diff --git a/kubernetes/helm/dspace/.gitignore b/kubernetes/helm/dspace/.gitignore
new file mode 100644
index 0000000000000000000000000000000000000000..8f2ea6bc075b7d23c5083df53a739bc4549ef49e
--- /dev/null
+++ b/kubernetes/helm/dspace/.gitignore
@@ -0,0 +1,2 @@
+config.yaml
+.DS_Store
diff --git a/kubernetes/helm/dspace/.helmignore b/kubernetes/helm/dspace/.helmignore
new file mode 100644
index 0000000000000000000000000000000000000000..f0c13194444163d1cba5c67d9e79231a62bc8f44
--- /dev/null
+++ b/kubernetes/helm/dspace/.helmignore
@@ -0,0 +1,21 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
diff --git a/kubernetes/helm/dspace/Chart.yaml b/kubernetes/helm/dspace/Chart.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f4bc22a98525343cb4393a4523b23bf8bcfdb3cb
--- /dev/null
+++ b/kubernetes/helm/dspace/Chart.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+description: A Helm chart for Kubernetes
+name: dspace
+version: 0.1.0
diff --git a/kubernetes/helm/dspace/README.md b/kubernetes/helm/dspace/README.md
new file mode 100644
index 0000000000000000000000000000000000000000..2ba38942722d36bc0db33a95a160c32968abe866
--- /dev/null
+++ b/kubernetes/helm/dspace/README.md
@@ -0,0 +1,79 @@
+# Design Document
+
+
+## PostgreSQL
+PostgreSQL is deployed using official [helm](https://github.com/kubernetes/charts/tree/master/stable/postgresql "helm").
+Additional env variables are added :
+- dspaceuser
+- dspacepassword
+- dspacedbname
+- dspaceutilsdbname
+
+Other changes:
+- added adapt_utilities_sql.sh to Dockerfile.
+- modified commul-customization/init-dspace-dbs.sh to add env params
+
+### Kubertes cli
+How to show **pv** (persistent volume), **pvc** (persistsne volume claim), **po** (pod)
+```bash
+$ kubectl -n dspace get pv,pvc,po -o wide
+NAME CAPACITY ACCESSMODES RECLAIMPOLICY STATUS CLAIM STORAGECLASS REASON AGE
+pv/pvc-e38405df-97b4-11e7-ba35-b60483de6a40 8Gi RWO Delete Bound dspace/dspace-postgresql auto 7d
+
+NAME STATUS VOLUME CAPACITY ACCESSMODES STORAGECLASS AGE
+pvc/dspace-postgresql Bound pvc-e38405df-97b4-11e7-ba35-b60483de6a40 8Gi RWO auto 7d
+
+NAME READY STATUS RESTARTS AGE IP NODE
+po/dspace-postgresql-4284405808-xfx5w 1/1 Running 0 6d 10.12.36.39 10.7.2.234
+
+
+```
+## Tomcat
+configured two cephfs mount points, so container can scale
+- /opt/lindat-dspace
+- /opt/repository
+
+Other notes:
+- installation is done manually [1]
+- tomcat is started manually [2]
+
+```bash
+$ kubectl -n dspace get po
+NAME READY STATUS RESTARTS AGE
+dspace-977584178-m9wsv 1/1 Running 16 16h
+dspace-postgresql-4284405808-xfx5w 1/1 Running 0 1d
+```
+### Kubertes cli
+#### How to enable port forward
+```bash
+$ kubectl -n dspace port-forward dspace-977584178-m9wsv 8080:8080
+Forwarding from 127.0.0.1:8080 -> 8080
+Forwarding from [::1]:8080 -> 8080
+Handling connection for 8080
+Handling connection for 8080
+```
+now you can connect to http://localhost:8080/repository/xmlui/
+
+#### How to connect into pod
+```bash
+$ kubectl -n dspace exec -it dspace-977584178-m9wsv bash
+```
+
+## Web Server
+- Substitute Apache for Ngnix.
+- added env variable SHIB_HOSTNAME (pod's hostname is a pretty different concept)
+- Web server's certificates are injected via secrets
+- Shibboleth config pushed into container [4]
+
+```bash
+docker run -it -p 80:80 -p 443:443 -e SHIB_HOSTNAME="lindat-dev.eurac.edu" gitlab.scientificnet.org:4567/kube/kubernetes/dspace/apache:0.1
+```
+
+# To Do
+- [1] [PostgreSQL] we need/should automatize with a entrypoint..sh script
+ psudo-code:
+ if exist /path/file/installed, do nothing
+ else, install!
+- [2] [Tomcat] write a entrypoint.sh to start tomcat
+- [3] [Tomcat] use env variables in /opt/repository/sources/dspace/dspace/target/dspace-installer/config/dspace.cfg file
+- [4] [Web Server] - use config map to supply Shibboleth config
diff --git a/kubernetes/helm/dspace/charts/postgresql/Chart.yaml b/kubernetes/helm/dspace/charts/postgresql/Chart.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..f7993476d0af02e7272617529f24049a8c98434b
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/Chart.yaml
@@ -0,0 +1,18 @@
+description: Object-relational database management system (ORDBMS) with an emphasis
+ on extensibility and on standards-compliance.
+engine: gotpl
+home: https://www.postgresql.org/
+icon: https://www.postgresql.org/media/img/about/press/elephant.png
+keywords:
+- postgresql
+- postgres
+- database
+- sql
+maintainers:
+- name: swordbeta
+- name: databus23
+name: postgresql
+sources:
+- https://github.com/kubernetes/charts
+- https://github.com/docker-library/postgres
+version: 0.8.1
diff --git a/kubernetes/helm/dspace/charts/postgresql/README.md b/kubernetes/helm/dspace/charts/postgresql/README.md
new file mode 100755
index 0000000000000000000000000000000000000000..e213b2e85ae8b7ba2dc86ae4bd99e0dfa50d50e6
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/README.md
@@ -0,0 +1,132 @@
+# PostgreSQL
+
+[PostgreSQL](https://postgresql.org) is a powerful, open source object-relational database system. It has more than 15 years of active development and a proven architecture that has earned it a strong reputation for reliability, data integrity, and correctness.
+
+## TL;DR;
+
+```bash
+$ helm install stable/postgresql
+```
+
+## Introduction
+
+This chart bootstraps a [PostgreSQL](https://github.com/docker-library/postgres) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager.
+
+## Prerequisites
+
+- Kubernetes 1.4+ with Beta APIs enabled
+- PV provisioner support in the underlying infrastructure (Only when persisting data)
+
+## Installing the Chart
+
+To install the chart with the release name `my-release`:
+
+```bash
+$ helm install --name my-release stable/postgresql
+```
+
+The command deploys PostgreSQL on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation.
+
+> **Tip**: List all releases using `helm list`
+
+## Uninstalling the Chart
+
+To uninstall/delete the `my-release` deployment:
+
+```bash
+$ helm delete my-release
+```
+
+The command removes all the Kubernetes components associated with the chart and deletes the release.
+
+## Configuration
+
+The following tables lists the configurable parameters of the PostgresSQL chart and their default values.
+
+| Parameter | Description | Default |
+| ----------------------- | --------------------------------------------- | ---------------------------------------------------------- |
+| `image` | `postgres` image repository | `postgres` |
+| `imageTag` | `postgres` image tag | `9.6.2` |
+| `imagePullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` |
+| `postgresUser` | Username of new user to create. | `postgres` |
+| `postgresPassword` | Password for the new user. | random 10 characters |
+| `postgresDatabase` | Name for new database to create. | `postgres` |
+| `postgresInitdbArgs` | Initdb Arguments | `nil` |
+| `persistence.enabled` | Use a PVC to persist data | `true` |
+| `persistence.existingClaim`| Provide an existing PersistentVolumeClaim | `nil` |
+| `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) |
+| `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` |
+| `persistence.size` | Size of data volume | `8Gi` |
+| `persistence.subPath` | Subdirectory of the volume to mount at | `postgresql-db` |
+| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `100m` |
+| `metrics.enabled` | Start a side-car prometheus exporter | `false` |
+| `metrics.image` | Exporter image | `wrouesnel/postgres_exporter` |
+| `metrics.imageTag` | Exporter image | `v0.1.1` |
+| `metrics.imagePullPolicy` | Exporter image pull policy | `IfNotPresent` |
+| `metrics.resources` | Exporter resource requests/limit | Memory: `256Mi`, CPU: `100m` |
+| `metrics.customMetrics` | Additional custom metrics | `nil` |
+| `service.externalIPs` | External IPs to listen on | `[]` |
+| `service.port` | TCP port | `5432` |
+| `service.type` | k8s service type exposing ports, e.g. `NodePort`| `ClusterIP` |
+| `networkPolicy.enabled` | Enable NetworkPolicy | `false` |
+| `networkPolicy.allowExternal` | Don't require client label for connections | `true` |
+
+The above parameters map to the env variables defined in [postgres](http://github.com/docker-library/postgres). For more information please refer to the [postgres](http://github.com/docker-library/postgres) image documentation.
