From 62c95a7dbe8c82c88810c0c0873b6fb8aa8cc4dd Mon Sep 17 00:00:00 2001 From: Cedric Verstraeten Date: Wed, 28 Feb 2024 19:31:12 +0100 Subject: [PATCH] support for mongodb 6.x and beyond + added readonly attribute --- charts/hub/Chart.yaml | 2 +- .../hub/templates/kerberos-hub/hub-api.yaml | 2 + .../templates/kerberos-hub/hub-cleanup.yaml | 4 ++ .../kerberos-hub/hub-monitor-device.yaml | 4 ++ .../hub-reactivate-subscription.yaml | 4 ++ .../kerberos-pipeline/pipe-analysis.yaml | 2 + .../kerberos-pipeline/pipe-event.yaml | 4 ++ .../kerberos-pipeline/pipe-monitor.yaml | 2 + .../kerberos-pipeline/pipe-notify-test.yaml | 2 + .../kerberos-pipeline/pipe-notify.yaml | 2 + .../kerberos-pipeline/pipe-sequence.yaml | 2 + .../kerberos-pipeline/pipe-throttler.yaml | 2 + .../kerberos-vault/vault-forwarder.yaml | 2 + charts/hub/values.yaml | 66 +++++++++++-------- 14 files changed, 71 insertions(+), 29 deletions(-) diff --git a/charts/hub/Chart.yaml b/charts/hub/Chart.yaml index 1835715..aac9348 100644 --- a/charts/hub/Chart.yaml +++ b/charts/hub/Chart.yaml @@ -16,7 +16,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.50.0 +version: 0.51.0 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/hub/templates/kerberos-hub/hub-api.yaml b/charts/hub/templates/kerberos-hub/hub-api.yaml index 1ae57f0..7404a65 100644 --- a/charts/hub/templates/kerberos-hub/hub-api.yaml +++ b/charts/hub/templates/kerberos-hub/hub-api.yaml @@ -255,6 +255,8 @@ spec: # Mongodb - name: MONGODB_DATABASE_CLOUD value: "Kerberos" + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-hub/hub-cleanup.yaml b/charts/hub/templates/kerberos-hub/hub-cleanup.yaml index d4e948a..5605a8c 100644 --- a/charts/hub/templates/kerberos-hub/hub-cleanup.yaml +++ b/charts/hub/templates/kerberos-hub/hub-cleanup.yaml @@ -31,10 +31,14 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} env: + - name: READ_ONLY + value: "{{ .Values.readonly }}" - name: MAX_DAYS value: "30" - name: MONGODB_DATABASE_CLOUD value: "Kerberos" + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-hub/hub-monitor-device.yaml b/charts/hub/templates/kerberos-hub/hub-monitor-device.yaml index c283a74..d90346a 100644 --- a/charts/hub/templates/kerberos-hub/hub-monitor-device.yaml +++ b/charts/hub/templates/kerberos-hub/hub-monitor-device.yaml @@ -39,9 +39,13 @@ spec: {{- toYaml . | nindent 12 }} {{- end }} env: + - name: READ_ONLY + value: "{{ .Values.readonly }}" # Mongodb - name: MONGODB_DATABASE_CLOUD value: "Kerberos" + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-hub/hub-reactivate-subscription.yaml b/charts/hub/templates/kerberos-hub/hub-reactivate-subscription.yaml index d5534b7..728dbd4 100644 --- a/charts/hub/templates/kerberos-hub/hub-reactivate-subscription.yaml +++ b/charts/hub/templates/kerberos-hub/hub-reactivate-subscription.yaml @@ -27,6 +27,10 @@ spec: image: "{{ .Values.kerberoshub.reactivate.repository }}:{{ .Values.kerberoshub.reactivate.tag }}" imagePullPolicy: {{ .Values.kerberoshub.reactivate.pullPolicy }} env: + - name: READ_ONLY + value: "{{ .Values.readonly }}" + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-analysis.yaml b/charts/hub/templates/kerberos-pipeline/pipe-analysis.yaml index 8ef35ed..d269230 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-analysis.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-analysis.yaml @@ -37,6 +37,8 @@ spec: value: "{{ .Values.queueProvider }}" # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-event.yaml b/charts/hub/templates/kerberos-pipeline/pipe-event.yaml index 88c065e..493b7cf 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-event.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-event.yaml @@ -33,12 +33,16 @@ spec: ports: - containerPort: 8080 env: + - name: READ_ONLY + value: "{{ .Values.readonly }}" - name: CLOUD_PROVIDER value: "{{ .Values.cloudProvider }}" - name: QUEUE_SYSTEM value: "{{ .Values.queueProvider }}" # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-monitor.yaml b/charts/hub/templates/kerberos-pipeline/pipe-monitor.yaml index 8acfbd5..37a1933 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-monitor.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-monitor.yaml @@ -32,6 +32,8 @@ spec: {{- end }} env: # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-notify-test.yaml b/charts/hub/templates/kerberos-pipeline/pipe-notify-test.yaml index 71dea67..cef43af 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-notify-test.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-notify-test.yaml @@ -43,6 +43,8 @@ spec: value: "{{ .Values.queueProvider }}" # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-notify.yaml b/charts/hub/templates/kerberos-pipeline/pipe-notify.yaml index df6b72a..3eede92 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-notify.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-notify.yaml @@ -40,6 +40,8 @@ spec: {{- end }} env: # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-sequence.yaml b/charts/hub/templates/kerberos-pipeline/pipe-sequence.yaml index fda7b53..e85c912 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-sequence.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-sequence.yaml @@ -37,6 +37,8 @@ spec: value: "{{ .Values.queueProvider }}" # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-pipeline/pipe-throttler.yaml b/charts/hub/templates/kerberos-pipeline/pipe-throttler.yaml index eef5342..36d1c77 100644 --- a/charts/hub/templates/kerberos-pipeline/pipe-throttler.yaml +++ b/charts/hub/templates/kerberos-pipeline/pipe-throttler.yaml @@ -37,6 +37,8 @@ spec: value: "{{ .Values.queueProvider }}" # Database + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_HOST value: "{{ .Values.mongodb.host }}" - name: MONGODB_DATABASE_CREDENTIALS diff --git a/charts/hub/templates/kerberos-vault/vault-forwarder.yaml b/charts/hub/templates/kerberos-vault/vault-forwarder.yaml index 2421daf..de3cdf1 100644 --- a/charts/hub/templates/kerberos-vault/vault-forwarder.yaml +++ b/charts/hub/templates/kerberos-vault/vault-forwarder.yaml @@ -38,6 +38,8 @@ spec: - name: BUFFER_TIME value: "3" # Mongodb + - name: MONGODB_URI + value: "{{ .Values.mongodb.uri }}" - name: MONGODB_DATABASE_CLOUD value: "Kerberos" - name: MONGODB_HOST diff --git a/charts/hub/values.yaml b/charts/hub/values.yaml index b91fc8e..d0f4b44 100644 --- a/charts/hub/values.yaml +++ b/charts/hub/values.yaml @@ -30,18 +30,23 @@ readOnly: false # Which network ingress you are using in your Kubernetes Cluster ingress: "nginx" # or "traefik" -# A mongodb instance is required to store all the relevant metadata. +# A mongodb instance is required to store all the relevant metadata (this can be standalone or in a cluster). mongodb: + # MongoDB URI (for example for a SaaS service like MongoDB Atlas) + # If uri is set, the below properties are not used (host, adminDatabase, username, password) + #uri: "mongodb+srv://xx:xx@kerberos-hub.xxx.mongodb.net/?retryWrites=true&w=majority&appName=xxx" + + # Self-hosted mongodb, you could also use the uri property above. host: mongodb.mongodb - #host: "mongodb-0.mongodb-headless.mongodb:27017,mongodb-1.mongodb-headless.mongodb:27017" adminDatabase: admin username: yourusername password: "yourpassword" # A MQTT broker (vernemq or other like mosquitto) is used to have a bi-directional -# communication between enterprise agents and kerberos hub. +# communication between Kerberos Agents and Kerberos Hub. +# we recommend to use vernemq (as part of this installation), but a stand-alone mosquitto broker is also possible. mqtt: - host: "mqtt.yourdomain.com" + host: "mqtt.yourdomain.com" # this needs to be a public accessible DNS name (it's used to communicate between Kerberos Agents and Kerberos Hub) port: "8443" protocol: "wss" username: "yourusername" @@ -52,31 +57,36 @@ mqtt: # We are using a pipeline that is orchestrated through Kafka topics or RabbitMQ queues # Events are send back and forth until the processing is done. -queueProvider: "KAFKA" # or "RABBITMQ" +queueProvider: "RABBITMQ" # or "KAFKA" queueName: "kcloud-event-queue" # This is the topic to which all events are send. -kafka: - broker: "kafka1.yourdomain.com:9094,kafka2.yourdomain.com:9094" - username: "yourusername" - password: "yourpassword" - mechanism: "PLAIN" - security: "SASL_PLAINTEXT" - # RabbitMQ can be installed in the same cluster using a helm chart, or you can -# use a cloud provider like AWS, GCP, Azure, etc. +# use a service on cloud provider like AWS, GCP, Azure, etc. rabbitmq: - host: "rabbitmq.yourdomain.com:5671" # or for AWS: "amqps://b-xxx-xxx-xxx-xxx-xxx.mq.eu-central-1.amazonaws.com:5671" + host: "rabbitmq.rabbitmq:5672" # can be internal dns name or external + #host: "amqps://b-xxx-xxx-xxx-xxx-xxx.mq.eu-central-1.amazonaws.com:5671" username: "yourusername" password: "yourpassword" exchange: "" +# If you already have a Kafka cluster you might use this instead of RabbitMQ. +kafka: + broker: "kafka1.yourdomain.com:9094" # can be internal dns name or external + username: "yourusername" + password: "yourpassword" + mechanism: "PLAIN" + security: "SASL_PLAINTEXT" + # For allowing WEBRTC a STUN and TURN server is required. +# You might want to install coturn in a seperate VM. +# -> https://help.hcltechsw.com/sametime/11.6/admin/turnserver_ubuntu.html turn: - host: "turn:turn.yourdomain.com:8443" + host: "turn:turn.yourdomain.com:8443" # this needs to be a public accessible DNS name. username: "username1" password: "password1" -# OpenAI integration, used for semantic search +# (optional) OpenAI integration, used for semantic search +# Langchain is used to translate text to a filter on the media page openai: enabled: false apikey: "xxx" @@ -85,7 +95,7 @@ openai: # recordings. Kerberos vault is queried to retrieve the recordings # from the appropriate provider. kerberosvault: - uri: "https://api.vault.yourdomain.com" + uri: "https://api.vault.yourdomain.com" # this needs to be a public accessible DNS name. provider: "a-provider" accesskey: "xxx" secretkey: "xxx" @@ -141,7 +151,7 @@ kerberoshub: api: repository: kerberos/hub-api pullPolicy: IfNotPresent - tag: "1.0.1189595608" + tag: "1.0.1190745862" replicas: 2 jwtSecret: "this-is-a-secret-please-change-to-random-string" # change to a random value, this is for generating JWT tokens. schema: "https" @@ -332,7 +342,7 @@ kerberoshub: cleanup: repository: kerberos/hub-cleanup pullPolicy: IfNotPresent - tag: "1.0.6252172854" + tag: "1.0.6256539569" resources: requests: memory: 10Mi @@ -340,7 +350,7 @@ kerberoshub: monitordevice: repository: kerberos/hub-monitor-device pullPolicy: IfNotPresent - tag: "1.0.6161311627" + tag: "1.0.6256190978" resources: requests: memory: 10Mi @@ -356,7 +366,7 @@ kerberoshub: reactivate: repository: kerberos/hub-reactivate pullPolicy: IfNotPresent - tag: "1.0.6198888192" + tag: "1.0.6256184527" resources: requests: memory: 10Mi @@ -384,7 +394,7 @@ kerberospipeline: event: repository: kerberos/pipe-event pullPolicy: IfNotPresent - tag: "1.0.6243407695" + tag: "1.0.6256042211" replicas: 1 resources: requests: @@ -393,7 +403,7 @@ kerberospipeline: monitor: repository: kerberos/pipe-monitor pullPolicy: IfNotPresent - tag: "1.0.6250441079" + tag: "1.0.6256044005" replicas: 1 resources: requests: @@ -402,7 +412,7 @@ kerberospipeline: sequence: repository: kerberos/pipe-sequence pullPolicy: IfNotPresent - tag: "1.0.6250386893" + tag: "1.0.6256054139" replicas: 1 resources: requests: @@ -411,7 +421,7 @@ kerberospipeline: throttler: repository: kerberos/pipe-throttler pullPolicy: IfNotPresent - tag: "1.0.6243448935" + tag: "1.0.6256059962" replicas: 1 resources: requests: @@ -420,7 +430,7 @@ kerberospipeline: notify: repository: kerberos/pipe-notify pullPolicy: IfNotPresent - tag: "1.0.6243450279" + tag: "1.0.6256093837" replicas: 1 resources: requests: @@ -437,7 +447,7 @@ kerberospipeline: notifyTest: repository: kerberos/pipe-notify-test pullPolicy: IfNotPresent - tag: "1.0.6243455322" + tag: "1.0.6256094666" replicas: 1 resources: requests: @@ -454,7 +464,7 @@ kerberospipeline: analysis: repository: kerberos/pipe-analysis pullPolicy: IfNotPresent - tag: "1.0.6243406549" + tag: "1.0.6256066045" replicas: 1 resources: requests: