diff --git a/.gitignore b/.gitignore index 6d896d9..cf3e300 100644 --- a/.gitignore +++ b/.gitignore @@ -13,6 +13,7 @@ vendor/* build/_output deploy/tmp +.DS_Store # GOPATH .go diff --git a/TAG b/TAG index dc1e644..bd8bf88 100644 --- a/TAG +++ b/TAG @@ -1 +1 @@ -1.6.0 +1.7.0 diff --git a/files/template.yaml.tpl b/files/template.yaml.tpl index 0085ea8..db76abf 100644 --- a/files/template.yaml.tpl +++ b/files/template.yaml.tpl @@ -59,10 +59,10 @@ volumes: value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-unpack-response`) .Config.wallarm.unpackResponse }}" - name: WALLARM_ACL_EXPORT_ENABLE value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-acl-export-enable`) .Config.wallarm.aclExportEnable }}" - - name: WALLARM_TARANTOOL_HOST - value: "{{ .Config.tarantool.host }}" - - name: WALLARM_TARANTOOL_PORT - value: "{{ .Config.tarantool.port }}" + - name: WALLARM_WSTORE_HOST + value: "{{ .Config.wstore.host }}" + - name: WALLARM_WSTORE_PORT + value: "{{ .Config.wstore.port }}" - name: WALLARM_UPSTREAM_CONNECT_ATTEMPTS value: "{{ getAnnotation .ObjectMeta (withAP `wallarm-upstream-connect-attempts`) .Config.wallarm.upstream.connectAttempts }}" - name: WALLARM_UPSTREAM_RECONNECT_INTERVAL @@ -91,16 +91,16 @@ volumes: value: "{{ getAnnotation .ObjectMeta (withAP `nginx-worker-processes`) .Config.nginx.workerProcesses }}" - name: NGINX_WORKER_CONNECTIONS value: "{{ getAnnotation .ObjectMeta (withAP `nginx-worker-connections`) .Config.nginx.workerConnections }}" - - name: NGINX_TARANTOOL_UPSTREAM_KEEPALIVE - value: "{{ .Config.nginx.tarantoolUpstream.keepalive }}" - - name: NGINX_TARANTOOL_UPSTREAM_KEEPALIVE_REQUESTS - value: "{{ .Config.nginx.tarantoolUpstream.keepaliveRequests }}" - - name: NGINX_TARANTOOL_UPSTREAM_SERVER_MAX_FAILS - value: "{{ .Config.nginx.tarantoolUpstream.server.maxFails }}" - - name: NGINX_TARANTOOL_UPSTREAM_SERVER_FAIL_TIMEOUT - value: "{{ .Config.nginx.tarantoolUpstream.server.maxConns }}" - - name: NGINX_TARANTOOL_UPSTREAM_SERVER_MAX_CONNS - value: "{{ .Config.nginx.tarantoolUpstream.server.failTimeout }}" + - name: NGINX_WSTORE_UPSTREAM_KEEPALIVE + value: "{{ .Config.nginx.postanalyticsUpstream.keepalive }}" + - name: NGINX_WSTORE_UPSTREAM_KEEPALIVE_REQUESTS + value: "{{ .Config.nginx.postanalyticsUpstream.keepaliveRequests }}" + - name: NGINX_WSTORE_UPSTREAM_SERVER_MAX_FAILS + value: "{{ .Config.nginx.postanalyticsUpstream.server.maxFails }}" + - name: NGINX_WSTORE_UPSTREAM_SERVER_FAIL_TIMEOUT + value: "{{ .Config.nginx.postanalyticsUpstream.server.maxConns }}" + - name: NGINX_WSTORE_UPSTREAM_SERVER_MAX_CONNS + value: "{{ .Config.nginx.postanalyticsUpstream.server.failTimeout }}" - name: NGINX_LOGS_EXTENDED value: "{{ .Config.nginx.logs.extended }}" - name: NGINX_LOGS_FORMAT @@ -448,8 +448,8 @@ volumes: Wcli arguments building */}} {{- define "wcli-args" -}} -"-log-level", "{{ .Config.cron.logLevel }}",{{ " " }} -{{- with .Config.cron.commands -}} +"-log-level", "{{ .Config.wcli.logLevel }}",{{ " " }} +{{- with .Config.wcli.commands -}} {{- range $name, $value := . -}} "job:{{ $name }}", "-log-level", "{{ $value.logLevel }}",{{ " " }} {{- end -}} diff --git a/helm/Chart.yaml b/helm/Chart.yaml index d7dacfb..a08a3d2 100644 --- a/helm/Chart.yaml +++ b/helm/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: wallarm-sidecar version: 5.2.11 -appVersion: 5.2.11 +appVersion: 6.0.0-rc0 description: Sidecar controller for Kubernetes. Injects sidecar proxy based on NGINX with Wallarm module and helper services. home: https://github.com/wallarm/sidecar icon: https://static.wallarm.com/wallarm-logo.svg @@ -21,8 +21,8 @@ kubeVersion: ">=1.19.16-0" annotations: artifacthub.io/images: | - name: sidecar - image: wallarm/sidecar:5.2.11 + image: wallarm/sidecar:6.0.0-rc0 - name: sidecar-controller - image: wallarm/sidecar-controller:1.6.0 + image: wallarm/sidecar-controller:1.7.0 - name: node-helpers - image: wallarm/node-helpers:5.2.11 + image: wallarm/node-helpers:6.0.0-rc0 diff --git a/helm/ci/deployment-external-tarantool-values.yaml b/helm/ci/deployment-external-wstore-values.yaml similarity index 71% rename from helm/ci/deployment-external-tarantool-values.yaml rename to helm/ci/deployment-external-wstore-values.yaml index fad5b72..4db4bda 100644 --- a/helm/ci/deployment-external-tarantool-values.yaml +++ b/helm/ci/deployment-external-wstore-values.yaml @@ -3,4 +3,4 @@ imagePullSecrets: postanalytics: external: enabled: true - host: tarantool.domain.internal + host: wstore.domain.internal diff --git a/helm/templates/_helpers.tpl b/helm/templates/_helpers.tpl index 242dc1c..849c62e 100644 --- a/helm/templates/_helpers.tpl +++ b/helm/templates/_helpers.tpl @@ -145,17 +145,17 @@ wallarm-sidecar-proxy value: {{ .Chart.Version | quote }} {{- end -}} -{{- define "wallarm-sidecar.tarantoolHost" -}} +{{- define "wallarm-sidecar.wstoreHost" -}} {{- if .Values.postanalytics.external.enabled }} -{{- required "Hostname of external Tarantool instance is required" .Values.postanalytics.external.host }} +{{- required "Hostname of external Wstore instance is required" .Values.postanalytics.external.host }} {{- else }} {{- template "wallarm-sidecar.fullname" . }}-postanalytics.{{ .Release.Namespace }}.svc {{- end }} {{- end -}} -{{- define "wallarm-sidecar.tarantoolPort" -}} +{{- define "wallarm-sidecar.wstorePort" -}} {{- if .Values.postanalytics.external.enabled }} -{{- required "Port of external Tarantool instance is required" .Values.postanalytics.external.port }} +{{- required "Port of external Wstore instance is required" .Values.postanalytics.external.port }} {{- else }} {{- .Values.postanalytics.service.port }} {{- end }} @@ -165,8 +165,8 @@ wallarm-sidecar-proxy Wcli arguments building */}} {{- define "wallarm-sidecar.wcli-args" -}} -"-log-level", "{{ .Values.config.cron.logLevel }}",{{ " " }} -{{- with .Values.config.cron.commands -}} +"-log-level", "{{ .Values.config.wcli.logLevel }}",{{ " " }} +{{- with .Values.config.wcli.commands -}} {{- range $name, $value := . -}} "job:{{ $name }}", "-log-level", "{{ $value.logLevel }}",{{ " " }} {{- end -}} diff --git a/helm/templates/controller-configmap.yaml b/helm/templates/controller-configmap.yaml index 7ca1762..267bbd4 100644 --- a/helm/templates/controller-configmap.yaml +++ b/helm/templates/controller-configmap.yaml @@ -17,9 +17,9 @@ data: config.yaml: |- settings: {{- toYaml .Values.config | nindent 6 }} - tarantool: - host: {{ template "wallarm-sidecar.tarantoolHost" . }} - port: {{ template "wallarm-sidecar.tarantoolPort" . }} + wstore: + host: {{ template "wallarm-sidecar.wstoreHost" . }} + port: {{ template "wallarm-sidecar.wstorePort" . }} component: name: {{ template "wallarm-sidecar.componentName" . }} version: {{ .Chart.Version }} \ No newline at end of file diff --git a/helm/templates/postanalytics-deployment.yaml b/helm/templates/postanalytics-deployment.yaml index ea1136d..c98d281 100644 --- a/helm/templates/postanalytics-deployment.yaml +++ b/helm/templates/postanalytics-deployment.yaml @@ -26,7 +26,7 @@ spec: template: metadata: annotations: - checksum/config: {{ .Values.config.cron | toJson | sha256sum }} + checksum/config: {{ .Values.config.wcli | toJson | sha256sum }} checksum/secret: {{ .Values.config.wallarm.api | toJson | sha256sum }} {{- include "wallarm-sidecar.annotations" . | nindent 8 }} {{- with .Values.postanalytics.extraAnnotations }} @@ -149,32 +149,32 @@ spec: {{- with .Values.postanalytics.supervisord.extraVolumeMounts }} {{- . | toYaml | nindent 10 }} {{- end }} - - name: tarantool + - name: wstore image: {{ include "wallarm-sidecar.image" .Values.helper.image }} imagePullPolicy: "{{ .Values.helper.image.pullPolicy }}" - args: ["tarantool"] + args: ["wstore"] env: {{- include "wallarm-sidecar.credentials" . | nindent 10 }} - name: SLAB_ALLOC_ARENA - value: {{ .Values.postanalytics.tarantool.config.arena | quote }} - {{- with .Values.postanalytics.tarantool.extraEnvs }} + value: {{ .Values.postanalytics.wstore.config.arena | quote }} + {{- with .Values.postanalytics.wstore.extraEnvs }} {{- . | toYaml | nindent 10 }} {{- end }} ports: - - name: tarantool + - name: wstore containerPort: {{ .Values.postanalytics.service.port }} protocol: TCP - {{- with .Values.postanalytics.tarantool.livenessProbe }} + {{- with .Values.postanalytics.wstore.livenessProbe }} livenessProbe: {{ . | toYaml | nindent 12 }} {{- end }} - {{- with .Values.postanalytics.tarantool.readinessProbe }} + {{- with .Values.postanalytics.wstore.readinessProbe }} readinessProbe: {{ . | toYaml | nindent 12 }} {{- end }} - {{- with .Values.postanalytics.tarantool.lifecycle }} + {{- with .Values.postanalytics.wstore.lifecycle }} lifecycle: {{ . | toYaml | nindent 12 }} {{- end }} - {{- if .Values.postanalytics.tarantool.securityContext }} - securityContext: {{ .Values.postanalytics.tarantool.securityContext | toYaml | nindent 12 }} + {{- if .Values.postanalytics.wstore.securityContext }} + securityContext: {{ .Values.postanalytics.wstore.securityContext | toYaml | nindent 12 }} {{- else }} securityContext: privileged: false @@ -186,11 +186,13 @@ spec: add: - NET_BIND_SERVICE {{- end }} - {{- with .Values.postanalytics.tarantool.resources }} + {{- with .Values.postanalytics.wstore.resources }} resources: {{ . | toYaml | nindent 12 }} {{- end }} - {{- with .Values.postanalytics.tarantool.extraVolumeMounts }} volumeMounts: + - mountPath: /opt/wallarm/etc/wallarm + name: wallarm + {{- with .Values.postanalytics.wstore.extraVolumeMounts }} {{- . | toYaml | nindent 10 }} {{- end }} - name: appstructure @@ -228,7 +230,7 @@ spec: volumeMounts: - mountPath: /opt/wallarm/etc/wallarm name: wallarm - {{- with .Values.postanalytics.tarantool.extraVolumeMounts }} + {{- with .Values.postanalytics.wstore.extraVolumeMounts }} {{- . | toYaml | nindent 10 }} {{- end }} {{- with .Values.postanalytics.extraContainers }} diff --git a/helm/templates/postanalytics-service.yaml b/helm/templates/postanalytics-service.yaml index 1565b9f..1df7b6d 100644 --- a/helm/templates/postanalytics-service.yaml +++ b/helm/templates/postanalytics-service.yaml @@ -34,9 +34,9 @@ spec: {{- include "wallarm-sidecar.selectorLabels" . | nindent 4 }} app.kubernetes.io/component: postanalytics ports: - - name: tarantool + - name: wstore port: {{ .Values.postanalytics.service.port }} - targetPort: tarantool + targetPort: wstore protocol: TCP {{- if has (.Values.postanalytics.service.type | default "ClusterIP") (list "NodePort" "LoadBalancer") -}} {{- with .Values.postanalytics.service.nodePort }} diff --git a/helm/values.yaml b/helm/values.yaml index 2c502cb..ea782e0 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -79,11 +79,11 @@ config: ### Post-analytics node endpoint configuration ### upstream: - ### Defines the number of immediate reconnects to the Tarantool or Wallarm API + ### Defines the number of immediate reconnects to the Wstore or Wallarm API ### https://docs.wallarm.com/admin-en/configure-parameters-en/#wallarm_upstream_connect_attempts ### connectAttempts: 10 - ### Defines the interval between attempts to reconnect to the Tarantool or Wallarm API + ### Defines the interval between attempts to reconnect to the Wstore or Wallarm API ### https://docs.wallarm.com/admin-en/configure-parameters-en/#wallarm_upstream_reconnect_interval ### reconnectInterval: 15s @@ -188,9 +188,9 @@ config: ### Sets the maximum number of simultaneous connections that can be opened by a worker process ### workerConnections: 4096 - ### Parameters for Tarantool upstream. Refer to upstream module docs fo details https://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream + ### Parameters for Wstore upstream. Refer to upstream module docs fo details https://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream ### - tarantoolUpstream: + postanalyticsUpstream: ### 'keepalive' parameter. Refer to docs for details https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive ### keepalive: 16 @@ -217,7 +217,7 @@ config: image: registry: docker.io image: wallarm/sidecar - tag: 5.2.11 + tag: 69634d9a # TODO: change, this is DEV wstore build, tmp for testing purposes! pullPolicy: IfNotPresent ### Shared security context for all (init and regular) containers in sidecar schema except `iptables` container. ### For `iptables` container it is described in `sidecar.initContainers.iptables.securityContext` value @@ -369,7 +369,7 @@ config: - "ssl_conf_command Ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256" ### Wcli jobs - cron: + wcli: ### General log level logLevel: warn ### Per-job log levels @@ -420,24 +420,24 @@ helper: image: registry: docker.io image: wallarm/node-helpers - tag: 5.2.11 + tag: 5.3.0-wstore pullPolicy: IfNotPresent ### Configuration for post-analytics module ### postanalytics: - ### Optional configuration of external Tarantool instance. If feature is enabled, - ### then Tarantool will not be deployed by current Helm chart, external instance will be used instead + ### Optional configuration of external Wstore instance. If feature is enabled, + ### then Wstore will not be deployed by current Helm chart, external instance will be used instead ### external: - ### Set to 'true' to use external Tarantool instance + ### Set to 'true' to use external Wstore instance ### enabled: false - ### Hostname (FQDN) or IP address of external Tarantool instance (e.g. "tarantool.domain.internal" or "10.10.0.100") + ### Hostname (FQDN) or IP address of external Wstore instance (e.g. "wstore.domain.internal" or "10.10.0.100") ### The hostname must be accessible from Kubernetes cluster where current Helm chart is installed ### host: "" - ### Number of TCP port of external Tarantool instance + ### Number of TCP port of external Wstore instance ### port: 3313 @@ -622,9 +622,9 @@ postanalytics: extraVolumeMounts: [] # - name: something # mountPath: /mnt/something - tarantool: + wstore: config: - ### The allocated memory size in GB for Tarantool in-memory storage. Detailed recommendations are provided + ### The allocated memory size in GB for Wstore in-memory storage. Detailed recommendations are provided ### here: https://docs.wallarm.com/admin-en/configuration-guides/allocate-resources-for-waf-node/ ### arena: "2.0" @@ -791,7 +791,7 @@ controller: image: registry: docker.io image: wallarm/sidecar-controller - tag: 1.6.0 + tag: 1.7.0 pullPolicy: IfNotPresent # -- Admission webhook configuration # @default -- *See below for details* diff --git a/test/smoke/functions.sh b/test/smoke/functions.sh index 5494cc8..f986e79 100644 --- a/test/smoke/functions.sh +++ b/test/smoke/functions.sh @@ -75,7 +75,7 @@ function get_controller_logs_and_fail() { echo "#####################################" echo "######## Post-analytics logs ########" echo -e "#####################################\n" - for CONTAINER in antibot appstructure supervisord tarantool ; do + for CONTAINER in antibot appstructure supervisord wstore ; do echo "#######################################" echo "###### ${CONTAINER} container logs ######" echo -e "#######################################\n" @@ -113,7 +113,7 @@ function get_logs() { echo "#################################" echo "######## Post-analytics Pod #####" echo "#################################" - for CONTAINER in appstructure supervisord tarantool ; do + for CONTAINER in appstructure supervisord wstore ; do echo "#######################################" echo "###### ${CONTAINER} container logs ######" echo -e "#######################################\n"