[perforator][helm] add postgresql, clickhouse, minio subcharts for te…

…sting purposes commit_hash:15886a55d3addfa44330664a987fe8fdffcb25e2
yandex · Feb 13, 2025 · 78ff60b · 78ff60b
1 parent e10f562
commit 78ff60b
Show file tree

Hide file tree

Showing 17 changed files with 246 additions and 18 deletions.
diff --git a/perforator/deploy/kubernetes/helm/perforator/Chart.yaml b/perforator/deploy/kubernetes/helm/perforator/Chart.yaml
@@ -1,6 +1,11 @@
 apiVersion: v2
 name: perforator
 description: Perforator cluster-wide continuous profiling system (https://github.com/yandex/perforator)
+dependencies:
+- condition: testing.enableTestingDatabases
+  name: perforator-dev
+  alias: testing
+  version: 0.x.x
 
 type: application
 

diff --git a/perforator/deploy/kubernetes/helm/perforator/charts/perforator-dev/Chart.lock b/perforator/deploy/kubernetes/helm/perforator/charts/perforator-dev/Chart.lock
@@ -0,0 +1,12 @@
+dependencies:
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 16.4.7
+- name: clickhouse
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 7.2.0
+- name: minio
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 14.10.5
+digest: sha256:7f4cb23868850b1ac5bcb979ea2123ba333848fbfb4e735f278d0f062ce4857f
+generated: "2025-02-12T15:01:08.120694544+03:00"
diff --git a/perforator/deploy/kubernetes/helm/perforator/charts/perforator-dev/Chart.yaml b/perforator/deploy/kubernetes/helm/perforator/charts/perforator-dev/Chart.yaml
@@ -0,0 +1,37 @@
+apiVersion: v2
+name: perforator-dev
+description: Use this chart to deploy postgresql, clickhouse, minio for testing purposes
+dependencies:
+- condition: postgresql.enabled
+  name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 16.x.x
+- condition: clickhouse.enabled
+  name: clickhouse
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 7.x.x
+- condition: minio.enabled
+  name: minio
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 14.x.x
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.0.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "0.0.0"
diff --git a/perforator/deploy/kubernetes/helm/perforator/charts/perforator-dev/values.yaml b/perforator/deploy/kubernetes/helm/perforator/charts/perforator-dev/values.yaml
@@ -0,0 +1,103 @@
+
+# Database subcharts parameters.
+# To test perforator you can enable postgresql, clickhouse, minio subcharts.
+
+postgresql:
+  # Enable the PostgreSQL helm subchart.
+  enabled: true
+  commonAnnotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-20"
+  auth:
+    # Assign a password to the "postgres" admin user.
+    enablePostgresUser: true
+    # Name for a custom user to create.
+    username: perforator
+    # Password for the custom user to create.
+    password: perforator
+    # Name for a custom database to create.
+    database: perforator
+    # Name of existing secret to use for PostgreSQL credentials.
+    existingSecret: ""
+
+  tls:
+    # Enable TLS traffic support.
+    enabled: true
+    # Generate automatically self-signed TLS certificates.
+    autoGenerated: true
+
+  # PostgreSQL architecture (`standalone` or `replication`).
+  architecture: standalone
+  primary:
+    # Set PostgreSQL container requests and limits for resources.
+    resources: {}
+
+clickhouse:
+  # Enable the PostgreSQL helm subchart.
+  enabled: true
+  commonAnnotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-20"  
+  auth:
+    # ClickHouse Admin username.
+    username: "perforator"
+    # ClickHouse Admin password.
+    password: "perforator"
+
+  # Dictionary of initdb scripts.
+  initdbScripts:
+    create_perforator_db.sh: |
+      #!/bin/bash
+      set -e
+      clickhouse-client \
+        --user="${CLICKHOUSE_ADMIN_USER}" \
+        --password="${CLICKHOUSE_ADMIN_PASSWORD}" \
+        --query="CREATE DATABASE IF NOT EXISTS perforator"
+  
+  tls:
+    # Enable TLS traffic support.
+    enabled: true
+    # Generate automatically self-signed TLS certificates.
+    autoGenerated: true
+
+  zookeeper:
+    # Deploy Zookeeper subchart.
+    enabled: false
+
+  keeper:
+    # Deploy ClickHouse keeper.
+    enabled: true
+
+  # Set ClickHouse container requests and limits for resources.
+  resources: {}
+
+minio:
+  # Enable the MinIO helm subchart.
+  enabled: true
+  commonAnnotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-20"
+  auth:
+    # Root username.
+    rootUser: perforator
+    # Password for root user.
+    rootPassword: perforator
+    # Name of an existing secret containing credentials.
+    existingSecret: ""
+  # Buckets to create,
+  defaultBuckets: "perforator-profile, perforator-binary, perforator-task-results, perforator-binary-gsym"
+
+  provisioning:
+    # Enable minio provisioning job.
+    enabled: true
+    # Allow downloads in order for the UI to work.
+    extraCommands:
+      - "mc anonymous set download provisioning/perforator-task-results"
+
+  tls:
+    # Enable minio TLS support.
+    enabled: true
+    # Generate automatically self-signed TLS certificates.
+    autoGenerated: true
+    # Set minio container requests and limits for resources.
+    resources: {}
diff --git a/perforator/deploy/kubernetes/helm/perforator/config/gc.yaml b/perforator/deploy/kubernetes/helm/perforator/config/gc.yaml
@@ -4,11 +4,11 @@ databases:
       user: {{ .Values.databases.postgresql.user }}
       password_env: "POSTGRES_PASSWORD"
     db: {{ .Values.databases.postgresql.db }}
-    endpoints: {{ toYaml .Values.databases.postgresql.endpoints | nindent 8 }}
+    endpoints: {{ include "perforator.postgresql.endpoints" . | nindent 8 }}
     sslmode: {{ .Values.databases.postgresql.sslmode }}
     sslrootcert: {{ .Values.databases.postgresql.sslrootcert }}
   s3:
-    endpoint: {{ .Values.databases.s3.endpoint }}
+    endpoint: {{ include "perforator.s3.endpoint" . }}
     secret_key_path: "/etc/perforator/s3/secret_key.txt"
     access_key_path: "/etc/perforator/s3/access_key.txt"
     insecure: {{ .Values.databases.s3.insecure }}

diff --git a/perforator/deploy/kubernetes/helm/perforator/config/offlineprocessing.yaml b/perforator/deploy/kubernetes/helm/perforator/config/offlineprocessing.yaml
@@ -5,11 +5,11 @@ storage:
         user: {{ .Values.databases.postgresql.user }}
         password_env: "POSTGRES_PASSWORD"
       db: {{ .Values.databases.postgresql.db }}
-      endpoints: {{ toYaml .Values.databases.postgresql.endpoints | nindent 8 }}
+      endpoints: {{ include "perforator.postgresql.endpoints" . | nindent 8 }}
       sslmode: {{ .Values.databases.postgresql.sslmode }}
       sslrootcert: {{ .Values.databases.postgresql.sslrootcert }}
     s3:
-      endpoint: {{ .Values.databases.s3.endpoint }}
+      endpoint: {{ include "perforator.s3.endpoint" . }}
       secret_key_path: "/etc/perforator/s3/secret_key.txt"
       access_key_path: "/etc/perforator/s3/access_key.txt"
       insecure: {{ .Values.databases.s3.insecure }}

diff --git a/perforator/deploy/kubernetes/helm/perforator/config/proxy.yaml b/perforator/deploy/kubernetes/helm/perforator/config/proxy.yaml
@@ -3,7 +3,7 @@ server:
 storage:
   databases:
     clickhouse:
-      replicas: {{ toYaml .Values.databases.clickhouse.replicas | nindent 8 }}
+      replicas: {{ include "perforator.clickhouse.endpoints" . | nindent 8 }}
       db: {{ .Values.databases.clickhouse.db }}
       user: {{ .Values.databases.clickhouse.user }}
       password_env: "CLICKHOUSE_PASSWORD"
@@ -14,11 +14,11 @@ storage:
         user: {{ .Values.databases.postgresql.user }}
         password_env: "POSTGRES_PASSWORD"
       db: {{ .Values.databases.postgresql.db }}
-      endpoints: {{ toYaml .Values.databases.postgresql.endpoints | nindent 8 }}
+      endpoints: {{ include "perforator.postgresql.endpoints" . | nindent 8 }}
       sslmode: {{ .Values.databases.postgresql.sslmode }}
       sslrootcert: {{ .Values.databases.postgresql.sslrootcert }}
     s3:
-      endpoint: {{ .Values.databases.s3.endpoint }}
+      endpoint: {{ include "perforator.s3.endpoint" . }}
       secret_key_path: "/etc/perforator/s3/secret_key.txt"
       access_key_path: "/etc/perforator/s3/access_key.txt"
       insecure: {{ .Values.databases.s3.insecure }}

diff --git a/perforator/deploy/kubernetes/helm/perforator/config/storage.yaml b/perforator/deploy/kubernetes/helm/perforator/config/storage.yaml
@@ -3,7 +3,7 @@ metrics_port: {{ .Values.storage.containerPorts.metrics }}
 storage:
   databases:
     clickhouse:
-      replicas: {{ toYaml .Values.databases.clickhouse.replicas | nindent 8 }}
+      replicas: {{ include "perforator.clickhouse.endpoints" . | nindent 8 }}
       db: {{ .Values.databases.clickhouse.db }}
       user: {{ .Values.databases.clickhouse.user }}
       password_env: "CLICKHOUSE_PASSWORD"
@@ -14,11 +14,11 @@ storage:
         user: {{ .Values.databases.postgresql.user }}
         password_env: "POSTGRES_PASSWORD"
       db: {{ .Values.databases.postgresql.db }}
-      endpoints: {{ toYaml .Values.databases.postgresql.endpoints | nindent 8 }}
+      endpoints: {{ include "perforator.postgresql.endpoints" . | nindent 8 }}
       sslmode: {{ .Values.databases.postgresql.sslmode }}
       sslrootcert: {{ .Values.databases.postgresql.sslrootcert }}
     s3:
-      endpoint: {{ .Values.databases.s3.endpoint }}
+      endpoint: {{ include "perforator.s3.endpoint" . }}
       secret_key_path: "/etc/perforator/s3/secret_key.txt"
       access_key_path: "/etc/perforator/s3/access_key.txt"
       insecure: {{ .Values.databases.s3.insecure }}

diff --git a/perforator/deploy/kubernetes/helm/perforator/config/web.yaml b/perforator/deploy/kubernetes/helm/perforator/config/web.yaml
@@ -3,7 +3,7 @@ ports:
   grpc_port: {{ .Values.web.containerPorts.grpc }} 
   metrics_port: {{ .Values.web.containerPorts.metrics }} 
 s3:
-  endpoint: {{ .Values.databases.s3.endpoint }}
+  endpoint: {{ include "perforator.s3.endpoint" . }}
   secret_key_path: "/etc/perforator/s3/secret_key.txt"
   access_key_path: "/etc/perforator/s3/access_key.txt"
   insecure: {{ .Values.databases.s3.insecure }}

diff --git a/perforator/deploy/kubernetes/helm/perforator/templates/_helpers.tpl b/perforator/deploy/kubernetes/helm/perforator/templates/_helpers.tpl
@@ -121,6 +121,48 @@ Create the name of the service account to use
 //////////////////////////////////////////////////////////////////////////////////////////// 
 */}}
 
+{{/*
+Return effective PostgreSQL endpoints.
+*/}}
+{{- define "perforator.postgresql.endpoints" -}}
+{{- if .Values.testing.enableTestingDatabases -}}
+- host: {{ printf "%s-postgresql" .Release.Name | quote }}
+  port: {{ print 5432 }}
+{{- else -}}
+{{ toYaml .Values.databases.postgresql.endpoints }}
+{{- end -}}
+{{- end }}
+
+{{/*
+Return effective ClickHouse endpoints.
+*/}}
+{{- define "perforator.clickhouse.endpoints" -}}
+{{- if .Values.testing.enableTestingDatabases -}}
+{{- $host := printf "%s-clickhouse" .Release.Name -}}
+{{- $port := "9440" -}}
+- {{ printf "%s:%s" $host $port | quote }}
+{{- else -}}
+{{ toYaml .Values.databases.clickhouse.replicas }}
+{{- end -}}
+{{- end }}
+
+{{/*
+Return effective S3 endpoint.
+*/}}
+{{- define "perforator.s3.endpoint" -}}
+{{- if .Values.testing.enableTestingDatabases -}}
+{{- $host := printf "%s-minio" .Release.Name -}}
+{{- $port := "9000" -}}
+{{ printf "%s:%s" $host $port | quote }}
+{{- else -}}
+{{ .Values.databases.s3.endpoint | quote }}
+{{- end -}}
+{{- end }}
+
+{{/*
+//////////////////////////////////////////////////////////////////////////////////////////// 
+*/}}
+
 {{/*
 Create secretKeyRef for one of databases
 */}}

diff --git a/...rator/deploy/kubernetes/helm/perforator/templates/db-credentials/clickhouse-password.yaml b/...rator/deploy/kubernetes/helm/perforator/templates/db-credentials/clickhouse-password.yaml
@@ -6,4 +6,6 @@ kind: Secret
 metadata:
   name: {{ include "perforator.fullname" . }}-clickhouse-password
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
 {{- end -}}
diff --git a/...rator/deploy/kubernetes/helm/perforator/templates/db-credentials/postgresql-password.yaml b/...rator/deploy/kubernetes/helm/perforator/templates/db-credentials/postgresql-password.yaml
@@ -6,4 +6,7 @@ kind: Secret
 metadata:
   name: {{ include "perforator.fullname" . }}-postgresql-password
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-10"
 {{- end -}}
diff --git a/perforator/deploy/kubernetes/helm/perforator/templates/db-credentials/s3-keys.yaml b/perforator/deploy/kubernetes/helm/perforator/templates/db-credentials/s3-keys.yaml
@@ -7,4 +7,7 @@ kind: Secret
 metadata:
   name: {{ include "perforator.fullname" . }}-storage-s3-keys
   namespace: {{ .Release.Namespace }}
+  annotations:
+    helm.sh/hook: pre-install,pre-upgrade
+    helm.sh/hook-weight: "-10"
 {{- end -}}
diff --git a/perforator/deploy/kubernetes/helm/perforator/templates/migrate/job-ch.yaml b/perforator/deploy/kubernetes/helm/perforator/templates/migrate/job-ch.yaml
@@ -1,14 +1,17 @@
 {{- if .Values.databases.clickhouse.migrations.enabled }}
 
 {{- $chhosts := "" }}
-{{- range .Values.databases.clickhouse.replicas }}
+{{- $port := "" }}
+{{- $endpoints := include "perforator.clickhouse.endpoints" . | fromYamlArray }}
+{{- range $endpoints }}
   {{- $hostparts := splitn ":" 2 . }}
   {{- $chhosts = printf "%s%s," $chhosts $hostparts._0 }}
+  {{- $port = $hostparts._1 }}
 {{- end }}
 {{ $chhosts = $chhosts | trimSuffix "," }}
 {{- $insecure := "" }}
 {{- if .Values.databases.clickhouse.insecure }}
-  {{- $insecure = " --insecure" }}
+  {{- $insecure = " --tls-trust-all" }}
 {{- end }}
 
 apiVersion: batch/v1
@@ -37,7 +40,7 @@ spec:
         - -c
         - |
           set -eu
-          /perforator/migrate clickhouse up --db {{ .Values.databases.clickhouse.db }} --hosts {{ $chhosts }} --user {{ .Values.databases.clickhouse.user }} --pass ${PASSWORD} {{ $insecure }} {{ .Values.databases.clickhouse.migrations.extraArgs }}
+          /perforator/migrate clickhouse up --db {{ .Values.databases.clickhouse.db }} --hosts {{ $chhosts }} --port {{ $port }} --user {{ .Values.databases.clickhouse.user }} --pass ${PASSWORD} {{ $insecure }} {{ .Values.databases.clickhouse.migrations.extraArgs }}
         env:
         - name: PASSWORD
           valueFrom:

diff --git a/perforator/deploy/kubernetes/helm/perforator/templates/migrate/job-pg.yaml b/perforator/deploy/kubernetes/helm/perforator/templates/migrate/job-pg.yaml
@@ -2,8 +2,11 @@
 
 
 {{- $pghosts := "" }}
-{{- range .Values.databases.postgresql.endpoints }}
-{{ $pghosts = printf "%s%s," $pghosts .host }}
+{{- $port := "" }}
+{{- $endpoints := include "perforator.postgresql.endpoints" . | fromYamlArray }}
+{{- range $endpoints }}
+{{ $pghosts = printf "%s%s," $pghosts (index . "host") }}
+{{- $port = (index . "port") }}
 {{- end }}
 {{ $pghosts = $pghosts | trimSuffix "," }}
 {{- $insecure := "" }}
@@ -37,7 +40,7 @@ spec:
         - -c
         - |
           set -eu
-          /perforator/migrate postgres up --db {{ .Values.databases.postgresql.db }} --hosts {{ $pghosts }} --user {{ .Values.databases.postgresql.user }} --pass ${PASSWORD} {{ $insecure }} {{ .Values.databases.postgresql.migrations.extraArgs }}
+          /perforator/migrate postgres up --db {{ .Values.databases.postgresql.db }} --hosts {{ $pghosts }} --port {{ $port }} --user {{ .Values.databases.postgresql.user }} --pass ${PASSWORD} {{ $insecure }} {{ .Values.databases.postgresql.migrations.extraArgs }}
         env:
         - name: PASSWORD
           valueFrom:
@@ -55,7 +58,7 @@ spec:
           readOnly: {{ .readOnly }}
         {{- end }}
       volumes:
-      {{- range .Values.databases.postgresq.migrations.extraMounts }}
+      {{- range .Values.databases.postgresql.migrations.extraMounts }}
       - name: {{ .name }}
         configMap:
           name: {{ .configMap }}

diff --git a/perforator/deploy/kubernetes/helm/perforator/values.yaml b/perforator/deploy/kubernetes/helm/perforator/values.yaml
@@ -871,3 +871,10 @@ offlineprocessing:
   dnsPolicy: ClusterFirst
   # priorityClassName to apply to perforator offlineprocessing pods.
   priorityClassName: ""
+
+testing:
+  # Deployes postgresql, clickhouse, minio subcharts with "perforator" user and "perforator" password. 
+  # It also creates "perforator" database in case of postgresql, clickhouse, and in case of minio 
+  # perforator-profile, perforator-binary, perforator-task-results, perforator-binary-gsym buckets.
+  # If this setting is enabled, you don't need to fill corresponding .Values.databases hosts.
+  enableTestingDatabases: false