- Updated to GraphDB 11.3.3
- Updated to GraphDB 11.3.2
- Updated all TLS related configurations to use the correct GraphDB v11 properties, see configmap-properties.yaml
- Updated probes to use the correct HTTPS scheme when TLS is enabled
- Updated to GraphDB 11.3.1
- Updated the backup CronJob to use form data instead of application/json as per the official GraphDB documentation. See https://graphdb.ontotext.com/documentation/11.3/migrating-graphdb-configurations.html for more information.
- Added a missing
ifin the GraphDB's StatefulSet template when rendering the ephemeral/tmpvolume mount
- Updated to GraphDB 11.3.0
- Updated to GraphDB 11.2.1
- Updated to GraphDB 11.2.0
- Updated to GraphDB 11.1.3
- Updated to GraphDB 11.1.2
- Updated to GraphDB 11.1.1
- Updated to GraphDB 11.1.0
- Updated the
extraObjectstemplate processing to additionally support rendering string Helm templates.
- Fixed startup failure if no TLS variables are defined, due to misconfiguration of container volumes
- Replaced raw http usage with
$GRAPHDB_PROTOCOLin the indices creation job
- Updated to GraphDB 11.0.2
- Updated to GraphDB 11.0.1
- Updated to GraphDB 11.0.0
- Added
security.overrideUsersthat will provision the users on each GraphDB pod startup. Disabled by default.
- Tuned the startup and readiness probes to expose the GraphDB service as soon as possible
- Tuned the startup probe to allow slower GraphDB starts
- Updated to GraphDB 10.8.5
- Fixed the PodDisruptionBudged of the proxy to be deployed only when the proxy is deployed
- Added new configuration properties for GraphDB Tomcat connector SSL/TLS
- Added
configuration.tls.keystoreto configure a keystore with its properties - Added
configuration.tls.truststoreto configure a truststore with its properties - Added
configuration.tls.certificateRevocationListto configure a certificate revocation list
- Added
- Added new configuration properties for configuring GraphDB cluster security (SSL/TLS)
- Added
cluster.tls.modeto configure cluster security mode - Added
cluster.tls.keystoreto configure a keystore with its properties - Added
cluster.tls.truststoreto configure a truststore with its properties - Added
cluster.tls.certificateto configure a certificate - Added
cluster.tls.certificateChainto configure a certificate chain - Added
cluster.tls.certificateKeyto configure a private key with its properties - Added
cluster.tls.rootCertsto configure root certificates to be trusted - Added
cluster.tls.certificateRevocationListto configure a certificate revocation list
- Added
- Updated jobs and scripts to use
httpsorhttpdepending on whether the Tomcat connector security is configured - Added
indicesconfiguration enabling a job for initial preloading of indices and other SPARQL updates - Added
backup.timezoneconfiguration for overriding the default timezone with a specific one
- Added examples for configuring GCP ServiceAccount and Cloud Storage backups under examples/gcp
- Updated to GraphDB 10.8.4
- Updated to GraphDB 10.8.3
- Removed
| quotefrom renderingconfiguration.propertiesin properties ConfigMaps in order to allow configuring GraphDB with non-string properties.
- Updated to GraphDB 10.8.2
- Updated to GraphDB 10.8.1
- Added new configuration properties for the license
- Added
license.mountPathto configure where the license volume is mounted - Added
license.optionalto configure the license volume as optional if needed - Added
license.readOnlyto configure the read/write mode of the license volume mount
- Added
- Updated to GraphDB 10.8.0
- Removed any pre-install, pre-upgrade, pre-rollback Helm hooks annotations to allow seamless ArgoCD deployments.
- Changed the license directory to
/opt/graphdb/home/conf/license/withlicense.mountPathin order to avoid using asubPathvolume mount. This allows kubelet to update the license when the Secret has been updated. - Changed the license volume mount as read-only by default with
license.readOnly
- Updated to GraphDB 10.7.6
- Updated to GraphDB 10.7.5
- Added CronJob for scheduling GraphDB backups. The CronJob supports both local and cloud backups.
