diff --git a/helm/dbrepo/dbrepo-aris-values.yaml b/helm/dbrepo/dbrepo-aris-values.yaml
index 634adaf4ea9cd0388a1418459242f33f34cbf8ed..cbaa753e9623d0159a818b0c02e33dbbda853bf6 100644
--- a/helm/dbrepo/dbrepo-aris-values.yaml
+++ b/helm/dbrepo/dbrepo-aris-values.yaml
@@ -86,7 +86,7 @@ dbrepo:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
- capabilities:
+ capabilities:
drop:
- ALL
ports:
diff --git a/helm/dbrepo/ingr1.txt b/helm/dbrepo/ingr1.txt
new file mode 100644
index 0000000000000000000000000000000000000000..62185d3363d5473840b6b56c05b3e0921c47adaf
--- /dev/null
+++ b/helm/dbrepo/ingr1.txt
@@ -0,0 +1,44 @@
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+ name: example
+ namespace: aris-dbrepo-dev
+ uid: bd483947-6db1-46ac-857e-523f652f3e34
+ resourceVersion: '691663457'
+ generation: 1
+ creationTimestamp: '2024-11-21T17:05:43Z'
+ managedFields:
+ - manager: Mozilla
+ operation: Update
+ apiVersion: networking.k8s.io/v1
+ time: '2024-11-21T17:05:43Z'
+ fieldsType: FieldsV1
+ fieldsV1:
+ 'f:spec':
+ 'f:rules': {}
+ - manager: route-controller-manager
+ operation: Update
+ apiVersion: networking.k8s.io/v1
+ time: '2024-11-21T17:05:43Z'
+ fieldsType: FieldsV1
+ fieldsV1:
+ 'f:status':
+ 'f:loadBalancer':
+ 'f:ingress': {}
+ subresource: status
+spec:
+ rules:
+ - host: dbrepodev.arisnet.ac.at
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: ui
+ port:
+ number: 80
+status:
+ loadBalancer:
+ ingress:
+ - hostname: router-default.arisnet.ac.at
diff --git a/helm/dbrepo/ingr2.txt b/helm/dbrepo/ingr2.txt
new file mode 100644
index 0000000000000000000000000000000000000000..8505360ebdb248b7d69351ba32d38bbf143f7c20
--- /dev/null
+++ b/helm/dbrepo/ingr2.txt
@@ -0,0 +1,61 @@
+kind: Ingress
+apiVersion: networking.k8s.io/v1
+metadata:
+ annotations:
+ haproxy.router.openshift.io/use-regex: 'true'
+ meta.helm.sh/release-name: dbrepo
+ meta.helm.sh/release-namespace: aris-dbrepo-dev
+ resourceVersion: '691661694'
+ name: dbrepo-ingress-basic
+ uid: 75363900-77e6-4d83-b067-b5183f25fee1
+ creationTimestamp: '2024-10-02T15:41:53Z'
+ generation: 5
+ managedFields:
+ - manager: helm
+ operation: Update
+ apiVersion: networking.k8s.io/v1
+ time: '2024-11-21T16:58:38Z'
+ fieldsType: FieldsV1
+ fieldsV1:
+ 'f:metadata':
+ 'f:annotations':
+ .: {}
+ 'f:haproxy.router.openshift.io/use-regex': {}
+ 'f:meta.helm.sh/release-name': {}
+ 'f:meta.helm.sh/release-namespace': {}
+ 'f:labels':
+ .: {}
+ 'f:app.kubernetes.io/managed-by': {}
+ 'f:spec':
+ 'f:ingressClassName': {}
+ 'f:tls': {}
+ - manager: Mozilla
+ operation: Update
+ apiVersion: networking.k8s.io/v1
+ time: '2024-11-21T17:04:09Z'
+ fieldsType: FieldsV1
+ fieldsV1:
+ 'f:spec':
+ 'f:rules': {}
+ namespace: aris-dbrepo-dev
+ labels:
+ app.kubernetes.io/managed-by: Helm
+spec:
+ ingressClassName: openshift-default
+ tls:
+ - hosts:
+ - dbrepo.arisnet.ac.at
+ secretName: dbrepo-ingress-tls-cert
+ rules:
+ - host: dbrepo.arisnet.ac.at
+ http:
+ paths:
+ - path: /
+ pathType: Prefix
+ backend:
+ service:
+ name: ui
+ port:
+ number: 80
+status:
+ loadBalancer: {}
diff --git a/helm/dbrepo/templates/routes.yaml b/helm/dbrepo/templates/routes.yaml.bak
similarity index 100%
rename from helm/dbrepo/templates/routes.yaml
rename to helm/dbrepo/templates/routes.yaml.bak
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 0122d3b2962ff1629d7934509fb1aef7c6b3ae24..19501583ccacf2bfd1f5c5d3c3b3ad1bbc67ed1e 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -372,7 +372,7 @@ searchdb:
uploadservice:
