diff --git a/helm/analyze_volume.sh b/helm/analyze_volume.sh
new file mode 100644
index 0000000000000000000000000000000000000000..f5dcfb34225b4926fa33acb706964afc9fd5590b
--- /dev/null
+++ b/helm/analyze_volume.sh
@@ -0,0 +1,43 @@
+oc run -i --rm --tty volpod --overrides=' ─╯
+{
+ "apiVersion": "v1",
+ "kind": "Pod",
+ "metadata": {
+ "name": "volpod"
+ },
+ "spec": {
+ "containers": [{
+ "command": [
+ "cat",
+ "/mnt/data/grastate.dat"
+ ],
+ "image": "bitnami/minideb",
+ "name": "mycontainer",
+ "volumeMounts": [{
+ "mountPath": "/mnt",
+ "name": "galeradata"
+ }],
+ "resources": {
+ "requests": {
+ "cpu": "50m",
+ "memory": "512Mi"
+ },
+ "limits": {
+ "cpu": "250m",
+ "memory": "768Mi"
+ }
+ }
+ }],
+ "restartPolicy": "Never",
+ "volumes": [{
+ "name": "galeradata",
+ "persistentVolumeClaim": {
+ "claimName": "data-metadata-db-0"
+ }
+ }]
+ }
+}' --image="bitnami/minideb"
+
+
+# or minified
+oc run -i --rm --tty volpod --overrides='{"apiVersion":"v1","kind":"Pod","metadata":{"name":"volpod"},"spec":{"containers":[{"command":["cat","/mnt/data/grastate.dat"],"image":"bitnami/minideb","name":"mycontainer","volumeMounts":[{"mountPath":"/mnt","name":"galeradata"}],"resources":{"requests":{"cpu":"50m","memory":"512Mi"},"limits":{"cpu":"250m","memory":"768Mi"}}}],"restartPolicy":"Never","volumes":[{"name":"galeradata","persistentVolumeClaim":{"claimName":"data-metadata-db-0"}}]}}' --image="bitnami/minideb"
diff --git a/helm/dbrepo/Chart.lock b/helm/dbrepo/Chart.lock
index edc00037f5219098a25e16c6cf978acc92b62c2e..8edb9741efc3644b2ad00aa6a6711bde7e7d9d58 100644
--- a/helm/dbrepo/Chart.lock
+++ b/helm/dbrepo/Chart.lock
@@ -1,7 +1,7 @@
dependencies:
- name: opensearch
repository: https://charts.bitnami.com/bitnami
- version: 1.2.2
+ version: 1.2.10
- name: keycloak
repository: https://charts.bitnami.com/bitnami
version: 21.6.1
@@ -17,5 +17,5 @@ dependencies:
- name: openldap-stack-ha
repository: https://jp-gouin.github.io/helm-openldap/
version: 4.2.5
-digest: sha256:0e5b13ddfd50c6d7b22de57db4b9c15401aa25c447b274567209083481a104f2
-generated: "2024-07-31T21:17:50.377126847+02:00"
+digest: sha256:3dc3749d40e45e1edc88ca116bdc7e66ba2e6a05467ec6619b96a0c1ac42f004
+generated: "2024-08-20T09:20:55.800765444+02:00"
diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml
index f6a537ce7e48a4b6b12414e929471a5b829ea95d..fd1202100a652a58945dbde1a2c0ee326ce9fcf9 100644
--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -18,7 +18,7 @@ icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/
dependencies:
- name: opensearch
alias: searchdb
- version: 1.2.2
+ version: 1.2.10
repository: https://charts.bitnami.com/bitnami
condition: searchdb.enabled
- name: keycloak
diff --git a/helm/dbrepo/charts/opensearch-1.2.10.tgz b/helm/dbrepo/charts/opensearch-1.2.10.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..3803dc64a111e4ee22afb4567befb6fed2ff114d
Binary files /dev/null and b/helm/dbrepo/charts/opensearch-1.2.10.tgz differ
diff --git a/helm/dbrepo/charts/opensearch-1.2.2.tgz b/helm/dbrepo/charts/opensearch-1.2.2.tgz
deleted file mode 100644
index 0393bfc1aa2fa964c68e66af6da6f356ea84e29f..0000000000000000000000000000000000000000
Binary files a/helm/dbrepo/charts/opensearch-1.2.2.tgz and /dev/null differ
diff --git a/helm/dbrepo/get_event_log_for_pod.sh b/helm/dbrepo/get_event_log_for_pod.sh
new file mode 100644
index 0000000000000000000000000000000000000000..ab3b7cc1089d3edb46d4a90a1b60268928a4116b
--- /dev/null
+++ b/helm/dbrepo/get_event_log_for_pod.sh
@@ -0,0 +1,8 @@
+oc get events --sort-by=.metadata.creationTimestamp --field-selector involvedObject.kind=Pod,involvedObject.name=search-db-data-0
+#
+oc get events --sort-by=.metadata.creationTimestamp --field-selector involvedObject.kind=Pod,involvedObject.name=upload-service-78d96bc466-92l4z
+
+
+psql -d bitnami_keycloak -p 5432 -U bn_keycloak
+
+psql -d bitnami_keyck -p 3333 -U bn_keycloak
\ No newline at end of file
diff --git a/helm/dbrepo/templates/analyse-secret.yaml b/helm/dbrepo/templates/analyse-secret.yaml
index 605d81d8892def1d491efcef3c056934eddec0c1..42bd64ef0e41f8882f20482f6570d38df0c467f0 100644
--- a/helm/dbrepo/templates/analyse-secret.yaml
+++ b/helm/dbrepo/templates/analyse-secret.yaml
@@ -16,9 +16,4 @@ stringData:
GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}"
JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}"
LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.analyseservice.image.debug }}"
- S3_ACCESS_KEY_ID: "{{ .Values.storageservice.s3.auth.adminAccessKeyId }}"
- S3_ENDPOINT: "{{ .Values.analyseservice.s3.endpoint }}"
- S3_EXPORT_BUCKET: "{{ .Values.storageservice.s3.bucket.export }}"
- S3_IMPORT_BUCKET: "{{ .Values.storageservice.s3.bucket.import }}"
- S3_SECRET_ACCESS_KEY: "{{ .Values.storageservice.s3.auth.adminSecretAccessKey }}"
{{- end }}
diff --git a/helm/dbrepo/templates/search-deployment.yaml b/helm/dbrepo/templates/search-deployment.yaml
index 044bd85a50e4fb34790a77add60757c2842c665c..916f6078c19a58ec423b1012d4b1c1680c766be0 100644
--- a/helm/dbrepo/templates/search-deployment.yaml
+++ b/helm/dbrepo/templates/search-deployment.yaml
@@ -41,7 +41,6 @@ spec:
image: {{ .Values.searchservice.image.name }}
imagePullPolicy: {{ .Values.searchservice.image.pullPolicy | default "IfNotPresent" }}
securityContext:
- allowPrivilegeEscalation: false
runAsNonRoot: true
# readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 316dcbb6b343e6f73c75a8948d0754edb9f43208..4d1c34e73b31f5b09392431644f2d75b4551e600 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -30,7 +30,7 @@ resourcesWStorage:
memory: 756Mi
requests:
cpu: 100m
- ephemeral-storage: 20Mi
+ ephemeral-storage: 10Mi
memory: 256Mi
resourcesLittle:
@@ -84,6 +84,9 @@ metadatadb:
user: backup
## @param metadatadb.galera.mariabackup.password The database backup user password
password: backup
+ bootstrap:
+ forceBootstrap: true
+ forceSafeToBootstrap: true
## @param metadatadb.jdbcExtraArgs The extra arguments for JDBC connections in the microservices.
jdbcExtraArgs: ""
metrics:
@@ -121,10 +124,9 @@ metadatadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 150m
+ cpu: 250m
ephemeral-storage: 20Mi
memory: 768Mi
-
## @section Auth Service
authservice:
@@ -139,15 +141,16 @@ authservice:
endpoint: http://auth-service
auth:
## @param authservice.auth.adminUser The admin username.
- adminUser: admin
+ adminUser: bn_keycloak
## @param authservice.auth.adminPassword The admin user password.
- adminPassword: de4aingohyohveeRooZe
+ adminPassword: "admin"
## @skip authservice.postgresql
postgresql:
enabled: true
fullnameOverride: auth-db
auth:
- postgresPassword: Zaethie2gai3phogh3wa
+ password: "admin"
+ postgresPassword: "admin"
## @skip authservice.extraStartupArgs
extraStartupArgs: "--import-realm"
jwt:
@@ -167,7 +170,7 @@ authservice:
## @param authservice.client.id The client id for the microservices.
id: dbrepo-client
## @param authservice.client.secret The client secret for the microservices.
- secret: MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG
+ secret: admin
## @skip authservice.extraEnvVarsCM
extraEnvVarsCM: auth-service-config
## @skip authservice.extraVolumes
@@ -189,7 +192,6 @@ authservice:
cpu: 250m
ephemeral-storage: 10Mi
memory: 768Mi
-
replicaCount: 2
## @section Data Database
@@ -218,18 +220,18 @@ datadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 150m
+ cpu: 100m
ephemeral-storage: 10Mi
memory: 768Mi
## @skip datadb.primary
primary:
resources:
requests:
- cpu: 25m
+ cpu: 100m
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 100m
+ cpu: 200m
ephemeral-storage: 10Mi
memory: 768Mi
service:
@@ -313,6 +315,8 @@ datadb:
searchdb:
## @param searchdb.enabled Enable the Data Database.
enabled: true
+ sysctlImage:
+ enabled: false
## @skip searchdb.fullnameOverride
fullnameOverride: search-db
## @skip searchdb.servicenameOverride
@@ -328,7 +332,40 @@ searchdb:
adminPassword: admin
## @param searchdb.clusterName The cluster name.
clusterName: search-db
-
+ master:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 250m
+ memory: 512Mi
+ coordinating:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 250m
+ memory: 512Mi
+ ingest:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 256Mi
+ limits:
+ cpu: 250m
+ memory: 512Mi
+ data:
+ resources:
+ limits:
+ cpu: 250m
+ ephemeral-storage: 700Mi
+ memory: 1536Mi
+ requests:
+ cpu: 100m
+ ephemeral-storage: 50Mi
+ memory: 512Mi
## @section Upload Service
uploadservice:
@@ -439,12 +476,12 @@ brokerservice:
## @param brokerservice.replicaCount The number of replicas.
resources:
requests:
- cpu: 50m
+ cpu: 200m
ephemeral-storage: 10Mi
memory: 512Mi
limits:
cpu: 300m
- ephemeral-storage: 100Mi
+ ephemeral-storage: 50Mi
memory: 768Mi
replicaCount: 1
@@ -452,7 +489,7 @@ brokerservice:
analyseservice:
## @param analyseservice.enabled Enable the Broker Service.
- enabled: true
+ enabled: false
image:
## @skip analyseservice.image.name
name: registry.datalab.tuwien.ac.at/dbrepo/analyse-service:1.4.5
@@ -499,7 +536,7 @@ analyseservice:
cpu: 250m
memory: 512Mi
limits:
- cpu: 500m
+ cpu: 250m
memory: 2048Mi
## @param analyseservice.endpoint The url of the endpoint.
@@ -560,7 +597,7 @@ metadataservice:
cpu: 250m
memory: 512Mi
limits:
- cpu: 500m
+ cpu: 250m
memory: 1024Mi
## @param metadataservice.endpoint The Metadata Service endpoint.
endpoint: http://metadata-service
@@ -706,16 +743,16 @@ searchservice:
## @param searchservice.podSecurityContext.supplementalGroups Set filesystem extra groups
supplementalGroups: [ ]
## @param searchservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
- # fsGroup: 1001
+ fsGroup: 1001
containerSecurityContext:
## @param searchservice.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true
## @param searchservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
seLinuxOptions: { }
## @param searchservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
- # runAsUser: 1001
+ runAsUser: 1000
## @param searchservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
- # runAsGroup: 1001
+ runAsGroup: 1001
## @param searchservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
runAsNonRoot: true
## @param searchservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
@@ -724,7 +761,8 @@ searchservice:
readOnlyRootFilesystem: true
capabilities:
## @param searchservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
- drop: [ "ALL" ]
+ add:
+ - NET_BIND_SERVICE
seccompProfile:
## @param searchservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
@@ -733,7 +771,7 @@ searchservice:
cpu: 250m
memory: 512Mi
limits:
- cpu: 500m
+ cpu: 250m
memory: 1024Mi
## @skip searchservice.init
init:
@@ -743,47 +781,6 @@ searchservice:
## @param searchservice.replicaCount The number of replicas.
replicaCount: 2
-## @section Storage Service
-
-storageservice:
- ## @param storageservice.enabled Enable the Storage Service.
- enabled: true
- ## @skip storageservice.fullnameOverride
- fullnameOverride: storage-service
- mariadb:
- ## @skip storageservice.mariadb.fullnameOverride
- fullnameOverride: storage-service-db
- ## @skip storageservice.mariadb.enabled
- enabled: true
- master:
- ## @skip storageservice.master.enabled
- enabled: true
- filer:
- ## @param storageservice.filer.enabled Enable the storage service filer which is required for S3.
- enabled: true
- volume:
- ## @skip storageservice.volume.enabled
- enabled: false
- s3:
- ## @skip storageservice.s3.enabled
- enabled: true
- ## @param storageservice.s3.replicaCount The number of replicas.
- replicaCount: 2
- bucket:
- import: dbrepo-upload
- export: dbrepo-download
- auth:
- ## @param storageservice.s3.auth.enabled Enable the S3 service.
- enabled: true
- ## @param storageservice.s3.auth.adminAccessKeyId The S3 access key id for the admin user. In some systems this is named `username`.
- adminAccessKeyId: seaweedfsadmin
- ## @param storageservice.s3.auth.adminSecretAccessKey The S3 secret access key for the admin user. In some systems this is named `password`.
- adminSecretAccessKey: seaweedfsadmin
- ## @skip storageservice.init
- init:
- image: registry.datalab.tuwien.ac.at/dbrepo/storage-service-init:1.4.5
- pullPolicy: Always
-
## @section Identity Service
identityservice:
@@ -808,7 +805,7 @@ identityservice:
## @param identityservice.global.ldapDomain The LDAP domain name in domain "dbrepo.at" form or explicit in "dc=dbrepo,dc=at" form.
ldapDomain: dc=dbrepo,dc=at
## @param identityservice.global.adminUser The admin username that is used to bind.
- adminUser: admin
+ adminUser:
## @param identityservice.global.adminPassword The admin user password that is used to bind.
adminPassword: admin
## @skip identityservice.global.configUserEnabled
@@ -900,7 +897,7 @@ ui:
cpu: 250m
memory: 512Mi
limits:
- cpu: 500m
+ cpu: 250m
memory: 1024Mi
public:
api:
@@ -966,7 +963,7 @@ ui:
ingress:
enabled: true
- className: nginx
+ className: "openshift-default"
tls:
enabled: true
secretName: dbrepo-ingress-tls-cert