Make helm installation namespaces customizable (#836)
* chore(helm): Better configurability. Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(init): Adding sleep 10 for resources to be up Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * fix(helm): Updated env vars Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(helm): Derive namespace from minio endpoint Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * feat(helm): Update namespace for chalice env vars Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(init): random secret for assist jwt secret Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> * chore(backend): Removing unnecessary files Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com> Signed-off-by: rjshrjndrn <rjshrjndrn@gmail.com>
This commit is contained in:
Rajesh Rajendran
GitHub
parent
3048d12c7c
commit
4698075aa0
30 changed files with 82 additions and 144 deletions
|
|
@ -1,92 +0,0 @@
|
|||
chalice:
|
||||
env:
|
||||
jwt_secret: SetARandomStringHere
|
||||
clickhouse:
|
||||
enabled: false
|
||||
fromVersion: v1.6.0
|
||||
global:
|
||||
domainName: openreplay.local
|
||||
email:
|
||||
emailFrom: OpenReplay<do-not-reply@openreplay.com>
|
||||
emailHost: ""
|
||||
emailPassword: ""
|
||||
emailPort: "587"
|
||||
emailSslCert: ""
|
||||
emailSslKey: ""
|
||||
emailUseSsl: "false"
|
||||
emailUseTls: "true"
|
||||
emailUser: ""
|
||||
enterpriseEditionLicense: ""
|
||||
ingress:
|
||||
controller:
|
||||
config:
|
||||
enable-real-ip: true
|
||||
force-ssl-redirect: false
|
||||
max-worker-connections: 0
|
||||
proxy-body-size: 10m
|
||||
ssl-redirect: false
|
||||
extraArgs:
|
||||
default-ssl-certificate: app/openreplay-ssl
|
||||
ingressClass: openreplay
|
||||
ingressClassResource:
|
||||
name: openreplay
|
||||
service:
|
||||
externalTrafficPolicy: Local
|
||||
kafka:
|
||||
kafkaHost: kafka.db.svc.cluster.local
|
||||
kafkaPort: "9092"
|
||||
kafkaUseSsl: "false"
|
||||
zookeeperHost: databases-zookeeper.svc.cluster.local
|
||||
zookeeperNonTLSPort: 2181
|
||||
postgresql:
|
||||
postgresqlDatabase: postgres
|
||||
postgresqlHost: postgresql.db.svc.cluster.local
|
||||
postgresqlPassword: changeMePassword
|
||||
postgresqlPort: "5432"
|
||||
postgresqlUser: postgres
|
||||
redis:
|
||||
redisHost: redis-master.db.svc.cluster.local
|
||||
redisPort: "6379"
|
||||
s3:
|
||||
accessKey: changeMeMinioAccessKey
|
||||
assetsBucket: sessions-assets
|
||||
endpoint: http://minio.db.svc.cluster.local:9000
|
||||
recordingsBucket: mobs
|
||||
region: us-east-1
|
||||
secretKey: changeMeMinioPassword
|
||||
sourcemapsBucket: sourcemaps
|
||||
ingress-nginx:
|
||||
controller:
|
||||
config:
|
||||
enable-real-ip: true
|
||||
force-ssl-redirect: false
|
||||
max-worker-connections: 0
|
||||
proxy-body-size: 10m
|
||||
ssl-redirect: false
|
||||
extraArgs:
|
||||
default-ssl-certificate: app/openreplay-ssl
|
||||
ingressClass: openreplay
|
||||
ingressClassResource:
|
||||
name: openreplay
|
||||
service:
|
||||
externalTrafficPolicy: Local
|
||||
kafka:
|
||||
kafkaHost: kafka.db.svc.cluster.local
|
||||
kafkaPort: "9092"
|
||||
kafkaUseSsl: "false"
|
||||
zookeeperHost: databases-zookeeper.svc.cluster.local
|
||||
zookeeperNonTLSPort: 2181
|
||||
minio:
|
||||
global:
|
||||
minio:
|
||||
accessKey: changeMeMinioAccessKey
|
||||
secretKey: changeMeMinioPassword
|
||||
postgresql:
|
||||
postgresqlDatabase: postgres
|
||||
postgresqlHost: postgresql.db.svc.cluster.local
|
