Merge pull request #45 from devops-ia/fix/43-enable-ready-checker-con…

…nector fix: add enable ready-checker connector
devops-ia · Aug 28, 2024 · 2693936 · 2693936
2 parents 225e70a + 1e8f0a7
commit 2693936
Show file tree

Hide file tree

Showing 5 changed files with 95 additions and 65 deletions.
diff --git a/charts/opencti/README.md b/charts/opencti/README.md
@@ -81,73 +81,73 @@ helm show values opencti/opencti
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Affinity for pod assignment |
 | autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage |
-| connectors | list | `[]` | Connectors Ref: https://github.com/OpenCTI-Platform/connectors/tree/master |
-| connectorsGlobalEnv | string | `nil` | Connector Global environment |
-| elasticsearch | object | `{"clusterName":"elastic","coordinating":{"replicaCount":0},"data":{"persistence":{"enabled":false},"replicaCount":1},"enabled":true,"extraEnvVars":[{"name":"ES_JAVA_OPTS","value":"-Xms512M -Xmx512M"}],"ingest":{"enabled":false},"master":{"masterOnly":true,"persistence":{"enabled":false},"replicaCount":1},"sysctlImage":{"enabled":false}}` | ElasticSearch subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/elasticsearch/values.yaml |
+| connectors | list | `[]` | Connectors </br> Ref: https://github.com/OpenCTI-Platform/connectors/tree/master |
+| connectorsGlobalEnv | object | `{}` | Connector Global environment |
+| elasticsearch | object | `{"clusterName":"elastic","coordinating":{"replicaCount":0},"data":{"persistence":{"enabled":false},"replicaCount":1},"enabled":true,"extraEnvVars":[{"name":"ES_JAVA_OPTS","value":"-Xms512M -Xmx512M"}],"ingest":{"enabled":false},"master":{"masterOnly":true,"persistence":{"enabled":false},"replicaCount":1},"sysctlImage":{"enabled":false}}` | ElasticSearch subchart deployment </br> Ref: https://github.com/bitnami/charts/blob/main/bitnami/elasticsearch/values.yaml |
 | elasticsearch.clusterName | string | `"elastic"` | Elasticsearch cluster name |
 | elasticsearch.coordinating | object | `{"replicaCount":0}` | Coordinating-only nodes parameters |
 | elasticsearch.coordinating.replicaCount | int | `0` | Number of coordinating-only replicas to deploy |
 | elasticsearch.data | object | `{"persistence":{"enabled":false},"replicaCount":1}` | Data-only nodes parameters |
-| elasticsearch.data.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
+| elasticsearch.data.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims </br> Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
 | elasticsearch.data.persistence.enabled | bool | `false` | Enable persistence using a `PersistentVolumeClaim` |
 | elasticsearch.data.replicaCount | int | `1` | Number of data-only replicas to deploy |
 | elasticsearch.enabled | bool | `true` | Enable or disable ElasticSearch subchart |
 | elasticsearch.ingest | object | `{"enabled":false}` | Ingest-only nodes parameters |
 | elasticsearch.ingest.enabled | bool | `false` | Enable ingest nodes |
 | elasticsearch.master.masterOnly | bool | `true` | Deploy the Elasticsearch master-eligible nodes as master-only nodes. Recommended for high-demand deployments. |
-| elasticsearch.master.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
+| elasticsearch.master.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims </br> Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
 | elasticsearch.master.persistence.enabled | bool | `false` | Enable persistence using a `PersistentVolumeClaim` |
 | elasticsearch.master.replicaCount | int | `1` | Number of master-eligible replicas to deploy |
-| env | object | `{"APP__ADMIN__EMAIL":"[email protected]","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":true,"ELASTICSEARCH__URL":"http://release-name-elasticsearch:9200","MINIO__ENDPOINT":"release-name-minio:9000","RABBITMQ__HOSTNAME":"release-name-rabbitmq","RABBITMQ__PASSWORD":"ChangeMe","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"RABBITMQ__USERNAME":"user","REDIS__HOSTNAME":"release-name-redis-master","REDIS__MODE":"single","REDIS__PORT":6379}` | Environment variables to configure application Ref: https://docs.opencti.io/latest/deployment/configuration/#platform |
+| env | object | `{"APP__ADMIN__EMAIL":"[email protected]","APP__ADMIN__PASSWORD":"ChangeMe","APP__ADMIN__TOKEN":"ChangeMe","APP__BASE_PATH":"/","APP__GRAPHQL__PLAYGROUND__ENABLED":false,"APP__GRAPHQL__PLAYGROUND__FORCE_DISABLED_INTROSPECTION":false,"APP__HEALTH_ACCESS_KEY":"ChangeMe","APP__TELEMETRY__METRICS__ENABLED":true,"ELASTICSEARCH__URL":"http://release-name-elasticsearch:9200","MINIO__ENDPOINT":"release-name-minio:9000","RABBITMQ__HOSTNAME":"release-name-rabbitmq","RABBITMQ__PASSWORD":"ChangeMe","RABBITMQ__PORT":5672,"RABBITMQ__PORT_MANAGEMENT":15672,"RABBITMQ__USERNAME":"user","REDIS__HOSTNAME":"release-name-redis-master","REDIS__MODE":"single","REDIS__PORT":6379}` | Environment variables to configure application </br> Ref: https://docs.opencti.io/latest/deployment/configuration/#platform |
 | envFromSecrets | object | `{}` | Secrets from variables |
 | fullnameOverride | string | `""` | String to fully override opencti.fullname template |
 | global | object | `{"imagePullSecrets":[],"imageRegistry":""}` | Global configuration |
 | image | object | `{"pullPolicy":"IfNotPresent","repository":"opencti/platform","tag":""}` | Image registry |
 | imagePullSecrets | list | `[]` | Global Docker registry secret names as an array |
 | ingress | object | `{"annotations":{},"className":"","enabled":false,"hosts":[{"host":"chart-example.local","paths":[{"path":"/","pathType":"ImplementationSpecific"}]}],"tls":[]}` | Ingress configuration to expose app |
-| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
+| livenessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure liveness checker </br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
 | livenessProbeCustom | object | `{}` | Custom livenessProbe |
-| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml  |
+| minio | object | `{"auth":{"rootPassword":"ChangeMe","rootUser":"ChangeMe"},"enabled":true,"mode":"standalone","persistence":{"enabled":false}}` | MinIO subchart deployment </br> Ref: https://github.com/bitnami/charts/blob/main/bitnami/minio/values.yaml  |
 | minio.auth.rootPassword | string | `"ChangeMe"` | Password for Minio root user |
 | minio.auth.rootUser | string | `"ChangeMe"` | Minio root username |
 | minio.enabled | bool | `true` | Enable or disable MinIO subchart |
-| minio.mode | string | `"standalone"` | mode Minio server mode (`standalone` or `distributed`) Ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide |
-| minio.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
+| minio.mode | string | `"standalone"` | mode Minio server mode (`standalone` or `distributed`) </br> Ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide |
+| minio.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims </br> Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
 | minio.persistence.enabled | bool | `false` | Enable MinIO data persistence using PVC. If false, use emptyDir |
 | nameOverride | string | `""` | String to partially override opencti.fullname template (will maintain the release name) |
 | nodeSelector | object | `{}` | Node labels for pod assignment |
-| opensearch | object | `{"enabled":false,"opensearchJavaOpts":"-Xmx512M -Xms512M","persistence":{"enabled":false},"singleNode":true}` | OpenSearch subchart deployment Ref: https://github.com/opensearch-project/helm-charts/blob/opensearch-2.16.1/charts/opensearch/values.yaml |
+| opensearch | object | `{"enabled":false,"opensearchJavaOpts":"-Xmx512M -Xms512M","persistence":{"enabled":false},"singleNode":true}` | OpenSearch subchart deployment </br> Ref: https://github.com/opensearch-project/helm-charts/blob/opensearch-2.16.1/charts/opensearch/values.yaml |
 | opensearch.enabled | bool | `false` | Enable or disable OpenSearch subchart |
 | opensearch.opensearchJavaOpts | string | `"-Xmx512M -Xms512M"` | OpenSearch Java options |
-| opensearch.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
+| opensearch.persistence | object | `{"enabled":false}` | Enable persistence using Persistent Volume Claims </br> Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
 | opensearch.singleNode | bool | `true` | If discovery.type in the opensearch configuration is set to "single-node", this should be set to "true" If "true", replicas will be forced to 1 |
-| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml |
+| rabbitmq | object | `{"auth":{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"},"clustering":{"enabled":false},"enabled":true,"persistence":{"enabled":false},"replicaCount":1}` | RabbitMQ subchart deployment </br> Ref: https://github.com/bitnami/charts/blob/main/bitnami/rabbitmq/values.yaml |
 | rabbitmq.auth | object | `{"erlangCookie":"ChangeMe","password":"ChangeMe","username":"user"}` | RabbitMQ Authentication parameters |
-| rabbitmq.auth.password | string | `"ChangeMe"` | RabbitMQ application password Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables |
-| rabbitmq.auth.username | string | `"user"` | RabbitMQ application username Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables |
+| rabbitmq.auth.password | string | `"ChangeMe"` | RabbitMQ application password </br> Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables |
+| rabbitmq.auth.username | string | `"user"` | RabbitMQ application username </br> Ref: https://github.com/bitnami/containers/tree/main/bitnami/rabbitmq#environment-variables |
 | rabbitmq.clustering | object | `{"enabled":false}` | Clustering settings |
 | rabbitmq.clustering.enabled | bool | `false` | Enable RabbitMQ clustering |
 | rabbitmq.enabled | bool | `true` | Enable or disable RabbitMQ subchart |
 | rabbitmq.persistence | object | `{"enabled":false}` | Persistence parameters |
 | rabbitmq.persistence.enabled | bool | `false` | Enable RabbitMQ data persistence using PVC |
 | rabbitmq.replicaCount | int | `1` | Number of RabbitMQ replicas to deploy |
-| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
+| readinessProbe | object | `{"enabled":true,"failureThreshold":3,"initialDelaySeconds":10,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":1}` | Configure readinessProbe checker </br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
 | readinessProbeCustom | object | `{}` | Custom readinessProbe |
 | readyChecker | object | `{"enabled":true,"retries":30,"services":[{"name":"elasticsearch","port":9200},{"name":"minio","port":9000},{"name":"rabbitmq","port":5672},{"name":"redis-master","port":6379}],"timeout":5}` | Enable or disable ready-checker |
 | readyChecker.retries | int | `30` | Number of retries before giving up |
 | readyChecker.services | list | `[{"name":"elasticsearch","port":9200},{"name":"minio","port":9000},{"name":"rabbitmq","port":5672},{"name":"redis-master","port":6379}]` | List services |
 | readyChecker.timeout | int | `5` | Timeout for each check |
-| redis | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"master":{"count":1,"persistence":{"enabled":false}},"replica":{"persistence":{"enabled":false},"replicaCount":1}}` | Redis subchart deployment Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
+| redis | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"master":{"count":1,"persistence":{"enabled":false}},"replica":{"persistence":{"enabled":false},"replicaCount":1}}` | Redis subchart deployment </br> Ref: https://github.com/bitnami/charts/blob/main/bitnami/redis/values.yaml |
 | redis.architecture | string | `"standalone"` | Redis architecture. Allowed values: `standalone` or `replication` |
-| redis.auth | object | `{"enabled":false}` | Redis Authentication parameters Ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run |
+| redis.auth | object | `{"enabled":false}` | Redis Authentication parameters </br> Ref: https://github.com/bitnami/containers/tree/main/bitnami/redis#setting-the-server-password-on-first-run |
 | redis.auth.enabled | bool | `false` | Enable password authentication |
 | redis.enabled | bool | `true` | Enable or disable Redis subchart |
 | redis.master | object | `{"count":1,"persistence":{"enabled":false}}` | Redis master configuration parameters |
 | redis.master.count | int | `1` | Number of Redis master instances to deploy (experimental, requires additional configuration) |
-| redis.master.persistence | object | `{"enabled":false}` | Persistence parameters Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
+| redis.master.persistence | object | `{"enabled":false}` | Persistence parameters </br> Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
 | redis.master.persistence.enabled | bool | `false` | Enable persistence on Redis master nodes using Persistent Volume Claims |
 | redis.replica | object | `{"persistence":{"enabled":false},"replicaCount":1}` | Redis replicas configuration parameters |
-| redis.replica.persistence | object | `{"enabled":false}` | Persistence parameters Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
+| redis.replica.persistence | object | `{"enabled":false}` | Persistence parameters </br> Ref: https://kubernetes.io/docs/user-guide/persistent-volumes/ |
 | redis.replica.persistence.enabled | bool | `false` | Enable persistence on Redis master nodes using Persistent Volume Claims |
 | redis.replica.replicaCount | int | `1` | Number of Redis replicas to deploy |
 | replicaCount | int | `1` | Number of replicas |
@@ -158,16 +158,16 @@ helm show values opencti/opencti
 | service.targetPort | int | `4000` | Pod expose port |
 | service.type | string | `"ClusterIP"` | Kubernetes Service type. Allowed values: NodePort, LoadBalancer or ClusterIP |
 | serviceAccount | object | `{"annotations":{},"automountServiceAccountToken":false,"create":true,"name":""}` | Enable creation of ServiceAccount |
-| serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor |
+| serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics </br> Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor |
 | serviceMonitor.enabled | bool | `false` | Enable or disable |
-| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
+| startupProbe | object | `{"enabled":true,"failureThreshold":30,"initialDelaySeconds":180,"periodSeconds":10,"successThreshold":1,"timeoutSeconds":5}` | Configure startupProbe checker </br> Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes |
 | startupProbeCustom | object | `{}` | Custom startupProbe |
 | testConnection | bool | `false` | Enable or disable test connection |
 | tolerations | list | `[]` | Tolerations for pod assignment |
 | worker | object | `{"affinity":{},"autoscaling":{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80},"enabled":true,"env":{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true},"envFromSecrets":{},"image":{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""},"nodeSelector":{},"readyChecker":{"enabled":true,"retries":30,"timeout":5},"replicaCount":1,"resources":{},"serviceMonitor":{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"},"tolerations":[]}` | OpenCTI worker deployment configuration |
 | worker.affinity | object | `{}` | Affinity for pod assignment |
 | worker.autoscaling | object | `{"enabled":false,"maxReplicas":100,"minReplicas":1,"targetCPUUtilizationPercentage":80}` | Autoscaling with CPU or memory utilization percentage |
-| worker.env | object | `{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true}` | Environment variables to configure application Ref: https://docs.opencti.io/latest/deployment/configuration/#platform |
+| worker.env | object | `{"WORKER_LOG_LEVEL":"info","WORKER_TELEMETRY_ENABLED":true}` | Environment variables to configure application </br> Ref: https://docs.opencti.io/latest/deployment/configuration/#platform |
 | worker.envFromSecrets | object | `{}` | Secrets from variables |
 | worker.image | object | `{"pullPolicy":"IfNotPresent","repository":"opencti/worker","tag":""}` | Image registry |
 | worker.nodeSelector | object | `{}` | Node labels for pod assignment |
@@ -176,6 +176,6 @@ helm show values opencti/opencti
 | worker.readyChecker.timeout | int | `5` | Timeout for each check |
 | worker.replicaCount | int | `1` | Number of replicas |
 | worker.resources | object | `{}` | The resources limits and requested |
-| worker.serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor |
+| worker.serviceMonitor | object | `{"enabled":false,"interval":"30s","metricRelabelings":[],"relabelings":[],"scrapeTimeout":"10s"}` | Enable ServiceMonitor to get metrics </br> Ref: https://github.com/prometheus-operator/prometheus-operator/blob/main/Documentation/api.md#servicemonitor |
 | worker.serviceMonitor.enabled | bool | `false` | Enable or disable |
 | worker.tolerations | list | `[]` | Tolerations for pod assignment |
diff --git a/charts/opencti/ci/ci-common-values.yaml b/charts/opencti/ci/ci-common-values.yaml
@@ -32,6 +32,10 @@ connectors:
     create: true
     name: ci-sa
     automountServiceAccountToken: true
+  readyChecker:
+    enabled: true
+    retries: 30
+    timeout: 10
   deploymentAnnotations:
     ci: "true"
   podAnnotations:

diff --git a/charts/opencti/docs/examples.md b/charts/opencti/docs/examples.md
@@ -144,6 +144,10 @@ connectors:
     repository: opencti/connector-misp
   serviceAccount:
     create: true
+  readyChecker:
+    enabled: true
+    retries: 30
+    timeout: 10
   env:
     CONNECTOR_CONFIDENCE_LEVEL: "XXXX"
     CONNECTOR_ID: "XXXX"