From 4764f285b189133578fca9a5599c26e7b990996e Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Mon, 2 May 2022 14:04:29 +0200 Subject: [PATCH 01/15] charts/galley: Optional AWS creds, allow setting serviceAccountName This commit also removes the unnecessarily mounted secret. All the information in the secret gets exposed as environment variable anyway. --- charts/galley/templates/deployment.yaml | 10 +++++----- charts/galley/templates/secret.yaml | 2 ++ charts/galley/values.yaml | 2 ++ 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/charts/galley/templates/deployment.yaml b/charts/galley/templates/deployment.yaml index 9f38c9a4d7..b7a1e6a2a6 100644 --- a/charts/galley/templates/deployment.yaml +++ b/charts/galley/templates/deployment.yaml @@ -27,23 +27,22 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: + {{- if hasKey .Values "serviceAccountName" }} + serviceAccountName: {{ .Values.serviceAccountName }} + {{- end }} volumes: - name: "galley-config" configMap: name: "galley" - - name: "galley-secrets" - secret: - secretName: "galley" containers: - name: galley image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} volumeMounts: - - name: "galley-secrets" - mountPath: "/etc/wire/galley/secrets" - name: "galley-config" mountPath: "/etc/wire/galley/conf" env: + {{- if hasKey .Values.secrets "awsKeyId" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -54,6 +53,7 @@ spec: secretKeyRef: name: galley key: awsSecretKey + {{- end }} - name: AWS_REGION value: "{{ .Values.config.aws.region }}" {{- with .Values.config.proxy }} diff --git a/charts/galley/templates/secret.yaml b/charts/galley/templates/secret.yaml index 0579bd5e4c..449be3903f 100644 --- a/charts/galley/templates/secret.yaml +++ b/charts/galley/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if hasKey .Values.secrets "awsKeyId" }} apiVersion: v1 kind: Secret metadata: @@ -13,3 +14,4 @@ data: awsKeyId: {{ .awsKeyId | b64enc | quote }} awsSecretKey: {{ .awsSecretKey | b64enc | quote }} {{- end }} +{{- end }} diff --git a/charts/galley/values.yaml b/charts/galley/values.yaml index 91f5d52384..50936a7960 100644 --- a/charts/galley/values.yaml +++ b/charts/galley/values.yaml @@ -48,3 +48,5 @@ config: aws: region: "eu-west-1" proxy: {} + +# serviceAccountName: From c9fcc2157d9672f5132b6228d86e505a7d819587 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Mon, 2 May 2022 14:07:58 +0200 Subject: [PATCH 02/15] charts/gundeck: Optional AWS creds, allow setting serviceAccountName This commit also removes the unnecessarily mounted secret. All the information in the secret gets exposed as environment variable anyway. --- charts/gundeck/templates/deployment.yaml | 10 +++++----- charts/gundeck/templates/secret.yaml | 2 ++ charts/gundeck/values.yaml | 1 + 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/charts/gundeck/templates/deployment.yaml b/charts/gundeck/templates/deployment.yaml index 6bf4104a4d..a2bab470be 100644 --- a/charts/gundeck/templates/deployment.yaml +++ b/charts/gundeck/templates/deployment.yaml @@ -27,23 +27,22 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: + {{- if hasKey .Values "serviceAccountName" }} + serviceAccountName: {{ .Values.serviceAccountName }} + {{- end }} volumes: - name: "gundeck-config" configMap: name: "gundeck" - - name: "gundeck-secrets" - secret: - secretName: "gundeck" containers: - name: gundeck image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} volumeMounts: - - name: "gundeck-secrets" - mountPath: "/etc/wire/gundeck/secrets" - name: "gundeck-config" mountPath: "/etc/wire/gundeck/conf" env: + {{- if hasKey .Values.secrets "awsKeyId" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -54,6 +53,7 @@ spec: secretKeyRef: name: gundeck key: awsSecretKey + {{- end }} - name: AWS_REGION value: "{{ .Values.config.aws.region }}" {{- with .Values.config.proxy }} diff --git a/charts/gundeck/templates/secret.yaml b/charts/gundeck/templates/secret.yaml index 2a90daca95..e9de2b6979 100644 --- a/charts/gundeck/templates/secret.yaml +++ b/charts/gundeck/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if hasKey .Values.secrets "awsKeyId" }} apiVersion: v1 kind: Secret metadata: @@ -13,3 +14,4 @@ data: awsKeyId: {{ .awsKeyId | b64enc | quote }} awsSecretKey: {{ .awsSecretKey | b64enc | quote }} {{- end }} +{{- end }} diff --git a/charts/gundeck/values.yaml b/charts/gundeck/values.yaml index f199887845..45c4ec7912 100644 --- a/charts/gundeck/values.yaml +++ b/charts/gundeck/values.yaml @@ -28,3 +28,4 @@ config: aws: region: "eu-west-1" proxy: {} +# serviceAccountName: From bb711970ba3deaf7033f80a23e7542bda122f812 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Mon, 2 May 2022 14:10:01 +0200 Subject: [PATCH 03/15] charts/cargohold: Optional AWS creds, allow setting serviceAccountName --- charts/cargohold/templates/deployment.yaml | 5 +++++ charts/cargohold/templates/secret.yaml | 4 +++- charts/cargohold/values.yaml | 1 + 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/charts/cargohold/templates/deployment.yaml b/charts/cargohold/templates/deployment.yaml index bac478c52a..9f13f87842 100644 --- a/charts/cargohold/templates/deployment.yaml +++ b/charts/cargohold/templates/deployment.yaml @@ -27,6 +27,9 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: + {{- if hasKey .Values "serviceAccountName" }} + serviceAccountName: {{ .Values.serviceAccountName }} + {{- end }} volumes: - name: "cargohold-config" configMap: @@ -44,6 +47,7 @@ spec: - name: "cargohold-config" mountPath: "/etc/wire/cargohold/conf" env: + {{- if hasKey .Values.secrets "awsKeyId" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -54,6 +58,7 @@ spec: secretKeyRef: name: cargohold key: awsSecretKey + {{- end }} - name: AWS_REGION value: "{{ .Values.config.aws.region }}" {{- with .Values.config.proxy }} diff --git a/charts/cargohold/templates/secret.yaml b/charts/cargohold/templates/secret.yaml index b5d3c13359..504d06584d 100644 --- a/charts/cargohold/templates/secret.yaml +++ b/charts/cargohold/templates/secret.yaml @@ -16,7 +16,9 @@ data: {{ if .cloudFront }} cf-pk.pem: {{ .cloudFront.cfPrivateKey | b64enc | quote }} {{ end }} - + + {{- if .awsKeyId }} awsKeyId: {{ .awsKeyId | b64enc | quote }} awsSecretKey: {{ .awsSecretKey | b64enc | quote }} {{- end }} + {{- end }} diff --git a/charts/cargohold/values.yaml b/charts/cargohold/values.yaml index 91d97e1d99..e58e564fb3 100644 --- a/charts/cargohold/values.yaml +++ b/charts/cargohold/values.yaml @@ -19,3 +19,4 @@ config: region: "eu-west-1" s3Bucket: assets proxy: {} +# serviceAccountName: From 9d068c912fd8a48e5c2dd1edac6ec4b7026785d7 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Mon, 2 May 2022 14:15:13 +0200 Subject: [PATCH 04/15] charts/brig: Optional AWS creds, allow setting serviceAccountName --- charts/brig/templates/deployment.yaml | 5 +++++ charts/brig/templates/secret.yaml | 2 ++ 2 files changed, 7 insertions(+) diff --git a/charts/brig/templates/deployment.yaml b/charts/brig/templates/deployment.yaml index c01004b462..8bd3640d0c 100644 --- a/charts/brig/templates/deployment.yaml +++ b/charts/brig/templates/deployment.yaml @@ -29,6 +29,9 @@ spec: checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} fluentbit.io/parser: json spec: + {{- if hasKey .Values "serviceAccountName" }} + serviceAccountName: {{ .Values.serviceAccountName }} + {{- end }} volumes: - name: "brig-config" configMap: @@ -53,6 +56,7 @@ spec: env: - name: LOG_LEVEL value: {{ .Values.config.logLevel }} + {{- if hasKey .Values.secrets "awsKeyId" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -63,6 +67,7 @@ spec: secretKeyRef: name: brig key: awsSecretKey + {{- end }} # TODO: Is this the best way to do this? - name: AWS_REGION value: "{{ .Values.config.aws.region }}" diff --git a/charts/brig/templates/secret.yaml b/charts/brig/templates/secret.yaml index 46003f7633..55d90ff9eb 100644 --- a/charts/brig/templates/secret.yaml +++ b/charts/brig/templates/secret.yaml @@ -16,8 +16,10 @@ data: secretkey.txt: {{ .zAuth.privateKeys | b64enc | quote }} publickey.txt: {{ .zAuth.publicKeys | b64enc | quote }} turn-secret.txt: {{ .turn.secret | b64enc | quote }} + {{- if .awsKeyId }} awsKeyId: {{ .awsKeyId | b64enc | quote }} awsSecretKey: {{ .awsSecretKey | b64enc | quote }} + {{- end }} twilio-credentials.yaml: {{ .setTwilio | b64enc | quote }} nexmo-credentials.yaml: {{ .setNexmo | b64enc | quote }} {{- if (not $.Values.config.useSES) }} From 65ff3ba9a3b792a240a78cc117bd397cd9a6fd6a Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 3 May 2022 11:13:51 +0200 Subject: [PATCH 05/15] charts/{brig,cargohold,galley,gundeck}: Create service account --- charts/brig/templates/deployment.yaml | 4 +--- charts/brig/templates/serviceaccount.yaml | 16 ++++++++++++++++ charts/brig/values.yaml | 7 +++++++ charts/cargohold/templates/deployment.yaml | 4 +--- charts/cargohold/templates/serviceaccount.yaml | 16 ++++++++++++++++ charts/cargohold/values.yaml | 8 +++++++- charts/galley/templates/deployment.yaml | 4 +--- charts/galley/templates/serviceaccount.yaml | 16 ++++++++++++++++ charts/galley/values.yaml | 9 +++++++-- charts/gundeck/templates/deployment.yaml | 4 +--- charts/gundeck/templates/serviceaccount.yaml | 16 ++++++++++++++++ charts/gundeck/values.yaml | 9 ++++++++- 12 files changed, 97 insertions(+), 16 deletions(-) create mode 100644 charts/brig/templates/serviceaccount.yaml create mode 100644 charts/cargohold/templates/serviceaccount.yaml create mode 100644 charts/galley/templates/serviceaccount.yaml create mode 100644 charts/gundeck/templates/serviceaccount.yaml diff --git a/charts/brig/templates/deployment.yaml b/charts/brig/templates/deployment.yaml index 8bd3640d0c..36de44ba80 100644 --- a/charts/brig/templates/deployment.yaml +++ b/charts/brig/templates/deployment.yaml @@ -29,9 +29,7 @@ spec: checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} fluentbit.io/parser: json spec: - {{- if hasKey .Values "serviceAccountName" }} - serviceAccountName: {{ .Values.serviceAccountName }} - {{- end }} + serviceAccountName: {{ .Values.serviceAccount.name }} volumes: - name: "brig-config" configMap: diff --git a/charts/brig/templates/serviceaccount.yaml b/charts/brig/templates/serviceaccount.yaml new file mode 100644 index 0000000000..48800b82bd --- /dev/null +++ b/charts/brig/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + labels: + wireService: brig + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/brig/values.yaml b/charts/brig/values.yaml index 9751bc1cff..43802e4662 100644 --- a/charts/brig/values.yaml +++ b/charts/brig/values.yaml @@ -92,3 +92,10 @@ turnStatic: - turn:localhost:3478?transport=tcp tests: enableFederationTests: false +serviceAccount: + # When setting this to 'false', either make sure that a service account named + # 'brig' exists or change the 'name' field to 'default' + create: true + name: brig + annotations: {} + automountServiceAccountToken: true diff --git a/charts/cargohold/templates/deployment.yaml b/charts/cargohold/templates/deployment.yaml index 9f13f87842..25146020f5 100644 --- a/charts/cargohold/templates/deployment.yaml +++ b/charts/cargohold/templates/deployment.yaml @@ -27,9 +27,7 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: - {{- if hasKey .Values "serviceAccountName" }} - serviceAccountName: {{ .Values.serviceAccountName }} - {{- end }} + serviceAccountName: {{ .Values.serviceAccount.name }} volumes: - name: "cargohold-config" configMap: diff --git a/charts/cargohold/templates/serviceaccount.yaml b/charts/cargohold/templates/serviceaccount.yaml new file mode 100644 index 0000000000..0460ce90d4 --- /dev/null +++ b/charts/cargohold/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + labels: + wireService: cargohold + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/cargohold/values.yaml b/charts/cargohold/values.yaml index e58e564fb3..43817122dd 100644 --- a/charts/cargohold/values.yaml +++ b/charts/cargohold/values.yaml @@ -19,4 +19,10 @@ config: region: "eu-west-1" s3Bucket: assets proxy: {} -# serviceAccountName: +serviceAccount: + # When setting this to 'false', either make sure that a service account named + # 'cargohold' exists or change the 'name' field to 'default' + create: true + name: cargohold + annotations: {} + automountServiceAccountToken: true diff --git a/charts/galley/templates/deployment.yaml b/charts/galley/templates/deployment.yaml index b7a1e6a2a6..3f8f4344fe 100644 --- a/charts/galley/templates/deployment.yaml +++ b/charts/galley/templates/deployment.yaml @@ -27,9 +27,7 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: - {{- if hasKey .Values "serviceAccountName" }} - serviceAccountName: {{ .Values.serviceAccountName }} - {{- end }} + serviceAccountName: {{ .Values.serviceAccount.name }} volumes: - name: "galley-config" configMap: diff --git a/charts/galley/templates/serviceaccount.yaml b/charts/galley/templates/serviceaccount.yaml new file mode 100644 index 0000000000..32c155679f --- /dev/null +++ b/charts/galley/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + labels: + wireService: galley + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/galley/values.yaml b/charts/galley/values.yaml index 50936a7960..2ec424eb83 100644 --- a/charts/galley/values.yaml +++ b/charts/galley/values.yaml @@ -48,5 +48,10 @@ config: aws: region: "eu-west-1" proxy: {} - -# serviceAccountName: +serviceAccount: + # When setting this to 'false', either make sure that a service account named + # 'galley' exists or change the 'name' field to 'default' + create: true + name: galley + annotations: {} + automountServiceAccountToken: true diff --git a/charts/gundeck/templates/deployment.yaml b/charts/gundeck/templates/deployment.yaml index a2bab470be..4ff4ef0185 100644 --- a/charts/gundeck/templates/deployment.yaml +++ b/charts/gundeck/templates/deployment.yaml @@ -27,9 +27,7 @@ spec: checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} spec: - {{- if hasKey .Values "serviceAccountName" }} - serviceAccountName: {{ .Values.serviceAccountName }} - {{- end }} + serviceAccountName: {{ .Values.serviceAccount.name }} volumes: - name: "gundeck-config" configMap: diff --git a/charts/gundeck/templates/serviceaccount.yaml b/charts/gundeck/templates/serviceaccount.yaml new file mode 100644 index 0000000000..93de4b25f5 --- /dev/null +++ b/charts/gundeck/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + labels: + wireService: gundeck + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/gundeck/values.yaml b/charts/gundeck/values.yaml index 45c4ec7912..daf634b02a 100644 --- a/charts/gundeck/values.yaml +++ b/charts/gundeck/values.yaml @@ -28,4 +28,11 @@ config: aws: region: "eu-west-1" proxy: {} -# serviceAccountName: +serviceAccount: + # When setting this to 'false', either make sure that a service account named + # 'gundeck' exists or change the 'name' field to 'default' + create: true + name: gundeck + annotations: {} + automountServiceAccountToken: true + From b39e6566d368a364ebd7880d01ef329652ea4e6d Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 3 May 2022 11:55:41 +0200 Subject: [PATCH 06/15] charts/{brig,cargohold,galley,gundeck}: Add default secrets map In case it is not configured --- charts/brig/values.yaml | 2 ++ charts/cargohold/values.yaml | 2 ++ charts/galley/values.yaml | 2 ++ charts/gundeck/values.yaml | 1 + 4 files changed, 7 insertions(+) diff --git a/charts/brig/values.yaml b/charts/brig/values.yaml index 43802e4662..4fc1686592 100644 --- a/charts/brig/values.yaml +++ b/charts/brig/values.yaml @@ -99,3 +99,5 @@ serviceAccount: name: brig annotations: {} automountServiceAccountToken: true + +secrets: {} diff --git a/charts/cargohold/values.yaml b/charts/cargohold/values.yaml index 43817122dd..b72ebb6b7b 100644 --- a/charts/cargohold/values.yaml +++ b/charts/cargohold/values.yaml @@ -26,3 +26,5 @@ serviceAccount: name: cargohold annotations: {} automountServiceAccountToken: true + +secrets: {} diff --git a/charts/galley/values.yaml b/charts/galley/values.yaml index 2ec424eb83..424645e7c1 100644 --- a/charts/galley/values.yaml +++ b/charts/galley/values.yaml @@ -55,3 +55,5 @@ serviceAccount: name: galley annotations: {} automountServiceAccountToken: true + +secrets: {} diff --git a/charts/gundeck/values.yaml b/charts/gundeck/values.yaml index daf634b02a..bbdef6cc91 100644 --- a/charts/gundeck/values.yaml +++ b/charts/gundeck/values.yaml @@ -36,3 +36,4 @@ serviceAccount: annotations: {} automountServiceAccountToken: true +secrets: {} From 50b5ecc16eb4ba6346c198ce9f4b470621a2b7bd Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 3 May 2022 11:56:12 +0200 Subject: [PATCH 07/15] charts/galley: Rename journal.queue -> journal.queueName --- charts/galley/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/galley/templates/configmap.yaml b/charts/galley/templates/configmap.yaml index 84ecb20378..d12801abdc 100644 --- a/charts/galley/templates/configmap.yaml +++ b/charts/galley/templates/configmap.yaml @@ -43,7 +43,7 @@ data: {{- if (.journal) }} journal: - queueName: {{ .journal.queue }} + queueName: {{ .journal.queueName }} endpoint: {{ .journal.endpoint }} {{- end }} From 6c1db3cfa556fb2efc804f99b927ff096152e93a Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Tue, 3 May 2022 12:33:38 +0200 Subject: [PATCH 08/15] charts/gundeck: More variables --- charts/gundeck/templates/configmap.yaml | 8 +++++++- charts/gundeck/values.yaml | 4 ++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/charts/gundeck/templates/configmap.yaml b/charts/gundeck/templates/configmap.yaml index 69d9b1a527..44646a6c18 100644 --- a/charts/gundeck/templates/configmap.yaml +++ b/charts/gundeck/templates/configmap.yaml @@ -50,7 +50,13 @@ data: httpPoolSize: 1024 notificationTTL: 2419200 bulkPush: {{ .bulkPush }} + {{- if hasKey . "perNativePushConcurrency" }} + perNativePushConcurrency: {{ .perNativePushConcurrency }} + {{- end }} maxConcurrentNativePushes: - soft: 1000 + soft: {{ .maxConcurrentNativePushes.soft }} + {{- if hasKey .maxConcurrentNativePushes "hard" }} + hard: {{ .maxConcurrentNativePushes.hard }} + {{- end }} # hard: 30 # more than this number of threads will not be allowed {{- end }} diff --git a/charts/gundeck/values.yaml b/charts/gundeck/values.yaml index bbdef6cc91..81d468893d 100644 --- a/charts/gundeck/values.yaml +++ b/charts/gundeck/values.yaml @@ -28,6 +28,10 @@ config: aws: region: "eu-west-1" proxy: {} + settings: + # perNativePushConcurrency + maxConcurrentNativePushes: + soft: 1000 serviceAccount: # When setting this to 'false', either make sure that a service account named # 'gundeck' exists or change the 'name' field to 'default' From 71ef4ecc0eed98df36bde2b115ffb6f4f7b77308 Mon Sep 17 00:00:00 2001 From: jschaul Date: Tue, 3 May 2022 16:09:40 +0200 Subject: [PATCH 09/15] support more brig configuration values --- charts/brig/templates/configmap.yaml | 19 +++++++++++++++++++ charts/brig/values.yaml | 2 +- charts/galley/values.yaml | 2 +- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/charts/brig/templates/configmap.yaml b/charts/brig/templates/configmap.yaml index 2554de2a23..4cd25de164 100644 --- a/charts/brig/templates/configmap.yaml +++ b/charts/brig/templates/configmap.yaml @@ -67,6 +67,9 @@ data: {{- if .dynamoDBEndpoint }} dynamoDBEndpoint: {{ .dynamoDBEndpoint | quote }} {{- end }} + {{- if .userJournalQueue }} + userJournalQueue: {{ .userJournalQueue | quote }} + {{- end }} {{- end }} internalEvents: @@ -112,7 +115,9 @@ data: activationUrl: {{ .emailSMS.user.activationUrl }} smsActivationUrl: {{ .emailSMS.user.smsActivationUrl }} passwordResetUrl: {{ .emailSMS.user.passwordResetUrl }} + {{- if .emailSMS.user.invitationUrl }} invitationUrl: {{ .emailSMS.user.invitationUrl }} + {{- end }} deletionUrl: {{ .emailSMS.user.deletionUrl }} {{- else }} activationUrl: {{ .externalUrls.nginz }}/activate?key=${key}&code=${code} @@ -226,6 +231,9 @@ data: {{- if .setSearchSameTeamOnly }} setSearchSameTeamOnly: {{ .setSearchSameTeamOnly }} {{- end }} + {{- if .setProviderSearchFilter }} + setProviderSearchFilter: {{ .setProviderSearchFilter }} + {{- end }} {{- if .setUserMaxPermClients }} setUserMaxPermClients: {{ .setUserMaxPermClients }} {{- end }} @@ -242,5 +250,16 @@ data: {{- if .setSftListAllServers }} setSftListAllServers: {{ .setSftListAllServers }} {{- end }} + {{- if .setWhitelist }} + setWhitelist: {{ toYaml .setWhitelist | nindent 8 }} + {{- end }} + {{- if .setFeatureFlags }} + setFeatureFlags: {{ toYaml .setFeatureFlags | nindent 8 }} + {{- end }} + # Customer extensions. If this is not part of your contract with wire, use at your own risk! + # Details: https://github.com/wireapp/wire-server/blob/3a21a82a1781f0d128f503df6a705b0b5f733d7b/services/brig/src/Brig/Options.hs#L465-L503 + {{- if .setCustomerExtensions }} + setCustomerExtensions: {{ toYaml .setCustomerExtensions | nindent 8 }} + {{- end }} {{- end }} {{- end }} diff --git a/charts/brig/values.yaml b/charts/brig/values.yaml index 4fc1686592..ef9176644b 100644 --- a/charts/brig/values.yaml +++ b/charts/brig/values.yaml @@ -64,7 +64,7 @@ config: retryAfter: 86400 setRichInfoLimit: 5000 setDefaultUserLocale: en - setMaxTeamSize: 500 + setMaxTeamSize: 10000 setMaxConvSize: 500 # Allowed values: https://github.com/wireapp/wire-server/blob/0126651a25aabc0c5589edc2b1988bb06550a03a/services/brig/src/Brig/Options.hs#L304-L306 # Description: https://github.com/wireapp/wire-server/blob/0126651a25aabc0c5589edc2b1988bb06550a03a/services/brig/src/Brig/Options.hs#L290-L299 diff --git a/charts/galley/values.yaml b/charts/galley/values.yaml index 424645e7c1..a070ebea49 100644 --- a/charts/galley/values.yaml +++ b/charts/galley/values.yaml @@ -21,7 +21,7 @@ config: replicaCount: 3 enableFederator: false # keep enableFederator default in sync with brig and cargohold chart's config.enableFederator as well as wire-server chart's tag.federator settings: - maxTeamSize: 500 + maxTeamSize: 10000 maxConvSize: 500 # Before making indexedBillingTeamMember true while upgrading, please # refer to notes here: https://github.com/wireapp/wire-server-deploy/releases/tag/v2020-05-15 From a83f919f4ab4e9b17bd9f9fffb6d074a860976b9 Mon Sep 17 00:00:00 2001 From: jschaul Date: Tue, 3 May 2022 16:30:51 +0200 Subject: [PATCH 10/15] tweak brig configs --- charts/brig/templates/configmap.yaml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/charts/brig/templates/configmap.yaml b/charts/brig/templates/configmap.yaml index 4cd25de164..60faf48d1c 100644 --- a/charts/brig/templates/configmap.yaml +++ b/charts/brig/templates/configmap.yaml @@ -143,6 +143,12 @@ data: {{- end }} team: + {{- if .emailSMS.team }} + tInvitationUrl: {{ .emailSMS.team.tInvitationUrl }} + tActivationUrl: {{ .emailSMS.team.tActivationUrl }} + tCreatorWelcomeUrl: {{ .emailSMS.team.tCreatorWelcomeUrl }} + tMemberWelcomeUrl: {{ .emailSMS.team.tMemberWelcomeUrl }} + {{- else }} {{- if .externalUrls.teamSettings }} tInvitationUrl: {{ .externalUrls.teamSettings }}/join/?team-code=${code} {{- else }} @@ -151,6 +157,7 @@ data: tActivationUrl: {{ .externalUrls.nginz }}/register?team=${team}&team_code=${code} tCreatorWelcomeUrl: {{ .externalUrls.teamCreatorWelcome }} tMemberWelcomeUrl: {{ .externalUrls.teamMemberWelcome }} + {{- end }} zauth: privateKeys: /etc/wire/brig/secrets/secretkey.txt From 59c7d039a579591e1acdc362026a042f93d5337a Mon Sep 17 00:00:00 2001 From: jschaul Date: Tue, 3 May 2022 16:46:13 +0200 Subject: [PATCH 11/15] fix duplicate entry --- charts/nginz/values.yaml | 2 -- 1 file changed, 2 deletions(-) diff --git a/charts/nginz/values.yaml b/charts/nginz/values.yaml index 329a3a277e..c0f35c83e6 100644 --- a/charts/nginz/values.yaml +++ b/charts/nginz/values.yaml @@ -97,8 +97,6 @@ nginx_conf: - all disable_zauth: true - path: /users - envs: - - all envs: - all doc: true From 5feb10984506300474dd1da317349a5ae72be171 Mon Sep 17 00:00:00 2001 From: jschaul Date: Tue, 3 May 2022 16:48:35 +0200 Subject: [PATCH 12/15] tweak gundeck configmap --- charts/gundeck/values.yaml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/charts/gundeck/values.yaml b/charts/gundeck/values.yaml index 81d468893d..159160af48 100644 --- a/charts/gundeck/values.yaml +++ b/charts/gundeck/values.yaml @@ -28,10 +28,9 @@ config: aws: region: "eu-west-1" proxy: {} - settings: - # perNativePushConcurrency - maxConcurrentNativePushes: - soft: 1000 + # perNativePushConcurrency + maxConcurrentNativePushes: + soft: 1000 serviceAccount: # When setting this to 'false', either make sure that a service account named # 'gundeck' exists or change the 'name' field to 'default' From b43374ac7336fafe65698aedd3d94883bb93d7a8 Mon Sep 17 00:00:00 2001 From: jschaul Date: Tue, 3 May 2022 16:56:46 +0200 Subject: [PATCH 13/15] comment --- charts/gundeck/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/gundeck/values.yaml b/charts/gundeck/values.yaml index 159160af48..618c7cf867 100644 --- a/charts/gundeck/values.yaml +++ b/charts/gundeck/values.yaml @@ -28,7 +28,7 @@ config: aws: region: "eu-west-1" proxy: {} - # perNativePushConcurrency + # perNativePushConcurrency: 32 maxConcurrentNativePushes: soft: 1000 serviceAccount: From 54ac1253a9cc4e28bd13282a4815584d9f9e450f Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Wed, 4 May 2022 15:05:42 +0200 Subject: [PATCH 14/15] Fix helm vars for CI --- hack/helm_vars/wire-server/values.yaml.gotmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hack/helm_vars/wire-server/values.yaml.gotmpl b/hack/helm_vars/wire-server/values.yaml.gotmpl index a38bce4118..8d5c08b34a 100644 --- a/hack/helm_vars/wire-server/values.yaml.gotmpl +++ b/hack/helm_vars/wire-server/values.yaml.gotmpl @@ -162,7 +162,7 @@ galley: domains: ["example.com"] journal: endpoint: http://fake-aws-sqs:4568 - queue: integration-team-events.fifo + queueName: integration-team-events.fifo secrets: awsKeyId: dummykey awsSecretKey: dummysecret From edfed932ed0a11fd92e8a7ddfb6c18a207d6ec28 Mon Sep 17 00:00:00 2001 From: Akshay Mankar Date: Thu, 5 May 2022 12:30:49 +0200 Subject: [PATCH 15/15] Add changelogs --- .../2-features/charts-brig-new-settings | 22 +++++++++++++++++++ changelog.d/2-features/no-aws-creds | 2 ++ 2 files changed, 24 insertions(+) create mode 100644 changelog.d/2-features/charts-brig-new-settings create mode 100644 changelog.d/2-features/no-aws-creds diff --git a/changelog.d/2-features/charts-brig-new-settings b/changelog.d/2-features/charts-brig-new-settings new file mode 100644 index 0000000000..c85317a69e --- /dev/null +++ b/changelog.d/2-features/charts-brig-new-settings @@ -0,0 +1,22 @@ +charts: Various new values can now be configured and some got changed + +Allow new configurations in the brig chart: +* `config.emailSMS.user.invitationUrl` +* `config.emailSMS.team.tInvitationUrl` +* `config.emailSMS.team.tActivationUrl` +* `config.emailSMS.team.tCreatorWelcomeUrl` +* `config.emailSMS.team.tMemberWelcomeUrl` +* `config.setProviderSearchFilter` +* `config.setWhitelist` +* `config.setFeatureFlags` +* `config.setCustomerExtensions` + +If any values in config.emailSMS.team are specified, all must be specified. + +Allow new configurations in the gundeck chart: +* `config.perNativePushConcurrency` +* `config.maxConcurrentNativePushes.soft` +* `config.maxConcurrentNativePushes.hard` + +Other changes: +* Default `maxTeamSize` changed to 10000 from 500. \ No newline at end of file diff --git a/changelog.d/2-features/no-aws-creds b/changelog.d/2-features/no-aws-creds new file mode 100644 index 0000000000..163d0ef3c5 --- /dev/null +++ b/changelog.d/2-features/no-aws-creds @@ -0,0 +1,2 @@ +charts/{brig,cargohol,galley,gundeck}: Allow not configuring AWS credentials and allow using a special service account. +This way, when operating wire in AWS cloud either instance profiles or IAM role attached to a service account can be used to communicate with AWS. \ No newline at end of file