Merge branch 'master' into customerDeploymentID

charts/pega/README.md

@@ -1167,7 +1167,7 @@ Parameter   | Description   | Default value
 `service.tls.traefik.insecureSkipVerify` | Set to `true` to skip verifying the certificate; do this in cases where you do not need a valid root/CA certificate but want to encrypt load balancer traffic. Leave the setting to `false` to both verify the certificate and encrypt load balancer traffic. | `false`
 
 ##### Important Points to note
-- By default, Pega provides a self-signed keystore and a custom root/CA certificate in Helm chart version `2.2.0`. To use the default keystore and CA certificate, leave the parameters service.tls.keystore, service.tls.keystorepassword and service.tls.cacertificate empty.
+- By default, Pega provides a self-signed keystore and a custom root/CA certificate in Helm chart version `2.2.0`. To use the default keystore and CA certificate, leave the parameters service.tls.keystore, service.tls.keystorepassword and service.tls.cacertificate empty. The default keystore and CA certificate expire on 25/12/2025.
 - To enable SSL, you must either provide a keystore with a keystorepassword or certificate, certificatekey and cacertificate files in PEM format. If you do not provide either, the deployment implements SSL by passing a Pega-provided default self-signed keystore and a custom root/CA certificate to the Pega web nodes.
 - The CA certificate can be issued by any valid Certificate Authorities or you can also use a self-created CA certificate with proper chaining.
 - To avoid exposing your certificates, you can use external secrets to manage your certificates. Pega also supports specifying the certificate files using the certificate parameters in the Pega values.yaml. To pass the files using these parameters, you must encode the certificate files using base64 and then enter the string output into the appropriate certificate parameter.

charts/pega/charts/hazelcast/values.yaml

@@ -39,7 +39,8 @@ client:
 # Server side settings for Hazelcast
 server:
   java_opts: "-XX:MaxRAMPercentage=80.0 -XX:InitialRAMPercentage=80.0 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/hazelcast/logs/heapdump.hprof
-  -XX:+UseParallelGC -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m -XshowSettings:vm"
+   -XX:+UseG1GC -XX:NewRatio=3 -XshowSettings:vm -XX:InitiatingHeapOccupancyPercent=45
+   -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m"
   jmx_enabled: "true"
   health_monitoring_level: "OFF"
   operation_generic_thread_count: ""

charts/pega/charts/installer/templates/_pega-installer-job.tpl

@@ -63,6 +63,9 @@ spec:
           {{- $d := dict "deploySecret" "deployDBSecret" "deployNonExtsecret" "deployNonExtDBSecret" "extSecretName" .root.Values.global.jdbc.external_secret_name "nonExtSecretName" "pega-db-secret-name" "context" .root  -}}
           {{ include "secretResolver" $d | indent 10}}
 
+          {{- $artifactoryDict := dict "deploySecret" "deployArtifactorySecret" "deployNonExtsecret" "deployNonExtArtifactorySecret" "extSecretName" .root.Values.global.customArtifactory.authentication.external_secret_name "nonExtSecretName" "pega-custom-artifactory-secret-name" "context" .root -}}
+          {{ include "secretResolver" $artifactoryDict | indent 10}}
+
           # Fix it, Below peace of code always uses secret created from hz username & password. It cannot resolve hz external secret due to helm sub chart limitations. Modify it once hazelcast deployment is isolated.
           {{- if ( eq .root.Values.upgrade.isHazelcastClientServer "true" ) }}
           - secret:

charts/pega/config/certs/pegaca.crt

@@ -1,13 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIB+DCCAZ8CFG8/fDwY/1tqXeTTzOkWL1mZ2wO3MAoGCCqGSM49BAMCMH8xCzAJ
-BgNVBAYTAlVTMRYwFAYDVQQIDA1NYXNzYWNodXNldHRzMRIwEAYDVQQHDAlDYW1i
-cmlkZ2UxGDAWBgNVBAoMD1BlZ2FzeXN0ZW1zIEluYzEZMBcGA1UECwwQQ2xvdWRF
-bmdpbmVlcmluZzEPMA0GA1UEAwwGcGVnYWNhMB4XDTIyMDUyNDExMDYzM1oXDTIz
-MDUyNDExMDYzM1owfzELMAkGA1UEBhMCVVMxFjAUBgNVBAgMDU1hc3NhY2h1c2V0
-dHMxEjAQBgNVBAcMCUNhbWJyaWRnZTEYMBYGA1UECgwPUGVnYXN5c3RlbXMgSW5j
-MRkwFwYDVQQLDBBDbG91ZEVuZ2luZWVyaW5nMQ8wDQYDVQQDDAZwZWdhY2EwWTAT
-BgcqhkjOPQIBBggqhkjOPQMBBwNCAASk58j/K3IzPUnsQxSrQ0LgstNaefjUneFa
-ewnBu1m2mMIIy1yEq66cai/o+95w0rzeHoaAhklxN9p3l2GIHbTwMAoGCCqGSM49
-BAMCA0cAMEQCIGHZKwtq7j7Avnq+0XakpFM6HNTBqLDCsWaegh379hElAiApObu8
-eLrNeUHdLylqMQ4dG/jSz17ovhOwgBu9A72dog==
+MIIDgTCCAmmgAwIBAgIEbZW6yjANBgkqhkiG9w0BAQsFADBxMQswCQYDVQQGEwJJ
+TjESMBAGA1UECBMJVGVsYW5nYW5hMRIwEAYDVQQHEwlIeWRlcmFiYWQxFDASBgNV
+BAoTC1BlZ2FzeXN0ZW1zMQ0wCwYDVQQLEwRQZWdhMRUwEwYDVQQDEwxQZWdhIFN5
+c3RlbXMwHhcNMjMxMjI2MTIxMDE2WhcNMjUxMjI1MTIxMDE2WjBxMQswCQYDVQQG
+EwJJTjESMBAGA1UECBMJVGVsYW5nYW5hMRIwEAYDVQQHEwlIeWRlcmFiYWQxFDAS
+BgNVBAoTC1BlZ2FzeXN0ZW1zMQ0wCwYDVQQLEwRQZWdhMRUwEwYDVQQDEwxQZWdh
+IFN5c3RlbXMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCsATXTQFvw
+NQtJwHPZRiCCdniD+416heVzdPT5LKLzRouiFKoq9mu449nQAzYDtYhpHhlDmgMO
+hICthhNCO2d0OWN3mJatrI9d2F8N0iJD5YH+MyaEdDZzGg/eOAVredrLxQ+jf0FY
+CtKxfPdRepdz2QfVs6O0wMDGusEH0uY9GSDnJT85sdTbbALTq+AJJGZhV9cAu3BF
+BLbx2RR4V5G9NjvkjaiZQFGrBOlvm7sRhhgDAWvZu4dMspeum/dDUkHu1nIjFuXx
+Jsg9ERUvmQWD3Xocs1wSACW41IL+OkMZ5awKSUgxpktoIXm+TZW4+uKVndGn0RSo
+TKktJuT+yD5FAgMBAAGjITAfMB0GA1UdDgQWBBRVJZ0CLMWYWSw7LuEGnLUTx3MN
+CzANBgkqhkiG9w0BAQsFAAOCAQEAKWSg7en7tHfOFlN1Ae0cZk1DHW9y8OwFpmrM
+zgGjkM03VZHPh9orF++evFKcF2EyBKK34xD5CNEUH+WUAxe+vf6+u0Z/6Ru3Zhhs
+3POKnUFoWqzioBJOXlz1xmtbhvjT1waZd2Lg0a1yhsk2fRIYk/vpIUqbWtMrporE
+nyUsR7NOeMrj5pQiu8SpX3OgtKhVhkdG46wS9SnkpPLOOGyEyQ8ou9j/gG97Mzpz
+jH4dmMoYc4YDMw0aLFIDHoINqA9fHZznGLXnkO959r9cWGDqUZH/tSyYE5Qy5D7w
+6fT429bmovOShexqCRrzLciDPqdg7X5/YWAXXuGJlM0JYO4giQ==
 -----END CERTIFICATE-----

docs/Deploying-Pega-on-EKS.md

@@ -8,6 +8,10 @@ Pega helps enterprises and agencies quickly build business apps that deliver the
 
 Create a deployment of Pega Platform on which you can implement a scalable Pega application in a EKS cluster. You can use this deployment for a Pega Platform development environment. By completing these procedures, you deploy Pega Platform on a EKS cluster with a Amazon RDS database instance and two clustered virtual machines (VMs).
 
+*The following diagram shows how Pega Infinity 8.7 can be deployed on AWS with EKS*
+![Overview of EKS Pega Deployment](media/deploying-pega-on-eks.png)
+
+
 ## Deployment process overview
 
 Use Kubernetes tools and the customized orchestration tools and Docker images to orchestrate a deployment in a EKS cluster that you create for the deployment:

terratest/src/test/pega/clustering-service-environment-config_test.go

@@ -49,7 +49,7 @@ func VerifyClusteringServiceEnvironmentConfig(t *testing.T, yamlContent string,
 			UnmarshalK8SYaml(t, statefulInfo, &clusteringServiceEnvConfigMap)
 			clusteringServiceEnvConfigData := clusteringServiceEnvConfigMap.Data
 			require.Equal(t, clusteringServiceEnvConfigData["NAMESPACE"], "default")
-			require.Equal(t, clusteringServiceEnvConfigData["JAVA_OPTS"], "-XX:MaxRAMPercentage=80.0 -XX:InitialRAMPercentage=80.0 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/hazelcast/logs/heapdump.hprof -XX:+UseParallelGC -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m -XshowSettings:vm")
+			require.Equal(t, clusteringServiceEnvConfigData["JAVA_OPTS"], "-XX:MaxRAMPercentage=80.0 -XX:InitialRAMPercentage=80.0 -XX:+HeapDumpOnOutOfMemoryError -XX:HeapDumpPath=/opt/hazelcast/logs/heapdump.hprof -XX:+UseG1GC -XX:NewRatio=3 -XshowSettings:vm -XX:InitiatingHeapOccupancyPercent=45 -Xlog:gc*,gc+phases=debug:file=/opt/hazelcast/logs/gc.log:time,pid,tags:filecount=5,filesize=3m")
 			require.Equal(t, clusteringServiceEnvConfigData["SERVICE_NAME"], "clusteringservice-service")
 			require.Equal(t, clusteringServiceEnvConfigData["MIN_CLUSTER_SIZE"], "3")
             require.Equal(t, clusteringServiceEnvConfigData["JMX_ENABLED"], "true")

terratest/src/test/pega/pega-installer-job_test.go

@@ -19,6 +19,7 @@ type pegaDbJob struct {
 }
 
 var volDefaultMode int32 = 420
+var customArtifactorySecret = "artifactory_secret"
 var volDefaultModePointer = &volDefaultMode
 
 func TestPegaInstallerJob(t *testing.T) {
@@ -36,11 +37,12 @@ func TestPegaInstallerJob(t *testing.T) {
 				for _, pullPolicy := range imagePullPolicy {
 					var options = &helm.Options{
 						SetValues: map[string]string{
-							"global.deployment.name":        depName,
-							"global.provider":               vendor,
-							"global.actions.execute":        operation,
-							"installer.imagePullPolicy":     pullPolicy,
-							"installer.upgrade.upgradeType": "zero-downtime",
+							"global.deployment.name": depName,
+							"global.provider":        vendor,
+							"global.actions.execute": operation,
+							"global.customArtifactory.authentication.external_secret_name": customArtifactorySecret,
+							"installer.imagePullPolicy":                                    pullPolicy,
+							"installer.upgrade.upgradeType":                                "zero-downtime",
 						},
 					}
 					yamlContent := RenderTemplate(t, options, helmChartPath, []string{"charts/installer/templates/pega-installer-job.yaml"})
@@ -114,6 +116,7 @@ func assertJob(t *testing.T, jobYaml string, expectedJob pegaDbJob, options *hel
 
 	require.Equal(t, jobSpec.Volumes[0].Name, "pega-installer-credentials-volume")
 	require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[0].Secret.Name, getObjName(options, "-db-secret"))
+	require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.Sources[1].Secret.Name, customArtifactorySecret)
 	require.Equal(t, jobSpec.Volumes[0].VolumeSource.Projected.DefaultMode, volDefaultModePointer)
 	require.Equal(t, jobSpec.Volumes[1].Name, "pega-volume-installer")
 	if jobSpec.Volumes[1].VolumeSource.ConfigMap.LocalObjectReference.Name == "pega-install-config" {