Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Topaz: option to enable the profiler service. #31

Merged
merged 1 commit into from
Dec 3, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 14 additions & 6 deletions charts/topaz/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -373,23 +373,25 @@ decisionLogs:

## Service Ports

Topaz pods expose four ports:
Topaz pods expose the following ports:

| Protocol | Default Port | Description |
|----------|--------------|-------------|
| gRPC | 8282 | gRPC services |
| HTTPS | 8383 | REST endpoints and web console |
| Health | 8484 | gRPC [health service](https://github.com/grpc/grpc/blob/master/doc/health-checking.md) |
| Metrics | 8585 | Prometheus metrics |
| Metrics | 8585 | Prometheus metrics [optional, enabled by default] |
| Profiler | 8686 | Profiler service [optional, disabled by default] |

The default ports can be overridden in `values.yaml`:

```yaml
ports:
grpc: 9292
https: 9393
health: 9494
metrics: 9595
grpc: 8282
https: 8383
health: 8484
metrics: 8585
profiler: 8686
```

The metrics service can be disabled if not needed:
Expand All @@ -399,6 +401,12 @@ metrics:
enabled: false
```

The profiler service can be enabled using:
```yaml
profiler:
enabled: true
```

## Authentication

By default, anyone with access to the topaz pod can use the gRPC and REST endpoints. That means that any
Expand Down
6 changes: 6 additions & 0 deletions charts/topaz/templates/config.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,12 @@ stringData:
log_level: {{ .Values.logLevel | default "info" }}
grpc_log_level: {{ .Values.grpcLogLevel | default "info" }}

{{- if (.Values.profiler).enabled }}
debug_service:
enabled: true
listen_address: 0.0.0.0:{{ (.Values.ports).profiler | default "8686"}}
{{- end }}

{{- if empty ((.Values.directory).remote).address }}
directory:
db_path: /db/directory.db
Expand Down
16 changes: 14 additions & 2 deletions charts/topaz/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,13 @@ spec:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
args:
- run
- -c
- /config/config.yaml
{{- if (.Values.profiler).enabled }}
- --debug
{{- end }}
ports:
- name: grpc
containerPort: {{ (.Values.ports).grpc | default "8282" }}
Expand All @@ -57,11 +64,16 @@ spec:
- name: health
containerPort: {{ (.Values.ports).health | default "8484" }}
protocol: TCP
{{- if (.Values.metrics).enabled }}
{{- if (.Values.metrics).enabled }}
- name: metrics
containerPort: {{ (.Values.ports).metrics | default "8585" }}
protocol: TCP
{{- end }}
{{- end }}
{{- if (.Values.profiler).enabled }}
- name: profiler
containerPort: {{ (.Values.ports).profiler | default "8686"}}
protocol: TCP
{{- end }}
startupProbe:
grpc:
port: {{ (.Values.ports).health | default "8484" }}
Expand Down
7 changes: 7 additions & 0 deletions charts/topaz/templates/service.yaml
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
---
apiVersion: v1
kind: Service
metadata:
Expand Down Expand Up @@ -25,5 +26,11 @@ spec:
protocol: TCP
name: metrics
{{- end }}
{{- if (.Values.profiler).enabled }}
- port: {{ (.Values.ports).profiler | default "8686" }}
targetPort: profiler
protocol: TCP
name: profiler
{{- end }}
selector:
{{- include "topaz.selectorLabels" . | nindent 4 }}
14 changes: 14 additions & 0 deletions charts/topaz/test/assertions.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
{
"assertions": [
{
"check": {
"subject_type": "user",
"subject_id": "rick@the-citadel.com",
"relation": "member",
"object_type": "group",
"object_id": "admin"
},
"expected": true
}
]
}
34 changes: 34 additions & 0 deletions charts/topaz/test/data/domain_objects.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
{
"objects": [
{
"type": "resource-creator",
"id": "resource-creators",
"display_name": "Resource creators",
"properties": {}
},
{
"type": "resource",
"id": "mega-seed",
"display_name": "Mega seed",
"properties": {}
},
{
"type": "resource",
"id": "portal-gun",
"display_name": "Portal gun",
"properties": {}
},
{
"type": "resource",
"id": "space-cruiser",
"display_name": "Space cruiser",
"properties": {}
},
{
"type": "resource",
"id": "time-crystal",
"display_name": "Time crystal",
"properties": {}
}
]
}
88 changes: 88 additions & 0 deletions charts/topaz/test/data/domain_relations.json
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"relations": [
{
"object_type": "resource-creator",
"object_id": "resource-creators",
"relation": "member",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource-creator",
"object_id": "resource-creators",
"relation": "member",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource-creator",
"object_id": "resource-creators",
"relation": "member",
"subject_type": "user",
"subject_id": "summer@the-smiths.com"
},
{
"object_type": "resource",
"object_id": "mega-seed",
"relation": "owner",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "mega-seed",
"relation": "reader",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "space-cruiser",
"relation": "owner",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "space-cruiser",
"relation": "writer",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "space-cruiser",
"relation": "reader",
"subject_type": "user",
"subject_id": "summer@the-smiths.com"
},
{
"object_type": "resource",
"object_id": "portal-gun",
"relation": "owner",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "portal-gun",
"relation": "writer",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "time-crystal",
"relation": "writer",
"subject_type": "user",
"subject_id": "rick@the-citadel.com"
},
{
"object_type": "resource",
"object_id": "time-crystal",
"relation": "reader",
"subject_type": "user",
"subject_id": "morty@the-citadel.com"
}
]
}
Loading
Loading