Skip to content

Commit

Permalink
[nominatim] resolve #64
Browse files Browse the repository at this point in the history
  • Loading branch information
@robjuz
robjuz committed Aug 29, 2024
1 parent 2c639fe commit 7cb5834
Show file tree
Hide file tree
Showing 6 changed files with 237 additions and 173 deletions.
4 changes: 2 additions & 2 deletions charts/nominatim/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,13 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 4.1.0
version: 4.2.0

# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "4.4"
appVersion: "4.4.1"

dependencies:
- name: common
Expand Down
62 changes: 35 additions & 27 deletions charts/nominatim/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,33 +233,41 @@ Note: The command above may differ a little depending the k8s cluster version yo
| `updates.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` |
| `updates.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` |

### Nominatim Updates Deployment parameters

| Name | Description | Value |
|-------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------|
| `updates.resources` | Define resources requests and limits for the update job | `{}` |
| `updates.podLabels` | Extra labels for Nominatim Updates pods | `{}` |
| `updates.podAnnotations` | Annotations for Nominatim Updates pods | `{}` |
| `updates.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `hard` |
| `updates.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `updates.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `updates.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `updates.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `updates.affinity` | Affinity for pod assignment | `{}` |
| `updates.nodeSelector` | Node labels for pod assignment | `{}` |
| `updates.tolerations` | Tolerations for pod assignment | `[]` |
| `updates.schedulerName` | Alternate scheduler | `""` |
| `updates.terminationGracePeriodSeconds` | In seconds, time given to the Nominatim pod to terminate gracefully | `""` |
| `updates.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `updates.priorityClassName` | Name of the existing priority class to be used by Nominatim pods, priority class needs to be created beforehand | `""` |
| `updates.podSecurityContext.enabled` | Enabled Nominatim pods' Security Context | `false` |
| `updates.podSecurityContext.fsGroup` | Set Nominatim pod's Security Context fsGroup | `1001` |
| `updates.podSecurityContext.seccompProfile.type` | Set Nominatim container's Security Context seccomp profile | `RuntimeDefault` |
| `updates.containerSecurityContext.enabled` | Enabled Nominatim containers' Security Context | `false` |
| `updates.containerSecurityContext.runAsUser` | Set Nominatim container's Security Context runAsUser | `1001` |
| `updates.containerSecurityContext.runAsNonRoot` | Set Nominatim container's Security Context runAsNonRoot | `true` |
| `updates.containerSecurityContext.allowPrivilegeEscalation` | Set Nominatim container's privilege escalation | `false` |
| `updates.containerSecurityContext.capabilities.drop` | Set Nominatim container's Security Context runAsNonRoot | `["ALL"]` |
### Nominatim Updates CronJob parameters

| Name | Description | Value |
|-------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------|------------------|
| `updates.schedule` | The schedule in Cron format, see <https://en.wikipedia.org/wiki/Cron> | `0 * * * *` |
| `updates.timeZone` | The time zone name for the given schedule, see <https://en.wikipedia.org/wiki/List_of_tz_database_time_zones> | `""` |
| `updates.concurrencyPolicy` | Specifies how to treat concurrent executions of a Job | `Forbid` |
| `updates.startingDeadlineSeconds` | Optional deadline in seconds for starting the job if it misses scheduled time for any reason | `""` |
| `updates.suspend` | This flag tells the controller to suspend subsequent executions | `""` |
| `updates.successfulJobsHistoryLimit` | The number of successful finished jobs to retain | `""` |
| `updates.failedJobsHistoryLimit` | The number of failed finished jobs to retain | `""` |
| `updates.backoffLimit` | The number of retries before marking this job failed | `""` |
| `updates.resources` | Define resources requests and limits for the update job | `{}` |
| `updates.podLabels` | Extra labels for Nominatim Updates pods | `{}` |
| `updates.podAnnotations` | Annotations for Nominatim Updates pods | `{}` |
| `updates.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `hard` |
| `updates.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `updates.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` |
| `updates.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` |
| `updates.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` |
| `updates.affinity` | Affinity for pod assignment | `{}` |
| `updates.nodeSelector` | Node labels for pod assignment | `{}` |
| `updates.tolerations` | Tolerations for pod assignment | `[]` |
| `updates.schedulerName` | Alternate scheduler | `""` |
| `updates.terminationGracePeriodSeconds` | In seconds, time given to the Nominatim pod to terminate gracefully | `""` |
| `updates.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` |
| `updates.priorityClassName` | Name of the existing priority class to be used by Nominatim pods, priority class needs to be created beforehand | `""` |
| `updates.podSecurityContext.enabled` | Enabled Nominatim pods' Security Context | `false` |
| `updates.podSecurityContext.fsGroup` | Set Nominatim pod's Security Context fsGroup | `1001` |
| `updates.podSecurityContext.seccompProfile.type` | Set Nominatim container's Security Context seccomp profile | `RuntimeDefault` |
| `updates.containerSecurityContext.enabled` | Enabled Nominatim containers' Security Context | `false` |
| `updates.containerSecurityContext.runAsUser` | Set Nominatim container's Security Context runAsUser | `1001` |
| `updates.containerSecurityContext.runAsNonRoot` | Set Nominatim container's Security Context runAsNonRoot | `true` |
| `updates.containerSecurityContext.allowPrivilegeEscalation` | Set Nominatim container's privilege escalation | `false` |
| `updates.containerSecurityContext.capabilities.drop` | Set Nominatim container's Security Context runAsNonRoot | `["ALL"]` |

### Nominatim configuration parameters
| Name | Description | Value |
Expand Down
2 changes: 0 additions & 2 deletions charts/nominatim/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,6 @@ spec:
{{- if not .Values.externalDatabase.existingSecretDsn }}
value: {{ include "nominatim.databaseUrl" . }}
{{- end }}
- name: NOMINATIM_REPLICATION_URL
value: {{ .Values.updates.replicationUrl }}
{{- if .Values.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
Expand Down
Loading

0 comments on commit 7cb5834

Please sign in to comment.