cscott/amplify-fusion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Conan Scott
2026-01-21 17:37:42 +11:00
commit bd1ed71ac4
142 changed files with 18994 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
templates/orchestrator/NOTES.txt Normal file
View File

@@ -0,0 +1,8 @@
Thank you for installing the {{ .Chart.Name }} chart for the Amplify Integration Platform.
Your release is named {{ .Release.Name }}.
To learn more about the release, try:
$ helm status {{ .Release.Name }}
$ helm get all {{ .Release.Name }}

76
templates/orchestrator/_helpers.tpl Normal file
View File

@@ -0,0 +1,76 @@
{{- define "orchestrator.name" -}}
{{- default "orchestrator" .Values.orchestrator.nameOverride | trunc 63 | trimSuffix "-" }}
{{- end }}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "orchestrator.fullname" -}}
{{- if .Values.orchestrator.fullnameOverride }}
{{- .Values.orchestrator.fullnameOverride | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- $name := default "orchestrator" .Values.orchestrator.nameOverride }}
{{- if contains $name .Release.Name }}
{{- .Release.Name | trunc 63 | trimSuffix "-" }}
{{- else }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}
{{- end }}
{{/*
Common labels
*/}}
{{- define "orchestrator.labels" -}}
{{ include "dataplane.labels" . }}
{{ include "orchestrator.selectorLabels" . }}
{{- end }}
{{/*
Selector labels
*/}}
{{- define "orchestrator.selectorLabels" -}}
app.kubernetes.io/name: {{ include "orchestrator.name" . }}
app: {{ include "orchestrator.appName" . }}
dplane: "orchestrator"
{{- end }}
{{/*
Create the name of the service account to use
*/}}
{{- define "orchestrator.serviceAccountName" -}}
{{- if .Values.orchestrator.serviceAccount.enabled }}
{{- default (include "orchestrator.fullname" .) .Values.orchestrator.serviceAccount.name }}
{{- else }}
{{- default "default" .Values.orchestrator.serviceAccount.name }}
{{- end }}
{{- end }}
{{/*
Custom templates start here
*/}}
{{- define "orchestrator.appName" -}}
{{- $name := default "orchestrator" .Values.orchestrator.nameOverride -}}
{{- $env := default "orchestrator" .Values.global.appEnv -}}
{{- printf "%s-%s" $name $env | trunc 63 | trimSuffix "-" -}}
{{- end }}
{{/*
Image name
*/}}
{{- define "image.finalname" -}}
{{- printf "%s/%s:%s" .Values.orchestrator.image.server "orchestrator" .Chart.AppVersion }}
{{- end }}
{{/*
Cpu min request
*/}}
{{- define "microserviceChart.minCpuUnits" -}}
"
{{- index .Values.orchestrator.valuesPerEnvironment.cpuUnits ((pluck .Values.orchestrator.environment .Values.orchestrator.environments | first | default .Values.orchestrator.environments.sandbox) | int) -}}
m"
{{- end }}

80
templates/orchestrator/calico.netpol.yaml Normal file
View File

@@ -0,0 +1,80 @@
{{- if .Values.orchestrator.calicoNetpol.enabled }}
apiVersion: projectcalico.org/v3
kind: NetworkPolicy
metadata:
name: {{ template "orchestrator.appName" .}}
namespace: {{ .Release.Namespace }}
spec:
order: 10
selector: dplane == 'orchestrator'
types:
- Ingress
- Egress
ingress:
### traffic from inbound-worker & orchestrator###
- action: Allow
protocol: TCP
source:
selector: dplane == 'orchestrator' || dplane == 'inbound-worker' || dplane == 'envoy'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
destination:
ports:
{{- range .Values.orchestrator.service.ports}}
- {{ .targetPort }}
{{- end}}
egress:
# allow to communicate to DNS pods
- action: Allow
protocol: UDP
destination:
namespaceSelector: projectcalico.org/name == 'kube-system'
ports:
- 53
- action: Allow
protocol: TCP
destination:
namespaceSelector: projectcalico.org/name == 'kube-system'
ports:
- 53
### Traffic to Valkey ###
{{- if .Values.valkey.enabled }}
- action: Allow
protocol: TCP
destination:
{{- if and .Values.valkey.internal.enabled .Values.valkey.internal.calicoNetpol.enabled }}
selector: dplane == 'valkey'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
{{- else if and .Values.valkey.external.enabled .Values.valkey.external.calicoNetpol.enabled }}
ports:
{{- include "dataplane.collectPorts" (dict "hosts" .Values.valkey.hosts "defaultPort" 6379) | trim | nindent 10 }}
{{- $rule := .Values.valkey.external.calicoNetpol.outboundRule }}
{{- if $rule.nets }}
nets:
{{- range $rule.nets }}
- {{ . }}
{{- end }}
{{- else if $rule.selector }}
selector: {{ $rule.selector }}
{{- else }}
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
{{- end }}
{{- end }}
{{- end }}
### Traffic to inbound-worker ###
- action: Allow
protocol: TCP
destination:
selector: dplane == 'inbound-worker'
namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
# allow to communicate with k8s api server
- action: Allow
destination:
services:
name: kubernetes
namespace: default
protocol: TCP
### Traffic to the internet ###
- action: Allow
protocol: TCP
destination: {{ toYaml .Values.orchestrator.calicoNetpol.outboundRule | nindent 8 }}
{{- end}}

52
templates/orchestrator/configmap.yaml Normal file
View File

@@ -0,0 +1,52 @@
{{- if eq .Values.common.externalConfigMaps false }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ template "orchestrator.appName" . }}
namespace: {{ .Release.Namespace }}
data:
kubernetes_service_name: {{ template "orchestrator.appName" . }}
domain: "{{ .Values.global.external_domain }}"
jwtExpirationTimeout: "{{ .Values.orchestrator.jwtExpirationTimeout }}"
environment: {{ .Values.global.appEnv }}
txn_log_base_path: "{{ .Values.orchestrator.hostPath.enabled | ternary .Values.orchestrator.txn_log_base_path .Values.orchestrator.efs_txn_log_path }}"
{{- if .Values.orchestrator.hostPath.enabled }}
ebs_root: "{{ .Values.orchestrator.ebs_root }}"
{{- end }}
JAVA_OPTS: "{{ .Values.orchestrator.javaOpts }}"
orchestrator_service: "{{ .Chart.Name }}-{{ .Values.global.appEnv }}"
max_executions_limit: "{{ .Values.orchestrator.max_executions_limit }}"
critical_memory_buffer: "{{ .Values.orchestrator.critical_memory_buffer }}"
enable_legacy_tls: "{{ .Values.orchestrator.enable_legacy_tls }}"
k8_namespace: {{ .Release.Namespace }}
stale_process_interval: "{{ .Values.orchestrator.stale_process_interval }}"
QUARKUS_LOG_CONSOLE_LEVEL: "{{ .Values.orchestrator.QUARKUS_LOG_CONSOLE_LEVEL }}"
TERMINATION_GRACE_PERIOD_SECS: "{{ .Values.orchestrator.terminationGracePeriodSeconds }}"
QUARKUS_SHUTDOWN_DELAY: "{{ .Values.orchestrator.preStopSleepSeconds }}"
{{- range .Values.orchestrator.service.ports }}
{{- if eq .name "grpc-port" }}
QUARKUS_GRPC_PORT: {{ .port | quote }}
{{- end }}
{{- end }}
max_payload_size_kbs: "{{ .Values.orchestrator.max_payload_size_kbs }}"
heartbeat_time_interval_sec: "{{ .Values.orchestrator.heartbeat_time_interval_sec}}"
heartbeat_timeout_sec: "{{ .Values.orchestrator.heartbeat_timeout_sec }}"
{{- if eq .Values.orchestrator.aws.enabled true }}
Access_Key: {{ .Values.orchestrator.aws.Access_Key }}
Secret_Key: {{ .Values.orchestrator.aws.Secret_Key }}
region: {{ .Values.orchestrator.aws.Region }}
{{- end }}
{{- if .Values.orchestrator.cidr_range }}
cidr_range: "{{ .Values.orchestrator.cidr_range }}"
{{- end }}
{{- if .Values.orchestrator.enable_legacy_tls }}
LEGACY_OPTS: " -Djava.security.properties=/app/java.security.with-TLSv1TLSv1.1 "
{{- else }}
LEGACY_OPTS : ""
{{- end }}
{{- if .Values.orchestrator.sap_enabled }}
CLASSPATH: "{{ .Values.orchestrator.sap_lib_directory }}/*:/app/orchestrator.jar"
{{- else }}
CLASSPATH: "/app/orchestrator.jar"
{{- end }}
{{- end }}

185
templates/orchestrator/deployment.tpl Normal file
View File

@@ -0,0 +1,185 @@
{{- define "orchestrator.deployment" -}}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ template "orchestrator.appName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "orchestrator.labels" . | nindent 4 }}
spec:
{{- if not .Values.orchestrator.autoscaling.enabled }}
replicas: {{ .Values.orchestrator.replicaCount }}
{{- end }}
strategy:
type: {{ .Values.orchestrator.strategy.type }}
rollingUpdate:
maxSurge: {{ .Values.orchestrator.strategy.rollingUpdate.maxSurge }}
maxUnavailable: {{ .Values.orchestrator.strategy.rollingUpdate.maxUnavailable }}
selector:
matchLabels:
{{- include "orchestrator.selectorLabels" . | nindent 6 }}
template:
metadata:
{{- with .Values.orchestrator.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "orchestrator.selectorLabels" . | nindent 8 }}
spec:
terminationGracePeriodSeconds: {{ .Values.orchestrator.terminationGracePeriodSeconds }}
{{- with .Values.global.image.imagePullSecrets }}
imagePullSecrets:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.orchestrator.serviceAccount.enabled }}
serviceAccountName: {{ include "orchestrator.serviceAccountName" . }}
{{- end }}
{{- if .Values.orchestrator.podSecurityContextEnabled }}
securityContext: {{- toYaml .Values.orchestrator.podSecurityContext| nindent 8 }}
{{- end }}
dnsConfig:
options:
- name: use-vc
initContainers:
- name: {{ .Chart.Name }}-init
securityContext:
{{- toYaml .Values.orchestrator.securityContext | nindent 12 }}
image: "{{ default .Values.global.image.repository .Values.global.alpinetools.image.repository }}/{{ .Values.global.alpinetools.image.name }}:{{ .Values.global.alpinetools.image.tag }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
volumeMounts:
- name: {{ .Values.global.volumeStorageName }}
mountPath: /efs
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
envFrom:
- configMapRef:
name: configmap-common
command:
- "/bin/sh"
- "-c"
- |
{{- if .Values.valkey.internal.enabled }}
{{ include "dataplane.commonInit" (dict "context" . "buildTag" .Values.orchestrator.image.buildTag "internal" true "replicas" .Values.valkey.internal.clusterSize) | nindent 14 }}
{{- else if .Values.valkey.external.enabled }}
{{ include "dataplane.commonInit" (dict "context" . "buildTag" .Values.orchestrator.image.buildTag) | nindent 14 }}
{{- end }}
{{- if .Values.fluentBit.enabled }}
{{ include "dataplane.createLogDirectory" (dict "serviceName" "ir" "efsRoot" "${efs_root}" "podName" "${POD_NAME}" "additionalPathParam" "") | nindent 14 }}
{{- end }}
{{- with .Values.global.initContainers.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
containers:
- name: {{ template "orchestrator.appName" . }}
securityContext:
{{- toYaml .Values.orchestrator.securityContext | nindent 12 }}
image: "{{ default .Values.global.image.repository .Values.orchestrator.image.repository }}/{{ .Values.orchestrator.image.name }}:{{ .Values.orchestrator.image.buildTag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.global.image.pullPolicy }}
envFrom:
{{- if .Values.common.email_authentication }}
- secretRef:
name: {{ .Values.common.fromMail.name }}
{{- end }}
- configMapRef:
name: {{ template "orchestrator.appName" . }}
- configMapRef:
name: configmap-common
{{- if .Values.valkey.enabled }}
- secretRef:
name: {{ .Values.common.datagridCredentials.name }}
{{- end }}
env:
- name: POD_NAME
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: metadata.name
- name: local_ip
valueFrom:
fieldRef:
apiVersion: v1
fieldPath: status.podIP
- name: orchestrator_service
value: orchestrator-{{ .Values.global.appEnv }}.{{ .Release.Namespace }}.svc.cluster.local
{{- with .Values.orchestrator.env }}
{{- toYaml . | nindent 12 }}
{{- end }}
ports:
- containerPort: 1919
name: port1
protocol: TCP
- containerPort: 50051
name: grpc
protocol: TCP
- containerPort: 50052
name: sse
protocol: TCP
volumeMounts:
- name: {{ .Values.global.volumeStorageName }}
mountPath: /efs
- name: tmpdir
mountPath: /tmp
{{- if .Values.orchestrator.hostPath.enabled }}
- name: payloads-txn-data
mountPath: "{{ .Values.orchestrator.ebs_root }}"
- name: txn-log-base-path
mountPath: "{{ .Values.orchestrator.txn_log_base_path }}"
{{- end }}
{{- if .Values.orchestrator.connectors.nfs.enabled }}
{{- range $index, $volume := .Values.orchestrator.connectors.nfs.volumes -}}
{{- with $volume }}
- name: "connector-nfs-{{ $index }}"
mountPath: "/connectors/nfs/{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
resources:
{{- toYaml .Values.orchestrator.resources | nindent 12 }}
livenessProbe: {{- toYaml .Values.orchestrator.livenessProbe | nindent 12 }}
startupProbe: {{- toYaml .Values.orchestrator.startupProbe | nindent 12 }}
readinessProbe: {{- toYaml .Values.orchestrator.readinessProbe | nindent 12 }}
volumes:
- name: tmpdir
emptyDir: {}
{{- if .Values.orchestrator.hostPath.enabled }}
- name: payloads-txn-data
hostPath:
path: /local/dx-data/data
type: DirectoryOrCreate
- name: txn-log-base-path
hostPath:
path: /local/dx-data/logs
type: DirectoryOrCreate
{{- end }}
- name: {{ .Values.global.volumeStorageName }}
persistentVolumeClaim:
claimName: {{ .Release.Namespace }}-{{ .Values.global.claimName }}
{{- if .Values.orchestrator.connectors.nfs.enabled }}
{{- range $index, $volume := .Values.orchestrator.connectors.nfs.volumes -}}
{{- with $volume }}
- name: "connector-nfs-{{ $index }}"
persistentVolumeClaim:
claimName: "ampint-connector-nfs-pvc-{{ .name }}"
{{- end }}
{{- end }}
{{- end }}
{{- with .Values.orchestrator.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.orchestrator.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.orchestrator.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end -}}

3
templates/orchestrator/deployment.yaml Normal file
View File

@@ -0,0 +1,3 @@
{{- if and .Values.orchestrator.enabled (ne (include "parent.dataplaneMode" . ) "shared") }}
{{- include "orchestrator.deployment" . }}
{{- end }}

35
templates/orchestrator/hpa.tpl Normal file
View File

@@ -0,0 +1,35 @@
{{- define "orchestrator.hpa" -}}
{{- if .Values.orchestrator.autoscaling.enabled -}}
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
name: {{ template "orchestrator.appName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "orchestrator.labels" . | nindent 4 }}
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: {{ template "orchestrator.appName" . }}
minReplicas: {{ .Values.orchestrator.autoscaling.minReplicas }}
maxReplicas: {{ .Values.orchestrator.autoscaling.maxReplicas }}
metrics:
{{- if .Values.orchestrator.autoscaling.targetCPUUtilizationPercentage }}
- type: Resource
resource:
name: cpu
target:
type: Utilization
averageUtilization: {{ .Values.orchestrator.autoscaling.targetCPUUtilizationPercentage }}
{{- end }}
{{- if .Values.orchestrator.autoscaling.targetMemoryUtilizationPercentage }}
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: {{ .Values.orchestrator.autoscaling.targetMemoryUtilizationPercentage }}
{{- end }}
{{- end }}
{{- end -}}

3
templates/orchestrator/hpa.yaml Normal file
View File

@@ -0,0 +1,3 @@
{{- if ne (include "parent.dataplaneMode" . ) "shared" }}
{{- include "orchestrator.hpa" . }}
{{- end }}

37
templates/orchestrator/persistentVolume-connector-nfs.yaml Normal file
View File

@@ -0,0 +1,37 @@
{{- if .Values.orchestrator.connectors.nfs.enabled }}
{{- range $index, $volume := .Values.orchestrator.connectors.nfs.volumes -}}
{{- if and $volume.name $volume.server $volume.share $volume.mountOptions }}
apiVersion: v1
kind: PersistentVolume
metadata:
name: "{{ $.Release.Namespace }}-connector-nfs-pv-{{ $volume.name }}"
namespace: {{ $.Release.Namespace }}
spec:
capacity:
storage: 10Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
storageClassName: ""
claimRef:
name: "ampint-connector-nfs-pvc-{{ $volume.name }}"
namespace: {{ $.Release.Namespace }}
mountOptions: {{ toYaml $volume.mountOptions | nindent 2 }}
{{- if eq $.Values.orchestrator.connectors.nfs.mode "csi" }}
csi:
driver: nfs.csi.k8s.io
readOnly: false
volumeHandle: "{{ $volume.server }}{{ $volume.share }}{{ $volume.name }}"
volumeAttributes:
server: {{ $volume.server }}
share: {{ $volume.share }}
{{- else }}
nfs:
server: {{ $volume.server }}
path: {{ $volume.share }}
{{- end }}
---
{{- end }}
{{- end }}
{{- end }}

18
templates/orchestrator/persistentVolumeClaim-connector-nfs.yaml Normal file
View File

@@ -0,0 +1,18 @@
{{- if .Values.orchestrator.connectors.nfs.enabled }}
{{- range $index, $volume := .Values.orchestrator.connectors.nfs.volumes -}}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: "ampint-connector-nfs-pvc-{{ $volume.name }}"
namespace: {{ $.Release.Namespace }}
spec:
accessModes:
- ReadWriteMany
storageClassName: ""
volumeName: "{{ $.Release.Namespace }}-connector-nfs-pv-{{ $volume.name }}"
resources:
requests:
storage: 2Gi
---
{{- end }}
{{- end }}

14
templates/orchestrator/poddisruptionbudget.tpl Normal file
View File

@@ -0,0 +1,14 @@
{{- define "orchestrator.podDisruptionBudget" -}}
{{- if .Values.orchestrator.podDisruptionBudget.enabled -}}
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: {{ template "orchestrator.appName" . }}
namespace: {{ .Release.Namespace }}
spec:
minAvailable: {{ .Values.orchestrator.podDisruptionBudget.minPods }}
selector:
matchLabels:
{{- include "orchestrator.selectorLabels" . | nindent 6 }}
{{- end }}
{{- end -}}

3
templates/orchestrator/poddisruptionbudget.yaml Normal file
View File

@@ -0,0 +1,3 @@
{{- if ne (include "parent.dataplaneMode" . ) "shared" }}
{{- include "orchestrator.podDisruptionBudget" . }}
{{- end }}

14
templates/orchestrator/role.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if ( and .Values.orchestrator.serviceAccount.enabled ( not .Values.orchestrator.serviceAccount.preexisting ) ) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: {{ template "orchestrator.name" . }}-role
rules:
- apiGroups:
- ""
resources:
- pods
verbs:
- get
- list
{{- end }}

14
templates/orchestrator/roleBinding.yaml Normal file
View File

@@ -0,0 +1,14 @@
{{- if ( and .Values.orchestrator.serviceAccount.enabled ( not .Values.orchestrator.serviceAccount.preexisting ) ) -}}
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: {{ template "orchestrator.name" . }}-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: {{ template "orchestrator.name" . }}-role
subjects:
- kind: ServiceAccount
name: {{ .Values.orchestrator.serviceAccount.enabled | ternary .Values.orchestrator.serviceAccount.name "default" }}
namespace: {{ .Release.Namespace }}
{{- end }}

20
templates/orchestrator/service.tpl Normal file
View File

@@ -0,0 +1,20 @@
{{- define "orchestrator.service" -}}
apiVersion: v1
kind: Service
metadata:
name: {{ template "orchestrator.appName" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "orchestrator.labels" . | nindent 4 }}
spec:
clusterIP: None
selector:
{{- include "orchestrator.selectorLabels" . | nindent 4 }}
ports:
{{- range $port := .Values.orchestrator.service.ports }}
- name: {{ $port.name }}
protocol: {{ $port.protocol }}
port: {{ $port.port }}
targetPort: {{ $port.targetPort }}
{{- end }}
{{- end -}}

3
templates/orchestrator/service.yaml Normal file
View File

@@ -0,0 +1,3 @@
{{- if and .Values.orchestrator.enabled (ne (include "parent.dataplaneMode" . ) "shared") }}
{{- include "orchestrator.service" . }}
{{- end }}

13
templates/orchestrator/serviceaccount.yaml Normal file
View File

@@ -0,0 +1,13 @@
{{- if ( and .Values.orchestrator.serviceAccount.enabled ( not .Values.orchestrator.serviceAccount.preexisting ) ) -}}
apiVersion: v1
kind: ServiceAccount
metadata:
name: {{ include "orchestrator.serviceAccountName" . }}
labels:
{{- include "orchestrator.labels" . | nindent 4 }}
{{- with .Values.orchestrator.serviceAccount.annotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
automountServiceAccountToken: {{ .Values.orchestrator.serviceAccount.automountServiceAccountToken }}
{{- end }}