From b93961f4728a808866f4bed71b734f02aad02aff Mon Sep 17 00:00:00 2001 From: Richard Conway Date: Wed, 3 Jan 2024 14:42:06 +0000 Subject: [PATCH] Alignment with demo cluster --- .../proc-ades-guard.yaml | 3 ++- .../processing-and-chaining/proc-ades.yaml | 2 +- .../hr-combined-rm-guard.yaml | 3 ++- .../hr-resource-catalogue.yaml | 26 +++++++++---------- .../hr-workspace-api-guard.yaml | 2 +- .../template-hr-data-access.yaml | 2 +- .../template-hr-resource-guard.yaml | 4 +++ .../resource-management/ss-harbor.yaml | 2 -- .../system/test/hr-dummy-service-guard.yaml | 2 +- .../user-management/kustomization.yaml | 13 ++++++++++ 10 files changed, 38 insertions(+), 21 deletions(-) create mode 100644 system/clusters/creodias/user-management/kustomization.yaml diff --git a/system/clusters/creodias/processing-and-chaining/proc-ades-guard.yaml b/system/clusters/creodias/processing-and-chaining/proc-ades-guard.yaml index 3e153446..468ec43b 100644 --- a/system/clusters/creodias/processing-and-chaining/proc-ades-guard.yaml +++ b/system/clusters/creodias/processing-and-chaining/proc-ades-guard.yaml @@ -4,7 +4,6 @@ metadata: name: proc-ades-guard namespace: proc spec: - suspend: false chart: spec: chart: resource-guard @@ -27,6 +26,8 @@ spec: # PEP values #--------------------------------------------------------------------------- pep-engine: + image: + pullPolicy: Always configMap: asHostname: auth pdpHostname: auth diff --git a/system/clusters/creodias/processing-and-chaining/proc-ades.yaml b/system/clusters/creodias/processing-and-chaining/proc-ades.yaml index 67bfff2f..9115b01b 100644 --- a/system/clusters/creodias/processing-and-chaining/proc-ades.yaml +++ b/system/clusters/creodias/processing-and-chaining/proc-ades.yaml @@ -126,7 +126,7 @@ spec: wps: pepBaseUrl: "http://ades-pep:5576" - usePep: "true" + usePep: "false" maincfgtpl: "files/main.cfg.tpl" persistence: enabled: true diff --git a/system/clusters/creodias/resource-management/hr-combined-rm-guard.yaml b/system/clusters/creodias/resource-management/hr-combined-rm-guard.yaml index e839410e..7dbddaeb 100644 --- a/system/clusters/creodias/resource-management/hr-combined-rm-guard.yaml +++ b/system/clusters/creodias/resource-management/hr-combined-rm-guard.yaml @@ -4,7 +4,6 @@ metadata: name: combined-rm-guard namespace: rm spec: - suspend: false chart: spec: chart: resource-guard @@ -27,6 +26,8 @@ spec: # PEP values #--------------------------------------------------------------------------- pep-engine: + image: + pullPolicy: Always configMap: asHostname: auth pdpHostname: auth diff --git a/system/clusters/creodias/resource-management/hr-resource-catalogue.yaml b/system/clusters/creodias/resource-management/hr-resource-catalogue.yaml index a8c050bf..788df696 100644 --- a/system/clusters/creodias/resource-management/hr-resource-catalogue.yaml +++ b/system/clusters/creodias/resource-management/hr-resource-catalogue.yaml @@ -16,19 +16,19 @@ spec: values: global: namespace: rm - # db: - # volume_size: 5Gi - # config: - # enabled: true - # shared_buffers: 2GB - # effective_cache_size: 6GB - # maintenance_work_mem: 512MB - # checkpoint_completion_target: 0.9 - # wal_buffers: 16MB - # default_statistics_target: 100 - # random_page_cost: 4 - # work_mem: 4MB - # cpu_tuple_cost: 0.4 + db: + volume_size: 5Gi + config: + enabled: true + shared_buffers: 2GB + effective_cache_size: 6GB + maintenance_work_mem: 512MB + checkpoint_completion_target: 0.9 + wal_buffers: 16MB + default_statistics_target: 100 + random_page_cost: 4 + work_mem: 4MB + cpu_tuple_cost: 0.4 ingress: enabled: false # name: resource-catalogue diff --git a/system/clusters/creodias/resource-management/hr-workspace-api-guard.yaml b/system/clusters/creodias/resource-management/hr-workspace-api-guard.yaml index 10aa69fc..2e583b5e 100644 --- a/system/clusters/creodias/resource-management/hr-workspace-api-guard.yaml +++ b/system/clusters/creodias/resource-management/hr-workspace-api-guard.yaml @@ -82,7 +82,7 @@ spec: logging: level: "info" unauthorizedResponse: 'Bearer realm="https://portal.develop.eoepca.org/oidc/authenticate/"' - # openAccess: true + openAccess: false #--------------------------------------------------------------------------- # END values #--------------------------------------------------------------------------- diff --git a/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-data-access.yaml b/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-data-access.yaml index 9c7b0e10..474a1adb 100644 --- a/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-data-access.yaml +++ b/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-data-access.yaml @@ -16,7 +16,7 @@ spec: global: env: REGISTRAR_REPLACE: "true" - CPL_VSIL_CURL_ALLOWED_EXTENSIONS: .TIF,.tif,.xml,.jp2,.jpg,.jpeg + CPL_VSIL_CURL_ALLOWED_EXTENSIONS: .TIF,.TIFF,.tif,.tiff,.xml,.jp2,.jpg,.jpeg,.png,.nc AWS_ENDPOINT_URL_S3: https://minio.develop.eoepca.org startup_scripts: [] diff --git a/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-resource-guard.yaml b/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-resource-guard.yaml index 4ca8db5f..ac921a4f 100644 --- a/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-resource-guard.yaml +++ b/system/clusters/creodias/resource-management/rm-workspace-charts/template-hr-resource-guard.yaml @@ -27,6 +27,8 @@ spec: # PEP values #--------------------------------------------------------------------------- pep-engine: + image: + pullPolicy: Always configMap: asHostname: auth pdpHostname: auth @@ -84,6 +86,8 @@ spec: nginx.ingress.kubernetes.io/proxy-read-timeout: "600" nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/rewrite-target: "/$1" + ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/ssl-redirect: "false" client: credentialsSecretName: rm-uma-user-agent logging: diff --git a/system/clusters/creodias/resource-management/ss-harbor.yaml b/system/clusters/creodias/resource-management/ss-harbor.yaml index c799e9d9..04373e06 100644 --- a/system/clusters/creodias/resource-management/ss-harbor.yaml +++ b/system/clusters/creodias/resource-management/ss-harbor.yaml @@ -12,5 +12,3 @@ spec: creationTimestamp: null name: harbor namespace: rm - type: Opaque - diff --git a/system/clusters/creodias/system/test/hr-dummy-service-guard.yaml b/system/clusters/creodias/system/test/hr-dummy-service-guard.yaml index 3973ca8e..b592303e 100644 --- a/system/clusters/creodias/system/test/hr-dummy-service-guard.yaml +++ b/system/clusters/creodias/system/test/hr-dummy-service-guard.yaml @@ -70,8 +70,8 @@ spec: credentialsSecretName: "" logging: level: "debug" - # openAccess: true unauthorizedResponse: 'Bearer realm="https://portal.develop.eoepca.org/oidc/authenticate/"' + openAccess: false #--------------------------------------------------------------------------- # END values #--------------------------------------------------------------------------- diff --git a/system/clusters/creodias/user-management/kustomization.yaml b/system/clusters/creodias/user-management/kustomization.yaml new file mode 100644 index 00000000..a9fb389c --- /dev/null +++ b/system/clusters/creodias/user-management/kustomization.yaml @@ -0,0 +1,13 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: +- identity-api-gatekeeper-sealedsecret.yaml +- identity-api-sealedsecret.yaml +- identity-gatekeeper-sealedsecret.yaml +- identity-keycloak-sealedsecret.yaml +- identity-postgres-sealedsecret.yaml +- namespace.yaml +- um-identity-service.yaml +- um-login-service.yaml +- um-pdp-engine.yaml +- um-user-profile.yaml