diff --git a/pages/getting-started/install-memgraph/kubernetes.mdx b/pages/getting-started/install-memgraph/kubernetes.mdx index 815171f10..ff9d5ef8a 100644 --- a/pages/getting-started/install-memgraph/kubernetes.mdx +++ b/pages/getting-started/install-memgraph/kubernetes.mdx @@ -165,6 +165,35 @@ want to use. Using the latest tag can lead to issues, as a pod restart may pull a newer image, potentially causing unexpected changes or incompatibilities. +### Install Memgraph standalone chart with `minikube` + +If you are installing Memgraph standalone chart locally with `minikube`, we are strongly recommending to enable `csi-hostpath-driver` and use its storage class. Otherwise, +you could have problems with attaching PVCs to pods. + +1. Enable `csi-hostpath-driver` +``` +minikube addons disable storage-provisioner +minikube addons disable default-storageclass +minikube addons enable volumesnapshots +minikube addons enable csi-hostpath-driver +``` + +2. Create a storage class with `csi-hostpath-driver` as a provider (file sc.yaml) + +``` +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csi-hostpath-delayed +provisioner: hostpath.csi.k8s.io +volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: Delete +``` + +3. `kubectl apply -f sc.yaml` + +4. Set `storageClassName` to `csi-hostpath-delayed` in `values.yaml` + #### Access Memgraph Once Memgraph is installed, you can access it using the provided services and @@ -177,71 +206,81 @@ Lab](/data-visualization). The following table lists the configurable parameters of the Memgraph chart and their default values. -| Parameter | Description | Default | -| ------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | -| `image.repository` | Memgraph Docker image repository | `memgraph/memgraph` | -| `image.tag` | Specific tag for the Memgraph Docker image. Overrides the image tag whose default is chart version. | `""` (Defaults to chart's app version) | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `useImagePullSecrets` | Override the default imagePullSecrets | `false` | -| `imagePullSecrets` | Specify image pull secrets | `- name: regcred` | -| `replicaCount` | Number of Memgraph instances to run. Note: no replication or HA support. | `1` | -| `affinity.nodeKey` | Key for node affinity (Preferred) | `""` | -| `affinity.nodeValue` | Value for node affinity (Preferred) | `""` | -| `nodeSelector` | Constrain which nodes your Memgraph pod is eligible to be scheduled on, based on the labels on the nodes. Left empty by default. | `{}` | -| `service.type` | Kubernetes service type | `ClusterIP` | -| `service.enableBolt` | Enable Bolt protocol | `true` | -| `service.boltPort` | Bolt protocol port | `7687` | -| `service.enableWebsocketMonitoring` | Enable WebSocket monitoring | `false` | -| `service.websocketPortMonitoring` | WebSocket monitoring port | `7444` | -| `service.enableHttpMonitoring` | Enable HTTP monitoring | `false` | -| `service.httpPortMonitoring` | HTTP monitoring port | `9091` | -| `service.annotations` | Annotations to add to the service | `{}` | -| `service.labels` | Labels to add to the service | `{}` | -| `persistentVolumeClaim.createStorageClaim` | Enable creation of a Persistent Volume Claim for storage | `true` | -| `persistentVolumeClaim.storageClassName` | Storage class name for the persistent volume claim | `""` | -| `persistentVolumeClaim.storageSize` | Size of the persistent volume claim for storage | `10Gi` | -| `persistentVolumeClaim.existingClaim` | Use an existing Persistent Volume Claim | `memgraph-0` | -| `persistentVolumeClaim.storageVolumeName` | Name of an existing Volume to create a PVC for | `""` | -| `persistentVolumeClaim.createLogStorage` | Enable creation of a Persistent Volume Claim for logs | `true` | -| `persistentVolumeClaim.logStorageClassName` | Storage class name for the persistent volume claim for logs | `""` | -| `persistentVolumeClaim.logStorageSize` | Size of the persistent volume claim for logs | `1Gi` | -| `memgraphConfig` | List of strings defining Memgraph configuration settings | `["--also-log-to-stderr=true"]` | -| `secrets.enabled` | Enable the use of Kubernetes secrets for Memgraph credentials | `false` | -| `secrets.name` | The name of the Kubernetes secret containing Memgraph credentials | `memgraph-secrets` | -| `secrets.userKey` | The key in the Kubernetes secret for the Memgraph user, the value is passed to the `MEMGRAPH_USER` env | `USER` | -| `secrets.passwordKey` | The key in the Kubernetes secret for the Memgraph password, the value is passed to the `MEMGRAPH_PASSWORD` | `PASSWORD` | -| `memgraphEnterpriseLicense` | Memgraph Enterprise License | `""` | -| `memgraphOrganizationName` | Organization name for Memgraph Enterprise License | `""` | -| `statefulSetAnnotations` | Annotations to add to the stateful set | `{}` | -| `podAnnotations` | Annotations to add to the pod | `{}` | -| `resources` | CPU/Memory resource requests/limits. Left empty by default. | `{}` | -| `tolerations` | A toleration is applied to a pod and allows the pod to be scheduled on nodes with matching taints. Left empty by default. | `[]` | -| `serviceAccount.create` | Specifies whether a service account should be created | `true` | -| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | -| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated. | `""` | -| `container.terminationGracePeriodSeconds` | Grace period for pod termination | `1800` | -| `container.livenessProbe.tcpSocket.port` | Port used for TCP connection. Should be the same as bolt port. | `7687` | -| `container.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `20` | -| `container.livenessProbe.timeoutSeconds` | Initial delay for readiness probe | `10` | -| `container.livenessProbe.periodSeconds` | Period seconds for readiness probe | `5` | -| `container.readinessProbe.tcpSocket.port` | Port used for TCP connection. Should be the same as bolt port. | `7687` | -| `container.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `20` | -| `container.readinessProbe.timeoutSeconds` | Initial delay for readiness probe | `10` | -| `container.readinessProbe.periodSeconds` | Period seconds for readiness probe | `5` | -| `container.startupProbe.tcpSocket.port` | Port used for TCP connection. Should be the same as bolt port. | `7687` | -| `container.startupProbe.failureThreshold` | Failure threshold for startup probe | `1440` | -| `container.startupProbe.periodSeconds` | Period seconds for startup probe | `10` | -| `nodeSelectors` | Node selectors for pod. Left empty by default. | `{}` | -| `customQueryModules` | List of custom Query modules that should be mounted to Memgraph Pod | `[]` | -| `sysctlInitContainer.enabled` | Enable the init container to set sysctl parameters | `true` | -| `sysctlInitContainer.maxMapCount` | Value for `vm.max_map_count` to be set by the init container | `262144` | -| `storageClass.create` | If set to true, new StorageClass will be created. | `false` | -| `storageClass.name` | Name of the StorageClass | `"memgraph-generic-storage-class"` | -| `storageClass.provisioner` | Provisioner for the StorageClass | `""` | -| `storageClass.storageType` | Type of storage for the StorageClass | `""` | -| `storageClass.fsType` | Filesystem type for the StorageClass | `""` | -| `storageClass.reclaimPolicy` | Reclaim policy for the StorageClass | `Retain` | -| `storageClass.volumeBindingMode` | Volume binding mode for the StorageClass | `Immediate` | +| Parameter | Description | Default | +| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------- | +| `image.repository` | Memgraph Docker image repository | `memgraph/memgraph` | +| `image.tag` | Specific tag for the Memgraph Docker image. Overrides the image tag whose default is chart version. | `""` (Defaults to chart's app version) | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `memgraphUserId` | The user id that is hardcoded in Memgraph and Mage images | `101` | +| `memgraphGroupId` | The group id that is hardcoded in Memgraph and Mage images | `103` | +| `useImagePullSecrets` | Override the default imagePullSecrets | `false` | +| `imagePullSecrets` | Specify image pull secrets | `- name: regcred` | +| `replicaCount` | Number of Memgraph instances to run. Note: no replication or HA support. | `1` | +| `affinity.nodeKey` | Key for node affinity (Preferred) | `""` | +| `affinity.nodeValue` | Value for node affinity (Preferred) | `""` | +| `nodeSelector` | Constrain which nodes your Memgraph pod is eligible to be scheduled on, based on the labels on the nodes. Left empty by default. | `{}` | +| `service.type` | Kubernetes service type | `ClusterIP` | +| `service.enableBolt` | Enable Bolt protocol | `true` | +| `service.boltPort` | Bolt protocol port | `7687` | +| `service.enableWebsocketMonitoring` | Enable WebSocket monitoring | `false` | +| `service.websocketPortMonitoring` | WebSocket monitoring port | `7444` | +| `service.enableHttpMonitoring` | Enable HTTP monitoring | `false` | +| `service.httpPortMonitoring` | HTTP monitoring port | `9091` | +| `service.annotations` | Annotations to add to the service | `{}` | +| `service.labels` | Labels to add to the service | `{}` | +| `persistentVolumeClaim.createStorageClaim` | Enable creation of a Persistent Volume Claim for storage | `true` | +| `persistentVolumeClaim.storageClassName` | Storage class name for the persistent volume claim | `""` | +| `persistentVolumeClaim.storageSize` | Size of the persistent volume claim for storage | `10Gi` | +| `persistentVolumeClaim.existingClaim` | Use an existing Persistent Volume Claim | `memgraph-0` | +| `persistentVolumeClaim.storageVolumeName` | Name of an existing Volume to create a PVC for | `""` | +| `persistentVolumeClaim.createLogStorage` | Enable creation of a Persistent Volume Claim for logs | `true` | +| `persistentVolumeClaim.logStorageClassName` | Storage class name for the persistent volume claim for logs | `""` | +| `persistentVolumeClaim.logStorageSize` | Size of the persistent volume claim for logs | `1Gi` | +| `persistentVolumeClaim.createUserClaim` | Create a Dynamic Persistant Volume Claim for Configs, Certificates (e.g. Bolt cert ) and rest of User related files | `false` | +| `persistentVolumeClaim.userStorageClassName` | Storage class name for the persistent volume claim for user storage | `""` | +| `persistentVolumeClaim.userStorageSize` | Size of the persistent volume claim for user storage | `1Gi` | +| `persistentVolumeClaim.userStorageAccessMode` | Storage Class Access Mode. If you need a different pod to add data into Memgraph (e.g. CSV files) set this to "ReadWriteMany" | `ReadWriteOnce` | +| `persistentVolumeClaim.userMountPath` | Where to mount the `userStorageClass` you should set this variable if you are enabling the `UserClaim` | `""` | +| `memgraphConfig` | List of strings defining Memgraph configuration settings | `["--also-log-to-stderr=true"]` | +| `secrets.enabled` | Enable the use of Kubernetes secrets for Memgraph credentials | `false` | +| `secrets.name` | The name of the Kubernetes secret containing Memgraph credentials | `memgraph-secrets` | +| `secrets.userKey` | The key in the Kubernetes secret for the Memgraph user, the value is passed to the `MEMGRAPH_USER` env | `USER` | +| `secrets.passwordKey` | The key in the Kubernetes secret for the Memgraph password, the value is passed to the `MEMGRAPH_PASSWORD` | `PASSWORD` | +| `memgraphEnterpriseLicense` | Memgraph Enterprise License | `""` | +| `memgraphOrganizationName` | Organization name for Memgraph Enterprise License | `""` | +| `statefulSetAnnotations` | Annotations to add to the stateful set | `{}` | +| `podAnnotations` | Annotations to add to the pod | `{}` | +| `resources` | CPU/Memory resource requests/limits. Left empty by default. | `{}` | +| `tolerations` | A toleration is applied to a pod and allows the pod to be scheduled on nodes with matching taints. Left empty by default. | `[]` | +| `serviceAccount.create` | Specifies whether a service account should be created | `true` | +| `serviceAccount.annotations` | Annotations to add to the service account | `{}` | +| `serviceAccount.name` | The name of the service account to use. If not set and create is true, a name is generated. | `""` | +| `container.terminationGracePeriodSeconds` | Grace period for pod termination | `1800` | +| `container.livenessProbe.tcpSocket.port` | Port used for TCP connection. Should be the same as bolt port. | `7687` | +| `container.livenessProbe.failureThreshold` | Failure threshold for liveness probe | `20` | +| `container.livenessProbe.timeoutSeconds` | Initial delay for readiness probe | `10` | +| `container.livenessProbe.periodSeconds` | Period seconds for readiness probe | `5` | +| `container.readinessProbe.tcpSocket.port` | Port used for TCP connection. Should be the same as bolt port. | `7687` | +| `container.readinessProbe.failureThreshold` | Failure threshold for readiness probe | `20` | +| `container.readinessProbe.timeoutSeconds` | Initial delay for readiness probe | `10` | +| `container.readinessProbe.periodSeconds` | Period seconds for readiness probe | `5` | +| `container.startupProbe.tcpSocket.port` | Port used for TCP connection. Should be the same as bolt port. | `7687` | +| `container.startupProbe.failureThreshold` | Failure threshold for startup probe | `1440` | +| `container.startupProbe.periodSeconds` | Period seconds for startup probe | `10` | +| `nodeSelectors` | Node selectors for pod. Left empty by default. | `{}` | +| `customQueryModules` | List of custom Query modules that should be mounted to Memgraph Pod | `[]` | +| `storageClass.create` | If set to true, new StorageClass will be created. | `false` | +| `storageClass.name` | Name of the StorageClass | `"memgraph-generic-storage-class"` | +| `storageClass.provisioner` | Provisioner for the StorageClass | `""` | +| `storageClass.storageType` | Type of storage for the StorageClass | `""` | +| `storageClass.fsType` | Filesystem type for the StorageClass | `""` | +| `storageClass.reclaimPolicy` | Reclaim policy for the StorageClass | `Retain` | +| `storageClass.volumeBindingMode` | Volume binding mode for the StorageClass | `Immediate` | +| `sysctlInitContainer.enabled` | Enable the init container to set sysctl parameters | `true` | +| `sysctlInitContainer.maxMapCount` | Value for `vm.max_map_count` to be set by the init container | `262144` | +| `sysctlInitContainer.image.repository` | Busybox image repository | `library/busybox` | +| `sysctlInitContainer.image.tag` | Specific tag for the Busybox Docker image | `latest` | +| `sysctlInitContainer.image.pullPolicy` | Image pull policy for busybox | `IfNotPresent` | To change the default chart values, provide your own `values.yaml` file during the installation: @@ -329,6 +368,36 @@ want to use. Using the latest tag can lead to issues, as a pod restart may pull a newer image, potentially causing unexpected changes or incompatibilities. +### Install Memgraph HA chart with `minikube` + +If you are installing Memgraph HA chart locally with `minikube`, we are strongly recommending to enable `csi-hostpath-driver` and use its storage class. Otherwise, +you could have problems with attaching PVCs to pods. + +1. Enable `csi-hostpath-driver` +``` +minikube addons disable storage-provisioner +minikube addons disable default-storageclass +minikube addons enable volumesnapshots +minikube addons enable csi-hostpath-driver +``` + +2. Create a storage class with `csi-hostpath-driver` as a provider (file sc.yaml) + +``` +apiVersion: storage.k8s.io/v1 +kind: StorageClass +metadata: + name: csi-hostpath-delayed +provisioner: hostpath.csi.k8s.io +volumeBindingMode: WaitForFirstConsumer +reclaimPolicy: Delete +``` + +3. `kubectl apply -f sc.yaml` + +4. Set `libStorageClassName` to `csi-hostpath-delayed` in `values.yaml` + + ### Changing the default chart values To change the default chart values, run the command with the specified set of @@ -369,8 +438,7 @@ Uninstalling the chart won't trigger deletion of persistent volume claims (PVCs) ### Security context -All instances are started as `StatefulSet` with one pod. The pod has two or three containers depending on whether the sysctlInitContainer.enabled is used. The **init** container -is used to set permissions on volume mounts. It is used as root user with `CHOWN` capability and without privileged access. The **memgraph-coordinator** container is the one which +All instances are started as `StatefulSet` with one pod. The pod has two or three containers depending on whether the sysctlInitContainer.enabled is used. The **memgraph-coordinator** container is the one which actually runs Memgraph image. The process is run by non-root **memgraph** user without any Linux capabilities. Privileges cannot escalate. ### High availability storage @@ -637,6 +705,8 @@ The following table lists the configurable parameters of the Memgraph HA chart a | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `env.MEMGRAPH_ENTERPRISE_LICENSE` | Memgraph enterprise license | `` | | `env.MEMGRAPH_ORGANIZATION_NAME` | Organization name | `` | +| `memgraphUserId` | The user id that is hardcoded in Memgraph and Mage images | `101` | +| `memgraphGroupId` | The group id that is hardcoded in Memgraph and Mage images | `103` | | `storage.libPVCSize` | Size of the storage PVC | `1Gi` | | `storage.libStorageClassName` | The name of the storage class used for storing data. | `""` | | `storage.libStorageAccessMode` | Access mode used for lib storage. | `ReadWriteOnce` |