diff --git a/Chart.yaml b/Chart.yaml
index cc9d2e2b..c2f7da76 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -5,8 +5,8 @@ apiVersion: v2
name: graphdb
description: Helm chart for GraphDB Free/SE/EE
type: application
-version: 9.10.1
-appVersion: 9.10.1
+version: 10.0.0
+appVersion: 10.0.0
home: https://graphdb.ontotext.com/
icon: https://graphdb.ontotext.com/home/images/visual_Logo_GraphDB_02_12_2015.png
maintainers:
diff --git a/README.md b/README.md
index 8f48a765..fb3713ff 100644
--- a/README.md
+++ b/README.md
@@ -251,7 +251,7 @@ There are 3 important configuration sections:
#### GraphDB cluster configuration
-By default the Helm chart supports the 3 topologies that we recommend in our documentation. This is configured by settings `graphdb.topology`
+By default the Helm chart supports the 3 topologies that we recommend in our documentation. This is configured by setting `graphdb.topology`
Possible values: `standalone, 1m_3w, 2m3w_rw_ro, 2m3w_muted`. Masters and workers count in cluster modes are controlled by mastersCount and workersCount properties
**standalone** - Launches single instance of GraphDB with a preconfigured worker repository.
@@ -310,25 +310,40 @@ A list of available JMX attributes can be found [here](https://graphdb.ontotext.
GraphDB's Helm chart supports deploying GraphDB with or without security. This can be toggled through `graphdb.security.enabled`.
If it is deployed with security enabled, a special provisioning user is used for repository provisioning, cluster linking, health checks and so on.
-Additional users can be added through the settings file: `files/config/settings.js`. The users are described with their roles, username and a bcrypt64 password.
+Additional users can be added through the users file: `files/config/users.js`. The users are described with their roles, username and a bcrypt64 password.
-The file is provisioned before GraphDB's startup with the configmap `graphdb.masters.settingsConfigmap`.
-It can be overridden with other configmap containing the `settings.js` file. The same configmap is used for the `graphdb.properties` file as well.
+The file can be provisioned before GraphDB's startup with the `usersConfigMap` configmap or left to default.
+It can be overridden with other configmap containing the `users.js` file.
Note that the `provisioning` user is required when security is turned on!
-By default if the security is turned on, GraphDB's basic security method is used. More complicated security configurations
+By default, if the security is turned on, GraphDB's basic security method is used. More complicated security configurations
can be configured using additional configurations in `graphdb.properties`.
See https://graphdb.ontotext.com/documentation/enterprise/access-control.html
-#### Provisioning additional properties
+Prior to GraphDB 10.0.0 the users and their settings were saved in the `settings.js` file.
+
+#### Provisioning additional properties and settings
Most of GraphDB's properties can be passed through `java_args`. Another option is to supply a `graphdb.properties` file.
-This file is provisioned on all GraphDB instances during GraphDB's startup using configmap `graphdb.masters.settingsConfigmap`.
-It can be overridden with other configmap containing the `graphdb.properties` file. The same configmap is used for the `settings.js` file as well.
+This file can be provisioned on during GraphDB's startup using `propertiesConfigMap`configmap or left to default.
+It can be overridden with other configmap containing the `graphdb.properties` file.
The `graphdb.properties` file is also used for more complex security configurations such as LDAP, Oauth, Kerberos.
+Some additional settings are kept in the `settings.js` file. Most of those settings are internal for GraphDB and better left managed by the client.
+The file can be provisioned before GraphDB's startup with the `settingsConfigMap` configmap or left to default.
+It can be overridden with other configmap containing the `settings.js` file.
+Note the `settings.js` must contain `security.enabled" : true` property when security is turned on!
+
+GraphDB uses logback to configure logging using the `logback.xml` file.
+The file can be provisioned before GraphDB's startup with the `logbackConfigMap` configmap or left to default.
+It can be overridden with other configmap containing the `logback.xml` file.
+
+Since GraphDB 9.10.1 the Jolokia access is managed using the `jolokia-access.xml` file.
+The file can be provisioned before GraphDB's startup with the `jolokiaAccessConfigmap` configmap or left to default.
+It can be overridden with other configmap containing the `jolokia-access.xml` file.
+
See https://graphdb.ontotext.com/documentation/enterprise/configuring-graphdb.html?highlight=properties
See https://graphdb.ontotext.com/documentation/enterprise/access-control.html
@@ -493,6 +508,11 @@ about defining resource limits.
| graphdb.clusterConfig.readOnlyMasters | list | `["master-2"]` | Describes which masters will be set as read only. Required only for 2m3w_rw_ro topology. |
| graphdb.clusterConfig.syncPeersMapping | list | `["master-1 <-> master-2"]` | Describes which masters will be linked as sync peer. Required for 2m3w_rw_ro and 2m3w_muted topology. |
| graphdb.clusterConfig.workersCount | int | `2` | |
+| graphdb.configs.jolokiaAccessConfigMap | string | `"graphdb-jolokia-access-configmap"` | Reference to a configmap used to overwrite the default GraphDB jolokia-access.xml, with an externally provided jolokia-access.xml. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
+| graphdb.configs.logbackConfigMap | string | `"graphdb-logback-configmap"` | Reference to a configmap used to overwrite the default GraphDB logback.xml, with an externally provided logback.xml. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
+| graphdb.configs.propertiesConfigMap | string | `"graphdb-properties-configmap"` | Reference to a configmap used to overwrite the default graphdb.properties, with an externally provided graphdb.properties. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
+| graphdb.configs.settingsConfigMap | string | `"graphdb-settings-configmap"` | Reference to a configmap used to overwrite the default GraphDB settings.js, with an externally provided settings.js. Even if left to default if security is enabled the configmap will be used to enable GraphDB's security. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
+| graphdb.configs.usersConfigMap | string | `"graphdb-users-configmap"` | Reference to a configmap used to overwrite the default GraphDB users.js, with an externally provided users.js. Even if left to default if security is enabled the configmap will be used to add a provisioning user. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
| graphdb.masters.java_args | string | `"-XX:MaxRAMPercentage=70 -XX:+UseContainerSupport -Ddefault.min.distinct.threshold=100m -Dgraphdb.home.work=/mnt/graphdb"` | Java arguments with which master instances will be launched. GraphDB configuration properties can also be passed here in the format -Dprop=value |
| graphdb.masters.license | string | `"graphdb-license"` | Reference to a secret containing 'graphdb.license' file to be used by master nodes. Can be set to "" (no license) if this GraphDB instance is used only with a "master" repository! Important: Must be created beforehand |
| graphdb.masters.nodes[0].java_args | string | `"-XX:MaxRAMPercentage=70 -XX:+UseContainerSupport -Ddefault.min.distinct.threshold=100m"` | |
@@ -503,7 +523,6 @@ about defining resource limits.
| graphdb.masters.persistence.volumeNamePrefix | string | `"graphdb-default-master"` | Name reference of a persistent volume to which the claim will try to attach. If changed, the default PVs won't be used. Example result: graphdb-default-master-1-pv |
| graphdb.masters.repositoryConfigmap | string | `"graphdb-repo-default-configmap"` | Reference to a configuration map containing one or more .ttl files used for repository initialization in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-a-repository.html |
| graphdb.masters.resources | object | `{"limits":{"memory":"1Gi"},"requests":{"memory":"1Gi"}}` | Below are minimum requirements for data sets of up to 50 million RDF triples For resizing, refer according to your GraphDB version documentation For EE see http://graphdb.ontotext.com/documentation/enterprise/requirements.html |
-| graphdb.masters.settingsConfigmap | string | `"graphdb-settings-default-configmap"` | Reference to a configuration map containing settings.js and graphdb.properties(optional) files used for security and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html |
| graphdb.security.enabled | bool | `false` | |
| graphdb.security.provisioningPassword | string | `"iHaveSuperpowers"` | |
| graphdb.security.provisioningUsername | string | `"provisioner"` | |
diff --git a/files/config/jolokia-access.xml b/files/config/jolokia-access.xml
new file mode 100644
index 00000000..502c73f7
--- /dev/null
+++ b/files/config/jolokia-access.xml
@@ -0,0 +1,51 @@
+
+
+
+
+
+ read
+ list
+ version
+ search
+
+
+
+ java.lang:type=Memory
+ *
+ gc
+
+
+ ReplicationCluster:*
+ *
+ *
+
+
+ Tomcat:*
+ *
+ *
+
+
+ ch.qos.logback.classic:*
+ *
+ *
+
+
+ com.ontotext:*
+ *
+ *
+
+
+ java.util.logging:type=Logging
+ *
+ *
+
+
+
+
+
+ jolokia:*
+ *
+ *
+
+
+
diff --git a/files/config/settings.js b/files/config/settings.js
index 773d6acc..3f27e802 100644
--- a/files/config/settings.js
+++ b/files/config/settings.js
@@ -1,32 +1,4 @@
{
- "users" : {
- "admin" : {
- "username" : "admin",
- "password" : "{bcrypt}$2a$10$H7uekkF1ZFLIV5M1g9tDs.syZGtkMqrfj2Si2SHG1WgwhpNqpZwne",
- "grantedAuthorities" : [ "ROLE_ADMIN" ],
- "appSettings" : {
- "DEFAULT_INFERENCE" : true,
- "DEFAULT_VIS_GRAPH_SCHEMA" : true,
- "DEFAULT_SAMEAS" : true,
- "IGNORE_SHARED_QUERIES" : false,
- "EXECUTE_COUNT" : true
- },
- "dateCreated" : 1618403171751
- },
- "provisioner" : {
- "username" : "{{ .Values.graphdb.security.provisioningUsername }}",
- "password" : "{bcrypt}{{ htpasswd .Values.graphdb.security.provisioningUsername .Values.graphdb.security.provisioningPassword | trimPrefix (printf "%s:" .Values.graphdb.security.provisioningUsername) }}",
- "grantedAuthorities" : [ "ROLE_ADMIN" ],
- "appSettings" : {
- "DEFAULT_INFERENCE" : true,
- "DEFAULT_VIS_GRAPH_SCHEMA" : true,
- "DEFAULT_SAMEAS" : true,
- "IGNORE_SHARED_QUERIES" : false,
- "EXECUTE_COUNT" : true
- },
- "dateCreated" : 1618403171751
- }
- },
"import.server" : { },
"import.local" : { },
"properties" : {
@@ -35,30 +7,6 @@
{{- end }}
"current.location" : ""
},
- "user_queries" : {
- "admin" : {
- "SPARQL Select template" : {
- "name" : "SPARQL Select template",
- "body" : "SELECT ?s ?p ?o\nWHERE {\n\t?s ?p ?o .\n} LIMIT 100",
- "shared" : false
- },
- "Clear graph" : {
- "name" : "Clear graph",
- "body" : "CLEAR GRAPH ",
- "shared" : false
- },
- "Add statements" : {
- "name" : "Add statements",
- "body" : "PREFIX dc: \nINSERT DATA\n {\n GRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n }",
- "shared" : false
- },
- "Remove statements" : {
- "name" : "Remove statements",
- "body" : "PREFIX dc: \nDELETE DATA\n{\nGRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n}",
- "shared" : false
- }
- }
- },
"locations" : {
"" : {
"location" : "",
diff --git a/files/config/users.js b/files/config/users.js
new file mode 100644
index 00000000..ad7831c1
--- /dev/null
+++ b/files/config/users.js
@@ -0,0 +1,54 @@
+{
+ "users" : {
+ "admin" : {
+ "username" : "admin",
+ "password" : "{bcrypt}$2a$10$H7uekkF1ZFLIV5M1g9tDs.syZGtkMqrfj2Si2SHG1WgwhpNqpZwne",
+ "grantedAuthorities" : [ "ROLE_ADMIN" ],
+ "appSettings" : {
+ "DEFAULT_INFERENCE" : true,
+ "DEFAULT_VIS_GRAPH_SCHEMA" : true,
+ "DEFAULT_SAMEAS" : true,
+ "IGNORE_SHARED_QUERIES" : false,
+ "EXECUTE_COUNT" : true
+ },
+ "dateCreated" : 1618403171751
+ },
+ "provisioner" : {
+ "username" : "{{ .Values.graphdb.security.provisioningUsername }}",
+ "password" : "{bcrypt}{{ htpasswd .Values.graphdb.security.provisioningUsername .Values.graphdb.security.provisioningPassword | trimPrefix (printf "%s:" .Values.graphdb.security.provisioningUsername) }}",
+ "grantedAuthorities" : [ "ROLE_ADMIN" ],
+ "appSettings" : {
+ "DEFAULT_INFERENCE" : true,
+ "DEFAULT_VIS_GRAPH_SCHEMA" : true,
+ "DEFAULT_SAMEAS" : true,
+ "IGNORE_SHARED_QUERIES" : false,
+ "EXECUTE_COUNT" : true
+ },
+ "dateCreated" : 1618403171751
+ }
+ },
+ "user_queries" : {
+ "admin" : {
+ "SPARQL Select template" : {
+ "name" : "SPARQL Select template",
+ "body" : "SELECT ?s ?p ?o\nWHERE {\n\t?s ?p ?o .\n} LIMIT 100",
+ "shared" : false
+ },
+ "Clear graph" : {
+ "name" : "Clear graph",
+ "body" : "CLEAR GRAPH ",
+ "shared" : false
+ },
+ "Add statements" : {
+ "name" : "Add statements",
+ "body" : "PREFIX dc: \nINSERT DATA\n {\n GRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n }",
+ "shared" : false
+ },
+ "Remove statements" : {
+ "name" : "Remove statements",
+ "body" : "PREFIX dc: \nDELETE DATA\n{\nGRAPH {\n dc:title \"A new book\" ;\n dc:creator \"A.N.Other\" .\n }\n}",
+ "shared" : false
+ }
+ }
+ }
+}
diff --git a/templates/configuration/graphdb-jolokia-access-configmap.yaml b/templates/configuration/graphdb-jolokia-access-configmap.yaml
new file mode 100644
index 00000000..a1055167
--- /dev/null
+++ b/templates/configuration/graphdb-jolokia-access-configmap.yaml
@@ -0,0 +1,16 @@
+# Default configuration map for provisioning the GraphDB jolokia access settings.
+# To change it, prepare another configuration map and update "graphdb.configs.jolokiaAccessConfigMap"
+{{- $configs := (.Values.graphdb.configs | default dict) }}
+{{- if $configs.jolokiaAccessConfigMap }}
+{{- if eq $configs.jolokiaAccessConfigMap "graphdb-jolokia-access-configmap" }}
+apiVersion: {{ .Values.versions.configmap }}
+kind: ConfigMap
+metadata:
+ name: graphdb-jolokia-access-configmap
+ labels:
+ name: graphdb-jolokia-access-configmap
+data:
+ jolokia-access.xml: |-
+{{ tpl (.Files.Get "files/config/jolokia-access.xml" | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/templates/configuration/graphdb-logback-configmap.yaml b/templates/configuration/graphdb-logback-configmap.yaml
index 6a287157..befa3146 100644
--- a/templates/configuration/graphdb-logback-configmap.yaml
+++ b/templates/configuration/graphdb-logback-configmap.yaml
@@ -1,6 +1,8 @@
-# Default configuration map for provisioning GraphDB repository.
-# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap"
-{{- if .Values.deployment.logbackConfigMap }}
+# Default configuration map for provisioning GraphDB logback settings.
+# To change it, prepare another configuration map and update "graphdb.configs.logbackConfigMap"
+{{- $configs := (.Values.graphdb.configs | default dict) }}
+{{- if $configs.logbackConfigMap }}
+{{- if eq $configs.logbackConfigMap "graphdb-logback-configmap" }}
apiVersion: {{ .Values.versions.configmap }}
kind: ConfigMap
metadata:
@@ -11,3 +13,4 @@ data:
logback.xml: |-
{{ tpl (.Files.Get "files/config/logback.xml" | indent 4) . }}
{{- end }}
+{{- end }}
diff --git a/templates/configuration/graphdb-properties-configmap.yaml b/templates/configuration/graphdb-properties-configmap.yaml
new file mode 100644
index 00000000..2108c8d8
--- /dev/null
+++ b/templates/configuration/graphdb-properties-configmap.yaml
@@ -0,0 +1,16 @@
+# Default configuration map for provisioning GraphDB properties.
+# To change it, prepare another configuration map and update "graphdb.configs.propertiesConfigMap"
+{{- $configs := (.Values.graphdb.configs | default dict) }}
+{{- if $configs.propertiesConfigMap}}
+{{- if eq $configs.propertiesConfigMap "graphdb-properties-configmap" }}
+apiVersion: {{ .Values.versions.configmap }}
+kind: ConfigMap
+metadata:
+ name: graphdb-properties-configmap
+ labels:
+ name: graphdb-properties-configmap
+data:
+ graphdb.properties: |-
+{{ tpl (.Files.Get "files/config/graphdb.properties" | indent 4) . }}
+{{- end }}
+{{- end }}
diff --git a/templates/configuration/graphdb-settings-configmap.yaml b/templates/configuration/graphdb-settings-configmap.yaml
new file mode 100644
index 00000000..cea9c366
--- /dev/null
+++ b/templates/configuration/graphdb-settings-configmap.yaml
@@ -0,0 +1,15 @@
+# Default configuration map for provisioning GraphDB settings.js file.
+# To change it, prepare another configuration map and update "graphdb.configs.settingsConfigMap"
+{{- $configs := (.Values.graphdb.configs | default dict) }}
+{{- $settingsConfigMap := $configs.settingsConfigMap | default "" }}
+{{- if or (eq $settingsConfigMap "graphdb-settings-configmap") (and (not $settingsConfigMap ) (.Values.graphdb.security.enabled)) }}
+apiVersion: {{ .Values.versions.configmap }}
+kind: ConfigMap
+metadata:
+ name: graphdb-settings-configmap
+ labels:
+ name: graphdb-settings-configmap
+data:
+ settings.js: |-
+{{ tpl (.Files.Get "files/config/settings.js" | indent 4) . }}
+{{- end }}
diff --git a/templates/configuration/graphdb-settings-default-configmap.yaml b/templates/configuration/graphdb-settings-default-configmap.yaml
deleted file mode 100644
index 9428ebde..00000000
--- a/templates/configuration/graphdb-settings-default-configmap.yaml
+++ /dev/null
@@ -1,17 +0,0 @@
-# Default configuration map for provisioning GraphDB repository.
-# To change it, prepare another configuration map and update "graphdb.repositoryConfigmap"
-apiVersion: {{ .Values.versions.configmap }}
-kind: ConfigMap
-metadata:
- name: graphdb-settings-default-configmap
- labels:
- name: graphdb-settings-default-configmap
-data:
- settings.js: |-
-{{ tpl (.Files.Get "files/config/settings.js" | indent 4) . }}
- graphdb.properties: |-
-{{ tpl (.Files.Get "files/config/graphdb.properties" | indent 4) . }}
-{{- if .Values.deployment.logbackConfigFile }}
- logback.xml: |-
-{{ tpl (.Files.Get .Values.deployment.logbackConfigFile | indent 4) . }}
-{{- end }}
diff --git a/templates/configuration/graphdb-users-configmap.yaml b/templates/configuration/graphdb-users-configmap.yaml
new file mode 100644
index 00000000..1a6ef81f
--- /dev/null
+++ b/templates/configuration/graphdb-users-configmap.yaml
@@ -0,0 +1,15 @@
+# Default configuration map for provisioning GraphDB users.js file.
+# To change it, prepare another configuration map and update "graphdb.configs.usersConfigMap"
+{{- $configs := (.Values.graphdb.configs | default dict) }}
+{{- $usersConfigMap := $configs.usersConfigMap | default ""}}
+{{- if or (eq $usersConfigMap "graphdb-users-configmap") (and (not $usersConfigMap) (.Values.graphdb.security.enabled)) }}
+apiVersion: {{ .Values.versions.configmap }}
+kind: ConfigMap
+metadata:
+ name: graphdb-users-configmap
+ labels:
+ name: graphdb-users-configmap
+data:
+ users.js: |-
+{{ tpl (.Files.Get "files/config/users.js" | indent 4) . }}
+{{- end }}
diff --git a/templates/graphdb-master.yaml b/templates/graphdb-master.yaml
index 886f2c7d..2f67346f 100644
--- a/templates/graphdb-master.yaml
+++ b/templates/graphdb-master.yaml
@@ -3,6 +3,7 @@
{{ $worker_endpoint := printf "http://graphdb-master-%d:7200" $master_index }}
{{- $authToken := ((printf "%s:%s" $.Values.graphdb.security.provisioningUsername $.Values.graphdb.security.provisioningPassword) | b64enc) }}
+{{- $configs := ($.Values.graphdb.configs | default dict) }}
---
apiVersion: {{ $.Values.versions.statefulset }}
@@ -60,13 +61,30 @@ spec:
- name: graphdb-master-repo-config
configMap:
name: {{ required "Config map with .ttl for repositories creation is required!" $.Values.graphdb.masters.repositoryConfigmap }}
- - name: graphdb-master-settings-config
+ {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-settings-config
configMap:
- name: {{ required "Config map with settings.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }}
- {{- if $.Values.deployment.logbackConfigMap }}
+ name: {{ $configs.settingsConfigMap | default "graphdb-settings-configmap" }}
+ {{- end }}
+ {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-users-config
+ configMap:
+ name: {{ $configs.usersConfigMap | default "graphdb-users-configmap" }}
+ {{- end }}
+ {{- if $configs.propertiesConfigMap }}
+ - name: graphdb-properties-config
+ configMap:
+ name: {{ $configs.propertiesConfigMap }}
+ {{- end }}
+ {{- if $configs.logbackConfigMap }}
- name: graphdb-logback-config
configMap:
- name: {{ $.Values.deployment.logbackConfigMap }}
+ name: {{ $configs.logbackConfigMap }}
+ {{- end }}
+ {{- if $configs.jolokiaAccessConfigMap }}
+ - name: graphdb-jolokia-access-config
+ configMap:
+ name: {{ $configs.jolokiaAccessConfigMap }}
{{- end }}
imagePullSecrets:
{{- include "combinedImagePullSecrets" $ | nindent 8 }}
@@ -194,30 +212,54 @@ spec:
- name: graphdb-master-storage
{{- end }}
mountPath: /opt/graphdb/home
- - name: graphdb-master-settings-config
- mountPath: /tmp/graphdb
- {{- if $.Values.deployment.logbackConfigMap }}
+ {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-settings-config
+ mountPath: /tmp/graphdb-settigns-configmap
+ {{- end }}
+ {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-users-config
+ mountPath: /tmp/graphdb-users-configmap
+ {{- end }}
+ {{- if $configs.propertiesConfigMap }}
+ - name: graphdb-properties-config
+ mountPath: /tmp/graphdb-properties-configmap
+ {{- end }}
+ {{- if $configs.logbackConfigMap }}
- name: graphdb-logback-config
- mountPath: /tmp/graphdb-configmap
+ mountPath: /tmp/graphdb-logback-configmap
+ {{- end }}
+ {{- if $configs.jolokiaAccessConfigMap }}
+ - name: graphdb-jolokia-access-config
+ mountPath: /tmp/graphdb-jolokia-access-configmap
{{- end }}
command: ['sh', '-c']
args:
- |
set -eu
- if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb/settings.js ]]; then
- echo "Provisioning users settings with settings.js file..."
+ if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then
+ echo "Provisioning users with users.js file..."
mkdir -p /opt/graphdb/home/work/workbench ;
- cp /tmp/graphdb/settings.js /opt/graphdb/home/work/workbench/settings.js
+ cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js
fi
- if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb/graphdb.properties ]]; then
+ if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb-settigns-configmap/settings.js ]]; then
+ echo "Provisioning settings with settings.js file..."
+ mkdir -p /opt/graphdb/home/work/workbench ;
+ cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js
+ fi
+ if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb-properties-configmap/graphdb.properties ]]; then
echo "Provisioning graphdb properties file..."
mkdir -p /opt/graphdb/home/conf ;
- cp /tmp/graphdb/graphdb.properties /opt/graphdb/home/conf/graphdb.properties
+ cp /tmp/graphdb-properties-configmap/graphdb.properties /opt/graphdb/home/conf/graphdb.properties
fi
- if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-configmap/logback.xml ]]; then
+ if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-logback-configmap/logback.xml ]]; then
echo "Provisioning logging config file..."
mkdir -p /opt/graphdb/home/conf ;
- cp /tmp/graphdb-configmap/logback.xml /opt/graphdb/home/conf/logback.xml
+ cp /tmp/graphdb-logback-configmap/logback.xml /opt/graphdb/home/conf/logback.xml
+ fi
+ if [[ ! -f /opt/graphdb/home/conf/jolokia-access.xml && -f /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml ]]; then
+ echo "Provisioning jolokia access config file..."
+ mkdir -p /opt/graphdb/home/conf ;
+ cp /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml /opt/graphdb/home/conf/jolokia-access.xml
fi
mkdir -p /opt/graphdb/home/jdbc-driver
echo 'Done'
diff --git a/templates/graphdb-worker.yaml b/templates/graphdb-worker.yaml
index 4aae09a5..6cff3403 100644
--- a/templates/graphdb-worker.yaml
+++ b/templates/graphdb-worker.yaml
@@ -5,6 +5,7 @@
{{ $worker_endpoint := printf "http://graphdb-worker-%d:7200" $worker_index }}
{{ $authToken := ((printf "%s:%s" $.Values.graphdb.security.provisioningUsername $.Values.graphdb.security.provisioningPassword) | b64enc) }}
+{{- $configs := ($.Values.graphdb.configs | default dict) }}
---
apiVersion: {{ $.Values.versions.statefulset }}
kind: StatefulSet
@@ -45,16 +46,33 @@ spec:
- name: graphdb-worker-repo-config
configMap:
name: {{ required "Config map with .ttl for repositories creation is required!" $.Values.graphdb.workers.repositoryConfigmap }}
- - name: graphdb-master-settings-config
+ {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-settings-config
configMap:
- name: {{ required "Config map with settings.js (and graphdb.properties(optional) ) for security/settings provisioning is required!" $.Values.graphdb.masters.settingsConfigmap }}
+ name: {{ $configs.settingsConfigMap | default "graphdb-settings-configmap" }}
+ {{- end }}
+ {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-users-config
+ configMap:
+ name: {{ $configs.usersConfigMap | default "graphdb-users-configmap" }}
+ {{- end }}
- name: graphdb-utils
configMap:
name: graphdb-utils-configmap
- {{- if $.Values.deployment.logbackConfigMap }}
+ {{- if $configs.propertieConfigMap }}
+ - name: graphdb-properties-config
+ configMap:
+ name: {{ $configs.propertieConfigMap }}
+ {{- end}}
+ {{- if $configs.logbackConfigMap }}
- name: graphdb-logback-config
configMap:
- name: {{ $.Values.deployment.logbackConfigMap }}
+ name: {{ $configs.logbackConfigMap }}
+ {{- end }}
+ {{- if $configs.jolokiaAccessConfigMap }}
+ - name: graphdb-jolokia-access-config
+ configMap:
+ name: {{ $configs.jolokiaAccessConfigMap }}
{{- end }}
{{- if and (eq $worker_index 1) (or $.Values.graphdb.tools.preload.trigger $.Values.graphdb.tools.loadrdf.trigger) }}
- name: graphdb-worker-preload-data
@@ -178,30 +196,54 @@ spec:
- name: graphdb-worker-storage
{{- end }}
mountPath: /opt/graphdb/home
- - name: graphdb-master-settings-config
- mountPath: /tmp/graphdb
- {{- if $.Values.deployment.logbackConfigMap }}
+ {{- if or $configs.settingsConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-settings-config
+ mountPath: /tmp/graphdb-settigns-configmap
+ {{- end }}
+ {{- if or $configs.usersConfigMap $.Values.graphdb.security.enabled }}
+ - name: graphdb-users-config
+ mountPath: /tmp/graphdb-users-configmap
+ {{- end }}
+ {{- if $configs.propertieConfigMap }}
+ - name: graphdb-properties-config
+ mountPath: /tmp/graphdb-properties-configmap
+ {{- end }}
+ {{- if $configs.logbackConfigMap }}
- name: graphdb-logback-config
- mountPath: /tmp/graphdb-configmap
+ mountPath: /tmp/graphdb-logback-configmap
+ {{- end }}
+ {{- if $configs.jolokiaAccessConfigMap }}
+ - name: graphdb-jolokia-access-config
+ mountPath: /tmp/graphdb-jolokia-access-configmap
{{- end }}
command: ['sh', '-c']
args:
- |
set -eu
- if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb/settings.js ]]; then
- echo "Provisioning users settings with settings.js file..."
+ if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && ! -f /opt/graphdb/home/work/workbench/users.js && -f /tmp/graphdb-users-configmap/users.js ]]; then
+ echo "Provisioning users with users.js file..."
mkdir -p /opt/graphdb/home/work/workbench ;
- cp /tmp/graphdb/settings.js /opt/graphdb/home/work/workbench/settings.js
+ cp /tmp/graphdb-users-configmap/users.js /opt/graphdb/home/work/workbench/users.js
fi
- if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb/graphdb.properties ]]; then
+ if [[ ! -f /opt/graphdb/home/work/workbench/settings.js && -f /tmp/graphdb-settigns-configmap/settings.js ]]; then
+ echo "Provisioning settings with settings.js file..."
+ mkdir -p /opt/graphdb/home/work/workbench ;
+ cp /tmp/graphdb-settigns-configmap/settings.js /opt/graphdb/home/work/workbench/settings.js
+ fi
+ if [[ ! -f /opt/graphdb/home/conf/graphdb.properties && -f /tmp/graphdb-properties-configmap/graphdb.properties ]]; then
echo "Provisioning graphdb properties file..."
mkdir -p /opt/graphdb/home/conf ;
- cp /tmp/graphdb/graphdb.properties /opt/graphdb/home/conf/graphdb.properties
+ cp /tmp/graphdb-properties-configmap/graphdb.properties /opt/graphdb/home/conf/graphdb.properties
fi
- if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-configmap/logback.xml ]]; then
+ if [[ ! -f /opt/graphdb/home/conf/logback.xml && -f /tmp/graphdb-logback-configmap/logback.xml ]]; then
echo "Provisioning logging config file..."
mkdir -p /opt/graphdb/home/conf ;
- cp /tmp/graphdb-configmap/logback.xml /opt/graphdb/home/conf/logback.xml
+ cp /tmp/graphdb-logback-configmap/logback.xml /opt/graphdb/home/conf/logback.xml
+ fi
+ if [[ ! -f /opt/graphdb/home/conf/jolokia-access.xml && -f /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml ]]; then
+ echo "Provisioning jolokia access config file..."
+ mkdir -p /opt/graphdb/home/conf ;
+ cp /tmp/graphdb-jolokia-access-configmap/jolokia-access.xml /opt/graphdb/home/conf/jolokia-access.xml
fi
mkdir -p /opt/graphdb/home/jdbc-driver
echo 'Done'
diff --git a/values.yaml b/values.yaml
index 2b9ea9d9..d0c9e15e 100644
--- a/values.yaml
+++ b/values.yaml
@@ -34,7 +34,7 @@ images:
tag: "2.1-alpine"
graphdb:
repository: ontotext/graphdb
- tag: "10.0"
+ tag: "10.0.0"
busybox:
repository: busybox
tag: "1.31"
@@ -78,8 +78,6 @@ deployment:
connect: 5
read: 60
send: 60
- # Override default logback configuration
- # logbackConfigMap: graphdb-logback-configmap
# KONG API gateway configurations.
# This gateway sits behind the ingress and exposes the rest of the components.
@@ -147,6 +145,20 @@ graphdb:
# -- A secret used for secure communication amongst the nodes in the cluster.
clusterSecret: s3cr37
+ # -- References to configuration maps containing settings.js, users.js, graphdb.properties, logback.xml and jolokia-access.xml files to overwrite
+ # the default GraphDB configuration. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
+ configs:
+ # Override default settings configuration
+ #settingsConfigMap: graphdb-settings-configmap
+ # Override default users configuration
+ #usersConfigMap: graphdb-users-configmap
+ # Override default properties configuration
+ #propertiesConfigMap: graphdb-properties-configmap
+ # Override default logback configuration
+ #logbackConfigMap: graphdb-logback-configmap
+ # Override default jolokia access configuration
+ #jolokiaAccessConfigMap: graphdb-jolokia-access-configmap
+
security:
# If the security is enabled, it's mandatory to have a provisioning user, so the healthchecks and cluster linking can work properly
enabled: false
@@ -158,9 +170,6 @@ graphdb:
# -- Reference to a configuration map containing one or more .ttl files used for repository
# initialization in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-a-repository.html
repositoryConfigmap: graphdb-repo-default-configmap
- # -- Reference to a configuration map containing settings.js and graphdb.properties(optional) files used for security
- # and properties provisioning in the post install hook. For reference see https://graphdb.ontotext.com/documentation/standard/configuring-graphdb.html
- settingsConfigmap: graphdb-settings-default-configmap
# -- Reference to a secret containing 'graphdb.license' file to be used by master nodes.
# This is a required secret without which GraphDB won't operate if you use SE/EE editions.
# Can be set to "" if you want to use this instance only with master repositories, which does not require a license!