Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add volumeMounts #305

Merged
merged 8 commits into from
Jan 30, 2025
Merged

feat: Add volumeMounts #305

merged 8 commits into from
Jan 30, 2025

Conversation

rolodato
Copy link
Member

Thanks for submitting a PR! Please check the boxes below:

  • I have filled in the "Changes" section below?
  • I have filled in the "How did you test this code" section below?
  • I have bumped the version number in /charts/flagsmith/Chart.yaml in the section version or I'm merging to a
    release branch

Changes

Closes #278. Adds support for configuring volumeMounts. This is not currently possible with the current chart, and requires manually updating the deployment.

How did you test this code?

Manually using the following values file:

common:
  # Labels to add to all the resources deployed by this chart
  labels: {}
  # Annotations to add to all the resources deployed by this chart
  annotations: {}

api:
  image:
    repository: flagsmith/flagsmith-private-cloud
    tag: latest
    imagePullPolicy: IfNotPresent
    imagePullSecrets: []
  # Note that if setting this to false, need to set
  # api.image.repository to flagsmith/flagsmith (or some other
  # repository hosting the image with combined frontend and backend)
  # and that the image tag exists (for flagsmith/flagsmith, >=2.10.0)
  #
  # Also, note that the ingress and service for the frontend remain
  # (unless explicitly switched off), but both are handled by the api
  # deployment's pods.
  separateApiAndFrontend: true
  replicacount: 1
  deploymentStrategy: null
  podAnnotations: {}
  resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 500Mi
  # requests:
  #   cpu: 300m
  #   memory: 300Mi
  podLabels: {}
  extraEnv: {}
  # extraEnvFromSecret:
  #   NAME:
  #    secretName: mysecret
  #    secretKey: mykey
  extraEnvFromSecret: {}
  # See https://docs.flagsmith.com/deployment/locally-api#creating-a-secret-key
  secretKey: null
  secretKeyFromExistingSecret:
    enabled: false
    name: null
    key: null
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
  defaultPodSecurityContext:
    enabled: true
    # runAsNonRoot: true  # TODO: enable this, conditional on tag semver
    # runAsUser: 1000
    # runAsGroup: 1000
  livenessProbe:
    path: /health
    failureThreshold: 5
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  readinessProbe:
    path: /health
    failureThreshold: 10
    initialDelaySeconds: 1
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  statsd:
    enabled: false
    host: null
    hostFromNodeIp: false
    port: 8125
    prefix: flagsmith.api
  influxdbSetup:
    enabled: false
  extraInitContainers: []
  extraContainers: []
  extraVolumes:
    - name: exports
      emptyDir: {}
  volumeMounts:
    - name: exports
      mountPath: /exports
  logging:
    format: generic # options are generic or json.
  enableMigrateDbInitContainer: true
  bootstrap:
    # Set to `true` to create initial superuser, organisation, and project.
    # If `adminEmail`, `organisationName` or `projectName` not set, defaults are used.
    # Bootstrapping does nothing if app database is not empty.
    enabled: false
    adminEmail: null
    organisationName: null
    projectName: null
    extraSpec: {} # Will be added to `spec` for `flagsmith-api` deployment. 

frontend:
  # Set this to `false` to switch off the frontend (deployment,
  # service and ingress). Set api.separateApiAndFrontend to false to
  # switch off the deployment but retain the service and ingress
  # pointing at the single Docker image that serves both.
  enabled: true
  image:
    repository: flagsmith.docker.scarf.sh/flagsmith/flagsmith-frontend
    tag: null # defaults to .Chart.AppVersion
    imagePullPolicy: IfNotPresent
    imagePullSecrets: []
  replicacount: 1
  deploymentStrategy: null
  resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 500Mi
  # requests:
  #   cpu: 300m
  #   memory: 300Mi
  apiProxy:
    enabled: true
  extraEnv: {}
  extraEnvFromSecret: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
  defaultPodSecurityContext:
    enabled: true
    # runAsNonRoot: true  # TODO: enable this, conditional on tag semver
    # runAsUser: 1000
    # runAsGroup: 1000
  livenessProbe:
    failureThreshold: 20
    initialDelaySeconds: 20
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 10
  readinessProbe:
    failureThreshold: 20
    initialDelaySeconds: 20
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 10
  extraInitContainers: []
  extraContainers: []
  extraVolumes: []
  extraSpec: {} # Will be added to `spec` for `flagsmith-frontend` deployment. 

# See https://docs.flagsmith.com/deployment/task-processor
taskProcessor:
  image:
    # all values here default to those in .Values.api.image if not configured
    # this is to simplify the logic for those using flagsmith-api image
    # and to maintain backwards compatibility.
    repository: flagsmith/flagsmith-private-cloud
    tag: latest
    imagePullPolicy: IfNotPresent
    imagePullSecrets: []

  enabled: true
  replicacount: 1
  sleepIntervalMs: null
  numThreads: null
  gracePeriodMs: null
  queuePopSize: null

  livenessProbe:
    failureThreshold: 5
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  readinessProbe:
    failureThreshold: 10
    initialDelaySeconds: 1
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2

  podAnnotations: {}
  resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 500Mi
  # requests:
  #   cpu: 300m
  #   memory: 300Mi
  podLabels: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
  defaultPodSecurityContext:
    enabled: true
    # runAsNonRoot: true  # TODO: enable this, conditional on tag semver
    # runAsUser: 1000
    # runAsGroup: 1000
  extraInitContainers: []
  extraContainers: []
  extraEnv: {}
  extraVolumes: []
  extraSpec: {} # Will be added to `spec` for `flagsmith-task-processor` deployment. 

devPostgresql:
  enabled: true
  serviceAccount:
    create: true
  nameOverride: dev-postgresql
  auth:
    postgresPassword: flagsmith
    database: flagsmith

databaseExternal:
  enabled: false
  url: null
  type: postgres
  host: null
  port: 5432
  database: null
  username: null
  password: null
  urlFromExistingSecret:
    enabled: false
    name: null
    key: null

pgbouncer:
  enabled: false
  image:
    repository: bitnami/pgbouncer
    tag: 1.16.0
    imagePullPolicy: IfNotPresent
    imagePullSecrets: []
  replicaCount: 1
  deploymentStrategy: null
  podAnnotations: {}
  resources: {}
  podLabels: {}
  extraEnv: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
  defaultPodSecurityContext:
    enabled: true
    # runAsNonRoot: true
  securityContext: {}
  defaultSecurityContext:
    enabled: true
    allowPrivilegeEscalation: false
    capabilities:
      drop:
        - all

  livenessProbe:
    failureThreshold: 5
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  readinessProbe:
    failureThreshold: 10
    initialDelaySeconds: 1
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  extraInitContainers: []
  extraContainers: []
  extraVolumes: []

influxdb2:
  enabled: false
  adminUser:
    organization: 'influxdata'
    bucket: 'default'
    user: 'admin'
    retention_policy: '0s'
    ## Leave empty to generate a random password and token.
    ## Or fill any of these values to use fixed values.
    password: ''
    token: ''
    ## The password and token are obtained from an existing secret. The expected
    ## keys are `admin-password` and `admin-token`.
    ## If set, the password and token values above are ignored.
    existingSecret: null
  persistence:
    enabled: false
    # storageClass: "-"
    # accessMode: ReadWriteOnce
    # size: 50Gi
  resources: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}

influxdbExternal:
  enabled: false
  url: null
  bucket: null
  organization: null
  token: null
  tokenFromExistingSecret:
    enabled: false
    name: null
    key: null

# This is included primarily for easy testing of statsd integration from the application.
graphite:
  enabled: false
  nameOverride: flagsmith-graphite
  autoSetStatsdHostEnvVar: true

sse:
  enabled: true
  image:
    repository: flagsmith/sse
    tag: 3.4.0
    imagePullPolicy: IfNotPresent
    imagePullSecrets: []
  # See all supported environment variables here:
  # https://docs.flagsmith.com/deployment/hosting/real-time/deployment#sse-service
  extraEnv:
    REDIS_HOST: redis
    REDIS_PORT: 6379
  # extraEnvFromSecret:
  #   REDIS_PASSWORD:
  #    secretName: my_redis_secrets
  #    secretKey: my_redis_password
  replicaCount: 1
  deploymentStrategy: null
  podAnnotations: {}
  resources: {}
  # limits:
  #   cpu: 500m
  #   memory: 500Mi
  # requests:
  #   cpu: 300m
  #   memory: 300Mi
  podLabels: {}
  nodeSelector: {}
  tolerations: []
  affinity: {}
  podSecurityContext: {}
  defaultPodSecurityContext:
    enabled: true
    # runAsNonRoot: true  # TODO: enable this, conditional on tag semver
    # runAsUser: 1000
    # runAsGroup: 1000
  livenessProbe:
    path: /health
    failureThreshold: 5
    initialDelaySeconds: 5
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  readinessProbe:
    path: /health
    failureThreshold: 10
    initialDelaySeconds: 1
    periodSeconds: 10
    successThreshold: 1
    timeoutSeconds: 2
  shareProcessNamespace: false
  serviceAccountName: null
  extraInitContainers: []
  extraContainers: []
  extraVolumes: []

service:
  api:
    type: ClusterIP
    port: 8000
    annotations: {}
  frontend:
    type: ClusterIP
    port: 8080
    annotations: {}
  sse:
    type: ClusterIP
    port: 8000
    annotations: {}

ingress:
  frontend:
    enabled: false
    annotations: {}
    ingressClassName: null
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    hosts:
      - chart-example.local
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local
  api:
    enabled: false
    annotations: {}
    ingressClassName: null
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    hosts:
      - host: chart-example.local
        paths: []
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local
  sse:
    enabled: false
    annotations: {}
    ingressClassName: null
    # kubernetes.io/ingress.class: nginx
    # kubernetes.io/tls-acme: "true"
    hosts:
      - host: chart-example.local
        paths: []
    tls: []
    #  - secretName: chart-example-tls
    #    hosts:
    #      - chart-example.local

jobs:
  migrateDb:
    enabled: false
    ttlSecondsAfterFinished: 3600
    restartPolicy: OnFailure
    defaultPodSecurityContext:
      enabled: true
      # runAsNonRoot: true
    extraContainers: []
    extraVolumes: []
    command: []
    args: []

# These tests just make non-destructive requests to the services in
# the cluster. Enabling this and running helm test is safe.
tests:
  # A test is enabled if both this and the specific test is enabled
  enabled: false
  api:
    enabled: true
    maxTime: 10
    printResponseBody: false
  frontend:
    enabled: true
    maxTime: 10
    printResponseBody: false

# These are used for integration testing the chart and the
# application. Enabling this will mean that data in a release is
# destroyed or corrupted if the tests are run.
_destructiveTests:
  # A test is enabled if both this and the specific test is enabled
  enabled: false
  testToken: test-e2e-token
  e2e:
    enabled: true
    image:
      repository: flagsmith/flagsmith-e2e-tests
      tag: null
      imagePullPolicy: IfNotPresent
    resources:
      requests:
        memory: 1Gi

# -- Array of extra K8s manifests to deploy
## Note: Supports use of custom Helm templates
## Example: Deploying a CloudnativePG Postgres cluster for use with Flagmsith:
extraObjects: []
# - |
#   apiVersion: postgresql.cnpg.io/v1
#   kind: Cluster
#   metadata:
#     name: flagsmith
#     namespace: {{ .Release.Namespace }}
#   spec:
#     instances: 3
#     storage:
#       size: 10Gi

Then verifying that the directory exists on an API pod:

% kubectl exec -it  $(kubectl get service --selector app.kubernetes.io/component=api --output name) --container flagsmith-api -- ls -la /exports
total 0
drwxrwxrwx    1 root     root             0 Jan 15 21:16 .
drwxr-xr-x    1 root     root            32 Jan 15 21:16 ..

Please describe.

@rolodato rolodato requested a review from a team as a code owner January 15, 2025 21:18
@rolodato rolodato requested review from khvn26 and removed request for a team January 15, 2025 21:18
@rolodato rolodato mentioned this pull request Jan 15, 2025
Merged
@rolodato rolodato merged commit 408db7b into main Jan 30, 2025
1 check passed
@rolodato rolodato deleted the feat/volume-mounts branch January 30, 2025 13:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khvn26 khvn26 khvn26 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Expose volumeMounts for the users
2 participants
@rolodato @khvn26