Merge pull request #73 from SoftwareAG/dev-msr-thr

APIGW Job template added to support house keeping jobs
SoftwareAG · Apr 24, 2024 · 1cd9d5a · 1cd9d5a
2 parents 09ec2fc + 2bc28e9
commit 1cd9d5a
Show file tree

Hide file tree

Showing 7 changed files with 281 additions and 4 deletions.
diff --git a/apigateway/examples/house-keeping-job/README.md b/apigateway/examples/house-keeping-job/README.md
@@ -0,0 +1,3 @@
+# House Keeping Job - Purge Transaction Events
+
+The examples in [values.yaml](./values-purge-transaction-events-job.yaml) creates a Kubernetes cron job to purge transaction events of all types which are older than specific days.
diff --git a/apigateway/examples/house-keeping-job/values-purge-transaction-events-job.yaml b/apigateway/examples/house-keeping-job/values-purge-transaction-events-job.yaml
@@ -0,0 +1,29 @@
+
+# Cron schedule syntax
+# ┌───────────── minute (0 - 59)
+# │ ┌───────────── hour (0 - 23)
+# │ │ ┌───────────── day of the month (1 - 31)
+# │ │ │ ┌───────────── month (1 - 12)
+# │ │ │ │ ┌───────────── day of the week (0 - 6) (Sunday to Saturday;
+# │ │ │ │ │                                   7 is also Sunday on some systems)
+# │ │ │ │ │                                   OR sun, mon, tue, wed, thu, fri, sat
+# │ │ │ │ │
+# * * * * *
+
+jobs:
+# -- Implements a cron job to purge all events which are older than 7 days.
+- name: purge-transaction-events
+  image:
+    repository: curlimages/curl
+    tag: latest
+  imagePullPolicy: IfNotPresent
+  restartPolicy: Never
+  # -- Schedule job every day ...
+  schedule: "0 1 * * *"
+  command: ["/bin/sh"] 
+  args:
+    - -c
+    - >-
+        echo "Purge Transaction Events in [${DEPLOYMENT}]" ... &&
+        curl -X DELETE -s -u "Administrator:${ADMINISTRATOR_PASSWORD}" "${DEPLOYMENT}:5555/rest/apigateway/apitransactions?eventType=ALL&objectType=Analytics&from=&until=&olderThan=7d" &&
+        curl -X GET    -s -u "Administrator:${ADMINISTRATOR_PASSWORD}" "${DEPLOYMENT}:5555/rest/apigateway/apitransactions/jobs"
diff --git a/apigateway/helm/Chart.yaml b/apigateway/helm/Chart.yaml
@@ -33,7 +33,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 1.2.2
+version: 1.2.3
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

diff --git a/apigateway/helm/README.md b/apigateway/helm/README.md
@@ -143,8 +143,17 @@ If desired you may deploy API Gateway with your own TLS key and cert. The Templa
 
 ```bash
 helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingress.tls.cert="$(<cert.pem)"
-
 ```
+
+## Examples for Use-cases
+
+Sub-folder `examples` contains some *values* examples for more use-cases. To use the use-case, adapt and add the provided `values.yaml` to your values.
+
+| Use-case | Description |
+|-----|------|
+| [fluentd-sidecar](../examples/fluentd-sidecar/README.md) | Running API Gateway with Fluentd Sidecar |
+| [house-keeping-job](../examples/house-keeping-job/README.md) | Example to create house keeping job: purge transaction events  |
+
 ## Version History
 
 | Version | Changes and Description |
@@ -154,6 +163,7 @@ helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingre
 | `1.2.0` | Added Kibana TLS/SSL functionality towards Elasticsearch. Helper function aded for kibana truststore password. |
 | `1.2.1` | Added Kibana configuration field 'status.allowAnonymous' set by Values.kibana.allowAnonymousStatus. This removes errors in API Gateway log indicating that Kibana is not available. |
 | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. |
+| `1.2.3` | Job template added to create house keeping (cron) jobs.  |
 
 ## Values
 

diff --git a/apigateway/helm/README.md.gotmpl b/apigateway/helm/README.md.gotmpl
@@ -144,8 +144,17 @@ If desired you may deploy API Gateway with your own TLS key and cert. The Templa
 
 ```bash
 helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingress.tls.cert="$(<cert.pem)"
-
 ```
+
+## Examples for Use-cases
+
+Sub-folder `examples` contains some *values* examples for more use-cases. To use the use-case, adapt and add the provided `values.yaml` to your values.
+
+| Use-case | Description |
+|-----|------|
+| [fluentd-sidecar](../examples/fluentd-sidecar/README.md) | Running API Gateway with Fluentd Sidecar |
+| [house-keeping-job](../examples/house-keeping-job/README.md) | Example to create house keeping job: purge transaction events  |
+
 ## Version History
 
 | Version | Changes and Description |
@@ -155,5 +164,6 @@ helm upgrade -i -f myvalues.yaml --set ingress.tls.key="$(<key.pem)" --set ingre
 | `1.2.0` | Added Kibana TLS/SSL functionality towards Elasticsearch. Helper function aded for kibana truststore password. |
 | `1.2.1` | Added Kibana configuration field 'status.allowAnonymous' set by Values.kibana.allowAnonymousStatus. This removes errors in API Gateway log indicating that Kibana is not available. |
 | `1.2.2` | Option in `values.yaml` to create a ServiceMonitor added. |
+| `1.2.3` | Job template added to create house keeping (cron) jobs.  |
 
