diff --git a/.github/workflows/helm-chart-ci-ignore.yaml b/.github/workflows/helm-chart-ci-ignore.yaml index b5e1ef7a5..8a63936bb 100644 --- a/.github/workflows/helm-chart-ci-ignore.yaml +++ b/.github/workflows/helm-chart-ci-ignore.yaml @@ -50,9 +50,9 @@ jobs: strategy: matrix: k8s: - - v1.27.0 - - v1.26.3 - - v1.25.8 + - v1.27.2 + - v1.26.4 + - v1.25.9 values: - ${{ fromJson(needs.build-matrix.outputs.tests) }} diff --git a/.github/workflows/helm-chart-ci.yaml b/.github/workflows/helm-chart-ci.yaml index a41d2e747..6099ba45b 100644 --- a/.github/workflows/helm-chart-ci.yaml +++ b/.github/workflows/helm-chart-ci.yaml @@ -3,7 +3,7 @@ name: Helm Chart CI on: workflow_dispatch: pull_request: - types: [synchronize, opened, reopened, edited] + types: [synchronize, opened, reopened] paths: - 'charts/**' - '.github/workflows/helm-chart-ci.yaml' @@ -19,8 +19,8 @@ concurrency: cancel-in-progress: true env: - HELM_VERSION: v3.11.1 - PYTHON_VERSION: 3.11.2 + HELM_VERSION: v3.12.0 + PYTHON_VERSION: 3.11.3 CHART_TESTING_VERSION: v3.8.0 jobs: @@ -61,7 +61,7 @@ jobs: if [ $res -eq 0 ]; then { echo "## Hardcoded images" - echo + echo echo ":x: These templates were found to be using statically defined images and not overridable ones. Please fix." echo cat /tmp/findings @@ -136,10 +136,10 @@ jobs: # Kubernetes, but can go back farther as long as we don't need heroics # to pull it off (i.e. kubectl version juggling). k8s: - - v1.27.0 - - v1.26.3 - - v1.25.8 - - v1.24.12 + - v1.27.2 + - v1.26.4 + - v1.25.9 + - v1.24.13 - v1.23.17 - v1.22.17 values: diff --git a/charts/spire/Chart.yaml b/charts/spire/Chart.yaml index ff67d9d38..bc7b13dfa 100644 --- a/charts/spire/Chart.yaml +++ b/charts/spire/Chart.yaml @@ -3,7 +3,7 @@ name: spire description: > A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager. type: application -version: 0.8.0 +version: 0.8.1 appVersion: "1.6.4" keywords: ["spiffe", "spire", "spire-server", "spire-agent", "oidc", "spire-controller-manager"] home: https://github.com/spiffe/helm-charts/tree/main/charts/spire diff --git a/charts/spire/README.md b/charts/spire/README.md index 079d710db..0c9bb1345 100644 --- a/charts/spire/README.md +++ b/charts/spire/README.md @@ -2,7 +2,7 @@ -![Version: 0.8.0](https://img.shields.io/badge/Version-0.8.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) +![Version: 0.8.1](https://img.shields.io/badge/Version-0.8.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 1.6.4](https://img.shields.io/badge/AppVersion-1.6.4-informational?style=flat-square) [![Development Phase](https://github.com/spiffe/spiffe/blob/main/.img/maturity/dev.svg)](https://github.com/spiffe/spiffe/blob/main/MATURITY.md#development) A Helm chart for deploying the complete Spire stack including: spire-server, spire-agent, spiffe-csi-driver, spiffe-oidc-discovery-provider and spire-controller-manager. @@ -131,6 +131,8 @@ Now you can interact with the Spire agent socket from your own application. The | spiffe-csi-driver.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) | | spiffe-csi-driver.imagePullSecrets | list | `[]` | | | spiffe-csi-driver.kubeletPath | string | `"/var/lib/kubelet"` | | +| spiffe-csi-driver.livenessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for livenessProbe | +| spiffe-csi-driver.livenessProbe.timeoutSeconds | int | `5` | Timeout value in seconds for livenessProbe | | spiffe-csi-driver.nameOverride | string | `""` | | | spiffe-csi-driver.namespaceOverride | string | `""` | | | spiffe-csi-driver.nodeDriverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | @@ -187,11 +189,15 @@ Now you can interact with the Spire agent socket from your own application. The | spiffe-oidc-discovery-provider.insecureScheme.nginx.image.tag | string | `"1.24.0-alpine"` | Overrides the image tag | | spiffe-oidc-discovery-provider.insecureScheme.nginx.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) | | spiffe-oidc-discovery-provider.insecureScheme.nginx.resources | object | `{}` | | +| spiffe-oidc-discovery-provider.livenessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for livenessProbe | +| spiffe-oidc-discovery-provider.livenessProbe.periodSeconds | int | `5` | Period seconds for livenessProbe | | spiffe-oidc-discovery-provider.nameOverride | string | `""` | | | spiffe-oidc-discovery-provider.namespaceOverride | string | `""` | | | spiffe-oidc-discovery-provider.nodeSelector | object | `{}` | | | spiffe-oidc-discovery-provider.podAnnotations | object | `{}` | | | spiffe-oidc-discovery-provider.podSecurityContext | object | `{}` | | +| spiffe-oidc-discovery-provider.readinessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for readinessProbe | +| spiffe-oidc-discovery-provider.readinessProbe.periodSeconds | int | `5` | Period seconds for readinessProbe | | spiffe-oidc-discovery-provider.replicaCount | int | `1` | | | spiffe-oidc-discovery-provider.resources | object | `{}` | | | spiffe-oidc-discovery-provider.securityContext | object | `{}` | | @@ -229,6 +235,8 @@ Now you can interact with the Spire agent socket from your own application. The | spire-agent.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) | | spire-agent.imagePullSecrets | list | `[]` | | | spire-agent.initContainers | list | `[]` | | +| spire-agent.livenessProbe.initialDelaySeconds | int | `15` | Initial delay seconds for livenessProbe | +| spire-agent.livenessProbe.periodSeconds | int | `60` | Period seconds for livenessProbe | | spire-agent.logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" | | spire-agent.nameOverride | string | `""` | | | spire-agent.namespaceOverride | string | `""` | | @@ -236,6 +244,8 @@ Now you can interact with the Spire agent socket from your own application. The | spire-agent.podAnnotations | object | `{}` | | | spire-agent.podSecurityContext | object | `{}` | | | spire-agent.priorityClassName | string | `""` | Priority class assigned to daemonset pods | +| spire-agent.readinessProbe.initialDelaySeconds | int | `15` | Initial delay seconds for readinessProbe | +| spire-agent.readinessProbe.periodSeconds | int | `60` | Period seconds for readinessProbe | | spire-agent.resources | object | `{}` | | | spire-agent.securityContext | object | `{}` | | | spire-agent.server.address | string | `""` | | @@ -340,6 +350,10 @@ Now you can interact with the Spire agent socket from your own application. The | spire-server.ingress.tls | list | `[]` | | | spire-server.initContainers | list | `[]` | | | spire-server.jwtIssuer | string | `"oidc-discovery.example.org"` | The JWT issuer domain | +| spire-server.livenessProbe.failureThreshold | int | `2` | Failure threshold count for livenessProbe | +| spire-server.livenessProbe.initialDelaySeconds | int | `15` | Initial delay seconds for livenessProbe | +| spire-server.livenessProbe.periodSeconds | int | `60` | Period seconds for livenessProbe | +| spire-server.livenessProbe.timeoutSeconds | int | `3` | Timeout in seconds for livenessProbe | | spire-server.logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" | | spire-server.nameOverride | string | `""` | | | spire-server.namespaceOverride | string | `""` | | @@ -352,6 +366,8 @@ Now you can interact with the Spire agent socket from your own application. The | spire-server.persistence.storageClass | string | `nil` | | | spire-server.podAnnotations | object | `{}` | | | spire-server.podSecurityContext | object | `{}` | | +| spire-server.readinessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for readinessProbe | +| spire-server.readinessProbe.periodSeconds | int | `5` | Period seconds for readinessProbe | | spire-server.replicaCount | int | `1` | SPIRE server currently runs with a sqlite database. Scaling to multiple instances will not work until we use an external database. | | spire-server.resources | object | `{}` | | | spire-server.securityContext | object | `{}` | | @@ -378,6 +394,11 @@ Now you can interact with the Spire agent socket from your own application. The | spire-server.tornjak.service.annotations | object | `{}` | | | spire-server.tornjak.service.port | int | `10000` | | | spire-server.tornjak.service.type | string | `"ClusterIP"` | | +| spire-server.tornjak.startupProbe.failureThreshold | int | `3` | | +| spire-server.tornjak.startupProbe.initialDelaySeconds | int | `5` | Initial delay seconds for | +| spire-server.tornjak.startupProbe.periodSeconds | int | `10` | | +| spire-server.tornjak.startupProbe.successThreshold | int | `1` | | +| spire-server.tornjak.startupProbe.timeoutSeconds | int | `5` | | | spire-server.trustDomain | string | `"example.org"` | Set the trust domain to be used for the SPIFFE identifiers | | spire-server.upstreamAuthority.certManager.enabled | bool | `false` | | | spire-server.upstreamAuthority.certManager.issuer_group | string | `"cert-manager.io"` | | @@ -416,10 +437,10 @@ Now you can interact with the Spire agent socket from your own application. The | tornjak-frontend.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | tornjak-frontend.spireHealthCheck.enabled | bool | `true` | Enables the SPIRE Healthchecker indicator | | tornjak-frontend.startupProbe.enabled | bool | `true` | Enable startupProbe on Tornjak frontend container | -| tornjak-frontend.startupProbe.failureThreshold | int | `6` | Failure threshold for startupProbe | +| tornjak-frontend.startupProbe.failureThreshold | int | `6` | Failure threshold count for startupProbe | | tornjak-frontend.startupProbe.initialDelaySeconds | int | `5` | Initial delay seconds for startupProbe | | tornjak-frontend.startupProbe.periodSeconds | int | `10` | Period seconds for startupProbe | -| tornjak-frontend.startupProbe.successThreshold | int | `1` | Success threshold for startupProbe | +| tornjak-frontend.startupProbe.successThreshold | int | `1` | Success threshold count for startupProbe | | tornjak-frontend.startupProbe.timeoutSeconds | int | `5` | Timeout seconds for startupProbe | | tornjak-frontend.tolerations | list | `[]` | | | tornjak-frontend.topologySpreadConstraints | list | `[]` | | diff --git a/charts/spire/charts/spiffe-csi-driver/README.md b/charts/spire/charts/spiffe-csi-driver/README.md index 20e39c757..1d08183b2 100644 --- a/charts/spire/charts/spiffe-csi-driver/README.md +++ b/charts/spire/charts/spiffe-csi-driver/README.md @@ -23,6 +23,8 @@ A Helm chart to install the SPIFFE CSI driver. | image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) | | imagePullSecrets | list | `[]` | | | kubeletPath | string | `"/var/lib/kubelet"` | | +| livenessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for livenessProbe | +| livenessProbe.timeoutSeconds | int | `5` | Timeout value in seconds for livenessProbe | | nameOverride | string | `""` | | | namespaceOverride | string | `""` | | | nodeDriverRegistrar.image.pullPolicy | string | `"IfNotPresent"` | The image pull policy | diff --git a/charts/spire/charts/spiffe-csi-driver/templates/daemonset.yaml b/charts/spire/charts/spiffe-csi-driver/templates/daemonset.yaml index c926a0ebb..61204d89c 100644 --- a/charts/spire/charts/spiffe-csi-driver/templates/daemonset.yaml +++ b/charts/spire/charts/spiffe-csi-driver/templates/daemonset.yaml @@ -93,8 +93,7 @@ spec: httpGet: path: /healthz port: healthz - initialDelaySeconds: 5 - timeoutSeconds: 5 + {{- toYaml .Values.livenessProbe | nindent 12 }} resources: {{- toYaml .Values.nodeDriverRegistrar.resources | nindent 12 }} volumes: diff --git a/charts/spire/charts/spiffe-csi-driver/values.yaml b/charts/spire/charts/spiffe-csi-driver/values.yaml index c39be0215..563f264b9 100644 --- a/charts/spire/charts/spiffe-csi-driver/values.yaml +++ b/charts/spire/charts/spiffe-csi-driver/values.yaml @@ -27,6 +27,12 @@ resources: {} healthChecks: port: 9809 +livenessProbe: + # -- Initial delay seconds for livenessProbe + initialDelaySeconds: 5 + # -- Timeout value in seconds for livenessProbe + timeoutSeconds: 5 + imagePullSecrets: [] nameOverride: "" namespaceOverride: "" diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/README.md b/charts/spire/charts/spiffe-oidc-discovery-provider/README.md index 6f15a514d..2079babab 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/README.md +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/README.md @@ -51,11 +51,15 @@ A Helm chart to install the SPIFFE OIDC discovery provider. | insecureScheme.nginx.image.tag | string | `"1.24.0-alpine"` | Overrides the image tag | | insecureScheme.nginx.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) | | insecureScheme.nginx.resources | object | `{}` | | +| livenessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for livenessProbe | +| livenessProbe.periodSeconds | int | `5` | Period seconds for livenessProbe | | nameOverride | string | `""` | | | namespaceOverride | string | `""` | | | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | | +| readinessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for readinessProbe | +| readinessProbe.periodSeconds | int | `5` | Period seconds for readinessProbe | | replicaCount | int | `1` | | | resources | object | `{}` | | | securityContext | object | `{}` | | diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/templates/deployment.yaml b/charts/spire/charts/spiffe-oidc-discovery-provider/templates/deployment.yaml index d1804669c..bf40dd955 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/templates/deployment.yaml +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/templates/deployment.yaml @@ -61,14 +61,12 @@ spec: httpGet: path: /ready port: healthz - initialDelaySeconds: 5 - periodSeconds: 5 + {{- toYaml .Values.readinessProbe | nindent 12 }} livenessProbe: httpGet: path: /live port: healthz - initialDelaySeconds: 5 - periodSeconds: 5 + {{- toYaml .Values.livenessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if .Values.insecureScheme.enabled }} diff --git a/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml b/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml index b1e27b844..42d959f0f 100644 --- a/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml +++ b/charts/spire/charts/spiffe-oidc-discovery-provider/values.yaml @@ -54,6 +54,18 @@ securityContext: {} # runAsNonRoot: true # runAsUser: 1000 +readinessProbe: + # -- Initial delay seconds for readinessProbe + initialDelaySeconds: 5 + # -- Period seconds for readinessProbe + periodSeconds: 5 + +livenessProbe: + # -- Initial delay seconds for livenessProbe + initialDelaySeconds: 5 + # -- Period seconds for livenessProbe + periodSeconds: 5 + podAnnotations: {} insecureScheme: diff --git a/charts/spire/charts/spire-agent/README.md b/charts/spire/charts/spire-agent/README.md index ec6a0acd3..25be0e9e7 100644 --- a/charts/spire/charts/spire-agent/README.md +++ b/charts/spire/charts/spire-agent/README.md @@ -29,6 +29,8 @@ A Helm chart to install the SPIRE agent. | image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) | | imagePullSecrets | list | `[]` | | | initContainers | list | `[]` | | +| livenessProbe.initialDelaySeconds | int | `15` | Initial delay seconds for livenessProbe | +| livenessProbe.periodSeconds | int | `60` | Period seconds for livenessProbe | | logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" | | nameOverride | string | `""` | | | namespaceOverride | string | `""` | | @@ -36,6 +38,8 @@ A Helm chart to install the SPIRE agent. | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | | | priorityClassName | string | `""` | Priority class assigned to daemonset pods | +| readinessProbe.initialDelaySeconds | int | `15` | Initial delay seconds for readinessProbe | +| readinessProbe.periodSeconds | int | `60` | Period seconds for readinessProbe | | resources | object | `{}` | | | securityContext | object | `{}` | | | server.address | string | `""` | | diff --git a/charts/spire/charts/spire-agent/templates/daemonset.yaml b/charts/spire/charts/spire-agent/templates/daemonset.yaml index eafbad157..00af61361 100644 --- a/charts/spire/charts/spire-agent/templates/daemonset.yaml +++ b/charts/spire/charts/spire-agent/templates/daemonset.yaml @@ -79,14 +79,12 @@ spec: httpGet: path: /live port: healthz - initialDelaySeconds: 15 - periodSeconds: 60 + {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: httpGet: path: /ready port: healthz - initialDelaySeconds: 15 - periodSeconds: 60 + {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} {{- if gt (len .Values.extraContainers) 0 }} diff --git a/charts/spire/charts/spire-agent/values.yaml b/charts/spire/charts/spire-agent/values.yaml index afd44533c..c237dc4a2 100644 --- a/charts/spire/charts/spire-agent/values.yaml +++ b/charts/spire/charts/spire-agent/values.yaml @@ -80,6 +80,18 @@ healthChecks: # -- override the host port used for health checking port: 9980 +livenessProbe: + # -- Initial delay seconds for livenessProbe + initialDelaySeconds: 15 + # -- Period seconds for livenessProbe + periodSeconds: 60 + +readinessProbe: + # -- Initial delay seconds for readinessProbe + initialDelaySeconds: 15 + # -- Period seconds for readinessProbe + periodSeconds: 60 + waitForIt: image: # -- The OCI registry to pull the image from diff --git a/charts/spire/charts/spire-server/README.md b/charts/spire/charts/spire-server/README.md index ef7fa06e0..9fba830fb 100644 --- a/charts/spire/charts/spire-server/README.md +++ b/charts/spire/charts/spire-server/README.md @@ -96,6 +96,10 @@ A Helm chart to install the SPIRE server. | ingress.tls | list | `[]` | | | initContainers | list | `[]` | | | jwtIssuer | string | `"oidc-discovery.example.org"` | The JWT issuer domain | +| livenessProbe.failureThreshold | int | `2` | Failure threshold count for livenessProbe | +| livenessProbe.initialDelaySeconds | int | `15` | Initial delay seconds for livenessProbe | +| livenessProbe.periodSeconds | int | `60` | Period seconds for livenessProbe | +| livenessProbe.timeoutSeconds | int | `3` | Timeout in seconds for livenessProbe | | logLevel | string | `"info"` | The log level, valid values are "debug", "info", "warn", and "error" | | nameOverride | string | `""` | | | namespaceOverride | string | `""` | | @@ -108,6 +112,8 @@ A Helm chart to install the SPIRE server. | persistence.storageClass | string | `nil` | | | podAnnotations | object | `{}` | | | podSecurityContext | object | `{}` | | +| readinessProbe.initialDelaySeconds | int | `5` | Initial delay seconds for readinessProbe | +| readinessProbe.periodSeconds | int | `5` | Period seconds for readinessProbe | | replicaCount | int | `1` | SPIRE server currently runs with a sqlite database. Scaling to multiple instances will not work until we use an external database. | | resources | object | `{}` | | | securityContext | object | `{}` | | @@ -134,6 +140,11 @@ A Helm chart to install the SPIRE server. | tornjak.service.annotations | object | `{}` | | | tornjak.service.port | int | `10000` | | | tornjak.service.type | string | `"ClusterIP"` | | +| tornjak.startupProbe.failureThreshold | int | `3` | | +| tornjak.startupProbe.initialDelaySeconds | int | `5` | Initial delay seconds for | +| tornjak.startupProbe.periodSeconds | int | `10` | | +| tornjak.startupProbe.successThreshold | int | `1` | | +| tornjak.startupProbe.timeoutSeconds | int | `5` | | | trustDomain | string | `"example.org"` | Set the trust domain to be used for the SPIFFE identifiers | | upstreamAuthority.certManager.enabled | bool | `false` | | | upstreamAuthority.certManager.issuer_group | string | `"cert-manager.io"` | | diff --git a/charts/spire/charts/spire-server/templates/statefulset.yaml b/charts/spire/charts/spire-server/templates/statefulset.yaml index e76def00a..bb3cc7899 100644 --- a/charts/spire/charts/spire-server/templates/statefulset.yaml +++ b/charts/spire/charts/spire-server/templates/statefulset.yaml @@ -87,16 +87,12 @@ spec: httpGet: path: /live port: healthz - failureThreshold: 2 - initialDelaySeconds: 15 - periodSeconds: 60 - timeoutSeconds: 3 + {{- toYaml .Values.livenessProbe | nindent 12 }} readinessProbe: httpGet: path: /ready port: healthz - initialDelaySeconds: 5 - periodSeconds: 5 + {{- toYaml .Values.readinessProbe | nindent 12 }} resources: {{- toYaml .Values.resources | nindent 12 }} volumeMounts: @@ -168,11 +164,7 @@ spec: httpGet: scheme: HTTP port: 10000 - failureThreshold: 3 - initialDelaySeconds: 5 - periodSeconds: 10 - successThreshold: 1 - timeoutSeconds: 5 + {{- toYaml .Values.tornjak.startupProbe | nindent 12 }} args: - --spire-config - /run/spire/config/server.conf diff --git a/charts/spire/charts/spire-server/values.yaml b/charts/spire/charts/spire-server/values.yaml index 48e95ef16..ebe31a598 100644 --- a/charts/spire/charts/spire-server/values.yaml +++ b/charts/spire/charts/spire-server/values.yaml @@ -81,6 +81,22 @@ affinity: {} topologySpreadConstraints: [] +livenessProbe: + # -- Failure threshold count for livenessProbe + failureThreshold: 2 + # -- Initial delay seconds for livenessProbe + initialDelaySeconds: 15 + # -- Period seconds for livenessProbe + periodSeconds: 60 + # -- Timeout in seconds for livenessProbe + timeoutSeconds: 3 + +readinessProbe: + # -- Initial delay seconds for readinessProbe + initialDelaySeconds: 5 + # -- Period seconds for readinessProbe + periodSeconds: 5 + persistence: size: 1Gi accessMode: ReadWriteOnce @@ -326,6 +342,15 @@ tornjak: type: ClusterIP port: 10000 annotations: {} + + startupProbe: + failureThreshold: 3 + # -- Initial delay seconds for + initialDelaySeconds: 5 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 5 + config: # -- persistent DB for storing Tornjak specific information dataStore: diff --git a/charts/spire/charts/tornjak-frontend/README.md b/charts/spire/charts/tornjak-frontend/README.md index 2bbeeae1e..bb2af0ab6 100644 --- a/charts/spire/charts/tornjak-frontend/README.md +++ b/charts/spire/charts/tornjak-frontend/README.md @@ -72,10 +72,10 @@ port forwarding. See the chart NOTES output for more details. | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | | spireHealthCheck.enabled | bool | `true` | Enables the SPIRE Healthchecker indicator | | startupProbe.enabled | bool | `true` | Enable startupProbe on Tornjak frontend container | -| startupProbe.failureThreshold | int | `6` | Failure threshold for startupProbe | +| startupProbe.failureThreshold | int | `6` | Failure threshold count for startupProbe | | startupProbe.initialDelaySeconds | int | `5` | Initial delay seconds for startupProbe | | startupProbe.periodSeconds | int | `10` | Period seconds for startupProbe | -| startupProbe.successThreshold | int | `1` | Success threshold for startupProbe | +| startupProbe.successThreshold | int | `1` | Success threshold count for startupProbe | | startupProbe.timeoutSeconds | int | `5` | Timeout seconds for startupProbe | | tolerations | list | `[]` | | | topologySpreadConstraints | list | `[]` | | diff --git a/charts/spire/charts/tornjak-frontend/templates/deployment.yaml b/charts/spire/charts/tornjak-frontend/templates/deployment.yaml index 180f90be5..e4449b2c7 100644 --- a/charts/spire/charts/tornjak-frontend/templates/deployment.yaml +++ b/charts/spire/charts/tornjak-frontend/templates/deployment.yaml @@ -28,6 +28,13 @@ spec: imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} + command: + - /bin/sh + - -c + - | + ln -s /tmp/env.js build/env.js + npx react-inject-env set -n /tmp/env.js + serve -s build -p $PORT_FE ports: - name: http containerPort: 3000 @@ -52,7 +59,7 @@ spec: {{- end }} volumeMounts: - name: cache - mountPath: /usr/src/app/ + mountPath: /usr/src/app/node_modules/.cache {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/spire/charts/tornjak-frontend/values.yaml b/charts/spire/charts/tornjak-frontend/values.yaml index 60eddbd6f..ac574899b 100644 --- a/charts/spire/charts/tornjak-frontend/values.yaml +++ b/charts/spire/charts/tornjak-frontend/values.yaml @@ -84,7 +84,7 @@ startupProbe: periodSeconds: 10 # -- Timeout seconds for startupProbe timeoutSeconds: 5 - # -- Failure threshold for startupProbe + # -- Failure threshold count for startupProbe failureThreshold: 6 - # -- Success threshold for startupProbe + # -- Success threshold count for startupProbe successThreshold: 1 diff --git a/charts/spire/templates/_spire-lib.tpl b/charts/spire/templates/_spire-lib.tpl index eac22981e..7fca6ef07 100644 --- a/charts/spire/templates/_spire-lib.tpl +++ b/charts/spire/templates/_spire-lib.tpl @@ -32,9 +32,9 @@ {{- define "spire-lib.registry" }} {{- if ne (len (dig "spire" "image" "registry" "" .global)) 0 }} -{{- .global.spire.image.registry }} -{{- else }} -{{- .image.registry }} +{{- print .global.spire.image.registry "/"}} +{{- else if ne (len (.image.registry)) 0 }} +{{- print .image.registry "/"}} {{- end }} {{- end }} @@ -45,11 +45,11 @@ {{- if eq (substr 0 7 $tag) "sha256:" }} {{- printf "%s/%s@%s" $registry $repo $tag }} {{- else if .appVersion }} -{{- printf "%s/%s:%s" $registry $repo (default .appVersion $tag) }} +{{- printf "%s%s:%s" $registry $repo (default .appVersion $tag) }} {{- else if $tag }} -{{- printf "%s/%s:%s" $registry $repo $tag }} +{{- printf "%s%s:%s" $registry $repo $tag }} {{- else }} -{{- printf "%s/%s" $registry $repo }} +{{- printf "%s%s" $registry $repo }} {{- end }} {{- end }}