3.5. OpenShift Installation
You may want to choose an OpenShift Cluster installation if you are using the OpenShift Container Platform to deploy your applications.
If you want to install on OpenShift via Helm Chart please see chapter HelmChart Installation.
3.5.1. Prerequisites
Please make sure that you provide the following prerequisites:
-
a valid licence file is needed (get it at speedgain.com)
-
a OpenShift Container Platform accessible via oc terminal command and web interface
-
4 CPU Cores, 16GB RAM and at least 100GB to store data
-
a modern web-browser
3.5.2. Services
One service can’t be run on its own. It has to be executed in a compose with 6 other services (all available on Docker-Hub and via ITGAIN download portal: itgain.sharefile.eu ). The list of all 7 images:
-
Speedgain TimescaleDB - as the repository to store all performance metrics
-
Speedgain Collector - the core component to pull metrics
-
Speedgain Service - rest api service
-
Speedgain MCP Server - Model Context Protocol Server to connect Speedgain with AI Agents
-
Speedgain Frontend - web-frontend
-
Speedgain Grafana - delivering all needed dashboards
-
NginX - as reverse proxy
3.5.3. Install Step-by-Step
To install and run Speedgain for Databases as an OpenShift Cluster installation follow these steps:
-
Get at least a trial license via speedgain.com
-
You may want to download and extract the [s4dbs-openshift]
-
Copy or create the Openshift NginX configuration file nginx.conf to your file system
-
The Nginx configuration file must be made available in the Openshift Cluster. To do this, the provided file must be created as a ConfigMap with the following command:
oc create configmap s4dbs-nginx-conf --from-file nginx.conf
-
Create a secret named "s4dbs-secrets". Add a key called "postgres-password" with the desired performance database password as value. There is a second key called "mcp-pass", what is the password used from the MCP server to connect to Speedgains REST-service. Its the same password used to login to the Speedgain Configuration frontend. Your passwords will be base64 encoded in Openshift if you use the stringData map with your cleartype password. You may want to use the Speedgain secrets configuration file s4dbs-secrets.yaml via
oc apply -f s4dbs-secrets.yaml
-
Provide a persistent volume claim called "s4dbs-postgres-pv-claim" to persist the collected performance data. The size depends on the databases to be monitored. A good value is 100 GB.
-
Provide a persistent volume claim called "s4dbs-grafana-dashboards-pv-claim" to persist the dashboards used in Grafana to visualize the performance data. A good value for its size is 1 GB.
-
Provide a persistent volume claim called "s4dbs-grafana-pv-claim" to persist the application data of Grafana. A good value for its size is 10 GB.
-
Review the provided deployment YAML files. Verify that the docker images can be accessed in your Openshift cluster. If you do not have direct access to Docker-Hub, download images from our download portal and transfer to the docker repository used by your Openshift Cluster via
docker load --input s4dbs_<version>_linux_<amd64/arm64>_all_images.tgz
-
Import the Speedgain Timescale deployment file s4dbs-postgres.yaml via
oc apply -f s4dbs-postgres.yaml
-
Review the Speedgain Collector deployment file s4dbs-collector.yaml. Replace the number of replicas with the desired value. The default is: 1.
oc apply -f s4dbs-collector.yaml
-
Import the Speedgain Service deployment file s4dbs-service.yaml via
oc apply -f s4dbs-service.yaml
-
Import the Speedgain MCP Server deployment file s4dbs-mcp.yaml via
oc apply -f s4dbs-mcp.yaml
-
Review the Speedgain Grafana deployment file s4dbs-grafana.yaml. Replace the <enter host hostname here> tags with the hostname of your application. Import the file via
oc apply -f s4dbs-grafana.yaml
-
Review the Speedgain Web Frontend deployment file s4dbs-frontend.yaml. Replace the <enter host hostname here> tags with the hostname of your application. Import the file via
oc apply -f s4dbs-frontend.yaml
-
Import the Speedgain Reverse Proxy deployment file s4dbs-reverse.yaml via
oc apply -f s4dbs-reverse.yaml
-
Create a route to the s4dbs-reverse-service. Specify name, hostname and path to your liking. The target port is 8080. Also, if you like to use a secure connection you can choose that option.
-
The application wil be available via the hostname of the created route
3.5.4. Customization Options
For customization options, please review the Docker Compose installation section.
3.5.5. Setup SSL encryption
Above Speedgain version 2.1.0 the OpenShift deployment files introduces improvements for easy and fast SSL / HTTPS enablement. The following section shows how to modify the deployment YAML files to enable SSL. Before you start make sure you have a .crt and a .key SSL certificate file!
Modifying NginX configuration and create TLS-Secret containing SSL certifcates
The OpenShift deployment package contains a folder "configuration" with the nginx.conf file in it. You have to place your .key and .crt SSL certificate also in this folder. Please rename the .key file to ssl-cert.key and rename the .crt file to ssl-cert.crt.
Edit the nginx.conf file inside the configuration folder. Look for the following lines:
...
server {
# Disable the following 2 lines if you want to use HTTPS / SSL
listen 8080;
listen [::]:8080;
root /usr/share/nginx/www;
index index.html index.htm;
#SSL Config
# Enable the following 4 lines if SSL should be activated:
# listen 8080 ssl;
# listen [::]:8080 ssl;
# ssl_certificate_key /etc/ssl/ssl_cert.key;
# ssl_certificate /etc/ssl/ssl_cert.crt;
...
By default SSL is disable and port 8080 is cluster internally used to listen on. Now deactivate the first two "listen" lines and enable the 4 lines below the SSL comments. The result should look like this:
...
server {
# Disable the following 2 lines if you want to use HTTPS / SSL
# listen 8080;
# listen [::]:8080;
root /usr/share/nginx/www;
index index.html index.htm;
#SSL Config
# Enable the following 4 lines if SSL should be activated:
listen 8080 ssl;
listen [::]:8080 ssl;
ssl_certificate_key /etc/ssl/ssl_cert.key;
ssl_certificate /etc/ssl/ssl_cert.crt;
...
Save and exit the nginx.conf file.
|
Note
|
The differences in using dash or underscore is to distingush between mounted file and Secret data sections. Please use exactly the filenames stated above! |
Now edit the included deploy-all.sh script. It looks like that:
#! /bin/bash oc create secret tls s4dbs-ssl-cert \ # --cert=configuration/ssl-cert.crt \ # --key=configuration/ssl-cert.key; ...
As you see there are 3 lines deactivated below the Shebang. Now remove the #-sign in front of the three lines specifying the create secret command. The final shell script should look like this:
#! /bin/bash oc create secret tls s4dbs-ssl-cert \ --cert=configuration/ssl-cert.crt \ --key=configuration/ssl-cert.key; ...
Save the changes and close the deploy-all.sh script.
If you already applied the deployment specification, you can either drop all deployments by executing the script:
./drop_deployment.sh
Or you execute the oc command shown above to just create the TLS-Secret containing the SSL certificate and the certificate key.
|
Note
|
Its important that you use the filenames mentioned above! If you use different names, you have to update various specifications, making the SSL setup unnecessary more complex! |
Update s4dbs-reverse.yaml deployment file
Edit the s4dbs-reverse.yaml file and look for the following lines:
...
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: s4dbs-nginx-conf
readOnly: true
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- mountPath: /etc/ssl/ssl_cert.key
# subPath: ssl-cert.key
# name: s4dbs-ssl-cert
# readOnly: true
#- mountPath: /etc/ssl/ssl_cert.crt
# subPath: ssl-cert.crt
# name: s4dbs-ssl-cert
# readOnly: true
# SSL certificate mount END
readinessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
...
livenessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
...
startupProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
...
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- name: s4dbs-ssl-cert
# secret:
# secretName: s4dbs-ssl-cert
# SSL certificate mount END
...
As you see there is a deactivated mounting block to mount the SSL certificates under the correct names into the s4dbs-reverse pod. Please remove the #-sign infront of the mounting specification.
Further down, you find the probing section where health checks are specified. By default the OpenShift buildin httpGet-Probe checks only the HTTP protocol (specified or not). To check the HTTPS protocol, please change the "scheme" field of the 3 probes accordently. The last block you have to enable is the mounting specification to mount the TLS-Secret that holds the SSL certificate and the key.
The result should look like this:
...
