diff --git a/k8s/CHANGELOG.md b/k8s/CHANGELOG.md index 91428990..c053f59d 100644 --- a/k8s/CHANGELOG.md +++ b/k8s/CHANGELOG.md @@ -5,6 +5,15 @@ numbering uses [semantic versioning](http://semver.org). NOTE: The change log until version `v0.2.4` is auto-generated. +## [v1.7.0](https://github.com/Xtigyro/puppetserver-helm-chart/tree/v1.7.0) (2020-01-27) + +- Add support for multiple Puppet Compile Masters. +- Fix passing extra container environment variables. +- Indentation improvements. +- Bump default PuppetDB version to `6.8.0`. + +[Full Changelog](https://github.com/Xtigyro/puppetserver-helm-chart/compare/v1.6.6...v1.7.0) + ## [v1.6.6](https://github.com/Xtigyro/puppetserver-helm-chart/tree/v1.6.6) (2020-01-09) - Fix outdated r10k exemplary variable in README. diff --git a/k8s/Chart.yaml b/k8s/Chart.yaml index 2638b633..ac469495 100644 --- a/k8s/Chart.yaml +++ b/k8s/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Puppet automates the delivery and operation of software. name: puppetserver-helm-chart -version: 1.6.6 +version: 1.7.0 appVersion: 6.7.2 keywords: ["puppet", "puppetserver", "automation", "iac", "infrastructure", "cm", "ci", "cd"] home: https://puppet.com/ diff --git a/k8s/README.md b/k8s/README.md index 06ef91b4..d801bb44 100644 --- a/k8s/README.md +++ b/k8s/README.md @@ -95,6 +95,10 @@ drwxrws--- 4 xtigyro-samba sambashare 4096 Dec 5 21:45 ../ > **NOTE**: For more information please check - [README.md](init/README.md). For more general knowledge on the matter you can also read the article - +## Multiple Puppet Compile Masters + +To scale Puppet Server for many thousands of nodes, you’ll need to enable multiple Puppet Compile Masters using `.Values.puppetserver.multiCompilers`. These Servers are known as compile masters, and are simply additional load-balanced Puppet Servers that receive catalog requests from agents and synchronize the results with each other. + ## Chart Components * Creates four deployments: Puppet Server, PuppetDB, PosgreSQL, and Puppetboard. @@ -164,6 +168,13 @@ Parameter | Description | Default `puppetserver.preGeneratedCertsJob.enabled` | puppetserver pre-generated certs |`false` `puppetserver.preGeneratedCertsJob.jobDeadline` | puppetserver pre-generated certs job deadline in seconds |`60` `puppetserver.pullPolicy` | puppetserver img pull policy | `IfNotPresent` +`puppetserver.multiCompilers.enabled` | If true, creates multiple Puppetserver compilers | false +`puppetserver.multiCompilers.manualScaling.compilers` | If multiple compilers are enabled, this field sets compiler count | `3` +`puppetserver.multiCompilers.autoScaling.enabled` | If true, creates Horizontal Pod Autoscaler | false +`puppetserver.multiCompilers.autoScaling.minCompilers` | If autoscaling enabled, this field sets minimum compiler count | `2` +`puppetserver.multiCompilers.autoScaling.maxCompilers` | If autoscaling enabled, this field sets maximum compiler count | `11` +`puppetserver.multiCompilers.autoScaling.cpuUtilizationPercentage` | Target CPU utilization percentage to scale | `50` +`puppetserver.multiCompilers.autoScaling.memoryUtilizationPercentage` | Target memory utilization percentage to scale | `50` `puppetserver.fqdns.alternateServerNames` | puppetserver alternate fqdns |`` `puppetserver.service.type` | puppetserver svc type | `ClusterIP` `puppetserver.service.ports` | puppetserver svc exposed ports | `puppetserver` diff --git a/k8s/init/puppet-certs/.gitignore b/k8s/init/puppet-certs/puppetdb/.gitignore similarity index 100% rename from k8s/init/puppet-certs/.gitignore rename to k8s/init/puppet-certs/puppetdb/.gitignore diff --git a/k8s/init/puppet-certs/puppetserver/.gitignore b/k8s/init/puppet-certs/puppetserver/.gitignore new file mode 100644 index 00000000..5e7d2734 --- /dev/null +++ b/k8s/init/puppet-certs/puppetserver/.gitignore @@ -0,0 +1,4 @@ +# Ignore everything in this directory +* +# Except this file +!.gitignore diff --git a/k8s/templates/postgres-deployment.yaml b/k8s/templates/postgres-deployment.yaml index 92b5e132..6f040c48 100644 --- a/k8s/templates/postgres-deployment.yaml +++ b/k8s/templates/postgres-deployment.yaml @@ -28,8 +28,8 @@ spec: {{- toYaml .Values.postgres.resources | nindent 12 }} env: {{- range $key, $value := .Values.postgres.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + - name: "{{ $key }}" + value: "{{ $value }}" {{- end }} - name: POSTGRES_PASSWORD valueFrom: diff --git a/k8s/templates/puppetboard-deployment.yaml b/k8s/templates/puppetboard-deployment.yaml index 60305468..d074903e 100644 --- a/k8s/templates/puppetboard-deployment.yaml +++ b/k8s/templates/puppetboard-deployment.yaml @@ -30,8 +30,8 @@ spec: ports: env: {{- range $key, $value := .Values.puppetboard.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + - name: "{{ $key }}" + value: "{{ $value }}" {{- end }} - name: "PUPPETDB_HOST" value: "puppetdb" diff --git a/k8s/templates/puppetdb-deployment.yaml b/k8s/templates/puppetdb-deployment.yaml index 161cb9e0..7740452d 100644 --- a/k8s/templates/puppetdb-deployment.yaml +++ b/k8s/templates/puppetdb-deployment.yaml @@ -28,8 +28,8 @@ spec: {{- toYaml .Values.puppetdb.resources | nindent 12 }} env: {{- range $key, $value := .Values.puppetdb.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + - name: "{{ $key }}" + value: "{{ $value }}" {{- end }} - name: PUPPETSERVER_HOSTNAME value: "puppet" diff --git a/k8s/templates/puppetserver-deployment.yaml b/k8s/templates/puppetserver-deployment.yaml index f8927c9c..0d06ae78 100644 --- a/k8s/templates/puppetserver-deployment.yaml +++ b/k8s/templates/puppetserver-deployment.yaml @@ -5,11 +5,17 @@ metadata: labels: {{- include "puppetserver.puppetserver.labels" . | nindent 4 }} spec: + {{- if .Values.puppetserver.multiCompilers.enabled }} + replicas: {{ .Values.puppetserver.multiCompilers.manualScaling.compilers }} + {{- end }} selector: matchLabels: {{- include "puppetserver.puppetserver.matchLabels" . | nindent 6 }} strategy: - type: Recreate + type: RollingUpdate + rollingUpdate: + maxSurge: 1 + maxUnavailable: 0 template: metadata: labels: @@ -27,27 +33,40 @@ spec: imagePullPolicy: "{{.Values.puppetserver.pullPolicy}}" resources: {{- toYaml .Values.puppetserver.resources | nindent 12 }} + {{- if .Values.puppetserver.multiCompilers.enabled }} + env: + - name: PUPPET_DATA_DIR + value: "/etc/puppetlabs/code/environments" + - name: PUPPET_SSL_CERT_PEM + value: "/etc/puppetlabs/puppet/ssl/certs/{{ template "puppetserver.puppetserver.serviceName" . }}.pem" + {{- end }} command: [ "sh", "-c" ] args: - - mkdir -p /etc/puppetlabs/code/environments; - mkdir -p /etc/puppetlabs/puppet/eyaml; + - mkdir -p /etc/puppetlabs/puppet/eyaml; + {{- if .Values.puppetserver.multiCompilers.enabled }} + cp /etc/puppetlabs/puppet/configmap/check_for_compilers.sh /etc/puppetlabs/puppet/check_for_compilers.sh; + chown puppet:puppet /etc/puppetlabs/puppet/check_for_compilers.sh; + chmod +x /etc/puppetlabs/puppet/check_for_compilers.sh; + bash /etc/puppetlabs/puppet/check_for_compilers.sh; + {{- end }} + mkdir -p /etc/puppetlabs/code/environments; mkdir -p /etc/puppetlabs/puppet/manifests; mkdir -p /etc/puppetlabs/code/r10k_cache; chown -R puppet:puppet /etc/puppetlabs; - {{- if .Values.hiera.config }} + {{- if .Values.hiera.config }} cp /etc/puppetlabs/puppet/configmap/hiera.yaml /etc/puppetlabs/puppet/hiera.yaml; chown puppet:puppet /etc/puppetlabs/puppet/hiera.yaml; - {{- end }} + {{- end }} cp /etc/puppetlabs/puppet/configmap/site.pp /etc/puppetlabs/puppet/manifests/site.pp; chown puppet:puppet /etc/puppetlabs/puppet/manifests/site.pp; - {{- if or (.Values.hiera.eyaml.private_key) (.Values.hiera.eyaml.existingMap) }} + {{- if or (.Values.hiera.eyaml.private_key) (.Values.hiera.eyaml.existingMap) }} cp /etc/puppetlabs/puppet/configmap/eyaml/private_key.pkcs7.pem /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem; chown puppet:puppet /etc/puppetlabs/puppet/eyaml/private_key.pkcs7.pem; - {{- end }} - {{- if or (.Values.hiera.eyaml.public_key) (.Values.hiera.eyaml.existingMap) }} + {{- end }} + {{- if or (.Values.hiera.eyaml.public_key) (.Values.hiera.eyaml.existingMap) }} cp /etc/puppetlabs/puppet/configmap/eyaml/public_key.pkcs7.pem /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem; chown puppet:puppet /etc/puppetlabs/puppet/eyaml/public_key.pkcs7.pem; - {{- end }} + {{- end }} securityContext: runAsUser: 0 runAsNonRoot: false @@ -57,6 +76,11 @@ spec: mountPath: /etc/puppetlabs/code/ - name: puppet-puppet-storage mountPath: /etc/puppetlabs/puppet/ + {{- if .Values.puppetserver.multiCompilers.enabled }} + - name: init-compilers-volume + mountPath: /etc/puppetlabs/puppet/configmap/check_for_compilers.sh + subPath: check_for_compilers.sh + {{- end }} {{- if .Values.hiera.config }} - name: hiera-volume mountPath: /etc/puppetlabs/puppet/configmap/hiera.yaml @@ -87,8 +111,8 @@ spec: {{- toYaml .Values.puppetserver.resources | nindent 12 }} env: {{- range $key, $value := .Values.puppetserver.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + - name: "{{ $key }}" + value: "{{ $value }}" {{- end }} # necessary to set certname and server in puppet.conf, required by # puppetserver ca cli application @@ -119,6 +143,9 @@ spec: - name: puppet-serverdata-storage persistentVolumeClaim: claimName: puppet-serverdata-claim + - name: init-compilers-volume + configMap: + name: init-compilers-config {{- if .Values.hiera.config }} - name: hiera-volume configMap: diff --git a/k8s/templates/puppetserver-hpa.yaml b/k8s/templates/puppetserver-hpa.yaml new file mode 100644 index 00000000..fa1566c3 --- /dev/null +++ b/k8s/templates/puppetserver-hpa.yaml @@ -0,0 +1,34 @@ +{{- if .Values.puppetserver.multiCompilers.enabled }} +{{- if .Values.puppetserver.multiCompilers.autoScaling.enabled }} +apiVersion: autoscaling/v2beta2 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "puppetserver.name" . }}-autoscaler + labels: + {{- include "puppetserver.puppetserver.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "puppetserver.name" . }}-puppetserver + minReplicas: {{ .Values.puppetserver.multiCompilers.autoScaling.minCompilers }} + maxReplicas: {{ .Values.puppetserver.multiCompilers.autoScaling.maxCompilers }} + metrics: +{{- with .Values.puppetserver.multiCompilers.autoScaling.cpuUtilizationPercentage }} + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: {{ . }} +{{- end }} +{{- with .Values.puppetserver.multiCompilers.autoScaling.memoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + target: + type: Utilization + averageUtilization: {{ . }} +{{- end }} +{{- end }} +{{- end }} diff --git a/k8s/templates/puppetserver-init-configmap.yaml b/k8s/templates/puppetserver-init-configmap.yaml new file mode 100644 index 00000000..e6629e2a --- /dev/null +++ b/k8s/templates/puppetserver-init-configmap.yaml @@ -0,0 +1,25 @@ +{{- if .Values.puppetserver.multiCompilers.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: init-compilers-config + labels: + {{- include "puppetserver.puppetserver.labels" . | nindent 4 }} +data: + check_for_compilers.sh: | + #!/usr/bin/env bash + if [[ -d "$PUPPET_DATA_DIR" ]]; then + echo "A Puppetserver compiler has already started running." + echo "Waiting to finish the generation of the Puppet SSL certs..." + sleep 5 + while [[ ! -f "$PUPPET_SSL_CERT_PEM" ]]; + do + echo "Still waiting..." + sleep 5 + done + sleep 60 + echo "Puppet SSL certs have been generated. Continuing..." + else + echo "No other Puppetserver compiler is running. Continuing..." + fi +{{- end }} diff --git a/k8s/templates/r10k-code.cronjob.yaml b/k8s/templates/r10k-code.cronjob.yaml index dfc9043f..9054a1dd 100644 --- a/k8s/templates/r10k-code.cronjob.yaml +++ b/k8s/templates/r10k-code.cronjob.yaml @@ -37,8 +37,8 @@ spec: {{- toYaml .Values.r10k.code.resources | nindent 16 }} env: {{- range $key, $value := .Values.r10k.code.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + - name: "{{ $key }}" + value: "{{ $value }}" {{- end }} args: - deploy diff --git a/k8s/templates/r10k-hiera.cronjob.yaml b/k8s/templates/r10k-hiera.cronjob.yaml index f51f089f..fbfc4269 100644 --- a/k8s/templates/r10k-hiera.cronjob.yaml +++ b/k8s/templates/r10k-hiera.cronjob.yaml @@ -37,8 +37,8 @@ spec: {{- toYaml .Values.r10k.hiera.resources | nindent 16 }} env: {{- range $key, $value := .Values.r10k.hiera.extraEnv }} - - name: {{ $key }} - value: {{ $value }} + - name: "{{ $key }}" + value: "{{ $value }}" {{- end }} args: - deploy diff --git a/k8s/values.yaml b/k8s/values.yaml index af9c9d6f..8d0e597a 100644 --- a/k8s/values.yaml +++ b/k8s/values.yaml @@ -9,6 +9,25 @@ puppetserver: image: puppet/puppetserver tag: 6.7.2 pullPolicy: IfNotPresent + ## Horizontal Scaling + ## Optional deployment of multiple Puppet Server Compilers + multiCompilers: + enabled: true + ## Horizontal Pod Manual Scaling + ## Set the desired number of Puppet Server Compilers + manualScaling: + compilers: 3 + ## Horizontal Pod Autoscaling + ## Automatically scales the number of pods (compilers) + ## based on observed CPU/memory utilization + ## Note that the metrics must be provided by + ## additionally deployed metrics server of your choice + autoScaling: + enabled: false + minCompilers: 1 + maxCompilers: 5 + cpuUtilizationPercentage: 50 + memoryUtilizationPercentage: 50 resources: {} # requests: # memory: 512Mi @@ -206,7 +225,7 @@ postgres: puppetdb: name: puppetdb image: puppet/puppetdb - tag: 6.7.3 + tag: 6.8.0 pullPolicy: IfNotPresent resources: {} # requests: