8cd827754f
<!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit ## Release Notes - **New Features** - Enhanced support for PostgreSQL and OpenID Connect (OIDC) authentication in the Helm chart. - Introduced a new template for managing external secrets and a dedicated service for metrics. - Added Horizontal Pod Autoscaler (HPA) and Pod Disruption Budget (PDB) configurations. - New configuration options for custom Certificate Authority (CA) certificates. - **Improvements** - Updated application version and dependencies for better organization and readability. - Expanded configuration options for Redis, MongoDB, and PostgreSQL, allowing for improved customization. - Enhanced deployment configuration with dynamic scaling capabilities. - **Bug Fixes** - Improved error handling for configuration misalignments to prevent runtime issues. - **Documentation** - Updated README and values.yaml to reflect new configuration parameters and options. <!-- end of auto-generated comment: release notes by coderabbit.ai --> <!-- This is an auto-generated comment: Cypress test results --> > [!WARNING] > Tests have not run on the HEAD 0e76b6af34501ed646ea840af22786b33426c9fe yet > <hr>Tue, 31 Dec 2024 12:31:29 UTC <!-- end of auto-generated comment: Cypress test results -->
208 lines
8.4 KiB
YAML
208 lines
8.4 KiB
YAML
{{- $updateStrategy := .Values.updateStrategy | default dict }}
|
|
{{- $postgresuser := .Values.postgresql.auth.username }}
|
|
{{- $postgrespass := .Values.postgresql.auth.password }}
|
|
{{- $postgrespass := .Values.postgresql.auth.password }}
|
|
{{- $releaseName := include "appsmith.fullname" . -}}
|
|
apiVersion: apps/v1
|
|
kind: {{ if not .Values.autoscaling.enabled }}StatefulSet{{- else }}Deployment{{- end }}
|
|
metadata:
|
|
name: {{ include "appsmith.fullname" . }}
|
|
namespace: {{ include "appsmith.namespace" . }}
|
|
labels:
|
|
{{- include "appsmith.labels" . | nindent 4 }}
|
|
spec:
|
|
{{- if not .Values.autoscaling.enabled }}
|
|
replicas: 1
|
|
serviceName: {{ include "appsmith.fullname" . }}
|
|
updateStrategy:
|
|
{{- else }}
|
|
strategy:
|
|
type: {{ .Values.strategyType | default "RollingUpdate" }}
|
|
rollingUpdate:
|
|
maxSurge: {{ dig "maxSurge" 1 $updateStrategy }}
|
|
maxUnavailable: {{ dig "maxUnavailable" "0" $updateStrategy }}
|
|
{{- end }}
|
|
selector:
|
|
matchLabels:
|
|
{{- include "appsmith.selectorLabels" . | nindent 6 }}
|
|
template:
|
|
metadata:
|
|
{{- with .Values.podAnnotations }}
|
|
annotations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
labels:
|
|
{{- include "appsmith.selectorLabels" . | nindent 8 }}
|
|
{{- if .Values.podLabels }}
|
|
{{- toYaml .Values.podLabels | nindent 8 }}
|
|
{{- end }}
|
|
spec:
|
|
{{- with .Values.topologySpreadConstraints }}
|
|
topologySpreadConstraints:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- if .Values.schedulerName }}
|
|
schedulerName: {{ .Values.schedulerName | quote }}
|
|
{{- end }}
|
|
serviceAccountName: {{ template "appsmith.serviceAccountName" . }}
|
|
securityContext:
|
|
{{- toYaml .Values.podSecurityContext | nindent 8 }}
|
|
{{- with .Values.nodeSelector }}
|
|
nodeSelector:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.affinity }}
|
|
affinity:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
{{- with .Values.tolerations }}
|
|
tolerations:
|
|
{{- toYaml . | nindent 8 }}
|
|
{{- end }}
|
|
initContainers:
|
|
{{- if .Values.redis.enabled }}
|
|
- name: redis-init-container
|
|
{{- if ((.Values.initContainer.redis).image) }}
|
|
image: {{ .Values.initContainer.redis.image }}
|
|
{{- else }}
|
|
image: "docker.io/bitnami/redis:7.0.13-debian-11-r10"
|
|
{{- end }}
|
|
command: ['sh', '-c', "until redis-cli -h {{.Release.Name}}-redis-master.{{.Release.Namespace}}.svc.cluster.local ping ; do echo waiting for redis; sleep 2; done"]
|
|
{{- end }}
|
|
{{- if .Values.mongodb.enabled }}
|
|
- name: mongo-init-container
|
|
{{- if ((.Values.initContainer.mongodb).image) }}
|
|
image: {{ .Values.initContainer.mongodb.image }}
|
|
{{- else }}
|
|
image: "docker.io/bitnami/mongodb:6.0.13"
|
|
{{- end }}
|
|
command: ['sh', '-c', "until mongosh --host appsmith-mongodb.{{.Release.Namespace}}.svc.cluster.local --eval 'db.runCommand({ping:1})' ; do echo waiting for mongo; sleep 2; done"]
|
|
{{- end }}
|
|
{{- if .Values.postgresql.enabled }}
|
|
- name: psql-init-container
|
|
{{- if ((.Values.initContainer.postgresql).image) }}
|
|
image: {{ .Values.initContainer.postgresql.image }}
|
|
{{- else}}
|
|
image: docker.io/bitnami/postgresql:14.5.0-debian-11-r21
|
|
{{- end}}
|
|
command: ['sh', '-c', "until pg_isready -U $postgresuser -d $postgresdb -h {{.Release.Name}}-postgresql.{{.Release.Namespace}}.svc.cluster.local; do echo waiting for postgresql; sleep 2; done"]
|
|
{{- end }}
|
|
containers:
|
|
- name: {{ .Values.containerName }}
|
|
securityContext:
|
|
{{- toYaml .Values.securityContext | nindent 12 }}
|
|
{{- $customImage := .Values._image | default dict }}
|
|
image: {{ dig "registry" "index.docker.io" $customImage }}/{{ dig "repository" "appsmith/appsmith-ee" $customImage }}:{{ dig "tag" (.Values.image.tag | default "latest") $customImage }}
|
|
imagePullPolicy: {{ dig "pullPolicy" "IfNotPresent" $customImage }}
|
|
ports:
|
|
- name: http
|
|
containerPort: {{ .Values.HTTPContainerPort | default 80 }}
|
|
protocol: TCP
|
|
- name: https
|
|
containerPort: 443
|
|
protocol: TCP
|
|
- name: metrics
|
|
containerPort: {{ .Values.metrics.port }}
|
|
protocol: TCP
|
|
{{- $probes := .Values.probes | default dict }}
|
|
startupProbe:
|
|
# The `livenessProbe` and `readinessProbe` will be disabled until the `startupProbe` is successful.
|
|
httpGet:
|
|
port: {{ dig "startupProbe" "port" "80" $probes }}
|
|
path: {{ dig "startupProbe" "api" "/api/v1/health" $probes }}
|
|
failureThreshold: {{ dig "startupProbe" "failureThreshold" 3 $probes }}
|
|
periodSeconds: {{ dig "startupProbe" "periodSeconds" 60 $probes }}
|
|
livenessProbe:
|
|
httpGet:
|
|
port: {{ dig "livenessProbe" "port" "80" $probes }}
|
|
path: {{ dig "livenessProbe" "api" "/api/v1/health" $probes }}
|
|
failureThreshold: {{ dig "livenessProbe" "failureThreshold" 3 $probes }}
|
|
periodSeconds: {{ dig "livenessProbe" "periodSeconds" 60 $probes }}
|
|
readinessProbe:
|
|
httpGet:
|
|
port: {{ dig "readinessProbe" "port" "80" $probes }}
|
|
path: {{ dig "readinessProbe" "api" "/api/v1/health" $probes }}
|
|
failureThreshold: {{ dig "readinessProbe" "failureThreshold" 3 $probes }}
|
|
periodSeconds: {{ dig "readinessProbe" "periodSeconds" 60 $probes }}
|
|
resources:
|
|
{{- toYaml .Values.resources | nindent 12 }}
|
|
volumeMounts:
|
|
- name: data
|
|
mountPath: /appsmith-stacks
|
|
{{- if .Values.customCAcert }}
|
|
- name: ca-cert
|
|
mountPath: "/appsmith-stacks/ca-certs"
|
|
{{- end }}
|
|
env:
|
|
{{- if .Values.HTTPContainerPort }}
|
|
- name: PORT
|
|
value: "{{ .Values.HTTPContainerPort }}"
|
|
{{- end }}
|
|
- name: APPSMITH_ENABLE_EMBEDDED_DB
|
|
value: "0"
|
|
- name: JGROUPS_DISCOVERY_PROTOCOL
|
|
value: kubernetes.KUBE_PING
|
|
- name: APPSMITH_HEADLESS_SVC
|
|
value: {{ include "appsmith.fullname" . }}-headless
|
|
envFrom:
|
|
- configMapRef:
|
|
name: {{ include "appsmith.fullname" . }}
|
|
{{- if .Values.secretName }}
|
|
- secretRef:
|
|
name: {{ .Values.secretName }}
|
|
{{- end }}
|
|
{{- if .Values.secrets }}
|
|
- secretRef:
|
|
name: {{ include "appsmith.fullname" . }}
|
|
{{- end }}
|
|
{{- if .Values.externalSecrets.enabled }}
|
|
- secretRef:
|
|
name: "{{ include "appsmith.fullname" . }}-external-secret"
|
|
{{- end }}
|
|
{{- if .Values.image.pullSecrets}}
|
|
imagePullSecrets:
|
|
- name: {{ .Values.image.pullSecrets }}
|
|
{{- end }}
|
|
volumes:
|
|
{{- if .Values.customCAcert }}
|
|
- name: ca-cert
|
|
configMap:
|
|
name: {{ $releaseName }}-trustedca
|
|
items:
|
|
{{- range $key, $value := .Values.customCAcert }}
|
|
- key: {{ $key }}
|
|
path: {{ $key }}.crt
|
|
{{- end }}
|
|
{{- end }}
|
|
{{- if not .Values.persistence.enabled }}
|
|
- name: data
|
|
emptyDir: {}
|
|
{{- else if and (not .Values.autoscaling.enabled) (.Values.persistence.enabled) }}
|
|
volumeClaimTemplates:
|
|
- metadata:
|
|
name: data
|
|
{{- if .Values.persistence.annotations}}
|
|
annotations:
|
|
{{- include "tplvalues.render" (dict "value" .Values.persistence.annotations "context" $) | nindent 10 }}
|
|
{{- end }}
|
|
spec:
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
resources:
|
|
requests:
|
|
storage: {{ .Values.persistence.size | quote }}
|
|
{{- if .Values.persistence.volumeClaimTemplates.selector }}
|
|
selector:
|
|
{{- include "tplvalues.render" (dict "value" .Values.persistence.volumeClaimTemplates.selector "context" $) | nindent 10 }}
|
|
{{- end }}
|
|
{{ include "storage.class" (dict "persistence" .Values.persistence "global" .Values.global) | nindent 8 }}
|
|
{{- else }}
|
|
- name: data
|
|
persistentVolumeClaim:
|
|
{{- if .Values.persistence.existingClaim.enabled }}
|
|
claimName: {{ .Values.persistence.existingClaim.claimName }}
|
|
{{- else }}
|
|
claimName: {{ include "appsmith.fullname" . }}
|
|
{{- end }}
|
|
{{- end }}
|