Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(helm): add support for pgbouncer (#818) #818

Merged
merged 2 commits into from
Aug 26, 2024
Merged

feat(helm): add support for pgbouncer (#818) #818

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
7b472fe
feat(helm): add support for PgBouncer (#818)
mdonadoni Jul 31, 2024
04082f4
feat(helm): roll deployments when database config changes (#818)
mdonadoni Aug 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions helm/configurations/values-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,3 +26,6 @@ components:
image: docker.io/reanahub/reana-message-broker
reana_ui:
image: docker.io/reanahub/reana-ui

pgbouncer:
enabled: true
6 changes: 6 additions & 0 deletions helm/reana/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,12 @@ This Helm automatically prefixes all names using the release name to avoid colli
| `reana_hostname` | REANA hostname (e.g. reana.example.org) | None |
| `namespace_runtime` | Namespace in which the REANA runtime pods (workflow engines, jobs etc...) will run | `.Release.Namespace` |
| `naming_scheme` | REANA component naming scheme | None |
| `pgbouncer.enabled` | Instantiate PgBouncer inside the cluster to pool database connections | false |
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When pgbouncer is enabled, shall we act on reana-job-controller's REANA_DB_CLOSE_POOL_CONNECTIONS configuration value?

Copy link
Member Author

@mdonadoni mdonadoni Aug 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No, it's actually the opposite, if pgbouncer is not enabled then the two options are:

  • increase the number of connection slots of the database
  • close the connections as soon as they are returned to SQLAlchemy's connection pool by setting REANA_DB_CLOSE_POOL_CONNECTIONS appropriately

I have kept the default value of REANA_DB_CLOSE_POOL_CONNECTIONS as to have the best performance possible, but it is customisable so that we can revert back the change in case of troubles with PgBouncer.

What do you think we should do regarding this? Shall we add this to the documentation?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, we can later improve the scalability-related documentation regarding PgBouncer.

| `pgbouncer.image` | [PgBouncer image](https://hub.docker.com/r/bitnami/pgbouncer/) to use | `bitnami/pgbouncer:1.23.1` |
| `pgbouncer.pool_mode` | Pool mode to use (session, transaction, statement) | transaction |
| `pgbouncer.max_client_conn` | Maximum number of client connections allowed | 1000 |
| `pgbouncer.max_db_connections` | Maximum number of server connections allowed | 100 |
| `pgbouncer.environment` | Additional PgBouncer environment variables | `{}` |
| `secrets.cern.sso.CERN_CONSUMER_KEY` | CERN SSO consumer key | None |
| `secrets.cern.sso.CERN_CONSUMER_SECRET` | **[Do not use in production, use secrets instead]** CERN SSO consumer secret | None |
| `secrets.database.password` | **[Do not use in production, use secrets instead]** PostgreSQL database password | None |
Expand Down
40 changes: 16 additions & 24 deletions helm/reana/templates/cronjobs.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,19 +30,18 @@ spec:
tty: true
stdin: true
{{- end }}
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-database-config
env:
{{- if .Values.reana_hostname }}
- name: REANA_HOSTNAME
value: {{ .Values.reana_hostname }}
{{- end }}
{{- range $key, $value := .Values.db_env_config }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.debug.enabled }}
- name: FLASK_ENV
value: "development"
{{- else }}
{{- end }}
- name: REANA_DB_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -53,7 +52,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
- name: REANA_NOTIFICATIONS_ENABLED
value: "{{ .Values.notifications.enabled }}"
- name: REANA_EMAIL_RECEIVER
Expand Down Expand Up @@ -154,21 +152,20 @@ spec:
tty: true
stdin: true
{{- end }}
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-database-config
env:
- name: REANA_PERIODIC_RESOURCE_QUOTA_UPDATE_POLICY
value: "true"
{{- if .Values.reana_hostname }}
- name: REANA_HOSTNAME
value: {{ .Values.reana_hostname }}
{{- end }}
{{- range $key, $value := .Values.db_env_config }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.debug.enabled }}
- name: FLASK_ENV
value: "development"
{{- else }}
{{- end }}
- name: REANA_DB_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -179,7 +176,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
- name: REANA_COMPONENT_PREFIX
value: {{ include "reana.prefix" . }}
- name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
Expand Down Expand Up @@ -239,19 +235,18 @@ spec:
tty: true
stdin: true
{{- end }}
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-database-config
env:
{{- if .Values.reana_hostname }}
- name: REANA_HOSTNAME
value: {{ .Values.reana_hostname }}
{{- end }}
{{- range $key, $value := .Values.db_env_config }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.debug.enabled }}
- name: FLASK_ENV
value: "development"
{{- else }}
{{- end }}
- name: REANA_DB_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -262,7 +257,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
- name: REANA_COMPONENT_PREFIX
value: {{ include "reana.prefix" . }}
- name: REANA_ADMIN_ACCESS_TOKEN
Expand Down Expand Up @@ -333,19 +327,18 @@ spec:
tty: true
stdin: true
{{- end }}
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-database-config
env:
{{- if .Values.reana_hostname }}
- name: REANA_HOSTNAME
value: {{ .Values.reana_hostname }}
{{- end }}
{{- range $key, $value := .Values.db_env_config }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.debug.enabled }}
- name: FLASK_ENV
value: "development"
{{- else }}
{{- end }}
- name: REANA_DB_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -356,7 +349,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
- name: REANA_COMPONENT_PREFIX
value: {{ include "reana.prefix" . }}
- name: REANA_ADMIN_ACCESS_TOKEN
Expand Down
17 changes: 17 additions & 0 deletions helm/reana/templates/database-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: v1
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I wonder whether it would be possible to amend the setup to automatically delete / refresh reana-server and reana-workflow-controller pods when the admin changes PgBouncer from enabled to disabled and vice versa? (Currently in addition to helm diff upgrade... one has to do it manually.)

This comment is a sort of a "bonus", the things work nicely 👍 and I'm not sure whether admins would attempt to play with enabling/disabling PgBouncer dynamically in reality... Well we could always simply explain this in the documentation.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have updated the PR to also roll the deployments of pgbouncer/r-server/r-w-controller when the database config (configmap or secrets) change. This can be used as a blueprint to do the same for the other config/secret that might change over time.

kind: ConfigMap
metadata:
name: {{ include "reana.prefix" . }}-database-config
namespace: {{ .Release.Namespace }}
data:
REANA_DB_NAME: {{ .Values.db_env_config.REANA_DB_NAME | quote }}
{{- if .Values.pgbouncer.enabled }}
REANA_DB_HOST: {{ include "reana.prefix" . }}-pgbouncer
REANA_DB_PORT: "6432"
{{- else if .Values.components.reana_db.enabled }}
REANA_DB_HOST: {{ include "reana.prefix" . }}-db
REANA_DB_PORT: "5432"
{{- else }}
REANA_DB_HOST: {{ .Values.db_env_config.REANA_DB_HOST | quote }}
REANA_DB_PORT: {{ .Values.db_env_config.REANA_DB_PORT | quote }}
{{- end }}
11 changes: 11 additions & 0 deletions helm/reana/templates/database-secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
apiVersion: v1
kind: Secret
metadata:
name: {{ include "reana.prefix" . }}-db-secrets
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/resource-policy": keep
type: Opaque
data:
user: {{ .Values.secrets.database.user | default "reana" | b64enc }}
password: {{ .Values.secrets.database.password | default "reana" | b64enc }}
21 changes: 21 additions & 0 deletions helm/reana/templates/pgbouncer-config.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
{{- if .Values.pgbouncer.enabled }}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "reana.prefix" . }}-pgbouncer-config
namespace: {{ .Release.Namespace }}
data:
PGBOUNCER_POOL_MODE: {{ .Values.pgbouncer.pool_mode | quote }}
PGBOUNCER_MAX_CLIENT_CONN: {{ .Values.pgbouncer.max_client_conn | quote }}
PGBOUNCER_MAX_DB_CONNECTIONS: {{ .Values.pgbouncer.max_db_connections | quote }}
PGBOUNCER_DEFAULT_POOL_SIZE: {{ .Values.pgbouncer.max_db_connections | quote }}
{{- if .Values.components.reana_db.enabled }}
PGBOUNCER_DATABASE: reana
POSTGRESQL_HOST: {{ include "reana.prefix" . }}-db
POSTGRESQL_PORT: "5432"
{{- else }}
PGBOUNCER_DATABASE: {{ .Values.db_env_config.REANA_DB_NAME | quote }}
POSTGRESQL_HOST: {{ .Values.db_env_config.REANA_DB_HOST | quote }}
POSTGRESQL_PORT: {{ .Values.db_env_config.REANA_DB_PORT | quote }}
{{- end }}
{{- end }}
12 changes: 12 additions & 0 deletions helm/reana/templates/pgbouncer-secrets.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
{{- if .Values.pgbouncer.enabled }}
apiVersion: v1
kind: Secret
metadata:
name: {{ include "reana.prefix" . }}-pgbouncer-secrets
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/resource-policy": keep
type: Opaque
data:
userlist: {{ printf "%s %s" (.Values.secrets.database.user | default "reana" | quote) (.Values.secrets.database.password | default "reana" | quote) | b64enc}}
{{- end }}
72 changes: 72 additions & 0 deletions helm/reana/templates/pgbouncer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,72 @@
{{- if .Values.pgbouncer.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "reana.prefix" . }}-pgbouncer
namespace: {{ .Release.Namespace }}
spec:
type: ClusterIP
selector:
app: {{ include "reana.prefix" . }}-pgbouncer
ports:
- port: 6432
targetPort: 6432
protocol: TCP
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "reana.prefix" . }}-pgbouncer
namespace: {{ .Release.Namespace }}
spec:
replicas: {{ if .Values.maintenance.enabled -}} 0 {{- else -}} 1 {{- end }}
selector:
matchLabels:
app: {{ include "reana.prefix" . }}-pgbouncer
template:
metadata:
labels:
app: {{ include "reana.prefix" . }}-pgbouncer
annotations:
checksum/pgbouncer-config: {{ include (print $.Template.BasePath "/pgbouncer-config.yaml") . | sha256sum }}
checksum/pgbouncer-secrets: {{ include (print $.Template.BasePath "/pgbouncer-secrets.yaml") . | sha256sum }}
checksum/database-secrets: {{ include (print $.Template.BasePath "/database-secrets.yaml") . | sha256sum }}
spec:
containers:
- name: pgbouncer
image: {{ .Values.pgbouncer.image | quote }}
ports:
- containerPort: 6432
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-pgbouncer-config
env:
- name: POSTGRESQL_USERNAME
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: user
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
- name: PGBOUNCER_USERLIST
valueFrom:
secretKeyRef:
name: {{ include "reana.prefix" . }}-pgbouncer-secrets
key: userlist
{{- range $key, $value := .Values.pgbouncer.environment }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- if .Values.node_label_infrastructuredb }}
{{- $full_label := split "=" .Values.node_label_infrastructuredb }}
nodeSelector:
{{ $full_label._0 }}: {{ $full_label._1 }}
{{- else if .Values.node_label_infrastructure }}
{{- $full_label := split "=" .Values.node_label_infrastructure }}
nodeSelector:
{{ $full_label._0 }}: {{ $full_label._1 }}
{{- end }}
{{- end }}
7 changes: 0 additions & 7 deletions helm/reana/templates/reana-db.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,12 +59,6 @@ spec:
value: "Europe/Zurich"
- name: POSTGRES_DB
value: reana
{{- if not .Values.debug.enabled }}
- name: POSTGRES_USER
value: reana
- name: POSTGRES_PASSWORD
value: reana
{{- else }}
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
Expand All @@ -75,7 +69,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
volumeMounts:
- mountPath: /var/lib/postgresql/data
subPath: db
Expand Down
23 changes: 11 additions & 12 deletions helm/reana/templates/reana-server.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@ spec:
metadata:
labels:
app: {{ include "reana.prefix" . }}-server
annotations:
checksum/database-config: {{ include (print $.Template.BasePath "/database-config.yaml") . | sha256sum }}
checksum/database-secrets: {{ include (print $.Template.BasePath "/database-secrets.yaml") . | sha256sum }}
spec:
serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }}
containers:
Expand Down Expand Up @@ -67,6 +70,9 @@ spec:
mountPath: '/var/reana/uwsgi'
- name: reana-config
mountPath: '/var/reana/config'
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-database-config
env:
- name: REANA_COMPONENT_PREFIX
value: {{ include "reana.prefix" . }}
Expand Down Expand Up @@ -100,10 +106,6 @@ spec:
- name: REANA_WORKFLOW_TERMINATION_QUOTA_UPDATE_POLICY
value: {{ tpl .Values.quota.workflow_termination_update_policy . | default "null" }}
{{- end }}
{{- range $key, $value := .Values.db_env_config }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.components.reana_server.environment }}
- name: {{ $key }}
value: {{ $value | quote }}
Expand Down Expand Up @@ -169,7 +171,7 @@ spec:
value: ""
- name: GIT_SSL_NO_VERIFY
value: "true"
{{- else }}
{{- end }}
- name: REANA_DB_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -180,7 +182,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
- name: REANA_NOTIFICATIONS_ENABLED
value: "{{ .Values.notifications.enabled }}"
{{- if .Values.notifications.enabled }}
Expand Down Expand Up @@ -223,17 +224,16 @@ spec:
{{- end }}
- mountPath: {{ .Values.shared_storage.shared_volume_mount_path }}
name: reana-shared-volume
envFrom:
- configMapRef:
name: {{ include "reana.prefix" . }}-database-config
env:
- name: REANA_COMPONENT_PREFIX
value: {{ include "reana.prefix" . }}
- name: REANA_INFRASTRUCTURE_KUBERNETES_NAMESPACE
value: {{ .Release.Namespace }}
- name: REANA_RUNTIME_KUBERNETES_NAMESPACE
value: {{ .Values.namespace_runtime | default .Release.Namespace }}
{{- range $key, $value := .Values.db_env_config }}
- name: {{ $key }}
value: {{ $value | quote }}
{{- end }}
{{- range $key, $value := .Values.components.reana_server.environment }}
- name: {{ $key }}
value: {{ $value | quote }}
Expand All @@ -256,7 +256,7 @@ spec:
value: ""
- name: GIT_SSL_NO_VERIFY
value: "true"
{{- else }}
{{- end }}
- name: REANA_DB_USERNAME
valueFrom:
secretKeyRef:
Expand All @@ -267,7 +267,6 @@ spec:
secretKeyRef:
name: {{ include "reana.prefix" . }}-db-secrets
key: password
{{- end }}
{{- if .Values.login }}
- name: LOGIN_PROVIDERS_CONFIGS
value: {{ .Values.login | toJson | quote }}
Expand Down
Loading
Loading