From a2b8237ed290a14bfdd82a3ab8b3601db90464eb Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Wed, 26 Nov 2025 15:24:05 +0100 Subject: [PATCH 01/21] chore: implement init containers for dynamic configuration generation across multiple components --- charts/exivity/templates/_config.tpl | 71 -------- charts/exivity/templates/_init_config.tpl | 162 ++++++++++++++++++ .../exivity/templates/chronos/deployment.yaml | 13 +- charts/exivity/templates/configmap.yaml | 1 - charts/exivity/templates/dummy-data/job.yaml | 49 +++--- .../dummy-data/preset-configmap.yaml | 2 +- charts/exivity/templates/edify/configmap.yaml | 1 - .../exivity/templates/edify/deployment.yaml | 30 ++-- .../exivity/templates/executor/configmap.yaml | 1 - .../templates/executor/deployment.yaml | 13 +- .../exivity/templates/griffon/deployment.yaml | 13 +- .../exivity/templates/horizon/configmap.yaml | 1 - .../exivity/templates/horizon/deployment.yaml | 13 +- .../exivity/templates/pigeon/configmap.yaml | 68 -------- .../exivity/templates/pigeon/deployment.yaml | 13 +- .../templates/proximity/api.deployment.yaml | 30 ++-- .../templates/proximity/cli.configmap.yaml | 1 - .../templates/proximity/cli.deployment.yaml | 12 +- .../exivity/templates/proximity/migrate.yaml | 11 +- .../templates/transcript/configmap.yaml | 1 - .../templates/transcript/deployment.yaml | 13 +- charts/exivity/templates/use/configmap.yaml | 1 - charts/exivity/templates/use/deployment.yaml | 10 +- 23 files changed, 262 insertions(+), 268 deletions(-) delete mode 100644 charts/exivity/templates/_config.tpl create mode 100644 charts/exivity/templates/_init_config.tpl delete mode 100644 charts/exivity/templates/configmap.yaml delete mode 100644 charts/exivity/templates/edify/configmap.yaml delete mode 100644 charts/exivity/templates/executor/configmap.yaml delete mode 100644 charts/exivity/templates/horizon/configmap.yaml delete mode 100644 charts/exivity/templates/pigeon/configmap.yaml delete mode 100644 charts/exivity/templates/proximity/cli.configmap.yaml delete mode 100644 charts/exivity/templates/transcript/configmap.yaml delete mode 100644 charts/exivity/templates/use/configmap.yaml diff --git a/charts/exivity/templates/_config.tpl b/charts/exivity/templates/_config.tpl deleted file mode 100644 index a5a78241..00000000 --- a/charts/exivity/templates/_config.tpl +++ /dev/null @@ -1,71 +0,0 @@ -{{/* -# Generate a configmap to be mounted into any container using Merlin to run -# part of the applications. Takes a dict as an arg; -# Pass the raw helm `.Values`, -# for the benefit of Merlin the following three entries can also be passed: -# `appname`, `path` to the executable, and `queue` to sub on. -# -# E.g. -# {{- include "exivity.config" (dict "appname" "edify" "path" "/bin/edify" "queue" "REPORT") }} -*/}} -{{- define "exivity.config" }} -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "exivity.fullname" $ -}}-config-{{- $.data.appname | default "shared" }} - labels: - app.kubernetes.io/component: {{ $.data.appname | default "shared" }} - {{- include "exivity.labels" $ | indent 4 }} -data: - config.json: |- - { - "db": { - "driver": "postgres", - "parameters": { - "host": {{ $.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $ )) | quote }}, - "port": {{ $.Values.postgresql.port | default 5432 }}, - "sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }}, - "dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }}, - "user": {{ $.Values.postgresql.global.postgresql.auth.username | quote }}, - "password": {{ $.Values.postgresql.global.postgresql.auth.password | quote }}, - "connect_timeout": 10 - } - }, - "mq": { - "servers": [ - { - "host": {{ $.Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" $ )) | quote }}, - "port": {{ $.Values.rabbitmq.port | default 5672 }}, - "secure": {{ $.Values.rabbitmq.secure | default false }} - } - ], - "user": {{ $.Values.rabbitmq.auth.username | quote }}, - "password": {{ $.Values.rabbitmq.auth.password | quote }}, - "vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }}, - "redialPeriod": 5 - }, - "chronos": { - "TTL": 60 - }, - "griffon": { - "TTL": 10 - {{ if $.data.appname }} - }, - "merlin": { - "reservedCPU": 0, - "programs": { - "{{ $.data.appname }}": { - "component": "{{ $.data.appname }}", - "path": "{{ $.data.path }}", - "queue": "{{ $.data.queue}}", - "CPU": 0, - {{- if eq $.data.appname "use" }} - "params": "${params}", - {{- end }} - "RAM": 0 - } - } - {{ end }} - } - } -{{- end }} diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl new file mode 100644 index 00000000..0729219d --- /dev/null +++ b/charts/exivity/templates/_init_config.tpl @@ -0,0 +1,162 @@ +{{- define "exivity.initConfigContainer" -}} +{{- $root := .root -}} +{{- $appname := .appname -}} +{{- $path := .path -}} +{{- $queue := .queue -}} +- name: generate-config + image: busybox:stable + command: ["/bin/sh", "-c"] + args: + - | + set -eu + tmp_config="/tmp/exivity-config.json" + cat <<'EOF' > "$tmp_config" + { + "db": { + "driver": "postgres", + "parameters": { + "host": "{{ $root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $root)) }}", + "port": {{ $root.Values.postgresql.port | default 5432 }}, + "sslmode": "{{ $root.Values.postgresql.sslmode | default "disable" }}", + "dbname": "{{ $root.Values.postgresql.global.postgresql.auth.database }}", + "user": "{{ $root.Values.postgresql.global.postgresql.auth.username }}", + "password": "{{ $root.Values.postgresql.global.postgresql.auth.password }}", + "connect_timeout": 10 + } + }, + "mq": { + "servers": [ + { + "host": "{{ $root.Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" $root)) }}", + "port": {{ $root.Values.rabbitmq.port | default 5672 }}, + "secure": {{ $root.Values.rabbitmq.secure | default false }} + } + ], + "user": "{{ $root.Values.rabbitmq.auth.username }}", + "password": "{{ $root.Values.rabbitmq.auth.password }}", + "vhost": "{{ $root.Values.rabbitmq.vhost | default "/" }}", + "redialPeriod": 5 + }, + "chronos": { + "TTL": 60 + }, + "griffon": { + "TTL": 10 + }{{- if $appname }}, + "merlin": { + "reservedCPU": 0, + "programs": { + "{{ $appname }}": { + "component": "{{ $appname }}", + "path": "{{ $path }}", + "queue": "{{ $queue }}", + "CPU": 0, + {{- if eq $appname "use" }} + "params": "${params}", + {{- end }} + "RAM": 0 + } + } + } + {{- end }} + } + EOF + cp "$tmp_config" /exivity/home/system/config.json + volumeMounts: + - name: config-generated + mountPath: /exivity/home/system +{{- end }} + +{{/* +Define the shared emptyDir volume for generated config files. +*/}} +{{- define "exivity.configGeneratedVolume" -}} +- name: config-generated + emptyDir: {} +{{- end }} + +{{/* +Define the volume mount for the generated config in application containers. +*/}} +{{- define "exivity.configGeneratedVolumeMount" -}} +- name: config-generated + mountPath: /exivity/home/system/config.json + subPath: config.json +{{- end }} + +{{/* +Init container for pigeon's special config (with multiple merlin programs). +*/}} +{{- define "exivity.initPigeonConfigContainer" -}} +{{- $root := . -}} +- name: generate-config + image: busybox:stable + command: ["/bin/sh", "-c"] + args: + - | + set -eu + tmp_config="/tmp/exivity-config.json" + cat <<'EOF' > "$tmp_config" + { + "db": { + "driver": "postgres", + "parameters": { + "host": "{{ $root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $root)) }}", + "port": {{ $root.Values.postgresql.port | default 5432 }}, + "sslmode": "{{ $root.Values.postgresql.sslmode | default "disable" }}", + "dbname": "{{ $root.Values.postgresql.global.postgresql.auth.database }}", + "user": "{{ $root.Values.postgresql.global.postgresql.auth.username }}", + "password": "{{ $root.Values.postgresql.global.postgresql.auth.password }}", + "connect_timeout": 10 + } + }, + "mq": { + "servers": [ + { + "host": "{{ $root.Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" $root)) }}", + "port": {{ $root.Values.rabbitmq.port | default 5672 }}, + "secure": {{ $root.Values.rabbitmq.secure | default false }} + } + ], + "user": "{{ $root.Values.rabbitmq.auth.username }}", + "password": "{{ $root.Values.rabbitmq.auth.password }}", + "vhost": "{{ $root.Values.rabbitmq.vhost | default "/" }}", + "redialPeriod": 5 + }, + "merlin": { + "reservedCPU": 1, + "heartbeatPeriod": 5, + "programs": { + "pigeon": { + "path": "/usr/bin/php", + "queue": "PIGEON", + "CPU": 0, + "RAM": 0 + }, + "workflow_ended": { + "component": "pigeon", + "path": "/usr/bin/php", + "queue": "WORKFLOW_EVENT", + "topic": "evt.workflow_status.griffon.#", + "params": "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", + "CPU": 0.25, + "RAM": 250 + }, + "report_published": { + "component": "pigeon", + "path": "/usr/bin/php", + "queue": "REPORT_PUBLISHED", + "topic": "evt.report_published.proximity.#", + "params": "common/pigeon/pigeon.phar event:post report_published `${payload}`", + "CPU": 0.25, + "RAM": 250 + } + } + } + } + EOF + cp "$tmp_config" /exivity/home/system/config.json + volumeMounts: + - name: config-generated + mountPath: /exivity/home/system +{{- end }} diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index a178c25c..24350e48 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -16,15 +16,11 @@ spec: labels: app.kubernetes.io/component: chronos {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "chronos") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-chronos-config @@ -32,7 +28,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-chronos-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: chronos image: {{ include "exivity.image" (set $ "name" "chronos") }} @@ -47,8 +45,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/chronos {{- include "exivity.probes" $ | indent 10}} diff --git a/charts/exivity/templates/configmap.yaml b/charts/exivity/templates/configmap.yaml deleted file mode 100644 index bf07d404..00000000 --- a/charts/exivity/templates/configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict nil nil)) }} diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index bbe0927c..76815c7f 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -18,11 +18,31 @@ spec: labels: app.kubernetes.io/component: dummy-data {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "dummyData") | indent 8 }} + volumes: + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: preset-file + configMap: + name: {{ include "exivity.fullname" $ -}}-dummy-data-preset + - name: config + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-etl-config + - name: import + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-import + - name: report + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-report + - name: exported + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-exported + - name: extracted + persistentVolumeClaim: + claimName: {{ include "exivity.fullname" $ -}}-extracted + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} containers: - name: dummy-data image: {{ include "exivity.image" (set $ "name" "dummyData") }} @@ -37,10 +57,9 @@ spec: resources: {{- toYaml .Values.service.dummyData.resources | nindent 12 }} volumeMounts: + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system - name: exported mountPath: /exivity/home/exported - name: extracted @@ -51,28 +70,6 @@ spec: mountPath: /exivity/home/system/report - name: preset-file mountPath: /exivity/home/system/preset - volumes: - - name: preset-file - configMap: - name: {{ include "exivity.fullname" $ -}}-dummy-data-preset - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared - - name: config - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-etl-config - - name: import - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-import - - name: report - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-report - - name: exported - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-exported - - name: extracted - persistentVolumeClaim: - claimName: {{ include "exivity.fullname" $ -}}-extracted restartPolicy: Never {{- with .Values.service.pullSecrets }} imagePullSecrets: diff --git a/charts/exivity/templates/dummy-data/preset-configmap.yaml b/charts/exivity/templates/dummy-data/preset-configmap.yaml index 105de935..42950055 100644 --- a/charts/exivity/templates/dummy-data/preset-configmap.yaml +++ b/charts/exivity/templates/dummy-data/preset-configmap.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: name: {{ include "exivity.fullname" $ -}}-dummy-data-preset labels: - app.kubernetes.io/component: {{ $.data.appname | default "shared" }} + app.kubernetes.io/component: dummy-data {{- include "exivity.labels" $ | indent 4 }} data: preset.yaml: |- diff --git a/charts/exivity/templates/edify/configmap.yaml b/charts/exivity/templates/edify/configmap.yaml deleted file mode 100644 index 259ec9d5..00000000 --- a/charts/exivity/templates/edify/configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT")) }} diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 70a1cdea..480a391b 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -17,22 +17,19 @@ spec: app.kubernetes.io/component: edify {{- include "exivity.labels" $ | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }} volumes: - - name: config-file - projected: - sources: - - configMap: - name: {{ include "exivity.fullname" $ -}}-config-edify - - configMap: - name: {{ include "exivity.fullname" $ -}}-licence-pub - - secret: - name: {{ include "exivity.fullname" $ -}}-licence-key + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: licence-pub + configMap: + name: {{ include "exivity.fullname" $ -}}-licence-pub + - name: licence-key + secret: + secretName: {{ include "exivity.fullname" $ -}}-licence-key - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -46,7 +43,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} containers: - name: edify image: {{ include "exivity.image" (set $ "name" "edify") }} @@ -65,8 +64,13 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + - name: licence-pub + mountPath: /exivity/home/system/licence.pub + subPath: license.pub + - name: licence-key + mountPath: /exivity/home/system/license.key + subPath: license.key - name: extracted mountPath: /exivity/home/system/extracted - name: log diff --git a/charts/exivity/templates/executor/configmap.yaml b/charts/exivity/templates/executor/configmap.yaml deleted file mode 100644 index c7ea87eb..00000000 --- a/charts/exivity/templates/executor/configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict "root" $ "appname" "executor" "path" "${program}" "queue" "EXECUTE")) }} diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 36a70f32..5954cb13 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -16,15 +16,11 @@ spec: labels: app.kubernetes.io/component: executor {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "executor") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-executor + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -44,7 +40,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-executor-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "executor" "path" "${program}" "queue" "EXECUTE") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} containers: - name: executor image: {{ include "exivity.image" (set $ "name" "executor") }} @@ -59,8 +57,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index 86c5158b..e1ef3476 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -16,15 +16,11 @@ spec: labels: app.kubernetes.io/component: griffon {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "griffon") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-config @@ -32,7 +28,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: griffon image: {{ include "exivity.image" (set $ "name" "griffon") }} @@ -45,8 +43,7 @@ spec: - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" volumeMounts: - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config - name: log diff --git a/charts/exivity/templates/horizon/configmap.yaml b/charts/exivity/templates/horizon/configmap.yaml deleted file mode 100644 index cdb3f178..00000000 --- a/charts/exivity/templates/horizon/configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET")) }} diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index b9828dea..08674800 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -16,20 +16,18 @@ spec: labels: app.kubernetes.io/component: horizon {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-horizon: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "horizon") | indent 8 }} volumes: - - name: config - configMap: - name: {{ include "exivity.fullname" $ -}}-config-horizon + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-horizon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 8 }} containers: - name: horizon image: {{ include "exivity.image" (set $ "name" "horizon") }} @@ -42,8 +40,7 @@ spec: - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" volumeMounts: - - name: config - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/horizon - name: log diff --git a/charts/exivity/templates/pigeon/configmap.yaml b/charts/exivity/templates/pigeon/configmap.yaml deleted file mode 100644 index d855cdaf..00000000 --- a/charts/exivity/templates/pigeon/configmap.yaml +++ /dev/null @@ -1,68 +0,0 @@ -# pigeon listens to multiple MQ topics, so it gets its own config definition for now -# TODO: get some PHP guru to fix it so we don't need merlin here. -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "exivity.fullname" $ -}}-config-pigeon - labels: - app.kubernetes.io/component: pigeon - {{- include "exivity.labels" $ | indent 4 }} -data: - config.json: |- - { - "db": { - "driver": "postgres", - "parameters": { - "host": {{ $.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $ )) | quote }}, - "port": {{ $.Values.postgresql.port | default 5432 }}, - "sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }}, - "dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }}, - "user": {{ $.Values.postgresql.global.postgresql.auth.username | quote }}, - "password": {{ $.Values.postgresql.global.postgresql.auth.password | quote }}, - "connect_timeout": 10 - } - }, - "mq": { - "servers": [ - { - "host": {{ $.Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" $ )) | quote }}, - "port": {{ $.Values.rabbitmq.port | default 5672 }}, - "secure": {{ $.Values.rabbitmq.secure | default false }} - } - ], - "user": {{ $.Values.rabbitmq.auth.username | quote }}, - "password": {{ $.Values.rabbitmq.auth.password | quote }}, - "vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }}, - "redialPeriod": 5 - }, - "merlin": { - "reservedCPU": 1, - "heartbeatPeriod": 5, - "programs": { - "pigeon": { - "path": "/usr/bin/php", - "queue": "PIGEON", - "CPU": 0, - "RAM": 0 - }, - "workflow_ended": { - "component": "pigeon", - "path": "/usr/bin/php", - "queue": "WORKFLOW_EVENT", - "topic": "evt.workflow_status.griffon.#", - "params": "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", - "CPU": 0.25, - "RAM": 250 - }, - "report_published": { - "component": "pigeon", - "path": "/usr/bin/php", - "queue": "REPORT_PUBLISHED", - "topic": "evt.report_published.proximity.#", - "params": "common/pigeon/pigeon.phar event:post report_published `${payload}`", - "CPU": 0.25, - "RAM": 250 - } - } - } - } diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index dfce5989..b8da0fd4 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -16,15 +16,11 @@ spec: labels: app.kubernetes.io/component: pigeon {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-pigeon: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "pigeon") | indent 8 }} volumes: - - name: config - configMap: - name: {{ include "exivity.fullname" $ -}}-config-pigeon + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-pigeon-log @@ -38,7 +34,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 6 }} + initContainers: + {{- include "exivity.initPigeonConfigContainer" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 8 }} containers: - name: pigeon image: {{ include "exivity.image" (set $ "name" "pigeon") }} @@ -46,8 +44,7 @@ spec: resources: {{- toYaml .Values.service.pigeon.resources | nindent 12 }} volumeMounts: - - name: config - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/pigeon - name: log diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 732133b1..9647927d 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -17,7 +17,6 @@ spec: app.kubernetes.io/component: proximity-api {{- include "exivity.labels" $ | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-lock: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} @@ -30,15 +29,13 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityApi") | indent 8 }} volumes: - - name: projected - projected: - sources: - - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared - - configMap: - name: {{ include "exivity.fullname" $ -}}-licence-pub - - secret: - name: {{ include "exivity.fullname" $ -}}-licence-key + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: licence-pub + configMap: + name: {{ include "exivity.fullname" $ -}}-licence-pub + - name: licence-key + secret: + secretName: {{ include "exivity.fullname" $ -}}-licence-key - name: exivity-lock configMap: name: {{ include "exivity.fullname" $ -}}-lock @@ -88,7 +85,9 @@ spec: defaultMode: 0444 {{- end }} {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 8 }} containers: - name: proximity-api image: {{ include "exivity.image" (set $ "name" "proximityApi") }} @@ -102,8 +101,13 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: projected - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + - name: licence-pub + mountPath: /exivity/home/system/licence.pub + subPath: license.pub + - name: licence-key + mountPath: /exivity/home/system/license.key + subPath: license.key - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/proximity/cli.configmap.yaml b/charts/exivity/templates/proximity/cli.configmap.yaml deleted file mode 100644 index b30b6c8a..00000000 --- a/charts/exivity/templates/proximity/cli.configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY")) }} diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index 5c175d31..fbd4bb68 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -17,16 +17,13 @@ spec: app.kubernetes.io/component: proximity-cli {{- include "exivity.labels" $ | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-proximity-cli: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-proximity-cli-env: {{ include (print $.Template.BasePath "/proximity/cli.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityCli") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-proximity-cli + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-proximity-cli-log @@ -46,7 +43,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-exported {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 8 }} containers: - name: proximity-cli image: {{ include "exivity.image" (set $ "name" "proximityCli") }} @@ -56,8 +55,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/system/exported - name: extracted diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index 8cacf7d7..fe2a5b4f 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -18,19 +18,17 @@ spec: app.kubernetes.io/component: proximity-migration {{- include "exivity.labels" . | indent 8 }} annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityMigrate") | indent 8 }} volumes: - - name: config-shared - configMap: - name: {{ include "exivity.fullname" . }}-config-shared - readOnly: true + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} containers: - name: proximity-migration image: {{ include "exivity.image" (set $ "name" "proximityMigrate") }} @@ -38,8 +36,7 @@ spec: resources: {{- toYaml .Values.service.proximityMigrate.resources | nindent 12 }} volumeMounts: - - name: config-shared - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config command: [php] diff --git a/charts/exivity/templates/transcript/configmap.yaml b/charts/exivity/templates/transcript/configmap.yaml deleted file mode 100644 index 77cb4dc4..00000000 --- a/charts/exivity/templates/transcript/configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM")) }} diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 2941f5bd..9619262b 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -16,15 +16,11 @@ spec: labels: app.kubernetes.io/component: transcript {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-transcript: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "transcript") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-transcript + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -44,7 +40,9 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} - {{- include "exivity.initPermissions" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 6 }} + initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM") | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} containers: - name: transcript image: {{ include "exivity.image" (set $ "name" "transcript") }} @@ -54,8 +52,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/use/configmap.yaml b/charts/exivity/templates/use/configmap.yaml deleted file mode 100644 index 1a86fb7e..00000000 --- a/charts/exivity/templates/use/configmap.yaml +++ /dev/null @@ -1 +0,0 @@ -{{- template "exivity.config" (set $ "data" (dict "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT")) }} diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index b36a7c7b..bb4f1f27 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -16,15 +16,11 @@ spec: labels: app.kubernetes.io/component: use {{- include "exivity.labels" $ | indent 8 }} - annotations: - checksum/{{- include "exivity.fullname" $ -}}-config-use: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "use") | indent 8 }} volumes: - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-use + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: etl-config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -49,6 +45,7 @@ spec: secretName: {{ include "exivity.fullname" $ -}}-use-certificates {{- end }} initContainers: + {{- include "exivity.initConfigContainer" (dict "root" . "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT") | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} {{- if gt (len (default "" .Values.service.use.caCertificates)) 0 }} - name: install-ca-cert @@ -76,8 +73,7 @@ spec: resources: {{- toYaml .Values.service.use.resources | nindent 12 }} volumeMounts: - - name: config-file - mountPath: /exivity/home/system + {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: etl-config mountPath: /exivity/home/system/config - name: exported From dc141d3dfc2f5c7c2b66b89f71d2ccb957c63da1 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Wed, 26 Nov 2025 16:42:02 +0100 Subject: [PATCH 02/21] chore: adjust indentation for initPermissionsContainer in multiple deployment templates --- charts/exivity/templates/_init_config.tpl | 6 ------ charts/exivity/templates/chronos/deployment.yaml | 2 +- charts/exivity/templates/edify/deployment.yaml | 2 +- charts/exivity/templates/executor/deployment.yaml | 2 +- charts/exivity/templates/griffon/deployment.yaml | 2 +- charts/exivity/templates/horizon/deployment.yaml | 2 +- charts/exivity/templates/pigeon/deployment.yaml | 2 +- charts/exivity/templates/proximity/api.deployment.yaml | 2 +- charts/exivity/templates/proximity/cli.deployment.yaml | 2 +- charts/exivity/templates/transcript/deployment.yaml | 2 +- charts/exivity/templates/use/deployment.yaml | 2 +- 11 files changed, 10 insertions(+), 16 deletions(-) diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 0729219d..101ff37f 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -67,17 +67,11 @@ mountPath: /exivity/home/system {{- end }} -{{/* -Define the shared emptyDir volume for generated config files. -*/}} {{- define "exivity.configGeneratedVolume" -}} - name: config-generated emptyDir: {} {{- end }} -{{/* -Define the volume mount for the generated config in application containers. -*/}} {{- define "exivity.configGeneratedVolumeMount" -}} - name: config-generated mountPath: /exivity/home/system/config.json diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index 24350e48..e7fdc3cf 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -30,7 +30,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: chronos image: {{ include "exivity.image" (set $ "name" "chronos") }} diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 480a391b..86289d3e 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -45,7 +45,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} containers: - name: edify image: {{ include "exivity.image" (set $ "name" "edify") }} diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 5954cb13..b8247cc7 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -42,7 +42,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "executor" "path" "${program}" "queue" "EXECUTE") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} containers: - name: executor image: {{ include "exivity.image" (set $ "name" "executor") }} diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index e1ef3476..ecf9374b 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -30,7 +30,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: griffon image: {{ include "exivity.image" (set $ "name" "griffon") }} diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index 08674800..5314cc21 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -27,7 +27,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 8 }} containers: - name: horizon image: {{ include "exivity.image" (set $ "name" "horizon") }} diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index b8da0fd4..ba775aaf 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -36,7 +36,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initPigeonConfigContainer" . | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 8 }} containers: - name: pigeon image: {{ include "exivity.image" (set $ "name" "pigeon") }} diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 9647927d..0a0824d3 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -87,7 +87,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 8 }} containers: - name: proximity-api image: {{ include "exivity.image" (set $ "name" "proximityApi") }} diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index fbd4bb68..20490963 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -45,7 +45,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 8 }} containers: - name: proximity-cli image: {{ include "exivity.image" (set $ "name" "proximityCli") }} diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 9619262b..91fed3a7 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -42,7 +42,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} containers: - name: transcript image: {{ include "exivity.image" (set $ "name" "transcript") }} diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index bb4f1f27..45df0c19 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -46,7 +46,7 @@ spec: {{- end }} initContainers: {{- include "exivity.initConfigContainer" (dict "root" . "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT") | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} {{- if gt (len (default "" .Values.service.use.caCertificates)) 0 }} - name: install-ca-cert image: {{ include "exivity.image" (set $ "name" "use") }} From dfe0598a4d396913582a4c718baef4b6f6aa1f97 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Thu, 27 Nov 2025 11:20:36 +0100 Subject: [PATCH 03/21] update licence mountPath in deployment templates --- charts/exivity/templates/edify/deployment.yaml | 2 +- charts/exivity/templates/proximity/api.deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 86289d3e..8af939f6 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -66,7 +66,7 @@ spec: mountPath: /exivity/home/system/config {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: licence-pub - mountPath: /exivity/home/system/licence.pub + mountPath: /exivity/home/system/license.pub subPath: license.pub - name: licence-key mountPath: /exivity/home/system/license.key diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 0a0824d3..5d3df7fb 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -103,7 +103,7 @@ spec: mountPath: /exivity/home/system/config {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} - name: licence-pub - mountPath: /exivity/home/system/licence.pub + mountPath: /exivity/home/system/license.pub subPath: license.pub - name: licence-key mountPath: /exivity/home/system/license.key From 99d65d5c92bdc79366ab8bd6c3d1f94cf1032db7 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Mon, 1 Dec 2025 14:01:34 +0100 Subject: [PATCH 04/21] chore: implement config generation scripts and update RabbitMQ configuration --- charts/exivity/templates/_init_config.tpl | 190 ++++++---------- .../templates/config-generator-script.yaml | 205 ++++++++++++++++++ .../exivity/templates/rabbitmq-configmap.yaml | 12 + charts/exivity/templates/secret.yaml | 12 + 4 files changed, 290 insertions(+), 129 deletions(-) create mode 100644 charts/exivity/templates/config-generator-script.yaml create mode 100644 charts/exivity/templates/rabbitmq-configmap.yaml diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 101ff37f..18c6cecf 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -1,75 +1,59 @@ {{- define "exivity.initConfigContainer" -}} -{{- $root := .root -}} {{- $appname := .appname -}} {{- $path := .path -}} {{- $queue := .queue -}} - name: generate-config - image: busybox:stable - command: ["/bin/sh", "-c"] - args: - - | - set -eu - tmp_config="/tmp/exivity-config.json" - cat <<'EOF' > "$tmp_config" - { - "db": { - "driver": "postgres", - "parameters": { - "host": "{{ $root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $root)) }}", - "port": {{ $root.Values.postgresql.port | default 5432 }}, - "sslmode": "{{ $root.Values.postgresql.sslmode | default "disable" }}", - "dbname": "{{ $root.Values.postgresql.global.postgresql.auth.database }}", - "user": "{{ $root.Values.postgresql.global.postgresql.auth.username }}", - "password": "{{ $root.Values.postgresql.global.postgresql.auth.password }}", - "connect_timeout": 10 - } - }, - "mq": { - "servers": [ - { - "host": "{{ $root.Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" $root)) }}", - "port": {{ $root.Values.rabbitmq.port | default 5672 }}, - "secure": {{ $root.Values.rabbitmq.secure | default false }} - } - ], - "user": "{{ $root.Values.rabbitmq.auth.username }}", - "password": "{{ $root.Values.rabbitmq.auth.password }}", - "vhost": "{{ $root.Values.rabbitmq.vhost | default "/" }}", - "redialPeriod": 5 - }, - "chronos": { - "TTL": 60 - }, - "griffon": { - "TTL": 10 - }{{- if $appname }}, - "merlin": { - "reservedCPU": 0, - "programs": { - "{{ $appname }}": { - "component": "{{ $appname }}", - "path": "{{ $path }}", - "queue": "{{ $queue }}", - "CPU": 0, - {{- if eq $appname "use" }} - "params": "${params}", - {{- end }} - "RAM": 0 - } - } - } - {{- end }} - } - EOF - cp "$tmp_config" /exivity/home/system/config.json + image: linuxserver/yq:latest + command: ["/bin/sh"] + args: ["/scripts/generate-config.sh"] + env: + {{- if $appname }} + - name: APPNAME + value: "{{ $appname }}" + - name: PATH_VAR + value: "{{ $path }}" + - name: QUEUE + value: "{{ $queue }}" + {{- end }} volumeMounts: - name: config-generated mountPath: /exivity/home/system + - name: config-generator-script + mountPath: /scripts + readOnly: true + - name: postgres-config + mountPath: /config/postgres + readOnly: true + - name: postgres-secret + mountPath: /secrets/postgres + readOnly: true + - name: rabbitmq-config + mountPath: /config/rabbitmq + readOnly: true + - name: rabbitmq-secret + mountPath: /secrets/rabbitmq + readOnly: true {{- end }} {{- define "exivity.configGeneratedVolume" -}} - name: config-generated emptyDir: {} +- name: config-generator-script + configMap: + name: {{ printf "%s-config-generator" (include "exivity.fullname" .) }} + defaultMode: 0755 +- name: postgres-config + configMap: + name: {{ printf "%s-postgres-config" (include "exivity.fullname" .) }} +- name: postgres-secret + secret: + secretName: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} +- name: rabbitmq-config + configMap: + name: {{ printf "%s-rabbitmq-config" (include "exivity.fullname" .) }} +- name: rabbitmq-secret + secret: + secretName: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} {{- end }} {{- define "exivity.configGeneratedVolumeMount" -}} @@ -78,79 +62,27 @@ subPath: config.json {{- end }} -{{/* -Init container for pigeon's special config (with multiple merlin programs). -*/}} {{- define "exivity.initPigeonConfigContainer" -}} -{{- $root := . -}} - name: generate-config - image: busybox:stable - command: ["/bin/sh", "-c"] - args: - - | - set -eu - tmp_config="/tmp/exivity-config.json" - cat <<'EOF' > "$tmp_config" - { - "db": { - "driver": "postgres", - "parameters": { - "host": "{{ $root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $root)) }}", - "port": {{ $root.Values.postgresql.port | default 5432 }}, - "sslmode": "{{ $root.Values.postgresql.sslmode | default "disable" }}", - "dbname": "{{ $root.Values.postgresql.global.postgresql.auth.database }}", - "user": "{{ $root.Values.postgresql.global.postgresql.auth.username }}", - "password": "{{ $root.Values.postgresql.global.postgresql.auth.password }}", - "connect_timeout": 10 - } - }, - "mq": { - "servers": [ - { - "host": "{{ $root.Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" $root)) }}", - "port": {{ $root.Values.rabbitmq.port | default 5672 }}, - "secure": {{ $root.Values.rabbitmq.secure | default false }} - } - ], - "user": "{{ $root.Values.rabbitmq.auth.username }}", - "password": "{{ $root.Values.rabbitmq.auth.password }}", - "vhost": "{{ $root.Values.rabbitmq.vhost | default "/" }}", - "redialPeriod": 5 - }, - "merlin": { - "reservedCPU": 1, - "heartbeatPeriod": 5, - "programs": { - "pigeon": { - "path": "/usr/bin/php", - "queue": "PIGEON", - "CPU": 0, - "RAM": 0 - }, - "workflow_ended": { - "component": "pigeon", - "path": "/usr/bin/php", - "queue": "WORKFLOW_EVENT", - "topic": "evt.workflow_status.griffon.#", - "params": "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", - "CPU": 0.25, - "RAM": 250 - }, - "report_published": { - "component": "pigeon", - "path": "/usr/bin/php", - "queue": "REPORT_PUBLISHED", - "topic": "evt.report_published.proximity.#", - "params": "common/pigeon/pigeon.phar event:post report_published `${payload}`", - "CPU": 0.25, - "RAM": 250 - } - } - } - } - EOF - cp "$tmp_config" /exivity/home/system/config.json + image: linuxserver/yq:latest + command: ["/bin/sh"] + args: ["/scripts/generate-pigeon-config.sh"] volumeMounts: - name: config-generated mountPath: /exivity/home/system + - name: config-generator-script + mountPath: /scripts + readOnly: true + - name: postgres-config + mountPath: /config/postgres + readOnly: true + - name: postgres-secret + mountPath: /secrets/postgres + readOnly: true + - name: rabbitmq-config + mountPath: /config/rabbitmq + readOnly: true + - name: rabbitmq-secret + mountPath: /secrets/rabbitmq + readOnly: true {{- end }} diff --git a/charts/exivity/templates/config-generator-script.yaml b/charts/exivity/templates/config-generator-script.yaml new file mode 100644 index 00000000..1ed48c3a --- /dev/null +++ b/charts/exivity/templates/config-generator-script.yaml @@ -0,0 +1,205 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "exivity.fullname" . }}-config-generator + labels: + app.kubernetes.io/component: config-generator + {{- include "exivity.labels" . | nindent 4 }} +data: + generate-config.sh: | + #!/bin/sh + set -e + + # Export all config values from mounted configmap and secret files + export DB_HOST=$(cat /config/postgres/POSTGRES_HOST) + export DB_PORT=$(cat /config/postgres/POSTGRES_PORT) + export DB_SSLMODE=$(cat /config/postgres/POSTGRES_SSLMODE) + export DB_NAME=$(cat /config/postgres/POSTGRES_DB) + export DB_USER=$(cat /config/postgres/POSTGRES_USER) + export DB_PASSWORD=$(cat /secrets/postgres/POSTGRES_PASSWORD) + export MQ_HOST=$(cat /config/rabbitmq/RABBITMQ_HOST) + export MQ_PORT=$(cat /config/rabbitmq/RABBITMQ_PORT) + export MQ_SECURE=$(cat /config/rabbitmq/RABBITMQ_SECURE) + export MQ_VHOST=$(cat /config/rabbitmq/RABBITMQ_VHOST) + export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) + export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) + + # Build base config from exported env vars + jq -n \ + --arg db_host "$DB_HOST" \ + --arg db_port "$DB_PORT" \ + --arg db_sslmode "$DB_SSLMODE" \ + --arg db_name "$DB_NAME" \ + --arg db_user "$DB_USER" \ + --arg db_pass "$DB_PASSWORD" \ + --arg mq_host "$MQ_HOST" \ + --arg mq_port "$MQ_PORT" \ + --arg mq_secure "$MQ_SECURE" \ + --arg mq_vhost "$MQ_VHOST" \ + --arg mq_user "$MQ_USER" \ + --arg mq_pass "$MQ_PASSWORD" \ + '{ + db: { + driver: "postgres", + parameters: { + host: $db_host, + port: ($db_port | tonumber), + sslmode: $db_sslmode, + dbname: $db_name, + user: $db_user, + password: $db_pass, + connect_timeout: 10 + } + }, + mq: { + servers: [{ + host: $mq_host, + port: ($mq_port | tonumber), + secure: ($mq_secure == "true") + }], + user: $mq_user, + password: $mq_pass, + vhost: $mq_vhost, + redialPeriod: 5 + }, + chronos: { + TTL: 60 + }, + griffon: { + TTL: 10 + } + }' > /tmp/base-config.json + + # Add merlin configuration if parameters provided + if [ -n "$APPNAME" ]; then + if [ "$APPNAME" = "use" ]; then + jq --arg appname "$APPNAME" \ + --arg path "$PATH_VAR" \ + --arg queue "$QUEUE" \ + '.merlin = { + reservedCPU: 0, + programs: { + ($appname): { + component: $appname, + path: $path, + queue: $queue, + CPU: 0, + params: "${params}", + RAM: 0 + } + } + }' /tmp/base-config.json > /exivity/home/system/config.json + else + jq --arg appname "$APPNAME" \ + --arg path "$PATH_VAR" \ + --arg queue "$QUEUE" \ + '.merlin = { + reservedCPU: 0, + programs: { + ($appname): { + component: $appname, + path: $path, + queue: $queue, + CPU: 0, + RAM: 0 + } + } + }' /tmp/base-config.json > /exivity/home/system/config.json + fi + else + mv /tmp/base-config.json /exivity/home/system/config.json + fi + + generate-pigeon-config.sh: | + #!/bin/sh + set -e + + # Export all config values from mounted configmap and secret files + export DB_HOST=$(cat /config/postgres/POSTGRES_HOST) + export DB_PORT=$(cat /config/postgres/POSTGRES_PORT) + export DB_SSLMODE=$(cat /config/postgres/POSTGRES_SSLMODE) + export DB_NAME=$(cat /config/postgres/POSTGRES_DB) + export DB_USER=$(cat /config/postgres/POSTGRES_USER) + export DB_PASSWORD=$(cat /secrets/postgres/POSTGRES_PASSWORD) + export MQ_HOST=$(cat /config/rabbitmq/RABBITMQ_HOST) + export MQ_PORT=$(cat /config/rabbitmq/RABBITMQ_PORT) + export MQ_SECURE=$(cat /config/rabbitmq/RABBITMQ_SECURE) + export MQ_VHOST=$(cat /config/rabbitmq/RABBITMQ_VHOST) + export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) + export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) + + # Build pigeon config from exported env vars + jq -n \ + --arg db_host "$DB_HOST" \ + --arg db_port "$DB_PORT" \ + --arg db_sslmode "$DB_SSLMODE" \ + --arg db_name "$DB_NAME" \ + --arg db_user "$DB_USER" \ + --arg db_pass "$DB_PASSWORD" \ + --arg mq_host "$MQ_HOST" \ + --arg mq_port "$MQ_PORT" \ + --arg mq_secure "$MQ_SECURE" \ + --arg mq_vhost "$MQ_VHOST" \ + --arg mq_user "$MQ_USER" \ + --arg mq_pass "$MQ_PASSWORD" \ + '{ + db: { + driver: "postgres", + parameters: { + host: $db_host, + port: ($db_port | tonumber), + sslmode: $db_sslmode, + dbname: $db_name, + user: $db_user, + password: $db_pass, + connect_timeout: 10 + } + }, + mq: { + servers: [{ + host: $mq_host, + port: ($mq_port | tonumber), + secure: ($mq_secure == "true") + }], + user: $mq_user, + password: $mq_pass, + vhost: $mq_vhost, + redialPeriod: 5 + }, + chronos: { + TTL: 60 + }, + griffon: { + TTL: 10 + }, + merlin: { + reservedCPU: 1, + heartbeatPeriod: 5, + programs: { + pigeon: { + path: "/usr/bin/php", + queue: "PIGEON", + CPU: 0, + RAM: 0 + }, + workflow_ended: { + component: "pigeon", + path: "/usr/bin/php", + queue: "WORKFLOW_EVENT", + topic: "evt.workflow_status.griffon.#", + params: "common/pigeon/pigeon.phar event:post workflow_ended ${payload}", + CPU: 0.25, + RAM: 250 + }, + report_published: { + component: "pigeon", + path: "/usr/bin/php", + queue: "REPORT_PUBLISHED", + topic: "evt.report_published.proximity.#", + params: "common/pigeon/pigeon.phar event:post report_published ${payload}", + CPU: 0.25, + RAM: 250 + } + } + } + }' > /exivity/home/system/config.json diff --git a/charts/exivity/templates/rabbitmq-configmap.yaml b/charts/exivity/templates/rabbitmq-configmap.yaml new file mode 100644 index 00000000..a4b01d81 --- /dev/null +++ b/charts/exivity/templates/rabbitmq-configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "exivity.fullname" . }}-rabbitmq-config + labels: + app.kubernetes.io/component: rabbitmq-config + {{- include "exivity.labels" . | nindent 4 }} +data: + RABBITMQ_HOST: {{ .Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" .)) | quote }} + RABBITMQ_PORT: {{ .Values.rabbitmq.port | default 5672 | toString | quote }} + RABBITMQ_SECURE: {{ .Values.rabbitmq.secure | default false | toString | quote }} + RABBITMQ_VHOST: {{ .Values.rabbitmq.vhost | default "/" | quote }} diff --git a/charts/exivity/templates/secret.yaml b/charts/exivity/templates/secret.yaml index ee879f8f..efb82280 100644 --- a/charts/exivity/templates/secret.yaml +++ b/charts/exivity/templates/secret.yaml @@ -28,3 +28,15 @@ data: {{- else }} EXIVITY_JWT_SECRET: {{ randAlphaNum 32 | b64enc }} {{- end }} + +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "exivity.fullname" $ -}}-rabbitmq-secret + labels: + {{- include "exivity.labels" $ | indent 4 }} +type: Opaque +data: + RABBITMQ_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} + RABBITMQ_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} From c4fd6fdb2e02d6cf61c95c4dfadc1d00ae469b69 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Mon, 1 Dec 2025 14:38:29 +0100 Subject: [PATCH 05/21] chore: revert dummy-data ConfigMap to use dynamic appname label --- charts/exivity/templates/dummy-data/preset-configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/exivity/templates/dummy-data/preset-configmap.yaml b/charts/exivity/templates/dummy-data/preset-configmap.yaml index 42950055..105de935 100644 --- a/charts/exivity/templates/dummy-data/preset-configmap.yaml +++ b/charts/exivity/templates/dummy-data/preset-configmap.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: name: {{ include "exivity.fullname" $ -}}-dummy-data-preset labels: - app.kubernetes.io/component: dummy-data + app.kubernetes.io/component: {{ $.data.appname | default "shared" }} {{- include "exivity.labels" $ | indent 4 }} data: preset.yaml: |- From 65f6104b79acc3bb9cfe247e180514a3a90e6450 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Tue, 9 Dec 2025 15:59:31 +0100 Subject: [PATCH 06/21] chore: enhance config generation for Postgres and RabbitMQ; remove unused RabbitMQ configmap --- charts/exivity/templates/_init_config.tpl | 95 +++++++++++-------- .../templates/config-generator-script.yaml | 26 +---- charts/exivity/templates/postgres-secret.yaml | 1 + .../exivity/templates/rabbitmq-configmap.yaml | 12 --- 4 files changed, 61 insertions(+), 73 deletions(-) delete mode 100644 charts/exivity/templates/rabbitmq-configmap.yaml diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 18c6cecf..79500309 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -1,7 +1,51 @@ +{{/* +Shared Postgres and RabbitMQ environment variables +*/}} +{{- define "exivity.dbMqEnvVars" -}} +- name: DB_HOST + value: {{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) | quote }} +- name: DB_PORT + value: {{ .Values.postgresql.port | quote }} +- name: DB_SSLMODE + value: {{ .Values.postgresql.sslmode | default "disable" | quote }} +- name: DB_NAME + value: {{ .Values.postgresql.global.postgresql.auth.database | quote }} +- name: MQ_HOST + value: {{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) | quote }} +- name: MQ_PORT + value: {{ .Values.rabbitmq.port | default 5672 | toString | quote }} +- name: MQ_SECURE + value: {{ .Values.rabbitmq.secure | default false | toString | quote }} +- name: MQ_VHOST + value: {{ .Values.rabbitmq.vhost | default "/" | quote }} +{{- end }} + +------------------------------------ + +{{/* +Shared volume mounts for config generation +*/}} +{{- define "exivity.configGeneratorVolumeMounts" -}} +- name: config-generated + mountPath: /exivity/home/system +- name: config-generator-script + mountPath: /scripts + readOnly: true +- name: postgres-secret + mountPath: /secrets/postgres + readOnly: true +- name: rabbitmq-secret + mountPath: /secrets/rabbitmq + readOnly: true +{{- end }} + +------------------------------------ + {{- define "exivity.initConfigContainer" -}} {{- $appname := .appname -}} {{- $path := .path -}} {{- $queue := .queue -}} +{{- $root := .root -}} - name: generate-config image: linuxserver/yq:latest command: ["/bin/sh"] @@ -15,26 +59,13 @@ - name: QUEUE value: "{{ $queue }}" {{- end }} + {{- include "exivity.dbMqEnvVars" $root | nindent 4 }} volumeMounts: - - name: config-generated - mountPath: /exivity/home/system - - name: config-generator-script - mountPath: /scripts - readOnly: true - - name: postgres-config - mountPath: /config/postgres - readOnly: true - - name: postgres-secret - mountPath: /secrets/postgres - readOnly: true - - name: rabbitmq-config - mountPath: /config/rabbitmq - readOnly: true - - name: rabbitmq-secret - mountPath: /secrets/rabbitmq - readOnly: true + {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} {{- end }} +------------------------------------ + {{- define "exivity.configGeneratedVolume" -}} - name: config-generated emptyDir: {} @@ -42,47 +73,31 @@ configMap: name: {{ printf "%s-config-generator" (include "exivity.fullname" .) }} defaultMode: 0755 -- name: postgres-config - configMap: - name: {{ printf "%s-postgres-config" (include "exivity.fullname" .) }} - name: postgres-secret secret: secretName: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} -- name: rabbitmq-config - configMap: - name: {{ printf "%s-rabbitmq-config" (include "exivity.fullname" .) }} - name: rabbitmq-secret secret: secretName: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} {{- end }} +------------------------------------ + {{- define "exivity.configGeneratedVolumeMount" -}} - name: config-generated mountPath: /exivity/home/system/config.json subPath: config.json {{- end }} +------------------------------------ + {{- define "exivity.initPigeonConfigContainer" -}} - name: generate-config image: linuxserver/yq:latest command: ["/bin/sh"] args: ["/scripts/generate-pigeon-config.sh"] + env: + {{- include "exivity.dbMqEnvVars" . | nindent 4 }} volumeMounts: - - name: config-generated - mountPath: /exivity/home/system - - name: config-generator-script - mountPath: /scripts - readOnly: true - - name: postgres-config - mountPath: /config/postgres - readOnly: true - - name: postgres-secret - mountPath: /secrets/postgres - readOnly: true - - name: rabbitmq-config - mountPath: /config/rabbitmq - readOnly: true - - name: rabbitmq-secret - mountPath: /secrets/rabbitmq - readOnly: true + {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} {{- end }} diff --git a/charts/exivity/templates/config-generator-script.yaml b/charts/exivity/templates/config-generator-script.yaml index 1ed48c3a..ffafd9ca 100644 --- a/charts/exivity/templates/config-generator-script.yaml +++ b/charts/exivity/templates/config-generator-script.yaml @@ -10,17 +10,9 @@ data: #!/bin/sh set -e - # Export all config values from mounted configmap and secret files - export DB_HOST=$(cat /config/postgres/POSTGRES_HOST) - export DB_PORT=$(cat /config/postgres/POSTGRES_PORT) - export DB_SSLMODE=$(cat /config/postgres/POSTGRES_SSLMODE) - export DB_NAME=$(cat /config/postgres/POSTGRES_DB) - export DB_USER=$(cat /config/postgres/POSTGRES_USER) + # Export secret values from mounted secret files + export DB_USER=$(cat /secrets/postgres/POSTGRES_USER) export DB_PASSWORD=$(cat /secrets/postgres/POSTGRES_PASSWORD) - export MQ_HOST=$(cat /config/rabbitmq/RABBITMQ_HOST) - export MQ_PORT=$(cat /config/rabbitmq/RABBITMQ_PORT) - export MQ_SECURE=$(cat /config/rabbitmq/RABBITMQ_SECURE) - export MQ_VHOST=$(cat /config/rabbitmq/RABBITMQ_VHOST) export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) @@ -114,20 +106,12 @@ data: #!/bin/sh set -e - # Export all config values from mounted configmap and secret files - export DB_HOST=$(cat /config/postgres/POSTGRES_HOST) - export DB_PORT=$(cat /config/postgres/POSTGRES_PORT) - export DB_SSLMODE=$(cat /config/postgres/POSTGRES_SSLMODE) - export DB_NAME=$(cat /config/postgres/POSTGRES_DB) - export DB_USER=$(cat /config/postgres/POSTGRES_USER) + # Export secret values from mounted secret files + export DB_USER=$(cat /secrets/postgres/POSTGRES_USER) export DB_PASSWORD=$(cat /secrets/postgres/POSTGRES_PASSWORD) - export MQ_HOST=$(cat /config/rabbitmq/RABBITMQ_HOST) - export MQ_PORT=$(cat /config/rabbitmq/RABBITMQ_PORT) - export MQ_SECURE=$(cat /config/rabbitmq/RABBITMQ_SECURE) - export MQ_VHOST=$(cat /config/rabbitmq/RABBITMQ_VHOST) export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) - + # Build pigeon config from exported env vars jq -n \ --arg db_host "$DB_HOST" \ diff --git a/charts/exivity/templates/postgres-secret.yaml b/charts/exivity/templates/postgres-secret.yaml index 7ea09359..9bb196ec 100644 --- a/charts/exivity/templates/postgres-secret.yaml +++ b/charts/exivity/templates/postgres-secret.yaml @@ -7,4 +7,5 @@ metadata: {{- include "exivity.labels" . | nindent 4 }} type: Opaque data: + POSTGRES_USER: {{ .Values.postgresql.global.postgresql.auth.username | b64enc | quote }} POSTGRES_PASSWORD: {{ .Values.postgresql.global.postgresql.auth.password | b64enc | quote }} diff --git a/charts/exivity/templates/rabbitmq-configmap.yaml b/charts/exivity/templates/rabbitmq-configmap.yaml deleted file mode 100644 index a4b01d81..00000000 --- a/charts/exivity/templates/rabbitmq-configmap.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "exivity.fullname" . }}-rabbitmq-config - labels: - app.kubernetes.io/component: rabbitmq-config - {{- include "exivity.labels" . | nindent 4 }} -data: - RABBITMQ_HOST: {{ .Values.rabbitmq.host | default (printf "%s-rabbitmq" (include "exivity.fullname" .)) | quote }} - RABBITMQ_PORT: {{ .Values.rabbitmq.port | default 5672 | toString | quote }} - RABBITMQ_SECURE: {{ .Values.rabbitmq.secure | default false | toString | quote }} - RABBITMQ_VHOST: {{ .Values.rabbitmq.vhost | default "/" | quote }} From cfd2e5df35da5413ca8d9a9f7f50a8a5599cbb38 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Tue, 9 Dec 2025 17:55:14 +0100 Subject: [PATCH 07/21] chore: simplify config generation by embedding non-sensitive values directly from values.yaml --- charts/exivity/templates/_init_config.tpl | 54 +++++-------------- .../templates/config-generator-script.yaml | 52 +++++++----------- 2 files changed, 31 insertions(+), 75 deletions(-) diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 79500309..51a300dc 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -1,27 +1,3 @@ -{{/* -Shared Postgres and RabbitMQ environment variables -*/}} -{{- define "exivity.dbMqEnvVars" -}} -- name: DB_HOST - value: {{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) | quote }} -- name: DB_PORT - value: {{ .Values.postgresql.port | quote }} -- name: DB_SSLMODE - value: {{ .Values.postgresql.sslmode | default "disable" | quote }} -- name: DB_NAME - value: {{ .Values.postgresql.global.postgresql.auth.database | quote }} -- name: MQ_HOST - value: {{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) | quote }} -- name: MQ_PORT - value: {{ .Values.rabbitmq.port | default 5672 | toString | quote }} -- name: MQ_SECURE - value: {{ .Values.rabbitmq.secure | default false | toString | quote }} -- name: MQ_VHOST - value: {{ .Values.rabbitmq.vhost | default "/" | quote }} -{{- end }} - ------------------------------------- - {{/* Shared volume mounts for config generation */}} @@ -45,21 +21,30 @@ Shared volume mounts for config generation {{- $appname := .appname -}} {{- $path := .path -}} {{- $queue := .queue -}} -{{- $root := .root -}} - name: generate-config image: linuxserver/yq:latest command: ["/bin/sh"] args: ["/scripts/generate-config.sh"] + {{- if $appname }} env: - {{- if $appname }} - name: APPNAME value: "{{ $appname }}" - name: PATH_VAR value: "{{ $path }}" - name: QUEUE value: "{{ $queue }}" - {{- end }} - {{- include "exivity.dbMqEnvVars" $root | nindent 4 }} + {{- end }} + volumeMounts: + {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} +{{- end }} + +------------------------------------ + +{{- define "exivity.initPigeonConfigContainer" -}} +- name: generate-config + image: linuxserver/yq:latest + command: ["/bin/sh"] + args: ["/scripts/generate-pigeon-config.sh"] volumeMounts: {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} {{- end }} @@ -88,16 +73,3 @@ Shared volume mounts for config generation mountPath: /exivity/home/system/config.json subPath: config.json {{- end }} - ------------------------------------- - -{{- define "exivity.initPigeonConfigContainer" -}} -- name: generate-config - image: linuxserver/yq:latest - command: ["/bin/sh"] - args: ["/scripts/generate-pigeon-config.sh"] - env: - {{- include "exivity.dbMqEnvVars" . | nindent 4 }} - volumeMounts: - {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} -{{- end }} diff --git a/charts/exivity/templates/config-generator-script.yaml b/charts/exivity/templates/config-generator-script.yaml index ffafd9ca..e9fe2435 100644 --- a/charts/exivity/templates/config-generator-script.yaml +++ b/charts/exivity/templates/config-generator-script.yaml @@ -16,28 +16,20 @@ data: export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) - # Build base config from exported env vars + # Non-sensitive config values are embedded directly from values.yaml jq -n \ - --arg db_host "$DB_HOST" \ - --arg db_port "$DB_PORT" \ - --arg db_sslmode "$DB_SSLMODE" \ - --arg db_name "$DB_NAME" \ --arg db_user "$DB_USER" \ --arg db_pass "$DB_PASSWORD" \ - --arg mq_host "$MQ_HOST" \ - --arg mq_port "$MQ_PORT" \ - --arg mq_secure "$MQ_SECURE" \ - --arg mq_vhost "$MQ_VHOST" \ --arg mq_user "$MQ_USER" \ --arg mq_pass "$MQ_PASSWORD" \ '{ db: { driver: "postgres", parameters: { - host: $db_host, - port: ($db_port | tonumber), - sslmode: $db_sslmode, - dbname: $db_name, + host: "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", + port: {{ .Values.postgresql.port }}, + sslmode: "{{ .Values.postgresql.sslmode | default "disable" }}", + dbname: "{{ .Values.postgresql.global.postgresql.auth.database }}", user: $db_user, password: $db_pass, connect_timeout: 10 @@ -45,13 +37,13 @@ data: }, mq: { servers: [{ - host: $mq_host, - port: ($mq_port | tonumber), - secure: ($mq_secure == "true") + host: "{{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) }}", + port: {{ .Values.rabbitmq.port }}, + secure: {{ .Values.rabbitmq.secure }} }], user: $mq_user, password: $mq_pass, - vhost: $mq_vhost, + vhost: "{{ .Values.rabbitmq.vhost | default "/" }}", redialPeriod: 5 }, chronos: { @@ -112,28 +104,20 @@ data: export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) - # Build pigeon config from exported env vars + # Non-sensitive config values are embedded directly from values.yaml jq -n \ - --arg db_host "$DB_HOST" \ - --arg db_port "$DB_PORT" \ - --arg db_sslmode "$DB_SSLMODE" \ - --arg db_name "$DB_NAME" \ --arg db_user "$DB_USER" \ --arg db_pass "$DB_PASSWORD" \ - --arg mq_host "$MQ_HOST" \ - --arg mq_port "$MQ_PORT" \ - --arg mq_secure "$MQ_SECURE" \ - --arg mq_vhost "$MQ_VHOST" \ --arg mq_user "$MQ_USER" \ --arg mq_pass "$MQ_PASSWORD" \ '{ db: { driver: "postgres", parameters: { - host: $db_host, - port: ($db_port | tonumber), - sslmode: $db_sslmode, - dbname: $db_name, + host: "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", + port: {{ .Values.postgresql.port }}, + sslmode: "{{ .Values.postgresql.sslmode | default "disable" }}", + dbname: "{{ .Values.postgresql.global.postgresql.auth.database }}", user: $db_user, password: $db_pass, connect_timeout: 10 @@ -141,13 +125,13 @@ data: }, mq: { servers: [{ - host: $mq_host, - port: ($mq_port | tonumber), - secure: ($mq_secure == "true") + host: "{{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) }}", + port: {{ .Values.rabbitmq.port }}, + secure: {{ .Values.rabbitmq.secure }} }], user: $mq_user, password: $mq_pass, - vhost: $mq_vhost, + vhost: "{{ .Values.rabbitmq.vhost | default "/" }}", redialPeriod: 5 }, chronos: { From ea43831b15fd2bb7a8b0ce7d710afe5f08b9dec5 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Wed, 10 Dec 2025 10:14:25 +0100 Subject: [PATCH 08/21] chore: update config generation to include chronos and griffon TTL values --- .../templates/config-generator-script.yaml | 22 +++++++------------ 1 file changed, 8 insertions(+), 14 deletions(-) diff --git a/charts/exivity/templates/config-generator-script.yaml b/charts/exivity/templates/config-generator-script.yaml index e9fe2435..7fe2295e 100644 --- a/charts/exivity/templates/config-generator-script.yaml +++ b/charts/exivity/templates/config-generator-script.yaml @@ -23,6 +23,9 @@ data: --arg mq_user "$MQ_USER" \ --arg mq_pass "$MQ_PASSWORD" \ '{ + chronos: { + TTL: 60 + }, db: { driver: "postgres", parameters: { @@ -35,6 +38,9 @@ data: connect_timeout: 10 } }, + griffon: { + TTL: 10 + }, mq: { servers: [{ host: "{{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) }}", @@ -45,12 +51,6 @@ data: password: $mq_pass, vhost: "{{ .Values.rabbitmq.vhost | default "/" }}", redialPeriod: 5 - }, - chronos: { - TTL: 60 - }, - griffon: { - TTL: 10 } }' > /tmp/base-config.json @@ -134,12 +134,6 @@ data: vhost: "{{ .Values.rabbitmq.vhost | default "/" }}", redialPeriod: 5 }, - chronos: { - TTL: 60 - }, - griffon: { - TTL: 10 - }, merlin: { reservedCPU: 1, heartbeatPeriod: 5, @@ -155,7 +149,7 @@ data: path: "/usr/bin/php", queue: "WORKFLOW_EVENT", topic: "evt.workflow_status.griffon.#", - params: "common/pigeon/pigeon.phar event:post workflow_ended ${payload}", + params: "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", CPU: 0.25, RAM: 250 }, @@ -164,7 +158,7 @@ data: path: "/usr/bin/php", queue: "REPORT_PUBLISHED", topic: "evt.report_published.proximity.#", - params: "common/pigeon/pigeon.phar event:post report_published ${payload}", + params: "common/pigeon/pigeon.phar event:post report_published `${payload}`", CPU: 0.25, RAM: 250 } From 5ffb4c25e05b7e2896cee6d4361de73da3a4d168 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Wed, 17 Dec 2025 14:26:38 +0100 Subject: [PATCH 09/21] chore: removing config generator script and apply internal jq image --- charts/exivity/templates/_init_config.tpl | 194 +++++++++++++++--- .../templates/config-generator-script.yaml | 167 --------------- charts/exivity/values.schema.json | 41 ++++ charts/exivity/values.yaml | 12 +- 4 files changed, 219 insertions(+), 195 deletions(-) delete mode 100644 charts/exivity/templates/config-generator-script.yaml diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 51a300dc..db17e0ae 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -22,31 +22,183 @@ Shared volume mounts for config generation {{- $path := .path -}} {{- $queue := .queue -}} - name: generate-config - image: linuxserver/yq:latest - command: ["/bin/sh"] - args: ["/scripts/generate-config.sh"] - {{- if $appname }} + image: {{ printf "%s/%s:%s" .root.Values.configGenerator.registry .root.Values.configGenerator.repository .root.Values.configGenerator.tag }} + imagePullPolicy: {{ .root.Values.configGenerator.pullPolicy }} + command: ["/bin/sh", "-c"] + args: + - | + jq -n \ + --arg db_user "$(DB_USER)" \ + --arg db_password "$(DB_PASSWORD)" \ + --arg mq_user "$(MQ_USER)" \ + --arg mq_password "$(MQ_PASSWORD)" \ + '{ + "db": { + "driver": "postgres", + "parameters": { + "host": "{{ .root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .root)) }}", + "port": {{ .root.Values.postgresql.port | default 5432 }}, + "sslmode": "{{ .root.Values.postgresql.sslmode | default "disable" }}", + "dbname": "{{ .root.Values.postgresql.global.postgresql.auth.database }}", + "user": $db_user, + "password": $db_password, + "connect_timeout": 10 + } + }, + "mq": { + "servers": [{ + "host": "{{ if .root.Values.rabbitmq.host }}{{ .root.Values.rabbitmq.host }}{{ else if .root.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" .root) .root.Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" .root) }}{{ end }}", + "port": {{ .root.Values.rabbitmq.port | default 5672 }}, + "secure": {{ .root.Values.rabbitmq.secure | default false }} + }], + "user": $mq_user, + "password": $mq_password, + "vhost": "{{ .root.Values.rabbitmq.vhost | default "/" }}", + "redialPeriod": 5 + }, + "chronos": { + "TTL": 60 + }, + "griffon": { + "TTL": 10 + } + {{- if $appname }}, + "merlin": { + "reservedCPU": 0, + "programs": { + "{{ $appname }}": { + "component": "{{ $appname }}", + "path": "{{ $path }}", + "queue": "{{ $queue }}" + {{- if eq $appname "use" }}, + "params": "${params}" + {{- end }}, + "CPU": 0, + "RAM": 0 + } + } + } + {{- end }} + }' > /exivity/home/system/config.json env: - - name: APPNAME - value: "{{ $appname }}" - - name: PATH_VAR - value: "{{ $path }}" - - name: QUEUE - value: "{{ $queue }}" - {{- end }} + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .root) }} + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .root) }} + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .root) }} + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .root) }} + key: RABBITMQ_PASSWORD volumeMounts: - {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} + - name: config-generated + mountPath: /exivity/home/system {{- end }} ------------------------------------ {{- define "exivity.initPigeonConfigContainer" -}} - name: generate-config - image: linuxserver/yq:latest - command: ["/bin/sh"] - args: ["/scripts/generate-pigeon-config.sh"] + image: {{ printf "%s/%s:%s" .Values.configGenerator.registry .Values.configGenerator.repository .Values.configGenerator.tag }} + imagePullPolicy: {{ .Values.configGenerator.pullPolicy }} + command: ["/bin/sh", "-c"] + args: + - | + jq -n \ + --arg db_user "$(DB_USER)" \ + --arg db_password "$(DB_PASSWORD)" \ + --arg mq_user "$(MQ_USER)" \ + --arg mq_password "$(MQ_PASSWORD)" \ + '{ + "db": { + "driver": "postgres", + "parameters": { + "host": "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", + "port": {{ .Values.postgresql.port | default 5432 }}, + "sslmode": "{{ .Values.postgresql.sslmode | default "disable" }}", + "dbname": "{{ .Values.postgresql.global.postgresql.auth.database }}", + "user": $db_user, + "password": $db_password, + "connect_timeout": 10 + } + }, + "mq": { + "servers": [{ + "host": "{{ if .Values.rabbitmq.host }}{{ .Values.rabbitmq.host }}{{ else if .Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" .) .Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" .) }}{{ end }}", + "port": {{ .Values.rabbitmq.port | default 5672 }}, + "secure": {{ .Values.rabbitmq.secure | default false }} + }], + "user": $mq_user, + "password": $mq_password, + "vhost": "{{ .Values.rabbitmq.vhost | default "/" }}", + "redialPeriod": 5 + }, + "merlin": { + "reservedCPU": 1, + "heartbeatPeriod": 5, + "programs": { + "pigeon": { + "path": "/usr/bin/php", + "queue": "PIGEON", + "CPU": 0, + "RAM": 0 + }, + "report_published": { + "CPU": 0.25, + "RAM": 250, + "component": "pigeon", + "params": "common/pigeon/pigeon.phar event:post report_published `${payload}`", + "path": "/usr/bin/php", + "queue": "REPORT_PUBLISHED", + "topic": "evt.report_published.proximity.#" + }, + "workflow_ended": { + "CPU": 0.25, + "RAM": 250, + "component": "pigeon", + "params": "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", + "path": "/usr/bin/php", + "queue": "WORKFLOW_EVENT", + "topic": "evt.workflow_status.griffon.#" + } + } + } + }' > /exivity/home/system/config.json + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} + key: RABBITMQ_PASSWORD volumeMounts: - {{- include "exivity.configGeneratorVolumeMounts" . | nindent 4 }} + - name: config-generated + mountPath: /exivity/home/system {{- end }} ------------------------------------ @@ -54,16 +206,6 @@ Shared volume mounts for config generation {{- define "exivity.configGeneratedVolume" -}} - name: config-generated emptyDir: {} -- name: config-generator-script - configMap: - name: {{ printf "%s-config-generator" (include "exivity.fullname" .) }} - defaultMode: 0755 -- name: postgres-secret - secret: - secretName: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} -- name: rabbitmq-secret - secret: - secretName: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} {{- end }} ------------------------------------ diff --git a/charts/exivity/templates/config-generator-script.yaml b/charts/exivity/templates/config-generator-script.yaml deleted file mode 100644 index 7fe2295e..00000000 --- a/charts/exivity/templates/config-generator-script.yaml +++ /dev/null @@ -1,167 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "exivity.fullname" . }}-config-generator - labels: - app.kubernetes.io/component: config-generator - {{- include "exivity.labels" . | nindent 4 }} -data: - generate-config.sh: | - #!/bin/sh - set -e - - # Export secret values from mounted secret files - export DB_USER=$(cat /secrets/postgres/POSTGRES_USER) - export DB_PASSWORD=$(cat /secrets/postgres/POSTGRES_PASSWORD) - export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) - export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) - - # Non-sensitive config values are embedded directly from values.yaml - jq -n \ - --arg db_user "$DB_USER" \ - --arg db_pass "$DB_PASSWORD" \ - --arg mq_user "$MQ_USER" \ - --arg mq_pass "$MQ_PASSWORD" \ - '{ - chronos: { - TTL: 60 - }, - db: { - driver: "postgres", - parameters: { - host: "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", - port: {{ .Values.postgresql.port }}, - sslmode: "{{ .Values.postgresql.sslmode | default "disable" }}", - dbname: "{{ .Values.postgresql.global.postgresql.auth.database }}", - user: $db_user, - password: $db_pass, - connect_timeout: 10 - } - }, - griffon: { - TTL: 10 - }, - mq: { - servers: [{ - host: "{{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) }}", - port: {{ .Values.rabbitmq.port }}, - secure: {{ .Values.rabbitmq.secure }} - }], - user: $mq_user, - password: $mq_pass, - vhost: "{{ .Values.rabbitmq.vhost | default "/" }}", - redialPeriod: 5 - } - }' > /tmp/base-config.json - - # Add merlin configuration if parameters provided - if [ -n "$APPNAME" ]; then - if [ "$APPNAME" = "use" ]; then - jq --arg appname "$APPNAME" \ - --arg path "$PATH_VAR" \ - --arg queue "$QUEUE" \ - '.merlin = { - reservedCPU: 0, - programs: { - ($appname): { - component: $appname, - path: $path, - queue: $queue, - CPU: 0, - params: "${params}", - RAM: 0 - } - } - }' /tmp/base-config.json > /exivity/home/system/config.json - else - jq --arg appname "$APPNAME" \ - --arg path "$PATH_VAR" \ - --arg queue "$QUEUE" \ - '.merlin = { - reservedCPU: 0, - programs: { - ($appname): { - component: $appname, - path: $path, - queue: $queue, - CPU: 0, - RAM: 0 - } - } - }' /tmp/base-config.json > /exivity/home/system/config.json - fi - else - mv /tmp/base-config.json /exivity/home/system/config.json - fi - - generate-pigeon-config.sh: | - #!/bin/sh - set -e - - # Export secret values from mounted secret files - export DB_USER=$(cat /secrets/postgres/POSTGRES_USER) - export DB_PASSWORD=$(cat /secrets/postgres/POSTGRES_PASSWORD) - export MQ_USER=$(cat /secrets/rabbitmq/RABBITMQ_USERNAME) - export MQ_PASSWORD=$(cat /secrets/rabbitmq/RABBITMQ_PASSWORD) - - # Non-sensitive config values are embedded directly from values.yaml - jq -n \ - --arg db_user "$DB_USER" \ - --arg db_pass "$DB_PASSWORD" \ - --arg mq_user "$MQ_USER" \ - --arg mq_pass "$MQ_PASSWORD" \ - '{ - db: { - driver: "postgres", - parameters: { - host: "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", - port: {{ .Values.postgresql.port }}, - sslmode: "{{ .Values.postgresql.sslmode | default "disable" }}", - dbname: "{{ .Values.postgresql.global.postgresql.auth.database }}", - user: $db_user, - password: $db_pass, - connect_timeout: 10 - } - }, - mq: { - servers: [{ - host: "{{ .Values.rabbitmq.host | default (printf "%s-%s" (include "exivity.fullname" .) (.Values.rabbitmq.nameOverride | default "rabbitmq")) }}", - port: {{ .Values.rabbitmq.port }}, - secure: {{ .Values.rabbitmq.secure }} - }], - user: $mq_user, - password: $mq_pass, - vhost: "{{ .Values.rabbitmq.vhost | default "/" }}", - redialPeriod: 5 - }, - merlin: { - reservedCPU: 1, - heartbeatPeriod: 5, - programs: { - pigeon: { - path: "/usr/bin/php", - queue: "PIGEON", - CPU: 0, - RAM: 0 - }, - workflow_ended: { - component: "pigeon", - path: "/usr/bin/php", - queue: "WORKFLOW_EVENT", - topic: "evt.workflow_status.griffon.#", - params: "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", - CPU: 0.25, - RAM: 250 - }, - report_published: { - component: "pigeon", - path: "/usr/bin/php", - queue: "REPORT_PUBLISHED", - topic: "evt.report_published.proximity.#", - params: "common/pigeon/pigeon.phar event:post report_published `${payload}`", - CPU: 0.25, - RAM: 250 - } - } - } - }' > /exivity/home/system/config.json diff --git a/charts/exivity/values.schema.json b/charts/exivity/values.schema.json index dc0972be..cf3e1f20 100644 --- a/charts/exivity/values.schema.json +++ b/charts/exivity/values.schema.json @@ -8,6 +8,7 @@ "nameOverride", "licence", "secret", + "configGenerator", "ingress", "storage", "postgresql", @@ -60,6 +61,46 @@ } ] }, + "configGenerator": { + "type": "object", + "default": {}, + "title": "The configGenerator Schema", + "required": ["registry", "repository", "tag", "pullPolicy"], + "properties": { + "registry": { + "type": "string", + "default": "ghcr.io", + "title": "The registry Schema", + "examples": ["ghcr.io"] + }, + "repository": { + "type": "string", + "default": "exivity/jq", + "title": "The repository Schema", + "examples": ["exivity/jq"] + }, + "tag": { + "type": "string", + "default": "", + "title": "The tag Schema", + "examples": ["sha-9d8fe68"] + }, + "pullPolicy": { + "type": "string", + "default": "IfNotPresent", + "title": "The pullPolicy Schema", + "examples": ["IfNotPresent", "Always", "Never"] + } + }, + "examples": [ + { + "registry": "ghcr.io", + "repository": "exivity/jq", + "tag": "sha-9d8fe68", + "pullPolicy": "IfNotPresent" + } + ] + }, "ingress": { "type": "object", "default": {}, diff --git a/charts/exivity/values.yaml b/charts/exivity/values.yaml index 6d300747..2fa7329c 100644 --- a/charts/exivity/values.yaml +++ b/charts/exivity/values.yaml @@ -23,7 +23,8 @@ ingress: # Example values: '10.0.0.1', '10.244.0.0/16', '127.0.0.1, 10.244.0.0/16', or '*'. trustedProxy: "" - annotations: {} + annotations: + {} # Example annotations for ingress behavior: # kubernetes.io/ingress.allow-http: "false" # nginx.ingress.kubernetes.io/ssl-redirect: "true" @@ -168,6 +169,12 @@ rabbitmq: vhost: "" # Virtual host for RabbitMQ, if applicable. secure: false # Indicates if the connection to RabbitMQ should be secured (true/false). Set to true to enable TLS for RabbitMQ communication. +configGenerator: + registry: ghcr.io + repository: exivity/jq + tag: "sha-9d8fe68" + pullPolicy: IfNotPresent + global: # Global security context applied to all services unless overridden per service. securityContext: @@ -607,7 +614,8 @@ service: # CA certificates configuration section. Add CA certificates that your service uses here. # Each certificate should be listed as a key-value pair, where the key is a unique identifier. - caCertificates: {} + caCertificates: + {} # Example placeholders for CA certificates. Replace with your actual certificate data. # rootCA.pem: | # -----BEGIN CERTIFICATE----- From bfec645f5a5d33d297f12aff10fd5b29ea865b81 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Wed, 17 Dec 2025 15:00:45 +0100 Subject: [PATCH 10/21] chore: update PostgreSQL and RabbitMQ configurations to set default values for sslmode and vhost --- charts/exivity/templates/_init_config.tpl | 20 ++++++++++---------- charts/exivity/values.schema.json | 8 ++++---- charts/exivity/values.yaml | 4 ++-- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index db17e0ae..22c48ccb 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -37,8 +37,8 @@ Shared volume mounts for config generation "driver": "postgres", "parameters": { "host": "{{ .root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .root)) }}", - "port": {{ .root.Values.postgresql.port | default 5432 }}, - "sslmode": "{{ .root.Values.postgresql.sslmode | default "disable" }}", + "port": {{ .root.Values.postgresql.port }}, + "sslmode": "{{ .root.Values.postgresql.sslmode }}", "dbname": "{{ .root.Values.postgresql.global.postgresql.auth.database }}", "user": $db_user, "password": $db_password, @@ -48,12 +48,12 @@ Shared volume mounts for config generation "mq": { "servers": [{ "host": "{{ if .root.Values.rabbitmq.host }}{{ .root.Values.rabbitmq.host }}{{ else if .root.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" .root) .root.Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" .root) }}{{ end }}", - "port": {{ .root.Values.rabbitmq.port | default 5672 }}, - "secure": {{ .root.Values.rabbitmq.secure | default false }} + "port": {{ .root.Values.rabbitmq.port }}, + "secure": {{ .root.Values.rabbitmq.secure }} }], "user": $mq_user, "password": $mq_password, - "vhost": "{{ .root.Values.rabbitmq.vhost | default "/" }}", + "vhost": "{{ .root.Values.rabbitmq.vhost }}", "redialPeriod": 5 }, "chronos": { @@ -125,8 +125,8 @@ Shared volume mounts for config generation "driver": "postgres", "parameters": { "host": "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", - "port": {{ .Values.postgresql.port | default 5432 }}, - "sslmode": "{{ .Values.postgresql.sslmode | default "disable" }}", + "port": {{ .Values.postgresql.port }}, + "sslmode": "{{ .Values.postgresql.sslmode }}", "dbname": "{{ .Values.postgresql.global.postgresql.auth.database }}", "user": $db_user, "password": $db_password, @@ -136,12 +136,12 @@ Shared volume mounts for config generation "mq": { "servers": [{ "host": "{{ if .Values.rabbitmq.host }}{{ .Values.rabbitmq.host }}{{ else if .Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" .) .Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" .) }}{{ end }}", - "port": {{ .Values.rabbitmq.port | default 5672 }}, - "secure": {{ .Values.rabbitmq.secure | default false }} + "port": {{ .Values.rabbitmq.port }}, + "secure": {{ .Values.rabbitmq.secure }} }], "user": $mq_user, "password": $mq_password, - "vhost": "{{ .Values.rabbitmq.vhost | default "/" }}", + "vhost": "{{ .Values.rabbitmq.vhost }}", "redialPeriod": 5 }, "merlin": { diff --git a/charts/exivity/values.schema.json b/charts/exivity/values.schema.json index cf3e1f20..f5eb84a3 100644 --- a/charts/exivity/values.schema.json +++ b/charts/exivity/values.schema.json @@ -361,9 +361,9 @@ }, "sslmode": { "type": "string", - "default": "", + "default": "disable", "title": "The sslmode Schema", - "examples": [""] + "examples": ["disable"] } }, "examples": [ @@ -464,9 +464,9 @@ }, "vhost": { "type": "string", - "default": "", + "default": "/", "title": "The vhost Schema", - "examples": [""] + "examples": ["/"] }, "secure": { "type": "boolean", diff --git a/charts/exivity/values.yaml b/charts/exivity/values.yaml index 2fa7329c..0dfac742 100644 --- a/charts/exivity/values.yaml +++ b/charts/exivity/values.yaml @@ -128,7 +128,7 @@ postgresql: # Configuration for using an external PostgreSQL database. host: "" # Hostname of the external database server, if applicable. port: 5432 # Port number on which the external database server is accessible. - sslmode: "" # SSL mode for database connection: 'disable', 'require', 'verify-ca', or 'verify-full'. + sslmode: "disable" # SSL mode for database connection: 'disable', 'require', 'verify-ca', or 'verify-full'. # Example of customizing the embedded Bitnami PostgreSQL chart for larger deployments. # For more options and details, refer to the Bitnami PostgreSQL Helm chart: https://bitnami.com/stack/postgresql/helm @@ -166,7 +166,7 @@ rabbitmq: # Configuration for using an external RabbitMQ server. host: "" # Hostname of the external RabbitMQ server, if applicable. port: 5672 # Port number on which the external RabbitMQ server is accessible. - vhost: "" # Virtual host for RabbitMQ, if applicable. + vhost: "/" # Virtual host for RabbitMQ, if applicable. secure: false # Indicates if the connection to RabbitMQ should be secured (true/false). Set to true to enable TLS for RabbitMQ communication. configGenerator: From e0125e51c1780f481d2909c500f6729b9ccd044f Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Wed, 17 Dec 2025 15:26:38 +0100 Subject: [PATCH 11/21] chore: refactor volume and mount definitions for consistency across deployments --- charts/exivity/templates/_init_config.tpl | 23 ++----------------- .../exivity/templates/chronos/deployment.yaml | 4 ++-- charts/exivity/templates/dummy-data/job.yaml | 4 ++-- .../exivity/templates/edify/deployment.yaml | 4 ++-- .../templates/executor/deployment.yaml | 4 ++-- .../exivity/templates/griffon/deployment.yaml | 4 ++-- .../exivity/templates/horizon/deployment.yaml | 4 ++-- .../exivity/templates/pigeon/deployment.yaml | 4 ++-- .../templates/proximity/api.deployment.yaml | 4 ++-- .../templates/proximity/cli.deployment.yaml | 4 ++-- .../exivity/templates/proximity/migrate.yaml | 4 ++-- .../templates/transcript/deployment.yaml | 4 ++-- charts/exivity/templates/use/deployment.yaml | 4 ++-- 13 files changed, 26 insertions(+), 45 deletions(-) diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 22c48ccb..0363f502 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -1,22 +1,3 @@ -{{/* -Shared volume mounts for config generation -*/}} -{{- define "exivity.configGeneratorVolumeMounts" -}} -- name: config-generated - mountPath: /exivity/home/system -- name: config-generator-script - mountPath: /scripts - readOnly: true -- name: postgres-secret - mountPath: /secrets/postgres - readOnly: true -- name: rabbitmq-secret - mountPath: /secrets/rabbitmq - readOnly: true -{{- end }} - ------------------------------------- - {{- define "exivity.initConfigContainer" -}} {{- $appname := .appname -}} {{- $path := .path -}} @@ -203,14 +184,14 @@ Shared volume mounts for config generation ------------------------------------ -{{- define "exivity.configGeneratedVolume" -}} +{{- define "exivity.configVolume" -}} - name: config-generated emptyDir: {} {{- end }} ------------------------------------ -{{- define "exivity.configGeneratedVolumeMount" -}} +{{- define "exivity.configVolumeMount" -}} - name: config-generated mountPath: /exivity/home/system/config.json subPath: config.json diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index e7fdc3cf..0425da76 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "chronos") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-chronos-config @@ -45,7 +45,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/chronos {{- include "exivity.probes" $ | indent 10}} diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index 76815c7f..c3f63543 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -22,7 +22,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "dummyData") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: preset-file configMap: name: {{ include "exivity.fullname" $ -}}-dummy-data-preset @@ -57,7 +57,7 @@ spec: resources: {{- toYaml .Values.service.dummyData.resources | nindent 12 }} volumeMounts: - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config - name: exported diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 8af939f6..0f9e18c4 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -23,7 +23,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: licence-pub configMap: name: {{ include "exivity.fullname" $ -}}-licence-pub @@ -64,7 +64,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: licence-pub mountPath: /exivity/home/system/license.pub subPath: license.pub diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index b8247cc7..33c22305 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "executor") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -57,7 +57,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index ecf9374b..dabc3f41 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "griffon") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-config @@ -43,7 +43,7 @@ spec: - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" volumeMounts: - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config - name: log diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index 5314cc21..f4903804 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "horizon") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-horizon-log @@ -40,7 +40,7 @@ spec: - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" volumeMounts: - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/horizon - name: log diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index ba775aaf..2aa7d73b 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "pigeon") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-pigeon-log @@ -44,7 +44,7 @@ spec: resources: {{- toYaml .Values.service.pigeon.resources | nindent 12 }} volumeMounts: - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/pigeon - name: log diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 5d3df7fb..c326a29d 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -29,7 +29,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityApi") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: licence-pub configMap: name: {{ include "exivity.fullname" $ -}}-licence-pub @@ -101,7 +101,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: licence-pub mountPath: /exivity/home/system/license.pub subPath: license.pub diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index 4f753e03..e5e4bd0e 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -24,7 +24,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityCli") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-proximity-cli-log @@ -56,7 +56,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/system/exported - name: extracted diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index fe2a5b4f..e7dc0c6e 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -23,7 +23,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityMigrate") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -36,7 +36,7 @@ spec: resources: {{- toYaml .Values.service.proximityMigrate.resources | nindent 12 }} volumeMounts: - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config command: [php] diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 91fed3a7..44eda015 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "transcript") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -52,7 +52,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index 45df0c19..74057607 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -20,7 +20,7 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "use") | indent 8 }} volumes: - {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + {{- include "exivity.configVolume" . | nindent 8 }} - name: etl-config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -73,7 +73,7 @@ spec: resources: {{- toYaml .Values.service.use.resources | nindent 12 }} volumeMounts: - {{- include "exivity.configGeneratedVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: etl-config mountPath: /exivity/home/system/config - name: exported From 449368a26db7091d9b17306b583d2aa72d2d200f Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Thu, 18 Dec 2025 12:18:09 +0100 Subject: [PATCH 12/21] chore: update deployment templates to include checksum annotations for secrets and refactor config generator references --- .github/workflows/daily-release.yml | 1 + .github/workflows/image-release.yml | 1 + charts/exivity/templates/_init_config.tpl | 38 ++++----- .../exivity/templates/chronos/deployment.yaml | 7 +- charts/exivity/templates/dummy-data/job.yaml | 5 +- .../exivity/templates/edify/deployment.yaml | 4 +- .../templates/executor/deployment.yaml | 5 +- .../exivity/templates/griffon/deployment.yaml | 5 +- .../exivity/templates/horizon/deployment.yaml | 5 +- .../exivity/templates/pigeon/deployment.yaml | 3 + .../templates/proximity/api.deployment.yaml | 4 +- .../templates/proximity/cli.deployment.yaml | 4 +- .../exivity/templates/proximity/migrate.yaml | 4 +- .../templates/transcript/deployment.yaml | 5 +- charts/exivity/templates/use/deployment.yaml | 5 +- charts/exivity/values.schema.json | 82 +++++++++---------- charts/exivity/values.yaml | 13 +-- 17 files changed, 113 insertions(+), 78 deletions(-) diff --git a/.github/workflows/daily-release.yml b/.github/workflows/daily-release.yml index 586ecb87..fa17d57c 100644 --- a/.github/workflows/daily-release.yml +++ b/.github/workflows/daily-release.yml @@ -28,6 +28,7 @@ jobs: - proximity-cli - transcript - use + - jq steps: - name: release images with tags uses: exivity/actions/retag-image@main diff --git a/.github/workflows/image-release.yml b/.github/workflows/image-release.yml index bf79a0cb..5bdd2000 100644 --- a/.github/workflows/image-release.yml +++ b/.github/workflows/image-release.yml @@ -29,6 +29,7 @@ jobs: - proximity-cli - transcript - use + - jq steps: - name: release images with tags uses: exivity/actions/retag-image@main diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 0363f502..640465d3 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -1,10 +1,10 @@ {{- define "exivity.initConfigContainer" -}} -{{- $appname := .appname -}} -{{- $path := .path -}} -{{- $queue := .queue -}} +{{- $appname := .data.appname -}} +{{- $path := .data.path -}} +{{- $queue := .data.queue -}} - name: generate-config - image: {{ printf "%s/%s:%s" .root.Values.configGenerator.registry .root.Values.configGenerator.repository .root.Values.configGenerator.tag }} - imagePullPolicy: {{ .root.Values.configGenerator.pullPolicy }} + image: {{ $.Values.service.configGenerator.registry }}/{{ $.Values.service.configGenerator.repository }}:{{ $.Values.service.configGenerator.tag }} + imagePullPolicy: {{ $.Values.service.configGenerator.pullPolicy }} command: ["/bin/sh", "-c"] args: - | @@ -17,10 +17,10 @@ "db": { "driver": "postgres", "parameters": { - "host": "{{ .root.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .root)) }}", - "port": {{ .root.Values.postgresql.port }}, - "sslmode": "{{ .root.Values.postgresql.sslmode }}", - "dbname": "{{ .root.Values.postgresql.global.postgresql.auth.database }}", + "host": "{{ $.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $)) }}", + "port": {{ $.Values.postgresql.port }}, + "sslmode": "{{ $.Values.postgresql.sslmode }}", + "dbname": "{{ $.Values.postgresql.global.postgresql.auth.database }}", "user": $db_user, "password": $db_password, "connect_timeout": 10 @@ -28,13 +28,13 @@ }, "mq": { "servers": [{ - "host": "{{ if .root.Values.rabbitmq.host }}{{ .root.Values.rabbitmq.host }}{{ else if .root.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" .root) .root.Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" .root) }}{{ end }}", - "port": {{ .root.Values.rabbitmq.port }}, - "secure": {{ .root.Values.rabbitmq.secure }} + "host": "{{ if $.Values.rabbitmq.host }}{{ $.Values.rabbitmq.host }}{{ else if $.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" $) $.Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" $) }}{{ end }}", + "port": {{ $.Values.rabbitmq.port }}, + "secure": {{ $.Values.rabbitmq.secure }} }], "user": $mq_user, "password": $mq_password, - "vhost": "{{ .root.Values.rabbitmq.vhost }}", + "vhost": "{{ $.Values.rabbitmq.vhost }}", "redialPeriod": 5 }, "chronos": { @@ -65,22 +65,22 @@ - name: DB_USER valueFrom: secretKeyRef: - name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .root) }} + name: {{ printf "%s-postgres-secret" (include "exivity.fullname" $) }} key: POSTGRES_USER - name: DB_PASSWORD valueFrom: secretKeyRef: - name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .root) }} + name: {{ printf "%s-postgres-secret" (include "exivity.fullname" $) }} key: POSTGRES_PASSWORD - name: MQ_USER valueFrom: secretKeyRef: - name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .root) }} + name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" $) }} key: RABBITMQ_USERNAME - name: MQ_PASSWORD valueFrom: secretKeyRef: - name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .root) }} + name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" $) }} key: RABBITMQ_PASSWORD volumeMounts: - name: config-generated @@ -91,8 +91,8 @@ {{- define "exivity.initPigeonConfigContainer" -}} - name: generate-config - image: {{ printf "%s/%s:%s" .Values.configGenerator.registry .Values.configGenerator.repository .Values.configGenerator.tag }} - imagePullPolicy: {{ .Values.configGenerator.pullPolicy }} + image: {{ .Values.service.configGenerator.registry }}/{{ .Values.service.configGenerator.repository }}:{{ .Values.service.configGenerator.tag }} + imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy }} command: ["/bin/sh", "-c"] args: - | diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index 0425da76..72979188 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: chronos {{- include "exivity.labels" $ | indent 8 }} @@ -29,7 +32,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-chronos-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: chronos @@ -48,7 +51,7 @@ spec: {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/chronos - {{- include "exivity.probes" $ | indent 10}} + {{ include "exivity.probes" $ | indent 10 }} {{- with .Values.service.pullSecrets }} imagePullSecrets: {{- range $name := .}} diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index c3f63543..c505c79c 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -15,6 +15,9 @@ spec: ttlSecondsAfterFinished: 300 template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: dummy-data {{- include "exivity.labels" $ | indent 8 }} @@ -42,7 +45,7 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-extracted initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} containers: - name: dummy-data image: {{ include "exivity.image" (set $ "name" "dummyData") }} diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 0f9e18c4..c0f7b92f 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -19,6 +19,8 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }} @@ -44,7 +46,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} containers: - name: edify diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 33c22305..51461fd4 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: executor {{- include "exivity.labels" $ | indent 8 }} @@ -41,7 +44,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-executor-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "executor" "path" "${program}" "queue" "EXECUTE") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "executor" "path" "${program}" "queue" "EXECUTE")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} containers: - name: executor diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index dabc3f41..69122ff6 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: griffon {{- include "exivity.labels" $ | indent 8 }} @@ -29,7 +32,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-griffon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: griffon diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index f4903804..2e551987 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: horizon {{- include "exivity.labels" $ | indent 8 }} @@ -26,7 +29,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-horizon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 8 }} containers: - name: horizon diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index 2aa7d73b..38c239bd 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: pigeon {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index c326a29d..40861428 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -22,6 +22,8 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-lock: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-proximity-api-env: {{ include (print $.Template.BasePath "/proximity/api.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- if .Values.ldap.tlsCacert }} checksum/{{- include "exivity.fullname" $ -}}-ldap-tls-cert: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} {{- end }} @@ -86,7 +88,7 @@ spec: {{- end }} {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 8 }} containers: - name: proximity-api diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index e5e4bd0e..bc2de68e 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -20,6 +20,8 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-proximity-cli-env: {{ include (print $.Template.BasePath "/proximity/cli.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-config-logfiles: {{ include (print $.Template.BasePath "/logfiles-configmap.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityCli") | indent 8 }} @@ -45,7 +47,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-exported {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 8 }} containers: - name: proximity-cli diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index e7dc0c6e..db5384af 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -19,6 +19,8 @@ spec: {{- include "exivity.labels" . | indent 8 }} annotations: checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityMigrate") | indent 8 }} @@ -28,7 +30,7 @@ spec: persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "" "path" "" "queue" "") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} containers: - name: proximity-migration image: {{ include "exivity.image" (set $ "name" "proximityMigrate") }} diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 44eda015..2b8b6139 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: transcript {{- include "exivity.labels" $ | indent 8 }} @@ -41,7 +44,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} containers: - name: transcript diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index 74057607..451eb7a8 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -13,6 +13,9 @@ spec: {{- include "exivity.matchLabels" $ | indent 6 }} template: metadata: + annotations: + checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: use {{- include "exivity.labels" $ | indent 8 }} @@ -45,7 +48,7 @@ spec: secretName: {{ include "exivity.fullname" $ -}}-use-certificates {{- end }} initContainers: - {{- include "exivity.initConfigContainer" (dict "root" . "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT") | nindent 8 }} + {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT")) | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} {{- if gt (len (default "" .Values.service.use.caCertificates)) 0 }} - name: install-ca-cert diff --git a/charts/exivity/values.schema.json b/charts/exivity/values.schema.json index f5eb84a3..0aeee987 100644 --- a/charts/exivity/values.schema.json +++ b/charts/exivity/values.schema.json @@ -8,7 +8,6 @@ "nameOverride", "licence", "secret", - "configGenerator", "ingress", "storage", "postgresql", @@ -61,46 +60,6 @@ } ] }, - "configGenerator": { - "type": "object", - "default": {}, - "title": "The configGenerator Schema", - "required": ["registry", "repository", "tag", "pullPolicy"], - "properties": { - "registry": { - "type": "string", - "default": "ghcr.io", - "title": "The registry Schema", - "examples": ["ghcr.io"] - }, - "repository": { - "type": "string", - "default": "exivity/jq", - "title": "The repository Schema", - "examples": ["exivity/jq"] - }, - "tag": { - "type": "string", - "default": "", - "title": "The tag Schema", - "examples": ["sha-9d8fe68"] - }, - "pullPolicy": { - "type": "string", - "default": "IfNotPresent", - "title": "The pullPolicy Schema", - "examples": ["IfNotPresent", "Always", "Never"] - } - }, - "examples": [ - { - "registry": "ghcr.io", - "repository": "exivity/jq", - "tag": "sha-9d8fe68", - "pullPolicy": "IfNotPresent" - } - ] - }, "ingress": { "type": "object", "default": {}, @@ -576,6 +535,7 @@ "tag", "pullPolicy", "pullSecrets", + "configGenerator", "glass", "proximityApi", "proximityMigrate", @@ -617,6 +577,46 @@ "items": {}, "examples": [[]] }, + "configGenerator": { + "type": "object", + "default": {}, + "title": "The configGenerator Schema", + "required": ["registry", "repository", "tag", "pullPolicy"], + "properties": { + "registry": { + "type": "string", + "default": "", + "title": "The registry Schema", + "examples": [""] + }, + "repository": { + "type": "string", + "default": "exivity/jq", + "title": "The repository Schema", + "examples": ["exivity/jq"] + }, + "tag": { + "type": "string", + "default": "", + "title": "The tag Schema", + "examples": [""] + }, + "pullPolicy": { + "type": "string", + "default": "", + "title": "The pullPolicy Schema", + "examples": ["IfNotPresent", "Always", "Never"] + } + }, + "examples": [ + { + "registry": "ghcr.io", + "repository": "exivity/jq", + "tag": "sha-9d8fe68", + "pullPolicy": "IfNotPresent" + } + ] + }, "glass": { "type": "object", "default": {}, diff --git a/charts/exivity/values.yaml b/charts/exivity/values.yaml index 0dfac742..ecb72c53 100644 --- a/charts/exivity/values.yaml +++ b/charts/exivity/values.yaml @@ -169,12 +169,6 @@ rabbitmq: vhost: "/" # Virtual host for RabbitMQ, if applicable. secure: false # Indicates if the connection to RabbitMQ should be secured (true/false). Set to true to enable TLS for RabbitMQ communication. -configGenerator: - registry: ghcr.io - repository: exivity/jq - tag: "sha-9d8fe68" - pullPolicy: IfNotPresent - global: # Global security context applied to all services unless overridden per service. securityContext: @@ -215,6 +209,13 @@ service: # # Replace with the base64-encoded JSON string that contains the registry authentication information. + # Configuration for the init container that generates config.json files + configGenerator: + registry: "" + repository: exivity/jq + tag: "" + pullPolicy: "" + # Configuration for the 'glass' service, Exivity's front-end component. glass: registry: "" From 1466666c32ee4a2abffab9350f9220fef2edc9a1 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Thu, 18 Dec 2025 13:15:16 +0100 Subject: [PATCH 13/21] chore: fix indentation for probes inclusion in chronos deployment template --- charts/exivity/templates/chronos/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index 72979188..f6bf4073 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -51,7 +51,7 @@ spec: {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/chronos - {{ include "exivity.probes" $ | indent 10 }} + {{- include "exivity.probes" $ | nindent 10 }} {{- with .Values.service.pullSecrets }} imagePullSecrets: {{- range $name := .}} From bc4b8f142b6293fd4d6a2105891463e1360817de Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Thu, 18 Dec 2025 13:36:23 +0100 Subject: [PATCH 14/21] chore: update image configuration defaults in init config templates and schema --- charts/exivity/templates/_init_config.tpl | 8 ++++---- charts/exivity/values.schema.json | 4 ++-- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl index 640465d3..a33a15b7 100644 --- a/charts/exivity/templates/_init_config.tpl +++ b/charts/exivity/templates/_init_config.tpl @@ -3,8 +3,8 @@ {{- $path := .data.path -}} {{- $queue := .data.queue -}} - name: generate-config - image: {{ $.Values.service.configGenerator.registry }}/{{ $.Values.service.configGenerator.repository }}:{{ $.Values.service.configGenerator.tag }} - imagePullPolicy: {{ $.Values.service.configGenerator.pullPolicy }} + image: {{ $.Values.service.configGenerator.registry | default $.Values.service.registry }}/{{ $.Values.service.configGenerator.repository }}:{{ $.Values.service.configGenerator.tag | default $.Values.service.tag | default (printf "exivity-%s" $.Chart.Version) }} + imagePullPolicy: {{ $.Values.service.configGenerator.pullPolicy | default $.Values.service.pullPolicy }} command: ["/bin/sh", "-c"] args: - | @@ -91,8 +91,8 @@ {{- define "exivity.initPigeonConfigContainer" -}} - name: generate-config - image: {{ .Values.service.configGenerator.registry }}/{{ .Values.service.configGenerator.repository }}:{{ .Values.service.configGenerator.tag }} - imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy }} + image: {{ .Values.service.configGenerator.registry | default .Values.service.registry }}/{{ .Values.service.configGenerator.repository }}:{{ .Values.service.configGenerator.tag | default .Values.service.tag | default (printf "exivity-%s" .Chart.Version) }} + imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy | default .Values.service.pullPolicy }} command: ["/bin/sh", "-c"] args: - | diff --git a/charts/exivity/values.schema.json b/charts/exivity/values.schema.json index 0aeee987..d3601e0c 100644 --- a/charts/exivity/values.schema.json +++ b/charts/exivity/values.schema.json @@ -587,7 +587,7 @@ "type": "string", "default": "", "title": "The registry Schema", - "examples": [""] + "examples": ["docker.io"] }, "repository": { "type": "string", @@ -599,7 +599,7 @@ "type": "string", "default": "", "title": "The tag Schema", - "examples": [""] + "examples": ["3.7.0"] }, "pullPolicy": { "type": "string", From 8adcca2a9c154c222999933a94f57bf39555bba5 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Tue, 23 Dec 2025 15:29:41 +0100 Subject: [PATCH 15/21] chore: refactor --- charts/exivity/templates/_config.tpl | 71 +++++++ charts/exivity/templates/_init_config.tpl | 198 ------------------ .../templates/_init_config_injector.tpl | 80 +++++++ .../exivity/templates/chronos/deployment.yaml | 8 +- charts/exivity/templates/configmap.yaml | 1 + charts/exivity/templates/dummy-data/job.yaml | 24 ++- charts/exivity/templates/edify/configmap.yaml | 1 + .../exivity/templates/edify/deployment.yaml | 28 ++- .../exivity/templates/executor/configmap.yaml | 1 + .../templates/executor/deployment.yaml | 31 ++- .../exivity/templates/griffon/deployment.yaml | 31 ++- .../exivity/templates/horizon/configmap.yaml | 1 + .../exivity/templates/horizon/deployment.yaml | 26 ++- .../exivity/templates/pigeon/configmap.yaml | 68 ++++++ .../exivity/templates/pigeon/deployment.yaml | 26 ++- .../templates/proximity/api.deployment.yaml | 29 ++- .../templates/proximity/cli.configmap.yaml | 1 + .../templates/proximity/cli.deployment.yaml | 30 ++- .../exivity/templates/proximity/migrate.yaml | 32 ++- charts/exivity/templates/secret.yaml | 2 +- .../templates/transcript/configmap.yaml | 1 + .../templates/transcript/deployment.yaml | 31 ++- charts/exivity/templates/use/configmap.yaml | 1 + charts/exivity/templates/use/deployment.yaml | 30 ++- 24 files changed, 519 insertions(+), 233 deletions(-) create mode 100644 charts/exivity/templates/_config.tpl delete mode 100644 charts/exivity/templates/_init_config.tpl create mode 100644 charts/exivity/templates/_init_config_injector.tpl create mode 100644 charts/exivity/templates/configmap.yaml create mode 100644 charts/exivity/templates/edify/configmap.yaml create mode 100644 charts/exivity/templates/executor/configmap.yaml create mode 100644 charts/exivity/templates/horizon/configmap.yaml create mode 100644 charts/exivity/templates/pigeon/configmap.yaml create mode 100644 charts/exivity/templates/proximity/cli.configmap.yaml create mode 100644 charts/exivity/templates/transcript/configmap.yaml create mode 100644 charts/exivity/templates/use/configmap.yaml diff --git a/charts/exivity/templates/_config.tpl b/charts/exivity/templates/_config.tpl new file mode 100644 index 00000000..c41b60e8 --- /dev/null +++ b/charts/exivity/templates/_config.tpl @@ -0,0 +1,71 @@ +{{/* +# Generate a configmap to be mounted into any container using Merlin to run +# part of the applications. Takes a dict as an arg; +# Pass the raw helm `.Values`, +# for the benefit of Merlin the following three entries can also be passed: +# `appname`, `path` to the executable, and `queue` to sub on. +# +# E.g. +# {{- include "exivity.config" (dict "appname" "edify" "path" "/bin/edify" "queue" "REPORT") }} +*/}} +{{- define "exivity.config" }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "exivity.fullname" $ -}}-config-{{- $.data.appname | default "shared" }} + labels: + app.kubernetes.io/component: {{ $.data.appname | default "shared" }} + {{- include "exivity.labels" $ | indent 4 }} +data: + config.json: |- + { + "db": { + "driver": "postgres", + "parameters": { + "host": {{ $.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $ )) | quote }}, + "port": {{ $.Values.postgresql.port | default 5432 }}, + "sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }}, + "dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }}, + "user": "{{ "{{" }}DB_USER{{ "}}" }}", + "password": "{{ "{{" }}DB_PASSWORD{{ "}}" }}", + "connect_timeout": 10 + } + }, + "mq": { + "servers": [ + { + "host": {{ if $.Values.rabbitmq.host }}{{ $.Values.rabbitmq.host | quote }}{{ else if $.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" $) $.Values.rabbitmq.nameOverride | quote }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" $) | quote }}{{ end }}, + "port": {{ $.Values.rabbitmq.port | default 5672 }}, + "secure": {{ $.Values.rabbitmq.secure | default false }} + } + ], + "user": "{{ "{{" }}MQ_USER{{ "}}" }}", + "password": "{{ "{{" }}MQ_PASSWORD{{ "}}" }}", + "vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }}, + "redialPeriod": 5 + }, + "chronos": { + "TTL": 60 + }, + "griffon": { + "TTL": 10 + {{ if $.data.appname }} + }, + "merlin": { + "reservedCPU": 0, + "programs": { + "{{ $.data.appname }}": { + "component": "{{ $.data.appname }}", + "path": "{{ $.data.path }}", + "queue": "{{ $.data.queue}}", + "CPU": 0, + {{- if eq $.data.appname "use" }} + "params": "${params}", + {{- end }} + "RAM": 0 + } + } + {{ end }} + } + } +{{- end }} diff --git a/charts/exivity/templates/_init_config.tpl b/charts/exivity/templates/_init_config.tpl deleted file mode 100644 index a33a15b7..00000000 --- a/charts/exivity/templates/_init_config.tpl +++ /dev/null @@ -1,198 +0,0 @@ -{{- define "exivity.initConfigContainer" -}} -{{- $appname := .data.appname -}} -{{- $path := .data.path -}} -{{- $queue := .data.queue -}} -- name: generate-config - image: {{ $.Values.service.configGenerator.registry | default $.Values.service.registry }}/{{ $.Values.service.configGenerator.repository }}:{{ $.Values.service.configGenerator.tag | default $.Values.service.tag | default (printf "exivity-%s" $.Chart.Version) }} - imagePullPolicy: {{ $.Values.service.configGenerator.pullPolicy | default $.Values.service.pullPolicy }} - command: ["/bin/sh", "-c"] - args: - - | - jq -n \ - --arg db_user "$(DB_USER)" \ - --arg db_password "$(DB_PASSWORD)" \ - --arg mq_user "$(MQ_USER)" \ - --arg mq_password "$(MQ_PASSWORD)" \ - '{ - "db": { - "driver": "postgres", - "parameters": { - "host": "{{ $.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $)) }}", - "port": {{ $.Values.postgresql.port }}, - "sslmode": "{{ $.Values.postgresql.sslmode }}", - "dbname": "{{ $.Values.postgresql.global.postgresql.auth.database }}", - "user": $db_user, - "password": $db_password, - "connect_timeout": 10 - } - }, - "mq": { - "servers": [{ - "host": "{{ if $.Values.rabbitmq.host }}{{ $.Values.rabbitmq.host }}{{ else if $.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" $) $.Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" $) }}{{ end }}", - "port": {{ $.Values.rabbitmq.port }}, - "secure": {{ $.Values.rabbitmq.secure }} - }], - "user": $mq_user, - "password": $mq_password, - "vhost": "{{ $.Values.rabbitmq.vhost }}", - "redialPeriod": 5 - }, - "chronos": { - "TTL": 60 - }, - "griffon": { - "TTL": 10 - } - {{- if $appname }}, - "merlin": { - "reservedCPU": 0, - "programs": { - "{{ $appname }}": { - "component": "{{ $appname }}", - "path": "{{ $path }}", - "queue": "{{ $queue }}" - {{- if eq $appname "use" }}, - "params": "${params}" - {{- end }}, - "CPU": 0, - "RAM": 0 - } - } - } - {{- end }} - }' > /exivity/home/system/config.json - env: - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ printf "%s-postgres-secret" (include "exivity.fullname" $) }} - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ printf "%s-postgres-secret" (include "exivity.fullname" $) }} - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" $) }} - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" $) }} - key: RABBITMQ_PASSWORD - volumeMounts: - - name: config-generated - mountPath: /exivity/home/system -{{- end }} - ------------------------------------- - -{{- define "exivity.initPigeonConfigContainer" -}} -- name: generate-config - image: {{ .Values.service.configGenerator.registry | default .Values.service.registry }}/{{ .Values.service.configGenerator.repository }}:{{ .Values.service.configGenerator.tag | default .Values.service.tag | default (printf "exivity-%s" .Chart.Version) }} - imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy | default .Values.service.pullPolicy }} - command: ["/bin/sh", "-c"] - args: - - | - jq -n \ - --arg db_user "$(DB_USER)" \ - --arg db_password "$(DB_PASSWORD)" \ - --arg mq_user "$(MQ_USER)" \ - --arg mq_password "$(MQ_PASSWORD)" \ - '{ - "db": { - "driver": "postgres", - "parameters": { - "host": "{{ .Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" .)) }}", - "port": {{ .Values.postgresql.port }}, - "sslmode": "{{ .Values.postgresql.sslmode }}", - "dbname": "{{ .Values.postgresql.global.postgresql.auth.database }}", - "user": $db_user, - "password": $db_password, - "connect_timeout": 10 - } - }, - "mq": { - "servers": [{ - "host": "{{ if .Values.rabbitmq.host }}{{ .Values.rabbitmq.host }}{{ else if .Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" .) .Values.rabbitmq.nameOverride }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" .) }}{{ end }}", - "port": {{ .Values.rabbitmq.port }}, - "secure": {{ .Values.rabbitmq.secure }} - }], - "user": $mq_user, - "password": $mq_password, - "vhost": "{{ .Values.rabbitmq.vhost }}", - "redialPeriod": 5 - }, - "merlin": { - "reservedCPU": 1, - "heartbeatPeriod": 5, - "programs": { - "pigeon": { - "path": "/usr/bin/php", - "queue": "PIGEON", - "CPU": 0, - "RAM": 0 - }, - "report_published": { - "CPU": 0.25, - "RAM": 250, - "component": "pigeon", - "params": "common/pigeon/pigeon.phar event:post report_published `${payload}`", - "path": "/usr/bin/php", - "queue": "REPORT_PUBLISHED", - "topic": "evt.report_published.proximity.#" - }, - "workflow_ended": { - "CPU": 0.25, - "RAM": 250, - "component": "pigeon", - "params": "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", - "path": "/usr/bin/php", - "queue": "WORKFLOW_EVENT", - "topic": "evt.workflow_status.griffon.#" - } - } - } - }' > /exivity/home/system/config.json - env: - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ printf "%s-postgres-secret" (include "exivity.fullname" .) }} - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ printf "%s-rabbitmq-secret" (include "exivity.fullname" .) }} - key: RABBITMQ_PASSWORD - volumeMounts: - - name: config-generated - mountPath: /exivity/home/system -{{- end }} - ------------------------------------- - -{{- define "exivity.configVolume" -}} -- name: config-generated - emptyDir: {} -{{- end }} - ------------------------------------- - -{{- define "exivity.configVolumeMount" -}} -- name: config-generated - mountPath: /exivity/home/system/config.json - subPath: config.json -{{- end }} diff --git a/charts/exivity/templates/_init_config_injector.tpl b/charts/exivity/templates/_init_config_injector.tpl new file mode 100644 index 00000000..b0e81c09 --- /dev/null +++ b/charts/exivity/templates/_init_config_injector.tpl @@ -0,0 +1,80 @@ +{{/* +Simple init container that injects secrets into config.json +Replaces placeholders {{DB_USER}}, {{DB_PASSWORD}}, {{MQ_USER}}, {{MQ_PASSWORD}} +Can be used by all deployments +*/}} +{{- define "exivity.initConfigInjector" }} +- name: inject-secrets + image: {{ include "exivity.image" (set $ "name" "configGenerator") }} + imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy | default .Values.service.pullPolicy | default "IfNotPresent" }} + command: ["/bin/sh", "-c"] + args: + - | + set -e + echo "Injecting secrets into config.json..." + + jq --arg db_user "$DB_USER" \ + --arg db_password "$DB_PASSWORD" \ + --arg mq_user "$MQ_USER" \ + --arg mq_password "$MQ_PASSWORD" \ + '.db.parameters.user = $db_user | + .db.parameters.password = $db_password | + .mq.user = $mq_user | + .mq.password = $mq_password' \ + /config-template/config.json > /config/config.json + + echo "Config generated successfully" + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" . }}-rabbitmq-secret + key: RABBITMQ_PASSWORD + volumeMounts: + - name: config-template + mountPath: /config-template + readOnly: true + - name: config-generated + mountPath: /config +{{- end }} + +{{/* +Volume for the config template (ConfigMap with placeholders) +*/}} +{{- define "exivity.configTemplateVolume" }} +- name: config-template + configMap: + name: {{ .configMapName }} +{{- end }} + +{{/* +Volume for the generated config (emptyDir) +*/}} +{{- define "exivity.configGeneratedVolume" }} +- name: config-generated + emptyDir: {} +{{- end }} + +{{/* +Volume mount for the generated config.json +*/}} +{{- define "exivity.configVolumeMount" }} +- name: config-generated + mountPath: /exivity/home/system/config.json + subPath: config.json +{{- end }} diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index f6bf4073..5a280eba 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,7 +24,8 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "chronos") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-chronos-config @@ -32,7 +34,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-chronos-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: chronos @@ -48,7 +50,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configVolumeMount" . | nindent 12 }} + {{- include "exivity.configVolumeMount" . | indent 12 }} - name: log mountPath: /exivity/home/log/chronos {{- include "exivity.probes" $ | nindent 10 }} diff --git a/charts/exivity/templates/configmap.yaml b/charts/exivity/templates/configmap.yaml new file mode 100644 index 00000000..bf07d404 --- /dev/null +++ b/charts/exivity/templates/configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict nil nil)) }} diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index c505c79c..5ed0c849 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -25,7 +25,6 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "dummyData") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} - name: preset-file configMap: name: {{ include "exivity.fullname" $ -}}-dummy-data-preset @@ -44,8 +43,6 @@ spec: - name: extracted persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-extracted - initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} containers: - name: dummy-data image: {{ include "exivity.image" (set $ "name" "dummyData") }} @@ -57,10 +54,29 @@ spec: value: /exivity/home/system/preset/preset.yaml - name: EXIVITY_HOME_PATH value: /exivity/home + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD resources: {{- toYaml .Values.service.dummyData.resources | nindent 12 }} volumeMounts: - {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config - name: exported diff --git a/charts/exivity/templates/edify/configmap.yaml b/charts/exivity/templates/edify/configmap.yaml new file mode 100644 index 00000000..259ec9d5 --- /dev/null +++ b/charts/exivity/templates/edify/configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT")) }} diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index c0f7b92f..8d8eff9b 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -19,13 +19,15 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-edify" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: licence-pub configMap: name: {{ include "exivity.fullname" $ -}}-licence-pub @@ -46,8 +48,8 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "edify" "path" "/exivity/program/bin/edify" "queue" "REPORT")) | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config")) | nindent 8 }} containers: - name: edify image: {{ include "exivity.image" (set $ "name" "edify") }} @@ -59,6 +61,26 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD {{- if .Values.service.edify.tmpPath }} - name: EXIVITY_EDIFY_TMP_PATH value: "{{ .Values.service.edify.tmpPath }}" diff --git a/charts/exivity/templates/executor/configmap.yaml b/charts/exivity/templates/executor/configmap.yaml new file mode 100644 index 00000000..c7ea87eb --- /dev/null +++ b/charts/exivity/templates/executor/configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict "root" $ "appname" "executor" "path" "${program}" "queue" "EXECUTE")) }} diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 51461fd4..f2e235d8 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,7 +24,11 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "executor") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-executor" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: config-file + configMap: + name: {{ include "exivity.fullname" $ -}}-config-executor - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -44,8 +49,8 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-executor-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "executor" "path" "${program}" "queue" "EXECUTE")) | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "exported" "extracted" "import" "report")) | nindent 8 }} containers: - name: executor image: {{ include "exivity.image" (set $ "name" "executor") }} @@ -57,6 +62,26 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD volumeMounts: - name: config mountPath: /exivity/home/system/config diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index 69122ff6..9fb3ae8a 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,7 +24,11 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "griffon") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: config-file + configMap: + name: {{ include "exivity.fullname" $ -}}-config-shared - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-config @@ -32,7 +37,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-griffon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "griffon" "volumes" (list "config" "log")) | nindent 8 }} containers: - name: griffon @@ -45,10 +50,30 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD volumeMounts: - {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: config mountPath: /exivity/home/system/config + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/griffon {{- include "exivity.probes" $ | indent 10}} diff --git a/charts/exivity/templates/horizon/configmap.yaml b/charts/exivity/templates/horizon/configmap.yaml new file mode 100644 index 00000000..cdb3f178 --- /dev/null +++ b/charts/exivity/templates/horizon/configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET")) }} diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index 2e551987..a902beb5 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,13 +24,14 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "horizon") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-horizon" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-horizon-log {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "horizon" "path" "/exivity/program/bin/horizon" "queue" "BUDGET")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "horizon" "volumes" (list "log")) | nindent 8 }} containers: - name: horizon @@ -42,6 +44,26 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD volumeMounts: {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log diff --git a/charts/exivity/templates/pigeon/configmap.yaml b/charts/exivity/templates/pigeon/configmap.yaml new file mode 100644 index 00000000..1f711f5b --- /dev/null +++ b/charts/exivity/templates/pigeon/configmap.yaml @@ -0,0 +1,68 @@ +# pigeon listens to multiple MQ topics, so it gets its own config definition for now +# TODO: get some PHP guru to fix it so we don't need merlin here. +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "exivity.fullname" $ -}}-config-pigeon + labels: + app.kubernetes.io/component: pigeon + {{- include "exivity.labels" $ | indent 4 }} +data: + config.json: |- + { + "db": { + "driver": "postgres", + "parameters": { + "host": {{ $.Values.postgresql.host | default (printf "%s-postgresql" (include "exivity.fullname" $ )) | quote }}, + "port": {{ $.Values.postgresql.port | default 5432 }}, + "sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }}, + "dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }}, + "user": "{{ "{{" }}DB_USER{{ "}}" }}", + "password": "{{ "{{" }}DB_PASSWORD{{ "}}" }}", + "connect_timeout": 10 + } + }, + "mq": { + "servers": [ + { + "host": {{ if $.Values.rabbitmq.host }}{{ $.Values.rabbitmq.host | quote }}{{ else if $.Values.rabbitmq.nameOverride }}{{ printf "%s-%s" (include "exivity.fullname" $) $.Values.rabbitmq.nameOverride | quote }}{{ else }}{{ printf "%s-rabbitmq" (include "exivity.fullname" $) | quote }}{{ end }}, + "port": {{ $.Values.rabbitmq.port | default 5672 }}, + "secure": {{ $.Values.rabbitmq.secure | default false }} + } + ], + "user": "{{ "{{" }}MQ_USER{{ "}}" }}", + "password": "{{ "{{" }}MQ_PASSWORD{{ "}}" }}", + "vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }}, + "redialPeriod": 5 + }, + "merlin": { + "reservedCPU": 1, + "heartbeatPeriod": 5, + "programs": { + "pigeon": { + "path": "/usr/bin/php", + "queue": "PIGEON", + "CPU": 0, + "RAM": 0 + }, + "workflow_ended": { + "component": "pigeon", + "path": "/usr/bin/php", + "queue": "WORKFLOW_EVENT", + "topic": "evt.workflow_status.griffon.#", + "params": "common/pigeon/pigeon.phar event:post workflow_ended `${payload}`", + "CPU": 0.25, + "RAM": 250 + }, + "report_published": { + "component": "pigeon", + "path": "/usr/bin/php", + "queue": "REPORT_PUBLISHED", + "topic": "evt.report_published.proximity.#", + "params": "common/pigeon/pigeon.phar event:post report_published `${payload}`", + "CPU": 0.25, + "RAM": 250 + } + } + } + } diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index 38c239bd..a158da01 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,7 +24,8 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "pigeon") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-pigeon" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-pigeon-log @@ -38,7 +40,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-etl-config {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initPigeonConfigContainer" . | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "pigeon" "volumes" (list "log" "exported" "import" "config-volume")) | nindent 8 }} containers: - name: pigeon @@ -66,6 +68,26 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD {{- include "exivity.probes" $ | indent 10}} {{- with .Values.service.pullSecrets }} imagePullSecrets: diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 40861428..d4372c45 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -17,6 +17,7 @@ spec: app.kubernetes.io/component: proximity-api {{- include "exivity.labels" $ | indent 8 }} annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-lock: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} @@ -31,7 +32,11 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityApi") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: config-shared + configMap: + name: {{ include "exivity.fullname" $ -}}-config-shared - name: licence-pub configMap: name: {{ include "exivity.fullname" $ -}}-licence-pub @@ -88,7 +93,7 @@ spec: {{- end }} {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityApi" "volumes" (list "log" "log-chronos" "log-edify" "log-griffon" "log-horizon" "log-pigeon" "log-transcript" "log-use" "config" "import" "report" "exported" "extracted")) | nindent 8 }} containers: - name: proximity-api @@ -148,6 +153,26 @@ spec: secretKeyRef: name: {{ include "exivity.fullname" $ -}}-licence-key key: license.key + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD envFrom: - secretRef: name: {{ include "exivity.fullname" $ -}}-app-key diff --git a/charts/exivity/templates/proximity/cli.configmap.yaml b/charts/exivity/templates/proximity/cli.configmap.yaml new file mode 100644 index 00000000..b30b6c8a --- /dev/null +++ b/charts/exivity/templates/proximity/cli.configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY")) }} diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index bc2de68e..5f21942f 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -20,13 +20,18 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-proximity-cli-env: {{ include (print $.Template.BasePath "/proximity/cli.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-config-logfiles: {{ include (print $.Template.BasePath "/logfiles-configmap.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityCli") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-proximity-cli" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: config-file + configMap: + name: {{ include "exivity.fullname" $ -}}-config-proximity-cli - name: log persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-proximity-cli-log @@ -47,7 +52,7 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-exported {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "proximity-cli" "path" "/usr/bin/php" "queue" "PROXIMITY")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "proximityCli" "volumes" (list "log" "config" "import" "report" "extracted" "exported")) | nindent 8 }} containers: - name: proximity-cli @@ -71,6 +76,27 @@ spec: mountPath: /exivity/home/import - name: report mountPath: /exivity/home/system/report + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD envFrom: - configMapRef: name: {{ include "exivity.fullname" $ -}}-proximity-cli-env diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index db5384af..9f630d7a 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -25,12 +25,13 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityMigrate") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} - - name: config + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: etl-config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "" "path" "" "queue" "")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} containers: - name: proximity-migration image: {{ include "exivity.image" (set $ "name" "proximityMigrate") }} @@ -38,13 +39,34 @@ spec: resources: {{- toYaml .Values.service.proximityMigrate.resources | nindent 12 }} volumeMounts: - {{- include "exivity.configVolumeMount" . | nindent 12 }} - - name: config + - name: etl-config mountPath: /exivity/home/system/config + {{- include "exivity.configVolumeMount" . | nindent 12 }} command: [php] args: - /app/artisan - exivity:migrate-db + env: + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD envFrom: - secretRef: name: {{ include "exivity.fullname" . }}-app-key diff --git a/charts/exivity/templates/secret.yaml b/charts/exivity/templates/secret.yaml index efb82280..c406186a 100644 --- a/charts/exivity/templates/secret.yaml +++ b/charts/exivity/templates/secret.yaml @@ -39,4 +39,4 @@ metadata: type: Opaque data: RABBITMQ_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} - RABBITMQ_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} + RABBITMQ_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} \ No newline at end of file diff --git a/charts/exivity/templates/transcript/configmap.yaml b/charts/exivity/templates/transcript/configmap.yaml new file mode 100644 index 00000000..77cb4dc4 --- /dev/null +++ b/charts/exivity/templates/transcript/configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM")) }} diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 2b8b6139..d302208a 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,7 +24,11 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "transcript") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-transcript" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: config-file + configMap: + name: {{ include "exivity.fullname" $ -}}-config-transcript - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -44,8 +49,8 @@ spec: claimName: {{ include "exivity.fullname" $ -}}-report {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "transcript" "path" "/exivity/program/bin/transcript" "queue" "TRANSFORM")) | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "report")) | nindent 8 }} containers: - name: transcript image: {{ include "exivity.image" (set $ "name" "transcript") }} @@ -76,6 +81,26 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD {{- include "exivity.probes" $ | indent 10}} {{- with .Values.service.pullSecrets }} imagePullSecrets: diff --git a/charts/exivity/templates/use/configmap.yaml b/charts/exivity/templates/use/configmap.yaml new file mode 100644 index 00000000..1a86fb7e --- /dev/null +++ b/charts/exivity/templates/use/configmap.yaml @@ -0,0 +1 @@ +{{- template "exivity.config" (set $ "data" (dict "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT")) }} diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index 451eb7a8..cff3285f 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -14,6 +14,7 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: @@ -23,7 +24,11 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "use") | indent 8 }} volumes: - {{- include "exivity.configVolume" . | nindent 8 }} + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-use" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} + - name: config-file + configMap: + name: {{ include "exivity.fullname" $ -}}-config-use - name: etl-config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config @@ -47,8 +52,9 @@ spec: secret: secretName: {{ include "exivity.fullname" $ -}}-use-certificates {{- end }} + {{- include "exivity.initPermissions" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 6 }} initContainers: - {{- include "exivity.initConfigContainer" (set $ "data" (dict "appname" "use" "path" "/exivity/program/bin/use" "queue" "EXTRACT")) | nindent 8 }} + {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} {{- if gt (len (default "" .Values.service.use.caCertificates)) 0 }} - name: install-ca-cert @@ -103,6 +109,26 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" + - name: DB_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_USER + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-postgres-secret + key: POSTGRES_PASSWORD + - name: MQ_USER + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_USERNAME + - name: MQ_PASSWORD + valueFrom: + secretKeyRef: + name: {{ include "exivity.fullname" $ }}-rabbitmq-secret + key: RABBITMQ_PASSWORD {{- include "exivity.probes" $ | indent 10}} {{- with .Values.service.pullSecrets }} imagePullSecrets: From e3e4d48a2923b83fe379df74ee7b23aba04784f9 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Tue, 23 Dec 2025 16:03:08 +0100 Subject: [PATCH 16/21] chore: update checksum annotations for configmaps in deployment templates --- charts/exivity/templates/edify/deployment.yaml | 2 +- charts/exivity/templates/executor/deployment.yaml | 2 +- charts/exivity/templates/horizon/deployment.yaml | 2 +- charts/exivity/templates/pigeon/deployment.yaml | 2 +- charts/exivity/templates/transcript/deployment.yaml | 2 +- charts/exivity/templates/use/deployment.yaml | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 8d8eff9b..a90e00d8 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -19,7 +19,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index f2e235d8..56211243 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index a902beb5..429642b3 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-horizon: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index a158da01..6658f468 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-pigeon: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index d302208a..4df7797f 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-transcript: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index cff3285f..c6d98b9e 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -14,7 +14,7 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-use: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: From 7df761ff779f873836fbcd0b5e3bba520fad984c Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Tue, 23 Dec 2025 16:34:09 +0100 Subject: [PATCH 17/21] chore: remove database and message queue credentials from deployment templates --- charts/exivity/templates/dummy-data/job.yaml | 25 ++++--------------- .../exivity/templates/edify/deployment.yaml | 20 --------------- .../templates/executor/deployment.yaml | 20 --------------- .../exivity/templates/griffon/deployment.yaml | 20 --------------- .../exivity/templates/horizon/deployment.yaml | 20 --------------- .../exivity/templates/pigeon/deployment.yaml | 20 --------------- .../templates/proximity/api.deployment.yaml | 20 --------------- .../templates/proximity/cli.deployment.yaml | 21 ---------------- .../exivity/templates/proximity/migrate.yaml | 21 ---------------- .../templates/transcript/deployment.yaml | 20 --------------- charts/exivity/templates/use/deployment.yaml | 20 --------------- 11 files changed, 5 insertions(+), 222 deletions(-) diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index 5ed0c849..6c68fef2 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -25,6 +25,8 @@ spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "dummyData") | indent 8 }} volumes: + {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} + {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - name: preset-file configMap: name: {{ include "exivity.fullname" $ -}}-dummy-data-preset @@ -43,6 +45,8 @@ spec: - name: extracted persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-extracted + initContainers: + {{- include "exivity.initConfigInjector" . | nindent 8 }} containers: - name: dummy-data image: {{ include "exivity.image" (set $ "name" "dummyData") }} @@ -54,31 +58,12 @@ spec: value: /exivity/home/system/preset/preset.yaml - name: EXIVITY_HOME_PATH value: /exivity/home - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD resources: {{- toYaml .Values.service.dummyData.resources | nindent 12 }} volumeMounts: - name: config mountPath: /exivity/home/system/config + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: exported mountPath: /exivity/home/exported - name: extracted diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index a90e00d8..22c0bfda 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -61,26 +61,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD {{- if .Values.service.edify.tmpPath }} - name: EXIVITY_EDIFY_TMP_PATH value: "{{ .Values.service.edify.tmpPath }}" diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 56211243..2d4ddbac 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -62,26 +62,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD volumeMounts: - name: config mountPath: /exivity/home/system/config diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index 9fb3ae8a..5809ed8b 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -50,26 +50,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD volumeMounts: - name: config mountPath: /exivity/home/system/config diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index 429642b3..1b247c13 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -44,26 +44,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD volumeMounts: {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index 6658f468..689eba06 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -68,26 +68,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD {{- include "exivity.probes" $ | indent 10}} {{- with .Values.service.pullSecrets }} imagePullSecrets: diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index d4372c45..12ea166d 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -153,26 +153,6 @@ spec: secretKeyRef: name: {{ include "exivity.fullname" $ -}}-licence-key key: license.key - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD envFrom: - secretRef: name: {{ include "exivity.fullname" $ -}}-app-key diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index 5f21942f..8f0168d2 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -76,27 +76,6 @@ spec: mountPath: /exivity/home/import - name: report mountPath: /exivity/home/system/report - env: - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD envFrom: - configMapRef: name: {{ include "exivity.fullname" $ -}}-proximity-cli-env diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index 9f630d7a..f4a48227 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -46,27 +46,6 @@ spec: args: - /app/artisan - exivity:migrate-db - env: - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD envFrom: - secretRef: name: {{ include "exivity.fullname" . }}-app-key diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index 4df7797f..d8722094 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -81,26 +81,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD {{- include "exivity.probes" $ | indent 10}} {{- with .Values.service.pullSecrets }} imagePullSecrets: diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index c6d98b9e..12f1f0d4 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -109,26 +109,6 @@ spec: value: "{{ .Values.logLevel.backend }}" - name: ENABLE_PROMETHEUS value: "{{ .Values.prometheus.metricServer.enabled }}" - - name: DB_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_USER - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-postgres-secret - key: POSTGRES_PASSWORD - - name: MQ_USER - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_USERNAME - - name: MQ_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "exivity.fullname" $ }}-rabbitmq-secret - key: RABBITMQ_PASSWORD {{- include "exivity.probes" $ | indent 10}} {{- with .Values.service.pullSecrets }} imagePullSecrets: From ec08569a2af7f14bb837fd30bdd679f38390d64f Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Tue, 23 Dec 2025 16:58:04 +0100 Subject: [PATCH 18/21] chore: remove unused config references in deployment templates --- charts/exivity/templates/_init_config_injector.tpl | 14 +++++--------- charts/exivity/templates/dummy-data/job.yaml | 1 + charts/exivity/templates/griffon/deployment.yaml | 3 --- .../templates/proximity/api.deployment.yaml | 3 --- .../templates/proximity/cli.deployment.yaml | 2 +- charts/exivity/templates/proximity/migrate.yaml | 4 ++-- 6 files changed, 9 insertions(+), 18 deletions(-) diff --git a/charts/exivity/templates/_init_config_injector.tpl b/charts/exivity/templates/_init_config_injector.tpl index b0e81c09..74558f0e 100644 --- a/charts/exivity/templates/_init_config_injector.tpl +++ b/charts/exivity/templates/_init_config_injector.tpl @@ -13,15 +13,11 @@ Can be used by all deployments set -e echo "Injecting secrets into config.json..." - jq --arg db_user "$DB_USER" \ - --arg db_password "$DB_PASSWORD" \ - --arg mq_user "$MQ_USER" \ - --arg mq_password "$MQ_PASSWORD" \ - '.db.parameters.user = $db_user | - .db.parameters.password = $db_password | - .mq.user = $mq_user | - .mq.password = $mq_password' \ - /config-template/config.json > /config/config.json + sed -e "s|{{ "{{" }}DB_USER{{ "}}" }}|$DB_USER|g" \ + -e "s|{{ "{{" }}DB_PASSWORD{{ "}}" }}|$DB_PASSWORD|g" \ + -e "s|{{ "{{" }}MQ_USER{{ "}}" }}|$MQ_USER|g" \ + -e "s|{{ "{{" }}MQ_PASSWORD{{ "}}" }}|$MQ_PASSWORD|g" \ + /config-template/config.json > /config/config.json echo "Config generated successfully" env: diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index 6c68fef2..c3fa0c58 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -16,6 +16,7 @@ spec: template: metadata: annotations: + checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} labels: diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index 5809ed8b..638df964 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -26,9 +26,6 @@ spec: volumes: {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - - name: config-file - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-griffon-config diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 12ea166d..41bbd2ef 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -34,9 +34,6 @@ spec: volumes: {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - - name: config-shared - configMap: - name: {{ include "exivity.fullname" $ -}}-config-shared - name: licence-pub configMap: name: {{ include "exivity.fullname" $ -}}-licence-pub diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index 8f0168d2..f678a703 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -20,7 +20,7 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-proximity-cli-env: {{ include (print $.Template.BasePath "/proximity/cli.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-config-logfiles: {{ include (print $.Template.BasePath "/logfiles-configmap.yaml") . | sha256sum }} - checksum/config: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} + checksum/{{- include "exivity.fullname" $ -}}-config-proximity-cli: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} spec: diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index f4a48227..0c8cac46 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -27,7 +27,7 @@ spec: volumes: {{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }} {{- include "exivity.configGeneratedVolume" . | nindent 8 }} - - name: etl-config + - name: config persistentVolumeClaim: claimName: {{ include "exivity.fullname" $ -}}-etl-config initContainers: @@ -39,7 +39,7 @@ spec: resources: {{- toYaml .Values.service.proximityMigrate.resources | nindent 12 }} volumeMounts: - - name: etl-config + - name: config mountPath: /exivity/home/system/config {{- include "exivity.configVolumeMount" . | nindent 12 }} command: [php] From a5db63d26285a2694c6049a0a542bc7d473adb48 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Fri, 2 Jan 2026 16:00:05 +0100 Subject: [PATCH 19/21] chore: update initConfigInjector to use jq for secret injection and adjust volume mounts in deployment templates --- charts/exivity/templates/_init_config_injector.tpl | 14 +++++++++----- charts/exivity/templates/chronos/deployment.yaml | 2 +- charts/exivity/templates/edify/deployment.yaml | 2 +- charts/exivity/templates/executor/deployment.yaml | 4 ++-- .../exivity/templates/transcript/deployment.yaml | 2 +- charts/exivity/templates/use/deployment.yaml | 1 - 6 files changed, 14 insertions(+), 11 deletions(-) diff --git a/charts/exivity/templates/_init_config_injector.tpl b/charts/exivity/templates/_init_config_injector.tpl index 74558f0e..b0e81c09 100644 --- a/charts/exivity/templates/_init_config_injector.tpl +++ b/charts/exivity/templates/_init_config_injector.tpl @@ -13,11 +13,15 @@ Can be used by all deployments set -e echo "Injecting secrets into config.json..." - sed -e "s|{{ "{{" }}DB_USER{{ "}}" }}|$DB_USER|g" \ - -e "s|{{ "{{" }}DB_PASSWORD{{ "}}" }}|$DB_PASSWORD|g" \ - -e "s|{{ "{{" }}MQ_USER{{ "}}" }}|$MQ_USER|g" \ - -e "s|{{ "{{" }}MQ_PASSWORD{{ "}}" }}|$MQ_PASSWORD|g" \ - /config-template/config.json > /config/config.json + jq --arg db_user "$DB_USER" \ + --arg db_password "$DB_PASSWORD" \ + --arg mq_user "$MQ_USER" \ + --arg mq_password "$MQ_PASSWORD" \ + '.db.parameters.user = $db_user | + .db.parameters.password = $db_password | + .mq.user = $mq_user | + .mq.password = $mq_password' \ + /config-template/config.json > /config/config.json echo "Config generated successfully" env: diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index 5a280eba..353be45f 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -50,7 +50,7 @@ spec: volumeMounts: - name: config mountPath: /exivity/home/system/config - {{- include "exivity.configVolumeMount" . | indent 12 }} + {{- include "exivity.configVolumeMount" . | nindent 12 }} - name: log mountPath: /exivity/home/log/chronos {{- include "exivity.probes" $ | nindent 10 }} diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index 22c0bfda..dbbb30c3 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -49,7 +49,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigInjector" . | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }} containers: - name: edify image: {{ include "exivity.image" (set $ "name" "edify") }} diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 2d4ddbac..1b0b1d38 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -50,7 +50,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigInjector" . | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "exported" "extracted" "import" "report")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }} containers: - name: executor image: {{ include "exivity.image" (set $ "name" "executor") }} @@ -89,4 +89,4 @@ spec: {{- include "exivity.tolerations" (dict "Values" .Values "component" .Values.service.executor) | nindent 6 }} {{- include "exivity.nodeSelector" (dict "Values" .Values "component" .Values.service.executor) | nindent 6 }} affinity: - {{- include "exivity.nodeAffinity" (dict "Values" .Values "component" .Values.service.executor) | nindent 8 }} \ No newline at end of file + {{- include "exivity.nodeAffinity" (dict "Values" .Values "component" .Values.service.executor) | nindent 8 }} diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index d8722094..d1c5d6af 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -50,7 +50,7 @@ spec: {{- include "exivity.permissionScriptVolume" . | nindent 8 }} initContainers: {{- include "exivity.initConfigInjector" . | nindent 8 }} - {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "report")) | nindent 8 }} + {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "transcript" "volumes" (list "config" "exported" "extracted" "import" "log" "report")) | nindent 8 }} containers: - name: transcript image: {{ include "exivity.image" (set $ "name" "transcript") }} diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index 12f1f0d4..49533afa 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -52,7 +52,6 @@ spec: secret: secretName: {{ include "exivity.fullname" $ -}}-use-certificates {{- end }} - {{- include "exivity.initPermissions" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 6 }} initContainers: {{- include "exivity.initConfigInjector" . | nindent 8 }} {{- include "exivity.initPermissionsContainer" (dict "root" . "component" "use" "volumes" (list "etl-config" "exported" "extracted" "import" "log")) | nindent 8 }} From 3cbbc1f4aa057a77cd9e38144de0ce840188ddfe Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Mon, 5 Jan 2026 10:47:31 +0100 Subject: [PATCH 20/21] chore: increase HELM_TIMEOUT from 10m to 15m for better deployment stability --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index c7480dc2..1405b08d 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ NFS_CHART_VERSION := 1.8.0 INGRESS_HOSTNAME := exivity.local -HELM_TIMEOUT := 10m +HELM_TIMEOUT := 15m # Define Minikube start with a specific driver minikube-start: From 7bc9251386c1a9713121d381c489dac0206c2af9 Mon Sep 17 00:00:00 2001 From: xiangyisss Date: Mon, 5 Jan 2026 14:02:04 +0100 Subject: [PATCH 21/21] chore: update rabbitmq secret references in deployment templates and add rabbitmq secret manifest --- Makefile | 2 +- charts/exivity/templates/chronos/deployment.yaml | 2 +- charts/exivity/templates/dummy-data/job.yaml | 2 +- charts/exivity/templates/edify/deployment.yaml | 2 +- charts/exivity/templates/executor/deployment.yaml | 2 +- charts/exivity/templates/griffon/deployment.yaml | 2 +- charts/exivity/templates/horizon/deployment.yaml | 2 +- charts/exivity/templates/pigeon/deployment.yaml | 2 +- .../exivity/templates/proximity/api.deployment.yaml | 2 +- .../exivity/templates/proximity/cli.deployment.yaml | 2 +- charts/exivity/templates/proximity/migrate.yaml | 2 +- charts/exivity/templates/rabbitmq-secret.yaml | 11 +++++++++++ charts/exivity/templates/secret.yaml | 13 +------------ charts/exivity/templates/transcript/deployment.yaml | 2 +- charts/exivity/templates/use/deployment.yaml | 2 +- 15 files changed, 25 insertions(+), 25 deletions(-) create mode 100644 charts/exivity/templates/rabbitmq-secret.yaml diff --git a/Makefile b/Makefile index 1405b08d..c7480dc2 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ NFS_CHART_VERSION := 1.8.0 INGRESS_HOSTNAME := exivity.local -HELM_TIMEOUT := 15m +HELM_TIMEOUT := 10m # Define Minikube start with a specific driver minikube-start: diff --git a/charts/exivity/templates/chronos/deployment.yaml b/charts/exivity/templates/chronos/deployment.yaml index 353be45f..01b25c3c 100644 --- a/charts/exivity/templates/chronos/deployment.yaml +++ b/charts/exivity/templates/chronos/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: chronos {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/dummy-data/job.yaml b/charts/exivity/templates/dummy-data/job.yaml index c3fa0c58..b97b6757 100644 --- a/charts/exivity/templates/dummy-data/job.yaml +++ b/charts/exivity/templates/dummy-data/job.yaml @@ -18,7 +18,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: dummy-data {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/edify/deployment.yaml b/charts/exivity/templates/edify/deployment.yaml index dbbb30c3..05e72cce 100644 --- a/charts/exivity/templates/edify/deployment.yaml +++ b/charts/exivity/templates/edify/deployment.yaml @@ -21,7 +21,7 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }} diff --git a/charts/exivity/templates/executor/deployment.yaml b/charts/exivity/templates/executor/deployment.yaml index 1b0b1d38..8120c306 100644 --- a/charts/exivity/templates/executor/deployment.yaml +++ b/charts/exivity/templates/executor/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: executor {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/griffon/deployment.yaml b/charts/exivity/templates/griffon/deployment.yaml index 638df964..19e2b215 100644 --- a/charts/exivity/templates/griffon/deployment.yaml +++ b/charts/exivity/templates/griffon/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: griffon {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/horizon/deployment.yaml b/charts/exivity/templates/horizon/deployment.yaml index 1b247c13..c8dd74f0 100644 --- a/charts/exivity/templates/horizon/deployment.yaml +++ b/charts/exivity/templates/horizon/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-horizon: {{ include (print $.Template.BasePath "/horizon/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: horizon {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/pigeon/deployment.yaml b/charts/exivity/templates/pigeon/deployment.yaml index 689eba06..db2c071a 100644 --- a/charts/exivity/templates/pigeon/deployment.yaml +++ b/charts/exivity/templates/pigeon/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-pigeon: {{ include (print $.Template.BasePath "/pigeon/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: pigeon {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/proximity/api.deployment.yaml b/charts/exivity/templates/proximity/api.deployment.yaml index 41bbd2ef..3ba4c87d 100644 --- a/charts/exivity/templates/proximity/api.deployment.yaml +++ b/charts/exivity/templates/proximity/api.deployment.yaml @@ -24,7 +24,7 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-proximity-api-env: {{ include (print $.Template.BasePath "/proximity/api.env.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} {{- if .Values.ldap.tlsCacert }} checksum/{{- include "exivity.fullname" $ -}}-ldap-tls-cert: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }} {{- end }} diff --git a/charts/exivity/templates/proximity/cli.deployment.yaml b/charts/exivity/templates/proximity/cli.deployment.yaml index f678a703..d403178d 100644 --- a/charts/exivity/templates/proximity/cli.deployment.yaml +++ b/charts/exivity/templates/proximity/cli.deployment.yaml @@ -22,7 +22,7 @@ spec: checksum/{{- include "exivity.fullname" $ -}}-config-logfiles: {{ include (print $.Template.BasePath "/logfiles-configmap.yaml") . | sha256sum }} checksum/{{- include "exivity.fullname" $ -}}-config-proximity-cli: {{ include (print $.Template.BasePath "/proximity/cli.configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityCli") | indent 8 }} diff --git a/charts/exivity/templates/proximity/migrate.yaml b/charts/exivity/templates/proximity/migrate.yaml index 0c8cac46..16cf9c26 100644 --- a/charts/exivity/templates/proximity/migrate.yaml +++ b/charts/exivity/templates/proximity/migrate.yaml @@ -20,7 +20,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} spec: securityContext: {{- include "exivity.securityContext" (dict "root" . "component" "proximityMigrate") | indent 8 }} diff --git a/charts/exivity/templates/rabbitmq-secret.yaml b/charts/exivity/templates/rabbitmq-secret.yaml new file mode 100644 index 00000000..08f6a804 --- /dev/null +++ b/charts/exivity/templates/rabbitmq-secret.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "exivity.fullname" . }}-rabbitmq-secret + labels: + app.kubernetes.io/component: rabbitmq-secret + {{- include "exivity.labels" . | nindent 4 }} +type: Opaque +data: + RABBITMQ_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} + RABBITMQ_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} diff --git a/charts/exivity/templates/secret.yaml b/charts/exivity/templates/secret.yaml index c406186a..304dfd5f 100644 --- a/charts/exivity/templates/secret.yaml +++ b/charts/exivity/templates/secret.yaml @@ -28,15 +28,4 @@ data: {{- else }} EXIVITY_JWT_SECRET: {{ randAlphaNum 32 | b64enc }} {{- end }} - ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "exivity.fullname" $ -}}-rabbitmq-secret - labels: - {{- include "exivity.labels" $ | indent 4 }} -type: Opaque -data: - RABBITMQ_USERNAME: {{ .Values.rabbitmq.auth.username | b64enc | quote }} - RABBITMQ_PASSWORD: {{ .Values.rabbitmq.auth.password | b64enc | quote }} \ No newline at end of file + \ No newline at end of file diff --git a/charts/exivity/templates/transcript/deployment.yaml b/charts/exivity/templates/transcript/deployment.yaml index d1c5d6af..e30e49c8 100644 --- a/charts/exivity/templates/transcript/deployment.yaml +++ b/charts/exivity/templates/transcript/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-transcript: {{ include (print $.Template.BasePath "/transcript/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: transcript {{- include "exivity.labels" $ | indent 8 }} diff --git a/charts/exivity/templates/use/deployment.yaml b/charts/exivity/templates/use/deployment.yaml index 49533afa..1239a394 100644 --- a/charts/exivity/templates/use/deployment.yaml +++ b/charts/exivity/templates/use/deployment.yaml @@ -16,7 +16,7 @@ spec: annotations: checksum/{{- include "exivity.fullname" $ -}}-config-use: {{ include (print $.Template.BasePath "/use/configmap.yaml") . | sha256sum }} checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }} - checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }} labels: app.kubernetes.io/component: use {{- include "exivity.labels" $ | indent 8 }}