fix: high availability mode, limits and requests, tolerations, affinities (#30)

soniqua · web-flow · commit 7f3346c12af2 · 2024-11-12T10:10:12.000Z
* fix: high availability mode, limits and requests

* fix: tolerations, selectors, affinities
diff --git a/README.md b/README.md
@@ -106,6 +106,12 @@ Universal Broker provides an Ingress template, compatible with any Kubernetes In
 
 It may be [extended with additional hosts, paths, annotations as required](#broker-ingress).
 
+### High Availability Mode
+
+Universal Broker will run with [High Availability Mode](https://docs.snyk.io/enterprise-configuration/snyk-broker/high-availability-mode) enabled by default. Optionally increase the number of replicas from 2 up to 4 to suit fault tolerance.
+
+High Availability Mode may be disabled by setting `highAvailabilityMode.enabled: false`.
+
 ## Advanced Configuration
 
 ### Certificate Trust
@@ -234,10 +240,12 @@ helm install ... --set credentialReferences.MY_GITHUB_TOKEN=<gh-pat>
 | `ingress.secrets`                           | A list of TLS secrets to create, each with `name`, `key` and `certificate`                                                                    | `[]`                       |
 | `ingress.tls.enabled`                       | Set to true to enable TLS on the in-built ingress                                                                                             | `false`                    |
 | `ingress.tls.existingSecret`                | Specify an existing TLS secret to use with this ingress                                                                                       | `""`                       |
-| `resources.requests.cpu`                    | Set CPU requests                                                                                                                              | `2`                        |
+| `resources.requests.cpu`                    | Set CPU requests                                                                                                                              | `1`                        |
 | `resources.requests.memory`                 | Set memory requests                                                                                                                           | `512Mi`                    |
-| `resources.limits.cpu`                      | Set CPU limits                                                                                                                                | `3`                        |
+| `resources.limits.cpu`                      | Set CPU limits                                                                                                                                | `2`                        |
 | `resources.limits.memory`                   | Set memory limits                                                                                                                             | `1024Mi`                   |
+| `highAvailabilityMode.enabled`              | snyk [default: true] Set to false to disable High Availability Mode for Broker                                                                | `true`                     |
+| `highAvailabilityMode.replicaCount`         | Number of Broker pods when running in HA mode (min 2, max 4)                                                                                  | `2`                        |
 | `commonLabels`                              | Labels to add to all deployed objects (sub-charts are not considered)                                                                         | `{}`                       |
 | `commonAnnotations`                         | Annotations to add to all deployed objects (sub-charts are not considered)                                                                    | `{}`                       |
 | `podLabels`                                 | Pod labels                                                                                                                                    | `{}`                       |
@@ -253,8 +261,6 @@ helm install ... --set credentialReferences.MY_GITHUB_TOKEN=<gh-pat>
 | `readinessProbe.config.periodSeconds`       | Period seconds for readinessProbe                                                                                                             | `10`                       |
 | `readinessProbe.config.timeoutSeconds`      | Timeout seconds for readinessProbe                                                                                                            | `1`                        |
 | `readinessProbe.config.failureThreshold`    | Failure threshold for readinessProbe                                                                                                          | `3`                        |
-| `highAvailabilityMode.enabled`              | snyk broker HA mode                                                                                                                           | `false`                    |
-| `replicaCount`                              | number for snyk broker when running in HA mode (min 2, max 4)                                                                                 | `1`                        |
 | `logLevel`                                  | defines Log Level for broker client pod. Can be set to "debug" for more information                                                           | `info`                     |
 | `logEnableBody`                             | adds additional logging by setting to true                                                                                                    | `false`                    |
 | `enableBrokerLocalWebserverOverHttps`       | enables Broker client to run a HTTPS server instead of the default HTTP server                                                                | `false`                    |
diff --git a/snyk-universal-broker/templates/_helpers.tpl b/snyk-universal-broker/templates/_helpers.tpl
@@ -31,12 +31,15 @@ Return the correct broker dispatcher URL based on the region value.
   {{- end -}}
 {{- end }}
 
+{{/*
+Return replica count based on HA mode
+*/}}
 {{- define "snyk-broker.replicas" -}}
   {{- if .Values.highAvailabilityMode.enabled -}}
-    {{- if gt (int .Values.replicaCount) 4 -}}
+    {{- if gt (int .Values.highAvailabilityMode.replicaCount) 4 -}}
       {{- fail "Cannot have more than 4 replicas in High Availability mode." -}}
     {{- else -}}
-      {{- print (int .Values.replicaCount) -}}
+      {{- print (int .Values.highAvailabilityMode.replicaCount) -}}
     {{- end -}}
   {{- else -}}
     {{- print 1 -}}
diff --git a/snyk-universal-broker/templates/statefulset.yaml b/snyk-universal-broker/templates/statefulset.yaml
@@ -40,6 +40,9 @@ spec:
       {{- if .Values.hostAliases }}
       hostAliases: {{- include "common.tplvalues.render" (dict "value" .Values.hostAliases "context" $) | nindent 8 }}
       {{- end }}
+      {{- if .Values.affinity }}
+      affinity: {{- include "common.tplvalues.render" (dict "value" .Values.affinity "context" $) | nindent 8 }}
+      {{- end }}
       {{- if .Values.nodeSelector }}
       nodeSelector: {{- include "common.tplvalues.render" (dict "value" .Values.nodeSelector "context" $) | nindent 8 }}
       {{- end }}
@@ -116,7 +119,7 @@ spec:
             - name: BROKER_CLIENT_URL
               value: {{ .Values.brokerClientUrl }}
             - name: BROKER_HA_MODE_ENABLED
-              value: {{ if and (.Values.highAvailabilityMode.enabled) (gt (int .Values.replicaCount) 1) }} "true" {{ else }} "false" {{ end }}
+              value: {{ if and (.Values.highAvailabilityMode.enabled) (gt (int .Values.highAvailabilityMode.replicaCount) 1) }} "true" {{ else }} "false" {{ end }}
          # Logging
             - name: LOG_LEVEL
               value: {{ .Values.logLevel }}
diff --git a/snyk-universal-broker/tests/fixtures/default_values.yaml b/snyk-universal-broker/tests/fixtures/default_values.yaml
@@ -5,9 +5,6 @@ brokerClientUrl: "http://brokerclient"
 preflightChecks:
   enabled: true
 
-highAvailabilityMode:
-  enabled: false
-
 ##### Snyk Platform Server Auth #####
 deploymentId: 8b338a3b-424a-497e-836e-5e0f9486605a
 clientId: 8b338a3b-424a-497e-836e-5e0f9486605a
diff --git a/snyk-universal-broker/tests/ha_test.yaml b/snyk-universal-broker/tests/ha_test.yaml
@@ -1,26 +1,15 @@
-values:
-  - ../values.yaml
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
 suite: HA Mode
 templates:
-  - templates/statefulset.yaml
-tests:
-  - it: deploys one replica by default
-    set: 
-      highAvailabilityMode.enabled: false
-    asserts:
-      - equal:
-          path: spec.replicas
-          value: 1
-      - contains:
-          path: spec.template.spec.containers[0].env
-          content:
-            name: BROKER_HA_MODE_ENABLED
-            value: "false"
+  - statefulset.yaml
+values:
+- ../values.yaml
+- fixtures/default_values.yaml
 
-  - it: configures multiple replicas
+tests:
+  - it: configures multiple replicas by default
     set:
-      replicaCount: 2
-      highAvailabilityMode.enabled: true
+      highAvailabilityMode.replicaCount: 2
     asserts:
       - equal:
           path: spec.replicas
@@ -33,16 +22,19 @@ tests:
 
   - it: does not allow more than 4 replicas
     set:
-      replicaCount: 5
-      highAvailabilityMode.enabled: true
+      highAvailabilityMode.replicaCount: 5
     asserts:
-      - failedTemplate:
-          errorMessage: "Cannot have more than 4 replicas in High Availability mode."
+      - failedTemplate: {}
 
-  - it: does not set HA mode with only 1 replica
+  - it: does not allow setting 1 replica in HA mode
     set:
-      replicaCount: 1
-      highAvailabilityMode.enabled: true
+      highAvailabilityMode.replicaCount: 1
+    asserts:
+      - failedTemplate: {}
+
+  - it: disables HA mode
+    set: 
+      highAvailabilityMode.enabled: false
     asserts:
       - equal:
           path: spec.replicas
diff --git a/snyk-universal-broker/tests/pod_runtimes_test.yaml b/snyk-universal-broker/tests/pod_runtimes_test.yaml
@@ -1,8 +1,10 @@
-suite: Pod runtime tests
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+suite: Pod Runtime
 values:
   - ../values.yaml
+  - fixtures/default_values.yaml
 templates:
-  - templates/statefulset.yaml
+  - statefulset.yaml
 
 tests:
   - it: should set pod security context when enabled
@@ -67,7 +69,7 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem
           value: true
-  
+
   - it: can add tolerations
     set:
       tolerations:
@@ -108,4 +110,4 @@ tests:
           - "example.com"
     - equal:
         path: spec.template.spec.hostAliases[0].ip
-        value: "127.0.0.1"
+        value: "127.0.0.1"
diff --git a/snyk-universal-broker/tests/resources_and_limits_test.yaml b/snyk-universal-broker/tests/resources_and_limits_test.yaml
@@ -4,6 +4,7 @@ suite: Resources and Limits
 templates:
   - statefulset.yaml
 values:
+  - ../values.yaml
   - fixtures/default_values.yaml
 
 tests:
@@ -14,13 +15,6 @@ tests:
       - exists:
           path: spec.template.spec.containers[0].resources.limits
 
-  - it: Defines requests and limits by default
-    asserts:
-      - exists:
-          path: spec.template.spec.containers[0].resources.requests
-      - exists:
-          path: spec.template.spec.containers[0].resources.limits
-
   - it: Respects custom requests
     set:
       resources:
@@ -34,17 +28,3 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].resources.requests.memory
           value: "5Gi"
-
-  - it: Respects custom limits
-    set:
-      resources:
-        limits:
-          cpu: 2
-          memory: 5Gi
-    asserts:
-      - equal:
-          path: spec.template.spec.containers[0].resources.limits.cpu
-          value: 2
-      - equal:
-          path: spec.template.spec.containers[0].resources.limits.memory
-          value: "5Gi"
diff --git a/snyk-universal-broker/tests/tolerations_selectors_affinities_test.yaml b/snyk-universal-broker/tests/tolerations_selectors_affinities_test.yaml
@@ -0,0 +1,50 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/helm-unittest/helm-unittest/main/schema/helm-testsuite.json
+
+suite: Tolerations, Selectors and Affinities
+templates:
+  - statefulset.yaml
+values:
+  - ../values.yaml
+  - fixtures/default_values.yaml
+
+tests:
+  - it: Accepts a toleration
+    set:
+      tolerations:
+        - key: "key1"
+          operator: "Equal"
+          value: "value1"
+          effect: "NoSchedule"
+    asserts:
+      - contains:
+          path: spec.template.spec.tolerations
+          content:
+            key: "key1"
+            operator: "Equal"
+            value: "value1"
+            effect: "NoSchedule"
+
+  - it: Accepts a selector
+    set:
+      nodeSelector:
+        group: "prodsec"
+    asserts:
+      - equal:
+          path: spec.template.spec.nodeSelector.group
+          value: "prodsec"
+
+  - it: Accepts an affinity
+    set:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: topology.kubernetes.io/zone
+                operator: In
+                values:
+                - antarctica-east1
+                - antarctica-west1
+    asserts:
+      - exists:
+          path: spec.template.spec.affinity.nodeAffinity
diff --git a/snyk-universal-broker/values.schema.json b/snyk-universal-broker/values.schema.json
@@ -190,7 +190,20 @@
           }
         }
       }
-    }
+    },
+    "highAvailabilityMode": {
+      "properties":{
+        "enabled": {
+          "type": "boolean"
+        },
+        "replicaCount": {
+          "type": "integer",
+          "minimum": 2,
+          "maximum": 4
+        }
+      }
+    },
+    "additionalProperties": false
   },
   "additionalProperties": true
 }
diff --git a/snyk-universal-broker/values.yaml b/snyk-universal-broker/values.yaml
@@ -133,12 +133,19 @@ ingress:
 ## @param resources.limits.memory Set memory limits
 resources:
   requests:
-    cpu: 2
+    cpu: 1
     memory: 512Mi
   limits:
-    cpu: 3
+    cpu: 2
     memory: 1024Mi
 
+## @param highAvailabilityMode.enabled snyk [default: true] Set to false to disable High Availability Mode for Broker
+## @param highAvailabilityMode.replicaCount [default: 2] Number of Broker pods when running in HA mode (min 2, max 4)
+
+highAvailabilityMode:
+  enabled: true
+  replicaCount: 2
+
 ## @param commonLabels Labels to add to all deployed objects (sub-charts are not considered)
 ##
 commonLabels: {}
@@ -186,14 +193,6 @@ readinessProbe:
     timeoutSeconds: 1
     failureThreshold: 3
 
-## HA MODE #####
-## @param highAvailabilityMode.enabled snyk broker HA mode
-## @param replicaCount number for snyk broker when running in HA mode (min 2, max 4)
-
-highAvailabilityMode:
-  enabled: false
-replicaCount: 1
-
 ## Logging #####
 ## @param logLevel defines Log Level for broker client pod. Can be set to "debug" for more information
 ## @param logEnableBody adds additional logging by setting to true

Original file line number	Diff line number	Diff line change
`@@ -190,7 +190,20 @@`
`190`	`190`	`}`
`191`	`191`	`}`
`192`	`192`	`}`
`193`		`- }`
	`193`	`+ },`
	`194`	`+ "highAvailabilityMode": {`
	`195`	`+ "properties":{`
	`196`	`+ "enabled": {`
	`197`	`+ "type": "boolean"`
	`198`	`+ },`
	`199`	`+ "replicaCount": {`
	`200`	`+ "type": "integer",`
	`201`	`+ "minimum": 2,`
	`202`	`+ "maximum": 4`
	`203`	`+ }`
	`204`	`+ }`
	`205`	`+ },`
	`206`	`+ "additionalProperties": false`
`194`	`207`	`},`
`195`	`208`	`"additionalProperties": true`
`196`	`209`	`}`