Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add resources for admin tools containers and creating network policies #361

Closed
wants to merge 3 commits into from
+113 −2
Closed

Add resources for admin tools containers and creating network policies #361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
a3f8ecd
changed
Demcheck Feb 5, 2023
b24abbe
changed
Demcheck Feb 5, 2023
e538817
changed
Demcheck Feb 5, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 4 additions & 0 deletions templates/admintools-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,10 @@ spec:
- name: admin-tools
image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}"
imagePullPolicy: {{ .Values.admintools.image.pullPolicy }}
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
ports:
- name: http
containerPort: 22
Expand Down
49 changes: 49 additions & 0 deletions templates/network-policies.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{{- if .Values.networkPolicies.enabled }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-default-ingress
labels:
app.kubernetes.io/name: {{ include "temporal.name" . }}
helm.sh/chart: {{ include "temporal.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }}
app.kubernetes.io/part-of: {{ .Chart.Name }}
spec:
podSelector:
matchLabels:
app.kubernetes.io/name: {{ include "temporal.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: {{ include "temporal.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
ports:
{{- range $service := (list "frontend" "history" "matching" "worker") }}
{{- $serviceValues := index $.Values.server $service }}
- protocol: TCP
port: {{ $serviceValues.service.port }}
{{- end }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this work if fontend, history, matching and worker all share the same port?

policyTypes:
- Ingress
{{- range $np := .Values.networkPolicies.raws }}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $np.name }}
labels:
app.kubernetes.io/name: {{ include "temporal.name" . }}
helm.sh/chart: {{ include "temporal.chart" . }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/version: {{ .Chart.AppVersion | replace "+" "_" }}
app.kubernetes.io/part-of: {{ .Chart.Name }}
spec:
{{- $np.spec | toYaml | nindent 4 }}
{{- end }}
{{- end }}
4 changes: 2 additions & 2 deletions templates/server-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,7 @@ spec:
- name: dynamic-config
mountPath: /etc/temporal/dynamic_config
{{- if $.Values.server.additionalVolumeMounts }}
{{- toYaml $.Values.server.additionalVolumeMounts | nindent 12}}
{{- toYaml $.Values.server.additionalVolumeMounts | nindent 12}}
{{- end }}
resources:
{{- toYaml (default $.Values.server.resources $serviceValues.resources) | nindent 12 }}
Expand All @@ -160,7 +160,7 @@ spec:
- key: dynamic_config.yaml
path: dynamic_config.yaml
{{- if $.Values.server.additionalVolumes }}
{{- toYaml $.Values.server.additionalVolumes | nindent 8}}
{{- toYaml $.Values.server.additionalVolumes | nindent 8}}
{{- end }}
{{- with (default $.Values.server.nodeSelector $serviceValues.nodeSelector) }}
nodeSelector:
Expand Down
32 changes: 32 additions & 0 deletions templates/server-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,18 @@ spec:
- name: check-cassandra-service
image: busybox
command: ['sh', '-c', 'until nslookup {{ include "cassandra.host" $ }}; do echo waiting for cassandra service; sleep 1; done;']
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
- name: check-cassandra
image: "{{ .Values.cassandra.image.repo }}:{{ .Values.cassandra.image.tag }}"
imagePullPolicy: {{ .Values.cassandra.image.pullPolicy }}
command: ['sh', '-c', 'until cqlsh {{ include "cassandra.host" $ }} {{ .Values.cassandra.config.ports.cql }} -e "SHOW VERSION"; do echo waiting for cassandra to start; sleep 1; done;']
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- range $store := (list "default" "visibility") }}
{{- $storeConfig := index $.Values.server.config.persistence $store }}
Expand All @@ -56,6 +64,10 @@ spec:
image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}"
imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }}
command: ['sh', '-c', 'temporal-cassandra-tool create -k {{ $storeConfig.cassandra.keyspace }} --replication-factor {{ $storeConfig.cassandra.replicationFactor }}']
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
env:
- name: CASSANDRA_HOST
value: {{ first (splitList "," (include "temporal.persistence.cassandra.hosts" (list $ $store))) }}
Expand Down Expand Up @@ -90,6 +102,10 @@ spec:
image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}"
imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }}
command: ["temporal-{{ include "temporal.persistence.driver" (list $ $store) }}-tool", "setup-schema", "-v", "0.0"]
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }}
- name: CASSANDRA_HOST
Expand Down Expand Up @@ -181,6 +197,10 @@ spec:
image: "{{ .Values.cassandra.image.repo }}:{{ .Values.cassandra.image.tag }}"
imagePullPolicy: {{ .Values.cassandra.image.pullPolicy }}
command: ['sh', '-c', 'until cqlsh {{ include "cassandra.host" $ }} {{ .Values.cassandra.config.ports.cql }} -e "SHOW VERSION"; do echo waiting for cassandra to start; sleep 1; done;']
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else }}
[]
{{- end }}
Expand All @@ -193,6 +213,10 @@ spec:
{{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }}
command: ['sh', '-c', 'temporal-cassandra-tool update-schema -d /etc/temporal/schema/cassandra/{{ include "temporal.persistence.schema" $store }}/versioned']
{{- end }}
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
env:
{{- if eq (include "temporal.persistence.driver" (list $ $store)) "cassandra" }}
- name: CASSANDRA_HOST
Expand Down Expand Up @@ -276,11 +300,19 @@ spec:
image: "{{ .Values.admintools.image.repository }}:{{ .Values.admintools.image.tag }}"
imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }}
command: ['sh', '-c', 'until curl --silent --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }} 2>&1 > /dev/null; do echo waiting for elasticsearch to start; sleep 1; done;']
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
containers:
- name: create-elasticsearch-index
image: "{{ $.Values.admintools.image.repository }}:{{ $.Values.admintools.image.tag }}"
imagePullPolicy: {{ $.Values.admintools.image.pullPolicy }}
command: ['sh', '-c']
{{- with .Values.admintools.resources }}
resources:
{{- toYaml . | nindent 8 }}
{{- end }}
args:
- 'curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/_template/temporal_visibility_v1_template -H "Content-Type: application/json" --data-binary "@schema/elasticsearch/visibility/index_template_{{ .Values.elasticsearch.version }}.json" 2>&1 &&
curl -X PUT --fail --user {{ .Values.elasticsearch.username }}:{{ .Values.elasticsearch.password }} {{ .Values.elasticsearch.scheme }}://{{ .Values.elasticsearch.host }}:{{ .Values.elasticsearch.port }}/{{ .Values.elasticsearch.visibilityIndex }} 2>&1'
Expand Down
26 changes: 26 additions & 0 deletions values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -245,6 +245,13 @@ admintools:
type: ClusterIP
port: 22
annotations: {}
resources: {}
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
podLabels: {}
podAnnotations: {}
nodeSelector: {}
Expand Down Expand Up @@ -420,3 +427,22 @@ cassandra:

mysql:
enabled: false

networkPolicies:
enabled: false
raws: []
# - name: allow-metrics
# spec:
# podSelector:
# matchLabels:
# app.kubernetes.io/name: app-name
# ingress:
# - from:
# - podSelector:
# matchLabels:
# app.kubernetes.io/name: app-name
# ports:
# - protocol: TCP
# port: 9090
# policyTypes:
# - Ingress