From a0dad4ef30bd3f7c5bd22c417f698cf9aca02c69 Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:04:05 +0200 Subject: [PATCH 1/8] Add data private deployment --- .../data/templates/1-deployment-private.yaml | 82 +++++++++++++++++++ .../data/templates/3-upstream-private.yaml | 12 +++ .../charts/data/templates/4-routetable.yaml | 2 +- charts/tidepool/values.yaml | 2 + 4 files changed, 97 insertions(+), 1 deletion(-) create mode 100644 charts/tidepool/charts/data/templates/1-deployment-private.yaml create mode 100644 charts/tidepool/charts/data/templates/3-upstream-private.yaml diff --git a/charts/tidepool/charts/data/templates/1-deployment-private.yaml b/charts/tidepool/charts/data/templates/1-deployment-private.yaml new file mode 100644 index 00000000..3494e18e --- /dev/null +++ b/charts/tidepool/charts/data/templates/1-deployment-private.yaml @@ -0,0 +1,82 @@ +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + labels: + app: data-private +{{ include "charts.labels.standard" .}} + name: data-private + namespace: {{.Release.Namespace}} + annotations: + secret.reloader.stakater.com/reload: "server,{{ .Values.mongo.secretName }},data" +{{ if .Values.deployment.annotations }} + {{- .Values.deployment.annotations | toYaml | nindent 4 }} +{{- end }} +spec: + selector: + matchLabels: + app: data-private + app.kubernetes.io/name: {{ include "charts.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + replicas: {{ .Values.deployment.replicas }} + strategy: {} + template: + metadata: + labels: + app: data-private + app.kubernetes.io/name: {{ include "charts.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{ if .Values.podAnnotations }} + annotations: + {{- .Values.podAnnotations | toYaml | nindent 8 }} +{{- end }} + spec: + initContainers: + {{ include "charts.init.shoreline" .}} + {{ if .Values.initContainers }} +{{- with .Values.initContainers }} +{{toYaml . | indent 6}}{{- end }} + {{- end }} + containers: + - env: + {{ include "charts.platform.env.mongo" .}} + {{ include "charts.platform.env.misc" .}} + {{ include "charts.platform.env.clients" .}} + {{ include "charts.kafka.common" .}} + {{ include "charts.kafka.cloudevents.client" (dict "Values" .Values "Release" .Release "client" "data") }} + - name: TIDEPOOL_DATA_SERVICE_SECRET + valueFrom: + secretKeyRef: + name: data + key: ServiceAuth + - name: TIDEPOOL_DATA_SERVICE_SERVER_ADDRESS + value: :{{ .Values.global.ports.data_private }} + - name: TIDEPOOL_DEPRECATED_DATA_STORE_DATABASE + value: data + - name: TIDEPOOL_SYNC_TASK_STORE_DATABASE + value: data + image: "{{ .Values.deployment.image }}" + securityContext: + {{- .Values.podSecurityContext | toYaml | nindent 10 }} + {{ template "charts.platform.probes" .Values.global.ports.data_private }} + name: data-private + ports: + - containerPort: {{.Values.global.ports.data_private}} + name: "http" + resources: + {{- toYaml .Values.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 8 }} + restartPolicy: Always + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/charts/tidepool/charts/data/templates/3-upstream-private.yaml b/charts/tidepool/charts/data/templates/3-upstream-private.yaml new file mode 100644 index 00000000..82ed3b05 --- /dev/null +++ b/charts/tidepool/charts/data/templates/3-upstream-private.yaml @@ -0,0 +1,12 @@ +{{ if .Values.global.glooingress.enabled }} +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: data-private + namespace: {{ .Release.Namespace }} +spec: + kube: + serviceName: data-private + serviceNamespace: {{ .Release.Namespace }} + servicePort: {{ .Values.global.ports.data_private }} +{{- end }} diff --git a/charts/tidepool/charts/data/templates/4-routetable.yaml b/charts/tidepool/charts/data/templates/4-routetable.yaml index 3886e15e..9c149408 100644 --- a/charts/tidepool/charts/data/templates/4-routetable.yaml +++ b/charts/tidepool/charts/data/templates/4-routetable.yaml @@ -428,5 +428,5 @@ spec: routeAction: single: upstream: - name: data + name: data-private {{- end }} diff --git a/charts/tidepool/values.yaml b/charts/tidepool/values.yaml index 43f9c7c4..1224dd77 100644 --- a/charts/tidepool/values.yaml +++ b/charts/tidepool/values.yaml @@ -85,6 +85,8 @@ global: blob: 9225 # -- data service internal port data: 9220 + # -- data private service internal port + data_private: 9221 # -- image service internal port image: 9226 # -- mailer service internal port From e54374153e98ac0bcd5320bbe827b3b7a7107691 Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:22:51 +0200 Subject: [PATCH 2/8] Update keycloak dependency version --- charts/tidepool/Chart.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/tidepool/Chart.lock b/charts/tidepool/Chart.lock index b87146c4..89a1d37a 100644 --- a/charts/tidepool/Chart.lock +++ b/charts/tidepool/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: keycloak repository: file://../keycloak - version: 0.4.2 -digest: sha256:bea169e688dc10efdcf259b8c30ee2f90e0ca6e519464bd957f9e1be0a5b8564 -generated: "2024-06-25T11:24:28.447782+03:00" + version: 0.4.3 +digest: sha256:9e8e11d23104da89789675b1676fe7299309fb7eeae7a22c0a2ba6ab169c3fa2 +generated: "2024-11-13T11:22:02.195889+02:00" From aeb055d5a95c23f5e7000afe6b4189c34b0a183c Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:31:43 +0200 Subject: [PATCH 3/8] Add service private --- .../data/templates/2-service-private.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 charts/tidepool/charts/data/templates/2-service-private.yaml diff --git a/charts/tidepool/charts/data/templates/2-service-private.yaml b/charts/tidepool/charts/data/templates/2-service-private.yaml new file mode 100644 index 00000000..50bc6bb4 --- /dev/null +++ b/charts/tidepool/charts/data/templates/2-service-private.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Service +metadata: + labels: + app: data-private +{{ include "charts.labels.standard" .}} + name: data-private + namespace: {{.Release.Namespace}} +spec: + ports: + - name: "http" + port: {{.Values.global.ports.data_private}} + targetPort: "http" + selector: + app: data_private + app.kubernetes.io/name: {{ include "charts.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} From e7d1c1887150af25f2d7e8187e79f590445ab1a1 Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:36:59 +0200 Subject: [PATCH 4/8] Route partners to private data service --- charts/tidepool/charts/data/templates/4-routetable.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/tidepool/charts/data/templates/4-routetable.yaml b/charts/tidepool/charts/data/templates/4-routetable.yaml index 9c149408..507a1886 100644 --- a/charts/tidepool/charts/data/templates/4-routetable.yaml +++ b/charts/tidepool/charts/data/templates/4-routetable.yaml @@ -427,6 +427,8 @@ spec: prefix: /v1/partners/ routeAction: single: - upstream: - name: data-private + kube: + ref: + name: data-private + namespace: {{ .Release.Namespace }} {{- end }} From dd8cac3a8e738d95b41e079be087ea2dd3af993d Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:40:28 +0200 Subject: [PATCH 5/8] Update selector --- .../charts/data/templates/1-deployment-private.yaml | 4 ++-- .../charts/data/templates/2-service-private.yaml | 2 +- .../charts/data/templates/3-upstream-private.yaml | 12 ------------ 3 files changed, 3 insertions(+), 15 deletions(-) delete mode 100644 charts/tidepool/charts/data/templates/3-upstream-private.yaml diff --git a/charts/tidepool/charts/data/templates/1-deployment-private.yaml b/charts/tidepool/charts/data/templates/1-deployment-private.yaml index 3494e18e..d15b6125 100644 --- a/charts/tidepool/charts/data/templates/1-deployment-private.yaml +++ b/charts/tidepool/charts/data/templates/1-deployment-private.yaml @@ -16,7 +16,7 @@ spec: selector: matchLabels: app: data-private - app.kubernetes.io/name: {{ include "charts.name" . }} + app.kubernetes.io/name: {{ include "charts.name" . }}-private app.kubernetes.io/instance: {{ .Release.Name }} replicas: {{ .Values.deployment.replicas }} strategy: {} @@ -24,7 +24,7 @@ spec: metadata: labels: app: data-private - app.kubernetes.io/name: {{ include "charts.name" . }} + app.kubernetes.io/name: {{ include "charts.name" . }}-private app.kubernetes.io/instance: {{ .Release.Name }} {{ if .Values.podAnnotations }} annotations: diff --git a/charts/tidepool/charts/data/templates/2-service-private.yaml b/charts/tidepool/charts/data/templates/2-service-private.yaml index 50bc6bb4..a58e0d84 100644 --- a/charts/tidepool/charts/data/templates/2-service-private.yaml +++ b/charts/tidepool/charts/data/templates/2-service-private.yaml @@ -14,5 +14,5 @@ spec: targetPort: "http" selector: app: data_private - app.kubernetes.io/name: {{ include "charts.name" . }} + app.kubernetes.io/name: {{ include "charts.name" . }}-private app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/charts/tidepool/charts/data/templates/3-upstream-private.yaml b/charts/tidepool/charts/data/templates/3-upstream-private.yaml deleted file mode 100644 index 82ed3b05..00000000 --- a/charts/tidepool/charts/data/templates/3-upstream-private.yaml +++ /dev/null @@ -1,12 +0,0 @@ -{{ if .Values.global.glooingress.enabled }} -apiVersion: gloo.solo.io/v1 -kind: Upstream -metadata: - name: data-private - namespace: {{ .Release.Namespace }} -spec: - kube: - serviceName: data-private - serviceNamespace: {{ .Release.Namespace }} - servicePort: {{ .Values.global.ports.data_private }} -{{- end }} From 712b503b1b1e848e418ca99124a0961e1a71490e Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:43:14 +0200 Subject: [PATCH 6/8] Add back private upstream --- .../charts/data/templates/3-upstream-private.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 charts/tidepool/charts/data/templates/3-upstream-private.yaml diff --git a/charts/tidepool/charts/data/templates/3-upstream-private.yaml b/charts/tidepool/charts/data/templates/3-upstream-private.yaml new file mode 100644 index 00000000..82ed3b05 --- /dev/null +++ b/charts/tidepool/charts/data/templates/3-upstream-private.yaml @@ -0,0 +1,12 @@ +{{ if .Values.global.glooingress.enabled }} +apiVersion: gloo.solo.io/v1 +kind: Upstream +metadata: + name: data-private + namespace: {{ .Release.Namespace }} +spec: + kube: + serviceName: data-private + serviceNamespace: {{ .Release.Namespace }} + servicePort: {{ .Values.global.ports.data_private }} +{{- end }} From 52c36032e4476908e70b0965600d9a18e22a64d4 Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 11:58:02 +0200 Subject: [PATCH 7/8] Fix typo --- charts/tidepool/charts/data/templates/2-service-private.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/tidepool/charts/data/templates/2-service-private.yaml b/charts/tidepool/charts/data/templates/2-service-private.yaml index a58e0d84..b736ca01 100644 --- a/charts/tidepool/charts/data/templates/2-service-private.yaml +++ b/charts/tidepool/charts/data/templates/2-service-private.yaml @@ -13,6 +13,6 @@ spec: port: {{.Values.global.ports.data_private}} targetPort: "http" selector: - app: data_private + app: data-private app.kubernetes.io/name: {{ include "charts.name" . }}-private app.kubernetes.io/instance: {{ .Release.Name }} From 3462779d620fef928a0aefb0d2147f1b916b04ca Mon Sep 17 00:00:00 2001 From: Todd Kazakov Date: Wed, 13 Nov 2024 12:27:06 +0200 Subject: [PATCH 8/8] Fix incorrect destination for partner routes --- charts/tidepool/charts/data/templates/4-routetable.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/charts/tidepool/charts/data/templates/4-routetable.yaml b/charts/tidepool/charts/data/templates/4-routetable.yaml index 507a1886..158a3c91 100644 --- a/charts/tidepool/charts/data/templates/4-routetable.yaml +++ b/charts/tidepool/charts/data/templates/4-routetable.yaml @@ -431,4 +431,5 @@ spec: ref: name: data-private namespace: {{ .Release.Namespace }} + port: {{ .Values.global.ports.data_private }} {{- end }}