From a3f8ecd6a0c6be5522848ac63a8ed8f63f97e2d5 Mon Sep 17 00:00:00 2001 From: Ivan Sokoryan Date: Sun, 5 Feb 2023 22:55:18 +0600 Subject: [PATCH 1/3] changed --- templates/network-policies.yaml | 49 +++++++++++++++++++++++++++++++++ values.yaml | 4 +++ 2 files changed, 53 insertions(+) create mode 100644 templates/network-policies.yaml diff --git a/templates/network-policies.yaml b/templates/network-policies.yaml new file mode 100644 index 00000000..2ef905f3 --- /dev/null +++ b/templates/network-policies.yaml @@ -0,0 +1,49 @@ +{{- if .Values.networkPolicies.enabled }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-default-ingress + labels: + app.kubernetes.io/name: {{ include "temporal.name" . }} + helm.sh/chart: {{ include "temporal.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/part-of: {{ .Chart.Name }} +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "temporal.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: {{ include "temporal.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + ports: + {{- range $service := (list "frontend" "history" "matching" "worker") }} + {{- $serviceValues := index $.Values.server $service }} + - protocol: TCP + port: {{ $serviceValues.service.port }} + {{- end }} + policyTypes: + - Ingress +{{- range $np := .Values.networkPolicies.raws }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ $np.name }} + labels: + app.kubernetes.io/name: {{ include "temporal.name" . }} + helm.sh/chart: {{ include "temporal.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }} + app.kubernetes.io/part-of: {{ .Chart.Name }} +spec: + {{- $np.spec | toYaml | nindent 4 }} +{{- end }} +{{- end }} diff --git a/values.yaml b/values.yaml index def7e925..3205c0a4 100644 --- a/values.yaml +++ b/values.yaml @@ -420,3 +420,7 @@ cassandra: mysql: enabled: false + +networkPolicies: + enabled: false + raws: [] From b24abbea49ec8e0f73c5e3d2f1c509cc4b7a86ef Mon Sep 17 00:00:00 2001 From: Ivan Sokoryan Date: Sun, 5 Feb 2023 22:56:08 +0600 Subject: [PATCH 2/3] changed --- values.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/values.yaml b/values.yaml index 3205c0a4..ac91c2de 100644 --- a/values.yaml +++ b/values.yaml @@ -424,3 +424,18 @@ mysql: networkPolicies: enabled: false raws: [] + # - name: allow-metrics + # spec: + # podSelector: + # matchLabels: + # app.kubernetes.io/name: app-name + # ingress: + # - from: + # - podSelector: + # matchLabels: + # app.kubernetes.io/name: app-name + # ports: + # - protocol: TCP + # port: 9090 + # policyTypes: + # - Ingress From e53881765c7eff0e15e538a3ddd15908cbbe5ca9 Mon Sep 17 00:00:00 2001 From: Ivan Sokoryan Date: Sun, 5 Feb 2023 23:01:44 +0600 Subject: [PATCH 3/3] changed --- templates/admintools-deployment.yaml | 4 ++++ templates/server-deployment.yaml | 4 ++-- templates/server-job.yaml | 32 ++++++++++++++++++++++++++++ values.yaml | 7 ++++++ 4 files changed, 45 insertions(+), 2 deletions(-) diff --git a/templates/admintools-deployment.yaml b/templates/admintools-deployment.yaml index 6b6784b2..cbf54043 100644 --- a/templates/admintools-deployment.yaml +++ b/templates/admintools-deployment.yaml @@ -41,6 +41,10 @@ spec: - name: admin-tools image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}" imagePullPolicy: {{ .Values.admintools.image.pullPolicy }} + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} ports: - name: http containerPort: 22 diff --git a/templates/server-deployment.yaml b/templates/server-deployment.yaml index ffc8f362..75e3c6ab 100644 --- a/templates/server-deployment.yaml +++ b/templates/server-deployment.yaml @@ -137,7 +137,7 @@ spec: - name: dynamic-config mountPath: /etc/temporal/dynamic_config {{- if $.Values.server.additionalVolumeMounts }} - {{- toYaml $.Values.server.additionalVolumeMounts | nindent 12}} + {{- toYaml $.Values.server.additionalVolumeMounts | nindent 12}} {{- end }} resources: {{- toYaml (default $.Values.server.resources $serviceValues.resources) | nindent 12 }} @@ -160,7 +160,7 @@ spec: - key: dynamic_config.yaml path: dynamic_config.yaml {{- if $.Values.server.additionalVolumes }} - {{- toYaml $.Values.server.additionalVolumes | nindent 8}} + {{- toYaml $.Values.server.additionalVolumes | nindent 8}} {{- end }} {{- with (default $.Values.server.nodeSelector $serviceValues.nodeSelector) }} nodeSelector: diff --git a/templates/server-job.yaml b/templates/server-job.yaml index f4ca32e3..71b8e633 100644 --- a/templates/server-job.yaml +++ b/templates/server-job.yaml @@ -44,10 +44,18 @@ spec: - name: check-cassandra-service image: busybox command: ['sh', '-c', 'until nslookup {{ include "cassandra.host" $ }}; do echo waiting for cassandra service; sleep 1; done;'] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} - name: check-cassandra image: "{{ .Values.cassandra.image.repo }}:{{ .Values.cassandra.image.tag }}" imagePullPolicy: {{ .Values.cassandra.image.pullPolicy }} command: ['sh', '-c', 'until cqlsh {{ include "cassandra.host" $ }} {{ .Values.cassandra.config.ports.cql }} -e "SHOW VERSION"; do echo waiting for cassandra to start; sleep 1; done;'] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} {{- range $store := (list "default" "visibility") }} {{- $storeConfig := index $.Values.server.config.persistence $store }} @@ -56,6 +64,10 @@ spec: image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} command: ['sh', '-c', 'temporal-cassandra-tool create -k {{ $storeConfig.cassandra.keyspace }} --replication-factor {{ $storeConfig.cassandra.replicationFactor }}'] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} env: - name: CASSANDRA_HOST value: {{ first (splitList "," (include "temporal.persistence.cassandra.hosts" (list $ $store))) }} @@ -90,6 +102,10 @@ spec: image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} command: ["temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool", "setup-schema", "-v", "0.0"] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} env: {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: CASSANDRA_HOST @@ -181,6 +197,10 @@ spec: image: "{{ .Values.cassandra.image.repo }}:{{ .Values.cassandra.image.tag }}" imagePullPolicy: {{ .Values.cassandra.image.pullPolicy }} command: ['sh', '-c', 'until cqlsh {{ include "cassandra.host" $ }} {{ .Values.cassandra.config.ports.cql }} -e "SHOW VERSION"; do echo waiting for cassandra to start; sleep 1; done;'] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} {{- else }} [] {{- end }} @@ -193,6 +213,10 @@ spec: {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} command: ['sh', '-c', 'temporal-cassandra-tool update-schema -d /etc/temporal/schema/cassandra/{{ include "temporal.persistence.schema" $store }}/versioned'] {{- end }} + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} env: {{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }} - name: CASSANDRA_HOST @@ -276,11 +300,19 @@ spec: image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} command: ['sh', '-c', 'until curl --silent --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }} 2>&1 > /dev/null; do echo waiting for elasticsearch to start; sleep 1; done;'] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: create-elasticsearch-index image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}" imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }} command: ['sh', '-c'] + {{- with .Values.admintools.resources }} + resources: + {{- toYaml . | nindent 8 }} + {{- end }} args: - 'curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/_template/temporal_visibility_v1_template -H "Content-Type: application/json" --data-binary "@schema/elasticsearch/visibility/index_template_{{ .Values.elasticsearch.version }}.json" 2>&1 && curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/{{ .Values.elasticsearch.visibilityIndex }} 2>&1' diff --git a/values.yaml b/values.yaml index ac91c2de..ed7a9c53 100644 --- a/values.yaml +++ b/values.yaml @@ -245,6 +245,13 @@ admintools: type: ClusterIP port: 22 annotations: {} + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi podLabels: {} podAnnotations: {} nodeSelector: {}