diff --git a/helm/dbrepo/Chart.lock b/helm/dbrepo/Chart.lock
index b88a6d64d1a37d53ca6f8418025b051ac5a2fcc2..714bbb14065300fbbc4c811b2f8963d552831552 100644
--- a/helm/dbrepo/Chart.lock
+++ b/helm/dbrepo/Chart.lock
@@ -7,10 +7,10 @@ dependencies:
version: 21.6.1
- name: mariadb-galera
repository: https://charts.bitnami.com/bitnami
- version: 10.1.3
+ version: 14.0.12
- name: mariadb-galera
repository: https://charts.bitnami.com/bitnami
- version: 10.1.3
+ version: 14.0.12
- name: rabbitmq
repository: https://charts.bitnami.com/bitnami
version: 14.0.0
@@ -26,5 +26,5 @@ dependencies:
- name: prometheus
repository: https://charts.bitnami.com/bitnami
version: 1.3.22
-digest: sha256:b146630948770f1ae6822564173eecfcc66f75502a0449fd3556c920f7202a2b
-generated: "2024-11-22T09:41:42.713329569+01:00"
+digest: sha256:aa9cee8efad6f30ad296c7908cf4d9a5c50e1d87bcf2dde3b2e02306a686e1fd
+generated: "2024-11-22T19:46:10.620698662+01:00"
diff --git a/helm/dbrepo/Chart.yaml b/helm/dbrepo/Chart.yaml
index df5f0b8b7f7309d4e64436b41957868ddf4f7333..82ecce5354b3934e4bc5cc48d4f8c9576632fd9e 100644
--- a/helm/dbrepo/Chart.yaml
+++ b/helm/dbrepo/Chart.yaml
@@ -6,7 +6,7 @@ description: Helm Chart for installing DBRepo
sources:
- https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services
type: application
-version: "1.5.2-rc0"
+version: "1.5.1"
appVersion: "1.5.1"
keywords:
- dbrepo
@@ -28,12 +28,12 @@ dependencies:
condition: authservice.enabled
- name: mariadb-galera
alias: datadb
- version: 10.1.3 # app version: 11.1.3
+ version: 14.0.12 # app version: 11.4.4-debian-12-r0
repository: https://charts.bitnami.com/bitnami
- condition: database.enabled
+ condition: datadb.enabled
- name: mariadb-galera
alias: metadatadb
- version: 10.1.3 # app version: 11.1.3
+ version: 14.0.12 # app version: 11.4.4-debian-12-r0
repository: https://charts.bitnami.com/bitnami
condition: metadatadb.enabled
- name: rabbitmq
@@ -46,11 +46,6 @@ dependencies:
version: 0.4.5
repository: https://charts.bitnami.com/bitnami
condition: storageservice.enabled
- - name: tusd
- alias: uploadservice
- version: 0.1.2
- repository: https://charts.sagikazarmark.dev
- condition: uploadservice.enabled
- name: grafana
alias: dashboardservice
version: 10.1.1
diff --git a/helm/dbrepo/charts/mariadb-galera-10.1.3.tgz b/helm/dbrepo/charts/mariadb-galera-10.1.3.tgz
deleted file mode 100644
index c906aaf7634b20f0eaf9358b435b01086bdc4f55..0000000000000000000000000000000000000000
Binary files a/helm/dbrepo/charts/mariadb-galera-10.1.3.tgz and /dev/null differ
diff --git a/helm/dbrepo/charts/mariadb-galera-14.0.12.tgz b/helm/dbrepo/charts/mariadb-galera-14.0.12.tgz
new file mode 100644
index 0000000000000000000000000000000000000000..eabc99654a70a0b0d40f56f5f2ecf9af79c8c008
Binary files /dev/null and b/helm/dbrepo/charts/mariadb-galera-14.0.12.tgz differ
diff --git a/helm/dbrepo/charts/tusd-0.1.2.tgz b/helm/dbrepo/charts/tusd-0.1.2.tgz
deleted file mode 100644
index 61032d920f3e057c7826491088745b3087a01a79..0000000000000000000000000000000000000000
Binary files a/helm/dbrepo/charts/tusd-0.1.2.tgz and /dev/null differ
diff --git a/helm/dbrepo/templates/_resources.tpl b/helm/dbrepo/templates/_resources.tpl
new file mode 100644
index 0000000000000000000000000000000000000000..b29d741143ebd938d3af14fbd84bc43c241a2456
--- /dev/null
+++ b/helm/dbrepo/templates/_resources.tpl
@@ -0,0 +1,50 @@
+{{/*
+Copyright Broadcom, Inc. All Rights Reserved.
+SPDX-License-Identifier: APACHE-2.0
+*/}}
+
+{{/* vim: set filetype=mustache: */}}
+
+{{/*
+Return a resource request/limit object based on a given preset.
+These presets are for basic testing and not meant to be used in production
+{{ include "common.resources.preset" (dict "type" "nano") -}}
+*/}}
+{{- define "common.resources.preset" -}}
+{{/* The limits are the requests increased by 50% (except ephemeral-storage and xlarge/2xlarge sizes)*/}}
+{{- $presets := dict
+ "nano" (dict
+ "requests" (dict "cpu" "100m" "memory" "128Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "150m" "memory" "192Mi" "ephemeral-storage" "2Gi")
+ )
+ "micro" (dict
+ "requests" (dict "cpu" "250m" "memory" "256Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "375m" "memory" "384Mi" "ephemeral-storage" "2Gi")
+ )
+ "small" (dict
+ "requests" (dict "cpu" "500m" "memory" "512Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "750m" "memory" "768Mi" "ephemeral-storage" "2Gi")
+ )
+ "medium" (dict
+ "requests" (dict "cpu" "500m" "memory" "1024Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "750m" "memory" "1536Mi" "ephemeral-storage" "2Gi")
+ )
+ "large" (dict
+ "requests" (dict "cpu" "1.0" "memory" "2048Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "1.5" "memory" "3072Mi" "ephemeral-storage" "2Gi")
+ )
+ "xlarge" (dict
+ "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "3.0" "memory" "6144Mi" "ephemeral-storage" "2Gi")
+ )
+ "2xlarge" (dict
+ "requests" (dict "cpu" "1.0" "memory" "3072Mi" "ephemeral-storage" "50Mi")
+ "limits" (dict "cpu" "6.0" "memory" "12288Mi" "ephemeral-storage" "2Gi")
+ )
+ }}
+{{- if hasKey $presets .type -}}
+{{- index $presets .type | toYaml -}}
+{{- else -}}
+{{- printf "ERROR: Preset key '%s' invalid. Allowed values are %s" .type (join "," (keys $presets)) | fail -}}
+{{- end -}}
+{{- end -}}
\ No newline at end of file
diff --git a/helm/dbrepo/templates/analyse-deployment.yaml b/helm/dbrepo/templates/analyse-deployment.yaml
index 3adf32f77840cfe588d58d8a7202adc4681e6d7d..b2e069322b0ef05e11b80dbf2727d5590748389e 100644
--- a/helm/dbrepo/templates/analyse-deployment.yaml
+++ b/helm/dbrepo/templates/analyse-deployment.yaml
@@ -56,5 +56,7 @@ spec:
periodSeconds: 10
{{- if .Values.analyseservice.resources }}
resources: {{- toYaml .Values.analyseservice.resources | nindent 12 }}
+ {{- else if ne .Values.analyseservice.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.analyseservice.resourcesPreset) | nindent 12 }}
{{- end }}
{{- end }}
diff --git a/helm/dbrepo/templates/data-deployment.yaml b/helm/dbrepo/templates/data-deployment.yaml
index 3e3c308bf0369e80c0db93abee7d13d2c4cda268..291041948b34995f01fab7840b128567c2c2ffe1 100644
--- a/helm/dbrepo/templates/data-deployment.yaml
+++ b/helm/dbrepo/templates/data-deployment.yaml
@@ -56,7 +56,7 @@ spec:
periodSeconds: 10
{{- if .Values.dataservice.resources }}
resources: {{- toYaml .Values.dataservice.resources | nindent 12 }}
+ {{- else if ne .Values.dataservice.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.dataservice.resourcesPreset) | nindent 12 }}
{{- end }}
- volumeMounts: []
- volumes: []
{{- end }}
diff --git a/helm/dbrepo/templates/identity-statefulset.yaml b/helm/dbrepo/templates/identity-statefulset.yaml
index 1c2b3241bac8159a6a13fd4593d242e6be7adce0..4d69c9b41330552bd2bda292f234389c9c8c8d97 100644
--- a/helm/dbrepo/templates/identity-statefulset.yaml
+++ b/helm/dbrepo/templates/identity-statefulset.yaml
@@ -38,6 +38,11 @@ spec:
envFrom:
- secretRef:
name: identity-service-secret
+ {{- if .Values.identityservice.persistence.enabled }}
+ volumeMounts:
+ - name: openldap-data
+ mountPath: /bitnami/openldap
+ {{- end }}
livenessProbe:
exec:
command:
@@ -56,5 +61,20 @@ spec:
periodSeconds: 10
{{- if .Values.identityservice.resources }}
resources: {{- toYaml .Values.identityservice.resources | nindent 12 }}
+ {{- else if ne .Values.identityservice.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.identityservice.resourcesPreset) | nindent 12 }}
{{- end }}
+ {{- if .Values.identityservice.persistence.enabled }}
+ volumeClaimTemplates:
+ - metadata:
+ name: openldap-data
+ spec:
+ accessModes: [ "ReadWriteOnce" ]
+ {{- if .Values.global.storageClass }}
+ storageClassName: {{ .Values.global.storageClass }}
+ {{- end }}
+ resources:
+ requests:
+ storage: 8Gi
+ {{- end }}
{{- end }}
diff --git a/helm/dbrepo/templates/metadata-configmap.yaml b/helm/dbrepo/templates/metadata-configmap.yaml
index d05b8572d4b6fbe5862b9f9acc833ae23ed46d16..28db3e26c9dd7f00493b94f65521e4310e63b90a 100644
--- a/helm/dbrepo/templates/metadata-configmap.yaml
+++ b/helm/dbrepo/templates/metadata-configmap.yaml
@@ -12,7 +12,7 @@ data:
02-setup-data.sql: |
BEGIN;
INSERT INTO `mdb_containers` (name, internal_name, image_id, host, port, privileged_username, privileged_password)
- VALUES ('mariadb:11.1.3-debian-11-r6', 'mariadb_11_1_3', 1, 'data-db', 3306, '{{ .Values.datadb.rootUser.user }}', '{{ .Values.datadb.rootUser.password }}');
+ VALUES ('mariadb:11.4.4-debian-12-r0', 'mariadb_11_4_4', 1, 'data-db', 3306, '{{ .Values.datadb.rootUser.user }}', '{{ .Values.datadb.rootUser.password }}');
COMMIT;
01-setup-schema.sql: |
BEGIN;
diff --git a/helm/dbrepo/templates/metadata-deployment.yaml b/helm/dbrepo/templates/metadata-deployment.yaml
index 9919e301dc700c6e98867c9861b4cc2be01efd25..b00adf5e12bd377d69cf7f5cfd45adffe04a68c1 100644
--- a/helm/dbrepo/templates/metadata-deployment.yaml
+++ b/helm/dbrepo/templates/metadata-deployment.yaml
@@ -56,5 +56,7 @@ spec:
periodSeconds: 10
{{- if .Values.metadataservice.resources }}
resources: {{- toYaml .Values.metadataservice.resources | nindent 12 }}
+ {{- else if ne .Values.metadataservice.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.metadataservice.resourcesPreset) | nindent 12 }}
{{- end }}
{{- end }}
diff --git a/helm/dbrepo/templates/upload-deployment.yaml b/helm/dbrepo/templates/upload-deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1eb9eebd653a9537c3435c2c59e9657425e143a7
--- /dev/null
+++ b/helm/dbrepo/templates/upload-deployment.yaml
@@ -0,0 +1,62 @@
+{{- if .Values.uploadservice.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: upload-service
+ namespace: {{ include "common.names.namespace" . | quote }}
+ labels:
+ app: upload-service
+ service: upload-service
+spec:
+ replicas: {{ .Values.uploadservice.replicaCount }}
+ strategy:
+ type: {{ .Values.strategyType }}
+ selector:
+ matchLabels:
+ app: upload-service
+ service: upload-service
+ template:
+ metadata:
+ labels:
+ app: upload-service
+ service: upload-service
+ spec:
+ {{- if .Values.uploadservice.podSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.uploadservice.podSecurityContext "context" $) | nindent 8 }}
+ {{- end }}
+ containers:
+ - name: upload-service
+ image: {{ .Values.uploadservice.image.name }}
+ imagePullPolicy: {{ .Values.uploadservice.image.pullPolicy | default "IfNotPresent" }}
+ {{- if .Values.uploadservice.containerSecurityContext.enabled }}
+ securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.uploadservice.containerSecurityContext "context" $) | nindent 12 }}
+ {{- end }}
+ args:
+ - "-behind-proxy"
+ - "-max-size={{ .Values.uploadservice.s3.maxSize }}"
+ - "-base-path=/api/upload/files/"
+ - "-s3-endpoint={{ .Values.uploadservice.s3.endpoint}}"
+ - "-s3-bucket={{ .Values.uploadservice.s3.bucket }}"
+ ports:
+ - containerPort: 1080
+ protocol: TCP
+ envFrom:
+ - secretRef:
+ name: upload-service-secret
+ livenessProbe:
+ httpGet:
+ port: 1080
+ initialDelaySeconds: 120
+ periodSeconds: 10
+ readinessProbe:
+ httpGet:
+ port: 1080
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ {{- if .Values.uploadservice.resources }}
+ resources: {{- toYaml .Values.uploadservice.resources | nindent 12 }}
+ {{- else if ne .Values.uploadservice.resourcesPreset "none" }}
+ resources: {{- include "common.resources.preset" (dict "type" .Values.uploadservice.resourcesPreset) | nindent 12 }}
+ {{- end }}
+{{- end }}
diff --git a/helm/dbrepo/templates/upload-secret.yaml b/helm/dbrepo/templates/upload-secret.yaml
index c666ea2b05d0107a97f2485ebc843493de64776b..9b246d177e85dba3f588f39c6f15a77b9b77c7a3 100644
--- a/helm/dbrepo/templates/upload-secret.yaml
+++ b/helm/dbrepo/templates/upload-secret.yaml
@@ -1,4 +1,3 @@
-{{- if .Values.uploadservice.enabled }}
---
apiVersion: v1
kind: Secret
@@ -8,5 +7,4 @@ metadata:
stringData:
AWS_ACCESS_KEY_ID: "{{ .Values.storageservice.s3.auth.adminAccessKeyId }}"
AWS_SECRET_ACCESS_KEY: "{{ .Values.storageservice.s3.auth.adminSecretAccessKey }}"
- AWS_REGION: "default"
-{{- end }}
\ No newline at end of file
+ AWS_REGION: "{{ .Values.storageservice.s3.region | default "default" }}"
diff --git a/helm/dbrepo/values.yaml b/helm/dbrepo/values.yaml
index ef53e6201b0104e123cde4b70cae6d90da550bcd..7dbfd42dee0e2ba2b73a85d70e003685dd4f9915 100644
--- a/helm/dbrepo/values.yaml
+++ b/helm/dbrepo/values.yaml
@@ -179,23 +179,60 @@ searchdb:
uploadservice:
## @param uploadservice.enabled Enable the Upload Service.
enabled: true
- ## @skip uploadservice.fullnameOverride
- fullnameOverride: upload-service
## @skip uploadservice.image
image:
- repository: tusproject/tusd
- tag: v1.12
- ## @skip uploadservice.securityContext
- securityContext:
- allowPrivilegeEscalation: false
+ name: docker.io/tusproject/tusd:v1.12
+ s3:
+ ## @param dataservice.s3.endpoint The S3-capable endpoint the microservice connects to.
+ endpoint: http://storage-service-s3:8333
+ ## @param dataservice.s3.bucket The S3 bucket name.
+ bucket: dbrepo
+ ## @param dataservice.s3.bucket The maximum file size in bytes.
+ maxSize: "2000000000"
+ ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
+ podSecurityContext:
+ ## @param uploadservice.podSecurityContext.enabled Enable pods' Security Context
+ enabled: true
+ ## @param uploadservice.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
+ fsGroupChangePolicy: Always
+ ## @param uploadservice.podSecurityContext.sysctls Set kernel settings using the sysctl interface
+ sysctls: [ ]
+ ## @param uploadservice.podSecurityContext.supplementalGroups Set filesystem extra groups
+ supplementalGroups: [ ]
+ ## @param uploadservice.podSecurityContext.fsGroup Set RabbitMQ pod's Security Context fsGroup
+ fsGroup: 0
+ containerSecurityContext:
+ ## @param uploadservice.containerSecurityContext.enabled Enable containers' Security Context
+ enabled: true
+ ## @param uploadservice.containerSecurityContext.seLinuxOptions Set SELinux options in container
+ seLinuxOptions: { }
+ ## @param uploadservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
runAsUser: 1000
+ ## @param uploadservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
runAsGroup: 1000
+ ## @param uploadservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
runAsNonRoot: true
- seccompProfile:
- type: RuntimeDefault
+ ## @param uploadservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
+ allowPrivilegeEscalation: false
+ ## @param uploadservice.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+ readOnlyRootFilesystem: false
capabilities:
- drop:
- - ALL
+ ## @param uploadservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
+ drop: [ "ALL" ]
+ seccompProfile:
+ ## @param uploadservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+ type: "RuntimeDefault"
+ ## @param uploadservice.resourcesPreset The container resource preset
+ resourcesPreset: "micro"
+ ## @param uploadservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
## @skip uploadservice.containerArgs
containerArgs:
- "-behind-proxy"
@@ -266,6 +303,9 @@ brokerservice:
sslOptionsVerify: true
failIfNoPeerCert: true
existingSecret: ingress-cert
+ rbac:
+ ## @skip brokerservice.rbac.create
+ create: false
## @skip brokerservice.advancedConfigurationExistingSecret
advancedConfigurationExistingSecret: broker-service-secret
## @skip brokerservice.loadDefinition
@@ -334,15 +374,18 @@ analyseservice:
seccompProfile:
## @param analyseservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
- ## @skip analyseservice.resources
- resources:
- requests:
- cpu: 250m
- memory: 512Mi
- limits:
- cpu: 500m
- memory: 2048Mi
-
+ ## @param analyseservice.resourcesPreset The container resource preset
+ resourcesPreset: "micro"
+ ## @param analyseservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
+ resources: { }
## @param analyseservice.endpoint The url of the endpoint.
endpoint: http://analyse-service
s3:
@@ -398,14 +441,17 @@ metadataservice:
seccompProfile:
## @param metadataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
- ## @skip metadataservice.resources
- resources:
- requests:
- cpu: 250m
- memory: 512Mi
- limits:
- cpu: 1000m
- memory: 2048Mi
+ ## @param metadataservice.resourcesPreset The container resource preset
+ resourcesPreset: "micro"
+ ## @param metadataservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
## @param metadataservice.endpoint The Metadata Service endpoint.
endpoint: http://metadata-service
crossref:
@@ -497,6 +543,17 @@ dataservice:
seccompProfile:
## @param dataservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
+ ## @param dataservice.resourcesPreset The container resource preset
+ resourcesPreset: "large"
+ ## @param dataservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
## @skip dataservice.resources
grant:
## @param dataservice.grant.read The default database permissions for users with read access.
@@ -577,6 +634,17 @@ searchservice:
seccompProfile:
## @param searchservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
+ ## @param searchservice.resourcesPreset The container resource preset
+ resourcesPreset: "nano"
+ ## @param searchservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
## @skip searchservice.resources
resources:
requests:
@@ -605,6 +673,9 @@ storageservice:
fullnameOverride: storage-service-db
## @skip storageservice.mariadb.enabled
enabled: true
+ primary:
+ ## @skip storageservice.mariadb.primary.resourcesPreset The container resource preset
+ resourcesPreset: "nano"
auth:
## @param storageservice.mariadb.auth.rootPassword The user password for the root user.
rootPassword: seaweedfsdb
@@ -675,7 +746,7 @@ identityservice:
## @param identityservice.containerSecurityContext.runAsUser Set RabbitMQ containers' Security Context runAsUser
runAsUser: 1001
## @param identityservice.containerSecurityContext.runAsGroup Set RabbitMQ containers' Security Context runAsGroup
- runAsGroup: 1001
+ runAsGroup: 0
## @param identityservice.containerSecurityContext.runAsNonRoot Set RabbitMQ container's Security Context runAsNonRoot
runAsNonRoot: true
## @param identityservice.containerSecurityContext.allowPrivilegeEscalation Set container's privilege escalation
@@ -685,17 +756,22 @@ identityservice:
capabilities:
## @param identityservice.containerSecurityContext.capabilities.drop Set container's Security Context runAsNonRoot
drop: [ "ALL" ]
+ ## @param identityservice.containerSecurityContext.capabilities.add Set container's Security Context runAsNonRoot
+ add: [ "NET_BIND_SERVICE" ]
seccompProfile:
## @param identityservice.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
- ## @skip identityservice.resources
- resources:
- requests:
- cpu: 250m
- memory: 512Mi
- limits:
- cpu: 500m
- memory: 2048Mi
+ ## @param identityservice.resourcesPreset The container resource preset
+ resourcesPreset: "nano"
+ ## @param identityservice.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
## @param identityservice.users The admin username for internal authentication.
users: admin
## @param identityservice.userPasswords The admin user password for internal authentication.
@@ -766,6 +842,17 @@ ui:
seccompProfile:
## @param ui.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
type: "RuntimeDefault"
+ ## @param ui.resourcesPreset The container resource preset
+ resourcesPreset: "nano"
+ ## @param ui.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
+ ## Example:
+ ## resources:
+ ## requests:
+ ## cpu: 250m
+ ## memory: 64Mi
+ ## limits:
+ ## cpu: 500m
+ ## memory: 1024Mi
## @skip ui.resources
resources:
requests:
@@ -881,6 +968,9 @@ metricdb:
## @skip metricdb.alertmanager.service.type
type: ClusterIP
server:
+ rbac:
+ ## @skip metricdb.server.rbac.create
+ create: false
service:
## @skip metricdb.server.service.type
type: ClusterIP