From 089504c8031e87c5f4eeb1b11cd823da915369be Mon Sep 17 00:00:00 2001 From: mosn Date: Fri, 15 Mar 2019 16:45:11 +0100 Subject: [PATCH 01/35] base --- .DS_Store | Bin 0 -> 6148 bytes chatops-settings.yaml | 140 ++++++++++++++++++++++++++++++ templates/configmaps_chatops.yaml | 17 ++++ templates/etcd.yaml | 104 ++++++++++++++++++++++ 4 files changed, 261 insertions(+) create mode 100644 .DS_Store create mode 100644 chatops-settings.yaml create mode 100644 templates/configmaps_chatops.yaml create mode 100644 templates/etcd.yaml diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 0000000000000000000000000000000000000000..2cacec3d09845c5623b3e0dabc943b4532c3a941 GIT binary patch literal 6148 zcmeHK%}(1u5S|SIY%C#H>H$O#mN;;sQrs4#-mLI*LMp-t4*dx>wi-*W9obHDh$2}$ z01wb!fj&vwSKv{4?9A>G6$P#lLNn6rH#<8sD}T0jJpdru{m2Ed0l+{dY?wGaAhb?8 zB@OLqA_`fff-)-4(=gA|sc3dQMF!~IEx z(s&SOABuyZii?jFe2iZV1}HlSPm*}pv0v`wSrsH%T*!K=#;4OHi}GPR?`Kgd<8^Uq z9|lzy>lo|a;84C*-Tib8Oo6gAHev32LedmtHrfIBh>>qvUUtE6w zadmz3^Ve^g2!a?Od7)r3{z2;jX6`=xM~EBvMV98-S4_SuJgLYAGr$Zm12bkopF@T< z<9&HMW`G%Z`V7$d;GhzE8f%5}=)gg?0EqM(DFtonB`C+y=xMAK;tGmTsfa37=oUk$ zbo4tq&eK>cROuje^C9%kLU$-a?vC{x84kiz$Rjhr4BTg6PEBpP|Mwp6|L-U9j2U1C zo)rV4x$Ez?@saf1I`wdL*E* Date: Fri, 15 Mar 2019 17:01:11 +0100 Subject: [PATCH 02/35] missing commits found --- .DS_Store | Bin 6148 -> 8196 bytes CHANGELOG.md | 9 -- Chart.yaml | 2 +- README.md | 35 ++-- requirements.yaml | 15 +- templates/_helpers.tpl | 5 - templates/configmaps_chatops.yaml | 2 +- templates/deployments.yaml | 229 +++++++++++++++++++------- templates/jobs.yaml | 260 ++++++++++-------------------- templates/secrets_st2apikeys.yaml | 18 --- templates/services.yaml | 25 +++ values.yaml | 116 ++++++++----- 12 files changed, 375 insertions(+), 341 deletions(-) delete mode 100644 templates/secrets_st2apikeys.yaml diff --git a/.DS_Store b/.DS_Store index 2cacec3d09845c5623b3e0dabc943b4532c3a941..6238bb1ce678302338b2c96ea0890e5aa0c37faa 100644 GIT binary patch literal 8196 zcmeHMT}&KR6h3F6^v+Cy0c-iOKdTg^3S=p^)E3fZ`B5rOtIKae=h z46#X#iLpjaj7E*x_+%gYqKWB?i5hF7#vhVujPXHVd^8$OeDd5o18Em{@P(RmZZh|~ z_ndp?-udR6xj8ccfQhW$3{VLGj1G>fLe(0D`}wh|L;_0@AyPbm2d?g>t(40 zkb#hakb#hakb#ha{{sWGXY<0=+4p^KSceRR4BVCs@b^QM4vz5v7kw134yr^7Kv+m- zQK(IMfQX3(7!PpKM-fWr^s@&HLNQ1&&<`hnln*D22e{~?9}eh;0|ql=kfETMo#LWm zIAGkzunrjr8CcB#&)th44O5^&CO?0d$Y8)U%z#C1-gZ;7?o7&ZQWW-iYQ{2MFBZFw zk%GcaMVlFunOrPCo}6-Klb+^f-Gr7I<-OyYHK|{udOj~zm6HeCFU2&eI?_f+~(u7($Ki}FKYl!ZP#TFW(e*1xz{R;~ctEg>m z?>#v^cXs~V!c(vMmyN-z14{E~c#ZmNTI6W=d0A<4>?-Xn6~ zgj$}X3p_UCnU3ua8X1>xLM?TPl-{&sAI})vKcSYTH7lL9G|%X;tfYC?aEH>4m7TWT zVb3_@amxwU$#|W@IH9Up*LcjJ@n+8Gq9}LRq|@$(=}6;(Qj+hMp?mCNm{C?tSV9NQg$r6 z@hW)|ezLjZL!L|0LaY)ukoyh3{>Vl>tjj8J4O`Oqf~^$jVU8r&4_+Ft)YJ%5d75 zo~BE5%dmmWd`(J1>0;_NHqPhn(_HV^jA8TXE2}DcqKY!Y?H#&q=#16G>wRGe7NnYZ zEYJyqDrlm8s2|4Y5txDV@Ekl37vTkX9o~g2@Bw@T*WgR|8oq&V;YaudeuF>YPxuS| zMnDN=+=9hejWxI%Yq1#*;$iH-1a@K{K8i`~#{nEi9Z%sTPT^^s!+AW13wQx9;*0na zzKn0+oA?&KjaTqP{1`vMPw^}K4wwA(MV57aG+1u{_!BkO7H;qeN5M(x8AvJ*X}({EeF~YD|a>T9^NP?p(0-jTz>NCzT zE+KXEQZ?x$dbgseTtrNCYwM^RA)Pb+j8x0_D~%EfSS=7;B_{7>Bvo~j@7*W2N+f2r z(Dxpc+Zbt9E%LpGJOO-d{Z&rB)F2uaOz%}Fgw z&GRqvNi0d7TrS|56%Eo5kXVudRK%g|P!<5Rj)8%bgEL-0y1Lrbz*0v+*VN3YR!5=Q z(99UfGc+_YtgYqbYFut$w0mW25 AkN^Mx diff --git a/CHANGELOG.md b/CHANGELOG.md index 824da6ec..39eca4f5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,15 +2,6 @@ ## In Development -## v0.10.0 -* Bump versions of all dependencies (#50) -* Allow st2sensorcontainer to be partitioned (#51) -* Replace single-node `etcd` coordination backend with 3-node etcd HA cluster, deployed as a Helm dependency (#52) -* Fixed improper job load order for enterprise edition failing due to missing RBAC roles & assignments (#53) - -## v0.9.0 -* Add new Helm value setting `st2.apikeys` to allow importing predefined ST2 API keys (#36) - ## v0.8.4 * Pin st2 version to `v3.0dev` as a new latest development version (#41) diff --git a/Chart.yaml b/Chart.yaml index ad44b195..93c68f5a 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # Update StackStorm version here to rely on other Docker images tags appVersion: 3.0dev name: stackstorm-ha -version: 0.10.0 +version: 0.8.4 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. home: https://stackstorm.com/#product icon: https://avatars1.githubusercontent.com/u/4969009 diff --git a/README.md b/README.md index 356c22de..0706c779 100644 --- a/README.md +++ b/README.md @@ -112,27 +112,12 @@ In an HA deployment there must be a minimum of `2` replicas of st2notifier runni which in our case is `etcd`. ### [st2sensorcontainer](https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer) -st2sensorcontainer manages StackStorm sensors: It starts, stops and restarts them as subprocesses. -By default, deployment is configured with `1` replica containing all the sensors. +st2sensorcontainer manages StackStorm sensors: starts, stops and restarts them as a subprocesses. +At the moment K8s configuration consists of Deployment with hardcoded `1` replica. +Future plans are to re-work this setup and benefit from Docker-friendly [single-sensor-per-container mode #4179](https://github.com/StackStorm/st2/pull/4179) +(since st2 `v2.9`) as a way of [Sensor Partitioning](https://docs.stackstorm.com/latest/reference/sensor_partitioning.html), distributing the computing load +between many pods and relying on K8s failover/reschedule mechanisms, instead of running everything on `1` single instance of st2sensorcontainer. -st2sensorcontainer also supports a more Docker-friendly single-sensor-per-container mode as a way of -[Sensor Partitioning](https://docs.stackstorm.com/latest/reference/sensor_partitioning.html). This -distributes the computing load between many pods and relies on K8s failover/reschedule mechanisms, -instead of running everything on a single instance of st2sensorcontainer. The sensor(s) must be -deployed as part of the custom packs image. - -As an example, override the default Helm values as follows: - -``` -st2: - packs: - sensors: - - name: github - ref: githubwebhook.GitHubWebhookSensor - - name: circleci - ref: circle_ci.CircleCIWebhookSensor -``` - ### [st2actionrunner](https://docs.stackstorm.com/reference/ha.html#st2actionrunner) Stackstorm workers that actually execute actions. `5` replicas for K8s Deployment are configured by default to increase StackStorm ability to execute actions without excessive queuing. @@ -159,9 +144,9 @@ For more advanced RabbitMQ configuration, please refer to official [rabbitmq-ha] Helm chart repository, - all settings could be overridden via `values.yaml`. ### [etcd](https://docs.stackstorm.com/latest/reference/ha.html#zookeeper-redis) -StackStorm employs etcd as a distributed coordination backend, required for st2 cluster components to work properly in HA scenario. -`3` node Raft cluster is deployed via external official Helm chart dependency [etcd](https://github.com/helm/charts/tree/master/incubator/etcd). -As any other Helm dependency, it's possible to further configure it for specific scaling needs via `values.yaml`. +StackStorm employs etcd as a distributed coordination backend, required for StackStorm cluster components to work properly in HA scenario. +Currently, due to low demands, only `1` instance of etcd is created via K8s Deployment. +Future plans to switch to official Helm chart and configure etcd/Raft cluster properly with `3` nodes by default (TODO). ### Docker registry If you do not already have an appropriate docker registry for storing custom st2 packs images, we made it @@ -193,11 +178,9 @@ kubectl port-forward $(kubectl get pod -l app=docker-registry -o jsonpath="{.ite NOTE: If running on MacOS, before deploying the image, open another terminal and execute: ``` -docker run --privileged --pid=host stackstorm/socat:latest nsenter -t 1 -u -n -i socat TCP-LISTEN:5000,fork TCP:docker.for.mac.localhost:5000 +docker run --privileged --pid=host socat:latest nsenter -t 1 -u -n -i socat TCP-LISTEN:5000,fork TCP:docker.for.mac.localhost:5000 ``` -The source for the `stackstorm/socat` image is found at https://github.com/StackStorm/docker-socat. - To deploy the image to the registry, execute: ``` docker push ${DOCKER_REGISTRY}/st2packs:latest diff --git a/requirements.yaml b/requirements.yaml index f39544f8..95521394 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -1,23 +1,20 @@ dependencies: - name: rabbitmq-ha - version: 1.20.1 + version: 1.8.1 repository: https://kubernetes-charts.storage.googleapis.com/ - name: mongodb-replicaset - version: 3.9.2 + version: 3.5.3 repository: https://kubernetes-charts.storage.googleapis.com/ alias: mongodb-ha - name: docker-registry - version: 1.7.0 + version: 1.5.3 repository: https://kubernetes-charts.storage.googleapis.com/ condition: docker-registry.enabled - name: kube-registry-proxy - version: 0.3.0 - repository: https://kubernetes-charts-incubator.storage.googleapis.com/ + version: 0.2.2 + repository: http://storage.googleapis.com/kubernetes-charts-incubator/ condition: docker-registry.enabled - name: external-dns - version: 1.6.1 + version: 1.0.2 repository: https://kubernetes-charts.storage.googleapis.com/ condition: external-dns.enabled - - name: etcd - version: 0.6.2 - repository: https://kubernetes-charts-incubator.storage.googleapis.com/ diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index a2c9c14c..bbc11087 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -27,8 +27,3 @@ stackstorm {{- define "enterpriseSuffix" -}} {{ if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled }}-enterprise{{ end }} {{- end -}} - -# Generate '-' prefix only when the variable is defined -{{- define "hyphenPrefix" -}} -{{ if . }}-{{ . }}{{end}} -{{- end -}} diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index c592ae3d..5bebb405 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -14,4 +14,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.chatops.global | indent 2 }} +{{ toYaml .Values.st2.chatops | indent 2 }} diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 9762d5ee..c3e7dbab 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -17,8 +17,6 @@ spec: app: st2auth support: {{ template "supportMethod" . }} release: {{ .Release.Name }} - # https://docs.stackstorm.com/reference/ha.html#st2auth - # Multiple st2auth processes can be behind a load balancer in an active-active configuration. replicas: {{ default 2 .Values.st2auth.replicas }} template: metadata: @@ -106,6 +104,141 @@ spec: {{ toYaml . | indent 8 }} {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} + labels: + app: st2chatops + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: st2chatops + support: {{ template "supportMethod" . }} + release: {{ .Release.Name }} + replicas: 1 + template: + metadata: + labels: + app: st2chatops + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} + checksum/chatops: {{ include (print $.Template.BasePath "/configmaps_chatops.yaml") . | sha256sum }} + checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} + checksum/auth: {{ include (print $.Template.BasePath "/secrets_st2auth.yaml") . | sha256sum }} + checksum/ssh: {{ include (print $.Template.BasePath "/secrets_ssh.yaml") . | sha256sum }} + spec: + {{- if .Values.enterprise.enabled }} + imagePullSecrets: + - name: {{ .Release.Name }}-st2-license + {{- end }} + initContainers: + {{- if .Values.st2.packs.image.repository }} + # Merge packs and virtualenvs from st2actionrunner with those from the st2.packs image + # Can be used for chatops pack if system pack comes without it. + - name: st2-custom-packs + image: "{{ .Values.st2.packs.image.repository }}/{{ .Values.st2.packs.image.name }}:{{ .Values.st2.packs.image.tag }}" + imagePullPolicy: {{ .Values.st2.packs.image.pullPolicy | quote }} + volumeMounts: + - name: st2-packs-vol + mountPath: /opt/stackstorm/packs-shared + - name: st2-virtualenvs-vol + mountPath: /opt/stackstorm/virtualenvs-shared + command: + - 'sh' + - '-ec' + - | + /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && + /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared + # System packs + - name: st2-system-packs + image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: st2-packs-vol + mountPath: /opt/stackstorm/packs-shared + command: + - 'sh' + - '-ec' + - | + /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && + /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared + {{- end }} + containers: + - name: st2chatops + image: gcr.io/rapitt/st2chatops-debug + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: ST2_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-st2-auth + key: username + - name: ST2_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-st2-auth + key: username + envFrom: + - configMapRef: + name: {{ .Release.Name }}-chatops-configs + command: + - | + docker inspect -f {{.State.Status}} stackstorm-hubot + docker logs stackstorm-hubot + resources: + requests: + memory: "5Mi" + cpu: "5m" + volumes: + - name: st2-config-vol + mountPath: /etc/st2/st2.docker.conf + subPath: st2.docker.conf + {{- if .Values.enterprise.enabled }} + - name: st2-rbac-roles-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-roles + - name: st2-rbac-assignments-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-assignments + - name: st2-rbac-mappings-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-mappings + {{- end }} + - name: st2-pack-configs-vol + configMap: + name: {{ .Release.Name }}-st2-pack-configs + - name: st2client-config-vol + emptyDir: + medium: Memory + - name: st2-ssh-key-vol + secret: + secretName: {{ .Release.Name }}-st2-ssh + items: + - key: private_key + path: stanley_rsa + # 0400 file permission + mode: 256 + {{- if .Values.st2.packs.image.repository }} + - name: st2-packs-vol + emptyDir: {} + - name: st2-virtualenvs-vol + emptyDir: {} + {{- end }} + --- apiVersion: apps/v1 kind: Deployment @@ -780,56 +913,56 @@ spec: {{ toYaml . | indent 8 }} {{- end }} -{{- range .Values.st2.packs.sensors }} --- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ $.Release.Name }}-st2sensorcontainer{{ template "hyphenPrefix" .name }}{{ template "enterpriseSuffix" $ }} + name: {{ .Release.Name }}-st2sensorcontainer{{ template "enterpriseSuffix" . }} labels: - app: st2sensorcontainer{{ template "hyphenPrefix" .name }} + app: st2sensorcontainer tier: backend vendor: stackstorm - support: {{ template "supportMethod" $ }} - chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} spec: selector: matchLabels: - app: st2sensorcontainer{{ template "hyphenPrefix" .name }} - support: {{ template "supportMethod" $ }} - release: {{ $.Release.Name }} + app: st2sensorcontainer + support: {{ template "supportMethod" . }} + release: {{ .Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer # It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. Each sensor node needs to be # provided with proper partition information to share work with other sensor nodes so that the same sensor does not run on different nodes. # See Partitioning Sensors for information on how to partition sensors. + # TODO: Re-work to use single-sensor-per-container mode instead of running 1 node. Proper implementation is possible with Helm templating (#4) replicas: 1 template: metadata: labels: - app: st2sensorcontainer{{ template "hyphenPrefix" .name }} + app: st2sensorcontainer tier: backend vendor: stackstorm - support: {{ template "supportMethod" $ }} - chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} - release: {{ $.Release.Name }} - heritage: {{ $.Release.Service }} + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") $ | sha256sum }} - checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") $ | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} + checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} spec: - {{- if $.Values.enterprise.enabled }} + {{- if .Values.enterprise.enabled }} imagePullSecrets: - - name: {{ $.Release.Name }}-st2-license + - name: {{ .Release.Name }}-st2-license {{- end }} - {{- if $.Values.st2.packs.image.repository }} + {{- if .Values.st2.packs.image.repository }} initContainers: # Merge packs and virtualenvs from st2sensorcontainer with those from the st2.packs image # Custom packs - name: st2-custom-packs - image: "{{ $.Values.st2.packs.image.repository }}/{{ $.Values.st2.packs.image.name }}:{{ $.Values.st2.packs.image.tag }}" - imagePullPolicy: {{ $.Values.st2.packs.image.pullPolicy | quote }} + image: "{{ .Values.st2.packs.image.repository }}/{{ .Values.st2.packs.image.name }}:{{ .Values.st2.packs.image.tag }}" + imagePullPolicy: {{ .Values.st2.packs.image.pullPolicy | quote }} volumeMounts: - name: st2-packs-vol mountPath: /opt/stackstorm/packs-shared @@ -843,8 +976,8 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" $ }}/st2actionrunner{{ template "enterpriseSuffix" $ }}:{{ $.Chart.AppVersion }}" - imagePullPolicy: {{ $.Values.image.pullPolicy }} + image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol mountPath: /opt/stackstorm/packs-shared @@ -856,30 +989,15 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared {{- end }} containers: - - name: st2sensorcontainer{{ template "hyphenPrefix" .name }}{{ template "enterpriseSuffix" $ }} - image: "{{ template "imageRepository" $ }}/st2sensorcontainer{{ template "enterpriseSuffix" $ }}:{{ $.Chart.AppVersion }}" - imagePullPolicy: {{ $.Values.image.pullPolicy }} - {{- with .readinessProbe }} - # Probe to check if app is running. Failure will lead to a pod restart. - readinessProbe: -{{ toYaml . | indent 10 }} - {{- end }} - {{- with .livenessProbe }} - livenessProbe: -{{ toYaml . | indent 10 }} - {{- end }} - {{- if .ref }} - command: - - /opt/stackstorm/st2/bin/st2sensorcontainer - - --config-file=/etc/st2/st2.conf - - --config-file=/etc/st2/st2.docker.conf - - --config-file=/etc/st2/st2.user.conf - - --single-sensor-mode - - --sensor-ref={{ .ref }} - {{- end }} + - name: st2sensorcontainer{{ template "enterpriseSuffix" . }} + image: "{{ template "imageRepository" . }}/st2sensorcontainer{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + # TODO: Add liveness/readiness probes (#3) + #livenessProbe: + #readinessProbe: envFrom: - configMapRef: - name: {{ $.Release.Name }}-st2-urls + name: {{ .Release.Name }}-st2-urls volumeMounts: - name: st2-config-vol mountPath: /etc/st2/st2.docker.conf @@ -887,7 +1005,7 @@ spec: - name: st2-config-vol mountPath: /etc/st2/st2.user.conf subPath: st2.user.conf - {{- if $.Values.st2.packs.image.repository }} + {{- if .Values.st2.packs.image.repository }} - name: st2-packs-vol mountPath: /opt/stackstorm/packs readOnly: true @@ -896,30 +1014,29 @@ spec: readOnly: true {{- end }} resources: -{{ toYaml .resources | indent 10 }} +{{ toYaml .Values.st2sensorcontainer.resources | indent 10 }} volumes: - name: st2-config-vol configMap: - name: {{ $.Release.Name }}-st2-config - {{- if $.Values.st2.packs.image.repository }} + name: {{ .Release.Name }}-st2-config + {{- if .Values.st2.packs.image.repository }} - name: st2-packs-vol emptyDir: {} - name: st2-virtualenvs-vol emptyDir: {} {{- end }} - {{- with .nodeSelector }} + {{- with .Values.st2sensorcontainer.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} - {{- with .affinity }} + {{- with .Values.st2sensorcontainer.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- with .tolerations }} + {{- with .Values.st2sensorcontainer.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} -{{- end }} --- apiVersion: apps/v1 diff --git a/templates/jobs.yaml b/templates/jobs.yaml index cab901cc..602a0dda 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -1,180 +1,3 @@ -{{ if .Values.enterprise.enabled }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-job-st2-apply-rbac-definitions - labels: - app: st2-apply-rbac-definitions - tier: backend - vendor: stackstorm - support: enterprise - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - helm.sh/hook: post-install, post-upgrade, post-rollback - helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "5" -spec: - template: - metadata: - name: job-st2-apply-rbac-definitions - labels: - app: st2-apply-rbac-definitions - tier: backend - vendor: stackstorm - support: enterprise - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed - checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} - checksum/rbac: {{ include (print $.Template.BasePath "/configmaps_rbac.yaml") . | sha256sum }} - spec: - imagePullSecrets: - - name: {{ .Release.Name }}-st2-license - containers: - - name: st2-apply-rbac-definitions - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - st2-apply-rbac-definitions - - --verbose - - --config-file=/etc/st2/st2.conf - - --config-file=/etc/st2/st2.docker.conf - - --config-file=/etc/st2/st2.user.conf - volumeMounts: - - name: st2-config-vol - mountPath: /etc/st2/st2.docker.conf - subPath: st2.docker.conf - - name: st2-config-vol - mountPath: /etc/st2/st2.user.conf - subPath: st2.user.conf - - name: st2-rbac-roles-vol - mountPath: /opt/stackstorm/rbac/roles/ - - name: st2-rbac-assignments-vol - mountPath: /opt/stackstorm/rbac/assignments/ - - name: st2-rbac-mappings-vol - mountPath: /opt/stackstorm/rbac/mappings/ - # TODO: Find out default resource limits for this specific service (#5) - #resources: - volumes: - - name: st2-config-vol - configMap: - name: {{ .Release.Name }}-st2-config - - name: st2-rbac-roles-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-roles - - name: st2-rbac-assignments-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-assignments - - name: st2-rbac-mappings-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-mappings - restartPolicy: OnFailure -{{ end }} - ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-job-st2-apikey-load - labels: - app: st2 - tier: backend - vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - helm.sh/hook: post-install, post-upgrade, post-rollback - helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "6" -spec: - template: - metadata: - name: job-st2-apikey-load - labels: - app: st2 - tier: backend - vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed - checksum/urls: {{ include (print $.Template.BasePath "/configmaps_st2-urls.yaml") . | sha256sum }} - checksum/apikeys: {{ include (print $.Template.BasePath "/secrets_st2apikeys.yaml") . | sha256sum }} - spec: - {{- if .Values.enterprise.enabled }} - imagePullSecrets: - - name: {{ .Release.Name }}-st2-license - {{- end }} - initContainers: - # Sidecar container for generating st2client config with st2 username & password pair and sharing produced file with the main container - - name: generate-st2client-config - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - envFrom: - - configMapRef: - name: {{ .Release.Name }}-st2-urls - env: - - name: ST2_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-st2-auth - key: username - - name: ST2_AUTH_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-st2-auth - key: password - volumeMounts: - - name: st2client-config-vol - mountPath: /root/.st2/ - # `st2 login` doesn't exit on failure correctly, use old methods instead. See bug: https://github.com/StackStorm/st2/issues/4338 - command: - - 'sh' - - '-ec' - - | - cat < /root/.st2/config - [credentials] - username = ${ST2_AUTH_USERNAME} - password = ${ST2_AUTH_PASSWORD} - EOT - containers: - - name: st2-apikey-load - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - st2 - - apikey - - load - - /etc/st2/apikeys.yaml - envFrom: - - configMapRef: - name: {{ .Release.Name }}-st2-urls - volumeMounts: - - name: st2client-config-vol - mountPath: /root/.st2/ - - name: st2-apikeys-vol - mountPath: /etc/st2/apikeys.yaml - subPath: apikeys.yaml - # TODO: Find out default resource limits for this specific service (#5) - #resources: - volumes: - - name: st2client-config-vol - emptyDir: - medium: Memory - - name: st2-apikeys-vol - secret: - secretName: {{ .Release.Name }}-st2-apikeys - restartPolicy: OnFailure - --- apiVersion: batch/v1 kind: Job @@ -191,7 +14,7 @@ metadata: annotations: helm.sh/hook: post-install, post-upgrade, post-rollback helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "6" + helm.sh/hook-weight: "5" spec: template: metadata: @@ -232,6 +55,7 @@ spec: secretKeyRef: name: {{ .Release.Name }}-st2-auth key: password + volumeMounts: - name: st2client-config-vol mountPath: /root/.st2/ @@ -299,7 +123,7 @@ metadata: annotations: helm.sh/hook: post-install, post-upgrade, post-rollback helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "7" + helm.sh/hook-weight: "6" spec: template: metadata: @@ -395,3 +219,81 @@ spec: emptyDir: {} {{- end }} restartPolicy: OnFailure + +{{ if .Values.enterprise.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-job-st2-apply-rbac-definitions + labels: + app: st2-apply-rbac-definitions + tier: backend + vendor: stackstorm + support: enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + helm.sh/hook: post-install, post-upgrade, post-rollback + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "6" +spec: + template: + metadata: + name: job-st2-apply-rbac-definitions + labels: + app: st2-apply-rbac-definitions + tier: backend + vendor: stackstorm + support: enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed + checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} + checksum/rbac: {{ include (print $.Template.BasePath "/configmaps_rbac.yaml") . | sha256sum }} + spec: + imagePullSecrets: + - name: {{ .Release.Name }}-st2-license + containers: + - name: st2-apply-rbac-definitions + image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - st2-apply-rbac-definitions + - --verbose + - --config-file=/etc/st2/st2.conf + - --config-file=/etc/st2/st2.docker.conf + - --config-file=/etc/st2/st2.user.conf + volumeMounts: + - name: st2-config-vol + mountPath: /etc/st2/st2.docker.conf + subPath: st2.docker.conf + - name: st2-config-vol + mountPath: /etc/st2/st2.user.conf + subPath: st2.user.conf + - name: st2-rbac-roles-vol + mountPath: /opt/stackstorm/rbac/roles/ + - name: st2-rbac-assignments-vol + mountPath: /opt/stackstorm/rbac/assignments/ + - name: st2-rbac-mappings-vol + mountPath: /opt/stackstorm/rbac/mappings/ + # TODO: Find out default resource limits for this specific service (#5) + #resources: + volumes: + - name: st2-config-vol + configMap: + name: {{ .Release.Name }}-st2-config + - name: st2-rbac-roles-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-roles + - name: st2-rbac-assignments-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-assignments + - name: st2-rbac-mappings-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-mappings + restartPolicy: OnFailure +{{ end }} diff --git a/templates/secrets_st2apikeys.yaml b/templates/secrets_st2apikeys.yaml deleted file mode 100644 index 820e264c..00000000 --- a/templates/secrets_st2apikeys.yaml +++ /dev/null @@ -1,18 +0,0 @@ ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ .Release.Name }}-st2-apikeys - annotations: - description: A list of StackStorm API keys with metadata that will be imported into the system - labels: - app: st2 - tier: backend - vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" -type: Opaque -data: - apikeys.yaml: {{ toYaml .Values.st2.apikeys | b64enc | quote }} diff --git a/templates/services.yaml b/templates/services.yaml index 69f45e4a..e1380caf 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -108,3 +108,28 @@ spec: ports: - protocol: TCP port: 443 + +--- +kind: Service +apiVersion: v1 +metadata: + name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} + annotations: + description: StackStorm st2chatops - Conversation-driven Automation. + labels: + app: st2chatops + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: st2chatops + support: {{ template "supportMethod" . }} + release: {{ .Release.Name }} + type: ClusterIP + ports: + - protocol: TCP + port: 8080 diff --git a/values.yaml b/values.yaml index 0580cbab..05b6cbc8 100644 --- a/values.yaml +++ b/values.yaml @@ -73,6 +73,7 @@ st2: configs: core.yaml: | --- + # example core pack config yaml # Custom packs image settings. The repository, name, tag and pullPolicy for this image @@ -85,24 +86,6 @@ st2: name: st2packs tag: latest pullPolicy: Always - - # https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer - # It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. - # Each sensor node needs to be provided with proper partition information to share work with other sensor - # nodes so that the same sensor does not run on different nodes. - sensors: - # Specify default container that executes all sensors. - # To partition sensors with one sensor per node, override st2.packs.sensors. - # NOTE: Do not modify this file. - - name: - livenessProbe: {} - readinessProbe: {} - # TODO: Find out recommended/default resources for this specific service (#5) - resources: {} - # Additional advanced settings to control pod/deployment placement - affinity: {} - nodeSelector: {} - tolerations: [] # Import data into StackStorm's Key/Value datastore (https://docs.stackstorm.com/datastore.html) keyvalue: #- name: st2_version @@ -110,16 +93,59 @@ st2: # secret: false # encrypted: false # value: "2.9" - # Import a list of ST2 API Keys (https://docs.stackstorm.com/authentication.html#api-key-migration) - apikeys: - #- created_at: '2018-12-15T00:21:48.507388Z' - # enabled: true - # id: 5c14491c6cb8de1a9207e3a2 - # key_hash: 56928c2d9637ce44338e9564d4b939df8b258410db23b5a80f8ad69d58e648b574f35f9293c3a76bde263738be9aa8379a81553cd55513ad672540b7b0ec0cac - # metadata: {"comment": "Example unsecure ST2 API key from K8s HA Helm values.yaml"} - # uid: api_key:56928c2d9637ce44338e9564d4b939df8b258410db23b5a80f8ad69d58e648b574f35f9293c3a76bde263738be9aa8379a81553cd55513ad672540b7b0ec0cac - # user: st2admin + # Experimental st2chatops integration for StackStorm-HA Helm chart. (https://github.com/mosn/stackstorm-ha/issues/17) + chatops: + gloal.yaml: | + --- + image: "stackstorm/st2chatops" + reoisitory: + hubot_name: hubot + hubot_alias: '!' + node_tls_reject_unauthorized: false + express_port: 8081 + hubot_log_level: info + hubot_adapter: matteruser + st2.yaml: | + --- + ip: + groups: + user: + password: + wss_port: 443 + http_port: 443 + reply: true + log_level: info + reply: true + mattermost.yaml: | + --- + mattermost_host: + mattermost_group: + mattermost_user: + mattermost_password: + mattermost_wss: 443 + mattermost_http_port: 443 + mattermost_tls_verify: true + mattermost_use_tls: info + mattermost_log_level: true + mattermost_reply: true + slack.yaml: | + --- + hubot_slack_token: + hubot_slack_exit_on_disconnect: +# # StackStorm offer a handy chatops pack with sets of tools ready to connect to st2. We need to install these tool separately, in similar fashion as custompacks. +# # are specified below. +# experimental_custome_image: {} +# # If you wish to use a docker registry running in the k8s cluster, set docker-registry.enabled to true. +# # Uncomment the following line to make the custom packs image available to the necessary pods. +# # repos'itory: localhost:5000 +# name: "chatops" +# tag: "latest" +# pullPolicy: always +# # Package installation can reduce build steps by handling all phases necessary at a single stage. +# # The package comes in with chatops packs, st2chaops and is possible to integrate with external adapters. +# # On the down-side, we're losing some of the cloud-native advantages that we can get using docker installation. +# experimental_package_installation: {} ## ## StackStorm HA Cluster Secrets. All fields are required! ## NB! It's highly recommended to change ALL defaults! @@ -224,6 +250,7 @@ secrets: BjdoJBzImjVB5znOgIui3ME5 -----END PRIVATE KEY----- +# Import data into StackStorm's Key/Value datastore (https://docs.stackstorm.com/datastore.html) ## ## StackStorm HA Cluster pod settings for each individual service/component. ## @@ -332,6 +359,19 @@ st2notifier: nodeSelector: {} tolerations: [] affinity: {} +# https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer +# It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. Each sensor node needs to be +# provided with proper partition information to share work with other sensor nodes so that the same sensor does not run on different nodes. +st2sensorcontainer: + # TODO: Re-work to use single-sensor-per-container mode partitioning instead of running 1 single node of st2sensorcontainer. Proper implementation is now possible with Helm templating (#4) + # NB! Number of replicas are hardcoded to 1, see above T0D0 about using single-sensor-per-container mode in future as way of Sensor Partitioning. + # replicas: 1 + # TODO: Find out recommended/default resources for this specific service (#5) + resources: {} + # Additional advanced settings to control pod/deployment placement + nodeSelector: {} + tolerations: [] + affinity: {} # https://docs.stackstorm.com/reference/ha.html#st2actionrunner # Multiple st2actionrunner processes can run in active-active with only connections to MongoDB and RabbitMQ. Work gets naturally # distributed across runners via RabbitMQ. Adding more st2actionrunner processes increases the ability of StackStorm to execute actions. @@ -355,7 +395,18 @@ st2garbagecollector: nodeSelector: {} tolerations: [] affinity: {} - + +# Chatops service settings +st2chatops: + replicas: 1 + # TODO: Find out recommended/default resources for this specific service (#5) + resources: {} + # Additional advanced settings to control pod/deployment placement + nodeSelector: {} + tolerations: [] + affinity: {} +# https://docs.stackstorm.com/reference/ha.html#st2api +# Multiple st2api process can be behind a load balancer in an a ## ## MongoDB HA configuration (3rd party chart dependency) ## @@ -381,15 +432,6 @@ rabbitmq-ha: persistentVolume: enabled: true -## -## Etcd HA configuration (3rd party chart dependency) -## -## For values.yaml reference: -## https://github.com/helm/charts/blob/master/incubator/etcd/values.yaml -## -etcd: - resources: {} - ## ## Docker registry configuration (3rd party chart dependency) ## From ba0d01616c9b5c69c1b03be83f7751578def38d9 Mon Sep 17 00:00:00 2001 From: rapitt Date: Wed, 20 Mar 2019 13:32:48 +0100 Subject: [PATCH 03/35] sync upstream --- templates/configmaps_chatops.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index 5bebb405..cb2cfb81 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -15,3 +15,5 @@ metadata: heritage: {{ .Release.Service }} data: {{ toYaml .Values.st2.chatops | indent 2 }} + + From 7544776728e869083f8c3cf7d1e1485d9031c631 Mon Sep 17 00:00:00 2001 From: rapitt Date: Wed, 27 Mar 2019 20:32:39 +0100 Subject: [PATCH 04/35] remove whitespace --- templates/configmaps_chatops.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index cb2cfb81..a73519a1 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -14,6 +14,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.st2.chatops | indent 2 }} - - +{{ toYaml .Values.st2.chatops | indent 2 }} \ No newline at end of file From 09bb65c07c551e4d1972ea2b763fdb2d02886615 Mon Sep 17 00:00:00 2001 From: rapitt Date: Wed, 27 Mar 2019 20:35:07 +0100 Subject: [PATCH 05/35] sync upstream --- templates/configmaps_chatops.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index a73519a1..8f13a54f 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -3,7 +3,7 @@ apiVersion: v1 kind: ConfigMap metadata: name: {{ .Release.Name }}-chatops-configs - annotations: + annotations: description: Custom StackStorm chatops configs, shipped in '/opt/stackstorm/chatops/' labels: app: st2chatops From 7fef967f1534ade0f360873d0ff0b7f356d1b0b9 Mon Sep 17 00:00:00 2001 From: rapittdev Date: Wed, 27 Mar 2019 21:31:30 +0100 Subject: [PATCH 06/35] sync upstream --- .circleci/config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index ae512b33..9ccf5359 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ jobs: - image: lachlanevenson/k8s-helm steps: - checkout - - run: + - run: name: Prepare Helm command: | set -x From 7234e5032d58a6c0b69d4358d2d5983819bd45ec Mon Sep 17 00:00:00 2001 From: rapittdev Date: Fri, 5 Apr 2019 09:14:03 +0200 Subject: [PATCH 07/35] deploys --- templates/deployments.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index c3e7dbab..65ecd73a 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -197,7 +197,7 @@ spec: name: {{ .Release.Name }}-chatops-configs command: - | - docker inspect -f {{.State.Status}} stackstorm-hubot + docker inspect -f stackstorm-hubot docker logs stackstorm-hubot resources: requests: From 979016c715eb8e57cdf5090f19e47465a5e64ee3 Mon Sep 17 00:00:00 2001 From: rapittdev Date: Fri, 5 Apr 2019 13:46:11 +0200 Subject: [PATCH 08/35] in-sync --- templates/configmaps_chatops.yaml | 4 ++- templates/deployments.yaml | 3 -- values.yaml | 54 ------------------------------- 3 files changed, 3 insertions(+), 58 deletions(-) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index 8f13a54f..b4c34690 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -14,4 +14,6 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -{{ toYaml .Values.st2.chatops | indent 2 }} \ No newline at end of file +# see configmaps_st2-conf.yaml for indepth explanantion of mappings here. + +{{ toYaml .Values.st2.chatops | indent 4 }} \ No newline at end of file diff --git a/templates/deployments.yaml b/templates/deployments.yaml index c3e7dbab..eaabcc2c 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -196,9 +196,6 @@ spec: - configMapRef: name: {{ .Release.Name }}-chatops-configs command: - - | - docker inspect -f {{.State.Status}} stackstorm-hubot - docker logs stackstorm-hubot resources: requests: memory: "5Mi" diff --git a/values.yaml b/values.yaml index 05b6cbc8..a1768291 100644 --- a/values.yaml +++ b/values.yaml @@ -52,7 +52,6 @@ enterprise: # description: "Automatically grant admin role to all stormers group members." # roles: # - "admin" - ## ## StackStorm shared variables ## @@ -93,59 +92,6 @@ st2: # secret: false # encrypted: false # value: "2.9" - # Experimental st2chatops integration for StackStorm-HA Helm chart. (https://github.com/mosn/stackstorm-ha/issues/17) - chatops: - gloal.yaml: | - --- - image: "stackstorm/st2chatops" - reoisitory: - hubot_name: hubot - hubot_alias: '!' - node_tls_reject_unauthorized: false - express_port: 8081 - hubot_log_level: info - hubot_adapter: matteruser - st2.yaml: | - --- - ip: - groups: - user: - password: - wss_port: 443 - http_port: 443 - reply: true - log_level: info - reply: true - mattermost.yaml: | - --- - mattermost_host: - mattermost_group: - mattermost_user: - mattermost_password: - mattermost_wss: 443 - mattermost_http_port: 443 - mattermost_tls_verify: true - mattermost_use_tls: info - mattermost_log_level: true - mattermost_reply: true - slack.yaml: | - --- - hubot_slack_token: - hubot_slack_exit_on_disconnect: - -# # StackStorm offer a handy chatops pack with sets of tools ready to connect to st2. We need to install these tool separately, in similar fashion as custompacks. -# # are specified below. -# experimental_custome_image: {} -# # If you wish to use a docker registry running in the k8s cluster, set docker-registry.enabled to true. -# # Uncomment the following line to make the custom packs image available to the necessary pods. -# # repos'itory: localhost:5000 -# name: "chatops" -# tag: "latest" -# pullPolicy: always -# # Package installation can reduce build steps by handling all phases necessary at a single stage. -# # The package comes in with chatops packs, st2chaops and is possible to integrate with external adapters. -# # On the down-side, we're losing some of the cloud-native advantages that we can get using docker installation. -# experimental_package_installation: {} ## ## StackStorm HA Cluster Secrets. All fields are required! ## NB! It's highly recommended to change ALL defaults! From 2258dcfa522f0bed09b86078eb962b9024033a7e Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 10:35:03 +0200 Subject: [PATCH 09/35] remove st2chatops.env --- chatops-settings.yaml | 140 ------------------------------------------ 1 file changed, 140 deletions(-) delete mode 100644 chatops-settings.yaml diff --git a/chatops-settings.yaml b/chatops-settings.yaml deleted file mode 100644 index d41bfd77..00000000 --- a/chatops-settings.yaml +++ /dev/null @@ -1,140 +0,0 @@ - - - - - - - -export ST2_HOSTNAME="${ST2_HOSTNAME:-localhost}" - -##################################################################### -# Hubot settings - -# set if you don’t have a valid SSL certificate. -export NODE_TLS_REJECT_UNAUTHORIZED=0 - -# Hubot port - must be accessible from StackStorm -export EXPRESS_PORT=8081 - -# Log level -export HUBOT_LOG_LEVEL=debug - -# Bot name -export HUBOT_NAME=hubot -export HUBOT_ALIAS='!' - -###################################################################### -# StackStorm settings - -# StackStorm API endpoint. -export ST2_API="${ST2_API:-https://${ST2_HOSTNAME}/api}" - -# StackStorm auth endpoint. -export ST2_AUTH_URL="${ST2_AUTH_URL:-https://${ST2_HOSTNAME}/auth}" - -# StackStorm stream endpoint. -export ST2_STREAM_URL="${ST2_STREAM_URL:-https://${ST2_HOSTNAME}/stream}" - -# StackStorm API key -export ST2_API_KEY="${ST2_API_KEY}" - -# ST2 credentials. Fill in to use any stackstorm account. -export ST2_AUTH_USERNAME="${ST2_AUTH_USERNAME:-st2admin}" -export ST2_AUTH_PASSWORD="${ST2_AUTH_PASSWORD:-testp}" - -# Public URL of StackStorm instance: used it to offer links to execution details in a chat. -export ST2_WEBUI_URL="${ST2_WEBUI_URL:-https://${ST2_HOSTNAME}}" - -###################################################################### -# Chat service adapter settings - -# Uncomment one of the adapter blocks below. -# Currently supported: slack, hipchat, xmpp, matteruser, rocketchat, spark, irc, flowdock. -# For using other adapters refer to the "Using an external adapter" doc: -# https://docs.stackstorm.com/chatops/chatops.htm - -# Slack settings (https://github.com/slackhq/hubot-slack): -# -# export HUBOT_ADAPTER=slack -# Obtain the Slack token from your app page at api.slack.com, it's the "Bot -# User OAuth Access Token" in the "OAuth & Permissions" section. -# export HUBOT_SLACK_TOKEN=xoxb-CHANGE-ME-PLEASE -# Uncomment the following line to force hubot to exit if disconnected from slack. -# export HUBOT_SLACK_EXIT_ON_DISCONNECT=1 - -# HipChat settings (https://github.com/hipchat/hubot-hipchat): -# -# export HUBOT_ADAPTER=hipchat -# export HUBOT_HIPCHAT_JID=CHANGE-ME-PLEASE -# export HUBOT_HIPCHAT_PASSWORD=CHANGE-ME-PLEASE -# -# Uncomment for HipChat Server: -# export HUBOT_HIPCHAT_XMPP_DOMAIN=btf.hipchat.com - -# XMPP settings (https://github.com/markstory/hubot-xmpp): -# -# export HUBOT_ADAPTER=xmpp -# export HUBOT_XMPP_USERNAME=CHANGE-ME-PLEASE -# export HUBOT_XMPP_PASSWORD=CHANGE-ME-PLEASE -# export HUBOT_XMPP_ROOMS=CHANGE-ME-PLEASE -# export HUBOT_XMPP_HOST=CHANGE-ME-PLEASE -# export HUBOT_XMPP_PORT=CHANGE-ME-PLEASE - -# FlowDock settings (https://github.com/flowdock/hubot-flowdock): -# -# export HUBOT_ADAPTER=flowdock -# export HUBOT_FLOWDOCK_API_TOKEN=CHANGE-ME-PLEASE -# export HUBOT_FLOWDOCK_LOGIN_EMAIL=CHANGE-ME-PLEASE -# export HUBOT_FLOWDOCK_LOGIN_PASSWORD=CHANGE-ME-PLEASE - -# Cisco Spark settings (https://github.com/tonybaloney/hubot-spark): -# -# export HUBOT_ADAPTER=spark -# export HUBOT_SPARK_API_URI=https://api.ciscospark.com/v1 -# export HUBOT_SPARK_ACCESS_TOKEN=CHANGE-ME-PLEASE -# export HUBOT_SPARK_ROOMS=CHANGE-ME-PLEASE - -# IRC settings (https://github.com/nandub/hubot-irc): -# -# export HUBOT_ADAPTER=irc -# export HUBOT_IRC_SERVER=CHANGE-ME-PLEASE -# export HUBOT_IRC_PORT=CHANGE-ME-PLEASE -# export HUBOT_IRC_NICK=CHANGE-ME-PLEASE -# export HUBOT_IRC_PASSWORD=CHANGE-ME-PLEASE -# export HUBOT_IRC_ROOMS=CHANGE-ME-PLEASE -# export HUBOT_IRC_NICKSERV_USERNAME=CHANGE-ME-PLEASE -# export HUBOT_IRC_NICKSERV_PASSWORD=CHANGE-ME-PLEASE -# export HUBOT_IRC_SERVER_FAKE_SSL=CHANGE-ME-PLEASE -# export HUBOT_IRC_USESSL=CHANGE-ME-PLEASE -# export HUBOT_IRC_UNFLOOD=CHANGE-ME-PLEASE - -# Mattermost settings (https://github.com/loafoe/hubot-matteruser): -# -# export HUBOT_ADAPTER=matteruser -# export MATTERMOST_HOST=CHANGE-ME-PLEASE -# export MATTERMOST_GROUP=CHANGE-ME-PLEASE -# export MATTERMOST_USER=CHANGE-ME-PLEASE -# export MATTERMOST_PASSWORD=CHANGE-ME-PLEASE -# Optional: -# export MATTERMOST_WSS_PORT=443 -# export MATTERMOST_HTTP_PORT=443 -# export MATTERMOST_TLS_VERIFY=true -# export MATTERMOST_USE_TLS=true -# export MATTERMOST_LOG_LEVEL=info -# export MATTERMOST_REPLY=true - -# RocketChat settings (https://github.com/RocketChat/hubot-rocketchat): -# -# export HUBOT_ADAPTER=rocketchat -# export ROCKETCHAT_URL=CHANGE-ME-PLEASE -# export ROCKETCHAT_USER=CHANGE-ME-PLEASE -# export ROCKETCHAT_PASSWORD=CHANGE-ME-PLEASE -# export ROCKETCHAT_ROOM=CHANGE-ME-PLEASE -# Optional: -# export ROCKETCHAT_AUTH=password -# export LISTEN_ON_ALL_PUBLIC=false -# export RESPOND_TO_DM=false -# export RESPOND_TO_EDITED=false -# export ROOM_ID_CACHE_SIZE=10 -# export DM_ROOM_ID_CACHE_SIZE=100 -# export ROOM_ID_CACHE_MAX_AGE=300 \ No newline at end of file From 673854dc78b310be26e318d4d9b7205d4dbdc80f Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 14:40:41 +0200 Subject: [PATCH 10/35] some clean up --- Chart.yaml | 4 +- templates/configmaps_chatops.yaml | 2 +- templates/deployments.yaml | 85 ++----------------------------- values.yaml | 81 +++++++---------------------- 4 files changed, 24 insertions(+), 148 deletions(-) diff --git a/Chart.yaml b/Chart.yaml index 93c68f5a..1ccf1300 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # Update StackStorm version here to rely on other Docker images tags appVersion: 3.0dev name: stackstorm-ha -version: 0.8.4 +version: 0.10.0 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. home: https://stackstorm.com/#product icon: https://avatars1.githubusercontent.com/u/4969009 @@ -24,4 +24,4 @@ maintainers: details: This Helm chart is a fully installable app that codifies StackStorm cluster optimized for HA and K8s environment. By default FOSS community version of st2 will be installed. Enterprise version can be enabled as an option. - For configuration details check 'values.yaml'. + For configuration details check 'values.yaml'. \ No newline at end of file diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index 8f13a54f..2853b34e 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ .Release.Name }}-chatops-configs + name: {{ .Release.Name }}-st2chatops annotations: description: Custom StackStorm chatops configs, shipped in '/opt/stackstorm/chatops/' labels: diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 65ecd73a..0d079026 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -135,51 +135,11 @@ spec: release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} checksum/chatops: {{ include (print $.Template.BasePath "/configmaps_chatops.yaml") . | sha256sum }} - checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} - checksum/auth: {{ include (print $.Template.BasePath "/secrets_st2auth.yaml") . | sha256sum }} - checksum/ssh: {{ include (print $.Template.BasePath "/secrets_ssh.yaml") . | sha256sum }} spec: - {{- if .Values.enterprise.enabled }} - imagePullSecrets: - - name: {{ .Release.Name }}-st2-license - {{- end }} - initContainers: - {{- if .Values.st2.packs.image.repository }} - # Merge packs and virtualenvs from st2actionrunner with those from the st2.packs image - # Can be used for chatops pack if system pack comes without it. - - name: st2-custom-packs - image: "{{ .Values.st2.packs.image.repository }}/{{ .Values.st2.packs.image.name }}:{{ .Values.st2.packs.image.tag }}" - imagePullPolicy: {{ .Values.st2.packs.image.pullPolicy | quote }} - volumeMounts: - - name: st2-packs-vol - mountPath: /opt/stackstorm/packs-shared - - name: st2-virtualenvs-vol - mountPath: /opt/stackstorm/virtualenvs-shared - command: - - 'sh' - - '-ec' - - | - /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && - /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared - # System packs - - name: st2-system-packs - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: st2-packs-vol - mountPath: /opt/stackstorm/packs-shared - command: - - 'sh' - - '-ec' - - | - /bin/cp -aR /opt/stackstorm/packs/. /opt/stackstorm/packs-shared && - /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared - {{- end }} containers: - name: st2chatops - image: gcr.io/rapitt/st2chatops-debug + image: "{{ template "imageRepository" . }}/st2chatops{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: ST2_AUTH_USERNAME @@ -194,51 +154,14 @@ spec: key: username envFrom: - configMapRef: - name: {{ .Release.Name }}-chatops-configs + name: {{ .Release.Name }}-st2chatops command: - - | - docker inspect -f stackstorm-hubot - docker logs stackstorm-hubot + - docker run -e HUBOT_ADAPTER=slack + - printf "${ST2_AUTH_USERNAME}:$(openssl passwd -apr1 "${ST2_AUTH_PASSWORD}")\n" > /tmp/st2/htpasswd resources: requests: memory: "5Mi" cpu: "5m" - volumes: - - name: st2-config-vol - mountPath: /etc/st2/st2.docker.conf - subPath: st2.docker.conf - {{- if .Values.enterprise.enabled }} - - name: st2-rbac-roles-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-roles - - name: st2-rbac-assignments-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-assignments - - name: st2-rbac-mappings-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-mappings - {{- end }} - - name: st2-pack-configs-vol - configMap: - name: {{ .Release.Name }}-st2-pack-configs - - name: st2client-config-vol - emptyDir: - medium: Memory - - name: st2-ssh-key-vol - secret: - secretName: {{ .Release.Name }}-st2-ssh - items: - - key: private_key - path: stanley_rsa - # 0400 file permission - mode: 256 - {{- if .Values.st2.packs.image.repository }} - - name: st2-packs-vol - emptyDir: {} - - name: st2-virtualenvs-vol - emptyDir: {} - {{- end }} - --- apiVersion: apps/v1 kind: Deployment diff --git a/values.yaml b/values.yaml index 05b6cbc8..a0efea82 100644 --- a/values.yaml +++ b/values.yaml @@ -93,60 +93,7 @@ st2: # secret: false # encrypted: false # value: "2.9" - # Experimental st2chatops integration for StackStorm-HA Helm chart. (https://github.com/mosn/stackstorm-ha/issues/17) - chatops: - gloal.yaml: | - --- - image: "stackstorm/st2chatops" - reoisitory: - hubot_name: hubot - hubot_alias: '!' - node_tls_reject_unauthorized: false - express_port: 8081 - hubot_log_level: info - hubot_adapter: matteruser - st2.yaml: | - --- - ip: - groups: - user: - password: - wss_port: 443 - http_port: 443 - reply: true - log_level: info - reply: true - mattermost.yaml: | - --- - mattermost_host: - mattermost_group: - mattermost_user: - mattermost_password: - mattermost_wss: 443 - mattermost_http_port: 443 - mattermost_tls_verify: true - mattermost_use_tls: info - mattermost_log_level: true - mattermost_reply: true - slack.yaml: | - --- - hubot_slack_token: - hubot_slack_exit_on_disconnect: -# # StackStorm offer a handy chatops pack with sets of tools ready to connect to st2. We need to install these tool separately, in similar fashion as custompacks. -# # are specified below. -# experimental_custome_image: {} -# # If you wish to use a docker registry running in the k8s cluster, set docker-registry.enabled to true. -# # Uncomment the following line to make the custom packs image available to the necessary pods. -# # repos'itory: localhost:5000 -# name: "chatops" -# tag: "latest" -# pullPolicy: always -# # Package installation can reduce build steps by handling all phases necessary at a single stage. -# # The package comes in with chatops packs, st2chaops and is possible to integrate with external adapters. -# # On the down-side, we're losing some of the cloud-native advantages that we can get using docker installation. -# experimental_package_installation: {} -## ## StackStorm HA Cluster Secrets. All fields are required! ## NB! It's highly recommended to change ALL defaults! ## @@ -396,22 +343,28 @@ st2garbagecollector: tolerations: [] affinity: {} -# Chatops service settings +# StackStorm ChatOps (https://docs.stackstorm.com/chatops/index.html) +# As hubot can't be HA scaled properly, we deploy only single replica of st2chatops st2chatops: - replicas: 1 - # TODO: Find out recommended/default resources for this specific service (#5) + # Enable st2chatops (default: false) + enabled: true + # Custom hubot adapter ENV variables to pass through which will override st2chatops.env defaults. + # See https://github.com/StackStorm/st2chatops/blob/master/st2chatops.env + # for the full list of supported adapters and example ENV variables. + env: + HUBOT_ADAPTER: slack + HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE + # Use custom generated st2chatops Docker image + image: + # repository: stackstorm + # name: st2chatops + # tag: {{ .Chart.AppVersion }} + # pullPolicy: Always resources: {} # Additional advanced settings to control pod/deployment placement nodeSelector: {} tolerations: [] - affinity: {} -# https://docs.stackstorm.com/reference/ha.html#st2api -# Multiple st2api process can be behind a load balancer in an a -## -## MongoDB HA configuration (3rd party chart dependency) -## -## For values.yaml reference: -## https://github.com/helm/charts/tree/master/stable/mongodb-replicaset +affinity: {} ## # Specs for the MongoDB image mongodb-ha: From a3bec3c0ba2d6e7e4880b209ac00a502ed0db5a2 Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 22:37:44 +0200 Subject: [PATCH 11/35] mounting volume --- templates/deployments.yaml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 0d079026..8fccea5c 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -138,9 +138,12 @@ spec: checksum/chatops: {{ include (print $.Template.BasePath "/configmaps_chatops.yaml") . | sha256sum }} spec: containers: - - name: st2chatops + - name: st2chatops{{ template "enterpriseSuffix" . }} image: "{{ template "imageRepository" . }}/st2chatops{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: st2-chatops-vol + mountPath: /opt/stackstorm/chatops/st2chatops.env env: - name: ST2_AUTH_USERNAME valueFrom: @@ -155,13 +158,14 @@ spec: envFrom: - configMapRef: name: {{ .Release.Name }}-st2chatops - command: - - docker run -e HUBOT_ADAPTER=slack - - printf "${ST2_AUTH_USERNAME}:$(openssl passwd -apr1 "${ST2_AUTH_PASSWORD}")\n" > /tmp/st2/htpasswd resources: requests: memory: "5Mi" cpu: "5m" + volumes: + - name: st2-chatops-vol + configMap: + name: {{ .Release.Name }}-st2chatops --- apiVersion: apps/v1 kind: Deployment From 3f7c8fc1d60bf47279f391b9c1d55619f9e6e3e1 Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 22:44:20 +0200 Subject: [PATCH 12/35] manually sync files --- .circleci/config.yml | 4 ++-- CHANGELOG.md | 11 ++++++++++- templates/etcd.yaml | 2 +- templates/jobs.yaml | 2 +- 4 files changed, 14 insertions(+), 5 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9ccf5359..470b9238 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -7,7 +7,7 @@ jobs: - image: lachlanevenson/k8s-helm steps: - checkout - - run: + - run: name: Prepare Helm command: | set -x @@ -65,4 +65,4 @@ experimental: notify: branches: only: - - master + - master \ No newline at end of file diff --git a/CHANGELOG.md b/CHANGELOG.md index 39eca4f5..6a1fe505 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,15 @@ ## In Development +## v0.10.0 +* Bump versions of all dependencies (#50) +* Allow st2sensorcontainer to be partitioned (#51) +* Replace single-node `etcd` coordination backend with 3-node etcd HA cluster, deployed as a Helm dependency (#52) +* Fixed improper job load order for enterprise edition failing due to missing RBAC roles & assignments (#53) + +## v0.9.0 +* Add new Helm value setting `st2.apikeys` to allow importing predefined ST2 API keys (#36) + ## v0.8.4 * Pin st2 version to `v3.0dev` as a new latest development version (#41) @@ -35,4 +44,4 @@ * Add st2packs, - a way to use custom st2 packs as a shareable Docker image via sidecar containers ## v0.4.0 -* Initial public version, referencing StackStorm Enterprise HA as a Helm chart +* Initial public version, referencing StackStorm Enterprise HA as a Helm chart \ No newline at end of file diff --git a/templates/etcd.yaml b/templates/etcd.yaml index babf2691..4c9d6942 100644 --- a/templates/etcd.yaml +++ b/templates/etcd.yaml @@ -101,4 +101,4 @@ spec: - name: server port: 2380 protocol: TCP - targetPort: 2380 + targetPort: 2380 \ No newline at end of file diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 602a0dda..95c929ca 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -296,4 +296,4 @@ spec: configMap: name: {{ .Release.Name }}-st2-rbac-mappings restartPolicy: OnFailure -{{ end }} +{{ end }} \ No newline at end of file From 634f3b2c552681133f16c3c68265edf56e1ab47b Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 22:46:48 +0200 Subject: [PATCH 13/35] manually sync files --- .circleci/config.yml | 2 +- CHANGELOG.md | 2 +- Chart.yaml | 3 ++- README.md | 37 +++++++++++++++++++++++++++---------- 4 files changed, 31 insertions(+), 13 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 470b9238..ae512b33 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -65,4 +65,4 @@ experimental: notify: branches: only: - - master \ No newline at end of file + - master diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a1fe505..824da6ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,4 +44,4 @@ * Add st2packs, - a way to use custom st2 packs as a shareable Docker image via sidecar containers ## v0.4.0 -* Initial public version, referencing StackStorm Enterprise HA as a Helm chart \ No newline at end of file +* Initial public version, referencing StackStorm Enterprise HA as a Helm chart diff --git a/Chart.yaml b/Chart.yaml index 1ccf1300..d7f708c7 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -24,4 +24,5 @@ maintainers: details: This Helm chart is a fully installable app that codifies StackStorm cluster optimized for HA and K8s environment. By default FOSS community version of st2 will be installed. Enterprise version can be enabled as an option. - For configuration details check 'values.yaml'. \ No newline at end of file + For configuration details check 'values.yaml'. + \ No newline at end of file diff --git a/README.md b/README.md index 0706c779..ab15f035 100644 --- a/README.md +++ b/README.md @@ -112,12 +112,27 @@ In an HA deployment there must be a minimum of `2` replicas of st2notifier runni which in our case is `etcd`. ### [st2sensorcontainer](https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer) -st2sensorcontainer manages StackStorm sensors: starts, stops and restarts them as a subprocesses. -At the moment K8s configuration consists of Deployment with hardcoded `1` replica. -Future plans are to re-work this setup and benefit from Docker-friendly [single-sensor-per-container mode #4179](https://github.com/StackStorm/st2/pull/4179) -(since st2 `v2.9`) as a way of [Sensor Partitioning](https://docs.stackstorm.com/latest/reference/sensor_partitioning.html), distributing the computing load -between many pods and relying on K8s failover/reschedule mechanisms, instead of running everything on `1` single instance of st2sensorcontainer. +st2sensorcontainer manages StackStorm sensors: It starts, stops and restarts them as subprocesses. +By default, deployment is configured with `1` replica containing all the sensors. +st2sensorcontainer also supports a more Docker-friendly single-sensor-per-container mode as a way of +[Sensor Partitioning](https://docs.stackstorm.com/latest/reference/sensor_partitioning.html). This +distributes the computing load between many pods and relies on K8s failover/reschedule mechanisms, +instead of running everything on a single instance of st2sensorcontainer. The sensor(s) must be +deployed as part of the custom packs image. + +As an example, override the default Helm values as follows: + +``` +st2: + packs: + sensors: + - name: github + ref: githubwebhook.GitHubWebhookSensor + - name: circleci + ref: circle_ci.CircleCIWebhookSensor +``` + ### [st2actionrunner](https://docs.stackstorm.com/reference/ha.html#st2actionrunner) Stackstorm workers that actually execute actions. `5` replicas for K8s Deployment are configured by default to increase StackStorm ability to execute actions without excessive queuing. @@ -144,9 +159,9 @@ For more advanced RabbitMQ configuration, please refer to official [rabbitmq-ha] Helm chart repository, - all settings could be overridden via `values.yaml`. ### [etcd](https://docs.stackstorm.com/latest/reference/ha.html#zookeeper-redis) -StackStorm employs etcd as a distributed coordination backend, required for StackStorm cluster components to work properly in HA scenario. -Currently, due to low demands, only `1` instance of etcd is created via K8s Deployment. -Future plans to switch to official Helm chart and configure etcd/Raft cluster properly with `3` nodes by default (TODO). +StackStorm employs etcd as a distributed coordination backend, required for st2 cluster components to work properly in HA scenario. +`3` node Raft cluster is deployed via external official Helm chart dependency [etcd](https://github.com/helm/charts/tree/master/incubator/etcd). +As any other Helm dependency, it's possible to further configure it for specific scaling needs via `values.yaml`. ### Docker registry If you do not already have an appropriate docker registry for storing custom st2 packs images, we made it @@ -178,9 +193,11 @@ kubectl port-forward $(kubectl get pod -l app=docker-registry -o jsonpath="{.ite NOTE: If running on MacOS, before deploying the image, open another terminal and execute: ``` -docker run --privileged --pid=host socat:latest nsenter -t 1 -u -n -i socat TCP-LISTEN:5000,fork TCP:docker.for.mac.localhost:5000 +docker run --privileged --pid=host stackstorm/socat:latest nsenter -t 1 -u -n -i socat TCP-LISTEN:5000,fork TCP:docker.for.mac.localhost:5000 ``` +The source for the `stackstorm/socat` image is found at https://github.com/StackStorm/docker-socat. + To deploy the image to the registry, execute: ``` docker push ${DOCKER_REGISTRY}/st2packs:latest @@ -213,4 +230,4 @@ kubectl logs -l release= Grab all logs only for stackstorm backend services, excluding st2web and DB/MQ/etcd: ``` kubectl logs -l release=,tier=backend -``` +``` \ No newline at end of file From 1d9f26cfc9127bdfcadef5cb1768827c337851f5 Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 22:51:23 +0200 Subject: [PATCH 14/35] manually sync files --- CHANGELOG.md | 2 +- requirements.yaml | 15 ++- templates/_helpers.tpl | 5 + templates/jobs.yaml | 262 ++++++++++++++++++++++++++++------------- 4 files changed, 195 insertions(+), 89 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 824da6ec..6a1fe505 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,4 +44,4 @@ * Add st2packs, - a way to use custom st2 packs as a shareable Docker image via sidecar containers ## v0.4.0 -* Initial public version, referencing StackStorm Enterprise HA as a Helm chart +* Initial public version, referencing StackStorm Enterprise HA as a Helm chart \ No newline at end of file diff --git a/requirements.yaml b/requirements.yaml index 95521394..9e29c90e 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -1,20 +1,23 @@ dependencies: - name: rabbitmq-ha - version: 1.8.1 + version: 1.20.1 repository: https://kubernetes-charts.storage.googleapis.com/ - name: mongodb-replicaset - version: 3.5.3 + version: 3.9.2 repository: https://kubernetes-charts.storage.googleapis.com/ alias: mongodb-ha - name: docker-registry - version: 1.5.3 + version: 1.7.0 repository: https://kubernetes-charts.storage.googleapis.com/ condition: docker-registry.enabled - name: kube-registry-proxy - version: 0.2.2 - repository: http://storage.googleapis.com/kubernetes-charts-incubator/ + version: 0.3.0 + repository: https://kubernetes-charts-incubator.storage.googleapis.com/ condition: docker-registry.enabled - name: external-dns - version: 1.0.2 + version: 1.6.1 repository: https://kubernetes-charts.storage.googleapis.com/ condition: external-dns.enabled + - name: etcd + version: 0.6.2 + repository: https://kubernetes-charts-incubator.storage.googleapis.com/ \ No newline at end of file diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index bbc11087..aa2340cf 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -27,3 +27,8 @@ stackstorm {{- define "enterpriseSuffix" -}} {{ if required "Missing context '.Values.enterprise.enabled'!" .Values.enterprise.enabled }}-enterprise{{ end }} {{- end -}} + +# Generate '-' prefix only when the variable is defined +{{- define "hyphenPrefix" -}} +{{ if . }}-{{ . }}{{end}} +{{- end -}} \ No newline at end of file diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 95c929ca..3ebbe722 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -1,3 +1,180 @@ +{{ if .Values.enterprise.enabled }} +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-job-st2-apply-rbac-definitions + labels: + app: st2-apply-rbac-definitions + tier: backend + vendor: stackstorm + support: enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + helm.sh/hook: post-install, post-upgrade, post-rollback + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "5" +spec: + template: + metadata: + name: job-st2-apply-rbac-definitions + labels: + app: st2-apply-rbac-definitions + tier: backend + vendor: stackstorm + support: enterprise + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed + checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} + checksum/rbac: {{ include (print $.Template.BasePath "/configmaps_rbac.yaml") . | sha256sum }} + spec: + imagePullSecrets: + - name: {{ .Release.Name }}-st2-license + containers: + - name: st2-apply-rbac-definitions + image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - st2-apply-rbac-definitions + - --verbose + - --config-file=/etc/st2/st2.conf + - --config-file=/etc/st2/st2.docker.conf + - --config-file=/etc/st2/st2.user.conf + volumeMounts: + - name: st2-config-vol + mountPath: /etc/st2/st2.docker.conf + subPath: st2.docker.conf + - name: st2-config-vol + mountPath: /etc/st2/st2.user.conf + subPath: st2.user.conf + - name: st2-rbac-roles-vol + mountPath: /opt/stackstorm/rbac/roles/ + - name: st2-rbac-assignments-vol + mountPath: /opt/stackstorm/rbac/assignments/ + - name: st2-rbac-mappings-vol + mountPath: /opt/stackstorm/rbac/mappings/ + # TODO: Find out default resource limits for this specific service (#5) + #resources: + volumes: + - name: st2-config-vol + configMap: + name: {{ .Release.Name }}-st2-config + - name: st2-rbac-roles-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-roles + - name: st2-rbac-assignments-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-assignments + - name: st2-rbac-mappings-vol + configMap: + name: {{ .Release.Name }}-st2-rbac-mappings + restartPolicy: OnFailure +{{ end }} + +--- +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ .Release.Name }}-job-st2-apikey-load + labels: + app: st2 + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + helm.sh/hook: post-install, post-upgrade, post-rollback + helm.sh/hook-delete-policy: before-hook-creation + helm.sh/hook-weight: "6" +spec: + template: + metadata: + name: job-st2-apikey-load + labels: + app: st2 + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed + checksum/urls: {{ include (print $.Template.BasePath "/configmaps_st2-urls.yaml") . | sha256sum }} + checksum/apikeys: {{ include (print $.Template.BasePath "/secrets_st2apikeys.yaml") . | sha256sum }} + spec: + {{- if .Values.enterprise.enabled }} + imagePullSecrets: + - name: {{ .Release.Name }}-st2-license + {{- end }} + initContainers: + # Sidecar container for generating st2client config with st2 username & password pair and sharing produced file with the main container + - name: generate-st2client-config + image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + envFrom: + - configMapRef: + name: {{ .Release.Name }}-st2-urls + env: + - name: ST2_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-st2-auth + key: username + - name: ST2_AUTH_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-st2-auth + key: password + volumeMounts: + - name: st2client-config-vol + mountPath: /root/.st2/ + # `st2 login` doesn't exit on failure correctly, use old methods instead. See bug: https://github.com/StackStorm/st2/issues/4338 + command: + - 'sh' + - '-ec' + - | + cat < /root/.st2/config + [credentials] + username = ${ST2_AUTH_USERNAME} + password = ${ST2_AUTH_PASSWORD} + EOT + containers: + - name: st2-apikey-load + image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - st2 + - apikey + - load + - /etc/st2/apikeys.yaml + envFrom: + - configMapRef: + name: {{ .Release.Name }}-st2-urls + volumeMounts: + - name: st2client-config-vol + mountPath: /root/.st2/ + - name: st2-apikeys-vol + mountPath: /etc/st2/apikeys.yaml + subPath: apikeys.yaml + # TODO: Find out default resource limits for this specific service (#5) + #resources: + volumes: + - name: st2client-config-vol + emptyDir: + medium: Memory + - name: st2-apikeys-vol + secret: + secretName: {{ .Release.Name }}-st2-apikeys + restartPolicy: OnFailure + --- apiVersion: batch/v1 kind: Job @@ -14,7 +191,7 @@ metadata: annotations: helm.sh/hook: post-install, post-upgrade, post-rollback helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "5" + helm.sh/hook-weight: "6" spec: template: metadata: @@ -55,7 +232,6 @@ spec: secretKeyRef: name: {{ .Release.Name }}-st2-auth key: password - volumeMounts: - name: st2client-config-vol mountPath: /root/.st2/ @@ -123,7 +299,7 @@ metadata: annotations: helm.sh/hook: post-install, post-upgrade, post-rollback helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "6" + helm.sh/hook-weight: "7" spec: template: metadata: @@ -218,82 +394,4 @@ spec: - name: st2-virtualenvs-vol emptyDir: {} {{- end }} - restartPolicy: OnFailure - -{{ if .Values.enterprise.enabled }} ---- -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ .Release.Name }}-job-st2-apply-rbac-definitions - labels: - app: st2-apply-rbac-definitions - tier: backend - vendor: stackstorm - support: enterprise - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - helm.sh/hook: post-install, post-upgrade, post-rollback - helm.sh/hook-delete-policy: before-hook-creation - helm.sh/hook-weight: "6" -spec: - template: - metadata: - name: job-st2-apply-rbac-definitions - labels: - app: st2-apply-rbac-definitions - tier: backend - vendor: stackstorm - support: enterprise - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - # TODO: Investigate/propose running Helm hook only on condition when ConfigMap or Secret has changed - checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} - checksum/rbac: {{ include (print $.Template.BasePath "/configmaps_rbac.yaml") . | sha256sum }} - spec: - imagePullSecrets: - - name: {{ .Release.Name }}-st2-license - containers: - - name: st2-apply-rbac-definitions - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - st2-apply-rbac-definitions - - --verbose - - --config-file=/etc/st2/st2.conf - - --config-file=/etc/st2/st2.docker.conf - - --config-file=/etc/st2/st2.user.conf - volumeMounts: - - name: st2-config-vol - mountPath: /etc/st2/st2.docker.conf - subPath: st2.docker.conf - - name: st2-config-vol - mountPath: /etc/st2/st2.user.conf - subPath: st2.user.conf - - name: st2-rbac-roles-vol - mountPath: /opt/stackstorm/rbac/roles/ - - name: st2-rbac-assignments-vol - mountPath: /opt/stackstorm/rbac/assignments/ - - name: st2-rbac-mappings-vol - mountPath: /opt/stackstorm/rbac/mappings/ - # TODO: Find out default resource limits for this specific service (#5) - #resources: - volumes: - - name: st2-config-vol - configMap: - name: {{ .Release.Name }}-st2-config - - name: st2-rbac-roles-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-roles - - name: st2-rbac-assignments-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-assignments - - name: st2-rbac-mappings-vol - configMap: - name: {{ .Release.Name }}-st2-rbac-mappings - restartPolicy: OnFailure -{{ end }} \ No newline at end of file + restartPolicy: OnFailure \ No newline at end of file From bf8092771a6bb04dedc69c3c7c1a25c80ab8415e Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 22:57:26 +0200 Subject: [PATCH 15/35] manually sync files --- templates/deployments.yaml | 218 ++++++++++++++++++++----------------- templates/etcd.yaml | 104 ------------------ 2 files changed, 118 insertions(+), 204 deletions(-) delete mode 100644 templates/etcd.yaml diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 8fccea5c..20292e74 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -17,6 +17,8 @@ spec: app: st2auth support: {{ template "supportMethod" . }} release: {{ .Release.Name }} + # https://docs.stackstorm.com/reference/ha.html#st2auth + # Multiple st2auth processes can be behind a load balancer in an active-active configuration. replicas: {{ default 2 .Values.st2auth.replicas }} template: metadata: @@ -107,68 +109,6 @@ spec: --- apiVersion: apps/v1 kind: Deployment -metadata: - name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} - labels: - app: st2chatops - tier: backend - vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: st2chatops - support: {{ template "supportMethod" . }} - release: {{ .Release.Name }} - replicas: 1 - template: - metadata: - labels: - app: st2chatops - tier: backend - vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - checksum/chatops: {{ include (print $.Template.BasePath "/configmaps_chatops.yaml") . | sha256sum }} - spec: - containers: - - name: st2chatops{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2chatops{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: st2-chatops-vol - mountPath: /opt/stackstorm/chatops/st2chatops.env - env: - - name: ST2_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-st2-auth - key: username - - name: ST2_AUTH_USERNAME - valueFrom: - secretKeyRef: - name: {{ .Release.Name }}-st2-auth - key: username - envFrom: - - configMapRef: - name: {{ .Release.Name }}-st2chatops - resources: - requests: - memory: "5Mi" - cpu: "5m" - volumes: - - name: st2-chatops-vol - configMap: - name: {{ .Release.Name }}-st2chatops ---- -apiVersion: apps/v1 -kind: Deployment metadata: name: {{ .Release.Name }}-st2api{{ template "enterpriseSuffix" . }} labels: @@ -840,56 +780,56 @@ spec: {{ toYaml . | indent 8 }} {{- end }} +{{- range .Values.st2.packs.sensors }} --- apiVersion: apps/v1 kind: Deployment metadata: - name: {{ .Release.Name }}-st2sensorcontainer{{ template "enterpriseSuffix" . }} + name: {{ $.Release.Name }}-st2sensorcontainer{{ template "hyphenPrefix" .name }}{{ template "enterpriseSuffix" $ }} labels: - app: st2sensorcontainer + app: st2sensorcontainer{{ template "hyphenPrefix" .name }} tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + support: {{ template "supportMethod" $ }} + chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} spec: selector: matchLabels: - app: st2sensorcontainer - support: {{ template "supportMethod" . }} - release: {{ .Release.Name }} + app: st2sensorcontainer{{ template "hyphenPrefix" .name }} + support: {{ template "supportMethod" $ }} + release: {{ $.Release.Name }} # https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer # It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. Each sensor node needs to be # provided with proper partition information to share work with other sensor nodes so that the same sensor does not run on different nodes. # See Partitioning Sensors for information on how to partition sensors. - # TODO: Re-work to use single-sensor-per-container mode instead of running 1 node. Proper implementation is possible with Helm templating (#4) replicas: 1 template: metadata: labels: - app: st2sensorcontainer + app: st2sensorcontainer{{ template "hyphenPrefix" .name }} tier: backend vendor: stackstorm - support: {{ template "supportMethod" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + support: {{ template "supportMethod" $ }} + chart: {{ $.Chart.Name }}-{{ $.Chart.Version }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") . | sha256sum }} - checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") . | sha256sum }} + checksum/config: {{ include (print $.Template.BasePath "/configmaps_st2-conf.yaml") $ | sha256sum }} + checksum/packs: {{ include (print $.Template.BasePath "/configmaps_packs.yaml") $ | sha256sum }} spec: - {{- if .Values.enterprise.enabled }} + {{- if $.Values.enterprise.enabled }} imagePullSecrets: - - name: {{ .Release.Name }}-st2-license + - name: {{ $.Release.Name }}-st2-license {{- end }} - {{- if .Values.st2.packs.image.repository }} + {{- if $.Values.st2.packs.image.repository }} initContainers: # Merge packs and virtualenvs from st2sensorcontainer with those from the st2.packs image # Custom packs - name: st2-custom-packs - image: "{{ .Values.st2.packs.image.repository }}/{{ .Values.st2.packs.image.name }}:{{ .Values.st2.packs.image.tag }}" - imagePullPolicy: {{ .Values.st2.packs.image.pullPolicy | quote }} + image: "{{ $.Values.st2.packs.image.repository }}/{{ $.Values.st2.packs.image.name }}:{{ $.Values.st2.packs.image.tag }}" + imagePullPolicy: {{ $.Values.st2.packs.image.pullPolicy | quote }} volumeMounts: - name: st2-packs-vol mountPath: /opt/stackstorm/packs-shared @@ -903,8 +843,8 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared # System packs - name: st2-system-packs - image: "{{ template "imageRepository" . }}/st2actionrunner{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + image: "{{ template "imageRepository" $ }}/st2actionrunner{{ template "enterpriseSuffix" $ }}:{{ $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} volumeMounts: - name: st2-packs-vol mountPath: /opt/stackstorm/packs-shared @@ -916,15 +856,30 @@ spec: /bin/cp -aR /opt/stackstorm/virtualenvs/. /opt/stackstorm/virtualenvs-shared {{- end }} containers: - - name: st2sensorcontainer{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2sensorcontainer{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - # TODO: Add liveness/readiness probes (#3) - #livenessProbe: - #readinessProbe: + - name: st2sensorcontainer{{ template "hyphenPrefix" .name }}{{ template "enterpriseSuffix" $ }} + image: "{{ template "imageRepository" $ }}/st2sensorcontainer{{ template "enterpriseSuffix" $ }}:{{ $.Chart.AppVersion }}" + imagePullPolicy: {{ $.Values.image.pullPolicy }} + {{- with .readinessProbe }} + # Probe to check if app is running. Failure will lead to a pod restart. + readinessProbe: +{{ toYaml . | indent 10 }} + {{- end }} + {{- with .livenessProbe }} + livenessProbe: +{{ toYaml . | indent 10 }} + {{- end }} + {{- if .ref }} + command: + - /opt/stackstorm/st2/bin/st2sensorcontainer + - --config-file=/etc/st2/st2.conf + - --config-file=/etc/st2/st2.docker.conf + - --config-file=/etc/st2/st2.user.conf + - --single-sensor-mode + - --sensor-ref={{ .ref }} + {{- end }} envFrom: - configMapRef: - name: {{ .Release.Name }}-st2-urls + name: {{ $.Release.Name }}-st2-urls volumeMounts: - name: st2-config-vol mountPath: /etc/st2/st2.docker.conf @@ -932,7 +887,7 @@ spec: - name: st2-config-vol mountPath: /etc/st2/st2.user.conf subPath: st2.user.conf - {{- if .Values.st2.packs.image.repository }} + {{- if $.Values.st2.packs.image.repository }} - name: st2-packs-vol mountPath: /opt/stackstorm/packs readOnly: true @@ -941,29 +896,30 @@ spec: readOnly: true {{- end }} resources: -{{ toYaml .Values.st2sensorcontainer.resources | indent 10 }} +{{ toYaml .resources | indent 10 }} volumes: - name: st2-config-vol configMap: - name: {{ .Release.Name }}-st2-config - {{- if .Values.st2.packs.image.repository }} + name: {{ $.Release.Name }}-st2-config + {{- if $.Values.st2.packs.image.repository }} - name: st2-packs-vol emptyDir: {} - name: st2-virtualenvs-vol emptyDir: {} {{- end }} - {{- with .Values.st2sensorcontainer.nodeSelector }} + {{- with .nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} - {{- with .Values.st2sensorcontainer.affinity }} + {{- with .affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} - {{- with .Values.st2sensorcontainer.tolerations }} + {{- with .tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} +{{- end }} --- apiVersion: apps/v1 @@ -1363,3 +1319,65 @@ spec: - name: st2-virtualenvs-vol emptyDir: {} {{- end }} +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} + labels: + app: st2chatops + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: st2chatops + support: {{ template "supportMethod" . }} + release: {{ .Release.Name }} + replicas: 1 + template: + metadata: + labels: + app: st2chatops + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + checksum/chatops: {{ include (print $.Template.BasePath "/configmaps_chatops.yaml") . | sha256sum }} + spec: + containers: + - name: st2chatops{{ template "enterpriseSuffix" . }} + image: "{{ template "imageRepository" . }}/st2chatops{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + volumeMounts: + - name: st2-chatops-vol + mountPath: /opt/stackstorm/chatops/st2chatops.env + env: + - name: ST2_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-st2-auth + key: username + - name: ST2_AUTH_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Release.Name }}-st2-auth + key: username + envFrom: + - configMapRef: + name: {{ .Release.Name }}-st2chatops + resources: + requests: + memory: "5Mi" + cpu: "5m" + volumes: + - name: st2-chatops-vol + configMap: + name: {{ .Release.Name }}-st2chatops \ No newline at end of file diff --git a/templates/etcd.yaml b/templates/etcd.yaml deleted file mode 100644 index 4c9d6942..00000000 --- a/templates/etcd.yaml +++ /dev/null @@ -1,104 +0,0 @@ -# Add just a basic single-node etcd coordination instance as PoC -# Eventually will be replaced by the HA etcd K8s objects (https://github.com/coreos/etcd/blob/master/hack/kubernetes-deploy/etcd.yml) -# or external Helm chart dependency (https://github.com/kubernetes/charts/tree/master/incubator/etcd) -# TODO: Use 3rd party Helm Chart + HA (#8) ---- -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ .Release.Name }}-etcd - labels: - app: etcd - tier: coordination - vendor: coreos - support: opensource - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - matchLabels: - app: etcd - tier: coordination - vendor: coreos - release: {{ .Release.Name }} - replicas: 1 - template: - metadata: - labels: - app: etcd - tier: coordination - vendor: coreos - support: opensource - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - spec: - containers: - - name: etcd - image: quay.io/coreos/etcd:latest - imagePullPolicy: IfNotPresent - command: - - /usr/local/bin/etcd - - --name - - etcd - - --initial-advertise-peer-urls - - http://{{ .Release.Name }}-etcd:2380 - - --listen-peer-urls - - http://0.0.0.0:2380 - - --listen-client-urls - - http://0.0.0.0:2379 - - --advertise-client-urls - - http://{{ .Release.Name }}-etcd:2379 - - --initial-cluster - - etcd=http://{{ .Release.Name }}-etcd:2380 - - --initial-cluster-state - - new - ports: - - containerPort: 2379 - name: client - protocol: TCP - - containerPort: 2380 - name: server - protocol: TCP - readinessProbe: - httpGet: - scheme: HTTP - path: /health - port: 2379 - livenessProbe: - httpGet: - scheme: HTTP - path: /health - port: 2379 - ---- -kind: Service -apiVersion: v1 -metadata: - name: {{ .Release.Name }}-etcd - labels: - app: etcd - tier: coordination - vendor: coreos - support: opensource - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - selector: - app: etcd - tier: coordination - vendor: coreos - support: opensource - release: {{ .Release.Name }} - type: NodePort - ports: - - name: client - port: 2379 - protocol: TCP - targetPort: 2379 - - name: server - port: 2380 - protocol: TCP - targetPort: 2380 \ No newline at end of file From 11a25e927ae22855561d0d34d083e3ce7efee42b Mon Sep 17 00:00:00 2001 From: rapittdev Date: Tue, 9 Apr 2019 23:00:46 +0200 Subject: [PATCH 16/35] sync files --- values.yaml | 103 +++++++++++++++++++++++++++++++++------------------- 1 file changed, 65 insertions(+), 38 deletions(-) diff --git a/values.yaml b/values.yaml index a19e3bae..ebe0da2b 100644 --- a/values.yaml +++ b/values.yaml @@ -73,7 +73,6 @@ st2: configs: core.yaml: | --- - # example core pack config yaml # Custom packs image settings. The repository, name, tag and pullPolicy for this image @@ -86,6 +85,24 @@ st2: name: st2packs tag: latest pullPolicy: Always + + # https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer + # It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. + # Each sensor node needs to be provided with proper partition information to share work with other sensor + # nodes so that the same sensor does not run on different nodes. + sensors: + # Specify default container that executes all sensors. + # To partition sensors with one sensor per node, override st2.packs.sensors. + # NOTE: Do not modify this file. + - name: + livenessProbe: {} + readinessProbe: {} + # TODO: Find out recommended/default resources for this specific service (#5) + resources: {} + # Additional advanced settings to control pod/deployment placement + affinity: {} + nodeSelector: {} + tolerations: [] # Import data into StackStorm's Key/Value datastore (https://docs.stackstorm.com/datastore.html) keyvalue: #- name: st2_version @@ -93,6 +110,16 @@ st2: # secret: false # encrypted: false # value: "2.9" + # Import a list of ST2 API Keys (https://docs.stackstorm.com/authentication.html#api-key-migration) + apikeys: + #- created_at: '2018-12-15T00:21:48.507388Z' + # enabled: true + # id: 5c14491c6cb8de1a9207e3a2 + # key_hash: 56928c2d9637ce44338e9564d4b939df8b258410db23b5a80f8ad69d58e648b574f35f9293c3a76bde263738be9aa8379a81553cd55513ad672540b7b0ec0cac + # metadata: {"comment": "Example unsecure ST2 API key from K8s HA Helm values.yaml"} + # uid: api_key:56928c2d9637ce44338e9564d4b939df8b258410db23b5a80f8ad69d58e648b574f35f9293c3a76bde263738be9aa8379a81553cd55513ad672540b7b0ec0cac + # user: st2admin + ## ## StackStorm HA Cluster Secrets. All fields are required! ## NB! It's highly recommended to change ALL defaults! @@ -197,7 +224,6 @@ secrets: BjdoJBzImjVB5znOgIui3ME5 -----END PRIVATE KEY----- -# Import data into StackStorm's Key/Value datastore (https://docs.stackstorm.com/datastore.html) ## ## StackStorm HA Cluster pod settings for each individual service/component. ## @@ -306,19 +332,6 @@ st2notifier: nodeSelector: {} tolerations: [] affinity: {} -# https://docs.stackstorm.com/reference/ha.html#st2sensorcontainer -# It is possible to run st2sensorcontainer in HA mode by running one process on each compute instance. Each sensor node needs to be -# provided with proper partition information to share work with other sensor nodes so that the same sensor does not run on different nodes. -st2sensorcontainer: - # TODO: Re-work to use single-sensor-per-container mode partitioning instead of running 1 single node of st2sensorcontainer. Proper implementation is now possible with Helm templating (#4) - # NB! Number of replicas are hardcoded to 1, see above T0D0 about using single-sensor-per-container mode in future as way of Sensor Partitioning. - # replicas: 1 - # TODO: Find out recommended/default resources for this specific service (#5) - resources: {} - # Additional advanced settings to control pod/deployment placement - nodeSelector: {} - tolerations: [] - affinity: {} # https://docs.stackstorm.com/reference/ha.html#st2actionrunner # Multiple st2actionrunner processes can run in active-active with only connections to MongoDB and RabbitMQ. Work gets naturally # distributed across runners via RabbitMQ. Adding more st2actionrunner processes increases the ability of StackStorm to execute actions. @@ -342,29 +355,12 @@ st2garbagecollector: nodeSelector: {} tolerations: [] affinity: {} - -# StackStorm ChatOps (https://docs.stackstorm.com/chatops/index.html) -# As hubot can't be HA scaled properly, we deploy only single replica of st2chatops -st2chatops: - # Enable st2chatops (default: false) - enabled: true - # Custom hubot adapter ENV variables to pass through which will override st2chatops.env defaults. - # See https://github.com/StackStorm/st2chatops/blob/master/st2chatops.env - # for the full list of supported adapters and example ENV variables. - env: - HUBOT_ADAPTER: slack - HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE - # Use custom generated st2chatops Docker image - image: - # repository: stackstorm - # name: st2chatops - # tag: {{ .Chart.AppVersion }} - # pullPolicy: Always - resources: {} - # Additional advanced settings to control pod/deployment placement - nodeSelector: {} - tolerations: [] -affinity: {} + +## +## MongoDB HA configuration (3rd party chart dependency) +## +## For values.yaml reference: +## https://github.com/helm/charts/tree/master/stable/mongodb-replicaset ## # Specs for the MongoDB image mongodb-ha: @@ -385,6 +381,15 @@ rabbitmq-ha: persistentVolume: enabled: true +## +## Etcd HA configuration (3rd party chart dependency) +## +## For values.yaml reference: +## https://github.com/helm/charts/blob/master/incubator/etcd/values.yaml +## +etcd: + resources: {} + ## ## Docker registry configuration (3rd party chart dependency) ## @@ -429,3 +434,25 @@ external-dns: aws: zoneType: "public" domainFilters: [] +# StackStorm ChatOps (https://docs.stackstorm.com/chatops/index.html) +# As hubot can't be HA scaled properly, we deploy only single replica of st2chatops +st2chatops: + # Enable st2chatops (default: false) + enabled: true + # Custom hubot adapter ENV variables to pass through which will override st2chatops.env defaults. + # See https://github.com/StackStorm/st2chatops/blob/master/st2chatops.env + # for the full list of supported adapters and example ENV variables. + env: + HUBOT_ADAPTER: slack + HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE + # Use custom generated st2chatops Docker image + image: + # repository: stackstorm + # name: st2chatops + # tag: {{ .Chart.AppVersion }} + # pullPolicy: Always + resources: {} + # Additional advanced settings to control pod/deployment placement + nodeSelector: {} + tolerations: [] +affinity: {} \ No newline at end of file From 2f3203b2e3c15d0bb171bcdf20f78d96f2ebc431 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 14:32:30 +0300 Subject: [PATCH 17/35] Cleanup the st2chatops diff --- .gitignore | 1 + CHANGELOG.md | 2 +- Chart.yaml | 1 - README.md | 2 +- requirements.yaml | 2 +- templates/_helpers.tpl | 2 +- templates/configmaps_chatops.yaml | 2 +- templates/deployments.yaml | 2 +- templates/jobs.yaml | 2 +- templates/secrets_st2apikeys.yaml | 18 ++++++++++++ values.yaml | 46 ++++++++++++++++--------------- 11 files changed, 50 insertions(+), 30 deletions(-) create mode 100644 templates/secrets_st2apikeys.yaml diff --git a/.gitignore b/.gitignore index 649516b7..56674120 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ charts *.lock +.DS_Store diff --git a/CHANGELOG.md b/CHANGELOG.md index 6a1fe505..824da6ec 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,4 +44,4 @@ * Add st2packs, - a way to use custom st2 packs as a shareable Docker image via sidecar containers ## v0.4.0 -* Initial public version, referencing StackStorm Enterprise HA as a Helm chart \ No newline at end of file +* Initial public version, referencing StackStorm Enterprise HA as a Helm chart diff --git a/Chart.yaml b/Chart.yaml index d7f708c7..ad44b195 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -25,4 +25,3 @@ details: This Helm chart is a fully installable app that codifies StackStorm cluster optimized for HA and K8s environment. By default FOSS community version of st2 will be installed. Enterprise version can be enabled as an option. For configuration details check 'values.yaml'. - \ No newline at end of file diff --git a/README.md b/README.md index ab15f035..356c22de 100644 --- a/README.md +++ b/README.md @@ -230,4 +230,4 @@ kubectl logs -l release= Grab all logs only for stackstorm backend services, excluding st2web and DB/MQ/etcd: ``` kubectl logs -l release=,tier=backend -``` \ No newline at end of file +``` diff --git a/requirements.yaml b/requirements.yaml index 9e29c90e..f39544f8 100644 --- a/requirements.yaml +++ b/requirements.yaml @@ -20,4 +20,4 @@ dependencies: condition: external-dns.enabled - name: etcd version: 0.6.2 - repository: https://kubernetes-charts-incubator.storage.googleapis.com/ \ No newline at end of file + repository: https://kubernetes-charts-incubator.storage.googleapis.com/ diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index aa2340cf..a2c9c14c 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -31,4 +31,4 @@ stackstorm # Generate '-' prefix only when the variable is defined {{- define "hyphenPrefix" -}} {{ if . }}-{{ . }}{{end}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index 1440f348..dd69aefc 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -16,4 +16,4 @@ metadata: data: # see configmaps_st2-conf.yaml for indepth explanantion of mappings here. -{{ toYaml .Values.st2.chatops | indent 4 }} \ No newline at end of file +{{ toYaml .Values.st2.chatops | indent 4 }} diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 20292e74..d2792064 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1380,4 +1380,4 @@ spec: volumes: - name: st2-chatops-vol configMap: - name: {{ .Release.Name }}-st2chatops \ No newline at end of file + name: {{ .Release.Name }}-st2chatops diff --git a/templates/jobs.yaml b/templates/jobs.yaml index 3ebbe722..cab901cc 100644 --- a/templates/jobs.yaml +++ b/templates/jobs.yaml @@ -394,4 +394,4 @@ spec: - name: st2-virtualenvs-vol emptyDir: {} {{- end }} - restartPolicy: OnFailure \ No newline at end of file + restartPolicy: OnFailure diff --git a/templates/secrets_st2apikeys.yaml b/templates/secrets_st2apikeys.yaml new file mode 100644 index 00000000..820e264c --- /dev/null +++ b/templates/secrets_st2apikeys.yaml @@ -0,0 +1,18 @@ +--- +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Release.Name }}-st2-apikeys + annotations: + description: A list of StackStorm API keys with metadata that will be imported into the system + labels: + app: st2 + tier: backend + vendor: stackstorm + support: {{ template "supportMethod" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + apikeys.yaml: {{ toYaml .Values.st2.apikeys | b64enc | quote }} diff --git a/values.yaml b/values.yaml index ebe0da2b..a92cffbf 100644 --- a/values.yaml +++ b/values.yaml @@ -355,6 +355,30 @@ st2garbagecollector: nodeSelector: {} tolerations: [] affinity: {} +## +## StackStorm ChatOps (https://docs.stackstorm.com/chatops/index.html) +## As hubot can't be HA scaled properly, we deploy only single replica of st2chatops +## +st2chatops: + # Enable st2chatops (default: false) + enabled: true + # Custom hubot adapter ENV variables to pass through which will override st2chatops.env defaults. + # See https://github.com/StackStorm/st2chatops/blob/master/st2chatops.env + # for the full list of supported adapters and example ENV variables. + env: + HUBOT_ADAPTER: slack + HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE + # Use custom generated st2chatops Docker image + image: + # repository: stackstorm + # name: st2chatops + # tag: {{ .Chart.AppVersion }} + # pullPolicy: Always + resources: {} + # Additional advanced settings to control pod/deployment placement + nodeSelector: {} + tolerations: [] + affinity: {} ## ## MongoDB HA configuration (3rd party chart dependency) @@ -434,25 +458,3 @@ external-dns: aws: zoneType: "public" domainFilters: [] -# StackStorm ChatOps (https://docs.stackstorm.com/chatops/index.html) -# As hubot can't be HA scaled properly, we deploy only single replica of st2chatops -st2chatops: - # Enable st2chatops (default: false) - enabled: true - # Custom hubot adapter ENV variables to pass through which will override st2chatops.env defaults. - # See https://github.com/StackStorm/st2chatops/blob/master/st2chatops.env - # for the full list of supported adapters and example ENV variables. - env: - HUBOT_ADAPTER: slack - HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE - # Use custom generated st2chatops Docker image - image: - # repository: stackstorm - # name: st2chatops - # tag: {{ .Chart.AppVersion }} - # pullPolicy: Always - resources: {} - # Additional advanced settings to control pod/deployment placement - nodeSelector: {} - tolerations: [] -affinity: {} \ No newline at end of file From 4b0a2a82868bc08dd313c357d9915c1483a01e18 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 14:52:58 +0300 Subject: [PATCH 18/35] Add a Changelog --- CHANGELOG.md | 3 +++ Chart.yaml | 3 ++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 824da6ec..73791ace 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,9 @@ ## In Development +## v0.11.0 +* Add st2chatops support (@mosn, @rapittdev) (#55) + ## v0.10.0 * Bump versions of all dependencies (#50) * Allow st2sensorcontainer to be partitioned (#51) diff --git a/Chart.yaml b/Chart.yaml index ad44b195..65538aee 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 # Update StackStorm version here to rely on other Docker images tags appVersion: 3.0dev name: stackstorm-ha -version: 0.10.0 +version: 0.11.0 description: StackStorm K8s Helm Chart, optimized for running StackStorm in HA environment. home: https://stackstorm.com/#product icon: https://avatars1.githubusercontent.com/u/4969009 @@ -12,6 +12,7 @@ keywords: - st2 - stackstorm - devops + - chatops - event-driven - auto-remediation - IFTTT From f723665a8e9e9b018506e0a489889b0c7263a2b6 Mon Sep 17 00:00:00 2001 From: Eugen C Date: Fri, 12 Apr 2019 15:04:22 +0300 Subject: [PATCH 19/35] Delete .DS_Store --- .DS_Store | Bin 8196 -> 0 bytes 1 file changed, 0 insertions(+), 0 deletions(-) delete mode 100644 .DS_Store diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 6238bb1ce678302338b2c96ea0890e5aa0c37faa..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 8196 zcmeHMT}&KR6h3F6^v+Cy0c-iOKdTg^3S=p^)E3fZ`B5rOtIKae=h z46#X#iLpjaj7E*x_+%gYqKWB?i5hF7#vhVujPXHVd^8$OeDd5o18Em{@P(RmZZh|~ z_ndp?-udR6xj8ccfQhW$3{VLGj1G>fLe(0D`}wh|L;_0@AyPbm2d?g>t(40 zkb#hakb#hakb#ha{{sWGXY<0=+4p^KSceRR4BVCs@b^QM4vz5v7kw134yr^7Kv+m- zQK(IMfQX3(7!PpKM-fWr^s@&HLNQ1&&<`hnln*D22e{~?9}eh;0|ql=kfETMo#LWm zIAGkzunrjr8CcB#&)th44O5^&CO?0d$Y8)U%z#C1-gZ;7?o7&ZQWW-iYQ{2MFBZFw zk%GcaMVlFunOrPCo}6-Klb+^f-Gr7I<-OyYHK|{udOj~zm6HeCFU2&eI?_f+~(u7($Ki}FKYl!ZP#TFW(e*1xz{R;~ctEg>m z?>#v^cXs~V!c(vMmyN-z14{E~c#ZmNTI6W=d0A<4>?-Xn6~ zgj$}X3p_UCnU3ua8X1>xLM?TPl-{&sAI})vKcSYTH7lL9G|%X;tfYC?aEH>4m7TWT zVb3_@amxwU$#|W@IH9Up*LcjJ@n+8Gq9}LRq|@$(=}6;(Qj+hMp?mCNm{C?tSV9NQg$r6 z@hW)|ezLjZL!L|0LaY)ukoyh3{>Vl>tjj8J4O`Oqf~^$jVU8r&4_+Ft)YJ%5d75 zo~BE5%dmmWd`(J1>0;_NHqPhn(_HV^jA8TXE2}DcqKY!Y?H#&q=#16G>wRGe7NnYZ zEYJyqDrlm8s2|4Y5txDV@Ekl37vTkX9o~g2@Bw@T*WgR|8oq&V;YaudeuF>YPxuS| zMnDN=+=9hejWxI%Yq1#*;$iH-1a@K{K8i`~#{nEi9Z%sTPT^^s!+AW13wQx9;*0na zzKn0+oA?&KjaTqP{1`vMPw^}K4wwA(MV57aG+1u{_!BkO7H;qeN5M(x8AvJ*X}({EeF~YD|a>T9^NP?p(0-jTz>NCzT zE+KXEQZ?x$dbgseTtrNCYwM^RA)Pb+j8x0_D~%EfSS=7;B_{7>Bvo~j@7*W2N+f2r z(Dxpc+Zbt9E%LpG Date: Fri, 12 Apr 2019 15:09:52 +0300 Subject: [PATCH 20/35] Fix st2chatops configmap to rely on env variables from values --- templates/configmaps_chatops.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index dd69aefc..04f8f018 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -14,6 +14,4 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: -# see configmaps_st2-conf.yaml for indepth explanantion of mappings here. - -{{ toYaml .Values.st2.chatops | indent 4 }} +{{ toYaml .Values.st2chatops.env | indent 2 }} From 97b6d2234d203296c80584e69c9345aa80278679 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 15:21:58 +0300 Subject: [PATCH 21/35] Change exposed nodejs port to default 8081 --- templates/services.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/services.yaml b/templates/services.yaml index e1380caf..995f6a9c 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -115,7 +115,7 @@ apiVersion: v1 metadata: name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} annotations: - description: StackStorm st2chatops - Conversation-driven Automation. + description: StackStorm st2chatops - Conversation-driven Automation labels: app: st2chatops tier: backend @@ -132,4 +132,4 @@ spec: type: ClusterIP ports: - protocol: TCP - port: 8080 + port: 8081 From 431e8d9b4c1e50a9ebd51b41bb391ff2eb5b0413 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 15:26:36 +0300 Subject: [PATCH 22/35] Enable chatops only if set in Helm values --- templates/configmaps_chatops.yaml | 2 ++ templates/deployments.yaml | 4 ++++ templates/services.yaml | 2 ++ 3 files changed, 8 insertions(+) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index 04f8f018..82a05add 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -1,3 +1,4 @@ +{{ if .Values.st2chatops.enabled }} --- apiVersion: v1 kind: ConfigMap @@ -15,3 +16,4 @@ metadata: heritage: {{ .Release.Service }} data: {{ toYaml .Values.st2chatops.env | indent 2 }} +{{ end }} diff --git a/templates/deployments.yaml b/templates/deployments.yaml index d2792064..58be7144 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1319,6 +1319,8 @@ spec: - name: st2-virtualenvs-vol emptyDir: {} {{- end }} + +{{ if .Values.st2chatops.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -1338,6 +1340,7 @@ spec: app: st2chatops support: {{ template "supportMethod" . }} release: {{ .Release.Name }} + # As hubot can't be HA scaled properly, we deploy only single replica of st2chatops replicas: 1 template: metadata: @@ -1381,3 +1384,4 @@ spec: - name: st2-chatops-vol configMap: name: {{ .Release.Name }}-st2chatops +{{ end }} diff --git a/templates/services.yaml b/templates/services.yaml index 995f6a9c..39f60878 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -109,6 +109,7 @@ spec: - protocol: TCP port: 443 +{{ if .Values.st2chatops.enabled }} --- kind: Service apiVersion: v1 @@ -133,3 +134,4 @@ spec: ports: - protocol: TCP port: 8081 +{{ end }} From 4d5ccb083179a36ef99c37a916fe1c1ab916f9e8 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 15:30:59 +0300 Subject: [PATCH 23/35] Update st2chatops configmap description --- templates/configmaps_chatops.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/configmaps_chatops.yaml b/templates/configmaps_chatops.yaml index 82a05add..e131796c 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/configmaps_chatops.yaml @@ -5,7 +5,7 @@ kind: ConfigMap metadata: name: {{ .Release.Name }}-st2chatops annotations: - description: Custom StackStorm chatops configs, shipped in '/opt/stackstorm/chatops/' + description: Custom StackStorm chatops config, passed to hubot as ENV vars labels: app: st2chatops tier: backend From 96c4ecad4f7f5bf1a0d92711bcad02125fa52213 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 16:50:04 +0300 Subject: [PATCH 24/35] Fix st2chatops deployment to work properly --- templates/deployments.yaml | 15 +++++---------- 1 file changed, 5 insertions(+), 10 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 58be7144..5b44404c 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1357,31 +1357,26 @@ spec: spec: containers: - name: st2chatops{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2chatops{{ template "enterpriseSuffix" . }}:{{ .Chart.AppVersion }}" + image: "{{ template "imageRepository" . }}/st2chatops:{{ .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - volumeMounts: - - name: st2-chatops-vol - mountPath: /opt/stackstorm/chatops/st2chatops.env env: - name: ST2_AUTH_USERNAME valueFrom: secretKeyRef: name: {{ .Release.Name }}-st2-auth key: username - - name: ST2_AUTH_USERNAME + - name: ST2_AUTH_PASSWORD valueFrom: secretKeyRef: name: {{ .Release.Name }}-st2-auth - key: username + key: password envFrom: + - configMapRef: + name: {{ .Release.Name }}-st2-urls - configMapRef: name: {{ .Release.Name }}-st2chatops resources: requests: memory: "5Mi" cpu: "5m" - volumes: - - name: st2-chatops-vol - configMap: - name: {{ .Release.Name }}-st2chatops {{ end }} From 17e05649dfa084b78225b8fe225fcf27347c0991 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 17:14:57 +0300 Subject: [PATCH 25/35] Adjust st2chatops resources based on minimal requests/working state --- templates/deployments.yaml | 4 +--- values.yaml | 7 ++++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 5b44404c..38a3da28 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1376,7 +1376,5 @@ spec: - configMapRef: name: {{ .Release.Name }}-st2chatops resources: - requests: - memory: "5Mi" - cpu: "5m" +{{ toYaml .Values.st2chatops.resources | indent 10 }} {{ end }} diff --git a/values.yaml b/values.yaml index a92cffbf..0e02acc7 100644 --- a/values.yaml +++ b/values.yaml @@ -374,7 +374,12 @@ st2chatops: # name: st2chatops # tag: {{ .Chart.AppVersion }} # pullPolicy: Always - resources: {} + # Tested requested resource consumption for st2chatops & hubot in normal mode + # Please adjust based on your conscious choice + resources: + requests: + memory: "100Mi" + cpu: "5m" # Additional advanced settings to control pod/deployment placement nodeSelector: {} tolerations: [] From eb8da3fb0485fa561e25e41272fe4d0f33b53ac9 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 17:21:27 +0300 Subject: [PATCH 26/35] Adjust st2chatops resources based on minimal requests/working state --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 0e02acc7..a03b4cdc 100644 --- a/values.yaml +++ b/values.yaml @@ -378,7 +378,7 @@ st2chatops: # Please adjust based on your conscious choice resources: requests: - memory: "100Mi" + memory: "50Mi" cpu: "5m" # Additional advanced settings to control pod/deployment placement nodeSelector: {} From 85fbbfd9e8d3427a6e10d055ff1b5c84efe37fba Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 17:49:34 +0300 Subject: [PATCH 27/35] Reference st2chatops imagePullPolicy, take precedence over defaults --- templates/deployments.yaml | 2 +- values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 38a3da28..a57c6ae4 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1358,7 +1358,7 @@ spec: containers: - name: st2chatops{{ template "enterpriseSuffix" . }} image: "{{ template "imageRepository" . }}/st2chatops:{{ .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} + imagePullPolicy: {{ .Values.st2chatops.image.pullPolicy | default .Values.image.pullPolicy }} env: - name: ST2_AUTH_USERNAME valueFrom: diff --git a/values.yaml b/values.yaml index a03b4cdc..009139e9 100644 --- a/values.yaml +++ b/values.yaml @@ -372,7 +372,7 @@ st2chatops: image: # repository: stackstorm # name: st2chatops - # tag: {{ .Chart.AppVersion }} + # tag: "{{ .Chart.AppVersion }}" # pullPolicy: Always # Tested requested resource consumption for st2chatops & hubot in normal mode # Please adjust based on your conscious choice From 06d4585f76de37d71f4b6624d563fdb9d280b167 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 18:59:38 +0300 Subject: [PATCH 28/35] Allow defining custom st2chatops image source --- templates/deployments.yaml | 2 +- values.yaml | 13 +++++++------ 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index a57c6ae4..111723e9 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1357,7 +1357,7 @@ spec: spec: containers: - name: st2chatops{{ template "enterpriseSuffix" . }} - image: "{{ template "imageRepository" . }}/st2chatops:{{ .Chart.AppVersion }}" + image: "{{ .Values.st2chatops.image.repository | default "stackstorm" }}/{{ .Values.st2chatops.image.name | default "st2chatops" }}:{{ tpl (.Values.st2chatops.image.tag | default .Chart.AppVersion) . }}" imagePullPolicy: {{ .Values.st2chatops.image.pullPolicy | default .Values.image.pullPolicy }} env: - name: ST2_AUTH_USERNAME diff --git a/values.yaml b/values.yaml index 009139e9..e8d52f87 100644 --- a/values.yaml +++ b/values.yaml @@ -368,12 +368,13 @@ st2chatops: env: HUBOT_ADAPTER: slack HUBOT_SLACK_TOKEN: xoxb-CHANGE-ME-PLEASE - # Use custom generated st2chatops Docker image - image: - # repository: stackstorm - # name: st2chatops - # tag: "{{ .Chart.AppVersion }}" - # pullPolicy: Always + # Set custom generated st2chatops Docker image source + # Otherwise default https://hub.docker.com/r/stackstorm/st2chatops is used + image: {} + #repository: stackstorm + #name: st2chatops + #tag: "{{ .Chart.AppVersion }}" + #pullPolicy: Always # Tested requested resource consumption for st2chatops & hubot in normal mode # Please adjust based on your conscious choice resources: From 235b8a720e5d352c9892ee94f6f89d91f7ab524a Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 19:10:10 +0300 Subject: [PATCH 29/35] Allow configuring optional advanced settings to control pod/deployment placement --- templates/deployments.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 111723e9..667d2fab 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1377,4 +1377,16 @@ spec: name: {{ .Release.Name }}-st2chatops resources: {{ toYaml .Values.st2chatops.resources | indent 10 }} + {{- with .Values.st2chatops.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.st2chatops.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.st2chatops.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} {{ end }} From cb7ae37cbb644d09a88ecc7e51bee28560aa4089 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 19:20:24 +0300 Subject: [PATCH 30/35] Cleanup Helm templating new lines/spaces --- templates/deployments.yaml | 4 ++-- templates/services.yaml | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 667d2fab..53125be5 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1320,7 +1320,7 @@ spec: emptyDir: {} {{- end }} -{{ if .Values.st2chatops.enabled }} +{{ if .Values.st2chatops.enabled -}} --- apiVersion: apps/v1 kind: Deployment @@ -1389,4 +1389,4 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} -{{ end }} +{{- end }} diff --git a/templates/services.yaml b/templates/services.yaml index 39f60878..ac021ab8 100644 --- a/templates/services.yaml +++ b/templates/services.yaml @@ -109,14 +109,14 @@ spec: - protocol: TCP port: 443 -{{ if .Values.st2chatops.enabled }} +{{ if .Values.st2chatops.enabled -}} --- kind: Service apiVersion: v1 metadata: name: {{ .Release.Name }}-st2chatops{{ template "enterpriseSuffix" . }} annotations: - description: StackStorm st2chatops - Conversation-driven Automation + description: StackStorm st2chatops, - conversation-driven automation service exposed as hubot instance with predefined list of chat adapters labels: app: st2chatops tier: backend @@ -134,4 +134,4 @@ spec: ports: - protocol: TCP port: 8081 -{{ end }} +{{- end }} From 42e1c3cd7cf719d939c653fb0f57a08ec2351574 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 19:46:38 +0300 Subject: [PATCH 31/35] Add README description for st2chatops service --- README.md | 5 +++++ values.yaml | 1 + 2 files changed, 6 insertions(+) diff --git a/README.md b/README.md index 356c22de..cd2d1d21 100644 --- a/README.md +++ b/README.md @@ -145,6 +145,11 @@ Having `1` st2garbagecollector replica for K8s Deployment is enough, considering By default this process does nothing and needs to be configured in st2.conf settings (via `values.yaml`). Purging stale data can significantly improve cluster abilities to perform faster and so it's recommended to configure st2garbagecollector in production. +### [st2chatops](https://docs.stackstorm.com/chatops/index.html) +StackStorm ChatOps service, based on hubot engine, custom stackstorm integration module and preinstalled list of chat adapters. +Due to Hubot limitation, st2chatops doesn't provide mechanisms to guarantee high availability and so only single `1` node of st2chatops is deployed. +This service is disabled by default. Please refer to Helm `values.yaml` about how to enable and configure st2chatops with ENV vars for your preferred chat service. + ### [MongoDB HA ReplicaSet](https://github.com/helm/charts/tree/master/stable/mongodb-replicaset) StackStorm works with MongoDB as a database engine. External Helm Chart is used to configure MongoDB HA [ReplicaSet](https://docs.mongodb.com/manual/tutorial/deploy-replica-set/). By default `3` nodes (1 primary and 2 secondaries) of MongoDB are deployed via K8s StatefulSet. diff --git a/values.yaml b/values.yaml index e8d52f87..507369d6 100644 --- a/values.yaml +++ b/values.yaml @@ -355,6 +355,7 @@ st2garbagecollector: nodeSelector: {} tolerations: [] affinity: {} + ## ## StackStorm ChatOps (https://docs.stackstorm.com/chatops/index.html) ## As hubot can't be HA scaled properly, we deploy only single replica of st2chatops From 23f54b7df0cab3db84e60e4cd5877f3bb1adbc73 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 20:32:07 +0300 Subject: [PATCH 32/35] Change st2chatops env to be of type Secret --- templates/deployments.yaml | 4 ++-- ...onfigmaps_chatops.yaml => secrets_st2chatops.yaml} | 11 +++++++---- 2 files changed, 9 insertions(+), 6 deletions(-) rename templates/{configmaps_chatops.yaml => secrets_st2chatops.yaml} (69%) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 53125be5..0e5080f4 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1353,7 +1353,7 @@ spec: release: {{ .Release.Name }} heritage: {{ .Release.Service }} annotations: - checksum/chatops: {{ include (print $.Template.BasePath "/configmaps_chatops.yaml") . | sha256sum }} + checksum/chatops: {{ include (print $.Template.BasePath "/secrets_st2chatops.yaml") . | sha256sum }} spec: containers: - name: st2chatops{{ template "enterpriseSuffix" . }} @@ -1373,7 +1373,7 @@ spec: envFrom: - configMapRef: name: {{ .Release.Name }}-st2-urls - - configMapRef: + - secretRef: name: {{ .Release.Name }}-st2chatops resources: {{ toYaml .Values.st2chatops.resources | indent 10 }} diff --git a/templates/configmaps_chatops.yaml b/templates/secrets_st2chatops.yaml similarity index 69% rename from templates/configmaps_chatops.yaml rename to templates/secrets_st2chatops.yaml index e131796c..44ffbeeb 100644 --- a/templates/configmaps_chatops.yaml +++ b/templates/secrets_st2chatops.yaml @@ -1,7 +1,7 @@ -{{ if .Values.st2chatops.enabled }} +{{ if .Values.st2chatops.enabled -}} --- apiVersion: v1 -kind: ConfigMap +kind: Secret metadata: name: {{ .Release.Name }}-st2chatops annotations: @@ -14,6 +14,9 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +type: Opaque data: -{{ toYaml .Values.st2chatops.env | indent 2 }} -{{ end }} +{{- range $env, $value := .Values.st2chatops.env }} + {{ $env }}: {{ $value | b64enc | quote }} +{{- end }} +{{- end }} From 833bbc05b08ed1835154ba2b6b1b5ac00f847179 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 22:37:15 +0300 Subject: [PATCH 33/35] Add TCP readiness/liveness probes for st2chatops hubot --- templates/deployments.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/templates/deployments.yaml b/templates/deployments.yaml index 0e5080f4..d52e4933 100644 --- a/templates/deployments.yaml +++ b/templates/deployments.yaml @@ -1375,6 +1375,19 @@ spec: name: {{ .Release.Name }}-st2-urls - secretRef: name: {{ .Release.Name }}-st2chatops + ports: + - containerPort: 8081 + # TODO: Add to st2chatops Docker image https://github.com/joelwallis/hubot-health for a little bit more reliable HTTP health endpoint check + readinessProbe: + tcpSocket: + port: 8081 + initialDelaySeconds: 3 + periodSeconds: 10 + livenessProbe: + tcpSocket: + port: 8081 + initialDelaySeconds: 10 + periodSeconds: 30 resources: {{ toYaml .Values.st2chatops.resources | indent 10 }} {{- with .Values.st2chatops.nodeSelector }} From 0ce2774477988e8411986d6944d6d99b077e8969 Mon Sep 17 00:00:00 2001 From: armab Date: Fri, 12 Apr 2019 22:44:13 +0300 Subject: [PATCH 34/35] Wrap-up --- values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/values.yaml b/values.yaml index 507369d6..ddd26c4b 100644 --- a/values.yaml +++ b/values.yaml @@ -362,7 +362,7 @@ st2garbagecollector: ## st2chatops: # Enable st2chatops (default: false) - enabled: true + enabled: false # Custom hubot adapter ENV variables to pass through which will override st2chatops.env defaults. # See https://github.com/StackStorm/st2chatops/blob/master/st2chatops.env # for the full list of supported adapters and example ENV variables. From 7f1c03484968232fee089ebc0927bd88879eab03 Mon Sep 17 00:00:00 2001 From: armab Date: Sat, 13 Apr 2019 16:20:18 +0300 Subject: [PATCH 35/35] Pick documentation for st2scheduler from st2docs --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 356c22de..24b11aa4 100644 --- a/README.md +++ b/README.md @@ -103,7 +103,8 @@ All the workflow engine processes will share the load and pick up more work if o > [Orquesta st2workflowengine](https://docs.stackstorm.com/orchestra/index.html) as a new native workflow engine. ### [st2scheduler](https://docs.stackstorm.com/reference/ha.html#st2scheduler) -TODO: Description TBD +`st2scheduler` is responsible for handling ingress action execution requests. +`2` replicas for K8s Deployment are configured by default to increase StackStorm scheduling throughput. ### [st2notifier](https://docs.stackstorm.com/reference/ha.html#st2notifier) Multiple st2notifier processes can run in active-active mode, using connections to RabbitMQ and MongoDB and generating triggers based on