Helm charts for Navida Pro
Structure
The backend services as of now contains a directory called CD and under this directory you can find a sub directory called templates which contains the template yaml files for mainly
- deployment
- configmaps
- services
- hpa ( horizontal pod autoscaling)
- service monitor
- service account
mychart/
├── Chart.yaml
├── values.yaml
├── templates/
│ ├── deployment.yaml
│ ├── configmap.yaml
│ ├── service.yaml
│ ├── hpa.yaml
│ ├── servicemonitor.yaml
│ └── serviceaccount.yaml
└── ...
actual structure and tempaltes from one of the backend service are used for explaining the below :
Templates
Deployment template :
A Deployment provides declarative updates for Pods and ReplicaSets. You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate.
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "helm-chart.fullname" . }}
labels:
{{- include "helm-chart.labels" . | nindent 4 }}
spec:
{{- if not .Values.autoscaling.enabled }}
replicas: {{ .Values.replicaCount }}
{{- end }}
revisionHistoryLimit: {{ .Values.revisionHistoryLimit}}
selector:
matchLabels:
{{- include "helm-chart.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "helm-chart.selectorLabels" . | nindent 8 }}
spec:
{{- with .Values.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
serviceAccountName: {{ include "helm-chart.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
volumes:
- name: "{{ .Chart.Name }}-kafka-cert-volume"
emptyDir: {}
- name: all-ca-certs-config
configMap:
name: {{ .Values.caCertsConfigMap }}
- name: application-config
configMap:
name: {{ include "helm-chart.fullname" . }}-properties
items:
- key: application.properties
path: application.properties
initContainers:
- name: "{{ .Chart.Name }}-kafka-cert-prep"
image: "{{ .Values.init_image.kafkaCertPrepImage }}"
command: ["/bin/sh", "-c"]
args:
- |
for cert in /tmp/certs/*
do
alias=$(basename $cert | cut -f 1 -d '.')
keytool -import -file $cert -alias $alias -keystore /etc/kafka/certs/${alias}.jks -storepass "{{ .Values.env.javax.net.ssl.trustStorePassword }}" -noprompt
keytool -importkeystore -srckeystore /etc/kafka/certs/${alias}.jks -destkeystore /etc/kafka/certs/navida.truststore.jks -srcstorepass "{{ .Values.env.javax.net.ssl.trustStorePassword }}" -deststorepass "{{ .Values.env.javax.net.ssl.trustStorePassword }}"
done
volumeMounts:
- name: "{{ .Chart.Name }}-kafka-cert-volume"
mountPath: "/etc/kafka/certs"
- name: all-ca-certs-config
mountPath: "/tmp/certs"
readOnly: false
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
{{- include "toFlatEnv" (dict "keys" (list) "value" .Values.env) | nindent 12 }}
ports:
- name: {{ .Values.ports.name }}
containerPort: {{ .Values.ports.containerPort }}
protocol: {{ .Values.ports.protocol }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
livenessProbe:
{{- with .Values.livenessProbe}}
initialDelaySeconds: {{ .initialDelaySeconds }}
periodSeconds: {{ .periodSeconds }}
timeoutSeconds: {{ .timeoutSeconds }}
{{- end}}
httpGet:
path: {{ .Values.livenessProbe.path }}
port: {{ .Values.service.port}}
scheme: HTTP
readinessProbe:
{{- with .Values.readinessProbe}}
initialDelaySeconds: {{ .initialDelaySeconds }}
periodSeconds: {{ .periodSeconds }}
timeoutSeconds: {{ .timeoutSeconds }}
{{- end}}
httpGet:
path: {{ .Values.readinessProbe.path }}
port: {{ .Values.service.port }}
scheme: HTTP
volumeMounts:
- name: application-config
mountPath: "/app/resources/application.properties"
subPath: application.properties
readOnly: true
- name: "{{ .Chart.Name }}-kafka-cert-volume"
mountPath: "/navida.truststore.jks"
subPath: navida.truststore.jks
- name: "{{ .Chart.Name }}-kafka-cert-volume"
mountPath: "/app/resources/navida.truststore.jks"
subPath: navida.truststore.jks
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
ConfigMap template :
ConfigMaps allow you to decouple configuration artifacts from image content to keep containerized applications portable.
Service template :
A Service in Kubernetes is an abstraction which defines a logical set of Pods and a policy by which to access them.
HPA template :
The Horizontal Pod Autoscaler automatically scales the number of pods in a replication controller, deployment, or replica set based on observed CPU utilization.
Service monitor template :
ServiceMonitor is a resource in the monitoring.coreos.com group that tells the Prometheus operator which services should be monitored.
Service Account template :
A ServiceAccount provides an identity for processes that run in a Pod.