changes on load balancer - complete readme, some variables and...

README.md

@@ -8,9 +8,86 @@ You should have your **Kubernetes** cluster installed and configured and then yo
 
 As Arc is an API gateway for your Elasticsearch, make sure that you already have an Elasticsearch cluster with it's basic credentials.
 
-If you don't have an Elasticsearch cluster, you can use this [guid]("https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html")
+If you don't have an Elasticsearch cluster, you can use this [guide]("https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-quickstart.html")
 
-## Quick start
+## Why Helm Charts:
+
+Helm helps you manage Kubernetes applications — Helm Charts help you define, install, and upgrade even the most complex Kubernetes application.
+
+Charts are easy to create, version, share, and publish — so start using Helm and stop the copy-and-paste.
+
+Here we get benefit of Helm Charts to package Arc (which is an API Gateway that sits between a client and an ElasticSearch cluster) and install it in seconds.
+
+## How to install Appbaseio Helm Chart
+
+1- run `helm repo add appbase`
+
+2- run `helm install appbase --set <variables>`
+
+Make sure that you set below variables which are mandatory:
+
+- `elasticsearch.clusterURL`
+
+- `appbase.id`
+
+- `appbase.username` :if you don't set this variable, by default will be set as "admin" 
+- `appbase.password` :if you don't set this variable, by default will be set as "admin"
+
+
+## Configure the cluster with Values
+
+According to Helm chart [values]("https://helm.sh/docs/chart_template_guide/values_files/") you can customize the cluster in the way you want by set variables during the install.
+We categorized variables in order to ease it's readability, for example `elasticsearch.clusterURL`  means clusterURL is a subset of elasticsearch but while setting a vaiable we should follo it's indentation. 
+Here are the variables you can set for your cluster:
+|  Name |Default Value   | Kind  |  Description |
+|---|---|---|---|
+| elasticsearch.clusterURL  | ""  | String  |  clusterURL based on basic authentication. fluent-bit splites this clusterURL soit should be in following pattern: "http://<user>:<password>@domain:port" ( Prtotocol Can also be -> https)  |
+|  arc.name | arc  |  String | It's the name of Arc service which you can use to access your application via service name  |
+|  arc.image |  appbaseio/arc | String  |  This is the image Appbase.io provides as gateway for your elasticsearch, if you have your local repository, you can push Arc image into that then change the URL here. |
+|  arc.port | 8000  | Integer  | The port that used for Arc service |
+| appbase.id  |  "" |  String |  This is **APPBASE_ID** that you can get from [Appbase.io]("https://arc-dashboard.appbase.io/install") |
+|  appbase.username | admin  |  String |  This is the username you choose for your Appbaseio |
+| appbase.password  | admin  |  String | This is the password you choose for your Appbaseio  |
+|  appbase.domain |  "" |  String |  If you are installing helm chart on your production and want to assigne a domain to it, set this variable to your domain, make sure that your loadBalancer.serviceType to be empty ("") |
+|  volume.name | pv  | String  |  If you want  to use default volume, leave name empty but if you want to use your Persistent volume, enter it's name, the PVC ( persistent volume claim) will be assigned to it |
+|  volume.storageClassName |  standard | String  | Your Storage class which should be the same with PVC, if you have a specific class for your Volume, set that here to also be set for PVC  |
+| volume.accessModes  | ReadWriteMany  |  String |  Access mode for volume |
+|  volume.storageSize | 1Gi  | String  | This is the size of PVC storage, Default volume size is 5Gi which you can handle how much of it be assigned to PVC  |
+|  volume.pvcName | pvc  | String  |  You can change PVC (Persitent Volume Claim) name here, it's assigned to PV(Persistent Volume) |
+|  cert.name | ssl  | String  | you can add your certificate here by configuring below values. name is the name of secret file containing your certificate information, if you have your own secret file, you can only fill the name value and leave the other empty  |
+| cert.tlsCrt  |  "" | String  |  "tlsCrt" is your "tls.crt" |
+|  cert.tlsKey | ""  | String  | "tlsKey" is "tls.key"  |
+|  cert.caCrt |  "" |  String |  "caCrt" is "ca.crt" |
+| loadBalancer.serviceType  | ""  | String  |If yo're using kubernetes locally and as you won't have external IP, Can be "NodePort" but if it's your production kubernetes, you can leave it empty which means serviceType is : "LoadBalancer"|
+
+**Tips:**
+
+- Some variables might be long to use in install command, so you can export it and then use it e.g.
+
+     `export $(ES_ClusterURL=<your elasticsearch URL with basec authentication>)`
+
+     then you can use it while installing helm:
+
+     `helm install appbase --set elasticsearch.clusterURL=ES_ClusterURL`
+
+## Kubernetes Distribution support:
+You can check [this page]("https://helm.sh/docs/topics/kubernetes_distros/") to see what distros Helm is currently supporting
+## Test on Minikube
+
+1- Make sure your Minikube is installed, if not, use [this]("https://minikube.sigs.k8s.io/docs/start/") and if you don't have kubectl installed, use this [link]("https://kubernetes.io/docs/tasks/tools/")
+
+2- Add Appbase helm repo and install it as it's said 
+
+    Make sure that you set loadBalancer.serviceType=NodePort
+
+3- After you install helm chart setting loadBalancer.serviceType=NodePort, you will see this result:
+![image](https://user-images.githubusercontent.com/30385958/122102140-5bdb9e80-ce2a-11eb-960b-921c64a298e5.png)
+
+Which you can use the command to get access to your Appbaseio service
+
+    If you changr arc.name, the command will be: minikube service --url <arc name>-nodeport
+
+## How to use it by cloning the project
 1- Clone this repositoy: 
 
 `git clone [email protected]:appbaseio/helm-charts.git` 

appbaseio/templates/NOTES.txt

@@ -1,17 +1,6 @@
-1. Get the application URL by running these commands:
+{{- if eq .Values.loadBalancer.serviceType "NodePort"}}
+Use below command to connect to get appbaseio Access URL:
+minikube service --url {{ .Values.arc.name }}-nodeport
 
-{{- if contains "NodePort" .Values.arc.serviceType }}
-  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ .Values.arc.name }} }})
-  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
-  echo http://$NODE_IP:$NODE_PORT
-{{- else if contains "LoadBalancer" .Values.arc.serviceType}}
-     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
-           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ .Values.arc.name}}'
-  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ .Values.arc.name }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
-  echo http://$SERVICE_IP:{{ .Values.arc.port }}
-{{- else if contains "ClusterIP" .Values.arc.serviceType }}
-  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ .Values.arc.name }}" -o jsonpath="{.items[0].metadata.name}")
-  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
-  echo "Visit http://127.0.0.1:8080 to use your application"
-  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
-{{- end }}
+** If you're not using minikube, you can set loadBalancer.serviceType to "LoadBalancer"
+{{ end }}

appbaseio/templates/appbaseio.yaml

@@ -28,11 +28,7 @@ spec:
             - name: APPBASE_ID
               value: {{ .Values.appbase.id }}
             - name: ES_CLUSTER_URL
-            {{ if .Values.elasticsearch.port}}
-              value: "http://{{.Values.elasticsearch.defUsername}}:{{.Values.elasticsearch.esPassword}}@{{ .Values.elasticsearch.clusterDomain }}:{{.Values.elasticsearch.port}}/"
-              {{else if empty .Values.elasticsearch.port}}
-              value: "http://{{.Values.elasticsearch.defUsername}}:{{.Values.elasticsearch.esPassword}}@{{ .Values.elasticsearch.clusterDomain }}/"
-              {{end}}
+              value: {{ .Values.elasticsearch.clusterURL }}
             - name: LOG_FILE_PATH
               value: "/mnt/data/es.json"
           image: {{.Values.arc.image}}:{{.Values.arc.tag | default .Chart.AppVersion}}
@@ -60,12 +56,9 @@ metadata:
   labels:
     app: {{ .Values.arc.name }}
 spec:
-  type: {{ .Values.arc.serviceType }}
+  type: ClusterIP
   ports:
     - port: {{ .Values.arc.port }}
       targetPort: {{ .Values.arc.port }}
-      {{ if .Values.arc.nodePort }}
-      nodePort: {{ .Values.arc.nodePort | default 30007 }}
-      {{ end }}
   selector:
     app: {{ .Values.arc.name }}

appbaseio/templates/fluentbit.yaml

@@ -3,7 +3,7 @@ kind: ServiceAccount
 metadata:
   name: fluent-bit
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: fluent-bit-read
@@ -13,7 +13,18 @@ rules:
       - namespaces
       - pods
     verbs: ["get", "list", "watch"]
+
+{{ $a := split "//" .Values.elasticsearch.clusterURL}}
+{{ $b := split ":" $a._1 }}
+{{ $user := $b._0 }}
+{{ $c := split "@" $b._1}}
+{{ $pass := $c._0}}
+{{ $domain := $c._1 }}
+{{ $port := "" }}
+{{ $port = $b._2 }}
+
 ---
+
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -47,22 +58,23 @@ data:
     [OUTPUT]
       Name        es
       Match       *
-      Host        {{.Values.elasticsearch.clusterDomain}}
-      Port        {{.Values.elasticsearch.port}}
+      Host        "{{ $domain }}"
+      Port        "{{ $port }}"
       Index       .logs
       Type        _doc
       Generate_ID true
       tls         Off
       tls.verify  Off
-      HTTP_User    {{ .Values.elasticsearch.defUsername }}
-      HTTP_Passwd {{ .Values.elasticsearch.esPassword }}
+      HTTP_User    "{{ $user }}"
+      HTTP_Passwd "{{ $pass }}"
   parsers.conf: |
     [PARSER]
       Name        docker
       Format      json
       Time_Key    timestamp
       Time_Format %Y-%m-%dT%H:%M:%S.%LZ
       Time_Keep   On
+
 ---
 apiVersion: apps/v1
 kind: DaemonSet
@@ -90,18 +102,18 @@ spec:
       containers:
         - name: fluent-bit
           image: fluent/fluent-bit:1.5
-          imagePullPolicy: Always
+          imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 2020
           env:
             - name: ELASTICSEARCH_HOST
-              value: {{ .Values.elasticsearch.clusterDomain }}
+              value: "{{ $domain }}"
             - name: ELASTICSEARCH_PORT
-              value: "{{.Values.elasticsearch.port}}"
+              value: "{{ $port }}"
             - name: ELASTICSEARCH_USERNAME
-              value: {{ .Values.elasticsearch.defUsername }}
+              value: "{{ $user }}"
             - name: ELASTICSEARCH_PASSWORD
-              value: {{ .Values.elasticsearch.esPassword }}
+              value: "{{ $pass }}"
           volumeMounts:
             - name: fluent-bit-data
               mountPath: /mnt/data
@@ -126,7 +138,7 @@ spec:
         - operator: "Exists"
           effect: "NoSchedule"
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: fluent-bit-read

appbaseio/templates/ingress-nginx.yaml

@@ -1,9 +1,10 @@
+{{ if empty .Values.loadBalancer.serviceType }}
 apiVersion: v1
 kind: Namespace
 metadata:
   name: ingress-nginx
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: nginx-service-account
@@ -178,7 +179,7 @@ spec:
       restartPolicy: Always
       schedulerName: default-scheduler
 ---
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   annotations:
@@ -200,17 +201,36 @@ metadata:
   namespace: default
 spec:
   rules:
+    {{ if empty .Values.appbase.domain}}
     - http:
         paths:
-          - backend:
-              serviceName: {{ .Values.arc.name }}
-              servicePort: {{ .Values.arc.port }}
+          - pathType: Prefix
             path: /
-      # host: es.mydomain.com
+            backend:
+              service:
+                name: {{ .Values.arc.name }}
+                port: 
+                 number: {{ .Values.arc.port }}
+    {{else if .Values.appbase.domain}}
+    - host: {{ .Values.appbase.domain }}
+        http:
+          paths:
+            - pathType: Prefix
+              path: /
+              backend:
+                service:
+                  name: {{ .Values.arc.name }}
+                  port: 
+                   number: {{ .Values.arc.port }}
+
+
+      {{ end }}
 
   tls:
-    #- hosts:
-    #  - es.mydomain.com
+    {{ if .Values.appbase.domain }}
+    - hosts:
+     - {{ .Values.appbase.domain }}
+    {{ end }}
     - secretName: {{ .Values.cert.name }}
 ---
 apiVersion: v1
@@ -236,4 +256,6 @@ spec:
   selector:
     app: ingress-nginx
   sessionAffinity: None
-  type: LoadBalancer
+  type: LoadBalancer
+
+  {{ end }}

appbaseio/templates/node-port.yaml

@@ -0,0 +1,17 @@
+{{ if eq .Values.loadBalancer.serviceType "NodePort" }}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ .Values.arc.name }}-nodeport
+spec:
+  type: NodePort
+  selector:
+    app: {{ .Values.arc.name }}
+  ports:
+      # By default and for convenience, the `targetPort` is set to the same value as the `port` field.
+    - port: 80
+      targetPort: 8000
+      # Optional field
+      # By default and for convenience, the Kubernetes control plane will allocate a port from a range (default: 30000-32767)
+      nodePort: 30077
+{{ end }}

appbaseio/templates/tests/test-connection.yaml

@@ -8,8 +8,8 @@ metadata:
     "helm.sh/hook": test
 spec:
   containers:
-    - name: wget
-      image: busybox
+    - name: curl
+      image: curlimages/curl
       command: ['ping']
       args: ['{{.Values.arc.name }} -c1']
   restartPolicy: Never