diff --git a/helm/dbrepo/templates/upload-deployment.yaml b/helm/dbrepo/templates/upload-deployment.yaml
index fd496f5076b029471af677e1a21a12cfc542d6b6..ff5545ad31083d2acdafaf0d6f68411706d7c298 100644
--- a/helm/dbrepo/templates/upload-deployment.yaml
+++ b/helm/dbrepo/templates/upload-deployment.yaml
@@ -24,23 +24,6 @@ spec:
spec:
securityContext:
runAsNonRoot: true
- initContainers:
- - name: init-permissions
- image: busybox
- command: ['sh', '-c', 'mkdir -p /srv/tusd-data/data && chown -R 1001:1001 /srv/tusd-data']
- volumeMounts:
- - name: tusd-data
- mountPath: /srv/tusd-data
- securityContext:
- runAsNonRoot: true
- readOnlyRootFilesystem: true
- allowPrivilegeEscalation: false
- seccompProfile:
- type: {{ .Values.uploadservice.securityContext.seccompProfile.type | default "RuntimeDefault" }}
- capabilities:
- drop:
- - ALL
- resources: {{- toYaml .Values.resources | nindent 12 }}
containers:
- name: upload-service
image: "{{ .Values.uploadservice.image.repository }}:{{ .Values.uploadservice.image.tag }}"
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index fff327dc1a485b9df16eaf3474ece8acc7428a0e..de20955021d889fcd638259764b6385bab1ad52c 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -13,11 +13,9 @@ global:
## @param global.storageClass Global StorageClass for Persistent Volume(s)
storageClass: "rbd-storagepool-cluster"
-
## resource limits required by ares cluster
resources:
limits:
-# cpu: 500m
memory: 756Mi
requests:
cpu: 50m
@@ -25,7 +23,6 @@ resources:
resourcesWStorage:
limits:
- cpu: 500m
ephemeral-storage: 50Mi
memory: 756Mi
requests:
@@ -35,7 +32,6 @@ resourcesWStorage:
resourcesLittle:
limits:
- cpu: 100m
memory: 512Mi
requests:
cpu: 25m
@@ -95,7 +91,7 @@ metadatadb:
## @skip metadatadb.initdbScriptsConfigMap The initial database scripts.
initdbScriptsConfigMap: metadata-db-setup
## @param metadatadb.initdbScripts Additional init.db scripts that are executed on the first start.
- initdbScripts: { }
+ initdbScripts: {}
# 03-additional-data.sql: |
# BEGIN;
# INSERT INTO `mdb_containers` (name, internal_name, image_id, host, port, sidecar_host, sidecar_port, privileged_username, privileged_password)
@@ -124,7 +120,6 @@ metadatadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 250m
ephemeral-storage: 20Mi
memory: 768Mi
## @section Auth Service
@@ -189,7 +184,6 @@ authservice:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 250m
ephemeral-storage: 10Mi
memory: 768Mi
replicaCount: 2
@@ -220,7 +214,6 @@ datadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 100m
ephemeral-storage: 10Mi
memory: 768Mi
## @skip datadb.primary
@@ -231,7 +224,6 @@ datadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 200m
ephemeral-storage: 10Mi
memory: 768Mi
service:
@@ -260,7 +252,6 @@ datadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 100m
ephemeral-storage: 10Mi
memory: 768Mi
ports:
@@ -294,7 +285,7 @@ datadb:
mountPath: /s3
extraVolumes:
- name: s3
- emptyDir: { }
+ emptyDir: {}
persistence:
enabled: true
resources:
@@ -303,7 +294,6 @@ datadb:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 100m
ephemeral-storage: 10Mi
memory: 768Mi
## @skip datadb.secondary
@@ -341,7 +331,6 @@ searchdb:
cpu: 50m
memory: 512Mi
limits:
- cpu: 300m
memory: 1Gi
livenessProbe:
initialDelaySeconds: 300
@@ -352,7 +341,6 @@ searchdb:
cpu: 50m
memory: 512Mi
limits:
- cpu: 300m
memory: 1Gi
livenessProbe:
initialDelaySeconds: 200
@@ -360,10 +348,9 @@ searchdb:
ingest:
resources:
requests:
- cpu: 50m
+ cpu: 20m
memory: 256Mi
limits:
- cpu: 25m
memory: 512Mi
livenessProbe:
initialDelaySeconds: 200
@@ -381,7 +368,6 @@ searchdb:
initialDelaySeconds: 200
timeoutSeconds: 8
-
## @section Upload Service
uploadservice:
@@ -497,7 +483,6 @@ brokerservice:
ephemeral-storage: 10Mi
memory: 512Mi
limits:
- cpu: 300m
ephemeral-storage: 50Mi
memory: 768Mi
replicaCount: 1
@@ -506,7 +491,7 @@ brokerservice:
analyseservice:
## @param analyseservice.enabled Enable the Broker Service.
- enabled: false
+ enabled: true
image:
## @skip analyseservice.image.name
name: registry.datalab.tuwien.ac.at/dbrepo/analyse-service:1.4.5
@@ -523,14 +508,14 @@ analyseservice:
## @param analyseservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
# sysctls: [ ]
## @param analyseservice.podSecurityContext.supplementalGroups Set filesystem extra groups
- supplementalGroups: [ ]
+ supplementalGroups: []
## @param analyseservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
# fsGroup: 1001
containerSecurityContext:
## @param analyseservice.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true
## @param analyseservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
- seLinuxOptions: { }
+ seLinuxOptions: {}
## @param analyseservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
# runAsUser: 1001
## @param analyseservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
@@ -543,7 +528,7 @@ analyseservice:
readOnlyRootFilesystem: false
capabilities:
## @param analyseservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
- drop: [ "ALL" ]
+ drop: ["ALL"]
seccompProfile:
## @param analyseservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
@@ -553,7 +538,6 @@ analyseservice:
cpu: 50m
memory: 512Mi
limits:
- cpu: 250m
memory: 2048Mi
## @param analyseservice.endpoint The url of the endpoint.
@@ -585,14 +569,14 @@ metadataservice:
## @param metadataservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
# sysctls: [ ]
## @param metadataservice.podSecurityContext.supplementalGroups Set filesystem extra groups
- supplementalGroups: [ ]
+ supplementalGroups: []
## @param metadataservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
# fsGroup: 1001
containerSecurityContext:
## @param metadataservice.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true
## @param metadataservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
- seLinuxOptions: { }
+ seLinuxOptions: {}
## @param metadataservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
# runAsUser: 1001
## @param metadataservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
@@ -605,7 +589,7 @@ metadataservice:
readOnlyRootFilesystem: false
capabilities:
## @param metadataservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
- drop: [ "ALL" ]
+ drop: ["ALL"]
seccompProfile:
## @param metadataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
@@ -614,7 +598,6 @@ metadataservice:
cpu: 50m
memory: 512Mi
limits:
- cpu: 250m
memory: 1024Mi
## @param metadataservice.endpoint The Metadata Service endpoint.
endpoint: http://metadata-service
@@ -677,14 +660,14 @@ dataservice:
## @param dataservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
# sysctls: [ ]
## @param dataservice.podSecurityContext.supplementalGroups Set filesystem extra groups
- supplementalGroups: [ ]
+ supplementalGroups: []
## @param dataservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
# fsGroup: 1001
containerSecurityContext:
## @param dataservice.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true
## @param dataservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
- seLinuxOptions: { }
+ seLinuxOptions: {}
## @param dataservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
# runAsUser: 1001
## @param dataservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
@@ -697,7 +680,7 @@ dataservice:
readOnlyRootFilesystem: false
capabilities:
## @param dataservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
- drop: [ "ALL" ]
+ drop: ["ALL"]
seccompProfile:
## @param dataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
@@ -758,14 +741,14 @@ searchservice:
## @param searchservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
# sysctls: [ ]
## @param searchservice.podSecurityContext.supplementalGroups Set filesystem extra groups
- supplementalGroups: [ ]
+ supplementalGroups: []
## @param searchservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
fsGroup: 1001
containerSecurityContext:
## @param searchservice.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true
## @param searchservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
- seLinuxOptions: { }
+ seLinuxOptions: {}
## @param searchservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
runAsUser: 1000
## @param searchservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
@@ -788,7 +771,6 @@ searchservice:
cpu: 50m
memory: 512Mi
limits:
- cpu: 250m
memory: 1024Mi
## @skip searchservice.init
init:
@@ -885,14 +867,14 @@ ui:
## @param ui.podSecurityContext.sysctls Set kernel settings using the sysctl interface
# sysctls: [ ]
## @param ui.podSecurityContext.supplementalGroups Set filesystem extra groups
- supplementalGroups: [ ]
+ supplementalGroups: []
## @param ui.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
# fsGroup: 1001
containerSecurityContext:
## @param ui.containerSecurityContext.enabled Enabled containers' Security Context
enabled: true
## @param ui.containerSecurityContext.seLinuxOptions Set SELinux options in container
- seLinuxOptions: { }
+ seLinuxOptions: {}
## @param ui.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
# runAsUser: 1001
## @param ui.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
@@ -905,7 +887,7 @@ ui:
readOnlyRootFilesystem: false
capabilities:
## @param ui.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
- drop: [ "ALL" ]
+ drop: ["ALL"]
seccompProfile:
## @param ui.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
@@ -914,7 +896,6 @@ ui:
cpu: 50m
memory: 512Mi
limits:
- cpu: 250m
memory: 1024Mi
public:
api:
@@ -966,12 +947,12 @@ ui:
## @param ui.replicaCount The number of replicas.
replicaCount: 2
## @skip ui.extraVolumes
- extraVolumes: [ ]
+ extraVolumes: []
# - name: images-map
# configMap:
# name: ui-config
## @skip ui.extraVolumeMounts
- extraVolumeMounts: [ ]
+ extraVolumeMounts: []
# - name: images-map
# mountPath: /static/logo.svg
# subPath: logo.svg
@@ -986,23 +967,23 @@ ingress:
secretName: dbrepo-ingress-tls-cert
annotations:
basic:
-# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+ # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
nginx.ingress.kubernetes.io/use-regex: "true"
rewriteApi:
-# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+ # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /api/$1
rewriteRoot:
-# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+ # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
rewriteRootSecure:
-# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+ # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$1
rewritePid:
-# cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
+ # cert-manager.io/cluster-issuer: letsencrypt-cluster-issuer
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /api/identifier/$1