When using SecurityContext and PodSecurityContext to run the ui-pod as nonRoot, i receive the following error in the pod logs:

sed: can't create temp file '/etc/nginx/conf.d/default.confXXXXXX': Permission denied
sed: can't create temp file '/etc/nginx/conf.d/default.confXXXXXX': Permission denied
2021/03/30 14:36:27 [warn] 9#9: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
2021/03/30 14:36:27 [emerg] 9#9: host not found in resolver "$DNS_SERVERS" in /etc/nginx/conf.d/default.conf:12
nginx: [emerg] host not found in resolver "$DNS_SERVERS" in /etc/nginx/conf.d/default.conf:12

The easiest solution to make this run in a cluster with PodSecurityPolicies activated woule be to be able to set the serviceaccount under which the pod should be started and give this serviceaccount the privilege to run as root.

Hey guys,

Thanks for looking into the annotations for ingress. With the testing I ran into an issue where using a custom host name you will always get the default 404 backend. For our ingresses, we need to use tls in order to get it to work properly.

For our fix we edited the ingress and added the following stanza:

tls:
  - hosts:
    - example.com
    secretName: kubevious-tls

Again, would most likely be an optional parameter to add your tls in with some default values.

Examples:
https://github.com/helm/charts/blob/master/stable/jenkins/templates/jenkins-master-ingress.yaml#L33
https://github.com/helm/charts/blob/master/stable/mediawiki/templates/ingress.yaml#L31
https://github.com/elastic/helm-charts/blob/master/elasticsearch/templates/ingress.yaml#L18

Reference:
kubernetes/ingress-nginx#3971

If I set the storage class like this:
helm upgrade --atomic -i kubevious kubevious/kubevious --version 0.5.9 -n kubevious --set mysql.storageClass=slow

I would expect the pv to be created and pvc bound to it. But this happens:

kubectl describe pvc -n kubevious
Name:          data-kubevious-mysql-0
Namespace:     kubevious
StorageClass:
Status:        Pending
Volume:
Labels:        k8s-app=kubevious-mysql
Annotations:   <none>
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:
Access Modes:
VolumeMode:    Filesystem
Mounted By:    kubevious-mysql-0
Events:
  Type    Reason         Age                        From                         Message
  ----    ------         ----                       ----                         -------
  Normal  FailedBinding  4m54s (x16624 over 2d21h)  persistentvolume-controller  no persistent volumes available for this claim and no storage class is set

Am I missing something?

Kindly update the mysql version as 8.0.22 is not available anymore suggesting to change it to 8.0.30

Just followed the install instructions using helm chart.

i've configured a password for mysql connection and kubevious loads it properly

  envFrom:
     - configMapRef:
          name: {{ .Values.mysql.name }}-client

but this password is not configured into the mysql statefulset.

   env:
        - name: MYSQL_DATABASE
          value: kubevious
        - name: MYSQL_ALLOW_EMPTY_PASSWORD
          value: "1"

This cause an error on kubevious stating Error 500: Not Connected

I am having an issue getting the UI working in my cluster. I am running in GCP and already have an nginx ingress that I am trying to re-use for Kubevious. I can get Kubevious to create its own ingress which creates a new GCP load balancer but I can't seem to get it to use the existing nginx.

I have added this to my ingress:

• host: kubevious.example.com
  http:
  paths:
  • path: /
    backend:
    serviceName: kubevious-ui-clusterip
    servicePort: 80

I have tried several installation options but here is where I am right now:
helm upgrade --atomic -i -n kubevious
--version 0.8.15
--set ingress.domain=example.com
kubevious kubevious/kubevious

When hitting the URL I get a 503 Service Temporarily Unavailable from nginx. I'm sure this is something silly I am overlooking.

Any assistance would be greatly appreciated.

As of k8s 1.22 ingress is only available in v1.
It would be nice to add support for it.

Hi,
I am trying to install Kubevious with helm chart on EKS with arm64 node arch, I think Kubevious don't have arm support yet.
I am getting this error from the backend pod logs:

$ kubectl logs kubevious-backend-54b67c94-qcr62 -n kubevious
exec /usr/local/bin/docker-entrypoint.sh: exec format error

The default cluster domain cluster.local is hardcoded in the templates.
This breaks deployment on clusters where this domain was customized.
The frontend ui shoiws an unmeaningfull 502 erro.
The ui pods logs a message like

2020/07/05 13:16:27 [error] 13#13: *4 kubevious-svc.kubevious.svc.cluster.local could not be resolved (3: Host not found), client: 127.0.0.1, server: , request: "GET /socket/?EIO=3&transport=polling&t=NCV7km9 HTTP/1.1", host: "localhost:3000", referrer: "http://localhost:3000/?tme=false&tmdt=U3VuIEp1bCAwNSAyMDIwIDE1OjE2OjA5IEdNVCswMjAwIChDZW50cmFsIEV1cm9wZWFuIFN1bW1lciBUaW1lKQ==&tmd=MjQ=&tmdaf=U2F0IEp1bCAwNCAyMDIwIDE1OjE2OjA5IEdNVCswMjAwIChDZW50cmFsIEV1cm9wZWFuIFN1bW1lciBUaW1lKQ=="

If you just leave out the cluster.local part, Kubernetes DNS resolving will find the right ip without you needing to know the cluster domain name.

Hello,

When I install helm chart in my cluster, collector pod can start and stay in CrashLoopBackOff state .

After investigation, periodSeconds in livenessProbe section is too short and is not editable from chart values, so I have to manually edit the deployment to increase this value.

Defaults values:

    livenessProbe:
      failureThreshold: 3
      httpGet:
        path: /
        port: http
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1
    name: kubevious
    ports:
    - containerPort: 4002
      name: http
      protocol: TCP
    readinessProbe:
      failureThreshold: 3
      httpGet:
        path: /
        port: http
        scheme: HTTP
      periodSeconds: 10
      successThreshold: 1
      timeoutSeconds: 1

Is it possible to add the possibility to control the livenessProbe and readinessProbe from the values ​​of the helm charts?

Best regards

It will be convenient to have global.affinity and global.tolerations option so that we don't have to define them at each component
example:

    global: {
      affinity: {
        nodeAffinity: {
          requiredDuringSchedulingIgnoredDuringExecution: {
            nodeSelectorTerms: [{
              matchExpressions: [{
                key: 'deployment',
                operator: 'In',
                values: ['my-affinity'],
              }],
            }],
          },
        },
      },
      tolerations: [{
        effect: 'NoSchedule',
        key: 'dedicated',
        operator: 'Equal',
        value: 'my-toleration',
      }],
    },

When I tried to install from the official helm repo, the ingress never worked so I downloaded the entire chart and found the following. It seems like if the ingress.type is ClusterIP then we would not want to return NodePort as the type for the service. After fixing this to us ne instead of eq, it installed correctly and I was able to use the ingress.

There is no way in current release to change the storage class of the PVC created for the Mysql include inside of kubevious.
If no storageclass default is defined in a K8S the deployment failed as the PVC stays in pending mode

 helm upgrade --install  --version=0.6.14 --namespace kubevious kubevious kubevious/kubevious  --set mysql.storageClass=openebs-cstor-sparse

Log from kubevious-ui pod:

2020/06/13 13:44:30 [emerg] 8#8: host not found in upstream "kubevious-svc.kubevious.svc.cluster.local" in /etc/nginx/conf.d/default.conf:15
nginx: [emerg] host not found in upstream "kubevious-svc.kubevious.svc.cluster.local" in /etc/nginx/conf.d/default.conf:15

Suggestion for improvement and simplification

Instead of defining MySQL and Redis "charts" as subcharts just use existing charts from Bitnami:

• https://artifacthub.io/packages/helm/bitnami/mysql
• https://artifacthub.io/packages/helm/bitnami/redis

Readiness probe failed: mysql: [Warning] Using a password on the command line interface can be insecure. ERROR 1045 (28000): Access denied for user 'UNKNOWN_USER'@'localhost' (using password: YES)

It looks like the helm chart do not use any of the fields under mysql.external to allow kubevious to connect to already existed mySQL deployment. Even with that flag set to enabled and provided all the mysql auth credentials, the deployment will still create the mysql pod.

NAME                                    READY   STATUS    RESTARTS   AGE
pod/kubevious-6d4d4c94f5-nvl6v          1/1     Running   0          8m21s
pod/kubevious-mysql-0                   1/1     Running   0          8m21s
pod/kubevious-parser-75c6f7d65d-rbfcc   1/1     Running   0          8m21s
pod/kubevious-ui-5856b6b864-bqqfd       1/1     Running   0          8m21s

Following is a quick grep for the external. key.

~/helm$ grep -r external.
README.md:| mysql.external.enabled | Indicates whether an existing MySQL database should be used. When enabled a new MySQL database would not be deployed. | false |
README.md:| mysql.external.host | Host for external MySQL server | |
README.md:| mysql.external.port | Port for external MySQL server | |
README.md:| mysql.external.database | Database name for external MySQL server. The database should be manually created. | |
README.md:| mysql.external.user | User name. User should have access to the database specified above. | |
README.md:| mysql.external.password | Password. | |
kubernetes/values.yaml:  external: