From 1bded89735c19bb23b56867ac7d9c75266d7ae8d Mon Sep 17 00:00:00 2001 From: Richard Vowles Date: Sun, 25 Feb 2024 18:32:51 +1300 Subject: [PATCH] Externalise liveness and readiness probes (#24) * Externalise liveness and readiness probes * Externalise liveness and readiness probes for dacha and edge * Add in memory postgres config file * Update helm docs * Bump Chart.yaml version to 4.1.2 --------- Co-authored-by: Alex Deng --- .github/helm-docs.sh | 2 +- helm/featurehub/Chart.yaml | 2 +- helm/featurehub/README.md | 11 +++- .../templates/dacha/deployment.yaml | 17 +---- .../featurehub/templates/edge/deployment.yaml | 17 +---- helm/featurehub/templates/global-ingress.yaml | 3 + .../management-repository/deployment.yaml | 17 +---- helm/featurehub/values.yaml | 66 +++++++++++++++++++ helm/in-memory-postgres/README.md | 5 ++ helm/in-memory-postgres/pg.yaml | 40 +++++++++++ helm/pubsub-emulator/README.md | 2 +- 11 files changed, 132 insertions(+), 50 deletions(-) create mode 100644 helm/in-memory-postgres/README.md create mode 100644 helm/in-memory-postgres/pg.yaml diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh index a9c3c3d..861b7fb 100755 --- a/.github/helm-docs.sh +++ b/.github/helm-docs.sh @@ -1,7 +1,7 @@ #!/bin/bash set -euo pipefail -HELM_DOCS_VERSION="1.11.3" +HELM_DOCS_VERSION="1.13.0" # install helm-docs curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz diff --git a/helm/featurehub/Chart.yaml b/helm/featurehub/Chart.yaml index f304096..242de4a 100644 --- a/helm/featurehub/Chart.yaml +++ b/helm/featurehub/Chart.yaml @@ -12,7 +12,7 @@ description: "FeatueHub is an Enterprise Grade, Cloud Native Feature Management their own requirements. " type: application -version: 4.1.1 +version: 4.1.2 icon: https://raw.githubusercontent.com/featurehub-io/featurehub/main/docs/modules/ROOT/images/fh_icon.png appVersion: "1.7.0" maintainers: diff --git a/helm/featurehub/README.md b/helm/featurehub/README.md index 9d0aaa0..fa274d3 100644 --- a/helm/featurehub/README.md +++ b/helm/featurehub/README.md @@ -1,6 +1,6 @@ # featurehub -![Version: 4.1.1](https://img.shields.io/badge/Version-4.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) +![Version: 4.1.2](https://img.shields.io/badge/Version-4.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.7.0](https://img.shields.io/badge/AppVersion-1.7.0-informational?style=flat-square) FeatueHub is an Enterprise Grade, Cloud Native Feature Management platform that is available to suite any organisations requirements. This fully supported Helm chart is the Open Source version of the product, which has all the same features as the [SaaS product](https://app.featurehub.io). @@ -45,6 +45,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | dacha.ingress.enabled | bool | `false` | | | dacha.ingress.hosts | list | `[]` | | | dacha.ingress.tls | list | `[]` | | +| dacha.livenessProbe | object | `{"failureThreshold":1,"httpGet":{"path":"/health/liveness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"timeoutSeconds":3}` | this allows you to override the values of the liveness probe for dacha | | dacha.nodeSelector | object | `{}` | | | dacha.podAnnotations | object | `{}` | | | dacha.podDisruptionBudget.enabled | bool | `true` | | @@ -54,6 +55,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | dacha.prometheus.enabled | bool | `false` | Whether to enable or disable prometheus metrics endpoints, and serviceMonitor If enabled, metrics are exposed on port 8701, on /metrics endpoint | | dacha.prometheus.labels | object | `{}` | Labels for the Prometheus Operator to handle the serviceMonitor | | dacha.pullPolicy | string | `"IfNotPresent"` | | +| dacha.readinessProbe | object | `{"failureThreshold":1,"httpGet":{"path":"/health/readiness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"successThreshold":2,"timeoutSeconds":3}` | this allows you to override the values of the readiness probe for dacha | | dacha.replicaCount | int | `2` | | | dacha.resources | object | `{}` | | | dacha.securityContext.runAsNonRoot | bool | `true` | | @@ -88,6 +90,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | edge.ingress.enabled | bool | `false` | | | edge.ingress.hosts | list | `[]` | | | edge.ingress.tls | list | `[]` | | +| edge.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/liveness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"timeoutSeconds":3}` | this allows you to override the values of the liveness probe for edge | | edge.nodeSelector | object | `{}` | | | edge.podAnnotations | object | `{}` | | | edge.podDisruptionBudget.enabled | bool | `true` | | @@ -97,6 +100,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | edge.prometheus.enabled | bool | `false` | Whether to enable or disable prometheus metrics endpoints, and serviceMonitor If enabled, metrics are exposed on port 8701, on /metrics endpoint | | edge.prometheus.labels | object | `{}` | Labels for the Prometheus Operator to handle the serviceMonitor | | edge.pullPolicy | string | `"IfNotPresent"` | | +| edge.readinessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/readiness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"successThreshold":2,"timeoutSeconds":3}` | this allows you to override the readiness probe for edge | | edge.replicaCount | int | `2` | | | edge.resources | object | `{}` | | | edge.securityContext.runAsNonRoot | bool | `true` | | @@ -119,6 +123,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | global.extraVolumes | list | `[]` | List of extra volumes to add to Management Repository Deployment | | global.ingress.annotations | list | `[]` | | | global.ingress.enabled | bool | `true` | | +| global.ingress.ingressClassName | string | `""` | specify the ingress class name if thats what makes yor ingress work. E.g. in AWS its "alb" | | global.intranet | bool | `false` | if set to true, then MR will serve the intranet version of the application which does not require external HTML dependencies | | global.urlPath | string | `""` | the default url path is to mount as root, this lets you mount where ever you like, but it affects the health checks | | googlepubsub.backOffInSeconds | int | `20` | how long to backoff when failing to process a request from an incoming subscription | @@ -151,6 +156,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | managementRepository.ingress.hosts | list | `[]` | | | managementRepository.ingress.tls | list | `[]` | | | managementRepository.initContainers | object | `{}` | | +| managementRepository.livenessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/liveness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"timeoutSeconds":3}` | this allows you to override the values of the liveness probe for MR | | managementRepository.nodeSelector | object | `{}` | | | managementRepository.podAnnotations | object | `{}` | | | managementRepository.podDisruptionBudget.enabled | bool | `true` | | @@ -160,6 +166,7 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | managementRepository.prometheus.enabled | bool | `false` | Whether to enable or disable prometheus metrics endpoints, and serviceMonitor If enabled, metrics are exposed on port 8701, on /metrics endpoint | | managementRepository.prometheus.labels | object | `{}` | Labels for the Prometheus Operator to handle the serviceMonitor | | managementRepository.pullPolicy | string | `"IfNotPresent"` | | +| managementRepository.readinessProbe | object | `{"failureThreshold":2,"httpGet":{"path":"/health/readiness","port":"metrics"},"initialDelaySeconds":20,"periodSeconds":20,"successThreshold":2,"timeoutSeconds":3}` | this allows you to override the readiness probe | | managementRepository.replicaCount | int | `1` | how many copies | | managementRepository.resources | object | `{}` | | | managementRepository.securityContext.runAsNonRoot | bool | `true` | | @@ -176,4 +183,4 @@ NATS and Postgres are *NOT* requirements of the project and are included only fo | postgresql | object | `{"enabled":true,"global":{"postgresql":{"auth":{"postgresPassword":"postgresql"}}},"primary":{"initdb":{"scripts":{"featurehub.sql":"CREATE USER featurehub PASSWORD 'featurehub' LOGIN;\nCREATE DATABASE featurehub;\nGRANT ALL PRIVILEGES ON DATABASE featurehub TO featurehub;\n\\connect featurehub\nGRANT ALL ON SCHEMA public TO featurehub;"}},"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"128Mi","storageClassName":"standard"}}}` | ----------------------------------------------------------------------------- # | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0) diff --git a/helm/featurehub/templates/dacha/deployment.yaml b/helm/featurehub/templates/dacha/deployment.yaml index f8d1242..5be6a62 100644 --- a/helm/featurehub/templates/dacha/deployment.yaml +++ b/helm/featurehub/templates/dacha/deployment.yaml @@ -86,22 +86,9 @@ spec: containerPort: 8701 protocol: TCP livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - failureThreshold: 1 # we set this to 1 because if the health check fails, it means the cache is compromised - timeoutSeconds: 3 - httpGet: - path: /health/liveness - port: metrics + {{- toYaml .Values.dacha.livenessProbe | nindent 12 }} readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - successThreshold: 2 - failureThreshold: 1 - timeoutSeconds: 3 - httpGet: - path: /health/readiness - port: metrics + {{- toYaml .Values.dacha.readinessProbe | nindent 12 }} volumeMounts: {{- if gt ( len .Values.global.extraCommonConfigFiles ) 0 -}} {{- range $cm := .Values.global.extraCommonConfigFiles }} diff --git a/helm/featurehub/templates/edge/deployment.yaml b/helm/featurehub/templates/edge/deployment.yaml index 1a77f32..8acbf34 100644 --- a/helm/featurehub/templates/edge/deployment.yaml +++ b/helm/featurehub/templates/edge/deployment.yaml @@ -86,22 +86,9 @@ spec: containerPort: 8701 protocol: TCP livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - failureThreshold: 2 - timeoutSeconds: 3 - httpGet: - path: {{ include "featurehub.liveness.url" . | quote }} - port: metrics + {{- toYaml .Values.edge.livenessProbe | nindent 12 }} readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - successThreshold: 2 - failureThreshold: 2 - timeoutSeconds: 3 - httpGet: - path: {{ include "featurehub.readiness.url" . | quote }} - port: metrics + {{- toYaml .Values.edge.readinessProbe | nindent 12 }} volumeMounts: {{- if gt ( len .Values.global.extraCommonConfigFiles ) 0 -}} {{- range $cm := .Values.global.extraCommonConfigFiles }} diff --git a/helm/featurehub/templates/global-ingress.yaml b/helm/featurehub/templates/global-ingress.yaml index 5a4fb1b..8034278 100644 --- a/helm/featurehub/templates/global-ingress.yaml +++ b/helm/featurehub/templates/global-ingress.yaml @@ -11,6 +11,9 @@ metadata: {{- toYaml . | nindent 4 }} {{- end }} spec: + {{- if .Values.global.ingress.ingressClassName }} + ingressClassName: "{{ .Values.global.ingress.ingressClassName }}" + {{- end }} rules: - http: paths: diff --git a/helm/featurehub/templates/management-repository/deployment.yaml b/helm/featurehub/templates/management-repository/deployment.yaml index ba34ee2..13fc6f8 100644 --- a/helm/featurehub/templates/management-repository/deployment.yaml +++ b/helm/featurehub/templates/management-repository/deployment.yaml @@ -94,22 +94,9 @@ spec: containerPort: 8701 protocol: TCP livenessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - failureThreshold: 2 - timeoutSeconds: 3 - httpGet: - path: {{ include "featurehub.liveness.url" . | quote }} - port: metrics + {{- toYaml .Values.managementRepository.livenessProbe | nindent 12 }} readinessProbe: - initialDelaySeconds: 20 - periodSeconds: 20 - successThreshold: 2 - failureThreshold: 2 - timeoutSeconds: 3 - httpGet: - path: {{ include "featurehub.readiness.url" . | quote }} - port: metrics + {{- toYaml .Values.managementRepository.readinessProbe | nindent 12 }} volumeMounts: {{- if gt ( len .Values.global.extraCommonConfigFiles ) 0 -}} {{- range $cm := .Values.global.extraCommonConfigFiles }} diff --git a/helm/featurehub/values.yaml b/helm/featurehub/values.yaml index e300eb5..b689b34 100644 --- a/helm/featurehub/values.yaml +++ b/helm/featurehub/values.yaml @@ -32,6 +32,8 @@ global: ingress: enabled: true annotations: [] + # -- specify the ingress class name if thats what makes yor ingress work. E.g. in AWS its "alb" + ingressClassName: "" # -- If `true`, entries from `environmentVars` will be mapped to /etc/app-config/common.properties file # To mount secret settings as /etc/app-config/common.properties see volume fields @@ -128,6 +130,28 @@ managementRepository: # cpu: 100m # memory: 128Mi + # -- this allows you to override the values of the liveness probe for MR + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 2 + timeoutSeconds: 3 + httpGet: + path: "/health/liveness" + port: metrics + + # -- this allows you to override the readiness probe + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + successThreshold: 2 + failureThreshold: 2 + timeoutSeconds: 3 + httpGet: + path: "/health/readiness" + port: metrics + + serviceAccount: # Specifies whether a service account should be created create: true @@ -297,6 +321,27 @@ edge: # cpu: 100m # memory: 128Mi + # -- this allows you to override the values of the liveness probe for edge + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 2 + timeoutSeconds: 3 + httpGet: + path: "/health/liveness" + port: metrics + + # -- this allows you to override the readiness probe for edge + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + successThreshold: 2 + failureThreshold: 2 + timeoutSeconds: 3 + httpGet: + path: "/health/readiness" + port: metrics + serviceAccount: # Specifies whether a service account should be created create: true @@ -454,6 +499,27 @@ dacha: # cpu: 100m # memory: 128Mi + # -- this allows you to override the values of the liveness probe for dacha + livenessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + failureThreshold: 1 # we set this to 1 because if the health check fails, it means the cache is compromised + timeoutSeconds: 3 + httpGet: + path: /health/liveness + port: metrics + + # -- this allows you to override the values of the readiness probe for dacha + readinessProbe: + initialDelaySeconds: 20 + periodSeconds: 20 + successThreshold: 2 + failureThreshold: 1 + timeoutSeconds: 3 + httpGet: + path: /health/readiness + port: metrics + serviceAccount: # Specifies whether a service account should be created create: true diff --git a/helm/in-memory-postgres/README.md b/helm/in-memory-postgres/README.md new file mode 100644 index 0000000..f15c3a4 --- /dev/null +++ b/helm/in-memory-postgres/README.md @@ -0,0 +1,5 @@ +# In memory Postgres + +For testing inside an EKS cluster that we created from AWS Blueprints (https://github.com/aws-ia/terraform-aws-eks-blueprints/tree/main/patterns/fargate-serverless), we found that the bundled Postgres Helm chart attempts to create an EBS mount inside a Fargate Container which is not currently supported (https://github.com/aws/containers-roadmap/issues/1113). + +We did not want to create an RDS instance for this testing and chose to run an in memory postgres for ephemeral testing. \ No newline at end of file diff --git a/helm/in-memory-postgres/pg.yaml b/helm/in-memory-postgres/pg.yaml new file mode 100644 index 0000000..4f3604a --- /dev/null +++ b/helm/in-memory-postgres/pg.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: postgres +spec: + replicas: 1 + selector: + matchLabels: + run: postgres + template: + metadata: + labels: + run: postgres + spec: + containers: + - name: postgres + image: postgres + env: + - name: POSTGRES_PASSWORD + value: featurehub + - name: POSTGRES_HOST_AUTH_METHOD + value: trust + ports: + - name: tcp + containerPort: 5432 + protocol: TCP +--- +apiVersion: v1 +kind: Service +metadata: + name: featurehub-postgresql +spec: + type: ClusterIP + ports: + - port: 5432 + targetPort: 5432 + protocol: TCP + name: postgres + selector: + run: postgres diff --git a/helm/pubsub-emulator/README.md b/helm/pubsub-emulator/README.md index b6d2c79..9c39d14 100644 --- a/helm/pubsub-emulator/README.md +++ b/helm/pubsub-emulator/README.md @@ -29,4 +29,4 @@ This is a helm chart for the pubsub emulator, which is useful for testing charts | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | ---------------------------------------------- -Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) +Autogenerated from chart metadata using [helm-docs v1.13.0](https://github.com/norwoodj/helm-docs/releases/v1.13.0)