From 8c16d9938854fa17d17e9cd5b72ac639fc32105e Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Thu, 21 Sep 2023 15:54:51 +0200 Subject: [PATCH] Configure DataDog Injection * Bump `bitnami/common@2.10.0` -> `bitnami/common@2.11.1` * Bump `bitnami/mongodb@13.18.1` -> `bitnami/mongodb@13.18.4` * Add ability to toggle DataDog APM Injection * Disabled for now * `yarn global add node-gyp` in Dockerfile build stage --- Dockerfile | 1 + helm/trust-registry.yaml | 12 ++++++++++ helm/trust-registry/Chart.lock | 8 +++---- helm/trust-registry/Chart.yaml | 6 ++--- helm/trust-registry/templates/deployment.yaml | 23 ++++++++++++------- helm/trust-registry/templates/ingress.yaml | 4 ++-- helm/trust-registry/values.yaml | 18 +++++++++++++-- 7 files changed, 53 insertions(+), 19 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6db522fd..85e44807 100644 --- a/Dockerfile +++ b/Dockerfile @@ -9,6 +9,7 @@ RUN apt-get update && apt-get install -y \ gcc \ make \ python3 +RUN yarn global add node-gyp WORKDIR /app COPY yarn.lock package.json ./ diff --git a/helm/trust-registry.yaml b/helm/trust-registry.yaml index 92a9c4f4..f9b29baf 100644 --- a/helm/trust-registry.yaml +++ b/helm/trust-registry.yaml @@ -2,9 +2,13 @@ environments: dev: values: - namespace: trust-registry-dev + ddInjectEnabled: false + ddProfilingEnabled: false prod: values: - namespace: trust-registry-prod + ddInjectEnabled: false + ddProfilingEnabled: false --- repositories: - name: bitnami @@ -17,6 +21,14 @@ releases: chart: ./trust-registry values: - ./trust-registry/conf/{{ .Environment.Name }}/values.yaml + - deploymentLabels: + tags.datadoghq.com/env: {{ .Environment.Name }} + podLabels: + tags.datadoghq.com/env: {{ .Environment.Name }} + admission.datadoghq.com/enabled: {{ quote .Values.ddInjectEnabled }} + set: + - name: extraEnvVars.ddProfilingEnabled + value: {{ .Values.ddProfilingEnabled }} --- helmDefaults: timeout: 300 diff --git a/helm/trust-registry/Chart.lock b/helm/trust-registry/Chart.lock index 6bfdea47..9789e88e 100644 --- a/helm/trust-registry/Chart.lock +++ b/helm/trust-registry/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.10.0 + version: 2.11.1 - name: mongodb repository: oci://registry-1.docker.io/bitnamicharts - version: 13.18.1 -digest: sha256:b054b97b15b33e681fb1c108d17312f802f6b5aa10a105c971bd0d83dafd687c -generated: "2023-09-06T13:44:52.210352+02:00" + version: 13.18.4 +digest: sha256:a5807bbdb24b5c04f12046462e5893450b2ada35cb5f80014606475df3740091 +generated: "2023-09-21T15:54:30.24679+02:00" diff --git a/helm/trust-registry/Chart.yaml b/helm/trust-registry/Chart.yaml index 7021c1f3..27ca608d 100644 --- a/helm/trust-registry/Chart.yaml +++ b/helm/trust-registry/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: trust-registry description: A Helm chart to deploy the SSI Trust Registry in Kubernetes type: application -version: 0.1.2 +version: 0.1.3 keywords: - ssi @@ -17,11 +17,11 @@ maintainers: dependencies: # https://github.com/bitnami/charts/tree/main/bitnami/common - name: common - version: 2.10.0 + version: 2.11.1 repository: oci://registry-1.docker.io/bitnamicharts # https://github.com/bitnami/charts/tree/main/bitnami/mongodb - name: mongodb - version: 13.18.1 + version: 13.18.4 repository: oci://registry-1.docker.io/bitnamicharts alias: mongodb condition: mongodb.enabled diff --git a/helm/trust-registry/templates/deployment.yaml b/helm/trust-registry/templates/deployment.yaml index 03fe5df6..fdb8212a 100644 --- a/helm/trust-registry/templates/deployment.yaml +++ b/helm/trust-registry/templates/deployment.yaml @@ -4,6 +4,9 @@ metadata: name: {{ include "trust-registry.fullname" . }} labels: {{- include "trust-registry.labels" . | nindent 4 }} + {{- with .Values.deploymentLabels }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 4 }} + {{- end }} spec: {{- if not .Values.autoscaling.enabled }} replicas: {{ .Values.replicaCount }} @@ -16,14 +19,17 @@ spec: annotations: checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} - {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} {{- end }} labels: {{- include "trust-registry.selectorLabels" . | nindent 8 }} + {{- with .Values.podLabels }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} + {{- end }} spec: {{- with .Values.initContainers }} initContainers: - {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: @@ -49,13 +55,14 @@ spec: env: {{- range $k,$v := . }} - name: {{ upper (snakecase $k) }} - {{- if typeIs "string" $v }} - value: {{ tpl $v $ }} + {{- $type := printf "%s" (typeOf $v) }} + {{- if or (eq $type "string") (eq $type "float64") (eq $type "bool") }} + value: {{ tpl (toString $v) $ | quote }} {{- else }} - {{- tpl (toYaml $v) $ | nindent 14 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 14 }} {{- end }} {{- end }} - {{- end }} + {{- end }} livenessProbe: httpGet: path: /health @@ -74,7 +81,7 @@ spec: {{- toYaml .Values.resources | nindent 12 }} {{- with .Values.extraVolumeMounts }} volumeMounts: - {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 12 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 12 }} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: @@ -90,5 +97,5 @@ spec: {{- end }} {{- with .Values.extraVolumes }} volumes: - {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | nindent 8 }} + {{- include "common.tplvalues.render" (dict "value" . "context" $) | nindent 8 }} {{- end }} diff --git a/helm/trust-registry/templates/ingress.yaml b/helm/trust-registry/templates/ingress.yaml index 7531057a..7164ab38 100644 --- a/helm/trust-registry/templates/ingress.yaml +++ b/helm/trust-registry/templates/ingress.yaml @@ -29,7 +29,7 @@ spec: {{- range .tls }} - hosts: {{- range .hosts }} - - {{- include "common.tplvalues.render" ( dict "value" . "context" $ ) | quote }} + - {{ tpl . $ | quote }} {{- end }} secretName: {{ include "common.tplvalues.render" ( dict "value" .secretName "context" $ ) }} {{- end }} @@ -60,7 +60,7 @@ spec: service: name: {{ include "trust-registry.fullname" $ }} port: - number: {{ $.Values.service.port }} + number: {{ default $.Values.service.port $paths.port }} {{- end -}} {{- end -}} {{- end -}} diff --git a/helm/trust-registry/values.yaml b/helm/trust-registry/values.yaml index e860089f..525ed940 100644 --- a/helm/trust-registry/values.yaml +++ b/helm/trust-registry/values.yaml @@ -20,7 +20,17 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} +deploymentLabels: + # tags.datadoghq.com/env: + tags.datadoghq.com/service: '{{ include "trust-registry.fullname" . }}' + tags.datadoghq.com/version: '{{ .Values.image.tag }}' +podAnnotations: + admission.datadoghq.com/js-lib.version: v4.15.0 +podLabels: + # tags.datadoghq.com/env: + tags.datadoghq.com/service: '{{ include "trust-registry.fullname" . }}' + tags.datadoghq.com/version: '{{ .Values.image.tag }}' + admission.datadoghq.com/enabled: 'false' podSecurityContext: fsGroup: 1000 @@ -45,7 +55,11 @@ db: port: 27017 opts: "" -extraEnvVars: {} +extraEnvVars: + ddLogsInjection: true + # ddTraceSampleRate: 1 + ddProfilingEnabled: false + ddRuntimeMetricsEnabled: true # foo: bar # -> FOO # fooBaz: baz # -> FOO_BAZ # dbConnectionString: # -> DB_CONNECTION_STRING