High availability configuration

[AnatomicJC]

Hi,

First of all, thank you for job done on this helm chart, it is awesome and is working well. I'm currently working on a fork where you will be able to deploy passbolt in HA mode, with mariadb-galera and redis-cluster.

I currently perform some testing and I think I will be able to propose a pull request in the coming days. Would you be interested, or do you want to keep this chart as-is?

At least 3 nodes are required in the k8s cluster to fit HA requirements.

It is currently a work-in-progress: https://github.com/AnatomicJC/passbolt-helm

Cheers,

[claudio-walser]

Sounds nice, any pr is highly appreciated :+1:

[AnatomicJC]

I wrote a quick start here: https://github.com/AnatomicJC/passbolt-helm#quick-start with non-HA and HA mode.

I also made some rework:

• persistence for avatars storage is no more needed as avatars are stored in database in latest passbolt versions
• I added some php settings based on passbolt customers feedbacks (php timeout increased, post_max_size, php-fpm pm.max_children, etc.): https://github.com/AnatomicJC/passbolt-helm/blob/master/templates/configmap.yaml
• I renamed /etc/php/7.4/fpm/conf.d/passbolt.ini to /etc/php/7.4/fpm/pool.d/zzz-passbolt.conf as it is a php-fpm conf file and not an ini file.
• I don't want to store in this repository subcharts source files

I have to review the README file before PR but the HA mode is working. I tested it on a k3s cluster with 3 nodes. passbolt survives if a node dies but there is an issue if this is the node who contains the redis master. A new master is quickly elected but passbolt pod is not aware of it and has to be restarted. This because passbolt pod must hit the redis master pod directly. The implemented redis service doesn't work with php redis module. By hitting the redis service, php-redis is supposed to forward to the master directly but it seems it is not implemented. That's why I created a passbolt-ha-monitor cron for this: https://gitlab.com/AnatomicJC/helm-charts/-/blob/main/passbolt-ha-monitor/values.yaml#L29-L86

[claudio-walser]

Hi AnatomicJC This sounds very promising. Thank you for improving things.

I am not sure if I get your last point

I don't want to store in this repository subcharts source files

Are you talking about the subcharts, stored in /charts? We do rollout our charts like this, the reason is to save us a dependency installation on argo-cd. And, whatever is checked in, is exactly running on the cluster.

How would you suggest to handle subcharts? Open for alternatives ;-)

Regarding the issue with redis, I need to check how you implemented it. But as far as i know, using redis-cluster, you should be able to setup a pretty decent redis-ha installation as well.

Looking forward to the pr, thank you for the effort.

[AnatomicJC]

To handle subcharts, I set dependencies in Chart.yaml file: https://github.com/AnatomicJC/passbolt-helm/blob/master/Chart.yaml#L36-L56 and they are downloaded with this command: helm dep build .

But it is just a suggestion, if you prefer to commit charts in /charts folder, there is no problem :-)