From 1c8630681a58244fcba2ed2e598b487c66e7f200 Mon Sep 17 00:00:00 2001 From: Mathieu Carbou Date: Tue, 13 Feb 2024 12:28:01 +0100 Subject: [PATCH] Terracotta BigMemory Max Helm charts WARNING: These are provided as a minimal required version that the user will have to customize on-site with the help of a k8s expert, considering the complexity of k8s with pod and volume lifecycle in the context of a multi-stripe active/passive cluster. --- .github/workflows/dry-run-test.yml | 4 + .github/workflows/release.yml | 1 + terracottabigmemorymax/.helmignore | 23 +++ terracottabigmemorymax/helm/Chart.yaml | 41 +++++ terracottabigmemorymax/helm/README.md | 168 ++++++++++++++++++ terracottabigmemorymax/helm/README.md.gotmpl | 168 ++++++++++++++++++ .../helm/templates/_helpers.tpl | 73 ++++++++ .../helm/templates/license-configmap.yaml | 28 +++ .../helm/templates/server-configmap.yaml | 78 ++++++++ .../helm/templates/tc-server-statefulset.yaml | 115 ++++++++++++ .../helm/templates/tc-servers-service.yaml | 39 ++++ .../helm/templates/tmc-service.yaml | 42 +++++ .../helm/templates/tmc-statefulset.yaml | 113 ++++++++++++ terracottabigmemorymax/helm/values.yaml | 69 +++++++ 14 files changed, 962 insertions(+) create mode 100644 terracottabigmemorymax/.helmignore create mode 100644 terracottabigmemorymax/helm/Chart.yaml create mode 100644 terracottabigmemorymax/helm/README.md create mode 100644 terracottabigmemorymax/helm/README.md.gotmpl create mode 100644 terracottabigmemorymax/helm/templates/_helpers.tpl create mode 100644 terracottabigmemorymax/helm/templates/license-configmap.yaml create mode 100644 terracottabigmemorymax/helm/templates/server-configmap.yaml create mode 100644 terracottabigmemorymax/helm/templates/tc-server-statefulset.yaml create mode 100644 terracottabigmemorymax/helm/templates/tc-servers-service.yaml create mode 100644 terracottabigmemorymax/helm/templates/tmc-service.yaml create mode 100644 terracottabigmemorymax/helm/templates/tmc-statefulset.yaml create mode 100644 terracottabigmemorymax/helm/values.yaml diff --git a/.github/workflows/dry-run-test.yml b/.github/workflows/dry-run-test.yml index 003f466..0906cc4 100644 --- a/.github/workflows/dry-run-test.yml +++ b/.github/workflows/dry-run-test.yml @@ -53,3 +53,7 @@ jobs: - name: Dry-run of universalmessaging run: | helm template um universalmessaging/helm + + - name: Dry-run of terracottabigmemorymax + run: | + helm template um terracottabigmemory/helm diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 67e3404..4f3daae 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -42,6 +42,7 @@ jobs: helm package -u microservicesruntime/helm helm package -u mywebmethodsserver/helm helm package -u universalmessaging/helm + helm package -u terracottabigmemorymax/helm - name: Push Helm Charts to this GitHub repo branch 'gh-pages' run: | diff --git a/terracottabigmemorymax/.helmignore b/terracottabigmemorymax/.helmignore new file mode 100644 index 0000000..0e8a0eb --- /dev/null +++ b/terracottabigmemorymax/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/terracottabigmemorymax/helm/Chart.yaml b/terracottabigmemorymax/helm/Chart.yaml new file mode 100644 index 0000000..1e74aae --- /dev/null +++ b/terracottabigmemorymax/helm/Chart.yaml @@ -0,0 +1,41 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: v2 +name: terracottabigmemorymax +description: Terracotta BigMemory Max Helm Chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: "1.1.0" + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +appVersion: "4.4.0" diff --git a/terracottabigmemorymax/helm/README.md b/terracottabigmemorymax/helm/README.md new file mode 100644 index 0000000..381e721 --- /dev/null +++ b/terracottabigmemorymax/helm/README.md @@ -0,0 +1,168 @@ +# Terracotta BigMemory Max Helm Chart + +## Disclaimer and Warnings + +**The user is responsible for customizing these files on-site.** +This Helm chart is provided as a minimal requirement to install Terracotta BigMemory Max on k8s. + +--- + +*Considering the complexity of k8s settings regarding pod and volume lifecycle in the context of a multi-stripe active/passive cluster it is strongly advised that the user consult with a k8s expert.* + +*Pay attention that the nature of k8s automatically handling pod restart and volume assignment can go against the expected normal behavior of Terracotta Servers on a traditional infrastructure. This can lead to unexpected behaviors and / or malfunctioning clusters.* + +*Terracotta Servers embed a mechanism to automatically restart in case of failure or configuration change, and eventually can invalidate the data on disk (to be wiped). This mechanism is not compatible with the default k8s lifecycle management which can for example respawn a pod on a pre-existing volume where the data has been marked invalidated.* + +--- + +## QuickStart + +From the helm directory + +```bash +helm install --set-file license= --set tag=4.3.10-SNAPSHOT . +``` + +**IMPORTANT note:** license and tag are mandatory parameter that need to be set during helm chart installation. + +There are other parameters defined in values.yaml which can be overridden as well during installation which can be used +for changing how terracotta cluster should be deployed in kubernetes environment. By default it deploys BigMemory +cluster with two stripe each having two nodes and a tmc inside kubernetes. + +### Security + +### Image Pull Secret + +Provide an image pull secret for the registry where the desired images are to be pulled from. + +``` +kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= +``` + +### STEP #1: Create a secret + +Suppose you are creating a 2*1 bigmemory cluster and 1 tmc then Create a secret which contains following files + +- terracotta-0-keystore.jks :- keystore file for server1. +- terracotta-1-keystore.jks :- keystore file for server2. +- tmc-0-keystore.jks :- keystore file for tmc. +- truststore.jks :- truststore file containing public certs for all the above keystores. +- keychain - keychain file containing password for everything. For ex- + +```` +Terracotta Command Line Tools - Keychain Client +tc://user@terracotta-1.terracotta-service.default.svc.cluster.local:9540 : chunuAa1$ +file:/opt/softwareag/.tc/mgmt/truststore.jks : chunuAa1$ +file:/opt/softwareag/run/truststore.jks : chunuAa1$ +tc://user@terracotta-1.terracotta-service.default.svc.cluster.local:9510 : chunuAa1$ +tc://user@terracotta-1.terracotta-service.default.svc.cluster.local:9530 : chunuAa1$ +file:/opt/softwareag/.tc/mgmt/tmc-0-keystore.jks : chunuAa1$ +https://terracotta-1.terracotta-service.default.svc.cluster.local:9540/tc-management-api : chunuAa1$ +https://terracotta-0.terracotta-service.default.svc.cluster.local:9540/tc-management-api : chunuAa1$ +tc://user@terracotta-0.terracotta-service.default.svc.cluster.local:9510 : chunuAa1$ +jks:terracotta-0-alias@/opt/softwareag/run/terracotta-0-keystore.jks : chunuAa1$ +tc://user@terracotta-0.terracotta-service.default.svc.cluster.local:9540 : chunuAa1$ +tc://user@terracotta-0.terracotta-service.default.svc.cluster.local:9530 : chunuAa1$ +jks:terracotta-1-alias@/opt/softwareag/run/terracotta-1-keystore.jks : chunuAa1$ +```` + +- tmc-https.ini :- For enabling ssl connections in jetty. For ex- + +```` +jetty.sslContext.keyManagerPassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw +jetty.sslContext.keyStorePassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw +jetty.sslContext.trustStorePassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw +```` + +- terracotta.ini :- contains user with name 'user' as we are using it in generated tc-config.xml. + +```` +./usermanagement.sh -c terracotta.ini user terracotta admin +```` + +Example to create secret in k8s cluster manually - + +```` +kubectl create secret generic certificatesecret \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/keychain \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/terracotta-0-keystore.jks \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/truststore.jks \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/terracotta.ini \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/tmc-0-keystore.jks \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/tmc-https.ini \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/terracotta-1-keystore.jks +```` + +### Step #2: Install the helm chart and use the above created secret. + +```` +helm install "my-release" --set stripeCount=2 --set nodeCountPerStripe=1 --set-file license=/home/mdh@eur.ad.sag/4.xlicense/license.key --set tag=4.3.10-SNAPSHOT --set security=true --set secretName=certificatesecret . +```` + +### Step #3: Verify from the browser to see if connections can be created securely to tmc. + +- First enable port-forwarding for tmc-service using - + +```` +kubectl port-forward service/tmc-service 8080:9443 +```` + +- Go to browser and go to url https://localhost:8080 and then set up authentication. +- It will ask for tmc restart so do it using + +``` +kubectl delete pod tmc-0. +``` + +- Now again start port-forwarding and go to browser and connect to following url - + +``` +https://terracotta-0.terracotta-service.default.svc.cluster.local +``` + +- When asking for user name enter "user" . It should be able to connect and show cluster information on browser. + + +### Prometheus support +Terracotta BigMemory provides a list of key metrics in Prometheus compatible format over HTTP on TMC endpoint: +``` +http(s)://:/tmc/api/prometheus +``` +Sample config to add BigMemory as a target in the prometheus.yml configuration file + +For non secure cluster - +``` +- job_name: 'big_memory' + metrics_path: /tmc/api/prometheus + static_configs: + - targets: ['localhost:9889'] +``` + +For secure cluster - +``` +- job_name: 'big_memory' + scheme: https + metrics_path: /tmc/api/prometheus + static_configs: + - targets: ['localhost:9443'] + basic_auth: + username: + password: + tls_config: + ca_file: +``` + +### Step #4: For removing deployment from kubernetes cluster. + +```bash +helm delete +``` + +## Version History + +| Version | Changes and Description | +|---------|-------------------------| +| `1.0.0' | Initial release | +| `1.1.0' | Available from GitHub | + +{{ template "chart.valuesSection" . }} diff --git a/terracottabigmemorymax/helm/README.md.gotmpl b/terracottabigmemorymax/helm/README.md.gotmpl new file mode 100644 index 0000000..381e721 --- /dev/null +++ b/terracottabigmemorymax/helm/README.md.gotmpl @@ -0,0 +1,168 @@ +# Terracotta BigMemory Max Helm Chart + +## Disclaimer and Warnings + +**The user is responsible for customizing these files on-site.** +This Helm chart is provided as a minimal requirement to install Terracotta BigMemory Max on k8s. + +--- + +*Considering the complexity of k8s settings regarding pod and volume lifecycle in the context of a multi-stripe active/passive cluster it is strongly advised that the user consult with a k8s expert.* + +*Pay attention that the nature of k8s automatically handling pod restart and volume assignment can go against the expected normal behavior of Terracotta Servers on a traditional infrastructure. This can lead to unexpected behaviors and / or malfunctioning clusters.* + +*Terracotta Servers embed a mechanism to automatically restart in case of failure or configuration change, and eventually can invalidate the data on disk (to be wiped). This mechanism is not compatible with the default k8s lifecycle management which can for example respawn a pod on a pre-existing volume where the data has been marked invalidated.* + +--- + +## QuickStart + +From the helm directory + +```bash +helm install --set-file license= --set tag=4.3.10-SNAPSHOT . +``` + +**IMPORTANT note:** license and tag are mandatory parameter that need to be set during helm chart installation. + +There are other parameters defined in values.yaml which can be overridden as well during installation which can be used +for changing how terracotta cluster should be deployed in kubernetes environment. By default it deploys BigMemory +cluster with two stripe each having two nodes and a tmc inside kubernetes. + +### Security + +### Image Pull Secret + +Provide an image pull secret for the registry where the desired images are to be pulled from. + +``` +kubectl create secret docker-registry regcred --docker-server= --docker-username= --docker-password= --docker-email= +``` + +### STEP #1: Create a secret + +Suppose you are creating a 2*1 bigmemory cluster and 1 tmc then Create a secret which contains following files + +- terracotta-0-keystore.jks :- keystore file for server1. +- terracotta-1-keystore.jks :- keystore file for server2. +- tmc-0-keystore.jks :- keystore file for tmc. +- truststore.jks :- truststore file containing public certs for all the above keystores. +- keychain - keychain file containing password for everything. For ex- + +```` +Terracotta Command Line Tools - Keychain Client +tc://user@terracotta-1.terracotta-service.default.svc.cluster.local:9540 : chunuAa1$ +file:/opt/softwareag/.tc/mgmt/truststore.jks : chunuAa1$ +file:/opt/softwareag/run/truststore.jks : chunuAa1$ +tc://user@terracotta-1.terracotta-service.default.svc.cluster.local:9510 : chunuAa1$ +tc://user@terracotta-1.terracotta-service.default.svc.cluster.local:9530 : chunuAa1$ +file:/opt/softwareag/.tc/mgmt/tmc-0-keystore.jks : chunuAa1$ +https://terracotta-1.terracotta-service.default.svc.cluster.local:9540/tc-management-api : chunuAa1$ +https://terracotta-0.terracotta-service.default.svc.cluster.local:9540/tc-management-api : chunuAa1$ +tc://user@terracotta-0.terracotta-service.default.svc.cluster.local:9510 : chunuAa1$ +jks:terracotta-0-alias@/opt/softwareag/run/terracotta-0-keystore.jks : chunuAa1$ +tc://user@terracotta-0.terracotta-service.default.svc.cluster.local:9540 : chunuAa1$ +tc://user@terracotta-0.terracotta-service.default.svc.cluster.local:9530 : chunuAa1$ +jks:terracotta-1-alias@/opt/softwareag/run/terracotta-1-keystore.jks : chunuAa1$ +```` + +- tmc-https.ini :- For enabling ssl connections in jetty. For ex- + +```` +jetty.sslContext.keyManagerPassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw +jetty.sslContext.keyStorePassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw +jetty.sslContext.trustStorePassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw +```` + +- terracotta.ini :- contains user with name 'user' as we are using it in generated tc-config.xml. + +```` +./usermanagement.sh -c terracotta.ini user terracotta admin +```` + +Example to create secret in k8s cluster manually - + +```` +kubectl create secret generic certificatesecret \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/keychain \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/terracotta-0-keystore.jks \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/truststore.jks \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/terracotta.ini \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/tmc-0-keystore.jks \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/tmc-https.ini \ +--from-file=/home/mdh@eur.ad.sag/4.xconfig/k8sCert/terracotta-1-keystore.jks +```` + +### Step #2: Install the helm chart and use the above created secret. + +```` +helm install "my-release" --set stripeCount=2 --set nodeCountPerStripe=1 --set-file license=/home/mdh@eur.ad.sag/4.xlicense/license.key --set tag=4.3.10-SNAPSHOT --set security=true --set secretName=certificatesecret . +```` + +### Step #3: Verify from the browser to see if connections can be created securely to tmc. + +- First enable port-forwarding for tmc-service using - + +```` +kubectl port-forward service/tmc-service 8080:9443 +```` + +- Go to browser and go to url