From e12111b82ae678b7ba8103ce6d4112e312221026 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 4 Apr 2024 14:20:38 +0300 Subject: [PATCH 1/9] Added `properties` for inserting additional GraphDB configurations in the properties configmap --- CHANGELOG.md | 1 + files/config/graphdb.properties | 523 +------------------- files/config/proxy/graphdb.properties | 71 --- templates/graphdb/configmap-properties.yaml | 10 +- templates/graphdb/statefulset.yaml | 1 + values.yaml | 3 + 6 files changed, 15 insertions(+), 594 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f51df528..06fcf890 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ TODO: short info about being decoupled from GraphDB - Values in `labels` and `annotations` are now evaluated as templates - Added separate `labels` and `annotations` for the cluster proxy - Added GraphDB and GraphDB proxy hostnames resolution in the init containers +- Added `properties` for inserting additional GraphDB configurations in the properties configmap ### Updates diff --git a/files/config/graphdb.properties b/files/config/graphdb.properties index eeb8df0b..a45894f7 100644 --- a/files/config/graphdb.properties +++ b/files/config/graphdb.properties @@ -1,524 +1,3 @@ -####### PATHS AND DIRECTORIES ###### -# -# GraphDB home directory. Defines the root directory for GraphDB on the file system. -# It acts as a parent for all configurable paths like repository data, configuration, logs and other runtime -# data unless the location for a specific functionality is explicitly set by its corresponding property. -# The default is the same as the GraphDB distribution directory. -# The actual values for graphdb.home and the other graphdb.home.xxx properties will be printed in the log -# when GraphDB starts. -# -# graphdb.home = -# -# -# GraphDB data directory. Defines the directory where the engine stores all repository data. -# This directory must be writable by the GraphDB process. -# The default is ${graphdb.home}/data. -# -# graphdb.home.data = -# -# -# GraphDB logs directory. Defines the directory where the log files are written. -# This directory must be writable by the GraphDB process. -# The default is ${graphdb.home}/logs. -# -# graphdb.home.logs = -# -# -# GraphDB configuration directory. Used for user-editable configuration, including this file. Stores -# provided runtime license through the application, persisted as ${graphdb.home.conf}/graphdb.license. -# This directory and all files within it may be read-only for GraphDB only if no license is set in the way described above. -# The default is ${graphdb.home}/conf. -# -# Since the location of this config file depends on this property, it does not make sense to set it here. -# Instead you can provide is a system property with -D. -# -# graphdb.home.conf = -# -# -# GraphDB work directory. Used for non-user-editable database configurations. -# This directory must be writable by the GraphDB process. -# The default is ${graphdb.home}/work. -# -# graphdb.home.work = -# -# -# GraphDB external plugins directory. This can be used to add -# additional external plugins outside the distribution's lib/plugins directory. -# -# graphdb.extra.plugins = -# -# -# Graphdb global page cache memory parameter. By default the page cache will -# allocate 50% of the maximum Java heap memory (-Xmx) for the JVM process. -# Setting this value too high will cause OME during the execution of memory intensive queries. -# -# graphdb.page.cache.size=10G +# See https://graphdb.ontotext.com/documentation/ for supported properties -###### LICENSE ###### -# -# The license can be set through the GraphDB Workbench, through a file graphdb.license -# in the GraphDB configuration directory (see graphdb.home.conf above), or through this -# property that should point to a license file: -# -# graphdb.license.file = - - -###### GraphDB Ontop JDBC Driver Path ###### -# -# GraphDB directory for the JDBC driver used in the creation of Ontop repositories. -# Use it when you want to set it to a directory different from the lib/jdbc one where the driver is normally placed. -# -# graphdb.ontop.jdbc.path = - - -###### Ontop Properties ###### -# -# Ontop configuration attribute can be passed through a property: -# -# graphdb.ontop.=xxx - - -###### NETWORK SETTINGS ###### -# -# HTTP port for running GraphDB in standalone mode. The default is 7200. -# -# graphdb.connector.port = 7200 -# -# Controls whether it is necessary to rewrite the Location header when no proxy is configured. -# Setting this property to true will use the graphdb.external-url when building the transaction URLs. -# Set it to true when the returned URLs are incorrect due to missing or invalid proxy configurations. -# Set it to false when the server can be called on multiple addresses, -# as it will override the returned address to the one defined by the graphdb.external-url. -# Boolean, default is false. -# -# graphdb.external-url.enforce.transactions = false -# -# Enable SSL (uncomment to enable) -# graphdb.connector.SSLEnabled = true -# graphdb.connector.scheme = https -# graphdb.connector.secure = true -# -# GraphDB uses the Java implementation of SSL, which requires a configured key in the Java keystore. -# To setup keystore uncomment the following properties and set keystorePass and keyPass to the actual values. -# -# The default is the file .keystore in the operating system home directory of the user that is running GraphDB -# graphdb.connector.keystoreFile = -# graphdb.connector.keystorePass = -# graphdb.connector.keyAlias = graphdb -# graphdb.connector.keyPass = -# -# How to generate a keystore? -# -# Option 1: Generate a self-signed key, which would require to trust the certificate in all clients. -# -# keytool -genkey -alias graphdb -keyalg RSA -# -# Option 2: Convert a third party trusted OpenSSL certificate to PKCS12 key and then import to the Java keystore. -# -# keytool -importkeystore -deststorepass MYPASS -srckeystore mypkcs12.p12 -srcstoretype PKCS12 -# -# For any additional information please refer to https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html -# -# In addition to the above settings, you can set any Tomcat Connector attribute through a property: -# graphdb.connector. = xxx -# -# See https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#Attributes for more information. -# -# Another option is to use Self Signed SSL Certificate setting following two properties -# -# graphdb.connector.SSLCertificateFile = -# graphdb.connector.SSLCertificateKeyFile = - - -###### ENGINE OVERRIDE ###### -# -# The GraphDB Engine can be configured through a set of properties that start with the graphdb.engine. prefix. -# These properties correspond to the properties that can be set when creating a repository through the Workbench -# or through a .ttl file. -# -# Note that properties defined here WILL OVERRIDE the properties for each repository, regardless of whether you created -# the repository before or after you set the global value of an engine property. As such, the global overrides -# should be used only in specific cases while for normal everyday needs you should set the corresponding properties -# when you create a repository. -# -# -# graphdb.engine. = xxx - - -# A global setting that ensures IRI validation in the entity pool. It is performed only when an IRI is seen for the first time -# (i.e., when being created in the entity pool). For consistency reasons, not only IRIs coming from RDF serializations, -# but also all new IRIs (via API or SPARQL), will be validated in the same way. -# This property can be turned off by setting its value to false. -# -# graphdb.engine.entity.validate = true - - -###### AUTHENTICATION TOKEN SECRET ###### -# -# GraphDB authentication token secret could be set by passing it as a configuration parameter -# -# graphdb.auth.token.secret = -# -# In case of not explicitly specified, GraphDB will try to obtain one automatically from the SSL -# certificate if present or will randomly generate one - -###### OPENID AUTHENTICATION ###### -# -# OpenId is used for authentication against another authorization database (local or LDAP). -# Password authentication can be disabled in addition. -# -# Enable OpenId authentication. The default value is 'basic, gdb'. -# Provide only 'openid' if password-based login methods (basic and gdb) are not needed. -# graphdb.auth.methods = basic, gdb, openid -# -# OpenID issuer URL, used to derive keys, endpoints and token validation. No default value. -# graphdb.auth.openid.issuer = https://accounts.example.com -# -# OpenID well-known config URL, used to fetch the OpenID configuration of the OpenID provider. -# The default value will be derived by appending /.well-known/openid-configuration to the issuer URL. -# Use this setting if your OpenID does not conform to the specification and the well-known config is -# served on a different URL than the default standard-mandated value. -# graphdb.auth.openid.well_known_config_url = https://openid.example.com/custom/.well-known/openid-configuration -# -# OpenID header types, specifies the allowed values for the field "typ" in the JWT header. -# The value is a comma-delimited list, where 'null' is interpreted as 'no value'. -# The default value is 'jwt, at+jwt, null' and will allow tokens with "typ": "jwt", "typ": "at+jwt", -# as well as tokens with a missing "typ" value. -# graphdb.auth.openid.header_types = jwt, at+jwt, null -# -# OpenID client ID, used to authenticate and validate tokens. No default value. -# graphdb.auth.openid.client_id = my-client-id -# -# OpenID claim to use as the GraphDB username. No default value. -# graphdb.auth.openid.username_claim = email -# -# OpenID authentication flow: code, code_no_pkce or implicit. No default value. -# The recommended value is 'code' if the OpenId provider supports it with PKCE without a client secret. -# graphdb.auth.openid.auth_flow = code -# -# OpenID token type to send to GraphDB. The available values are 'access' and 'id'. No default value. -# Use the access token if it is a JWT token, otherwise use the id token. -# graphdb.auth.openid.token_type = access -# -# OpenID expected issuer URL in tokens, used to validate tokens. The default is the same as the actual issuer URL. -# graphdb.auth.openid.token_issuer = https://accounts.example.com/custom -# -# OpenID expected audience in tokens, used to validate tokens. The default value is the same as the client ID. -# graphdb.auth.openid.token_audience = my-audience -# -# OpenID extra scopes to request. Multiple scopes can be specified by separating them with a space. -# By default GraphDB requests only the 'openid' scope and, if supported, the 'offline_access' scope. -# Scopes are used to request sets of claims, e.g. you might need to set this to a provider-specific value -# in order to obtain the username_name or the roles_claim (if using OAuth as well). The default value is empty. -# graphdb.auth.openid.extra_scopes = profile email -# -# OpenID extra parameters for the authorize endpoint. Some OpenID providers require additional parameters sent -# to the authorize endpoint (e.g. resource=xxx). This is a URL encoded string where each parameter-value pair -# is delimited by &. The string will be appended to the rest of the authorize URL parameters. -# The default value is the empty string. -# graphdb.auth.openid.authorize_parameters = param1=value%201¶m2=value%202 -# -# OpenID Oracle identity domain. Oracle Access Manager has a non-standard OpenID implementation that requires -# an additional parameter: the Oracle identity domain name. If you use OAM set this to your identity domain name. -# graphdb.auth.openid.oracle_domain = my-oracle-domain -# -# OpenID use GraphDB as proxy for the JWKS URL and token endpoints. This can be used to bypass an OpenID provider -# without a proper CORS configuration. The value is a boolean true/false. False by default. -# graphdb.auth.openid.proxy = false - -###### OPENID AUTHENTICATION + OAUTH AUTHORIZATION ###### -# -# OpenId is used for authentication and the authorization is provided via OAuth. -# Password authentication is not available in this mode. -# -# Enable OpenId authentication and disable password-based login. The default value is 'basic, gdb'. -# graphdb.auth.methods = openid -# -# Enable OAuth authorization. The default value is 'local' corresponding to local users. -# graphdb.auth.database = oauth -# -# Set case-insensitive validation for user accounts so that users can log in regardless of the case used at login time. -# The default value is false. -# graphdb.auth.database.case_insensitive = false -# -# OpenID issuer URL, used to derive keys, endpoints and token validation. No default value. -# graphdb.auth.openid.issuer = https://accounts.example.com -# -# OpenID client ID, used to authenticate and validate tokens. No default value. -# graphdb.auth.openid.client_id = my-client-id -# -# OpenID claim to use as the GraphDB username. No default value. -# This will be interpreted as a JSONPath expression, so for example the value "roles.graphdb" -# will first access the object under the "roles" key and then extract the roles from the "graphdb" -# key inside that object. -# graphdb.auth.openid.username_claim = email -# -# OpenID authentication flow: code, code_no_pkce or implicit. No default value. -# The recommended value is 'code' if the OpenId provider supports it with PKCE without a client secret. -# graphdb.auth.openid.auth_flow = code -# -# OpenId token type to send to GraphDB. The available values are 'access' and 'id'. No default value. -# Use the access token if it is a JWT token, otherwise use the id token. -# graphdb.auth.openid.token_type = access -# -# OpenID expected issuer URL in tokens, used to validate tokens. The default is the same as the actual issuer URL. -# graphdb.auth.openid.token_issuer = https://accounts.example.com/custom -# -# OpenID expected audience in tokens, used to validate tokens. The default value is the same as the client ID. -# graphdb.auth.openid.token_audience = my-audience -# -# OpenID extra parameters for the authorize endpoint. Some OpenID providers require additional parameters sent -# to the authorize endpoint (e.g. resource=xxx). This is a URL encoded string where each parameter-value pair -# is delimited by &. The string will be appended to the rest of the authorize URL parameters. -# The default value is the empty string. -# graphdb.auth.openid.authorize_parameters = param1=value%201¶m2=value%202 -# -# OpenID use GraphDB as proxy for the JWKS URL and token endpoints. This can be used to bypass an OpenID provider -# without a proper CORS configuration. The value is a boolean true/false. False by default. -# graphdb.auth.openid.proxy = false -# -# OAuth roles claim. The field from the JWT token that will provide the GraphDB roles. No default value. -# graphdb.auth.oauth.roles_claim = roles -# -# OAuth roles prefix to strip. The roles claim may provide the GraphDB roles with some prefix, e.g. GDB_ROLE_USER. -# The prefix will be stripped when the roles are mapped. The default value is the empty string. -# graphdb.auth.oauth.roles_prefix = GDB_ -# -# OAuth roles suffix to strip. The roles claim may provide the GraphDB roles with some suffix, e.g. ROLE_USER_GDB. -# The suffix will be stripped when the roles are mapped. The default value is the empty string. -# graphdb.auth.oauth.roles_suffix = ROLE_USER_GDB -# -# OAuth default roles to assign. It may be convenient to always assign certain roles without listing them in the roles -# claim. The value is a comma-delimited list of GraphDB roles. The default value is the empty list. -# -# graphdb.auth.oauth.default_roles = ROLE_USER - -###### LDAP AUTHENTICATION AND AUTHORIZATION ###### -# -# Turn on ldap authentication and configure the server. -# -# Note that since GraphDB 9.5 local users will no longer be accessible when using LDAP -# -# graphdb.auth.database = ldap -# graphdb.auth.ldap.url = ldap://localhost:10389/dc=example,dc=org - -# Permit access for all users that are part of the \u201Cpeople\u201D unit of the fictional \u201Cexample.org\u201D organisation. -# -# graphdb.auth.ldap.user.search.base = ou=people -# graphdb.auth.ldap.user.search.filter = (cn={0}) - -# Make all users in the Administration group GraphDB administrators as well. -# -# graphdb.auth.ldap.role.search.base = ou=groups -# graphdb.auth.ldap.role.search.filter = (member={0}) -# graphdb.auth.ldap.role.map.administrator = Administration - -# Make all users in the Management group GraphDB Repository Managers as well. -# -# graphdb.auth.ldap.role.map.repositoryManager = Management - -# Enable all users in the Readers group to read the my_repo repository. -# -# graphdb.auth.ldap.role.map.repository.read.my_repo = Readers - -# Enable all users in the Writers group to write and read the my_repo repository. -# -# graphdb.auth.ldap.role.map.repository.write.my_repo = Writers - -# All entries located under the "groups" organizational unit that have members (i.e., groups), -# will be able to read repositories that share their common name. -# -# graphdb.auth.ldap.repository.read.base = ou=groups -# graphdb.auth.ldap.repository.read.filter = (member={0}) -# graphdb.auth.ldap.repository.read.attribute = cn - -# All entries located under the "groups" organizational unit that have members (i.e., groups), -# will be able to read and write to repositories that share their common name. -# -# graphdb.auth.ldap.repository.write.base = ou=groups -# graphdb.auth.ldap.repository.write.filter = (member={0}) -# graphdb.auth.ldap.repository.write.attribute = cn - -# Required for accessing a LDAP server, that does not allow anonymous binds and anonymous access -# -# graphdb.auth.ldap.bind.userDn = uid=userId,ou=people,dc=example,dc=org -# graphdb.auth.ldap.bind.userDn.password = 123456 - -# Adds to all users in Readers group custom role. -# -# graphdb.auth.ldap.map.role.role_name = Readers - -###### KERBEROS AUTHENTICATION ###### -# -# Enables Kerberos authentication. The default value is 'basic, gdb'. -# -# graphdb.auth.methods = basic, gdb, kerberos -# -# Full or relative (to the GraphDB config directory) path to where the keys -# of the Kerberos service principal are stored. No default value. Required if Kerberos is enabled -# You can find more on how to create a keytab file https://web.mit.edu/kerberos/krb5-devel/doc/basic/keytab_def.html -# -# graphdb.auth.kerberos.keytab = -# -# Name of the Kerberos service principal. No default value. Required if Kerberos is enabled. -# -# graphdb.auth.kerberos.principal = HTTP/data.example.com@EXAMPLE.COM -# -# Determines whether to print additional Kerberos-related messages -# in some of the Spring Kerberos classes. Default value is false. -# -# graphdb.auth.kerberos.debug = true/false - -###### X.509 CERTIFICATE AUTHENTICATION + LOCAL or LDAP AUTHORIZATION ###### -# -# X.509 certificate authentication is used for authentication against another authorization database (local or LDAP). -# -# Enable X.509 certificate authentication. The default value is 'basic, gdb'. -# Provide only 'x509' if password-based login methods (basic and gdb) are not needed. -# graphdb.auth.methods = basic, gdb, x509 -# -# Enable local or LDAP authorization. The default value is 'local' corresponding to local users. -# If LDAP is the chosen authorization database, follow the instructions for its enabling. -# graphdb.auth.database = ldap -# -# Provides the regular expression to extract the username from the certificate. -# The default is "CN=(.*?)(?:,|$)". Uncomment to provide a custom expression. -# graphdb.auth.methods.x509.subject.dn.pattern = CN=(.*?)(?:,|$) -# -# To implement server-side X.509 authentication, enable SSL. -# -# To set up a truststore different from the default JRE one, uncomment the following -# properties and set 'truststoreFile' and 'truststorePass' to their actual values. -# -# graphdb.connector.truststoreFile = -# graphdb.connector.truststorePass = -# -##### X.509 CERTIFICATE AUTHENTICATION REVOCATION STATUS CHECK CONFIGURATION ###### -# -# Controls whether OCSP checks are performed, true by default. -# graphdb.auth.methods.x509.ocsp = true -# -# Controls whether CRLDP checks are performed, true by default. -# graphdb.auth.methods.x509.crldp = true -# -# Uncomment the following to set a Certificate Revocation List to Tomcat, -# which will allow revocation checks for certificates that do not provide -# an Authority Information Access (AIA) extension, or as an alternative -# in case of OCSP or CrlDP responders downtime. -# graphdb.auth.methods.x509.crlFile = - -###### Cloud backup and Restore ###### -# -# Enable tls for connections against s3 compatible services. To set up a truststore different from the default JRE one -# set `graphdb.connector.truststoreFile` and `graphdb.connector.truststorePass` -# graphdb.s3.tls.enabled = false -# -# Timeout in seconds for a cloud backup's single part upload. -# graphdb.s3.backup.httpclient.write.timeout = 3600 - -###### AUDIT TRAIL ###### -# -# Enable the detail audit trail for all operations with the minimal access role of: -# USER, REPO_MANAGER, ADMIN, ANY -# -# graphdb.audit.role = USER -# -# and read, write operations with the minimal access of: -# READ, WRITE -# -# graphdb.audit.repository = READ -# -# Audit the specific headers -# -# graphdb.audit.headers = Origin, Host -# -# List headers that should be included into logs in front of client requests. -# -# graphdb.request.id.alternatives = X-Amz-Request-Id -# -# Enable logging of "X-Request-Id" header and listed in graphdb.request.id.alternatives headers into any log. -# "X-Request-Id" header will be included by default. In case "X-Request-Id" is not present in the headers of -# the request it will be generated randomly in UUID type 5 format. -# -# graphdb.append.request.id.headers = true - -###### CLUSTER CONFIGURATIONS ###### - -# Embedded cluster proxy configurations - -# Uncomment to disable the embedded cluster proxy that redirects requests to the leader in cluster deployment. -# Will be disabled automatically if external proxy is used. -#graphdb.cluster.proxy.enabled=false - -# The following configurations represents the defaults of the HTTP client used to redirect requests. -# Uncomment and change any of the default values -# -1 means infinite timeout -# The connection timeout is in seconds -#graphdb.cluster.proxy.socketTimeout=-1 -#graphdb.cluster.proxy.connectionTimeoutS=15 -# This limits the maximum number of concurrent requests send to the leader -#graphdb.cluster.proxy.maxConnectionsPerRoute=30000 -#graphdb.cluster.proxy.maxConnectionsTotal=50000 - -# Dedicated cluster proxy configurations - -# List the addresses of GraphDB HTTP or RPC address to the nodes that are part of a cluster -# Note that all of the addresses need to be from the same cluster -# graphdb.proxy.hosts = -# The number of times a request to be retried to a different node in the cluster, when a node is not reachable, before failing the request. -# If a request could be handled by other node, other than the initial one, then other node from the cluster will be -# asked to handle the request. -# graphdb.proxy.followerRetries=3 - - -###### CHATGPT INTEGRATION ###### -# -# GraphDB has built-in ChatGPT integration. The minimum required configuration is setting the GPT access token. -# -# GPT API access token, none by default. -# graphdb.gpt.token = -# -# GPT model to use, gpt-3.5-turbo by default. -# graphdb.gpt.model = gpt-3.5-turbo -# -# GPT timeout in seconds, 90 by default. -# graphdb.gpt.timeout = 90 -# -# -# GPT advanced options below - setting these may be needed if the integration should use a different API endpoint -# and/or a different authentication method. See the documentation for more details. -# -# GPT chat completions API endpoint, https://api.openai.com/v1/chat/completions by default. -# graphdb.gpt.url = https://api.openai.com/v1/chat/completions -# -# GPT authentication method, bearer by default. -# graphdb.gpt.auth = bearer - - -# Server report in cluster configuration - -# The maximum time to wait for a triggered report is configured with a default value of 120 minutes. -#graphdb.wait.report.minutes=120 - -###### HEAP DUMPS ###### -# -# GraphDB can dump the heap on out of memory errors in order to provide insight to the cause -# for excessive memory usage. -# -# Enable or disable the heap dump (enabled by default) -# graphdb.heapdump.enable = true -# -# File to write the heap dump to, by default this is the file heapdump.hprof in the configured logs directory. -# See also the properties graphdb.home and graphdb.home.logs. -# graphdb.heapdump.path = - -###### JSON-LD WHITELIST ###### -# -# The configuration property 'graphdb.jsonld.whitelist' is used to define a whitelist -# of URLs or file locations that are permitted for JSON-LD processing in GraphDB. -# -# The whitelist is a comma-separated list of URLs or file locations. -# The wildcard (*) in URLs or file paths allows for fine-grained control, enabling administrators to specify entire domains or directories. -# Each entry in the list represents a resource that is considered safe for JSON-LD operations. -# graphdb.jsonld.whitelist = https://my.good_host.com/prop, https://my.good_host.com/*, file:///my/good/jsonld/prop, file:///my/good/jsonld/* diff --git a/files/config/proxy/graphdb.properties b/files/config/proxy/graphdb.properties index 27e1d747..2526393d 100644 --- a/files/config/proxy/graphdb.properties +++ b/files/config/proxy/graphdb.properties @@ -1,73 +1,2 @@ -###### NETWORK SETTINGS ###### -# -# HTTP port for running GraphDB in standalone mode. The default is 7200. -# -# graphdb.connector.port = 7200 -# -# Controls whether it is necessary to rewrite the Location header when no proxy is configured. -# Setting this property to true will use the graphdb.external-url when building the transaction URLs. -# Set it to true when the returned URLs are incorrect due to missing or invalid proxy configurations. -# Set it to false when the server can be called on multiple addresses, -# as it will override the returned address to the one defined by the graphdb.external-url. -# Boolean, default is false. -# -# graphdb.external-url.enforce.transactions = false -# -# Enable SSL (uncomment to enable) -# graphdb.connector.SSLEnabled = true -# graphdb.connector.scheme = https -# graphdb.connector.secure = true -# -# GraphDB uses the Java implementation of SSL, which requires a configured key in the Java keystore. -# To setup keystore uncomment the following properties and set keystorePass and keyPass to the actual values. -# -# The default is the file .keystore in the operating system home directory of the user that is running GraphDB -# graphdb.connector.keystoreFile = -# graphdb.connector.keystorePass = -# graphdb.connector.keyAlias = graphdb -# graphdb.connector.keyPass = -# -# How to generate a keystore? -# -# Option 1: Generate a self-signed key, which would require to trust the certificate in all clients. -# -# keytool -genkey -alias graphdb -keyalg RSA -# -# Option 2: Convert a third party trusted OpenSSL certificate to PKCS12 key and then import to the Java keystore. -# -# keytool -importkeystore -deststorepass MYPASS -srckeystore mypkcs12.p12 -srcstoretype PKCS12 -# -# For any additional information please refer to https://tomcat.apache.org/tomcat-9.0-doc/ssl-howto.html -# -# In addition to the above settings, you can set any Tomcat Connector attribute through a property: -# graphdb.connector. = xxx -# -# See https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#Attributes for more information. -# -# Another option is to use Self Signed SSL Certificate setting following two properties -# -# graphdb.connector.SSLCertificateFile = -# graphdb.connector.SSLCertificateKeyFile = - -###### AUTHENTICATION TOKEN SECRET ###### -# -# GraphDB authentication token secret could be set by passing it as a configuration parameter -# -# graphdb.auth.token.secret = -# -# In case of not explicitly specified, GraphDB will try to obtain one automatically from the SSL -# certificate if present or will randomly generate one - -###### CLUSTER CONFIGURATIONS ###### - -# Dedicated cluster proxy configurations - # List the addresses of GraphDB HTTP or RPC address to the nodes that are part of a cluster -# Note that all of the addresses need to be from the same cluster - graphdb.proxy.hosts={{ include "graphdb-proxy.cluster.nodes" . }} - -# The number of times a request to be retried to a different node in the cluster, when a node is not reachable, before failing the request. -# If a request could be handled by other node, other than the initial one, then other node from the cluster will be -# asked to handle the request. -# graphdb.proxy.followerRetries=3 diff --git a/templates/graphdb/configmap-properties.yaml b/templates/graphdb/configmap-properties.yaml index 36ce553d..99db7060 100644 --- a/templates/graphdb/configmap-properties.yaml +++ b/templates/graphdb/configmap-properties.yaml @@ -11,5 +11,13 @@ metadata: {{- end }} data: {{ .Values.configuration.properties.configmapKey }}: |- - {{- tpl ( .Files.Get "files/config/graphdb.properties" ) . | nindent 4 }} + {{- tpl ( .Files.Get "files/config/graphdb.properties" | trim ) . | nindent 4 }} + {{- if .Values.properties }} + ##### Overrides from values.yaml ##### + {{ range $key, $val := .Values.properties }} + {{- if ne $val nil }} + {{- $key }}={{ tpl ($val | toString) $ | quote }} + {{- end }} + {{- end }} + {{- end }} {{- end }} diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index 804230a6..c15504d6 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -193,6 +193,7 @@ spec: echo 'Configuring graphdb.properties' cat /tmp/graphdb/graphdb.properties > /opt/graphdb/home/conf/graphdb.properties echo "" >> /opt/graphdb/home/conf/graphdb.properties + echo "##### Overrides from initContainer #####" >> /opt/graphdb/home/conf/graphdb.properties echo "Configuring GraphDB hostname: $(hostname --fqdn)" echo "graphdb.vhosts=$(hostname --fqdn):7200, ${GRAPHDB_PUBLIC_URL}" >> /opt/graphdb/home/conf/graphdb.properties diff --git a/values.yaml b/values.yaml index 75e6f7f5..238a0aa1 100644 --- a/values.yaml +++ b/values.yaml @@ -53,6 +53,9 @@ provision: existingConfigmap: "" configmapKey: "users.js" +# Additional GraphDB properties to insert in the properties configmap +properties: {} + ####### DEPLOYMENT CONFIGURATIONS ####### deployment: # -- Defines the policy with which components will request their image. From 5dd140186340e58087c3cf928125fdb29e1a9219 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 4 Apr 2024 14:22:36 +0300 Subject: [PATCH 2/9] Updated `workbench.subpath` to serve GraphDB at context path `/` by default --- CHANGELOG.md | 1 + values.yaml | 3 +-- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 06fcf890..eac57ded 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -25,6 +25,7 @@ TODO: short info about being decoupled from GraphDB - Resource names are no longer hardcoded and are using the templates for `nameOverride` and `fullnameOverride` - Removed setting FQDN as hostnames in GraphDB and the proxy in favor of dynamically resolving and configuring the hostnames in the init containers - Configmaps from `graphdb.configs` are now under `configuration` and with a different structure allowing better reuse of existing configmaps +- Updated `workbench.subpath` to serve GraphDB at context path `/` by default ## Version 10.6.0-R2 diff --git a/values.yaml b/values.yaml index 238a0aa1..ad733edb 100644 --- a/values.yaml +++ b/values.yaml @@ -326,8 +326,7 @@ graphdb: # GraphDB workbench configurations workbench: # -- This is the sub path at which GraphDB workbench can be opened. - # Should be configured in the API gateway (or any other proxy in front) - subpath: /graphdb + subpath: / # WARNING: Setting enabled to true in most cloud providers will result in an error # Attach additional PV which will be used as an import directory From c1ebf61081e09c70e32191066ebb37dc61702374 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 4 Apr 2024 15:06:54 +0300 Subject: [PATCH 3/9] GDB-7988: Image pull secrets updates - Updated `deployment.imagePullSecret` to be a list, e.g. `deployment.imagePullSecrets` - Values from imagePullSecrets are now templated - Simplified the helper template for rendering imagePullSecrets --- CHANGELOG.md | 3 ++- templates/_helpers.yaml | 14 ++------------ templates/graphdb/statefulset.yaml | 4 +++- templates/jobs/job-create-cluster.yaml | 4 +++- templates/jobs/job-patch-cluster.yaml | 4 +++- templates/jobs/job-provision-repositories.yaml | 4 +++- templates/jobs/job-scale-down-cluster.yaml | 4 +++- templates/jobs/job-scale-up-cluster.yaml | 4 +++- templates/proxy/statefulset.yaml | 4 +++- values.yaml | 7 +++---- 10 files changed, 28 insertions(+), 24 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eac57ded..e703ccda 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -9,7 +9,6 @@ TODO: short info about being decoupled from GraphDB - Added `annotations` for common annotations across resources - Added `graphdb.serviceAccount` allowing you to create or use an existing service account for GraphDB pods. -- Values in `labels` and `annotations` are now evaluated as templates - Added separate `labels` and `annotations` for the cluster proxy - Added GraphDB and GraphDB proxy hostnames resolution in the init containers - Added `properties` for inserting additional GraphDB configurations in the properties configmap @@ -17,6 +16,7 @@ TODO: short info about being decoupled from GraphDB ### Updates - GraphDB properties and logback configuration configmaps are now applied by default +- Values in `labels`, `annotations` and `imagePullSecrets` are now evaluated as templates ### Breaking @@ -26,6 +26,7 @@ TODO: short info about being decoupled from GraphDB - Removed setting FQDN as hostnames in GraphDB and the proxy in favor of dynamically resolving and configuring the hostnames in the init containers - Configmaps from `graphdb.configs` are now under `configuration` and with a different structure allowing better reuse of existing configmaps - Updated `workbench.subpath` to serve GraphDB at context path `/` by default +- Updated `deployment.imagePullSecret` to be a list, e.g. `deployment.imagePullSecrets` ## Version 10.6.0-R2 diff --git a/templates/_helpers.yaml b/templates/_helpers.yaml index 4b3a2974..3be9b627 100644 --- a/templates/_helpers.yaml +++ b/templates/_helpers.yaml @@ -15,18 +15,8 @@ Renders the URL address at which GraphDB would be accessed Combined image pull secrets */}} {{- define "graphdb.combinedImagePullSecrets" -}} - {{- $secrets := list -}} - - {{- if .Values.deployment.imagePullSecret -}} - {{- $secret := dict "name" .Values.deployment.imagePullSecret -}} - {{- $secrets = append $secrets $secret -}} - {{- end -}} - - {{- if and .Values.global .Values.global.imagePullSecrets -}} - {{- $secrets = concat $secrets .Values.global.imagePullSecrets -}} - {{- end -}} - - {{- toYaml $secrets -}} + {{- $secrets := concat .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} + {{- tpl ( toYaml $secrets ) . -}} {{- end -}} {{/* diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index c15504d6..f34ef479 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -89,8 +89,10 @@ spec: {{- with .Values.graphdb.node.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} image: {{ include "graphdb.image" . }} diff --git a/templates/jobs/job-create-cluster.yaml b/templates/jobs/job-create-cluster.yaml index f7da230a..3f0e283a 100644 --- a/templates/jobs/job-create-cluster.yaml +++ b/templates/jobs/job-create-cluster.yaml @@ -18,8 +18,10 @@ spec: template: spec: restartPolicy: Never + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} securityContext: {{- $.Values.graphdb.jobPodSecurityContext | toYaml | nindent 8 }} containers: diff --git a/templates/jobs/job-patch-cluster.yaml b/templates/jobs/job-patch-cluster.yaml index 0d8069fe..d4900331 100644 --- a/templates/jobs/job-patch-cluster.yaml +++ b/templates/jobs/job-patch-cluster.yaml @@ -18,8 +18,10 @@ spec: template: spec: restartPolicy: Never + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} securityContext: {{- $.Values.graphdb.jobPodSecurityContext | toYaml | nindent 8 }} containers: diff --git a/templates/jobs/job-provision-repositories.yaml b/templates/jobs/job-provision-repositories.yaml index 5729eb27..0a69b052 100644 --- a/templates/jobs/job-provision-repositories.yaml +++ b/templates/jobs/job-provision-repositories.yaml @@ -18,8 +18,10 @@ spec: template: spec: restartPolicy: Never + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} securityContext: {{- $.Values.graphdb.jobPodSecurityContext | toYaml | nindent 8 }} containers: diff --git a/templates/jobs/job-scale-down-cluster.yaml b/templates/jobs/job-scale-down-cluster.yaml index da3a7ef0..fa94f5b6 100644 --- a/templates/jobs/job-scale-down-cluster.yaml +++ b/templates/jobs/job-scale-down-cluster.yaml @@ -16,8 +16,10 @@ spec: template: spec: restartPolicy: Never + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} securityContext: {{- $.Values.graphdb.jobPodSecurityContext | toYaml | nindent 8 }} containers: diff --git a/templates/jobs/job-scale-up-cluster.yaml b/templates/jobs/job-scale-up-cluster.yaml index b053339f..2cca7a1e 100644 --- a/templates/jobs/job-scale-up-cluster.yaml +++ b/templates/jobs/job-scale-up-cluster.yaml @@ -18,8 +18,10 @@ spec: template: spec: restartPolicy: Never + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} securityContext: {{- $.Values.graphdb.jobPodSecurityContext | toYaml | nindent 8 }} containers: diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 9351d74d..f7e46b23 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -61,8 +61,10 @@ spec: {{- with .Values.graphdb.clusterProxy.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} {{- end }} + {{- if or .Values.global.imagePullSecrets .Values.deployment.imagePullSecrets }} imagePullSecrets: - {{- include "graphdb.combinedImagePullSecrets" $ | nindent 8 }} + {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} + {{- end }} {{- with .Values.graphdb.clusterProxy.extraInitContainers }} initContainers: {{- toYaml . | nindent 8 }} diff --git a/values.yaml b/values.yaml index ad733edb..26244b77 100644 --- a/values.yaml +++ b/values.yaml @@ -6,9 +6,9 @@ # See https://helm.sh/docs/chart_template_guide/values_files/ global: + imageRegistry: docker.io imagePullSecrets: [] storageClass: "standard" - imageRegistry: docker.io # Top lvl flat for easier maintenance images: @@ -60,9 +60,8 @@ properties: {} deployment: # -- Defines the policy with which components will request their image. imagePullPolicy: IfNotPresent - # Secret used to pull Docker images. Uncomment to use it. - # Important: Must be created beforehand - # imagePullSecret: ontotext + # -- Secrets used to pull Docker images. + imagePullSecrets: [] # -- The hostname and protocol at which the graphdb will be accessible. # Needed to configure ingress as well as some components require it to properly render their UIs From 5d1bb4565925d1111d2da9bde376d5842b5224a0 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 4 Apr 2024 15:33:57 +0300 Subject: [PATCH 4/9] Image registry updates - Removed the default value from `global.imageRegistry`, the chart now uses the value from `images.graphdb.registry` - Added `images.graphdb.sha` to optionally provide an expected SHA checksum of the image - Simplified the helper template for rendering the GraphDB's image - Removed unused busybox image configurations from `images.busybox` --- CHANGELOG.md | 3 +++ templates/{_helpers.yaml => _helpers.tpl} | 20 +++++++++++--------- templates/{_labels.yaml => _labels.tpl} | 0 values.yaml | 7 +++---- 4 files changed, 17 insertions(+), 13 deletions(-) rename templates/{_helpers.yaml => _helpers.tpl} (85%) rename templates/{_labels.yaml => _labels.tpl} (100%) diff --git a/CHANGELOG.md b/CHANGELOG.md index e703ccda..d09a8243 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,11 +12,13 @@ TODO: short info about being decoupled from GraphDB - Added separate `labels` and `annotations` for the cluster proxy - Added GraphDB and GraphDB proxy hostnames resolution in the init containers - Added `properties` for inserting additional GraphDB configurations in the properties configmap +- Added `images.graphdb.sha` to optionally provide an expected SHA checksum of the image ### Updates - GraphDB properties and logback configuration configmaps are now applied by default - Values in `labels`, `annotations` and `imagePullSecrets` are now evaluated as templates +- Removed unused busybox image configurations from `images.busybox` ### Breaking @@ -27,6 +29,7 @@ TODO: short info about being decoupled from GraphDB - Configmaps from `graphdb.configs` are now under `configuration` and with a different structure allowing better reuse of existing configmaps - Updated `workbench.subpath` to serve GraphDB at context path `/` by default - Updated `deployment.imagePullSecret` to be a list, e.g. `deployment.imagePullSecrets` +- Removed the default value from `global.imageRegistry`, the chart now uses the value from `images.graphdb.registry` ## Version 10.6.0-R2 diff --git a/templates/_helpers.yaml b/templates/_helpers.tpl similarity index 85% rename from templates/_helpers.yaml rename to templates/_helpers.tpl index 3be9b627..75ef3908 100644 --- a/templates/_helpers.yaml +++ b/templates/_helpers.tpl @@ -34,21 +34,23 @@ Otherwise it is left blank and cluster default will be used. {{- end }} {{/* -Render the container image for GraphDB +Renders the container image for GraphDB */}} {{- define "graphdb.image" -}} - {{- $registry := .Values.images.graphdb.registry -}} {{- $repository := .Values.images.graphdb.repository -}} {{- $tag := .Values.images.graphdb.tag | default .Chart.AppVersion | toString -}} - {{- if and .Values.global .Values.global.imageRegistry -}} - {{- $registry = .Values.global.imageRegistry -}} - {{- end -}} + {{- $image := printf "%s:%s" $repository $tag -}} + {{/* Add registry if present */}} + {{- $registry := .Values.global.imageRegistry | default .Values.images.graphdb.registry -}} {{- if $registry -}} - {{- printf "%s/%s:%s" $registry $repository $tag -}} - {{- else -}} - {{- printf "%s:%s" $repository $tag -}} + {{- $image = printf "%s/%s" $registry $image -}} {{- end -}} -{{- end }} + {{/* Add SHA if provided */}} + {{- if .Values.images.graphdb.sha -}} + {{- $image = printf "%s@sha256:%s" $image .Values.images.graphdb.sha -}} + {{- end -}} + {{- $image -}} +{{- end -}} {{/* Renders the gRPC address of each GraphDB node that is part of the cluster. Used in the cluster JSON config. diff --git a/templates/_labels.yaml b/templates/_labels.tpl similarity index 100% rename from templates/_labels.yaml rename to templates/_labels.tpl diff --git a/values.yaml b/values.yaml index 26244b77..a77bf52a 100644 --- a/values.yaml +++ b/values.yaml @@ -6,7 +6,7 @@ # See https://helm.sh/docs/chart_template_guide/values_files/ global: - imageRegistry: docker.io + imageRegistry: "" imagePullSecrets: [] storageClass: "standard" @@ -17,9 +17,8 @@ images: repository: ontotext/graphdb # If specified, overrides Chart.AppVersion tag: "" - busybox: - repository: busybox - tag: "1.36.1" + # Expected SHA checksum of the used GraphDB image + sha: "" # Overrides the name of the chart affecting the resources names for GraphDB # To override the GraphDB proxy's name, use proxy.nameOverride From bd6f22ba27dfdb413a5879c27f31531a385d6178 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 4 Apr 2024 16:16:09 +0300 Subject: [PATCH 5/9] GDB-7988: Storage updates The chart will default to using the default storage class instead of using a hardcoded standard that might not be present in each cluster. - Added `graphdb.node.persistence.enabled` toggle flag for enabling or disabling the persistence of GraphDB - Removed `global.storageClass` in favor of using by default the default storage class in the cluster. Templates will no longer use `global.storageClass`. - Renamed `graphdb.clusterProxy.persistence.enablePersistence` toggle to just `enabled` --- CHANGELOG.md | 3 +++ templates/_helpers.tpl | 14 -------------- templates/graphdb/statefulset.yaml | 18 +++++++++--------- templates/proxy/statefulset.yaml | 12 ++++++------ values.yaml | 6 +++--- 5 files changed, 21 insertions(+), 32 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d09a8243..1796b8f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,7 @@ TODO: short info about being decoupled from GraphDB - Added GraphDB and GraphDB proxy hostnames resolution in the init containers - Added `properties` for inserting additional GraphDB configurations in the properties configmap - Added `images.graphdb.sha` to optionally provide an expected SHA checksum of the image +- Added `graphdb.node.persistence.enabled` toggle flag for enabling or disabling the persistence of GraphDB ### Updates @@ -30,6 +31,8 @@ TODO: short info about being decoupled from GraphDB - Updated `workbench.subpath` to serve GraphDB at context path `/` by default - Updated `deployment.imagePullSecret` to be a list, e.g. `deployment.imagePullSecrets` - Removed the default value from `global.imageRegistry`, the chart now uses the value from `images.graphdb.registry` +- Removed `global.storageClass` in favor of using by default the default storage class in the cluster. Templates will no longer use `global.storageClass`. +- Renamed `graphdb.clusterProxy.persistence.enablePersistence` toggle to just `enabled` ## Version 10.6.0-R2 diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 75ef3908..2a43c43d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -19,20 +19,6 @@ Combined image pull secrets {{- tpl ( toYaml $secrets ) . -}} {{- end -}} -{{/* -Rendenders a volumeClaimTemplate as yaml. -If the storage class name is not specified - 'global.storageClass' is checked and if set it is used as the storageClassName for the template. -Otherwise it is left blank and cluster default will be used. -*/}} -{{- define "graphdb.renderVolumeClaimTemplateSpec" }} - {{- if and .globalStorageClassName (not .spec.storageClassName) }} - {{- $spec := set .spec "storageClassName" .globalStorageClassName }} - {{- $spec | toYaml }} - {{- else }} - {{- .spec | toYaml }} - {{- end }} -{{- end }} - {{/* Renders the container image for GraphDB */}} diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index f34ef479..5fa63c50 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -18,19 +18,19 @@ spec: selector: matchLabels: {{- include "graphdb.selectorLabels" . | nindent 6 }} - {{- if or (hasKey $.Values.graphdb.node.persistence "volumeClaimTemplateSpec") ($.Values.graphdb.import_directory_mount.enabled) }} + {{- if or .Values.graphdb.node.persistence.enabled .Values.graphdb.import_directory_mount.enabled }} volumeClaimTemplates: - {{- if hasKey $.Values.graphdb.node.persistence "volumeClaimTemplateSpec" }} + {{- if .Values.graphdb.node.persistence.enabled }} - metadata: name: graphdb-storage - {{- $spec := dict "globalStorageClassName" $.Values.global.storageClass "spec" $.Values.graphdb.node.persistence.volumeClaimTemplateSpec }} - spec: {{ include "graphdb.renderVolumeClaimTemplateSpec" $spec | nindent 8 }} + spec: + {{- toYaml .Values.graphdb.node.persistence.volumeClaimTemplateSpec | nindent 8 }} {{- end }} {{- if $.Values.graphdb.import_directory_mount.enabled }} - metadata: - name: graphdb-server-import - {{- $spec := dict "globalStorageClassName" $.Values.global.storageClass "spec" $.Values.graphdb.import_directory_mount.volumeClaimTemplateSpec }} - spec: {{ include "graphdb.renderVolumeClaimTemplateSpec" $spec | nindent 8 }} + name: graphdb-import + spec: + {{- toYaml .Values.graphdb.import_directory_mount.volumeClaimTemplateSpec | nindent 8 }} {{- end }} {{- end }} template: @@ -120,7 +120,7 @@ spec: env: {{- tpl ( toYaml . ) $ | nindent 12 }} {{- end }} volumeMounts: - {{- if hasKey $.Values.graphdb.node.persistence "volumeClaimTemplateSpec" }} + {{- if .Values.graphdb.node.persistence.enabled }} - name: graphdb-storage mountPath: /opt/graphdb/home {{- end }} @@ -163,7 +163,7 @@ spec: - name: GRAPHDB_PUBLIC_URL value: {{ include "graphdb.url.public" . }} volumeMounts: - {{- if hasKey $.Values.graphdb.node.persistence "volumeClaimTemplateSpec" }} + {{- if .Values.graphdb.node.persistence.enabled }} - name: graphdb-storage mountPath: /opt/graphdb/home {{- end }} diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index f7e46b23..326834d7 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -17,13 +17,13 @@ spec: selector: matchLabels: {{- include "graphdb-proxy.selectorLabels" . | nindent 6 }} + {{- if .Values.graphdb.clusterProxy.persistence.enabled }} volumeClaimTemplates: - {{- if $.Values.graphdb.clusterProxy.persistence.enablePersistence }} - metadata: name: graphdb-storage - {{- $spec := dict "globalStorageClassName" $.Values.global.storageClass "spec" $.Values.graphdb.clusterProxy.persistence.volumeClaimTemplateSpec }} - spec: {{ include "graphdb.renderVolumeClaimTemplateSpec" $spec | nindent 8 }} - {{- end }} + spec: + {{- toYaml .Values.graphdb.clusterProxy.persistence.volumeClaimTemplateSpec | nindent 8 }} + {{- end }} template: metadata: labels: @@ -89,7 +89,7 @@ spec: - name: gdb-proxy-rpc containerPort: 7300 volumeMounts: - {{- if $.Values.graphdb.clusterProxy.persistence.enablePersistence }} + {{- if $.Values.graphdb.clusterProxy.persistence.enabled }} - name: graphdb-storage mountPath: /opt/graphdb/home {{- end }} @@ -128,7 +128,7 @@ spec: - name: graphdb-properties mountPath: /tmp/graphdb.properties subPath: graphdb.properties - {{- if $.Values.graphdb.clusterProxy.persistence.enablePersistence }} + {{- if $.Values.graphdb.clusterProxy.persistence.enabled }} - name: graphdb-storage mountPath: /opt/graphdb/home {{- end }} diff --git a/values.yaml b/values.yaml index a77bf52a..857ff2ca 100644 --- a/values.yaml +++ b/values.yaml @@ -8,7 +8,6 @@ global: imageRegistry: "" imagePullSecrets: [] - storageClass: "standard" # Top lvl flat for easier maintenance images: @@ -166,6 +165,7 @@ graphdb: # -- Persistence configurations. # By default, Helm will use a PV that reads and writes to the host file system. persistence: + enabled: true # use dynamic volume provisioning volumeClaimTemplateSpec: accessModes: @@ -271,7 +271,7 @@ graphdb: # By default, Helm will use a PV that reads and writes to the host file system. persistence: # enable or disable proxy persistence - enablePersistence: true + enabled: true # use dynamic volume provisioning volumeClaimTemplateSpec: accessModes: @@ -348,7 +348,7 @@ graphdb: # # Service account for the GraphDB nodes. # GraphDB by itself has no need to communicate with the Kubernetes API but the service account tokens can be used - # as ODIC tokens for authentication in cloud APIs. + # as ODIC federated web identity tokens for authentication in cloud APIs. # serviceAccount: # - Specifies whether a service account should be created From 052221fb8950923e3843c13e2eff6a2f6eeb69bc Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Fri, 5 Apr 2024 20:00:40 +0300 Subject: [PATCH 6/9] GDB-7988: Ingress updates The ingress resource is no longer tied to the nginx controller. - Added new configuration options for the default ingress `deployment.ingress`: - Ability to override the `host` and `path` for GraphDB from `deployment.host` and `graphdb.workbench.subpath` - Changing the `pathType` - Inserting additional hosts and TLS configurations with `extraHosts` and `extraTLS` - Updated the ingress resource to be agnostic to the ingress implementation. It will no longer assume that NGINX is the ingress controller in the cluster - Removed `maxRequestSize` and `timeout` configurations from `deployment.ingress` as they were specific to the ingress controller implementation of nginx --- CHANGELOG.md | 14 ++++++++-- templates/NOTES.txt | 2 +- templates/_helpers.tpl | 8 +----- templates/ingress.yaml | 48 +++++++++++++++----------------- templates/proxy/statefulset.yaml | 2 ++ values.yaml | 25 +++++++++++------ 6 files changed, 55 insertions(+), 44 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 1796b8f2..86cee01c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -14,12 +14,18 @@ TODO: short info about being decoupled from GraphDB - Added `properties` for inserting additional GraphDB configurations in the properties configmap - Added `images.graphdb.sha` to optionally provide an expected SHA checksum of the image - Added `graphdb.node.persistence.enabled` toggle flag for enabling or disabling the persistence of GraphDB +- Added new configuration options for the default ingress `deployment.ingress`: + - Ability to override the `host` and `path` for GraphDB from `deployment.host` and `graphdb.workbench.subpath` + - Changing the `pathType` + - Inserting additional hosts and TLS configurations with `extraHosts` and `extraTLS` ### Updates - GraphDB properties and logback configuration configmaps are now applied by default - Values in `labels`, `annotations` and `imagePullSecrets` are now evaluated as templates - Removed unused busybox image configurations from `images.busybox` +- Updated the ingress resource to be agnostic to the ingress implementation. It will no longer assume that NGINX is the ingress controller in the + cluster ### Breaking @@ -31,8 +37,11 @@ TODO: short info about being decoupled from GraphDB - Updated `workbench.subpath` to serve GraphDB at context path `/` by default - Updated `deployment.imagePullSecret` to be a list, e.g. `deployment.imagePullSecrets` - Removed the default value from `global.imageRegistry`, the chart now uses the value from `images.graphdb.registry` -- Removed `global.storageClass` in favor of using by default the default storage class in the cluster. Templates will no longer use `global.storageClass`. +- Removed `global.storageClass` in favor of using by default the default storage class in the cluster. Templates will no longer + use `global.storageClass`. - Renamed `graphdb.clusterProxy.persistence.enablePersistence` toggle to just `enabled` +- Removed `maxRequestSize` and `timeout` configurations from `deployment.ingress` as they were specific to the ingress controller implementation of + nginx ## Version 10.6.0-R2 @@ -68,7 +77,8 @@ TODO: short info about being decoupled from GraphDB ## Version 10.4.1 -- Added configurations for specifying resource values for all remaining containers, see `graphdb.node.initContainerResources` and `graphdb.jobResources`. +- Added configurations for specifying resource values for all remaining containers, see `graphdb.node.initContainerResources` + and `graphdb.jobResources`. ## Version 10.3.1-R2 diff --git a/templates/NOTES.txt b/templates/NOTES.txt index 013cb49c..5c55934c 100644 --- a/templates/NOTES.txt +++ b/templates/NOTES.txt @@ -20,4 +20,4 @@ You can check their status with kubectl get pods WARNING: You are attempting to make a cluster without providing a license secret! {{ end }} Endpoints: -* GraphDB workbench: {{ .Values.deployment.protocol }}://{{ include "graphdb.resolveDeploymentHost" . }}{{ .Values.graphdb.workbench.subpath }} +* GraphDB workbench: {{ include "graphdb.url.public" . }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 2a43c43d..9d9432bd 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -1,14 +1,8 @@ -{{- define "graphdb.resolveDeploymentHost" -}} - {{- $global := .Values.global | default dict -}} - {{- $globalDeployment := $global.deployment | default dict -}} - {{- print (index $globalDeployment "host" | default (index $global "ingressHost") | default .Values.deployment.host) -}} -{{- end }} - {{/* Renders the URL address at which GraphDB would be accessed */}} {{- define "graphdb.url.public" -}} -{{ $.Values.deployment.protocol }}://{{ include "graphdb.resolveDeploymentHost" $ }}{{ $.Values.graphdb.workbench.subpath }} + {{- printf "%s://%s%s" .Values.deployment.protocol .Values.deployment.host .Values.graphdb.workbench.subpath -}} {{- end }} {{/* diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 9d41b784..15df2de8 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -5,48 +5,44 @@ metadata: name: {{ include "graphdb.fullname" . }} labels: {{- include "graphdb.labels" . | nindent 4 }} - annotations: - kubernetes.io/ingress.class: {{ .Values.deployment.ingress.class }} - {{- if .Values.deployment.tls.enabled }} - ingress.kubernetes.io/force-ssl-redirect: "true" - {{- end }} - nginx.ingress.kubernetes.io/proxy-body-size: {{ .Values.deployment.ingress.maxRequestSize }} - nginx.ingress.kubernetes.io/proxy-connect-timeout: {{ .Values.deployment.ingress.timeout.connect | quote }} - nginx.ingress.kubernetes.io/proxy-read-timeout: {{ .Values.deployment.ingress.timeout.read | quote }} - nginx.ingress.kubernetes.io/proxy-send-timeout: {{ .Values.deployment.ingress.timeout.send | quote }} - {{- if eq $.Values.graphdb.workbench.subpath "/" }} - nginx.ingress.kubernetes.io/rewrite-target: /$1 - {{- else }} - nginx.ingress.kubernetes.io/rewrite-target: /$2 + {{- with .Values.deployment.ingress.labels }} + {{- tpl ( toYaml . ) $ | nindent 4 }} {{- end }} - nginx.ingress.kubernetes.io/x-forwarded-prefix: {{ $.Values.graphdb.workbench.subpath | quote }} + annotations: {{- with (mergeOverwrite (deepCopy .Values.annotations) .Values.deployment.ingress.annotations) }} {{- tpl ( toYaml . ) $ | nindent 4 }} {{- end }} spec: - {{- if .Values.deployment.tls.enabled }} + {{- with .Values.deployment.ingress.className }} + ingressClassName: {{ . }} + {{- end }} + {{- if or .Values.deployment.tls.enabled .Values.deployment.ingress.extraTLS }} tls: + {{- if .Values.deployment.tls.enabled }} - hosts: - - {{ include "graphdb.resolveDeploymentHost" . | quote }} + - {{ coalesce .Values.deployment.ingress.host .Values.deployment.host }} secretName: {{ required "TLS secret is required!" .Values.deployment.tls.secretName }} + {{- end }} + {{- with .Values.deployment.ingress.extraTLS }} + {{- tpl ( toYaml . ) $ | nindent 4 }} + {{- end }} {{- end }} rules: - - host: {{ include "graphdb.resolveDeploymentHost" . | quote }} + - host: {{ coalesce .Values.deployment.ingress.host .Values.deployment.host }} http: paths: - {{- if eq $.Values.graphdb.workbench.subpath "/" }} - - path: /(.*) - {{- else }} - - path: {{ $.Values.graphdb.workbench.subpath }}(/|$)(.*) - {{- end }} - pathType: ImplementationSpecific + - path: {{ coalesce .Values.deployment.ingress.path .Values.graphdb.workbench.subpath }} + pathType: {{ .Values.deployment.ingress.pathType }} backend: service: - {{- if gt (int $.Values.graphdb.clusterConfig.nodesCount) 1 }} + {{- if gt (int $.Values.graphdb.clusterConfig.nodesCount) 1 }} name: {{ include "graphdb-proxy.fullname" . }} - {{- else }} + {{- else }} name: {{ include "graphdb.fullname.service.headless" . }} - {{- end }} + {{- end }} port: number: 7200 + {{- with .Values.deployment.ingress.extraHosts }} + {{- tpl ( toYaml . ) $ | nindent 4 }} + {{- end }} {{- end }} diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 326834d7..68ede6dd 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -140,6 +140,8 @@ spec: echo 'Configuring graphdb.properties' cat /tmp/graphdb.properties > /opt/graphdb/home/conf/graphdb.properties + echo "" >> /opt/graphdb/home/conf/graphdb.properties + echo "##### Overrides from initContainer #####" >> /opt/graphdb/home/conf/graphdb.properties echo 'Configuring GraphDB cluster proxy hostnames' echo "graphdb.hostname=$(hostname --fqdn)" >> /opt/graphdb/home/conf/graphdb.properties diff --git a/values.yaml b/values.yaml index 857ff2ca..a8575dd1 100644 --- a/values.yaml +++ b/values.yaml @@ -79,17 +79,26 @@ deployment: # -- Ingress related configurations ingress: + # -- Toggles the deployment of the default ingress enabled: true - class: nginx + # -- Specifies the ingress controller implementation that will deploy this ingress. + # Not defining this would result in using the default ingress controller in the cluster, if there is one. + className: "" + # -- Sets extra ingress labels + labels: {} # -- Sets extra ingress annotations annotations: {} - # -- Sets the maximum size for all requests to the underlying Nginx - maxRequestSize: 512M - # -- Default timeouts in seconds for the underlying Nginx. - timeout: - connect: 5 - read: 600 - send: 600 + # Overrides deployment.host + host: "" + # Overrides graphdb.workbench.subpath + path: "" + # Sets the ingress path type. + # If you need to use ImplementationSpecific, make sure to set any annotations needed by the implementation. + pathType: Prefix + # List of additional hostnames to append to the ingress resource + extraHosts: [] + # List of additional TLS records to append to the ingress resource + extraTLS: [] # GraphDB database configurations graphdb: From b15094680ca668ef5218d1346841493cb72b774c Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Fri, 5 Apr 2024 22:31:28 +0300 Subject: [PATCH 7/9] GDB-7988: Service ports updates - Added `labels` for each service resource for insertion of additional labels - Added `containerPorts` and `proxy.containerPorts` for mapping the ports on which GraphDB listens on - Added `ports` mappings in each service - Added `extraContainerPorts` and `proxy.extraContainerPorts` - Service resources and probes now refer to the target ports by their nicknames - Renamed the port mappings of GraphDB and GraphDB proxy to `http` and `rpc` - Renamed `graphdb.node.service` to `headlessService` --- CHANGELOG.md | 7 +++ files/config/graphdb.properties | 3 +- files/config/proxy/graphdb.properties | 1 + files/scripts/graphdb.sh | 6 +- files/scripts/update-cluster.sh | 18 +++--- templates/_helpers.tpl | 10 +++- templates/graphdb/service-headless.yaml | 15 +++-- templates/graphdb/statefulset.yaml | 23 +++++--- templates/ingress.yaml | 6 +- templates/jobs/job-create-cluster.yaml | 2 + templates/jobs/job-patch-cluster.yaml | 4 ++ .../jobs/job-provision-repositories.yaml | 2 + templates/jobs/job-scale-down-cluster.yaml | 4 ++ templates/jobs/job-scale-up-cluster.yaml | 4 ++ templates/proxy/service-headless.yaml | 13 ++++- templates/proxy/service.yaml | 12 +++- templates/proxy/statefulset.yaml | 19 +++++-- values.yaml | 57 ++++++++++++++++--- 18 files changed, 154 insertions(+), 52 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 86cee01c..d5076496 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,10 @@ TODO: short info about being decoupled from GraphDB - Ability to override the `host` and `path` for GraphDB from `deployment.host` and `graphdb.workbench.subpath` - Changing the `pathType` - Inserting additional hosts and TLS configurations with `extraHosts` and `extraTLS` +- Added `labels` for each service resource for insertion of additional labels +- Added `containerPorts` and `proxy.containerPorts` for mapping the ports on which GraphDB listens on +- Added `ports` mappings in each service +- Added `extraContainerPorts` and `proxy.extraContainerPorts` ### Updates @@ -26,6 +30,7 @@ TODO: short info about being decoupled from GraphDB - Removed unused busybox image configurations from `images.busybox` - Updated the ingress resource to be agnostic to the ingress implementation. It will no longer assume that NGINX is the ingress controller in the cluster +- Service resources and probes now refer to the target ports by their nicknames ### Breaking @@ -42,6 +47,8 @@ TODO: short info about being decoupled from GraphDB - Renamed `graphdb.clusterProxy.persistence.enablePersistence` toggle to just `enabled` - Removed `maxRequestSize` and `timeout` configurations from `deployment.ingress` as they were specific to the ingress controller implementation of nginx +- Renamed the port mappings of GraphDB and GraphDB proxy to `http` and `rpc` +- Renamed `graphdb.node.service` to `headlessService` ## Version 10.6.0-R2 diff --git a/files/config/graphdb.properties b/files/config/graphdb.properties index a45894f7..ea9c2f43 100644 --- a/files/config/graphdb.properties +++ b/files/config/graphdb.properties @@ -1,3 +1,2 @@ # See https://graphdb.ontotext.com/documentation/ for supported properties - - +graphdb.connector.port={{ .Values.containerPorts.http }} diff --git a/files/config/proxy/graphdb.properties b/files/config/proxy/graphdb.properties index 2526393d..2eac3e72 100644 --- a/files/config/proxy/graphdb.properties +++ b/files/config/proxy/graphdb.properties @@ -1,2 +1,3 @@ # List the addresses of GraphDB HTTP or RPC address to the nodes that are part of a cluster +graphdb.connector.port={{ .Values.proxy.containerPorts.http }} graphdb.proxy.hosts={{ include "graphdb-proxy.cluster.nodes" . }} diff --git a/files/scripts/graphdb.sh b/files/scripts/graphdb.sh index 779862c7..9960c911 100755 --- a/files/scripts/graphdb.sh +++ b/files/scripts/graphdb.sh @@ -14,7 +14,7 @@ function createCluster { --header "Authorization: Basic ${authToken}" \ --header 'Content-Type: application/json' \ --header 'Accept: */*' \ - "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:7200/rest/cluster/config" + "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:${GRAPHDB_SERVICE_PORT}/rest/cluster/config" if grep -q 'HTTP/1.1 201' "response.json"; then echo "Cluster creation successful!" @@ -54,7 +54,7 @@ function waitAllNodes { for (( c=$node_count; c>0; c )) do c=$((c-1)) - waitService "http://${GRAPHDB_POD_NAME}-$c.${GRAPHDB_SERVICE_NAME}:7200/rest/repositories" + waitService "http://${GRAPHDB_POD_NAME}-$c.${GRAPHDB_SERVICE_NAME}:${GRAPHDB_SERVICE_PORT}/rest/repositories" done } @@ -75,7 +75,7 @@ function createRepositoryFromFile { -F config=@${filename} \ -H "Authorization: Basic ${authToken}" \ -H 'Content-Type: multipart/form-data' \ - "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:7200/rest/repositories" + "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:${GRAPHDB_SERVICE_PORT}/rest/repositories" ) if [ -z "$response" ]; then diff --git a/files/scripts/update-cluster.sh b/files/scripts/update-cluster.sh index 6a3402d2..39b4fc21 100644 --- a/files/scripts/update-cluster.sh +++ b/files/scripts/update-cluster.sh @@ -8,13 +8,13 @@ function patchCluster { local timeout=$2 echo "Patching cluster" - waitService "http://${GRAPHDB_PROXY_SERVICE_NAME}:7200/proxy/ready" + waitService "http://${GRAPHDB_PROXY_SERVICE_NAME}:${GRAPHDB_PROXY_SERVICE_PORT}/proxy/ready" curl -o patchResponse.json -isSL -m "$timeout" -X PATCH \ --header "Authorization: Basic ${authToken}" \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ -d @"$configLocation" \ - "http://${GRAPHDB_PROXY_SERVICE_NAME}:7200/rest/cluster/config" + "http://${GRAPHDB_PROXY_SERVICE_NAME}:${GRAPHDB_PROXY_SERVICE_PORT}/rest/cluster/config" if grep -q 'HTTP/1.1 200' "patchResponse.json"; then echo "Patch successful" @@ -59,13 +59,13 @@ function removeNodes { done nodes=\{\"nodes\":\[${nodes}\]\} - waitService "http://${GRAPHDB_PROXY_SERVICE_NAME}:7200/proxy/ready" + waitService "http://${GRAPHDB_PROXY_SERVICE_NAME}:${GRAPHDB_PROXY_SERVICE_PORT}/proxy/ready" curl -o clusterRemove.json -isSL -m 15 -X DELETE \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header "Authorization: Basic ${authToken}" \ -d "${nodes}" \ - "http://${GRAPHDB_PROXY_SERVICE_NAME}:7200/rest/cluster/config/node" + "http://${GRAPHDB_PROXY_SERVICE_NAME}:${GRAPHDB_PROXY_SERVICE_PORT}/rest/cluster/config/node" if grep -q 'HTTP/1.1 200' "clusterRemove.json"; then echo "Scaling down successful." @@ -102,13 +102,13 @@ function addNodes { done nodes=\{\"nodes\":\[${nodes}\]\} - waitService "http://${GRAPHDB_PROXY_SERVICE_NAME}:7200/proxy/ready" + waitService "http://${GRAPHDB_PROXY_SERVICE_NAME}:${GRAPHDB_PROXY_SERVICE_PORT}/proxy/ready" curl -o clusterAdd.json -isSL -m ${timeout} -X POST \ --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header "Authorization: Basic ${authToken}" \ -d "${nodes}" \ - "http://${GRAPHDB_PROXY_SERVICE_NAME}:7200/rest/cluster/config/node" + "http://${GRAPHDB_PROXY_SERVICE_NAME}:${GRAPHDB_PROXY_SERVICE_PORT}/rest/cluster/config/node" if grep -q 'HTTP/1.1 200' "clusterAdd.json"; then echo "Scaling successful." @@ -128,11 +128,11 @@ function addNodes { function deleteCluster { local authToken=$PROVISION_USER_AUTH_TOKEN - waitService "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:7200/rest/repositories" + waitService "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:${GRAPHDB_SERVICE_PORT}/rest/repositories" curl -o response.json -isSL -m 15 -X DELETE \ --header "Authorization: Basic ${authToken}" \ --header 'Accept: */*' \ - "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:7200/rest/cluster/config?force=false" + "http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:${GRAPHDB_SERVICE_PORT}/rest/cluster/config?force=false" if grep -q 'HTTP/1.1 200' "response.json"; then echo "Cluster deletion successful!" @@ -148,7 +148,7 @@ function deleteCluster { function getNodeCountInCurrentCluster { local authToken=$PROVISION_USER_AUTH_TOKEN - local node_address="http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:7200" + local node_address="http://${GRAPHDB_POD_NAME}-0.${GRAPHDB_SERVICE_NAME}:${GRAPHDB_SERVICE_PORT}" waitService "${node_address}/rest/repositories" curl -o clusterResponse.json -isSL -m 15 -X GET \ --header 'Content-Type: application/json' \ diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 9d9432bd..74798815 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -36,8 +36,11 @@ Renders the container image for GraphDB Renders the gRPC address of each GraphDB node that is part of the cluster. Used in the cluster JSON config. */}} {{- define "graphdb.cluster.nodes.json" -}} + {{- $pod_name := include "graphdb.fullname" . }} + {{- $service_name := include "graphdb.fullname.service.headless" . }} + {{- $service_rpc_port := .Values.graphdb.node.headlessService.ports.rpc }} {{- range $i, $node_index := until (int .Values.graphdb.clusterConfig.nodesCount) -}} - "{{ include "graphdb.fullname" $ }}-{{ $node_index }}.{{ include "graphdb.fullname.service.headless" $ }}.{{ $.Release.Namespace }}.svc.cluster.local:7300" + "{{ $pod_name }}-{{ $node_index }}.{{ $service_name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ $service_rpc_port }}" {{- if gt (sub (int $.Values.graphdb.clusterConfig.nodesCount) 1 ) $node_index -}} {{- ", \n" -}} {{- end -}} @@ -48,8 +51,11 @@ Renders the gRPC address of each GraphDB node that is part of the cluster. Used Renders the HTTP address of each GraphDB node that is part of the cluster, joined by a comma. */}} {{- define "graphdb-proxy.cluster.nodes" -}} + {{- $pod_name := include "graphdb.fullname" . }} + {{- $service_name := include "graphdb.fullname.service.headless" . }} + {{- $service_http_port := .Values.graphdb.node.headlessService.ports.http }} {{- range $i, $node_index := until (int $.Values.graphdb.clusterConfig.nodesCount) -}} - http://{{ include "graphdb.fullname" $ }}-{{ $node_index }}.{{ include "graphdb.fullname.service.headless" $ }}.{{ $.Release.Namespace }}.svc.cluster.local:7200 + http://{{ $pod_name }}-{{ $node_index }}.{{ $service_name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ $service_http_port }} {{- if gt (sub (int $.Values.graphdb.clusterConfig.nodesCount) 1 ) $node_index -}} {{- ", " -}} {{- end -}} diff --git a/templates/graphdb/service-headless.yaml b/templates/graphdb/service-headless.yaml index ba4b6467..1e27b9d6 100644 --- a/templates/graphdb/service-headless.yaml +++ b/templates/graphdb/service-headless.yaml @@ -4,7 +4,10 @@ metadata: name: {{ include "graphdb.fullname.service.headless" . }} labels: {{- include "graphdb.labels" . | nindent 4 }} - {{- with (mergeOverwrite (deepCopy .Values.annotations) .Values.graphdb.node.service.annotations) }} + {{- with .Values.graphdb.node.headlessService.labels }} + {{- tpl ( toYaml . ) $ | nindent 4 }} + {{- end }} + {{- with (mergeOverwrite (deepCopy .Values.annotations) .Values.graphdb.node.headlessService.annotations) }} annotations: {{- tpl ( toYaml . ) $ | nindent 4 }} {{- end }} @@ -13,13 +16,13 @@ spec: selector: {{- include "graphdb.selectorLabels" . | nindent 4 }} ports: - - name: graphdb - port: 7200 - targetPort: 7200 + - name: http + port: {{ .Values.graphdb.node.headlessService.ports.http }} + targetPort: http protocol: TCP {{- if gt (int $.Values.graphdb.clusterConfig.nodesCount) 1 }} - name: rpc - port: 7300 - targetPort: 7300 + port: {{ .Values.graphdb.node.headlessService.ports.rpc }} + targetPort: rpc protocol: TCP {{- end }} diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index 5fa63c50..dee401f1 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -104,12 +104,15 @@ spec: args: {{ toYaml . | nindent 12 }} {{- end }} ports: - - name: graphdb - containerPort: 7200 - {{- if gt (int (.Values.graphdb.clusterConfig.nodesCount)) 1 }} - - name: graphdb-rpc - containerPort: 7300 - {{- end }} + - name: http + containerPort: {{ .Values.containerPorts.http }} + {{- if gt (int (.Values.graphdb.clusterConfig.nodesCount)) 1 }} + - name: rpc + containerPort: {{ .Values.containerPorts.rpc }} + {{- end }} + {{- with .Values.extraContainerPorts }} + {{- toYaml . | nindent 12 }} + {{- end }} envFrom: - configMapRef: name: {{ include "graphdb.fullname" . }} @@ -162,6 +165,10 @@ spec: env: - name: GRAPHDB_PUBLIC_URL value: {{ include "graphdb.url.public" . }} + - name: GRAPHDB_HTTP_PORT + value: {{ .Values.containerPorts.http | quote }} + - name: GRAPHDB_RPC_PORT + value: {{ .Values.containerPorts.rpc | quote }} volumeMounts: {{- if .Values.graphdb.node.persistence.enabled }} - name: graphdb-storage @@ -198,9 +205,9 @@ spec: echo "##### Overrides from initContainer #####" >> /opt/graphdb/home/conf/graphdb.properties echo "Configuring GraphDB hostname: $(hostname --fqdn)" - echo "graphdb.vhosts=$(hostname --fqdn):7200, ${GRAPHDB_PUBLIC_URL}" >> /opt/graphdb/home/conf/graphdb.properties + echo "graphdb.vhosts=$(hostname --fqdn):${GRAPHDB_HTTP_PORT}, ${GRAPHDB_PUBLIC_URL}" >> /opt/graphdb/home/conf/graphdb.properties echo "graphdb.hostname=$(hostname --fqdn)" >> /opt/graphdb/home/conf/graphdb.properties - echo "graphdb.rpc.address=$(hostname --fqdn):7300" >> /opt/graphdb/home/conf/graphdb.properties + echo "graphdb.rpc.address=$(hostname --fqdn):${GRAPHDB_RPC_PORT}" >> /opt/graphdb/home/conf/graphdb.properties if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && ! -f /opt/graphdb/home/data/users.js && -f /tmp/graphdb/users.js ]]; then echo "Provisioning users with users.js file..." diff --git a/templates/ingress.yaml b/templates/ingress.yaml index 15df2de8..a5ed077e 100644 --- a/templates/ingress.yaml +++ b/templates/ingress.yaml @@ -37,11 +37,13 @@ spec: service: {{- if gt (int $.Values.graphdb.clusterConfig.nodesCount) 1 }} name: {{ include "graphdb-proxy.fullname" . }} + port: + number: {{ .Values.graphdb.clusterProxy.service.ports.http }} {{- else }} name: {{ include "graphdb.fullname.service.headless" . }} - {{- end }} port: - number: 7200 + number: {{ .Values.graphdb.node.headlessService.ports.http }} + {{- end }} {{- with .Values.deployment.ingress.extraHosts }} {{- tpl ( toYaml . ) $ | nindent 4 }} {{- end }} diff --git a/templates/jobs/job-create-cluster.yaml b/templates/jobs/job-create-cluster.yaml index 3f0e283a..8f16b8f4 100644 --- a/templates/jobs/job-create-cluster.yaml +++ b/templates/jobs/job-create-cluster.yaml @@ -32,6 +32,8 @@ spec: value: {{ include "graphdb.fullname" . }} - name: GRAPHDB_SERVICE_NAME value: {{ include "graphdb.fullname.service.headless" . }} + - name: GRAPHDB_SERVICE_PORT + value: {{ .Values.graphdb.node.headlessService.ports.http | quote }} envFrom: - secretRef: name: {{ include "graphdb.fullname.secret.provision-user" . }} diff --git a/templates/jobs/job-patch-cluster.yaml b/templates/jobs/job-patch-cluster.yaml index d4900331..7e4e5cc6 100644 --- a/templates/jobs/job-patch-cluster.yaml +++ b/templates/jobs/job-patch-cluster.yaml @@ -32,8 +32,12 @@ spec: value: {{ include "graphdb.fullname" . }} - name: GRAPHDB_SERVICE_NAME value: {{ include "graphdb.fullname.service.headless" . }} + - name: GRAPHDB_SERVICE_PORT + value: {{ .Values.graphdb.node.headlessService.ports.http | quote }} - name: GRAPHDB_PROXY_SERVICE_NAME value: {{ include "graphdb-proxy.fullname" . }} + - name: GRAPHDB_PROXY_SERVICE_PORT + value: {{ .Values.graphdb.clusterProxy.headlessService.ports.http | quote }} envFrom: - secretRef: name: {{ include "graphdb.fullname.secret.provision-user" . }} diff --git a/templates/jobs/job-provision-repositories.yaml b/templates/jobs/job-provision-repositories.yaml index 0a69b052..f0e04a57 100644 --- a/templates/jobs/job-provision-repositories.yaml +++ b/templates/jobs/job-provision-repositories.yaml @@ -32,6 +32,8 @@ spec: value: {{ include "graphdb.fullname" . }} - name: GRAPHDB_SERVICE_NAME value: {{ include "graphdb.fullname.service.headless" . }} + - name: GRAPHDB_SERVICE_PORT + value: {{ .Values.graphdb.node.headlessService.ports.http | quote }} envFrom: - secretRef: name: {{ include "graphdb.fullname.secret.provision-user" . }} diff --git a/templates/jobs/job-scale-down-cluster.yaml b/templates/jobs/job-scale-down-cluster.yaml index fa94f5b6..497b5ce7 100644 --- a/templates/jobs/job-scale-down-cluster.yaml +++ b/templates/jobs/job-scale-down-cluster.yaml @@ -30,8 +30,12 @@ spec: value: {{ include "graphdb.fullname" . }} - name: GRAPHDB_SERVICE_NAME value: {{ include "graphdb.fullname.service.headless" . }} + - name: GRAPHDB_SERVICE_PORT + value: {{ .Values.graphdb.node.headlessService.ports.http | quote }} - name: GRAPHDB_PROXY_SERVICE_NAME value: {{ include "graphdb-proxy.fullname" . }} + - name: GRAPHDB_PROXY_SERVICE_PORT + value: {{ .Values.graphdb.clusterProxy.headlessService.ports.http | quote }} envFrom: - secretRef: name: {{ include "graphdb.fullname.secret.provision-user" . }} diff --git a/templates/jobs/job-scale-up-cluster.yaml b/templates/jobs/job-scale-up-cluster.yaml index 2cca7a1e..31e9a6c5 100644 --- a/templates/jobs/job-scale-up-cluster.yaml +++ b/templates/jobs/job-scale-up-cluster.yaml @@ -32,8 +32,12 @@ spec: value: {{ include "graphdb.fullname" . }} - name: GRAPHDB_SERVICE_NAME value: {{ include "graphdb.fullname.service.headless" . }} + - name: GRAPHDB_SERVICE_PORT + value: {{ .Values.graphdb.node.headlessService.ports.http | quote }} - name: GRAPHDB_PROXY_SERVICE_NAME value: {{ include "graphdb-proxy.fullname" . }} + - name: GRAPHDB_PROXY_SERVICE_PORT + value: {{ .Values.graphdb.clusterProxy.headlessService.ports.http | quote }} envFrom: - secretRef: name: {{ include "graphdb.fullname.secret.provision-user" . }} diff --git a/templates/proxy/service-headless.yaml b/templates/proxy/service-headless.yaml index 26b29823..fcd16a51 100644 --- a/templates/proxy/service-headless.yaml +++ b/templates/proxy/service-headless.yaml @@ -5,6 +5,9 @@ metadata: name: {{ include "graphdb-proxy.fullname.service.headless" . }} labels: {{- include "graphdb-proxy.labels" . | nindent 4 }} + {{- with .Values.graphdb.clusterProxy.headlessService.labels }} + {{- tpl ( toYaml . ) $ | nindent 4 }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.proxy.annotations) .Values.graphdb.clusterProxy.headlessService.annotations) }} annotations: {{- tpl ( toYaml . ) $ | nindent 4 }} @@ -14,8 +17,12 @@ spec: selector: {{- include "graphdb-proxy.selectorLabels" . | nindent 4 }} ports: - - name: gdb-proxy-rpc - port: 7300 - targetPort: 7300 + - name: http + port: {{ .Values.graphdb.clusterProxy.headlessService.ports.http }} + targetPort: http + protocol: TCP + - name: rpc + port: {{ .Values.graphdb.clusterProxy.headlessService.ports.rpc }} + targetPort: rpc protocol: TCP {{- end }} diff --git a/templates/proxy/service.yaml b/templates/proxy/service.yaml index c7c64c72..779c1f17 100644 --- a/templates/proxy/service.yaml +++ b/templates/proxy/service.yaml @@ -5,6 +5,9 @@ metadata: name: {{ include "graphdb-proxy.fullname" . }} labels: {{- include "graphdb-proxy.labels" . | nindent 4 }} + {{- with .Values.graphdb.clusterProxy.service.labels }} + {{- tpl ( toYaml . ) $ | nindent 4 }} + {{- end }} {{- with (mergeOverwrite (deepCopy .Values.proxy.annotations) .Values.graphdb.clusterProxy.service.annotations) }} annotations: {{- tpl ( toYaml . ) $ | nindent 4 }} @@ -14,8 +17,11 @@ spec: selector: {{- include "graphdb-proxy.selectorLabels" . | nindent 4 }} ports: - - name: gdb-proxy-port - port: 7200 - targetPort: 7200 + - name: http + port: {{ .Values.graphdb.clusterProxy.service.ports.http }} + targetPort: http protocol: TCP + {{- if .Values.graphdb.clusterProxy.service.nodePort }} + nodePort: {{ .Values.graphdb.clusterProxy.service.nodePort }} + {{- end }} {{- end }} diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 68ede6dd..88326496 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -84,10 +84,13 @@ spec: env: {{- tpl ( toYaml . ) $ | nindent 12 }} {{- end }} ports: - - name: gdb-proxy-port - containerPort: 7200 - - name: gdb-proxy-rpc - containerPort: 7300 + - name: http + containerPort: {{ .Values.proxy.containerPorts.http }} + - name: rpc + containerPort: {{ .Values.proxy.containerPorts.rpc }} + {{- with .Values.proxy.extraContainerPorts }} + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- if $.Values.graphdb.clusterProxy.persistence.enabled }} - name: graphdb-storage @@ -118,6 +121,10 @@ spec: env: - name: GRAPHDB_PUBLIC_URL value: {{ include "graphdb.url.public" . }} + - name: GRAPHDB_PROXY_HTTP_PORT + value: {{ .Values.proxy.containerPorts.http | quote }} + - name: GRAPHDB_PROXY_RPC_PORT + value: {{ .Values.proxy.containerPorts.rpc | quote }} {{- with .Values.graphdb.node.initContainerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} @@ -145,8 +152,8 @@ spec: echo 'Configuring GraphDB cluster proxy hostnames' echo "graphdb.hostname=$(hostname --fqdn)" >> /opt/graphdb/home/conf/graphdb.properties - echo "graphdb.rpc.address=$(hostname --fqdn):7300" >> /opt/graphdb/home/conf/graphdb.properties - echo "graphdb.vhosts=$(hostname --fqdn):7200, ${GRAPHDB_PUBLIC_URL}" >> /opt/graphdb/home/conf/graphdb.properties + echo "graphdb.rpc.address=$(hostname --fqdn):${GRAPHDB_PROXY_RPC_PORT}" >> /opt/graphdb/home/conf/graphdb.properties + echo "graphdb.vhosts=$(hostname --fqdn):${GRAPHDB_PROXY_HTTP_PORT}, ${GRAPHDB_PUBLIC_URL}" >> /opt/graphdb/home/conf/graphdb.properties echo "graphdb.external-url=${GRAPHDB_PUBLIC_URL}" >> /opt/graphdb/home/conf/graphdb.properties echo 'Done' diff --git a/values.yaml b/values.yaml index a8575dd1..860e9fe4 100644 --- a/values.yaml +++ b/values.yaml @@ -54,6 +54,14 @@ provision: # Additional GraphDB properties to insert in the properties configmap properties: {} +# Ports used by the GraphDB container +containerPorts: + http: 7200 + rpc: 7300 + +# Additional container ports to insert +extraContainerPorts: {} + ####### DEPLOYMENT CONFIGURATIONS ####### deployment: # -- Defines the policy with which components will request their image. @@ -167,10 +175,16 @@ graphdb: # Extra pod labels and annotations podLabels: {} podAnnotations: {} - # -- GraphDB node service configurations - service: + # -- GraphDB node headless service configurations + headlessService: + # Extra labels to append to the headless service + labels: {} # Extra annotations to append to the service annotations: {} + # Ports exposed by the service + ports: + http: 7200 + rpc: 7300 # -- Persistence configurations. # By default, Helm will use a PV that reads and writes to the host file system. persistence: @@ -195,7 +209,7 @@ graphdb: startupProbe: httpGet: path: /protocol - port: graphdb + port: http failureThreshold: 30 timeoutSeconds: 5 periodSeconds: 10 @@ -203,7 +217,7 @@ graphdb: readinessProbe: httpGet: path: /protocol - port: graphdb + port: http initialDelaySeconds: 5 timeoutSeconds: 5 periodSeconds: 10 @@ -211,7 +225,7 @@ graphdb: livenessProbe: httpGet: path: /protocol - port: graphdb + port: http initialDelaySeconds: 60 timeoutSeconds: 5 periodSeconds: 10 @@ -252,6 +266,10 @@ graphdb: # -- Service type used by the graphdb-cluster-proxy service # Note: If using ALB in AWS EKS this will default to being on the public internet serviceType: LoadBalancer + # Ports used by GraphDB proxy container + containerPorts: + http: 7200 + rpc: 7300 # Node scheduling options such as nodeSelector, affinity, tolerations, topologySpreadConstraints can be set here for ALL nodes. # By default, no restrictions are applied. nodeSelector: {} @@ -263,12 +281,27 @@ graphdb: podAnnotations: {} # -- GraphDB cluster proxy service configurations service: + # Extra labels to append to the service + labels: {} # Extra annotations to append to the service annotations: {} + # Ports exposed by the service + ports: + http: 7200 + rpc: 7300 + # Exposes the service on a specific node port on the host machine when "serviceType: NodePort" + # If left undefined, K8S will pick a random port from the node port range of the cluster. + nodePort: "" # -- GraphDB cluster proxy headless service configurations headlessService: + # Extra labels to append to the headless service + labels: {} # Extra annotations to append to the service annotations: {} + # Ports exposed by the service + ports: + http: 7200 + rpc: 7300 # -- Minimum requirements for a successfully running GraphDB cluster proxy resources: limits: @@ -292,7 +325,7 @@ graphdb: startupProbe: httpGet: path: /proxy/ready - port: gdb-proxy-port + port: http failureThreshold: 60 timeoutSeconds: 3 periodSeconds: 5 @@ -300,14 +333,14 @@ graphdb: readinessProbe: httpGet: path: /proxy/ready - port: gdb-proxy-port + port: http timeoutSeconds: 5 periodSeconds: 10 # -- Configurations for the GraphDB cluster proxy liveness probe. Misconfigured probe can lead to a failing cluster. livenessProbe: httpGet: path: /proxy/health - port: gdb-proxy-port + port: http initialDelaySeconds: 120 timeoutSeconds: 5 periodSeconds: 10 @@ -381,3 +414,11 @@ proxy: # Additional common annotations to add to the GraphDB proxy resources annotations: {} + + # Ports used by GraphDB proxy and the Service components + containerPorts: + http: 7200 + rpc: 7300 + + # Additional container ports to insert + extraContainerPorts: {} From 6a2ed324ee0cd90a2f8355189a958a9bfe155b2a Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Mon, 8 Apr 2024 13:30:59 +0300 Subject: [PATCH 8/9] PR notes --- files/config/cluster-config.json | 4 +--- templates/_helpers.tpl | 21 ++++++++++----------- templates/graphdb/statefulset.yaml | 1 - templates/proxy/statefulset.yaml | 1 - 4 files changed, 11 insertions(+), 16 deletions(-) diff --git a/files/config/cluster-config.json b/files/config/cluster-config.json index a68a36ef..cacbd140 100644 --- a/files/config/cluster-config.json +++ b/files/config/cluster-config.json @@ -5,7 +5,5 @@ "verificationTimeout": {{ .Values.graphdb.clusterConfig.verificationTimeout | int }}, "messageSizeKB": {{ .Values.graphdb.clusterConfig.messageSize | int }}, "transactionLogMaximumSizeGB": {{ .Values.graphdb.clusterConfig.transactionLogMaximumSizeGB | quote }}, - "nodes": [ - {{- include "graphdb.cluster.nodes.json" . | nindent 4 }} - ] + "nodes": {{- include "graphdb.cluster.nodes.json" . | indent 2 }} } diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 74798815..7893a59f 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -33,27 +33,26 @@ Renders the container image for GraphDB {{- end -}} {{/* -Renders the gRPC address of each GraphDB node that is part of the cluster. Used in the cluster JSON config. +Renders the gRPC address of each GraphDB node that is part of the cluster as a JSON array. Used in the cluster JSON config. */}} {{- define "graphdb.cluster.nodes.json" -}} - {{- $pod_name := include "graphdb.fullname" . }} - {{- $service_name := include "graphdb.fullname.service.headless" . }} - {{- $service_rpc_port := .Values.graphdb.node.headlessService.ports.rpc }} + {{- $pod_name := include "graphdb.fullname" . -}} + {{- $service_name := include "graphdb.fullname.service.headless" . -}} + {{- $service_rpc_port := .Values.graphdb.node.headlessService.ports.rpc -}} + {{- $nodes := list -}} {{- range $i, $node_index := until (int .Values.graphdb.clusterConfig.nodesCount) -}} - "{{ $pod_name }}-{{ $node_index }}.{{ $service_name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ $service_rpc_port }}" - {{- if gt (sub (int $.Values.graphdb.clusterConfig.nodesCount) 1 ) $node_index -}} - {{- ", \n" -}} - {{- end -}} + {{- $nodes = append $nodes (printf "%s-%s.%s.%s.svc.cluster.local:%s" $pod_name (toString $node_index) $service_name $.Release.Namespace (toString $service_rpc_port)) -}} {{- end -}} + {{- toPrettyJson $nodes -}} {{- end -}} {{/* Renders the HTTP address of each GraphDB node that is part of the cluster, joined by a comma. */}} {{- define "graphdb-proxy.cluster.nodes" -}} - {{- $pod_name := include "graphdb.fullname" . }} - {{- $service_name := include "graphdb.fullname.service.headless" . }} - {{- $service_http_port := .Values.graphdb.node.headlessService.ports.http }} + {{- $pod_name := include "graphdb.fullname" . -}} + {{- $service_name := include "graphdb.fullname.service.headless" . -}} + {{- $service_http_port := .Values.graphdb.node.headlessService.ports.http -}} {{- range $i, $node_index := until (int $.Values.graphdb.clusterConfig.nodesCount) -}} http://{{ $pod_name }}-{{ $node_index }}.{{ $service_name }}.{{ $.Release.Namespace }}.svc.cluster.local:{{ $service_http_port }} {{- if gt (sub (int $.Values.graphdb.clusterConfig.nodesCount) 1 ) $node_index -}} diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index dee401f1..e4f281f9 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -46,7 +46,6 @@ spec: {{- tpl ( toYaml . ) $ | nindent 8 }} {{- end }} spec: - setHostnameAsFQDN: false terminationGracePeriodSeconds: {{ .Values.graphdb.node.terminationGracePeriodSeconds }} serviceAccountName: {{ include "graphdb.serviceAccountName" . }} volumes: diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 88326496..340fa40a 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -37,7 +37,6 @@ spec: {{- tpl ( toYaml . ) $ | nindent 8 }} {{- end }} spec: - setHostnameAsFQDN: false terminationGracePeriodSeconds: {{ .Values.graphdb.clusterProxy.terminationGracePeriodSeconds }} volumes: - name: graphdb-properties From 0d8a48265626b57944944e338015cf2fad128358 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 8 Apr 2024 10:47:49 +0000 Subject: [PATCH 9/9] Updated the README --- README.md | 46 +++++++++++++++++++++++++++------------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index 8ad069c6..b99d405f 100644 --- a/README.md +++ b/README.md @@ -475,19 +475,22 @@ about defining resource limits. | configuration.logback.existingConfigmap | string | `""` | | | configuration.properties.configmapKey | string | `"graphdb.properties"` | | | configuration.properties.existingConfigmap | string | `""` | | +| containerPorts.http | int | `7200` | | +| containerPorts.rpc | int | `7300` | | | deployment.host | string | `"localhost"` | | | deployment.imagePullPolicy | string | `"IfNotPresent"` | Defines the policy with which components will request their image. | -| deployment.ingress | object | `{"annotations":{},"class":"nginx","enabled":true,"maxRequestSize":"512M","timeout":{"connect":5,"read":600,"send":600}}` | Ingress related configurations | +| deployment.imagePullSecrets | list | `[]` | Secrets used to pull Docker images. | +| deployment.ingress | object | `{"annotations":{},"className":"","enabled":true,"extraHosts":[],"extraTLS":[],"host":"","labels":{},"path":"","pathType":"Prefix"}` | Ingress related configurations | | deployment.ingress.annotations | object | `{}` | Sets extra ingress annotations | -| deployment.ingress.maxRequestSize | string | `"512M"` | Sets the maximum size for all requests to the underlying Nginx | -| deployment.ingress.timeout | object | `{"connect":5,"read":600,"send":600}` | Default timeouts in seconds for the underlying Nginx. | +| deployment.ingress.className | string | `""` | Specifies the ingress controller implementation that will deploy this ingress. Not defining this would result in using the default ingress controller in the cluster, if there is one. | +| deployment.ingress.enabled | bool | `true` | Toggles the deployment of the default ingress | | deployment.protocol | string | `"http"` | The hostname and protocol at which the graphdb will be accessible. Needed to configure ingress as well as some components require it to properly render their UIs | | deployment.tls.enabled | bool | `false` | Feature toggle for SSL termination. Disabled by default. If TLS is enabled, the protocol should also be updated (https) | | deployment.tls.secretName | string | `nil` | Name of a Kubernetes secret object with the key and certificate. If TLS is enabled, it's required to be provided, depending on the deployment. | +| extraContainerPorts | object | `{}` | | | fullnameOverride | string | `""` | | | global.imagePullSecrets | list | `[]` | | -| global.imageRegistry | string | `"docker.io"` | | -| global.storageClass | string | `"standard"` | | +| global.imageRegistry | string | `""` | | | graphdb.clusterConfig.clusterCreationTimeout | int | `60` | Timeout for the cluster creation CURL query. Note: By default helm waits for Kubernetes commands to complete for 5 minutes. You can increase that by adding "--timeout 10m" to the helm command. | | graphdb.clusterConfig.clusterSecret | string | `"s3cr37"` | A secret used for secure communication amongst the nodes in the cluster. | | graphdb.clusterConfig.electionMinTimeout | int | `8000` | Cluster configuration parameters: Refer to https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html#creation-parameters The minimum wait time in milliseconds for a heartbeat from a leader. | @@ -499,27 +502,29 @@ about defining resource limits. | graphdb.clusterConfig.transactionLogMaximumSizeGB | int | `50` | | | graphdb.clusterConfig.verificationTimeout | int | `1500` | | | graphdb.clusterProxy.affinity | object | `{}` | | +| graphdb.clusterProxy.containerPorts.http | int | `7200` | | +| graphdb.clusterProxy.containerPorts.rpc | int | `7300` | | | graphdb.clusterProxy.extraEnv | list | `[]` | | | graphdb.clusterProxy.extraEnvFrom | list | `[]` | | | graphdb.clusterProxy.extraInitContainers | list | `[]` | | | graphdb.clusterProxy.extraVolumeMounts | list | `[]` | | | graphdb.clusterProxy.extraVolumes | list | `[]` | | -| graphdb.clusterProxy.headlessService | object | `{"annotations":{}}` | GraphDB cluster proxy headless service configurations | +| graphdb.clusterProxy.headlessService | object | `{"annotations":{},"labels":{},"ports":{"http":7200,"rpc":7300}}` | GraphDB cluster proxy headless service configurations | | graphdb.clusterProxy.java_args | string | `"-XX:MaxRAMPercentage=70 -Ddefault.min.distinct.threshold=100m -XX:+UseContainerSupport"` | Java arguments with which the cluster proxy instances will be launched. GraphDB configuration properties can also be passed here in the format -Dprop=value | -| graphdb.clusterProxy.livenessProbe | object | `{"httpGet":{"path":"/proxy/health","port":"gdb-proxy-port"},"initialDelaySeconds":120,"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB cluster proxy liveness probe. Misconfigured probe can lead to a failing cluster. | +| graphdb.clusterProxy.livenessProbe | object | `{"httpGet":{"path":"/proxy/health","port":"http"},"initialDelaySeconds":120,"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB cluster proxy liveness probe. Misconfigured probe can lead to a failing cluster. | | graphdb.clusterProxy.nodeSelector | object | `{}` | | -| graphdb.clusterProxy.persistence | object | `{"enablePersistence":true,"volumeClaimTemplateSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"500Mi"}}}}` | Persistence configurations. By default, Helm will use a PV that reads and writes to the host file system. | +| graphdb.clusterProxy.persistence | object | `{"enabled":true,"volumeClaimTemplateSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"500Mi"}}}}` | Persistence configurations. By default, Helm will use a PV that reads and writes to the host file system. | | graphdb.clusterProxy.podAnnotations | object | `{}` | | | graphdb.clusterProxy.podLabels | object | `{}` | | | graphdb.clusterProxy.podSecurityContext | object | `{}` | | -| graphdb.clusterProxy.readinessProbe | object | `{"httpGet":{"path":"/proxy/ready","port":"gdb-proxy-port"},"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB cluster proxy readiness probe. Misconfigured probe can lead to a failing cluster. | +| graphdb.clusterProxy.readinessProbe | object | `{"httpGet":{"path":"/proxy/ready","port":"http"},"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB cluster proxy readiness probe. Misconfigured probe can lead to a failing cluster. | | graphdb.clusterProxy.replicas | int | `1` | Number of cluster proxies used to access the GraphDB cluster | | graphdb.clusterProxy.resources | object | `{"limits":{"memory":"1500Mi"},"requests":{"cpu":"100m","memory":"1500Mi"}}` | Minimum requirements for a successfully running GraphDB cluster proxy | | graphdb.clusterProxy.revisionHistoryLimit | int | `10` | | | graphdb.clusterProxy.securityContext | object | `{}` | | -| graphdb.clusterProxy.service | object | `{"annotations":{}}` | GraphDB cluster proxy service configurations | +| graphdb.clusterProxy.service | object | `{"annotations":{},"labels":{},"nodePort":"","ports":{"http":7200,"rpc":7300}}` | GraphDB cluster proxy service configurations | | graphdb.clusterProxy.serviceType | string | `"LoadBalancer"` | Service type used by the graphdb-cluster-proxy service Note: If using ALB in AWS EKS this will default to being on the public internet | -| graphdb.clusterProxy.startupProbe | object | `{"failureThreshold":60,"httpGet":{"path":"/proxy/ready","port":"gdb-proxy-port"},"periodSeconds":5,"timeoutSeconds":3}` | Configurations for the GraphDB cluster proxy startup probe. Misconfigured probe can lead to a failing cluster. | +| graphdb.clusterProxy.startupProbe | object | `{"failureThreshold":60,"httpGet":{"path":"/proxy/ready","port":"http"},"periodSeconds":5,"timeoutSeconds":3}` | Configurations for the GraphDB cluster proxy startup probe. Misconfigured probe can lead to a failing cluster. | | graphdb.clusterProxy.terminationGracePeriodSeconds | int | `30` | | | graphdb.clusterProxy.tolerations | list | `[]` | | | graphdb.clusterProxy.topologySpreadConstraints | list | `[]` | | @@ -538,23 +543,23 @@ about defining resource limits. | graphdb.node.extraInitContainers | list | `[]` | | | graphdb.node.extraVolumeMounts | list | `[]` | | | graphdb.node.extraVolumes | list | `[]` | | +| graphdb.node.headlessService | object | `{"annotations":{},"labels":{},"ports":{"http":7200,"rpc":7300}}` | GraphDB node headless service configurations | | graphdb.node.initContainerResources | object | `{}` | | | graphdb.node.initContainerSecurityContext | object | `{}` | | | graphdb.node.java_args | string | `"-XX:MaxRAMPercentage=70 -Ddefault.min.distinct.threshold=100m -XX:+UseContainerSupport"` | Java arguments with which node instances will be launched. GraphDB configuration properties can also be passed here in the format -Dprop=value | | graphdb.node.license | string | `nil` | Reference to a secret containing 'graphdb.license' file to be used by the nodes. Important: Must be created beforehand | | graphdb.node.licenseFilename | string | `"graphdb.license"` | File name of the GraphDB license file in the existing license secret. Default is graphdb.license | -| graphdb.node.livenessProbe | object | `{"httpGet":{"path":"/protocol","port":"graphdb"},"initialDelaySeconds":60,"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB node liveness probe. Misconfigured probe can lead to a failing cluster. | +| graphdb.node.livenessProbe | object | `{"httpGet":{"path":"/protocol","port":"http"},"initialDelaySeconds":60,"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB node liveness probe. Misconfigured probe can lead to a failing cluster. | | graphdb.node.nodeSelector | object | `{}` | | -| graphdb.node.persistence | object | `{"volumeClaimTemplateSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"5Gi"}}}}` | Persistence configurations. By default, Helm will use a PV that reads and writes to the host file system. | +| graphdb.node.persistence | object | `{"enabled":true,"volumeClaimTemplateSpec":{"accessModes":["ReadWriteOnce"],"resources":{"requests":{"storage":"5Gi"}}}}` | Persistence configurations. By default, Helm will use a PV that reads and writes to the host file system. | | graphdb.node.podAnnotations | object | `{}` | | | graphdb.node.podLabels | object | `{}` | | | graphdb.node.podSecurityContext | object | `{}` | | -| graphdb.node.readinessProbe | object | `{"httpGet":{"path":"/protocol","port":"graphdb"},"initialDelaySeconds":5,"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB node readiness probe. Misconfigured probe can lead to a failing cluster. | +| graphdb.node.readinessProbe | object | `{"httpGet":{"path":"/protocol","port":"http"},"initialDelaySeconds":5,"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB node readiness probe. Misconfigured probe can lead to a failing cluster. | | graphdb.node.resources | object | `{"limits":{"memory":"2Gi"},"requests":{"cpu":0.5,"memory":"2Gi"}}` | Below are minimum requirements for data sets of up to 50 million RDF triples For resizing, refer according to the GraphDB documentation https://graphdb.ontotext.com/documentation/10.6/requirements.html | | graphdb.node.revisionHistoryLimit | int | `10` | | | graphdb.node.securityContext | object | `{}` | | -| graphdb.node.service | object | `{"annotations":{}}` | GraphDB node service configurations | -| graphdb.node.startupProbe | object | `{"failureThreshold":30,"httpGet":{"path":"/protocol","port":"graphdb"},"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB node startup probe. Misconfigured probe can lead to a failing cluster. | +| graphdb.node.startupProbe | object | `{"failureThreshold":30,"httpGet":{"path":"/protocol","port":"http"},"periodSeconds":10,"timeoutSeconds":5}` | Configurations for the GraphDB node startup probe. Misconfigured probe can lead to a failing cluster. | | graphdb.node.terminationGracePeriodSeconds | int | `120` | | | graphdb.node.tolerations | list | `[]` | | | graphdb.node.topologySpreadConstraints | list | `[]` | | @@ -567,19 +572,22 @@ about defining resource limits. | graphdb.serviceAccount.annotations | object | `{}` | | | graphdb.serviceAccount.create | bool | `true` | | | graphdb.serviceAccount.name | string | `""` | | -| graphdb.workbench.subpath | string | `"/graphdb"` | This is the sub path at which GraphDB workbench can be opened. Should be configured in the API gateway (or any other proxy in front) | -| images.busybox.repository | string | `"busybox"` | | -| images.busybox.tag | string | `"1.36.1"` | | +| graphdb.workbench.subpath | string | `"/"` | This is the sub path at which GraphDB workbench can be opened. | | images.graphdb.registry | string | `"docker.io"` | | | images.graphdb.repository | string | `"ontotext/graphdb"` | | +| images.graphdb.sha | string | `""` | | | images.graphdb.tag | string | `""` | | | labels | object | `{}` | | | nameOverride | string | `""` | | +| properties | object | `{}` | | | provision.settings.configmapKey | string | `"settings.js"` | | | provision.settings.existingConfigmap | string | `""` | | | provision.users.configmapKey | string | `"users.js"` | | | provision.users.existingConfigmap | string | `""` | | | proxy.annotations | object | `{}` | | +| proxy.containerPorts.http | int | `7200` | | +| proxy.containerPorts.rpc | int | `7300` | | +| proxy.extraContainerPorts | object | `{}` | | | proxy.fullnameOverride | string | `""` | | | proxy.labels | object | `{}` | | | proxy.nameOverride | string | `""` | |