From 1a9462d535f93c0f68818650f2c841971154bec6 Mon Sep 17 00:00:00 2001 From: Steve Pentland Date: Wed, 28 Feb 2024 21:34:01 -0500 Subject: [PATCH 1/2] chore(charts): ensure env and envFrom can be set, move env to deployment --- charts/nx-agents/Chart.yaml | 2 +- charts/nx-agents/ci/basic-moreenv.yaml | 71 ++++++++++++++++++++++ charts/nx-agents/ci/basic-values.yaml | 2 +- charts/nx-agents/templates/deployment.yaml | 38 +++++++----- charts/nx-agents/values.yaml | 8 ++- 5 files changed, 102 insertions(+), 19 deletions(-) create mode 100644 charts/nx-agents/ci/basic-moreenv.yaml diff --git a/charts/nx-agents/Chart.yaml b/charts/nx-agents/Chart.yaml index 399415b..a0b6bc0 100644 --- a/charts/nx-agents/Chart.yaml +++ b/charts/nx-agents/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: nx-agents description: Nx Cloud Agents Helm Chart type: application -version: 1.0.0-rc.3 +version: 1.0.0-rc.4 maintainers: - name: nx url: "https://nx.app/" diff --git a/charts/nx-agents/ci/basic-moreenv.yaml b/charts/nx-agents/ci/basic-moreenv.yaml new file mode 100644 index 0000000..e595aaa --- /dev/null +++ b/charts/nx-agents/ci/basic-moreenv.yaml @@ -0,0 +1,71 @@ +global: + imageRegistry: 'us-east1-docker.pkg.dev/nxcloudoperations' + imageTag: '' + imageRepository: 'nx-cloud-enterprise-public' + namespace: 'nx-cloud-workflows' + +naming: + nameOverride: '' + fullNameOverride: '' + +serviceAccounts: + controller: + annotations: {} + runner: + annotations: {} + +controller: + deployment: + port: 9000 + annotations: {} + env: + - name: value-one + value: nx-cloud-workflows + - name: value-two + value: nx-cloud-workflows2 + envFrom: + - configMapRef: + name: configmap + - secretRef: + name: secret + service: + port: 9000 + type: ClusterIP + loadBalancerIP: '' + loadBalancerSourceRanges: [] + annotations: {} + image: + registry: '' + imageName: nx-cloud-workflow-controller + repository: '' + tag: test.0219162846 + pullPolicy: Always + resources: + limits: + memory: '1Gi' + cpu: '1.0' + requests: + memory: '0.5Gi' + cpu: '0.5' + +executor: + env: {} + +daemonset: + enabled: true + script: | + #!/bin/bash + set -e + + # change the file-watcher max-count on each node to 1048576 + + # insert the new value into the system config + sysctl -w fs.inotify.max_user_watches=1048576 + + # check that the new value was applied + cat /proc/sys/fs/inotify/max_user_watches + +secret: + name: 'cloudsecret' + awsS3AccessKeyId: 'ABC123556' + awsS3SecretAccessKey: 'BBBAAA1234' diff --git a/charts/nx-agents/ci/basic-values.yaml b/charts/nx-agents/ci/basic-values.yaml index f8660b1..3a62267 100644 --- a/charts/nx-agents/ci/basic-values.yaml +++ b/charts/nx-agents/ci/basic-values.yaml @@ -18,13 +18,13 @@ controller: deployment: port: 9000 annotations: {} + env: {} service: port: 9000 type: ClusterIP loadBalancerIP: '' loadBalancerSourceRanges: [] annotations: {} - env: {} image: registry: '' imageName: nx-cloud-workflow-controller diff --git a/charts/nx-agents/templates/deployment.yaml b/charts/nx-agents/templates/deployment.yaml index 15845b3..a873a00 100644 --- a/charts/nx-agents/templates/deployment.yaml +++ b/charts/nx-agents/templates/deployment.yaml @@ -15,6 +15,10 @@ spec: matchLabels: app: nx-cloud-workflow-controller replicas: 1 + {{- if .Values.controller.deployment.strategy }} + strategy: + {{- toYaml .Values.controller.deployment.strategy | nindent 4 }} + {{- end }} template: metadata: labels: @@ -69,6 +73,7 @@ spec: periodSeconds: 20 successThreshold: 1 timeoutSeconds: 1 + failureThreshold: 10 readinessProbe: httpGet: path: /readyz @@ -78,26 +83,27 @@ spec: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - {{- if gt (len .Values.controller.env) 0 }} - env: - {{- range $key, $value := .Values.controller.env }} - - name: {{ $key | quote }} - value: {{ $value | quote }} + {{- if gt (len .Values.controller.deployment.envFrom) 0 }} + envFrom: + {{- toYaml .Values.controller.deployment.envFrom | nindent 12}} {{- end }} + env: + {{- if gt (len .Values.controller.deployment.env) 0 }} + {{- toYaml .Values.controller.deployment.env | nindent 12 }} + {{- end }} {{- with .Values.secret }} {{- if .awsS3AccessKeyId }} {{- if .name }} - - name: AWS_S3_ACCESS_KEY_ID - valueFrom: - secretKeyRef: - name: {{ .name }} - key: {{ .awsS3AccessKeyId }} - - name: AWS_S3_SECRET_ACCESS_KEY - valueFrom: - secretKeyRef: - name: {{ .name }} - key: {{ .awsS3SecretAccessKey }} - {{- end }} + - name: AWS_S3_ACCESS_KEY_ID + valueFrom: + secretKeyRef: + name: {{ .name }} + key: {{ .awsS3AccessKeyId }} + - name: AWS_S3_SECRET_ACCESS_KEY + valueFrom: + secretKeyRef: + name: {{ .name }} + key: {{ .awsS3SecretAccessKey }} {{- end }} {{- end }} {{- end }} diff --git a/charts/nx-agents/values.yaml b/charts/nx-agents/values.yaml index f6b547b..6d77e5d 100644 --- a/charts/nx-agents/values.yaml +++ b/charts/nx-agents/values.yaml @@ -24,13 +24,19 @@ controller: tolerations: {} nodeSelector: {} args: {} + strategy: + rollingUpdate: + maxSurge: 25% + maxUnavailable: 25% + type: RollingUpdate + envFrom: [] + env: {} service: port: 9000 type: ClusterIP loadBalancerIP: '' loadBalancerSourceRanges: [] annotations: {} - env: {} image: registry: '' imageName: nx-cloud-workflow-controller From 6570e50ba997469b801a8d627ff188ccc73992e8 Mon Sep 17 00:00:00 2001 From: Steve Pentland Date: Wed, 28 Feb 2024 21:50:26 -0500 Subject: [PATCH 2/2] chore(charts): fix testing install --- .github/workflows/chart_lint_and_test.yaml | 1 + .gitignore | 3 ++- charts/nx-agents/ci/basic-moreenv.yaml | 4 ++-- charts/nx-agents/ci/basic-values.yaml | 4 ++-- testing-files/secret.yml | 5 ++++- 5 files changed, 11 insertions(+), 6 deletions(-) diff --git a/.github/workflows/chart_lint_and_test.yaml b/.github/workflows/chart_lint_and_test.yaml index 9dbabc2..e774361 100644 --- a/.github/workflows/chart_lint_and_test.yaml +++ b/.github/workflows/chart_lint_and_test.yaml @@ -44,6 +44,7 @@ jobs: if: steps.list-changed.outputs.changed == 'true' run: | cp testing-files/secret.yml charts/nx-cloud/templates/secret.yaml + cp testing-files/secret.yml charts/nx-agents/templates/secret.yaml - name: Run chart-testing (install) if: steps.list-changed.outputs.changed == 'true' diff --git a/.gitignore b/.gitignore index 6a73eef..448cade 100644 --- a/.gitignore +++ b/.gitignore @@ -3,4 +3,5 @@ # We copy this over on automated testing but for local we need to copy it in so ignore # if someone forgets to delete before pushing -charts/nx-cloud/templates/secret.yml \ No newline at end of file +charts/nx-cloud/templates/secret.yml +charts/nx-agents/templates/secret.yml \ No newline at end of file diff --git a/charts/nx-agents/ci/basic-moreenv.yaml b/charts/nx-agents/ci/basic-moreenv.yaml index e595aaa..f43bf2d 100644 --- a/charts/nx-agents/ci/basic-moreenv.yaml +++ b/charts/nx-agents/ci/basic-moreenv.yaml @@ -67,5 +67,5 @@ daemonset: secret: name: 'cloudsecret' - awsS3AccessKeyId: 'ABC123556' - awsS3SecretAccessKey: 'BBBAAA1234' + awsS3AccessKeyId: 'AWS_KEY' + awsS3SecretAccessKey: 'AWS_SECRET' diff --git a/charts/nx-agents/ci/basic-values.yaml b/charts/nx-agents/ci/basic-values.yaml index 3a62267..d76acf7 100644 --- a/charts/nx-agents/ci/basic-values.yaml +++ b/charts/nx-agents/ci/basic-values.yaml @@ -58,5 +58,5 @@ daemonset: secret: name: 'cloudsecret' - awsS3AccessKeyId: 'ABC123556' - awsS3SecretAccessKey: 'BBBAAA1234' + awsS3AccessKeyId: 'AWS_KEY' + awsS3SecretAccessKey: 'AWS_SECRET' diff --git a/testing-files/secret.yml b/testing-files/secret.yml index 69bc470..cd32935 100644 --- a/testing-files/secret.yml +++ b/testing-files/secret.yml @@ -3,6 +3,7 @@ apiVersion: v1 kind: Secret metadata: name: cloudsecret + namespace: {{ .Values.global.namespace }} type: Opaque stringData: NX_CLOUD_MONGO_SERVER_ENDPOINT: "mongodb://127.0.0.1" @@ -17,4 +18,6 @@ stringData: GITHUB_WEBHOOK_SECRET: "A_GITHUB_SECRET_VALUE" GITHUB_AUTH_TOKEN: "A_GITHUB_SECRET_VALUE" GITHUB_APP_PRIVATE_KEY: "A_GITHUB_SECRET_VALUE" - GITHUB_APP_ID: "A_GITHUB_SECRET_VALUE" \ No newline at end of file + GITHUB_APP_ID: "A_GITHUB_SECRET_VALUE" + AWS_KEY: "MYAWSKEY" + AWS_SECRET: "SUPER_SECRET_AWS_SECRET" \ No newline at end of file