From be95759a3dea48f3469a05bf01feba84f3c69a9a Mon Sep 17 00:00:00 2001
From: Frederic Gurr <frederic.gurr@eclipse-foundation.org>
Date: Fri, 9 Aug 2024 12:32:26 +0200
Subject: [PATCH] Fix Helm charts for production, add configmap template

---
 charts/openvsx/templates/configmap.yaml     | 65 +++++++++++++++++++++
 charts/openvsx/templates/deployment.yaml    | 14 ++---
 charts/openvsx/templates/elasticsearch.yaml |  9 +--
 charts/openvsx/templates/route.yaml         | 30 +++++++++-
 charts/openvsx/values-staging.yaml          | 18 ++++++
 charts/openvsx/values.yaml                  | 25 ++++++--
 6 files changed, 141 insertions(+), 20 deletions(-)
 create mode 100644 charts/openvsx/templates/configmap.yaml

diff --git a/charts/openvsx/templates/configmap.yaml b/charts/openvsx/templates/configmap.yaml
new file mode 100644
index 00000000..77f3b020
--- /dev/null
+++ b/charts/openvsx/templates/configmap.yaml
@@ -0,0 +1,65 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  labels:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
+  name: grafana-agent-configmap-{{ .Values.environment }}
+  namespace: {{ .Values.namespace }}
+data:
+  agent.yml: |
+    server:
+      log_level: debug
+    integrations:
+      prometheus_remote_write:
+      - basic_auth:
+          password: ${PROMETHEUS_PASSWORD}
+          username: ${PROMETHEUS_USERNAME}
+        url: ${PROMETHEUS_URL}
+      agent:
+        enabled: true
+        relabel_configs:
+        - action: replace
+          source_labels:
+          - agent_hostname
+          target_label: instance
+        - action: replace
+          target_label: job
+          replacement: integrations/agent-check
+        metric_relabel_configs:
+        - action: keep
+          regex: (prometheus_target_sync_length_seconds_sum|prometheus_target_scrapes_.*|prometheus_target_interval.*|prometheus_sd_discovered_targets|agent_build.*|agent_wal_samples_appended_total|process_start_time_seconds)
+          source_labels:
+          - __name__
+    metrics:
+      configs:
+      - name: integrations
+        remote_write:
+        - basic_auth:
+            password: ${PROMETHEUS_PASSWORD}
+            username: ${PROMETHEUS_USERNAME}
+          url: ${PROMETHEUS_URL}
+        scrape_configs:
+        - job_name: integrations/spring-boot
+          static_configs:
+            - targets: ['localhost:8081']
+          metrics_path: /actuator/prometheus
+          metric_relabel_configs:
+          - source_labels: [exported_instance]
+            target_label: instance
+          - regex: ^(exported_instance|deployment_environment|service_instance_id|service_name)$
+            action: labeldrop
+      global:
+        scrape_interval: 60s
+    traces:
+      configs:
+      - name: default
+        remote_write:
+        - endpoint: ${TEMPO_URL}
+          basic_auth:
+            username: ${TEMPO_USERNAME}
+            password: ${TEMPO_PASSWORD}
+        receivers:
+          zipkin:
+            endpoint: localhost:9411
+            parse_string_tags: false
diff --git a/charts/openvsx/templates/deployment.yaml b/charts/openvsx/templates/deployment.yaml
index 80ba3885..8643898b 100644
--- a/charts/openvsx/templates/deployment.yaml
+++ b/charts/openvsx/templates/deployment.yaml
@@ -48,7 +48,7 @@ spec:
         - name: ENVNAME
           value: {{ .Values.environment }}
         - name: JVM_ARGS
-          value: -Dspring.datasource.hikari.maximum-pool-size=5 -Xms512M -Xmx1536M -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:+UnlockDiagnosticVMOptions -Dlog4j2.formatMsgNoLookups=true -Dlog4j.formatMsgNoLookups=true
+          value: {{ .Values.website.jvmArgs }}
         volumeMounts:
         - name: deployment-configuration
           mountPath: /run/secrets/open-vsx.org/deployment
@@ -56,7 +56,7 @@ spec:
           mountPath: /run/secrets/open-vsx.org/truststore
         envFrom:
         - secretRef:
-            name: grafana-cloud-secret-staging
+            name: grafana-cloud-secret-{{ .Values.environment }}
         livenessProbe:
           failureThreshold: 3
           httpGet:
@@ -89,10 +89,10 @@ spec:
         - name: DATA_FILE_PATH
           value: /etc/grafana-agent/data
         - name: ENVNAME
-          value: staging
+          value: {{ .Values.environment }}
         envFrom:
         - secretRef:
-            name: grafana-cloud-secret-staging
+            name: grafana-cloud-secret-{{ .Values.environment }}
         volumeMounts:
         - name: grafana-agent-config-volume
           mountPath: /etc/grafana-agent
@@ -114,7 +114,7 @@ spec:
       - labelSelector:
           matchLabels:
             app: open-vsx-org
-            environment: staging
+            environment: {{ .Values.environment }}
         maxSkew: 1
         topologyKey: kubernetes.io/hostname
         whenUnsatisfiable: DoNotSchedule
@@ -123,12 +123,12 @@ spec:
         secret:
           defaultMode: 420
           optional: false
-          secretName: deployment-configuration-staging
+          secretName: deployment-configuration-{{ .Values.environment }}
       - name: elastic-internal-http-certificates
         secret:
           defaultMode: 420
           optional: false
-          secretName: elasticsearch-staging-es-http-certs-internal
+          secretName: elasticsearch-{{ .Values.environment }}-es-http-certs-internal
       - name: grafana-agent-config-volume
         configMap:
           name: grafana-agent-configmap
diff --git a/charts/openvsx/templates/elasticsearch.yaml b/charts/openvsx/templates/elasticsearch.yaml
index c34abdd2..34995ac9 100644
--- a/charts/openvsx/templates/elasticsearch.yaml
+++ b/charts/openvsx/templates/elasticsearch.yaml
@@ -52,13 +52,8 @@ spec:
         containers:
         - env:
           - name: ES_JAVA_OPTS
-            value: -Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true
+            value: {{ .Values.es.java_opts }}
           name: elasticsearch
           resources:
-            limits:
-              cpu: 1
-              memory: 2Gi
-            requests:
-              cpu: 1
-              memory: 2Gi
+          {{- toYaml .Values.es.resources | nindent 12 }}
   version: 8.7.1
\ No newline at end of file
diff --git a/charts/openvsx/templates/route.yaml b/charts/openvsx/templates/route.yaml
index 62afbd5e..f074afaf 100644
--- a/charts/openvsx/templates/route.yaml
+++ b/charts/openvsx/templates/route.yaml
@@ -3,7 +3,7 @@ kind: Route
 metadata:
   annotations:
     haproxy.router.openshift.io/disable_cookies: 'true'
-    haproxy.router.openshift.io/timeout: 30s
+    haproxy.router.openshift.io/timeout: {{ .Values.route.timeout }}
   labels:
     app: {{ .Values.name }}
     environment: {{ .Values.environment }}
@@ -20,4 +20,30 @@ spec:
   to:
     kind: Service
     name: {{ .Values.name }}-{{ .Values.environment }}
-    weight: 100
\ No newline at end of file
+    weight: 100
+{{- if eq .Values.environment "production" }}
+---
+apiVersion: route.openshift.io/v1
+kind: Route
+metadata:
+  annotations:
+    haproxy.router.openshift.io/disable_cookies: 'true'
+    haproxy.router.openshift.io/timeout: {{ .Values.route.timeout }}
+  labels:
+    app: {{ .Values.name }}
+    environment: {{ .Values.environment }}
+  name: www-{{ .Values.name }}-{{ .Values.environment }}
+  namespace: {{ .Values.namespace }}
+spec:
+  host: www.{{ .Values.host }}
+  path: /
+  port:
+    targetPort: {{ .Values.service.targetPort }}
+  tls:
+    insecureEdgeTerminationPolicy: Redirect
+    termination: edge
+  to:
+    kind: Service
+    name: {{ .Values.name }}-{{ .Values.environment }}
+    weight: 100
+{{- end }}
diff --git a/charts/openvsx/values-staging.yaml b/charts/openvsx/values-staging.yaml
index add6a247..b239c0f1 100644
--- a/charts/openvsx/values-staging.yaml
+++ b/charts/openvsx/values-staging.yaml
@@ -14,6 +14,12 @@ image:
   # Overrides the image tag whose default is the chart appVersion.
   tag: 06c8bea-430
 
