Skip to content
Snippets Groups Projects
Commit 4f18ff12 authored by Manuel Esberger's avatar Manuel Esberger
Browse files

fix everything except search service, analyze service and upload service, and...

fix everything except search service, analyze service and upload service, and identity service needs still some manuel patching
parent 4ae4b30f
No related branches found
No related tags found
No related merge requests found
oc run -i --rm --tty volpod --overrides=' ─╯
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"name": "volpod"
},
"spec": {
"containers": [{
"command": [
"cat",
"/mnt/data/grastate.dat"
],
"image": "bitnami/minideb",
"name": "mycontainer",
"volumeMounts": [{
"mountPath": "/mnt",
"name": "galeradata"
}],
"resources": {
"requests": {
"cpu": "50m",
"memory": "512Mi"
},
"limits": {
"cpu": "250m",
"memory": "768Mi"
}
}
}],
"restartPolicy": "Never",
"volumes": [{
"name": "galeradata",
"persistentVolumeClaim": {
"claimName": "data-metadata-db-0"
}
}]
}
}' --image="bitnami/minideb"
# or minified
oc run -i --rm --tty volpod --overrides='{"apiVersion":"v1","kind":"Pod","metadata":{"name":"volpod"},"spec":{"containers":[{"command":["cat","/mnt/data/grastate.dat"],"image":"bitnami/minideb","name":"mycontainer","volumeMounts":[{"mountPath":"/mnt","name":"galeradata"}],"resources":{"requests":{"cpu":"50m","memory":"512Mi"},"limits":{"cpu":"250m","memory":"768Mi"}}}],"restartPolicy":"Never","volumes":[{"name":"galeradata","persistentVolumeClaim":{"claimName":"data-metadata-db-0"}}]}}' --image="bitnami/minideb"
dependencies: dependencies:
- name: opensearch - name: opensearch
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 1.2.2 version: 1.2.10
- name: keycloak - name: keycloak
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
version: 21.6.1 version: 21.6.1
...@@ -17,5 +17,5 @@ dependencies: ...@@ -17,5 +17,5 @@ dependencies:
- name: openldap-stack-ha - name: openldap-stack-ha
repository: https://jp-gouin.github.io/helm-openldap/ repository: https://jp-gouin.github.io/helm-openldap/
version: 4.2.5 version: 4.2.5
digest: sha256:0e5b13ddfd50c6d7b22de57db4b9c15401aa25c447b274567209083481a104f2 digest: sha256:3dc3749d40e45e1edc88ca116bdc7e66ba2e6a05467ec6619b96a0c1ac42f004
generated: "2024-07-31T21:17:50.377126847+02:00" generated: "2024-08-20T09:20:55.800765444+02:00"
...@@ -18,7 +18,7 @@ icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/ ...@@ -18,7 +18,7 @@ icon: https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/
dependencies: dependencies:
- name: opensearch - name: opensearch
alias: searchdb alias: searchdb
version: 1.2.2 version: 1.2.10
repository: https://charts.bitnami.com/bitnami repository: https://charts.bitnami.com/bitnami
condition: searchdb.enabled condition: searchdb.enabled
- name: keycloak - name: keycloak
......
File added
File deleted
oc get events --sort-by=.metadata.creationTimestamp --field-selector involvedObject.kind=Pod,involvedObject.name=search-db-data-0
#
oc get events --sort-by=.metadata.creationTimestamp --field-selector involvedObject.kind=Pod,involvedObject.name=upload-service-78d96bc466-92l4z
psql -d bitnami_keycloak -p 5432 -U bn_keycloak
psql -d bitnami_keyck -p 3333 -U bn_keycloak
\ No newline at end of file
...@@ -16,9 +16,4 @@ stringData: ...@@ -16,9 +16,4 @@ stringData:
GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}" GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}"
JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}" JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}"
LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.analyseservice.image.debug }}" LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.analyseservice.image.debug }}"
S3_ACCESS_KEY_ID: "{{ .Values.storageservice.s3.auth.adminAccessKeyId }}"
S3_ENDPOINT: "{{ .Values.analyseservice.s3.endpoint }}"
S3_EXPORT_BUCKET: "{{ .Values.storageservice.s3.bucket.export }}"
S3_IMPORT_BUCKET: "{{ .Values.storageservice.s3.bucket.import }}"
S3_SECRET_ACCESS_KEY: "{{ .Values.storageservice.s3.auth.adminSecretAccessKey }}"
{{- end }} {{- end }}
...@@ -41,7 +41,6 @@ spec: ...@@ -41,7 +41,6 @@ spec:
image: {{ .Values.searchservice.image.name }} image: {{ .Values.searchservice.image.name }}
imagePullPolicy: {{ .Values.searchservice.image.pullPolicy | default "IfNotPresent" }} imagePullPolicy: {{ .Values.searchservice.image.pullPolicy | default "IfNotPresent" }}
securityContext: securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true runAsNonRoot: true
# readOnlyRootFilesystem: true # readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
......
...@@ -30,7 +30,7 @@ resourcesWStorage: ...@@ -30,7 +30,7 @@ resourcesWStorage:
memory: 756Mi memory: 756Mi
requests: requests:
cpu: 100m cpu: 100m
ephemeral-storage: 20Mi ephemeral-storage: 10Mi
memory: 256Mi memory: 256Mi
resourcesLittle: resourcesLittle:
...@@ -84,6 +84,9 @@ metadatadb: ...@@ -84,6 +84,9 @@ metadatadb:
user: backup user: backup
## @param metadatadb.galera.mariabackup.password The database backup user password ## @param metadatadb.galera.mariabackup.password The database backup user password
password: backup password: backup
bootstrap:
forceBootstrap: true
forceSafeToBootstrap: true
## @param metadatadb.jdbcExtraArgs The extra arguments for JDBC connections in the microservices. ## @param metadatadb.jdbcExtraArgs The extra arguments for JDBC connections in the microservices.
jdbcExtraArgs: "" jdbcExtraArgs: ""
metrics: metrics:
...@@ -121,10 +124,9 @@ metadatadb: ...@@ -121,10 +124,9 @@ metadatadb:
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 150m cpu: 250m
ephemeral-storage: 20Mi ephemeral-storage: 20Mi
memory: 768Mi memory: 768Mi
## @section Auth Service ## @section Auth Service
authservice: authservice:
...@@ -139,15 +141,16 @@ authservice: ...@@ -139,15 +141,16 @@ authservice:
endpoint: http://auth-service endpoint: http://auth-service
auth: auth:
## @param authservice.auth.adminUser The admin username. ## @param authservice.auth.adminUser The admin username.
adminUser: admin adminUser: bn_keycloak
## @param authservice.auth.adminPassword The admin user password. ## @param authservice.auth.adminPassword The admin user password.
adminPassword: de4aingohyohveeRooZe adminPassword: "admin"
## @skip authservice.postgresql ## @skip authservice.postgresql
postgresql: postgresql:
enabled: true enabled: true
fullnameOverride: auth-db fullnameOverride: auth-db
auth: auth:
postgresPassword: Zaethie2gai3phogh3wa password: "admin"
postgresPassword: "admin"
## @skip authservice.extraStartupArgs ## @skip authservice.extraStartupArgs
extraStartupArgs: "--import-realm" extraStartupArgs: "--import-realm"
jwt: jwt:
...@@ -167,7 +170,7 @@ authservice: ...@@ -167,7 +170,7 @@ authservice:
## @param authservice.client.id The client id for the microservices. ## @param authservice.client.id The client id for the microservices.
id: dbrepo-client id: dbrepo-client
## @param authservice.client.secret The client secret for the microservices. ## @param authservice.client.secret The client secret for the microservices.
secret: MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG secret: admin
## @skip authservice.extraEnvVarsCM ## @skip authservice.extraEnvVarsCM
extraEnvVarsCM: auth-service-config extraEnvVarsCM: auth-service-config
## @skip authservice.extraVolumes ## @skip authservice.extraVolumes
...@@ -189,7 +192,6 @@ authservice: ...@@ -189,7 +192,6 @@ authservice:
cpu: 250m cpu: 250m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 768Mi memory: 768Mi
replicaCount: 2 replicaCount: 2
## @section Data Database ## @section Data Database
...@@ -218,18 +220,18 @@ datadb: ...@@ -218,18 +220,18 @@ datadb:
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 150m cpu: 100m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 768Mi memory: 768Mi
## @skip datadb.primary ## @skip datadb.primary
primary: primary:
resources: resources:
requests: requests:
cpu: 25m cpu: 100m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 100m cpu: 200m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 768Mi memory: 768Mi
service: service:
...@@ -313,6 +315,8 @@ datadb: ...@@ -313,6 +315,8 @@ datadb:
searchdb: searchdb:
## @param searchdb.enabled Enable the Data Database. ## @param searchdb.enabled Enable the Data Database.
enabled: true enabled: true
sysctlImage:
enabled: false
## @skip searchdb.fullnameOverride ## @skip searchdb.fullnameOverride
fullnameOverride: search-db fullnameOverride: search-db
## @skip searchdb.servicenameOverride ## @skip searchdb.servicenameOverride
...@@ -328,7 +332,40 @@ searchdb: ...@@ -328,7 +332,40 @@ searchdb:
adminPassword: admin adminPassword: admin
## @param searchdb.clusterName The cluster name. ## @param searchdb.clusterName The cluster name.
clusterName: search-db clusterName: search-db
master:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 250m
memory: 512Mi
coordinating:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 250m
memory: 512Mi
ingest:
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 250m
memory: 512Mi
data:
resources:
limits:
cpu: 250m
ephemeral-storage: 700Mi
memory: 1536Mi
requests:
cpu: 100m
ephemeral-storage: 50Mi
memory: 512Mi
## @section Upload Service ## @section Upload Service
uploadservice: uploadservice:
...@@ -439,12 +476,12 @@ brokerservice: ...@@ -439,12 +476,12 @@ brokerservice:
## @param brokerservice.replicaCount The number of replicas. ## @param brokerservice.replicaCount The number of replicas.
resources: resources:
requests: requests:
cpu: 50m cpu: 200m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 300m cpu: 300m
ephemeral-storage: 100Mi ephemeral-storage: 50Mi
memory: 768Mi memory: 768Mi
replicaCount: 1 replicaCount: 1
...@@ -452,7 +489,7 @@ brokerservice: ...@@ -452,7 +489,7 @@ brokerservice:
analyseservice: analyseservice:
## @param analyseservice.enabled Enable the Broker Service. ## @param analyseservice.enabled Enable the Broker Service.
enabled: true enabled: false
image: image:
## @skip analyseservice.image.name ## @skip analyseservice.image.name
name: registry.datalab.tuwien.ac.at/dbrepo/analyse-service:1.4.5 name: registry.datalab.tuwien.ac.at/dbrepo/analyse-service:1.4.5
...@@ -499,7 +536,7 @@ analyseservice: ...@@ -499,7 +536,7 @@ analyseservice:
cpu: 250m cpu: 250m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 500m cpu: 250m
memory: 2048Mi memory: 2048Mi
## @param analyseservice.endpoint The url of the endpoint. ## @param analyseservice.endpoint The url of the endpoint.
...@@ -560,7 +597,7 @@ metadataservice: ...@@ -560,7 +597,7 @@ metadataservice:
cpu: 250m cpu: 250m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 500m cpu: 250m
memory: 1024Mi memory: 1024Mi
## @param metadataservice.endpoint The Metadata Service endpoint. ## @param metadataservice.endpoint The Metadata Service endpoint.
endpoint: http://metadata-service endpoint: http://metadata-service
...@@ -706,16 +743,16 @@ searchservice: ...@@ -706,16 +743,16 @@ searchservice:
## @param searchservice.podSecurityContext.supplementalGroups Set filesystem extra groups ## @param searchservice.podSecurityContext.supplementalGroups Set filesystem extra groups
supplementalGroups: [ ] supplementalGroups: [ ]
## @param searchservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup ## @param searchservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
# fsGroup: 1001 fsGroup: 1001
containerSecurityContext: containerSecurityContext:
## @param searchservice.containerSecurityContext.enabled Enabled containers' Security Context ## @param searchservice.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true enabled: true
## @param searchservice.containerSecurityContext.seLinuxOptions Set SELinux options in container ## @param searchservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
seLinuxOptions: { } seLinuxOptions: { }
## @param searchservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser ## @param searchservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
# runAsUser: 1001 runAsUser: 1000
## @param searchservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup ## @param searchservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
# runAsGroup: 1001 runAsGroup: 1001
## @param searchservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot ## @param searchservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
runAsNonRoot: true runAsNonRoot: true
## @param searchservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation ## @param searchservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
...@@ -724,7 +761,8 @@ searchservice: ...@@ -724,7 +761,8 @@ searchservice:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
capabilities: capabilities:
## @param searchservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot ## @param searchservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
drop: [ "ALL" ] add:
- NET_BIND_SERVICE
seccompProfile: seccompProfile:
## @param searchservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## @param searchservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault" type: "RuntimeDefault"
...@@ -733,7 +771,7 @@ searchservice: ...@@ -733,7 +771,7 @@ searchservice:
cpu: 250m cpu: 250m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 500m cpu: 250m
memory: 1024Mi memory: 1024Mi
## @skip searchservice.init ## @skip searchservice.init
init: init:
...@@ -743,47 +781,6 @@ searchservice: ...@@ -743,47 +781,6 @@ searchservice:
## @param searchservice.replicaCount The number of replicas. ## @param searchservice.replicaCount The number of replicas.
replicaCount: 2 replicaCount: 2
## @section Storage Service
storageservice:
## @param storageservice.enabled Enable the Storage Service.
enabled: true
## @skip storageservice.fullnameOverride
fullnameOverride: storage-service
mariadb:
## @skip storageservice.mariadb.fullnameOverride
fullnameOverride: storage-service-db
## @skip storageservice.mariadb.enabled
enabled: true
master:
## @skip storageservice.master.enabled
enabled: true
filer:
## @param storageservice.filer.enabled Enable the storage service filer which is required for S3.
enabled: true
volume:
## @skip storageservice.volume.enabled
enabled: false
s3:
## @skip storageservice.s3.enabled
enabled: true
## @param storageservice.s3.replicaCount The number of replicas.
replicaCount: 2
bucket:
import: dbrepo-upload
export: dbrepo-download
auth:
## @param storageservice.s3.auth.enabled Enable the S3 service.
enabled: true
## @param storageservice.s3.auth.adminAccessKeyId The S3 access key id for the admin user. In some systems this is named `username`.
adminAccessKeyId: seaweedfsadmin
## @param storageservice.s3.auth.adminSecretAccessKey The S3 secret access key for the admin user. In some systems this is named `password`.
adminSecretAccessKey: seaweedfsadmin
## @skip storageservice.init
init:
image: registry.datalab.tuwien.ac.at/dbrepo/storage-service-init:1.4.5
pullPolicy: Always
## @section Identity Service ## @section Identity Service
identityservice: identityservice:
...@@ -808,7 +805,7 @@ identityservice: ...@@ -808,7 +805,7 @@ identityservice:
## @param identityservice.global.ldapDomain The LDAP domain name in domain "dbrepo.at" form or explicit in "dc=dbrepo,dc=at" form. ## @param identityservice.global.ldapDomain The LDAP domain name in domain "dbrepo.at" form or explicit in "dc=dbrepo,dc=at" form.
ldapDomain: dc=dbrepo,dc=at ldapDomain: dc=dbrepo,dc=at
## @param identityservice.global.adminUser The admin username that is used to bind. ## @param identityservice.global.adminUser The admin username that is used to bind.
adminUser: admin adminUser:
## @param identityservice.global.adminPassword The admin user password that is used to bind. ## @param identityservice.global.adminPassword The admin user password that is used to bind.
adminPassword: admin adminPassword: admin
## @skip identityservice.global.configUserEnabled ## @skip identityservice.global.configUserEnabled
...@@ -900,7 +897,7 @@ ui: ...@@ -900,7 +897,7 @@ ui:
cpu: 250m cpu: 250m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 500m cpu: 250m
memory: 1024Mi memory: 1024Mi
public: public:
api: api:
...@@ -966,7 +963,7 @@ ui: ...@@ -966,7 +963,7 @@ ui:
ingress: ingress:
enabled: true enabled: true
className: nginx className: "openshift-default"
tls: tls:
enabled: true enabled: true
secretName: dbrepo-ingress-tls-cert secretName: dbrepo-ingress-tls-cert
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment