From 7ff27b750a829cddfc235877043d6214822ce4ae Mon Sep 17 00:00:00 2001 From: Alf-Rune Siqveland Date: Mon, 16 Sep 2024 14:18:48 +0200 Subject: [PATCH] feat!: Upgrade Helm to Mender Server v4.0 BREAKING CHANGE: See CHANGELOG.md Signed-off-by: Alf-Rune Siqveland --- mender/CHANGELOG.md | 45 ++ mender/Chart.yaml | 2 +- mender/templates/_container.yaml | 77 ++++ mender/templates/_helpers.tpl | 174 ++++++- mender/templates/_podspec.yaml | 46 ++ mender/templates/auditlogs/_podtemplate.yaml | 109 +---- mender/templates/auditlogs/deployment.yaml | 16 +- mender/templates/auditlogs/hpa.yaml | 2 +- mender/templates/auditlogs/job.yaml | 10 +- mender/templates/auditlogs/service.yaml | 2 +- .../create-artifact-worker/deployment.yaml | 88 +--- .../templates/deployments/_podtemplate.yaml | 141 +----- mender/templates/deployments/cronjob.yaml | 76 +-- mender/templates/deployments/deployment.yaml | 5 +- mender/templates/deployments/job.yaml | 9 +- mender/values.yaml | 433 +++++++++--------- 16 files changed, 665 insertions(+), 570 deletions(-) create mode 100644 mender/templates/_container.yaml create mode 100644 mender/templates/_podspec.yaml diff --git a/mender/CHANGELOG.md b/mender/CHANGELOG.md index f88d81f7..4d25686a 100644 --- a/mender/CHANGELOG.md +++ b/mender/CHANGELOG.md @@ -1,5 +1,50 @@ # Mender Helm chart +## Version 6.0.0 +BREAKING CHANGES: +* New image defaults: + * All overrides in default values have been removed + * Registry default changed: + - `registry.mender.io` if `mender.enterprise` + - `docker.io` otherwise + * Repository default changed: + - `mender-server-enterprise` if `mender.enterprise` + - `mendersoftware` otherwise. + * Default tag updated to follow AppVersion in Chart.yaml + * `username`/`password` is removed to discourage bad security practices + * Use `imagePullSecrets` instead +* Rename options: + * `global.image` -> `default.image` + * `global.image.imagePullPolicy` -> `default.image.pullPolicy` + * `global.mongodb` -> `default.mongodb` + * `global.nats` -> `default.nats` + * `global.redis` -> `default.redis` + * `global.storage` -> `storage.type` + * `global.s3` -> `storage.s3` + * `global.azure` -> `storage.azure` + * `global.url` -> `menderUrl` + * `global.smtp` -> `smtp` +* Removed options: + - `global.image.username` + - `global.image.password` + - `global.auditlogs`: Replaced by `auditlogs.enabled` + - `global.hosted` + - `global.s3.AWS_TAG_ARTIFACT` + - `global.s3.AWS_SERVICE_ACCOUNT_NAME`: superseded by `mender.serviceAccount.name` + - `global.redis.username`: Replaced by URL (connection string) + - `global.redis.password`: Replaced by URL (connection string) + - `test.enabled` +* MongoDB URL configuration + * Simplified values interface + * Added `mender.mongodb.existingSecretKey` to select an alternative key inside the secret for the connection string value. + * When using mongodb as a dependency, the connection string must be specified. +* NATS URL configuration + * Same logic as for MongoDB +* Redis URL configuration + * Same logic as for MongoDB + * Using the value from secret will use `REDIS_CONNECTION_STRING` key by default. +* `automigrate` options are disabled by default + ## Version 5.10.1 * Fix invalid regexp in default storage proxy rule. diff --git a/mender/Chart.yaml b/mender/Chart.yaml index 8e8532a9..2e7a31c5 100644 --- a/mender/Chart.yaml +++ b/mender/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -appVersion: "3.7.7" +appVersion: "v4.0.0" description: Mender is a robust and secure way to update all your software and deploy your IoT devices at scale with support for customization name: mender version: 5.10.1 diff --git a/mender/templates/_container.yaml b/mender/templates/_container.yaml new file mode 100644 index 00000000..6198f011 --- /dev/null +++ b/mender/templates/_container.yaml @@ -0,0 +1,77 @@ +{{- define "mender.container.resources" -}} +{{- if .override.resources }} +{{- .override.resources | toYaml }} +{{- else if .dot.Values.default.resources }} +{{- .dot.Values.default.resources | toYaml }} +{{- end }} +{{- end -}} + +{{- define "mender.container.securityContext" -}} +{{- if .override.containerSecurityContext }} +{{- /* NOTE: respect falsy override.containerSecurityContext.enabled */ -}} +{{- if .override.containerSecurityContext.enabled }} +{{- omit .override.containerSecurityContext "enabled" | toYaml }} +{{- else }} +{{- printf "{}" }} +{{- end }} +{{- else if and .dot.Values.default.containerSecurityContext + .dot.Values.default.containerSecurityContext.enabled }} +{{- omit .dot.Values.default.containerSecurityContext "enabled" | toYaml }} +{{- else }} +{{- printf "{}" }} +{{- end }} +{{- end -}} + +{{- /* Synopsis + {{ include "mender.container" (dict + "dot" . + "component" "" + "override" .Values. + "readinessPath": "optional|/api/internal/v1/.component/health" + "livenessPath": "optional|/api/internal/v1/.component/alive") + }} + Bolierplate Mender service ContainerSpec +*/ -}} +{{- define "mender.container" -}} +image: {{ include "mender.image" . }} +imagePullPolicy: {{ include "mender.imagePullPolicy" . }} +{{- if .args }} +args: {{ splitList " " .args | toYaml | nindent 2 }} +{{- else if and .override.automigrate }} +args: ["server", "--automigrate"] +{{- else }} +args: ["server"] +{{- end }} +{{- if (not .migration) }} +# Readiness/liveness probes +readinessProbe: + httpGet: + path: {{ coalesce .readinessPath (printf "/api/internal/v1/%s/health" .component) }} + port: 8080 + {{- coalesce .override.readinessProbe .dot.Values.default.readinessProbe | + toYaml | + nindent 2 }} +livenessProbe: + httpGet: + path: {{ coalesce .livenessPath (printf "/api/internal/v1/%s/alive" .component) }} + port: 8080 + {{- coalesce .override.livenessProbe .dot.Values.default.livenessProbe | + toYaml | + nindent 2 }} +startupProbe: + httpGet: + path: {{ coalesce .livenessPath (printf "/api/internal/v1/%s/alive" .component) }} + port: 8080 + {{- coalesce .override.startupProbe .dot.Values.default.startupProbe | + toYaml | + nindent 2 }} +{{- end }} +{{- if .resources }} +resources: {{- nindent 2 .resources }} +{{- else }} +{{- with include "mender.container.resources" . }} +resources: {{- nindent 2 . }} +{{- end }} +{{- end }} +securityContext: {{ include "mender.container.securityContext" . }} +{{- end -}} diff --git a/mender/templates/_helpers.tpl b/mender/templates/_helpers.tpl index 715e7fff..225b411c 100644 --- a/mender/templates/_helpers.tpl +++ b/mender/templates/_helpers.tpl @@ -86,7 +86,7 @@ Redis connection string MongoDB URI */}} {{- define "mongodb_uri" }} - {{- if and .Values.mongodb.enabled ( not .Values.global.mongodb.URL ) }} + {{- if and .Values.mongodb.enabled }} {{- if and (eq .Values.mongodb.architecture "replicaset") .Values.mongodb.externalAccess.enabled (eq .Values.mongodb.externalAccess.service.type "ClusterIP") }} {{- if and .Values.mongodb.auth.enabled .Values.mongodb.auth.rootPassword }} {{- printf "mongodb://root:%s@%s-0" .Values.mongodb.auth.rootPassword ( include "mongodb.fullname" .Subcharts.mongodb ) | b64enc | quote -}} @@ -113,6 +113,99 @@ MongoDB URI {{- end }} {{- end }} +{{- define "mender.mongoUrl" -}} +{{- if and .override.mongodb .override.mongodb.existingSecret -}} +valueFrom: + secretKeyRef: + name: {{ .override.mongodb.existingSecret }} + key: "MONGO_URL" +{{- else if and .override.mongodb .override.mongodb.URL -}} +value: {{ quote .override.mongodb.URL }} +{{- else if and .dot.Values.global + .dot.Values.global.mongodb + .dot.Values.global.mongodb.existingSecret -}} +{{- /* NOTE: For backward compatibility */ -}} +valueFrom: + secretKeyRef: + name: {{ .dot.Values.global.mongodb.existingSecret }} + key: "MONGO_URL" +{{- else if and .dot.Values.global + .dot.Values.global.mongodb + .dot.Values.global.mongodb.URL -}} +{{- /* NOTE: For backward compatibility */ -}} +value: {{ quote .dot.Values.global.mongodb.URL }} +{{- else if .dot.Values.default.mongodb.existingSecret -}} +valueFrom: + secretKeyRef: + name: {{ .dot.Values.default.mongodb.existingSecret }} + key: "MONGO_URL" +{{- else -}} +value: {{ quote .dot.Values.default.mongodb.URL }} +{{- end -}} +{{- end -}} + +{{- define "mender.natsUrl" -}} +{{- if and .override.nats .override.nats.existingSecret -}} +valueFrom: + secretKeyRef: + name: {{ .override.nats.existingSecret }} + key: "REDIS_CONNECTION_STRING" +{{- else if and .override.nats .override.nats.URL -}} +value: {{ quote .override.nats.URL }} +{{- else if and .dot.Values.global + .dot.Values.global.nats + .dot.Values.global.nats.existingSecret -}} +{{- /* NOTE: For backward compatibility */ -}} +valueFrom: + secretKeyRef: + name: {{ .dot.Values.global.nats.existingSecret }} + key: "REDIS_CONNECTION_STRING" +{{- else if and .dot.Values.global + .dot.Values.global.nats + .dot.Values.global.nats.URL -}} +{{- /* NOTE: For backward compatibility */ -}} +value: {{ quote .dot.Values.global.nats.URL }} +{{- else if .dot.Values.default.nats.existingSecret -}} +valueFrom: + secretKeyRef: + name: {{ .dot.Values.default.nats.existingSecret }} + key: "REDIS_CONNECTION_STRING" +{{- else -}} +value: {{ quote .dot.Values.default.nats.URL }} +{{- end -}} +{{- end -}} + +{{- define "mender.redisUrl" -}} +{{- if and .override.redis .override.redis.existingSecret -}} +valueFrom: + secretKeyRef: + name: {{ .override.redis.existingSecret }} + key: "REDIS_CONNECTION_STRING" +{{- else if and .override.redis .override.redis.URL -}} +value: {{ quote .override.redis.URL }} +{{- else if and .dot.Values.global + .dot.Values.global.redis + .dot.Values.global.redis.existingSecret -}} +{{- /* NOTE: For backward compatibility */ -}} +valueFrom: + secretKeyRef: + name: {{ .dot.Values.global.redis.existingSecret }} + key: "REDIS_CONNECTION_STRING" +{{- else if and .dot.Values.global + .dot.Values.global.redis + .dot.Values.global.redis.URL -}} +{{- /* NOTE: For backward compatibility */ -}} +value: {{ quote .dot.Values.global.redis.URL }} +{{- else if .dot.Values.default.redis.existingSecret -}} +valueFrom: + secretKeyRef: + name: {{ .dot.Values.default.redis.existingSecret }} + key: "REDIS_CONNECTION_STRING" +{{- else -}} +value: {{ quote .dot.Values.default.redis.URL }} +{{- end -}} +{{- end -}} + {{/* nats_uri */}} @@ -233,6 +326,85 @@ spec: {{- printf "%s-%s" ( include "mender.fullname" .dot ) .component }} {{- end }} +{{/* Helper for "mender.image" */}} +{{- define "mender.image.registry" }} +{{- if and .override.image .override.image.registry }} +{{- print .override.image.registry -}} +{{- else if and .dot.Values.global .dot.Values.global.image .dot.Values.global.image.registry}} +{{- print .dot.Values.global.image.registry -}} +{{- else if and .dot.Values.default.image .dot.Values.default.image.registry}} +{{- print .dot.Values.default.image.registry -}} +{{- else if .dot.Values.enterprise }} +{{- print "registry.mender.io" -}} +{{- else }} +{{- print "docker.io" -}} +{{- end }} +{{- end }} + +{{/* Helper for "mender.image" */}} +{{- define "mender.image.repository" }} +{{- if and .override.image .override.image.repository }} +{{- print .override.image.repository -}} +{{- else if and .dot.Values.global + .dot.Values.global.image + .dot.Values.global.image.repository }} +{{- print .dot.Values.global.image.repository }} +{{- else if and .dot.Values.default.image .dot.Values.default.image.repository}} +{{- print .dot.Values.default.image.repository -}} +{{- else if .dot.Values.enterprise }} +{{- print "mender-server-enterprise" -}} +{{- else }} +{{- print "mendersoftware" -}} +{{- end }} +{{- end }} + +{{/* Helper for "mender.image" */}} +{{- define "mender.image.tag" }} +{{- if and .override.image .override.image.tag }} +{{- print .override.image.tag -}} +{{- else if and .dot.Values.global + .dot.Values.global.image + .dot.Values.global.image.tag }} +{{- print .dot.Values.global.image.tag -}} +{{- else if and .dot.Values.default.image .dot.Values.default.image.tag}} +{{- print .dot.Values.default.image.tag -}} +{{- else }} +{{- print .dot.Chart.AppVersion -}} +{{- end }} +{{- end }} + +{{/* +Synopsis: +image: {{ include "mender.image" (dict + "dot" . + "component" "" + "override" .Values. }} +*/}} +{{- define "mender.image" }} +{{- printf "%s/%s/%s:%s" + (include "mender.image.registry" .) + (include "mender.image.repository" .) + .component + (include "mender.image.tag" .) }} +{{- end }} + +{{/* +Synopsis: +imagePullPolicy: {{ include "mender.imagePullPolicy" (dict + "dot" . + "component" "" + "override" .Values. }} +*/}} +{{- define "mender.imagePullPolicy" }} +{{- if and .override.image .override.image.pullPolicy }} +{{ .override.image.pullPolicy }} +{{- else if and .dot.Values.default.image .dot.Values.default.image.pullPolicy }} +{{- .dot.Values.default.image.pullPolicy }} +{{- else }} +{{- "IfNotPresent" }} +{{- end }} +{{- end }} + {{- define "mender.resources" -}} {{- $resources := dict }} {{- range . }}{{- if . }} diff --git a/mender/templates/_podspec.yaml b/mender/templates/_podspec.yaml new file mode 100644 index 00000000..755f77dc --- /dev/null +++ b/mender/templates/_podspec.yaml @@ -0,0 +1,46 @@ +{{- define "mender.podSecurityContext" -}} +{{- if .override.containerSecurityContext }} +{{- /* NOTE: respect falsy override.containerSecurityContext.enabled */ -}} +{{- if .override.containerSecurityContext.enabled }} +{{- omit .override.containerSecurityContext "enabled" | toYaml }} +{{- else }} +{{- printf "{}" }} +{{- end }} +{{- else if and .dot.Values.default.containerSecurityContext + .dot.Values.default.containerSecurityContext.enabled }} +{{- omit .dot.Values.default.containerSecurityContext "enabled" | toYaml }} +{{- else }} +{{- printf "{}" }} +{{- end }} +{{- end -}} + +{{- /* Synopsis: + {{ include "mender.podSpec" (dict + "dot" . + "component" "" + "override" .Values. + }} + Generates shared boilerplate PodSpec +*/ -}} +{{- define "mender.podSpec" -}} +serviceAccountName: {{ include "mender.serviceAccountName" . }} +{{- with (coalesce .override.affinity .dot.Values.default.affinity) }} +affinity: {{ toYaml . | nindent 4 }} +{{- end }} +{{- with (coalesce .override.tolerations .dot.Values.default.tolerations) }} +tolerations: {{ toYaml . | nindent 4 }} +{{- end }} +securityContext: {{ include "mender.podSecurityContext" . | nindent 2}} +{{- with .restartPolicy }} +restartPolicy: {{ quote . }} +{{- end }} +{{- with coalesce .override.imagePullSecrets .dot.Values.default.imagePullSecrets }} +imagePullSecrets: {{- toYaml . | nindent 2 }} +{{- end }} +{{- with (coalesce .override.priorityClassName .dot.Values.default.PriorityClassName) }} +priorityClassName: {{ quote . }} +{{- end }} +{{- with (coalesce .override.nodeSelector .dot.Values.default.nodeSelector) }} +nodeSelector: {{ toYaml . | nindent 4 }} +{{- end }} +{{- end -}} diff --git a/mender/templates/auditlogs/_podtemplate.yaml b/mender/templates/auditlogs/_podtemplate.yaml index a30fa8bb..a5dd709d 100644 --- a/mender/templates/auditlogs/_podtemplate.yaml +++ b/mender/templates/auditlogs/_podtemplate.yaml @@ -7,98 +7,27 @@ metadata: labels: {{- include "mender.labels" . | nindent 4 }} spec: - serviceAccountName: {{ include "mender.serviceAccountName" . }} - {{- with (coalesce .dot.Values.auditlogs.affinity .dot.Values.default.affinity) }} - affinity: {{ toYaml . | nindent 4 }} - {{- end }} - {{- with (coalesce .dot.Values.auditlogs.tolerations .dot.Values.default.tolerations) }} - tolerations: {{ toYaml . | nindent 4 }} - {{- end }} - {{- if .dot.Values.auditlogs.podSecurityContext.enabled }} - securityContext: {{- omit .dot.Values.auditlogs.podSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - - {{- with .restartPolicy }} - restartPolicy: {{ quote . }} - {{- end }} containers: - - name: {{ ternary "auditlogs" "auditlogs-migration" (empty .migration) | quote }} - image: {{ .dot.Values.auditlogs.image.registry }}/{{ .dot.Values.auditlogs.image.repository }}:{{ .dot.Values.auditlogs.image.tag | default .dot.Values.global.image.tag }} - imagePullPolicy: {{ .dot.Values.auditlogs.image.imagePullPolicy }} - {{- if .dot.Values.auditlogs.containerSecurityContext.enabled }} - securityContext: {{- omit .dot.Values.auditlogs.containerSecurityContext "enabled" | toYaml | nindent 6 }} - {{- end }} - - {{- with include "mender.resources" (list .dot.Values.default.resources .dot.Values.auditlogs.resources .extraResources )}} - resources: {{- nindent 6 . }} - {{- end }} - - {{- if (not .migration) }} - {{- if .dot.Values.auditlogs.automigrate }} - args: ["server", "--automigrate"] - {{- else }} - args: ["server"] - {{- end }} - {{- else }} - args: ["migrate"] - {{- end }} - - - {{- if (not .migration) }} - # Readiness/liveness probes - readinessProbe: - httpGet: - path: /api/internal/v1/auditlogs/health - port: 8080 - periodSeconds: 15 - {{- with include "mender.probesOverrides" (dict "default" .dot.Values.default.probesOverrides "override" .dot.Values.auditlogs.probesOverrides ) }} - {{- nindent 6 . }} - {{- end }} - livenessProbe: - httpGet: - path: /api/internal/v1/auditlogs/alive - port: 8080 - periodSeconds: 5 - {{- with include "mender.probesOverrides" (dict "default" .dot.Values.default.probesOverrides "override" .dot.Values.auditlogs.probesOverrides ) }} - {{- nindent 6 . }} - {{- end }} - startupProbe: - httpGet: - path: /api/internal/v1/auditlogs/alive - port: 8080 - failureThreshold: 36 - periodSeconds: 5 - {{- end }} - + - name: {{ if .migration }} + {{- printf "%s-migration" .component -}} + {{ else }} + {{- print .component -}} + {{ end }} + {{- include "mender.container" . | nindent 4 }} env: - name: AUDITLOGS_AUDITLOG_EXPIRE_SECONDS value: {{ .dot.Values.auditlogs.logRetentionSeconds | int | toString | quote }} - {{- include "mender.customEnvs" (merge (deepCopy .dot.Values.auditlogs) (deepCopy (default (dict) .dot.Values.default))) | nindent 4 }} - # Supported configuration settings: https://github.com/mendersoftware/auditlogs/blob/master/config.yaml - # Set in order, last value for the key will be used in case duplications. - envFrom: - - prefix: AUDITLOGS_ - secretRef: - name: {{ .dot.Values.global.mongodb.existingSecret | default (ternary "mongodb-common" "mongodb-common-prerelease" (empty .migration)) }} - - - {{- if .dot.Values.global.image.username }} - imagePullSecrets: - - name: {{ ternary "docker-registry" "docker-registry-prerelease" (empty .migration) }} - {{- else }} - {{- $ips := coalesce .dot.Values.auditlogs.imagePullSecrets .dot.Values.default.imagePullSecrets }} - {{- if $ips }} - imagePullSecrets: - {{- toYaml $ips | nindent 4}} - {{- end }} - {{- end }} - - {{- $pcn := coalesce .dot.Values.auditlogs.priorityClassName .dot.Values.global.priorityClassName -}} - {{- if $pcn }} - priorityClassName: {{ $pcn }} - {{- end }} - - {{- with (coalesce .dot.Values.auditlogs.nodeSelector .dot.Values.default.nodeSelector) }} - nodeSelector: {{ toYaml . | nindent 4 }} - {{- end }} + - name: AUDITLOGS_MONGO_URL + {{- include "mender.mongoUrl" . | nindent 6 }} + {{- range $k, $v := .override.env }} + - name: {{ quote $k }} + value: {{ quote $v }} + {{- end }} + {{- with coalesce .override.customEnvs .dot.Values.default.customEnvs }} + {{- toYaml . | indent 4 }} + {{- end }} + {{- if and .mender .mender.extraEnv }} + {{- toYaml .mender.extraEnv | nindent 4 }} + {{- end }} + {{- include "mender.podSpec" . | nindent 2 }} {{- end }} diff --git a/mender/templates/auditlogs/deployment.yaml b/mender/templates/auditlogs/deployment.yaml index b6a8678d..5d775a8a 100644 --- a/mender/templates/auditlogs/deployment.yaml +++ b/mender/templates/auditlogs/deployment.yaml @@ -1,5 +1,8 @@ -{{- if and .Values.auditlogs.enabled .Values.global.enterprise }} -{{- $context := (dict "dot" . "component" "auditlogs") -}} +{{- if and .Values.auditlogs.enabled .Values.enterprise }} +{{- $context := (dict +"dot" . +"component" "auditlogs" +"override" .Values.auditlogs) -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -17,15 +20,14 @@ spec: matchLabels: app.kubernetes.io/name: {{ include "mender.fullname" . }}-auditlogs + {{- /* # if deployment is not completed within 10 min, consider it failed, # as result deployment Reason=ProgressDeadlineExceeded # needs to be big enough to rollout to complete + */}} progressDeadlineSeconds: 600 - - # Rollout upgrade - {{- $updateStrategy := coalesce .Values.auditlogs.updateStrategy .Values.default.updateStrategy }} - {{- if $updateStrategy }} - strategy: {{- toYaml $updateStrategy | nindent 4 }} + {{- with coalesce .Values.auditlogs.updateStrategy .Values.default.updateStrategy }} + strategy: {{- toYaml . | nindent 4 }} {{- end }} template: diff --git a/mender/templates/auditlogs/hpa.yaml b/mender/templates/auditlogs/hpa.yaml index eac60a7d..be0e6c03 100644 --- a/mender/templates/auditlogs/hpa.yaml +++ b/mender/templates/auditlogs/hpa.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.auditlogs.enabled .Values.global.enterprise }} +{{- if and .Values.auditlogs.enabled .Values.enterprise }} {{- $servicename := "auditlogs" }} {{- $context := (dict "default" .Values.default "override" .Values.auditlogs "name" (printf "%s-%s" (include "mender.fullname" . ) $servicename ) ) -}} {{- include "mender.autoscaler" $context }} diff --git a/mender/templates/auditlogs/job.yaml b/mender/templates/auditlogs/job.yaml index bfbbc5dc..e71551ea 100644 --- a/mender/templates/auditlogs/job.yaml +++ b/mender/templates/auditlogs/job.yaml @@ -1,5 +1,11 @@ -{{- if and .Values.auditlogs.enabled .Values.global.enterprise .Values.dbmigration.enable }} -{{- $context := (dict "dot" . "component" "auditlogs" "migration" "true" "restartPolicy" (default "Never" .Values.auditlogs.migrationRestartPolicy) "extraResources" .Values.auditlogs.migrationResources) }} +{{- if and .Values.auditlogs.enabled .Values.enterprise .Values.dbmigration.enable }} +{{- $context := (dict +"dot" . +"component" "auditlogs" +"override" .Values.auditlogs +"migration" "true" +"restartPolicy" (default "Never" .Values.auditlogs.migrationRestartPolicy) +"extraResources" .Values.auditlogs.migrationResources) }} apiVersion: batch/v1 kind: Job metadata: diff --git a/mender/templates/auditlogs/service.yaml b/mender/templates/auditlogs/service.yaml index 20c10eed..66cb0bad 100644 --- a/mender/templates/auditlogs/service.yaml +++ b/mender/templates/auditlogs/service.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.auditlogs.enabled .Values.global.enterprise }} +{{- if and .Values.auditlogs.enabled .Values.enterprise }} apiVersion: v1 kind: Service metadata: diff --git a/mender/templates/create-artifact-worker/deployment.yaml b/mender/templates/create-artifact-worker/deployment.yaml index 537c0f6b..d9a28377 100644 --- a/mender/templates/create-artifact-worker/deployment.yaml +++ b/mender/templates/create-artifact-worker/deployment.yaml @@ -1,5 +1,13 @@ -{{- if .Values.create_artifact_worker.enabled }} -{{- $merged := merge (deepCopy .Values.create_artifact_worker) (deepCopy (default (dict) .Values.default)) -}} +{{- if .Values.create_artifact_worker.enabled -}} +{{- $context := (dict +"dot" . +"component" "create-artifact-worker" +"override" .Values.create_artifact_worker +"args" (ternary + "worker --automigrate" + "worker" + .Values.create_artifact_worker.automigrate ) +) -}} apiVersion: apps/v1 kind: Deployment metadata: @@ -14,13 +22,7 @@ spec: selector: matchLabels: app.kubernetes.io/name: {{ include "mender.fullname" . }}-create-artifact-worker - - # if deployment is not completed within 10 min, consider it failed, - # as result deployment Reason=ProgressDeadlineExceeded - # needs to be big enough to rollout to complete progressDeadlineSeconds: 600 - - # Rollout upgrade {{- $updateStrategy := coalesce .Values.create_artifact_worker.updateStrategy .Values.default.updateStrategy }} {{- if $updateStrategy }} strategy: {{- toYaml $updateStrategy | nindent 4 }} @@ -37,78 +39,22 @@ spec: {{- include "mender.labels" . | nindent 8 }} app.kubernetes.io/component: create-artifact-worker spec: - {{- with $merged.affinity }} - affinity: {{ tpl (toYaml .) $ | nindent 8 }} - {{- end }} - {{- with $merged.tolerations }} - tolerations: {{ tpl (toYaml .) $ | nindent 8 }} - {{- end }} -{{- if .Values.create_artifact_worker.podSecurityContext.enabled }} - securityContext: {{- omit .Values.create_artifact_worker.podSecurityContext "enabled" | toYaml | nindent 8 }} -{{- end }} - containers: - name: create-artifact-worker - image: {{ .Values.create_artifact_worker.image.registry }}/{{ .Values.create_artifact_worker.image.repository }}:{{ .Values.create_artifact_worker.image.tag | default .Values.global.image.tag }} - imagePullPolicy: {{ .Values.create_artifact_worker.image.imagePullPolicy }} -{{- if .Values.create_artifact_worker.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.create_artifact_worker.containerSecurityContext "enabled" | toYaml | nindent 10 }} -{{- end }} - resources: -{{ toYaml .Values.create_artifact_worker.resources | indent 10 }} - -{{- if .Values.create_artifact_worker.automigrate }} - command: ["workflows", "--config", "/etc/workflows/config.yaml", "worker", "--automigrate"] -{{- else }} - command: ["workflows", "--config", "/etc/workflows/config.yaml", "worker"] -{{- end }} - - # Supported configuration settings: https://github.com/mendersoftware/workflows/blob/master/config.yaml - # Set in order, last value for the key will be used in case duplications. + {{- include "mender.container" $context | nindent 8 }} env: - # NATS uri - {{- if not .Values.global.nats.existingSecret }} - name: WORKFLOWS_NATS_URI - value: {{ template "nats_uri" . }} - {{- end }} - + {{- include "mender.natsUrl" $context | nindent 10 }} + - name: WORKFLOWS_MONGO_URL + {{- include "mender.mongoUrl" $context | nindent 10 }} - name: WORKFLOWS_MENDER_URL - value: "{{ .Values.global.url }}" + value: "{{ .Values.menderUrl }}" - name: CREATE_ARTIFACT_GATEWAY_URL - value: {{ .Values.global.url | default (ternary (printf "https://%s" .Values.api_gateway.service.name ) (printf "http://%s" .Values.api_gateway.service.name) (.Values.api_gateway.env.SSL)) }} + value: {{ .Values.menderUrl | default (ternary (printf "https://%s" .Values.api_gateway.service.name ) (printf "http://%s" .Values.api_gateway.service.name) (.Values.api_gateway.env.SSL)) }} - name: CREATE_ARTIFACT_SKIPVERIFY value: "1" - name: CREATE_ARTIFACT_DEPLOYMENTS_URL value: http://{{ .Values.deployments.service.name }}:{{ .Values.deployments.service.port }} {{- include "mender.customEnvs" (merge (deepCopy .Values.create_artifact_worker) (deepCopy (default (dict) .Values.default))) | nindent 8 }} - envFrom: - - prefix: WORKFLOWS_ - secretRef: - name: {{ .Values.global.mongodb.existingSecret | default "mongodb-common" }} - - {{- if .Values.global.nats.existingSecret }} - - prefix: WORKFLOWS_ - secretRef: - name: {{ .Values.global.nats.existingSecret }} - {{- end }} - -{{- if .Values.global.image.username }} - imagePullSecrets: - - name: docker-registry -{{- else }} -{{- $ips := coalesce .Values.create_artifact_worker.imagePullSecrets .Values.default.imagePullSecrets }} -{{- if $ips }} - imagePullSecrets: -{{- toYaml $ips | nindent 6 }} -{{- end }} -{{- end }} - -{{- $pcn := coalesce .Values.create_artifact_worker.priorityClassName .Values.global.priorityClassName -}} -{{- if $pcn }} - priorityClassName: {{ $pcn }} + {{- include "mender.podSpec" $context | nindent 6 }} {{- end -}} - -{{- with .Values.create_artifact_worker.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} -{{- end }} -{{- end }} diff --git a/mender/templates/deployments/_podtemplate.yaml b/mender/templates/deployments/_podtemplate.yaml index 8bec204a..5ae3104e 100644 --- a/mender/templates/deployments/_podtemplate.yaml +++ b/mender/templates/deployments/_podtemplate.yaml @@ -7,81 +7,20 @@ metadata: labels: {{- include "mender.labels" . | nindent 4 }} spec: - {{- with (coalesce .dot.Values.deployments.affinity .dot.Values.default.affinity) }} - affinity: {{ toYaml . | nindent 4 }} - {{- end }} - {{- with (coalesce .dot.Values.deployments.tolerations .dot.Values.default.tolerations) }} - tolerations: {{ toYaml . | nindent 4 }} - {{- end }} - {{- if and (eq .dot.Values.global.storage "aws") (.dot.Values.global.s3.AWS_SERVICE_ACCOUNT_NAME) }} - serviceAccountName: {{ .dot.Values.global.s3.AWS_SERVICE_ACCOUNT_NAME }} - {{- else }} - serviceAccountName: {{ include "mender.serviceAccountName" . }} - {{- end }} - {{- if .dot.Values.deployments.podSecurityContext.enabled }} - securityContext: {{- omit .dot.Values.deployments.podSecurityContext "enabled" | toYaml | nindent 4 }} - {{- end }} - - {{- with .restartPolicy }} - restartPolicy: {{ quote . }} - {{- end }} containers: - - name: {{ ternary "deployments" "deployments-migration" (empty .migration) | quote }} - {{- if .dot.Values.global.enterprise }} - image: {{ .dot.Values.deployments.image.registry | default "registry.mender.io" }}/{{ .dot.Values.deployments.image.repository | default "mendersoftware/deployments-enterprise" }}:{{ .dot.Values.deployments.image.tag | default .dot.Values.global.image.tag }} - {{- else }} - image: {{ .dot.Values.deployments.image.registry | default "docker.io" }}/{{ .dot.Values.deployments.image.repository | default "mendersoftware/deployments" }}:{{ .dot.Values.deployments.image.tag | default .dot.Values.global.image.tag }} - {{- end }} - imagePullPolicy: {{ .dot.Values.deployments.image.imagePullPolicy }} - {{- if .dot.Values.deployments.containerSecurityContext.enabled }} - securityContext: {{- omit .dot.Values.deployments.containerSecurityContext "enabled" | toYaml | nindent 6 }} - {{- end }} - - {{- with include "mender.resources" (list .dot.Values.default.resources .dot.Values.deployments.resources .extraResources )}} - resources: {{- nindent 6 . }} - {{- end }} - - {{- if (not .migration) }} - {{- if .dot.Values.deployments.automigrate }} - args: ["server", "--automigrate"] - {{- else }} - args: ["server"] - {{- end }} - {{- else }} - args: ["migrate"] - {{- end }} - - - {{- if (not .migration) }} - # Readiness/liveness probes - readinessProbe: - httpGet: - path: /api/internal/v1/deployments/health - port: 8080 - periodSeconds: 15 - {{- with include "mender.probesOverrides" (dict "default" .dot.Values.default.probesOverrides "override" .dot.Values.deployments.probesOverrides ) }} - {{- nindent 6 . }} - {{- end }} - livenessProbe: - httpGet: - path: /api/internal/v1/deployments/alive - port: 8080 - periodSeconds: 5 - {{- with include "mender.probesOverrides" (dict "default" .dot.Values.default.probesOverrides "override" .dot.Values.deployments.probesOverrides ) }} - {{- nindent 6 . }} - {{- end }} - startupProbe: - httpGet: - path: /api/internal/v1/deployments/alive - port: 8080 - failureThreshold: 36 - periodSeconds: 5 - {{- end }} - + - name: {{ default "deployments" .containerName | quote }} + {{ include "mender.container" . | nindent 4 }} env: + - name: DEPLOYMENTS_MONGO_URL + {{- include "mender.mongoUrl" . | nindent 6 }} + - name: DEPLOYMENTS_REDIS_CONNECTION_STRING + {{- include "mender.redisUrl" . | nindent 6 }} - name: DEPLOYMENTS_STORAGE_DEFAULT - value: {{ .dot.Values.global.storage | quote }} - + value: {{ if and .dot.Values.global .dot.Values.global.storage }} + {{- quote .dot.Values.global.storage }} + {{- else }} + {{- quote .dot.Values.storage.type }} + {{- end }} - name: DEPLOYMENTS_MIDDLEWARE value: {{ .dot.Values.deployments.env.DEPLOYMENTS_MIDDLEWARE | quote }} - name: DEPLOYMENTS_AWS_TAG_ARTIFACT @@ -90,7 +29,7 @@ spec: - name: DEPLOYMENTS_PRESIGN_SECRET value: {{ .dot.Values.deployments.env.DEPLOYMENTS_PRESIGN_SECRET | quote }} {{- end }} - {{- if and .dot.Values.auditlogs.enabled .dot.Values.global.enterprise }} + {{- if and .dot.Values.auditlogs.enabled .dot.Values.enterprise }} - name: DEPLOYMENTS_ENABLE_AUDIT value: "true" {{- end }} @@ -102,59 +41,29 @@ spec: value: "true" {{- end }} {{- end }} - - {{- if .dot.Values.global.enterprise }} - {{- if not .dot.Values.global.redis.existingSecret }} - - name: DEPLOYMENTS_REDIS_CONNECTION_STRING - value: {{ include "redis_connection_string" . }} + {{- range $k, $v := .override.env }} + - name: {{ quote $k }} + value: {{ quote $v }} {{- end }} - - name: DEPLOYMENTS_REDIS_KEY_PREFIX - value: {{ .dot.Values.device_auth.env.DEPLOYMENTS_REDIS_KEY_PREFIX | default "deployments:v1" | quote }} + {{- with coalesce .override.customEnvs .dot.Values.default.customEnvs }} + {{- toYaml . | indent 4 }} {{- end }} - - {{- include "mender.customEnvs" (merge (deepCopy .dot.Values.deployments) (deepCopy (default (dict) .dot.Values.default))) | nindent 4 }} - - # Supported configuration settings: https://github.com/mendersoftware/deployments/blob/master/config.yaml - # Set in order, last value for the key will be used in case duplications. envFrom: - - prefix: DEPLOYMENTS_ - secretRef: - name: {{ .dot.Values.global.mongodb.existingSecret | default (ternary "mongodb-common" "mongodb-common-prerelease" (empty .migration)) }} {{- if (not .migration) }} - prefix: DEPLOYMENTS_ secretRef: - name: {{ .dot.Values.global.s3.existingSecret | default "artifacts-storage" }} + name: {{ if and .dot.Values.global + .dot.Values.global.s3 + .dot.Values.global.s3.existingSecret }} + {{- quote .dot.Values.global.s3.existingSecret }} + {{- else }} + {{- default "artifacts-storage" .dot.Values.storage.existingSecret }} + {{- end }} {{- end }} {{- if and ( not .dot.Values.deployments.env.DEPLOYMENTS_PRESIGN_SECRET ) .dot.Values.deployments.presignSecretExistingSecret }} - prefix: DEPLOYMENTS_ secretRef: name: {{ .dot.Values.deployments.presignSecretExistingSecret | quote }} {{- end }} - {{- if and .dot.Values.global.redis.existingSecret .dot.Values.global.enterprise ( not .dot.Values.global.redis.URL ) ( not .dot.Values.redis.enabled ) }} - # Redis existingSecret - - prefix: DEPLOYMENTS_ - secretRef: - name: {{ .dot.Values.global.redis.existingSecret | quote }} - {{- end }} - - - {{- if .dot.Values.global.image.username }} - imagePullSecrets: - - name: {{ ternary "docker-registry" "docker-registry-prerelease" (empty .migration) }} - {{- else }} - {{- $ips := coalesce .dot.Values.deployments.imagePullSecrets .dot.Values.default.imagePullSecrets }} - {{- if $ips }} - imagePullSecrets: - {{- toYaml $ips | nindent 4}} - {{- end }} - {{- end }} - - {{- $pcn := coalesce .dot.Values.deployments.priorityClassName .dot.Values.global.priorityClassName -}} - {{- if $pcn }} - priorityClassName: {{ $pcn }} - {{- end }} - - {{- with (coalesce .dot.Values.deployments.nodeSelector .dot.Values.default.nodeSelector) }} - nodeSelector: {{ toYaml . | nindent 4 }} - {{- end }} + {{- include "mender.podSpec" . | nindent 2}} {{- end }} diff --git a/mender/templates/deployments/cronjob.yaml b/mender/templates/deployments/cronjob.yaml index a3dca5b1..f421cdb8 100644 --- a/mender/templates/deployments/cronjob.yaml +++ b/mender/templates/deployments/cronjob.yaml @@ -1,5 +1,12 @@ {{- if .Values.deployments.directUpload.enabled }} -{{- $merged := merge (deepCopy .Values.deployments) (deepCopy (default (dict) .Values.default)) -}} +{{- $context := (dict + "dot" . + "component" "deployments" + "containerName" "deployments-storage-daemon" + "override" .Values.deployments + "args" (printf "storage-daemon --time-jitter=%q" + .Values.deployments.directUpload.jitter ) +) -}} apiVersion: batch/v1 kind: CronJob metadata: @@ -13,68 +20,5 @@ spec: jobTemplate: spec: template: - metadata: - {{- with .Values.deployments.podAnnotations }} - annotations: - {{- toYaml . | nindent 12 }} - {{- end }} - labels: - app.kubernetes.io/name: {{ include "mender.fullname" . }}-deployments-storage-daemon - - spec: - {{- with $merged.affinity }} - affinity: {{ tpl (toYaml .) $ | nindent 12 }} - {{- end }} - {{- with $merged.tolerations }} - tolerations: {{ tpl (toYaml .) $ | nindent 12 }} - {{- end }} - {{- if and (eq .Values.global.storage "aws") (.Values.global.s3.AWS_SERVICE_ACCOUNT_NAME) }} - serviceAccountName: {{ .Values.global.s3.AWS_SERVICE_ACCOUNT_NAME }} - {{- else }} - serviceAccountName: {{ include "mender.serviceAccountName" . }} - {{- end }} - {{- if .Values.deployments.podSecurityContext.enabled }} - securityContext: {{- omit .Values.deployments.podSecurityContext "enabled" | toYaml | nindent 12 }} - {{- end }} - containers: - - name: deployments-storage-daemon - {{- if .Values.global.enterprise }} - image: {{ .Values.deployments.image.registry | default "registry.mender.io" }}/{{ .Values.deployments.image.repository | default "mendersoftware/deployments-enterprise" }}:{{ .Values.deployments.image.tag | default .Values.global.image.tag }} - {{- else }} - image: {{ .Values.deployments.image.registry | default "docker.io" }}/{{ .Values.deployments.image.repository | default "mendersoftware/deployments" }}:{{ .Values.deployments.image.tag | default .Values.global.image.tag }} - {{- end }} - args: ["storage-daemon", "--time-jitter={{ .Values.deployments.directUpload.jitter}}"] - env: - - name: DEPLOYMENTS_STORAGE_DEFAULT - value: {{ .Values.global.storage | quote }} - {{- if and .Values.auditlogs.enabled .Values.global.enterprise }} - - name: DEPLOYMENTS_ENABLE_AUDIT - value: "true" - {{- end }} - envFrom: - - prefix: DEPLOYMENTS_ - secretRef: - name: mongodb-common - - prefix: DEPLOYMENTS_ - secretRef: - name: {{ .Values.global.s3.existingSecret | default "artifacts-storage" }} - {{- if .Values.deployments.containerSecurityContext.enabled }} - securityContext: {{- omit .Values.deployments.containerSecurityContext "enabled" | toYaml | nindent 14 }} - {{- end }} - restartPolicy: Never - -{{- if .Values.global.image.username }} - imagePullSecrets: - - name: docker-registry -{{- else }} -{{- $ips := coalesce .Values.deployments.imagePullSecrets .Values.default.imagePullSecrets }} -{{- if $ips }} - imagePullSecrets: -{{- toYaml $ips | nindent 10 }} -{{- end }} -{{- end }} - - {{- with .Values.deployments.nodeSelector }} - nodeSelector: {{ toYaml . | nindent 8 }} - {{- end }} -{{- end }} + {{- include "mender.deploymentsPodTemplate" $context | nindent 8 }} +{{- end -}} diff --git a/mender/templates/deployments/deployment.yaml b/mender/templates/deployments/deployment.yaml index e161cd24..ee515904 100644 --- a/mender/templates/deployments/deployment.yaml +++ b/mender/templates/deployments/deployment.yaml @@ -1,5 +1,8 @@ {{- if .Values.deployments.enabled }} -{{- $context := (dict "dot" . "component" "deployments") -}} +{{- $context := (dict + "dot" . + "override" .Values.deployments + "component" "deployments") -}} apiVersion: apps/v1 kind: Deployment metadata: diff --git a/mender/templates/deployments/job.yaml b/mender/templates/deployments/job.yaml index 4f8e4093..77725654 100644 --- a/mender/templates/deployments/job.yaml +++ b/mender/templates/deployments/job.yaml @@ -1,5 +1,12 @@ {{- if and .Values.deployments.enabled .Values.dbmigration.enable }} -{{- $context := (dict "dot" . "component" "deployments" "migration" "true" "restartPolicy" (default "Never" .Values.deployments.migrationRestartPolicy) "extraResources" .Values.deployments.migrationResources) }} +{{- $context := (dict + "dot" . + "containerName" "deployments-migration" + "component" "deployments" + "override" .Values.deployments + "restartPolicy" (default "Never" .Values.deployments.migrationRestartPolicy) + "resources" .Values.deployments.migrationResources + "migration" "true") -}} apiVersion: batch/v1 kind: Job metadata: diff --git a/mender/values.yaml b/mender/values.yaml index ed583b43..23ac2128 100644 --- a/mender/values.yaml +++ b/mender/values.yaml @@ -1,29 +1,12 @@ fullnameOverride: "" +namespaceOverride: "" -global: - enterprise: true - hosted: false - auditlogs: true - priorityClassName: "" - image: - registry: registry.mender.io - username: null - password: null - tag: mender-3.7.7 +enterprise: true # FIXME: Alias global.enterprise +menderUrl: "" - mongodb: - existingSecret: "" - URL: mongodb://mongodb - nats: - existingSecret: "" - URL: nats://nats:4222 - redis: - username: null - password: null - URL: "" - existingSecret: "" - storage: "aws" - s3: +storage: + type: "s3" # s3|azure # FIXME: Alias global.storage + s3: # FIXME: Alias global.s3 existingSecret: "" AWS_URI: "" AWS_EXTERNAL_URI: "" @@ -32,31 +15,56 @@ global: AWS_ACCESS_KEY_ID: myaccesskey AWS_SECRET_ACCESS_KEY: mysecretkey AWS_FORCE_PATH_STYLE: "true" - AWS_TAG_ARTIFACT: "true" - AWS_SERVICE_ACCOUNT_NAME: "" - azure: + azure: # FIXME: Alias global.s3 AUTH_CONNECTION_STRING: "" AUTH_SHARED_KEY_ACCOUNT_NAME: "" AUTH_SHARED_KEY_ACCOUNT_KEY: "" AUTH_SHARED_KEY_URI: "" CONTAINER_NAME: mender-artifact-storage - smtp: - existingSecret: "" - EMAIL_SENDER: root@localhost - SMTP_HOST: "localhost:25" - SMTP_AUTH_MECHANISM: "PLAIN" - SMTP_USERNAME: "null" - SMTP_PASSWORD: "null" - SMTP_SSL: "false" - url: "https://mender-api-gateway" - # guardrails for subcharts - namespaceOverride: "" + +smtp: # FIXME: Alias global.smtp + existingSecret: "" + EMAIL_SENDER: root@localhost + SMTP_HOST: "localhost:25" + SMTP_AUTH_MECHANISM: "PLAIN" + SMTP_USERNAME: "null" + SMTP_PASSWORD: "null" + SMTP_SSL: "false" + +url: "https://mender-api-gateway" # FIXME: Alias global.smtp # default values: -# these values applies to all resources -# and are applied when specific service values are not -# present +# these values applies to all resources for mender services +# and are applied when specific service values are not present default: + # image specifies the image configuration for Mender services + # All properties can be overwritten at inside the service values. + # The default values for registry and repository depends on the value + # of `mender.enterprise`: If true, the defaults are registry.mender.io and + # mender-server-enterprise respectively otherwise it the defaults are + # docker.io and mendersoftware. + # image: + # registry: docker.io|registry.mender.io + # repository: mendersoftware|mender-server-enterprise + # tag: {{ .Chart.AppVersion }} + # pullPolicy: "IfNotPresent" + + # MongoDB connection string configuration. + # Use existingSecret for already provisioned mongodb secret keys + # Or use mongodb.URL to configure the URL directly. + mongodb: + # existingSecret: "" + existingSecretKey: "MONGO_URL" + URL: mongodb://mender-mongodb + nats: + # existingSecret: "" + existingSecretKey: "NATS_URL" + URL: nats://mender-nats + redis: + # existingSecret: "" + existingSecretKey: "REDIS_CONNECTION_STRING" + URL: "redis://mender-redis" + affinity: {} tolerations: {} @@ -97,10 +105,36 @@ default: maxUnavailable: 0 # Override the properties of the Readiness and Liveness probes - probesOverrides: {} - # timeoutSeconds: 1 - # successThreshold: 1 - # failureThreshold: 3 + readinessProbe: + # The number of consecutive failures allowed before considering the probe as failed. + failureThreshold: 1 + # The number of seconds to wait before starting the first probe. + initialDelaySeconds: 2 + # The number of seconds to wait between consecutive probes. + periodSeconds: 15 + # The minimum consecutive successes required to consider the probe successful. + successThreshold: 1 + # The number of seconds to wait for a probe response before considering it as failed. + timeoutSeconds: 2 + livenessProbe: + # The number of consecutive failures allowed before considering the probe as failed. + failureThreshold: 3 + # The number of seconds to wait before starting the first probe. + initialDelaySeconds: 2 + # The number of seconds to wait between consecutive probes. + periodSeconds: 10 + # The minimum consecutive successes required to consider the probe successful. + successThreshold: 1 + # The number of seconds to wait for a probe response before considering it as failed. + timeoutSeconds: 2 + + startupProbe: + # The number of consecutive failures allowed before considering the probe as failed. + failureThreshold: 30 + # The number of seconds to wait between consecutive probes. + periodSeconds: 5 + + priorityClassName: "" serviceAccount: create: false @@ -137,74 +171,6 @@ ingress: - secretName: mender-ingress-tls hosts: - mender.example.org - - -# Helm chart smoke tests -tests: - enabled: false - -# Using default values from https://artifacthub.io/packages/helm/bitnami/mongodb -mongodb: - enabled: false - architecture: replicaset - externalAccess: - enabled: false - service: - type: LoadBalancer - # replicaCount sets the number of secondaries (min: 2) - replicaCount: 2 - # updateStrategy ensure that the nodes are updated one - # at the time to avoid downtime. - updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: 1 - # PodDisruptionBudget ensure that the majority of nodes are available. - # Make sure to update the PodDisruptionBudget if you increase the number of - # replicas. - pdb: - enabled: true - minAvailable: 2 - maxUnavailable: 1 - image: - tag: "6.0.13" - auth: - enabled: true - rootPassword: "pleasechangeme" - replicaSetKey: "pleasechangeme" - username: "mender" - # reference to Bitnami chart only: - # the database name is managed by Mender only - database: "mender" - global: - storageClass: "" - commonAnnotations: - helm.sh/hook: "pre-install" - helm.sh/hook-weight: "-100" - service: - nameOverride: "" - -# Using default values from -# https://github.com/nats-io/k8s/tree/main/helm/charts/nats -nats: - enabled: false - cluster: - enabled: true - replicas: 3 - fullnameOverride: "" - nats: - image: "nats:2.9.20-scratch" - jetstream: - enabled: true - memStorage: - enabled: true - size: "1Gi" - fileStorage: - enabled: true - size: "2Gi" - storageDirectory: /data/ - storageClassName: "" - api_gateway: enabled: true podAnnotations: {} @@ -213,7 +179,6 @@ api_gateway: registry: docker.io repository: traefik tag: v3.1.2 - imagePullPolicy: IfNotPresent imagePullSecrets: [] replicas: 1 resources: @@ -289,19 +254,21 @@ api_gateway: # prometheus pod monitor podMonitor: enabled: false - customLabels: {} + customLabels: + {} # prometheus-operated: "true" # Override the properties of the Readiness, Liveness and Startup probes probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 - failureThreshold: 3 + # failureThreshold: 3 deployments: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -316,10 +283,10 @@ deployments: jitter: "3s" skipVerify: false daemonSchedule: "15 * * * *" - image: - registry: "" - repository: "" - imagePullPolicy: IfNotPresent + # image: + # registry: "" + # repository: "" + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -372,7 +339,8 @@ deployments: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -380,7 +348,7 @@ deployments: device_auth: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -390,10 +358,10 @@ device_auth: cpu: 350m memory: 128Mi affinity: {} - image: - registry: "" - repository: "" - imagePullPolicy: IfNotPresent + # image: + # registry: "" + # repository: "" + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -458,7 +426,8 @@ device_auth: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -493,10 +462,10 @@ generate_delta_worker: cpu: 100m memory: 128Mi affinity: {} - image: - registry: registry.mender.io - repository: mendersoftware/generate-delta-worker - imagePullPolicy: IfNotPresent + # image: + # registry: registry.mender.io + # repository: mendersoftware/generate-delta-worker + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} priorityClassName: "" @@ -525,10 +494,10 @@ gui: cpu: 5m memory: 16Mi affinity: {} - image: - registry: docker.io - repository: mendersoftware/gui - imagePullPolicy: IfNotPresent + # image: + # registry: docker.io + # repository: mendersoftware/gui + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -561,7 +530,8 @@ gui: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -569,7 +539,7 @@ gui: inventory: enabled: true podAnnotations: {} - automigrate: true + automigrate: false mongodbExistingSecret: "" replicas: 1 resources: @@ -580,10 +550,10 @@ inventory: cpu: 300m memory: 128Mi affinity: {} - image: - registry: "" - repository: "" - imagePullPolicy: IfNotPresent + # image: + # registry: "" + # repository: "" + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -634,7 +604,8 @@ inventory: # value: DEBUG # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -651,10 +622,10 @@ tenantadm: cpu: 150m memory: 64Mi affinity: {} - image: - registry: registry.mender.io - repository: mendersoftware/tenantadm - imagePullPolicy: IfNotPresent + # image: + # registry: registry.mender.io + # repository: mendersoftware/tenantadm + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -720,7 +691,8 @@ tenantadm: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -728,7 +700,7 @@ tenantadm: useradm: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -738,10 +710,10 @@ useradm: cpu: 150m memory: 64Mi affinity: {} - image: - registry: "" - repository: "" - imagePullPolicy: IfNotPresent + # image: + # registry: "" + # repository: "" + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -806,7 +778,8 @@ useradm: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -814,7 +787,7 @@ useradm: workflows: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -824,10 +797,10 @@ workflows: cpu: 10m memory: 64Mi affinity: {} - image: - registry: "" - repository: "" - imagePullPolicy: IfNotPresent + # image: + # registry: "" + # repository: "" + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -888,12 +861,12 @@ workflows: # secretName: my-credential-file # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 - create_artifact_worker: enabled: true podAnnotations: {} @@ -907,10 +880,10 @@ create_artifact_worker: cpu: 100m memory: 128Mi affinity: {} - image: - registry: docker.io - repository: mendersoftware/create-artifact-worker - imagePullPolicy: IfNotPresent + # image: + # registry: docker.io + # repository: mendersoftware/create-artifact-worker + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} podSecurityContext: @@ -938,7 +911,7 @@ create_artifact_worker: auditlogs: enabled: true podAnnotations: {} - automigrate: true + automigrate: false # logRetentionSeconds gives the number of seconds before # an audit event is evicted from the database logRetentionSeconds: 7776000 @@ -951,10 +924,10 @@ auditlogs: cpu: 50m memory: 128Mi affinity: {} - image: - registry: registry.mender.io - repository: mendersoftware/auditlogs - imagePullPolicy: IfNotPresent + # image: + # registry: registry.mender.io + # repository: mendersoftware/auditlogs + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -1003,7 +976,8 @@ auditlogs: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -1011,7 +985,7 @@ auditlogs: iot_manager: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -1021,10 +995,10 @@ iot_manager: cpu: 50m memory: 128Mi affinity: {} - image: - registry: docker.io - repository: mendersoftware/iot-manager - imagePullPolicy: IfNotPresent + # image: + # registry: docker.io + # repository: mendersoftware/iot-manager + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -1078,7 +1052,8 @@ iot_manager: existingSecret: "" # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -1086,7 +1061,7 @@ iot_manager: deviceconnect: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -1096,10 +1071,10 @@ deviceconnect: cpu: 100m memory: 128Mi affinity: {} - image: - registry: docker.io - repository: mendersoftware/deviceconnect - imagePullPolicy: IfNotPresent + # image: + # registry: docker.io + # repository: mendersoftware/deviceconnect + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -1150,7 +1125,8 @@ deviceconnect: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -1158,7 +1134,7 @@ deviceconnect: deviceconfig: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -1168,10 +1144,10 @@ deviceconfig: cpu: 100m memory: 128Mi affinity: {} - image: - registry: docker.io - repository: mendersoftware/deviceconfig - imagePullPolicy: IfNotPresent + # image: + # registry: docker.io + # repository: mendersoftware/deviceconfig + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -1220,7 +1196,8 @@ deviceconfig: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 @@ -1228,7 +1205,7 @@ deviceconfig: devicemonitor: enabled: true podAnnotations: {} - automigrate: true + automigrate: false replicas: 1 resources: limits: @@ -1238,10 +1215,10 @@ devicemonitor: cpu: 100m memory: 128Mi affinity: {} - image: - registry: registry.mender.io - repository: mendersoftware/devicemonitor - imagePullPolicy: IfNotPresent + # image: + # registry: registry.mender.io + # repository: mendersoftware/devicemonitor + # pullPolicy: IfNotPresent imagePullSecrets: [] nodeSelector: {} service: @@ -1293,16 +1270,65 @@ devicemonitor: # maxUnavailable: 25% # Override the properties of the Readiness, Liveness and Startup probes - probesOverrides: {} + probesOverrides: + {} # timeoutSeconds: 2 # successThreshold: 2 # failureThreshold: 6 +dbmigration: + enable: true + annotations: {} + backoffLimit: 5 + affinity: {} + nodeSelector: {} + podSecurityContext: + enabled: false + runAsNonRoot: true + runAsUser: 999 + +# Feature preview: Device License Count +# Only available from version 3.6, +# and available in Mender Enterprise +device_license_count: + enabled: false + +# Using default values from https://artifacthub.io/packages/helm/bitnami/mongodb +mongodb: + enabled: false + architecture: standalone + image: + tag: "6.0.13" + auth: + enabled: false + +# Using default values from +# https://github.com/nats-io/k8s/tree/main/helm/charts/nats +nats: + enabled: false + cluster: + enabled: true + replicas: 3 + fullnameOverride: "" + nats: + image: + tag: "nats:2.9.20-scratch" + jetstream: + enabled: true + memStorage: + enabled: true + size: "1Gi" + fileStorage: + enabled: true + size: "2Gi" + storageDirectory: /data/ + storageClassName: "" + # Redis as a subchart # Using a bitnami sub-chart by default = test usage only # It's recommended to use a suitable Redis Cluster for Production redis: - enabled: true + enabled: false architecture: replication commonAnnotations: helm.sh/hook: "pre-install" @@ -1320,20 +1346,3 @@ redis: persistence: enabled: false fullnameOverride: "" - -dbmigration: - enable: true - annotations: {} - backoffLimit: 5 - affinity: {} - nodeSelector: {} - podSecurityContext: - enabled: false - runAsNonRoot: true - runAsUser: 999 - -# Feature preview: Device License Count -# Only available from version 3.6, -# and available in Mender Enterprise -device_license_count: - enabled: false