Loading deploy/kubernetes/chart/templates/ingress/ingress-publish.yaml +1 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,7 @@ spec: pathType: Prefix backend: service: name: {{ include "esgf.component.fullname" (list . "search") }} name: {{ include "esgf.component.fullname" (list . "publish") }} port: number: 8080 {{- end }}{{- end }}{{- end }} deploy/kubernetes/chart/templates/search/publish-deployment.yaml 0 → 100644 +66 −0 Original line number Diff line number Diff line {{- $search := .Values.index.search -}} {{- if (and .Values.index.enabled $search.separatePublishApi) -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "esgf.component.fullname" (list . "publish") }} labels: {{ include "esgf.component.labels" (list . "publish" $search.labels) | nindent 4 }} spec: replicas: 1 selector: matchLabels: {{ include "esgf.component.selectorLabels" (list . "publish") | nindent 6 }} template: metadata: labels: {{ include "esgf.component.selectorLabels" (list . "publish") | nindent 8 }} annotations: # Roll the deployment when the configmap changes checksum/configmap: {{ include (print $.Template.BasePath "/search/configmap.yaml") . | sha256sum }} spec: {{- with (default .Values.image.pullSecrets $search.image.pullSecrets) }} imagePullSecrets: {{ toYaml . | nindent 8 }} {{- end }} containers: - name: publish {{ include "esgf.deployment.image" (list . $search.image) }} resources: {{ toYaml $search.resources | nindent 12 }} ports: - name: http containerPort: 8080 env: {{ toYaml $search.extraEnv | nindent 12 }} readinessProbe: &probe httpGet: path: /esg-search/search port: 8080 httpHeaders: - name: Host value: "{{ .Values.hostname }}" - name: X-Forwarded-Host value: "{{ .Values.hostname }}" - name: X-Forwarded-Proto value: https initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: <<: *probe initialDelaySeconds: 120 {{- with $search.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: esg-config mountPath: /esg/config readOnly: true {{- with $search.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} {{- with $search.affinity }} affinity: {{ toYaml . | nindent 8 }} {{- end }} {{- with $search.tolerations }} tolerations: {{ toYaml . | nindent 8 }} {{- end }} volumes: - name: esg-config configMap: name: {{ include "esgf.component.fullname" (list . "search") }} {{- end -}} deploy/kubernetes/chart/templates/search/publish-service.yaml 0 → 100644 +16 −0 Original line number Diff line number Diff line {{- $search := .Values.index.search -}} {{- if (and .Values.index.enabled $search.separatePublishApi) -}} apiVersion: v1 kind: Service metadata: name: {{ include "esgf.component.fullname" (list . "publish") }} labels: {{ include "esgf.component.labels" (list . "publish" $search.labels) | nindent 4 }} spec: type: ClusterIP ports: - name: http port: 8080 targetPort: http protocol: TCP selector: {{ include "esgf.component.selectorLabels" (list . "publish") | nindent 4 }} {{- end -}} deploy/kubernetes/chart/values.yaml +32 −0 Original line number Diff line number Diff line Loading @@ -119,6 +119,12 @@ auth: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL ### # OPA server configuration Loading Loading @@ -161,6 +167,12 @@ opa: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL ### # Data node configuration Loading Loading @@ -215,6 +227,12 @@ data: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL # Configuration for the access log sidecar accessLogSidecar: Loading Loading @@ -388,6 +406,12 @@ index: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL # The default resource allocations for all Solr containers # Can be overridden on a per-shard basis # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Loading Loading @@ -458,6 +482,8 @@ index: search: # Indicates if the search app should be deployed or not enabled: true # Indicates if the publication API should run as a separate pod or not separatePublishApi: false # Image overrides for the search app image: repository: search Loading Loading @@ -485,3 +511,9 @@ index: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL Loading
deploy/kubernetes/chart/templates/ingress/ingress-publish.yaml +1 −1 Original line number Diff line number Diff line Loading @@ -20,7 +20,7 @@ spec: pathType: Prefix backend: service: name: {{ include "esgf.component.fullname" (list . "search") }} name: {{ include "esgf.component.fullname" (list . "publish") }} port: number: 8080 {{- end }}{{- end }}{{- end }}
deploy/kubernetes/chart/templates/search/publish-deployment.yaml 0 → 100644 +66 −0 Original line number Diff line number Diff line {{- $search := .Values.index.search -}} {{- if (and .Values.index.enabled $search.separatePublishApi) -}} apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "esgf.component.fullname" (list . "publish") }} labels: {{ include "esgf.component.labels" (list . "publish" $search.labels) | nindent 4 }} spec: replicas: 1 selector: matchLabels: {{ include "esgf.component.selectorLabels" (list . "publish") | nindent 6 }} template: metadata: labels: {{ include "esgf.component.selectorLabels" (list . "publish") | nindent 8 }} annotations: # Roll the deployment when the configmap changes checksum/configmap: {{ include (print $.Template.BasePath "/search/configmap.yaml") . | sha256sum }} spec: {{- with (default .Values.image.pullSecrets $search.image.pullSecrets) }} imagePullSecrets: {{ toYaml . | nindent 8 }} {{- end }} containers: - name: publish {{ include "esgf.deployment.image" (list . $search.image) }} resources: {{ toYaml $search.resources | nindent 12 }} ports: - name: http containerPort: 8080 env: {{ toYaml $search.extraEnv | nindent 12 }} readinessProbe: &probe httpGet: path: /esg-search/search port: 8080 httpHeaders: - name: Host value: "{{ .Values.hostname }}" - name: X-Forwarded-Host value: "{{ .Values.hostname }}" - name: X-Forwarded-Proto value: https initialDelaySeconds: 10 periodSeconds: 10 livenessProbe: <<: *probe initialDelaySeconds: 120 {{- with $search.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: esg-config mountPath: /esg/config readOnly: true {{- with $search.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} {{- with $search.affinity }} affinity: {{ toYaml . | nindent 8 }} {{- end }} {{- with $search.tolerations }} tolerations: {{ toYaml . | nindent 8 }} {{- end }} volumes: - name: esg-config configMap: name: {{ include "esgf.component.fullname" (list . "search") }} {{- end -}}
deploy/kubernetes/chart/templates/search/publish-service.yaml 0 → 100644 +16 −0 Original line number Diff line number Diff line {{- $search := .Values.index.search -}} {{- if (and .Values.index.enabled $search.separatePublishApi) -}} apiVersion: v1 kind: Service metadata: name: {{ include "esgf.component.fullname" (list . "publish") }} labels: {{ include "esgf.component.labels" (list . "publish" $search.labels) | nindent 4 }} spec: type: ClusterIP ports: - name: http port: 8080 targetPort: http protocol: TCP selector: {{ include "esgf.component.selectorLabels" (list . "publish") | nindent 4 }} {{- end -}}
deploy/kubernetes/chart/values.yaml +32 −0 Original line number Diff line number Diff line Loading @@ -119,6 +119,12 @@ auth: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL ### # OPA server configuration Loading Loading @@ -161,6 +167,12 @@ opa: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL ### # Data node configuration Loading Loading @@ -215,6 +227,12 @@ data: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL # Configuration for the access log sidecar accessLogSidecar: Loading Loading @@ -388,6 +406,12 @@ index: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL # The default resource allocations for all Solr containers # Can be overridden on a per-shard basis # See https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/ Loading Loading @@ -458,6 +482,8 @@ index: search: # Indicates if the search app should be deployed or not enabled: true # Indicates if the publication API should run as a separate pod or not separatePublishApi: false # Image overrides for the search app image: repository: search Loading Loading @@ -485,3 +511,9 @@ index: securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true # The containers will run as the ESGF user by default runAsNonRoot: true allowPrivilegeEscalation: false capabilities: drop: - ALL
