Deploy pegasystems/pega-helm-charts to pegasystems/pega-helm-charts:g…

…h-pages
pegasystems · Oct 29, 2024 · 1666b1c · 1666b1c
1 parent 0cbcf8d
commit 1666b1c
Show file tree

Hide file tree

Showing 24 changed files with 619 additions and 518 deletions.
diff --git a/addons-3.24.10.tgz b/addons-3.24.10.tgz
diff --git a/backingservices-3.24.10.tgz b/backingservices-3.24.10.tgz
diff --git a/charts/addons/Chart.yaml b/charts/addons/Chart.yaml
@@ -3,4 +3,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
 name: addons
-version: "3.24.8"
+version: "3.24.9"
diff --git a/charts/backingservices/Chart.yaml b/charts/backingservices/Chart.yaml
@@ -17,4 +17,4 @@ description: Helm Chart to provision the latest Search and Reporting Service (SR
 # The chart version: Pega provides this as a useful way to track changes you make to this chart.
 # As a best practice, you should increment the version number each time you make changes to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "3.24.8"
+version: "3.24.9"
diff --git a/charts/pega/Chart.yaml b/charts/pega/Chart.yaml
@@ -1,7 +1,7 @@
 ---
 apiVersion: v1
 name: pega
-version: "3.24.8"
+version: "3.24.10"
 description: Pega installation on kubernetes
 keywords:
 - pega

diff --git a/charts/pega/EmbeddedStream.md b/charts/pega/EmbeddedStream.md
@@ -0,0 +1,168 @@
+### Embedded Stream with latest helm chart version
+Starting from Infinity 24.2, support for embedded Stream is removed. As a best practice, update your Stream configuration to an external Kafka service.
+To configure embedded Stream in Pega Platform ’24.1 and earlier using the Pega Helm chart version 3.25, perform the following steps.
+
+#### Configure values.yaml
+1. Add Stream tier details in the values.yaml file under Pega tiers section.
+    #### Example for values.yaml and values-large.yaml 
+    ```
+    - name: "stream"
+   # Create a stream tier for queue processing.  This tier deploys
+   # as a stateful set to ensure durability of queued data. It may
+   # be optionally exposed to the load balancer.
+   # Note: Stream tier is deprecated. As a best practice, enable externalized Kafka service configuration under External Services.
+   # When externalized Kafka service is enabled, remove the entire stream tier.
+   nodeType: "Stream"
+
+   # Pega requestor specific properties
+   requestor:
+   # Inactivity time after which requestor is passivated
+   passivationTimeSec: 900
+
+   service:
+   port: 7003
+   targetPort: 7003
+
+   # If a nodeSelector is required for this or any tier, it may be specified here:
+   # nodeSelector:
+   #  disktype: ssd
+
+   ingress:
+   enabled: true
+   # Enter the domain name to access web nodes via a load balancer.
+   #  e.g. web.mypega.example.com
+   domain: "YOUR_STREAM_NODE_DOMAIN"
+   tls:
+   # Enable TLS encryption
+   enabled: true
+   # secretName:
+   # useManagedCertificate: false
+   # ssl_annotation:
+
+   livenessProbe:
+   port: 8081
+
+   # To configure an alternative user for your custom image, set value for runAsUser
+   # To configure an alternative group for volume mounts, set value for fsGroup
+   # See, https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
+   # securityContext:
+   #   runAsUser: 9001
+   #   fsGroup: 0
+
+   # To specify security settings for a Container, include the securityContext field in the Container manifest
+   # Security settings that you specify for a Container apply only to the pega container,
+   # and they override settings made at the Pod level when there is overlap. Container settings
+   # do not affect the Pod's Volumes.
+   # See, https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+   # containerSecurityContext:
+   #   capabilities:
+   #     add: ["SYS_TIME"]
+
+   replicas: 2
+
+   volumeClaimTemplate:
+   resources:
+   requests:
+   storage: 5Gi
+
+   # Set enabled to true to include a Pod Disruption Budget for this tier.
+   # To enable this budget, specifiy either a pdb.minAvailable or pdb.maxUnavailable
+   # value and comment out the other parameter.
+   pdb:
+   enabled: false
+   minAvailable: 1
+   # maxUnavailable: "50%"
+
+   resources:
+   requests:
+   memory: "12Gi"
+   cpu: 3
+   limits:
+   memory: "12Gi"
+   cpu: 4
+    ```
+    
+    #### Example for values-minimal.yaml
+   For values-minimal.yaml, add the Stream nodeType to the minikube tier.
+    ```
+   # Specify the Pega tiers to deploy
+    # For a minimal deployment, use a single tier to reduce resource consumption.
+    # Note: Stream tier is deprecated. As a best practice, enable externalized Kafka service configuration under External Services.
+    # configuration under External Services
+    tier:
+   - name: "minikube"
+   nodeType: "Stream,BackgroundProcessing,WebUser,Search"
+
+         service:
+           httpEnabled: true
+           port: 80
+           targetPort: 8080
+           # Without a load balancer, use a direct NodePort instead.
+           serviceType: "NodePort"
+           # To configure TLS between the ingress/load balancer and the backend, set the following:
+           tls:
+             enabled: false
+             # To avoid entering the certificate values in plain text, configure the keystore, keystorepassword, cacertificate parameter
+             # values in the External Secrets Manager, and enter the external secret name below
+             # make sure the keys in the secret should be TOMCAT_KEYSTORE_CONTENT, TOMCAT_KEYSTORE_PASSWORD and ca.crt respectively
+             external_secret_name: ""
+             keystore:
+             keystorepassword:
+             port: 443
+             targetPort: 8443
+             # set the value of CA certificate here in case of baremetal/openshift deployments - CA certificate should be in base64 format
+             # pass the certificateChainFile file if you are using certificateFile and certificateKeyFile
+             cacertificate:
+             # provide the SSL certificate and private key as a PEM format
+             certificateFile:
+             certificateKeyFile:
+             # if you will deploy traefik addon chart and enable traefik, set enabled=true; otherwise leave the default setting.
+             traefik:
+               enabled: false
+               # the SAN of the certificate present inside the container
+               serverName: ""
+               # set insecureSkipVerify=true, if the certificate verification has to be skipped
+               insecureSkipVerify: false
+      ```
+
+
+2. Disable external Kafka service settings in the values.yaml file.
+    ```
+   # Stream (externalized Kafka service) settings.
+    stream:
+    # Beginning with Pega Platform '23, enabled by default; when disabled, your deployment does not use a"Kafka stream service" configuration.
+    enabled: false
+    # Provide externalized Kafka service broker urls.
+    bootstrapServer: ""
+    # Provide Security Protocol used to communicate with kafka brokers. Supported values are: PLAINTEXT, SSL, SASL_PLAINTEXT, SASL_SSL.
+    securityProtocol: PLAINTEXT
+    # If required, provide trustStore certificate file name
+    # When using a trustStore certificate, you must also include a Kubernetes secret name, that contains the trustStore certificate,
+    # in the global.certificatesSecrets parameter.
+    # Pega deployments only support trustStores using the Java Key Store (.jks) format.
+    trustStore: ""
+    # If required provide trustStorePassword value in plain text.
+    trustStorePassword: ""
+    # If required, provide keyStore certificate file name
+    # When using a keyStore certificate, you must also include a Kubernetes secret name, that contains the keyStore certificate,
+    # in the global.certificatesSecrets parameter.
+    # Pega deployments only support keyStores using the Java Key Store (.jks) format.
+    keyStore: ""
+    # If required, provide keyStore value in plain text.
+    keyStorePassword: ""
+    # If required, provide jaasConfig value in plain text.
+    jaasConfig: ""
+    # If required, provide a SASL mechanism**. Supported values are: PLAIN, SCRAM-SHA-256, SCRAM-SHA-512.
+    saslMechanism: PLAIN
+    # By default, topics originating from Pega Platform have the pega- prefix,
+    # so that it is easy to distinguish them from topics created by other applications.
+    # Pega supports customizing the name pattern for your Externalized Kafka configuration for each deployment.
+    streamNamePattern: "pega-{stream.name}"
+    # Your replicationFactor value cannot be more than the number of Kafka brokers. Pega recommended value is 3.
+    replicationFactor: "3"
+    # To avoid exposing trustStorePassword, keyStorePassword, and jaasConfig parameters, leave the values empty and
+    # configure them using an External Secrets Manager, making sure you configure the keys in the secret in the order:
+    # STREAM_TRUSTSTORE_PASSWORD, STREAM_KEYSTORE_PASSWORD and STREAM_JAAS_CONFIG.
+    # Enter the external secret name below.
+    external_secret_name: ""
+   ```
diff --git a/charts/pega/README.md b/charts/pega/README.md
@@ -259,15 +259,14 @@ Tier name     | Description
 ---           |---
 web           | Interactive, foreground processing nodes that are exposed to the load balancer. Pega recommends that these node use the node classification “WebUser” `nodetype`.
 batch         | Background processing nodes which handle workloads for non-interactive processing. Pega recommends that these node use the node classification “BackgroundProcessing” `nodetype`. These nodes should not be exposed to the load balancer.
-stream (Deprecated)        | For Pega Platform '23, the use of the 'Stream' node classification is deprecated; new deployments running version 8.8 and later should not use "Stream" nodes. New deployments connect to a Kafka service that you manage in your organization. For existing deployments using an embedded Kafka deployment which are not exposed to the deployment cluster load balancer, Pega will continue to support the "Stream" node classification nodetype.
 
 #### Small deployment with a single tier
 
 To get started running a personal deployment of Pega on kubernetes, you can handle all processing on a single tier.  This configuration provides the most resource utilization efficiency when the characteristics of a production deployment are not necessary.  The [values-minimal.yaml](./values-minimal.yaml) configuration provides a starting point for this simple model.
 
 Tier Name   | Description
 ---         | ---
-pega        | With embedded Kafka, which is currently deprecated, one tier handles all foreground and background processing using the nodeType classification "WebUser,BackgroundProcessing,search,Stream". For newer Pega Platform deployments using a configuration that connects to a Kafka service managed in your organization, "Stream" nodetype not supported.
+pega        | one tier handles all foreground and background processing using the nodeType classification "WebUser,BackgroundProcessing,search". With embedded Kafka not supported, newer Pega Platform deployments should use a configuration that connects to a Kafka service managed in your organization.
 
 #### Large deployment for production isolation of processing
 
@@ -277,7 +276,6 @@ Tier Name   | Description
 ---         | ---
 web         | Interactive, foreground processing nodes that are exposed to the load balancer. Pega recommends that these node use the node classification “WebUser” `nodetype`.
 batch       | Background processing nodes which handle some of the non-interactive processing.  Pega recommends that these node use the node classification   “BackgroundProcessing,Search,Batch” `nodetype`. These nodes should not be exposed to the load balancer.
-stream (Deprecated)     | For Pega Platform '23, the use of the 'Stream' node classification is deprecated; new deployments running version 8.8 and later should not use "Stream" nodes. New deployments connect to a Kafka service that you manage in your organization. For existing deployments using an embedded Kafka deployment which are not exposed to the deployment cluster load balancer, Pega will continue to support the "Stream" node classification nodetype.
 bix         | Nodes dedicated to BIX processing can be helpful when the BIX workload has unique deployment or scaling characteristics. Pega recommends that these node use the node classification “Bix” `nodetype`. These nodes should not be exposed to the load balancer.
 
 ### Name (*Required*)

diff --git a/charts/pega/templates/_helpers.tpl b/charts/pega/templates/_helpers.tpl
@@ -395,6 +395,14 @@ key: privateKey
 {{- end }}
 {{- end }}
 
+{{- define "tcpKeepAliveProbe" }}
+{{- if .node.tcpKeepAliveProbe }}
+sysctls:
+- name: net.ipv4.tcp_keepalive_time
+  value: "{{ .node.tcpKeepAliveProbe }}"
+{{- end }}
+{{- end }}
+
 {{- define "ingressApiVersion" }}
 {{- if (semverCompare ">= 1.19.0-0" (trimPrefix "v" .root.Capabilities.KubeVersion.GitVersion)) }}
 apiVersion: networking.k8s.io/v1

diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl
@@ -117,11 +117,7 @@ spec:
         runAsUser: 9001
         fsGroup: 0
 {{- end }}
-{{- if (.node.tcpKeepAliveProbe) }}
-        sysctls:
-        - name: "net.ipv4.tcp_keepalive_time"
-          value: "{{ .node.tcpKeepAliveProbe }}"
-{{- end }}
+{{- include "tcpKeepAliveProbe" . | indent 8 }}
 {{- if .node.securityContext }}
 {{ toYaml .node.securityContext | indent 8 }}
 {{- end }}

diff --git a/charts/pega/values-large.yaml b/charts/pega/values-large.yaml
@@ -343,77 +343,6 @@ global:
           memory: "12Gi"
           cpu: 4
 
-    - name: "stream"
-      # Create a stream tier for queue processing.  This tier deploys
-      # as a stateful set to ensure durability of queued data. It may
-      # be optionally exposed to the load balancer.
-      # Note: Stream tier is deprecated, please enable externalized Kafka service configuration under External Services.
-      # When externalized Kafka service is enabled, we should remove the entire stream tier.
-      nodeType: "Stream"
-
-      # Pega requestor specific properties
-      requestor:
-        # Inactivity time after which requestor is passivated
-        passivationTimeSec: 900
-
-      service:
-        port: 7003
-        targetPort: 7003
-
-      # If a nodeSelector is required for this or any tier, it may be specified here:
-      # nodeSelector:
-      #  disktype: ssd
-
-      ingress:
-        enabled: true
-        # Enter the domain name to access web nodes via a load balancer.
-        #  e.g. web.mypega.example.com
-        domain: "YOUR_STREAM_NODE_DOMAIN"
-        tls:
-          # Enable TLS encryption
-          enabled: true
-          # Give the name of the secret that contains certificate information - works for GKE, AKS and K8S
-          secretName:
-          # For GKE Managed Certificate, mention true if Google Managed Certificate has to be created and annotation specified
-          useManagedCertificate: false
-          # Provide appropriate certificate annotations for EKS or GKE
-          # For EKS, use alb.ingress.kubernetes.io/certificate-arn: <certificate-arn>
-          # For GKE Pre-shared Certificate, use ingress.gcp.kubernetes.io/pre-shared-cert: <pre-shared-certificate-name>
-          # For GKE to use static IP for load balancer, use kubernetes.io/ingress.global-static-ip-name: <global-static-ip-name>
-          ssl_annotation:
-
-      replicas: 2
-      javaOpts: ""
-
-      livenessProbe:
-        port: 8081
-
-      # To configure an alternative user for your custom image, set value for runAsUser
-      # To configure an alternative group for volume mounts, set value for fsGroup
-      # See, https://github.com/pegasystems/pega-helm-charts/blob/master/charts/pega/README.md#security-context
-      # securityContext:
-      #   runAsUser: 9001
-      #   fsGroup: 0
-
-      volumeClaimTemplate:
-        resources:
-          requests:
-            storage: 5Gi
-
-      # Set enabled to true to include a Pod Disruption Budget for this tier.
-      # To enable this budget, specifiy either a pdb.minAvailable or pdb.maxUnavailable
-      # value and comment out the other parameter.
-      pdb:
-        enabled: false
-        minAvailable: 1
-        # maxUnavailable: "50%"
-      resources:
-        requests:
-          memory: "12Gi"
-          cpu: 3
-        limits:
-          memory: "12Gi"
-          cpu: 4
 
     - name: "bix"
       # Create a background tier for BIX processing.  This tier uses

diff --git a/charts/pega/values-minimal.yaml b/charts/pega/values-minimal.yaml
@@ -113,11 +113,11 @@ global:
 
   # Specify the Pega tiers to deploy
   # For a minimal deployment, use a single tier to reduce resource consumption.
-  # Note: The nodeType Stream is deprecated, please remove it and enable externalized Kafka service
+  # Note: The nodeType Stream is not supported, enable externalized Kafka service instead.
   # configuration under External Services
   tier:
     - name: "minikube"
-      nodeType: "Stream,BackgroundProcessing,WebUser,Search"
+      nodeType: "BackgroundProcessing,WebUser,Search"
 
       service:
         httpEnabled: true