diff --git a/helm/dbrepo/templates/search-secret.yaml b/helm/dbrepo/templates/search-secret.yaml index 41665ac2bc1614653262f93cf28882a55638e4ec..251da00248f77afa295483890064ed6a3bc73211 100644 --- a/helm/dbrepo/templates/search-secret.yaml +++ b/helm/dbrepo/templates/search-secret.yaml @@ -13,7 +13,7 @@ stringData: AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}" AUTH_SERVICE_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}" AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}" - GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}" + METADATA_SERVICE_ENDPOINT: "{{ .Values.metadataservice.endpoint }}" JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}" LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.searchservice.image.debug }}" OPENSEARCH_HOST: "{{ .Values.searchdb.host }}" diff --git a/helm/dbrepo/templates/upload-deployment.yaml b/helm/dbrepo/templates/upload-deployment.yaml index 9d2e784b32c46c83393585265e3d213574d9c254..fd496f5076b029471af677e1a21a12cfc542d6b6 100644 --- a/helm/dbrepo/templates/upload-deployment.yaml +++ b/helm/dbrepo/templates/upload-deployment.yaml @@ -27,7 +27,7 @@ spec: initContainers: - name: init-permissions image: busybox - command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1000:1000 /srv/tusd-data'] + command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1001:1001 /srv/tusd-data'] volumeMounts: - name: tusd-data mountPath: /srv/tusd-data @@ -36,7 +36,7 @@ spec: readOnlyRootFilesystem: true allowPrivilegeEscalation: false seccompProfile: - type: {{ .Values.searchservice.profileType | default "RuntimeDefault" }} + type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }} capabilities: drop: - ALL diff --git a/helm/dbrepo/templates/upload-job.yaml b/helm/dbrepo/templates/upload-job.yaml index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..a6e2eebe9efddfd240dffbbe52c803b1c8ffce4f 100644 --- a/helm/dbrepo/templates/upload-job.yaml +++ b/helm/dbrepo/templates/upload-job.yaml @@ -0,0 +1,30 @@ +apiVersion: batch/v1 +kind: Job +metadata: + name: init-permissions +spec: + template: + spec: + containers: + - name: init-permissions + image: busybox + command: + - /bin/bash + - -ec + - | + chown -R {{ .Values.uploadservice.securityContext.runAsUser }}:{{ .Values.uploadservice.securityContext.fsGroup }} /srv/tusd-data + volumeMounts: + - name: tusd-data + mountPath: /srv/tusd-data + resources: {{- toYaml .Values.resources | nindent 10 }} + securityContext: + runAsNonRoot: true + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + seccompProfile: + type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }} + volumes: + - name: tusd-data + persistentVolumeClaim: + claimName: tusd-data-pvc + restartPolicy: Never \ No newline at end of file diff --git a/helm/dbrepo/templates/upload-pvc.yaml b/helm/dbrepo/templates/upload-pvc.yaml index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..6e7730c5de084c264b36626b248b3a6cf05e0070 100644 --- a/helm/dbrepo/templates/upload-pvc.yaml +++ b/helm/dbrepo/templates/upload-pvc.yaml @@ -0,0 +1,12 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: tusd-data-pvc + namespace: aris-dbrepo-dev +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 8Gi + storageClassName: rbd-storagepool-cluster diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml index 4d1c34e73b31f5b09392431644f2d75b4551e600..fff327dc1a485b9df16eaf3474ece8acc7428a0e 100644 --- a/helm/dbrepo/values.yaml +++ b/helm/dbrepo/values.yaml @@ -17,10 +17,10 @@ global: ## resource limits required by ares cluster resources: limits: - cpu: 500m +# cpu: 500m memory: 756Mi requests: - cpu: 100m + cpu: 50m memory: 256Mi resourcesWStorage: @@ -29,7 +29,7 @@ resourcesWStorage: ephemeral-storage: 50Mi memory: 756Mi requests: - cpu: 100m + cpu: 50m ephemeral-storage: 10Mi memory: 256Mi @@ -38,7 +38,7 @@ resourcesLittle: cpu: 100m memory: 512Mi requests: - cpu: 50m + cpu: 25m memory: 256Mi ## @section Common parameters @@ -227,7 +227,7 @@ datadb: primary: resources: requests: - cpu: 100m + cpu: 50m ephemeral-storage: 10Mi memory: 512Mi limits: @@ -315,6 +315,9 @@ datadb: searchdb: ## @param searchdb.enabled Enable the Data Database. enabled: true + global: + defaultStorageClass: cephfs-fspool-cluster + storageClass: cephfs-fspool-cluster sysctlImage: enabled: false ## @skip searchdb.fullnameOverride @@ -335,37 +338,50 @@ searchdb: master: resources: requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 250m + cpu: 50m memory: 512Mi + limits: + cpu: 300m + memory: 1Gi + livenessProbe: + initialDelaySeconds: 300 + timeoutSeconds: 8 coordinating: resources: requests: - cpu: 100m - memory: 256Mi - limits: - cpu: 250m + cpu: 50m memory: 512Mi + limits: + cpu: 300m + memory: 1Gi + livenessProbe: + initialDelaySeconds: 200 + timeoutSeconds: 8 ingest: resources: requests: - cpu: 100m + cpu: 50m memory: 256Mi limits: - cpu: 250m + cpu: 25m memory: 512Mi + livenessProbe: + initialDelaySeconds: 200 + timeoutSeconds: 8 data: resources: limits: - cpu: 250m - ephemeral-storage: 700Mi - memory: 1536Mi + ephemeral-storage: 1Gi + memory: 2.5Gi requests: - cpu: 100m - ephemeral-storage: 50Mi - memory: 512Mi + cpu: 50m + ephemeral-storage: 500Mi + memory: 1Gi + livenessProbe: + initialDelaySeconds: 200 + timeoutSeconds: 8 + + ## @section Upload Service uploadservice: @@ -380,8 +396,9 @@ uploadservice: ## @skip uploadservice.securityContext securityContext: allowPrivilegeEscalation: false - # runAsUser: 1000 - # runAsGroup: 1000 + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 runAsNonRoot: true seccompProfile: type: RuntimeDefault @@ -476,7 +493,7 @@ brokerservice: ## @param brokerservice.replicaCount The number of replicas. resources: requests: - cpu: 200m + cpu: 50m ephemeral-storage: 10Mi memory: 512Mi limits: @@ -533,7 +550,7 @@ analyseservice: ## @skip analyseservice.resources resources: requests: - cpu: 250m + cpu: 50m memory: 512Mi limits: cpu: 250m @@ -594,7 +611,7 @@ metadataservice: type: "RuntimeDefault" resources: requests: - cpu: 250m + cpu: 50m memory: 512Mi limits: cpu: 250m @@ -768,7 +785,7 @@ searchservice: type: "RuntimeDefault" resources: requests: - cpu: 250m + cpu: 50m memory: 512Mi limits: cpu: 250m @@ -894,7 +911,7 @@ ui: type: "RuntimeDefault" resources: requests: - cpu: 250m + cpu: 50m memory: 512Mi limits: cpu: 250m