From 75e2b53cf349b649e1ff6828e82c340d57c3b532 Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 10:47:25 -0800 Subject: [PATCH 1/9] Chart added for metabase service --- .../templates/ingress.yaml | 7 + charts/dataingestion-service/values-dev.yaml | 1 + charts/dataingestion-service/values-dts1.yaml | 1 + charts/dataingestion-service/values.yaml | 1 + charts/metabase-service/.helmignore | 21 ++ charts/metabase-service/Chart.yaml | 13 + .../metabase-service/Metabase_Installation.md | 88 +++++ charts/metabase-service/README.md | 113 +++++++ charts/metabase-service/Troubleshooting.md | 24 ++ charts/metabase-service/templates/NOTES.txt | 32 ++ .../metabase-service/templates/_helpers.tpl | 75 +++++ charts/metabase-service/templates/config.yaml | 19 ++ .../templates/deployment.yaml | 302 ++++++++++++++++++ charts/metabase-service/templates/pdb.yaml | 31 ++ .../metabase-service/templates/service.yaml | 31 ++ .../templates/serviceaccount.yaml | 16 + .../templates/tests/test-connection.yaml | 15 + charts/metabase-service/values-dts1.yaml | 235 ++++++++++++++ charts/metabase-service/values.yaml | 237 ++++++++++++++ 19 files changed, 1262 insertions(+) create mode 100644 charts/metabase-service/.helmignore create mode 100644 charts/metabase-service/Chart.yaml create mode 100644 charts/metabase-service/Metabase_Installation.md create mode 100644 charts/metabase-service/README.md create mode 100644 charts/metabase-service/Troubleshooting.md create mode 100644 charts/metabase-service/templates/NOTES.txt create mode 100644 charts/metabase-service/templates/_helpers.tpl create mode 100644 charts/metabase-service/templates/config.yaml create mode 100644 charts/metabase-service/templates/deployment.yaml create mode 100644 charts/metabase-service/templates/pdb.yaml create mode 100644 charts/metabase-service/templates/service.yaml create mode 100644 charts/metabase-service/templates/serviceaccount.yaml create mode 100644 charts/metabase-service/templates/tests/test-connection.yaml create mode 100644 charts/metabase-service/values-dts1.yaml create mode 100644 charts/metabase-service/values.yaml diff --git a/charts/dataingestion-service/templates/ingress.yaml b/charts/dataingestion-service/templates/ingress.yaml index 2b43679d..33246b48 100644 --- a/charts/dataingestion-service/templates/ingress.yaml +++ b/charts/dataingestion-service/templates/ingress.yaml @@ -67,6 +67,13 @@ spec: name: ldfdata-reporting-service port: number: {{ .Values.reportingService.ldfdataReportingServicePort }} + - path: "/reporting/metabase-svc/" + pathType: Prefix + backend: + service: + name: metabase-service + port: + number: {{ .Values.reportingService.metabaseServicePort }} {{- end }} {{- if eq .Values.dataprocessingService.enabled "true" }} - path: "/rti/" diff --git a/charts/dataingestion-service/values-dev.yaml b/charts/dataingestion-service/values-dev.yaml index 41d974b6..3f7b33c8 100644 --- a/charts/dataingestion-service/values-dev.yaml +++ b/charts/dataingestion-service/values-dev.yaml @@ -38,6 +38,7 @@ reportingService: observationReportingServicePort: 8094 postProcessingReportingServicePort: 8095 ldfdataReportingServicePort: 8097 + metabaseServicePort: 8190 dataprocessingService: enabled: "false" diff --git a/charts/dataingestion-service/values-dts1.yaml b/charts/dataingestion-service/values-dts1.yaml index eef442d7..4c61eea9 100644 --- a/charts/dataingestion-service/values-dts1.yaml +++ b/charts/dataingestion-service/values-dts1.yaml @@ -38,6 +38,7 @@ reportingService: observationReportingServicePort: 8094 postProcessingReportingServicePort: 8095 ldfdataReportingServicePort: 8097 + metabaseServicePort: 8190 dataprocessingService: enabled: "true" diff --git a/charts/dataingestion-service/values.yaml b/charts/dataingestion-service/values.yaml index 5b6e5ac9..2ea7745a 100644 --- a/charts/dataingestion-service/values.yaml +++ b/charts/dataingestion-service/values.yaml @@ -39,6 +39,7 @@ reportingService: observationReportingServicePort: 8094 postProcessingReportingServicePort: 8095 ldfdataReportingServicePort: 8097 + metabaseServicePort: 8190 dataprocessingService: enabled: "true" diff --git a/charts/metabase-service/.helmignore b/charts/metabase-service/.helmignore new file mode 100644 index 00000000..f0c13194 --- /dev/null +++ b/charts/metabase-service/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/charts/metabase-service/Chart.yaml b/charts/metabase-service/Chart.yaml new file mode 100644 index 00000000..3527bdbd --- /dev/null +++ b/charts/metabase-service/Chart.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +description: + The easy, open source way for everyone in your company to ask questions + and learn from data. +name: metabase +# Update this value everytime, we change anything in the repo +version: 2.7.3 +# This is the version value from the official metabase repo +appVersion: v0.51.4 +home: http://www.metabase.com/ +icon: http://www.metabase.com/images/logo.svg +sources: + - https://github.com/metabase/metabase diff --git a/charts/metabase-service/Metabase_Installation.md b/charts/metabase-service/Metabase_Installation.md new file mode 100644 index 00000000..1a5c34c1 --- /dev/null +++ b/charts/metabase-service/Metabase_Installation.md @@ -0,0 +1,88 @@ +# Metabase Installation on EKS using Helm charts + +This document will help understand the installation and running of +Metabase on AWS EKS, using Helm charts. This Metabase page can be +accessed from any browser from [EQ Metabase +Instance](https://metabase.datateam-cdc-nbs.eqsandbox.com/). + +## Prerequisites + +- EKS instance is running and you are added to the admin role to + install and run the containers + +- RDS (Postgres) for App DB running on the same VPC + +- **Install Kubernetes CLI tool** on your local machine to interact + with containers on the EKS cluster + + - + +- **Install Helm CLI tool** on your local machine to run commands on + the containers on the EKS cluster + + - For installation on Mac OS: + + - Make sure that your home brew package manager is up-to-date + -- brew update + + - Install helm using home brew -- brew install helm + + - Verify the installation -- helm version + +## Installing Metabase using EKS + +### Connecting to the EKS Cluster: + +- Go to the AWS login page and click on Command line or Programmatic + access + +We need to have Admin access to the AWS console, in order to access the +cluster to install and run kubernetes containers + +- Select one of the options to Get the credentials to access the + console using the command line access, in our case we are selecting + the Option 1: Set AWS environment variables (Short-term credentials) + +- Copy and run the above export commands for the credentials into the + terminal + +- Run the below command on your terminal to connect to the eks cluster + using the provided the role + +> aws eks --region us-east-1 update-kubeconfig --name cdc-nbs-dts1-eks + +### Installing Metabase (PostgreSQL as App DB): + +- Following command will install and run the Metabase on the EKS + cluster + + - use the metabase-config.yaml file to provide the additional + connection parameters such as PostgreSQL database information + for the Metabase's App DB, and also used to provide the App + version information, etc. + +> helm install metabase -f /values.yaml + +Before proceeding to Installation we need to make sure that our EKS +and RDS are connected to allow traffic going both ways. + +Please make sure you pass the correct path for the helm chart and +path for the yaml file + +- Now you should be able to access the Metabase Instance from the host + name provided in the ingress rules (check your values\_\.yaml) + +If you don't have a DNS setup available for metabase, use the following +steps to access the metabase instance from the POD ip address + +### Accessing Metabase from browser: + +- Once the installation is done, we can access metabase app on the + same IP address as the metabase pod, and on port 3000. + + - Run the command kubectl get pods -o wide to identify the IP + address of the POD running Metabase server + +![](media/image4.png) + +example: In the current installation you can access metabase from: http://:3000/ diff --git a/charts/metabase-service/README.md b/charts/metabase-service/README.md new file mode 100644 index 00000000..3f700866 --- /dev/null +++ b/charts/metabase-service/README.md @@ -0,0 +1,113 @@ +# Metabase + +[Metabase](http://metabase.com) is the easy, open source way for everyone in your company to ask questions and learn from data. + +## Introduction + +This chart bootstraps a [Metabase](https://github.com/metabase/metabase) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Configuration + +The following table lists the configurable parameters of the Metabase chart and their default values. + +| Parameter | Description | Default | +|-------------------------------------------------|----------------------------------------------------------------------------|-------------------| +| replicaCount | desired number of controller pods | 1 | +| pdb.create | Enable/disable a Pod Disruption Budget creation | false | +| pdb.minAvailable | Minimum number/percentage of pods that should remain scheduled | 1 | +| pdb.maxUnavailable | Maximum number/percentage of pods that may be made unavailable | | +| deploymentAnnotations | extra deployment annotations | {} | +| deploymentLabels | extra deployment labels | {} | +| podAnnotations | controller pods annotations | {} | +| podLabels | extra pods labels | {} | +| image.repository | controller container image repository | metabase/metabase | +| image.tag | controller container image tag | v0.46.4 | +| image.command | controller container image command | [] | +| image.pullPolicy | controller container image pull policy | IfNotPresent | +| image.pullSecrets | controller container image pull secrets | [] | +| fullnameOverride | String to fully override metabase.fullname template | null | +| extraenv.app_db_max_conn_pool | Overriding the max Concurrent Users limit to 100 | 15 | +| extraenv.jdbc_db_max_conn_pool | Overriding the max DB Concurrent connection limit to 100 | 15 | +| listen.host | Listening on a specific network host | 0.0.0.0 | +| listen.port | Listening on a specific network port | 3000 | +| monitoring.enabled | Enable prometheus endpoint | false | +| monitoring.port | Listening port for prometheus endpoint | 9191 | +| ssl.enabled | Enable SSL to run over HTTPS | false | +| ssl.port | SSL port | null | +| ssl.keyStore | The key store in JKS format | null | +| ssl.keyStorePassword | The password for key Store | null | +| database.type | Backend database type | h2 | +| database.encryptionKey | Secret key for encrypt sensitive information into database | null | +| database.connectionURI | Database connection URI (alternative to the below settings) | null | +| database.host | Database host | null | +| database.port | Database port | null | +| database.file | Database file (for H2; also add a volume to store it!) | null | +| database.dbname | Database name | null | +| database.username | Database username | null | +| database.password | Database password | null | +| database.existingSecret | Exising secret for database credentials | null | +| database.existingSecretUsernameKey | Username key for exising secret | null | +| database.existingSecretPasswordKey | Password key for exising secret | null | +| database.existingSecretConnectionURIKey | ConnectionURI key for exising secret | null | +| database.existingSecretEncryptionKeyKey | EncryptionKey key for exising secret | null | +| database.googleCloudSQL.instanceConnectionNames | Google Cloud SQL instance connection names. See `values.yaml` for details. | [] | +| database.googleCloudSQL.sidecarImageTag | Specific tag for the Google Cloud SQL Auth proxy sidecar image | latest | +| database.googleCloudSQL.resources | Google Cloud SQL Auth proxy resource requests and limits | {} | +| password.complexity | Complexity requirement for Metabase account's password | normal | +| password.length | Minimum length required for Metabase account's password | 6 | +| timeZone | Service time zone | UTC | +| emojiLogging | Get a funny emoji in service log | true | +| colorLogging | Color log lines. When set to false it will disable log line colors | true | +| javaOpts | JVM options | null | +| pluginsDirectory | A directory with Metabase plugins | null | +| extraInitContainers | Additional init containers e.g. to download plugins | [] | +| extraVolumes | Additional server volumes | [] | +| extraVolumeMounts | Additional server volumeMounts | [] | +| livenessProbe.initialDelaySeconds | Delay before liveness probe is initiated | 120 | +| livenessProbe.timeoutSeconds | When the probe times out | 30 | +| livenessProbe.failureThreshold | Minimum consecutive failures for the probe | 6 | +| readinessProbe.initialDelaySeconds | Delay before readiness probe is initiated | 30 | +| readinessProbe.timeoutSeconds | When the probe times out | 3 | +| readinessProbe.periodSeconds | How often to perform the probe | 5 | +| service.type | ClusterIP, NodePort, or LoadBalancer | ClusterIP | +| service.loadBalancerSourceRanges | Array of Source Ranges | null | +| service.externalPort | Service external port | 80 | +| service.internalPort | Service internal port, should be the same as `listen.port` | 3000 | +| service.nodePort | Service node port | null | +| service.annotations | Service annotations | {} | +| serviceAccount.create | Specifies whether a service account should be created | false | +| serviceAccount.annotations | Annotations to add to the service account | {} | +| serviceAccount.name | The name of the service account to use | null | +| awsEKS.sgp.enabled | Enable EKS's Security Groups Policy | false | +| awsEKS.sgp.sgIds | List of AWS Security Group IDs to attach to the pod | null | +| ingress.enabled | Enable ingress controller resource | false | +| ingress.className | Ingress class name (Kubernetes 1.18+) | null | +| ingress.hosts | Ingress resource hostnames | ["*"] | +| ingress.path | Ingress path | / | +| ingress.pathType | Ingress pathType | Prefix | +| ingress.labels | Ingress labels configuration | null | +| ingress.annotations | Ingress annotations configuration | {} | +| ingress.tls | Ingress TLS configuration | null | +| route.enabled | Enable OpenShift route resource | false | +| route.annotations | Route annotations configuration | {} | +| route.host | Route hostname | null | +| route.path | Route path | "" | +| route.wildcardPolicy | Route wildcard policy | None | +| route.tls | Route tls configuration | {} | +| log4j2XML | Custom `log4j2.xml` file | null | +| log4jProperties | DEPRECATED Custom `log4j.properties` file | null | +| resources | Server resource requests and limits | {} | +| nodeSelector | Node labels for pod assignment | {} | +| tolerations | Toleration labels for pod assignment | [] | +| affinity | Affinity settings for pod assignment | {} | +| priorityClass | PriorityClass settings for pod assignment | null | +| jetty.maxThreads | Jetty max number of threads | null | +| jetty.minThreads | Jetty min number of threads | null | +| jetty.maxQueued | Jetty max queue size | null | +| jetty.maxIdleTime | Jetty max idle time | null | +| siteUrl | Base URL, useful for serving behind a reverse proxy | null | +| session.maxSessionAge | Session expiration defined in minutes | 20160 | +| session.sessionCookies | When browser is closed, user login session will expire | null | +| extraEnv | Mapping of extra environment variables | {} | + +The above parameters map to the env variables defined in [metabase](http://github.com/metabase/metabase). For more information please refer to the [metabase documentations](https://www.metabase.com/docs/v0.41/operations-guide/environment-variables.html). diff --git a/charts/metabase-service/Troubleshooting.md b/charts/metabase-service/Troubleshooting.md new file mode 100644 index 00000000..eba1dd98 --- /dev/null +++ b/charts/metabase-service/Troubleshooting.md @@ -0,0 +1,24 @@ +# Troubleshooting EKS Cluster/Pod Issues + +This document will list and describe all the identified or common +troubleshooting issues that could occur with EKS cluster and Pods + +## Basic Troubleshooting + +#### Checking Logs of a running Pods + +> *We can only check logs on any running and active pods, using the command below.* +> +> kubectl logs \ -f (use -f flag to see the real time logs) + +#### Checking Issue of the failed/evicted Pods + +> *We can use the following command to describe the Pods and also help understand the issue that caused the Pod to fail* +> +> kubectl describe pods \ + +#### Accessing the Pod's file system using terminal + +> *We can use the following command to access the home directory of the running Pod (only on the running and live pod)* +> +> mode kubectl exec -it \ -n \ \-- /bin/bash \ No newline at end of file diff --git a/charts/metabase-service/templates/NOTES.txt b/charts/metabase-service/templates/NOTES.txt new file mode 100644 index 00000000..a998eac9 --- /dev/null +++ b/charts/metabase-service/templates/NOTES.txt @@ -0,0 +1,32 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.hostname }} + http://{{- .Values.ingress.hostname }} +{{- else if .Values.route.enabled }} + {{- if .Values.route.host }} + {{- if not (empty .Values.route.tls) }} + https://{{- .Values.route.host }} + {{- else }} + http://{{- .Values.route.host }} + {{- end }} + {{- else }} + export ROUTE_HOST=$(oc get route -n {{ .Release.Namespace }} {{ template "metabase.fullname" . }} -o jsonpath="{.spec.host}") + {{- if not (empty .Values.route.tls) }} + echo https://$ROUTE_HOST + {{- else }} + echo http://$ROUTE_HOST + {{- end }} + {{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "metabase.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "metabase.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "metabase.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.externalPort }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "metabase.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 8080:{{ .Values.service.internalPort }} +{{- end }} diff --git a/charts/metabase-service/templates/_helpers.tpl b/charts/metabase-service/templates/_helpers.tpl new file mode 100644 index 00000000..1e46b16d --- /dev/null +++ b/charts/metabase-service/templates/_helpers.tpl @@ -0,0 +1,75 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "metabase.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metabase.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- printf .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metabase.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "metabase.selectorLabels" -}} +app: NBS +type: Data +app.kubernetes.io/name: {{ include "metabase.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{- define "metabase.labels" -}} +app: NBS +type: Data +helm.sh/chart: {{ include "metabase.chart" . }} +{{ include "metabase.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Return the apiVersion of deployment. +*/}} +{{- define "deployment.apiVersion" -}} +{{- if semverCompare "<1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "extensions/v1beta1" -}} +{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} +{{- print "apps/v1" -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "metabase.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "metabase.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/charts/metabase-service/templates/config.yaml b/charts/metabase-service/templates/config.yaml new file mode 100644 index 00000000..f2aae16f --- /dev/null +++ b/charts/metabase-service/templates/config.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "metabase.fullname" . }}-config + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metabase.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{- if .Values.log4jProperties }} + log4j.properties: +{{ toYaml .Values.log4jProperties | indent 4}} + {{- end}} + {{- if .Values.log4j2XML }} + log4j2.xml: +{{ toYaml .Values.log4j2XML | indent 4}} + {{- end}} diff --git a/charts/metabase-service/templates/deployment.yaml b/charts/metabase-service/templates/deployment.yaml new file mode 100644 index 00000000..f48aef74 --- /dev/null +++ b/charts/metabase-service/templates/deployment.yaml @@ -0,0 +1,302 @@ +# This template file is used to capture all general deployment setting values and environment variables +# from the Values.yaml file and uses those values for the deployment. + +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "metabase.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metabase.