From aeee27378f7b2e7ca1b11d7900c136400bdf53f4 Mon Sep 17 00:00:00 2001 From: TheHiddenLayer <37908451+TheHiddenLayer@users.noreply.github.com> Date: Fri, 16 May 2025 15:03:59 -0700 Subject: [PATCH 1/2] add kustomize support --- kustomize/s2s-proxy/base/configmap.yaml | 67 +++++++++++++++++++ kustomize/s2s-proxy/base/deployment.yaml | 49 ++++++++++++++ kustomize/s2s-proxy/base/kustomization.yaml | 14 ++++ kustomize/s2s-proxy/base/service.yaml | 15 +++++ .../overlays/development/configmap-patch.yaml | 23 +++++++ .../overlays/development/kustomization.yaml | 39 +++++++++++ 6 files changed, 207 insertions(+) create mode 100644 kustomize/s2s-proxy/base/configmap.yaml create mode 100644 kustomize/s2s-proxy/base/deployment.yaml create mode 100644 kustomize/s2s-proxy/base/kustomization.yaml create mode 100644 kustomize/s2s-proxy/base/service.yaml create mode 100644 kustomize/s2s-proxy/overlays/development/configmap-patch.yaml create mode 100644 kustomize/s2s-proxy/overlays/development/kustomization.yaml diff --git a/kustomize/s2s-proxy/base/configmap.yaml b/kustomize/s2s-proxy/base/configmap.yaml new file mode 100644 index 00000000..c58c386f --- /dev/null +++ b/kustomize/s2s-proxy/base/configmap.yaml @@ -0,0 +1,67 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: s2s-proxy-config +data: + config.yaml: | + inbound: + name: "inbound-server" + server: + type: "mux" + mux: "muxed" + client: + tcp: + serverAddress: "frontend-ingress.temporal.svc.cluster.local:7233" + tls: + certificatePath: "" + keyPath: "" + serverCAPath: "" + serverName: "" + + aclPolicy: + allowedMethods: + adminService: + - AddOrUpdateRemoteCluster + - RemoveRemoteCluster + - DescribeCluster + - DescribeMutableState + - GetNamespaceReplicationMessages + - GetWorkflowExecutionRawHistoryV2 + - ListClusters + - StreamWorkflowReplicationMessages + - ReapplyEvents + - GetNamespace + + outbound: + name: "outbound-server" + server: + tcp: + listenAddress: "0.0.0.0:9233" + tls: + certificatePath: "" + keyPath: "" + clientCAPath: "" + requireClientAuth: false + client: + type: "mux" + mux: "muxed" + + mux: + - name: "muxed" + mode: "client" + client: + serverAddress: "" # Temporal cloud migration server endpoint + tls: + certificatePath: "" + keyPath: "" + serverCAPath: "" + serverName: "" + + healthCheck: + protocol: "http" + listenAddress: "0.0.0.0:8234" + + metrics: + prometheus: + framework: "tally" + listenAddress: "0.0.0.0:9090" \ No newline at end of file diff --git a/kustomize/s2s-proxy/base/deployment.yaml b/kustomize/s2s-proxy/base/deployment.yaml new file mode 100644 index 00000000..3132b453 --- /dev/null +++ b/kustomize/s2s-proxy/base/deployment.yaml @@ -0,0 +1,49 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: s2s-proxy + labels: + app.kubernetes.io/name: s2s-proxy +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: s2s-proxy + template: + metadata: + labels: + app.kubernetes.io/name: s2s-proxy + spec: + containers: + - name: s2s-proxy + image: temporalio/s2s-proxy:v0.1.0 + imagePullPolicy: IfNotPresent + ports: + - name: rpc-egress + containerPort: 9233 + protocol: TCP + - name: rpc-healthcheck + containerPort: 8234 + protocol: TCP + - name: rpc-metrics + containerPort: 9090 + protocol: TCP + env: + - name: CONFIG_YML + value: "/config/config.yaml" + livenessProbe: + httpGet: + path: /health + port: 8234 + readinessProbe: + httpGet: + path: /health + port: 8234 + volumeMounts: + - name: config-volume + mountPath: /config + volumes: + - name: config-volume + configMap: + name: s2s-proxy-config # This should match the ConfigMap name + defaultMode: 420 \ No newline at end of file diff --git a/kustomize/s2s-proxy/base/kustomization.yaml b/kustomize/s2s-proxy/base/kustomization.yaml new file mode 100644 index 00000000..80b14c11 --- /dev/null +++ b/kustomize/s2s-proxy/base/kustomization.yaml @@ -0,0 +1,14 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - configmap.yaml + - service.yaml + - deployment.yaml + +# Common labels to add to all resources +commonLabels: + app.kubernetes.io/name: s2s-proxy + # You might want to add instance or version labels here as well + # app.kubernetes.io/instance: s2s-proxy-dev + # app.kubernetes.io/version: "0.1.0" \ No newline at end of file diff --git a/kustomize/s2s-proxy/base/service.yaml b/kustomize/s2s-proxy/base/service.yaml new file mode 100644 index 00000000..bf6f923a --- /dev/null +++ b/kustomize/s2s-proxy/base/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: s2s-proxy + labels: + app.kubernetes.io/name: s2s-proxy +spec: + type: ClusterIP + ports: + - port: 9233 + targetPort: 9233 + protocol: TCP + name: rpc-egress + selector: + app.kubernetes.io/name: s2s-proxy \ No newline at end of file diff --git a/kustomize/s2s-proxy/overlays/development/configmap-patch.yaml b/kustomize/s2s-proxy/overlays/development/configmap-patch.yaml new file mode 100644 index 00000000..c60d081f --- /dev/null +++ b/kustomize/s2s-proxy/overlays/development/configmap-patch.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: s2s-proxy-config # This name must match the base ConfigMap's name +data: + config.yaml: | + # Only include the fields you want to change/add. + # Kustomize will merge this with the base config.yaml data. + # Note: For list items like 'mux', strategic merge typically replaces the whole list + # or merges items by key if a merge key is defined (e.g., 'name'). + # If Helm's merge logic for lists is more complex (e.g., merging by index), + # a JSON patch on the ConfigMap might be needed for precise replication. + # However, for named items in a list (like 'mux' items with 'name'), Kustomize should merge. + + # Example: Override serverAddress for the 'muxed' mux item + mux: + - name: "muxed" # This identifies the item in the list to merge/patch + client: + serverAddress: "override.temporal.example.com:1234" # New value + + # Example: If you wanted to change healthCheck listenAddress + # healthCheck: + # listenAddress: "0.0.0.0:7777" \ No newline at end of file diff --git a/kustomize/s2s-proxy/overlays/development/kustomization.yaml b/kustomize/s2s-proxy/overlays/development/kustomization.yaml new file mode 100644 index 00000000..e55de978 --- /dev/null +++ b/kustomize/s2s-proxy/overlays/development/kustomization.yaml @@ -0,0 +1,39 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +# Inherit from the base +resources: + - ../../base + +# Example: Add a name prefix to all resources for this overlay +namePrefix: dev- + +# Example: Change image tag +images: + - name: temporalio/s2s-proxy + newTag: v0.2.0 # Example new tag + +patches: + # Patch for Deployment replicas + - target: + kind: Deployment + name: s2s-proxy + patch: |- # This is a JSON6902 patch + - op: replace + path: /spec/replicas + value: 3 + # Strategic merge patch for the ConfigMap + - path: configmap-patch.yaml # This is a strategic merge patch + target: + kind: ConfigMap + name: s2s-proxy-config # Ensures it applies to the correct ConfigMap from the base +# We could also patch the ConfigMap here to override configuration values. +# For example, to change the health check port: +# configMapGenerator: +# - name: s2s-proxy-config # This must match the name of the configmap in the base +# behavior: merge +# literals: +# - | +# healthCheck.listenAddress="0.0.0.0:8888" +# The above literal merge might not work directly for nested YAML, +# a JSON patch or strategic merge on the configmap might be better for complex changes. \ No newline at end of file From c2ef2e145370c834319c2c356788acd4bf7874ec Mon Sep 17 00:00:00 2001 From: TheHiddenLayer <37908451+TheHiddenLayer@users.noreply.github.com> Date: Fri, 16 May 2025 15:09:08 -0700 Subject: [PATCH 2/2] add README --- kustomize/s2s-proxy/README.md | 88 +++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 kustomize/s2s-proxy/README.md diff --git a/kustomize/s2s-proxy/README.md b/kustomize/s2s-proxy/README.md new file mode 100644 index 00000000..b5a68ed8 --- /dev/null +++ b/kustomize/s2s-proxy/README.md @@ -0,0 +1,88 @@ +# s2s-proxy Kustomize Configuration + +This directory contains the Kustomize configuration for deploying the `s2s-proxy` application. It was converted from the original Helm chart. + +## Overview + +Kustomize allows for declarative, template-free management of Kubernetes application configurations. This setup provides a `base` configuration and an example `overlay` to demonstrate how to customize the deployment for different environments or needs. + +### Base Configuration (`base/`) + +The `base/` directory contains the core Kubernetes manifests for `s2s-proxy`: +* `configmap.yaml`: Contains the default application configuration (derived from `files/default.yaml` in the Helm chart). +* `deployment.yaml`: Defines the `s2s-proxy` Deployment, including replica count, image, ports, probes, and volume mounts for the configuration. +* `service.yaml`: Exposes the `s2s-proxy` application within the cluster. +* `kustomization.yaml`: Lists the resources and can define common labels or other base-level Kustomize instructions. + +The base aims to replicate the Helm chart deployed with its default values. + +### Overlays (`overlays/`) + +The `overlays/` directory is where you can define variations of the base configuration. We have provided an example `development` overlay. + +#### Development Overlay (`overlays/development/`) + +This overlay demonstrates common customization patterns: +* **Resource Naming**: Adds a `dev-` prefix to all resources (e.g., `dev-s2s-proxy-deployment`). +* **Image Customization**: Changes the image tag for the `s2s-proxy` container. +* **Replica Count**: Modifies the number of replicas for the Deployment using a JSON patch. +* **Configuration Override**: Patches the `s2s-proxy-config` ConfigMap using a strategic merge patch (`configmap-patch.yaml`). This is analogous to using `configOverride` in the Helm chart's `values.yaml`. + +## How to Use + +You will need `kubectl` (with Kustomize built-in, v1.14+) or a standalone `kustomize` CLI. + +### View Rendered Manifests + +To see the Kubernetes YAML that Kustomize will generate for a specific overlay (e.g., `development`): + +```bash +# Using kubectl +kubectl kustomize overlays/development + +# Or using standalone kustomize CLI +kustomize build overlays/development +``` + +To view the manifests for the base configuration: + +```bash +# Using kubectl +kubectl kustomize base + +# Or using standalone kustomize CLI +kustomize build base +``` + +### Apply to a Cluster + +To apply the `development` overlay configuration to your Kubernetes cluster: + +```bash +kubectl apply -k overlays/development +``` + +To apply the base configuration (generally less common for direct application, usually an overlay is applied): + +```bash +kubectl apply -k base +``` + +### Delete from a Cluster + +To delete the resources applied from the `development` overlay: + +```bash +kubectl delete -k overlays/development +``` + +## Customizing Further + +1. **Create New Overlays**: Copy the `overlays/development` directory to a new directory (e.g., `overlays/production`) and modify its `kustomization.yaml` and patches as needed. +2. **Modify Patches**: + * Adjust `images` entries in the overlay's `kustomization.yaml` to change container images or tags. + * Modify `patches` entries to change fields in the Deployment, Service, etc. JSON patches offer precise control. + * Update or create new strategic merge patch files (like `configmap-patch.yaml`) to alter ConfigMap data or other resource specifications. +3. **Adjust the Base**: If a change should apply to all environments, consider modifying the manifests or `kustomization.yaml` in the `base/` directory. However, it's often preferable to keep the base minimal and apply all changes via overlays. + +This Kustomize setup provides a flexible way to manage `s2s-proxy` deployments across different environments. \ No newline at end of file