 {{ template "chart.valuesSection" . }}
diff --git a/apigateway/helm/templates/job.yaml b/apigateway/helm/templates/job.yaml
@@ -0,0 +1,225 @@
+# /*
+#  * Copyright (c) 2023 Software AG, Darmstadt, Germany and/or its licensors
+#  *
+#  * SPDX-License-Identifier: Apache-2.0
+#  *
+#  *   Licensed under the Apache License, Version 2.0 (the "License");
+#  *   you may not use this file except in compliance with the License.
+#  *   You may obtain a copy of the License at
+#  *
+#  *       http://www.apache.org/licenses/LICENSE-2.0
+#  *
+#  *   Unless required by applicable law or agreed to in writing, software
+#  *   distributed under the License is distributed on an "AS IS" BASIS,
+#  *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  *   See the License for the specific language governing permissions and
+#  *   limitations under the License.
+#  *
+#  */
+
+{{- $fullName := include "common.names.fullname" . -}}
+{{- $labels   := include "common.labels.standard" . -}}
+{{- $adminsecretName  := include "apigateway.adminsecretName" . -}}
+{{- $adminsecretKey   := include "apigateway.adminsecretKey" . -}}
+{{- $imagePullSecrets := .Values.imagePullSecrets -}}
+{{- $extraLabels      := .Values.extraLabels      -}}
+{{- $context := . }}
+
+{{- range $job := .Values.jobs }}
+---
+apiVersion: batch/v1
+kind: {{ if $job.schedule }}CronJob{{ else }}Job{{ end }}
+metadata:
+  name: {{ $fullName }}-{{ $job.name }}
+  labels:
+    {{- $labels | nindent 4 }}
+    {{- with $extraLabels }}
+      {{- toYaml $extraLabels | nindent 4 }}
+    {{- end }}
+  {{- with $job.annotations }}
+  annotations:
+{{ toYaml . | indent 4 }}
+  {{- end }}
+spec:
+  {{ if $job.schedule }}
+  jobTemplate:
+    spec:
+      template:
+        metadata:
+          name: {{ $fullName }}-{{ $job.name }}
+          labels:
+            {{- $labels | nindent 12 }}
+            {{- with $extraLabels }}
+              {{- toYaml $extraLabels | nindent 12 }}
+            {{- end }}
+        spec:
+          {{- if hasKey $job "serviceAccount" }}
+          {{- if hasKey $job.serviceAccount "name" }}
+          serviceAccountName: {{ $job.serviceAccount.name }}
+          {{- else }}
+          serviceAccountName: {{ $job.name }}
+          {{- end }}
+          {{- end }}
+          {{- if hasKey $job "securityContext" }}
+          {{- if $job.securityContext.runAsUser }}
+          securityContext:
+            runAsUser: {{ $job.securityContext.runAsUser }}
+            {{- if $job.securityContext.runAsGroup }}
+            runAsGroup: {{ $job.securityContext.runAsGroup }}
+            {{- end }}
+            {{- if $job.securityContext.fsGroup }}
+            fsGroup: {{ $job.securityContext.fsGroup }}
+            {{- end }}
+          {{- end }}
+          {{- end }}
+          containers:
+          - image: "{{ $job.image.repository }}:{{ $job.image.tag }}"
+            imagePullPolicy: {{ $job.image.imagePullPolicy }}
+            name: {{ $job.name }}
+            env:
+            - name: DEPLOYMENT
+              value: {{ $fullName }}
+            {{- with $job.env }}
+            env:
+{{ tpl (toYaml . ) $context | indent 12 }}
+            {{- end }}
+            envFrom:
+            - name: ADMINISTRATOR_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ $adminsecretName }}
+                  key: {{ $adminsecretKey }}
+            {{- with $job.envFrom }}
+            envFrom:
+{{ toYaml . | indent 12 }}
+            {{- end }}
+            {{- if $job.command }}
+            command: {{ $job.command }}
+            {{- end }}
+            {{- with $job.args }}
+            args:
+{{ toYaml . | indent 12 }}
+            {{- end }}
+            {{- with $job.resources }}
+            resources:
+{{ toYaml . | indent 14 }}
+            {{- end }}
+            {{- with $job.volumeMounts }}
+            volumeMounts:
+{{ toYaml . | indent 12 }}
+            {{- end }}
+          {{- with $job.nodeSelector }}
+          nodeSelector:
+{{ toYaml . | indent 12 }}
+          {{- end }}
+          {{- with $job.affinity }}
+          affinity:
+{{ toYaml . | indent 12 }}
+          {{- end }}
+          {{- with $job.tolerations }}
+          tolerations:
+{{ toYaml . | indent 12 }}
+          {{- end }}
+          restartPolicy: {{ $job.restartPolicy }}
+          {{- with $job.volumes }}
+          volumes:
+{{ toYaml . | indent 12 }}
+          {{- end }}
+          {{- with $imagePullSecrets }}
+          imagePullSecrets:
+{{- toYaml . | nindent 12 }}
+          {{- end }}
+  schedule: {{ $job.schedule | quote }}
+  successfulJobsHistoryLimit: {{ $job.successfulJobsHistoryLimit }}
+
+  {{ else }}
+
+  template:
+    metadata:
+      name: {{ $fullName }}-{{ $job.name }}
+      labels:
+        {{- $labels | nindent 8 }}
+        {{- with $extraLabels }}
+          {{- toYaml $extraLabels | nindent 8 }}
+         {{- end }}
+    spec:
+      {{- if hasKey $job "serviceAccount" }}
+      {{- if hasKey $job.serviceAccount "name" }}
+      serviceAccountName: {{ $job.serviceAccount.name }}
+      {{- else }}
+      serviceAccountName: {{ $job.name }}
+      {{- end }}
+      {{- end }}
+      {{- if hasKey $job "securityContext" }}
+      {{- if $job.securityContext.runAsUser }}
+      securityContext:
+        runAsUser: {{ $job.securityContext.runAsUser }}
+        {{- if $job.securityContext.runAsGroup }}
+        runAsGroup: {{ $job.securityContext.runAsGroup }}
+        {{- end }}
+        {{- if $job.securityContext.fsGroup }}
+        fsGroup: {{ $job.securityContext.fsGroup }}
+        {{- end }}
+      {{- end }}
+      {{- end }}
+      containers:
+      - image: "{{ $job.image.repository }}:{{ $job.image.tag }}"
+        imagePullPolicy: {{ $job.image.imagePullPolicy }}
+        name: {{ $job.name }}
+        env:
+        - name: DEPLOYMENT
+          value: {{ $fullName }}
+        {{- with $job.env }}
+        env:
+{{ tpl (toYaml . ) $context | indent 8 }}
+        {{- end }}
+        envFrom:
+        - name: ADMINISTRATOR_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ include "apigateway.adminsecretName" . }}
+              key: {{ include "apigateway.adminsecretKey" . }}
+        {{- with $job.envFrom }}
+        envFrom:
+{{ toYaml . | indent 8 }}
+        {{- end }}
+        {{- if $job.command }}
+        command: {{ $job.command }}
+        {{- end }}
+        {{- with $job.args }}
+        args:
+{{ toYaml . | indent 8 }}
+        {{- end }}
+        {{- with $job.resources }}
+        resources:
+{{ toYaml . | indent 10 }}
+        {{- end }}
+        {{- with $job.volumeMounts }}
+        volumeMounts:
+{{ toYaml . | indent 8 }}
+        {{- end }}
+      {{- with $job.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with $job.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with $job.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      restartPolicy: {{ $job.restartPolicy }}
+      {{- with $job.volumes }}
+      volumes:
+{{ toYaml . | indent 8 }}
+      {{- end }}
+      {{- with $imagePullSecrets }}
+      imagePullSecrets:
+{{- toYaml . | nindent 8 }}
+      {{- end }}
+
+  {{ end }}
+
+{{- end -}}
diff --git a/apigateway/helm/values.yaml b/apigateway/helm/values.yaml
@@ -210,7 +210,7 @@ resources:
       cpu: 500m
       memory: 4Gi
     limits:
-      # use a high cpu limit to avaoid the container being throttled
+      # use a high cpu limit to avoid the container being throttled
       cpu: 8
       memory: 8Gi
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		# House Keeping Job - Purge Transaction Events

		The examples in [values.yaml](./values-purge-transaction-events-job.yaml) creates a Kubernetes cron job to purge transaction events of all types which are older than specific days.