31.0 -appVersion: 2.27.0 +version: 1.32.0 +appVersion: 3.5.0 maintainers: - name: 2gis diff --git a/charts/pro-ui/README.md b/charts/pro-ui/README.md index 499fe7240..7555a8275 100644 --- a/charts/pro-ui/README.md +++ b/charts/pro-ui/README.md @@ -179,7 +179,7 @@ Use this Helm chart to deploy 2GIS Pro UI service, which is a part of 2GIS's [On | ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | | `stylesImporter.name` | Styles Import job name. | `styles-importer` | | `stylesImporter.image.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `stylesImporter.image.tag` | Docker image tag. | `1.41.0` | +| `stylesImporter.image.tag` | Docker image tag. | `1.50.1` | | `stylesImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | | `stylesImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | | `stylesImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | diff --git a/charts/pro-ui/values.yaml b/charts/pro-ui/values.yaml index 809197ae6..0f794afc7 100644 --- a/charts/pro-ui/values.yaml +++ b/charts/pro-ui/values.yaml @@ -292,7 +292,7 @@ stylesImporter: name: styles-importer image: repository: 2gis-on-premise/pro-importer - tag: 1.41.0 + tag: 1.50.1 backoffLimit: 2 successfulJobsHistoryLimit: 3 nodeSelector: {} diff --git a/charts/search-api/Chart.yaml b/charts/search-api/Chart.yaml index 34c5b4851..281fe48a3 100644 --- a/charts/search-api/Chart.yaml +++ b/charts/search-api/Chart.yaml @@ -4,7 +4,7 @@ description: Search engine for catalog type: application -version: 1.31.0 +version: 1.32.0 appVersion: 7.85.0 maintainers: diff --git a/charts/stat-receiver/Chart.yaml b/charts/stat-receiver/Chart.yaml index 041e31f74..2ff0525a0 100644 --- a/charts/stat-receiver/Chart.yaml +++ b/charts/stat-receiver/Chart.yaml @@ -3,7 +3,7 @@ name: stat-receiver type: application description: A Helm chart for Kubernetes to deploy Stat Receiver -version: 1.31.0 +version: 1.32.0 appVersion: 1.11.1 maintainers: diff --git a/charts/styles-api/Chart.yaml b/charts/styles-api/Chart.yaml index a707e9b59..985afc177 100644 --- a/charts/styles-api/Chart.yaml +++ b/charts/styles-api/Chart.yaml @@ -3,7 +3,7 @@ name: styles-api type: application description: A Helm chart for Kubernetes to deploy API Styles service -version: 1.31.0 +version: 1.32.0 appVersion: 0.30.0 maintainers: diff --git a/charts/tiles-api/Chart.yaml b/charts/tiles-api/Chart.yaml index 22f21aa5a..d2d443fbc 100644 --- a/charts/tiles-api/Chart.yaml +++ b/charts/tiles-api/Chart.yaml @@ -4,7 +4,7 @@ description: Tiles API for getting cartographic data type: application -version: 1.31.0 +version: 1.32.0 appVersion: 4.61.0 maintainers: diff --git a/charts/traffic-proxy/Chart.yaml b/charts/traffic-proxy/Chart.yaml index e80f576a2..1fc7e68ba 100644 --- a/charts/traffic-proxy/Chart.yaml +++ b/charts/traffic-proxy/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Proxy for traffic jams type: application -version: 1.31.0 +version: 1.32.0 appVersion: 1.21.6 maintainers: diff --git a/charts/twins-api/Chart.yaml b/charts/twins-api/Chart.yaml index 3eb589bc9..1986ea45a 100644 --- a/charts/twins-api/Chart.yaml +++ b/charts/twins-api/Chart.yaml @@ -3,7 +3,7 @@ name: twins-api type: application description: A Helm chart for Kubernetes to deploy API Twins service -version: 1.31.0 +version: 1.32.0 appVersion: 1.13.0 maintainers: diff --git a/image_versions.txt b/image_versions.txt index db6ea741b..8609ada98 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -2,10 +2,10 @@ catalog-api catalog-api:3.625.0 catalog-importer:1.7.0 citylens - citylens-api:1.14.2 - citylens-database:1.14.0 - citylens-web:1.14.2 - citylens-workers:1.14.2 + citylens-api:1.15.0 + citylens-database:1.15.0 + citylens-web:1.15.0 + citylens-workers:1.15.0 dgtt dgtt:0.2.27-b188673e09 floors-api @@ -52,13 +52,14 @@ navi-splitter platform platform-ui:0.15.1 pro-api - pro-api:1.41.0 - pro-importer:1.41.0 - pro-importer:1.41.0 - pro-permissions-api:1.41.0 + pro-api:1.50.1 + pro-importer:1.50.1 + pro-importer:1.50.1 + pro-permissions-api:1.50.1 + pro-tasks-api:1.50.1 pro-ui - pro-importer:1.41.0 - pro-ui:2.27.0 + pro-importer:1.50.1 + pro-ui:3.5.0 search-api search-api:7.85.0 search-nginx:1.21.6