first commit

templates/sink-agent/_helpers.tpl

@@ -0,0 +1,76 @@
+{{- define "sink-agent.name" -}}
+{{- default "sink-agent" .Values.sinkAgent.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "sink-agent.fullname" -}}
+{{- if .Values.sinkAgent.fullnameOverride }}
+{{- .Values.sinkAgent.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default "sink-agent" .Values.sinkAgent.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+
+{{/*
+Common labels
+*/}}
+{{- define "sink-agent.labels" -}}
+{{ include "dataplane.labels" . }}
+{{ include "sink-agent.selectorLabels" . }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "sink-agent.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "sink-agent.name" . }}
+app: {{ include "sink-agent.appName" . }}
+dplane: "sink-agent"
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "sink-agent.serviceAccountName" -}}
+{{- if .Values.sinkAgent.serviceAccount.enabled }}
+{{- default (include "sink-agent.fullname" .) .Values.sinkAgent.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.sinkAgent.serviceAccount.name }}
+{{- end }}
+{{- end }}
+
+{{/*
+Custom templates start here 
+*/}}
+
+{{- define "sink-agent.appName" -}}
+{{- $name := default "sink-agent" .Values.sinkAgent.nameOverride -}}
+{{- $env := default "sink-agent" .Values.global.appEnv -}}
+{{- printf "%s-%s" $name $env  | trunc 63 | trimSuffix "-" -}}
+{{- end }}
+
+{{/*
+Image name
+*/}}
+{{- define "image.finalname" -}}
+{{- printf "%s/%s:%s" .Values.sinkAgent.image.server "sink-agent" .Chart.AppVersion }}
+{{- end }}
+
+{{/*
+Cpu min request
+*/}}
+{{- define "microserviceChart.minCpuUnits" -}}
+"
+{{- index .Values.sinkAgent.valuesPerEnvironment.cpuUnits ((pluck .Values.sinkAgent.environment .Values.sinkAgent.environments | first | default .Values.sinkAgent.environments.sandbox) | int) -}}
+m"
+{{- end }}

templates/sink-agent/calico.netpol.yaml

@@ -0,0 +1,61 @@
+{{- if .Values.sinkAgent.calicoNetpol.enabled }}
+apiVersion: projectcalico.org/v3
+kind: NetworkPolicy
+metadata:
+  name: {{ template "sink-agent.appName" .}}
+  namespace: {{ .Release.Namespace }}
+spec:
+  order: 10
+  selector: dplane == 'sink-agent'
+  types:
+    - Egress
+  egress:
+    # allow to communicate to DNS pods
+    - action: Allow
+      protocol: UDP
+      destination:
+        namespaceSelector: projectcalico.org/name == 'kube-system'
+        ports:
+          - 53
+    - action: Allow
+      protocol: TCP
+      destination:
+        namespaceSelector: projectcalico.org/name == 'kube-system'
+        ports:
+          - 53
+    # allow to communicate with k8s api server
+    - action: Allow
+      destination:
+        services:
+          name: kubernetes
+          namespace: default
+      protocol: TCP
+    ### Traffic to the internet ###
+    - action: Allow
+      protocol: TCP
+      destination: {{ toYaml .Values.sinkAgent.calicoNetpol.outboundRule | nindent 8 }}
+    ### Traffic to Valkey ###
+    {{- if .Values.valkey.enabled }}
+    - action: Allow
+      protocol: TCP
+      destination:
+      {{- if and .Values.valkey.internal.enabled .Values.valkey.internal.calicoNetpol.enabled }}
+        selector: dplane == 'valkey'
+        namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
+      {{- else if and .Values.valkey.external.enabled .Values.valkey.external.calicoNetpol.enabled }}
+        ports:
+          {{- include "dataplane.collectPorts" (dict "hosts" .Values.valkey.hosts "defaultPort" 6379) | trim | nindent 10 }}
+        {{- $rule := .Values.valkey.external.calicoNetpol.outboundRule }}
+        {{- if $rule.nets }}
+        nets:
+          {{- range $rule.nets }}
+          - {{ . }}
+          {{- end }}
+        {{- else if $rule.selector }}
+        selector: {{ $rule.selector }}
+        {{- else }}
+        namespaceSelector: projectcalico.org/name == '{{ .Release.Namespace }}'
+        {{- end }}
+      {{- end }}
+    {{- end }}
+{{- end }}

templates/sink-agent/configmap-sink-agent.yaml

@@ -0,0 +1,15 @@
+{{- if eq .Values.common.externalConfigMaps false }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "sink-agent.appName" . }}
+  namespace: {{ .Release.Namespace }}
+data:
+  environment: "{{ .Values.global.appEnv }}"
+  JAVA_OPTS: "{{ .Values.sinkAgent.javaOpts }}"
+  TERMINATION_GRACE_PERIOD_SECS: "{{ .Values.sinkAgent.terminationGracePeriodSeconds }}"
+  QUARKUS_SHUTDOWN_DELAY: "{{ .Values.sinkAgent.preStopSleepSeconds }}"
+  retention_job_purge_enabled: "{{ .Values.sinkAgent.retention_job_purge_enabled }}"
+  retention_job_purge_cron: "{{ .Values.sinkAgent.retention_job_purge_cron }}"
+  mailTriggerInterval: "{{ .Values.sinkAgent.mailTriggerInterval }}"
+{{- end }}

templates/sink-agent/deployment.yaml

@@ -0,0 +1,150 @@
+{{- if .Values.sinkAgent.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "sink-agent.appName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sink-agent.labels" . | nindent 4 }}
+spec:
+  replicas: 1
+  strategy:
+    type: {{ .Values.sinkAgent.strategy.type }}
+    rollingUpdate:
+      maxSurge: {{ .Values.sinkAgent.strategy.rollingUpdate.maxSurge }}
+      maxUnavailable: {{ .Values.sinkAgent.strategy.rollingUpdate.maxUnavailable }}
+  selector:
+    matchLabels:
+      {{- include "sink-agent.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.sinkAgent.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "sink-agent.selectorLabels" . | nindent 8 }}
+    spec:
+      terminationGracePeriodSeconds: {{ .Values.sinkAgent.terminationGracePeriodSeconds }}
+      {{- with .Values.global.image.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.sinkAgent.serviceAccount.enabled }}
+      serviceAccountName: {{ include "sink-agent.serviceAccountName" . }}
+      {{- end }}
+      {{- if .Values.sinkAgent.podSecurityContextEnabled }}
+      securityContext:
+        {{- toYaml .Values.sinkAgent.podSecurityContext | nindent 8 }}
+      {{- end }}
+      dnsConfig:
+        options:
+          - name: use-vc
+      initContainers:
+        - name: {{ .Chart.Name }}-init
+          securityContext:
+            {{- toYaml .Values.sinkAgent.securityContext | nindent 12 }}
+          image: "{{ default .Values.global.image.repository .Values.global.alpinetools.image.repository }}/{{ .Values.global.alpinetools.image.name }}:{{ .Values.global.alpinetools.image.tag }}"
+          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  apiVersion: v1
+                  fieldPath: metadata.name
+          envFrom:
+            - configMapRef:
+                name: configmap-common
+          volumeMounts:
+            - name: {{ .Values.global.volumeStorageName }}
+              mountPath: /efs
+          command:
+            - "/bin/sh"
+            - "-c"
+            - |
+              {{- if .Values.valkey.internal.enabled }}
+              {{ include "dataplane.commonInit" (dict "context" . "valkeyOnly" true "internal" true "replicas" .Values.valkey.internal.clusterSize) | nindent 14 }}
+              {{- else if .Values.valkey.external.enabled }}
+              {{ include "dataplane.commonInit" (dict "context" . "valkeyOnly" true) | nindent 14 }}
+              {{- end }}
+
+              {{- if .Values.fluentBit.enabled }}
+              {{ include "dataplane.createLogDirectory" (dict "serviceName" "sinkagent" "efsRoot" "${efs_root}" "podName" "${POD_NAME}" "additionalPathParam" "") | nindent 14 }}
+              {{- end }}
+          {{- with .Values.global.initContainers.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      containers:
+        - name: {{ template "sink-agent.appName" . }}
+          securityContext:
+            {{- toYaml .Values.sinkAgent.securityContext | nindent 12 }}
+          image: "{{ default .Values.global.image.repository .Values.sinkAgent.image.repository }}/{{ .Values.sinkAgent.image.name }}:{{ .Values.sinkAgent.image.buildTag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.global.image.pullPolicy }}
+          envFrom:
+            - secretRef:
+                name: {{ .Values.common.clusterDetails.name }}
+            {{- if .Values.common.email_authentication }}
+            - secretRef:
+                name: {{ .Values.common.fromMail.name }}
+            {{- end }}
+            {{- if .Values.valkey.enabled }}
+            - secretRef:
+                name: {{ .Values.common.datagridCredentials.name }}
+            {{- end }}
+            - configMapRef:
+                name: configmap-common
+            - configMapRef:
+                name: {{ template "sink-agent.appName" . }}
+          env:
+            - name: POD_NAME
+              valueFrom:
+                fieldRef:
+                  fieldPath: metadata.name
+            - name: local_ip
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
+            {{- with .Values.sinkAgent.env }}
+              {{- toYaml . | nindent 12 }}
+            {{- end }}
+          ports:
+            - containerPort: 5555
+              name: agent
+            - containerPort: 8080
+              name: internal
+          volumeMounts:
+            - name: {{ .Values.global.volumeStorageName }}
+              mountPath: /efs
+            - name: tmpdir
+              mountPath: /tmp
+          resources:
+            {{- toYaml .Values.sinkAgent.resources | nindent 12 }}
+          startupProbe:
+            {{ toYaml .Values.sinkAgent.startupProbe | nindent 12 }}
+          livenessProbe:
+            {{ toYaml .Values.sinkAgent.livenessProbe | nindent 12 }}
+          readinessProbe:
+            {{ toYaml .Values.sinkAgent.readinessProbe | nindent 12 }}
+          livenessProbe: {{- toYaml .Values.sinkAgent.livenessProbe | nindent 12 }}
+          startupProbe: {{- toYaml .Values.sinkAgent.startupProbe | nindent 12 }}
+          readinessProbe: {{- toYaml .Values.sinkAgent.readinessProbe | nindent 12 }}
+      volumes:
+      - name: tmpdir
+        emptyDir: {}
+      - name: {{ .Values.global.volumeStorageName}}
+        persistentVolumeClaim:
+          claimName: {{ .Release.Namespace }}-{{ .Values.global.claimName }}
+      {{- with .Values.sinkAgent.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.sinkAgent.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.sinkAgent.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}

templates/sink-agent/poddisruptionbudget.yaml

@@ -0,0 +1,12 @@
+{{- if .Values.sinkAgent.podDisruptionBudget.enabled }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ template "sink-agent.appName" . }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  minAvailable: {{ .Values.sinkAgent.podDisruptionBudget.minPods }}
+  selector:
+    matchLabels:
+      dplane: {{ .Chart.Name }}
+{{- end}}

templates/sink-agent/role.yaml

@@ -0,0 +1,7 @@
+{{- if ( and .Values.sinkAgent.serviceAccount.enabled ( not .Values.sinkAgent.serviceAccount.preexisting ) ) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: {{ template "sink-agent.name" . }}-role
+rules: []
+{{- end }}

templates/sink-agent/roleBinding.yaml

@@ -0,0 +1,14 @@
+{{- if ( and .Values.sinkAgent.serviceAccount.enabled ( not .Values.sinkAgent.serviceAccount.preexisting ) ) -}}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: {{ template "sink-agent.name" . }}-role-binding
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: {{ template "sink-agent.name" . }}-role
+subjects:
+  - kind: ServiceAccount
+    name: {{ .Values.sinkAgent.serviceAccount.enabled | ternary .Values.sinkAgent.serviceAccount.name "default" }}
+    namespace: {{ .Release.Namespace }}
+{{- end }}

templates/sink-agent/service.yaml

@@ -0,0 +1,18 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ template "sink-agent.appName" . }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    {{- include "sink-agent.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.sinkAgent.service.type }}
+  selector:
+    {{- include "sink-agent.selectorLabels" . | nindent 4 }}
+  ports:
+    {{- range $port := .Values.sinkAgent.service.ports }}
+    - name: {{ $port.name }}
+      protocol: {{ $port.protocol }}
+      port: {{ $port.port }}
+      targetPort: {{ $port.targetPort }}
+    {{- end }}

templates/sink-agent/serviceaccount.yaml

@@ -0,0 +1,13 @@
+{{- if ( and .Values.sinkAgent.serviceAccount.enabled ( not .Values.sinkAgent.serviceAccount.preexisting ) ) -}}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: {{ include "sink-agent.serviceAccountName" . }}
+  labels:
+    {{- include "sink-agent.labels" . | nindent 4 }}
+  {{- with .Values.sinkAgent.serviceAccount.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+automountServiceAccountToken: {{ .Values.sinkAgent.serviceAccount.automountServiceAccountToken }}
+{{- end }}