Skip to content
Snippets Groups Projects
Commit c6b1d296 authored by Manuel Esberger's avatar Manuel Esberger
Browse files

many resource fixes and try to get upload service to run

parent fc518a80
No related branches found
No related tags found
No related merge requests found
...@@ -13,7 +13,7 @@ stringData: ...@@ -13,7 +13,7 @@ stringData:
AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}" AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}"
AUTH_SERVICE_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}" AUTH_SERVICE_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}"
AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}" AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}"
GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}" METADATA_SERVICE_ENDPOINT: "{{ .Values.metadataservice.endpoint }}"
JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}" JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}"
LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.searchservice.image.debug }}" LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.searchservice.image.debug }}"
OPENSEARCH_HOST: "{{ .Values.searchdb.host }}" OPENSEARCH_HOST: "{{ .Values.searchdb.host }}"
......
...@@ -27,7 +27,7 @@ spec: ...@@ -27,7 +27,7 @@ spec:
initContainers: initContainers:
- name: init-permissions - name: init-permissions
image: busybox image: busybox
command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1000:1000 /srv/tusd-data'] command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1001:1001 /srv/tusd-data']
volumeMounts: volumeMounts:
- name: tusd-data - name: tusd-data
mountPath: /srv/tusd-data mountPath: /srv/tusd-data
...@@ -36,7 +36,7 @@ spec: ...@@ -36,7 +36,7 @@ spec:
readOnlyRootFilesystem: true readOnlyRootFilesystem: true
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
seccompProfile: seccompProfile:
type: {{ .Values.searchservice.profileType | default "RuntimeDefault" }} type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
capabilities: capabilities:
drop: drop:
- ALL - ALL
......
apiVersion: batch/v1
kind: Job
metadata:
name: init-permissions
spec:
template:
spec:
containers:
- name: init-permissions
image: busybox
command:
- /bin/bash
- -ec
- |
chown -R {{ .Values.uploadservice.securityContext.runAsUser }}:{{ .Values.uploadservice.securityContext.fsGroup }} /srv/tusd-data
volumeMounts:
- name: tusd-data
mountPath: /srv/tusd-data
resources: {{- toYaml .Values.resources | nindent 10 }}
securityContext:
runAsNonRoot: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
volumes:
- name: tusd-data
persistentVolumeClaim:
claimName: tusd-data-pvc
restartPolicy: Never
\ No newline at end of file
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: tusd-data-pvc
namespace: aris-dbrepo-dev
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 8Gi
storageClassName: rbd-storagepool-cluster
...@@ -17,10 +17,10 @@ global: ...@@ -17,10 +17,10 @@ global:
## resource limits required by ares cluster ## resource limits required by ares cluster
resources: resources:
limits: limits:
cpu: 500m # cpu: 500m
memory: 756Mi memory: 756Mi
requests: requests:
cpu: 100m cpu: 50m
memory: 256Mi memory: 256Mi
resourcesWStorage: resourcesWStorage:
...@@ -29,7 +29,7 @@ resourcesWStorage: ...@@ -29,7 +29,7 @@ resourcesWStorage:
ephemeral-storage: 50Mi ephemeral-storage: 50Mi
memory: 756Mi memory: 756Mi
requests: requests:
cpu: 100m cpu: 50m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 256Mi memory: 256Mi
...@@ -38,7 +38,7 @@ resourcesLittle: ...@@ -38,7 +38,7 @@ resourcesLittle:
cpu: 100m cpu: 100m
memory: 512Mi memory: 512Mi
requests: requests:
cpu: 50m cpu: 25m
memory: 256Mi memory: 256Mi
## @section Common parameters ## @section Common parameters
...@@ -227,7 +227,7 @@ datadb: ...@@ -227,7 +227,7 @@ datadb:
primary: primary:
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 512Mi memory: 512Mi
limits: limits:
...@@ -315,6 +315,9 @@ datadb: ...@@ -315,6 +315,9 @@ datadb:
searchdb: searchdb:
## @param searchdb.enabled Enable the Data Database. ## @param searchdb.enabled Enable the Data Database.
enabled: true enabled: true
global:
defaultStorageClass: cephfs-fspool-cluster
storageClass: cephfs-fspool-cluster
sysctlImage: sysctlImage:
enabled: false enabled: false
## @skip searchdb.fullnameOverride ## @skip searchdb.fullnameOverride
...@@ -335,37 +338,50 @@ searchdb: ...@@ -335,37 +338,50 @@ searchdb:
master: master:
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 256Mi
limits:
cpu: 250m
memory: 512Mi memory: 512Mi
limits:
cpu: 300m
memory: 1Gi
livenessProbe:
initialDelaySeconds: 300
timeoutSeconds: 8
coordinating: coordinating:
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 256Mi
limits:
cpu: 250m
memory: 512Mi memory: 512Mi
limits:
cpu: 300m
memory: 1Gi
livenessProbe:
initialDelaySeconds: 200
timeoutSeconds: 8
ingest: ingest:
resources: resources:
requests: requests:
cpu: 100m cpu: 50m
memory: 256Mi memory: 256Mi
limits: limits:
cpu: 250m cpu: 25m
memory: 512Mi memory: 512Mi
livenessProbe:
initialDelaySeconds: 200
timeoutSeconds: 8
data: data:
resources: resources:
limits: limits:
cpu: 250m ephemeral-storage: 1Gi
ephemeral-storage: 700Mi memory: 2.5Gi
memory: 1536Mi
requests: requests:
cpu: 100m cpu: 50m
ephemeral-storage: 50Mi ephemeral-storage: 500Mi
memory: 512Mi memory: 1Gi
livenessProbe:
initialDelaySeconds: 200
timeoutSeconds: 8
## @section Upload Service ## @section Upload Service
uploadservice: uploadservice:
...@@ -380,8 +396,9 @@ uploadservice: ...@@ -380,8 +396,9 @@ uploadservice:
## @skip uploadservice.securityContext ## @skip uploadservice.securityContext
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
# runAsUser: 1000 runAsUser: 1001
# runAsGroup: 1000 runAsGroup: 1001
fsGroup: 1001
runAsNonRoot: true runAsNonRoot: true
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
...@@ -476,7 +493,7 @@ brokerservice: ...@@ -476,7 +493,7 @@ brokerservice:
## @param brokerservice.replicaCount The number of replicas. ## @param brokerservice.replicaCount The number of replicas.
resources: resources:
requests: requests:
cpu: 200m cpu: 50m
ephemeral-storage: 10Mi ephemeral-storage: 10Mi
memory: 512Mi memory: 512Mi
limits: limits:
...@@ -533,7 +550,7 @@ analyseservice: ...@@ -533,7 +550,7 @@ analyseservice:
## @skip analyseservice.resources ## @skip analyseservice.resources
resources: resources:
requests: requests:
cpu: 250m cpu: 50m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 250m cpu: 250m
...@@ -594,7 +611,7 @@ metadataservice: ...@@ -594,7 +611,7 @@ metadataservice:
type: "RuntimeDefault" type: "RuntimeDefault"
resources: resources:
requests: requests:
cpu: 250m cpu: 50m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 250m cpu: 250m
...@@ -768,7 +785,7 @@ searchservice: ...@@ -768,7 +785,7 @@ searchservice:
type: "RuntimeDefault" type: "RuntimeDefault"
resources: resources:
requests: requests:
cpu: 250m cpu: 50m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 250m cpu: 250m
...@@ -894,7 +911,7 @@ ui: ...@@ -894,7 +911,7 @@ ui:
type: "RuntimeDefault" type: "RuntimeDefault"
resources: resources:
requests: requests:
cpu: 250m cpu: 50m
memory: 512Mi memory: 512Mi
limits: limits:
cpu: 250m cpu: 250m
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment