From c6b1d296217ad334b7cdec1ca83342e6be0c2caa Mon Sep 17 00:00:00 2001
From: Manuel Esberger <esberger.manuel@live.at>
Date: Tue, 3 Sep 2024 21:39:54 +0200
Subject: [PATCH] many resource fixes and try to get upload service to run
---
helm/dbrepo/templates/search-secret.yaml | 2 +-
helm/dbrepo/templates/upload-deployment.yaml | 4 +-
helm/dbrepo/templates/upload-job.yaml | 30 ++++++++
helm/dbrepo/templates/upload-pvc.yaml | 12 ++++
helm/dbrepo/values.yaml | 73 ++++++++++++--------
5 files changed, 90 insertions(+), 31 deletions(-)
diff --git a/helm/dbrepo/templates/search-secret.yaml b/helm/dbrepo/templates/search-secret.yaml
index 41665ac2bc..251da00248 100644
--- a/helm/dbrepo/templates/search-secret.yaml
+++ b/helm/dbrepo/templates/search-secret.yaml
@@ -13,7 +13,7 @@ stringData:
AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}"
AUTH_SERVICE_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}"
AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}"
- GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}"
+ METADATA_SERVICE_ENDPOINT: "{{ .Values.metadataservice.endpoint }}"
JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}"
LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.searchservice.image.debug }}"
OPENSEARCH_HOST: "{{ .Values.searchdb.host }}"
diff --git a/helm/dbrepo/templates/upload-deployment.yaml b/helm/dbrepo/templates/upload-deployment.yaml
index 9d2e784b32..fd496f5076 100644
--- a/helm/dbrepo/templates/upload-deployment.yaml
+++ b/helm/dbrepo/templates/upload-deployment.yaml
@@ -27,7 +27,7 @@ spec:
initContainers:
- name: init-permissions
image: busybox
- command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1000:1000 /srv/tusd-data']
+ command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1001:1001 /srv/tusd-data']
volumeMounts:
- name: tusd-data
mountPath: /srv/tusd-data
@@ -36,7 +36,7 @@ spec:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
seccompProfile:
- type: {{ .Values.searchservice.profileType | default "RuntimeDefault" }}
+ type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
capabilities:
drop:
- ALL
diff --git a/helm/dbrepo/templates/upload-job.yaml b/helm/dbrepo/templates/upload-job.yaml
index e69de29bb2..a6e2eebe9e 100644
--- a/helm/dbrepo/templates/upload-job.yaml
+++ b/helm/dbrepo/templates/upload-job.yaml
@@ -0,0 +1,30 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+ name: init-permissions
+spec:
+ template:
+ spec:
+ containers:
+ - name: init-permissions
+ image: busybox
+ command:
+ - /bin/bash
+ - -ec
+ - |
+ chown -R {{ .Values.uploadservice.securityContext.runAsUser }}:{{ .Values.uploadservice.securityContext.fsGroup }} /srv/tusd-data
+ volumeMounts:
+ - name: tusd-data
+ mountPath: /srv/tusd-data
+ resources: {{- toYaml .Values.resources | nindent 10 }}
+ securityContext:
+ runAsNonRoot: true
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
+ volumes:
+ - name: tusd-data
+ persistentVolumeClaim:
+ claimName: tusd-data-pvc
+ restartPolicy: Never
\ No newline at end of file
diff --git a/helm/dbrepo/templates/upload-pvc.yaml b/helm/dbrepo/templates/upload-pvc.yaml
index e69de29bb2..6e7730c5de 100644
--- a/helm/dbrepo/templates/upload-pvc.yaml
+++ b/helm/dbrepo/templates/upload-pvc.yaml
@@ -0,0 +1,12 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: tusd-data-pvc
+ namespace: aris-dbrepo-dev
+spec:
+ accessModes:
+ - ReadWriteOnce
+ resources:
+ requests:
+ storage: 8Gi
+ storageClassName: rbd-storagepool-cluster
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index 4d1c34e73b..fff327dc1a 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -17,10 +17,10 @@ global:
## resource limits required by ares cluster
resources:
limits:
- cpu: 500m
+# cpu: 500m
memory: 756Mi
requests:
- cpu: 100m
+ cpu: 50m
memory: 256Mi
resourcesWStorage:
@@ -29,7 +29,7 @@ resourcesWStorage:
ephemeral-storage: 50Mi
memory: 756Mi
requests:
- cpu: 100m
+ cpu: 50m
ephemeral-storage: 10Mi
memory: 256Mi
@@ -38,7 +38,7 @@ resourcesLittle:
cpu: 100m
memory: 512Mi
requests:
- cpu: 50m
+ cpu: 25m
memory: 256Mi
## @section Common parameters
@@ -227,7 +227,7 @@ datadb:
primary:
resources:
requests:
- cpu: 100m
+ cpu: 50m
ephemeral-storage: 10Mi
memory: 512Mi
limits:
@@ -315,6 +315,9 @@ datadb:
searchdb:
