From 4b82332e52f1d98d3c02e3c5e9719d4216fc0b7f Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Wed, 15 May 2024 11:07:19 +0300 Subject: [PATCH 1/4] Node scheduling configurations are processed as templates --- CHANGELOG.md | 1 + templates/graphdb/statefulset.yaml | 8 ++++---- templates/proxy/statefulset.yaml | 8 ++++---- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 97430db6..ed7818bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -139,6 +139,7 @@ TODO: decide how detailed we want this to be - Overhauled NOTES.txt to be more helpful - Added default resource limits and requests for all init containers and provisioning jobs - PodDisruptionBudget are enabled by default for both GraphDB and GraphDB proxy +- Node scheduling configurations are now processed as templates - Updated init containers to invoke `bash` instead of `sh` ## Version 10.6.0-R2 diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index e4d77aef..af5b80a5 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -120,16 +120,16 @@ spec: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.affinity }} - affinity: {{- toYaml . | nindent 8 }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.topologySpreadConstraints }} - topologySpreadConstraints: {{- toYaml . | nindent 8 }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index b60c6353..4c462335 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -93,16 +93,16 @@ spec: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.proxy.nodeSelector }} - nodeSelector: {{- toYaml . | nindent 8 }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.proxy.affinity }} - affinity: {{- toYaml . | nindent 8 }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.proxy.tolerations }} - tolerations: {{- toYaml . | nindent 8 }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.proxy.topologySpreadConstraints }} - topologySpreadConstraints: {{- toYaml . | nindent 8 }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} {{- with .Values.proxy.podSecurityContext }} securityContext: {{- toYaml . | nindent 8 }} From f4b0765088ee0b35f65f2b4c5eac3121fd02c85a Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Wed, 15 May 2024 23:22:51 +0300 Subject: [PATCH 2/4] Configurations restructure --- CHANGELOG.md | 8 +- examples/custom-logback/values.yaml | 8 +- files/config/users.js | 2 +- templates/_helpers.tpl | 4 +- templates/graphdb/_labels.tpl | 12 +- ...figmap.yaml => configmap-environment.yaml} | 2 +- ...s.yaml => configmap-initial-settings.yaml} | 6 +- ...t-users.yaml => secret-initial-users.yaml} | 6 +- templates/graphdb/secret-properties.yaml | 4 +- templates/graphdb/statefulset.yaml | 50 +++--- templates/jobs/configmap-cluster-config.yaml | 4 +- templates/jobs/job-create-cluster.yaml | 6 +- templates/jobs/job-patch-cluster.yaml | 4 +- .../jobs/job-provision-repositories.yaml | 4 +- templates/proxy/_labels.tpl | 4 + ...figmap.yaml => configmap-environment.yaml} | 2 +- templates/proxy/secret-properties.yaml | 4 +- templates/proxy/statefulset.yaml | 34 ++-- values.yaml | 162 ++++++++++-------- 19 files changed, 171 insertions(+), 155 deletions(-) rename templates/graphdb/{configmap.yaml => configmap-environment.yaml} (87%) rename templates/graphdb/{configmap-settings.yaml => configmap-initial-settings.yaml} (59%) rename templates/graphdb/{secret-users.yaml => secret-initial-users.yaml} (50%) rename templates/proxy/{configmap.yaml => configmap-environment.yaml} (88%) diff --git a/CHANGELOG.md b/CHANGELOG.md index ed7818bd..7cbc08ba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -29,7 +29,7 @@ TODO: decide how detailed we want this to be - Moved all proxy configurations from `graphdb.clusterProxy` to just `proxy` - Renamed `proxy.persistence.enablePersistence` toggle to just `enabled` - Moved `proxy.serviceType` to `proxy.service.type` -- Configmaps from `graphdb.configs` are now under `extraConfiguration`, `repositories` and `initialConfiguration` with a different structure allowing +- Configmaps from `graphdb.configs` are now under `configuration`, `repositories`, `cluster` and `security` with a different structure allowing better reuse of existing configmaps - Users are now provided as a Secret - Moved job related configurations from `graphdb` (e.g. `graphdb.jobResources`) to a new root section `jobs` @@ -85,12 +85,12 @@ TODO: decide how detailed we want this to be - Added a Service for single GraphDB deployments, configured with new configurations under `service` - Added new proxy configurations `proxy.command` and `proxy.args` that override the default container entrypoint and command, use for troubleshooting - Added new `global.clusterDomain` for reconfiguring the default Kubernetes cluster domain suffix in case it is different than `cluster.local` -- Added `cluster.existingConfigmapKey` to specify a custom configmap key if needed +- Added `cluster.config.configmapKey` to specify a custom configmap key if needed - Added `namespaceOverride` for overriding the deployment namespace for all resources in case of multi-namespace deployment - Added `proxy.logging.logback` configurations for providing the proxy with a custom Logback XML configuration - Added `extraConfiguration.existingSecret` for appending GraphDB properties from an existing Secret resource - Added `proxy.extraConfiguration` for appending extra GraphDB properties from existing ConfigMap and Secret resources -- Added `cluster.existingClusterSecret` and `cluster.existingClusterSecretKey` for using an existing Secret instead of providing the cluster secret +- Added `cluster.token.existingSecret` and `cluster.token.secretKey` for using an existing Secret instead of providing the cluster secret token as plaintext in values.yaml - Added default Secret objects for GraphDB and the proxy that contain sensitive GraphDB configurations - Added `configuration.secretProperties` and `proxy.secretProperties` for appending additional sensitive GraphDB configurations if needed @@ -116,7 +116,7 @@ TODO: decide how detailed we want this to be - Added `jobs.persistence.emptyDir` configurations for the default temporary storage for all jobs - Added `security.provisioner.existingSecret` and `security.provisioner.tokenKey` to provide an existing authentication token - Added `security.admin` for configuring the username and/or the password of the administrator user -- Added `security.users` for inserting additional users into the default initial user.js configuration +- Added `security.initialUsers.users` for inserting additional users into the default initial user.js configuration - Added `initContainerDataPermissions` and `proxy.initContainerDataPermissions` for changing permissions in the storage volumes if needed - Added `extraVolumeClaimTemplates` and `proxy.extraVolumeClaimTemplates` diff --git a/examples/custom-logback/values.yaml b/examples/custom-logback/values.yaml index cd6b3df7..f5c169c4 100644 --- a/examples/custom-logback/values.yaml +++ b/examples/custom-logback/values.yaml @@ -1,11 +1,9 @@ -logging: +configuration: logback: existingConfigmap: "graphdb-custom-logback-config" - configmapKey: "logback.xml" -# You can use the same configuration for the proxy as well +# You can use the same Logback configuration for the proxy as well proxy: - logging: + configuration: logback: existingConfigmap: "graphdb-custom-logback-config" - configmapKey: "logback.xml" diff --git a/files/config/users.js b/files/config/users.js index 92f2b5a4..6be77846 100644 --- a/files/config/users.js +++ b/files/config/users.js @@ -2,7 +2,7 @@ "users" : { "{{ .Values.security.admin.username }}" : { "username" : "{{ .Values.security.admin.username }}", - "password" : {{ coalesce .Values.security.admin.password "{bcrypt}$2a$10$H7uekkF1ZFLIV5M1g9tDs.syZGtkMqrfj2Si2SHG1WgwhpNqpZwne" | quote }}, + "password" : {{ .Values.security.admin.initialPassword | default "{bcrypt}$2a$10$H7uekkF1ZFLIV5M1g9tDs.syZGtkMqrfj2Si2SHG1WgwhpNqpZwne" | quote }}, "grantedAuthorities" : [ "ROLE_ADMIN" ], "appSettings" : { "DEFAULT_INFERENCE" : true, diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 8512eb8c..56a6cc07 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -78,8 +78,8 @@ Renders the HTTP address of each GraphDB node that is part of the cluster, joine {{- end -}} {{- define "grahdb.security.extra-users.json" -}} -{{- if .Values.security.users -}} - {{- range $user, $data := .Values.security.users -}} +{{- if .Values.security.initialUsers.users -}} + {{- range $user, $data := .Values.security.initialUsers.users -}} {{- $user | quote }}: {{ $data | mustToPrettyJson }}, {{- end -}} {{- end -}} diff --git a/templates/graphdb/_labels.tpl b/templates/graphdb/_labels.tpl index 62bb4295..809071e9 100644 --- a/templates/graphdb/_labels.tpl +++ b/templates/graphdb/_labels.tpl @@ -2,6 +2,10 @@ Helper functions for labels related to GraphDB resources */}} +{{- define "graphdb.fullname.configmap.environment" -}} + {{- printf "%s-%s" (include "graphdb.fullname" .) "environment" -}} +{{- end -}} + {{- define "graphdb.fullname.configmap.properties" -}} {{- printf "%s-%s" (include "graphdb.fullname" .) "properties" -}} {{- end -}} @@ -10,12 +14,12 @@ Helper functions for labels related to GraphDB resources {{- printf "%s-%s" (include "graphdb.fullname" .) "properties" -}} {{- end -}} -{{- define "graphdb.fullname.configmap.settings" -}} - {{- printf "%s-%s" (include "graphdb.fullname" .) "settings" -}} +{{- define "graphdb.fullname.configmap.initial-settings" -}} + {{- printf "%s-%s" (include "graphdb.fullname" .) "initial-settings" -}} {{- end -}} -{{- define "graphdb.fullname.secret.users" -}} - {{- printf "%s-%s" (include "graphdb.fullname" .) "users" -}} +{{- define "graphdb.fullname.secret.initial-users" -}} + {{- printf "%s-%s" (include "graphdb.fullname" .) "initial-users" -}} {{- end -}} {{- define "graphdb.fullname.service.headless" -}} diff --git a/templates/graphdb/configmap.yaml b/templates/graphdb/configmap-environment.yaml similarity index 87% rename from templates/graphdb/configmap.yaml rename to templates/graphdb/configmap-environment.yaml index 9f81ab91..ed747347 100644 --- a/templates/graphdb/configmap.yaml +++ b/templates/graphdb/configmap-environment.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "graphdb.fullname" . }} + name: {{ include "graphdb.fullname.configmap.environment" . }} namespace: {{ include "graphdb.namespace" . }} labels: {{- include "graphdb.labels" . | nindent 4 }} diff --git a/templates/graphdb/configmap-settings.yaml b/templates/graphdb/configmap-initial-settings.yaml similarity index 59% rename from templates/graphdb/configmap-settings.yaml rename to templates/graphdb/configmap-initial-settings.yaml index 88d9379c..8ae1305a 100644 --- a/templates/graphdb/configmap-settings.yaml +++ b/templates/graphdb/configmap-initial-settings.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.security.enabled (not .Values.initialConfiguration.settings.existingConfigmap) }} +{{- if and .Values.security.enabled (not .Values.configuration.initialSettings.existingConfigmap) }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "graphdb.fullname.configmap.settings" . }} + name: {{ include "graphdb.fullname.configmap.initial-settings" . }} namespace: {{ include "graphdb.namespace" . }} labels: {{- include "graphdb.labels" . | nindent 4 }} @@ -11,6 +11,6 @@ metadata: {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} data: - {{ .Values.initialConfiguration.settings.configmapKey }}: |- + {{ .Values.configuration.initialSettings.configmapKey }}: |- {{- tpl (.Files.Get "files/config/settings.js" | trim) . | nindent 4 }} {{- end }} diff --git a/templates/graphdb/secret-users.yaml b/templates/graphdb/secret-initial-users.yaml similarity index 50% rename from templates/graphdb/secret-users.yaml rename to templates/graphdb/secret-initial-users.yaml index d8cc370d..1b8012d7 100644 --- a/templates/graphdb/secret-users.yaml +++ b/templates/graphdb/secret-initial-users.yaml @@ -1,8 +1,8 @@ -{{- if and .Values.security.enabled (not .Values.initialConfiguration.users.existingSecret) }} +{{- if and .Values.security.enabled (not .Values.security.initialUsers.existingSecret) }} apiVersion: v1 kind: Secret metadata: - name: {{ include "graphdb.fullname.secret.users" . }} + name: {{ include "graphdb.fullname.secret.initial-users" . }} namespace: {{ include "graphdb.namespace" . }} labels: {{- include "graphdb.labels" . | nindent 4 }} @@ -12,5 +12,5 @@ metadata: {{- end }} type: Opaque data: - {{ .Values.initialConfiguration.users.secretKey }}: {{ tpl (.Files.Get "files/config/users.js" | trim) . | b64enc | quote }} + {{ .Values.security.initialUsers.secretKey }}: {{ tpl (.Files.Get "files/config/users.js" | trim) . | b64enc | quote }} {{- end }} diff --git a/templates/graphdb/secret-properties.yaml b/templates/graphdb/secret-properties.yaml index 6c1d9a1f..54e13ba5 100644 --- a/templates/graphdb/secret-properties.yaml +++ b/templates/graphdb/secret-properties.yaml @@ -13,8 +13,8 @@ type: Opaque stringData: graphdb-secrets.properties: |- ##### GraphDB sensitive configurations ##### - {{- if and (gt (int .Values.replicas) 1) (not .Values.cluster.existingClusterSecret) }} - graphdb.auth.token.secret={{ .Values.cluster.clusterSecret | quote }} + {{- if and (gt (int .Values.replicas) 1) (not .Values.cluster.token.existingSecret) }} + graphdb.auth.token.secret={{ .Values.cluster.token.secret | quote }} {{- end }} {{- if .Values.configuration.secretProperties }} ##### Secrets overrides from values.yaml ##### diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index af5b80a5..4b203ce7 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -56,7 +56,7 @@ spec: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} annotations: - checksum/configmap: {{ include (print .Template.BasePath "/graphdb/configmap.yaml") . | sha256sum }} + checksum/configmap-environment: {{ include (print .Template.BasePath "/graphdb/configmap-environment.yaml") . | sha256sum }} checksum/configmap-properties: {{ include (print .Template.BasePath "/graphdb/configmap-properties.yaml") . | sha256sum }} checksum/secret-properties: {{ include (print .Template.BasePath "/graphdb/secret-properties.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} @@ -86,35 +86,35 @@ spec: - name: graphdb-secret-properties secret: secretName: {{ include "graphdb.fullname.secret.properties" . }} - {{- if .Values.extraConfiguration.properties.existingConfigmap }} + {{- if .Values.configuration.extraProperties.existingConfigmap }} - name: graphdb-extra-properties configMap: - name: {{ tpl .Values.extraConfiguration.properties.existingConfigmap . }} + name: {{ tpl .Values.configuration.extraProperties.existingConfigmap . }} {{- end }} - {{- if .Values.extraConfiguration.properties.existingSecret }} + {{- if .Values.configuration.extraProperties.existingSecret }} - name: graphdb-extra-secret-properties secret: - secretName: {{ tpl .Values.extraConfiguration.properties.existingSecret . }} + secretName: {{ tpl .Values.configuration.extraProperties.existingSecret . }} {{- end }} - {{- if .Values.logging.logback.existingConfigmap }} + {{- if .Values.configuration.logback.existingConfigmap }} - name: graphdb-logback-config configMap: - name: {{ tpl .Values.logging.logback.existingConfigmap . }} + name: {{ tpl .Values.configuration.logback.existingConfigmap . }} {{- end }} {{- if .Values.license.existingSecret }} - name: graphdb-license secret: secretName: {{ tpl .Values.license.existingSecret . }} {{- end }} - {{- if or .Values.security.enabled .Values.initialConfiguration.settings.existingConfigmap }} + {{- if or .Values.security.enabled .Values.configuration.initialSettings.existingConfigmap }} - name: graphdb-initial-settings-config configMap: - name: {{ (tpl .Values.initialConfiguration.settings.existingConfigmap .) | default (include "graphdb.fullname.configmap.settings" .) }} + name: {{ (tpl .Values.configuration.initialSettings.existingConfigmap .) | default (include "graphdb.fullname.configmap.initial-settings" .) }} {{- end }} - {{- if or .Values.security.enabled .Values.initialConfiguration.users.existingSecret }} + {{- if or .Values.security.enabled .Values.security.initialUsers.existingSecret }} - name: graphdb-initial-users-config secret: - secretName: {{ (tpl .Values.initialConfiguration.users.existingSecret .) | default (include "graphdb.fullname.secret.users" .) }} + secretName: {{ (tpl .Values.security.initialUsers.existingSecret .) | default (include "graphdb.fullname.secret.initial-users" .) }} {{- end }} {{- with .Values.extraVolumes }} {{- tpl (toYaml .) $ | nindent 8 }} @@ -176,12 +176,12 @@ spec: value: {{ .Values.containerPorts.http | quote }} - name: GRAPHDB_RPC_PORT value: {{ .Values.containerPorts.rpc | quote }} - {{- if .Values.cluster.existingClusterSecret }} + {{- if .Values.cluster.token.existingSecret }} - name: GRAPHDB_CLUSTER_SECRET valueFrom: secretKeyRef: - name: {{ .Values.cluster.existingClusterSecret }} - key: {{ .Values.cluster.existingClusterSecretKey }} + name: {{ .Values.cluster.token.existingSecret }} + key: {{ .Values.cluster.token.secretKey }} {{- end }} volumeMounts: - name: storage @@ -192,25 +192,25 @@ spec: - name: graphdb-secret-properties mountPath: /tmp/graphdb/graphdb-secrets.properties subPath: graphdb-secrets.properties - {{- if .Values.extraConfiguration.properties.existingConfigmap }} + {{- if .Values.configuration.extraProperties.existingConfigmap }} - name: graphdb-extra-properties mountPath: /tmp/graphdb/graphdb-extra.properties - subPath: {{ .Values.extraConfiguration.properties.configmapKey }} + subPath: {{ .Values.configuration.extraProperties.configmapKey }} {{- end }} - {{- if .Values.extraConfiguration.properties.existingSecret }} + {{- if .Values.configuration.extraProperties.existingSecret }} - name: graphdb-extra-secret-properties mountPath: /tmp/graphdb/graphdb-extra-secret.properties - subPath: {{ .Values.extraConfiguration.properties.secretKey }} + subPath: {{ .Values.configuration.extraProperties.secretKey }} {{- end }} - {{- if or .Values.security.enabled .Values.initialConfiguration.settings.existingConfigmap }} + {{- if or .Values.security.enabled .Values.configuration.initialSettings.existingConfigmap }} - name: graphdb-initial-settings-config mountPath: /tmp/graphdb/settings.js - subPath: {{ .Values.initialConfiguration.settings.configmapKey }} + subPath: {{ .Values.configuration.initialSettings.configmapKey }} {{- end }} - {{- if or .Values.security.enabled .Values.initialConfiguration.users.existingSecret }} + {{- if or .Values.security.enabled .Values.security.initialUsers.existingSecret }} - name: graphdb-initial-users-config mountPath: /tmp/graphdb/users.js - subPath: {{ .Values.initialConfiguration.users.secretKey }} + subPath: {{ .Values.security.initialUsers.secretKey }} {{- end }} {{- with .Values.initContainerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} @@ -297,7 +297,7 @@ spec: {{- end }} envFrom: - configMapRef: - name: {{ include "graphdb.fullname" . }} + name: {{ include "graphdb.fullname.configmap.environment" . }} {{- with .Values.extraEnvFrom }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} @@ -312,10 +312,10 @@ spec: mountPath: /opt/graphdb/home/conf/graphdb.license subPath: {{ .Values.license.licenseFilename }} {{- end }} - {{- if .Values.logging.logback.existingConfigmap }} + {{- if .Values.configuration.logback.existingConfigmap }} - name: graphdb-logback-config mountPath: /opt/graphdb/home/conf/logback.xml - subPath: {{ .Values.logging.logback.configmapKey }} + subPath: {{ .Values.configuration.logback.configmapKey }} {{- end }} {{- if .Values.import.volumeMount.enabled }} - name: import diff --git a/templates/jobs/configmap-cluster-config.yaml b/templates/jobs/configmap-cluster-config.yaml index 81e5b596..04018646 100644 --- a/templates/jobs/configmap-cluster-config.yaml +++ b/templates/jobs/configmap-cluster-config.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.cluster.jobs.createCluster.enabled (gt (int .Values.replicas) 1) (not .Values.cluster.existingConfig) }} +{{- if and .Values.cluster.jobs.createCluster.enabled (gt (int .Values.replicas) 1) (not .Values.cluster.config.existingConfigmap) }} # Default configuration map for provisioning the GraphDB cluster configuration. # To change it, prepare another configuration map and update "graphdb.configs.clusterConfig" apiVersion: v1 @@ -13,6 +13,6 @@ metadata: {{- tpl (toYaml .) $ | nindent 4 }} {{- end }} data: - cluster-config.json: |- + {{ .Values.cluster.config.configmapKey }}: |- {{- tpl (.Files.Get "files/config/cluster-config.json" | trim) . | nindent 4 }} {{- end }} diff --git a/templates/jobs/job-create-cluster.yaml b/templates/jobs/job-create-cluster.yaml index 354c7134..211086c9 100644 --- a/templates/jobs/job-create-cluster.yaml +++ b/templates/jobs/job-create-cluster.yaml @@ -32,7 +32,7 @@ spec: emptyDir: {{ .Values.jobs.persistence.emptyDir | toYaml | nindent 12 }} - name: cluster-config configMap: - name: {{ (tpl .Values.cluster.existingConfig .) | default (include "graphdb.fullname.configmap.cluster" .) }} + name: {{ (tpl .Values.cluster.config.existingConfigmap .) | default (include "graphdb.fullname.configmap.cluster" .) }} - name: graphdb-utils configMap: name: {{ include "graphdb.fullname.configmap.utils" . }} @@ -50,7 +50,7 @@ spec: - name: GRAPHDB_AUTH_TOKEN valueFrom: secretKeyRef: - name: {{ coalesce .Values.security.provisioner.existingSecret (include "graphdb.fullname.secret.provisioning-user" .) }} + name: {{ .Values.security.provisioner.existingSecret | default (include "graphdb.fullname.secret.provisioning-user" .) }} key: {{ .Values.security.provisioner.tokenKey }} {{- with .Values.jobs.securityContext }} securityContext: {{ toYaml . | nindent 12 }} @@ -65,7 +65,7 @@ spec: mountPath: /tmp/utils - name: cluster-config mountPath: /tmp/cluster-config/cluster-config.json - subPath: {{ .Values.cluster.existingConfigmapKey }} + subPath: {{ .Values.cluster.config.configmapKey }} command: ["bash"] args: - "/tmp/utils/graphdb.sh" diff --git a/templates/jobs/job-patch-cluster.yaml b/templates/jobs/job-patch-cluster.yaml index 1ee17dfb..546e3f68 100644 --- a/templates/jobs/job-patch-cluster.yaml +++ b/templates/jobs/job-patch-cluster.yaml @@ -32,7 +32,7 @@ spec: emptyDir: {{ .Values.jobs.persistence.emptyDir | toYaml | nindent 12 }} - name: cluster-config configMap: - name: {{ (tpl .Values.cluster.existingConfig .) | default (printf "%s-cluster" (include "graphdb.fullname" .)) }} + name: {{ (tpl .Values.cluster.config.existingConfigmap .) | default (printf "%s-cluster" (include "graphdb.fullname" .)) }} - name: graphdb-utils configMap: name: {{ include "graphdb.fullname.configmap.utils" . }} @@ -69,7 +69,7 @@ spec: mountPath: /tmp/utils - name: cluster-config mountPath: /tmp/cluster-config/cluster-config.json - subPath: {{ .Values.cluster.existingConfigmapKey }} + subPath: {{ .Values.cluster.config.configmapKey }} command: ["bash"] args: - "/tmp/utils/update-cluster.sh" diff --git a/templates/jobs/job-provision-repositories.yaml b/templates/jobs/job-provision-repositories.yaml index 6b5aecda..9d2caffc 100644 --- a/templates/jobs/job-provision-repositories.yaml +++ b/templates/jobs/job-provision-repositories.yaml @@ -1,4 +1,4 @@ -{{- if .Values.repositories.repositoriesConfigmap }} +{{- if .Values.repositories.existingConfigmap }} apiVersion: batch/v1 kind: Job metadata: @@ -32,7 +32,7 @@ spec: emptyDir: {{ .Values.jobs.persistence.emptyDir | toYaml | nindent 12 }} - name: repositories-config configMap: - name: {{ .Values.repositories.repositoriesConfigmap }} + name: {{ .Values.repositories.existingConfigmap }} - name: graphdb-utils configMap: name: {{ include "graphdb.fullname.configmap.utils" . }} diff --git a/templates/proxy/_labels.tpl b/templates/proxy/_labels.tpl index 6ce8c2f3..2ac56169 100644 --- a/templates/proxy/_labels.tpl +++ b/templates/proxy/_labels.tpl @@ -56,6 +56,10 @@ app.kubernetes.io/name: {{ include "graphdb-proxy.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} {{- end }} +{{- define "graphdb-proxy.fullname.configmap.environment" -}} + {{- printf "%s-%s" (include "graphdb-proxy.fullname" .) "environment" -}} +{{- end -}} + {{- define "graphdb-proxy.fullname.configmap.properties" -}} {{- printf "%s-%s" (include "graphdb-proxy.fullname" .) "properties" -}} {{- end -}} diff --git a/templates/proxy/configmap.yaml b/templates/proxy/configmap-environment.yaml similarity index 88% rename from templates/proxy/configmap.yaml rename to templates/proxy/configmap-environment.yaml index 982659b2..083be92e 100644 --- a/templates/proxy/configmap.yaml +++ b/templates/proxy/configmap-environment.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ include "graphdb-proxy.fullname" . }} + name: {{ include "graphdb-proxy.fullname.configmap.environment" . }} namespace: {{ include "graphdb.namespace" . }} labels: {{- include "graphdb-proxy.labels" . | nindent 4 }} diff --git a/templates/proxy/secret-properties.yaml b/templates/proxy/secret-properties.yaml index e4c69a88..f2c079c5 100644 --- a/templates/proxy/secret-properties.yaml +++ b/templates/proxy/secret-properties.yaml @@ -14,8 +14,8 @@ type: Opaque stringData: graphdb-secrets.properties: |- ##### GraphDB sensitive configurations ##### - {{- if not .Values.cluster.existingClusterSecret }} - graphdb.auth.token.secret={{ .Values.cluster.clusterSecret | quote }} + {{- if not .Values.cluster.token.existingSecret }} + graphdb.auth.token.secret={{ .Values.cluster.token.secret | quote }} {{- end }} {{- if .Values.proxy.configuration.secretProperties }} ##### Secrets overrides from values.yaml ##### diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 4c462335..5b2ce4f8 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -45,7 +45,7 @@ spec: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} annotations: - checksum/configmap: {{ include (print .Template.BasePath "/proxy/configmap.yaml") . | sha256sum }} + checksum/configmap-environment: {{ include (print .Template.BasePath "/proxy/configmap-environment.yaml") . | sha256sum }} checksum/configmap-properties: {{ include (print .Template.BasePath "/proxy/configmap-properties.yaml") . | sha256sum }} checksum/secret-properties: {{ include (print .Template.BasePath "/proxy/secret-properties.yaml") . | sha256sum }} {{- with .Values.proxy.podAnnotations }} @@ -74,20 +74,20 @@ spec: - name: graphdb-proxy-secret-properties secret: secretName: {{ include "graphdb-proxy.fullname.secret.properties" . }} - {{- if .Values.proxy.extraConfiguration.properties.existingConfigmap }} + {{- if .Values.proxy.configuration.extraProperties.existingConfigmap }} - name: graphdb-proxy-extra-properties configMap: - name: {{ tpl .Values.proxy.extraConfiguration.properties.existingConfigmap . }} + name: {{ tpl .Values.proxy.configuration.extraProperties.existingConfigmap . }} {{- end }} - {{- if .Values.proxy.extraConfiguration.properties.existingSecret }} + {{- if .Values.proxy.configuration.extraProperties.existingSecret }} - name: graphdb-proxy-extra-secret-properties secret: - secretName: {{ tpl .Values.proxy.extraConfiguration.properties.existingSecret . }} + secretName: {{ tpl .Values.proxy.configuration.extraProperties.existingSecret . }} {{- end }} - {{- if .Values.proxy.logging.logback.existingConfigmap }} + {{- if .Values.proxy.configuration.logback.existingConfigmap }} - name: graphdb-proxy-logback-config configMap: - name: {{ tpl .Values.proxy.logging.logback.existingConfigmap . }} + name: {{ tpl .Values.proxy.configuration.logback.existingConfigmap . }} {{- end }} {{- with .Values.proxy.extraVolumes }} {{- tpl (toYaml .) $ | nindent 8 }} @@ -148,12 +148,12 @@ spec: value: {{ .Values.proxy.containerPorts.http | quote }} - name: GRAPHDB_PROXY_RPC_PORT value: {{ .Values.proxy.containerPorts.rpc | quote }} - {{- if .Values.cluster.existingClusterSecret }} + {{- if .Values.cluster.token.existingSecret }} - name: GRAPHDB_CLUSTER_SECRET valueFrom: secretKeyRef: - name: {{ .Values.cluster.existingClusterSecret }} - key: {{ .Values.cluster.existingClusterSecretKey }} + name: {{ .Values.cluster.token.existingSecret }} + key: {{ .Values.cluster.token.secretKey }} {{- end }} {{- with .Values.proxy.initContainerSecurityContext }} securityContext: {{- toYaml . | nindent 12 }} @@ -170,15 +170,15 @@ spec: - name: graphdb-proxy-secret-properties mountPath: /tmp/graphdb/graphdb-secrets.properties subPath: graphdb-secrets.properties - {{- if .Values.proxy.extraConfiguration.properties.existingConfigmap }} + {{- if .Values.proxy.configuration.extraProperties.existingConfigmap }} - name: graphdb-proxy-extra-properties mountPath: /tmp/graphdb/graphdb-extra.properties - subPath: {{ .Values.proxy.extraConfiguration.properties.configmapKey }} + subPath: {{ .Values.proxy.configuration.extraProperties.configmapKey }} {{- end }} - {{- if .Values.proxy.extraConfiguration.properties.existingSecret }} + {{- if .Values.proxy.configuration.extraProperties.existingSecret }} - name: graphdb-proxy-extra-secret-properties mountPath: /tmp/graphdb/graphdb-extra-secret.properties - subPath: {{ .Values.proxy.extraConfiguration.properties.secretKey }} + subPath: {{ .Values.proxy.configuration.extraProperties.secretKey }} {{- end }} command: [ "bash", "-c" ] args: @@ -242,7 +242,7 @@ spec: {{- end }} envFrom: - configMapRef: - name: {{ include "graphdb-proxy.fullname" . }} + name: {{ include "graphdb-proxy.fullname.configmap.environment" . }} {{- with .Values.proxy.extraEnvFrom }} {{- tpl (toYaml .) $ | nindent 12 }} {{- end }} @@ -260,10 +260,10 @@ spec: volumeMounts: - name: storage mountPath: /opt/graphdb/home - {{- if .Values.proxy.logging.logback.existingConfigmap }} + {{- if .Values.proxy.configuration.logback.existingConfigmap }} - name: graphdb-proxy-logback-config mountPath: /opt/graphdb/home/conf/logback.xml - subPath: {{ .Values.proxy.logging.logback.configmapKey }} + subPath: {{ .Values.proxy.configuration.logback.configmapKey }} {{- end }} {{- with .Values.proxy.extraVolumeMounts }} {{- toYaml . | nindent 12 }} diff --git a/values.yaml b/values.yaml index 997a1dd4..21ff00d4 100644 --- a/values.yaml +++ b/values.yaml @@ -69,8 +69,7 @@ replicas: 1 # GraphDB Configurations # ########################## -# License configurations. -# License is needed for GraphDB Enterprise Edition features +# License is required for using GraphDB Enterprise Edition features. license: # Reference to a secret containing 'graphdb.license' file to be mounted in the GraphDB instances. existingSecret: "" @@ -87,72 +86,72 @@ configuration: # Ingress controller implementation. externalUrl: http://graphdb.127.0.0.1.nip.io/ - # GraphDB properties to insert in the default graphdb.properties configmap + # GraphDB properties to insert in the default graphdb.properties ConfigMap properties: {} - # Sensitive GraphDB properties to insert in the default graphdb.properties secret + # Sensitive GraphDB properties to insert in the default graphdb.properties Secret + # Note: Consider mounting existing Secret objects as environment variables or files secretProperties: {} - # Default Java arguments with which node instances will be launched. - # GraphDB configuration properties can also be passed here in the format -Dproperty=value - # Takes precedence over configurations in graphdb.properties - defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 -XX:-UseCompressedOops - - # Java arguments to append after defaultJavaArguments, use to avoid overriding the default values - javaArguments: "" - -##################################### -# Additional GraphDB Configurations # -##################################### - -# Additional configurations that will be provisioned to GraphDB -extraConfiguration: # Additional GraphDB configurations that will be appended to graphdb.properties, effectively overriding anything configured # in the default configmap and secret resources. - properties: - # Reference to an existing ConfigMap resource containing GraphDB configurations + extraProperties: + # Reference to an existing ConfigMap resource containing GraphDB configurations as a graphdb.properties file existingConfigmap: "" # Key in the existing ConfigMap that holds the properties for GraphDB configmapKey: graphdb.properties - # Reference to an existing Secret resource containing sensitive GraphDB configurations + # Reference to an existing Secret resource containing sensitive GraphDB configurations as a graphdb.properties file existingSecret: "" # Key in the existing Secret that holds the properties for GraphDB secretKey: graphdb.properties -############################################### -# Initial Provisioning GraphDB Configurations # -############################################### - -initialConfiguration: - settings: - existingConfigmap: "" - configmapKey: settings.js - users: - existingSecret: "" - secretKey: users.js + # Default Java arguments with which node instances will be launched. + # GraphDB configuration properties can also be passed here in the format -Dproperty=value + # Takes precedence over configurations in graphdb.properties + defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 -XX:-UseCompressedOops -################################# -# GraphDB Logging Configuration # -################################# + # Java arguments to append after defaultJavaArguments, use to avoid overriding the default values + javaArguments: "" -logging: + # Configurations for GraphDB's Logback logback: + # Reference to an existing ConfigMap containing a Logback XML configuration existingConfigmap: "" + # Key in the existing ConfigMap that maps to the Logback XML configuration configmapKey: logback.xml + # Configurations for provisioning an initial settings.js to GraphDB. + # Note: Once provisioned, changes made to settings.js won't be re-applied. + # + # There are three cases to be aware of: + # - By default, no settings.js configuration is provisioned initially, so GraphDB will initialize its default one. + # - If the security is enabled, a default initial settings.js will be provided to GraphDB, see files/config/settings.js + # - If a custom existing settings.js is provided, it will be used no matter if the security is enabled or not. + # + initialSettings: + # Reference to an existing ConfigMap with initial GraphDB settings.js to provision. + existingConfigmap: "" + # Key in the settings ConfigMap that maps to the settings.js + configmapKey: settings.js + ################################### # GraphDB Security Configurations # ################################### security: enabled: false - # Administrator user with ROLE_ADMIN authority + + # Administrator user with ROLE_ADMIN authority. + # Provisioned as part of the default initial users.js if no custom Secret has been provided, see files/config/users.js admin: username: admin + # Define an initial password for the administrator user. # If the password is not specified, it will use the default one for GraphDB which is "root" - password: "" + initialPassword: "" + # Provisioning user with ROLE_ADMIN authority + # Provisioned as part of the default initial users.js if no custom Secret has been provided, see files/config/users.js # If the security is enabled, it's mandatory to have a provisioning user, so the cluster provisioning can work properly. provisioner: # The following user will be created in the default initial users.js and used in the cluster provisioning @@ -161,36 +160,54 @@ security: # Reference to a basic authentication token of an existing user to use for provisioning instead of the default user in the initial user.js # Note that the user must already exist in GraphDB for this to work properly. existingSecret: "" - # Field name in the secret holding the authentication token. + # Key in the secret holding the authentication token. tokenKey: GRAPHDB_AUTH_TOKEN - # Additional users to insert in the default users.js (see files/config/users.js) - # Check the default user.js syntax for details. - # Note that this won't be applied if you provide a custom Secret object with user.js via initialConfiguration.users.existingSecret - users: {} + + # Initial users to provision to GraphDB before starting for the first time. + # Note: If the security has already been enabled, this won't be applied. + # + # There are three cases to be aware of: + # - By default, no users.js configuration is provisioned initially, so GraphDB will initialize its default one. + # - If the security is enabled, a default initial users.js will be provided to GraphDB, see files/config/users.js + # - If a custom existing users.js is provided, it will be used no matter if the security is enabled or not. + initialUsers: + # Additional users to insert in the default users.js (see files/config/users.js) when the security is enabled for the first time. + # Check the default user.js syntax for details. + # Note that this won't be applied if you provide a custom Secret object with user.js via existingSecret + users: {} + # Existing initial users.js to provision to GraphDB. Overrides any users configured in users + # Note that this is provisioned just once and any updates on the Secret won't be re-applied on consecutive upgrades. + existingSecret: "" + # Key in the Secret object mapping to users.js + secretKey: users.js ################################## # GraphDB Cluster Configurations # ################################## cluster: - # A secret used for secure communication amongst the nodes in the cluster. - clusterSecret: s3cr37 - # Reference to an existing Secret that contains the cluster secret token. This overrides cluster.clusterSecret - existingClusterSecret: "" - # Key in the existing Secret that holds the secret cluster token for GraphDB - existingClusterSecretKey: "" + # Configurations for shared token authentication in the cluster + token: + # A secret token used for secure communication amongst the nodes in the cluster. + secret: s3cr37 + # Reference to an existing Secret that contains the cluster secret token. This overrides cluster.clusterToken + existingSecret: "" + # Key in the existing Secret that holds the secret cluster token for GraphDB + secretKey: "" # Timeout for the cluster creation CURL query. # Note: By default helm waits for Kubernetes commands to complete for 5 minutes. You can increase that by adding "--timeout 10m" to the helm command. clusterCreationTimeout: 60 - # Use a custom JSON configuration when creating the cluster, see https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html#creation-parameters - # This setting overrides the values under cluster.config - existingConfig: "" - # The key in the existing cluster config configmap (if specified) that contains the cluster configuration JSON - existingConfigmapKey: cluster-config.json + # Cluster configuration parameters: # Refer to https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html#creation-parameters config: + # Reference to a ConfigMap with a custom JSON configuration to use when creating the cluster. + # This setting overrides the values under cluster.config + existingConfigmap: "" + # The key in the cluster config configmap that contains the cluster configuration JSON + configmapKey: cluster-config.json + # The minimum wait time in milliseconds for a heartbeat from a leader. electionMinTimeout: 8000 # The variable portion of each waiting period in milliseconds for a heartbeat. @@ -203,7 +220,9 @@ cluster: transactionLogMaximumSizeGB: 50 # The amount of time in milliseconds a follower node would wait before attempting to verify the last committed entry when the first verification is unsuccessful. verificationTimeout: 1500 + # Jobs configurations for to the cluster automation + # Note that there are common configurations under jobs.<> as wel jobs: createCluster: # Enables or disables the cluster creation Job @@ -562,7 +581,7 @@ repositories: # Optional configmap containing repository configuration ttl file(s). # GraphDB will automatically create repositories with the provided repositories configuration files # Each key in the existing configmap will be treated as the config.ttl of a repository - repositoriesConfigmap: "" + existingConfigmap: "" ###################################################################################### # Job Configurations # @@ -636,37 +655,28 @@ proxy: # Sensitive GraphDB properties to insert in the default graphdb.properties proxy Secret secretProperties: {} - # Java arguments with which the cluster proxy instances will be launched. - # GraphDB configuration properties can also be passed here in the format -Dprop=value - # Takes precedence over configurations in graphdb.properties - defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 - - # Java arguments to append after defaultJavaArguments, use to avoid overriding the default values - javaArguments: "" - - ########################################### - # Additional GraphDB Proxy Configurations # - ########################################### - - # Additional configurations that will be provisioned to GraphDB - extraConfiguration: # Additional GraphDB configurations that will be appended to graphdb.properties, effectively overriding anything configured # in the default configmap and secret resources. - properties: - # Reference to an existing ConfigMap resource containing GraphDB configurations + extraProperties: + # Reference to an existing ConfigMap resource containing GraphDB configurations as a graphdb.properties file existingConfigmap: "" # Key in the existing ConfigMap that holds the properties for GraphDB configmapKey: graphdb.properties - # Reference to an existing Secret resource containing sensitive GraphDB configurations + # Reference to an existing Secret resource containing sensitive GraphDB configurations as a graphdb.properties file existingSecret: "" # Key in the existing Secret that holds the properties for GraphDB secretKey: graphdb.properties - ####################################### - # GraphDB Proxy Logging Configuration # - ####################################### - logging: + # Java arguments with which the cluster proxy instances will be launched. + # GraphDB configuration properties can also be passed here in the format -Dprop=value + # Takes precedence over configurations in graphdb.properties + defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 + + # Java arguments to append after defaultJavaArguments, use to avoid overriding the default values + javaArguments: "" + + # Configurations for GraphDB's Logback logback: existingConfigmap: "" configmapKey: logback.xml From 1aae059067980c6a67192874fa0ea20aa7e162ec Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 16 May 2024 11:49:13 +0300 Subject: [PATCH 3/4] Updated OpenShift example to use the latest chart version --- examples/openshift-local/README.md | 6 +- examples/openshift-local/values.yaml | 96 ++++++++-------------------- 2 files changed, 32 insertions(+), 70 deletions(-) diff --git a/examples/openshift-local/README.md b/examples/openshift-local/README.md index 2a21f292..c07dda52 100644 --- a/examples/openshift-local/README.md +++ b/examples/openshift-local/README.md @@ -2,7 +2,7 @@ Example configurations for deploying GraphDB cluster in [OpenShift Local](https://developers.redhat.com/products/openshift-local/overview). -The primary purpose is to show an example of the necessary OpenShift local overrides and the proper `securityContext` configurations so +The primary purpose is to show an example of the necessary OpenShift local overrides and the proper `podSecurityContext` configurations so GraphDB can be deployed without policy violations. Read more about Kubernetes security context and OpenShift security context constraints: @@ -45,7 +45,9 @@ Instances are configured for being accessed at [https://graphdb.apps-crc.testing You'll have to use the `oc` utility provided by `crc` (from step 1): ```bash -oc create route edge --service=graphdb-cluster-proxy --port=7200 --hostname=graphdb.apps-crc.testing --namespace graphdb +oc create route edge --service=graphdb-proxy --port=7200 --hostname=graphdb.apps-crc.testing --namespace graphdb ``` +Note: You might need to update your hosts file to resolve `graphdb.apps-crc.testing` + You can now access GraphDB at [https://graphdb.apps-crc.testing/](https://graphdb.apps-crc.testing/). diff --git a/examples/openshift-local/values.yaml b/examples/openshift-local/values.yaml index 4b713643..d83f7f39 100644 --- a/examples/openshift-local/values.yaml +++ b/examples/openshift-local/values.yaml @@ -1,74 +1,34 @@ -global: - storageClass: "crc-csi-hostpath-provisioner" -deployment: - host: graphdb.apps-crc.testing - protocol: https - ingress: - enabled: false +fullnameOverride: graphdb -graphdb: - clusterConfig: - nodesCount: 3 +# Cluster requires license, you have to provision it before deploying this chart +license: + existingSecret: graphdb-license - workbench: - subpath: / +replicas: 3 - node: - # Cluster requires license, you have to provision it before deploying this chart - license: graphdb-license - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - # Uncomment to disable default resource limits and requests - #resources: - # limits: - # memory: null - # cpu: null - # requests: - # memory: null - # cpu: null - initContainerSecurityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL +configuration: + externalUrl: https://graphdb.apps-crc.testing - clusterProxy: - securityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL - # Uncomment to disable default resource limits and requests - #resources: - # limits: - # memory: null - # cpu: null - # requests: - # memory: null - # cpu: null +ingress: + enabled: false - jobSecurityContext: - runAsNonRoot: true - allowPrivilegeEscalation: false - readOnlyRootFilesystem: true - seccompProfile: - type: RuntimeDefault - capabilities: - drop: - - ALL +# OpenShift uses very high uid/gid, override the default with 1000660000 +podSecurityContext: + runAsUser: 1000660000 + runAsGroup: 1000660000 + fsGroup: 1000660000 + +jobs: + podSecurityContext: + runAsUser: 1000660000 + runAsGroup: 1000660000 + fsGroup: 1000660000 + +proxy: + fullnameOverride: graphdb-proxy + + podSecurityContext: + runAsUser: 1000660000 + runAsGroup: 1000660000 + fsGroup: 1000660000 From b3c069918bd53c9b7bb3c6eddbcfa2ecbbb11621 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Mon, 20 May 2024 05:36:08 +0000 Subject: [PATCH 4/4] Updated the README --- README.md | 48 ++++++++++++++++++++++++------------------------ 1 file changed, 24 insertions(+), 24 deletions(-) diff --git a/README.md b/README.md index 9a782469..8121d53d 100644 --- a/README.md +++ b/README.md @@ -475,34 +475,38 @@ about defining resource limits. | args | list | `[]` | | | automountServiceAccountToken | bool | `false` | | | cluster.clusterCreationTimeout | int | `60` | | -| cluster.clusterSecret | string | `"s3cr37"` | | +| cluster.config.configmapKey | string | `"cluster-config.json"` | | | cluster.config.electionMinTimeout | int | `8000` | | | cluster.config.electionRangeTimeout | int | `6000` | | +| cluster.config.existingConfigmap | string | `""` | | | cluster.config.heartbeatInterval | int | `2000` | | | cluster.config.messageSizeKB | int | `64` | | | cluster.config.transactionLogMaximumSizeGB | int | `50` | | | cluster.config.verificationTimeout | int | `1500` | | -| cluster.existingClusterSecret | string | `""` | | -| cluster.existingClusterSecretKey | string | `""` | | -| cluster.existingConfig | string | `""` | | -| cluster.existingConfigmapKey | string | `"cluster-config.json"` | | | cluster.jobs.createCluster.enabled | bool | `true` | | | cluster.jobs.patchCluster.enabled | bool | `true` | | | cluster.jobs.scaleCluster.enabled | bool | `true` | | +| cluster.token.existingSecret | string | `""` | | +| cluster.token.secret | string | `"s3cr37"` | | +| cluster.token.secretKey | string | `""` | | | command | list | `[]` | | | configuration.defaultJavaArguments | string | `"-XX:+UseContainerSupport -XX:MaxRAMPercentage=70 -XX:-UseCompressedOops"` | | | configuration.externalUrl | string | `"http://graphdb.127.0.0.1.nip.io/"` | | +| configuration.extraProperties.configmapKey | string | `"graphdb.properties"` | | +| configuration.extraProperties.existingConfigmap | string | `""` | | +| configuration.extraProperties.existingSecret | string | `""` | | +| configuration.extraProperties.secretKey | string | `"graphdb.properties"` | | +| configuration.initialSettings.configmapKey | string | `"settings.js"` | | +| configuration.initialSettings.existingConfigmap | string | `""` | | | configuration.javaArguments | string | `""` | | +| configuration.logback.configmapKey | string | `"logback.xml"` | | +| configuration.logback.existingConfigmap | string | `""` | | | configuration.properties | object | `{}` | | | configuration.secretProperties | object | `{}` | | | containerPorts.http | int | `7200` | | | containerPorts.rpc | int | `7300` | | | dnsConfig | object | `{}` | | | dnsPolicy | string | `""` | | -| extraConfiguration.properties.configmapKey | string | `"graphdb.properties"` | | -| extraConfiguration.properties.existingConfigmap | string | `""` | | -| extraConfiguration.properties.existingSecret | string | `""` | | -| extraConfiguration.properties.secretKey | string | `"graphdb.properties"` | | | extraContainerPorts | object | `{}` | | | extraContainers | list | `[]` | | | extraEnv | list | `[]` | | @@ -554,10 +558,6 @@ about defining resource limits. | initContainerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | | initContainerSecurityContext.readOnlyRootFilesystem | bool | `true` | | | initContainerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | -| initialConfiguration.settings.configmapKey | string | `"settings.js"` | | -| initialConfiguration.settings.existingConfigmap | string | `""` | | -| initialConfiguration.users.existingSecret | string | `""` | | -| initialConfiguration.users.secretKey | string | `"users.js"` | | | jobs.backoffLimit | int | `10` | | | jobs.persistence.emptyDir.sizeLimit | string | `"10Mi"` | | | jobs.podSecurityContext.fsGroup | int | `10001` | | @@ -585,8 +585,6 @@ about defining resource limits. | livenessProbe.initialDelaySeconds | int | `60` | | | livenessProbe.periodSeconds | int | `10` | | | livenessProbe.timeoutSeconds | int | `5` | | -| logging.logback.configmapKey | string | `"logback.xml"` | | -| logging.logback.existingConfigmap | string | `""` | | | nameOverride | string | `""` | | | namespaceOverride | string | `""` | | | nodeSelector | object | `{}` | | @@ -613,17 +611,19 @@ about defining resource limits. | proxy.args | list | `[]` | | | proxy.command | list | `[]` | | | proxy.configuration.defaultJavaArguments | string | `"-XX:+UseContainerSupport -XX:MaxRAMPercentage=70"` | | +| proxy.configuration.extraProperties.configmapKey | string | `"graphdb.properties"` | | +| proxy.configuration.extraProperties.existingConfigmap | string | `""` | | +| proxy.configuration.extraProperties.existingSecret | string | `""` | | +| proxy.configuration.extraProperties.secretKey | string | `"graphdb.properties"` | | | proxy.configuration.javaArguments | string | `""` | | +| proxy.configuration.logback.configmapKey | string | `"logback.xml"` | | +| proxy.configuration.logback.existingConfigmap | string | `""` | | | proxy.configuration.properties | object | `{}` | | | proxy.configuration.secretProperties | object | `{}` | | | proxy.containerPorts.http | int | `7200` | | | proxy.containerPorts.rpc | int | `7300` | | | proxy.dnsConfig | object | `{}` | | | proxy.dnsPolicy | string | `""` | | -| proxy.extraConfiguration.properties.configmapKey | string | `"graphdb.properties"` | | -| proxy.extraConfiguration.properties.existingConfigmap | string | `""` | | -| proxy.extraConfiguration.properties.existingSecret | string | `""` | | -| proxy.extraConfiguration.properties.secretKey | string | `"graphdb.properties"` | | | proxy.extraContainerPorts | object | `{}` | | | proxy.extraContainers | list | `[]` | | | proxy.extraEnv | list | `[]` | | @@ -655,8 +655,6 @@ about defining resource limits. | proxy.livenessProbe.initialDelaySeconds | int | `120` | | | proxy.livenessProbe.periodSeconds | int | `10` | | | proxy.livenessProbe.timeoutSeconds | int | `5` | | -| proxy.logging.logback.configmapKey | string | `"logback.xml"` | | -| proxy.logging.logback.existingConfigmap | string | `""` | | | proxy.nameOverride | string | `""` | | | proxy.nodeSelector | object | `{}` | | | proxy.persistence.emptyDir.sizeLimit | string | `"500Mi"` | | @@ -718,20 +716,22 @@ about defining resource limits. | readinessProbe.periodSeconds | int | `10` | | | readinessProbe.timeoutSeconds | int | `5` | | | replicas | int | `1` | | -| repositories.repositoriesConfigmap | string | `""` | | +| repositories.existingConfigmap | string | `""` | | | resources.limits.memory | string | `"2Gi"` | | | resources.requests.cpu | string | `"500m"` | | | resources.requests.memory | string | `"2Gi"` | | | revisionHistoryLimit | int | `10` | | | schedulerName | string | `""` | | -| security.admin.password | string | `""` | | +| security.admin.initialPassword | string | `""` | | | security.admin.username | string | `"admin"` | | | security.enabled | bool | `false` | | +| security.initialUsers.existingSecret | string | `""` | | +| security.initialUsers.secretKey | string | `"users.js"` | | +| security.initialUsers.users | object | `{}` | | | security.provisioner.existingSecret | string | `""` | | | security.provisioner.password | string | `"iHaveSuperpowers"` | | | security.provisioner.tokenKey | string | `"GRAPHDB_AUTH_TOKEN"` | | | security.provisioner.username | string | `"provisioner"` | | -| security.users | object | `{}` | | | securityContext.allowPrivilegeEscalation | bool | `false` | | | securityContext.capabilities.drop[0] | string | `"ALL"` | | | securityContext.readOnlyRootFilesystem | bool | `true` | |