Merge pull request #109 from Ontotext-AD/PRO-426-features-11-1

PRO-426: GraphDB 10.7 and new chart features
Ontotext-AD · Jul 5, 2024 · bae62ad · bae62ad
2 parents 964dd27 + a6ab4f4
commit bae62ad
Show file tree

Hide file tree

Showing 12 changed files with 323 additions and 35 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,23 @@
 # GraphDB Helm chart release notes
 
+## Version 11.1.0
+
+### New
+
+- Updated to GraphDB [10.7.0](https://graphdb.ontotext.com/documentation/10.7/release-notes.html#graphdb-10-7-0)
+- Added `podAntiAffinity` and `proxy.podAntiAffinity` for configuring a default podAntiAffinity for the GraphDB pods and
+  GraphDB proxy pods. The default values configure a "soft" podAntiAffinity that tries to schedule GraphDB pods across
+  different Kubernetes hosts but does not enforce it.
+- Added new configuration options for the Jobs
+    - Added `job.schedulerName` for overriding the default Kubernetes scheduler
+    - Added `job.dnsConfig` and `job.dnsPolicy` for customizing the DNS resolution
+    - Added `job.priorityClassName` for defining the pods scheduling importance
+    - Added `job.nodeSelector`, `job.affinity`, `job.tolerations` and `job.topologySpreadConstraints` for customizing the
+      node scheduling
+- Added `persistence.volumeClaimRetentionPolicy` and `proxy.persistence.volumeClaimRetentionPolicy` to control the
+  retention policy of the PVCs when the StatefulSets are scaled and deleted. These configurations are used only for
+  Kubernetes 1.27 and above.
+
 ## Version 11.0.1
 
 GraphDB Helm 11.0.1 is a patch release that includes bug fixes.

diff --git a/Chart.yaml b/Chart.yaml
@@ -5,8 +5,8 @@ apiVersion: v2
 name: graphdb
 description: GraphDB is a highly efficient, scalable and robust graph database with RDF and SPARQL support.
 type: application
-version: 11.0.1
-appVersion: 10.6.4
+version: 11.1.0
+appVersion: 10.7.0
 kubeVersion: ^1.26.0-0
 home: https://graphdb.ontotext.com/
 icon: https://graphdb.ontotext.com/home/images/visual_Logo_GraphDB_02_12_2015.png

diff --git a/README.md b/README.md
@@ -1,8 +1,8 @@
 # Helm Chart for GraphDB
 
 [![CI](https://github.com/Ontotext-AD/graphdb-helm/actions/workflows/ci.yml/badge.svg)](https://github.com/Ontotext-AD/graphdb-helm/actions/workflows/ci.yml)
-![Version: 11.0.1](https://img.shields.io/badge/Version-11.0.1-informational?style=flat-square)
-![AppVersion: 10.6.4](https://img.shields.io/badge/AppVersion-10.6.4-informational?style=flat-square)
+![Version: 11.1.0](https://img.shields.io/badge/Version-11.1.0-informational?style=flat-square)
+![AppVersion: 10.7.0](https://img.shields.io/badge/AppVersion-10.7.0-informational?style=flat-square)
 
 <!--
 TODO: Add ArtifactHub badge when ready
@@ -196,7 +196,7 @@ Note: If `1` is selected as node count, the launched node will be standalone and
 
 - The section `cluster.config` can be used to configure a GraphDB cluster.
 
-See more about the cluster here: https://graphdb.ontotext.com/documentation/10.6/cluster-basics.html
+See more about the cluster here: https://graphdb.ontotext.com/documentation/10.7/cluster-basics.html
 
 ### Deploying GraphDB with security
 
@@ -211,7 +211,7 @@ Note that the `provisioning` user is required when security is turned on!
 By default, if the security is turned on, GraphDB's basic security method is used. More complicated security configurations
 can be configured using additional configurations in `graphdb.properties`.
 
-See https://graphdb.ontotext.com/documentation/10.6/access-control.html
+See https://graphdb.ontotext.com/documentation/10.7/access-control.html
 
 Prior to GraphDB 10.0.0 the users and their settings were saved in the `settings.js` file.
 
@@ -230,9 +230,9 @@ Note the `settings.js` must contain `security.enabled" : true` property when sec
 GraphDB uses Logback to configure logging using the `logback.xml` file.
 The file can be provisioned before GraphDB's startup with the `configuration.logback.existingConfigmap` configuration.
 
