Merge pull request #70 from ibm-messaging/9.3.4

Updates for 9.3.4

.gitignore

@@ -4,3 +4,7 @@ samples/AWSEKS/deploy/mtlsqm.yaml
 samples/AWSEKS/test/ccdt_generated.json
 samples/AzureAKS/deploy/mtlsqm.yaml
 samples/AzureAKS/test/ccdt_generated.json
+samples/AzureAKSMultiInstance/deploy/mtlsqm.yaml
+samples/AzureAKSMultiInstance/test/ccdt_generated.json
+samples/OpenShiftNativeHA/deploy/mtlsqm.yaml
+samples/OpenShiftNativeHA/test/ccdt_generated.json

README.md

@@ -1,5 +1,5 @@
 # IBM MQ Sample Helm Chart
-This repository provides a helm chart to deploy an IBM® MQ container built from the [IBM MQ Container GitHub repository](https://github.com/ibm-messaging/mq-container), and has been verified against the [9.3.3 branch](https://github.com/ibm-messaging/mq-container/tree/9.3.3).
+This repository provides a helm chart to deploy an IBM® MQ container built from the [IBM MQ Container GitHub repository](https://github.com/ibm-messaging/mq-container), and has been verified against the [9.3.4 branch](https://github.com/ibm-messaging/mq-container/tree/9.3.4).
 
 ## Pre-reqs
 Prior to using the Helm chart you will need to install two dependencies:

charts/ibm-mq/Chart.yaml

@@ -14,9 +14,9 @@
 apiVersion: v2
 name: ibm-mq
 description: IBM MQ queue manager
-version: 7.1.0
+version: 8.0.0
 type: application
-appVersion: 9.3.3.0
+appVersion: 9.3.4.0
 kubeVersion: ">=1.18.0-0"
 keywords:
   - IBM MQ

charts/ibm-mq/README.md

@@ -4,7 +4,7 @@
 
 ## Introduction
 
-This chart deploys a single IBM® MQ server (Queue Manager) built from the [IBM MQ Container GitHub repository](https://github.com/ibm-messaging/mq-container), and has been verified using the [9.3.3 branch](https://github.com/ibm-messaging/mq-container/tree/9.3.3). IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues, topics and subscriptions to facilitate the exchanges of information and offers a single messaging solution for cloud and on-premises environments.
+This chart deploys a single IBM® MQ server (Queue Manager) built from the [IBM MQ Container GitHub repository](https://github.com/ibm-messaging/mq-container), and has been verified using the [9.3.4 branch](https://github.com/ibm-messaging/mq-container/tree/9.3.4). IBM MQ is messaging middleware that simplifies and accelerates the integration of diverse applications and business data across multiple platforms.  It uses message queues, topics and subscriptions to facilitate the exchanges of information and offers a single messaging solution for cloud and on-premises environments.
 
 ## Chart Details
 
@@ -106,7 +106,7 @@ Alternatively, each parameter can be specified by using the `--set key=value[,ke
 | ------------------------------- | --------------------------------------------------------------- | ------------------------------------------ |
 | `license`                       | Set to `accept` to accept the terms of the IBM license          | `"not accepted"`                           |
 | `image.repository`              | Image full name including repository                            | `ibmcom/mq`                                |
-| `image.tag`                     | Image tag                                                       | `9.3.3.0-r1`                               |
+| `image.tag`                     | Image tag                                                       | `9.3.4.0-r1`                               |
 | `image.pullPolicy`              | Setting that controls when the kubelet attempts to pull the specified image.                                               | `IfNotPresent`                             |
 | `image.pullSecret`              | An optional list of references to secrets in the same namespace to use for pulling any of the images used by this QueueManager. If specified, these secrets will be passed to individual puller implementations for them to use. For example, in the case of docker, only DockerConfig type secrets are honoured. For more information, see [here](https://kubernetes.io/docs/concepts/containers/images#specifying-imagepullsecrets-on-a-pod)   | `nil`                                      |
 | `metadata.labels`               | The labels field serves as a pass-through for Pod labels. Users can add any label to this field and have it apply to the Pod.                      | `{}`                                       |
@@ -139,7 +139,9 @@ Alternatively, each parameter can be specified by using the `--set key=value[,ke
 | `queueManager.envVariables` | An array of YAML objects (name / value pairs) that detail the environment variables that should be associated with the Queue Manager container | `[]` |
 | `queueManager.terminationGracePeriodSeconds` | Optional duration in seconds the Pod needs to terminate gracefully. Value must be non-negative integer. The value zero indicates delete immediately. The target time in which ending the queue manager is attempted, escalating the phases of application disconnection. Essential queue manager maintenance tasks are interrupted and applications disconnected if necessary. Defaults to 30 seconds. | 30                |
 | `queueManager.updateStrategy`   | Specify the update strategy for the StatefulSet. In the case of Native HA and Multi-instance this should always be onDelete, and therefore this parameter has no affect. For further details regarding Native HA and Multi-instance update process consult the [Updating Native HA and Multi-instance section](#Updating-the-Chart). In the case of a single instance queue manager the default is RollingUpdate. | `RollingUpdate` - single instance, `onDelete` - Native HA  and Multi-instance |
-| `web.enable`    | Whether or not to enable the web server. Default is empty string, which causes the default behaviour of the container. Set to `true` to enable the web console, and `false` to disable. | `` 
+| `web.enable`    | Whether or not to enable the web server. Default is empty string, which causes the default behaviour of the container. Set to `true` to enable the web console, and `false` to disable. | `` |
+| `web.manualConfig.configMap.name`     | ConfigMap represents a Kubernetes ConfigMap that contains web server XML configuration. The web.manualConfig can only include either the configMap or secret parameter, not both.| `` |
+| `web.manualConfig.secret.name`     | Secret represents a Kubernetes Secret that contains web server XML configuration. The web.manualConfig can only include either the configMap or secret parameter, not both.| `` |
 | `pki.keys`                      | An array of YAML objects that detail Kubernetes secrets containing TLS Certificates with private keys. For further details regarding how this is specified consult [Supplying certificates to be used for TLS](#Supplying-certificates-to-be-used-for-TLS) | `[]` |
 | `pki.trust`                     | An array of YAML objects that detail Kubernetes secrets or configMaps containing TLS Certificates. For further details regarding how this is specified consult [Supplying certificates using secrets to be used for TLS](#Supplying-certificates-to-be-used-for-TLS) and [Supplying certificates using a configMap](#Supplying-certificates-using-a-configMap)   | `[]` |
 | `security.context.fsGroup`      | A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod: 1. The owning GID will be the FSGroup 2. The setgid bit is set (new files created in the volume will be owned by FSGroup) 3. The permission bits are OR'd with rw-rw---- If unset, the Kubelet will not modify the ownership and permissions of any volume.          | `nil`                                      |

charts/ibm-mq/templates/stateful-set.yaml

@@ -232,6 +232,23 @@ spec:
           {{- end }}
       {{- end }}
       {{- end }}
+      {{- if .Values.web.manualConfig.configMap.name }}
+      - name: cm-webxml-{{ .Values.web.manualConfig.configMap.name }}
+        configMap:
+          name: {{ .Values.web.manualConfig.configMap.name }}
+          defaultMode: 0644
+          items:
+            - key: mqwebuser.xml
+              path: mqwebuser.xml
+      {{- else if .Values.web.manualConfig.secret.name }}
+      - name: s-webxml-{{ .Values.web.manualConfig.secret.name }}
+        secret:
+          secretName: {{ .Values.web.manualConfig.secret.name }}
+          defaultMode: 0644
+          items:
+            - key: mqwebuser.xml
+              path: mqwebuser.xml
+      {{- end }}
       terminationGracePeriodSeconds: {{.Values.queueManager.terminationGracePeriodSeconds}}
       containers:
         - name: qmgr
@@ -396,6 +413,17 @@ spec:
           - mountPath: "/mnt/mqm-log"
             name: {{ $logVolumeClaimName }}
           {{- end }}
+          {{- if .Values.web.manualConfig.configMap.name }}
+          - name: cm-webxml-{{ .Values.web.manualConfig.configMap.name }}
+            mountPath: "/etc/mqm/web/installations/Installation1/servers/mqweb/mqwebuser.xml"
+            subPath: "mqwebuser.xml"
+            readOnly: true
+          {{- else if .Values.web.manualConfig.secret.name }}
+          - name: s-webxml-{{ .Values.web.manualConfig.secret.name }}
+            mountPath: "/etc/mqm/web/installations/Installation1/servers/mqweb/mqwebuser.xml"
+            subPath: "mqwebuser.xml"
+            readOnly: true
+          {{- end }}
           securityContext:
             allowPrivilegeEscalation: false
             readOnlyRootFilesystem: false

charts/ibm-mq/values.yaml

@@ -19,7 +19,7 @@ image:
   # repository is the container repository to use
   repository: icr.io/ibm-messaging/mq
   # tag is the tag to use for the container repository
-  tag: 9.3.3.0-r1
+  tag: 9.3.4.0-r1
   # pullSecret is the secret to use when pulling the image from a private registry
   pullSecret:
   # pullPolicy is either IfNotPresent or Always (https://kubernetes.io/docs/concepts/containers/images/)
@@ -190,3 +190,8 @@ tolerations: []
 
 web: 
   enabled:
+  manualConfig:
+    configMap:
+      name:
+    secret:
+      name:

samples/AzureAKSMultiInstance/README.md

@@ -0,0 +1,41 @@
+# Deploying MQ Multi-instance using the IBM MQ Helm Chart on Azure AKS
+
+## Pre-reqs
+Prior to using the Helm chart you will need to install four dependencies:
+1. [Helm version 3](https://helm.sh/docs/intro/install/)
+2. [Kubectl](https://kubernetes.io/docs/tasks/tools/)
+3. [Azure Command Line](https://docs.microsoft.com/en-gb/cli/azure/)
+
+
+## Installation
+1. Log into the Azure command line using `az login`. If you require additional details please consult [here](https://docs.microsoft.com/en-gb/cli/azure/get-started-with-azure-cli).
+1. Change directories to *deploy*: `cd deploy`
+1. An optional script to create and connect to a new AKS cluster is included called [*./createAKSCluster.sh \<ResourceGroup\> \<ClusterName\> \<AKS Region\>*](deploy/createAKSCluster.sh) which takes three optional parameters:
+      * Parameter 1: Azure Resource Group name to be created for the deployment - this will default to *myMQResourceGroup*
+      * Parameter 2: AKS Cluster name - this will default to *myMQCluster*
+      * Parameter 3: The Azure region for the deployment - this will default to *eastus*.
+      For instance if you wanted the Resource group *MQTest*, in a cluster names *MQCluster*, in *westus* region, the command would be:
+      ```
+      ./createAKSCluster.sh MQTest MQCluster westus
+      ```
+1. Run the installation command to deploy an instance of the helm chart: `./install.sh <namespace>`
+    Where \<namespace\> is the Kubernetes namespace where the resources should be deployed into. If you are unsure this can be omitted and it will be installed into the default namespace. This will deploy a number of resources:
+    * The IBM MQ Helm Chart using the properties within the [secureapp_multiinstance.yaml](deploy/secureapp_multiinstance.yaml) file.
+    * A configMap with MQ configuration to define a default Queue, and the security required.
+    * A secret that includes certificates and keys from the `genericresources/createcerts` directory. Assuring the communication in MQ is secure.
+    * A Kubernete load balancer service to expose the Multi-instance Queue Manager to the internet.
+    * A custom storage class called `mq-azurefile` which is suitable for MQ Multi-instance. Please note this is not automatically deleted in the cleanup script.
+1. This will take a minute or so to deploy, and the status can be checked with the following command: `kubectl get pods | grep multiinstance`. Wait until one of the three Pods is showing `1/1` under the ready status (only one will ever show this, the remainding two will be `0/1` showing they are replicas).
+
+## Testing
+Navigate to the *../test* directory. No modifications should be required, as the endpoint configuration for your environment will be discovered automatically.
+
+1. To initiate the testing, run the **./sendMessage.sh \<namespace\>** command. It will then connect to MQ and start sending messages immediately.
+
+1. Open another terminal window and run the **./getMessage.sh \<namespace\>** command. You should see all of the messages being sent by the sendMessaging command.
+
+1. To see how the pods work together in action, run the **kubectl get pod | grep multiinstance** command on another terminal window to view the current pods, and then delete the running pod (the one with the ready state of `1/1`) by running the command: **kubectl delete pod multiinstance-ibm-mq-0** (where the pod name is customized based on which one is active). Once the active pod is deleted, the application connections will then reconnect to the other pod.
+
+1. You can clean up the resources by navigating to the *../deploy* directory and running the command **./cleanup.sh \<namespace\>**. This will delete everything from the AKS cluster, but leave the cluster itself. Do not worry if you receive messages about PVCs not being found, this is a generic clean-up script and assumes a worst case scenario.
+
+1. If you want to remove the AKS cluster run the command: **./deleteAKSCluster.sh \<ResourceGroup\> \<ClusterName\> \<AKS Region\>**

samples/AzureAKSMultiInstance/deploy/cleanup.sh

@@ -0,0 +1,22 @@
+#! /bin/bash
+# © Copyright IBM Corporation 2023
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+export TARGET_NAMESPACE=default
+
+helm delete multiinstance
+kubectl delete secret helmsecure -n $TARGET_NAMESPACE
+kubectl delete configmap helmsecure -n $TARGET_NAMESPACE
+kubectl delete pvc qm-multiinstance-ibm-mq-0 -n $TARGET_NAMESPACE
+kubectl delete pvc qm-multiinstance-ibm-mq-1 -n $TARGET_NAMESPACE

samples/AzureAKSMultiInstance/deploy/createAKSCluster.sh

@@ -0,0 +1,24 @@
+#! /bin/bash
+# © Copyright IBM Corporation 2023
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+export RESOURCE_GROUP=${1:-"myMQResourceGroup"}
+export CLUSTER_NAME=${2:-"myMQCluster"}
+export REGION=${3:-"eastus"}
+
+az group create --name $RESOURCE_GROUP --location $REGION
+
+az aks create --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --node-count 2 --generate-ssh-keys
+
+az aks get-credentials --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME

samples/AzureAKSMultiInstance/deploy/customStorageClass.yaml

@@ -0,0 +1,29 @@
+# © Copyright IBM Corporation 2023
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+kind: StorageClass
+apiVersion: storage.k8s.io/v1
+metadata:
+  name: mq-azurefile
+provisioner: file.csi.azure.com
+reclaimPolicy: Delete
+volumeBindingMode: Immediate
+mountOptions:
+  - rw
+  - bg
+  - intr
+  - vers=4
+  - sec=sys
+parameters:
+  skuName: Premium_LRS
+  protocol: nfs

samples/AzureAKSMultiInstance/deploy/deleteAKSCluster.sh

@@ -0,0 +1,22 @@
+#! /bin/bash
+# © Copyright IBM Corporation 2023
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+export RESOURCE_GROUP=${1:-"myMQResourceGroup"}
+export CLUSTER_NAME=${2:-"myMQCluster"}
+export REGION=${3:-"eastus"}
+
+az aks delete --resource-group $RESOURCE_GROUP --name $CLUSTER_NAME --yes --no-wait
+
+az group delete --resource-group $RESOURCE_GROUP --yes --no-wait

samples/AzureAKSMultiInstance/deploy/install.sh

@@ -0,0 +1,28 @@
+#! /bin/bash
+# © Copyright IBM Corporation 2023
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+export TARGET_NAMESPACE=${1:-"default"}
+export QM_KEY=$(cat ../../genericresources/createcerts/server.key | base64 | tr -d '\n')
+export QM_CERT=$(cat ../../genericresources/createcerts/server.crt | base64 | tr -d '\n')
+export APP_CERT=$(cat ../../genericresources/createcerts/application.crt | base64 | tr -d '\n')
+
+( echo "cat <<EOF" ; cat mtlsqm.yaml_template ; echo EOF ) | sh > mtlsqm.yaml
+
+kubectl config set-context --current --namespace=$TARGET_NAMESPACE
+kubectl apply -f mtlsqm.yaml
+
+kubectl apply -f customStorageClass.yaml
+
+helm install multiinstance ../../../charts/ibm-mq -f secureapp_multiinstance.yaml