Merge branch 'master' into remove_old_logger

pega-roska · May 21, 2024 · 31f88e5 · 31f88e5
2 parents b244376 + 1274166
commit 31f88e5
Show file tree

Hide file tree

Showing 19 changed files with 2,820 additions and 291 deletions.
diff --git a/charts/addons/Chart.yaml b/charts/addons/Chart.yaml
@@ -3,4 +3,4 @@ apiVersion: v1
 appVersion: "1.0"
 description: A Helm chart for Kubernetes
 name: addons
-version: "3.19.0"
+version: "3.20.0"
diff --git a/charts/backingservices/Chart.yaml b/charts/backingservices/Chart.yaml
@@ -17,4 +17,4 @@ description: Helm Chart to provision the latest Search and Reporting Service (SR
 # The chart version: Pega provides this as a useful way to track changes you make to this chart.
 # As a best practice, you should increment the version number each time you make changes to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: "3.19.0"
+version: "3.20.0"
diff --git a/charts/pega/Chart.yaml b/charts/pega/Chart.yaml
@@ -1,7 +1,7 @@
 ---
 apiVersion: v1
 name: pega
-version: "3.19.0"
+version: "3.20.0"
 description: Pega installation on kubernetes
 keywords:
 - pega

diff --git a/charts/pega/README.md b/charts/pega/README.md
@@ -308,7 +308,7 @@ requestor:
 ### Security context
 
 By default, security context for your Pega pod deployments `pegasystems/pega` image uses `pegauser`(9001) as the user and volume mounts uses `root`(0) as the group. To configure an alternative user for your custom image, set value for `runAsUser` and to configure an alternative group for volume mounts, set value for `fsGroup`. Note that pegasystems/pega image works only with pegauser(9001).
-`runAsUser` and `fsGroup` must be configured in `securityContext` under each tier block and will be applied to Deployments/Statefulsets, see the [Kubernetes Documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
+`runAsUser` and `fsGroup` must be configured in `securityContext` under each tier block and will be applied to Deployments/Statefulsets, along with these settings other allowed configuration can also be supplied here, see the [Kubernetes Documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/).
 
 Example:
 
@@ -371,6 +371,16 @@ ingress:
     annotation-name-1: annotation-value-1
     annotation-name-2: annotation-value-2
 ```
+Depending on what type of deployment you use, if there are any long-running operations such as import, append provider-specific ingress timeout annotation under each tier.
+
+The following example shows timeout annotation overrides for an Openshift deployment:
+
+```yaml
+ingress:
+  domain: "tier.example.com"
+  annotations:
+     haproxy.router.openshift.io/timeout: 2m
+```
 
 #### Provider support for SSL certificate management
 

diff --git a/charts/pega/charts/hazelcast/templates/clustering-service-deployment.yaml b/charts/pega/charts/hazelcast/templates/clustering-service-deployment.yaml
@@ -22,6 +22,10 @@ spec:
 {{- include "generatedClusteringServicePodAnnotations" . | indent 8 }}
     spec:
       terminationGracePeriodSeconds: {{ .Values.server.graceful_shutdown_max_wait_seconds }}
+{{- if .Values.securityContext }}
+      securityContext:
+{{ toYaml .Values.securityContext | indent 8 }} 
+{{- end }}
       containers:
       - name: hazelcast
         image: {{ .Values.clusteringServiceImage }}

diff --git a/charts/pega/charts/hazelcast/values.yaml b/charts/pega/charts/hazelcast/values.yaml
@@ -58,3 +58,7 @@ server:
   diagnostics_metric_level: "info"
   diagnostic_log_file_size_mb: "50"
   diagnostics_file_count: "3"
+
+# Apply securityContext to clustering service pods. For example to set `runAsUser: 1000`:
+# securityContext:
+#   runAsUser: 1000
diff --git a/charts/pega/templates/_pega-deployment.tpl b/charts/pega/templates/_pega-deployment.tpl
@@ -112,23 +112,13 @@ spec:
       nodeSelector:
 {{ toYaml .node.nodeSelector | indent 8 }}
 {{- end }}
-{{- if (ne .root.Values.global.provider "openshift") }}
       securityContext:
-{{- if .node.securityContext }}
-{{- if .node.securityContext.runAsUser }}
-        runAsUser: {{ .node.securityContext.runAsUser }}
-{{- else }}
-        runAsUser: 9001
-{{- end }}
-{{- if .node.securityContext.fsGroup }}
-        fsGroup: {{ .node.securityContext.fsGroup }}
-{{- else }}
-        fsGroup: 0
-{{- end }}
-{{- else }}
+{{- if (ne .root.Values.global.provider "openshift") }}
         runAsUser: 9001
         fsGroup: 0
 {{- end }}
+{{- if .node.securityContext }}
+{{ toYaml .node.securityContext | indent 8 }}
 {{- end }}
 {{- if .node.topologySpreadConstraints }}
       topologySpreadConstraints:

diff --git a/charts/pega/templates/_pega-gke-backend-config.tpl b/charts/pega/templates/_pega-gke-backend-config.tpl
@@ -18,5 +18,8 @@ spec:
     timeoutSec: 5
     type: HTTP
     unhealthyThreshold: 2
+{{ if .node.ingress.backendConfig }}
+{{ toYaml .node.ingress.backendConfig | indent 2 }}
+{{ end }}
 ---
 {{ end }}