## @param searchdb.enabled Enable the Data Database.
enabled: true
+ global:
+ defaultStorageClass: cephfs-fspool-cluster
+ storageClass: cephfs-fspool-cluster
sysctlImage:
enabled: false
## @skip searchdb.fullnameOverride
@@ -335,37 +338,50 @@ searchdb:
master:
resources:
requests:
- cpu: 100m
- memory: 256Mi
- limits:
- cpu: 250m
+ cpu: 50m
memory: 512Mi
+ limits:
+ cpu: 300m
+ memory: 1Gi
+ livenessProbe:
+ initialDelaySeconds: 300
+ timeoutSeconds: 8
coordinating:
resources:
requests:
- cpu: 100m
- memory: 256Mi
- limits:
- cpu: 250m
+ cpu: 50m
memory: 512Mi
+ limits:
+ cpu: 300m
+ memory: 1Gi
+ livenessProbe:
+ initialDelaySeconds: 200
+ timeoutSeconds: 8
ingest:
resources:
requests:
- cpu: 100m
+ cpu: 50m
memory: 256Mi
limits:
- cpu: 250m
+ cpu: 25m
memory: 512Mi
+ livenessProbe:
+ initialDelaySeconds: 200
+ timeoutSeconds: 8
data:
resources:
limits:
- cpu: 250m
- ephemeral-storage: 700Mi
- memory: 1536Mi
+ ephemeral-storage: 1Gi
+ memory: 2.5Gi
requests:
- cpu: 100m
- ephemeral-storage: 50Mi
- memory: 512Mi
+ cpu: 50m
+ ephemeral-storage: 500Mi
+ memory: 1Gi
+ livenessProbe:
+ initialDelaySeconds: 200
+ timeoutSeconds: 8
+
+
## @section Upload Service
uploadservice:
@@ -380,8 +396,9 @@ uploadservice:
## @skip uploadservice.securityContext
securityContext:
allowPrivilegeEscalation: false
- # runAsUser: 1000
- # runAsGroup: 1000
+ runAsUser: 1001
+ runAsGroup: 1001
+ fsGroup: 1001
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
@@ -476,7 +493,7 @@ brokerservice:
## @param brokerservice.replicaCount The number of replicas.
resources:
requests:
- cpu: 200m
+ cpu: 50m
ephemeral-storage: 10Mi
memory: 512Mi
limits:
@@ -533,7 +550,7 @@ analyseservice:
## @skip analyseservice.resources
resources:
requests:
- cpu: 250m
+ cpu: 50m
memory: 512Mi
limits:
cpu: 250m
@@ -594,7 +611,7 @@ metadataservice:
type: "RuntimeDefault"
resources:
requests:
- cpu: 250m
+ cpu: 50m
memory: 512Mi
limits:
cpu: 250m
@@ -768,7 +785,7 @@ searchservice:
type: "RuntimeDefault"
resources:
requests:
- cpu: 250m
+ cpu: 50m
memory: 512Mi
limits:
cpu: 250m
@@ -894,7 +911,7 @@ ui:
type: "RuntimeDefault"
resources:
requests:
- cpu: 250m
+ cpu: 50m
memory: 512Mi
limits:
cpu: 250m
--
GitLab