Skip to content

charts/brig: Support running brig with GeoIP database #2406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jschaul merged 9 commits into from
May 18, 2022
Merged

charts/brig: Support running brig with GeoIP database #2406

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
53de8d9
charts/brig: Support running brig with GeoIP database
akshaymankar May 18, 2022
368ca68
changelog
akshaymankar May 18, 2022
668c1b1
charts/brig: Set GEOIPUPDATE_FREQUENCY to once per 24 hours
akshaymankar May 18, 2022
99b01e3
charts/brig: Docs source for geoipupdate
akshaymankar May 18, 2022
fcb9d02
rename enable -> enabled
jschaul May 18, 2022
5e5678e
...
jschaul May 18, 2022
11129a0
brig.geoip -> brig.config.geoip
akshaymankar May 18, 2022
604e203
properly quote numbers; otherwise kubernetes cannot read environment …
jschaul May 18, 2022
5554241
prevent the geoip image tag to be overridden accidentally
jschaul May 18, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/2-features/chart-brig-geoip
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
* Support running brig with GeoIP database when using helm charts
5 changes: 5 additions & 0 deletions charts/brig/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,11 @@ data:
{{- end }}
{{- end }}

{{- if .geoip.enabled }}
# Shared emptyDir with geoipupdate container
geoDb: /usr/share/GeoIP/GeoIP2-City.mmdb
{{- end }}

{{- with .optSettings }}
optSettings:
setActivationTimeout: {{ .setActivationTimeout }}
Expand Down
66 changes: 66 additions & 0 deletions charts/brig/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,40 @@ spec:
- name: "brig-secrets"
secret:
secretName: "brig"
{{- if .Values.config.geoip.enabled }}
- name: "geoip"
emptyDir: {}
{{- end }}
{{- if .Values.config.geoip.enabled }}
# Brig needs GeoIP database to be downloaded before it can start.
initContainers:
- name: geoipdownload
image: "{{ .Values.config.geoip.image.repository }}:{{ .Values.config.geoip.image.tag }}"
imagePullPolicy: {{ default "" .Values.config.geoip.imagePullPolicy | quote }}
volumeMounts:
- name: "geoip"
mountPath: "/usr/share/GeoIP"
# The environment variables are documented at:
# https://github.com/maxmind/geoipupdate/blob/62b34e648a842dc03ccf4ad3f61e2d85eaec98fc/doc/docker.md
env:
- name: GEOIPUPDATE_ACCOUNT_ID
valueFrom:
secretKeyRef:
name: brig-geoip
key: accountId
- name: GEOIPUPDATE_LICENSE_KEY
valueFrom:
secretKeyRef:
name: brig-geoip
key: licenseKey
- name: GEOIPUPDATE_EDITION_IDS
valueFrom:
secretKeyRef:
name: brig-geoip
key: editionIds
- name: GEOIPUPDATE_FREQUENCY
value: "0" # Setting this to 0 makes the script only run geoipupdate once.
{{- end }}
containers:
- name: brig
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
Expand All @@ -55,6 +89,10 @@ spec:
- name: "turn-servers"
mountPath: "/etc/wire/brig/turn"
{{- end }}
{{- if .Values.config.geoip.enabled }}
- name: "geoip"
mountPath: "/usr/share/GeoIP"
{{- end }}
env:
- name: LOG_LEVEL
value: {{ .Values.config.logLevel }}
Expand Down Expand Up @@ -107,3 +145,31 @@ spec:
port: {{ .Values.service.internalPort }}
resources:
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.config.geoip.enabled }}
- name: geoipupdate
image: "{{ .Values.config.geoip.image.repository }}:{{ .Values.config.geoip.image.tag }}"
imagePullPolicy: {{ default "" .Values.config.geoip.imagePullPolicy | quote }}
volumeMounts:
- name: "geoip"
mountPath: "/usr/share/GeoIP"
# The environment variables are documented at:
# https://github.com/maxmind/geoipupdate/blob/62b34e648a842dc03ccf4ad3f61e2d85eaec98fc/doc/docker.md
env:
- name: GEOIPUPDATE_ACCOUNT_ID
valueFrom:
secretKeyRef:
name: brig-geoip
key: accountId
- name: GEOIPUPDATE_LICENSE_KEY
valueFrom:
secretKeyRef:
name: brig-geoip
key: licenseKey
- name: GEOIPUPDATE_EDITION_IDS
valueFrom:
secretKeyRef:
name: brig-geoip
key: editionIds
- name: GEOIPUPDATE_FREQUENCY
value: "24" # hours
{{- end }}
18 changes: 18 additions & 0 deletions charts/brig/templates/geoip-secret.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
{{- if .Values.config.geoip.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: brig-geoip
labels:
wireService: brig
chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
type: Opaque
data:
{{- with .Values.secrets.geoip }}
accountId: {{ required ".secrets.geoip.accountId must be provided when .Values.config.geoip.enabled is True" .accountId | b64enc | quote }}
licenseKey: {{ required ".secrets.geoip.licenseKey must be provided when .Values.config.geoip.enabled is True" .licenseKey | b64enc | quote }}
editionIds: {{ required ".secrets.geoip.editionIds must be provided when .Values.config.geoip.enabled is True" .editionIds | b64enc | quote }}
{{- end }}
{{- end }}
8 changes: 8 additions & 0 deletions charts/brig/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,14 @@ config:
smtp:
passwordFile: /etc/wire/brig/secrets/smtp-password.txt
proxy: {}

geoip:
# When enabling this, .secrets.geoip.accountId, .secrets.geoip.licenseKey and
# .secret.geoip.editionIds must be provided.
enabled: false
image:
repository: docker.io/maxmindinc/geoipupdate
tag: v4.9
turnStatic:
v1:
- turn:localhost:3478
Expand Down
4 changes: 2 additions & 2 deletions hack/bin/set-chart-image-version.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ for chart in $charts
do
if [[ "$chart" == "nginz" ]]; then
# nginz has a different docker tag indentation
sed -i "s/ tag: .*/ tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
sed -i "s/^ tag: .*/ tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
else
sed -i "s/ tag: .*/ tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
sed -i "s/^ tag: .*/ tag: $docker_tag/g" "$CHARTS_DIR/$chart/values.yaml"
fi
done
4 changes: 2 additions & 2 deletions hack/bin/set-wire-server-image-version.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,8 @@ CHARTS_DIR="$TOP_LEVEL/.local/charts"
charts=(brig cannon galley gundeck spar cargohold proxy cassandra-migrations elasticsearch-index federator)

for chart in "${charts[@]}"; do
sed -i "s/ tag: .*/ tag: $target_version/g" "$CHARTS_DIR/$chart/values.yaml"
sed -i "s/^ tag: .*/ tag: $target_version/g" "$CHARTS_DIR/$chart/values.yaml"
done

#special case nginz
sed -i "s/ tag: .*/ tag: $target_version/g" "$CHARTS_DIR/nginz/values.yaml"
sed -i "s/^ tag: .*/ tag: $target_version/g" "$CHARTS_DIR/nginz/values.yaml"