Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DRAFT] Next major version #342

Draft
wants to merge 1 commit into
base: master
Choose a base branch
from
Draft

[DRAFT] Next major version #342

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions mender/CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,50 @@
# Mender Helm chart

## Version 6.0.0
BREAKING CHANGES:
* New image defaults:
* All overrides in default values have been removed
* Registry default changed:
- `registry.mender.io` if `mender.enterprise`
- `docker.io` otherwise
* Repository default changed:
- `mender-server-enterprise` if `mender.enterprise`
- `mendersoftware` otherwise.
* Default tag updated to follow AppVersion in Chart.yaml
* `username`/`password` is removed to discourage bad security practices
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

So you have to create your own secret by hand? Then we'll have to add the snippet to the docs.mender.io:

  • TODO: add a snippet like kubectl create secret docker-registry NAME --docker-username=user --docker-password=password --docker-email=email --docker-server=registry.mender.io in the Mender Docs

* Use `imagePullSecrets` instead
* Rename options:
* `global.image` -> `default.image`
* `global.image.imagePullPolicy` -> `default.image.pullPolicy`
* `global.mongodb` -> `default.mongodb`
* `global.nats` -> `default.nats`
* `global.redis` -> `default.redis`
* `global.storage` -> `storage.type`
* `global.s3` -> `storage.s3`
* `global.azure` -> `storage.azure`
* `global.url` -> `menderUrl`
* `global.smtp` -> `smtp`
* Removed options:
- `global.image.username`
- `global.image.password`
- `global.auditlogs`: Replaced by `auditlogs.enabled`
- `global.hosted`
- `global.s3.AWS_TAG_ARTIFACT`
- `global.s3.AWS_SERVICE_ACCOUNT_NAME`: superseded by `mender.serviceAccount.name`
- `global.redis.username`: Replaced by URL (connection string)
- `global.redis.password`: Replaced by URL (connection string)
- `test.enabled`
* MongoDB URL configuration
* Simplified values interface
* Added `mender.mongodb.existingSecretKey` to select an alternative key inside the secret for the connection string value.
* When using mongodb as a dependency, the connection string must be specified.
* NATS URL configuration
* Same logic as for MongoDB
* Redis URL configuration
* Same logic as for MongoDB
* Using the value from secret will use `REDIS_CONNECTION_STRING` key by default.
* `automigrate` options are disabled by default

## Version 5.10.1
* Fix invalid regexp in default storage proxy rule.

Expand Down
2 changes: 1 addition & 1 deletion mender/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
apiVersion: v2
appVersion: "3.7.7"
appVersion: "v4.0.0"
description: Mender is a robust and secure way to update all your software and deploy your IoT devices at scale with support for customization
name: mender
version: 5.10.1
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
version: 5.10.1
version: 6.0.0

;)

Besides, this could be a good exercise for the release-please tool; wanna make a try?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Besides, this could be a good exercise for the release-please tool; wanna make a try?

That would be pretty neat! 🚀

Expand Down
77 changes: 77 additions & 0 deletions mender/templates/_container.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
{{- define "mender.container.resources" -}}
{{- if .override.resources }}
{{- .override.resources | toYaml }}
{{- else if .dot.Values.default.resources }}
{{- .dot.Values.default.resources | toYaml }}
{{- end }}
{{- end -}}

{{- define "mender.container.securityContext" -}}
{{- if .override.containerSecurityContext }}
{{- /* NOTE: respect falsy override.containerSecurityContext.enabled */ -}}
{{- if .override.containerSecurityContext.enabled }}
{{- omit .override.containerSecurityContext "enabled" | toYaml }}
{{- else }}
{{- printf "{}" }}
{{- end }}
{{- else if and .dot.Values.default.containerSecurityContext
.dot.Values.default.containerSecurityContext.enabled }}
{{- omit .dot.Values.default.containerSecurityContext "enabled" | toYaml }}
{{- else }}
{{- printf "{}" }}
{{- end }}
{{- end -}}

{{- /* Synopsis
{{ include "mender.container" (dict
"dot" .
"component" "<serviceName>"
"override" .Values.<serviceName>
"readinessPath": "optional|/api/internal/v1/.component/health"
"livenessPath": "optional|/api/internal/v1/.component/alive")
}}
Bolierplate Mender service ContainerSpec
*/ -}}
{{- define "mender.container" -}}
image: {{ include "mender.image" . }}
imagePullPolicy: {{ include "mender.imagePullPolicy" . }}
{{- if .args }}
args: {{ splitList " " .args | toYaml | nindent 2 }}
{{- else if and .override.automigrate }}
args: ["server", "--automigrate"]
{{- else }}
args: ["server"]
{{- end }}
{{- if (not .migration) }}
# Readiness/liveness probes
readinessProbe:
httpGet:
path: {{ coalesce .readinessPath (printf "/api/internal/v1/%s/health" .component) }}
port: 8080
{{- coalesce .override.readinessProbe .dot.Values.default.readinessProbe |
toYaml |
nindent 2 }}
livenessProbe:
httpGet:
path: {{ coalesce .livenessPath (printf "/api/internal/v1/%s/alive" .component) }}
port: 8080
{{- coalesce .override.livenessProbe .dot.Values.default.livenessProbe |
toYaml |
nindent 2 }}
startupProbe:
httpGet:
path: {{ coalesce .livenessPath (printf "/api/internal/v1/%s/alive" .component) }}
port: 8080
{{- coalesce .override.startupProbe .dot.Values.default.startupProbe |
toYaml |
nindent 2 }}
{{- end }}
{{- if .resources }}
resources: {{- nindent 2 .resources }}
{{- else }}
{{- with include "mender.container.resources" . }}
resources: {{- nindent 2 . }}
{{- end }}
{{- end }}
securityContext: {{ include "mender.container.securityContext" . }}
{{- end -}}
174 changes: 173 additions & 1 deletion mender/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ Redis connection string
MongoDB URI
*/}}
{{- define "mongodb_uri" }}
{{- if and .Values.mongodb.enabled ( not .Values.global.mongodb.URL ) }}
{{- if and .Values.mongodb.enabled }}
{{- if and (eq .Values.mongodb.architecture "replicaset") .Values.mongodb.externalAccess.enabled (eq .Values.mongodb.externalAccess.service.type "ClusterIP") }}
{{- if and .Values.mongodb.auth.enabled .Values.mongodb.auth.rootPassword }}
{{- printf "mongodb://root:%s@%s-0" .Values.mongodb.auth.rootPassword ( include "mongodb.fullname" .Subcharts.mongodb ) | b64enc | quote -}}
Expand All @@ -113,6 +113,99 @@ MongoDB URI
{{- end }}
{{- end }}

{{- define "mender.mongoUrl" -}}
{{- if and .override.mongodb .override.mongodb.existingSecret -}}
valueFrom:
secretKeyRef:
name: {{ .override.mongodb.existingSecret }}
key: "MONGO_URL"
{{- else if and .override.mongodb .override.mongodb.URL -}}
value: {{ quote .override.mongodb.URL }}
{{- else if and .dot.Values.global
.dot.Values.global.mongodb
.dot.Values.global.mongodb.existingSecret -}}
{{- /* NOTE: For backward compatibility */ -}}
valueFrom:
secretKeyRef:
name: {{ .dot.Values.global.mongodb.existingSecret }}
key: "MONGO_URL"
{{- else if and .dot.Values.global
.dot.Values.global.mongodb
.dot.Values.global.mongodb.URL -}}
{{- /* NOTE: For backward compatibility */ -}}
value: {{ quote .dot.Values.global.mongodb.URL }}
{{- else if .dot.Values.default.mongodb.existingSecret -}}
valueFrom:
secretKeyRef:
name: {{ .dot.Values.default.mongodb.existingSecret }}
key: "MONGO_URL"
{{- else -}}
value: {{ quote .dot.Values.default.mongodb.URL }}
{{- end -}}
{{- end -}}

{{- define "mender.natsUrl" -}}
{{- if and .override.nats .override.nats.existingSecret -}}
valueFrom:
secretKeyRef:
name: {{ .override.nats.existingSecret }}
key: "REDIS_CONNECTION_STRING"
{{- else if and .override.nats .override.nats.URL -}}
value: {{ quote .override.nats.URL }}
{{- else if and .dot.Values.global
.dot.Values.global.nats
.dot.Values.global.nats.existingSecret -}}
{{- /* NOTE: For backward compatibility */ -}}
valueFrom:
secretKeyRef:
name: {{ .dot.Values.global.nats.existingSecret }}
key: "REDIS_CONNECTION_STRING"
{{- else if and .dot.Values.global
.dot.Values.global.nats
.dot.Values.global.nats.URL -}}
{{- /* NOTE: For backward compatibility */ -}}
value: {{ quote .dot.Values.global.nats.URL }}
{{- else if .dot.Values.default.nats.existingSecret -}}
valueFrom:
secretKeyRef:
name: {{ .dot.Values.default.nats.existingSecret }}
key: "REDIS_CONNECTION_STRING"
{{- else -}}
value: {{ quote .dot.Values.default.nats.URL }}
{{- end -}}
{{- end -}}

{{- define "mender.redisUrl" -}}
{{- if and .override.redis .override.redis.existingSecret -}}
valueFrom:
secretKeyRef:
name: {{ .override.redis.existingSecret }}
key: "REDIS_CONNECTION_STRING"
{{- else if and .override.redis .override.redis.URL -}}
value: {{ quote .override.redis.URL }}
{{- else if and .dot.Values.global
.dot.Values.global.redis
.dot.Values.global.redis.existingSecret -}}
{{- /* NOTE: For backward compatibility */ -}}
valueFrom:
secretKeyRef:
name: {{ .dot.Values.global.redis.existingSecret }}
key: "REDIS_CONNECTION_STRING"
{{- else if and .dot.Values.global
.dot.Values.global.redis
.dot.Values.global.redis.URL -}}
{{- /* NOTE: For backward compatibility */ -}}
value: {{ quote .dot.Values.global.redis.URL }}
{{- else if .dot.Values.default.redis.existingSecret -}}
valueFrom:
secretKeyRef:
name: {{ .dot.Values.default.redis.existingSecret }}
key: "REDIS_CONNECTION_STRING"
{{- else -}}
value: {{ quote .dot.Values.default.redis.URL }}
{{- end -}}
{{- end -}}

{{/*
nats_uri
*/}}
Expand Down Expand Up @@ -233,6 +326,85 @@ spec:
{{- printf "%s-%s" ( include "mender.fullname" .dot ) .component }}
{{- end }}

{{/* Helper for "mender.image" */}}
{{- define "mender.image.registry" }}
{{- if and .override.image .override.image.registry }}
{{- print .override.image.registry -}}
{{- else if and .dot.Values.global .dot.Values.global.image .dot.Values.global.image.registry}}
{{- print .dot.Values.global.image.registry -}}
{{- else if and .dot.Values.default.image .dot.Values.default.image.registry}}
{{- print .dot.Values.default.image.registry -}}
{{- else if .dot.Values.enterprise }}
{{- print "registry.mender.io" -}}
{{- else }}
{{- print "docker.io" -}}
{{- end }}
{{- end }}

{{/* Helper for "mender.image" */}}
{{- define "mender.image.repository" }}
{{- if and .override.image .override.image.repository }}
{{- print .override.image.repository -}}
{{- else if and .dot.Values.global
.dot.Values.global.image
.dot.Values.global.image.repository }}
{{- print .dot.Values.global.image.repository }}
{{- else if and .dot.Values.default.image .dot.Values.default.image.repository}}
{{- print .dot.Values.default.image.repository -}}
{{- else if .dot.Values.enterprise }}
{{- print "mender-server-enterprise" -}}
{{- else }}
{{- print "mendersoftware" -}}
{{- end }}
{{- end }}

{{/* Helper for "mender.image" */}}
{{- define "mender.image.tag" }}
{{- if and .override.image .override.image.tag }}
{{- print .override.image.tag -}}
{{- else if and .dot.Values.global
.dot.Values.global.image
.dot.Values.global.image.tag }}
{{- print .dot.Values.global.image.tag -}}
{{- else if and .dot.Values.default.image .dot.Values.default.image.tag}}
{{- print .dot.Values.default.image.tag -}}
{{- else }}
{{- print .dot.Chart.AppVersion -}}
{{- end }}
{{- end }}

{{/*
Synopsis:
image: {{ include "mender.image" (dict
"dot" .
"component" "<service>"
"override" .Values.<service> }}
*/}}
{{- define "mender.image" }}
{{- printf "%s/%s/%s:%s"
(include "mender.image.registry" .)
(include "mender.image.repository" .)
.component
(include "mender.image.tag" .) }}
{{- end }}

{{/*
Synopsis:
imagePullPolicy: {{ include "mender.imagePullPolicy" (dict
"dot" .
"component" "<service>"
"override" .Values.<service> }}
*/}}
{{- define "mender.imagePullPolicy" }}
{{- if and .override.image .override.image.pullPolicy }}
{{ .override.image.pullPolicy }}
{{- else if and .dot.Values.default.image .dot.Values.default.image.pullPolicy }}
{{- .dot.Values.default.image.pullPolicy }}
{{- else }}
{{- "IfNotPresent" }}
{{- end }}
{{- end }}

{{- define "mender.resources" -}}
{{- $resources := dict }}
{{- range . }}{{- if . }}
Expand Down
46 changes: 46 additions & 0 deletions mender/templates/_podspec.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
{{- define "mender.podSecurityContext" -}}
{{- if .override.containerSecurityContext }}
{{- /* NOTE: respect falsy override.containerSecurityContext.enabled */ -}}
{{- if .override.containerSecurityContext.enabled }}
{{- omit .override.containerSecurityContext "enabled" | toYaml }}
{{- else }}
{{- printf "{}" }}
{{- end }}
{{- else if and .dot.Values.default.containerSecurityContext
.dot.Values.default.containerSecurityContext.enabled }}
{{- omit .dot.Values.default.containerSecurityContext "enabled" | toYaml }}
{{- else }}
{{- printf "{}" }}
{{- end }}
{{- end -}}

{{- /* Synopsis:
{{ include "mender.podSpec" (dict
"dot" .
"component" "<serviceName>"
"override" .Values.<serviceName>
}}
Generates shared boilerplate PodSpec
*/ -}}
{{- define "mender.podSpec" -}}
serviceAccountName: {{ include "mender.serviceAccountName" . }}
{{- with (coalesce .override.affinity .dot.Values.default.affinity) }}
affinity: {{ toYaml . | nindent 4 }}
{{- end }}
{{- with (coalesce .override.tolerations .dot.Values.default.tolerations) }}
tolerations: {{ toYaml . | nindent 4 }}
{{- end }}
securityContext: {{ include "mender.podSecurityContext" . | nindent 2}}
{{- with .restartPolicy }}
restartPolicy: {{ quote . }}
{{- end }}
{{- with coalesce .override.imagePullSecrets .dot.Values.default.imagePullSecrets }}
imagePullSecrets: {{- toYaml . | nindent 2 }}
{{- end }}
{{- with (coalesce .override.priorityClassName .dot.Values.default.PriorityClassName) }}
priorityClassName: {{ quote . }}
{{- end }}
{{- with (coalesce .override.nodeSelector .dot.Values.default.nodeSelector) }}
nodeSelector: {{ toYaml . | nindent 4 }}
{{- end }}
{{- end -}}
Loading