## @param uploadservice.enabled Enable the Upload Service.
- enabled: true
+ enabled: false
## @skip uploadservice.fullnameOverride
fullnameOverride: upload-service
## @skip uploadservice.image
@@ -786,6 +786,12 @@ identityservice:
## @param identityservice.enabled Enable the Identity Service.
enabled: true
## @skip identityservice.fullnameOverride
+ podAnnotations:
+ metadata.annotations.openshift.ioo/scc: nonroot
+ serviceAccount:
+ ## @param serviceAccount.create Enable creation of ServiceAccount for Apache pod
+ ##
+ create: false
fullnameOverride: identity-service
podSecurityContext:
runAsNonRoot: true
@@ -819,8 +825,10 @@ identityservice:
userPasswords: admin
## @param identityservice.group The group that contains the administrators for the broker service.
group: system
- ## @skip identityservice.ltb-passwd
-
+ logLevel: trace
+ env:
+ # set this to "true" to enable bootstrap debugging
+ BITNAMI_DEBUG: "true"
## @skip identityservice.phpldapadmin
phpldapadmin:
enabled: false
@@ -842,6 +850,14 @@ identityservice:
persistence:
## @param identityservice.persistence.enabled If set to true, a PVC will be created.
enabled: true
+ storageClassName: "rbd-storagepool-cluster"
+ extraVolumes:
+ - name: cache-volume
+ emptyDir: {}
+ # @skip ui.extraVolumeMounts
+ extraVolumeMounts:
+ - name: cache-volume
+ mountPath: /opt/bitnami/openldap/share/
replication:
## @param identityservice.replication.enabled If set to true, the pods required a cluster. Needs `replicaCount` to be `3` or higher (of 2n+1).
enabled: false
@@ -855,7 +871,7 @@ ui:
enabled: true
image:
## @skip ui.image.name
- name: registry.datalab.tuwien.ac.at/dbrepo/ui:1.4.5
+ name: registry.datalab.tuwien.ac.at/dbrepo/ui:1.5.1 #todo updated because of memory leak in prometheus
## @skip ui.image.pullPolicy
pullPolicy: Always
## @param ui.image.debug Set the logging level to `trace`. Otherwise, set to `info`.
@@ -965,27 +981,22 @@ ingress:
enabled: true
className: "openshift-default"
tls:
- enabled: true
+ enabled: false
secretName: dbrepo-ingress-tls-cert
annotations:
basic:
- # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
- nginx.ingress.kubernetes.io/use-regex: "true"
+ haproxy.router.openshift.io/use-regex: "true"
rewriteApi:
- # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
- nginx.ingress.kubernetes.io/use-regex: "true"
- nginx.ingress.kubernetes.io/rewrite-target: /api/$1
+ haproxy.router.openshift.io/use-regex: "true"
+ haproxy.router.openshift.io/rewrite-target: /api/$1
rewriteRoot:
- # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
- nginx.ingress.kubernetes.io/use-regex: "true"
- nginx.ingress.kubernetes.io/rewrite-target: /$1
+ haproxy.router.openshift.io/use-regex: "true"
+ haproxy.router.openshift.io/rewrite-target: /$1
rewriteRootSecure:
- # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
- nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
- nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
- nginx.ingress.kubernetes.io/use-regex: "true"
- nginx.ingress.kubernetes.io/rewrite-target: /$1
+ haproxy.router.openshift.io/ssl-redirect: "true" # Use this for force SSL redirect
+ haproxy.router.openshift.io/backend-protocol: "HTTPS"
+ haproxy.router.openshift.io/use-regex: "true"
+ haproxy.router.openshift.io/rewrite-target: /$1
rewritePid:
- # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
- nginx.ingress.kubernetes.io/use-regex: "true"
- nginx.ingress.kubernetes.io/rewrite-target: /api/identifier/$1
+ haproxy.router.openshift.io/use-regex: "true"
+ haproxy.router.openshift.io/rewrite-target: /api/identifier/$1
diff --git a/helm/delete_all_routes.sh b/helm/delete_all_routes.sh
new file mode 100644
index 0000000000000000000000000000000000000000..9966fdb2cde9de3ab4e834cc95c39627959856ad
--- /dev/null
+++ b/helm/delete_all_routes.sh
@@ -0,0 +1 @@
+oc get routes.route.openshift.io -oname | xargs oc delete
diff --git a/helm/fix_identity.sh b/helm/fix_identity.sh
index 1d4cf69841b4ec382354ba0558cbe13b9334b332..c644e566c4c3a914232e84b2d50cdeeb482bd64b 100644
--- a/helm/fix_identity.sh
+++ b/helm/fix_identity.sh
@@ -64,6 +64,11 @@ oc patch statefulset $STATEFULSET_NAME -n $NAMESPACE --type='json' -p='[
{
"op": "remove",
"path": "/spec/template/spec/containers/0/securityContext/runAsUser"
+ },
+ {
+ "op": "add",
+ "path": "/spec/template/spec/containers/0/securityContext/capabilities/add/-",
+ "value": "NET_BIND_SERVICE"
}
]'