Skip to content

Commit

Permalink
enhance Helm chart by startupProbe
Browse files Browse the repository at this point in the history
* and more configuration options, e.g. several topologySpreadConstraints
* also configure "ephemeral-storage" requests and limits
  • Loading branch information
thjaeckle committed Nov 15, 2024
1 parent 06ff4ad commit 16f8c06
Show file tree
Hide file tree
Showing 11 changed files with 276 additions and 123 deletions.
2 changes: 1 addition & 1 deletion deployment/helm/ditto/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ description: |
A digital twin is a virtual, cloud based, representation of his real world counterpart
(real world “Things”, e.g. devices like sensors, smart heating, connected cars, smart grids, EV charging stations etc).
type: application
version: 3.6.2 # chart version is effectively set by release-job
version: 3.6.3 # chart version is effectively set by release-job
appVersion: 3.6.2
keywords:
- iot-chart
Expand Down
20 changes: 12 additions & 8 deletions deployment/helm/ditto/scripts/patch-pods-deletion-cost.sh
Original file line number Diff line number Diff line change
Expand Up @@ -25,17 +25,19 @@ curl --fail --silent --cacert ${CACERT} -H "Authorization: Bearer ${TOKEN}" \
"https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/${NAMESPACE}/pods" \
| jq '.items | map(select(.metadata.labels.actorSystemName == "ditto-cluster") | { pod: .metadata.name, ip: .status.podIP, cost: .metadata.annotations."controller.kubernetes.io/pod-deletion-cost"})' \
> pod_ip_cost.json
if [ $? -ne 0 ]; then
echo "Retrieving current pods curl failed [exit-code: $?]"
curlExitCode=$?
if [ $curlExitCode -ne 0 ]; then
echo "Retrieving current pods curl failed [exit-code: $curlExitCode]"
exit 1
fi

# extract the first internal IP from `pod_ip_cost.json` in order to lookup Apache Pekko cluster membership data:
somePekkoClusterIp=$(jq -r '.[0].ip' pod_ip_cost.json)
echo "Accessing current Pekko Cluster members from internal ip: $somePekkoClusterIp ..."
curl --fail --silent -o pekko_cluster_members.json http://$somePekkoClusterIp:7626/cluster/members
if [ $? -ne 0 ]; then
echo "Accessing current Pekko Cluster members curl failed [exit-code: $?]"
curlExitCode=$?
if [ $curlExitCode -ne 0 ]; then
echo "Accessing current Pekko Cluster members curl failed [exit-code: $curlExitCode]"
exit 1
fi

Expand Down Expand Up @@ -64,8 +66,9 @@ while read pod; do
curl -X PATCH --silent --output /dev/null --show-error --fail --cacert ${CACERT} -H "Authorization: Bearer ${TOKEN}" -H 'Content-Type: application/merge-patch+json' \
"https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/${NAMESPACE}/pods/${pod}" \
--data '{"metadata": {"annotations": {"controller.kubernetes.io/pod-deletion-cost": null }}}'
if [ $? -ne 0 ]; then
echo "Clearing pod-deletion-cost curl failed [exit-code: $?]"
curlExitCode=$?
if [ $curlExitCode -ne 0 ]; then
echo "Clearing pod-deletion-cost curl failed [exit-code: $curlExitCode]"
exit 1
fi
fi
Expand All @@ -78,8 +81,9 @@ jq -r '.[] | [.pod, .ip, .cost] | @tsv' new_cost_pod_and_ip.json |
curl -X PATCH --silent --output /dev/null --show-error --fail --cacert ${CACERT} -H "Authorization: Bearer ${TOKEN}" -H 'Content-Type: application/merge-patch+json' \
"https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT/api/v1/namespaces/${NAMESPACE}/pods/${pod}" \
--data '{"metadata": {"annotations": {"controller.kubernetes.io/pod-deletion-cost": '\""$cost"\"' }}}'
if [ $? -ne 0 ]; then
echo "Patching pod-deletion-cost curl failed [exit-code: $?]"
curlExitCode=$?
if [ $curlExitCode -ne 0 ]; then
echo "Patching pod-deletion-cost curl failed [exit-code: $curlExitCode]"
exit 1
fi
done
Expand Down
32 changes: 24 additions & 8 deletions deployment/helm/ditto/templates/connectivity-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
{{- $name := include "ditto.name" . -}}
{{- if .Values.connectivity.enabled -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ditto.fullname" . }}-connectivity
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-connectivity
app.kubernetes.io/name: {{ $name }}-connectivity
{{ include "ditto.labels" . | indent 4 }}
spec:
replicas: {{ .Values.connectivity.replicaCount }}
Expand All @@ -26,12 +27,12 @@ spec:
minReadySeconds: {{ .Values.connectivity.minReadySeconds }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-connectivity
app.kubernetes.io/name: {{ $name }}-connectivity
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-connectivity
app.kubernetes.io/name: {{ $name }}-connectivity
app.kubernetes.io/instance: {{ .Release.Name }}
actorSystemName: {{ .Values.pekko.actorSystemName }}
{{- with .Values.connectivity.additionalLabels }}
Expand All @@ -45,6 +46,9 @@ spec:
{{- end }}
checksum/mongodb-config: {{ include (print $.Template.BasePath "/mongodb-secret.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/connectivity-configmap.yaml") . | sha256sum }}
{{- with .Values.global.additionalAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.connectivity.additionalAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand All @@ -70,12 +74,14 @@ spec:
mountPath: /var/log/ditto
{{- end }}
topologySpreadConstraints:
- maxSkew: {{ .Values.connectivity.topologySpreadConstraints.maxSkew }}
topologyKey: {{ .Values.connectivity.topologySpreadConstraints.topologyKey }}
whenUnsatisfiable: {{ .Values.connectivity.topologySpreadConstraints.whenUnsatisfiable }}
{{- range .Values.connectivity.topologySpreadConstraints }}
- maxSkew: {{ .maxSkew }}
topologyKey: {{ .topologyKey }}
whenUnsatisfiable: {{ .whenUnsatisfiable }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-connectivity
app.kubernetes.io/name: {{ $name }}-connectivity
{{- end }}
containers:
- name: {{ .Chart.Name }}-connectivity
image: {{ printf "%s:%s" .Values.connectivity.image.repository ( default .Chart.AppVersion ( default .Values.dittoTag .Values.connectivity.image.tag ) ) }}
Expand Down Expand Up @@ -312,11 +318,19 @@ spec:
protocol: TCP
containerPort: {{ .Values.global.prometheus.port }}
{{- end }}
startupProbe:
httpGet:
port: management
path: /ready
initialDelaySeconds: {{ .Values.connectivity.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.connectivity.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.connectivity.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.connectivity.startupProbe.successThreshold }}
failureThreshold: {{ .Values.connectivity.startupProbe.failureThreshold }}
readinessProbe:
httpGet:
port: management
path: /ready
initialDelaySeconds: {{ .Values.connectivity.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.connectivity.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.connectivity.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.connectivity.readinessProbe.successThreshold }}
Expand Down Expand Up @@ -352,11 +366,13 @@ spec:
requests:
cpu: {{ mulf .Values.connectivity.resources.cpu 1000 }}m
memory: {{ .Values.connectivity.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.connectivity.resources.ephemeralStorageMi }}Mi
limits:
# ## no cpu limit to avoid CFS scheduler limits
# ref: https://pekko.apache.org/docs/pekko/current/additional/deploying.html#deploying-to-kubernetes
# cpu: ""
memory: {{ .Values.connectivity.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.connectivity.resources.ephemeralStorageMi }}Mi
{{- if .Values.openshift.enabled }}
{{- with .Values.openshift.securityContext }}
securityContext:
Expand Down
