Skip to content

Comments

Adapt wire-server charts so they can be used to run wire cloud#2347

Merged
akshaymankar merged 15 commits intodevelopfrom
akshaymankar/charts-sts-service-accounts
May 5, 2022
Merged

Adapt wire-server charts so they can be used to run wire cloud#2347
akshaymankar merged 15 commits intodevelopfrom
akshaymankar/charts-sts-service-accounts

Conversation

@akshaymankar
Copy link
Member

@akshaymankar akshaymankar commented May 2, 2022
edited by jschaul
Loading

charts/{brig,cargohol,galley,gundeck}: Allow not configuring AWS credentials and allow using a special service account.
This way, when operating wire in AWS cloud either instance profiles or IAM role attached to a service account can be used to communicate with AWS.

Allow new configurations in the brig chart:

  • config.emailSMS.user.invitationUrl
  • config.emailSMS.team.tInvitationUrl
  • config.emailSMS.team.tActivationUrl
  • config.emailSMS.team.tCreatorWelcomeUrl
  • config.emailSMS.team.tMemberWelcomeUrl
  • config.setProviderSearchFilter
  • config.setWhitelist
  • config.setFeatureFlags
  • config.setCustomerExtensions

If any values in config.emailSMS.team are specified, all must be specified.

Allow new configurations in the gundeck chart:

  • config.perNativePushConcurrency
  • config.maxConcurrentNativePushes.soft
  • config.maxConcurrentNativePushes.hard

Other changes:

  • Default maxTeamSize changed from 500 to 10000. (larger teams have been supported by wire-server code for a while; but the default value had not been increased yet)

Checklist

  • The PR Title explains the impact of the change.
  • The PR description provides context as to why the change should occur and what the code contributes to that effect. This could also be a link to a JIRA ticket or a Github issue, if there is one.
  • If this PR changes development workflow or dependencies, they have been A) automated and B) documented under docs/developer/. All efforts have been taken to minimize development setup breakage or slowdown for co-workers.
  • If HTTP endpoint paths have been added or renamed, the endpoint / config-flag checklist (see Wire-employee only backend wiki page) has been followed.
  • If a cassandra schema migration has been added, I ran make git-add-cassandra-schema to update the cassandra schema documentation.
  • changelog.d contains the following bits of information (details):
    • A file with the changelog entry in one or more suitable sub-sections. The sub-sections are marked by directories inside changelog.d.
    • If new config options introduced: added usage description under docs/reference/config-options.md
    • If new config options introduced: recommended measures to be taken by on-premise instance operators.
    • If a cassandra schema migration is backwards incompatible (see also these docs), measures to be taken by on-premise instance operators are explained.
    • If a data migration (not schema migration) introduced: measures to be taken by on-premise instance operators.
    • If public end-points have been changed or added: does nginz need un upgrade?
    • If internal end-points have been added or changed: which services have to be deployed in a specific order?

@akshaymankar
charts/galley: Optional AWS creds, allow setting serviceAccountName
4764f28 
This commit also removes the unnecessarily mounted secret. All the information
in the secret gets exposed as environment variable anyway.
@akshaymankar
charts/gundeck: Optional AWS creds, allow setting serviceAccountName
c9fcc21 
This commit also removes the unnecessarily mounted secret. All the information
in the secret gets exposed as environment variable anyway.
@akshaymankar
charts/cargohold: Optional AWS creds, allow setting serviceAccountName
bb71197
@akshaymankar
charts/brig: Optional AWS creds, allow setting serviceAccountName
9d068c9
@akshaymankar akshaymankar temporarily deployed to cachix May 2, 2022 12:17 Inactive
@akshaymankar akshaymankar temporarily deployed to cachix May 3, 2022 09:57 Inactive
@akshaymankar akshaymankar temporarily deployed to cachix May 3, 2022 09:57 Inactive
@akshaymankar akshaymankar temporarily deployed to cachix May 3, 2022 10:33 Inactive
@akshaymankar akshaymankar temporarily deployed to cachix May 3, 2022 10:33 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:10 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:10 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:31 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:31 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:46 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:46 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:48 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:48 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:56 Inactive
@jschaul jschaul temporarily deployed to cachix May 3, 2022 14:56 Inactive
jschaul
jschaul approved these changes May 3, 2022
View reviewed changes
Copy link
Member

@jschaul jschaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This iteration of helm chart changes is working, LGTM.

A changelog entry would be nice to add, though.

@jschaul jschaul requested a review from flokli May 3, 2022 16:44
@jschaul
Copy link
Member

jschaul commented May 3, 2022

CI seems to be failing though, still.

@akshaymankar akshaymankar temporarily deployed to cachix May 4, 2022 14:16 Inactive
@akshaymankar akshaymankar temporarily deployed to cachix May 5, 2022 10:31 Inactive
@akshaymankar akshaymankar changed the title charts: Allow not configuring aws creds in charts and allow configuring service account name Adapt wire-server charts so they can be used to run wire cloud May 5, 2022
@akshaymankar akshaymankar marked this pull request as ready for review May 5, 2022 10:31
@akshaymankar akshaymankar force-pushed the akshaymankar/charts-sts-service-accounts branch from c8ed846 to edfed93 Compare May 5, 2022 10:32
@akshaymankar akshaymankar temporarily deployed to cachix May 5, 2022 10:32 Inactive
jschaul
jschaul approved these changes May 5, 2022
View reviewed changes
Copy link
Member

@jschaul jschaul left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good, thanks for the detailed description!

@akshaymankar akshaymankar merged commit d6afad0 into develop May 5, 2022
@akshaymankar akshaymankar deleted the akshaymankar/charts-sts-service-accounts branch May 5, 2022 11:46
flokli
flokli reviewed May 5, 2022
View reviewed changes
changelog.d/2-features/no-aws-creds
@@ -0,0 +1,2 @@
charts/{brig,cargohol,galley,gundeck}: Allow not configuring AWS credentials and allow using a special service account.
Copy link
Contributor

@flokli flokli May 5, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/cargohol/cargohold

small typo

Copy link
Member Author

@akshaymankar akshaymankar May 17, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed here: #2399

@zebot zebot mentioned this pull request May 18, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jschaul jschaul jschaul approved these changes

+1 more reviewer

@flokli flokli flokli left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@akshaymankar @jschaul @flokli