https://localhost:8080 and then set up authentication. +- It will ask for tmc restart so do it using + +``` +kubectl delete pod tmc-0. +``` + +- Now again start port-forwarding and go to browser and connect to following url - + +``` +https://terracotta-0.terracotta-service.default.svc.cluster.local +``` + +- When asking for user name enter "user" . It should be able to connect and show cluster information on browser. + + +### Prometheus support +Terracotta BigMemory provides a list of key metrics in Prometheus compatible format over HTTP on TMC endpoint: +``` +http(s)://:/tmc/api/prometheus +``` +Sample config to add BigMemory as a target in the prometheus.yml configuration file + +For non secure cluster - +``` +- job_name: 'big_memory' + metrics_path: /tmc/api/prometheus + static_configs: + - targets: ['localhost:9889'] +``` + +For secure cluster - +``` +- job_name: 'big_memory' + scheme: https + metrics_path: /tmc/api/prometheus + static_configs: + - targets: ['localhost:9443'] + basic_auth: + username: + password: + tls_config: + ca_file: +``` + +### Step #4: For removing deployment from kubernetes cluster. + +```bash +helm delete +``` + +## Version History + +| Version | Changes and Description | +|---------|-------------------------| +| `1.0.0' | Initial release | +| `1.1.0' | Available from GitHub | + +{{ template "chart.valuesSection" . }} diff --git a/terracottabigmemorymax/helm/templates/_helpers.tpl b/terracottabigmemorymax/helm/templates/_helpers.tpl new file mode 100644 index 0000000..fd743f5 --- /dev/null +++ b/terracottabigmemorymax/helm/templates/_helpers.tpl @@ -0,0 +1,73 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} + +{{- define "kube-terracotta.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 50 | trimSuffix "-" -}} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +The components in this chart create additional resources that expand the longest created name strings. +The longest name that gets created adds and extra 37 characters, so truncation should be 63-35=26. +*/}} +{{- define "kube-terracotta.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 26 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 26 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* Create chart name and version as used by the chart label. */}} +{{- define "kube-terracotta.chartref" -}} +{{- replace "+" "_" .Chart.Version | printf "%s-%s" .Chart.Name -}} +{{- end }} + +{{/* Generate basic labels */}} +{{- define "kube-terracotta.labels" -}} +app.kubernetes.io/managed-by: {{ .Release.Service }} +app.kubernetes.io/instance: {{ .Release.Name }} +app.kubernetes.io/version: "{{ replace "+" "_" .Chart.Version }}" +app.kubernetes.io/part-of: {{ template "kube-terracotta.name" . }} +chart: {{ template "kube-terracotta.chartref" . }} +release: {{ $.Release.Name | quote }} +heritage: {{ $.Release.Service | quote }} +{{- end }} + +{{/* +Allow the release namespace to be overridden for multi-namespace deployments in combined charts +*/}} +{{- define "kube-terracotta.namespace" -}} + {{- if .Values.namespaceOverride -}} + {{- .Values.namespaceOverride -}} + {{- else -}} + {{- .Release.Namespace -}} + {{- end -}} +{{- end -}} diff --git a/terracottabigmemorymax/helm/templates/license-configmap.yaml b/terracottabigmemorymax/helm/templates/license-configmap.yaml new file mode 100644 index 0000000..c9890cc --- /dev/null +++ b/terracottabigmemorymax/helm/templates/license-configmap.yaml @@ -0,0 +1,28 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: v1 +kind: ConfigMap +metadata: + name: license-configmap + namespace: {{ template "kube-terracotta.namespace" . }} + labels: +{{ include "kube-terracotta.labels" . | indent 4 }} +data: + license.key: | + {{- .Values.license | nindent 4 }} diff --git a/terracottabigmemorymax/helm/templates/server-configmap.yaml b/terracottabigmemorymax/helm/templates/server-configmap.yaml new file mode 100644 index 0000000..0c15234 --- /dev/null +++ b/terracottabigmemorymax/helm/templates/server-configmap.yaml @@ -0,0 +1,78 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: v1 +kind: ConfigMap +metadata: + name: server-configmap + namespace: {{ template "kube-terracotta.namespace" . }} + labels: +{{ include "kube-terracotta.labels" . | indent 4 }} +data: + license.key: | + {{- .Values.license | nindent 4 }} + tc-config.xml: | + + + + + + {{- range $i := until (int $.Values.stripeCount) }} + + {{- range $j := until (int $.Values.nodeCountPerStripe) }} + + 9510 + 9530 + 9540 + /opt/softwareag/run/data + /opt/softwareag/run/logs + + + + {{- if eq $.Values.security true }} + + + jks:terracotta-{{ add (mul $i $.Values.nodeCountPerStripe) $j }}-alias@/opt/softwareag/run/terracotta-{{ add (mul $i $.Values.nodeCountPerStripe) $j }}-keystore.jks + + + com.terracotta.management.keychain.FileStoreKeyChain + file:/opt/softwareag/run/keychain + + + com.tc.net.core.security.ShiroIniRealm + file:/opt/softwareag/run/terracotta.ini + user + + + https://tmc-0.tmc-service.{{ $.Values.namespace }}.svc.cluster.local:9443/tmc/api/assertIdentity + 10000 + terracotta-{{ add (mul $i $.Values.nodeCountPerStripe) $j }}.terracotta-service.{{ template "kube-terracotta.namespace" $ }}.svc.cluster.local + + + {{- end }} + + {{- end }} + + {{- end }} + + + + diff --git a/terracottabigmemorymax/helm/templates/tc-server-statefulset.yaml b/terracottabigmemorymax/helm/templates/tc-server-statefulset.yaml new file mode 100644 index 0000000..a4da889 --- /dev/null +++ b/terracottabigmemorymax/helm/templates/tc-server-statefulset.yaml @@ -0,0 +1,115 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: terracotta + namespace: {{ template "kube-terracotta.namespace" . }} + labels: + app: terracotta +{{ include "kube-terracotta.labels" . | indent 4 }} +spec: + updateStrategy: + type: "OnDelete" + replicas: {{ mul $.Values.stripeCount $.Values.nodeCountPerStripe }} + selector: + matchLabels: + app: terracotta + serviceName: terracotta-service + template: + metadata: + labels: + app: terracotta + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + containers: + - name: server + image: "{{ $.Values.registry }}/{{ $.Values.serverImage }}:{{ $.Values.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.pullPolicy | quote }} + readinessProbe: + tcpSocket: + port: 9530 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + failureThreshold: {{ $.Values.probeFailureThreshold }} + livenessProbe: + tcpSocket: + port: 9530 + initialDelaySeconds: 30 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + failureThreshold: {{ $.Values.probeFailureThreshold }} + startupProbe: + tcpSocket: + port: 9530 + initialDelaySeconds: 10 + periodSeconds: 5 + successThreshold: 1 + timeoutSeconds: 5 + failureThreshold: {{ $.Values.probeFailureThreshold }} + volumeMounts: + - name: commonconfig-volume + mountPath: /opt/softwareag/config + - name: core-store + mountPath: /opt/softwareag/run + env: + - name: JSON_LOGGING + value: {{ $.Values.jsonLogging | quote }} + {{- if eq $.Values.security true }} + {{- if eq $.Values.selfSignedCerts true }} + - name: JAVA_OPTS + value: {{ $.Values.serverOpts }} -Djavax.net.ssl.trustStore=/opt/softwareag/run/truststore.jks + {{- else }} + {{- if ne $.Values.serverOpts "" }} + - name: JAVA_OPTS + value: {{ $.Values.serverOpts }} + {{- end }} + {{- end }} + {{- else }} + {{- if ne $.Values.serverOpts "" }} + - name: JAVA_OPTS + value: {{ $.Values.serverOpts }} + {{- end }} + {{- end }} + volumes: + - name: commonconfig-volume + projected: + sources: + - configMap: + name: server-configmap + {{- if eq $.Values.security true }} + - secret: + name: {{ required "A valid server certs is required!" $.Values.secretName }} + {{- end}} + volumeClaimTemplates: + - metadata: + name: core-store + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ required "A valid storage request is required!" $.Values.serverStorage }} diff --git a/terracottabigmemorymax/helm/templates/tc-servers-service.yaml b/terracottabigmemorymax/helm/templates/tc-servers-service.yaml new file mode 100644 index 0000000..8bdbdc0 --- /dev/null +++ b/terracottabigmemorymax/helm/templates/tc-servers-service.yaml @@ -0,0 +1,39 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: v1 +kind: Service +metadata: + name: terracotta-service + namespace: {{ template "kube-terracotta.namespace" . }} + labels: + app: terracotta +{{ include "kube-terracotta.labels" . | indent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: tsa-port + port: 9510 + - name: group-port + port: 9530 + - name: management-port + port: 9540 + selector: + app: terracotta + publishNotReadyAddresses: true diff --git a/terracottabigmemorymax/helm/templates/tmc-service.yaml b/terracottabigmemorymax/helm/templates/tmc-service.yaml new file mode 100644 index 0000000..5c1a1ca --- /dev/null +++ b/terracottabigmemorymax/helm/templates/tmc-service.yaml @@ -0,0 +1,42 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: v1 +kind: Service +metadata: + name: tmc-service + annotations: + prometheus.io/scrape: 'true' + prometheus.io/path: '/tmc/api/prometheus' + namespace: {{ template "kube-terracotta.namespace" . }} + labels: + app: tmc +{{ include "kube-terracotta.labels" . | indent 4 }} +spec: + type: ClusterIP + clusterIP: None + ports: + - name: management-port + port: 9889 + {{- if eq $.Values.security true }} + - name: secure-port + port: 9443 + {{- end }} + selector: + app: tmc + publishNotReadyAddresses: true diff --git a/terracottabigmemorymax/helm/templates/tmc-statefulset.yaml b/terracottabigmemorymax/helm/templates/tmc-statefulset.yaml new file mode 100644 index 0000000..fea9927 --- /dev/null +++ b/terracottabigmemorymax/helm/templates/tmc-statefulset.yaml @@ -0,0 +1,113 @@ +# /* +# * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors +# * +# * SPDX-License-Identifier: Apache-2.0 +# * +# * Licensed under the Apache License, Version 2.0 (the "License"); +# * you may not use this file except in compliance with the License. +# * You may obtain a copy of the License at +# * +# * http://www.apache.org/licenses/LICENSE-2.0 +# * +# * Unless required by applicable law or agreed to in writing, software +# * distributed under the License is distributed on an "AS IS" BASIS, +# * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# * See the License for the specific language governing permissions and +# * limitations under the License. +# * +# */ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: tmc + namespace: {{ template "kube-terracotta.namespace" . }} + labels: + app: tmc +{{ include "kube-terracotta.labels" . | indent 4 }} +spec: + updateStrategy: + type: "OnDelete" + replicas: 1 + selector: + matchLabels: + app: tmc + serviceName: tmc-service + template: + metadata: + labels: + app: tmc + spec: + {{- with .Values.imagePullSecrets }} + imagePullSecrets: + {{- toYaml . | nindent 8 }} + {{- end }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + containers: + - name: tmc-server + image: "{{ $.Values.registry }}/{{ $.Values.tmcImage }}:{{ $.Values.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.pullPolicy | quote }} + readinessProbe: + tcpSocket: + port: 9889 + initialDelaySeconds: 20 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + failureThreshold: {{ $.Values.probeFailureThreshold }} + livenessProbe: + tcpSocket: + port: 9889 + initialDelaySeconds: 20 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + failureThreshold: {{ $.Values.probeFailureThreshold }} + startupProbe: + tcpSocket: + port: 9889 + initialDelaySeconds: 10 + periodSeconds: 30 + successThreshold: 1 + timeoutSeconds: 5 + failureThreshold: {{ $.Values.probeFailureThreshold }} + volumeMounts: + - name: commonconfig-volume + mountPath: /opt/softwareag/config + - name: core-store + mountPath: /opt/softwareag/.tc/mgmt + env: + {{- if eq $.Values.security true }} + {{- if eq $.Values.selfSignedCerts true }} + - name: JAVA_OPTS + value: {{ $.Values.tmcOpts }} -Djavax.net.ssl.keyStore=/opt/softwareag/.tc/mgmt/tmc-0-keystore.jks -Djavax.net.ssl.trustStore=/opt/softwareag/.tc/mgmt/truststore.jks + {{- else }} + - name: JAVA_OPTS + value: {{ $.Values.tmcOpts }} -Djavax.net.ssl.keyStore=/opt/softwareag/.tc/mgmt/tmc-0-keystore.jks + {{- end }} + {{- else }} + {{- if ne $.Values.tmcOpts "" }} + - name: JAVA_OPTS + value: {{ $.Values.tmcOpts }} + {{- end }} + {{- end }} + - name: JSON_LOGGING + value: {{ $.Values.jsonLogging | quote }} + volumes: + - name: commonconfig-volume + projected: + sources: + - configMap: + name: license-configmap + {{- if eq $.Values.security true }} + - secret: + name: {{ required "A valid certs is required!" $.Values.secretName }} + {{- end }} + volumeClaimTemplates: + - metadata: + name: core-store + spec: + accessModes: [ "ReadWriteOnce" ] + resources: + requests: + storage: {{ required "A valid storage request is required!" $.Values.tmcStorage }} diff --git a/terracottabigmemorymax/helm/values.yaml b/terracottabigmemorymax/helm/values.yaml new file mode 100644 index 0000000..a422bb1 --- /dev/null +++ b/terracottabigmemorymax/helm/values.yaml @@ -0,0 +1,69 @@ +# -- The repository for the image. By default, +# this points to the Software AG container repository. +# Change this for air-gaped installations or custom images. +# For the Software AG container repository you need to have a +# valid access token stored as registry credentials +registry: sagcr.azurecr.io +serverImage: terracotta/bigmemorymax-server +tmcImage: terracotta/bigmemorymax-tmc +pullPolicy: IfNotPresent +# -- Specific version to not accidentally change production versions with newer images. +tag: "4.4.0" + +# -- Image pull secret reference. By default looks for `regcred`. +imagePullSecrets: + - name: regcred + +# -- The namespace where the Terracotta cluster will be deployed. +namespaceOverride: "" +# -- Overwrites Chart name of release name in workload name. As default, the workload name is release name + '-' + Chart name. The workload name is at the end release name + '-' + value of `nameOverride`. +nameOverride: "" +# -- Overwrites full workload name. As default, the workload name is release name + '-' + Chart name. +fullnameOverride: "" + +# +# BELOW ARE THE CONFIGURATIONS FOR THE PODS +# + +securityContext: + runAsNonRoot: true + runAsUser: 1724 + runAsGroup: 0 + fsGroup: 0 + +# -- probeFailureThreshold after which a pod is considered failed. +probeFailureThreshold: 3 + +# -- The pvc storage request for the server pods +serverStorage: 10Gi +# -- The pvc storage request for the tmc pods +tmcStorage: 1Gi + +# +# BELOW ARE THE CONFIGURATIONS FOR THE TERRACOTTA SERVERS +# + +# -- The number of Terracotta stripes to deploy. +stripeCount: 2 +# -- The number of Terracotta servers per stripe. +nodeCountPerStripe: 2 +# -- The configuration for each Terracotta server. +datastoreSize: "4G" +# -- The configuration for each Terracotta server. +offHeapSize: "2G" +# -- The configuration for each Terracotta server. +restartable: false +# -- The JSON_LOGGING environment variable for each Terracotta server. +jsonLogging: true +# -- Can be used for passing some jvm related options for terracotta servers. +serverOpts: "" +# -- Can be used for passing some jvm related options for tmc. +tmcOpts: "" +# -- Add the configuration for each Terracotta server. Requires secretName to be set. +security: false +# -- Configure JAVA_OPTS appropriately when using self-signed certificates. +selfSignedCerts: true +# -- Create a secret manually in cluster which contains all the necessary certs, files etc. for all the servers as well as tmc as the same secret will be mounted to all the pods deployed via this helm chart. +secretName: +# -- The license content for the Terracotta cluster. Required. +license: ""