From b9da836b812ada030fc6ff1a477120d7bcf15db3 Mon Sep 17 00:00:00 2001 From: Denis Belyaev <74010851+dbelyaev-nsk@users.noreply.github.com> Date: Wed, 2 Oct 2024 17:05:02 +0700 Subject: [PATCH] release-1.29.0 (#515) --- Breaking-Changes.md | 40 +- CHANGELOG.md | 19 + charts/catalog-api/Chart.yaml | 2 +- charts/citylens/Chart.yaml | 4 +- charts/citylens/README.md | 8 +- charts/citylens/values.yaml | 8 +- charts/dgtt/Chart.yaml | 2 +- charts/floors-api/Chart.yaml | 2 +- charts/generic-chart/Chart.yaml | 2 +- charts/gis-platform/Chart.yaml | 2 +- charts/keycloak/Chart.yaml | 2 +- charts/keys/Chart.yaml | 2 +- charts/license/Chart.yaml | 4 +- charts/license/README.md | 4 +- charts/license/templates/configmap.yaml | 2 + charts/license/values.yaml | 6 +- charts/mapgl-js-api/Chart.yaml | 2 +- charts/mapgl-js-api/README.md | 32 +- charts/mapgl-js-api/templates/deployment.yaml | 28 +- charts/mapgl-js-api/values.yaml | 10 +- charts/navi-async-grpc-proxy/Chart.yaml | 2 +- charts/navi-async-matrix/Chart.yaml | 2 +- charts/navi-async-matrix/README.md | 7 + .../navi-async-matrix/templates/_helpers.tpl | 9 + .../templates/configmap-ca.yaml | 10 + .../templates/statefulset.yaml | 17 + charts/navi-async-matrix/values.yaml | 14 + charts/navi-back/Chart.yaml | 2 +- charts/navi-back/README.md | 7 + charts/navi-back/templates/_helpers.tpl | 9 + charts/navi-back/templates/configmap-ca.yaml | 9 + charts/navi-back/templates/deployment.yaml | 77 +- charts/navi-back/values.yaml | 13 + charts/navi-castle/Chart.yaml | 2 +- charts/navi-castle/README.md | 7 + charts/navi-castle/templates/_helpers.tpl | 10 + .../navi-castle/templates/configmap-ca.yaml | 9 + charts/navi-castle/templates/cronjob.yaml | 15 + charts/navi-castle/templates/statefulset.yaml | 32 + charts/navi-castle/values.yaml | 13 + charts/navi-front/Chart.yaml | 2 +- charts/navi-restrictions/Chart.yaml | 2 +- charts/navi-restrictions/README.md | 7 + .../navi-restrictions/templates/_helpers.tpl | 9 + .../templates/configmap-ca.yaml | 9 + .../navi-restrictions/templates/cronjob.yaml | 16 + .../templates/deployment.yaml | 19 + charts/navi-restrictions/values.yaml | 14 + charts/navi-router/Chart.yaml | 2 +- charts/navi-splitter/Chart.yaml | 2 +- charts/platform/Chart.yaml | 2 +- charts/pro-api/Chart.yaml | 2 +- charts/pro-api/README.md | 330 ++++---- charts/pro-api/templates/_helpers.tpl | 22 +- .../templates/asset-import-starter.yaml | 18 +- charts/pro-api/templates/asset-importer.yaml | 20 +- charts/pro-api/templates/asset-preparer.yaml | 14 +- charts/pro-api/templates/deployment.yaml | 96 +-- charts/pro-api/templates/ingress.yaml | 14 +- .../templates/permission-api-service.yaml | 14 +- .../templates/permissions-api-deployment.yaml | 56 +- .../templates/permissions-api-ingress.yaml | 14 +- charts/pro-api/templates/secrets.yaml | 8 +- charts/pro-api/templates/service-account.yaml | 2 +- charts/pro-api/templates/service.yaml | 12 +- charts/pro-api/templates/vpa.yaml | 8 +- charts/pro-api/values.yaml | 772 +++++++++--------- charts/pro-ui/Chart.yaml | 2 +- charts/search-api/Chart.yaml | 2 +- charts/stat-receiver/Chart.yaml | 2 +- charts/stat-receiver/README.md | 80 +- .../configs/streams/application.conf.template | 2 +- .../templates/api/configmap.yaml | 5 +- .../templates/api/deployment.yaml | 11 +- .../stat-receiver/templates/api/ingress.yaml | 4 +- .../stat-receiver/templates/api/service.yaml | 6 +- charts/stat-receiver/templates/helpers.tpl | 16 +- .../templates/streams/configmap.yaml | 4 +- .../templates/streams/deployment.yaml | 10 +- .../templates/streams/headless-service.yaml | 6 +- charts/stat-receiver/values.yaml | 29 +- charts/styles-api/Chart.yaml | 2 +- charts/tiles-api/Chart.yaml | 2 +- charts/traffic-proxy/Chart.yaml | 2 +- charts/twins-api/Chart.yaml | 2 +- image_versions.txt | 10 +- 86 files changed, 1212 insertions(+), 918 deletions(-) create mode 100644 charts/navi-async-matrix/templates/configmap-ca.yaml create mode 100644 charts/navi-back/templates/configmap-ca.yaml create mode 100644 charts/navi-castle/templates/configmap-ca.yaml create mode 100644 charts/navi-restrictions/templates/configmap-ca.yaml diff --git a/Breaking-Changes.md b/Breaking-Changes.md index 671b870ee..5663b344b 100644 --- a/Breaking-Changes.md +++ b/Breaking-Changes.md @@ -1,9 +1,47 @@ # 2GIS On-Premise Breaking-Changes +## [1.29.0] + +### mapgl-js-api +- MAPGL_ICONSPATH renamed to MAPGL_ICONS_URL +- MAPGL_MODELSPATH renamed to MAPGL_MODELS_URL + +### pro-api +- appName renamed to api.appName +- image renamed to api.image +- ingress renamed to api.ingress +- pod renamed to api.pod +- vpa renamed to api.vpa +- service renamed to api.service +- licenseKey renamed to api.settings.licenseKey +- api.tempPath renamed to api.settings.tempPath +- api.allowAnyOrigin renamed to api.settings.allowAnyOrigin +- api.logEsQueries renamed to api.settings.logEsQueries +- api.debug renamed to api.settings.debug +- api.env renamed to api.settings.env +- api.filterByZoneCodes renamed to api.settings.filterByZoneCodes +- api.esDataCentersCount renamed to api.settings.esDataCentersCount +- api.rateLimiter renamed to api.settings.rateLimiter +- api.localCache renamed to api.settings.localCache +- api.openApi renamed to api.settings.openApi +- auth renamed to api.settings.auth +- permissionsApiImage renamed to permissions.image +- permissionsApiIngress renamed to permissions.ingress +- permissionsPodSettings renamed to permissions.pod +- permissionApiService renamed to permissions.service +- add permissions.settings block +- add assetImporter.appName +- assetImporter.maxParallelJobs renamed to assetImporter.settings.maxParallelJobs +- assetImporter.files renamed to assetImporter.settings.files +- assetImporter.imageProxyUrl renamed to assetImporter.settings.imageProxyUrl +- assetImporter.externalLinksProxyUrl renamed to assetImporter.settings.externalLinksProxyUrl +- assetImporter.externalLinksAllowedHosts renamed to assetImporter.settings.externalLinksAllowedHosts +- assetImporter.esMetricsEnabled renamed to assetImporter.settings.esMetricsEnabled +- assetPreparer.maxParallelJobs renamed to assetPreparer.settings.maxParallelJobs + ## [1.28.0] ### navi-async-matric - - `s3.publicNetloc` now MUST start with `http://` or `https://` scheme ## [1.27.0] diff --git a/CHANGELOG.md b/CHANGELOG.md index 4ea48ac63..699499879 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # 2GIS On-Premise Changelog +## [1.29.0] (2024-10-02) +#### [Breaking-Changes](Breaking-Changes.md#1290) +#### Images +``` +citylens + - citylens-api:1.12.0 + + citylens-api:1.13.1 + - citylens-database:1.12.0 + + citylens-database:1.13.0 + - citylens-web:1.12.0 + + citylens-web:1.13.0 + - citylens-workers:1.12.0 + + citylens-workers:1.13.0 +license + - license:2.2.1 + + license:2.2.3 + +``` + ## [1.28.2] (2024-09-18) #### Images ``` diff --git a/charts/catalog-api/Chart.yaml b/charts/catalog-api/Chart.yaml index b7512c2ce..fd35e1524 100644 --- a/charts/catalog-api/Chart.yaml +++ b/charts/catalog-api/Chart.yaml @@ -3,7 +3,7 @@ name: catalog-api type: application description: A Helm chart for Kubernetes to deploy Catalog APIs -version: 1.28.2 +version: 1.29.0 appVersion: 3.625.0 maintainers: diff --git a/charts/citylens/Chart.yaml b/charts/citylens/Chart.yaml index 6a5a60178..66c091798 100644 --- a/charts/citylens/Chart.yaml +++ b/charts/citylens/Chart.yaml @@ -3,8 +3,8 @@ name: citylens type: application description: A Helm chart for Kubernetes to deploy Citylens service -version: 1.28.2 -appVersion: 1.12.0 +version: 1.29.0 +appVersion: 1.13.1 maintainers: - name: 2gis diff --git a/charts/citylens/README.md b/charts/citylens/README.md index 2af5890ef..11925c672 100644 --- a/charts/citylens/README.md +++ b/charts/citylens/README.md @@ -47,7 +47,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `api.image.repository` | Repository. | `2gis-on-premise/citylens-api` | -| `api.image.tag` | Tag. | `1.12.0` | +| `api.image.tag` | Tag. | `1.13.1` | | `api.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -133,7 +133,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | ---------------------- | ------------ | ------------------------------ | | `web.image.repository` | Repository. | `2gis-on-premise/citylens-web` | -| `web.image.tag` | Tag. | `1.12.0` | +| `web.image.tag` | Tag. | `1.13.0` | | `web.image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### Resources settings @@ -351,7 +351,7 @@ See the [documentation]() to learn about: | Name | Description | Value | | -------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------- | | `worker.dashboardBatchEvents.image.repository` | Repository. | `2gis-on-premise/citylens-workers` | -| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.12.0` | +| `worker.dashboardBatchEvents.image.tag` | Tag. | `1.13.0` | | `worker.dashboardBatchEvents.image.pullPolicy` | Pull Policy. | `IfNotPresent` | | `worker.dashboardBatchEvents.logLevel` | Worker's log level. | `INFO` | | `worker.dashboardBatchEvents.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | @@ -369,7 +369,7 @@ See the [documentation]() to learn about: | -------------------------------------- | ----------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | | `migrations.enabled` | If migrations needed. | `true` | | `migrations.image.repository` | Repository. | `2gis-on-premise/citylens-database` | -| `migrations.image.tag` | Tag. | `1.12.0` | +| `migrations.image.tag` | Tag. | `1.13.0` | | `migrations.image.pullPolicy` | Pull Policy | `IfNotPresent` | | `migrations.resources.requests.cpu` | A CPU request. | `100m` | | `migrations.resources.requests.memory` | A memory request. | `1Gi` | diff --git a/charts/citylens/values.yaml b/charts/citylens/values.yaml index 8e48ae5a6..22395787f 100644 --- a/charts/citylens/values.yaml +++ b/charts/citylens/values.yaml @@ -99,7 +99,7 @@ api: image: repository: 2gis-on-premise/citylens-api pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.1 replicas: 4 @@ -230,7 +230,7 @@ web: image: repository: 2gis-on-premise/citylens-web pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.0 replicas: 1 @@ -611,7 +611,7 @@ worker: image: repository: 2gis-on-premise/citylens-workers pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.0 revisionHistoryLimit: 3 @@ -647,7 +647,7 @@ migrations: image: repository: 2gis-on-premise/citylens-database pullPolicy: IfNotPresent - tag: 1.12.0 + tag: 1.13.0 resources: requests: diff --git a/charts/dgtt/Chart.yaml b/charts/dgtt/Chart.yaml index 8d9aa89e8..4fee8e3d8 100644 --- a/charts/dgtt/Chart.yaml +++ b/charts/dgtt/Chart.yaml @@ -3,7 +3,7 @@ name: dgtt description: DGTT Helm chart for Kubernetes type: application -version: 1.28.2 +version: 1.29.0 appVersion: 0.2.27-b188673e09 maintainers: diff --git a/charts/floors-api/Chart.yaml b/charts/floors-api/Chart.yaml index 217b86fde..d5029c3cd 100644 --- a/charts/floors-api/Chart.yaml +++ b/charts/floors-api/Chart.yaml @@ -3,7 +3,7 @@ name: floors-api description: Helm for floors service type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.0.4 maintainers: diff --git a/charts/generic-chart/Chart.yaml b/charts/generic-chart/Chart.yaml index 903b13fde..b3c1beadb 100644 --- a/charts/generic-chart/Chart.yaml +++ b/charts/generic-chart/Chart.yaml @@ -4,7 +4,7 @@ description: Generic library Helm chart for 2Gis type: library keywords: - library -version: 1.28.2 +version: 1.29.0 maintainers: - name: 2gis url: https://github.com/2gis diff --git a/charts/gis-platform/Chart.yaml b/charts/gis-platform/Chart.yaml index eb09c35c7..b2cedfe28 100644 --- a/charts/gis-platform/Chart.yaml +++ b/charts/gis-platform/Chart.yaml @@ -4,7 +4,7 @@ description: GIS Platform type: application -version: 1.28.2 +version: 1.29.0 appVersion: 2023.8.3-0 dependencies: diff --git a/charts/keycloak/Chart.yaml b/charts/keycloak/Chart.yaml index 1d5c5a0ad..1b000468d 100644 --- a/charts/keycloak/Chart.yaml +++ b/charts/keycloak/Chart.yaml @@ -3,7 +3,7 @@ name: keycloak type: application description: Keycloak is a high performance Java-based identity and access management solution. It lets developers add an authentication layer to their applications with minimum effort. -version: 1.28.2 +version: 1.29.0 appVersion: 21.1.1-debian-11-r4 maintainers: diff --git a/charts/keys/Chart.yaml b/charts/keys/Chart.yaml index c9d59265d..01fa60b1d 100644 --- a/charts/keys/Chart.yaml +++ b/charts/keys/Chart.yaml @@ -3,7 +3,7 @@ name: keys type: application description: A Helm chart for Kubernetes to deploy API Keys service -version: 1.28.2 +version: 1.29.0 appVersion: 1.87.0 maintainers: diff --git a/charts/license/Chart.yaml b/charts/license/Chart.yaml index 6938efee1..fd5858e7b 100644 --- a/charts/license/Chart.yaml +++ b/charts/license/Chart.yaml @@ -3,8 +3,8 @@ name: license type: application description: A Helm chart for Kubernetes to deploy License service -version: 1.28.2 -appVersion: 2.2.1 +version: 1.29.0 +appVersion: 2.2.3 maintainers: - name: 2gis diff --git a/charts/license/README.md b/charts/license/README.md index 30790f211..751c8ef31 100644 --- a/charts/license/README.md +++ b/charts/license/README.md @@ -28,6 +28,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/architecture/service | ------------------------ | --------------------------------------- | ------- | | `dgctlStorage.host` | S3 endpoint. Format: `host:port`. | `""` | | `dgctlStorage.secure` | If S3 uses https. | `false` | +| `dgctlStorage.region` | S3 region. | `""` | | `dgctlStorage.bucket` | S3 bucket name. | `""` | | `dgctlStorage.accessKey` | S3 access key for accessing the bucket. | `""` | | `dgctlStorage.secretKey` | S3 secret key for accessing the bucket. | `""` | @@ -53,7 +54,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/architecture/service | Name | Description | Value | | ------------------ | ------------ | ------------------------- | | `image.repository` | Repository. | `2gis-on-premise/license` | -| `image.tag` | Tag. | `2.2.1` | +| `image.tag` | Tag. | `2.2.3` | | `image.pullPolicy` | Pull Policy. | `IfNotPresent` | ### License service application settings @@ -100,6 +101,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/architecture/service | ----------------------- | --------------------------------------- | ------- | | `persistence.host` | S3 endpoint. Format: `host:port`. | `""` | | `persistence.secure` | If S3 uses https. | `false` | +| `persistence.region` | S3 region. | `""` | | `persistence.bucket` | S3 bucket name. | `""` | | `persistence.root` | Root directory in S3 bucket. | `""` | | `persistence.accessKey` | S3 access key for accessing the bucket. | `""` | diff --git a/charts/license/templates/configmap.yaml b/charts/license/templates/configmap.yaml index 079443206..297a1c85d 100644 --- a/charts/license/templates/configmap.yaml +++ b/charts/license/templates/configmap.yaml @@ -21,12 +21,14 @@ data: storage: host: {{ required "A valid $.Values.dgctlStorage.host entry is required" .host }} secure: {{ .secure }} + region: {{ .region }} bucket: {{ required "A valid $.Values.dgctlStorage.bucket entry is required" .bucket }} {{- end }} {{- with .persistence }} persistence: host: {{ .host }} secure: {{ .secure }} + region: {{ .region }} bucket: {{ .bucket }} root: {{ .root }} {{- end }} diff --git a/charts/license/values.yaml b/charts/license/values.yaml index cf84b24e6..c83c0183b 100644 --- a/charts/license/values.yaml +++ b/charts/license/values.yaml @@ -8,6 +8,7 @@ dgctlDockerRegistry: '' # @param dgctlStorage.host S3 endpoint. Format: `host:port`. # @param dgctlStorage.secure If S3 uses https. +# @param dgctlStorage.region S3 region. # @param dgctlStorage.bucket S3 bucket name. # @param dgctlStorage.accessKey S3 access key for accessing the bucket. # @param dgctlStorage.secretKey S3 secret key for accessing the bucket. @@ -15,6 +16,7 @@ dgctlDockerRegistry: '' dgctlStorage: host: '' secure: false + region: '' bucket: '' accessKey: '' secretKey: '' @@ -63,7 +65,7 @@ imagePullSecrets: [] image: repository: 2gis-on-premise/license - tag: 2.2.1 + tag: 2.2.3 pullPolicy: IfNotPresent # @section License service application settings @@ -137,6 +139,7 @@ resources: # @param persistence.host S3 endpoint. Format: `host:port`. # @param persistence.secure If S3 uses https. +# @param persistence.region S3 region. # @param persistence.bucket S3 bucket name. # @param persistence.root Root directory in S3 bucket. # @param persistence.accessKey S3 access key for accessing the bucket. @@ -145,6 +148,7 @@ resources: persistence: host: '' secure: false + region: '' bucket: '' root: '' accessKey: '' diff --git a/charts/mapgl-js-api/Chart.yaml b/charts/mapgl-js-api/Chart.yaml index 60466c451..dba618f3b 100644 --- a/charts/mapgl-js-api/Chart.yaml +++ b/charts/mapgl-js-api/Chart.yaml @@ -4,7 +4,7 @@ description: Basic WebGL map chart template for 2GIS On-Premise type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.51.0 maintainers: diff --git a/charts/mapgl-js-api/README.md b/charts/mapgl-js-api/README.md index 30e0307bc..e3750dbb7 100644 --- a/charts/mapgl-js-api/README.md +++ b/charts/mapgl-js-api/README.md @@ -51,22 +51,22 @@ See the [documentation](https://docs.2gis.com/en/on-premise/map) to learn about: ### Environment variables -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | -| `env.MAPGL_DEMO_KEY` | token from 'keys-api' service. Defines access for map through MAPGL_HOST. | `""` | -| `env.MAPGL_HOST` | URL for MapGL JS API service, e.g. 'https://mapgl-api.ingress.host' | `""` | -| `env.MAPGL_TILES_API` | URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' | `""` | -| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | -| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | -| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `""` | -| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service, e.g. 'https://floors-api.ingress.host' | `""` | -| `env.MAPGL_STYLESERVER` | URL of the Styles API service, e.g. 'https://styles.ingress.host' | `""` | -| `env.MAPGL_ICONSPATH` | URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' | `""` | -| `env.MAPGL_MODELSPATH` | URL of the models directory, e.g. 'https://styles.ingress.host/styles/assets/models' | `""` | -| `env.MAPGL_KEYSERVER` | URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' | `""` | -| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' | `""` | -| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | -| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | +| Name | Description | Value | +| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | +| `env.MAPGL_DEMO_KEY` | token from 'keys-api' service. Defines access for map through MAPGL_HOST. | `""` | +| `env.MAPGL_HOST` | URL for MapGL JS API service, e.g. 'https://mapgl-api.ingress.host' | `""` | +| `env.MAPGL_TILES_API` | URL of the Tiles API service, e.g. 'https://tiles-api.ingress.host' | `""` | +| `env.MAPGL_TILESET` | Tileset of the Tiles API service to use. | `web` | +| `env.MAPGL_IMMERSIVE_TILESET` | Additional immersive tileset of the Tiles API service to use. | `web_immersive` | +| `env.MAPGL_TRAFFICSERVER` | Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' | `https://traffic-proxy.ingress.host` | +| `env.MAPGL_FLOORSSERVER` | URL of the Floors API service, e.g. 'https://floors-api.ingress.host' | `""` | +| `env.MAPGL_STYLESERVER` | URL of the Styles API service, e.g. 'https://styles.ingress.host' | `""` | +| `env.MAPGL_ICONS_URL` | URL of the icons directory, e.g. 'https://s3.ingress.host/styles/assets/icons'. This s3 URL must be public available (accessible from browser). | `""` | +| `env.MAPGL_MODELS_URL` | URL of the models directory, e.g. 'https://s3.ingress.host/styles/assets/models'. This s3 URL must be public available (accessible from browser). | `""` | +| `env.MAPGL_KEYSERVER` | URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' | `""` | +| `env.MAPGL_RTLPLUGIN` | URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' | `""` | +| `env.MAPGL_RTLPLUGINHASH` | SHA512 hash of the RTL plugin. | `sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA==` | +| `env.MAPGL_INVALID_KEY_MESSAGE` | Custom error message for invalid MapGL key. | `Your MapGL key is invalid. Please contact support to get valid key.` | ### Strategy settings diff --git a/charts/mapgl-js-api/templates/deployment.yaml b/charts/mapgl-js-api/templates/deployment.yaml index bb022bb84..862d49ea8 100644 --- a/charts/mapgl-js-api/templates/deployment.yaml +++ b/charts/mapgl-js-api/templates/deployment.yaml @@ -42,33 +42,33 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: PUBLIC_HOST - value: "{{ .Values.env.MAPGL_HOST }}" + value: {{ .Values.env.MAPGL_HOST | quote }} - name: DEMO_KEY - value: "{{ .Values.env.MAPGL_DEMO_KEY }}" + value: {{ .Values.env.MAPGL_DEMO_KEY | quote }} - name: MAPGL_TILESERVER - value: "{{ .Values.env.MAPGL_TILES_API }}" + value: {{ required "A valid .Values.env.MAPGL_TILES_API entry required" .Values.env.MAPGL_TILES_API | quote }} - name: MAPGL_TILESET - value: "{{ .Values.env.MAPGL_TILESET }}" + value: {{ .Values.env.MAPGL_TILESET | quote }} - name: MAPGL_MODELS_TILESET - value: "{{ .Values.env.MAPGL_IMMERSIVE_TILESET }}" + value: {{ .Values.env.MAPGL_IMMERSIVE_TILESET | quote }} - name: MAPGL_TRAFFICSERVER - value: "{{ .Values.env.MAPGL_TRAFFICSERVER }}" + value: {{ .Values.env.MAPGL_TRAFFICSERVER | quote }} - name: MAPGL_FLOORSSERVER - value: "{{ .Values.env.MAPGL_FLOORSSERVER }}" + value: {{ .Values.env.MAPGL_FLOORSSERVER | quote }} - name: MAPGL_STYLESERVER - value: "{{ .Values.env.MAPGL_STYLESERVER }}" + value: {{ .Values.env.MAPGL_STYLESERVER | quote }} - name: MAPGL_ICONSPATH - value: "{{ .Values.env.MAPGL_ICONSPATH }}" + value: {{ .Values.env.MAPGL_ICONS_URL | quote }} - name: MAPGL_MODELSPATH - value: "{{ .Values.env.MAPGL_MODELSPATH }}" + value: {{ .Values.env.MAPGL_MODELS_URL | quote }} - name: MAPGL_KEYSERVER - value: "{{ .Values.env.MAPGL_KEYSERVER }}" + value: {{ .Values.env.MAPGL_KEYSERVER | quote }} - name: MAPGL_RTLPLUGIN - value: "{{ .Values.env.MAPGL_RTLPLUGIN }}" + value: {{ .Values.env.MAPGL_RTLPLUGIN | quote }} - name: MAPGL_RTLPLUGINHASH - value: "{{ .Values.env.MAPGL_RTLPLUGINHASH }}" + value: {{ .Values.env.MAPGL_RTLPLUGINHASH | quote }} - name: MAPGL_INVALID_KEY_MESSAGE - value: "{{ .Values.env.MAPGL_INVALID_KEY_MESSAGE }}" + value: {{ .Values.env.MAPGL_INVALID_KEY_MESSAGE | quote }} ports: - name: http containerPort: 8080 diff --git a/charts/mapgl-js-api/values.yaml b/charts/mapgl-js-api/values.yaml index 75a925eb0..ab04adcc0 100644 --- a/charts/mapgl-js-api/values.yaml +++ b/charts/mapgl-js-api/values.yaml @@ -52,8 +52,8 @@ image: # @param env.MAPGL_TRAFFICSERVER Domain name of the Traffic Proxy service, e.g. 'https://traffic-proxy.ingress.host' # @param env.MAPGL_FLOORSSERVER URL of the Floors API service, e.g. 'https://floors-api.ingress.host' # @param env.MAPGL_STYLESERVER URL of the Styles API service, e.g. 'https://styles.ingress.host' -# @param env.MAPGL_ICONSPATH URL of the icons directory, e.g. 'https://styles.ingress.host/styles/assets/icons' -# @param env.MAPGL_MODELSPATH URL of the models directory, e.g. 'https://styles.ingress.host/styles/assets/models' +# @param env.MAPGL_ICONS_URL URL of the icons directory, e.g. 'https://s3.ingress.host/styles/assets/icons'. This s3 URL must be public available (accessible from browser). +# @param env.MAPGL_MODELS_URL URL of the models directory, e.g. 'https://s3.ingress.host/styles/assets/models'. This s3 URL must be public available (accessible from browser). # @param env.MAPGL_KEYSERVER URL of the API Keys service, e.g. 'https://keys-api.ingress.host/public/v1/keys/{keyID}/services/mapgl-js-api' # @param env.MAPGL_RTLPLUGIN URL of the plugin for right-to-left languages support, e.g. 'https://mapgl-api.ingress.host/api/js/plugins/rtl-v1.0.0.js' # @param env.MAPGL_RTLPLUGINHASH SHA512 hash of the RTL plugin. @@ -65,11 +65,11 @@ env: MAPGL_TILES_API: '' MAPGL_TILESET: web MAPGL_IMMERSIVE_TILESET: web_immersive - MAPGL_TRAFFICSERVER: '' + MAPGL_TRAFFICSERVER: https://traffic-proxy.ingress.host MAPGL_FLOORSSERVER: '' MAPGL_STYLESERVER: '' - MAPGL_ICONSPATH: '' - MAPGL_MODELSPATH: '' + MAPGL_ICONS_URL: '' + MAPGL_MODELS_URL: '' MAPGL_KEYSERVER: '' MAPGL_RTLPLUGIN: '' MAPGL_RTLPLUGINHASH: sha512-YAPPEl+Atvsm/cMkrfWefmlQLAlKTGaqFjIkI6urAnDgam2uTVEVVnZZEhHCa91JjYYxa5yr4Ndb4Vl3NUovfA== diff --git a/charts/navi-async-grpc-proxy/Chart.yaml b/charts/navi-async-grpc-proxy/Chart.yaml index 6ddabb57b..b0be35a30 100644 --- a/charts/navi-async-grpc-proxy/Chart.yaml +++ b/charts/navi-async-grpc-proxy/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - dm-async-matrix - async-grpc-proxy -version: 1.28.2 +version: 1.29.0 appVersion: 0.0.2 maintainers: - name: 2gis diff --git a/charts/navi-async-matrix/Chart.yaml b/charts/navi-async-matrix/Chart.yaml index 2e4b3a27a..d350995a6 100644 --- a/charts/navi-async-matrix/Chart.yaml +++ b/charts/navi-async-matrix/Chart.yaml @@ -4,7 +4,7 @@ description: Service implements asynchronous API over Distance Matrix type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.11.2 maintainers: diff --git a/charts/navi-async-matrix/README.md b/charts/navi-async-matrix/README.md index 5d2d7fd7d..ab82fb334 100644 --- a/charts/navi-async-matrix/README.md +++ b/charts/navi-async-matrix/README.md @@ -202,6 +202,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation/distance- | `keys.url` | API keys service URL, ex: http://keys-api.svc/service/v1/keys. **Required** | `""` | | `keys.token` | API token to authorize at the service. **Required** | `""` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-async-matrix/templates/_helpers.tpl b/charts/navi-async-matrix/templates/_helpers.tpl index f18deae00..9d18c9a6f 100644 --- a/charts/navi-async-matrix/templates/_helpers.tpl +++ b/charts/navi-async-matrix/templates/_helpers.tpl @@ -212,3 +212,12 @@ Name for psql secret and volume {{- define "navi-async-matrix.fullname-psql" -}} {{- printf "%s-psql" (include "navi-async-matrix.fullname" .) -}} {{- end }} + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-async-matrix/templates/configmap-ca.yaml b/charts/navi-async-matrix/templates/configmap-ca.yaml new file mode 100644 index 000000000..87141aca4 --- /dev/null +++ b/charts/navi-async-matrix/templates/configmap-ca.yaml @@ -0,0 +1,10 @@ + +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "navi-async-matrix.fullname" . }}-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-async-matrix/templates/statefulset.yaml b/charts/navi-async-matrix/templates/statefulset.yaml index d02897f01..b1a48dd73 100644 --- a/charts/navi-async-matrix/templates/statefulset.yaml +++ b/charts/navi-async-matrix/templates/statefulset.yaml @@ -33,6 +33,9 @@ spec: {{- end }} checksum/config: {{ (include (print $.Template.BasePath "/configmap.yaml") . | fromYaml).data | toYaml | sha256sum }} checksum/secret: {{ (include (print $.Template.BasePath "/secret.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -93,6 +96,11 @@ spec: - name: {{ include "navi-async-matrix.fullname-psql" . | quote }} emptyDir: {} {{- end }} + {{- if .Values.customCAs.bundle }} + - name: {{ include "navi-async-matrix.fullname" . }}-ca + configMap: + name: {{ include "navi-async-matrix.fullname" . }}-ca + {{- end }} initContainers: {{- if .Values.db.tls.enabled }} - name: copy-certs @@ -155,6 +163,11 @@ spec: - name: {{ printf "%s-psql" (include "navi-async-matrix.fullname" .) | quote }} mountPath: /etc/2gis/secret/psql {{- end }} + {{- if .Values.customCAs.bundle }} + - name: {{ include "navi-async-matrix.fullname" . }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} env: - name: DM_ASYNC_SERVICE_HOST value: {{ .Values.dm.host | quote }} @@ -263,3 +276,7 @@ spec: secretKeyRef: name: {{ include "navi-async-matrix.fullname" . | quote }} key: dmApiKey + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} diff --git a/charts/navi-async-matrix/values.yaml b/charts/navi-async-matrix/values.yaml index 4d3ca0cf0..7569c1393 100644 --- a/charts/navi-async-matrix/values.yaml +++ b/charts/navi-async-matrix/values.yaml @@ -389,3 +389,17 @@ bss: keys: url: '' token: '' + + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/navi-back/Chart.yaml b/charts/navi-back/Chart.yaml index 8ac907fb1..131789c58 100644 --- a/charts/navi-back/Chart.yaml +++ b/charts/navi-back/Chart.yaml @@ -6,7 +6,7 @@ keywords: - navi - back - backend -version: 1.28.2 +version: 1.29.0 appVersion: 7.27.1.2 dependencies: - name: generic-chart diff --git a/charts/navi-back/README.md b/charts/navi-back/README.md index b17180c99..5fd1d63d5 100644 --- a/charts/navi-back/README.md +++ b/charts/navi-back/README.md @@ -335,6 +335,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `metrics.resources.limits.cpu` | CPU limit, recommended value `100m` | | | `metrics.resources.limits.memory` | Memory limit, recommended value `10Mi` | | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-back/templates/_helpers.tpl b/charts/navi-back/templates/_helpers.tpl index c81df9461..4bbe27c71 100644 --- a/charts/navi-back/templates/_helpers.tpl +++ b/charts/navi-back/templates/_helpers.tpl @@ -399,3 +399,12 @@ Usage: {{- printf (include "config.setCastleUrl" $) -}} {{- end -}} {{- end -}} + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-back/templates/configmap-ca.yaml b/charts/navi-back/templates/configmap-ca.yaml new file mode 100644 index 000000000..c1f0d6598 --- /dev/null +++ b/charts/navi-back/templates/configmap-ca.yaml @@ -0,0 +1,9 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "generic-chart.fullname" . }}-configmap-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-back/templates/deployment.yaml b/charts/navi-back/templates/deployment.yaml index 2ff5e1da3..603a9c44b 100644 --- a/charts/navi-back/templates/deployment.yaml +++ b/charts/navi-back/templates/deployment.yaml @@ -30,6 +30,9 @@ spec: annotations: checksum/config: {{ (include (print $.Template.BasePath "/configmap.yaml") . | fromYaml).data | toYaml | sha256sum }} checksum/secret: {{ (include (print $.Template.BasePath "/secret.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -52,6 +55,11 @@ spec: - name: {{ include "generic-chart.fullname" . }}-configmap configMap: name: {{ include "generic-chart.fullname" . }}-configmap + {{- if .Values.customCAs.bundle }} + - name: {{ include "generic-chart.fullname" . }}-configmap-ca + configMap: + name: {{ include "generic-chart.fullname" . }}-configmap-ca + {{- end }} {{- if .Values.kafka.fileProperties }} - name: {{ include "generic-chart.fullname" . }}-secret secret: @@ -87,6 +95,16 @@ spec: - name: {{ include "generic-chart.fullname" . }}-configmap mountPath: /etc/envoy/envoy.yaml subPath: envoy.yaml + {{- if .Values.customCAs.bundle }} + - name: {{ include "generic-chart.fullname" . }}-configmap-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} + {{- if .Values.customCAs.bundle }} + env: + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} {{- if (.Values.envoy).resources }} resources: {{- toYaml .Values.envoy.resources | nindent 12 }} {{- end }} @@ -168,27 +186,32 @@ spec: - /etc/2gis/mosesd/navi-back.conf {{- end }} volumeMounts: - - name: {{ include "generic-chart.fullname" . }}-configmap - mountPath: /etc/2gis/mosesd/navi-back.conf - subPath: navi-back.conf - - name: {{ include "generic-chart.fullname" . }}-configmap - mountPath: /etc/2gis/mosesd/rules.conf - subPath: rules.conf - {{- if .Values.kafka.fileProperties }} - - name: {{ include "generic-chart.fullname" . }}-secret - mountPath: /etc/2gis/mosesd/secret/ - {{- end }} - {{- if .Values.naviback.sentry.enabled }} - - name: sentry-volume - mountPath: {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }} - {{- end }} - {{- if .Values.naviback.hierarchies.enabled }} - - name: hierarchies-volume - mountPath: "/tmp/hierarchies" - {{- end }} - {{- if .Values.extraVolumeMounts }} - {{- include "tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 10 }} - {{- end }} + - name: {{ include "generic-chart.fullname" . }}-configmap + mountPath: /etc/2gis/mosesd/navi-back.conf + subPath: navi-back.conf + - name: {{ include "generic-chart.fullname" . }}-configmap + mountPath: /etc/2gis/mosesd/rules.conf + subPath: rules.conf + {{- if .Values.kafka.fileProperties }} + - name: {{ include "generic-chart.fullname" . }}-secret + mountPath: /etc/2gis/mosesd/secret/ + {{- end }} + {{- if .Values.naviback.sentry.enabled }} + - name: sentry-volume + mountPath: {{ .Values.naviback.sentry.reportPath | default "/tmp/sentry" | quote }} + {{- end }} + {{- if .Values.naviback.hierarchies.enabled }} + - name: hierarchies-volume + mountPath: "/tmp/hierarchies" + {{- end }} + {{- if .Values.extraVolumeMounts }} + {{- include "tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 10 }} + {{- end }} + {{- if .Values.customCAs.bundle }} + - name: {{ include "generic-chart.fullname" . }}-configmap-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} ports: - name: http containerPort: {{ .Values.naviback.appPort }} @@ -243,10 +266,14 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} env: - - name: RULE - value: {{ .Values.naviback.app_rule | default "" | quote }} - - name: PROJECT - value: {{ .Values.app_project | default "" | quote }} + - name: RULE + value: {{ .Values.naviback.app_rule | default "" | quote }} + - name: PROJECT + value: {{ .Values.app_project | default "" | quote }} + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} lifecycle: # wait for the endpoint removal process preStop: diff --git a/charts/navi-back/values.yaml b/charts/navi-back/values.yaml index ad7dcc950..de6f8d3f8 100644 --- a/charts/navi-back/values.yaml +++ b/charts/navi-back/values.yaml @@ -658,3 +658,16 @@ metrics: tag: '' port: 9090 resources: {} + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/navi-castle/Chart.yaml b/charts/navi-castle/Chart.yaml index f9ebd5741..6e9beccb3 100644 --- a/charts/navi-castle/Chart.yaml +++ b/charts/navi-castle/Chart.yaml @@ -4,7 +4,7 @@ description: Castle Helm chart for Kubernetes type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.9.2 maintainers: diff --git a/charts/navi-castle/README.md b/charts/navi-castle/README.md index 7705cae84..9145e9a79 100644 --- a/charts/navi-castle/README.md +++ b/charts/navi-castle/README.md @@ -150,6 +150,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn | `persistentVolume.storageClass` | Volume [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). | `ceph-csi-rbd` | | `persistentVolume.size` | Volume size. | `5Gi` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-castle/templates/_helpers.tpl b/charts/navi-castle/templates/_helpers.tpl index 8e4d071bb..20c641d06 100644 --- a/charts/navi-castle/templates/_helpers.tpl +++ b/charts/navi-castle/templates/_helpers.tpl @@ -83,3 +83,13 @@ Determine --service parameter for a specific cron job flavor {{- define "castle.serviceParameter" -}} {{- eq "restrictionImport" .flavor | ternary "import-restrictions" .flavor -}} {{- end -}} + + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-castle/templates/configmap-ca.yaml b/charts/navi-castle/templates/configmap-ca.yaml new file mode 100644 index 000000000..96d19c95c --- /dev/null +++ b/charts/navi-castle/templates/configmap-ca.yaml @@ -0,0 +1,9 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "castle.fullname" . }}-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-castle/templates/cronjob.yaml b/charts/navi-castle/templates/cronjob.yaml index ff1011da3..87dde3969 100644 --- a/charts/navi-castle/templates/cronjob.yaml +++ b/charts/navi-castle/templates/cronjob.yaml @@ -38,6 +38,11 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config configMap: name: {{ include "castle.fullname" $ }}-builder-config + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + configMap: + name: {{ include "castle.fullname" $ }}-ca + {{- end }} containers: - name: castle-cron image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ $.Values.castle.image.repository }}:{{ $.Values.castle.image.tag | default $.Chart.AppVersion }} @@ -48,6 +53,11 @@ spec: - /opt/config_builder.conf - --service={{ include "castle.serviceParameter" ( dict "flavor" $flavor ) }} - --jobs={{ $.Values.castle.jobs | default 1 | int }} + {{- if .Values.customCAs.bundle }} + env: + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} volumeMounts: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: /opt/config_builder.conf @@ -55,6 +65,11 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: {{ $.Values.castle.castleDataPath }}/cities_template subPath: cities_template + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} - name: {{ include "castle.fullname" $ }}-pvc mountPath: {{ $.Values.castle.castleDataPath }} resources: diff --git a/charts/navi-castle/templates/statefulset.yaml b/charts/navi-castle/templates/statefulset.yaml index fe2e69159..c6ef8fedc 100644 --- a/charts/navi-castle/templates/statefulset.yaml +++ b/charts/navi-castle/templates/statefulset.yaml @@ -25,6 +25,9 @@ spec: checksum/configbuilder: {{ include (print $.Template.BasePath "/configmapbuilder.yaml") . | sha256sum }} checksum/configbuilder-runnable: {{ include (print $.Template.BasePath "/configmapbuilder-runnable.yaml") . | sha256sum }} checksum/confignginx: {{ include (print $.Template.BasePath "/configmapnginx.yaml") . | sha256sum }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -34,6 +37,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} volumes: - name: {{ include "castle.fullname" . }}-builder-config configMap: @@ -45,6 +52,11 @@ spec: - name: {{ include "castle.fullname" . }}-castle-nginx-config configMap: name: {{ include "castle.fullname" . }}-castle-nginx-config + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + configMap: + name: {{ include "castle.fullname" $ }}-ca + {{- end }} {{- if (not .Values.persistentVolume.enabled) }} - name: {{ include "castle.fullname" . }}-data emptyDir: {} @@ -53,6 +65,11 @@ spec: containers: - name: castle-nginx image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }} + imagePullPolicy: {{ .Values.nginx.image.pullPolicy }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -80,9 +97,19 @@ spec: failureThreshold: 2 - name: castle-cron image: {{ required "A valid $.Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ $.Values.castle.image.repository }}:{{ $.Values.castle.image.tag }} + imagePullPolicy: {{ .Values.castle.image.pullPolicy }} + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} command: ["/tini","--"] args: - /opt/update_services_init.sh + env: + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} resources: {{- toYaml $.Values.resources | nindent 12 }} startupProbe: @@ -116,6 +143,11 @@ spec: - name: {{ include "castle.fullname" $ }}-builder-config mountPath: /opt/update_services subPath: update_services + {{- if .Values.customCAs.bundle }} + - name: {{ include "castle.fullname" $ }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} {{- if .Values.persistentVolume.enabled }} - name: {{ include "castle.fullname" . }}-pvc mountPath: {{ .Values.castle.castleDataPath }} diff --git a/charts/navi-castle/values.yaml b/charts/navi-castle/values.yaml index fcc24587b..a8a2e9385 100644 --- a/charts/navi-castle/values.yaml +++ b/charts/navi-castle/values.yaml @@ -205,3 +205,16 @@ persistentVolume: - ReadWriteOnce storageClass: ceph-csi-rbd size: 5Gi + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/navi-front/Chart.yaml b/charts/navi-front/Chart.yaml index 04fc28bda..f0315fe0e 100644 --- a/charts/navi-front/Chart.yaml +++ b/charts/navi-front/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - front -version: 1.28.2 +version: 1.29.0 appVersion: 1.24.1 maintainers: - name: 2gis diff --git a/charts/navi-restrictions/Chart.yaml b/charts/navi-restrictions/Chart.yaml index e84f1dc65..743b19fb8 100644 --- a/charts/navi-restrictions/Chart.yaml +++ b/charts/navi-restrictions/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Restrictions backend type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.24.1 maintainers: diff --git a/charts/navi-restrictions/README.md b/charts/navi-restrictions/README.md index bbbb34e1d..1c27f5777 100644 --- a/charts/navi-restrictions/README.md +++ b/charts/navi-restrictions/README.md @@ -174,6 +174,13 @@ See the [documentation](https://docs.2gis.com/en/on-premise/restrictions) to lea | `cron.resources.limits.cpu` | A CPU limit | `1000m` | | `cron.resources.limits.memory` | A memory limit | `1024Mi` | +### customCAs **Custom Certificate Authority** + +| Name | Description | Value | +| --------------------- | --------------------------------------------------------------------------------------------------------------------------- | ----- | +| `customCAs.bundle` | Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) | `""` | +| `customCAs.certsPath` | Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" | `""` | + ## Maintainers diff --git a/charts/navi-restrictions/templates/_helpers.tpl b/charts/navi-restrictions/templates/_helpers.tpl index ebbefcc47..cefd13446 100644 --- a/charts/navi-restrictions/templates/_helpers.tpl +++ b/charts/navi-restrictions/templates/_helpers.tpl @@ -87,3 +87,12 @@ Check for deprecated values {{- if .Values.db -}}{{ fail "[after 1.20.2] .Values.db renamed to .Values.postgres" }}{{- end }} {{- end }} {{/* 1.20.2 */}} {{- end }} + +{{/* +Set custom CAs mount path +Usage: +{{ include "custom.ca.mountPath" $ }} +*/}} +{{- define "custom.ca.mountPath" -}} +{{ .Values.customCAs.certsPath | default "/usr/local/share/ca-certificates" }} +{{- end -}} diff --git a/charts/navi-restrictions/templates/configmap-ca.yaml b/charts/navi-restrictions/templates/configmap-ca.yaml new file mode 100644 index 000000000..a45b15138 --- /dev/null +++ b/charts/navi-restrictions/templates/configmap-ca.yaml @@ -0,0 +1,9 @@ +{{- if .Values.customCAs.bundle }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "navi-restrictions.fullname" . }}-ca +data: + custom-ca.crt: |- + {{- .Values.customCAs.bundle | nindent 4 }} +{{- end }} diff --git a/charts/navi-restrictions/templates/cronjob.yaml b/charts/navi-restrictions/templates/cronjob.yaml index da2f23c5f..31818a91c 100644 --- a/charts/navi-restrictions/templates/cronjob.yaml +++ b/charts/navi-restrictions/templates/cronjob.yaml @@ -32,6 +32,12 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} spec: + {{- if .Values.customCAs.bundle }} + volumes: + - name: {{ include "navi-restrictions.fullname" $ }}-ca + configMap: + name: {{ include "navi-restrictions.fullname" $ }}-ca + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 12 }} @@ -83,4 +89,14 @@ spec: secretKeyRef: name: {{ include "navi-restrictions.fullname" . }} key: keysApi + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + - name: {{ include "navi-restrictions.fullname" $ }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} {{- end }} diff --git a/charts/navi-restrictions/templates/deployment.yaml b/charts/navi-restrictions/templates/deployment.yaml index 9369ad4ae..e2d6b8c1e 100644 --- a/charts/navi-restrictions/templates/deployment.yaml +++ b/charts/navi-restrictions/templates/deployment.yaml @@ -31,6 +31,9 @@ spec: {{- if .Values.prometheusEnabled }} prometheus.io/scrape: "true" {{- end }} + {{- if .Values.customCAs.bundle }} + checksum/custom-ca: {{ (include (print $.Template.BasePath "/configmap-ca.yaml") . | fromYaml).data | toYaml | sha256sum }} + {{- end }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} @@ -41,6 +44,12 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- if .Values.customCAs.bundle }} + volumes: + - name: {{ include "navi-restrictions.fullname" . }}-ca + configMap: + name: {{ include "navi-restrictions.fullname" . }}-ca + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -90,6 +99,12 @@ spec: securityContext: {{- toYaml . | nindent 12 }} {{- end }} + {{- if .Values.customCAs.bundle }} + volumeMounts: + - name: {{ include "navi-restrictions.fullname" . }}-ca + mountPath: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + subPath: custom-ca.crt + {{- end }} env: - name: DEBUG value: "{{ .Values.api.debug | ternary "True" "False" }}" @@ -115,3 +130,7 @@ spec: secretKeyRef: name: {{ include "navi-restrictions.fullname" . }} key: keysApi + {{- if .Values.customCAs.bundle }} + - name: SSL_CERT_FILE + value: {{ include "custom.ca.mountPath" . }}/custom-ca.crt + {{- end }} diff --git a/charts/navi-restrictions/values.yaml b/charts/navi-restrictions/values.yaml index 20e1c7d32..76b524fee 100644 --- a/charts/navi-restrictions/values.yaml +++ b/charts/navi-restrictions/values.yaml @@ -267,3 +267,17 @@ cron: # @param cron.resources.requests.memory A memory request # @param cron.resources.limits.cpu A CPU limit # @param cron.resources.limits.memory A memory limit + + +# @section customCAs **Custom Certificate Authority** + +# @param customCAs.bundle Custom CA [text representation of the X.509 PEM public-key certificate](https://www.rfc-editor.org/rfc/rfc7468#section-5.1) +# @param customCAs.certsPath Custom CA bundle mount directory in the container. If empty, the default value: "/usr/local/share/ca-certificates" + +customCAs: + bundle: '' +# bundle: | + # -----BEGIN CERTIFICATE----- + # ... + # -----END CERTIFICATE----- + certsPath: '' diff --git a/charts/navi-router/Chart.yaml b/charts/navi-router/Chart.yaml index d8b139ddf..4740b9cb0 100644 --- a/charts/navi-router/Chart.yaml +++ b/charts/navi-router/Chart.yaml @@ -5,7 +5,7 @@ type: application keywords: - navi - router -version: 1.28.2 +version: 1.29.0 appVersion: 6.24.0.3 maintainers: - name: 2gis diff --git a/charts/navi-splitter/Chart.yaml b/charts/navi-splitter/Chart.yaml index 5df1808a7..001ee1da8 100644 --- a/charts/navi-splitter/Chart.yaml +++ b/charts/navi-splitter/Chart.yaml @@ -15,5 +15,5 @@ maintainers: - name: 2gis url: https://github.com/2gis email: on-premise@2gis.com -version: 1.28.2 +version: 1.29.0 appVersion: 1.0.1 diff --git a/charts/platform/Chart.yaml b/charts/platform/Chart.yaml index ba75830a2..b487ad650 100644 --- a/charts/platform/Chart.yaml +++ b/charts/platform/Chart.yaml @@ -3,7 +3,7 @@ name: platform type: application description: A Helm chart for Kubernetes to deploy Platform -version: 1.28.2 +version: 1.29.0 appVersion: 0.15.1 maintainers: diff --git a/charts/pro-api/Chart.yaml b/charts/pro-api/Chart.yaml index 5930bdeb0..e01669dfe 100644 --- a/charts/pro-api/Chart.yaml +++ b/charts/pro-api/Chart.yaml @@ -4,7 +4,7 @@ description: Geo API for getting geo data type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.35.0 maintainers: diff --git a/charts/pro-api/README.md b/charts/pro-api/README.md index f33f81fb8..e32d76d93 100644 --- a/charts/pro-api/README.md +++ b/charts/pro-api/README.md @@ -2,33 +2,131 @@ ## Values +### Geo API configuration & settings + +| Name | Description | Value | +| ----------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------- | +| `Image` | settings | | +| `api.image.repository` | Repository | `2gis-on-premise/pro-api` | +| `api.image.tag` | Tag | `1.35.0` | +| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `Ingress` | settings | | +| `api.ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `api.ingress.className` | Name of the Ingress controller class. | `nginx` | +| `api.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-api.example.com` | +| `api.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `api.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `api.ingress.tls` | TLS configuration | `[]` | +| `Pod` | settings | | +| `api.pod.appName` | Name of the service. | `pro-api` | +| `api.pod.replicaCount` | A replica count for the pod. | `2` | +| `api.pod.imagePullSecrets` | Kubernetes image pull secrets. | `[]` | +| `api.pod.nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | +| `api.pod.fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | +| `api.pod.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `api.pod.affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | +| `api.pod.priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | +| `api.pod.terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `300` | +| `api.pod.tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | +| `api.pod.podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.pod.podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.pod.annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `api.pod.labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.pod.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.pod.resources` | **Limits for the application service** | | +| `api.pod.resources.requests.cpu` | A CPU request. | `400m` | +| `api.pod.resources.requests.memory` | A memory request. | `256M` | +| `api.pod.resources.limits.cpu` | A CPU limit. | `1` | +| `api.pod.resources.limits.memory` | A memory limit. | `1024M` | +| `api.pod.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | +| `api.pod.strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | +| `api.pod.strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | +| `VPA` | settings [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) | | +| `api.vpa.enabled` | If VPA is enabled for the service. | `false` | +| `api.vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | +| `api.vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | `400m` | +| `api.vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | `256M` | +| `api.vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | `1` | +| `api.vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | `1024M` | +| `Service` | settings | | +| `api.service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `api.service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | PRO API service port. | `80` | +| `api.service.serviceAccount` | Kubernetes service account | `runner` | +| `api.service.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | +| `Geo` | API settings | | +| `api.settings.licenseKey` | License key. **Required** | `""` | +| `api.settings.tempPath` | Path to directory used for temp data | `/tmp` | +| `api.settings.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | +| `api.settings.logging` | Logging settings | | +| `api.settings.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | +| `api.settings.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | +| `api.settings.rateLimiter` | rate limiter settings | | +| `api.settings.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | +| `api.settings.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | +| `api.settings.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | +| `api.settings.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | +| `api.settings.auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | +| `api.settings.auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | +| `api.settings.auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | +| `api.settings.auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | +| `api.settings.auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | +| `api.settings.auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | +| `api.settings.auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | +| `api.settings.auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | + +### Permissions API configuration & settings + +| Name | Description | Value | +| ------------------------------------------------ | --------------------------------------------- | --------------------------------- | +| `Ingress` | settings | | +| `permissions.ingress.enabled` | If Ingress is enabled for the service. | `false` | +| `permissions.ingress.className` | Name of the Ingress controller class. | `nginx` | +| `permissions.ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-permissions-api.example.com` | +| `permissions.ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | +| `permissions.ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | +| `permissions.ingress.tls` | TLS configuration | `[]` | +| `Permissions` | API settings | | +| `permissions.settings.enabled` | If permissionsApi is enabled for the service. | `false` | + +### asset importer settings + +| Name | Description | Value | +| -------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `assetImporter.appName` | Data Import job name. | `asset-importer` | +| `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | +| `assetImporter.tag` | Docker image tag. | `1.35.0` | +| `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | +| `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | +| `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | +| `assetImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | +| `assetImporter.resources` | **Limits for the import job** | | +| `assetImporter.resources.requests.cpu` | A CPU request. | `700m` | +| `assetImporter.resources.requests.memory` | A memory request. | `768M` | +| `assetImporter.resources.limits.cpu` | A CPU limit. | `1000m` | +| `assetImporter.resources.limits.memory` | A memory limit. | `8Gi` | +| `assetImporter.enabled` | If assetImporter is enabled for the service. | `true` | +| `assetImporter.startOnDeploy` | Indicates that asset import should start when service installed or updated | `true` | +| `assetImporter.startOnDeployMode` | Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. | `ScheduleManifest` | +| `Asset` | importer settings | | +| `assetImporter.settings.maxParallelJobs` | How many import jobs can be run simultaneously | `1` | +| `assetImporter.settings.imageProxyUrl` | URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | +| `assetImporter.settings.externalLinksProxyUrl` | URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | +| `assetImporter.settings.externalLinksAllowedHosts` | Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) | `""` | + +### asset preparer settings + + +### common infrastructure settings + + ### Docker Registry settings | Name | Description | Value | | --------------------- | --------------------------------------------------------------------------------------- | ----- | | `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. | `""` | -### Common settings - -| Name | Description | Value | -| ------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | --------- | -| `appName` | Name of the service. | `pro-api` | -| `licenseKey` | License key. **Required** | `""` | -| `replicaCount` | A replica count for the pod. | `2` | -| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | -| `nameOverride` | Base name to use in all the Kubernetes entities deployed by this chart. | `""` | -| `fullnameOverride` | Base fullname to use in all the Kubernetes entities deployed by this chart. | `""` | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `affinity` | Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). | `{}` | -| `priorityClassName` | Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). | `""` | -| `terminationGracePeriodSeconds` | Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds | `300` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. | `[]` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `labels` | Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | - ### Deployment Artifacts Storage settings | Name | Description | Value | @@ -42,42 +140,6 @@ | `dgctlStorage.region` | AuthenticationRegion property for S3 client. Used in AWS4 request signing, this is an optional property | `""` | | `dgctlStorage.disablePayloadSigning` | Turns off payload signing, this is an optional property. Should be TRUE for Oracle S3 storage | `false` | -### Strategy settings - -| Name | Description | Value | -| --------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | -| `strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` | -| `strategy.rollingUpdate.maxUnavailable` | Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). | `0` | -| `strategy.rollingUpdate.maxSurge` | Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. | `1` | - -### Service settings - -| Name | Description | Value | -| --------------------- | ------------------------------------------------------------------------------------------------------------------------------ | ----------- | -| `service.annotations` | Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `service.labels` | Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). | `{}` | -| `service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `service.port` | PRO API service port. | `80` | - -### Kubernetes [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) settings - -| Name | Description | Value | -| ----------------------- | ------------------------------------------------------------------------------------------------------------ | ------- | -| `vpa.enabled` | If VPA is enabled for the service. | `false` | -| `vpa.updateMode` | VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). | `Auto` | -| `vpa.minAllowed.cpu` | Lower limit for the number of CPUs to which the autoscaler can scale down. | `400m` | -| `vpa.minAllowed.memory` | Lower limit for the RAM size to which the autoscaler can scale down. | `256M` | -| `vpa.maxAllowed.cpu` | Upper limit for the number of CPUs to which the autoscaler can scale up. | `1` | -| `vpa.maxAllowed.memory` | Upper limit for the RAM size to which the autoscaler can scale up. | `1024M` | - -### Deployment settings - -| Name | Description | Value | -| ------------------ | ----------- | ------------------------- | -| `image.repository` | Repository | `2gis-on-premise/pro-api` | -| `image.tag` | Tag | `1.35.0` | -| `image.pullPolicy` | Pull Policy | `IfNotPresent` | - ### 2GIS PRO Storage configuration | Name | Description | Value | @@ -88,34 +150,6 @@ | `s3.snapshotBucket` | S3 bucket for storing snapshots of inclemental data updates. **Required** | `""` | | `s3.resourcesBucket` | S3 bucket for storing static resources. **Required** | `""` | -### 2GIS PRO API configuration - -| Name | Description | Value | -| ------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------- | -| `api.serviceAccount` | Kubernetes service account | `runner` | -| `api.serviceAccountOverride` | The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. | `""` | -| `api.tempPath` | Path to directory used for temp data | `/tmp` | -| `api.allowAnyOrigin` | Cors policy: allow any origin to perform requests to pro-api service | `false` | -| `api.logging` | Logging settings | | -| `api.logging.format` | Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text | `simple` | -| `api.logging.targets` | Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). | `""` | -| `api.rateLimiter` | rate limiter settings | | -| `api.rateLimiter.requestsLimit` | max number of requests from one user during time window (0 means rate limiter is disabled) | `1024` | -| `api.rateLimiter.windowSizeInSeconds` | the size of time windows to count and limit incoming requests | `1` | - -### Auth configuration - -| Name | Description | Value | -| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------- | -| `auth.type` | Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol | `none` | -| `auth.url` | API URL of authentication service. Example: `http(s)://keycloak.ingress.host` | `""` | -| `auth.userInfoEndpoint` | The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` | `""` | -| `auth.wellKnownConfigEndpoint` | The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` | `""` | -| `auth.apiKey` | Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` | `""` | -| `auth.permissionsApiKey` | Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` | `""` | -| `auth.turnOffCertValidation` | Turn off certificate validation for auth.url | `false` | -| `auth.shareKeys` | Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` | `[]` | - ### PostgreSQL settings | Name | Description | Value | @@ -124,29 +158,6 @@ | `postgres.connectionStringReadonly` | Connection string to the readonly node of PostgreSQL database. Format: `Server=SERVER_URL;Database=DB_NAME;UID=USER_NAME;` | `""` | | `postgres.password` | User password to connect to the PostgreSQL database. | `""` | -### Keys Service settings - -| Name | Description | Value | -| ------------ | ---------------------------------------------------------------------------------------- | ----- | -| `keys.url` | API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** | `""` | -| `keys.token` | keys.api access token. **Required** | `""` | - -### ElasticSearch settings (supported version 7.x) - -| Name | Description | Value | -| --------------------- | ------------------------------------------------------------------------------------ | ----- | -| `elastic.host` | ElasticSearch host address. Format: `http(s)://HOST:PORT` | `""` | -| `elastic.credentials` | User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` | `""` | - -### Redis settings (supported version 6.x) - -| Name | Description | Value | -| ---------------- | --------------------------------- | ------ | -| `redis.host` | Redis host address. **Required** | `""` | -| `redis.port` | Redis port. **Required** | `6379` | -| `redis.username` | Username used to connect to Redis | `""` | -| `redis.password` | Password used to connect to Redis | `""` | - ### Kafka settings (supported version 2.7) | Name | Description | Value | @@ -168,12 +179,34 @@ | `kafka.assetDataTopic.name` | Kafka topic name. | `""` | | `kafka.refreshAssetsIntervalMinutes` | Refresh interval for reading streaming assets settings in minutes. | `60` | -### Import background jobs settings +### ElasticSearch settings (supported version 7.x) + +| Name | Description | Value | +| --------------------- | ------------------------------------------------------------------------------------ | ----- | +| `elastic.host` | ElasticSearch host address. Format: `http(s)://HOST:PORT` | `""` | +| `elastic.credentials` | User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` | `""` | -| Name | Description | Value | -| ----------------------------------------- | ---------------------------------------------------------------- | ------- | -| `backgroundJobs.enableUserAssetsImporter` | If user data importer job is enabled for the service. | `true` | -| `backgroundJobs.enableAssetsStreaming` | If the streaming data processing job is enabled for the service. | `false` | +### Redis settings (supported version 6.x) + +| Name | Description | Value | +| ---------------- | --------------------------------- | ------ | +| `redis.host` | Redis host address. **Required** | `""` | +| `redis.port` | Redis port. **Required** | `6379` | +| `redis.username` | Username used to connect to Redis | `""` | +| `redis.password` | Password used to connect to Redis | `""` | + +### external services + + +### digger settings + + +### Keys Service settings + +| Name | Description | Value | +| ------------ | ---------------------------------------------------------------------------------------- | ----- | +| `keys.url` | API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** | `""` | +| `keys.token` | keys.api access token. **Required** | `""` | ### Catalog API settings @@ -201,77 +234,6 @@ | ------------ | ------------------------------------------------------------------------------------------------ | ----- | | `search.url` | URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc | `""` | -### 2GIS PRO API Job settings - -| Name | Description | Value | -| ---------------------- | --------------------- | ---------------- | -| `appAssetImporterName` | Data Import job name. | `asset-importer` | - -### 2GIS PRO Permissions API configuration - -| Name | Description | Value | -| ------------------------ | --------------------------------------------- | ------- | -| `permissionsApi.enabled` | If permissionsApi is enabled for the service. | `false` | - -### Import job settings - -| Name | Description | Value | -| ------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | -| `assetImporter.repository` | Docker Repository Image. | `2gis-on-premise/pro-importer` | -| `assetImporter.tag` | Docker image tag. | `1.35.0` | -| `assetImporter.schedule` | Import job schedule. | `0 18 * * *` | -| `assetImporter.backoffLimit` | The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. | `2` | -| `assetImporter.successfulJobsHistoryLimit` | How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). | `3` | -| `assetImporter.nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). | `{}` | -| `assetImporter.maxParallelJobs` | How many import jobs can be run simultaneously | `1` | -| `assetImporter.enabled` | If assetImporter is enabled for the service. | `true` | -| `assetImporter.startOnDeploy` | Indicates that asset import should start when service installed or updated | `true` | -| `assetImporter.startOnDeployMode` | Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. | `ScheduleManifest` | -| `assetImporter.imageProxyUrl` | URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | -| `assetImporter.externalLinksProxyUrl` | URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) | `""` | -| `assetImporter.externalLinksAllowedHosts` | Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) | `""` | - -### Limits - -| Name | Description | Value | -| ----------------------------------------- | -------------------------------------- | ------- | -| `resources` | **Limits for the application service** | | -| `resources.requests.cpu` | A CPU request. | `400m` | -| `resources.requests.memory` | A memory request. | `256M` | -| `resources.limits.cpu` | A CPU limit. | `1` | -| `resources.limits.memory` | A memory limit. | `1024M` | -| `assetImporter.resources` | **Limits for the import job** | | -| `assetImporter.resources.requests.cpu` | A CPU request. | `700m` | -| `assetImporter.resources.requests.memory` | A memory request. | `768M` | -| `assetImporter.resources.limits.cpu` | A CPU limit. | `1000m` | -| `assetImporter.resources.limits.memory` | A memory limit. | `8Gi` | - -### Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings - - -### 2GIS PRO API ingress settings - -| Name | Description | Value | -| ------------------------------------ | ----------------------------------------- | --------------------- | -| `ingress.enabled` | If Ingress is enabled for the service. | `false` | -| `ingress.className` | Name of the Ingress controller class. | `nginx` | -| `ingress.hosts[0].host` | Hostname for the Ingress service. | `pro-api.example.com` | -| `ingress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `ingress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `ingress.tls` | TLS configuration | `[]` | - -### 2GIS PRO Permissions API ingress settings - -| Name | Description | Value | -| -------------------------------------------------- | ----------------------------------------- | --------------------------------- | -| `permissionsApiIngress.enabled` | If Ingress is enabled for the service. | `false` | -| `permissionsApiIngress.className` | Name of the Ingress controller class. | `nginx` | -| `permissionsApiIngress.hosts[0].host` | Hostname for the Ingress service. | `pro-permissions-api.example.com` | -| `permissionsApiIngress.hosts[0].paths[0].path` | Path of the host for the Ingress service. | `/` | -| `permissionsApiIngress.hosts[0].paths[0].pathType` | Type of the path for the Ingress service. | `Prefix` | -| `permissionsApiIngress.tls` | TLS configuration | `[]` | - - ## Installing 1. Create a configuration file values-api.yaml and fill in all the required parameters according to the docs above. diff --git a/charts/pro-api/templates/_helpers.tpl b/charts/pro-api/templates/_helpers.tpl index 38121023e..13c15d1fe 100644 --- a/charts/pro-api/templates/_helpers.tpl +++ b/charts/pro-api/templates/_helpers.tpl @@ -1,8 +1,8 @@ {{- define "pro-api.name" -}} -{{- if .Values.fullnameOverride -}} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- if .Values.api.pod.fullnameOverride -}} +{{- .Values.api.pod.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- $name := default .Values.appName .Values.nameOverride -}} +{{- $name := default .Values.api.pod.appName .Values.api.pod.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -16,8 +16,8 @@ {{- end -}} {{- define "pro-api.permissions-url" -}} -{{- if .Values.permissionsApi.host -}} -{{- .Values.permissionsApi.host -}} +{{- if .Values.permissions.settings.host -}} +{{- .Values.permissions.settings.host -}} {{- else -}} {{- "http://" -}} {{ include "pro-api.permissions-name" . }} @@ -25,7 +25,7 @@ {{- end -}} {{- define "pro-api.asset-importer-name" -}} -{{- $name := default .Values.appAssetImporterName -}} +{{- $name := default .Values.assetImporter.appName -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -34,7 +34,7 @@ {{- end -}} {{- define "pro-api.asset-preparer-name" -}} -{{- $name := default .Values.appAssetPreparerName -}} +{{- $name := default .Values.assetPreparer.appName -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} @@ -43,20 +43,20 @@ {{- end -}} {{- define "pro-api.service-account-name" -}} -{{- if empty .Values.api.serviceAccountOverride }} - {{- $name := default .Values.api.serviceAccount -}} +{{- if empty .Values.api.service.serviceAccountOverride }} + {{- $name := default .Values.api.service.serviceAccount -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- else -}} - {{- .Values.api.serviceAccountOverride | trunc 63 | trimSuffix "-" -}} + {{- .Values.api.service.serviceAccountOverride | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- define "pro-api.chart" -}} -{{- printf "%s-%s" .Values.appName .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" .Values.api.pod.appName .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- define "pro-api.selectorLabels" -}} diff --git a/charts/pro-api/templates/asset-import-starter.yaml b/charts/pro-api/templates/asset-import-starter.yaml index ef2e84f1b..907f26f4d 100644 --- a/charts/pro-api/templates/asset-import-starter.yaml +++ b/charts/pro-api/templates/asset-import-starter.yaml @@ -26,19 +26,19 @@ spec: resources: {{- toYaml .Values.assetImporter.resources | nindent 16 }} volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume env: - name: JOB_NAME value: {{ include "pro-api.asset-importer-name" . }} - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" + value: "{{ .Values.api.settings.tempPath }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: MODE value: "{{ .Values.assetImporter.startOnDeployMode }}" - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetImporter.maxParallelJobs }}" + value: "{{ .Values.assetImporter.settings.maxParallelJobs }}" - name: manifest_filename value: "{{ .Values.dgctlStorage.manifest }}" - name: S3Settings__Url @@ -82,21 +82,21 @@ spec: value: "{{ .Values.elastic.indexPrefix }}" - name: API_URL value: http://{{ include "pro-api.name" . }} - {{- if .Values.auth.apiKey }} + {{- if .Values.api.settings.auth.apiKey }} - name: API_TOKEN valueFrom: secretKeyRef: key: apiKey name: {{ include "pro-api.name" . }}-secret {{- end }} - {{- if .Values.assetImporter.files }} + {{- if .Values.assetImporter.settings.files }} - name: FILES - value: "{{ .Values.assetImporter.files}}" + value: "{{ .Values.assetImporter.settings.files}}" {{- end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Common__FailJobOnError value: "true" - name: Navi__Url diff --git a/charts/pro-api/templates/asset-importer.yaml b/charts/pro-api/templates/asset-importer.yaml index 3bcdf499e..fea2db40f 100644 --- a/charts/pro-api/templates/asset-importer.yaml +++ b/charts/pro-api/templates/asset-importer.yaml @@ -29,19 +29,19 @@ spec: resources: {{- toYaml .Values.assetImporter.resources | nindent 16 }} volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume env: - name: JOB_NAME value: {{ include "pro-api.asset-importer-name" . }} - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" + value: "{{ .Values.api.settings.tempPath }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: MODE value: "Schedule" - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetImporter.maxParallelJobs }}" + value: "{{ .Values.assetImporter.settings.maxParallelJobs }}" - name: manifest value: "{{ .Values.dgctlStorage.manifest }}" - name: S3Settings__Url @@ -85,16 +85,16 @@ spec: value: "{{ .Values.elastic.indexPrefix }}" - name: API_URL value: http://{{ include "pro-api.name" . }} - {{- if .Values.auth.apiKey }} + {{- if .Values.api.settings.auth.apiKey }} - name: API_TOKEN valueFrom: secretKeyRef: key: apiKey name: {{ include "pro-api.name" . }}-secret {{- end }} - {{- if .Values.assetImporter.files }} + {{- if .Values.assetImporter.settings.files }} - name: FILES - value: "{{ .Values.assetImporter.files}}" + value: "{{ .Values.assetImporter.settings.files}}" {{- end }} - name: DB_CONNECTION_STRING value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} @@ -104,11 +104,11 @@ spec: key: dbConnectionPwd name: {{ include "pro-api.name" . }}-secret - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Common__EsMetricsEnabled - value: "{{ .Values.assetImporter.esMetricsEnabled }}" + value: "{{ .Values.assetImporter.settings.esMetricsEnabled }}" - name: Digger__Address value: "{{ .Values.digger.url}}" - name: Digger__UserName diff --git a/charts/pro-api/templates/asset-preparer.yaml b/charts/pro-api/templates/asset-preparer.yaml index 95d5a032d..a31bdecf8 100644 --- a/charts/pro-api/templates/asset-preparer.yaml +++ b/charts/pro-api/templates/asset-preparer.yaml @@ -27,7 +27,7 @@ spec: resources: {{- toYaml .Values.assetPreparer.resources | nindent 16 }} volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume env: - name: JOB_NAME @@ -39,7 +39,7 @@ spec: - name: MODE value: "PrepareData" - name: MAX_PARALLEL_JOBS - value: "{{ .Values.assetPreparer.maxParallelJobs }}" + value: "{{ .Values.assetPreparer.settings.maxParallelJobs }}" - name: S3Settings__Url value: {{ required "A valid .Values.dgctlStorage.host entry required" $.Values.dgctlStorage.host }} - name: S3Settings__Secure @@ -77,21 +77,21 @@ spec: value: "{{ .Values.elastic.indexPrefix }}" - name: API_URL value: http://{{ include "pro-api.name" . }} - {{ if .Values.auth.apiKey }} + {{ if .Values.api.settings.auth.apiKey }} - name: API_TOKEN valueFrom: secretKeyRef: key: apiKey name: {{ include "pro-api.name" . }}-secret {{ end }} - {{ if .Values.assetPreparer.files }} + {{ if .Values.assetPreparer.settings.files }} - name: FILES - value: "{{ .Values.assetPreparer.files}}" + value: "{{ .Values.assetPreparer.settings.files}}" {{ end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Digger__Address value: "{{ .Values.digger.url}}" - name: Digger__UserName diff --git a/charts/pro-api/templates/deployment.yaml b/charts/pro-api/templates/deployment.yaml index e6582ad47..de7ff3b9f 100644 --- a/charts/pro-api/templates/deployment.yaml +++ b/charts/pro-api/templates/deployment.yaml @@ -2,21 +2,21 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "pro-api.name" . }} - {{- with .Values.annotations }} + {{- with .Values.api.pod.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "pro-api.labels" . | nindent 4 }} - {{- with .Values.labels }} + {{- with .Values.api.pod.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - replicas: {{ .Values.replicaCount }} - revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} - {{- if .Values.strategy }} + replicas: {{ .Values.api.pod.replicaCount }} + revisionHistoryLimit: {{ .Values.api.pod.revisionHistoryLimit }} + {{- if .Values.api.pod.strategy }} strategy: - {{- toYaml .Values.strategy | nindent 4 }} + {{- toYaml .Values.api.pod.strategy | nindent 4 }} {{- end }} selector: matchLabels: @@ -25,47 +25,47 @@ spec: metadata: annotations: checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} + {{- with .Values.api.pod.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "pro-api.labels" . | nindent 8 }} - {{- with .Values.podLabels }} + {{- with .Values.api.pod.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.imagePullSecrets }} + {{- with .Values.api.pod.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.affinity }} + {{- with .Values.api.pod.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.nodeSelector }} + {{- with .Values.api.pod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} + {{- with .Values.api.pod.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.priorityClassName }} - priorityClassName: {{ .Values.priorityClassName }} + {{- if .Values.api.pod.priorityClassName }} + priorityClassName: {{ .Values.api.pod.priorityClassName }} {{- end }} - {{- with .Values.podSecurityContext }} + {{- with .Values.api.pod.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} - terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.api.pod.terminationGracePeriodSeconds }} serviceAccountName: {{ include "pro-api.service-account-name" . }} volumes: - name: temp-volume emptyDir: {} containers: - name: {{ include "pro-api.name" . }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.image.repository }}:{{ .Values.image.tag }} - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }} + imagePullPolicy: {{ .Values.api.image.pullPolicy }} ports: - name: http containerPort: 8080 @@ -74,7 +74,7 @@ spec: containerPort: 8090 protocol: TCP volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume livenessProbe: httpGet: @@ -103,26 +103,26 @@ spec: periodSeconds: 5 timeoutSeconds: 5 resources: - {{- toYaml .Values.resources | nindent 12 }} + {{- toYaml .Values.api.pod.resources | nindent 12 }} lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 5"] env: - name: DEBUG - value: "{{ .Values.api.debug }}" + value: "{{ .Values.api.settings.debug }}" - name: Import__EnableUserAssetsImporter - value: "{{ .Values.backgroundJobs.enableUserAssetsImporter }}" + value: "{{ .Values.api.settings.enableUserAssetsImporter }}" - name: Import__EnableAssetsStreaming - value: "{{ .Values.backgroundJobs.enableAssetsStreaming }}" + value: "{{ .Values.api.settings.enableAssetsStreaming }}" - name: Import__AssetImporterJobName value: {{ include "pro-api.asset-importer-name" . }} - name: Import__ExternalLinksProxyUrl - value: "{{ .Values.assetImporter.externalLinksProxyUrl }}" + value: "{{ .Values.assetImporter.settings.externalLinksProxyUrl }}" - name: Import__ExternalLinksAllowedHosts - value: "{{ .Values.assetImporter.externalLinksAllowedHosts }}" + value: "{{ .Values.assetImporter.settings.externalLinksAllowedHosts }}" - name: TEMP_PATH - value: "{{ .Values.api.tempPath }}" + value: "{{ .Values.api.settings.tempPath }}" - name: CATALOG_API_2GIS_URL value: "{{ .Values.catalog.url }}" - name: CATALOG_API_2GIS_KEY @@ -151,13 +151,13 @@ spec: name: {{ include "pro-api.name" . }}-secret {{ end }} - name: LOG_ES_QUERIES - value: "{{ .Values.api.logEsQueries }}" + value: "{{ .Values.api.settings.logEsQueries }}" - name: ALLOW_ANY_ORIGIN - value: "{{ .Values.api.allowAnyOrigin }}" + value: "{{ .Values.api.settings.allowAnyOrigin }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: Common__FilterByZoneCodes - value: "{{ .Values.api.filterByZoneCodes }}" + value: "{{ .Values.api.settings.filterByZoneCodes }}" - name: DB_CONNECTION_STRING value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} {{ if .Values.postgres.connectionStringReadonly }} @@ -227,18 +227,18 @@ spec: - name: Kafka__EventsTopicSettings__ReaderGroupId value: {{ required "A valid .Values.kafka.eventsTopic.readerGroupId entry required" $.Values.kafka.eventsTopic.readerGroupId }} - name: Auth__Type - value: "{{ .Values.auth.type }}" + value: "{{ .Values.api.settings.auth.type }}" - name: Auth__Url - value: "{{ .Values.auth.url }}" + value: "{{ .Values.api.settings.auth.url }}" - name: Auth__UserInfoEndpoint - value: "{{ .Values.auth.userInfoEndpoint }}" + value: "{{ .Values.api.settings.auth.userInfoEndpoint }}" - name: Auth__WellKnownConfigEndpoint - value: "{{ .Values.auth.wellKnownConfigEndpoint }}" + value: "{{ .Values.api.settings.auth.wellKnownConfigEndpoint }}" - name: Auth__AutoRegisterUsers - value: "{{ .Values.auth.autoRegisterUsers }}" + value: "{{ .Values.api.settings.auth.autoRegisterUsers }}" - name: Auth__TurnOffCertValidation - value: "{{ .Values.auth.turnOffCertValidation }}" - {{ if .Values.auth.apiKey }} + value: "{{ .Values.api.settings.auth.turnOffCertValidation }}" + {{ if .Values.api.settings.auth.apiKey }} - name: Auth__ApiKey valueFrom: secretKeyRef: @@ -247,19 +247,19 @@ spec: {{ end }} - name: Auth__PermissionsApiUrl value: {{ include "pro-api.permissions-url" . }} - {{ if .Values.auth.permissionsApiKey }} + {{ if .Values.api.settings.auth.permissionsApiKey }} - name: Auth__PermissionsApiKey valueFrom: secretKeyRef: key: permissionsApiKey name: {{ include "pro-api.name" . }}-secret {{ end }} - {{- range $i, $s := .Values.auth.shareKeys }} + {{- range $i, $s := .Values.api.settings.auth.shareKeys }} - name: Auth__ShareKeys__{{$i}} value: "{{ $s }}" {{- end }} - name: License__Key - value: {{ required "A valid .Values.licenseKey entry required" $.Values.licenseKey }} + value: {{ required "A valid .Values.api.settings.licenseKey entry required" $.Values.api.settings.licenseKey }} - name: KEYS_SERVICE_URL value: "{{ .Values.keys.url }}" {{ if .Values.keys.token }} @@ -285,22 +285,22 @@ spec: name: {{ include "pro-api.name" . }}-secret {{ end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Common__EsDataCentersCount - value: "{{ .Values.api.esDataCentersCount }}" + value: "{{ .Values.api.settings.esDataCentersCount }}" - name: RateLimiter__RequestsLimit - value: "{{ .Values.api.rateLimiter.requestsLimit }}" + value: "{{ .Values.api.settings.rateLimiter.requestsLimit }}" - name: RateLimiter__WindowSizeInSeconds - value: "{{ .Values.api.rateLimiter.windowSizeInSeconds }}" + value: "{{ .Values.api.settings.rateLimiter.windowSizeInSeconds }}" - name: LocalCache__Enabled - value: "{{ .Values.api.localCache.enabled }}" + value: "{{ .Values.api.settings.localCache.enabled }}" - name: LocalCache__TrackStatistics - value: "{{ .Values.api.localCache.trackStatistics }}" + value: "{{ .Values.api.settings.localCache.trackStatistics }}" - name: LicensingService__BaseUri value: {{ required "A valid .Values.license.url entry required" $.Values.license.url }} - {{- range $i, $s := .Values.api.openApi.servers }} + {{- range $i, $s := .Values.api.settings.openApi.servers }} - name: OpenApi__Servers__{{$i}} value: "{{ $s }}" {{- end }} diff --git a/charts/pro-api/templates/ingress.yaml b/charts/pro-api/templates/ingress.yaml index 3ac61c435..0f552bff4 100644 --- a/charts/pro-api/templates/ingress.yaml +++ b/charts/pro-api/templates/ingress.yaml @@ -1,21 +1,21 @@ -{{- if .Values.ingress.enabled -}} +{{- if .Values.api.ingress.enabled -}} {{- $fullName := include "pro-api.name" . -}} -{{- $svcPort := .Values.service.port -}} +{{- $svcPort := .Values.api.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: {{- include "pro-api.labels" . | nindent 4 }} - {{- with .Values.ingress.annotations }} + {{- with .Values.api.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - ingressClassName: {{ .Values.ingress.className }} - {{- if .Values.ingress.tls }} + ingressClassName: {{ .Values.api.ingress.className }} + {{- if .Values.api.ingress.tls }} tls: - {{- range .Values.ingress.tls }} + {{- range .Values.api.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -24,7 +24,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.ingress.hosts }} + {{- range .Values.api.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/charts/pro-api/templates/permission-api-service.yaml b/charts/pro-api/templates/permission-api-service.yaml index f4c6f3692..e8f4dda4e 100644 --- a/charts/pro-api/templates/permission-api-service.yaml +++ b/charts/pro-api/templates/permission-api-service.yaml @@ -1,21 +1,21 @@ -{{ if .Values.permissionsApi.enabled }} +{{ if .Values.permissions.settings.enabled }} apiVersion: v1 kind: Service metadata: name: {{ include "pro-api.permissions-name" . }} - {{- if .Values.permissionApiService.annotations }} + {{- if .Values.permissions.service.annotations }} annotations: - {{- toYaml .Values.permissionApiService.annotations | nindent 4 }} + {{- toYaml .Values.permissions.service.annotations | nindent 4 }} {{- end }} labels: {{- include "pro-api.permissionLabels" . | nindent 4 }} - {{- if .Values.permissionApiService.labels }} - {{- toYaml .Values.permissionApiService.labels | nindent 4 }} + {{- if .Values.permissions.service.labels }} + {{- toYaml .Values.permissions.service.labels | nindent 4 }} {{- end }} spec: - type: {{ .Values.permissionApiService.type }} + type: {{ .Values.permissions.service.type }} ports: - - port: {{ .Values.permissionApiService.port }} + - port: {{ .Values.permissions.service.port }} targetPort: http protocol: TCP name: http diff --git a/charts/pro-api/templates/permissions-api-deployment.yaml b/charts/pro-api/templates/permissions-api-deployment.yaml index b8b743827..c0136b7f0 100644 --- a/charts/pro-api/templates/permissions-api-deployment.yaml +++ b/charts/pro-api/templates/permissions-api-deployment.yaml @@ -1,20 +1,20 @@ -{{ if .Values.permissionsApi.enabled }} +{{ if .Values.permissions.settings.enabled }} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "pro-api.permissions-name" . }} - {{- with .Values.permissionsPodSettings.annotations }} + {{- with .Values.permissions.pod.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} labels: {{- include "pro-api.permissionLabels" . | nindent 4 }} - {{- with .Values.permissionsPodSettings.labels }} + {{- with .Values.permissions.pod.labels }} {{- toYaml . | nindent 4 }} {{- end }} spec: - replicas: {{ .Values.permissionsPodSettings.replicaCount }} - revisionHistoryLimit: {{ .Values.permissionsPodSettings.revisionHistoryLimit }} + replicas: {{ .Values.permissions.pod.replicaCount }} + revisionHistoryLimit: {{ .Values.permissions.pod.revisionHistoryLimit }} selector: matchLabels: {{- include "pro-api.permissionsSelectorLabels" . | nindent 6 }} @@ -22,46 +22,46 @@ spec: metadata: annotations: checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }} - {{- with .Values.permissionsPodSettings.podAnnotations }} + {{- with .Values.permissions.pod.podAnnotations }} {{- toYaml . | nindent 8 }} {{- end }} labels: {{- include "pro-api.permissionLabels" . | nindent 8 }} - {{- with .Values.permissionsPodSettings.podLabels }} + {{- with .Values.permissions.pod.podLabels }} {{- toYaml . | nindent 8 }} {{- end }} spec: - {{- with .Values.permissionsPodSettings.imagePullSecrets }} + {{- with .Values.permissions.pod.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.permissionsPodSettings.affinity }} + {{- with .Values.permissions.pod.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.permissionsPodSettings.nodeSelector }} + {{- with .Values.permissions.pod.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.permissionsPodSettings.tolerations }} + {{- with .Values.permissions.pod.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} - {{- if .Values.permissionsPodSettings.priorityClassName }} - priorityClassName: {{ .Values.permissionsPodSettings.priorityClassName }} + {{- if .Values.permissions.pod.priorityClassName }} + priorityClassName: {{ .Values.permissions.pod.priorityClassName }} {{- end }} - {{- with .Values.permissionsPodSettings.podSecurityContext }} + {{- with .Values.permissions.pod.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} - terminationGracePeriodSeconds: {{ .Values.permissionsPodSettings.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.permissions.pod.terminationGracePeriodSeconds }} volumes: - name: temp-volume emptyDir: {} containers: - name: {{ include "pro-api.permissions-name" . }} - image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.permissionsApiImage.repository }}:{{ .Values.permissionsApiImage.tag }} - imagePullPolicy: {{ .Values.permissionsApiImage.pullPolicy }} + image: {{ required "A valid .Values.dgctlDockerRegistry entry required" $.Values.dgctlDockerRegistry }}/{{ .Values.permissions.image.repository }}:{{ .Values.permissions.image.tag }} + imagePullPolicy: {{ .Values.permissions.image.pullPolicy }} ports: - name: http containerPort: 8081 @@ -70,7 +70,7 @@ spec: containerPort: 8091 protocol: TCP volumeMounts: - - mountPath: "{{ .Values.api.tempPath }}" + - mountPath: "{{ .Values.api.settings.tempPath }}" name: temp-volume livenessProbe: httpGet: @@ -100,18 +100,18 @@ spec: successThreshold: 1 timeoutSeconds: 5 resources: - {{- toYaml .Values.permissionsPodSettings.resources | nindent 12 }} + {{- toYaml .Values.permissions.pod.resources | nindent 12 }} lifecycle: preStop: exec: command: ["/bin/sh", "-c", "sleep 5"] env: - name: DEBUG - value: "{{ .Values.api.debug }}" + value: "{{ .Values.api.settings.debug }}" - name: ALLOW_ANY_ORIGIN - value: "{{ .Values.api.allowAnyOrigin }}" + value: "{{ .Values.api.settings.allowAnyOrigin }}" - name: ENV - value: "{{ .Values.api.env }}" + value: "{{ .Values.api.settings.env }}" - name: DB_CONNECTION_STRING value: {{ required "A valid .Values.postgres.connectionString entry required" $.Values.postgres.connectionString }} - name: DB_CONNECTION_STRING_READONLY @@ -129,8 +129,8 @@ spec: key: apiKey name: {{ include "pro-api.name" . }}-secret - name: Auth__Type - value: {{ required "A valid .Values.auth.type entry required" $.Values.auth.type }} - {{ if .Values.auth.permissionsApiKey }} + value: {{ required "A valid .Values.api.settings.auth.type entry required" $.Values.api.settings.auth.type }} + {{ if .Values.api.settings.auth.permissionsApiKey }} - name: Auth__PermissionsApiKey valueFrom: secretKeyRef: @@ -162,9 +162,9 @@ spec: name: {{ include "pro-api.name" . }}-secret {{ end }} - name: Common__Logging__Format - value: "{{ .Values.api.logging.format }}" + value: "{{ .Values.api.settings.logging.format }}" - name: Common__Logging__Targets - value: "{{ .Values.api.logging.targets }}" + value: "{{ .Values.api.settings.logging.targets }}" - name: Kafka__BootstrapServers value: {{ $.Values.kafka.bootstrapServers }} - name: Kafka__SecurityProtocol @@ -187,7 +187,7 @@ spec: - name: Kafka__EventsTopicSettings__Name value: {{ required "A valid .Values.kafka.eventsTopic.name entry required" $.Values.kafka.eventsTopic.name }} - name: LocalCache__Enabled - value: "{{ .Values.permissionsApi.localCache.enabled }}" + value: "{{ .Values.permissions.settings.localCache.enabled }}" - name: LocalCache__TrackStatistics - value: "{{ .Values.permissionsApi.localCache.trackStatistics }}" + value: "{{ .Values.permissions.settings.localCache.trackStatistics }}" {{- end }} diff --git a/charts/pro-api/templates/permissions-api-ingress.yaml b/charts/pro-api/templates/permissions-api-ingress.yaml index cfd6e1061..4173a915e 100644 --- a/charts/pro-api/templates/permissions-api-ingress.yaml +++ b/charts/pro-api/templates/permissions-api-ingress.yaml @@ -1,21 +1,21 @@ -{{- if and (.Values.permissionsApiIngress.enabled) (.Values.permissionsApi.enabled) }} +{{- if and (.Values.permissions.ingress.enabled) (.Values.permissions.settings.enabled) }} {{- $fullName := include "pro-api.permissions-name" . -}} - {{- $svcPort := .Values.permissionApiService.port -}} + {{- $svcPort := .Values.permissions.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: {{- include "pro-api.permissionLabels" . | nindent 4 }} - {{- with .Values.permissionsApiIngress.annotations }} + {{- with .Values.permissions.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} {{- end }} spec: - ingressClassName: {{ .Values.permissionsApiIngress.className }} - {{- if .Values.permissionsApiIngress.tls }} + ingressClassName: {{ .Values.permissions.ingress.className }} + {{- if .Values.permissions.ingress.tls }} tls: - {{- range .Values.permissionsApiIngress.tls }} + {{- range .Values.permissions.ingress.tls }} - hosts: {{- range .hosts }} - {{ . | quote }} @@ -24,7 +24,7 @@ spec: {{- end }} {{- end }} rules: - {{- range .Values.permissionsApiIngress.hosts }} + {{- range .Values.permissions.ingress.hosts }} - host: {{ .host | quote }} http: paths: diff --git a/charts/pro-api/templates/secrets.yaml b/charts/pro-api/templates/secrets.yaml index a0c5d11cf..9092ceef5 100644 --- a/charts/pro-api/templates/secrets.yaml +++ b/charts/pro-api/templates/secrets.yaml @@ -12,8 +12,8 @@ data: {{ if .Values.digger.password }} diggerPassword: {{ .Values.digger.password | b64enc }} {{ end }} - {{ if .Values.auth.permissionsApiKey }} - permissionsApiKey: {{ required "Valid .Values.auth.permissionsApiKey required!" .Values.auth.permissionsApiKey | b64enc }} + {{ if .Values.api.settings.auth.permissionsApiKey }} + permissionsApiKey: {{ required "Valid .Values.api.settings.auth.permissionsApiKey required!" .Values.api.settings.auth.permissionsApiKey | b64enc }} {{ end }} {{ if .Values.elastic.credentials }} esCredentials: {{ .Values.elastic.credentials | b64enc }} @@ -21,8 +21,8 @@ data: {{ if .Values.keys.token }} keysServiceToken: {{ .Values.keys.token | b64enc }} {{ end }} - {{ if .Values.auth.apiKey }} - apiKey: {{ .Values.auth.apiKey | b64enc }} + {{ if .Values.api.settings.auth.apiKey }} + apiKey: {{ .Values.api.settings.auth.apiKey | b64enc }} {{ end }} {{ if .Values.kafka.sasl.password }} kafkaSaslPassword: {{ .Values.kafka.sasl.password | b64enc }} diff --git a/charts/pro-api/templates/service-account.yaml b/charts/pro-api/templates/service-account.yaml index 7586bbd27..b164b55ea 100644 --- a/charts/pro-api/templates/service-account.yaml +++ b/charts/pro-api/templates/service-account.yaml @@ -1,4 +1,4 @@ -{{- if empty .Values.api.serviceAccountOverride }} +{{- if empty .Values.api.service.serviceAccountOverride }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/pro-api/templates/service.yaml b/charts/pro-api/templates/service.yaml index 417928294..f314753f4 100644 --- a/charts/pro-api/templates/service.yaml +++ b/charts/pro-api/templates/service.yaml @@ -4,19 +4,19 @@ apiVersion: v1 kind: Service metadata: name: {{ include "pro-api.name" . }} - {{- if .Values.service.annotations }} + {{- if .Values.api.service.annotations }} annotations: - {{- toYaml .Values.service.annotations | nindent 4 }} + {{- toYaml .Values.api.service.annotations | nindent 4 }} {{- end }} labels: {{- include "pro-api.labels" . | nindent 4 }} - {{- if .Values.service.labels }} - {{- toYaml .Values.service.labels | nindent 4 }} + {{- if .Values.api.service.labels }} + {{- toYaml .Values.api.service.labels | nindent 4 }} {{- end }} spec: - type: {{ .Values.service.type }} + type: {{ .Values.api.service.type }} ports: - - port: {{ .Values.service.port }} + - port: {{ .Values.api.service.port }} targetPort: http protocol: TCP name: http diff --git a/charts/pro-api/templates/vpa.yaml b/charts/pro-api/templates/vpa.yaml index 347495d59..6eb8deb95 100644 --- a/charts/pro-api/templates/vpa.yaml +++ b/charts/pro-api/templates/vpa.yaml @@ -1,4 +1,4 @@ -{{- if .Values.vpa.enabled }} +{{- if .Values.api.vpa.enabled }} --- apiVersion: autoscaling.k8s.io/v1 @@ -13,17 +13,17 @@ spec: kind: Deployment name: {{ include "pro-api.name" . }} updatePolicy: - updateMode: {{ .Values.vpa.updateMode }} + updateMode: {{ .Values.api.vpa.updateMode }} resourcePolicy: containerPolicies: - containerName: {{ .Chart.Name }} controlledValues: RequestsOnly mode: Auto - {{- with .Values.vpa.minAllowed }} + {{- with .Values.api.vpa.minAllowed }} minAllowed: {{- toYaml . | nindent 10 }} {{- end }} - {{- with .Values.vpa.maxAllowed }} + {{- with .Values.api.vpa.maxAllowed }} maxAllowed: {{- toYaml . | nindent 10 }} {{- end }} diff --git a/charts/pro-api/values.yaml b/charts/pro-api/values.yaml index 80f5aecac..7d8c61e7b 100644 --- a/charts/pro-api/values.yaml +++ b/charts/pro-api/values.yaml @@ -1,45 +1,334 @@ +# @section Geo API configuration & settings + +# @extra Image settings +# @param api.image.repository Repository +# @param api.image.tag Tag +# @param api.image.pullPolicy Pull Policy +# @extra Ingress settings +# @param api.ingress.enabled If Ingress is enabled for the service. +# @param api.ingress.className Name of the Ingress controller class. +# @param api.ingress.hosts[0].host Hostname for the Ingress service. +# @param api.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. +# @param api.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. +# @param api.ingress.tls TLS configuration +# @extra Pod settings +# @param api.pod.appName Name of the service. +# @param api.pod.replicaCount A replica count for the pod. +# @param api.pod.imagePullSecrets Kubernetes image pull secrets. +# @param api.pod.nameOverride Base name to use in all the Kubernetes entities deployed by this chart. +# @param api.pod.fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. +# @param api.pod.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @param api.pod.affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). +# @param api.pod.priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). +# @param api.pod.terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds +# @param api.pod.tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. +# @param api.pod.podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param api.pod.podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param api.pod.annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). +# @param api.pod.labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param api.pod.revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). +# @extra api.pod.resources **Limits for the application service** +# @param api.pod.resources.requests.cpu A CPU request. +# @param api.pod.resources.requests.memory A memory request. +# @param api.pod.resources.limits.cpu A CPU limit. +# @param api.pod.resources.limits.memory A memory limit. +# @param api.pod.strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. +# @param api.pod.strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). +# @param api.pod.strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. +# @extra VPA settings [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) +# @param api.vpa.enabled If VPA is enabled for the service. +# @param api.vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). +# @param api.vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. +# @param api.vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. +# @param api.vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. +# @param api.vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. +# @extra Service settings +# @param api.service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) +# @param api.service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). +# @param api.service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). +# @param api.service.port PRO API service port. +# @param api.service.serviceAccount Kubernetes service account +# @param api.service.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. +# @extra Geo API settings +# @param api.settings.licenseKey License key. **Required** +# @param api.settings.tempPath Path to directory used for temp data +# @param api.settings.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service +# @skip api.settings.logEsQueries +# @skip api.settings.debug +# @skip api.settings.env +# @skip api.settings.filterByZoneCodes +# @skip api.settings.esDataCentersCount +# @extra api.settings.logging Logging settings +# @param api.settings.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text +# @param api.settings.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). +# @extra api.settings.rateLimiter rate limiter settings +# @param api.settings.rateLimiter.requestsLimit max number of requests from one user during time window (0 means rate limiter is disabled) +# @param api.settings.rateLimiter.windowSizeInSeconds the size of time windows to count and limit incoming requests +# @skip api.settings.localCache.enabled +# @skip api.settings.localCache.trackStatistics +# @skip api.settings.openApi.servers +# @param api.settings.enableUserAssetsImporter If user data importer job is enabled for the service. +# @param api.settings.enableAssetsStreaming If the streaming data processing job is enabled for the service. +# @param api.settings.auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol +# @param api.settings.auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` +# @param api.settings.auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` +# @param api.settings.auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` +# @param api.settings.auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` +# @param api.settings.auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` +# @skip api.settings.auth.autoRegisterUsers +# @param api.settings.auth.turnOffCertValidation Turn off certificate validation for auth.url +# @param api.settings.auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` + +api: + image: + repository: 2gis-on-premise/pro-api + tag: 1.35.0 + pullPolicy: IfNotPresent + ingress: + enabled: false + className: nginx + hosts: + - host: pro-api.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - hosts: + # - pro-api.example.com + # secretName: secret.tls + pod: + appName: pro-api + replicaCount: 2 + imagePullSecrets: [] + nameOverride: '' + fullnameOverride: '' + nodeSelector: {} + affinity: {} + priorityClassName: '' + terminationGracePeriodSeconds: 300 + tolerations: [] + podAnnotations: {} + podLabels: {} + annotations: {} + labels: {} + revisionHistoryLimit: 3 + resources: + requests: + cpu: 400m + memory: 256M + limits: + cpu: 1 + memory: 1024M + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 + vpa: + enabled: false + updateMode: Auto + minAllowed: + cpu: 400m + memory: 256M + maxAllowed: + cpu: 1 + memory: 1024M + service: + annotations: {} + labels: {} + type: ClusterIP + port: 80 + serviceAccount: runner + serviceAccountOverride: '' + settings: + licenseKey: '' + tempPath: /tmp + allowAnyOrigin: false + logEsQueries: false + debug: false + env: '' + filterByZoneCodes: false + esDataCentersCount: 1 + logging: + format: simple + targets: '' + rateLimiter: + requestsLimit: 1024 + windowSizeInSeconds: 1 + localCache: + enabled: true + trackStatistics: false + openApi: + servers: [] + enableUserAssetsImporter: true + enableAssetsStreaming: false + auth: + type: none + url: '' + userInfoEndpoint: '' + wellKnownConfigEndpoint: '' + apiKey: '' + permissionsApiKey: '' + autoRegisterUsers: true + turnOffCertValidation: false + shareKeys: [] + + +# @section Permissions API configuration & settings + +# @skip permissions.image +# @extra Ingress settings +# @param permissions.ingress.enabled If Ingress is enabled for the service. +# @param permissions.ingress.className Name of the Ingress controller class. +# @param permissions.ingress.hosts[0].host Hostname for the Ingress service. +# @param permissions.ingress.hosts[0].paths[0].path Path of the host for the Ingress service. +# @param permissions.ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. +# @param permissions.ingress.tls TLS configuration +# @skip permissions.pod +# @skip permissions.service +# @extra Permissions API settings +# @skip permissions.settings.host +# @param permissions.settings.enabled If permissionsApi is enabled for the service. +# @skip permissions.settings.localCache.enabled +# @skip permissions.settings.localCache.trackStatistics + +permissions: + image: + repository: 2gis-on-premise/pro-permissions-api + tag: 1.35.0 + pullPolicy: IfNotPresent + ingress: + enabled: false + className: nginx + hosts: + - host: pro-permissions-api.example.com + paths: + - path: / + pathType: Prefix + tls: [] + # - hosts: + # - pro-permissions-api.example.com + # secretName: secret.tls + pod: + replicaCount: 1 + imagePullSecrets: [] + nodeSelector: {} + affinity: {} + priorityClassName: '' + terminationGracePeriodSeconds: 60 + tolerations: [] + podAnnotations: {} + podLabels: {} + annotations: {} + labels: {} + revisionHistoryLimit: 3 + resources: + requests: + cpu: 300m + memory: 256M + limits: + cpu: 1 + memory: 1G + service: + annotations: {} + labels: {} + type: ClusterIP + port: 80 + settings: + host: '' + enabled: false + localCache: + enabled: true + trackStatistics: false + + +# @section asset importer settings + +# @param assetImporter.appName Data Import job name. +# @param assetImporter.repository Docker Repository Image. +# @param assetImporter.tag Docker image tag. +# @param assetImporter.schedule Import job schedule. +# @param assetImporter.backoffLimit The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. +# @param assetImporter.successfulJobsHistoryLimit How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). +# @param assetImporter.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). +# @extra assetImporter.resources **Limits for the import job** +# @param assetImporter.resources.requests.cpu A CPU request. +# @param assetImporter.resources.requests.memory A memory request. +# @param assetImporter.resources.limits.cpu A CPU limit. +# @param assetImporter.resources.limits.memory A memory limit. +# @param assetImporter.enabled If assetImporter is enabled for the service. +# @skip assetImporter.suspended +# @param assetImporter.startOnDeploy Indicates that asset import should start when service installed or updated +# @param assetImporter.startOnDeployMode Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. +# @extra Asset importer settings +# @param assetImporter.settings.maxParallelJobs How many import jobs can be run simultaneously +# @skip assetImporter.settings.files +# @param assetImporter.settings.imageProxyUrl URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) +# @param assetImporter.settings.externalLinksProxyUrl URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) +# @param assetImporter.settings.externalLinksAllowedHosts Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) +# @skip assetImporter.settings.esMetricsEnabled + +assetImporter: + appName: asset-importer + repository: 2gis-on-premise/pro-importer + tag: 1.35.0 + schedule: 0 18 * * * + backoffLimit: 2 + successfulJobsHistoryLimit: 3 + nodeSelector: {} + resources: + requests: + cpu: 700m + memory: 768M + limits: + cpu: 1000m + memory: 8Gi + enabled: true + suspended: false + startOnDeploy: true + startOnDeployMode: ScheduleManifest + settings: + maxParallelJobs: 1 + files: '' + imageProxyUrl: '' + externalLinksProxyUrl: '' + externalLinksAllowedHosts: '' + esMetricsEnabled: false + + +# @section asset preparer settings + +# @skip assetPreparer + +assetPreparer: + appName: asset-preparer + repository: 2gis-on-premise/pro-importer + tag: 1.35.0 + schedule: 0 16 * * 6 + backoffLimit: 2 + successfulJobsHistoryLimit: 1 + nodeSelector: {} + resources: + requests: + cpu: 300m + memory: 256M + limits: + cpu: 500m + memory: 512M + enabled: true + settings: + maxParallelJobs: 1 + + +# @section common infrastructure settings + + # @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. dgctlDockerRegistry: '' -# @section Common settings - -# @param appName Name of the service. -# @param licenseKey License key. **Required** -# @param replicaCount A replica count for the pod. -# @param imagePullSecrets Kubernetes image pull secrets. -# @param nameOverride Base name to use in all the Kubernetes entities deployed by this chart. -# @param fullnameOverride Base fullname to use in all the Kubernetes entities deployed by this chart. -# @param nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). -# @param affinity Kubernetes pod [affinity settings](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity). -# @param priorityClassName Kubernetes [pod priority](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/). -# @param terminationGracePeriodSeconds Kubernetes [termination grace period](https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/). Should be at least 300 seconds -# @param tolerations Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings. -# @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). -# @param labels Kubernetes [labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param revisionHistoryLimit Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). - -appName: pro-api -licenseKey: '' -replicaCount: 2 -imagePullSecrets: [] -nameOverride: '' -fullnameOverride: '' -nodeSelector: {} -affinity: {} -priorityClassName: '' -terminationGracePeriodSeconds: 300 -tolerations: [] -podAnnotations: {} -podLabels: {} -annotations: {} -labels: {} -revisionHistoryLimit: 3 - # @section Deployment Artifacts Storage settings # @param dgctlStorage.host S3 endpoint. Format: `host:port`. **Required** @@ -61,75 +350,6 @@ dgctlStorage: region: '' disablePayloadSigning: false -# @section Strategy settings - -# @param strategy.type Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. -# @param strategy.rollingUpdate.maxUnavailable Maximum number of pods that can be created over the desired number of pods when doing [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment). -# @param strategy.rollingUpdate.maxSurge Maximum number of pods that can be unavailable during the [rolling update](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#rolling-update-deployment) process. - -strategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 0 - maxSurge: 1 - -# @section Service settings - -# @param service.annotations Kubernetes [service annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) -# @param service.labels Kubernetes [service labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/). -# @param service.type Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). -# @param service.port PRO API service port. - -service: - annotations: {} - labels: {} - type: ClusterIP - port: 80 - -# @skip permissionApiService - -permissionApiService: - annotations: {} - labels: {} - type: ClusterIP - port: 80 - -# @section Kubernetes [Vertical Pod Autoscaling](https://github.com/kubernetes/autoscaler/blob/master/vertical-pod-autoscaler/README.md) settings - -# @param vpa.enabled If VPA is enabled for the service. -# @param vpa.updateMode VPA [update mode](https://github.com/kubernetes/autoscaler/tree/master/vertical-pod-autoscaler#quick-start). -# @param vpa.minAllowed.cpu Lower limit for the number of CPUs to which the autoscaler can scale down. -# @param vpa.minAllowed.memory Lower limit for the RAM size to which the autoscaler can scale down. -# @param vpa.maxAllowed.cpu Upper limit for the number of CPUs to which the autoscaler can scale up. -# @param vpa.maxAllowed.memory Upper limit for the RAM size to which the autoscaler can scale up. - -vpa: - enabled: false - updateMode: Auto - minAllowed: - cpu: 400m - memory: 256M - maxAllowed: - cpu: 1 - memory: 1024M - -# @section Deployment settings - -# @param image.repository Repository -# @param image.tag Tag -# @param image.pullPolicy Pull Policy - -image: - repository: 2gis-on-premise/pro-api - tag: 1.35.0 - pullPolicy: IfNotPresent - -# @skip permissionsApiImage - -permissionsApiImage: - repository: 2gis-on-premise/pro-permissions-api - tag: 1.35.0 - pullPolicy: IfNotPresent # @section 2GIS PRO Storage configuration @@ -146,81 +366,6 @@ s3: snapshotBucket: '' resourcesBucket: '' -# @section 2GIS PRO API configuration - -# @param api.serviceAccount Kubernetes service account -# @param api.serviceAccountOverride The name of an existing custom service account. If specified, the services in the chart will use this existing service account. If not specified, a new service account will be created and used with the name from the variable `api.serviceAccount`. -# @param api.tempPath Path to directory used for temp data -# @param api.allowAnyOrigin Cors policy: allow any origin to perform requests to pro-api service -# @extra api.logging Logging settings -# @param api.logging.format Log message format, possible options: 'default' - compact json, 'renderedCompactJson' - rendered json format, 'simple' - plain text -# @param api.logging.targets Collection of logging targets divided by comma. Currently only 'console' and 'database' are supported. Console is used by default (no need to specify). -# @extra api.rateLimiter rate limiter settings -# @param api.rateLimiter.requestsLimit max number of requests from one user during time window (0 means rate limiter is disabled) -# @param api.rateLimiter.windowSizeInSeconds the size of time windows to count and limit incoming requests -# @skip api.logEsQueries -# @skip api.debug -# @skip api.env -# @skip api.token -# @skip api.filterByZoneCodes -# @skip api.esDataCentersCount -# @skip Local cache settings -# @skip api.localCache.enabled -# @skip api.localCache.trackStatistics -# @skip Open API settings -# @skip api.openApi.servers - -api: - serviceAccount: runner - serviceAccountOverride: '' - tempPath: /tmp - allowAnyOrigin: false - logEsQueries: false - debug: false - env: '' - filterByZoneCodes: false - esDataCentersCount: 1 - logging: - format: simple - targets: '' - rateLimiter: - requestsLimit: 1024 - windowSizeInSeconds: 1 - localCache: - enabled: true - trackStatistics: false - openApi: - servers: [] - -# @section Auth configuration - -# @param auth.type Authentication type: 'none' - disabled, 'openid10' - [OpenId 1.0 / OAuth 2.0 authentication protocol](https://openid.net/specs/openid-connect-core-1_0.html), 'urbi' - urbi authentication protocol -# @param auth.url API URL of authentication service. Example: `http(s)://keycloak.ingress.host` -# @param auth.userInfoEndpoint The [UserInfo endpoint](https://openid.net/specs/openid-connect-core-1_0.html#UserInfo). Example: `realms/URBI_Pro/protocol/openid-connect/userinfo` -# @param auth.wellKnownConfigEndpoint The [Well-Known Config endpoint](https://openid.net/specs/openid-connect-discovery-1_0.html). Example: `realms/URBI_Pro/.well-known/openid-configuration` -# @param auth.apiKey Secret API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `4230b288-301e-4ec6-82c6-db6a8a72c2af` -# @param auth.permissionsApiKey Secret Permissions API Key to perform authorized service actions, random string. Must be set if type not 'none'. Example: `c7d74870-ec28-4543-b408-b49bfed84399` -# @param auth.turnOffCertValidation Turn off certificate validation for auth.url -# @param auth.shareKeys Secret keys for creating and validating shared links. Must contain at least 32 characters. All keys are used for validation. The last one is used for creation. Example: `m7nShlX1a8+IqE9ZcDqRCVjlhEud850ucT0av9bS+tcMTwIwUOUqpNikM+G8teDR` -# @skip auth.autoRegisterUsers - -auth: - type: none - url: '' - userInfoEndpoint: '' - wellKnownConfigEndpoint: '' - apiKey: '' - permissionsApiKey: '' - autoRegisterUsers: true - turnOffCertValidation: false - shareKeys: [] - -# @skip digger - -digger: - url: '' - userName: '' - password: '' # @section PostgreSQL settings @@ -233,41 +378,9 @@ postgres: connectionStringReadonly: '' password: '' -# @section Keys Service settings -# @param keys.url API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** -# @param keys.token keys.api access token. **Required** - -keys: - url: '' - token: '' - -# @section ElasticSearch settings (supported version 7.x) - -# @param elastic.host ElasticSearch host address. Format: `http(s)://HOST:PORT` -# @param elastic.credentials User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` -# @skip elastic.indexPrefix - -elastic: - host: '' - credentials: '' - indexPrefix: '' - -# @section Redis settings (supported version 6.x) - -# @param redis.host Redis host address. **Required** -# @param redis.port Redis port. **Required** -# @skip redis.enabled -# @param redis.username Username used to connect to Redis -# @param redis.password Password used to connect to Redis - -redis: - host: '' - port: 6379 - enabled: true - username: '' - password: '' # @section Kafka settings (supported version 2.7) + # @param kafka.bootstrapServers Kafka bootstrap servers. Format: 'host1:port1,host2:port2' # @param kafka.securityProtocol Kafka security protocol. Supported options: SaslPlaintext. # @extra kafka.sasl **Kafka sasl settings** (see [the documentation](https://kafka.apache.org/documentation/#security_sasl_config)) @@ -307,12 +420,57 @@ kafka: readerGroupId: '' refreshAssetsIntervalMinutes: 60 -# @section Import background jobs settings -# @param backgroundJobs.enableUserAssetsImporter If user data importer job is enabled for the service. -# @param backgroundJobs.enableAssetsStreaming If the streaming data processing job is enabled for the service. -backgroundJobs: - enableUserAssetsImporter: true - enableAssetsStreaming: false + +# @section ElasticSearch settings (supported version 7.x) + +# @param elastic.host ElasticSearch host address. Format: `http(s)://HOST:PORT` +# @param elastic.credentials User name and password to connect to the ElasticSearch. Format: `USER_NAME:PASSWORD` +# @skip elastic.indexPrefix + +elastic: + host: '' + credentials: '' + indexPrefix: '' + + +# @section Redis settings (supported version 6.x) + +# @param redis.host Redis host address. **Required** +# @param redis.port Redis port. **Required** +# @skip redis.enabled +# @param redis.username Username used to connect to Redis +# @param redis.password Password used to connect to Redis + +redis: + host: '' + port: 6379 + enabled: true + username: '' + password: '' + + +# @section external services + + +# @section digger settings + +# @skip digger + +digger: + url: '' + userName: '' + password: '' + + +# @section Keys Service settings + +# @param keys.url API URL of service for managing partners' keys to 2GIS services (keys.api). **Required** +# @param keys.token keys.api access token. **Required** + +keys: + url: '' + token: '' + # @section Catalog API settings @@ -323,6 +481,7 @@ catalog: url: '' key: '' + # @section Navigation API settings # @param navi.url URL for [Navigation API](https://docs.2gis.com/en/on-premise/navigation/overview). Example: http://navi-back.svc @@ -332,6 +491,7 @@ navi: url: '' key: '' + # @section License Service API settings # @param license.url Licensing server v2 URL. Example: https://license.svc **Required** @@ -339,6 +499,7 @@ navi: license: url: '' + # @section Search API settings # @param search.url URL for [Search API](https://docs.2gis.com/en/on-premise/search). Example: http://search-api.svc @@ -351,176 +512,3 @@ search: tileGen: url: '' userDataTileSet: '' - -# @section 2GIS PRO API Job settings - -# @param appAssetImporterName Data Import job name. -# @skip appAssetPreparerName - -appAssetImporterName: asset-importer -appAssetPreparerName: asset-preparer - -# @skip permissionsPodSettings - -permissionsPodSettings: - replicaCount: 1 - imagePullSecrets: [] - nodeSelector: {} - affinity: {} - priorityClassName: '' - terminationGracePeriodSeconds: 60 - tolerations: [] - podAnnotations: {} - podLabels: {} - annotations: {} - labels: {} - revisionHistoryLimit: 3 - resources: - requests: - cpu: 300m - memory: 512M - limits: - cpu: 1 - memory: 1G - -# @section 2GIS PRO Permissions API configuration -# @skip permissionsApi.host -# @param permissionsApi.enabled If permissionsApi is enabled for the service. -# @skip Local cache settings -# @skip permissionsApi.localCache.enabled -# @skip permissionsApi.localCache.trackStatistics - -permissionsApi: - host: '' - enabled: false - localCache: - enabled: true - trackStatistics: false - -# @section Import job settings - -# @param assetImporter.repository Docker Repository Image. -# @param assetImporter.tag Docker image tag. -# @param assetImporter.schedule Import job schedule. -# @param assetImporter.backoffLimit The number of [retries](https://kubernetes.io/docs/concepts/workloads/controllers/job/#pod-backoff-failure-policy) before considering a Job as failed. -# @param assetImporter.successfulJobsHistoryLimit How many completed and failed jobs should be kept. See [docs](https://kubernetes.io/docs/tasks/job/automated-tasks-with-cron-jobs/#jobs-history-limits). -# @param assetImporter.nodeSelector Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector). -# @param assetImporter.maxParallelJobs How many import jobs can be run simultaneously -# @param assetImporter.enabled If assetImporter is enabled for the service. -# @param assetImporter.startOnDeploy Indicates that asset import should start when service installed or updated -# @param assetImporter.startOnDeployMode Import mode: 'ScheduleManifest' - copy data from manifest and schedule import, 'ManifestData' - just copy data from manifest. -# @param assetImporter.imageProxyUrl URL to proxy image links (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) -# @param assetImporter.externalLinksProxyUrl URL to proxy http links from assets data (including query parameters, if any, i.e. 'https://someserver.com/proxy?url=' ) -# @param assetImporter.externalLinksAllowedHosts Comma separated hosts, i.e. 'someserver.com,someserver2.com' ) -# @skip assetImporter.files -# @skip assetImporter.esMetricsEnabled -# @skip assetImporter.suspended - -assetImporter: - repository: 2gis-on-premise/pro-importer - tag: 1.35.0 - schedule: 0 18 * * * - backoffLimit: 2 - successfulJobsHistoryLimit: 3 - nodeSelector: {} - resources: - requests: - cpu: 700m - memory: 768M - limits: - cpu: 1000m - memory: 8Gi - maxParallelJobs: 1 - enabled: true - suspended: false - startOnDeploy: true - startOnDeployMode: ScheduleManifest - files: '' - imageProxyUrl: '' - externalLinksProxyUrl: '' - externalLinksAllowedHosts: '' - esMetricsEnabled: false - -# @skip assetPreparer - -assetPreparer: - repository: 2gis-on-premise/pro-importer - tag: 1.35.0 - schedule: 0 16 * * 6 - backoffLimit: 2 - successfulJobsHistoryLimit: 1 - nodeSelector: {} - resources: - requests: - cpu: 300m - memory: 256M - limits: - cpu: 500m - memory: 512M - enabled: true - maxParallelJobs: 1 - -# @section Limits - -# @extra resources **Limits for the application service** -# @param resources.requests.cpu A CPU request. -# @param resources.requests.memory A memory request. -# @param resources.limits.cpu A CPU limit. -# @param resources.limits.memory A memory limit. - -# @extra assetImporter.resources **Limits for the import job** -# @param assetImporter.resources.requests.cpu A CPU request. -# @param assetImporter.resources.requests.memory A memory request. -# @param assetImporter.resources.limits.cpu A CPU limit. -# @param assetImporter.resources.limits.memory A memory limit. - -resources: - requests: - cpu: 400m - memory: 256M - limits: - cpu: 1 - memory: 1024M - -# @section Kubernetes [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) settings - -# @section 2GIS PRO API ingress settings -# @param ingress.enabled If Ingress is enabled for the service. -# @param ingress.className Name of the Ingress controller class. -# @param ingress.hosts[0].host Hostname for the Ingress service. -# @param ingress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param ingress.hosts[0].paths[0].pathType Type of the path for the Ingress service. -# @param ingress.tls TLS configuration - -ingress: - enabled: false - className: nginx - hosts: - - host: pro-api.example.com - paths: - - path: / - pathType: Prefix - tls: [] - # - hosts: - # - pro-api.example.com - # secretName: secret.tls - -# @section 2GIS PRO Permissions API ingress settings -# @param permissionsApiIngress.enabled If Ingress is enabled for the service. -# @param permissionsApiIngress.className Name of the Ingress controller class. -# @param permissionsApiIngress.hosts[0].host Hostname for the Ingress service. -# @param permissionsApiIngress.hosts[0].paths[0].path Path of the host for the Ingress service. -# @param permissionsApiIngress.hosts[0].paths[0].pathType Type of the path for the Ingress service. -# @param permissionsApiIngress.tls TLS configuration -permissionsApiIngress: - enabled: false - className: nginx - hosts: - - host: pro-permissions-api.example.com - paths: - - path: / - pathType: Prefix - tls: [] - # - hosts: - # - pro-permissions-api.example.com - # secretName: secret.tls diff --git a/charts/pro-ui/Chart.yaml b/charts/pro-ui/Chart.yaml index 6f4c2909c..f16c1db1e 100644 --- a/charts/pro-ui/Chart.yaml +++ b/charts/pro-ui/Chart.yaml @@ -3,7 +3,7 @@ name: pro-ui type: application description: A Helm chart for Kubernetes to deploy 2GIS Pro UI service -version: 1.28.2 +version: 1.29.0 appVersion: 2.27.0 maintainers: diff --git a/charts/search-api/Chart.yaml b/charts/search-api/Chart.yaml index 1478babc2..b234795ce 100644 --- a/charts/search-api/Chart.yaml +++ b/charts/search-api/Chart.yaml @@ -4,7 +4,7 @@ description: Search engine for catalog type: application -version: 1.28.2 +version: 1.29.0 appVersion: 7.80.0 maintainers: diff --git a/charts/stat-receiver/Chart.yaml b/charts/stat-receiver/Chart.yaml index ea87f7ad2..cc9d5b4e4 100644 --- a/charts/stat-receiver/Chart.yaml +++ b/charts/stat-receiver/Chart.yaml @@ -3,7 +3,7 @@ name: stat-receiver type: application description: A Helm chart for Kubernetes to deploy Stat Receiver -version: 1.28.2 +version: 1.29.0 appVersion: 1.11.1 maintainers: diff --git a/charts/stat-receiver/README.md b/charts/stat-receiver/README.md index 6e6295204..0444fdd00 100644 --- a/charts/stat-receiver/README.md +++ b/charts/stat-receiver/README.md @@ -53,39 +53,50 @@ helm upgrade stat-receiver 2gis-on-premise/stat-receiver -f values-stat-receiver | Name | Description | Value | | --------------------- | --------------------------------------------------------------------------------------- | ----- | | `dgctlDockerRegistry` | Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. | `""` | +| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` | ### API service settings -| Name | Description | Value | -| -------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | -| `api` | **Common settings** | | -| `api.replicas` | A replica count for the pod. | `1` | -| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | -| `api.jvmXmx` | Memory allocation options for JVM. | `-Xmx1500m` | -| `api.image` | **Deployment settings** | | -| `api.image.repository` | Repository | `2gis-on-premise/stat-receiver-api` | -| `api.image.tag` | Tag | `1.11.1` | -| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | -| `api.service` | **Service settings** | | -| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | -| `api.service.port` | Service port. | `80` | -| `api.service.targetPort` | Port inside the container. | `8080` | +| Name | Description | Value | +| ------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------- | +| `api` | **Common settings** | | +| `api.replicas` | A replica count for the pod. | `1` | +| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `api.jvmXmx` | Memory allocation options for JVM. | `-Xmx1500m` | +| `api.image` | **Deployment settings** | | +| `api.image.repository` | Repository | `2gis-on-premise/stat-receiver-api` | +| `api.image.tag` | Tag | `1.11.1` | +| `api.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `api.service` | **Service settings** | | +| `api.service.type` | Kubernetes [service type](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types). | `ClusterIP` | +| `api.service.port` | Service port. | `80` | +| `api.service.targetPort` | Port inside the container. | `8080` | +| `api.resources` | **Limits for the API service** | | +| `api.resources.requests.cpu` | A CPU request. | `0.5` | +| `api.resources.requests.memory` | A memory request. | `1500Mi` | +| `api.resources.limits.cpu` | A CPU limit. | `1` | +| `api.resources.limits.memory` | A memory limit. | `1500Mi` | ### Streams service settings -| Name | Description | Value | -| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | -| `streams` | **Common settings** | | -| `streams.replicas` | A replica count for the pod. | `1` | -| `streams.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | -| `streams.jvmXmx` | Memory allocation options for JVM. | `-Xmx2G -XX:+UseParallelGC` | -| `streams.jmxPort` | Port for JMX protocol. | `9010` | -| `streams.metricsPort` | Port for metrics. | `8081` | -| `streams.storageSize` | Size of ephemeral disk that holds temporary files | `500Mi` | -| `streams.image` | **Deployment settings** | | -| `streams.image.repository` | Repository | `2gis-on-premise/stat-receiver-streams` | -| `streams.image.tag` | Tag | `1.11.1` | -| `streams.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| Name | Description | Value | +| ----------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------- | +| `streams` | **Common settings** | | +| `streams.replicas` | A replica count for the pod. | `1` | +| `streams.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` | +| `streams.jvmXmx` | Memory allocation options for JVM. | `-Xmx2G -XX:+UseParallelGC` | +| `streams.jmxPort` | Port for JMX protocol. | `9010` | +| `streams.metricsPort` | Port for metrics. | `8081` | +| `streams.storageSize` | Size of ephemeral disk that holds temporary files | `500Mi` | +| `streams.image` | **Deployment settings** | | +| `streams.image.repository` | Repository | `2gis-on-premise/stat-receiver-streams` | +| `streams.image.tag` | Tag | `1.11.1` | +| `streams.image.pullPolicy` | Pull Policy | `IfNotPresent` | +| `streams.resources` | **Limits for the Streams service** | | +| `streams.resources.requests.cpu` | A CPU request. | `1` | +| `streams.resources.requests.memory` | A memory request. | `4G` | +| `streams.resources.limits.cpu` | A CPU limit. | `2` | +| `streams.resources.limits.memory` | A memory limit. | `4G` | ### Kafka service settings @@ -124,21 +135,6 @@ helm upgrade stat-receiver 2gis-on-premise/stat-receiver -f values-stat-receiver | `ingress.enabled` | If Ingress is enabled for the service. | `false` | | `ingress.hosts[0].host` | Hostname for the Ingress service. | `stat-receiver.host` | -### Limits - -| Name | Description | Value | -| ----------------------------------- | ---------------------------------- | -------- | -| `api.resources` | **Limits for the API service** | | -| `api.resources.requests.cpu` | A CPU request. | `0.5` | -| `api.resources.requests.memory` | A memory request. | `1500Mi` | -| `api.resources.limits.cpu` | A CPU limit. | `1` | -| `api.resources.limits.memory` | A memory limit. | `1500Mi` | -| `streams.resources` | **Limits for the Streams service** | | -| `streams.resources.requests.cpu` | A CPU request. | `1` | -| `streams.resources.requests.memory` | A memory request. | `4G` | -| `streams.resources.limits.cpu` | A CPU limit. | `2` | -| `streams.resources.limits.memory` | A memory limit. | `4G` | - ## Maintainers diff --git a/charts/stat-receiver/configs/streams/application.conf.template b/charts/stat-receiver/configs/streams/application.conf.template index e04f03baa..d34c24b4e 100644 --- a/charts/stat-receiver/configs/streams/application.conf.template +++ b/charts/stat-receiver/configs/streams/application.conf.template @@ -53,7 +53,7 @@ streams = { "rocksdb.shared.block.cache.size" = 536870912 # 512Mb "bootstrap.servers" = {{ required "A valid .Values.kafka.servers entry required" .Values.kafka.servers | quote }} {{- if .Values.kafka.sasl.mechanism }} - "sasl.mechanism" = {{ .Values.kafka.saslMechanism }} + "sasl.mechanism" = {{ .Values.kafka.sasl.mechanism }} {{- end }} {{- if .Values.kafka.securityProtocol }} "security.protocol" = {{ .Values.kafka.securityProtocol }} diff --git a/charts/stat-receiver/templates/api/configmap.yaml b/charts/stat-receiver/templates/api/configmap.yaml index f8ce8eb9d..4ee1e5b31 100644 --- a/charts/stat-receiver/templates/api/configmap.yaml +++ b/charts/stat-receiver/templates/api/configmap.yaml @@ -3,11 +3,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} data: application.conf: |- {{- tpl (.Files.Get "configs/api/application.conf.template") . | nindent 4 }} logback.xml: |- {{- .Files.Get "configs/api/logback.xml" | nindent 4 }} + \ No newline at end of file diff --git a/charts/stat-receiver/templates/api/deployment.yaml b/charts/stat-receiver/templates/api/deployment.yaml index 4cfb8f72b..e961bac2a 100644 --- a/charts/stat-receiver/templates/api/deployment.yaml +++ b/charts/stat-receiver/templates/api/deployment.yaml @@ -1,13 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} {{- if .Values.api.annotations }} annotations: {{- toYaml .Values.api.annotations | nindent 4 }} {{- end }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} {{- if .Values.api.labels }} {{- toYaml .Values.api.labels | nindent 4 }} {{- end }} @@ -21,11 +21,11 @@ spec: type: RollingUpdate selector: matchLabels: - {{- include "bss-receiver-api.selectorLabels" . | nindent 6 }} + {{- include "stat-receiver-api.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- include "bss-receiver-api.labels" . | nindent 8 }} + {{- include "stat-receiver-api.labels" . | nindent 8 }} {{- if .Values.api.labels }} {{- toYaml .Values.api.labels | nindent 8 }} {{- end }} @@ -95,7 +95,7 @@ spec: volumes: - name: config-volume configMap: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} {{- if .Values.kafka.truststore.enabled }} - name: kafka-truststore secret: @@ -106,3 +106,4 @@ spec: secret: secretName: {{ .Values.kafka.keystore.secretName }} {{- end }} + \ No newline at end of file diff --git a/charts/stat-receiver/templates/api/ingress.yaml b/charts/stat-receiver/templates/api/ingress.yaml index a5f3a6243..104aa312e 100644 --- a/charts/stat-receiver/templates/api/ingress.yaml +++ b/charts/stat-receiver/templates/api/ingress.yaml @@ -1,12 +1,12 @@ {{- if .Values.ingress.enabled -}} -{{- $fullName := include "bss-receiver-api.name" . -}} +{{- $fullName := include "stat-receiver-api.name" . -}} {{- $svcPort := .Values.api.service.port -}} apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: {{ $fullName }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} {{- with .Values.ingress.annotations }} annotations: {{- toYaml . | nindent 4 }} diff --git a/charts/stat-receiver/templates/api/service.yaml b/charts/stat-receiver/templates/api/service.yaml index 03feeee8e..2c52efa4e 100644 --- a/charts/stat-receiver/templates/api/service.yaml +++ b/charts/stat-receiver/templates/api/service.yaml @@ -3,13 +3,13 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "bss-receiver-api.name" . }} + name: {{ include "stat-receiver-api.name" . }} {{- if .Values.api.service.annotations }} annotations: {{- toYaml .Values.api.service.annotations | nindent 4 }} {{- end }} labels: - {{- include "bss-receiver-api.labels" . | nindent 4 }} + {{- include "stat-receiver-api.labels" . | nindent 4 }} {{- if .Values.api.service.labels }} {{- toYaml .Values.api.service.labels | nindent 4 }} {{- end }} @@ -22,4 +22,4 @@ spec: name: http appProtocol: http selector: - {{- include "bss-receiver-api.selectorLabels" . | nindent 4 }} + {{- include "stat-receiver-api.selectorLabels" . | nindent 4 }} diff --git a/charts/stat-receiver/templates/helpers.tpl b/charts/stat-receiver/templates/helpers.tpl index 168dff0ab..adba0ec24 100644 --- a/charts/stat-receiver/templates/helpers.tpl +++ b/charts/stat-receiver/templates/helpers.tpl @@ -1,28 +1,28 @@ -{{- define "bss-receiver-api.name" -}} +{{- define "stat-receiver-api.name" -}} {{- printf "%s-api" .Release.Name | trunc 32 | trimSuffix "-" }} {{- end }} -{{- define "bss-receiver-streams.name" -}} +{{- define "stat-receiver-streams.name" -}} {{- printf "%s-streams" .Release.Name | trunc 32 | trimSuffix "-" }} {{- end }} -{{- define "bss-receiver-api.selectorLabels" -}} +{{- define "stat-receiver-api.selectorLabels" -}} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/instance: {{ printf "%s-api" .Release.Name }} {{- end }} -{{- define "bss-receiver-api.labels" -}} -{{ include "bss-receiver-api.selectorLabels" . }} +{{- define "stat-receiver-api.labels" -}} +{{ include "stat-receiver-api.selectorLabels" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} -{{- define "bss-receiver-streams.selectorLabels" -}} +{{- define "stat-receiver-streams.selectorLabels" -}} app.kubernetes.io/name: {{ .Chart.Name }} app.kubernetes.io/instance: {{ printf "%s-streams" .Release.Name }} {{- end }} -{{- define "bss-receiver-streams.labels" -}} -{{ include "bss-receiver-streams.selectorLabels" . }} +{{- define "stat-receiver-streams.labels" -}} +{{ include "stat-receiver-streams.selectorLabels" . }} app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} {{- end }} diff --git a/charts/stat-receiver/templates/streams/configmap.yaml b/charts/stat-receiver/templates/streams/configmap.yaml index 63148a125..e0d797eed 100644 --- a/charts/stat-receiver/templates/streams/configmap.yaml +++ b/charts/stat-receiver/templates/streams/configmap.yaml @@ -1,9 +1,9 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "bss-receiver-streams.name" . }} + name: {{ include "stat-receiver-streams.name" . }} labels: - {{- include "bss-receiver-streams.labels" . | nindent 4 }} + {{- include "stat-receiver-streams.labels" . | nindent 4 }} data: application.conf: |- {{- tpl (.Files.Get "configs/streams/application.conf.template") . | nindent 4 }} diff --git a/charts/stat-receiver/templates/streams/deployment.yaml b/charts/stat-receiver/templates/streams/deployment.yaml index 23dfee688..f2b9fb3ec 100644 --- a/charts/stat-receiver/templates/streams/deployment.yaml +++ b/charts/stat-receiver/templates/streams/deployment.yaml @@ -1,13 +1,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ include "bss-receiver-streams.name" . }} + name: {{ include "stat-receiver-streams.name" . }} {{- if .Values.streams.annotations }} annotations: {{- toYaml .Values.streams.annotations | nindent 4 }} {{- end }} labels: - {{- include "bss-receiver-streams.labels" . | nindent 4 }} + {{- include "stat-receiver-streams.labels" . | nindent 4 }} {{- if .Values.streams.labels }} {{- toYaml .Values.streams.labels | nindent 4 }} {{- end }} @@ -21,11 +21,11 @@ spec: type: RollingUpdate selector: matchLabels: - {{- include "bss-receiver-streams.selectorLabels" . | nindent 6 }} + {{- include "stat-receiver-streams.selectorLabels" . | nindent 6 }} template: metadata: labels: - {{- include "bss-receiver-streams.labels" . | nindent 8 }} + {{- include "stat-receiver-streams.labels" . | nindent 8 }} {{- if .Values.streams.labels }} {{- toYaml .Values.streams.labels | nindent 8 }} {{- end }} @@ -100,7 +100,7 @@ spec: volumes: - name: config-volume configMap: - name: {{ include "bss-receiver-streams.name" . }} + name: {{ include "stat-receiver-streams.name" . }} - name: data-volume emptyDir: sizeLimit: {{ .Values.streams.storageSize }} diff --git a/charts/stat-receiver/templates/streams/headless-service.yaml b/charts/stat-receiver/templates/streams/headless-service.yaml index fd8482af0..ee7bc7366 100644 --- a/charts/stat-receiver/templates/streams/headless-service.yaml +++ b/charts/stat-receiver/templates/streams/headless-service.yaml @@ -3,12 +3,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ include "bss-receiver-streams.name" . }}-headless + name: {{ include "stat-receiver-streams.name" . }}-headless labels: - {{- include "bss-receiver-streams.labels" . | nindent 4 }} + {{- include "stat-receiver-streams.labels" . | nindent 4 }} spec: type: ClusterIP clusterIP: None publishNotReadyAddresses: true selector: - {{- include "bss-receiver-streams.selectorLabels" . | nindent 4 }} + {{- include "stat-receiver-streams.selectorLabels" . | nindent 4 }} diff --git a/charts/stat-receiver/values.yaml b/charts/stat-receiver/values.yaml index 3921fba10..5012833e0 100644 --- a/charts/stat-receiver/values.yaml +++ b/charts/stat-receiver/values.yaml @@ -1,8 +1,10 @@ # @section Docker Registry settings # @param dgctlDockerRegistry Docker Registry endpoint where On-Premise services' images reside. Format: `host:port`. +# @param imagePullSecrets Kubernetes image pull secrets. dgctlDockerRegistry: '' +imagePullSecrets: [] # @section API service settings @@ -38,6 +40,12 @@ api: port: 80 targetPort: 8080 + # @extra api.resources **Limits for the API service** + # @param api.resources.requests.cpu A CPU request. + # @param api.resources.requests.memory A memory request. + # @param api.resources.limits.cpu A CPU limit. + # @param api.resources.limits.memory A memory limit. + resources: requests: cpu: 0.5 @@ -77,6 +85,12 @@ streams: tag: 1.11.1 pullPolicy: IfNotPresent + # @extra streams.resources **Limits for the Streams service** + # @param streams.resources.requests.cpu A CPU request. + # @param streams.resources.requests.memory A memory request. + # @param streams.resources.limits.cpu A CPU limit. + # @param streams.resources.limits.memory A memory limit. + resources: requests: cpu: 1 @@ -154,18 +168,3 @@ ingress: enabled: false hosts: - host: stat-receiver.host - - -# @section Limits - -# @extra api.resources **Limits for the API service** -# @param api.resources.requests.cpu A CPU request. -# @param api.resources.requests.memory A memory request. -# @param api.resources.limits.cpu A CPU limit. -# @param api.resources.limits.memory A memory limit. - -# @extra streams.resources **Limits for the Streams service** -# @param streams.resources.requests.cpu A CPU request. -# @param streams.resources.requests.memory A memory request. -# @param streams.resources.limits.cpu A CPU limit. -# @param streams.resources.limits.memory A memory limit. diff --git a/charts/styles-api/Chart.yaml b/charts/styles-api/Chart.yaml index fb06a53fb..8e9354feb 100644 --- a/charts/styles-api/Chart.yaml +++ b/charts/styles-api/Chart.yaml @@ -3,7 +3,7 @@ name: styles-api type: application description: A Helm chart for Kubernetes to deploy API Styles service -version: 1.28.2 +version: 1.29.0 appVersion: 0.30.0 maintainers: diff --git a/charts/tiles-api/Chart.yaml b/charts/tiles-api/Chart.yaml index 8662f9b96..3d5101152 100644 --- a/charts/tiles-api/Chart.yaml +++ b/charts/tiles-api/Chart.yaml @@ -4,7 +4,7 @@ description: Tiles API for getting cartographic data type: application -version: 1.28.2 +version: 1.29.0 appVersion: 4.54.0 maintainers: diff --git a/charts/traffic-proxy/Chart.yaml b/charts/traffic-proxy/Chart.yaml index 6cd7e3ee6..5151db4a8 100644 --- a/charts/traffic-proxy/Chart.yaml +++ b/charts/traffic-proxy/Chart.yaml @@ -4,7 +4,7 @@ description: A Helm chart for Kubernetes to deploy Proxy for traffic jams type: application -version: 1.28.2 +version: 1.29.0 appVersion: 1.21.6 maintainers: diff --git a/charts/twins-api/Chart.yaml b/charts/twins-api/Chart.yaml index 81816bb54..853b4b68a 100644 --- a/charts/twins-api/Chart.yaml +++ b/charts/twins-api/Chart.yaml @@ -3,7 +3,7 @@ name: twins-api type: application description: A Helm chart for Kubernetes to deploy API Twins service -version: 1.28.2 +version: 1.29.0 appVersion: 1.13.0 maintainers: diff --git a/image_versions.txt b/image_versions.txt index 2433dc599..8e552efa5 100644 --- a/image_versions.txt +++ b/image_versions.txt @@ -2,10 +2,10 @@ catalog-api catalog-api:3.625.0 catalog-importer:1.7.0 citylens - citylens-api:1.12.0 - citylens-database:1.12.0 - citylens-web:1.12.0 - citylens-workers:1.12.0 + citylens-api:1.13.1 + citylens-database:1.13.0 + citylens-web:1.13.0 + citylens-workers:1.13.0 dgtt dgtt:0.2.27-b188673e09 floors-api @@ -26,7 +26,7 @@ keys keys-redis:6.2.6-alpine3.15 keys-ui:0.8.0 license - license:2.2.1 + license:2.2.3 mapgl-js-api mapgl:1.51.0 navi-async-grpc-proxy