diff --git a/Makefile b/Makefile index 5ae6e93ac55..55dbaf0f5f1 100644 --- a/Makefile +++ b/Makefile @@ -7,13 +7,13 @@ DOCKER_TAG ?= $(USER) # default helm chart version must be 0.0.42 for local development (because 42 is the answer to the universe and everything) HELM_SEMVER ?= 0.0.42 # The list of helm charts needed on internal kubernetes testing environments -CHARTS_INTEGRATION := wire-server databases-ephemeral redis-cluster fake-aws ingress-nginx-controller nginx-ingress-controller nginx-ingress-services fluent-bit kibana sftd restund coturn +CHARTS_INTEGRATION := wire-server databases-ephemeral redis-cluster rabbitmq fake-aws ingress-nginx-controller nginx-ingress-controller nginx-ingress-services fluent-bit kibana sftd restund coturn # The list of helm charts to publish on S3 # FUTUREWORK: after we "inline local subcharts", # (e.g. move charts/brig to charts/wire-server/brig) # this list could be generated from the folder names under ./charts/ like so: # CHARTS_RELEASE := $(shell find charts/ -maxdepth 1 -type d | xargs -n 1 basename | grep -v charts) -CHARTS_RELEASE := wire-server redis-ephemeral redis-cluster databases-ephemeral \ +CHARTS_RELEASE := wire-server redis-ephemeral redis-cluster rabbitmq databases-ephemeral \ fake-aws fake-aws-s3 fake-aws-sqs aws-ingress fluent-bit kibana backoffice \ calling-test demo-smtp elasticsearch-curator elasticsearch-external \ elasticsearch-ephemeral minio-external cassandra-external \ diff --git a/changelog.d/0-release-notes/helm-tag-rename b/changelog.d/0-release-notes/helm-tag-rename new file mode 100644 index 00000000000..da808af3b1c --- /dev/null +++ b/changelog.d/0-release-notes/helm-tag-rename @@ -0,0 +1,33 @@ +A few helm values related to federation have been renamed, no action is required if federation was disabled. +If federation was enabled these values must be renamed in the wire-server chart: +- tags.federator -> tags.federation +- brig.enableFederator -> brig.enableFederation +- galley.enableFederator -> galley.enableFederation +- cargohold.enableFederator -> galley.enableFederation + +So, an old config which looked like this: + +```yaml +tags: + federator: true +brig: + enableFederator: true +galley: + enableFederator: true +cargohold: + enableFederator: true +``` + +would now look like this: + +```yaml +tags: + federation: true +brig: + enableFederation: true +galley: + enableFederation: true +cargohold: + enableFederation: true +``` + diff --git a/charts/background-worker/Chart.yaml b/charts/background-worker/Chart.yaml new file mode 100644 index 00000000000..0bc57b08fc0 --- /dev/null +++ b/charts/background-worker/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: Backend notification pusheer +name: background-worker +version: 0.0.42 diff --git a/charts/background-worker/README.md b/charts/background-worker/README.md new file mode 100644 index 00000000000..55e379a4ed1 --- /dev/null +++ b/charts/background-worker/README.md @@ -0,0 +1,5 @@ +Note that background-worker depends on some provisioned storage, namely: + +- rabbitmq + +These are dealt with independently from this chart. diff --git a/charts/background-worker/templates/configmap.yaml b/charts/background-worker/templates/configmap.yaml new file mode 100644 index 00000000000..00fdd170b48 --- /dev/null +++ b/charts/background-worker/templates/configmap.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: "background-worker" + labels: + app: background-worker + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{- with .Values.config }} + background-worker.yaml: | + logFormat: {{ .logFormat }} + logLevel: {{ .logLevel }} + + federatorInternal: + host: federator + port: 8080 + rabbitmq: +{{toYaml .rabbitmq | indent 6 }} + remoteDomains: +{{toYaml .remoteDomains | indent 6 }} + {{- end }} diff --git a/charts/background-worker/templates/deployment.yaml b/charts/background-worker/templates/deployment.yaml new file mode 100644 index 00000000000..5ea3f8d8d6d --- /dev/null +++ b/charts/background-worker/templates/deployment.yaml @@ -0,0 +1,59 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: background-worker + labels: + app: background-worker + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + # TODO(elland): Review this + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: {{ .Values.replicaCount }} + selector: + matchLabels: + app: background-worker + template: + metadata: + labels: + app: background-worker + release: {{ .Release.Name }} + annotations: + # An annotation of the configmap checksum ensures changes to the configmap cause a redeployment upon `helm upgrade` + checksum/configmap: {{ include (print .Template.BasePath "/configmap.yaml") . | sha256sum }} + checksum/secret: {{ include (print .Template.BasePath "/secret.yaml") . | sha256sum }} + fluentbit.io/parser: json + spec: + serviceAccountName: {{ .Values.serviceAccount.name }} + volumes: + - name: "background-worker-config" + configMap: + name: "background-worker" + - name: "background-worker-secrets" + secret: + secretName: "background-worker" + containers: + - name: background-worker + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }} + volumeMounts: + - name: "background-worker-config" + mountPath: "/etc/wire/background-worker/conf" + env: + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: background-worker + key: rabbitmqUsername + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: background-worker + key: rabbitmqPassword + resources: +{{ toYaml .Values.resources | indent 12 }} diff --git a/charts/background-worker/templates/secret.yaml b/charts/background-worker/templates/secret.yaml new file mode 100644 index 00000000000..25a22ce67e6 --- /dev/null +++ b/charts/background-worker/templates/secret.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: background-worker + labels: + app: background-worker + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: + {{/* for_helm_linting is necessary only since the 'with' block below does not throw an error upon an empty .Values.secrets */}} + for_helm_linting: {{ required "No .secrets found in configuration. Did you forget to helm -f path/to/secrets.yaml ?" .Values.secrets | quote | b64enc | quote }} + + {{- with .Values.secrets }} + rabbitmqUsername: {{ .rabbitmq.username | b64enc | quote }} + rabbitmqPassword: {{ .rabbitmq.password | b64enc | quote }} + {{- end }} diff --git a/charts/background-worker/templates/serviceaccount.yaml b/charts/background-worker/templates/serviceaccount.yaml new file mode 100644 index 00000000000..bc120b624d8 --- /dev/null +++ b/charts/background-worker/templates/serviceaccount.yaml @@ -0,0 +1,16 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ .Values.serviceAccount.name }} + labels: + app: brig + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + {{- with .Values.serviceAccount.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} +{{- end }} diff --git a/charts/background-worker/values.yaml b/charts/background-worker/values.yaml new file mode 100644 index 00000000000..92ecda16653 --- /dev/null +++ b/charts/background-worker/values.yaml @@ -0,0 +1,35 @@ +replicaCount: 1 +image: + repository: quay.io/wire/background-worker + tag: do-not-use +# FUTUREWORK: Review these values when we have some experience +resources: + requests: + memory: "200Mi" + cpu: "100m" + limits: + memory: "512Mi" +# TODO(elland): Create issue for a metrics endpoint +# metrics: +# serviceMonitor: +# enabled: false +config: + # TODO(elland): Proper logging + logLevel: Info + logFormat: StructuredJSON + rabbitmq: + host: rabbitmq + port: 5672 + vHost: / + remoteDomains: [] + +serviceAccount: + # When setting this to 'false', either make sure that a service account named + # 'background-worker' exists or change the 'name' field to 'default' + create: true + name: background-worker + annotations: {} + automountServiceAccountToken: true + + +secrets: {} diff --git a/charts/brig/templates/configmap.yaml b/charts/brig/templates/configmap.yaml index 781f90c9f18..73ba4a6f2c6 100644 --- a/charts/brig/templates/configmap.yaml +++ b/charts/brig/templates/configmap.yaml @@ -48,7 +48,7 @@ data: host: gundeck port: 8080 - {{- if .enableFederator }} + {{- if .enableFederation }} # TODO remove this federator: host: federator @@ -57,6 +57,8 @@ data: federatorInternal: host: federator port: 8080 + rabbitmq: +{{ toYaml .rabbitmq | indent 6}} {{- end }} {{- with .aws }} diff --git a/charts/brig/templates/deployment.yaml b/charts/brig/templates/deployment.yaml index 6f783310aba..42428899c7e 100644 --- a/charts/brig/templates/deployment.yaml +++ b/charts/brig/templates/deployment.yaml @@ -130,7 +130,19 @@ spec: - name: NO_PROXY value: {{ join "," .noProxyList | quote }} {{- end }} - {{- end }} + {{- end }} + {{- if .Values.config.enableFederation }} + - name: RABBITMQ_USERNAME + valueFrom: + secretKeyRef: + name: brig + key: rabbitmqUsername + - name: RABBITMQ_PASSWORD + valueFrom: + secretKeyRef: + name: brig + key: rabbitmqPassword + {{- end }} ports: - containerPort: {{ .Values.service.internalPort }} startupProbe: diff --git a/charts/brig/templates/secret.yaml b/charts/brig/templates/secret.yaml index eb073d97b3b..a4e51228b60 100644 --- a/charts/brig/templates/secret.yaml +++ b/charts/brig/templates/secret.yaml @@ -30,6 +30,9 @@ data: {{- end }} {{- if .oauthJwkKeyPair }} oauth_ed25519.jwk: {{ .oauthJwkKeyPair | b64enc | quote }} - {{- end }} {{- end }} - + {{- if $.Values.config.enableFederation }} + rabbitmqUsername: {{ .rabbitmq.username | b64enc | quote }} + rabbitmqPassword: {{ .rabbitmq.password | b64enc | quote }} + {{- end }} + {{- end }} diff --git a/charts/brig/templates/tests/brig-integration.yaml b/charts/brig/templates/tests/brig-integration.yaml index c48c531f57d..49f777bf2b5 100644 --- a/charts/brig/templates/tests/brig-integration.yaml +++ b/charts/brig/templates/tests/brig-integration.yaml @@ -84,6 +84,12 @@ spec: - name: INTEGRATION_FEDERATION_TESTS value: "1" {{- end }} + {{- if .Values.config.enableFederation }} + - name: RABBITMQ_USERNAME + value: "guest" + - name: RABBITMQ_PASSWORD + value: "guest" + {{- end }} resources: requests: memory: "512Mi" diff --git a/charts/brig/values.yaml b/charts/brig/values.yaml index 70d865a13ca..3e7c89d0c75 100644 --- a/charts/brig/values.yaml +++ b/charts/brig/values.yaml @@ -32,7 +32,12 @@ config: # -- If set to false, 'dynamoDBEndpoint' _must_ be set. randomPrekeys: true useSES: true - enableFederator: false # keep enableFederator default in sync with galley and cargohold chart's config.enableFederator as well as wire-server chart's tag.federator + enableFederation: false # keep enableFederation default in sync with galley and cargohold chart's config.enableFederation as well as wire-server chart's tags.federation + # Not used if enableFederation is false + rabbitmq: + host: rabbitmq + port: 5672 + vHost: / emailSMS: general: templateBranding: diff --git a/charts/cargohold/templates/configmap.yaml b/charts/cargohold/templates/configmap.yaml index 5f6cd7cbc4c..1a53e0bd77e 100644 --- a/charts/cargohold/templates/configmap.yaml +++ b/charts/cargohold/templates/configmap.yaml @@ -12,7 +12,7 @@ data: host: 0.0.0.0 port: {{ .Values.service.internalPort }} - {{- if .Values.config.enableFederator }} + {{- if .Values.config.enableFederation }} federator: host: federator port: 8080 diff --git a/charts/cargohold/values.yaml b/charts/cargohold/values.yaml index f5624d8cfc3..289fdc2880b 100644 --- a/charts/cargohold/values.yaml +++ b/charts/cargohold/values.yaml @@ -18,7 +18,7 @@ config: logLevel: Info logFormat: StructuredJSON logNetStrings: false - enableFederator: false # keep enableFederator default in sync with brig and galley chart's config.enableFederator as well as wire-server chart's tag.federator + enableFederation: false # keep enableFederation default in sync with brig and galley chart's config.enableFederation as well as wire-server chart's tags.federation aws: region: "eu-west-1" s3Bucket: assets diff --git a/charts/galley/templates/configmap.yaml b/charts/galley/templates/configmap.yaml index 4cdca97b5c0..22fd61a8308 100644 --- a/charts/galley/templates/configmap.yaml +++ b/charts/galley/templates/configmap.yaml @@ -34,7 +34,7 @@ data: host: spar port: 8080 - {{- if .enableFederator }} + {{- if .enableFederation }} federator: host: federator port: 8080 diff --git a/charts/galley/values.yaml b/charts/galley/values.yaml index c80f39b3869..cd675a747a1 100644 --- a/charts/galley/values.yaml +++ b/charts/galley/values.yaml @@ -22,7 +22,7 @@ config: cassandra: host: aws-cassandra replicaCount: 3 - enableFederator: false # keep enableFederator default in sync with brig and cargohold chart's config.enableFederator as well as wire-server chart's tag.federator + enableFederation: false # keep enableFederation default in sync with brig and cargohold chart's config.enableFederation as well as wire-server chart's tags.federation settings: httpPoolSize: 128 maxTeamSize: 10000 diff --git a/charts/integration/templates/integration-integration.yaml b/charts/integration/templates/integration-integration.yaml index 386c7f8091e..58876020c36 100644 --- a/charts/integration/templates/integration-integration.yaml +++ b/charts/integration/templates/integration-integration.yaml @@ -70,3 +70,7 @@ spec: value: "dummy" - name: AWS_REGION value: "eu-west-1" + - name: RABBITMQ_USERNAME + value: "guest" + - name: RABBITMQ_PASSWORD + value: "guest" diff --git a/charts/rabbitmq/Chart.yaml b/charts/rabbitmq/Chart.yaml new file mode 100644 index 00000000000..6c28263413d --- /dev/null +++ b/charts/rabbitmq/Chart.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +description: Wrapper chart for bitnami/rabbitmq +name: rabbitmq +version: 0.0.42 diff --git a/charts/rabbitmq/requirements.yaml b/charts/rabbitmq/requirements.yaml new file mode 100644 index 00000000000..1742b3e8641 --- /dev/null +++ b/charts/rabbitmq/requirements.yaml @@ -0,0 +1,4 @@ +dependencies: +- name: rabbitmq + version: 11.13.0 + repository: https://charts.bitnami.com/bitnami diff --git a/charts/rabbitmq/values.yaml b/charts/rabbitmq/values.yaml new file mode 100644 index 00000000000..e69de29bb2d diff --git a/charts/wire-server/requirements.yaml b/charts/wire-server/requirements.yaml index 279a9977111..8a1da9b06af 100644 --- a/charts/wire-server/requirements.yaml +++ b/charts/wire-server/requirements.yaml @@ -108,6 +108,7 @@ dependencies: repository: "file://../federator" tags: - federator + - federation - haskellServices - services - name: sftd diff --git a/charts/wire-server/values.yaml b/charts/wire-server/values.yaml index cae8e07623a..a2ba0c3a518 100644 --- a/charts/wire-server/values.yaml +++ b/charts/wire-server/values.yaml @@ -9,6 +9,6 @@ tags: team-settings: false account-pages: false legalhold: false - federator: false # see also galley.config.enableFederator and brig.config.enableFederator + federation: false # see also galley.config.enableFederation and brig.config.enableFederation sftd: false backoffice: false diff --git a/deploy/dockerephemeral/docker-compose.yaml b/deploy/dockerephemeral/docker-compose.yaml index b123e2ac1b6..99b5cce7a7a 100644 --- a/deploy/dockerephemeral/docker-compose.yaml +++ b/deploy/dockerephemeral/docker-compose.yaml @@ -202,8 +202,8 @@ services: container_name: rabbitmq image: rabbitmq:3-management-alpine environment: - - RABBITMQ_DEFAULT_USER=guest - - RABBITMQ_DEFAULT_PASS=alpaca-grapefruit + - RABBITMQ_DEFAULT_USER=${RABBITMQ_USERNAME} + - RABBITMQ_DEFAULT_PASS=${RABBITMQ_PASSWORD} ports: - '127.0.0.1:5672:5672' - '127.0.0.1:15672:15672' diff --git a/docs/src/understand/configure-federation.md b/docs/src/understand/configure-federation.md index 6d0042eaad2..fd092ad20fa 100644 --- a/docs/src/understand/configure-federation.md +++ b/docs/src/understand/configure-federation.md @@ -370,7 +370,7 @@ certificate. Read {ref}`choose-backend-domain` again, then set the backend domain three times to the same value in the subcharts -cargohold, galley and brig. You also need to set `enableFederator` to +cargohold, galley and brig. You also need to set `enableFederation` to `true`. ``` yaml @@ -378,19 +378,19 @@ cargohold, galley and brig. You also need to set `enableFederator` to # (e.g. under ./helm_vars/wire-server/values.yaml) galley: config: - enableFederator: true + enableFederation: true settings: federationDomain: example.com # your chosen "backend domain" brig: config: - enableFederator: true + enableFederation: true optSettings: setFederationDomain: example.com # your chosen "backend domain" cargohold: config: - enableFederator: true + enableFederation: true settings: federationDomain: example.com # your chosen "backend domain" ``` diff --git a/hack/bin/integration-setup-federation.sh b/hack/bin/integration-setup-federation.sh index ae423773dca..5484f8f0bea 100755 --- a/hack/bin/integration-setup-federation.sh +++ b/hack/bin/integration-setup-federation.sh @@ -20,7 +20,7 @@ ${DIR}/integration-cleanup.sh # script beforehand on all relevant charts to download the nested dependencies # (e.g. cassandra from underneath databases-ephemeral) echo "updating recursive dependencies ..." -charts=(fake-aws databases-ephemeral redis-cluster wire-server ingress-nginx-controller nginx-ingress-controller nginx-ingress-services) +charts=(fake-aws databases-ephemeral redis-cluster rabbitmq wire-server ingress-nginx-controller nginx-ingress-controller nginx-ingress-services) mkdir -p ~/.parallel && touch ~/.parallel/will-cite printf '%s\n' "${charts[@]}" | parallel -P "${HELM_PARALLELISM}" "$DIR/update.sh" "$CHARTS_DIR/{}" diff --git a/hack/bin/integration-setup.sh b/hack/bin/integration-setup.sh index c17f98bde48..29e3fa7c50b 100755 --- a/hack/bin/integration-setup.sh +++ b/hack/bin/integration-setup.sh @@ -14,7 +14,7 @@ HELM_PARALLELISM=${HELM_PARALLELISM:-1} "${DIR}/integration-cleanup.sh" echo "updating recursive dependencies ..." -charts=(fake-aws databases-ephemeral redis-cluster wire-server ingress-nginx-controller nginx-ingress-controller nginx-ingress-services) +charts=(fake-aws databases-ephemeral redis-cluster rabbitmq wire-server ingress-nginx-controller nginx-ingress-controller nginx-ingress-services) mkdir -p ~/.parallel && touch ~/.parallel/will-cite printf '%s\n' "${charts[@]}" | parallel -P "${HELM_PARALLELISM}" "$DIR/update.sh" "$CHARTS_DIR/{}" diff --git a/hack/bin/integration-test.sh b/hack/bin/integration-test.sh index 8437a09da9e..27f85d0275e 100755 --- a/hack/bin/integration-test.sh +++ b/hack/bin/integration-test.sh @@ -56,10 +56,10 @@ summary() { mkdir -p ~/.parallel && touch ~/.parallel/will-cite printf '%s\n' "${tests[@]}" | parallel echo "Running helm tests for {}..." printf '%s\n' "${tests[@]}" | parallel -P "${HELM_PARALLELISM}" \ - helm test -n "${NAMESPACE}" "${NAMESPACE}-${CHART}" --timeout 900s --filter name="${NAMESPACE}-${CHART}-{}-integration" '> logs-{};' \ + helm test -n "${NAMESPACE}" "${CHART}" --timeout 900s --filter name="${CHART}-{}-integration" '> logs-{};' \ echo '$? > stat-{};' \ echo "==== Done testing {}. ====" '};' \ - kubectl -n "${NAMESPACE}" logs "${NAMESPACE}-${CHART}-{}-integration" '>> logs-{};' + kubectl -n "${NAMESPACE}" logs "${CHART}-{}-integration" '>> logs-{};' summary diff --git a/hack/helm_vars/common.yaml.gotmpl b/hack/helm_vars/common.yaml.gotmpl new file mode 100644 index 00000000000..b5748c96012 --- /dev/null +++ b/hack/helm_vars/common.yaml.gotmpl @@ -0,0 +1,7 @@ +namespace1: {{ requiredEnv "NAMESPACE_1" }} +federationDomain1: {{ requiredEnv "FEDERATION_DOMAIN_1" }} +namespace2: {{ requiredEnv "NAMESPACE_2" }} +federationDomain2: {{ requiredEnv "FEDERATION_DOMAIN_2" }} +ingressChart: {{ requiredEnv "INGRESS_CHART" }} +rabbitmqUsername: guest +rabbitmqPassword: guest diff --git a/hack/helm_vars/ingress-nginx-controller/values.yaml.gotmpl b/hack/helm_vars/ingress-nginx-controller/values.yaml.gotmpl index 20c2e888c4c..8f409db300b 100644 --- a/hack/helm_vars/ingress-nginx-controller/values.yaml.gotmpl +++ b/hack/helm_vars/ingress-nginx-controller/values.yaml.gotmpl @@ -1,4 +1,5 @@ ingress-nginx: + fullnameOverride: "{{ .Release.Namespace }}-nginx-ingress" controller: ingressClassResource: name: "nginx-{{ .Release.Namespace }}" diff --git a/hack/helm_vars/nginx-ingress-controller/values.yaml.gotmpl b/hack/helm_vars/nginx-ingress-controller/values.yaml.gotmpl index 10fd76e22bc..a12dd9c86d7 100644 --- a/hack/helm_vars/nginx-ingress-controller/values.yaml.gotmpl +++ b/hack/helm_vars/nginx-ingress-controller/values.yaml.gotmpl @@ -1,4 +1,5 @@ nginx-ingress: + fullnameOverride: "{{ .Release.Namespace }}-nginx-ingress" controller: kind: Deployment replicaCount: 1 diff --git a/hack/helm_vars/rabbitmq/values.yaml.gotmpl b/hack/helm_vars/rabbitmq/values.yaml.gotmpl new file mode 100644 index 00000000000..8213c4355ca --- /dev/null +++ b/hack/helm_vars/rabbitmq/values.yaml.gotmpl @@ -0,0 +1,9 @@ +global: + storageClass: {{ .Values.storageClass }} + +rabbitmq: + persistence: + size: 100Mi + auth: + username: {{ .Values.rabbitmqUsername }} + password: {{ .Values.rabbitmqPassword }} diff --git a/hack/helm_vars/redis-cluster/values.yaml.gotmpl b/hack/helm_vars/redis-cluster/values.yaml.gotmpl index 5381d26cbdf..658cb795566 100644 --- a/hack/helm_vars/redis-cluster/values.yaml.gotmpl +++ b/hack/helm_vars/redis-cluster/values.yaml.gotmpl @@ -1,5 +1,5 @@ global: - storageClass: {{ .Values.redisStorageClass }} + storageClass: {{ .Values.storageClass }} redis-cluster: persistence: diff --git a/hack/helm_vars/wire-server/values.yaml.gotmpl b/hack/helm_vars/wire-server/values.yaml.gotmpl index 82f965a399d..bb92bc56e07 100644 --- a/hack/helm_vars/wire-server/values.yaml.gotmpl +++ b/hack/helm_vars/wire-server/values.yaml.gotmpl @@ -6,7 +6,7 @@ tags: cannon: true cargohold: true spar: true - federator: true # also see galley.config.enableFederator and brig.config.enableFederator + federation: true # also see galley.config.enableFederation and brig.config.enableFederation backoffice: true proxy: false webapp: false @@ -51,7 +51,7 @@ brig: sessionTokenTimeout: 20 accessTokenTimeout: 30 providerTokenTimeout: 60 - enableFederator: true # keep in sync with galley.config.enableFederator, cargohold.config.enableFederator and tags.federator! + enableFederation: true # keep in sync with galley.config.enableFederation, cargohold.config.enableFederation and tags.federator! optSettings: setActivationTimeout: 10 setVerificationTimeout: 10 @@ -75,8 +75,10 @@ brig: setMaxConvAndTeamSize: 16 setMaxTeamSize: 32 setMaxConvSize: 16 + # See helmfile for the real value setFederationDomain: integration.example.com setFederationDomainConfigs: + # See helmfile for the real value - domain: integration.example.com search_policy: full_search - domain: federation-test-helper.{{ .Release.Namespace }}.svc.cluster.local @@ -132,7 +134,10 @@ brig: "crv": "Ed25519", "x": "mhP-NgFw3ifIXGZqJVB0kemt9L3BtD5P8q4Gah4Iklc", "d": "R8-pV2-sPN7dykV8HFJ73S64F3kMHTNnJiSN8UdWk_o" - } + } + rabbitmq: + username: {{ .Values.rabbitmqUsername }} + password: {{ .Values.rabbitmqPassword }} tests: enableFederationTests: true cannon: @@ -154,7 +159,10 @@ cargohold: aws: s3Bucket: dummy-bucket s3Endpoint: http://fake-aws-s3:9000 - enableFederator: true # keep in sync with brig.config.enableFederator, galley.config.enableFederator and tags.federator! + enableFederation: true # keep in sync with brig.config.enableFederation, galley.config.enableFederation and tags.federator! + settings: + # See helmfile for the real value + federationDomain: integration.example.com secrets: awsKeyId: dummykey awsSecretKey: dummysecret @@ -165,7 +173,7 @@ galley: cassandra: host: cassandra-ephemeral replicaCount: 1 - enableFederator: true # keep in sync with brig.config.enableFederator, cargohold.config.enableFederator and tags.federator! + enableFederation: true # keep in sync with brig.config.enableFederation, cargohold.config.enableFederation and tags.federator! settings: maxConvAndTeamSize: 16 maxTeamSize: 32 @@ -173,6 +181,7 @@ galley: maxConvSize: 16 conversationCodeURI: https://kube-staging-nginz-https.zinfra.io/conversation-join/ enableIndexedBillingTeamMembers: true + # See helmfile for the real value federationDomain: integration.example.com featureFlags: sso: disabled-by-default # this needs to be the default; tests can enable it when needed. @@ -245,7 +254,7 @@ nginz: "kty": "OKP", "crv": "Ed25519", "x": "mhP-NgFw3ifIXGZqJVB0kemt9L3BtD5P8q4Gah4Iklc" - } + } proxy: replicaCount: 1 imagePullPolicy: {{ .Values.imagePullPolicy }} diff --git a/hack/helmfile.yaml b/hack/helmfile.yaml index f9e608107ee..444bfa031d5 100644 --- a/hack/helmfile.yaml +++ b/hack/helmfile.yaml @@ -1,3 +1,4 @@ +--- # This helfile is used for the setup of two ephemeral backends on kubernetes # during integration testing (including federation integration tests spanning # over 2 backends) @@ -14,23 +15,15 @@ helmDefaults: environments: default: values: - - namespace: {{ requiredEnv "NAMESPACE_1" }} - - federationDomain: {{ requiredEnv "FEDERATION_DOMAIN_1" }} - - namespaceFed2: {{ requiredEnv "NAMESPACE_2" }} - - federationDomainFed2: {{ requiredEnv "FEDERATION_DOMAIN_2" }} - - ingressChart: {{ requiredEnv "INGRESS_CHART" }} + - ./helm_vars/common.yaml.gotmpl - imagePullPolicy: Always - - redisStorageClass: hcloud-volumes + - storageClass: hcloud-volumes kind: values: - - namespace: {{ requiredEnv "NAMESPACE_1" }} - - federationDomain: {{ requiredEnv "FEDERATION_DOMAIN_1" }} - - namespaceFed2: {{ requiredEnv "NAMESPACE_2" }} - - federationDomainFed2: {{ requiredEnv "FEDERATION_DOMAIN_2" }} - - ingressChart: {{ requiredEnv "INGRESS_CHART" }} + - ./helm_vars/common.yaml.gotmpl - imagePullPolicy: Never - - redisStorageClass: standard - + - storageClass: standard +--- repositories: - name: stable url: 'https://charts.helm.sh/stable' @@ -42,52 +35,64 @@ repositories: url: 'https://kubernetes.github.io/ingress-nginx' releases: - - name: '{{ .Values.namespace }}-fake-aws' - namespace: '{{ .Values.namespace }}' + - name: 'fake-aws' + namespace: '{{ .Values.namespace1 }}' chart: '../.local/charts/fake-aws' values: - './helm_vars/fake-aws/values.yaml' - - name: '{{ .Values.namespace }}-fake-aws-2' - namespace: '{{ .Values.namespaceFed2 }}' + - name: 'fake-aws' + namespace: '{{ .Values.namespace2 }}' chart: '../.local/charts/fake-aws' values: - './helm_vars/fake-aws/values.yaml' - - name: '{{ .Values.namespace }}-databases-ephemeral' - namespace: '{{ .Values.namespace }}' + - name: 'databases-ephemeral' + namespace: '{{ .Values.namespace1 }}' chart: '../.local/charts/databases-ephemeral' - - name: '{{ .Values.namespace }}-databases-ephemeral-2' - namespace: '{{ .Values.namespaceFed2 }}' + - name: 'databases-ephemeral' + namespace: '{{ .Values.namespace2 }}' chart: '../.local/charts/databases-ephemeral' - - name: '{{ .Values.namespace }}-redis-cluster' - namespace: '{{ .Values.namespace }}' + - name: 'redis-cluster' + namespace: '{{ .Values.namespace1 }}' chart: '../.local/charts/redis-cluster' values: - './helm_vars/redis-cluster/values.yaml.gotmpl' - - name: '{{ .Values.namespace }}-redis-cluster-2' - namespace: '{{ .Values.namespaceFed2 }}' + - name: 'redis-cluster' + namespace: '{{ .Values.namespace2 }}' chart: '../.local/charts/redis-cluster' values: - './helm_vars/redis-cluster/values.yaml.gotmpl' - - name: '{{ .Values.namespace }}-ic' - namespace: '{{ .Values.namespace }}' + - name: 'rabbitmq' + namespace: '{{ .Values.namespace1 }}' + chart: '../.local/charts/rabbitmq' + values: + - './helm_vars/rabbitmq/values.yaml.gotmpl' + + - name: 'rabbitmq' + namespace: '{{ .Values.namespace2 }}' + chart: '../.local/charts/rabbitmq' + values: + - './helm_vars/rabbitmq/values.yaml.gotmpl' + + - name: 'ingress' + namespace: '{{ .Values.namespace1 }}' chart: '../.local/charts/{{ .Values.ingressChart }}' values: - './helm_vars/{{ .Values.ingressChart }}/values.yaml.gotmpl' - - name: '{{ .Values.namespace }}-ic2' - namespace: '{{ .Values.namespaceFed2 }}' + - name: 'ingress' + namespace: '{{ .Values.namespace2 }}' chart: '../.local/charts/{{ .Values.ingressChart }}' values: - './helm_vars/{{ .Values.ingressChart }}/values.yaml.gotmpl' - - name: '{{ .Values.namespace }}-i' - namespace: '{{ .Values.namespace }}' + - name: 'ingress-svc' + namespace: '{{ .Values.namespace1 }}' chart: '../.local/charts/nginx-ingress-services' values: - './helm_vars/nginx-ingress-services/values.yaml.gotmpl' @@ -97,12 +102,12 @@ releases: # federation-test-helper service. Maybe we can find a way to make these # differ, so we don't make any silly assumptions in the code. - name: config.dns.federator - value: {{ .Values.federationDomain }} + value: '{{ .Values.federationDomain1 }}' needs: - - '{{ .Values.namespace }}-ic' + - 'ingress' - - name: '{{ .Values.namespace }}-i2' - namespace: '{{ .Values.namespaceFed2 }}' + - name: 'ingress-svc' + namespace: '{{ .Values.namespace2 }}' chart: '../.local/charts/nginx-ingress-services' values: - './helm_vars/nginx-ingress-services/values.yaml.gotmpl' @@ -112,47 +117,47 @@ releases: # federation-test-helper service. Maybe we can find a way to make these # differ, so we don't make any silly assumptions in the code. - name: config.dns.federator - value: {{ .Values.federationDomainFed2 }} + value: '{{ .Values.federationDomain2 }}' needs: - - '{{ .Values.namespace }}-ic2' + - 'ingress' # Note that wire-server depends on databases-ephemeral being up; and in some # cases on nginx-ingress also being up. If installing helm charts in a # parallel way, it's expected to see some wire-server pods (namely the # cassandra-migration one) fail and get restarted a few times) - - name: '{{ .Values.namespace }}-wire-server' - namespace: '{{ .Values.namespace }}' + - name: 'wire-server' + namespace: '{{ .Values.namespace1 }}' chart: '../.local/charts/wire-server' values: - './helm_vars/wire-server/values.yaml.gotmpl' - './helm_vars/wire-server/certificates-namespace1.yaml' set: - name: brig.config.optSettings.setFederationDomain - value: {{ .Values.federationDomain }} + value: {{ .Values.federationDomain1 }} - name: galley.config.settings.federationDomain - value: {{ .Values.federationDomain }} + value: {{ .Values.federationDomain1 }} - name: cargohold.config.settings.federationDomain - value: {{ .Values.federationDomain }} + value: {{ .Values.federationDomain1 }} - name: brig.config.optSettings.setFederationDomainConfigs[0].domain - value: {{ .Values.federationDomainFed2 }} + value: {{ .Values.federationDomain2 }} needs: - - '{{ .Values.namespace }}-databases-ephemeral' + - 'databases-ephemeral' - - name: '{{ .Values.namespace }}-wire-server-2' - namespace: '{{ .Values.namespaceFed2 }}' + - name: 'wire-server' + namespace: '{{ .Values.namespace2 }}' chart: '../.local/charts/wire-server' values: - './helm_vars/wire-server/values.yaml.gotmpl' - './helm_vars/wire-server/certificates-namespace2.yaml' set: - name: brig.config.optSettings.setFederationDomain - value: {{ .Values.federationDomainFed2 }} + value: {{ .Values.federationDomain2 }} - name: galley.config.settings.federationDomain - value: {{ .Values.federationDomainFed2 }} + value: {{ .Values.federationDomain2 }} - name: cargohold.config.settings.federationDomain - value: {{ .Values.federationDomainFed2 }} + value: {{ .Values.federationDomain2 }} - name: brig.config.optSettings.setFederationDomainConfigs[0].domain - value: {{ .Values.federationDomain }} + value: {{ .Values.federationDomain1 }} needs: - - '{{ .Values.namespace }}-databases-ephemeral-2' + - 'databases-ephemeral' diff --git a/libs/wire-api-federation/default.nix b/libs/wire-api-federation/default.nix index 6b287c10cf5..2f4e1c1df2a 100644 --- a/libs/wire-api-federation/default.nix +++ b/libs/wire-api-federation/default.nix @@ -37,6 +37,7 @@ , text , time , transformers +, transitive-anns , types-common , uuid , wai-utilities @@ -74,6 +75,7 @@ mkDerivation { text time transformers + transitive-anns types-common wai-utilities wire-api diff --git a/libs/wire-api-federation/wire-api-federation.cabal b/libs/wire-api-federation/wire-api-federation.cabal index bbff6452d18..460a8b65bee 100644 --- a/libs/wire-api-federation/wire-api-federation.cabal +++ b/libs/wire-api-federation/wire-api-federation.cabal @@ -76,6 +76,7 @@ library -O2 -Wall -Wincomplete-uni-patterns -Wincomplete-record-updates -Wpartial-fields -fwarn-tabs -optP-Wno-nonportable-include-path -Wredundant-constraints -Wunused-packages + -fplugin=TransitiveAnns.Plugin build-depends: aeson >=2.0.1.0 @@ -105,6 +106,7 @@ library , text >=0.11 , time >=1.8 , transformers + , transitive-anns , types-common , wai-utilities , wire-api diff --git a/services/brig/brig.integration.yaml b/services/brig/brig.integration.yaml index 8d8b67ba307..4fd638b7fbe 100644 --- a/services/brig/brig.integration.yaml +++ b/services/brig/brig.integration.yaml @@ -13,6 +13,11 @@ elasticsearch: url: http://127.0.0.1:9200 index: directory_test +rabbitmq: + host: 127.0.0.1 + port: 5672 + vHost: / + cargohold: host: 127.0.0.1 port: 8084 diff --git a/services/run-services b/services/run-services index 883882ef3db..47d1c555bc9 100755 --- a/services/run-services +++ b/services/run-services @@ -139,9 +139,9 @@ class Instance: except Exception as e: return False - def spawn(self, service_map, environment, suffix, domain, backend_name): + def spawn(self, service_map, environment, suffix, domain, remoteDomains, backend_name): try: - config_file = self.modified_config_file(service_map, suffix, domain, backend_name) + config_file = self.modified_config_file(service_map, suffix, domain, remoteDomains, backend_name) sub = self.service.spawn(config_file, environment) t = threading.Thread(target=lambda: color_output(sub, self.service, backend_name)) t.start() @@ -149,7 +149,7 @@ class Instance: except Exception as e: return Instance(self.service, self.port, exception=e) - def modified_config_file(self, service_map, suffix, domain, backend_name): + def modified_config_file(self, service_map, suffix, domain, remoteDomains, backend_name): """Overwrite port configuration on this service using the provided service_map. @@ -179,6 +179,9 @@ class Instance: elif 'settings' in data: data['settings']['federationDomain'] = domain + if 'remoteDomains' in data: + data['remoteDomains'] = remoteDomains + # set log level if self.service.level is not None: if 'logLevel' in data: @@ -198,10 +201,10 @@ class Instance: data[self.service.name]['port'] = self.port class DummyInstance(Instance): - def spawn(self, service_map, environment, suffix, domain, backend_name): + def spawn(self, service_map, environment, suffix, domain, remoteDomains, backend_name): return self - def modified_config_file(self, service_map, suffix, domain, backend_name): + def modified_config_file(self, service_map, suffix, domain, remoteDomains, backend_name): return "" def check_status(self): @@ -224,7 +227,7 @@ class NginzInstance(Instance): self.fed_port = fed_port super().__init__(NGINZ, local_port) - def modified_config_file(self, service_map, suffix, domain, backend_name): + def modified_config_file(self, service_map, suffix, domain, remoteDomains, backend_name): # Create a whole temporary directory and copy all nginx's config files. # This is necessary because nginx assumes local imports are relative to # the location of the main configuration file. @@ -245,11 +248,12 @@ class NginzInstance(Instance): # override upstreams with open(os.path.join(self.tmpdir.name, "upstreams"), 'w') as f: for service, port in service_map.items(): - print(f"upstream {service.internal_name} {{", file=f) - print(f" least_conn;", file=f) - print(f" keepalive 32;", file=f) - print(f" server 127.0.0.1:{port} max_fails=3 weight=1;", file=f) - print("}", file=f) + if port != 0: + print(f"upstream {service.internal_name} {{", file=f) + print(f" least_conn;", file=f) + print(f" keepalive 32;", file=f) + print(f" server 127.0.0.1:{port} max_fails=3 weight=1;", file=f) + print("}", file=f) print("upstream federator_external {", file=f) print(f" server 127.0.0.1:{self.fed_port} max_fails=3 weight=1;", file=f) print("}", file=f) @@ -322,17 +326,16 @@ def cleanup_instances(instances): instance.process.send_signal(signal.SIGKILl) instance.thread.join() -def start_backend(services, suffix, domain, backend_name): +def start_backend(services, suffix, domain, remoteDomains, backend_name): # build a service map by choosing an arbitrary instance of each service service_map = dict((s.service, s.port) for s in services) instances = set() for blueprint in services: - instances.add(blueprint.spawn(service_map, environment, suffix, domain, backend_name)) + instances.add(blueprint.spawn(service_map, environment, suffix, domain, remoteDomains, backend_name)) failed_instances = [instance for instance in instances if instance.exception is not None] - # check instances to_be_checked = [instance for instance in instances if instance.exception is None] @@ -395,7 +398,9 @@ if __name__ == '__main__': environment = { 'AWS_REGION': "eu-west-1", 'AWS_ACCESS_KEY_ID': "dummykey", - 'AWS_SECRET_ACCESS_KEY': "dummysecret" + 'AWS_SECRET_ACCESS_KEY': "dummysecret", + 'RABBITMQ_USERNAME': 'guest', + 'RABBITMQ_PASSWORD': 'alpaca-grapefruit' } backend_a = [ @@ -437,9 +442,9 @@ if __name__ == '__main__': try: instances = set() - instances |= start_backend(backend_a, "", "example.com", "A") + instances |= start_backend(backend_a, "", "example.com", ["b.example.com"], "A") if ENABLE_FEDERATION: - instances |= start_backend(backend_b, "2", "b.example.com", "B") + instances |= start_backend(backend_b, "2", "b.example.com", ["example.com"], "B") # run main script or just wait forever if len(sys.argv) == 1: