From 35d7988854bd13b902098bda12e0e7da2fd6bf77 Mon Sep 17 00:00:00 2001 From: Steve Pentland Date: Sun, 10 Mar 2024 18:38:20 -0400 Subject: [PATCH] chore(app): add headless service type to chart In some scenarios, an ExternalName service cannot point to an IP address. For these cases, a headless service + endpoint slice may resolve any issues --- charts/nx-cloud/Chart.yaml | 2 +- charts/nx-cloud/ci/endpointslice-values.yaml | 69 +++++++++++++++++++ .../nx-cloud-workflow-controller-service.yaml | 40 ++++++++++- charts/nx-cloud/values.yaml | 6 +- 4 files changed, 114 insertions(+), 3 deletions(-) create mode 100644 charts/nx-cloud/ci/endpointslice-values.yaml diff --git a/charts/nx-cloud/Chart.yaml b/charts/nx-cloud/Chart.yaml index f6b0b1a..0116218 100644 --- a/charts/nx-cloud/Chart.yaml +++ b/charts/nx-cloud/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: nx-cloud description: Nx Cloud Helm Chart type: application -version: 0.14.1 +version: 0.15.0-rc.4 maintainers: - name: nx url: "https://nx.app/" diff --git a/charts/nx-cloud/ci/endpointslice-values.yaml b/charts/nx-cloud/ci/endpointslice-values.yaml new file mode 100644 index 0000000..198801d --- /dev/null +++ b/charts/nx-cloud/ci/endpointslice-values.yaml @@ -0,0 +1,69 @@ +global: + imageTag: '2308.22.7' + +nxCloudAppURL: 'URL_TO_ACCESS_INGRESS_FROM_DEV_MACHINES' + +secret: + name: 'cloudsecret' + nxCloudMongoServerEndpoint: 'NX_CLOUD_MONGO_SERVER_ENDPOINT' + adminPassword: 'ADMIN_PASSWORD' + +# When creating new values files for testing, bring over the lines below. The generated environment is quite resource +# constrained and with the default settings from values.yaml some of the pods will fail to schedule. +frontend: + resources: + requests: + memory: '0.5Mi' + cpu: '0.1' + +nxApi: + resources: + requests: + memory: '0.5Mi' + cpu: '0.1' + +fileServer: + resources: + requests: + memory: '0.5Mi' + cpu: '0.1' + +aggregator: + resources: + requests: + memory: '0.5Mi' + cpu: '0.1' + +nxCloudWorkflows: + enabled: true + port: 9000 + name: 'nx-cloud-workflow-controller-service' + workflowsNamespace: 'nx-cloud-workflows' + + externalName: '192.0.2.22' + headless: true + +extraManifests: + secret: + apiVersion: v1 + kind: Secret + metadata: + name: cloudsecret + namespace: default + type: Opaque + stringData: + NX_CLOUD_MONGO_SERVER_ENDPOINT: "mongodb://127.0.0.1" + ADMIN_PASSWORD: "SOME_ADMIN_PASSWORD" + GITHUB_SECRET: "I_AM_A_SECRET_VALUE" + GH_CLIENT_ID: "I_AM_A_SECRET_VALUE" + GH_CLIENT_SECRET_VALUE: "I_AM_A_SECRET_VALUE" + SOME_SECRET_TOKEN: "I_AM_A_SECRET_VALUE" + GITLAB_ACCESS_TOKEN: "I_AM_A_SECRET_VALUE" + GITHUB_AUTH_CLIENT_ID: "A_GITHUB_ID" + GITHUB_AUTH_CLIENT_SECRET: "A_GITHUB_CLIENT_SECRET" + GITHUB_WEBHOOK_SECRET: "A_GITHUB_SECRET_VALUE" + GITHUB_AUTH_TOKEN: "A_GITHUB_SECRET_VALUE" + GITHUB_APP_PRIVATE_KEY: "A_GITHUB_SECRET_VALUE" + GITHUB_APP_ID: "A_GITHUB_SECRET_VALUE" + AWS_KEY: "MYAWSKEY" + AWS_SECRET: "SUPER_SECRET_AWS_SECRET" diff --git a/charts/nx-cloud/templates/nx-cloud-workflow-controller-service.yaml b/charts/nx-cloud/templates/nx-cloud-workflow-controller-service.yaml index 37960f2..822077b 100644 --- a/charts/nx-cloud/templates/nx-cloud-workflow-controller-service.yaml +++ b/charts/nx-cloud/templates/nx-cloud-workflow-controller-service.yaml @@ -1,4 +1,41 @@ -{{- if and .Values.nxCloudWorkflows.enabled .Values.nxCloudWorkflows.externalName }} +{{- if and .Values.nxCloudWorkflows.enabled .Values.nxCloudWorkflows.externalName}} +{{- if .Values.nxCloudWorkflows.headless }} +# Headless service and endpoint slice +--- +apiVersion: v1 +kind: Service +metadata: + name: {{ .Values.nxCloudWorkflows.name }} + namespace: {{ .Values.global.namespace }} + labels: + app: nx-cloud-workflow-controller + {{- include "nxCloud.app.labels" . | indent 4 }} +spec: + ports: + - port: {{ .Values.nxCloudWorkflows.port }} + protocol: TCP + targetPort: {{ .Values.nxCloudWorkflows.port }} +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: {{ printf "%s-1" .Values.nxCloudWorkflows.name }} + namespace: {{ .Values.global.namespace }} + labels: + kubernetes.io/service-name: {{ .Values.nxCloudWorkflows.name }} + endpointslice.kubernetes.io/manage-by: helm + app: nx-cloud-workflow-controller + {{- include "nxCloud.app.labels" . | indent 4 }} +addressType: IPv4 +ports: +- name: '' + protocol: TCP + port: {{ .Values.nxCloudWorkflows.port }} +endpoints: +- addresses: + - {{ .Values.nxCloudWorkflows.externalName | quote }} + conditions: {} +{{- else }} --- apiVersion: v1 kind: Service @@ -14,3 +51,4 @@ spec: externalName: {{ .Values.nxCloudWorkflows.externalName }} {{- end }} {{- end }} +{{- end }} diff --git a/charts/nx-cloud/values.yaml b/charts/nx-cloud/values.yaml index adddd14..bb49e12 100644 --- a/charts/nx-cloud/values.yaml +++ b/charts/nx-cloud/values.yaml @@ -135,7 +135,6 @@ nxCloudWorkflows: name: 'nx-cloud-workflow-controller-service' workflowsNamespace: 'nx-cloud-workflows' - # If externalName is left unset, the applications will look for ane existing service with the name defined # by `nxCloudWorkflows.name` in the namespace `nxCloudWorkflows.workflowsNamespace`. Use this option if you are # also running the nx-agents chart in the same cluster as this nx-cloud chart @@ -145,6 +144,11 @@ nxCloudWorkflows: # Use this option if your nx-agents are running in a different cluster than this nx-cloud chart externalName: '' + # If you find that an externalName service is not working as expected, you can set this to true to create a headless service + # which will create an endpoint group as an alternative. Please continue to set `externalName` to the IP address + # you wish to direct traffic to as we will use it to populate the endpoint slice. + headless: false + # Deprecated, use nxApi.deployment.replicas and frontend.deployment.replicas replicas: frontend: 1