From cc0ffbe3a5c1ade999ea594266b91d809148a0db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sergio=20Casta=C3=B1o=20Arteaga?= Date: Wed, 29 Oct 2025 18:07:38 +0100 Subject: [PATCH] Prepare chart for migration to OCI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Sergio CastaƱo Arteaga --- .ct.yaml | 3 +- charts/gitvote/Chart.yaml | 6 +-- charts/gitvote/templates/_helpers.tpl | 10 ++++ charts/gitvote/templates/dbmigrator_job.yaml | 8 ++++ .../gitvote/templates/dbmigrator_secret.yaml | 1 + .../gitvote/templates/gitvote_deployment.yaml | 16 +++++++ charts/gitvote/templates/gitvote_ingress.yaml | 2 +- charts/gitvote/templates/gitvote_service.yaml | 15 ++++-- charts/gitvote/values.yaml | 46 +++++++++++++++---- 9 files changed, 89 insertions(+), 18 deletions(-) diff --git a/.ct.yaml b/.ct.yaml index 952b8b0..db66cee 100644 --- a/.ct.yaml +++ b/.ct.yaml @@ -1,3 +1,4 @@ helm-extra-args: --timeout 180s chart-repos: - - stable=https://charts.helm.sh/stable + - bitnami=https://charts.bitnami.com/bitnami +validate-maintainers: false diff --git a/charts/gitvote/Chart.yaml b/charts/gitvote/Chart.yaml index 9c7b605..f01a737 100644 --- a/charts/gitvote/Chart.yaml +++ b/charts/gitvote/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: gitvote description: GitVote is a GitHub application that allows holding a vote on issues and pull requests type: application -version: 1.5.0 +version: 1.5.1-0 appVersion: 1.5.0 kubeVersion: ">= 1.19.0-0" home: https://gitvote.dev @@ -18,8 +18,8 @@ maintainers: email: cynthiasg@icloud.com dependencies: - name: postgresql - version: 8.2.1 - repository: https://charts.helm.sh/stable + version: 18.0.15 + repository: https://charts.bitnami.com/bitnami condition: postgresql.enabled annotations: artifacthub.io/category: skip-prediction diff --git a/charts/gitvote/templates/_helpers.tpl b/charts/gitvote/templates/_helpers.tpl index be1c447..e32a4cc 100644 --- a/charts/gitvote/templates/_helpers.tpl +++ b/charts/gitvote/templates/_helpers.tpl @@ -79,8 +79,13 @@ longest resource name ("dbmigrator-install" = 18 chars). Provide an init container to verify the database is accessible */}} {{- define "chart.checkDbIsReadyInitContainer" -}} +{{- $securityContext := default (dict) .Values.checkDbIsReadyInitContainer.securityContext }} name: check-db-ready +{{ if .Values.postgresql.image.registry -}} +image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} +{{- else }} image: {{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} +{{- end }} imagePullPolicy: {{ .Values.pullPolicy }} env: - name: PGHOST @@ -89,5 +94,10 @@ env: value: "{{ .Values.db.port }}" - name: PGUSER value: "{{ .Values.db.user }}" +{{- if $securityContext }} +securityContext:{{- toYaml $securityContext | nindent 2 }} +{{- else }} +securityContext: {} +{{- end }} command: ['sh', '-c', 'until pg_isready; do echo waiting for database; sleep 2; done;'] {{- end -}} diff --git a/charts/gitvote/templates/dbmigrator_job.yaml b/charts/gitvote/templates/dbmigrator_job.yaml index 99a525a..1fbb9a8 100644 --- a/charts/gitvote/templates/dbmigrator_job.yaml +++ b/charts/gitvote/templates/dbmigrator_job.yaml @@ -13,6 +13,10 @@ metadata: spec: template: spec: + {{- with .Values.dbmigrator.job.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -24,6 +28,10 @@ spec: - name: dbmigrator image: {{ .Values.dbmigrator.job.image.repository }}:{{ .Values.imageTag | default (printf "v%s" .Chart.AppVersion) }} imagePullPolicy: {{ .Values.pullPolicy }} + {{- with .Values.dbmigrator.job.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} env: - name: TERN_CONF value: {{ .Values.configDir }}/tern.conf diff --git a/charts/gitvote/templates/dbmigrator_secret.yaml b/charts/gitvote/templates/dbmigrator_secret.yaml index 9411446..edc1e3a 100644 --- a/charts/gitvote/templates/dbmigrator_secret.yaml +++ b/charts/gitvote/templates/dbmigrator_secret.yaml @@ -11,3 +11,4 @@ stringData: database = {{ .Values.db.dbname }} user = {{ .Values.db.user }} password = {{ .Values.db.password }} + sslmode = prefer diff --git a/charts/gitvote/templates/gitvote_deployment.yaml b/charts/gitvote/templates/gitvote_deployment.yaml index df412c4..611f4ea 100644 --- a/charts/gitvote/templates/gitvote_deployment.yaml +++ b/charts/gitvote/templates/gitvote_deployment.yaml @@ -17,6 +17,10 @@ spec: app.kubernetes.io/component: gitvote {{- include "chart.selectorLabels" . | nindent 8 }} spec: + {{- with .Values.gitvote.deploy.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -32,12 +36,20 @@ spec: {{ $kubectlImageVersion := ternary "1.33" $kubeVersion (semverCompare ">=1.34.0-0" (printf "%s.0" $kubeVersion)) }} image: "docker.io/bitnamilegacy/kubectl:{{ $kubectlImageVersion }}" imagePullPolicy: IfNotPresent + {{- with .Values.checkDbIsReadyInitContainer.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} command: ['kubectl', 'wait', '--namespace={{ .Release.Namespace }}', '--for=condition=complete', 'job/{{ include "chart.resourceNamePrefix" . }}dbmigrator-install', '--timeout=60s'] {{- end }} containers: - name: gitvote image: {{ .Values.gitvote.deploy.image.repository }}:{{ .Values.imageTag | default (printf "v%s" .Chart.AppVersion) }} imagePullPolicy: {{ .Values.pullPolicy }} + {{- with .Values.gitvote.deploy.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: - name: gitvote-config mountPath: {{ .Values.configDir | quote }} @@ -46,6 +58,10 @@ spec: - name: http containerPort: 9000 protocol: TCP + {{- with .Values.gitvote.deploy.readinessProbe }} + readinessProbe: + {{- toYaml . | nindent 12 }} + {{- end }} resources: {{- toYaml .Values.gitvote.deploy.resources | nindent 12 }} command: ['gitvote', '-c', '{{ .Values.configDir }}/gitvote.yml'] diff --git a/charts/gitvote/templates/gitvote_ingress.yaml b/charts/gitvote/templates/gitvote_ingress.yaml index fcde14d..2c4c80f 100644 --- a/charts/gitvote/templates/gitvote_ingress.yaml +++ b/charts/gitvote/templates/gitvote_ingress.yaml @@ -15,7 +15,7 @@ spec: service: name: {{ include "chart.resourceNamePrefix" . }}gitvote port: - number: {{ .Values.gitvote.service.port }} + number: {{ .Values.gitvote.ingress.backendServicePort }} {{- with .Values.gitvote.ingress.rules }} rules: {{- toYaml . | nindent 4 }} diff --git a/charts/gitvote/templates/gitvote_service.yaml b/charts/gitvote/templates/gitvote_service.yaml index 46ce093..b18c193 100644 --- a/charts/gitvote/templates/gitvote_service.yaml +++ b/charts/gitvote/templates/gitvote_service.yaml @@ -5,13 +5,18 @@ metadata: labels: app.kubernetes.io/component: gitvote {{- include "chart.labels" . | nindent 4 }} + {{- with .Values.gitvote.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: - type: {{ .Values.gitvote.service.type }} + {{- $serviceType := default "ClusterIP" .Values.gitvote.service.type }} + {{- if eq $serviceType "LoadBalancer" }} + allocateLoadBalancerNodePorts: {{ .Values.gitvote.service.allocateLoadBalancerNodePorts }} + {{- end }} + type: {{ $serviceType }} ports: - - port: {{ .Values.gitvote.service.port }} - targetPort: http - protocol: TCP - name: http + {{- toYaml .Values.gitvote.service.ports | nindent 4 }} selector: app.kubernetes.io/component: gitvote {{- include "chart.selectorLabels" . | nindent 4 }} diff --git a/charts/gitvote/values.yaml b/charts/gitvote/values.yaml index c1af33c..b843131 100644 --- a/charts/gitvote/values.yaml +++ b/charts/gitvote/values.yaml @@ -18,13 +18,17 @@ fullnameOverride: "" # Directory path where the configuration files should be mounted configDir: "/home/gitvote/.config/gitvote" +# Check database readiness init container configuration +checkDbIsReadyInitContainer: + securityContext: {} + # Database configuration db: host: "" port: "5432" dbname: gitvote - user: postgres - password: postgres + password: gitvote + user: gitvote # Log configuration log: @@ -34,9 +38,11 @@ log: # Database migrator configuration dbmigrator: job: + containerSecurityContext: {} image: # Database migrator image repository (without the tag) repository: ghcr.io/cncf/gitvote/dbmigrator + podSecurityContext: {} # GitVote service configuration gitvote: @@ -62,30 +68,54 @@ gitvote: enabled: true annotations: kubernetes.io/ingress.class: nginx + backendServicePort: 80 rules: [] tls: [] # Service configuration service: + allocateLoadBalancerNodePorts: true + annotations: {} + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 9000 type: NodePort - port: 80 # Deployment configuration deploy: - replicaCount: 1 + containerSecurityContext: {} image: repository: ghcr.io/cncf/gitvote/server + podSecurityContext: {} + readinessProbe: + httpGet: + path: / + port: 9000 + replicaCount: 1 resources: {} # PostgreSQL configuration postgresql: enabled: true + auth: + database: gitvote + password: gitvote + username: gitvote + global: + security: + allowInsecureImages: true image: + registry: docker.io repository: artifacthub/postgres tag: latest persistence: mountPath: /data - postgresqlUsername: postgres - postgresqlPassword: postgres - postgresqlDatabase: gitvote - postgresqlDataDir: /data/pgdata + primary: + extraVolumes: + - name: run + emptyDir: {} + extraVolumeMounts: + - name: run + mountPath: /var/run/postgresql