Update manifests

charts/gitops-status-server/templates/deployment.yaml

@@ -1,6 +1,7 @@
 {{/*
 Deployment for the gitops-status-server
-Runs nginx-unprivileged to serve the status.json file
+Runs a simple Flask API for status updates
+Uses the gitops-status-api Docker image
 */}}
 apiVersion: apps/v1
 kind: Deployment
@@ -19,12 +20,10 @@ spec:
       {{- include "gitops-status-server.selectorLabels" . | nindent 6 }}
   template:
     metadata:
+      {{- with .Values.podAnnotations }}
       annotations:
-        # Automatically roll deployment when ConfigMap changes
-        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-        {{- with .Values.podAnnotations }}
         {{- toYaml . | nindent 8 }}
-        {{- end }}
+      {{- end }}
       labels:
         {{- include "gitops-status-server.selectorLabels" . | nindent 8 }}
     spec:
@@ -36,29 +35,12 @@ spec:
       securityContext:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       
-      # Init container to set up initial status.json from ConfigMap
-      initContainers:
-      - name: init-status
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        command:
-        - sh
-        - -c
-        - |
-          if [ ! -f /usr/share/nginx/html/status.json ]; then
-            cat > /usr/share/nginx/html/status.json <<'EOF'
-          {{- .Values.statusJson | toJson | nindent 10 }}
-          EOF
-          fi
-        volumeMounts:
-        - name: shared-data
-          mountPath: /usr/share/nginx/html
-      
       containers:
       - name: api
         image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}"
         imagePullPolicy: {{ .Values.api.image.pullPolicy }}
         ports:
-        - name: api
+        - name: http
           containerPort: 5000
           protocol: TCP
         env:
@@ -68,10 +50,12 @@ spec:
           value: "5000"
         - name: FLASK_ENV
           value: "production"
+        - name: STATUS_FILE
+          value: "/data/status.json"
         livenessProbe:
           httpGet:
             path: /health
-            port: api
+            port: http
           initialDelaySeconds: 20
           periodSeconds: 10
           timeoutSeconds: 5
@@ -79,97 +63,23 @@ spec:
         readinessProbe:
           httpGet:
             path: /ready
-            port: api
+            port: http
           initialDelaySeconds: 20
           periodSeconds: 5
           timeoutSeconds: 5
           failureThreshold: 2
-        resources:
-          limits:
-            cpu: 100m
-            memory: 128Mi
-          requests:
-            cpu: 50m
-            memory: 64Mi
-        volumeMounts:
-        - name: shared-data
-          mountPath: /usr/share/nginx/html
-        - name: api-code
-          mountPath: /app
-          readOnly: true
-      
-      - name: nginx
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        securityContext:
-          {{- toYaml .Values.securityContext | nindent 10 }}
-        ports:
-        - name: http
-          containerPort: {{ .Values.service.targetPort }}
-          protocol: TCP
-        # Health checks
-        livenessProbe:
-          httpGet:
-            path: /status.json
-            port: http
-          initialDelaySeconds: 5
-          periodSeconds: 10
-          timeoutSeconds: 3
-          failureThreshold: 3
-        readinessProbe:
-          httpGet:
-            path: /status.json
-            port: http
-          initialDelaySeconds: 2
-          periodSeconds: 5
-          timeoutSeconds: 2
-          failureThreshold: 2
         resources:
           {{- toYaml .Values.resources | nindent 10 }}
         volumeMounts:
-        # Mount the nginx config
+        - name: data
-        - name: nginx-config
+          mountPath: /data
-          mountPath: /etc/nginx/nginx.conf
+      
-          subPath: nginx.conf
-          readOnly: true
-        # Mount the shared data directory (status.json is writable here)
-        - name: shared-data
-          mountPath: /usr/share/nginx/html
-        # nginx-unprivileged needs writable directories for cache and run
-        - name: cache
-          mountPath: /var/cache/nginx
-        - name: run
-          mountPath: /var/run
-        # nginx needs writable /tmp for proxy buffers
-        - name: tmp
-          mountPath: /tmp
       volumes:
-      # ConfigMap volume containing the nginx configuration
+      # Data volume for status.json (writable emptyDir)
-      - name: nginx-config
+      - name: data
-        configMap:
-          name: {{ include "gitops-status-server.fullname" . }}-nginx-config
-          items:
-          - key: nginx.conf
-            path: nginx.conf
-      # ConfigMap volume containing the API application code
-      - name: api-code
-        configMap:
-          name: {{ include "gitops-status-server.fullname" . }}-api
-          defaultMode: 0755
-          items:
-          - key: app.py
-            path: app.py
-      # Shared data volume for status.json (writable emptyDir)
-      - name: shared-data
         emptyDir:
           sizeLimit: 1Mi
-      # Empty directories for nginx runtime
+      
-      - name: cache
-        emptyDir: {}
-      - name: run
-        emptyDir: {}
-      - name: tmp
-        emptyDir: {}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/gitops-status-server/templates/service.yaml

@@ -1,7 +1,7 @@
 {{/*
 Service for the gitops-status-server
-Exposes the nginx server inside the cluster (ClusterIP)
+Exposes the Flask API inside the cluster (ClusterIP)
-This allows Grafana to query the status.json endpoint
+This allows rsyslog pipeline and Grafana to query the API endpoints
 */}}
 apiVersion: v1
 kind: Service
@@ -17,7 +17,7 @@ spec:
   type: {{ .Values.service.type }}
   ports:
     - port: {{ .Values.service.port }}
-      targetPort: {{ .Values.service.targetPort }}
+      targetPort: http
       protocol: TCP
       name: http
   selector:

charts/gitops-status-server/values.yaml

@@ -5,23 +5,16 @@
 # Number of replicas for the deployment
 replicaCount: 1
 
-# Container image configuration
+# API backend container configuration
-image:
-  # Use nginx-unprivileged for better security (runs as non-root)
-  repository: nginxinc/nginx-unprivileged
-  pullPolicy: IfNotPresent
-  # Overrides the image tag whose default is the chart appVersion
-  tag: "1.25-alpine"
-
-# API backend container configuration (handles POST requests)
 api:
   image:
-    # Python Flask API for handling status updates
+    # Use the gitops-status-api image (Python Flask API)
-    repository: python
+    # Build from: gitops-status-api/Dockerfile
+    # Tag with: docker build -t gitops-status-api:latest gitops-status-api/
+    # Can be from Harbor registry or built locally
+    repository: gitops-status-api
     pullPolicy: IfNotPresent
-    tag: "3.11-alpine"
+    tag: "latest"
-  # Pre-install Flask via pip before running the app
-  pip_packages: "Flask==2.3.2"
 
 # Image pull secrets for private registries
 imagePullSecrets: []
@@ -36,8 +29,6 @@ service:
   type: ClusterIP
   # Port where the service will be exposed
   port: 80
-  # Target port on the container (nginx default)
-  targetPort: 8080
   # Annotations to add to the service
   annotations: {}
 
@@ -45,10 +36,10 @@ service:
 resources:
   limits:
     cpu: 100m
-    memory: 64Mi
+    memory: 128Mi
   requests:
     cpu: 50m
-    memory: 32Mi
+    memory: 64Mi
 
 # Node selector for pod assignment
 nodeSelector: {}
@@ -62,8 +53,8 @@ affinity: {}
 # Security context for the pod
 podSecurityContext:
   runAsNonRoot: true
-  runAsUser: 101
+  runAsUser: 1000
-  fsGroup: 101
+  fsGroup: 1000
 
 # Security context for the container
 securityContext:
@@ -71,17 +62,7 @@ securityContext:
   capabilities:
     drop:
     - ALL
-  readOnlyRootFilesystem: true
+  readOnlyRootFilesystem: false
-
-# Status JSON content
-# This can be overridden in your values to customize the status information
-statusJson:
-  repo: "rsyslog"
-  server: "rsyslog-lab"
-  sync_status: "UNKNOWN"
-  drift_count: 0
-  files: []
-  last_check: ""
 
 # Labels to add to all resources
 labels: {}

manifests/gitops-status-server/values.yaml

@@ -1,5 +1,5 @@
 # Values for gitops-status-server Helm chart
-# Serves a static status.json file via nginx with an optional API for dynamic updates
+# Deploys a simple Flask API for storing and retrieving GitOps status JSON
 
 # Number of replicas
 replicaCount: 1
@@ -8,32 +8,26 @@ replicaCount: 1
 imagePullSecrets:
   - name: harbor-regcred
 
-# Container image configuration
-image:
-  repository: nginxinc/nginx-unprivileged
-  tag: "1.25-alpine"
-  pullPolicy: IfNotPresent
-
 # API backend configuration (Flask server for status updates)
 api:
   image:
-    repository: harbor.dvirlabs.com/my-apps/status-api
+    # Use the gitops-status-api image from gitops-status-api repo
+    # Built and pushed to Harbor or use local image
+    repository: harbor.dvirlabs.com/dvirlabs/gitops-status-api
     tag: "latest"
     pullPolicy: Always
-  pip_packages: "Flask==2.3.2"
 
 # Service configuration
 service:
   type: ClusterIP
   port: 80
-  targetPort: 8080
   annotations: {}
 
-# Status JSON content - customize with your actual GitOps status information
+# Resource limits
-statusJson:
+resources:
-  repo: "observability-stack"
+  limits:
-  server: "rsyslog-lab"
+    cpu: 100m
-  sync_status: "UNKNOWN"
+    memory: 128Mi
-  drift_count: 0
+  requests:
-  files: []
+    cpu: 50m
-  last_check: ""
+    memory: 64Mi