+
+Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
+
+```bash
+$ helm install --name my-release \
+ --set postgresUser=my-user,postgresPassword=secretpassword,postgresDatabase=my-database \
+ stable/postgresql
+```
+
+The above command creates a PostgresSQL user named `root` with password `secretpassword`. Additionally it creates a database named `my-database`.
+
+Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example,
+
+```bash
+$ helm install --name my-release -f values.yaml stable/postgresql
+```
+
+> **Tip**: You can use the default [values.yaml](values.yaml)
+
+## Persistence
+
+The [postgres](https://github.com/docker-library/postgres) image stores the PostgreSQL data and configurations at the `/var/lib/postgresql/data/pgdata` path of the container.
+
+The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) volume at this location. The volume is created using dynamic volume provisioning. If the PersistentVolumeClaim should not be managed by the chart, define `persistence.existingClaim`.
+
+### Existing PersistentVolumeClaims
+
+1. Create the PersistentVolume
+1. Create the PersistentVolumeClaim
+1. Install the chart
+```bash
+$ helm install --set persistence.existingClaim=PVC_NAME postgresql
+```
+
+The volume defaults to mount at a subdirectory of the volume instead of the volume root to avoid the volume's hidden directories from interfering with `initdb`. If you are upgrading this chart from before version `0.4.0`, set `persistence.subPath` to `""`.
+
+## Metrics
+The chart optionally can start a metrics exporter for [prometheus](https://prometheus.io). The metrics endpoint (port 9187) is not exposed and it is expected that the metrics are collected from inside the k8s cluster using something similar as the described in the [example Prometheus scrape configuration](https://github.com/prometheus/prometheus/blob/master/documentation/examples/prometheus-kubernetes.yml).
+
+The exporter allows to create custom metrics from additional SQL queries. See the Chart's `values.yaml` for an example and consult the [exporters documentation](https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file) for more details.
+
+## NetworkPolicy
+
+To enable network policy for PostgreSQL,
+install [a networking plugin that implements the Kubernetes
+NetworkPolicy spec](https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy#before-you-begin),
+and set `networkPolicy.enabled` to `true`.
+
+For Kubernetes v1.5 & v1.6, you must also turn on NetworkPolicy by setting
+the DefaultDeny namespace annotation. Note: this will enforce policy for _all_ pods in the namespace:
+
+ kubectl annotate namespace default "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}"
+
+With NetworkPolicy enabled, traffic will be limited to just port 5432.
+
+For more precise policy, set `networkPolicy.allowExternal=false`. This will
+only allow pods with the generated client label to connect to PostgreSQL.
+This label will be displayed in the output of a successful install.
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/NOTES.txt b/kubernetes/helm/dspace/charts/postgresql/templates/NOTES.txt
new file mode 100755
index 0000000000000000000000000000000000000000..cb511f38ab758e9dc61b651d07cd201da24ba0c1
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/NOTES.txt
@@ -0,0 +1,35 @@
+PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster:
+{{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local
+
+To get your user password run:
+
+ PGPASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath="{.data.postgres-password}" | base64 --decode; echo)
+
+To connect to your database run the following command (using the env variable from above):
+
+ kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --image postgres \
+ --env "PGPASSWORD=$PGPASSWORD" \{{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+ --labels="{{ template "postgresql.fullname" . }}-client=true" \{{- end }}
+ --command -- psql -U {{ default "postgres" .Values.postgresUser }} \
+ -h {{ template "postgresql.fullname" . }} {{ default "postgres" .Values.postgresDatabase }}
+
+{{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }}
+Note: Since NetworkPolicy is enabled, only pods with label
+{{ template "postgresql.fullname" . }}-client=true"
+will be able to connect to this PostgreSQL cluster.
+{{- end }}
+
+To connect to your database directly from outside the K8s cluster:
+ {{- if contains "NodePort" .Values.service.type }}
+ PGHOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath='{.items[0].status.addresses[0].address}')
+ PGPORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "postgresql.fullname" . }} -o jsonpath='{.spec.ports[0].nodePort}')
+
+ {{- else if contains "ClusterIP" .Values.service.type }}
+ PGHOST=127.0.0.1
+ PGPORT={{ default "5432" .Values.service.port }}
+
+ # Execute the following commands to route the connection:
+ export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "postgresql.fullname" . }}" -o jsonpath="{.items[0].metadata.name}")
+ kubectl port-forward $POD_NAME {{ default "5432" .Values.service.port }}:{{ default "5432" .Values.service.port }}
+
+ {{- end }}
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/_helpers.tpl b/kubernetes/helm/dspace/charts/postgresql/templates/_helpers.tpl
new file mode 100755
index 0000000000000000000000000000000000000000..b6528392a2e3f564a4acf233707999eff8cc61dc
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/_helpers.tpl
@@ -0,0 +1,27 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "postgresql.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "postgresql.fullname" -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Return the appropriate apiVersion for networkpolicy.
+*/}}
+{{- define "postgresql.networkPolicy.apiVersion" -}}
+{{- if and (ge .Capabilities.KubeVersion.Minor "4") (le .Capabilities.KubeVersion.Minor "6") -}}
+"extensions/v1beta1"
+{{- else if ge .Capabilities.KubeVersion.Minor "7" -}}
+"networking.k8s.io/v1"
+{{- end -}}
+{{- end -}}
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/deployment.yaml b/kubernetes/helm/dspace/charts/postgresql/templates/deployment.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..743679ed1f1ba903d495f9de71d43c824b4cce88
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/deployment.yaml
@@ -0,0 +1,114 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ name: {{ template "postgresql.fullname" . }}
+ labels:
+ app: {{ template "postgresql.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+spec:
+ template:
+ metadata:
+ labels:
+ app: {{ template "postgresql.fullname" . }}
+ spec:
+ imagePullSecrets:
+ - name: gitlab-scientificnet-org-registry
+ containers:
+ - name: {{ template "postgresql.fullname" . }}
+ image: "{{ .Values.image }}:{{ .Values.imageTag }}"
+ imagePullPolicy: {{ default "" .Values.imagePullPolicy | quote }}
+ env:
+ - name: POSTGRES_USER
+ value: {{ default "postgres" .Values.postgresUser | quote }}
+ # Required for pg_isready in the health probes.
+ - name: PGUSER
+ value: {{ default "postgres" .Values.postgresUser | quote }}
+ - name: POSTGRES_DB
+ value: {{ default "" .Values.postgresDatabase | quote }}
+ - name: POSTGRES_INITDB_ARGS
+ value: {{ default "" .Values.postgresInitdbArgs | quote }}
+ - name: dspaceuser
+ value: {{ default "" .Values.global.dspace.user | quote }}
+ - name: dspacepassword
+ valueFrom:
+ secretKeyRef:
+ name: dspace-secrets
+ key: dspace.password
+ - name: dspacedbname
+ value: {{ default "" .Values.global.dspace.dbname | quote }}
+ - name: dspaceutilsdbname
+ value: {{ default "" .Values.global.dspaceutils.dbname | quote }}
+ - name: PGDATA
+ value: /var/lib/postgresql/data/pgdata
+ - name: POSTGRES_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: {{ template "postgresql.fullname" . }}
+ key: postgres-password
+ - name: POD_IP
+ valueFrom: { fieldRef: { fieldPath: status.podIP } }
+ ports:
+ - name: postgresql
+ containerPort: 5432
+ livenessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - exec pg_isready --host $POD_IP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ failureThreshold: 6
+ readinessProbe:
+ exec:
+ command:
+ - sh
+ - -c
+ - exec pg_isready --host $POD_IP
+ initialDelaySeconds: 5
+ timeoutSeconds: 3
+ periodSeconds: 5
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ volumeMounts:
+ - name: data
+ mountPath: /var/lib/postgresql/data/pgdata
+ subPath: {{ .Values.persistence.subPath }}
+{{- if .Values.metrics.enabled }}
+ - name: metrics
+ image: "{{ .Values.metrics.image }}:{{ .Values.metrics.imageTag }}"
+ imagePullPolicy: {{ default "" .Values.metrics.imagePullPolicy | quote }}
+ env:
+ - name: DATA_SOURCE_NAME
+ value: postgresql://postgres@127.0.0.1:5432?sslmode=disable
+ ports:
+ - name: metrics
+ containerPort: 9187
+ {{- if .Values.metrics.customMetrics }}
+ args: ["-extend.query-path", "/conf/custom-metrics.yaml"]
+ volumeMounts:
+ - name: custom-metrics
+ mountPath: /conf
+ readOnly: true
+ {{- end }}
+ resources:
+{{ toYaml .Values.metrics.resources | indent 10 }}
+{{- end }}
+ volumes:
+ - name: data
+ {{- if .Values.persistence.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.persistence.existingClaim | default (include "postgresql.fullname" .) }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ {{- if and .Values.metrics.enabled .Values.metrics.customMetrics }}
+ - name: custom-metrics
+ secret:
+ secretName: {{ template "postgresql.fullname" . }}
+ items:
+ - key: custom-metrics.yaml
+ path: custom-metrics.yaml
+ {{- end }}
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/networkpolicy.yaml b/kubernetes/helm/dspace/charts/postgresql/templates/networkpolicy.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..92f3b71b15c2e0b27c7bbe336288e2f82245b92f
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/networkpolicy.yaml
@@ -0,0 +1,28 @@
+{{- if .Values.networkPolicy.enabled }}
+kind: NetworkPolicy
+apiVersion: {{ template "postgresql.networkPolicy.apiVersion" . }}
+metadata:
+ name: "{{ template "postgresql.fullname" . }}"
+ labels:
+ app: {{ template "postgresql.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+spec:
+ podSelector:
+ matchLabels:
+ app: "{{ template "postgresql.fullname" . }}"
+ ingress:
+ # Allow inbound connections
+ - ports:
+ - port: 5432
+ {{- if not .Values.networkPolicy.allowExternal }}
+ from:
+ - podSelector:
+ matchLabels:
+ {{ template "postgresql.fullname" . }}-client: "true"
+ {{- end }}
+ # Allow prometheus scrapes
+ - ports:
+ - port: 9187
+{{- end }}
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/pvc.yaml b/kubernetes/helm/dspace/charts/postgresql/templates/pvc.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..12d8dc22ed1e6e26eb0f5282ade2f11b4f7879a7
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/pvc.yaml
@@ -0,0 +1,23 @@
+{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}}
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+ name: {{ template "postgresql.fullname" . }}
+ labels:
+ app: {{ template "postgresql.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ annotations:
+ {{- if .Values.persistence.storageClass }}
+ volume.beta.kubernetes.io/storage-class: {{ .Values.persistence.storageClass | quote }}
+ {{- else }}
+ volume.alpha.kubernetes.io/storage-class: default
+ {{- end }}
+spec:
+ accessModes:
+ - {{ .Values.persistence.accessMode | quote }}
+ resources:
+ requests:
+ storage: {{ .Values.persistence.size | quote }}
+{{- end -}}
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/secrets.yaml b/kubernetes/helm/dspace/charts/postgresql/templates/secrets.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..6dd4c7da5517e1d491a924a75cf2f44de86bd427
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/secrets.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "postgresql.fullname" . }}
+ labels:
+ app: {{ template "postgresql.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+type: Opaque
+data:
+ {{ if .Values.postgresPassword }}
+ postgres-password: {{ .Values.postgresPassword | b64enc | quote }}
+ {{ else }}
+ postgres-password: {{ randAlphaNum 10 | b64enc | quote }}
+ {{ end }}
+ {{- if .Values.metrics.customMetrics }}
+ custom-metrics.yaml: {{ toYaml .Values.metrics.customMetrics | b64enc | quote }}
+ {{- end }}
diff --git a/kubernetes/helm/dspace/charts/postgresql/templates/svc.yaml b/kubernetes/helm/dspace/charts/postgresql/templates/svc.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..6446db534049cbb453c2ffa4b8aee6f331f5ca9a
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/templates/svc.yaml
@@ -0,0 +1,26 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "postgresql.fullname" . }}
+ labels:
+ app: {{ template "postgresql.fullname" . }}
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+{{- if .Values.metrics.enabled }}
+ annotations:
+ prometheus.io/scrape: "true"
+ prometheus.io/port: "9187"
+{{- end }}
+spec:
+ type: {{ .Values.service.type }}
+ ports:
+ - name: postgresql
+ port: {{ .Values.service.port }}
+ targetPort: postgresql
+{{- if .Values.service.externalIPs }}
+ externalIPs:
+{{ toYaml .Values.service.externalIPs | indent 4 }}
+{{- end }}
+ selector:
+ app: {{ template "postgresql.fullname" . }}
\ No newline at end of file
diff --git a/kubernetes/helm/dspace/charts/postgresql/values.yaml b/kubernetes/helm/dspace/charts/postgresql/values.yaml
new file mode 100755
index 0000000000000000000000000000000000000000..c092fe471b422fc8f7c1588d0deea853afaf7eee
--- /dev/null
+++ b/kubernetes/helm/dspace/charts/postgresql/values.yaml
@@ -0,0 +1,91 @@
+## postgres image repository
+image: "postgres"
+## postgres image version
+## ref: https://hub.docker.com/r/library/postgres/tags/
+##
+imageTag: "9.6.2"
+
+## Specify a imagePullPolicy
+## 'Always' if imageTag is 'latest', else set to 'IfNotPresent'
+## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
+##
+# imagePullPolicy:
+
+## Create a database user
+## Default: postgres
+# postgresUser:
+## Default: random 10 character string
+# postgresPassword:
+
+## Create a database
+## Default: the postgres user
+# postgresDatabase:
+
+## Specify initdb arguments, e.g. --data-checksums
+## ref: https://github.com/docker-library/docs/blob/master/postgres/content.md#postgres_initdb_args
+## ref: https://www.postgresql.org/docs/current/static/app-initdb.html
+# postgresInitdbArgs:
+
+## Persist data to a persitent volume
+persistence:
+ enabled: true
+
+ ## A manually managed Persistent Volume and Claim
+ ## Requires persistence.enabled: true
+ ## If defined, PVC must be created manually before volume will be bound
+ # existingClaim:
+
+ ## If defined, volume.beta.kubernetes.io/storage-class: <storageClass>
+ ## Default: volume.alpha.kubernetes.io/storage-class: default
+ ##
+ # storageClass:
+ accessMode: ReadWriteOnce
+ size: 8Gi
+ subPath: "postgresql-db"
+
+metrics:
+ enabled: false
+ image: wrouesnel/postgres_exporter
+ imageTag: v0.1.1
+ imagePullPolicy: IfNotPresent
+ resources:
+ requests:
+ memory: 256Mi
+ cpu: 100m
+ ## Define additional custom metrics
+ ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
+ #customMetrics:
+ # pg_database:
+ # query: "SELECT d.datname AS name, CASE WHEN pg_catalog.has_database_privilege(d.datname, 'CONNECT') THEN pg_catalog.pg_database_size(d.datname) ELSE 0 END AS size FROM pg_catalog.pg_database d where datname not in ('template0', 'template1', 'postgres')"
+ # metrics:
+ # - name:
+ # usage: "LABEL"
+ # description: "Name of the database"
+ # - size_bytes:
+ # usage: "GAUGE"
+ # description: "Size of the database in bytes"
+
+## Configure resource requests and limits
+## ref: http://kubernetes.io/docs/user-guide/compute-resources/
+##
+resources:
+ requests:
+ memory: 256Mi
+ cpu: 100m
+
+service:
+ type: ClusterIP
+ port: 5432
+ externalIPs: []
+
+networkPolicy:
+ ## Enable creation of NetworkPolicy resources.
+ ##
+ enabled: false
+
+ ## The Policy model to apply. When set to false, only pods with the correct
+ ## client label will have network access to the port PostgreSQL is listening
+ ## on. When true, PostgreSQL will accept connections from any source
+ ## (with the correct destination port).
+ ##
+ allowExternal: true
diff --git a/kubernetes/helm/dspace/dspace.png b/kubernetes/helm/dspace/dspace.png
new file mode 100644
index 0000000000000000000000000000000000000000..b0f02a4527bc702db500509184db473791bbbfb6
Binary files /dev/null and b/kubernetes/helm/dspace/dspace.png differ
diff --git a/kubernetes/helm/dspace/requirements.yaml b/kubernetes/helm/dspace/requirements.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4f6af4a01bbb182bf6d3f6e11d43bb9312f8bf5a
--- /dev/null
+++ b/kubernetes/helm/dspace/requirements.yaml
@@ -0,0 +1,4 @@
+dependencies:
+- name: postgresql
+ version: 0.8.1
+ repository: https://kubernetes-charts.storage.googleapis.com/
diff --git a/kubernetes/helm/dspace/templates/apache-certs.yaml b/kubernetes/helm/dspace/templates/apache-certs.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..24bf3324074c9f67b415545369bb649cc6480388
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/apache-certs.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+metadata:
+ creationTimestamp: null
+ labels:
+ io.kompose.service: dspace
+ chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
+ release: "{{ .Release.Name }}"
+ heritage: "{{ .Release.Service }}"
+ name: apache-lindat-keys
+data:
+ lindat-dev.eurac.edu.cert: {{ .Values.webserver.cert }}
+ lindat-dev.eurac.edu.key: {{ .Values.webserver.key }}
+kind: Secret
+type: Opaque
\ No newline at end of file
diff --git a/kubernetes/helm/dspace/templates/client.fs.services.kubernetes.eurac.commul.dspace.yaml b/kubernetes/helm/dspace/templates/client.fs.services.kubernetes.eurac.commul.dspace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b8b134cfa1bbde716ada4a66929a7863f4b267ed
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/client.fs.services.kubernetes.eurac.commul.dspace.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: client.fs.services.kubernetes.eurac.commul.dspace
+type: Opaque
+data:
+ key: {{ .Values.cephfs.key }}
diff --git a/kubernetes/helm/dspace/templates/dockerconfigjson.yaml b/kubernetes/helm/dspace/templates/dockerconfigjson.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f8f91038190ef57fd4502dcc5c53397eb57cc739
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/dockerconfigjson.yaml
@@ -0,0 +1,9 @@
+apiVersion: v1
+data:
+ .dockerconfigjson: {{ .Values.dockerconfig.json | quote }}
+kind: Secret
+metadata:
+ creationTimestamp: 2017-06-23T13:05:27Z
+ name: gitlab-scientificnet-org-registry
+type: kubernetes.io/dockerconfigjson
+
\ No newline at end of file
diff --git a/kubernetes/helm/dspace/templates/dspace-deployment.yaml b/kubernetes/helm/dspace/templates/dspace-deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..47ab197c6a0ca80a3ab8c1b3a9d16117c1f08daf
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/dspace-deployment.yaml
@@ -0,0 +1,77 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ annotations:
+ kompose.cmd: kompose convert -f docker-compose.yml
+ kompose.version: 1.1.0 ()
+ creationTimestamp: null
+ labels:
+ io.kompose.service: dspace
+ name: dspace
+spec:
+ replicas: 1
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ io.kompose.service: dspace
+ spec:
+ containers:
+ - name: {{ .Chart.Name }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ command: ["sleep","360000"]
+ # command: ["/etc/init.d/tomcat8","start"]
+ env:
+ - name: dspaceuser
+ value: {{ default "" .Values.global.dspace.user | quote }}
+ - name: dspacepassword
+ valueFrom:
+ secretKeyRef:
+ name: dspace-secrets
+ key: dspace.password
+ - name: dspacedbname
+ value: {{ default "" .Values.global.dspace.dbname | quote }}
+ - name: dspaceutilsdbname
+ value: {{ default "" .Values.global.dspaceutils.dbname | quote }}
+ ports:
+ - containerPort: 8080
+ resources: {}
+ volumeMounts:
+ - name: cephfs-repository
+ mountPath: /opt/repository
+ - name: cephfs-lindat
+ mountPath: /opt/lindat-dspace
+ imagePullSecrets:
+ - name: gitlab-scientificnet-org-registry
+ volumes:
+ - name: cephfs-repository
+ cephfs:
+ monitors:
+ - 10.8.55.201:6789
+ - 10.8.55.202:6789
+ - 10.8.55.203:6789
+ - 10.7.55.201:6789
+ - 10.7.55.202:6789
+ path: /services/kubernetes/eurac/commul/dspace/dspace/repository
+ user: fs.services.kubernetes.eurac.commul.dspace
+ secretRef:
+ name: client.fs.services.kubernetes.eurac.commul.dspace
+ readOnly: false
+ - name: cephfs-lindat
+ cephfs:
+ monitors:
+ - 10.8.55.201:6789
+ - 10.8.55.202:6789
+ - 10.8.55.203:6789
+ - 10.7.55.201:6789
+ - 10.7.55.202:6789
+ path: /services/kubernetes/eurac/commul/dspace/dspace/lindat-common
+ user: fs.services.kubernetes.eurac.commul.dspace
+ secretRef:
+ name: client.fs.services.kubernetes.eurac.commul.dspace
+ readOnly: false
+
+ restartPolicy: Always
+status: {}
\ No newline at end of file
diff --git a/kubernetes/helm/dspace/templates/dspace-service.yaml b/kubernetes/helm/dspace/templates/dspace-service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c919cf3a0600acd3aa8f068ae2c5afcf32ab9bd3
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/dspace-service.yaml
@@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ kompose.cmd: kompose convert -f docker-compose.yml
+ kompose.version: 1.1.0 ()
+ creationTimestamp: null
+ labels:
+ io.kompose.service: dspace
+ name: dspace
+spec:
+ ports:
+ - name: "8080"
+ port: 8080
+ targetPort: 8080
+ selector:
+ io.kompose.service: dspace
+status:
+ loadBalancer: {}
diff --git a/kubernetes/helm/dspace/templates/postgres-service.yaml b/kubernetes/helm/dspace/templates/postgres-service.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..1aa7bed3aeb0ce9781cf979e98a1ad940459b94b
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/postgres-service.yaml
@@ -0,0 +1,20 @@
+papiVersion: v1
+kind: Service
+metadata:
+ annotations:
+ kompose.cmd: kompose convert -f docker-compose.yml
+ kompose.version: 1.1.0 ()
+ creationTimestamp: null
+ labels:
+ io.kompose.service: postgres
+ name: postgres
+spec:
+ clusterIP: None
+ ports:
+ - name: headless
+ port: 55555
+ targetPort: 0
+ selector:
+ io.kompose.service: postgres
+status:
+ loadBalancer: {}
diff --git a/kubernetes/helm/dspace/templates/rbd.yaml b/kubernetes/helm/dspace/templates/rbd.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..217ed301a9d9ab8d348e28aba314386a0729a8a2
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/rbd.yaml
@@ -0,0 +1,8 @@
+kind: Secret
+apiVersion: v1
+metadata:
+ name: ceph-rbd-secret
+data:
+ key: {{ .Values.rbd.secretToken | b64enc | quote }}
+type: kubernetes.io/rbd
+
diff --git a/kubernetes/helm/dspace/templates/secrets.yaml b/kubernetes/helm/dspace/templates/secrets.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f5a62ccbc5ab22629934df018ffc674c3231443e
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/secrets.yaml
@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: dspace-secrets
+type: Opaque
+data:
+ dspace.password: {{ .Values.global.dspace.password | b64enc | quote }}
diff --git a/kubernetes/helm/dspace/templates/webserver-deployment.yaml b/kubernetes/helm/dspace/templates/webserver-deployment.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c812f6602dc20b73f8db46899ff5d86639a29f6d
--- /dev/null
+++ b/kubernetes/helm/dspace/templates/webserver-deployment.yaml
@@ -0,0 +1,44 @@
+apiVersion: extensions/v1beta1
+kind: Deployment
+metadata:
+ annotations:
+ kompose.cmd: kompose convert -f docker-compose.yml
+ kompose.version: 1.1.0 ()
+ creationTimestamp: null
+ labels:
+ io.kompose.service: dspace
+ name: apache
+spec:
+ replicas: 1
+ strategy: {}
+ template:
+ metadata:
+ creationTimestamp: null
+ labels:
+ io.kompose.service: apache
+ spec:
+ containers:
+ - image: "{{ .Values.webserver.repository }}:{{ .Values.webserver.tag }}"
+ name: apache
+ command: ["sleep","3600"]
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ env:
+ - name: SHIB_HOSTNAME
+ value: "{{ .Values.webserver.shib_hostname }}"
+ ports:
+ - containerPort: 80
+ - containerPort: 443
+ resources: {}
+ volumeMounts:
+ - name: apache-certs
+ mountPath: "/etc/httpd/certs/"
+ readOnly: true
+ imagePullSecrets:
+ - name: gitlab-scientificnet-org-registry
+ volumes:
+ - name: apache-certs
+ secret:
+ secretName: "apache-lindat-keys"
+ restartPolicy: Always
+status: {}
+
\ No newline at end of file
diff --git a/kubernetes/helm/dspace/values.yaml b/kubernetes/helm/dspace/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..f1b62b8adc11bda71e76a6f1c967de7fbf562c05
--- /dev/null
+++ b/kubernetes/helm/dspace/values.yaml
@@ -0,0 +1,51 @@
+# Default values for dspace.
+# This is a YAML-formatted file.
+# Declare variables to be passed into your templates.
+postgres:
+ password: "xxx"
+ repository: nginx
+ tag: stable
+ pullPolicy: IfNotPresent
+
+replicaCount: 1
+image:
+ repository: gitlab.scientificnet.org:4567/kube/kubernetes/dspace/dspace
+ tag: 0.2
+ pullPolicy: IfNotPresent
+service:
+ name: nginx
+ type: ClusterIP
+ externalPort: 80
+ internalPort: 80
+ingress:
+ enabled: false
+ # Used to create Ingress record (should used with service.type: ClusterIP).
+ hosts:
+ - chart-example.local
+ annotations:
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ tls:
+ # Secrets must be manually created in the namespace.
+ # - secretName: chart-example-tls
+ # hosts:
+ # - chart-example.local
+resources: {}
+ # We usually recommend not to specify default resources and to leave this as a conscious
+ # choice for the user. This also increases chances charts run on environments with little
+ # resources, such as Minikube. If you do want to specify resources, uncomment the following
+ # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+ # limits:
+ # cpu: 100m
+ # memory: 128Mi
+ #requests:
+ # cpu: 100m
+ # memory: 128Mi
+dspace:
+ dbname :
+ password :
+ user :
+dspaceutils:
+ dbname :
+cephfs:
+ key: ""
\ No newline at end of file