Skip to content

Commit 841d538

Browse files
authored
Merge pull request #230 from dhanendra06/MOSIP-20
MOSIP-43648: cherry-pick the helm changes to release-1.3.x
2 parents caae75b + bf2c7d3 commit 841d538

4 files changed

Lines changed: 80 additions & 15 deletions

File tree

deploy/install.sh

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,7 @@ if [ $# -ge 1 ] ; then
77
fi
88

99
NS=kernel
10-
CHART_VERSION=1.3.0-beta.1-develop
10+
CHART_VERSION=1.3.0-develop
1111

1212
echo Create $NS namespace
1313
kubectl create ns $NS

helm/auditmanager/Chart.yaml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@ apiVersion: v2
22
name: auditmanager
33
description: A Helm chart for MOSIP Auditmanager module
44
type: application
5-
version: 1.3.0-beta.1-develop
5+
version: 1.3.0-develop
66
appVersion: ""
77
dependencies:
88
- name: common

helm/auditmanager/templates/deployment.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,7 @@ spec:
3434
{{- if .Values.hostAliases }}
3535
hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
3636
{{- end }}
37+
terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds | default 60 }}
3738
{{- if .Values.affinity }}
3839
affinity: {{- include "common.tplvalues.render" ( dict "value" .Values.affinity "context" $) | nindent 8 }}
3940
{{- else }}

helm/auditmanager/values.yaml

Lines changed: 77 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -12,18 +12,23 @@
1212
##
1313
commonLabels:
1414
app.kubernetes.io/component: mosip
15+
1516
## Add annotations to all the deployed resources
1617
##
1718
commonAnnotations: {}
19+
1820
## Kubernetes Cluster Domain
1921
##
2022
clusterDomain: cluster.local
23+
2124
## Extra objects to deploy (value evaluated as a template)
2225
##
2326
extraDeploy: []
27+
2428
## Number of nodes
2529
##
2630
replicaCount: 1
31+
2732
service:
2833
type: ClusterIP
2934
port: 80
@@ -44,10 +49,11 @@ service:
4449
## ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
4550
##
4651
externalTrafficPolicy: Cluster
52+
4753
image:
4854
registry: docker.io
49-
repository: mosipid/kernel-auditmanager-service
50-
tag: 1.3.0-beta.1
55+
repository: mosipqa/kernel-auditmanager-service
56+
tag: 1.3.x
5157
## Specify a imagePullPolicy
5258
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
5359
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
@@ -59,8 +65,10 @@ image:
5965
##
6066
# pullSecrets:
6167
# - myRegistryKeySecretName
68+
6269
## Port on which this particular spring service module is running.
6370
springServicePort: 8081
71+
6472
## Configure extra options for liveness and readiness probes
6573
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
6674
##
@@ -74,6 +82,7 @@ startupProbe:
7482
timeoutSeconds: 5
7583
failureThreshold: 30
7684
successThreshold: 1
85+
7786
livenessProbe:
7887
enabled: true
7988
httpGet:
@@ -84,27 +93,31 @@ livenessProbe:
8493
timeoutSeconds: 5
8594
failureThreshold: 6
8695
successThreshold: 1
96+
8797
readinessProbe:
8898
enabled: true
8999
httpGet:
90100
path: /v1/auditmanager/actuator/health
91101
port: 8081
92-
initialDelaySeconds: 0
93-
periodSeconds: 10
94-
timeoutSeconds: 5
102+
initialDelaySeconds: 30
103+
periodSeconds: 15
104+
timeoutSeconds: 10
95105
failureThreshold: 6
96106
successThreshold: 1
107+
97108
##
98109
# existingConfigmap:
99110

100111
## Command and args for running the container (set to default if not set). Use array form
101112
##
102113
command: []
103114
args: []
115+
104116
## Deployment pod host aliases
105117
## https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
106118
##
107119
hostAliases: []
120+
108121
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
109122
##
110123
resources:
@@ -113,36 +126,42 @@ resources:
113126
# resources, such as Minikube. If you do want to specify resources, uncomment the following
114127
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
115128
limits:
116-
cpu: 1000m
117-
memory: 2500Mi
129+
cpu: 2000m
130+
memory: 5000Mi
118131
requests:
119-
cpu: 100m
132+
cpu: 300m
120133
memory: 1500Mi
134+
121135
additionalResources:
122136
## Specify any JAVA_OPTS string here. These typically will be specified in conjunction with above resources
123137
## Example: java_opts: "-Xms500M -Xmx500M"
124-
javaOpts: "-Xms1750M -Xmx1750M"
138+
javaOpts: "-Xms3050M -Xmx3050M"
139+
125140
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
126141
## Clamav container already runs as 'mosip' user, so we may not need to enable this
127142
containerSecurityContext:
128143
enabled: false
129144
runAsUser: mosip
130145
runAsNonRoot: true
146+
131147
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
132148
##
133149
podSecurityContext:
134150
enabled: false
135151
fsGroup: 1001
152+
136153
## Pod affinity preset
137154
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
138155
## Allowed values: soft, hard
139156
##
140157
podAffinityPreset: ""
158+
141159
## Pod anti-affinity preset
142160
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
143161
## Allowed values: soft, hard
144162
##
145163
podAntiAffinityPreset: soft
164+
146165
## Node affinity preset
147166
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
148167
## Allowed values: soft, hard
@@ -164,69 +183,93 @@ nodeAffinityPreset:
164183
## - e2e-az2
165184
##
166185
values: []
186+
167187
## Affinity for pod assignment. Evaluated as a template.
168188
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
169189
##
170190
affinity: {}
191+
171192
## Node labels for pod assignment. Evaluated as a template.
172193
## ref: https://kubernetes.io/docs/user-guide/node-selection/
173194
##
174195
nodeSelector: {}
196+
175197
## Tolerations for pod assignment. Evaluated as a template.
176198
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
177199
##
178200
tolerations: []
201+
179202
## Pod extra labels
180203
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
181204
##
182205
podLabels: {}
206+
183207
## Annotations for server pods.
184208
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
185209
##
186210
podAnnotations: {}
211+
187212
## pods' priority.
188213
## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
189214
##
190215
# priorityClassName: ""
191216

192217
## lifecycleHooks for the container to automate configuration before or after startup.
193218
##
194-
lifecycleHooks: {}
219+
lifecycleHooks:
220+
preStop:
221+
exec:
222+
command:
223+
- sh
224+
- -c
225+
- sleep 30
226+
227+
## Termination grace perios : the maximum amount of time (in seconds) Kubernetes will wait for a container to gracefully shut down
228+
terminationGracePeriodSeconds: 60
229+
195230
## Custom Liveness probes for
196231
##
197232
customLivenessProbe: {}
233+
198234
## Custom Rediness probes
199235
##
200236
customReadinessProbe: {}
237+
201238
## Update strategy - only really applicable for deployments with RWO PVs attached
202239
## If replicas = 1, an update can get "stuck", as the previous pod remains attached to the
203240
## PV, and the "incoming" pod can never start. Changing the strategy to "Recreate" will
204241
## terminate the single previous pod, so that the new, incoming pod can attach to the PV
205242
##
206243
updateStrategy:
207244
type: RollingUpdate
245+
208246
## Additional environment variables to set
209247
## Example:
210248
## extraEnvVars:
211249
## - name: FOO
212250
## value: "bar"
213251
##
214252
extraEnvVars: []
253+
215254
## ConfigMap with extra environment variables that used
216255
##
217256
extraEnvVarsCM:
218257
- global
219258
- config-server-share
220259
- artifactory-share
260+
221261
## Secret with extra environment variables
222262
##
223263
extraEnvVarsSecret:
264+
224265
## Extra volumes to add to the deployment
225266
##
226267
extraVolumes: []
268+
227269
## Extra volume mounts to add to the container
228270
##
229271
extraVolumeMounts: []
272+
230273
## Add init containers to the pods.
231274
## Example:
232275
## initContainers:
@@ -241,7 +284,17 @@ initContainers:
241284
- command:
242285
- /bin/bash
243286
- -c
244-
- if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host" |sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST $HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST" -connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool -delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts" -storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer" ; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host; EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts; fi
287+
- if [ "$ENABLE_INSECURE" = "true" ]; then HOST=$( env | grep "mosip-api-internal-host"
288+
|sed "s/mosip-api-internal-host=//g"); if [ -z "$HOST" ]; then echo "HOST
289+
$HOST is empty; EXITING"; exit 1; fi; openssl s_client -servername "$HOST"
290+
-connect "$HOST":443 > "$HOST.cer" 2>/dev/null & sleep 2 ; sed -i -ne '/-BEGIN
291+
CERTIFICATE-/,/-END CERTIFICATE-/p' "$HOST.cer"; cat "$HOST.cer"; /usr/local/openjdk-11/bin/keytool
292+
-delete -alias "$HOST" -keystore $JAVA_HOME/lib/security/cacerts -storepass
293+
changeit; /usr/local/openjdk-11/bin/keytool -trustcacerts -keystore "$JAVA_HOME/lib/security/cacerts"
294+
-storepass changeit -noprompt -importcert -alias "$HOST" -file "$HOST.cer"
295+
; if [ $? -gt 0 ]; then echo "Failed to add SSL certificate for host $host;
296+
EXITING"; exit 1; fi; cp /usr/local/openjdk-11/lib/security/cacerts /cacerts;
297+
fi
245298
env:
246299
- name: ENABLE_INSECURE
247300
value: "true"
@@ -259,6 +312,7 @@ initContainers:
259312
volumeMounts:
260313
- mountPath: /cacerts
261314
name: cacerts
315+
262316
## Add sidecars to the pods.
263317
## Example:
264318
## sidecars:
@@ -270,6 +324,7 @@ initContainers:
270324
## containerPort: 1234
271325
##
272326
sidecars: {}
327+
273328
persistence:
274329
enabled: false
275330
## If defined, storageClassName: <storageClass>
@@ -291,15 +346,16 @@ persistence:
291346
existingClaim:
292347
# Dir where config and keys are written inside container
293348
mountDir:
349+
294350
## Init containers parameters:
295351
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
296352
##
297353
volumePermissions:
298354
enabled: false
299355
image:
300356
registry: docker.io
301-
repository: bitnami/bitnami-shell
302-
tag: "10"
357+
repository: mosipid/os-shell
358+
tag: "12-debian-12-r46"
303359
pullPolicy: Always
304360
## Optionally specify an array of imagePullSecrets.
305361
## Secrets must be manually created in the namespace.
@@ -324,10 +380,12 @@ volumePermissions:
324380
## cpu: 100m
325381
## memory: 128Mi
326382
##
383+
327384
## Specifies whether RBAC resources should be created
328385
##
329386
rbac:
330387
create: true
388+
331389
## Specifies whether a ServiceAccount should be created
332390
##
333391
serviceAccount:
@@ -336,6 +394,7 @@ serviceAccount:
336394
## If not set and create is true, a name is generated using the fullname template
337395
##
338396
name:
397+
339398
## Prometheus Metrics
340399
##
341400
metrics:
@@ -345,7 +404,9 @@ metrics:
345404
##
346405
podAnnotations:
347406
prometheus.io/scrape: "true"
407+
348408
endpointPath: /v1/auditmanager/actuator/prometheus
409+
349410
## Prometheus Service Monitor
350411
## ref: https://github.com/coreos/prometheus-operator
351412
##
@@ -372,6 +433,7 @@ metrics:
372433
## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusspec
373434
##
374435
additionalLabels: {}
436+
375437
## Custom PrometheusRule to be defined
376438
## The value is evaluated as a template, so, for example, the value can depend on .Release or .Chart
377439
## ref: https://github.com/coreos/prometheus-operator#customresourcedefinitions
@@ -389,9 +451,11 @@ metrics:
389451
# labels:
390452
# severity: error
391453
rules: []
454+
392455
## Only internal access
393456
istio:
394457
enabled: true
395458
gateway: istio-system/internal
396459
prefix: /v1/auditmanager
460+
397461
enable_insecure: false

0 commit comments

Comments
 (0)