-See https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html#configuration-properties
+See https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html#configuration-properties
 
-See https://graphdb.ontotext.com/documentation/10.6/access-control.html
+See https://graphdb.ontotext.com/documentation/10.7/access-control.html
 
 ### Importing data from existing persistent volume
 
@@ -396,24 +396,32 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a
 | initContainerSecurityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | initContainerSecurityContext.readOnlyRootFilesystem | bool | `true` |  |
 | initContainerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| jobs.affinity | object | `{}` |  |
 | jobs.backoffLimit | int | `10` |  |
+| jobs.dnsConfig | object | `{}` |  |
+| jobs.dnsPolicy | string | `""` |  |
+| jobs.nodeSelector | object | `{}` |  |
 | jobs.persistence.emptyDir.sizeLimit | string | `"10Mi"` |  |
 | jobs.podSecurityContext.fsGroup | int | `10001` |  |
 | jobs.podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` |  |
 | jobs.podSecurityContext.runAsGroup | int | `10001` |  |
 | jobs.podSecurityContext.runAsNonRoot | bool | `true` |  |
 | jobs.podSecurityContext.runAsUser | int | `10001` |  |
 | jobs.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| jobs.priorityClassName | string | `""` |  |
 | jobs.resources.limits.cpu | string | `"50m"` |  |
 | jobs.resources.limits.ephemeral-storage | string | `"10Mi"` |  |
 | jobs.resources.limits.memory | string | `"16Mi"` |  |
 | jobs.resources.requests.cpu | string | `"50m"` |  |
 | jobs.resources.requests.ephemeral-storage | string | `"10Mi"` |  |
 | jobs.resources.requests.memory | string | `"16Mi"` |  |
+| jobs.schedulerName | string | `""` |  |
 | jobs.securityContext.allowPrivilegeEscalation | bool | `false` |  |
 | jobs.securityContext.capabilities.drop[0] | string | `"ALL"` |  |
 | jobs.securityContext.readOnlyRootFilesystem | bool | `true` |  |
 | jobs.securityContext.seccompProfile.type | string | `"RuntimeDefault"` |  |
+| jobs.tolerations | list | `[]` |  |
+| jobs.topologySpreadConstraints | list | `[]` |  |
 | jobs.ttlSecondsAfterFinished | int | `300` |  |
 | labels | object | `{}` |  |
 | license.existingSecret | string | `""` |  |
@@ -428,12 +436,16 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a
 | nodeSelector | object | `{}` |  |
 | persistence.emptyDir.sizeLimit | string | `"1Gi"` |  |
 | persistence.enabled | bool | `true` |  |
+| persistence.volumeClaimRetentionPolicy | object | `{}` |  |
 | persistence.volumeClaimTemplate.annotations | object | `{}` |  |
 | persistence.volumeClaimTemplate.labels | object | `{}` |  |
 | persistence.volumeClaimTemplate.name | string | `"storage"` |  |
 | persistence.volumeClaimTemplate.spec.accessModes[0] | string | `"ReadWriteOnce"` |  |
 | persistence.volumeClaimTemplate.spec.resources.requests.storage | string | `"5Gi"` |  |
 | podAnnotations | object | `{}` |  |
+| podAntiAffinity.enabled | bool | `true` |  |
+| podAntiAffinity.preset | string | `"soft"` |  |
+| podAntiAffinity.topology | string | `"kubernetes.io/hostname"` |  |
 | podDisruptionBudget.enabled | bool | `true` |  |
 | podDisruptionBudget.maxUnavailable | string | `""` |  |
 | podDisruptionBudget.minAvailable | string | `"51%"` |  |
@@ -500,12 +512,16 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a
 | proxy.nodeSelector | object | `{}` |  |
 | proxy.persistence.emptyDir.sizeLimit | string | `"500Mi"` |  |
 | proxy.persistence.enabled | bool | `true` |  |
+| proxy.persistence.volumeClaimRetentionPolicy | object | `{}` |  |
 | proxy.persistence.volumeClaimTemplate.annotations | object | `{}` |  |
 | proxy.persistence.volumeClaimTemplate.labels | object | `{}` |  |
 | proxy.persistence.volumeClaimTemplate.name | string | `"storage"` |  |
 | proxy.persistence.volumeClaimTemplate.spec.accessModes[0] | string | `"ReadWriteOnce"` |  |
 | proxy.persistence.volumeClaimTemplate.spec.resources.requests.storage | string | `"500Mi"` |  |
 | proxy.podAnnotations | object | `{}` |  |
+| proxy.podAntiAffinity.enabled | bool | `true` |  |
+| proxy.podAntiAffinity.preset | string | `"soft"` |  |
+| proxy.podAntiAffinity.topology | string | `"kubernetes.io/hostname"` |  |
 | proxy.podDisruptionBudget.enabled | bool | `true` |  |
 | proxy.podDisruptionBudget.maxUnavailable | string | `""` |  |
 | proxy.podDisruptionBudget.minAvailable | string | `"51%"` |  |

diff --git a/README.md.gotmpl b/README.md.gotmpl
@@ -196,7 +196,7 @@ Note: If `1` is selected as node count, the launched node will be standalone and
 
 - The section `cluster.config` can be used to configure a GraphDB cluster.
 
