Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Updated OpenShift example to use the latest chart version
Browse files Browse the repository at this point in the history
mihailradkov committed May 16, 2024
1 parent 75e2e08 commit 3cf30d4
Showing 2 changed files with 32 additions and 70 deletions.
6 changes: 4 additions & 2 deletions examples/openshift-local/README.md
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@

Example configurations for deploying GraphDB cluster in [OpenShift Local](https://developers.redhat.com/products/openshift-local/overview).

The primary purpose is to show an example of the necessary OpenShift local overrides and the proper `securityContext` configurations so
The primary purpose is to show an example of the necessary OpenShift local overrides and the proper `podSecurityContext` configurations so
GraphDB can be deployed without policy violations.

Read more about Kubernetes security context and OpenShift security context constraints:
@@ -45,7 +45,9 @@ Instances are configured for being accessed at [https://graphdb.apps-crc.testing
You'll have to use the `oc` utility provided by `crc` (from step 1):

```bash
oc create route edge --service=graphdb-cluster-proxy --port=7200 --hostname=graphdb.apps-crc.testing --namespace graphdb
oc create route edge --service=graphdb-proxy --port=7200 --hostname=graphdb.apps-crc.testing --namespace graphdb
```

Note: You might need to update your hosts file to resolve `graphdb.apps-crc.testing`

You can now access GraphDB at [https://graphdb.apps-crc.testing/](https://graphdb.apps-crc.testing/).
96 changes: 28 additions & 68 deletions examples/openshift-local/values.yaml
Original file line number Diff line number Diff line change
@@ -1,74 +1,34 @@
global:
storageClass: "crc-csi-hostpath-provisioner"

deployment:
host: graphdb.apps-crc.testing
protocol: https
ingress:
enabled: false
fullnameOverride: graphdb

graphdb:
clusterConfig:
nodesCount: 3
# Cluster requires license, you have to provision it before deploying this chart
license:
existingSecret: graphdb-license

workbench:
subpath: /
replicas: 3

node:
# Cluster requires license, you have to provision it before deploying this chart
license: graphdb-license
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# Uncomment to disable default resource limits and requests
#resources:
# limits:
# memory: null
# cpu: null
# requests:
# memory: null
# cpu: null
initContainerSecurityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
configuration:
externalUrl: https://graphdb.apps-crc.testing

clusterProxy:
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# Uncomment to disable default resource limits and requests
#resources:
# limits:
# memory: null
# cpu: null
# requests:
# memory: null
# cpu: null
ingress:
enabled: false

jobSecurityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# OpenShift uses very high uid/gid, override the default with 1000660000
podSecurityContext:
runAsUser: 1000660000
runAsGroup: 1000660000
fsGroup: 1000660000

jobs:
podSecurityContext:
runAsUser: 1000660000
runAsGroup: 1000660000
fsGroup: 1000660000

proxy:
fullnameOverride: graphdb-proxy

podSecurityContext:
runAsUser: 1000660000
runAsGroup: 1000660000
fsGroup: 1000660000

0 comments on commit 3cf30d4

Please sign in to comment.