From 6a6ff1dfb3af98fcf36f84a1a6ff305e5afdd7fa Mon Sep 17 00:00:00 2001 From: dvirlabs <114520947+dvirlabs@users.noreply.github.com> Date: Tue, 21 Apr 2026 19:54:20 +0300 Subject: [PATCH] Update manifests --- .../templates/deployment.yaml | 120 +++--------------- .../templates/service.yaml | 6 +- charts/gitops-status-server/values.yaml | 43 ++----- manifests/gitops-status-server/values.yaml | 30 ++--- 4 files changed, 42 insertions(+), 157 deletions(-) diff --git a/charts/gitops-status-server/templates/deployment.yaml b/charts/gitops-status-server/templates/deployment.yaml index 1ba364d..6f73b90 100644 --- a/charts/gitops-status-server/templates/deployment.yaml +++ b/charts/gitops-status-server/templates/deployment.yaml @@ -1,6 +1,7 @@ {{/* Deployment for the gitops-status-server -Runs nginx-unprivileged to serve the status.json file +Runs a simple Flask API for status updates +Uses the gitops-status-api Docker image */}} apiVersion: apps/v1 kind: Deployment @@ -19,12 +20,10 @@ spec: {{- include "gitops-status-server.selectorLabels" . | nindent 6 }} template: metadata: + {{- with .Values.podAnnotations }} annotations: - # Automatically roll deployment when ConfigMap changes - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} - {{- end }} + {{- end }} labels: {{- include "gitops-status-server.selectorLabels" . | nindent 8 }} spec: @@ -36,29 +35,12 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - # Init container to set up initial status.json from ConfigMap - initContainers: - - name: init-status - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - command: - - sh - - -c - - | - if [ ! -f /usr/share/nginx/html/status.json ]; then - cat > /usr/share/nginx/html/status.json <<'EOF' - {{- .Values.statusJson | toJson | nindent 10 }} - EOF - fi - volumeMounts: - - name: shared-data - mountPath: /usr/share/nginx/html - containers: - name: api image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}" imagePullPolicy: {{ .Values.api.image.pullPolicy }} ports: - - name: api + - name: http containerPort: 5000 protocol: TCP env: @@ -68,10 +50,12 @@ spec: value: "5000" - name: FLASK_ENV value: "production" + - name: STATUS_FILE + value: "/data/status.json" livenessProbe: httpGet: path: /health - port: api + port: http initialDelaySeconds: 20 periodSeconds: 10 timeoutSeconds: 5 @@ -79,97 +63,23 @@ spec: readinessProbe: httpGet: path: /ready - port: api + port: http initialDelaySeconds: 20 periodSeconds: 5 timeoutSeconds: 5 failureThreshold: 2 - resources: - limits: - cpu: 100m - memory: 128Mi - requests: - cpu: 50m - memory: 64Mi - volumeMounts: - - name: shared-data - mountPath: /usr/share/nginx/html - - name: api-code - mountPath: /app - readOnly: true - - - name: nginx - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - securityContext: - {{- toYaml .Values.securityContext | nindent 10 }} - ports: - - name: http - containerPort: {{ .Values.service.targetPort }} - protocol: TCP - # Health checks - livenessProbe: - httpGet: - path: /status.json - port: http - initialDelaySeconds: 5 - periodSeconds: 10 - timeoutSeconds: 3 - failureThreshold: 3 - readinessProbe: - httpGet: - path: /status.json - port: http - initialDelaySeconds: 2 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 2 resources: {{- toYaml .Values.resources | nindent 10 }} volumeMounts: - # Mount the nginx config - - name: nginx-config - mountPath: /etc/nginx/nginx.conf - subPath: nginx.conf - readOnly: true - # Mount the shared data directory (status.json is writable here) - - name: shared-data - mountPath: /usr/share/nginx/html - # nginx-unprivileged needs writable directories for cache and run - - name: cache - mountPath: /var/cache/nginx - - name: run - mountPath: /var/run - # nginx needs writable /tmp for proxy buffers - - name: tmp - mountPath: /tmp + - name: data + mountPath: /data + volumes: - # ConfigMap volume containing the nginx configuration - - name: nginx-config - configMap: - name: {{ include "gitops-status-server.fullname" . }}-nginx-config - items: - - key: nginx.conf - path: nginx.conf - # ConfigMap volume containing the API application code - - name: api-code - configMap: - name: {{ include "gitops-status-server.fullname" . }}-api - defaultMode: 0755 - items: - - key: app.py - path: app.py - # Shared data volume for status.json (writable emptyDir) - - name: shared-data + # Data volume for status.json (writable emptyDir) + - name: data emptyDir: sizeLimit: 1Mi - # Empty directories for nginx runtime - - name: cache - emptyDir: {} - - name: run - emptyDir: {} - - name: tmp - emptyDir: {} + {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/gitops-status-server/templates/service.yaml b/charts/gitops-status-server/templates/service.yaml index 6de2897..29db208 100644 --- a/charts/gitops-status-server/templates/service.yaml +++ b/charts/gitops-status-server/templates/service.yaml @@ -1,7 +1,7 @@ {{/* Service for the gitops-status-server -Exposes the nginx server inside the cluster (ClusterIP) -This allows Grafana to query the status.json endpoint +Exposes the Flask API inside the cluster (ClusterIP) +This allows rsyslog pipeline and Grafana to query the API endpoints */}} apiVersion: v1 kind: Service @@ -17,7 +17,7 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} + targetPort: http protocol: TCP name: http selector: diff --git a/charts/gitops-status-server/values.yaml b/charts/gitops-status-server/values.yaml index cadb501..4ed5a18 100644 --- a/charts/gitops-status-server/values.yaml +++ b/charts/gitops-status-server/values.yaml @@ -5,23 +5,16 @@ # Number of replicas for the deployment replicaCount: 1 -# Container image configuration -image: - # Use nginx-unprivileged for better security (runs as non-root) - repository: nginxinc/nginx-unprivileged - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion - tag: "1.25-alpine" - -# API backend container configuration (handles POST requests) +# API backend container configuration api: image: - # Python Flask API for handling status updates - repository: python + # Use the gitops-status-api image (Python Flask API) + # Build from: gitops-status-api/Dockerfile + # Tag with: docker build -t gitops-status-api:latest gitops-status-api/ + # Can be from Harbor registry or built locally + repository: gitops-status-api pullPolicy: IfNotPresent - tag: "3.11-alpine" - # Pre-install Flask via pip before running the app - pip_packages: "Flask==2.3.2" + tag: "latest" # Image pull secrets for private registries imagePullSecrets: [] @@ -36,8 +29,6 @@ service: type: ClusterIP # Port where the service will be exposed port: 80 - # Target port on the container (nginx default) - targetPort: 8080 # Annotations to add to the service annotations: {} @@ -45,10 +36,10 @@ service: resources: limits: cpu: 100m - memory: 64Mi + memory: 128Mi requests: cpu: 50m - memory: 32Mi + memory: 64Mi # Node selector for pod assignment nodeSelector: {} @@ -62,8 +53,8 @@ affinity: {} # Security context for the pod podSecurityContext: runAsNonRoot: true - runAsUser: 101 - fsGroup: 101 + runAsUser: 1000 + fsGroup: 1000 # Security context for the container securityContext: @@ -71,17 +62,7 @@ securityContext: capabilities: drop: - ALL - readOnlyRootFilesystem: true - -# Status JSON content -# This can be overridden in your values to customize the status information -statusJson: - repo: "rsyslog" - server: "rsyslog-lab" - sync_status: "UNKNOWN" - drift_count: 0 - files: [] - last_check: "" + readOnlyRootFilesystem: false # Labels to add to all resources labels: {} diff --git a/manifests/gitops-status-server/values.yaml b/manifests/gitops-status-server/values.yaml index 319db34..a4ca5ab 100644 --- a/manifests/gitops-status-server/values.yaml +++ b/manifests/gitops-status-server/values.yaml @@ -1,5 +1,5 @@ # Values for gitops-status-server Helm chart -# Serves a static status.json file via nginx with an optional API for dynamic updates +# Deploys a simple Flask API for storing and retrieving GitOps status JSON # Number of replicas replicaCount: 1 @@ -8,32 +8,26 @@ replicaCount: 1 imagePullSecrets: - name: harbor-regcred -# Container image configuration -image: - repository: nginxinc/nginx-unprivileged - tag: "1.25-alpine" - pullPolicy: IfNotPresent - # API backend configuration (Flask server for status updates) api: image: - repository: harbor.dvirlabs.com/my-apps/status-api + # Use the gitops-status-api image from gitops-status-api repo + # Built and pushed to Harbor or use local image + repository: harbor.dvirlabs.com/dvirlabs/gitops-status-api tag: "latest" pullPolicy: Always - pip_packages: "Flask==2.3.2" # Service configuration service: type: ClusterIP port: 80 - targetPort: 8080 annotations: {} -# Status JSON content - customize with your actual GitOps status information -statusJson: - repo: "observability-stack" - server: "rsyslog-lab" - sync_status: "UNKNOWN" - drift_count: 0 - files: [] - last_check: "" +# Resource limits +resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 50m + memory: 64Mi