diff --git a/deploy/helm/Chart.lock b/deploy/helm/Chart.lock deleted file mode 100644 index 95e1eacd74..0000000000 --- a/deploy/helm/Chart.lock +++ /dev/null @@ -1,9 +0,0 @@ -dependencies: -- name: redis - repository: https://charts.bitnami.com/bitnami - version: 16.11.2 -- name: mongodb - repository: https://charts.bitnami.com/bitnami - version: 12.1.16 -digest: sha256:5c331a59e883c66893d2896c24aa2c4edf53423b12d440d1ec832e2c18637805 -generated: "2023-01-26T10:40:02.874578+05:30" diff --git a/deploy/helm/Chart.yaml b/deploy/helm/Chart.yaml index d4fae9cfa7..d8eebe8250 100644 --- a/deploy/helm/Chart.yaml +++ b/deploy/helm/Chart.yaml @@ -11,15 +11,25 @@ sources: - https://github.com/appsmithorg/appsmith home: https://www.appsmith.com/ icon: https://assets.appsmith.com/appsmith-icon.png -version: 2.3.0 +version: 3.6.0 dependencies: -- condition: redis.enabled - name: redis - version: 16.11.2 - appVersion: 6.2.7 - repository: https://charts.bitnami.com/bitnami -- condition: mongodb.enabled - name: mongodb - version: 12.1.16 - appVersion: 6.0.10 - repository: https://charts.bitnami.com/bitnami + - condition: redis.enabled + name: redis + version: 16.11.2 + appVersion: 6.2.7 + repository: https://charts.bitnami.com/bitnami + - condition: mongodb.enabled + name: mongodb + version: 12.1.16 + appVersion: 6.0.10 + repository: https://charts.bitnami.com/bitnami + - condition: postgresql.enabled + name: postgresql + version: 11.9.5 + appVersion: 14.12.0 + repository: https://charts.bitnami.com/bitnami + - condition: prometheus.enabled + name: prometheus + version: 25.27.0 + appVersion: 2.54.1 + repository: https://prometheus-community.github.io/helm-charts diff --git a/deploy/helm/README.md b/deploy/helm/README.md index f0ca5697e9..f4b3d087be 100644 --- a/deploy/helm/README.md +++ b/deploy/helm/README.md @@ -174,6 +174,8 @@ To change Appsmith configurations, you can use configuration UI in application o | `applicationConfig.APPSMITH_OAUTH2_GOOGLE_CLIENT_SECRET`| `""` | | `applicationConfig.APPSMITH_OAUTH2_GITHUB_CLIENT_ID` | `""` | | `applicationConfig.APPSMITH_OAUTH2_GITHUB_CLIENT_SECRET`| `""` | +| `applicationConfig.APPSMITH_OAUTH2_OIDC_CLIENT_ID` | `""` | +| `applicationConfig.APPSMITH_OAUTH2_OIDC_CLIENT_SECRET` | `""` | | `applicationConfig.APPSMITH_CLIENT_LOG_LEVEL` | `""` | | `applicationConfig.APPSMITH_MAIL_ENABLED` | `""` | | `applicationConfig.APPSMITH_MAIL_HOST` | `""` | diff --git a/deploy/helm/templates/configMap.yaml b/deploy/helm/templates/configMap.yaml index 4e3ea9a793..2b870dc866 100644 --- a/deploy/helm/templates/configMap.yaml +++ b/deploy/helm/templates/configMap.yaml @@ -1,8 +1,10 @@ {{- $nameSpace := include "appsmith.namespace" . -}} -{{- $name := include "appsmith.fullname" . -}} {{- $mongoUser := .Values.mongodb.auth.rootUser -}} {{- $mongoPassword := .Values.mongodb.auth.rootPassword -}} {{- $mongoServicename := .Values.mongodb.service.nameOverride -}} +{{- $postgresqlUser := .Values.postgresql.auth.username -}} +{{- $postgresqlPassword := .Values.postgresql.auth.password -}} +{{- $postgresqlDatabase := .Values.postgresql.auth.database -}} {{- $releaseName := .Release.Name -}} apiVersion: v1 kind: ConfigMap @@ -18,11 +20,28 @@ data: {{- end }} {{- range $key, $value := .Values.applicationConfig }} + {{- if and (eq "APPSMITH_KEYCLOAK_DB_DRIVER" $key) ( not $value) }} + {{ $key }}: {{ $.Values.postgresql.enabled | ternary "postgresql" "h2" | quote }} + {{- end }} + + {{- if and (eq "APPSMITH_KEYCLOAK_DB_URL" $key) ( not $value) }} + {{ $key }}: {{ $.Values.postgresql.enabled | ternary (printf "%s-postgresql.%s.svc.cluster.local:5432/%s" $releaseName $nameSpace $postgresqlDatabase) "${jboss.server.data.dir}" | quote }} + {{- end }} + + {{- if and (eq "APPSMITH_KEYCLOAK_DB_USERNAME" $key) ( not $value) }} + {{ $key }}: {{ $.Values.postgresql.enabled | ternary $postgresqlUser "sa" | quote }} + {{- end }} + + {{- if and (eq "APPSMITH_KEYCLOAK_DB_PASSWORD" $key) ( not $value) }} + {{ $key }}: {{ $.Values.postgresql.enabled | ternary $postgresqlPassword "sa" | quote }} + {{- end }} + {{- if and (eq "APPSMITH_REDIS_URL" $key) ( not $value) }} {{- if $.Values.redis.enabled }} {{ $key }}: redis://{{ $releaseName }}-redis-master.{{ $nameSpace }}.svc.cluster.local:6379 {{- end }} {{- end }} + {{- if $value }} {{ $key }}: {{ $value | quote }} {{- end }} diff --git a/deploy/helm/templates/statefulset.yaml b/deploy/helm/templates/deployment.yaml similarity index 53% rename from deploy/helm/templates/statefulset.yaml rename to deploy/helm/templates/deployment.yaml index 9a17907b27..08d981366f 100644 --- a/deploy/helm/templates/statefulset.yaml +++ b/deploy/helm/templates/deployment.yaml @@ -1,15 +1,27 @@ +{{- $updateStrategy := .Values.updateStrategy | default dict }} +{{- $postgresuser := .Values.postgresql.auth.username }} +{{- $postgrespass := .Values.postgresql.auth.password }} +{{- $postgrespass := .Values.postgresql.auth.password }} +{{- $releaseName := include "appsmith.fullname" . -}} apiVersion: apps/v1 -kind: StatefulSet +kind: {{ if not .Values.autoscaling.enabled }}StatefulSet{{- else }}Deployment{{- end }} metadata: name: {{ include "appsmith.fullname" . }} namespace: {{ include "appsmith.namespace" . }} labels: {{- include "appsmith.labels" . | nindent 4 }} spec: + {{- if not .Values.autoscaling.enabled }} replicas: 1 serviceName: {{ include "appsmith.fullname" . }} updateStrategy: - type: {{ .Values.strategyType }} + {{- else }} + strategy: + type: {{ .Values.strategyType | default "RollingUpdate" }} + rollingUpdate: + maxSurge: {{ dig "maxSurge" 1 $updateStrategy }} + maxUnavailable: {{ dig "maxUnavailable" "0" $updateStrategy }} + {{- end }} selector: matchLabels: {{- include "appsmith.selectorLabels" . | nindent 6 }} @@ -25,6 +37,10 @@ spec: {{- toYaml .Values.podLabels | nindent 8 }} {{- end }} spec: + {{- with .Values.topologySpreadConstraints }} + topologySpreadConstraints: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.schedulerName }} schedulerName: {{ .Values.schedulerName | quote }} {{- end }} @@ -58,16 +74,26 @@ spec: {{- if ((.Values.initContainer.mongodb).image) }} image: {{ .Values.initContainer.mongodb.image }} {{- else }} - image: "docker.io/bitnami/mongodb:5.0.21-debian-11-r5" + image: "docker.io/bitnami/mongodb:6.0.13" {{- end }} - command: ['sh', '-c', "until mongo --host appsmith-mongodb.{{.Release.Namespace}}.svc.cluster.local --eval 'db.runCommand({ping:1})' ; do echo waiting for mongo; sleep 2; done"] + command: ['sh', '-c', "until mongosh --host appsmith-mongodb.{{.Release.Namespace}}.svc.cluster.local --eval 'db.runCommand({ping:1})' ; do echo waiting for mongo; sleep 2; done"] + {{- end }} + {{- if .Values.postgresql.enabled }} + - name: psql-init-container + {{- if ((.Values.initContainer.postgresql).image) }} + image: {{ .Values.initContainer.postgresql.image }} + {{- else}} + image: docker.io/bitnami/postgresql:14.5.0-debian-11-r21 + {{- end}} + command: ['sh', '-c', "until pg_isready -U $postgresuser -d $postgresdb -h {{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local; do echo waiting for postgresql; sleep 2; done"] {{- end }} containers: - name: {{ .Values.containerName }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} - image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- $customImage := .Values._image | default dict }} + image: {{ dig "registry" "index.docker.io" $customImage }}/{{ dig "repository" "appsmith/appsmith-ee" $customImage }}:{{ dig "tag" (.Values.image.tag | default "latest") $customImage }} + imagePullPolicy: {{ dig "pullPolicy" "IfNotPresent" $customImage }} ports: - name: http containerPort: {{ .Values.HTTPContainerPort | default 80 }} @@ -75,23 +101,26 @@ spec: - name: https containerPort: 443 protocol: TCP + - name: metrics + containerPort: {{ .Values.metrics.port }} + protocol: TCP {{- $probes := .Values.probes | default dict }} startupProbe: # The `livenessProbe` and `readinessProbe` will be disabled until the `startupProbe` is successful. httpGet: - port: http + port: {{ dig "startupProbe" "port" "80" $probes }} path: {{ dig "startupProbe" "api" "/api/v1/health" $probes }} failureThreshold: {{ dig "startupProbe" "failureThreshold" 3 $probes }} periodSeconds: {{ dig "startupProbe" "periodSeconds" 60 $probes }} livenessProbe: httpGet: - port: http + port: {{ dig "livenessProbe" "port" "80" $probes }} path: {{ dig "livenessProbe" "api" "/api/v1/health" $probes }} failureThreshold: {{ dig "livenessProbe" "failureThreshold" 3 $probes }} periodSeconds: {{ dig "livenessProbe" "periodSeconds" 60 $probes }} readinessProbe: httpGet: - port: http + port: {{ dig "readinessProbe" "port" "80" $probes }} path: {{ dig "readinessProbe" "api" "/api/v1/health" $probes }} failureThreshold: {{ dig "readinessProbe" "failureThreshold" 3 $probes }} periodSeconds: {{ dig "readinessProbe" "periodSeconds" 60 $probes }} @@ -100,6 +129,10 @@ spec: volumeMounts: - name: data mountPath: /appsmith-stacks + {{- if .Values.customCAcert }} + - name: ca-cert + mountPath: "/appsmith-stacks/ca-certs" + {{- end }} env: {{- if .Values.HTTPContainerPort }} - name: PORT @@ -107,6 +140,10 @@ spec: {{- end }} - name: APPSMITH_ENABLE_EMBEDDED_DB value: "0" + - name: JGROUPS_DISCOVERY_PROTOCOL + value: kubernetes.KUBE_PING + - name: APPSMITH_HEADLESS_SVC + value: {{ include "appsmith.fullname" . }}-headless envFrom: - configMapRef: name: {{ include "appsmith.fullname" . }} @@ -114,28 +151,57 @@ spec: - secretRef: name: {{ .Values.secretName }} {{- end }} + {{- if .Values.secrets }} + - secretRef: + name: {{ include "appsmith.fullname" . }} + {{- end }} + {{- if .Values.externalSecrets.enabled }} + - secretRef: + name: "{{ include "appsmith.fullname" . }}-external-secret" + {{- end }} {{- if .Values.image.pullSecrets}} imagePullSecrets: - name: {{ .Values.image.pullSecrets }} {{- end }} volumes: + {{- if .Values.customCAcert }} + - name: ca-cert + configMap: + name: {{ $releaseName }}-trustedca + items: + {{- range $key, $value := .Values.customCAcert }} + - key: {{ $key }} + path: {{ $key }}.crt + {{- end }} + {{- end }} {{- if not .Values.persistence.enabled }} - name: data emptyDir: {} - {{- else }} + {{- else if and (not .Values.autoscaling.enabled) (.Values.persistence.enabled) }} volumeClaimTemplates: - metadata: name: data - {{- if .Values.persistence.annotations }} - annotations: {{- include "tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} + {{- if .Values.persistence.annotations}} + annotations: + {{- include "tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }} {{- end }} spec: accessModes: - {{- range .Values.persistence.accessModes }} - - {{ . | quote }} - {{- end }} + - ReadWriteOnce resources: requests: storage: {{ .Values.persistence.size | quote }} - {{ include "storage.class" (dict "persistence" .Values.persistence "global" .Values.global) }} + {{- if .Values.persistence.volumeClaimTemplates.selector }} + selector: + {{- include "tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }} + {{- end }} + {{ include "storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }} + {{- else }} + - name: data + persistentVolumeClaim: + {{- if .Values.persistence.existingClaim.enabled }} + claimName: {{ .Values.persistence.existingClaim.claimName }} + {{- else }} + claimName: {{ include "appsmith.fullname" . }} + {{- end }} {{- end }} diff --git a/deploy/helm/templates/external-secrets.yaml b/deploy/helm/templates/external-secrets.yaml new file mode 100644 index 0000000000..179c991b4f --- /dev/null +++ b/deploy/helm/templates/external-secrets.yaml @@ -0,0 +1,18 @@ +{{- if .Values.externalSecrets.enabled }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: "{{ include "appsmith.fullname" . }}-external-secret" + namespace: {{ include "appsmith.namespace" . }} +spec: + refreshInterval: {{ .Values.externalSecrets.refreshInterval }} + secretStoreRef: + name: secretstore + kind: SecretStore + target: + name: "{{ include "appsmith.fullname" . }}-external-secret" + creationPolicy: Owner + dataFrom: + - extract: + key: {{ .Values.externalSecrets.remoteSecretName }} +{{- end }} diff --git a/deploy/helm/templates/headless-svc.yaml b/deploy/helm/templates/headless-svc.yaml new file mode 100644 index 0000000000..60c85fe4f3 --- /dev/null +++ b/deploy/helm/templates/headless-svc.yaml @@ -0,0 +1,31 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "appsmith.fullname" . }}-headless + namespace: {{ include "appsmith.namespace" . }} + labels: + {{- include "appsmith.labels" . | nindent 4 }} + {{- if or .Values.service.annotations .Values.commonAnnotations }} + annotations: + {{- if .Values.service.annotations }} + {{- include "tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} + {{- end }} + {{- if .Values.commonAnnotations }} + {{- include "tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} + {{- end }} + {{- end }} +spec: + type: ClusterIP + clusterIP: None + clusterIPs: + - None + internalTrafficPolicy: Cluster + ipFamilies: + - IPv4 + ipFamilyPolicy: SingleStack + ports: + - name: http + port: 8080 + targetPort: 8080 + selector: + {{- include "appsmith.selectorLabels" . | nindent 4 }} diff --git a/deploy/helm/templates/hpa.yml b/deploy/helm/templates/hpa.yml new file mode 100644 index 0000000000..2cffa1e02b --- /dev/null +++ b/deploy/helm/templates/hpa.yml @@ -0,0 +1,41 @@ +{{- if and (.Values.autoscaling.enabled) (not .Values.keda.enabled) }} +apiVersion: {{ ternary "autoscaling/v2" "autoscaling/v2beta2" (.Capabilities.APIVersions.Has "autoscaling/v2") }} +kind: HorizontalPodAutoscaler +metadata: + name: {{ include "appsmith.fullname" . }} + namespace: {{ include "appsmith.namespace" . }} + labels: + {{- include "appsmith.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "appsmith.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: + {{- if .Values.autoscaling.targetCPUUtilizationPercentage }} + - type: Resource + resource: + name: cpu + {{- if .Capabilities.APIVersions.Has "autoscaling/v2"}} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- else }} + targetAverageUtilization: {{ .Values.autoscaling.targetCPUUtilizationPercentage }} + {{- end }} + {{- end }} + {{- if .Values.autoscaling.targetMemoryUtilizationPercentage }} + - type: Resource + resource: + name: memory + {{- if .Capabilities.APIVersions.Has "autoscaling/v2"}} + target: + type: Utilization + averageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- else }} + targetAverageUtilization: {{ .Values.autoscaling.targetMemoryUtilizationPercentage }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/templates/import.yaml b/deploy/helm/templates/import.yaml new file mode 100644 index 0000000000..0b196ce561 --- /dev/null +++ b/deploy/helm/templates/import.yaml @@ -0,0 +1,28 @@ +{{- /* Fail helm chart if autoscaling is enabled and mongo is disabled */ -}} +{{- if and ( .Values.autoscaling.enabled ) ( not .Values.mongodb.enabled ) }} +{{- if and ( not .Values.applicationConfig.APPSMITH_DB_URL ) ( not .Values.applicationConfig.APPSMITH_MONGODB_URI ) }} +{{- fail "To enable autoscaling on Appsmith, MongoDB needs to be enabled or an external MongoDB needs to be configured. Refer: https://docs.appsmith.com/getting-started/setup/installation-guides/kubernetes#install-appsmith" }} +{{- end }} +{{- end }} + +{{- /* Fail helm chart if keycloak is disabled and postgresql is enabled */ -}} +{{- if and ( .Values.postgresql.enabled ) (eq .Values.applicationConfig.APPSMITH_DISABLE_EMBEDDED_KEYCLOAK "1" )}} +{{- fail "Keycloak is disabled therefore postgresql is not required. Please disable postgres or to enable keycloak on Appsmith, set APPSMITH_DISABLE_EMBEDDED_KEYCLOAK to \"0\" Refer: https://docs.appsmith.com/getting-started/setup/installation-guides/kubernetes#install-appsmith" }} +{{- end }} + +{{- /* Fail helm chart if autoscaling, keycloak is enabled and postgresql is disabled */ -}} +{{- if and ( .Values.autoscaling.enabled ) ( not .Values.postgresql.enabled ) ( not .Values.applicationConfig.APPSMITH_KEYCLOAK_DB_URL ) (eq .Values.applicationConfig.APPSMITH_DISABLE_EMBEDDED_KEYCLOAK "0" )}} +{{- fail "To enable autoscaling on Appsmith, PostgreSQL needs to be enabled or an external PostgreSQL has to be configured. Refer: https://docs.appsmith.com/getting-started/setup/installation-guides/kubernetes#install-appsmith" }} +{{- end }} + +{{- /* Fail helm chart if mongodb is enabled along with APPSMITH_DB_URL in the ApplicationConfig */ -}} +{{- if ( .Values.mongodb.enabled ) }} +{{- if or ( .Values.applicationConfig.APPSMITH_DB_URL ) ( .Values.applicationConfig.APPSMITH_MONGODB_URI ) }} +{{- fail "MongoDB is enabled, but also found APPSMITH_DB_URL or APPSMITH_MONGODB_URI configured to an external instance, MongoDB needs to be disabled if using an external MongoDB instance" }} +{{- end }} +{{- end }} + +{{- /* Fail helm chart if postgresql is enabled along with APPSMITH_DB_URL in the ApplicationConfig */ -}} +{{- if and ( .Values.postgresql.enabled ) ( .Values.applicationConfig.APPSMITH_KEYCLOAK_DB_DRIVER ) ( .Values.applicationConfig.APPSMITH_KEYCLOAK_DB_URL ) }} +{{- fail "PostgreSQL is enabled, but also found APPSMITH_KEYCLOAK_DB_URL configured to an external instance, PostgreSQL needs to be disabled if using an external PostgreSQL instance" }} +{{- end }} diff --git a/deploy/helm/templates/pdb.yml b/deploy/helm/templates/pdb.yml new file mode 100644 index 0000000000..94539b9d76 --- /dev/null +++ b/deploy/helm/templates/pdb.yml @@ -0,0 +1,16 @@ +{{- if .Values.podDisruptionBudgets.enabled }} +{{- if .Capabilities.APIVersions.Has "policy/v1" -}} +apiVersion: policy/v1 +{{- else}} +apiVersion: policy/v1beta1 +{{- end }} +kind: PodDisruptionBudget +metadata: + name: "{{ include "appsmith.fullname" . }}-pdb" + namespace: {{ include "appsmith.namespace" . }} +spec: + minAvailable: {{ .Values.podDisruptionBudgets.minAvailable }} + selector: + matchLabels: + {{- include "appsmith.selectorLabels" . | nindent 6 }} +{{- end }} diff --git a/deploy/helm/templates/persistentVolume.yaml b/deploy/helm/templates/persistentVolume.yaml index 5a07b1859a..51200363b2 100644 --- a/deploy/helm/templates/persistentVolume.yaml +++ b/deploy/helm/templates/persistentVolume.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.persistence.enabled .Values.persistence.localStorage }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim.enabled) ( .Values.autoscaling.enabled) }} apiVersion: v1 kind: PersistentVolume metadata: @@ -12,8 +12,8 @@ spec: {{- range .Values.persistence.accessModes }} - {{ . | quote }} {{- end }} - persistentVolumeReclaimPolicy: Delete - storageClassName: {{ .Values.persistence.storageClass | quote }} + persistentVolumeReclaimPolicy: {{ .Values.persistence.reclaimPolicy }} + {{- if .Values.persistence.localStorage }} local: path: {{ .Values.persistence.storagePath }} # Path to the directory this PV refers to. nodeAffinity: # nodeAffinity is required when using local volumes. @@ -24,4 +24,18 @@ spec: operator: In values: {{- toYaml .Values.persistence.localCluster | nindent 12 }} -{{- end }} \ No newline at end of file + {{- end }} + {{- if .Values.persistence.storageClass }} + {{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" + {{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" + {{- end }} + {{- end }} + {{- if .Values.persistence.efs.enabled }} + csi: + driver: {{ .Values.persistence.efs.driver }} + nfs: + volumeHandle: {{ .Values.persistence.efs.volumeHandle }} + {{ end }} +{{- end }} diff --git a/deploy/helm/templates/persistentVolumeClaim.yaml b/deploy/helm/templates/persistentVolumeClaim.yaml new file mode 100644 index 0000000000..d4e2a22d40 --- /dev/null +++ b/deploy/helm/templates/persistentVolumeClaim.yaml @@ -0,0 +1,34 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim.enabled) ( .Values.autoscaling.enabled) }} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "appsmith.fullname" . }} + namespace: {{ include "appsmith.namespace" . }} +{{- with .Values.persistence.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} + labels: + app: {{ include "appsmith.fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + accessModes: + {{- range .Values.persistence.accessModes }} + - {{ . | quote }} + {{- end }} + {{- if .Values.persistence.existingClaim.enabled }} + volumeName: {{ .Values.persistence.existingClaim.name }} + {{- else}} + volumeName: {{ include "appsmith.fullname" . }} + {{- end }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} + storageClassName: {{ .Values.persistence.storageClass }} +{{- else }} + storageClassName: "" +{{- end }} +{{- end }} diff --git a/deploy/helm/templates/scaledobject.yml b/deploy/helm/templates/scaledobject.yml new file mode 100644 index 0000000000..58f3394cc6 --- /dev/null +++ b/deploy/helm/templates/scaledobject.yml @@ -0,0 +1,28 @@ +{{- if .Values.keda.enabled -}} +apiVersion: keda.sh/v1alpha1 +kind: ScaledObject +metadata: + name: {{ include "appsmith.fullname" . }} + namespace: {{ include "appsmith.namespace" . }} + labels: + {{- include "appsmith.labels" . | nindent 4 }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ include "appsmith.fullname" . }} + pollingInterval: {{ .Values.keda.pollingInterval }} + cooldownPeriod: {{ .Values.keda.cooldownPeriod }} + minReplicaCount: {{ .Values.keda.minReplicaCount }} + maxReplicaCount: {{ .Values.keda.maxReplicaCount }} + {{- with .Values.keda.fallback }} + fallback: + {{- toYaml . | nindent 4 }} + {{- end }} + triggers: + {{- range $v := .Values.keda.triggers }} + - type: {{ $v.type }} + metadata: + {{- toYaml $v.metadata | nindent 6 }} + {{- end }} +{{- end -}} diff --git a/deploy/helm/templates/secret.yaml b/deploy/helm/templates/secret.yaml new file mode 100644 index 0000000000..d34aa28231 --- /dev/null +++ b/deploy/helm/templates/secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "appsmith.fullname" . }} + namespace: {{ include "appsmith.namespace" . }} + labels: + {{- include "appsmith.labels" . | nindent 4 }} +type: Opaque +data: + {{- range $key, $value := .Values.secrets }} + {{- if $value }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} +{{- end }} diff --git a/deploy/helm/templates/service-metrics.yaml b/deploy/helm/templates/service-metrics.yaml new file mode 100644 index 0000000000..1440ecab33 --- /dev/null +++ b/deploy/helm/templates/service-metrics.yaml @@ -0,0 +1,31 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "appsmith.fullname" . }}-metrics + namespace: {{ include "appsmith.namespace" . }} + labels: + {{- include "appsmith.labels" . | nindent 4 }} + annotations: + prometheus.io/port: {{ quote .Values.metrics.port }} + prometheus.io/scrape: "true" +spec: + type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: {{ .Values.service.portName }} + port: {{ .Values.metrics.port }} + targetPort: metrics + {{- if and (or (eq .Values.service.type "LoadBalancer") (eq .Values.service.type "NodePort")) .