From 598160b53f3460cc5232bea90dacf4b6e93f8258 Mon Sep 17 00:00:00 2001 From: chandler Date: Fri, 24 Jan 2025 15:00:21 -0800 Subject: [PATCH] Stage charts for msgdp-1.4.0 --- charts/msg-ems-tp/Chart.yaml | 6 +- charts/msg-ems-tp/scripts/emsadmin-curl.sh | 2 +- charts/msg-ems-tp/scripts/fix-sample-certs.sh | 2 +- charts/msg-ems-tp/scripts/health-watcher.sh | 2 +- .../msg-ems-tp/scripts/load-ems-init-json.sh | 2 +- charts/msg-ems-tp/scripts/mk-common.conf.sh | 2 +- .../scripts/mk-cp-oauth2.jwks.json.sh | 2 +- .../msg-ems-tp/scripts/mk-fluentbits.conf.sh | 2 +- .../msg-ems-tp/scripts/mk-ftlserver.yaml.sh | 2 +- charts/msg-ems-tp/scripts/mk-output.conf.sh | 2 +- charts/msg-ems-tp/scripts/mk-parsers.conf.sh | 2 +- .../msg-ems-tp/scripts/mk-tibemsd-ftl.json.sh | 4 +- .../msg-ems-tp/scripts/mk-toolset-wd.yaml.sh | 2 +- charts/msg-ems-tp/scripts/mk-watchdog.yaml.sh | 2 +- .../scripts/ops-tibemsadmin-shell.sh | 2 +- charts/msg-ems-tp/scripts/pod-stats.sh | 2 +- charts/msg-ems-tp/scripts/start-admin-api.sh | 4 +- charts/msg-ems-tp/templates/_dp.helpers.tpl | 14 +- .../msg-ems-tp/templates/_ems.dp.helpers.tpl | 41 +- charts/msg-ems-tp/templates/client.cm.yaml | 2 +- charts/msg-ems-tp/templates/ems-init.job.yaml | 11 +- charts/msg-ems-tp/templates/ems-logs.pvc.yaml | 2 +- .../templates/ems-preinstall.job.yaml | 6 +- .../templates/ems-uninstall.job.yaml | 6 +- .../msg-ems-tp/templates/ems-upgrade.job.yaml | 14 +- charts/msg-ems-tp/templates/ems.prom.svc.yaml | 2 +- .../templates/ems.rest.ingress-120.yaml | 42 -- .../templates/ems.rest.ingress.yaml | 5 +- charts/msg-ems-tp/templates/ems.stateful.yaml | 3 +- charts/msg-ems-tp/templates/ems.svc.yaml | 2 +- .../msg-ems-tp/templates/emsactive.svc.yaml | 2 +- charts/msg-ems-tp/templates/params.cm.yaml | 2 +- charts/msg-ems-tp/templates/script.cm.yaml | 2 +- .../msg-ems-tp/templates/toolset.ingress.yaml | 10 +- .../templates/toolset.stateful.yaml | 25 +- charts/msg-ems-tp/values.yaml | 3 +- charts/msg-pulsar-tp/Chart.yaml | 6 +- charts/msg-pulsar-tp/conf/log4j2.yaml | 2 +- .../scripts/bookie-assign-rack.sh | 2 +- .../msg-pulsar-tp/scripts/health-watcher.sh | 2 +- .../msg-pulsar-tp/scripts/mk-bookie-wd.yml.sh | 2 +- .../msg-pulsar-tp/scripts/mk-common.conf.sh | 2 +- .../scripts/mk-fluentbits.conf.sh | 2 +- .../msg-pulsar-tp/scripts/mk-output.conf.sh | 2 +- .../msg-pulsar-tp/scripts/mk-parsers.conf.sh | 2 +- .../scripts/mk-recovery-watchdog.yml.sh | 58 +++ .../scripts/mk-toolset-wd.yaml.sh | 2 +- .../msg-pulsar-tp/scripts/mk-watchdog.yml.sh | 2 +- .../scripts/mk-zk-watchdog.yml.sh | 2 +- .../scripts/ops-pulsar-bash-shell.sh | 2 +- charts/msg-pulsar-tp/scripts/pod-stats.sh | 2 +- .../msg-pulsar-tp/scripts/pulsar-setup.bash | 2 +- .../msg-pulsar-tp/scripts/pulsar-upgrade.sh | 3 +- charts/msg-pulsar-tp/scripts/zk-health.sh | 2 +- .../msg-pulsar-tp/templates/_apd.helpers.tpl | 12 +- .../msg-pulsar-tp/templates/_apd.sizing.tpl | 71 ++- .../msg-pulsar-tp/templates/_dp.helpers.tpl | 14 +- .../templates/apd-upgrade.job.yaml | 21 +- .../msg-pulsar-tp/templates/apd.conf.cm.yaml | 2 +- .../templates/apd.params.cm.yaml | 2 +- .../templates/apd.scripts.cm.yaml | 2 +- .../templates/apd.toolset.ingress.yaml | 8 +- .../templates/autorecovery-statefulset.yaml | 56 ++- .../bookkeeper-cluster-initialize.yaml | 50 +- .../templates/bookkeeper-statefulset.yaml | 21 +- .../templates/broker-statefulset.yaml | 35 +- .../msg-pulsar-tp/templates/dp.client.cm.yaml | 2 +- .../templates/dp.client.svc.yaml | 2 +- .../templates/proxy-statefulset.yaml | 26 +- .../templates/pulsar-cluster-initialize.yaml | 69 ++- .../templates/pulsar-logs.pvc.yaml | 2 +- .../templates/pulsar-uninstall.job.yaml | 8 +- .../templates/toolset-statefulset.yaml | 28 +- .../templates/zookeeper-statefulset.yaml | 10 +- charts/msg-pulsar-tp/values.yaml | 27 +- charts/tp-cp-msg-contrib/Chart.yaml | 6 +- .../recipes/copy-ui-to-cp.sh | 55 --- .../tp-cp-msg-contrib/recipes/emsXlatest.json | 8 - .../recipes/pulsarXlatest.json | 8 - .../scripts/mk-common.conf.sh | 2 +- .../scripts/mk-fluentbits.conf.sh | 2 +- .../scripts/mk-output.conf.sh | 2 +- .../scripts/mk-parsers.conf.sh | 2 +- .../scripts/mk-watchdog.yaml.sh | 2 +- .../scripts/msg-create-ingress.sh | 2 +- .../scripts/msg-web-setup.sh | 8 +- .../templates/_cp.helpers.tpl | 155 ++---- .../templates/_dp.helpers.tpl | 14 +- .../templates/_webserver.helpers.tpl | 25 + .../templates/cp-efs.job.yaml | 68 --- .../templates/msg-webserver-deployment.yaml | 88 ++-- .../templates/msg-webserver-service.yaml | 2 +- .../templates/msg-webserver-tibcoroute.yaml | 2 +- .../templates/recipe.cm.yaml | 15 - .../templates/script.cm.yaml | 2 +- charts/tp-cp-msg-contrib/values.yaml | 23 +- charts/tp-cp-msg-recipes/Chart.yaml | 20 + charts/tp-cp-msg-recipes/LICENSE | 202 ++++++++ charts/tp-cp-msg-recipes/README.md | 5 + .../recipes/copy-ui-to-cp.sh | 86 ++++ .../recipes/emsX1.3.0Xpackage.json | 0 .../recipes/emsX1.3.0Xrecipe.yaml | 2 +- .../recipes/emsX1.4.0Xpackage.json} | 0 .../recipes/emsX1.4.0Xrecipe.yaml} | 6 +- .../tp-cp-msg-recipes/recipes/emsXlatest.json | 8 + .../recipes/emsXversions.json | 12 +- .../recipes/pulsarX1.3.0Xpackage.json | 0 .../recipes/pulsarX1.3.0Xrecipe.yaml | 4 +- .../recipes/pulsarX1.4.0Xpackage.json} | 19 +- .../recipes/pulsarX1.4.0Xrecipe.yaml} | 6 +- .../recipes/pulsarXlatest.json | 8 + .../recipes/pulsarXversions.json | 8 +- .../scripts/mk-common.conf.sh | 121 +++++ .../scripts/mk-fluentbits.conf.sh | 69 +++ .../scripts/mk-output.conf.sh | 28 ++ .../scripts/mk-parsers.conf.sh | 19 + .../scripts/mk-watchdog.yaml.sh | 33 ++ .../scripts/msg-web-setup.sh | 109 ++++ .../templates/_cp.helpers.tpl | 261 ++++++++++ .../templates/_dp.helpers.tpl | 466 ++++++++++++++++++ .../templates/_recipes.helpers.tpl | 26 + .../templates/cp-efs.job.yaml | 93 ++++ .../templates/recipes-preinstall.job.yaml | 151 ++++++ charts/tp-cp-msg-recipes/values.yaml | 75 +++ 124 files changed, 2572 insertions(+), 557 deletions(-) delete mode 100644 charts/msg-ems-tp/templates/ems.rest.ingress-120.yaml create mode 100644 charts/msg-pulsar-tp/scripts/mk-recovery-watchdog.yml.sh delete mode 100644 charts/tp-cp-msg-contrib/recipes/copy-ui-to-cp.sh delete mode 100644 charts/tp-cp-msg-contrib/recipes/emsXlatest.json delete mode 100644 charts/tp-cp-msg-contrib/recipes/pulsarXlatest.json create mode 100644 charts/tp-cp-msg-contrib/templates/_webserver.helpers.tpl delete mode 100644 charts/tp-cp-msg-contrib/templates/cp-efs.job.yaml delete mode 100644 charts/tp-cp-msg-contrib/templates/recipe.cm.yaml create mode 100644 charts/tp-cp-msg-recipes/Chart.yaml create mode 100644 charts/tp-cp-msg-recipes/LICENSE create mode 100644 charts/tp-cp-msg-recipes/README.md create mode 100644 charts/tp-cp-msg-recipes/recipes/copy-ui-to-cp.sh rename charts/{tp-cp-msg-contrib => tp-cp-msg-recipes}/recipes/emsX1.3.0Xpackage.json (100%) rename charts/{tp-cp-msg-contrib => tp-cp-msg-recipes}/recipes/emsX1.3.0Xrecipe.yaml (91%) rename charts/{tp-cp-msg-contrib/recipes/emsX1.2.0Xpackage.json => tp-cp-msg-recipes/recipes/emsX1.4.0Xpackage.json} (100%) rename charts/{tp-cp-msg-contrib/recipes/emsX1.2.0Xrecipe.yaml => tp-cp-msg-recipes/recipes/emsX1.4.0Xrecipe.yaml} (82%) create mode 100644 charts/tp-cp-msg-recipes/recipes/emsXlatest.json rename charts/{tp-cp-msg-contrib => tp-cp-msg-recipes}/recipes/emsXversions.json (54%) rename charts/{tp-cp-msg-contrib => tp-cp-msg-recipes}/recipes/pulsarX1.3.0Xpackage.json (100%) rename charts/{tp-cp-msg-contrib => tp-cp-msg-recipes}/recipes/pulsarX1.3.0Xrecipe.yaml (89%) rename charts/{tp-cp-msg-contrib/recipes/pulsarX1.2.0Xpackage.json => tp-cp-msg-recipes/recipes/pulsarX1.4.0Xpackage.json} (67%) rename charts/{tp-cp-msg-contrib/recipes/pulsarX1.2.0Xrecipe.yaml => tp-cp-msg-recipes/recipes/pulsarX1.4.0Xrecipe.yaml} (84%) create mode 100644 charts/tp-cp-msg-recipes/recipes/pulsarXlatest.json rename charts/{tp-cp-msg-contrib => tp-cp-msg-recipes}/recipes/pulsarXversions.json (70%) create mode 100644 charts/tp-cp-msg-recipes/scripts/mk-common.conf.sh create mode 100644 charts/tp-cp-msg-recipes/scripts/mk-fluentbits.conf.sh create mode 100644 charts/tp-cp-msg-recipes/scripts/mk-output.conf.sh create mode 100644 charts/tp-cp-msg-recipes/scripts/mk-parsers.conf.sh create mode 100644 charts/tp-cp-msg-recipes/scripts/mk-watchdog.yaml.sh create mode 100644 charts/tp-cp-msg-recipes/scripts/msg-web-setup.sh create mode 100644 charts/tp-cp-msg-recipes/templates/_cp.helpers.tpl create mode 100644 charts/tp-cp-msg-recipes/templates/_dp.helpers.tpl create mode 100644 charts/tp-cp-msg-recipes/templates/_recipes.helpers.tpl create mode 100644 charts/tp-cp-msg-recipes/templates/cp-efs.job.yaml create mode 100644 charts/tp-cp-msg-recipes/templates/recipes-preinstall.job.yaml create mode 100644 charts/tp-cp-msg-recipes/values.yaml diff --git a/charts/msg-ems-tp/Chart.yaml b/charts/msg-ems-tp/Chart.yaml index 46f85879..76b261c4 100644 --- a/charts/msg-ems-tp/Chart.yaml +++ b/charts/msg-ems-tp/Chart.yaml @@ -1,14 +1,14 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # apiVersion: v2 -appVersion: "10.3.0-35" +appVersion: "10.3.0-36" description: Data-plane provisioning chart for EMS server group name: msg-ems-tp -version: "1.3.18" +version: "1.4.20" maintainers: - email: tcm@tibco.com name: TIBCO Cloud Messaging Team diff --git a/charts/msg-ems-tp/scripts/emsadmin-curl.sh b/charts/msg-ems-tp/scripts/emsadmin-curl.sh index e56c465b..aa49c44a 100644 --- a/charts/msg-ems-tp/scripts/emsadmin-curl.sh +++ b/charts/msg-ems-tp/scripts/emsadmin-curl.sh @@ -1,5 +1,5 @@ #!/bin/bash -# Copyright (c) 2023-2024 Cloud Software Group, Inc. All Rights Reserved. Confidential and Proprietary. +# Copyright (c) 2023-2025 Cloud Software Group, Inc. All Rights Reserved. Confidential and Proprietary. base="$(cd "${0%/*}" 2>/dev/null; echo "$PWD")" cmd="${0##*/}" diff --git a/charts/msg-ems-tp/scripts/fix-sample-certs.sh b/charts/msg-ems-tp/scripts/fix-sample-certs.sh index 02de77c8..750ba1bb 100644 --- a/charts/msg-ems-tp/scripts/fix-sample-certs.sh +++ b/charts/msg-ems-tp/scripts/fix-sample-certs.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/health-watcher.sh b/charts/msg-ems-tp/scripts/health-watcher.sh index 48417321..84387804 100644 --- a/charts/msg-ems-tp/scripts/health-watcher.sh +++ b/charts/msg-ems-tp/scripts/health-watcher.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/load-ems-init-json.sh b/charts/msg-ems-tp/scripts/load-ems-init-json.sh index da00ef2d..6ac7ab57 100644 --- a/charts/msg-ems-tp/scripts/load-ems-init-json.sh +++ b/charts/msg-ems-tp/scripts/load-ems-init-json.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-common.conf.sh b/charts/msg-ems-tp/scripts/mk-common.conf.sh index 69ef0705..8bb37d4a 100644 --- a/charts/msg-ems-tp/scripts/mk-common.conf.sh +++ b/charts/msg-ems-tp/scripts/mk-common.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-cp-oauth2.jwks.json.sh b/charts/msg-ems-tp/scripts/mk-cp-oauth2.jwks.json.sh index d18ab4e4..cb92149e 100644 --- a/charts/msg-ems-tp/scripts/mk-cp-oauth2.jwks.json.sh +++ b/charts/msg-ems-tp/scripts/mk-cp-oauth2.jwks.json.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-fluentbits.conf.sh b/charts/msg-ems-tp/scripts/mk-fluentbits.conf.sh index c99a6952..208aa7b7 100644 --- a/charts/msg-ems-tp/scripts/mk-fluentbits.conf.sh +++ b/charts/msg-ems-tp/scripts/mk-fluentbits.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-ftlserver.yaml.sh b/charts/msg-ems-tp/scripts/mk-ftlserver.yaml.sh index df20a00b..9d8f4ce8 100644 --- a/charts/msg-ems-tp/scripts/mk-ftlserver.yaml.sh +++ b/charts/msg-ems-tp/scripts/mk-ftlserver.yaml.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-output.conf.sh b/charts/msg-ems-tp/scripts/mk-output.conf.sh index f3d56316..b360f7fd 100644 --- a/charts/msg-ems-tp/scripts/mk-output.conf.sh +++ b/charts/msg-ems-tp/scripts/mk-output.conf.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-parsers.conf.sh b/charts/msg-ems-tp/scripts/mk-parsers.conf.sh index f2018743..f4214a39 100644 --- a/charts/msg-ems-tp/scripts/mk-parsers.conf.sh +++ b/charts/msg-ems-tp/scripts/mk-parsers.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-tibemsd-ftl.json.sh b/charts/msg-ems-tp/scripts/mk-tibemsd-ftl.json.sh index 7a087847..ba885c2d 100644 --- a/charts/msg-ems-tp/scripts/mk-tibemsd-ftl.json.sh +++ b/charts/msg-ems-tp/scripts/mk-tibemsd-ftl.json.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -137,7 +137,7 @@ cat - < $outfile "user_auth": "local,oauth2", "oauth2_server_validation_key": "/data/boot/cp-oauth2.jwks.json", "oauth2_user_claim": "email", - "oauth2_group_claim": "rolX", + "oauth2_group_claim": "gsbc", "always_exit_on_disk_error":true, "authorization":false, "console_trace": "DEFAULT,+CONNECT", diff --git a/charts/msg-ems-tp/scripts/mk-toolset-wd.yaml.sh b/charts/msg-ems-tp/scripts/mk-toolset-wd.yaml.sh index eeabeafe..57064aa4 100644 --- a/charts/msg-ems-tp/scripts/mk-toolset-wd.yaml.sh +++ b/charts/msg-ems-tp/scripts/mk-toolset-wd.yaml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/mk-watchdog.yaml.sh b/charts/msg-ems-tp/scripts/mk-watchdog.yaml.sh index 9ffed872..51bc59d0 100644 --- a/charts/msg-ems-tp/scripts/mk-watchdog.yaml.sh +++ b/charts/msg-ems-tp/scripts/mk-watchdog.yaml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/ops-tibemsadmin-shell.sh b/charts/msg-ems-tp/scripts/ops-tibemsadmin-shell.sh index c1319d57..e775bed6 100644 --- a/charts/msg-ems-tp/scripts/ops-tibemsadmin-shell.sh +++ b/charts/msg-ems-tp/scripts/ops-tibemsadmin-shell.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/pod-stats.sh b/charts/msg-ems-tp/scripts/pod-stats.sh index 5f4ee56b..4fb50783 100644 --- a/charts/msg-ems-tp/scripts/pod-stats.sh +++ b/charts/msg-ems-tp/scripts/pod-stats.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/scripts/start-admin-api.sh b/charts/msg-ems-tp/scripts/start-admin-api.sh index c2065f6d..15214910 100644 --- a/charts/msg-ems-tp/scripts/start-admin-api.sh +++ b/charts/msg-ems-tp/scripts/start-admin-api.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -56,7 +56,7 @@ proxy: - ":$emsAdminPort" session_timeout: 86400 session_inactivity_timeout: 3600 - page_limit: 100 + page_limit: 0 disable_tls: true certificate: /opt/tibco/ems/current-version/samples/certs/server.cert.pem private_key: /opt/tibco/ems/current-version/samples/certs/server.key.p8 diff --git a/charts/msg-ems-tp/templates/_dp.helpers.tpl b/charts/msg-ems-tp/templates/_dp.helpers.tpl index 74ad4bc0..c83896ab 100644 --- a/charts/msg-ems-tp/templates/_dp.helpers.tpl +++ b/charts/msg-ems-tp/templates/_dp.helpers.tpl @@ -2,7 +2,7 @@ {{/* MSG DP Common Helpers # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -36,6 +36,7 @@ need.msg.dp.params {{- $instanceId := "no-instanceId" -}} {{- $fluentbitEnabled := .Values.global.cp.logging.fluentbit.enabled -}} {{- $enableClusterScopedPerm := .Values.global.cp.enableClusterScopedPerm -}} + {{- $enableResourceConstraints := .Values.global.cp.enableResourceConstraints -}} {{- $enableSecurityContext := true -}} {{- $enableHaproxy := true -}} # These 3 are currently unused! @@ -116,6 +117,9 @@ need.msg.dp.params {{- if hasKey .Values.dp "enableClusterScopedPerm" -}} {{- $enableClusterScopedPerm = .Values.dp.enableClusterScopedPerm -}} {{- end -}} + {{- if hasKey .Values.dp "enableResourceConstraints" -}} + {{- $enableResourceConstraints = .Values.dp.enableResourceConstraints -}} + {{- end -}} {{- if hasKey .Values.dp "enableSecurityContext" -}} {{- $enableSecurityContext = .Values.dp.enableSecurityContext -}} {{- end -}} @@ -146,6 +150,7 @@ dp: chart: {{ printf "%s-%s" .Chart.Name .Chart.Version }} fluentbitEnabled: {{ $fluentbitEnabled }} enableClusterScopedPerm: {{ $enableClusterScopedPerm }} + enableResourceConstraints: {{ $enableResourceConstraints }} enableSecurityContext: {{ $enableSecurityContext }} enableHaproxy: {{ $enableHaproxy }} {{- end }} @@ -178,7 +183,7 @@ note: tib-msg-stsname will be added directly in statefulset charts, as it needs */}} {{- define "msg.dpparams.labels" }} tib-dp-release: {{ .dp.release }} -tib-dp-msgbuild: "1.3.0.18" +tib-dp-msgbuild: "1.4.0.20" tib-dp-chart: {{ .dp.chart }} tib-dp-workload-type: "capability-service" tib-dp-dataplane-id: "{{ .dp.name }}" @@ -438,6 +443,7 @@ securityContext: capabilities: drop: - ALL + - CAP_NET_RAW readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} @@ -450,7 +456,9 @@ securityContext: capabilities: drop: - ALL - readOnlyRootFilesystem: false + - CAP_NET_RAW + # readOnlyRootFilesystem: false + readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} {{- end }} diff --git a/charts/msg-ems-tp/templates/_ems.dp.helpers.tpl b/charts/msg-ems-tp/templates/_ems.dp.helpers.tpl index 011d431a..d5bfb149 100644 --- a/charts/msg-ems-tp/templates/_ems.dp.helpers.tpl +++ b/charts/msg-ems-tp/templates/_ems.dp.helpers.tpl @@ -2,7 +2,7 @@ {{/* MSGDP EMS Helpers # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -14,7 +14,7 @@ need.msg.ems.params */}} {{ define "need.msg.ems.params" }} {{- $dpParams := include "need.msg.dp.params" . | fromYaml -}} -{{- $emsDefaultFullImage := printf "%s/%s/msg-ems-all:10.3.0-35" $dpParams.dp.registry $dpParams.dp.repo -}} +{{- $emsDefaultFullImage := printf "%s/%s/msg-ems-all:10.3.0-36" $dpParams.dp.registry $dpParams.dp.repo -}} {{- $opsDefaultFullImage := printf "%s/%s/msg-tp-ops:1.2.0-4" $dpParams.dp.registry $dpParams.dp.repo -}} # Set EMS defaults {{- $name := ternary .Release.Name .Values.ems.name ( not .Values.ems.name ) -}} @@ -158,6 +158,7 @@ ems: allowNodeSkew: "{{ .Values.ems.allowNodeSkew | default $allowNodeSkew }}" allowZoneSkew: "{{ .Values.ems.allowZoneSkew | default $allowZoneSkew }}" resources: + {{ if $dpParams.dp.enableResourceConstraints }} {{ if .Values.ems.resources }} {{ .Values.ems.resources | toYaml | indent 4 }} {{ else }} @@ -168,6 +169,7 @@ ems: memory: {{ $memLim }} cpu: {{ $cpuLim }} {{ end }} + {{ end }} # Computed settings below, not intended for user changes # use -pods instead of -headless to avoid reducing STS name size stsname: "{{ $name }}-ems" @@ -184,6 +186,33 @@ ems: toolset: lbHost: "nlbNameHere" enableIngress: true + resources: + {{ if $dpParams.dp.enableResourceConstraints }} + {{ if and .Values.toolset .Values.toolset.resources }} +{{ .Values.toolset.resources | toYaml | indent 4 }} + {{ else }} + requests: + memory: "0.5Gi" + cpu: "0.1" + limits: + memory: "4Gi" + cpu: "3" + {{ end }} + {{ end }} +job: + resources: + {{ if $dpParams.dp.enableResourceConstraints }} + {{ if and .Values.job .Values.job.resources }} +{{ .Values.job.resources | toYaml | indent 4 }} + {{ else }} + requests: + memory: "0.5Gi" + cpu: "0.1" + limits: + memory: "1Gi" + cpu: "1" + {{ end }} + {{ end }} securityProfile: "{{ .Values.ems.securityProfile | default "ems" }}" {{ end }} @@ -201,8 +230,8 @@ tib-msg-ems-use: "{{ .ems.use }}" app.kubernetes.io/name: "ems" platform.tibco.com/app-type: "msg-ems" app.kubernetes.io/part-of: "{{ .ems.name }}" -platform.tibco.com/app.resources.requests.cpu: {{ .ems.resources.requests.cpu | default "100m" | quote }} -platform.tibco.com/app.resources.requests.memory: {{ .ems.resources.requests.memory | default "128Mi" | quote }} -platform.tibco.com/app.resources.limits.cpu: {{ .ems.resources.limits.cpu | default "3" | quote }} -platform.tibco.com/app.resources.limits.memory: {{ .ems.resources.limits.memory | default "4Gi" | quote }} +platform.tibco.com/app.resources.requests.cpu: {{ if and .ems.resources .ems.resources.requests -}} {{ .ems.resources.requests.cpu | default "100m" | quote }} {{- else -}} "100m" {{- end }} +platform.tibco.com/app.resources.requests.memory: {{ if and .ems.resources .ems.resources.requests -}} {{ .ems.resources.requests.memory | default "128Mi" | quote }} {{- else -}} "128Mi" {{- end }} +platform.tibco.com/app.resources.limits.cpu: {{ if and .ems.resources .ems.resources.limits -}} {{ .ems.resources.limits.cpu | default "3" | quote }} {{- else -}} "3" {{- end }} +platform.tibco.com/app.resources.limits.memory: {{ if and .ems.resources .ems.resources.limits -}} {{ .ems.resources.limits.memory | default "4Gi" | quote }} {{- else -}} "4Gi" {{- end }} {{- end }} diff --git a/charts/msg-ems-tp/templates/client.cm.yaml b/charts/msg-ems-tp/templates/client.cm.yaml index 8724b478..88d04e77 100644 --- a/charts/msg-ems-tp/templates/client.cm.yaml +++ b/charts/msg-ems-tp/templates/client.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/ems-init.job.yaml b/charts/msg-ems-tp/templates/ems-init.job.yaml index e6cbd930..03938c5f 100644 --- a/charts/msg-ems-tp/templates/ems-init.job.yaml +++ b/charts/msg-ems-tp/templates/ems-init.job.yaml @@ -1,6 +1,6 @@ {{- if .Release.IsInstall }} # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -54,6 +54,7 @@ spec: - name: {{ $emsParams.dp.pullSecret }} {{- end }} serviceAccountName: "{{ $emsParams.dp.serviceAccount }}" + {{ include "msg.dp.security.pod" $emsParams | nindent 12 }} restartPolicy: Never volumes: - name: scripts-vol @@ -67,6 +68,9 @@ spec: {{ else }} emptyDir: {} {{ end }} + - name: "ems-data" + # TODO: Support PVCdata during init + emptyDir: {} terminationGracePeriodSeconds: 10 containers: - name: "main" @@ -78,6 +82,9 @@ spec: bash < /boot/load-ems-init-json.sh ; image: "{{ $emsParams.ems.image }}" imagePullPolicy: "{{ $emsParams.dp.pullPolicy }}" + resources: +{{ $emsParams.job.resources | toYaml | indent 18 }} + {{ include "msg.dp.security.container" $emsParams | nindent 16 }} volumeMounts: - mountPath: /boot name: scripts-vol @@ -86,6 +93,8 @@ spec: {{ if eq "sharedPvc" $emsParams.ems.logs.storageType }} subPathExpr: "$(MY_RELEASE)/logs" {{ end }} + - mountPath: /data + name: ems-data envFrom: - secretRef: name: "{{ $emsParams.ems.name }}-tibadmin" diff --git a/charts/msg-ems-tp/templates/ems-logs.pvc.yaml b/charts/msg-ems-tp/templates/ems-logs.pvc.yaml index e98e4013..b9d5ab56 100644 --- a/charts/msg-ems-tp/templates/ems-logs.pvc.yaml +++ b/charts/msg-ems-tp/templates/ems-logs.pvc.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/ems-preinstall.job.yaml b/charts/msg-ems-tp/templates/ems-preinstall.job.yaml index 8e168bcb..84bd744d 100644 --- a/charts/msg-ems-tp/templates/ems-preinstall.job.yaml +++ b/charts/msg-ems-tp/templates/ems-preinstall.job.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -50,6 +50,7 @@ spec: - name: {{ $emsParams.dp.pullSecret }} {{- end }} serviceAccountName: "{{ $emsParams.dp.serviceAccount }}" + {{ include "msg.dp.security.pod" $emsParams | nindent 12 }} restartPolicy: Never terminationGracePeriodSeconds: 10 containers: @@ -70,6 +71,9 @@ spec: fi ; image: "{{ $emsParams.ems.image }}" imagePullPolicy: "{{ $emsParams.dp.pullPolicy }}" + resources: +{{ $emsParams.job.resources | toYaml | indent 18 }} + {{ include "msg.dp.security.container" $emsParams | nindent 16 }} env: # CAUTION! Setting Names here overrides envFrom values {{ include "msg.dp.stdenv" $emsParams | indent 16 }} diff --git a/charts/msg-ems-tp/templates/ems-uninstall.job.yaml b/charts/msg-ems-tp/templates/ems-uninstall.job.yaml index 376754fb..8bb17cfe 100644 --- a/charts/msg-ems-tp/templates/ems-uninstall.job.yaml +++ b/charts/msg-ems-tp/templates/ems-uninstall.job.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -51,6 +51,7 @@ spec: - name: {{ $emsParams.dp.pullSecret }} {{- end }} serviceAccountName: "{{ $emsParams.dp.serviceAccount }}" + {{ include "msg.dp.security.pod" $emsParams | nindent 12 }} restartPolicy: Never # volumes: # - name: scripts-vol @@ -83,6 +84,9 @@ spec: image: "{{ $emsParams.ems.image }}" imagePullPolicy: "{{ $emsParams.dp.pullPolicy }}" + resources: +{{ $emsParams.job.resources | toYaml | indent 18 }} + {{ include "msg.dp.security.container" $emsParams | nindent 16 }} # volumeMounts: # - mountPath: /boot # name: scripts-vol diff --git a/charts/msg-ems-tp/templates/ems-upgrade.job.yaml b/charts/msg-ems-tp/templates/ems-upgrade.job.yaml index d6e2ba91..765fc5ff 100644 --- a/charts/msg-ems-tp/templates/ems-upgrade.job.yaml +++ b/charts/msg-ems-tp/templates/ems-upgrade.job.yaml @@ -1,6 +1,6 @@ {{ if .Release.IsUpgrade }} # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -50,6 +50,7 @@ spec: - name: {{ $emsParams.dp.pullSecret }} {{- end }} serviceAccountName: "{{ $emsParams.dp.serviceAccount }}" + {{ include "msg.dp.security.pod" $emsParams | nindent 10 }} restartPolicy: Never volumes: - name: scripts-vol @@ -62,6 +63,9 @@ spec: {{ else }} emptyDir: {} {{ end }} + - name: "ems-data" + # TODO: Support PVCdata during init + emptyDir: {} terminationGracePeriodSeconds: 10 containers: - name: "main" @@ -70,6 +74,7 @@ spec: - > ( mkdir -p /data/boot ; cd /data/boot ; for x in /boot/mk-*.sh ; do bash < $x ; done | tee boot.out ) ; + mkdir -p /logs/boot ; cd /logs/boot ; bash < /boot/fix-sample-certs.sh ; echo "Upgrading pods ..." ; kubectl get pods -l=tib-msg-stsname={{ $stsname }} | egrep -v NAME | while read x o ; do @@ -81,6 +86,9 @@ spec: bash < /boot/health-watcher.sh image: "{{ $emsParams.ems.image }}" imagePullPolicy: "{{ $emsParams.dp.pullPolicy }}" + resources: + {{ $emsParams.job.resources | toYaml | nindent 16 }} + {{ include "msg.dp.security.container" $emsParams | nindent 14 }} volumeMounts: - mountPath: /boot name: scripts-vol @@ -89,9 +97,11 @@ spec: {{ if eq "sharedPvc" $emsParams.ems.logs.storageType }} subPathExpr: "$(MY_RELEASE)/logs" {{ end }} + - mountPath: /data + name: ems-data env: # CAUTION! Setting Names here overrides envFrom values - {{ include "msg.dp.stdenv" $emsParams | indent 14 }} + {{ include "msg.dp.stdenv" $emsParams | nindent 14 }} - name: ACCEPT_EUA value: "y" - name: STS_NAME diff --git a/charts/msg-ems-tp/templates/ems.prom.svc.yaml b/charts/msg-ems-tp/templates/ems.prom.svc.yaml index bacab005..aa8b032c 100644 --- a/charts/msg-ems-tp/templates/ems.prom.svc.yaml +++ b/charts/msg-ems-tp/templates/ems.prom.svc.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/ems.rest.ingress-120.yaml b/charts/msg-ems-tp/templates/ems.rest.ingress-120.yaml deleted file mode 100644 index 3b46d305..00000000 --- a/charts/msg-ems-tp/templates/ems.rest.ingress-120.yaml +++ /dev/null @@ -1,42 +0,0 @@ -# -# Copyright (c) 2023-2024. Cloud Software Group, Inc. -# This file is subject to the license terms contained -# in the license file that is distributed with this file. -# - -# -# HELPER VARIABLE DEFINITIONS -{{- $emsParams := include "need.msg.ems.params" . | fromYaml -}} -{{- $svcFtl := printf "%s-%s" $emsParams.ems.name "ftl" -}} -{{- $svcEms := printf "%s-%s" $emsParams.ems.name "ems" -}} -{{- $svcProm := printf "%s-%s" $emsParams.ems.name "prom" -}} -{{- $stsname := printf "%s-%s" $emsParams.ems.name "ems" -}} -# NOTE: $svcProm is deprecated, use $name-metric-server starting in 1.1 in ems.prom.svc.yaml -# -{{- if $emsParams.dp.enableHaproxy }} -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: "{{ $svcEms }}-admin-120" - namespace: {{ .Release.Namespace }} - annotations: - ingress.kubernetes.io/path-rewrite: '/tibco/msg/ems/{{ $emsParams.dp.instanceId }}/rest/(.*) /\1' - labels: - {{ include "msg.dp.labels" . | indent 4 }} - {{ include "ems.std.labels" $emsParams | indent 4 }} - app.kubernetes.io/name: ems-rest - app.kubernetes.io/component: msg-ems - app.kubernetes.io/part-of: msg -spec: - ingressClassName: tibco-dp-{{ $emsParams.dp.name }} - rules: - - http: - paths: - - pathType: Prefix - path: /tibco/msg/ems/{{ $emsParams.dp.instanceId }}/rest/ - backend: - service: - name: "{{ $svcEms }}active" - port: - number: {{ int $emsParams.ems.ports.adminPort }} -{{- end }} diff --git a/charts/msg-ems-tp/templates/ems.rest.ingress.yaml b/charts/msg-ems-tp/templates/ems.rest.ingress.yaml index 75d8b541..817ded67 100644 --- a/charts/msg-ems-tp/templates/ems.rest.ingress.yaml +++ b/charts/msg-ems-tp/templates/ems.rest.ingress.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -30,7 +30,8 @@ metadata: spec: ingressClassName: tibco-dp-{{ $emsParams.dp.name }} rules: - - http: + - host: "dp-{{ .Values.global.cp.dataplaneId }}.platform.local" + http: paths: - pathType: Prefix path: /tibco/agent/msg/ems/{{ $emsParams.dp.instanceId }}/rest/ diff --git a/charts/msg-ems-tp/templates/ems.stateful.yaml b/charts/msg-ems-tp/templates/ems.stateful.yaml index 35d1480d..156f65cb 100644 --- a/charts/msg-ems-tp/templates/ems.stateful.yaml +++ b/charts/msg-ems-tp/templates/ems.stateful.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -43,6 +43,7 @@ metadata: # isInQuorum="http://localhost:9013/api/v1/available" platform.tibco.com/quorum-strategy: "{{ $emsParams.ems.quorumStrategy | default "none" }}" platform.tibco.com/replica-min: "{{ $emsParams.ems.replicas }}" + platform.tibco.com/replica-max: "{{ $emsParams.ems.replicas }}" platform.tibco.com/leader-endpoint: "{{ $emsParams.ems.isLeader | default "none" }}" platform.tibco.com/is-in-quorum: "{{ $emsParams.ems.isInQuorum | default "none" }}" spec: diff --git a/charts/msg-ems-tp/templates/ems.svc.yaml b/charts/msg-ems-tp/templates/ems.svc.yaml index 05fd4610..90fd7ce0 100644 --- a/charts/msg-ems-tp/templates/ems.svc.yaml +++ b/charts/msg-ems-tp/templates/ems.svc.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/emsactive.svc.yaml b/charts/msg-ems-tp/templates/emsactive.svc.yaml index a139d9a9..d519d18a 100644 --- a/charts/msg-ems-tp/templates/emsactive.svc.yaml +++ b/charts/msg-ems-tp/templates/emsactive.svc.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/params.cm.yaml b/charts/msg-ems-tp/templates/params.cm.yaml index 427369e1..7c246bea 100644 --- a/charts/msg-ems-tp/templates/params.cm.yaml +++ b/charts/msg-ems-tp/templates/params.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/script.cm.yaml b/charts/msg-ems-tp/templates/script.cm.yaml index f1b8307e..ea6e4a57 100644 --- a/charts/msg-ems-tp/templates/script.cm.yaml +++ b/charts/msg-ems-tp/templates/script.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-ems-tp/templates/toolset.ingress.yaml b/charts/msg-ems-tp/templates/toolset.ingress.yaml index 56cc757f..1c268c4b 100644 --- a/charts/msg-ems-tp/templates/toolset.ingress.yaml +++ b/charts/msg-ems-tp/templates/toolset.ingress.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -13,7 +13,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: "{{ $stsname }}-old" + name: "{{ $stsname }}-api" namespace: {{ .Release.Namespace }} annotations: ingress.kubernetes.io/path-rewrite: '/tibco/agent/msg/ems/{{ $emsParams.dp.instanceId }}/toolset/(.*) /\1' @@ -25,7 +25,8 @@ metadata: spec: ingressClassName: tibco-dp-{{ $emsParams.dp.name }} rules: - - http: + - host: "dp-{{ .Values.global.cp.dataplaneId }}.platform.local" + http: paths: - pathType: Prefix path: /tibco/agent/msg/ems/{{ $emsParams.dp.instanceId }}/toolset/ @@ -50,7 +51,8 @@ metadata: spec: ingressClassName: tibco-dp-{{ $emsParams.dp.name }} rules: - - http: + - host: "{{ .Values.global.cp.cpHostname }}" + http: paths: - pathType: Prefix path: /tibco/agent/msg/ops/shell/ems/{{ $emsParams.dp.instanceId }}/toolset/ diff --git a/charts/msg-ems-tp/templates/toolset.stateful.yaml b/charts/msg-ems-tp/templates/toolset.stateful.yaml index e6e98d14..a274ca50 100644 --- a/charts/msg-ems-tp/templates/toolset.stateful.yaml +++ b/charts/msg-ems-tp/templates/toolset.stateful.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -77,12 +77,7 @@ spec: image: "{{ $emsParams.ems.image }}" imagePullPolicy: "{{ $emsParams.dp.pullPolicy }}" resources: - requests: - memory: "0.5Gi" - cpu: "0.1" - limits: - memory: "4Gi" - cpu: "3" +{{ $emsParams.toolset.resources | toYaml | indent 16 }} # exec /usr/local/watchdog/bin/wait-for-shutdown.sh ; # exec /usr/local/watchdog/bin/watchdog ; # cd /app ; exec /app/cloudshell ; @@ -111,6 +106,22 @@ spec: containerPort: {{ int $emsParams.ems.ports.loggerPort }} protocol: TCP {{ include "msg.dp.security.container" $emsParams | nindent 14 }} + livenessProbe: + httpGet: + path: /healthz + port: 8376 + initialDelaySeconds: 3 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 4 + readinessProbe: + httpGet: + path: /readyz + port: 8376 + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 volumeMounts: - mountPath: /boot {{ include "msg.pv.vol.mount" $emsParams.ems.boot | nindent 16 }} diff --git a/charts/msg-ems-tp/values.yaml b/charts/msg-ems-tp/values.yaml index 86206547..944c721c 100644 --- a/charts/msg-ems-tp/values.yaml +++ b/charts/msg-ems-tp/values.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -9,6 +9,7 @@ global: dataplaneId: instanceId: enableClusterScopedPerm: true + enableResourceConstraints: true logging: fluentbit: enabled: true diff --git a/charts/msg-pulsar-tp/Chart.yaml b/charts/msg-pulsar-tp/Chart.yaml index b95cd043..01b4432e 100644 --- a/charts/msg-pulsar-tp/Chart.yaml +++ b/charts/msg-pulsar-tp/Chart.yaml @@ -1,14 +1,14 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # apiVersion: v2 -appVersion: "3.0.2-32" +appVersion: "3.0.2-36" description: Data-plane provisioning chart for Pulsar server group name: msg-pulsar-tp -version: "1.3.18" +version: "1.4.20" maintainers: - email: tcm@tibco.com name: TIBCO Cloud Messaging Team diff --git a/charts/msg-pulsar-tp/conf/log4j2.yaml b/charts/msg-pulsar-tp/conf/log4j2.yaml index dcd6b330..a7cae454 100644 --- a/charts/msg-pulsar-tp/conf/log4j2.yaml +++ b/charts/msg-pulsar-tp/conf/log4j2.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/bookie-assign-rack.sh b/charts/msg-pulsar-tp/scripts/bookie-assign-rack.sh index 641e00d1..25845de6 100644 --- a/charts/msg-pulsar-tp/scripts/bookie-assign-rack.sh +++ b/charts/msg-pulsar-tp/scripts/bookie-assign-rack.sh @@ -2,7 +2,7 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/health-watcher.sh b/charts/msg-pulsar-tp/scripts/health-watcher.sh index 9fafdcf0..e6ccfcac 100644 --- a/charts/msg-pulsar-tp/scripts/health-watcher.sh +++ b/charts/msg-pulsar-tp/scripts/health-watcher.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-bookie-wd.yml.sh b/charts/msg-pulsar-tp/scripts/mk-bookie-wd.yml.sh index a2101ef6..24d5b763 100644 --- a/charts/msg-pulsar-tp/scripts/mk-bookie-wd.yml.sh +++ b/charts/msg-pulsar-tp/scripts/mk-bookie-wd.yml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-common.conf.sh b/charts/msg-pulsar-tp/scripts/mk-common.conf.sh index aa091a04..39e31464 100644 --- a/charts/msg-pulsar-tp/scripts/mk-common.conf.sh +++ b/charts/msg-pulsar-tp/scripts/mk-common.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-fluentbits.conf.sh b/charts/msg-pulsar-tp/scripts/mk-fluentbits.conf.sh index 4ac6203b..8386cf2f 100644 --- a/charts/msg-pulsar-tp/scripts/mk-fluentbits.conf.sh +++ b/charts/msg-pulsar-tp/scripts/mk-fluentbits.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-output.conf.sh b/charts/msg-pulsar-tp/scripts/mk-output.conf.sh index d8aae8b4..96d50a02 100644 --- a/charts/msg-pulsar-tp/scripts/mk-output.conf.sh +++ b/charts/msg-pulsar-tp/scripts/mk-output.conf.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-parsers.conf.sh b/charts/msg-pulsar-tp/scripts/mk-parsers.conf.sh index 697b1687..dd43850b 100644 --- a/charts/msg-pulsar-tp/scripts/mk-parsers.conf.sh +++ b/charts/msg-pulsar-tp/scripts/mk-parsers.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-recovery-watchdog.yml.sh b/charts/msg-pulsar-tp/scripts/mk-recovery-watchdog.yml.sh new file mode 100644 index 00000000..b8a557f7 --- /dev/null +++ b/charts/msg-pulsar-tp/scripts/mk-recovery-watchdog.yml.sh @@ -0,0 +1,58 @@ +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +export MY_POD_NAME="${MY_POD_NAME:-$(hostname)}" +outfile=${1:-recovery-watchdog.yml} +cat - < $outfile +services: + - name: main + config: + cmd: ${WATCHDOG_MAIN} ${WATCHDOG_MAIN_ARGS} + # cmd: /usr/local/watchdog/bin/wait-for-shutdown.sh + cwd: /pulsar/logs + log: + size: 200 + num: 30 + rotateonfirststart: true + - name: health + # ADD ZK-status.sh, which also starts /usr/local/watchdog/bin/dp-health-shim + config: + cmd: /usr/local/watchdog/bin/dp-health-shim + cwd: /tmp/recovery-health + log: + size: 10 + num: 30 + rotateonfirststart: true + require: + - main + - name: pod-stats + config: + cmd: bash /boot/pod-stats.sh + cwd: /pulsar/logs/pod-stats + log: + size: 10 + num: 30 + debugfile: /pulsar/logs/pod-stats/pod-mon.csv + rotateonfirststart: true + - name: health-watcher + config: + cmd: bash /boot/health-watcher.sh + cwd: /pulsar/logs/health-watcher + log: + size: 10 + num: 30 + debugfile: /pulsar/logs/health-watcher/health.csv + rotateonfirststart: true + - name: fluentbit + config: + cmd: /opt/fluent-bit/bin/fluent-bit -c ./fluentbit.conf + cwd: /pulsar/logs/fluentbits + logger: stdout + log: + size: 10 + num: 30 + rotateonfirststart: true +EOF diff --git a/charts/msg-pulsar-tp/scripts/mk-toolset-wd.yaml.sh b/charts/msg-pulsar-tp/scripts/mk-toolset-wd.yaml.sh index 1a32b3d5..c1c6a4f6 100644 --- a/charts/msg-pulsar-tp/scripts/mk-toolset-wd.yaml.sh +++ b/charts/msg-pulsar-tp/scripts/mk-toolset-wd.yaml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-watchdog.yml.sh b/charts/msg-pulsar-tp/scripts/mk-watchdog.yml.sh index 93bb7d48..e2ebe125 100644 --- a/charts/msg-pulsar-tp/scripts/mk-watchdog.yml.sh +++ b/charts/msg-pulsar-tp/scripts/mk-watchdog.yml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/mk-zk-watchdog.yml.sh b/charts/msg-pulsar-tp/scripts/mk-zk-watchdog.yml.sh index bd2d9a0f..ea326be6 100644 --- a/charts/msg-pulsar-tp/scripts/mk-zk-watchdog.yml.sh +++ b/charts/msg-pulsar-tp/scripts/mk-zk-watchdog.yml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/ops-pulsar-bash-shell.sh b/charts/msg-pulsar-tp/scripts/ops-pulsar-bash-shell.sh index ad2ba7ee..3f3ed7ea 100644 --- a/charts/msg-pulsar-tp/scripts/ops-pulsar-bash-shell.sh +++ b/charts/msg-pulsar-tp/scripts/ops-pulsar-bash-shell.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/pod-stats.sh b/charts/msg-pulsar-tp/scripts/pod-stats.sh index 5f4ee56b..4fb50783 100644 --- a/charts/msg-pulsar-tp/scripts/pod-stats.sh +++ b/charts/msg-pulsar-tp/scripts/pod-stats.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/pulsar-setup.bash b/charts/msg-pulsar-tp/scripts/pulsar-setup.bash index 99533d86..cb28e120 100644 --- a/charts/msg-pulsar-tp/scripts/pulsar-setup.bash +++ b/charts/msg-pulsar-tp/scripts/pulsar-setup.bash @@ -2,7 +2,7 @@ # This file is intended to be sourced on pod startup # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/scripts/pulsar-upgrade.sh b/charts/msg-pulsar-tp/scripts/pulsar-upgrade.sh index 50fd15b4..73b59c4c 100644 --- a/charts/msg-pulsar-tp/scripts/pulsar-upgrade.sh +++ b/charts/msg-pulsar-tp/scripts/pulsar-upgrade.sh @@ -1,10 +1,11 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # +[ -n "$LOG_DIR" ] && mkdir -p "$LOG_DIR" && cd "$LOG_DIR" fmtTime="--rfc-3339=ns" function log { echo "$(date "$fmtTime"): $*" ; } diff --git a/charts/msg-pulsar-tp/scripts/zk-health.sh b/charts/msg-pulsar-tp/scripts/zk-health.sh index 883d97a5..04242321 100644 --- a/charts/msg-pulsar-tp/scripts/zk-health.sh +++ b/charts/msg-pulsar-tp/scripts/zk-health.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/_apd.helpers.tpl b/charts/msg-pulsar-tp/templates/_apd.helpers.tpl index 5275b24d..a07575a1 100644 --- a/charts/msg-pulsar-tp/templates/_apd.helpers.tpl +++ b/charts/msg-pulsar-tp/templates/_apd.helpers.tpl @@ -2,7 +2,7 @@ {{/* MSGDP Pulsar (aka. Quasar, APD) Helpers # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -16,9 +16,9 @@ need.msg.apd.params # {{- $dpParams := include "need.msg.dp.params" . | fromYaml -}} # -{{- $apdDefaultFullImage := printf "%s/%s/msg-pulsar-all:3.0.2-32" $dpParams.dp.registry $dpParams.dp.repo -}} +{{- $apdDefaultFullImage := printf "%s/%s/msg-pulsar-all:3.0.2-36" $dpParams.dp.registry $dpParams.dp.repo -}} {{- $opsDefaultFullImage := printf "%s/%s/msg-tp-ops:1.2.0-4" $dpParams.dp.registry $dpParams.dp.repo -}} -{{- $apdDefaultImageTag := "3.0.2-32" -}} +{{- $apdDefaultImageTag := "3.0.2-36" -}} # Set APD defaults {{- $apdImage := ternary $apdDefaultFullImage .Values.apd.image ( not .Values.apd.image ) -}} {{- $name := ternary .Release.Name .Values.apd.name ( not .Values.apd.name ) -}} @@ -146,6 +146,12 @@ apd: storageName: {{ $name }}-conf subPath: "log4j2.yaml" readOnly: true + vartmp: + volName: vartmp + storageType: emptyDir + readOnly: false + permissions: + mode: "1777" params: volName: config-vol storageType: configMap diff --git a/charts/msg-pulsar-tp/templates/_apd.sizing.tpl b/charts/msg-pulsar-tp/templates/_apd.sizing.tpl index 07771be2..1856bfbd 100644 --- a/charts/msg-pulsar-tp/templates/_apd.sizing.tpl +++ b/charts/msg-pulsar-tp/templates/_apd.sizing.tpl @@ -2,7 +2,7 @@ {{/* MSGDP Pulsar Pod sizing # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -125,6 +125,12 @@ broker: jvmMs: 256m jvmDir: 256m jvmMx: 1526m +broker-init: + medium: + cpuRq: 100m + cpuLm: 1000m + memRq: 2048Mi + memLm: 3072Mi proxy: small: replicas: 2 @@ -162,6 +168,12 @@ proxy: jvmMs: 256m jvmDir: 256m jvmMx: 1526m +proxy-init: + medium: + cpuRq: 100m + cpuLm: 1000m + memRq: 2048Mi + memLm: 3072Mi recovery: small: replicas: 1 @@ -200,6 +212,52 @@ toolset: jvmMs: 256m jvmDir: 256m jvmMx: 1526m +job: + medium: + replicas: 1 + cpuRq: 100m + cpuLm: 1000m + memRq: 512Mi + memLm: 4096Mi +{{ end }} + +{{ define "msg.apd.sizing.values" }} +zookeeper: + {{- if .Values.zookeeper.resources }} +{{ toYaml .Values.zookeeper.resources | indent 2 }} + {{- end }} +bookkeeper: + {{- if .Values.bookkeeper.resources }} +{{ toYaml .Values.bookkeeper.resources | indent 2 }} + {{- end }} +broker: + {{- if .Values.broker.resources }} +{{ toYaml .Values.broker.resources | indent 2 }} + {{- end }} +proxy: + {{- if .Values.proxy.resources }} +{{ toYaml .Values.proxy.resources | indent 2 }} + {{- end }} +recovery: + {{- if .Values.autorecovery.resources }} +{{ toYaml .Values.autorecovery.resources | indent 2 }} + {{- end }} +toolset: + {{- if .Values.toolset.resources }} +{{ toYaml .Values.toolset.resources | indent 2 }} + {{- end }} +pulsar-init: + {{- if .Values.pulsar_metadata.resources }} +{{ toYaml .Values.pulsar_metadata.resources | indent 2 }} + {{- end }} +bookkeeper-init: + {{- if .Values.bookkeeper.metadata.resources }} +{{ toYaml .Values.bookkeeper.metadata.resources | indent 2 }} + {{- end }} +job: + {{- if .Values.job.resources }} +{{ toYaml .Values.job.resources | indent 2 }} + {{- end }} {{ end }} {{/* @@ -207,6 +265,12 @@ apd.sts.resources - get Pulsar sts pod resources call with (dict "comp" $component "param" $apdParams "root" . ) */}} {{- define "apd.sts.resources" -}} +{{- if .param.dp.enableResourceConstraints }} +{{- $sizeValues := include "msg.apd.sizing.values" . | fromYaml -}} +{{- $compValues := dict -}} + {{- if hasKey $sizeValues .comp -}} + {{- $compValues = get $sizeValues .comp -}} + {{- end -}} {{- $sizeSpec := include "msg.apd.sizing.spec" . | fromYaml -}} {{- $compSpec := get $sizeSpec "toolset" -}} {{- if hasKey $sizeSpec .comp -}} @@ -216,6 +280,9 @@ call with (dict "comp" $component "param" $apdParams "root" . ) {{- if hasKey $compSpec .param.apd.sizing -}} {{- $spec = get $compSpec .param.apd.sizing -}} {{- end }} +{{- if $compValues }} +{{ toYaml $compValues | indent 2 }} +{{- else if $spec }} requests: {{- if .param.apd.isProduction }} cpu: {{ $spec.cpuLm | quote }} @@ -228,6 +295,8 @@ limits: cpu: {{ $spec.cpuLm | quote }} memory: {{ $spec.memLm | quote }} {{- end }} +{{- end }} +{{- end }} {{/* apd.sts.size.labels - set Pulsar sts pod sizing labels diff --git a/charts/msg-pulsar-tp/templates/_dp.helpers.tpl b/charts/msg-pulsar-tp/templates/_dp.helpers.tpl index 74ad4bc0..c83896ab 100644 --- a/charts/msg-pulsar-tp/templates/_dp.helpers.tpl +++ b/charts/msg-pulsar-tp/templates/_dp.helpers.tpl @@ -2,7 +2,7 @@ {{/* MSG DP Common Helpers # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -36,6 +36,7 @@ need.msg.dp.params {{- $instanceId := "no-instanceId" -}} {{- $fluentbitEnabled := .Values.global.cp.logging.fluentbit.enabled -}} {{- $enableClusterScopedPerm := .Values.global.cp.enableClusterScopedPerm -}} + {{- $enableResourceConstraints := .Values.global.cp.enableResourceConstraints -}} {{- $enableSecurityContext := true -}} {{- $enableHaproxy := true -}} # These 3 are currently unused! @@ -116,6 +117,9 @@ need.msg.dp.params {{- if hasKey .Values.dp "enableClusterScopedPerm" -}} {{- $enableClusterScopedPerm = .Values.dp.enableClusterScopedPerm -}} {{- end -}} + {{- if hasKey .Values.dp "enableResourceConstraints" -}} + {{- $enableResourceConstraints = .Values.dp.enableResourceConstraints -}} + {{- end -}} {{- if hasKey .Values.dp "enableSecurityContext" -}} {{- $enableSecurityContext = .Values.dp.enableSecurityContext -}} {{- end -}} @@ -146,6 +150,7 @@ dp: chart: {{ printf "%s-%s" .Chart.Name .Chart.Version }} fluentbitEnabled: {{ $fluentbitEnabled }} enableClusterScopedPerm: {{ $enableClusterScopedPerm }} + enableResourceConstraints: {{ $enableResourceConstraints }} enableSecurityContext: {{ $enableSecurityContext }} enableHaproxy: {{ $enableHaproxy }} {{- end }} @@ -178,7 +183,7 @@ note: tib-msg-stsname will be added directly in statefulset charts, as it needs */}} {{- define "msg.dpparams.labels" }} tib-dp-release: {{ .dp.release }} -tib-dp-msgbuild: "1.3.0.18" +tib-dp-msgbuild: "1.4.0.20" tib-dp-chart: {{ .dp.chart }} tib-dp-workload-type: "capability-service" tib-dp-dataplane-id: "{{ .dp.name }}" @@ -438,6 +443,7 @@ securityContext: capabilities: drop: - ALL + - CAP_NET_RAW readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} @@ -450,7 +456,9 @@ securityContext: capabilities: drop: - ALL - readOnlyRootFilesystem: false + - CAP_NET_RAW + # readOnlyRootFilesystem: false + readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} {{- end }} diff --git a/charts/msg-pulsar-tp/templates/apd-upgrade.job.yaml b/charts/msg-pulsar-tp/templates/apd-upgrade.job.yaml index b31f1432..0b2536e1 100644 --- a/charts/msg-pulsar-tp/templates/apd-upgrade.job.yaml +++ b/charts/msg-pulsar-tp/templates/apd-upgrade.job.yaml @@ -1,6 +1,6 @@ {{ if .Release.IsUpgrade }} # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -18,6 +18,7 @@ metadata: name: "{{ $jobname }}" labels: name: "{{ $jobname }}" + app.kubernetes.io/name: "{{ template "pulsar.fullname" . }}-upgrade" {{ include "msg.dp.labels" . | indent 6 }} {{ include "apd.std.labels" $apdParams | indent 6 }} tib-dp-app: msg-apd-ftl @@ -32,6 +33,7 @@ spec: namespace: "{{ .Release.Namespace }}" labels: name: "{{ $jobname }}" + app.kubernetes.io/name: "{{ template "pulsar.fullname" . }}-upgrade" {{ include "msg.dp.labels" . | indent 16 }} {{ include "msg.dp.net.kubectl" . | indent 16}} {{ include "apd.std.labels" $apdParams | indent 16 }} @@ -39,6 +41,7 @@ spec: enableServiceLinks: false nodeSelector: kubernetes.io/os: linux + {{ include "msg.dp.security.pod" $apdParams | nindent 12 }} {{- if ne "none" $apdParams.dp.pullSecret }} imagePullSecrets: - name: {{ $apdParams.dp.pullSecret }} @@ -47,6 +50,11 @@ spec: restartPolicy: Never volumes: {{ include "msg.pv.vol.def" $apdParams.apd.boot | nindent 12 }} + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 12 }} + {{- else }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 12 }} + {{- end }} terminationGracePeriodSeconds: 10 containers: - name: "main" @@ -56,9 +64,18 @@ spec: bash < /boot/pulsar-upgrade.sh image: "{{ $apdParams.apd.imageFullName }}" imagePullPolicy: "{{ $apdParams.dp.pullPolicy }}" + {{ include "msg.dp.security.container" $apdParams | nindent 16 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "job" "param" $apdParams "Values" .Values ) | nindent 18 }} volumeMounts: - mountPath: /boot {{ include "msg.pv.vol.mount" $apdParams.apd.boot | nindent 18 }} + - mountPath: /pulsar/logs + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 18 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 18 }} + {{- end }} env: # CAUTION! Setting Names here overrides envFrom values {{ include "msg.dp.stdenv" $apdParams | indent 16 }} @@ -66,6 +83,8 @@ spec: value: "y" - name: MY_GROUP value: "{{ $apdParams.apd.name }}" + - name: LOG_DIR + value: "/pulsar/logs" - name: HEALTH_ACTION {{ if .Values.apd.skipRedeploy }} value: "skip-redeploy" diff --git a/charts/msg-pulsar-tp/templates/apd.conf.cm.yaml b/charts/msg-pulsar-tp/templates/apd.conf.cm.yaml index 9b1e1e40..84dd0353 100644 --- a/charts/msg-pulsar-tp/templates/apd.conf.cm.yaml +++ b/charts/msg-pulsar-tp/templates/apd.conf.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/apd.params.cm.yaml b/charts/msg-pulsar-tp/templates/apd.params.cm.yaml index 3dcef79d..c09a440a 100644 --- a/charts/msg-pulsar-tp/templates/apd.params.cm.yaml +++ b/charts/msg-pulsar-tp/templates/apd.params.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/apd.scripts.cm.yaml b/charts/msg-pulsar-tp/templates/apd.scripts.cm.yaml index 2540cdde..127ccbee 100644 --- a/charts/msg-pulsar-tp/templates/apd.scripts.cm.yaml +++ b/charts/msg-pulsar-tp/templates/apd.scripts.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/apd.toolset.ingress.yaml b/charts/msg-pulsar-tp/templates/apd.toolset.ingress.yaml index e3da6cc9..5890a98f 100644 --- a/charts/msg-pulsar-tp/templates/apd.toolset.ingress.yaml +++ b/charts/msg-pulsar-tp/templates/apd.toolset.ingress.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -25,7 +25,8 @@ metadata: spec: ingressClassName: tibco-dp-{{ $apdParams.dp.name }} rules: - - http: + - host: "dp-{{ .Values.global.cp.dataplaneId }}.platform.local" + http: paths: - pathType: Prefix path: /tibco/agent/msg/pulsar/{{ $apdParams.dp.instanceId }}/toolset/ @@ -50,7 +51,8 @@ metadata: spec: ingressClassName: tibco-dp-{{ $apdParams.dp.name }} rules: - - http: + - host: "{{ .Values.global.cp.cpHostname }}" + http: paths: - pathType: Prefix path: /tibco/agent/msg/ops/shell/pulsar/{{ $apdParams.dp.instanceId }}/toolset/ diff --git a/charts/msg-pulsar-tp/templates/autorecovery-statefulset.yaml b/charts/msg-pulsar-tp/templates/autorecovery-statefulset.yaml index ae613374..b4744a7d 100644 --- a/charts/msg-pulsar-tp/templates/autorecovery-statefulset.yaml +++ b/charts/msg-pulsar-tp/templates/autorecovery-statefulset.yaml @@ -93,34 +93,70 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.autorecovery "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.autorecovery "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "recovery" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > + cp -R /pulsar-conf/* /pulsar/conf/ ; {{- include "pulsar.autorecovery.init.verify_cluster_id" . | nindent 10 }} envFrom: - configMapRef: name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} volumeMounts: - mountPath: /boot {{ include "msg.pv.vol.mount" $apdParams.apd.boot | nindent 10 }} + - mountPath: /pulsar/logs + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + - mountPath: /pulsar/conf + {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} {{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.autorecovery "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.autorecovery "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} - {{- if .Values.autorecovery.resources }} - resources: -{{ toYaml .Values.autorecovery.resources | indent 10 }} - {{- else }} + {{- if .Values.autorecovery.probe.liveness.enabled }} + livenessProbe: + httpGet: + path: /inquorum + port: {{ .Values.autorecovery.ports.health }} + initialDelaySeconds: {{ .Values.autorecovery.probe.liveness.initialDelaySeconds }} + periodSeconds: {{ .Values.autorecovery.probe.liveness.periodSeconds }} + timeoutSeconds: {{ .Values.autorecovery.probe.liveness.timeoutSeconds }} + failureThreshold: {{ .Values.autorecovery.probe.liveness.failureThreshold }} + {{- end }} + {{- if .Values.autorecovery.probe.readiness.enabled }} + readinessProbe: + httpGet: + path: /inquorum + port: {{ .Values.autorecovery.ports.health }} + initialDelaySeconds: {{ .Values.autorecovery.probe.readiness.initialDelaySeconds }} + periodSeconds: {{ .Values.autorecovery.probe.readiness.periodSeconds }} + timeoutSeconds: {{ .Values.autorecovery.probe.readiness.timeoutSeconds }} + failureThreshold: {{ .Values.autorecovery.probe.readiness.failureThreshold }} + {{- end }} + {{- if .Values.autorecovery.probe.startup.enabled }} + startupProbe: + httpGet: + path: /inquorum + port: {{ .Values.autorecovery.ports.health }} + initialDelaySeconds: {{ .Values.autorecovery.probe.startup.initialDelaySeconds }} + periodSeconds: {{ .Values.autorecovery.probe.startup.periodSeconds }} + timeoutSeconds: {{ .Values.autorecovery.probe.startup.timeoutSeconds }} + failureThreshold: {{ .Values.autorecovery.probe.startup.failureThreshold }} + {{- end }} resources: -{{- include "apd.sts.resources" (dict "comp" "recovery" "param" $apdParams ) | nindent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "recovery" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > source /boot/pulsar-setup.bash /pulsar/bin/bookkeeper autorecovery ; bin/apply-config-from-env.py conf/bookkeeper.conf; + mkdir -p /tmp/recovery-health/health ; + echo 'true' > /tmp/recovery-health/health/inquorum ; {{- include "pulsar.autorecovery.zookeeper.tls.settings" . | nindent 10 }} OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec /usr/local/watchdog/bin/watchdog ports: @@ -130,6 +166,8 @@ spec: {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} - name: STS_NAME value: "{{ template "pulsar.fullname" . }}-{{ .Values.autorecovery.component }}" + - name: TCM_WATCHDOG_CONFIG + value: "/pulsar/logs/recovery-watchdog.yml" - name: POD_DISK_MON value: "/pulsar/data,/pulsar/logs" - name: PULSAR_LOG_FILE @@ -150,6 +188,10 @@ spec: {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} - mountPath: /pulsar/conf/log4j2.yaml {{ include "msg.pv.vol.mount" $apdParams.apd.log4j2 | nindent 10 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} {{- include "pulsar.autorecovery.certs.volumeMounts" . | nindent 8 }} volumes: {{ include "msg.pv.vol.def" $apdParams.apd.boot | nindent 6 }} @@ -159,9 +201,9 @@ spec: {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 6 }} {{- end }} {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} {{- include "pulsar.autorecovery.certs.volumes" . | nindent 6 }} {{- include "pulsar.imagePullSecrets" . | nindent 6}} - # FIXME: generally not needed ?? volumeClaimTemplates: {{- if eq "use-pulsar-data" $apdParams.apd.logs.storageType }} {{ include "msg.pv.vol.vct" $apdParams.apd.msgData | nindent 2 }} diff --git a/charts/msg-pulsar-tp/templates/bookkeeper-cluster-initialize.yaml b/charts/msg-pulsar-tp/templates/bookkeeper-cluster-initialize.yaml index c4f0f0cf..644e33b1 100644 --- a/charts/msg-pulsar-tp/templates/bookkeeper-cluster-initialize.yaml +++ b/charts/msg-pulsar-tp/templates/bookkeeper-cluster-initialize.yaml @@ -28,6 +28,7 @@ metadata: annotations: {{ include "msg.dp.mon.annotations" . | indent 4 }} labels: + app.kubernetes.io/name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" {{- include "pulsar.standardLabels" . | nindent 4 }} component: "{{ .Values.bookkeeper.component }}-init" spec: @@ -39,6 +40,7 @@ spec: template: metadata: labels: + app.kubernetes.io/name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" {{- include "pulsar.template.labels" . | nindent 8 }} spec: {{- include "pulsar.imagePullSecrets" . | nindent 6}} @@ -46,6 +48,7 @@ spec: enableServiceLinks: false nodeSelector: kubernetes.io/os: linux + {{ include "msg.dp.security.pod" $apdParams | nindent 6 }} {{- if .Values.pulsar_metadata.nodeSelector }} {{ toYaml .Values.pulsar_metadata.nodeSelector | indent 8 }} {{- end }} @@ -53,7 +56,9 @@ spec: - name: wait-zookeeper-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.bookie "root" .) }}" - # imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} + {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "bookkeeper-init" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - >- @@ -66,18 +71,26 @@ spec: sleep 3; done; {{- end}} + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} + volumeMounts: + - mountPath: /pulsar/logs + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}-init" image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.bookie "root" .) }}" - # imagePullPolicy: {{ .Values.images.bookie.pullPolicy }} - {{- if .Values.bookkeeper.metadata.resources }} + {{ include "msg.dp.security.container" $apdParams | nindent 8 }} resources: -{{ toYaml .Values.bookkeeper.metadata.resources | indent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "bookkeeper-init" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > + cp -R /pulsar-conf/* /pulsar/conf/ ; bin/apply-config-from-env.py conf/bookkeeper.conf; {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 12 }} if bin/bookkeeper shell whatisinstanceid; then @@ -91,9 +104,9 @@ spec: {{- if .Values.extraInitCommand }} {{ .Values.extraInitCommand }} {{- end }} - {{- if and .Values.rbac.enabled .Values.rbac.psp }} + {{- if .Values.bookkeeper.securityContext }} securityContext: - readOnlyRootFilesystem: false +{{ toYaml .Values.bookkeeper.securityContext | indent 10 }} {{- end }} env: {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} @@ -102,8 +115,31 @@ spec: name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" volumeMounts: {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + - mountPath: /pulsar/logs + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} + - mountPath: /pulsar/conf + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} volumes: {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} + {{- if eq "use-pulsar-data" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.def" $apdParams.apd.msgData | nindent 6 }} + {{- else }} + {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 6 }} + {{- end }} + {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} restartPolicy: OnFailure {{- end }} {{- end }} diff --git a/charts/msg-pulsar-tp/templates/bookkeeper-statefulset.yaml b/charts/msg-pulsar-tp/templates/bookkeeper-statefulset.yaml index 4cec5641..ea19d486 100644 --- a/charts/msg-pulsar-tp/templates/bookkeeper-statefulset.yaml +++ b/charts/msg-pulsar-tp/templates/bookkeeper-statefulset.yaml @@ -96,17 +96,26 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.bookie "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.bookie "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "bookkeeper" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: # only reformat bookie if bookkeeper is running without persistence - > + cp -R /pulsar-conf/* /pulsar/conf/ ; {{- include "pulsar.bookkeeper.init.verify_cluster_id" . | nindent 10 }} envFrom: - configMapRef: name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} volumeMounts: - mountPath: /boot {{ include "msg.pv.vol.mount" $apdParams.apd.boot | nindent 10 }} + - mountPath: /pulsar/logs + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + - mountPath: /pulsar/conf + {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} {{- include "pulsar.bookkeeper.certs.volumeMounts" . | nindent 8 }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" @@ -143,13 +152,8 @@ spec: timeoutSeconds: {{ .Values.bookkeeper.probe.startup.timeoutSeconds }} failureThreshold: {{ .Values.bookkeeper.probe.startup.failureThreshold }} {{- end }} - {{- if .Values.bookkeeper.resources }} resources: -{{ toYaml .Values.bookkeeper.resources | indent 10 }} - {{- else }} - resources: -{{- include "apd.sts.resources" (dict "comp" "bookkeeper" "param" $apdParams ) | nindent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "bookkeeper" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > @@ -205,6 +209,10 @@ spec: {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} - mountPath: /pulsar/conf/log4j2.yaml {{ include "msg.pv.vol.mount" $apdParams.apd.log4j2 | nindent 10 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} {{- if .Values.bookkeeper.extraVolumeMounts }} {{ toYaml .Values.bookkeeper.extraVolumeMounts | indent 8 }} {{- end }} @@ -215,6 +223,7 @@ spec: {{ include "msg.pv.vol.def" $apdParams.apd.msgData | nindent 6 }} {{ include "msg.pv.vol.def" $apdParams.apd.journal | nindent 6 }} {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} {{- include "pulsar.bookkeeper.certs.volumes" . | nindent 6 }} {{- include "pulsar.imagePullSecrets" . | nindent 6}} {{- if .Values.bookkeeper.extraVolumes }} diff --git a/charts/msg-pulsar-tp/templates/broker-statefulset.yaml b/charts/msg-pulsar-tp/templates/broker-statefulset.yaml index 957f9473..fe8e25ba 100644 --- a/charts/msg-pulsar-tp/templates/broker-statefulset.yaml +++ b/charts/msg-pulsar-tp/templates/broker-statefulset.yaml @@ -98,6 +98,8 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "broker-init" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - >- @@ -110,9 +112,13 @@ spec: {{- end }} echo "pulsar cluster {{ template "pulsar.cluster.name" . }} isn't initialized yet ... check in 3 seconds ..." && sleep 3; done; + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} volumeMounts: - mountPath: /boot {{ include "msg.pv.vol.mount" $apdParams.apd.boot | nindent 10 }} + - mountPath: /pulsar/logs + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} {{- include "pulsar.broker.certs.volumeMounts" . | nindent 8 }} # This init container will wait for bookkeeper to be ready before # deploying the broker @@ -120,9 +126,12 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "broker-init" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > + cp -R /pulsar-conf/* /pulsar/conf/ ; {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 12 }} bin/apply-config-from-env.py conf/bookkeeper.conf; until bin/bookkeeper shell whatisinstanceid; do @@ -138,6 +147,7 @@ spec: done; echo "bookkeeper cluster is ready"; env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} - name: STS_NAME value: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" - name: POD_DISK_MON @@ -147,6 +157,14 @@ spec: name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" volumeMounts: {{- include "pulsar.broker.certs.volumeMounts" . | nindent 10 }} + - mountPath: /pulsar/logs + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 12 }} + - mountPath: /pulsar/conf + {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 12 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 12 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 12 }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.broker.component }}" image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}" @@ -155,6 +173,7 @@ spec: {{- if .Values.broker.probe.liveness.enabled }} livenessProbe: httpGet: + # path: /admin/v2/brokers/health path: /status.html port: {{ .Values.broker.ports.http }} initialDelaySeconds: {{ .Values.broker.probe.liveness.initialDelaySeconds }} @@ -165,6 +184,7 @@ spec: {{- if .Values.broker.probe.readiness.enabled }} readinessProbe: httpGet: + # path: /admin/v2/brokers/health path: /status.html port: {{ .Values.broker.ports.http }} initialDelaySeconds: {{ .Values.broker.probe.readiness.initialDelaySeconds }} @@ -175,6 +195,7 @@ spec: {{- if .Values.broker.probe.startup.enabled }} startupProbe: httpGet: + # path: /admin/v2/brokers/health path: /status.html port: {{ .Values.broker.ports.http }} initialDelaySeconds: {{ .Values.broker.probe.startup.initialDelaySeconds }} @@ -182,13 +203,8 @@ spec: timeoutSeconds: {{ .Values.broker.probe.startup.timeoutSeconds }} failureThreshold: {{ .Values.broker.probe.startup.failureThreshold }} {{- end }} - {{- if .Values.broker.resources }} resources: -{{ toYaml .Values.broker.resources | indent 10 }} - {{- else }} - resources: -{{- include "apd.sts.resources" (dict "comp" "broker" "param" $apdParams ) | nindent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "broker" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > @@ -198,7 +214,7 @@ spec: {{- end }} bin/apply-config-from-env.py conf/broker.conf; bin/gen-yml-from-env.py conf/functions_worker.yml; - echo "OK" > status; + echo "OK" > /pulsar/logs/status; {{- include "pulsar.broker.zookeeper.tls.settings" . | nindent 10 }} bin/pulsar zookeeper-shell -server {{ template "pulsar.zookeeper.connect" . }} get {{ template "pulsar.broker.znode" . }}; while [ $? -eq 0 ]; do @@ -249,6 +265,10 @@ spec: {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 12 }} - mountPath: /pulsar/conf/log4j2.yaml {{ include "msg.pv.vol.mount" $apdParams.apd.log4j2 | nindent 12 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 12 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 12 }} {{- if .Values.auth.authentication.enabled }} {{- if eq .Values.auth.authentication.provider "jwt" }} - mountPath: "/pulsar/keys" @@ -271,6 +291,7 @@ spec: {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 6 }} {{- end }} {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} {{- if .Values.broker.extraVolumes }} {{ toYaml .Values.broker.extraVolumes | indent 6 }} {{- end }} diff --git a/charts/msg-pulsar-tp/templates/dp.client.cm.yaml b/charts/msg-pulsar-tp/templates/dp.client.cm.yaml index f6677645..cc6769d2 100644 --- a/charts/msg-pulsar-tp/templates/dp.client.cm.yaml +++ b/charts/msg-pulsar-tp/templates/dp.client.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/dp.client.svc.yaml b/charts/msg-pulsar-tp/templates/dp.client.svc.yaml index 3efe62bf..2f6e9113 100644 --- a/charts/msg-pulsar-tp/templates/dp.client.svc.yaml +++ b/charts/msg-pulsar-tp/templates/dp.client.svc.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/proxy-statefulset.yaml b/charts/msg-pulsar-tp/templates/proxy-statefulset.yaml index 834e6aa1..9aecbbb4 100644 --- a/charts/msg-pulsar-tp/templates/proxy-statefulset.yaml +++ b/charts/msg-pulsar-tp/templates/proxy-statefulset.yaml @@ -93,6 +93,8 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.proxy "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "proxy-init" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - >- @@ -105,12 +107,19 @@ spec: sleep 3; done; {{- end}} + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} + volumeMounts: + - mountPath: /pulsar/logs + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} # This init container will wait for at least one broker to be ready before # deploying the proxy - name: wait-broker-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.proxy "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "proxy-init" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - >- @@ -121,6 +130,11 @@ spec: sleep 10; brokerServiceNumber="$(nslookup -timeout=10 {{ template "pulsar.fullname" . }}-{{ .Values.broker.component }} | grep Name | wc -l)"; done; + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} + volumeMounts: + - mountPath: /pulsar/logs + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.proxy.component }}" image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.proxy "root" .) }}" @@ -156,13 +170,8 @@ spec: timeoutSeconds: {{ .Values.proxy.probe.startup.timeoutSeconds }} failureThreshold: {{ .Values.proxy.probe.startup.failureThreshold }} {{- end }} - {{- if .Values.proxy.resources }} - resources: -{{ toYaml .Values.proxy.resources | indent 10 }} - {{- else }} resources: -{{- include "apd.sts.resources" (dict "comp" "proxy" "param" $apdParams ) | nindent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "proxy" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > @@ -171,7 +180,7 @@ spec: {{ .Values.proxy.additionalCommand }} {{- end }} bin/apply-config-from-env.py conf/proxy.conf && - echo "OK" > status && + echo "OK" > /pulsar/logs/status && OPTS="${OPTS} -Dlog4j2.formatMsgNoLookups=true" exec /usr/local/watchdog/bin/watchdog ports: # prometheus needs to access /metrics endpoint @@ -214,6 +223,8 @@ spec: {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 12 }} - mountPath: /pulsar/conf/log4j2.yaml {{ include "msg.pv.vol.mount" $apdParams.apd.log4j2 | nindent 12 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 12 }} {{- if or .Values.proxy.extraVolumeMounts .Values.auth.authentication.enabled (and .Values.tls.enabled (or .Values.tls.proxy.enabled .Values.tls.broker.enabled)) }} {{- if .Values.auth.authentication.enabled }} {{- if eq .Values.auth.authentication.provider "jwt" }} @@ -248,6 +259,7 @@ spec: {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 6 }} {{- end }} {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} {{- if or .Values.proxy.extraVolumes .Values.auth.authentication.enabled (and .Values.tls.enabled .Values.tls.proxy.enabled) }} {{- if .Values.proxy.extraVolumes }} {{ toYaml .Values.proxy.extraVolumes | indent 8 }} diff --git a/charts/msg-pulsar-tp/templates/pulsar-cluster-initialize.yaml b/charts/msg-pulsar-tp/templates/pulsar-cluster-initialize.yaml index e1d44091..5e180e69 100644 --- a/charts/msg-pulsar-tp/templates/pulsar-cluster-initialize.yaml +++ b/charts/msg-pulsar-tp/templates/pulsar-cluster-initialize.yaml @@ -29,6 +29,7 @@ metadata: annotations: {{ include "msg.dp.mon.annotations" . | indent 4 }} labels: + app.kubernetes.io/name: "{{ .Values.pulsar_metadata.component }}" {{- include "pulsar.standardLabels" . | nindent 4 }} component: {{ .Values.pulsar_metadata.component }} spec: @@ -40,9 +41,11 @@ spec: template: metadata: labels: + app.kubernetes.io/name: "{{ .Values.pulsar_metadata.component }}" {{- include "pulsar.template.labels" . | nindent 8 }} spec: {{- include "pulsar.imagePullSecrets" . | nindent 6}} + {{ include "msg.dp.security.pod" $apdParams | nindent 6 }} enableServiceLinks: false serviceAccountName: "{{ $apdParams.apd.broker.serviceAccount }}" nodeSelector: @@ -55,7 +58,9 @@ spec: - name: wait-cs-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" - # imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "job" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - >- @@ -66,7 +71,9 @@ spec: - name: wait-zookeeper-ready image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" - # imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "job" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - >- @@ -79,34 +86,62 @@ spec: sleep 3; done; {{- end}} + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} + volumeMounts: + - mountPath: /pulsar/logs + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} # This initContainer will wait for bookkeeper initnewcluster to complete # before initializing pulsar metadata - name: pulsar-bookkeeper-verify-clusterid image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" - # imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} + {{ include "msg.dp.security.container" $apdParams | nindent 8 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "job" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > + cp -R /pulsar-conf/* /pulsar/conf/ ; bin/apply-config-from-env.py conf/bookkeeper.conf; {{- include "pulsar.toolset.zookeeper.tls.settings" . | nindent 10 }} until bin/bookkeeper shell whatisinstanceid; do sleep 3; done; + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} envFrom: - configMapRef: name: "{{ template "pulsar.fullname" . }}-{{ .Values.bookkeeper.component }}" volumeMounts: {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + - mountPath: /pulsar/logs + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} + - mountPath: /pulsar/conf + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} containers: - name: "{{ template "pulsar.fullname" . }}-{{ .Values.pulsar_metadata.component }}" image: "{{ template "pulsar.imageFullName" (dict "image" .Values.pulsar_metadata.image "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" - # imagePullPolicy: {{ .Values.pulsar_metadata.image.pullPolicy }} - {{- if .Values.pulsar_metadata.resources }} + {{ include "msg.dp.security.container" $apdParams | nindent 8 }} resources: -{{ toYaml .Values.pulsar_metadata.resources | indent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "job" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - | @@ -127,10 +162,30 @@ spec: {{- if .Values.extraInitCommand }} {{ .Values.extraInitCommand }} {{- end }} + env: + {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} volumeMounts: {{- include "pulsar.toolset.certs.volumeMounts" . | nindent 8 }} + - mountPath: /pulsar/logs + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.logs | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} + - mountPath: /pulsar/conf + {{- if eq "sharedPvc" $apdParams.apd.logs.storageType }} + {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} + {{- else }} + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + {{- end }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} volumes: {{- include "pulsar.toolset.certs.volumes" . | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} restartPolicy: OnFailure {{- if .Values.pulsar_metadata.nodeSelector }} nodeSelector: diff --git a/charts/msg-pulsar-tp/templates/pulsar-logs.pvc.yaml b/charts/msg-pulsar-tp/templates/pulsar-logs.pvc.yaml index 96af8209..1ea3df5e 100644 --- a/charts/msg-pulsar-tp/templates/pulsar-logs.pvc.yaml +++ b/charts/msg-pulsar-tp/templates/pulsar-logs.pvc.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/msg-pulsar-tp/templates/pulsar-uninstall.job.yaml b/charts/msg-pulsar-tp/templates/pulsar-uninstall.job.yaml index d7fc6e98..835ecdac 100644 --- a/charts/msg-pulsar-tp/templates/pulsar-uninstall.job.yaml +++ b/charts/msg-pulsar-tp/templates/pulsar-uninstall.job.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -17,6 +17,7 @@ metadata: name: "{{ $jobname }}" labels: name: "{{ $jobname }}" + app.kubernetes.io/name: "{{ template "pulsar.fullname" . }}-uninstall" {{ include "msg.dp.labels" . | indent 6 }} {{ include "apd.std.labels" $apdParams | indent 6 }} namespace: "{{ .Release.Namespace }}" @@ -35,6 +36,7 @@ spec: namespace: "{{ .Release.Namespace }}" labels: name: "{{ $jobname }}" + app.kubernetes.io/name: "{{ template "pulsar.fullname" . }}-uninstall" {{ include "msg.dp.labels" . | indent 16 }} {{ include "msg.dp.net.kubectl" . | indent 16}} {{ include "apd.std.labels" $apdParams | indent 16 }} @@ -42,6 +44,7 @@ spec: enableServiceLinks: false nodeSelector: kubernetes.io/os: linux + {{ include "msg.dp.security.pod" $apdParams | nindent 12 }} {{- if ne "none" $apdParams.dp.pullSecret }} imagePullSecrets: - name: {{ $apdParams.dp.pullSecret }} @@ -61,6 +64,9 @@ spec: image: "{{ $apdParams.apd.imageFullName }}" imagePullPolicy: "{{ $apdParams.dp.pullPolicy }}" + {{ include "msg.dp.security.container" $apdParams | nindent 16 }} + resources: +{{- include "apd.sts.resources" (dict "comp" "job" "param" $apdParams "Values" .Values ) | nindent 18 }} env: # CAUTION! Setting Names here overrides envFrom values {{ include "msg.dp.stdenv" $apdParams | indent 16 }} diff --git a/charts/msg-pulsar-tp/templates/toolset-statefulset.yaml b/charts/msg-pulsar-tp/templates/toolset-statefulset.yaml index b68dfed8..34bf51f1 100644 --- a/charts/msg-pulsar-tp/templates/toolset-statefulset.yaml +++ b/charts/msg-pulsar-tp/templates/toolset-statefulset.yaml @@ -78,13 +78,8 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.broker "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.broker "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} - {{- if .Values.toolset.resources }} resources: -{{ toYaml .Values.toolset.resources | indent 10 }} - {{- else }} - resources: -{{- include "apd.sts.resources" (dict "comp" "toolset" "param" $apdParams ) | nindent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "toolset" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] # exec /usr/local/watchdog/bin/wait-for-shutdown.sh ; args: @@ -105,6 +100,22 @@ spec: containerPort: 8376 # Requires websocket upgrade support protocol: TCP + livenessProbe: + httpGet: + path: /healthz + port: 8376 + initialDelaySeconds: 3 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 4 + readinessProbe: + httpGet: + path: /readyz + port: 8376 + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 env: {{ include "msg.dp.stdenv" $apdParams | nindent 8 }} - name: MY_SVC_HOST @@ -145,6 +156,10 @@ spec: {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} - mountPath: /pulsar/conf/log4j2.yaml {{ include "msg.pv.vol.mount" $apdParams.apd.log4j2 | nindent 10 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} + - mountPath: /tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} {{- if .Values.auth.authentication.enabled }} {{- if eq .Values.auth.authentication.provider "jwt" }} - mountPath: "/pulsar/tokens" @@ -169,6 +184,7 @@ spec: {{ include "msg.pv.vol.def" $apdParams.apd.logs | nindent 6 }} {{- end }} {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} {{ include "msg.pv.vol.def" $apdParams.apd.params | nindent 6 }} {{ include "msg.pv.vol.def" $apdParams.apd.toolsetData | nindent 6 }} {{- if .Values.auth.authentication.enabled }} diff --git a/charts/msg-pulsar-tp/templates/zookeeper-statefulset.yaml b/charts/msg-pulsar-tp/templates/zookeeper-statefulset.yaml index b38f7a98..b251394f 100644 --- a/charts/msg-pulsar-tp/templates/zookeeper-statefulset.yaml +++ b/charts/msg-pulsar-tp/templates/zookeeper-statefulset.yaml @@ -98,13 +98,8 @@ spec: image: "{{ template "pulsar.imageFullName" (dict "image" .Values.images.zookeeper "root" .) }}" imagePullPolicy: "{{ template "pulsar.imagePullPolicy" (dict "image" .Values.images.zookeeper "root" .) }}" {{ include "msg.dp.security.container" $apdParams | nindent 8 }} - {{- if .Values.zookeeper.resources }} resources: -{{ toYaml .Values.zookeeper.resources | indent 10 }} - {{- else }} - resources: -{{- include "apd.sts.resources" (dict "comp" "zookeeper" "param" $apdParams ) | nindent 10 }} - {{- end }} +{{- include "apd.sts.resources" (dict "comp" "zookeeper" "param" $apdParams "Values" .Values ) | nindent 10 }} command: ["bash", "-c"] args: - > @@ -209,6 +204,8 @@ spec: {{ include "msg.pv.vol.mount" $apdParams.apd.conf | nindent 10 }} - mountPath: /pulsar/conf/log4j2.yaml {{ include "msg.pv.vol.mount" $apdParams.apd.log4j2 | nindent 10 }} + - mountPath: /var/tmp + {{ include "msg.pv.vol.mount" $apdParams.apd.vartmp | nindent 10 }} {{- if and .Values.tls.enabled .Values.tls.zookeeper.enabled }} - mountPath: "/pulsar/certs/zookeeper" name: zookeeper-certs @@ -229,6 +226,7 @@ spec: {{ include "msg.pv.vol.def" $apdParams.apd.msgData | nindent 6 }} {{ include "msg.pv.vol.def" $apdParams.apd.journal | nindent 6 }} {{ include "msg.pv.vol.def" $apdParams.apd.log4j2 | nindent 6 }} + {{ include "msg.pv.vol.def" $apdParams.apd.vartmp | nindent 6 }} {{ if .Values.zookeeper.extraVolumes }} {{ toYaml .Values.zookeeper.extraVolumes | indent 6 }} {{- end }} diff --git a/charts/msg-pulsar-tp/values.yaml b/charts/msg-pulsar-tp/values.yaml index b38e017a..a6c46323 100644 --- a/charts/msg-pulsar-tp/values.yaml +++ b/charts/msg-pulsar-tp/values.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -9,6 +9,7 @@ global: cp: dataplaneId: enableClusterScopedPerm: true + enableResourceConstraints: true logging: fluentbit: enabled: true @@ -691,8 +692,28 @@ autorecovery: restartPodsOnConfigMapChange: false ports: http: 8000 + health: 8090 # nodeSelector: # cloud.google.com/gke-nodepool: default-pool + probe: + liveness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + readiness: + enabled: true + failureThreshold: 10 + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + startup: + enabled: false + failureThreshold: 30 + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 affinity: anti_affinity: true anti_affinity_topology_key: kubernetes.io/hostname @@ -712,6 +733,7 @@ autorecovery: ## templates/autorecovery-configmap.yaml ## configData: + PULSAR_PREFIX_statusFilePath: "/pulsar/logs/status" # BOOKIE_MEM: > # -Xms64m -Xmx64m PULSAR_PREFIX_useV2WireProtocol: "true" @@ -834,6 +856,7 @@ broker: ## templates/broker-configmap.yaml ## configData: + PULSAR_PREFIX_statusFilePath: "/pulsar/logs/status" # PULSAR_MEM: > # -Xms128m -Xmx256m -XX:MaxDirectMemorySize=256m PULSAR_GC: > @@ -965,6 +988,7 @@ proxy: ## templates/proxy-configmap.yaml ## configData: + PULSAR_PREFIX_statusFilePath: "/pulsar/logs/status" # PULSAR_MEM: > # -Xms64m -Xmx64m -XX:MaxDirectMemorySize=64m PULSAR_GC: > @@ -1194,3 +1218,4 @@ job: ttl: enabled: true secondsAfterFinished: 3600 + resources: {} diff --git a/charts/tp-cp-msg-contrib/Chart.yaml b/charts/tp-cp-msg-contrib/Chart.yaml index 104b8bb3..0f99f924 100644 --- a/charts/tp-cp-msg-contrib/Chart.yaml +++ b/charts/tp-cp-msg-contrib/Chart.yaml @@ -1,14 +1,14 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # apiVersion: v2 -appVersion: "1.3.0-14" +appVersion: "1.4.0-12" description: TIBCO Platform Control Plane -- Messaging name: tp-cp-msg-contrib -version: "1.3.18" +version: "1.4.20" maintainers: - email: tcm@tibco.com name: TIBCO Cloud Messaging Team diff --git a/charts/tp-cp-msg-contrib/recipes/copy-ui-to-cp.sh b/charts/tp-cp-msg-contrib/recipes/copy-ui-to-cp.sh deleted file mode 100644 index fe55f347..00000000 --- a/charts/tp-cp-msg-contrib/recipes/copy-ui-to-cp.sh +++ /dev/null @@ -1,55 +0,0 @@ -#!/bin/bash -# -# Copyright (c) 2023-2024. Cloud Software Group, Inc. -# This file is subject to the license terms contained -# in the license file that is distributed with this file. -# -set -x -base="$(cd "${0%/*}" 2>/dev/null; echo "$PWD")" -export CONTRIB_LIST="${CONTRIB_LIST:-"ems pulsar"}" -export RECIPE_PATH="${RECIPE_PATH:-"/private/tsc/config/capabilities/platform"}" -export UI_PATH="${UI_PATH:-"/contributions/gems/web/apps"}" -export OLD_UI_PATH="${OLD_UI_PATH:-"/private/tsc/contributors"}" -# export TARGET_PATH="${TARGET_PATH:-"/private/tsc/config/capabilities/platform"}" -export tmproot="$(dirname $OLD_UI_PATH)/tmp.$RANDOM" -export tmppkg="$tmproot/msgpkg" -export JOB_POST_SLEEP="${JOB_POST_SLEEP:-"180"}" -mkdir -p $tmppkg -# Cleanup any old backups -for TARGET_PATH in $RECIPE_PATH ; do - for cap in $CONTRIB_LIST ; do - old="$TARGET_PATH/$cap.old" - [ -d "$old" ] && rm -rf "$old" - done -done -# COPY recipe packaging files -for x in /boot/* ; do - inf="$x" - outf="$(basename $x | tr 'X' '/' )" - outd="$(dirname $outf)" - [ "$outd" = '.' ] && continue - echo "Staging pkgfile: $outf" - mkdir -p $tmppkg/$outd - cp $inf $tmppkg/$outf -done -# POST new PKG contributions -for x in $( /bin/ls -1 $tmppkg ) ; do - old="$RECIPE_PATH/$cap.old" - [ -e "$RECIPE_PATH/$x" ] && mv "$RECIPE_PATH/$x" "$RECIPE_PATH/$x.old" - echo "Updating $x" - mv "$tmppkg/$x" "$RECIPE_PATH/$x" -done -rm -rf $tmppkg -for TARGET_PATH in $RECIPE_PATH ; do - for cap in $CONTRIB_LIST ; do - find "$TARGET_PATH/$cap" -type f -ls - done -done -set +x -for cap in $CONTRIB_LIST ; do - echo "=== UI Version: $cap ===" - cat "$UI_PATH/$cap/version.txt" - find $RECIPE_PATH/$cap -name 'recipe.yaml' | xargs egrep -H ' version: ' -done -echo "sleeping $JOB_POST_SLEEP , before exit" -sleep $JOB_POST_SLEEP diff --git a/charts/tp-cp-msg-contrib/recipes/emsXlatest.json b/charts/tp-cp-msg-contrib/recipes/emsXlatest.json deleted file mode 100644 index e3aca20b..00000000 --- a/charts/tp-cp-msg-contrib/recipes/emsXlatest.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "capabilityVersion": "1.3.0", - "minCPVersion": "1.2.0", - "maxCPVersion": "", - "minVersionRequiredForUpgrade": "1.0.0", - "releaseDate": "2024/8/30", - "releaseNotes": "EMS 10.3.0 using FTL stores" -} diff --git a/charts/tp-cp-msg-contrib/recipes/pulsarXlatest.json b/charts/tp-cp-msg-contrib/recipes/pulsarXlatest.json deleted file mode 100644 index 5e7fe9be..00000000 --- a/charts/tp-cp-msg-contrib/recipes/pulsarXlatest.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "capabilityVersion": "1.3.0", - "minCPVersion": "1.2.0", - "maxCPVersion": "", - "minVersionRequiredForUpgrade": "1.2.0", - "releaseDate": "2024/8/30", - "releaseNotes": "Quasar 3.0.2 - powered by Apache Pulsar" -} diff --git a/charts/tp-cp-msg-contrib/scripts/mk-common.conf.sh b/charts/tp-cp-msg-contrib/scripts/mk-common.conf.sh index a9634599..99a26242 100644 --- a/charts/tp-cp-msg-contrib/scripts/mk-common.conf.sh +++ b/charts/tp-cp-msg-contrib/scripts/mk-common.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/scripts/mk-fluentbits.conf.sh b/charts/tp-cp-msg-contrib/scripts/mk-fluentbits.conf.sh index 29a874ae..e8b43e76 100644 --- a/charts/tp-cp-msg-contrib/scripts/mk-fluentbits.conf.sh +++ b/charts/tp-cp-msg-contrib/scripts/mk-fluentbits.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/scripts/mk-output.conf.sh b/charts/tp-cp-msg-contrib/scripts/mk-output.conf.sh index f9b75835..4ef41fb5 100644 --- a/charts/tp-cp-msg-contrib/scripts/mk-output.conf.sh +++ b/charts/tp-cp-msg-contrib/scripts/mk-output.conf.sh @@ -1,6 +1,6 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/scripts/mk-parsers.conf.sh b/charts/tp-cp-msg-contrib/scripts/mk-parsers.conf.sh index 586c09a6..b8d6f168 100644 --- a/charts/tp-cp-msg-contrib/scripts/mk-parsers.conf.sh +++ b/charts/tp-cp-msg-contrib/scripts/mk-parsers.conf.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/scripts/mk-watchdog.yaml.sh b/charts/tp-cp-msg-contrib/scripts/mk-watchdog.yaml.sh index d7323879..4dee1bfb 100644 --- a/charts/tp-cp-msg-contrib/scripts/mk-watchdog.yaml.sh +++ b/charts/tp-cp-msg-contrib/scripts/mk-watchdog.yaml.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/scripts/msg-create-ingress.sh b/charts/tp-cp-msg-contrib/scripts/msg-create-ingress.sh index 002fa891..e5932ae9 100644 --- a/charts/tp-cp-msg-contrib/scripts/msg-create-ingress.sh +++ b/charts/tp-cp-msg-contrib/scripts/msg-create-ingress.sh @@ -1,7 +1,7 @@ #!/bin/bash # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/scripts/msg-web-setup.sh b/charts/tp-cp-msg-contrib/scripts/msg-web-setup.sh index 053a5e70..1aed6bd1 100644 --- a/charts/tp-cp-msg-contrib/scripts/msg-web-setup.sh +++ b/charts/tp-cp-msg-contrib/scripts/msg-web-setup.sh @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -23,9 +23,9 @@ requiredEnv+=("PERMISSIONS_ENGINE_HOST") echo "Loading dnsdomains CM values" cmDnsList="/cm/cp-dns /cm/cic-dns" expectedCmDns="" -if [ "$MSGDP_ENV_TYPE" = "onprem" ]; then +if [ "$MSGDP_ENV_TYPE" = "nocic" ]; then expectedCmDns="/cm/cp-dns" -elif [ "$MSGDP_ENV_TYPE" = "saas" ]; then +elif [ "$MSGDP_ENV_TYPE" = "cic" ]; then expectedCmDns="/cm/cic-dns" else expectedCmDns="Unknown" @@ -100,6 +100,8 @@ for key in "${requiredEnv[@]}" ; do fi done +env_size=$(env | wc -c) +echo "Size of the current environment: $env_size bytes" env | sort if [ -n "$missing" ] ; then diff --git a/charts/tp-cp-msg-contrib/templates/_cp.helpers.tpl b/charts/tp-cp-msg-contrib/templates/_cp.helpers.tpl index a6ec4eb5..1c5a605f 100644 --- a/charts/tp-cp-msg-contrib/templates/_cp.helpers.tpl +++ b/charts/tp-cp-msg-contrib/templates/_cp.helpers.tpl @@ -2,7 +2,7 @@ {{/* MSG CP Common Helpers # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -13,15 +13,9 @@ MSG CP Common Helpers {{- define "msgdp.prodImageRepo" -}}"tibco-platform-docker-prod"{{ end }} {{- define "msgdp.reldockerImageRepo" -}}"tibco-platform"{{ end }} {{- define "msgdp.defaultImageRepo" -}}"tibco-platform-docker-prod"{{ end }} -# Old Repos -{{- define "msgdp.jfrogImageRepoOld" -}}"tibco-platform-local-docker/msg"{{ end }} -{{- define "msgdp.ecrImageRepoOld" -}}"msg-platform-cicd"{{ end }} -{{- define "msgdp.acrImageRepoOld" -}}"msg-platform-cicd"{{ end }} -{{- define "msgdp.reldockerImageRepoOld" -}}"messaging"{{ end }} -{{- define "msgdp.defaultImageRepoOld" -}}"messaging"{{ end }} -{{- define "const.onprem.dnsdomains" -}}"tp-cp-core-dnsdomains"{{ end }} -{{- define "const.saas.dnsdomains" -}}"tp-control-plane-dnsdomains"{{ end }} +{{- define "const.nocic.dnsdomains" -}}"tp-cp-core-dnsdomains"{{ end }} +{{- define "const.cic.dnsdomains" -}}"tp-control-plane-dnsdomains"{{ end }} {{/* Does key exist in given cm? */}} {{- define "env.check" }} @@ -77,21 +71,20 @@ need.msg.cp.params {{- $registry := "csgprdusw2reposaas.jfrog.io" -}} {{- $repo := include "msgdp.defaultImageRepo" . -}} {{- $imageName := "msg-cp-ui-contrib" -}} - {{- $imageTag := "1.3.0-14" -}} - {{- $TARGET_PATH := "/private/tsc/config/capabilities/platform" -}} - {{- $pullSecret := "" -}} + {{- $imageTag := "1.4.0-12" -}} + {{- $pullSecret := "cic2-tcm-ghcr-secret" -}} {{- $pullPolicy := "Always" -}} - {{- $enableWebserverSecurityContext := "true" -}} - {{- $enableJobSecurityContext := "false" -}} - {{- $CP_OTEL_SERVICE := "" -}} + {{- $enableSecurityContext := "true" -}} + {{- $CP_OTEL_SERVICE := "no-otelService" -}} {{- $CP_LOGGING_FLUENTBIT_ENABLED := "false" -}} - {{- $CP_SERVICE_ACCOUNT_NAME := "" -}} + {{- $CP_SERVICE_ACCOUNT_NAME := "no-serviceAcountName" -}} {{- $CP_SUBSCRIPTION_SINGLE_NAMESPACE := "false" -}} - {{- $SYSTEM_WHO := "" -}} - {{- $DNS_DOMAIN := "" -}} - {{- $ADMIN_DNS_DOMAIN := "" -}} + {{- $CP_ENABLE_RESOURCE_CONSTRAINTS := "true" -}} + {{- $SYSTEM_WHO := "no-instanceId" -}} + {{- $DNS_DOMAIN := "no-dnsDomain" -}} + {{- $ADMIN_DNS_DOMAIN := "no-adminDnsDomain" -}} {{- $CP_VOLUME_CLAIM := "control-plane-pvc" -}} - {{- $ENV_TYPE := "onprem" -}} + {{- $ENV_TYPE := "nocic" -}} # LEGACY SETTINGS {{- if .Values.data.SYSTEM_DOCKER_REGISTRY -}} {{- $registry = .Values.data.SYSTEM_DOCKER_REGISTRY -}} @@ -99,7 +92,7 @@ need.msg.cp.params {{- if (lookup "v1" "ConfigMap" .Release.Namespace "cp-env") -}} # On-Prem Env - {{- $ENV_TYPE = "onprem" -}} + {{- $ENV_TYPE = "nocic" -}} {{- $CP_DNS_DOMAIN := include "env.get" (dict "cm" "cp-env" "key" "CP_DNS_DOMAIN" "default" "" "required" "false" "Release" .Release) -}} {{- if ne $CP_DNS_DOMAIN "" }} {{- $DNS_DOMAIN = printf "*.%s" $CP_DNS_DOMAIN }} @@ -111,9 +104,10 @@ need.msg.cp.params {{- $CP_VOLUME_CLAIM = include "env.get" (dict "cm" "cp-env" "key" "CP_PVC_NAME" "default" $CP_VOLUME_CLAIM "required" "false" "Release" .Release) -}} {{- $CP_SERVICE_ACCOUNT_NAME = include "env.get" (dict "cm" "cp-env" "key" "CP_SERVICE_ACCOUNT_NAME" "default" $CP_SERVICE_ACCOUNT_NAME "required" "false" "Release" .Release) -}} {{- $CP_SUBSCRIPTION_SINGLE_NAMESPACE = include "env.get" (dict "cm" "cp-env" "key" "CP_SUBSCRIPTION_SINGLE_NAMESPACE" "default" $CP_SUBSCRIPTION_SINGLE_NAMESPACE "required" "false" "Release" .Release) -}} + {{- $CP_ENABLE_RESOURCE_CONSTRAINTS = include "env.get" (dict "cm" "cp-env" "key" "CP_ENABLE_RESOURCE_CONSTRAINTS" "default" $CP_ENABLE_RESOURCE_CONSTRAINTS "required" "false" "Release" .Release) -}} {{- else if (lookup "v1" "ConfigMap" .Release.Namespace "cic-env") -}} # SaaS Env - {{- $ENV_TYPE = "saas" -}} + {{- $ENV_TYPE = "cic" -}} {{- $DNS_DOMAIN = include "env.get" (dict "cm" "cic-env" "key" "CP_SUB_DNS_DOMAIN" "default" $DNS_DOMAIN "required" "false" "Release" .Release) -}} {{- $ADMIN_DNS_DOMAIN = include "env.get" (dict "cm" "cic-env" "key" "CP_ADMIN_DNS_DOMAIN" "default" $ADMIN_DNS_DOMAIN "required" "false" "Release" .Release) -}} {{- $SYSTEM_WHO = include "env.get" (dict "cm" "cic-env" "key" "SYSTEM_WHO" "default" $SYSTEM_WHO "required" "false" "Release" .Release) -}} @@ -136,7 +130,7 @@ need.msg.cp.params {{- else if contains "ghcr.io" $registry -}} {{- $repo = "tibco/msg-platform-cicd" -}} {{- $pullSecret = "cic2-tcm-ghcr-secret" -}} - {{- else if .Values.cp.useNewRepos -}} + {{- else -}} {{- if contains "jfrog.io" $registry -}} {{- $repo = include "msgdp.prodImageRepo" . -}} {{- else if contains "amazonaws.com" $registry -}} @@ -148,18 +142,6 @@ need.msg.cp.params {{- else -}} {{- $repo = include "msgdp.defaultImageRepo" . -}} {{- end -}} - {{- else -}} - {{- if contains "jfrog.io" $registry -}} - {{- $repo = include "msgdp.jfrogImageRepoOld" . -}} - {{- else if contains "amazonaws.com" $registry -}} - {{- $repo = include "msgdp.ecrImageRepoOld" . -}} - {{- else if contains "azurecr.io" $registry -}} - {{- $repo = include "msgdp.acrImageRepoOld" . -}} - {{- else if contains "reldocker.tibco.com" $registry -}} - {{- $repo = include "msgdp.reldockerImageRepoOld" . -}} - {{- else -}} - {{- $repo = include "msgdp.defaultImageRepoOld" . -}} - {{- end -}} {{- end -}} {{- $repo = include "env.get" (dict "cm" "cp-env" "key" "CP_CONTAINER_REGISTRY_REPO" "default" $repo "required" "false" "Release" .Release) -}} {{- $pullSecret = ternary $pullSecret .Values.global.cic.data.PULL_SECRET ( not .Values.global.cic.data.PULL_SECRET ) -}} @@ -173,19 +155,11 @@ need.msg.cp.params {{- $repo = ternary $repo .Values.cp.repository ( not .Values.cp.repository ) -}} {{- $imageName = ternary $imageName .Values.cp.imageName ( not .Values.cp.imageName ) -}} {{- $imageTag = ternary $imageTag .Values.cp.imageTag ( not .Values.cp.imageTag ) -}} - {{- $TARGET_PATH = ternary $TARGET_PATH .Values.cp.TARGET_PATH ( not .Values.cp.TARGET_PATH ) -}} {{- $pullSecret = ternary $pullSecret .Values.cp.pullSecret ( not .Values.cp.pullSecret ) -}} {{- $pullPolicy = ternary $pullPolicy .Values.cp.pullPolicy ( not .Values.cp.pullPolicy ) -}} - {{- if hasKey .Values.cp "enableWebserverSecurityContext" -}} - {{- $enableWebserverSecurityContext = .Values.cp.enableWebserverSecurityContext -}} - {{- end -}} - {{- if hasKey .Values.cp "enableJobSecurityContext" -}} - {{- $enableJobSecurityContext = .Values.cp.enableJobSecurityContext -}} - {{- end -}} - {{- if hasKey .Values.cp "enableSecurityContext" -}} - {{- $enableWebserverSecurityContext = .Values.cp.enableSecurityContext -}} - {{- $enableJobSecurityContext = .Values.cp.enableSecurityContext -}} - {{- end -}} + {{- if hasKey .Values.cp "enableSecurityContext" -}} + {{- $enableSecurityContext = .Values.cp.enableSecurityContext -}} + {{- end -}} {{- end -}} {{- $imageDefaultName := printf "%s/%s/%s:%s" $registry $repo $imageName $imageTag | replace "\"" "" -}} # @@ -196,7 +170,6 @@ cp: registry: {{ $registry }} repo: {{ $repo }} imageFullName: {{ .Values.cp.imageFullName | default $imageDefaultName }} - TARGET_PATH: {{ $TARGET_PATH }} pullSecret: {{ $pullSecret }} pullPolicy: {{ $pullPolicy }} LOGGING_FLUENTBIT_ENABLED: {{ $CP_LOGGING_FLUENTBIT_ENABLED }} @@ -205,15 +178,10 @@ cp: ADMIN_DNS_DOMAIN: '{{ $ADMIN_DNS_DOMAIN }}' serviceAccount: {{ $CP_SERVICE_ACCOUNT_NAME }} SUBSCRIPTION_SINGLE_NAMESPACE: {{ $CP_SUBSCRIPTION_SINGLE_NAMESPACE }} + enableResourceConstraints: {{ $CP_ENABLE_RESOURCE_CONSTRAINTS}} SYSTEM_WHO: {{ $SYSTEM_WHO }} ENV_TYPE: {{ $ENV_TYPE }} - enableWebserverSecurityContext: {{ $enableWebserverSecurityContext }} - enableJobSecurityContext: {{ $enableJobSecurityContext }} - boot: - volName: scripts-vol - storageType: configMap - storageName: tp-cp-msg-webserver-scripts - readOnly: true + enableSecurityContext: {{ $enableSecurityContext }} cp_env: volName: cp-env-vol storageType: configMap @@ -229,13 +197,13 @@ cp: cp_dns: volName: cp-dns-vol storageType: configMap - storageName: {{ include "const.onprem.dnsdomains" . }} + storageName: {{ include "const.nocic.dnsdomains" . }} readOnly: false optional: true cic_dns: volName: cic-dns-vol storageType: configMap - storageName: {{ include "const.saas.dnsdomains" . }} + storageName: {{ include "const.cic.dnsdomains" . }} readOnly: false optional: true cp_extra: @@ -247,53 +215,12 @@ cp: {{- end }} {{/* -msg.envPodRefs - expand a list of for use in a env: section +msg.cp.security.pod - Generate a pod securityContext section from $xxParams struct +.. works with msg.cp.security.container to standardize non-root securityContext restrictions */}} -{{- define "msg.envPodRefs" }} -# START-OF- EXPANDED PodRef List -{{- range $key, $val := . }} -- name: {{ $key | quote }} - valueFrom: - fieldRef: - fieldPath: {{ $val }} -{{- end }} -# END-OF-EXPANDED PodRef List -{{- end }} - - -{{/* -msg.envStdPodRefs - generate a list of standard for use in a env: section -*/}} -{{- define "msg.envStdPodRefs" }} -- name: "MY_RELEASE" - value: {{ .Release.Name }} -{{- $stdRefs := (dict "MY_POD_NAME" "metadata.name" "MY_NAMESPACE" "metadata.namespace" "MY_POD_IP" "status.podIP" "MY_NODE_NAME" "spec.nodeName" "MY_NODE_IP" "status.hostIP" "MY_SA_NAME" "spec.serviceAccountName" ) -}} -{{ include "msg.envPodRefs" $stdRefs }} -{{- end }} - -{{/* -msg.webserver.security.pod - Generate a pod securityContext section from $xxParams struct -.. works with msg.webserver.security.container to standardize non-root securityContext restrictions -*/}} -{{- define "msg.webserver.security.pod" }} -{{- if .cp.enableWebserverSecurityContext }} -securityContext: - runAsUser: {{ int .cp.uid }} - runAsGroup: {{ int .cp.gid }} - fsGroup: {{ int .cp.gid }} - {{- if eq (int 0) (int .cp.uid) }} - runAsNonRoot: false - {{- else }} - runAsNonRoot: true - fsGroupChangePolicy: Always - seccompProfile: - type: RuntimeDefault - {{- end }} -{{- end }} -{{- end }} - -{{- define "msg.job.security.pod" }} -{{- if .cp.enableJobSecurityContext }} +{{- define "msg.cp.security.pod" }} +{{- if .cp.enableSecurityContext }} + {{- if eq .securityProfile "pss-restricted" }} securityContext: runAsUser: {{ int .cp.uid }} runAsGroup: {{ int .cp.gid }} @@ -306,6 +233,7 @@ securityContext: seccompProfile: type: RuntimeDefault {{- end }} + {{- end }} {{- end }} {{- end }} @@ -313,24 +241,9 @@ securityContext: msg.cp.security.container - Generate a container securityContext section from $xxParams struct .. works with msg.cp.security.pod to standardize non-root securityContext restrictions */}} -{{- define "msg.webserver.security.container" }} -{{- if .cp.enableWebserverSecurityContext }} -securityContext: - runAsUser: {{ int .cp.uid }} - runAsGroup: {{ int .cp.gid }} - {{- if ne (int 0) (int .cp.uid) }} - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - {{- end }} -{{- end }} -{{- end }} - -{{- define "msg.job.security.container" }} -{{- if .cp.enableJobSecurityContext }} +{{- define "msg.cp.security.container" }} +{{- if .cp.enableSecurityContext }} + {{- if eq .securityProfile "pss-restricted" }} securityContext: runAsUser: {{ int .cp.uid }} runAsGroup: {{ int .cp.gid }} @@ -339,8 +252,10 @@ securityContext: capabilities: drop: - ALL + - CAP_NET_RAW readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/tp-cp-msg-contrib/templates/_dp.helpers.tpl b/charts/tp-cp-msg-contrib/templates/_dp.helpers.tpl index 74ad4bc0..c83896ab 100644 --- a/charts/tp-cp-msg-contrib/templates/_dp.helpers.tpl +++ b/charts/tp-cp-msg-contrib/templates/_dp.helpers.tpl @@ -2,7 +2,7 @@ {{/* MSG DP Common Helpers # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -36,6 +36,7 @@ need.msg.dp.params {{- $instanceId := "no-instanceId" -}} {{- $fluentbitEnabled := .Values.global.cp.logging.fluentbit.enabled -}} {{- $enableClusterScopedPerm := .Values.global.cp.enableClusterScopedPerm -}} + {{- $enableResourceConstraints := .Values.global.cp.enableResourceConstraints -}} {{- $enableSecurityContext := true -}} {{- $enableHaproxy := true -}} # These 3 are currently unused! @@ -116,6 +117,9 @@ need.msg.dp.params {{- if hasKey .Values.dp "enableClusterScopedPerm" -}} {{- $enableClusterScopedPerm = .Values.dp.enableClusterScopedPerm -}} {{- end -}} + {{- if hasKey .Values.dp "enableResourceConstraints" -}} + {{- $enableResourceConstraints = .Values.dp.enableResourceConstraints -}} + {{- end -}} {{- if hasKey .Values.dp "enableSecurityContext" -}} {{- $enableSecurityContext = .Values.dp.enableSecurityContext -}} {{- end -}} @@ -146,6 +150,7 @@ dp: chart: {{ printf "%s-%s" .Chart.Name .Chart.Version }} fluentbitEnabled: {{ $fluentbitEnabled }} enableClusterScopedPerm: {{ $enableClusterScopedPerm }} + enableResourceConstraints: {{ $enableResourceConstraints }} enableSecurityContext: {{ $enableSecurityContext }} enableHaproxy: {{ $enableHaproxy }} {{- end }} @@ -178,7 +183,7 @@ note: tib-msg-stsname will be added directly in statefulset charts, as it needs */}} {{- define "msg.dpparams.labels" }} tib-dp-release: {{ .dp.release }} -tib-dp-msgbuild: "1.3.0.18" +tib-dp-msgbuild: "1.4.0.20" tib-dp-chart: {{ .dp.chart }} tib-dp-workload-type: "capability-service" tib-dp-dataplane-id: "{{ .dp.name }}" @@ -438,6 +443,7 @@ securityContext: capabilities: drop: - ALL + - CAP_NET_RAW readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} @@ -450,7 +456,9 @@ securityContext: capabilities: drop: - ALL - readOnlyRootFilesystem: false + - CAP_NET_RAW + # readOnlyRootFilesystem: false + readOnlyRootFilesystem: true runAsNonRoot: true {{- end }} {{- end }} diff --git a/charts/tp-cp-msg-contrib/templates/_webserver.helpers.tpl b/charts/tp-cp-msg-contrib/templates/_webserver.helpers.tpl new file mode 100644 index 00000000..1b0d47b8 --- /dev/null +++ b/charts/tp-cp-msg-contrib/templates/_webserver.helpers.tpl @@ -0,0 +1,25 @@ +{{/* +MSGDP Controlplane Webserver Helpers +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +*/}} + +{{/* +need.msg.webserver.params +*/}} +{{ define "need.msg.webserver.params" }} +{{- $cpParams := include "need.msg.cp.params" . | fromYaml -}} +# Fill in $webserverParams yaml +{{ include "need.msg.cp.params" . }} +webserver: + boot: + volName: scripts-vol + storageType: configMap + storageName: tp-cp-msg-webserver-scripts + readOnly: true +securityProfile: "{{ .Values.webserver.securityProfile | default "pss-restricted" }}" +{{ end }} diff --git a/charts/tp-cp-msg-contrib/templates/cp-efs.job.yaml b/charts/tp-cp-msg-contrib/templates/cp-efs.job.yaml deleted file mode 100644 index 4b864f24..00000000 --- a/charts/tp-cp-msg-contrib/templates/cp-efs.job.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# -# Copyright (c) 2023-2024. Cloud Software Group, Inc. -# This file is subject to the license terms contained -# in the license file that is distributed with this file. -# -{{- $cpParams := include "need.msg.cp.params" . | fromYaml }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "tp-cp-msg-job-{{ .Release.Name }}-{{ randAlphaNum 4 | lower }}" - labels: - name: "msg-cp-efs" - app.kubernetes.io/component: msg - namespace: "{{ .Release.Namespace }}" -spec: - backoffLimit: 0 - #4hr limit - activeDeadlineSeconds: 14400 - #72hr limit - activeDeadlineSeconds: 259200 - ttlSecondsAfterFinished: 259200 - template: - metadata: - name: "msg-cp-efs-{{ .Release.Name }}" - namespace: "{{ .Release.Namespace }}" - labels: - name: "msg-cp-efs" - app.kubernetes.io/component: msg - spec: - enableServiceLinks: false - nodeSelector: - kubernetes.io/os: linux - {{- if $cpParams.cp.pullSecret }} - imagePullSecrets: - - name: {{ $cpParams.cp.pullSecret }} - {{- end }} - restartPolicy: Never - volumes: - - name: efs-vol - persistentVolumeClaim: - claimName: "{{ $cpParams.cp.CP_VOLUME_CLAIM }}" - - name: boot-vol - configMap: - name: "tp-cp-msg-webserver-pkg" - {{ include "msg.job.security.pod" $cpParams | nindent 12 }} - terminationGracePeriodSeconds: 10 - containers: - - name: "msg-cp-efs" - command: ['bash', '-c', ] - args: - - > - bash < /boot/copy-ui-to-cp.sh - image: "{{ $cpParams.cp.imageFullName }}" - imagePullPolicy: {{ $cpParams.cp.pullPolicy }} - {{ include "msg.job.security.container" $cpParams | nindent 16 }} - volumeMounts: - - mountPath: /boot - name: boot-vol - - mountPath: /private/tsc - name: efs-vol - subPath: tsc - env: - - name: TARGET_PATH - value: "{{ $cpParams.cp.TARGET_PATH }}" - - name: JOB_POST_SLEEP - value: "{{ .Values.jobPostSleep }}" - - name: ROLLME - # REQUIRE NEW JOB TO START - value: {{ randAlphaNum 5 | quote }} -# END diff --git a/charts/tp-cp-msg-contrib/templates/msg-webserver-deployment.yaml b/charts/tp-cp-msg-contrib/templates/msg-webserver-deployment.yaml index 91fe608c..591cb528 100644 --- a/charts/tp-cp-msg-contrib/templates/msg-webserver-deployment.yaml +++ b/charts/tp-cp-msg-contrib/templates/msg-webserver-deployment.yaml @@ -1,9 +1,9 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # -{{- $cpParams := include "need.msg.cp.params" . | fromYaml }} +{{- $webserverParams := include "need.msg.webserver.params" . | fromYaml }} apiVersion: apps/v1 kind: Deployment metadata: @@ -27,14 +27,20 @@ spec: spec: nodeSelector: kubernetes.io/os: linux - {{- if $cpParams.cp.pullSecret }} + {{- if $webserverParams.cp.pullSecret }} imagePullSecrets: - - name: {{ $cpParams.cp.pullSecret }} + - name: {{ $webserverParams.cp.pullSecret }} {{- end }} containers: - name: msg-gems - image: "{{ $cpParams.cp.imageFullName }}" - imagePullPolicy: {{ $cpParams.cp.pullPolicy }} + image: "{{ $webserverParams.cp.imageFullName }}" + imagePullPolicy: {{ $webserverParams.cp.pullPolicy }} + {{- if $webserverParams.cp.enableResourceConstraints }} + {{- with .Values.resources }} + resources: + {{- toYaml . | nindent 10}} + {{- end }} + {{- end }} command: ['/compliance/check_eua', 'bash', '-c' ] #exec /usr/local/watchdog/bin/wait-for-shutdown.sh ; args: @@ -47,10 +53,28 @@ spec: exec /usr/local/watchdog/bin/watchdog ; ports: - containerPort: 7513 - {{ include "msg.webserver.security.container" $cpParams | nindent 8 }} + {{ include "msg.cp.security.container" $webserverParams | nindent 8 }} + {{ if ne "pod-edit" $webserverParams.securityProfile }} + livenessProbe: + httpGet: + path: /livez + port: 7513 + initialDelaySeconds: 3 + periodSeconds: 15 + successThreshold: 1 + failureThreshold: 4 + readinessProbe: + httpGet: + path: /livez + port: 7513 + initialDelaySeconds: 3 + periodSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + {{ end }} volumeMounts: - mountPath: /boot - {{ include "msg.pv.vol.mount" $cpParams.cp.boot | nindent 10 }} + {{ include "msg.pv.vol.mount" $webserverParams.webserver.boot | nindent 10 }} - mountPath: /data name: msg-webserver-data - mountPath: /logs @@ -59,15 +83,15 @@ spec: name: efs-vol subPath: tsc - mountPath: /cm/cp-env - {{ include "msg.pv.vol.mount" $cpParams.cp.cp_env | nindent 10 }} + {{ include "msg.pv.vol.mount" $webserverParams.cp.cp_env | nindent 10 }} - mountPath: /cm/cic-env - {{ include "msg.pv.vol.mount" $cpParams.cp.cic_env | nindent 10 }} + {{ include "msg.pv.vol.mount" $webserverParams.cp.cic_env | nindent 10 }} - mountPath: /cm/cp-dns - {{ include "msg.pv.vol.mount" $cpParams.cp.cp_dns | nindent 10 }} + {{ include "msg.pv.vol.mount" $webserverParams.cp.cp_dns | nindent 10 }} - mountPath: /cm/cic-dns - {{ include "msg.pv.vol.mount" $cpParams.cp.cic_dns | nindent 10 }} + {{ include "msg.pv.vol.mount" $webserverParams.cp.cic_dns | nindent 10 }} - mountPath: /cm/cp-extra - {{ include "msg.pv.vol.mount" $cpParams.cp.cp_extra | nindent 10 }} + {{ include "msg.pv.vol.mount" $webserverParams.cp.cp_extra | nindent 10 }} env: {{ include "msg.envStdPodRefs" . | indent 8 }} - name: ACCEPT_EUA @@ -79,38 +103,38 @@ spec: - name: LOG_ALERT_PORT value: "8099" - name: MSGDP_ENV_TYPE - value: "{{ $cpParams.cp.ENV_TYPE }}" + value: "{{ $webserverParams.cp.ENV_TYPE }}" - name: MSGDP_LOGGING_FLUENTBIT_ENABLED - value: "{{ $cpParams.cp.LOGGING_FLUENTBIT_ENABLED }}" + value: "{{ $webserverParams.cp.LOGGING_FLUENTBIT_ENABLED }}" - name: MSGDP_OTEL_SERVICE - value: "{{ $cpParams.cp.OTEL_SERVICE }}" + value: "{{ $webserverParams.cp.OTEL_SERVICE }}" - name: MSGDP_DNS_DOMAIN - value: "{{ $cpParams.cp.DNS_DOMAIN }}" + value: "{{ $webserverParams.cp.DNS_DOMAIN }}" - name: MSGDP_ADMIN_DNS_DOMAIN - value: "{{ $cpParams.cp.ADMIN_DNS_DOMAIN }}" + value: "{{ $webserverParams.cp.ADMIN_DNS_DOMAIN }}" - name: MSGDP_SUBSCRIPTION_SINGLE_NAMESPACE - value: "{{ $cpParams.cp.SUBSCRIPTION_SINGLE_NAMESPACE }}" + value: "{{ $webserverParams.cp.SUBSCRIPTION_SINGLE_NAMESPACE }}" - name: MSGDP_SYSTEM_WHO - value: "{{ $cpParams.cp.SYSTEM_WHO }}" + value: "{{ $webserverParams.cp.SYSTEM_WHO }}" - name: ACME_HOST - value: "{{ $cpParams.cp.ADMIN_DNS_DOMAIN }}" + value: "{{ $webserverParams.cp.ADMIN_DNS_DOMAIN }}" - name: SUBSCRIPTION_SINGLE_NAMESPACE - value: "{{ $cpParams.cp.SUBSCRIPTION_SINGLE_NAMESPACE }}" + value: "{{ $webserverParams.cp.SUBSCRIPTION_SINGLE_NAMESPACE }}" - name: SYSTEM_WHO - value: "{{ $cpParams.cp.SYSTEM_WHO }}" + value: "{{ $webserverParams.cp.SYSTEM_WHO }}" volumes: - {{ include "msg.pv.vol.def" $cpParams.cp.boot | nindent 6 }} + {{ include "msg.pv.vol.def" $webserverParams.webserver.boot | nindent 6 }} - name: msg-webserver-data emptyDir: {} - name: msg-webserver-logs emptyDir: {} - name: efs-vol persistentVolumeClaim: - claimName: "{{ $cpParams.cp.CP_VOLUME_CLAIM }}" - {{ include "msg.pv.vol.def" $cpParams.cp.cp_env | nindent 6 }} - {{ include "msg.pv.vol.def" $cpParams.cp.cic_env | nindent 6 }} - {{ include "msg.pv.vol.def" $cpParams.cp.cp_dns | nindent 6 }} - {{ include "msg.pv.vol.def" $cpParams.cp.cic_dns | nindent 6 }} - {{ include "msg.pv.vol.def" $cpParams.cp.cp_extra | nindent 6 }} - {{ include "msg.webserver.security.pod" $cpParams | nindent 6 }} - serviceAccountName: "{{ $cpParams.cp.serviceAccount }}" + claimName: "{{ $webserverParams.cp.CP_VOLUME_CLAIM }}" + {{ include "msg.pv.vol.def" $webserverParams.cp.cp_env | nindent 6 }} + {{ include "msg.pv.vol.def" $webserverParams.cp.cic_env | nindent 6 }} + {{ include "msg.pv.vol.def" $webserverParams.cp.cp_dns | nindent 6 }} + {{ include "msg.pv.vol.def" $webserverParams.cp.cic_dns | nindent 6 }} + {{ include "msg.pv.vol.def" $webserverParams.cp.cp_extra | nindent 6 }} + {{ include "msg.cp.security.pod" $webserverParams | nindent 6 }} + serviceAccountName: "{{ $webserverParams.cp.serviceAccount }}" diff --git a/charts/tp-cp-msg-contrib/templates/msg-webserver-service.yaml b/charts/tp-cp-msg-contrib/templates/msg-webserver-service.yaml index e0fce742..4e0356da 100644 --- a/charts/tp-cp-msg-contrib/templates/msg-webserver-service.yaml +++ b/charts/tp-cp-msg-contrib/templates/msg-webserver-service.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/templates/msg-webserver-tibcoroute.yaml b/charts/tp-cp-msg-contrib/templates/msg-webserver-tibcoroute.yaml index 50eec696..55f78c21 100644 --- a/charts/tp-cp-msg-contrib/templates/msg-webserver-tibcoroute.yaml +++ b/charts/tp-cp-msg-contrib/templates/msg-webserver-tibcoroute.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/templates/recipe.cm.yaml b/charts/tp-cp-msg-contrib/templates/recipe.cm.yaml deleted file mode 100644 index 14253fb5..00000000 --- a/charts/tp-cp-msg-contrib/templates/recipe.cm.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# -# Copyright (c) 2023-2024. Cloud Software Group, Inc. -# This file is subject to the license terms contained -# in the license file that is distributed with this file. -# - -apiVersion: v1 -kind: ConfigMap -metadata: - name: tp-cp-msg-webserver-pkg - namespace: "{{ .Release.Namespace }}" - labels: -data: -{{ (.Files.Glob "recipes/*").AsConfig | indent 2 }} -... diff --git a/charts/tp-cp-msg-contrib/templates/script.cm.yaml b/charts/tp-cp-msg-contrib/templates/script.cm.yaml index 5d4a32d5..ba96a3ed 100644 --- a/charts/tp-cp-msg-contrib/templates/script.cm.yaml +++ b/charts/tp-cp-msg-contrib/templates/script.cm.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/values.yaml b/charts/tp-cp-msg-contrib/values.yaml index 9aeb7406..d515021f 100644 --- a/charts/tp-cp-msg-contrib/values.yaml +++ b/charts/tp-cp-msg-contrib/values.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -26,14 +26,25 @@ data: cp: registry: repository: - useNewRepos: false CP_VOLUME_CLAIM: pullSecret: + pullPolicy: imageName: imageTag: - TARGET_PATH: -# Sleep after completing update, and before pod exits for auditing -jobPostSleep: + enableSecurityContext: true + +webserver: + securityProfile: + + +resources: + requests: + cpu: 50m + memory: 50Mi + limits: + cpu: "2" + memory: 4096Mi + # ##### EXAMPLE VALUES SECTIONS # RECOMMENDED Multi-chart SETTINGS # -- EXAMPLE @@ -57,6 +68,6 @@ jobPostSleep: # repo: msg-platform-cicd # CP_VOLUME_CLAIM: provider-cp-fs-store # imageName: msg-cp-ui-contrib -# imageTag: "1.3.0-14" +# imageTag: "1.4.0-12" # TARGET_PATH: /private/tsc/config/capabilities/platform # imageFullName: diff --git a/charts/tp-cp-msg-recipes/Chart.yaml b/charts/tp-cp-msg-recipes/Chart.yaml new file mode 100644 index 00000000..d5fe9996 --- /dev/null +++ b/charts/tp-cp-msg-recipes/Chart.yaml @@ -0,0 +1,20 @@ +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +apiVersion: v2 +appVersion: "1.4.0-12" +description: TIBCO Platform Control Plane -- Messaging +name: tp-cp-msg-recipes +version: "1.4.20" +maintainers: +- email: tcm@tibco.com + name: TIBCO Cloud Messaging Team +keywords: +- tibco-platform +- control-plane +- messaging +- EMS +- Pulsar diff --git a/charts/tp-cp-msg-recipes/LICENSE b/charts/tp-cp-msg-recipes/LICENSE new file mode 100644 index 00000000..d6456956 --- /dev/null +++ b/charts/tp-cp-msg-recipes/LICENSE @@ -0,0 +1,202 @@ + + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. diff --git a/charts/tp-cp-msg-recipes/README.md b/charts/tp-cp-msg-recipes/README.md new file mode 100644 index 00000000..7b9dd852 --- /dev/null +++ b/charts/tp-cp-msg-recipes/README.md @@ -0,0 +1,5 @@ +# TIBCO® Control Plane - Chart for enabling provisioning of TIBCO® Messaging capabilities +[tp-cp-msg-contrib](../../charts/msg-ems-tp) is used to - +* Enable Control Plane provisioning of Messaging capabilities on a Data Planes. +## How to use +Generally this chart will be used during TIBCO Platform Control Plane installation to enable provisioning of messaging capabilities. diff --git a/charts/tp-cp-msg-recipes/recipes/copy-ui-to-cp.sh b/charts/tp-cp-msg-recipes/recipes/copy-ui-to-cp.sh new file mode 100644 index 00000000..027b0c19 --- /dev/null +++ b/charts/tp-cp-msg-recipes/recipes/copy-ui-to-cp.sh @@ -0,0 +1,86 @@ +#!/bin/bash +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# +set -x +base="$(cd "${0%/*}" 2>/dev/null; echo "$PWD")" +export CONTRIB_LIST="${CONTRIB_LIST:-"ems pulsar"}" +export TARGET_PATH="${TARGET_PATH:-"/private/tsc/config/capabilities/platform"}" +export UI_PATH="${UI_PATH:-"/contributions/gems/web/apps"}" +export STAGING_PATH="${STAGING_PATH:-/data}" +# export TARGET_PATH="${TARGET_PATH:-"/private/tsc/config/capabilities/platform"}" +export tmproot="$STAGING_PATH/tmp.$RANDOM" +export tmppkg="$tmproot/msgpkg" +export JOB_WAIT_TARGET_PATH="${JOB_WAIT_TARGET_PATH:-"300"}" +export JOB_POST_SLEEP="${JOB_POST_SLEEP:-"180"}" + +whoami +id + +function show_target_contributions { + for cap in $CONTRIB_LIST ; do + find "$TARGET_PATH/$cap" -type f -ls + done + set +x + for cap in $CONTRIB_LIST ; do + echo "=== UI Version: $cap ===" + cat "$UI_PATH/$cap/version.txt" + find $TARGET_PATH/$cap -name 'recipe.yaml' | xargs egrep -H ' version: ' + done +} + +function debug_on_error { + echo "Error: Collecting debug information." + echo "df -h" + df -h + ls -la "$TARGET_PATH" + ls -la $(dirname "$TARGET_PATH") + show_target_contributions +} + +trap debug_on_error ERR + +mkdir -p "$tmppkg" +# Cleanup any old backups +for cap in $CONTRIB_LIST ; do + old="$TARGET_PATH/$cap.old" + [ -d "$old" ] && rm -rf "$old" +done +# COPY recipe packaging files +for x in /boot/* ; do + inf="$x" + outf="$(basename $x | tr 'X' '/' )" + outd="$(dirname $outf)" + [ "$outd" = '.' ] && continue + echo "Staging pkgfile: $outf" + mkdir -p $tmppkg/$outd + cp $inf $tmppkg/$outf +done + +# Wait until $TARGET_PATH exists +elapsed=0 +while [ ! -d "$TARGET_PATH" ]; do + if [ "$elapsed" -ge "$JOB_WAIT_TARGET_PATH" ]; then + echo "Timeout waiting for $TARGET_PATH to exist" + debug_on_error + exit 1 + fi + sleep 3 + elapsed=$((elapsed + 3)) +done + +# POST new PKG contributions +for x in $( /bin/ls -1 $tmppkg ) ; do + old="$TARGET_PATH/$cap.old" + [ -e "$TARGET_PATH/$x" ] && mv "$TARGET_PATH/$x" "$TARGET_PATH/$x.old" + echo "Updating $x" + mv "$tmppkg/$x" "$TARGET_PATH/$x" +done +rm -rf $tmproot + +show_target_contributions + +echo "sleeping $JOB_POST_SLEEP , before exit" +sleep $JOB_POST_SLEEP diff --git a/charts/tp-cp-msg-contrib/recipes/emsX1.3.0Xpackage.json b/charts/tp-cp-msg-recipes/recipes/emsX1.3.0Xpackage.json similarity index 100% rename from charts/tp-cp-msg-contrib/recipes/emsX1.3.0Xpackage.json rename to charts/tp-cp-msg-recipes/recipes/emsX1.3.0Xpackage.json diff --git a/charts/tp-cp-msg-contrib/recipes/emsX1.3.0Xrecipe.yaml b/charts/tp-cp-msg-recipes/recipes/emsX1.3.0Xrecipe.yaml similarity index 91% rename from charts/tp-cp-msg-contrib/recipes/emsX1.3.0Xrecipe.yaml rename to charts/tp-cp-msg-recipes/recipes/emsX1.3.0Xrecipe.yaml index 212589c1..c3aa4757 100644 --- a/charts/tp-cp-msg-contrib/recipes/emsX1.3.0Xrecipe.yaml +++ b/charts/tp-cp-msg-recipes/recipes/emsX1.3.0Xrecipe.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # diff --git a/charts/tp-cp-msg-contrib/recipes/emsX1.2.0Xpackage.json b/charts/tp-cp-msg-recipes/recipes/emsX1.4.0Xpackage.json similarity index 100% rename from charts/tp-cp-msg-contrib/recipes/emsX1.2.0Xpackage.json rename to charts/tp-cp-msg-recipes/recipes/emsX1.4.0Xpackage.json diff --git a/charts/tp-cp-msg-contrib/recipes/emsX1.2.0Xrecipe.yaml b/charts/tp-cp-msg-recipes/recipes/emsX1.4.0Xrecipe.yaml similarity index 82% rename from charts/tp-cp-msg-contrib/recipes/emsX1.2.0Xrecipe.yaml rename to charts/tp-cp-msg-recipes/recipes/emsX1.4.0Xrecipe.yaml index 69e7fc34..1eb29c63 100644 --- a/charts/tp-cp-msg-contrib/recipes/emsX1.2.0Xrecipe.yaml +++ b/charts/tp-cp-msg-recipes/recipes/emsX1.4.0Xrecipe.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -16,9 +16,9 @@ recipe: host: "${HELM_REPO}" values: - content: | - emsVersion: "10.3.0-24" + emsVersion: "10.3.0-36" ems: name: ${EMS_NAME} use: ${EMS_USE} sizing: ${EMS_SIZE} - version: "1.2.24" + version: "1.4.20" diff --git a/charts/tp-cp-msg-recipes/recipes/emsXlatest.json b/charts/tp-cp-msg-recipes/recipes/emsXlatest.json new file mode 100644 index 00000000..3e6f1d09 --- /dev/null +++ b/charts/tp-cp-msg-recipes/recipes/emsXlatest.json @@ -0,0 +1,8 @@ +{ + "capabilityVersion": "1.4.0", + "minCPVersion": "1.3.0", + "maxCPVersion": "", + "minVersionRequiredForUpgrade": "1.3.0", + "releaseDate": "2024/12/30", + "releaseNotes": "#cshid=migration_and_compatibility" +} diff --git a/charts/tp-cp-msg-contrib/recipes/emsXversions.json b/charts/tp-cp-msg-recipes/recipes/emsXversions.json similarity index 54% rename from charts/tp-cp-msg-contrib/recipes/emsXversions.json rename to charts/tp-cp-msg-recipes/recipes/emsXversions.json index b28ec48f..4c7f6924 100644 --- a/charts/tp-cp-msg-contrib/recipes/emsXversions.json +++ b/charts/tp-cp-msg-recipes/recipes/emsXversions.json @@ -1,17 +1,17 @@ [ { - "capabilityVersion": "1.2.0", - "minCPVersion": "1.0.0", + "capabilityVersion": "1.4.0", + "minCPVersion": "1.3.0", "maxCPVersion": "", - "minVersionRequiredForUpgrade": "1.0.0", + "minVersionRequiredForUpgrade": "1.3.0", "releaseNotes": "#cshid=migration_and_compatibility", - "releaseDate": "2024/5/30" + "releaseDate": "2024/12/30" }, { "capabilityVersion": "1.3.0", - "minCPVersion": "1.0.0", + "minCPVersion": "1.3.0", "maxCPVersion": "", - "minVersionRequiredForUpgrade": "1.0.0", + "minVersionRequiredForUpgrade": "1.2.0", "releaseNotes": "#cshid=migration_and_compatibility", "releaseDate": "2024/8/30" } diff --git a/charts/tp-cp-msg-contrib/recipes/pulsarX1.3.0Xpackage.json b/charts/tp-cp-msg-recipes/recipes/pulsarX1.3.0Xpackage.json similarity index 100% rename from charts/tp-cp-msg-contrib/recipes/pulsarX1.3.0Xpackage.json rename to charts/tp-cp-msg-recipes/recipes/pulsarX1.3.0Xpackage.json diff --git a/charts/tp-cp-msg-contrib/recipes/pulsarX1.3.0Xrecipe.yaml b/charts/tp-cp-msg-recipes/recipes/pulsarX1.3.0Xrecipe.yaml similarity index 89% rename from charts/tp-cp-msg-contrib/recipes/pulsarX1.3.0Xrecipe.yaml rename to charts/tp-cp-msg-recipes/recipes/pulsarX1.3.0Xrecipe.yaml index ce340d6e..239743e8 100644 --- a/charts/tp-cp-msg-contrib/recipes/pulsarX1.3.0Xrecipe.yaml +++ b/charts/tp-cp-msg-recipes/recipes/pulsarX1.3.0Xrecipe.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -24,4 +24,4 @@ recipe: cp: adminUser: "${PROVISIONING_USER_EMAIL}" jwks: "${JWKS}" - version: "1.3.18" + version: "1.3.16" diff --git a/charts/tp-cp-msg-contrib/recipes/pulsarX1.2.0Xpackage.json b/charts/tp-cp-msg-recipes/recipes/pulsarX1.4.0Xpackage.json similarity index 67% rename from charts/tp-cp-msg-contrib/recipes/pulsarX1.2.0Xpackage.json rename to charts/tp-cp-msg-recipes/recipes/pulsarX1.4.0Xpackage.json index 0f9b732a..21e67e5b 100644 --- a/charts/tp-cp-msg-contrib/recipes/pulsarX1.2.0Xpackage.json +++ b/charts/tp-cp-msg-recipes/recipes/pulsarX1.4.0Xpackage.json @@ -29,23 +29,6 @@ "provisioningRoles": [ "DEV_OPS" ], - "services": [ - { - "description": "Pulsar Broker StatefulSet", - "name": "broker" - }, - { - "description": "Pulsar bookie StatefulSet", - "name": "bookie" - }, - { - "description": "Pulsar zookeeper StatefulSet", - "name": "zoo" - }, - { - "description": "Pulsar proxy StatefulSet", - "name": "proxy" - } - ] + "services": [] } } diff --git a/charts/tp-cp-msg-contrib/recipes/pulsarX1.2.0Xrecipe.yaml b/charts/tp-cp-msg-recipes/recipes/pulsarX1.4.0Xrecipe.yaml similarity index 84% rename from charts/tp-cp-msg-contrib/recipes/pulsarX1.2.0Xrecipe.yaml rename to charts/tp-cp-msg-recipes/recipes/pulsarX1.4.0Xrecipe.yaml index 3a522dba..8823917a 100644 --- a/charts/tp-cp-msg-contrib/recipes/pulsarX1.2.0Xrecipe.yaml +++ b/charts/tp-cp-msg-recipes/recipes/pulsarX1.4.0Xrecipe.yaml @@ -1,5 +1,5 @@ # -# Copyright (c) 2023-2024. Cloud Software Group, Inc. +# Copyright (c) 2023-2025. Cloud Software Group, Inc. # This file is subject to the license terms contained # in the license file that is distributed with this file. # @@ -16,7 +16,7 @@ recipe: host: "${HELM_REPO}" values: - content: | - apdVersion: "3.0.2-24" + apdVersion: "3.0.2-36" apd: name: ${SERVER_NAME} use: ${ENV_USE} @@ -24,4 +24,4 @@ recipe: cp: adminUser: "${PROVISIONING_USER_EMAIL}" jwks: "${JWKS}" - version: "1.2.24" + version: "1.4.20" diff --git a/charts/tp-cp-msg-recipes/recipes/pulsarXlatest.json b/charts/tp-cp-msg-recipes/recipes/pulsarXlatest.json new file mode 100644 index 00000000..6da1c19a --- /dev/null +++ b/charts/tp-cp-msg-recipes/recipes/pulsarXlatest.json @@ -0,0 +1,8 @@ +{ + "capabilityVersion": "1.4.0", + "minCPVersion": "1.3.0", + "maxCPVersion": "", + "minVersionRequiredForUpgrade": "1.3.0", + "releaseNotes": "#cshid=migration_and_compatibility", + "releaseDate": "2024/12/30" +} diff --git a/charts/tp-cp-msg-contrib/recipes/pulsarXversions.json b/charts/tp-cp-msg-recipes/recipes/pulsarXversions.json similarity index 70% rename from charts/tp-cp-msg-contrib/recipes/pulsarXversions.json rename to charts/tp-cp-msg-recipes/recipes/pulsarXversions.json index 73c27739..1217e88c 100644 --- a/charts/tp-cp-msg-contrib/recipes/pulsarXversions.json +++ b/charts/tp-cp-msg-recipes/recipes/pulsarXversions.json @@ -1,11 +1,11 @@ [ { - "capabilityVersion": "1.2.0", - "minCPVersion": "1.2.0", + "capabilityVersion": "1.4.0", + "minCPVersion": "1.3.0", "maxCPVersion": "", - "minVersionRequiredForUpgrade": "1.2.0", + "minVersionRequiredForUpgrade": "1.3.0", "releaseNotes": "#cshid=migration_and_compatibility", - "releaseDate": "2024/5/31" + "releaseDate": "2024/12/30" }, { "capabilityVersion": "1.3.0", diff --git a/charts/tp-cp-msg-recipes/scripts/mk-common.conf.sh b/charts/tp-cp-msg-recipes/scripts/mk-common.conf.sh new file mode 100644 index 00000000..99a26242 --- /dev/null +++ b/charts/tp-cp-msg-recipes/scripts/mk-common.conf.sh @@ -0,0 +1,121 @@ +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +outfile=${1:-common.conf} +cat - < $outfile +[FILTER] + name parser + match dp.routable + key_name message + parser msg-parser + Reserve_Data False + +[FILTER] + name parser + match dp.routable.watchdog + key_name message + parser watchdog-parser + Reserve_Data False + +[FILTER] + Name modify + Match dp.routable + Add caller msg-webserver + +[FILTER] + Name lua + Match dp.routable.watchdog + Script datetime.lua + Call datetime + +[FILTER] + Name record_modifier + Match dp.routable.watchdog + Remove_key date + Remove_key time + +[FILTER] + Name modify + Alias common.filter + Match dp.routable.watchdog + Add level INFO + Rename message log.msg + Rename level log.level + Rename caller log.caller + Rename datetime time + +[FILTER] + Name nest + Match dp.routable.watchdog + Nest_Under log + Wildcard log.* + Remove_prefix log. + +[FILTER] + Name modify + Alias common.filter + Match dp.routable + Add level INFO + Rename message msg + Rename err error + +[FILTER] + Name nest + Match dp.routable + Nest_Under log + Wildcard * + +[FILTER] + Name lua + Match * + Script update_record.lua + Call update_record + +EOF + +outfile=${1:-datetime.lua} +cat - < $outfile +-- add an ES compliant datetime to fluentbit record +-- Use date and time fields when provided, otherwise generate them as needed +function datetime(tag, timestamp, record) + new_record = record + -- new_record['event.created'] = os.date("%Y-%m-%dT%H:%M:%S") + if record['date'] and record['time'] then + new_record['datetime'] = record['date'] .. "T" .. record['time'] + elseif record['date'] then + local time = os.date("%H:%M:%S") + new_record['datetime'] = record['date'] .. "T" .. time + elseif record['time'] then + local date = os.date("%Y-%m-%d") + new_record['datetime'] = date .. "T" .. record['time'] + else + new_record['datetime'] = os.date("%Y-%m-%dT%H:%M:%S") + end + return 1, timestamp, new_record +end +EOF + +outfile=${1:-update_record.lua} +cat - < $outfile +-- Function to append all fields under key "msg" +function update_record(tag, timestamp, record) + local newLog = record["log"] + local newMsg = newLog["msg"] + for key, val in pairs(newLog) do + if(key ~= "level" and key ~= "caller" and key ~= "msg" and key ~= "stacktrace" and key ~= "error" and key ~= "errorVerbose") then + if(key ~= "time") then + newMsg = newMsg .. ", " .. key .. ": " .. tostring(val) + else + record["time"] = record["log"]["time"] + end + newLog[key] = nil + end + end + newLog["msg"] = newMsg + record["log"] = newLog + return 2, timestamp, record +end +EOF diff --git a/charts/tp-cp-msg-recipes/scripts/mk-fluentbits.conf.sh b/charts/tp-cp-msg-recipes/scripts/mk-fluentbits.conf.sh new file mode 100644 index 00000000..e8b43e76 --- /dev/null +++ b/charts/tp-cp-msg-recipes/scripts/mk-fluentbits.conf.sh @@ -0,0 +1,69 @@ +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +outfile=${1:-fluentbit.conf} +cat - < $outfile +[SERVICE] + # Flush + # ===== + # Set an interval of seconds before to flush records to a destination + Flush 5 + + # Daemon + # ====== + # Instruct Fluent Bit to run in foreground or background mode. + Daemon Off + + # Log_Level + # ========= + # Set the verbosity level of the service, values can be: + # + # - error + # - warning + # - info + # - debug + # - trace + # + # By default 'info' is set, that means it includes 'error' and 'warning'. + Log_Level info + + # Parsers_File + # ============ + # Specify an optional 'Parsers' configuration file + Parsers_File /data/boot/parsers.conf + + # HTTP Server + # =========== + # Enable/Disable the built-in HTTP Server for metrics + #HTTP_Server On + #HTTP_Listen 0.0.0.0 + #HTTP_Port ${TCM_LOGGER_PORT} + +[INPUT] + Name http + listen 127.0.0.1 + port ${LOG_ALERT_PORT} + Tag dp.routable +[INPUT] + Name tail + Alias srv.stdout + Tag dp.routable + Path /logs/msg-webserver/webserver.log + Key message + Mem_Buf_Limit 1M + Parser msg-parser +[INPUT] + Name tail + Alias srv.stdout + Tag dp.routable.watchdog + Path /logs/msg-webserver/watchdog.log + Key message + Mem_Buf_Limit 1M + Parser watchdog-parser + +@INCLUDE /data/boot/output.conf +@INCLUDE common.conf +EOF diff --git a/charts/tp-cp-msg-recipes/scripts/mk-output.conf.sh b/charts/tp-cp-msg-recipes/scripts/mk-output.conf.sh new file mode 100644 index 00000000..4ef41fb5 --- /dev/null +++ b/charts/tp-cp-msg-recipes/scripts/mk-output.conf.sh @@ -0,0 +1,28 @@ +#!/bin/bash +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +# TODO: MSGDP-316: Comment out redundant OUTPUT=stdout after testing is complete +outfile=${1:-output.conf} +if [[ "$MSGDP_LOGGING_FLUENTBIT_ENABLED" == "true" ]]; then + cat - < $outfile +[OUTPUT] + Name opentelemetry + Match dp.routable* + Host ${MSGDP_OTEL_SERVICE} + Port 4318 + Logs_uri /v1/logs + Log_response_payload True + Tls Off + Tls.verify Off +EOF +else + cat - < $outfile +[OUTPUT] + Name stdout + Match dp.routable* +EOF +fi diff --git a/charts/tp-cp-msg-recipes/scripts/mk-parsers.conf.sh b/charts/tp-cp-msg-recipes/scripts/mk-parsers.conf.sh new file mode 100644 index 00000000..b8d6f168 --- /dev/null +++ b/charts/tp-cp-msg-recipes/scripts/mk-parsers.conf.sh @@ -0,0 +1,19 @@ +# +# Copyright (c) 2023-2025. Cloud Software Group, Inc. +# This file is subject to the license terms contained +# in the license file that is distributed with this file. +# + +outfile=${1:-parsers.conf} +cat - < $outfile +[PARSER] + Name msg-parser + Format logfmt + Time_Key time + Time_Keep On + Time_Format %Y-%m-%dT%H:%M:%S.%L +[PARSER] + Name watchdog-parser + Format regex + Regex ^(?\S+)\s+(?[0-9-]+)\s(?