dvirlabs/observability-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update manifests

Browse Source
This commit is contained in:
dvirlabs 2026-04-21 19:54:20 +03:00
parent e013edb4ee
commit 6a6ff1dfb3
4 changed files with 42 additions and 157 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

118
charts/gitops-status-server/templates/deployment.yaml
View File

@ -1,6 +1,7 @@
{{/*
Deployment for the gitops-status-server
Runs nginx-unprivileged to serve the status.json file
Runs a simple Flask API for status updates
Uses the gitops-status-api Docker image
*/}}
apiVersion: apps/v1
kind: Deployment
@ -19,10 +20,8 @@ spec:
{{- include "gitops-status-server.selectorLabels" . | nindent 6 }}
template:
metadata:
annotations:
# Automatically roll deployment when ConfigMap changes
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
@ -36,29 +35,12 @@ spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
# Init container to set up initial status.json from ConfigMap
initContainers:
- name: init-status
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
command:
- sh
- -c
- |
if [ ! -f /usr/share/nginx/html/status.json ]; then
cat > /usr/share/nginx/html/status.json <<'EOF'
{{- .Values.statusJson | toJson | nindent 10 }}
EOF
fi
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
containers:
- name: api
image: "{{ .Values.api.image.repository }}:{{ .Values.api.image.tag }}"
imagePullPolicy: {{ .Values.api.image.pullPolicy }}
ports:
- name: api
- name: http
containerPort: 5000
protocol: TCP
env:
@ -68,10 +50,12 @@ spec:
value: "5000"
- name: FLASK_ENV
value: "production"
- name: STATUS_FILE
value: "/data/status.json"
livenessProbe:
httpGet:
path: /health
port: api
port: http
initialDelaySeconds: 20
periodSeconds: 10
timeoutSeconds: 5
@ -79,97 +63,23 @@ spec:
readinessProbe:
httpGet:
path: /ready
port: api
port: http
initialDelaySeconds: 20
periodSeconds: 5
timeoutSeconds: 5
failureThreshold: 2
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi
volumeMounts:
- name: shared-data
mountPath: /usr/share/nginx/html
- name: api-code
mountPath: /app
readOnly: true
- name: nginx
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 10 }}
ports:
- name: http
containerPort: {{ .Values.service.targetPort }}
protocol: TCP
# Health checks
livenessProbe:
httpGet:
path: /status.json
port: http
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 3
failureThreshold: 3
readinessProbe:
httpGet:
path: /status.json
port: http
initialDelaySeconds: 2
periodSeconds: 5
timeoutSeconds: 2
failureThreshold: 2
resources:
{{- toYaml .Values.resources | nindent 10 }}
volumeMounts:
# Mount the nginx config
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
# Mount the shared data directory (status.json is writable here)
- name: shared-data
mountPath: /usr/share/nginx/html
# nginx-unprivileged needs writable directories for cache and run
- name: cache
mountPath: /var/cache/nginx
- name: run
mountPath: /var/run
# nginx needs writable /tmp for proxy buffers
- name: tmp
mountPath: /tmp
- name: data
mountPath: /data
volumes:
# ConfigMap volume containing the nginx configuration
- name: nginx-config
configMap:
name: {{ include "gitops-status-server.fullname" . }}-nginx-config
items:
- key: nginx.conf
path: nginx.conf
# ConfigMap volume containing the API application code
- name: api-code
configMap:
name: {{ include "gitops-status-server.fullname" . }}-api
defaultMode: 0755
items:
- key: app.py
path: app.py
# Shared data volume for status.json (writable emptyDir)
- name: shared-data
# Data volume for status.json (writable emptyDir)
- name: data
emptyDir:
sizeLimit: 1Mi
# Empty directories for nginx runtime
- name: cache
emptyDir: {}
- name: run
emptyDir: {}
- name: tmp
emptyDir: {}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}

6
charts/gitops-status-server/templates/service.yaml
View File

@ -1,7 +1,7 @@
{{/*
Service for the gitops-status-server
Exposes the nginx server inside the cluster (ClusterIP)
This allows Grafana to query the status.json endpoint
Exposes the Flask API inside the cluster (ClusterIP)
This allows rsyslog pipeline and Grafana to query the API endpoints
*/}}
apiVersion: v1
kind: Service
@ -17,7 +17,7 @@ spec:
type: {{ .Values.service.type }}
ports:
- port: {{ .Values.service.port }}
targetPort: {{ .Values.service.targetPort }}
targetPort: http
protocol: TCP
name: http
selector:

43
charts/gitops-status-server/values.yaml
View File

@ -5,23 +5,16 @@
# Number of replicas for the deployment
replicaCount: 1
# Container image configuration
image:
# Use nginx-unprivileged for better security (runs as non-root)
repository: nginxinc/nginx-unprivileged
pullPolicy: IfNotPresent
# Overrides the image tag whose default is the chart appVersion
tag: "1.25-alpine"
# API backend container configuration (handles POST requests)
# API backend container configuration
api:
image:
# Python Flask API for handling status updates
repository: python
# Use the gitops-status-api image (Python Flask API)
# Build from: gitops-status-api/Dockerfile
# Tag with: docker build -t gitops-status-api:latest gitops-status-api/
# Can be from Harbor registry or built locally
repository: gitops-status-api
pullPolicy: IfNotPresent
tag: "3.11-alpine"
# Pre-install Flask via pip before running the app
pip_packages: "Flask==2.3.2"
tag: "latest"
# Image pull secrets for private registries
imagePullSecrets: []
@ -36,8 +29,6 @@ service:
type: ClusterIP
# Port where the service will be exposed
port: 80
# Target port on the container (nginx default)
targetPort: 8080
# Annotations to add to the service
annotations: {}
@ -45,10 +36,10 @@ service:
resources:
limits:
cpu: 100m
memory: 64Mi
memory: 128Mi
requests:
cpu: 50m
memory: 32Mi
memory: 64Mi
# Node selector for pod assignment
nodeSelector: {}
@ -62,8 +53,8 @@ affinity: {}
# Security context for the pod
podSecurityContext:
runAsNonRoot: true
runAsUser: 101
fsGroup: 101
runAsUser: 1000
fsGroup: 1000
# Security context for the container
securityContext:
@ -71,17 +62,7 @@ securityContext:
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
# Status JSON content
# This can be overridden in your values to customize the status information
statusJson:
repo: "rsyslog"
server: "rsyslog-lab"
sync_status: "UNKNOWN"
drift_count: 0
files: []
last_check: ""
readOnlyRootFilesystem: false
# Labels to add to all resources
labels: {}

30
manifests/gitops-status-server/values.yaml
View File

@ -1,5 +1,5 @@
# Values for gitops-status-server Helm chart
# Serves a static status.json file via nginx with an optional API for dynamic updates
# Deploys a simple Flask API for storing and retrieving GitOps status JSON
# Number of replicas
replicaCount: 1
@ -8,32 +8,26 @@ replicaCount: 1
imagePullSecrets:
- name: harbor-regcred
# Container image configuration
image:
repository: nginxinc/nginx-unprivileged
tag: "1.25-alpine"
pullPolicy: IfNotPresent
# API backend configuration (Flask server for status updates)
api:
image:
repository: harbor.dvirlabs.com/my-apps/status-api
# Use the gitops-status-api image from gitops-status-api repo
# Built and pushed to Harbor or use local image
repository: harbor.dvirlabs.com/dvirlabs/gitops-status-api
tag: "latest"
pullPolicy: Always
pip_packages: "Flask==2.3.2"
# Service configuration
service:
type: ClusterIP
port: 80
targetPort: 8080
annotations: {}
# Status JSON content - customize with your actual GitOps status information
statusJson:
repo: "observability-stack"
server: "rsyslog-lab"
sync_status: "UNKNOWN"
drift_count: 0
files: []
last_check: ""
# Resource limits
resources:
limits:
cpu: 100m
memory: 128Mi
requests:
cpu: 50m
memory: 64Mi