From 1bc8d593baac73822ef01d8cfccff5f17f0c152b Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 13 Jun 2024 16:00:41 +0300 Subject: [PATCH] Resolve read-only issues with /tmp - Added `tempVolume` configurations for an emptyDir volume mapped to the /tmp folder in the GraphDB containers Additionally: - Added `priorityClassName` and `proxy.priorityClassName` configurations - Updated the default memory limits and requests to 4Gi --- CHANGELOG.md | 3 ++ templates/graphdb/statefulset.yaml | 9 ++++++ templates/proxy/statefulset.yaml | 3 ++ values.yaml | 51 ++++++++++++++++++++++-------- 4 files changed, 53 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 82f2909..9fe3f09 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -112,6 +112,7 @@ Version 11 of the chart addresses a bunch of legacy issues and aims to provide m - Added `service.externalIPs` and `service.proxy.externalIPs` to use existing external IPs - Added `persistence.emptyDir` and `proxy.persistence.emptyDir` configurations for an emptyDir volume that will be used when the persistence is disabled +- Added `tempVolume` configurations for an emptyDir volume mapped to the /tmp folder in the GraphDB containers - Added configurations for extra `labels` and `annotations` for all persistent volume claim templates: `persistence.volumeClaimTemplate`, `proxy.persistence.volumeClaimTemplate` and `import.volumeMount.volumeClaimTemplate` - Added `imagePullPolicy` configuration to the Jobs containers @@ -131,6 +132,7 @@ Version 11 of the chart addresses a bunch of legacy issues and aims to provide m - Added `initContainerDataPermissions` and `proxy.initContainerDataPermissions` for changing permissions in the storage volumes if needed - Added `extraVolumeClaimTemplates` and `proxy.extraVolumeClaimTemplates` - Added `extraObjects` as a way to insert additional Kubernetes objects into the deployment +- Added `priorityClassName` and `proxy.priorityClassName` configurations ### Updates @@ -153,6 +155,7 @@ Version 11 of the chart addresses a bunch of legacy issues and aims to provide m - Added default resource limits and requests for all init containers and provisioning jobs - PodDisruptionBudget are enabled by default for both GraphDB and GraphDB proxy - Updated init containers to invoke `bash` instead of `sh` +- Updated the default memory limits and requests to 4Gi ## Version 10.6.0-R2 diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index 5631f38..e291aaf 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -75,11 +75,18 @@ spec: {{- if .Values.dnsPolicy }} dnsPolicy: {{ .Values.dnsPolicy }} {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} volumes: {{- if not .Values.persistence.enabled }} - name: {{ .Values.persistence.volumeClaimTemplate.name }} emptyDir: {{ .Values.persistence.emptyDir | toYaml | nindent 12 }} {{- end }} + {{- if .Values.tempVolume.enabled }} + - name: temp-dir + emptyDir: {{ .Values.tempVolume.emptyDir | toYaml | nindent 12 }} + {{- end }} - name: graphdb-properties configMap: name: {{ include "graphdb.fullname.configmap.properties" . }} @@ -307,6 +314,8 @@ spec: volumeMounts: - name: {{ .Values.persistence.volumeClaimTemplate.name }} mountPath: /opt/graphdb/home + - name: temp-dir + mountPath: /tmp {{- if .Values.license.existingSecret }} - name: graphdb-license mountPath: /opt/graphdb/home/conf/graphdb.license diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 3972018..dd553a4 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -63,6 +63,9 @@ spec: {{- if .Values.proxy.dnsPolicy }} dnsPolicy: {{ .Values.proxy.dnsPolicy }} {{- end }} + {{- if .Values.proxy.priorityClassName }} + priorityClassName: {{ .Values.proxy.priorityClassName }} + {{- end }} volumes: {{- if not .Values.proxy.persistence.enabled }} - name: {{ .Values.proxy.persistence.volumeClaimTemplate.name }} diff --git a/values.yaml b/values.yaml index 5e74b3a..7d42ea1 100644 --- a/values.yaml +++ b/values.yaml @@ -37,12 +37,12 @@ global: # Note: To override the GraphDB proxy's resource names, use .Values.proxy.nameOverride nameOverride: "" -# Overrides the naming of all GraphDB resources, effectively removing the chart's name and release name prefix. +# Overrides the naming of all GraphDB resources, effectively removing the chart's name and the release name prefix. # This override takes precedence over anything in .Values.nameOverride # Note: To override the GraphDB proxy's full name, use .Values.proxy.fullnameOverride fullnameOverride: "" -# Overrides the deployment namespace in case of multi-namespace deployments, for example when using umbrella charts where some sub charts should be +# Overrides the deployment namespace in case of multi-namespace deployments, for example when using umbrella charts where some sub-charts should be # deployed in different namespaces. # This affects every resource deployed by this chart. # The default value is .Release.Namespace if this is left unspecified. @@ -455,7 +455,7 @@ service: extraPorts: [] # Configurations for GraphDB headless Service. -# This Service is deployed regardless of the amount of .Values.replicas, so it exists for both singe node and for cluster mode. +# This Service is deployed regardless of the amount of .Values.replicas, so it exists for both single node and for cluster mode. # Ref: https://kubernetes.io/docs/concepts/services-networking/service/ headlessService: # Enables or disables the headless Service deployment. @@ -483,7 +483,7 @@ headlessService: persistence: # Toggles the persistence of GraphDB data. # - If enabled, the StatefulSet will use a PVC template and rely on the CSI to dynamically provision Persistent Volumes. - # - If disabled, it fallbacks to an emptyDir volume. + # - If disabled, it falls back to an emptyDir volume. enabled: true # Configurations for PVC based persistence. @@ -508,10 +508,26 @@ persistence: # Configurations for an emptyDir volume to be used for data storage by the StatefulSet. # Used when the persistence is disabled with .Values.persistence.enabled + # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/ emptyDir: # Default emptyDir limit, override to your needs. sizeLimit: 1Gi +# Configurations for an emptyDir volume for the /tmp folder in each GraphDB container. +# Because the default security context in .Values.securityContext configures the root filesystem to be in read-only mode, certain GraphDB features +# cannot create and write files in /tmp. If you don't use a read-only root filesystem, you can disable this with .Values.tempPersistence.enabled +tempVolume: + # Toggles the temp folder emptyDir volume creation. + # - If enabled, the StatefulSet will use an emptyDir volume for /tmp. + # - If disabled, the chart won't create and mount ephemeral volumes for /tmp. + enabled: true + + # Configurations for an emptyDir volume to be used for /tmp. + # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/ + emptyDir: + # Default emptyDir limit, override to your needs. + sizeLimit: 128Mi + ############################## # StatefulSet Configurations # ############################## @@ -550,6 +566,10 @@ dnsConfig: {} # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: "" +# Name of an existing PriorityClass to assign, defining the importance of the pods compared to other pods in the cluster. +# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ +priorityClassName: "" + # Overrides the default GraphDB container command. # Use only for troubleshooting! # See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ @@ -648,9 +668,9 @@ topologySpreadConstraints: [] # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ resources: limits: - memory: 2Gi + memory: 4Gi requests: - memory: 2Gi + memory: 4Gi cpu: 500m # Resource configurations for the init containers in the GraphDB Pod. @@ -667,7 +687,7 @@ initContainerResources: ######################### # Configurations for the GraphDB container startup probe. -# Note: Misconfigured probe can lead to a failing GraphDB cluster! +# Note: A misconfigured probe can lead to a failing GraphDB cluster! startupProbe: httpGet: path: /protocol @@ -677,7 +697,7 @@ startupProbe: periodSeconds: 10 # Configurations for the GraphDB container readiness probe. -# Note: Misconfigured probe can lead to a failing GraphDB cluster! +# Note: A misconfigured probe can lead to a failing GraphDB cluster! readinessProbe: httpGet: path: /protocol @@ -687,7 +707,7 @@ readinessProbe: periodSeconds: 10 # Configurations for the GraphDB container liveness probe. -# Note: Misconfigured probe can lead to a failing GraphDB cluster! +# Note: A misconfigured probe can lead to a failing GraphDB cluster! livenessProbe: httpGet: path: /protocol @@ -1023,7 +1043,7 @@ proxy: persistence: # Toggles the persistence of GraphDB proxy data. # - If enabled, the StatefulSet will use a PVC template and rely on the CSI to dynamically provision Persistent Volumes. - # - If disabled, it fallbacks to an emptyDir volume. + # - If disabled, it falls back to an emptyDir volume. enabled: true # Configurations for PVC based persistence. @@ -1048,6 +1068,7 @@ proxy: # Configurations for an emptyDir volume to be used for data storage by the StatefulSet. # Used when the persistence is disabled with .Values.proxy.persistence.enabled + # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/ emptyDir: # Default emptyDir limit, override to your needs. sizeLimit: 500Mi @@ -1089,6 +1110,10 @@ proxy: # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy dnsPolicy: "" + # Name of an existing PriorityClass to assign, defining the importance of the pods compared to other pods in the cluster. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ + priorityClassName: "" + # Overrides the default GraphDB proxy container command. # Use only for troubleshooting! # See https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/ @@ -1206,7 +1231,7 @@ proxy: ######################### # Configurations for the GraphDB proxy container startup probe. - # Note: Misconfigured probe can lead to a failing GraphDB cluster! + # Note: A misconfigured probe can lead to a failing GraphDB cluster! startupProbe: httpGet: path: /proxy/ready @@ -1216,7 +1241,7 @@ proxy: periodSeconds: 5 # Configurations for the GraphDB proxy container readiness probe. - # Note: Misconfigured probe can lead to a failing GraphDB cluster! + # Note: A misconfigured probe can lead to a failing GraphDB cluster! readinessProbe: httpGet: path: /proxy/ready @@ -1225,7 +1250,7 @@ proxy: periodSeconds: 10 # Configurations for the GraphDB proxy container liveness probe. - # Note: Misconfigured probe can lead to a failing GraphDB cluster! + # Note: A misconfigured probe can lead to a failing GraphDB cluster! livenessProbe: httpGet: path: /proxy/health