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: s4dbs-nginx-conf
readOnly: true
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
- mountPath: /etc/ssl/ssl_cert.key
subPath: ssl-cert.key
name: s4dbs-ssl-cert
readOnly: true
- mountPath: /etc/ssl/ssl_cert.crt
subPath: ssl-cert.crt
name: s4dbs-ssl-cert
readOnly: true
# SSL certificate mount END
readinessProbe:
httpGet:
scheme: HTTPS # If SSL should be used, set it to HTTPS
...
livenessProbe:
httpGet:
scheme: HTTPS # If SSL should be used, set it to HTTPS
...
startupProbe:
httpGet:
scheme: HTTPS # If SSL should be used, set it to HTTPS
...
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
- name: s4dbs-ssl-cert
secret:
secretName: s4dbs-ssl-cert
# SSL certificate mount END
...
Optional: If you want to change the outside communication port from 8080 to 443
Also in the s4dbs-reverse.yaml file there is a definition for a service and a route. To use Port 443 externally you have to change this specifications. In the s4dbs-reverse.yaml file down below, look for the following lines:
apiVersion: v1
kind: Service
metadata:
name: s4dbs-reverse-service
spec:
selector:
app: s4dbs-reverse
ports:
- protocol: TCP
port: 8080
targetPort: 8080
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: s4dbs
labels:
app.kubernetes.io/managed-by: Helm
spec:
to:
kind: Service
name: s4dbs-reverse-service
port:
targetPort: 8080
Change the field port from 8080 to 443 and targetPort of the route. The result should look like:
apiVersion: v1
kind: Service
metadata:
name: s4dbs-reverse-service
spec:
selector:
app: s4dbs-reverse
ports:
- protocol: TCP
port: 443
targetPort: 8080
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: s4dbs
labels:
app.kubernetes.io/managed-by: Helm
spec:
to:
kind: Service
name: s4dbs-reverse-service
port:
targetPort: 443
If you want to operate HTTPS via port 8080 you can skip the last changes.
Save and close the s4dbs-reverse.yaml file.
Now you have to update the deployment already running in the Kubernetes cluster. Run the following commands:
oc delete deployment s4dbs-reverse-deployment oc apply -f s4dbs-reverse.yaml
3.5.6. Speedgain OpenShift all files package
3.5.7. Speedgain Collector deployment file s4dbs-collector.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-collector
name: s4dbs-collector-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-collector
template:
metadata:
labels:
app: s4dbs-collector
spec:
containers:
- name: s4dbs-collector
image: docker.io/itgainis/s4dbs_collector:2.2.0
imagePullPolicy: Always
env:
- name: PDB_DB_NAME
value: speedgain
- name: PDB_HOST
value: s4dbs-postgres-service
- name: PDB_PASS
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: PDB_PORT
value: "5432"
- name: PDB_USER
value: postgres
- name: SPGLOGLEVEL
value: INFO
readinessProbe:
exec:
command: ["sh", "-c", "ps", "aux", "|", "grep", "java", "|", "grep", "Speedgain_for_Databases.jar"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["sh", "-c", "ps", "aux", "|", "grep", "java", "|", "grep", "Speedgain_for_Databases.jar"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["sh", "-c", "ps", "aux", "|", "grep", "java", "|", "grep", "Speedgain_for_Databases.jar"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "2Gi"
cpu: "0.5"
limits:
memory: "8Gi"
cpu: "4"
restartPolicy: Always
volumes:
- name: s4dbs-licence
configMap:
name: s4dbs-licence
3.5.8. Speedgain Timescale deployment file s4dbs-postgres.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-postgres
name: s4dbs-postgres-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-postgres
template:
metadata:
labels:
app: s4dbs-postgres
spec:
volumes:
- name: postgres-pv-storage
persistentVolumeClaim:
claimName: s4dbs-postgres-pv-claim
initContainers:
- name: s4dbs-postgres-migration
image: docker.io/itgainis/s4dbs_timescaledb:2.2.0
imagePullPolicy: Always
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: POSTGRES_DB
value: speedgain
- name: OLD_DATA_DIR
value: /var/lib/postgresql/data/pgdata
- name: NEW_DATA_DIR
value: /var/lib/postgresql/data/pgdata/16
- name: INIT_CONTAINER
value: "true"
resources:
requests:
memory: "1Gi"
cpu: "1"
limits:
memory: "16Gi"
cpu: "8"
volumeMounts:
- name: postgres-pv-storage
mountPath: /var/lib/postgresql/data
containers:
- name: s4dbs-postgres
image: docker.io/itgainis/s4dbs_timescaledb:2.2.0
ports:
- containerPort: 5432
imagePullPolicy: Always
env:
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: POSTGRES_DB
value: speedgain
- name: OLD_DATA_DIR
value: /var/lib/postgresql/data/pgdata
- name: NEW_DATA_DIR
value: /var/lib/postgresql/data/pgdata/16
- name: POSTGRES_OPTIONS
value: max_connections=200
readinessProbe:
exec:
command: ["psql", "-w", "-U", "postgres", "-h", "localhost", "-d", "speedgain", "-c", "SELECT 1"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["psql", "-w", "-U", "postgres", "-h", "localhost", "-d", "speedgain", "-c", "SELECT 1"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["psql", "-w", "-U", "postgres", "-h", "localhost", "-d", "speedgain", "-c", "SELECT 1"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "1Gi"
cpu: "1"
limits:
memory: "16Gi"
cpu: "8"
volumeMounts:
- name: postgres-pv-storage
mountPath: /var/lib/postgresql/data
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-postgres-service
spec:
selector:
app: s4dbs-postgres
ports:
- protocol: TCP
port: 5432
targetPort: 5432
3.5.9. Speedgain Service deployment file s4dbs-service.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-service
name: s4dbs-service-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-service
template:
metadata:
labels:
app: s4dbs-service
spec:
containers:
- name: s4dbs-service
image: docker.io/itgainis/s4dbs_service:2.2.0
ports:
- containerPort: 8080
imagePullPolicy: Always
env:
- name: PDB_DB_NAME
value: speedgain
- name: PDB_HOST
value: s4dbs-postgres-service
- name: PDB_PASS
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: PDB_PORT
value: "5432"
- name: PDB_USER
value: postgres
- name: SPGDB_SERVICE_HOME
value: /tmp/spgdb_service_home/
readinessProbe:
exec:
command: ["curl", "-f", "localhost:8080/Speedgain_for_Databases_Service"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["curl", "-f", "localhost:8080/Speedgain_for_Databases_Service"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["curl", "-f", "localhost:8080/Speedgain_for_Databases_Service"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "4Gi"
cpu: "2"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-service-service
spec:
selector:
app: s4dbs-service
ports:
- protocol: TCP
port: 8080
targetPort: 8080
3.5.10. Speedgain MCP Server deployment file s4dbs-mcp.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-mcp
name: s4dbs-mcp-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-mcp
template:
metadata:
labels:
app: s4dbs-mcp
spec:
containers:
- name: s4dbs-mcp
image: docker.io/itgainis/s4dbs_mcp:2.2.0
ports:
- containerPort: 8000
imagePullPolicy: Always
env:
- name: S4DBS_URL
value: "http://s4dbs-service-service:8080/Speedgain_for_Databases_Service/speedgain"
- name: MCP_AGENT
value: speedgain-mcp-app/1.0
- name: S4DBS_USER
value: admin
- name: S4DBS_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: mcp-pass
readinessProbe:
exec:
command: ["python", "-c", "import http.client; c=http.client.HTTPConnection('127.0.0.1', 8000, timeout=2); c.request('GET', '/mcp'); exit(0 if c.getresponse().status == 406 else 1)"]
failureThreshold: 60
periodSeconds: 10
livenessProbe:
exec:
command: ["python", "-c", "import http.client; c=http.client.HTTPConnection('127.0.0.1', 8000, timeout=2); c.request('GET', '/mcp'); exit(0 if c.getresponse().status == 406 else 1)"]
failureThreshold: 5
periodSeconds: 10
startupProbe:
exec:
command: ["python", "-c", "import http.client; c=http.client.HTTPConnection('127.0.0.1', 8000, timeout=2); c.request('GET', '/mcp'); exit(0 if c.getresponse().status == 406 else 1)"]
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "4Gi"
cpu: "2"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-mcp-service
spec:
selector:
app: s4dbs-mcp
ports:
- protocol: TCP
port: 8000
targetPort: 8000
3.5.11. Speedgain Grafana deployment file s4dbs-grafana.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-grafana
name: s4dbs-grafana-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-grafana
template:
metadata:
labels:
app: s4dbs-grafana
spec:
volumes:
- name: grafana-pv-storage
persistentVolumeClaim:
claimName: s4dbs-grafana-pv-claim
- name: grafana-dashboard-pv-storage
persistentVolumeClaim:
claimName: s4dbs-grafana-dashboards-pv-claim
containers:
- name: s4dbs-grafana
image: docker.io/itgainis/s4dbs_grafana:2.2.0
ports:
- containerPort: 3000
imagePullPolicy: Always
env:
- name: PDB_DB_NAME
value: speedgain
- name: PDB_HOST
value: s4dbs-postgres-service
- name: PDB_PASS
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
- name: PDB_PORT
value: "5432"
- name: PDB_USER
value: "postgres"
#- name: GF_DASHBOARDS_DEFAULT_HOME_DASHBOARD_PATH
# value: "/grafanaprovisioning/dashboards/s4dbs-spg/S4DBs-Overview.json"
- name: GF_SERVER_SERVE_FROM_SUB_PATH
value: "true"
- name: GF_SERVER_ROOT_URL
value: "%(protocol)s://%(domain)s:%(http_port)s/grafana/"
##enter dns name of route here (will be created later) ##
#- name: GF_SERVER_DOMAIN
# value: "dns of the route to my host"
- name: GF_SECURITY_ALLOW_EMBEDDING
value: "true"
- name: GF_AUTH_ANONYMOUS_ENABLED
value: "true"
- name: GF_USERS_DEFAULT_THEME
value: "light"
- name: GF_PATHS_PLUGINS
value: "/grafanaplugins/"
- name: GF_PATHS_PROVISIONING
value: "/grafanaprovisioning/"
# Store repository data in PostgreSQL DB
- name: GF_DATABASE_TYPE
value: "postgres"
- name: GF_DATABASE_HOST
value: "s4dbs-postgres-service:5432"
- name: GF_DATABASE_NAME
value: "speedgain"
- name: GF_DATABASE_USER
value: postgres
- name: GF_DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: s4dbs-secrets
key: postgres-password
readinessProbe:
tcpSocket:
port: 3000
failureThreshold: 60
periodSeconds: 10
livenessProbe:
tcpSocket:
port: 3000
failureThreshold: 5
periodSeconds: 10
startupProbe:
tcpSocket:
port: 3000
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "2"
volumeMounts:
- name: grafana-pv-storage
mountPath: /var/lib/grafana
- name: grafana-dashboard-pv-storage
mountPath: /grafanaprovisioning/
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-grafana-service
spec:
selector:
app: s4dbs-grafana
ports:
- protocol: TCP
port: 3000
targetPort: 3000
3.5.12. Speedgain Web Frontend deployment file s4dbs-frontend.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-frontend
name: s4dbs-frontend-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-frontend
template:
metadata:
labels:
app: s4dbs-frontend
spec:
containers:
- name: s4dbs-frontend
image: docker.io/itgainis/s4dbs_frontend:2.2.0
ports:
- containerPort: 8080
imagePullPolicy: Always
env:
- name: FRONTEND_CONFIG_MODE
value: "false"
- name: SERVICE_PROTOCOL
value: http
- name: SERVICE_HOST
value: <enter host hostname here>
- name: SERVICE_PORT
value: "30800"
- name: GRAFANA_PROTOCOL
value: http
- name: GRAFANA_HOST
value: <enter host hostname here>
- name: GRAFANA_PORT
value: "30800/grafana"
readinessProbe:
httpGet:
path: /s4dbs-ui
port: 8080
failureThreshold: 60
periodSeconds: 10
livenessProbe:
httpGet:
path: /s4dbs-ui
port: 8080
failureThreshold: 5
periodSeconds: 10
startupProbe:
httpGet:
path: /s4dbs-ui
port: 8080
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "128Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "1"
restartPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-frontend-service
spec:
selector:
app: s4dbs-frontend
ports:
- protocol: TCP
port: 8080
targetPort: 8080
3.5.13. Speedgain Reverse Proxy deployment file s4dbs-reverse.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: s4dbs-reverse
name: s4dbs-reverse-deployment
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: s4dbs-reverse
template:
metadata:
labels:
app: s4dbs-reverse
spec:
containers:
- name: s4dbs-reverse
image: docker.io/nginx:1.29.7-alpine
ports:
- containerPort: 8080
imagePullPolicy: Always
volumeMounts:
- mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
name: s4dbs-nginx-conf
readOnly: true
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- mountPath: /etc/ssl/ssl_cert.key
# subPath: tls.key
# name: s4dbs-ssl-cert
# readOnly: true
#- mountPath: /etc/ssl/ssl_cert.crt
# subPath: tls.crt
# name: s4dbs-ssl-cert
# readOnly: true
# SSL certificate mount END
readinessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
path: /
port: 8080
failureThreshold: 60
periodSeconds: 10
livenessProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
path: /
port: 8080
failureThreshold: 5
periodSeconds: 10
startupProbe:
httpGet:
scheme: HTTP # If SSL should be used, set it to HTTPS
path: /
port: 8080
failureThreshold: 60
periodSeconds: 10
resources:
requests:
memory: "256Mi"
cpu: "0.5"
limits:
memory: "2Gi"
cpu: "1"
restartPolicy: Always
volumes:
- name: s4dbs-nginx-conf
configMap:
name: s4dbs-nginx-conf
# enable the following lines to mount SSL certificates
# SSL certificate mount BEGIN
#- name: s4dbs-ssl-cert
# secret:
# secretName: s4dbs-ssl-cert
# SSL certificate mount END
---
apiVersion: v1
kind: Service
metadata:
name: s4dbs-reverse-service
spec:
selector:
app: s4dbs-reverse
ports:
- protocol: TCP
port: 8080
targetPort: 8080
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: s4dbs
labels:
app.kubernetes.io/managed-by: Helm
spec:
to:
kind: Service
name: s4dbs-reverse-service
port:
targetPort: 8080
3.5.14. Openshift NginX configuration file nginx.conf
worker_processes 5; ## Default: 1
pid /tmp/nginx.pid;
events {
worker_connections 1000;
}
http {
client_body_temp_path /tmp/client_temp;
proxy_temp_path /tmp/proxy_temp_path;
fastcgi_temp_path /tmp/fastcgi_temp;
uwsgi_temp_path /tmp/uwsgi_temp;
scgi_temp_path /tmp/scgi_temp;
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream grafana {
server s4dbs-grafana-service:3000;
}
upstream service {
server s4dbs-service-service:8080;
}
upstream mcp {
server s4dbs-mcp-service:8000;
}
server {
# Disable the following 2 lines if you want to use HTTPS / SSL
listen 8080;
listen [::]:8080;
root /usr/share/nginx/www;
index index.html index.htm;
#SSL Config
# Enable the following 4 lines if SSL should be activated:
# listen 8080 ssl;
# listen [::]:8080 ssl;
# ssl_certificate_key /etc/ssl/ssl_cert.key;
# ssl_certificate /etc/ssl/ssl_cert.crt;
# service
location /Speedgain_for_Databases_Service/ {
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass http://service;
}
# frontend
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://s4dbs-frontend-service:8080/s4dbs-ui/;
}
location /s4dbs-ui/ {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://s4dbs-frontend-service:8080/s4dbs-ui/;
}
# grafana
location /grafana/ {
proxy_set_header Host $http_host;
proxy_pass http://grafana;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
location /grafana/api/live/ {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $http_host;
proxy_pass http://grafana;
proxy_read_timeout 300;
proxy_connect_timeout 300;
proxy_send_timeout 300;
}
# mcp
location ^~ /Speedgain_for_Databases_Mcp/ {
proxy_pass http://mcp/mcp;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_buffering off;
proxy_cache off;
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
proxy_connect_timeout 15s;
proxy_pass_header Mcp-Session-Id;
add_header Access-Control-Allow-Origin "*" always;
add_header Access-Control-Allow-Headers "Content-Type, Mcp-Session-Id, Authorization" always;
add_header Access-Control-Expose-Headers "Mcp-Session-Id" always;
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Methods "GET, POST, DELETE, OPTIONS";
add_header Access-Control-Allow-Origin "*";
add_header Access-Control-Allow-Headers "Content-Type, Mcp-Session-Id, Authorization";
return 204;
}
}
}
}
3.5.15. Speedgain secrets configuration file s4dbs-secrets.yaml
apiVersion: v1 kind: Secret metadata: name: s4dbs-secrets type: Opaque stringData: postgres-password: <PasswordOfPostgresUser> mcp-pass: <PasswordOfMCPUser>