3.3. Kubernetes Installation
You may want to choose an Kubernetes Cluster installation if you are using the Kubernetes Container Platform to deploy your applications.
If you want to install on Kubernetes via Helm Chart please see chapter HelmChart Installation.
3.3.1. Prerequisites
Please make sure that you provide the following prerequisites:
-
a valid licence file is needed (get it at speedgain.com)
-
a Kubernetes Container Platform accessible via kubectl terminal command
-
4 CPU Cores, 16GB RAM and at least 100GB to store data
-
a modern web-browser
3.3.2. Services
One service can’t be run on its own. It has to be executed in a compose with 6 other services (all available on Docker-Hub and via ITGAIN download portal: itgain.sharefile.eu ). The list of all 7 images:
-
Speedgain TimescaleDB - as the repository to store all performance metrics
-
Speedgain Collector - the core component to pull metrics
-
Speedgain Service - rest api service
-
Speedgain MCP Server - Model Context Protocol Server to connect Speedgain with AI Agents
-
Speedgain Frontend - web-frontend
-
Speedgain Grafana - delivering all needed dashboards
-
NginX - as reverse proxy
3.3.3. Install Step-by-Step
To install and run Speedgain for Databases as a Kubernetes Cluster installation follow these steps:
-
Get at least a trial license via speedgain.com
-
You may want to download and extract the Speedgain Kubernetes all files package
-
Copy or create the Kubernetes NginX configuration file nginx.conf to your file system
-
The Nginx configuration file must be made available in the Kubernetes Cluster. To do this, the provided file must be created as a ConfigMap with the following command:
kubectl create configmap s4dbs-nginx-conf --from-file nginx.conf
-
Create a secret named "s4dbs-secrets". Add a key called "postgres-password" with the desired performance database password as value. There is a second key called "mcp-pass", what is the password used from the MCP server to connect to Speedgains REST-service. Its the same password used to login to the Speedgain Configuration frontend. You may want to use the Speedgain secrets configuration file s4dbs-secrets.yaml via
kubectl apply -f s4dbs-secrets.yaml
-
Provide a persistent volume claim called "s4dbs-postgres-pv-claim" to persist the collected performance data. The size depends on the databases to be monitored. A good value is 100 GB.
-
Provide a persistent volume claim called "s4dbs-grafana-dashboards-pv-claim" to persist the dashboards used in Grafana to visualize the performance data. A good value for its size is 1 GB.
-
Provide a persistent volume claim called "s4dbs-grafana-pv-claim" to persist the application data of Grafana. A good value for its size is 10 GB.
-
Review the provided deployment YAML files. Verify that the docker images can be accessed in your Kubernetes cluster. If you do not have direct access to Docker-Hub, download images from our download portal and transfer to the docker repository used by your Kubernetes Cluster via
docker load --input s4dbs_<version>_linux_<amd64/arm64>_all_images.tgz
-
Import the Speedgain Timescale deployment file s4dbs-postgres.yaml via
kubectl apply -f s4dbs-postgres.yaml
-
Review the Speedgain Collector deployment file s4dbs-collector.yaml. Replace the number of replicas with the desired value. The default is: 1.
kubectl apply -f s4dbs-collector.yaml
-
Import the Speedgain Service deployment file s4dbs-service.yaml via
kubectl apply -f s4dbs-service.yaml
-
Import the Speedgain MCP Server deployment file s4dbs-mcp.yaml via
kubectl apply -f s4dbs-mcp.yaml
-
Review the Speedgain Grafana deployment file s4dbs-grafana.yaml. Replace the <enter host hostname here> tags with the hostname of your application. Import the file via
kubectl apply -f s4dbs-grafana.yaml
-
Review the Speedgain Web Frontend deployment file s4dbs-frontend.yaml. Replace the <enter host hostname here> tags with the hostname of your application. Import the file via
kubectl apply -f s4dbs-frontend.yaml
-
Import the Speedgain Reverse Proxy deployment file s4dbs-reverse.yaml via
kubectl apply -f s4dbs-reverse.yaml
3.3.4. Customization Options
For customization options, please review the Docker Compose installation section.
3.3.5. Setup SSL encryption
Above Speedgain version 2.1.0 the Kubernetes deployment files introduces improvements for easy and fast SSL / HTTPS enablement. The following section shows how to modify the deployment YAML files to enable SSL. Before you start make sure you have a .crt and a .key SSL certificate file!
Modifying NginX configuration and create TLS-Secret containing SSL certifcates
The Kubernetes deployment package contains a folder "configuration" with the nginx.conf file in it. You have to place your .key and .crt SSL certificate also in this folder. Please rename the .key file to ssl-cert.key and rename the .crt file to ssl-cert.crt.
Edit the nginx.conf file inside the configuration folder. Look for the following lines:
...
server {
# Disable the following 2 lines if you want to use HTTPS / SSL
listen 8080;
listen [::]:8080;
root /usr/share/nginx/www;
index index.html index.htm;
#SSL Config
# Enable the following 4 lines if SSL should be activated:
# listen 8080 ssl;
# listen [::]:8080 ssl;
# ssl_certificate_key /etc/ssl/ssl_cert.key;
# ssl_certificate /etc/ssl/ssl_cert.crt;
...
By default SSL is disable and port 8080 is cluster internally used to listen on. Now deactivate the first two "listen" lines and enable the 4 lines below the SSL comments. The result should look like this:
...
server {
# Disable the following 2 lines if you want to use HTTPS / SSL
# listen 8080;
# listen [::]:8080;
root /usr/share/nginx/www;
index index.html index.htm;
#SSL Config
# Enable the following 4 lines if SSL should be activated:
listen 8080 ssl;
listen [::]:8080 ssl;
ssl_certificate_key /etc/ssl/ssl_cert.key;
ssl_certificate /etc/ssl/ssl_cert.crt;
...
Save and exit the nginx.conf file.
|
Note
|
The differences in using dash or underscore is to distingush between mounted file and Secret data sections. Please use exactly the filenames stated above! |
Now edit the included deploy-all.sh script. It looks like that:
#! /bin/bash #kubectl create secret tls s4dbs-ssl-cert \ # --cert=configuration/ssl-cert.crt \ # --key=configuration/ssl-cert.key; ...
As you see there are 3 lines deactivated below the Shebang. Now remove the #-sign in front of the three lines specifying the create secret command. The final shell script should look like this:
#! /bin/bash kubectl create secret tls s4dbs-ssl-cert \ --cert=configuration/ssl-cert.crt \ --key=configuration/ssl-cert.key; ...
Save the changes and close the deploy-all.sh script.
If you already applied the deployment specification, you can either drop all deployments by executing the script:
./drop_deployment.sh
Or you execute the kubectl command shown above to just create the TLS-Secret containing the SSL certificate and the certificate key.
|
Note
|
Its important that you use the filenames mentioned above! If you use different names, you have to update various specifications, making the SSL setup unnecessary more complex! |
Update s4dbs-reverse.yaml deployment file
Edit the s4dbs-reverse.yaml file and look for the following lines:
...
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: s4dbs-nginx-conf
readOnly: true
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- mountPath: /etc/ssl/ssl_cert.key
# subPath: ssl-cert.key
# name: s4dbs-ssl-cert
# readOnly: true
#- mountPath: /etc/ssl/ssl_cert.crt
# subPath: ssl-cert.crt
# name: s4dbs-ssl-cert
# readOnly: true
# SSL certificate mount END
readinessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
...
livenessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
...
startupProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
...
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- name: s4dbs-ssl-cert
# secret:
# secretName: s4dbs-ssl-cert
# SSL certificate mount END
...
As you see there is a deactivated mounting block to mount the SSL certificates under the correct names into the s4dbs-reverse pod. Please remove the #-sign infront of the mounting specification.
Further down, you find the probing section where health checks are specified. By default the Kubernetes buildin httpGet-Probe checks only the HTTP protocol (specified or not). To check the HTTPS protocol, please change the "scheme" field of the 3 probes accordently. The last block you have to enable is the mounting specification to mount the TLS-Secret that holds the SSL certificate and the key.
The result should look like this:
...
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: s4dbs-nginx-conf
readOnly: true
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
- mountPath: /etc/ssl/ssl_cert.key
subPath: ssl-cert.key
name: s4dbs-ssl-cert
readOnly: true
- mountPath: /etc/ssl/ssl_cert.crt
subPath: ssl-cert.crt
name: s4dbs-ssl-cert
readOnly: true
# SSL certificate mount END
readinessProbe:
httpGet:
scheme: HTTPS # If SSL should be used, set it to HTTPS
...
livenessProbe:
httpGet:
scheme: HTTPS # If SSL should be used, set it to HTTPS
...
startupProbe:
httpGet:
scheme: HTTPS # If SSL should be used, set it to HTTPS
...
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
- name: s4dbs-ssl-cert
secret:
secretName: s4dbs-ssl-cert
# SSL certificate mount END
...
Also in the s4dbs-reverse.yaml file there is a definition for a NodePort service. To use Port 443 externally you have to change this specification. In the s4dbs-reverse.yaml file down below, look for the following lines:
apiVersion: v1
kind: Service
metadata:
name: s4dbs-reverse-service
spec:
selector:
app: s4dbs-reverse
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 8080
nodePort: 30800
Change the field port from 80 to 443. The result should look like:
...
ports:
- protocol: TCP
port: 443
targetPort: 8080
nodePort: 30800
Save and close the s4dbs-reverse.yaml file.
Now you have to update the deployment already running in the Kubernetes cluster. Run the following commands:
kubectl delete deployment s4dbs-reverse-deployment kubectl apply -f s4dbs-reverse.yaml
|
Note
|
Remember: internally the port used for HTTPS is still 8080. Via the NodePort service the Cluster can communicate with the outside world via port 30800. If you truely want to communicate with the Speedgain deployment via port 443 you have to setup a Loadbalancer service or you need to configure a port forwading. |
3.3.6. Speedgain Kubernetes all files package
3.3.7. Speedgain Collector deployment file s4dbs-collector.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-collector
name: s4dbs-collector-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-collector
template:
metadata:
labels:
app: s4dbs-collector
spec:
containers:
- name: s4dbs-collector
image: docker.io/itgainis/s4dbs_collector:2.2.0
imagePullPolicy: Always
env:
- name: PDB_DB_NAME
value: speedgain
- name: PDB_HOST
value: s4dbs-postgres-service
- name: PDB_PASS
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: PDB_PORT
value: "5432"
- name: PDB_USER
value: postgres
- name: SPGLOGLEVEL
value: DEBUG
resources:
requests:
memory: "2Gi"
cpu: "0.5"
limits:
memory: "8Gi"
cpu: "4"
readinessProbe:
exec:
command: ["sh", "-c", "ps", "aux", "|", "grep", "java", "|", "grep", "Speedgain_for_Databases.jar"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["sh", "-c", "ps", "aux", "|", "grep", "java", "|", "grep", "Speedgain_for_Databases.jar"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["sh", "-c", "ps", "aux", "|", "grep", "java", "|", "grep", "Speedgain_for_Databases.jar"]
failureThreshold: 60
periodSeconds: 10
restartPolicy: Always
volumes:
- name: s4dbs-licence
configMap:
name: s4dbs-licence
3.3.8. Speedgain Timescale deployment file s4dbs-postgres.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-postgres
name: s4dbs-postgres-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-postgres
template:
metadata:
labels:
app: s4dbs-postgres
spec:
volumes:
- name: postgres-pv-storage
persistentVolumeClaim:
claimName: s4dbs-postgres-pv-claim
initContainers:
- name: s4dbs-postgres-migration
image: docker.io/itgainis/s4dbs_timescaledb:2.2.0
imagePullPolicy: Always
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: POSTGRES_DB
value: speedgain
- name: OLD_DATA_DIR
value: /var/lib/postgresql/data/pgdata
- name: NEW_DATA_DIR
value: /var/lib/postgresql/data/pgdata/16
- name: INIT_CONTAINER
value: "true"
resources:
requests:
memory: "1Gi"
cpu: "1"
limits:
memory: "16Gi"
cpu: "8"
volumeMounts:
- name: postgres-pv-storage
mountPath: /var/lib/postgresql/data
containers:
- name: s4dbs-postgres
image: docker.io/itgainis/s4dbs_timescaledb:2.2.0
ports:
- containerPort: 5432
imagePullPolicy: Always
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: POSTGRES_DB
value: speedgain
- name: OLD_DATA_DIR
value: /var/lib/postgresql/data/pgdata
- name: NEW_DATA_DIR
value: /var/lib/postgresql/data/pgdata/16
- name: POSTGRES_OPTIONS
value: max_connections=200
readinessProbe:
exec:
command: ["psql", "-w", "-U", "postgres", "-h", "localhost", "-d", "speedgain", "-c", "SELECT 1"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["psql", "-w", "-U", "postgres", "-h", "localhost", "-d", "speedgain", "-c", "SELECT 1"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["psql", "-w", "-U", "postgres", "-h", "localhost", "-d", "speedgain", "-c", "SELECT 1"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "1Gi"
cpu: "1"
limits:
memory: "16Gi"
cpu: "8"
volumeMounts:
- name: postgres-pv-storage
mountPath: /var/lib/postgresql/data
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-postgres-service
spec:
selector:
app: s4dbs-postgres
ports:
- protocol: TCP
port: 5432
targetPort: 5432
3.3.9. Speedgain Service deployment file s4dbs-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-service
name: s4dbs-service-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-service
template:
metadata:
labels:
app: s4dbs-service
spec:
containers:
- name: s4dbs-service
image: docker.io/itgainis/s4dbs_service:2.2.0
ports:
- containerPort: 8080
imagePullPolicy: Always
env:
- name: PDB_DB_NAME
value: speedgain
- name: PDB_HOST
# In some environments it may be necessary to fully qualify the service name: s4dbs-postgres-service.default.svc.cluster.local
# OpenVPN could be a cause of issues.
value: s4dbs-postgres-service
- name: PDB_PASS
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: PDB_PORT
value: "5432"
- name: PDB_USER
value: postgres
- name: SPGDB_SERVICE_HOME
value: /opt/spgdb_service_home/
readinessProbe:
exec:
command: ["curl", "-f", "localhost:8080/Speedgain_for_Databases_Service"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["curl", "-f", "localhost:8080/Speedgain_for_Databases_Service"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["curl", "-f", "localhost:8080/Speedgain_for_Databases_Service"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "4Gi"
cpu: "2"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-service-service
spec:
selector:
app: s4dbs-service
ports:
- protocol: TCP
port: 8080
targetPort: 8080
3.3.10. Speedgain MCP Server deployment file s4dbs-mcp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-mcp
name: s4dbs-mcp-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-mcp
template:
metadata:
labels:
app: s4dbs-mcp
spec:
containers:
- name: s4dbs-mcp
image: docker.io/itgainis/s4dbs_mcp:2.2.0
ports:
- containerPort: 8000
imagePullPolicy: Always
env:
- name: S4DBS_URL
value: "http://s4dbs-service-service:8080/Speedgain_for_Databases_Service/speedgain"
- name: MCP_AGENT
value: speedgain-mcp-app/1.0
- name: S4DBS_USER
value: admin
- name: S4DBS_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: mcp-pass
readinessProbe:
exec:
command: ["python", "-c", "import http.client; c=http.client.HTTPConnection('127.0.0.1', 8000, timeout=2); c.request('GET', '/mcp'); exit(0 if c.getresponse().status == 406 else 1)"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["python", "-c", "import http.client; c=http.client.HTTPConnection('127.0.0.1', 8000, timeout=2); c.request('GET', '/mcp'); exit(0 if c.getresponse().status == 406 else 1)"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["python", "-c", "import http.client; c=http.client.HTTPConnection('127.0.0.1', 8000, timeout=2); c.request('GET', '/mcp'); exit(0 if c.getresponse().status == 406 else 1)"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "4Gi"
cpu: "2"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-mcp-service
spec:
selector:
app: s4dbs-mcp
ports:
- protocol: TCP
port: 8000
targetPort: 8000
3.3.11. Speedgain Grafana deployment file s4dbs-grafana.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-grafana
name: s4dbs-grafana-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-grafana
template:
metadata:
labels:
app: s4dbs-grafana
spec:
volumes:
- name: grafana-pv-storage
persistentVolumeClaim:
claimName: s4dbs-grafana-pv-claim
- name: grafana-dashboard-pv-storage
persistentVolumeClaim:
claimName: s4dbs-grafana-dashboards-pv-claim
containers:
- name: s4dbs-grafana
image: docker.io/itgainis/s4dbs_grafana:2.2.0
ports:
- containerPort: 3000
imagePullPolicy: Always
env:
- name: PDB_DB_NAME
value: speedgain
- name: PDB_HOST
value: s4dbs-postgres-service
- name: PDB_PASS
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: PDB_PORT
value: "5432"
- name: PDB_USER
value: "postgres"
#- name: GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH
# value: "/grafanaprovisioning/dashboards/s4dbs-spg/S4DBs-Overview.json"
- name: GF_SERVER_SERVE_FROM_SUB_PATH
value: "true"
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
- name: GF_SERVER_DOMAIN
value: "s4dbs-grafana-service"
- name: GF_SECURITY_ALLOW_EMBEDDING
value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "true"
- name: GF_USERS_DEFAULT_THEME
value: "light"
- name: GF_PATHS_PLUGINS
value: "/grafanaplugins/"
- name: GF_PATHS_PROVISIONING
value: "/grafanaprovisioning/"
# Store repository data in PostgreSQL DB
- name: GF_DATABASE_TYPE
value: "postgres"
- name: GF_DATABASE_HOST
value: "s4dbs-postgres-service:5432"
- name: GF_DATABASE_NAME
value: "speedgain"
- name: GF_DATABASE_USER
value: postgres
- name: GF_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "2"
volumeMounts:
- name: grafana-pv-storage
mountPath: /var/lib/grafana
- name: grafana-dashboard-pv-storage
mountPath: /grafanaprovisioning/
readinessProbe:
tcpSocket:
port: 3000
failureThreshold: 60
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 3000
failureThreshold: 5
periodSeconds: 10
startupProbe:
tcpSocket:
port: 3000
failureThreshold: 60
periodSeconds: 10
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-grafana-service
spec:
selector:
app: s4dbs-grafana
ports:
- protocol: TCP
port: 3000
targetPort: 3000
3.3.12. Speedgain Web Frontend deployment file s4dbs-frontend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-frontend
name: s4dbs-frontend-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-frontend
template:
metadata:
labels:
app: s4dbs-frontend
spec:
containers:
- name: s4dbs-frontend
image: docker.io/itgainis/s4dbs_frontend:2.2.0
ports:
- containerPort: 8080
imagePullPolicy: Always
env:
- name: FRONTEND_CONFIG_MODE
value: "false"
- name: SERVICE_PROTOCOL
value: http
- name: SERVICE_HOST
value: <enter host hostname here>
- name: SERVICE_PORT
value: "30800"
- name: GRAFANA_PROTOCOL
value: http
- name: GRAFANA_HOST
value: <enter host hostname here>
- name: GRAFANA_PORT
value: "30800/grafana"
readinessProbe:
httpGet:
path: /s4dbs-ui
port: 8080
failureThreshold: 60
periodSeconds: 10
livenessProbe:
httpGet:
path: /s4dbs-ui
port: 8080
failureThreshold: 5
periodSeconds: 10
startupProbe:
httpGet:
path: /s4dbs-ui
port: 8080
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "128Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "1"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-frontend-service
spec:
selector:
app: s4dbs-frontend
ports:
- protocol: TCP
port: 8080
targetPort: 8080
3.3.13. Speedgain Reverse Proxy deployment file s4dbs-reverse.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-reverse
name: s4dbs-reverse-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-reverse
template:
metadata:
labels:
app: s4dbs-reverse
spec:
containers:
- name: s4dbs-reverse
image: docker.io/nginx:1.29.7-alpine
ports:
- containerPort: 8080
imagePullPolicy: Always
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: s4dbs-nginx-conf
readOnly: true
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- mountPath: /etc/ssl/ssl_cert.key
# subPath: tls.key
# name: s4dbs-ssl-cert
# readOnly: true
#- mountPath: /etc/ssl/ssl_cert.crt
# subPath: tls.crt
# name: s4dbs-ssl-cert
# readOnly: true
# SSL certificate mount END
readinessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
path: /
port: 8080
failureThreshold: 60
periodSeconds: 10
livenessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
path: /
port: 8080
failureThreshold: 5
periodSeconds: 10
startupProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
path: /
port: 8080
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "1"
restartPolicy: Always
volumes:
- name: s4dbs-nginx-conf
configMap:
name: s4dbs-nginx-conf
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- name: s4dbs-ssl-cert
# secret:
# secretName: s4dbs-ssl-cert
# SSL certificate mount END
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-reverse-service
spec:
selector:
app: s4dbs-reverse
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 8080
nodePort: 30800
3.3.14. Kubernetes NginX configuration file nginx.conf
worker_processes 5; ## Default: 1
pid /tmp/nginx.pid;
events {
worker_connections 1000;
}
http {
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream grafana {
server s4dbs-grafana-service:3000;
}
upstream service {
server s4dbs-service-service:8080;
}
upstream mcp {
server s4dbs-mcp-service:8000;
}
server {
# Disable the following 2 lines if you want to use HTTPS / SSL
listen 8080;
listen [::]:8080;
root /usr/share/nginx/www;
index index.html index.htm;
#SSL Config
# Enable the following 4 lines if SSL should be activated:
# listen 8080 ssl;
# listen [::]:8080 ssl;
# ssl_certificate_key /etc/ssl/ssl_cert.key;
# ssl_certificate /etc/ssl/ssl_cert.crt;
# service
location /Speedgain_for_Databases_Service/ {
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://service;
}
# frontend
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://s4dbs-frontend-service:8080/s4dbs-ui/;
}
location /s4dbs-ui/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://s4dbs-frontend-service:8080/s4dbs-ui/;
}
# grafana
location /grafana/ {
proxy_set_header Host $http_host;
proxy_pass http://grafana;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
location /grafana/api/live/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_pass http://grafana;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# mcp
location ^~ /Speedgain_for_Databases_Mcp/ {
proxy_pass http://mcp/mcp;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_cache off;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_connect_timeout 15s;
proxy_pass_header Mcp-Session-Id;
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Headers "Content-Type, Mcp-Session-Id, Authorization" always;
add_header Access-Control-Expose-Headers "Mcp-Session-Id" always;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "Content-Type, Mcp-Session-Id, Authorization";
return 204;
}
}
}
}
3.3.15. Speedgain secrets configuration file s4dbs-secrets.yaml
apiVersion: v1 kind: Secret metadata: name: s4dbs-secrets type: Opaque stringData: postgres-password: <PasswordOfPostgresUser> mcp-pass: <PasswordOfMCPUser>