rework ingress and showcase worker-group

rubenfiszel · rubenfiszel · commit cb4edf323459 · 2023-04-26T02:08:39.000+02:00
diff --git a/README.md b/README.md
diff --git a/charts/windmill/Chart.lock b/charts/windmill/Chart.lock
@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql
+  repository: https://charts.bitnami.com/bitnami
+  version: 12.3.1
+digest: sha256:9b58040ae97d52661fa3bc6d2fb1bbcbf22749ad1b9563c03dcb3bc74208e64f
+generated: "2023-04-25T19:22:32.107347129+02:00"
diff --git a/charts/windmill/Chart.yaml b/charts/windmill/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: windmill
 type: application
-version: 1.3.8
+version: 1.4.0
 appVersion: 1.89.0
 dependencies:
   - condition: postgresql.enabled
diff --git a/charts/windmill/README.md b/charts/windmill/README.md
diff --git a/charts/windmill/templates/app.yaml b/charts/windmill/templates/app.yaml
@@ -77,15 +77,34 @@ spec:
           value: "0"
         - name: "JSON_FMT"
           value: "true"
+        {{ if .Values.windmill.instanceEventsWebhook }}
+        - name: "INSTANCE_EVENTS_WEBHOOK"
+          value: "true"
+        {{ end }}
         {{ if .Values.enterprise.enabled }}
         - name: "LICENSE_KEY"
           value: "{{ .Values.enterprise.licenseKey }}"
         {{ end }}
+        - name: "CUSTOM_TAGS"
+          value: "{{- range $v := .Values.windmill.workerGroups }}{{ $v.name }},{{ end}}"
+        resources:
+  {{ toYaml .Values.windmill.frontend.resources | indent 12 }}
       volumes:
       - name: oauth-volume
         secret:
           secretName: {{ if .Values.windmill.oauthSecretName }}{{ .Values.windmill.oauthSecretName }}{{ else }} {{ .Release.Name }}-oauth-secret {{- end }}
-
+    {{- with .Values.windmill.frontend.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.windmill.frontend.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.windmill.frontend.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
       securityContext:
         runAsUser: 0
 ---
@@ -100,7 +119,7 @@ spec:
     targetPort: 8000
   selector:
     app.kubernetes.io/name: windmill-app
-  sessionAffinity: None
+  sessionAffinity: ClientIP
   type: ClusterIP
 ---
 apiVersion: v1
@@ -119,6 +138,37 @@ spec:
     app.kubernetes.io/name: windmill-app
   sessionAffinity: None
   type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: windmill-lsp-ingress
+  annotations:
+    # alb.ingress.kubernetes.io/scheme: internet-facing
+    # alb.ingress.kubernetes.io/tags: Environment=dev,Team=test
+    # alb.ingress.kubernetes.io/target-type: ip
+    # alb.ingress.kubernetes.io/group.name: windmill
+    # alb.ingress.kubernetes.io/target-group-attributes: stickiness.enabled=true,stickiness.type=app_cookie,stickiness.app_cookie.cookie_name=token,stickiness.app_cookie.duration_seconds=86400
+    # alb.ingress.kubernetes.io/load-balancer-attributes: idle_timeout.timeout_seconds=600
+    # {{ if .Values.windmill.sslIngress }}
+    # alb.ingress.kubernetes.io/certificate-arn: {{ .Values.certArn}}
+    # {{ end }}
+    # alb.ingress.kubernetes.io/success-codes: '200'
+    # alb.ingress.kubernetes.io/group.order: '1'
+spec:
+  ingressClassName: alb
+  rules:
+    - host:  {{ .Values.windmill.baseDomain }}
+      http:
+        paths:
+          - path: /ws/
+            pathType: Prefix
+            backend:
+              service:
+                name: windmill-lsp
+                port:
+                  number: 3001
+
 # ---
 # apiVersion: monitoring.coreos.com/v1
 # kind: ServiceMonitor
diff --git a/charts/windmill/templates/ingress.yaml b/charts/windmill/templates/ingress.yaml
@@ -0,0 +1,32 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: windmill
+{{- with .Values.ingress.lspAnnotations }}
+  annotations:
+{{ toYaml . | indent 8 }}       
+{{- end }}   
+spec:
+  {{ if  .Values.ingress.className }}
+  ingressClassName: "{{ .Values.ingress.className }}"
+  {{ end }}
+  rules:
+    - http:
+        paths:
+          - path: /ws/
+            pathType: Prefix
+            backend:
+              service:
+                name: windmill-lsp
+                port:
+                  number: 3001
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: windmill-app
+                port:
+                  number: 8000
diff --git a/charts/windmill/templates/lsp.yaml b/charts/windmill/templates/lsp.yaml
@@ -24,6 +24,10 @@ spec:
         app: windmill-lsp
         app.kubernetes.io/name: windmill-lsp
         container: windmill-lsp
+{{- with .Values.windmill.lsp.annotations }}
+      annotations:
+{{ toYaml . | indent 8 }}       
+{{- end }}   
     spec:
       containers:
       - name: windmill-lsp
@@ -47,24 +51,6 @@ spec:
     {{- end }}                
       securityContext:
         runAsUser: 0
-# ---
-# apiVersion: v1
-# kind: Service
-# metadata:
-#   name: lsp
-# spec:
-#   clusterIP: None
-#   ports:
-#   - port: 3001
-#     protocol: TCP
-#     targetPort: 3001
-#   selector:
-#     app: windmill
-#     container: lsp
-#   sessionAffinity: None
-#   type: ClusterIP
-# status:
-#   loadBalancer: {}
 ---
 apiVersion: v1
 kind: Service
diff --git a/charts/windmill/templates/workers.yaml b/charts/windmill/templates/workers.yaml
@@ -35,6 +35,9 @@ spec:
        #because nsjail requires privileged access
         securityContext:
           privileged: true
+        {{ else }}
+        securityContext:
+          runAsUser: 0
         {{end}}
         {{ if .Values.enterprise.enabled }}
         image: ghcr.io/windmill-labs/windmill-ee:{{ .Values.windmill.image }}
@@ -62,6 +65,22 @@ spec:
           value: "true"
         - name: "JSON_FMT"
           value: "true"
+        {{ if .Values.windmill.pipIndexUrl }}
+        - name: "PIP_INDEX_URL"
+          value: "{{ .Values.windmill.pipIndexUrl }}"
+        {{ end }}
+        {{ if .Values.windmill.pipExtraIndexUrl }}
+        - name: "PIP_EXTRA_INDEX_URL"
+          value: "{{ .Values.windmill.pipExtraIndexUrl }}"
+        {{ end }}
+        {{ if .Values.windmill.pipTrustedHost }}
+        - name: "PIP_TRUSTED_HOST"
+          value: "{{ .Values.windmill.pipTrustedHost }}"
+        {{ end }}
+        {{ if .Values.windmill.npmConfigRegistry }}
+        - name: "NPM_CONFIG_REGISTRY"
+          value: "{{ .Values.windmill.npmConfigRegistry }}"
+        {{ end }}
         {{ if .Values.enterprise.enabled }}
         - name: "S3_CACHE_BUCKET"
           value: "{{ .Values.enterprise.s3CacheBucket }}"
@@ -74,8 +93,20 @@ spec:
           value: "false"
         {{ end }}
         {{ end }}
-      securityContext:
-        runAsUser: 0
+        resources:
+{{ toYaml .Values.windmill.workers.resources | indent 12 }}
+    {{- with .Values.windmill.workers.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.windmill.workers.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.windmill.workers.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}     
 ---
 apiVersion: v1
 kind: Service
@@ -119,28 +150,121 @@ spec:
 #   - port: metrics
 #     interval: 30s
 #     path: /metrics
-# ---
-# apiVersion: v1
-# kind: Service
-# metadata:
-#   name: windmill
-# spec:
-#   externalTrafficPolicy: Cluster
-#   ports:
-#   - port: 80
-#     name: http
-#     protocol: TCP
-#     targetPort: 8000
-#     nodePort: 30080
-#   # - port: 443
-#   #   name: https
-#   #   protocol: TCP
-#   #   targetPort: 443
-#   #   nodePort: 30081
-#   selector:
-#     app: windmill
-#     container: caddy
-#   sessionAffinity: None
-#   type: NodePort
-# status:
-#   loadBalancer: {}
+
+{{- range $v := .Values.windmill.workerGroups }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: windmill-workers-{{ $v.name }}
+  labels:
+    app: windmill-workers
+    app.kubernetes.io/name: windmill-workers
+    chart: {{ template "windmill.chart" $ }}
+    release: {{ $.Release.Name }}
+    heritage: {{ $.Release.Service }}
+    workerGroup: {{ $v.name }}
+spec:
+  replicas: {{ $v.replicas }}
+  strategy: 
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 3
+      maxUnavailable: 0
+  selector:
+    matchLabels:
+      app: windmill-workers
+      workerGroup: {{ $v.name }}
+  template:
+    metadata:
+      labels:
+        app: windmill-workers
+        app.kubernetes.io/name: windmill-workers
+        release: {{ $.Release.Name }}
+        workerGroup: {{ $v.name }}
+{{- with $v.annotations }}
+      annotations:
+{{ toYaml . | indent 8 }}       
+{{- end }}   
+    spec:
+      containers:
+      - name: windmill-worker
+       {{ if  $.Values.enterprise.nsjail }}
+       #because nsjail requires privileged access
+        securityContext:
+          privileged: true
+        {{ else }}
+        securityContext:
+          runAsUser: 0
+        {{end}}
+        {{ if $.Values.enterprise.enabled }}
+        image: ghcr.io/windmill-labs/windmill-ee:{{ $.Values.windmill.image }}
+        {{ else }}
+        image: ghcr.io/windmill-labs/windmill:{{ $.Values.windmill.image }}
+        {{ end }}
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 8000
+        - containerPort: 8001
+        env:
+        - name : "METRICS_ADDR"
+          value: "true"
+        - name: "DATABASE_URL"
+          value: "{{ $.Values.windmill.databaseUrl }}"
+        - name: "BASE_URL"
+          value: "{{ $.Values.windmill.baseUrl }}"
+        - name: "BASE_INTERNAL_URL"
+          value: "http://windmill-app:8000"
+        - name: "RUST_LOG"
+          value: "{{ $.Values.windmill.rustLog }}"
+        - name: "NUM_WORKERS"
+          value: "{{ $.Values.windmill.numWorkers }}"
+        - name: "DISABLE_SERVER"
+          value: "true"
+        - name: "JSON_FMT"
+          value: "true"
+        {{ if $.Values.windmill.pipIndexUrl }}
+        - name: "PIP_INDEX_URL"
+          value: "{{ $.Values.windmill.pipIndexUrl }}"
+        {{ end }}
+        {{ if $.Values.windmill.pipExtraIndexUrl }}
+        - name: "PIP_EXTRA_INDEX_URL"
+          value: "{{ $.Values.windmill.pipExtraIndexUrl }}"
+        {{ end }}
+        {{ if $.Values.windmill.pipTrustedHost }}
+        - name: "PIP_TRUSTED_HOST"
+          value: "{{ $.Values.windmill.pipTrustedHost }}"
+        {{ end }}
+        {{ if $.Values.windmill.npmConfigRegistry }}
+        - name: "NPM_CONFIG_REGISTRY"
+          value: "{{ $.Values.windmill.npmConfigRegistry }}"
+        {{ end }}
+        {{ if $.Values.enterprise.enabled }}
+        - name: "S3_CACHE_BUCKET"
+          value: "{{ .Values.enterprise.s3CacheBucket }}"
+        - name: "LICENSE_KEY"
+          value: "{{ .Values.enterprise.licenseKey }}"
+        - name: "RCLONE_S3_PROVIDER"
+          value: "AWS"
+        {{ if $.Values.enterprise.nsjail }}
+        - name: "DISABLE_NSJAIL"
+          value: "false"
+        {{ end }}
+        {{ end }}
+        - name: "WORKER_TAGS"
+          value: "{{ $v.name }}"
+        resources:
+{{ toYaml $v.resources | indent 12 }}
+    {{- with $v.nodeSelector }}
+      nodeSelector:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with $v.affinity }}
+      affinity:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with $v.tolerations }}
+      tolerations:
+{{ toYaml . | indent 8 }}
+{{- end }}    
+{{- end }}
diff --git a/charts/windmill/values.yaml b/charts/windmill/values.yaml
