{{/*
--- DO NOT EDIT THIS FILE - all configuration of HPCC platform should be done via values.yaml ----
##############################################################################
HPCC SYSTEMS software Copyright (C) 2021 HPCC Systems®.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
##############################################################################
*/}}
{{/*
Thor configmap
Pass in dict with root and me
*/}}
{{- define "hpcc.thorConfigMap" -}}
{{- $eclAgentType := .me.eclAgentType | default "hthor" }}
{{- $hthorName := printf "%s-%s" .me.name $eclAgentType }}
{{- $eclAgentScope := dict "name" .eclAgentName "type" $eclAgentType "useChildProcesses" .eclAgentUseChildProcesses "replicas" .eclAgentReplicas "maxActive" .me.maxJobs | merge (pick .me "keepJobs") }}
{{- $thorAgentScope := dict "name" .thorAgentName "replicas" .thorAgentReplicas "maxActive" .me.maxGraphs | merge (pick .me "keepJobs") }}
{{- $eclAgentResources := .me.eclAgentResources | default dict -}}
{{- $hthorScope := dict "name" $hthorName "jobMemorySectionName" "eclAgentMemory" | merge (pick .me "multiJobLinger") | merge (dict "resources" (deepCopy $eclAgentResources)) }}
{{- $thorScope := omit .me "eclagent" "thoragent" "hthor" "logging" "env" "eclAgentResources" "eclAgentUseChildProcesses" "eclAgentReplicas" "thorAgentReplicas" "eclAgentType" }}
{{- $misc := .root.Values.global.misc | default dict }}
{{- $postJobCommand := $misc.postJobCommand | default "" }}
{{- $eclAgentJobName := printf "%s-_HPCC_JOBNAME_" $eclAgentType }}
{{- $thorManagerJobName := printf "thormanager-_HPCC_JOBNAME_" }}
{{- $thorWorkerJobName := printf "thorworker-_HPCC_JOBNAME_" }}
{{- $thorNetworkPolicyName := printf "thormanager-networkpolicy-_HPCC_JOBNAME_" }}
{{- $numWorkersPerPod := .me.numWorkersPerPod | default 1 }}
{{- $configCtx := . -}}
apiVersion: v1
metadata:
name: {{ $thorScope.name }}-configmap
data:
{{ $thorScope.name }}.yaml:
version: 1.0
thor:
{{ toYaml $thorScope | indent 6 }}
{{- include "hpcc.generateLoggingConfig" (dict "root" .root "me" $thorScope) | indent 6 }}
{{ include "hpcc.generateVaultConfig" . | indent 6 }}
{{ $eclAgentType }}: # hthor or roxie
{{ toYaml $hthorScope | indent 6 }}
platform:
type: "thor"
width: {{ mul ($thorScope.numWorkers | default 1) ( $thorScope.channelsPerWorker | default 1) }}
{{- include "hpcc.generateLoggingConfig" (dict "root" .root "me" $hthorScope ) | indent 6 }}
{{ include "hpcc.generateVaultConfig" . | indent 6 }}
eclagent: # main agent Q handler
{{ toYaml $eclAgentScope | indent 6 }}
{{- include "hpcc.generateLoggingConfig" (dict "root" .root "me" $eclAgentScope) | indent 6 }}
thoragent: # Thor graph handler
{{ toYaml $thorAgentScope | indent 6 }}
{{- include "hpcc.generateLoggingConfig" (dict "root" .root "me" $thorAgentScope) | indent 6 }}
type: thor
global:
{{ include "hpcc.generateGlobalConfigMap" .root| indent 6 }}
{{- if not .eclAgentUseChildProcesses }}
{{ $eclAgentType }}-jobspec.yaml:
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $eclAgentJobName }}
spec:
ttlSecondsAfterFinished: 100
template:
metadata:
labels:
accessDali: "yes"
accessEsp: "yes"
helmVersion: 8.6.19-closedown0
{{- if hasKey .me "labels" }}
{{ toYaml .me.labels | indent 12 }}
{{- end }}
{{- if hasKey .me "annotations" }}
annotations:
{{ toYaml .me.annotations | indent 12 }}
{{- end }}
spec:
{{- include "hpcc.placementsByJobTargetType" (dict "root" .root "job" $eclAgentJobName "target" .me.name "type" "thor") | indent 10 }}
serviceAccountName: "hpcc-agent"
initContainers:
{{- include "hpcc.changePlaneMountPerms" . | indent 10 }}
{{- include "hpcc.addImagePullSecrets" . | nindent 10 -}}
{{- if $misc.postJobCommandViaSidecar }}
shareProcessNamespace: true
{{- end }}
containers:
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunContainer" (. | merge (dict "command" $misc.postJobCommand)) | indent 10 }}
{{- end }}
- name: {{ $eclAgentJobName }}
{{- include "hpcc.addSecurityContext" . | indent 12 }}
{{ include "hpcc.addImageAttrs" . | indent 12 }}
{{- include "hpcc.addResources" (dict "me" .eclAgentResources) | indent 12 }}
{{- $agentCmd := printf "%s %s %s _HPCC_ARGS_" $eclAgentType (include "hpcc.configArg" .me) (include "hpcc.daliArg" .root) }}
{{ include "hpcc.addCommandAndLifecycle" (. | merge (dict "command" $agentCmd)) | indent 12 }}
{{- if .env }}
env:
{{ include "hpcc.mergeEnvironments" .env | indent 12 }}
{{- end }}
workingDir: /var/lib/HPCCSystems
volumeMounts:
{{ include "hpcc.addConfigMapVolumeMount" .me | indent 12 }}
{{ include "hpcc.addVolumeMounts" . | indent 12 }}
{{ include "hpcc.addSecretVolumeMounts" . | indent 12 }}
{{ include "hpcc.addCertificateVolumeMount" (dict "root" .root "name" .me.name "component" "eclagent") | indent 12 }}
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunVolumeMount" . | indent 12 }}
{{- end }}
volumes:
{{ include "hpcc.addConfigMapVolume" .me | indent 10 }}
{{ include "hpcc.addVolumes" . | indent 10 }}
{{ include "hpcc.addSecretVolumes" . | indent 10 }}
{{ include "hpcc.addCertificateVolume" (dict "root" .root "name" .me.name "component" "eclagent") | indent 10 }}
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunVolume" . | indent 10 }}
{{- end }}
restartPolicy: Never
backoffLimit: 0
{{- end }}
thormanager-jobspec.yaml:
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $thorManagerJobName }}
spec:
ttlSecondsAfterFinished: 100
template:
metadata:
labels:
app: thor
accessDali: "yes"
accessEsp: "yes"
job: "_HPCC_JOBNAME_"
helmVersion: 8.6.19-closedown0
{{- if hasKey $thorScope "labels" }}
{{ toYaml $thorScope.labels | indent 12 }}
{{- end }}
{{- if hasKey $thorScope "annotations" }}
annotations:
{{ toYaml $thorScope.annotations | indent 12 }}
{{- end }}
spec:
{{- include "hpcc.placementsByJobTargetType" (dict "root" .root "job" $thorManagerJobName "target" .me.name "type" "thor") | indent 10 }}
serviceAccountName: hpcc-agent
initContainers:
{{- include "hpcc.changePlaneMountPerms" . | indent 10 }}
{{- include "hpcc.addImagePullSecrets" . | nindent 10 -}}
{{- if $misc.postJobCommandViaSidecar }}
shareProcessNamespace: true
{{- end }}
containers:
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunContainer" (. | merge (dict "command" $misc.postJobCommand)) | indent 10 }}
{{- end }}
- name: {{ $thorManagerJobName }}
{{- include "hpcc.addSecurityContext" . | indent 12 }}
{{ include "hpcc.addImageAttrs" . | indent 12 }}
{{- include "hpcc.addResources" (dict "me" $thorScope.managerResources) | indent 12 }}
{{- $thorManagerCmd := printf "thormaster_lcr %s %s _HPCC_ARGS_" (include "hpcc.configArg" .me) (include "hpcc.daliArg" .root) }}
{{ include "hpcc.addCommandAndLifecycle" (. | merge (dict "command" $thorManagerCmd)) | indent 12 }}
{{- if .env }}
env:
{{ include "hpcc.mergeEnvironments" .env | indent 12 }}
{{- end }}
workingDir: /var/lib/HPCCSystems
volumeMounts:
{{ include "hpcc.addConfigMapVolumeMount" .me | indent 12 }}
{{ include "hpcc.addVolumeMounts" . | indent 12 }}
{{ include "hpcc.addSecretVolumeMounts" . | indent 12 }}
{{ include "hpcc.addCertificateVolumeMount" (dict "root" .root "name" .me.name "component" "thormanager") | indent 12 }}
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunVolumeMount" . | indent 12 }}
{{- end }}
volumes:
{{ include "hpcc.addConfigMapVolume" .me | indent 10 }}
{{ include "hpcc.addVolumes" . | indent 10 }}
{{ include "hpcc.addSecretVolumes" . | indent 10 }}
{{ include "hpcc.addCertificateVolume" (dict "root" .root "name" .me.name "component" "thormanager") | indent 10 }}
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunVolume" . | indent 10 }}
{{- end }}
restartPolicy: Never
backoffLimit: 0
thorworker-jobspec.yaml:
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $thorWorkerJobName }}
spec:
parallelism: _HPCC_NUM_WORKERS_
ttlSecondsAfterFinished: 100
template:
metadata:
labels:
app: thor
accessEsp: "true"
job: "_HPCC_JOBNAME_"
helmVersion: 8.6.19-closedown0
{{- if hasKey $thorScope "labels" }}
{{ toYaml $thorScope.labels | indent 12 }}
{{- end }}
{{- if hasKey $thorScope "annotations" }}
annotations:
{{ toYaml $thorScope.annotations | indent 12 }}
{{- end }}
spec:
{{- include "hpcc.placementsByJobTargetType" (dict "root" .root "job" $thorWorkerJobName "target" .me.name "type" "thor") | indent 10 }}
serviceAccountName: hpcc-default
initContainers:
{{- include "hpcc.changePlaneMountPerms" . | indent 10 }}
{{- include "hpcc.addImagePullSecrets" . | nindent 10 -}}
{{- if $misc.postJobCommandViaSidecar }}
shareProcessNamespace: true
{{- end }}
containers:
{{- range $containerNum := untilStep 1 (int (add1 $numWorkersPerPod)) 1 }}
{{- $slavePort := add 20100 (mul 100 (sub $containerNum 1)) -}}
{{- if and ($misc.postJobCommandViaSidecar) (eq $containerNum 1) }}
{{ include "hpcc.addWaitAndRunContainer" ($configCtx | merge (dict "command" $misc.postJobCommand)) | indent 10 }}
{{- end }}
- name: {{ $thorWorkerJobName }}-{{ $containerNum }}
{{- include "hpcc.addSecurityContext" $configCtx | indent 12 }}
{{ include "hpcc.addImageAttrs" $configCtx | indent 12 }}
{{- include "hpcc.addResources" (dict "me" $thorScope.workerResources) | indent 12 }}
{{- $thorWorkerCmd := printf "thorslave_lcr %s %s _HPCC_ARGS_ --slaveport=%d" (include "hpcc.configArg" $configCtx.me) (include "hpcc.daliArg" $configCtx.root) $slavePort }}
{{ include "hpcc.addCommandAndLifecycle" ($configCtx | merge (dict "command" $thorWorkerCmd)) | indent 12 }}
{{- if $configCtx.me.env }}
env:
{{ include "hpcc.mergeEnvironments" $configCtx.me.env | indent 12 }}
{{- end }}
workingDir: /var/lib/HPCCSystems
volumeMounts:
{{ include "hpcc.addConfigMapVolumeMount" $configCtx.me | indent 12 }}
{{ include "hpcc.addVolumeMounts" $configCtx | indent 12 }}
{{ include "hpcc.addSecretVolumeMounts" $configCtx | indent 12 }}
{{ include "hpcc.addCertificateVolumeMount" (dict "root" $configCtx.root "name" $configCtx.me.name "component" "thorworker") | indent 12 }}
{{- if and ($misc.postJobCommandViaSidecar) (eq $containerNum 1) }}
{{ include "hpcc.addWaitAndRunVolumeMount" $configCtx | indent 12 }}
{{- end }}
{{- end }}{{/* range */}}
volumes:
{{ include "hpcc.addConfigMapVolume" .me | indent 10 }}
{{ include "hpcc.addVolumes" . | indent 10 }}
{{ include "hpcc.addSecretVolumes" . | indent 10 }}
{{ include "hpcc.addCertificateVolume" (dict "root" .root "name" .me.name "component" "thorworker") | indent 10 }}
{{- if $misc.postJobCommandViaSidecar }}
{{ include "hpcc.addWaitAndRunVolume" . | indent 10 }}
{{- end }}
restartPolicy: Never
backoffLimit: 0
thormanager-networkspec.yaml:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $thorNetworkPolicyName }}
spec:
podSelector:
matchLabels:
app: thor
job: "_HPCC_JOBNAME_"
ingress:
- from:
- podSelector:
matchLabels:
app: thor
job: "_HPCC_JOBNAME_"
egress:
- to:
- podSelector:
matchLabels:
app: thor
job: "_HPCC_JOBNAME_"
{{- end -}}
{{- $local := dict "first" true }}
{{ range $.Values.thor -}}
{{- if not .disabled -}}
{{- $env := concat ($.Values.global.env | default list) (.env | default list) -}}
{{- $secretsCategories := list "system" "ecl-user" "ecl" "storage" }}
{{- $commonCtx := dict "root" $ "me" . "includeCategories" (list "lz" "data" "remote" "spill" "dll" "debug") "secretsCategories" $secretsCategories "env" $env -}}
{{- $_ := set $commonCtx "eclAgentName" (printf "%s-eclagent" .name) -}}
{{- $_ := set $commonCtx "thorAgentName" (printf "%s-thoragent" .name) -}}
{{- $_ := set $commonCtx "eclAgentUseChildProcesses" (hasKey . "eclAgentUseChildProcesses" | ternary .eclAgentUseChildProcesses true) }}
{{- $_ := set $commonCtx "eclAgentReplicas" (.eclAgentReplicas | default 1) }}
{{- $_ := set $commonCtx "thorAgentReplicas" (.thorAgentReplicas | default 1) }}
{{- $configSHA := include "hpcc.getConfigSHA" ($commonCtx | merge (dict "configMapHelper" "hpcc.thorConfigMap" "component" "thor" "excludeKeys" "global")) }}
{{- include "hpcc.checkDefaultStoragePlane" $commonCtx }}
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $commonCtx.eclAgentName | quote }}
spec:
replicas: {{ $commonCtx.eclAgentReplicas }}
selector:
matchLabels:
run: {{ $commonCtx.eclAgentName | quote }}
template:
metadata:
labels:
run: {{ $commonCtx.eclAgentName | quote }}
accessDali: "yes"
accessEsp: {{ $commonCtx.eclAgentUseChildProcesses | ternary "yes" "no" | quote }}
helmVersion: 8.6.19-closedown0
{{- if hasKey $commonCtx.me "labels" }}
{{ toYaml $commonCtx.me.labels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ $configSHA }}
{{- if hasKey $commonCtx.me "annotations" }}
{{ toYaml $commonCtx.me.annotations | indent 8 }}
{{- end }}
spec:
{{- include "hpcc.placementsByPodTargetType" (dict "root" $ "pod" $commonCtx.eclAgentName "target" .name "type" "thor") | indent 6 }}
{{- include "hpcc.addImagePullSecrets" $commonCtx | nindent 6 -}}
serviceAccountName: {{ $commonCtx.eclAgentUseChildProcesses | ternary "hpcc-default" "hpcc-agent" }}
containers:
- name: {{ $commonCtx.eclAgentName | quote }}
workingDir: /var/lib/HPCCSystems
command: [ {{ include "hpcc.componentCommand" (dict "me" . "root" $ "process" "agentexec") }} ]
args: [ {{- include "hpcc.componentStartArgs" (dict "me" . "root" $ "process" "agentexec") | nindent 16 }}
{{ include "hpcc.configArg" . }},
{{ include "hpcc.daliArg" $ }},
{{ printf "\"--name=%s\"" .name }}
]
env:
{{ include "hpcc.mergeEnvironments" $env | indent 8 -}}
- name: "SENTINEL"
value: "/tmp/{{ $commonCtx.eclAgentName }}.sentinel"
{{- include "hpcc.addSecurityContext" $commonCtx | indent 8 }}
{{- if $commonCtx.eclAgentUseChildProcesses }}
{{- include "hpcc.addResources" (dict "me" .eclAgentResources) | indent 8 }}
{{- else if not $.Values.global.privileged }}
{{- include "hpcc.addStubResources" ($commonCtx | merge (dict "instances" .maxJobs)) | indent 8 }}
{{- end }}
{{ include "hpcc.addImageAttrs" $commonCtx | indent 8 }}
volumeMounts:
{{ include "hpcc.addConfigMapVolumeMount" . | indent 8 }}
{{ include "hpcc.addVolumeMounts" $commonCtx | indent 8 }}
{{ include "hpcc.addSecretVolumeMounts" $commonCtx | indent 8 }}
{{ include "hpcc.addCertificateVolumeMount" (dict "root" $ "name" $commonCtx.eclAgentName "component" "eclagent") | indent 8 }}
volumes:
{{ include "hpcc.addConfigMapVolume" . | indent 6 }}
{{ include "hpcc.addVolumes" $commonCtx | indent 6 }}
{{ include "hpcc.addSecretVolumes" $commonCtx | indent 6 }}
{{ include "hpcc.addCertificateVolume" (dict "root" $ "name" $commonCtx.eclAgentName "component" "eclagent") | indent 6 }}
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ $commonCtx.thorAgentName | quote }}
spec:
replicas: {{ $commonCtx.thorAgentReplicas }}
selector:
matchLabels:
run: {{ $commonCtx.thorAgentName | quote }}
template:
metadata:
labels:
run: {{ $commonCtx.thorAgentName | quote }}
accessDali: "yes"
accessEsp: "no"
helmVersion: 8.6.19-closedown0
{{- if hasKey $commonCtx.me "labels" }}
{{ toYaml $commonCtx.me.labels | indent 8 }}
{{- end }}
annotations:
checksum/config: {{ $configSHA }}
{{- if hasKey $commonCtx.me "annotations" }}
{{ toYaml $commonCtx.me.annotations | indent 8 }}
{{- end }}
spec:
{{- include "hpcc.placementsByPodTargetType" (dict "root" $ "pod" $commonCtx.thorAgentName "target" .name "type" "thor") | indent 6 }}
{{- include "hpcc.addImagePullSecrets" $commonCtx | nindent 6 -}}
serviceAccountName: "hpcc-thoragent"
containers:
- name: {{ $commonCtx.thorAgentName | quote }}
workingDir: /var/lib/HPCCSystems
command: [ {{ include "hpcc.componentCommand" (dict "me" . "root" $ "process" "agentexec") }} ]
args: [ {{- include "hpcc.componentStartArgs" (dict "me" . "root" $ "process" "agentexec") | nindent 16 }}
{{ include "hpcc.configArg" . }},
{{ "\"--componentTag=thoragent\"" }},
{{ include "hpcc.daliArg" $ }},
{{ printf "\"--name=%s\"" .name }}
]
env:
{{ include "hpcc.mergeEnvironments" $env | indent 8 -}}
- name: "SENTINEL"
value: "/tmp/{{ $commonCtx.thorAgentName }}.sentinel"
{{- include "hpcc.addSecurityContext" $commonCtx | indent 8 }}
{{- if not $.Values.global.privileged }}
{{- include "hpcc.addStubResources" ($commonCtx | merge (dict "instances" .maxGraphs)) | indent 8 }}
{{- end }}
{{ include "hpcc.addImageAttrs" $commonCtx | indent 8 }}
volumeMounts:
{{ include "hpcc.addConfigMapVolumeMount" . | indent 8 }}
{{ include "hpcc.addVolumeMounts" $commonCtx | indent 8 }}
{{ include "hpcc.addSecretVolumeMounts" $commonCtx | indent 8 }}
{{ include "hpcc.addCertificateVolumeMount" (dict "root" $ "name" $commonCtx.thorAgentName "component" "thoragent") | indent 8 }}
volumes:
{{ include "hpcc.addConfigMapVolume" . | indent 6 }}
{{ include "hpcc.addVolumes" $commonCtx | indent 6 }}
{{ include "hpcc.addSecretVolumes" $commonCtx | indent 6 }}
{{ include "hpcc.addCertificateVolume" (dict "root" $ "name" $commonCtx.thorAgentName "component" "thoragent") | indent 6 }}
---
kind: ConfigMap
{{ include "hpcc.generateConfig" ($commonCtx | merge (dict "configMapHelper" "hpcc.thorConfigMap")) }}
---
{{ include "hpcc.addCertificate" (dict "root" $ "name" $commonCtx.eclAgentName "component" "eclagent") }}
{{ include "hpcc.addCertificate" (dict "root" $ "name" $commonCtx.thorAgentName "component" "thoragent") }}
{{- if $local.first }}
{{- $_ := set $local "first" false }}
## thorworker and thormanager pods have unique names by workunit not by cluster. So we have to use a global certificate.
## create these only once
{{ include "hpcc.addCertificate" (dict "root" $ "name" .name "component" "thormanager") }}
{{ include "hpcc.addCertificate" (dict "root" $ "name" .name "component" "thorworker") }}
{{- end }}
{{- if $commonCtx.eclAgentUseChildProcesses }}
{{ include "hpcc.addCertificate" (dict "root" $ "name" .name "component" "eclagent") }}
{{- end }}
{{- end }}
{{- end }}