├── .gitignore ├── LICENSE ├── PUBLISH.md ├── README.md ├── charts ├── dgraph-lambda │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── examples │ │ └── ingress-nginx.yaml │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── config.yaml │ │ ├── deployment.yaml │ │ ├── ingress.yaml │ │ ├── service.yaml │ │ ├── serviceaccount.yaml │ │ └── tests │ │ │ └── test-connection.yaml │ └── values.yaml ├── dgraph │ ├── Chart.yaml │ ├── README.md │ ├── example_values │ │ ├── alpha-acl-config.yaml │ │ ├── alpha-acl-secrets.yaml │ │ ├── alpha-enc-config.yaml │ │ ├── alpha-enc-secrets.yaml │ │ ├── alpha-tls-config.yaml │ │ ├── alpha-tls-secrets.yaml │ │ ├── backup-minio-config.yaml │ │ ├── backup-minio-secrets.yaml │ │ ├── backup-nfs-config.yaml │ │ ├── backup-s3-config.yaml │ │ ├── backup-s3-secrets.yaml │ │ ├── backup-volume-config.yaml │ │ ├── default-json-config.yaml │ │ ├── default-yaml-config.yaml │ │ ├── ingress │ │ │ ├── ingress-alb.yaml │ │ │ ├── ingress-gce.yaml │ │ │ ├── ingress-grpc-alb.yaml │ │ │ ├── ingress-nginx-grpc.yaml │ │ │ ├── ingress-nginx.yaml │ │ │ └── kubernetes-ingress.yaml │ │ ├── linkerd.yaml │ │ ├── service_account.yaml │ │ ├── v20.11 │ │ │ ├── alpha-acl-config.yaml │ │ │ ├── alpha-acl-secrets.yaml │ │ │ ├── alpha-enc-config.yaml │ │ │ ├── alpha-enc-secrets.yaml │ │ │ ├── alpha-tls-config.yaml │ │ │ ├── alpha-tls-secrets.yaml │ │ │ ├── backup-minio-config.yaml │ │ │ ├── backup-minio-secrets.yaml │ │ │ ├── backup-nfs-config.yaml │ │ │ ├── backup-s3-config.yaml │ │ │ ├── backup-s3-secrets.yaml │ │ │ ├── backup-volume-config.yaml │ │ │ ├── default-hcl-config.yaml │ │ │ ├── default-json-config.yaml │ │ │ ├── default-properties-config.yaml │ │ │ ├── default-toml-config.yaml │ │ │ ├── default-yaml-config.yaml │ │ │ ├── zero-tls-config.yaml │ │ │ └── zero-tls-secrets.yaml │ │ ├── zero-tls-config.yaml │ │ └── zero-tls-secrets.yaml │ ├── scripts │ │ ├── .gitignore │ │ ├── README.md │ │ ├── get_alpha_list.sh │ │ └── make_tls_secrets.sh │ ├── templates │ │ ├── NOTES.txt │ │ ├── _helpers.tpl │ │ ├── alpha │ │ │ ├── configs.yaml │ │ │ ├── ingress.yaml │ │ │ ├── secret-acl.yaml │ │ │ ├── secret-enc.yaml │ │ │ ├── secret-tls.yaml │ │ │ ├── statefulset.yaml │ │ │ ├── svc-headless.yaml │ │ │ └── svc.yaml │ │ ├── backups │ │ │ ├── configs.yaml │ │ │ ├── cronjob-full.yaml │ │ │ ├── cronjob-inc.yaml │ │ │ ├── pv.yaml │ │ │ ├── pvc.yaml │ │ │ └── secrets.yaml │ │ ├── global-ingress.yaml │ │ ├── ratel │ │ │ ├── deployment.yaml │ │ │ ├── ingress.yaml │ │ │ └── svc.yaml │ │ ├── serviceaccount.yaml │ │ └── zero │ │ │ ├── configs.yaml │ │ │ ├── secret-tls.yaml │ │ │ ├── statefulset.yaml │ │ │ ├── svc-headless.yaml │ │ │ └── svc.yaml │ └── values.yaml └── ratel │ ├── .helmignore │ ├── Chart.yaml │ ├── README.md │ ├── example_values │ └── ingress │ │ ├── ingress-alb-no_host.yaml │ │ └── ingress-alb-with_host.yaml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── deployment.yaml │ ├── ingress.yaml │ ├── service.yaml │ ├── serviceaccount.yaml │ └── tests │ │ └── test-connection.yaml │ └── values.yaml ├── dgraph-24.0.4.tgz └── helmfiles ├── README.md ├── lambda ├── README.md ├── example │ ├── mutation.graphql │ ├── query.graphql │ ├── schema.graphql │ └── script.yaml └── helmfile.yaml ├── mutual_tls ├── .gitignore ├── README.md ├── examples │ ├── alpha_tls.yaml.gotmpl │ ├── default.yaml.gotmpl │ └── zero_tls_internal.yaml.gotmpl └── helmfile.yaml └── tests ├── .gitignore ├── README.md ├── dgraph_tls └── .gitkeep └── helmfile.yaml /.gitignore: -------------------------------------------------------------------------------- 1 | .cr-release-packages/ 2 | .DS_Store 3 | .idea 4 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | Apache License 2 | Version 2.0, January 2004 3 | http://www.apache.org/licenses/ 4 | 5 | TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 6 | 7 | 1. Definitions. 8 | 9 | "License" shall mean the terms and conditions for use, reproduction, 10 | and distribution as defined by Sections 1 through 9 of this document. 11 | 12 | "Licensor" shall mean the copyright owner or entity authorized by 13 | the copyright owner that is granting the License. 14 | 15 | "Legal Entity" shall mean the union of the acting entity and all 16 | other entities that control, are controlled by, or are under common 17 | control with that entity. For the purposes of this definition, 18 | "control" means (i) the power, direct or indirect, to cause the 19 | direction or management of such entity, whether by contract or 20 | otherwise, or (ii) ownership of fifty percent (50%) or more of the 21 | outstanding shares, or (iii) beneficial ownership of such entity. 22 | 23 | "You" (or "Your") shall mean an individual or Legal Entity 24 | exercising permissions granted by this License. 25 | 26 | "Source" form shall mean the preferred form for making modifications, 27 | including but not limited to software source code, documentation 28 | source, and configuration files. 29 | 30 | "Object" form shall mean any form resulting from mechanical 31 | transformation or translation of a Source form, including but 32 | not limited to compiled object code, generated documentation, 33 | and conversions to other media types. 34 | 35 | "Work" shall mean the work of authorship, whether in Source or 36 | Object form, made available under the License, as indicated by a 37 | copyright notice that is included in or attached to the work 38 | (an example is provided in the Appendix below). 39 | 40 | "Derivative Works" shall mean any work, whether in Source or Object 41 | form, that is based on (or derived from) the Work and for which the 42 | editorial revisions, annotations, elaborations, or other modifications 43 | represent, as a whole, an original work of authorship. For the purposes 44 | of this License, Derivative Works shall not include works that remain 45 | separable from, or merely link (or bind by name) to the interfaces of, 46 | the Work and Derivative Works thereof. 47 | 48 | "Contribution" shall mean any work of authorship, including 49 | the original version of the Work and any modifications or additions 50 | to that Work or Derivative Works thereof, that is intentionally 51 | submitted to Licensor for inclusion in the Work by the copyright owner 52 | or by an individual or Legal Entity authorized to submit on behalf of 53 | the copyright owner. For the purposes of this definition, "submitted" 54 | means any form of electronic, verbal, or written communication sent 55 | to the Licensor or its representatives, including but not limited to 56 | communication on electronic mailing lists, source code control systems, 57 | and issue tracking systems that are managed by, or on behalf of, the 58 | Licensor for the purpose of discussing and improving the Work, but 59 | excluding communication that is conspicuously marked or otherwise 60 | designated in writing by the copyright owner as "Not a Contribution." 61 | 62 | "Contributor" shall mean Licensor and any individual or Legal Entity 63 | on behalf of whom a Contribution has been received by Licensor and 64 | subsequently incorporated within the Work. 65 | 66 | 2. Grant of Copyright License. Subject to the terms and conditions of 67 | this License, each Contributor hereby grants to You a perpetual, 68 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 69 | copyright license to reproduce, prepare Derivative Works of, 70 | publicly display, publicly perform, sublicense, and distribute the 71 | Work and such Derivative Works in Source or Object form. 72 | 73 | 3. Grant of Patent License. Subject to the terms and conditions of 74 | this License, each Contributor hereby grants to You a perpetual, 75 | worldwide, non-exclusive, no-charge, royalty-free, irrevocable 76 | (except as stated in this section) patent license to make, have made, 77 | use, offer to sell, sell, import, and otherwise transfer the Work, 78 | where such license applies only to those patent claims licensable 79 | by such Contributor that are necessarily infringed by their 80 | Contribution(s) alone or by combination of their Contribution(s) 81 | with the Work to which such Contribution(s) was submitted. If You 82 | institute patent litigation against any entity (including a 83 | cross-claim or counterclaim in a lawsuit) alleging that the Work 84 | or a Contribution incorporated within the Work constitutes direct 85 | or contributory patent infringement, then any patent licenses 86 | granted to You under this License for that Work shall terminate 87 | as of the date such litigation is filed. 88 | 89 | 4. Redistribution. You may reproduce and distribute copies of the 90 | Work or Derivative Works thereof in any medium, with or without 91 | modifications, and in Source or Object form, provided that You 92 | meet the following conditions: 93 | 94 | (a) You must give any other recipients of the Work or 95 | Derivative Works a copy of this License; and 96 | 97 | (b) You must cause any modified files to carry prominent notices 98 | stating that You changed the files; and 99 | 100 | (c) You must retain, in the Source form of any Derivative Works 101 | that You distribute, all copyright, patent, trademark, and 102 | attribution notices from the Source form of the Work, 103 | excluding those notices that do not pertain to any part of 104 | the Derivative Works; and 105 | 106 | (d) If the Work includes a "NOTICE" text file as part of its 107 | distribution, then any Derivative Works that You distribute must 108 | include a readable copy of the attribution notices contained 109 | within such NOTICE file, excluding those notices that do not 110 | pertain to any part of the Derivative Works, in at least one 111 | of the following places: within a NOTICE text file distributed 112 | as part of the Derivative Works; within the Source form or 113 | documentation, if provided along with the Derivative Works; or, 114 | within a display generated by the Derivative Works, if and 115 | wherever such third-party notices normally appear. The contents 116 | of the NOTICE file are for informational purposes only and 117 | do not modify the License. You may add Your own attribution 118 | notices within Derivative Works that You distribute, alongside 119 | or as an addendum to the NOTICE text from the Work, provided 120 | that such additional attribution notices cannot be construed 121 | as modifying the License. 122 | 123 | You may add Your own copyright statement to Your modifications and 124 | may provide additional or different license terms and conditions 125 | for use, reproduction, or distribution of Your modifications, or 126 | for any such Derivative Works as a whole, provided Your use, 127 | reproduction, and distribution of the Work otherwise complies with 128 | the conditions stated in this License. 129 | 130 | 5. Submission of Contributions. Unless You explicitly state otherwise, 131 | any Contribution intentionally submitted for inclusion in the Work 132 | by You to the Licensor shall be under the terms and conditions of 133 | this License, without any additional terms or conditions. 134 | Notwithstanding the above, nothing herein shall supersede or modify 135 | the terms of any separate license agreement you may have executed 136 | with Licensor regarding such Contributions. 137 | 138 | 6. Trademarks. This License does not grant permission to use the trade 139 | names, trademarks, service marks, or product names of the Licensor, 140 | except as required for reasonable and customary use in describing the 141 | origin of the Work and reproducing the content of the NOTICE file. 142 | 143 | 7. Disclaimer of Warranty. Unless required by applicable law or 144 | agreed to in writing, Licensor provides the Work (and each 145 | Contributor provides its Contributions) on an "AS IS" BASIS, 146 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 147 | implied, including, without limitation, any warranties or conditions 148 | of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A 149 | PARTICULAR PURPOSE. You are solely responsible for determining the 150 | appropriateness of using or redistributing the Work and assume any 151 | risks associated with Your exercise of permissions under this License. 152 | 153 | 8. Limitation of Liability. In no event and under no legal theory, 154 | whether in tort (including negligence), contract, or otherwise, 155 | unless required by applicable law (such as deliberate and grossly 156 | negligent acts) or agreed to in writing, shall any Contributor be 157 | liable to You for damages, including any direct, indirect, special, 158 | incidental, or consequential damages of any character arising as a 159 | result of this License or out of the use or inability to use the 160 | Work (including but not limited to damages for loss of goodwill, 161 | work stoppage, computer failure or malfunction, or any and all 162 | other commercial damages or losses), even if such Contributor 163 | has been advised of the possibility of such damages. 164 | 165 | 9. Accepting Warranty or Additional Liability. While redistributing 166 | the Work or Derivative Works thereof, You may choose to offer, 167 | and charge a fee for, acceptance of support, warranty, indemnity, 168 | or other liability obligations and/or rights consistent with this 169 | License. However, in accepting such obligations, You may act only 170 | on Your own behalf and on Your sole responsibility, not on behalf 171 | of any other Contributor, and only if You agree to indemnify, 172 | defend, and hold each Contributor harmless for any liability 173 | incurred by, or claims asserted against, such Contributor by reason 174 | of your accepting any such warranty or additional liability. 175 | 176 | END OF TERMS AND CONDITIONS 177 | 178 | APPENDIX: How to apply the Apache License to your work. 179 | 180 | To apply the Apache License to your work, attach the following 181 | boilerplate notice, with the fields enclosed by brackets "[]" 182 | replaced with your own identifying information. (Don't include 183 | the brackets!) The text should be enclosed in the appropriate 184 | comment syntax for the file format. We also recommend that a 185 | file or class name and description of purpose be included on the 186 | same "printed page" as the copyright notice for easier 187 | identification within third-party archives. 188 | 189 | Copyright [yyyy] [name of copyright owner] 190 | 191 | Licensed under the Apache License, Version 2.0 (the "License"); 192 | you may not use this file except in compliance with the License. 193 | You may obtain a copy of the License at 194 | 195 | http://www.apache.org/licenses/LICENSE-2.0 196 | 197 | Unless required by applicable law or agreed to in writing, software 198 | distributed under the License is distributed on an "AS IS" BASIS, 199 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 200 | See the License for the specific language governing permissions and 201 | limitations under the License. 202 | -------------------------------------------------------------------------------- /PUBLISH.md: -------------------------------------------------------------------------------- 1 | ## Publish Helm Charts 2 | 3 | ### Before we begin 4 | 5 | Firstly, make sure you have [Helm](https://github.com/helm/helm/releases) and [Chart Releaser](https://github.com/helm/chart-releaser/releases) installed on the machine. 6 | 7 | The helm chart repository is available from [here](https://charts.dgraph.io/), which is hosted using 8 | `gh-pages` branch of the [charts repository](https://github.com/dgraph-io/charts). 9 | 10 | ### Lint the chart 11 | 12 | It is always a good habit to lint the charts. The `helm lint` command runs a series of tests 13 | to verify that the chart is well-formed: 14 | 15 | ```bash 16 | helm lint charts/dgraph 17 | helm lint charts/dgraph-lambda 18 | ``` 19 | 20 | ### Create the Helm chart package 21 | 22 | The `helm package` command packages a chart into a versioned chart archive file. 23 | 24 | ```bash 25 | ## remove existing packages 26 | rm -rf .cr-release-packages/* 27 | ## for publishing dgraph 28 | helm package charts/dgraph --destination .cr-release-packages/ 29 | ## for publishing dgraph-lambda chart 30 | helm package charts/dgraph-lambda --destination .cr-release-packages/ 31 | ``` 32 | 33 | ### Upload the package to GitHub 34 | 35 | Set the environment variables to their appropriate values, as shown below: 36 | 37 | ```bash 38 | export CR_OWNER="dgraph-io" 39 | export CR_GIT_REPO="charts" 40 | export CR_PACKAGE_PATH="/path/to/.cr-release-packages" 41 | export CR_TOKEN="" 42 | ``` 43 | 44 | The `cr upload` command uploads the package as an asset to a new GitHub release. 45 | If you have above configurations are correct, and the owner account has access to create 46 | releases, the command below should exit without any error: 47 | 48 | ```bash 49 | cr upload 50 | ``` 51 | 52 | ### Configuration 53 | 54 | An optional `--config` can used instead of environment variables. 55 | 56 | ```yaml 57 | ## File: ~/.config/chart-releaser/config.yaml 58 | owner: dgraph-io 59 | git-repo: charts 60 | package-path: /path/to/.cr-release-packages 61 | token: 62 | ## index config specific 63 | index-path: index.yaml 64 | charts-repo: https://charts.dgraph.io/ 65 | ``` 66 | 67 | ### Create or Append the Helm chart repository index 68 | 69 | Before we create the index file, we will check out to the `gh-pages` branch and pull the latest 70 | changes from the remote GitHub repository to verify the creation of a new tag. 71 | 72 | ```bash 73 | git checkout gh-pages 74 | git pull 75 | ``` 76 | 77 | Generally, we would use the `helm repo index` command which reads the current directory and generates 78 | an index file based on the charts found and creates an `index.yaml` file for the chart repository. 79 | 80 | Here, we use `cr index` which would the equivalent task with Chart Releaser but would use the link 81 | of GitHub release asset instead of of the current directory. 82 | 83 | Before using `cr index`, we will need to set the environment variables to their appropriate values as shown below. This can be skipped if configuration with `--config` is used instead. 84 | 85 | ```bash 86 | export CR_OWNER="dgraph-io" 87 | export CR_GIT_REPO="charts" 88 | export CR_CHARTS_REPO="https://charts.dgraph.io/" 89 | export CR_INDEX_PATH="index.yaml" 90 | export CR_PACKAGE_PATH=".cr-release-packages" 91 | ``` 92 | 93 | ```bash 94 | cr index 95 | ``` 96 | 97 | Verify that `index.yaml` file is created: 98 | 99 | ```bash 100 | $ cat index.yaml 101 | ``` 102 | 103 | ### Publish the chart 104 | 105 | To publish the chart, commit and push the latest changes of index file to `gh-pages` branch. 106 | 107 | ```bash 108 | git add index.yaml 109 | ## cample commit strings: 110 | ## dgraph-lambda-0.0.1 index.yaml update 111 | ## dgraph-0.0.13 index.yaml update 112 | git commit -m "chart-version index.yaml update" 113 | git push origin gh-pages 114 | ``` 115 | 116 | ## Cleanup 117 | 118 | In the end, be sure to delete the `.cr-release-packages` folder. 119 | 120 | ```bash 121 | rm -rf .cr-release-packages 122 | ``` 123 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Dgraph Helm Chart 2 | 3 | Dgraph helm chart ready to be deployed on Kubernetes using [Kubernetes Helm](https://github.com/helm/helm). 4 | 5 | ## TL;DR 6 | 7 | ```bash 8 | $ helm repo add dgraph https://charts.dgraph.io 9 | $ helm install my-release dgraph/dgraph 10 | ``` 11 | 12 | ## Before you begin 13 | 14 | ### Setup a Kubernetes Cluster 15 | 16 | The quickest way to setup a Kubernetes cluster is with [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine/), 17 | [AWS Elastic Kubernetes Service](https://aws.amazon.com/eks/) or [Azure Kubernetes Service](https://azure.microsoft.com/en-us/services/kubernetes-service/) 18 | using their respective quick-start guides. For setting up Kubernetes on other cloud platforms or 19 | bare-metal servers refer to the Kubernetes [getting started guide](http://kubernetes.io/docs/getting-started-guides/). 20 | 21 | ### Install kubectl 22 | 23 | The [Kubernetes](https://kubernetes.io/) command-line tool, `kubectl`, allows you to 24 | run commands against Kubernetes clusters. You can use kubectl to deploy applications, 25 | inspect and manage cluster resources, and view logs. 26 | 27 | To install `kubectl` follow the instructions [here](https://kubernetes.io/docs/tasks/tools/install-kubectl/). 28 | 29 | ### Install Helm 30 | 31 | [Helm](https://helm.sh/) is a tool for managing Kubernetes charts. Charts are packages 32 | of pre-configured Kubernetes resources. 33 | 34 | To install Helm follow the instructions [here](https://helm.sh/docs/intro/install/). 35 | 36 | ### Add Repo 37 | 38 | To add the Dgraph helm repository: 39 | 40 | ```bash 41 | $ helm repo add dgraph https://charts.dgraph.io 42 | ``` 43 | 44 | ### Usage 45 | 46 | See the [README of Dgraph helm chart](./charts/dgraph/README.md). 47 | 48 | ### Publishing the Chart 49 | 50 | See the [instructions here to publish the chart](./PUBLISH.md). 51 | 52 | # License 53 | 54 | Copyright 2016-2020 Dgraph Labs, Inc. 55 | 56 | Source code in this repository is variously licensed under the Apache Public License 2.0 (APL) 57 | and the Dgraph Community License (DCL). A copy of each license can be found in the 58 | [licenses](https://github.com/dgraph-io/dgraph/tree/main/licenses) directory. 59 | 60 | Unless required by applicable law or agreed to in writing, software distributed 61 | under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 62 | CONDITIONS OF ANY KIND, either express or implied. See the License for the 63 | specific language governing permissions and limitations under the License. 64 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: dgraph-lambda 3 | description: Serverless platform for running JavaScript on Slash GraphQL (or Dgraph). 4 | keywords: 5 | - dgraph 6 | - database 7 | - Graph 8 | - GraphQL 9 | - nosql 10 | - serverless 11 | - lambda 12 | - JavaScript 13 | type: application 14 | version: 0.0.2 15 | appVersion: v1.2.4 16 | sources: 17 | - https://github.com/dgraph-io/dgraph-lambda 18 | maintainers: 19 | - name: dgraph 20 | email: contact@dgraph.io 21 | icon: https://dgraph.io/assets/images/logo.png 22 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/README.md: -------------------------------------------------------------------------------- 1 | # dgraph-lambda helm chart 2 | 3 | ## TL;DR 4 | 5 | ```bash 6 | helm repo add dgraph https://charts.dgraph.io 7 | helm install "my-lambda" dgraph/dgraph-lambda 8 | ``` 9 | 10 | ## Introduction 11 | 12 | ### Prerequisites 13 | 14 | - Kubernetes 1.16+ 15 | - Helm 3.0+ 16 | - Dgraph v20.11.0 or greater 17 | - configured with `graphql_lambda_url` 18 | 19 | ### Configuration 20 | 21 | In order to use `dgraph-lambda`, you must do the following: 22 | 23 | 1. deploy Dgraph Alpha configured to point to `dgraph-lambda` 24 | 2. configure lambda script helm override values for `dgraph-lambda` 25 | 3. deploy Dgraph Lambda service configured to point to Dgraph Alpha services 26 | 4. add GraphQL schema for the resolvers added by the lambda script 27 | 28 | #### Environment 29 | 30 | For these steps, set up the following environment variables: 31 | 32 | ```bash 33 | export NS=default 34 | export LAMBDA_REL=my-lambda 35 | export DGRAPH_REL=my-release 36 | ``` 37 | 38 | #### Deploy Dgraph Alpha 39 | 40 | Dgraph Alpha needs to be configured with the `--graphql lambda-url=` argument (see: [lambda server](https://dgraph.io/docs/graphql/lambda/server/)) to support `dgraph-lambda`. You can use environment variables to configure this: 41 | 42 | ```bash 43 | helm install $DGRAPH_REL dgraph/dgraph \ 44 | --namespace $NS \ 45 | --set alpha.extraEnvs[0].name=DGRAPH_ALPHA_GRAPHQL \ 46 | --set alpha.extraEnvs[0].value=lambda-url=http://$LAMBDA_REL-dgraph-lambda.$NS.svc:80/graphql-worker 47 | ``` 48 | 49 | The `DGRAPH_ALPHA_GRAPHQL_LAMBDA_URL` environment variable points to Dgraph Lambda service that will be deployed in the next step. The format Dgraph Lambda domain name is formatted as follows: 50 | 51 | ``` 52 | http://-dgraph-lambda..svc/graphql-worker 53 | ``` 54 | 55 | #### Configure Lambda script 56 | 57 | First we can create a Helm override values with the lambda script embedded into it like the example below: 58 | 59 | ```yaml 60 | # my-lambda.yaml 61 | script: 62 | enabled: true 63 | script: | 64 | async function authorsByName({args, dql}) { 65 | const results = await dql.query(`query queryAuthor($name: string) { 66 | queryAuthor(func: type(Author)) @filter(eq(Author.name, $name)) { 67 | name: Author.name 68 | dob: Author.dob 69 | reputation: Author.reputation 70 | } 71 | }`, {"$name": args.name}) 72 | return results.data.queryAuthor 73 | } 74 | 75 | async function newAuthor({args, graphql}) { 76 | // lets give every new author a reputation of 3 by default 77 | const results = await graphql(`mutation ($name: String!) { 78 | addAuthor(input: [{name: $name, reputation: 3.0 }]) { 79 | author { 80 | id 81 | reputation 82 | } 83 | } 84 | }`, {"name": args.name}) 85 | return results.data.addAuthor.author[0].id 86 | } 87 | 88 | self.addGraphQLResolvers({ 89 | "Query.authorsByName": authorsByName, 90 | "Mutation.newAuthor": newAuthor 91 | }) 92 | ``` 93 | 94 | #### Deploy Dgraph Lambda 95 | 96 | We can deploy the example above, named `my-lambda.yaml`, with the follwing: 97 | 98 | ```bash 99 | helm install $LAMBDA_REL dgraph/dgraph-lambda \ 100 | --namespace $NS \ 101 | --values my-lambda.yaml \ 102 | --set env[0].name=DGRAPH_URL \ 103 | --set env[0].value=http://$DGRAPH_REL-dgraph-alpha-headless.$NS.svc:8080 104 | ``` 105 | 106 | The `DGRAPH_URL` environment variable will point to Dgraph Alpha service deployed in the previous step. The format Dgraph Alpha domain name is formatted as the following: 107 | 108 | ``` 109 | http://-dgraph-alpha-headless..svc:8080 110 | ``` 111 | 112 | #### Add GraphQL schema 113 | 114 | After deploying both services with the lambda script, upload a schema: 115 | 116 | ```bash 117 | ## create schema file 118 | cat <<-EOF > my-schema.graphql 119 | type Author { 120 | id: ID! 121 | name: String! @search(by: [hash, trigram]) 122 | dob: DateTime 123 | reputation: Float 124 | } 125 | 126 | type Query { 127 | authorsByName(name: String!): [Author] @lambda 128 | } 129 | 130 | type Mutation { 131 | newAuthor(name: String!): ID! @lambda 132 | } 133 | EOF 134 | 135 | ## port-forward Dgraph Alpha 136 | kubectl port-forward --namespace $NS $DGRAPH_REL-dgraph-alpha-0 8080:8080 137 | 138 | ## upload schema file 139 | curl http://localhost:8080/admin/schema --upload-file my-schema.graphql 140 | ``` 141 | 142 | 143 | ## Configuration 144 | 145 | The following table lists the configurable parameters of the `dgraph` chart and their default values. 146 | 147 | | Parameter | Description | Default | 148 | | ---------------------------------------- | --------------------------------------------------------------------- | --------------------------------------------------- | 149 | | `replicaCount` | number of Kubernetes replicas | `1` | 150 | | `image.repository` | Container repository name | `dgraph/dgraph-lambda` | 151 | | `image.pullPolicy` | Container image pull policy | `IfNotPresent` | 152 | | `image.tag` | Container image tag | `v1.2.4` | 153 | | `imagePullSecrets` | Image pull secrets auth tokens used to access a private registry | `[]` | 154 | | `nameOverride` | Name override of the default chart name | `""` | 155 | | `fullnameOverride` | Full Name override of the release name + chart name | `""` | 156 | | `script.enabled` | Enable adding a lambda script | `false` | 157 | | `script.script` | Embedded lambda script stored in a config map | `""` | 158 | | `env` | Environment variables | see `values.yaml` | 159 | | `serviceAccount.create` | Specifies if service account should be created | `true` | 160 | | `serviceAccount.annotations` | Service Account annotations | `{}` | 161 | | `serviceAccount.name` | Service Account name | `""` | 162 | | `podAnnotations` | Additional pod annotations | `{}` | 163 | | `podSecurityContext` | Pod Security context to define privilege and access control | `{}` | 164 | | `securityContext` | Container Security context to define privilege and access control | `{} ` | 165 | | `service.type` | Service type (`ClusterIP`, `NodePort`, `LoadBalancer`) | `ClusterIP` | 166 | | `service.port` | Service inbound port | `80` | 167 | | `service.targetPort` | Service targetPort of dgraph-lambda service | `8686` | 168 | | `ingress.enabled` | Ingress enabled | `false` | 169 | | `ingress.annotations` | Ingress annotations | `{}` | 170 | | `ingress.hosts` | Ingress hosts list to configure virtual hosts + routes to the service | see `values.yaml` | 171 | | `ingress.tls` | Ingress tls configuration | `[]` | 172 | | `resources` | Resource limites and requests | `{}` | 173 | | `nodeSelector` | Node selection constraints | `{}` | 174 | | `tolerations` | Allow scheduling pods onto nodes matching specified taints | `[]` | 175 | | `affinity` | Affinity configuration to allow nodes to scheduled on desired nodes | `{}` | 176 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/examples/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | # ingress-nginx with certificate manager 2 | # * https://cert-manager.io/ 3 | # * https://kubernetes.github.io/ingress-nginx/ 4 | ingress: 5 | enabled: true 6 | annotations: 7 | kubernetes.io/ingress.class: nginx 8 | nginx.ingress.kubernetes.io/ssl-redirect: "true" 9 | cert-manager.io/cluster-issuer: letsencrypt-staging 10 | tls: 11 | - hosts: 12 | - lambda.example.com 13 | secretName: lambda-tls 14 | hosts: lambda.example.com 15 | paths: 16 | - / 17 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "dgraph-lambda.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "dgraph-lambda.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "dgraph-lambda.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "dgraph-lambda.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8080 to use your application" 21 | kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "dgraph-lambda.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "dgraph-lambda.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "dgraph-lambda.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "dgraph-lambda.labels" -}} 37 | helm.sh/chart: {{ include "dgraph-lambda.chart" . }} 38 | {{ include "dgraph-lambda.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "dgraph-lambda.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "dgraph-lambda.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "dgraph-lambda.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "dgraph-lambda.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/config.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.script.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ include "dgraph-lambda.fullname" . }}-config 6 | labels: 7 | {{- include "dgraph-lambda.labels" . | nindent 4 }} 8 | data: 9 | script.js: {{ .Values.script.script | quote }} 10 | {{- end -}} 11 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "dgraph-lambda.fullname" . }} 5 | labels: 6 | {{- include "dgraph-lambda.labels" . | nindent 4 }} 7 | spec: 8 | replicas: {{ .Values.replicaCount }} 9 | selector: 10 | matchLabels: 11 | {{- include "dgraph-lambda.selectorLabels" . | nindent 6 }} 12 | template: 13 | metadata: 14 | {{- with .Values.podAnnotations }} 15 | annotations: 16 | {{- toYaml . | nindent 8 }} 17 | {{- end }} 18 | labels: 19 | {{- include "dgraph-lambda.selectorLabels" . | nindent 8 }} 20 | spec: 21 | {{- with .Values.imagePullSecrets }} 22 | imagePullSecrets: 23 | {{- toYaml . | nindent 8 }} 24 | {{- end }} 25 | serviceAccountName: {{ include "dgraph-lambda.serviceAccountName" . }} 26 | securityContext: 27 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 28 | containers: 29 | - name: {{ .Chart.Name }} 30 | securityContext: 31 | {{- toYaml .Values.securityContext | nindent 12 }} 32 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 33 | imagePullPolicy: {{ .Values.image.pullPolicy }} 34 | env: 35 | - name: PORT 36 | value: "{{ .Values.service.targetPort | default 8686 }}" 37 | {{- if .Values.script.enabled }} 38 | - name: SCRIPT_PATH 39 | value: /script/script.js 40 | {{- end }} 41 | {{- with .Values.env }} 42 | {{- toYaml . | nindent 12 }} 43 | {{- end }} 44 | ports: 45 | - name: http-lambda 46 | containerPort: {{ .Values.service.targetPort | default 8686 }} 47 | protocol: TCP 48 | {{- if .Values.script.enabled }} 49 | volumeMounts: 50 | - name: script 51 | mountPath: /script 52 | {{- end }} 53 | resources: 54 | {{- toYaml .Values.resources | nindent 12 }} 55 | {{- if .Values.script.enabled }} 56 | volumes: 57 | - name: script 58 | configMap: 59 | name: {{ include "dgraph-lambda.fullname" . }}-config 60 | {{- end }} 61 | {{- with .Values.nodeSelector }} 62 | nodeSelector: 63 | {{- toYaml . | nindent 8 }} 64 | {{- end }} 65 | {{- with .Values.affinity }} 66 | affinity: 67 | {{- toYaml . | nindent 8 }} 68 | {{- end }} 69 | {{- with .Values.tolerations }} 70 | tolerations: 71 | {{- toYaml . | nindent 8 }} 72 | {{- end }} 73 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "dgraph-lambda.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 5 | apiVersion: networking.k8s.io/v1beta1 6 | {{- else -}} 7 | apiVersion: extensions/v1beta1 8 | {{- end }} 9 | kind: Ingress 10 | metadata: 11 | name: {{ $fullName }} 12 | labels: 13 | {{- include "dgraph-lambda.labels" . | nindent 4 }} 14 | {{- with .Values.ingress.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | spec: 19 | {{- if .Values.ingress.tls }} 20 | tls: 21 | {{- range .Values.ingress.tls }} 22 | - hosts: 23 | {{- range .hosts }} 24 | - {{ . | quote }} 25 | {{- end }} 26 | secretName: {{ .secretName }} 27 | {{- end }} 28 | {{- end }} 29 | rules: 30 | {{- range .Values.ingress.hosts }} 31 | - host: {{ .host | quote }} 32 | http: 33 | paths: 34 | {{- range .paths }} 35 | - path: {{ .path }} 36 | backend: 37 | serviceName: {{ $fullName }} 38 | servicePort: {{ $svcPort }} 39 | {{- end }} 40 | {{- end }} 41 | {{- end }} 42 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "dgraph-lambda.fullname" . }} 5 | labels: 6 | {{- include "dgraph-lambda.labels" . | nindent 4 }} 7 | spec: 8 | type: {{ .Values.service.type }} 9 | ports: 10 | - port: {{ .Values.service.port }} 11 | targetPort: {{ .Values.service.targetPort | default 8686 }} 12 | protocol: TCP 13 | name: http 14 | selector: 15 | {{- include "dgraph-lambda.selectorLabels" . | nindent 4 }} 16 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "dgraph-lambda.serviceAccountName" . }} 6 | labels: 7 | {{- include "dgraph-lambda.labels" . | nindent 4 }} 8 | {{- with .Values.serviceAccount.annotations }} 9 | annotations: 10 | {{- toYaml . | nindent 4 }} 11 | {{- end }} 12 | {{- end }} 13 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "dgraph-lambda.fullname" . }}-test-connection" 5 | labels: 6 | {{- include "dgraph-lambda.labels" . | nindent 4 }} 7 | annotations: 8 | "helm.sh/hook": test 9 | spec: 10 | containers: 11 | - name: wget 12 | image: busybox 13 | command: ['wget'] 14 | args: ['{{ include "dgraph-lambda.fullname" . }}:{{ .Values.service.port }}'] 15 | restartPolicy: Never 16 | -------------------------------------------------------------------------------- /charts/dgraph-lambda/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for dgraph-lambda. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: dgraph/dgraph-lambda 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: v1.2.4 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | script: 18 | enabled: false 19 | script: "" 20 | 21 | env: 22 | ## DGRAPH_URL is the URL used to reach Dgraph Alpha 23 | ## This is dependent on how dgraph was deployed with a format like: 24 | ## - http://$RELEASE-dgraph-alpha-headless.$NAMESPACE.svc:8080 25 | ## For example: 26 | ## Chart Release = my-release 27 | ## NameSpace = default 28 | ## URL = http://my-release-dgraph-alpha-headless.default.svc:8080 29 | ## 30 | - name: DGRAPH_URL 31 | value: "" 32 | ## DGRAPH_TOKEN is set for X-Auth-Token 33 | ## See: https://dgraph.io/docs/slash-graphql/admin/authentication/ 34 | # - name: DGRAPH_TOKEN 35 | # value: "" 36 | # - name: NODE_ENV 37 | # value: development 38 | # - name: INTEGRATION_TEST 39 | # value: "false" 40 | 41 | 42 | serviceAccount: 43 | # Specifies whether a service account should be created 44 | create: true 45 | # Annotations to add to the service account 46 | annotations: {} 47 | # The name of the service account to use. 48 | # If not set and create is true, a name is generated using the fullname template 49 | name: "" 50 | 51 | podAnnotations: {} 52 | 53 | ## Ref. https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 54 | podSecurityContext: {} 55 | # fsGroup: 2000 56 | 57 | ## Ref. https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ 58 | securityContext: {} 59 | # capabilities: 60 | # drop: 61 | # - ALL 62 | # readOnlyRootFilesystem: true 63 | # runAsNonRoot: true 64 | # runAsUser: 1000 65 | 66 | service: 67 | type: ClusterIP 68 | port: 80 69 | targetPort: 8686 70 | 71 | ingress: 72 | enabled: false 73 | annotations: {} 74 | # kubernetes.io/ingress.class: nginx 75 | # kubernetes.io/tls-acme: "true" 76 | hosts: 77 | - host: chart-example.local 78 | paths: [] 79 | tls: [] 80 | # - secretName: chart-example-tls 81 | # hosts: 82 | # - chart-example.local 83 | 84 | resources: {} 85 | # We usually recommend not to specify default resources and to leave this as a conscious 86 | # choice for the user. This also increases chances charts run on environments with little 87 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 88 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 89 | # limits: 90 | # cpu: 100m 91 | # memory: 128Mi 92 | # requests: 93 | # cpu: 100m 94 | # memory: 128Mi 95 | 96 | nodeSelector: {} 97 | 98 | tolerations: [] 99 | 100 | affinity: {} 101 | -------------------------------------------------------------------------------- /charts/dgraph/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | name: dgraph 3 | version: 24.1.1 4 | appVersion: v24.1.1 5 | description: Dgraph is a horizontally scalable and distributed graph database, providing ACID transactions, consistent replication and linearizable reads. 6 | keywords: 7 | - dgraph 8 | - database 9 | - Graph 10 | - GraphQL 11 | - nosql 12 | home: https://dgraph.io/ 13 | sources: 14 | - https://github.com/dgraph-io/charts/ 15 | - https://github.com/dgraph-io/dgraph 16 | maintainers: 17 | - name: dgraph 18 | email: contact@dgraph.io 19 | icon: https://dgraph.io/assets/images/logo.png 20 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/alpha-acl-config.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-acl-config.yaml 2 | ## Specify Access Control Lists configuration options for `dgraph alpha` 3 | ## * https://dgraph.io/docs/enterprise-features/access-control-lists/ 4 | alpha: 5 | acl: 6 | enabled: true 7 | configFile: 8 | config.yaml: | 9 | acl: 10 | secret_file: /dgraph/acl/hmac_secret_file 11 | security: 12 | whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 13 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/alpha-acl-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-acl-secret.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/access-control-lists/ 3 | alpha: 4 | acl: 5 | file: 6 | ## Demonstration Purposes Only: 12345678901234567890123456789012 7 | ## Note that Kubernetes secrets must be base64-encoded 8 | ## Example: 9 | ## printf '12345678901234567890123456789012' | base64 10 | hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= 11 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/alpha-enc-config.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-enc-config.yaml 2 | ## Specify Encryption at Rest configuration options for `dgraph alpha` 3 | ## * https://dgraph.io/docs/enterprise-features/encryption-at-rest/ 4 | alpha: 5 | encryption: 6 | enabled: true 7 | configFile: 8 | config.yaml: | 9 | encryption: 10 | key_file: /dgraph/enc/enc_key_file 11 | security: 12 | whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 13 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/alpha-enc-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-enc-secret.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/encryption-at-rest/ 3 | alpha: 4 | encryption: 5 | file: 6 | ## Demonstration Purposes Only: 12345678901234567890123456789012 7 | ## Note that Kubernetes secrets must be base64-encoded 8 | ## Example: 9 | ## printf '12345678901234567890123456789012' | base64 10 | enc_key_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= 11 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/alpha-tls-config.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-tls-config.yaml 2 | ## Specify TLS configuration options for `dgraph alpha` 3 | ## * https://dgraph.io/docs/deploy/security/tls-configuration/#tls-options 4 | ## 5 | ## NOTE: Client Certificates used for Mutual TLS with Dgraph Alpha do not need to 6 | ## be configured in this file. These client certificates are needed by clients to 7 | ## access Dgraph Alpha when client_auth_type is set to REQUIREANDVERIFY 8 | alpha: 9 | tls: 10 | enabled: true 11 | configFile: 12 | config.yaml: | 13 | tls: 14 | client_auth_type: VERIFYIFGIVEN 15 | use_system_ca: true 16 | ca_cert: /dgraph/tls/ca.crt 17 | server_cert: /dgraph/tls/node.crt 18 | server_key: /dgraph/tls/node.key 19 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/alpha-tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-tls-secrets.yaml 2 | ## Generate keys/certs with `dgraph cert` 3 | ## * https://dgraph.io/docs/deploy/security/tls-configuration/#tls-options 4 | ## 5 | ## Create Dgraph certs/keys for Kubernetes with: 6 | ## MYLIST=$(REPLICAS=3 RELEASE=my-release NAMESPACE=default ../scripts/get_alpha_list.sh) 7 | ## dgraph cert --nodes localhost,$MYLIST --client backupuser 8 | ## 9 | ## Convert secrets /tls directory to secrets .yaml with 10 | ## ../scripts/make_tls_secrets.sh 11 | ## 12 | ## NOTE: Client Certificates used for Mutual TLS with Dgraph Alpha do not need to 13 | ## be included in this file. These client certificates are needed by clients to 14 | ## access Dgraph Alpha when client_auth_type is set to REQUIREANDVERIFY 15 | alpha: 16 | tls: 17 | files: 18 | ## Note that Kubernetes secrets must be base64-encoded 19 | ca.crt: REDACTED 20 | ca.key: REDACTED 21 | node.crt: REDACTED 22 | node.key: REDACTED 23 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/backup-minio-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-minio-config.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates 5 | ## * Binary Backups to Minio 6 | ## * ACL feature with Alice user (see https://dgraph.io/docs/enterprise-features/access-control-lists/) 7 | backups: 8 | full: 9 | enabled: true 10 | schedule: "0 * * * *" 11 | incremental: 12 | enabled: true 13 | schedule: "0 1-23 * * *" 14 | admin: 15 | user: alice 16 | ## Requires Installation of Minio 17 | ## MinIO Helm Chart (https://helm.min.io/) that can be useful for this process. 18 | ## Internal Kubernetes DNS scheme is -minio..svc 19 | destination: minio://my-release-minio.default.svc:9000/ 20 | alpha: 21 | acl: 22 | enabled: true 23 | configFile: 24 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 25 | config.yaml: | 26 | acl: 27 | secret_file: /dgraph/acl/hmac_secret_file 28 | security: 29 | whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 30 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/backup-minio-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## backup-minio-config.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/binary-backups/ 3 | backups: 4 | admin: 5 | password: whiterabbit 6 | ## Minio Access/Secret Keys fictitious and for demonstration purposes only. 7 | keys: 8 | minio: 9 | access: mycompanydgraphbackups 10 | sedret: aBcDeFgHiJkLmNoPqRsTuVwXyZ/+0124567890AbCdEfGhIjKlMnOpQrStUvWxYz+/01234567890aBcDeFgHi== 11 | alpha: 12 | acl: 13 | file: 14 | ## Demonstration Purposes Only: 1234567890123456789012345678901 15 | ## Note that Kubernetes secrets must be base64-encoded 16 | hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMQo= 17 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/backup-nfs-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-nfs-config.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates binary backups to NFS Server 5 | ## Note that NFS server must be configured previously and firewall rules to allow 6 | # access from Kubenetes worker nodes. 7 | backups: 8 | nfs: 9 | enabled: true 10 | server: fs-01234567.efs.us-east-2.amazonaws.com 11 | path: / 12 | storage: 32Gi 13 | mountPath: &path /dgraph/backups 14 | full: 15 | enabled: true 16 | debug: true 17 | incremental: 18 | enabled: true 19 | debug: true 20 | destination: *path 21 | alpha: 22 | configFile: 23 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 24 | config.yaml: | 25 | security: 26 | whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 27 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/backup-s3-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-s3-config.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates 5 | ## * Binary Backups to S3 6 | ## * Mutual TLS (see https://dgraph.io/docs/deploy/security/tls-configuration/#tls-options) 7 | ## * Auth Token (see https://dgraph.io/docs/deploy/admin/dgraph-administration/#secure-alter-operations) 8 | backups: 9 | full: 10 | enabled: true 11 | schedule: "0 * * * *" 12 | incremental: 13 | enabled: true 14 | schedule: "0 1-23 * * *" 15 | admin: 16 | tls_client: backupuser 17 | ## Requires AWS S3 Bucket to be provisioned 18 | destination: s3://s3..amazonaws.com/ 19 | alpha: 20 | acl: 21 | enabled: true 22 | tls: 23 | enabled: true 24 | configFile: 25 | config.yaml: | 26 | acl: 27 | secret_file: /dgraph/acl/hmac_secret_file 28 | security: 29 | whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 30 | token: 1234567890AbCdE 31 | tls: 32 | client_auth_type: REQUIREANDVERIFY 33 | use_system_ca: true 34 | ca_cert: /dgraph/tls/ca.crt 35 | server_cert: /dgraph/tls/node.crt 36 | server_key: /dgraph/tls/node.key 37 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/backup-s3-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## backup-minio-config.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/binary-backups/ 3 | alpha: 4 | tls: 5 | files: 6 | ca.crt: REDACTED 7 | ca.key: REDACTED 8 | node.crt: REDACTED 9 | node.key: REDACTED 10 | acl: 11 | file: 12 | hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= 13 | backups: 14 | admin: 15 | auth_token: 1234567890AbCdE 16 | ## AWS Profile for IAM User with attached policy that grants access to 17 | ## S3 Bucket (demo key/secret below) 18 | keys: 19 | s3: 20 | access: AKIAABCD3FGH1JKLMN0P 21 | secret: aBcDeFgHiJkLmNoPqRsTuVwXyZ/+0124567890Ab 22 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/backup-volume-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-volume-config.yaml 2 | ## * https://dgraph.io/docs/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates binary backups with custom PVC + PV 5 | ## Note that the PV and PVC must have been previously created before installing 6 | ## this chart. The PVC must set ReadWriteMany access mode. 7 | backups: 8 | volume: 9 | enabled: true 10 | claim: rook-cephfs-claim 11 | mountPath: &path /dgraph/backups 12 | full: 13 | enabled: true 14 | debug: true 15 | incremental: 16 | enabled: true 17 | debug: true 18 | destination: *path 19 | alpha: 20 | configFile: 21 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 22 | config.yaml: | 23 | security: 24 | whitelist: 10.0.0.0/8,172.0.0.0/8,192.168.0.0/16 25 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/default-json-config.yaml: -------------------------------------------------------------------------------- 1 | ## some default configurations consistent with dgraph v20.11.x 2 | alpha: 3 | configFile: 4 | ## NOTE: large numbers are quoted, e.g. `1000000`, otherwise it gets converted, e.g. 1000000 becomes 1e+06. 5 | ## ref. https://discuss.dgraph.io/t/dgraph-v21-03-superflag-json-config-crashes-alpha/13605 6 | config.json: | 7 | { 8 | "limit": { 9 | "query_timeout": "5m", 10 | "max_retries": -1, 11 | "mutations": "allow", 12 | "normalize_node": 10000, 13 | "query_edge": "1000000" 14 | }, 15 | "alsologtostderr": true, 16 | "badger": { 17 | "compression": "snappy" 18 | }, 19 | "bindall": true, 20 | "telemetry": { 21 | "sentry": true, 22 | "reports": true 23 | }, 24 | "export": "export", 25 | "graphql": { 26 | "introspection": true 27 | }, 28 | "log_backtrace_at": ":0", 29 | "logtostderr": true, 30 | "ludicrous": { 31 | "enabled": false 32 | }, 33 | "raft": { 34 | "pending_proposals": 256, 35 | "snapshot_after_entries": 10000 36 | }, 37 | "port_offset": 0, 38 | "postings": "/dgraph/p", 39 | "trace": { 40 | "ratio": 0.01 41 | }, 42 | "wal": "/dgraph/w" 43 | } 44 | zero: 45 | configFile: 46 | config.json: | 47 | { 48 | "alsologtostderr": true, 49 | "bindall": true, 50 | "telemetry": { 51 | "sentry": true, 52 | "reports": true 53 | }, 54 | "log_backtrace_at": ":0", 55 | "logtostderr": true, 56 | "rebalance_interval": "8m0s", 57 | "trace": { 58 | "ratio": 0.01 59 | }, 60 | "wal": "/dgraph/zw" 61 | } 62 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/default-yaml-config.yaml: -------------------------------------------------------------------------------- 1 | alpha: 2 | configFile: 3 | config.yaml: | 4 | limit: 5 | query_timeout: 5m 6 | max_retries: -1 7 | mutations: allow 8 | normalize_node: 10000 9 | query_edge: 1000000 10 | alsologtostderr: true 11 | badger: 12 | compression: snappy 13 | bindall: true 14 | telemetry: 15 | sentry: true 16 | reports: true 17 | export: export 18 | graphql: 19 | introspection: true 20 | log_backtrace_at: ":0" 21 | logtostderr: true 22 | ludicrous: 23 | enabled: false 24 | raft: 25 | pending_proposals: 256 26 | snapshot_after_entries: 10000 27 | port_offset: 0 28 | postings: "/dgraph/p" 29 | trace: 30 | ratio: 0.01 31 | wal: "/dgraph/w" 32 | zero: 33 | configFile: 34 | config.yaml: | 35 | alsologtostderr: true 36 | bindall: true 37 | telemetry: 38 | sentry: true 39 | reports: true 40 | log_backtrace_at: ":0" 41 | logtostderr: true 42 | rebalance_interval: 8m0s 43 | trace: 44 | ratio: 0.01 45 | wal: "/dgraph/zw" 46 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/ingress/ingress-alb.yaml: -------------------------------------------------------------------------------- 1 | # aws-load-balancer-controller 2 | # * https://github.com/kubernetes-sigs/aws-load-balancer-controller 3 | global: 4 | ingress: 5 | enabled: true 6 | alpha_hostname: alpha.example.com 7 | ingressClassName: alb 8 | annotations: 9 | # internet-facing or internal 10 | alb.ingress.kubernetes.io/scheme: internet-facing 11 | # ip for ClusterIP, instance for NodePort 12 | alb.ingress.kubernetes.io/target-type: ip 13 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/ingress/ingress-gce.yaml: -------------------------------------------------------------------------------- 1 | # GKE Default Ingress (external L7 load balancer) 2 | # * https://cloud.google.com/kubernetes-engine/docs/concepts/ingress 3 | # * https://github.com/kubernetes/ingress-gce 4 | alpha: 5 | ingress: 6 | enabled: true 7 | hostname: alpha.example.com 8 | annotations: 9 | kubernetes.io/ingress.class: gce 10 | # NodePort or LoadBalancer required for GCE ingress 11 | service: 12 | type: NodePort 13 | 14 | ratel: 15 | ingress: 16 | enabled: true 17 | hostname: ratel.example.com 18 | annotations: 19 | kubernetes.io/ingress.class: gce 20 | # NodePort or LoadBalancer required for GCE ingress 21 | service: 22 | type: NodePort 23 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/ingress/ingress-grpc-alb.yaml: -------------------------------------------------------------------------------- 1 | # aws-load-balancer-controller 2 | # * https://github.com/kubernetes-sigs/aws-load-balancer-controller 3 | global: 4 | ingress: 5 | enabled: true 6 | alpha_hostname: alpha.example.com 7 | ingressClassName: alb 8 | annotations: 9 | alb.ingress.kubernetes.io/scheme: internet-facing 10 | alb.ingress.kubernetes.io/target-type: ip 11 | alb.ingress.kubernetes.io/group: dgraph 12 | ingress_grpc: 13 | enabled: true 14 | alpha_grpc_hostname: alpha-grpc.example.com 15 | ingressClassName: alb 16 | annotations: 17 | alb.ingress.kubernetes.io/scheme: internet-facing 18 | alb.ingress.kubernetes.io/target-type: ip 19 | alb.ingress.kubernetes.io/group: dgraph 20 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/ingress/ingress-nginx-grpc.yaml: -------------------------------------------------------------------------------- 1 | # ingress-nginx with GRPC support 2 | # -------------------------------------- 3 | # Two ingress resources will configured for mixed GPRC and HTTP support. 4 | # 5 | # TLS will be terminated by the ingress controller. The ingress controller 6 | # should be configured as a Layer 4 external load balancer. 7 | # 8 | # References: 9 | # * https://github.com/kubernetes-sigs/external-dns/ 10 | # * https://cert-manager.io/ 11 | # * https://kubernetes.github.io/ingress-nginx/ 12 | # * https://kubernetes.github.io/ingress-nginx/examples/grpc/ 13 | # * https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/grpc 14 | global: 15 | ingress: 16 | enabled: true 17 | ingressClassName: nginx 18 | annotations: 19 | nginx.ingress.kubernetes.io/ssl-redirect: "true" 20 | nginx.ingress.kubernetes.io/backend-protocol: HTTP 21 | cert-manager.io/cluster-issuer: letsencrypt-prod 22 | tls: 23 | - hosts: 24 | - ratel.example.com 25 | - alpha.example.com 26 | secretName: http-example-tls 27 | ratel_hostname: ratel.example.com 28 | alpha_hostname: alpha.example.com 29 | ingress_grpc: 30 | enabled: true 31 | ingressClassName: nginx 32 | annotations: 33 | nginx.ingress.kubernetes.io/ssl-redirect: "true" 34 | nginx.ingress.kubernetes.io/backend-protocol: GRPC 35 | cert-manager.io/cluster-issuer: letsencrypt-prod 36 | tls: 37 | - hosts: 38 | - grpc.example.com 39 | secretName: grpc-example-tls 40 | alpha_grpc_hostname: grpc.example.com 41 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/ingress/ingress-nginx.yaml: -------------------------------------------------------------------------------- 1 | # ingress-nginx with certificate manager 2 | # -------------------------------------- 3 | # TLS will be terminated by the ingress controller. The ingress controller 4 | # should be configured as a Layer 4 external load balancer. 5 | # References: 6 | # * https://github.com/kubernetes-sigs/external-dns/ 7 | # * https://cert-manager.io/ 8 | # * https://kubernetes.github.io/ingress-nginx/ 9 | global: 10 | ingress: 11 | enabled: true 12 | ingressClassName: nginx 13 | annotations: 14 | nginx.ingress.kubernetes.io/ssl-redirect: "true" 15 | cert-manager.io/cluster-issuer: letsencrypt-staging 16 | tls: 17 | - hosts: 18 | - ratel.example.com 19 | - alpha.example.com 20 | secretName: example-tls 21 | ratel_hostname: ratel.example.com 22 | alpha_hostname: alpha.example.com 23 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/ingress/kubernetes-ingress.yaml: -------------------------------------------------------------------------------- 1 | # kubernetes-ingress (NGINX ingress) with GRPC support 2 | # -------------------------------------- 3 | # Two ingress resources will configured for mixed GPRC and HTTP support. 4 | # 5 | # TLS will be terminated by the ingress controller. The ingress controller 6 | # should be configured as a Layer 4 external load balancer. 7 | # 8 | # References: 9 | # * https://github.com/nginxinc/kubernetes-ingress 10 | # * https://docs.nginx.com/nginx-ingress-controller/configuration/global-configuration/configmap-resource/#listeners 11 | # * https://github.com/nginxinc/kubernetes-ingress/tree/v2.3.0/examples/grpc-services 12 | # * https://cert-manager.io/ 13 | 14 | global: 15 | ingress: 16 | enabled: true 17 | ingressClassName: nginx 18 | annotations: 19 | cert-manager.io/cluster-issuer: letsencrypt-prod 20 | tls: 21 | - hosts: 22 | - ratel.example.com 23 | - alpha.example.com 24 | secretName: http-example-tls 25 | ratel_hostname: ratel.example.com 26 | alpha_hostname: alpha.example.com 27 | ingress_grpc: 28 | enabled: true 29 | ingressClassName: nginx 30 | annotations: 31 | # NOTE: http2 must be configured in configmap for NGINX ingress controller. 32 | # IMPORTANT: Change to release name used at install, e.g. my-release 33 | nginx.org/grpc-services: "-dgraph-alpha" 34 | cert-manager.io/cluster-issuer: letsencrypt-prod 35 | tls: 36 | - hosts: 37 | - grpc.example.com 38 | secretName: grpc-example-tls 39 | alpha_grpc_hostname: grpc.example.com 40 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/linkerd.yaml: -------------------------------------------------------------------------------- 1 | alpha: 2 | extraAnnotations: 3 | config.linkerd.io/skip-inbound-ports: 7080 4 | config.linkerd.io/skip-outbound-ports: 7080 5 | linkerd.io/inject: enabled 6 | zero: 7 | extraAnnotations: 8 | config.linkerd.io/skip-inbound-ports: 5080 9 | config.linkerd.io/skip-outbound-ports: 5080 10 | linkerd.io/inject: enabled 11 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/service_account.yaml: -------------------------------------------------------------------------------- 1 | ## serviceaccount 2 | ## Specify that only Alpha pods automatically mount a ServiceAccount API credentials 3 | ## * https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#opt-out-of-api-credential-automounting 4 | serviceAccount: 5 | automountServiceAccountToken: false 6 | zero: 7 | automountServiceAccountToken: false 8 | alpha: 9 | automountServiceAccountToken: true 10 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/alpha-acl-config.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-acl-config.yaml 2 | ## Specify Access Control Lists configuration options for `dgraph alpha` 3 | ## * https://dgraph.io/docs/v20.11/enterprise-features/access-control-lists/ 4 | alpha: 5 | acl: 6 | enabled: true 7 | configFile: 8 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 9 | config.toml: | 10 | acl_secret_file = '/dgraph/acl/hmac_secret_file' 11 | whitelist = '10.0.0.0/8,172.0.0.0/8,192.168.0.0/16' 12 | lru_mb = 2048 13 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/alpha-acl-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-acl-secret.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/access-control-lists/ 3 | alpha: 4 | acl: 5 | file: 6 | ## Demonstration Purposes Only: 12345678901234567890123456789012 7 | ## Note that Kubernetes secrets must be base64-encoded 8 | ## Example: 9 | ## printf '12345678901234567890123456789012' | base64 10 | hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= 11 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/alpha-enc-config.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-enc-config.yaml 2 | ## Specify Encryption at Rest configuration options for `dgraph alpha` 3 | ## * https://dgraph.io/docs/v20.11/enterprise-features/encryption-at-rest/ 4 | alpha: 5 | encryption: 6 | enabled: true 7 | configFile: 8 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 9 | config.toml: | 10 | encryption_key_file = '/dgraph/enc/enc_key_file' 11 | whitelist = '10.0.0.0/8,172.0.0.0/8,192.168.0.0/16' 12 | lru_mb = 2048 13 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/alpha-enc-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-enc-secret.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/encryption-at-rest/ 3 | alpha: 4 | encryption: 5 | file: 6 | ## Demonstration Purposes Only: 12345678901234567890123456789012 7 | ## Note that Kubernetes secrets must be base64-encoded 8 | ## Example: 9 | ## printf '12345678901234567890123456789012' | base64 10 | enc_key_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= 11 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/alpha-tls-config.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-tls-config.yaml 2 | ## Specify TLS configuration options for `dgraph alpha` 3 | ## * https://dgraph.io/docs/v20.11/deploy/tls-configuration/#tls-options 4 | ## 5 | ## NOTE: Client Certificates used for Mutual TLS with Dgraph Alpha do not need to 6 | ## be configured in this file. These client certificates are needed by clients to 7 | ## access Dgraph Alpha when tls_client_auth is set to REQUIREANDVERIFY 8 | alpha: 9 | tls: 10 | enabled: true 11 | configFile: 12 | config.yaml: | 13 | tls_client_auth: VERIFYIFGIVEN 14 | tls_use_system_ca: true 15 | 16 | ## TLS configuration (before v20.11.0) 17 | tls_dir: /dgraph/tls 18 | 19 | ## TLS configuration (after v20.11.0) 20 | tls_cacert: /dgraph/tls/ca.crt 21 | tls_node_cert: /dgraph/tls/node.crt 22 | tls_node_key: /dgraph/tls/node.key 23 | 24 | ## lru_mb deprecated after v20.11.0 and is no longer needed 25 | lru_mb: 2048 26 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/alpha-tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## alpha-tls-secrets.yaml 2 | ## Generate keys/certs with `dgraph cert` 3 | ## * https://dgraph.io/docs/v20.11/deploy/tls-configuration/#tls-options 4 | ## 5 | ## Create Dgraph certs/keys for Kubernetes with: 6 | ## MYLIST=$(REPLICAS=3 RELEASE=my-release NAMESPACE=default ../scripts/get_alpha_list.sh) 7 | ## dgraph cert --nodes localhost,$MYLIST --client backupuser 8 | ## 9 | ## Convert secrets /tls directory to secrets .yaml with 10 | ## ../scripts/make_tls_secrets.sh 11 | ## 12 | ## NOTE: Client Certificates used for Mutual TLS with Dgraph Alpha do not need to 13 | ## be included in this file. These client certificates are needed by clients to 14 | ## access Dgraph Alpha when tls_client_auth is set to REQUIREANDVERIFY 15 | alpha: 16 | tls: 17 | files: 18 | ## Note that Kubernetes secrets must be base64-encoded 19 | ca.crt: REDACTED 20 | ca.key: REDACTED 21 | node.crt: REDACTED 22 | node.key: REDACTED 23 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/backup-minio-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-minio-config.yaml 2 | ## * https://dgraph.io/docs/master/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates 5 | ## * Binary Backups to Minio 6 | ## * ACL feature with Alice user (see https://dgraph.io/docs/enterprise-features/access-control-lists/) 7 | backups: 8 | full: 9 | enabled: true 10 | schedule: "0 * * * *" 11 | incremental: 12 | enabled: true 13 | schedule: "0 1-23 * * *" 14 | admin: 15 | user: alice 16 | ## Requires Installation of Minio 17 | ## MinIO Helm Chart (https://helm.min.io/) that can be useful for this process. 18 | ## Internal Kubernetes DNS scheme is -minio..svc 19 | destination: minio://my-release-minio.default.svc:9000/ 20 | alpha: 21 | acl: 22 | enabled: true 23 | configFile: 24 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 25 | config.hcl: | 26 | acl_secret_file = "/dgraph/acl/hmac_secret_file" 27 | whitelist = "10.0.0.0/8,172.0.0.0/8,192.168.0.0/16" 28 | lru_mb = 2048 29 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/backup-minio-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## backup-minio-config.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/binary-backups/ 3 | backups: 4 | admin: 5 | password: whiterabbit 6 | ## Minio Access/Secret Keys fictitious and for demonstration purposes only. 7 | keys: 8 | minio: 9 | access: mycompanydgraphbackups 10 | sedret: aBcDeFgHiJkLmNoPqRsTuVwXyZ/+0124567890AbCdEfGhIjKlMnOpQrStUvWxYz+/01234567890aBcDeFgHi== 11 | alpha: 12 | acl: 13 | file: 14 | ## Demonstration Purposes Only: 1234567890123456789012345678901 15 | ## Note that Kubernetes secrets must be base64-encoded 16 | hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMQo= 17 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/backup-nfs-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-nfs-config.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates binary backups to NFS Server 5 | ## Note that NFS server must be configured previously and firewall rules to allow 6 | # access from Kubenetes worker nodes. 7 | backups: 8 | nfs: 9 | enabled: true 10 | server: fs-01234567.efs.us-east-2.amazonaws.com 11 | path: / 12 | storage: 32Gi 13 | mountPath: &path /dgraph/backups 14 | full: 15 | enabled: true 16 | debug: true 17 | incremental: 18 | enabled: true 19 | debug: true 20 | destination: *path 21 | alpha: 22 | configFile: 23 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 24 | config.hcl: | 25 | whitelist = "10.0.0.0/8,172.0.0.0/8,192.168.0.0/16" 26 | lru_mb = 2048 27 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/backup-s3-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-s3-config.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates 5 | ## * Binary Backups to S3 6 | ## * Mutual TLS (see https://dgraph.io/docs/v20.11/deploy/tls-configuration/) 7 | ## * Auth Token (see https://dgraph.io/docs/v20.11/deploy/dgraph-administration/#securing-alter-operations) 8 | backups: 9 | full: 10 | enabled: true 11 | schedule: "0 * * * *" 12 | incremental: 13 | enabled: true 14 | schedule: "0 1-23 * * *" 15 | admin: 16 | tls_client: backupuser 17 | ## Requires AWS S3 Bucket to be provisioned 18 | destination: s3://s3..amazonaws.com/ 19 | alpha: 20 | acl: 21 | enabled: true 22 | tls: 23 | enabled: true 24 | configFile: 25 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 26 | config.hcl: | 27 | acl_secret_file = '/dgraph/acl/hmac_secret_file' 28 | whitelist = "10.0.0.0/8,172.0.0.0/8,192.168.0.0/16" 29 | auth_token = "1234567890AbCdE" 30 | tls_client_auth = "REQUIREANDVERIFY" 31 | tls_use_system_ca" = true 32 | 33 | ## TLS configuration (before v20.11.0) 34 | tls_dir = "/dgraph/tls" 35 | 36 | ## TLS configuration (after v20.11.0) 37 | tls_cacert = "/dgraph/tls/ca.crt" 38 | tls_node_cert = "/dgraph/tls/node.crt" 39 | tls_node_key = "/dgraph/tls/node.key" 40 | 41 | ## lru_mb deprecated after v20.11.0 and is no longer needed 42 | lru_mb = 2048 43 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/backup-s3-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## backup-minio-config.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/binary-backups/ 3 | alpha: 4 | tls: 5 | files: 6 | ca.crt: REDACTED 7 | ca.key: REDACTED 8 | node.crt: REDACTED 9 | node.key: REDACTED 10 | acl: 11 | file: 12 | hmac_secret_file: MTIzNDU2Nzg5MDEyMzQ1Njc4OTAxMjM0NTY3ODkwMTI= 13 | backups: 14 | admin: 15 | auth_token: 1234567890AbCdE 16 | ## AWS Profile for IAM User with attached policy that grants access to 17 | ## S3 Bucket (demo key/secret below) 18 | keys: 19 | s3: 20 | access: AKIAABCD3FGH1JKLMN0P 21 | secret: aBcDeFgHiJkLmNoPqRsTuVwXyZ/+0124567890Ab 22 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/backup-volume-config.yaml: -------------------------------------------------------------------------------- 1 | ## backup-volume-config.yaml 2 | ## * https://dgraph.io/docs/v20.11/enterprise-features/binary-backups/ 3 | ## 4 | ## Demonstrates binary backups with custom PVC + PV 5 | ## Note that the PV and PVC must have been previously created before installing 6 | ## this chart. The PVC must set ReadWriteMany access mode. 7 | backups: 8 | volume: 9 | enabled: true 10 | claim: rook-cephfs-claim 11 | mountPath: &path /dgraph/backups 12 | full: 13 | enabled: true 14 | debug: true 15 | incremental: 16 | enabled: true 17 | debug: true 18 | destination: *path 19 | alpha: 20 | configFile: 21 | ## NOTE: lru_mb deprecated after v20.11.0 and is no longer needed 22 | config.hcl: | 23 | whitelist = "10.0.0.0/8,172.0.0.0/8,192.168.0.0/16" 24 | lru_mb = 2048 25 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/default-hcl-config.yaml: -------------------------------------------------------------------------------- 1 | ## some default configurations consistent with dgraph v20.11.x 2 | alpha: 3 | configFile: 4 | config.hcl: | 5 | "abort_older_than" = "5m" 6 | "alsologtostderr" = true 7 | "badger.compression_level" = snappy 8 | "badger.vlog" = "mmap" 9 | "bindall" = true 10 | "enable_sentry" = true 11 | "export" = "export" 12 | "graphql_introspection" = true 13 | "log_backtrace_at" = ":0" 14 | "logtostderr" = true 15 | "ludicrous_mode" = false 16 | "postings" = "/dgraph/p" 17 | "wal" = "/dgraph/w" 18 | zero: 19 | configFile: 20 | config.hcl: | 21 | "alsologtostderr" = true 22 | "bindall" = true 23 | "enable_sentry" = true 24 | "log_backtrace_at" = ":0" 25 | "logtostderr" = true 26 | "rebalance_interval" = "8m0s" 27 | "telemetry" = true 28 | "trace" = 0.01 29 | "wal" = "/dgraph/zw" 30 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/default-json-config.yaml: -------------------------------------------------------------------------------- 1 | ## some default configurations consistent with dgraph v20.11.x 2 | alpha: 3 | configFile: 4 | config.json: | 5 | { 6 | "abort_older_than": "5m", 7 | "alsologtostderr": true, 8 | "badger": { 9 | "compression_level": "snappy", 10 | }, 11 | "bindall": true, 12 | "enable_sentry": true, 13 | "export": "export", 14 | "graphql_introspection": true, 15 | "log_backtrace_at": ":0", 16 | "logtostderr": true, 17 | "ludicrous_mode": false, 18 | "max_retries": -1, 19 | "mutations": "allow", 20 | "normalize_node_limit": 10000, 21 | "pending_proposals": 256, 22 | "port_offset": 0, 23 | "postings": "/dgraph/p", 24 | "query_edge_limit": 1000000, 25 | "snapshot_after": 10000, 26 | "telemetry": true, 27 | "trace": 0.01, 28 | "wal": "/dgraph/w" 29 | } 30 | zero: 31 | configFile: 32 | config.json: | 33 | { 34 | "alsologtostderr": true, 35 | "bindall": true, 36 | "enable_sentry": true, 37 | "log_backtrace_at": ":0", 38 | "logtostderr": true, 39 | "rebalance_interval": "8m0s", 40 | "telemetry": true, 41 | "trace": 0.01, 42 | "wal": "/dgraph/zw" 43 | } 44 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/default-properties-config.yaml: -------------------------------------------------------------------------------- 1 | ## some default configurations consistent with dgraph v20.11.x 2 | alpha: 3 | configFile: 4 | config.properties: | 5 | abort_older_than=5m 6 | alsologtostderr=true 7 | badger.compression_level=snappy 8 | bindall=true 9 | enable_sentry=true 10 | export=export 11 | graphql_introspection=true 12 | log_backtrace_at=:0 13 | logtostderr=true 14 | ludicrous_mode=false 15 | max_retries=-1 16 | mutations=allow 17 | normalize_node_limit=10000 18 | pending_proposals=256 19 | port_offset=0 20 | postings=/dgraph/p 21 | query_edge_limit=1000000 22 | snapshot_after=10000 23 | telemetry=true 24 | trace=0.01 25 | wal=/dgraph/w 26 | zero: 27 | configFile: 28 | config.properties: | 29 | alsologtostderr=true 30 | bindall=true 31 | enable_sentry=true 32 | log_backtrace_at=:0 33 | logtostderr=true 34 | rebalance_interval=8m0s 35 | telemetry=true 36 | trace=0.01 37 | wal=/dgraph/zw 38 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/default-toml-config.yaml: -------------------------------------------------------------------------------- 1 | ## some default configurations consistent with dgraph v20.11.x 2 | alpha: 3 | configFile: 4 | config.toml: | 5 | abort_older_than = '5m' 6 | alsologtostderr = true 7 | bindall = true 8 | enable_sentry = true 9 | export = 'export' 10 | graphql_introspection = true 11 | log_backtrace_at = ':0' 12 | logtostderr = true 13 | ludicrous_mode = false 14 | max_retries = -1 15 | mutations = 'allow' 16 | normalize_node_limit = 10000 17 | pending_proposals = 256 18 | port_offset = 0 19 | postings = '/dgraph/p' 20 | query_edge_limit = 1000000 21 | snapshot_after = 10000 22 | telemetry = true 23 | trace = 0.01 24 | wal = '/dgraph/w' 25 | 26 | [badger] 27 | compression_level = 'snappy' 28 | zero: 29 | configFile: 30 | config.toml: | 31 | alsologtostderr = true 32 | bindall = true 33 | enable_sentry = true 34 | log_backtrace_at = ':0' 35 | logtostderr = true 36 | rebalance_interval = '8m0s' 37 | telemetry = true 38 | trace = 0.01 39 | wal = '/dgraph/zw' 40 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/default-yaml-config.yaml: -------------------------------------------------------------------------------- 1 | ## some default configurations consistent with dgraph v20.11.x 2 | alpha: 3 | configFile: 4 | config.yaml: | 5 | abort_older_than: 5m 6 | alsologtostderr: true 7 | badger: 8 | compression_level: snappy 9 | bindall: true 10 | enable_sentry: true 11 | export: export 12 | graphql_introspection: true 13 | log_backtrace_at: :0 14 | logtostderr: true 15 | ludicrous_mode: false 16 | max_retries: -1 17 | mutations: allow 18 | normalize_node_limit: 10000 19 | pending_proposals: 256 20 | port_offset: 0 21 | postings: /dgraph/p 22 | query_edge_limit: 1000000 23 | snapshot_after: 10000 24 | telemetry: true 25 | trace: 0.01 26 | wal: /dgraph/w 27 | zero: 28 | configFile: 29 | config.yaml: | 30 | alsologtostderr: true 31 | bindall: true 32 | enable_sentry: true 33 | log_backtrace_at: :0 34 | logtostderr: true 35 | rebalance_interval: 8m0s 36 | telemetry: true 37 | trace: 0.01 38 | wal: /dgraph/zw 39 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/zero-tls-config.yaml: -------------------------------------------------------------------------------- 1 | ## Specify TLS configuration options for `dgraph alpha` and `dgraph zero` 2 | ## * https://dgraph.io/docs/v20.11/deploy/tls-configuration/#using-tls-with-internal-and-external-ports-encrypted 3 | ## NOTE: TLS Encryption for Zero is only available in v20.11.0+ 4 | ## NOTE: Client Certificates used for Mutual TLS must be configured, as these are 5 | ## need by Dgraph nodes to authenticate to each other. 6 | global: 7 | domain: cluster.local 8 | 9 | alpha: 10 | tls: 11 | enabled: true 12 | configFile: 13 | config.yaml: | 14 | tls_cacert: /dgraph/tls/ca.crt 15 | tls_cert: /dgraph/tls/client.internaluser.crt 16 | tls_key: /dgraph/tls/client.internaluser.key 17 | tls_client_auth: REQUIREANDVERIFY 18 | tls_internal_port_enabled: true 19 | tls_node_cert: /dgraph/tls/node.crt 20 | tls_node_key: /dgraph/tls/node.key 21 | tls_use_system_ca: true 22 | zero: 23 | tls: 24 | enabled: true 25 | configFile: 26 | config.yaml: | 27 | tls_cacert: /dgraph/tls/ca.crt 28 | tls_cert: /dgraph/tls/client.internaluser.crt 29 | tls_key: /dgraph/tls/client.internaluser.key 30 | tls_client_auth: REQUIREANDVERIFY 31 | tls_internal_port_enabled: true 32 | tls_node_cert: /dgraph/tls/node.crt 33 | tls_node_key: /dgraph/tls/node.key 34 | tls_use_system_ca: true 35 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/v20.11/zero-tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## Specify TLS configuration options for `dgraph alpha` and `dgraph zero` 2 | ## * https://dgraph.io/docs/v20.11/deploy/tls-configuration/#using-tls-with-internal-and-external-ports-encrypted 3 | ## NOTE: TLS Encryption for Zero is only available in v20.11.0+ 4 | ## NOTE: Client Certificates used for Mutual TLS must be included, as these are 5 | ## need by Dgraph nodes to authenticate to each other. 6 | 7 | 8 | with Dgraph Alpha do not need to 9 | ## be included in this file. These client certificates are needed by clients to 10 | ## access Dgraph Alpha when tls_client_auth is set to REQUIREANDVERIFY 11 | alpha: 12 | tls: 13 | files: 14 | ## Note that Kubernetes secrets must be base64-encoded 15 | ca.crt: REDACTED 16 | ca.key: REDACTED 17 | client.internaluser.crt: REDACTED 18 | client.internaluser.key: REDACTED 19 | node.crt: REDACTED 20 | node.key: REDACTED 21 | zero: 22 | tls: 23 | files: 24 | ## Note that Kubernetes secrets must be base64-encoded 25 | ca.crt: REDACTED 26 | ca.key: REDACTED 27 | client.internaluser.crt: REDACTED 28 | client.internaluser.key: REDACTED 29 | node.crt: REDACTED 30 | node.key: REDACTED 31 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/zero-tls-config.yaml: -------------------------------------------------------------------------------- 1 | ## Specify TLS configuration options for `dgraph alpha` and `dgraph zero` 2 | ## * https://dgraph.io/docs/deploy/security/tls-configuration/#using-tls-with-internal-and-external-ports-encrypted 3 | ## NOTE: Client Certificates used for Mutual TLS must be configured, as these are 4 | ## need by Dgraph nodes to authenticate to each other. 5 | global: 6 | domain: cluster.local 7 | 8 | alpha: 9 | tls: 10 | enabled: true 11 | configFile: 12 | config.yaml: | 13 | tls: 14 | ca_cert: /dgraph/tls/ca.crt 15 | client_cert: /dgraph/tls/client.dgraphuser.crt 16 | client_key: /dgraph/tls/client.dgraphuser.key 17 | client_auth_type: REQUIREANDVERIFY 18 | internal_port: true 19 | server_cert: /dgraph/tls/node.crt 20 | server_key: /dgraph/tls/node.key 21 | use_system_ca: true 22 | zero: 23 | tls: 24 | enabled: true 25 | configFile: 26 | config.yaml: | 27 | tls: 28 | ca_cert: /dgraph/tls/ca.crt 29 | client_cert: /dgraph/tls/client.dgraphuser.crt 30 | client_key: /dgraph/tls/client.dgraphuser.key 31 | client_auth_type: REQUIREANDVERIFY 32 | internal_port: true 33 | server_cert: /dgraph/tls/node.crt 34 | server_key: /dgraph/tls/node.key 35 | use_system_ca: true 36 | -------------------------------------------------------------------------------- /charts/dgraph/example_values/zero-tls-secrets.yaml: -------------------------------------------------------------------------------- 1 | ## Specify TLS configuration options for `dgraph alpha` and `dgraph zero` 2 | ## * https://dgraph.io/docs/deploy/security/tls-configuration/#using-tls-with-internal-and-external-ports-encrypted 3 | ## NOTE: Client Certificates used for Mutual TLS must be included, as these are 4 | ## need by Dgraph nodes to authenticate to each other. 5 | alpha: 6 | tls: 7 | files: 8 | ## Note that Kubernetes secrets must be base64-encoded 9 | ca.crt: REDACTED 10 | ca.key: REDACTED 11 | client.dgraphuser.crt: REDACTED 12 | client.dgraphuser.key: REDACTED 13 | node.crt: REDACTED 14 | node.key: REDACTED 15 | zero: 16 | tls: 17 | files: 18 | ## Note that Kubernetes secrets must be base64-encoded 19 | ca.crt: REDACTED 20 | ca.key: REDACTED 21 | client.dgraphuser.crt: REDACTED 22 | client.dgraphuser.key: REDACTED 23 | node.crt: REDACTED 24 | node.key: REDACTED 25 | -------------------------------------------------------------------------------- /charts/dgraph/scripts/.gitignore: -------------------------------------------------------------------------------- 1 | dgraph_tls 2 | -------------------------------------------------------------------------------- /charts/dgraph/scripts/README.md: -------------------------------------------------------------------------------- 1 | # Scripts 2 | 3 | Here are some scripts that may be useful for generating helm chart values for use with `dgraph` helm chart. 4 | 5 | ## make_tls_secrets.sh 6 | 7 | For intructions run `./make_tls_secrets.sh --help` 8 | 9 | As an example: 10 | 11 | ```bash 12 | ./make_tls_secrets.sh \ 13 | --release "my-release" \ 14 | --namespace "default" \ 15 | --replicas 3 \ 16 | --extra "ratel.example.com,alpha.example.com" \ 17 | --client "dgraphuser" \ 18 | --zero 19 | ``` 20 | 21 | You can verify Dgraph Alpha certificates and keys with: 22 | 23 | ```bash 24 | ## verify certificates and keys 25 | dgraph cert ls --dir ./dgraph_tls/alpha 26 | ## verify list of addresses supported 27 | dgraph cert ls --dir ./dgraph_tls/alpha | awk -F: '/Hosts/{gsub(/\[ ]+/, "", $2); print $2}' | tr , '\n' 28 | ``` 29 | 30 | You can verify Dgraph Zero certificates and keys with: 31 | 32 | ```bash 33 | ## verify certificates and keys 34 | dgraph cert ls --dir ./dgraph_tls/zero 35 | ## verify list of addresses supported 36 | dgraph cert ls --dir ./dgraph_tls/zero | awk -F: '/Hosts/{gsub(/\[ ]+/, "", $2); print $2}' | tr , '\n' 37 | ``` 38 | -------------------------------------------------------------------------------- /charts/dgraph/scripts/get_alpha_list.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | get_alpha_list() { 4 | ## No of replicas in Alpha statefulset 5 | REPLICAS=${REPLICAS:-"3"} 6 | ## helm release name 7 | RELEASE=${RELEASE:-"my-release"} 8 | ## namespace used during deployment 9 | NAMESPACE=${NAMESPACE:-"default"} 10 | 11 | ## Build List 12 | for (( IDX=0; IDX&2 18 | Make TLS Secrets 19 | 20 | Usage: 21 | $0 [FLAGS] --release [CHART_RELEASE_NAME] 22 | 23 | Flags: 24 | -c, --client Client certificate username, e.g. dgraphuser, backupuser 25 | --domain Kubernetes internal domain name (default "cluster.local") 26 | -d, --debug Enable debug in output 27 | -e, --extra Additional domain names to support, e.g. external DNS name for an ingress 28 | -h, --help Help for $0 29 | -n, --namespace Kubernetes namespace (default "default") 30 | -r, --release Helm Chart Release Name (required) 31 | --replicas Number of Kubernetes replicas (default "3") 32 | --tls_dir Path to top level TLS directory (default "./dgraph_tls") 33 | -z, --zero Create certificates for zero as well 34 | USAGE 35 | } 36 | 37 | ###### 38 | # check_environment - verify dgraph binary exists 39 | ########################## 40 | check_environment() { 41 | ## Check for dgraph command 42 | command -v dgraph > /dev/null || \ 43 | { echo "[ERROR]: 'dgraph' command not not found" 1>&2; exit 1; } 44 | } 45 | 46 | ###### 47 | # get_getopt - find GNU getopt or print error message 48 | ########################## 49 | get_getopt() { 50 | unset GETOPT_CMD 51 | 52 | ## Check for GNU getopt compatibility 53 | if [[ "$(getopt --version)" =~ "--" ]]; then 54 | local SYSTEM="$(uname -s)" 55 | if [[ "${SYSTEM,,}" == "freebsd" ]]; then 56 | ## Check FreeBSD install location 57 | if [[ -f "/usr/local/bin/getopt" ]]; then 58 | GETOPT_CMD="/usr/local/bin/getopt" 59 | else 60 | ## Save FreeBSD Instructions 61 | local MESSAGE="On FreeBSD, compatible getopt can be installed with 'sudo pkg install getopt'" 62 | fi 63 | elif [[ "${SYSTEM,,}" == "darwin" ]]; then 64 | ## Check HomeBrew install location 65 | if [[ -f "/usr/local/opt/gnu-getopt/bin/getopt" ]]; then 66 | GETOPT_CMD="/usr/local/opt/gnu-getopt/bin/getopt" 67 | ## Check MacPorts install location 68 | elif [[ -f "/opt/local/bin/getopt" ]]; then 69 | GETOPT_CMD="/opt/local/bin/getopt" 70 | else 71 | ## Save MacPorts or HomeBrew Instructions 72 | if command -v brew > /dev/null; then 73 | local MESSAGE="On macOS, gnu-getopt can be installed with 'brew install gnu-getopt'\n" 74 | elif command -v port > /dev/null; then 75 | local MESSAGE="On macOS, getopt can be installed with 'sudo port install getopt'\n" 76 | fi 77 | fi 78 | fi 79 | else 80 | GETOPT_CMD="$(command -v getopt)" 81 | fi 82 | 83 | ## Error if no suitable getopt command found 84 | if [[ -z $GETOPT_CMD ]]; then 85 | printf "ERROR: GNU getopt not found. Please install GNU compatible 'getopt'\n\n%s" "$MESSAGE" 1>&2 86 | exit 1 87 | fi 88 | } 89 | 90 | 91 | ###### 92 | # parse_command - parse command line options using GNU getopt 93 | ########################## 94 | parse_command() { 95 | get_getopt 96 | 97 | ## Parse Arguments with GNU getopt 98 | PARSED_ARGUMENTS=$( 99 | $GETOPT_CMD -o c:de:hn:r:z \ 100 | --long client:,domain:,debug,extra:,help,namespace:,release:,replicas:,tls_dir:,zero \ 101 | -n 'make_tls_secrets.sh' -- "$@" 102 | ) 103 | if [ $? != 0 ] ; then usage; exit 1 ; fi 104 | eval set -- "$PARSED_ARGUMENTS" 105 | 106 | ## Defaults 107 | DEBUG="false" 108 | ZERO_ENABLED="false" 109 | NAMESPACE="default" 110 | REPLICAS=3 111 | TLS_DIR=dgraph_tls 112 | LOCAL_DOMAIN="cluster.local" 113 | 114 | ## Process Arguments 115 | while true; do 116 | case "$1" in 117 | -c | --client) CLIENT_NAME="$2"; shift 2 ;; 118 | --domain) LOCAL_DOMAIN="$2"; shift 2 ;; 119 | -d | --debug) DEBUG=true; shift ;; 120 | -e | --extra) EXTRA_LIST="$2"; shift 2 ;; 121 | -h | --help) usage; exit;; 122 | -n | --namespace) NAMESPACE="$2"; shift 2 ;; 123 | -r | --release) RELEASE="$2"; shift 2 ;; 124 | --replicas) REPLICAS="$2"; shift 2;; 125 | --tls_dir) TLS_DIR="$2"; shift 2 ;; 126 | -z | --zero) ZERO_ENABLED=true; shift ;; 127 | --) shift; break ;; 128 | *) break ;; 129 | esac 130 | done 131 | 132 | ## Check required variable was set 133 | if [[ -z "$RELEASE" ]]; then 134 | printf "ERROR: Helm chart release name was not specified!!\n\n" 135 | usage 136 | exit 1 137 | fi 138 | } 139 | 140 | ###### 141 | # get_node_list - create list of domain names for nodes based on replicas 142 | ########################## 143 | get_node_list() { 144 | local LIST=() 145 | 146 | TYPE=${1:-"alpha"} 147 | 148 | [[ -z "$REPLICAS" ]] && \ 149 | { echo "[ERROR]: Env var 'REPLICAS' not defined" 1>&2; exit 1; } 150 | [[ -z "$RELEASE" ]] && \ 151 | { echo "[ERROR]: Env var 'RELEASE' not defined" 1>&2; exit 1; } 152 | [[ -z "$NAMESPACE" ]] && \ 153 | { echo "[ERROR]: Env var 'NAMESPACE' not defined" 1>&2; exit 1; } 154 | [[ -z "$LOCAL_DOMAIN" ]] && \ 155 | { echo "[ERROR]: Env var 'DOMAIN' not defined" 1>&2; exit 1; } 156 | 157 | ## Build List 158 | for (( IDX=0; IDX&2; exit 1; } 176 | 177 | if [[ $DEBUG == "true" ]]; then 178 | set -ex 179 | else 180 | set -e 181 | fi 182 | 183 | ## Add optional client certificate for MutualTLS 184 | if ! [[ -z $CLIENT_NAME ]]; then 185 | CLIENT_OPT="--client $CLIENT_NAME" 186 | fi 187 | 188 | ## Build List of Zero nodes and Alpha nodes 189 | ALPHA_LIST=localhost,$(get_node_list alpha) 190 | ZERO_LIST=localhost,$(get_node_list zero) 191 | ## Append list of extra specified addresses 192 | if ! [[ -z $EXTRA_LIST ]]; then 193 | ALPHA_LIST=$ALPHA_LIST,$EXTRA_LIST 194 | ZERO_LIST=$ZERO_LIST,$EXTRA_LIST 195 | fi 196 | 197 | # Make Alpah Keys/Certs 198 | mkdir -p $TLS_DIR/alpha 199 | dgraph cert --nodes $ALPHA_LIST $CLIENT_OPT --dir $TLS_DIR/alpha 200 | 201 | # Make Zero Keys/Certs with rootCA and client keys/certs from Alpha dir 202 | if [[ $ZERO_ENABLED == "true" ]]; then 203 | mkdir -p $TLS_DIR/zero 204 | ## Copy Root CA to zero 205 | cp -f $TLS_DIR/alpha/ca.* $TLS_DIR/zero 206 | ## Copy Client Cert/Key to zero if client cert name specified 207 | [[ -z $CLIENT_NAME ]] || cp -f $TLS_DIR/alpha/client.${CLIENT_NAME}.* $TLS_DIR/zero 208 | ## Make Zero Keys/Cert 209 | dgraph cert --nodes $ZERO_LIST --dir $TLS_DIR/zero 210 | fi 211 | } 212 | 213 | ###### 214 | # create_certificates - create TLS certs/keys for Alpha and optionally Zero for K8S system 215 | ########################## 216 | create_secret_value_file() { 217 | [[ -z "$TLS_DIR" ]] && \ 218 | { echo "[ERROR]: Env var 'TLS_DIR' not defined" 1>&2; exit 1; } 219 | 220 | 221 | cat <<-EOF > $TLS_DIR/secrets.yaml 222 | alpha: 223 | tls: 224 | files: 225 | $(for F in $TLS_DIR/alpha/*; do echo " ${F##*/}: `cat $F | base64 | tr -d '\n'`"; done) 226 | EOF 227 | 228 | if [[ $ZERO_ENABLED == "true" ]]; then 229 | cat <<-EOF >> $TLS_DIR/secrets.yaml 230 | zero: 231 | tls: 232 | files: 233 | $(for F in $TLS_DIR/zero/*; do echo " ${F##*/}: `cat $F | base64 | tr -d '\n'`"; done) 234 | EOF 235 | fi 236 | } 237 | 238 | main $@ 239 | -------------------------------------------------------------------------------- /charts/dgraph/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. You have just deployed Dgraph, version '{{ .Values.image.tag }}'. 2 | 3 | For further information: 4 | * Documentation: https://dgraph.io/docs/ 5 | * Community and Issues: https://discuss.dgraph.io/ 6 | {{ if or (eq .Values.image.tag "latest") (eq .Values.image.tag "master") }} 7 | NOTE: Using 'latest' or 'master' for 'image.tag' is DANGEROUS and can lead to data loss. 8 | YOU HAVE SET 'image.tag' to '{{- .Values.image.tag }}'. 9 | DO NOT USE IN PRODUCTION AS THE VERSION MAY CHANGE. 10 | 11 | {{ end }} 12 | 2. Get the Dgraph Alpha HTTP/S endpoint by running these commands. 13 | 14 | {{- if .Values.global.ingress.enabled }} 15 | 16 | echo "Access Alpha HTTP/S service: http://{{ .Values.global.ingress.alpha_hostname }}" 17 | 18 | {{- else if .Values.alpha.ingress.enabled }} 19 | 20 | echo "Access Alpha HTTP/S service: http://{{ .Values.alpha.ingress.hostname }}" 21 | 22 | {{- else if contains "NodePort" .Values.alpha.service.type }} 23 | 24 | export ALPHA_NODE_PORT=$(kubectl get --namespace {{ include "dgraph.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http-alpha')].nodePort}" services {{ include "dgraph.alpha.fullname" . }}) 25 | export ALPHA_NODE_IP=$(kubectl get nodes --namespace {{ include "dgraph.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") 26 | echo "Access Alpha HTTP/S service using http://$ALPHA_NODE_IP:$ALPHA_NODE_PORT" 27 | {{- else if contains "LoadBalancer" .Values.alpha.service.type }} 28 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 29 | You can watch the status of by running 'kubectl get --namespace {{ include "dgraph.namespace" . }} service --watch {{ include "dgraph.alpha.fullname" . }}' 30 | 31 | export ALPHA_SERVICE_IP=$(kubectl get service --namespace {{ include "dgraph.namespace" . }} {{ include "dgraph.alpha.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 32 | echo "Access Alpha HTTP/S service using http://$ALPHA_SERVICE_IP:8080" 33 | 34 | {{- else if contains "ClusterIP" .Values.alpha.service.type }} 35 | 36 | export ALPHA_POD_NAME=$(kubectl get pods --namespace {{ include "dgraph.namespace" . }} --selector "statefulset.kubernetes.io/pod-name={{ include "dgraph.alpha.fullname" . }}-0,release={{ .Release.Name }}" --output jsonpath="{.items[0].metadata.name}") 37 | echo "Access Alpha HTTP/S using http://localhost:8080" 38 | kubectl --namespace {{ include "dgraph.namespace" . }} port-forward $ALPHA_POD_NAME 8080:8080 39 | 40 | {{- end }} 41 | 42 | NOTE: Change "http://" to "https://" if TLS was added to the Ingress, Load Balancer, or Dgraph Alpha service. 43 | {{- if (eq .Values.ratel.enabled true) }} 44 | 45 | 3. Get the Dgraph Ratel UI endpoint by running these commands: 46 | 47 | {{- if .Values.global.ingress.enabled }} 48 | 49 | echo "Access Ratel HTTP/S service: http://{{ .Values.global.ingress.ratel_hostname }}" 50 | 51 | {{- else if .Values.ratel.ingress.enabled }} 52 | 53 | echo "Access Ratel HTTP/S service: http://{{ .Values.ratel.ingress.hostname }}" 54 | 55 | {{- else if contains "NodePort" .Values.ratel.service.type }} 56 | 57 | export RATEL_NODE_PORT=$(kubectl get --namespace {{ include "dgraph.namespace" . }} -o jsonpath="{.spec.ports[?(@.name=='http-ratel')].nodePort}" services {{ include "dgraph.ratel.fullname" . }}) 58 | export RATEL_NODE_IP=$(kubectl get nodes --namespace {{ include "dgraph.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") 59 | echo "Access Ratel HTTP/S service using http://$RATEL_NODE_IP:$RATEL_NODE_PORT" 60 | {{- else if contains "LoadBalancer" .Values.ratel.service.type }} 61 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 62 | You can watch the status of by running 'kubectl get --namespace {{ include "dgraph.namespace" . }} service --watch {{ include "dgraph.ratel.fullname" . }}' 63 | 64 | export RATEL_SERVICE_IP=$(kubectl get service --namespace {{ include "dgraph.namespace" . }} {{ include "dgraph.ratel.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 65 | echo "Access Ratel HTTP/S service using http://$RATEL_SERVICE_IP" 66 | 67 | {{- else if contains "ClusterIP" .Values.ratel.service.type }} 68 | 69 | export RATEL_POD_NAME=$(kubectl get pods --namespace {{ include "dgraph.namespace" . }} --selector "component={{ .Values.ratel.name }},release={{ .Release.Name }}" --output jsonpath="{.items[0].metadata.name}") 70 | echo "Access Ratel HTTP/S using http://localhost:8000" 71 | kubectl --namespace {{ include "dgraph.namespace" . }} port-forward $POD_NARATEL_POD_NAMEME 8000:8000 72 | 73 | {{- end }} 74 | 75 | NOTE: Change "http://" to "https://" if TLS was added to the Ingress or Load Balancer. 76 | {{- end }} 77 | -------------------------------------------------------------------------------- /charts/dgraph/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "dgraph.name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 24 -}} 7 | {{- end -}} 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 24 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | */}} 12 | {{- define "dgraph.fullname" -}} 13 | {{- if .Values.fullnameOverride -}} 14 | {{- .Values.fullnameOverride | trunc 24 | trimSuffix "-" -}} 15 | {{- else -}} 16 | {{- $name := default .Chart.Name .Values.nameOverride -}} 17 | {{- printf "%s-%s" .Release.Name $name | trunc 24 -}} 18 | {{- end -}} 19 | {{- end -}} 20 | {{/* 21 | Create chart name and version as used by the chart label. 22 | */}} 23 | {{- define "dgraph.chart" -}} 24 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} 25 | {{- end -}} 26 | 27 | {{/* 28 | Create a default fully qualified data name. 29 | */}} 30 | {{- define "dgraph.zero.fullname" -}} 31 | {{ template "dgraph.fullname" . }}-{{ .Values.zero.name }} 32 | {{- end -}} 33 | 34 | {{/* 35 | Create a default fully qualified data name. 36 | */}} 37 | {{- define "dgraph.backups.fullname" -}} 38 | {{ template "dgraph.fullname" . }}-{{ .Values.backups.name }} 39 | {{- end -}} 40 | 41 | {{/* 42 | Create a semVer/calVer version from image.tag so that it can be safely use in 43 | version comparisions used to toggle features or behavior. 44 | */}} 45 | {{- define "dgraph.version" -}} 46 | {{- $safeVersion := .Values.image.tag -}} 47 | {{- if (eq $safeVersion "shuri") -}} 48 | {{- $safeVersion = "v20.07.1" -}} 49 | {{- else if (regexMatch "^[^v].*" $safeVersion) -}} 50 | {{- $safeVersion = "v50.0.0" -}} 51 | {{- end -}} 52 | {{- printf "%s" $safeVersion -}} 53 | {{- end -}} 54 | 55 | 56 | {{/* 57 | Return the backups image name 58 | */}} 59 | {{- define "dgraph.backups.image" -}} 60 | {{- $registryName := .Values.backups.image.registry -}} 61 | {{- $repositoryName := .Values.backups.image.repository -}} 62 | {{- $tag := .Values.backups.image.tag | toString -}} 63 | {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 64 | {{- end -}} 65 | 66 | {{/* 67 | Return the ratel image name 68 | */}} 69 | {{- define "dgraph.ratel.image" -}} 70 | {{- $registryName := .Values.ratel.image.registry -}} 71 | {{- $repositoryName := .Values.ratel.image.repository -}} 72 | {{- $tag := .Values.ratel.image.tag | toString -}} 73 | {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 74 | {{- end -}} 75 | 76 | 77 | {{/* 78 | Return empty string if minio keys are not defined 79 | */}} 80 | {{- define "dgraph.backups.keys.minio.enabled" -}} 81 | {{- $minioEnabled := "" -}} 82 | {{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} 83 | {{- if $backupsEnabled -}} 84 | {{- if .Values.backups.keys -}} 85 | {{- if .Values.backups.keys.minio -}} 86 | {{- if and .Values.backups.keys.minio.access .Values.backups.keys.minio.secret -}} 87 | {{- $minioEnabled = true -}} 88 | {{- end -}} 89 | {{- end -}} 90 | {{- end -}} 91 | {{- end -}} 92 | {{- printf "%s" $minioEnabled -}} 93 | {{- end -}} 94 | 95 | {{/* 96 | Return empty string if s3 keys are not defined 97 | */}} 98 | {{- define "dgraph.backups.keys.s3.enabled" -}} 99 | {{- $s3Enabled := "" -}} 100 | {{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} 101 | {{- if $backupsEnabled -}} 102 | {{- if .Values.backups.keys -}} 103 | {{- if .Values.backups.keys.s3 -}} 104 | {{- if and .Values.backups.keys.s3.access .Values.backups.keys.s3.secret -}} 105 | {{- $s3Enabled = true -}} 106 | {{- end -}} 107 | {{- end -}} 108 | {{- end -}} 109 | {{- end -}} 110 | {{- printf "%s" $s3Enabled -}} 111 | {{- end -}} 112 | 113 | {{/* 114 | Return the initContainers image name 115 | */}} 116 | {{- define "dgraph.initContainers.init.image" -}} 117 | {{- $registryName := .Values.alpha.initContainers.init.image.registry -}} 118 | {{- $repositoryName := .Values.alpha.initContainers.init.image.repository -}} 119 | {{- $tag := .Values.alpha.initContainers.init.image.tag | toString -}} 120 | {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 121 | {{- end -}} 122 | 123 | {{/* 124 | Return the proper image name (for the metrics image) 125 | */}} 126 | {{- define "dgraph.image" -}} 127 | {{- $registryName := .Values.image.registry -}} 128 | {{- $repositoryName := .Values.image.repository -}} 129 | {{- $tag := .Values.image.tag | toString -}} 130 | {{/* 131 | Helm 2.11 supports the assignment of a value to a variable defined in a different scope, 132 | but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. 133 | Also, we can't use a single if because lazy evaluation is not an option 134 | */}} 135 | {{- if .Values.global }} 136 | {{- if .Values.global.imageRegistry }} 137 | {{- printf "%s/%s:%s" .Values.global.imageRegistry $repositoryName $tag -}} 138 | {{- else -}} 139 | {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 140 | {{- end -}} 141 | {{- else -}} 142 | {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} 143 | {{- end -}} 144 | {{- end -}} 145 | 146 | {{/* 147 | Return the proper Docker Image Registry Secret Names 148 | */}} 149 | {{- define "dgraph.imagePullSecrets" -}} 150 | {{/* 151 | Helm 2.11 supports the assignment of a value to a variable defined in a different scope, 152 | but Helm 2.9 and 2.10 doesn't support it, so we need to implement this if-else logic. 153 | Also, we can't use a single if because lazy evaluation is not an option 154 | */}} 155 | {{- if .Values.global }} 156 | {{- if .Values.global.imagePullSecrets }} 157 | imagePullSecrets: 158 | {{- range .Values.global.imagePullSecrets }} 159 | - name: {{ . }} 160 | {{- end }} 161 | {{- else if .Values.image.pullSecrets }} 162 | imagePullSecrets: 163 | {{- range .Values.image.pullSecrets }} 164 | - name: {{ . }} 165 | {{- end }} 166 | {{- end -}} 167 | {{- else if .Values.image.pullSecrets }} 168 | imagePullSecrets: 169 | {{- range .Values.image.pullSecrets }} 170 | - name: {{ . }} 171 | {{- end }} 172 | {{- end -}} 173 | {{- end -}} 174 | 175 | {{/* 176 | Create a default fully qualified alpha name. 177 | */}} 178 | {{- define "dgraph.alpha.fullname" -}} 179 | {{ template "dgraph.fullname" . }}-{{ .Values.alpha.name }} 180 | {{- end -}} 181 | 182 | {{/* 183 | Create the name of the service account to use 184 | */}} 185 | {{- define "dgraph.serviceAccountName" -}} 186 | {{- if .Values.serviceAccount.create }} 187 | {{- default (include "dgraph.fullname" .) .Values.serviceAccount.name }} 188 | {{- else }} 189 | {{- default "default" .Values.serviceAccount.name }} 190 | {{- end }} 191 | {{- end }} 192 | 193 | {{/* 194 | Create a default fully qualified ratel name. 195 | */}} 196 | {{- define "dgraph.ratel.fullname" -}} 197 | {{ template "dgraph.fullname" . }}-{{ .Values.ratel.name }} 198 | {{- end -}} 199 | 200 | {{/* 201 | Allow overriding namespace 202 | */}} 203 | {{- define "dgraph.namespace" -}} 204 | {{- default .Release.Namespace .Values.namespaceOverride -}} 205 | {{- end -}} 206 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/configs.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.alpha.configFile }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "dgraph.alpha.fullname" . }}-config 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.alpha.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | data: 14 | {{- with .Values.alpha.configFile }} 15 | {{- toYaml . | trimSuffix "\n" | nindent 2 }} 16 | {{- end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Generate ingress path */}} 2 | {{- define "path" -}} 3 | {{- $path := "/" -}} 4 | {{- if .Values.global.ingress.ingressClassName -}} 5 | {{- if eq .Values.global.ingress.ingressClassName "gce" "alb" "nsx" }} 6 | {{- $path = "/*" -}} 7 | {{- else }} 8 | {{- $path = "/" -}} 9 | {{- end }} 10 | {{- else if index $.Values.global.ingress "annotations" -}} 11 | {{- if eq (index $.Values.global.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" "nsx" }} 12 | {{- $path = "/*" -}} 13 | {{- else }} 14 | {{- $path = "/" -}} 15 | {{- end }} 16 | {{- end -}} 17 | {{- printf "%s" $path -}} 18 | {{- end -}} 19 | {{- /* Alpha ingress resource */}} 20 | {{- if and (eq .Values.alpha.ingress.enabled true) (eq .Values.global.ingress.enabled false) -}} 21 | apiVersion: networking.k8s.io/v1 22 | kind: Ingress 23 | metadata: 24 | name: {{ template "dgraph.alpha.fullname" . }}-ingress 25 | namespace: {{ include "dgraph.namespace" . }} 26 | labels: 27 | app: {{ template "dgraph.name" . }} 28 | chart: {{ template "dgraph.chart" . }} 29 | component: {{ .Values.alpha.name }} 30 | release: {{ .Release.Name }} 31 | heritage: {{ .Release.Service }} 32 | {{- with .Values.alpha.ingress.annotations }} 33 | annotations: 34 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 35 | {{- end }} 36 | spec: 37 | {{- if .Values.alpha.ingress.ingressClassName }} 38 | ingressClassName: {{ .Values.alpha.ingress.ingressClassName }} 39 | {{- end }} 40 | {{- if .Values.alpha.ingress.tls }} 41 | tls: 42 | {{- range .Values.alpha.ingress.tls }} 43 | - hosts: 44 | {{- range .hosts }} 45 | - {{ . | quote }} 46 | {{- end }} 47 | secretName: {{ .secretName }} 48 | {{- end }} 49 | {{- end }} 50 | rules: 51 | - http: 52 | paths: 53 | - backend: 54 | service: 55 | name: {{ template "dgraph.alpha.fullname" . }} 56 | port: 57 | number: 8080 58 | pathType: ImplementationSpecific 59 | path: {{ template "path" . }} 60 | {{- if .Values.alpha.ingress.hostname }} 61 | host: {{ .Values.alpha.ingress.hostname }} 62 | {{- end }} 63 | {{- end }} 64 | {{- /* Alpha grpc ingress resource */}} 65 | {{- if and (eq .Values.alpha.ingress_grpc.enabled true) (eq .Values.global.ingress_grpc.enabled false) -}} 66 | --- 67 | apiVersion: networking.k8s.io/v1 68 | kind: Ingress 69 | metadata: 70 | name: {{ template "dgraph.alpha.fullname" . }}-ingress-grpc 71 | namespace: {{ include "dgraph.namespace" . }} 72 | labels: 73 | app: {{ template "dgraph.name" . }} 74 | chart: {{ template "dgraph.chart" . }} 75 | component: {{ .Values.alpha.name }} 76 | release: {{ .Release.Name }} 77 | heritage: {{ .Release.Service }} 78 | {{- with .Values.alpha.ingress_grpc.annotations }} 79 | annotations: 80 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 81 | {{- end }} 82 | spec: 83 | {{- if .Values.alpha.ingress_grpc.ingressClassName }} 84 | ingressClassName: {{ .Values.alpha.ingress_grpc.ingressClassName }} 85 | {{- end }} 86 | {{- if .Values.alpha.ingress_grpc.tls }} 87 | tls: 88 | {{- range .Values.alpha.ingress_grpc.tls }} 89 | - hosts: 90 | {{- range .hosts }} 91 | - {{ . | quote }} 92 | {{- end }} 93 | secretName: {{ .secretName }} 94 | {{- end }} 95 | {{- end }} 96 | rules: 97 | - http: 98 | paths: 99 | - backend: 100 | service: 101 | name: {{ template "dgraph.alpha.fullname" . }} 102 | port: 103 | number: 9080 104 | pathType: ImplementationSpecific 105 | path: {{ template "path" . }} 106 | {{- if .Values.alpha.ingress_grpc.hostname }} 107 | host: {{ .Values.alpha.ingress_grpc.hostname }} 108 | {{- end }} 109 | {{- end }} 110 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/secret-acl.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.alpha.acl.enabled .Values.alpha.acl.file }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "dgraph.alpha.fullname" . }}-acl-secret 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.alpha.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.alpha.tls.annotations }} 14 | annotations: 15 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | data: 19 | {{- with .Values.alpha.acl.file }} 20 | {{- toYaml . | trimSuffix "\n" | nindent 2 }} 21 | {{- end }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/secret-enc.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.alpha.encryption.enabled .Values.alpha.encryption.file }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "dgraph.alpha.fullname" . }}-encryption-secret 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.alpha.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.alpha.tls.annotations }} 14 | annotations: 15 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | data: 19 | {{- with .Values.alpha.encryption.file }} 20 | {{- toYaml . | trimSuffix "\n" | nindent 2 }} 21 | {{- end }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/secret-tls.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.alpha.tls.enabled .Values.alpha.tls.files }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "dgraph.alpha.fullname" . }}-tls-secret 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.alpha.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.alpha.tls.annotations }} 14 | annotations: 15 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | data: 19 | {{- with .Values.alpha.tls.files }} 20 | {{- toYaml . | trimSuffix "\n" | nindent 2 }} 21 | {{- end }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/svc-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "dgraph.alpha.fullname" . }}-headless 5 | namespace: {{ include "dgraph.namespace" . }} 6 | labels: 7 | app: {{ template "dgraph.name" . }} 8 | chart: {{ template "dgraph.chart" . }} 9 | component: {{ .Values.alpha.name }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- with .Values.alpha.serviceHeadless.labels }} 13 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | clusterIP: None 18 | ports: 19 | - name: grpc-alpha-int 20 | port: 7080 21 | targetPort: 7080 22 | selector: 23 | app: {{ template "dgraph.name" . }} 24 | chart: {{ template "dgraph.chart" . }} 25 | component: {{ .Values.alpha.name }} 26 | release: {{ .Release.Name }} 27 | publishNotReadyAddresses: {{ .Values.alpha.service.publishNotReadyAddresses }} 28 | -------------------------------------------------------------------------------- /charts/dgraph/templates/alpha/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "dgraph.alpha.fullname" . }} 5 | namespace: {{ include "dgraph.namespace" . }} 6 | labels: 7 | app: {{ template "dgraph.name" . }} 8 | chart: {{ template "dgraph.chart" . }} 9 | component: {{ .Values.alpha.name }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | monitor: {{ .Values.alpha.monitorLabel }} 13 | {{- with .Values.alpha.service.labels }} 14 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 15 | {{- end }} 16 | {{- with .Values.alpha.service.annotations }} 17 | annotations: 18 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | type: {{ .Values.alpha.service.type }} 22 | {{- if .Values.alpha.service.loadBalancerIP }} 23 | loadBalancerIP: {{ .Values.alpha.service.loadBalancerIP }} 24 | {{- end }} 25 | {{- if .Values.alpha.service.externalTrafficPolicy }} 26 | externalTrafficPolicy: {{ .Values.alpha.service.externalTrafficPolicy }} 27 | {{- end }} 28 | ports: 29 | - port: 8080 30 | targetPort: 8080 31 | name: http-alpha 32 | - port: 9080 33 | name: grpc-alpha 34 | {{- with .Values.alpha.service.loadBalancerSourceRanges }} 35 | loadBalancerSourceRanges: 36 | {{- toYaml . | nindent 4 }} 37 | {{- end }} 38 | selector: 39 | app: {{ template "dgraph.name" . }} 40 | chart: {{ template "dgraph.chart" . }} 41 | component: {{ .Values.alpha.name }} 42 | release: {{ .Release.Name }} 43 | -------------------------------------------------------------------------------- /charts/dgraph/templates/backups/configs.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.backups.full.enabled .Values.backups.incremental.enabled -}} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "dgraph.backups.fullname" . }}-config 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.backups.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | data: 14 | backup.sh: | 15 | ###### 16 | # get_token_rest - get accessJWT token with REST command for Dgraph 1.x 17 | ########################## 18 | get_token_rest() { 19 | JSON="{\"userid\": \"${USER}\", \"password\": \"${PASSWORD}\" }" 20 | RESULT=$( 21 | /usr/bin/curl --silent \ 22 | "${HEADERS[@]}" \ 23 | "${CERTOPTS[@]}" \ 24 | --request POST \ 25 | ${ALPHA_HOST}:8080/login \ 26 | --data "${JSON}" 27 | ) 28 | 29 | if grep -q errors <<< "$RESULT"; then 30 | ERROR=$(grep -oP '(?<=message":")[^"]*' <<< $RESULT) 31 | echo "ERROR: $ERROR" 32 | return 1 33 | fi 34 | 35 | grep -oP '(?<=accessJWT":")[^"]*' <<< "$RESULT" 36 | 37 | } 38 | 39 | ###### 40 | # get_token_graphql - get accessJWT token using GraphQL for Dgraph 20.03.1+ 41 | ########################## 42 | get_token_graphql() { 43 | GQL="{\"query\": \"mutation { login(userId: \\\"${USER}\\\" password: \\\"${PASSWORD}\\\") { response { accessJWT } } }\"}" 44 | RESULT=$( 45 | /usr/bin/curl --silent \ 46 | "${HEADERS[@]}" \ 47 | "${CERTOPTS[@]}" \ 48 | --request POST \ 49 | ${ALPHA_HOST}:8080/admin \ 50 | --data "${GQL}" 51 | ) 52 | 53 | if grep -q errors <<< "$RESULT"; then 54 | ERROR=$(grep -oP '(?<=message":")[^"]*' <<< $RESULT) 55 | echo "ERROR: $ERROR" 56 | return 1 57 | fi 58 | 59 | grep -oP '(?<=accessJWT":")[^"]*' <<< "$RESULT" 60 | 61 | } 62 | 63 | ###### 64 | # get_token - get accessJWT using GraphQL /admin or REST /login 65 | # params: 66 | # 1: user (required) 67 | # 2: password (required) 68 | # envvars: 69 | # ALPHA_HOST (default: localhost) - dns name of dgraph alpha node 70 | # CACERT_PATH - path to dgraph root ca (e.g. ca.crt) if TLS is enabled 71 | # CLIENT_CERT_PATH - path to client cert (e.g. client.dgraphuser.crt) for client TLS 72 | # CLIENT_KEY_PATH - path to client cert (e.g. client.dgraphuser.key) for client TLS 73 | ########################## 74 | get_token() { 75 | USER=${1} 76 | PASSWORD=${2} 77 | AUTH_TOKEN=${3:-""} 78 | CACERT_PATH=${CACERT_PATH:-""} 79 | CLIENT_CERT_PATH=${CLIENT_CERT_PATH:-""} 80 | CLIENT_KEY_PATH=${CLIENT_KEY_PATH:-""} 81 | 82 | ## user/password required for login 83 | if [[ -z "$USER" || -z "$PASSWORD" ]]; then 84 | return 1 85 | fi 86 | 87 | if [[ ! -z "$AUTH_TOKEN" ]]; then 88 | HEADERS+=('--header' "X-Dgraph-AuthToken: $AUTH_TOKEN") 89 | fi 90 | 91 | if [[ ! -z "$CACERT_PATH" ]]; then 92 | CERTOPTS+=('--cacert' "$CACERT_PATH") 93 | if [[ ! -z "$CLIENT_CERT_PATH" || ! -z "$CLIENT_KEY_PATH" ]]; then 94 | CERTOPTS+=( 95 | '--cert' "$CLIENT_CERT_PATH" 96 | '--key' "$CLIENT_KEY_PATH" 97 | ) 98 | fi 99 | ALPHA_HOST=https://${ALPHA_HOST:-"localhost"} 100 | else 101 | ALPHA_HOST=${ALPHA_HOST:-"localhost"} 102 | fi 103 | 104 | API_TYPE=${API_TYPE:-"graphql"} 105 | if [[ "$API_TYPE" == "graphql" ]]; then 106 | HEADERS+=('--header' "Content-Type: application/json") 107 | get_token_graphql 108 | else 109 | get_token_rest 110 | fi 111 | } 112 | 113 | ###### 114 | # backup - trigger binary backup GraphQL /admin or REST /login 115 | # params: 116 | # 1: token (optional) - if ACL enabled pass token from get_token() 117 | # envvars: 118 | # BACKUP_DESTINATION (required) - filepath ("/path/to/backup"), s3://, or minio:// 119 | # ALPHA_HOST (default: localhost) - dns name of dgraph alpha node 120 | # MINIO_SECURE (default: false) - set to true if minio service supports https 121 | # FORCE_FULL (default: false) - set to true if forcing a full backup 122 | # CACERT_PATH - path to dgraph root ca (e.g. ca.crt) if TLS is enabled 123 | # CLIENT_CERT_PATH - path to client cert (e.g. client.dgraphuser.crt) for client TLS 124 | # CLIENT_KEY_PATH - path to client cert (e.g. client.dgraphuser.key) for client TLS 125 | ########################## 126 | backup() { 127 | ACCESS_TOKEN=${1:-""} 128 | AUTH_TOKEN=${2:-""} 129 | CACERT_PATH=${CACERT_PATH:-""} 130 | CLIENT_CERT_PATH=${CLIENT_CERT_PATH:-""} 131 | CLIENT_KEY_PATH=${CLIENT_KEY_PATH:-""} 132 | 133 | API_TYPE=${API_TYPE:-"graphql"} 134 | 135 | MINIO_SECURE=${MINIO_SECURE:-"false"} 136 | FORCE_FULL=${FORCE_FULL:-"false"} 137 | 138 | [[ -z "$BACKUP_DESTINATION" ]] && \ 139 | { echo "'BACKUP_DESTINATION' is not set. Exiting" >&2; return 1; } 140 | 141 | if [[ ! -z "$ACCESS_TOKEN" ]]; then 142 | HEADERS+=('--header' "X-Dgraph-AccessToken: $ACCESS_TOKEN") 143 | fi 144 | 145 | if [[ ! -z "$AUTH_TOKEN" ]]; then 146 | HEADERS+=('--header' "X-Dgraph-AuthToken: $AUTH_TOKEN") 147 | fi 148 | 149 | if [[ ! -z "$CACERT_PATH" ]]; then 150 | CERTOPTS+=('--cacert' "$CACERT_PATH") 151 | if [[ ! -z "$CLIENT_CERT_PATH" || ! -z "$CLIENT_KEY_PATH" ]]; then 152 | CERTOPTS+=( 153 | '--cert' "$CLIENT_CERT_PATH" 154 | '--key' "$CLIENT_KEY_PATH" 155 | ) 156 | fi 157 | ALPHA_HOST=https://${ALPHA_HOST:-"localhost"} 158 | else 159 | ALPHA_HOST=${ALPHA_HOST:-"localhost"} 160 | fi 161 | 162 | ## Configure destination with date stamp folder 163 | BACKUP_DESTINATION="${BACKUP_DESTINATION}/${SUBPATH}" 164 | ## Configure Minio Configuration 165 | if [[ "$MINIO_SECURE" == "false" && "$BACKUP_DESTINATION" =~ ^minio ]]; then 166 | BACKUP_DESTINATION="${BACKUP_DESTINATION}?secure=false" 167 | fi 168 | 169 | ## Create date-stamped directory for file system 170 | if [[ ! "$BACKUP_DESTINATION" =~ ^minio|^s3 ]]; then 171 | ## Check destination directory exist 172 | if [[ -d ${BACKUP_DESTINATION%/*} ]]; then 173 | mkdir -p $BACKUP_DESTINATION 174 | else 175 | echo "Designated Backup Destination '${BACKUP_DESTINATION%/*}' does not exist. Aborting." 176 | return 1 177 | fi 178 | fi 179 | 180 | if [[ "$API_TYPE" == "graphql" ]]; then 181 | HEADERS+=('--header' "Content-Type: application/json") 182 | backup_graphql 183 | else 184 | backup_rest 185 | fi 186 | 187 | } 188 | 189 | ###### 190 | # backup_rest - trigger backup using REST command for Dgraph 1.x 191 | ########################## 192 | backup_rest() { 193 | URL_PATH="admin/backup?force_full=$FORCE_FULL" 194 | 195 | RESULT=$(/usr/bin/curl --silent \ 196 | "${HEADERS[@]}" \ 197 | "${CERTOPTS[@]}" \ 198 | --request POST \ 199 | ${ALPHA_HOST}:8080/$URL_PATH \ 200 | --data "destination=$BACKUP_DESTINATION" 201 | ) 202 | 203 | if grep -q errors <<< "$RESULT"; then 204 | ERROR=$(grep -oP '(?<=message":")[^"]*' <<< $RESULT) 205 | MESSAGE="ERROR: $ERROR" 206 | if grep -q code <<< "$RESULT"; then 207 | CODE=$(grep -oP '(?<=code":")[^"]*' <<< $RESULT) 208 | echo "$MESSAGE REASON='$CODE'" 209 | fi 210 | return 1 211 | fi 212 | 213 | echo $RESULT 214 | 215 | } 216 | 217 | ###### 218 | # backup_graphql - trigger backup using GraphQL for Dgraph 20.03.1+ 219 | ########################## 220 | backup_graphql() { 221 | GQL="{\"query\": \"mutation { backup(input: {destination: \\\"${BACKUP_DESTINATION}\\\" forceFull: $FORCE_FULL }) { response { message code } } }\"}" 222 | 223 | RESULT=$(/usr/bin/curl --silent \ 224 | "${HEADERS[@]}" \ 225 | "${CERTOPTS[@]}" \ 226 | --request POST \ 227 | $ALPHA_HOST:8080/admin \ 228 | --data "$GQL" 229 | ) 230 | 231 | if grep -q errors <<< "$RESULT"; then 232 | ERROR=$(grep -oP '(?<=message":")[^"]*' <<< $RESULT) 233 | echo "ERROR: $ERROR" 234 | return 1 235 | fi 236 | 237 | echo $RESULT 238 | } 239 | {{- end }} 240 | -------------------------------------------------------------------------------- /charts/dgraph/templates/backups/cronjob-full.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Determine Backup is REST or GraphQL */}} 2 | {{- define "backups.api_type" -}} 3 | {{- $apiType := "graphql" -}} 4 | {{- $safeVersion := include "dgraph.version" . -}} 5 | {{- if semverCompare "< 20.03" $safeVersion -}} 6 | {{- $apiType = "rest" -}} 7 | {{- end -}} 8 | {{- if .Values.backups.override_api_type -}} 9 | {{- printf "%s" .Values.backups.override_api_type -}} 10 | {{- else -}} 11 | {{- printf "%s" $apiType -}} 12 | {{- end -}} 13 | {{- end -}} 14 | {{- if .Values.backups.full.enabled -}} 15 | apiVersion: batch/v1 16 | kind: CronJob 17 | metadata: 18 | name: {{ template "dgraph.backups.fullname" . }}-full 19 | namespace: {{ include "dgraph.namespace" . }} 20 | labels: 21 | app: {{ template "dgraph.name" . }} 22 | chart: {{ template "dgraph.chart" . }} 23 | component: {{ .Values.backups.name }} 24 | release: {{ .Release.Name }} 25 | heritage: {{ .Release.Service }} 26 | spec: 27 | schedule: "{{ .Values.backups.full.schedule }}" 28 | jobTemplate: 29 | metadata: 30 | labels: 31 | cronjob: {{ template "dgraph.backups.fullname" . }}-full 32 | spec: 33 | template: 34 | metadata: 35 | labels: 36 | cronjob: {{ template "dgraph.backups.fullname" . }}-full 37 | {{- if .Values.backups.podLabels }} 38 | {{ .Values.backups.podLabels | toYaml | indent 12}} 39 | {{- end }} 40 | spec: 41 | {{- if .Values.serviceAccount.create }} 42 | serviceAccountName: {{ .Values.serviceAccount.name }} 43 | {{- end }} 44 | {{- if .Values.backups.schedulerName }} 45 | schedulerName: {{ .Values.backups.schedulerName }} 46 | {{- end }} 47 | containers: 48 | - name: {{ template "dgraph.backups.fullname" . }}-full 49 | image: {{ template "dgraph.backups.image" . }} 50 | imagePullPolicy: {{ .Values.backups.image.pullPolicy | quote }} 51 | command: 52 | - /usr/bin/bash 53 | - "-c" 54 | - | 55 | {{- if .Values.backups.full.debug }} 56 | set -ex 57 | {{- else }} 58 | set -e 59 | {{- end }} 60 | 61 | source /scripts/backup.sh 62 | 63 | ## Use Single Alpha in Cluster to avoid potential issues with concurrent backups 64 | ## ref. https://discuss.dgraph.io/t/concurrent-backups-can-lead-to-issues/9934/2 65 | ALPHA_HOST="{{ template "dgraph.alpha.fullname" . }}-0.{{ template "dgraph.alpha.fullname" . }}-headless.${POD_NAMESPACE}.svc" 66 | 67 | BACKUP_DESTINATION={{ .Values.backups.destination }} 68 | SUBPATH={{ .Values.backups.subpath }} 69 | API_TYPE={{ template "backups.api_type" . }} 70 | MINIO_SECURE={{ .Values.backups.minioSecure }} 71 | 72 | ## Get Tokens 73 | {{- if .Values.backups.admin.auth_token }} 74 | AUTH_TOKEN=$(cat /backup_secrets/backup_auth_token) 75 | {{- end }} 76 | 77 | {{- if .Values.alpha.acl.enabled }} 78 | ACCESS_TOKEN=$(get_token {{ .Values.backups.admin.user }} $(cat /backup_secrets/backup_admin_password) $AUTH_TOKEN ) 79 | {{- end }} 80 | 81 | ## Full Backup with optional access and auth tokens 82 | FORCE_FULL=true backup "$ACCESS_TOKEN" "$AUTH_TOKEN" 83 | volumeMounts: 84 | - name: backup-config-volume 85 | mountPath: /scripts 86 | {{- if .Values.alpha.tls.enabled }} 87 | - name: tls-volume 88 | mountPath: /dgraph/tls 89 | {{- end }} 90 | {{- if .Values.alpha.acl.enabled }} 91 | - name: backup-secret-volume 92 | mountPath: /backup_secrets 93 | {{- end }} 94 | ## Mount NFS Backup volume so that datestamp directories can be created 95 | {{- if .Values.backups.nfs.enabled }} 96 | - name: backups-nfs-volume 97 | mountPath: {{ .Values.backups.nfs.mountPath }} 98 | {{- end }} 99 | ## Mount Backup volume so that datestamp directories can be created 100 | {{- if .Values.backups.volume.enabled }} 101 | - name: backups-vol-volume 102 | mountPath: {{ .Values.backups.volume.mountPath }} 103 | {{- end }} 104 | env: 105 | - name: POD_NAMESPACE 106 | valueFrom: 107 | fieldRef: 108 | fieldPath: metadata.namespace 109 | {{- if .Values.alpha.tls.enabled }} 110 | - name: CACERT_PATH 111 | value: /dgraph/tls/ca.crt 112 | {{- if .Values.backups.admin.tls_client }} 113 | - name: CLIENT_CERT_PATH 114 | value: /dgraph/tls/client.{{ .Values.backups.admin.tls_client }}.crt 115 | - name: CLIENT_KEY_PATH 116 | value: /dgraph/tls/client.{{ .Values.backups.admin.tls_client }}.key 117 | {{- end }} 118 | {{- end }} 119 | restartPolicy: {{ .Values.backups.incremental.restartPolicy }} 120 | volumes: 121 | - name: backup-config-volume 122 | configMap: 123 | name: {{ template "dgraph.backups.fullname" . }}-config 124 | {{- if .Values.alpha.tls.enabled }} 125 | - name: tls-volume 126 | secret: 127 | secretName: {{ template "dgraph.alpha.fullname" . }}-tls-secret 128 | {{- end }} 129 | {{- if or (.Values.alpha.acl.enabled) (.Values.backups.admin.auth_token) }} 130 | - name: backup-secret-volume 131 | secret: 132 | secretName: {{ template "dgraph.backups.fullname" . }}-secret 133 | {{- end }} 134 | {{- if .Values.backups.nfs.enabled }} 135 | - name: backups-nfs-volume 136 | persistentVolumeClaim: 137 | claimName: {{ template "dgraph.backups.fullname" . }}-claim 138 | {{- end }} 139 | {{- if .Values.backups.volume.enabled }} 140 | - name: backups-vol-volume 141 | persistentVolumeClaim: 142 | claimName: {{ .Values.backups.volume.claim }} 143 | {{- end }} 144 | {{- end }} 145 | -------------------------------------------------------------------------------- /charts/dgraph/templates/backups/cronjob-inc.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Determine Backup is REST or GraphQL */}} 2 | {{- define "backups.api_type" -}} 3 | {{- $apiType := "graphql" -}} 4 | {{- $safeVersion := include "dgraph.version" . -}} 5 | {{- if semverCompare "< 20.03" $safeVersion -}} 6 | {{- $apiType = "rest" -}} 7 | {{- end -}} 8 | {{- if .Values.backups.override_api_type -}} 9 | {{- printf "%s" .Values.backups.override_api_type -}} 10 | {{- else -}} 11 | {{- printf "%s" $apiType -}} 12 | {{- end -}} 13 | {{- end -}} 14 | {{- if .Values.backups.incremental.enabled -}} 15 | apiVersion: batch/v1 16 | kind: CronJob 17 | metadata: 18 | name: {{ template "dgraph.backups.fullname" . }}-inc 19 | namespace: {{ include "dgraph.namespace" . }} 20 | labels: 21 | app: {{ template "dgraph.name" . }} 22 | chart: {{ template "dgraph.chart" . }} 23 | component: {{ .Values.backups.name }} 24 | release: {{ .Release.Name }} 25 | heritage: {{ .Release.Service }} 26 | spec: 27 | schedule: "{{ .Values.backups.incremental.schedule }}" 28 | jobTemplate: 29 | metadata: 30 | labels: 31 | cronjob: {{ template "dgraph.backups.fullname" . }}-inc 32 | spec: 33 | template: 34 | metadata: 35 | labels: 36 | cronjob: {{ template "dgraph.backups.fullname" . }}-inc 37 | {{- if .Values.backups.podLabels }} 38 | {{ .Values.backups.podLabels | toYaml | indent 12}} 39 | {{- end }} 40 | spec: 41 | {{- if .Values.serviceAccount.create }} 42 | serviceAccountName: {{ .Values.serviceAccount.name }} 43 | {{- end }} 44 | {{- if .Values.backups.schedulerName }} 45 | schedulerName: {{ .Values.backups.schedulerName }} 46 | {{- end }} 47 | containers: 48 | - name: {{ template "dgraph.backups.fullname" . }}-inc 49 | image: {{ template "dgraph.backups.image" . }} 50 | imagePullPolicy: {{ .Values.backups.image.pullPolicy | quote }} 51 | command: 52 | - /usr/bin/bash 53 | - "-c" 54 | - | 55 | {{- if .Values.backups.incremental.debug }} 56 | set -ex 57 | {{- else }} 58 | set -e 59 | {{- end }} 60 | 61 | source /scripts/backup.sh 62 | 63 | ## Use Single Alpha in Cluster to avoid potential issues with concurrent backups 64 | ## ref. https://discuss.dgraph.io/t/concurrent-backups-can-lead-to-issues/9934/2 65 | ALPHA_HOST="{{ template "dgraph.alpha.fullname" . }}-0.{{ template "dgraph.alpha.fullname" . }}-headless.${POD_NAMESPACE}.svc" 66 | 67 | BACKUP_DESTINATION={{ .Values.backups.destination }} 68 | SUBPATH={{ .Values.backups.subpath }} 69 | API_TYPE={{ template "backups.api_type" . }} 70 | MINIO_SECURE={{ .Values.backups.minioSecure }} 71 | 72 | ## Get Tokens 73 | {{- if .Values.backups.admin.auth_token }} 74 | AUTH_TOKEN=$(cat /backup_secrets/backup_auth_token) 75 | {{- end }} 76 | 77 | {{- if .Values.alpha.acl.enabled }} 78 | ACCESS_TOKEN=$(get_token {{ .Values.backups.admin.user }} $(cat /backup_secrets/backup_admin_password) $AUTH_TOKEN ) 79 | {{- end }} 80 | 81 | ## Incremental Backup with optional access and auth tokens 82 | FORCE_FULL=false backup "$ACCESS_TOKEN" "$AUTH_TOKEN" 83 | volumeMounts: 84 | - name: backup-config-volume 85 | mountPath: /scripts 86 | {{- if .Values.alpha.tls.enabled }} 87 | - name: tls-volume 88 | mountPath: /dgraph/tls 89 | {{- end }} 90 | {{- if .Values.alpha.acl.enabled }} 91 | - name: backup-secret-volume 92 | mountPath: /backup_secrets 93 | {{- end }} 94 | ## Mount NFS Backup volume so that datestamp directories can be created 95 | {{- if .Values.backups.nfs.enabled }} 96 | - name: backups-nfs-volume 97 | mountPath: {{ .Values.backups.nfs.mountPath }} 98 | {{- end }} 99 | ## Mount Backup volume so that datestamp directories can be created 100 | {{- if .Values.backups.volume.enabled }} 101 | - name: backups-vol-volume 102 | mountPath: {{ .Values.backups.volume.mountPath }} 103 | {{- end }} 104 | env: 105 | - name: POD_NAMESPACE 106 | valueFrom: 107 | fieldRef: 108 | fieldPath: metadata.namespace 109 | {{- if .Values.alpha.tls.enabled }} 110 | - name: CACERT_PATH 111 | value: /dgraph/tls/ca.crt 112 | {{- if .Values.backups.admin.tls_client }} 113 | - name: CLIENT_CERT_PATH 114 | value: /dgraph/tls/client.{{ .Values.backups.admin.tls_client }}.crt 115 | - name: CLIENT_KEY_PATH 116 | value: /dgraph/tls/client.{{ .Values.backups.admin.tls_client }}.key 117 | {{- end }} 118 | {{- end }} 119 | restartPolicy: {{ .Values.backups.incremental.restartPolicy }} 120 | volumes: 121 | - name: backup-config-volume 122 | configMap: 123 | name: {{ template "dgraph.backups.fullname" . }}-config 124 | {{- if .Values.alpha.tls.enabled }} 125 | - name: tls-volume 126 | secret: 127 | secretName: {{ template "dgraph.alpha.fullname" . }}-tls-secret 128 | {{- end }} 129 | {{- if or .Values.alpha.acl.enabled .Values.backups.admin.auth_token }} 130 | - name: backup-secret-volume 131 | secret: 132 | secretName: {{ template "dgraph.backups.fullname" . }}-secret 133 | {{- end }} 134 | {{- if .Values.backups.nfs.enabled }} 135 | - name: backups-nfs-volume 136 | persistentVolumeClaim: 137 | claimName: {{ template "dgraph.backups.fullname" . }}-claim 138 | {{- end }} 139 | {{- if .Values.backups.volume.enabled }} 140 | - name: backups-vol-volume 141 | persistentVolumeClaim: 142 | claimName: {{ .Values.backups.volume.claim }} 143 | {{- end }} 144 | {{- end }} 145 | -------------------------------------------------------------------------------- /charts/dgraph/templates/backups/pv.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or .Values.backups.full.enabled .Values.backups.incremental.enabled) .Values.backups.nfs.enabled -}} 2 | apiVersion: v1 3 | kind: PersistentVolume 4 | metadata: 5 | name: {{ template "dgraph.backups.fullname" . }}-fileserver 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.backups.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | spec: 14 | capacity: 15 | storage: {{ .Values.backups.nfs.storage }} 16 | accessModes: 17 | - ReadWriteMany 18 | nfs: 19 | path: {{ .Values.backups.nfs.path }} 20 | server: {{ .Values.backups.nfs.server }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/dgraph/templates/backups/pvc.yaml: -------------------------------------------------------------------------------- 1 | {{- if and (or .Values.backups.full.enabled .Values.backups.incremental.enabled) .Values.backups.nfs.enabled -}} 2 | apiVersion: v1 3 | kind: PersistentVolumeClaim 4 | metadata: 5 | name: {{ template "dgraph.backups.fullname" . }}-claim 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.backups.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | spec: 14 | accessModes: 15 | - ReadWriteMany 16 | storageClassName: "" 17 | volumeName: {{ template "dgraph.backups.fullname" . }}-fileserver 18 | resources: 19 | requests: 20 | storage: {{ .Values.backups.nfs.storage }} 21 | {{- end }} 22 | -------------------------------------------------------------------------------- /charts/dgraph/templates/backups/secrets.yaml: -------------------------------------------------------------------------------- 1 | {{- $hasS3Keys := include "dgraph.backups.keys.s3.enabled" . -}} 2 | {{- $hasMinioKeys := include "dgraph.backups.keys.minio.enabled" . -}} 3 | {{- $backupsEnabled := or .Values.backups.full.enabled .Values.backups.incremental.enabled }} 4 | {{- if and $backupsEnabled (or .Values.alpha.acl.enabled .Values.backups.admin.auth_token $hasS3Keys $hasMinioKeys) -}} 5 | apiVersion: v1 6 | kind: Secret 7 | metadata: 8 | name: {{ template "dgraph.backups.fullname" . }}-secret 9 | namespace: {{ include "dgraph.namespace" . }} 10 | labels: 11 | app: {{ template "dgraph.name" . }} 12 | chart: {{ template "dgraph.chart" . }} 13 | component: {{ .Values.backups.name }} 14 | release: {{ .Release.Name }} 15 | heritage: {{ .Release.Service }} 16 | {{- with .Values.alpha.tls.annotations }} 17 | annotations: 18 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 19 | {{- end }} 20 | type: Opaque 21 | data: 22 | {{- if .Values.alpha.acl.enabled }} 23 | backup_admin_password: {{ .Values.backups.admin.password | toString | b64enc | quote }} 24 | {{- end }} 25 | {{- if .Values.backups.admin.auth_token }} 26 | backup_auth_token: {{ .Values.backups.admin.auth_token | toString | b64enc | quote }} 27 | {{- end }} 28 | {{- if $hasS3Keys }} 29 | s3_access_key: {{ .Values.backups.keys.s3.access | toString | b64enc | quote }} 30 | s3_secret_key: {{ .Values.backups.keys.s3.secret | toString | b64enc | quote }} 31 | {{- end }} 32 | {{- if $hasMinioKeys }} 33 | minio_access_key: {{ .Values.backups.keys.minio.access | toString | b64enc | quote }} 34 | minio_secret_key: {{ .Values.backups.keys.minio.secret | toString | b64enc | quote }} 35 | {{- end }} 36 | {{- end }} 37 | -------------------------------------------------------------------------------- /charts/dgraph/templates/global-ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Generate ingress path */}} 2 | {{- define "path" -}} 3 | {{- $path := "/" -}} 4 | {{- if .Values.global.ingress.ingressClassName -}} 5 | {{- if eq .Values.global.ingress.ingressClassName "gce" "alb" "nsx" }} 6 | {{- $path = "/*" -}} 7 | {{- else }} 8 | {{- $path = "/" -}} 9 | {{- end }} 10 | {{- else if index $.Values.global.ingress "annotations" -}} 11 | {{- if eq (index $.Values.global.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" "nsx" }} 12 | {{- $path = "/*" -}} 13 | {{- else }} 14 | {{- $path = "/" -}} 15 | {{- end }} 16 | {{- end -}} 17 | {{- printf "%s" $path -}} 18 | {{- end -}} 19 | {{- /* Global ingress resource */}} 20 | {{- if (eq .Values.global.ingress.enabled true) -}} 21 | apiVersion: networking.k8s.io/v1 22 | kind: Ingress 23 | metadata: 24 | name: {{ template "dgraph.fullname" . }}-ingress 25 | namespace: {{ include "dgraph.namespace" . }} 26 | labels: 27 | app: {{ template "dgraph.name" . }} 28 | chart: {{ template "dgraph.chart" . }} 29 | component: {{ .Values.alpha.name }} 30 | release: {{ .Release.Name }} 31 | heritage: {{ .Release.Service }} 32 | {{- with .Values.global.ingress.annotations }} 33 | annotations: 34 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 35 | {{- end }} 36 | spec: 37 | {{- if .Values.global.ingress.ingressClassName }} 38 | ingressClassName: {{ .Values.global.ingress.ingressClassName }} 39 | {{- end }} 40 | {{- if .Values.global.ingress.tls }} 41 | tls: 42 | {{- range .Values.global.ingress.tls }} 43 | - hosts: 44 | {{- range .hosts }} 45 | - {{ . | quote }} 46 | {{- end }} 47 | secretName: {{ .secretName }} 48 | {{- end }} 49 | {{- end }} 50 | rules: 51 | - http: 52 | paths: 53 | - backend: 54 | service: 55 | name: {{ template "dgraph.alpha.fullname" . }} 56 | port: 57 | number: 8080 58 | pathType: ImplementationSpecific 59 | path: {{ template "path" . }} 60 | {{- if .Values.global.ingress.alpha_hostname }} 61 | host: {{ .Values.global.ingress.alpha_hostname }} 62 | {{- end }} 63 | {{- if .Values.ratel.enabled }} 64 | - http: 65 | paths: 66 | - backend: 67 | service: 68 | name: {{ template "dgraph.ratel.fullname" . }} 69 | port: 70 | number: 80 71 | pathType: ImplementationSpecific 72 | path: {{ template "path" . }} 73 | {{- if .Values.global.ingress.ratel_hostname }} 74 | host: {{ .Values.global.ingress.ratel_hostname }} 75 | {{- end }} 76 | {{- end }} 77 | {{- end }} 78 | --- 79 | {{- if (eq .Values.global.ingress_grpc.enabled true) -}} 80 | apiVersion: networking.k8s.io/v1 81 | kind: Ingress 82 | metadata: 83 | name: {{ template "dgraph.fullname" . }}-ingress-grpc 84 | namespace: {{ include "dgraph.namespace" . }} 85 | labels: 86 | app: {{ template "dgraph.name" . }} 87 | chart: {{ template "dgraph.chart" . }} 88 | component: {{ .Values.alpha.name }} 89 | release: {{ .Release.Name }} 90 | heritage: {{ .Release.Service }} 91 | {{- with .Values.global.ingress_grpc.annotations }} 92 | annotations: 93 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 94 | {{- end }} 95 | spec: 96 | {{- if .Values.global.ingress_grpc.ingressClassName }} 97 | ingressClassName: {{ .Values.global.ingress_grpc.ingressClassName }} 98 | {{- end }} 99 | {{- if .Values.global.ingress_grpc.tls }} 100 | tls: 101 | {{- range .Values.global.ingress_grpc.tls }} 102 | - hosts: 103 | {{- range .hosts }} 104 | - {{ . | quote }} 105 | {{- end }} 106 | secretName: {{ .secretName }} 107 | {{- end }} 108 | {{- end }} 109 | rules: 110 | - http: 111 | paths: 112 | - backend: 113 | service: 114 | name: {{ template "dgraph.alpha.fullname" . }} 115 | port: 116 | number: 9080 117 | pathType: ImplementationSpecific 118 | path: {{ template "path" . }} 119 | {{- if .Values.global.ingress_grpc.alpha_grpc_hostname }} 120 | host: {{ .Values.global.ingress_grpc.alpha_grpc_hostname }} 121 | {{- end }} 122 | {{- end }} 123 | -------------------------------------------------------------------------------- /charts/dgraph/templates/ratel/deployment.yaml: -------------------------------------------------------------------------------- 1 | {{- if (eq .Values.ratel.enabled true) -}} 2 | apiVersion: apps/v1 3 | kind: Deployment 4 | metadata: 5 | name: {{ template "dgraph.ratel.fullname" . }} 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.ratel.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | spec: 14 | selector: 15 | matchLabels: 16 | app: {{ template "dgraph.name" . }} 17 | chart: {{ template "dgraph.chart" . }} 18 | component: {{ .Values.ratel.name }} 19 | release: {{ .Release.Name }} 20 | replicas: {{ .Values.ratel.replicaCount }} 21 | template: 22 | metadata: 23 | {{- if .Values.ratel.extraAnnotations }} 24 | annotations: 25 | {{- with .Values.ratel.extraAnnotations }} 26 | {{- toYaml . | trimSuffix "\n" | nindent 8 }} 27 | {{- end }} 28 | {{- end }} 29 | labels: 30 | app: {{ template "dgraph.name" . }} 31 | chart: {{ template "dgraph.chart" . }} 32 | component: {{ .Values.ratel.name }} 33 | release: {{ .Release.Name }} 34 | {{- if .Values.ratel.podLabels }} 35 | {{ .Values.ratel.podLabels | toYaml | indent 8}} 36 | {{- end }} 37 | spec: 38 | {{- if .Values.serviceAccount.create }} 39 | serviceAccountName: {{ .Values.serviceAccount.name }} 40 | automountServiceAccountToken: {{ .Values.ratel.automountServiceAccountToken }} 41 | {{- end }} 42 | {{- if .Values.ratel.schedulerName }} 43 | schedulerName: {{ .Values.ratel.schedulerName }} 44 | {{- end }} 45 | {{- if .Values.ratel.securityContext.enabled }} 46 | securityContext: 47 | fsGroup: {{ .Values.ratel.securityContext.fsGroup }} 48 | runAsUser: {{ .Values.ratel.securityContext.runAsUser }} 49 | {{- end }} 50 | {{- include "dgraph.imagePullSecrets" . | indent 6 }} 51 | containers: 52 | - name: "{{ template "dgraph.ratel.fullname" . }}" 53 | image: "{{ template "dgraph.ratel.image" . }}" 54 | imagePullPolicy: {{ .Values.ratel.image.pullPolicy | quote }} 55 | {{- if .Values.ratel.extraEnvs }} 56 | env: 57 | {{- with .Values.ratel.extraEnvs }} 58 | {{- toYaml . | nindent 10 }} 59 | {{- end }} 60 | {{- end }} 61 | {{- with .Values.ratel.envFrom }} 62 | envFrom: 63 | {{- toYaml . | nindent 10 }} 64 | {{- end }} 65 | args: {{ .Values.ratel.args | toYaml | nindent 10 }} 66 | command: 67 | - dgraph-ratel 68 | ports: 69 | - name: http-ratel 70 | containerPort: 8000 71 | {{- if .Values.ratel.livenessProbe.enabled }} 72 | livenessProbe: 73 | httpGet: 74 | port: {{ .Values.ratel.livenessProbe.port }} 75 | path: {{ .Values.ratel.livenessProbe.path }} 76 | initialDelaySeconds: {{ .Values.ratel.livenessProbe.initialDelaySeconds }} 77 | periodSeconds: {{ .Values.ratel.livenessProbe.periodSeconds }} 78 | timeoutSeconds: {{ .Values.ratel.livenessProbe.timeoutSeconds }} 79 | successThreshold: {{ .Values.ratel.livenessProbe.successThreshold }} 80 | failureThreshold: {{ .Values.ratel.livenessProbe.failureThreshold }} 81 | {{- else if .Values.ratel.customLivenessProbe }} 82 | livenessProbe: {{- toYaml .Values.ratel.customLivenessProbe | nindent 10 }} 83 | {{- end }} 84 | {{- if .Values.ratel.readinessProbe.enabled }} 85 | readinessProbe: 86 | httpGet: 87 | port: {{ .Values.ratel.readinessProbe.port }} 88 | path: {{ .Values.ratel.readinessProbe.path }} 89 | initialDelaySeconds: {{ .Values.ratel.readinessProbe.initialDelaySeconds }} 90 | periodSeconds: {{ .Values.ratel.readinessProbe.periodSeconds }} 91 | timeoutSeconds: {{ .Values.ratel.readinessProbe.timeoutSeconds }} 92 | successThreshold: {{ .Values.ratel.readinessProbe.successThreshold }} 93 | failureThreshold: {{ .Values.ratel.readinessProbe.failureThreshold }} 94 | {{- else if .Values.ratel.customReadinessProbe }} 95 | readinessProbe: {{- toYaml .Values.ratel.customReadinessProbe | nindent 10 }} 96 | {{- end }} 97 | resources: 98 | {{ toYaml .Values.ratel.resources | indent 10 }} 99 | 100 | {{- end }} 101 | -------------------------------------------------------------------------------- /charts/dgraph/templates/ratel/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Generate ingress path */}} 2 | {{- define "path" -}} 3 | {{- $path := "/" -}} 4 | {{- if .Values.global.ingress.ingressClassName -}} 5 | {{- if eq .Values.global.ingress.ingressClassName "gce" "alb" "nsx" }} 6 | {{- $path = "/*" -}} 7 | {{- else }} 8 | {{- $path = "/" -}} 9 | {{- end }} 10 | {{- else if index $.Values.global.ingress "annotations" -}} 11 | {{- if eq (index $.Values.global.ingress.annotations "kubernetes.io/ingress.class" | default "") "gce" "alb" "nsx" }} 12 | {{- $path = "/*" -}} 13 | {{- else }} 14 | {{- $path = "/" -}} 15 | {{- end }} 16 | {{- end -}} 17 | {{- printf "%s" $path -}} 18 | {{- end -}} 19 | {{- /* Ratel ingress resource */}} 20 | {{- if and (eq .Values.ratel.ingress.enabled true) (eq .Values.global.ingress.enabled false) (eq .Values.ratel.enabled true) -}} 21 | apiVersion: networking.k8s.io/v1 22 | kind: Ingress 23 | metadata: 24 | name: {{ template "dgraph.ratel.fullname" . }}-ingress 25 | namespace: {{ include "dgraph.namespace" . }} 26 | labels: 27 | app: {{ template "dgraph.name" . }} 28 | chart: {{ template "dgraph.chart" . }} 29 | component: {{ .Values.ratel.name }} 30 | release: {{ .Release.Name }} 31 | heritage: {{ .Release.Service }} 32 | {{- with .Values.ratel.ingress.annotations }} 33 | annotations: 34 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 35 | {{- end }} 36 | spec: 37 | {{- if .Values.ratel.ingress.ingressClassName }} 38 | ingressClassName: {{ .Values.ratel.ingress.ingressClassName }} 39 | {{- end }} 40 | {{- if .Values.ratel.ingress.tls }} 41 | tls: 42 | {{- range .Values.ratel.ingress.tls }} 43 | - hosts: 44 | {{- range .hosts }} 45 | - {{ . | quote }} 46 | {{- end }} 47 | secretName: {{ .secretName }} 48 | {{- end }} 49 | {{- end }} 50 | rules: 51 | - http: 52 | paths: 53 | - backend: 54 | service: 55 | name: {{ template "dgraph.ratel.fullname" . }} 56 | port: 57 | number: 80 58 | pathType: ImplementationSpecific 59 | path: {{ template "path" . }} 60 | {{- if .Values.ratel.ingress.hostname }} 61 | host: {{ .Values.ratel.ingress.hostname }} 62 | {{- end }} 63 | {{- end }} 64 | -------------------------------------------------------------------------------- /charts/dgraph/templates/ratel/svc.yaml: -------------------------------------------------------------------------------- 1 | {{- if (eq .Values.ratel.enabled true) -}} 2 | apiVersion: v1 3 | kind: Service 4 | metadata: 5 | name: {{ template "dgraph.ratel.fullname" . }} 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.ratel.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.ratel.service.labels }} 14 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 15 | {{- end }} 16 | {{- with .Values.ratel.service.annotations }} 17 | annotations: 18 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | type: {{ .Values.ratel.service.type }} 22 | {{- if .Values.ratel.service.loadBalancerIP }} 23 | loadBalancerIP: {{ .Values.ratel.service.loadBalancerIP }} 24 | {{- end }} 25 | {{- if .Values.ratel.service.externalTrafficPolicy }} 26 | externalTrafficPolicy: {{ .Values.ratel.service.externalTrafficPolicy }} 27 | {{- end }} 28 | ports: 29 | - port: 80 30 | targetPort: 8000 31 | name: http-ratel 32 | {{- with .Values.ratel.service.loadBalancerSourceRanges }} 33 | loadBalancerSourceRanges: 34 | {{- toYaml . | nindent 4 }} 35 | {{- end }} 36 | selector: 37 | app: {{ template "dgraph.name" . }} 38 | chart: {{ template "dgraph.chart" . }} 39 | component: {{ .Values.ratel.name }} 40 | release: {{ .Release.Name }} 41 | 42 | {{- end }} 43 | -------------------------------------------------------------------------------- /charts/dgraph/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | automountServiceAccountToken: {{ .Values.serviceAccount.automountServiceAccountToken }} 5 | metadata: 6 | name: {{ template "dgraph.serviceAccountName" . }} 7 | namespace: {{ include "dgraph.namespace" . }} 8 | labels: 9 | app: {{ template "dgraph.name" . }} 10 | chart: {{ template "dgraph.chart" . }} 11 | component: {{ .Values.alpha.name }} 12 | release: {{ .Release.Name }} 13 | heritage: {{ .Release.Service }} 14 | {{- with .Values.serviceAccount.annotations }} 15 | annotations: 16 | {{- toYaml . | nindent 4 }} 17 | {{- end }} 18 | {{- end }} 19 | -------------------------------------------------------------------------------- /charts/dgraph/templates/zero/configs.yaml: -------------------------------------------------------------------------------- 1 | {{ if .Values.zero.configFile }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "dgraph.zero.fullname" . }}-config 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.zero.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | data: 14 | {{- with .Values.zero.configFile }} 15 | {{- toYaml . | trimSuffix "\n" | nindent 2 }} 16 | {{- end }} 17 | {{ end }} 18 | -------------------------------------------------------------------------------- /charts/dgraph/templates/zero/secret-tls.yaml: -------------------------------------------------------------------------------- 1 | {{ if and .Values.zero.tls.enabled .Values.zero.tls.files }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "dgraph.zero.fullname" . }}-tls-secret 6 | namespace: {{ include "dgraph.namespace" . }} 7 | labels: 8 | app: {{ template "dgraph.name" . }} 9 | chart: {{ template "dgraph.chart" . }} 10 | component: {{ .Values.zero.name }} 11 | release: {{ .Release.Name }} 12 | heritage: {{ .Release.Service }} 13 | {{- with .Values.zero.tls.annotations }} 14 | annotations: 15 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 16 | {{- end }} 17 | type: Opaque 18 | data: 19 | {{- with .Values.zero.tls.files }} 20 | {{- toYaml . | trimSuffix "\n" | nindent 2 }} 21 | {{- end }} 22 | {{ end }} 23 | -------------------------------------------------------------------------------- /charts/dgraph/templates/zero/statefulset.yaml: -------------------------------------------------------------------------------- 1 | {{- /* Generate domain name for first zero in cluster */}} 2 | {{- define "peer_zero" -}} 3 | {{- $zeroFullName := include "dgraph.zero.fullname" . -}} 4 | 5 | {{- /* Append domain suffix if domain is used */}} 6 | {{- $domainSuffix := "" -}} 7 | {{- if .Values.global.domain -}} 8 | {{- $domainSuffix = printf ".%s" .Values.global.domain -}} 9 | {{- end -}} 10 | 11 | {{- printf "%s-%d.%s-headless.${POD_NAMESPACE}.svc%s:5080" $zeroFullName 0 $zeroFullName $domainSuffix -}} 12 | {{- end -}} 13 | {{- /* Superflag (v21.03.0) support and legacy flags */}} 14 | {{- define "raft_index_flag" -}} 15 | {{- $safeVersion := include "dgraph.version" . -}} 16 | {{- if semverCompare ">= 21.03.0" $safeVersion -}} 17 | {{- printf "--raft idx=" -}} 18 | {{- else -}} 19 | {{- printf "--idx " -}} 20 | {{- end -}} 21 | {{- end -}} 22 | apiVersion: apps/v1 23 | kind: StatefulSet 24 | metadata: 25 | name: "{{ template "dgraph.zero.fullname" . }}" 26 | namespace: {{ include "dgraph.namespace" . }} 27 | labels: 28 | app: {{ template "dgraph.name" . }} 29 | chart: {{ template "dgraph.chart" . }} 30 | component: {{ .Values.zero.name }} 31 | release: {{ .Release.Name }} 32 | heritage: {{ .Release.Service }} 33 | spec: 34 | serviceName: {{ template "dgraph.zero.fullname" . }}-headless 35 | replicas: {{ .Values.zero.replicaCount }} 36 | podManagementPolicy: {{ .Values.zero.podManagementPolicy | quote }} 37 | updateStrategy: 38 | type: {{ .Values.zero.updateStrategy | quote }} 39 | {{- if (eq "Recreate" .Values.zero.updateStrategy) }} 40 | rollingUpdate: null 41 | {{- else if .Values.zero.rollingUpdatePartition }} 42 | rollingUpdate: 43 | partition: {{ .Values.zero.rollingUpdatePartition }} 44 | {{- end }} 45 | selector: 46 | matchLabels: 47 | app: {{ template "dgraph.name" . }} 48 | chart: {{ template "dgraph.chart" . }} 49 | release: {{ .Release.Name }} 50 | component: {{ .Values.zero.name }} 51 | template: 52 | metadata: 53 | name: {{ template "dgraph.zero.fullname" . }} 54 | {{- if or .Values.zero.metrics.enabled .Values.zero.extraAnnotations }} 55 | annotations: 56 | {{- if .Values.zero.metrics.enabled }} 57 | prometheus.io/path: /debug/prometheus_metrics 58 | prometheus.io/port: "6080" 59 | prometheus.io/scrape: "true" 60 | {{- end }} 61 | {{- with .Values.zero.extraAnnotations }} 62 | {{- toYaml . | trimSuffix "\n" | nindent 8 }} 63 | {{- end }} 64 | {{- end }} 65 | labels: 66 | app: {{ template "dgraph.name" . }} 67 | chart: {{ template "dgraph.chart" . }} 68 | release: {{ .Release.Name }} 69 | component: {{ .Values.zero.name }} 70 | {{- if .Values.zero.podLabels }} 71 | {{ .Values.zero.podLabels | toYaml | indent 8}} 72 | {{- end }} 73 | spec: 74 | {{- if .Values.serviceAccount.create }} 75 | serviceAccountName: {{ .Values.serviceAccount.name }} 76 | automountServiceAccountToken: {{ .Values.zero.automountServiceAccountToken }} 77 | {{- end }} 78 | {{- if .Values.zero.schedulerName }} 79 | schedulerName: {{ .Values.zero.schedulerName }} 80 | {{- end }} 81 | {{- if or (eq .Values.zero.antiAffinity "hard") (eq .Values.zero.antiAffinity "soft") .Values.zero.nodeAffinity }} 82 | affinity: 83 | {{- end }} 84 | {{- if eq .Values.zero.antiAffinity "hard" }} 85 | podAntiAffinity: 86 | requiredDuringSchedulingIgnoredDuringExecution: 87 | - labelSelector: 88 | matchExpressions: 89 | - key: component 90 | operator: In 91 | values: 92 | - {{ .Values.zero.name }} 93 | topologyKey: {{ .Values.zero.podAntiAffinitytopologyKey }} 94 | {{- else if eq .Values.zero.antiAffinity "soft" }} 95 | podAntiAffinity: 96 | preferredDuringSchedulingIgnoredDuringExecution: 97 | - weight: 100 98 | podAffinityTerm: 99 | labelSelector: 100 | matchExpressions: 101 | - key: component 102 | operator: In 103 | values: 104 | - {{ .Values.zero.name }} 105 | topologyKey: {{ .Values.zero.podAntiAffinitytopologyKey }} 106 | {{- end }} 107 | {{- with .Values.zero.nodeAffinity }} 108 | nodeAffinity: 109 | {{ toYaml . | indent 10 }} 110 | {{- end }} 111 | {{- include "dgraph.imagePullSecrets" . | indent 6 }} 112 | {{- if .Values.zero.securityContext.enabled }} 113 | securityContext: 114 | fsGroup: {{ .Values.zero.securityContext.fsGroup }} 115 | runAsUser: {{ .Values.zero.securityContext.runAsUser }} 116 | {{- end }} 117 | {{- if .Values.zero.nodeSelector }} 118 | nodeSelector: 119 | {{ toYaml .Values.zero.nodeSelector | indent 8 }} 120 | {{- end }} 121 | {{- if .Values.zero.tolerations }} 122 | tolerations: 123 | {{ toYaml .Values.zero.tolerations | indent 8 }} 124 | {{- end }} 125 | containers: 126 | - name: {{ template "dgraph.zero.fullname" . }} 127 | image: {{ template "dgraph.image" . }} 128 | ports: 129 | - containerPort: 5080 130 | name: grpc-zero 131 | - containerPort: 6080 132 | name: http-zero 133 | imagePullPolicy: {{ .Values.image.pullPolicy | quote }} 134 | env: 135 | - name: POD_NAMESPACE 136 | valueFrom: 137 | fieldRef: 138 | fieldPath: metadata.namespace 139 | {{- if .Values.zero.configFile }} 140 | - name: DGRAPH_ZERO_CONFIG 141 | value: /dgraph/config/{{ first (keys .Values.zero.configFile | uniq | sortAlpha) }} 142 | {{- end }} 143 | {{- with .Values.zero.extraEnvs }} 144 | {{- toYaml . | nindent 10 }} 145 | {{- end }} 146 | {{- with .Values.zero.envFrom }} 147 | envFrom: 148 | {{- toYaml . | nindent 10 }} 149 | {{- end }} 150 | command: 151 | - bash 152 | - "-c" 153 | - | 154 | set -ex 155 | [[ `hostname` =~ -([0-9]+)$ ]] || exit 1 156 | ordinal=${BASH_REMATCH[1]} 157 | idx=$(($ordinal + 1)) 158 | if [[ $ordinal -eq 0 ]]; then 159 | exec dgraph zero --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):5080 {{ template "raft_index_flag" . }}$idx --replicas {{ .Values.zero.shardReplicaCount }} {{ .Values.zero.extraFlags }} 160 | else 161 | exec dgraph zero --my=$(hostname -f | awk '{gsub(/\.$/,""); print $0}'):5080 --peer {{ template "peer_zero" . }} {{ template "raft_index_flag" . }}$idx --replicas {{ .Values.zero.shardReplicaCount }} {{ .Values.zero.extraFlags }} 162 | fi 163 | resources: 164 | {{ toYaml .Values.zero.resources | indent 10 }} 165 | {{- if .Values.zero.startupProbe.enabled }} 166 | startupProbe: 167 | httpGet: 168 | port: {{ .Values.zero.startupProbe.port }} 169 | path: {{ .Values.zero.startupProbe.path }} 170 | periodSeconds: {{ .Values.zero.startupProbe.periodSeconds }} 171 | timeoutSeconds: {{ .Values.zero.startupProbe.timeoutSeconds }} 172 | successThreshold: {{ .Values.zero.startupProbe.successThreshold }} 173 | failureThreshold: {{ .Values.zero.startupProbe.failureThreshold }} 174 | {{- else if .Values.zero.customStartupProbe }} 175 | startupProbe: {{- toYaml .Values.zero.customStartupProbe | nindent 10 }} 176 | {{- end }} 177 | {{- if .Values.zero.livenessProbe.enabled }} 178 | livenessProbe: 179 | httpGet: 180 | port: {{ .Values.zero.livenessProbe.port }} 181 | path: {{ .Values.zero.livenessProbe.path }} 182 | initialDelaySeconds: {{ .Values.zero.livenessProbe.initialDelaySeconds }} 183 | periodSeconds: {{ .Values.zero.livenessProbe.periodSeconds }} 184 | timeoutSeconds: {{ .Values.zero.livenessProbe.timeoutSeconds }} 185 | successThreshold: {{ .Values.zero.livenessProbe.successThreshold }} 186 | failureThreshold: {{ .Values.zero.livenessProbe.failureThreshold }} 187 | {{- else if .Values.zero.customLivenessProbe }} 188 | livenessProbe: {{- toYaml .Values.zero.customLivenessProbe | nindent 10 }} 189 | {{- end }} 190 | {{- if .Values.zero.readinessProbe.enabled }} 191 | readinessProbe: 192 | httpGet: 193 | port: {{ .Values.zero.readinessProbe.port }} 194 | path: {{ .Values.zero.readinessProbe.path }} 195 | initialDelaySeconds: {{ .Values.zero.readinessProbe.initialDelaySeconds }} 196 | periodSeconds: {{ .Values.zero.readinessProbe.periodSeconds }} 197 | timeoutSeconds: {{ .Values.zero.readinessProbe.timeoutSeconds }} 198 | successThreshold: {{ .Values.zero.readinessProbe.successThreshold }} 199 | failureThreshold: {{ .Values.zero.readinessProbe.failureThreshold }} 200 | {{- else if .Values.zero.customReadinessProbe }} 201 | readinessProbe: {{- toYaml .Values.zero.customReadinessProbe | nindent 10 }} 202 | {{- end }} 203 | volumeMounts: 204 | {{- if .Values.zero.persistence.enabled }} 205 | - name: datadir 206 | mountPath: /dgraph 207 | {{- end }} 208 | {{- if .Values.zero.configFile }} 209 | - name: config-volume 210 | mountPath: /dgraph/config 211 | {{- end }} 212 | {{- if .Values.zero.tls.enabled }} 213 | - name: tls-volume 214 | mountPath: /dgraph/tls 215 | {{- end }} 216 | terminationGracePeriodSeconds: {{ .Values.zero.terminationGracePeriodSeconds }} 217 | volumes: 218 | - name: datadir 219 | {{- if .Values.zero.persistence.enabled }} 220 | persistentVolumeClaim: 221 | claimName: datadir 222 | {{- else }} 223 | emptyDir: {} 224 | {{- end }} 225 | {{- if .Values.zero.configFile }} 226 | - name: config-volume 227 | configMap: 228 | name: {{ template "dgraph.zero.fullname" . }}-config 229 | {{- end }} 230 | {{- if .Values.zero.tls.enabled }} 231 | - name: tls-volume 232 | secret: 233 | secretName: {{ template "dgraph.zero.fullname" . }}-tls-secret 234 | {{- end }} 235 | {{- if .Values.zero.persistence.enabled }} 236 | volumeClaimTemplates: 237 | - metadata: 238 | name: datadir 239 | annotations: 240 | {{- range $key, $value := .Values.zero.persistence.annotations }} 241 | {{ $key }}: {{ $value }} 242 | {{- end }} 243 | volume.alpha.kubernetes.io/storage-class: anything 244 | spec: 245 | accessModes: 246 | {{- range .Values.zero.persistence.accessModes }} 247 | - {{ . | quote }} 248 | {{- end }} 249 | resources: 250 | requests: 251 | storage: {{ .Values.zero.persistence.size | quote }} 252 | {{- if .Values.zero.persistence.storageClass }} 253 | {{- if (eq "-" .Values.zero.persistence.storageClass) }} 254 | storageClassName: "" 255 | {{- else }} 256 | storageClassName: {{ .Values.zero.persistence.storageClass | quote }} 257 | {{- end -}} 258 | {{- end -}} 259 | {{- end }} 260 | -------------------------------------------------------------------------------- /charts/dgraph/templates/zero/svc-headless.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "dgraph.zero.fullname" . }}-headless 5 | namespace: {{ include "dgraph.namespace" . }} 6 | labels: 7 | app: {{ template "dgraph.name" . }} 8 | chart: {{ template "dgraph.chart" . }} 9 | component: {{ .Values.zero.name }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | {{- with .Values.zero.serviceHeadless.labels }} 13 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 14 | {{- end }} 15 | spec: 16 | type: ClusterIP 17 | clusterIP: None 18 | ports: 19 | - name: grpc-zero 20 | port: 5080 21 | targetPort: 5080 22 | selector: 23 | app: {{ template "dgraph.name" . }} 24 | chart: {{ template "dgraph.chart" . }} 25 | release: {{ .Release.Name }} 26 | component: {{ .Values.zero.name }} 27 | publishNotReadyAddresses: {{ .Values.zero.service.publishNotReadyAddresses }} 28 | -------------------------------------------------------------------------------- /charts/dgraph/templates/zero/svc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ template "dgraph.zero.fullname" . }} 5 | namespace: {{ include "dgraph.namespace" . }} 6 | labels: 7 | app: {{ template "dgraph.name" . }} 8 | chart: {{ template "dgraph.chart" . }} 9 | component: {{ .Values.zero.name }} 10 | release: {{ .Release.Name }} 11 | heritage: {{ .Release.Service }} 12 | monitor: {{ .Values.zero.monitorLabel }} 13 | {{- with .Values.zero.service.labels }} 14 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 15 | {{- end }} 16 | {{- with .Values.zero.service.annotations }} 17 | annotations: 18 | {{- toYaml . | trimSuffix "\n" | nindent 4 }} 19 | {{- end }} 20 | spec: 21 | type: {{ .Values.zero.service.type }} 22 | {{- if .Values.zero.service.loadBalancerIP }} 23 | loadBalancerIP: {{ .Values.zero.service.loadBalancerIP }} 24 | {{- end }} 25 | {{- if .Values.zero.externalTrafficPolicy }} 26 | externalTrafficPolicy: {{ .Values.zero.externalTrafficPolicy }} 27 | {{- end }} 28 | ports: 29 | - port: 5080 30 | targetPort: 5080 31 | name: grpc-zero 32 | - port: 6080 33 | targetPort: 6080 34 | name: http-zero 35 | {{- with .Values.zero.service.loadBalancerSourceRanges }} 36 | loadBalancerSourceRanges: 37 | {{- toYaml . | nindent 4 }} 38 | {{- end }} 39 | selector: 40 | app: {{ template "dgraph.name" . }} 41 | chart: {{ template "dgraph.chart" . }} 42 | release: {{ .Release.Name }} 43 | component: {{ .Values.zero.name }} 44 | -------------------------------------------------------------------------------- /charts/ratel/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *.orig 18 | *~ 19 | # Various IDEs 20 | .project 21 | .idea/ 22 | *.tmproj 23 | .vscode/ 24 | -------------------------------------------------------------------------------- /charts/ratel/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v2 2 | name: ratel 3 | description: A Helm chart for Kubernetes 4 | 5 | # A chart can be either an 'application' or a 'library' chart. 6 | # 7 | # Application charts are a collection of templates that can be packaged into versioned archives 8 | # to be deployed. 9 | # 10 | # Library charts provide useful utilities or functions for the chart developer. They're included as 11 | # a dependency of application charts to inject those utilities and functions into the rendering 12 | # pipeline. Library charts do not define any templates and therefore cannot be deployed. 13 | type: application 14 | 15 | # This is the chart version. This version number should be incremented each time you make changes 16 | # to the chart and its templates, including the app version. 17 | # Versions are expected to follow Semantic Versioning (https://semver.org/) 18 | version: 0.2.0 19 | 20 | # This is the version number of the application being deployed. This version number should be 21 | # incremented each time you make changes to the application. Versions are not expected to 22 | # follow Semantic Versioning. They should reflect the version the application is using. 23 | # It is recommended to use it with quotes. 24 | appVersion: "v23.1.0" 25 | -------------------------------------------------------------------------------- /charts/ratel/README.md: -------------------------------------------------------------------------------- 1 | # Ratel 2 | 3 | ## TL;DR 4 | 5 | ```bash 6 | helm repo add dgraph https://charts.dgraph.io 7 | helm install "my-ratel" --namespace "my-ratel" dgraph/ratel 8 | ``` 9 | 10 | ## Introduction 11 | 12 | Ratel is a [SPA](https://wikipedia.org/wiki/Single-page_application) ([single-page-application](https://wikipedia.org/wiki/Single-page_application)) [React](https://react.dev/) client that runs locally from your web browser. The server component is a small web server that hosts the client application, which is then downloaed into your browser locally. There is no server-to-server connection. 13 | 14 | 15 | ### Prequisites 16 | 17 | * Kubernetes 1.20+ 18 | * Helm 3.0+ 19 | * Dgraph v21.12.0+ 20 | 21 | ### Restricting Ratel 22 | 23 | For best practices in security, it is recommended that you install Ratel separately instead of bundled together with the Dgraph. This small web server should be installed in a namespace that is separate from Dgraph server. If your Kubernetes cluster supports the [network policies](https://kubernetes.io/docs/concepts/services-networking/network-policies/) feature, such as [Calico](https://www.tigera.io/project-calico/), you can use these to restrict traffic between the web service hosting Ratel and Dgraph servers. 24 | 25 | Given this, use thie helm chart to install Ratel separately from Dgraph 26 | 27 | ### Accessing Ratel 28 | 29 | In order for the Ratel client to connect to the Dgraph Alpha server, you can connect through a tunnel, such as VPN, or connect Dgraph Alpha to an endpoint, such as [service](https://kubernetes.io/docs/concepts/services-networking/service/) of type [LoadBalancer](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) or use an [ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) resource. See Dgraph helm chart for further information on such configurations. 30 | 31 | ## Configuration 32 | 33 | The following table lists the configurable parameters of the ratel chart and their default values. 34 | 35 | | Parameter | Description | Default | 36 | | ---------------------------------------- | --------------------------------------------------------------------- | --------------------------------------------------- | 37 | | `replicaCount` | number of Kubernetes replicas | `1` | 38 | | `image.repository` | Container repository name | `dgraph/dgraph-lambda` | 39 | | `image.pullPolicy` | Container image pull policy | `IfNotPresent` | 40 | | `image.tag` | Container image tag | `v21.12.0` | 41 | | `imagePullSecrets` | Image pull secrets auth tokens used to access a private registry | `[]` | 42 | | `nameOverride` | Name override of the default chart name | `""` | 43 | | `namespaceOverride` | Namespace override | `nil` | 44 | | `fullnameOverride` | Full Name override of the release name + chart name | `""` | 45 | | `serviceAccount.create` | Specifies if service account should be created | `true` | 46 | | `serviceAccount.annotations` | Service Account annotations | `{}` | 47 | | `serviceAccount.name` | Service Account name | `""` | 48 | | `podAnnotations` | Additional pod annotations | `{}` | 49 | | `podSecurityContext` | Pod Security context to define privilege and access control | `{}` | 50 | | `securityContext` | Container Security context to define privilege and access control | `{} ` | 51 | | `service.type` | Service type (`ClusterIP`, `NodePort`, `LoadBalancer`) | `ClusterIP` | 52 | | `service.port` | Service inbound port | `80` | 53 | | `ingress.enabled` | Ingress enabled | `false` | 54 | | `ingress.annotations` | Ingress annotations | `{}` | 55 | | `ingress.hosts` | Ingress hosts list to configure virtual hosts + routes to the service | see `values.yaml` | 56 | | `ingress.tls` | Ingress tls configuration | `[]` | 57 | | `resources` | Resource limites and requests | `{}` | 58 | | `nodeSelector` | Node selection constraints | `{}` | 59 | | `tolerations` | Allow scheduling pods onto nodes matching specified taints | `[]` | 60 | | `affinity` | Affinity configuration to allow nodes to scheduled on desired nodes | `{}` | -------------------------------------------------------------------------------- /charts/ratel/example_values/ingress/ingress-alb-no_host.yaml: -------------------------------------------------------------------------------- 1 | # aws-load-balancer-controller 2 | # * https://github.com/kubernetes-sigs/aws-load-balancer-controller 3 | # NOTE: 4 | # * shared ALB with group name of 'dgraph' will be used. 5 | # This avoids provisioning multiple ALBs 6 | enabled: true 7 | className: alb 8 | annotations: 9 | alb.ingress.kubernetes.io/scheme: internet-facing 10 | alb.ingress.kubernetes.io/target-type: ip 11 | alb.ingress.kubernetes.io/group: dgraph 12 | hosts: 13 | - paths: 14 | - path: /* 15 | pathType: ImplementationSpecific 16 | host: ratel.example.com 17 | -------------------------------------------------------------------------------- /charts/ratel/example_values/ingress/ingress-alb-with_host.yaml: -------------------------------------------------------------------------------- 1 | ingress: 2 | enabled: true 3 | className: alb 4 | annotations: 5 | alb.ingress.kubernetes.io/scheme: internet-facing 6 | alb.ingress.kubernetes.io/target-type: ip 7 | hosts: 8 | - paths: 9 | - path: /* 10 | pathType: ImplementationSpecific 11 | -------------------------------------------------------------------------------- /charts/ratel/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | 1. Get the application URL by running these commands: 2 | {{- if .Values.ingress.enabled }} 3 | {{- range $host := .Values.ingress.hosts }} 4 | {{- range .paths }} 5 | http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} 6 | {{- end }} 7 | {{- end }} 8 | {{- else if contains "NodePort" .Values.service.type }} 9 | export NODE_PORT=$(kubectl get --namespace {{ include "ratel.namespace" . }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ratel.fullname" . }}) 10 | export NODE_IP=$(kubectl get nodes --namespace {{ include "ratel.namespace" . }} -o jsonpath="{.items[0].status.addresses[0].address}") 11 | echo http://$NODE_IP:$NODE_PORT 12 | {{- else if contains "LoadBalancer" .Values.service.type }} 13 | NOTE: It may take a few minutes for the LoadBalancer IP to be available. 14 | You can watch the status of by running 'kubectl get --namespace {{ include "ratel.namespace" . }} svc -w {{ include "ratel.fullname" . }}' 15 | export SERVICE_IP=$(kubectl get svc --namespace {{ include "ratel.namespace" . }} {{ include "ratel.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") 16 | echo http://$SERVICE_IP:{{ .Values.service.port }} 17 | {{- else if contains "ClusterIP" .Values.service.type }} 18 | export POD_NAME=$(kubectl get pods --namespace {{ include "ratel.namespace" . }} -l "app.kubernetes.io/name={{ include "ratel.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 19 | export CONTAINER_PORT=$(kubectl get pod --namespace {{ include "ratel.namespace" . }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") 20 | echo "Visit http://127.0.0.1:8000 to use your application" 21 | kubectl --namespace {{ include "ratel.namespace" . }} port-forward $POD_NAME 8000:$CONTAINER_PORT 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /charts/ratel/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* 2 | Expand the name of the chart. 3 | */}} 4 | {{- define "ratel.name" -}} 5 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} 6 | {{- end }} 7 | 8 | {{/* 9 | Create a default fully qualified app name. 10 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 11 | If release name contains chart name it will be used as a full name. 12 | */}} 13 | {{- define "ratel.fullname" -}} 14 | {{- if .Values.fullnameOverride }} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} 16 | {{- else }} 17 | {{- $name := default .Chart.Name .Values.nameOverride }} 18 | {{- if contains $name .Release.Name }} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" }} 20 | {{- else }} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} 22 | {{- end }} 23 | {{- end }} 24 | {{- end }} 25 | 26 | {{/* 27 | Create chart name and version as used by the chart label. 28 | */}} 29 | {{- define "ratel.chart" -}} 30 | {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} 31 | {{- end }} 32 | 33 | {{/* 34 | Common labels 35 | */}} 36 | {{- define "ratel.labels" -}} 37 | helm.sh/chart: {{ include "ratel.chart" . }} 38 | {{ include "ratel.selectorLabels" . }} 39 | {{- if .Chart.AppVersion }} 40 | app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} 41 | {{- end }} 42 | app.kubernetes.io/managed-by: {{ .Release.Service }} 43 | {{- end }} 44 | 45 | {{/* 46 | Selector labels 47 | */}} 48 | {{- define "ratel.selectorLabels" -}} 49 | app.kubernetes.io/name: {{ include "ratel.name" . }} 50 | app.kubernetes.io/instance: {{ .Release.Name }} 51 | {{- end }} 52 | 53 | {{/* 54 | Create the name of the service account to use 55 | */}} 56 | {{- define "ratel.serviceAccountName" -}} 57 | {{- if .Values.serviceAccount.create }} 58 | {{- default (include "ratel.fullname" .) .Values.serviceAccount.name }} 59 | {{- else }} 60 | {{- default "default" .Values.serviceAccount.name }} 61 | {{- end }} 62 | {{- end }} 63 | 64 | {{/* 65 | Allow overriding namespace 66 | */}} 67 | {{- define "ratel.namespace" -}} 68 | {{- default .Release.Namespace .Values.namespaceOverride -}} 69 | {{- end -}} 70 | -------------------------------------------------------------------------------- /charts/ratel/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: apps/v1 2 | kind: Deployment 3 | metadata: 4 | name: {{ include "ratel.fullname" . }} 5 | namespace: {{ include "ratel.namespace" . }} 6 | labels: 7 | {{- include "ratel.labels" . | nindent 4 }} 8 | spec: 9 | replicas: {{ .Values.replicaCount }} 10 | selector: 11 | matchLabels: 12 | {{- include "ratel.selectorLabels" . | nindent 6 }} 13 | template: 14 | metadata: 15 | {{- with .Values.podAnnotations }} 16 | annotations: 17 | {{- toYaml . | nindent 8 }} 18 | {{- end }} 19 | labels: 20 | {{- include "ratel.selectorLabels" . | nindent 8 }} 21 | spec: 22 | {{- with .Values.imagePullSecrets }} 23 | imagePullSecrets: 24 | {{- toYaml . | nindent 8 }} 25 | {{- end }} 26 | serviceAccountName: {{ include "ratel.serviceAccountName" . }} 27 | securityContext: 28 | {{- toYaml .Values.podSecurityContext | nindent 8 }} 29 | containers: 30 | - name: {{ .Chart.Name }} 31 | securityContext: 32 | {{- toYaml .Values.securityContext | nindent 12 }} 33 | image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" 34 | imagePullPolicy: {{ .Values.image.pullPolicy }} 35 | command: 36 | - dgraph-ratel 37 | ports: 38 | - name: http 39 | containerPort: 8000 40 | protocol: TCP 41 | livenessProbe: 42 | httpGet: 43 | path: / 44 | port: http 45 | readinessProbe: 46 | httpGet: 47 | path: / 48 | port: http 49 | resources: 50 | {{- toYaml .Values.resources | nindent 12 }} 51 | {{- with .Values.nodeSelector }} 52 | nodeSelector: 53 | {{- toYaml . | nindent 8 }} 54 | {{- end }} 55 | {{- with .Values.affinity }} 56 | affinity: 57 | {{- toYaml . | nindent 8 }} 58 | {{- end }} 59 | {{- with .Values.tolerations }} 60 | tolerations: 61 | {{- toYaml . | nindent 8 }} 62 | {{- end }} 63 | -------------------------------------------------------------------------------- /charts/ratel/templates/ingress.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.ingress.enabled -}} 2 | {{- $fullName := include "ratel.fullname" . -}} 3 | {{- $svcPort := .Values.service.port -}} 4 | {{- if and .Values.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }} 5 | {{- if not (hasKey .Values.ingress.annotations "kubernetes.io/ingress.class") }} 6 | {{- $_ := set .Values.ingress.annotations "kubernetes.io/ingress.class" .Values.ingress.className}} 7 | {{- end }} 8 | {{- end }} 9 | {{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}} 10 | apiVersion: networking.k8s.io/v1 11 | {{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}} 12 | apiVersion: networking.k8s.io/v1beta1 13 | {{- else -}} 14 | apiVersion: extensions/v1beta1 15 | {{- end }} 16 | kind: Ingress 17 | metadata: 18 | name: {{ $fullName }} 19 | namespace: {{ include "ratel.namespace" . }} 20 | labels: 21 | {{- include "ratel.labels" . | nindent 4 }} 22 | {{- with .Values.ingress.annotations }} 23 | annotations: 24 | {{- toYaml . | nindent 4 }} 25 | {{- end }} 26 | spec: 27 | {{- if and .Values.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }} 28 | ingressClassName: {{ .Values.ingress.className }} 29 | {{- end }} 30 | {{- if .Values.ingress.tls }} 31 | tls: 32 | {{- range .Values.ingress.tls }} 33 | - hosts: 34 | {{- range .hosts }} 35 | - {{ . | quote }} 36 | {{- end }} 37 | secretName: {{ .secretName }} 38 | {{- end }} 39 | {{- end }} 40 | rules: 41 | {{- range .Values.ingress.hosts }} 42 | - http: 43 | paths: 44 | {{- range .paths }} 45 | - path: {{ .path }} 46 | {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }} 47 | pathType: {{ .pathType }} 48 | {{- end }} 49 | backend: 50 | {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }} 51 | service: 52 | name: {{ $fullName }} 53 | port: 54 | number: {{ $svcPort }} 55 | {{- else }} 56 | serviceName: {{ $fullName }} 57 | servicePort: {{ $svcPort }} 58 | {{- end }} 59 | {{- end }} 60 | {{- if .host }} 61 | host: {{ .host | quote }} 62 | {{- end }} 63 | {{- end }} 64 | {{- end }} 65 | -------------------------------------------------------------------------------- /charts/ratel/templates/service.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Service 3 | metadata: 4 | name: {{ include "ratel.fullname" . }} 5 | namespace: {{ include "ratel.namespace" . }} 6 | labels: 7 | {{- include "ratel.labels" . | nindent 4 }} 8 | spec: 9 | type: {{ .Values.service.type }} 10 | ports: 11 | - port: {{ .Values.service.port }} 12 | targetPort: http 13 | protocol: TCP 14 | name: http 15 | selector: 16 | {{- include "ratel.selectorLabels" . | nindent 4 }} 17 | -------------------------------------------------------------------------------- /charts/ratel/templates/serviceaccount.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.serviceAccount.create -}} 2 | apiVersion: v1 3 | kind: ServiceAccount 4 | metadata: 5 | name: {{ include "ratel.serviceAccountName" . }} 6 | namespace: {{ include "ratel.namespace" . }} 7 | labels: 8 | {{- include "ratel.labels" . | nindent 4 }} 9 | {{- with .Values.serviceAccount.annotations }} 10 | annotations: 11 | {{- toYaml . | nindent 4 }} 12 | {{- end }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /charts/ratel/templates/tests/test-connection.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: Pod 3 | metadata: 4 | name: "{{ include "ratel.fullname" . }}-test-connection" 5 | namespace: {{ include "ratel.namespace" . }} 6 | labels: 7 | {{- include "ratel.labels" . | nindent 4 }} 8 | annotations: 9 | "helm.sh/hook": test 10 | spec: 11 | containers: 12 | - name: wget 13 | image: busybox 14 | command: ['wget'] 15 | args: ['{{ include "ratel.fullname" . }}:{{ .Values.service.port }}'] 16 | restartPolicy: Never 17 | -------------------------------------------------------------------------------- /charts/ratel/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for ratel. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: dgraph/ratel 9 | pullPolicy: IfNotPresent 10 | # Overrides the image tag whose default is the chart appVersion. 11 | tag: v21.12.0 12 | 13 | imagePullSecrets: [] 14 | nameOverride: "" 15 | fullnameOverride: "" 16 | 17 | serviceAccount: 18 | # Specifies whether a service account should be created 19 | create: true 20 | # Annotations to add to the service account 21 | annotations: {} 22 | # The name of the service account to use. 23 | # If not set and create is true, a name is generated using the fullname template 24 | name: "" 25 | 26 | podAnnotations: {} 27 | 28 | podSecurityContext: {} 29 | # fsGroup: 2000 30 | 31 | securityContext: {} 32 | # capabilities: 33 | # drop: 34 | # - ALL 35 | # readOnlyRootFilesystem: true 36 | # runAsNonRoot: true 37 | # runAsUser: 1000 38 | 39 | service: 40 | type: ClusterIP 41 | port: 80 42 | 43 | ingress: 44 | enabled: false 45 | className: "" 46 | annotations: {} 47 | # kubernetes.io/ingress.class: nginx 48 | # kubernetes.io/tls-acme: "true" 49 | hosts: 50 | - host: chart-example.local 51 | paths: 52 | - path: / 53 | pathType: ImplementationSpecific 54 | tls: [] 55 | # - secretName: chart-example-tls 56 | # hosts: 57 | # - chart-example.local 58 | 59 | resources: {} 60 | # We usually recommend not to specify default resources and to leave this as a conscious 61 | # choice for the user. This also increases chances charts run on environments with little 62 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 63 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 64 | # limits: 65 | # cpu: 100m 66 | # memory: 128Mi 67 | # requests: 68 | # cpu: 100m 69 | # memory: 128Mi 70 | 71 | nodeSelector: {} 72 | 73 | tolerations: [] 74 | 75 | affinity: {} 76 | -------------------------------------------------------------------------------- /dgraph-24.0.4.tgz: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dgraph-io/charts/0ce48ea2566ed78759f06b25cc68b4296ff5270b/dgraph-24.0.4.tgz -------------------------------------------------------------------------------- /helmfiles/README.md: -------------------------------------------------------------------------------- 1 | # Helmfiles 2 | 3 | The `helmfile` is a useful tool to manage values dynamically across several helm charts. Normally, with only with the `helm` tool by itself, you would use static values and install one chart at a time. 4 | 5 | This can be useful to install Dgraph with Lambda function support, as well as other charts, such as monitoring with Prometheus, observability with Jaeger, logging with EFK (ElasticSearch-Fluentd-Kibana) or PLG (Promtail-Loki-Grafana), MinIO for backup storage, and so on. 6 | 7 | This directory will have example helmfile scripts that you can adapt for your environments. 8 | 9 | ## Overview 10 | 11 | Article: 12 | 13 | * [Helmfile: What Is It?](https://tanzu.vmware.com/developer/guides/kubernetes/helmfile-what-is/) - succinct summary on `helmfile` tool and why is it important. 14 | 15 | ## Installation of Tools 16 | 17 | * Prerequisite Tools 18 | * `kubectl` - https://kubernetes.io/docs/tasks/tools/install-kubectl/ 19 | * `helm` - https://helm.sh/ 20 | * helm-diff plugin - https://github.com/databus23/helm-diff 21 | * Helmfile Tools 22 | * `helmfile` - https://github.com/roboll/helmfile#installation 23 | 24 | ## Usage 25 | 26 | Helmfile uses `helmfile.yaml` in the current working directory, so you can cd to that directory or use `--file` argument. 27 | 28 | ```bash 29 | ## diff releases from state file against env (helm diff) 30 | helmfile --file path/to/helmfile.yaml diff 31 | ## apply all resources from state file only when there are changes 32 | helmfile --file path/to/helmfile.yaml apply 33 | ## sync all resources from state file (repos, releases and chart deps) 34 | helmfile --file path/to/helmfile.yaml sync 35 | ``` 36 | -------------------------------------------------------------------------------- /helmfiles/lambda/README.md: -------------------------------------------------------------------------------- 1 | ## Dgraph lambda 2 | 3 | This demonstrates how to use [Lambda Resolvers](https://dgraph.io/docs/cloud/cloud-api/lambda/) on a Kubernetes cluster. 4 | 5 | ## Instructions 6 | 7 | ### Install dgraph and dgraph-lambda 8 | 9 | ```bash 10 | helmfile apply 11 | ``` 12 | 13 | This will install `dgraph` (Helm Release Name: `dev`, Namespace: `default`) and `dgraph-lambda` (Helm Release Name: `lambda`, Namespace: `default`). 14 | 15 | ### Add schema 16 | 17 | Once the Dgraph cluster is deployed where Dgraph Alpha pods are in a `Running` state, you can run the following to upload the schema: 18 | 19 | ```bash 20 | kubectl port-forward dev-dgraph-alpha-0 8080:8080 21 | curl http://localhost:8080/admin/schema --upload-file example/schema.graphql 22 | ``` 23 | 24 | You can verify schema is uploaded with the optional [jq](https://stedolan.github.io/jq/) tool: 25 | 26 | ```bash 27 | curl http://localhost:8080/admin --silent \ 28 | --header "Content-Type: application/json" \ 29 | --data '{"query": "{ getGQLSchema { schema } }"}' \ 30 | | jq -r .data.getGQLSchema.schema 31 | ``` 32 | 33 | ## Mutation and Queries 34 | 35 | With your favorite GraphQL editor, you can try mutations and queries. Using the `kubectl port-forward dev-dgraph-alpha-0 8080:8080`, you can use this url: http://localhost:8080/graphql to access Dgraph Alpha. 36 | 37 | ### Mutation 38 | 39 | ```graphql 40 | mutation { 41 | newAuthor(name: "Ken Addams") 42 | } 43 | ``` 44 | 45 | ### Query 46 | 47 | ```graphql 48 | query { 49 | authorsByName(name: "Ken Addams") { 50 | name 51 | dob 52 | reputation 53 | } 54 | } 55 | ``` 56 | 57 | ## Clean Up 58 | 59 | To delete the Dgraph cluster and the dgraph-lambda, you can do the following: 60 | 61 | ```bash 62 | helmfile delete 63 | kubectl delete pvc --selector release=dev 64 | ``` 65 | 66 | ## Addendum: mutation and query with curl 67 | 68 | If you would like to quickly test the functionality from the command line with `curl`, you can do the following below to convert graphql to rest json format, and perform the query or mutation. 69 | 70 | ```bash 71 | ## Port forward Alpha pod to localhost (skip if this is already completed) 72 | kubectl port-forward dev-dgraph-alpha-0 8080:8080 73 | 74 | ## run graphql mutation 75 | curl http://localhost:8080/graphql --silent --request POST \ 76 | --header "Content-Type: application/graphql" \ 77 | --upload-file example/mutation.graphql 78 | 79 | ## perform graphql query 80 | curl http://localhost:8080/graphql --silent --request POST \ 81 | --header "Content-Type: application/graphql" \ 82 | --upload-file example/query.graphql 83 | ``` 84 | 85 | ## Addendum: Using vanilla helm 86 | 87 | If you would like to forgo using `helmfile` and instead just use the vanilla `helm` tool, you can do the same process with the following: 88 | 89 | ```bash 90 | helm install dev ../../charts/dgraph \ 91 | --set alpha.extraEnvs[0].name=DGRAPH_ALPHA_GRAPHQL_LAMBDA_URL \ 92 | --set alpha.extraEnvs[0].value=http://lambda-dgraph-lambda.default.svc/graphql-worker 93 | 94 | helm install lambda ../../charts/dgraph-lambda \ 95 | --values example/script.yaml \ 96 | --set env[0].name=DGRAPH_URL \ 97 | --set env[0].value=http://dev-dgraph-alpha-headless.default.svc:8080 98 | ``` 99 | 100 | You can clean up with: 101 | 102 | ```bash 103 | helm delete dev 104 | helm delete lambda 105 | kubectl delete pvc --selector release=dev 106 | ``` 107 | 108 | ## Addendum: Troubleshooting Dgraph Lambda tips 109 | 110 | Here are a few commands that may be useful in checking settings of Dgraph Lamba service and configuration: 111 | 112 | ```bash 113 | LAMBDA_POD=$(kubectl get pod --selector app.kubernetes.io/name=dgraph-lambda --output jsonpath={.items[0].metadata.name}) 114 | # print env vars and verify correctness 115 | kubectl get pod/$LAMBDA_POD --output jsonpath="{range .spec.containers[0].env[*]}{.name}={.value}{\"\n\"}{end}" 116 | ## check script from mounted path 117 | kubectl exec -t $LAMBDA_POD -- ls -l /script/script.js 118 | ## verify script contents 119 | kubectl exec -t $LAMBDA_POD -- cat /script/script.js 120 | 121 | ## check configmap configuration if missing script 122 | kubectl get cm/lambda-dgraph-lambda-config --output jsonpath='{.data.script\.js}' 123 | 124 | ## verify schema on Dgraph Alpha 125 | curl http://localhost:8080/admin --silent \ 126 | --header "Content-Type: application/json" \ 127 | --data '{"query": "{ getGQLSchema { schema } }"}' \ 128 | | jq -r .data.getGQLSchema.schema 129 | ``` 130 | -------------------------------------------------------------------------------- /helmfiles/lambda/example/mutation.graphql: -------------------------------------------------------------------------------- 1 | mutation { 2 | newAuthor(name: "Ken Addams") 3 | } 4 | -------------------------------------------------------------------------------- /helmfiles/lambda/example/query.graphql: -------------------------------------------------------------------------------- 1 | query { 2 | authorsByName(name: "Ken Addams") { 3 | name 4 | dob 5 | reputation 6 | } 7 | } 8 | -------------------------------------------------------------------------------- /helmfiles/lambda/example/schema.graphql: -------------------------------------------------------------------------------- 1 | type Author { 2 | id: ID! 3 | name: String! @search(by: [hash, trigram]) 4 | dob: DateTime 5 | reputation: Float 6 | } 7 | 8 | type Query { 9 | authorsByName(name: String!): [Author] @lambda 10 | } 11 | 12 | type Mutation { 13 | newAuthor(name: String!): ID! @lambda 14 | } 15 | -------------------------------------------------------------------------------- /helmfiles/lambda/example/script.yaml: -------------------------------------------------------------------------------- 1 | script: 2 | enabled: true 3 | ## Original Source is from: 4 | ## * https://dgraph.io/docs/graphql/lambda/query/ 5 | ## * https://dgraph.io/docs/graphql/lambda/mutation/ 6 | script: | 7 | async function authorsByName({args, dql}) { 8 | const results = await dql.query(`query queryAuthor($name: string) { 9 | queryAuthor(func: type(Author)) @filter(eq(Author.name, $name)) { 10 | name: Author.name 11 | dob: Author.dob 12 | reputation: Author.reputation 13 | } 14 | }`, {"$name": args.name}) 15 | return results.data.queryAuthor 16 | } 17 | 18 | async function newAuthor({args, graphql}) { 19 | // lets give every new author a reputation of 3 by default 20 | const results = await graphql(`mutation ($name: String!) { 21 | addAuthor(input: [{name: $name, reputation: 3.0 }]) { 22 | author { 23 | id 24 | reputation 25 | } 26 | } 27 | }`, {"name": args.name}) 28 | return results.data.addAuthor.author[0].id 29 | } 30 | 31 | self.addGraphQLResolvers({ 32 | "Query.authorsByName": authorsByName, 33 | "Mutation.newAuthor": newAuthor 34 | }) 35 | -------------------------------------------------------------------------------- /helmfiles/lambda/helmfile.yaml: -------------------------------------------------------------------------------- 1 | ## Lambda Example 2 | 3 | releases: 4 | - name: dev 5 | namespace: default 6 | chart: {{ env "PWD" }}/../../charts/dgraph 7 | values: 8 | - alpha: 9 | extraEnvs: 10 | ## NOTE: The url is formatted as: 11 | ## - http://-dgraph-lambda..svc/graphql-worker 12 | ## NOTE: Configuration env vars have changed in v21.03. 13 | ## Use appropriate value for the dgraph version used. 14 | - name: DGRAPH_ALPHA_GRAPHQL 15 | value: lambda-url=http://lambda-dgraph-lambda.default.svc/graphql-worker 16 | - name: lambda 17 | namespace: default 18 | chart: {{ env "PWD" }}/../../charts/dgraph-lambda 19 | values: 20 | - ./example/script.yaml 21 | - env: 22 | - name: DGRAPH_URL 23 | ## http://-dgraph-alpha-headless..svc:8080 24 | value: http://dev-dgraph-alpha-headless.default.svc:8080 25 | -------------------------------------------------------------------------------- /helmfiles/mutual_tls/.gitignore: -------------------------------------------------------------------------------- 1 | examples/dgraph_tls/ 2 | make_tls_secrets.sh 3 | -------------------------------------------------------------------------------- /helmfiles/mutual_tls/README.md: -------------------------------------------------------------------------------- 1 | # Dgraph Mutual TLS 2 | 3 | This example demonstrates how to use TLS and MutualTLS for internal communications with Dgraph Alpha and starting with Dgraph `v20.11.0`, Dgraph Zero as well. 4 | 5 | ## Instructions 6 | 7 | ### Prerequisites 8 | 9 | On the deploy workstation, that is, the system you will use to create certificates and deploy the helm charts, you will need the `dgraph` binary. You can get this with: 10 | 11 | ```bash 12 | ## Install Dgraph 13 | curl -sSf https://get.dgraph.io | bash 14 | ## Verify Version installed 15 | dgraph version | awk -F: '/Dgraph version/{print $2}' 16 | ``` 17 | 18 | ### Generate Certificates and Keys 19 | 20 | First you need to generate certificates and keys for Dgraph Alpha service and Dgraph Zero service. There's a script that can help automate creating certificates and keys, as well as a helm value `secrets.yaml` that can be used for the helm chart. See [README.md](../../charts/dgraph/scripts/README.md). 21 | 22 | You can run this locally with: 23 | 24 | ```bash 25 | ln --symbolic ../../charts/dgraph/scripts/make_tls_secrets.sh make_tls_secrets.sh 26 | ## ./make_tls_secrets.sh --help for more information 27 | ./make_tls_secrets.sh \ 28 | --release "my-release" \ 29 | --client "dgraphuser" \ 30 | --zero \ 31 | --tls_dir ./examples/dgraph_tls 32 | 33 | ## Verify Dgraph Alpha Keys and Certificates 34 | dgraph cert ls --dir ./examples/dgraph_tls/alpha 35 | ## Verify Dgraph Zero Keys and Certificates 36 | dgraph cert ls --dir ./examples/dgraph_tls/zero 37 | ``` 38 | 39 | ### Choose Client Authentication Method 40 | 41 | With Dgraph TLS support, you can choose the type of authentication, such as whether MutualTLS is optional or explicitly required. For more information see [Client Authentication Options](https://dgraph.io/docs/deploy/security/tls-configuration/#client-authentication-options). 42 | 43 | You can set this value using the environment variable `TLS_CLIENT_AUTH` for use with helmfile. If this environment variable is not set, the default configuration will be `VERIFYIFGIVEN`. As an example: 44 | 45 | ```bash 46 | export TLS_CLIENT_AUTH=REQUIREANDVERIFY 47 | ``` 48 | 49 | ### Install dgraph with TLS 50 | 51 | For TLS support with Dgraph Alpha for external ports, the `alpha_tls` environment: 52 | 53 | ```bash 54 | helmfile --environment "alpha_tls" apply 55 | ``` 56 | 57 | For securing internal and external ports on both Dgraph Zero and Dgraph Alpha (Dgraph `v20.11.0` or greater), the `zero_tls_internal` environment can be used: 58 | 59 | ```bash 60 | helmfile --environment "zero_tls_internal" apply 61 | ``` 62 | 63 | ## Testing 64 | 65 | Here are some examples that can be use to test TLS and MutualTLS with client authentication. 66 | 67 | ### Testing Dgraph Alpha (TLS without client auth) 68 | 69 | The Dgraph Alpha service will be configured with either `REQUEST` or `VERIFYIFGIVEN` (default) for the TLS client authentication method. 70 | 71 | 72 | Use port forwarding for Dgraph Alpha HTTPS to make it available on localhost using another terminal tab: 73 | 74 | ```bash 75 | kubectl port-forward my-release-dgraph-alpha-0 8080:8080 76 | ``` 77 | 78 | Now test against `localhost` using `curl`: 79 | 80 | ```bash 81 | curl --silent \ 82 | --cacert ./examples/dgraph_tls/alpha/ca.crt \ 83 | https://localhost:8080/state | jq 84 | ``` 85 | 86 | Use port forwarding for Dgraph Alpha GRPC to make it available on localhost using another terminal tab: 87 | 88 | ```bash 89 | kubectl port-forward my-release-dgraph-alpha-0 9080:9080 90 | ``` 91 | 92 | Now test against `localhost` using `dgraph increment`: 93 | 94 | ```bash 95 | dgraph increment \ 96 | --tls_cacert ./examples/dgraph_tls/alpha/ca.crt \ 97 | --tls_server_name localhost \ 98 | --alpha localhost:9080 99 | ``` 100 | 101 | ### Testing Dgraph Alpha (mTLS with client auth) 102 | 103 | The Dgraph Alpha service will be configured with either `REQUIREANY` or `REQUIREANDVERIFY` for the TLS client authentication method. 104 | 105 | Use port forwarding for Dgraph Alpha HTTPS to make it available on localhost using another terminal tab: 106 | 107 | ```bash 108 | kubectl port-forward my-release-dgraph-alpha-0 8080:8080 109 | ``` 110 | 111 | Now test against `localhost` using `curl`: 112 | 113 | ```bash 114 | curl --silent \ 115 | --cacert ./examples/dgraph_tls/alpha/ca.crt \ 116 | --cert ./examples/dgraph_tls/alpha/client.dgraphuser.crt \ 117 | --key ./examples/dgraph_tls/alpha/client.dgraphuser.key \ 118 | https://localhost:8080/state | jq 119 | ``` 120 | 121 | Use port forwarding for Dgraph Alpha GRPC to make it available on localhost using another terminal tab: 122 | 123 | ```bash 124 | kubectl port-forward my-release-dgraph-alpha-0 9080:9080 125 | ``` 126 | 127 | Now test against `localhost` using `dgraph increment`: 128 | 129 | ```bash 130 | dgraph increment \ 131 | --tls_cacert ./examples/dgraph_tls/alpha/ca.crt \ 132 | --tls_cert ./examples/dgraph_tls/alpha/client.dgraphuser.crt \ 133 | --tls_key ./examples/dgraph_tls/alpha/client.dgraphuser.key \ 134 | --tls_server_name localhost \ 135 | --alpha localhost:9080 136 | ``` 137 | 138 | ### Testing Dgraph Zero (mTLS with client auth) 139 | 140 | The Dgraph Zero service will be configured with either `REQUIREANY` or `REQUIREANDVERIFY` for the TLS client authentication method. 141 | 142 | Use port forwarding for Dgraph Zero HTTPS to make it available on localhost using another terminal tab: 143 | 144 | ```bash 145 | kubectl port-forward my-release-dgraph-zero-0 6080:6080 146 | ``` 147 | 148 | Now test against `localhost` using `curl`: 149 | 150 | ```bash 151 | curl --silent \ 152 | --cacert ./examples/dgraph_tls/zero/ca.crt \ 153 | --cert ./examples/dgraph_tls/zero/client.dgraphuser.crt \ 154 | --key ./examples/dgraph_tls/zero/client.dgraphuser.key \ 155 | https://localhost:6080/state | jq 156 | ``` 157 | -------------------------------------------------------------------------------- /helmfiles/mutual_tls/examples/alpha_tls.yaml.gotmpl: -------------------------------------------------------------------------------- 1 | ## Alpha TLS configuration for external ports 2 | alpha: 3 | tls: 4 | enabled: true 5 | configFile: 6 | config.yaml: | 7 | tls: 8 | ca_cert: /dgraph/tls/ca.crt 9 | client_auth_type: {{ env "TLS_CLIENT_AUTH" | default "VERIFYIFGIVEN" }} 10 | server_cert: /dgraph/tls/node.crt 11 | server_key: /dgraph/tls/node.key 12 | use_system_ca: true 13 | 14 | zero: 15 | tls: 16 | enabled: false 17 | -------------------------------------------------------------------------------- /helmfiles/mutual_tls/examples/default.yaml.gotmpl: -------------------------------------------------------------------------------- 1 | ## default environment: no TLS anywhere 2 | alpha: 3 | tls: 4 | enabled: true 5 | zero: 6 | tls: 7 | enabled: true 8 | -------------------------------------------------------------------------------- /helmfiles/mutual_tls/examples/zero_tls_internal.yaml.gotmpl: -------------------------------------------------------------------------------- 1 | ## Zero + Alpha TLS configuration for internal + external ports 2 | alpha: 3 | tls: 4 | enabled: true 5 | configFile: 6 | config.yaml: | 7 | tls: 8 | ca_cert: /dgraph/tls/ca.crt 9 | client_cert: /dgraph/tls/client.dgraphuser.crt 10 | client_key: /dgraph/tls/client.dgraphuser.key 11 | client_auth_type: {{ env "TLS_CLIENT_AUTH" | default "VERIFYIFGIVEN" }} 12 | internal_port: true 13 | server_cert: /dgraph/tls/node.crt 14 | server_key: /dgraph/tls/node.key 15 | use_system_ca: true 16 | 17 | zero: 18 | tls: 19 | enabled: true 20 | configFile: 21 | config.yaml: | 22 | tls: 23 | ca_cert: /dgraph/tls/ca.crt 24 | client_cert: /dgraph/tls/client.internaluser.crt 25 | client_key: /dgraph/tls/client.internaluser.key 26 | client_auth_type: {{ env "TLS_CLIENT_AUTH" | default "VERIFYIFGIVEN" }} 27 | internal_port: true 28 | server_cert: /dgraph/tls/node.crt 29 | server_key: /dgraph/tls/node.key 30 | use_system_ca: true 31 | -------------------------------------------------------------------------------- /helmfiles/mutual_tls/helmfile.yaml: -------------------------------------------------------------------------------- 1 | ## Mutual TLS Example 2 | 3 | ## Environments enabled with helmfile --environment 4 | environments: 5 | ## Dgraph Alpha secures external ports 8080 (HTTPS) and 9080 (GRPC) 6 | alpha_tls: 7 | ## Dgraph Alpha and Zero secret internal ports, pod-to-pod communications 8 | zero_tls_internal: 9 | 10 | releases: 11 | - name: {{ env "RELEASE" | default "my-release" }} 12 | namespace: {{ env "NAMESPACE" | default "default" }} 13 | chart: {{ env "PWD" }}/../../charts/dgraph 14 | values: 15 | ## set tls_client_auth with env var TLS_CLIENT_AUTH (defaults to VERIFYIFGIVEN) 16 | - ./examples/{{ .Environment.Name }}.yaml.gotmpl 17 | - ./examples/{{ env "TLS_DIR" | default "dgraph_tls" }}//secrets.yaml 18 | -------------------------------------------------------------------------------- /helmfiles/tests/.gitignore: -------------------------------------------------------------------------------- 1 | dgraph_tls/ 2 | !dgraph_tls/.gitkeep 3 | -------------------------------------------------------------------------------- /helmfiles/tests/README.md: -------------------------------------------------------------------------------- 1 | # Tests 2 | 3 | These tests validate Dgraph deployments with a variety of helm config values. 4 | 5 | ## Create Secrets Using Docker Container 6 | 7 | ```bash 8 | ## Docker environment for the `dgraph cert` command 9 | docker run --rm --detach \ 10 | --publish "8080:8080" \ 11 | --publish "9080:9080" \ 12 | --publish "8000:8000" \ 13 | --volume $PWD/dgraph_tls:/dgraph_tls \ 14 | --name "dgraph-certs" \ 15 | "dgraph/standalone:v21.03.0" 16 | 17 | ## Copy script to into container 18 | docker cp \ 19 | ../../charts/dgraph/scripts/make_tls_secrets.sh \ 20 | dgraph-certs:/make_tls_secrets.sh 21 | 22 | ## Generate TLS certs per each test 23 | TLS_TESTS="alpha-tls zero-tls" 24 | for TEST in $TLS_TESTS; do 25 | docker exec -it dgraph-certs /make_tls_secrets.sh --release "test" \ 26 | --client "dgraphuser" --namespace dgraph-test-$TEST --zero --tls_dir /dgraph_tls/dgraph-test-$TEST 27 | done 28 | 29 | ## Verify certs/keys hostnames 30 | for TEST in $TLS_TESTS; do 31 | echo "Dgraph Alpha: Release[test], Namespace [dgraph-test-$TEST]:" 32 | echo "-------------------------------------------------------------" 33 | docker exec -it dgraph-certs dgraph cert ls --dir /dgraph_tls/dgraph-test-$TEST/alpha | awk -F: '/Hosts/{gsub(/\[ ]+/, "", $2); print $2}' | tr , '\n' 34 | echo "Dgraph Zero: Release[test], Namespace [dgraph-test-$TEST]:" 35 | echo "-------------------------------------------------------------" 36 | docker exec -it dgraph-certs dgraph cert ls --dir /dgraph_tls/dgraph-test-$TEST/zero | awk -F: '/Hosts/{gsub(/\[ ]+/, "", $2); print $2}' | tr , '\n' 37 | printf "\n" 38 | done 39 | ``` 40 | 41 | ## Run Tests 42 | 43 | This will deploy a Dgraph cluster using different types of Dgraph configuration. Use the `--environment $TEST` flag to select the desired test. 44 | 45 | The focus on these tests is to deploy Dgraph on Kubernetes, and verify that Dgraph is running successfully. 46 | 47 | ### Run Tests without persistence 48 | 49 | ```bash 50 | TESTS="alpha-acl alpha-enc alpha-tls default-json default-yaml alpha-tls zero-tls" 51 | for TEST in $TESTS; do helmfile --environment $TEST apply; done 52 | ``` 53 | 54 | ### Run Tests with persistence 55 | 56 | ```bash 57 | export DGRAPH_PERSISTENCE="true" 58 | TESTS="alpha-tls alpha-acl alpha-enc alpha-tls default-json default-yaml zero-tls" 59 | for TEST in $TESTS; do helmfile --environment $TEST apply; done 60 | ``` 61 | 62 | ## Run Tests with Health Checks 63 | 64 | ```bash 65 | export DGRAPH_HEALTHCHECK="true" 66 | TESTS="alpha-tls alpha-acl alpha-enc alpha-tls default-json default-yaml zero-tls" 67 | for TEST in $TESTS; do helmfile --environment $TEST apply; done 68 | ``` 69 | 70 | ## Testing with TLS 71 | 72 | ### Verify TLS (no-mutual) 73 | 74 | ```bash 75 | # set this for all tabs 76 | NS="dgraph-test-alpha-tls" 77 | # run the port forward command in a separate tab 78 | kubectl port-forward --namespace $NS test-dgraph-alpha-0 8080:8080 79 | 80 | curl --silent \ 81 | --cacert ./dgraph_tls/$NS/alpha/ca.crt \ 82 | https://localhost:8080/state | jq 83 | ``` 84 | 85 | ### Verify Mutual TLS 86 | 87 | ```bash 88 | # set this for all tabs 89 | NS="dgraph-test-zero-tls" 90 | # run port forward commands in separate tabs 91 | kubectl port-forward --namespace $NS test-dgraph-alpha-0 8080:8080 92 | kubectl port-forward --namespace $NS test-dgraph-zero-0 6080:6080 93 | 94 | curl --silent \ 95 | --cacert ./dgraph_tls/$NS/zero/ca.crt \ 96 | --cert ./dgraph_tls/$NS/zero/client.dgraphuser.crt \ 97 | --key ./dgraph_tls/$NS/zero/client.dgraphuser.key \ 98 | https://localhost:6080/state | jq 99 | 100 | curl --silent \ 101 | --cacert ./dgraph_tls/$NS/alpha/ca.crt \ 102 | --cert ./dgraph_tls/$NS/alpha/client.dgraphuser.crt \ 103 | --key ./dgraph_tls/$NS/alpha/client.dgraphuser.key \ 104 | https://localhost:8080/state | jq 105 | ``` 106 | 107 | ## Cleanup Kubernetes Resources 108 | 109 | You can delete all of the pods including any persistence volumes with: 110 | 111 | ```bash 112 | TESTS="alpha-acl alpha-enc alpha-tls default-json default-yaml alpha-tls zero-tls" 113 | 114 | # Delete k8s resources except pvc 115 | for TEST in $TESTS; do 116 | helm uninstall test --namespace dgraph-test-${TEST} 2> /dev/null 117 | done 118 | 119 | # Delete persistence if it exists 120 | # NOTE: PVC resources will not get deleted if they are in use, so pods must be 121 | # deleted first 122 | for TEST in $TESTS; do 123 | if kubectl get pvc --namespace dgraph-test-${TEST} \ 124 | --selector release=test 2> /dev/null | grep -q "test"; then 125 | kubectl delete pvc --namespace dgraph-test-${TEST} --selector release=test 126 | fi 127 | done 128 | ``` 129 | -------------------------------------------------------------------------------- /helmfiles/tests/dgraph_tls/.gitkeep: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/dgraph-io/charts/0ce48ea2566ed78759f06b25cc68b4296ff5270b/helmfiles/tests/dgraph_tls/.gitkeep -------------------------------------------------------------------------------- /helmfiles/tests/helmfile.yaml: -------------------------------------------------------------------------------- 1 | ## Mutual TLS Example 2 | 3 | ## Environments enabled with helmfile --environment 4 | environments: 5 | alpha-acl: 6 | alpha-enc: 7 | alpha-tls: 8 | default-json: 9 | default-yaml: 10 | zero-tls: 11 | 12 | releases: 13 | - name: test 14 | namespace: dgraph-test-{{ .Environment.Name }} 15 | chart: {{ env "PWD" }}/../../charts/dgraph 16 | values: 17 | - {{ env "PWD" }}/../../charts/dgraph/example_values/{{ .Environment.Name }}-config.yaml 18 | ## Access-Control-Lists and Encryption-at-Rest require a secret 19 | {{- if or (eq .Environment.Name "alpha-acl") (eq .Environment.Name "alpha-enc") }} 20 | - {{ env "PWD" }}/../../charts/dgraph/example_values/{{ .Environment.Name }}-secret.yaml 21 | {{- end }} 22 | ## TLS Tests will use generated secrets 23 | {{- if or (eq .Environment.Name "alpha-tls") (eq .Environment.Name "zero-tls") }} 24 | - {{ env "PWD" }}/dgraph_tls/dgraph-test-{{ .Environment.Name }}/secrets.yaml 25 | {{- end }} 26 | - alpha: 27 | persistence: 28 | enabled: {{ env "DGRAPH_PERSISTENCE" | default "false" }} 29 | livenessProbe: 30 | enabled: {{ env "DGRAPH_HEALTHCHECK" | default "false" }} 31 | readinessProbe: 32 | enabled: {{ env "DGRAPH_HEALTHCHECK" | default "false" }} 33 | zero: 34 | persistence: 35 | enabled: {{ env "DGRAPH_PERSISTENCE" | default "false" }} 36 | livenessProbe: 37 | enabled: {{ env "DGRAPH_HEALTHCHECK" | default "false" }} 38 | readinessProbe: 39 | enabled: {{ env "DGRAPH_HEALTHCHECK" | default "false" }} 40 | ratel: 41 | enabled: false 42 | --------------------------------------------------------------------------------