From 6ea07ed52fbe1d7f5755aba996eb10cbbb5aedfb Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 24 Aug 2023 15:11:28 +0200 Subject: [PATCH 01/37] Initial implementation Sources moved from internal repository --- .gitignore | 2 + .pre-commit-config.yaml | 21 ++ Chart.lock | 9 + Chart.yaml | 33 +++ README.md | 214 ++++++++++++++++- README.md.gotmpl | 91 ++++++++ external-config.yaml | 39 ++++ templates/_helpers.tpl | 203 ++++++++++++++++ templates/_matcher.tpl | 41 ++++ templates/_validations.tpl | 116 ++++++++++ templates/api-deployment.yaml | 55 +++++ templates/api-svc.yaml | 18 ++ templates/auth-api-deployment.yaml | 58 +++++ templates/auth-api-svc.yaml | 18 ++ templates/autsocaling/api-scaledobject.yaml | 47 ++++ .../autsocaling/detector-scaledobject.yaml | 47 ++++ .../autsocaling/extractor-scaledobject.yaml | 47 ++++ .../autsocaling/rmq-api-host-secret.yaml | 9 + .../autsocaling/rmq-keda-trigger-auth.yaml | 11 + templates/countly-publisher-deployment.yaml | 48 ++++ templates/countly-publisher-svc.yaml | 15 ++ templates/detector-deployment.yaml | 36 +++ .../access-controller-deployment.yaml | 45 ++++ .../edge-streams/access-controller-svc.yaml | 27 +++ templates/edge-streams/base-deployment.yaml | 39 ++++ templates/edge-streams/base-svc.yaml | 14 ++ .../edge-stream-processor-deployment.yaml | 37 +++ .../edge-streams/face-matcher-deployment.yaml | 37 +++ templates/edge-streams/grpc-ingress.yaml | 35 +++ .../stream-data-db-worker-deployment.yaml | 35 +++ templates/extractor-deployment.yaml | 36 +++ templates/graphql-deployment.yaml | 54 +++++ templates/graphql-svc.yaml | 12 + templates/ingress.yaml | 78 +++++++ templates/liveness-deployment.yaml | 34 +++ templates/matcher-deployment.yaml | 3 + templates/metrics/sf-service-monitor.yaml | 17 ++ templates/readonly-api/api-nginx-cm.yaml | 41 ++++ .../readonly-api/api-nginx-deployment.yaml | 34 +++ templates/readonly-api/api-nginx-svc.yaml | 14 ++ templates/readonly-api/auth-api-nginx-cm.yaml | 41 ++++ .../auth-api-nginx-deployment.yaml | 34 +++ .../readonly-api/auth-api-nginx-svc.yaml | 14 ++ templates/rmq/mqtt-svc.yaml | 20 ++ templates/rmq/rmq-cm.yaml | 11 + templates/sf-tenant-operator-config.yaml | 26 +++ templates/station-deployment.yaml | 98 ++++++++ templates/station-svc.yaml | 14 ++ templates/validation.yaml | 1 + values.yaml | 218 ++++++++++++++++++ 50 files changed, 2245 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 .pre-commit-config.yaml create mode 100644 Chart.lock create mode 100644 Chart.yaml create mode 100644 README.md.gotmpl create mode 100644 external-config.yaml create mode 100644 templates/_helpers.tpl create mode 100644 templates/_matcher.tpl create mode 100644 templates/_validations.tpl create mode 100644 templates/api-deployment.yaml create mode 100644 templates/api-svc.yaml create mode 100644 templates/auth-api-deployment.yaml create mode 100644 templates/auth-api-svc.yaml create mode 100644 templates/autsocaling/api-scaledobject.yaml create mode 100644 templates/autsocaling/detector-scaledobject.yaml create mode 100644 templates/autsocaling/extractor-scaledobject.yaml create mode 100644 templates/autsocaling/rmq-api-host-secret.yaml create mode 100644 templates/autsocaling/rmq-keda-trigger-auth.yaml create mode 100644 templates/countly-publisher-deployment.yaml create mode 100644 templates/countly-publisher-svc.yaml create mode 100644 templates/detector-deployment.yaml create mode 100644 templates/edge-streams/access-controller-deployment.yaml create mode 100644 templates/edge-streams/access-controller-svc.yaml create mode 100644 templates/edge-streams/base-deployment.yaml create mode 100644 templates/edge-streams/base-svc.yaml create mode 100644 templates/edge-streams/edge-stream-processor-deployment.yaml create mode 100644 templates/edge-streams/face-matcher-deployment.yaml create mode 100644 templates/edge-streams/grpc-ingress.yaml create mode 100644 templates/edge-streams/stream-data-db-worker-deployment.yaml create mode 100644 templates/extractor-deployment.yaml create mode 100644 templates/graphql-deployment.yaml create mode 100644 templates/graphql-svc.yaml create mode 100644 templates/ingress.yaml create mode 100644 templates/liveness-deployment.yaml create mode 100644 templates/matcher-deployment.yaml create mode 100644 templates/metrics/sf-service-monitor.yaml create mode 100644 templates/readonly-api/api-nginx-cm.yaml create mode 100644 templates/readonly-api/api-nginx-deployment.yaml create mode 100644 templates/readonly-api/api-nginx-svc.yaml create mode 100644 templates/readonly-api/auth-api-nginx-cm.yaml create mode 100644 templates/readonly-api/auth-api-nginx-deployment.yaml create mode 100644 templates/readonly-api/auth-api-nginx-svc.yaml create mode 100644 templates/rmq/mqtt-svc.yaml create mode 100644 templates/rmq/rmq-cm.yaml create mode 100644 templates/sf-tenant-operator-config.yaml create mode 100644 templates/station-deployment.yaml create mode 100644 templates/station-svc.yaml create mode 100644 templates/validation.yaml create mode 100644 values.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..c27caed --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +*.tgz +*.zip diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml new file mode 100644 index 0000000..4287d2d --- /dev/null +++ b/.pre-commit-config.yaml @@ -0,0 +1,21 @@ +repos: + - repo: https://github.com/pre-commit/pre-commit-hooks + rev: v4.4.0 + hooks: + - id: trailing-whitespace + - id: check-merge-conflict + - id: detect-aws-credentials + args: ['--allow-missing-credentials'] + - id: detect-private-key + - id: end-of-file-fixer + +# TODO need this? + - repo: https://github.com/gruntwork-io/pre-commit + rev: v0.1.22 + hooks: + - id: helmlint + + - repo: https://github.com/norwoodj/helm-docs + rev: v1.11.0 + hooks: + - id: helm-docs diff --git a/Chart.lock b/Chart.lock new file mode 100644 index 0000000..207466f --- /dev/null +++ b/Chart.lock @@ -0,0 +1,9 @@ +dependencies: +- name: sf-tenant-operator + repository: https://nexus3.ba.innovatrics.net/repository/helm-sface + version: 0.1.1 +- name: rabbitmq + repository: oci://registry-1.docker.io/bitnamicharts + version: 12.0.4 +digest: sha256:8f5ee64062c5614e0c25e92c46c00b0475a1006aa9948fb554614dcb63f66f4d +generated: "2023-07-06T16:21:45.811652+02:00" diff --git a/Chart.yaml b/Chart.yaml new file mode 100644 index 0000000..2f2623f --- /dev/null +++ b/Chart.yaml @@ -0,0 +1,33 @@ +apiVersion: v2 +name: sf-lfis +description: SmartFace Lightweight Face Identification System (LFIS) is a lightweight, powerful, scalable, multi-platform and easy-to-deploy solution for facial biometrics use cases easily integrated to any third-party system via REST API. Available for fast cloud and on premise deployment. + +dependencies: + - name: sf-tenant-operator + version: "0.1.1" + repository: "https://nexus3.ba.innovatrics.net/repository/helm-sface" + condition: multitenancy.enabled + - name: rabbitmq + version: "12.0.4" + repository: "oci://registry-1.docker.io/bitnamicharts" + condition: rabbitmq.enabled + +type: application + +keywords: +- Face recognition +- Biometrics + +sources: + # - https://github.com/innovatrics/sf-lfis-helm + - https://github.com/innovatrics/smartface + +home: https://www.innovatrics.com/face-recognition-solutions/ + +maintainers: +- name: Innovatrics + url: https://www.innovatrics.com/ + +version: 0.1.17 + +appVersion: "v5_4.21.0" diff --git a/README.md b/README.md index 4daafd1..c0e574e 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,212 @@ -# sf-lfis-helm -SmartFace Lightweight Face Identification System Helm chart +# sf-lfis + +![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) + +SmartFace Lightweight Face Identification System (LFIS) is a lightweight, powerful, scalable, multi-platform and easy-to-deploy solution for facial biometrics use cases easily integrated to any third-party system via REST API. Available for fast cloud and on premise deployment. + +**Homepage:** + +## TL;DR + +``` +helm install sf-lfis oci://ghcr... +``` + +## Prerequisites + +The helm chart needs certain objects to be present in the cluster before it can be installed. Refer to `external-config.yaml` for examples for the required objects: + +1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) + - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `image.secretName` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials +1. License file secret + - Get the license file from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `license.secretName` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file +1. S3 bucket + - Create an S3 bucket + - Create a ConfigMap - see `external-config.yaml` for example + - ConfigMap name must match `s3.configName` value + - keys in the ConfigMap must match `s3.bucketKey` and `s3.regionKey` values +1. pgsql server + - Create a PgSql server + - Create a Secret - see `external-config.yaml` for example + - Secret name must match `database.secretName` value + - key in the Secret must match `database.connectionStringKey` value +1. Optionally [KEDA](https://keda.sh/) for autoscaling + - see `autoscaling.*` values for more info + +## Ingress + +By default an ingress object is created with the helm chart. To configure the ingress please see the `ingress.*` values + +## Requirements + +| Repository | Name | Version | +|------------|------|---------| +| https://nexus3.ba.innovatrics.net/repository/helm-sface | sf-tenant-operator | 0.1.1 | +| oci://registry-1.docker.io/bitnamicharts | rabbitmq | 12.0.4 | + +All chart dependencies are optional and can be disabled and supplemented with other (for example cloud-based) alternatives + +### RabbitMQ +To use non-chart managed rabbitmq: +- set `rabbitmq.enabled=false` +- create ConfigMap with rabbitmq connection details + - ConfigMap name must match `rabbitmq.configMapName` value + - see Sample objects for example +- create Secret with rabbitmq password + - supply `rabbitmq.existingSecretName` value with name of existing secret + - see Sample objects for example + +#### Sample objects +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: "sf-rmq-connection" + namespace: "test" +data: + hostname: "b-7a837e03-0422-4bfd-aded-01faea243858.mq.eu-central-1.amazonaws.com" + username: "smartface" + port: "5671" + useSsl: "true" +``` + +``` +apiVersion: v1 +kind: Secret +metadata: + name: "rmq-pass" + namespace: "test" +stringData: + rabbitmq-password: "smartface" +``` + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| accessController.authContainerPort | int | `5051` | | +| accessController.authServiceName | string | `"sf-auth-access-controller"` | | +| accessController.authServicePort | int | `5051` | | +| accessController.containerPort | int | `80` | | +| accessController.dnsHost | string | `""` | | +| accessController.imageVersion | string | `"v5_1.9.1"` | | +| accessController.name | string | `"sf-access-controller"` | | +| accessController.servicePort | int | `5050` | | +| api.containerPort | int | `80` | | +| api.dnsHost | string | `""` | | +| api.enabled | bool | `true` | | +| api.initMigration | bool | `true` | | +| api.name | string | `"sf-api"` | | +| api.servicePort | int | `80` | | +| auth.configName | string | `"auth-config"` | config containing authorization configuration for APIs used when authentication is enabled | +| authApi.containerPort | int | `80` | | +| authApi.dnsHost | string | `""` | | +| authApi.enabled | bool | `false` | | +| authApi.initMigration | bool | `true` | | +| authApi.name | string | `"sf-auth-api"` | | +| authApi.servicePort | int | `8098` | | +| autoscaling.api.enabled | bool | `true` | enables ScaledObject for rest API | +| autoscaling.api.maxReplicas | int | `3` | | +| autoscaling.api.minReplicas | int | `1` | | +| autoscaling.api.nonWorkHoursReplicas | int | `1` | for cron trigger | +| autoscaling.api.rmqRps | int | `17` | for RMQ trigger | +| autoscaling.api.workHoursReplicas | int | `2` | for cron trigger | +| autoscaling.cron.enabled | bool | `false` | enables predefined cron trigger on ScaledObjects | +| autoscaling.cron.timezone | string | `"Europe/Bratislava"` | see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones | +| autoscaling.detector.enabled | bool | `true` | enables ScaledObject for detector | +| autoscaling.detector.maxReplicas | int | `3` | | +| autoscaling.detector.minReplicas | int | `1` | | +| autoscaling.detector.nonWorkHoursReplicas | int | `1` | for cron trigger | +| autoscaling.detector.rmqRps | int | `15` | for RMQ trigger | +| autoscaling.detector.workHoursReplicas | int | `2` | for cron trigger | +| autoscaling.extractor.enabled | bool | `true` | enables ScaledObject for extractor | +| autoscaling.extractor.maxReplicas | int | `3` | | +| autoscaling.extractor.minReplicas | int | `1` | | +| autoscaling.extractor.nonWorkHoursReplicas | int | `1` | for cron trigger | +| autoscaling.extractor.rmqRps | int | `12` | for RMQ trigger | +| autoscaling.extractor.workHoursReplicas | int | `2` | for cron trigger | +| autoscaling.rmq.enabled | bool | `false` | enables rabbitmq triggers on ScaledObjects | +| autoscaling.rmq.hostSecretName | string | `"rmq-management-uri-with-creds"` | | +| autoscaling.rmq.triggerAuthName | string | `"keda-trigger-auth-rabbitmq-conn"` | | +| base.name | string | `"sf-base"` | | +| base.zmqContainerPort | int | `2406` | | +| base.zmqServicePort | int | `2406` | | +| countlyPublisher.clusterName | string | `""` | | +| countlyPublisher.enabled | bool | `false` | | +| countlyPublisher.imageTag | string | `"31"` | | +| countlyPublisher.name | string | `"countly-publisher"` | | +| database.connectionStringKey | string | `"cs"` | | +| database.secretName | string | `"db-cs"` | | +| detector.cpuRequests | string | `"750m"` | | +| detector.name | string | `"sf-detector"` | | +| edgeStreams.enabled | bool | `false` | | +| edgeStreams.name | string | `"sf-edge-stream-processor"` | | +| extractor.cpuRequests | string | `"750m"` | | +| extractor.name | string | `"sf-extractor"` | | +| faceMatcher.name | string | `"sf-face-matcher"` | | +| graphqlApi.containerPort | int | `80` | | +| graphqlApi.dnsHost | string | `""` | | +| graphqlApi.enableAuth | bool | `false` | | +| graphqlApi.initMigration | bool | `false` | | +| graphqlApi.name | string | `"sf-graphql-api"` | | +| graphqlApi.servicePort | int | `8097` | | +| image.registry | string | `"registry.gitlab.com/innovatrics/smartface/"` | registry to pull SmartFace images from | +| image.secretName | string | `"sf-gitlab-registry-creds"` | docker secret to pull SmartFace images with | +| ingress.annotations | string | `nil` | supply custom ingress annotation | +| ingress.certificateArn | string | `""` | only used if includeAlbAnnotations == true | +| ingress.class | string | `""` | set ingress class | +| ingress.enabled | bool | `true` | enable creation of ingress object | +| ingress.includeAlbAnnotations | bool | `false` | if enabled then the ingress will include default ALB annotations | +| jaeger.enabled | bool | `true` | | +| jaeger.hostname | string | `"grafana-agent.monitoring.svc.cluster.local"` | | +| license.mountPath | string | `"/etc/innovatrics"` | | +| license.secretName | string | `"iface-lic"` | | +| license.volumeMountName | string | `"license"` | | +| liveness.cpuRequests | string | `"750m"` | | +| liveness.name | string | `"sf-liveness"` | | +| matcher.cpuRequests | string | `"750m"` | | +| matcher.name | string | `"sf-matcher"` | | +| metrics.enabled | bool | `false` | | +| metrics.monitorDiscoveryLabel.instance | string | `"primary"` | | +| metrics.port | int | `4318` | | +| metrics.portName | string | `"metrics"` | | +| metrics.serviceDiscoveryLabels.sf-metrics | string | `"true"` | | +| migration.enabled | bool | `true` | | +| multitenancy.enabled | bool | `false` | enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled | +| rabbitmq | object | `{"auth":{"erlangCookie":"","password":"","username":"smartface"},"configMapName":"sf-rmq-connection","enabled":true,"existingSecretName":"","extraPlugins":"rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt","mqttDnsHost":"","secretKey":"rabbitmq-password"}` | config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq | +| rabbitmq.enabled | bool | `true` | configure if rabbitmq subchart should be included | +| rabbitmq.mqttDnsHost | string | `""` | hostname used for MQTT service - only relevant for edge streams | +| readonlyApi.authName | string | `"readonly-auth-api"` | | +| readonlyApi.enabled | bool | `false` | | +| readonlyApi.noAuthName | string | `"readonly-noauth-api"` | | +| s3.bucketKey | string | `"name"` | | +| s3.configName | string | `"s3-config"` | | +| s3.regionKey | string | `"region"` | | +| sf-tenant-operator | object | `{"config":{"configDir":"/etc/components","fileName":"appsettings.override.json","mapName":"operator-config"},"image":{"secretName":"sf-gitlab-registry-creds"},"installCrd":false}` | configuration for sf-tenant-operator subchart | +| station.containerPort | int | `80` | | +| station.dnsHost | string | `""` | | +| station.enabled | bool | `true` | | +| station.imageVersion | string | `"v5_1.17.0"` | | +| station.name | string | `"sf-station"` | | +| station.servicePort | int | `8000` | | +| stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | +| stationAuth.secretName | string | `"station-client-id"` | | +| streamDataDbWorker.name | string | `"sf-stream-data-db-worker"` | | + +## Maintainers + +| Name | Email | Url | +| ---- | ------ | --- | +| Innovatrics | | | + +## Source Code + +* + +## Breaking changes + +Upgrade guide to future major version will be here diff --git a/README.md.gotmpl b/README.md.gotmpl new file mode 100644 index 0000000..b054922 --- /dev/null +++ b/README.md.gotmpl @@ -0,0 +1,91 @@ +{{ template "chart.header" . }} +{{ template "chart.deprecationWarning" . }} + +{{ template "chart.badgesSection" . }} + +{{ template "chart.description" . }} + +{{ template "chart.homepageLine" . }} + +## TL;DR + +``` +helm install sf-lfis oci://ghcr... +``` + +## Prerequisites + +The helm chart needs certain objects to be present in the cluster before it can be installed. Refer to `external-config.yaml` for examples for the required objects: + +1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) + - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `image.secretName` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials +1. License file secret + - Get the license file from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `license.secretName` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file +1. S3 bucket + - Create an S3 bucket + - Create a ConfigMap - see `external-config.yaml` for example + - ConfigMap name must match `s3.configName` value + - keys in the ConfigMap must match `s3.bucketKey` and `s3.regionKey` values +1. pgsql server + - Create a PgSql server + - Create a Secret - see `external-config.yaml` for example + - Secret name must match `database.secretName` value + - key in the Secret must match `database.connectionStringKey` value +1. Optionally [KEDA](https://keda.sh/) for autoscaling + - see `autoscaling.*` values for more info + +## Ingress + +By default an ingress object is created with the helm chart. To configure the ingress please see the `ingress.*` values + +{{ template "chart.requirementsSection" . }} + +All chart dependencies are optional and can be disabled and supplemented with other (for example cloud-based) alternatives + +### RabbitMQ +To use non-chart managed rabbitmq: +- set `rabbitmq.enabled=false` +- create ConfigMap with rabbitmq connection details + - ConfigMap name must match `rabbitmq.configMapName` value + - see Sample objects for example +- create Secret with rabbitmq password + - supply `rabbitmq.existingSecretName` value with name of existing secret + - see Sample objects for example + +#### Sample objects +``` +apiVersion: v1 +kind: ConfigMap +metadata: + name: "sf-rmq-connection" + namespace: "test" +data: + hostname: "b-7a837e03-0422-4bfd-aded-01faea243858.mq.eu-central-1.amazonaws.com" + username: "smartface" + port: "5671" + useSsl: "true" +``` + +``` +apiVersion: v1 +kind: Secret +metadata: + name: "rmq-pass" + namespace: "test" +stringData: + rabbitmq-password: "smartface" +``` + +{{ template "chart.valuesSection" . }} + +{{ template "chart.maintainersSection" . }} + +{{ template "chart.sourcesSection" . }} + +## Breaking changes + +Upgrade guide to future major version will be here diff --git a/external-config.yaml b/external-config.yaml new file mode 100644 index 0000000..6412a37 --- /dev/null +++ b/external-config.yaml @@ -0,0 +1,39 @@ +# supply license secret +# kubectl create secret docker-registry --dry-run=client sf-gitlab-registry-creds \ +# --docker-server=registry.gitlab.com \ +# --docker-username=sf-distribution \ +# --docker-password= -o yaml > docker-secret.yaml +apiVersion: v1 +kind: Secret +metadata: + name: sf-gitlab-registry-creds +type: kubernetes.io/dockerconfigjson +data: + .dockerconfigjson: c21hcnRmYWNlCg== +--- +# supply license secret +# kubectl create secret generic --dry-run=client iface-lic \ +# --from-file=/etc/innovatrics/iengine.lic -o yaml > lic-secret.yaml +apiVersion: v1 +data: + iengine.lic: c21hcnRmYWNlCg== +kind: Secret +metadata: + name: iface-lic +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: "s3-config" +data: +# supply S3 bucket + name: "sf-cm-test" + region: "eu-central-1" +--- +apiVersion: v1 +stringData: +# supply pgsql server + cs: "Server=eu-central-1.rds.amazonaws.com;Database=smartface;Username=postgres;Password=smartface;" +kind: Secret +metadata: + name: db-cs diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl new file mode 100644 index 0000000..8431224 --- /dev/null +++ b/templates/_helpers.tpl @@ -0,0 +1,203 @@ +{{/* +Template used for adding database configuration to containers +*/}} +{{- define "sf-cloud-matcher.dbConfig" -}} +- name: "ConnectionStrings__CoreDbContext" + valueFrom: + secretKeyRef: + name: {{ .Values.database.secretName | quote }} + key: {{ .Values.database.connectionStringKey | quote }} +- name: "Database__DbEngine" + value: "PgSql" +{{- end }} + +{{/* +Template used for adding S3 configuration to containers +*/}} +{{- define "sf-cloud-matcher.s3Config" -}} +- name: "S3Bucket__BucketName" + valueFrom: + configMapKeyRef: + name: {{ .Values.s3.configName | quote }} + key: {{ .Values.s3.bucketKey | quote }} +- name: "S3Bucket__BucketRegion" + valueFrom: + configMapKeyRef: + name: {{ .Values.s3.configName | quote }} + key: {{ .Values.s3.regionKey | quote }} +{{- end }} + +{{/* +Template used for configuring feature flags on APIs +*/}} +{{- define "sf-cloud-matcher.apiFeaturesConfig" -}} +- name: "FeatureManagement__Full" + value: "false" +- name: "FeatureManagement__Watchlist" + value: "true" +- name: "FeatureManagement__Edge" + value: {{ .Values.edgeStreams.enabled | quote }} +{{- end }} + +{{/* +Template used for configuring Authentication on APIs +*/}} +{{- define "sf-cloud-matcher.authenticationConfig" -}} +- name: "Authentication__UseAuthentication" + valueFrom: + configMapKeyRef: + name: {{ .Values.auth.configName | quote }} + key: "use_auth" +- name: "Authentication__Authority" + valueFrom: + configMapKeyRef: + name: {{ .Values.auth.configName | quote }} + key: "authority" +- name: "Authentication__Audience" + valueFrom: + configMapKeyRef: + name: {{ .Values.auth.configName | quote }} + key: "audience" +- name: "Authentication__SwaggerAuthConfig__ClientCredsTokenUrl" + valueFrom: + configMapKeyRef: + name: {{ .Values.auth.configName | quote }} + key: "oauth_token_url" +- name: "Authentication__SwaggerAuthConfig__AuthCodeTokenUrl" + valueFrom: + configMapKeyRef: + name: {{ .Values.auth.configName | quote }} + key: "oauth_token_url" +- name: "Authentication__SwaggerAuthConfig__AuthCodeAuthorizeUrl" + valueFrom: + configMapKeyRef: + name: {{ .Values.auth.configName | quote }} + key: "oauth_authorize_url" +{{- end }} + +{{/* +Template used for adding RMQ configuration to containers +*/}} +{{- define "sf-cloud-matcher.rmqConfig" -}} +- name: "RabbitMQ__Hostname" + valueFrom: + configMapKeyRef: + name: {{ .Values.rabbitmq.configMapName | quote }} + key: "hostname" +- name: "RabbitMQ__UseSsl" + valueFrom: + configMapKeyRef: + name: {{ .Values.rabbitmq.configMapName | quote }} + key: "useSsl" +- name: "RabbitMQ__Port" + valueFrom: + configMapKeyRef: + name: {{ .Values.rabbitmq.configMapName | quote }} + key: "port" +- name: "RabbitMQ__Username" + valueFrom: + configMapKeyRef: + name: {{ .Values.rabbitmq.configMapName | quote }} + key: "username" +- name: "RabbitMQ__Password" + valueFrom: + secretKeyRef: + {{- if .Values.rabbitmq.existingSecretName }} + name: {{ .Values.rabbitmq.existingSecretName | quote }} + {{- else }} + name: "{{ .Release.Name }}-rabbitmq" + {{- end }} + key: {{ .Values.rabbitmq.secretKey | quote }} +{{- end }} + +{{/* +Template used for adding license volume to deployment definition +*/}} +{{- define "sf-cloud-matcher.licVolume" -}} +- name: {{ .Values.license.volumeMountName | quote }} + secret: + secretName: {{ .Values.license.secretName | quote }} +{{- end }} + +{{/* +Template used for binding the license volume to containers +*/}} +{{- define "sf-cloud-matcher.licVolumeMount" -}} +- name: {{ .Values.license.volumeMountName | quote }} + mountPath: {{ .Values.license.mountPath | quote }} + readOnly: true +{{- end }} + +{{/* +Template used for common environment variables definition +*/}} +{{- define "sf-cloud-matcher.commonEnv" -}} +- name: "AppSettings__Log-RollingFile-Enabled" + value: "false" +- name: "AppSettings__Log_RollingFile_Enabled" + value: "false" +- name: "AppSettings__Log_JsonConsole_Enabled" + value: "true" +- name: "AppSettings__USE_JAEGER_APP_SETTINGS" + value: {{ .Values.jaeger.enabled | quote }} +- name: "JAEGER_AGENT_HOST" + value: {{ .Values.jaeger.hostname | quote }} +- name: "Metrics__PROMETHEUS_METRIC_SERVER_HOSTNAME" + value: "*" +- name: "S3ClientLifetime__S3ClientLifetime" + value: "Singleton" +{{- end }} + +{{/* +Enabling statistics pulishing for countly sender +*/}} +{{- define "sf-cloud-matcher.statisticsPublish" -}} +- name: "Statistics__SendStatisticsData" + value: {{ .Values.countlyPublisher.enabled | quote }} +{{- end }} + +{{/* +Topology spread definition commonly used for most of our deployments +*/}} +{{- define "sf-cloud-matcher.topologySpread" -}} +- maxSkew: 1 + topologyKey: "topology.kubernetes.io/zone" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ .appLabel | quote }} +- maxSkew: 1 + topologyKey: "kubernetes.io/hostname" + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + app: {{ .appLabel | quote }} +{{- end -}} + +{{/* +Init container to perform database migration before starting the main container +*/}} +{{- define "sf-cloud-matcher.migrationInitContainer" -}} +- name: "sf-migration" + image: "{{ .Values.image.registry }}sf-admin:{{ .Chart.AppVersion }}" + args: [ + "run-migration", + "-p", "1", + "-c", "$(db_cs)", + "-dbe", "PgSql", + "--rmq-host", "$(RabbitMQ__Hostname)", + "--rmq-user", "$(RabbitMQ__Username)", + "--rmq-pass", "$(RabbitMQ__Password)", + "--rmq-port", "$(RabbitMQ__Port)", + "--rmq-use-ssl", "$(RabbitMQ__UseSsl)", + "--rmq-virtual-host", "/"] + env: + - name: "db_cs" + valueFrom: + secretKeyRef: + name: {{ .Values.database.secretName | quote }} + key: {{ .Values.database.connectionStringKey | quote }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 4 }} + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 2 }} +{{- end -}} diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl new file mode 100644 index 0000000..dc1d06f --- /dev/null +++ b/templates/_matcher.tpl @@ -0,0 +1,41 @@ + +{{/* +Definition of matcher deployment manifest. Will either be used by tenant operator or directly +*/}} +{{- define "sf-cloud-matcher.matcherDefinition" -}} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.matcher.name | quote }} + labels: + app: {{ .Values.matcher.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.matcher.name | quote }} + template: + metadata: + labels: + app: {{ .Values.matcher.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.matcher.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.matcher.name | quote }} + image: "{{ .Values.image.registry }}sf-matcher:{{ .Chart.AppVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 12 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 12 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 12 }} + resources: + requests: + memory: "200M" + cpu: {{ .Values.matcher.cpuRequests | quote }} + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 12 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 12 }} +{{- end }} diff --git a/templates/_validations.tpl b/templates/_validations.tpl new file mode 100644 index 0000000..624850d --- /dev/null +++ b/templates/_validations.tpl @@ -0,0 +1,116 @@ + +{{/* +Compile all warnings into a single message, and call fail. +*/}} +{{- define "sf-cloud-matcher.validate" -}} +{{- $messages := list -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.multitenantEdge" .)) -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.dbConnectionSecret" .)) -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.s3Config" .)) -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.licenseSecret" .)) -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.authConfig" .)) -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.registryCreds" .)) -}} +{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.rmqConfig" .)) -}} +{{- $messages := without $messages "" -}} +{{- $message := join "\n" $messages -}} + +{{- if $message -}} +{{- printf "\nVALIDATIONS:\n%s" $message | fail -}} +{{- end -}} +{{- end -}} + +{{/* +Validate that users does not want multitenant edge streams +*/}} +{{- define "sf-cloud-matcher.validate.multitenantEdge" -}} +{{- if and .Values.multitenancy.enabled .Values.edgeStreams.enabled -}} +Multitenancy is not supported for clusters with edge streams. Please disable one of the two features +{{- end -}} +{{- end -}} + +{{/* +Validate that the Database connection string secret exists with correct key +*/}} +{{- define "sf-cloud-matcher.validate.dbConnectionSecret" -}} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.database.secretName "Key" .Values.database.connectionStringKey) }} +{{- end -}} + +{{/* +Validate that the S3 config map exists with correct keys +*/}} +{{- define "sf-cloud-matcher.validate.s3Config" -}} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.bucketKey) }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.regionKey) }} +{{- end -}} + +{{/* +Validate that the license secret exists with correct keys +*/}} +{{- define "sf-cloud-matcher.validate.licenseSecret" -}} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.license.secretName "Key" "iengine.lic") }} +{{- end -}} + +{{/* +Validate auth config present if it will be needed +*/}} +{{- define "sf-cloud-matcher.validate.authConfig" -}} +{{- if or .Values.authApi.enabled .Values.graphqlApi.enableAuth -}} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "use_auth") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "authority") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "audience") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_token_url") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_authorize_url") }} +{{- end -}} +{{- if .Values.station.enabled }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "use_auth") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "audience") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "domain") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "issuer") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "jwks_uri") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "auth_header") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.stationAuth.secretName "Key" "client_id") }} +{{- end -}} +{{- end -}} + +{{/* +Validate registry credentials +*/}} +{{- define "sf-cloud-matcher.validate.registryCreds" -}} +{{- $error := (include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.image.secretName "Key" ".dockerconfigjson")) -}} +{{- if $error -}} +{{ printf "%s" ($error) }} +To create the secret follow the official documentation https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +{{- end -}} +{{- end -}} + +{{/* +Validate rmq config if not managed by us +*/}} +{{- define "sf-cloud-matcher.validate.rmqConfig" -}} +{{- if not .Values.rabbitmq.enabled -}} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "hostname") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "useSsl") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "port") }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "username") }} +{{- if not .Values.rabbitmq.existingSecretName }} +Please provide value for `rabbitmq.existingSecretName` +{{- else }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.existingSecretName "Key" .Values.rabbitmq.secretKey) }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Validate arbitrary k8s resource and presence of a field on it +*/}} +{{- define "sf-cloud-matcher.validate.genericResourceWithKey" -}} +{{- $resource := (lookup .Version .Type .Namespace .Name).data -}} +{{- if $resource -}} +{{- $value := (index $resource .Key) -}} +{{- if not $value -}} +Resource of type "{{.Version}}/{{ .Type }}" with name "{{ .Name }}" in namespace "{{ .Namespace }}" is missing key "{{ .Key }}" +{{- end -}} +{{- else -}} +Resource of type "{{.Version}}/{{ .Type }}" with name "{{ .Name }}" in namespace "{{ .Namespace }}" not found +{{- end -}} +{{- end -}} diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml new file mode 100644 index 0000000..5715dbc --- /dev/null +++ b/templates/api-deployment.yaml @@ -0,0 +1,55 @@ +{{- if .Values.api.