CAAPIM · gdeol77 · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024 · Feb 23, 2024
diff --git a/charts/gateway/Chart.lock b/charts/gateway/Chart.lock
@@ -1,7 +1,7 @@
 dependencies:
 - name: hazelcast
   repository: https://hazelcast-charts.s3.amazonaws.com/
-  version: 5.4.0
+  version: 5.8.14
 - name: influxdb
   repository: https://helm.influxdata.com/
   version: 4.12.0
@@ -14,5 +14,5 @@ dependencies:
 - name: redis
   repository: https://charts.bitnami.com/bitnami
   version: 18.2.1
-digest: sha256:ad87dbcf8a73e3780500b3bda4157820b4a214bcbdf07db4ccdb3e5063f32ccb
-generated: "2023-12-12T13:13:58.809885Z"
+digest: sha256:167e26d9c3f5183243849f8f32013e61bae6bfe434bcec7e28f02d6f86147f83
+generated: "2024-04-03T09:24:46.307431+01:00"
diff --git a/charts/gateway/Chart.yaml b/charts/gateway/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "11.0.00_CR2"
 description: This Helm Chart deploys the Layer7 Gateway in Kubernetes.
 name: gateway
-version: 3.0.22
+version: 3.0.26
 type: application
 home: https://github.com/CAAPIM/apim-charts
 maintainers:
@@ -11,7 +11,7 @@ sources:
   - https://github.com/CAAPIM/apim-charts
 dependencies:
   - name: hazelcast
-    version: 5.4.0
+    version: 5.8.14
     repository: "https://hazelcast-charts.s3.amazonaws.com/"
     condition: hazelcast.enabled
   - name: influxdb

diff --git a/charts/gateway/README.md b/charts/gateway/README.md
@@ -66,6 +66,26 @@ The Layer7 API Gateway is now running with Java 11 with the release of the v10.1
 
 Things to note and be aware of are the deprecation of TLSv1.0/TLSv1.1 and the JAVA_HOME dir has gone through some changes as well.
 
+## 3.0.26 General Updates
+- Commented out Nginx specific annotations in the ingress configuration
+  - If you are using an Nginx ingress controller you will need to add or uncomment the following annotation manually
+    - nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
+    - [production-values.yaml](https://github.com/CAAPIM/apim-charts/blob/stable/charts/gateway/production-values.yaml#L792) sets this if you would like to use that as a starting point.
+- Upgraded Hazelcast SubChart and set default image to latest versions.
+- Added Gateway [Pod Disruption Budget](#pod-disruption-budgets)
+
+## 3.0.25 OTK Schedule job success and failure limts
+- Added configurable success and failure job history limit for OTK database maintenance schedule jobs.
+
+## 3.0.24 General Updates
+- Custom Volumes for initContainers and Sidecars
+  - This allows configmaps/secrets to be mounted to initContainers and sideCars
+    - customSideCarVolumes
+    - customInitVolumes
+
+## 3.0.23 OTK 4.6.2_202402 Released 
+- Updated OTK image version value
+
 ## 3.0.22 General Updates
 - Updated Chart ci values
   - no impact
@@ -375,6 +395,7 @@ database:
 * [Logs & Audit Configuration](#logs--audit-configuration)
 * [Graceful Termination](#graceful-termination)
 * [Autoscaling](#autoscaling)
+* [Pod Disruption Budgets](#pod-disruption-budgets)
 * [RBAC Parameters](#rbac-parameters)
 * [Service Metrics Demo](#service-metrics-demo)
 * [SubChart Configuration](#subchart-configuration)
@@ -594,6 +615,8 @@ OTK Deployment examples can be found [here](/examples/otk)
 | `otk.job.podLabels`               | OTK Job podLabels | {}
 | `otk.job.podAnnotations`          | OTK Job podAnnotations | {}
 | `otk.job.resources`               | OTK Job resources | {}
+| `otk.job.scheduledTasksSuccessfulJobsHistoryLimit`| OTK db maintenance scheduled job success history limit | `1` |
+| `otk.job.scheduledTasksFailedJobsHistoryLimit`| OTK db maintenance scheduled job failed history limit | `1` |
 | `otk.database.type`               | OTK database type - mysql/oracle/cassandra | `mysql`
 | `otk.database.waitTimeout`        | OTK database connection wait timeout in seconds  | `60`|
 | `otk.database.dbUpgrade`          | Enable/Disable OTK DB Upgrade| `true` |
@@ -1190,6 +1213,22 @@ autoscaling:
           periodSeconds: 15
 ```
 
+### Pod Disruption Budgets
+[Pod Disruption Budgets](https://kubernetes.io/docs/tasks/run-application/configure-pdb/) allow you to limit the number of concurrent disruptions that your application experiences, allowing for higher availability while permitting the cluster administrator to manage the clusters nodes.
+| Parameter                        | Description                               | Default                                                      |
+| -----------------------------    | -----------------------------------       | -----------------------------------------------------------  |
+| `pdb.create`    | Create a PodDisruptionBudget for your Gateway Release            | `false` |
+| `pdb.maxUnavailable`    |   number of pods from that set that can be unavailable after the eviction. It can be either an absolute number or a percentage. | `""` |
+| `pdb.minAvailable`    |  number of pods from that set that must still be available after the eviction, even in the absence of the evicted pod. minAvailable can be either an absolute number or a percentage. | `""` |
+
+Example - note that only ***maxUnavailable*** or ***minAvailable*** can be set - both values ***cannot*** be set at the same time.
+```
+pdb:
+  create: true
+  maxUnavailable: 1
+  minAvailable: ""
+```
+
 ### RBAC Parameters
 PM Tagger requires access to pods in the current namespace, it uses the Gateway Configured service account.
 

diff --git a/charts/gateway/charts/hazelcast-5.4.0.tgz b/charts/gateway/charts/hazelcast-5.4.0.tgz
diff --git a/charts/gateway/charts/hazelcast-5.8.14.tgz b/charts/gateway/charts/hazelcast-5.8.14.tgz
diff --git a/charts/gateway/production-values.yaml b/charts/gateway/production-values.yaml
@@ -627,7 +627,7 @@ otk:
   job:
     image:
       repository: caapim/otk-install
-      tag: 4.6.2
+      tag: 4.6.2_202402
       pullPolicy: IfNotPresent
     imagePullSecret:
       enabled: false
@@ -647,6 +647,9 @@ otk:
       - name: miscellaneous
         schedule: "*/5 * * * *"
 
+    scheduledTasksSuccessfulJobsHistoryLimit: 1
+    scheduledTasksFailedJobsHistoryLimit: 1
+
     labels: {}
     # nodeSelector: {}
     # tolerations: []
@@ -934,6 +937,14 @@ topologySpreadConstraints: []
 # ref:https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: []
 
+# PodDisruptionBudget
+# ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+# Only maxUnavailable or minAvailable can be set - both values cannot be set at the same time.
+pdb:
+  create: false
+  maxUnavailable: ""
+  minAvailable: ""
+
 # ref:https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 podSecurityContext: {}
 
@@ -973,6 +984,14 @@ sidecars: []
 ##         containerPort: 1234
 ##
 
+# customSideCarVolumes applies to sidecars. By default volumes of type emptyDir are automatically created for sidecars and initContainers. This config allows you to override that
+# Filtering is done by name, make sure that the volumeMount and volume names are the same.
+customSideCarVolumes: []
+
+# customInitVolumes applies to initContainers. By default volumes of type emptyDir are automatically created for volumeMounts in initContainers. This config allows you to override that
+# Filtering is done by name, make sure that the volumeMount and volume names are the same.
+customInitVolumes: []
+
 # Configure custom hosts
 customHosts:
   enabled: false
@@ -1149,7 +1168,7 @@ hazelcast:
   # url: hazelcast.example.com:5701
   image:
     repository: "hazelcast/hazelcast"
-    tag: "5.2.1"
+    tag: "5.3.6"
     pullPolicy: IfNotPresent
     # pullSecrets:
     # - myRegistryKeySecretName

diff --git a/charts/gateway/templates/deployment.yaml b/charts/gateway/templates/deployment.yaml
@@ -319,15 +319,28 @@ spec:
               mountPath: /opt/SecureSpan/Gateway/node/default/etc/bootstrap/bundle/000OTK
 {{- end }}
 {{- if .Values.sidecars }}
-           {{- range .Values.sidecars }}
-           {{- range .volumeMounts }}
+         {{- range .Values.sidecars }}
+         {{- range .volumeMounts }}
+         {{- $vn := .name }}
+         {{ $duplicate := false}}
+         {{- if $.Values.initContainers}}
+           {{- range $_,$ic := $.Values.initContainers }}
+             {{- range $_,$icvm := $ic.volumeMounts }}
+               {{- if eq $vn $icvm.name }}
+                 {{ $duplicate = true}}
+               {{- end }}
+             {{- end }}
+           {{- end }}
+         {{- end }}
+         {{ if not $duplicate }}
             - name: {{ .name }}
               mountPath: {{ .mountPath }}
               {{ if .subPath }}
               subPath: {{ .subPath }}
               {{ end }}
-           {{- end }}
-           {{- end }}
+         {{- end }}
+         {{- end }}
+         {{- end }}
 {{- end }}
           envFrom:
             - configMapRef:
@@ -608,9 +621,27 @@ spec:
 {{- end }}
 {{- if .Values.initContainers }}
      {{- range .Values.initContainers }}
+     {{- $cvIndex := 0 }}
      {{- range .volumeMounts }}
-        - name: {{ .name }}
+       {{- $vn := .name }}
+       {{- $found := false }}
+       {{- $cvIndex = 0 }}
+       {{- if $.Values.customInitVolumes }}
+       {{- range $i,$cv := $.Values.customInitVolumes }}
+       {{- if eq $vn $cv.name }}
+        {{- $found = true }}
+        {{- $cvIndex = $i }}
+       {{- end }}
+       {{- end }}
+       {{- end }}
+       {{- if eq $found true }}
+        {{- with (index $.Values.customInitVolumes $cvIndex) }}
+        - {{- toYaml . | nindent 10}}
+        {{- end }}
+      {{- else }}
+        - name: {{ $vn }}
           emptyDir: {}
+      {{- end }}
      {{- end }}
      {{- end }}
 {{- end }}
@@ -642,9 +673,39 @@ spec:
 {{- end }}
 {{- if .Values.sidecars }}
      {{- range .Values.sidecars }}
+     {{- $cvIndex := 0 }}
      {{- range .volumeMounts }}
-        - name: {{ .name }}
+       {{- $vn := .name }}
+       {{- $found := false }}
+       {{- $duplicate := false }}
+       {{- $cvIndex = 0 }}
+      {{- if $.Values.initContainers }}
+        {{- range  $_,$ic :=  $.Values.initContainers }}
+          {{- range $_,$icvm :=  $ic.volumeMounts }}
+            {{- if eq $vn $icvm.name }}
+              {{- $duplicate = true }}
+            {{- end }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
+       {{- if $.Values.customSideCarVolumes }}
+         {{- range $i,$cv := $.Values.customSideCarVolumes }}
+         {{- if eq $vn $cv.name }}
+           {{- $found = true }}
+           {{- $cvIndex = $i }}
+         {{- end }}
+         {{- end }}
+       {{- end }}
+       {{- if not $duplicate }}
+       {{- if $found }}
+        {{- with (index $.Values.customSideCarVolumes $cvIndex) }}
+        - {{- toYaml . | nindent 10}}
+        {{- end }}
+      {{- else }}
+        - name: {{ $vn }}
           emptyDir: {}
+      {{- end }}
+     {{- end }}
      {{- end }}
      {{- end }}
 {{- end }}
diff --git a/charts/gateway/templates/otk-scheduled-task-jobs.yaml b/charts/gateway/templates/otk-scheduled-task-jobs.yaml
@@ -25,7 +25,8 @@ metadata:
 spec:
   schedule: {{ .schedule | quote }}
   concurrencyPolicy: "Forbid"
-  successfulJobsHistoryLimit: 1
+  successfulJobsHistoryLimit: {{ default 1 $.Values.otk.job.scheduledTasksSuccessfulJobsHistoryLimit }}
+  failedJobsHistoryLimit: {{ default 1 $.Values.otk.job.scheduledTasksFailedJobsHistoryLimit }}
   jobTemplate:
     spec:
       template:
@@ -69,7 +70,6 @@ spec:
           {{- if $.Values.otk.job.tolerations }}
           tolerations: {{- toYaml $.Values.otk.job.tolerations | nindent 10 }}
           {{- end }}
-
           restartPolicy: Never
 ---
 {{- end }}

diff --git a/charts/gateway/templates/pdb.yaml b/charts/gateway/templates/pdb.yaml
@@ -0,0 +1,31 @@
+{{ if .Values.pdb.create }}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  labels:
+    app: {{ template "gateway.fullname" . }}-pdb
+    chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+    {{- range $key, $val := .Values.additionalLabels }}
+    {{ $key }}: "{{ $val }}"
+    {{- end }}
+  {{- if  .Values.additionalAnnotations }}
+  annotations:
+{{- range $key, $val := .Values.additionalAnnotations }}
+    {{ $key }}: "{{ $val }}"
+{{- end }}
+{{- end }}
+  name: {{ template "gateway.fullname" . }}-pdb
+spec:
+  {{- if .Values.pdb.minAvailable }}
+  minAvailable: {{ .Values.pdb.minAvailable }}
+  {{- end }}
+  {{- if .Values.pdb.maxUnavailable }}
+  maxUnavailable: {{ .Values.pdb.maxUnavailable }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app: {{ template "gateway.fullname" . }}
+      release: {{ .Release.Name }}
+{{ end }}
diff --git a/charts/gateway/templates/pm-tagger-deployment.yaml b/charts/gateway/templates/pm-tagger-deployment.yaml
@@ -64,7 +64,7 @@ spec:
         - name: {{ template "gateway.imagePullSecret" . }}
 {{- end }}
       containers:
-        - name: {{ .Chart.Name }}
+        - name: {{ .Chart.Name }}-pm-tagger
           image: {{.Values.pmtagger.image.registry}}/{{.Values.pmtagger.image.repository}}:{{.Values.pmtagger.image.tag}}
           imagePullPolicy: {{ .Values.pmtagger.image.pullPolicy }}
           {{- if .Values.pmtagger.containerSecurityContext }}

diff --git a/charts/gateway/templates/secret.yaml b/charts/gateway/templates/secret.yaml
@@ -13,8 +13,8 @@ metadata:
     {{- end }}
   {{- if  .Values.additionalAnnotations }}
   annotations:
-  "helm.sh/hook": pre-install,post-upgrade
-  "helm.sh/hook-weight": "-5"
+    "helm.sh/hook": pre-install,post-upgrade
+    "helm.sh/hook-weight": "-5"
 {{- range $key, $val := .Values.additionalAnnotations }}
     {{ $key }}: "{{ $val }}"
 {{- end }}