From beb64c2af20acb34ff237b1cbb6696e55383e742 Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Tue, 10 Dec 2024 14:33:04 +0530 Subject: [PATCH 1/8] add cloussql auth proxy containers example --- .../templates/systemlink-values.yaml | 232 +++++++++++++++++- 1 file changed, 221 insertions(+), 11 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 73e27481..b4e88e20 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -306,6 +306,60 @@ minio: ## Configuration for test result storage. ## testmonitorservice: + ## Configuring additional sidecars for the Test Monitor Service. + ## + ## @param sidecars Additional containers to run in the same pod as the Test Monitor Service. + ## It is used for authentication proxy containers, such as the Cloud SQL Auth Proxy. Example of a Cloud SQL Auth Proxy sidecar has been provided below. + ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern + # sidecars: + # - name: cloud-sql-proxy + # # It is recommended to use the latest version of the Cloud SQL Auth Proxy + # image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.1 + # env: + # - name: "GOOGLE_APPLICATION_CREDENTIALS" + # value: "/secrets/service_account.json" + # volumeMounts: + # - name: + # mountPath: /secrets/ + # readOnly: true + # args: + # # If connecting from a VPC-native GKE cluster, you can use the + # # following flag to have the proxy connect over private IP + # # - "--private-ip" + + # # If you are not connecting with Automatic IAM, you can delete + # # the following flag. + # - "--auto-iam-authn" + + # # Enable structured logging with LogEntry format: + # - "--structured-logs" + + # # Replace DB_PORT with the port the proxy should listen on + # - "--port=" + # - "" + # securityContext: + # # The default Cloud SQL Auth Proxy image runs as the + # # "nonroot" user and group (uid: 65532) by default. + # runAsNonRoot: true + + # # You should use resource requests/limits as a best practice to prevent + # # pods from consuming too many resources and affecting the execution of + # # other pods. You should adjust the following values based on what your + # # application needs. For details, see + # # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # resources: + # requests: + # # The proxy's memory use scales linearly with the number of active + # # connections. Fewer open connections will use less memory. Adjust + # # this value based on your application's requirements. + # memory: "1Gi" + # # The proxy's CPU use scales linearly with the amount of IO between + # # the database and the application. Adjust this value based on your + # # application's requirements. + # cpu: "1" + ## @param extraVolumes Volumes that can be used in sidecar containers + # extraVolumes: [] + ## ## Database configuration ## database: @@ -357,6 +411,23 @@ testmonitorservice: # ## NOTE: Ignored unless `database.connectionInfo.secretName` parameter is set. # ## # migrationPasswordKey: null + + ## Service account for Test Monitor. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.create Specifies whether a service account should be created + ## + create: false + ## @param serviceAccount.annotations Annotations to add to the service account + ## + annotations: {} + ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com + ## @param serviceAccount.name The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## The PostgreSQL database TLS configuration ## tls: @@ -465,7 +536,7 @@ alarmservice: ## The amount of time inactive alarms will be retained in the database ([d.]hh:mm[:ss] format). ## inactiveAlarmCleanupInterval: 30.00:00 - + activeAlarmCleanup: ## The amount of time active alarms will be retained in the database since they were ## last updated ([d.]hh:mm[:ss] format). @@ -475,7 +546,7 @@ alarmservice: ## transition has a CLEAR transition type. ## onlyCleanUpClearAlarms: false - + ## The total number of alarms the service supports creating, including ## both active and inactive alarms. Must be greater than activeAlarmLimit. ## The service will return an error if this limit is exceeded. Increasing @@ -517,6 +588,75 @@ dashboardhost: ## for more documentation and examples for these values. ## grafana: + ## Configuring additional sidecars for the Dahboardhost Service. + ## + ## @param extraContainers Additional containers to run in the same pod as the Dahboardhost Service. + ## It is used for authentication proxy containers, such as the Cloud SQL Auth Proxy. Example of a Cloud SQL Auth Proxy sidecar has been provided below. + ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern + # extraContainers: | + # - name: cloud-sql-proxy + # # It is recommended to use the latest version of the Cloud SQL Auth Proxy + # image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.1 + # env: + # - name: "GOOGLE_APPLICATION_CREDENTIALS" + # value: "/secrets/service_account.json" + # volumeMounts: + # - name: + # mountPath: /secrets/ + # readOnly: true + # args: + # # If connecting from a VPC-native GKE cluster, you can use the + # # following flag to have the proxy connect over private IP + # # - "--private-ip" + + # # If you are not connecting with Automatic IAM, you can delete + # # the following flag. + # - "--auto-iam-authn" + + # # Enable structured logging with LogEntry format: + # - "--structured-logs" + + # # Replace DB_PORT with the port the proxy should listen on + # - "--port=" + # - "" + # securityContext: + # # The default Cloud SQL Auth Proxy image runs as the + # # "nonroot" user and group (uid: 65532) by default. + # runAsNonRoot: true + + # # You should use resource requests/limits as a best practice to prevent + # # pods from consuming too many resources and affecting the execution of + # # other pods. You should adjust the following values based on what your + # # application needs. For details, see + # # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # resources: + # requests: + # # The proxy's memory use scales linearly with the number of active + # # connections. Fewer open connections will use less memory. Adjust + # # this value based on your application's requirements. + # memory: "1Gi" + # # The proxy's CPU use scales linearly with the amount of IO between + # # the database and the application. Adjust this value based on your + # # application's requirements. + # cpu: "1" + ## @param extraContainerVolumes Volumes that can be used in the extraContainers + # extraContainerVolumes: [] + + ## Service account for dashboardhost service. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.create Specifies whether a service account should be created + ## + create: false + ## @param serviceAccount.annotations Annotations to add to the service account + ## + annotations: {} + ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com + ## @param serviceAccount.name The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" ## Configure access to the Grafana container. ## @@ -637,11 +777,11 @@ dashboardhost: ## Uncomment to set Grafana plugin configuration. ## # plugins: - ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. - ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain - ## the list of plugins listed in the default values file. - ## - # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel + ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. + ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain + ## the list of plugins listed in the default values file. + ## + # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel ## Grafana provisioning ## @@ -883,7 +1023,7 @@ feedservice: ## includeApiHostsInNoProxy: false ## @param httpProxy.additionalNoProxy List of hosts that should not be proxied. Example: ["localserver1","localserver2"] - ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" + ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" additionalNoProxy: [] ## File upload configuration. @@ -929,9 +1069,9 @@ fileingestion: # This must be set to the region of the S3 instance. ## region: "us-east-1" - ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service - ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the - ## individual rates configured here. + ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service + ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the + ## individual rates configured here. ## Configure rate limits. ## rateLimits: @@ -1260,6 +1400,59 @@ serviceregistry: ## Configuration for dynamic form fields. ## dynamicformfields: + ## Configuring additional sidecars for the Dynamic Form Fields Service. + ## + ## @param sidecars Additional containers to run in the same pod as the DFF Service. + ## It is used for authentication proxy containers, such as the Cloud SQL Auth Proxy. Example of a Cloud SQL Auth Proxy sidecar has been provided below. + ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern + # sidecars: + # - name: cloud-sql-proxy + # # It is recommended to use the latest version of the Cloud SQL Auth Proxy + # image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.1 + # env: + # - name: "GOOGLE_APPLICATION_CREDENTIALS" + # value: "/secrets/service_account.json" + # volumeMounts: + # - name: + # mountPath: /secrets/ + # readOnly: true + # args: + # # If connecting from a VPC-native GKE cluster, you can use the + # # following flag to have the proxy connect over private IP + # # - "--private-ip" + + # # If you are not connecting with Automatic IAM, you can delete + # # the following flag. + # - "--auto-iam-authn" + + # # Enable structured logging with LogEntry format: + # - "--structured-logs" + + # # Replace DB_PORT with the port the proxy should listen on + # - "--port=" + # - "" + # securityContext: + # # The default Cloud SQL Auth Proxy image runs as the + # # "nonroot" user and group (uid: 65532) by default. + # runAsNonRoot: true + + # # You should use resource requests/limits as a best practice to prevent + # # pods from consuming too many resources and affecting the execution of + # # other pods. You should adjust the following values based on what your + # # application needs. For details, see + # # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ + # resources: + # requests: + # # The proxy's memory use scales linearly with the number of active + # # connections. Fewer open connections will use less memory. Adjust + # # this value based on your application's requirements. + # memory: "1Gi" + # # The proxy's CPU use scales linearly with the amount of IO between + # # the database and the application. Adjust this value based on your + # # application's requirements. + # cpu: "1" + ## @param extraVolumes Volumes that can be used in sidecar containers + # extraVolumes: [] ## Database configuration ## database: @@ -1311,6 +1504,23 @@ dynamicformfields: # ## NOTE: Ignored unless `database.connectionInfo.secretName` parameter is set. # ## # migrationPasswordKey: null + + ## Service account for Dynamic Form Fields. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.create Specifies whether a service account should be created + ## + create: false + ## @param serviceAccount.annotations Annotations to add to the service account + ## + annotations: {} + ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com + ## @param serviceAccount.name The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## The PostgreSQL database TLS configuration ## tls: From 53d757c52cf6c32b8f914566c1ea844976c5d81c Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Wed, 11 Dec 2024 15:38:45 +0530 Subject: [PATCH 2/8] remove example for sidecar --- .../templates/systemlink-values.yaml | 226 ++++-------------- 1 file changed, 42 insertions(+), 184 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index b4e88e20..4801b291 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -306,60 +306,29 @@ minio: ## Configuration for test result storage. ## testmonitorservice: - ## Configuring additional sidecars for the Test Monitor Service. + ## Configuring sidecars for the Test Monitor Service. ## ## @param sidecars Additional containers to run in the same pod as the Test Monitor Service. - ## It is used for authentication proxy containers, such as the Cloud SQL Auth Proxy. Example of a Cloud SQL Auth Proxy sidecar has been provided below. + ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern - # sidecars: - # - name: cloud-sql-proxy - # # It is recommended to use the latest version of the Cloud SQL Auth Proxy - # image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.1 - # env: - # - name: "GOOGLE_APPLICATION_CREDENTIALS" - # value: "/secrets/service_account.json" - # volumeMounts: - # - name: - # mountPath: /secrets/ - # readOnly: true - # args: - # # If connecting from a VPC-native GKE cluster, you can use the - # # following flag to have the proxy connect over private IP - # # - "--private-ip" - - # # If you are not connecting with Automatic IAM, you can delete - # # the following flag. - # - "--auto-iam-authn" - - # # Enable structured logging with LogEntry format: - # - "--structured-logs" - - # # Replace DB_PORT with the port the proxy should listen on - # - "--port=" - # - "" - # securityContext: - # # The default Cloud SQL Auth Proxy image runs as the - # # "nonroot" user and group (uid: 65532) by default. - # runAsNonRoot: true - - # # You should use resource requests/limits as a best practice to prevent - # # pods from consuming too many resources and affecting the execution of - # # other pods. You should adjust the following values based on what your - # # application needs. For details, see - # # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - # resources: - # requests: - # # The proxy's memory use scales linearly with the number of active - # # connections. Fewer open connections will use less memory. Adjust - # # this value based on your application's requirements. - # memory: "1Gi" - # # The proxy's CPU use scales linearly with the amount of IO between - # # the database and the application. Adjust this value based on your - # # application's requirements. - # cpu: "1" + sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers - # extraVolumes: [] + extraVolumes: [] ## + + ## Service account for Test Monitor. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.annotations Annotations to add to the service account + ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com + ## + annotations: {} + ## @param serviceAccount.name The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## Database configuration ## database: @@ -412,22 +381,6 @@ testmonitorservice: # ## # migrationPasswordKey: null - ## Service account for Test Monitor. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - ## - create: false - ## @param serviceAccount.annotations Annotations to add to the service account - ## - annotations: {} - ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com - ## @param serviceAccount.name The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## The PostgreSQL database TLS configuration ## tls: @@ -588,71 +541,23 @@ dashboardhost: ## for more documentation and examples for these values. ## grafana: - ## Configuring additional sidecars for the Dahboardhost Service. + ## Configuring extra containers for the Dashboardhost Service. ## - ## @param extraContainers Additional containers to run in the same pod as the Dahboardhost Service. - ## It is used for authentication proxy containers, such as the Cloud SQL Auth Proxy. Example of a Cloud SQL Auth Proxy sidecar has been provided below. + ## @param extraContainers Additional containers to run in the same pod as the Dashboardhost Service. + ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern - # extraContainers: | - # - name: cloud-sql-proxy - # # It is recommended to use the latest version of the Cloud SQL Auth Proxy - # image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.1 - # env: - # - name: "GOOGLE_APPLICATION_CREDENTIALS" - # value: "/secrets/service_account.json" - # volumeMounts: - # - name: - # mountPath: /secrets/ - # readOnly: true - # args: - # # If connecting from a VPC-native GKE cluster, you can use the - # # following flag to have the proxy connect over private IP - # # - "--private-ip" - - # # If you are not connecting with Automatic IAM, you can delete - # # the following flag. - # - "--auto-iam-authn" - - # # Enable structured logging with LogEntry format: - # - "--structured-logs" - - # # Replace DB_PORT with the port the proxy should listen on - # - "--port=" - # - "" - # securityContext: - # # The default Cloud SQL Auth Proxy image runs as the - # # "nonroot" user and group (uid: 65532) by default. - # runAsNonRoot: true - - # # You should use resource requests/limits as a best practice to prevent - # # pods from consuming too many resources and affecting the execution of - # # other pods. You should adjust the following values based on what your - # # application needs. For details, see - # # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - # resources: - # requests: - # # The proxy's memory use scales linearly with the number of active - # # connections. Fewer open connections will use less memory. Adjust - # # this value based on your application's requirements. - # memory: "1Gi" - # # The proxy's CPU use scales linearly with the amount of IO between - # # the database and the application. Adjust this value based on your - # # application's requirements. - # cpu: "1" + extraContainers: "" ## @param extraContainerVolumes Volumes that can be used in the extraContainers - # extraContainerVolumes: [] + extraContainerVolumes: [] ## Service account for dashboardhost service. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - ## - create: false ## @param serviceAccount.annotations Annotations to add to the service account + ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com ## annotations: {} - ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com ## @param serviceAccount.name The name of the service account to use. ## If not set and create is true, a name is generated using the fullname template ## @@ -1400,59 +1305,28 @@ serviceregistry: ## Configuration for dynamic form fields. ## dynamicformfields: - ## Configuring additional sidecars for the Dynamic Form Fields Service. + ## Configuring sidecars for the Dynamic Form Fields Service. ## ## @param sidecars Additional containers to run in the same pod as the DFF Service. - ## It is used for authentication proxy containers, such as the Cloud SQL Auth Proxy. Example of a Cloud SQL Auth Proxy sidecar has been provided below. + ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern - # sidecars: - # - name: cloud-sql-proxy - # # It is recommended to use the latest version of the Cloud SQL Auth Proxy - # image: gcr.io/cloud-sql-connectors/cloud-sql-proxy:2.14.1 - # env: - # - name: "GOOGLE_APPLICATION_CREDENTIALS" - # value: "/secrets/service_account.json" - # volumeMounts: - # - name: - # mountPath: /secrets/ - # readOnly: true - # args: - # # If connecting from a VPC-native GKE cluster, you can use the - # # following flag to have the proxy connect over private IP - # # - "--private-ip" - - # # If you are not connecting with Automatic IAM, you can delete - # # the following flag. - # - "--auto-iam-authn" - - # # Enable structured logging with LogEntry format: - # - "--structured-logs" - - # # Replace DB_PORT with the port the proxy should listen on - # - "--port=" - # - "" - # securityContext: - # # The default Cloud SQL Auth Proxy image runs as the - # # "nonroot" user and group (uid: 65532) by default. - # runAsNonRoot: true - - # # You should use resource requests/limits as a best practice to prevent - # # pods from consuming too many resources and affecting the execution of - # # other pods. You should adjust the following values based on what your - # # application needs. For details, see - # # https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ - # resources: - # requests: - # # The proxy's memory use scales linearly with the number of active - # # connections. Fewer open connections will use less memory. Adjust - # # this value based on your application's requirements. - # memory: "1Gi" - # # The proxy's CPU use scales linearly with the amount of IO between - # # the database and the application. Adjust this value based on your - # # application's requirements. - # cpu: "1" + sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers - # extraVolumes: [] + extraVolumes: [] + + ## Service account for Dynamic Form Fields. + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ + ## + serviceAccount: + ## @param