+website:
+  jvmArgs: -Dspring.datasource.hikari.maximum-pool-size=5 -Xms512M -Xmx1536M -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:+UnlockDiagnosticVMOptions -Dlog4j2.formatMsgNoLookups=true -Dlog4j.formatMsgNoLookups=true
+
+route:
+  timeout: 30s
+
 service:
   type: ClusterIP
   port: 80
@@ -26,3 +32,15 @@ resources:
   requests:
     cpu: 250m
     memory: 2Gi
+
+# elastic search
+es:
+  java_opts: -Xms1g -Xmx1g -Dlog4j2.formatMsgNoLookups=true
+  resources:
+    limits:
+      cpu: 1000m
+      memory: 2Gi
+    requests:
+      cpu: 250m
+      memory: 2Gi
+
diff --git a/charts/openvsx/values.yaml b/charts/openvsx/values.yaml
index a15e5bd6..5449e737 100644
--- a/charts/openvsx/values.yaml
+++ b/charts/openvsx/values.yaml
@@ -14,6 +14,12 @@ image:
   # Overrides the image tag whose default is the chart appVersion.
   tag: 97e1417-99
 
+website:
+  jvmArgs: -Xms4G -Xmx6G -XX:+AlwaysPreTouch -XX:+HeapDumpOnOutOfMemoryError -XX:+UseStringDeduplication -XX:+ParallelRefProcEnabled -XX:+DisableExplicitGC -XX:+UnlockExperimentalVMOptions -XX:+UnlockDiagnosticVMOptions -Dlog4j2.formatMsgNoLookups=true -Dlog4j.formatMsgNoLookups=true
+
+route:
+  timeout: 10m
+
 service:
   type: ClusterIP
   port: 80
@@ -21,8 +27,19 @@ service:
 
 resources:
   limits:
-    cpu: 1000m
-    memory: 2Gi
+    cpu: 5000m
+    memory: 8Gi
   requests:
-    cpu: 250m
-    memory: 2Gi
+    cpu: 3000m
+    memory: 8Gi
+
+# elastic search
+es:
+  java_opts: -Xms4g -Xmx4g -Dlog4j2.formatMsgNoLookups=true
+  resources:
+    limits:
+      cpu: 4
+      memory: 8Gi
+    requests:
+      cpu: 1
+      memory: 8Gi