From 864f597fa630c7004b171f8d1e54523eccb0c430 Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Tue, 10 Feb 2026 14:25:45 -0800 Subject: [PATCH 1/7] charts/openrelik make celery process parent, add term grace period --- charts/osdfir-infrastructure/Chart.lock | 6 +++--- charts/osdfir-infrastructure/Chart.yaml | 4 ++-- .../charts/openrelik/Chart.yaml | 2 +- .../templates/worker-deployment.yaml | 5 ++++- .../charts/openrelik/values.yaml | 21 +++++++++++++++++-- 5 files changed, 29 insertions(+), 9 deletions(-) diff --git a/charts/osdfir-infrastructure/Chart.lock b/charts/osdfir-infrastructure/Chart.lock index 69a2a001..9ad690e1 100644 --- a/charts/osdfir-infrastructure/Chart.lock +++ b/charts/osdfir-infrastructure/Chart.lock @@ -7,12 +7,12 @@ dependencies: version: 2.2.6 - name: openrelik repository: file://charts/openrelik - version: 2.2.7 + version: 2.2.8 - name: grr repository: file://charts/grr version: 2.3.1 - name: hashr repository: file://charts/hashr version: 2.0.1 -digest: sha256:df3e601338af062202031f93fadfaebea87462a08cd7f093a93e7903e09e47fe -generated: "2026-02-09T13:50:14.474878-08:00" +digest: sha256:318b9e9e33dd6f4e68d8b8e4c502abebb8ab312f92174b88dd10f274538fab03 +generated: "2026-02-10T14:21:22.503927-08:00" diff --git a/charts/osdfir-infrastructure/Chart.yaml b/charts/osdfir-infrastructure/Chart.yaml index c4024528..c0a4466a 100644 --- a/charts/osdfir-infrastructure/Chart.yaml +++ b/charts/osdfir-infrastructure/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: osdfir-infrastructure -version: 2.7.8 +version: 2.7.9 description: A Helm chart for Open Source Digital Forensics Kubernetes deployments. keywords: - timesketch @@ -22,7 +22,7 @@ dependencies: - condition: global.openrelik.enabled name: openrelik repository: file://charts/openrelik - version: 2.2.7 + version: 2.2.8 - condition: global.grr.enabled name: grr repository: file://charts/grr diff --git a/charts/osdfir-infrastructure/charts/openrelik/Chart.yaml b/charts/osdfir-infrastructure/charts/openrelik/Chart.yaml index 25a3ab00..134c38b3 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/Chart.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: openrelik -version: 2.2.7 +version: 2.2.8 description: A Helm chart for Openrelik Kubernetes deployments. keywords: - openrelik diff --git a/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml b/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml index e3c43f13..beab4dd6 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml @@ -15,6 +15,8 @@ spec: app.kubernetes.io/component: worker template: metadata: + annotations: + cluster-autoscaler.kubernetes.io/safe-to-evict: "false" labels: app.kubernetes.io/name: openrelik app.kubernetes.io/component: worker @@ -32,12 +34,13 @@ spec: {{- if $.Values.config.enableServiceAccount }} serviceAccountName: openrelik {{- end }} + terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds }} containers: - name: worker image: {{ .image | quote }} imagePullPolicy: {{ $.Values.config.imagePullPolicy }} command: ["/bin/sh", "-c"] - args: ["{{ .command }}"] + args: ["exec {{ .command }}"] terminationMessagePath: /tmp/termination-log securityContext: privileged: {{ .privileged }} diff --git a/charts/osdfir-infrastructure/charts/openrelik/values.yaml b/charts/osdfir-infrastructure/charts/openrelik/values.yaml index ac50495f..08f1d82e 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/values.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/values.yaml @@ -217,6 +217,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-analyzer-config" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -225,6 +226,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-analyzer-logs" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -233,6 +235,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-bulkextractor" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -241,6 +244,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-capa" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -249,6 +253,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-chromecreds" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -257,6 +262,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-cloud-logs" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -265,6 +271,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-containers" privileged: true replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -273,6 +280,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-dfindexeddb" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -281,6 +289,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-extraction" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -289,14 +298,16 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-floss" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} - name: openrelik-worker-grep image: ghcr.io/openrelik/openrelik-worker-grep:latest command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-grep" - privileged: false + privileged: true replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -305,6 +316,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-hayabusa" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -313,6 +325,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-plaso" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -321,6 +334,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-os-creds" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -329,6 +343,7 @@ workers: command: celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-strings privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -340,6 +355,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-timesketch" privileged: false replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -348,6 +364,7 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-yara" privileged: true replicas: 1 + terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -364,7 +381,7 @@ config: imagePullPolicy: Always ## @param config.gkeAllowList Specify a GKE Autopilot allowlist for OpenRelik privileged workers to use ## - gkeAllowList: "openrelik-privileged-workers-v3.0.0" + gkeAllowList: "openrelik-privileged-workers-v4.0.0" ## OpenRelik nbd init container configuration for OpenRelik containers that require the nbd module. ## Only enable this container when you need to load the nbd kernel module to the underlying node. ## From fd467eb162d7c64c6c6457485db7f86b2d65c67e Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Tue, 10 Feb 2026 15:07:50 -0800 Subject: [PATCH 2/7] remove privileged grep --- charts/osdfir-infrastructure/charts/openrelik/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/osdfir-infrastructure/charts/openrelik/values.yaml b/charts/osdfir-infrastructure/charts/openrelik/values.yaml index 08f1d82e..87af7eb7 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/values.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/values.yaml @@ -305,7 +305,7 @@ workers: - name: openrelik-worker-grep image: ghcr.io/openrelik/openrelik-worker-grep:latest command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-grep" - privileged: true + privileged: false replicas: 1 terminationGracePeriodSeconds: 600 env: {} From bcb669940fcf920ced1f02038048206dde3c3dd5 Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Tue, 10 Feb 2026 15:17:31 -0800 Subject: [PATCH 3/7] Remove Hayabusa as container no longer available --- .../charts/openrelik/values.yaml | 11 +---------- 1 file changed, 1 insertion(+), 10 deletions(-) diff --git a/charts/osdfir-infrastructure/charts/openrelik/values.yaml b/charts/osdfir-infrastructure/charts/openrelik/values.yaml index 87af7eb7..b4f72fdd 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/values.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/values.yaml @@ -305,16 +305,7 @@ workers: - name: openrelik-worker-grep image: ghcr.io/openrelik/openrelik-worker-grep:latest command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-grep" - privileged: false - replicas: 1 - terminationGracePeriodSeconds: 600 - env: {} - resources: {} - nodeSelector: {} -- name: openrelik-worker-hayabusa - image: ghcr.io/openrelik/openrelik-worker-hayabusa:latest - command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-hayabusa" - privileged: false + privileged: true replicas: 1 terminationGracePeriodSeconds: 600 env: {} From 52db00dc885ff1a593cd25057c344f55db15b3b0 Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Tue, 10 Feb 2026 15:20:01 -0800 Subject: [PATCH 4/7] downgrade chart --- charts/osdfir-infrastructure/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/osdfir-infrastructure/Chart.yaml b/charts/osdfir-infrastructure/Chart.yaml index c0a4466a..4f16bc6d 100644 --- a/charts/osdfir-infrastructure/Chart.yaml +++ b/charts/osdfir-infrastructure/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: osdfir-infrastructure -version: 2.7.9 +version: 2.7.8 description: A Helm chart for Open Source Digital Forensics Kubernetes deployments. keywords: - timesketch From 386dc230ed4f79233737b0f83278df03debc38f8 Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Tue, 10 Feb 2026 15:25:11 -0800 Subject: [PATCH 5/7] Fix merge conflicts --- charts/osdfir-infrastructure/Chart.lock | 4 ++-- charts/osdfir-infrastructure/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/osdfir-infrastructure/Chart.lock b/charts/osdfir-infrastructure/Chart.lock index 561f73ca..c3bd1d4d 100644 --- a/charts/osdfir-infrastructure/Chart.lock +++ b/charts/osdfir-infrastructure/Chart.lock @@ -14,5 +14,5 @@ dependencies: - name: hashr repository: file://charts/hashr version: 2.0.1 -digest: sha256:fd82bc73795121392f93675ec1bba5abd57236e15992991795e049f8ce050156 -generated: "2026-02-10T12:38:43.501876877Z" +digest: sha256:8b22d81395830b6eea1eb9439706d5dcb82e304d964777749899706bed019f2f +generated: "2026-02-10T15:24:42.39758-08:00" diff --git a/charts/osdfir-infrastructure/Chart.yaml b/charts/osdfir-infrastructure/Chart.yaml index 3c7e3a5c..e1de8107 100644 --- a/charts/osdfir-infrastructure/Chart.yaml +++ b/charts/osdfir-infrastructure/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: osdfir-infrastructure -version: 2.7.9 +version: 2.8.0 description: A Helm chart for Open Source Digital Forensics Kubernetes deployments. keywords: - timesketch From 17ce0e1b07e1f94d214bd429fa0e8b6179b721ba Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Wed, 11 Feb 2026 12:18:13 -0800 Subject: [PATCH 6/7] Update Chart lock --- charts/osdfir-infrastructure/Chart.lock | 4 ++-- charts/osdfir-infrastructure/Chart.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/charts/osdfir-infrastructure/Chart.lock b/charts/osdfir-infrastructure/Chart.lock index f995befc..46b45741 100644 --- a/charts/osdfir-infrastructure/Chart.lock +++ b/charts/osdfir-infrastructure/Chart.lock @@ -14,5 +14,5 @@ dependencies: - name: hashr repository: file://charts/hashr version: 2.0.1 -digest: sha256:a8aa83d96cc62b3b01b0ef6d057bdbee97ecbe8c091fcc2725760505d4839e89 -generated: "2026-02-11T11:04:05.246129-08:00" +digest: sha256:cf52f78d2ed4ee1afea63b72e5aea03bd9e844d4c594ba6aad582edd4cbfc721 +generated: "2026-02-11T12:17:21.89324-08:00" diff --git a/charts/osdfir-infrastructure/Chart.yaml b/charts/osdfir-infrastructure/Chart.yaml index f32b0fd9..89dc8a7b 100644 --- a/charts/osdfir-infrastructure/Chart.yaml +++ b/charts/osdfir-infrastructure/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: osdfir-infrastructure -version: 2.8.0 +version: 2.8.1 description: A Helm chart for Open Source Digital Forensics Kubernetes deployments. keywords: - timesketch From 628d7cc3201c8e3cee2643e70d934cedeac0398c Mon Sep 17 00:00:00 2001 From: wajihyassine Date: Wed, 11 Feb 2026 12:32:38 -0800 Subject: [PATCH 7/7] Change how termination grace period is specified so we don't have to individually change each grace period --- .../templates/worker-deployment.yaml | 2 +- .../charts/openrelik/values.yaml | 19 +++---------------- 2 files changed, 4 insertions(+), 17 deletions(-) diff --git a/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml b/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml index beab4dd6..88bb6d69 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/templates/worker-deployment.yaml @@ -34,7 +34,7 @@ spec: {{- if $.Values.config.enableServiceAccount }} serviceAccountName: openrelik {{- end }} - terminationGracePeriodSeconds: {{ .terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ $.Values.config.terminationGracePeriodSeconds }} containers: - name: worker image: {{ .image | quote }} diff --git a/charts/osdfir-infrastructure/charts/openrelik/values.yaml b/charts/osdfir-infrastructure/charts/openrelik/values.yaml index b4f72fdd..481e7f62 100644 --- a/charts/osdfir-infrastructure/charts/openrelik/values.yaml +++ b/charts/osdfir-infrastructure/charts/openrelik/values.yaml @@ -217,7 +217,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-analyzer-config" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -226,7 +225,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-analyzer-logs" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -235,7 +233,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-bulkextractor" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -244,7 +241,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-capa" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -253,7 +249,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-chromecreds" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -262,7 +257,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-cloud-logs" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -271,7 +265,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-containers" privileged: true replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -280,7 +273,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-dfindexeddb" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -289,7 +281,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-extraction" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -298,7 +289,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-floss" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -307,7 +297,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-grep" privileged: true replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -316,7 +305,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-plaso" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -325,7 +313,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-os-creds" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -334,7 +321,6 @@ workers: command: celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-strings privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -346,7 +332,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-timesketch" privileged: false replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -355,7 +340,6 @@ workers: command: "celery --app=src.app worker --task-events --concurrency=1 --loglevel=INFO -Q openrelik-worker-yara" privileged: true replicas: 1 - terminationGracePeriodSeconds: 600 env: {} resources: {} nodeSelector: {} @@ -373,6 +357,9 @@ config: ## @param config.gkeAllowList Specify a GKE Autopilot allowlist for OpenRelik privileged workers to use ## gkeAllowList: "openrelik-privileged-workers-v4.0.0" + ## @param config.terminationGracePeriodSeconds The number of seconds to wait before K8s forcefully terminates a OpenRelik worker Pod + ## + terminationGracePeriodSeconds: 600 ## OpenRelik nbd init container configuration for OpenRelik containers that require the nbd module. ## Only enable this container when you need to load the nbd kernel module to the underlying node. ##