Broadleaf provides base charts that enable deployment of various resources needed to support the entire Broadleaf ecosystem on Kubernetes using the Helm package manager.
These Helm charts are designed to be a lightweight way to configure Broadleaf’s demo Docker images and can be used as a baseline and example for deploying your specific flex package composition, which can vary based on your client-specific implementation.
We recommend that the Helm chart version is aligned to the corresponding Broadleaf Release Train version that you want to deploy. This will ensure that you are using a chart version that has been tested against the corresponding release train version of all the applicable services in the stack. This will also ensure that the documentation and examples for the chart will work with the version of the release, you are installing.
For example, if you want to deploy the full Microservices 1.7.x Release Train onto your cluster, use the corresponding 1.7.x chart tag.
Generally you can assume that the Features/Notable Changes and Bug Fixes that are applied to prior minor versions are also applied to the appropriate later versions (i.e. a change noted in 1.7.5 will in most cases be applicable and also applied to 1.8.x + etc…)
Added support for Broadleaf’s Fulfillment Microservice. More details can be found here (https://developer.broadleafcommerce.com/services/fulfillment-services)
Bumped the Admin Gateway version from 1.4.7-GA to 1.4.10-GA
Bumped the Commerce Gateway version from 1.4.7-GA to 1.4.10-GA
Updated charts with deprecated Kubernetes API definitions (to support K8 cluster versions of 1.25+). This included the following resources: solr: poddisruptionbudget, zookeeper: poddisruptionbudget, psp-default: podsecuritypolicy, psp-permissive: podsecuritypolicy. These resources previously defined the apiVersion: policy/v1beta1 and has now been updated to be apiVersion: policy/v1
Note that this release contains important version updates which will impact the following charts. If you do not wish to undergo this upgrade, be sure to override these versions for your specific implementation going forward.
solr: repository.broadleafcommerce.com:5001/broadleaf/docker-solr
changed broadleaf solr version from: 1.5.2-GA → 1.7.0-GA
note: this advanced the base docker image from solr:8.3.1-slim to solr:9.2.0
note: advancing to solr 9.2.0 required updates to all solrconfig.xml files which will need to be re-"up-config" to Zookeeper
solr-exporter : solr
changed solr version from: 8.2-slim → 9.2.0
added a check-zk init container to validate connectivity to Zookeeper
added readiness and liveness probes
Added an elasticAPM block to admingateway, commercegateway, and auth. For these services, it adds a volume, volume mount, and initContainer to load and run the Elastic APM Java agent. It also provided environment variables to do some needed configuration of the agent. The new helm values and their defaults are below. Note that imageVersion is only used by Java services and serviceName defaults to the appropriate service name.
elasticAPM:
enabled: false
imageVersion: 1.36.0
serviceName: <service>
logLevel: INFO
secret:
secretName: elastic-apm-server-credentials
serverUrlKey: elasticApmServerSchemeHostPort
secretTokenKey: elasticApmServerSecretTokenWhitelisted the 4WL (4 letter word) commands for Zookeeper. Both Solr monitoring of the Zookeeper status as well as Kubernetes health probes make use of these commands. The key change was adding a new Java "-D" runtime argument to the helm values.yaml to enabled this feature:
heapOptions: "-Xms512M -Xmx512M -Dzookeeper.4lw.commands.whitelist=mntr,conf,ruok"
Added the ability to enable and define standard health probes. As with other probes, any valid probe definition can be added within a spec: block. When enabled, defaults will be used unless specifically overridden. The following is the default probe definition. Note that the spec: block should NOT define the probe type (eg. startupProbe):
startupProbe:
enabled: false
spec:
exec:
command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 127.0.0.1 2181 | grep imok']
initialDelaySeconds: 15
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
livenessProbe:
enabled: false
spec:
exec:
command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 127.0.0.1 2181 | grep imok']
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
readinessProbe:
enabled: false
spec:
exec:
command: ['/bin/bash', '-c', 'echo "ruok" | nc -w 2 -q 2 127.0.0.1 2181 | grep imok']
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1Added an elasticAPM block to all flex-* charts, commerceweb, and adminweb. For the Java services, it adds a volume, volume mount, and initContainer to load and run the Elastic APM Java agent. It also provided environment variables to do some needed configuration of the agent. For Node services, it only adds the environment variables and depends on the service image having the APM agent within it and set to run on application start. The new helm values and their defaults are below. Note that imageVersion is only used by Java services and serviceName defaults to the appropriate service name.
elasticAPM:
enabled: false
imageVersion: 1.36.0
serviceName: Asset
logLevel: INFO
secret:
secretName: elastic-apm-server-credentials
serverUrlKey: elasticApmServerSchemeHostPort
secretTokenKey: elasticApmServerSecretTokenRefactored startupProbe, readinessProbe, and livenessProbe to allow for complete definition of the specification of the probe. Any valid probe definition can be added within a spec: block.
The following is an example of a specification for a given set of probes. The specification in this example uses httpGet but any valid type can be specified. Note that the spec: block should NOT define the probe type (eg. startupProbe):
startupProbe:
enabled: false
spec:
httpGet:
path: /actuator/health/liveness
port: 10000
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 12
livenessProbe:
enabled: false
spec:
httpGet:
path: /actuator/health/liveness
port: 10000
initialDelaySeconds: 0
periodSeconds: 15
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 4
readinessProbe:
enabled: false
spec:
httpGet:
path: /actuator/health/readiness
port: 10000
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 12Added startupProbe, readinessProbe, and livenessProbe blocks to the primary application Chart for:
auth, admingateway, adminweb, commercegateway, commerceweb
flex-balanced-*, flex-granular-*
Probes have not been added to the min flex package
The following defaults are provided for granular (standalone) services
startupProbe:
enabled: false
path: /actuator/health/liveness
port: 10000
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 12
livenessProbe:
enabled: false
path: /actuator/health/liveness
port: 10000
initialDelaySeconds: 0
periodSeconds: 15
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 4
readinessProbe:
enabled: false
path: /actuator/health/readiness
port: 10000
initialDelaySeconds: 0
periodSeconds: 5
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 12The following defaults are provided for balanced services. The startupProbe.initialDelaySeconds and the extended failureThreshold provides support for the balanced flex package startup dependencies.
startupProbe:
enabled: false
path: /actuator/health/liveness
port: 10000
initialDelaySeconds: 60
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 60
livenessProbe:
enabled: false
path: /actuator/health/liveness
port: 10000
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6
readinessProbe:
enabled: false
path: /actuator/health/readiness
port: 10000
initialDelaySeconds: 0
periodSeconds: 10
timeoutSeconds: 5
successThreshold: 1
failureThreshold: 6Set the "fsGroup": 1000 property in the zookeeper chart as the default image defaults to a user and group 1000 (#81)
Fix the BROADLEAF_AUTH_SECURITY_PKCE_ENABLED ENV variable in the auth chart as it was incorrectly gated by the .Values.seedDataLoad.enabled property (#87)
Move the deploymentStrategy value from the pod specification block to the deployment specification block. Add deploymentStrategy to admingateway, adminweb, auth, commercegateway, and commerceweb (#88)
Removed the previously required BROADLEAF_TENANT_LIQUIBASE_CHANGELOG ENV property in the flex-balanced-supporting, flex-granular-tenant, and flex-min-core charts. Going forward this should be specified in your extraEnvs if applicable for your implementation (#62)
Fix the flex-granular-content chart to apply default chart configurability options: i.e. podSecurityContext and jaegerAgentSidecar etc…
Ability to override default Chart name by specifying appContainerName - applies to most charts (#66)
Enable PKCE by default on the adminweb chart. This introduces the following ENV properties: VITE_ENABLE_DEV_SETTINGS and VITE_ENABLE_PKCE (#73)
Enable PKCE by default on the auth chart. This introduces the following ENV property: BROADLEAF_AUTH_SECURITY_PKCE_ENABLED which defaults to true. (#73)
Ability to optionally enable/disable the SPRING_DATASOURCE_URL and SPRING_DATASOURCE_USERNAME ENV properties in the auth chart using the property datasource.enabled
Add support for SSL database connections using the property: db.sslCertificates.enabled and db.sslCertificates.secretName which mounts the following default path: /etc/db-ssl-certs. This applies to all charts with DB connectivity (e.g. auth and all flex-* charts). (#58)
Make the following ENV properties optional: BROADLEAF_COMPOSITE_DATASOURCE_URL, BROADLEAF_COMPOSITE_DATASOURCE_USERNAME, and BROADLEAF_COMPOSITE_DATASOURCE_PASSWORD - this applies to all flex-* charts using the property: compositedatasource.enabled which is defaulted to true
Optionally enable a debug port using the debug.enabled and debug.port properties. Debug is set to false by default and is applicable to the flex-* charts.
The introduction of the following ENV properties: BROADLEAF_CARTOPERATION_CREDITACCOUNTPROVIDER_URL, BROADLEAF_STORE_CREDIT_CREDITACCOUNTPROVIDER_URL, BROADLEAF_CARTOPERATION_CUSTOMERPROVIDER_URL, and SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_STORECREDITCLIENT_TOKENURI in the flex-balanced-cart chart (CreditAccountServices#9)
The introduction of the following ENV properties: BROADLEAF_CARTOPERATION_CREDITACCOUNTPROVIDER_URL and BROADLEAF_CARTOPERATION_CUSTOMERPROVIDER_URL in the flex-granular-cartops chart (CreditAccountServices#9)
The introduction of the following ENV properties: SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_STORECREDITCLIENT_TOKENURI and BROADLEAF_STORE_CREDIT_CREDITACCOUNTPROVIDER_URL in the flex-granular-paymenttransaction chart (CreditAccountServices#9)
The introduction of the following ENV properties: BROADLEAF_CARTOPERATION_CREDITACCOUNTPROVIDER_URL, BROADLEAF_STORE_CREDIT_CREDITACCOUNTPROVIDER_URL, BROADLEAF_CARTOPERATION_CUSTOMERPROVIDER_URL and SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_STORECREDITCLIENT_TOKENURI to the flex-min-core chart (CreditAccountServices#9)
Introduce the flex-granular-creditaccount chart (CreditAccountServices#9)
Adding the default BROADLEAF_GATEWAY_PROXYURLS_CREDITACCOUNT value to flex-balanced-routes-env, flex-granular-routes-env, and flex-min-routes-env charts (CreditAccountServices#9)
Adding an optional block where users can specify a "strategy" for the deployment using the deploymentStrategy property. Applies to all flex-* charts. (MPM#3509)
Enhanced the Zookeeper cart to enable 4WL commands and added standard health probes. See Version 1.8.4 Release Notes for details for this feature.
Refactored startupProbe, readinessProbe, and livenessProbe to allow for complete definition of the specification of the probe. Any valid probe definition can be added within a spec: block. See Version 1.8.3 Release Notes for details for this feature.
Added startupProbe, readinessProbe, and livenessProbe blocks to the primary application Chart - See Version 1.8.2 Release Notes for details for this feature.
Added an elasticAPM block to all flex-* charts, commerceweb, and adminweb. For the Java services, it adds a volume, volume mount, and initContainer to load and run the Elastic APM Java agent. It also provided environment variables to do some needed configuration of the agent. For Node services, it only adds the environment variables and depends on the service image having the APM agent within it and set to run on application start. The new helm values and their defaults are below. Note that imageVersion is only used by Java services and serviceName defaults to the appropriate service name.
elasticAPM:
enabled: false
imageVersion: 1.36.0
serviceName: Asset
logLevel: INFO
secret:
secretName: elastic-apm-server-credentials
serverUrlKey: elasticApmServerSchemeHostPort
secretTokenKey: elasticApmServerSecretTokenUpdate MANAGEMENT_ENDPOINTS_WEB_EXPOSURE_INCLUDE to include the health actuator endpoint. This impacts the flex-balanced-common-env, flex-granular-common-env, and flex-min-common-env Config Map charts. (MPM#3544)
Remove BROADLEAFDEMO_ACTUATOR_ANONYMOUS from being explicitly defined in the base Config Map charts - impacts flex-balanced-common-env, flex-granular-common-env, and flex-min-common-env. Going forward, you can specify your implementation-specific property override in your umbrella chart or specifically in your application. (#85)
Ability to override resources definitions (e.g. cpu and memory requests and limits) on several supporting service charts: job-zk-upconfig, kafka, openapi-ui, solr, zookeeper, job-solr-create-collections (#54)
Ability to override resources definitions (e.g. cpu and memory requests and limits) for kafka - checkZK (initContainer) and zookeeper - jmx (init container)
Updated the default confluentinc/cp-zookeeper image tag from 5.5.0 to 7.2.1
Updated the default confluentinc/cp-kafka image tag from 7.0.0 to 7.2.1
Move the BROADLEAF_ADMINUSER_AUTHPROPERTIES_AUTHURI ENV property out of the .Values.seedDataLoad.enabled check - impacts flex-balanced-supporting and flex-granular-adminuser charts (#43)
Update the BROADLEAF_CARTOPERATION_CATALOGPROVIDER_URL ENV property default value to be BROADLEAF_GATEWAY_PROXYURLS_CATALOGBROWSE - impacts flex-min-core, flex-granular-cartops, and flex-balanced-cart charts (#50)
Add ContentServices to support the 1.7.2 RT (MPM#2679)
Update default docker image tag for adminweb (MPM#2819)
Remove default user security contexts in the admingateway and commercegateway charts to match the defaults in the flex-package charts
Remove the cors spring active profile as a default for the commercegateway (#40)
Update the default tag for admingateway and commercegateway
Allow overriding of default busybox and curl image for the check-zk and check-solr initContainer (#23)
Allow Security Context Overrides. If you would like to override the default podSecurityContext or the containerSecurityContext, you can define the respective overrides: podSecurityContextCustom, and containerSecurityContextCustom (#27)
Ability to override image, imageTag, and imagePullSecrets for solr-exporter (#32)
Ability to specify additional annotations for the blc-assets-pvc resource (#32)
Ability to override imagePullSecretes for kafka and zookeeper (#36)
Ability to override backOffLimit for job-zk-upconfig and job-solr-create-collections (#36)
Ability to specify podAnnotations for the flex-balanced-processing and flex-balanced-supporting charts (#38)