- Added new configurations under
backup:backup.enabledfor toggling the backup CronJob,backup.typefor selecting between local and cloud and more. - Local backups support saving the GraphDB backup archives in volume from an existing persistent volume claim,
configured
with
backup.local - Cloud backups support uploading the GraphDB backup archives in one of the supported cloud object storage services,
configured with
backup.cloud - Added a new example under examples/backup-local showing how to use the local backup feature
with
backup.local
- Added new configurations under
- Added a new property
security.provisioner.passwordHashto define an initial password for the provisioner user as a bcrypt hash. - Configured
graphdb.extra.pluginsto load plugins from/opt/graphdb/home/extra-pluginsby default
- Updated the GraphDB containers to explicitly use
/tmpas a working directory to avoid permission errors due to the default security context'sreadOnlyRootFilesystemwhen the container has a starting folder different from/tmp.
- Updated to GraphDB 10.7.4
- Added GraphDB configuration examples
- Added GraphDB security configuration examples
- Updated StatefulSets templates in graphdb and proxy to properly render
extraVolumeClaimtemplates. Replacedifstatement withwith.
- Updated to GraphDB 10.7.3
- Updated to GraphDB 10.7.2
- Add examples for deploying GraphDB in AWS
- Updated to GraphDB 10.7.1
- Updated to GraphDB 10.7.0
- Added
podAntiAffinityandproxy.podAntiAffinityfor configuring a default podAntiAffinity for the GraphDB pods and GraphDB proxy pods. The default values configure a "soft" podAntiAffinity that tries to schedule GraphDB pods across different Kubernetes hosts but does not enforce it. - Added new configuration options for the Jobs
- Added
job.schedulerNamefor overriding the default Kubernetes scheduler - Added
job.dnsConfigandjob.dnsPolicyfor customizing the DNS resolution - Added
job.priorityClassNamefor defining the pods scheduling importance - Added
job.nodeSelector,job.affinity,job.tolerationsandjob.topologySpreadConstraintsfor customizing the node scheduling
- Added
- Added
persistence.volumeClaimRetentionPolicyandproxy.persistence.volumeClaimRetentionPolicyto control the retention policy of the PVCs when the StatefulSets are scaled and deleted. These configurations are used only for Kubernetes 1.27 and above.
GraphDB Helm 11.0.1 is a patch release that includes bug fixes.
- Updated all cluster jobs to explicitly use
/tmpas a working directory to avoid permission errors due to the default security context'sreadOnlyRootFilesystemwhen the container has a starting folder different from/tmp. - Updated all utility scripts to use temporary files under
/tmpfor the same reason.
Version 11 of the chart addresses a bunch of legacy issues and aims to provide much better user experience and reliability.
- Version - The Helm chart is no longer tied with the version of GraphDB and has a separate development and release cycle.
- Naming - Removed hardcoded resource names in favor of using the name templates from _labels.tpl
- Labels - Added the possibility to provide custom labels and annotations to almost every single resource
- Implementation Agnostic - Removed the dependency of particular ingress controllers and storage classes
- Security - Enabled security context by default
- Configurations - Added multiple new configurations to customize both GraphDB and the Kubernetes resources
- Updated the chart to require Kubernetes version 1.26+
- Enabled security context by default for all pods and containers
- Updated the GraphDB deployment URL to be http://graphdb.127.0.0.1.nip.io/ by default, see
configuration.externalUrl - Resource names are no longer hardcoded and are using the templates for
nameOverrideandfullnameOverride - Updated the ingress to be agnostic to the ingress implementation. It will no longer assume that NGINX is the ingress controller in the cluster and will no longer deploy NGINX specific annotations by default. Removed anything related to NGINX as configurations.
- Removed setting FQDN as hostnames in GraphDB and the proxy in favor of dynamically resolving and configuring the hostnames in the provisioning init containers
- Removed the default value from
global.imageRegistry, the chart now uses the value fromimage.registry - Removed
global.storageClassin favor of using by default the default storage class in the cluster. Templates will no longer useglobal.storageClass. - Renamed
extraLabelsto justlabels - Moved
images.graphdbconfigurations to justimage - Moved
deployment.imagePullPolicytoimage.pullPolicyanddeployment.imagePullSecrettoimage.pullSecrets- Note that
image.pullSecretsis now a list
- Note that
- Moved
deployment.ingressto justingress - Moved
deployment.tlstoingress.tls - Moved
graphdbandgraphdb.nodeconfigurations on the root level - Moved all proxy configurations from
graphdb.clusterProxyto justproxy - Renamed
proxy.persistence.enablePersistencetoggle to justenabled - Moved
proxy.serviceTypetoproxy.service.type - Configmaps from
graphdb.configsare now underconfiguration,repositories,clusterandsecuritywith a different structure allowing better reuse of existing configmaps - Moved
graphdb.clusterConfigconfigurations- Moved
graphdb.clusterConfig.nodesCounttoreplicas - Moved the rest of
graphdb.clusterConfigconfigurations undercluster,cluster.configandcluster.config.params
- Moved
- Moved
graphdb.securityconfigurations tosecurity- Moved
provisioningUsernameandprovisioningPasswordundersecurity.provisioner
- Moved
- Moved job related configurations from
graphdb(e.g.graphdb.jobResources) to a new root sectionjobs - Moved
graphdb.node.serviceconfigurations toheadlessService - Moved
graphdb.import_directory_mountconfigurations toimport.volumeMount - Renamed
pdbtopodDisruptionBudgetand renamedpodDisruptionBudget.createtopodDisruptionBudget.enabledfor consistency - Renamed
messageSizetomessageSizeKBin the cluster creation configuration incluster.config.params - Renamed
java_argstodefaultJavaArgumentsand added a separatejavaArgumentsthat can be used for additional configurations, seeconfigurationandproxy.configuration - Removed configuration overrides from the default
GDB_JAVA_OPTS:enable-context-index,entity-pool-implementationandhealth.max.query.time.seconds - Removed the default logback XML configuration and configmap in favor of an example and a
new configuration options
under
configuration.logbackandproxy.configuration.logback - Renamed GraphDB storage PVC template name prefix to
storageand server import folder toimport - Moved
persistence.volumeClaimTemplateSpectopersistence.volumeClaimTemplate.spec - Updated the Service type of the proxy to be ClusterIP by default, see
proxy.service.type - And more, please refer to values.yaml
- Added GraphDB and GraphDB proxy hostnames resolution in the init containers
- Added new annotation checksums for GraphDB and GraphDB proxy in order to detect changes in the properties configmaps and ultimately trigger rolling update
- Added default Secret objects for GraphDB and the proxy that contain sensitive GraphDB configurations
- Added
serviceAccountconfigurations allowing you to create or use an existing service account for the GraphDB pods - Added more feature toggles:
headlessService.enabledproxy.service.enabledproxy.headlessService.enabledpersistence.enabledproxy.persistence.enabledcluster.jobs.createCluster.enabled- Enables or disables the cluster creation Jobcluster.jobs.patchCluster.enabled- Enables or disables the Job for patching the cluster configurationcluster.jobs.scaleCluster.enabled- Enables or disables the Jobs for scaling up or down the cluster
- Added
image.digestto optionally provide an expected digest of the image - Added
annotationsfor additional common annotations across all resources - Added separate
proxy.labelsandproxy.annotationsconfigurations for the cluster proxy - Added new
global.clusterDomainfor reconfiguring the default Kubernetes cluster domain suffix in case it is different thancluster.local - Added
namespaceOverridefor overriding the deployment namespace for all resources in case of multi-namespace deployment - Added new configuration options for the default ingress
ingress:- Ability to override the
hostandpathfor GraphDB fromconfiguration.externalUrl - Ability to change the Ingress path type with
ingress.pathType - Inserting additional hosts and TLS configurations with
ingress.extraHostsandingress.extraTLS
- Ability to override the
- Added
security.adminfor configuring the initial password of the administrator user - Added
security.initialUsers.usersfor inserting additional users into the default initial user.js configuration - Added
security.provisioner.existingSecretandsecurity.provisioner.tokenKeyto provide an existing authentication token - Added
cluster.token.existingSecretandcluster.token.secretKeyfor using an existing Secret instead of providing the cluster secret token as plaintext in values.yaml - Added
cluster.config.existingConfigmapto specify a custom configmap key if needed - Added
configuration.propertiesandproxy.configuration.propertiesfor appending additional inline GraphDB configurations in their properties configmaps - Added
configuration.secretPropertiesandproxy.secretPropertiesfor appending additional inline sensitive GraphDB configurations if needed - Added
configuration.extraProperties.existingConfigmapandproxy.configuration.extraProperties.existingConfigmapfor appending GraphDB properties from an existing ConfigMap resource - Added
configuration.extraProperties.existingSecretandproxy.configuration.extraProperties.existingSecretfor appending GraphDB properties from an existing Secret resource - Added a Service for single GraphDB deployments, configured with new configurations under
service - Added new configurations for the Service resources
service,headlessService,proxy.serviceandproxy.headlessService:- Added
labelsconfigurations for insertion of additional labels - Added
portsmappings in each Service - Added
extraPortsfor mapping additional ports, use in combination withextraContainerPorts
- Added
- Added
containerPortsandproxy.containerPortsfor mapping the ports on which GraphDB listens on - Added
extraContainerPortsandproxy.extraContainerPortsto open additional container ports - Added
service.externalTrafficPolicyandservice.proxy.externalTrafficPolicyto override the policy to Local if needed - Added
service.healthCheckNodePortandservice.proxy.healthCheckNodePortto define a specific node port for LB health checks - Added
service.loadBalancerClassandservice.proxy.loadBalancerClassto select a specific load balancer implementation - Added
service.loadBalancerSourceRangesandservice.proxy.loadBalancerSourceRangesto restrict the external ingress traffic from the LB - Added
service.externalIPsandservice.proxy.externalIPsto use existing external IPs - Added
persistence.emptyDirandproxy.persistence.emptyDirconfigurations for an emptyDir volume that will be used when the persistence is disabled - Added
tempVolumeconfigurations for an emptyDir volume mapped to the /tmp folder in the GraphDB containers - Added configurations for extra
labelsandannotationsfor all persistent volume claim templates:persistence.volumeClaimTemplate,proxy.persistence.volumeClaimTemplateandimport.volumeMount.volumeClaimTemplate - Added
imagePullPolicyconfiguration to the Jobs containers - Added
jobs.backoffLimitfor configuring the retry count for all jobs - Added
jobs.ttlSecondsAfterFinishedfor configuring the time in seconds for all jobs before deleting finished pods - Added
jobs.persistence.emptyDirconfigurations for the default temporary storage for all jobs - Added
proxy.commandandproxy.argsthat override the default container entrypoint and command, use for troubleshooting - Added
proxy.pdbfor configuring a pod disruption budget for the GraphDB Proxy - Added
proxy.logbackconfigurations for providing the proxy with a custom Logback XML configuration - Added
proxy.initContainerSecurityContextandproxy.initContainerResourcesto avoid using the configurations from GraphDB - Added
automountServiceAccountTokenwith default valuefalseeffectively ejecting the service account token by default - Added
updateStrategyandproxy.updateStrategyfor controlling the strategy when updating pods - Added
podManagementPolicyandproxy.podManagementPolicyfor configuring how the pods are created and scaled - Added
schedulerNameandproxy.schedulerNamefor overriding the default Kubernetes scheduler - Added
dnsConfig,dnsPolicy,proxy.dnsConfigandproxy.dnsPolicyfor customizing the DNS resolution if needed - Added
extraContainersandproxy.extraContainersfor inserting additional containers into the pods of GraphDB and the GraphDB proxy - Added
initContainerDataPermissionsandproxy.initContainerDataPermissionsfor changing permissions in the storage volumes if needed - Added
extraVolumeClaimTemplatesandproxy.extraVolumeClaimTemplates - Added
extraObjectsas a way to insert additional Kubernetes objects into the deployment - Added
priorityClassNameandproxy.priorityClassNameconfigurations
- GraphDB and GraphDB proxy properties configmaps are now applied by default
- References to existing configmaps and secrets are now processed as templates
- Node scheduling configurations are now processed as templates
- Values in
labels,annotationsandimagePullSecretsare now evaluated as templates - Removed unused busybox image configurations from
images.busybox - Renamed the port mappings of GraphDB and GraphDB proxy to
httpandrpc - Service resources and probes now refer to the target ports by their nicknames instead of explicit port numbers
- Added trimming when loading files in the configmaps and secrets
- Cluster jobs now automatically resolve the cluster domain
- Removed
files/config/graphdb.propertiesandfiles/config/proxy/graphdb.propertiesand moved any defined properties directly into the ConfigMap declarations - Moved GraphDB specific properties from
GDB_JAVA_OPTSinto the properties ConfigMaps - Added
-XX:-UseCompressedOopsin the default Java arguments to allow allocating heap sizes larger than 32GBs when the max heap size is based on the-XX:MaxRAMPercentageJava option - Ejected the default service account token in the GraphDB proxy pods
- Overhauled NOTES.txt to be more helpful
- Added default resource limits and requests for all init containers and provisioning jobs
- PodDisruptionBudget are enabled by default for both GraphDB and GraphDB proxy
- Updated init containers to invoke
bashinstead ofsh - Updated the default memory limits and requests to 4Gi
- Added
graphdb.node.extraInitContainersandgraphdb.clusterProxy.extraInitContainersthat allows for the insertion of custom init containers to both GraphDB and its proxy - Added
graphdb.clusterConfig.transactionLogMaximumSizeGBconfiguration for the cluster creation JSON configuration. - Added
graphdb.clusterConfig.existingClusterConfigfor providing a custom cluster creation JSON configuration.
- Fixed URLs in the README.md that refer to the official GraphDB documentation.
- Fixed the cluster creation JSON configuration to use
messageSizeKBinstead ofmessageSize, seegraphdb.clusterConfig.messageSize.
- Added
graphdb.node.licenseFilenamefor cases where the default filename is not "graphdb.license"
- Updated the default ingress's path type to
ImplementationSpecific - Updated graphdb.properties example file
- Templates will now use
Chart.AppVersionby default unlessimages.graphdb.tagis specified. - Updated busybox image to version 1.36.1
- Use
clusterCreationTimeoutin patch cluster job as well
- Fixed
graphdb-cluster-proxy-configmapto use the correct java_args configuration from values.yaml.
- Added configurations for specifying resource values for all remaining containers, see
graphdb.node.initContainerResourcesandgraphdb.jobResources.
- Fixed the image registry to have priority over the global registry
- Added configurations for extra service annotations, see
graphdb.node.service.annotations,graphdb.clusterProxy.service.annotationsandgraphdb.clusterProxy.headlessService.annotations
- Added configurations for overriding graphdb-node's command and arguments, see
graphdb.node.commandandgraphdb.node.args - Added configurations for Pod Disruption Budget for the GraphDB nodes, see
graphdb.pdb - Added
graphdb-proxy-properties-configmap.yamlto load graphdb.properties containing the cluster node addresses into the cluster-proxy
- Removed
versionsfield as it is not really used nor needed - Removed the license provisioning init container in favor of directly mounting the license
- Removed unused
graphdb-node-storagevolume mount - Removed the node addresses from the
graphdb-cluster-proxy-configmap.yamlto prevent cluster proxy restarting on cluster scale up/down - Updated the resources to not set CPU limits in order to avoid CPU throttling, lowered the default CPU requirements
- Added configurations for extra env vars in the nodes and cluster proxies, see
graphdb.node.envFromandgraphdb.clusterProxy.extraEnv. - Added configurations for changing the
revisionHistoryLimitfor nodes and cluster proxies. - Added configurations for adding extra
podLabelsandpodAnnotationsfor both the nodes and cluster proxies. - Added configurations for
terminationGracePeriodSecondsto both the nodes and cluster proxies. - Fixed an issue with setting the
provisioningUsernameto anything other than the default.
- Updated the templates to avoid rendering empty configurations
- Removed unused helper template
graphdbLicenseSecret - Added
graphdbprefix in the helper templates function naming
- Added configurable security context for both the node and cluster-proxy statefulsets and all the jobs
- Added extraEnv, extraVolumes and extraVolumeMounts to the statefulsets
- Added an optional PV/PVC to the cluster-proxy to properly preserve logs (enabled by default)
- Changed the provision user credentials to be used through a secret instead of rendering inside the jobs
- Changed the logback.xml and graphdb.properties provisioning to work even if such are already present
- Changed the graphdb-cluster-config-configmap map to not render when there is no cluster
- Changed the default values of nodeSelector, affinity, tolerations and topologySpreadConstraints to be a part of the values.yaml file instead of inside the statefulsets
- Updated default clusterConfig.electionMinTimeout and clusterConfig.electionRangeTimeout to the current GraphDB defaults
- Updated the cluster proxy probes settings, so it can become available sooner
- Updated the cluster and repositories jobs with simpler arguments removing the need to copy scripts and to make them executable
- Added ephemeral volumes in the cluster and repositories jobs to avoid issues with readonly file systems
- Added the ability to provision a repository
- Fixed an issue with the external proxy connecting to the nodes when https is used
- Added ability to override cluster proxy's type, default remains LoadBalancer
- Fixed ingress template to properly handle root context
- Fixed single node returning wrong location header with explicit transactions
- The graphdb-node service now is always headless. If you installed Version 10.0.0 with
graphdb.clusterConfig.nodesCountset to1you will have to delete the service prior to an update
- Upgrade to GraphDB 10.0.1
- Cluster size can now be scaled
- Fixed an issue with deploying with security turned on
- Fixed an issue with the cluster proxy returning its internal address when queried externally
New major release that isn't compatible with the old chart, due to major breaking changes in Graphdb 10. Migration steps can be found here.
- Changed to work with the new GraphDB 10.
- Removed Kong.
- Moved from multiple stateful sets with 1 replica to statefulsets with multiple replicas.
- Configurable liveness, readiness, startup probes.
- Can use standalone without license by default. Don't forget to set your license for a working cluster and connectors!
- New overridable configmaps for users, settings and logback.
images.graphdb,images.kongandimages.busyboxare now maps which can specifyregistry,repositoryandtag
- Added global variables support (global.deployment.host/global.ingressHost, global.storageClass, global.imagePullSecrets and global.imageRegistry)
- Add ability to override logback.xml by setting
deplyment.logbackConfigFileto the location of the file to use - Set additional JMX attributes using
graphdb.masters.additionalJmxArrtibutes. This is a map of attr_name=attr_value pairs - Fixed loadrdf tool path
- Moved to dynamic volume provisioning by default (volumeClaimTemplates), old default pvc/pv's are still available
- Added JDBC driver support for Ontop functionality
- Minor fixes
- Added multiple repositories provisioning
- Added security provisioning
- Added GraphDB properties provisioning
- Changed GraphDB vhosts and external url properties
- Upgrade to GraphDB 9.8.1
- Provide flexible persistence provisioning
- Provide HA options like node selectors, podaffinity, tolerations, etc
- Make Ingress and kong optional
- Minor fixes