Skip to content

Commit

Permalink
Fix Management Center SSL (helm#109) (helm#21521)
Browse files Browse the repository at this point in the history
Signed-off-by: devOpsHelm <devops+1@hazelcast.com>
Signed-off-by: Miguel Mingorance <miguel.mingorance@deliveryhero.com>
  • Loading branch information
devOpsHelm authored and Miguel Mingorance committed Aug 28, 2020
1 parent c33323f commit 5e0c8e4
Show file tree
Hide file tree
Showing 5 changed files with 61 additions and 6 deletions.
2 changes: 1 addition & 1 deletion stable/hazelcast/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: hazelcast
version: 3.0.6
version: 3.1.0
appVersion: "4.0"
tillerVersion: ">=2.7.2"
kubeVersion: ">=1.9.0-0"
Expand Down
11 changes: 10 additions & 1 deletion stable/hazelcast/README.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,7 @@ their default values.
|`+nil+`

|`+hazelcast.existingConfigMap+` |ConfigMap which contains Hazelcast
configuration file(s) that are used instead hazelcast.yaml embedded into
configuration file(s) that are used instead of hazelcast.yaml file embedded into
values.yaml |`+nil+`

|`+hazelcast.yaml+` |Hazelcast YAML Configuration (`+hazelcast.yaml+` embedded
Expand Down Expand Up @@ -234,6 +234,8 @@ array |`+nil+`
|`+mancenter.contextPath+` |the value for the MC_CONTEXT_PATH environment variable,
thus overriding the default context path for Hazelcast Management Center |`+nil+`

|`+mancenter.ssl+` |Enable SSL for Management |`+false+`

|`+mancenter.javaOpts+` |Additional JAVA_OPTS properties for Hazelcast
Management Center |`+nil+`

Expand All @@ -243,6 +245,10 @@ provided, can be filled in the web interface |`+nil+`
|`+mancenter.licenseKeySecretName+` |Kubernetes Secret Name, where Management
Center License Key is stored (can be used instead of licenseKey) |`+nil+`

|`+mancenter.existingConfigMap+` |ConfigMap which contains Hazelcast Client configuration file(s) that are used instead of hazelcast-client.yaml file embedded into values.yaml |`+{DEFAULT_HAZELCAST_CLIENT_YAML}+`

|`+mancenter.yaml+` |Hazelcast Client YAML Configuration (`hazelcast-client.yaml` used to connect to Hazelcast cluster |`+nil+`

|`+mancenter.affinity+` |Management Center Node affinity |`+nil+`

|`+mancenter.tolerations+` |Management Center Node tolerations |`+nil+`
Expand Down Expand Up @@ -311,6 +317,9 @@ for example |`+[]+`

|`+mancenter.ingress.tls+` |List of TLS configuration for ingress, see
`+values.yaml+` for example |`+[]+`

|`+mancenter.secretsMountName+` |Secret name that is mounted as '/secrets/' (e.g. with keystore/trustore files) |`+nil+`

|===

Specify each parameter using the `+--set key=value[,key=value]+` argument to
Expand Down
14 changes: 14 additions & 0 deletions stable/hazelcast/templates/mancenter-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{{- if and .Values.mancenter.yaml (not .Values.mancenter.existingConfigMap) }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "mancenter.fullname" . }}-configuration
labels:
app.kubernetes.io/name: {{ template "hazelcast.name" . }}
helm.sh/chart: {{ template "hazelcast.chart" . }}
app.kubernetes.io/instance: "{{ .Release.Name }}"
app.kubernetes.io/managed-by: "{{ .Release.Service }}"
data:
hazelcast-client.yaml: |-
{{ toYaml .Values.mancenter.yaml | indent 4 }}
{{- end -}}
24 changes: 21 additions & 3 deletions stable/hazelcast/templates/mancenter-statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -61,7 +61,7 @@ spec:
{{ toYaml .Values.mancenter.resources | indent 10 }}
ports:
- name: mancenter
containerPort: 8080
containerPort: {{ if .Values.mancenter.ssl }}8443{{ else }}8080{{ end }}
{{- if .Values.mancenter.livenessProbe.enabled }}
livenessProbe:
httpGet:
Expand All @@ -85,8 +85,14 @@ spec:
failureThreshold: {{ .Values.mancenter.readinessProbe.failureThreshold }}
{{- end }}
volumeMounts:
- name: config
mountPath: /config
- name: mancenter-storage
mountPath: /data
{{- if .Values.mancenter.secretsMountName }}
- name: mancenter-secrets
mountPath: /secrets
{{- end }}
env:
{{- if .Values.mancenter.contextPath }}
- name: MC_CONTEXT_PATH
Expand All @@ -102,9 +108,9 @@ spec:
value: {{ .Values.mancenter.licenseKey }}
{{- end }}
- name: MC_INIT_CMD
value: "./mc-conf.sh cluster add -H /data -cn {{ if index .Values "hazelcast" "yaml" "hazelcast" "cluster-name" }}{{ index .Values "hazelcast" "yaml" "hazelcast" "cluster-name" }}{{ else }}dev{{ end }} -ma {{ template "hazelcast.serviceName" . }}"
value: "./mc-conf.sh cluster add -H /data -cc /config/hazelcast-client.yaml"
- name: JAVA_OPTS
value: "{{ if or .Values.mancenter.licenseKey .Values.mancenter.licenseKeySecretName }}-Dhazelcast.mc.license=$(MC_LICENSE_KEY){{ end }} {{ if or .Values.mancenter.readinessProbe.enabled .Values.mancenter.livenessProbe.enabled }}-Dhazelcast.mc.healthCheck.enable=true{{ end }} {{ .Values.mancenter.javaOpts }}"
value: "{{ if or .Values.mancenter.licenseKey .Values.mancenter.licenseKeySecretName }}-Dhazelcast.mc.license=$(MC_LICENSE_KEY){{ end }} {{ if or .Values.mancenter.readinessProbe.enabled .Values.mancenter.livenessProbe.enabled }}-Dhazelcast.mc.healthCheck.enable=true{{ end }} -DserviceName={{ template "hazelcast.serviceName" . }} -Dhazelcast.mc.tls.enabled={{ .Values.mancenter.ssl }} {{ .Values.mancenter.javaOpts }}"
{{- if .Values.securityContext.enabled }}
securityContext:
runAsNonRoot: {{ if eq (int .Values.securityContext.runAsUser) 0 }}false{{ else }}true{{ end }}
Expand All @@ -123,11 +129,23 @@ spec:
{{- end }}
serviceAccountName: {{ template "hazelcast.serviceAccountName" . }}
volumes:
- name: config
configMap:
{{- if .Values.mancenter.existingConfigMap }}
name: {{ .Values.mancenter.existingConfigMap }}
{{- else }}
name: {{ template "mancenter.fullname" . }}-configuration
{{- end }}
- name: mancenter-storage
{{- if .Values.mancenter.persistence.enabled }}
persistentVolumeClaim:
claimName: {{ .Values.mancenter.persistence.existingClaim | default (include "mancenter.fullname" .) }}
{{- else }}
emptyDir: {}
{{- end -}}
{{- if .Values.mancenter.secretsMountName }}
- name: mancenter-secrets
secret:
secretName: {{ .Values.mancenter.secretsMountName }}
{{- end }}
{{- end -}}
16 changes: 15 additions & 1 deletion stable/hazelcast/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ hazelcast:
# loggingLevel is the level of Hazelcast logs (SEVERE, WARNING, INFO, CONFIG, FINE, FINER, and FINEST)
# Note that changing this value requires setting securityContext.runAsUser to 0 and securityContext.readOnlyRootFilesystem to false
# loggingLevel:
# existingConfigMap defines a ConfigMap which contains Hazelcast configuration file(s) that are used instead hazelcast.yaml configuration below
# existingConfigMap defines a ConfigMap which contains Hazelcast configuration file(s) that are used instead of hazelcast.yaml configuration below
# existingConfigMap:
# yaml is the Hazelcast YAML configuration file
yaml:
Expand Down Expand Up @@ -223,6 +223,8 @@ mancenter:
# hosts:
# - hazelcast-mancenter.cluster.domain

# ssl is a flag to enable SSL for Management Center
ssl: false
# javaOpts are additional JAVA_OPTS properties for Hazelcast Management Center
javaOpts:

Expand All @@ -236,6 +238,15 @@ mancenter:
# licenseKeySecretName is the name of the secret where the Hazelcast Management Center License Key is stored (can be used instead of licenseKey)
# licenseKeySecretName:

# existingConfigMap defines a ConfigMap which contains Hazelcast Client configuration file(s) that are used instead of hazelcast-client.yaml configuration below
# existingConfigMap:
# yaml is the Hazelcast Client YAML configuration file
yaml:
hazelcast-client:
network:
cluster-members:
- ${serviceName}

# affinity specifies the Management Center affinity/anti-affinity of different pods
# affinity:

Expand Down Expand Up @@ -309,3 +320,6 @@ mancenter:
successThreshold: 1
# failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded
failureThreshold: 3

# secretsMountName is the secret name that is mounted as '/data/secrets/' (e.g. with keystore/trustore files)
# secretsMountName:

0 comments on commit 5e0c8e4

Please sign in to comment.