Skip to content

Commit

Permalink
chore: added tenantadm CronJobs
Browse files Browse the repository at this point in the history
This is an Hosted only feature: cronjobs to maintain tenants

Ticket: MC-7433

Signed-off-by: Roberto Giovanardi <[email protected]>
  • Loading branch information
oldgiova committed May 24, 2024
1 parent 4f8371c commit d865b93
Show file tree
Hide file tree
Showing 5 changed files with 123 additions and 4 deletions.
7 changes: 7 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -649,6 +649,13 @@ The following table lists the parameters for the `tenantadm` component and their
| `tenantadm.probesOverrides.successThreshold` | Override the `successThreshold` for every Readiness and Liveness probes. | `nil` |
| `tenantadm.probesOverrides.timeoutSeconds` | Override the `timeoutSeconds` for every Readiness and Liveness probes. | `nil` |
| `tenantadm.probesOverrides.failureThreshold` | Override the `failureThreshold` for every Readiness and Liveness probes. | `nil` |
| `tenantadm.cronjobs.suspendTenants.enabled` | Creates the Suspend Tenants cronjob (Hosted only) | `false` |
| `tenantadm.cronjobs.suspendTenants.schedule` | Set a schedule for the Suspend Tenants cronjob (Hosted only) | `0 7 * * *` |
| `tenantadm.cronjobs.suspendTenants.resouces` | Set the resources for the Suspend Tenants cronjob (Hosted only) | `nil` |
| `tenantadm.cronjobs.syncTenants.enabled` | Creates the Suspend Tenants cronjob (Hosted only) | `false` |
| `tenantadm.cronjobs.syncTenants.schedule` | Set a schedule for the Suspend Tenants cronjob (Hosted only) | `0 7 * * *` |
| `tenantadm.cronjobs.syncTenants.resouces` | Set the resources for the Suspend Tenants cronjob (Hosted only) | `nil` |


The default value for the rate limits are:

Expand Down
3 changes: 3 additions & 0 deletions mender/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
# Mender Helm chart

## Version 5.7.1
* Added tenantadm CronJobs (Hosted only feature)

## Version 5.7.0
* `generate_delta_worker`: don't enforce tags for the image.
* Added `api_gateway.accesslogs` parameter to enable/disable access logs.
Expand Down
14 changes: 10 additions & 4 deletions mender/templates/tenantadm/_podtemplate.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,13 @@ spec:
restartPolicy: {{ quote . }}
{{- end }}
containers:
- name: {{ ternary "tenantadm" "tenantadm-migration" (empty .migration) | quote }}
{{- if .migration }}
- name: "tenantadm-migration"
{{- else if .cronjob }}
- name: "tenantadm-{{- .cronjob }}"
{{- else }}
- name: "tenantadm"
{{- end }}
image: {{ .dot.Values.tenantadm.image.registry }}/{{ .dot.Values.tenantadm.image.repository }}:{{ .dot.Values.tenantadm.image.tag | default .dot.Values.global.image.tag }}
imagePullPolicy: {{ .dot.Values.tenantadm.image.imagePullPolicy }}
{{- if .dot.Values.tenantadm.containerSecurityContext.enabled }}
Expand All @@ -40,7 +46,7 @@ spec:
{{- end }}


{{- if (not .migration) }}
{{- if and (not .migration) (not .cronjob) }}
# Readiness/liveness probes
readinessProbe:
httpGet:
Expand All @@ -66,7 +72,7 @@ spec:
periodSeconds: 5
{{- end }}

{{- if (not .migration) }}
{{- if and (not .migration) (not .cronjob) }}
volumeMounts:
- name: rsa
mountPath: "/etc/tenantadm/rsa/"
Expand Down Expand Up @@ -102,7 +108,7 @@ spec:
nodeSelector: {{ toYaml . | nindent 4 }}
{{- end }}

{{- if (not .migration) }}
{{- if and (not .migration) (not .cronjob) }}
volumes:
- name: rsa
secret:
Expand Down
79 changes: 79 additions & 0 deletions mender/templates/tenantadm/cronjob.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,79 @@
{{- if and (.Values.global.enterprise) (.Values.tenantadm.enabled) (.Values.global.hosted) (.Values.tenantadm.cronjobs.suspendTenants.enabled) }}
---
# Suspend tenants: maintenance suspend-expired-tenants

{{- $context := (dict "dot" . "component" "tenantadm" "cronjob" "suspend" "args" (list "maintenance" "suspend-expired-tenants") "extraResources" .Values.tenantadm.cronjobs.suspendTenants.resources "restartPolicy" "Never") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "mender.fullname" . }}-tenantadm-suspend-trial
namespace: {{ .Release.Namespace }}
labels:
{{- include "mender.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ include "mender.fullname" . }}-tenantadm-suspend-trial
app.kubernetes.io/component: tenantadm
spec:
schedule: {{ .Values.tenantadm.cronjobs.suspendTenants.schedule }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1

jobTemplate:
spec:
template:
{{- include "mender.tenantadmPodTemplate" $context | nindent 8 }}


---
# Suspend trial tenants: suspend-tenants-expired-trial

{{- $context := (dict "dot" . "component" "tenantadm" "cronjob" "suspend" "args" (list "suspend-tenants-expired-trial") "extraResources" .Values.tenantadm.cronjobs.suspendTenants.resources "restartPolicy" "Never") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "mender.fullname" . }}-tenantadm-suspend
namespace: {{ .Release.Namespace }}
labels:
{{- include "mender.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ include "mender.fullname" . }}-tenantadm-suspend
app.kubernetes.io/component: tenantadm
spec:
schedule: {{ .Values.tenantadm.cronjobs.suspendTenants.schedule }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1

jobTemplate:
spec:
template:
{{- include "mender.tenantadmPodTemplate" $context | nindent 8 }}


{{- end }}

{{- if and (.Values.global.enterprise) (.Values.tenantadm.enabled) (.Values.global.hosted) (.Values.tenantadm.cronjobs.syncTenants.enabled) }}
---
# Sync tenants with an external integration

{{- $context := (dict "dot" . "component" "tenantadm" "cronjob" "sync-tenants" "args" (list "sync-tenants") "extraResources" .Values.tenantadm.cronjobs.syncTenants.resources "restartPolicy" "Never") }}
apiVersion: batch/v1
kind: CronJob
metadata:
name: {{ include "mender.fullname" . }}-tenantadm-sync-tenants
namespace: {{ .Release.Namespace }}
labels:
{{- include "mender.labels" . | nindent 4 }}
app.kubernetes.io/name: {{ include "mender.fullname" . }}-tenantadm-sync-tenants
app.kubernetes.io/component: tenantadm
spec:
schedule: {{ .Values.tenantadm.cronjobs.suspendTenants.schedule }}
concurrencyPolicy: Forbid
successfulJobsHistoryLimit: 1
failedJobsHistoryLimit: 1

jobTemplate:
spec:
template:
{{- include "mender.tenantadmPodTemplate" $context | nindent 8 }}

{{- end }}
24 changes: 24 additions & 0 deletions mender/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -705,6 +705,30 @@ tenantadm:
# successThreshold: 2
# failureThreshold: 6

cronjobs:
# suspend tenants cronjobs: these cronjobs are used to suspend expired trial tenants
suspendTenants:
enabled: false
schedule: "0 7 * * *"
# resources:
# limits:
# cpu: 300m
# memory: 200Mi
# requests:
# cpu: 50m
# memory: 50Mi
# sync tenants cronjob to sync with an external integration
syncTenants:
enabled: false
schedule: "0 8 * * *"
# resources:
# limits:
# cpu: 300m
# memory: 200Mi
# requests:
# cpu: 50m
# memory: 50Mi

useradm:
enabled: true
podAnnotations: {}
Expand Down

0 comments on commit d865b93

Please sign in to comment.