bsgrigorov / dbeaver-helm

Helm chart for DBeaver (CloudBeaver)
MIT License
1 stars 0 forks source link

Is this a working Helmchart? #1

Open Rusiecki opened 2 years ago

Rusiecki commented 2 years ago

Hey @bsgrigorov, I am wondering if your helm chart is working via ingress or if it only useable via a port-forward. I am not sure where my error is but somehow I am not able to get to cloudbeaver via configured url.

I mostly get an 504 / Bad Gateway. Since I am not allowed to run those Pods in root I added some things here and there.


kind: ConfigMap
metadata:
  name: cloudbeaver-service-conf
  labels:
    app.kubernetes.io/name: cloudbeaver-service
data:
  cloudbeaver.conf: |

    {
      server: {
        serverPort: 8978,
        serverHost: "rsome.url.com",
        serverName: "CloudBeaver Sample Server",

        // Paths are absolute or relative to the server root folder
        workspaceLocation: "workspace",
        contentRoot: "web",
        driversLocation: "drivers",

        rootURI: "/cloudbeaver/",
        serviceURI: "/api/",

        // Webapp configuration file
        productConfiguration: "conf/product.conf",

        expireSessionAfterPeriod: 600000,

        develMode: false,

        database: {
          url: "jdbc:h2:${workspace}/.data/cb.h2.dat",
          initialDataConfiguration: "conf/initial-data.conf",
          pool: {
            maxConnections: 100
          }
        }
      },
      app: {
        anonymousAccessAllowed: true,
        anonymousUserRole: "user",
        supportsCustomConnections: false,

        resourceQuotas: {
          dataExportFileSizeLimit: 10000000,
          sqlMaxRunningQueries: 3,
          sqlResultSetRowsLimit: 100000,
          sqlResultSetMemoryLimit: 2000000
        },
        plugins: {

        }
      }
    }
---
# Source: cloudbeaver-service/templates/persistenvoluemclaim.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name:  cloudbeaver-service-pvc
  labels:
    app.kubernetes.io/name: cloudbeaver-service
  annotations: 
    volume.beta.kubernetes.io/storage-class: "cinder"
spec:
  accessModes:
    - "ReadWriteOnce"
  resources:
    requests:
      storage: 5Gi
---
# Source: cloudbeaver-service/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name:  cloudbeaver-service
  labels:
    app.kubernetes.io/name: cloudbeaver-service
spec:
  ports:
  - name: http 
    port: 80 
#    port: 8978 
    protocol: TCP
    targetPort: 8978
  selector:
    app.kubernetes.io/name: cloudbeaver-service
---
# Source: cloudbeaver-service/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name:  cloudbeaver-service
  labels:
    app.kubernetes.io/name: cloudbeaver-service
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: cloudbeaver-service
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app.kubernetes.io/name: cloudbeaver-service
    spec:
      restartPolicy: Always
      containers:
        - name:  cloudbeaver-service
          image: "/cloudbeaver:latest"
          imagePullPolicy: Always
          args:
          - -web-config=/etc/cloudbeaver/cloudbeaver.conf
          ports:
            - containerPort: 8978
              name: http
          env:
          - name: CB_ADMIN_USER
            value: admin
          - name: CB_ADMIN_PASSWORD
            value: admin
          - name: CB_SERVER_NAME
            value: test
          - name: CB_SERVER_URL
            value: some.url.com
          resources:
            limits:
              cpu: 500m
              memory: 450Mi
            requests:
              cpu: 150m
              memory: 220Mi
          volumeMounts:
            - name: data
              mountPath: /opt/cloudbeaver/workspace
              subPath:  cloudbeaver-service
            - name: config
              mountPath: /etc/cloudbeaver/
      securityContext:
        fsGroup: 1000
        runAsNonRoot: true
        runAsUser: 1000

      volumes:
        - name: data
          persistentVolumeClaim:
            claimName:  cloudbeaver-service-pvc
        - name: config
          configMap:
            name: cloudbeaver-service-conf
      imagePullSecrets:
      - name: secrets-harbor-registry-pull-secret
---
# Source: cloudbeaver-service/templates/ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: cloudbeaver-service
  labels:
    app.kubernetes.io/name: cloudbeaver-service
  annotations:
    kubernetes.io/ingress.class: traefik

    cert-manager.io/cluster-issuer: acme
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
    - host: some.url.com
      http:
        paths:
        - path: /api
          pathType: ImplementationSpecific
          backend:
            service:
              name: cloudbeaver-service
              port:
                name: http
    - host: some.url.com
      http:
        paths:
        - path: /cloudbeaver/
          pathType: ImplementationSpecific
          backend:
            service:
              name: cloudbeaver-service
              port:
                name: http
  tls:
    - hosts:
      - some.url.com
      secretName: cloudbeaver-service-tls-certs```
bsgrigorov commented 2 years ago

Yes ingress works. I use lets-encrypt for cert generation. https://github.com/bsgrigorov/dbeaver-helm/blob/main/chart/values.yaml#L34

Do you have nginx ingress controller installed in your cluster? That is a requirement to use the ingress resource I have written. Also you would need cert manager with lets-encrypt to generate the certs. There are other solutions you could use, but this is the one I have implemented. https://cloud.yandex.com/en-ru/docs/managed-kubernetes/tutorials/ingress-cert-manager

Rusiecki commented 2 years ago

The TLS connection works fine. somehow I cannot connect to the backend of cloudbeaver from the ingress..

Could you send me your templated helm chart ? Of course remove all the sensitive data.