Resolve read-only issues with /tmp

- Added `tempVolume` configurations for an emptyDir volume mapped to the /tmp folder in the GraphDB containers

Additionally:

- Added `priorityClassName` and `proxy.priorityClassName` configurations
- Updated the default memory limits and requests to 4Gi

CHANGELOG.md

@@ -112,6 +112,7 @@ Version 11 of the chart addresses a bunch of legacy issues and aims to provide m
 - Added `service.externalIPs` and `service.proxy.externalIPs` to use existing external IPs
 - Added `persistence.emptyDir` and `proxy.persistence.emptyDir` configurations for an emptyDir volume that will be used when the persistence is
   disabled
+- Added `tempVolume` configurations for an emptyDir volume mapped to the /tmp folder in the GraphDB containers
 - Added configurations for extra `labels` and `annotations` for all persistent volume claim
   templates: `persistence.volumeClaimTemplate`, `proxy.persistence.volumeClaimTemplate` and `import.volumeMount.volumeClaimTemplate`
 - Added `imagePullPolicy` configuration to the Jobs containers
@@ -131,6 +132,7 @@ Version 11 of the chart addresses a bunch of legacy issues and aims to provide m
 - Added `initContainerDataPermissions` and `proxy.initContainerDataPermissions` for changing permissions in the storage volumes if needed
 - Added `extraVolumeClaimTemplates` and `proxy.extraVolumeClaimTemplates`
 - Added `extraObjects` as a way to insert additional Kubernetes objects into the deployment
+- Added `priorityClassName` and `proxy.priorityClassName` configurations
 
 ### Updates
 
@@ -153,6 +155,7 @@ Version 11 of the chart addresses a bunch of legacy issues and aims to provide m
 - Added default resource limits and requests for all init containers and provisioning jobs
 - PodDisruptionBudget are enabled by default for both GraphDB and GraphDB proxy
 - Updated init containers to invoke `bash` instead of `sh`
+- Updated the default memory limits and requests to 4Gi 
 
 ## Version 10.6.0-R2
 

templates/graphdb/statefulset.yaml

@@ -75,11 +75,18 @@ spec:
       {{- if .Values.dnsPolicy }}
       dnsPolicy: {{ .Values.dnsPolicy }}
       {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end }}
       volumes:
         {{- if not .Values.persistence.enabled }}
         - name: {{ .Values.persistence.volumeClaimTemplate.name }}
           emptyDir: {{ .Values.persistence.emptyDir | toYaml | nindent 12 }}
         {{- end }}
+        {{- if .Values.tempVolume.enabled }}
+        - name: temp-dir
+          emptyDir: {{ .Values.tempVolume.emptyDir | toYaml | nindent 12 }}
+        {{- end }}
         - name: graphdb-properties
           configMap:
             name: {{ include "graphdb.fullname.configmap.properties" . }}
@@ -307,6 +314,8 @@ spec:
           volumeMounts:
             - name: {{ .Values.persistence.volumeClaimTemplate.name }}
               mountPath: /opt/graphdb/home
+            - name: temp-dir
+              mountPath: /tmp
             {{- if .Values.license.existingSecret }}
             - name: graphdb-license
               mountPath: /opt/graphdb/home/conf/graphdb.license

templates/proxy/statefulset.yaml

@@ -63,6 +63,9 @@ spec:
       {{- if .Values.proxy.dnsPolicy }}
       dnsPolicy: {{ .Values.proxy.dnsPolicy }}
       {{- end }}
+      {{- if .Values.proxy.priorityClassName }}
+      priorityClassName: {{ .Values.proxy.priorityClassName }}
+      {{- end }}
       volumes:
         {{- if not .Values.proxy.persistence.enabled }}
         - name: {{ .Values.proxy.persistence.volumeClaimTemplate.name }}

values.yaml

@@ -37,12 +37,12 @@ global:
 # Note: To override the GraphDB proxy's resource names, use .Values.proxy.nameOverride
 nameOverride: ""
 
-# Overrides the naming of all GraphDB resources, effectively removing the chart's name and release name prefix.
+# Overrides the naming of all GraphDB resources, effectively removing the chart's name and the release name prefix.
 # This override takes precedence over anything in .Values.nameOverride
 # Note: To override the GraphDB proxy's full name, use .Values.proxy.fullnameOverride
 fullnameOverride: ""
 
-# Overrides the deployment namespace in case of multi-namespace deployments, for example when using umbrella charts where some sub charts should be
+# Overrides the deployment namespace in case of multi-namespace deployments, for example when using umbrella charts where some sub-charts should be
 # deployed in different namespaces.
 # This affects every resource deployed by this chart.
 # The default value is .Release.Namespace if this is left unspecified.
@@ -455,7 +455,7 @@ service:
   extraPorts: []
 
 # Configurations for GraphDB headless Service.
-# This Service is deployed regardless of the amount of .Values.replicas, so it exists for both singe node and for cluster mode.
+# This Service is deployed regardless of the amount of .Values.replicas, so it exists for both single node and for cluster mode.
 # Ref: https://kubernetes.io/docs/concepts/services-networking/service/
 headlessService:
   # Enables or disables the headless Service deployment.
@@ -483,7 +483,7 @@ headlessService:
 persistence:
   # Toggles the persistence of GraphDB data.
   # - If enabled, the StatefulSet will use a PVC template and rely on the CSI to dynamically provision Persistent Volumes.
-  # - If disabled, it fallbacks to an emptyDir volume.
+  # - If disabled, it falls back to an emptyDir volume.
   enabled: true
 
   # Configurations for PVC based persistence.
@@ -508,10 +508,26 @@ persistence:
 
   # Configurations for an emptyDir volume to be used for data storage by the StatefulSet.
   # Used when the persistence is disabled with .Values.persistence.enabled
+  # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/
   emptyDir:
     # Default emptyDir limit, override to your needs.
     sizeLimit: 1Gi
 
+# Configurations for an emptyDir volume for the /tmp folder in each GraphDB container.
+# Because the default security context in .Values.securityContext configures the root filesystem to be in read-only mode, certain GraphDB features
+# cannot create and write files in /tmp. If you don't use a read-only root filesystem, you can disable this with .Values.tempPersistence.enabled
+tempVolume:
+  # Toggles the temp folder emptyDir volume creation.
+  # - If enabled, the StatefulSet will use an emptyDir volume for /tmp.
+  # - If disabled, the chart won't create and mount ephemeral volumes for /tmp.
+  enabled: true
+
+  # Configurations for an emptyDir volume to be used for /tmp.
+  # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/
+  emptyDir:
+    # Default emptyDir limit, override to your needs.
+    sizeLimit: 128Mi
+
 ##############################
 # StatefulSet Configurations #
 ##############################
@@ -550,6 +566,10 @@ dnsConfig: {}
 # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
 dnsPolicy: ""
 
+# Name of an existing PriorityClass to assign, defining the importance of the pods compared to other pods in the cluster.
+# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
+priorityClassName: ""
+
 # Overrides the default GraphDB container command.
 # Use only for troubleshooting!
 # See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
@@ -648,9 +668,9 @@ topologySpreadConstraints: []
 # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/
 resources:
   limits:
-    memory: 2Gi
+    memory: 4Gi
   requests:
-    memory: 2Gi
+    memory: 4Gi
     cpu: 500m
 
 # Resource configurations for the init containers in the GraphDB Pod.
@@ -667,7 +687,7 @@ initContainerResources:
 #########################
 
 # Configurations for the GraphDB container startup probe.
-# Note: Misconfigured probe can lead to a failing GraphDB cluster!
+# Note: A misconfigured probe can lead to a failing GraphDB cluster!
 startupProbe:
   httpGet:
     path: /protocol
@@ -677,7 +697,7 @@ startupProbe:
   periodSeconds: 10
 
 # Configurations for the GraphDB container readiness probe.
-# Note: Misconfigured probe can lead to a failing GraphDB cluster!
+# Note: A misconfigured probe can lead to a failing GraphDB cluster!
 readinessProbe:
   httpGet:
     path: /protocol
@@ -687,7 +707,7 @@ readinessProbe:
   periodSeconds: 10
 
 # Configurations for the GraphDB container liveness probe.
-# Note: Misconfigured probe can lead to a failing GraphDB cluster!
+# Note: A misconfigured probe can lead to a failing GraphDB cluster!
 livenessProbe:
   httpGet:
     path: /protocol
@@ -1023,7 +1043,7 @@ proxy:
   persistence:
     # Toggles the persistence of GraphDB proxy data.
     # - If enabled, the StatefulSet will use a PVC template and rely on the CSI to dynamically provision Persistent Volumes.
-    # - If disabled, it fallbacks to an emptyDir volume.
+    # - If disabled, it falls back to an emptyDir volume.
     enabled: true
 
     # Configurations for PVC based persistence.
@@ -1048,6 +1068,7 @@ proxy:
 
     # Configurations for an emptyDir volume to be used for data storage by the StatefulSet.
     # Used when the persistence is disabled with .Values.proxy.persistence.enabled
+    # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/
     emptyDir:
       # Default emptyDir limit, override to your needs.
       sizeLimit: 500Mi
@@ -1089,6 +1110,10 @@ proxy:
   # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy
   dnsPolicy: ""
 
+  # Name of an existing PriorityClass to assign, defining the importance of the pods compared to other pods in the cluster.
+  # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/
+  priorityClassName: ""
+
   # Overrides the default GraphDB proxy container command.
   # Use only for troubleshooting!
   # See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/
@@ -1206,7 +1231,7 @@ proxy:
   #########################
 
   # Configurations for the GraphDB proxy container startup probe.
-  # Note: Misconfigured probe can lead to a failing GraphDB cluster!
+  # Note: A misconfigured probe can lead to a failing GraphDB cluster!
   startupProbe:
     httpGet:
       path: /proxy/ready
@@ -1216,7 +1241,7 @@ proxy:
     periodSeconds: 5
 
   # Configurations for the GraphDB proxy container readiness probe.
-  # Note: Misconfigured probe can lead to a failing GraphDB cluster!
+  # Note: A misconfigured probe can lead to a failing GraphDB cluster!
   readinessProbe:
     httpGet:
       path: /proxy/ready
@@ -1225,7 +1250,7 @@ proxy:
     periodSeconds: 10
 
   # Configurations for the GraphDB proxy container liveness probe.
-  # Note: Misconfigured probe can lead to a failing GraphDB cluster!
+  # Note: A misconfigured probe can lead to a failing GraphDB cluster!
   livenessProbe:
     httpGet:
       path: /proxy/health