||||
postgresqlPassword: changeMePassword
|
||||
postgresqlPort: "5432"
|
||||
postgresqlUser: postgres
|
||||
redis:
|
||||
redisHost: redis-master.db.svc.cluster.local
|
||||
redisPort: "6379"
|
||||
|
|
@ -143,5 +143,6 @@ clickhouse:
|
|||
postgreql:
|
||||
enabled: true
|
||||
|
||||
# For enterpriseEdition Only
|
||||
vault:
|
||||
enabled: false
|
||||
|
|
|
|||
|
|
@ -67,6 +67,8 @@ usr=`whoami`
|
|||
fi
|
||||
}
|
||||
|
||||
sleep 10
|
||||
|
||||
# ## Installing openssl
|
||||
# sudo apt update &> /dev/null
|
||||
# sudo apt install openssl -y &> /dev/null
|
||||
|
|
@ -106,6 +108,7 @@ sed_i_wrapper -i "s/accessKey: \"changeMeMinioAccessKey\"/accessKey: \"$(randomP
|
|||
sed_i_wrapper -i "s/secretKey: \"changeMeMinioPassword\"/secretKey: \"$(randomPass)\"/g" vars.yaml
|
||||
sed_i_wrapper -i "s/jwt_secret: \"SetARandomStringHere\"/jwt_secret: \"$(randomPass)\"/g" vars.yaml
|
||||
sed_i_wrapper -i "s/assistKey: \"SetARandomStringHere\"/assistKey: \"$(randomPass)\"/g" vars.yaml
|
||||
sed_i_wrapper -i "s/assistJWTSecret: \"SetARandomStringHere\"/assistJWTSecret: \"$(randomPass)\"/g" vars.yaml
|
||||
sed_i_wrapper -i "s/domainName: \"\"/domainName: \"${DOMAIN_NAME}\"/g" vars.yaml
|
||||
|
||||
info "Setting proper permission for shared folder"
|
||||
|
|
|
|||
|
|
@ -51,6 +51,10 @@ spec:
|
|||
value: "5432"
|
||||
- name: pg_dbname
|
||||
value: "{{ .Values.global.postgresql.postgresqlDatabase }}"
|
||||
- name: ch_host
|
||||
value: "{{ .Values.global.clickhouse.chHost }}"
|
||||
- name: ch_port
|
||||
value: "{{ .Values.global.clickhouse.service.webPort }}"
|
||||
- name: pg_user
|
||||
value: '{{ .Values.global.postgresql.postgresqlUser }}'
|
||||
- name: pg_password
|
||||
|
|
@ -58,7 +62,7 @@ spec:
|
|||
- name: SITE_URL
|
||||
value: 'https://{{ .Values.global.domainName }}'
|
||||
- name: S3_HOST
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
value: 'https://{{ .Values.global.domainName }}:{{ .Values.global.ingress.controller.service.ports.https}}'
|
||||
{{- else}}
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
|
|
|
|||
|
|
@ -98,8 +98,6 @@ autoscaling:
|
|||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
env:
|
||||
ch_host: clickhouse-openreplay-clickhouse.db.svc.cluster.local
|
||||
ch_port: 9000
|
||||
PYTHONUNBUFFERED: '0'
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -69,7 +69,7 @@ spec:
|
|||
# 4. Using AWS itself.
|
||||
# AWS uses bucketname.endpoint/object while others use endpoint/bucketname/object
|
||||
- name: ASSETS_ORIGIN
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
# Local minio Installation
|
||||
value: 'https://{{ .Values.global.domainName }}:{{.Values.global.ingress.controller.service.ports.https}}/{{.Values.global.s3.assetsBucket}}'
|
||||
{{- else if contains "amazonaws.com" .Values.global.s3.endpoint }}
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ spec:
|
|||
- name: AWS_DEFAULT_REGION
|
||||
value: "{{ .Values.global.s3.region }}"
|
||||
- name: S3_HOST
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
value: 'https://{{ .Values.global.domainName }}:{{ .Values.global.ingress.controller.service.ports.https}}'
|
||||
{{- else}}
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
|
|
@ -59,6 +59,8 @@ spec:
|
|||
value: {{ .Values.global.s3.accessKey }}
|
||||
- name: S3_SECRET
|
||||
value: {{ .Values.global.s3.secretKey }}
|
||||
- name: REDIS_URL
|
||||
value: {{ .Values.global.redis.redisHost }}
|
||||
{{- range $key, $val := .Values.env }}
|
||||
- name: {{ $key }}
|
||||
value: '{{ $val }}'
|
||||
|
|
|
|||
|
|
@ -94,7 +94,6 @@ autoscaling:
|
|||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
env:
|
||||
REDIS_URL: "redis://redis-master.db.svc.cluster.local:6379"
|
||||
debug: 0
|
||||
uws: false
|
||||
redis: false
|
||||
|
|
|
|||
|
|
@ -43,6 +43,14 @@ spec:
|
|||
{{- .Values.healthCheck | toYaml | nindent 10}}
|
||||
{{- end}}
|
||||
env:
|
||||
- name: ch_host
|
||||
value: "{{ .Values.global.clickhouse.chHost }}"
|
||||
- name: ch_port
|
||||
value: "{{ .Values.global.clickhouse.service.webPort }}"
|
||||
- name: sourcemaps_reader
|
||||
value: "http://sourcemaps-reader-openreplay.{{.Release.Namespace}}.{{.Values.global.clusterDomain}}:9000/sourcemaps/%s/sourcemaps"
|
||||
- name: ASSIST_URL
|
||||
value: "http://assist-openreplay.{{.Release.Namespace}}.{{.Values.global.clusterDomain}}:9001/assist/%s"
|
||||
- name: ASSIST_JWT_SECRET
|
||||
value: {{ .Values.global.assistJWTSecret }}
|
||||
- name: ASSIST_KEY
|
||||
|
|
@ -64,7 +72,7 @@ spec:
|
|||
- name: SITE_URL
|
||||
value: 'https://{{ .Values.global.domainName }}'
|
||||
- name: S3_HOST
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
value: 'https://{{ .Values.global.domainName }}:{{ .Values.global.ingress.controller.service.ports.https}}'
|
||||
{{- else}}
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
|
|
|
|||
|
|
@ -91,8 +91,6 @@ autoscaling:
|
|||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
env:
|
||||
ch_host: clickhouse-openreplay-clickhouse.db.svc.cluster.local
|
||||
ch_port: 9000
|
||||
captcha_server: ''
|
||||
captcha_key: ''
|
||||
async_Token: ''
|
||||
|
|
|
|||
|
|
@ -43,6 +43,8 @@ spec:
|
|||
{{- .Values.healthCheck | toYaml | nindent 10}}
|
||||
{{- end}}
|
||||
env:
|
||||
- name: CLICKHOUSE_STRING
|
||||
value: '{{ .Values.global.clickhouse.chHost }}:{{.Values.global.clickhouse.service.webPort}}/{{.Values.env.ch_db}}'
|
||||
- name: LICENSE_KEY
|
||||
value: '{{ .Values.global.enterpriseEditionLicense }}'
|
||||
- name: REDIS_STRING
|
||||
|
|
|
|||
|
|
@ -98,7 +98,7 @@ autoscaling:
|
|||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
env:
|
||||
CLICKHOUSE_STRING: tcp://clickhouse-openreplay-clickhouse.db.svc.cluster.local:9000/default
|
||||
ch_db: default
|
||||
|
||||
|
||||
nodeSelector: {}
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ spec:
|
|||
# 4. Using AWS itself.
|
||||
# AWS uses bucketname.endpoint/object while others use endpoint/bucketname/object
|
||||
- name: ASSETS_ORIGIN
|
||||
{{- if eq .Values.global.s3.endpoint "frontend://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
# Local minio Installation
|
||||
value: 'frontends://{{ .Values.global.domainName }}:{{.Values.global.ingress.controller.service.ports.https}}/{{.Values.global.s3.assetsBucket}}'
|
||||
{{- else if contains "amazonaws.com" .Values.global.s3.endpoint }}
|
||||
|
|
|
|||
|
|
@ -67,7 +67,7 @@ spec:
|
|||
# 4. Using AWS itself.
|
||||
# AWS uses bucketname.endpoint/object while others use endpoint/bucketname/object
|
||||
- name: ASSETS_ORIGIN
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
# Local minio Installation
|
||||
value: 'https://{{ .Values.global.domainName }}:{{.Values.global.ingress.controller.service.ports.https}}/{{.Values.global.s3.assetsBucket}}'
|
||||
{{- else if contains "amazonaws.com" .Values.global.s3.endpoint }}
|
||||
|
|
|
|||
|
|
@ -36,7 +36,7 @@ spec:
|
|||
path: /ingest/(.*)
|
||||
{{- end }}
|
||||
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
## TODO:
|
||||
## Frontend service from minio will be migrated to nginx atomic container.
|
||||
## This ingress is just a workaround.
|
||||
|
|
@ -45,7 +45,7 @@ apiVersion: networking.k8s.io/v1
|
|||
kind: Ingress
|
||||
metadata:
|
||||
name: minio
|
||||
namespace: db
|
||||
namespace: "{{(split "." .Values.global.s3.endpoint)._1}}"
|
||||
spec:
|
||||
ingressClassName: "{{ tpl .Values.ingress.className . }}"
|
||||
rules:
|
||||
|
|
|
|||
|
|
@ -48,9 +48,8 @@ spec:
|
|||
env:
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: "{{ .Values.global.s3.region }}"
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
- name: QW_S3_ENDPOINT
|
||||
value: 'http://minio.db.svc.cluster.local:9000'
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
{{- end}}
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
value: {{ .Values.global.s3.accessKey }}
|
||||
|
|
|
|||
|
|
@ -19,10 +19,8 @@ spec:
|
|||
env:
|
||||
- name: AWS_DEFAULT_REGION
|
||||
value: "{{ .Values.global.s3.region }}"
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
- name: QW_S3_ENDPOINT
|
||||
value: 'http://minio.db.svc.cluster.local:9000'
|
||||
{{- end}}
|
||||
value: '{{.Values.global.s3.endpoint}}'
|
||||
- name: AWS_ACCESS_KEY_ID
|
||||
value: {{ .Values.global.s3.accessKey }}
|
||||
- name: AWS_SECRET_ACCESS_KEY
|
||||
|
|
|
|||
|
|
@ -96,7 +96,6 @@ autoscaling:
|
|||
# targetMemoryUtilizationPercentage: 80
|
||||
|
||||
env:
|
||||
REDIS_URL: "redis://redis-master.db.svc.cluster.local:6379"
|
||||
debug: 0
|
||||
uws: false
|
||||
redis: false
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ spec:
|
|||
# 4. Using AWS itself.
|
||||
# AWS uses bucketname.endpoint/object while others use endpoint/bucketname/object
|
||||
- name: ASSETS_ORIGIN
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
# Local minio Installation
|
||||
value: 'https://{{ .Values.global.domainName }}:{{.Values.global.ingress.controller.service.ports.https}}/{{.Values.global.s3.assetsBucket}}'
|
||||
{{- else if contains "amazonaws.com" .Values.global.s3.endpoint }}
|
||||
|
|
|
|||
|
|
@ -67,9 +67,9 @@ spec:
|
|||
# 4. Using AWS itself.
|
||||
# AWS uses bucketname.endpoint/object while others use endpoint/bucketname/object
|
||||
- name: ASSETS_ORIGIN
|
||||
{{- if eq .Values.global.s3.endpoint "sourcemapreader://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
# Local minio Installation
|
||||
value: 'sourcemapreaders://{{ .Values.global.domainName }}:{{.Values.global.controller.service.ports.https}}/{{.Values.global.s3.assetsBucket}}'
|
||||
value: 'sourcemapreaders://{{ .Values.global.domainName }}:{{.Values.global.ingress.controller.service.ports.https}}/{{.Values.global.s3.assetsBucket}}'
|
||||
{{- else if contains "amazonaws.com" .Values.global.s3.endpoint }}
|
||||
# AWS S3
|
||||
# Ref: sourcemapreaders://stackoverflow.com/questions/53634583/go-template-split-string-by-delimiter
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
- name: SITE_URL
|
||||
value: 'https://{{ .Values.global.domainName }}'
|
||||
- name: S3_HOST
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
value: 'https://{{ .Values.global.domainName }}:{{ .Values.global.ingress.controller.service.ports.https}}'
|
||||
{{- else}}
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
- name: SITE_URL
|
||||
value: 'https://{{ .Values.global.domainName }}'
|
||||
- name: S3_HOST
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
value: 'https://{{ .Values.global.domainName }}:{{ .Values.global.ingress.controller.service.ports.https}}'
|
||||
{{- else}}
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ spec:
|
|||
- name: SITE_URL
|
||||
value: 'https://{{ .Values.global.domainName }}'
|
||||
- name: S3_HOST
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
value: 'https://{{ .Values.global.domainName }}:{{ .Values.global.ingress.controller.service.ports.https}}'
|
||||
{{- else}}
|
||||
value: '{{ .Values.global.s3.endpoint }}'
|
||||
|
|
|
|||
|
|
@ -55,7 +55,6 @@ sessionsCleaner:
|
|||
# Common env values are from chalice for the crons
|
||||
chalice:
|
||||
env:
|
||||
ch_host: clickhouse-openreplay-clickhouse.db.svc.cluster.local
|
||||
ch_port: 9000
|
||||
captcha_server: ''
|
||||
captcha_key: ''
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@ function migrate() {
|
|||
echo "Migrating clickhouse version $version"
|
||||
# For now, we can ignore the clickhouse db inject errors.
|
||||
# TODO: Better error handling in script
|
||||
clickhouse-client -h clickhouse-openreplay-clickhouse.db.svc.cluster.local --port 9000 --multiquery < ${clickhousedir}/${version}/${version}.sql || true
|
||||
clickhouse-client -h ${CH_HOST} --port ${CH_PORT} --multiquery < ${clickhousedir}/${version}/${version}.sql || true
|
||||
done
|
||||
}
|
||||
|
||||
|
|
@ -19,7 +19,7 @@ function init() {
|
|||
echo "Initializing clickhouse"
|
||||
for file in `ls ${clickhousedir}/create/*.sql`; do
|
||||
echo "Injecting $file"
|
||||
clickhouse-client -h clickhouse-openreplay-clickhouse.db.svc.cluster.local --port 9000 --multiquery < $file || true
|
||||
clickhouse-client -h ${CH_HOST} --port ${CH_PORT} --multiquery < $file || true
|
||||
done
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,7 +7,8 @@ cd /tmp
|
|||
|
||||
buckets=("mobs" "sessions-assets" "sourcemaps" "sessions-mobile-assets" "quickwit" "vault-data")
|
||||
|
||||
mc alias set minio http://minio.db.svc.cluster.local:9000 $MINIO_ACCESS_KEY $MINIO_SECRET_KEY
|
||||
|
||||
mc alias set minio $MINIO_HOST $MINIO_ACCESS_KEY $MINIO_SECRET_KEY
|
||||
|
||||
function init() {
|
||||
echo "Initializing minio"
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ if [ "x$VERBOSE" == "x1" ]; then
|
|||
set -x
|
||||
fi
|
||||
|
||||
export VAULT_ADDR=http://databases-vault.db.svc.cluster.local:8200
|
||||
export VAULT_ADDR=${VAULT_ADDR}
|
||||
|
||||
|
||||
# Check vault is already initialized, if so return
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ spec:
|
|||
error_connection=1
|
||||
|
||||
while [ $exit_count -le 20 ];do
|
||||
nc -zv clickhouse-openreplay-clickhouse.db.svc.cluster.local 9000 -w 1
|
||||
nc -zv {{.Values.global.clickhouse.chHost}} 9000 -w 1
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "[info] clickhouse is not up; retrying in 5 seconds"
|
||||
sleep 4
|
||||
|
|
@ -103,7 +103,7 @@ spec:
|
|||
mountPath: /opt/openreplay
|
||||
- name: dbmigrationscript
|
||||
mountPath: /opt/migrations/
|
||||
{{- if eq .Values.global.s3.endpoint "http://minio.db.svc.cluster.local:9000" }}
|
||||
{{- if contains "minio" .Values.global.s3.endpoint }}
|
||||
- name: minio
|
||||
image: bitnami/minio:2020.10.9-debian-10-r6
|
||||
env:
|
||||
|
|
@ -119,6 +119,8 @@ spec:
|
|||
value: "{{ .Values.minio.global.minio.accessKey }}"
|
||||
- name: MINIO_SECRET_KEY
|
||||
value: "{{ .Values.minio.global.minio.secretKey }}"
|
||||
- name: MINIO_HOST
|
||||
value: "{{ .Values.global.s3.endpoint }}"
|
||||
command:
|
||||
- /bin/bash
|
||||
- /opt/migrations/dbops.sh
|
||||
|
|
@ -147,6 +149,8 @@ spec:
|
|||
value: "{{ .Values.global.postgresql.postgresqlUser }}"
|
||||
- name: PGPASSWORD
|
||||
value: "{{ .Values.global.postgresql.postgresqlPassword }}"
|
||||
- name: VAULT_ADDR
|
||||
value: "{{ .Values.global.vault.vaultHost }}"
|
||||
image: hashicorp/vault:1.12.0
|
||||
command:
|
||||
- /bin/sh
|
||||
|
|
@ -208,6 +212,10 @@ spec:
|
|||
value: "{{ .Values.fromVersion }}"
|
||||
- name: CHART_APP_VERSION
|
||||
value: "{{ .Chart.AppVersion }}"
|
||||
- name: CH_HOST
|
||||
value: "{{.Values.global.clickhouse.chHost}}"
|
||||
- name: CH_PORT
|
||||
value: "{{.Values.global.clickhouse.service.webPort}}"
|
||||
command:
|
||||
- /bin/bash
|
||||
- /opt/migrations/dbops.sh
|
||||
|
|
|
|||
|
|
@ -81,3 +81,26 @@ ingress-nginx:
|
|||
## repository:
|
||||
tag: "v1.3.0"
|
||||
digest: ""
|
||||
|
||||
# For enterpriseEdition Only
|
||||
vault: &vault
|
||||
vaultHost: databases-vault.db.svc.cluster.local:8200
|
||||
annotations:
|
||||
vault.hashicorp.com/agent-cache-enable: "true"
|
||||
vault.hashicorp.com/agent-inject: "true"
|
||||
vault.hashicorp.com/agent-inject-token: "true"
|
||||
vault.hashicorp.com/template-static-secret-render-interval: 2m
|
||||
# vault.hashicorp.com/log-level: debug
|
||||
vault.hashicorp.com/agent-run-as-same-user: "true"
|
||||
vault.hashicorp.com/agent-inject-command-processor.properties: |
|
||||
pkill -TERM openreplay
|
||||
vault.hashicorp.com/role: pgaccess
|
||||
vault.hashicorp.com/agent-inject-secret-processor.properties: database/creds/db-app
|
||||
vault.hashicorp.com/agent-inject-template-processor.properties: |
|
||||
{{- with secret "database/creds/db-app" -}}
|
||||
POSTGRES_STRING=postgres://{{.Data.username}}:{{.Data.password}}@postgresql.db.svc.cluster.local:5432/postgres
|
||||
{{- end -}}
|
||||
|
||||
global:
|
||||
vault: *vault
|
||||
clusterDomain: "svc.cluster.local"
|
||||
|
|
|
|||
|
|
@ -17,9 +17,12 @@ postgresql: &postgres
|
|||
# asdf
|
||||
# cpu: 2
|
||||
|
||||
clickhouse:
|
||||
clickhouse: &clickhouse
|
||||
# For enterpriseEdition
|
||||
enabled: false
|
||||
chHost: clickhouse-openreplay-clickhouse.db.svc.cluster.local
|
||||
service:
|
||||
webPort: 9000
|
||||
|
||||
quickwit: &quickwit
|
||||
# For enterpriseEdition
|
||||
|
|
@ -91,6 +94,7 @@ ingress-nginx: &ingress-nginx
|
|||
force-ssl-redirect: false
|
||||
proxy-body-size: 10m
|
||||
|
||||
|
||||
# Application specific variables
|
||||
global:
|
||||
ingress: *ingress-nginx
|
||||
|
|
@ -98,6 +102,8 @@ global:
|
|||
kafka: *kafka
|
||||
redis: *redis
|
||||
quickwit: *quickwit
|
||||
clickhouse: *clickhouse
|
||||
# Registry URL from where the OR images should be pulled.
|
||||
openReplayContainerRegistry: "public.ecr.aws/p1t3u8a3"
|
||||
# secret key to inject to assist and peers service
|
||||
assistKey: "SetARandomStringHere"
|
||||
|
|
@ -172,21 +178,3 @@ chalice:
|
|||
# cpu: 512m
|
||||
# memory: 2056Mi
|
||||
|
||||
# For enterpriseEdition Only
|
||||
vault:
|
||||
enabled: false
|
||||
annotations:
|
||||
vault.hashicorp.com/agent-cache-enable: "true"
|
||||
vault.hashicorp.com/agent-inject: "true"
|
||||
vault.hashicorp.com/agent-inject-token: "true"
|
||||
vault.hashicorp.com/template-static-secret-render-interval: 2m
|
||||
# vault.hashicorp.com/log-level: debug
|
||||
vault.hashicorp.com/agent-run-as-same-user: "true"
|
||||
vault.hashicorp.com/agent-inject-command-processor.properties: |
|
||||
pkill -TERM openreplay
|
||||
vault.hashicorp.com/role: pgaccess
|
||||
vault.hashicorp.com/agent-inject-secret-processor.properties: database/creds/db-app
|
||||
vault.hashicorp.com/agent-inject-template-processor.properties: |
|
||||
{{- with secret "database/creds/db-app" -}}
|
||||
POSTGRES_STRING=postgres://{{.Data.username}}:{{.Data.password}}@postgresql.db.svc.cluster.local:5432/postgres
|
||||
{{- end -}}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue