Skip to content

Commit

Permalink
feat(comp-charts-flex): add lock support to prevent race condition (#…
Browse files Browse the repository at this point in the history 
…1426)
  • Loading branch information
@iromli
iromli authored Nov 7, 2023
1 parent be0beec commit 57b012a
Show file tree
Hide file tree
Showing 20 changed files with 626 additions and 62 deletions.
26 changes: 19 additions & 7 deletions flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/README.md
View file

Large diffs are not rendered by default.

45 changes: 41 additions & 4 deletions flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/admin-ui/templates/deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,7 +74,7 @@ spec:
name: {{ .Release.Name }}-global-user-custom-envs
{{- end }}
lifecycle:
{{- toYaml .Values.lifecycle | nindent 10 }}
{{- toYaml .Values.lifecycle | nindent 10 }}
volumeMounts:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
Expand Down Expand Up @@ -105,10 +105,26 @@ spec:

{{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }}
{{- if not .Values.global.istio.enabled }}
- name: cb-crt
- name: cb-crt
mountPath: "/etc/certs/couchbase.crt"
subPath: couchbase.crt
{{- end }}
- name: cb-pass
mountPath: {{ .Values.global.cnCouchbasePasswordFile }}
subPath: couchbase_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
mountPath: {{ .Values.global.cnSqlPasswordFile }}
subPath: sql_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapPasswordFile }}
subPath: ldap_password
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapTruststorePasswordFile }}
subPath: ldap_truststore_password
{{- end }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 10 }}
Expand Down Expand Up @@ -162,14 +178,35 @@ spec:
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }}
{{- if not .Values.global.istio.enabled }}
- name: cb-crt
- name: cb-crt
secret:
secretName: {{ .Release.Name }}-cb-crt
{{- end }}
- name: cb-pass
secret:
secretName: {{ .Release.Name }}-cb-pass
items:
# we are mostly need non-superuser couchbase password file here
- key: couchbase_password
path: couchbase_password
{{- end }}
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
- name: {{ include "admin-ui.fullname" . }}-updatelbip
configMap:
name: {{ .Release.Name }}-updatelbip
{{- end }}

{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
secret:
secretName: {{ .Release.Name }}-sql-pass
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
secret:
secretName: {{ .Release.Name }}-ldap-pass
items:
- key: ldap_password
path: ldap_password
- key: ldap_truststore_password
path: ldap_truststore_password
{{- end }}
38 changes: 35 additions & 3 deletions ...uu/kubernetes/templates/helm/gluu/charts/auth-server-key-rotation/templates/cronjobs.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ metadata:
{{ toYaml .Values.additionalAnnotations | indent 4 }}
{{- end }}
spec:
schedule: "0 */{{ .Values.keysLife }} * * *"
schedule: "@every {{ .Values.keysLife }}h"
concurrencyPolicy: Forbid
jobTemplate:
spec:
Expand All @@ -41,7 +41,7 @@ spec:
{{- include "auth-server-key-rotation.usr-secret-envs" . | indent 16 }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
lifecycle:
{{- toYaml .Values.lifecycle | nindent 16 }}
{{- toYaml .Values.lifecycle | nindent 16 }}
volumeMounts:
{{ if or (eq .Values.global.configSecretAdapter "aws") (eq .Values.global.configAdapterName "aws") }}
- mountPath: {{ .Values.global.cnAwsSharedCredentialsFile }}
Expand All @@ -68,7 +68,20 @@ spec:
mountPath: "/etc/certs/couchbase.crt"
subPath: couchbase.crt
{{- end }}
- name: cb-pass
mountPath: {{ .Values.global.cnCouchbasePasswordFile }}
subPath: couchbase_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
mountPath: {{ .Values.global.cnSqlPasswordFile }}
subPath: sql_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapPasswordFile }}
subPath: ldap_password
{{- end }}
envFrom:
- configMapRef:
name: {{ .Release.Name }}-config-cm
Expand Down Expand Up @@ -124,6 +137,25 @@ spec:
secret:
secretName: {{ .Release.Name }}-cb-crt
{{- end }}
- name: cb-pass
secret:
secretName: {{ .Release.Name }}-cb-pass
items:
# we are mostly need non-superuser couchbase password file here
- key: couchbase_password
path: couchbase_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
secret:
secretName: {{ .Release.Name }}-sql-pass
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
secret:
secretName: {{ .Release.Name }}-ldap-pass
items:
- key: ldap_password
path: ldap_password
{{- end }}
restartPolicy: Never

46 changes: 41 additions & 5 deletions ...n-setup/pygluu/kubernetes/templates/helm/gluu/charts/auth-server/templates/deployment.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -78,7 +78,7 @@ spec:
name: {{ .Release.Name }}-global-user-custom-envs
{{- end }}
lifecycle:
{{- toYaml .Values.lifecycle | nindent 10 }}
{{- toYaml .Values.lifecycle | nindent 10 }}
volumeMounts:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 10 }}
Expand Down Expand Up @@ -140,12 +140,27 @@ spec:
{{- end }}

{{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }}

{{- if not .Values.global.istio.enabled }}
- name: cb-crt
- name: cb-crt
mountPath: "/etc/certs/couchbase.crt"
subPath: couchbase.crt
{{- end }}
- name: cb-pass
mountPath: {{ .Values.global.cnCouchbasePasswordFile }}
subPath: couchbase_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
mountPath: {{ .Values.global.cnSqlPasswordFile }}
subPath: sql_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapPasswordFile }}
subPath: ldap_password
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapTruststorePasswordFile }}
subPath: ldap_truststore_password
{{- end }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 10 }}
Expand Down Expand Up @@ -251,14 +266,35 @@ spec:
{{- if or (eq .Values.global.cnPersistenceType "couchbase") (eq .Values.global.cnPersistenceType "hybrid") }}

{{- if not .Values.global.istio.enabled }}
- name: cb-crt
- name: cb-crt
secret:
secretName: {{ .Release.Name }}-cb-crt
{{- end }}
- name: cb-pass
secret:
secretName: {{ .Release.Name }}-cb-pass
items:
# we are mostly need non-superuser couchbase password file here
- key: couchbase_password
path: couchbase_password
{{- end }}
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
- name: {{ include "auth-server.fullname" . }}-updatelbip
configMap:
name: {{ .Release.Name }}-updatelbip
{{- end }}

{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
secret:
secretName: {{ .Release.Name }}-sql-pass
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
secret:
secretName: {{ .Release.Name }}-ldap-pass
items:
- key: ldap_password
path: ldap_password
- key: ldap_truststore_password
path: ldap_truststore_password
{{- end }}
44 changes: 41 additions & 3 deletions flex-cn-setup/pygluu/kubernetes/templates/helm/gluu/charts/casa/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ spec:
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
env:
{{- include "casa.usr-envs" . | indent 12 }}
{{- include "casa.usr-secret-envs" . | indent 12 }}
{{- include "casa.usr-secret-envs" . | indent 12 }}
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
command:
- /bin/sh
Expand All @@ -72,7 +72,7 @@ spec:
containerPort: {{ .Values.global.cnPrometheusPort }}
{{- end }}
envFrom:
- configMapRef:
- configMapRef:
name: {{ .Release.Name }}-config-cm
{{ if .Values.global.usrEnvs.secret }}
- secretRef:
Expand All @@ -83,7 +83,7 @@ spec:
name: {{ .Release.Name }}-global-user-custom-envs
{{- end }}
lifecycle:
{{- toYaml .Values.lifecycle | nindent 12 }}
{{- toYaml .Values.lifecycle | nindent 12 }}
volumeMounts:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
Expand Down Expand Up @@ -115,6 +115,22 @@ spec:
mountPath: "/etc/certs/couchbase.crt"
subPath: couchbase.crt
{{- end }}
- name: cb-pass
mountPath: {{ .Values.global.cnCouchbasePasswordFile }}
subPath: couchbase_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
mountPath: {{ .Values.global.cnSqlPasswordFile }}
subPath: sql_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapPasswordFile }}
subPath: ldap_password
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapTruststorePasswordFile }}
subPath: ldap_truststore_password
{{- end }}
livenessProbe:
{{- toYaml .Values.livenessProbe | nindent 12 }}
Expand Down Expand Up @@ -164,12 +180,34 @@ spec:
secret:
secretName: {{ .Release.Name }}-cb-crt
{{- end }}
- name: cb-pass
secret:
secretName: {{ .Release.Name }}-cb-pass
items:
# we are mostly need non-superuser couchbase password file here
- key: couchbase_password
path: couchbase_password
{{- end }}
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
- name: {{ include "casa.fullname" . }}-updatelbip
configMap:
name: {{ .Release.Name }}-updatelbip
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
secret:
secretName: {{ .Release.Name }}-sql-pass
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
secret:
secretName: {{ .Release.Name }}-ldap-pass
items:
- key: ldap_password
path: ldap_password
- key: ldap_truststore_password
path: ldap_truststore_password
{{- end }}
{{- if not .Values.global.isFqdnRegistered }}
hostAliases:
- ip: {{ .Values.global.lbIp }}
Expand Down
43 changes: 40 additions & 3 deletions ...n-setup/pygluu/kubernetes/templates/helm/gluu/charts/config-api/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,7 +54,7 @@ spec:
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
command:
- /bin/sh
- -c
- -c
- |
/usr/bin/python3 /scripts/updatelbip.py &
/app/scripts/entrypoint.sh
Expand All @@ -74,7 +74,7 @@ spec:
readinessProbe:
{{- toYaml .Values.readinessProbe | nindent 12 }}
lifecycle:
{{- toYaml .Values.lifecycle | nindent 12 }}
{{- toYaml .Values.lifecycle | nindent 12 }}
volumeMounts:
{{- with .Values.volumeMounts }}
{{- toYaml . | nindent 12 }}
Expand Down Expand Up @@ -102,7 +102,23 @@ spec:
mountPath: "/etc/certs/couchbase.crt"
subPath: couchbase.crt
{{- end }}
- name: cb-pass
mountPath: {{ .Values.global.cnCouchbasePasswordFile }}
subPath: couchbase_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
mountPath: {{ .Values.global.cnSqlPasswordFile }}
subPath: sql_password
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapPasswordFile }}
subPath: ldap_password
- name: ldap-pass
mountPath: {{ .Values.global.cnLdapTruststorePasswordFile }}
subPath: ldap_truststore_password
{{- end }}
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
- name: {{ include "config-api.name" . }}-updatelbip
mountPath: /scripts
Expand Down Expand Up @@ -152,16 +168,37 @@ spec:
secret:
secretName: {{ .Release.Name }}-cb-crt
{{- end }}
- name: cb-pass
secret:
secretName: {{ .Release.Name }}-cb-pass
items:
# we are mostly need non-superuser couchbase password file here
- key: couchbase_password
path: couchbase_password
{{- end }}
{{- if and (not .Values.global.isFqdnRegistered ) (or (eq .Values.global.storageClass.provisioner "kubernetes.io/aws-ebs") (eq .Values.global.storageClass.provisioner "openebs.io/local")) }}
- name: {{ include "config-api.name" . }}-updatelbip
configMap:
name: {{ .Release.Name }}-updatelbip
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "sql") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: sql-pass
secret:
secretName: {{ .Release.Name }}-sql-pass
{{- end }}
{{- if or (eq .Values.global.cnPersistenceType "ldap") (eq .Values.global.cnPersistenceType "hybrid") }}
- name: ldap-pass
secret:
secretName: {{ .Release.Name }}-ldap-pass
items:
- key: ldap_password
path: ldap_password
- key: ldap_truststore_password
path: ldap_truststore_password
{{- end }}
{{- if not .Values.global.isFqdnRegistered }}
hostAliases:
- ip: {{ .Values.global.lbIp }}
hostnames:
- {{ .Values.global.fqdn }}
{{- end }}

Loading

0 comments on commit 57b012a

Please sign in to comment.