19 changes: 12 additions & 7 deletions deployment/helm/ditto/templates/dittoui-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
{{- $name := include "ditto.name" . -}}
{{- if .Values.dittoui.enabled -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ditto.fullname" . }}-dittoui
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-dittoui
app.kubernetes.io/name: {{ $name }}-dittoui
{{ include "ditto.labels" . | indent 4 }}
spec:
replicas: {{ .Values.dittoui.replicaCount }}
Expand All @@ -25,12 +26,12 @@ spec:
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-dittoui
app.kubernetes.io/name: {{ $name }}-dittoui
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-dittoui
app.kubernetes.io/name: {{ $name }}-dittoui
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.dittoui.additionalLabels }}
{{- toYaml . | nindent 8 }}
Expand All @@ -45,12 +46,14 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
topologySpreadConstraints:
- maxSkew: {{ .Values.dittoui.topologySpreadConstraints.maxSkew }}
topologyKey: {{ .Values.dittoui.topologySpreadConstraints.topologyKey }}
whenUnsatisfiable: {{ .Values.dittoui.topologySpreadConstraints.whenUnsatisfiable }}
{{- range .Values.dittoui.topologySpreadConstraints }}
- maxSkew: {{ .maxSkew }}
topologyKey: {{ .topologyKey }}
whenUnsatisfiable: {{ .whenUnsatisfiable }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-dittoui
app.kubernetes.io/name: {{ $name }}-dittoui
{{- end }}
containers:
- name: {{ .Chart.Name }}-dittoui
image: {{ printf "%s:%s" .Values.dittoui.image.repository ( default .Chart.AppVersion ( default .Values.dittoTag .Values.dittoui.image.tag ) ) }}
Expand All @@ -67,9 +70,11 @@ spec:
requests:
cpu: {{ mulf .Values.dittoui.resources.cpu 1000 }}m
memory: {{ .Values.dittoui.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.dittoui.resources.ephemeralStorageMi }}Mi
limits:
# cpu: # don't limit
memory: {{ .Values.dittoui.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.dittoui.resources.ephemeralStorageMi }}Mi
securityContext:
runAsNonRoot: true
runAsUser: 101
Expand Down
32 changes: 24 additions & 8 deletions deployment/helm/ditto/templates/gateway-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
{{- $name := include "ditto.name" . -}}
{{- if .Values.gateway.enabled -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ditto.fullname" . }}-gateway
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-gateway
app.kubernetes.io/name: {{ $name }}-gateway
{{ include "ditto.labels" . | indent 4 }}
spec:
replicas: {{ .Values.gateway.replicaCount }}
Expand All @@ -26,12 +27,12 @@ spec:
minReadySeconds: {{ .Values.gateway.minReadySeconds }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-gateway
app.kubernetes.io/name: {{ $name }}-gateway
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-gateway
app.kubernetes.io/name: {{ $name }}-gateway
app.kubernetes.io/instance: {{ .Release.Name }}
actorSystemName: {{ .Values.pekko.actorSystemName }}
{{- with .Values.gateway.additionalLabels }}
Expand All @@ -45,6 +46,9 @@ spec:
{{- end }}
checksum/password-config: {{ include (print $.Template.BasePath "/gateway-secret.yaml") . | sha256sum }}
checksum/config: {{ include (print $.Template.BasePath "/gateway-configmap.yaml") . | sha256sum }}
{{- with .Values.global.additionalAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.gateway.additionalAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
Expand All @@ -70,12 +74,14 @@ spec:
mountPath: /var/log/ditto
{{- end }}
topologySpreadConstraints:
- maxSkew: {{ .Values.gateway.topologySpreadConstraints.maxSkew }}
topologyKey: {{ .Values.gateway.topologySpreadConstraints.topologyKey }}
whenUnsatisfiable: {{ .Values.gateway.topologySpreadConstraints.whenUnsatisfiable }}
{{- range .Values.gateway.topologySpreadConstraints }}
- maxSkew: {{ .maxSkew }}
topologyKey: {{ .topologyKey }}
whenUnsatisfiable: {{ .whenUnsatisfiable }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-gateway
app.kubernetes.io/name: {{ $name }}-gateway
{{- end }}
containers:
- name: {{ .Chart.Name }}-gateway
image: {{ printf "%s:%s" .Values.gateway.image.repository ( default .Chart.AppVersion ( default .Values.dittoTag .Values.gateway.image.tag ) ) }}
Expand Down Expand Up @@ -230,11 +236,19 @@ spec:
protocol: TCP
containerPort: {{ .Values.global.prometheus.port }}
{{- end }}
startupProbe:
httpGet:
port: management
path: /ready
initialDelaySeconds: {{ .Values.gateway.startupProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.gateway.startupProbe.periodSeconds }}
timeoutSeconds: {{ .Values.gateway.startupProbe.timeoutSeconds }}
successThreshold: {{ .Values.gateway.startupProbe.successThreshold }}
failureThreshold: {{ .Values.gateway.startupProbe.failureThreshold }}
readinessProbe:
httpGet:
port: management
path: /ready
initialDelaySeconds: {{ .Values.gateway.readinessProbe.initialDelaySeconds }}
periodSeconds: {{ .Values.gateway.readinessProbe.periodSeconds }}
timeoutSeconds: {{ .Values.gateway.readinessProbe.timeoutSeconds }}
successThreshold: {{ .Values.gateway.readinessProbe.successThreshold }}
Expand Down Expand Up @@ -270,11 +284,13 @@ spec:
requests:
cpu: {{ mulf .Values.gateway.resources.cpu 1000 }}m
memory: {{ .Values.gateway.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.gateway.resources.ephemeralStorageMi }}Mi
limits:
# ## no cpu limit to avoid CFS scheduler limits
# ref: https://pekko.apache.org/docs/pekko/current/additional/deploying.html#deploying-to-kubernetes
# cpu: ""
memory: {{ .Values.gateway.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.gateway.resources.ephemeralStorageMi }}Mi
{{- if .Values.openshift.enabled }}
{{- with .Values.openshift.securityContext }}
securityContext:
Expand Down
19 changes: 12 additions & 7 deletions deployment/helm/ditto/templates/nginx-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,14 +8,15 @@
# http://www.eclipse.org/legal/epl-2.0
#
# SPDX-License-Identifier: EPL-2.0
{{- $name := include "ditto.name" . -}}
{{- if .Values.nginx.enabled -}}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "ditto.fullname" . }}-nginx
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-nginx
app.kubernetes.io/name: {{ $name }}-nginx
{{ include "ditto.labels" . | indent 4 }}
spec:
replicas: {{ .Values.nginx.replicaCount }}
Expand All @@ -25,12 +26,12 @@ spec:
{{- end }}
selector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-nginx
app.kubernetes.io/name: {{ $name }}-nginx
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-nginx
app.kubernetes.io/name: {{ $name }}-nginx
app.kubernetes.io/instance: {{ .Release.Name }}
{{- with .Values.nginx.additionalLabels }}
{{- toYaml . | nindent 8 }}
Expand Down Expand Up @@ -62,12 +63,14 @@ spec:
done
{{- end }}
topologySpreadConstraints:
- maxSkew: {{ .Values.nginx.topologySpreadConstraints.maxSkew }}
topologyKey: {{ .Values.nginx.topologySpreadConstraints.topologyKey }}
whenUnsatisfiable: {{ .Values.nginx.topologySpreadConstraints.whenUnsatisfiable }}
{{- range .Values.nginx.topologySpreadConstraints }}
- maxSkew: {{ .maxSkew }}
topologyKey: {{ .topologyKey }}
whenUnsatisfiable: {{ .whenUnsatisfiable }}
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ include "ditto.name" . }}-nginx
app.kubernetes.io/name: {{ $name }}-nginx
{{- end }}
containers:
- name: {{ .Chart.Name }}-nginx
image: "{{ .Values.nginx.image.repository }}:{{ .Values.nginx.image.tag }}"
Expand All @@ -92,9 +95,11 @@ spec:
requests:
cpu: {{ mulf .Values.nginx.resources.cpu 1000 }}m
memory: {{ .Values.nginx.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.nginx.resources.ephemeralStorageMi }}Mi
limits:
# cpu: # don't limit
memory: {{ .Values.nginx.resources.memoryMi }}Mi
ephemeral-storage: {{ .Values.nginx.resources.ephemeralStorageMi }}Mi
volumeMounts:
- name: nginx-conf
mountPath: /etc/nginx/nginx.conf
Expand Down
Loading

0 comments on commit 16f8c06

Please sign in to comment.