diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml index 51d9407d3c40d9c84b0d95ffcbe222f62eaeab64..587a7b3b09c2a5421fd961fad34ff59cb185be82 100644 --- a/helm/dbrepo/Chart.yaml +++ b/helm/dbrepo/Chart.yaml @@ -28,17 +28,12 @@ dependencies: alias: datadb version: 11.0.1 repository: https://charts.bitnami.com/bitnami - condition: datasb.enabled + condition: datadb.enabled - name: mariadb-galera alias: metadatadb version: 11.0.1 repository: https://charts.bitnami.com/bitnami condition: metadatadb.enabled - - name: postgresql-ha - alias: authdb - version: 12.1.7 - repository: https://charts.bitnami.com/bitnami - condition: authdb.enabled - name: rabbitmq alias: brokerservice version: 14.0.0 diff --git a/helm/dbrepo/Makefile b/helm/dbrepo/Makefile index 51831e8e04c8fea16f8eaa2eabac6759e04fa641..07c03a280630491a4ddf6369341b0bee73c78f08 100644 --- a/helm/dbrepo/Makefile +++ b/helm/dbrepo/Makefile @@ -3,4 +3,5 @@ all: .PHONY: build build: ## Generate Helm values schema JSON - helm schema -input ./values.yaml \ No newline at end of file + helm schema -input ./values.yaml + readme-generator-for-helm --readme README.md --values values.yaml \ No newline at end of file diff --git a/helm/dbrepo/README.md b/helm/dbrepo/README.md index 0367c5329759f46b2171d533141a38484bc3a2f2..09372a950198ab2c6d658e30308303d41889fe16 100644 --- a/helm/dbrepo/README.md +++ b/helm/dbrepo/README.md @@ -10,23 +10,24 @@ sample [`values.yaml`](https://gitlab.phaidra.org/fair-data-austria-db-repositor for your deployment and update the variables, especially `hostname`. ```bash -helm install my-release "oci://s210.dl.hpc.tuwien.ac.at/dbrepo/helm" --values ./values.yaml --version "__CHARTVERSION__" +helm install my-release "oci://s210.dl.hpc.tuwien.ac.at/dbrepo/helm" --values ./values.yaml --version "1.4.3" ``` ## Prerequisites * Kubernetes 1.24+ -* Kubernetes 3.8.0+ * Optional PV provisioner support in the underlying infrastructure (for persistence). -* Optional ingress support in the underlying infrastructure: e.g. [NGINX](https://docs.nginx.com/nginx-ingress-controller/) (for the UI). -* Optional certificate provisioner support in the underlying infrastructure: e.g. [cert-manager](https://cert-manager.io/) (for production use). +* Optional ingress support in the underlying infrastructure: + e.g. [NGINX](https://docs.nginx.com/nginx-ingress-controller/) (for the UI). +* Optional certificate provisioner support in the underlying infrastructure: + e.g. [cert-manager](https://cert-manager.io/) (for production use). ## Installing the Chart To install the chart with the release name `my-release`: ```bash -helm install my-release "oci://s210.dl.hpc.tuwien.ac.at/dbrepo/helm" --values ./values.yaml --version "__CHARTVERSION__" +helm install my-release "oci://s210.dl.hpc.tuwien.ac.at/dbrepo/helm" --values ./values.yaml --version "1.4.3" ``` The command deploys DBRepo on the Kubernetes cluster in the default configuration. The Parameters section lists the @@ -46,216 +47,178 @@ The command removes all the Kubernetes components associated with the chart and ### Common parameters -| Name | Description | Value | -|-----------------|---------------------------------------|-----------------| -| `namespace` | Namespace which DBRepo is running in. | `""` | -| `hostname` | The hostname for ingress rules. | `""` | -| `strategyType` | Deployments update strategy. | `RollingUpdate` | -| `clusterDomain` | Internal cluster domain. | `cluster.local` | +| Name | Description | Value | +| --------------- | ---------------------------------- | --------------------- | +| `namespace` | The namespace to install the chart | `dbrepo` | +| `hostname` | The hostname. | `example.com` | +| `gateway` | The gateway endpoint. | `https://example.com` | +| `strategyType` | The image pull | `RollingUpdate` | +| `clusterDomain` | The cluster domain. | `cluster.local` | -### Metadata Database - -The Metadata Database uses the [Bitnami MariaDB Galera](https://artifacthub.io/packages/helm/bitnami/mariadb-galera) -Helm chart. See their documentation for the remaining overridden values. - -| Name | Description | Value | -|----------------------------|-------------------------------------------|---------------| -| `metadataDb.host` | Hostname. | `metadata-db` | -| `metadataDb.jdbcExtraArgs` | Extra arguments for the JDBC connections. | `""` | - -### Authentication Service +### Internal Admin User -The Auth Service uses the [Bitnami Keycloak](https://artifacthub.io/packages/helm/bitnami/keycloak) Helm chart. See -their documentation for the remaining overridden values. +| Name | Description | Value | +| ---------------- | ---------------------------- | ------- | +| `admin.username` | The internal admin username. | `admin` | +| `admin.password` | The internal admin password. | `admin` | -| Name | Description | Value | -|-----------------------------|-----------------------------------------------------------------|------------------------------------| -| `authService.client.id` | Client id. This value is publicly known. | `dbrepo-client` | -| `authService.client.secret` | Client secret. This value should never be known outside DBRepo. | `MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG` | - -### Auth Database - -The Auth Database uses the [Bitnami PostgreSQL HA](https://artifacthub.io/packages/helm/bitnami/postgresql-ha) Helm -chart. See their documentation for the remaining overridden values. +### Metadata Database -| Name | Description | Value | -|---------------|--------------------------------------|------------------| -| `authDb.host` | Hostname. Needed for other services. | `auth-db-pgpool` | -| `authDb.port` | Port. Needed for other services. | `5432` | +| Name | Description | Value | +| -------------------------------- | -------------------------------------------------------------- | ------------- | +| `metadatadb.enabled` | Enable the Metadata Database. | `true` | +| `metadatadb.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `false` | +| `metadatadb.host` | The hostname for the microservices. | `metadata-db` | +| `metadatadb.rootUser.user` | The root username. | `root` | +| `metadatadb.rootUser.password` | The root user password. | `dbrepo` | +| `metadatadb.jdbcExtraArgs` | The extra arguments for JDBC connections in the microservices. | `""` | +| `metadatadb.db.name` | The database name. | `fda` | +| `metadatadb.persistence.enabled` | Enable persistent storage. Requires PV-provisioner. | `false` | +| `metadatadb.replicaCount` | The number of replicas, should be uneven (2n+1). | `3` | + +### Auth Service + +| Name | Description | Value | +| -------------------------------- | ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `authservice.enabled` | Enable the Auth Service. | `true` | +| `authservice.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `false` | +| `authservice.endpoint` | The hostname for the microservices. | `http://auth-service` | +| `authservice.auth.adminUser` | The admin username. | `fda` | +| `authservice.auth.adminPassword` | The admin user password. | `fda` | +| `authservice.jwt.pubkey` | The JWT public key from the `dbrepo-client`. | `MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB` | +| `authservice.tls.enabled` | Enable TLS/SSL communication. Required for HTTPS. | `true` | +| `authservice.tls.existingSecret` | The secret containing the `tls.crt`, `tls.key` and `ca.crt`. | `ingress-cert` | +| `authservice.tls.usePem` | Use PEM certificates as input instead of PKS12/JKS stores. | `true` | +| `authservice.metrics.enabled` | Enable the Prometheus metrics export sidecar container. | `false` | +| `authservice.client.id` | The client id for the microservices. | `dbrepo-client` | +| `authservice.client.secret` | The client secret for the microservices. | `MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG` | ### Data Database -The Data Database uses the [Bitnami MariaDB Galera](https://artifacthub.io/packages/helm/bitnami/mariadb-galera) -Helm chart. See their documentation for the remaining overridden values. It is important to note that the Data Database -uses a sidecar to import/export files from the Storage Service. +| Name | Description | Value | +| -------------------------- | ----------------------------------------------------------- | -------- | +| `datadb.enabled` | Enable the Data Database. | `true` | +| `datadb.image.debug` | Set the logging level to `trace`. Otherwise, set to `info`. | `false` | +| `datadb.rootUser.user` | The root username. | `root` | +| `datadb.rootUser.password` | The root user password. | `dbrepo` | +| `datadb.replicaCount` | The number of replicas, should be uneven (2n+1). | `3` | ### Search Database -The Search Database uses -the [OpenSearch](https://artifacthub.io/packages/helm/opensearch-project-helm-charts/opensearch) Helm -chart. See their documentation for the remaining overridden values. - -| Name | Description | Value | -|---------------------|--------------------------------------|-------------| -| `searchdb.host` | Hostname. Needed for other services. | `search-db` | -| `searchdb.port` | Port. Needed for other services. | `9200` | -| `searchdb.username` | Username. Needed for other services. | `admin` | -| `searchdb.password` | Password. Needed for other services. | `admin` | - -### Search Database Dashboard - -The Search Database Dashboard uses -the [OpenSearch](https://artifacthub.io/packages/helm/opensearch-project-helm-charts/opensearch-dashboards) Helm -chart. See their documentation for the remaining overridden values. +| Name | Description | Value | +| ------------------------------ | --------------------------------------------------- | ----------- | +| `searchdb.enabled` | Enable the Search Database. | `true` | +| `searchdb.host` | The hostname for the microservices. | `search-db` | +| `searchdb.port` | The port for the microservices. | `9200` | +| `searchdb.username` | The admin username. | `admin` | +| `searchdb.password` | The admin user password. | `admin` | +| `searchdb.replicas` | The number of replicas. | `3` | +| `searchdb.persistence.enabled` | Enable persistent storage. Requires PV-provisioner. | `true` | ### Upload Service -| Name | Description | Value | -|----------------------------------|----------------------------------------|-------------------| -| `uploadService.enabled` | Enables/disabled the deployment. | `true` | -| `uploadService.image.registry` | Registry to pull the image | `docker.io` | -| `uploadService.image.repository` | Repository to pull the image | `tusproject/tusd` | -| `uploadService.image.tag` | Tag of the image. | `v1.12` | -| `uploadService.replicaCount` | Number of replicas for the deployment. | `2` | +| Name | Description | Value | +| ---------------------------- | -------------------------- | ------ | +| `uploadservice.enabled` | Enable the Upload Service. | `true` | +| `uploadservice.replicaCount` | The number of replicas. | `2` | ### Broker Service -The Broker Service uses the [Bitnami RabbitMQ](https://artifacthub.io/packages/helm/bitnami/rabbitmq) -Helm chart. See their documentation for the remaining overridden values. - -| Name | Description | Value | -|-----------------------------------|-------------------------------------------------------------------------|-------------------------------| -| `brokerService.url` | Admin API endpoint. Needed for other services. | `http://broker-service:15672` | -| `brokerService.host` | Service hostname. Needed for other services. | `broker-service` | -| `brokerService.port` | Service port. Needed for other services. | `5672` | -| `brokerService.virtualHost` | Virtual host on RabbitMQ. Needed for other services. | `dbrepo` | -| `brokerService.queueName` | Queue name on RabbitMQ. Needed for other services. | `dbrepo` | -| `brokerService.exchangeName` | Exchange name on RabbitMQ. Needed for other services. | `dbrepo` | -| `brokerService.routingKey` | Route binding for queue to exchange defined. Needed for other services. | `dbrepo.#` | -| `brokerService.connectionTimeout` | Connection timeout. Needed for other services. | `60000` | +| Name | Description | Value | +| ----------------------------------- | ------------------------------------------------------------------------------- | ----------------------------- | +| `brokerservice.enabled` | Enable the Broker Service. | `true` | +| `brokerservice.endpoint` | The management api endpoint for the microservices. | `http://broker-service:15672` | +| `brokerservice.host` | The hostname for the microservices. | `broker-service` | +| `brokerservice.port` | The port for the microservices. | `5672` | +| `brokerservice.virtualHost` | The default virtual host name. | `dbrepo` | +| `brokerservice.queueName` | The default queue name. | `dbrepo` | +| `brokerservice.exchangeName` | The default exchange name. | `dbrepo` | +| `brokerservice.routingKey` | The default routing key binding from the default queue to the default exchange. | `dbrepo.#` | +| `brokerservice.connectionTimeout` | The connection timeout in ms. | `60000` | +| `brokerservice.persistence.enabled` | Enable persistent storage. Requires PV-provisioner. | `false` | +| `brokerservice.replicaCount` | The number of replicas. | `2` | ### Analyse Service -| Name | Description | Value | -|-----------------------------------|----------------------------------------|----------------------------| -| `analyseService.enabled` | Enables/disabled the deployment. | `true` | -| `analyseService.image.registry` | Registry to pull the image | `s210.dl.hpc.tuwien.ac.at` | -| `analyseService.image.repository` | Repository to pull the image | `dbrepo/analyse-service` | -| `analyseService.image.tag` | Tag of the image. | `1.4.1` | -| `analyseService.image.pullPolicy` | Image pull policy on deployments | `Always` | -| `analyseService.image.debug` | Enables/disabled the debug logging. | `false` | -| `analyseService.replicaCount` | Number of replicas for the deployment. | `2` | +| Name | Description | Value | +| ----------------------------- | ----------------------------------------------------- | ------------------------------- | +| `analyseservice.enabled` | Enable the Broker Service. | `true` | +| `analyseservice.s3.endpoint` | The S3-capable endpoint the microservice connects to. | `http://storageservice-s3:9000` | +| `analyseservice.replicaCount` | The number of replicas. | `2` | ### Metadata Service -| Name | Description | Value | -|--------------------------------------------|----------------------------------------------------------------------------------|----------------------------| -| `metadataService.enabled` | Enables/disabled the deployment. | `true` | -| `metadataService.image.registry` | Registry to pull the image | `s210.dl.hpc.tuwien.ac.at` | -| `metadataService.image.repository` | Repository to pull the image | `dbrepo/metadata-service` | -| `metadataService.image.tag` | Tag of the image. | `1.4.1` | -| `metadataService.image.pullPolicy` | Image pull policy on deployments | `Always` | -| `metadataService.image.debug` | Enables/disabled the debug logging. | `false` | -| `metadataService.adminEmail` | E-Mail address of the administrator displayed for OAI-PMH. | `noreply@example.com` | -| `metadataService.authService.url` | Url to the Auth Service. | `http://auth-service` | -| `metadataService.website` | Url to redirect PIDs to. | `http://example.com` | -| `metadataService.repositoryName` | Repository name for OAI-PMH. | `Database Repository` | -| `metadataService.datacite.enabled` | Enable/disable DataCite Fabrica DOI minting. | `false` | -| `metadataService.datacite.url` | DataCite Fabrica API endpoint. | `https://api.datacite.org` | -| `metadataService.datacite.prefix` | DataCite Fabrica DOI prefix. | `""` | -| `metadataService.datacite.username` | DataCite Fabrica API username. | `""` | -| `metadataService.datacite.password` | DataCite Fabrica API password. | `""` | -| `metadataService.rates.deleteStaleFiles` | Interval rate to delete stale files in the Storage Service. | `60` | -| `metadataService.rates.mirror` | Interval rate to mirror to the Search Database. | `60` | -| `metadataService.rates.obtainMetadata` | Interval rate to obtain metadata from the Data Database. | `60` | -| `metadataService.rates.deleteStaleQueries` | Interval rate to delete stale queries from the Query Store in the Data Database. | `60` | -| `metadataService.replicaCount` | Number of replicas for the deployment. | `2` | +| Name | Description | Value | +| ------------------------------------------ | --------------------------------------------------------------------- | ------------------------------- | +| `metadataservice.enabled` | Enable the Metadata Service. | `true` | +| `metadataservice.admin.email` | The OAI-PMH exposed admin e-mail. | `noreply@example.com` | +| `metadataservice.deletedRecord` | The OAI-PMH exposed delete policy. | `permanent` | +| `metadataservice.repositoryName` | The OAI-PMH exposed repository name. | `Database Repository` | +| `metadataservice.granularity` | The OAI-PMH exposed record granularity. | `YYYY-MM-DDThh:mm:ssZ` | +| `metadataservice.datacite.enabled` | Enable the DataCite account for minting DOIs. | `false` | +| `metadataservice.datacite.url` | The DataCite api endpoint url. | `https://api.datacite.org` | +| `metadataservice.datacite.prefix` | The DataCite prefix. | `""` | +| `metadataservice.datacite.username` | The DataCite api username. | `""` | +| `metadataservice.datacite.password` | The DataCite api user password. | `""` | +| `metadataservice.sparql.connectionTimeout` | The connection timeout for sparql queries fetching remote data in ms. | `10000` | +| `metadataservice.s3.endpoint` | The S3-capable endpoint the microservice connects to. | `http://storageservice-s3:9000` | +| `metadataservice.s3.auth.username` | The S3-capable endpoint username (or access key id). | `seaweedfsadmin` | +| `metadataservice.s3.auth.password` | The S3-capable endpoint user password (or access key secret). | `seaweedfsadmin` | +| `metadataservice.replicaCount` | The number of replicas. | `1` | ### Data Service -| Name | Description | Value | -|-------------------------------------|--------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| `dataService.enabled` | Enables/disabled the deployment. | `true` | -| `dataService.image.registry` | Registry to pull the image | `s210.dl.hpc.tuwien.ac.at` | -| `dataService.image.repository` | Repository to pull the image | `dbrepo/data-service` | -| `dataService.image.tag` | Tag of the image. | `1.4.1` | -| `dataService.image.pullPolicy` | Image pull policy on deployments | `Always` | -| `dataService.image.debug` | Enables/disabled the debug logging. | `false` | -| `dataService.jwt.pubkey` | The JWT pubkey to verify JWT signature. | `MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB` | -| `dataService.consumerConcurrentMin` | The number of concurrent consumers (minimum). | `1` | -| `dataService.consumerConcurrentMax` | The number of concurrent consumers (maximum). | `5` | -| `dataService.requeueRejected` | Requeue rejected tuples into the Broker Service. | `false` | -| `dataService.replicaCount` | Number of replicas for the deployment. | `2` | +| Name | Description | Value | +| ----------------------------------- | -------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------- | +| `dataservice.enabled` | Enable the Metadata Service. | `true` | +| `dataservice.endpoint` | The endpoint for the microservices. | `http://data-service` | +| `dataservice.grant.read` | The default database permissions for users with read access. | `SELECT` | +| `dataservice.grant.write` | The default database permissions for users with write access. | `SELECT, CREATE, CREATE VIEW, CREATE ROUTINE, CREATE TEMPORARY TABLES, LOCK TABLES, INDEX, TRIGGER, INSERT, UPDATE, DELETE` | +| `dataservice.s3.endpoint` | The S3-capable endpoint the microservice connects to. | `http://storageservice-s3:9000` | +| `dataservice.s3.auth.username` | The S3-capable endpoint username (or access key id). | `seaweedfsadmin` | +| `dataservice.s3.auth.password` | The S3-capable endpoint user password (or access key secret). | `seaweedfsadmin` | +| `dataservice.consumerConcurrentMin` | The minimum broker service consumer number. | `1` | +| `dataservice.consumerConcurrentMax` | The maximum broker service consumer number. | `5` | +| `dataservice.requeueRejected` | Enable re-queueing of rejected messages to the broker service. | `false` | +| `dataservice.replicaCount` | The number of replicas. | `2` | ### Search Service -| Name | Description | Value | -|----------------------------------|----------------------------------------|----------------------------| -| `searchService.enabled` | Enables/disabled the deployment. | `true` | -| `searchService.image.registry` | Registry to pull the image | `s210.dl.hpc.tuwien.ac.at` | -| `searchService.image.repository` | Repository to pull the image | `dbrepo/search-service` | -| `searchService.image.tag` | Tag of the image. | `1.4.1` | -| `searchService.image.pullPolicy` | Image pull policy on deployments | `Always` | -| `searchService.image.debug` | Enables/disabled the debug logging. | `false` | -| `searchService.replicaCount` | Number of replicas for the deployment. | `2` | +| Name | Description | Value | +| ---------------------------- | ----------------------------------- | ----------------------- | +| `searchservice.enabled` | Enable the Search Service. | `true` | +| `searchservice.endpoint` | The endpoint for the microservices. | `http://search-service` | +| `searchservice.replicaCount` | The number of replicas. | `2` | ### Storage Service -The Storage Service uses the [SeaweedFS](https://artifacthub.io/packages/helm/seaweedfs/seaweedfs) -Helm chart. See their documentation for the remaining overridden values. - -| Name | Description | Value | -|--------------------------------|---------------------------------------------|------------------| -| `storageservice.auth.username` | Username for S3. Needed for other services. | `seaweedfsadmin` | -| `storageservice.auth.password` | Password for S3. Needed for other services. | `seaweedfsadmin` | +| Name | Description | Value | +| ------------------------ | --------------------------- | ------ | +| `storageservice.enabled` | Enable the Storage Service. | `true` | ### User Interface -To replace e.g. the default logo with your organization's logo `my_logo.png`, encode it to -base64 `cat my_logo.png | base64` and create a [ConfigMap](https://kubernetes.io/docs/concepts/configuration/configmap/) -under a handy name `my-config`. - -```yaml -# my-config.yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: my-config -binaryData: - my_logo.png: | - <output from `cat my_logo.png | base64`> -``` - -Then mount it into the container: - -```yaml -# values.yaml -ui: - extraVolumes: - - name: config-map - configMap: - name: my-config - extraVolumeMounts: - - name: config-map - mountPath: /app/my_logo.png - subPath: my_logo.png - readOnly: true - ... -``` - -| Name | Description | Value | -|------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------------------------| -| `ui.enabled` | Enables/disabled the deployment. | `enabled` | -| `ui.image.registry` | Registry to pull the image | `s210.dl.hpc.tuwien.ac.at` | -| `ui.image.repository` | Repository to pull the image | `dbrepo/ui` | -| `ui.image.tag` | Tag of the image. | `1.4.1` | -| `ui.image.pullPolicy` | Image pull policy on deployments | `Always` | -| `ui.replicaCount` | Number of replicas for the deployment. | `2` | -| `ui.config` | JSON file containting the configuration of the UI. See [`dbrepo.config.json`](https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/blob/release-v1.4/dbrepo-ui/dbrepo.config.json) | `2` | -| `ui.extraVolumes` | List of extra volumes. | `[]` | -| `ui.extraVolumeMounts` | List of extra volume mounts. | `[]` | - -## Ingress - -The deployment depends on ingress, by default ingress is configured -for [NGINX Ingress Controller](https://github.com/kubernetes/ingress-nginx) with annotations. \ No newline at end of file +| Name | Description | Value | +| --------------------------------- | ---------------------------------------------------------------------------- | ----------------------- | +| `ui.enabled` | Enable the User Interface. | `true` | +| `ui.public.api.client` | The endpoint for the client api. | `""` | +| `ui.public.api.server` | The endpoint for the server api. | `""` | +| `ui.public.title` | The user interface title. | `Database Repository` | +| `ui.public.logo` | The user interface logo. | `/logo.svg` | +| `ui.public.icon` | The user interface icon. | `/favicon.ico` | +| `ui.public.touch` | The user interface apple touch icon. | `/apple-touch-icon.png` | +| `ui.public.broker.host` | The displayed broker hostname. | `example.com` | +| `ui.public.broker.port.5671` | Enable display of the broker 5671 port and mark it as secure (SSL/TLS). | `true` | +| `ui.public.broker.port.5672` | Enable display of the broker 5672 port and mark it as insecure (no SSL/TLS). | `false` | +| `ui.public.broker.extra` | Extra metadata displayed. | `""` | +| `ui.public.database.extra` | Extra metadata displayed. | `128.130.0.0/15` | +| `ui.public.pid.default.publisher` | The default dataset publisher for persisted identifiers. | `Example University` | +| `ui.public.doi.enabled` | Enable the display that DOIs are minted. | `false` | +| `ui.public.doi.endpoint` | The DOI proxy. | `https://doi.org` | +| `ui.replicaCount` | The number of replicas. | `2` | + +### Ingress + +| Name | Description | Value | +| ----------------- | ------------------- | ------- | +| `ingress.enabled` | Enable the ingress. | `false` | diff --git a/helm/dbrepo/charts/postgresql-ha-12.1.7.tgz b/helm/dbrepo/charts/postgresql-ha-12.1.7.tgz deleted file mode 100644 index a534ebb28b1138ee626c4f8fab2a483cf9ae5504..0000000000000000000000000000000000000000 Binary files a/helm/dbrepo/charts/postgresql-ha-12.1.7.tgz and /dev/null differ diff --git a/helm/dbrepo/templates/analyse-deployment.yaml b/helm/dbrepo/templates/analyse-deployment.yaml index a1ba492ca1608cd9ed2d9389049cf06ba48510de..0cdb067ef7218710509f5febdb900b611e6d9f45 100644 --- a/helm/dbrepo/templates/analyse-deployment.yaml +++ b/helm/dbrepo/templates/analyse-deployment.yaml @@ -1,4 +1,4 @@ -{{- if .Values.analyseService.enabled }} +{{- if .Values.analyseservice.enabled }} --- apiVersion: apps/v1 kind: Deployment @@ -9,7 +9,7 @@ metadata: app: analyse-service service: analyse-service spec: - replicas: {{ .Values.analyseService.replicaCount }} + replicas: {{ .Values.analyseservice.replicaCount }} strategy: type: {{ .Values.strategyType }} selector: @@ -29,15 +29,15 @@ spec: runAsGroup: 1001 containers: - name: analyse-service - image: {{ .Values.analyseService.image.name }} - imagePullPolicy: {{ .Values.analyseService.image.pullPolicy | default "IfNotPresent" }} + image: {{ .Values.analyseservice.image.name }} + imagePullPolicy: {{ .Values.analyseservice.image.pullPolicy | default "IfNotPresent" }} securityContext: allowPrivilegeEscalation: false runAsNonRoot: true runAsUser: 1001 runAsGroup: 1001 seccompProfile: - type: {{ .Values.analyseService.profileType | default "RuntimeDefault" }} + type: {{ .Values.analyseservice.profileType | default "RuntimeDefault" }} capabilities: drop: - ALL diff --git a/helm/dbrepo/templates/analyse-secret.yaml b/helm/dbrepo/templates/analyse-secret.yaml index a0639738ee12169d18e270edbe8af04dd5db6213..e995182e17823ad788472aa32e586fdaa21ef074 100644 --- a/helm/dbrepo/templates/analyse-secret.yaml +++ b/helm/dbrepo/templates/analyse-secret.yaml @@ -1,4 +1,4 @@ -{{- if .Values.analyseService.enabled }} +{{- if .Values.analyseservice.enabled }} --- apiVersion: v1 kind: Secret @@ -15,9 +15,9 @@ stringData: AUTH_SERVICE_HOST: "{{ .Values.authservice.endpoint }}" GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}" JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}" - LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.analyseService.image.debug }}" + LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.analyseservice.image.debug }}" S3_ACCESS_KEY_ID: "{{ .Values.storageservice.s3.auth.username }}" - S3_ENDPOINT: "{{ .Values.analyseService.s3.endpoint }}" + S3_ENDPOINT: "{{ .Values.analyseservice.s3.endpoint }}" S3_EXPORT_BUCKET: "{{ .Values.storageservice.s3.bucket.export }}" S3_IMPORT_BUCKET: "{{ .Values.storageservice.s3.bucket.import }}" S3_SECRET_ACCESS_KEY: "{{ .Values.storageservice.s3.auth.password }}" diff --git a/helm/dbrepo/templates/analyse-service.yaml b/helm/dbrepo/templates/analyse-service.yaml index e8a48b33f5882a9db5ac10f0c6f51e4f11a3196a..98720e3e4656c8fd80f1fff35b27a02846371cd1 100644 --- a/helm/dbrepo/templates/analyse-service.yaml +++ b/helm/dbrepo/templates/analyse-service.yaml @@ -1,4 +1,4 @@ -{{- if .Values.analyseService.enabled }} +{{- if .Values.analyseservice.enabled }} --- apiVersion: v1 kind: Service diff --git a/helm/dbrepo/templates/data-db-secret.yaml b/helm/dbrepo/templates/data-db-secret.yaml index 43c85b86655b78bec8142e7db45219c0fa6219ae..7b42140e581c604847929e3f9e32ad116fd27b51 100644 --- a/helm/dbrepo/templates/data-db-secret.yaml +++ b/helm/dbrepo/templates/data-db-secret.yaml @@ -8,5 +8,5 @@ metadata: stringData: S3_ACCESS_KEY_ID: "{{ .Values.storageservice.s3.auth.username }}" S3_SECRET_ACCESS_KEY: "{{ .Values.storageservice.s3.auth.password }}" - S3_STORAGE_ENDPOINT: "{{ .Values.analyseService.s3.endpoint }}" + S3_STORAGE_ENDPOINT: "{{ .Values.analyseservice.s3.endpoint }}" {{- end }} diff --git a/helm/dbrepo/values.schema.json b/helm/dbrepo/values.schema.json index 964c6085587c4bf51a8525399e5007ae94930ebe..4d1825c403fac0b727c384831c1bfa50a54d191d 100644 --- a/helm/dbrepo/values.schema.json +++ b/helm/dbrepo/values.schema.json @@ -12,7 +12,7 @@ }, "type": "object" }, - "analyseService": { + "analyseservice": { "properties": { "enabled": { "type": "boolean" diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml index aea20d2a67e9b4c8809026cad14874dbe897f7d4..6817e949ff87e13e78340559514a3df35e64781e 100644 --- a/helm/dbrepo/values.yaml +++ b/helm/dbrepo/values.yaml @@ -1,15 +1,51 @@ +# Copyright the DBRepo developers +# SPDX-License-Identifier: APACHE-2.0 + +## @section Common parameters +## + +## @param namespace The namespace to install the chart +## namespace: dbrepo +## @param hostname The hostname. +## hostname: example.com +## @param gateway The gateway endpoint. +## gateway: https://example.com - +## @param strategyType The image pull +## strategyType: RollingUpdate - +## @param clusterDomain The cluster domain. +## clusterDomain: cluster.local +## @section Internal Admin User + +## @param admin.username The internal admin username. +## @param admin.password The internal admin password. +## admin: username: admin password: admin +## @section Metadata Database + +## @param metadatadb.enabled Enable the Metadata Database. +## @skip metadatadb.fullnameOverride +## @param metadatadb.image.debug Set the logging level to `trace`. Otherwise, set to `info`. +## @param metadatadb.host The hostname for the microservices. +## @param metadatadb.rootUser.user The root username. +## @param metadatadb.rootUser.password The root user password. +## @param metadatadb.jdbcExtraArgs The extra arguments for JDBC connections in the microservices. +## @param metadatadb.db.name The database name. +## @skip metadatadb.metrics.enabled The Prometheus settings. +## @skip metadatadb.galera The Galera settings. +## @skip metadatadb.initdbScriptsConfigMap The initial database scripts. +## @skip metadatadb.service The initial database scripts. +## @param metadatadb.persistence.enabled Enable persistent storage. Requires PV-provisioner. +## @param metadatadb.replicaCount The number of replicas, should be uneven (2n+1). +## metadatadb: enabled: true fullnameOverride: metadata-db @@ -35,9 +71,31 @@ metadatadb: loadBalancerIP: "" loadBalancerSourceRanges: [ ] persistence: - enabled: true - replicaCount: 1 # uneven 3,5,7 + enabled: false + replicaCount: 3 + +## @section Auth Service +## @param authservice.enabled Enable the Auth Service. +## @skip authservice.fullnameOverride +## @param authservice.image.debug Set the logging level to `trace`. Otherwise, set to `info`. +## @param authservice.endpoint The hostname for the microservices. +## @param authservice.auth.adminUser The admin username. +## @param authservice.auth.adminPassword The admin user password. +## @skip authservice.postgresql +## @skip authservice.extraStartupArgs +## @param authservice.jwt.pubkey The JWT public key from the `dbrepo-client`. +## @param authservice.tls.enabled Enable TLS/SSL communication. Required for HTTPS. +## @param authservice.tls.existingSecret The secret containing the `tls.crt`, `tls.key` and `ca.crt`. +## @param authservice.tls.usePem Use PEM certificates as input instead of PKS12/JKS stores. +## @param authservice.metrics.enabled Enable the Prometheus metrics export sidecar container. +## @param authservice.client.id The client id for the microservices. +## @param authservice.client.secret The client secret for the microservices. +## @skip authservice.extraEnvVarsCM +## @skip authservice.extraVolumes +## @skip authservice.extraVolumeMounts +## @skip authservice.replicaCount The number of replicas. +## authservice: enabled: true fullnameOverride: auth-service @@ -48,7 +106,9 @@ authservice: adminUser: fda adminPassword: fda postgresql: - enabled: false # not needed + enabled: true + auth: + postgresPassword: postgres extraStartupArgs: "--import-realm" jwt: pubkey: "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqnHQ2BWWW9vDNLRCcxD++xZg/16oqMo/c1l+lcFEjjAIJjJp/HqrPYU/U9GvquGE6PbVFtTzW1KcKawOW+FJNOA3CGo8Q1TFEfz43B8rZpKsFbJKvQGVv1Z4HaKPvLUm7iMm8Hv91cLduuoWx6Q3DPe2vg13GKKEZe7UFghF+0T9u8EKzA/XqQ0OiICmsmYPbwvf9N3bCKsB/Y10EYmZRb8IhCoV9mmO5TxgWgiuNeCTtNCv2ePYqL/U0WvyGFW0reasIK8eg3KrAUj8DpyOgPOVBn3lBGf+3KFSYi+0bwZbJZWqbC/Xlk20Go1YfeJPRIt7ImxD27R/lNjgDO/MwIDAQAB" @@ -57,14 +117,7 @@ authservice: existingSecret: ingress-cert usePem: true metrics: - enabled: true - externalDatabase: - existingSecret: auth-service-secret - existingSecretDatabaseKey: db-name - existingSecretHostKey: db-host - existingSecretPortKey: db-port - existingSecretUserKey: db-username - existingSecretPasswordKey: db-password + enabled: false client: id: dbrepo-client secret: MUwRc7yfXSJwX8AdRMWaQC3Nep1VjwgG @@ -78,32 +131,22 @@ authservice: mountPath: /opt/bitnami/keycloak/data/import replicaCount: 1 -authdb: - enabled: true - fullnameOverride: auth-db - host: auth-db-pgpool - port: 5432 - postgresql: - postgresPassword: postgres - username: metrics # implicit requirement for metrics container - password: metrics # implicit requirement for metrics container - repmgrPassword: repmgr # implicit requirement for rolling updates - database: keycloak - replicaCount: 1 - pgpool: - adminUsername: admin - adminPassword: admin - metrics: - enabled: true - service: - type: ClusterIP - annotations: { } - loadBalancerIP: "" - loadBalancerSourceRanges: [ ] - persistence: - enabled: true - size: 10Gi +## @section Data Database +## @param datadb.enabled Enable the Data Database. +## @skip datadb.fullnameOverride +## @param datadb.image.debug Set the logging level to `trace`. Otherwise, set to `info`. +## @skip datadb.extraFlags +## @param datadb.rootUser.user The root username. +## @param datadb.rootUser.password The root user password. +## @skip datadb.metrics.enabled The Prometheus settings. +## @skip datadb.galera The Galera settings. +## @skip datadb.service +## @skip datadb.sidecars +## @skip datadb.extraVolumeMounts +## @skip datadb.extraVolumes +## @param datadb.replicaCount The number of replicas, should be uneven (2n+1). +## datadb: enabled: true fullnameOverride: data-db @@ -169,11 +212,29 @@ datadb: mountPath: /tmp extraVolumes: - name: s3 - emptyDir: {} - s3: - enabled: true - replicaCount: 1 # uneven + emptyDir: { } + replicaCount: 3 + +## @section Search Database +## @param searchdb.enabled Enable the Search Database. +## @skip searchdb.fullnameOverride +## @param searchdb.host The hostname for the microservices. +## @param searchdb.port The port for the microservices. +## @skip searchdb.protocol +## @param searchdb.username The admin username. +## @param searchdb.password The admin user password. +## @skip searchdb.clusterName +## @skip searchdb.masterService +## @param searchdb.replicas The number of replicas. +## @skip searchdb.sysctlInit +## @param searchdb.persistence.enabled Enable persistent storage. Requires PV-provisioner. +## @skip searchdb.service +## @skip searchdb.extraEnvs +## @skip searchdb.extraVolumeMounts +## @skip searchdb.extraVolumes +## @skip searchdb.config +## searchdb: enabled: true fullnameOverride: search-db @@ -184,14 +245,11 @@ searchdb: password: admin clusterName: search-db masterService: search-db - replicas: 1 - image: - debug: false + replicas: 3 sysctlInit: enabled: true persistence: enabled: true - size: 10Gi service: type: ClusterIP annotations: { } @@ -252,6 +310,15 @@ searchdb: ".opendistro-asynchronous-search-response*", ] +## @section Upload Service + +## @param uploadservice.enabled Enable the Upload Service. +## @skip uploadservice.fullnameOverride +## @skip uploadservice.image +## @skip uploadservice.containerArgs +## @skip uploadservice.envFrom +## @param uploadservice.replicaCount The number of replicas. +## uploadservice: enabled: true fullnameOverride: upload-service @@ -265,8 +332,30 @@ uploadservice: envFrom: - secretRef: name: upload-service-secret - replicaCount: 1 + replicaCount: 2 + +## @section Broker Service +## @param brokerservice.enabled Enable the Broker Service. +## @skip brokerservice.fullnameOverride +## @skip brokerservice.image +## @param brokerservice.endpoint The management api endpoint for the microservices. +## @param brokerservice.host The hostname for the microservices. +## @param brokerservice.port The port for the microservices. +## @param brokerservice.virtualHost The default virtual host name. +## @param brokerservice.queueName The default queue name. +## @param brokerservice.exchangeName The default exchange name. +## @param brokerservice.routingKey The default routing key binding from the default queue to the default exchange. +## @param brokerservice.connectionTimeout The connection timeout in ms. +## @skip brokerservice.auth +## @skip brokerservice.extraConfiguration +## @skip brokerservice.loadDefinition +## @skip brokerservice.extraVolumes +## @skip brokerservice.extraPlugins +## @param brokerservice.persistence.enabled Enable persistent storage. Requires PV-provisioner. +## @skip brokerservice.service +## @param brokerservice.replicaCount The number of replicas. +## brokerservice: enabled: true fullnameOverride: broker-service @@ -321,14 +410,20 @@ brokerservice: extraPlugins: rabbitmq_prometheus rabbitmq_auth_backend_oauth2 rabbitmq_auth_mechanism_ssl persistence: enabled: false - size: 5Gi service: type: ClusterIP managerPortEnabled: true # loadBalancerIP: - replicaCount: 1 + replicaCount: 2 -analyseService: +## @section Analyse Service + +## @param analyseservice.enabled Enable the Broker Service. +## @skip analyseservice.image +## @param analyseservice.s3.endpoint The S3-capable endpoint the microservice connects to. +## @param analyseservice.replicaCount The number of replicas. +## +analyseservice: enabled: true image: name: s210.dl.hpc.tuwien.ac.at/dbrepo/analyse-service:1.4.3 @@ -336,8 +431,28 @@ analyseService: debug: false s3: endpoint: http://storageservice-s3:9000 - replicaCount: 1 + replicaCount: 2 + +## @section Metadata Service +## @param metadataservice.enabled Enable the Metadata Service. +## @skip metadataservice.image +## @param metadataservice.admin.email The OAI-PMH exposed admin e-mail. +## @param metadataservice.deletedRecord The OAI-PMH exposed delete policy. +## @param metadataservice.repositoryName The OAI-PMH exposed repository name. +## @param metadataservice.granularity The OAI-PMH exposed record granularity. +## @param metadataservice.datacite.enabled Enable the DataCite account for minting DOIs. +## @param metadataservice.datacite.url The DataCite api endpoint url. +## @param metadataservice.datacite.prefix The DataCite prefix. +## @param metadataservice.datacite.username The DataCite api username. +## @param metadataservice.datacite.password The DataCite api user password. +## @param metadataservice.sparql.connectionTimeout The connection timeout for sparql queries fetching remote data in ms. +## @param metadataservice.s3.endpoint The S3-capable endpoint the microservice connects to. +## @skip metadataservice.s3.bucket +## @param metadataservice.s3.auth.username The S3-capable endpoint username (or access key id). +## @param metadataservice.s3.auth.password The S3-capable endpoint user password (or access key secret). +## @param metadataservice.replicaCount The number of replicas. +## metadataservice: enabled: true image: @@ -365,8 +480,24 @@ metadataservice: auth: username: seaweedfsadmin password: seaweedfsadmin - replicaCount: 1 + replicaCount: 2 + +## @section Data Service +## @param dataservice.enabled Enable the Metadata Service. +## @param dataservice.endpoint The endpoint for the microservices. +## @skip dataservice.image +## @param dataservice.grant.read The default database permissions for users with read access. +## @param dataservice.grant.write The default database permissions for users with write access. +## @param dataservice.s3.endpoint The S3-capable endpoint the microservice connects to. +## @skip dataservice.s3.bucket +## @param dataservice.s3.auth.username The S3-capable endpoint username (or access key id). +## @param dataservice.s3.auth.password The S3-capable endpoint user password (or access key secret). +## @param dataservice.consumerConcurrentMin The minimum broker service consumer number. +## @param dataservice.consumerConcurrentMax The maximum broker service consumer number. +## @param dataservice.requeueRejected Enable re-queueing of rejected messages to the broker service. +## @param dataservice.replicaCount The number of replicas. +## dataservice: enabled: true endpoint: http://data-service @@ -388,8 +519,16 @@ dataservice: consumerConcurrentMin: 1 consumerConcurrentMax: 5 requeueRejected: false - replicaCount: 1 + replicaCount: 2 +## @section Search Service + +## @param searchservice.enabled Enable the Search Service. +## @param searchservice.endpoint The endpoint for the microservices. +## @skip searchservice.image +## @skip searchservice.init +## @param searchservice.replicaCount The number of replicas. +## searchservice: enabled: true endpoint: http://search-service @@ -401,8 +540,17 @@ searchservice: image: name: s210.dl.hpc.tuwien.ac.at/dbrepo/search-service-init:1.4.3 pullPolicy: Always - replicaCount: 1 + replicaCount: 2 + +## @section Storage Service +## @param storageservice.enabled Enable the Storage Service. +## @skip storageservice.master +## @skip storageservice.filer +## @skip storageservice.volume +## @skip storageservice.s3 +## @skip storageservice.init +## storageservice: enabled: true master: @@ -440,6 +588,29 @@ storageservice: image: s210.dl.hpc.tuwien.ac.at/dbrepo/storage-service-init:1.4.3 pullPolicy: Always +## @section User Interface + +## @param ui.enabled Enable the User Interface. +## @skip ui.image +## @param ui.public.api.client The endpoint for the client api. +## @param ui.public.api.server The endpoint for the server api. +## @param ui.public.title The user interface title. +## @param ui.public.logo The user interface logo. +## @param ui.public.icon The user interface icon. +## @param ui.public.touch The user interface apple touch icon. +## @param ui.public.broker.host The displayed broker hostname. +## @param ui.public.broker.port.5671 Enable display of the broker 5671 port and mark it as secure (SSL/TLS). +## @param ui.public.broker.port.5672 Enable display of the broker 5672 port and mark it as insecure (no SSL/TLS). +## @param ui.public.broker.extra Extra metadata displayed. +## @param ui.public.database.extra Extra metadata displayed. +## @skip ui.public.links +## @param ui.public.pid.default.publisher The default dataset publisher for persisted identifiers. +## @param ui.public.doi.enabled Enable the display that DOIs are minted. +## @param ui.public.doi.endpoint The DOI proxy. +## @param ui.replicaCount The number of replicas. +## @skip ui.extraVolumes +## @skip ui.extraVolumeMounts +## ui: enabled: true image: @@ -459,7 +630,7 @@ ui: port: 5671: true 5672: false - extra: "128.130.0.0/15" + extra: "" database: extra: "128.130.0.0/15" links: @@ -475,7 +646,7 @@ ui: doi: enabled: false endpoint: https://doi.org - replicaCount: 1 + replicaCount: 2 extraVolumes: [ ] # - name: images-map # configMap: @@ -485,36 +656,43 @@ ui: # mountPath: /static/logo.svg # subPath: logo.svg +## @section Ingress + +## @param ingress.enabled Enable the ingress. +## @skip ingress.className +## @skip ingress.tls +## @skip ingress.annotations +## ingress: - enabled: true + enabled: false className: nginx tls: enabled: true secretName: ingress-cert annotations: - basic: {} -# nginx.org/path-regex: "case_sensitive" -# nginx.ingress.kubernetes.io/use-regex: "true" -# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + basic: { } + # nginx.org/path-regex: "case_sensitive" + # nginx.ingress.kubernetes.io/use-regex: "true" + # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer rewriteApi: -# nginx.org/path-regex: "case_sensitive" -# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + # nginx.org/path-regex: "case_sensitive" + # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /api/$1 rewriteRoot: -# nginx.org/path-regex: "case_sensitive" -# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + # nginx.org/path-regex: "case_sensitive" + # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /$1 rewriteRootSecure: -# nginx.org/path-regex: "case_sensitive" -# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + # nginx.org/path-regex: "case_sensitive" + # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer nginx.ingress.kubernetes.io/force-ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /$1 rewritePid: -# nginx.org/path-regex: "case_sensitive" -# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer + # nginx.org/path-regex: "case_sensitive" + # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer nginx.ingress.kubernetes.io/use-regex: "true" nginx.ingress.kubernetes.io/rewrite-target: /api/identifier/$1