[AAI] 14.0.3 Oslo release with Java 11HEAD master

- [resources,traversal,graphadmin] use 1.14.7 release images that are based on Java 11 - [babel] add metrics and tracing - [babel] allow remote profiling and debugging - [graphadmin] make graphadmin chart Kyverno compliant - [graphadmin] replace fixed initialDelaySeconds wait invertal with dynamic startup probe - [graphadmin] use actuator endpoint for liveness and readiness probe. Actuator still uses the old echo probe in the background - [graphadmin] remove janusgraph-cached.properties since it effectively cannot be used - [graphadmin] clean up janusgraph-realtime.properties - [graphadmin] use common functions for readiness probe - [graphadmin] remove LOCAL_USER_ID and LOCAL_GROUP_ID environment variables since they are not used (anymore) - [modelloader] add metrics monitoring via prometheus - [modelloader] allow remote profiling and debugging - [sparky-be] use latest release image (2.0.5) Other - [sdc-be] declare ServiceMonitor to enable metrics monitoring via Prometheus Issue-ID: AAI-3986 Change-Id: Ifbd52d0d019d34596f6f824aa940e9b7993336ab Signed-off-by: Fiete Ostkamp <Fiete.Ostkamp@telekom.de>
author: Fiete Ostkamp <Fiete.Ostkamp@telekom.de> 2024-09-04 16:55:56 +0200
committer: Fiete Ostkamp <fiete.ostkamp@telekom.de> 2024-09-19 13:50:44 +0000
commit: a6889979459185d6873695ab9c4c74dbeed6daee (patch)
tree: c7c97a0071c7115793f7ddb72f7b8c875d1894df /kubernetes/aai/components/aai-graphadmin/templates
parent: 0765a2124569cfa38a2828f2c9d88cf8cca8eedc (diff)
6 files changed, 72 insertions, 118 deletions
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
index 8eb4a4a781..ddf752b480 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/configmap.yaml
@@ -40,7 +40,6 @@ data:
 {{ tpl (.Files.Glob "resources/config/logback.xml").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/localhost-access-logback.xml").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/janusgraph-realtime.properties").AsConfig . | indent 2 }}
-{{ tpl (.Files.Glob "resources/config/janusgraph-cached.properties").AsConfig . | indent 2 }}
 {{ tpl (.Files.Glob "resources/config/realm.properties").AsConfig . | indent 2 }}
 ---
 apiVersion: v1
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
index 01dc44123c..6ac078b756 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/deployment.yaml
@@ -38,7 +38,11 @@ metadata:
     release: {{ include "common.release" . }}
     heritage: {{ .Release.Service }}
 spec:
+  {{- if .Values.config.debug.enabled }}
+  replicas: 1
+  {{- else }}
   replicas: {{ .Values.replicaCount }}
+  {{- end }}
   revisionHistoryLimit: {{ .Values.revisionHistoryLimit }}
   minReadySeconds: {{ .Values.minReadySeconds }}
   strategy:
@@ -66,59 +70,36 @@ spec:
     spec:
       hostname: aai-graphadmin
       terminationGracePeriodSeconds: {{ .Values.service.terminationGracePeriodSeconds }}
-    {{ if .Values.global.initContainers.enabled }}
+      {{- if .Values.global.initContainers.enabled }}
       initContainers:
-      - command:
-      {{ if .Values.global.jobs.migration.enabled }}
-        - /app/ready.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-aai-graphadmin-migration
-      {{  else if .Values.global.jobs.createSchema.enabled  }}
-        - /app/ready.py
-        args:
-        - --job-name
-        - {{ include "common.release" . }}-aai-graphadmin-create-db-schema
-      {{  else }}
-        - /app/ready.py
-        args:
-        - --service-name
-        - {{ .Values.global.cassandra.serviceName }}
-        - --service-name
-        - aai-schema-service
-      {{  end  }}
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-        resources:
-          limits:
-            cpu: "100m"
-            memory: "500Mi"
-          requests:
-            cpu: "3m"
-            memory: "20Mi"
-      {{  end  }}
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled ) | indent 6 | trim}}
+      {{- end }}
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
         env:
-        - name: LOCAL_USER_ID
-          value: {{ .Values.securityContext.user_id | quote }}
-        - name: LOCAL_GROUP_ID
-          value: {{ .Values.securityContext.group_id | quote }}
+        {{- if .Values.config.env }}
+        {{- range $key,$value := .Values.config.env }}
+        - name: {{ $key | upper | quote}}
+          value: {{ $value | quote}}
+        {{- end }}
+        {{- end }}
+        {{- if eq .Values.flavor "small" }}
+        - name: MAX_HEAP_SIZE
+          value: {{ .Values.small.maxHeapSize | quote }}
+        {{- else if eq .Values.flavor "large" }}
+        - name: MAX_HEAP_SIZE
+          value: {{ .Values.large.maxHeapSize | quote }}
+        {{- end }}
         - name: INTERNAL_PORT_1
           value: {{ .Values.service.appPort | quote }}
         - name: INTERNAL_PORT_2
           value: {{ .Values.service.debugPort | quote }}
         - name: INTERNAL_PORT_3
-          value: {{ .Values.service.internalPort3 | quote }}
+          value: {{ .Values.service.actuatorPort | quote }}
         - name: BOOTSTRAP_SERVERS
           value: {{ include "common.release" . }}-strimzi-kafka-bootstrap:9092
         - name: JAAS_CONFIG
@@ -138,14 +119,13 @@ spec:
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
           name: config
           subPath: janusgraph-realtime.properties
-        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
-          name: config
-          subPath: janusgraph-cached.properties
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
           name: properties
           subPath: aaiconfig.properties
         - mountPath: /opt/aai/logroot/AAI-RES
           name: logs
+        - mountPath: /opt/app/aai-graphadmin/logs
+          name: script-logs
         - mountPath: /opt/app/aai-graphadmin/resources/logback.xml
           name: config
           subPath: logback.xml
@@ -158,6 +138,8 @@ spec:
         - mountPath: /opt/app/aai-graphadmin/resources/application.properties
           name: properties
           subPath: application.properties
+        - mountPath: /tmp
+          name: tmp-volume
         ports:
         - containerPort: {{ .Values.service.appPort }}
           name: {{ .Values.service.appPortName }}
@@ -169,8 +151,8 @@ spec:
         - containerPort: {{ .Values.service.profilingPort }}
           name: {{ .Values.service.profilingPortName }}
         {{- end }}
-        - containerPort: {{ .Values.service.internalPort3 }}
-          name: {{ .Values.service.portName3 }}
+        - containerPort: {{ .Values.service.actuatorPort }}
+          name: {{ .Values.service.actuatorPortName }}
         lifecycle:
           # wait for active requests (long-running tasks) to be finished
           # Before the SIGTERM is invoked, Kubernetes exposes a preStop hook in the Pod.
@@ -188,16 +170,28 @@ spec:
         # debugging.enabled=true or profiling.enabled=true
         {{- if and .Values.liveness.enabled (not (or .Values.config.debug.enabled .Values.config.profiling.enabled)) }}
         livenessProbe:
-          tcpSocket:
-            port: {{ .Values.service.appPort }}
+          httpGet:
+            port: {{ .Values.service.actuatorPort }}
+            path: {{ .Values.liveness.path }}
+          {{- if .Values.liveness.initialDelaySeconds }}
           initialDelaySeconds: {{ .Values.liveness.initialDelaySeconds }}
+          {{- end }}
           periodSeconds: {{ .Values.liveness.periodSeconds }}
-        {{ end }}
+        {{- end }}
         readinessProbe:
-          tcpSocket:
-            port: {{ .Values.service.appPort }}
+          httpGet:
+            port: {{ .Values.service.actuatorPort }}
+            path: {{ .Values.readiness.path }}
+          {{- if .Values.readiness.initialDelaySeconds }}
           initialDelaySeconds: {{ .Values.readiness.initialDelaySeconds }}
+          {{- end }}
           periodSeconds: {{ .Values.readiness.periodSeconds }}
+        startupProbe:
+          httpGet:
+            port: {{ .Values.service.actuatorPort }}
+            path: {{ .Values.startup.path }}
+          failureThreshold: {{ .Values.startup.failureThreshold }}
+          periodSeconds: {{ .Values.startup.periodSeconds }}
         resources: {{ include "common.resources" . | nindent 10 }}
       {{- if .Values.nodeSelector }}
       nodeSelector:
@@ -212,8 +206,12 @@ spec:
       {{ include "common.log.sidecar" . | nindent 6 }}
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
+      - name: tmp-volume
+        emptyDir: {}
       - name: logs
         emptyDir: {}
+      - name: script-logs
+        emptyDir: {}
       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
       - name: config
         configMap:
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
index f1178a0a6e..3f0c4e11e5 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-copy-db-backup.yaml
@@ -60,7 +60,7 @@ spec:
       name: {{ include "common.name" . }}
     spec:
       initContainers:
-      {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+      {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
       - command:
         - /bin/bash
         - -c
@@ -93,13 +93,8 @@ spec:
         - |
            {{- if include "common.onServiceMesh" . }}
            echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
-           sh docker-entrypoint.sh dataSnapshot.sh;
+           bash docker-entrypoint.sh dataSnapshot.sh;
            {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
-        env:
-        - name: LOCAL_USER_ID
-          value: {{ .Values.securityContext.user_id | quote }}
-        - name: LOCAL_GROUP_ID
-          value: {{ .Values.securityContext.group_id | quote }}
         volumeMounts:
         - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
           name: snapshots
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
index 3f5c1d3d19..e67479a1d5 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-create-db.yaml
@@ -55,33 +55,13 @@ spec:
       name: {{ include "common.name" . }}
     spec:
       initContainers:
-      - command:
-        - /app/ready.py
-        args:
-        - --service-name
-        - {{ .Values.global.cassandra.serviceName }}
-        - --service-name
-        - aai-schema-service
-        env:
-        - name: NAMESPACE
-          valueFrom:
-            fieldRef:
-              apiVersion: v1
-              fieldPath: metadata.namespace
-        image: {{ include "repositoryGenerator.image.readiness" . }}
-        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
-        name: {{ include "common.name" . }}-readiness
-        resources:
-          limits:
-            cpu: "100m"
-            memory: "500Mi"
-          requests:
-            cpu: "3m"
-            memory: "20Mi"
+      {{ include "common.readinessCheck.waitFor" (dict "dot" . "wait_for" .Values.readinessCheck.waitForWithCreateSchemaDisabled) | indent 6 | trim }}
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" . }}-job
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.image }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        {{ include "common.containerSecurityContext" . | indent 8 | trim }}
         command:
         - sh
         args:
@@ -92,17 +72,19 @@ spec:
            sh docker-entrypoint.sh createDBSchema.sh;
            {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
         env:
-        - name: LOCAL_USER_ID
-          value: {{ .Values.securityContext.user_id | quote }}
-        - name: LOCAL_GROUP_ID
-          value: {{ .Values.securityContext.group_id | quote }}
+        {{- if .Values.config.debug.enabled }}
+        - name: JVM_OPTS
+          value: {{ .Values.config.debug.args | quote }}
+        {{- end }}
+        ports:
+        {{- if .Values.config.debug.enabled }}
+        - containerPort: {{ .Values.service.debugPort }}
+          name: {{ .Values.service.debugPortName }}
+        {{- end }}
         volumeMounts:
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
           name: config
           subPath: janusgraph-realtime.properties
-        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
-          name: config
-          subPath: janusgraph-cached.properties
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
           name: properties
           subPath: aaiconfig.properties
@@ -128,7 +110,8 @@ spec:
       volumes:
       {{ include "common.log.volumes" (dict "dot" . "configMapNamePrefix" (tpl .Values.logConfigMapNamePrefix .)) | nindent 6 }}
       - name: logs
-        emptyDir: {}
+        emptyDir:
+          sizeLimit: 64Mi
       - name: config
         configMap:
           name: {{ include "common.fullname" . }}
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
index df62d4169c..4ec2306eca 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/job-migration.yaml
@@ -89,20 +89,12 @@ spec:
         - -c
         - |
            sh docker-entrypoint.sh dataRestoreFromSnapshot.sh `ls -t /opt/app/aai-graphadmin/logs/data/dataSnapshots|head -1|awk -F".P" '{ print $1 }'`
-        env:
-        - name: LOCAL_USER_ID
-          value: {{ .Values.securityContext.user_id | quote }}
-        - name: LOCAL_GROUP_ID
-          value: {{ .Values.securityContext.group_id | quote }}
         volumeMounts:
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
           name: config
           subPath: janusgraph-realtime.properties
         - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
           name: snapshots
-        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
-          name: config
-          subPath: janusgraph-cached.properties
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
           name: properties
           subPath: aaiconfig.properties
@@ -133,18 +125,10 @@ spec:
            echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
            sh docker-entrypoint.sh run_Migrations.sh -e UpdateAaiUriIndexMigration --commit --skipPreMigrationSnapShot --runDisabled RebuildAllEdges ;
            {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
-        env:
-        - name: LOCAL_USER_ID
-          value: {{ .Values.securityContext.user_id | quote }}
-        - name: LOCAL_GROUP_ID
-          value: {{ .Values.securityContext.group_id | quote }}
         volumeMounts:
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-realtime.properties
           name: config
           subPath: janusgraph-realtime.properties
-        - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/janusgraph-cached.properties
-          name: config
-          subPath: janusgraph-cached.properties
         - mountPath: /opt/app/aai-graphadmin/resources/etc/appprops/aaiconfig.properties
           name: properties
           subPath: aaiconfig.properties
@@ -207,7 +191,7 @@ spec:
       name: {{ include "common.name" . }}
     spec:
       initContainers:
-      {{ if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
+      {{- if eq .Values.global.jobs.migration.remoteCassandra.enabled false }}
       - command:
         - /bin/bash
         - -c
@@ -242,11 +226,6 @@ spec:
            echo "waiting 15s for istio side cars to be up"; sleep 15s;{{- end }}
            sh docker-entrypoint.sh dataSnapshot.sh
            {{ include "common.serviceMesh.killSidecar" . | indent 11 | trim }}
-        env:
-        - name: LOCAL_USER_ID
-          value: {{ .Values.securityContext.user_id | quote }}
-        - name: LOCAL_GROUP_ID
-          value: {{ .Values.securityContext.group_id | quote }}
         volumeMounts:
         - mountPath: /opt/app/aai-graphadmin/logs/data/dataSnapshots
           name: snapshots
diff --git a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
index 68f1cda815..16924e9d5c 100644
--- a/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
+++ b/kubernetes/aai/components/aai-graphadmin/templates/service.yaml
@@ -43,10 +43,10 @@ spec:
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort2 }}
     name: {{ .Values.service.debugPortName }}
     targetPort: {{ .Values.service.debugPortName }}
-  - port: {{ .Values.service.internalPort3 }}
+  - port: {{ .Values.service.actuatorPort }}
     nodePort: {{ .Values.global.nodePortPrefix | default .Values.nodePortPrefix }}{{ .Values.service.nodePort3 }}
-    name: {{ .Values.service.portName3 }}
-    targetPort: {{ .Values.service.portName3 }}
+    name: {{ .Values.service.actuatorPortName }}
+    targetPort: {{ .Values.service.actuatorPortName }}
   {{- else -}}
   - port: {{ .Values.service.appPort }}
     name: {{ .Values.service.appPortName }}
@@ -54,8 +54,8 @@ spec:
   - port: {{ .Values.service.debugPort }}
     name: {{ .Values.service.debugPortName }}
     targetPort: {{ .Values.service.debugPortName }}
-  - port: {{ .Values.service.internalPort3 }}
-    name: {{ .Values.service.portName3 }}
+  - port: {{ .Values.service.actuatorPort }}
+    name: {{ .Values.service.actuatorPortName }}
     targetPort: {{ .Values.service.appPort }}
   {{- end}}
   selector:
author	Fiete Ostkamp <Fiete.Ostkamp@telekom.de>	2024-09-04 16:55:56 +0200
committer	Fiete Ostkamp <fiete.ostkamp@telekom.de>	2024-09-19 13:50:44 +0000
commit	a6889979459185d6873695ab9c4c74dbeed6daee (patch)
tree	c7c97a0071c7115793f7ddb72f7b8c875d1894df /kubernetes/aai/components/aai-graphadmin/templates
parent	0765a2124569cfa38a2828f2c9d88cf8cca8eedc (diff)