From 1abbb4a05000d319b65471b25341c6a56dc3e524 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Thu, 4 Jul 2024 14:51:03 +0300 Subject: [PATCH 1/8] GDB-10410: Added default podAntiAffinity configurations Added `podAntiAffinity` and `proxy.podAntiAffinity` for configuring a default podAntiAffinity for the GraphDB pods and GraphDB proxy pods. The default values configure a "soft" podAntiAffinity that tries to schedule GraphDB pods across different Kubernetes hosts but does not enforce it. --- CHANGELOG.md | 8 ++++++++ templates/graphdb/statefulset.yaml | 27 +++++++++++++++++++++++++-- templates/proxy/statefulset.yaml | 27 +++++++++++++++++++++++++-- values.yaml | 24 ++++++++++++++++++++++++ 4 files changed, 82 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 892cdbd..a5f6aba 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # GraphDB Helm chart release notes +## Version 11.1.0 + +### New + +- Added `podAntiAffinity` and `proxy.podAntiAffinity` for configuring a default podAntiAffinity for the GraphDB pods and + GraphDB proxy pods. The default values configure a "soft" podAntiAffinity that tries to schedule GraphDB pods across + different Kubernetes hosts but does not enforce it. + ## Version 11.0.1 GraphDB Helm 11.0.1 is a patch release that includes bug fixes. diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index 013b9e5..a63a800 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -129,8 +129,31 @@ spec: {{- with .Values.nodeSelector }} nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- with .Values.affinity }} - affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- if or .Values.affinity .Values.podAntiAffinity.enabled }} + affinity: + {{- if .Values.affinity }} + {{- tpl (toYaml .Values.affinity) $ | nindent 8 }} + {{- end }} + {{- if and .Values.podAntiAffinity.enabled (not .Values.affinity.podAntiAffinity) }} + podAntiAffinity: + {{- if eq .Values.podAntiAffinity.preset "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: {{ .Values.podAntiAffinity.topology }} + labelSelector: + matchLabels: + {{- include "graphdb.selectorLabels" . | nindent 20 }} + {{- else if eq .Values.podAntiAffinity.preset "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.podAntiAffinity.topology }} + labelSelector: + matchLabels: + {{- include "graphdb.selectorLabels" . | nindent 18 }} + {{- else }} + {{- fail (printf "Unknown podAntiAffinity preset '%s'" .Values.podAntiAffinity.preset) }} + {{- end }} + {{- end }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- tpl (toYaml .) $ | nindent 8 }} diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 6547a31..5443d9b 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -98,8 +98,31 @@ spec: {{- with .Values.proxy.nodeSelector }} nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} {{- end }} - {{- with .Values.proxy.affinity }} - affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- if or .Values.proxy.affinity .Values.proxy.podAntiAffinity.enabled }} + affinity: + {{- if .Values.proxy.affinity }} + {{- tpl (toYaml .Values.proxy.affinity) $ | nindent 8 }} + {{- end }} + {{- if and .Values.proxy.podAntiAffinity.enabled (not .Values.proxy.affinity.podAntiAffinity) }} + podAntiAffinity: + {{- if eq .Values.proxy.podAntiAffinity.preset "soft" }} + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: {{ .Values.proxy.podAntiAffinity.topology }} + labelSelector: + matchLabels: + {{- include "graphdb-proxy.selectorLabels" . | nindent 20 }} + {{- else if eq .Values.proxy.podAntiAffinity.preset "hard" }} + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: {{ .Values.proxy.podAntiAffinity.topology }} + labelSelector: + matchLabels: + {{- include "graphdb-proxy.selectorLabels" . | nindent 18 }} + {{- else }} + {{- fail (printf "Unknown podAntiAffinity preset '%s'" .Values.proxy.podAntiAffinity.preset) }} + {{- end }} + {{- end }} {{- end }} {{- with .Values.proxy.tolerations }} tolerations: {{- tpl (toYaml .) $ | nindent 8 }} diff --git a/values.yaml b/values.yaml index f6bb71d..f4e32e8 100644 --- a/values.yaml +++ b/values.yaml @@ -648,6 +648,18 @@ nodeSelector: {} # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} +# Default podAntiAffinity rule ensuring that GraphDB pods are scheduled on different Kubernetes nodes. +# Note that this would take effect when GraphDB is deployed in a cluster. +# +# Possible values for .Values.podAntiAffinity.preset are: +# - "soft" (default) - Configures a preferredDuringSchedulingIgnoredDuringExecution rule. +# - "hard" - Configures a requiredDuringSchedulingIgnoredDuringExecution rule. +# Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity +podAntiAffinity: + enabled: true + preset: soft + topology: kubernetes.io/hostname + # List of taint tolerations. # Values are processed as Helm templates. # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ @@ -1192,6 +1204,18 @@ proxy: # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity affinity: {} + # Default podAntiAffinity rule ensuring that GraphDB pods are scheduled on different Kubernetes nodes. + # Note that this would take effect when GraphDB is deployed in a cluster. + # + # Possible values for .Values.podAntiAffinity.preset are: + # - "soft" (default) - Configures a preferredDuringSchedulingIgnoredDuringExecution rule. + # - "hard" - Configures a requiredDuringSchedulingIgnoredDuringExecution rule. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + podAntiAffinity: + enabled: true + preset: soft + topology: kubernetes.io/hostname + # List of taint tolerations. # Values are processed as Helm templates. # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ From 483ca6ce4b01a8dda8d52bb3bcaa6982aa4ac20d Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Thu, 4 Jul 2024 11:56:00 +0000 Subject: [PATCH 2/8] Updated the README --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 4ffe9a9..9b16388 100644 --- a/README.md +++ b/README.md @@ -434,6 +434,9 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a | persistence.volumeClaimTemplate.spec.accessModes[0] | string | `"ReadWriteOnce"` | | | persistence.volumeClaimTemplate.spec.resources.requests.storage | string | `"5Gi"` | | | podAnnotations | object | `{}` | | +| podAntiAffinity.enabled | bool | `true` | | +| podAntiAffinity.preset | string | `"soft"` | | +| podAntiAffinity.topology | string | `"kubernetes.io/hostname"` | | | podDisruptionBudget.enabled | bool | `true` | | | podDisruptionBudget.maxUnavailable | string | `""` | | | podDisruptionBudget.minAvailable | string | `"51%"` | | @@ -506,6 +509,9 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a | proxy.persistence.volumeClaimTemplate.spec.accessModes[0] | string | `"ReadWriteOnce"` | | | proxy.persistence.volumeClaimTemplate.spec.resources.requests.storage | string | `"500Mi"` | | | proxy.podAnnotations | object | `{}` | | +| proxy.podAntiAffinity.enabled | bool | `true` | | +| proxy.podAntiAffinity.preset | string | `"soft"` | | +| proxy.podAntiAffinity.topology | string | `"kubernetes.io/hostname"` | | | proxy.podDisruptionBudget.enabled | bool | `true` | | | proxy.podDisruptionBudget.maxUnavailable | string | `""` | | | proxy.podDisruptionBudget.minAvailable | string | `"51%"` | | From 4006ed7080af05e28e1af5b0b05bca7b8bec9196 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Wed, 3 Jul 2024 22:03:11 +0300 Subject: [PATCH 3/8] GDB-10409: Jobs scheduling configurations Added new configuration options for the Jobs - Added `job.schedulerName` for overriding the default Kubernetes scheduler - Added `job.dnsConfig` and `job.dnsPolicy` for customizing the DNS resolution - Added `job.priorityClassName` for defining the pods scheduling importance - Added `job.nodeSelector`, `job.affinity`, `job.tolerations` and `job.topologySpreadConstraints` for customizing the node scheduling --- CHANGELOG.md | 6 +++ templates/jobs/job-create-cluster.yaml | 24 ++++++++++++ templates/jobs/job-patch-cluster.yaml | 24 ++++++++++++ .../jobs/job-provision-repositories.yaml | 24 ++++++++++++ templates/jobs/job-scale-down-cluster.yaml | 24 ++++++++++++ templates/jobs/job-scale-up-cluster.yaml | 24 ++++++++++++ values.yaml | 38 +++++++++++++++++++ 7 files changed, 164 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5f6aba..b7d1e58 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,12 @@ - Added `podAntiAffinity` and `proxy.podAntiAffinity` for configuring a default podAntiAffinity for the GraphDB pods and GraphDB proxy pods. The default values configure a "soft" podAntiAffinity that tries to schedule GraphDB pods across different Kubernetes hosts but does not enforce it. +- Added new configuration options for the Jobs + - Added `job.schedulerName` for overriding the default Kubernetes scheduler + - Added `job.dnsConfig` and `job.dnsPolicy` for customizing the DNS resolution + - Added `job.priorityClassName` for defining the pods scheduling importance + - Added `job.nodeSelector`, `job.affinity`, `job.tolerations` and `job.topologySpreadConstraints` for customizing the + node scheduling ## Version 11.0.1 diff --git a/templates/jobs/job-create-cluster.yaml b/templates/jobs/job-create-cluster.yaml index 8b2f83a..ca4a5cc 100644 --- a/templates/jobs/job-create-cluster.yaml +++ b/templates/jobs/job-create-cluster.yaml @@ -20,6 +20,30 @@ spec: spec: restartPolicy: Never automountServiceAccountToken: false + {{- if .Values.jobs.schedulerName }} + schedulerName: {{ .Values.jobs.schedulerName }} + {{- end }} + {{- with .Values.jobs.dnsConfig }} + dnsConfig: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.jobs.dnsPolicy }} + dnsPolicy: {{ .Values.jobs.dnsPolicy }} + {{- end }} + {{- if .Values.jobs.priorityClassName }} + priorityClassName: {{ .Values.jobs.priorityClassName }} + {{- end }} + {{- with .Values.jobs.nodeSelector }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.affinity }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.tolerations }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.topologySpreadConstraints }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }} imagePullSecrets: {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} diff --git a/templates/jobs/job-patch-cluster.yaml b/templates/jobs/job-patch-cluster.yaml index 13d4036..80e0fe0 100644 --- a/templates/jobs/job-patch-cluster.yaml +++ b/templates/jobs/job-patch-cluster.yaml @@ -20,6 +20,30 @@ spec: spec: restartPolicy: Never automountServiceAccountToken: false + {{- if .Values.jobs.schedulerName }} + schedulerName: {{ .Values.jobs.schedulerName }} + {{- end }} + {{- with .Values.jobs.dnsConfig }} + dnsConfig: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.jobs.dnsPolicy }} + dnsPolicy: {{ .Values.jobs.dnsPolicy }} + {{- end }} + {{- if .Values.jobs.priorityClassName }} + priorityClassName: {{ .Values.jobs.priorityClassName }} + {{- end }} + {{- with .Values.jobs.nodeSelector }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.affinity }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.tolerations }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.topologySpreadConstraints }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }} imagePullSecrets: {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} diff --git a/templates/jobs/job-provision-repositories.yaml b/templates/jobs/job-provision-repositories.yaml index e4c656d..70e540a 100644 --- a/templates/jobs/job-provision-repositories.yaml +++ b/templates/jobs/job-provision-repositories.yaml @@ -20,6 +20,30 @@ spec: spec: restartPolicy: Never automountServiceAccountToken: false + {{- if .Values.jobs.schedulerName }} + schedulerName: {{ .Values.jobs.schedulerName }} + {{- end }} + {{- with .Values.jobs.dnsConfig }} + dnsConfig: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.jobs.dnsPolicy }} + dnsPolicy: {{ .Values.jobs.dnsPolicy }} + {{- end }} + {{- if .Values.jobs.priorityClassName }} + priorityClassName: {{ .Values.jobs.priorityClassName }} + {{- end }} + {{- with .Values.jobs.nodeSelector }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.affinity }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.tolerations }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.topologySpreadConstraints }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }} imagePullSecrets: {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} diff --git a/templates/jobs/job-scale-down-cluster.yaml b/templates/jobs/job-scale-down-cluster.yaml index 6771114..7058f15 100644 --- a/templates/jobs/job-scale-down-cluster.yaml +++ b/templates/jobs/job-scale-down-cluster.yaml @@ -19,6 +19,30 @@ spec: spec: restartPolicy: Never automountServiceAccountToken: false + {{- if .Values.jobs.schedulerName }} + schedulerName: {{ .Values.jobs.schedulerName }} + {{- end }} + {{- with .Values.jobs.dnsConfig }} + dnsConfig: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.jobs.dnsPolicy }} + dnsPolicy: {{ .Values.jobs.dnsPolicy }} + {{- end }} + {{- if .Values.jobs.priorityClassName }} + priorityClassName: {{ .Values.jobs.priorityClassName }} + {{- end }} + {{- with .Values.jobs.nodeSelector }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.affinity }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.tolerations }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.topologySpreadConstraints }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }} imagePullSecrets: {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} diff --git a/templates/jobs/job-scale-up-cluster.yaml b/templates/jobs/job-scale-up-cluster.yaml index f3f82ad..b777023 100644 --- a/templates/jobs/job-scale-up-cluster.yaml +++ b/templates/jobs/job-scale-up-cluster.yaml @@ -20,6 +20,30 @@ spec: spec: restartPolicy: Never automountServiceAccountToken: false + {{- if .Values.jobs.schedulerName }} + schedulerName: {{ .Values.jobs.schedulerName }} + {{- end }} + {{- with .Values.jobs.dnsConfig }} + dnsConfig: {{ toYaml . | nindent 8 }} + {{- end }} + {{- if .Values.jobs.dnsPolicy }} + dnsPolicy: {{ .Values.jobs.dnsPolicy }} + {{- end }} + {{- if .Values.jobs.priorityClassName }} + priorityClassName: {{ .Values.jobs.priorityClassName }} + {{- end }} + {{- with .Values.jobs.nodeSelector }} + nodeSelector: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.affinity }} + affinity: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.tolerations }} + tolerations: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} + {{- with .Values.jobs.topologySpreadConstraints }} + topologySpreadConstraints: {{- tpl (toYaml .) $ | nindent 8 }} + {{- end }} {{- if or .Values.global.imagePullSecrets .Values.image.pullSecrets }} imagePullSecrets: {{- include "graphdb.combinedImagePullSecrets" . | nindent 8 }} diff --git a/values.yaml b/values.yaml index f4e32e8..51a69cd 100644 --- a/values.yaml +++ b/values.yaml @@ -864,6 +864,44 @@ jobs: # Time in seconds before deleting finished pods ttlSecondsAfterFinished: 300 + # Overrides the default Kubernetes scheduler. + # See https://kubernetes.io/docs/tasks/extend-kubernetes/configure-multiple-schedulers/#specify-schedulers-for-pods + schedulerName: "" + + # Overrides the Job's DNS settings. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-dns-config + dnsConfig: {} + + # Defines the Job's policy for DNS resolution. + # Ref: https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/#pod-s-dns-policy + dnsPolicy: "" + + # Name of an existing PriorityClass to assign, defining the importance of the pods compared to other pods in the cluster. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ + priorityClassName: "" + + # Selector labels to match when selecting nodes. + # Values are processed as Helm templates. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector + # See https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ + nodeSelector: {} + + # Node and pod affinity & anti affinity configurations for constraining the Pod scheduling. + # Values are processed as Helm templates. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity + affinity: {} + + # List of taint tolerations. + # Values are processed as Helm templates. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/ + tolerations: [] + + # Configurations for spreading Pods across different failure domains. + # Values are processed as Helm templates. + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#pod-topology-spread-constraints + # Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/topology-spread-constraints/ + topologySpreadConstraints: [] + # Defines privilege and access control settings for all containers in the Jobs. # See https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod podSecurityContext: From a89e685e3ef45afd595d758f97283222e1149260 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 5 Jul 2024 08:25:32 +0000 Subject: [PATCH 4/8] Updated the README --- README.md | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/README.md b/README.md index 9b16388..5c0c630 100644 --- a/README.md +++ b/README.md @@ -396,7 +396,11 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a | initContainerSecurityContext.capabilities.drop[0] | string | `"ALL"` | | | initContainerSecurityContext.readOnlyRootFilesystem | bool | `true` | | | initContainerSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | +| jobs.affinity | object | `{}` | | | jobs.backoffLimit | int | `10` | | +| jobs.dnsConfig | object | `{}` | | +| jobs.dnsPolicy | string | `""` | | +| jobs.nodeSelector | object | `{}` | | | jobs.persistence.emptyDir.sizeLimit | string | `"10Mi"` | | | jobs.podSecurityContext.fsGroup | int | `10001` | | | jobs.podSecurityContext.fsGroupChangePolicy | string | `"OnRootMismatch"` | | @@ -404,16 +408,20 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a | jobs.podSecurityContext.runAsNonRoot | bool | `true` | | | jobs.podSecurityContext.runAsUser | int | `10001` | | | jobs.podSecurityContext.seccompProfile.type | string | `"RuntimeDefault"` | | +| jobs.priorityClassName | string | `""` | | | jobs.resources.limits.cpu | string | `"50m"` | | | jobs.resources.limits.ephemeral-storage | string | `"10Mi"` | | | jobs.resources.limits.memory | string | `"16Mi"` | | | jobs.resources.requests.cpu | string | `"50m"` | | | jobs.resources.requests.ephemeral-storage | string | `"10Mi"` | | | jobs.resources.requests.memory | string | `"16Mi"` | | +| jobs.schedulerName | string | `""` | | | jobs.securityContext.allowPrivilegeEscalation | bool | `false` | | | jobs.securityContext.capabilities.drop[0] | string | `"ALL"` | | | jobs.securityContext.readOnlyRootFilesystem | bool | `true` | | | jobs.securityContext.seccompProfile.type | string | `"RuntimeDefault"` | | +| jobs.tolerations | list | `[]` | | +| jobs.topologySpreadConstraints | list | `[]` | | | jobs.ttlSecondsAfterFinished | int | `300` | | | labels | object | `{}` | | | license.existingSecret | string | `""` | | From 706bd0f279e9a4d2e0fc6b11a75398ecb8b523c2 Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Wed, 3 Jul 2024 13:50:00 +0300 Subject: [PATCH 5/8] GDB-10049: Added configurations for persistentVolumeClaimRetentionPolicy Added `persistence.volumeClaimRetentionPolicy` and `proxy.persistence.volumeClaimRetentionPolicy` to control the retention policy of the PVCs when the StatefulSets are scaled and deleted. These configurations are used only for Kubernetes 1.27 and above. --- CHANGELOG.md | 3 +++ templates/graphdb/statefulset.yaml | 3 +++ templates/proxy/statefulset.yaml | 3 +++ values.yaml | 28 ++++++++++++++++++++++++---- 4 files changed, 33 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b7d1e58..18a8652 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -13,6 +13,9 @@ - Added `job.priorityClassName` for defining the pods scheduling importance - Added `job.nodeSelector`, `job.affinity`, `job.tolerations` and `job.topologySpreadConstraints` for customizing the node scheduling +- Added `persistence.volumeClaimRetentionPolicy` and `proxy.persistence.volumeClaimRetentionPolicy` to control the + retention policy of the PVCs when the StatefulSets are scaled and deleted. These configurations are used only for + Kubernetes 1.27 and above. ## Version 11.0.1 diff --git a/templates/graphdb/statefulset.yaml b/templates/graphdb/statefulset.yaml index a63a800..a221dab 100644 --- a/templates/graphdb/statefulset.yaml +++ b/templates/graphdb/statefulset.yaml @@ -15,6 +15,9 @@ spec: updateStrategy: {{ .Values.updateStrategy | toYaml | nindent 4 }} podManagementPolicy: {{ .Values.podManagementPolicy }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} + {{- if and .Values.persistence.volumeClaimRetentionPolicy (semverCompare ">=1.27-0" .Capabilities.KubeVersion.Version) }} + persistentVolumeClaimRetentionPolicy: {{ .Values.persistence.volumeClaimRetentionPolicy | toYaml | nindent 4 }} + {{- end }} selector: matchLabels: {{- include "graphdb.selectorLabels" . | nindent 6 }} diff --git a/templates/proxy/statefulset.yaml b/templates/proxy/statefulset.yaml index 5443d9b..8399e6c 100644 --- a/templates/proxy/statefulset.yaml +++ b/templates/proxy/statefulset.yaml @@ -16,6 +16,9 @@ spec: updateStrategy: {{ .Values.proxy.updateStrategy | toYaml | nindent 4 }} podManagementPolicy: {{ .Values.proxy.podManagementPolicy }} revisionHistoryLimit: {{ .Values.proxy.revisionHistoryLimit }} + {{- if and .Values.proxy.persistence.volumeClaimRetentionPolicy (semverCompare ">=1.27-0" .Capabilities.KubeVersion.Version) }} + persistentVolumeClaimRetentionPolicy: {{ .Values.proxy.persistence.volumeClaimRetentionPolicy | toYaml | nindent 4 }} + {{- end }} selector: matchLabels: {{- include "graphdb-proxy.selectorLabels" . | nindent 6 }} diff --git a/values.yaml b/values.yaml index 51a69cd..64fbf5b 100644 --- a/values.yaml +++ b/values.yaml @@ -506,6 +506,16 @@ persistence: requests: storage: 5Gi + # Overrides the retention policy of the StatefulSet's PVC. + # This requires Kubernetes v1.27 or greater. + # Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + # + # Example: + # volumeClaimRetentionPolicy: + # whenScaled: Retain + # whenDeleted: Delete + volumeClaimRetentionPolicy: {} + # Configurations for an emptyDir volume to be used for data storage by the StatefulSet. # Used when the persistence is disabled with .Values.persistence.enabled # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/ @@ -515,7 +525,7 @@ persistence: # Configurations for an emptyDir volume for the /tmp folder in each GraphDB container. # Because the default security context in .Values.securityContext configures the root filesystem to be in read-only mode, certain GraphDB features -# cannot create and write files in /tmp. If you don't use a read-only root filesystem, you can disable this with .Values.tempPersistence.enabled +# cannot create and write files in /tmp. If you don't use a read-only root filesystem, you can disable this with .Values.tempVolume.enabled tempVolume: # Toggles the temp folder emptyDir volume creation. # - If enabled, the StatefulSet will use an emptyDir volume for /tmp. @@ -729,7 +739,7 @@ livenessProbe: periodSeconds: 10 ######################################### -# Additional Statefulset Configurations # +# Additional StatefulSet Configurations # ######################################### # Additional environment variables to be set for the GraphDB containers. @@ -1116,6 +1126,16 @@ proxy: requests: storage: 500Mi + # Overrides the retention policy of the StatefulSet's PVC. + # This requires Kubernetes v1.27 or greater. + # Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention + # + # Example: + # volumeClaimRetentionPolicy: + # whenScaled: Retain + # whenDeleted: Delete + volumeClaimRetentionPolicy: {} + # Configurations for an emptyDir volume to be used for data storage by the StatefulSet. # Used when the persistence is disabled with .Values.proxy.persistence.enabled # Ref: https://kubernetes.io/docs/concepts/storage/ephemeral-volumes/ @@ -1124,7 +1144,7 @@ proxy: sizeLimit: 500Mi ############################## - # Statefulset Configurations # + # StatefulSet Configurations # ############################## # Number of cluster proxies used to access the GraphDB cluster. @@ -1322,7 +1342,7 @@ proxy: periodSeconds: 10 ######################################### - # Additional Statefulset Configurations # + # Additional StatefulSet Configurations # ######################################### # Additional environment variables to be set for the GraphDB proxy containers. From 9df4ec59cac5493da0ad683ed0dd0887b717a206 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 5 Jul 2024 08:32:06 +0000 Subject: [PATCH 6/8] Updated the README --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 5c0c630..039534d 100644 --- a/README.md +++ b/README.md @@ -436,6 +436,7 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a | nodeSelector | object | `{}` | | | persistence.emptyDir.sizeLimit | string | `"1Gi"` | | | persistence.enabled | bool | `true` | | +| persistence.volumeClaimRetentionPolicy | object | `{}` | | | persistence.volumeClaimTemplate.annotations | object | `{}` | | | persistence.volumeClaimTemplate.labels | object | `{}` | | | persistence.volumeClaimTemplate.name | string | `"storage"` | | @@ -511,6 +512,7 @@ IMPORTANT: This is generated by helm-docs, do not attempt modifying it on hand a | proxy.nodeSelector | object | `{}` | | | proxy.persistence.emptyDir.sizeLimit | string | `"500Mi"` | | | proxy.persistence.enabled | bool | `true` | | +| proxy.persistence.volumeClaimRetentionPolicy | object | `{}` | | | proxy.persistence.volumeClaimTemplate.annotations | object | `{}` | | | proxy.persistence.volumeClaimTemplate.labels | object | `{}` | | | proxy.persistence.volumeClaimTemplate.name | string | `"storage"` | | From 2856cb46fce79cc337d64e180b4247be5da36d3c Mon Sep 17 00:00:00 2001 From: Mihail Radkov Date: Fri, 5 Jul 2024 12:59:29 +0300 Subject: [PATCH 7/8] PRO-426: GraphDB 10.7 and new chart features - Updated to GraphDB [10.7.0](https://graphdb.ontotext.com/documentation/10.7/release-notes.html#graphdb-10-7-0) - Added `podAntiAffinity` and `proxy.podAntiAffinity` for configuring a default podAntiAffinity for the GraphDB pods and GraphDB proxy pods. - Added new configuration options for the Jobs - Added `persistence.volumeClaimRetentionPolicy` and `proxy.persistence.volumeClaimRetentionPolicy` to control the retention policy of the PVCs when the StatefulSets are scaled and deleted. --- CHANGELOG.md | 1 + Chart.yaml | 4 ++-- README.md.gotmpl | 8 ++++---- values.yaml | 30 +++++++++++++++--------------- 4 files changed, 22 insertions(+), 21 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 18a8652..c0434cf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,7 @@ ### New +- Updated to GraphDB [10.7.0](https://graphdb.ontotext.com/documentation/10.7/release-notes.html#graphdb-10-7-0) - Added `podAntiAffinity` and `proxy.podAntiAffinity` for configuring a default podAntiAffinity for the GraphDB pods and GraphDB proxy pods. The default values configure a "soft" podAntiAffinity that tries to schedule GraphDB pods across different Kubernetes hosts but does not enforce it. diff --git a/Chart.yaml b/Chart.yaml index d925896..2bf25d9 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -5,8 +5,8 @@ apiVersion: v2 name: graphdb description: GraphDB is a highly efficient, scalable and robust graph database with RDF and SPARQL support. type: application -version: 11.0.1 -appVersion: 10.6.4 +version: 11.1.0 +appVersion: 10.7.0 kubeVersion: ^1.26.0-0 home: https://graphdb.ontotext.com/ icon: https://graphdb.ontotext.com/home/images/visual_Logo_GraphDB_02_12_2015.png diff --git a/README.md.gotmpl b/README.md.gotmpl index 1b13a2f..c97805a 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -196,7 +196,7 @@ Note: If `1` is selected as node count, the launched node will be standalone and - The section `cluster.config` can be used to configure a GraphDB cluster. -See more about the cluster here: https://graphdb.ontotext.com/documentation/10.6/cluster-basics.html +See more about the cluster here: https://graphdb.ontotext.com/documentation/10.7/cluster-basics.html ### Deploying GraphDB with security @@ -211,7 +211,7 @@ Note that the `provisioning` user is required when security is turned on! By default, if the security is turned on, GraphDB's basic security method is used. More complicated security configurations can be configured using additional configurations in `graphdb.properties`. -See https://graphdb.ontotext.com/documentation/10.6/access-control.html +See https://graphdb.ontotext.com/documentation/10.7/access-control.html Prior to GraphDB 10.0.0 the users and their settings were saved in the `settings.js` file. @@ -230,9 +230,9 @@ Note the `settings.js` must contain `security.enabled" : true` property when sec GraphDB uses Logback to configure logging using the `logback.xml` file. The file can be provisioned before GraphDB's startup with the `configuration.logback.existingConfigmap` configuration. -See https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html#configuration-properties +See https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html#configuration-properties -See https://graphdb.ontotext.com/documentation/10.6/access-control.html +See https://graphdb.ontotext.com/documentation/10.7/access-control.html ### Importing data from existing persistent volume diff --git a/values.yaml b/values.yaml index 64fbf5b..8e54ce4 100644 --- a/values.yaml +++ b/values.yaml @@ -114,7 +114,7 @@ image: # Set value to 1 to run a standalone GraphDB instance # Set value to more than 1 to form a GraphDB cluster with GraphDB cluster proxies. # This setting control the deployment of the cluster proxies and cluster jobs as well. -# Ref: https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html +# Ref: https://graphdb.ontotext.com/documentation/10.7/creating-a-cluster.html replicas: 1 ########################## @@ -131,7 +131,7 @@ license: licenseFilename: graphdb.license # GraphDB runtime configuration settings. -# For reference, see https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html +# For reference, see https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html configuration: # The external URL at which GraphDB should be accessible. # This can be a publicly available domain name, an internal one or even a Kubernetes service address. @@ -189,7 +189,7 @@ configuration: # GraphDB configuration properties can also be passed here in the format -Dproperty=value # Takes precedence over any configurations provided in graphdb.properties # The value is processed as a Helm template. - # Ref: https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html#configuration + # Ref: https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html#configuration defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 -XX:-UseCompressedOops -Ddefault.min.distinct.threshold=100m # Java arguments to append after .Values.configuration.defaultJavaArguments @@ -198,7 +198,7 @@ configuration: javaArguments: "" # Configurations for GraphDB's Logback - # Ref: https://graphdb.ontotext.com/documentation/10.6/diagnosing-and-reporting-critical-errors.html#logs + # Ref: https://graphdb.ontotext.com/documentation/10.7/diagnosing-and-reporting-critical-errors.html#logs # # Example: # logback: @@ -238,7 +238,7 @@ security: # This setting controls the initial setup of the security and the provisioning of the default initial users.js and settings.js files from this chart. # If the security has been enabled after the initial start, changing this flag won't provision anything in order to protect from overriding changes. # This setting also controls the authentication in the cluster provisioning jobs. - # Ref: https://graphdb.ontotext.com/documentation/10.6/enabling-security.html + # Ref: https://graphdb.ontotext.com/documentation/10.7/enabling-security.html enabled: false # Administrator user with ROLE_ADMIN authority. @@ -295,11 +295,11 @@ security: ################################## # Configurations for creating and configuring the GraphDB cluster. -# Ref: https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html +# Ref: https://graphdb.ontotext.com/documentation/10.7/creating-a-cluster.html cluster: # Configurations for shared token authentication in the cluster. # The secret token is used to encrypt and decrypt the communication between GraphDB nodes in the cluster. - # Ref: https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html#prerequisites + # Ref: https://graphdb.ontotext.com/documentation/10.7/creating-a-cluster.html#prerequisites token: # Defines the secret token as plaintext. # Note: Consider providing an existing Secret object with the token via .Values.cluster.token.existingSecret @@ -316,7 +316,7 @@ cluster: # Cluster configuration parameters. # Changing the parameters would trigger a Job that patches the configuration. - # Ref: https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html#creation-parameters + # Ref: https://graphdb.ontotext.com/documentation/10.7/creating-a-cluster.html#creation-parameters config: # Reference to a ConfigMap with a custom JSON configuration to use when creating the cluster. # This setting overrides any other values specified under .Values.cluster.config.params @@ -686,7 +686,7 @@ topologySpreadConstraints: [] ########################## # Resource configurations for the GraphDB containers. -# For resizing to your needs, refer to the GraphDB documentation https://graphdb.ontotext.com/documentation/10.6/requirements.html +# For resizing to your needs, refer to the GraphDB documentation https://graphdb.ontotext.com/documentation/10.7/requirements.html # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ resources: limits: @@ -817,7 +817,7 @@ serviceAccount: # Settings for importing data into GraphDB import: # Attach additional PV which will be used as an import directory - # See https://graphdb.ontotext.com/documentation/10.6/loading-data-using-the-workbench.html#importing-server-files + # See https://graphdb.ontotext.com/documentation/10.7/loading-data-using-the-workbench.html#importing-server-files volumeMount: # Toggles the attachment of the additional PV via StatefulSet's PVC templates. enabled: false @@ -958,7 +958,7 @@ jobs: # The GraphDB Cluster Proxy is a separate StatefulSet that is enabled when the main GraphDB StatefulSet is deployed in cluster mode, i.e. replicas > 1. # The proxy takes care of always routing traffic to the GraphDB leader node, reducing needless network hops by the internal proxy mechanism in GraphDB. -# See https://graphdb.ontotext.com/documentation/10.6/creating-a-cluster.html#configure-external-cluster-proxy +# See https://graphdb.ontotext.com/documentation/10.7/creating-a-cluster.html#configure-external-cluster-proxy proxy: # Overrides the name of the GraphDB proxy component. nameOverride: "" @@ -982,7 +982,7 @@ proxy: ################################ # GraphDB proxy runtime configuration settings. - # For reference, see https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html + # For reference, see https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html configuration: # GraphDB proxy properties to insert in the default graphdb.properties ConfigMap for the proxy. # Values are processed as Helm templates. @@ -1013,7 +1013,7 @@ proxy: # GraphDB configuration properties can also be passed here in the format -Dprop=value # Takes precedence over any configurations in graphdb.properties # The value is processed as a Helm template. - # Ref: https://graphdb.ontotext.com/documentation/10.6/directories-and-config-properties.html#configuration + # Ref: https://graphdb.ontotext.com/documentation/10.7/directories-and-config-properties.html#configuration defaultJavaArguments: -XX:+UseContainerSupport -XX:MaxRAMPercentage=70 # Java arguments to append after .Values.proxy.configuration.defaultJavaArguments @@ -1022,7 +1022,7 @@ proxy: javaArguments: "" # Configurations for GraphDB's Logback - # Ref: https://graphdb.ontotext.com/documentation/10.6/diagnosing-and-reporting-critical-errors.html#logs + # Ref: https://graphdb.ontotext.com/documentation/10.7/diagnosing-and-reporting-critical-errors.html#logs logback: # Reference to an existing ConfigMap containing a Logback XML configuration. # The value is processed as a Helm template. @@ -1290,7 +1290,7 @@ proxy: ########################## # Resource configurations for the GraphDB proxy containers. - # For resizing to your needs, refer to the GraphDB documentation https://graphdb.ontotext.com/documentation/10.6/requirements.html + # For resizing to your needs, refer to the GraphDB documentation https://graphdb.ontotext.com/documentation/10.7/requirements.html # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/ resources: limits: From a6ab4f4d501fa7463f2b059150ef2dee00c665ec Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Fri, 5 Jul 2024 10:02:55 +0000 Subject: [PATCH 8/8] Updated the README --- README.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 039534d..0085550 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # Helm Chart for GraphDB [![CI](https://github.com/Ontotext-AD/graphdb-helm/actions/workflows/ci.yml/badge.svg)](https://github.com/Ontotext-AD/graphdb-helm/actions/workflows/ci.yml) -![Version: 11.0.1](https://img.shields.io/badge/Version-11.0.1-informational?style=flat-square) -![AppVersion: 10.6.4](https://img.shields.io/badge/AppVersion-10.6.4-informational?style=flat-square) +![Version: 11.1.0](https://img.shields.io/badge/Version-11.1.0-informational?style=flat-square) +![AppVersion: 10.7.0](https://img.shields.io/badge/AppVersion-10.7.0-informational?style=flat-square)