Merge pull request puppetlabs#199 from Xtigyro/chart-v170

Add Chart v1.7.0
syseleven · Jan 30, 2020 · d1f15f5 · d1f15f5
2 parents 4fe9a72 + f62408e
commit d1f15f5
Show file tree

Hide file tree

Showing 14 changed files with 152 additions and 23 deletions.
diff --git a/k8s/CHANGELOG.md b/k8s/CHANGELOG.md
@@ -5,6 +5,15 @@ numbering uses [semantic versioning](http://semver.org).
 
 NOTE: The change log until version `v0.2.4` is auto-generated.
 
+## [v1.7.0](https://github.com/Xtigyro/puppetserver-helm-chart/tree/v1.7.0) (2020-01-27)
+
+- Add support for multiple Puppet Compile Masters.
+- Fix passing extra container environment variables.
+- Indentation improvements.
+- Bump default PuppetDB version to `6.8.0`.
+
+[Full Changelog](https://github.com/Xtigyro/puppetserver-helm-chart/compare/v1.6.6...v1.7.0)
+
 ## [v1.6.6](https://github.com/Xtigyro/puppetserver-helm-chart/tree/v1.6.6) (2020-01-09)
 
 - Fix outdated r10k exemplary variable in README.

diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 description: Puppet automates the delivery and operation of software.
 name: puppetserver-helm-chart
-version: 1.6.6
+version: 1.7.0
 appVersion: 6.7.2
 keywords: ["puppet", "puppetserver", "automation", "iac", "infrastructure", "cm", "ci", "cd"]
 home: https://puppet.com/

diff --git a/k8s/README.md b/k8s/README.md
@@ -95,6 +95,10 @@ drwxrws--- 4 xtigyro-samba sambashare  4096 Dec  5 21:45 ../
 
 > **NOTE**: For more information please check - [README.md](init/README.md). For more general knowledge on the matter you can also read the article - <https://puppet.com/docs/puppet/5.5/ssl_regenerate_certificates.html.>
 
+## Multiple Puppet Compile Masters
+
+To scale Puppet Server for many thousands of nodes, you’ll need to enable multiple Puppet Compile Masters using `.Values.puppetserver.multiCompilers`. These Servers are known as compile masters, and are simply additional load-balanced Puppet Servers that receive catalog requests from agents and synchronize the results with each other.
+
 ## Chart Components
 
 * Creates four deployments: Puppet Server, PuppetDB, PosgreSQL, and Puppetboard.
@@ -164,6 +168,13 @@ Parameter | Description | Default
 `puppetserver.preGeneratedCertsJob.enabled` | puppetserver pre-generated certs |`false`
 `puppetserver.preGeneratedCertsJob.jobDeadline` | puppetserver pre-generated certs job deadline in seconds |`60`
 `puppetserver.pullPolicy` | puppetserver img pull policy | `IfNotPresent`
+`puppetserver.multiCompilers.enabled` | If true, creates multiple Puppetserver compilers | false
+`puppetserver.multiCompilers.manualScaling.compilers` | If multiple compilers are enabled, this field sets compiler count | `3`
+`puppetserver.multiCompilers.autoScaling.enabled` | If true, creates Horizontal Pod Autoscaler | false
+`puppetserver.multiCompilers.autoScaling.minCompilers` | If autoscaling enabled, this field sets minimum compiler count | `2`
+`puppetserver.multiCompilers.autoScaling.maxCompilers` | If autoscaling enabled, this field sets maximum compiler count | `11`
+`puppetserver.multiCompilers.autoScaling.cpuUtilizationPercentage` | Target CPU utilization percentage to scale | `50`
+`puppetserver.multiCompilers.autoScaling.memoryUtilizationPercentage` | Target memory utilization percentage to scale | `50`
 `puppetserver.fqdns.alternateServerNames` | puppetserver alternate fqdns |``
 `puppetserver.service.type` | puppetserver svc type | `ClusterIP`
 `puppetserver.service.ports` | puppetserver svc exposed ports | `puppetserver`

diff --git a/k8s/init/puppet-certs/.gitignore → k8s/init/puppet-certs/puppetdb/.gitignore b/k8s/init/puppet-certs/.gitignore → k8s/init/puppet-certs/puppetdb/.gitignore
diff --git a/k8s/init/puppet-certs/puppetserver/.gitignore b/k8s/init/puppet-certs/puppetserver/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
diff --git a/k8s/templates/postgres-deployment.yaml b/k8s/templates/postgres-deployment.yaml
@@ -28,8 +28,8 @@ spec:
             {{- toYaml .Values.postgres.resources | nindent 12 }}
           env:
             {{- range $key, $value := .Values.postgres.extraEnv }}
-            - name: {{ $key }}
-              value: {{ $value }}
+            - name: "{{ $key }}"
+              value: "{{ $value }}"
             {{- end }}
             - name: POSTGRES_PASSWORD
               valueFrom:

diff --git a/k8s/templates/puppetboard-deployment.yaml b/k8s/templates/puppetboard-deployment.yaml
@@ -30,8 +30,8 @@ spec:
           ports:
           env:
           {{- range $key, $value := .Values.puppetboard.extraEnv }}
-            - name: {{ $key }}
-              value: {{ $value }}
+            - name: "{{ $key }}"
+              value: "{{ $value }}"
           {{- end }}
             - name: "PUPPETDB_HOST"
               value: "puppetdb"

diff --git a/k8s/templates/puppetdb-deployment.yaml b/k8s/templates/puppetdb-deployment.yaml
@@ -28,8 +28,8 @@ spec:
             {{- toYaml .Values.puppetdb.resources | nindent 12 }}
           env:
           {{- range $key, $value := .Values.puppetdb.extraEnv }}
-            - name: {{ $key }}
-              value: {{ $value }}
+            - name: "{{ $key }}"
+              value: "{{ $value }}"
           {{- end }}
             - name: PUPPETSERVER_HOSTNAME
               value: "puppet"

diff --git a/k8s/templates/puppetserver-deployment.yaml b/k8s/templates/puppetserver-deployment.yaml
@@ -5,11 +5,17 @@ metadata:
   labels:
     {{- include "puppetserver.puppetserver.labels" . | nindent 4 }}
 spec:
+  {{- if .Values.puppetserver.multiCompilers.enabled }}
+  replicas: {{ .Values.puppetserver.multiCompilers.manualScaling.compilers }}
+  {{- end }}
   selector:
     matchLabels:
       {{- include "puppetserver.puppetserver.matchLabels" . | nindent 6 }}
   strategy:
-    type: Recreate
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
   template:
     metadata:
       labels:
@@ -27,27 +33,40 @@ spec:
           imagePullPolicy: "{{.Values.puppetserver.pullPolicy}}"
           resources:
             {{- toYaml .Values.puppetserver.resources | nindent 12 }}
+          {{- if .Values.puppetserver.multiCompilers.enabled }}
+          env:
+            - name: PUPPET_DATA_DIR
+              value: "/etc/puppetlabs/code/environments"
+            - name: PUPPET_SSL_CERT_PEM
+              value: "/etc/puppetlabs/puppet/ssl/certs/{{ template "puppetserver.puppetserver.serviceName" . }}.pem"
+          {{- end }}
           command: [ "sh", "-c" ]
           args:
-            - mkdir -p /etc/puppetlabs/code/environments;
-              mkdir -p /etc/puppetlabs/puppet/eyaml;
+            - mkdir -p /etc/puppetlabs/puppet/eyaml;
+            {{- if .Values.puppetserver.multiCompilers.enabled }}
+              cp /etc/puppetlabs/puppet/configmap/check_for_compilers.sh /etc/puppetlabs/puppet/check_for_compilers.sh;
+              chown puppet:puppet /etc/puppetlabs/puppet/check_for_compilers.sh;
+              chmod +x /etc/puppetlabs/puppet/check_for_compilers.sh;
+              bash /etc/puppetlabs/puppet/check_for_compilers.sh;
+            {{- end }}
+              mkdir -p /etc/puppetlabs/code/environments;
               mkdir -p /etc/puppetlabs/puppet/manifests;
               mkdir -p /etc/puppetlabs/code/r10k_cache;
               chown -R puppet:puppet /etc/puppetlabs;
-              {{- if .Values.hiera.config }}
+            {{- if .Values.hiera.config }}
               cp /etc/puppetlabs/puppet/configmap/hiera.yaml /etc/puppetlabs/puppet/hiera.yaml;
               chown puppet:puppet /etc/puppetlabs/puppet/hiera.yaml;
-              {{- end }}
+            {{- end }}
               cp /etc/puppetlabs/puppet/configmap/site.pp /etc/puppetlabs/puppet/manifests/site.pp;
               chown puppet:puppet /etc/puppetlabs/puppet/manifests/site.pp;
-              {{- if or (.Values.hiera.eyaml.private_key) (.Values.hiera.eyaml.existingMap) }}
+            {{- if or (.Values.hiera.eyaml.private_key) (.Values.hiera.eyaml.existingMap) }}
               cp /etc/puppetlabs/puppet/configmap/eyaml/private_key.pkcs7.pem /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem;
               chown puppet:puppet /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem;
-              {{- end }}
-              {{- if or (.Values.hiera.eyaml.public_key) (.Values.hiera.eyaml.existingMap) }}
+            {{- end }}
+            {{- if or (.Values.hiera.eyaml.public_key) (.Values.hiera.eyaml.existingMap) }}
               cp /etc/puppetlabs/puppet/configmap/eyaml/public_key.pkcs7.pem /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem;
               chown puppet:puppet /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem;
-              {{- end }}
+            {{- end }}
           securityContext:
             runAsUser: 0
             runAsNonRoot: false
@@ -57,6 +76,11 @@ spec:
               mountPath: /etc/puppetlabs/code/
             - name: puppet-puppet-storage
               mountPath: /etc/puppetlabs/puppet/
+          {{- if .Values.puppetserver.multiCompilers.enabled }}
+            - name: init-compilers-volume
+              mountPath: /etc/puppetlabs/puppet/configmap/check_for_compilers.sh
+              subPath: check_for_compilers.sh
+          {{- end }}
           {{- if .Values.hiera.config }}
             - name: hiera-volume
               mountPath: /etc/puppetlabs/puppet/configmap/hiera.yaml
@@ -87,8 +111,8 @@ spec:
             {{- toYaml .Values.puppetserver.resources | nindent 12 }}
           env:
           {{- range $key, $value := .Values.puppetserver.extraEnv }}
-            - name: {{ $key }}
-              value: {{ $value }}
+            - name: "{{ $key }}"
+              value: "{{ $value }}"
           {{- end }}
             # necessary to set certname and server in puppet.conf, required by
             # puppetserver ca cli application
@@ -119,6 +143,9 @@ spec:
         - name: puppet-serverdata-storage
           persistentVolumeClaim:
             claimName: puppet-serverdata-claim
+        - name: init-compilers-volume
+          configMap:
+            name: init-compilers-config
       {{- if .Values.hiera.config }}
         - name: hiera-volume
           configMap:

diff --git a/k8s/templates/puppetserver-hpa.yaml b/k8s/templates/puppetserver-hpa.yaml
@@ -0,0 +1,34 @@
+{{- if .Values.puppetserver.multiCompilers.enabled }}
+{{- if .Values.puppetserver.multiCompilers.autoScaling.enabled }}
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+  name: {{ template "puppetserver.name" . }}-autoscaler
+  labels:
+    {{- include "puppetserver.puppetserver.labels" . | nindent 4 }}
+spec:
+  scaleTargetRef:
+    apiVersion: apps/v1
+    kind: Deployment
+    name: {{ template "puppetserver.name" . }}-puppetserver
+  minReplicas: {{ .Values.puppetserver.multiCompilers.autoScaling.minCompilers }}
+  maxReplicas: {{ .Values.puppetserver.multiCompilers.autoScaling.maxCompilers }}
+  metrics:
+{{- with .Values.puppetserver.multiCompilers.autoScaling.cpuUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: cpu
+        target:
+          type: Utilization
+          averageUtilization: {{ . }}
+{{- end }}
+{{- with .Values.puppetserver.multiCompilers.autoScaling.memoryUtilizationPercentage }}
+    - type: Resource
+      resource:
+        name: memory
+        target:
+          type: Utilization
+          averageUtilization: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/k8s/templates/puppetserver-init-configmap.yaml b/k8s/templates/puppetserver-init-configmap.yaml
@@ -0,0 +1,25 @@
+{{- if .Values.puppetserver.multiCompilers.enabled }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: init-compilers-config
+  labels:
+    {{- include "puppetserver.puppetserver.labels" . | nindent 4 }}
+data:
+  check_for_compilers.sh: |
+    #!/usr/bin/env bash
+    if [[ -d "$PUPPET_DATA_DIR" ]]; then
+        echo "A Puppetserver compiler has already started running."
+        echo "Waiting to finish the generation of the Puppet SSL certs..."
+        sleep 5
+        while [[ ! -f "$PUPPET_SSL_CERT_PEM" ]];
+            do
+              echo "Still waiting..."
+              sleep 5
+            done
+        sleep 60
+        echo "Puppet SSL certs have been generated. Continuing..."
+    else
+        echo "No other Puppetserver compiler is running. Continuing..."
+    fi
+{{- end }}
diff --git a/k8s/templates/r10k-code.cronjob.yaml b/k8s/templates/r10k-code.cronjob.yaml
@@ -37,8 +37,8 @@ spec:
                 {{- toYaml .Values.r10k.code.resources | nindent 16 }}
               env:
               {{- range $key, $value := .Values.r10k.code.extraEnv }}
-                - name: {{ $key }}
-                  value: {{ $value }}
+                - name: "{{ $key }}"
+                  value: "{{ $value }}"
               {{- end }}
               args:
                 - deploy

diff --git a/k8s/templates/r10k-hiera.cronjob.yaml b/k8s/templates/r10k-hiera.cronjob.yaml
@@ -37,8 +37,8 @@ spec:
                 {{- toYaml .Values.r10k.hiera.resources | nindent 16 }}
               env:
               {{- range $key, $value := .Values.r10k.hiera.extraEnv }}
-                - name: {{ $key }}
-                  value: {{ $value }}
+                - name: "{{ $key }}"
+                  value: "{{ $value }}"
               {{- end }}
               args:
                 - deploy

diff --git a/k8s/values.yaml b/k8s/values.yaml
@@ -9,6 +9,25 @@ puppetserver:
   image: puppet/puppetserver
   tag: 6.7.2
   pullPolicy: IfNotPresent
+  ## Horizontal Scaling
+  ## Optional deployment of multiple Puppet Server Compilers
+  multiCompilers:
+    enabled: true
+    ## Horizontal Pod Manual Scaling
+    ## Set the desired number of Puppet Server Compilers
+    manualScaling:
+      compilers: 3
+    ## Horizontal Pod Autoscaling
+    ## Automatically scales the number of pods (compilers)
+    ## based on observed CPU/memory utilization
+    ## Note that the metrics must be provided by
+    ## additionally deployed metrics server of your choice
+    autoScaling:
+      enabled: false
+      minCompilers: 1
+      maxCompilers: 5
+      cpuUtilizationPercentage: 50
+      memoryUtilizationPercentage: 50
   resources: {}
   #  requests:
   #    memory: 512Mi
@@ -206,7 +225,7 @@ postgres:
 puppetdb:
   name: puppetdb
   image: puppet/puppetdb
-  tag: 6.7.3
+  tag: 6.8.0
   pullPolicy: IfNotPresent
   resources: {}
   #  requests: