Latest from sda-helm

charts/sda-db/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: sda-db
-version: "0.5.1"
+version: "0.5.2"
 description: Database component for Sensitive Data Archive (SDA) installation
 home: https://neic-sda.readthedocs.io
 icon: https://neic.no/assets/images/logo.png

charts/sda-db/values.yaml

@@ -26,7 +26,7 @@ extraSecurityContext: {}
 
 image:
   repository: ghcr.io/neicnordic/sda-db
-  tag: v2.0.7
+  tag: v2.1.10
   pullPolicy: IfNotPresent
 
 # utilize network isolation

charts/sda-mq/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: sda-mq
-version: "0.4.5"
+version: "0.4.6"
 description: RabbitMQ component for Sensitive Data Archive (SDA) installation
 home: https://neic-sda.readthedocs.io
 icon: https://neic.no/assets/images/logo.png

charts/sda-mq/values.yaml

@@ -35,7 +35,7 @@ extraSecurityContext: {}
 
 image:
   repository: ghcr.io/neicnordic/sda-mq
-  tag: v1.4.20
+  tag: v1.4.38
   pullPolicy: Always
 
 # utilize network isolation

charts/sda-svc/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: sda-svc
-version: "0.18.6"
+version: "0.18.9"
 kubeVersion: ">= 1.19.0-0"
 description: Components for Sensitive Data Archive (SDA) installation
 home: https://neic-sda.readthedocs.io

charts/sda-svc/README.md

@@ -75,7 +75,11 @@ Parameter | Description | Default
 `global.auth.jwtAlg` | Key type to sign the JWT, available options are RS265 & ES256, Must match the key type |`"ES256"`
 `global.auth.jwtKey` | Private key used to sign the JWT. |`""`
 `global.auth.jwtPub` | Public key ues to verify the JWT. |`""`
+`global.auth.resignJWT` | Resign the LS-AAI JWTs. |`true`
 `global.auth.useTLS` | Run a TLS secured server. |`true`
+`global.auth.corsOrigins` | Domain name allowed for cross-domain requests. |`""`
+`global.auth.corsMethods` | Allowed cross-domain request methods. |`""`
+`global.auth.corsCreds` | Include credentials in cross-domain requests. |`false`
 `global.broker.host` | Domain name or IP address to the message broker. |`""`
 `global.broker.exchange` | Exchange to publish messages to. |`""`
 `global.broker.port` | Port for the message broker. |`5671`
@@ -84,6 +88,7 @@ Parameter | Description | Default
 `global.broker.password` | Shared password to the message broker. |`/`
 `global.broker.username` | Shared user to the message broker. |`/`
 `global.broker.backupRoutingKey` | routing key used to send messages to backup service |`""`
+`global.broker.prefetchCount` | Number of messages to retrieve from the broker at the time, setting this to `1` will create a round-robin behavior between consumers |`2`
 `global.cega.host` | Full URI to the EGA user authentication service. |`""`
 `global.cega.user` | Username for the EGA user authentication service. |`""`
 `global.cega.password` | Password for the EGA user authentication service. |`""`
@@ -117,7 +122,6 @@ Parameter | Description | Default
 `global.download.trusted.iss` | Array of trusted OIDC endpoints | ``
 `global.download.trusted.iss[iss]` | URI to the OIDC service | `https://login.elixir-czech.org/oidc/`
 `global.download.trusted.iss[jku]` | The URI to the OIDCs jwk endpoint | `https://login.elixir-czech.org/oidc/jwk`
-
 `global.elixir.oidcdHost` | URL to the OIDc service. | `"https://login.elixir-czech.org/oidc/"`
 `global.elixir.jwkPath` | Public key path on the OIDC host. | `jwk`
 `global.inbox.servicePort` | The port that the inbox is accessible via. | `2222`

charts/sda-svc/templates/auth-deploy.yaml

@@ -107,6 +107,16 @@ spec:
           value: "{{ .Values.global.elixir.provider }}"
         - name: ELIXIR_SCOPE
           value: "ga4gh_passport_v1"
+        - name: ELIXIR_JWKPATH
+          value: {{ .Values.global.elixir.jwkPath | quote }}
+        {{- if .Values.global.auth.corsOrigins }}
+        - name: CORS_ORIGINS
+          value: {{ .Values.global.auth.corsOrigins | quote }}
+        - name: CORS_METHODS
+          value: {{ .Values.global.auth.corsMethods | quote }}
+        - name: CORS_CREDENTIALS
+          value: {{ .Values.global.auth.corsCreds | quote }}
+        {{- end }}
         {{- if or ( eq "federated" .Values.global.schemaType) ( eq "" .Values.global.schemaType) }}
         - name: CEGA_AUTHURL
           value: {{ .Values.global.cega.host | quote }}
@@ -121,6 +131,8 @@ spec:
           value: "{{ template "jwtPath" . }}/{{ .Values.global.auth.jwtKey }}"
         - name: JWTSIGNATUREALG
           value: {{ .Values.global.auth.jwtAlg }}
+        - name: RESIGNJWT
+          value: {{ .Values.global.auth.resignJwt | quote }}
         {{- if .Values.global.tls.enabled}}
         - name: SERVER_CERT
           value: {{ template "tlsPath" . }}/tls.crt

charts/sda-svc/templates/backup-deploy.yaml

@@ -133,6 +133,8 @@ spec:
           value: {{ required "A valid MQ host is required" .Values.global.broker.host | quote }}
         - name: BROKER_PORT
           value: {{ .Values.global.broker.port | quote }}
+        - name: BROKER_PREFETCHCOUNT
+          value: {{ .Values.global.broker.prefetchCount | quote }}
         - name: BROKER_ROUTINGERROR
           value: {{ .Values.global.broker.routingError }}
         - name: BROKER_ROUTINGKEY

charts/sda-svc/templates/finalize-deploy.yaml

@@ -76,6 +76,8 @@ spec:
           value: {{ required "A valid MQ host is required" .Values.global.broker.host | quote }}
         - name: BROKER_PORT
           value: {{ .Values.global.broker.port | quote }}
+        - name: BROKER_PREFETCHCOUNT
+          value: {{ .Values.global.broker.prefetchCount | quote }}
         - name: BROKER_ROUTINGERROR
           value: {{ .Values.global.broker.routingError }}
         - name: BROKER_ROUTINGKEY

charts/sda-svc/templates/ingest-deploy.yaml

@@ -115,6 +115,8 @@ spec:
           value: {{ required "A valid MQ host is required" .Values.global.broker.host | quote }}
         - name: BROKER_PORT
           value: {{ .Values.global.broker.port | quote }}
+        - name: BROKER_PREFETCHCOUNT
+          value: {{ .Values.global.broker.prefetchCount | quote }}
         - name: BROKER_ROUTINGERROR
           value: {{ .Values.global.broker.routingError }}
         - name: BROKER_ROUTINGKEY

charts/sda-svc/templates/mapper-deploy.yaml

@@ -76,6 +76,8 @@ spec:
           value: {{ required "A valid MQ host is required" .Values.global.broker.host | quote }}
         - name: BROKER_PORT
           value: {{ .Values.global.broker.port | quote }}
+        - name: BROKER_PREFETCHCOUNT
+          value: {{ .Values.global.broker.prefetchCount | quote }}
         - name: BROKER_ROUTINGERROR
           value: {{ .Values.global.broker.routingError }}
         - name: BROKER_VHOST

charts/sda-svc/templates/s3-inbox-ingress.yaml

@@ -17,7 +17,8 @@ metadata:
     nginx.ingress.kubernetes.io/rewrite-target: "/"
     nginx.ingress.kubernetes.io/backend-protocol: "{{ ternary "HTTPS" "HTTP" .Values.global.tls.enabled }}"
     nginx.ingress.kubernetes.io/proxy-body-size: 2000m
-    nginx.ingress.kubernetes.io/proxy-request-buffering: "off"
+    nginx.ingress.kubernetes.io/proxy-read-timeout: 300s
+    nginx.ingress.kubernetes.io/proxy-request-buffering: "on"
     {{- end }}
     {{- if .Values.global.ingress.clusterIssuer }}
     cert-manager.io/cluster-issuer: {{ .Values.global.ingress.clusterIssuer | quote }}

charts/sda-svc/templates/verify-deploy.yaml

@@ -135,6 +135,8 @@ spec:
           value: {{ required "A valid MQ host is required" .Values.global.broker.host | quote }}
         - name: BROKER_PORT
           value: {{ .Values.global.broker.port | quote }}
+        - name: BROKER_PREFETCHCOUNT
+          value: {{ .Values.global.broker.prefetchCount | quote }}
         - name: BROKER_QUEUE
           value: "archived"
         - name: BROKER_ROUTINGERROR

charts/sda-svc/values.yaml

@@ -137,9 +137,9 @@ global:
     copyHeader: false
 
   auth:
-    # @param elixirID, client ID to the Elixir OIDC for the service endpoint 
+    # @param elixirID, client ID to the Elixir OIDC for the service endpoint
     elixirID:
-    # @param elixirSecret, client secret to the Elixir OIDC for the service endpoint 
+    # @param elixirSecret, client secret to the Elixir OIDC for the service endpoint
     elixirSecret:
     # @param jwtSecret, name of the secret holding the jwt signing key
     jwtSecret:
@@ -149,6 +149,14 @@ global:
     jwtKey:
     # @param jwtPub, name of the public signing key
     jwtPub:
+    # @param resignJwt, if true (or empty) the jwt will be resigned with the jwtKey
+    resignJwt: true
+    # @param corsOrigins, domain name of allowed origin for cross-domain requests
+    corsOrigins: ""
+    # @param corsMethods, allowed methods for cross-domain requests
+    corsMethods: ""
+    # @param corsCreds, allow credentials in the request, cors is disabled if false
+    corsCreds: false
 
   broker:
     durable: true
@@ -162,9 +170,10 @@ global:
     username: ""
     verifyPeer: true
     vhost: "/"
+    prefetchCount: 2
 
   cega:
-    ## @param host, URI to CEGA NSS server users endpoint 
+    ## @param host, URI to CEGA NSS server users endpoint
     host: ""
     ## @param user, usernamen for accessing the CEGA NSS host
     user: ""
@@ -258,7 +267,7 @@ credentials:
   doa:
     dbUser: ""
     dbPassword: ""
-  
+
   download:
     dbUser: ""
     dbPassword: ""
@@ -310,7 +319,7 @@ auth:
   name: auth
   replicaCount: 2
   repository: ghcr.io/neicnordic/sda-auth
-  imageTag: v0.6.54
+  imageTag: v0.7.6
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -331,7 +340,7 @@ backup:
   deploy: false
   replicaCount: 1
   repository: ghcr.io/neicnordic/sda-pipeline
-  imageTag: v0.3.94
+  imageTag: v0.4.27
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -350,7 +359,7 @@ backup:
 doa:
   name: doa
   repository: ghcr.io/neicnordic/sda-doa
-  imageTag: v1.6.46
+  imageTag: v1.6.62
   imagePullPolicy: IfNotPresent
   replicaCount: 2
   resources:
@@ -374,7 +383,7 @@ download:
   name: download
   replicaCount: 2
   repository: ghcr.io/neicnordic/sda-download
-  imageTag: v1.6.117
+  imageTag: v1.9.14
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -394,7 +403,7 @@ finalize:
   name: finalize
   replicaCount: 1
   repository: ghcr.io/neicnordic/sda-pipeline
-  imageTag: v0.3.94
+  imageTag: v0.4.27
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -414,7 +423,7 @@ ingest:
   name: ingest
   replicaCount: 1
   repository: ghcr.io/neicnordic/sda-pipeline
-  imageTag: v0.3.94
+  imageTag: v0.4.27
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -435,7 +444,7 @@ intercept:
   name: ingest
   replicaCount: 1
   repository: ghcr.io/neicnordic/sda-pipeline
-  imageTag: v0.3.94
+  imageTag: v0.4.27
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -454,7 +463,7 @@ intercept:
 mapper:
   replicaCount: 1
   repository: ghcr.io/neicnordic/sda-pipeline
-  imageTag: v0.3.94
+  imageTag: v0.4.27
   imagePullPolicy: IfNotPresent
   resources:
     requests:
@@ -473,7 +482,7 @@ mapper:
 s3Inbox:
   name: s3Inbox
   repository: ghcr.io/neicnordic/sda-s3proxy
-  imageTag: v0.1.153
+  imageTag: v0.2.38
   imagePullPolicy: IfNotPresent
   replicaCount: 2
   resources:
@@ -494,7 +503,7 @@ s3Inbox:
 sftpInbox:
   name: sftpInbox
   repository: ghcr.io/neicnordic/sda-inbox-sftp
-  imageTag: v1.10.4
+  imageTag: v1.12.16
   imagePullPolicy: IfNotPresent
   replicaCount: 2
   resources:
@@ -527,7 +536,7 @@ releasetest:
 verify:
   replicaCount: 1
   repository: ghcr.io/neicnordic/sda-pipeline
-  imageTag: v0.3.94
+  imageTag: v0.4.27
   imagePullPolicy: IfNotPresent
   resources:
     requests: