Add GKE support for Constellation and Constellation Messaging (#770)

* Added support of GKE to constellation chart

* Test

* Trial

* Updated Tests on Constellation with new changes

* Added TLS support for GKE ingress

* Prepared files for clln msg service

* Partially implemented messaging constellation for GKE

* Renamed files

* Added Test for ingress presence in constellation

* Refactored common helpers in root template folder

* Refactored keys of constellation and constellation messaging in a way that they are more similar to the one used in the pega chart

* Added new changes

* Refactored cosntellation and constellation messaging deault values

* Added unit test for backend config of constellation

* Added unit test for backend config of constellation messaging

* Updated documentation of constellation

* Documented liveness and readiness probe of constellation

* Updated documentation of constellation and constellation messaging

* Updated documentation of constellation and constellation messaging service

* Added Unit Test on ingress enablement for constellation and constellation messaging service

* Update values.yaml by adding new line at the end of the file

* Update values.yaml by adding new line at the end of the file

* Update values.yaml by adding new line at the end of the file

* Update values.yaml by adding new line at the end of the file

* Update values.yaml of constellation messaging

* Removed trailing spaces

* Duplicated templates to subcharts in such a way to pass helm lint tests

* Created supplemental.tpl aldo into template folder of backing services

* Fix merge

* Created secret for constellation messaging, added enabled in ingress of constellation messaging, changed default name of constellation messagin secret and changed urlPath input arg of constellation messaging

---------

Co-authored-by: Alessandro Cattapan <[email protected]>

charts/backingservices/charts/constellation-messaging/templates/_messaging-registry-secret.tpl

@@ -0,0 +1,14 @@
+{{- define "messagingRegistryCredentialsSecretTemplate" }}
+kind: Secret
+apiVersion: v1
+metadata:
+  name: {{ include "backingservicesRegistrySecret" (dict "root" .Values "defaultname" "constellation-messaging" ) }}
+  namespace: {{ .Release.Namespace }}
+  annotations:
+    "helm.sh/hook": pre-install, pre-upgrade
+    "helm.sh/hook-weight": "0"
+    "helm.sh/hook-delete-policy": before-hook-creation
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+type: kubernetes.io/dockerconfigjson
+{{- end }}

charts/backingservices/charts/constellation-messaging/templates/_supplemental.tpl

@@ -0,0 +1,66 @@
+{{- /*
+imagePullSecret
+backingservicesRegistrySecret
+deploymentName
+tlssecretsnippet
+backingservices.gke.backendConfig
+podAffinity
+are copied from backingservices/templates/_supplemental.tpl because helm lint requires
+charts to render standalone. See: https://github.com/helm/helm/issues/11260 for more details.
+*/}}
+
+{{- define "imagePullSecret" }}
+{{- printf "{\"auths\": {\"%s\": {\"auth\": \"%s\"}}}" .Values.docker.registry.url (printf "%s:%s" .Values.docker.registry.username .Values.docker.registry.password | b64enc) | b64enc }}
+{{- end }}
+
+{{- define "backingservicesRegistrySecret" }}
+{{- $depName := printf "%s" (include "deploymentName" (dict "root" .root "defaultname" .defaultname )) -}}
+{{- $depName -}}-registry-secret
+{{- end }}
+
+{{- define "deploymentName" }}{{ $deploymentNamePrefix := .defaultname }}{{ if (.root.deployment) }}{{ if (.root.deployment.name) }}{{ $deploymentNamePrefix = .root.deployment.name }}{{ end }}{{ end }}{{ if (.root.name) }}{{ $deploymentNamePrefix = .root.name }}{{ end }}{{ $deploymentNamePrefix }}{{- end }}
+
+{{- define "tlssecretsnippet" -}}
+tls:
+- hosts:
+  - {{ include "domainName" (dict "node" .node) }}
+  secretName: {{ .node.ingress.tls.secretName }}
+{{- end -}}
+
+{{- define "domainName" }}
+  {{- if .node.ingress -}}
+  {{- if .node.ingress.domain -}}
+    {{ .node.ingress.domain }}
+  {{- end -}}
+  {{- else if .node.service.domain -}}
+    {{ .node.service.domain }}
+  {{- end -}}
+{{- end }}
+
+
+{{- define  "backingservices.gke.backendConfig" -}}
+apiVersion: cloud.google.com/v1
+kind: BackendConfig
+metadata:
+  name: {{ .name }}
+spec:
+  timeoutSec: 40
+  connectionDraining:
+    drainingTimeoutSec: 60
+  healthCheck:
+    checkIntervalSec: 5
+    healthyThreshold: 1
+    port: {{ .healthCheckPort }}
+    requestPath: {{ .requestPath }}
+    timeoutSec: 5
+    type: HTTP
+    unhealthyThreshold: 2
+---
+{{ end }}
+
+{{- define "podAffinity" }}
+{{- if .affinity }}
+affinity:
+{{- toYaml .affinity | nindent 2 }}
+{{- end }}
+{{ end }}

charts/backingservices/charts/constellation-messaging/templates/messaging-deployment.yaml

@@ -1,28 +1,37 @@
+{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }}
+{{- $srvTargetPort := .Values.service.targetPort }}{{ if .Values.pegaMessagingTargetPort }}{{ $srvTargetPort = .Values.pegaMessagingTargetPort }}{{ end }}
 {{- if .Values.enabled }}
 kind: Deployment
 apiVersion: apps/v1
 metadata:
-  name: {{ .Values.name }}
+  name: {{ $depName }}
   labels:
-    app: {{ .Values.name }}
+    app: {{ $depName }}
 spec:
   replicas: {{ .Values.replicas }}
   selector:
     matchLabels:
-      app: {{ .Values.name }}
+      app: {{ $depName }}
   template:
     metadata:
       labels:
-        app: {{ .Values.name }}
+        app: {{ $depName }}
     spec:
       imagePullSecrets:
+      - name: {{ include "backingservicesRegistrySecret" ( dict "root" .Values "defaultname" "constellation-messaging" ) }}
+      {{ if .Values.docker.imagePullSecretNames }}
+      {{- range .Values.docker.imagePullSecretNames }}
+      - name: {{ . }}
+      {{- end }}
+      {{ else if .Values.imagePullSecretNames }}
       {{- range .Values.imagePullSecretNames }}
-        - name: {{ . }}
+      - name: {{ . }}
       {{- end }}
+      {{ end }}
       containers:
       - name: c11n-messaging
-        imagePullPolicy: {{ .Values.imagePullPolicy }}
-        image: {{ .Values.image }}
+        imagePullPolicy: {{ .Values.docker.messaging.imagePullPolicy }}
+        image: {{ .Values.docker.messaging.image }}
         resources:
           {{ if .Values.resources }}
           {{ toYaml .Values.resources | nindent 10 }}
@@ -32,10 +41,28 @@ spec:
           {{ toYaml .Values.securityContext | nindent 10 }}
           {{- end }}
         args:
-          - --max-semi-space-size=1024
-          - port={{ .Values.pegaMessagingTargetPort }}
-          - path=/c11n-messaging
+        - --max-semi-space-size=1024
+        - port={{ $srvTargetPort }}
+        - urlPath={{ .Values.urlPath }}
+        livenessProbe:
+          initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+          periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+          successThreshold: {{ .Values.livenessProbe.successThreshold }}
+          failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+          httpGet:
+            path: {{ .Values.urlPath }}/ping
+            port: {{ $srvTargetPort }}
+        readinessProbe:
+          initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+          timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+          periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+          successThreshold: {{ .Values.readinessProbe.successThreshold }}
+          failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+          httpGet:
+            path: {{ .Values.urlPath }}/ping
+            port: {{ $srvTargetPort }}
         ports:
-        - containerPort: {{ .Values.pegaMessagingTargetPort }}
+        - containerPort: {{ $srvTargetPort }}
 {{- include "podAffinity" .Values | indent 6 }}
 {{ end }}

charts/backingservices/charts/constellation-messaging/templates/messaging-gke-backend-config.yaml

@@ -0,0 +1,11 @@
+{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }}
+{{- $requestPath := printf "%s/ping" .Values.urlPath }}
+{{- $srvPort := .Values.service.port }}{{ if .Values.pegaMessagingPort }}{{ $srvPort = .Values.pegaMessagingPort }}{{ end }}
+
+{{- if .Values.enabled }}
+{{- if (eq .Values.provider "gke") }}
+{{- if .Values.ingress.enabled }}
+{{ template "backingservices.gke.backendConfig" dict "root" .Values "name" $depName "requestPath" $requestPath "healthCheckPort" $srvPort }}
+{{ end }}
+{{ end }}
+{{ end }}

charts/backingservices/charts/constellation-messaging/templates/messaging-ingress.yaml

@@ -1,8 +1,11 @@
-{{- if and .Values.enabled .Values.ingress.domain }}
+{{- $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }}
+{{- $srvPort := .Values.service.port }}{{ if .Values.pegaMessagingPort }}{{ $srvPort = .Values.pegaMessagingPort }}{{ end }}
+{{- if .Values.enabled }}
+{{- if and (.Values.ingress) (eq .Values.ingress.enabled true) }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
-  name: {{ .Values.name }}
+  name: {{ $depName }}
 {{- if .Values.ingress.annotations }}
   annotations:
 {{ toYaml .Values.ingress.annotations | indent 4 }}
@@ -12,14 +15,22 @@ spec:
   ingressClassName: {{ .Values.ingress.ingressClassName }}
 {{- end }}
   rules:
-    - host: {{ .Values.ingress.domain }}
-      http:
-        paths:
-          - path: /c11n-messaging
-            pathType: Prefix
-            backend:
-              service:
-                name: {{ .Values.name }}
-                port:
-                  number: {{ $.Values.pegaMessagingPort }}
+  - host: {{ .Values.ingress.domain }}
+    http:
+      paths:
+      - path: {{ .Values.urlPath }}
+        pathType: Prefix
+        backend:
+          service:
+            name: {{ $depName }}
+            port:
+              number: {{ $srvPort }}
+{{ if (.Values.ingress.tls) }}
+{{- if (eq .Values.ingress.tls.enabled true) }}
+{{- if .Values.ingress.tls.secretName }}
+{{- include "tlssecretsnippet" (dict "node" .Values) | indent 2 }}
+{{- end }}
+{{- end }}
+{{- end }}
 {{ end }}
+{{ end }}

charts/backingservices/charts/constellation-messaging/templates/messaging-registry-secret.yaml

@@ -0,0 +1,3 @@
+{{- if .Values.enabled }}
+{{- include "messagingRegistryCredentialsSecretTemplate" . }}
+{{ end }}

charts/backingservices/charts/constellation-messaging/templates/messaging-service.yaml

@@ -1,16 +1,30 @@
+{{ $depName := printf "%s" (include "deploymentName" (dict "root" .Values "defaultname" "constellation-messaging" )) }}
+{{- $srvTargetPort := .Values.service.targetPort }}{{ if .Values.pegaMessagingTargetPort }}{{ $srvTargetPort = .Values.pegaMessagingTargetPort }}{{ end }}
+{{- $srvPort := .Values.service.port }}{{ if .Values.pegaMessagingPort }}{{ $srvPort = .Values.pegaMessagingPort }}{{ end }}
 {{- if .Values.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
-  name: {{ .Values.name }}
+  name: {{ $depName }}
   labels:
-    app: {{ .Values.name }}
+    app: {{ $depName }}
+{{- if and (.Values.service) (.Values.service.annotations) }}
+  annotations: 
+    # Custom annotations
+{{ toYaml .Values.service.annotation | indent 4 }}
+{{- else if (eq .Values.provider "gke") }}
+  annotations:
+    cloud.google.com/neg: '{"ingress": true}'
+    cloud.google.com/app-protocols: '{"https":"HTTPS","http":"HTTP"}'
+    cloud.google.com/backend-config: '{"ports": {"{{ $srvPort }}": "{{ $depName }}"}}'
+{{- end }}
 spec:
-  type: NodePort
   selector:
-    app: {{ .Values.name }}
+    app: {{ $depName }}
   ports:
-    - protocol: TCP
-      port: {{ .Values.pegaMessagingPort }}  
-      targetPort: {{ .Values.pegaMessagingTargetPort }}     
+  - name: http
+    protocol: TCP
+    port: {{ $srvPort }}
+    targetPort: {{ $srvTargetPort }}
+  type: {{ .Values.service.serviceType }}
 {{ end }}

charts/backingservices/charts/constellation-messaging/values.yaml

@@ -1,17 +1,26 @@
 ---
 enabled: false
-name: YOUR_MESSAGING_SERVICE_DEPLOYMENT_NAME
+deployment:
+  name: "constellation-messaging"
+# Cloud provider details
+provider: "aws"
 
-image: YOUR_MESSAGING_SERVICE_IMAGE:TAG
-replicas: 1
-
-# To avoid exposing Docker credentials, create a separate Docker config secret.
-# Specify secret names as an array of comma-separated strings. For example: ["secret1", "secret2"]
-imagePullSecretNames: []
-imagePullPolicy: Always
+# Docker repos and tag for image
+docker:
+  # If using a custom Docker registry, supply the credentials here to pull Docker images.
+  registry:
+    url: YOUR_DOCKER_REGISTRY_URL
+    username: YOUR_DOCKER_REGISTRY_USERNAME
+    password: YOUR_DOCKER_REGISTRY_PASSWORD
+  # To avoid exposing Docker credentials, create a separate Docker config secret.
+  # Specify secret names as an array of comma-separated strings. For example: ["secret1", "secret2"]
+  imagePullSecretNames: []
+  # Docker image information for the Pega docker image, containing the application server.
+  messaging:
+    image: YOUR_MESSAGING_SERVICE_IMAGE:TAG
+    imagePullPolicy: Always
 
-pegaMessagingPort: 3000
-pegaMessagingTargetPort: 3000
+urlPath: /c11n-messaging
 
 # set memoryRequest &  memoryLimit to Limit memory usage for container https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#meaning-of-memory
 # resources:
@@ -27,12 +36,37 @@ securityContext:
   readOnlyRootFilesystem: false
   # set allowPrivilegeEscalation to false to Restrict container from acquiring additional privileges https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
   allowPrivilegeEscalation: true # false
-serviceType: NodePort
+
+# Service
+service:
+  port: 3000
+  targetPort: 3000
+  serviceType: NodePort
 
 # An ingress will be provisioned if a hostname is defined, or omitted if the hostname is empty.
 # ingressClassName and annotations are optional and will be included if defined.
 # Due to the diverse requirements for ingresses and TLS configuration, it may be necessary to define the ingress separately from this chart.
 ingress:
-  domain:
+  enabled: true
+  domain: YOUR_CUSTOM_DOMAIN_NAME_HERE
   ingressClassName:
+  # Additional annotations for the ingress can be specified here
   annotations:
+  tls:
+    enabled: false
+    secretName:
+
+# Deployment Spec
+replicas: 1
+livenessProbe:
+  initialDelaySeconds: 5
+  timeoutSeconds: 5
+  periodSeconds: 30
+  successThreshold: 1
+  failureThreshold: 3
+readinessProbe:
+  initialDelaySeconds: 5
+  timeoutSeconds: 5
+  periodSeconds: 30
+  successThreshold: 1
+  failureThreshold: 3