update of old changes

945d0533 · Manuel Esberger · 554cb81b · 945d0533 · 945d0533 · 945d0533
Commit 945d0533 authored 1 month ago by Manuel Esberger
--- a/helm/dbrepo/dbrepo-aris-values.yaml
+++ b/helm/dbrepo/dbrepo-aris-values.yaml
--- a/helm/dbrepo/ingr1.txt
+++ b/helm/dbrepo/ingr1.txt
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  name: example
+  namespace: aris-dbrepo-dev
+  uid: bd483947-6db1-46ac-857e-523f652f3e34
+  resourceVersion: '691663457'
+  generation: 1
+  creationTimestamp: '2024-11-21T17:05:43Z'
+  managedFields:
+    - manager: Mozilla
+      operation: Update
+      apiVersion: networking.k8s.io/v1
+      time: '2024-11-21T17:05:43Z'
+      fieldsType: FieldsV1
+      fieldsV1:
+        'f:spec':
+          'f:rules': {}
+    - manager: route-controller-manager
+      operation: Update
+      apiVersion: networking.k8s.io/v1
+      time: '2024-11-21T17:05:43Z'
+      fieldsType: FieldsV1
+      fieldsV1:
+        'f:status':
+          'f:loadBalancer':
+            'f:ingress': {}
+      subresource: status
+spec:
+  rules:
+    - host: dbrepodev.arisnet.ac.at
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ui
+                port:
+                  number: 80
+status:
+  loadBalancer:
+    ingress:
+      - hostname: router-default.arisnet.ac.at
--- a/helm/dbrepo/ingr2.txt
+++ b/helm/dbrepo/ingr2.txt
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+  annotations:
+    haproxy.router.openshift.io/use-regex: 'true'
+    meta.helm.sh/release-name: dbrepo
+    meta.helm.sh/release-namespace: aris-dbrepo-dev
+  resourceVersion: '691661694'
+  name: dbrepo-ingress-basic
+  uid: 75363900-77e6-4d83-b067-b5183f25fee1
+  creationTimestamp: '2024-10-02T15:41:53Z'
+  generation: 5
+  managedFields:
+    - manager: helm
+      operation: Update
+      apiVersion: networking.k8s.io/v1
+      time: '2024-11-21T16:58:38Z'
+      fieldsType: FieldsV1
+      fieldsV1:
+        'f:metadata':
+          'f:annotations':
+            .: {}
+            'f:haproxy.router.openshift.io/use-regex': {}
+            'f:meta.helm.sh/release-name': {}
+            'f:meta.helm.sh/release-namespace': {}
+          'f:labels':
+            .: {}
+            'f:app.kubernetes.io/managed-by': {}
+        'f:spec':
+          'f:ingressClassName': {}
+          'f:tls': {}
+    - manager: Mozilla
+      operation: Update
+      apiVersion: networking.k8s.io/v1
+      time: '2024-11-21T17:04:09Z'
+      fieldsType: FieldsV1
+      fieldsV1:
+        'f:spec':
+          'f:rules': {}
+  namespace: aris-dbrepo-dev
+  labels:
+    app.kubernetes.io/managed-by: Helm
+spec:
+  ingressClassName: openshift-default
+  tls:
+    - hosts:
+        - dbrepo.arisnet.ac.at
+      secretName: dbrepo-ingress-tls-cert
+  rules:
+    - host: dbrepo.arisnet.ac.at
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: ui
+                port:
+                  number: 80
+status:
+  loadBalancer: {}
--- a/helm/dbrepo/templates/routes.yaml
+++ b/helm/dbrepo/templates/routes.yaml
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -372,7 +372,7 @@ searchdb:

 uploadservice:
  ## @param uploadservice.enabled Enable the Upload Service.
-  enabled: true
+  enabled: false
  ## @skip uploadservice.fullnameOverride
  fullnameOverride: upload-service
  ## @skip uploadservice.image
@@ -786,6 +786,12 @@ identityservice:
  ## @param identityservice.enabled Enable the Identity Service.
  enabled: true
  ## @skip identityservice.fullnameOverride
+  podAnnotations:
+    metadata.annotations.openshift.ioo/scc: nonroot
+  serviceAccount:
+    ## @param serviceAccount.create Enable creation of ServiceAccount for Apache pod
+    ##
+    create: false
  fullnameOverride: identity-service
  podSecurityContext:
    runAsNonRoot: true
@@ -819,8 +825,10 @@ identityservice:
  userPasswords: admin
  ## @param identityservice.group The group that contains the administrators for the broker service.
  group: system
-  ## @skip identityservice.ltb-passwd
-
+  logLevel: trace
+  env:
+    # set this to "true" to enable bootstrap debugging
+    BITNAMI_DEBUG: "true"
  ## @skip identityservice.phpldapadmin
  phpldapadmin:
    enabled: false
@@ -842,6 +850,14 @@ identityservice:
  persistence:
    ## @param identityservice.persistence.enabled If set to true, a PVC will be created.
    enabled: true
+    storageClassName: "rbd-storagepool-cluster"
+  extraVolumes:
+    - name: cache-volume
+      emptyDir: {}
+  # @skip ui.extraVolumeMounts
+  extraVolumeMounts:
+    - name: cache-volume
+      mountPath: /opt/bitnami/openldap/share/
  replication:
    ## @param identityservice.replication.enabled If set to true, the pods required a cluster. Needs `replicaCount` to be `3` or higher (of 2n+1).
    enabled: false
@@ -855,7 +871,7 @@ ui:
  enabled: true
  image:
    ## @skip ui.image.name
-    name: registry.datalab.tuwien.ac.at/dbrepo/ui:1.4.5
+    name: registry.datalab.tuwien.ac.at/dbrepo/ui:1.5.1 #todo updated because of memory leak in prometheus
    ## @skip ui.image.pullPolicy
    pullPolicy: Always
    ## @param ui.image.debug Set the logging level to `trace`. Otherwise, set to `info`.
@@ -965,27 +981,22 @@ ingress:
  enabled: true
  className: "openshift-default"
  tls:
-    enabled: true
+    enabled: false
    secretName: dbrepo-ingress-tls-cert
  annotations:
    basic:
-      #        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
-      nginx.ingress.kubernetes.io/use-regex: "true"
+      haproxy.router.openshift.io/use-regex: "true"
    rewriteApi:
-      #        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
-      nginx.ingress.kubernetes.io/use-regex: "true"
-      nginx.ingress.kubernetes.io/rewrite-target: /api/$1
+      haproxy.router.openshift.io/use-regex: "true"
+      haproxy.router.openshift.io/rewrite-target: /api/$1
    rewriteRoot:
-      #        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
-      nginx.ingress.kubernetes.io/use-regex: "true"
-      nginx.ingress.kubernetes.io/rewrite-target: /$1
+      haproxy.router.openshift.io/use-regex: "true"
+      haproxy.router.openshift.io/rewrite-target: /$1
    rewriteRootSecure:
-      #        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
-      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
-      nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
-      nginx.ingress.kubernetes.io/use-regex: "true"
-      nginx.ingress.kubernetes.io/rewrite-target: /$1
+      haproxy.router.openshift.io/ssl-redirect: "true" # Use this for force SSL redirect
+      haproxy.router.openshift.io/backend-protocol: "HTTPS"
+      haproxy.router.openshift.io/use-regex: "true"
+      haproxy.router.openshift.io/rewrite-target: /$1
    rewritePid:
-      #        cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
-      nginx.ingress.kubernetes.io/use-regex: "true"
-      nginx.ingress.kubernetes.io/rewrite-target: /api/identifier/$1
+      haproxy.router.openshift.io/use-regex: "true"
+      haproxy.router.openshift.io/rewrite-target: /api/identifier/$1
--- a/helm/delete_all_routes.sh
+++ b/helm/delete_all_routes.sh
+oc get routes.route.openshift.io -oname | xargs oc delete
--- a/helm/fix_identity.sh
+++ b/helm/fix_identity.sh
@@ -64,6 +64,11 @@ oc patch statefulset $STATEFULSET_NAME -n $NAMESPACE --type='json' -p='[
  {
    "op": "remove",
    "path": "/spec/template/spec/containers/0/securityContext/runAsUser"
+  },
+  {
+    "op": "add",
+    "path": "/spec/template/spec/containers/0/securityContext/capabilities/add/-",
+    "value": "NET_BIND_SERVICE"
  }
 ]'