Skip to content

Latest commit

 

History

History
327 lines (271 loc) · 24.1 KB

README.md

File metadata and controls

327 lines (271 loc) · 24.1 KB

dial-core

Version: 4.1.0 AppVersion: 1.0

Helm chart for dial core

TL;DR

helm repo add dial https://charts.epam-rail.com
helm install my-release dial/dial-core

Prerequisites

  • Helm 3.8.0+
  • PV provisioner support in the underlying infrastructure (optional)
  • Ingress controller support in the underlying infrastructure (optional)

Requirements

Kubernetes: >=1.23.0-0

Repository Name Version
https://charts.bitnami.com/bitnami redis(redis-cluster) 11.4.0
oci://registry-1.docker.io/bitnamicharts common 2.29.0

Installing the Chart

To install the chart with the release name my-release:

helm repo add dial https://charts.epam-rail.com
helm install my-release dial/dial-core

The command deploys dial-core on the Kubernetes cluster in the default configuration. The Parameters section lists the parameters that can be configured during installation.

Uninstalling the Chart

To uninstall/delete the my-release deployment:

helm delete my-release

The command removes all the Kubernetes components associated with the chart and deletes the release.

NOTE: Persistent Volumes created by StatefulSets won't be deleted automatically

Parameters

Specify each parameter using the --set key=value[,key=value] argument to helm install. For example:

helm install my-release dial/dial-core --set image.tag=latest

Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example:

# values.yaml file content
image:
  tag: latest
helm install my-release dial/dial-core -f values.yaml

NOTE: You can use the default values.yaml

Values

Key Type Default Description
affinity object {} Affinity for dial-core pods assignment
annotations object {} Annotations to add to dial-core deployed objects
args list [] Override default dial-core args (useful when using custom images)
autoscaling.hpa.annotations object {} Annotations for HPA resource
autoscaling.hpa.behavior object {} HPA Behavior
autoscaling.hpa.customRules list [] HPA Custom rules
autoscaling.hpa.enabled bool false Enable HPA ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
autoscaling.hpa.maxReplicas int 3 Maximum number of replicas
autoscaling.hpa.minReplicas int 1 Minimum number of replicas
autoscaling.hpa.targetCPU string "" Target CPU utilization percentage
autoscaling.hpa.targetMemory string "" Target Memory utilization percentage
command list [] Override default dial-core command (useful when using custom images)
commonAnnotations object {} Annotations to add to all deployed objects
commonLabels object {} Labels to add to all deployed objects
configuration.encryption.existingSecret string "" The name of the Kubernetes secret containing the encryption "secret" and "key" values. WARNING: Changing this value in the middle of environment lifecycle WILL cause access loss to already encrypted data.
configuration.encryption.key string "" Random string used to encrypt sensitive data e.g. pwgen -s 32 1 WARNING: Autogenerated if not set during first installation. WARNING: Changing this value after first installation takes no effect without existing secret removal. Changing this value in the middle of environment lifecycle WILL cause access loss to already encrypted data.
configuration.encryption.secret string "" Random string used to encrypt sensitive data e.g. pwgen -s 32 1 WARNING: Autogenerated if not set during first installation. Changing this value after first installation takes no effect without existing secret removal. Changing this value in the middle of environment lifecycle WILL cause access loss to already encrypted data.
containerPorts.http int 8080 dial-core HTTP container port
containerPorts.metrics int 9464 dial-core HTTP container port for metrics
containerSecurityContext.enabled bool true Enabled dial-core container's Security Context
containerSecurityContext.readOnlyRootFilesystem bool false Set dial-core containers' Security Context runAsNonRoot
containerSecurityContext.runAsNonRoot bool true Set dial-core containers' Security Context runAsNonRoot
containerSecurityContext.runAsUser int 1001 Set dial-core container's Security Context runAsUser
customLivenessProbe object {} Custom livenessProbe that overrides the default one
customReadinessProbe object {} Custom readinessProbe that overrides the default one
customStartupProbe object {} Custom startupProbe that overrides the default one
diagnosticMode.enabled bool false Enable diagnostic mode (all probes will be disabled)
env object {} Key-value pairs extra environment variables to add to dial-core
extraDeploy list [] Array of extra objects to deploy with the release
extraEnvVarsSecret string "" Name of existing Secret containing extra env vars for dial-core containers
extraVolumeMounts list [] Optionally specify extra list of additional volumeMounts for the dial-core container(s)
extraVolumes list [] Optionally specify extra list of additional volumes for the dial-core pod(s)
fullnameOverride string "" String to fully override common.names.fullname
global.imagePullSecrets list [] Global Docker registry secret names as an array
global.imageRegistry string "" Global Docker image registry
global.storageClass string "" Global StorageClass for Persistent Volume(s)
hostAliases list [] dial-core pods host aliases https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostNetwork bool false Enable Host Network If hostNetwork true, then dnsPolicy is set to ClusterFirstWithHostNet
image.digest string "" Image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag image tag (immutable tags are recommended)
image.pullPolicy string "IfNotPresent" Image pull policy ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
image.pullSecrets list [] Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
image.registry string "docker.io" Image registry
image.repository string "epam/ai-dial-core" Image repository
image.tag string "latest" Image tag (immutable tags are recommended)
ingress.annotations object {} Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. Use this parameter to set the required annotations for cert-manager, see ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
ingress.enabled bool false Enable ingress record generation for container
ingress.extraPaths list [] An array with additional arbitrary paths that may need to be added to the ingress under the main host
ingress.extraRules list [] An array with additional hostname(s) to be covered with the ingress record
ingress.hosts list ["dial-core.local"] An array with hostname(s) to be covered with the ingress record
ingress.ingressClassName string "" IngressClass that will be be used to implement the Ingress ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class
ingress.path string "/" Default path for the ingress record NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
ingress.pathType string "Prefix" Ingress path type
ingress.serviceName string "" Change default name of service for the ingress record
ingress.tls list [] TLS configuration for additional hostname(s) to be covered with this ingress record (evaluated as a template) ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
initContainers list [] Add additional init containers to the dial-core pod(s) ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
labels object {} Labels to add to dial-core deployed objects
lifecycleHooks object {} for the dial-core container(s) to automate configuration before or after startup
livenessProbe.enabled bool true
livenessProbe.failureThreshold int 12
livenessProbe.httpGet.path string "/health"
livenessProbe.httpGet.port string "http"
livenessProbe.initialDelaySeconds int 60
livenessProbe.periodSeconds int 10
livenessProbe.successThreshold int 1
livenessProbe.timeoutSeconds int 3
logger.args[0] string "--config"
logger.args[1] string "/etc/vector/vector.yaml"
logger.command[0] string "vector"
logger.config string "sources:\n core_logs:\n type: \"file\"\n max_line_bytes: 100000000\n oldest_first: true\n include:\n - /app/log/*.log\n\nsinks:\n console:\n inputs:\n - core_logs\n type: console\n target: \"stdout\"\n encoding:\n codec: \"text\"\n"
logger.containerSecurityContext.enabled bool false
logger.containerSecurityContext.runAsNonRoot bool true
logger.containerSecurityContext.runAsUser int 1001
logger.enabled bool false Enable/disable logger
logger.env object {}
logger.extraEnvVarsSecret string ""
logger.extraVolumeMounts object {}
logger.image.digest string "" Image digest for logger component in the way sha256:aa....
logger.image.pullPolicy string "IfNotPresent" Image pull policy for logger component ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
logger.image.pullSecrets list [] Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
logger.image.registry string "docker.io" Image registry for logger component
logger.image.repository string "timberio/vector" Image repository for logger component
logger.image.tag string "0.33.0-alpine" Image tag for logger component
logger.resources object {}
logger.secrets object {}
metrics.enabled bool false Enable the export of Prometheus metrics
metrics.service.annotations object {} Additional custom annotations for dial-core metrics service
metrics.service.clusterIP string "" dial-core metrics service Cluster IP clusterIP: None
metrics.service.externalTrafficPolicy string "Cluster" dial-core metrics service external traffic policy ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
metrics.service.extraPorts list [] Extra ports to expose in dial-core metrics service (normally used with the sidecars value)
metrics.service.loadBalancerIP string "" dial-core metrics service Load Balancer IP ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
metrics.service.loadBalancerSourceRanges list [] dial-core metrics service Load Balancer sources ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
metrics.service.nodePorts object {"http":""} Node ports to expose NOTE: choose port between <30000-32767>
metrics.service.nodePorts.http string "" Node port for metrics
metrics.service.ports object {"http":9464} dial-core metrics service port
metrics.service.ports.http int 9464 dial-core metrics service port
metrics.service.sessionAffinity string "None" Control where client requests go, to the same pod or round-robin Values: ClientIP or None ref: https://kubernetes.io/docs/user-guide/services/
metrics.service.sessionAffinityConfig object {} Additional settings for the sessionAffinity
metrics.service.type string "ClusterIP" dial-core metrics service type
metrics.serviceMonitor.annotations object {} Additional custom annotations for the ServiceMonitor
metrics.serviceMonitor.enabled bool false if true, creates a Prometheus Operator ServiceMonitor (also requires metrics.enabled to be true)
metrics.serviceMonitor.honorLabels bool false honorLabels chooses the metric's labels on collisions with target labels
metrics.serviceMonitor.interval string "" Interval at which metrics should be scraped. ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint e.g: interval: 10s
metrics.serviceMonitor.jobLabel string "" The name of the label on the target service to use as the job name in Prometheus
metrics.serviceMonitor.labels object {} Extra labels for the ServiceMonitor
metrics.serviceMonitor.metricRelabelings list [] Specify additional relabeling of metrics
metrics.serviceMonitor.namespace string "" Namespace in which Prometheus is running
metrics.serviceMonitor.path string "/metrics" Specify metrics path ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
metrics.serviceMonitor.port string "http-metrics" Specify service metrics port ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint
metrics.serviceMonitor.relabelings list [] Specify general relabeling
metrics.serviceMonitor.scrapeTimeout string "" Timeout after which the scrape is ended ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#endpoint e.g: scrapeTimeout: 10s
metrics.serviceMonitor.selector object {} Prometheus instance selector labels ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration
nameOverride string "" String to partially override common.names.name
namespaceOverride string "" String to fully override common.names.namespace
nodeSelector object {} Node labels for dial-core pods assignment ref: https://kubernetes.io/docs/user-guide/node-selection/
pdb.create bool false Enable/disable a Pod Disruption Budget creation
podAnnotations object {} Annotations for dial-core pods ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
podLabels object {} Extra labels for dial-core pods ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
podSecurityContext.enabled bool true Enabled dial-core pod's Security Context
podSecurityContext.fsGroup int 1001 Set dial-core pod's Security Context fsGroup
priorityClassName string "" dial-core pods' priorityClassName
readinessProbe.enabled bool true
readinessProbe.failureThreshold int 6
readinessProbe.httpGet.path string "/health"
readinessProbe.httpGet.port string "http"
readinessProbe.initialDelaySeconds int 60
readinessProbe.periodSeconds int 10
readinessProbe.successThreshold int 1
readinessProbe.timeoutSeconds int 3
redis.cluster.nodes int 3 The number of master nodes should always be >= 3, otherwise cluster creation will fail
redis.cluster.replicas int 0
redis.cluster.update.currentNumberOfNodes int 3
redis.cluster.update.currentNumberOfReplicas int 0
redis.enabled bool true
redis.redis.configmap string "# Intentional gap from 2gb to 2Gi left\nmaxmemory 2gb\n# Evict using approximated LFU, only keys with an expire set\nmaxmemory-policy volatile-lfu"
redis.redis.resources.limits.memory string "2Gi"
redis.redis.resources.requests.memory string "2Gi"
redis.redis.useAOFPersistence string "no" Whether to use AOF Persistence mode or not. We keep only RDB persistence (enabled by default)
replicaCount int 1 Number of dial-core replicas to deploy
resources object {} dial-core resource requests and limits ref: http://kubernetes.io/docs/user-guide/compute-resources/
schedulerName string "" Name of the k8s scheduler (other than default) for dial-core pods ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
secrets object {} Key-value pairs extra environment variables to add in environment variables from secrets to dial-core
service.annotations object {} Additional custom annotations for dial-core service
service.clusterIP string "" dial-core service Cluster IP clusterIP: None
service.externalTrafficPolicy string "Cluster" dial-core service external traffic policy ref http://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
service.extraPorts list [] Extra ports to expose in dial-core service (normally used with the sidecars value)
service.loadBalancerIP string "" dial-core service Load Balancer IP ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
service.loadBalancerSourceRanges list [] dial-core service Load Balancer sources ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
service.nodePorts object {"http":""} Node ports to expose NOTE: choose port between <30000-32767>
service.nodePorts.http string "" Node port for HTTP
service.ports.http int 80 dial-core service HTTP port
service.sessionAffinity string "None" Control where client requests go, to the same pod or round-robin Values: ClientIP or None ref: https://kubernetes.io/docs/user-guide/services/
service.sessionAffinityConfig object {} Additional settings for the sessionAffinity
service.type string "ClusterIP" dial-core service type
serviceAccount.annotations object {} Additional Service Account annotations (evaluated as a template)
serviceAccount.automountServiceAccountToken bool true Automount service account token for the server service account
serviceAccount.create bool true Specifies whether a ServiceAccount should be created
serviceAccount.name string "" The name of the ServiceAccount to use. If not set and create is true, a name is generated using the common.names.fullname template
sidecars list [] Add additional sidecar containers to the dial-core pod(s)
startupProbe.enabled bool false
startupProbe.failureThreshold int 6
startupProbe.httpGet.path string "/health"
startupProbe.httpGet.port string "http"
startupProbe.initialDelaySeconds int 10
startupProbe.periodSeconds int 10
startupProbe.successThreshold int 1
startupProbe.timeoutSeconds int 3
terminationGracePeriodSeconds string "" Seconds dial-core pod needs to terminate gracefully ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
tolerations list [] Tolerations for dial-core pods assignment ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
topologySpreadConstraints list [] Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
updateStrategy.type string "RollingUpdate" StrategyType Can be set to RollingUpdate or OnDelete

Upgrading

To 4.0.0

Bumping the major version to highlight Redis 7.2.4 --> 7.4.1 upgrade. No actions required, however you may want to check Redis® 7.4 release notes for specific details.

As for redis-cluster helm chart, following security defaults changed:

  • runAsGroup is changed from 0 to 1001
  • readOnlyRootFilesystem is set to true

This could potentially break any customization or init scripts used in your deployment. If this is the case, change the default values to the previous ones.

To 3.0.0

IMPORTANT: Manual Action Required for Self-Managed Secrets

In this version we have to reflect ai-dial-core application configuration parameters renaming in version 0.15.1+ by renaming several values in this chart.

  • configuration.encryption.password parameter is renamed to configuration.encryption.secret
  • configuration.encryption.salt parameter is changed to configuration.encryption.key

How to upgrade to version 3.0.0

a) If using encryption Kubernetes secret created by the chart:

  1. Update the parameters you have in your current deployment values (e.g. values.yaml file or set via --set) according to the changes below:

    • configuration.encryption.password --> configuration.encryption.secret
    • configuration.encryption.salt --> configuration.encryption.key

  2. Delete the *-encryption secret, e.g. (replace my-release with the actual release name):

    kubectl delete secret my-release-dial-core-encryption

  3. Proceed with the helm upgrade as usual, e.g.:

    helm upgrade my-release dial/dial-core -f values.yaml

b) If using your own managed Kubernetes secret (configuration.encryption.existingSecret is set):

  1. Rename keys in your existing secret:

    • aidial.encryption.password --> aidial.encryption.secret
    • aidial.encryption.salt --> aidial.encryption.key

    You can update your existing secret to rename or move the keys using the following one-liner command (replace <your-existing-secret-name> and <namespace> with the actual values):

      kubectl get secret <your-existing-secret-name> -o yaml -n <namespace> | jq '.data["aidial.encryption.secret"] = .data["aidial.encryption.password"] | .data["aidial.encryption.key"] = .data["aidial.encryption.salt"] | del(.data["aidial.encryption.password"], .data["aidial.encryption.salt"])' | kubectl replace -f -

  2. Proceed with the helm upgrade as usual, e.g.:

    helm upgrade my-release dial/dial-core -f values.yaml

Redis

The application uses a Redis database to store its data. By default, the Helm chart will deploy a Redis cluster with recommended settings and auto-generated password as a dependency.
You may have to set the redis.password value with the password generated by the Helm chart during the first installation.

For other configuration options, refer to redis-cluster Helm chart documentation.

Use an external Redis database

However, you may want the application to connect to an external Redis database rather than a database provided by the Helm chart - for example, when using a cloud-managed service, or when running a single database server for all your applications. To do this, set the redis.enabled parameter to false and specify the credentials for the external database using the env.aidial.redis.* parameters. Here is an example:

redis:
  enabled: false
env:
  aidial.redis.clusterServersConfig.nodeAddresses: '["redis://myexternalhost:6379"]'
secrets:
  aidial.redis.clusterServersConfig.password: "mypassword"