diff --git a/NOTICE b/NOTICE
index 10fe1231ce80f633b95b66e803f3060ff69849e6..2aa6610f14ea9ef7aa46fbdeb3ffde132b8cabde 100644
--- a/NOTICE
+++ b/NOTICE
@@ -34,7 +34,6 @@ Apache-2.0
========================================================================
The following software have components provided under the terms of this license:
-- AHC/Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
- AMQP 1.0 JMS Spring Boot AutoConfiguration (from https://repo1.maven.org/maven2/org/amqphub/spring/amqp-10-jms-spring-boot-autoconfigure)
- AMQP 1.0 JMS Spring Boot Starter (from https://repo1.maven.org/maven2/org/amqphub/spring/amqp-10-jms-spring-boot-starter)
- ASM based accessors helper used by json-smart (from https://urielch.github.io/)
@@ -321,6 +320,7 @@ The following software have components provided under the terms of this license:
- Apache Log4j SLF4J Binding (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-slf4j-impl)
- Apache Log4j to SLF4J Adapter (from https://repo1.maven.org/maven2/org/apache/logging/log4j/log4j-to-slf4j)
- AssertJ Core (from ${project.organization.url}#${project.artifactId})
+- Asynchronous Http Client (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client)
- Asynchronous Http Client Netty Utils (from https://repo1.maven.org/maven2/org/asynchttpclient/async-http-client-netty-utils)
- AutoValue Annotations (from https://github.com/google/auto/tree/master/value, https://repo1.maven.org/maven2/com/google/auto/value/auto-value-annotations)
- BSON (from http://bsonspec.org, https://bsonspec.org)
diff --git a/devops/gc/deploy/README.md b/devops/gc/deploy/README.md
index f2b91eacbc96cd5e9551b84b6f2be3e7a79039ff..23d436f43db08ee2d1586f98b82bae553c1cde2f 100644
--- a/devops/gc/deploy/README.md
+++ b/devops/gc/deploy/README.md
@@ -30,49 +30,60 @@ First you need to set variables in **values.yaml** file using any code editor. S
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**logLevel** | logging level | string | `ERROR` | yes
-**springProfilesActive** | active spring profile | string | `gcp` | yes
-**defaultDataCountry** | Data storage region | string | `US` | yes
-**storageServiceAccountEmail** | Storage service account email, used during OQM events processing | string | `storage@service.local` | yes
-**entitlementsHost** | Entitlements service host address | string | `http://entitlements` | yes
-**partitionHost** | Partition service host address | string | `http://partition` | yes
-**crsConverterHost** | CRS Converter service host address | string | `http://crs-conversion` | yes
-**legalHost** | Legal service host address | string | `http://legal` | yes
-**redisGroupHost** | Redis host for groups | string | `redis-group-master` | yes
-**redisStorageHost** | Redis host for storage | string | `redis-storage-master` | yes
-**opaEndpoint** | OPA host address | string | `http://opa` | yes
-**storageHost** | Storage service host address | string | `http://storage` | only if `conf.bootstrapEnabled` is true
-**defaultLegalTag** | Name of the previously created legal tag (without partition part) | string | `default-data-tag` | only if `conf.bootstrapEnabled` is true
-**dataPartitionId** | Data partition id | string | - | only if `conf.bootstrapEnabled` is true
+**data.logLevel** | logging level | string | `ERROR` | yes
+**data.springProfilesActive** | active spring profile | string | `gcp` | yes
+**data.defaultDataCountry** | Data storage region | string | `US` | yes
+**data.storageServiceAccountEmail** | Storage service account email, used during OQM events processing | string | `storage@service.local` | yes
+**data.entitlementsHost** | Entitlements service host address | string | `http://entitlements` | yes
+**data.partitionHost** | Partition service host address | string | `http://partition` | yes
+**data.crsConverterHost** | CRS Converter service host address | string | `http://crs-conversion` | yes
+**data.legalHost** | Legal service host address | string | `http://legal` | yes
+**data.opaEndpoint** | OPA host address | string | `http://opa` | yes
+**data.storageHost** | Storage service host address | string | `http://storage` | only if `conf.bootstrapEnabled` is true
+**data.defaultLegalTag** | Name of the previously created legal tag (without partition part) | string | `default-data-tag` | only if `conf.bootstrapEnabled` is true
+**data.dataPartitionId** | Data partition id | string | - | only if `conf.bootstrapEnabled` is true
+**data.redisStorageHost** | The host for redis instance. If empty (by default), helm installs an internal redis instance | string | - | yes
+**data.redisStoragePort** | The port for redis instance | digit | 6379 | yes
### Deployment variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**requestsCpu** | amount of requested CPU | string | `0.25` | yes
-**requestsMemory** | amount of requested memory| string | `1024M` | yes
-**limitsCpu** | CPU limit | string | `1` | yes
-**limitsMemory** | memory limit | string | `3G` | yes
-**image** | path to the image in a registry | string | - | yes
-**imagePullPolicy** | when to pull the image | string | `IfNotPresent` | yes
-**serviceAccountName** | name of kubernetes service account | string | `storage` | yes
-**bootstrapImage** | path to the bootstrap image in a registry | string | - | only if `conf.bootstrapEnabled` is true
-**bootstrapServiceAccountName** | name of kubernetes service account that will be used for bootstrap | string | - | only if `conf.bootstrapEnabled` is true
+**data.requestsCpu** | amount of requested CPU | string | `250m` | yes
+**data.requestsMemory** | amount of requested memory| string | `1024M` | yes
+**data.limitsCpu** | CPU limit | string | `1` | yes
+**data.limitsMemory** | memory limit | string | `3G` | yes
+**data.image** | path to the image in a registry | string | - | yes
+**data.imagePullPolicy** | when to pull the image | string | `IfNotPresent` | yes
+**data.serviceAccountName** | name of kubernetes service account | string | `storage` | yes
+**data.bootstrapImage** | path to the bootstrap image in a registry | string | - | only if `conf.bootstrapEnabled` is true
+**data.bootstrapServiceAccountName** | name of kubernetes service account that will be used for bootstrap | string | - | only if `conf.bootstrapEnabled` is true
+**data.redisImage** | service image | string | `redis:7` | yes
### Configuration variables
| Name | Description | Type | Default |Required |
|------|-------------|------|---------|---------|
-**appName** | Service name | string | `storage` | yes
-**keycloakSecretName** | secret for keycloak | string | `storage-keycloak-secret` | yes
-**minioSecretName** | secret for minio | string | `storage-minio-secret` | yes
-**postgresSecretName** | secret for postgres | string | `storage-postgres-secret` | yes
-**rabbitmqSecretName** | secret for rabbitmq | string | `rabbitmq-secret` | yes
-**bootstrapSecretName** | secret for bootstrap to access openid provider | string | `datafier-secret` | only if `conf.bootstrapEnabled` is true
-**replicas** | Number of replicas | integer | 3 | yes
-**onPremEnabled** | whether on-prem is enabled | boolean | false | yes
-**bootstrapEnabled** | whether storage bootstrap is enabled | boolean | false | yes
-**domain** | your domain, ex `example.com` | string | - | yes
+**conf.appName** | Service name | string | `storage` | yes
+**conf.keycloakSecretName** | secret for keycloak | string | `storage-keycloak-secret` | yes
+**conf.minioSecretName** | secret for minio | string | `storage-minio-secret` | yes
+**conf.postgresSecretName** | secret for postgres | string | `storage-postgres-secret` | yes
+**conf.rabbitmqSecretName** | secret for rabbitmq | string | `rabbitmq-secret` | yes
+**conf.storageRedisSecretName** | secret for redis that contains redis password with REDIS_PASSWORD key | string | `storage-redis-secret` | yes
+**conf.bootstrapSecretName** | secret for bootstrap to access openid provider | string | `datafier-secret` | only if `conf.bootstrapEnabled` is true
+**conf.replicas** | Number of replicas | integer | 3 | yes
+**conf.onPremEnabled** | whether on-prem is enabled | boolean | false | yes
+**conf.bootstrapEnabled** | whether storage bootstrap is enabled | boolean | false | yes
+**conf.domain** | your domain, ex `example.com` | string | - | yes
+
+### Istio variables
+
+| Name | Description | Type | Default |Required |
+|------|-------------|------|---------|---------|
+**istio.proxyCPU** | CPU request for Envoy sidecars | string | 25m | yes
+**istio.proxyCPULimit** | CPU limit for Envoy sidecars | string | 200m | yes
+**istio.proxyMemory** | memory request for Envoy sidecars | string | 64Mi | yes
+**istio.proxyMemoryLimit** | memory limit for Envoy sidecars | string | 256Mi | yes
## Install the Helm chart
diff --git a/devops/gc/deploy/templates/configmap.yaml b/devops/gc/deploy/templates/configmap.yaml
index 26c8fa855b897560ff40d73a705a4b4106ff983a..cd8067a603017d37488304c611903a2704b6f8ef 100644
--- a/devops/gc/deploy/templates/configmap.yaml
+++ b/devops/gc/deploy/templates/configmap.yaml
@@ -17,3 +17,12 @@ data:
STORAGE_SERVICE_ACCOUNT_EMAIL: {{ .Values.data.storageServiceAccountEmail | quote }}
SPRING_PROFILES_ACTIVE: {{ .Values.data.springProfilesActive | quote }}
OPA_ENDPOINT: {{ .Values.data.opaEndpoint | quote }}
+ {{- if .Values.data.redisStorageHost }}
+ REDIS_GROUP_HOST: {{ .Values.data.redisStorageHost | quote }}
+ REDIS_STORAGE_HOST: {{ .Values.data.redisStorageHost | quote }}
+ {{- else }}
+ REDIS_GROUP_HOST: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ REDIS_STORAGE_HOST: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ {{- end }}
+ REDIS_STORAGE_PORT: {{ .Values.data.redisStoragePort | quote }}
+ REDIS_GROUP_PORT: {{ .Values.data.redisStoragePort | quote }}
diff --git a/devops/gc/deploy/templates/deploy-redis.yaml b/devops/gc/deploy/templates/deploy-redis.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f069798639226a54565f32f61da33fbe03ef7e9a
--- /dev/null
+++ b/devops/gc/deploy/templates/deploy-redis.yaml
@@ -0,0 +1,35 @@
+{{ if not .Values.data.redisStorageHost }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ replicas: 1
+ selector:
+ matchLabels:
+ app: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ template:
+ metadata:
+ labels:
+ app: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ annotations:
+ sidecar.istio.io/proxyCPU: 30m
+ spec:
+ containers:
+ - args:
+ - --requirepass
+ - $(REDIS_PASSWORD)
+ envFrom:
+ - secretRef:
+ name: {{ .Values.conf.storageRedisSecretName | quote }}
+ image: {{ .Values.data.redisImage | quote }}
+ imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
+ name: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ ports:
+ - containerPort: 6379
+ protocol: TCP
+ resources:
+ requests:
+ memory: 100Mi
+{{ end }}
diff --git a/devops/gc/deploy/templates/deployment.yaml b/devops/gc/deploy/templates/deployment.yaml
index b7aab375a67ffc566ca23502b4139898c7531e6b..48e96b1cead930313402c7351d7c0723b73f6c89 100644
--- a/devops/gc/deploy/templates/deployment.yaml
+++ b/devops/gc/deploy/templates/deployment.yaml
@@ -25,6 +25,17 @@ spec:
- name: {{ .Values.conf.appName | quote }}
image: {{ .Values.data.image | quote }}
imagePullPolicy: {{ .Values.data.imagePullPolicy | quote }}
+ env:
+ - name: REDIS_GROUP_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.conf.storageRedisSecretName | quote }}
+ key: REDIS_PASSWORD
+ - name: REDIS_STORAGE_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ .Values.conf.storageRedisSecretName | quote }}
+ key: REDIS_PASSWORD
envFrom:
- configMapRef:
name: {{ printf "%s-config" .Values.conf.appName | quote }}
diff --git a/devops/gc/deploy/templates/service-redis.yaml b/devops/gc/deploy/templates/service-redis.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5ec51179c34783675a2dd5cb784aabd46536cf6e
--- /dev/null
+++ b/devops/gc/deploy/templates/service-redis.yaml
@@ -0,0 +1,14 @@
+{{ if not .Values.data.redisStorageHost }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ printf "redis-%s" .Values.conf.appName | quote }}
+ namespace: {{ .Release.Namespace | quote }}
+spec:
+ ports:
+ - port: {{ .Values.data.redisStoragePort }}
+ protocol: TCP
+ targetPort: 6379
+ selector:
+ app: {{ printf "redis-%s" .Values.conf.appName | quote }}
+{{ end }}
diff --git a/devops/gc/deploy/values.yaml b/devops/gc/deploy/values.yaml
index e6ba7fdbe95896ff8419867ba384af1bd992ad34..eec51105f99f1aedaab4b981c445395cb7ed5313 100644
--- a/devops/gc/deploy/values.yaml
+++ b/devops/gc/deploy/values.yaml
@@ -12,14 +12,12 @@ data:
partitionHost: "http://partition"
crsConverterHost: "http://crs-conversion"
legalHost: "http://legal"
- redisGroupHost: "redis-group-master"
- redisStorageHost: "redis-storage-master"
opaEndpoint: "http://opa"
storageHost: "http://storage"
defaultLegalTag: "default-data-tag"
dataPartitionId: ""
# deployments
- requestsCpu: "0.25"
+ requestsCpu: "250m"
requestsMemory: "1024M"
limitsCpu: "1"
limitsMemory: "3G"
@@ -28,6 +26,11 @@ data:
image: ""
imagePullPolicy: "IfNotPresent"
serviceAccountName: "storage"
+ # redis connection. Change it if you want to use external redis
+ redisStorageHost: ""
+ redisStoragePort: 6379
+ redisImage: "redis:7"
+
conf:
appName: "storage"
keycloakSecretName: "storage-keycloak-secret"
@@ -39,10 +42,12 @@ conf:
onPremEnabled: false
bootstrapEnabled: false
domain: ""
+ storageRedisSecretName: "storage-redis-secret"
+
istio:
- proxyCPU: "50m"
- proxyCPULimit: "500m"
+ proxyCPU: "25m"
+ proxyCPULimit: "200m"
proxyMemory: "64Mi"
- proxyMemoryLimit: "512Mi"
+ proxyMemoryLimit: "256Mi"
bootstrapProxyCPU: "10m"
bootstrapProxyCPULimit: "100m"