903d952854
## Description Hardcoded image reference was missed in the previous Bitnami image fix. see: https://github.com/bitnami/charts/issues/35256 Fixes #`Issue Number` _or_ Fixes `Issue URL` > [!WARNING] > _If no issue exists, please create an issue first, and check with the maintainers if the issue is valid._ ## Automation /ok-to-test tags="" ### 🔍 Cypress test results <!-- This is an auto-generated comment: Cypress test results --> > [!CAUTION] > If you modify the content in this section, you are likely to disrupt the CI result for your PR. <!-- end of auto-generated comment: Cypress test results --> ## Communication Should the DevRel and Marketing teams inform users about this change? - [ ] Yes - [ ] No <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit - New Features - Init container images for Redis, MongoDB, and PostgreSQL now respect chart values for registry, repository, and tag, allowing customization and private registry support. Defaults are no longer hardcoded; behavior for explicitly provided custom images remains unchanged. This helps with compliance, air-gapped deployments, and consistency. - Chores - Bumped Helm chart to 3.6.5. <!-- end of auto-generated comment: release notes by coderabbit.ai -->
213 lines
8.9 KiB
YAML
213 lines
8.9 KiB
YAML
{{- $updateStrategy := .Values.updateStrategy | default dict }}
|
|
{{- $postgresuser := .Values.postgresql.auth.username }}
|
|
{{- $postgrespass := .Values.postgresql.auth.password }}
|
|
{{- $postgrespass := .Values.postgresql.auth.password }}
|
|
{{- $releaseName := include "appsmith.fullname" . -}}
|
|
apiVersion: apps/v1
|
|
kind: {{ if not .Values.autoscaling.enabled }}StatefulSet{{- else }}Deployment{{- end }}
|
|
metadata:
|
|
name: {{ include "appsmith.fullname" . }}
|
|
namespace: {{ include "appsmith.namespace" . }}
|
|
labels:
|
|
{{- include "appsmith.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- if not .Values.autoscaling.enabled }}
|
|
replicas: 1
|
|
serviceName: {{ include "appsmith.fullname" . }}
|
|
updateStrategy:
|
|
{{- else }}
|
|
strategy:
|
|
type: {{ .Values.strategyType | default "RollingUpdate" }}
|
|
rollingUpdate:
|
|
maxSurge: {{ dig "maxSurge" 1 $updateStrategy }}
|
|
maxUnavailable: {{ dig "maxUnavailable" "0" $updateStrategy }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "appsmith.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "appsmith.selectorLabels" . | nindent 8 }}
|
|
{{- if .Values.podLabels }}
|
|
{{- toYaml .Values.podLabels | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.topologySpreadConstraints }}
|
|
topologySpreadConstraints:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.schedulerName }}
|
|
schedulerName: {{ .Values.schedulerName | quote }}
|
|
{{- end }}
|
|
serviceAccountName: {{ template "appsmith.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
initContainers:
|
|
{{- if .Values.redis.enabled }}
|
|
- name: redis-init-container
|
|
{{- if ((.Values.initContainer.redis).image) }}
|
|
image: {{ .Values.initContainer.redis.image }}
|
|
{{- else }}
|
|
image: "{{ .Values.redis.image.registry }}/{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"
|
|
{{- end }}
|
|
command: ['sh', '-c', "until redis-cli -h {{.Release.Name}}-redis-master.{{.Release.Namespace}}.svc.cluster.local ping ; do echo waiting for redis; sleep 2; done"]
|
|
{{- end }}
|
|
{{- if .Values.mongodb.enabled }}
|
|
- name: mongo-init-container
|
|
{{- if ((.Values.initContainer.mongodb).image) }}
|
|
image: {{ .Values.initContainer.mongodb.image }}
|
|
{{- else }}
|
|
image: "{{ .Values.mongodb.image.registry }}/{{ .Values.mongodb.image.repository }}:{{ .Values.mongodb.image.tag }}"
|
|
{{- end }}
|
|
command: ['sh', '-c', "until mongosh --host appsmith-mongodb.{{.Release.Namespace}}.svc.cluster.local --eval 'db.runCommand({ping:1})' ; do echo waiting for mongo; sleep 2; done"]
|
|
{{- end }}
|
|
{{- if .Values.postgresql.enabled }}
|
|
- name: psql-init-container
|
|
{{- if ((.Values.initContainer.postgresql).image) }}
|
|
image: {{ .Values.initContainer.postgresql.image }}
|
|
{{- else}}
|
|
image: "{{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }}"
|
|
{{- end}}
|
|
command: ['sh', '-c', "until pg_isready -U $postgresuser -d $postgresdb -h {{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local; do echo waiting for postgresql; sleep 2; done"]
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Values.containerName }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
{{- $customImage := .Values._image | default dict }}
|
|
image: {{ dig "registry" "index.docker.io" $customImage }}/{{ dig "repository" "appsmith/appsmith-ee" $customImage }}:{{ dig "tag" (.Values.image.tag | default "latest") $customImage }}
|
|
imagePullPolicy: {{ dig "pullPolicy" "IfNotPresent" $customImage }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.HTTPContainerPort | default 80 }}
|
|
protocol: TCP
|
|
- name: https
|
|
containerPort: 443
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: {{ .Values.metrics.port }}
|
|
protocol: TCP
|
|
{{- $probes := .Values.probes | default dict }}
|
|
startupProbe:
|
|
# The `livenessProbe` and `readinessProbe` will be disabled until the `startupProbe` is successful.
|
|
httpGet:
|
|
port: {{ dig "startupProbe" "port" "80" $probes }}
|
|
path: {{ dig "startupProbe" "api" "/api/v1/health" $probes }}
|
|
failureThreshold: {{ dig "startupProbe" "failureThreshold" 3 $probes }}
|
|
periodSeconds: {{ dig "startupProbe" "periodSeconds" 60 $probes }}
|
|
livenessProbe:
|
|
httpGet:
|
|
port: {{ dig "livenessProbe" "port" "80" $probes }}
|
|
path: {{ dig "livenessProbe" "api" "/api/v1/health" $probes }}
|
|
failureThreshold: {{ dig "livenessProbe" "failureThreshold" 3 $probes }}
|
|
periodSeconds: {{ dig "livenessProbe" "periodSeconds" 60 $probes }}
|
|
readinessProbe:
|
|
httpGet:
|
|
port: {{ dig "readinessProbe" "port" "80" $probes }}
|
|
path: {{ dig "readinessProbe" "api" "/api/v1/health" $probes }}
|
|
failureThreshold: {{ dig "readinessProbe" "failureThreshold" 3 $probes }}
|
|
periodSeconds: {{ dig "readinessProbe" "periodSeconds" 60 $probes }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /appsmith-stacks
|
|
{{- if .Values.customCAcert }}
|
|
- name: ca-cert
|
|
mountPath: "/appsmith-stacks/ca-certs"
|
|
{{- end }}
|
|
env:
|
|
{{- if .Values.HTTPContainerPort }}
|
|
- name: PORT
|
|
value: "{{ .Values.HTTPContainerPort }}"
|
|
{{- end }}
|
|
- name: APPSMITH_ENABLE_EMBEDDED_DB
|
|
value: "0"
|
|
- name: JGROUPS_DISCOVERY_PROTOCOL
|
|
value: kubernetes.KUBE_PING
|
|
- name: APPSMITH_HEADLESS_SVC
|
|
value: {{ include "appsmith.fullname" . }}-headless
|
|
{{- if .Values.securityContext.runAsUser | default nil }}
|
|
# ensure the interactive shell when connected via kubectl exec is set
|
|
- name: LD_PRELOAD
|
|
value: /usr/local/lib/libnss_wrapper.so
|
|
{{- end }}
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ include "appsmith.fullname" . }}
|
|
{{- if .Values.secretName }}
|
|
- secretRef:
|
|
name: {{ .Values.secretName }}
|
|
{{- end }}
|
|
{{- if .Values.secrets }}
|
|
- secretRef:
|
|
name: {{ include "appsmith.fullname" . }}
|
|
{{- end }}
|
|
{{- if .Values.externalSecrets.enabled }}
|
|
- secretRef:
|
|
name: "{{ include "appsmith.fullname" . }}-external-secret"
|
|
{{- end }}
|
|
{{- if .Values.image.pullSecrets}}
|
|
imagePullSecrets:
|
|
- name: {{ .Values.image.pullSecrets }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- if .Values.customCAcert }}
|
|
- name: ca-cert
|
|
configMap:
|
|
name: {{ $releaseName }}-trustedca
|
|
items:
|
|
{{- range $key, $value := .Values.customCAcert }}
|
|
- key: {{ $key }}
|
|
path: {{ $key }}.crt
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if not .Values.persistence.enabled }}
|
|
- name: data
|
|
emptyDir: {}
|
|
{{- else if and (not .Values.autoscaling.enabled) (.Values.persistence.enabled) }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: data
|
|
{{- if .Values.persistence.annotations}}
|
|
annotations:
|
|
{{- include "tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
|
|
{{- end }}
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.persistence.size | quote }}
|
|
{{- if .Values.persistence.volumeClaimTemplates.selector }}
|
|
selector:
|
|
{{- include "tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}
|
|
{{- end }}
|
|
{{ include "storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
|
|
{{- else }}
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
{{- if .Values.persistence.existingClaim.enabled }}
|
|
claimName: {{ .Values.persistence.existingClaim.claimName }}
|
|
{{- else }}
|
|
claimName: {{ include "appsmith.fullname" . }}
|
|
{{- end }}
|
|
{{- end }}
|