feat: adding read replica service and ingress

README.md

@@ -24,6 +24,7 @@ AWS_ACCESS_KEY_ID
 AWS_SECRET_ACCESS_KEY
 AWS_ENDPOINT
 AWS_BUCKET
+DATABASE_RUN_MIGRATIONS
 ```
 
 If you want to install a postgres DB together with strapi, just add:
@@ -34,8 +35,12 @@ If you want to install a postgres DB together with strapi, just add:
 Installation: 
 
 ```
-helm install saleor trieb.work/strapi
+helm install strapi trieb.work/strapi
 ```
+### Read Replica
+You can automatically add read-replicas. It will give you one read-only API endpoint, that is connected to all strapi instances. Just make sure, that
+you have the env variable DATABASE_RUN_MIGRATIONS set in the strapi database config for the runMigrations setting, so that this chart can automatically disable the migrations on the read-replica instances.
+
 
 ## Google Tag Manager Server
 ```

charts/strapi/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.67
+version: 0.2.1
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/strapi/templates/_helpers.tpl

@@ -38,6 +38,7 @@ Create chart name and version as used by the chart label.
 {{- end }}
 {{- end }}
 
+
 {{/*
 Common labels
 */}}
@@ -71,6 +72,17 @@ nginx.ingress.kubernetes.io/enable-cors: "true"
 {{- end }}
 {{- end }}
 
+{{- define "strapi.readReplicaIngressAnnotations" -}}
+nginx.ingress.kubernetes.io/cors-allow-credentials: "true"
+nginx.ingress.kubernetes.io/cors-allow-methods: "GET, OPTIONS"
+{{- if .Values.readReplicaIngress.annotations }}
+{{ toYaml .Values.readReplicaIngress.annotations }}
+{{- end }}
+{{- end }}
+
+
+
+
 {{/*
 Create the name of the service account to use
 */}}
@@ -81,3 +93,12 @@ Create the name of the service account to use
 {{- default "default" .Values.serviceAccount.name }}
 {{- end }}
 {{- end }}
+
+{{/*
+When readReplica.enabled, but not postgresql.architecture=replication, throw an error
+*/}}
+{{- define "strapi.validateReadReplica" -}}
+{{- if and .Values.readReplica.enabled (ne .Values.postgresql.architecture "replication") }}
+{{- fail "readReplica.enabled requires postgresql.architecture=replication" }}
+{{- end }}
+{{- end }}

charts/strapi/templates/deployment.yaml

@@ -4,6 +4,7 @@ metadata:
   name: {{ include "strapi.fullname" . }}
   labels:
     {{- include "strapi.labels" . | nindent 4 }}
+    app.kubernetes.io/role: primary
 spec:
   {{- if not .Values.autoscaling.enabled }}
   replicas: {{ .Values.replicaCount }}
@@ -77,3 +78,85 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+---
+# If we have Values.readReplica.enabled set to true, we will create a read replica deployment
+{{- if .Values.readReplica.enabled }}
+apiVersion: apps/v1
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "strapi.fullname" . }}-read-replica
+  labels:
+    {{- include "strapi.labels" . | nindent 4 }}
+    app.kubernetes.io/role: read-replica
+spec:
+  replicas: {{ .Values.readReplica.replicaCount }}
+  selector:
+    matchLabels:
+      {{- include "strapi.selectorLabels" . | nindent 6 }}
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "strapi.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "strapi.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}-read-replica
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ lower .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          ports:
+            - name: http
+              containerPort: 1337
+              protocol: TCP
+          livenessProbe:
+            {{- toYaml .Values.livenessProbe | nindent 12 }}  
+          readinessProbe:
+            {{- toYaml .Values.readinessProbe | nindent 12 }} 
+          startupProbe:
+            {{- toYaml .Values.startupProbe | nindent 12 }}  
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          env:
+            - name: STRAPI_API_URL
+              value: {{ lower .Values.strapiApiUrl | quote }}
+            - name: DATABASE_RUN_MIGRATIONS
+              value: "false"  
+          {{- range $key, $val := .Values.additionalEnvVariables }}
+            - name: {{ $key }}
+              value: {{ $val | quote }}
+          {{- end }}     
+          envFrom:
+          - secretRef:
+              name: {{ include "strapi.fullname" . }}
+          {{- range .Values.additionalSecretMounts }}
+          - secretRef:
+              name: {{ . }}
+          {{- end }}    
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
+

charts/strapi/templates/ingress.yaml

@@ -55,3 +55,62 @@ spec:
               {{- end }}
     {{- end }}
 {{- end }}
+
+---
+{{- if .Values.readReplicaIngress.enabled -}}
+{{- $fullName := include "strapi.fullname" . -}}
+{{- $svcPort := .Values.service.port -}}
+{{- if and .Values.readReplicaIngress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.readReplicaIngress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.readReplicaIngress.annotations "kubernetes.io/ingress.class" .Values.readReplicaIngress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-all
+  labels:
+    {{- include "strapi.labels" . | nindent 4 }}
+  annotations:
+    {{- include "strapi.readReplicaIngressAnnotations" . | nindent 4 }}
+spec:
+  {{- if and .Values.readReplicaIngress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.readReplicaIngress.className }}
+  {{- end }}
+  {{- if .Values.readReplicaIngress.tls.enabled }}
+  tls:
+  - hosts:
+    - {{ lower .Values.readReplicaIngress.host | quote }}
+    {{- if .Values.readReplicaIngress.tls.secretName }}  
+    secretName:  {{ .Values.readReplicaIngress.tls.secretName }}
+    {{- else }}
+    secretName: "{{ $fullName }}-all-tls-secret"
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- if .Values.readReplicaIngress.host }}
+    - host: {{ lower .Values.readReplicaIngress.host | quote }}
+      http:
+        paths:
+          - path: "/"
+            {{- if and .Values.readReplicaIngress.pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .Values.readReplicaIngress.pathType }}
+            {{- end }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-all
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}-all
+              servicePort: {{ $svcPort }}
+              {{- end }}
+    {{- end }}
+{{- end }}

charts/strapi/templates/service.yaml

@@ -4,6 +4,7 @@ metadata:
   name: {{ include "strapi.fullname" . }}
   labels:
     {{- include "strapi.labels" . | nindent 4 }}
+    app.kubernetes.io/role: primary
 spec:
   type: {{ .Values.service.type }}
   ports:
@@ -13,3 +14,22 @@ spec:
       name: http
   selector:
     {{- include "strapi.selectorLabels" . | nindent 4 }}
+{{- if .Values.readReplica.enabled }}
+# If we have Values.readReplica.enabled set to true, we will create a read replica service
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "strapi.fullname" . }}-all
+  labels:
+    {{- include "strapi.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.service.type }}
+  ports:
+    - port: {{ .Values.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "strapi.selectorLabels" . | nindent 4 }}
+{{- end }}

charts/strapi/values.yaml

@@ -4,6 +4,11 @@
 
 replicaCount: 1
 
+# You can use read-only replicas of strapi. Only works, if you use the included DB and enable the replica there
+readReplica:
+  enabled: false
+  replicaCount: 0
+
 image:
   # image name overrides repository and tag.
   imageName: ""
@@ -95,6 +100,18 @@ ingress:
     cert-manager.io/cluster-issuer: letsencrypt-prod
     nginx.ingress.kubernetes.io/proxy-body-size: "800m"
 
+readReplicaIngress:
+  enabled: false
+  className: ""
+  host: chart-example.local
+  pathType: ImplementationSpecific
+  tls:
+    enabled: true
+    secretName:
+  annotations:
+    cert-manager.io/acme-challenge-type: http01
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+
 # S3 storage options. Settings need to be set, as containers are volatile
 s3:
   enabled: false
@@ -121,6 +138,8 @@ resources:
     cpu: 150m
     memory: 100Mi
 
+# autoscaling works just for the primary strapi pods. We wouldn't recommend it, as the startup is always expensive and
+# in general the whole strapi setup is not really meant to be autoscaled.
 autoscaling:
   enabled: true
   minReplicas: 1