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- else if eq .Values.service.type "ClusterIP" }} + nodePort: null + {{- end }} + selector: + {{- include "appsmith.selectorLabels" . | nindent 4 }} +{{- end }} diff --git a/deploy/helm/templates/service.yaml b/deploy/helm/templates/service.yaml index 92584f917a..9bf019cebe 100644 --- a/deploy/helm/templates/service.yaml +++ b/deploy/helm/templates/service.yaml @@ -5,7 +5,7 @@ metadata: namespace: {{ include "appsmith.namespace" . }} labels: {{- include "appsmith.labels" . | nindent 4 }} - {{- if or .Values.service.annotations .Values.commonAnnotations }} + {{- if or .Values.service.annotations .Values.commonAnnotations .Values.metrics.enabled }} annotations: {{- if .Values.service.annotations }} {{- include "tplvalues.render" ( dict "value" .Values.service.annotations "context" $) | nindent 4 }} @@ -13,6 +13,11 @@ metadata: {{- if .Values.commonAnnotations }} {{- include "tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} + {{- if .Values.metrics.enabled }} + prometheus.io/scrape: "true" + prometheus.io/port: "8080" + prometheus.io/path: "/actuator/prometheus" + {{- end }} {{- end }} spec: type: {{ .Values.service.type }} diff --git a/deploy/helm/templates/trustedCA.yaml b/deploy/helm/templates/trustedCA.yaml new file mode 100644 index 0000000000..d9fff15a21 --- /dev/null +++ b/deploy/helm/templates/trustedCA.yaml @@ -0,0 +1,13 @@ +{{- if .Values.customCAcert }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "appsmith.fullname" . }}-trustedca + namespace: {{ include "appsmith.namespace" . }} + labels: + {{- include "appsmith.labels" . | nindent 4 }} +data: +{{- range $key, $value := .Values.customCAcert }} + {{ $key }}: {{ $value | quote }} +{{- end }} +{{- end }} diff --git a/deploy/helm/values.yaml b/deploy/helm/values.yaml index f5bca3a7cd..a315319679 100644 --- a/deploy/helm/values.yaml +++ b/deploy/helm/values.yaml @@ -5,9 +5,15 @@ redis: enabled: false master: nodeSelector: {} + disableCommands: [] + affinity: {} + tolerations: [] replica: replicaCount: 1 nodeSelector: {} + disableCommands: [] + affinity: {} + tolerations: [] image: registry: docker.io repository: redis @@ -24,14 +30,58 @@ mongodb: architecture: "replicaset" replicaSetName: rs0 nodeSelector: {} + affinity: {} + tolerations: [] image: registry: docker.io repository: bitnami/mongodb tag: 6.0.13 arbiter: nodeSelector: {} + affinity: {} + tolerations: [] hidden: nodeSelector: {} + affinity: {} + tolerations: [] + image: + registry: docker.io + repository: bitnami/mongodb + tag: 6.0.13 + +## postgresql parameters +postgresql: + enabled: true + auth: + username: root + password: password + postgresPassword: password + database: keycloak + image: + registry: docker.io + repository: bitnami/postgresql + tag: 14.12.0 + primary: + affinity: {} + nodeSelector: {} + tolerations: [] + readReplicas: + affinity: {} + nodeSelector: {} + tolerations: [] + +## external secrets parameters +externalSecrets: + enabled: false + refreshInterval: 1m + remoteNameSecret: "" # name of the secret in Secret provider + + +## prometheus paramaters +prometheus: + enabled: false + image: + tag: v0.74.0 ## @section Global parameters @@ -74,11 +124,13 @@ initContainer: {} # image: docker.io/bitnami/redis-cluster:7.0.13-debian-11-r10 # mongodb: # image: docker.io/bitnami/mongodb:5.0.21-debian-11-r5 + # postgresql: + # image: docker.io/bitnami/postgresql:14.5.0-debian-11-r21 ## Image ## image: registry: index.docker.io - repository: appsmith/appsmith-ce + repository: appsmith/appsmith-ee pullPolicy: IfNotPresent pullSecrets: "" # Overrides the image tag whose default is the chart appVersion. @@ -201,6 +253,12 @@ ingress: ## className: "nginx" +customCAcert: +# cert1: | +# paste-cert-1-contents-here +# cert2: | +# paste-cert-2-contents-here + resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -213,14 +271,29 @@ resources: # cpu: 100m # memory: 128Mi limits: {} - requests: {} + requests: + cpu: 500m + memory: 3000Mi + +autoscaling: + enabled: false + minReplicas: 2 + maxReplicas: 2 + targetCPUUtilizationPercentage: 5 nodeSelector: {} +#HTTPContainerPort: 8080 + tolerations: [] affinity: {} +#topologySpreadConstraints: +# - maxSkew: 1 # distribute pods in an absolute even manner +# topologyKey: kubernetes.io/hostname # use the hostname as topology domain +# whenUnsatisfiable: ScheduleAnyway # always schedule pods even if it can’t satisfy even distribution of pods + persistence: ## @param persistence.enabled - Enable data persistence using PVC ## @@ -239,15 +312,39 @@ persistence: storagePath: /tmp/hostpath_pv ## @param persistence.localCluster ## - localCluster: - - minikube + localCluster: {} ## @param persistence.accessModes PV Access Mode ## accessModes: - - ReadWriteOnce + - ReadWriteMany ## @param persistence.size PVC Storage Request ## size: 10Gi + ## Fine tuning for volumeClaimTemplates + ## + reclaimPolicy: Retain + existingClaim: + enabled: + name: + claimName: + efs: + enabled: + driver: + volumeHandle: + volumeClaimTemplates: + ## @param persistence.volumeClaimTemplates.selector A label query over volumes to consider for binding (e.g. when using local volumes) + ## A label query over volumes to consider for binding (e.g. when using local volumes) + ## See https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.20/#labelselector-v1-meta for more details + ## + selector: {} + ## @param persistence.volumeClaimTemplates.requests Custom PVC requests attributes + ## Sometime cloud providers use additional requests attributes to provision custom storage instance + ## See https://cloud.ibm.com/docs/containers?topic=containers-file_storage#file_dynamic_statefulset + ## + requests: {} + ## @param persistence.volumeClaimTemplates.dataSource Add dataSource to the VolumeClaimTemplate + ## + dataSource: {} # tags: # install-ingress-nginx: true storageClass: @@ -279,6 +376,25 @@ storageClass: ## parameters: {} +podDisruptionBudgets: + enabled: true + minAvailable: 1 + +metrics: + enabled: false + port: 2019 + +keda: + enabled: false + pollingInterval: 30 + cooldownPeriod: 60 + minReplicaCount: 1 + maxReplicaCount: 6 + fallback: + failureThreshold: 3 + replicas: 4 + triggers: [] + autoupdate: ## @param autoupdate.enabled - Enable config autoupdate ## @@ -316,5 +432,8 @@ applicationConfig: APPSMITH_ENCRYPTION_SALT: "" APPSMITH_CUSTOM_DOMAIN: "" APPSMITH_DISABLE_IFRAME_WIDGET_SANDBOX: "false" - -#HTTPContainerPort: 8080 + APPSMITH_LICENSE_KEY: "" + APPSMITH_KEYCLOAK_DB_DRIVER: "" + APPSMITH_KEYCLOAK_DB_USERNAME: "" + APPSMITH_KEYCLOAK_DB_PASSWORD: "" + APPSMITH_KEYCLOAK_DB_URL: "" diff --git a/scripts/deploy_preview.sh b/scripts/deploy_preview.sh index f7d7873fdb..194c1463c2 100755 --- a/scripts/deploy_preview.sh +++ b/scripts/deploy_preview.sh @@ -99,6 +99,7 @@ helm upgrade -i "$CHARTNAME" "appsmith-ee/$HELMCHART" -n "$NAMESPACE" --create-n --set persistence.efs.driver=efs.csi.aws.com --set persistence.storageClass=efs-dp-appsmith \ --set persistence.efs.volumeHandle="$DP_EFS_ID:/$edition/$edition$PULL_REQUEST_NUMBER" \ --set resources.requests.cpu="1m" \ + --set podDisruptionBudgets.enabled=false \ --set resources.requests.memory="2048Mi" \ --set applicationConfig.APPSMITH_SENTRY_DSN="https://abf15a075d1347969df44c746cca7eaa@o296332.ingest.sentry.io/1546547" \ --set applicationConfig.APPSMITH_SENTRY_ENVIRONMENT="$NAMESPACE" \