From 3cf9d169dad6118ed5f36fb887d646acb3284d7c Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Tue, 1 Apr 2025 12:42:28 +0200
Subject: [PATCH] WIP
Signed-off-by: Martin Weise <martin.weise@tuwien.ac.at>
---
helm/dbrepo/Chart.yaml | 4 +-
.../dbrepo/templates/dashboard-configmap.yaml | 11 -
.../templates/dashboard-deployment.yaml | 77 +++++++
helm/dbrepo/templates/dashboard-secret.yaml | 56 +----
.../dashboard-ui-prov-datasources-secret.yaml | 33 +++
.../dbrepo/templates/dashboard-ui-secret.yaml | 58 ++++++
helm/dbrepo/templates/identity-secret.yaml | 12 +-
helm/dbrepo/templates/metadata-configmap.yaml | 7 +-
helm/dbrepo/values.yaml | 197 ++++++++----------
make/rel.mk | 10 +-
10 files changed, 283 insertions(+), 182 deletions(-)
delete mode 100644 helm/dbrepo/templates/dashboard-configmap.yaml
create mode 100644 helm/dbrepo/templates/dashboard-deployment.yaml
create mode 100644 helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml
create mode 100644 helm/dbrepo/templates/dashboard-ui-secret.yaml
diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml
index 44a31bde0d..7b5f38ac5d 100644
--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -48,10 +48,10 @@ dependencies:
repository: file://../seaweedfs
condition: storageservice.enabled
- name: grafana
- alias: dashboardservice
+ alias: dashboardui
version: 11.4.2
repository: https://charts.bitnami.com/bitnami
- condition: dashboardservice.enabled
+ condition: dashboardui.enabled
- name: prometheus
alias: metricdb
version: 1.3.22
diff --git a/helm/dbrepo/templates/dashboard-configmap.yaml b/helm/dbrepo/templates/dashboard-configmap.yaml
deleted file mode 100644
index 9643f539d2..0000000000
--- a/helm/dbrepo/templates/dashboard-configmap.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-{{- if .Values.dashboardservice.enabled }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: dashboard-service-config
- namespace: {{ include "common.names.namespace" . | quote }}
-data:
- {{ (.Files.Glob "files/system.json").AsConfig | nindent 2 }}
- {{ (.Files.Glob "files/rabbitmq.json").AsConfig | nindent 2 }}
- {{ (.Files.Glob "files/mariadb.json").AsConfig | nindent 2 }}
-{{- end }}
\ No newline at end of file
diff --git a/helm/dbrepo/templates/dashboard-deployment.yaml b/helm/dbrepo/templates/dashboard-deployment.yaml
new file mode 100644
index 0000000000..f2c1a6fff1
--- /dev/null
+++ b/helm/dbrepo/templates/dashboard-deployment.yaml
@@ -0,0 +1,77 @@
+{{- if .Values.dashboardservice.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: dashboard-service
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels:
+ app: dashboard-service
+ service: dashboard-service
+spec:
+ replicas: {{ .Values.dashboardservice.replicaCount }}
+ strategy:
+ type: {{ .Values.strategyType }}
+ selector:
+ matchLabels:
+ app: dashboard-service
+ service: dashboard-service
+ template:
+ metadata:
+ labels:
+ app: dashboard-service
+ service: dashboard-service
+ spec:
+ {{- if .Values.dashboardservice.podSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboardservice.podSecurityContext "context" $) | nindent 8 }}
+ {{- end }}
+ initContainers:
+ - name: init
+ image: {{ .Values.dashboardservice.init.image.name }}
+ imagePullPolicy: {{ .Values.dashboardservice.init.image.pullPolicy | default "IfNotPresent" }}
+ {{- if .Values.dashboardservice.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboardservice.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ envFrom:
+ - secretRef:
+ name: dashboard-service-secret
+ {{- if .Values.dashboardservice.init.resources }}
+ resources: {{- toYaml .Values.dashboardservice.init.resources | nindent 12 }}
+ {{- else if ne .Values.dashboardservice.init.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.dashboardservice.init.resourcesPreset) | nindent 12 }}
+ {{- end }}
+ containers:
+ - name: dashboard-service
+ image: {{ .Values.dashboardservice.image.name }}
+ imagePullPolicy: {{ .Values.dashboardservice.image.pullPolicy | default "IfNotPresent" }}
+ {{- if .Values.dashboardservice.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.dashboardservice.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ ports:
+ - containerPort: 8080
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: dashboard-service-secret
+ livenessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -ec
+ - "curl -sSL localhost:8080/health | grep 'UP' || exit 1"
+ initialDelaySeconds: 150
+ periodSeconds: 10
+ readinessProbe:
+ exec:
+ command:
+ - /bin/bash
+ - -ec
+ - "curl -sSL localhost:8080/health | grep 'UP' || exit 1"
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ {{- if .Values.dashboardservice.resources }}
+ resources: {{- toYaml .Values.dashboardservice.resources | nindent 12 }}
+ {{- else if ne .Values.dashboardservice.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.dashboardservice.resourcesPreset) | nindent 12 }}
+ {{- end }}
+{{- end }}
diff --git a/helm/dbrepo/templates/dashboard-secret.yaml b/helm/dbrepo/templates/dashboard-secret.yaml
index 7fdb1fed8d..e01e30f77e 100644
--- a/helm/dbrepo/templates/dashboard-secret.yaml
+++ b/helm/dbrepo/templates/dashboard-secret.yaml
@@ -6,53 +6,11 @@ metadata:
name: dashboard-service-secret
namespace: {{ include "common.names.namespace" . | quote }}
stringData:
- GF_SERVER_PROTOCOL: "http"
- GF_SERVER_DOMAIN: "{{ .Values.hostname }}"
- GF_SERVER_ROOT_URL: "https://%(domain)s/dashboard/"
- GF_AUTH_ANONYMOUS_ENABLED: "true"
- GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer"
- GF_SERVER_SERVE_FROM_SUB_PATH: "true"
- GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: "true"
- LDAP_ADMIN_USERNAME: "{{ .Values.identityservice.global.adminUser }}"
- LDAP_ADMIN_PASSWORD: "{{ .Values.identityservice.global.adminPassword }}"
- LDAP_ROOT: "{{ .Values.identityservice.global.ldapDomain }}"
- ldap.toml: |
- [[servers]]
- host = "identity-service"
- port = 389
- use_ssl = false
-
- # Search user bind dn
- bind_dn = "cn=${LDAP_ADMIN_USERNAME},${LDAP_ROOT}"
- bind_password = "${LDAP_ADMIN_PASSWORD}"
-
- # Timeout in seconds. Applies to each host specified in the 'host' entry (space separated).
- timeout = 10
-
- # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
- # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
- search_filter = "(cn=%s)"
-
- # An array of base dns to search through
- search_base_dns = ["${LDAP_ROOT}"]
-
- group_search_base_dns = ["ou=users,${LDAP_ROOT}"]
- group_search_filter = "(&(objectClass=groupOfNames)(member=cn=%s,ou=users,${LDAP_ROOT}))"
- group_search_filter_user_attribute = "uid"
-
- [servers.attributes]
- name = "givenName"
- surname = "sn"
- username = "cn"
- member_of = "member"
- email = "email"
-
- [[servers.group_mappings]]
- group_dn = "cn=${LDAP_ADMIN_USERNAME},ou=users,${LDAP_ROOT}"
- org_role = "Admin"
- grafana_admin = true
-
- [[servers.group_mappings]]
- group_dn = "*"
- org_role = "Viewer"
+ AUTH_SERVICE_ADMIN: "{{ .Values.authservice.auth.adminUser }}"
+ AUTH_SERVICE_ADMIN_PASSWORD: "{{ .Values.authservice.auth.adminPassword }}"
+ AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}"
+ BASE_URL: "{{ .Values.gateway }}"
+ DASHBOARD_UI_ENDPOINT: "{{ .Values.dashboardui.endpoint }}"
+ SYSTEM_USERNAME: "{{ .Values.identityservice.users }}"
+ SYSTEM_PASSWORD: "{{ .Values.identityservice.userPasswords }}"
{{- end }}
diff --git a/helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml b/helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml
new file mode 100644
index 0000000000..2d10baefd2
--- /dev/null
+++ b/helm/dbrepo/templates/dashboard-ui-prov-datasources-secret.yaml
@@ -0,0 +1,33 @@
+{{- if .Values.dashboardui.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: dashboard-ui-prov-datasources-secret
+ namespace: {{ include "common.names.namespace" . | quote }}
+stringData:
+ infinity.yaml: |-
+ apiVersion: 1
+ datasources:
+ - name: dbrepo-json
+ uid: dbrepojson0
+ type: yesoreyeram-infinity-datasource
+ basicAuth: true
+ basicAuthUser: {{ .Values.datadb.db.user }}
+ url: {{ .Values.gateway }}
+ jsonData:
+ auth_method: 'basicAuth'
+ httpHeaderName1: Accept
+ allowedHosts:
+ - '{{ .Values.gateway }}'
+ secureJsonData:
+ basicAuthPassword: {{ .Values.datadb.db.password }}
+ httpHeaderValue1: application/json
+ prometheus.yaml: |-
+ apiVersion: 1
+ datasources:
+ - name: dbrepo-metrics
+ type: prometheus
+ uid: dbrepometrics0
+ url: {{ .Values.metricdb.endpoint }}
+{{- end }}
diff --git a/helm/dbrepo/templates/dashboard-ui-secret.yaml b/helm/dbrepo/templates/dashboard-ui-secret.yaml
new file mode 100644
index 0000000000..0816c69637
--- /dev/null
+++ b/helm/dbrepo/templates/dashboard-ui-secret.yaml
@@ -0,0 +1,58 @@
+{{- if .Values.dashboardui.enabled }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+ name: dashboard-ui-secret
+ namespace: {{ include "common.names.namespace" . | quote }}
+stringData:
+ GF_SERVER_PROTOCOL: "http"
+ GF_SERVER_DOMAIN: "{{ .Values.hostname }}"
+ GF_SERVER_ROOT_URL: "https://%(domain)s/dashboard/"
+ GF_AUTH_ANONYMOUS_ENABLED: "true"
+ GF_AUTH_ANONYMOUS_ORG_ROLE: "Viewer"
+ GF_SERVER_SERVE_FROM_SUB_PATH: "true"
+ GF_SECURITY_DISABLE_INITIAL_ADMIN_CREATION: "true"
+ LDAP_ADMIN_USERNAME: "{{ .Values.identityservice.global.adminUser }}"
+ LDAP_ADMIN_PASSWORD: "{{ .Values.identityservice.global.adminPassword }}"
+ LDAP_ROOT: "{{ .Values.identityservice.global.ldapDomain }}"
+ ldap.toml: |
+ [[servers]]
+ host = "identity-service"
+ port = 389
+ use_ssl = false
+
+ # Search user bind dn
+ bind_dn = "cn=${LDAP_ADMIN_USERNAME},${LDAP_ROOT}"
+ bind_password = "${LDAP_ADMIN_PASSWORD}"
+
+ # Timeout in seconds. Applies to each host specified in the 'host' entry (space separated).
+ timeout = 10
+
+ # User search filter, for example "(cn=%s)" or "(sAMAccountName=%s)" or "(uid=%s)"
+ # Allow login from email or username, example "(|(sAMAccountName=%s)(userPrincipalName=%s))"
+ search_filter = "(uid=%s)"
+
+ # An array of base dns to search through
+ search_base_dns = ["${LDAP_ROOT}"]
+
+ group_search_base_dns = ["ou=users,${LDAP_ROOT}"]
+ group_search_filter = "(&(objectClass=groupOfNames)(member=cn=%s,ou=users,${LDAP_ROOT}))"
+ group_search_filter_user_attribute = "uid"
+
+ [servers.attributes]
+ name = "cn"
+ surname = "sn"
+ username = "uid"
+ member_of = "member"
+ email = "mail"
+
+ [[servers.group_mappings]]
+ group_dn = "cn=${LDAP_ADMIN_USERNAME},ou=users,${LDAP_ROOT}"
+ org_role = "Admin"
+ grafana_admin = true
+
+ [[servers.group_mappings]]
+ group_dn = "*"
+ org_role = "Viewer"
+{{- end }}
diff --git a/helm/dbrepo/templates/identity-secret.yaml b/helm/dbrepo/templates/identity-secret.yaml
index e395bad11e..b2eeb25d3c 100644
--- a/helm/dbrepo/templates/identity-secret.yaml
+++ b/helm/dbrepo/templates/identity-secret.yaml
@@ -6,11 +6,11 @@ metadata:
name: identity-service-secret
namespace: {{ include "common.names.namespace" . | quote }}
stringData:
- LDAP_ADMIN_USERNAME: "{{ .Values.identityservice.global.adminUser}}"
- LDAP_ADMIN_PASSWORD: "{{ .Values.identityservice.global.adminPassword}}"
- LDAP_USERS: "{{ .Values.identityservice.users}}"
- LDAP_PASSWORDS: "{{ .Values.identityservice.userPasswords}}"
- LDAP_GROUP: "{{ .Values.identityservice.group}}"
+ LDAP_ADMIN_USERNAME: "{{ .Values.identityservice.global.adminUser }}"
+ LDAP_ADMIN_PASSWORD: "{{ .Values.identityservice.global.adminPassword }}"
+ LDAP_USERS: "{{ .Values.identityservice.users }},{{ .Values.datadb.db.user }}"
+ LDAP_PASSWORDS: "{{ .Values.identityservice.userPasswords }},{{ .Values.datadb.db.password }}"
+ LDAP_GROUP: "{{ .Values.identityservice.group }}"
LDAP_ROOT: "{{ .Values.identityservice.global.ldapDomain }}"
- LDAP_ADMIN_DN: "cn={{ .Values.identityservice.global.adminUser}},{{ .Values.identityservice.global.ldapDomain }}"
+ LDAP_ADMIN_DN: "cn={{ .Values.identityservice.global.adminUser }},{{ .Values.identityservice.global.ldapDomain }}"
{{- end }}
diff --git a/helm/dbrepo/templates/metadata-configmap.yaml b/helm/dbrepo/templates/metadata-configmap.yaml
index a6b7ad8212..e837c8072a 100644
--- a/helm/dbrepo/templates/metadata-configmap.yaml
+++ b/helm/dbrepo/templates/metadata-configmap.yaml
@@ -13,9 +13,12 @@ data:
02-setup-data.sql: |-
BEGIN;
INSERT INTO `mdb_containers` (id, name, internal_name, image_id, host, port, ui_host, ui_port, privileged_username,
- privileged_password)
+ privileged_password, readonly_username, readonly_password)
VALUES ('6cfb3b8e-1792-4e46-871a-f3d103527203', 'mariadb:11.1.3-debian-11-r6', 'mariadb_11_1_3',
- 'd79cb089-363c-488b-9717-649e44d8fcc5', 'data-db', {{ .Values.datadb.containerPorts.mysql }}, '{{ .Values.hostname }}', {{ .Values.datadb.containerPorts.mysql }}, '{{ .Values.datadb.rootUser.user }}', '{{ .Values.datadb.rootUser.password }}');
+ 'd79cb089-363c-488b-9717-649e44d8fcc5', 'data-db', {{ .Values.datadb.containerPorts.mysql }},
+ '{{ .Values.hostname }}', {{ .Values.datadb.containerPorts.mysql }}, '{{ .Values.datadb.rootUser.user }}',
+ '{{ .Values.datadb.rootUser.password }}', '{{ .Values.datadb.db.user }}',
+ '{{ .Values.datadb.db.password }}');
COMMIT;
{{ (.Files.Glob "files/my.cnf").AsConfig | nindent 2 }}
{{- end }}
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 00336e82bb..4afbf2c70e 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -176,6 +176,10 @@ datadb:
db:
## @param datadb.db.name The database name.
name: dbrepo
+ ## @param datadb.db.user The database username for the dashboard service.
+ user: user
+ ## @param datadb.db.password The database user password for the dashboard service.
+ password: user
galera:
mariabackup:
## @param datadb.galera.mariabackup.user The database backup username.
@@ -218,7 +222,7 @@ searchdb:
enabled: false
## @param searchdb.ingest.resourcesPreset The container resource preset
resourcesPreset: "micro"
- ## @param searchdb.ingest.replicaCount The number of pod replicas.
+ ## @param searchdb.ingest.replicaCount The number of pod replicas.
replicaCount: 1
master:
## @param searchdb.master.resourcesPreset The container resource preset
@@ -236,90 +240,6 @@ searchdb:
## @param searchdb.clusterName The cluster name.
clusterName: search-db
-## @section Upload Service
-
-uploadservice:
- ## @param uploadservice.enabled Enable the Upload Service.
- enabled: true
- ## @skip uploadservice.image
- image:
- name: docker.io/tusproject/tusd:v1.12
- s3:
- ## @param uploadservice.s3.endpoint The S3-capable endpoint the microservice connects to.
- endpoint: http://storage-service-s3:8333
- ## @param uploadservice.s3.bucket The S3 bucket name.
- bucket: dbrepo
- ## @param uploadservice.s3.maxSize The maximum file size in bytes.
- maxSize: "2000000000"
- ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
- podSecurityContext:
- ## @param uploadservice.podSecurityContext.enabled Enable pods' Security Context
- enabled: true
- ## @param uploadservice.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
- fsGroupChangePolicy: Always
- ## @param uploadservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
- sysctls: [ ]
- ## @param uploadservice.podSecurityContext.supplementalGroups Set filesystem extra groups
- supplementalGroups: [ ]
- ## @param uploadservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
- fsGroup: 0
- containerSecurityContext:
- ## @param uploadservice.containerSecurityContext.enabled Enable containers' Security Context
- enabled: true
- ## @param uploadservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
- seLinuxOptions: { }
- ## @param uploadservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
- runAsUser: 1000
- ## @param uploadservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
- runAsGroup: 1000
- ## @param uploadservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
- runAsNonRoot: true
- ## @param uploadservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
- allowPrivilegeEscalation: false
- ## @param uploadservice.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
- readOnlyRootFilesystem: false
- capabilities:
- ## @param uploadservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
- drop: [ "ALL" ]
- seccompProfile:
- ## @param uploadservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
- type: "RuntimeDefault"
- ## @param uploadservice.resourcesPreset The container resource preset
- resourcesPreset: "nano"
- ## @param uploadservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
- resources: { }
- ## requests:
- ## cpu: 250m
- ## memory: 64Mi
- ## limits:
- ## cpu: 500m
- ## memory: 1024Mi
- ## @skip uploadservice.containerArgs
- containerArgs:
- - "-behind-proxy"
- - "-max-size=2000000000"
- - "-base-path=/api/upload/files/"
- - "-hooks-dir=/srv/tusd-hooks/"
- - "-s3-endpoint=http://storage-service-s3:8333"
- - "-s3-bucket=dbrepo"
- ## @skip uploadservice.envFrom
- envFrom:
- - secretRef:
- name: upload-service-secret
- ## @skip uploadservice.volumes
- volumes:
- - name: config
- configMap:
- name: upload-service-setup
- defaultMode: 0777
- ## @skip uploadservice.volumeMounts
- volumeMounts:
- - name: config
- mountPath: /srv/tusd-hooks/pre-create
- subPath: pre-create
- ## @param uploadservice.replicaCount The number of replicas.
- replicaCount: 2
-
## @section Broker Service
brokerservice:
@@ -981,40 +901,99 @@ ui:
dashboardservice:
## @param dashboardservice.enabled Enable the Dashboard Service.
enabled: true
+ image:
+ ## @skip dashboardservice.image.name
+ name: registry.datalab.tuwien.ac.at/dbrepo/auth-service-init:1.8.0
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ podSecurityContext:
+ ## @param dashboardservice.podSecurityContext.enabled Enable pods' Security Context
+ enabled: true
+ ## @param dashboardservice.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+ fsGroupChangePolicy: Always
+ ## @param dashboardservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
+ sysctls: [ ]
+ ## @param dashboardservice.podSecurityContext.supplementalGroups Set filesystem extra groups
+ supplementalGroups: [ ]
+ ## @param dashboardservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
+ fsGroup: 0
+ containerSecurityContext:
+ ## @param dashboardservice.containerSecurityContext.enabled Enable containers' Security Context
+ enabled: true
+ ## @param dashboardservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
+ seLinuxOptions: { }
+ ## @param dashboardservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
+ runAsUser: 1001
+ ## @param dashboardservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
+ runAsGroup: 1001
+ ## @param dashboardservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
+ runAsNonRoot: true
+ ## @param dashboardservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+ allowPrivilegeEscalation: false
+ ## @param dashboardservice.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+ readOnlyRootFilesystem: false
+ capabilities:
+ ## @param dashboardservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+ drop: [ "ALL" ]
+ seccompProfile:
+ ## @param dashboardservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ type: "RuntimeDefault"
+ ## @param dashboardservice.resourcesPreset The container resource preset
+ resourcesPreset: "micro"
+ ## @param dashboardservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ resources: { }
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
+ ## @param dashboardservice.replicaCount The number of replicas.
+ init:
+ image:
+ ## @skip dashboardservice.init.image.name
+ name: registry.datalab.tuwien.ac.at/dbrepo/dashboard-service-init:1.8.0
+ ## @param dashboardservice.init.resourcesPreset The container resource preset
+ resourcesPreset: "nano"
+ ## @param dashboardservice.init.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ resources: { }
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
+ ## @param dashboardservice.replicaCount The number of replicas.
+ replicaCount: 2
+
+## @section Dashboard UI
+
+dashboardui:
+ ## @param dashboardui.enabled Enable the Dashboard UI.
+ enabled: true
+ ## @skip dashboardui.fullnameOverride
+ fullnameOverride: dashboard-ui
metrics:
- ## @param dashboardservice.metrics.enabled Enable the metrics sidecar.
+ ## @param dashboardui.metrics.enabled Enable the metrics sidecar.
enabled: true
- ## @skip dashboardservice.fullnameOverride
- fullnameOverride: dashboard-service
+ endpoint: http://dashboard-ui:3000
ldap:
- ## @skip dashboardservice.ldap.enabled
+ ## @skip dashboardui.ldap.enabled
enabled: true
- ## @skip dashboardservice.ldap.allowSignUp
+ ## @skip dashboardui.ldap.allowSignUp
allowSignUp: true
- ## @skip dashboardservice.ldap.secretName
- secretName: dashboard-service-secret
+ ## @skip dashboardui.ldap.secretName
+ secretName: dashboard-ui-secret
grafana:
updateStrategy:
- ## @skip dashboardservice.grafana.updateStrategy.type
+ ## @skip dashboardui.grafana.updateStrategy.type
type: Recreate
- ## @skip dashboardservice.grafana.extraEnvVarsSecret
- extraEnvVarsSecret: dashboard-service-secret
- ## @skip dashboardservice.grafana.extraConfigmaps
- extraConfigmaps:
- - name: dashboard-service-config
- mountPath: /opt/bitnami/grafana/dashboards
- readOnly: true
+ ## @skip dashboardui.grafana.extraEnvVarsSecret
+ extraEnvVarsSecret: dashboard-ui-secret
datasources:
## @skip dashboardservice.datasources.secretDefinition
- secretDefinition:
- apiVersion: 1
- datasources:
- - name: "dbrepo-metric-db"
- uid: "P18F45E9DC7E75912"
- type: "prometheus"
- url: "http://metric-db-server"
+ secretName: "dashboard-ui-prov-datasources-secret"
dashboardsProvider:
- ## @param dashboardservice.dashboardsProvider.enabled Enable the default dashboard provisioning provider to routinely import dashboards from /opt/bitnami/grafana/dashboards
+ ## @param dashboardui.dashboardsProvider.enabled Enable the default dashboard provisioning provider to routinely import dashboards from /opt/bitnami/grafana/dashboards
enabled: true
## @section Metric Service
@@ -1024,6 +1003,8 @@ metricdb:
enabled: true
## @skip metricdb.fullnameOverride
fullnameOverride: metric-db
+ ## @param metricdb.endpoint The endpoint for microservices.
+ endpoint: http://metric-db-server
alertmanager:
## @skip metricdb.alertmanager.enabled
enabled: false
diff --git a/make/rel.mk b/make/rel.mk
index c98668f08b..f5969e3cbf 100644
--- a/make/rel.mk
+++ b/make/rel.mk
@@ -3,28 +3,30 @@
.PHONY: tag-images
tag-images: build-images ## Tag the docker images.
docker tag dbrepo-analyse-service:latest "${REPOSITORY_URL}/analyse-service:${APP_VERSION}${BUILD_VERSION}"
+ docker tag dbrepo-auth-service-init:latest "${REPOSITORY_URL}/auth-service-init:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-dashboard-service:latest "${REPOSITORY_URL}/dashboard-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-ui:latest "${REPOSITORY_URL}/ui:${APP_VERSION}${BUILD_VERSION}"
+ docker tag dbrepo-dashboard-service-init:latest "${REPOSITORY_URL}/dashboard-service-init:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-data-service:latest "${REPOSITORY_URL}/data-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-auth-service-init:latest "${REPOSITORY_URL}/auth-service-init:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-metadata-service:latest "${REPOSITORY_URL}/metadata-service:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-search-db:latest "${REPOSITORY_URL}/search-db:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-search-service:latest "${REPOSITORY_URL}/search-service:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-search-service-init:latest "${REPOSITORY_URL}/search-service-init:${APP_VERSION}${BUILD_VERSION}"
docker tag dbrepo-storage-service-init:latest "${REPOSITORY_URL}/storage-service-init:${APP_VERSION}${BUILD_VERSION}"
+ docker tag dbrepo-ui:latest "${REPOSITORY_URL}/ui:${APP_VERSION}${BUILD_VERSION}"
.PHONY: release-images
release-images: tag-images ## Release the docker images.
docker push "${REPOSITORY_URL}/analyse-service:${APP_VERSION}${BUILD_VERSION}"
+ docker push "${REPOSITORY_URL}/auth-service-init:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/dashboard-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${REPOSITORY_URL}/ui:${APP_VERSION}${BUILD_VERSION}"
+ docker push "${REPOSITORY_URL}/dashboard-service-init:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/data-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${REPOSITORY_URL}/auth-service-init:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/search-db:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/metadata-service:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/search-service:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/search-service-init:${APP_VERSION}${BUILD_VERSION}"
docker push "${REPOSITORY_URL}/storage-service-init:${APP_VERSION}${BUILD_VERSION}"
+ docker push "${REPOSITORY_URL}/ui:${APP_VERSION}${BUILD_VERSION}"
.PHONY: release-helm
release-helm: gen-helm-doc ## Release the DBRepo and DBRepo MariaDB Galera Helm charts.
--
GitLab