From 3241dbd00e9d66f07fc07d3b681d0db9ab79846e Mon Sep 17 00:00:00 2001 From: Gavin Halliday Date: Fri, 14 Apr 2023 16:27:45 +0100 Subject: [PATCH] Community Edition 9.0.2-rc2 Release Candidate 2 Signed-off-by: Gavin Halliday --- helm/hpcc/Chart.yaml | 4 +- helm/hpcc/templates/_helpers.tpl | 2 +- helm/hpcc/templates/_helpers.tpl.fixed | 2201 ++++++++++++++++++++++++ helm/hpcc/templates/dafilesrv.yaml | 2 +- helm/hpcc/templates/dali.yaml | 2 +- helm/hpcc/templates/dfuserver.yaml | 2 +- helm/hpcc/templates/eclagent.yaml | 4 +- helm/hpcc/templates/eclccserver.yaml | 4 +- helm/hpcc/templates/eclscheduler.yaml | 2 +- helm/hpcc/templates/esp.yaml | 2 +- helm/hpcc/templates/localroxie.yaml | 2 +- helm/hpcc/templates/roxie.yaml | 8 +- helm/hpcc/templates/sasha.yaml | 2 +- helm/hpcc/templates/thor.yaml | 10 +- version.cmake | 2 +- 15 files changed, 2225 insertions(+), 24 deletions(-) create mode 100644 helm/hpcc/templates/_helpers.tpl.fixed diff --git a/helm/hpcc/Chart.yaml b/helm/hpcc/Chart.yaml index d7acf022e20..52d58f881b2 100644 --- a/helm/hpcc/Chart.yaml +++ b/helm/hpcc/Chart.yaml @@ -6,9 +6,9 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. -version: 9.0.2-rc1 +version: 9.0.2-rc2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. -appVersion: 9.0.2-rc1 +appVersion: 9.0.2-rc2 diff --git a/helm/hpcc/templates/_helpers.tpl b/helm/hpcc/templates/_helpers.tpl index 41e08edd088..5cdbab5dfc5 100644 --- a/helm/hpcc/templates/_helpers.tpl +++ b/helm/hpcc/templates/_helpers.tpl @@ -1215,7 +1215,7 @@ kind: Service metadata: name: {{ $lvars.serviceName | quote }} labels: - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- include "hpcc.addStandardLabels" (dict "root" $.root "instance" $lvars.serviceName ) | indent 4 }} {{- if $lvars.labels }} {{ toYaml $lvars.labels | indent 4 }} diff --git a/helm/hpcc/templates/_helpers.tpl.fixed b/helm/hpcc/templates/_helpers.tpl.fixed new file mode 100644 index 00000000000..5ea8c1986e0 --- /dev/null +++ b/helm/hpcc/templates/_helpers.tpl.fixed @@ -0,0 +1,2201 @@ +{{/* + +--- DO NOT EDIT THIS FILE - all configuration of HPCC platform should be done via values.yaml ---- + +############################################################################## + + HPCC SYSTEMS software Copyright (C) 2021 HPCC Systems®. + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + +############################################################################## + +*/}} +{{/* +Expand the name of the chart. +Pass in dict with root +*/}} +{{- define "hpcc.name" -}} +{{- default .root.Chart.Name .root.Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +Pass in dict with root +*/}} +{{- define "hpcc.fullname" -}} +{{- if .root.Values.fullnameOverride -}} +{{- .root.Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .root.Chart.Name .root.Values.nameOverride -}} +{{- if contains $name .root.Release.Name -}} +{{- .root.Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .root.Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +Pass in dict with root +*/}} +{{- define "hpcc.chart" -}} +{{- printf "%s-%s" .root.Chart.Name .root.Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Translate a port list to a comma-separated list +*/}} +{{- define "hpcc.portListToCommas" -}} + {{- if hasPrefix "[]" (typeOf .) -}} + {{- $local := dict "first" true -}} + {{- range $key, $value := . -}}{{- if not $local.first -}},{{- end -}}{{- $value -}}{{- $_ := set $local "first" false -}}{{- end -}} + {{- else -}} + {{- . -}} + {{- end -}} +{{- end -}} + +{{/* +Return the name of the first plane that matches a particular category +Pass in dict with root, category +*/}} +{{- define "hpcc.getFirstPlaneForCategory" -}} +{{- $root := .root -}} +{{- $category := .category -}} +{{- $storage := ($root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $firstPlane := dict -}} +{{- range $plane := $planes -}} +{{- if not $plane.disabled -}} +{{- if not $firstPlane.plane -}} +{{- if (eq $category $plane.category) -}} +{{- $_ := set $firstPlane "plane" $plane.name -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} +{{- if $firstPlane.plane -}} +{{- $firstPlane.plane -}} +{{- end -}} +{{- end -}} + +{{- define "hpcc.hasPlaneForCategory" -}} +{{- if (include "hpcc.getFirstPlaneForCategory" .) -}} +true +{{- end -}} +{{- end -}} + +{{/* +Return the name of the default plane for this component that matches a particular category +Pass in dict with root, category, me +*/}} +{{- define "hpcc.getDefaultPlane" -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planeKey := (printf "%sPlane" .category) -}} +{{- $firstPlane := (include "hpcc.getFirstPlaneForCategory" .) -}} +{{- get .me $planeKey | default $firstPlane -}} +{{- end -}} + +{{/* +Get default data plane +*/}} +{{- define "hpcc.getDefaultDataPlane" -}} +{{- include "hpcc.getFirstPlaneForCategory" (dict "root" $ "category" "data") -}} +{{- end -}} + +{{/* +Get default spill plane +*/}} +{{- define "hpcc.getDefaultSpillPlane" -}} +{{- include "hpcc.getFirstPlaneForCategory" (dict "root" $ "category" "spill") -}} +{{- end -}} + +{{/* +Get default dll plane +*/}} +{{- define "hpcc.getDefaultDllPlane" -}} +{{- include "hpcc.getFirstPlaneForCategory" (dict "root" $ "category" "dll") -}} +{{- end -}} + +{{/* +Get default git plane +*/}} +{{- define "hpcc.getDefaultGitPlane" -}} +{{- include "hpcc.getFirstPlaneForCategory" (dict "root" $ "category" "git") | default (include "hpcc.getFirstPlaneForCategory" (dict "root" $ "category" "dll")) -}} +{{- end -}} + +{{/* +Returns the largest number of workers from all the thors +*/}} +{{- define "hpcc.getMaxNumWorkers" -}} + {{- $maxNumWorkers := 1 -}} + {{- range $thor := .Values.thor -}} + {{- $maxNumWorkers = max $maxNumWorkers $thor.numWorkers -}} + {{- end -}} + {{- $maxNumWorkers -}} +{{- end -}} + +{{/* +Returns true if the given certificate issuer is enabled, otherwise false +*/}} +{{- define "hpcc.isIssuerEnabled" -}} +{{- $certificates := (.root.Values.certificates | default dict) -}} +{{- if $certificates.enabled -}} + {{- $issuers := ($certificates.issuers | default dict) -}} + {{- $issuer := get $issuers .issuerKeyName -}} + {{- if $issuer -}} + {{- (hasKey $issuer "enabled" | ternary $issuer.enabled true) }} + {{- else -}} +false + {{- end -}} +{{- else -}} +false +{{- end -}} +{{- end -}} + +{{/* +Returns true if mtls should be enabled, otherwise false +*/}} +{{- define "hpcc.isMtlsEnabled" -}} +{{- $security := .root.Values.security | default dict -}} +{{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" "local")) "true" -}} + {{- (hasKey $security "mtls" | ternary $security.mtls true) -}} +{{- else -}} +false +{{- end -}} +{{- end -}} + + +{{/* +Generate global ConfigMap info +Pass in root as . +*/}} +{{- define "hpcc.generateGlobalConfigMap" -}} +{{- /*Create local variables which always exist to avoid having to check if intermediate key values exist*/ -}} +{{- $storage := (.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $certificates := (.Values.certificates | default dict) -}} +{{- $issuers := ($certificates.issuers | default dict) -}} +{{- $security := .Values.security | default dict -}} +mtls: {{ (include "hpcc.isMtlsEnabled" (dict "root" $)) }} +imageVersion: {{ .Values.global.image.version | default .Chart.Version }} +singleNode: {{ .Values.global.singleNode | default false }} +{{ if .Values.global.defaultEsp -}} +defaultEsp: {{ .Values.global.defaultEsp | quote }} +{{ end -}} +services: +{{ include "hpcc.generateConfigMapServices" . }} +secretTimeout: {{ .Values.secrets.timeout | default 300 }} +storage: +{{- if hasKey $storage "hostGroups" }} + hostGroups: +{{ toYaml $storage.hostGroups | indent 2 }} +{{- end }} +{{- if hasKey $storage "remote" }} + remote: +{{ toYaml $storage.remote | indent 2 }} +{{- end }} + dataPlane: {{ include "hpcc.getDefaultDataPlane" . }} +{{- if hasKey $storage "indexBuildPlane" }} + indexBuildPlane: {{ $storage.indexBuildPlane }} +{{- end }} + planes: +{{- /*Generate entries for each data plane (removing the pvc). Exclude the planes used for dlls and dali.*/ -}} +{{- range $plane := $planes }} + {{- if not $plane.disabled }} + - name: {{ $plane.name | quote }} + {{- $planeYaml := omit $plane "name" "pvc" "storageClass" "storageSize" "subPath" "numMounts" -}} + {{- if $plane.subPath -}} + {{- $_ := set $planeYaml "prefix" (printf "%s/%s" $planeYaml.prefix $plane.subPath) -}} + {{- end -}} + {{- if and (eq "data" $plane.category) (not $plane.defaultSprayParts) -}} + {{- $_ := set $planeYaml "defaultSprayParts" (include "hpcc.getMaxNumWorkers" $ | int) -}} + {{- end -}} + {{- /* Make sure there is enough containers provided if storageapi used*/ -}} + {{- if $plane.storageapi -}} + {{- $numDevices := int ( $plane.numDevices | default $plane.numDevices | default 1 ) }} + {{- $numContainers := len ($plane.storageapi.containers | default list) -}} + {{- if ne $numDevices $numContainers -}} + {{- $_ := fail (printf "Storage plane '%s' requires %d containers under storageapi" $plane.name $numDevices) -}} + {{- end -}} + {{- end -}} + {{- /* Remove pvc-related properties from the aliases*/ -}} + {{- if $plane.aliases }} + {{- $_ := set $planeYaml "aliases" (deepCopy $plane.aliases) -}} + {{- range $alias := $planeYaml.aliases -}} + {{- $_ := unset $alias "pvc" }} + {{- $_ := unset $alias "numMounts" }} + {{- end -}} + {{- end -}} + {{- toYaml $planeYaml | nindent 4 }} + {{- end }} + +{{- end }} +{{- if not (include "hpcc.hasPlaneForCategory" (dict "root" $ "category" "spill")) }} + - name: hpcc-spill-plane + prefix: {{ .Values.global.defaultSpillPath | default "/var/lib/HPCCSystems/hpcc-spill" | quote }} + category: spill +{{- end }} +{{- if .Values.global.cost }} +cost: +{{ toYaml .Values.global.cost | indent 2 }} +{{- end }} +{{- if .Values.global.logAccess }} +logAccess: +{{ toYaml .Values.global.logAccess | indent 2 }} +{{- end }} +{{- if .Values.global.expert }} +expert: +{{ toYaml .Values.global.expert | indent 2 }} +{{- end }} +{{- end -}} + +{{/* +Generate dfuserver queues +Pass in root +*/}} +{{- define "hpcc.generateConfigDfuQueues" -}} +{{- range $queue := .root.Values.dfuserver }} +{{- if not $queue.disabled }} +- name: {{ .name }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Generate local logging info, merged with global +Pass in dict with root and me +*/}} +{{- define "hpcc.generateLoggingConfig" -}} +{{- $logging := deepCopy (.me.logging | default dict) | mergeOverwrite dict (.root.Values.global.logging | default dict) -}} +{{- if not (empty $logging) }} +logging: +{{ toYaml $logging | indent 2 }} +{{- end -}} +{{- end -}} + +{{/* +Generate local metrics configuration, merged with global +Pass in dict with root and me +*/}} +{{- define "hpcc.generateMetricsConfig" -}} +{{- $metrics := deepCopy (.me.metrics | default dict) | mergeOverwrite dict (.root.Values.global.metrics | default dict) -}} +{{- if not (empty $metrics) }} +metrics: +{{ toYaml $metrics | indent 2 }} +{{- end -}} +{{- end -}} + +{{/* +Add ConfigMap volume mount for a component +*/}} +{{- define "hpcc.addConfigMapVolumeMount" -}} +- name: {{ .name }}-temp-volume + mountPath: /tmp +- name: {{ .name }}-hpcctmp-volume + mountPath: /var/lib/HPCCSystems +- name: {{ .name }}-configmap-volume + mountPath: /etc/config +{{- end -}} + +{{/* +Add ConfigMap volume for a component +*/}} +{{- define "hpcc.addConfigMapVolume" -}} +- name: {{ .name }}-temp-volume + emptyDir: {} +- name: {{ .name }}-hpcctmp-volume + emptyDir: {} +- name: {{ .name }}-configmap-volume + configMap: + name: {{ .name }}-configmap +{{- end -}} + +{{/* +Add volume mounts +Pass in root, me (the component), includeCategories (optional) and/or includeNames (optional) +Note: if there are multiple planes (other than dll, dali and spill planes), they should be all called with a single call +to addVolumeMounts so that if a plane can be used for multiple purposes then duplicate volume mounts are not created. +*/}} +{{- define "hpcc.addVolumeMounts" -}} +{{- /*Create local variables which always exist to avoid having to check if intermediate key values exist*/ -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $includeCategories := .includeCategories | default list -}} +{{- $includeNames := .includeNames | default list -}} +{{- $component := .me -}} +{{- $previousMounts := dict -}} +{{- range $plane := $planes -}} + {{- if not $plane.disabled }} + {{- $componentMatches := or (not (hasKey $plane "components")) (has $component.name $plane.components) -}} + {{- if and (or (has $plane.category $includeCategories) (has $plane.name $includeNames)) $componentMatches }} + {{- /*This plane is required - generate a mount if it has not already been created, and any aliases*/ -}} + {{- if or ($plane.pvc) (hasKey $plane "storageClass") }} + {{- if not (hasKey $previousMounts $plane.prefix) }} + {{- $mountPath := $plane.prefix }} + {{- $numMounts := int ( $plane.numMounts | default $plane.numDevices | default 1 ) }} + {{- if le $numMounts 1 }} +- name: {{ lower $plane.name }}-pv + mountPath: {{ $mountPath | quote }} + {{- else }} + {{- range $elem := untilStep 1 (int (add $numMounts 1)) 1 }} +- name: {{ lower $plane.name }}-pv-many-{{ $elem }} + mountPath: {{ printf "%s/d%d" $mountPath $elem | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- $_ := set $previousMounts $plane.prefix true -}} + {{- end }} + + {{- /*Generate entries for each alias of the plane*/ -}} + {{- $curAlias := dict "num" 1 -}} + {{- range $alias := $plane.aliases | default list }} + {{- $aliasComponentMatches := or (not (hasKey $alias "components")) (has $component.name $alias.components) -}} + {{- if and $alias.pvc $aliasComponentMatches }} + {{- if not (hasKey $previousMounts $alias.prefix) }} + {{- $mountPath := $alias.prefix }} + {{- $numMounts := int ( $alias.numMounts | default $plane.numDevices | default 1 ) }} + {{- if le $numMounts 1 }} +- name: {{ lower $plane.name }}-pv-alias-{{ $curAlias.num }} + mountPath: {{ $mountPath | quote }} + {{- else }} + {{- range $elem := untilStep 1 (int (add $numMounts 1)) 1 }} +- name: {{ lower $plane.name }}-pv-alias-{{ $curAlias.num }}-many-{{ $elem }} + mountPath: {{ printf "%s/d%d" $mountPath $elem | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- $_ := set $previousMounts $plane.prefix true -}} + {{- $_ := set $curAlias "num" (add $curAlias.num 1) }} + {{- end }} + {{- end }} + + {{- end }} + {{- end }} +{{- end }} +{{- end -}} + +{{/* +Add volumes +Pass in root, me (the component), includeCategories (optional) and includeNames (optional) +The plane will generate a volume if it matches either an includeLabel or an includeName +*/}} +{{- define "hpcc.addVolumes" -}} +{{- /*Create local variables which always exist to avoid having to check if intermediate key values exist*/ -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $includeCategories := .includeCategories | default list -}} +{{- $includeNames := .includeNames | default list -}} +{{- $component := .me -}} +{{- $previousMounts := dict -}} +{{- range $plane := $planes -}} + {{- if not $plane.disabled -}} + {{- $componentMatches := or (not (hasKey $plane "components")) (has $component.name $plane.components) -}} + {{- if and (or (has $plane.category $includeCategories) (has $plane.name $includeNames)) $componentMatches }} + {{- if or ($plane.pvc) (hasKey $plane "storageClass") -}} + {{- if not (hasKey $previousMounts $plane.prefix) }} + {{- $pvc := hasKey $plane "pvc" | ternary $plane.pvc (printf "%s-%s-pvc" (include "hpcc.fullname" $) $plane.name) }} + {{- $numMounts := int ( $plane.numMounts | default $plane.numDevices | default 1 ) }} + {{- if le $numMounts 1 }} +- name: {{ lower $plane.name }}-pv + persistentVolumeClaim: + claimName: {{ $pvc }} + {{- else }} + {{- range $elem := until $numMounts }} +- name: {{ lower $plane.name }}-pv-many-{{ add $elem 1 }} + persistentVolumeClaim: + claimName: {{ $pvc }}-{{ add $elem 1 }} + {{- end }} + {{- end }} + {{- $_ := set $previousMounts $plane.prefix true }} + {{- end }} + {{- end }} + + {{- /*Generate entries for each alias of the plane*/ -}} + {{- $curAlias := dict "num" 1 -}} + {{- range $alias := $plane.aliases | default list }} + {{- $aliasComponentMatches := or (not (hasKey $alias "components")) (has $component.name $alias.components) -}} + {{- if and $alias.pvc $aliasComponentMatches }} + {{- if not (hasKey $previousMounts $alias.prefix) }} + {{- $pvc := $alias.pvc }} + {{- $numMounts := int ( $alias.numMounts | default $plane.numDevices | default 1 ) }} + {{- if le $numMounts 1 }} +- name: {{ lower $plane.name }}-pv-alias-{{ $curAlias.num }} + persistentVolumeClaim: + claimName: {{ $pvc }} + {{- else }} + {{- range $elem := until $numMounts }} +- name: {{ lower $plane.name }}-pv-alias-{{ $curAlias.num }}-many-{{ add $elem 1 }} + persistentVolumeClaim: + claimName: {{ $pvc }}-{{ add $elem 1 }} + {{- end }} + {{- end }} + {{- $_ := set $previousMounts $alias.prefix true }} + {{- $_ := set $curAlias "num" (add $curAlias.num 1) }} + {{- end }} + {{- end }} + {{- end }} + + {{- end }} + {{- end }} +{{- end -}} +{{- end -}} + +{{/* +Check that the data plane name is valid, and report an error if not +Pass in dict with root, planeName and optional contextPrefix +*/}} +{{- define "hpcc.checkPlaneExists" -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $name := .planeName -}} +{{- $ctxMsg := .contextPrefix | default "" -}} +{{- $matched := dict -}} +{{- range $plane := $planes -}} + {{- if not $plane.disabled -}} + {{- if (eq $plane.name $name) -}} + {{- $_ := set $matched "ok" true -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if not $matched.ok -}} + {{- $_ := fail (printf "%sStorage plane %s does not exist" $ctxMsg $name) -}} +{{- end -}} +{{- end -}} + +{{/* +Return the path associated with a data plane. +Pass in dict with root, planeName +*/}} +{{- define "hpcc.getPlanePrefix" -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $name := .planeName -}} +{{- range $plane := $planes -}} + {{- if (eq $plane.name $name) -}} + {{- if $plane.subPath -}} + {{- printf "%s/%s" $plane.prefix $plane.subPath | quote -}} + {{- else -}} + {{- $plane.prefix | quote -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Add the secret volume mounts for a component +Pass in dict with root and secretsCategories +*/}} +{{- define "hpcc.addSecretVolumeMounts" -}} +{{- $secretsCategories := .secretsCategories -}} +{{- range $category, $key := .root.Values.secrets -}} + {{- if (has $category $secretsCategories) -}} + {{- range $secretid, $secretname := $key }} +- name: secret-{{ $secretid }} + mountPath: /opt/HPCCSystems/secrets/{{ $category }}/{{ $secretid }} + {{ end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Generate Prometheus scrape annotations +Enables selfdiscovery of metrics service on configured path/port +Requires sinks[type=prometheus] +Pass in dict with sinks +*/}} +{{- define "hpcc.addPrometheusScrapeAnnotations" -}} +{{- if hasKey . "sinks" }} + {{ range $sink := .sinks -}} + {{- if eq (get $sink "type") "prometheus" }} + {{- if and (hasKey $sink "settings") ( hasKey $sink.settings "autodiscovery") }} + {{- if (eq $sink.settings.autodiscovery true ) }} +prometheus.io/scrape: 'true' +prometheus.io/path: {{ $sink.settings.path | default "/metrics" }} +prometheus.io/port: {{ $sink.settings.port | default 8767 | quote }} + {{ end }} + {{ end }} + {{ end }} + {{ end}} +{{ end}} +{{- end -}} + +{{/* +Add Secret volume for a component +Pass in dict with root and secretsCategories +*/}} +{{- define "hpcc.addSecretVolumes" -}} +{{- $component := .component -}} +{{- $secretsCategories := .secretsCategories -}} +{{- range $category, $key := .root.Values.secrets -}} +{{- if (has $category $secretsCategories) -}} +{{- range $secretid, $secretname := $key }} +- name: secret-{{ $secretid }} + secret: + secretName: {{ $secretname }} +{{- end -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Add sentinel-based probes for a component +*/}} +{{- define "hpcc.addSentinelProbes" -}} +{{- $minStartupTime := .minStartupTime | default 0 }} +{{- $maxStartupTime := .maxStartupTime | default 300 }} +{{- $readyProbeName := .readyProbeName | default "" }} +{{- $numAttempts := div (sub $maxStartupTime $minStartupTime) 10 }} +startupProbe: + exec: + command: + - cat + - "/tmp/{{ .name }}.sentinel" + failureThreshold: {{ $numAttempts }} + periodSeconds: 10 + initialDelaySeconds: {{ $minStartupTime }} +readinessProbe: + exec: + command: + - cat + - "/tmp/{{ .name }}.sentinel{{ $readyProbeName }}" + periodSeconds: 10 +{{ end -}} + + +{{/* +Generate vault info +*/}} +{{- define "hpcc.generateVaultConfig" -}} +{{- $secretsCategories := .secretsCategories -}} +vaults: +{{- range $categoryname, $category := .root.Values.vaults -}} + {{- if (has $categoryname $secretsCategories) }} + {{ $categoryname }}: + {{- range $vault := . }} + - name: {{ $vault.name }} + kind: {{ $vault.kind }} + {{- if $vault.namespace }} + namespace: {{ $vault.namespace }} + {{- end }} + {{- if (hasKey $vault "verify_server") }} + verify_server: {{ $vault.verify_server }} + {{- end }} + url: {{ $vault.url }} + {{- if index $vault "client-secret" }} + client-secret: {{ index $vault "client-secret" }} + {{- end -}} + {{- if index $vault "appRoleId" }} + appRoleId: {{ index $vault "appRoleId" }} + {{- end -}} + {{- if index $vault "appRoleSecret" }} + appRoleSecret: {{ index $vault "appRoleSecret" }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Check whether a storage plane is defined or not. +*/}} +{{- define "hpcc.checkValidStoragePlane" -}} +{{- $search := .search -}} +{{- $category := .category -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $done := dict -}} +{{- range $plane := $planes -}} + {{- if not $plane.disabled -}} + {{- if eq $category $plane.category -}} + {{- if eq $search $plane.name -}} + {{- $_ := set $done "matched" true -}} + {{- end -}} + {{- $_ := set $done "all" ( printf "%s \"%s\"" $done.all $plane.name) -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- if not $done.matched -}} + {{- $_ := required (printf "%s plane %s for %s is not defined (defined %s planes are:%s)" .type $search .for $category $done.all ) nil }} +{{- end -}} +{{- end -}} + +{{/* +Check that the storage and spill planes for a component exist +*/}} +{{- define "hpcc.checkDefaultStoragePlane" -}} +{{- if (hasKey .me "dataPlane") }} + {{- $search := .me.dataPlane -}} + {{- include "hpcc.checkValidStoragePlane" (dict "search" $search "root" .root "category" "data" "type" "storage data" "for" .me.name) -}} +{{- end }} +{{- if (hasKey .me "spillPlane") }} + {{- $search := .me.spillPlane -}} + {{- include "hpcc.checkValidStoragePlane" (dict "search" $search "root" .root "category" "spill" "type" "storage spill" "for" .me.name) -}} +{{- end }} +{{- if (hasKey .me "indexBuildPlane") }} + {{- $search := .me.indexBuildPlane -}} + {{- include "hpcc.checkValidStoragePlane" (dict "search" $search "root" .root "category" "data" "type" "storage data" "for" .me.name) -}} +{{- end }} +{{- end -}} + +{{/* +Add command for a component +*/}} +{{- define "hpcc.componentCommand" -}} +{{- if .me.valgrind -}} +valgrind +{{- else if (include "hpcc.hasPlaneForCategory" (dict "root" .root "category" "debug")) -}} +check_executes +{{- else -}} +{{ .process }} +{{- end }} +{{- end -}} + +{{/* +Add extra args for a component +*/}} +{{- define "hpcc.componentStartArgs" -}} +{{- if .me.valgrind -}} +"--leak-check=full", +"--show-leak-kinds=all", +"--track-origins=yes", +"--num-callers=8", +"--log-fd=1", +{{ .process | quote }}, +{{- else if (include "hpcc.hasPlaneForCategory" (dict "root" .root "category" "debug")) -}} + {{- $debugPlane := .me.debugPlane | default (include "hpcc.getFirstPlaneForCategory" (dict "root" .root "category" "debug")) -}} + {{- include "hpcc.checkPlaneExists" (dict "root" .root "planeName" $debugPlane) -}} + {{- $prefix := include "hpcc.getPlanePrefix" (dict "root" .root "planeName" $debugPlane) -}} +"-d", {{ $prefix }}, +"--", +{{ .process | quote }}, +{{- end }} +{{- end -}} + +{{/* +Add config arg for a component +*/}} +{{- define "hpcc.configArg" -}} +"--config=/etc/config/{{ .name }}.yaml" +{{- end -}} + +{{/* +Add dali arg for a component +Pass in dict with root, component (in case of error), optional (true if daliArg is optional) +*/}} +{{- define "hpcc.daliArg" -}} + {{- if empty .root.Values.dali -}} + {{- if not .optional -}} + {{- $_ := fail (printf "%s requires a DALI to be defined" .component) -}} + {{- end -}} + {{- else -}} + {{- $dali := (index .root.Values.dali 0) -}} + {{- $daliService := $dali.service | default dict -}} + {{- $daliHost := .overrideDaliHost | default $dali.name -}} + {{- $daliServicePort := .overrideDaliPort | default ($daliService.servicePort | default 7070) -}} +"--daliServers={{ $daliHost }}:{{ $daliServicePort }}" + {{- end -}} +{{- end -}} + +{{/* +Get image name +*/}} +{{- define "hpcc.imageName" -}} +{{- /* Pass in a dictionary with root and me defined */ -}} +{{- if .me.image -}} +{{ .me.image.root | default .root.Values.global.image.root | default "hpccsystems" }}/{{ .me.image.name | default .root.Values.global.image.name | default "platform-core" }}:{{ .me.image.version | default .root.Values.global.image.version | default .root.Chart.Version }} +{{- else -}} +{{ .root.Values.global.image.root | default "hpccsystems" }}/{{ .root.Values.global.image.name | default "platform-core" }}:{{ .root.Values.global.image.version | default .root.Chart.Version }} +{{- end -}} +{{- end -}} + +{{/* +Add image attributes for a component +Pass in a dictionary with root, me and imagename defined +*/}} +{{- define "hpcc.addImageAttrs" -}} +image: {{ include "hpcc.imageName" . | quote }} +{{ if .me.image -}} +imagePullPolicy: {{ .me.image.pullPolicy | default .root.Values.global.image.pullPolicy | default "IfNotPresent" }} +{{- else -}} +imagePullPolicy: {{ .root.Values.global.image.pullPolicy | default "IfNotPresent" }} +{{- end -}} +{{- end -}} + +{{/* +Add image pull credentials for a component +Pass in a dictionary with root and me defined +*/}} +{{- define "hpcc.addImagePullSecrets" -}} +{{- $secret := dict -}} +{{- if .me.image -}} +{{- $_ := set $secret "imagePullSecrets" (.me.image.imagePullSecrets | default .root.Values.global.image.imagePullSecrets) -}} +{{- else -}} +{{- $_ := set $secret "imagePullSecrets" .root.Values.global.image.imagePullSecrets -}} +{{- end -}} +{{- if $secret.imagePullSecrets -}} +imagePullSecrets: +- name: {{ $secret.imagePullSecrets }} +{{ end -}} +{{- end -}} + +{{/* +A kludge to ensure mounted storage (e.g. for nfs, minikube or docker for desktop) has correct permissions for PV +*/}} +{{- define "hpcc.changeMountPerms" -}} +# This is a bit of a hack, to ensure that the persistent storage mounted is writable. +# This is only required when mounting a remote filing systems from another container or machine. +# NB: this includes where the filing system is on the containers host machine . +# Examples include, minikube, docker for desktop, or NFS mounted storage. +{{- $permCmd := printf "chown -R %v:%v %s || true" .uid .gid .volumePath }} +- name: volume-mount-hack + image: {{ .root.Values.global.busybox | default "busybox:stable" }} + command: [ + "sh", + "-c", + "{{ $permCmd }}" + ] + volumeMounts: + - name: {{ .volumeName | quote}} + mountPath: {{ .volumePath | quote }} +{{- end }} + + +{{/* +A kludge to ensure mounted storage (e.g. for nfs, minikube or docker for desktop) has correct permissions for PV +NB: uid=10000 and gid=10001 are the uid/gid of the hpcc user, built into platform-core +*/}} +{{- define "hpcc.changePlaneMountPerms" -}} +{{- $user := (.root.Values.global.user | default dict) -}} +{{- $root := .root -}} +{{- $uid := $user.uid | default 10000 -}} +{{- $gid := $user.gid | default 10001 -}} +{{- $storage := (.root.Values.storage | default dict) -}} +{{- $planes := ($storage.planes | default list) -}} +{{- $includeCategories := .includeCategories | default list -}} +{{- $includeNames := .includeNames | default list -}} +{{- $component := .me -}} +{{- range $plane := $planes -}} + {{- if not $plane.disabled -}} + {{- if and ($plane.forcePermissions) (or ($plane.pvc) (hasKey $plane "storageClass")) -}} + {{- $mountpath := $plane.prefix -}} + {{- $componentMatches := or (not (hasKey $plane "components")) (has $component.name $plane.components) -}} + {{- if and (or (has $plane.category $includeCategories) (has $plane.name $includeNames)) $componentMatches }} + {{- $volumeName := (printf "%s-pv" $plane.name) -}} + {{- include "hpcc.changeMountPerms" (dict "root" $root "uid" $uid "gid" $gid "volumeName" $volumeName "volumePath" $plane.prefix) | nindent 0 }} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Container to watch for a file on a shared mount and execute a command +Pass in dict with me and command +NB: an alternative to sleep loop would be to install and make use of inotifywait +*/}} +{{- define "hpcc.addWaitAndRunContainer" -}} +- name: wait-and-run + image: {{ .root.Values.global.busybox | default "busybox:stable" }} + command: + - sh + - "-c" + - | + /bin/sh <<'EOSCRIPT' + set -e + while true; do + if [ -f /wait-and-run/{{ .me.name }}.jobdone ]; then break; fi + echo waiting for /wait-and-run/{{ .me.name }}.jobdone + sleep 5 + done + echo "Running: {{ .command }}" + if {{ .command }}; then + echo "Command succeeded" + fi + EOSCRIPT + volumeMounts: + - name: wait-and-run + mountPath: "/wait-and-run" +{{- end }} + +{{/* +Add wait-and-run shared inter container mount +*/}} +{{- define "hpcc.addWaitAndRunVolumeMount" -}} +- name: wait-and-run + mountPath: "/wait-and-run" +{{- end }} + +{{/* +Add wait-and-run shared inter container volume +*/}} +{{- define "hpcc.addWaitAndRunVolume" -}} +- name: wait-and-run + emptyDir: {} +{{- end }} + +{{/* +Add any bundles +*/}} +{{- define "hpcc.addBundles" -}} +{{- $in := . -}} +{{- range .root.Values.bundles }} +- name: add-bundle-{{ .name | lower }} +{{ include "hpcc.addImageAttrs" $in | indent 2 }} + command: [ + "ecl-bundle", + "install", + "--remote", + "{{ .name }}" + ] + volumeMounts: + - name: "hpccbundles" + mountPath: "/home/hpcc/.HPCCSystems" +{{- end }} +{{- end }} + + +{{/* +Add security context +Pass in a dictionary with root and me defined +*/}} +{{- define "hpcc.addSecurityContext" }} +{{- $user := (.root.Values.global.user | default dict) }} +securityContext: +{{- if .root.Values.global.privileged }} + privileged: true + capabilities: + add: + - SYS_PTRACE + readOnlyRootFilesystem: false +{{- else }} + capabilities: + drop: + - ALL + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true +{{- end }} + runAsNonRoot: true + runAsUser: {{ $user.uid | default 10000 }} + runAsGroup: {{ $user.gid | default 10001 }} +{{ end -}} + +{{/* +Generate instance queue names +*/}} +{{- define "hpcc.generateConfigMapQueues" -}} +{{- range $.Values.eclagent -}} + {{- if not .disabled -}} +- name: {{ .name }} + type: {{ .type | default "hthor" }} + {{- if hasKey . "prefix" }} + prefix: {{ .prefix }} + {{- end }} + {{- end }} +{{ end -}} +{{- range $.Values.roxie -}} + {{- if not .disabled -}} +- name: {{ .name }} + type: roxie + {{- if hasKey . "prefix" }} + prefix: {{ .prefix }} + {{- end }} + queriesOnly: true + ldapUser: {{ .ldapUser }} + dataPlane: {{ .dataPlane | default (include "hpcc.getDefaultDataPlane" $) }} + {{- if hasKey . "directAccessPlanes" }} + directAccessPlanes: {{ .directAccessPlanes }} + {{- end }} + {{- end }} +{{ end -}} +{{- range $.Values.thor -}} + {{- if not .disabled -}} +- name: {{ .name }} + type: thor + {{- if hasKey . "prefix" }} + prefix: {{ .prefix }} + {{- end }} + width: {{ mul (.numWorkers | default 1) ( .channelsPerWorker | default 1) }} + {{- end }} +{{ end -}} +{{- end -}} + +{{- define "hpcc.usesRemoteClientCertificates" -}} + {{- if (hasKey . "remoteClients") -}}{{- if (.remoteClients) -}} true {{- end -}}{{- end -}} +{{- end -}} + +{{/* +Generate service entries for TLS +*/}} +{{- define "hpcc.addTLSServiceEntries" -}} + {{- $externalService := (ne ( include "hpcc.isVisibilityPublic" (dict "root" .root "visibility" .visibility)) "") }} + public: {{ $externalService | ternary "true" "false" }} + {{- if (hasKey .service "tls") }} + tls: {{ .service.tls }} + {{- else -}} + {{- if and ($externalService) (hasKey .component "certificate") }} + tls: true + {{- else }} + {{- $externalIssuerKeyName := ternary "remote" "public" (eq "true" ( include "hpcc.usesRemoteClientCertificates" . )) -}} + {{- $issuerKeyName := ternary $externalIssuerKeyName "local" $externalService }} + {{- $certificates := (.root.Values.certificates | default dict) -}} + {{- if not $certificates.enabled }} + tls: false + {{- else -}} + {{- $issuers := ($certificates.issuers | default dict) -}} + {{- $issuer := get $issuers $issuerKeyName -}} + {{- if not $issuer }} + tls: false + {{- else -}} + {{- $issuerSpec := ($issuer.spec | default dict) }} + tls: {{ (hasKey $issuer "enabled" | ternary $issuer.enabled true) }} + issuer: {{ $issuerKeyName }} + selfSigned: {{ (hasKey $issuerSpec "selfSigned") }} + caCert: {{ (not (hasKey $issuerSpec "selfSigned")) }} + {{- end -}} + {{- end -}} + {{- end }} + {{- end }} +{{- end }} + + +{{/* +Generate list of available services +*/}} +{{- define "hpcc.generateConfigMapServices" -}} +{{- range $roxie := $.Values.roxie -}} + {{- if not $roxie.disabled -}} + {{- range $service := $roxie.services -}} + {{- if ne (int $service.servicePort) 0 -}} +- name: {{ $service.name }} + class: roxie + type: roxie + port: {{ $service.servicePort }} + target: {{ $roxie.name }} + {{- include "hpcc.addTLSServiceEntries" (dict "root" $ "service" $service "component" $roxie "visibility" $service.visibility) }} +{{ end -}} + {{- end }} + {{- end -}} +{{- end -}} +{{- range $esp := $.Values.esp -}} +- name: {{ $esp.name }} + class: esp + type: {{ $esp.application }} + port: {{ $esp.service.servicePort }} + {{- if (eq "ldap" $esp.auth) }} + {{- if $esp.ldap.resourcesBasedn }} + resourcesBasedn: {{ $esp.ldap.resourcesBasedn }} + {{ end -}} + {{- if $esp.ldap.workunitsBasedn }} + workunitsBasedn: {{ $esp.ldap.workunitsBasedn }} + {{ end -}} + {{ end -}} + {{- include "hpcc.addTLSServiceEntries" (dict "root" $ "service" $esp "component" $esp "visibility" $esp.service.visibility "remoteClients" $esp.remoteClients) }} +{{ end -}} +{{- range $dali := $.Values.dali -}} +{{- $daliSashaServicesCtx := dict "services" ($dali.services | default dict) -}} +{{- include "hpcc.getSashaServices" $daliSashaServicesCtx -}} +{{- range $sashaName, $_sasha := $daliSashaServicesCtx.services -}} +{{- $sasha := ($_sasha | default dict) -}} +{{- if (hasKey $sasha "service") -}} +{{- if $sasha.service.servicePort -}} +- name: {{ printf "sasha-%s" $sashaName }} + class: sasha + type: {{ $sashaName }} + port: {{ $sasha.service.servicePort }} +{{ end -}} +{{ end -}} +{{ end -}} +{{ end -}} +{{- $sashaServicesCtx := dict "services" ($.Values.sasha | default dict) -}} +{{- include "hpcc.getSashaServices" $sashaServicesCtx -}} +{{- range $sashaName, $_sasha := $sashaServicesCtx.services -}} +{{- $sasha := ($_sasha | default dict) -}} +{{- if (hasKey $sasha "service") -}} +{{- if $sasha.service.servicePort -}} +- name: {{ printf "sasha-%s" $sashaName }} + class: sasha + type: {{ $sashaName }} + port: {{ $sasha.service.servicePort }} +{{ end -}} +{{ end -}} +{{ end -}} +{{- range $dafilesrv := $.Values.dafilesrv -}} + {{- if not .disabled }} +- name: {{ .name }} + class: dafilesrv + type: {{ .application | default "stream" }} + port: {{ .service.servicePort | default 7600 }} + public: {{ (ne ( include "hpcc.isVisibilityPublic" (dict "root" $ "visibility" .service.visibility)) "") | ternary "true" "false" }} + {{- include "hpcc.addTLSServiceEntries" (dict "root" $ "service" $dafilesrv.service "component" $dafilesrv "visibility" $dafilesrv.service.visibility) }} + {{ end -}} +{{ end -}} +{{- end -}} + +{{/* +Add resource object +Pass in a dictionary with me defined +*/}} +{{- define "hpcc.addResources" }} +{{- if .me }} +resources: + limits: +{{ toYaml .me | indent 4 }} +{{- end }} +{{- end -}} + +{{/* +Add resources object for stub pods +Pass in dict with root, me and instances defined +*/}} +{{- define "hpcc.addStubResources" -}} +{{- $stubInstanceResources := .root.Values.global.stubInstanceResources | default dict -}} +{{- $milliCPUPerInstance := $stubInstanceResources.cpu | default "50m" -}} +{{- $memPerInstance := $stubInstanceResources.memory | default "200Mi" -}} +{{- $milliCPUs := int (include "hpcc.k8sCPUStringToMilliCPU" $milliCPUPerInstance) -}} +{{- $bytes := int64 (include "hpcc.k8sMemoryStringToBytes" $memPerInstance) -}} +{{- $totalBytes := mul .instances $bytes }} +resources: + limits: + cpu: {{ printf "%dm" (mul .instances $milliCPUs) | quote }} + memory: {{ include "hpcc.bytesToK8sMemoryString" $totalBytes | quote }} +{{- end -}} + +{{/* +Generate vault info +*/}} +{{- define "hpcc.generateEclccSecurity" -}} +{{- with .Values.security -}} +{{- if not (empty .eclSecurity) -}} +{{- toYaml (deepCopy .) }} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Sasha configmap +Pass in dict with root, me and secretsCategories +*/}} +{{- define "hpcc.sashaConfigMap" -}} +{{- $configMapName := printf "sasha-%s" .me.name -}} +apiVersion: v1 +metadata: + name: {{ printf "%s-configmap" $configMapName }} +data: + {{ $configMapName }}.yaml: + version: 1.0 + sasha: +{{ toYaml (omit .me "logging") | indent 6 }} +{{- include "hpcc.generateLoggingConfig" . | indent 6 }} +{{ include "hpcc.generateVaultConfig" . | indent 6 }} +{{- if hasKey .me "plane" }} + {{- $sashaStoragePlane := .me.plane | default (include "hpcc.getFirstPlaneForCategory" (dict "root" .root "category" "sasha")) }} + {{- $_ := set .me "plane" $sashaStoragePlane }} + storagePath: {{ include "hpcc.getPlanePrefix" (dict "root" .root "planeName" $sashaStoragePlane) }} +{{- end }} + global: +{{ include "hpcc.generateGlobalConfigMap" .root | indent 6 }} +{{- end -}} + +{{/* +A template to generate Sasha service containers +Pass in dict with root, me and dali if container in dali pod +*/}} +{{- define "hpcc.addSashaContainer" }} +{{- $serviceName := printf "sasha-%s" .me.name }} +{{- $overrideDaliHost := .overrideDaliHost | default "" }} +{{- $overrideDaliPort := .overrideDaliPort | default 0 }} +- name: {{ $serviceName | quote }} + workingDir: /var/lib/HPCCSystems + command: [ saserver ] + args: [ +{{- with (dict "name" $serviceName) }} + {{ include "hpcc.configArg" . }}, +{{- end }} + "--service={{ .me.name }}", +{{ include "hpcc.daliArg" (dict "root" .root "component" "Sasha" "optional" false "overrideDaliHost" $overrideDaliHost "overrideDaliPort" $overrideDaliPort) | indent 10 }} + ] +{{- include "hpcc.addResources" (dict "me" .me.resources) | indent 2 }} +{{- include "hpcc.addSecurityContext" . | indent 2 }} + env: + - name: "SENTINEL" + value: "/tmp/{{ $serviceName }}.sentinel" +{{- with (dict "name" $serviceName) }} +{{ include "hpcc.addSentinelProbes" . | indent 2 }} +{{- end }} +{{ include "hpcc.addImageAttrs" (dict "root" .root "me" (.dali | default .me)) | indent 2 }} +{{- end -}} + + +{{/* +A template to translate dali access types into required planes +Pass in dict with access +*/}} +{{- define "hpcc.getSashaPlanesFromAccess" }} +{{- $tmpCtx := dict "planeTypes" (list "debug") -}} +{{- if has "dalidata" .access -}} + {{- $_ := set $tmpCtx "planeTypes" (append $tmpCtx.planeTypes "dali" ) -}} +{{- end }} +{{- if has "data" .access }} + {{- $_ := set $tmpCtx "planeTypes" (append $tmpCtx.planeTypes "data" ) -}} +{{- end }} +{{- if has "dll" .access }} + {{- $_ := set $tmpCtx "planeTypes" (append $tmpCtx.planeTypes "dll" ) -}} +{{- end -}} +{{- join " " $tmpCtx.planeTypes -}} +{{- end }} + + +{{/* +A template to generate the type of a service based on the visibility setting +Pass in dict with .root, .visibility defined +*/}} +{{- define "hpcc.isVisibilityPublic" }} +{{- if and (hasKey . "visibility") .visibility -}} + {{- if hasKey .root.Values.global "visibilities" -}} + {{- if hasKey .root.Values.global.visibilities .visibility -}} + {{- $globalServiceInfo := get .root.Values.global.visibilities .visibility -}} + {{- if (not (eq $globalServiceInfo.type "ClusterIP")) -}} + true + {{- end -}} + {{- else -}} + {{- required (printf "Specified service visibility %s not found in global visibilities section" .visibility) nil -}} + {{- end -}} + {{- else -}} + {{- required "global visibilities section not found" nil -}} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +A template to generate a service +Pass in dict with .root, .name, .service, .defaultPort, .selector defined +*/}} +{{- define "hpcc.addService" }} +{{- $lvars := dict "type" "ClusterIP" "labels" dict "annotations" dict "ingress" list "serviceName" .name -}} +{{- if hasKey . "service" -}} + {{- if hasKey .service "name" -}}{{- $_ := set $lvars "servicename" .service.name -}}{{- end -}} + {{- if hasKey .service "labels" -}}{{- $_ := set $lvars "labels" (merge $lvars.labels .service.labels) -}}{{- end -}} + {{- if hasKey .service "annotations" -}}{{- $_ := set $lvars "annotations" (merge $lvars.annotations .service.annotations) -}}{{- end -}} + {{- if hasKey .service "visibility" -}} + {{- if hasKey .root.Values.global "visibilities" -}} + {{- if hasKey .root.Values.global.visibilities .service.visibility -}} + {{- $globalServiceInfo := get .root.Values.global.visibilities .service.visibility -}} + {{- if hasKey $globalServiceInfo "labels" -}}{{- $_ := set $lvars "labels" (merge $lvars.labels $globalServiceInfo.labels) -}}{{- end -}} + {{- if hasKey $globalServiceInfo "annotations" -}}{{- $_ := set $lvars "annotations" (merge $lvars.annotations $globalServiceInfo.annotations) -}}{{- end -}} + {{- if hasKey $globalServiceInfo "ingress" -}}{{- $_ := set $lvars "ingress" $globalServiceInfo.ingress -}}{{- end -}} + {{- if hasKey $globalServiceInfo "loadBalancerSourceRanges" -}}{{- $_ := set $lvars "loadBalancerSourceRanges" $globalServiceInfo.loadBalancerSourceRanges -}}{{- end -}} + {{- $_ := set $lvars "type" $globalServiceInfo.type -}} + {{- else -}} + {{- required (printf "Specified service visibility %s not found in global visibilities section" .service.visibility) nil -}} + {{- end -}} + {{- else -}} + {{- required "global visibilities section not found" nil -}} + {{- end -}} + {{- end -}} + {{- if hasKey .service "ingress" -}}{{- $_ := set $lvars "ingress" .service.ingress -}}{{- end -}} + {{- if hasKey .service "loadBalancerSourceRanges" -}}{{- $_ := set $lvars "loadBalancerSourceRanges" .service.loadBalancerSourceRanges -}}{{- end -}} +{{- end }} +apiVersion: v1 +kind: Service +metadata: + name: {{ $lvars.serviceName | quote }} + labels: + helmVersion: 9.0.2-rc2 + {{- include "hpcc.addStandardLabels" (dict "root" $.root "instance" $lvars.serviceName ) | indent 4 }} +{{- if $lvars.labels }} +{{ toYaml $lvars.labels | indent 4 }} +{{- end }} +{{- if $lvars.annotations }} + annotations: +{{ toYaml $lvars.annotations | indent 4 }} +{{- end }} +spec: + ports: + - port: {{ required "servicePort must be specified" .service.servicePort }} + protocol: TCP + targetPort: {{ .service.port | default .defaultPort }} + selector: + server: {{ .selector | quote }} + type: {{ $lvars.type }} +{{- if $lvars.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- if ne $lvars.type "LoadBalancer" -}} + {{- $_ := fail (printf "loadBalanceSourceRanges invalid unless service type is LoadBalancer" ) -}} + {{- end -}} + {{- range $cidr := $lvars.loadBalancerSourceRanges }} + - {{ $cidr }} + {{- end }} +{{ end }} +{{- if $lvars.ingress }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ $lvars.serviceName | quote }} +spec: + podSelector: + matchLabels: + server: {{ .selector | quote }} + ingress: +{{ toYaml $lvars.ingress | indent 2 }} +{{- end -}} +{{- end -}} + +{{/* +Generate prometheusMetricsReporter label if metrics.sinks[type=prometheus]. +Ranges over metric sinks map +Pass in dict with sinks +*/}} +{{- define "hpcc.generateMetricsReporterLabel" }} + {{ range $sink := .sinks -}} + {{- if eq (get $sink "type") "prometheus" }} + {{- if and (hasKey $sink "settings") ( hasKey $sink.settings "autodiscovery") }} + {{- if (eq $sink.settings.autodiscovery true ) }} +prometheusMetricsReporter: "yes" + {{ end }} + {{ end }} + {{ end }} + {{ end }} +{{- end -}} + +{{/* +Return access permssions for a given service +*/}} +{{- define "hpcc.getSashaServiceAccess" }} +{{- if (eq "coalescer" .name) -}} +dalidata +{{- else if (eq "wu-archiver" .name) -}} +dali data dll +{{- else if (eq "dfuwu-archiver" .name) -}} +dali +{{- else if (eq "dfurecovery-archiver" .name) -}} +dali +{{- else if (eq "file-expiry" .name) -}} +dali data +{{- else -}} +{{- $_ := fail (printf "Unknown sasha service:" .name ) -}} +{{- end -}} +{{- end -}} + +{{/* +A template to generate the standard app.kubernetes.io labels and standard HPCC labels + +Pass in root, name, component, instance +root name(k8s application name) component(component within the application, can be same as app) instance + +https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/ +----------------------------+-------------------------------------------------------------+---------- +| Label | Description | Example | +----------------------------+-------------------------------------------------------------+---------- +app.kubernetes.io/name The name of the application mysql +app.kubernetes.io/component The component within the architecture database +app.kubernetes.io/instance A unique name identifying the instance of an application mysql-abcxzy +app.kubernetes.io/version The current version of the application 5.7.21 +app.kubernetes.io/part-of The name of a higher level application this one is part of wordpress +app.kubernetes.io/managed-by The tool being used to manage the operation of an application helm +app.kubernetes.io/created-by The controller/user who created this resource controller-manager +helm.sh/chart This should be the chart name and version +----------------------------+-------------------------------------------------------------+---------- +| HPCC Label | Description | Example | +----------------------------+-------------------------------------------------------------+---------- +instanceOf The instance type, by default = app.kubernetes.io/instance hthor-job +*/}} +{{- define "hpcc.addStandardLabels" }} +{{- $instanceOf := .instanceOf | default .instance }} +app.kubernetes.io/part-of: HPCC-Platform +{{- if .name }} +app.kubernetes.io/name: {{ .name }} +{{- end }} +{{- if .component }} +app.kubernetes.io/component: {{ .component }} +{{- end }} +{{- if .instance }} +app.kubernetes.io/instance: {{ .instance }} +{{- end }} +{{- if .root }} + {{- if hasKey .root "Release" }} +app.kubernetes.io/managed-by: {{ .root.Release.Service }} + {{- end }} + {{- if hasKey .root "Chart" }} + {{- if .root.Chart.Version }} +app.kubernetes.io/version: {{ .root.Chart.Version }} + {{- if .root.Chart.Name }} +helm.sh/chart: {{ .root.Chart.Name }}-{{ .root.Chart.Version | replace "+" "_" }} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +instanceOf: {{ $instanceOf }} +{{- end }} + +{{/* +A template to generate a PVC +Pass in dict with root, me, name, and optional path +*/}} +{{- define "hpcc.addPVC" }} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: {{ printf "%s-%s" (include "hpcc.fullname" .) .name }} + labels: + {{- include "hpcc.addStandardLabels" (dict "root" $.root "instance" .name "component" "storage") | indent 4 }} +spec: + accessModes: + - {{ .mode | default .me.storageMode | default "ReadWriteMany" }} + resources: + requests: + storage: {{ .me.storageSize }} +{{- if .me.storageClass }} +{{- if (eq "-" .me.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .me.storageClass }}" +{{- end }} +{{- end }} +--- +{{- end -}} + +{{/* +A template to generate PVCs for each storage plane that has storageSize defined and has the appropriate category +Pass in dict with root, category. optional name to restrict it to a single name. +*/}} +{{- define "hpcc.addPVCsFromPlanes" }} +{{- $storage := (.Values.storage | default dict) }} +{{- $planes := ($storage.planes | default list) -}} +{{- $previousMounts := dict -}} +{{- range $plane := $planes -}} + {{- if not $plane.disabled -}} + {{- if (hasKey $plane "storageClass") -}} + {{- if not (hasKey $previousMounts $plane.prefix) -}} + {{- $pvcname := (printf "%s-pvc" $plane.name) -}} + {{- include "hpcc.addPVC" (dict "root" $ "name" $pvcname "me" $plane) }} + {{- $_ := set $previousMounts $plane.prefix true -}} + {{- end }} + {{- end }} + {{- end }} +{{- end }} +{{- end -}} + +{{/* +Create placement related settings +Pass in dict with me for current placements and dict with new for the new placements +*/}} +{{- define "hpcc.mergePlacementSetting" -}} +{{- if .me.placement.nodeSelector }} + {{- $_ := set .new "nodeSelector" (mergeOverwrite (.new.nodeSelector | default dict ) .me.placement.nodeSelector) }} +{{- end -}} +{{- if .me.placement.tolerations }} + {{- $_ := set .new "tolerations" (concat (.new.tolerations | default list ) .me.placement.tolerations) }} +{{- end -}} +{{- if .me.placement.affinity }} + {{- $_ := set .new "affinity" .me.placement.affinity }} +{{- end -}} +{{- if .me.placement.schedulerName }} + {{- $_ := set .new "schedulerName" .me.placement.schedulerName }} +{{- end -}} +{{- if .me.placement.topologySpreadConstraints }} + {{- $_ := set .new "topologySpreadConstraints" (concat (.new.topologySpreadConstraints | default list ) .me.placement.topologySpreadConstraints) }} +{{- end -}} +{{- end -}} + +{{/* +Add placement related settings +Pass in dict with me, that contains all placements for this entity. +*/}} +{{- define "hpcc.doPlacement" -}} +{{- if len .me }} +{{ toYaml .me }} +{{- end -}} +{{- end -}} + +{{/* +Check if there is any placement configuration +Pass in dict with root, job, target and type +*/}} +{{- define "hpcc.placementsByJobTargetType" -}} +{{- if .root.Values.placements }} + {{- $job := .job -}} + {{- $target := (printf "target:%s" .target | default "") -}} + {{- $type := printf "type:%s" .type -}} + {{- $categories := list "all" $type $target -}} + {{- $placementsDict := dict -}} + {{- $placements := .root.Values.placements -}} + {{- range $category := $categories -}} + {{- range $placement := $placements -}} + {{- if or (has $category $placement.pods) -}} + {{ include "hpcc.mergePlacementSetting" (dict "me" $placement "new" $placementsDict) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{- range $placement := .root.Values.placements -}} + {{- range $jobPattern := $placement.pods -}} + {{- if mustRegexMatch $jobPattern $job -}} + {{ include "hpcc.mergePlacementSetting" (dict "me" $placement "new" $placementsDict) -}} + {{- end -}} + {{- end -}} + {{- end -}} + {{ include "hpcc.doPlacement" (dict "me" $placementsDict) -}} +{{- end -}} +{{- end -}} + +{{/* +Check if there is any placement configuration +Pass in dict with root, pod, target and type +*/}} +{{- define "hpcc.placementsByPodTargetType" -}} +{{- if .root.Values.placements }} + {{- $pod := .pod -}} + {{- $target := (printf "target:%s" .target | default "") -}} + {{- $type := printf "type:%s" .type -}} + {{- $categories := list "all" $type $target $pod -}} + {{- $placementsDict := dict -}} + {{- $placements := .root.Values.placements -}} + {{- range $category := $categories -}} + {{- range $placement := $placements -}} + {{- if or (has $category $placement.pods) -}} + {{ include "hpcc.mergePlacementSetting" (dict "me" $placement "new" $placementsDict) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{ include "hpcc.doPlacement" (dict "me" $placementsDict) -}} +{{- end -}} +{{- end -}} + +{{/* +Generate lifecycle, command and args +Pass in root, me and command +*/}} +{{- define "hpcc.addCommandAndLifecycle" -}} +{{- $misc := .root.Values.global.misc | default dict }} +{{- $postJobCommand := $misc.postJobCommand | default "" }} +lifecycle: + preStop: + exec: + command: + - "/bin/bash" + - "-c" + - >- + k8s_postjob_clearup.sh +{{- if and (not $misc.postJobCommandViaSidecar) $postJobCommand }} ; + {{ $postJobCommand }} +{{- end }} +command: ["/bin/bash"] +args: +- -c +{{- $check_cmd := dict "command" .command}} +{{- if (include "hpcc.hasPlaneForCategory" (dict "root" .root "category" "debug")) -}} + {{- $debugPlane := .me.debugPlane | default (include "hpcc.getFirstPlaneForCategory" (dict "root" .root "category" "debug")) -}} + {{- include "hpcc.checkPlaneExists" (dict "root" .root "planeName" $debugPlane) -}} + {{- $prefix := include "hpcc.getPlanePrefix" (dict "root" .root "planeName" $debugPlane) -}} + {{- $_ := set $check_cmd "command" (printf "check_executes -d %s -- %s" $prefix .command) -}} +{{- end }} +- >- + {{ $check_cmd.command }}; + k8s_postjob_clearup.sh; +{{- if $misc.postJobCommandViaSidecar -}} ; + touch /wait-and-run/{{ .me.name }}.jobdone +{{- else if $postJobCommand -}} ; + {{ $postJobCommand }} +{{- end }} +{{- end -}} + +{{/* +Use cert-manager to create a public certificate and private key for use with TLS +There are separate certificate issuers for local and public certificates +by default public certificates are self-signed and local certificates are signed +by our own certificate authority. A CA certificate is also provided to the pod +so that we can recognize the signature of our own CA. +NB: if optional 'issuer' passed in use it, otherwise base on visibility and +use "public" or "local" +*/}} +{{- define "hpcc.addCertificate" }} + {{- if (.root.Values.certificates | default dict).enabled -}} + {{- $externalCert := or (and (hasKey . "external") .external) (ne (include "hpcc.isVisibilityPublic" .) "") -}} + {{- $externalIssuerKeyName := ternary "remote" "public" (eq "true" ( include "hpcc.usesRemoteClientCertificates" . )) -}} + {{- $issuerKeyName := .issuerKeyName | default (ternary $externalIssuerKeyName "local" $externalCert) -}} + {{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" $issuerKeyName)) "true" -}} + {{- $issuer := get .root.Values.certificates.issuers $issuerKeyName -}} + {{- if $issuer -}} + {{- $namespace := .root.Release.Namespace -}} + {{- $clientUsage := (hasKey $issuer "clientUsage" | ternary $issuer.clientUsage (ne "public" $issuerKeyName)) -}} + {{- $spiffe := (hasKey $issuer "spiffe" | ternary $issuer.spiffe (ne "public" $issuerKeyName)) }} + {{- $service := (.service | default dict) -}} + {{- $wildcard := (hasKey $issuer "wildcard" | ternary $issuer.wildcard false) -}} + {{- /* Having a service specific domain overrules wildcard. We can consider wildcard at the service level later */ -}} + {{- if and $wildcard (not $service.domain) -}} + {{- /* Issuer wildcard certifiacte should already be generated */ -}} + {{- if ne $issuerKeyName "public" -}} + {{- $_ := fail (printf "Issuer %s - wildcard currently only supported for public issuer." $issuerKeyName) -}} + {{- end -}} + {{- if not $issuer.domain -}} + {{- $_ := fail (printf "Issuer %s - setting wildcard requires configuring a domain." $issuerKeyName) -}} + {{- end }} + {{- if $spiffe -}} + {{- $_ := fail (printf "Issuer %s - setting wildcard not supported with spiffe setting enabled." $issuerKeyName) -}} + {{- end }} + {{- if $clientUsage -}} + {{- $_ := fail (printf "Issuer %s - setting wildcard not supported with clientUsage setting enabled." $issuerKeyName) -}} + {{- end }} + {{- else -}} + {{- $domain := ( $service.domain | default $issuer.domain | default $namespace | default "default" ) -}} + {{- $name := .name -}} + # spiffe and clientUsage default is off for public issuer to simplify use of letsencrypt, etc. +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .component }}-{{ $issuerKeyName }}-{{ $name }}-cert + namespace: {{ $namespace }} +spec: + # Secret names are always required. + secretName: {{ .component }}-{{ $issuerKeyName }}-{{ $name }}-tls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - HPCC Systems + commonName: {{ (trunc 64 (printf "%s.%s" $name $domain)) | quote }} + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - server auth + {{- if $clientUsage }} + - client auth + {{- end }} + dnsNames: + {{- /* if servicename is passed we simply create a service entry of that name */ -}} + {{- if .servicename }} + - {{ .servicename }}.{{ $domain }} + {{- /* if service parameter is passed in we are using the component config as a service config entry */ -}} + {{- else if .service -}} + {{- $public := and (hasKey .service "visibility") (not (eq .service.visibility "cluster")) -}} + {{- if eq $public $externalCert }} + - {{ $name }}.{{ $domain }} + {{- end }} + {{- /* if services parameter is passed the component has an array of services to configure */ -}} + {{- else if .services -}} + {{- range $service := .services }} + {{- $external := and (hasKey $service "external") $service.external -}} + {{- if eq $external $externalCert }} + - {{ $service.name }}.{{ $domain }} + {{- end }} + {{- end }} + {{- else if not $externalCert }} + - "{{ $name }}.{{ $domain }}" + {{- end }} + {{- if $spiffe }} + uris: + - spiffe://hpcc.{{ $domain }}/{{ .component }}/{{ $name }} + {{- end }} + # Issuer references are always required. + issuerRef: + name: {{ $issuer.name }} + # We can reference ClusterIssuers by changing the kind here. + kind: {{ $issuer.kind }} + group: cert-manager.io +--- + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Builds the commonName for a client certificate. Used in creation of both certificate and access control list. + Pass in root, client (name), instance (myeclwatch), component (eclwatch), visibility, external (bool, optional) +*/}} +{{- define "hpcc.getClientCommonName" -}} + {{- if (.root.Values.certificates | default dict).enabled -}} + {{- $externalCert := or (and (hasKey . "external") .external) (ne (include "hpcc.isVisibilityPublic" .) "") -}} + {{- $issuerKeyName := .issuerKeyName | default (ternary "remote" "local" $externalCert) -}} + {{- if ne (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" $issuerKeyName)) "true" -}} + {{- $_ := fail (printf "Issuer '%s' for client certificates not enabled." $issuerKeyName) -}} + {{- else -}} + {{- $issuer := get .root.Values.certificates.issuers $issuerKeyName -}} + {{- if not $issuer -}} + {{- $_ := fail (printf "Issuer '%s' for client certificates not found." $issuerKeyName) -}} + {{- else -}} + {{- $namespace := .root.Release.Namespace -}} + {{- $service := (.service | default dict) -}} + {{- $domain := ( $service.domain | default $issuer.domain | default $namespace | default "default" ) -}} + {{- (trunc 64 (printf "%s@%s.%s" .client .instance $domain)) -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Turns an array of remoteClients into a | delimited string to be used for the trusted_peers element of SecureSocket settings. + Pass in root, remoteClients, instance (myeclwatch), component (eclwatch), visibility +*/}} +{{- define "hpcc.getTrustedPeerString" -}} + {{- if not (hasKey . "remoteClients") -}} + anyone + {{- else -}} + {{/* Turn remoteClients array into one single array element which is a | delimited string */}} + {{- $instance := .instance -}} + {{- $component := .component -}} + {{- $visibility := .visibility -}} + {{- $root := .root -}} + {{- range $remoteClient := .remoteClients -}} + {{- include "hpcc.getClientCommonName" (dict "root" $root "client" $remoteClient.name "instance" $instance "component" $component "visibility" $visibility "issuerKeyName" "remote") -}}| + {{- end -}} + {{- end -}} +{{- end }} + +{{/* +Use cert-manager to create a public certificate and private key for use as +remote client certificates. +Adding the following to ESP (Roxie support to be added later) + remoteClients: + - name: myRemoteClient + organization: myorg #optional + secretTemplate: #optional add annotations to generated secret for tools like kubed config-syncer + annotations: + kubed.appscode.com/sync: "hpcc=testns" #sync certificate to matching namespaces + +Will generate certificates that can be deployed to the remote client. +Will cause ESP to require client certificates when a socket connects. +Will create a TLS based access control list which ESP will check to make sure a connections client certificate is enabled. + +Pass in root, client (name), organization (optional), instance (myeclwatch), component (eclwatch), visibility, secretTemplate (optional) +*/}} +{{- define "hpcc.addClientCertificate" }} + {{- if (.root.Values.certificates | default dict).enabled -}} + {{- $externalCert := or (and (hasKey . "external") .external) (ne (include "hpcc.isVisibilityPublic" .) "") -}} + {{- $issuerKeyName := .issuerKeyName | default (ternary "remote" "local" $externalCert) -}} + {{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" $issuerKeyName)) "true" -}} + {{- $issuer := get .root.Values.certificates.issuers $issuerKeyName -}} + {{- if not $issuer -}} + {{- $_ := fail (printf "Issuer %s for client certificates not found." $issuerKeyName) -}} + {{- else -}} + {{- if not $issuer.enabled -}} + {{- $_ := fail (printf "Issuer %s for client certificates not enabled." $issuerKeyName) -}} + {{- end }} + {{- $namespace := .root.Release.Namespace -}} + {{- $service := (.service | default dict) -}} + {{- $domain := ( $service.domain | default $issuer.domain | default $namespace | default "default" ) -}} + {{- $instance := .instance -}} + {{- $component := .component -}} + {{- $client := .client -}} + {{- $organization := .organization -}} + {{- $secretTemplate := .secretTemplate -}} + {{- if not $externalCert -}} + {{- $_ := fail (printf "Remote certificate defined for non external facing service %s - %s." $component $instance) -}} + {{- end }} + +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: client-{{ $issuerKeyName }}-{{ $component }}-{{ $instance }}-{{ $client }}-cert + namespace: {{ $namespace }} +spec: + # Secret names are always required. + secretName: client-{{ $issuerKeyName }}-{{ $component }}-{{ $instance }}-{{ $client }}-tls + {{- if $secretTemplate }} + secretTemplate: +{{ toYaml $secretTemplate | indent 4 }} + {{- end }} + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + {{- if $organization }} + - {{ $organization }} + {{- else }} + - HPCC Client + {{- end }} + commonName: {{ (include "hpcc.getClientCommonName" .) | quote }} + isCA: false + privateKey: + algorithm: RSA + encoding: PKCS1 + size: 2048 + usages: + - client auth + uris: + - spiffe://hpcc-client.{{ $client }}/{{ $domain }}/{{ $component }}/{{ $instance }} + issuerRef: + name: {{ $issuer.name }} + kind: {{ $issuer.kind }} + group: cert-manager.io +--- + {{- end }} + {{- end }} + {{- end }} +{{- end }} + +{{/* +Experimental: Use certmanager to generate a key for roxie udp encryption. +A public certificate and private key are generated under /opt/HPCCSystems/secrets/certificates/udp. +Current udp encryption design would only use the private key. +Key is in pem format and the private key would need to be extracted. +*/}} +{{- define "hpcc.addUDPCertificate" }} +{{- if (.root.Values.certificates | default dict).enabled -}} +{{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" "local")) "true" -}} +{{- $issuer := .root.Values.certificates.issuers.local -}} +{{- $namespace := .root.Release.Namespace -}} +{{- $name := .name -}} +{{- if $issuer }} +apiVersion: cert-manager.io/v1 +kind: Certificate +metadata: + name: {{ .component }}-udp-{{ $name }}-cert + namespace: {{ $namespace }} +spec: + # Secret names are always required. + secretName: {{ .component }}-udp-{{ $name }}-dtls + duration: 2160h # 90d + renewBefore: 360h # 15d + subject: + organizations: + - HPCC Systems + commonName: {{ $name }}.{{ $namespace }} + isCA: false + privateKey: + algorithm: ECDSA + encoding: PKCS1 + size: 256 + usages: + - server auth + - client auth + # At least one of a DNS Name, URI, or IP address is required. + uris: + - spiffe://hpcc.{{ $namespace }}/{{ .component }}/{{ $name }} + # Issuer references are always required. + issuerRef: + name: {{ $issuer.name }} + # We can reference ClusterIssuers by changing the kind here. + # The default value is Issuer (i.e. a locally namespaced Issuer) + kind: {{ $issuer.kind }} + group: cert-manager.io +--- +{{- end }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Add a certficate volume mount for a component +NB: if optional 'issuer' passed in use it, otherwise base on visibility and +use "public" or "local" +*/}} +{{- define "hpcc.addCertificateVolumeMount" -}} + {{- $externalCert := or (and (hasKey . "external") .external) (ne (include "hpcc.isVisibilityPublic" .) "") -}} + {{- $externalIssuerKeyName := ternary "remote" "public" (eq "true" ( include "hpcc.usesRemoteClientCertificates" . )) -}} + {{- $issuerKeyName := .issuerKeyName | default (ternary $externalIssuerKeyName "local" $externalCert) -}} + {{- /* + A .certificate parameter means the user explicitly configured a certificate to use + otherwise check if certificate generation is enabled + */ -}} + {{- if .certificate -}} +- name: certificate-{{ .component }}-{{ $issuerKeyName }}-{{ .name }} + mountPath: /opt/HPCCSystems/secrets/certificates/{{ $issuerKeyName }} + {{- else if (.root.Values.certificates | default dict).enabled -}} + {{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" $issuerKeyName)) "true" -}} + {{- $issuer := get .root.Values.certificates.issuers $issuerKeyName -}} + {{- if not $issuer -}} + {{- $_ := fail (printf "Issuer %s for certificate not found." $issuerKeyName) -}} + {{- else -}} + {{- $wildcard := (hasKey $issuer "wildcard" | ternary $issuer.wildcard false) }} + {{- if $wildcard }} +- name: certificate-{{ $issuerKeyName }}-wild + mountPath: /opt/HPCCSystems/secrets/certificates/{{ $issuerKeyName }} + {{- else }} +- name: certificate-{{ .component }}-{{ $issuerKeyName }}-{{ .name }} + mountPath: /opt/HPCCSystems/secrets/certificates/{{ $issuerKeyName }} + {{- end }} + {{- end }} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Add a secret volume for a certificate +NB: if optional 'issuer' passed in use it, otherwise base on visibility and +use "public" or "local" +*/}} +{{- define "hpcc.addCertificateVolume" -}} + {{- $externalCert := or (and (hasKey . "external") .external) (ne (include "hpcc.isVisibilityPublic" .) "") -}} + {{- $externalIssuerKeyName := ternary "remote" "public" (eq "true" ( include "hpcc.usesRemoteClientCertificates" . )) -}} + {{- $issuerKeyName := .issuerKeyName | default (ternary $externalIssuerKeyName "local" $externalCert) -}} + {{- /* + A .certificate parameter means the user explicitly configured a certificate to use + otherwise check if certificate generation is enabled + */ -}} + {{- if .certificate -}} +- name: certificate-{{ .component }}-{{ $issuerKeyName }}-{{ .name }} + secret: + secretName: {{ .certificate }} + {{- else if (.root.Values.certificates | default dict).enabled -}} + {{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" $issuerKeyName)) "true" -}} + {{- $issuer := get .root.Values.certificates.issuers $issuerKeyName -}} + {{- if not $issuer -}} + {{- $_ := fail (printf "Issuer %s for certificate not found." $issuerKeyName) -}} + {{- else -}} + {{- $wildcard := (hasKey $issuer "wildcard" | ternary $issuer.wildcard false) }} + {{- if $wildcard }} +- name: certificate-{{ $issuerKeyName }}-wild + secret: + secretName: {{ $issuerKeyName }}-wild-tls + {{- else }} +- name: certificate-{{ .component }}-{{ $issuerKeyName }}-{{ .name }} + secret: + secretName: {{ .component }}-{{ $issuerKeyName }}-{{ .name }}-tls + {{- end -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} + +{{/* +Add the certificate volume mount for a roxie udp key +*/}} +{{- define "hpcc.addUDPCertificateVolumeMount" }} +{{- if (.root.Values.certificates | default dict).enabled -}} +{{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" "local")) "true" -}} +- name: certificate-{{ .component }}-udp-{{ .name }} + mountPath: /opt/HPCCSystems/secrets/certificates/udp +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Add a secret volume for a roxie udp key +*/}} +{{- define "hpcc.addUDPCertificateVolume" }} +{{- if (.root.Values.certificates | default dict).enabled -}} +{{- if eq (include "hpcc.isIssuerEnabled" (dict "root" .root "issuerKeyName" "local")) "true" -}} +- name: certificate-{{ .component }}-udp-{{ .name }} + secret: + secretName: {{ .component }}-udp-{{ .name }}-dtls +{{ end -}} +{{- end -}} +{{- end -}} + +{{/* +A template to filter out a set of keys from a generated config yaml. +Used to regenerate a configmap without the exclusions, so that it can be +used to form an SHA as an annotation in a pod. +This means pods only auto-restart if the non-excluded parts change. + +Pass in root, me, configMapHelper, component, excludeSectionRegexList and excludeKeyList +excludeSectionRegexList is a list of regexp's that filter out top-level sections, e.g. [".*spec.yaml$" ] +excludeKeyList is a list of key values to exclude from each section, e.g. [ "global", "esp.services" "esp.queues"] + +The configMap data section is reconstructed based on filtering out matches. + +Used to exclude parts of the config which are always allowed to change without causing a pod restart. +e.g. a cache of secrets, with an auto reload/refresh mechanism, or 'replicas'. +*/}} +{{- define "hpcc.filterConfig" }} +{{- $config := fromYaml (include .configMapHelper .) -}} +{{- $configCtx := dict -}} +{{- $excludeSectionRegexList := .excludeSectionRegexList -}} +{{- $excludeKeyList := .excludeKeyList -}} +{{- range $configElementName, $configElementDict := $config.data -}} + {{- $_ := set $configCtx "excludeSection" false -}} + {{- range $regex := $excludeSectionRegexList -}} + {{- if (regexMatch $regex $configElementName) -}} + {{- $_ := set $configCtx "excludeSection" true -}} + {{- end -}} + {{- end -}} + {{- if not $configCtx.excludeSection -}} + {{- $configDictCtx := dict -}} + {{- range $key := $excludeKeyList -}} + {{- $_ := set $configDictCtx "keyDictStr" (regexReplaceAll "(.*)\\..*$" $key "${1}") -}} + {{- if eq $configDictCtx.keyDictStr $key -}}{{/* single component key, e.g. "global"*/}} + {{- $configElementDict := (unset $configElementDict $key) -}} + {{- else -}}{{/* scopes component key, e.g. "eclccserver.queue"*/}} + {{- $_ := set $configDictCtx "keyKeyStr" (regexReplaceAll ".*\\.(.*)$" $key "${1}") -}} + {{- $subDict := get $configElementDict $configDictCtx.keyDictStr -}} + {{- if $subDict -}} + {{- $_ := set $configElementDict $configDictCtx.keyDictStr (unset $subDict $configDictCtx.keyKeyStr) -}} + {{- end -}} + {{- end -}} + {{- end -}}{{/*range $key*/}} + {{- $configYaml := toYaml $configElementDict -}} + {{- $_ := set $config.data $configElementName $configYaml -}} + {{- else -}} + {{- $configData := (unset $config.data $configElementName) -}} + {{- $_ := set $config "data" $configData -}} + {{- end -}} +{{- end -}}{{/*range $configElementName*/}} +{{ toYaml $config }} +{{- end -}} + +{{/* +A template to generate a component config +Pass in root, me, configMapHelper +*/}} +{{- define "hpcc.generateConfig" }} +{{- $config := fromYaml (include .configMapHelper .) -}} +{{- range $configElementName, $configElementDict := $config.data -}} + {{- $configYaml := toYaml $configElementDict -}} + {{- $_ := set $config.data $configElementName $configYaml -}} +{{- end }} +{{ toYaml $config }} +{{- end -}} + +{{/* +A template to generate an SHA from a component config, to be used to annotate a Deployment, +such that it will auto restart if the SHA changes. +Uses filterConfig helper to select pertinent parts of the config to be part of the SHA. +Pass in root, me, configMapHelper, component and excludeKeys +excludeKeys is a comma separated list of key values to exclude from each section, e.g. "global,esp.services,esp.queues" + +globalExcludeSectionRegexList below is hard-coded list of section regexp's to exclude. +globalExcludeList below is a hard-coded list of global keys to exclude. + +*/}} +{{- define "hpcc.getConfigSHA" }} +{{- $globalExcludeList := list (printf "%s.replicas" .component) -}} +{{- $globalExcludeSectionRegexList := list ".*spec.yaml$" -}} +{{- $combinedExcludeKeyList := concat (splitList "," (.excludeKeys | default "")) $globalExcludeList -}} +{{- $ctx := merge (omit . "excludeKeys") (dict "excludeSectionRegexList" $globalExcludeSectionRegexList "excludeKeyList" $combinedExcludeKeyList) -}} +{{- include "hpcc.filterConfig" $ctx | sha256sum }} +{{- end -}} + +{{/* +A template to ensure that the flag specifying whether kubernetes resource validation is allowed exists. When running helm +in template mode access to functions like "lookup" that need to access the kubernetes API are disabled. We use that function +to validate things like the existence of secrets we have dependencies on. We also check the Capabilities.APIVersions for the +existence of custom CRDS which are not updated when kubernetes API access is not allowed. + +By default the behavior should now be correct for both install and template. + +Setting the default requires an extra call to lookup. To avoid a call to "lookup" every time we cache the value in +global.noResourceValidation flag. This behavior can be overridden by the caller using "--set global.noResourceValidation=true" +*/}} +{{- define "hpcc.ensureNoResourceValidationFlag" }} + {{- if not (hasKey .root.Values.global "noResourceValidation" )}} + {{- $_ := set .root.Values.global "noResourceValidation" (not (lookup "v1" "Namespace" "" "")) -}} + {{- end }} +{{- end -}} + +{{/* +A template to output a merged environment. Pass in a list with global then local environments. Only the last specified value for each named environment variable will be output +*/}} +{{- define "hpcc.mergeEnvironments" -}} +{{- $result := dict -}} +{{- range . -}} +{{- $_ := set $result .name .value -}} +{{- end -}} +{{- range $key,$value := $result -}} +- name: {{ $key }} + value: {{ $value }} +{{ end -}} +{{- end -}} + + +{{/* +A template to convert a human readable K8s memory string to bytes +Pass in value +*/}} +{{- define "hpcc.k8sMemoryStringToBytes" -}} +{{- $ctx := dict -}} +{{- if hasSuffix "i" . -}} + {{- if hasSuffix "Ki" . -}} + {{- $_ := set $ctx "scale" 1024 -}} + {{- else if hasSuffix "Mi" . -}} + {{- $_ := set $ctx "scale" 1048576 -}} + {{- else if hasSuffix "Gi" . -}} + {{- $_ := set $ctx "scale" 1073741824 -}} + {{- else if hasSuffix "Ti" . -}} + {{- $_ := set $ctx "scale" 1099511627776 -}} + {{- else if hasSuffix "Pi" . -}} + {{- $_ := set $ctx "scale" 1125899906842624 -}} + {{- else if hasSuffix "Ei" . -}} + {{- $_ := set $ctx "scale" 1152921504606846976 -}} + {{- else -}} + {{- $_ := fail (printf "Invalid size suffix on memory resource specification: %s" .) -}} + {{- end -}} + {{- $_ := set $ctx "number" (substr 0 (int (sub (len .) 2)) .) -}} +{{- else -}} + {{- if hasSuffix "K" . -}} + {{- $_ := set $ctx "scale" 100 -}} + {{- else if hasSuffix "M" . -}} + {{- $_ := set $ctx "scale" 1000000 -}} + {{- else if hasSuffix "G" . -}} + {{- $_ := set $ctx "scale" 1000000000 -}} + {{- else if hasSuffix "T" . -}} + {{- $_ := set $ctx "scale" 1000000000000 -}} + {{- else if hasSuffix "P" . -}} + {{- $_ := set $ctx "scale" 1000000000000000 -}} + {{- else if hasSuffix "E" . -}} + {{- $_ := set $ctx "scale" 1000000000000000000 -}} + {{- else -}} + {{- $_ := fail (printf "Invalid size suffix on memory resource specification: %s" .) -}} + {{- end -}} + {{- $_ := set $ctx "number" (substr 0 (sub (len .) 1) .) -}} +{{- end -}} +{{- printf "%d" (mul $ctx.number $ctx.scale) -}} +{{- end -}} + +{{/* +A template to convert a human readable K8s cpu string to milli cpu units +Pass in value +*/}} +{{- define "hpcc.k8sCPUStringToMilliCPU" -}} +{{- if hasSuffix "m" . -}} + {{- $number := (substr 0 (int (sub (len .) 1)) .) -}} + {{- printf "%d" (int $number) -}} +{{- else -}} + {{- printf "%d" (int (mulf (float64 .) 1000.0)) -}} +{{- end -}} +{{- end -}} + +{{/* +A template to convert bytes into a k8s human friendly string +Pass in value +*/}} +{{- define "hpcc.bytesToK8sMemoryString" -}} +{{- /* NB: Rounds down to units that are a 1000th of unit that value is larger than */ -}} +{{- if ge . 1152921504606846976 -}}{{- /* >= 1Ei */ -}} + {{- printf "%dPi" (int (div . 1125899906842624)) -}} +{{- else if ge . 1125899906842624 -}}{{- /* >= 1Pi */ -}} + {{- printf "%dTi" (int (div . 1099511627776)) -}} +{{- else if ge . 1099511627776 -}}{{- /* >= 1Ti */ -}} + {{- printf "%dGi" (int (div . 1073741824)) -}} +{{- else if ge . 1073741824 -}}{{- /* >= 1Gi */ -}} + {{- printf "%dMi" (int (div . 1048576)) -}} +{{- else if ge . 1048576 -}}{{- /* >= 1Mi */ -}} + {{- printf "%dKi" (int (div . 1024)) -}} +{{- else -}} + {{- printf "%d" (int .) -}} +{{- end -}} +{{- end -}} + +{{/* +A template to return the list of sasha services minus "disabled" if present +Pass in a dictionary with "services" +*/}} +{{- define "hpcc.getSashaServices" -}} +{{- $newServices := dict -}} +{{- $root := . -}} +{{- if not .services.disabled -}} + {{- range $sashaName, $sasha := $root.services -}} + {{- if (not (eq "disabled" $sashaName)) -}} + {{- if (not $sasha.disabled) -}} + {{- $_ := set $newServices $sashaName $sasha -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} +{{- $_ := set $root "services" $newServices -}} +{{- end -}} + +{{/* +A template to generate a NetworkPolicy for a named egress section that applies to a component +Pass in dict with .root, .me and .labels +*/}} +{{- define "hpcc.addEgress" }} +{{- $lvars := dict "egress" list -}} +{{- $_ := set $lvars "labels" (ternary .labels (list .me.name) (hasKey . "labels")) -}} +{{- if hasKey .me "egress" -}} + {{- if eq "string" (kindOf .me.egress) -}} + {{- if hasKey .root.Values.global "egress" -}} + {{- if hasKey .root.Values.global.egress .me.egress -}} + {{- $_ := set $lvars "egress" (get .root.Values.global.egress .me.egress) -}} + {{- else -}} + {{- required (printf "Specified named egress %s not found in global egress section" .me.egress) nil -}} + {{- end -}} + {{- else -}} + {{- required "global egress section not found" nil -}} + {{- end -}} + {{- else -}} + {{- $_ := set $lvars "egress" .me.egress -}} + {{- end -}} +{{- end -}} +{{- if $lvars.egress }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: {{ printf "%s-egress-np" .me.name | quote }} +spec: + podSelector: + matchExpressions: + - key: instanceOf + operator: In + values: [ {{ join "," $lvars.labels }} ] + policyTypes: + - Egress + egress: +{{ toYaml $lvars.egress | indent 2 }} +--- +{{- end -}} +{{- end -}} + +{{/* +<<<<<<< HEAD +Generate a list of warnings +Pass in dict with root +*/}} +{{- define "hpcc.generateWarnings" -}} +{{- $ctx := dict "warnings" list "root" .root -}} +{{- include "hpcc.getWarnings" $ctx -}} +{{- if $ctx.warnings }} +warnings: + {{- range $warning := $ctx.warnings }} +- msg: {{ $warning.msg | quote }} + severity: {{ $warning.severity | quote }} + source: {{ $warning.source | quote }} + {{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Print warnings +Pass in dict with root +*/}} +{{- define "hpcc.printWarnings" -}} +{{- $ctx := dict "warnings" list "root" .root -}} +{{- include "hpcc.getWarnings" $ctx -}} +{{- range $warning := $ctx.warnings }} + {{ printf "**** %s: %s ****" (upper $warning.severity) $warning.msg }} +{{- end -}} +{{- end -}} + +{{/* +Returns true if resources exist +Pass in dict with resources object +*/}} +{{- define "hpcc.hasResources" -}} +{{- if .resources -}} + {{- if and .resources.cpu .resources.memory -}} + true + {{- end -}} +{{- end -}} +======= +Pass in dict with root and me +Fills "result" dictionary with "planeCategories" and "namedPlanes" +*/}} +{{- define "hpcc.getEnginePlanes" -}} +{{- $planeCategories := list "lz" "data" "remote" "dll" "debug" -}} +{{- $namedPlanes := list -}} +{{- if not .me.spillPlane -}} + {{- $namedPlanes = append $namedPlanes (include "hpcc.getDefaultSpillPlane" .root) -}} +{{- else -}} + {{- $namedPlanes = append $namedPlanes .me.spillPlane -}} +{{- end -}} +{{- $_ := set .result "planeCategories" $planeCategories -}} +{{- $_ := set .result "namedPlanes" $namedPlanes -}} +>>>>>>> origin/candidate-8.10.x +{{- end -}} diff --git a/helm/hpcc/templates/dafilesrv.yaml b/helm/hpcc/templates/dafilesrv.yaml index 4f21f744f4a..65c3f174d97 100644 --- a/helm/hpcc/templates/dafilesrv.yaml +++ b/helm/hpcc/templates/dafilesrv.yaml @@ -50,7 +50,7 @@ spec: labels: {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "dafilesrv" "name" "dafilesrv" "instance" .name) | indent 8 }} server: {{ .name | quote }} - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 annotations: checksum/config: {{ $configSHA }} spec: diff --git a/helm/hpcc/templates/dali.yaml b/helm/hpcc/templates/dali.yaml index 5536644dc0e..4cb60f27c41 100644 --- a/helm/hpcc/templates/dali.yaml +++ b/helm/hpcc/templates/dali.yaml @@ -82,7 +82,7 @@ spec: run: {{ $dali.name | quote }} server: {{ $dali.name | quote }} app: dali - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey $.Values.global "metrics" }} {{- include "hpcc.generateMetricsReporterLabel" $.Values.global.metrics | nindent 8 }} {{- end }} diff --git a/helm/hpcc/templates/dfuserver.yaml b/helm/hpcc/templates/dfuserver.yaml index f39112eb55d..9391ff4e2e1 100644 --- a/helm/hpcc/templates/dfuserver.yaml +++ b/helm/hpcc/templates/dfuserver.yaml @@ -56,7 +56,7 @@ spec: {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "dfuserver" "name" "dfuserver" "instance" .name) | indent 8 }} run: {{ .name | quote }} accessDali: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey . "labels" }} {{ toYaml .labels | indent 8 }} {{- end }} diff --git a/helm/hpcc/templates/eclagent.yaml b/helm/hpcc/templates/eclagent.yaml index cdf546efa48..a27ae7c3e7f 100644 --- a/helm/hpcc/templates/eclagent.yaml +++ b/helm/hpcc/templates/eclagent.yaml @@ -58,7 +58,7 @@ data: {{- include "hpcc.addStandardLabels" (dict "root" $ "component" $apptype "name" "eclagent" "instance" $appJobName "instanceOf" (printf "%s-job" .me.name)) | indent 12 }} accessDali: "yes" accessEsp: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey .me "labels" }} {{ toYaml .me.labels | indent 12 }} {{- end }} @@ -137,7 +137,7 @@ spec: run: {{ .name | quote }} accessDali: "yes" accessEsp: {{ .useChildProcesses | default false | ternary "yes" "no" | quote }} - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey . "labels" }} {{ toYaml .labels | indent 8 }} {{- end }} diff --git a/helm/hpcc/templates/eclccserver.yaml b/helm/hpcc/templates/eclccserver.yaml index eaec18579e5..697b26f1c69 100644 --- a/helm/hpcc/templates/eclccserver.yaml +++ b/helm/hpcc/templates/eclccserver.yaml @@ -57,7 +57,7 @@ data: {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "eclccserver" "name" "eclccserver" "instance" $compileJobName "instanceOf" (printf "%s-job" .me.name)) | indent 12 }} accessDali: "yes" accessEsp: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey .me "labels" }} {{ toYaml .me.labels | indent 12 }} {{- end }} @@ -142,7 +142,7 @@ spec: run: {{ .name | quote }} accessDali: "yes" accessEsp: {{ .useChildProcesses | default false | ternary "yes" "no" | quote }} - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey . "labels" }} {{ toYaml .labels | indent 8 }} {{- end }} diff --git a/helm/hpcc/templates/eclscheduler.yaml b/helm/hpcc/templates/eclscheduler.yaml index 68507367cdd..ba7d71e21fe 100644 --- a/helm/hpcc/templates/eclscheduler.yaml +++ b/helm/hpcc/templates/eclscheduler.yaml @@ -64,7 +64,7 @@ spec: run: {{ .name | quote }} accessDali: "yes" accessEsp: "no" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey . "labels" }} {{ toYaml .labels | indent 8 }} {{- end }} diff --git a/helm/hpcc/templates/esp.yaml b/helm/hpcc/templates/esp.yaml index d294e44def8..6b210ba54a5 100644 --- a/helm/hpcc/templates/esp.yaml +++ b/helm/hpcc/templates/esp.yaml @@ -117,7 +117,7 @@ spec: server: {{ .name | quote }} accessDali: "yes" app: {{ $application }} - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- include "hpcc.addStandardLabels" (dict "root" $ "name" $application "component" "esp" "instance" .name) | indent 8 }} {{- if hasKey $.Values.global "metrics" }} {{- include "hpcc.generateMetricsReporterLabel" $.Values.global.metrics | nindent 8 }} diff --git a/helm/hpcc/templates/localroxie.yaml b/helm/hpcc/templates/localroxie.yaml index 6a101d8ebfd..dea2c4a85e3 100644 --- a/helm/hpcc/templates/localroxie.yaml +++ b/helm/hpcc/templates/localroxie.yaml @@ -70,7 +70,7 @@ spec: server: {{ $servername | quote }} accessDali: "yes" accessEsp: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "roxie-server" "name" "roxie" "instance" $roxie.name) | indent 8 }} {{- if hasKey . "labels" }} {{ toYaml .labels | indent 8 }} diff --git a/helm/hpcc/templates/roxie.yaml b/helm/hpcc/templates/roxie.yaml index 4905026b8be..e03bf5fe844 100644 --- a/helm/hpcc/templates/roxie.yaml +++ b/helm/hpcc/templates/roxie.yaml @@ -120,7 +120,7 @@ spec: {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "topology-server" "name" "roxie" "instance" $commonCtx.toponame) | indent 8 }} run: {{ $commonCtx.toponame | quote }} roxie-cluster: {{ $roxie.name | quote }} - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey $.Values.global "metrics" }} {{- include "hpcc.generateMetricsReporterLabel" $.Values.global.metrics | nindent 8}} {{- end }} @@ -180,7 +180,7 @@ kind: Service metadata: name: {{ $commonCtx.toponame | quote }} labels: - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "topology-server" "name" "roxie" "instance" $commonCtx.toponame) | indent 4 }} spec: ports: @@ -242,7 +242,7 @@ spec: roxie-cluster: {{ $roxie.name | quote }} accessDali: "yes" accessEsp: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "roxie-server" "name" "roxie" "instance" $servername) | indent 8 }} {{- if hasKey $.Values.global "metrics" }} {{- include "hpcc.generateMetricsReporterLabel" $.Values.global.metrics | nindent 8}} @@ -345,7 +345,7 @@ spec: roxie-cluster: {{ $roxie.name | quote }} accessDali: "yes" accessEsp: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey $.Values.global "metrics" }} {{- include "hpcc.generateMetricsReporterLabel" $.Values.global.metrics | nindent 8}} {{- end }} diff --git a/helm/hpcc/templates/sasha.yaml b/helm/hpcc/templates/sasha.yaml index 2a26e39fa27..701845134d1 100644 --- a/helm/hpcc/templates/sasha.yaml +++ b/helm/hpcc/templates/sasha.yaml @@ -52,7 +52,7 @@ spec: run: {{ $serviceName | quote }} server: {{ $serviceName | quote }} accessDali: {{ (has "dali" $sasha.access) | ternary "yes" "no" | quote }} - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- if hasKey $sasha "labels" }} {{ toYaml $sasha.labels | indent 8 }} {{- end }} diff --git a/helm/hpcc/templates/thor.yaml b/helm/hpcc/templates/thor.yaml index 454c8dc7f3f..648027c7bd0 100644 --- a/helm/hpcc/templates/thor.yaml +++ b/helm/hpcc/templates/thor.yaml @@ -82,7 +82,7 @@ data: labels: accessDali: "yes" accessEsp: "yes" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "eclagent" "name" "thor" "instance" $eclAgentJobName "instanceOf" (printf "%s-job" .eclAgentName)) | indent 8 }} {{- if hasKey .me "labels" }} {{ toYaml .me.labels | indent 12 }} @@ -149,7 +149,7 @@ data: accessEsp: "yes" app: "thor" component: "thormanager" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 instance: "_HPCC_JOBNAME_" job: "_HPCC_JOBNAME_" {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "thormanager" "name" "thor" "instance" $thorManagerJobName "instanceOf" (printf "%s-thormanager-job" .me.name)) | indent 12 }} @@ -218,7 +218,7 @@ data: accessEsp: "yes" app: "thor" component: "thorworker" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 instance: "_HPCC_JOBNAME_" job: "_HPCC_JOBNAME_" {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "thorworker" "name" "thor" "instance" $thorWorkerJobName "instanceOf" (printf "%s-thorworker-job" .me.name)) | indent 12 }} @@ -353,7 +353,7 @@ spec: accessEsp: {{ $commonCtx.eclAgentUseChildProcesses | ternary "yes" "no" | quote }} app: "thor" component: "thor-eclagent" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 instance: {{ $commonCtx.eclAgentName | quote }} {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "eclagent" "name" "thor" "instance" $commonCtx.eclAgentName ) | indent 8 }} {{- if hasKey $commonCtx.me "labels" }} @@ -418,7 +418,7 @@ spec: accessEsp: "no" app: "thor" component: "thor-thoragent" - helmVersion: 9.0.2-rc1 + helmVersion: 9.0.2-rc2 instance: {{ $commonCtx.thorAgentName | quote }} {{- include "hpcc.addStandardLabels" (dict "root" $ "component" "eclagent" "name" "thor" "instance" $commonCtx.thorAgentName ) | indent 8 }} {{- if hasKey $commonCtx.me "labels" }} diff --git a/version.cmake b/version.cmake index bec43b98fd3..2117b9fb2c8 100644 --- a/version.cmake +++ b/version.cmake @@ -7,5 +7,5 @@ set ( HPCC_MAJOR 9 ) set ( HPCC_MINOR 0 ) set ( HPCC_POINT 2 ) set ( HPCC_MATURITY "rc" ) -set ( HPCC_SEQUENCE 1 ) +set ( HPCC_SEQUENCE 2 ) ###