many resource fixes and try to get upload service to run

helm/dbrepo/templates/search-secret.yaml

@@ -13,7 +13,7 @@ stringData:
   AUTH_SERVICE_CLIENT: "{{ .Values.authservice.client.id }}"
   AUTH_SERVICE_CLIENT_SECRET: "{{ .Values.authservice.client.secret }}"
   AUTH_SERVICE_ENDPOINT: "{{ .Values.authservice.endpoint }}"
-  GATEWAY_SERVICE_ENDPOINT: "{{ .Values.gateway }}"
+  METADATA_SERVICE_ENDPOINT: "{{ .Values.metadataservice.endpoint }}"
   JWT_PUBKEY: "{{ .Values.authservice.jwt.pubkey }}"
   LOG_LEVEL: "{{ ternary "DEBUG" "INFO" .Values.searchservice.image.debug }}"
   OPENSEARCH_HOST: "{{ .Values.searchdb.host }}"

helm/dbrepo/templates/upload-deployment.yaml

@@ -27,7 +27,7 @@ spec:
       initContainers:
         - name: init-permissions
           image: busybox
-          command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1000:1000 /srv/tusd-data']
+          command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1001:1001 /srv/tusd-data']
           volumeMounts:
             - name: tusd-data
               mountPath: /srv/tusd-data
@@ -36,7 +36,7 @@ spec:
             readOnlyRootFilesystem: true
             allowPrivilegeEscalation: false
             seccompProfile:
-              type: {{ .Values.searchservice.profileType | default "RuntimeDefault" }}
+              type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
             capabilities:
               drop:
                 - ALL

helm/dbrepo/templates/upload-job.yaml

+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: init-permissions
+spec:
+  template:
+    spec:
+      containers:
+      - name: init-permissions
+        image: busybox
+        command:
+          - /bin/bash
+          - -ec
+          - |
+            chown -R {{ .Values.uploadservice.securityContext.runAsUser }}:{{ .Values.uploadservice.securityContext.fsGroup }} /srv/tusd-data
+        volumeMounts:
+        - name: tusd-data
+          mountPath: /srv/tusd-data
+        resources: {{- toYaml .Values.resources | nindent 10 }}
+        securityContext:
+          runAsNonRoot: true
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
+      volumes:
+      - name: tusd-data
+        persistentVolumeClaim:
+          claimName: tusd-data-pvc
+      restartPolicy: Never
\ No newline at end of file

helm/dbrepo/templates/upload-pvc.yaml

+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: tusd-data-pvc
+  namespace: aris-dbrepo-dev
+spec:
+  accessModes:
+    - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
+  storageClassName: rbd-storagepool-cluster

helm/dbrepo/values.yaml

@@ -17,10 +17,10 @@ global:
 ## resource limits required by ares cluster
 resources:
   limits:
-    cpu: 500m
+#    cpu: 500m
     memory: 756Mi
   requests:
-    cpu: 100m
+    cpu: 50m
     memory: 256Mi
 
 resourcesWStorage:
@@ -29,7 +29,7 @@ resourcesWStorage:
     ephemeral-storage: 50Mi
     memory: 756Mi
   requests:
-    cpu: 100m
+    cpu: 50m
     ephemeral-storage: 10Mi
     memory: 256Mi
 
@@ -38,7 +38,7 @@ resourcesLittle:
     cpu: 100m
     memory: 512Mi
   requests:
-    cpu: 50m
+    cpu: 25m
     memory: 256Mi
 
 ## @section Common parameters
@@ -227,7 +227,7 @@ datadb:
   primary:
     resources:
       requests:
-        cpu: 100m
+        cpu: 50m
         ephemeral-storage: 10Mi
         memory: 512Mi
       limits:
@@ -315,6 +315,9 @@ datadb:
 searchdb:
   ## @param searchdb.enabled Enable the Data Database.
   enabled: true
+  global:
+    defaultStorageClass: cephfs-fspool-cluster
+    storageClass: cephfs-fspool-cluster
   sysctlImage:
     enabled: false
   ## @skip searchdb.fullnameOverride
@@ -335,37 +338,50 @@ searchdb:
   master:
     resources:
       requests:
-        cpu: 100m
-        memory: 256Mi
-      limits:
-        cpu: 250m
+        cpu: 50m
         memory: 512Mi
+      limits:
+        cpu: 300m
+        memory: 1Gi
+    livenessProbe:
+      initialDelaySeconds: 300
+      timeoutSeconds: 8
   coordinating:
     resources:
       requests:
-        cpu: 100m
-        memory: 256Mi
-      limits:
-        cpu: 250m
+        cpu: 50m
         memory: 512Mi
+      limits:
+        cpu: 300m
+        memory: 1Gi
+    livenessProbe:
+      initialDelaySeconds: 200
+      timeoutSeconds: 8
   ingest:
     resources:
       requests:
-        cpu: 100m
+        cpu: 50m
         memory: 256Mi
       limits:
-        cpu: 250m
+        cpu: 25m
         memory: 512Mi
+    livenessProbe:
+      initialDelaySeconds: 200
+      timeoutSeconds: 8
   data:
     resources:
       limits:
-        cpu: 250m
-        ephemeral-storage: 700Mi
-        memory: 1536Mi
+        ephemeral-storage: 1Gi
+        memory: 2.5Gi
       requests:
-        cpu: 100m
-        ephemeral-storage: 50Mi
-        memory: 512Mi
+        cpu: 50m
+        ephemeral-storage: 500Mi
+        memory: 1Gi
+    livenessProbe:
+      initialDelaySeconds: 200
+      timeoutSeconds: 8
+
+
 ## @section Upload Service
 
 uploadservice:
@@ -380,8 +396,9 @@ uploadservice:
   ## @skip uploadservice.securityContext
   securityContext:
     allowPrivilegeEscalation: false
-    # runAsUser: 1000
-    # runAsGroup: 1000
+    runAsUser: 1001
+    runAsGroup: 1001
+    fsGroup: 1001
     runAsNonRoot: true
     seccompProfile:
       type: RuntimeDefault
@@ -476,7 +493,7 @@ brokerservice:
   ## @param brokerservice.replicaCount The number of replicas.
   resources:
     requests:
-      cpu: 200m
+      cpu: 50m
       ephemeral-storage: 10Mi
       memory: 512Mi
     limits:
@@ -533,7 +550,7 @@ analyseservice:
   ## @skip analyseservice.resources
   resources:
     requests:
-      cpu: 250m
+      cpu: 50m
       memory: 512Mi
     limits:
       cpu: 250m
@@ -594,7 +611,7 @@ metadataservice:
       type: "RuntimeDefault"
   resources:
     requests:
-      cpu: 250m
+      cpu: 50m
       memory: 512Mi
     limits:
       cpu: 250m
@@ -768,7 +785,7 @@ searchservice:
       type: "RuntimeDefault"
   resources:
     requests:
-      cpu: 250m
+      cpu: 50m
       memory: 512Mi
     limits:
       cpu: 250m
@@ -894,7 +911,7 @@ ui:
       type: "RuntimeDefault"
   resources:
     requests:
-      cpu: 250m
+      cpu: 50m
       memory: 512Mi
     limits:
       cpu: 250m