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- if .Values.deploymentLabels }} + {{- toYaml .Values.deploymentLabels | trim | nindent 4 }} + {{- end }} + {{- if .Values.deploymentAnnotations }} + annotations: + {{- toYaml .Values.deploymentAnnotations | trim | nindent 4 }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "metabase.name" . }} + replicas: {{ .Values.replicaCount }} + {{- with .Values.strategy }} + strategy: +{{ toYaml . | trim | indent 4 }} + {{- end }} + template: + metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | trim | indent 8 }} + {{- end }} + labels: + app: {{ template "metabase.name" . }} + release: {{ .Release.Name }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | trim | indent 8 }} + {{- end }} + spec: + {{- if .Values.extraInitContainers }} + initContainers: + {{ toYaml .Values.extraInitContainers | nindent 8 }} + {{- end }} + {{- if gt (len .Values.image.pullSecrets) 0 }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . | quote }} + {{- end }} + {{- end }} + containers: + - name: {{ template "metabase.name" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- with .Values.image.command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: MB_APPLICATION_DB_MAX_CONNECTION_POOL_SIZE + value: {{ .Values.extraenv.app_db_max_conn_pool | quote }} + - name: MB_JDBC_DATA_WAREHOUSE_MAX_CONNECTION_POOL_SIZE + value: {{ .Values.extraenv.jdbc_db_max_conn_pool | quote }} + - name: MB_JETTY_HOST + value: {{ .Values.listen.host | quote }} + - name: MB_JETTY_PORT + value: {{ .Values.listen.port | quote }} + {{- if .Values.monitoring.enabled }} + - name: MB_PROMETHEUS_SERVER_PORT + value: {{ .Values.monitoring.port | quote }} + {{- end }} + {{- if .Values.ssl.enabled }} + - name: MB_JETTY_SSL + value: "true" + - name: MB_JETTY_SSL_Port + value: {{ .Values.ssl.port | quote }} + - name: MB_JETTY_SSL_Keystore + valueFrom: + secretKeyRef: + name: {{ template "metabase.fullname" . }}-ssl + key: keystore + - name: MB_JETTY_SSL_Keystore_Password + valueFrom: + secretKeyRef: + name: {{ template "metabase.fullname" . }}-ssl + key: password + {{- end }} + {{- if .Values.jetty }} + {{- range $key, $value := .Values.jetty }} + - name: MB_JETTY_{{ $key | upper }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + - name: MB_DB_TYPE + value: {{ .Values.database.type | lower }} + {{- if .Values.database.file }} + - name: MB_DB_FILE + value: {{ .Values.database.file }} + {{- end }} + {{- if or .Values.database.existingSecretEncryptionKeyKey .Values.database.encryptionKey }} + - name: MB_ENCRYPTION_SECRET_KEY + valueFrom: + secretKeyRef: + name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .))}} + key: {{ or .Values.database.existingSecretEncryptionKeyKey "encryptionKey" }} + {{- end }} + {{- if ne (.Values.database.type | lower) "h2" }} + {{- if or .Values.database.existingSecretConnectionURIKey .Values.database.connectionURI }} + - name: MB_DB_CONNECTION_URI + valueFrom: + secretKeyRef: + name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .)) }} + key: {{ or .Values.database.existingSecretConnectionURIKey "connectionURI" }} + {{- else }} + - name: MB_DB_HOST + value: {{ .Values.database.host | quote }} + - name: MB_DB_PORT + value: {{ .Values.database.port | quote }} + - name: MB_DB_DBNAME + value: {{ .Values.database.dbname | quote }} + {{- end }} + {{- if or .Values.database.existingSecretUsernameKey .Values.database.username }} + - name: MB_DB_USER + valueFrom: + secretKeyRef: + name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .)) }} + key: {{ or .Values.database.existingSecretUsernameKey "username" }} + {{- end }} + {{- if or .Values.database.existingSecretPasswordKey .Values.database.password }} + - name: MB_DB_PASS + valueFrom: + secretKeyRef: + name: {{ or .Values.database.existingSecret (printf "%s-database" (include "metabase.fullname" .)) }} + key: {{ or .Values.database.existingSecretPasswordKey "password" }} + {{- end }} + {{- end }} + - name: MB_PASSWORD_COMPLEXITY + value: {{ .Values.password.complexity }} + - name: MB_PASSWORD_LENGTH + value: {{ .Values.password.length | quote }} + - name: JAVA_TIMEZONE + value: {{ .Values.timeZone }} + {{- if .Values.javaOpts }} + - name: JAVA_OPTS + value: {{ .Values.javaOpts | quote }} + {{- else }} + {{- if .Values.log4jProperties }} + - name: JAVA_OPTS + value: "-Dlog4j.configuration=file:/tmp/conf/log4j.properties" + {{- end }} + {{- if .Values.log4j2XML }} + - name: JAVA_OPTS + value: "-Dlog4j.configurationFile=file:/tmp/conf/log4j2.xml" + {{- end }} + {{- end }} + {{- if .Values.pluginsDirectory }} + - name: MB_PLUGINS_DIR + value: {{ .Values.pluginsDirectory | quote }} + {{- end }} + - name: MB_EMOJI_IN_LOGS + value: {{ .Values.emojiLogging | quote }} + - name: MB_COLORIZE_LOGS + value: {{ .Values.colorLogging | quote }} + # lets the site requestes to HTTPS + - name: MB_REDIRECT_ALL_REQUESTS_TO_HTTPS + value: {{ .Values.siteHTTPS | quote }} + {{- if .Values.siteUrl }} + - name: MB_SITE_URL + value: {{ .Values.siteUrl | quote }} + {{- end }} + {{- if .Values.session.maxSessionAge }} + - name: MAX_SESSION_AGE + value: {{ .Values.session.maxSessionAge | quote }} + {{- end }} + {{- if .Values.session.sessionCookies }} + - name: MB_SESSION_COOKIES + value: {{ .Values.session.sessionCookies | quote }} + {{- end }} + {{- if .Values.session.cookieSameSite }} + - name: MB_COOKIE_SAMESITE + value: {{ .Values.session.cookieSameSite | quote }} + {{- end }} + {{- if gt (len .Values.extraEnv) 0 }} + {{- .Values.extraEnv | toYaml | nindent 10 }} + {{- end }} + ports: + - containerPort: {{ .Values.service.internalPort }} + {{- if .Values.monitoring.enabled }} + - containerPort: {{ .Values.monitoring.port }} + name: metrics + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.livenessProbe.path }} + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + readinessProbe: + httpGet: + path: {{ .Values.readinessProbe.path }} + port: {{ .Values.service.internalPort }} + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + {{- if or .Values.log4jProperties .Values.log4j2XML (ne (len .Values.extraVolumeMounts) 0) }} + volumeMounts: + {{- if .Values.pvc.enabled }} + - mountPath: /usr/share/metabase + name: mb-persistent-storage + {{end}} + {{- if or .Values.log4jProperties .Values.log4j2XML }} + - name: config + mountPath: /tmp/conf/ + {{- end }} + {{- if ne (len .Values.extraVolumeMounts) 0 }} + {{ toYaml .Values.extraVolumeMounts | nindent 12 }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- if gt (len .Values.database.googleCloudSQL.instanceConnectionNames) 0 }} + - name: cloudsql-proxy + image: "gcr.io/cloudsql-docker/gce-proxy:{{ or .Values.database.googleCloudSQL.sidecarImageTag "latest" }}" + command: + - "/cloud_sql_proxy" + - "-instances={{ join "," .Values.database.googleCloudSQL.instanceConnectionNames }}" + - "-term_timeout=10s" + - "-structured_logs" + - "-use_http_health_check" + - "-enable_iam_login" + securityContext: + runAsNonRoot: true + livenessProbe: + httpGet: + path: /liveness + port: 8090 + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 50 + failureThreshold: 2 + readinessProbe: + httpGet: + path: /readiness + port: 8090 + initialDelaySeconds: 300 + periodSeconds: 10 + timeoutSeconds: 50 + successThreshold: 1 + failureThreshold: 2 + startupProbe: + httpGet: + path: /startup + port: 8090 + periodSeconds: 1 + timeoutSeconds: 300 + failureThreshold: 20 + resources: +{{ toYaml .Values.database.googleCloudSQL.resources | indent 12 }} + {{- end }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} +{{/* {{- if .Values.priorityClass}}*/}} +{{/* priorityClass: {{ .Values.priorityClass }}*/}} +{{/* {{- end }}*/}} + serviceAccountName: {{ template "metabase.serviceAccountName" . }} + volumes: + {{- if or .Values.log4jProperties .Values.log4j2XML }} + - name: config + configMap: + name: {{ template "metabase.fullname" . }}-config + items: + {{- if .Values.log4jProperties }} + - key: log4j.properties + path: log4j.properties + {{- end }} + {{- if .Values.log4j2XML}} + - key: log4j2.xml + path: log4j2.xml + {{- end }} + {{- end }} + {{- if ne (len .Values.extraVolumes) 0 }} + {{ toYaml .Values.extraVolumes | nindent 8 }} + {{- end }} + {{- if .Values.pvc.enabled }} + - name: mb-persistent-storage + persistentVolumeClaim: + claimName: {{ include "metabase.fullname" . }}-mb-pvc + {{- end }} diff --git a/charts/metabase-service/templates/pdb.yaml b/charts/metabase-service/templates/pdb.yaml new file mode 100644 index 00000000..174b1972 --- /dev/null +++ b/charts/metabase-service/templates/pdb.yaml @@ -0,0 +1,31 @@ +# This file would help you declare the Pod Disruption Budget, for high availability of your app, +# this will capture the min and max availability values from your values.yaml file + +{{- if .Values.pdb.create }} +apiVersion: policy/v1 +kind: PodDisruptionBudget +metadata: + name: {{ template "metabase.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metabase.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + {{- if .Values.pdb.minAvailable }} + minAvailable: {{ .Values.pdb.minAvailable }} + {{- end }} + {{- if .Values.pdb.maxUnavailable }} + maxUnavailable: {{ .Values.pdb.maxUnavailable }} + {{- end }} + selector: + matchLabels: + app: {{ template "metabase.name" . }} + {{- if .Values.deploymentLabels }} +{{- toYaml .Values.deploymentLabels | trim | indent 6 }} + {{- end }} + {{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | trim | indent 6 }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/charts/metabase-service/templates/service.yaml b/charts/metabase-service/templates/service.yaml new file mode 100644 index 00000000..dbcd2cd1 --- /dev/null +++ b/charts/metabase-service/templates/service.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "metabase.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metabase.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.service.annotations }} + annotations: +{{ toYaml .Values.service.annotations | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} +{{- if .Values.service.loadBalancerSourceRanges}} + loadBalancerSourceRanges: +{{toYaml .Values.service.loadBalancerSourceRanges | indent 4 }} +{{- end}} + ports: + - port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} +{{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} +{{- end}} + protocol: TCP + name: {{ .Values.service.name }} + selector: + app: {{ template "metabase.name" . }} + release: {{ .Release.Name }} diff --git a/charts/metabase-service/templates/serviceaccount.yaml b/charts/metabase-service/templates/serviceaccount.yaml new file mode 100644 index 00000000..7ae2fba9 --- /dev/null +++ b/charts/metabase-service/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "metabase.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "metabase.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +{{- end -}} diff --git a/charts/metabase-service/templates/tests/test-connection.yaml b/charts/metabase-service/templates/tests/test-connection.yaml new file mode 100644 index 00000000..4f1205a8 --- /dev/null +++ b/charts/metabase-service/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "metabase.fullname" . }}-test-connection" + labels: + {{- include "metabase.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "metabase.fullname" . }}:{{ .Values.service.externalPort }}'] + restartPolicy: Never diff --git a/charts/metabase-service/values-dts1.yaml b/charts/metabase-service/values-dts1.yaml new file mode 100644 index 00000000..2508a18c --- /dev/null +++ b/charts/metabase-service/values-dts1.yaml @@ -0,0 +1,235 @@ +replicaCount: 1 +nameOverride: "" + +pdb: + create: false + minAvailable: 1 + maxUnavailable: "" + +deploymentAnnotations: {} +deploymentLabels: {} +podAnnotations: {} +podLabels: {} +image: + repository: metabase/metabase + tag: v0.52.2 + command: [] + pullPolicy: IfNotPresent + pullSecrets: [] + +# Override MAX Pool connections defaults +extraenv: + app_db_max_conn_pool: 100 + jdbc_db_max_conn_pool: 100 + +# Config Jetty web server +listen: + host: "0.0.0.0" + port: 3000 + +monitoring: + enabled: false + port: 9191 +ssl: + # If you have an ssl certificate and would prefer to have Metabase run over HTTPS + enabled: false + # port: 8443 + # keyStore: |- + # << JKS KEY STORE >> + # keyStorePassword: storepass +jetty: +# maxThreads: 254 +# minThreads: 8 +# maxQueued: -1 +# maxIdleTime: 60000 + +# Backend database +database: + # Database type (h2 / mysql / postgres), default: h2 + type: postgres + ## Specify file to store H2 database. You will also have to back this with a volume (cf. extraVolume and extraVolumeMounts)! + # file: MetabaseData + # encryptionKey: << YOUR ENCRYPTION KEY OR LEAVE BLANK AND USE EXISTING SECRET >> + ## Only need when you use mysql / postgres + + # host: "" + # port: "" + # dbname: "" + # username: "" + # password: "" + + ## Alternatively, use a connection URI for full configurability. Example for SSL enabled Postgres. + ## Below data is overridden in ArgoCd to mask connection details + connectionURI: + # connectionURI: postgres://:/?user=&password=&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory + ## If a secret with the database credentials already exists, use the following values: + # existingSecret: + # existingSecretUsernameKey: + # existingSecretPasswordKey: + # existingSecretConnectionURIKey: + # existingSecretEncryptionKeyKey: + ## One or more Google Cloud SQL database instances can be made available to Metabase via the *Cloud SQL Auth proxy*. + ## These can be used for Metabase's internal database (by specifying `host: localhost` and the port above), or as + ## additional databases (configured at Admin → Databases). Workload Identity should be used for authentication, so + ## that when `serviceAccount.create=true`, `serviceAccount.annotations` should contain: + ## iam.gke.io/gcp-service-account: your-gsa@email + ## Ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine + googleCloudSQL: + ## Found in Cloud Console "Cloud SQL Instance details" or using `gcloud sql instances describe INSTANCE_ID` + ## example format: $project:$region:$instance=tcp:$port + ## Each connection must have a unique TCP port. + instanceConnectionNames: [] + ## Option to use a specific version of the *Cloud SQL Auth proxy* sidecar image. + ## ref: https://console.cloud.google.com/gcr/images/cloudsql-docker/GLOBAL/gce-proxy + # sidecarImageTag: latest + ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#running_the_as_a_sidecar + resources: {} + +password: + # Changing Metabase password complexity: + # weak: no character constraints + # normal: at least 1 digit (default) + # strong: minimum 8 characters w/ 2 lowercase, 2 uppercase, 1 digit, and 1 special character + complexity: normal + length: 6 + +timeZone: UTC +emojiLogging: true +colorLogging: true +# javaOpts: +# pluginsDirectory: /plugins + +session: + {} + # maxSessionAge: + # sessionCookies: + # cookieSameSite: + +# specify init containers, e.g. for module download +extraInitContainers: [] + +extraVolumeMounts: [] +# - name: plugins +# mountPath: /plugins +# readOnly: false + +extraVolumes: [] +# - name: plugins +# emptyDir: {} + +pvc: + enabled: #true + mbPvClaim: + storageClass: efs-metabase + storageRequest: 20Gi + +efsFileSystemId: "" + +cloudProvider: "" + +livenessProbe: + path: /api/health + initialDelaySeconds: 300 + timeoutSeconds: 30 + failureThreshold: 6 + +readinessProbe: + path: /api/health + initialDelaySeconds: 300 + timeoutSeconds: 3 + periodSeconds: 5 + +service: + name: metabase + type: ClusterIP + externalPort: 8190 + internalPort: 3000 + # Used to fix NodePort when service.type: NodePort. + nodePort: + annotations: + {} + # Used to add custom annotations to the Service. + # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" +ingress: + enabled: true + className: "nginx" + hosts: + - app.dts1.nbspreview.com + path: / + pathType: Prefix + + tls: + - secretName: app.dts1.nbspreview.com + hosts: + - app.dts1.nbspreview.com + +ingressHost: app.dts1.nbspreview.com + +route: + enabled: false + annotations: + {} + # haproxy.router.openshift.io/timeout: "60s" + # host: "" + path: "" + wildcardPolicy: "None" + tls: + {} + # termination: "Edge" + # insecureEdgeTerminationPolicy: "Redirect" + # key: "" + # certificate: "" + # caCertificate: "" + # destinationCACertificate: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + # cpu: 100m + memory: 2Gi + requests: + # cpu: 100m + memory: 1Gi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## PriorityClass for pod assignment +## ref: +## https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority +## priorityClass: "" + +## AWS Security Group Policy (EKS) +## ref: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html +## +awsEKS: + sgp: + enabled: false + # AWS Security Group IDs to attach to the pod + # sgIds: + # - sg-abc123 + # - sg-xyz456 \ No newline at end of file diff --git a/charts/metabase-service/values.yaml b/charts/metabase-service/values.yaml new file mode 100644 index 00000000..bce6a10e --- /dev/null +++ b/charts/metabase-service/values.yaml @@ -0,0 +1,237 @@ +## Use this file for local testing + +replicaCount: 1 +nameOverride: "" + +pdb: + create: false + minAvailable: 1 + maxUnavailable: "" + +deploymentAnnotations: {} +deploymentLabels: {} +podAnnotations: {} +podLabels: {} +image: + repository: metabase/metabase + tag: v0.52.2 + command: [] + pullPolicy: IfNotPresent + pullSecrets: [] + +# Override MAX Pool connections defaults +extraenv: + app_db_max_conn_pool: 100 + jdbc_db_max_conn_pool: 100 + +# Config Jetty web server +listen: + host: "0.0.0.0" + port: 3000 + +monitoring: + enabled: false + port: 9191 +ssl: + # If you have an ssl certificate and would prefer to have Metabase run over HTTPS + enabled: false + # port: 8443 + # keyStore: |- + # << JKS KEY STORE >> + # keyStorePassword: storepass +jetty: +# maxThreads: 254 +# minThreads: 8 +# maxQueued: -1 +# maxIdleTime: 60000 + +# Backend database +database: + # Database type (h2 / mysql / postgres), default: h2 + type: postgres + ## Specify file to store H2 database. You will also have to back this with a volume (cf. extraVolume and extraVolumeMounts)! + # file: MetabaseData + # encryptionKey: << YOUR ENCRYPTION KEY OR LEAVE BLANK AND USE EXISTING SECRET >> + ## Only need when you use mysql / postgres + + # host: "" + # port: "" + # dbname: "" + # username: "" + # password: "" + + ## Alternatively, use a connection URI for full configurability. Example for SSL enabled Postgres. + ## Below data is overridden in ArgoCd to mask connection details + connectionURI: + # connectionURI: postgres://:/?user=&password=&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory + ## If a secret with the database credentials already exists, use the following values: + # existingSecret: + # existingSecretUsernameKey: + # existingSecretPasswordKey: + # existingSecretConnectionURIKey: + # existingSecretEncryptionKeyKey: + ## One or more Google Cloud SQL database instances can be made available to Metabase via the *Cloud SQL Auth proxy*. + ## These can be used for Metabase's internal database (by specifying `host: localhost` and the port above), or as + ## additional databases (configured at Admin → Databases). Workload Identity should be used for authentication, so + ## that when `serviceAccount.create=true`, `serviceAccount.annotations` should contain: + ## iam.gke.io/gcp-service-account: your-gsa@email + ## Ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine + googleCloudSQL: + ## Found in Cloud Console "Cloud SQL Instance details" or using `gcloud sql instances describe INSTANCE_ID` + ## example format: $project:$region:$instance=tcp:$port + ## Each connection must have a unique TCP port. + instanceConnectionNames: [] + ## Option to use a specific version of the *Cloud SQL Auth proxy* sidecar image. + ## ref: https://console.cloud.google.com/gcr/images/cloudsql-docker/GLOBAL/gce-proxy + # sidecarImageTag: latest + ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#running_the_as_a_sidecar + resources: {} + +password: + # Changing Metabase password complexity: + # weak: no character constraints + # normal: at least 1 digit (default) + # strong: minimum 8 characters w/ 2 lowercase, 2 uppercase, 1 digit, and 1 special character + complexity: normal + length: 6 + +timeZone: UTC +emojiLogging: true +colorLogging: true +# javaOpts: +# pluginsDirectory: /plugins + +session: + {} + # maxSessionAge: + # sessionCookies: +# cookieSameSite: + +# specify init containers, e.g. for module download +extraInitContainers: [] + +extraVolumeMounts: [] +# - name: plugins +# mountPath: /plugins +# readOnly: false + +extraVolumes: [] +# - name: plugins +# emptyDir: {} + +pvc: + enabled: #true + mbPvClaim: + storageClass: efs-metabase + storageRequest: 20Gi + +efsFileSystemId: "" + +cloudProvider: "" + +livenessProbe: + path: /api/health + initialDelaySeconds: 300 + timeoutSeconds: 30 + failureThreshold: 6 + +readinessProbe: + path: /api/health + initialDelaySeconds: 300 + timeoutSeconds: 3 + periodSeconds: 5 + +service: + name: metabase + type: ClusterIP + externalPort: 8190 + internalPort: 3000 + # Used to fix NodePort when service.type: NodePort. + nodePort: + annotations: + {} + # Used to add custom annotations to the Service. + # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" +ingress: + enabled: true + className: "nginx" + hosts: + - app.dts1.nbspreview.com + path: / + pathType: Prefix + + tls: + - secretName: app.dts1.nbspreview.com + hosts: + - app.dts1.nbspreview.com + +ingressHost: app.dts1.nbspreview.com + +route: + enabled: false + annotations: + {} + # haproxy.router.openshift.io/timeout: "60s" + # host: "" + path: "" + wildcardPolicy: "None" + tls: + {} + # termination: "Edge" + # insecureEdgeTerminationPolicy: "Redirect" + # key: "" + # certificate: "" + # caCertificate: "" + # destinationCACertificate: "" + +serviceAccount: + # Specifies whether a service account should be created + create: false + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +resources: + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + limits: + # cpu: 100m + memory: 2Gi + requests: + # cpu: 100m + memory: 1Gi + +## Node labels for pod assignment +## ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + +## Tolerations for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + +## Affinity for pod assignment +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +## +affinity: {} + +## PriorityClass for pod assignment +## ref: +## https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/#pod-priority +## priorityClass: "" + +## AWS Security Group Policy (EKS) +## ref: https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html +## +awsEKS: + sgp: + enabled: false + # AWS Security Group IDs to attach to the pod + # sgIds: + # - sg-abc123 + # - sg-xyz456 \ No newline at end of file From 1a65acd1ac88150265b34abee9a5726a48de988f Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:02:26 -0800 Subject: [PATCH 2/9] Commenting srte config to test --- .../templates/ingress.yaml | 36 +++++++++---------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/charts/dataingestion-service/templates/ingress.yaml b/charts/dataingestion-service/templates/ingress.yaml index 33246b48..b445fa83 100644 --- a/charts/dataingestion-service/templates/ingress.yaml +++ b/charts/dataingestion-service/templates/ingress.yaml @@ -84,21 +84,21 @@ spec: port: number: {{ .Values.dataprocessingService.port }} {{- end }} - {{- if eq .Values.srtedataService.enabled "true" }} - - path: "/rti/" - pathType: Prefix - backend: - service: - name: srte-data-service - port: - number: {{ .Values.srtedataService.port }} - {{- end }} - {{- if eq .Values.srtedataService.enabled "true" }} - - path: "/extraction/" - pathType: Prefix - backend: - service: - name: nnd-service - port: - number: {{ .Values.nndService.port }} - {{- end }} +{{/* {{- if eq .Values.srtedataService.enabled "true" }}*/}} +{{/* - path: "/rti/"*/}} +{{/* pathType: Prefix*/}} +{{/* backend:*/}} +{{/* service:*/}} +{{/* name: srte-data-service*/}} +{{/* port:*/}} +{{/* number: {{ .Values.srtedataService.port }}*/}} +{{/* {{- end }} */}} +{{/* {{- if eq .Values.srtedataService.enabled "true" }}*/}} +{{/* - path: "/extraction/"*/}} +{{/* pathType: Prefix*/}} +{{/* backend:*/}} +{{/* service:*/}} +{{/* name: nnd-service*/}} +{{/* port:*/}} +{{/* number: {{ .Values.nndService.port }}*/}} +{{/* {{- end }} */}} From dfc0169434cf17eba2df4ad08c02bc759ed525f6 Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:05:39 -0800 Subject: [PATCH 3/9] Lowering max connection pool --- charts/metabase-service/values-dts1.yaml | 4 ++-- charts/metabase-service/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/metabase-service/values-dts1.yaml b/charts/metabase-service/values-dts1.yaml index 2508a18c..327c0d93 100644 --- a/charts/metabase-service/values-dts1.yaml +++ b/charts/metabase-service/values-dts1.yaml @@ -19,8 +19,8 @@ image: # Override MAX Pool connections defaults extraenv: - app_db_max_conn_pool: 100 - jdbc_db_max_conn_pool: 100 + app_db_max_conn_pool: 50 + jdbc_db_max_conn_pool: 50 # Config Jetty web server listen: diff --git a/charts/metabase-service/values.yaml b/charts/metabase-service/values.yaml index bce6a10e..4a912ac6 100644 --- a/charts/metabase-service/values.yaml +++ b/charts/metabase-service/values.yaml @@ -21,8 +21,8 @@ image: # Override MAX Pool connections defaults extraenv: - app_db_max_conn_pool: 100 - jdbc_db_max_conn_pool: 100 + app_db_max_conn_pool: 50 + jdbc_db_max_conn_pool: 50 # Config Jetty web server listen: From cc5604fae415a4606141183137ed649e8a9166be Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:10:41 -0800 Subject: [PATCH 4/9] Reverting DTS1 file to lower extraenv values --- charts/metabase-service/values-dts1.yaml | 73 +++++++++++++++++++----- 1 file changed, 58 insertions(+), 15 deletions(-) diff --git a/charts/metabase-service/values-dts1.yaml b/charts/metabase-service/values-dts1.yaml index 327c0d93..737f1dca 100644 --- a/charts/metabase-service/values-dts1.yaml +++ b/charts/metabase-service/values-dts1.yaml @@ -1,3 +1,6 @@ +# This is a copy of the values.yaml file used to deploy the Metabase on Sandbox env, +# If you would like to make changes to the Sandbox env, please update here and proceed to deploying as required. + replicaCount: 1 nameOverride: "" @@ -17,8 +20,12 @@ image: pullPolicy: IfNotPresent pullSecrets: [] +## String to fully override metabase.fullname template +## +# fullnameOverride: + # Override MAX Pool connections defaults -extraenv: +extraenv: app_db_max_conn_pool: 50 jdbc_db_max_conn_pool: 50 @@ -46,9 +53,9 @@ jetty: # Backend database database: # Database type (h2 / mysql / postgres), default: h2 - type: postgres + type: postgres #h2 ## Specify file to store H2 database. You will also have to back this with a volume (cf. extraVolume and extraVolumeMounts)! - # file: MetabaseData + #file: MetabaseData # encryptionKey: << YOUR ENCRYPTION KEY OR LEAVE BLANK AND USE EXISTING SECRET >> ## Only need when you use mysql / postgres @@ -59,8 +66,7 @@ database: # password: "" ## Alternatively, use a connection URI for full configurability. Example for SSL enabled Postgres. - ## Below data is overridden in ArgoCd to mask connection details - connectionURI: + connectionURI: #postgres://:5432/?user=&password=&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory # connectionURI: postgres://:/?user=&password=&ssl=true&sslfactory=org.postgresql.ssl.NonValidatingFactory ## If a secret with the database credentials already exists, use the following values: # existingSecret: @@ -98,15 +104,30 @@ emojiLogging: true colorLogging: true # javaOpts: # pluginsDirectory: /plugins +#siteHTTPS: true +#siteUrl: https://metabase.datateam-cdc-nbs.eqsandbox.com session: {} # maxSessionAge: - # sessionCookies: - # cookieSameSite: +# sessionCookies: +# cookieSameSite: # specify init containers, e.g. for module download extraInitContainers: [] +# - name: download-modules +# image: "curlimages/curl:7.70.0" +# imagePullPolicy: "IfNotPresent" +# volumeMounts: +# - name: plugins +# mountPath: /plugins +# workingDir: /plugins +# command: +# - "/bin/sh" +# - "-ec" +# - | +# curl -Lso /plugins/athena.metabase-driver.jar \ +# https://github.com/dacort/metabase-athena-driver/releases/download/v1.1.0/athena.metabase-driver.jar extraVolumeMounts: [] # - name: plugins @@ -148,20 +169,27 @@ service: nodePort: annotations: {} - # Used to add custom annotations to the Service. - # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" + # Used to add custom annotations to the Service. + # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" ingress: enabled: true className: "nginx" hosts: - app.dts1.nbspreview.com + # - metabase.domain.com path: / pathType: Prefix + # labels: + # traffic: internal + # annotations: {} + # cert-manager.io/cluster-issuer: "letsencrypt-production" tls: + # Secrets must be manually created in the namespace. - secretName: app.dts1.nbspreview.com hosts: - app.dts1.nbspreview.com + # - metabase.domain.com ingressHost: app.dts1.nbspreview.com @@ -169,7 +197,7 @@ route: enabled: false annotations: {} - # haproxy.router.openshift.io/timeout: "60s" + # haproxy.router.openshift.io/timeout: "60s" # host: "" path: "" wildcardPolicy: "None" @@ -179,8 +207,23 @@ route: # insecureEdgeTerminationPolicy: "Redirect" # key: "" # certificate: "" - # caCertificate: "" - # destinationCACertificate: "" + # caCertificate: "" + # destinationCACertificate: "" + +# A custom log4j2.xml file can be provided using a multiline YAML string. +# See https://github.com/metabase/metabase/blob/master/resources/log4j2.xml +# +# log4j2XML: + +# DEPRECATED; A custom log4j.properties file can be provided using a multiline YAML string. +# See https://github.com/metabase/metabase/blob/master/resources/log4j.properties +# +# log4jProperties: + +# The deployment strategy to use +# https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/#DeploymentSpec +# strategy: +# type: "Recreate" serviceAccount: # Specifies whether a service account should be created @@ -197,15 +240,15 @@ resources: # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. limits: - # cpu: 100m + # cpu: 100m memory: 2Gi requests: - # cpu: 100m + # cpu: 100m memory: 1Gi ## Node labels for pod assignment ## ref: https://kubernetes.io/docs/user-guide/node-selection/ -## +# nodeSelector: {} ## Tolerations for pod assignment From 6d8d8980dde176756008f268bebae6a152693d19 Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:13:06 -0800 Subject: [PATCH 5/9] Reverting DTS1 file to lower extraenv values --- charts/metabase-service/values-dts1.yaml | 4 +++- charts/metabase-service/values.yaml | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/charts/metabase-service/values-dts1.yaml b/charts/metabase-service/values-dts1.yaml index 737f1dca..f4aaebb2 100644 --- a/charts/metabase-service/values-dts1.yaml +++ b/charts/metabase-service/values-dts1.yaml @@ -275,4 +275,6 @@ awsEKS: # AWS Security Group IDs to attach to the pod # sgIds: # - sg-abc123 - # - sg-xyz456 \ No newline at end of file + # - sg-xyz456 + +extraEnv: {} \ No newline at end of file diff --git a/charts/metabase-service/values.yaml b/charts/metabase-service/values.yaml index 4a912ac6..52379a4e 100644 --- a/charts/metabase-service/values.yaml +++ b/charts/metabase-service/values.yaml @@ -234,4 +234,6 @@ awsEKS: # AWS Security Group IDs to attach to the pod # sgIds: # - sg-abc123 - # - sg-xyz456 \ No newline at end of file + # - sg-xyz456 + +extraEnv: {} \ No newline at end of file From a649e7e41bb05105a30220b949b51ee53c602620 Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:21:29 -0800 Subject: [PATCH 6/9] Updating to internal metabase port for testing --- charts/dataingestion-service/values-dts1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dataingestion-service/values-dts1.yaml b/charts/dataingestion-service/values-dts1.yaml index 4c61eea9..a1fb0811 100644 --- a/charts/dataingestion-service/values-dts1.yaml +++ b/charts/dataingestion-service/values-dts1.yaml @@ -38,7 +38,7 @@ reportingService: observationReportingServicePort: 8094 postProcessingReportingServicePort: 8095 ldfdataReportingServicePort: 8097 - metabaseServicePort: 8190 + metabaseServicePort: 3000 dataprocessingService: enabled: "true" From b6c45d578a8a1a177b233388ff4aa7fa851dfd7d Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:30:56 -0800 Subject: [PATCH 7/9] Updating to internal metabase port for testing --- charts/dataingestion-service/templates/ingress.yaml | 4 ++-- charts/dataingestion-service/values-dts1.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/dataingestion-service/templates/ingress.yaml b/charts/dataingestion-service/templates/ingress.yaml index b445fa83..495a036f 100644 --- a/charts/dataingestion-service/templates/ingress.yaml +++ b/charts/dataingestion-service/templates/ingress.yaml @@ -67,11 +67,11 @@ spec: name: ldfdata-reporting-service port: number: {{ .Values.reportingService.ldfdataReportingServicePort }} - - path: "/reporting/metabase-svc/" + - path: "/reporting/metabase" pathType: Prefix backend: service: - name: metabase-service + name: metabase port: number: {{ .Values.reportingService.metabaseServicePort }} {{- end }} diff --git a/charts/dataingestion-service/values-dts1.yaml b/charts/dataingestion-service/values-dts1.yaml index a1fb0811..4c61eea9 100644 --- a/charts/dataingestion-service/values-dts1.yaml +++ b/charts/dataingestion-service/values-dts1.yaml @@ -38,7 +38,7 @@ reportingService: observationReportingServicePort: 8094 postProcessingReportingServicePort: 8095 ldfdataReportingServicePort: 8097 - metabaseServicePort: 3000 + metabaseServicePort: 8190 dataprocessingService: enabled: "true" From c92fb198da2c9b46e240572d8ee92899f6113a0d Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:32:40 -0800 Subject: [PATCH 8/9] Updating to internal metabase port for testing --- charts/dataingestion-service/templates/ingress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/dataingestion-service/templates/ingress.yaml b/charts/dataingestion-service/templates/ingress.yaml index 495a036f..a7c67e13 100644 --- a/charts/dataingestion-service/templates/ingress.yaml +++ b/charts/dataingestion-service/templates/ingress.yaml @@ -71,7 +71,7 @@ spec: pathType: Prefix backend: service: - name: metabase + name: metabase-service port: number: {{ .Values.reportingService.metabaseServicePort }} {{- end }} From ad9360dd434975fff673b5fc502810a8f7d0c982 Mon Sep 17 00:00:00 2001 From: Ragul Shanmugam Date: Thu, 12 Dec 2024 11:34:58 -0800 Subject: [PATCH 9/9] Updating to internal metabase svc name for testing --- charts/metabase-service/values-dts1.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/metabase-service/values-dts1.yaml b/charts/metabase-service/values-dts1.yaml index f4aaebb2..bf2b8143 100644 --- a/charts/metabase-service/values-dts1.yaml +++ b/charts/metabase-service/values-dts1.yaml @@ -161,7 +161,7 @@ readinessProbe: periodSeconds: 5 service: - name: metabase + name: metabase-service type: ClusterIP externalPort: 8190 internalPort: 3000