-See more about the cluster here: https://graphdb.ontotext.com/documentation/10.6/cluster-basics.html
+See more about the cluster here: https://graphdb.ontotext.com/documentation/10.7/cluster-basics.html
 
 ### Deploying GraphDB with security
 
@@ -211,7 +211,7 @@ Note that the `provisioning` user is required when security is turned on!
 By default, if the security is turned on, GraphDB's basic security method is used. More complicated security configurations
 can be configured using additional configurations in `graphdb.properties`.
 
-See https://graphdb.ontotext.com/documentation/10.6/access-control.html
+See https://graphdb.ontotext.com/documentation/10.7/access-control.html
 
 Prior to GraphDB 10.0.0 the users and their settings were saved in the `settings.js` file.
 
@@ -230,9 +230,9 @@ Note the `settings.js` must contain `security.enabled" : true` property when sec
 GraphDB uses Logback to configure logging using the `logback.xml` file.
 The file can be provisioned before GraphDB's startup with the `configuration.logback.existingConfigmap` configuration.
 
-See https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html#configuration-properties
+See https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html#configuration-properties
 
-See https://graphdb.ontotext.com/documentation/10.6/access-control.html
+See https://graphdb.ontotext.com/documentation/10.7/access-control.html
 
 ### Importing data from existing persistent volume
 

diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml
@@ -15,6 +15,9 @@ spec:
   updateStrategy: {{ .Values.updateStrategy | toYaml | nindent 4 }}
   podManagementPolicy: {{ .Values.podManagementPolicy }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
+  {{- if and .Values.persistence.volumeClaimRetentionPolicy (semverCompare ">=1.27-0" .Capabilities.KubeVersion.Version) }}
+  persistentVolumeClaimRetentionPolicy: {{ .Values.persistence.volumeClaimRetentionPolicy | toYaml | nindent 4 }}
+  {{- end }}
   selector:
     matchLabels:
       {{- include "graphdb.selectorLabels" . | nindent 6 }}
@@ -129,8 +132,31 @@ spec:
       {{- with .Values.nodeSelector }}
       nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }}
       {{- end }}
-      {{- with .Values.affinity }}
-      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- if or .Values.affinity .Values.podAntiAffinity.enabled }}
+      affinity:
+        {{- if .Values.affinity  }}
+          {{- tpl (toYaml .Values.affinity) $ | nindent 8 }}
+        {{- end }}
+        {{- if and .Values.podAntiAffinity.enabled (not .Values.affinity.podAntiAffinity) }}
+        podAntiAffinity:
+          {{- if eq .Values.podAntiAffinity.preset "soft" }}
+          preferredDuringSchedulingIgnoredDuringExecution:
+            - weight: 1
+              podAffinityTerm:
+                topologyKey: {{ .Values.podAntiAffinity.topology }}
+                labelSelector:
+                  matchLabels:
+                    {{- include "graphdb.selectorLabels" . | nindent 20 }}
+          {{- else if eq .Values.podAntiAffinity.preset "hard" }}
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - topologyKey: {{ .Values.podAntiAffinity.topology }}
+              labelSelector:
+                matchLabels:
+                  {{- include "graphdb.selectorLabels" . | nindent 18 }}
+          {{- else }}
+            {{- fail (printf "Unknown podAntiAffinity preset '%s'" .Values.podAntiAffinity.preset) }}
+          {{- end }}
+        {{- end }}
       {{- end }}
       {{- with .Values.tolerations }}
       tolerations: {{- tpl (toYaml .) $ | nindent 8 }}

diff --git a/templates/jobs/job-create-cluster.yaml b/templates/jobs/job-create-cluster.yaml
@@ -20,6 +20,30 @@ spec:
     spec:
       restartPolicy: Never
       automountServiceAccountToken: false
+      {{- if .Values.jobs.schedulerName }}
+      schedulerName: {{ .Values.jobs.schedulerName }}
+      {{- end }}
+      {{- with .Values.jobs.dnsConfig }}
+      dnsConfig: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.jobs.dnsPolicy }}
+      dnsPolicy: {{ .Values.jobs.dnsPolicy }}
+      {{- end }}
+      {{- if .Values.jobs.priorityClassName }}
+      priorityClassName: {{ .Values.jobs.priorityClassName }}
+      {{- end }}
+      {{- with .Values.jobs.nodeSelector }}
+      nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.affinity }}
+      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.tolerations }}
+      tolerations: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
       {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }}

diff --git a/templates/jobs/job-patch-cluster.yaml b/templates/jobs/job-patch-cluster.yaml
@@ -20,6 +20,30 @@ spec:
     spec:
       restartPolicy: Never
       automountServiceAccountToken: false
+      {{- if .Values.jobs.schedulerName }}
+      schedulerName: {{ .Values.jobs.schedulerName }}
+      {{- end }}
+      {{- with .Values.jobs.dnsConfig }}
+      dnsConfig: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.jobs.dnsPolicy }}
+      dnsPolicy: {{ .Values.jobs.dnsPolicy }}
+      {{- end }}
+      {{- if .Values.jobs.priorityClassName }}
+      priorityClassName: {{ .Values.jobs.priorityClassName }}
+      {{- end }}
+      {{- with .Values.jobs.nodeSelector }}
+      nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.affinity }}
+      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.tolerations }}
+      tolerations: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
       {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }}

diff --git a/templates/jobs/job-provision-repositories.yaml b/templates/jobs/job-provision-repositories.yaml
@@ -20,6 +20,30 @@ spec:
     spec:
       restartPolicy: Never
       automountServiceAccountToken: false
+      {{- if .Values.jobs.schedulerName }}
+      schedulerName: {{ .Values.jobs.schedulerName }}
+      {{- end }}
+      {{- with .Values.jobs.dnsConfig }}
+      dnsConfig: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.jobs.dnsPolicy }}
+      dnsPolicy: {{ .Values.jobs.dnsPolicy }}
+      {{- end }}
+      {{- if .Values.jobs.priorityClassName }}
+      priorityClassName: {{ .Values.jobs.priorityClassName }}
+      {{- end }}
+      {{- with .Values.jobs.nodeSelector }}
+      nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.affinity }}
+      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.tolerations }}
+      tolerations: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
       {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }}

diff --git a/templates/jobs/job-scale-down-cluster.yaml b/templates/jobs/job-scale-down-cluster.yaml
@@ -19,6 +19,30 @@ spec:
     spec:
       restartPolicy: Never
       automountServiceAccountToken: false
+      {{- if .Values.jobs.schedulerName }}
+      schedulerName: {{ .Values.jobs.schedulerName }}
+      {{- end }}
+      {{- with .Values.jobs.dnsConfig }}
+      dnsConfig: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.jobs.dnsPolicy }}
+      dnsPolicy: {{ .Values.jobs.dnsPolicy }}
+      {{- end }}
+      {{- if .Values.jobs.priorityClassName }}
+      priorityClassName: {{ .Values.jobs.priorityClassName }}
+      {{- end }}
+      {{- with .Values.jobs.nodeSelector }}
+      nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.affinity }}
+      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.tolerations }}
+      tolerations: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
       {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }}

diff --git a/templates/jobs/job-scale-up-cluster.yaml b/templates/jobs/job-scale-up-cluster.yaml
@@ -20,6 +20,30 @@ spec:
     spec:
       restartPolicy: Never
       automountServiceAccountToken: false
+      {{- if .Values.jobs.schedulerName }}
+      schedulerName: {{ .Values.jobs.schedulerName }}
+      {{- end }}
+      {{- with .Values.jobs.dnsConfig }}
+      dnsConfig: {{ toYaml . | nindent 8 }}
+      {{- end }}
+      {{- if .Values.jobs.dnsPolicy }}
+      dnsPolicy: {{ .Values.jobs.dnsPolicy }}
+      {{- end }}
+      {{- if .Values.jobs.priorityClassName }}
+      priorityClassName: {{ .Values.jobs.priorityClassName }}
+      {{- end }}
+      {{- with .Values.jobs.nodeSelector }}
+      nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.affinity }}
+      affinity: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.tolerations }}
+      tolerations: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
+      {{- with .Values.jobs.topologySpreadConstraints }}
+      topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }}
+      {{- end }}
       {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }}
       imagePullSecrets:
         {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }}