fix: important issues in InfluxDB3 Enterprise (#756)

* fix: remove unused helper blocks

* fix: wrong env vars prefix for TRACES

* fix: license file handling

* fix: simpler license file path

* fix: license docs and post-install check

* fix: memory-throttled is a object storage type

* fix: add objectStorage.type value validation

* fix: write and read ingress when components are not enabled

* fix: value comment

* fix: remove empty block

* fix: processing engine PDB

* fix: indenting

* fix: networkpolicy is only rendered when component(s) are enabled

* fix: comment out some s3 keys

* fix: wire missing option

* fix: handle procesing engine plugin init and persistence

* fix: add AWS credentials file wiring

* fix: remove nonexistent flags

* chore: bump chart version

* fix: volumeClaimTemplates indentation

* fix: commenting

* fix: revert maxUnavailable to original value

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix: subtract prefix length

Co-authored-by: Jan Simon <63776254+jansimonb@users.noreply.github.com>

* docs: S3 storage credentials file description

* fix: key comment

Co-authored-by: Jan Simon <63776254+jansimonb@users.noreply.github.com>

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Jan Simon <63776254+jansimonb@users.noreply.github.com>

Author: 3 people

charts/influxdb3-enterprise/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: influxdb3-enterprise
 description: A Helm chart for deploying InfluxDB 3 Enterprise on Kubernetes
 type: application
-version: 0.1.0
+version: 0.1.1
 appVersion: "3.6.0"
 keywords:
   - influxdb

charts/influxdb3-enterprise/README.md

@@ -471,7 +471,7 @@ logs:
 | `image.tag` | Image tag | `3-enterprise` |
 | `license.type` | trial, home, or commercial | `trial` |
 | `license.email` | Email for trial/home | `""` |
-| `license.file` | Path to license file (commercial) | `""` |
+| `license.file` | License file content (use `--set-file license.file=/path/to/file`) | `""` |
 | `license.existingSecret` | Secret with `license-email` or `license-file` | `""` |
 
 ### Object Storage Parameters
@@ -484,7 +484,7 @@ logs:
 | `objectStorage.s3.endpoint` | S3 endpoint (for S3-compatible) | `""` |
 | `objectStorage.s3.accessKeyId` / `secretAccessKey` | S3 credentials | `""` |
 | `objectStorage.s3.sessionToken` | Optional session token | `""` |
-| `objectStorage.s3.credentialsFile` | Path to credentials file | `""` |
+| `objectStorage.s3.credentialsFile` | Credentials file content (use `--set-file objectStorage.s3.credentialsFile=/path/to/file`) | `""` |
 | `objectStorage.s3.existingSecret` | Secret with `access-key-id`/`secret-access-key` | `""` |
 | `objectStorage.azure.storageAccount` | Azure storage account | `""` |
 | `objectStorage.azure.accessKey` | Azure access key | `""` |

charts/influxdb3-enterprise/examples/values-dev.yaml

@@ -8,10 +8,8 @@
 objectStorage:
   type: file
   file:
-    enabled: true
     dataDir: "/var/lib/influxdb3"
     persistence:
-      enabled: true
       storageClass: ""
       size: 10Gi
 

charts/influxdb3-enterprise/templates/NOTES.txt

@@ -92,10 +92,8 @@ Getting started:
 
 Documentation: https://docs.influxdata.com/influxdb3/enterprise/
 
-{{- if not .Values.license.email }}
-{{- if not .Values.license.existingSecret }}
+{{- if not (or .Values.license.email .Values.license.file .Values.license.existingSecret) }}
 
 ⚠️  WARNING: No license configured!
-    Set .Values.license.email or .Values.license.existingSecret to activate your license.
-{{- end }}
+    Set license.email, license.file, or license.existingSecret to activate your license.
 {{- end }}

charts/influxdb3-enterprise/templates/_helpers.tpl

@@ -48,14 +48,6 @@ app.kubernetes.io/name: {{ include "influxdb3-enterprise.name" . }}
 app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
 
-{{/*
-Component labels
-*/}}
-{{- define "influxdb3-enterprise.componentLabels" -}}
-{{ include "influxdb3-enterprise.labels" . }}
-app.kubernetes.io/component: {{ .component }}
-{{- end }}
-
 {{/*
 Service account name
 */}}
@@ -93,6 +85,17 @@ License secret name
 {{- end }}
 {{- end }}
 
+{{/*
+Validate object storage type
+*/}}
+{{- define "influxdb3-enterprise.validateObjectStorageType" -}}
+{{- $type := default "s3" .Values.objectStorage.type -}}
+{{- $valid := list "s3" "azure" "google" "file" "memory" "memory-throttled" -}}
+{{- if not (has $type $valid) -}}
+{{- fail (printf "Invalid objectStorage.type: %s. Must be one of: %s" $type (join ", " $valid)) -}}
+{{- end -}}
+{{- end }}
+
 {{/*
 License checksum (handles existingSecret via lookup)
 */}}
@@ -116,152 +119,6 @@ TLS secret name
 {{- end }}
 {{- end }}
 
-{{/*
-HTTP/TLS/Auth environment (shared across components)
-*/}}
-{{- define "influxdb3-enterprise.httpEnv" -}}{{- end }}
-
-{{/*
-Cluster environment (shared across components)
-*/}}
-{{- define "influxdb3-enterprise.clusterEnv" -}}{{- end }}
-
-{{/*
-Caching environment (shared across components)
-*/}}
-{{- define "influxdb3-enterprise.cachingEnv" -}}
-{{- with .Values.caching }}
-  {{- if .parquetMemCacheSize }}
-- name: INFLUXDB3_PARQUET_MEM_CACHE_SIZE
-  value: {{ .parquetMemCacheSize | quote }}
-  {{- end }}
-  {{- if .parquetMemCacheQueryPathDuration }}
-- name: INFLUXDB3_PARQUET_MEM_CACHE_QUERY_PATH_DURATION
-  value: {{ .parquetMemCacheQueryPathDuration | quote }}
-  {{- end }}
-  {{- if .parquetMemCachePrunePercentage }}
-- name: INFLUXDB3_PARQUET_MEM_CACHE_PRUNE_PERCENTAGE
-  value: {{ .parquetMemCachePrunePercentage | quote }}
-  {{- end }}
-  {{- if .parquetMemCachePruneInterval }}
-- name: INFLUXDB3_PARQUET_MEM_CACHE_PRUNE_INTERVAL
-  value: {{ .parquetMemCachePruneInterval | quote }}
-  {{- end }}
-  {{- if hasKey . "disableParquetMemCache" }}
-- name: INFLUXDB3_DISABLE_PARQUET_MEM_CACHE
-  value: {{ ternary "true" "false" .disableParquetMemCache | quote }}
-  {{- end }}
-  {{- if .preemptiveCacheAge }}
-- name: INFLUXDB3_PREEMPTIVE_CACHE_AGE
-  value: {{ .preemptiveCacheAge | quote }}
-  {{- end }}
-  {{- if hasKey . "lastValueCacheDisableFromHistory" }}
-- name: INFLUXDB3_ENTERPRISE_LAST_VALUE_CACHE_DISABLE_FROM_HISTORY
-  value: {{ ternary "true" "false" .lastValueCacheDisableFromHistory | quote }}
-  {{- end }}
-  {{- if .lastCacheEvictionInterval }}
-- name: INFLUXDB3_LAST_CACHE_EVICTION_INTERVAL
-  value: {{ .lastCacheEvictionInterval | quote }}
-  {{- end }}
-  {{- if hasKey . "distinctValueCacheDisableFromHistory" }}
-- name: INFLUXDB3_ENTERPRISE_DISTINCT_VALUE_CACHE_DISABLE_FROM_HISTORY
-  value: {{ ternary "true" "false" .distinctValueCacheDisableFromHistory | quote }}
-  {{- end }}
-  {{- if .distinctCacheEvictionInterval }}
-- name: INFLUXDB3_DISTINCT_CACHE_EVICTION_INTERVAL
-  value: {{ .distinctCacheEvictionInterval | quote }}
-  {{- end }}
-  {{- if .tableIndexCacheMaxEntries }}
-- name: INFLUXDB3_TABLE_INDEX_CACHE_MAX_ENTRIES
-  value: {{ .tableIndexCacheMaxEntries | quote }}
-  {{- end }}
-  {{- if .tableIndexCacheConcurrencyLimit }}
-- name: INFLUXDB3_TABLE_INDEX_CACHE_CONCURRENCY_LIMIT
-  value: {{ .tableIndexCacheConcurrencyLimit | quote }}
-  {{- end }}
-{{- end }}
-{{- end }}
-
-{{/*
-Logs environment (shared across components)
-*/}}
-{{- define "influxdb3-enterprise.logsEnv" -}}
-{{- $logs := default (dict) .Values.logs }}
-- name: LOG_DESTINATION
-  value: {{ default "stdout" (default ($logs.logDestination) ($logs.destination)) | quote }}
-- name: LOG_FORMAT
-  value: {{ default "full" (default ($logs.logFormat) ($logs.format)) | quote }}
-{{- if $logs.logFilter }}
-- name: LOG_FILTER
-  value: {{ $logs.logFilter | quote }}
-{{- end }}
-- name: INFLUXDB3_QUERY_LOG_SIZE
-  value: {{ default 1000 ($logs.queryLogSize) | quote }}
-{{- end }}
-
-{{/*
-Object storage environment (shared across components)
-*/}}
-{{- define "influxdb3-enterprise.objectStoreEnv" -}}
-- name: INFLUXDB3_OBJECT_STORE
-  value: {{ .Values.objectStorage.type | quote }}
-{{- if eq .Values.objectStorage.type "file" }}
-- name: INFLUXDB3_DB_DIR
-  value: {{ .Values.objectStorage.file.dataDir | quote }}
-{{- else }}
-- name: INFLUXDB3_BUCKET
-  value: {{ .Values.objectStorage.bucket | quote }}
-{{- if .Values.objectStorage.connectionLimit }}
-- name: OBJECT_STORE_CONNECTION_LIMIT
-  value: {{ .Values.objectStorage.connectionLimit | quote }}
-{{- end }}
-{{- if hasKey .Values.objectStorage "http2Only" }}
-- name: OBJECT_STORE_HTTP2_ONLY
-  value: {{ ternary "true" "false" .Values.objectStorage.http2Only | quote }}
-{{- end }}
-{{- if .Values.objectStorage.http2MaxFrameSize }}
-- name: OBJECT_STORE_HTTP2_MAX_FRAME_SIZE
-  value: {{ .Values.objectStorage.http2MaxFrameSize | quote }}
-{{- end }}
-{{- if .Values.objectStorage.maxRetries }}
-- name: OBJECT_STORE_MAX_RETRIES
-  value: {{ .Values.objectStorage.maxRetries | quote }}
-{{- end }}
-{{- if .Values.objectStorage.retryTimeout }}
-- name: OBJECT_STORE_RETRY_TIMEOUT
-  value: {{ .Values.objectStorage.retryTimeout | quote }}
-{{- end }}
-{{- if .Values.objectStorage.cacheEndpoint }}
-- name: OBJECT_STORE_CACHE_ENDPOINT
-  value: {{ .Values.objectStorage.cacheEndpoint | quote }}
-{{- end }}
-{{- if eq .Values.objectStorage.type "s3" }}
-- name: AWS_DEFAULT_REGION
-  value: {{ .Values.objectStorage.s3.region | quote }}
-{{- if .Values.objectStorage.s3.endpoint }}
-- name: AWS_ENDPOINT
-  value: {{ .Values.objectStorage.s3.endpoint | quote }}
-{{- end }}
-{{- if .Values.objectStorage.s3.allowHttp }}
-- name: AWS_ALLOW_HTTP
-  value: "true"
-{{- end }}
-{{- else if eq .Values.objectStorage.type "azure" }}
-{{- if .Values.objectStorage.azure.endpoint }}
-- name: AZURE_ENDPOINT
-  value: {{ .Values.objectStorage.azure.endpoint | quote }}
-{{- end }}
-{{- if .Values.objectStorage.azure.allowHttp }}
-- name: AZURE_ALLOW_HTTP
-  value: "true"
-{{- end }}
-{{- else if eq .Values.objectStorage.type "google" }}
-- name: GOOGLE_SERVICE_ACCOUNT
-  value: "/var/secrets/google/service-account.json"
-{{- end }}
-{{- end }}
-{{- end }}
-
 {{- define "influxdb3-enterprise.objectStoreSecretEnv" -}}
 {{- if eq .Values.objectStorage.type "s3" }}
   {{- if or .Values.objectStorage.s3.existingSecret (and .Values.objectStorage.s3.accessKeyId .Values.objectStorage.s3.secretAccessKey) }}
@@ -298,7 +155,7 @@ Object storage environment (shared across components)
 {{- end }}
 {{- end }}
 
-{{/*  
+{{/*
 License environment (shared across components)
 */}}
 {{- define "influxdb3-enterprise.licenseEnv" -}}
@@ -310,12 +167,9 @@ License environment (shared across components)
       name: {{ include "influxdb3-enterprise.licenseSecretName" . }}
       key: license-email
 {{- end }}
-{{- if .Values.license.file }}
+{{- if or .Values.license.file .Values.license.existingSecret }}
 - name: INFLUXDB3_ENTERPRISE_LICENSE_FILE
-  valueFrom:
-    secretKeyRef:
-      name: {{ include "influxdb3-enterprise.licenseSecretName" . }}
-      key: license-file
+  value: "/etc/influxdb/license"
 {{- end }}
 - name: INFLUXDB3_ENTERPRISE_LICENSE_TYPE
   value: {{ .Values.license.type | quote }}
@@ -373,9 +227,15 @@ Shared volume mounts (license/TLS/GCS and user extras)
   mountPath: /var/secrets/google
   readOnly: true
 {{- end }}
+{{- if and (eq .Values.objectStorage.type "s3") .Values.objectStorage.s3.credentialsFile }}
+- name: aws-credentials
+  mountPath: /etc/influxdb/aws
+  readOnly: true
+{{- end }}
 {{- if or .Values.license.file .Values.license.existingSecret }}
 - name: license
   mountPath: /etc/influxdb/license
+  subPath: license
   readOnly: true
 {{- end }}
 {{- if .Values.security.tls.enabled }}
@@ -405,6 +265,14 @@ Shared volumes (license/TLS/GCS and user extras)
       - key: service-account.json
         path: service-account.json
 {{- end }}
+{{- if and (eq .Values.objectStorage.type "s3") .Values.objectStorage.s3.credentialsFile }}
+- name: aws-credentials
+  secret:
+    secretName: {{ include "influxdb3-enterprise.fullname" . }}-aws-credentials
+    items:
+      - key: credentials
+        path: credentials
+{{- end }}
 {{- if or .Values.license.file .Values.license.existingSecret }}
 - name: license
   secret:

charts/influxdb3-enterprise/templates/compactor-statefulset.yaml

@@ -130,8 +130,6 @@ spec:
           {{- include "influxdb3-enterprise.probes" . | nindent 10 }}
           resources:
             {{- toYaml .Values.compactor.resources | nindent 12 }}
-          {{- if eq .Values.objectStorage.type "file" }}
-          {{- end }}
           volumeMounts:
             {{ include "influxdb3-enterprise.sharedVolumeMounts" . | nindent 12 }}
       {{- with .Values.compactor.nodeSelector }}

charts/influxdb3-enterprise/templates/configmap.yaml

@@ -1,3 +1,4 @@
+{{- include "influxdb3-enterprise.validateObjectStorageType" . }}
 apiVersion: v1
 kind: ConfigMap
 metadata:
@@ -74,6 +75,12 @@ data:
   {{- if .Values.objectStorage.s3.allowHttp }}
   AWS_ALLOW_HTTP: "true"
   {{- end }}
+  {{- if .Values.objectStorage.s3.skipSignature }}
+  AWS_SKIP_SIGNATURE: "true"
+  {{- end }}
+  {{- if .Values.objectStorage.s3.credentialsFile }}
+  AWS_CREDENTIALS_FILE: "/etc/influxdb/aws/credentials"
+  {{- end }}
   {{- end }}
   {{- if eq .Values.objectStorage.type "azure" }}
   {{- if .Values.objectStorage.azure.endpoint }}
@@ -174,28 +181,28 @@ data:
 
   # Tracing
   {{- with .Values.traces }}
-  INFLUXDB3_TRACES_EXPORTER: {{ .exporter | quote }}
+  TRACES_EXPORTER: {{ .exporter | quote }}
   {{- with .jaeger }}
   {{- if .agentHost }}
-  INFLUXDB3_TRACES_EXPORTER_JAEGER_AGENT_HOST: {{ .agentHost | quote }}
+  TRACES_EXPORTER_JAEGER_AGENT_HOST: {{ .agentHost | quote }}
   {{- end }}
   {{- if .agentPort }}
-  INFLUXDB3_TRACES_EXPORTER_JAEGER_AGENT_PORT: {{ .agentPort | quote }}
+  TRACES_EXPORTER_JAEGER_AGENT_PORT: {{ .agentPort | quote }}
   {{- end }}
   {{- if .serviceName }}
-  INFLUXDB3_TRACES_EXPORTER_JAEGER_SERVICE_NAME: {{ .serviceName | quote }}
+  TRACES_EXPORTER_JAEGER_SERVICE_NAME: {{ .serviceName | quote }}
   {{- end }}
   {{- if .traceContextHeaderName }}
-  INFLUXDB3_TRACES_EXPORTER_JAEGER_TRACE_CONTEXT_HEADER_NAME: {{ .traceContextHeaderName | quote }}
+  TRACES_EXPORTER_JAEGER_TRACE_CONTEXT_HEADER_NAME: {{ .traceContextHeaderName | quote }}
   {{- end }}
   {{- if .debugName }}
-  INFLUXDB3_TRACES_EXPORTER_JAEGER_DEBUG_NAME: {{ .debugName | quote }}
+  TRACES_EXPORTER_JAEGER_DEBUG_NAME: {{ .debugName | quote }}
   {{- end }}
   {{- if .tags }}
-  INFLUXDB3_TRACES_EXPORTER_JAEGER_TAGS: {{ .tags | quote }}
+  TRACES_EXPORTER_JAEGER_TAGS: {{ .tags | quote }}
   {{- end }}
   {{- if .maxMsgsPerSecond }}
-  INFLUXDB3_TRACES_JAEGER_MAX_MSGS_PER_SECOND: {{ .maxMsgsPerSecond | quote }}
+  TRACES_JAEGER_MAX_MSGS_PER_SECOND: {{ .maxMsgsPerSecond | quote }}
   {{- end }}
   {{- end }}
   {{- end }}

charts/influxdb3-enterprise/templates/ingress-query.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.ingress.enabled }}
+{{- if and .Values.ingress.enabled .Values.querier.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:

charts/influxdb3-enterprise/templates/ingress-write.yaml

@@ -1,4 +1,4 @@
-{{- if .Values.ingress.enabled }}
+{{- if and .Values.ingress.enabled .Values.ingester.enabled }}
 apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata: