From 67dab2fea7b3538bf1ece963fe1649d1e873d0c0 Mon Sep 17 00:00:00 2001 From: Stefan Matting Date: Mon, 9 Dec 2024 11:21:10 +0100 Subject: [PATCH] Add helm chart for wire-server-enterprise (#4359) --- Makefile | 4 +- changelog.d/2-features/enterprise-helm-chart | 3 + charts/README.md | 6 ++ charts/wire-server-enterprise/Chart.yaml | 4 ++ .../templates/configmap.yaml | 20 +++++++ .../templates/deployment.yaml | 56 +++++++++++++++++++ .../templates/image-pull-secret.yaml | 16 ++++++ .../templates/service.yaml | 24 ++++++++ .../templates/servicemonitor.yaml | 19 +++++++ charts/wire-server-enterprise/values.yaml | 25 +++++++++ 10 files changed, 175 insertions(+), 2 deletions(-) create mode 100644 changelog.d/2-features/enterprise-helm-chart create mode 100644 charts/README.md create mode 100644 charts/wire-server-enterprise/Chart.yaml create mode 100644 charts/wire-server-enterprise/templates/configmap.yaml create mode 100644 charts/wire-server-enterprise/templates/deployment.yaml create mode 100644 charts/wire-server-enterprise/templates/image-pull-secret.yaml create mode 100644 charts/wire-server-enterprise/templates/service.yaml create mode 100644 charts/wire-server-enterprise/templates/servicemonitor.yaml create mode 100644 charts/wire-server-enterprise/values.yaml diff --git a/Makefile b/Makefile index f9711e63234..3814a47779d 100644 --- a/Makefile +++ b/Makefile @@ -7,7 +7,7 @@ DOCKER_TAG ?= $(USER) # default helm chart version must be 0.0.42 for local development (because 42 is the answer to the universe and everything) HELM_SEMVER ?= 0.0.42 # The list of helm charts needed on internal kubernetes testing environments -CHARTS_INTEGRATION := wire-server databases-ephemeral redis-cluster rabbitmq fake-aws ingress-nginx-controller nginx-ingress-controller nginx-ingress-services fluent-bit kibana restund k8ssandra-test-cluster +CHARTS_INTEGRATION := wire-server databases-ephemeral redis-cluster rabbitmq fake-aws ingress-nginx-controller nginx-ingress-controller nginx-ingress-services fluent-bit kibana restund k8ssandra-test-cluster wire-server-enterprise # The list of helm charts to publish on S3 # FUTUREWORK: after we "inline local subcharts", # (e.g. move charts/brig to charts/wire-server/brig) @@ -18,7 +18,7 @@ fake-aws fake-aws-s3 fake-aws-sqs aws-ingress fluent-bit kibana backoffice \ calling-test demo-smtp elasticsearch-curator elasticsearch-external \ elasticsearch-ephemeral minio-external cassandra-external \ nginx-ingress-controller ingress-nginx-controller nginx-ingress-services reaper restund \ -k8ssandra-test-cluster ldap-scim-bridge +k8ssandra-test-cluster ldap-scim-bridge wire-server-enterprise KIND_CLUSTER_NAME := wire-server HELM_PARALLELISM ?= 1 # 1 for sequential tests; 6 for all-parallel tests diff --git a/changelog.d/2-features/enterprise-helm-chart b/changelog.d/2-features/enterprise-helm-chart new file mode 100644 index 00000000000..0147a834851 --- /dev/null +++ b/changelog.d/2-features/enterprise-helm-chart @@ -0,0 +1,3 @@ +`charts/wire-server-enterprise` is a Helm chart to run the `wire-server-enterprise` +service. This service can only be deployed with an image pull secret (the +registry is not open to public.) diff --git a/charts/README.md b/charts/README.md new file mode 100644 index 00000000000..f6a2e676218 --- /dev/null +++ b/charts/README.md @@ -0,0 +1,6 @@ +# wire-server-enterprise + +This service contains the non-open parts of wire-server. + +The image registry is password protected. The credential can e.g. be provided by +defining `secrets.configJson` with the value provided by Wire. diff --git a/charts/wire-server-enterprise/Chart.yaml b/charts/wire-server-enterprise/Chart.yaml new file mode 100644 index 00000000000..23e202346bc --- /dev/null +++ b/charts/wire-server-enterprise/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: additional enterprise features for wire-server +name: wire-server-enterprise +version: 0.0.42 diff --git a/charts/wire-server-enterprise/templates/configmap.yaml b/charts/wire-server-enterprise/templates/configmap.yaml new file mode 100644 index 00000000000..bf901564405 --- /dev/null +++ b/charts/wire-server-enterprise/templates/configmap.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: wire-server-enterprise + labels: + app: wire-server-enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{- with .Values.config }} + wire-server-enterprise.yaml: | + logNetStrings: {{ .logNetStrings }} + logFormat: {{ .logFormat }} + logLevel: {{ .logLevel }} + + wireServerEnterprise: + host: 0.0.0.0 + port: 8080 + {{- end }} diff --git a/charts/wire-server-enterprise/templates/deployment.yaml b/charts/wire-server-enterprise/templates/deployment.yaml new file mode 100644 index 00000000000..e14b6389691 --- /dev/null +++ b/charts/wire-server-enterprise/templates/deployment.yaml @@ -0,0 +1,56 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: wire-server-enterprise + labels: + app: wire-server-enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: {{ .Values.replicaCount }} + selector: + matchLabels: + app: wire-server-enterprise + template: + metadata: + labels: + app: wire-server-enterprise + release: {{ .Release.Name }} + annotations: + # An annotation of the configmap checksum ensures changes to the configmap cause a redeployment upon `helm upgrade` + checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + spec: + imagePullSecrets: + - name: wire-server-enterprise-readonly-pull-secret + volumes: + - name: "wire-server-enterprise-config" + configMap: + name: "wire-server-enterprise" + containers: + - name: wire-server-enterprise + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + ports: + - containerPort: {{ .Values.service.internalPort }} + livenessProbe: + httpGet: + scheme: HTTP + path: /i/status + port: {{ .Values.service.internalPort }} + readinessProbe: + httpGet: + scheme: HTTP + path: /i/status + port: {{ .Values.service.internalPort }} + resources: +{{ toYaml .Values.resources | indent 12 }} + volumeMounts: + - name: "wire-server-enterprise-config" + mountPath: "/etc/wire/wire-server-enterprise/conf" + automountServiceAccountToken: false diff --git a/charts/wire-server-enterprise/templates/image-pull-secret.yaml b/charts/wire-server-enterprise/templates/image-pull-secret.yaml new file mode 100644 index 00000000000..c6a27fc34f2 --- /dev/null +++ b/charts/wire-server-enterprise/templates/image-pull-secret.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: wire-server-enterprise-readonly-pull-secret + labels: + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: kubernetes.io/dockerconfigjson +data: + {{/* for_helm_linting is necessary only since the 'with' block below does not throw an error upon an empty .Values.secrets */}} + for_helm_linting: {{ required "No .secrets found in configuration." .Values.secrets | quote | b64enc | quote }} + + {{- with .Values.secrets }} + .dockerconfigjson: {{ .configJson }} + {{- end }} diff --git a/charts/wire-server-enterprise/templates/service.yaml b/charts/wire-server-enterprise/templates/service.yaml new file mode 100644 index 00000000000..a985fc74b8f --- /dev/null +++ b/charts/wire-server-enterprise/templates/service.yaml @@ -0,0 +1,24 @@ +apiVersion: v1 +kind: Service +metadata: + name: wire-server-enterprise + labels: + app: wire-server-enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + {{- if ge (.Capabilities.KubeVersion.Minor|int) 26 }} + service.kubernetes.io/topology-mode: Auto + {{- else }} + service.kubernetes.io/topology-aware-hints: auto + {{- end }} +spec: + type: ClusterIP + ports: + - name: http + port: {{ .Values.service.externalPort }} + targetPort: {{ .Values.service.internalPort }} + selector: + app: wire-server-enterprise + release: {{ .Release.Name }} diff --git a/charts/wire-server-enterprise/templates/servicemonitor.yaml b/charts/wire-server-enterprise/templates/servicemonitor.yaml new file mode 100644 index 00000000000..dab2a8d4044 --- /dev/null +++ b/charts/wire-server-enterprise/templates/servicemonitor.yaml @@ -0,0 +1,19 @@ +{{- if .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: wire-server-enterprise + labels: + app: wire-server-enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + endpoints: + - port: http + path: /i/metrics + selector: + matchLabels: + app: wire-server-enterprise + release: {{ .Release.Name }} +{{- end }} diff --git a/charts/wire-server-enterprise/values.yaml b/charts/wire-server-enterprise/values.yaml new file mode 100644 index 00000000000..7fba58e31ca --- /dev/null +++ b/charts/wire-server-enterprise/values.yaml @@ -0,0 +1,25 @@ +replicaCount: 1 + +image: + repository: quay.io/wire/wire-server-enterprise + tag: do-not-use + +resources: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "512Mi" + +service: + internalPort: 8080 + externalPort: 8080 + +metrics: + serviceMonitor: + enabled: false + +config: + logLevel: Info + logFormat: StructuredJSON + logNetStrings: false