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.api.name | quote }} + labels: + app: {{ .Values.api.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.api.name | quote }} + template: + metadata: + labels: + app: {{ .Values.api.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.api.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.api.name | quote }} + image: "{{ .Values.image.registry }}sf-api:{{ .Chart.AppVersion }}" + ports: + - name: "http" + containerPort: {{ .Values.api.containerPort }} + - name: {{ .Values.metrics.portName | quote }} + containerPort: {{ .Values.metrics.port }} + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.statisticsPublish" . | nindent 8 }} + - name: "Hosting__Host" + value: "http://0.0.0.0" + - name: "Hosting__Port" + value: {{ .Values.api.containerPort | quote }} + resources: + requests: + memory: "300M" + cpu: "250m" + limits: + memory: "4G" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- if and .Values.migration.enabled .Values.api.initMigration }} + initContainers: + {{- include "sf-cloud-matcher.migrationInitContainer" . | nindent 6 }} + {{- end }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/api-svc.yaml b/templates/api-svc.yaml new file mode 100644 index 0000000..8f11258 --- /dev/null +++ b/templates/api-svc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.api.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.api.name | quote }} + labels: + {{- toYaml $.Values.metrics.serviceDiscoveryLabels | nindent 4 }} +spec: + selector: + app: {{ .Values.api.name | quote }} + ports: + - name: "http" + port: {{ .Values.api.servicePort }} + targetPort: {{ .Values.api.containerPort }} + - name: {{ .Values.metrics.portName | quote }} + port: {{ .Values.metrics.port }} + type: "NodePort" +{{- end }} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml new file mode 100644 index 0000000..2314e40 --- /dev/null +++ b/templates/auth-api-deployment.yaml @@ -0,0 +1,58 @@ +{{- if .Values.authApi.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.authApi.name | quote }} + labels: + app: {{ .Values.authApi.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.authApi.name | quote }} + template: + metadata: + labels: + app: {{ .Values.authApi.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.authApi.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.authApi.name | quote }} + image: "{{ .Values.image.registry }}sf-api:{{ .Chart.AppVersion }}" + ports: + - name: "http" + containerPort: {{ .Values.authApi.containerPort }} + - name: {{ .Values.metrics.portName | quote }} + containerPort: {{ .Values.metrics.port }} + env: + {{- include "sf-cloud-matcher.authenticationConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.statisticsPublish" . | nindent 8 }} + - name: "Multitenancy__UseMultitenancy" + value: {{ .Values.multitenancy.enabled | quote }} + - name: "Hosting__Host" + value: "http://0.0.0.0" + - name: "Hosting__Port" + value: {{ .Values.authApi.containerPort | quote }} + resources: + requests: + memory: "300M" + cpu: "250m" + limits: + memory: "4G" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- if and .Values.migration.enabled .Values.authApi.initMigration }} + initContainers: + {{- include "sf-cloud-matcher.migrationInitContainer" . | nindent 6 }} + {{- end }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/auth-api-svc.yaml b/templates/auth-api-svc.yaml new file mode 100644 index 0000000..d163281 --- /dev/null +++ b/templates/auth-api-svc.yaml @@ -0,0 +1,18 @@ +{{- if .Values.authApi.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.authApi.name | quote }} + labels: + {{- toYaml $.Values.metrics.serviceDiscoveryLabels | nindent 4 }} +spec: + selector: + app: {{ .Values.authApi.name | quote }} + ports: + - name: "http" + port: {{ .Values.authApi.servicePort }} + targetPort: {{ .Values.authApi.containerPort }} + - name: {{ .Values.metrics.portName | quote }} + port: {{ .Values.metrics.port }} + type: "NodePort" +{{- end }} diff --git a/templates/autsocaling/api-scaledobject.yaml b/templates/autsocaling/api-scaledobject.yaml new file mode 100644 index 0000000..05dd494 --- /dev/null +++ b/templates/autsocaling/api-scaledobject.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.autoscaling.api.enabled (or .Values.autoscaling.rmq.enabled .Values.autoscaling.cron.enabled) }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: {{ .Values.authApi.name | quote }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.authApi.name | quote }} + minReplicaCount: {{ .Values.autoscaling.api.minReplicas }} + maxReplicaCount: {{ .Values.autoscaling.api.maxReplicas }} + triggers: + {{- if .Values.autoscaling.rmq.enabled }} + - type: "rabbitmq" + metadata: + queueName: "rpc\\.face\\.detect.*" + mode: "MessageRate" + value: {{ .Values.autoscaling.api.rmqRps | quote }} + useRegex: "true" + authenticationRef: + name: {{ .Values.autoscaling.rmq.triggerAuthName | quote }} + {{- end }} + {{- if .Values.autoscaling.cron.enabled }} +# during work hours + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 8 * * 1-5" + end: "0 17 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.api.workHoursReplicas | quote }} +# outside work hours + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 17 * * 1-5" + end: "0 8 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.api.nonWorkHoursReplicas | quote }} +# during weekend + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 0 * * 0,6" + end: "0 0 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.api.nonWorkHoursReplicas | quote }} + {{- end }} +{{- end }} diff --git a/templates/autsocaling/detector-scaledobject.yaml b/templates/autsocaling/detector-scaledobject.yaml new file mode 100644 index 0000000..1f1d28c --- /dev/null +++ b/templates/autsocaling/detector-scaledobject.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.autoscaling.detector.enabled (or .Values.autoscaling.rmq.enabled .Values.autoscaling.cron.enabled) }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: {{ .Values.detector.name | quote }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.detector.name | quote }} + minReplicaCount: {{ .Values.autoscaling.detector.minReplicas }} + maxReplicaCount: {{ .Values.autoscaling.detector.maxReplicas }} + triggers: + {{- if .Values.autoscaling.rmq.enabled }} + - type: "rabbitmq" + metadata: + queueName: "rpc\\.face\\.detect.*" + mode: "MessageRate" + value: {{ .Values.autoscaling.detector.rmqRps | quote }} + useRegex: "true" + authenticationRef: + name: {{ .Values.autoscaling.rmq.triggerAuthName | quote }} + {{- end }} + {{- if .Values.autoscaling.cron.enabled }} +# during work hours + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 8 * * 1-5" + end: "0 17 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.detector.workHoursReplicas | quote }} +# outside work hours + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 17 * * 1-5" + end: "0 8 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.detector.nonWorkHoursReplicas | quote }} +# during weekend + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 0 * * 0,6" + end: "0 0 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.detector.nonWorkHoursReplicas | quote }} + {{- end }} +{{- end }} diff --git a/templates/autsocaling/extractor-scaledobject.yaml b/templates/autsocaling/extractor-scaledobject.yaml new file mode 100644 index 0000000..1737090 --- /dev/null +++ b/templates/autsocaling/extractor-scaledobject.yaml @@ -0,0 +1,47 @@ +{{- if and .Values.autoscaling.extractor.enabled (or .Values.autoscaling.rmq.enabled .Values.autoscaling.cron.enabled) }} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: {{ .Values.extractor.name | quote }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ .Values.extractor.name | quote }} + minReplicaCount: {{ .Values.autoscaling.extractor.minReplicas }} + maxReplicaCount: {{ .Values.autoscaling.extractor.maxReplicas }} + triggers: + {{- if .Values.autoscaling.rmq.enabled }} + - type: "rabbitmq" + metadata: + queueName: "rpc\\.face\\.extract.*" + mode: "MessageRate" + value: {{ .Values.autoscaling.extractor.rmqRps | quote }} + useRegex: "true" + authenticationRef: + name: {{ .Values.autoscaling.rmq.triggerAuthName | quote }} + {{- end }} + {{- if .Values.autoscaling.cron.enabled }} +# during work hours + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 8 * * 1-5" + end: "0 17 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.extractor.workHoursReplicas | quote }} +# outside work hours + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 17 * * 1-5" + end: "0 8 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.extractor.nonWorkHoursReplicas | quote }} +# during weekend + - type: "cron" + metadata: + timezone: {{ .Values.autoscaling.cron.timezone | quote }} + start: "0 0 * * 0,6" + end: "0 0 * * 1-5" + desiredReplicas: {{ .Values.autoscaling.extractor.nonWorkHoursReplicas | quote }} + {{- end }} +{{- end }} diff --git a/templates/autsocaling/rmq-api-host-secret.yaml b/templates/autsocaling/rmq-api-host-secret.yaml new file mode 100644 index 0000000..6eda420 --- /dev/null +++ b/templates/autsocaling/rmq-api-host-secret.yaml @@ -0,0 +1,9 @@ +{{- if .Values.autoscaling.rmq.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.autoscaling.rmq.hostSecretName | quote }} +type: Opaque +stringData: + host: "http://{{ .Values.rabbitmq.auth.username }}:{{ .Values.rabbitmq.auth.password | urlquery }}@{{ .Release.Name }}-rabbitmq.{{ .Release.Namespace }}.svc.cluster.local:15672" +{{- end }} diff --git a/templates/autsocaling/rmq-keda-trigger-auth.yaml b/templates/autsocaling/rmq-keda-trigger-auth.yaml new file mode 100644 index 0000000..6f22388 --- /dev/null +++ b/templates/autsocaling/rmq-keda-trigger-auth.yaml @@ -0,0 +1,11 @@ +{{- if .Values.autoscaling.rmq.enabled }} +apiVersion: keda.sh/v1alpha1 +kind: TriggerAuthentication +metadata: + name: {{ .Values.autoscaling.rmq.triggerAuthName | quote }} +spec: + secretTargetRef: + - parameter: "host" + name: {{ .Values.autoscaling.rmq.hostSecretName | quote }} + key: "host" +{{- end }} diff --git a/templates/countly-publisher-deployment.yaml b/templates/countly-publisher-deployment.yaml new file mode 100644 index 0000000..675085e --- /dev/null +++ b/templates/countly-publisher-deployment.yaml @@ -0,0 +1,48 @@ +{{- if .Values.countlyPublisher.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.countlyPublisher.name | quote }} + labels: + app: {{ .Values.countlyPublisher.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.countlyPublisher.name | quote }} + template: + metadata: + labels: + app: {{ .Values.countlyPublisher.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.countlyPublisher.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.countlyPublisher.name | quote }} + image: "{{ .Values.image.registry }}sf-countly-publisher:{{ .Values.countlyPublisher.imageTag }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + - name: "CountlyConfiguration__ServerUrl" + valueFrom: + configMapKeyRef: + name: countly-config + key: url + - name: "CountlyConfiguration__AppKey" + valueFrom: + secretKeyRef: + name: counlty-app-key + key: key + - name: "CountlyConfiguration__AdditionalSegmentations__0__Key" + value: "Cluster" + - name: "CountlyConfiguration__AdditionalSegmentations__0__Value" + value: {{ .Values.countlyPublisher.clusterName | quote }} + - name: "PrometheusConfiguration__Endpoints__0" + value: "http://+:{{ .Values.metrics.port }}/" + resources: + requests: + memory: "100M" + cpu: "100m" +{{- end }} diff --git a/templates/countly-publisher-svc.yaml b/templates/countly-publisher-svc.yaml new file mode 100644 index 0000000..a339c44 --- /dev/null +++ b/templates/countly-publisher-svc.yaml @@ -0,0 +1,15 @@ +{{- if .Values.countlyPublisher.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.countlyPublisher.name | quote }} + labels: + {{- toYaml $.Values.metrics.serviceDiscoveryLabels | nindent 4 }} +spec: + selector: + app: {{ .Values.countlyPublisher.name | quote }} + ports: + - name: {{ .Values.metrics.portName | quote }} + port: {{ .Values.metrics.port }} + type: "NodePort" +{{- end }} diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml new file mode 100644 index 0000000..cb76853 --- /dev/null +++ b/templates/detector-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.detector.name | quote }} + labels: + app: {{ .Values.detector.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.detector.name | quote }} + template: + metadata: + labels: + app: {{ .Values.detector.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.detector.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.detector.name | quote }} + image: "{{ .Values.image.registry }}sf-detector:{{ .Chart.AppVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + resources: + requests: + memory: "600M" + cpu: {{ .Values.detector.cpuRequests | quote }} + limits: + memory: "1500M" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml new file mode 100644 index 0000000..14b0e87 --- /dev/null +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -0,0 +1,45 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.accessController.name | quote }} + labels: + app: {{ .Values.accessController.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.accessController.name | quote }} + template: + metadata: + labels: + app: {{ .Values.accessController.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.accessController.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.accessController.name | quote }} + image: "{{ .Values.image.registry }}sf-access-controller:{{ .Values.accessController.imageVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.authenticationConfig" . | nindent 8 }} + - name: "Kestrel__EndPoints__Http__Url" + value: "http://0.0.0.0:{{ .Values.accessController.containerPort }}" + - name: "Kestrel__EndPoints__Http__RequireAuthentication" + value: "false" + - name: "Kestrel__EndPoints__HttpAuth__Url" + value: "http://0.0.0.0:{{ .Values.accessController.authContainerPort }}" + - name: "Kestrel__EndPoints__HttpAuth__RequireAuthentication" + value: "true" + resources: + requests: + memory: "100M" + cpu: "100m" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/edge-streams/access-controller-svc.yaml b/templates/edge-streams/access-controller-svc.yaml new file mode 100644 index 0000000..1375625 --- /dev/null +++ b/templates/edge-streams/access-controller-svc.yaml @@ -0,0 +1,27 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.accessController.name | quote }} +spec: + selector: + app: {{ .Values.accessController.name | quote }} + ports: + - port: {{ .Values.accessController.servicePort }} + targetPort: {{ .Values.accessController.containerPort }} + protocol: "TCP" + type: "NodePort" +--- +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.accessController.authServiceName | quote }} +spec: + selector: + app: {{ .Values.accessController.name | quote }} + ports: + - port: {{ .Values.accessController.authServicePort }} + targetPort: {{ .Values.accessController.authContainerPort }} + protocol: "TCP" + type: "NodePort" +{{- end }} diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml new file mode 100644 index 0000000..ebc0a96 --- /dev/null +++ b/templates/edge-streams/base-deployment.yaml @@ -0,0 +1,39 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.base.name | quote }} + labels: + app: {{ .Values.base.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.base.name | quote }} + template: + metadata: + labels: + app: {{ .Values.base.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.base.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.base.name | quote }} + image: "{{ .Values.image.registry }}sf-base:{{ .Chart.AppVersion }}" + args: ["--serviceName", "SFBase"] + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} + resources: + requests: + memory: "100M" + cpu: "100m" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/edge-streams/base-svc.yaml b/templates/edge-streams/base-svc.yaml new file mode 100644 index 0000000..9951cdb --- /dev/null +++ b/templates/edge-streams/base-svc.yaml @@ -0,0 +1,14 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.base.name | quote }} +spec: + selector: + app: {{ .Values.base.name | quote }} + ports: + - port: {{ .Values.base.zmqServicePort }} + targetPort: {{ .Values.base.zmqContainerPort }} + protocol: "TCP" + type: "NodePort" +{{- end }} diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml new file mode 100644 index 0000000..ec91601 --- /dev/null +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -0,0 +1,37 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.edgeStreams.name | quote }} + labels: + app: {{ .Values.edgeStreams.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.edgeStreams.name | quote }} + template: + metadata: + labels: + app: {{ .Values.edgeStreams.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.edgeStreams.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.edgeStreams.name | quote }} + image: "{{ .Values.image.registry }}sf-edge-stream-processor:{{ .Chart.AppVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + resources: + requests: + memory: "100M" + cpu: "100m" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml new file mode 100644 index 0000000..0f409da --- /dev/null +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -0,0 +1,37 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.faceMatcher.name | quote }} + labels: + app: {{ .Values.faceMatcher.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.faceMatcher.name | quote }} + template: + metadata: + labels: + app: {{ .Values.faceMatcher.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.faceMatcher.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.faceMatcher.name | quote }} + image: "{{ .Values.image.registry }}sf-face-matcher:{{ .Chart.AppVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + resources: + requests: + memory: "100M" + cpu: "100m" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/edge-streams/grpc-ingress.yaml b/templates/edge-streams/grpc-ingress.yaml new file mode 100644 index 0000000..2cab7f1 --- /dev/null +++ b/templates/edge-streams/grpc-ingress.yaml @@ -0,0 +1,35 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "networking.k8s.io/v1" +kind: "Ingress" +metadata: + name: "sf-grpc-ingress" + annotations: + {{- if .Values.ingress.includeAlbAnnotations }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" + alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]' + alb.ingress.kubernetes.io/backend-protocol: HTTP + alb.ingress.kubernetes.io/backend-protocol-version: GRPC + {{- if .Values.ingress.certificateArn }} + alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.certificateArn }} + {{- end }} + {{- end }} + {{- if .Values.ingress.annotations }} + {{- toYaml $.Values.ingress.annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.class }} + ingressClassName: {{ .Values.ingress.class | quote }} + {{- end }} + rules: + - host: {{ .Values.accessController.dnsHost }} + http: + paths: + - path: "/" + pathType: "Prefix" + backend: + service: + name: {{ .Values.accessController.authServiceName | quote }} + port: + number: {{ .Values.accessController.authServicePort }} +{{- end }} diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml new file mode 100644 index 0000000..dc9755a --- /dev/null +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -0,0 +1,35 @@ +{{- if .Values.edgeStreams.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.streamDataDbWorker.name | quote }} + labels: + app: {{ .Values.streamDataDbWorker.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.streamDataDbWorker.name | quote }} + template: + metadata: + labels: + app: {{ .Values.streamDataDbWorker.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.streamDataDbWorker.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.streamDataDbWorker.name | quote }} + image: "{{ .Values.image.registry }}sf-streamdatadbworker:{{ .Chart.AppVersion }}" + ports: + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end }} diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml new file mode 100644 index 0000000..7634934 --- /dev/null +++ b/templates/extractor-deployment.yaml @@ -0,0 +1,36 @@ +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.extractor.name | quote }} + labels: + app: {{ .Values.extractor.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.extractor.name | quote }} + template: + metadata: + labels: + app: {{ .Values.extractor.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.extractor.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.extractor.name | quote }} + image: "{{ .Values.image.registry }}sf-extractor:{{ .Chart.AppVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + resources: + requests: + memory: "500M" + cpu: {{ .Values.extractor.cpuRequests | quote }} + limits: + memory: "1G" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml new file mode 100644 index 0000000..3ef399b --- /dev/null +++ b/templates/graphql-deployment.yaml @@ -0,0 +1,54 @@ +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.graphqlApi.name | quote }} + labels: + app: {{ .Values.graphqlApi.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.graphqlApi.name | quote }} + template: + metadata: + labels: + app: {{ .Values.graphqlApi.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.graphqlApi.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.graphqlApi.name | quote }} + image: "{{ .Values.image.registry }}sf-graphql-api:{{ .Chart.AppVersion }}" + ports: + - containerPort: {{ .Values.graphqlApi.containerPort }} + env: + {{- if .Values.graphqlApi.enableAuth }} + {{- include "sf-cloud-matcher.authenticationConfig" . | nindent 8 }} + {{- end }} + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} + - name: "Multitenancy__UseMultitenancy" + value: {{ .Values.multitenancy.enabled | quote }} + - name: "Hosting__Host" + value: "http://0.0.0.0" + - name: "Hosting__Port" + value: {{ .Values.graphqlApi.containerPort | quote }} + resources: + requests: + memory: "300M" + cpu: "250m" + limits: + memory: "4G" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- if and .Values.migration.enabled .Values.graphqlApi.initMigration }} + initContainers: + {{- include "sf-cloud-matcher.migrationInitContainer" . | nindent 6 }} + {{- end }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} diff --git a/templates/graphql-svc.yaml b/templates/graphql-svc.yaml new file mode 100644 index 0000000..4f53765 --- /dev/null +++ b/templates/graphql-svc.yaml @@ -0,0 +1,12 @@ +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.graphqlApi.name | quote }} +spec: + selector: + app: {{ .Values.graphqlApi.name | quote }} + ports: + - port: {{ .Values.graphqlApi.servicePort }} + targetPort: {{ .Values.graphqlApi.containerPort }} + protocol: "TCP" + type: "NodePort" diff --git a/templates/ingress.yaml b/templates/ingress.yaml new file mode 100644 index 0000000..02c0e5f --- /dev/null +++ b/templates/ingress.yaml @@ -0,0 +1,78 @@ +{{- if .Values.ingress.enabled }} +apiVersion: "networking.k8s.io/v1" +kind: "Ingress" +metadata: + name: "sf-ingress" + annotations: + {{- if .Values.ingress.includeAlbAnnotations }} + alb.ingress.kubernetes.io/scheme: "internet-facing" + alb.ingress.kubernetes.io/target-type: "ip" + alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]' + alb.ingress.kubernetes.io/ssl-redirect: '443' + {{- if .Values.ingress.certificateArn }} + alb.ingress.kubernetes.io/certificate-arn: {{ .Values.ingress.certificateArn }} + {{- end }} + {{- end }} + {{- if .Values.ingress.annotations }} + {{- toYaml $.Values.ingress.annotations | nindent 4 }} + {{- end }} +spec: + {{- if .Values.ingress.class }} + ingressClassName: {{ .Values.ingress.class | quote }} + {{- end }} + rules: + {{- if .Values.api.enabled }} + - host: {{ .Values.api.dnsHost }} + http: + paths: + - path: "/" + pathType: "Prefix" + backend: + service: + {{- if .Values.readonlyApi.enabled }} + name: {{ .Values.readonlyApi.noAuthName | quote }} + {{- else }} + name: {{ .Values.api.name | quote }} + {{- end }} + port: + number: {{ .Values.api.servicePort }} + {{- end }} + {{- if .Values.authApi.enabled }} + - host: {{ .Values.authApi.dnsHost }} + http: + paths: + - path: "/" + pathType: "Prefix" + backend: + service: + {{- if .Values.readonlyApi.enabled }} + name: {{ .Values.readonlyApi.authName | quote }} + {{- else }} + name: {{ .Values.authApi.name | quote }} + {{- end }} + port: + number: {{ .Values.authApi.servicePort }} + {{- end }} + - host: {{ .Values.graphqlApi.dnsHost }} + http: + paths: + - path: "/" + pathType: "Prefix" + backend: + service: + name: {{ .Values.graphqlApi.name | quote }} + port: + number: {{ .Values.graphqlApi.servicePort }} + {{- if .Values.station.enabled }} + - host: {{ .Values.station.dnsHost }} + http: + paths: + - path: "/" + pathType: "Prefix" + backend: + service: + name: {{ .Values.station.name | quote }} + port: + number: {{ .Values.station.servicePort }} + {{- end }} +{{- end }} diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml new file mode 100644 index 0000000..b8fa79b --- /dev/null +++ b/templates/liveness-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.liveness.name | quote }} + labels: + app: {{ .Values.liveness.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.liveness.name | quote }} + template: + metadata: + labels: + app: {{ .Values.liveness.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.liveness.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.liveness.name | quote }} + image: "{{ .Values.image.registry }}sf-liveness:{{ .Chart.AppVersion }}" + env: + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + resources: + requests: + memory: "200M" + cpu: {{ .Values.liveness.cpuRequests | quote }} + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} diff --git a/templates/matcher-deployment.yaml b/templates/matcher-deployment.yaml new file mode 100644 index 0000000..5437384 --- /dev/null +++ b/templates/matcher-deployment.yaml @@ -0,0 +1,3 @@ +{{- if not .Values.multitenancy.enabled }} +{{- include "sf-cloud-matcher.matcherDefinition" . }} +{{- end }} diff --git a/templates/metrics/sf-service-monitor.yaml b/templates/metrics/sf-service-monitor.yaml new file mode 100644 index 0000000..cca390f --- /dev/null +++ b/templates/metrics/sf-service-monitor.yaml @@ -0,0 +1,17 @@ +{{- if .Values.metrics.enabled }} +kind: ServiceMonitor +apiVersion: monitoring.coreos.com/v1 +metadata: + name: "sf-monitor" + labels: + {{- toYaml $.Values.metrics.monitorDiscoveryLabel | nindent 4 }} +spec: + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + {{- toYaml $.Values.metrics.serviceDiscoveryLabels | nindent 6 }} + endpoints: + - port: {{ .Values.metrics.portName | quote }} +{{- end }} diff --git a/templates/readonly-api/api-nginx-cm.yaml b/templates/readonly-api/api-nginx-cm.yaml new file mode 100644 index 0000000..d1d3c44 --- /dev/null +++ b/templates/readonly-api/api-nginx-cm.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.readonlyApi.enabled .Values.api.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.readonlyApi.noAuthName | quote }} +data: + nginx.conf: | + server { + listen {{ .Values.api.containerPort }}; + server_name localhost; + + location / { + if ($request_method != GET ) { + return 403; + } + proxy_pass "http://{{ .Values.api.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.api.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /api/v1/Watchlists/Search { + proxy_pass "http://{{ .Values.api.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.api.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /api/v1/Faces/SpoofCheck { + proxy_pass "http://{{ .Values.api.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.api.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /api/v1/Faces/Verify { + proxy_pass "http://{{ .Values.api.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.api.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +{{- end }} diff --git a/templates/readonly-api/api-nginx-deployment.yaml b/templates/readonly-api/api-nginx-deployment.yaml new file mode 100644 index 0000000..0395140 --- /dev/null +++ b/templates/readonly-api/api-nginx-deployment.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.readonlyApi.enabled .Values.api.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.readonlyApi.noAuthName | quote }} +spec: + selector: + matchLabels: + app: {{ .Values.readonlyApi.noAuthName | quote }} + replicas: 1 + template: + metadata: + labels: + app: {{ .Values.readonlyApi.noAuthName | quote }} + spec: + containers: + - name: nginx + image: nginx:1.25.1 + ports: + - name: "http" + containerPort: {{ .Values.api.containerPort }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx.conf + readOnly: true + volumes: + - name: nginx-conf + configMap: + name: {{ .Values.readonlyApi.noAuthName | quote }} + items: + - key: nginx.conf + path: nginx.conf +{{- end }} diff --git a/templates/readonly-api/api-nginx-svc.yaml b/templates/readonly-api/api-nginx-svc.yaml new file mode 100644 index 0000000..546a28b --- /dev/null +++ b/templates/readonly-api/api-nginx-svc.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.readonlyApi.enabled .Values.api.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.readonlyApi.noAuthName | quote }} +spec: + selector: + app: {{ .Values.readonlyApi.noAuthName | quote }} + ports: + - name: "http" + port: {{ .Values.api.servicePort }} + targetPort: {{ .Values.api.containerPort }} + type: "NodePort" +{{- end }} diff --git a/templates/readonly-api/auth-api-nginx-cm.yaml b/templates/readonly-api/auth-api-nginx-cm.yaml new file mode 100644 index 0000000..e9b8e79 --- /dev/null +++ b/templates/readonly-api/auth-api-nginx-cm.yaml @@ -0,0 +1,41 @@ +{{- if and .Values.readonlyApi.enabled .Values.authApi.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.readonlyApi.authName | quote }} +data: + nginx.conf: | + server { + listen {{ .Values.authApi.containerPort }}; + server_name localhost; + + location / { + if ($request_method != GET ) { + return 403; + } + proxy_pass "http://{{ .Values.authApi.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.authApi.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + + location /api/v1/Watchlists/Search { + proxy_pass "http://{{ .Values.authApi.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.authApi.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /api/v1/Faces/SpoofCheck { + proxy_pass "http://{{ .Values.authApi.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.authApi.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + location /api/v1/Faces/Verify { + proxy_pass "http://{{ .Values.authApi.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.authApi.servicePort }}"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + } + } +{{- end }} diff --git a/templates/readonly-api/auth-api-nginx-deployment.yaml b/templates/readonly-api/auth-api-nginx-deployment.yaml new file mode 100644 index 0000000..fb153e7 --- /dev/null +++ b/templates/readonly-api/auth-api-nginx-deployment.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.readonlyApi.enabled .Values.authApi.enabled }} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Values.readonlyApi.authName | quote }} +spec: + selector: + matchLabels: + app: {{ .Values.readonlyApi.authName | quote }} + replicas: 1 + template: + metadata: + labels: + app: {{ .Values.readonlyApi.authName | quote }} + spec: + containers: + - name: nginx + image: nginx:1.25.1 + ports: + - name: "http" + containerPort: {{ .Values.authApi.containerPort }} + volumeMounts: + - name: nginx-conf + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx.conf + readOnly: true + volumes: + - name: nginx-conf + configMap: + name: {{ .Values.readonlyApi.authName | quote }} + items: + - key: nginx.conf + path: nginx.conf +{{- end }} diff --git a/templates/readonly-api/auth-api-nginx-svc.yaml b/templates/readonly-api/auth-api-nginx-svc.yaml new file mode 100644 index 0000000..76ed3cb --- /dev/null +++ b/templates/readonly-api/auth-api-nginx-svc.yaml @@ -0,0 +1,14 @@ +{{- if and .Values.readonlyApi.enabled .Values.authApi.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.readonlyApi.authName | quote }} +spec: + selector: + app: {{ .Values.readonlyApi.authName | quote }} + ports: + - name: "http" + port: {{ .Values.authApi.servicePort }} + targetPort: {{ .Values.authApi.containerPort }} + type: "NodePort" +{{- end }} diff --git a/templates/rmq/mqtt-svc.yaml b/templates/rmq/mqtt-svc.yaml new file mode 100644 index 0000000..f44a0d6 --- /dev/null +++ b/templates/rmq/mqtt-svc.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.edgeStreams.enabled .Values.rabbitmq.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: "rmq-mqtt-public" + annotations: + external-dns.alpha.kubernetes.io/hostname: {{ .Values.rabbitmq.mqttDnsHost }} + service.beta.kubernetes.io/aws-load-balancer-ssl-cert: {{ .Values.ingress.certificateArn }} + service.beta.kubernetes.io/aws-load-balancer-scheme: internet-facing +spec: + selector: + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/name: rabbitmq + ports: + - name: "mqtts" + port: 8883 + targetPort: 1883 + type: "LoadBalancer" + loadBalancerClass: service.k8s.aws/nlb +{{- end }} diff --git a/templates/rmq/rmq-cm.yaml b/templates/rmq/rmq-cm.yaml new file mode 100644 index 0000000..1b8520b --- /dev/null +++ b/templates/rmq/rmq-cm.yaml @@ -0,0 +1,11 @@ +{{- if .Values.rabbitmq.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ .Values.rabbitmq.configMapName | quote }} +data: + hostname: "{{ .Release.Name }}-rabbitmq.{{ .Release.Namespace }}.svc.cluster.local" + username: {{ .Values.rabbitmq.auth.username | quote }} + port: "5672" + useSsl: "false" +{{- end }} diff --git a/templates/sf-tenant-operator-config.yaml b/templates/sf-tenant-operator-config.yaml new file mode 100644 index 0000000..956f29c --- /dev/null +++ b/templates/sf-tenant-operator-config.yaml @@ -0,0 +1,26 @@ +{{- if .Values.multitenancy.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: +# we use index bacuse of https://github.com/helm/helm/issues/2192 + name: {{ index .Values "sf-tenant-operator" "config" "mapName" | quote }} +data: + {{ index .Values "sf-tenant-operator" "config" "fileName" }}: |- + { + "LoopConfiguration": { + "FullFetchLoopDelay": "00:00:30" + }, + "DeploymentConfiguration": { + "Namespace": "{{ .Release.Namespace }}", + "ComponentConfigurations": [ + { + "ComponentName": "matcher", + "DeploymentTemplateFilePath": "{{ index .Values "sf-tenant-operator" "config" "configDir" }}/matcher.yaml", + "TenantEnvVar": "Multitenancy__TenantId" + } + ] + } + } + matcher.yaml: |- + {{- include "sf-cloud-matcher.matcherDefinition" . | nindent 4 }} +{{- end}} diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml new file mode 100644 index 0000000..745400b --- /dev/null +++ b/templates/station-deployment.yaml @@ -0,0 +1,98 @@ +{{- if .Values.station.enabled }} +apiVersion: "apps/v1" +kind: "Deployment" +metadata: + name: {{ .Values.station.name | quote }} + labels: + app: {{ .Values.station.name | quote }} +spec: + replicas: 1 + selector: + matchLabels: + app: {{ .Values.station.name | quote }} + template: + metadata: + labels: + app: {{ .Values.station.name | quote }} + spec: + topologySpreadConstraints: + {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.station.name) | nindent 8 }} + imagePullSecrets: + - name: {{ .Values.image.secretName | quote }} + containers: + - name: {{ .Values.station.name | quote }} + image: "{{ .Values.image.registry }}sf-station:{{ .Values.station.imageVersion }}" + env: + {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} + - name: "HOST" + value: "0.0.0.0" + - name: "PORT" + value: {{ .Values.station.containerPort | quote }} + - name: "CORE_API_ROOT" + {{- if .Values.readonlyApi.enabled }} + value: "http://{{ .Values.readonlyApi.authName }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.authApi.servicePort }}/api/v1" + {{- else }} + value: "http://{{ .Values.authApi.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.authApi.servicePort }}/api/v1" + {{- end }} + - name: "ZERO_MQ_HOST" + value: "{{ .Values.base.name }}.{{ .Release.Namespace }}.svc.cluster.local" + - name: "ZERO_MQ_PORT" + value: "{{ .Values.base.zmqServicePort }}" + - name: "GRAPHQL_ROOT" + value: "http://{{ .Values.graphqlApi.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.graphqlApi.servicePort }}/graphql" + - name: "ACCESS_CONTROLLER_ADDRESS" + value: "{{ .Values.accessController.name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.accessController.servicePort }}" + - name: "BLACKLIST_WATCHLIST_IDS" + value: "" + - name: "KEYCLOAK_ADMIN_URL" + value: "" + - name: "DOT_FACE_CAMERA_ENABLED" + value: "true" + - name: "IDENTIFICATION_ENABLED" + value: "true" + + - name: "AUTH0_AUTHENTICATION_ENABLED" + valueFrom: + configMapKeyRef: + name: {{ .Values.stationAuth.configName | quote }} + key: "use_auth" + - name: "AUTH0_AUDIENCE" + valueFrom: + configMapKeyRef: + name: {{ .Values.stationAuth.configName | quote }} + key: "audience" + - name: "AUTH0_DOMAIN" + valueFrom: + configMapKeyRef: + name: {{ .Values.stationAuth.configName | quote }} + key: "domain" + - name: "AUTH0_ISSUER" + valueFrom: + configMapKeyRef: + name: {{ .Values.stationAuth.configName | quote }} + key: "issuer" + - name: "AUTH0_JWKS_URI" + valueFrom: + configMapKeyRef: + name: {{ .Values.stationAuth.configName | quote }} + key: "jwks_uri" + - name: "AUTH_HEADER" + valueFrom: + configMapKeyRef: + name: {{ .Values.stationAuth.configName | quote }} + key: "auth_header" + + - name: "AUTH0_CLIENT_ID" + valueFrom: + secretKeyRef: + name: {{ .Values.stationAuth.secretName | quote }} + key: "client_id" + resources: + requests: + memory: "100M" + cpu: "100m" + volumeMounts: + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + volumes: + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} +{{- end}} diff --git a/templates/station-svc.yaml b/templates/station-svc.yaml new file mode 100644 index 0000000..2e6572f --- /dev/null +++ b/templates/station-svc.yaml @@ -0,0 +1,14 @@ +{{- if .Values.station.enabled }} +apiVersion: "v1" +kind: "Service" +metadata: + name: {{ .Values.station.name | quote }} +spec: + selector: + app: {{ .Values.station.name | quote }} + ports: + - port: {{ .Values.station.servicePort }} + targetPort: {{ .Values.station.containerPort }} + protocol: "TCP" + type: "NodePort" +{{- end}} diff --git a/templates/validation.yaml b/templates/validation.yaml new file mode 100644 index 0000000..5bc3453 --- /dev/null +++ b/templates/validation.yaml @@ -0,0 +1 @@ +{{- include "sf-cloud-matcher.validate" . }} diff --git a/values.yaml b/values.yaml new file mode 100644 index 0000000..28fa07b --- /dev/null +++ b/values.yaml @@ -0,0 +1,218 @@ +# Default values for sf-cloud-matcher. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + # -- registry to pull SmartFace images from + registry: "registry.gitlab.com/innovatrics/smartface/" + # -- docker secret to pull SmartFace images with + secretName: "sf-gitlab-registry-creds" + +database: + secretName: "db-cs" + connectionStringKey: "cs" + +s3: + configName: "s3-config" + bucketKey: "name" + regionKey: "region" + +# -- config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq +rabbitmq: + # -- configure if rabbitmq subchart should be included + enabled: true + extraPlugins: "rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt" + # -- hostname used for MQTT service - only relevant for edge streams + mqttDnsHost: "" + configMapName: "sf-rmq-connection" + existingSecretName: "" + secretKey: "rabbitmq-password" + auth: + username: "smartface" + erlangCookie: "" + password: "" + +license: + secretName: "iface-lic" + volumeMountName: "license" + mountPath: "/etc/innovatrics" + +auth: + # -- config containing authorization configuration for APIs used when authentication is enabled + configName: "auth-config" + +stationAuth: + # -- config containing authorization configuration for SF Station used when authentication is enabled for SF Station + configName: "station-auth-config" + secretName: "station-client-id" + +api: + enabled: true + name: "sf-api" + servicePort: 80 + containerPort: 80 + dnsHost: "" + initMigration: true + +authApi: + enabled: false + name: "sf-auth-api" + servicePort: 8098 + containerPort: 80 + dnsHost: "" + initMigration: true + +graphqlApi: + name: "sf-graphql-api" + servicePort: 8097 + containerPort: 80 + dnsHost: "" + enableAuth: false + initMigration: false + +ingress: + # -- enable creation of ingress object + enabled: true + # -- set ingress class + class: "" + # -- supply custom ingress annotation + annotations: + # -- if enabled then the ingress will include default ALB annotations + includeAlbAnnotations: false + # -- only used if includeAlbAnnotations == true + certificateArn: "" + +detector: + name: "sf-detector" + cpuRequests: "750m" + +extractor: + name: "sf-extractor" + cpuRequests: "750m" + +matcher: + name: "sf-matcher" + cpuRequests: "750m" + +liveness: + name: "sf-liveness" + cpuRequests: "750m" + +edgeStreams: + name: "sf-edge-stream-processor" + enabled: false + +base: + name: "sf-base" + zmqServicePort: 2406 + zmqContainerPort: 2406 + +faceMatcher: + name: "sf-face-matcher" + +accessController: + name: "sf-access-controller" + authServiceName: "sf-auth-access-controller" + imageVersion: "v5_1.9.1" + dnsHost: "" + servicePort: 5050 + containerPort: 80 + authServicePort: 5051 + authContainerPort: 5051 + +station: + enabled: true + name: "sf-station" + imageVersion: "v5_1.17.0" + servicePort: 8000 + containerPort: 80 + dnsHost: "" + +streamDataDbWorker: + name: "sf-stream-data-db-worker" + +jaeger: + enabled: true + hostname: grafana-agent.monitoring.svc.cluster.local + +migration: + enabled: true + +autoscaling: + cron: + # -- enables predefined cron trigger on ScaledObjects + enabled: false + # -- see https://en.wikipedia.org/wiki/List_of_tz_database_time_zones + timezone: "Europe/Bratislava" + rmq: + # -- enables rabbitmq triggers on ScaledObjects + enabled: false + triggerAuthName: "keda-trigger-auth-rabbitmq-conn" + hostSecretName: "rmq-management-uri-with-creds" + detector: + # -- enables ScaledObject for detector + enabled: true + minReplicas: 1 + maxReplicas: 3 + # -- for RMQ trigger + rmqRps: 15 + # -- for cron trigger + workHoursReplicas: 2 + # -- for cron trigger + nonWorkHoursReplicas: 1 + extractor: + # -- enables ScaledObject for extractor + enabled: true + minReplicas: 1 + maxReplicas: 3 + # -- for RMQ trigger + rmqRps: 12 + # -- for cron trigger + workHoursReplicas: 2 + # -- for cron trigger + nonWorkHoursReplicas: 1 + api: + # -- enables ScaledObject for rest API + enabled: true + minReplicas: 1 + maxReplicas: 3 + # -- for RMQ trigger + rmqRps: 17 + # -- for cron trigger + workHoursReplicas: 2 + # -- for cron trigger + nonWorkHoursReplicas: 1 + +multitenancy: + # -- enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled + enabled: false + +# -- configuration for sf-tenant-operator subchart +sf-tenant-operator: + config: + mapName: "operator-config" + fileName: "appsettings.override.json" + configDir: "/etc/components" + installCrd: false + image: + secretName: "sf-gitlab-registry-creds" + +countlyPublisher: + enabled: false + name: "countly-publisher" + clusterName: "" + imageTag: "31" + +metrics: + enabled: false + monitorDiscoveryLabel: + instance: primary + serviceDiscoveryLabels: + sf-metrics: "true" + portName: "metrics" + port: 4318 + +readonlyApi: + enabled: false + authName: "readonly-auth-api" + noAuthName: "readonly-noauth-api" From 552c17d28e2c79553c3d950afd4454a475b8d06b Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 24 Aug 2023 15:21:21 +0200 Subject: [PATCH 02/37] Using more obvious sample values --- README.md | 8 +++----- README.md.gotmpl | 8 +++----- external-config.yaml | 2 +- 3 files changed, 7 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index c0e574e..7143d15 100644 --- a/README.md +++ b/README.md @@ -66,10 +66,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: "sf-rmq-connection" - namespace: "test" data: - hostname: "b-7a837e03-0422-4bfd-aded-01faea243858.mq.eu-central-1.amazonaws.com" - username: "smartface" + hostname: "" + username: "" port: "5671" useSsl: "true" ``` @@ -79,9 +78,8 @@ apiVersion: v1 kind: Secret metadata: name: "rmq-pass" - namespace: "test" stringData: - rabbitmq-password: "smartface" + rabbitmq-password: "" ``` ## Values diff --git a/README.md.gotmpl b/README.md.gotmpl index b054922..2cb2d48 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -62,10 +62,9 @@ apiVersion: v1 kind: ConfigMap metadata: name: "sf-rmq-connection" - namespace: "test" data: - hostname: "b-7a837e03-0422-4bfd-aded-01faea243858.mq.eu-central-1.amazonaws.com" - username: "smartface" + hostname: "" + username: "" port: "5671" useSsl: "true" ``` @@ -75,9 +74,8 @@ apiVersion: v1 kind: Secret metadata: name: "rmq-pass" - namespace: "test" stringData: - rabbitmq-password: "smartface" + rabbitmq-password: "" ``` {{ template "chart.valuesSection" . }} diff --git a/external-config.yaml b/external-config.yaml index 6412a37..9a9286b 100644 --- a/external-config.yaml +++ b/external-config.yaml @@ -33,7 +33,7 @@ data: apiVersion: v1 stringData: # supply pgsql server - cs: "Server=eu-central-1.rds.amazonaws.com;Database=smartface;Username=postgres;Password=smartface;" + cs: "Server=;Database=;Username=;Password=;" kind: Secret metadata: name: db-cs From 7814874d57bbbc3cb57fbde7986a06e4da54d367 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 24 Aug 2023 16:06:20 +0200 Subject: [PATCH 03/37] Renamed helm chart Also changed chart description to more futureproof description of smartface --- Chart.yaml | 6 +++--- README.md | 7 ++++--- README.md.gotmpl | 2 +- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 2f2623f..374bf18 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 -name: sf-lfis -description: SmartFace Lightweight Face Identification System (LFIS) is a lightweight, powerful, scalable, multi-platform and easy-to-deploy solution for facial biometrics use cases easily integrated to any third-party system via REST API. Available for fast cloud and on premise deployment. +name: smartface +description: SmartFace is a Scalable Facial Recognition Server Platform Able to Process Multiple Real-Time Video Streams. Currently the helm chart supports edge stream and Lightweight Face Identification System (LFIS) deployments dependencies: - name: sf-tenant-operator @@ -19,7 +19,7 @@ keywords: - Biometrics sources: - # - https://github.com/innovatrics/sf-lfis-helm + - https://github.com/innovatrics/sf-helm - https://github.com/innovatrics/smartface home: https://www.innovatrics.com/face-recognition-solutions/ diff --git a/README.md b/README.md index 7143d15..c50df0a 100644 --- a/README.md +++ b/README.md @@ -1,15 +1,15 @@ -# sf-lfis +# smartface ![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) -SmartFace Lightweight Face Identification System (LFIS) is a lightweight, powerful, scalable, multi-platform and easy-to-deploy solution for facial biometrics use cases easily integrated to any third-party system via REST API. Available for fast cloud and on premise deployment. +SmartFace is a Scalable Facial Recognition Server Platform Able to Process Multiple Real-Time Video Streams. Currently the helm chart supports edge stream and Lightweight Face Identification System (LFIS) deployments **Homepage:** ## TL;DR ``` -helm install sf-lfis oci://ghcr... +helm install smartface oci://ghcr.io/innovatrics/sf-helm/smartface ``` ## Prerequisites @@ -203,6 +203,7 @@ stringData: ## Source Code +* * ## Breaking changes diff --git a/README.md.gotmpl b/README.md.gotmpl index 2cb2d48..2b36a9a 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -10,7 +10,7 @@ ## TL;DR ``` -helm install sf-lfis oci://ghcr... +helm install smartface oci://ghcr.io/innovatrics/sf-helm/smartface ``` ## Prerequisites From 43f57d5aef7419d5eb40d5e8aa66ecb0349ee275 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 24 Aug 2023 16:59:20 +0200 Subject: [PATCH 04/37] Simple CI github action to check if helm chart works on each commit --- .github/workflows/ci.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/ci.yaml diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml new file mode 100644 index 0000000..949de5f --- /dev/null +++ b/.github/workflows/ci.yaml @@ -0,0 +1,27 @@ +name: Package and lint + +on: + push: + branches: + - '**' + tags-ignore: + - '*.*' + paths-ignore: + - "*.md" +jobs: + build: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Setup helm CLI + uses: azure/setup-helm@v3 + - name: Build helm dependencies + run: | + helm dependency build . + - name: Lint helm + run: | + helm lint . + # we package just to validate + - name: package helm + run: | + helm package . From c90c21d1678ca6871c2f37aff69ef780fde569ee Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 24 Aug 2023 17:06:49 +0200 Subject: [PATCH 05/37] CI fixes --- .github/workflows/ci.yaml | 2 ++ Chart.lock | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 949de5f..e921af0 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -15,6 +15,8 @@ jobs: - uses: actions/checkout@v3 - name: Setup helm CLI uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} - name: Build helm dependencies run: | helm dependency build . diff --git a/Chart.lock b/Chart.lock index 207466f..0f0e001 100644 --- a/Chart.lock +++ b/Chart.lock @@ -5,5 +5,5 @@ dependencies: - name: rabbitmq repository: oci://registry-1.docker.io/bitnamicharts version: 12.0.4 -digest: sha256:8f5ee64062c5614e0c25e92c46c00b0475a1006aa9948fb554614dcb63f66f4d -generated: "2023-07-06T16:21:45.811652+02:00" +digest: sha256:d3126dc7194f6075f966401dde9a29db8d36b2a2d0f4adb17985f87284130a9b +generated: "2023-08-24T17:05:54.43188+02:00" From cbf0cde5ab854c8b22e5744b99e10657673036a8 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Fri, 25 Aug 2023 08:49:36 +0200 Subject: [PATCH 06/37] Using tenant operator subchart from ghcr Currently the package is private, so we need to login before we can package the helm chart --- .github/workflows/ci.yaml | 4 ++++ Chart.lock | 6 +++--- Chart.yaml | 2 +- README.md | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index e921af0..2d021a5 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -17,6 +17,10 @@ jobs: uses: azure/setup-helm@v3 with: token: ${{ secrets.GITHUB_TOKEN }} + # This is only needed temporarily until the tenant-operator package is public, but we will need this code for pushing + - name: Helm login to GHCR + run: | + echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.repository_owner }} --password-stdin - name: Build helm dependencies run: | helm dependency build . diff --git a/Chart.lock b/Chart.lock index 0f0e001..bd03891 100644 --- a/Chart.lock +++ b/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: sf-tenant-operator - repository: https://nexus3.ba.innovatrics.net/repository/helm-sface + repository: oci://ghcr.io/innovatrics/sf-helm version: 0.1.1 - name: rabbitmq repository: oci://registry-1.docker.io/bitnamicharts version: 12.0.4 -digest: sha256:d3126dc7194f6075f966401dde9a29db8d36b2a2d0f4adb17985f87284130a9b -generated: "2023-08-24T17:05:54.43188+02:00" +digest: sha256:f13f33fc8e3dc5bef76fcc56083bbf2e83a5e1e00411ef36186c21bc4b6b4820 +generated: "2023-08-25T08:41:45.034278+02:00" diff --git a/Chart.yaml b/Chart.yaml index 374bf18..160ed31 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -5,7 +5,7 @@ description: SmartFace is a Scalable Facial Recognition Server Platform Able to dependencies: - name: sf-tenant-operator version: "0.1.1" - repository: "https://nexus3.ba.innovatrics.net/repository/helm-sface" + repository: "oci://ghcr.io/innovatrics/sf-helm" condition: multitenancy.enabled - name: rabbitmq version: "12.0.4" diff --git a/README.md b/README.md index c50df0a..e99fafb 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ By default an ingress object is created with the helm chart. To configure the in | Repository | Name | Version | |------------|------|---------| -| https://nexus3.ba.innovatrics.net/repository/helm-sface | sf-tenant-operator | 0.1.1 | +| oci://ghcr.io/innovatrics/sf-helm | sf-tenant-operator | 0.1.1 | | oci://registry-1.docker.io/bitnamicharts | rabbitmq | 12.0.4 | All chart dependencies are optional and can be disabled and supplemented with other (for example cloud-based) alternatives From 6c721dd3929f039611f709aabca2233ea2fe9ae9 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 16:38:31 +0200 Subject: [PATCH 07/37] Release CI implementation --- .github/workflows/ci.yaml | 10 ++---- .github/workflows/release.yaml | 66 ++++++++++++++++++++++++++++++++++ CHANGELOG.MD | 7 ++++ RELEASE_PROCES.md | 8 +++++ 4 files changed, 83 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/release.yaml create mode 100644 CHANGELOG.MD create mode 100644 RELEASE_PROCES.md diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 2d021a5..380f2d9 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -5,9 +5,7 @@ on: branches: - '**' tags-ignore: - - '*.*' - paths-ignore: - - "*.md" + - 'v*' jobs: build: runs-on: ubuntu-latest @@ -17,10 +15,6 @@ jobs: uses: azure/setup-helm@v3 with: token: ${{ secrets.GITHUB_TOKEN }} - # This is only needed temporarily until the tenant-operator package is public, but we will need this code for pushing - - name: Helm login to GHCR - run: | - echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.repository_owner }} --password-stdin - name: Build helm dependencies run: | helm dependency build . @@ -28,6 +22,6 @@ jobs: run: | helm lint . # we package just to validate - - name: package helm + - name: Package helm run: | helm package . diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..66296c0 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,66 @@ +name: Release helm chart + +on: + push: + tags: + - 'v*' + +jobs: + release: + runs-on: ubuntu-latest + env: + HELM_REGISTRY: "oci://ghcr.io/innovatrics/sf-helm" + steps: + - uses: actions/checkout@v3 + - name: Install yq + run: | + apt-get install yq + - name: Check tag against helm chart version + id: chart_info + run: | + chart_version=$(yq '.version' Chart.yaml) + chart_name=$(yq '.name' Chart.yaml) + echo ::set-output name=chart_version::$chart_version + echo ::set-output name=chart_version_with_prefix::v$chart_version + - name: Version is incorrect + if: ${{ steps.chart_info.outputs.chart_version_with_prefix != github.ref }} + run: exit 1 + - name: Setup helm CLI + uses: azure/setup-helm@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Helm login to GHCR + run: | + echo ${{ secrets.GITHUB_TOKEN }} | helm registry login ghcr.io --username ${{ github.repository_owner }} --password-stdin + - name: Build helm dependencies + run: | + helm dependency build . + - name: Lint helm + run: | + helm lint . + - name: Package chart + run: | + helm package . + - name: Helm | Push + run: helm push ${{ steps.chart_info.outputs.chart_name }}-${{ steps.chart_info.outputs.chart_version }}.tgz $HELM_REGISTRY + - name: release + uses: actions/create-release@v1 + id: create_release + with: + draft: true + prerelease: false + release_name: Smartface Helm ${{ steps.chart_info.outputs.chart_version }} + tag_name: ${{ github.ref }} + # TODO somehow parse only changes relevant to current version + body_path: CHANGELOG.md + env: + GITHUB_TOKEN: ${{ github.token }} + - name: Chart package as release asset + uses: actions/upload-release-asset@v1 + env: + GITHUB_TOKEN: ${{ github.token }} + with: + upload_url: ${{ steps.create_release.outputs.upload_url }} + asset_path: ${{ steps.chart_info.outputs.chart_name }}-${{ steps.chart_info.outputs.chart_version }}.tgz + asset_name: ${{ steps.chart_info.outputs.chart_name }}-${{ steps.chart_info.outputs.chart_version }}.tgz + asset_content_type: application/gzip diff --git a/CHANGELOG.MD b/CHANGELOG.MD new file mode 100644 index 0000000..1b7a2db --- /dev/null +++ b/CHANGELOG.MD @@ -0,0 +1,7 @@ +# Changelog + +## [v1.0.0] - TBD + +### Added + +- Initial implementation diff --git a/RELEASE_PROCES.md b/RELEASE_PROCES.md new file mode 100644 index 0000000..e464e6e --- /dev/null +++ b/RELEASE_PROCES.md @@ -0,0 +1,8 @@ +# Release process + +- update CHANGELOG.md +- update version in Chart.yaml +- push new tag `v{major}.{minor}.{patch}` e.g. `v1.2.1` to trigger publish pipeline +- CI will create a new release + - CI will check if chart version matches the tag version and will fail if they don't +- CI created a draft release, publish it to make the release public From 8de7a7cf98c792a12ac03b881384107fb08c6698 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 16:42:03 +0200 Subject: [PATCH 08/37] apt install fix --- .github/workflows/release.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 66296c0..377f032 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,7 +14,8 @@ jobs: - uses: actions/checkout@v3 - name: Install yq run: | - apt-get install yq + sudo apt update + sudo apt install -y yq - name: Check tag against helm chart version id: chart_info run: | From 0b3238fb92183f28681da0b9e112008ea86b15d9 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 16:51:36 +0200 Subject: [PATCH 09/37] trying snap instead of apt --- .github/workflows/release.yaml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 377f032..1803083 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -14,8 +14,7 @@ jobs: - uses: actions/checkout@v3 - name: Install yq run: | - sudo apt update - sudo apt install -y yq + sudo snap install yq - name: Check tag against helm chart version id: chart_info run: | From 9f4f25bb0a070c3a850bc5e46cf6eb184e151da6 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 17:02:35 +0200 Subject: [PATCH 10/37] Version fix Parsing tag version from ref Replaced deprecated way of setting step output --- .github/workflows/release.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 1803083..811a6a5 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -20,10 +20,11 @@ jobs: run: | chart_version=$(yq '.version' Chart.yaml) chart_name=$(yq '.name' Chart.yaml) - echo ::set-output name=chart_version::$chart_version - echo ::set-output name=chart_version_with_prefix::v$chart_version + echo "tag_version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT + echo "chart_version=$chart_version" >> $GITHUB_OUTPUT + echo "chart_version_with_prefix=v$chart_version" >> $GITHUB_OUTPUT - name: Version is incorrect - if: ${{ steps.chart_info.outputs.chart_version_with_prefix != github.ref }} + if: ${{ steps.chart_info.outputs.chart_version_with_prefix != steps.chart_info.outputs.tag_version }} run: exit 1 - name: Setup helm CLI uses: azure/setup-helm@v3 From 28383e9f9c18a79b9559bbb29c3240a28a624072 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 17:05:08 +0200 Subject: [PATCH 11/37] Fixing missing output export --- .github/workflows/release.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index 811a6a5..d088aac 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -23,6 +23,7 @@ jobs: echo "tag_version=${GITHUB_REF#refs/*/}" >> $GITHUB_OUTPUT echo "chart_version=$chart_version" >> $GITHUB_OUTPUT echo "chart_version_with_prefix=v$chart_version" >> $GITHUB_OUTPUT + echo "chart_name=$chart_name" >> $GITHUB_OUTPUT - name: Version is incorrect if: ${{ steps.chart_info.outputs.chart_version_with_prefix != steps.chart_info.outputs.tag_version }} run: exit 1 From 16cb8e4be19f747391dd7cfcb15b3ac70025ae98 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 17:21:04 +0200 Subject: [PATCH 12/37] Bump chart version --- Chart.yaml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 160ed31..938689a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -28,6 +28,6 @@ maintainers: - name: Innovatrics url: https://www.innovatrics.com/ -version: 0.1.17 +version: 0.1.18 appVersion: "v5_4.21.0" diff --git a/README.md b/README.md index e99fafb..9cbaf09 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # smartface -![Version: 0.1.17](https://img.shields.io/badge/Version-0.1.17-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) +![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) SmartFace is a Scalable Facial Recognition Server Platform Able to Process Multiple Real-Time Video Streams. Currently the helm chart supports edge stream and Lightweight Face Identification System (LFIS) deployments From f8f2852070ea9d346ed9775ef1d2b4c81678b84d Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 17:27:45 +0200 Subject: [PATCH 13/37] Extension case fix --- CHANGELOG.MD => CHANGELOG.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename CHANGELOG.MD => CHANGELOG.md (100%) diff --git a/CHANGELOG.MD b/CHANGELOG.md similarity index 100% rename from CHANGELOG.MD rename to CHANGELOG.md From 8a2af53f2c1e4af513838b4953e8cf7304d7cfe0 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 13 Sep 2023 17:36:20 +0200 Subject: [PATCH 14/37] Bumped version to 1.0.0 --- Chart.yaml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 938689a..ef882df 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -28,6 +28,6 @@ maintainers: - name: Innovatrics url: https://www.innovatrics.com/ -version: 0.1.18 +version: 1.0.0 appVersion: "v5_4.21.0" diff --git a/README.md b/README.md index 9cbaf09..a42e352 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # smartface -![Version: 0.1.18](https://img.shields.io/badge/Version-0.1.18-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) +![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) SmartFace is a Scalable Facial Recognition Server Platform Able to Process Multiple Real-Time Video Streams. Currently the helm chart supports edge stream and Lightweight Face Identification System (LFIS) deployments From 7101e7b084325ec6a4d47d70f6f80397eb68c0c1 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 14 Sep 2023 15:36:21 +0200 Subject: [PATCH 15/37] Added pre-commit to CI --- .github/workflows/ci.yaml | 4 +++- .pre-commit-config.yaml | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 380f2d9..c70ffec 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -7,7 +7,7 @@ on: tags-ignore: - 'v*' jobs: - build: + ci: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 @@ -25,3 +25,5 @@ jobs: - name: Package helm run: | helm package . + - uses: actions/setup-python@v3 + - uses: pre-commit/action@v3.0.0 diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 4287d2d..955f8ff 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -9,7 +9,6 @@ repos: - id: detect-private-key - id: end-of-file-fixer -# TODO need this? - repo: https://github.com/gruntwork-io/pre-commit rev: v0.1.22 hooks: From 2eabd6774eaefc9438a2a36f0b40520477b00b86 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 14 Sep 2023 15:42:00 +0200 Subject: [PATCH 16/37] Installing helm-docs --- .github/workflows/ci.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c70ffec..8a6f993 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -26,4 +26,5 @@ jobs: run: | helm package . - uses: actions/setup-python@v3 + - uses: gabe565/setup-helm-docs-action@v1 - uses: pre-commit/action@v3.0.0 From d92010376b520f7c3fa6ea1dee661ecc594ef3c2 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Mon, 18 Sep 2023 09:42:06 +0200 Subject: [PATCH 17/37] Downversioning So we can have more version before we officially release --- Chart.yaml | 2 +- README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index ef882df..34f7890 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -28,6 +28,6 @@ maintainers: - name: Innovatrics url: https://www.innovatrics.com/ -version: 1.0.0 +version: 0.2.0 appVersion: "v5_4.21.0" diff --git a/README.md b/README.md index a42e352..3b5178c 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # smartface -![Version: 1.0.0](https://img.shields.io/badge/Version-1.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) +![Version: 0.2.0](https://img.shields.io/badge/Version-0.2.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v5_4.21.0](https://img.shields.io/badge/AppVersion-v5_4.21.0-informational?style=flat-square) SmartFace is a Scalable Facial Recognition Server Platform Able to Process Multiple Real-Time Video Streams. Currently the helm chart supports edge stream and Lightweight Face Identification System (LFIS) deployments From e9521f68377bcbc08685131cfb24f25e87e4f3a3 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Mon, 18 Sep 2023 14:17:09 +0200 Subject: [PATCH 18/37] Changelog update More comprehensive changelog --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1b7a2db..e69fdcf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,3 +5,7 @@ ### Added - Initial implementation +- Chart can be configured to support following scenarios: + - Lightweight Face Identification System (LFIS) - single-tenant and multi-tenant + - Edge stream processing - single tenant only +- Chart can be configured to use externally-managed rabbitmq (e.g. [AmazonMQ](https://aws.amazon.com/amazon-mq/)) or deploy a rabbitmq [subchart](https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq) From b2c307c8cbcfabe5a83c91c7040daf5ab0f3a877 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 19 Sep 2023 17:09:22 +0200 Subject: [PATCH 19/37] Fixed matcher yaml template indenting --- templates/_matcher.tpl | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index dc1d06f..f577be8 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -27,15 +27,15 @@ spec: - name: {{ .Values.matcher.name | quote }} image: "{{ .Values.image.registry }}sf-matcher:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 12 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 12 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 12 }} + {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} + {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} resources: requests: memory: "200M" cpu: {{ .Values.matcher.cpuRequests | quote }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 12 }} + {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 12 }} + {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} {{- end }} From 51bc43306ab6c9ea73fd617484f1a6a1b0620611 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 19 Sep 2023 17:10:47 +0200 Subject: [PATCH 20/37] Resources from values Using resource limits/requests from values file, which gives better flexibility for cline to set them as they see fit --- README.md | 37 ++++++++-- templates/_matcher.tpl | 4 +- templates/api-deployment.yaml | 6 +- templates/auth-api-deployment.yaml | 6 +- templates/countly-publisher-deployment.yaml | 4 +- templates/detector-deployment.yaml | 6 +- .../access-controller-deployment.yaml | 4 +- templates/edge-streams/base-deployment.yaml | 4 +- .../edge-stream-processor-deployment.yaml | 4 +- .../edge-streams/face-matcher-deployment.yaml | 4 +- .../stream-data-db-worker-deployment.yaml | 2 + templates/extractor-deployment.yaml | 6 +- templates/graphql-deployment.yaml | 6 +- templates/liveness-deployment.yaml | 4 +- templates/station-deployment.yaml | 4 +- values.yaml | 70 +++++++++++++++++-- 16 files changed, 114 insertions(+), 57 deletions(-) diff --git a/README.md b/README.md index 3b5178c..4be1e14 100644 --- a/README.md +++ b/README.md @@ -93,12 +93,17 @@ stringData: | accessController.dnsHost | string | `""` | | | accessController.imageVersion | string | `"v5_1.9.1"` | | | accessController.name | string | `"sf-access-controller"` | | +| accessController.resources.requests.cpu | string | `"100m"` | | +| accessController.resources.requests.memory | string | `"100M"` | | | accessController.servicePort | int | `5050` | | | api.containerPort | int | `80` | | | api.dnsHost | string | `""` | | | api.enabled | bool | `true` | | | api.initMigration | bool | `true` | | | api.name | string | `"sf-api"` | | +| api.resources.limits.memory | string | `"4G"` | | +| api.resources.requests.cpu | string | `"250m"` | | +| api.resources.requests.memory | string | `"300M"` | | | api.servicePort | int | `80` | | | auth.configName | string | `"auth-config"` | config containing authorization configuration for APIs used when authentication is enabled | | authApi.containerPort | int | `80` | | @@ -106,6 +111,9 @@ stringData: | authApi.enabled | bool | `false` | | | authApi.initMigration | bool | `true` | | | authApi.name | string | `"sf-auth-api"` | | +| authApi.resources.limits.memory | string | `"4G"` | | +| authApi.resources.requests.cpu | string | `"250m"` | | +| authApi.resources.requests.memory | string | `"300M"` | | | authApi.servicePort | int | `8098` | | | autoscaling.api.enabled | bool | `true` | enables ScaledObject for rest API | | autoscaling.api.maxReplicas | int | `3` | | @@ -131,26 +139,41 @@ stringData: | autoscaling.rmq.hostSecretName | string | `"rmq-management-uri-with-creds"` | | | autoscaling.rmq.triggerAuthName | string | `"keda-trigger-auth-rabbitmq-conn"` | | | base.name | string | `"sf-base"` | | +| base.resources.requests.cpu | string | `"100m"` | | +| base.resources.requests.memory | string | `"100M"` | | | base.zmqContainerPort | int | `2406` | | | base.zmqServicePort | int | `2406` | | | countlyPublisher.clusterName | string | `""` | | | countlyPublisher.enabled | bool | `false` | | | countlyPublisher.imageTag | string | `"31"` | | | countlyPublisher.name | string | `"countly-publisher"` | | +| countlyPublisher.resources.requests.cpu | string | `"100m"` | | +| countlyPublisher.resources.requests.memory | string | `"100M"` | | | database.connectionStringKey | string | `"cs"` | | | database.secretName | string | `"db-cs"` | | -| detector.cpuRequests | string | `"750m"` | | | detector.name | string | `"sf-detector"` | | +| detector.resources.limits.memory | string | `"1500M"` | | +| detector.resources.requests.cpu | string | `"750m"` | | +| detector.resources.requests.memory | string | `"600M"` | | | edgeStreams.enabled | bool | `false` | | | edgeStreams.name | string | `"sf-edge-stream-processor"` | | -| extractor.cpuRequests | string | `"750m"` | | +| edgeStreams.resources.requests.cpu | string | `"100m"` | | +| edgeStreams.resources.requests.memory | string | `"100M"` | | | extractor.name | string | `"sf-extractor"` | | +| extractor.resources.limits.memory | string | `"1G"` | | +| extractor.resources.requests.cpu | string | `"750m"` | | +| extractor.resources.requests.memory | string | `"500M"` | | | faceMatcher.name | string | `"sf-face-matcher"` | | +| faceMatcher.resources.requests.cpu | string | `"100m"` | | +| faceMatcher.resources.requests.memory | string | `"100M"` | | | graphqlApi.containerPort | int | `80` | | | graphqlApi.dnsHost | string | `""` | | | graphqlApi.enableAuth | bool | `false` | | | graphqlApi.initMigration | bool | `false` | | | graphqlApi.name | string | `"sf-graphql-api"` | | +| graphqlApi.resources.limits.memory | string | `"4G"` | | +| graphqlApi.resources.requests.cpu | string | `"250m"` | | +| graphqlApi.resources.requests.memory | string | `"300M"` | | | graphqlApi.servicePort | int | `8097` | | | image.registry | string | `"registry.gitlab.com/innovatrics/smartface/"` | registry to pull SmartFace images from | | image.secretName | string | `"sf-gitlab-registry-creds"` | docker secret to pull SmartFace images with | @@ -164,10 +187,12 @@ stringData: | license.mountPath | string | `"/etc/innovatrics"` | | | license.secretName | string | `"iface-lic"` | | | license.volumeMountName | string | `"license"` | | -| liveness.cpuRequests | string | `"750m"` | | | liveness.name | string | `"sf-liveness"` | | -| matcher.cpuRequests | string | `"750m"` | | +| liveness.resources.requests.cpu | string | `"750m"` | | +| liveness.resources.requests.memory | string | `"200M"` | | | matcher.name | string | `"sf-matcher"` | | +| matcher.resources.requests.cpu | string | `"750m"` | | +| matcher.resources.requests.memory | string | `"200M"` | | | metrics.enabled | bool | `false` | | | metrics.monitorDiscoveryLabel.instance | string | `"primary"` | | | metrics.port | int | `4318` | | @@ -190,10 +215,14 @@ stringData: | station.enabled | bool | `true` | | | station.imageVersion | string | `"v5_1.17.0"` | | | station.name | string | `"sf-station"` | | +| station.resources.requests.cpu | string | `"100m"` | | +| station.resources.requests.memory | string | `"100M"` | | | station.servicePort | int | `8000` | | | stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | | stationAuth.secretName | string | `"station-client-id"` | | | streamDataDbWorker.name | string | `"sf-stream-data-db-worker"` | | +| streamDataDbWorker.resources.requests.cpu | string | `"100m"` | | +| streamDataDbWorker.resources.requests.memory | string | `"100M"` | | ## Maintainers diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index f577be8..f9529a7 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -31,9 +31,7 @@ spec: {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} resources: - requests: - memory: "200M" - cpu: {{ .Values.matcher.cpuRequests | quote }} + {{- toYaml .Values.matcher.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 5715dbc..5b5a9eb 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -39,11 +39,7 @@ spec: - name: "Hosting__Port" value: {{ .Values.api.containerPort | quote }} resources: - requests: - memory: "300M" - cpu: "250m" - limits: - memory: "4G" + {{- toYaml .Values.api.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} {{- if and .Values.migration.enabled .Values.api.initMigration }} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index 2314e40..834c91f 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -42,11 +42,7 @@ spec: - name: "Hosting__Port" value: {{ .Values.authApi.containerPort | quote }} resources: - requests: - memory: "300M" - cpu: "250m" - limits: - memory: "4G" + {{- toYaml .Values.authApi.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} {{- if and .Values.migration.enabled .Values.authApi.initMigration }} diff --git a/templates/countly-publisher-deployment.yaml b/templates/countly-publisher-deployment.yaml index 675085e..eda9236 100644 --- a/templates/countly-publisher-deployment.yaml +++ b/templates/countly-publisher-deployment.yaml @@ -42,7 +42,5 @@ spec: - name: "PrometheusConfiguration__Endpoints__0" value: "http://+:{{ .Values.metrics.port }}/" resources: - requests: - memory: "100M" - cpu: "100m" + {{- toYaml .Values.countlyPublisher.resources | nindent 10 }} {{- end }} diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml index cb76853..d62a109 100644 --- a/templates/detector-deployment.yaml +++ b/templates/detector-deployment.yaml @@ -25,11 +25,7 @@ spec: {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} resources: - requests: - memory: "600M" - cpu: {{ .Values.detector.cpuRequests | quote }} - limits: - memory: "1500M" + {{- toYaml .Values.detector.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml index 14b0e87..fb415ce 100644 --- a/templates/edge-streams/access-controller-deployment.yaml +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -35,9 +35,7 @@ spec: - name: "Kestrel__EndPoints__HttpAuth__RequireAuthentication" value: "true" resources: - requests: - memory: "100M" - cpu: "100m" + {{- toYaml .Values.accessController.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml index ebc0a96..bbf59c0 100644 --- a/templates/edge-streams/base-deployment.yaml +++ b/templates/edge-streams/base-deployment.yaml @@ -29,9 +29,7 @@ spec: {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} resources: - requests: - memory: "100M" - cpu: "100m" + {{- toYaml .Values.base.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index ec91601..8873d0e 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -27,9 +27,7 @@ spec: {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} resources: - requests: - memory: "100M" - cpu: "100m" + {{- toYaml .Values.edgeStreams.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index 0f409da..3dfb841 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -27,9 +27,7 @@ spec: {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} resources: - requests: - memory: "100M" - cpu: "100m" + {{- toYaml .Values.faceMatcher.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index dc9755a..6da77bd 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -28,6 +28,8 @@ spec: {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + resources: + {{- toYaml .Values.streamDataDbWorker.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml index 7634934..9cdab13 100644 --- a/templates/extractor-deployment.yaml +++ b/templates/extractor-deployment.yaml @@ -25,11 +25,7 @@ spec: {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} resources: - requests: - memory: "500M" - cpu: {{ .Values.extractor.cpuRequests | quote }} - limits: - memory: "1G" + {{- toYaml .Values.extractor.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index 3ef399b..2740bbb 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -39,11 +39,7 @@ spec: - name: "Hosting__Port" value: {{ .Values.graphqlApi.containerPort | quote }} resources: - requests: - memory: "300M" - cpu: "250m" - limits: - memory: "4G" + {{- toYaml .Values.graphqlApi.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} {{- if and .Values.migration.enabled .Values.graphqlApi.initMigration }} diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml index b8fa79b..6ba0176 100644 --- a/templates/liveness-deployment.yaml +++ b/templates/liveness-deployment.yaml @@ -25,9 +25,7 @@ spec: {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} resources: - requests: - memory: "200M" - cpu: {{ .Values.liveness.cpuRequests | quote }} + {{- toYaml .Values.liveness.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml index 745400b..e7d018c 100644 --- a/templates/station-deployment.yaml +++ b/templates/station-deployment.yaml @@ -88,9 +88,7 @@ spec: name: {{ .Values.stationAuth.secretName | quote }} key: "client_id" resources: - requests: - memory: "100M" - cpu: "100m" + {{- toYaml .Values.station.resources | nindent 10 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} volumes: diff --git a/values.yaml b/values.yaml index 28fa07b..2dfc239 100644 --- a/values.yaml +++ b/values.yaml @@ -53,6 +53,12 @@ api: containerPort: 80 dnsHost: "" initMigration: true + resources: + requests: + memory: "300M" + cpu: "250m" + limits: + memory: "4G" authApi: enabled: false @@ -61,6 +67,12 @@ authApi: containerPort: 80 dnsHost: "" initMigration: true + resources: + requests: + memory: "300M" + cpu: "250m" + limits: + memory: "4G" graphqlApi: name: "sf-graphql-api" @@ -69,6 +81,12 @@ graphqlApi: dnsHost: "" enableAuth: false initMigration: false + resources: + requests: + memory: "300M" + cpu: "250m" + limits: + memory: "4G" ingress: # -- enable creation of ingress object @@ -84,31 +102,59 @@ ingress: detector: name: "sf-detector" - cpuRequests: "750m" + resources: + requests: + memory: "600M" + cpu: "750m" + limits: + memory: "1500M" extractor: name: "sf-extractor" - cpuRequests: "750m" + resources: + requests: + memory: "500M" + cpu: "750m" + limits: + memory: "1G" matcher: name: "sf-matcher" - cpuRequests: "750m" + resources: + requests: + memory: "200M" + cpu: "750m" liveness: name: "sf-liveness" - cpuRequests: "750m" + resources: + requests: + memory: "200M" + cpu: "750m" edgeStreams: name: "sf-edge-stream-processor" enabled: false + resources: + requests: + memory: "100M" + cpu: "100m" base: name: "sf-base" zmqServicePort: 2406 zmqContainerPort: 2406 + resources: + requests: + memory: "100M" + cpu: "100m" faceMatcher: name: "sf-face-matcher" + resources: + requests: + memory: "100M" + cpu: "100m" accessController: name: "sf-access-controller" @@ -119,6 +165,10 @@ accessController: containerPort: 80 authServicePort: 5051 authContainerPort: 5051 + resources: + requests: + memory: "100M" + cpu: "100m" station: enabled: true @@ -127,9 +177,17 @@ station: servicePort: 8000 containerPort: 80 dnsHost: "" + resources: + requests: + memory: "100M" + cpu: "100m" streamDataDbWorker: name: "sf-stream-data-db-worker" + resources: + requests: + memory: "100M" + cpu: "100m" jaeger: enabled: true @@ -202,6 +260,10 @@ countlyPublisher: name: "countly-publisher" clusterName: "" imageTag: "31" + resources: + requests: + memory: "100M" + cpu: "100m" metrics: enabled: false From 71fa7b14cbdda1fd253768a2796f27ef7994b6a0 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 19 Sep 2023 17:24:03 +0200 Subject: [PATCH 21/37] Added resource configuration to init container --- README.md | 1 + templates/_helpers.tpl | 2 ++ values.yaml | 2 ++ 3 files changed, 5 insertions(+) diff --git a/README.md b/README.md index 4be1e14..32256f3 100644 --- a/README.md +++ b/README.md @@ -199,6 +199,7 @@ stringData: | metrics.portName | string | `"metrics"` | | | metrics.serviceDiscoveryLabels.sf-metrics | string | `"true"` | | | migration.enabled | bool | `true` | | +| migration.initContainer.resources | object | `{}` | | | multitenancy.enabled | bool | `false` | enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled | | rabbitmq | object | `{"auth":{"erlangCookie":"","password":"","username":"smartface"},"configMapName":"sf-rmq-connection","enabled":true,"existingSecretName":"","extraPlugins":"rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt","mqttDnsHost":"","secretKey":"rabbitmq-password"}` | config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq | | rabbitmq.enabled | bool | `true` | configure if rabbitmq subchart should be included | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8431224..0d2fe13 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -198,6 +198,8 @@ Init container to perform database migration before starting the main container name: {{ .Values.database.secretName | quote }} key: {{ .Values.database.connectionStringKey | quote }} {{- include "sf-cloud-matcher.rmqConfig" . | nindent 4 }} + resources: + {{- toYaml .Values.migration.initContainer.resources | nindent 4 }} volumeMounts: {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 2 }} {{- end -}} diff --git a/values.yaml b/values.yaml index 2dfc239..939db5e 100644 --- a/values.yaml +++ b/values.yaml @@ -195,6 +195,8 @@ jaeger: migration: enabled: true + initContainer: + resources: {} autoscaling: cron: From b7830612c2d8dd821ee8c6b94376cdfce47da9ab Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 19 Sep 2023 17:24:20 +0200 Subject: [PATCH 22/37] Added resource configuration to proxy container --- README.md | 1 + templates/readonly-api/api-nginx-deployment.yaml | 10 ++++++---- templates/readonly-api/auth-api-nginx-deployment.yaml | 10 ++++++---- values.yaml | 2 ++ 4 files changed, 15 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 32256f3..10e1489 100644 --- a/README.md +++ b/README.md @@ -207,6 +207,7 @@ stringData: | readonlyApi.authName | string | `"readonly-auth-api"` | | | readonlyApi.enabled | bool | `false` | | | readonlyApi.noAuthName | string | `"readonly-noauth-api"` | | +| readonlyApi.proxyContainer.resources | object | `{}` | | | s3.bucketKey | string | `"name"` | | | s3.configName | string | `"s3-config"` | | | s3.regionKey | string | `"region"` | | diff --git a/templates/readonly-api/api-nginx-deployment.yaml b/templates/readonly-api/api-nginx-deployment.yaml index 0395140..941a8d4 100644 --- a/templates/readonly-api/api-nginx-deployment.yaml +++ b/templates/readonly-api/api-nginx-deployment.yaml @@ -20,10 +20,12 @@ spec: - name: "http" containerPort: {{ .Values.api.containerPort }} volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d/default.conf - subPath: nginx.conf - readOnly: true + - name: nginx-conf + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx.conf + readOnly: true + resources: + {{- toYaml .Values.readonlyApi.proxyContainer.resources | nindent 10 }} volumes: - name: nginx-conf configMap: diff --git a/templates/readonly-api/auth-api-nginx-deployment.yaml b/templates/readonly-api/auth-api-nginx-deployment.yaml index fb153e7..509bc76 100644 --- a/templates/readonly-api/auth-api-nginx-deployment.yaml +++ b/templates/readonly-api/auth-api-nginx-deployment.yaml @@ -20,10 +20,12 @@ spec: - name: "http" containerPort: {{ .Values.authApi.containerPort }} volumeMounts: - - name: nginx-conf - mountPath: /etc/nginx/conf.d/default.conf - subPath: nginx.conf - readOnly: true + - name: nginx-conf + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx.conf + readOnly: true + resources: + {{- toYaml .Values.readonlyApi.proxyContainer.resources | nindent 10 }} volumes: - name: nginx-conf configMap: diff --git a/values.yaml b/values.yaml index 939db5e..f3d8618 100644 --- a/values.yaml +++ b/values.yaml @@ -280,3 +280,5 @@ readonlyApi: enabled: false authName: "readonly-auth-api" noAuthName: "readonly-noauth-api" + proxyContainer: + resources: {} From 87f4baefb009fa89efd45a4300cdccdc59597249 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 20 Sep 2023 16:33:10 +0200 Subject: [PATCH 23/37] Added new S3 config properties --- README.md | 3 +++ external-config.yaml | 3 +++ templates/_helpers.tpl | 17 +++++++++++++++++ templates/_validations.tpl | 3 +++ values.yaml | 3 +++ 5 files changed, 29 insertions(+) diff --git a/README.md b/README.md index 10e1489..c00752b 100644 --- a/README.md +++ b/README.md @@ -208,8 +208,11 @@ stringData: | readonlyApi.enabled | bool | `false` | | | readonlyApi.noAuthName | string | `"readonly-noauth-api"` | | | readonlyApi.proxyContainer.resources | object | `{}` | | +| s3.authTypeKey | string | `"authType"` | | | s3.bucketKey | string | `"name"` | | | s3.configName | string | `"s3-config"` | | +| s3.endpointTypeKey | string | `"endpointType"` | | +| s3.folderKey | string | `"folder"` | | | s3.regionKey | string | `"region"` | | | sf-tenant-operator | object | `{"config":{"configDir":"/etc/components","fileName":"appsettings.override.json","mapName":"operator-config"},"image":{"secretName":"sf-gitlab-registry-creds"},"installCrd":false}` | configuration for sf-tenant-operator subchart | | station.containerPort | int | `80` | | diff --git a/external-config.yaml b/external-config.yaml index 9a9286b..ab4a82e 100644 --- a/external-config.yaml +++ b/external-config.yaml @@ -29,6 +29,9 @@ data: # supply S3 bucket name: "sf-cm-test" region: "eu-central-1" + folder: "sface" + authType: "AssumedRole" + endpointType: "BucketRegion" --- apiVersion: v1 stringData: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 0d2fe13..e3c3106 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -25,6 +25,23 @@ Template used for adding S3 configuration to containers configMapKeyRef: name: {{ .Values.s3.configName | quote }} key: {{ .Values.s3.regionKey | quote }} +- name: "S3Bucket__Folder" + valueFrom: + configMapKeyRef: + name: {{ .Values.s3.configName | quote }} + key: {{ .Values.s3.folderKey | quote }} +# AssumedRole +- name: "S3Bucket__AuthenticationType" + valueFrom: + configMapKeyRef: + name: {{ .Values.s3.configName | quote }} + key: {{ .Values.s3.authTypeKey | quote }} +# BucketRegion +- name: "S3Bucket__EndpointType" + valueFrom: + configMapKeyRef: + name: {{ .Values.s3.configName | quote }} + key: {{ .Values.s3.endpointTypeKey | quote }} {{- end }} {{/* diff --git a/templates/_validations.tpl b/templates/_validations.tpl index 624850d..87d9b1e 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -41,6 +41,9 @@ Validate that the S3 config map exists with correct keys {{- define "sf-cloud-matcher.validate.s3Config" -}} {{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.bucketKey) }} {{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.regionKey) }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.folderKey) }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.authTypeKey) }} +{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.endpointTypeKey) }} {{- end -}} {{/* diff --git a/values.yaml b/values.yaml index f3d8618..5ef291e 100644 --- a/values.yaml +++ b/values.yaml @@ -16,6 +16,9 @@ s3: configName: "s3-config" bucketKey: "name" regionKey: "region" + folderKey: "folder" + authTypeKey: "authType" + endpointTypeKey: "endpointType" # -- config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq rabbitmq: From 122f54a25d818a6bc8e02dac04bfafc7db8b992a Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 21 Sep 2023 10:22:34 +0200 Subject: [PATCH 24/37] Service account configuration Creating and using separate service account based on user-provided configuration --- README.md | 6 ++++++ templates/_matcher.tpl | 2 ++ templates/api-deployment.yaml | 2 ++ templates/auth-api-deployment.yaml | 2 ++ templates/countly-publisher-deployment.yaml | 2 ++ templates/detector-deployment.yaml | 2 ++ .../access-controller-deployment.yaml | 2 ++ templates/edge-streams/base-deployment.yaml | 2 ++ .../edge-stream-processor-deployment.yaml | 2 ++ .../edge-streams/face-matcher-deployment.yaml | 2 ++ .../stream-data-db-worker-deployment.yaml | 2 ++ templates/extractor-deployment.yaml | 2 ++ templates/graphql-deployment.yaml | 2 ++ templates/liveness-deployment.yaml | 2 ++ .../readonly-api/api-nginx-deployment.yaml | 2 ++ .../auth-api-nginx-deployment.yaml | 2 ++ templates/serviceaccount.yaml | 19 +++++++++++++++++++ templates/station-deployment.yaml | 2 ++ values.yaml | 14 ++++++++++++++ 19 files changed, 71 insertions(+) create mode 100644 templates/serviceaccount.yaml diff --git a/README.md b/README.md index c00752b..4584f60 100644 --- a/README.md +++ b/README.md @@ -214,6 +214,12 @@ stringData: | s3.endpointTypeKey | string | `"endpointType"` | | | s3.folderKey | string | `"folder"` | | | s3.regionKey | string | `"region"` | | +| serviceAccount.annotations | object | `{}` | Annotations for the service account | +| serviceAccount.automountServiceAccountToken | bool | `true` | Set this toggle to false to opt out of automounting API credentials for the service account | +| serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | +| serviceAccount.imagePullSecrets | list | `[]` | Image pull secrets for the service account | +| serviceAccount.labels | object | `{}` | Labels for the service account | +| serviceAccount.name | string | `"sf-service-account"` | The name of the ServiceAccount to use. | | sf-tenant-operator | object | `{"config":{"configDir":"/etc/components","fileName":"appsettings.override.json","mapName":"operator-config"},"image":{"secretName":"sf-gitlab-registry-creds"},"installCrd":false}` | configuration for sf-tenant-operator subchart | | station.containerPort | int | `80` | | | station.dnsHost | string | `""` | | diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index f9529a7..e7c9fea 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -19,6 +19,8 @@ spec: labels: app: {{ .Values.matcher.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.matcher.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 5b5a9eb..f18cbb1 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.api.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.api.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index 834c91f..fcc93b7 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.authApi.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.authApi.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/countly-publisher-deployment.yaml b/templates/countly-publisher-deployment.yaml index eda9236..a0b556f 100644 --- a/templates/countly-publisher-deployment.yaml +++ b/templates/countly-publisher-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.countlyPublisher.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.countlyPublisher.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml index d62a109..20fab6b 100644 --- a/templates/detector-deployment.yaml +++ b/templates/detector-deployment.yaml @@ -14,6 +14,8 @@ spec: labels: app: {{ .Values.detector.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.detector.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml index fb415ce..54f1b8a 100644 --- a/templates/edge-streams/access-controller-deployment.yaml +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.accessController.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.accessController.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml index bbf59c0..04fe7c8 100644 --- a/templates/edge-streams/base-deployment.yaml +++ b/templates/edge-streams/base-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.base.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.base.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index 8873d0e..91a94f9 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.edgeStreams.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.edgeStreams.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index 3dfb841..ecc2338 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.faceMatcher.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.faceMatcher.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index 6da77bd..f45b0b2 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.streamDataDbWorker.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.streamDataDbWorker.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml index 9cdab13..7d20425 100644 --- a/templates/extractor-deployment.yaml +++ b/templates/extractor-deployment.yaml @@ -14,6 +14,8 @@ spec: labels: app: {{ .Values.extractor.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.extractor.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index 2740bbb..399e83e 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -14,6 +14,8 @@ spec: labels: app: {{ .Values.graphqlApi.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.graphqlApi.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml index 6ba0176..20dd2ec 100644 --- a/templates/liveness-deployment.yaml +++ b/templates/liveness-deployment.yaml @@ -14,6 +14,8 @@ spec: labels: app: {{ .Values.liveness.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.liveness.name) | nindent 8 }} imagePullSecrets: diff --git a/templates/readonly-api/api-nginx-deployment.yaml b/templates/readonly-api/api-nginx-deployment.yaml index 941a8d4..a99966e 100644 --- a/templates/readonly-api/api-nginx-deployment.yaml +++ b/templates/readonly-api/api-nginx-deployment.yaml @@ -13,6 +13,8 @@ spec: labels: app: {{ .Values.readonlyApi.noAuthName | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} containers: - name: nginx image: nginx:1.25.1 diff --git a/templates/readonly-api/auth-api-nginx-deployment.yaml b/templates/readonly-api/auth-api-nginx-deployment.yaml index 509bc76..dd27e71 100644 --- a/templates/readonly-api/auth-api-nginx-deployment.yaml +++ b/templates/readonly-api/auth-api-nginx-deployment.yaml @@ -13,6 +13,8 @@ spec: labels: app: {{ .Values.readonlyApi.authName | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} containers: - name: nginx image: nginx:1.25.1 diff --git a/templates/serviceaccount.yaml b/templates/serviceaccount.yaml new file mode 100644 index 0000000..1dea7fb --- /dev/null +++ b/templates/serviceaccount.yaml @@ -0,0 +1,19 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name | quote }} + labels: + {{- with .Values.serviceAccount.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- tpl (toYaml . | nindent 4) $ }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- with .Values.serviceAccount.imagePullSecrets }} +imagePullSecrets: + {{- toYaml . | nindent 2 }} +{{- end }} +{{- end }} diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml index e7d018c..696ab96 100644 --- a/templates/station-deployment.yaml +++ b/templates/station-deployment.yaml @@ -15,6 +15,8 @@ spec: labels: app: {{ .Values.station.name | quote }} spec: + serviceAccountName: {{ .Values.serviceAccount.name | quote }} + automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.station.name) | nindent 8 }} imagePullSecrets: diff --git a/values.yaml b/values.yaml index 5ef291e..7a1f060 100644 --- a/values.yaml +++ b/values.yaml @@ -285,3 +285,17 @@ readonlyApi: noAuthName: "readonly-noauth-api" proxyContainer: resources: {} + +serviceAccount: + # -- Specifies whether a ServiceAccount should be created + create: true + # -- The name of the ServiceAccount to use. + name: "sf-service-account" + # -- Image pull secrets for the service account + imagePullSecrets: [] + # -- Annotations for the service account + annotations: {} + # -- Labels for the service account + labels: {} + # -- Set this toggle to false to opt out of automounting API credentials for the service account + automountServiceAccountToken: true From 98245a47f0785e5dccbf8d3b80fec7ecd86da7d8 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 21 Sep 2023 10:25:48 +0200 Subject: [PATCH 25/37] Changed prefix for named templates The prefix now again matches name of the chart (after the chart was renamed) --- templates/_helpers.tpl | 26 +++--- templates/_matcher.tpl | 14 ++-- templates/_validations.tpl | 82 +++++++++---------- templates/api-deployment.yaml | 20 ++--- templates/auth-api-deployment.yaml | 22 ++--- templates/countly-publisher-deployment.yaml | 6 +- templates/detector-deployment.yaml | 10 +-- .../access-controller-deployment.yaml | 12 +-- templates/edge-streams/base-deployment.yaml | 14 ++-- .../edge-stream-processor-deployment.yaml | 12 +-- .../edge-streams/face-matcher-deployment.yaml | 12 +-- .../stream-data-db-worker-deployment.yaml | 14 ++-- templates/extractor-deployment.yaml | 10 +-- templates/graphql-deployment.yaml | 20 ++--- templates/liveness-deployment.yaml | 10 +-- templates/matcher-deployment.yaml | 2 +- templates/sf-tenant-operator-config.yaml | 2 +- templates/station-deployment.yaml | 8 +- templates/validation.yaml | 2 +- values.yaml | 2 +- 20 files changed, 150 insertions(+), 150 deletions(-) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index e3c3106..478889e 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -1,7 +1,7 @@ {{/* Template used for adding database configuration to containers */}} -{{- define "sf-cloud-matcher.dbConfig" -}} +{{- define "smartface.dbConfig" -}} - name: "ConnectionStrings__CoreDbContext" valueFrom: secretKeyRef: @@ -14,7 +14,7 @@ Template used for adding database configuration to containers {{/* Template used for adding S3 configuration to containers */}} -{{- define "sf-cloud-matcher.s3Config" -}} +{{- define "smartface.s3Config" -}} - name: "S3Bucket__BucketName" valueFrom: configMapKeyRef: @@ -47,7 +47,7 @@ Template used for adding S3 configuration to containers {{/* Template used for configuring feature flags on APIs */}} -{{- define "sf-cloud-matcher.apiFeaturesConfig" -}} +{{- define "smartface.apiFeaturesConfig" -}} - name: "FeatureManagement__Full" value: "false" - name: "FeatureManagement__Watchlist" @@ -59,7 +59,7 @@ Template used for configuring feature flags on APIs {{/* Template used for configuring Authentication on APIs */}} -{{- define "sf-cloud-matcher.authenticationConfig" -}} +{{- define "smartface.authenticationConfig" -}} - name: "Authentication__UseAuthentication" valueFrom: configMapKeyRef: @@ -95,7 +95,7 @@ Template used for configuring Authentication on APIs {{/* Template used for adding RMQ configuration to containers */}} -{{- define "sf-cloud-matcher.rmqConfig" -}} +{{- define "smartface.rmqConfig" -}} - name: "RabbitMQ__Hostname" valueFrom: configMapKeyRef: @@ -130,7 +130,7 @@ Template used for adding RMQ configuration to containers {{/* Template used for adding license volume to deployment definition */}} -{{- define "sf-cloud-matcher.licVolume" -}} +{{- define "smartface.licVolume" -}} - name: {{ .Values.license.volumeMountName | quote }} secret: secretName: {{ .Values.license.secretName | quote }} @@ -139,7 +139,7 @@ Template used for adding license volume to deployment definition {{/* Template used for binding the license volume to containers */}} -{{- define "sf-cloud-matcher.licVolumeMount" -}} +{{- define "smartface.licVolumeMount" -}} - name: {{ .Values.license.volumeMountName | quote }} mountPath: {{ .Values.license.mountPath | quote }} readOnly: true @@ -148,7 +148,7 @@ Template used for binding the license volume to containers {{/* Template used for common environment variables definition */}} -{{- define "sf-cloud-matcher.commonEnv" -}} +{{- define "smartface.commonEnv" -}} - name: "AppSettings__Log-RollingFile-Enabled" value: "false" - name: "AppSettings__Log_RollingFile_Enabled" @@ -168,7 +168,7 @@ Template used for common environment variables definition {{/* Enabling statistics pulishing for countly sender */}} -{{- define "sf-cloud-matcher.statisticsPublish" -}} +{{- define "smartface.statisticsPublish" -}} - name: "Statistics__SendStatisticsData" value: {{ .Values.countlyPublisher.enabled | quote }} {{- end }} @@ -176,7 +176,7 @@ Enabling statistics pulishing for countly sender {{/* Topology spread definition commonly used for most of our deployments */}} -{{- define "sf-cloud-matcher.topologySpread" -}} +{{- define "smartface.topologySpread" -}} - maxSkew: 1 topologyKey: "topology.kubernetes.io/zone" whenUnsatisfiable: ScheduleAnyway @@ -194,7 +194,7 @@ Topology spread definition commonly used for most of our deployments {{/* Init container to perform database migration before starting the main container */}} -{{- define "sf-cloud-matcher.migrationInitContainer" -}} +{{- define "smartface.migrationInitContainer" -}} - name: "sf-migration" image: "{{ .Values.image.registry }}sf-admin:{{ .Chart.AppVersion }}" args: [ @@ -214,9 +214,9 @@ Init container to perform database migration before starting the main container secretKeyRef: name: {{ .Values.database.secretName | quote }} key: {{ .Values.database.connectionStringKey | quote }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 4 }} + {{- include "smartface.rmqConfig" . | nindent 4 }} resources: {{- toYaml .Values.migration.initContainer.resources | nindent 4 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 2 }} + {{- include "smartface.licVolumeMount" . | nindent 2 }} {{- end -}} diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index e7c9fea..e2d25c5 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -2,7 +2,7 @@ {{/* Definition of matcher deployment manifest. Will either be used by tenant operator or directly */}} -{{- define "sf-cloud-matcher.matcherDefinition" -}} +{{- define "smartface.matcherDefinition" -}} apiVersion: "apps/v1" kind: "Deployment" metadata: @@ -22,20 +22,20 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.matcher.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.matcher.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.matcher.name | quote }} image: "{{ .Values.image.registry }}sf-matcher:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} resources: {{- toYaml .Values.matcher.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/_validations.tpl b/templates/_validations.tpl index 87d9b1e..33e44ce 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -2,15 +2,15 @@ {{/* Compile all warnings into a single message, and call fail. */}} -{{- define "sf-cloud-matcher.validate" -}} +{{- define "smartface.validate" -}} {{- $messages := list -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.multitenantEdge" .)) -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.dbConnectionSecret" .)) -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.s3Config" .)) -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.licenseSecret" .)) -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.authConfig" .)) -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.registryCreds" .)) -}} -{{- $messages := append $messages (trim (include "sf-cloud-matcher.validate.rmqConfig" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.multitenantEdge" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.dbConnectionSecret" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.s3Config" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.licenseSecret" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.authConfig" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.registryCreds" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.rmqConfig" .)) -}} {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} @@ -22,7 +22,7 @@ Compile all warnings into a single message, and call fail. {{/* Validate that users does not want multitenant edge streams */}} -{{- define "sf-cloud-matcher.validate.multitenantEdge" -}} +{{- define "smartface.validate.multitenantEdge" -}} {{- if and .Values.multitenancy.enabled .Values.edgeStreams.enabled -}} Multitenancy is not supported for clusters with edge streams. Please disable one of the two features {{- end -}} @@ -31,55 +31,55 @@ Multitenancy is not supported for clusters with edge streams. Please disable one {{/* Validate that the Database connection string secret exists with correct key */}} -{{- define "sf-cloud-matcher.validate.dbConnectionSecret" -}} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.database.secretName "Key" .Values.database.connectionStringKey) }} +{{- define "smartface.validate.dbConnectionSecret" -}} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.database.secretName "Key" .Values.database.connectionStringKey) }} {{- end -}} {{/* Validate that the S3 config map exists with correct keys */}} -{{- define "sf-cloud-matcher.validate.s3Config" -}} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.bucketKey) }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.regionKey) }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.folderKey) }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.authTypeKey) }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.endpointTypeKey) }} +{{- define "smartface.validate.s3Config" -}} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.bucketKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.regionKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.folderKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.authTypeKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.endpointTypeKey) }} {{- end -}} {{/* Validate that the license secret exists with correct keys */}} -{{- define "sf-cloud-matcher.validate.licenseSecret" -}} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.license.secretName "Key" "iengine.lic") }} +{{- define "smartface.validate.licenseSecret" -}} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.license.secretName "Key" "iengine.lic") }} {{- end -}} {{/* Validate auth config present if it will be needed */}} -{{- define "sf-cloud-matcher.validate.authConfig" -}} +{{- define "smartface.validate.authConfig" -}} {{- if or .Values.authApi.enabled .Values.graphqlApi.enableAuth -}} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "use_auth") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "authority") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "audience") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_token_url") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_authorize_url") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "use_auth") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "authority") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "audience") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_token_url") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_authorize_url") }} {{- end -}} {{- if .Values.station.enabled }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "use_auth") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "audience") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "domain") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "issuer") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "jwks_uri") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "auth_header") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.stationAuth.secretName "Key" "client_id") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "use_auth") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "audience") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "domain") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "issuer") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "jwks_uri") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "auth_header") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.stationAuth.secretName "Key" "client_id") }} {{- end -}} {{- end -}} {{/* Validate registry credentials */}} -{{- define "sf-cloud-matcher.validate.registryCreds" -}} -{{- $error := (include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.image.secretName "Key" ".dockerconfigjson")) -}} +{{- define "smartface.validate.registryCreds" -}} +{{- $error := (include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.image.secretName "Key" ".dockerconfigjson")) -}} {{- if $error -}} {{ printf "%s" ($error) }} To create the secret follow the official documentation https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ @@ -89,16 +89,16 @@ To create the secret follow the official documentation https://kubernetes.io/doc {{/* Validate rmq config if not managed by us */}} -{{- define "sf-cloud-matcher.validate.rmqConfig" -}} +{{- define "smartface.validate.rmqConfig" -}} {{- if not .Values.rabbitmq.enabled -}} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "hostname") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "useSsl") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "port") }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "username") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "hostname") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "useSsl") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "port") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.configMapName "Key" "username") }} {{- if not .Values.rabbitmq.existingSecretName }} Please provide value for `rabbitmq.existingSecretName` {{- else }} -{{ include "sf-cloud-matcher.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.existingSecretName "Key" .Values.rabbitmq.secretKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.rabbitmq.existingSecretName "Key" .Values.rabbitmq.secretKey) }} {{- end -}} {{- end -}} {{- end -}} @@ -106,7 +106,7 @@ Please provide value for `rabbitmq.existingSecretName` {{/* Validate arbitrary k8s resource and presence of a field on it */}} -{{- define "sf-cloud-matcher.validate.genericResourceWithKey" -}} +{{- define "smartface.validate.genericResourceWithKey" -}} {{- $resource := (lookup .Version .Type .Namespace .Name).data -}} {{- if $resource -}} {{- $value := (index $resource .Key) -}} diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index f18cbb1..f204251 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.api.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.api.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: @@ -30,12 +30,12 @@ spec: - name: {{ .Values.metrics.portName | quote }} containerPort: {{ .Values.metrics.port }} env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.statisticsPublish" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} + {{- include "smartface.s3Config" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} + {{- include "smartface.statisticsPublish" . | nindent 8 }} - name: "Hosting__Host" value: "http://0.0.0.0" - name: "Hosting__Port" @@ -43,11 +43,11 @@ spec: resources: {{- toYaml .Values.api.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} {{- if and .Values.migration.enabled .Values.api.initMigration }} initContainers: - {{- include "sf-cloud-matcher.migrationInitContainer" . | nindent 6 }} + {{- include "smartface.migrationInitContainer" . | nindent 6 }} {{- end }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index fcc93b7..97807e3 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.authApi.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.authApi.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: @@ -30,13 +30,13 @@ spec: - name: {{ .Values.metrics.portName | quote }} containerPort: {{ .Values.metrics.port }} env: - {{- include "sf-cloud-matcher.authenticationConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.statisticsPublish" . | nindent 8 }} + {{- include "smartface.authenticationConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} + {{- include "smartface.s3Config" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} + {{- include "smartface.statisticsPublish" . | nindent 8 }} - name: "Multitenancy__UseMultitenancy" value: {{ .Values.multitenancy.enabled | quote }} - name: "Hosting__Host" @@ -46,11 +46,11 @@ spec: resources: {{- toYaml .Values.authApi.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} {{- if and .Values.migration.enabled .Values.authApi.initMigration }} initContainers: - {{- include "sf-cloud-matcher.migrationInitContainer" . | nindent 6 }} + {{- include "smartface.migrationInitContainer" . | nindent 6 }} {{- end }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/countly-publisher-deployment.yaml b/templates/countly-publisher-deployment.yaml index a0b556f..cdc4e3b 100644 --- a/templates/countly-publisher-deployment.yaml +++ b/templates/countly-publisher-deployment.yaml @@ -18,15 +18,15 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.countlyPublisher.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.countlyPublisher.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.countlyPublisher.name | quote }} image: "{{ .Values.image.registry }}sf-countly-publisher:{{ .Values.countlyPublisher.imageTag }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} - name: "CountlyConfiguration__ServerUrl" valueFrom: configMapKeyRef: diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml index 20fab6b..3cbd221 100644 --- a/templates/detector-deployment.yaml +++ b/templates/detector-deployment.yaml @@ -17,18 +17,18 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.detector.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.detector.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.detector.name | quote }} image: "{{ .Values.image.registry }}sf-detector:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} resources: {{- toYaml .Values.detector.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml index 54f1b8a..47ed066 100644 --- a/templates/edge-streams/access-controller-deployment.yaml +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -18,16 +18,16 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.accessController.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.accessController.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.accessController.name | quote }} image: "{{ .Values.image.registry }}sf-access-controller:{{ .Values.accessController.imageVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.authenticationConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.authenticationConfig" . | nindent 8 }} - name: "Kestrel__EndPoints__Http__Url" value: "http://0.0.0.0:{{ .Values.accessController.containerPort }}" - name: "Kestrel__EndPoints__Http__RequireAuthentication" @@ -39,7 +39,7 @@ spec: resources: {{- toYaml .Values.accessController.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml index 04fe7c8..a13f2a0 100644 --- a/templates/edge-streams/base-deployment.yaml +++ b/templates/edge-streams/base-deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.base.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.base.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: @@ -26,14 +26,14 @@ spec: image: "{{ .Values.image.registry }}sf-base:{{ .Chart.AppVersion }}" args: ["--serviceName", "SFBase"] env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} + {{- include "smartface.s3Config" . | nindent 8 }} resources: {{- toYaml .Values.base.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index 91a94f9..1993dd5 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -18,20 +18,20 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.edgeStreams.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.edgeStreams.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.edgeStreams.name | quote }} image: "{{ .Values.image.registry }}sf-edge-stream-processor:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} resources: {{- toYaml .Values.edgeStreams.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index ecc2338..fed57e8 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -18,20 +18,20 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.faceMatcher.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.faceMatcher.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.faceMatcher.name | quote }} image: "{{ .Values.image.registry }}sf-face-matcher:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} resources: {{- toYaml .Values.faceMatcher.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index f45b0b2..3b3c9b4 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -18,7 +18,7 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.streamDataDbWorker.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.streamDataDbWorker.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: @@ -26,14 +26,14 @@ spec: image: "{{ .Values.image.registry }}sf-streamdatadbworker:{{ .Chart.AppVersion }}" ports: env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} + {{- include "smartface.s3Config" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} resources: {{- toYaml .Values.streamDataDbWorker.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end }} diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml index 7d20425..397456a 100644 --- a/templates/extractor-deployment.yaml +++ b/templates/extractor-deployment.yaml @@ -17,18 +17,18 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.extractor.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.extractor.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.extractor.name | quote }} image: "{{ .Values.image.registry }}sf-extractor:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} resources: {{- toYaml .Values.extractor.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index 399e83e..62a960d 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -17,7 +17,7 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.graphqlApi.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.graphqlApi.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: @@ -27,13 +27,13 @@ spec: - containerPort: {{ .Values.graphqlApi.containerPort }} env: {{- if .Values.graphqlApi.enableAuth }} - {{- include "sf-cloud-matcher.authenticationConfig" . | nindent 8 }} + {{- include "smartface.authenticationConfig" . | nindent 8 }} {{- end }} - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.dbConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.s3Config" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} - {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.dbConfig" . | nindent 8 }} + {{- include "smartface.s3Config" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} + {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} - name: "Multitenancy__UseMultitenancy" value: {{ .Values.multitenancy.enabled | quote }} - name: "Hosting__Host" @@ -43,10 +43,10 @@ spec: resources: {{- toYaml .Values.graphqlApi.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} {{- if and .Values.migration.enabled .Values.graphqlApi.initMigration }} initContainers: - {{- include "sf-cloud-matcher.migrationInitContainer" . | nindent 6 }} + {{- include "smartface.migrationInitContainer" . | nindent 6 }} {{- end }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml index 20dd2ec..17c976c 100644 --- a/templates/liveness-deployment.yaml +++ b/templates/liveness-deployment.yaml @@ -17,18 +17,18 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.liveness.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.liveness.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.liveness.name | quote }} image: "{{ .Values.image.registry }}sf-liveness:{{ .Chart.AppVersion }}" env: - {{- include "sf-cloud-matcher.commonEnv" . | nindent 8 }} - {{- include "sf-cloud-matcher.rmqConfig" . | nindent 8 }} + {{- include "smartface.commonEnv" . | nindent 8 }} + {{- include "smartface.rmqConfig" . | nindent 8 }} resources: {{- toYaml .Values.liveness.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} diff --git a/templates/matcher-deployment.yaml b/templates/matcher-deployment.yaml index 5437384..4083dba 100644 --- a/templates/matcher-deployment.yaml +++ b/templates/matcher-deployment.yaml @@ -1,3 +1,3 @@ {{- if not .Values.multitenancy.enabled }} -{{- include "sf-cloud-matcher.matcherDefinition" . }} +{{- include "smartface.matcherDefinition" . }} {{- end }} diff --git a/templates/sf-tenant-operator-config.yaml b/templates/sf-tenant-operator-config.yaml index 956f29c..397d36d 100644 --- a/templates/sf-tenant-operator-config.yaml +++ b/templates/sf-tenant-operator-config.yaml @@ -22,5 +22,5 @@ data: } } matcher.yaml: |- - {{- include "sf-cloud-matcher.matcherDefinition" . | nindent 4 }} + {{- include "smartface.matcherDefinition" . | nindent 4 }} {{- end}} diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml index 696ab96..66b5176 100644 --- a/templates/station-deployment.yaml +++ b/templates/station-deployment.yaml @@ -18,14 +18,14 @@ spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "sf-cloud-matcher.topologySpread" (dict "appLabel" .Values.station.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.station.name) | nindent 8 }} imagePullSecrets: - name: {{ .Values.image.secretName | quote }} containers: - name: {{ .Values.station.name | quote }} image: "{{ .Values.image.registry }}sf-station:{{ .Values.station.imageVersion }}" env: - {{- include "sf-cloud-matcher.apiFeaturesConfig" . | nindent 8 }} + {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} - name: "HOST" value: "0.0.0.0" - name: "PORT" @@ -92,7 +92,7 @@ spec: resources: {{- toYaml .Values.station.resources | nindent 10 }} volumeMounts: - {{- include "sf-cloud-matcher.licVolumeMount" . | nindent 8 }} + {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: - {{- include "sf-cloud-matcher.licVolume" . | nindent 8 }} + {{- include "smartface.licVolume" . | nindent 8 }} {{- end}} diff --git a/templates/validation.yaml b/templates/validation.yaml index 5bc3453..f3de839 100644 --- a/templates/validation.yaml +++ b/templates/validation.yaml @@ -1 +1 @@ -{{- include "sf-cloud-matcher.validate" . }} +{{- include "smartface.validate" . }} diff --git a/values.yaml b/values.yaml index 7a1f060..6d456c9 100644 --- a/values.yaml +++ b/values.yaml @@ -1,4 +1,4 @@ -# Default values for sf-cloud-matcher. +# Default values for smartface. # This is a YAML-formatted file. # Declare variables to be passed into your templates. From 96b2bf7e71d5b7572f6e0836ee2ae3cecea3939e Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Thu, 21 Sep 2023 12:02:46 +0200 Subject: [PATCH 26/37] Adding node selector and tolerations To all deployed pods, so the pod scheduling can be fine-tuned --- README.md | 30 +++++++++++++++++++ templates/_matcher.tpl | 8 +++++ templates/api-deployment.yaml | 8 +++++ templates/auth-api-deployment.yaml | 8 +++++ templates/countly-publisher-deployment.yaml | 8 +++++ templates/detector-deployment.yaml | 8 +++++ .../access-controller-deployment.yaml | 8 +++++ templates/edge-streams/base-deployment.yaml | 8 +++++ .../edge-stream-processor-deployment.yaml | 8 +++++ .../edge-streams/face-matcher-deployment.yaml | 8 +++++ .../stream-data-db-worker-deployment.yaml | 8 +++++ templates/extractor-deployment.yaml | 8 +++++ templates/graphql-deployment.yaml | 8 +++++ templates/liveness-deployment.yaml | 8 +++++ templates/station-deployment.yaml | 8 +++++ values.yaml | 30 +++++++++++++++++++ 16 files changed, 172 insertions(+) diff --git a/README.md b/README.md index 4584f60..b9f4e75 100644 --- a/README.md +++ b/README.md @@ -93,28 +93,34 @@ stringData: | accessController.dnsHost | string | `""` | | | accessController.imageVersion | string | `"v5_1.9.1"` | | | accessController.name | string | `"sf-access-controller"` | | +| accessController.nodeSelector | object | `{}` | | | accessController.resources.requests.cpu | string | `"100m"` | | | accessController.resources.requests.memory | string | `"100M"` | | | accessController.servicePort | int | `5050` | | +| accessController.tolerations | list | `[]` | | | api.containerPort | int | `80` | | | api.dnsHost | string | `""` | | | api.enabled | bool | `true` | | | api.initMigration | bool | `true` | | | api.name | string | `"sf-api"` | | +| api.nodeSelector | object | `{}` | | | api.resources.limits.memory | string | `"4G"` | | | api.resources.requests.cpu | string | `"250m"` | | | api.resources.requests.memory | string | `"300M"` | | | api.servicePort | int | `80` | | +| api.tolerations | list | `[]` | | | auth.configName | string | `"auth-config"` | config containing authorization configuration for APIs used when authentication is enabled | | authApi.containerPort | int | `80` | | | authApi.dnsHost | string | `""` | | | authApi.enabled | bool | `false` | | | authApi.initMigration | bool | `true` | | | authApi.name | string | `"sf-auth-api"` | | +| authApi.nodeSelector | object | `{}` | | | authApi.resources.limits.memory | string | `"4G"` | | | authApi.resources.requests.cpu | string | `"250m"` | | | authApi.resources.requests.memory | string | `"300M"` | | | authApi.servicePort | int | `8098` | | +| authApi.tolerations | list | `[]` | | | autoscaling.api.enabled | bool | `true` | enables ScaledObject for rest API | | autoscaling.api.maxReplicas | int | `3` | | | autoscaling.api.minReplicas | int | `1` | | @@ -139,42 +145,56 @@ stringData: | autoscaling.rmq.hostSecretName | string | `"rmq-management-uri-with-creds"` | | | autoscaling.rmq.triggerAuthName | string | `"keda-trigger-auth-rabbitmq-conn"` | | | base.name | string | `"sf-base"` | | +| base.nodeSelector | object | `{}` | | | base.resources.requests.cpu | string | `"100m"` | | | base.resources.requests.memory | string | `"100M"` | | +| base.tolerations | list | `[]` | | | base.zmqContainerPort | int | `2406` | | | base.zmqServicePort | int | `2406` | | | countlyPublisher.clusterName | string | `""` | | | countlyPublisher.enabled | bool | `false` | | | countlyPublisher.imageTag | string | `"31"` | | | countlyPublisher.name | string | `"countly-publisher"` | | +| countlyPublisher.nodeSelector | object | `{}` | | | countlyPublisher.resources.requests.cpu | string | `"100m"` | | | countlyPublisher.resources.requests.memory | string | `"100M"` | | +| countlyPublisher.tolerations | list | `[]` | | | database.connectionStringKey | string | `"cs"` | | | database.secretName | string | `"db-cs"` | | | detector.name | string | `"sf-detector"` | | +| detector.nodeSelector | object | `{}` | | | detector.resources.limits.memory | string | `"1500M"` | | | detector.resources.requests.cpu | string | `"750m"` | | | detector.resources.requests.memory | string | `"600M"` | | +| detector.tolerations | list | `[]` | | | edgeStreams.enabled | bool | `false` | | | edgeStreams.name | string | `"sf-edge-stream-processor"` | | +| edgeStreams.nodeSelector | object | `{}` | | | edgeStreams.resources.requests.cpu | string | `"100m"` | | | edgeStreams.resources.requests.memory | string | `"100M"` | | +| edgeStreams.tolerations | list | `[]` | | | extractor.name | string | `"sf-extractor"` | | +| extractor.nodeSelector | object | `{}` | | | extractor.resources.limits.memory | string | `"1G"` | | | extractor.resources.requests.cpu | string | `"750m"` | | | extractor.resources.requests.memory | string | `"500M"` | | +| extractor.tolerations | list | `[]` | | | faceMatcher.name | string | `"sf-face-matcher"` | | +| faceMatcher.nodeSelector | object | `{}` | | | faceMatcher.resources.requests.cpu | string | `"100m"` | | | faceMatcher.resources.requests.memory | string | `"100M"` | | +| faceMatcher.tolerations | list | `[]` | | | graphqlApi.containerPort | int | `80` | | | graphqlApi.dnsHost | string | `""` | | | graphqlApi.enableAuth | bool | `false` | | | graphqlApi.initMigration | bool | `false` | | | graphqlApi.name | string | `"sf-graphql-api"` | | +| graphqlApi.nodeSelector | object | `{}` | | | graphqlApi.resources.limits.memory | string | `"4G"` | | | graphqlApi.resources.requests.cpu | string | `"250m"` | | | graphqlApi.resources.requests.memory | string | `"300M"` | | | graphqlApi.servicePort | int | `8097` | | +| graphqlApi.tolerations | list | `[]` | | | image.registry | string | `"registry.gitlab.com/innovatrics/smartface/"` | registry to pull SmartFace images from | | image.secretName | string | `"sf-gitlab-registry-creds"` | docker secret to pull SmartFace images with | | ingress.annotations | string | `nil` | supply custom ingress annotation | @@ -188,11 +208,15 @@ stringData: | license.secretName | string | `"iface-lic"` | | | license.volumeMountName | string | `"license"` | | | liveness.name | string | `"sf-liveness"` | | +| liveness.nodeSelector | object | `{}` | | | liveness.resources.requests.cpu | string | `"750m"` | | | liveness.resources.requests.memory | string | `"200M"` | | +| liveness.tolerations | list | `[]` | | | matcher.name | string | `"sf-matcher"` | | +| matcher.nodeSelector | object | `{}` | | | matcher.resources.requests.cpu | string | `"750m"` | | | matcher.resources.requests.memory | string | `"200M"` | | +| matcher.tolerations | list | `[]` | | | metrics.enabled | bool | `false` | | | metrics.monitorDiscoveryLabel.instance | string | `"primary"` | | | metrics.port | int | `4318` | | @@ -207,7 +231,9 @@ stringData: | readonlyApi.authName | string | `"readonly-auth-api"` | | | readonlyApi.enabled | bool | `false` | | | readonlyApi.noAuthName | string | `"readonly-noauth-api"` | | +| readonlyApi.nodeSelector | object | `{}` | | | readonlyApi.proxyContainer.resources | object | `{}` | | +| readonlyApi.tolerations | list | `[]` | | | s3.authTypeKey | string | `"authType"` | | | s3.bucketKey | string | `"name"` | | | s3.configName | string | `"s3-config"` | | @@ -226,14 +252,18 @@ stringData: | station.enabled | bool | `true` | | | station.imageVersion | string | `"v5_1.17.0"` | | | station.name | string | `"sf-station"` | | +| station.nodeSelector | object | `{}` | | | station.resources.requests.cpu | string | `"100m"` | | | station.resources.requests.memory | string | `"100M"` | | | station.servicePort | int | `8000` | | +| station.tolerations | list | `[]` | | | stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | | stationAuth.secretName | string | `"station-client-id"` | | | streamDataDbWorker.name | string | `"sf-stream-data-db-worker"` | | +| streamDataDbWorker.nodeSelector | object | `{}` | | | streamDataDbWorker.resources.requests.cpu | string | `"100m"` | | | streamDataDbWorker.resources.requests.memory | string | `"100M"` | | +| streamDataDbWorker.tolerations | list | `[]` | | ## Maintainers diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index e2d25c5..817fd7e 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -38,4 +38,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.matcher.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.matcher.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index f204251..f92fea3 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -50,4 +50,12 @@ spec: {{- end }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.api.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.api.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index 97807e3..04566c9 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -53,4 +53,12 @@ spec: {{- end }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.authApi.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.authApi.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/countly-publisher-deployment.yaml b/templates/countly-publisher-deployment.yaml index cdc4e3b..1c93159 100644 --- a/templates/countly-publisher-deployment.yaml +++ b/templates/countly-publisher-deployment.yaml @@ -45,4 +45,12 @@ spec: value: "http://+:{{ .Values.metrics.port }}/" resources: {{- toYaml .Values.countlyPublisher.resources | nindent 10 }} + {{- with .Values.countlyPublisher.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.countlyPublisher.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml index 3cbd221..aab790b 100644 --- a/templates/detector-deployment.yaml +++ b/templates/detector-deployment.yaml @@ -32,3 +32,11 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.detector.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.detector.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml index 47ed066..033af53 100644 --- a/templates/edge-streams/access-controller-deployment.yaml +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -42,4 +42,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.accessController.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.accessController.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml index a13f2a0..ba6574f 100644 --- a/templates/edge-streams/base-deployment.yaml +++ b/templates/edge-streams/base-deployment.yaml @@ -36,4 +36,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.base.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.base.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index 1993dd5..cfb67d6 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -34,4 +34,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.edgeStreams.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.edgeStreams.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index fed57e8..b574355 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -34,4 +34,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.faceMatcher.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.faceMatcher.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index 3b3c9b4..f49702e 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -36,4 +36,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.streamDataDbWorker.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.streamDataDbWorker.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end }} diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml index 397456a..1637342 100644 --- a/templates/extractor-deployment.yaml +++ b/templates/extractor-deployment.yaml @@ -32,3 +32,11 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.extractor.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.extractor.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index 62a960d..d6ee081 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -50,3 +50,11 @@ spec: {{- end }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.graphqlApi.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.graphqlApi.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml index 17c976c..764cf07 100644 --- a/templates/liveness-deployment.yaml +++ b/templates/liveness-deployment.yaml @@ -32,3 +32,11 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.liveness.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.liveness.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml index 66b5176..b60544a 100644 --- a/templates/station-deployment.yaml +++ b/templates/station-deployment.yaml @@ -95,4 +95,12 @@ spec: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} + {{- with .Values.station.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.station.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} {{- end}} diff --git a/values.yaml b/values.yaml index 6d456c9..274812a 100644 --- a/values.yaml +++ b/values.yaml @@ -62,6 +62,8 @@ api: cpu: "250m" limits: memory: "4G" + nodeSelector: {} + tolerations: [] authApi: enabled: false @@ -76,6 +78,8 @@ authApi: cpu: "250m" limits: memory: "4G" + nodeSelector: {} + tolerations: [] graphqlApi: name: "sf-graphql-api" @@ -90,6 +94,8 @@ graphqlApi: cpu: "250m" limits: memory: "4G" + nodeSelector: {} + tolerations: [] ingress: # -- enable creation of ingress object @@ -111,6 +117,8 @@ detector: cpu: "750m" limits: memory: "1500M" + nodeSelector: {} + tolerations: [] extractor: name: "sf-extractor" @@ -120,6 +128,8 @@ extractor: cpu: "750m" limits: memory: "1G" + nodeSelector: {} + tolerations: [] matcher: name: "sf-matcher" @@ -127,6 +137,8 @@ matcher: requests: memory: "200M" cpu: "750m" + nodeSelector: {} + tolerations: [] liveness: name: "sf-liveness" @@ -134,6 +146,8 @@ liveness: requests: memory: "200M" cpu: "750m" + nodeSelector: {} + tolerations: [] edgeStreams: name: "sf-edge-stream-processor" @@ -142,6 +156,8 @@ edgeStreams: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] base: name: "sf-base" @@ -151,6 +167,8 @@ base: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] faceMatcher: name: "sf-face-matcher" @@ -158,6 +176,8 @@ faceMatcher: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] accessController: name: "sf-access-controller" @@ -172,6 +192,8 @@ accessController: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] station: enabled: true @@ -184,6 +206,8 @@ station: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] streamDataDbWorker: name: "sf-stream-data-db-worker" @@ -191,6 +215,8 @@ streamDataDbWorker: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] jaeger: enabled: true @@ -269,6 +295,8 @@ countlyPublisher: requests: memory: "100M" cpu: "100m" + nodeSelector: {} + tolerations: [] metrics: enabled: false @@ -285,6 +313,8 @@ readonlyApi: noAuthName: "readonly-noauth-api" proxyContainer: resources: {} + nodeSelector: {} + tolerations: [] serviceAccount: # -- Specifies whether a ServiceAccount should be created From 8c0404bf00ec07e5c48092fe7ebb9d34986e2c0d Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Fri, 22 Sep 2023 15:30:25 +0200 Subject: [PATCH 27/37] Added image configuration More standard configuration for image on a per-component basis. This enables users to change version/images of select components --- README.md | 83 +++++++- README.md.gotmpl | 2 +- templates/_helpers.tpl | 16 +- templates/_matcher.tpl | 7 +- templates/_validations.tpl | 5 +- templates/api-deployment.yaml | 7 +- templates/auth-api-deployment.yaml | 7 +- templates/countly-publisher-deployment.yaml | 7 +- templates/detector-deployment.yaml | 7 +- .../access-controller-deployment.yaml | 7 +- templates/edge-streams/base-deployment.yaml | 7 +- .../edge-stream-processor-deployment.yaml | 7 +- .../edge-streams/face-matcher-deployment.yaml | 7 +- .../stream-data-db-worker-deployment.yaml | 7 +- templates/extractor-deployment.yaml | 7 +- templates/graphql-deployment.yaml | 7 +- templates/liveness-deployment.yaml | 7 +- templates/station-deployment.yaml | 7 +- values.yaml | 180 +++++++++++++++++- 19 files changed, 341 insertions(+), 43 deletions(-) diff --git a/README.md b/README.md index b9f4e75..00753a1 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ The helm chart needs certain objects to be present in the cluster before it can 1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) - - The secret name must match `image.secretName` value + - The secret name must match `imagePullSecrets` value - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials 1. License file secret - Get the license file from [Customer portal](https://customerportal.innovatrics.com) @@ -91,7 +91,11 @@ stringData: | accessController.authServicePort | int | `5051` | | | accessController.containerPort | int | `80` | | | accessController.dnsHost | string | `""` | | -| accessController.imageVersion | string | `"v5_1.9.1"` | | +| accessController.image.digest | string | `nil` | Overrides the image tag with an image digest | +| accessController.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| accessController.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| accessController.image.repository | string | `"innovatrics/smartface/sf-access-controller"` | Docker image repository | +| accessController.image.tag | string | `"v5_1.9.1"` | Access Controller follows different versioning, so the chart app needs to be overridden | | accessController.name | string | `"sf-access-controller"` | | | accessController.nodeSelector | object | `{}` | | | accessController.resources.requests.cpu | string | `"100m"` | | @@ -101,6 +105,11 @@ stringData: | api.containerPort | int | `80` | | | api.dnsHost | string | `""` | | | api.enabled | bool | `true` | | +| api.image.digest | string | `nil` | Overrides the image tag with an image digest | +| api.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| api.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| api.image.repository | string | `"innovatrics/smartface/sf-api"` | Docker image repository | +| api.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | api.initMigration | bool | `true` | | | api.name | string | `"sf-api"` | | | api.nodeSelector | object | `{}` | | @@ -113,6 +122,11 @@ stringData: | authApi.containerPort | int | `80` | | | authApi.dnsHost | string | `""` | | | authApi.enabled | bool | `false` | | +| authApi.image.digest | string | `nil` | Overrides the image tag with an image digest | +| authApi.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| authApi.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| authApi.image.repository | string | `"innovatrics/smartface/sf-api"` | Docker image repository | +| authApi.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | authApi.initMigration | bool | `true` | | | authApi.name | string | `"sf-auth-api"` | | | authApi.nodeSelector | object | `{}` | | @@ -144,6 +158,11 @@ stringData: | autoscaling.rmq.enabled | bool | `false` | enables rabbitmq triggers on ScaledObjects | | autoscaling.rmq.hostSecretName | string | `"rmq-management-uri-with-creds"` | | | autoscaling.rmq.triggerAuthName | string | `"keda-trigger-auth-rabbitmq-conn"` | | +| base.image.digest | string | `nil` | Overrides the image tag with an image digest | +| base.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| base.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| base.image.repository | string | `"innovatrics/smartface/sf-base"` | Docker image repository | +| base.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | base.name | string | `"sf-base"` | | | base.nodeSelector | object | `{}` | | | base.resources.requests.cpu | string | `"100m"` | | @@ -153,6 +172,11 @@ stringData: | base.zmqServicePort | int | `2406` | | | countlyPublisher.clusterName | string | `""` | | | countlyPublisher.enabled | bool | `false` | | +| countlyPublisher.image.digest | string | `nil` | Overrides the image tag with an image digest | +| countlyPublisher.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| countlyPublisher.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| countlyPublisher.image.repository | string | `"innovatrics/smartface/sf-countly-publisher"` | Docker image repository | +| countlyPublisher.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | countlyPublisher.imageTag | string | `"31"` | | | countlyPublisher.name | string | `"countly-publisher"` | | | countlyPublisher.nodeSelector | object | `{}` | | @@ -161,6 +185,11 @@ stringData: | countlyPublisher.tolerations | list | `[]` | | | database.connectionStringKey | string | `"cs"` | | | database.secretName | string | `"db-cs"` | | +| detector.image.digest | string | `nil` | Overrides the image tag with an image digest | +| detector.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| detector.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| detector.image.repository | string | `"innovatrics/smartface/sf-detector"` | Docker image repository | +| detector.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | detector.name | string | `"sf-detector"` | | | detector.nodeSelector | object | `{}` | | | detector.resources.limits.memory | string | `"1500M"` | | @@ -168,25 +197,46 @@ stringData: | detector.resources.requests.memory | string | `"600M"` | | | detector.tolerations | list | `[]` | | | edgeStreams.enabled | bool | `false` | | +| edgeStreams.image.digest | string | `nil` | Overrides the image tag with an image digest | +| edgeStreams.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| edgeStreams.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| edgeStreams.image.repository | string | `"innovatrics/smartface/sf-edge-stream-processor"` | Docker image repository | +| edgeStreams.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | edgeStreams.name | string | `"sf-edge-stream-processor"` | | | edgeStreams.nodeSelector | object | `{}` | | | edgeStreams.resources.requests.cpu | string | `"100m"` | | | edgeStreams.resources.requests.memory | string | `"100M"` | | | edgeStreams.tolerations | list | `[]` | | +| extractor.image.digest | string | `nil` | Overrides the image tag with an image digest | +| extractor.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| extractor.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| extractor.image.repository | string | `"innovatrics/smartface/sf-extractor"` | Docker image repository | +| extractor.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | extractor.name | string | `"sf-extractor"` | | | extractor.nodeSelector | object | `{}` | | | extractor.resources.limits.memory | string | `"1G"` | | | extractor.resources.requests.cpu | string | `"750m"` | | | extractor.resources.requests.memory | string | `"500M"` | | | extractor.tolerations | list | `[]` | | +| faceMatcher.image.digest | string | `nil` | Overrides the image tag with an image digest | +| faceMatcher.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| faceMatcher.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| faceMatcher.image.repository | string | `"innovatrics/smartface/sf-face-matcher"` | Docker image repository | +| faceMatcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | faceMatcher.name | string | `"sf-face-matcher"` | | | faceMatcher.nodeSelector | object | `{}` | | | faceMatcher.resources.requests.cpu | string | `"100m"` | | | faceMatcher.resources.requests.memory | string | `"100M"` | | | faceMatcher.tolerations | list | `[]` | | +| global.image.registry | string | `"registry.gitlab.com"` | Overrides the Docker registry globally for all images | | graphqlApi.containerPort | int | `80` | | | graphqlApi.dnsHost | string | `""` | | | graphqlApi.enableAuth | bool | `false` | | +| graphqlApi.image.digest | string | `nil` | Overrides the image tag with an image digest | +| graphqlApi.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| graphqlApi.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| graphqlApi.image.repository | string | `"innovatrics/smartface/sf-graphql-api"` | Docker image repository | +| graphqlApi.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | graphqlApi.initMigration | bool | `false` | | | graphqlApi.name | string | `"sf-graphql-api"` | | | graphqlApi.nodeSelector | object | `{}` | | @@ -195,8 +245,7 @@ stringData: | graphqlApi.resources.requests.memory | string | `"300M"` | | | graphqlApi.servicePort | int | `8097` | | | graphqlApi.tolerations | list | `[]` | | -| image.registry | string | `"registry.gitlab.com/innovatrics/smartface/"` | registry to pull SmartFace images from | -| image.secretName | string | `"sf-gitlab-registry-creds"` | docker secret to pull SmartFace images with | +| imagePullSecrets | list | `[{"name":"sf-gitlab-registry-creds"}]` | docker secrets used to pull images with | | ingress.annotations | string | `nil` | supply custom ingress annotation | | ingress.certificateArn | string | `""` | only used if includeAlbAnnotations == true | | ingress.class | string | `""` | set ingress class | @@ -207,11 +256,21 @@ stringData: | license.mountPath | string | `"/etc/innovatrics"` | | | license.secretName | string | `"iface-lic"` | | | license.volumeMountName | string | `"license"` | | +| liveness.image.digest | string | `nil` | Overrides the image tag with an image digest | +| liveness.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| liveness.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| liveness.image.repository | string | `"innovatrics/smartface/sf-liveness"` | Docker image repository | +| liveness.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | liveness.name | string | `"sf-liveness"` | | | liveness.nodeSelector | object | `{}` | | | liveness.resources.requests.cpu | string | `"750m"` | | | liveness.resources.requests.memory | string | `"200M"` | | | liveness.tolerations | list | `[]` | | +| matcher.image.digest | string | `nil` | Overrides the image tag with an image digest | +| matcher.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| matcher.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| matcher.image.repository | string | `"innovatrics/smartface/sf-matcher"` | Docker image repository | +| matcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | matcher.name | string | `"sf-matcher"` | | | matcher.nodeSelector | object | `{}` | | | matcher.resources.requests.cpu | string | `"750m"` | | @@ -223,6 +282,11 @@ stringData: | metrics.portName | string | `"metrics"` | | | metrics.serviceDiscoveryLabels.sf-metrics | string | `"true"` | | | migration.enabled | bool | `true` | | +| migration.initContainer.image.digest | string | `nil` | Overrides the image tag with an image digest | +| migration.initContainer.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| migration.initContainer.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| migration.initContainer.image.repository | string | `"innovatrics/smartface/sf-admin"` | Docker image repository | +| migration.initContainer.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | migration.initContainer.resources | object | `{}` | | | multitenancy.enabled | bool | `false` | enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled | | rabbitmq | object | `{"auth":{"erlangCookie":"","password":"","username":"smartface"},"configMapName":"sf-rmq-connection","enabled":true,"existingSecretName":"","extraPlugins":"rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt","mqttDnsHost":"","secretKey":"rabbitmq-password"}` | config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq | @@ -250,7 +314,11 @@ stringData: | station.containerPort | int | `80` | | | station.dnsHost | string | `""` | | | station.enabled | bool | `true` | | -| station.imageVersion | string | `"v5_1.17.0"` | | +| station.image.digest | string | `nil` | Overrides the image tag with an image digest | +| station.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| station.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| station.image.repository | string | `"innovatrics/smartface/sf-station"` | Docker image repository | +| station.image.tag | string | `"v5_1.17.0"` | Access Controller follows different versioning, so the chart app needs to be overridden | | station.name | string | `"sf-station"` | | | station.nodeSelector | object | `{}` | | | station.resources.requests.cpu | string | `"100m"` | | @@ -259,6 +327,11 @@ stringData: | station.tolerations | list | `[]` | | | stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | | stationAuth.secretName | string | `"station-client-id"` | | +| streamDataDbWorker.image.digest | string | `nil` | Overrides the image tag with an image digest | +| streamDataDbWorker.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| streamDataDbWorker.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| streamDataDbWorker.image.repository | string | `"innovatrics/smartface/sf-streamdatadbworker"` | Docker image repository | +| streamDataDbWorker.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | streamDataDbWorker.name | string | `"sf-stream-data-db-worker"` | | | streamDataDbWorker.nodeSelector | object | `{}` | | | streamDataDbWorker.resources.requests.cpu | string | `"100m"` | | diff --git a/README.md.gotmpl b/README.md.gotmpl index 2b36a9a..08f7e24 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -19,7 +19,7 @@ The helm chart needs certain objects to be present in the cluster before it can 1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) - - The secret name must match `image.secretName` value + - The secret name must match `imagePullSecrets` value - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials 1. License file secret - Get the license file from [Customer portal](https://customerportal.innovatrics.com) diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 478889e..919fd87 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -11,6 +11,20 @@ Template used for adding database configuration to containers value: "PgSql" {{- end }} +{{/* +Template used for resolving SF images using global/local overrides +*/}} +{{- define "smartface.image" }} +{{- $registry := .global.registry | default .local.registry | default "" -}} +{{- $repository := .local.repository | default "" -}} +{{- $ref := ternary (printf ":%s" (.local.tag | default .defaultVersion | toString)) (printf "@%s" .local.digest) (empty .local.digest) -}} +{{- if and $registry $repository -}} + {{- printf "%s/%s%s" $registry $repository $ref -}} +{{- else -}} + {{- printf "%s%s%s" $registry $repository $ref -}} +{{- end -}} +{{- end -}} + {{/* Template used for adding S3 configuration to containers */}} @@ -196,7 +210,7 @@ Init container to perform database migration before starting the main container */}} {{- define "smartface.migrationInitContainer" -}} - name: "sf-migration" - image: "{{ .Values.image.registry }}sf-admin:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.migration.initContainer.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} args: [ "run-migration", "-p", "1", diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index 817fd7e..a122072 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -23,11 +23,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.matcher.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.matcher.name | quote }} - image: "{{ .Values.image.registry }}sf-matcher:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.matcher.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.matcher.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/_validations.tpl b/templates/_validations.tpl index 33e44ce..d6ed625 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -79,12 +79,15 @@ Validate auth config present if it will be needed Validate registry credentials */}} {{- define "smartface.validate.registryCreds" -}} -{{- $error := (include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.image.secretName "Key" ".dockerconfigjson")) -}} +{{- $releaseName := .Release.Name -}} +{{- range .Values.imagePullSecrets -}} +{{- $error := (include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" $releaseName "Name" .name "Key" ".dockerconfigjson")) -}} {{- if $error -}} {{ printf "%s" ($error) }} To create the secret follow the official documentation https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ {{- end -}} {{- end -}} +{{- end -}} {{/* Validate rmq config if not managed by us diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index f92fea3..3378d03 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.api.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.api.name | quote }} - image: "{{ .Values.image.registry }}sf-api:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.api.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.api.image.pullPolicy }} ports: - name: "http" containerPort: {{ .Values.api.containerPort }} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index 04566c9..d5acda0 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.authApi.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.authApi.name | quote }} - image: "{{ .Values.image.registry }}sf-api:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.authApi.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.authApi.image.pullPolicy }} ports: - name: "http" containerPort: {{ .Values.authApi.containerPort }} diff --git a/templates/countly-publisher-deployment.yaml b/templates/countly-publisher-deployment.yaml index 1c93159..30e201a 100644 --- a/templates/countly-publisher-deployment.yaml +++ b/templates/countly-publisher-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.countlyPublisher.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.countlyPublisher.name | quote }} - image: "{{ .Values.image.registry }}sf-countly-publisher:{{ .Values.countlyPublisher.imageTag }}" + image: {{ include "smartface.image" (dict "local" .Values.countlyPublisher.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.countlyPublisher.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml index aab790b..08520e5 100644 --- a/templates/detector-deployment.yaml +++ b/templates/detector-deployment.yaml @@ -18,11 +18,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.detector.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.detector.name | quote }} - image: "{{ .Values.image.registry }}sf-detector:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.detector.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.detector.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml index 033af53..4026f6a 100644 --- a/templates/edge-streams/access-controller-deployment.yaml +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.accessController.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.accessController.name | quote }} - image: "{{ .Values.image.registry }}sf-access-controller:{{ .Values.accessController.imageVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.accessController.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.accessController.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml index ba6574f..f5b0292 100644 --- a/templates/edge-streams/base-deployment.yaml +++ b/templates/edge-streams/base-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.base.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.base.name | quote }} - image: "{{ .Values.image.registry }}sf-base:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.base.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.base.image.pullPolicy }} args: ["--serviceName", "SFBase"] env: {{- include "smartface.commonEnv" . | nindent 8 }} diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index cfb67d6..ca320c5 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.edgeStreams.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.edgeStreams.name | quote }} - image: "{{ .Values.image.registry }}sf-edge-stream-processor:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.edgeStreams.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.edgeStreams.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index b574355..4aed7a4 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.faceMatcher.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.faceMatcher.name | quote }} - image: "{{ .Values.image.registry }}sf-face-matcher:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.faceMatcher.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.faceMatcher.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index f49702e..6647327 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.streamDataDbWorker.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.streamDataDbWorker.name | quote }} - image: "{{ .Values.image.registry }}sf-streamdatadbworker:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.streamDataDbWorker.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.streamDataDbWorker.image.pullPolicy }} ports: env: {{- include "smartface.commonEnv" . | nindent 8 }} diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml index 1637342..e608293 100644 --- a/templates/extractor-deployment.yaml +++ b/templates/extractor-deployment.yaml @@ -18,11 +18,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.extractor.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.extractor.name | quote }} - image: "{{ .Values.image.registry }}sf-extractor:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.extractor.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.extractor.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index d6ee081..e2b37ee 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -18,11 +18,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.graphqlApi.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.graphqlApi.name | quote }} - image: "{{ .Values.image.registry }}sf-graphql-api:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.graphqlApi.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.graphqlApi.image.pullPolicy }} ports: - containerPort: {{ .Values.graphqlApi.containerPort }} env: diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml index 764cf07..a946de5 100644 --- a/templates/liveness-deployment.yaml +++ b/templates/liveness-deployment.yaml @@ -18,11 +18,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.liveness.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.liveness.name | quote }} - image: "{{ .Values.image.registry }}sf-liveness:{{ .Chart.AppVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.liveness.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.liveness.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml index b60544a..72c061e 100644 --- a/templates/station-deployment.yaml +++ b/templates/station-deployment.yaml @@ -19,11 +19,14 @@ spec: automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: {{- include "smartface.topologySpread" (dict "appLabel" .Values.station.name) | nindent 8 }} + {{- with .Values.imagePullSecrets }} imagePullSecrets: - - name: {{ .Values.image.secretName | quote }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: {{ .Values.station.name | quote }} - image: "{{ .Values.image.registry }}sf-station:{{ .Values.station.imageVersion }}" + image: {{ include "smartface.image" (dict "local" .Values.station.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.station.image.pullPolicy }} env: {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} - name: "HOST" diff --git a/values.yaml b/values.yaml index 274812a..a83a69c 100644 --- a/values.yaml +++ b/values.yaml @@ -2,11 +2,14 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -image: - # -- registry to pull SmartFace images from - registry: "registry.gitlab.com/innovatrics/smartface/" - # -- docker secret to pull SmartFace images with - secretName: "sf-gitlab-registry-creds" +global: + image: + # -- Overrides the Docker registry globally for all images + registry: "registry.gitlab.com" + +# -- docker secrets used to pull images with +imagePullSecrets: + - name: "sf-gitlab-registry-creds" database: secretName: "db-cs" @@ -64,6 +67,17 @@ api: memory: "4G" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-api + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent authApi: enabled: false @@ -80,6 +94,17 @@ authApi: memory: "4G" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-api + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent graphqlApi: name: "sf-graphql-api" @@ -96,6 +121,17 @@ graphqlApi: memory: "4G" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-graphql-api + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent ingress: # -- enable creation of ingress object @@ -119,6 +155,17 @@ detector: memory: "1500M" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-detector + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent extractor: name: "sf-extractor" @@ -130,6 +177,17 @@ extractor: memory: "1G" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-extractor + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent matcher: name: "sf-matcher" @@ -139,6 +197,17 @@ matcher: cpu: "750m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-matcher + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent liveness: name: "sf-liveness" @@ -148,6 +217,17 @@ liveness: cpu: "750m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-liveness + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent edgeStreams: name: "sf-edge-stream-processor" @@ -158,6 +238,17 @@ edgeStreams: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-edge-stream-processor + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent base: name: "sf-base" @@ -169,6 +260,17 @@ base: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-base + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent faceMatcher: name: "sf-face-matcher" @@ -178,11 +280,21 @@ faceMatcher: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-face-matcher + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent accessController: name: "sf-access-controller" authServiceName: "sf-auth-access-controller" - imageVersion: "v5_1.9.1" dnsHost: "" servicePort: 5050 containerPort: 80 @@ -194,11 +306,21 @@ accessController: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-access-controller + # -- Access Controller follows different versioning, so the chart app needs to be overridden + tag: "v5_1.9.1" + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent station: enabled: true name: "sf-station" - imageVersion: "v5_1.17.0" servicePort: 8000 containerPort: 80 dnsHost: "" @@ -208,6 +330,17 @@ station: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-station + # -- Access Controller follows different versioning, so the chart app needs to be overridden + tag: "v5_1.17.0" + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent streamDataDbWorker: name: "sf-stream-data-db-worker" @@ -217,6 +350,17 @@ streamDataDbWorker: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-streamdatadbworker + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent jaeger: enabled: true @@ -226,6 +370,17 @@ migration: enabled: true initContainer: resources: {} + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-admin + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent autoscaling: cron: @@ -297,6 +452,17 @@ countlyPublisher: cpu: "100m" nodeSelector: {} tolerations: [] + image: + # -- The Docker registry, overrides `global.image.registry` + registry: null + # -- Docker image repository + repository: innovatrics/smartface/sf-countly-publisher + # -- Overrides the image tag whose default is the chart's appVersion + tag: null + # -- Overrides the image tag with an image digest + digest: null + # -- Docker image pull policy + pullPolicy: IfNotPresent metrics: enabled: false From 544e9bd306729f43a97aa2d4bea4b0cc57f263ba Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Fri, 22 Sep 2023 15:38:00 +0200 Subject: [PATCH 28/37] Option to disable graphql API Also added validation for station dependencies --- README.md | 1 + templates/_validations.tpl | 16 ++++++++++++++++ templates/graphql-deployment.yaml | 2 ++ templates/graphql-svc.yaml | 2 ++ templates/ingress.yaml | 2 ++ values.yaml | 1 + 6 files changed, 24 insertions(+) diff --git a/README.md b/README.md index 00753a1..f12baef 100644 --- a/README.md +++ b/README.md @@ -232,6 +232,7 @@ stringData: | graphqlApi.containerPort | int | `80` | | | graphqlApi.dnsHost | string | `""` | | | graphqlApi.enableAuth | bool | `false` | | +| graphqlApi.enabled | bool | `true` | | | graphqlApi.image.digest | string | `nil` | Overrides the image tag with an image digest | | graphqlApi.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | | graphqlApi.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | diff --git a/templates/_validations.tpl b/templates/_validations.tpl index d6ed625..2cfc217 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -5,6 +5,7 @@ Compile all warnings into a single message, and call fail. {{- define "smartface.validate" -}} {{- $messages := list -}} {{- $messages := append $messages (trim (include "smartface.validate.multitenantEdge" .)) -}} +{{- $messages := append $messages (trim (include "smartface.validate.stationDeps" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.dbConnectionSecret" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.s3Config" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.licenseSecret" .)) -}} @@ -28,6 +29,21 @@ Multitenancy is not supported for clusters with edge streams. Please disable one {{- end -}} {{- end -}} + +{{/* +Validate that if station is requested then its dependencies are met +*/}} +{{- define "smartface.validate.stationDeps" -}} +{{- if .Values.station.enabled -}} +{{- if not .Values.authApi.enabled -}} +Station requires enabled authApi to work properly +{{- end -}} +{{- if not .Values.graphqlApi.enabled -}} +Station requires enabled graphqlApi to work properly +{{- end -}} +{{- end -}} +{{- end -}} + {{/* Validate that the Database connection string secret exists with correct key */}} diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index e2b37ee..1335852 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -1,3 +1,4 @@ +{{- if .Values.graphqlApi.enabled }} apiVersion: "apps/v1" kind: "Deployment" metadata: @@ -61,3 +62,4 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} +{{- end }} diff --git a/templates/graphql-svc.yaml b/templates/graphql-svc.yaml index 4f53765..57368c2 100644 --- a/templates/graphql-svc.yaml +++ b/templates/graphql-svc.yaml @@ -1,3 +1,4 @@ +{{- if .Values.graphqlApi.enabled }} apiVersion: "v1" kind: "Service" metadata: @@ -10,3 +11,4 @@ spec: targetPort: {{ .Values.graphqlApi.containerPort }} protocol: "TCP" type: "NodePort" +{{- end }} diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 02c0e5f..c694346 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -53,6 +53,7 @@ spec: port: number: {{ .Values.authApi.servicePort }} {{- end }} + {{- if .Values.graphqlApi.enabled }} - host: {{ .Values.graphqlApi.dnsHost }} http: paths: @@ -63,6 +64,7 @@ spec: name: {{ .Values.graphqlApi.name | quote }} port: number: {{ .Values.graphqlApi.servicePort }} + {{- end }} {{- if .Values.station.enabled }} - host: {{ .Values.station.dnsHost }} http: diff --git a/values.yaml b/values.yaml index a83a69c..c5b9c29 100644 --- a/values.yaml +++ b/values.yaml @@ -107,6 +107,7 @@ authApi: pullPolicy: IfNotPresent graphqlApi: + enabled: true name: "sf-graphql-api" servicePort: 8097 containerPort: 80 From 9a6840d6aecea521848eb30d49e046d8541b8e66 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Mon, 25 Sep 2023 12:26:53 +0200 Subject: [PATCH 29/37] Changed SF config --- README.md | 2 +- external-config.yaml | 2 +- templates/_helpers.tpl | 4 ++-- templates/_validations.tpl | 2 +- values.yaml | 2 +- 5 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index f12baef..81feb35 100644 --- a/README.md +++ b/README.md @@ -302,9 +302,9 @@ stringData: | s3.authTypeKey | string | `"authType"` | | | s3.bucketKey | string | `"name"` | | | s3.configName | string | `"s3-config"` | | -| s3.endpointTypeKey | string | `"endpointType"` | | | s3.folderKey | string | `"folder"` | | | s3.regionKey | string | `"region"` | | +| s3.useBucketEndpointKey | string | `"useBucketEndpoint"` | | | serviceAccount.annotations | object | `{}` | Annotations for the service account | | serviceAccount.automountServiceAccountToken | bool | `true` | Set this toggle to false to opt out of automounting API credentials for the service account | | serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | diff --git a/external-config.yaml b/external-config.yaml index ab4a82e..6b30ea8 100644 --- a/external-config.yaml +++ b/external-config.yaml @@ -31,7 +31,7 @@ data: region: "eu-central-1" folder: "sface" authType: "AssumedRole" - endpointType: "BucketRegion" + useBucketEndpoint: "true" --- apiVersion: v1 stringData: diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 919fd87..e6a4ecd 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -51,11 +51,11 @@ Template used for adding S3 configuration to containers name: {{ .Values.s3.configName | quote }} key: {{ .Values.s3.authTypeKey | quote }} # BucketRegion -- name: "S3Bucket__EndpointType" +- name: "S3Bucket__useBucketEndpoint" valueFrom: configMapKeyRef: name: {{ .Values.s3.configName | quote }} - key: {{ .Values.s3.endpointTypeKey | quote }} + key: {{ .Values.s3.useBucketEndpointKey | quote }} {{- end }} {{/* diff --git a/templates/_validations.tpl b/templates/_validations.tpl index 2cfc217..a85fbef 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -59,7 +59,7 @@ Validate that the S3 config map exists with correct keys {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.regionKey) }} {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.folderKey) }} {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.authTypeKey) }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.endpointTypeKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.useBucketEndpointKey) }} {{- end -}} {{/* diff --git a/values.yaml b/values.yaml index c5b9c29..cb29e25 100644 --- a/values.yaml +++ b/values.yaml @@ -21,7 +21,7 @@ s3: regionKey: "region" folderKey: "folder" authTypeKey: "authType" - endpointTypeKey: "endpointType" + useBucketEndpointKey: "useBucketEndpoint" # -- config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq rabbitmq: From cc7453e581a23d9d48f7dbcff68d3bb5492f5e49 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 12:29:20 +0200 Subject: [PATCH 30/37] Added configuration to skip lookup validations --- README.md | 1 + templates/_validations.tpl | 6 +++++- values.yaml | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 81feb35..c9c3fb0 100644 --- a/README.md +++ b/README.md @@ -312,6 +312,7 @@ stringData: | serviceAccount.labels | object | `{}` | Labels for the service account | | serviceAccount.name | string | `"sf-service-account"` | The name of the ServiceAccount to use. | | sf-tenant-operator | object | `{"config":{"configDir":"/etc/components","fileName":"appsettings.override.json","mapName":"operator-config"},"image":{"secretName":"sf-gitlab-registry-creds"},"installCrd":false}` | configuration for sf-tenant-operator subchart | +| skipLookupBasedValidations | bool | `false` | due to ArgoCD limitations this can be used to skip validations that use the `lookup` helm function - for more information see https://github.com/argoproj/argo-cd/issues/5202 | | station.containerPort | int | `80` | | | station.dnsHost | string | `""` | | | station.enabled | bool | `true` | | diff --git a/templates/_validations.tpl b/templates/_validations.tpl index a85fbef..bd06fbf 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -4,17 +4,21 @@ Compile all warnings into a single message, and call fail. */}} {{- define "smartface.validate" -}} {{- $messages := list -}} + {{- $messages := append $messages (trim (include "smartface.validate.multitenantEdge" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.stationDeps" .)) -}} + +{{- if .Values.skipLookupBasedValidations -}} {{- $messages := append $messages (trim (include "smartface.validate.dbConnectionSecret" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.s3Config" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.licenseSecret" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.authConfig" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.registryCreds" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.rmqConfig" .)) -}} +{{- end -}} + {{- $messages := without $messages "" -}} {{- $message := join "\n" $messages -}} - {{- if $message -}} {{- printf "\nVALIDATIONS:\n%s" $message | fail -}} {{- end -}} diff --git a/values.yaml b/values.yaml index cb29e25..7368e24 100644 --- a/values.yaml +++ b/values.yaml @@ -496,3 +496,6 @@ serviceAccount: labels: {} # -- Set this toggle to false to opt out of automounting API credentials for the service account automountServiceAccountToken: true + +# -- due to ArgoCD limitations this can be used to skip validations that use the `lookup` helm function - for more information see https://github.com/argoproj/argo-cd/issues/5202 +skipLookupBasedValidations: false From 6baa935bc6c9250ea176afe1316b5fdb872c8d4f Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 12:43:04 +0200 Subject: [PATCH 31/37] Fixing wrong if statement --- templates/_validations.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_validations.tpl b/templates/_validations.tpl index bd06fbf..b87cee2 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -8,7 +8,7 @@ Compile all warnings into a single message, and call fail. {{- $messages := append $messages (trim (include "smartface.validate.multitenantEdge" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.stationDeps" .)) -}} -{{- if .Values.skipLookupBasedValidations -}} +{{- if not .Values.skipLookupBasedValidations -}} {{- $messages := append $messages (trim (include "smartface.validate.dbConnectionSecret" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.s3Config" .)) -}} {{- $messages := append $messages (trim (include "smartface.validate.licenseSecret" .)) -}} From 69e4ae6d3dddfbbfad65b2213cb13c1c8a8f3709 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 14:03:56 +0200 Subject: [PATCH 32/37] Refactoring values Refactored values so they are more readable. The aim is to have better logical structure of the values --- Chart.yaml | 2 +- README.md | 64 +++++++++---------- README.md.gotmpl | 8 +-- templates/_helpers.tpl | 54 ++++++++-------- templates/_validations.tpl | 40 ++++++------ templates/auth-api-deployment.yaml | 2 +- .../access-controller-deployment.yaml | 2 +- .../edge-streams/access-controller-svc.yaml | 2 +- templates/edge-streams/base-deployment.yaml | 2 +- templates/edge-streams/base-svc.yaml | 2 +- .../edge-stream-processor-deployment.yaml | 24 +++---- .../edge-streams/face-matcher-deployment.yaml | 2 +- templates/edge-streams/grpc-ingress.yaml | 2 +- .../stream-data-db-worker-deployment.yaml | 2 +- templates/graphql-deployment.yaml | 2 +- templates/matcher-deployment.yaml | 2 +- templates/rmq/mqtt-svc.yaml | 2 +- templates/sf-tenant-operator-config.yaml | 2 +- templates/station-deployment.yaml | 14 ++-- values.yaml | 63 +++++++++--------- 20 files changed, 146 insertions(+), 147 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 34f7890..38eff40 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -6,7 +6,7 @@ dependencies: - name: sf-tenant-operator version: "0.1.1" repository: "oci://ghcr.io/innovatrics/sf-helm" - condition: multitenancy.enabled + condition: features.multitenancy.enabled - name: rabbitmq version: "12.0.4" repository: "oci://registry-1.docker.io/bitnamicharts" diff --git a/README.md b/README.md index c9c3fb0..ab27933 100644 --- a/README.md +++ b/README.md @@ -27,13 +27,13 @@ The helm chart needs certain objects to be present in the cluster before it can 1. S3 bucket - Create an S3 bucket - Create a ConfigMap - see `external-config.yaml` for example - - ConfigMap name must match `s3.configName` value - - keys in the ConfigMap must match `s3.bucketKey` and `s3.regionKey` values + - ConfigMap name must match `configurations.s3.configName` value + - keys in the ConfigMap must match `configurations.s3.*Key` values 1. pgsql server - Create a PgSql server - Create a Secret - see `external-config.yaml` for example - - Secret name must match `database.secretName` value - - key in the Secret must match `database.connectionStringKey` value + - Secret name must match `configurations.database.secretName` value + - key in the Secret must match `configurations.database.connectionStringKey` value 1. Optionally [KEDA](https://keda.sh/) for autoscaling - see `autoscaling.*` values for more info @@ -118,7 +118,6 @@ stringData: | api.resources.requests.memory | string | `"300M"` | | | api.servicePort | int | `80` | | | api.tolerations | list | `[]` | | -| auth.configName | string | `"auth-config"` | config containing authorization configuration for APIs used when authentication is enabled | | authApi.containerPort | int | `80` | | | authApi.dnsHost | string | `""` | | | authApi.enabled | bool | `false` | | @@ -170,6 +169,20 @@ stringData: | base.tolerations | list | `[]` | | | base.zmqContainerPort | int | `2406` | | | base.zmqServicePort | int | `2406` | | +| configurations.apiAuth.configName | string | `"auth-config"` | config containing authorization configuration for APIs used when authentication is enabled | +| configurations.database.connectionStringKey | string | `"cs"` | | +| configurations.database.secretName | string | `"db-cs"` | | +| configurations.license.mountPath | string | `"/etc/innovatrics"` | | +| configurations.license.secretName | string | `"iface-lic"` | | +| configurations.license.volumeMountName | string | `"license"` | | +| configurations.s3.authTypeKey | string | `"authType"` | | +| configurations.s3.bucketKey | string | `"name"` | | +| configurations.s3.configName | string | `"s3-config"` | | +| configurations.s3.folderKey | string | `"folder"` | | +| configurations.s3.regionKey | string | `"region"` | | +| configurations.s3.useBucketEndpointKey | string | `"useBucketEndpoint"` | | +| configurations.stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | +| configurations.stationAuth.secretName | string | `"station-client-id"` | | | countlyPublisher.clusterName | string | `""` | | | countlyPublisher.enabled | bool | `false` | | | countlyPublisher.image.digest | string | `nil` | Overrides the image tag with an image digest | @@ -183,8 +196,6 @@ stringData: | countlyPublisher.resources.requests.cpu | string | `"100m"` | | | countlyPublisher.resources.requests.memory | string | `"100M"` | | | countlyPublisher.tolerations | list | `[]` | | -| database.connectionStringKey | string | `"cs"` | | -| database.secretName | string | `"db-cs"` | | | detector.image.digest | string | `nil` | Overrides the image tag with an image digest | | detector.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | | detector.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | @@ -196,17 +207,16 @@ stringData: | detector.resources.requests.cpu | string | `"750m"` | | | detector.resources.requests.memory | string | `"600M"` | | | detector.tolerations | list | `[]` | | -| edgeStreams.enabled | bool | `false` | | -| edgeStreams.image.digest | string | `nil` | Overrides the image tag with an image digest | -| edgeStreams.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | -| edgeStreams.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | -| edgeStreams.image.repository | string | `"innovatrics/smartface/sf-edge-stream-processor"` | Docker image repository | -| edgeStreams.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | -| edgeStreams.name | string | `"sf-edge-stream-processor"` | | -| edgeStreams.nodeSelector | object | `{}` | | -| edgeStreams.resources.requests.cpu | string | `"100m"` | | -| edgeStreams.resources.requests.memory | string | `"100M"` | | -| edgeStreams.tolerations | list | `[]` | | +| edgeStreamProcessor.image.digest | string | `nil` | Overrides the image tag with an image digest | +| edgeStreamProcessor.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | +| edgeStreamProcessor.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | +| edgeStreamProcessor.image.repository | string | `"innovatrics/smartface/sf-edge-stream-processor"` | Docker image repository | +| edgeStreamProcessor.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | +| edgeStreamProcessor.name | string | `"sf-edge-stream-processor"` | | +| edgeStreamProcessor.nodeSelector | object | `{}` | | +| edgeStreamProcessor.resources.requests.cpu | string | `"100m"` | | +| edgeStreamProcessor.resources.requests.memory | string | `"100M"` | | +| edgeStreamProcessor.tolerations | list | `[]` | | | extractor.image.digest | string | `nil` | Overrides the image tag with an image digest | | extractor.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | | extractor.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | @@ -228,6 +238,8 @@ stringData: | faceMatcher.resources.requests.cpu | string | `"100m"` | | | faceMatcher.resources.requests.memory | string | `"100M"` | | | faceMatcher.tolerations | list | `[]` | | +| features.edgeStreams.enabled | bool | `false` | | +| features.multitenancy.enabled | bool | `false` | enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled | | global.image.registry | string | `"registry.gitlab.com"` | Overrides the Docker registry globally for all images | | graphqlApi.containerPort | int | `80` | | | graphqlApi.dnsHost | string | `""` | | @@ -252,11 +264,8 @@ stringData: | ingress.class | string | `""` | set ingress class | | ingress.enabled | bool | `true` | enable creation of ingress object | | ingress.includeAlbAnnotations | bool | `false` | if enabled then the ingress will include default ALB annotations | -| jaeger.enabled | bool | `true` | | -| jaeger.hostname | string | `"grafana-agent.monitoring.svc.cluster.local"` | | -| license.mountPath | string | `"/etc/innovatrics"` | | -| license.secretName | string | `"iface-lic"` | | -| license.volumeMountName | string | `"license"` | | +| jaegerTracing.enabled | bool | `true` | | +| jaegerTracing.hostname | string | `"grafana-agent.monitoring.svc.cluster.local"` | | | liveness.image.digest | string | `nil` | Overrides the image tag with an image digest | | liveness.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | | liveness.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | @@ -289,7 +298,6 @@ stringData: | migration.initContainer.image.repository | string | `"innovatrics/smartface/sf-admin"` | Docker image repository | | migration.initContainer.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | migration.initContainer.resources | object | `{}` | | -| multitenancy.enabled | bool | `false` | enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled | | rabbitmq | object | `{"auth":{"erlangCookie":"","password":"","username":"smartface"},"configMapName":"sf-rmq-connection","enabled":true,"existingSecretName":"","extraPlugins":"rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt","mqttDnsHost":"","secretKey":"rabbitmq-password"}` | config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq | | rabbitmq.enabled | bool | `true` | configure if rabbitmq subchart should be included | | rabbitmq.mqttDnsHost | string | `""` | hostname used for MQTT service - only relevant for edge streams | @@ -299,12 +307,6 @@ stringData: | readonlyApi.nodeSelector | object | `{}` | | | readonlyApi.proxyContainer.resources | object | `{}` | | | readonlyApi.tolerations | list | `[]` | | -| s3.authTypeKey | string | `"authType"` | | -| s3.bucketKey | string | `"name"` | | -| s3.configName | string | `"s3-config"` | | -| s3.folderKey | string | `"folder"` | | -| s3.regionKey | string | `"region"` | | -| s3.useBucketEndpointKey | string | `"useBucketEndpoint"` | | | serviceAccount.annotations | object | `{}` | Annotations for the service account | | serviceAccount.automountServiceAccountToken | bool | `true` | Set this toggle to false to opt out of automounting API credentials for the service account | | serviceAccount.create | bool | `true` | Specifies whether a ServiceAccount should be created | @@ -327,8 +329,6 @@ stringData: | station.resources.requests.memory | string | `"100M"` | | | station.servicePort | int | `8000` | | | station.tolerations | list | `[]` | | -| stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | -| stationAuth.secretName | string | `"station-client-id"` | | | streamDataDbWorker.image.digest | string | `nil` | Overrides the image tag with an image digest | | streamDataDbWorker.image.pullPolicy | string | `"IfNotPresent"` | Docker image pull policy | | streamDataDbWorker.image.registry | string | `nil` | The Docker registry, overrides `global.image.registry` | diff --git a/README.md.gotmpl b/README.md.gotmpl index 08f7e24..03dfd73 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -28,13 +28,13 @@ The helm chart needs certain objects to be present in the cluster before it can 1. S3 bucket - Create an S3 bucket - Create a ConfigMap - see `external-config.yaml` for example - - ConfigMap name must match `s3.configName` value - - keys in the ConfigMap must match `s3.bucketKey` and `s3.regionKey` values + - ConfigMap name must match `configurations.s3.configName` value + - keys in the ConfigMap must match `configurations.s3.*Key` values 1. pgsql server - Create a PgSql server - Create a Secret - see `external-config.yaml` for example - - Secret name must match `database.secretName` value - - key in the Secret must match `database.connectionStringKey` value + - Secret name must match `configurations.database.secretName` value + - key in the Secret must match `configurations.database.connectionStringKey` value 1. Optionally [KEDA](https://keda.sh/) for autoscaling - see `autoscaling.*` values for more info diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index e6a4ecd..4ae2a96 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -5,8 +5,8 @@ Template used for adding database configuration to containers - name: "ConnectionStrings__CoreDbContext" valueFrom: secretKeyRef: - name: {{ .Values.database.secretName | quote }} - key: {{ .Values.database.connectionStringKey | quote }} + name: {{ .Values.configurations.database.secretName | quote }} + key: {{ .Values.configurations.database.connectionStringKey | quote }} - name: "Database__DbEngine" value: "PgSql" {{- end }} @@ -32,30 +32,30 @@ Template used for adding S3 configuration to containers - name: "S3Bucket__BucketName" valueFrom: configMapKeyRef: - name: {{ .Values.s3.configName | quote }} - key: {{ .Values.s3.bucketKey | quote }} + name: {{ .Values.configurations.s3.configName | quote }} + key: {{ .Values.configurations.s3.bucketKey | quote }} - name: "S3Bucket__BucketRegion" valueFrom: configMapKeyRef: - name: {{ .Values.s3.configName | quote }} - key: {{ .Values.s3.regionKey | quote }} + name: {{ .Values.configurations.s3.configName | quote }} + key: {{ .Values.configurations.s3.regionKey | quote }} - name: "S3Bucket__Folder" valueFrom: configMapKeyRef: - name: {{ .Values.s3.configName | quote }} - key: {{ .Values.s3.folderKey | quote }} + name: {{ .Values.configurations.s3.configName | quote }} + key: {{ .Values.configurations.s3.folderKey | quote }} # AssumedRole - name: "S3Bucket__AuthenticationType" valueFrom: configMapKeyRef: - name: {{ .Values.s3.configName | quote }} - key: {{ .Values.s3.authTypeKey | quote }} + name: {{ .Values.configurations.s3.configName | quote }} + key: {{ .Values.configurations.s3.authTypeKey | quote }} # BucketRegion - name: "S3Bucket__useBucketEndpoint" valueFrom: configMapKeyRef: - name: {{ .Values.s3.configName | quote }} - key: {{ .Values.s3.useBucketEndpointKey | quote }} + name: {{ .Values.configurations.s3.configName | quote }} + key: {{ .Values.configurations.s3.useBucketEndpointKey | quote }} {{- end }} {{/* @@ -67,7 +67,7 @@ Template used for configuring feature flags on APIs - name: "FeatureManagement__Watchlist" value: "true" - name: "FeatureManagement__Edge" - value: {{ .Values.edgeStreams.enabled | quote }} + value: {{ .Values.features.edgeStreams.enabled | quote }} {{- end }} {{/* @@ -77,32 +77,32 @@ Template used for configuring Authentication on APIs - name: "Authentication__UseAuthentication" valueFrom: configMapKeyRef: - name: {{ .Values.auth.configName | quote }} + name: {{ .Values.configurations.apiAuth.configName | quote }} key: "use_auth" - name: "Authentication__Authority" valueFrom: configMapKeyRef: - name: {{ .Values.auth.configName | quote }} + name: {{ .Values.configurations.apiAuth.configName | quote }} key: "authority" - name: "Authentication__Audience" valueFrom: configMapKeyRef: - name: {{ .Values.auth.configName | quote }} + name: {{ .Values.configurations.apiAuth.configName | quote }} key: "audience" - name: "Authentication__SwaggerAuthConfig__ClientCredsTokenUrl" valueFrom: configMapKeyRef: - name: {{ .Values.auth.configName | quote }} + name: {{ .Values.configurations.apiAuth.configName | quote }} key: "oauth_token_url" - name: "Authentication__SwaggerAuthConfig__AuthCodeTokenUrl" valueFrom: configMapKeyRef: - name: {{ .Values.auth.configName | quote }} + name: {{ .Values.configurations.apiAuth.configName | quote }} key: "oauth_token_url" - name: "Authentication__SwaggerAuthConfig__AuthCodeAuthorizeUrl" valueFrom: configMapKeyRef: - name: {{ .Values.auth.configName | quote }} + name: {{ .Values.configurations.apiAuth.configName | quote }} key: "oauth_authorize_url" {{- end }} @@ -145,17 +145,17 @@ Template used for adding RMQ configuration to containers Template used for adding license volume to deployment definition */}} {{- define "smartface.licVolume" -}} -- name: {{ .Values.license.volumeMountName | quote }} +- name: {{ .Values.configurations.license.volumeMountName | quote }} secret: - secretName: {{ .Values.license.secretName | quote }} + secretName: {{ .Values.configurations.license.secretName | quote }} {{- end }} {{/* Template used for binding the license volume to containers */}} {{- define "smartface.licVolumeMount" -}} -- name: {{ .Values.license.volumeMountName | quote }} - mountPath: {{ .Values.license.mountPath | quote }} +- name: {{ .Values.configurations.license.volumeMountName | quote }} + mountPath: {{ .Values.configurations.license.mountPath | quote }} readOnly: true {{- end }} @@ -170,9 +170,9 @@ Template used for common environment variables definition - name: "AppSettings__Log_JsonConsole_Enabled" value: "true" - name: "AppSettings__USE_JAEGER_APP_SETTINGS" - value: {{ .Values.jaeger.enabled | quote }} + value: {{ .Values.jaegerTracing.enabled | quote }} - name: "JAEGER_AGENT_HOST" - value: {{ .Values.jaeger.hostname | quote }} + value: {{ .Values.jaegerTracing.hostname | quote }} - name: "Metrics__PROMETHEUS_METRIC_SERVER_HOSTNAME" value: "*" - name: "S3ClientLifetime__S3ClientLifetime" @@ -226,8 +226,8 @@ Init container to perform database migration before starting the main container - name: "db_cs" valueFrom: secretKeyRef: - name: {{ .Values.database.secretName | quote }} - key: {{ .Values.database.connectionStringKey | quote }} + name: {{ .Values.configurations.database.secretName | quote }} + key: {{ .Values.configurations.database.connectionStringKey | quote }} {{- include "smartface.rmqConfig" . | nindent 4 }} resources: {{- toYaml .Values.migration.initContainer.resources | nindent 4 }} diff --git a/templates/_validations.tpl b/templates/_validations.tpl index b87cee2..8fa4e96 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -28,7 +28,7 @@ Compile all warnings into a single message, and call fail. Validate that users does not want multitenant edge streams */}} {{- define "smartface.validate.multitenantEdge" -}} -{{- if and .Values.multitenancy.enabled .Values.edgeStreams.enabled -}} +{{- if and .Values.features.multitenancy.enabled .Values.features.edgeStreams.enabled -}} Multitenancy is not supported for clusters with edge streams. Please disable one of the two features {{- end -}} {{- end -}} @@ -52,25 +52,25 @@ Station requires enabled graphqlApi to work properly Validate that the Database connection string secret exists with correct key */}} {{- define "smartface.validate.dbConnectionSecret" -}} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.database.secretName "Key" .Values.database.connectionStringKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.configurations.database.secretName "Key" .Values.configurations.database.connectionStringKey) }} {{- end -}} {{/* Validate that the S3 config map exists with correct keys */}} {{- define "smartface.validate.s3Config" -}} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.bucketKey) }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.regionKey) }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.folderKey) }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.authTypeKey) }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.s3.configName "Key" .Values.s3.useBucketEndpointKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.bucketKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.regionKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.folderKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.authTypeKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.useBucketEndpointKey) }} {{- end -}} {{/* Validate that the license secret exists with correct keys */}} {{- define "smartface.validate.licenseSecret" -}} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.license.secretName "Key" "iengine.lic") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.configurations.license.secretName "Key" "iengine.lic") }} {{- end -}} {{/* @@ -78,20 +78,20 @@ Validate auth config present if it will be needed */}} {{- define "smartface.validate.authConfig" -}} {{- if or .Values.authApi.enabled .Values.graphqlApi.enableAuth -}} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "use_auth") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "authority") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "audience") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_token_url") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.auth.configName "Key" "oauth_authorize_url") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.apiAuth.configName "Key" "use_auth") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.apiAuth.configName "Key" "authority") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.apiAuth.configName "Key" "audience") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.apiAuth.configName "Key" "oauth_token_url") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.apiAuth.configName "Key" "oauth_authorize_url") }} {{- end -}} {{- if .Values.station.enabled }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "use_auth") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "audience") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "domain") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "issuer") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "jwks_uri") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.stationAuth.configName "Key" "auth_header") }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.stationAuth.secretName "Key" "client_id") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.configName "Key" "use_auth") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.configName "Key" "audience") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.configName "Key" "domain") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.configName "Key" "issuer") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.configName "Key" "jwks_uri") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.configName "Key" "auth_header") }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.configurations.stationAuth.secretName "Key" "client_id") }} {{- end -}} {{- end -}} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index d5acda0..61642cd 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -41,7 +41,7 @@ spec: {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} {{- include "smartface.statisticsPublish" . | nindent 8 }} - name: "Multitenancy__UseMultitenancy" - value: {{ .Values.multitenancy.enabled | quote }} + value: {{ .Values.features.multitenancy.enabled | quote }} - name: "Hosting__Host" value: "http://0.0.0.0" - name: "Hosting__Port" diff --git a/templates/edge-streams/access-controller-deployment.yaml b/templates/edge-streams/access-controller-deployment.yaml index 4026f6a..1794469 100644 --- a/templates/edge-streams/access-controller-deployment.yaml +++ b/templates/edge-streams/access-controller-deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "apps/v1" kind: "Deployment" metadata: diff --git a/templates/edge-streams/access-controller-svc.yaml b/templates/edge-streams/access-controller-svc.yaml index 1375625..94ea1a7 100644 --- a/templates/edge-streams/access-controller-svc.yaml +++ b/templates/edge-streams/access-controller-svc.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "v1" kind: "Service" metadata: diff --git a/templates/edge-streams/base-deployment.yaml b/templates/edge-streams/base-deployment.yaml index f5b0292..74f0c6c 100644 --- a/templates/edge-streams/base-deployment.yaml +++ b/templates/edge-streams/base-deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "apps/v1" kind: "Deployment" metadata: diff --git a/templates/edge-streams/base-svc.yaml b/templates/edge-streams/base-svc.yaml index 9951cdb..5dca478 100644 --- a/templates/edge-streams/base-svc.yaml +++ b/templates/edge-streams/base-svc.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "v1" kind: "Service" metadata: diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index ca320c5..c0cbac6 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -1,47 +1,47 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "apps/v1" kind: "Deployment" metadata: - name: {{ .Values.edgeStreams.name | quote }} + name: {{ .Values.edgeStreamProcessor.name | quote }} labels: - app: {{ .Values.edgeStreams.name | quote }} + app: {{ .Values.edgeStreamProcessor.name | quote }} spec: replicas: 1 selector: matchLabels: - app: {{ .Values.edgeStreams.name | quote }} + app: {{ .Values.edgeStreamProcessor.name | quote }} template: metadata: labels: - app: {{ .Values.edgeStreams.name | quote }} + app: {{ .Values.edgeStreamProcessor.name | quote }} spec: serviceAccountName: {{ .Values.serviceAccount.name | quote }} automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} topologySpreadConstraints: - {{- include "smartface.topologySpread" (dict "appLabel" .Values.edgeStreams.name) | nindent 8 }} + {{- include "smartface.topologySpread" (dict "appLabel" .Values.edgeStreamProcessor.name) | nindent 8 }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} {{- end }} containers: - - name: {{ .Values.edgeStreams.name | quote }} - image: {{ include "smartface.image" (dict "local" .Values.edgeStreams.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} - imagePullPolicy: {{ .Values.edgeStreams.image.pullPolicy }} + - name: {{ .Values.edgeStreamProcessor.name | quote }} + image: {{ include "smartface.image" (dict "local" .Values.edgeStreamProcessor.image "global" .Values.global.image "defaultVersion" .Chart.AppVersion) }} + imagePullPolicy: {{ .Values.edgeStreamProcessor.image.pullPolicy }} env: {{- include "smartface.commonEnv" . | nindent 8 }} {{- include "smartface.rmqConfig" . | nindent 8 }} {{- include "smartface.dbConfig" . | nindent 8 }} resources: - {{- toYaml .Values.edgeStreams.resources | nindent 10 }} + {{- toYaml .Values.edgeStreamProcessor.resources | nindent 10 }} volumeMounts: {{- include "smartface.licVolumeMount" . | nindent 8 }} volumes: {{- include "smartface.licVolume" . | nindent 8 }} - {{- with .Values.edgeStreams.nodeSelector }} + {{- with .Values.edgeStreamProcessor.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.edgeStreams.tolerations }} + {{- with .Values.edgeStreamProcessor.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }} diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index 4aed7a4..e71fa53 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "apps/v1" kind: "Deployment" metadata: diff --git a/templates/edge-streams/grpc-ingress.yaml b/templates/edge-streams/grpc-ingress.yaml index 2cab7f1..aade138 100644 --- a/templates/edge-streams/grpc-ingress.yaml +++ b/templates/edge-streams/grpc-ingress.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "networking.k8s.io/v1" kind: "Ingress" metadata: diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index 6647327..efcbfae 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.edgeStreams.enabled }} +{{- if .Values.features.edgeStreams.enabled }} apiVersion: "apps/v1" kind: "Deployment" metadata: diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index 1335852..ecb4843 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -39,7 +39,7 @@ spec: {{- include "smartface.rmqConfig" . | nindent 8 }} {{- include "smartface.apiFeaturesConfig" . | nindent 8 }} - name: "Multitenancy__UseMultitenancy" - value: {{ .Values.multitenancy.enabled | quote }} + value: {{ .Values.features.multitenancy.enabled | quote }} - name: "Hosting__Host" value: "http://0.0.0.0" - name: "Hosting__Port" diff --git a/templates/matcher-deployment.yaml b/templates/matcher-deployment.yaml index 4083dba..f13e6e9 100644 --- a/templates/matcher-deployment.yaml +++ b/templates/matcher-deployment.yaml @@ -1,3 +1,3 @@ -{{- if not .Values.multitenancy.enabled }} +{{- if not .Values.features.multitenancy.enabled }} {{- include "smartface.matcherDefinition" . }} {{- end }} diff --git a/templates/rmq/mqtt-svc.yaml b/templates/rmq/mqtt-svc.yaml index f44a0d6..1b5ec8f 100644 --- a/templates/rmq/mqtt-svc.yaml +++ b/templates/rmq/mqtt-svc.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.edgeStreams.enabled .Values.rabbitmq.enabled }} +{{- if and .Values.features.edgeStreams.enabled .Values.rabbitmq.enabled }} apiVersion: "v1" kind: "Service" metadata: diff --git a/templates/sf-tenant-operator-config.yaml b/templates/sf-tenant-operator-config.yaml index 397d36d..7b03521 100644 --- a/templates/sf-tenant-operator-config.yaml +++ b/templates/sf-tenant-operator-config.yaml @@ -1,4 +1,4 @@ -{{- if .Values.multitenancy.enabled }} +{{- if .Values.features.multitenancy.enabled }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/templates/station-deployment.yaml b/templates/station-deployment.yaml index 72c061e..5c6a88b 100644 --- a/templates/station-deployment.yaml +++ b/templates/station-deployment.yaml @@ -59,38 +59,38 @@ spec: - name: "AUTH0_AUTHENTICATION_ENABLED" valueFrom: configMapKeyRef: - name: {{ .Values.stationAuth.configName | quote }} + name: {{ .Values.configurations.stationAuth.configName | quote }} key: "use_auth" - name: "AUTH0_AUDIENCE" valueFrom: configMapKeyRef: - name: {{ .Values.stationAuth.configName | quote }} + name: {{ .Values.configurations.stationAuth.configName | quote }} key: "audience" - name: "AUTH0_DOMAIN" valueFrom: configMapKeyRef: - name: {{ .Values.stationAuth.configName | quote }} + name: {{ .Values.configurations.stationAuth.configName | quote }} key: "domain" - name: "AUTH0_ISSUER" valueFrom: configMapKeyRef: - name: {{ .Values.stationAuth.configName | quote }} + name: {{ .Values.configurations.stationAuth.configName | quote }} key: "issuer" - name: "AUTH0_JWKS_URI" valueFrom: configMapKeyRef: - name: {{ .Values.stationAuth.configName | quote }} + name: {{ .Values.configurations.stationAuth.configName | quote }} key: "jwks_uri" - name: "AUTH_HEADER" valueFrom: configMapKeyRef: - name: {{ .Values.stationAuth.configName | quote }} + name: {{ .Values.configurations.stationAuth.configName | quote }} key: "auth_header" - name: "AUTH0_CLIENT_ID" valueFrom: secretKeyRef: - name: {{ .Values.stationAuth.secretName | quote }} + name: {{ .Values.configurations.stationAuth.secretName | quote }} key: "client_id" resources: {{- toYaml .Values.station.resources | nindent 10 }} diff --git a/values.yaml b/values.yaml index 7368e24..d7fc275 100644 --- a/values.yaml +++ b/values.yaml @@ -11,17 +11,35 @@ global: imagePullSecrets: - name: "sf-gitlab-registry-creds" -database: - secretName: "db-cs" - connectionStringKey: "cs" - -s3: - configName: "s3-config" - bucketKey: "name" - regionKey: "region" - folderKey: "folder" - authTypeKey: "authType" - useBucketEndpointKey: "useBucketEndpoint" +configurations: + database: + secretName: "db-cs" + connectionStringKey: "cs" + s3: + configName: "s3-config" + bucketKey: "name" + regionKey: "region" + folderKey: "folder" + authTypeKey: "authType" + useBucketEndpointKey: "useBucketEndpoint" + license: + secretName: "iface-lic" + volumeMountName: "license" + mountPath: "/etc/innovatrics" + apiAuth: + # -- config containing authorization configuration for APIs used when authentication is enabled + configName: "auth-config" + stationAuth: + # -- config containing authorization configuration for SF Station used when authentication is enabled for SF Station + configName: "station-auth-config" + secretName: "station-client-id" + +features: + multitenancy: + # -- enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled + enabled: false + edgeStreams: + enabled: false # -- config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq rabbitmq: @@ -38,20 +56,6 @@ rabbitmq: erlangCookie: "" password: "" -license: - secretName: "iface-lic" - volumeMountName: "license" - mountPath: "/etc/innovatrics" - -auth: - # -- config containing authorization configuration for APIs used when authentication is enabled - configName: "auth-config" - -stationAuth: - # -- config containing authorization configuration for SF Station used when authentication is enabled for SF Station - configName: "station-auth-config" - secretName: "station-client-id" - api: enabled: true name: "sf-api" @@ -230,9 +234,8 @@ liveness: # -- Docker image pull policy pullPolicy: IfNotPresent -edgeStreams: +edgeStreamProcessor: name: "sf-edge-stream-processor" - enabled: false resources: requests: memory: "100M" @@ -363,7 +366,7 @@ streamDataDbWorker: # -- Docker image pull policy pullPolicy: IfNotPresent -jaeger: +jaegerTracing: enabled: true hostname: grafana-agent.monitoring.svc.cluster.local @@ -428,10 +431,6 @@ autoscaling: # -- for cron trigger nonWorkHoursReplicas: 1 -multitenancy: - # -- enabled for multitenant deployment. Will include sf-tenant-operator subchart if enabled - enabled: false - # -- configuration for sf-tenant-operator subchart sf-tenant-operator: config: From 7dcf86cc8a2327dcf6f54be4b017f904ef6de060 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 16:15:20 +0200 Subject: [PATCH 33/37] Changed internal services to ClusterIP --- templates/api-svc.yaml | 2 +- templates/auth-api-svc.yaml | 2 +- templates/countly-publisher-svc.yaml | 2 +- templates/edge-streams/access-controller-svc.yaml | 4 ++-- templates/edge-streams/base-svc.yaml | 2 +- templates/graphql-svc.yaml | 2 +- templates/readonly-api/api-nginx-svc.yaml | 2 +- templates/readonly-api/auth-api-nginx-svc.yaml | 2 +- templates/station-svc.yaml | 4 ++-- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/templates/api-svc.yaml b/templates/api-svc.yaml index 8f11258..92094cc 100644 --- a/templates/api-svc.yaml +++ b/templates/api-svc.yaml @@ -14,5 +14,5 @@ spec: targetPort: {{ .Values.api.containerPort }} - name: {{ .Values.metrics.portName | quote }} port: {{ .Values.metrics.port }} - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/auth-api-svc.yaml b/templates/auth-api-svc.yaml index d163281..87dc730 100644 --- a/templates/auth-api-svc.yaml +++ b/templates/auth-api-svc.yaml @@ -14,5 +14,5 @@ spec: targetPort: {{ .Values.authApi.containerPort }} - name: {{ .Values.metrics.portName | quote }} port: {{ .Values.metrics.port }} - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/countly-publisher-svc.yaml b/templates/countly-publisher-svc.yaml index a339c44..654f9d6 100644 --- a/templates/countly-publisher-svc.yaml +++ b/templates/countly-publisher-svc.yaml @@ -11,5 +11,5 @@ spec: ports: - name: {{ .Values.metrics.portName | quote }} port: {{ .Values.metrics.port }} - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/edge-streams/access-controller-svc.yaml b/templates/edge-streams/access-controller-svc.yaml index 94ea1a7..de9ea00 100644 --- a/templates/edge-streams/access-controller-svc.yaml +++ b/templates/edge-streams/access-controller-svc.yaml @@ -10,7 +10,7 @@ spec: - port: {{ .Values.accessController.servicePort }} targetPort: {{ .Values.accessController.containerPort }} protocol: "TCP" - type: "NodePort" + type: "ClusterIP" --- apiVersion: "v1" kind: "Service" @@ -23,5 +23,5 @@ spec: - port: {{ .Values.accessController.authServicePort }} targetPort: {{ .Values.accessController.authContainerPort }} protocol: "TCP" - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/edge-streams/base-svc.yaml b/templates/edge-streams/base-svc.yaml index 5dca478..ec1ba22 100644 --- a/templates/edge-streams/base-svc.yaml +++ b/templates/edge-streams/base-svc.yaml @@ -10,5 +10,5 @@ spec: - port: {{ .Values.base.zmqServicePort }} targetPort: {{ .Values.base.zmqContainerPort }} protocol: "TCP" - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/graphql-svc.yaml b/templates/graphql-svc.yaml index 57368c2..0734733 100644 --- a/templates/graphql-svc.yaml +++ b/templates/graphql-svc.yaml @@ -10,5 +10,5 @@ spec: - port: {{ .Values.graphqlApi.servicePort }} targetPort: {{ .Values.graphqlApi.containerPort }} protocol: "TCP" - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/readonly-api/api-nginx-svc.yaml b/templates/readonly-api/api-nginx-svc.yaml index 546a28b..877503c 100644 --- a/templates/readonly-api/api-nginx-svc.yaml +++ b/templates/readonly-api/api-nginx-svc.yaml @@ -10,5 +10,5 @@ spec: - name: "http" port: {{ .Values.api.servicePort }} targetPort: {{ .Values.api.containerPort }} - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/readonly-api/auth-api-nginx-svc.yaml b/templates/readonly-api/auth-api-nginx-svc.yaml index 76ed3cb..8ba0860 100644 --- a/templates/readonly-api/auth-api-nginx-svc.yaml +++ b/templates/readonly-api/auth-api-nginx-svc.yaml @@ -10,5 +10,5 @@ spec: - name: "http" port: {{ .Values.authApi.servicePort }} targetPort: {{ .Values.authApi.containerPort }} - type: "NodePort" + type: "ClusterIP" {{- end }} diff --git a/templates/station-svc.yaml b/templates/station-svc.yaml index 2e6572f..bf92219 100644 --- a/templates/station-svc.yaml +++ b/templates/station-svc.yaml @@ -10,5 +10,5 @@ spec: - port: {{ .Values.station.servicePort }} targetPort: {{ .Values.station.containerPort }} protocol: "TCP" - type: "NodePort" -{{- end}} + type: "ClusterIP" +{{- end }} From 16cc28e78fbd3d76bc0bfcf2dba7824d2d50d09c Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 16:29:20 +0200 Subject: [PATCH 34/37] Dependency update --- Chart.lock | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Chart.lock b/Chart.lock index bd03891..2e7ff6b 100644 --- a/Chart.lock +++ b/Chart.lock @@ -5,5 +5,5 @@ dependencies: - name: rabbitmq repository: oci://registry-1.docker.io/bitnamicharts version: 12.0.4 -digest: sha256:f13f33fc8e3dc5bef76fcc56083bbf2e83a5e1e00411ef36186c21bc4b6b4820 -generated: "2023-08-25T08:41:45.034278+02:00" +digest: sha256:27524f3d7de75da9a074f0771a5c907d03c08fbf52abe4e3971c7c84f5f1be82 +generated: "2023-09-26T16:28:51.468868+02:00" From ce42a5a3f735af3e8d8dd7d51fd1cd8a3760e7f0 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 17:05:51 +0200 Subject: [PATCH 35/37] Fixed S3 config --- README.md | 2 +- templates/_helpers.tpl | 4 ++-- templates/_validations.tpl | 2 +- values.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index ab27933..53a7dd5 100644 --- a/README.md +++ b/README.md @@ -180,7 +180,7 @@ stringData: | configurations.s3.configName | string | `"s3-config"` | | | configurations.s3.folderKey | string | `"folder"` | | | configurations.s3.regionKey | string | `"region"` | | -| configurations.s3.useBucketEndpointKey | string | `"useBucketEndpoint"` | | +| configurations.s3.useBucketRegionKey | string | `"useBucketRegion"` | | | configurations.stationAuth.configName | string | `"station-auth-config"` | config containing authorization configuration for SF Station used when authentication is enabled for SF Station | | configurations.stationAuth.secretName | string | `"station-client-id"` | | | countlyPublisher.clusterName | string | `""` | | diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 4ae2a96..e8328c0 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -51,11 +51,11 @@ Template used for adding S3 configuration to containers name: {{ .Values.configurations.s3.configName | quote }} key: {{ .Values.configurations.s3.authTypeKey | quote }} # BucketRegion -- name: "S3Bucket__useBucketEndpoint" +- name: "S3Bucket__UseBucketRegion" valueFrom: configMapKeyRef: name: {{ .Values.configurations.s3.configName | quote }} - key: {{ .Values.configurations.s3.useBucketEndpointKey | quote }} + key: {{ .Values.configurations.s3.useBucketRegionKey | quote }} {{- end }} {{/* diff --git a/templates/_validations.tpl b/templates/_validations.tpl index 8fa4e96..829c567 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -63,7 +63,7 @@ Validate that the S3 config map exists with correct keys {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.regionKey) }} {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.folderKey) }} {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.authTypeKey) }} -{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.useBucketEndpointKey) }} +{{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "ConfigMap" "Namespace" .Release.Namespace "Name" .Values.configurations.s3.configName "Key" .Values.configurations.s3.useBucketRegionKey) }} {{- end -}} {{/* diff --git a/values.yaml b/values.yaml index d7fc275..1dde4bb 100644 --- a/values.yaml +++ b/values.yaml @@ -21,7 +21,7 @@ configurations: regionKey: "region" folderKey: "folder" authTypeKey: "authType" - useBucketEndpointKey: "useBucketEndpoint" + useBucketRegionKey: "useBucketRegion" license: secretName: "iface-lic" volumeMountName: "license" From b8b0e6cd0b7615cbd4d674fc3d09c75c64909616 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 26 Sep 2023 17:06:55 +0200 Subject: [PATCH 36/37] Fixed S3 config --- external-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/external-config.yaml b/external-config.yaml index 6b30ea8..56bb9e4 100644 --- a/external-config.yaml +++ b/external-config.yaml @@ -31,7 +31,7 @@ data: region: "eu-central-1" folder: "sface" authType: "AssumedRole" - useBucketEndpoint: "true" + useBucketRegion: "true" --- apiVersion: v1 stringData: From bce68246fa2d90cb49cd506eaca04e86ff601916 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 27 Sep 2023 13:46:06 +0200 Subject: [PATCH 37/37] Replicas from values --- README.md | 10 ++++++++++ templates/_matcher.tpl | 2 +- templates/api-deployment.yaml | 2 +- templates/auth-api-deployment.yaml | 4 +++- templates/detector-deployment.yaml | 4 +++- .../edge-stream-processor-deployment.yaml | 2 +- templates/edge-streams/face-matcher-deployment.yaml | 2 +- .../stream-data-db-worker-deployment.yaml | 2 +- templates/extractor-deployment.yaml | 4 +++- templates/graphql-deployment.yaml | 2 +- templates/liveness-deployment.yaml | 2 +- values.yaml | 13 +++++++++++++ 12 files changed, 39 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 53a7dd5..3b0c553 100644 --- a/README.md +++ b/README.md @@ -113,6 +113,7 @@ stringData: | api.initMigration | bool | `true` | | | api.name | string | `"sf-api"` | | | api.nodeSelector | object | `{}` | | +| api.replicas | int | `1` | | | api.resources.limits.memory | string | `"4G"` | | | api.resources.requests.cpu | string | `"250m"` | | | api.resources.requests.memory | string | `"300M"` | | @@ -129,6 +130,7 @@ stringData: | authApi.initMigration | bool | `true` | | | authApi.name | string | `"sf-auth-api"` | | | authApi.nodeSelector | object | `{}` | | +| authApi.replicas | int | `1` | number of replicas to use when autoscaling is not enabled for this component | | authApi.resources.limits.memory | string | `"4G"` | | | authApi.resources.requests.cpu | string | `"250m"` | | | authApi.resources.requests.memory | string | `"300M"` | | @@ -203,6 +205,7 @@ stringData: | detector.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | detector.name | string | `"sf-detector"` | | | detector.nodeSelector | object | `{}` | | +| detector.replicas | int | `1` | number of replicas to use when autoscaling is not enabled for this component | | detector.resources.limits.memory | string | `"1500M"` | | | detector.resources.requests.cpu | string | `"750m"` | | | detector.resources.requests.memory | string | `"600M"` | | @@ -214,6 +217,7 @@ stringData: | edgeStreamProcessor.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | edgeStreamProcessor.name | string | `"sf-edge-stream-processor"` | | | edgeStreamProcessor.nodeSelector | object | `{}` | | +| edgeStreamProcessor.replicas | int | `1` | | | edgeStreamProcessor.resources.requests.cpu | string | `"100m"` | | | edgeStreamProcessor.resources.requests.memory | string | `"100M"` | | | edgeStreamProcessor.tolerations | list | `[]` | | @@ -224,6 +228,7 @@ stringData: | extractor.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | extractor.name | string | `"sf-extractor"` | | | extractor.nodeSelector | object | `{}` | | +| extractor.replicas | int | `1` | number of replicas to use when autoscaling is not enabled for this component | | extractor.resources.limits.memory | string | `"1G"` | | | extractor.resources.requests.cpu | string | `"750m"` | | | extractor.resources.requests.memory | string | `"500M"` | | @@ -235,6 +240,7 @@ stringData: | faceMatcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | faceMatcher.name | string | `"sf-face-matcher"` | | | faceMatcher.nodeSelector | object | `{}` | | +| faceMatcher.replicas | int | `1` | | | faceMatcher.resources.requests.cpu | string | `"100m"` | | | faceMatcher.resources.requests.memory | string | `"100M"` | | | faceMatcher.tolerations | list | `[]` | | @@ -253,6 +259,7 @@ stringData: | graphqlApi.initMigration | bool | `false` | | | graphqlApi.name | string | `"sf-graphql-api"` | | | graphqlApi.nodeSelector | object | `{}` | | +| graphqlApi.replicas | int | `1` | | | graphqlApi.resources.limits.memory | string | `"4G"` | | | graphqlApi.resources.requests.cpu | string | `"250m"` | | | graphqlApi.resources.requests.memory | string | `"300M"` | | @@ -273,6 +280,7 @@ stringData: | liveness.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | liveness.name | string | `"sf-liveness"` | | | liveness.nodeSelector | object | `{}` | | +| liveness.replicas | int | `1` | | | liveness.resources.requests.cpu | string | `"750m"` | | | liveness.resources.requests.memory | string | `"200M"` | | | liveness.tolerations | list | `[]` | | @@ -283,6 +291,7 @@ stringData: | matcher.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | matcher.name | string | `"sf-matcher"` | | | matcher.nodeSelector | object | `{}` | | +| matcher.replicas | int | `1` | | | matcher.resources.requests.cpu | string | `"750m"` | | | matcher.resources.requests.memory | string | `"200M"` | | | matcher.tolerations | list | `[]` | | @@ -336,6 +345,7 @@ stringData: | streamDataDbWorker.image.tag | string | `nil` | Overrides the image tag whose default is the chart's appVersion | | streamDataDbWorker.name | string | `"sf-stream-data-db-worker"` | | | streamDataDbWorker.nodeSelector | object | `{}` | | +| streamDataDbWorker.replicas | int | `1` | | | streamDataDbWorker.resources.requests.cpu | string | `"100m"` | | | streamDataDbWorker.resources.requests.memory | string | `"100M"` | | | streamDataDbWorker.tolerations | list | `[]` | | diff --git a/templates/_matcher.tpl b/templates/_matcher.tpl index a122072..0b5802f 100644 --- a/templates/_matcher.tpl +++ b/templates/_matcher.tpl @@ -10,7 +10,7 @@ metadata: labels: app: {{ .Values.matcher.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.matcher.replicas }} selector: matchLabels: app: {{ .Values.matcher.name | quote }} diff --git a/templates/api-deployment.yaml b/templates/api-deployment.yaml index 3378d03..c4f0294 100644 --- a/templates/api-deployment.yaml +++ b/templates/api-deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: {{ .Values.api.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.api.replicas }} selector: matchLabels: app: {{ .Values.api.name | quote }} diff --git a/templates/auth-api-deployment.yaml b/templates/auth-api-deployment.yaml index 61642cd..13cf332 100644 --- a/templates/auth-api-deployment.yaml +++ b/templates/auth-api-deployment.yaml @@ -6,7 +6,9 @@ metadata: labels: app: {{ .Values.authApi.name | quote }} spec: - replicas: 1 + {{- if not (and (or .Values.autoscaling.cron.enabled .Values.autoscaling.rmq.enabled) .Values.autoscaling.api.enabled ) }} + replicas: {{ .Values.authApi.replicas }} + {{- end }} selector: matchLabels: app: {{ .Values.authApi.name | quote }} diff --git a/templates/detector-deployment.yaml b/templates/detector-deployment.yaml index 08520e5..ae0c163 100644 --- a/templates/detector-deployment.yaml +++ b/templates/detector-deployment.yaml @@ -5,7 +5,9 @@ metadata: labels: app: {{ .Values.detector.name | quote }} spec: - replicas: 1 + {{- if not (and (or .Values.autoscaling.cron.enabled .Values.autoscaling.rmq.enabled) .Values.autoscaling.detector.enabled ) }} + replicas: {{ .Values.detector.replicas }} + {{- end }} selector: matchLabels: app: {{ .Values.detector.name | quote }} diff --git a/templates/edge-streams/edge-stream-processor-deployment.yaml b/templates/edge-streams/edge-stream-processor-deployment.yaml index c0cbac6..b37d49c 100644 --- a/templates/edge-streams/edge-stream-processor-deployment.yaml +++ b/templates/edge-streams/edge-stream-processor-deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: {{ .Values.edgeStreamProcessor.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.edgeStreamProcessor.replicas }} selector: matchLabels: app: {{ .Values.edgeStreamProcessor.name | quote }} diff --git a/templates/edge-streams/face-matcher-deployment.yaml b/templates/edge-streams/face-matcher-deployment.yaml index e71fa53..f3178c8 100644 --- a/templates/edge-streams/face-matcher-deployment.yaml +++ b/templates/edge-streams/face-matcher-deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: {{ .Values.faceMatcher.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.faceMatcher.replicas }} selector: matchLabels: app: {{ .Values.faceMatcher.name | quote }} diff --git a/templates/edge-streams/stream-data-db-worker-deployment.yaml b/templates/edge-streams/stream-data-db-worker-deployment.yaml index efcbfae..698c5d5 100644 --- a/templates/edge-streams/stream-data-db-worker-deployment.yaml +++ b/templates/edge-streams/stream-data-db-worker-deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: {{ .Values.streamDataDbWorker.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.streamDataDbWorker.replicas }} selector: matchLabels: app: {{ .Values.streamDataDbWorker.name | quote }} diff --git a/templates/extractor-deployment.yaml b/templates/extractor-deployment.yaml index e608293..bbe27ad 100644 --- a/templates/extractor-deployment.yaml +++ b/templates/extractor-deployment.yaml @@ -5,7 +5,9 @@ metadata: labels: app: {{ .Values.extractor.name | quote }} spec: - replicas: 1 + {{- if not (and (or .Values.autoscaling.cron.enabled .Values.autoscaling.rmq.enabled) .Values.autoscaling.extractor.enabled ) }} + replicas: {{ .Values.extractor.replicas }} + {{- end }} selector: matchLabels: app: {{ .Values.extractor.name | quote }} diff --git a/templates/graphql-deployment.yaml b/templates/graphql-deployment.yaml index ecb4843..5bdd52b 100644 --- a/templates/graphql-deployment.yaml +++ b/templates/graphql-deployment.yaml @@ -6,7 +6,7 @@ metadata: labels: app: {{ .Values.graphqlApi.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.graphqlApi.replicas }} selector: matchLabels: app: {{ .Values.graphqlApi.name | quote }} diff --git a/templates/liveness-deployment.yaml b/templates/liveness-deployment.yaml index a946de5..c123bc5 100644 --- a/templates/liveness-deployment.yaml +++ b/templates/liveness-deployment.yaml @@ -5,7 +5,7 @@ metadata: labels: app: {{ .Values.liveness.name | quote }} spec: - replicas: 1 + replicas: {{ .Values.liveness.replicas }} selector: matchLabels: app: {{ .Values.liveness.name | quote }} diff --git a/values.yaml b/values.yaml index 1dde4bb..c615d67 100644 --- a/values.yaml +++ b/values.yaml @@ -71,6 +71,7 @@ api: memory: "4G" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -98,6 +99,8 @@ authApi: memory: "4G" nodeSelector: {} tolerations: [] + # -- number of replicas to use when autoscaling is not enabled for this component + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -126,6 +129,7 @@ graphqlApi: memory: "4G" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -160,6 +164,8 @@ detector: memory: "1500M" nodeSelector: {} tolerations: [] + # -- number of replicas to use when autoscaling is not enabled for this component + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -182,6 +188,8 @@ extractor: memory: "1G" nodeSelector: {} tolerations: [] + # -- number of replicas to use when autoscaling is not enabled for this component + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -202,6 +210,7 @@ matcher: cpu: "750m" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -222,6 +231,7 @@ liveness: cpu: "750m" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -242,6 +252,7 @@ edgeStreamProcessor: cpu: "100m" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -284,6 +295,7 @@ faceMatcher: cpu: "100m" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null @@ -354,6 +366,7 @@ streamDataDbWorker: cpu: "100m" nodeSelector: {} tolerations: [] + replicas: 1 image: # -- The Docker registry, overrides `global.image.registry` registry: null