diff --git a/README.md b/README.md index 494ac89e..e2cdeee4 100644 --- a/README.md +++ b/README.md @@ -100,10 +100,15 @@ You can run the following commands if you wish to verify if all desired componen ```bash root@demo:~# kubectl get pods -n litmus -NAME READY STATUS RESTARTS AGE -chaos-litmus-frontend-775585bf8f-jblf2 1/1 Running 0 79s -chaos-litmus-mongo-0 1/1 Running 0 79s -chaos-litmus-server-96b5f656-zqjt4 2/2 Running 0 79s +NAME READY STATUS RESTARTS AGE +litmusportal-server-6fd57cc89-6w5pn 1/1 Running 0 57s +litmusportal-auth-server-7b596fff9-5s6g5 1/1 Running 0 57s +litmusportal-frontend-55974fcf59-cxxrf 1/1 Running 0 58s +my-release-mongodb-0 1/1 Running 0 63s +my-release-mongodb-1 1/1 Running 0 63s +my-release-mongodb-2 1/1 Running 0 62s +my-release-mongodb-arbiter-0 1/1 Running 0 64s + ``` ### Install External Agent diff --git a/charts/litmus/Chart.yaml b/charts/litmus/Chart.yaml index 832912ad..4f67301c 100644 --- a/charts/litmus/Chart.yaml +++ b/charts/litmus/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 -appVersion: "2.14.0" +appVersion: "3.0.0" description: A Helm chart to install ChaosCenter name: litmus -version: 2.15.11 +version: 3.0.0 kubeVersion: ">=1.16.0-0" home: https://litmuschaos.io sources: diff --git a/charts/litmus/README.md b/charts/litmus/README.md index d33a108a..99f64311 100644 --- a/charts/litmus/README.md +++ b/charts/litmus/README.md @@ -1,6 +1,6 @@ # litmus -![Version: 2.15.11](https://img.shields.io/badge/Version-2.15.11-informational?style=flat-square) ![AppVersion: 2.14.0](https://img.shields.io/badge/AppVersion-2.14.0-informational?style=flat-square) +![Version: 3.0.0](https://img.shields.io/badge/Version-3.0.0-informational?style=flat-square) ![AppVersion: 3.0.0](https://img.shields.io/badge/AppVersion-3.0.0-informational?style=flat-square) A Helm chart to install ChaosCenter @@ -57,7 +57,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | adminConfig.DB_SERVER | string | `""` | | | adminConfig.JWTSecret | string | `"litmus-portal@123"` | | | adminConfig.SKIP_SSL_VERIFY | string | `"false"` | | -| adminConfig.VERSION | string | `"2.14.0"` | | +| adminConfig.VERSION | string | `"3.0.0"` | | | customLabels | object | `{}` | Additional labels | | existingSecret | string | `""` | Use existing secret (e.g., External Secrets) | | image.imagePullSecrets | list | `[]` | | @@ -72,7 +72,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | ingress.ingressClassName | string | `""` | | | ingress.name | string | `"litmus-ingress"` | | | ingress.tls | list | `[]` | | -| mongodb | object | `{"architecture":"standalone","auth":{"enabled":true,"existingSecret":"","rootPassword":"superhardpassword"},"enabled":true,"metrics":{"enabled":false,"prometheusRule":{"enabled":false}},"replicaCount":1,"useStatefulSet":false}` | Configure the Bitnami MongoDB subchart see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml | +| mongodb | object | `{"architecture":"replicaset","auth":{"enabled":true,"existingSecret":"","rootPassword":"1234","rootUser":"root"},"enabled":true,"metrics":{"enabled":false,"prometheusRule":{"enabled":false}},"persistence":{"enabled":true},"replicaCount":3,"volumePermissions":{"enabled":true}}` | Configure the Bitnami MongoDB subchart see values at https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml | | mongodb.auth.existingSecret | string | `""` | existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) | | nameOverride | string | `""` | | | openshift.route.annotations | object | `{}` | | @@ -86,11 +86,11 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.frontend.autoscaling.minReplicas | int | `2` | | | portal.frontend.autoscaling.targetCPUUtilizationPercentage | int | `50` | | | portal.frontend.autoscaling.targetMemoryUtilizationPercentage | int | `50` | | -| portal.frontend.containerPort | int | `8080` | | +| portal.frontend.containerPort | int | `8185` | | | portal.frontend.customLabels | object | `{}` | | | portal.frontend.image.pullPolicy | string | `"Always"` | | | portal.frontend.image.repository | string | `"litmusportal-frontend"` | | -| portal.frontend.image.tag | string | `"2.14.0"` | | +| portal.frontend.image.tag | string | `"3.0.0"` | | | portal.frontend.livenessProbe.failureThreshold | int | `5` | | | portal.frontend.livenessProbe.initialDelaySeconds | int | `30` | | | portal.frontend.livenessProbe.periodSeconds | int | `10` | | @@ -108,12 +108,9 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.frontend.resources.requests.cpu | string | `"125m"` | | | portal.frontend.resources.requests.ephemeral-storage | string | `"500Mi"` | | | portal.frontend.resources.requests.memory | string | `"150Mi"` | | -| portal.frontend.securityContext.allowPrivilegeEscalation | bool | `false` | | -| portal.frontend.securityContext.runAsNonRoot | bool | `true` | | -| portal.frontend.securityContext.runAsUser | int | `2000` | | | portal.frontend.service.annotations | object | `{}` | | | portal.frontend.service.port | int | `9091` | | -| portal.frontend.service.targetPort | int | `8080` | | +| portal.frontend.service.targetPort | int | `8185` | | | portal.frontend.service.type | string | `"ClusterIP"` | | | portal.frontend.tolerations | list | `[]` | | | portal.frontend.updateStrategy | object | `{}` | | @@ -131,7 +128,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.server.authServer.env.LITMUS_GQL_GRPC_PORT | string | `":8000"` | | | portal.server.authServer.image.pullPolicy | string | `"Always"` | | | portal.server.authServer.image.repository | string | `"litmusportal-auth-server"` | | -| portal.server.authServer.image.tag | string | `"2.14.0"` | | +| portal.server.authServer.image.tag | string | `"3.0.0"` | | | portal.server.authServer.ports[0].containerPort | int | `3030` | | | portal.server.authServer.ports[0].name | string | `"auth-server"` | | | portal.server.authServer.ports[1].containerPort | int | `3000` | | @@ -156,28 +153,26 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.server.authServer.volumeMounts | list | `[]` | | | portal.server.authServer.volumes | list | `[]` | | | portal.server.customLabels | object | `{}` | | -| portal.server.graphqlServer.genericEnv.AGENT_DEPLOYMENTS | string | `"[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"` | | | portal.server.graphqlServer.genericEnv.CHAOS_CENTER_UI_ENDPOINT | string | `""` | | | portal.server.graphqlServer.genericEnv.CONTAINER_RUNTIME_EXECUTOR | string | `"k8sapi"` | | -| portal.server.graphqlServer.genericEnv.HUB_BRANCH_NAME | string | `"v2.14.x"` | | +| portal.server.graphqlServer.genericEnv.DEFAULT_HUB_BRANCH_NAME | string | `"v3.0.x"` | | +| portal.server.graphqlServer.genericEnv.INFRA_COMPATIBLE_VERSIONS | string | `"[\"3.0.0\"]"` | | +| portal.server.graphqlServer.genericEnv.INFRA_DEPLOYMENTS | string | `"[\"app=chaos-exporter\", \"name=chaos-operator\", \"app=event-tracker\", \"app=workflow-controller\"]"` | | | portal.server.graphqlServer.genericEnv.LITMUS_AUTH_GRPC_PORT | string | `":3030"` | | | portal.server.graphqlServer.genericEnv.REMOTE_HUB_MAX_SIZE | string | `"5000000"` | | -| portal.server.graphqlServer.genericEnv.SELF_AGENT | string | `"true"` | | -| portal.server.graphqlServer.genericEnv.SELF_AGENT_NODE_SELECTOR | string | `""` | | -| portal.server.graphqlServer.genericEnv.SELF_AGENT_TOLERATIONS | string | `""` | | | portal.server.graphqlServer.genericEnv.TLS_CERT_64 | string | `""` | | | portal.server.graphqlServer.genericEnv.TLS_SECRET_NAME | string | `""` | | -| portal.server.graphqlServer.genericEnv.WORKFLOW_HELPER_IMAGE_VERSION | string | `"2.14.0"` | | +| portal.server.graphqlServer.genericEnv.WORKFLOW_HELPER_IMAGE_VERSION | string | `"3.0.0"` | | | portal.server.graphqlServer.image.pullPolicy | string | `"Always"` | | | portal.server.graphqlServer.image.repository | string | `"litmusportal-server"` | | -| portal.server.graphqlServer.image.tag | string | `"2.14.0"` | | +| portal.server.graphqlServer.image.tag | string | `"3.0.0"` | | | portal.server.graphqlServer.imageEnv.ARGO_WORKFLOW_CONTROLLER_IMAGE | string | `"workflow-controller:v3.3.1"` | | | portal.server.graphqlServer.imageEnv.ARGO_WORKFLOW_EXECUTOR_IMAGE | string | `"argoexec:v3.3.1"` | | -| portal.server.graphqlServer.imageEnv.EVENT_TRACKER_IMAGE | string | `"litmusportal-event-tracker:2.14.0"` | | -| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_EXPORTER_IMAGE | string | `"chaos-exporter:2.14.0"` | | -| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_OPERATOR_IMAGE | string | `"chaos-operator:2.14.0"` | | -| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_RUNNER_IMAGE | string | `"chaos-runner:2.14.0"` | | -| portal.server.graphqlServer.imageEnv.SUBSCRIBER_IMAGE | string | `"litmusportal-subscriber:2.14.0"` | | +| portal.server.graphqlServer.imageEnv.EVENT_TRACKER_IMAGE | string | `"litmusportal-event-tracker:3.0.0"` | | +| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_EXPORTER_IMAGE | string | `"chaos-exporter:3.0.0"` | | +| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_OPERATOR_IMAGE | string | `"chaos-operator:3.0.0"` | | +| portal.server.graphqlServer.imageEnv.LITMUS_CHAOS_RUNNER_IMAGE | string | `"chaos-runner:3.0.0"` | | +| portal.server.graphqlServer.imageEnv.SUBSCRIBER_IMAGE | string | `"litmusportal-subscriber:3.0.0"` | | | portal.server.graphqlServer.livenessProbe.failureThreshold | int | `5` | | | portal.server.graphqlServer.livenessProbe.initialDelaySeconds | int | `30` | | | portal.server.graphqlServer.livenessProbe.periodSeconds | int | `10` | | @@ -221,8 +216,8 @@ We separated service configuration from `portal.server.service` to `portal.serve | portal.server.tolerations | list | `[]` | | | portal.server.updateStrategy | object | `{}` | | | portal.server.waitForMongodb.image.pullPolicy | string | `"Always"` | | -| portal.server.waitForMongodb.image.repository | string | `"curl"` | | -| portal.server.waitForMongodb.image.tag | string | `"2.14.0"` | | +| portal.server.waitForMongodb.image.repository | string | `"mongo"` | | +| portal.server.waitForMongodb.image.tag | int | `6` | | | portal.server.waitForMongodb.resources.limits.cpu | string | `"250m"` | | | portal.server.waitForMongodb.resources.limits.ephemeral-storage | string | `"1Gi"` | | | portal.server.waitForMongodb.resources.limits.memory | string | `"512Mi"` | | @@ -234,7 +229,7 @@ We separated service configuration from `portal.server.service` to `portal.serve | upgradeAgent.affinity | object | `{}` | | | upgradeAgent.controlPlane.image.pullPolicy | string | `"Always"` | | | upgradeAgent.controlPlane.image.repository | string | `"upgrade-agent-cp"` | | -| upgradeAgent.controlPlane.image.tag | string | `"2.14.0"` | | +| upgradeAgent.controlPlane.image.tag | string | `"3.0.0"` | | | upgradeAgent.controlPlane.restartPolicy | string | `"OnFailure"` | | | upgradeAgent.nodeSelector | object | `{}` | | | upgradeAgent.resources | object | `{}` | | diff --git a/charts/litmus/templates/_helpers.tpl b/charts/litmus/templates/_helpers.tpl index 66d9f60b..d5490fb5 100644 --- a/charts/litmus/templates/_helpers.tpl +++ b/charts/litmus/templates/_helpers.tpl @@ -78,10 +78,16 @@ Check for existing secret {{- end -}} {{- end -}} -{{- define "litmus-portal.mongodbServiceName" -}} - {{- if not (eq .Values.mongodb.architecture "replicaset") }} - {{- include "mongodb.fullname" .Subcharts.mongodb -}} - {{ else }} - {{- include "mongodb.service.nameOverride" .Subcharts.mongodb -}} - {{- end -}} +{{/* + Returns mongodb connection string +*/}} +{{- define "litmus-portal.mongodbConnectionString" -}} +{{- $hosts := "" -}} +{{- $count := (.Values.mongodb.replicaCount | int) -}} +{{- range $i, $e := until $count -}} + {{- $host := printf "%s-mongodb-%d.%s-mongodb-headless" $.Release.Name $i $.Release.Name -}} + {{- $hosts = printf "%s%s:%d," $hosts $host 27017 -}} +{{- end -}} +mongodb://{{ trimSuffix "," $hosts }}/admin {{- end -}} + diff --git a/charts/litmus/templates/auth-server-deployment.yaml b/charts/litmus/templates/auth-server-deployment.yaml index f6247acb..19e0b1b5 100644 --- a/charts/litmus/templates/auth-server-deployment.yaml +++ b/charts/litmus/templates/auth-server-deployment.yaml @@ -39,10 +39,41 @@ spec: - name: wait-for-mongodb image: {{ .Values.image.imageRegistryName }}/{{ .Values.portal.server.waitForMongodb.image.repository }}:{{ .Values.portal.server.waitForMongodb.image.tag }} imagePullPolicy: {{ .Values.portal.server.waitForMongodb.image.pullPolicy }} - command: ["/bin/sh", "-c"] + command: ["/bin/bash", "-c"] + env: + - name: DB_PASSWORD + {{- if .Values.mongodb.enabled }} + {{- if not .Values.mongodb.auth.existingSecret }} + value: {{ .Values.mongodb.auth.rootPassword | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: mongodb-root-password + {{- end }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "litmus-portal.secretname" . }} + key: DB_PASSWORD + {{- end }} + - name: DB_USER + {{- if .Values.mongodb.enabled }} + value: {{ .Values.mongodb.auth.rootUser }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "litmus-portal.secretname" . }} + key: DB_USER + {{- end }} + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: {{ include "litmus-portal.fullname" . }}-admin-config + key: DB_SERVER args: [ - "while [[ $(curl -sw '%{http_code}' http://{{ include "litmus-portal.mongodbServiceName" . }}:{{ .Values.mongodb.service.ports.mongodb }} -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + "until [[ $(mongosh -u ${DB_USER} -p ${DB_PASSWORD} ${DB_SERVER} --eval 'rs.status()' | grep 'ok' | wc -l) -eq 1 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", ] resources: {{- toYaml .Values.portal.server.waitForMongodb.resources | nindent 12 }} @@ -67,7 +98,7 @@ spec: - name: DB_PASSWORD {{- if .Values.mongodb.enabled }} {{- if not .Values.mongodb.auth.existingSecret }} - value: {{ .Values.mongodb.auth.rootPassword }} + value: {{ .Values.mongodb.auth.rootPassword | quote }} {{- else }} valueFrom: secretKeyRef: diff --git a/charts/litmus/templates/controlplane-configs.yaml b/charts/litmus/templates/controlplane-configs.yaml index 48612511..0182aabb 100644 --- a/charts/litmus/templates/controlplane-configs.yaml +++ b/charts/litmus/templates/controlplane-configs.yaml @@ -7,12 +7,12 @@ metadata: {{- include "litmus-portal.labels" . | nindent 4 }} app.kubernetes.io/component: {{ include "litmus-portal.name" . }}-admin-config data: - AGENT_SCOPE: "{{ .Values.portalScope }}" - AGENT_NAMESPACE: "{{ .Release.Namespace }}" + INFRA_SCOPE: "{{ .Values.portalScope }}" + INFRA_NAMESPACE: "{{ .Release.Namespace }}" {{- if .Values.adminConfig.DB_SERVER }} - DB_SERVER: "mongodb://{{ .Values.adminConfig.DB_SERVER }}:{{ .Values.adminConfig.DB_PORT }}" + DB_SERVER: "{{ .Values.adminConfig.DB_SERVER }}" {{- else }} - DB_SERVER: "mongodb://{{ include "litmus-portal.mongodbServiceName" . }}:{{ .Values.mongodb.service.ports.mongodb }}" + DB_SERVER: "{{ include "litmus-portal.mongodbConnectionString" . }}" {{- end }} VERSION: "{{ .Values.adminConfig.VERSION }}" SKIP_SSL_VERIFY: "{{ .Values.adminConfig.SKIP_SSL_VERIFY }}" @@ -26,59 +26,89 @@ metadata: {{- include "litmus-portal.labels" . | nindent 4 }} app.kubernetes.io/component: {{ include "litmus-portal.name" . }}-admin-config data: - default.conf: | - map $http_upgrade $connection_upgrade { - default upgrade; - '' close; + nginx.conf: | + pid /tmp/nginx.pid; + + events { + worker_connections 1024; } - server { - listen 8080; - server_name localhost; - #charset koi8-r; - #access_log /var/log/nginx/host.access.log main; - location / { - proxy_http_version 1.1; - root /usr/share/nginx/html; - index index.html index.htm; - try_files $uri /index.html; + + http { + map $http_upgrade $connection_upgrade { + default upgrade; + '' close; } - #error_page 404 /404.html; - # redirect server error pages to the static page /50x.html - # - error_page 500 502 503 504 /50x.html; - location = /50x.html { - root /usr/share/nginx/html; - } - # deny access to .htaccess files, if Apache's document root - # concurs with nginx's one - # - #location ~ /\.ht { - # deny all; - #} - location /auth/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://{{ include "litmus-portal.fullname" . }}-auth-server-service:9003/"; - } - location /api/ { - proxy_http_version 1.1; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://{{ include "litmus-portal.fullname" . }}-server-service:9002/"; - } - location /ws/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection $connection_upgrade; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass "http://{{ include "litmus-portal.fullname" . }}-server-service:9002/"; + + client_body_temp_path /tmp/client_temp; + proxy_temp_path /tmp/proxy_temp_path; + fastcgi_temp_path /tmp/fastcgi_temp; + uwsgi_temp_path /tmp/uwsgi_temp; + scgi_temp_path /tmp/scgi_temp; + + sendfile on; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; + types_hash_max_size 2048; + server_tokens off; + + include /etc/nginx/mime.types; + + gzip on; + gzip_disable "msie6"; + + access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; + + server { + listen 8185 default_server; + root /opt/chaos; + + location /health { + return 200; + } + + location / { + proxy_http_version 1.1; + add_header Cache-Control "no-cache"; + try_files $uri /index.html; + autoindex on; + } + + # redirect server error pages to the static page /50x.html + # + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + + location /auth/ { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://{{ include "litmus-portal.fullname" . }}-auth-server-service:9003/"; + } + + location /api/ { + proxy_http_version 1.1; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://{{ include "litmus-portal.fullname" . }}-server-service:9002/"; + } + + location /ws/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection $connection_upgrade; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_pass "http://{{ include "litmus-portal.fullname" . }}-server-service:9002/"; + } } } diff --git a/charts/litmus/templates/frontend-deployment.yaml b/charts/litmus/templates/frontend-deployment.yaml index 7baa8338..111187f4 100644 --- a/charts/litmus/templates/frontend-deployment.yaml +++ b/charts/litmus/templates/frontend-deployment.yaml @@ -61,8 +61,8 @@ spec: name: http volumeMounts: - name: nginx-config - mountPath: /etc/nginx/conf.d/default.conf - subPath: default.conf + mountPath: /etc/nginx/nginx.conf + subPath: nginx.conf {{- with .Values.portal.frontend.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/litmus/templates/server-deployment.yaml b/charts/litmus/templates/server-deployment.yaml index 7fcddfdc..6047bb47 100644 --- a/charts/litmus/templates/server-deployment.yaml +++ b/charts/litmus/templates/server-deployment.yaml @@ -38,15 +38,46 @@ spec: - name: wait-for-mongodb image: {{ .Values.image.imageRegistryName }}/{{ .Values.portal.server.waitForMongodb.image.repository }}:{{ .Values.portal.server.waitForMongodb.image.tag }} imagePullPolicy: {{ .Values.portal.server.waitForMongodb.image.pullPolicy }} - command: ["/bin/sh", "-c"] + command: ["/bin/bash", "-c"] + env: + - name: DB_PASSWORD + {{- if .Values.mongodb.enabled }} + {{- if not .Values.mongodb.auth.existingSecret }} + value: {{ .Values.mongodb.auth.rootPassword | quote }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.mongodb.auth.existingSecret }} + key: mongodb-root-password + {{- end }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "litmus-portal.secretname" . }} + key: DB_PASSWORD + {{- end }} + - name: DB_USER + {{- if .Values.mongodb.enabled }} + value: {{ .Values.mongodb.auth.rootUser }} + {{- else }} + valueFrom: + secretKeyRef: + name: {{ include "litmus-portal.secretname" . }} + key: DB_USER + {{- end }} + - name: DB_SERVER + valueFrom: + configMapKeyRef: + name: {{ include "litmus-portal.fullname" . }}-admin-config + key: DB_SERVER args: [ - "while [[ $(curl -sw '%{http_code}' http://{{ include "litmus-portal.mongodbServiceName" . }}:{{ .Values.mongodb.service.ports.mongodb }} -o /dev/null) -ne 200 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", + "until [[ $(mongosh -u ${DB_USER} -p ${DB_PASSWORD} ${DB_SERVER} --eval 'rs.status()' | grep 'ok' | wc -l) -eq 1 ]]; do sleep 5; echo 'Waiting for the MongoDB to be ready...'; done; echo 'Connection with MongoDB established'", ] - securityContext: - {{- toYaml .Values.portal.server.waitForMongodb.securityContext | nindent 12 }} resources: {{- toYaml .Values.portal.server.waitForMongodb.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.portal.server.waitForMongodb.securityContext | nindent 12 }} containers: - name: graphql-server image: {{ .Values.image.imageRegistryName }}/{{ .Values.portal.server.graphqlServer.image.repository }}:{{ .Values.portal.server.graphqlServer.image.tag }} @@ -78,7 +109,7 @@ spec: - name: DB_PASSWORD {{- if .Values.mongodb.enabled }} {{- if not .Values.mongodb.auth.existingSecret }} - value: {{ .Values.mongodb.auth.rootPassword }} + value: {{ .Values.mongodb.auth.rootPassword | quote}} {{- else }} valueFrom: secretKeyRef: diff --git a/charts/litmus/values-ci.yaml b/charts/litmus/values-ci.yaml index 562361c0..edb3a5b9 100644 --- a/charts/litmus/values-ci.yaml +++ b/charts/litmus/values-ci.yaml @@ -1,9 +1,12 @@ # Default values.yml for using chart with "ci" images # This is added for using litmus-helm-agent with ChaosCenter Helm-Chart deployment. -# Once litmus-helm-agent is compatible with versioned release of helm-chart, this file will be removed. +# Once litmus-helm-agent is compatible with versioned release of helm-chart, this file will be removed. adminConfig: VERSION: "ci" + DBPASSWORD: "" + DBUSER: "" + DB_SERVER: "" upgradeAgent: controlPlane: @@ -30,4 +33,4 @@ portal: authServer: image: - tag: ci \ No newline at end of file + tag: ci diff --git a/charts/litmus/values.yaml b/charts/litmus/values.yaml index ef01dd1b..be102b90 100644 --- a/charts/litmus/values.yaml +++ b/charts/litmus/values.yaml @@ -15,7 +15,7 @@ existingSecret: "" adminConfig: JWTSecret: "litmus-portal@123" - VERSION: "2.14.0" + VERSION: "3.0.0" SKIP_SSL_VERIFY: "false" # -- leave empty if uses Mongo DB deployed by this chart DBPASSWORD: "" @@ -60,7 +60,7 @@ upgradeAgent: controlPlane: image: repository: upgrade-agent-cp - tag: "2.14.0" + tag: "3.0.0" pullPolicy: "Always" restartPolicy: OnFailure nodeSelector: {} @@ -98,15 +98,15 @@ portal: ## maxSurge: 1 ## maxUnavailable: 25% automountServiceAccountToken: false - securityContext: - runAsUser: 2000 - allowPrivilegeEscalation: false - runAsNonRoot: true + # securityContext: + # runAsUser: 2000 + # allowPrivilegeEscalation: false + # runAsNonRoot: true image: repository: litmusportal-frontend - tag: 2.14.0 + tag: 3.0.0 pullPolicy: "Always" - containerPort: 8080 + containerPort: 8185 customLabels: {} # my.company.com/tier: "frontend" @@ -138,7 +138,7 @@ portal: annotations: {} type: ClusterIP port: 9091 - targetPort: 8080 + targetPort: 8185 virtualService: enabled: false hosts: [] @@ -165,14 +165,15 @@ portal: # my.company.com/tier: "backend" waitForMongodb: image: - repository: curl - tag: 2.14.0 + repository: mongo + tag: 6 pullPolicy: "Always" - securityContext: {} - # runAsUser: 101 - # allowPrivilegeEscalation: false - # runAsNonRoot: true - # readOnlyRootFilesystem: true + securityContext: + {} + # runAsUser: 101 + # allowPrivilegeEscalation: false + # runAsNonRoot: true + # readOnlyRootFilesystem: true resources: # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little @@ -204,7 +205,7 @@ portal: readOnlyRootFilesystem: true image: repository: litmusportal-server - tag: 2.14.0 + tag: 3.0.0 pullPolicy: "Always" ports: - name: gql-server @@ -221,25 +222,23 @@ portal: port: 8000 targetPort: 8000 imageEnv: - SUBSCRIBER_IMAGE: "litmusportal-subscriber:2.14.0" - EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:2.14.0" + SUBSCRIBER_IMAGE: "litmusportal-subscriber:3.0.0" + EVENT_TRACKER_IMAGE: "litmusportal-event-tracker:3.0.0" ARGO_WORKFLOW_CONTROLLER_IMAGE: "workflow-controller:v3.3.1" ARGO_WORKFLOW_EXECUTOR_IMAGE: "argoexec:v3.3.1" - LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:2.14.0" - LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:2.14.0" - LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:2.14.0" + LITMUS_CHAOS_OPERATOR_IMAGE: "chaos-operator:3.0.0" + LITMUS_CHAOS_RUNNER_IMAGE: "chaos-runner:3.0.0" + LITMUS_CHAOS_EXPORTER_IMAGE: "chaos-exporter:3.0.0" genericEnv: TLS_SECRET_NAME: "" TLS_CERT_64: "" - SELF_AGENT: "true" - SELF_AGENT_NODE_SELECTOR: "" - SELF_AGENT_TOLERATIONS: "" CONTAINER_RUNTIME_EXECUTOR: "k8sapi" - HUB_BRANCH_NAME: "v2.14.x" - AGENT_DEPLOYMENTS: '["app=chaos-exporter", "name=chaos-operator", "app=event-tracker", "app=workflow-controller"]' + DEFAULT_HUB_BRANCH_NAME: "v3.0.x" + INFRA_DEPLOYMENTS: '["app=chaos-exporter", "name=chaos-operator", "app=event-tracker", "app=workflow-controller"]' LITMUS_AUTH_GRPC_PORT: ":3030" - WORKFLOW_HELPER_IMAGE_VERSION: "2.14.0" + WORKFLOW_HELPER_IMAGE_VERSION: "3.0.0" REMOTE_HUB_MAX_SIZE: "5000000" + INFRA_COMPATIBLE_VERSIONS: '["3.0.0"]' # Provide UI endpoint if using namespaced scope CHAOS_CENTER_UI_ENDPOINT: "" resources: @@ -282,7 +281,7 @@ portal: automountServiceAccountToken: false image: repository: litmusportal-auth-server - tag: 2.14.0 + tag: 3.0.0 pullPolicy: "Always" ports: - name: auth-server @@ -335,12 +334,16 @@ mongodb: enabled: true auth: enabled: true - rootPassword: "superhardpassword" + rootUser: "root" + rootPassword: "1234" # -- existingSecret Existing secret with MongoDB(®) credentials (keys: `mongodb-passwords`, `mongodb-root-password`, `mongodb-metrics-password`, ` mongodb-replica-set-key`) existingSecret: "" - architecture: standalone - useStatefulSet: false - replicaCount: 1 + architecture: replicaset + replicaCount: 3 + persistence: + enabled: true + volumePermissions: + enabled: true metrics: enabled: false prometheusRule: