Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

GEFEST-1331: Конфигурация нескольких хостов для Postgres в чарте Keys #547

Merged
merged 5 commits into from
Jan 24, 2025
Merged

GEFEST-1331: Конфигурация нескольких хостов для Postgres в чарте Keys #547

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
0d5ae88
GEFEST-1331 Конфигурация нескольких хостов для Postgres в чарте Keys
salkrr Dec 4, 2024
e85f1f8
GEFEST-813 В чарт Keys добавлена конфигурация для b2b auth
salkrr Jan 10, 2025
68222de
GEFEST-1341 В чарт Keys в джобу импорта добавлен временный флаг для д…
salkrr Jan 10, 2025
593afc9
Merge pull request #575 from 2gis/feat/GEFEST-1341-routing-api-data-m…
mprudnikov3 Jan 24, 2025
187829b
Merge pull request #574 from 2gis/feat/GEFEST-813-b2b-auth
mprudnikov3 Jan 24, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 7 additions & 1 deletion Breaking-Changes.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
# 2GIS On-Premise Breaking-Changes

## [1.34.0]

### keys
- A temporary flag, `--migrate-data`, has been added for this release. This flag triggers the data migration required for the Routing API data in the service.
- Ensure that `keys` service is upgraded prior to upgrading any of the `navi` services.

## [1.33.0]

### pro-api
- permissions.settings.enabled was removed, permissions api is now always mandatory
- permissions.settings.enabled was removed, permissions api is now always mandatory
- postgres.connectionString, postgres.connectionStringReadonly, postgres.password were changed to postgres.api.rw / postgres.api.ro settings


Expand Down
2 changes: 1 addition & 1 deletion charts/keys/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ type: application
description: A Helm chart for Kubernetes to deploy API Keys service

version: 1.33.1
appVersion: 1.105.0
appVersion: 1.108.2

maintainers:
- name: 2gis
Expand Down
19 changes: 14 additions & 5 deletions charts/keys/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about
| `imagePullSecrets` | Kubernetes image pull secrets. | `[]` |
| `imagePullPolicy` | Pull policy. | `IfNotPresent` |
| `backend.image.repository` | Backend service image repository. | `2gis-on-premise/keys-backend` |
| `backend.image.tag` | Backend service image tag. | `1.105.0` |
| `backend.image.tag` | Backend service image tag. | `1.108.2` |
| `admin.image.repository` | Admin service image repository. | `2gis-on-premise/keys-ui` |
| `admin.image.tag` | Admin service image tag. | `0.10.3` |
| `redis.image.repository` | Redis image repository. | `2gis-on-premise/keys-redis` |
Expand Down Expand Up @@ -88,6 +88,15 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about
| `api.adminSessionTTL` | TTL of the admin users sessions. Duration string is a sequence of decimal numbers with optional fraction and unit suffix, like `100ms`, `2.3h` or `4h35m`. Valid time units are `ns`, `us` (or `µs`), `ms`, `s`, `m`, `h`. | `336h` |
| `api.logLevel` | Log level for the service. Can be: `trace`, `debug`, `info`, `warning`, `error`, `fatal`. | `warning` |
| `api.signPrivateKey` | RSA-PSS 2048 private key (in PKCS#1 format) for signing responses in Public API. | `""` |
| `api.oidc.enable` | If OIDC authentication is enabled. | `false` |
| `api.oidc.enableSignlePartnerMode` | Enable single partner mode: all users are binded to the preconfigured partner (needed when external OIDC provider is used). | `false` |
| `api.oidc.url` | URL of the OIDC provider. | `""` |
| `api.oidc.retryCount` | Maximum number of retries for requests to OIDC provider. | `3` |
| `api.oidc.timeout` | Timeout for requests to OIDC provider. | `3s` |
| `api.oidc.defaultPartner` | **Settings for single partner mode feature. Info specified here will be returned in responses from Auth API** | |
| `api.oidc.defaultPartner.id` | Default partner's Id. | `""` |
| `api.oidc.defaultPartner.name` | Default partner's Name. | `""` |
| `api.oidc.defaultPartner.role` | Role of the user in the default partner. Can be: 'user', 'admin'. | `""` |
| `api.replicas` | A replica count for the pod. | `1` |
| `api.revisionHistoryLimit` | Revision history limit (used for [rolling back](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) a deployment). | `3` |
| `api.strategy.type` | Type of Kubernetes deployment. Can be `Recreate` or `RollingUpdate`. | `RollingUpdate` |
Expand Down Expand Up @@ -208,8 +217,8 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about
| Name | Description | Value |
| ---------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | --------- |
| `postgres.ro` | **Settings for the read-only access** | |
| `postgres.ro.host` | PostgreSQL hostname or IP. **Required** | `""` |
| `postgres.ro.port` | PostgreSQL port. | `5432` |
| `postgres.ro.host` | PostgreSQL one or multiple hostnames or IPs separated by comma (e.g. 'host1,host2,10.0.0.1'). **Required** | `""` |
| `postgres.ro.port` | PostgreSQL one or multiple ports (one for each host). Values must be separated by comma (e.g. '1234,4567,5432'). | `5432` |
| `postgres.ro.timeout` | PostgreSQL client connection timeout. | `3s` |
| `postgres.ro.name` | PostgreSQL database name. **Required** | `""` |
| `postgres.ro.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` |
Expand All @@ -220,8 +229,8 @@ See the [documentation](https://docs.2gis.com/en/on-premise/keys) to learn about
| `postgres.ro.tls.clientCert` | client certificate. **Required for mode `verify-full`**. | `""` |
| `postgres.ro.tls.clientKey` | client private key. **Required for mode `verify-full`**. | `""` |
| `postgres.rw` | **Settings for the read-write access** | |
| `postgres.rw.host` | PostgreSQL hostname or IP. **Required** | `""` |
| `postgres.rw.port` | PostgreSQL port. | `5432` |
| `postgres.rw.host` | PostgreSQL one or multiple hostnames or IPs separated by comma (e.g. 'host1,host2,host3'). **Required** | `""` |
| `postgres.rw.port` | PostgreSQL one or multiple ports (one for each host). Values must be separated by comma (e.g. '1234,4567,5432'). | `5432` |
| `postgres.rw.timeout` | PostgreSQL client connection timeout. | `3s` |
| `postgres.rw.name` | PostgreSQL database name. **Required** | `""` |
| `postgres.rw.schema` | PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used. | `""` |
Expand Down
18 changes: 18 additions & 0 deletions charts/keys/templates/helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,10 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
value: "{{ .Values.featureFlags.enableAudit }}"
- name: KEYS_FEATURE_FLAGS_PUBLIC_API_SIGN
value: "{{ .Values.featureFlags.enablePublicAPISign }}"
- name: KEYS_FEATURE_FLAGS_EXTERNAL_COMPANIES
value: "{{ .Values.api.oidc.enableSignlePartnerMode }}"
- name: KEYS_FEATURE_FLAGS_OIDC
value: "{{ .Values.api.oidc.enable }}"
{{- end }}

{{- define "keys.env.api" -}}
Expand All @@ -137,6 +141,20 @@ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
name: {{ include "keys.secret.deploys.name" . }}
key: signPrivateKey
{{- end }}
{{- if .Values.featureFlags.enableOIDC }}
- name: KEYS_OIDC_ENDPOINT
value: "{{ required "A valid .Values.api.oidc.url required" .Values.api.oidc.url }}"
- name: KEYS_OIDC_CLIENT_TIMEOUT
value: "{{ .Values.api.oidc.timeout }}"
- name: KEYS_OIDC_CLIENT_RETRY_COUNT
value: "{{ .Values.api.oidc.retryCount }}"
- name: KEYS_OIDC_DEFAULT_PARTNER_ID
value: "{{ required "A valid .Values.api.oidc.defaultPartner.id required" .Values.api.oidc.defaultPartner.id }}"
- name: KEYS_OIDC_DEFAULT_PARTNER_NAME
value: "{{ required "A valid .Values.api.oidc.defaultPartner.name required" .Values.api.oidc.defaultPartner.name }}"
- name: KEYS_OIDC_DEFAULT_ROLE
value: "{{ required "A valid .Values.api.oidc.defaultPartner.role required" .Values.api.oidc.defaultPartner.role }}"
{{- end }}
{{- end }}

{{- define "keys.env.import" -}}
Expand Down
2 changes: 1 addition & 1 deletion charts/keys/templates/import/job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ spec:
- name: migrate
image: {{ required "A valid .Values.dgctlDockerRegistry entry required" .Values.dgctlDockerRegistry }}/{{ .Values.backend.image.repository }}:{{ .Values.backend.image.tag }}
imagePullPolicy: {{ .Values.imagePullPolicy }}
command: [ "keysctl", "import" ]
command: [ "keysctl", "import", "--migrate-data" ]
resources:
{{- toYaml .Values.import.resources | nindent 12 }}
env:
Expand Down
35 changes: 28 additions & 7 deletions charts/keys/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ featureFlags:
backend:
image:
repository: 2gis-on-premise/keys-backend
tag: 1.105.0
tag: 1.108.2

# @section Admin service settings

Expand Down Expand Up @@ -156,6 +156,27 @@ api:
# ...
# -----END CERTIFICATE-----

# @param api.oidc.enable If OIDC authentication is enabled.
# @param api.oidc.enableSignlePartnerMode Enable single partner mode: all users are binded to the preconfigured partner (needed when external OIDC provider is used).
# @param api.oidc.url URL of the OIDC provider.
# @param api.oidc.retryCount Maximum number of retries for requests to OIDC provider.
# @param api.oidc.timeout Timeout for requests to OIDC provider.
# @extra api.oidc.defaultPartner **Settings for single partner mode feature. Info specified here will be returned in responses from Auth API**
# @param api.oidc.defaultPartner.id Default partner's Id.
# @param api.oidc.defaultPartner.name Default partner's Name.
# @param api.oidc.defaultPartner.role Role of the user in the default partner. Can be: 'user', 'admin'.

oidc:
enable: false
enableSignlePartnerMode: false
url: ''
retryCount: 3
timeout: 3s
defaultPartner:
id: ''
name: ''
role: ''

# @param api.replicas A replica count for the pod.

replicas: 1
Expand Down Expand Up @@ -497,8 +518,8 @@ postgres:

# @extra postgres.ro **Settings for the read-only access**

# @param postgres.ro.host PostgreSQL hostname or IP. **Required**
# @param postgres.ro.port PostgreSQL port.
# @param postgres.ro.host PostgreSQL one or multiple hostnames or IPs separated by comma (e.g. 'host1,host2,10.0.0.1'). **Required**
# @param postgres.ro.port PostgreSQL one or multiple ports (one for each host). Values must be separated by comma (e.g. '1234,4567,5432').
# @param postgres.ro.timeout PostgreSQL client connection timeout.
# @param postgres.ro.name PostgreSQL database name. **Required**
# @param postgres.ro.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used.
Expand All @@ -511,7 +532,7 @@ postgres:

ro:
host: ''
port: 5432
port: '5432'
timeout: 3s
name: ''
schema: ''
Expand All @@ -525,8 +546,8 @@ postgres:

# @extra postgres.rw **Settings for the read-write access**

# @param postgres.rw.host PostgreSQL hostname or IP. **Required**
# @param postgres.rw.port PostgreSQL port.
# @param postgres.rw.host PostgreSQL one or multiple hostnames or IPs separated by comma (e.g. 'host1,host2,host3'). **Required**
# @param postgres.rw.port PostgreSQL one or multiple ports (one for each host). Values must be separated by comma (e.g. '1234,4567,5432').
# @param postgres.rw.timeout PostgreSQL client connection timeout.
# @param postgres.rw.name PostgreSQL database name. **Required**
# @param postgres.rw.schema PostgreSQL database schema. If not specified, schema from SEARCH_PATH will be used.
Expand All @@ -539,7 +560,7 @@ postgres:

rw:
host: ''
port: 5432
port: '5432'
timeout: 3s
name: ''
schema: ''
Expand Down