[Improvement][Registry][Jdbc] Add jdbc registry config in helm charts (#14431)

* k8s support jdbc registryt

* fix spotless

* fix

* update

* update

* update

* update

Author: qE0a44OX6s

deploy/kubernetes/dolphinscheduler/templates/_helpers.tpl

@@ -252,28 +252,48 @@ Create a registry environment variables.
 - name: REGISTRY_TYPE
   {{- if .Values.zookeeper.enabled }}
   value: "zookeeper"
-  {{- else if .Values.etcd.enabled }}
+  {{- else if .Values.registryEtcd.enabled }}
   value: "etcd"
+  {{- else if .Values.registryJdbc.enabled }}
+  value: "jdbc"
   {{- else }}
   value: {{ .Values.externalRegistry.registryPluginName }}
   {{- end }}
-{{- if .Values.etcd.enabled }}
+{{- if .Values.registryEtcd.enabled }}
 - name: REGISTRY_ENDPOINTS
-  value: {{ .Values.etcd.endpoints }}
+  value: {{ .Values.registryEtcd.endpoints }}
 - name: REGISTRY_NAMESPACE
-  value: {{ .Values.etcd.namespace }}
+  value: {{ .Values.registryEtcd.namespace }}
 - name: REGISTRY_USER
-  value: {{ .Values.etcd.user }}
+  value: {{ .Values.registryEtcd.user }}
 - name: REGISTRY_PASSWORD
-  value: {{ .Values.etcd.passWord }}
+  value: {{ .Values.registryEtcd.passWord }}
 - name: REGISTRY_AUTHORITY
-  value: {{ .Values.etcd.authority }}
+  value: {{ .Values.registryEtcd.authority }}
 - name: REGISTRY_CERT_FILE
-  value: {{ .Values.etcd.ssl.certFile }}
+  value: {{ .Values.registryEtcd.ssl.certFile }}
 - name: REGISTRY_KEY_CERT_CHAIN_FILE
-  value: {{ .Values.etcd.ssl.keyCertChainFile }}
+  value: {{ .Values.registryEtcd.ssl.keyCertChainFile }}
 - name: REGISTRY_KEY_FILE
-  value: {{ .Values.etcd.ssl.keyFile }}
+  value: {{ .Values.registryEtcd.ssl.keyFile }}
+{{- else if .Values.registryJdbc.enabled }}
+- name: REGISTRY_TERM_REFRESH_INTERVAL
+  value: {{ .Values.registryJdbc.termRefreshInterval }}
+- name: REGISTRY_TERM_EXPIRE_TIMES
+  value: {{ .Values.registryJdbc.termExpireTimes | quote}}
+{{- if .Values.registryJdbc.hikariConfig.enabled }}
+- name: REGISTRY_HIKARI_CONFIG_DRIVER_CLASS_NAME
+  value: {{ .Values.registryJdbc.hikariConfig.driverClassName }}
+- name: REGISTRY_HIKARI_CONFIG_JDBC_URL
+  value: {{ .Values.registryJdbc.hikariConfig.jdbcurl }}
+- name: REGISTRY_HIKARI_CONFIG_USERNAME
+  value: {{ .Values.registryJdbc.hikariConfig.username }}
+- name: REGISTRY_HIKARI_CONFIG_PASSWORD
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "dolphinscheduler.fullname" . }}-registry-db
+      key: registry-password
+{{- end }}
 {{- else }}
 - name: REGISTRY_ZOOKEEPER_CONNECT_STRING
   {{- if .Values.zookeeper.enabled }}
@@ -330,7 +350,7 @@ Create a fsFileResourcePersistence volumeMount.
 Create a etcd ssl volume.
 */}}
 {{- define "dolphinscheduler.etcd.ssl.volume" -}}
-{{- if .Values.etcd.ssl.enabled -}}
+{{- if .Values.registryEtcd.ssl.enabled -}}
 - name: etcd-ssl
   secret:
     secretName: {{ include "dolphinscheduler.fullname" . }}-etcd-ssl
@@ -341,14 +361,14 @@ Create a etcd ssl volume.
 Create a etcd ssl volumeMount.
 */}}
 {{- define "dolphinscheduler.etcd.ssl.volumeMount" -}}
-{{- if .Values.etcd.ssl.enabled -}}
-- mountPath: /opt/dolphinscheduler/{{ .Values.etcd.ssl.certFile }}
+{{- if .Values.registryEtcd.ssl.enabled -}}
+- mountPath: /opt/dolphinscheduler/{{ .Values.registryEtcd.ssl.certFile }}
   name: etcd-ssl
   subPath: cert-file
-- mountPath: /opt/dolphinscheduler/{{ .Values.etcd.ssl.keyCertChainFile  }}
+- mountPath: /opt/dolphinscheduler/{{ .Values.registryEtcd.ssl.keyCertChainFile  }}
   name: etcd-ssl
   subPath: key-cert-chain-file
-- mountPath: /opt/dolphinscheduler/{{ .Values.etcd.ssl.keyFile }}
+- mountPath: /opt/dolphinscheduler/{{ .Values.registryEtcd.ssl.keyFile }}
   name: etcd-ssl
   subPath: key-file
 {{- end -}}

