Skip to content

Commit

Permalink
navi-castle 1.9.5
Browse files Browse the repository at this point in the history
  • Loading branch information
@i-bogomazov
i-bogomazov committed Nov 22, 2024
1 parent 1044386 commit a676418
Show file tree
Hide file tree
Showing 9 changed files with 595 additions and 37 deletions.
62 changes: 48 additions & 14 deletions charts/navi-castle/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn
| ------------------------- | ------------------------------------- | ----------------------------- |
| `castle.image.repository` | Navi-Castle service image repository. | `2gis-on-premise/navi-castle` |
| `castle.image.pullPolicy` | Navi-Castle service pull policy. | `IfNotPresent` |
| `castle.image.tag` | Navi-Castle service image tag. | `1.9.2` |
| `castle.image.tag` | Navi-Castle service image tag. | `1.9.5` |
| `nginx.image.repository` | Navi-Front image repository. | `2gis-on-premise/navi-front` |
| `nginx.image.tag` | Navi-Front image tag. | `1.24.1` |

Expand Down Expand Up @@ -102,22 +102,30 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn

### Navi-Castle service settings

| Name | Description | Value |
| -------------------------------------- | --------------------------------------------------- | ------------------------------ |
| `castle.castleDataPath` | Path to the data directory. | `/opt/castle/data/` |
| `castle.restrictions` | Section ignored if castle.restriction.enabled=false | |
| `castle.restrictions.host` | Restrictions API base URL. | `http://restrictions-api.host` |
| `castle.restrictions.key` | Restrictions API key. | `""` |
| `castle.jobs` | Number of parallel downloading jobs. | `1` |
| `castle.startupProbe` | Settings for startup probes | |
| `castle.startupProbe.periodSeconds` | Check period for startup probes. | `5` |
| `castle.startupProbe.failureThreshold` | Threshold for startup probes. | `180` |
| Name | Description | Value |
| -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ |
| `castle.castleDataPath` | Path to the data directory. | `/opt/castle/data/` |
| `castle.excludeProjects` | Array of project labels to exclude | `[]` |
| `castle.restrictions` | Section ignored if castle.restriction.enabled=false | |
| `castle.restrictions.host` | Restrictions API base URL. | `http://restrictions-api.host` |
| `castle.restrictions.key` | Restrictions API key. | `""` |
| `castle.jobs` | Number of parallel downloading jobs. | `1` |
| `castle.logLevel` | Logging level, one of: DEBUG, INFO, WARNING, ERROR, CRITICAL. | `INFO` |
| `castle.startupProbe` | Settings for startup probes | |
| `castle.startupProbe.periodSeconds` | Check period for startup probes. | `5` |
| `castle.startupProbe.failureThreshold` | Threshold for startup probes. | `180` |
| `castle.storePeriod` | Retention period for the corresponding data if enabled, ref. `cron`, `init` and `rtr` sections. Supported values: `day`, `month`, `week` or a specific number of days. | |
| `castle.storePeriod.import` | Retention period for `import` job data, ref. `cron/init.enabled.import` | `month` |
| `castle.storePeriod.restriction` | Retention period for `restriction` job data, ref. `cron/init.enabled.restriction` | `week` |
| `castle.storePeriod.restrictionImport` | Retention period for `restrictionImport` job data, ref. `cron/init.enabled.restrictionImport` | `week` |
| `castle.storePeriod.rtr` | Retention period for `rtr` data, ref. `rtr.enabled` | `week` |

### Navi-Front settings

| Name | Description | Value |
| ------------ | ------------------------------------------------ | ------ |
| `nginx.port` | HTTP port on which Navi-Front will be listening. | `8080` |
| Name | Description | Value |
| ------------------ | ------------------------------------------------ | ------- |
| `nginx.port` | HTTP port on which Navi-Front will be listening. | `8080` |
| `nginx.nodeHeader` | Enable header with node name (X-Node). | `false` |

### Cron settings

Expand Down Expand Up @@ -149,6 +157,32 @@ See the [documentation](https://docs.2gis.com/en/on-premise/navigation) to learn
| `persistentVolume.accessModes` | Volume access mode. | `["ReadWriteOnce"]` |
| `persistentVolume.storageClass` | Volume [storage class](https://kubernetes.io/docs/concepts/storage/storage-classes/). | `ceph-csi-rbd` |
| `persistentVolume.size` | Volume size. | `5Gi` |
| `persistentVolume.type` | Volume type `pvc` or `ephemeral`. | `pvc` |

### RTR settings. Leave with defaults, FOR FUTURE RELEASE.

| Name | Description | Value |
| ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- |
| `rtr.enabled` | If the RTR is enabled. | `false` |
| `rtr.http.baseDir` | Base dir on server. | `export-restrictions-json` |
| `rtr.http.serverUrl` | Server URL. | `http://server` |
| `rtr.kafka.topic` | Name of the topic. | `rtr.topic` |
| `rtr.kafka.groupId` | Kafka consumer group id. | `castle-rtr` |
| `rtr.kafka.properties` | Properties as supported by kafka-python. Refer to inline comments for details. | |
| `rtr.kafka.sensitiveProperties` | As rtr.kafka.properties, but kept in Secrets. Refer to inlines comments for details. | `{}` |
| `rtr.kafka.fileProperties` | As rtr.kafka.properties, but kept in a file, which passed to application as a filename. Refer to inline comments for details. | `{}` |
| `rtr.buildFtp.baseDir` | Base dir on build ftp. | `trafficedro` |
| `rtr.buildFtp.login` | Login on build ftp. | `login` |
| `rtr.buildFtp.password` | Password on build ftp. | `password` |
| `rtr.buildFtp.serverUrl` | URL build ftp. | `http://buildftp/` |
| `rtr.prometheus.baseDir` | Base dir on premtheus. | `api/private/Export/segmentGrid/freezeVersions` |
| `rtr.prometheus.serverUrl` | URL premtheus. | `http://prometheus/` |
| `rtr.puzzle.baseDir` | Base dir on puzzle. | `api/segments-to-download?version=%version%` |
| `rtr.puzzle.serverUrl` | URL puzzle. | `http://puzzle/` |
| `rtr.puzzleSegments.baseDir` | Base dir on puzzle segments. | `api/segments/%code%?version=%version%` |
| `rtr.puzzleSegments.serverUrl` | URL puzzle segments. | `http://puzzle/` |
| `rtr.webapi.baseDir` | Base dir on webapi. | `/2.0/region/list?fields=*&type=segment,region` |
| `rtr.webapi.serverUrl` | URL webapi. | `http://catalog/` |

### customCAs **Custom Certificate Authority**

Expand Down
113 changes: 113 additions & 0 deletions charts/navi-castle/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -85,6 +85,119 @@ Determine --service parameter for a specific cron job flavor
{{- end -}}


{{- /*
Collect merged Kafka properties from these dictionaries:
- kafka.properties: this is a simple key/value dictionary
- kafka.fileProperties: this is a key/content dictionary given in values,
content is sensitive and stored in Secret resource, they get
mounted as files sonamed after key. While actual secret values are
hidden this way, what actually goes here in environment properties is
file names. This value substitution is implemented down here.
*/ -}}

{{- /* Merge .kafka.properties and .kafka.fileProperties dictionaries.
Context:
.kafka.properties
.kafka.fileProperties
.overrides.properties
.overrides.fileProperties
.mountpoint
File properties values (file contents) replaced with keys (file names).
File names prepended with the supposed directory from .mountpoint.
overrides.* are merged with kafka.* accordingly.
Returns {"ret": that-merged-dict}.
Folding result in "ret" needed for marshalling.
*/ -}}
{{- define "castle.kafkaProperties" -}}
{{- $ctx := . -}}
{{- $kafkaProperties := dict -}}
{{- $fileProperties := deepCopy $ctx.kafka.fileProperties | mustMerge (($ctx.overrides).fileProperties | default dict) -}}
{{- range $key, $_ := $fileProperties -}}
{{- $_ := set $kafkaProperties $key (printf "%s/%s" $ctx.mountpoint $key) -}}
{{- end -}}
{{- $regularProperties := deepCopy $ctx.kafka.properties | mustMerge (($ctx.overrides).properties | default dict) -}}
{{- $kafkaProperties = deepCopy $regularProperties | mustMerge $kafkaProperties -}}
{{- dict "ret" $kafkaProperties | toYaml }}
{{- end }}


{{- /* Translate properties into `env` construction as in containers:
Context:
.kafka.properties
.kafka.fileProperties
.kafka.sensitiveProperties
.overrides.properties
.overrides.fileProperties
.overrides.sensitiveProperties
.mountpoint
.secretname
.prefix
.kafka.properties and .kafka.fileProperties merged with kafkaProperties (defined above)
each entry translated into {"name":..., "value":...}
where name is in form <PREFIX><PROPERTY_NAME>
prefix is from .prefix
property name with '.' replaced with '_' and in upper-case
e.g.:
prefix=PRODUCER_CONFIG_
property-name=security.protocol
result: PRODUCER_CONFIG_SECURITY_PROTOCOL
merged with .sensitiveProperties where entries are in format:
{ "name": ...,
"valueFrom": {
"secretKeyRef": {
"name": ...,
"key": ...
}
}
}
where secretKeyRef.name is from .secretname
overrides.* are merged with kafka.* accordingly.

Resulting object folded in {"ret":...} for marshalling.
*/ -}}
{{- define "castle.kafkaPropertiesEnv" -}}
{{- $ctx := . -}}
{{- $kafkaProperties := get (fromYaml (include "castle.kafkaProperties" $ctx)) "ret" -}}
{{- $env := list -}}
{{- range $prop, $val := $kafkaProperties -}}
{{- $env = append $env (dict
"name" (print $ctx.prefix ($prop | upper | replace "." "_"))
"value" $val
) -}}
{{- end -}}
{{- $sensitiveProperties := deepCopy $ctx.kafka.sensitiveProperties | mustMerge (($ctx.overrides).sensitiveProperties | default dict) -}}
{{- range $prop, $val := $sensitiveProperties -}}
{{- $env = append $env (dict
"name" (print $ctx.prefix ($prop | upper | replace "." "_"))
"valueFrom" (dict
"secretKeyRef" (dict
"name" $ctx.secretname
"key" $prop
)
)
) -}}
{{- end -}}
{{- dict "ret" $env | toYaml }}
{{- end }}


{{- define "castle.kafkaPropertiesConfig" -}}
{{- $ctx := . -}}
{{- $kafkaProperties := get (fromYaml (include "castle.kafkaProperties" $ctx)) "ret" -}}
{{- $sensitiveProperties := deepCopy $ctx.kafka.sensitiveProperties | mustMerge (($ctx.overrides).sensitiveProperties | default dict) -}}
{{- range $prop, $val := $kafkaProperties -}}
{{- printf "%s: '%s',\n" ($prop | replace "." "_") $val }}
{{- end -}}
{{- range $prop, $val := $sensitiveProperties -}}
{{ printf "%s: '%s'," ($prop | replace "." "_") "from-env" }}
{{- end -}}
{{- end }}

{{/*
Set custom CAs mount path
Usage:
Expand Down
Loading

0 comments on commit a676418

Please sign in to comment.