Helm chart redesign for Quarkus-based runtimes #626
Conversation
adutra
force-pushed
the
quarkus-helm
branch
4 times, most recently
from
09657d1 to
f66d623
Compare
adutra
force-pushed
the
quarkus-helm
branch
13 times, most recently
from
0ac047b to
434a847
Compare
adutra
force-pushed
the
quarkus-helm
branch
3 times, most recently
from
68cbdfc to
acee0c9
Compare
adutra
changed the title
| ``` | ||
|
|
||
| ### Uninstalling the chart | ||
|
|
||
| ```bash | ||
| $ helm uninstall --namespace polaris polaris | ||
| helm uninstall --namespace polaris polaris | ||
| ``` | ||
|
|
||
| ## Values |
There was a problem hiding this comment.
Note: this is automatically generated by helm-docs.
adutra
force-pushed
the
quarkus-helm
branch
2 times, most recently
from
8719049 to
957553e
Compare
.github/workflows/helm.yml
Outdated
| @@ -79,7 +79,7 @@ jobs: | |||
| if: steps.list-changed.outputs.changed == 'true' | |||
| run: | | |||
| helm plugin install https://github.com/helm-unittest/helm-unittest.git || true | |||
| helm unittest helm/polaris | |||
| helm unittest helm/polaris 2> >(grep -v 'found symbolic link' >&2) | |||
There was a problem hiding this comment.
With https://github.com/apache/polaris/pull/912/files, we will need only the original command without filter out the warning messages due to symbolic link.
There was a problem hiding this comment.
Yes! I'm just waiting for #912 to be merged.
There was a problem hiding this comment.
#912 is merged! I removed the workaround.
helm/polaris/README.md
Outdated
|
|
||
| ```bash | ||
| $ helm install polaris helm/polaris --namespace polaris --create-namespace | ||
| helm unittest helm/polaris 2> >(grep -v 'found symbolic link' >&2) |
There was a problem hiding this comment.
Same as above if we should merge https://github.com/apache/polaris/pull/912/files first then remove the filter part.
| <property name="jakarta.persistence.jdbc.url" value="jdbc:h2:mem:polaris-{realm}"/> | ||
| <property name="jakarta.persistence.jdbc.user" value="sa"/> | ||
| <property name="jakarta.persistence.jdbc.password" value=""/> | ||
| <property name="jakarta.persistence.jdbc.url" |
There was a problem hiding this comment.
EclipseLink uses a default of 32 connections for connection pooling. For local testing, this is more than enough. If people want to use it for some load testing, this will suffer when there are many concurrent client connection. Do you think we may want to add an example or add the default value here? So for people who may not be familiar with EclipseLink, they can just change the max value etc.
There was a problem hiding this comment.
Good point. I added the following:
<property name="eclipselink.connection-pool.default.initial" value="1" />
<property name="eclipselink.connection-pool.default.min" value="1" />
<property name="eclipselink.connection-pool.default.max" value="1" />
| {{- $global := . -}} | ||
| {{- range $k, $v := $map }} | ||
| {{ include "polaris.appendConfigOption" (list $k $v $global) }} |
There was a problem hiding this comment.
nits: extra space between "list $k"
| tag: "latest" | ||
| # -- The path to the directory where the application.properties file, and other configuration | ||
| # files, if any, should be mounted. | ||
| configDir: /deployments/config |
There was a problem hiding this comment.
Should we add a similar comment here for the file listing issue (#907)
adutra
force-pushed
the
quarkus-helm
branch
2 times, most recently
from
4d36036 to
ac643dc
Compare
|
cc @gh-yzou |
| <property name="jakarta.persistence.schema-generation.database.action" value="create"/> | ||
| <property name="eclipselink.logging.level.sql" value="FINE"/> | ||
| <property name="eclipselink.logging.parameters" value="true"/> | ||
| <property name="eclipselink.persistence-context.flush-mode" value="auto"/> | ||
| <property name="eclipselink.connection-pool.default.initial" value="1" /> |
There was a problem hiding this comment.
does that mean by default we will have a connection pool with size 1? maybe we should mention this in the read me, and along with some instruction about how to adjust the size
There was a problem hiding this comment.
This is only for CI tests.
| type: Opaque | ||
| stringData: | ||
| access-key: "my-key" | ||
| secret-key: "my-secret" |
| stringData: | ||
| private.pem: |- | ||
| -----BEGIN PRIVATE KEY----- | ||
| MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDiae5jQnQ+Dt8Optpa4fLNuUfI |
There was a problem hiding this comment.
where does the private key and public key coming from ? will we be able to generate it on fly?
There was a problem hiding this comment.
This is just for tests. They were randomly generated and do not contain any sensitive information. I will add a comment.
| internalTrafficPolicy: Cluster | ||
| externalTrafficPolicy: Cluster | ||
| ports: | ||
| - name: polaris-http |
There was a problem hiding this comment.
is that two ports one for icebergRestCatalog service, and another one for OAuth service?
There was a problem hiding this comment.
This file is just for tests and contains "bogus" data that does not necessarily reflect how extraServices will be used in real life, because in these tests we cannot create load balancers, ingresses, etc.
The typical use case for extraServices is:
- User wants port 8181 to be exposed to internal clients (in the same namespace) using a
ClusterIPservice. - User also wants to expose port 8181 using a
LoadBalancerservice, for consumption by external clients (potentially with TLS termination, etc.)
This can be achieved by simply leaving service and managementService untouched, and adding the following config:
extraServices:
- nameSuffix: "ext"
type: LoadBalancer
ports:
- name: polaris-http
port: 8181Assuming the release name is my-release, the above will generate the following services:
my-releaseof type ClusterIP for port 8181;my-release-extof type LoadBalancer for port 8181;my-release-mgmtservice of type ClusterIP (headless) for port 8182.
|
@MonkeyCanCode @gh-yzou while answering a question from @gh-yzou I realized that I forgot to set |
|
@MonkeyCanCode @gh-yzou should we move forward with this? I would suggest to merge unless you see any blockers, then we can always keep improving the chart after the merge. It's not like we are going to do a release of the chart any time soon 😄 |
|
@adutra i don't have other further questions, but i am not familiar with this part, so I will let @MonkeyCanCode and @collado-mike to do the final approval on this. You don't have to wait for me to approve this. |
Thought I clicked on approved earlier. Approved. Very well done. |
|
Heads up: I am going to merge this now to unblock people looking for node port support, see #982. |
This is a major redesign of the Helm chart to make it compliant with Quarkus, but also improving a lot of aspects of the existing chart, such as the persistence secret management and the bootstrap jobs, to name a few.
Summary of changes
Persistence
Thanks to the improvement brought by #613, it's not necessary anymore to have an init container create a conf.jar. From now on, the user provides a secret with their persistence.xml, and that file is mounted on each Polaris pod directly.
Enhanced services
The services for Polaris now are separated in 3 categories:
Each service section has the same structure and allows to configure one or more ports.
Observability
New sections were added for logging, tracing, metrics, with also the ability to create a
ServiceMonitor.Bootstrap Job
The
bootstrapsection now configures the bootstrap job. Thanks to the Polaris Admin Tool introduced in #605, the jobs now use the tool to bootstrap realms.I am not convinced personally that this bootstrap job has a huge value, compared to just running the admin tool directly. But I didn't want to remove it.
Advanced Config
A new
advancedConfigsection can be used to customize Polaris deployments in any possible way, even when the Helm chart does not expose the desired setting.