diff --git a/infra/charts/feast/README.md b/infra/charts/feast/README.md index e93b687f191..389a0b85d4d 100644 --- a/infra/charts/feast/README.md +++ b/infra/charts/feast/README.md @@ -100,7 +100,9 @@ The following table lists the configurable parameters of the Feast chart and the | `feast-core.logLevel` | Application logging level | `warn` | `feast-core.logType` | Application logging type (`JSON` or `Console`) | `JSON` | `feast-core.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}` +| `feast-core.springSecretProfiles` | Map of profile name to file content for additional Spring profiles. Use this instead of springConfigProfiles if the content contains secrets. | `{}` | `feast-core.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""` +| `feast-core.springSecretProfilesActive` | CSV of profiles to enable from `springSecretProfiles` | `""` | `feast-core.livenessProbe.enabled` | Flag to enable liveness probe | `true` | `feast-core.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | `feast-core.livenessProbe.periodSeconds` | How often to perform the probe | `10` @@ -142,7 +144,9 @@ The following table lists the configurable parameters of the Feast chart and the | `feast-serving-online.logLevel` | Application logging level | `warn` | `feast-serving-online.logType` | Application logging type (`JSON` or `Console`) | `JSON` | `feast-serving-online.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}` +| `feast-serving-online.springSecretProfiles` | Map of profile name to file content for additional Spring profiles. Use this instead of springConfigProfiles if the content contains secrets. | `{}` | `feast-serving-online.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""` +| `feast-serving-online.springSecretProfilesActive` | CSV of profiles to enable from `springSecretProfiles` | `""` | `feast-serving-online.livenessProbe.enabled` | Flag to enable liveness probe | `true` | `feast-serving-online.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | `feast-serving-online.livenessProbe.periodSeconds` | How often to perform the probe | `10` @@ -184,7 +188,9 @@ The following table lists the configurable parameters of the Feast chart and the | `feast-serving-batch.logLevel` | Application logging level | `warn` | `feast-serving-batch.logType` | Application logging type (`JSON` or `Console`) | `JSON` | `feast-serving-batch.springConfigProfiles` | Map of profile name to file content for additional Spring profiles | `{}` +| `feast-serving-batch.springSecretProfiles` | Map of profile name to file content for additional Spring profiles. Use this instead of springConfigProfiles if the content contains secrets. | `{}` | `feast-serving-batch.springConfigProfilesActive` | CSV of profiles to enable from `springConfigProfiles` | `""` +| `feast-serving-batch.springSecretProfilesActive` | CSV of profiles to enable from `springSecretProfiles` | `""` | `feast-serving-batch.livenessProbe.enabled` | Flag to enable liveness probe | `true` | `feast-serving-batch.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `60` | `feast-serving-batch.livenessProbe.periodSeconds` | How often to perform the probe | `10` diff --git a/infra/charts/feast/charts/feast-core/charts/common-0.0.5.tgz b/infra/charts/feast/charts/feast-core/charts/common-0.0.5.tgz new file mode 100644 index 00000000000..ca0a64ae314 Binary files /dev/null and b/infra/charts/feast/charts/feast-core/charts/common-0.0.5.tgz differ diff --git a/infra/charts/feast/charts/feast-core/requirements.lock b/infra/charts/feast/charts/feast-core/requirements.lock new file mode 100644 index 00000000000..ff153c242e2 --- /dev/null +++ b/infra/charts/feast/charts/feast-core/requirements.lock @@ -0,0 +1,15 @@ +dependencies: +- name: postgresql + repository: https://kubernetes-charts.storage.googleapis.com + version: 6.5.5 +- name: kafka + repository: https://kubernetes-charts-incubator.storage.googleapis.com + version: 0.20.1 +- name: common + repository: https://kubernetes-charts-incubator.storage.googleapis.com + version: 0.0.5 +- name: prometheus-statsd-exporter + repository: "" + version: 0.1.2 +digest: sha256:03806d8d6fc3ffd70c5ca1026544277b69de361180a384c5b45eb110f0080baa +generated: "2020-02-13T17:50:23.985561Z" diff --git a/infra/charts/feast/charts/feast-core/templates/deployment.yaml b/infra/charts/feast/charts/feast-core/templates/deployment.yaml index df834b6749e..daa69f4782c 100644 --- a/infra/charts/feast/charts/feast-core/templates/deployment.yaml +++ b/infra/charts/feast/charts/feast-core/templates/deployment.yaml @@ -18,8 +18,12 @@ spec: release: {{ .Release.Name }} template: metadata: - {{- if .Values.prometheus.enabled }} annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.springSecretProfiles }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} + {{- if .Values.prometheus.enabled }} {{ $config := index .Values "application.yaml" }} prometheus.io/path: /metrics prometheus.io/port: "{{ $config.server.port }}" @@ -37,8 +41,14 @@ spec: volumes: - name: {{ template "feast-core.fullname" . }}-config - configMap: - name: {{ template "feast-core.fullname" . }} + projected: + sources: + - configMap: + name: {{ template "feast-core.fullname" . }} + {{- if .Values.springSecretProfiles }} + - secret: + name: {{ template "feast-core.fullname" . }} + {{- end }} {{- if .Values.gcpServiceAccount.useExistingSecret }} - name: {{ template "feast-core.fullname" . }}-gcpserviceaccount secret: @@ -89,7 +99,8 @@ spec: - -jar - {{ .Values.jarPath | quote }} - "--spring.config.location=file:{{ .Values.springConfigMountPath }}/" - {{- $profilesArray := splitList "," .Values.springConfigProfilesActive -}} + {{- $combinedProfiles := printf "%s,%s" .Values.springConfigProfilesActive .Values.springSecretProfilesActive -}} + {{- $profilesArray := splitList "," $combinedProfiles -}} {{- $profilesArray = append $profilesArray (.Values.postgresql.enabled | ternary "bundled-postgresql" "") -}} {{- $profilesArray = append $profilesArray (.Values.kafka.enabled | ternary "bundled-kafka" "") -}} {{- $profilesArray = append $profilesArray (index .Values "prometheus-statsd-exporter" "enabled" | ternary "bundled-statsd" "") -}} diff --git a/infra/charts/feast/charts/feast-core/templates/secret.yaml b/infra/charts/feast/charts/feast-core/templates/secret.yaml new file mode 100644 index 00000000000..dc4883dd4d6 --- /dev/null +++ b/infra/charts/feast/charts/feast-core/templates/secret.yaml @@ -0,0 +1,19 @@ +{{- if .Values.springSecretProfiles -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "feast-core.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "feast-core.name" . }} + component: core + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{- range $name, $content := .Values.springSecretProfiles }} + application-{{ $name }}.yaml: | +{{- toYaml $content | b64enc | nindent 4 }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/infra/charts/feast/charts/feast-core/values.yaml b/infra/charts/feast/charts/feast-core/values.yaml index 077906dc35d..2224a591a99 100644 --- a/infra/charts/feast/charts/feast-core/values.yaml +++ b/infra/charts/feast/charts/feast-core/values.yaml @@ -120,12 +120,14 @@ application.yaml: port: 8125 springConfigProfiles: {} +springSecretProfiles: {} # db: | # spring: # datasource: # driverClassName: org.postgresql.Driver # url: jdbc:postgresql://${DB_HOST:127.0.0.1}:${DB_PORT:5432}/${DB_DATABASE:postgres} springConfigProfilesActive: "" +springSecretProfilesActive: "" # springConfigMountPath is the directory path where application.yaml will be # mounted in the container. springConfigMountPath: /etc/feast/feast-core diff --git a/infra/charts/feast/charts/feast-serving/charts/common-0.0.5.tgz b/infra/charts/feast/charts/feast-serving/charts/common-0.0.5.tgz new file mode 100644 index 00000000000..ca0a64ae314 Binary files /dev/null and b/infra/charts/feast/charts/feast-serving/charts/common-0.0.5.tgz differ diff --git a/infra/charts/feast/charts/feast-serving/requirements.lock b/infra/charts/feast/charts/feast-serving/requirements.lock new file mode 100644 index 00000000000..c08ed1a2554 --- /dev/null +++ b/infra/charts/feast/charts/feast-serving/requirements.lock @@ -0,0 +1,9 @@ +dependencies: +- name: redis + repository: https://kubernetes-charts.storage.googleapis.com + version: 9.5.0 +- name: common + repository: https://kubernetes-charts-incubator.storage.googleapis.com + version: 0.0.5 +digest: sha256:2428bcc6aa1c3bda3829720decf833bc99e65da5e1933665e89d3003c44f91eb +generated: "2020-02-13T17:50:36.99567Z" diff --git a/infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml b/infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml new file mode 100644 index 00000000000..2f8d81bee64 --- /dev/null +++ b/infra/charts/feast/charts/feast-serving/templates/configmap-store.yaml @@ -0,0 +1,30 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "feast-serving.fullname" . }}-store + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "feast-serving.name" . }} + component: serving + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + store.yaml: | + {{- $store := index .Values "store.yaml"}} + + {{- if and .Values.redis.enabled (eq $store.type "REDIS") }} + + {{- if eq .Values.redis.master.service.type "ClusterIP" }} + {{- $newConfig := dict "redis_config" (dict "host" (printf "%s-redis-headless" .Release.Name) "port" .Values.redis.redisPort) }} + {{- $config := mergeOverwrite $store $newConfig }} + {{- end }} + + {{- if and (eq .Values.redis.master.service.type "LoadBalancer") (not (empty .Values.redis.master.service.loadBalancerIP)) }} + {{- $newConfig := dict "redis_config" (dict "host" .Values.redis.master.service.loadBalancerIP "port" .Values.redis.redisPort) }} + {{- $config := mergeOverwrite $store $newConfig }} + {{- end }} + + {{- end }} + + {{- toYaml $store | nindent 4 }} diff --git a/infra/charts/feast/charts/feast-serving/templates/configmap.yaml b/infra/charts/feast/charts/feast-serving/templates/configmap.yaml index 934216a9d5f..3775d9f5629 100644 --- a/infra/charts/feast/charts/feast-serving/templates/configmap.yaml +++ b/infra/charts/feast/charts/feast-serving/templates/configmap.yaml @@ -28,25 +28,6 @@ data: port: 6379 {{- end }} - store.yaml: | -{{- $store := index .Values "store.yaml"}} - -{{- if and .Values.redis.enabled (eq $store.type "REDIS") }} - -{{- if eq .Values.redis.master.service.type "ClusterIP" }} -{{- $newConfig := dict "redis_config" (dict "host" (printf "%s-redis-headless" .Release.Name) "port" .Values.redis.redisPort) }} -{{- $config := mergeOverwrite $store $newConfig }} -{{- end }} - -{{- if and (eq .Values.redis.master.service.type "LoadBalancer") (not (empty .Values.redis.master.service.loadBalancerIP)) }} -{{- $newConfig := dict "redis_config" (dict "host" .Values.redis.master.service.loadBalancerIP "port" .Values.redis.redisPort) }} -{{- $config := mergeOverwrite $store $newConfig }} -{{- end }} - -{{- end }} - -{{- toYaml $store | nindent 4 }} - {{- range $name, $content := .Values.springConfigProfiles }} application-{{ $name }}.yaml: | {{- toYaml $content | nindent 4 }} diff --git a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml index 64dd3955d0c..1a2e6727583 100644 --- a/infra/charts/feast/charts/feast-serving/templates/deployment.yaml +++ b/infra/charts/feast/charts/feast-serving/templates/deployment.yaml @@ -19,6 +19,10 @@ spec: template: metadata: annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- if .Values.springSecretProfiles }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + {{- end }} {{- if .Values.prometheus.enabled }} {{ $config := index .Values "application.yaml" }} prometheus.io/path: /metrics @@ -37,8 +41,16 @@ spec: volumes: - name: {{ template "feast-serving.fullname" . }}-config - configMap: - name: {{ template "feast-serving.fullname" . }} + projected: + sources: + - configMap: + name: {{ template "feast-serving.fullname" . }} + - configMap: + name: {{ template "feast-serving.fullname" . }}-store + {{- if .Values.springSecretProfiles }} + - secret: + name: {{ template "feast-serving.fullname" . }} + {{- end }} {{- if .Values.gcpServiceAccount.useExistingSecret }} - name: {{ template "feast-serving.fullname" . }}-gcpserviceaccount secret: @@ -82,7 +94,8 @@ spec: - -jar - {{ .Values.jarPath | quote }} - "--spring.config.location=file:{{ .Values.springConfigMountPath }}/" - {{- $profilesArray := splitList "," .Values.springConfigProfilesActive -}} + {{- $combinedProfiles := printf "%s,%s" .Values.springConfigProfilesActive .Values.springSecretProfilesActive -}} + {{- $profilesArray := splitList "," $combinedProfiles -}} {{- $profilesArray = append $profilesArray (.Values.core.enabled | ternary "bundled-core" "") -}} {{- $profilesArray = append $profilesArray (eq (include "bq_store_and_no_job_options" .) "true" | ternary "bundled-redis" "") -}} {{- $profilesArray = compact $profilesArray -}} diff --git a/infra/charts/feast/charts/feast-serving/templates/secret.yaml b/infra/charts/feast/charts/feast-serving/templates/secret.yaml new file mode 100644 index 00000000000..941101ee4b9 --- /dev/null +++ b/infra/charts/feast/charts/feast-serving/templates/secret.yaml @@ -0,0 +1,19 @@ +{{- if .Values.springSecretProfiles -}} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "feast-serving.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "feast-serving.name" . }} + component: serving + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: +{{- range $name, $content := .Values.springSecretProfiles }} + application-{{ $name }}.yaml: | +{{- toYaml $content | b64enc | nindent 4 }} +{{- end }} +{{- end -}} \ No newline at end of file diff --git a/infra/charts/feast/charts/feast-serving/values.yaml b/infra/charts/feast/charts/feast-serving/values.yaml index 52d10cd7440..fc06c1ae579 100644 --- a/infra/charts/feast/charts/feast-serving/values.yaml +++ b/infra/charts/feast/charts/feast-serving/values.yaml @@ -105,12 +105,14 @@ application.yaml: # version: "*" springConfigProfiles: {} +springSecretProfiles: {} # db: | # spring: # datasource: # driverClassName: org.postgresql.Driver # url: jdbc:postgresql://${DB_HOST:127.0.0.1}:${DB_PORT:5432}/${DB_DATABASE:postgres} springConfigProfilesActive: "" +springSecretProfilesActive: "" # springConfigMountPath is the directory path where application.yaml and # store.yaml will be mounted in the container. springConfigMountPath: /etc/feast/feast-serving diff --git a/infra/charts/feast/requirements.lock b/infra/charts/feast/requirements.lock index e441790dc76..d9aeab16516 100644 --- a/infra/charts/feast/requirements.lock +++ b/infra/charts/feast/requirements.lock @@ -1,6 +1,12 @@ dependencies: -- name: common - repository: https://kubernetes-charts-incubator.storage.googleapis.com - version: 0.0.5 -digest: sha256:935bfb09e9ed90ff800826a7df21adaabe3225511c3ad78df44e1a5a60e93f14 -generated: 2019-12-10T14:47:49.57569Z +- name: feast-core + repository: "" + version: 0.4.4 +- name: feast-serving + repository: "" + version: 0.4.4 +- name: feast-serving + repository: "" + version: 0.4.4 +digest: sha256:1f812168f656d4725f80f52fcf2f919603ca4c69a9b48d62d55ea9271bf4755b +generated: "2020-02-25T14:15:39.256627Z"