diff --git a/cvat/settings/production.py b/cvat/settings/production.py
index 9b8d21fc..3288a93d 100644
--- a/cvat/settings/production.py
+++ b/cvat/settings/production.py
@@ -11,9 +11,9 @@ INSTALLED_APPS += [
]
NUCLIO['HOST'] = os.getenv('CVAT_NUCLIO_HOST', 'nuclio')
-
for key in RQ_QUEUES:
RQ_QUEUES[key]['HOST'] = os.getenv('CVAT_REDIS_HOST', 'cvat_redis')
+ RQ_QUEUES[key]['PASSWORD'] = os.getenv('CVAT_REDIS_PASSWORD', '')
# Django-sendfile:
# https://github.com/moggers87/django-sendfile2
diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml
index a7a64934..53bebece 100644
--- a/helm-chart/Chart.yaml
+++ b/helm-chart/Chart.yaml
@@ -15,7 +15,7 @@ type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.4.5
+version: 0.5.0
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
@@ -26,12 +26,12 @@ appVersion: latest
dependencies:
- name: redis
- version: "16.13.*"
+ version: "17.3.*"
repository: https://charts.bitnami.com/bitnami
condition: redis.enabled
- name: postgresql
- version: "10.16.*"
+ version: "12.1.*"
repository: https://charts.bitnami.com/bitnami
condition: postgresql.enabled
diff --git a/helm-chart/templates/cvat-postgres-secret.yml b/helm-chart/templates/cvat-postgres-secret.yml
index fcfb6b9f..a44dac4d 100644
--- a/helm-chart/templates/cvat-postgres-secret.yml
+++ b/helm-chart/templates/cvat-postgres-secret.yml
@@ -8,10 +8,9 @@ metadata:
{{- include "cvat.labels" . | nindent 4 }}
type: generic
stringData:
- postgresql-hostname: "{{ .Release.Name }}-postgresql"
- postgresql-database: {{ .Values.postgresql.postgresqlDatabase }}
- postgresql-username: {{ .Values.postgresql.postgresqlUsername }}
- postgresql-password: {{ .Values.postgresql.secret.password }}
- postgresql-postgres-password: {{ .Values.postgresql.secret.postgres_password }}
- postgresql-replication-password: {{ .Values.postgresql.secret.replication_password }}
+ database: {{ .Values.postgresql.auth.database }}
+ username: {{ .Values.postgresql.auth.username }}
+ password: {{ .Values.postgresql.secret.password }}
+ postgres-password: {{ .Values.postgresql.secret.postgres_password }}
+ replication-password: {{ .Values.postgresql.secret.replication_password }}
{{- end }}
diff --git a/helm-chart/templates/cvat-redis-secret.yml b/helm-chart/templates/cvat-redis-secret.yml
new file mode 100644
index 00000000..d2c0a771
--- /dev/null
+++ b/helm-chart/templates/cvat-redis-secret.yml
@@ -0,0 +1,12 @@
+{{- if .Values.redis.secret.create }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "{{ tpl (.Values.redis.secret.name) . }}"
+ namespace: {{ .Release.Namespace }}
+ labels:
+ {{- include "cvat.labels" . | nindent 4 }}
+type: generic
+stringData:
+ redis-password: {{ .Values.redis.secret.password }}
+{{- end }}
diff --git a/helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml b/helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml
index 20e68177..402a6287 100644
--- a/helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml
+++ b/helm-chart/templates/cvat_backend/cvat_worker_webhooks/deployment.yml
@@ -59,39 +59,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: CVAT_POSTGRES_HOST
+ - name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
- name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-hostname
+ name: "{{ tpl (.Values.redis.secret.name) . }}"
+ key: redis-password
+ {{- if .Values.postgresql.enabled }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Release.Name }}-postgresql"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.service.ports.postgresql }}"
+ {{- else }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Values.postgresql.external.host }}"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.external.port }}"
+ {{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-username
+ key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-database
+ key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-password
- {{- else }}
- - name: CVAT_POSTGRES_HOST
- value: "{{ .Values.postgresql.external.host }}"
- - name: CVAT_POSTGRES_USER
- value: "{{ .Values.postgresql.external.user }}"
- - name: CVAT_POSTGRES_DBNAME
- value: "{{ .Values.postgresql.external.dbname }}"
- - name: CVAT_POSTGRES_PASSWORD
- value: "{{ .Values.postgresql.external.password }}"
- - name: CVAT_POSTGRES_PORT
- value: "{{ .Values.postgresql.external.port }}"
- {{- end }}
+ key: password
{{- with .Values.cvat.backend.worker.webhooks.additionalEnv }}
{{- toYaml . | nindent 10 }}
{{- end }}
diff --git a/helm-chart/templates/cvat_backend/server/deployment.yml b/helm-chart/templates/cvat_backend/server/deployment.yml
index 688400e0..1afd05c1 100644
--- a/helm-chart/templates/cvat_backend/server/deployment.yml
+++ b/helm-chart/templates/cvat_backend/server/deployment.yml
@@ -89,39 +89,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: CVAT_POSTGRES_HOST
+ - name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
- name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-hostname
+ name: "{{ tpl (.Values.redis.secret.name) . }}"
+ key: redis-password
+ {{- if .Values.postgresql.enabled }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Release.Name }}-postgresql"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.service.ports.postgresql }}"
+ {{- else }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Values.postgresql.external.host }}"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.external.port }}"
+ {{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-username
+ key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-database
+ key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-password
- {{- else }}
- - name: CVAT_POSTGRES_HOST
- value: "{{ .Values.postgresql.external.host }}"
- - name: CVAT_POSTGRES_USER
- value: "{{ .Values.postgresql.external.user }}"
- - name: CVAT_POSTGRES_DBNAME
- value: "{{ .Values.postgresql.external.dbname }}"
- - name: CVAT_POSTGRES_PASSWORD
- value: "{{ .Values.postgresql.external.password }}"
- - name: CVAT_POSTGRES_PORT
- value: "{{ .Values.postgresql.external.port }}"
- {{- end }}
+ key: password
{{- if .Values.nuclio.enabled }}
- name: CVAT_SERVERLESS
value: "1"
diff --git a/helm-chart/templates/cvat_backend/utils/deployment.yml b/helm-chart/templates/cvat_backend/utils/deployment.yml
index 7dd19d7b..94e433f1 100644
--- a/helm-chart/templates/cvat_backend/utils/deployment.yml
+++ b/helm-chart/templates/cvat_backend/utils/deployment.yml
@@ -60,39 +60,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: CVAT_POSTGRES_HOST
+ - name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
- name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-hostname
+ name: "{{ tpl (.Values.redis.secret.name) . }}"
+ key: redis-password
+ {{- if .Values.postgresql.enabled }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Release.Name }}-postgresql"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.service.ports.postgresql }}"
+ {{- else }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Values.postgresql.external.host }}"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.external.port }}"
+ {{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-username
+ key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-database
+ key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-password
- {{- else }}
- - name: CVAT_POSTGRES_HOST
- value: "{{ .Values.postgresql.external.host }}"
- - name: CVAT_POSTGRES_USER
- value: "{{ .Values.postgresql.external.user }}"
- - name: CVAT_POSTGRES_DBNAME
- value: "{{ .Values.postgresql.external.dbname }}"
- - name: CVAT_POSTGRES_PASSWORD
- value: "{{ .Values.postgresql.external.password }}"
- - name: CVAT_POSTGRES_PORT
- value: "{{ .Values.postgresql.external.port }}"
- {{- end }}
+ key: password
{{- if .Values.nuclio }}
- name: CVAT_SERVERLESS
value: "1"
diff --git a/helm-chart/templates/cvat_backend/worker_default/deployment.yml b/helm-chart/templates/cvat_backend/worker_default/deployment.yml
index 2ab187b5..253674b7 100644
--- a/helm-chart/templates/cvat_backend/worker_default/deployment.yml
+++ b/helm-chart/templates/cvat_backend/worker_default/deployment.yml
@@ -59,39 +59,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: CVAT_POSTGRES_HOST
+ - name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
- name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-hostname
+ name: "{{ tpl (.Values.redis.secret.name) . }}"
+ key: redis-password
+ {{- if .Values.postgresql.enabled }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Release.Name }}-postgresql"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.service.ports.postgresql }}"
+ {{- else }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Values.postgresql.external.host }}"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.external.port }}"
+ {{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-username
+ key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-database
+ key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-password
- {{- else }}
- - name: CVAT_POSTGRES_HOST
- value: "{{ .Values.postgresql.external.host }}"
- - name: CVAT_POSTGRES_USER
- value: "{{ .Values.postgresql.external.user }}"
- - name: CVAT_POSTGRES_DBNAME
- value: "{{ .Values.postgresql.external.dbname }}"
- - name: CVAT_POSTGRES_PASSWORD
- value: "{{ .Values.postgresql.external.password }}"
- - name: CVAT_POSTGRES_PORT
- value: "{{ .Values.postgresql.external.port }}"
- {{- end }}
+ key: password
{{- if .Values.nuclio }}
- name: CVAT_SERVERLESS
value: "1"
diff --git a/helm-chart/templates/cvat_backend/worker_low/deployment.yml b/helm-chart/templates/cvat_backend/worker_low/deployment.yml
index 08ef0340..37883c78 100644
--- a/helm-chart/templates/cvat_backend/worker_low/deployment.yml
+++ b/helm-chart/templates/cvat_backend/worker_low/deployment.yml
@@ -59,39 +59,37 @@ spec:
- name: CVAT_REDIS_HOST
value: "{{ .Values.redis.external.host }}"
{{- end }}
- {{- if .Values.postgresql.enabled }}
- - name: CVAT_POSTGRES_HOST
+ - name: CVAT_REDIS_PASSWORD
valueFrom:
secretKeyRef:
- name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-hostname
+ name: "{{ tpl (.Values.redis.secret.name) . }}"
+ key: redis-password
+ {{- if .Values.postgresql.enabled }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Release.Name }}-postgresql"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.service.ports.postgresql }}"
+ {{- else }}
+ - name: CVAT_POSTGRES_HOST
+ value: "{{ .Values.postgresql.external.host }}"
+ - name: CVAT_POSTGRES_PORT
+ value: "{{ .Values.postgresql.external.port }}"
+ {{- end }}
- name: CVAT_POSTGRES_USER
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-username
+ key: username
- name: CVAT_POSTGRES_DBNAME
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-database
+ key: database
- name: CVAT_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: "{{ tpl (.Values.postgresql.secret.name) . }}"
- key: postgresql-password
- {{- else }}
- - name: CVAT_POSTGRES_HOST
- value: "{{ .Values.postgresql.external.host }}"
- - name: CVAT_POSTGRES_USER
- value: "{{ .Values.postgresql.external.user }}"
- - name: CVAT_POSTGRES_DBNAME
- value: "{{ .Values.postgresql.external.dbname }}"
- - name: CVAT_POSTGRES_PASSWORD
- value: "{{ .Values.postgresql.external.password }}"
- - name: CVAT_POSTGRES_PORT
- value: "{{ .Values.postgresql.external.port }}"
- {{- end }}
+ key: password
{{- if .Values.nuclio }}
- name: CVAT_SERVERLESS
value: "1"
diff --git a/helm-chart/values.yaml b/helm-chart/values.yaml
index 1a8a8e66..2fd01529 100644
--- a/helm-chart/values.yaml
+++ b/helm-chart/values.yaml
@@ -185,23 +185,20 @@ postgresql:
external:
host: 127.0.0.1
port: 5432
- user: postgres
- password: postgres
- dbname: cvat
# If not external following config will be applied by default
- global:
- postgresql:
- existingSecret: "{{ .Release.Name }}-postgres-secret"
+ auth:
+ existingSecret: "{{ .Release.Name }}-postgres-secret"
+ username: cvat
+ database: cvat
+ service:
+ ports:
+ postgresql: 5432
secret:
create: true
name: "{{ .Release.Name }}-postgres-secret"
password: cvat_postgresql
postgres_password: cvat_postgresql_postgres
replication_password: cvat_postgresql_replica
- postgresqlDatabase: cvat
- postgresqlUsername: cvat
- service:
- port: 5432
redis:
#See https://github.com/bitnami/charts/blob/master/bitnami/redis/ for more info
@@ -209,7 +206,11 @@ redis:
external:
host: 127.0.0.1
auth:
- enabled: false
+ existingSecret: "{{ .Release.Name }}-redis-secret"
+ secret:
+ create: true
+ name: "{{ .Release.Name }}-redis-secret"
+ password: cvat_redis
cluster:
enabled: false
diff --git a/site/content/en/docs/administration/advanced/k8s_deployment_with_helm.md b/site/content/en/docs/administration/advanced/k8s_deployment_with_helm.md
index e0955b59..f7003148 100644
--- a/site/content/en/docs/administration/advanced/k8s_deployment_with_helm.md
+++ b/site/content/en/docs/administration/advanced/k8s_deployment_with_helm.md
@@ -226,9 +226,85 @@ See
```
### How to understand what diff will be inflicted by 'helm upgrade'?
You can use for that
-### I want to use my own postgresql/redis with your chart.
-Just set `postgresql.enabled` or `redis.enabled` to `false`, as described below.
-Then - put your instance params to "external" field
+### I want to use my own postgresql with your chart.
+Just set `postgresql.enabled` to `false` in the override file, then put the parameters of your database
+instance in the `external` field.
+You may also need to configure `username`, `database` and `password` fields
+to connect to your own database:
+```yml
+postgresql:
+ enabled: false
+ external:
+ host: postgresql.default.svc.cluster.local
+ port: 5432
+ auth:
+ username: cvat
+ database: cvat
+ secret:
+ password: cvat_postgresql
+```
+In example above corresponding secret will be created automatically, but if you want to use existing secret change `secret.create` to `false` and set `name` of existing secret:
+```yml
+postgresql:
+ enabled: false
+ external:
+ host: postgresql.default.svc.cluster.local
+ port: 5432
+ secret:
+ create: false
+ name: "my-postgresql-secret"
+```
+The secret must contain the `database`, `username` and `password`
+keys to access to the database
+like:
+```yml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "my-postgresql-secret"
+ namespace: default
+type: generic
+stringData:
+ database: cvat
+ username: cvat
+ password: secretpassword
+```
+
+### I want to use my own redis with your chart.
+Just set `redis.enabled` to `false` in the override file, then put the parameters of your Redis
+instance in the `external` field.
+You may also need to configure `password` field to connect to your own Redis:
+```yml
+redis:
+ enabled: false
+ external:
+ host: redis.hostname.local
+ secret:
+ password: cvat_redis
+```
+In the above example the corresponding secret will be created automatically, but if you want to use an existing secret
+change `secret.create` to `false` and set `name` of the existing secret:
+```yml
+redis:
+ enabled: false
+ external:
+ host: redis.hostname.local
+ secret:
+ create: false
+ name: "my-redis-secret"
+```
+The secret must contain the `redis-password` key like:
+```yml
+apiVersion: v1
+kind: Secret
+metadata:
+ name: "my-redis-secret"
+ namespace: default
+type: generic
+stringData:
+ redis-password: secretpassword
+```
+
### I want to override some settings in values.yaml.
Just create file `values.override.yaml` and place your changes here, using same structure as in `values.yaml`.
Then reference it in helm update/install command using `-f` flag
diff --git a/supervisord/utils.conf b/supervisord/utils.conf
index 6ed7d04d..d5bfafd1 100644
--- a/supervisord/utils.conf
+++ b/supervisord/utils.conf
@@ -30,7 +30,7 @@ numprocs=1
[program:rqscheduler]
command=%(ENV_HOME)s/wait-for-it.sh %(ENV_CVAT_REDIS_HOST)s:6379 -t 0 -- bash -ic \
- "python3 /opt/venv/bin/rqscheduler --host %(ENV_CVAT_REDIS_HOST)s -i 30"
+ "python3 /opt/venv/bin/rqscheduler --host %(ENV_CVAT_REDIS_HOST)s --password %(ENV_CVAT_REDIS_PASSWORD)s -i 30"
environment=SSH_AUTH_SOCK="/tmp/ssh-agent.sock"
numprocs=1