Merge pull request #42 from mathieucarbou/terracotta-bm

Terracotta BigMemory Max Helm charts

.github/workflows/dry-run-test.yml

@@ -53,3 +53,7 @@ jobs:
       - name: Dry-run of universalmessaging
         run: |
           helm template um universalmessaging/helm
+
+      - name: Dry-run of terracottabigmemorymax
+        run: |
+          helm template um terracottabigmemory/helm

.github/workflows/release.yml

@@ -42,6 +42,7 @@ jobs:
           helm package -u microservicesruntime/helm
           helm package -u mywebmethodsserver/helm
           helm package -u universalmessaging/helm
+          helm package -u terracottabigmemorymax/helm
 
       - name: Push Helm Charts to this GitHub repo branch 'gh-pages' 
         run: |

terracottabigmemorymax/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

terracottabigmemorymax/helm/Chart.yaml

@@ -0,0 +1,41 @@
+# /*
+#  * Copyright (c) 2021 Software AG, Darmstadt, Germany and/or its licensors
+#  *
+#  * SPDX-License-Identifier: Apache-2.0
+#  *
+#  *   Licensed under the Apache License, Version 2.0 (the "License");
+#  *   you may not use this file except in compliance with the License.
+#  *   You may obtain a copy of the License at
+#  *
+#  *       http://www.apache.org/licenses/LICENSE-2.0
+#  *
+#  *   Unless required by applicable law or agreed to in writing, software
+#  *   distributed under the License is distributed on an "AS IS" BASIS,
+#  *   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  *   See the License for the specific language governing permissions and
+#  *   limitations under the License.
+#  *
+#  */
+apiVersion: v2
+name: terracottabigmemorymax
+description: Terracotta BigMemory Max Helm Chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: "1.1.0"
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+appVersion: "4.4.0"

terracottabigmemorymax/helm/README.md

@@ -0,0 +1,168 @@
+# Terracotta BigMemory Max Helm Chart
+
+## Disclaimer and Warnings
+
+**The user is responsible for customizing these files on-site.**
+This Helm chart is provided as a minimal requirement to install Terracotta BigMemory Max on k8s.
+
+---
+
+*Considering the complexity of k8s settings regarding pod and volume lifecycle in the context of a multi-stripe active/passive cluster it is strongly advised that the user consult with a k8s expert.*
+
+*Pay attention that the nature of k8s automatically handling pod restart and volume assignment can go against the expected normal behavior of Terracotta Servers on a traditional infrastructure. This can lead to unexpected behaviors and / or malfunctioning clusters.*
+
+*Terracotta Servers embed a mechanism to automatically restart in case of failure or configuration change, and eventually can invalidate the data on disk (to be wiped). This mechanism is not compatible with the default k8s lifecycle management which can for example respawn a pod on a pre-existing volume where the data has been marked invalidated.*
+
+---
+
+## QuickStart
+
+From the helm directory
+
+```bash
+helm install <release-name> --set-file license=<license-file> --set tag=4.3.10-SNAPSHOT .
+```
+
+**IMPORTANT note:** license and tag are mandatory parameter that need to be set during helm chart installation.
+
+There are other parameters defined in values.yaml which can be overridden as well during installation which can be used
+for changing how terracotta cluster should be deployed in kubernetes environment. By default it deploys BigMemory
+cluster with two stripe each having two nodes and a tmc inside kubernetes.
+
+### Security
+
+### Image Pull Secret
+
+Provide an image pull secret for the registry where the desired images  are to be pulled from.
+
+```
+kubectl create secret docker-registry regcred --docker-server=<your-registry-server> --docker-username=<your-name> --docker-password=<your-pwd> --docker-email=<your-email>
+```
+
+### STEP #1: Create a secret
+
+Suppose you are creating a 2*1 bigmemory cluster and 1 tmc then Create a secret which contains following files
+
+- terracotta-0-keystore.jks :- keystore file for server1.
+- terracotta-1-keystore.jks :- keystore file for server2.
+- tmc-0-keystore.jks :- keystore file for tmc.
+- truststore.jks :- truststore file containing public certs for all the above keystores.
+- keychain - keychain file containing password for everything. For ex-
+
+````
+Terracotta Command Line Tools - Keychain Client
+tc://[email protected]:9540 : chunuAa1$
+file:/opt/softwareag/.tc/mgmt/truststore.jks : chunuAa1$
+file:/opt/softwareag/run/truststore.jks : chunuAa1$
+tc://[email protected]:9510 : chunuAa1$
+tc://[email protected]:9530 : chunuAa1$
+file:/opt/softwareag/.tc/mgmt/tmc-0-keystore.jks : chunuAa1$
+https://terracotta-1.terracotta-service.default.svc.cluster.local:9540/tc-management-api : chunuAa1$
+https://terracotta-0.terracotta-service.default.svc.cluster.local:9540/tc-management-api : chunuAa1$
+tc://[email protected]:9510 : chunuAa1$
+jks:terracotta-0-alias@/opt/softwareag/run/terracotta-0-keystore.jks : chunuAa1$
+tc://[email protected]:9540 : chunuAa1$
+tc://[email protected]:9530 : chunuAa1$
+jks:terracotta-1-alias@/opt/softwareag/run/terracotta-1-keystore.jks : chunuAa1$
+````
+
+- tmc-https.ini :- For enabling ssl connections in jetty. For ex-
+
+````
+jetty.sslContext.keyManagerPassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw
+jetty.sslContext.keyStorePassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw
+jetty.sslContext.trustStorePassword=OBF:1fwe1jg61vgz1nsc1zen1npu1vfv1jd41fsw
+````
+
+- terracotta.ini :- contains user with name 'user' as we are using it in generated tc-config.xml.
+
+````
+./usermanagement.sh -c terracotta.ini user terracotta admin
+````
+
+Example to create secret in k8s cluster manually -
+
+````
+kubectl create secret generic certificatesecret \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/keychain \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/terracotta-0-keystore.jks \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/truststore.jks \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/terracotta.ini \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/tmc-0-keystore.jks \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/tmc-https.ini \
+--from-file=/home/[email protected]/4.xconfig/k8sCert/terracotta-1-keystore.jks
+````
+
+### Step #2: Install the helm chart and use the above created secret.
+
+````
+helm install "my-release" --set stripeCount=2 --set nodeCountPerStripe=1 --set-file license=/home/[email protected]/4.xlicense/license.key --set tag=4.3.10-SNAPSHOT --set security=true --set secretName=certificatesecret  .
+````
+
+### Step #3: Verify from the browser to see if connections can be created securely to tmc.
+
+- First enable port-forwarding for tmc-service using -
+
+````
+kubectl port-forward service/tmc-service 8080:9443
+````
+
+- Go to browser and go to url https://localhost:8080 and then set up authentication.
+- It will ask for tmc restart so do it using
+
+```
+kubectl delete pod tmc-0.
+```
+
+- Now again start port-forwarding and go to browser and connect to following url -
+
+```
+https://terracotta-0.terracotta-service.default.svc.cluster.local
+```
+
+- When asking for user name enter "user" . It should be able to connect and show cluster information on browser.
+
+
+### Prometheus support
+Terracotta BigMemory provides a list of key metrics in Prometheus compatible format over HTTP on TMC endpoint:
+```
+http(s)://<host>:<port>/tmc/api/prometheus
+```
+Sample config to add BigMemory as a target in the prometheus.yml configuration file
+
+For non secure cluster - 
+```
+- job_name: 'big_memory'
+    metrics_path: /tmc/api/prometheus
+    static_configs:
+        - targets: ['localhost:9889']
+```
+
+For secure cluster - 
+```
+- job_name: 'big_memory'
+    scheme: https
+    metrics_path: /tmc/api/prometheus
+    static_configs:
+    - targets: ['localhost:9443']
+    basic_auth:
+      username: <username>
+      password: <password>
+    tls_config:
+      ca_file: <path-to-tmc-certificate>
+```
+
+### Step #4: For removing deployment from kubernetes cluster.
+
+```bash
+helm delete <release-name>
+```
+
+## Version History
+
+| Version | Changes and Description |
+|---------|-------------------------|
+| `1.0.0' | Initial release         |
+| `1.1.0' | Available from GitHub   |
+
+{{ template "chart.valuesSection" . }}