deploy/kubernetes/dolphinscheduler/templates/secret-external-database.yaml

@@ -25,4 +25,4 @@ metadata:
 type: Opaque
 data:
   database-password: {{ .Values.externalDatabase.password | b64enc | quote }}
-{{- end }}
+{{- end }}

deploy/kubernetes/dolphinscheduler/templates/secret-external-etcd-ssl.yaml

@@ -14,7 +14,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-{{- if .Values.etcd.ssl.enabled }}
+{{- if .Values.registryEtcd.ssl.enabled }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -24,7 +24,7 @@ metadata:
     {{- include "dolphinscheduler.common.labels" . | nindent 4 }}
 type: Opaque
 data:
-  cert-file: {{ .Files.Get .Values.etcd.ssl.certFile | b64enc | quote }}
-  key-cert-chain-file: {{ .Files.Get .Values.etcd.ssl.keyCertChainFile | b64enc | quote }}
-  key-file: {{ .Files.Get .Values.etcd.ssl.keyFile | b64enc | quote }}
+  cert-file: {{ .Files.Get .Values.registryEtcd.ssl.certFile | b64enc | quote }}
+  key-cert-chain-file: {{ .Files.Get .Values.registryEtcd.ssl.keyCertChainFile | b64enc | quote }}
+  key-file: {{ .Files.Get .Values.registryEtcd.ssl.keyFile | b64enc | quote }}
 {{- end }}

deploy/kubernetes/dolphinscheduler/templates/secret-registry-database.yaml

@@ -0,0 +1,28 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one or more
+# contributor license agreements.  See the NOTICE file distributed with
+# this work for additional information regarding copyright ownership.
+# The ASF licenses this file to You under the Apache License, Version 2.0
+# (the "License"); you may not use this file except in compliance with
+# the License.  You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+{{- if .Values.registryJdbc.hikariConfig.enabled }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "dolphinscheduler.fullname" . }}-registry-db
+  labels:
+    app.kubernetes.io/name: {{ include "dolphinscheduler.fullname" . }}-registry-db
+    {{- include "dolphinscheduler.common.labels" . | nindent 4 }}
+type: Opaque
+data:
+  registry-password: {{ .Values.registryJdbc.hikariConfig.password | b64enc | quote }}
+{{- end }}

deploy/kubernetes/dolphinscheduler/values.yaml

@@ -97,7 +97,7 @@ zookeeper:
     size: "20Gi"
     storageClass: "-"
 
-etcd:
+registryEtcd:
   enabled: false
   endpoints: ""
   namespace: "dolphinscheduler"
@@ -111,14 +111,28 @@ etcd:
     keyCertChainFile: "etcd-certs/client.crt"
     keyFile: "etcd-certs/client.pem"
 
+registryJdbc:
+  enabled: false
+  termRefreshInterval: 2s
+  termExpireTimes: 3
+  hikariConfig:
+    # Default use same Dolphinscheduler's database, if you want to use other database please change `enabled` to `true` and change other configs
+    enabled: false
+    driverClassName: com.mysql.cj.jdbc.Driver
+    jdbcurl: jdbc:mysql://
+    username: ""
+    password: ""
+
 ## If exists external registry and set zookeeper.enable value to false, the external registry will be used.
 externalRegistry:
   registryPluginName: "zookeeper"
   registryServers: "127.0.0.1:2181"
 
 security:
   authentication:
+    # Authentication types (supported types: PASSWORD,LDAP,CASDOOR_SSO)
     type: PASSWORD
+    # IF you set type `LDAP`, below config will be effective
     ldap:
       urls: ldap://ldap.forumsys.com:389/
       basedn: dc=example,dc=com

docs/docs/en/architecture/configuration.md

@@ -258,7 +258,7 @@ Location: `api-server/conf/application.yaml`
 |security.authentication.ldap.user.identity-attribute|uid|LDAP user identity attribute|
 |security.authentication.ldap.user.email-attribute|mail|LDAP user email attribute|
 |security.authentication.ldap.user.not-exist-action|CREATE|action when ldap user is not exist,default value: CREATE. Optional values include(CREATE,DENY)|
-|security.authentication.ldap.ssl.enable|false|LDAP switch|
+|security.authentication.ldap.ssl.enable|false|LDAP ssl switch|
 |security.authentication.ldap.ssl.trust-store|ldapkeystore.jks|LDAP jks file absolute path|
 |security.authentication.ldap.ssl.trust-store-password|password|LDAP jks password|
 |security.authentication.casdoor.user.admin||admin user account when you log-in with Casdoor|