serviceAccount.annotations Annotations to add to the service account + ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com + ## + annotations: {} + ## @param serviceAccount.name The name of the service account to use. + ## If not set and create is true, a name is generated using the fullname template + ## + name: "" + ## Database configuration ## database: @@ -1505,22 +1379,6 @@ dynamicformfields: # ## # migrationPasswordKey: null - ## Service account for Dynamic Form Fields. - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## - serviceAccount: - ## @param serviceAccount.create Specifies whether a service account should be created - ## - create: false - ## @param serviceAccount.annotations Annotations to add to the service account - ## - annotations: {} - ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com - ## @param serviceAccount.name The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template - ## - name: "" - ## The PostgreSQL database TLS configuration ## tls: From c40c8c5e78b67b145f9bfa8ddc9bc9449142d4c1 Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Wed, 11 Dec 2024 15:44:26 +0530 Subject: [PATCH 3/8] remove unwanted space --- .../templates/systemlink-values.yaml | 24 +++++++++---------- 1 file changed, 11 insertions(+), 13 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 4801b291..34a20255 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -380,7 +380,6 @@ testmonitorservice: # ## NOTE: Ignored unless `database.connectionInfo.secretName` parameter is set. # ## # migrationPasswordKey: null - ## The PostgreSQL database TLS configuration ## tls: @@ -489,7 +488,7 @@ alarmservice: ## The amount of time inactive alarms will be retained in the database ([d.]hh:mm[:ss] format). ## inactiveAlarmCleanupInterval: 30.00:00 - + activeAlarmCleanup: ## The amount of time active alarms will be retained in the database since they were ## last updated ([d.]hh:mm[:ss] format). @@ -499,7 +498,7 @@ alarmservice: ## transition has a CLEAR transition type. ## onlyCleanUpClearAlarms: false - + ## The total number of alarms the service supports creating, including ## both active and inactive alarms. Must be greater than activeAlarmLimit. ## The service will return an error if this limit is exceeded. Increasing @@ -682,11 +681,11 @@ dashboardhost: ## Uncomment to set Grafana plugin configuration. ## # plugins: - ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. - ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain - ## the list of plugins listed in the default values file. - ## - # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel + ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. + ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain + ## the list of plugins listed in the default values file. + ## + # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel ## Grafana provisioning ## @@ -928,7 +927,7 @@ feedservice: ## includeApiHostsInNoProxy: false ## @param httpProxy.additionalNoProxy List of hosts that should not be proxied. Example: ["localserver1","localserver2"] - ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" + ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" additionalNoProxy: [] ## File upload configuration. @@ -974,9 +973,9 @@ fileingestion: # This must be set to the region of the S3 instance. ## region: "us-east-1" - ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service - ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the - ## individual rates configured here. + ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service + ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the + ## individual rates configured here. ## Configure rate limits. ## rateLimits: @@ -1378,7 +1377,6 @@ dynamicformfields: # ## NOTE: Ignored unless `database.connectionInfo.secretName` parameter is set. # ## # migrationPasswordKey: null - ## The PostgreSQL database TLS configuration ## tls: From 4c9c7b4e037a9ba54a0f098dc3ad40170136d4cb Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Wed, 11 Dec 2024 15:48:23 +0530 Subject: [PATCH 4/8] remove example for annotations --- getting-started/templates/systemlink-values.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 34a20255..61ee39a0 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -321,7 +321,6 @@ testmonitorservice: ## serviceAccount: ## @param serviceAccount.annotations Annotations to add to the service account - ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com ## annotations: {} ## @param serviceAccount.name The name of the service account to use. @@ -554,7 +553,6 @@ dashboardhost: ## serviceAccount: ## @param serviceAccount.annotations Annotations to add to the service account - ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com ## annotations: {} ## @param serviceAccount.name The name of the service account to use. @@ -1318,7 +1316,6 @@ dynamicformfields: ## serviceAccount: ## @param serviceAccount.annotations Annotations to add to the service account - ## Example - iam.gke.io/gcp-service-account=YOUR-GSA-NAME@YOUR-GOOGLE-CLOUD-PROJECT.iam.gserviceaccount.com ## annotations: {} ## @param serviceAccount.name The name of the service account to use. From 9a935c4c4d0ae4cb3348ab94c11c88a2e1f003d9 Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Wed, 11 Dec 2024 21:39:07 +0530 Subject: [PATCH 5/8] fix: resolve comments --- .../templates/systemlink-values.yaml | 32 ++++++++----------- 1 file changed, 14 insertions(+), 18 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 61ee39a0..088ab6da 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -307,14 +307,12 @@ minio: ## testmonitorservice: ## Configuring sidecars for the Test Monitor Service. - ## ## @param sidecars Additional containers to run in the same pod as the Test Monitor Service. ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers extraVolumes: [] - ## ## Service account for Test Monitor. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ @@ -324,7 +322,7 @@ testmonitorservice: ## annotations: {} ## @param serviceAccount.name The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template + ## If not set, a name is generated using the fullname template ## name: "" @@ -487,7 +485,7 @@ alarmservice: ## The amount of time inactive alarms will be retained in the database ([d.]hh:mm[:ss] format). ## inactiveAlarmCleanupInterval: 30.00:00 - + activeAlarmCleanup: ## The amount of time active alarms will be retained in the database since they were ## last updated ([d.]hh:mm[:ss] format). @@ -497,7 +495,7 @@ alarmservice: ## transition has a CLEAR transition type. ## onlyCleanUpClearAlarms: false - + ## The total number of alarms the service supports creating, including ## both active and inactive alarms. Must be greater than activeAlarmLimit. ## The service will return an error if this limit is exceeded. Increasing @@ -540,7 +538,6 @@ dashboardhost: ## grafana: ## Configuring extra containers for the Dashboardhost Service. - ## ## @param extraContainers Additional containers to run in the same pod as the Dashboardhost Service. ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern @@ -556,7 +553,7 @@ dashboardhost: ## annotations: {} ## @param serviceAccount.name The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template + ## If not set, a name is generated using the fullname template ## name: "" @@ -679,11 +676,11 @@ dashboardhost: ## Uncomment to set Grafana plugin configuration. ## # plugins: - ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. - ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain - ## the list of plugins listed in the default values file. - ## - # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel + ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. + ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain + ## the list of plugins listed in the default values file. + ## + # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel ## Grafana provisioning ## @@ -925,7 +922,7 @@ feedservice: ## includeApiHostsInNoProxy: false ## @param httpProxy.additionalNoProxy List of hosts that should not be proxied. Example: ["localserver1","localserver2"] - ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" + ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" additionalNoProxy: [] ## File upload configuration. @@ -971,9 +968,9 @@ fileingestion: # This must be set to the region of the S3 instance. ## region: "us-east-1" - ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service - ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the - ## individual rates configured here. + ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service + ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the + ## individual rates configured here. ## Configure rate limits. ## rateLimits: @@ -1303,7 +1300,6 @@ serviceregistry: ## dynamicformfields: ## Configuring sidecars for the Dynamic Form Fields Service. - ## ## @param sidecars Additional containers to run in the same pod as the DFF Service. ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern @@ -1319,7 +1315,7 @@ dynamicformfields: ## annotations: {} ## @param serviceAccount.name The name of the service account to use. - ## If not set and create is true, a name is generated using the fullname template + ## If not set, a name is generated using the fullname template ## name: "" From 847b4575f7a8f686df4c7b27ae3be9ccb39b2e46 Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Wed, 11 Dec 2024 22:33:09 +0530 Subject: [PATCH 6/8] remove whitespaces --- .../templates/systemlink-values.yaml | 22 +++++++++---------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 088ab6da..80fac236 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -485,7 +485,7 @@ alarmservice: ## The amount of time inactive alarms will be retained in the database ([d.]hh:mm[:ss] format). ## inactiveAlarmCleanupInterval: 30.00:00 - + activeAlarmCleanup: ## The amount of time active alarms will be retained in the database since they were ## last updated ([d.]hh:mm[:ss] format). @@ -495,7 +495,7 @@ alarmservice: ## transition has a CLEAR transition type. ## onlyCleanUpClearAlarms: false - + ## The total number of alarms the service supports creating, including ## both active and inactive alarms. Must be greater than activeAlarmLimit. ## The service will return an error if this limit is exceeded. Increasing @@ -676,11 +676,11 @@ dashboardhost: ## Uncomment to set Grafana plugin configuration. ## # plugins: - ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. - ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain - ## the list of plugins listed in the default values file. - ## - # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel + ## Enter a comma-separated list of plugin identifiers to identify plugins that are allowed to be loaded even if they lack a valid signature. + ## - Uncomment to set the list of unsigned plugins to load. This will override the plugins included by default so ensure you maintain + ## the list of plugins listed in the default values file. + ## + # allow_loading_unsigned_plugins: ni-slnotebook-datasource,ni-sldataframe-datasource,ni-plotly-panel ## Grafana provisioning ## @@ -922,7 +922,7 @@ feedservice: ## includeApiHostsInNoProxy: false ## @param httpProxy.additionalNoProxy List of hosts that should not be proxied. Example: ["localserver1","localserver2"] - ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" + ## For example, we would need to set the host of the AWS Security Token Service if we use AWS_WEB_IDENTITY_TOKEN for the S3 auth type -> "sts.us-east-1.amazonaws.com" additionalNoProxy: [] ## File upload configuration. @@ -968,9 +968,9 @@ fileingestion: # This must be set to the region of the S3 instance. ## region: "us-east-1" - ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service - ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the - ## individual rates configured here. + ## Configure rate limiting. Limits are enforced per-user. Each replica of the file ingestion service + ## applies its own per-user limit. With load-balancing, the effective rate will be higher than the + ## individual rates configured here. ## Configure rate limits. ## rateLimits: From dac4cd9d6e7f820d0fa6fb21eb9cb10354be236b Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Wed, 11 Dec 2024 22:40:20 +0530 Subject: [PATCH 7/8] modify comment --- getting-started/templates/systemlink-values.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 80fac236..423e9988 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -308,7 +308,7 @@ minio: testmonitorservice: ## Configuring sidecars for the Test Monitor Service. ## @param sidecars Additional containers to run in the same pod as the Test Monitor Service. - ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. + ## These should be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers @@ -539,7 +539,7 @@ dashboardhost: grafana: ## Configuring extra containers for the Dashboardhost Service. ## @param extraContainers Additional containers to run in the same pod as the Dashboardhost Service. - ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. + ## These should be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern extraContainers: "" ## @param extraContainerVolumes Volumes that can be used in the extraContainers @@ -1301,7 +1301,7 @@ serviceregistry: dynamicformfields: ## Configuring sidecars for the Dynamic Form Fields Service. ## @param sidecars Additional containers to run in the same pod as the DFF Service. - ## It can be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. + ## These should be used for authentication proxy containers, such as the Cloud SQL Auth Proxy. ## ref: https://cloud.google.com/sql/docs/postgres/connect-kubernetes-engine#run_the_in_a_sidecar_pattern sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers From 7f1b535ca42b36381b2e3e376ff902726cb2c130 Mon Sep 17 00:00:00 2001 From: Priyadarshini Piramanayagam Date: Thu, 12 Dec 2024 15:12:32 +0530 Subject: [PATCH 8/8] extraVolumeMounts has been added for postgres services --- getting-started/templates/systemlink-values.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/getting-started/templates/systemlink-values.yaml b/getting-started/templates/systemlink-values.yaml index 423e9988..fed12348 100644 --- a/getting-started/templates/systemlink-values.yaml +++ b/getting-started/templates/systemlink-values.yaml @@ -313,6 +313,8 @@ testmonitorservice: sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers extraVolumes: [] + ## @param extraVolumeMounts Defines additional volume mounts for the container. + extraVolumeMounts: [] ## Service account for Test Monitor. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ @@ -544,6 +546,8 @@ dashboardhost: extraContainers: "" ## @param extraContainerVolumes Volumes that can be used in the extraContainers extraContainerVolumes: [] + ## @param extraVolumeMounts Defines additional volume mounts for the container. + extraVolumeMounts: [] ## Service account for dashboardhost service. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ @@ -1306,6 +1310,8 @@ dynamicformfields: sidecars: [] ## @param extraVolumes Volumes that can be used in sidecar containers extraVolumes: [] + ## @param extraVolumeMounts Defines additional volume mounts for the container. + extraVolumeMounts: [] ## Service account for Dynamic Form Fields. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/